]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifarecmd.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ADD: @marshmellows42 's fixes for "lf cmdread" and CHANGELOG.md
[proxmark3-svn] / armsrc / mifarecmd.c
diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 69b5b53c76843e41267cdbb3926367b6f694260e..0b75ebc3fb9543229463102b28bef0f4a81ad00f 100644 (file)
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -16,8 +16,6 @@
 #include "mifarecmd.h"\r
 #include "apps.h"\r
 #include "util.h"\r
 #include "mifarecmd.h"\r
 #include "apps.h"\r
 #include "util.h"\r
-//#include "../client/loclass/des.h"\r
-#include "des.h"\r
 #include "crc.h"\r
 \r
 //-----------------------------------------------------------------------------\r
 #include "crc.h"\r
 \r
 //-----------------------------------------------------------------------------\r
@@ -41,10 +39,10 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
-       // clear trace\r
-       clear_trace();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
+       clear_trace();\r
+\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
@@ -87,174 +85,92 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        LEDsoff();\r
 }\r
 \r
        LEDsoff();\r
 }\r
 \r
+void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){\r
 \r
 \r
-void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){\r
+       bool turnOffField = (arg0 == 1);\r
 \r
 \r
-       byte_t isOK = 0;\r
-       byte_t dataoutbuf[16] = {0x00};\r
-       uint8_t uid[10] = {0x00};\r
-       uint32_t cuid;\r
+       LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
 \r
 \r
-       LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
-    \r
-       clear_trace();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
-       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
-                       Dbprintf("Can't select card");\r
+       clear_trace();\r
+\r
+       if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
                OnError(0);\r
                return;\r
        };\r
        \r
                OnError(0);\r
                return;\r
        };\r
        \r
-       if(mifare_ultra_auth1(cuid, dataoutbuf)){\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)        \r
-                       Dbprintf("Authentication part1: Fail.");\r
+       if(!mifare_ultra_auth(keybytes)){\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");\r
                OnError(1);\r
                return;\r
        }\r
 \r
                OnError(1);\r
                return;\r
        }\r
 \r
-       isOK = 1;\r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED)\r
-               DbpString("AUTH 1 FINISHED");\r
-    \r
-    cmd_send(CMD_ACK,isOK,cuid,0,dataoutbuf,11);\r
-       LEDsoff();\r
-}\r
-void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){\r
-\r
-       uint32_t cuid = arg0;\r
-       uint8_t key[16] = {0x00};\r
-       byte_t isOK = 0;\r
-       byte_t dataoutbuf[16] = {0x00};\r
-    \r
-       memcpy(key, datain, 16);\r
-    \r
-       LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
-       \r
-       if(mifare_ultra_auth2(cuid, key, dataoutbuf)){\r
-           if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
-                       Dbprintf("Authentication part2: Fail...");\r
-               OnError(1);\r
-               return;                 \r
+       if (turnOffField) {\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               LEDsoff();\r
        }\r
        }\r
-       \r
-       isOK = 1;\r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED)\r
-               DbpString("AUTH 2 FINISHED");\r
-    \r
-       cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,11);\r
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-       LEDsoff();\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
 }\r
 \r
 }\r
 \r
+// Arg0 = BlockNo,\r
+// Arg1 = UsePwd bool\r
+// datain = PWD bytes,\r
 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
 {\r
        uint8_t blockNo = arg0;\r
        byte_t dataout[16] = {0x00};\r
 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
 {\r
        uint8_t blockNo = arg0;\r
        byte_t dataout[16] = {0x00};\r
-       uint8_t uid[10] = {0x00};\r
-       uint8_t key[8] = {0x00};\r
-       uint32_t cuid;\r
-    bool usePwd = false;\r
-       \r
-       usePwd = (arg1 == 1);\r
-       \r
-       // use password\r
-       if ( usePwd )\r
-               memcpy(key, datain, 8);\r
-       \r
+       bool useKey = (arg1 == 1); //UL_C\r
+       bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
+\r
+       LEDsoff();\r
        LED_A_ON();\r
        LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
-    \r
-       clear_trace();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-    \r
-       int len = iso14443a_select_card(uid, NULL, &cuid);\r
+\r
+       clear_trace();\r
+\r
+       int len = iso14443a_select_card(NULL, NULL, NULL);\r
