]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifaresniff.c
b867c58242d36ac807055fd3e18ff9aed2840c0d
1 //-----------------------------------------------------------------------------
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Routines to support mifare classic sniffer.
9 //-----------------------------------------------------------------------------
11 #include "mifaresniff.h"
13 #include "proxmark3.h"
16 #include "iso14443crc.h"
17 #include "iso14443a.h"
18 #include "crapto1/crapto1.h"
19 #include "mifareutil.h"
23 #include "fpgaloader.h"
26 static int sniffState
= SNF_INIT
;
27 static uint8_t sniffUIDType
;
28 static uint8_t sniffUID
[8] = {0x00};
29 static uint8_t sniffATQA
[2] = {0x00};
30 static uint8_t sniffSAK
;
31 static uint8_t sniffBuf
[16] = {0x00};
32 static uint32_t timerData
= 0;
35 bool MfSniffInit(void){
36 memset(sniffUID
, 0x00, 8);
37 memset(sniffATQA
, 0x00, 2);
39 sniffUIDType
= SNF_UID_4
;
44 bool MfSniffEnd(void){
46 cmd_send(CMD_ACK
,0,0,0,0,0);
52 bool RAMFUNC
MfSniffLogic(const uint8_t *data
, uint16_t len
, uint8_t *parity
, uint16_t bitCnt
, bool reader
) {
54 if (reader
&& (len
== 1) && (bitCnt
== 7)) { // reset on 7-Bit commands from reader
55 sniffState
= SNF_INIT
;
60 if ((len
== 1) && (reader
) && (bitCnt
== 7) ) { // REQA or WUPA from reader
61 sniffUIDType
= SNF_UID_4
;
62 memset(sniffUID
, 0x00, 8);
63 memset(sniffATQA
, 0x00, 2);
65 sniffState
= SNF_ATQA
;
67 sniffState
= SNF_MAGIC_WUPC2
;
72 if ((len
== 1) && (reader
) && (data
[0] == 0x43) ) {
73 sniffState
= SNF_CARD_IDLE
;
77 if ((!reader
) && (len
== 2)) { // ATQA from tag
78 memcpy(sniffATQA
, data
, 2);
79 sniffState
= SNF_UID1
;
84 if ((reader
) && (len
== 9) && (data
[0] == 0x93) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) { // Select 4 Byte UID from reader
85 memcpy(sniffUID
+ 3, &data
[2], 4);
91 if ((!reader
) && (len
== 3) && (CheckCrc14443(CRC_14443_A
, data
, 3))) { // SAK from card?
93 if ((sniffUID
[3] == 0x88) && (sniffUIDType
== SNF_UID_4
)) { // CL2 UID part to be expected
94 sniffUIDType
= SNF_UID_7
;
95 memcpy(sniffUID
, sniffUID
+ 4, 3);
96 sniffState
= SNF_UID2
;
97 } else { // select completed
98 sniffState
= SNF_CARD_IDLE
;
104 if ((reader
) && (len
== 9) && (data
[0] == 0x95) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) {
105 memcpy(sniffUID
+ 3, &data
[2], 4);
106 sniffState
= SNF_SAK
;
110 case SNF_CARD_IDLE
:{ // trace the card select sequence
113 memcpy(sniffBuf
+ 2, sniffUID
, 7);
114 memcpy(sniffBuf
+ 9, sniffATQA
, 2);
115 sniffBuf
[11] = sniffSAK
;
118 LogTrace(sniffBuf
, 14, 0, 0, NULL
, true);
119 sniffState
= SNF_CARD_CMD
;
120 } // intentionally no break;
122 LogTrace(data
, len
, 0, 0, parity
, reader
);
123 timerData
= GetTickCount();
128 sniffState
= SNF_INIT
;
136 bool RAMFUNC
MfSniffSend(uint16_t maxTimeoutMs
) {
137 if (BigBuf_get_traceLen() && (GetTickCount() > timerData
+ maxTimeoutMs
)) {
138 return intMfSniffSend();
143 // internal sending function. not a RAMFUNC.
144 bool intMfSniffSend() {
147 int pckLen
= BigBuf_get_traceLen();
149 uint8_t *trace
= BigBuf_get_addr();
153 pckSize
= MIN(USB_CMD_DATA_SIZE
, pckLen
);
155 cmd_send(CMD_ACK
, 1, BigBuf_get_traceLen(), pckSize
, trace
+ BigBuf_get_traceLen() - pckLen
, pckSize
);
163 cmd_send(CMD_ACK
,2,0,0,0,0);
projects / proxmark3-svn / blob