]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifaresniff.c
f4879329d5f3e194a03f6f0cce0d5744f9d4a6d4
1 //-----------------------------------------------------------------------------
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Routines to support mifare classic sniffer.
9 //-----------------------------------------------------------------------------
11 #include "mifaresniff.h"
13 #include "proxmark3.h"
16 #include "iso14443crc.h"
17 #include "iso14443a.h"
18 #include "crapto1/crapto1.h"
19 #include "mifareutil.h"
23 static int sniffState
= SNF_INIT
;
24 static uint8_t sniffUIDType
;
25 static uint8_t sniffUID
[8] = {0x00};
26 static uint8_t sniffATQA
[2] = {0x00};
27 static uint8_t sniffSAK
;
28 static uint8_t sniffBuf
[16] = {0x00};
29 static uint32_t timerData
= 0;
32 bool MfSniffInit(void){
33 memset(sniffUID
, 0x00, 8);
34 memset(sniffATQA
, 0x00, 2);
36 sniffUIDType
= SNF_UID_4
;
41 bool MfSniffEnd(void){
43 cmd_send(CMD_ACK
,0,0,0,0,0);
49 bool RAMFUNC
MfSniffLogic(const uint8_t *data
, uint16_t len
, uint8_t *parity
, uint16_t bitCnt
, bool reader
) {
51 if (reader
&& (len
== 1) && (bitCnt
== 7)) { // reset on 7-Bit commands from reader
52 sniffState
= SNF_INIT
;
57 if ((len
== 1) && (reader
) && (bitCnt
== 7) ) { // REQA or WUPA from reader
58 sniffUIDType
= SNF_UID_4
;
59 memset(sniffUID
, 0x00, 8);
60 memset(sniffATQA
, 0x00, 2);
62 sniffState
= SNF_WUPREQ
;
67 if ((!reader
) && (len
== 2)) { // ATQA from tag
68 memcpy(sniffATQA
, data
, 2);
69 sniffState
= SNF_ATQA
;
76 if ((reader
) && (len
== 2) && (data
[0] == 0x93) && (data
[1] == 0x20)) { // Select ALL from reader
77 sniffState
= SNF_ANTICOL1
;
81 if ((reader
) && (len
== 9) && (data
[0] == 0x93) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) { // Select 4 Byte UID from reader
82 memcpy(sniffUID
+ 3, &data
[2], 4);
88 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) { // UID from tag (CL1)
89 sniffState
= SNF_UID1
;
94 if ((!reader
) && (len
== 3) && (CheckCrc14443(CRC_14443_A
, data
, 3))) { // SAK from card?
96 if ((sniffUID
[3] == 0x88) && (sniffUIDType
== SNF_UID_4
)) { // CL2 UID part to be expected
97 sniffUIDType
= SNF_UID_7
;
98 memcpy(sniffUID
, sniffUID
+ 4, 3);
99 sniffState
= SNF_UID2
;
100 } else { // select completed
101 sniffState
= SNF_CARD_IDLE
;
107 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) { // CL2 UID
108 sniffState
= SNF_UID2
;
113 if ((reader
) && (len
== 2) && (data
[0] == 0x95) && (data
[1] == 0x20)) {
114 sniffState
= SNF_ANTICOL2
;
117 if ((reader
) && (len
== 9) && (data
[0] == 0x95) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) {
118 memcpy(sniffUID
+ 3, &data
[2], 4);
119 sniffState
= SNF_SAK
;
123 case SNF_CARD_IDLE
:{ // trace the card select sequence
126 memcpy(sniffBuf
+ 2, sniffUID
, 7);
127 memcpy(sniffBuf
+ 9, sniffATQA
, 2);
128 sniffBuf
[11] = sniffSAK
;
131 LogTrace(sniffBuf
, 14, 0, 0, NULL
, TRUE
);
132 sniffState
= SNF_CARD_CMD
;
133 } // intentionally no break;
135 LogTrace(data
, len
, 0, 0, NULL
, reader
);
136 timerData
= GetTickCount();
141 sniffState
= SNF_INIT
;
149 bool RAMFUNC
MfSniffSend(uint16_t maxTimeoutMs
) {
150 if (BigBuf_get_traceLen() && (GetTickCount() > timerData
+ maxTimeoutMs
)) {
151 return intMfSniffSend();
156 // internal sending function. not a RAMFUNC.
157 bool intMfSniffSend() {
160 int pckLen
= BigBuf_get_traceLen();
162 uint8_t *trace
= BigBuf_get_addr();
166 pckSize
= MIN(USB_CMD_DATA_SIZE
, pckLen
);
168 cmd_send(CMD_ACK
, 1, BigBuf_get_traceLen(), pckSize
, trace
+ BigBuf_get_traceLen() - pckLen
, pckSize
);
176 cmd_send(CMD_ACK
,2,0,0,0,0);