        if(!len) {\r
        if(!len) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("Can't select card (RC:%d)",len);\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);\r
                OnError(1);\r
                return;\r
                OnError(1);\r
                return;\r
-               };\r
-       \r
-        // authenticate here.\r
-       if ( usePwd ) {\r
-\r
-               uint8_t a[8] = { 0x01 };\r
-               uint8_t b[8] = { 0x00 };\r
-               uint8_t enc_b[8] = { 0x00 };\r
-               uint8_t ab[16] = { 0x00 };\r
-               \r
-               uint8_t transKey[8] = { 0x00 };\r
-               \r
-               uint16_t len;\r
-               uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
-               uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
-       \r
-               len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);\r
-               if (len == 1) {\r
-                       if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
-                               Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
-                               OnError(1);\r
-                               return;\r
-               }\r
-               \r
-//             memcpy(dataout, receivedAnswer, 11);\r
-               \r
-               // tag nonce.\r
-               memcpy(enc_b,receivedAnswer+1,8);\r
-\r
-               // decrypt nonce.\r
-               des_dec(enc_b, b, key );\r
-\r
-               Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x", enc_b[0],enc_b[1],enc_b[2],enc_b[3],enc_b[4],enc_b[5],enc_b[6],enc_b[7] );\r
-\r
-               rol(b,8);\r
-               \r
-               memcpy(ab  ,a,8);\r
-               memcpy(ab+8,b,8);\r
-\r
-               Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[0],ab[1],ab[2],ab[3],ab[4],ab[5],ab[6],ab[7] );\r
-               Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[8],ab[9],ab[10],ab[11],ab[12],ab[13],ab[14],ab[15] );\r
-\r
-               // encrypt\r
-               des_enc(ab, ab, key);\r
+       }\r
 \r
 \r
-               Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[0],ab[1],ab[2],ab[3],ab[4],ab[5],ab[6],ab[7] );\r
-               Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[8],ab[9],ab[10],ab[11],ab[12],ab[13],ab[14],ab[15] );\r
+       // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};\r
+               memcpy(key, datain, sizeof(key) );\r
 \r
 \r
-               len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, ab, receivedAnswer, receivedAnswerPar, NULL);\r
-               if (len == 1) {\r
-                       if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
-                               Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+               if ( !mifare_ultra_auth(key) ) {\r
                        OnError(1);\r
                        return;\r
                }\r
                        OnError(1);\r
                        return;\r
                }\r
-       \r
-               // \r
-               memcpy(transKey, receivedAnswer+1, 8);\r
-               Dbprintf("TRANSACTIONKEY: %02x %02x %02x %02x %02x %02x %02x %02x", transKey[0],transKey[1],transKey[2],transKey[3],\r
-               transKey[4],transKey[5],transKey[6],transKey[7] );\r
        }\r
        }\r
-               \r
-       len = mifare_ultra_readblock(cuid, blockNo, dataout);\r
-       if(len) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("Read block error");\r
+\r
+       // UL-EV1 / NTAG authentication\r
+       if ( usePwd ) {\r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain, 4);\r
+               uint8_t pack[4] = {0,0,0,0};\r
+               if (!mifare_ul_ev1_auth(pwd, pack)) {\r
+                       OnError(1);\r
+                       return;\r
+               }\r
+       }       \r
+\r
+       if( mifare_ultra_readblock(blockNo, dataout) ) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");\r
                OnError(2);\r
                return;\r
                OnError(2);\r
                return;\r
-               };\r
-        \r
-       len = mifare_ultra_halt(cuid);\r
-       if(len) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("Halt error");\r
+       }\r
+\r
+       if( mifare_ultra_halt() ) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
                OnError(3);\r
                return;\r
                OnError(3);\r
                return;\r
-               };\r
-               \r
+       }\r
+\r
     cmd_send(CMD_ACK,1,0,0,dataout,16);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
     cmd_send(CMD_ACK,1,0,0,dataout,16);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
@@ -281,11 +197,10 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
-       // clear trace\r
-       clear_trace();\r
-\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
+       clear_trace();\r
+\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
