]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifarecmd.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of https://github.com/Proxmark/proxmark3
[proxmark3-svn] / armsrc / mifarecmd.c
1 //-----------------------------------------------------------------------------
2 // Merlok - June 2011, 2012
3 // Gerhard de Koning Gans - May 2008
4 // Hagen Fritsch - June 2010
5 // Midnitesnake - Dec 2013
6 // Andy Davies - Apr 2014
7 // Iceman - May 2014
8 //
9 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
10 // at your option, any later version. See the LICENSE.txt file for the text of
11 // the license.
12 //-----------------------------------------------------------------------------
13 // Routines to support ISO 14443 type A.
14 //-----------------------------------------------------------------------------
15
16 #include "mifarecmd.h"
17 #include "apps.h"
18 #include "util.h"
19
20 #include "crc.h"
21
22 // the block number for the ISO14443-4 PCB
23 uint8_t pcb_blocknum = 0;
24 // Deselect card by sending a s-block. the crc is precalced for speed
25 static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
26
27
28 //-----------------------------------------------------------------------------
29 // Select, Authenticate, Read a MIFARE tag.
30 // read block
31 //-----------------------------------------------------------------------------
32 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
33 {
34 // params
35 uint8_t blockNo = arg0;
36 uint8_t keyType = arg1;
37 uint64_t ui64Key = 0;
38 ui64Key = bytes_to_num(datain, 6);
39
40 // variables
41 byte_t isOK = 0;
42 byte_t dataoutbuf[16];
43 uint8_t uid[10];
44 uint32_t cuid;
45 struct Crypto1State mpcs = {0, 0};
46 struct Crypto1State *pcs;
47 pcs = &mpcs;
48
49 // clear trace
50 clear_trace();
51 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
52
53 LED_A_ON();
54 LED_B_OFF();
55 LED_C_OFF();
56
57 while (true) {
58 if(!iso14443a_select_card(uid, NULL, &cuid)) {
59 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
60 break;
61 };
62
63 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
64 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
65 break;
66 };
67
68 if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) {
69 if (MF_DBGLEVEL >= 1) Dbprintf("Read block error");
70 break;
71 };
72
73 if(mifare_classic_halt(pcs, cuid)) {
74 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
75 break;
76 };
77
78 isOK = 1;
79 break;
80 }
81
82 // ----------------------------- crypto1 destroy
83 crypto1_destroy(pcs);
84
85 if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");
86
87 LED_B_ON();
88 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
89 LED_B_OFF();
90
91 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
92 LEDsoff();
93 }
94
95 void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
96
97 bool turnOffField = (arg0 == 1);
98
99 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
100 clear_trace();
101 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
102
103 if(!iso14443a_select_card(NULL, NULL, NULL)) {
104 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
105 OnError(0);
106 return;
107 };
108
109 if(!mifare_ultra_auth(keybytes)){
110 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
111 OnError(1);
112 return;
113 }
114
115 if (turnOffField) {
116 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
117 LEDsoff();
118 }
119 cmd_send(CMD_ACK,1,0,0,0,0);
120 }
121 cmd_send(CMD_ACK,1,0,0,0,0);
122 }
123
124 // Arg0 = BlockNo,
125 // Arg1 = UsePwd bool
126 // datain = PWD bytes,
127 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
128 {
129 uint8_t blockNo = arg0;
130 byte_t dataout[16] = {0x00};
131 bool useKey = (arg1 == 1); //UL_C
132 bool usePwd = (arg1 == 2); //UL_EV1/NTAG
133
134 LEDsoff();
135 LED_A_ON();
136 clear_trace();
137 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
138
139 int len = iso14443a_select_card(NULL, NULL, NULL);
140 if(!len) {
141 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);
142 OnError(1);
143 return;
144 }
145
146 // UL-C authentication
147 if ( useKey ) {
148 uint8_t key[16] = {0x00};
149 memcpy(key, datain, sizeof(key) );
150
151 if ( !mifare_ultra_auth(key) ) {
152 OnError(1);
153 return;
154 }
155 }
156
157 // UL-EV1 / NTAG authentication
158 if ( usePwd ) {
159 uint8_t pwd[4] = {0x00};
160 memcpy(pwd, datain, 4);
161 uint8_t pack[4] = {0,0,0,0};
162 if (!mifare_ul_ev1_auth(pwd, pack)) {
163 OnError(1);
164 return;
165 }
166 }
167
168 if( mifare_ultra_readblock(blockNo, dataout) ) {
169 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
170 OnError(2);
171 return;
172 }
173
174 if( mifare_ultra_halt() ) {
175 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
176 OnError(3);
177 return;
178 }
179
180 cmd_send(CMD_ACK,1,0,0,dataout,16);
181 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
182 LEDsoff();
183 }
184
185 //-----------------------------------------------------------------------------
186 // Select, Authenticate, Read a MIFARE tag.
