]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifaresniff.c
1 //-----------------------------------------------------------------------------
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Routines to support mifare classic sniffer.
9 //-----------------------------------------------------------------------------
11 #include "mifaresniff.h"
14 static int sniffState
= SNF_INIT
;
15 static uint8_t sniffUIDType
= 0;
16 static uint8_t sniffUID
[10] = {0,0,0,0,0,0,0,0,0,0};
17 static uint8_t sniffATQA
[2] = {0,0};
18 static uint8_t sniffSAK
= 0;
19 static uint8_t sniffBuf
[19];
20 static uint32_t timerData
= 0;
23 void MfSniffInit(void){
24 memset(sniffUID
, 0x00, sizeof(sniffUID
));
25 memset(sniffATQA
, 0x00, sizeof(sniffATQA
));
26 memset(sniffBuf
, 0x00, sizeof(sniffBuf
));
28 sniffUIDType
= SNF_UID_4
;
31 void MfSniffEnd(void){
33 cmd_send(CMD_ACK
,0,0,0,0,0);
37 bool RAMFUNC
MfSniffLogic(const uint8_t *data
, uint16_t len
, uint8_t *parity
, uint16_t bitCnt
, bool reader
) {
39 // reset on 7-Bit commands from reader
40 if (reader
&& (len
== 1) && (bitCnt
== 7)) {
41 sniffState
= SNF_INIT
;
46 // REQA or WUPA from reader
47 if ((len
== 1) && (reader
) && (bitCnt
== 7) ) {
49 sniffState
= SNF_WUPREQ
;
55 if ((!reader
) && (len
== 2)) {
56 sniffATQA
[0] = data
[0];
57 sniffATQA
[1] = data
[1];
58 sniffState
= SNF_ATQA
;
63 // Select ALL from reader
64 if ((reader
) && (len
== 2) && (data
[0] == 0x93) && (data
[1] == 0x20)) {
65 sniffState
= SNF_ANTICOL1
;
71 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) {
72 memcpy(sniffUID
+ 3, data
, 4);
73 sniffState
= SNF_UID1
;
78 // Select 4 Byte UID from reader
79 if ((reader
) && (len
== 9) && (data
[0] == 0x93) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) {
85 if ((!reader
) && (len
== 3) && (CheckCrc14443(CRC_14443_A
, data
, 3))) { // SAK from card?
87 if (sniffUID
[3] == 0x88) { // CL2 UID part to be expected
88 sniffState
= SNF_ANTICOL2
;
89 } else { // select completed
90 sniffState
= SNF_CARD_IDLE
;
97 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) {
98 memcpy(sniffUID
, sniffUID
+4, 3);
99 memcpy(sniffUID
+3, data
, 4);
100 sniffUIDType
= SNF_UID_7
;
101 sniffState
= SNF_UID2
;
106 // Select 2nd part of 7 Byte UID
107 if ((reader
) && (len
== 9) && (data
[0] == 0x95) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) {
108 sniffState
= SNF_SAK
;
114 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) {
115 memcpy(sniffUID
, sniffUID
+4, 3);
116 memcpy(sniffUID
+3, data
, 4);
117 sniffUIDType
= SNF_UID_10
;
118 sniffState
= SNF_UID3
;
123 // Select 3nd part of 10 Byte UID
124 if ((reader
) && (len
== 9) && (data
[0] == 0x97) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) {
125 sniffState
= SNF_SAK
;
129 case SNF_CARD_IDLE
:{ // trace the card select sequence
132 memcpy(sniffBuf
+ 2, sniffUID
, sizeof(sniffUID
));
133 memcpy(sniffBuf
+ 9, sniffATQA
, sizeof(sniffATQA
));
134 sniffBuf
[14] = sniffSAK
;
137 LogTrace(sniffBuf
, sizeof(sniffBuf
), 0, 0, NULL
, TRUE
);
138 } // intentionally no break;
140 LogTrace(data
, len
, 0, 0, NULL
, TRUE
);
141 sniffState
= SNF_CARD_RESP
;
142 timerData
= GetTickCount();
146 LogTrace(data
, len
, 0, 0, NULL
, FALSE
);
147 sniffState
= SNF_CARD_CMD
;
148 timerData
= GetTickCount();
152 sniffState
= SNF_INIT
;
158 bool RAMFUNC
MfSniffSend(uint16_t maxTimeoutMs
) {
159 if (BigBuf_get_traceLen() && (GetTickCount() > timerData
+ maxTimeoutMs
)) {
160 return intMfSniffSend();
165 // internal sending function. not a RAMFUNC.
166 bool intMfSniffSend() {
169 int pckLen
= BigBuf_get_traceLen();
171 uint8_t *trace
= BigBuf_get_addr();
175 pckSize
= MIN(USB_CMD_DATA_SIZE
, pckLen
);
177 cmd_send(CMD_ACK
, 1, BigBuf_get_traceLen(), pckSize
, trace
+ BigBuf_get_traceLen() - pckLen
, pckSize
);
184 cmd_send(CMD_ACK
,2,0,0,0,0);