@@ -295,7 +210,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
                isOK = 0;\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
        }\r
                isOK = 0;\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
        }\r
-\r
+       \r
        \r
        if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
                isOK = 0;\r
        \r
        if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
                isOK = 0;\r
@@ -328,73 +243,103 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        LEDsoff();\r
 }\r
 \r
        LEDsoff();\r
 }\r
 \r
-void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)\r
+// arg0 = blockNo (start)\r
+// arg1 = Pages (number of blocks)\r
+// arg2 = useKey\r
+// datain = KEY bytes\r
+void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
 {\r
-       // params\r
-       uint8_t sectorNo = arg0;\r
-       int Pages = arg1;\r
-       int count_Pages = 0;\r
-       byte_t dataout[176] = {0x00};;\r
-       uint8_t uid[10] = {0x00};\r
-       uint32_t cuid;\r
-\r
+       LEDsoff();\r
        LED_A_ON();\r
        LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
 \r
-       if (MF_DBGLEVEL >= MF_DBG_ALL) \r
-               Dbprintf("Pages %d",Pages);\r
-       \r
+       // free eventually allocated BigBuf memory\r
+       BigBuf_free();\r
        clear_trace();\r
        clear_trace();\r
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
 \r
-       int len = iso14443a_select_card(uid, NULL, &cuid);\r
-       \r
+       // params\r
+       uint8_t blockNo = arg0;\r
+       uint16_t blocks = arg1;\r
+       bool useKey = (arg2 == 1); //UL_C\r
+       bool usePwd = (arg2 == 2); //UL_EV1/NTAG\r
+       uint32_t countblocks = 0;\r
+       uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);\r
+       if (dataout == NULL){\r
+               Dbprintf("out of memory");\r
+               OnError(1);\r
+               return;\r
+       }\r
+\r
+       int len = iso14443a_select_card(NULL, NULL, NULL);\r
        if (!len) {\r
        if (!len) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
-                       Dbprintf("Can't select card (RC:%d)",len);\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);\r
                OnError(1);\r
                return;\r
        }\r
                OnError(1);\r
                return;\r
        }\r
-       \r
-       for (int i = 0; i < Pages; i++){\r
-       \r
-               len = mifare_ultra_readblock(cuid, sectorNo * 4 + i, dataout + 4 * i);\r
+\r
+       // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};\r
+               memcpy(key, datain, sizeof(key) );\r
+\r
+               if ( !mifare_ultra_auth(key) ) {\r
+                       OnError(1);\r
+                       return;\r
+               }\r
+       }\r
+\r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) {\r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain, sizeof(pwd));\r
+               uint8_t pack[4] = {0,0,0,0};\r
+\r
+               if (!mifare_ul_ev1_auth(pwd, pack)){\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+\r
+       for (int i = 0; i < blocks; i++){\r
+               if ((i*4) + 4 >= CARD_MEMORY_SIZE) {\r
+                       Dbprintf("Data exceeds buffer!!");\r
+                       break;\r
+               }\r
+\r
+               len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);\r
                \r
                if (len) {\r
                \r
                if (len) {\r
-                       if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
-                               Dbprintf("Read block %d error",i);\r
-                       OnError(2);\r
+                       if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);\r
+                       // if no blocks read - error out\r
+                       if (i==0){\r
+                               OnError(2);\r
                        return;\r
                        return;\r
+                       } else {\r
+                               //stop at last successful read block and return what we got\r
+                               break;\r
+                       }\r
                } else {\r
                } else {\r
-                       count_Pages++;\r
+                       countblocks++;\r
                }\r
        }\r
                }\r
        }\r
-               \r
-       len = mifare_ultra_halt(cuid);\r
+\r
+       len = mifare_ultra_halt();\r
        if (len) {\r
        if (len) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
-                       Dbprintf("Halt error");\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
                OnError(3);\r
                return;\r
        }\r
                OnError(3);\r
                return;\r
        }\r
-       \r
-       if (MF_DBGLEVEL >= MF_DBG_ALL) {\r
-               Dbprintf("Pages read %d", count_Pages);\r
-       }\r