187 // read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)
188 //-----------------------------------------------------------------------------
189 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
190 {
191 // params
192 uint8_t sectorNo = arg0;
193 uint8_t keyType = arg1;
194 uint64_t ui64Key = 0;
195 ui64Key = bytes_to_num(datain, 6);
196
197 // variables
198 byte_t isOK = 0;
199 byte_t dataoutbuf[16 * 16];
200 uint8_t uid[10];
201 uint32_t cuid;
202 struct Crypto1State mpcs = {0, 0};
203 struct Crypto1State *pcs;
204 pcs = &mpcs;
205
206 // clear trace
207 clear_trace();
208
209 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
210
211 LED_A_ON();
212 LED_B_OFF();
213 LED_C_OFF();
214
215 isOK = 1;
216 if(!iso14443a_select_card(uid, NULL, &cuid)) {
217 isOK = 0;
218 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
219 }
220
221
222 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
223 isOK = 0;
224 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
225 }
226
227 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
228 if(mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf + 16 * blockNo)) {
229 isOK = 0;
230 if (MF_DBGLEVEL >= 1) Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo);
231 break;
232 }
233 }
234
235 if(mifare_classic_halt(pcs, cuid)) {
236 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
237 }
238
239 // ----------------------------- crypto1 destroy
240 crypto1_destroy(pcs);
241
242 if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");
243
244 LED_B_ON();
245 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo));
246 LED_B_OFF();
247
248 // Thats it...
249 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
250 LEDsoff();
251 }
252
253 // arg0 = blockNo (start)
254 // arg1 = Pages (number of blocks)
255 // arg2 = useKey
256 // datain = KEY bytes
257 void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
258 {
259 // free eventually allocated BigBuf memory
260 BigBuf_free();
261 // clear trace
262 clear_trace();
263
264 // params
265 uint8_t blockNo = arg0;
266 uint16_t blocks = arg1;
267 bool useKey = (arg2 == 1); //UL_C
268 bool usePwd = (arg2 == 2); //UL_EV1/NTAG
269 uint32_t countblocks = 0;
270 uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);
271 if (dataout == NULL){
272 Dbprintf("out of memory");
273 OnError(1);
274 return;
275 }
276
277 LEDsoff();
278 LED_A_ON();
279 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
280
281 int len = iso14443a_select_card(NULL, NULL, NULL);
282 if (!len) {
283 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);
284 OnError(1);
285 return;
286 }
287
288 // UL-C authentication
289 if ( useKey ) {
290 uint8_t key[16] = {0x00};
291 memcpy(key, datain, sizeof(key) );
292
293 if ( !mifare_ultra_auth(key) ) {
294 OnError(1);
295 return;
296 }
297 }
298
299 // UL-EV1 / NTAG authentication
300 if (usePwd) {
301 uint8_t pwd[4] = {0x00};
302 memcpy(pwd, datain, sizeof(pwd));
303 uint8_t pack[4] = {0,0,0,0};
304
305 if (!mifare_ul_ev1_auth(pwd, pack)){
306 OnError(1);
307 return;
308 }
309 }
310
311 for (int i = 0; i < blocks; i++){
312 if ((i*4) + 4 > CARD_MEMORY_SIZE) {
313 Dbprintf("Data exceeds buffer!!");
314 break;
315 }
316
317 // UL-C authentication
318 if ( useKey ) {
319 uint8_t key[16] = {0x00};
320 memcpy(key, datain, sizeof(key) );
321
322 if ( !mifare_ultra_auth(key) ) {
323 OnError(1);
324 return;
325 }
326 }
327
328 // UL-EV1 / NTAG authentication
329 if (usePwd) {
330 uint8_t pwd[4] = {0x00};
331 memcpy(pwd, datain, sizeof(pwd));
332 uint8_t pack[4] = {0,0,0,0};
333
334 if (!mifare_ul_ev1_auth(pwd, pack)){
335 OnError(1);
336 return;
337 }
338 }
339
340 for (int i = 0; i < blocks; i++){
341 if ((i*4) + 4 > CARD_MEMORY_SIZE) {
342 Dbprintf("Data exceeds buffer!!");
343 break;
344 }
345
346 len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);
347
348 if (len) {
349 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
350 // if no blocks read - error out
351 if (i==0){
352 OnError(2);
353 return;
354 } else {
355 //stop at last successful read block and return what we got
356 break;
357 }
358 } else {
359 countblocks++;
360 }
361 }
362
363 len = mifare_ultra_halt();
364 if (len) {
365 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
366 OnError(3);
367 return;
368 }
369
370 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
371
372 countblocks *= 4;
373 cmd_send(CMD_ACK, 1, countblocks, countblocks, 0, 0);
374 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
375 LEDsoff();
376 }
377
378 //-----------------------------------------------------------------------------
379 // Select, Authenticate, Write a MIFARE tag.
380 // read block
381 //-----------------------------------------------------------------------------
382 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
383 {
384 // params
385 uint8_t blockNo = arg0;
386 uint8_t keyType = arg1;
387 uint64_t ui64Key = 0;
388 byte_t blockdata[16];
389
390 ui64Key = bytes_to_num(datain, 6);
391 memcpy(blockdata, datain + 10, 16);
392
393 // variables
394 byte_t isOK = 0;
395 uint8_t uid[10];
396 uint32_t cuid;
397 struct Crypto1State mpcs = {0, 0};
398 struct Crypto1State *pcs;
399 pcs = &mpcs;
400
401 // clear trace
402 clear_trace();
403
404 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
405
406 LED_A_ON();
407 LED_B_OFF();
408 LED_C_OFF();
409
410 while (true) {
411 if(!iso14443a_select_card(uid, NULL, &cuid)) {
412 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
413 break;
414 };
415
416 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
417 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
418 break;
419 };
420
421 if(mifare_classic_writeblock(pcs, cuid, blockNo, blockdata)) {
422 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
423 break;
424 };
425
426 if(mifare_classic_halt(pcs, cuid)) {
427 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
428 break;
429 };
430
431 isOK = 1;
432 break;
433 }
434
435 // ----------------------------- crypto1 destroy
436 crypto1_destroy(pcs);
437
438 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
439
440 LED_B_ON();
441 cmd_send(CMD_ACK,isOK,0,0,0,0);
442 LED_B_OFF();
443
444
445 // Thats it...
446 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
447 LEDsoff();
448 }
449
450 void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
451 {
452 uint8_t blockNo = arg0;
453 byte_t blockdata[16] = {0x00};
454
455 memcpy(blockdata, datain, 16);
456
457 uint8_t uid[10] = {0x00};
458
459 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
460
461 clear_trace();
462 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
463
464 if(!iso14443a_select_card(uid, NULL, NULL)) {
465 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
466 OnError(0);
467 return;
468 };
469
470 if(mifare_ultra_writeblock(blockNo, blockdata)) {
471 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
472 OnError(0);
473 return; };
474
475 if(mifare_ultra_halt()) {
476 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
477 OnError(0);
478 return;
479 };
480
481 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
482
483 cmd_send(CMD_ACK,1,0,0,0,0);
484 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
485 LEDsoff();
486 }
487
488 // Arg0 : Block to write to.
489 // Arg1 : 0 = use no authentication.
490 // 1 = use 0x1A authentication.
491 // 2 = use 0x1B authentication.
492 // datain : 4 first bytes is data to be written.
493 // : 4/16 next bytes is authentication key.