 \r
 \r
-       len = 16*4; //64 bytes\r
-       \r
-       // Read a UL-C\r
-       if (Pages == 44 && count_Pages > 16) \r
-               len = 176;\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);\r
+\r
+       countblocks *= 4;\r
 \r
 \r
-       cmd_send(CMD_ACK, 1, 0, 0, dataout, len);       \r
+       cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
+       BigBuf_free();\r
 }\r
 \r
 }\r
 \r
-\r
 //-----------------------------------------------------------------------------\r
 // Select, Authenticate, Write a MIFARE tag. \r
 // read block\r
 //-----------------------------------------------------------------------------\r
 // Select, Authenticate, Write a MIFARE tag. \r
 // read block\r
@@ -418,11 +363,10 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
-       // clear trace\r
-       clear_trace();\r
-\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
+       clear_trace();\r
+\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
@@ -467,96 +411,179 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        LEDsoff();\r
 }\r
 \r
        LEDsoff();\r
 }\r
 \r
-void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)\r
+/* // Command not needed but left for future testing \r
+void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)\r
 {\r
 {\r
-        // params\r
-        uint8_t blockNo = arg0;\r
+       uint8_t blockNo = arg0;\r
        byte_t blockdata[16] = {0x00};\r
 \r
        byte_t blockdata[16] = {0x00};\r
 \r
-        memcpy(blockdata, datain,16);\r
-        \r
-        // variables\r
-        byte_t isOK = 0;\r
+       memcpy(blockdata, datain, 16);\r
+\r
        uint8_t uid[10] = {0x00};\r
        uint8_t uid[10] = {0x00};\r
-        uint32_t cuid;\r
 \r
 \r
-               clear_trace();\r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
 \r
 \r
-        LED_A_ON();\r
-        LED_B_OFF();\r
-        LED_C_OFF();\r
-\r
-        while (true) {\r
-                if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                        break;\r
-                };\r
-\r
-                if(mifare_ultra_writeblock(cuid, blockNo, blockdata)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
-                        break;\r
-                };\r
-\r
-                if(mifare_ultra_halt(cuid)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                        break;\r
-                };\r
-                \r
-                isOK = 1;\r
-                break;\r
-        }\r
-        \r
-        if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
-\r
-               cmd_send(CMD_ACK,isOK,0,0,0,0);\r
-        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-        LEDsoff();\r
-}\r
+       clear_trace();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       if(!iso14443a_select_card(uid, NULL, NULL)) {\r
+               if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
+               OnError(0);\r
+               return; };\r
+\r
+       if(mifare_ultra_halt()) {\r
+               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+               OnError(0);\r
+               return;\r
+       };\r
 \r
 \r
-void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)\r
+       if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
+\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
+*/\r
+\r
+// Arg0   : Block to write to.\r
+// Arg1   : 0 = use no authentication.\r
+//          1 = use 0x1A authentication.\r
+//          2 = use 0x1B authentication.\r
+// datain : 4 first bytes is data to be written.\r
+//        : 4/16 next bytes is authentication key.\r
+void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
 {\r
 {\r
-       // params\r
        uint8_t blockNo = arg0;\r
        uint8_t blockNo = arg0;\r
+       bool useKey = (arg1 == 1); //UL_C\r
+       bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
        byte_t blockdata[4] = {0x00};\r
        byte_t blockdata[4] = {0x00};\r
-       \r
-       memcpy(blockdata, datain,4);\r
 \r
 \r
-       // variables\r
-       byte_t isOK = 0;\r
-       uint8_t uid[10] = {0x00};\r
-       uint32_t cuid;\r
+       memcpy(blockdata, datain,4);\r
+       \r
+       LEDsoff();\r
+       LED_A_ON();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
 \r
        clear_trace();\r
+\r
+       if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};       \r
+               memcpy(key, datain+4, sizeof(key) );\r
+\r
+               if ( !mifare_ultra_auth(key) ) {\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+       \r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) { \r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain+4, 4);\r
+               uint8_t pack[4] = {0,0,0,0};\r
+               if (!mifare_ul_ev1_auth(pwd, pack)) {\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+       \r
+       if(mifare_ultra_writeblock(blockNo, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       if(mifare_ultra_halt()) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");\r