494 void MifareUWriteBlock_Special(uint8_t arg0, uint8_t arg1, uint8_t *datain)
495 {
496 uint8_t blockNo = arg0;
497 bool useKey = (arg1 == 1); //UL_C
498 bool usePwd = (arg1 == 2); //UL_EV1/NTAG
499 byte_t blockdata[4] = {0x00};
500
501 memcpy(blockdata, datain,4);
502
503 LEDsoff();
504 LED_A_ON();
505 clear_trace();
506 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
507
508 if(!iso14443a_select_card(NULL, NULL, NULL)) {
509 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
510 OnError(0);
511 return;
512 };
513
514 // UL-C authentication
515 if ( useKey ) {
516 uint8_t key[16] = {0x00};
517 memcpy(key, datain+4, sizeof(key) );
518
519 if ( !mifare_ultra_auth(key) ) {
520 OnError(1);
521 return;
522 }
523 }
524
525 // UL-EV1 / NTAG authentication
526 if (usePwd) {
527 uint8_t pwd[4] = {0x00};
528 memcpy(pwd, datain+4, 4);
529 uint8_t pack[4] = {0,0,0,0};
530 if (!mifare_ul_ev1_auth(pwd, pack)) {
531 OnError(1);
532 return;
533 }
534 }
535
536 if(mifare_ultra_special_writeblock(blockNo, blockdata)) {
537 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
538 OnError(0);
539 return;
540 };
541
542 if(mifare_ultra_halt()) {
543 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
544 OnError(0);
545 return;
546 };
547
548 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
549
550 cmd_send(CMD_ACK,1,0,0,0,0);
551 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
552 LEDsoff();
553 }
554
555 void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
556
557 uint8_t pwd[16] = {0x00};
558 byte_t blockdata[4] = {0x00};
559
560 memcpy(pwd, datain, 16);
561
562 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
563 clear_trace();
564 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
565
566 if(!iso14443a_select_card(NULL, NULL, NULL)) {
567 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
568 OnError(0);
569 return;
570 };
571
572 blockdata[0] = pwd[7];
573 blockdata[1] = pwd[6];
574 blockdata[2] = pwd[5];
575 blockdata[3] = pwd[4];
576 if(mifare_ultra_special_writeblock( 44, blockdata)) {
577 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
578 OnError(44);
579 return;
580 };
581
582 blockdata[0] = pwd[3];
583 blockdata[1] = pwd[2];
584 blockdata[2] = pwd[1];
585 blockdata[3] = pwd[0];
586 if(mifare_ultra_special_writeblock( 45, blockdata)) {
587 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
588 OnError(45);
589 return;
590 };
591
592 blockdata[0] = pwd[15];
593 blockdata[1] = pwd[14];
594 blockdata[2] = pwd[13];
595 blockdata[3] = pwd[12];
596 if(mifare_ultra_special_writeblock( 46, blockdata)) {
597 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
598 OnError(46);
599 return;
600 };
601
602 blockdata[0] = pwd[11];
603 blockdata[1] = pwd[10];
604 blockdata[2] = pwd[9];
605 blockdata[3] = pwd[8];
606 if(mifare_ultra_special_writeblock( 47, blockdata)) {
607 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
608 OnError(47);
609 return;
610 };
611
612 if(mifare_ultra_halt()) {
613 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
614 OnError(0);
615 return;
616 };
617
618 cmd_send(CMD_ACK,1,0,0,0,0);
619 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
620 LEDsoff();
621 }
622
623 // Return 1 if the nonce is invalid else return 0
624 int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {
625 return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \
626 (oddparity((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \
627 (oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;
628 }
629
630
631 //-----------------------------------------------------------------------------
632 // MIFARE nested authentication.
633 //
634 //-----------------------------------------------------------------------------
635 void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain)
636 {
637 // params
638 uint8_t blockNo = arg0 & 0xff;
639 uint8_t keyType = (arg0 >> 8) & 0xff;
640 uint8_t targetBlockNo = arg1 & 0xff;
641 uint8_t targetKeyType = (arg1 >> 8) & 0xff;
642 uint64_t ui64Key = 0;
643
644 ui64Key = bytes_to_num(datain, 6);
645
646 // variables
647 uint16_t rtr, i, j, len;
648 uint16_t davg;
649 static uint16_t dmin, dmax;
650 uint8_t uid[10];
651 uint32_t cuid, nt1, nt2, nttmp, nttest, ks1;
652 uint8_t par[1];
653 uint32_t target_nt[2], target_ks[2];
654
655 uint8_t par_array[4];
656 uint16_t ncount = 0;
657 struct Crypto1State mpcs = {0, 0};
658 struct Crypto1State *pcs;
659 pcs = &mpcs;
660 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
661
662 uint32_t auth1_time, auth2_time;
663 static uint16_t delta_time;
664
665 // free eventually allocated BigBuf memory
666 BigBuf_free();
667 // clear trace
668 clear_trace();
669 set_tracing(false);
670
671 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
672
673 LED_A_ON();
674 LED_C_OFF();
675
676
677 // statistics on nonce distance
678 if (calibrate) { // for first call only. Otherwise reuse previous calibration
679 LED_B_ON();
680 WDT_HIT();
681
682 davg = dmax = 0;
683 dmin = 2000;
684 delta_time = 0;
685
686 for (rtr = 0; rtr < 17; rtr++) {
687
688 // prepare next select. No need to power down the card.
689 if(mifare_classic_halt(pcs, cuid)) {
690 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
691 rtr--;
692 continue;
693 }
694
695 if(!iso14443a_select_card(uid, NULL, &cuid)) {
696 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
697 rtr--;
698 continue;
699 };
700
701 auth1_time = 0;
702 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
703 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
704 rtr--;
705 continue;
706 };
707
708 if (delta_time) {
709 auth2_time = auth1_time + delta_time;
710 } else {
711 auth2_time = 0;
712 }
713 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {
714 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error");
715 rtr--;
716 continue;
717 };
718
719 nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160
720 for (i = 101; i < 1200; i++) {
721 nttmp = prng_successor(nttmp, 1);
722 if (nttmp == nt2) break;
723 }
724
725 if (i != 1200) {
726 if (rtr != 0) {
727 davg += i;
728 dmin = MIN(dmin, i);
729 dmax = MAX(dmax, i);
730 }
731 else {
732 delta_time = auth2_time - auth1_time + 32; // allow some slack for proper timing
733 }
734 if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);
735 }
736 }
737
738 if (rtr <= 1) return;
739
740 davg = (davg + (rtr - 1)/2) / (rtr - 1);
741
742 if (MF_DBGLEVEL >= 3) Dbprintf("min=%d max=%d avg=%d, delta_time=%d", dmin, dmax, davg, delta_time);
743
744 dmin = davg - 2;
745 dmax = davg + 2;
746
747 LED_B_OFF();
748
749 }
750 // -------------------------------------------------------------------------------------------------
751
752 LED_C_ON();
753
754 // get crypted nonces for target sector
755 for(i=0; i < 2; i++) { // look for exactly two different nonces
756
757 target_nt[i] = 0;
758 while(target_nt[i] == 0) { // continue until we have an unambiguous nonce
759
760 // prepare next select. No need to power down the card.
761 if(mifare_classic_halt(pcs, cuid)) {
762 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
763 continue;
764 }
765
766 if(!iso14443a_select_card(uid, NULL, &cuid)) {
767 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
768 continue;
769 };
770
771 auth1_time = 0;
772 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
773 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
774 continue;
775 };
776
777 // nested authentication
778 auth2_time = auth1_time + delta_time;
779 len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
780 if (len != 4) {
781 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);
782 continue;
783 };
784
785 nt2 = bytes_to_num(receivedAnswer, 4);
786 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);
787
788 // Parity validity check
789 for (j = 0; j < 4; j++) {
790 par_array[j] = (oddparity(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01));
791 }
792
793 ncount = 0;
794 nttest = prng_successor(nt1, dmin - 1);
795 for (j = dmin; j < dmax + 1; j++) {
796 nttest = prng_successor(nttest, 1);
797 ks1 = nt2 ^ nttest;
798
799 if (valid_nonce(nttest, nt2, ks1, par_array)){
800 if (ncount > 0) { // we are only interested in disambiguous nonces, try again
801 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i+1, j);
802 target_nt[i] = 0;
803 break;
804 }
805 target_nt[i] = nttest;
806 target_ks[i] = ks1;
807 ncount++;
808 if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces
809 target_nt[i] = 0;
810 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j);
811 break;
812 }
813 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: valid, ntdist=%d", i+1, j);
814 }
815 }
816 if (target_nt[i] == 0 && j == dmax+1 && MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (all invalid)", i+1);
817 }
818 }
819
820 LED_C_OFF();
821
822 // ----------------------------- crypto1 destroy
823 crypto1_destroy(pcs);
824
825 byte_t buf[4 + 4 * 4];
826 memcpy(buf, &cuid, 4);
827 memcpy(buf+4, &target_nt[0], 4);
828 memcpy(buf+8, &target_ks[0], 4);
829 memcpy(buf+12, &target_nt[1], 4);
830 memcpy(buf+16, &target_ks[1], 4);
831
832 LED_B_ON();
833 cmd_send(CMD_ACK, 0, 2, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));
834 LED_B_OFF();
835
836 if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED");
837
838 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
839 LEDsoff();
840 set_tracing(TRUE);
841 }
842
843 //-----------------------------------------------------------------------------
844 // MIFARE check keys. key count up to 85.