+\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
+\r
+void MifareUSetPwd(uint8_t arg0, uint8_t *datain){\r
+       \r
+       uint8_t pwd[16] = {0x00};\r
+       byte_t blockdata[4] = {0x00};\r
+       \r
+       memcpy(pwd, datain, 16);\r
+       \r
+       LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
-       LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
+       clear_trace();\r
 \r
 \r
-       while (true) {\r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                       break;\r
-               };\r
+       if(!iso14443a_select_card(NULL, NULL, NULL)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
+               OnError(0);\r
+               return;\r
+       };\r
 \r
 \r
-               if(mifare_ultra_special_writeblock(cuid, blockNo, blockdata)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
-                       break;\r
-               };\r
+       blockdata[0] = pwd[7];\r
+       blockdata[1] = pwd[6];\r
+       blockdata[2] = pwd[5];\r
+       blockdata[3] = pwd[4];\r
+       if(mifare_ultra_writeblock( 44, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(44);\r
+               return;\r
+       };\r
 \r
 \r
-               if(mifare_ultra_halt(cuid)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                       break;\r
-               };\r
+       blockdata[0] = pwd[3];\r
+       blockdata[1] = pwd[2];\r
+       blockdata[2] = pwd[1];\r
+       blockdata[3] = pwd[0];\r
+       if(mifare_ultra_writeblock( 45, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(45);\r
+               return;\r
+       };\r
 \r
 \r
-               isOK = 1;\r
-               break;\r
-       }\r
+       blockdata[0] = pwd[15];\r
+       blockdata[1] = pwd[14];\r
+       blockdata[2] = pwd[13];\r
+       blockdata[3] = pwd[12];\r
+       if(mifare_ultra_writeblock( 46, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(46);\r
+               return;\r
+       };\r
 \r
 \r
-       if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
+       blockdata[0] = pwd[11];\r
+       blockdata[1] = pwd[10];\r
+       blockdata[2] = pwd[9];\r
+       blockdata[3] = pwd[8];\r
+       if(mifare_ultra_writeblock( 47, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(47);\r
+               return;\r
+       };      \r
 \r
 \r
-       cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+       if(mifare_ultra_halt()) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 }\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 }\r
@@ -603,19 +630,20 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
        uint32_t auth1_time, auth2_time;\r
        static uint16_t delta_time;\r
 \r
        uint32_t auth1_time, auth2_time;\r
        static uint16_t delta_time;\r
 \r
-       // free eventually allocated BigBuf memory\r
-       BigBuf_free();\r
-       // clear trace\r
-       clear_trace();\r
-       set_tracing(false);\r
-       \r
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
        LED_A_ON();\r
        LED_C_OFF();\r
        LED_A_ON();\r
        LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       // free eventually allocated BigBuf memory\r
+       BigBuf_free();\r
 \r
 \r
+       if (calibrate) clear_trace();\r
+       set_tracing(true);\r
 \r
        // statistics on nonce distance\r
 \r
        // statistics on nonce distance\r
+       int16_t isOK = 0;\r
+       #define NESTED_MAX_TRIES 12\r
+       uint16_t unsuccessfull_tries = 0;\r
        if (calibrate) {        // for first call only. Otherwise reuse previous calibration\r
                LED_B_ON();\r
                WDT_HIT();\r
        if (calibrate) {        // for first call only. Otherwise reuse previous calibration\r
                LED_B_ON();\r
                WDT_HIT();\r
@@ -626,6 +654,12 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
                \r
                for (rtr = 0; rtr < 17; rtr++) {\r
 \r
                \r
                for (rtr = 0; rtr < 17; rtr++) {\r
 \r
+                       // Test if the action was cancelled\r
+                       if(BUTTON_PRESS()) {\r
+                               isOK = -2;\r
+                               break;\r
+                       }\r
+\r
                        // prepare next select. No need to power down the card.\r
                        if(mifare_classic_halt(pcs, cuid)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Halt error");\r
                        // prepare next select. No need to power down the card.\r
                        if(mifare_classic_halt(pcs, cuid)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Halt error");\r
@@ -673,27 +707,29 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
                                        delta_time = auth2_time - auth1_time + 32;  // allow some slack for proper timing\r
                                }\r