845 //
846 //-----------------------------------------------------------------------------
847 void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
848 {
849 // params
850 uint8_t blockNo = arg0;
851 uint8_t keyType = arg1;
852 uint8_t keyCount = arg2;
853 uint64_t ui64Key = 0;
854
855 // variables
856 int i;
857 byte_t isOK = 0;
858 uint8_t uid[10];
859 uint32_t cuid;
860 struct Crypto1State mpcs = {0, 0};
861 struct Crypto1State *pcs;
862 pcs = &mpcs;
863
864 // clear debug level
865 int OLD_MF_DBGLEVEL = MF_DBGLEVEL;
866 MF_DBGLEVEL = MF_DBG_NONE;
867
868 // clear trace
869 clear_trace();
870 set_tracing(TRUE);
871
872 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
873
874 LED_A_ON();
875 LED_B_OFF();
876 LED_C_OFF();
877
878 for (i = 0; i < keyCount; i++) {
879 if(mifare_classic_halt(pcs, cuid)) {
880 if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Halt error");
881 }
882
883 if(!iso14443a_select_card(uid, NULL, &cuid)) {
884 if (OLD_MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card");
885 break;
886 };
887
888 ui64Key = bytes_to_num(datain + i * 6, 6);
889 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
890 continue;
891 };
892
893 isOK = 1;
894 break;
895 }
896
897 // ----------------------------- crypto1 destroy
898 crypto1_destroy(pcs);
899
900 LED_B_ON();
901 cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);
902 LED_B_OFF();
903
904 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
905 LEDsoff();
906
907 // restore debug level
908 MF_DBGLEVEL = OLD_MF_DBGLEVEL;
909 }
910
911 //-----------------------------------------------------------------------------
912 // MIFARE commands set debug level
913 //
914 //-----------------------------------------------------------------------------
915 void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
916 MF_DBGLEVEL = arg0;
917 Dbprintf("Debug level: %d", MF_DBGLEVEL);
918 }
919
920 //-----------------------------------------------------------------------------
921 // Work with emulator memory
922 //
923 //-----------------------------------------------------------------------------
924 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
925 emlClearMem();
926 }
927
928 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
929 emlSetMem(datain, arg0, arg1); // data, block num, blocks count
930 }
931
932 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
933 byte_t buf[USB_CMD_DATA_SIZE];
934 emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)
935
936 LED_B_ON();
937 cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);
938 LED_B_OFF();
939 }
940
941 //-----------------------------------------------------------------------------
942 // Load a card into the emulator memory
943 //
944 //-----------------------------------------------------------------------------
945 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
946 uint8_t numSectors = arg0;
947 uint8_t keyType = arg1;
948 uint64_t ui64Key = 0;
949 uint32_t cuid;
950 struct Crypto1State mpcs = {0, 0};
951 struct Crypto1State *pcs;
952 pcs = &mpcs;
953
954 // variables
955 byte_t dataoutbuf[16];
956 byte_t dataoutbuf2[16];
957 uint8_t uid[10];
958
959 // clear trace
960 clear_trace();
961 set_tracing(false);
962
963 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
964
965 LED_A_ON();
966 LED_B_OFF();
967 LED_C_OFF();
968
969 bool isOK = true;
970
971 if(!iso14443a_select_card(uid, NULL, &cuid)) {
972 isOK = false;
973 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
974 }
975
976 for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
977 ui64Key = emlGetKey(sectorNo, keyType);
978 if (sectorNo == 0){
979 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
980 isOK = false;
981 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo);
982 break;
983 }
984 } else {
985 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {
986 isOK = false;
987 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo);
988 break;
989 }
990 }
991
992 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
993 if(isOK && mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {
994 isOK = false;
995 if (MF_DBGLEVEL >= 1) Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo);
996 break;
997 };
998 if (isOK) {
999 if (blockNo < NumBlocksPerSector(sectorNo) - 1) {
1000 emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);
1001 } else { // sector trailer, keep the keys, set only the AC
1002 emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
1003 memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);
1004 emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
1005 }
1006 }
1007 }
1008
1009 }
1010
1011 if(mifare_classic_halt(pcs, cuid)) {
1012 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1013 };
1014
1015 // ----------------------------- crypto1 destroy
1016 crypto1_destroy(pcs);
1017
1018 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1019 LEDsoff();
1020
1021 if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");
1022
1023 }
1024
1025
1026 //-----------------------------------------------------------------------------
1027 // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)
1028 //
1029 //-----------------------------------------------------------------------------
1030 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
1031
1032 // params
1033 uint8_t needWipe = arg0;
1034 // bit 0 - need get UID
1035 // bit 1 - need wupC
1036 // bit 2 - need HALT after sequence
1037 // bit 3 - need init FPGA and field before sequence
1038 // bit 4 - need reset FPGA and LED
1039 uint8_t workFlags = arg1;
1040 uint8_t blockNo = arg2;
1041
1042 // card commands
1043 uint8_t wupC1[] = { 0x40 };
1044 uint8_t wupC2[] = { 0x43 };
1045 uint8_t wipeC[] = { 0x41 };
1046
1047 // variables
1048 byte_t isOK = 0;
1049 uint8_t uid[10] = {0x00};
1050 uint8_t d_block[18] = {0x00};
1051 uint32_t cuid;
1052
1053 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1054 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1055
1056 // reset FPGA and LED
1057 if (workFlags & 0x08) {
1058 LED_A_ON();
1059 LED_B_OFF();
1060 LED_C_OFF();
1061
1062 clear_trace();
1063 set_tracing(TRUE);
1064 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1065 }
1066
1067 while (true) {
1068
1069 // get UID from chip
1070 if (workFlags & 0x01) {
1071 if(!iso14443a_select_card(uid, NULL, &cuid)) {
1072 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
1073 //break;
1074 };
1075
1076 if(mifare_classic_halt(NULL, cuid)) {
1077 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1078 //break;
1079 };
1080 };
1081
1082 // reset chip
1083 if (needWipe){
1084 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1085 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1086 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1087 break;
1088 };
1089
1090 ReaderTransmit(wipeC, sizeof(wipeC), NULL);
1091 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1092 if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");
1093 break;
1094 };
1095
1096 if(mifare_classic_halt(NULL, cuid)) {
1097 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1098 break;
1099 };
1100 };
1101
1102 // write block
1103 if (workFlags & 0x02) {
1104 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1105 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1106 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1107 break;
1108 };
1109
1110 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1111 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1112 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1113 break;
1114 };
1115 }
1116
1117 if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
1118 if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");
1119 break;
1120 };
1121
1122 memcpy(d_block, datain, 16);
1123 AppendCrc14443a(d_block, 16);
1124
1125 ReaderTransmit(d_block, sizeof(d_block), NULL);
1126 if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
1127 if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");
1128 break;
1129 };
1130
1131 if (workFlags & 0x04) {
1132 if (mifare_classic_halt(NULL, cuid)) {
1133 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1134 break;
1135 };
1136 }
1137
1138 isOK = 1;
1139 break;
1140 }
1141
1142 LED_B_ON();
1143 cmd_send(CMD_ACK,isOK,0,0,uid,4);
1144 LED_B_OFF();
1145
1146 if ((workFlags & 0x10) || (!isOK)) {
1147 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1148 LEDsoff();
1149 }
1150 }
1151
1152
1153 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
1154
1155 // params
1156 // bit 1 - need wupC
1157 // bit 2 - need HALT after sequence
1158 // bit 3 - need init FPGA and field before sequence
1159 // bit 4 - need reset FPGA and LED
1160 uint8_t workFlags = arg0;
1161 uint8_t blockNo = arg2;
1162
1163 // card commands
1164 uint8_t wupC1[] = { 0x40 };
1165 uint8_t wupC2[] = { 0x43 };
1166
1167 // variables
1168 byte_t isOK = 0;
1169 uint8_t data[18] = {0x00};
1170 uint32_t cuid = 0;
1171
1172 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1173 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1174
1175 if (workFlags & 0x08) {
1176 LED_A_ON();
1177 LED_B_OFF();
1178 LED_C_OFF();
1179
1180 clear_trace();
1181 set_tracing(TRUE);
1182 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1183 }
1184
1185 while (true) {
1186 if (workFlags & 0x02) {
1187 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1188 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1189 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1190 break;
1191 };
1192
1193 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1194 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1195 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1196 break;
1197 };
1198 }
1199
1200 // read block
1201 if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {
1202 if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error");
1203 break;
1204 };
1205 memcpy(data, receivedAnswer, 18);
1206
1207 if (workFlags & 0x04) {
1208 if (mifare_classic_halt(NULL, cuid)) {
1209 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1210 break;
1211 };
1212 }
1213
1214 isOK = 1;
1215 break;
1216 }
1217
1218 LED_B_ON();
1219 cmd_send(CMD_ACK,isOK,0,0,data,18);
1220 LED_B_OFF();
1221
1222 if ((workFlags & 0x10) || (!isOK)) {
1223 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1224 LEDsoff();
1225 }
1226 }
1227
1228 void MifareCIdent(){
1229
1230 // card commands
1231 uint8_t wupC1[] = { 0x40 };
1232 uint8_t wupC2[] = { 0x43 };
1233
1234 // variables
1235 byte_t isOK = 1;
1236
1237 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1238 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1239
1240 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1241 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1242 isOK = 0;
1243 };
1244
1245 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1246 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1247 isOK = 0;
1248 };
1249
1250 if (mifare_classic_halt(NULL, 0)) {
1251 isOK = 0;
1252 };
1253
1254 cmd_send(CMD_ACK,isOK,0,0,0,0);
1255 }
1256
1257 void MifareCollectNonces(uint32_t arg0, uint32_t arg1){
1258
1259 BigBuf_free();
1260
1261 uint32_t iterations = arg0;
1262 uint8_t uid[10] = {0x00};
1263
1264 uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);
1265 uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);
1266
1267 uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
1268
1269 // get memory from BigBuf.
1270 uint8_t *nonces = BigBuf_malloc(iterations * 4);
1271
1272 LED_A_ON();
1273 LED_B_OFF();
1274 LED_C_OFF();
1275
1276 clear_trace();
1277 set_tracing(TRUE);
1278 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1279
1280 for (int i = 0; i < iterations; i++) {
1281
1282 WDT_HIT();
1283
1284 // Test if the action was cancelled
1285 if(BUTTON_PRESS()) break;
1286
1287 // if(mifare_classic_halt(pcs, cuid)) {
1288 // if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1289 //}
1290
1291 if(!iso14443a_select_card(uid, NULL, NULL)) {
1292 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
1293 continue;
1294 };
1295
1296 // Transmit MIFARE_CLASSIC_AUTH.
1297 ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);
1298
1299 // Receive the (4 Byte) "random" nonce
1300 if (!ReaderReceive(response, responsePar)) {
1301 if (MF_DBGLEVEL >= 1) Dbprintf("Couldn't receive tag nonce");
1302 continue;
1303 }
1304
1305 nonces[i*4] = bytes_to_num(response, 4);
1306 }
1307
1308 int packLen = iterations * 4;
1309 int packSize = 0;
1310 int packNum = 0;
1311 while (packLen > 0) {
1312 packSize = MIN(USB_CMD_DATA_SIZE, packLen);
1313 LED_B_ON();
1314 cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);
1315 LED_B_OFF();
1316
1317 packLen -= packSize;
1318 packNum++;
1319 }
1320 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1321 LEDsoff();
1322 }
1323
1324 //
1325 // DESFIRE
1326 //
1327
1328 void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
1329
1330 byte_t dataout[11] = {0x00};
1331 uint8_t uid[10] = {0x00};
1332 uint32_t cuid = 0x00;
1333
1334 clear_trace();
1335 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1336
1337 int len = iso14443a_select_card(uid, NULL, &cuid);
1338 if(!len) {
1339 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
1340 OnError(1);
1341 return;
1342 };
1343
1344 if(mifare_desfire_des_auth1(cuid, dataout)){
1345 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");
1346 OnError(4);
1347 return;
1348 }
1349
1350 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");
1351 cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));
1352 }
1353
1354 void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
1355
1356 uint32_t cuid = arg0;
1357 uint8_t key[16] = {0x00};
1358 byte_t dataout[12] = {0x00};
1359 byte_t isOK = 0;
1360
1361 memcpy(key, datain, 16);
1362
1363 isOK = mifare_desfire_des_auth2(cuid, key, dataout);
1364
1365 if( isOK) {
1366 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");
1367 OnError(4);
1368 return;
1369 }
1370
1371 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
1372
1373 cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
1374 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1375 LEDsoff();
1376 }
1377
1378 void OnSuccess(){
1379 pcb_blocknum = 0;
1380 ReaderTransmit(deselect_cmd, 3 , NULL);
1381 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1382 LEDsoff();
1383 }
1384
1385 void OnError(uint8_t reason){
1386 pcb_blocknum = 0;
1387 ReaderTransmit(deselect_cmd, 3 , NULL);
1388 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1389 cmd_send(CMD_ACK,0,reason,0,0,0);
1390 LEDsoff();
1391 }
Proxmark3 GIT tracking
Impressum, Datenschutz