                                if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);\r
                                        delta_time = auth2_time - auth1_time + 32;  // allow some slack for proper timing\r
                                }\r
                                if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);\r
+                       } else {\r
+                               unsuccessfull_tries++;\r
+                               if (unsuccessfull_tries > NESTED_MAX_TRIES) {   // card isn't vulnerable to nested attack (random numbers are not predictable)\r
+                                       isOK = -3;\r
+                               }\r
                        }\r
                }\r
                        }\r
                }\r
-               \r
-               if (rtr <= 1)   return;\r
 \r
                davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
                \r
 \r
                davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
                \r
-               if (MF_DBGLEVEL >= 3) Dbprintf("min=%d max=%d avg=%d, delta_time=%d", dmin, dmax, davg, delta_time);\r
+               if (MF_DBGLEVEL >= 3) Dbprintf("rtr=%d isOK=%d min=%d max=%d avg=%d, delta_time=%d", rtr, isOK, dmin, dmax, davg, delta_time);\r
 \r
                dmin = davg - 2;\r
                dmax = davg + 2;\r
                \r
                LED_B_OFF();\r
 \r
                dmin = davg - 2;\r
                dmax = davg + 2;\r
                \r
                LED_B_OFF();\r
-       \r
        }\r
 //  -------------------------------------------------------------------------------------------------  \r
        \r
        LED_C_ON();\r
 \r
        //  get crypted nonces for target sector\r
        }\r
 //  -------------------------------------------------------------------------------------------------  \r
        \r
        LED_C_ON();\r
 \r
        //  get crypted nonces for target sector\r
-       for(i=0; i < 2; i++) { // look for exactly two different nonces\r
+       for(i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces\r
 \r
                target_nt[i] = 0;\r
                while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
 \r
                target_nt[i] = 0;\r
                while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
@@ -717,7 +753,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
 \r
                        // nested authentication\r
                        auth2_time = auth1_time + delta_time;\r
 \r
                        // nested authentication\r
                        auth2_time = auth1_time + delta_time;\r
-                       len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);\r
+                       len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);\r
                        if (len != 4) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error len=%d", len);\r
                                continue;\r
                        if (len != 4) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error len=%d", len);\r
                                continue;\r
@@ -771,25 +807,26 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
        memcpy(buf+16, &target_ks[1], 4);\r
        \r
        LED_B_ON();\r
        memcpy(buf+16, &target_ks[1], 4);\r
        \r
        LED_B_ON();\r
-       cmd_send(CMD_ACK, 0, 2, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
+       cmd_send(CMD_ACK, isOK, 0, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
        LED_B_OFF();\r
 \r
        if (MF_DBGLEVEL >= 3)   DbpString("NESTED FINISHED");\r
 \r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
        LED_B_OFF();\r
 \r
        if (MF_DBGLEVEL >= 3)   DbpString("NESTED FINISHED");\r
 \r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-       set_tracing(TRUE);\r
+       set_tracing(FALSE);\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
 // MIFARE check keys. key count up to 85. \r
 // \r
 //-----------------------------------------------------------------------------\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
 // MIFARE check keys. key count up to 85. \r
 // \r
 //-----------------------------------------------------------------------------\r
-void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
+void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
   // params\r
 {\r
   // params\r
-       uint8_t blockNo = arg0;\r
-       uint8_t keyType = arg1;\r
+       uint8_t blockNo = arg0 & 0xff;\r
+       uint8_t keyType = (arg0 >> 8) & 0xff;\r
+       bool clearTrace = arg1;\r
        uint8_t keyCount = arg2;\r
        uint64_t ui64Key = 0;\r
        \r
        uint8_t keyCount = arg2;\r
        uint64_t ui64Key = 0;\r
        \r
@@ -806,15 +843,13 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        int OLD_MF_DBGLEVEL = MF_DBGLEVEL;      \r
        MF_DBGLEVEL = MF_DBG_NONE;\r
        \r
        int OLD_MF_DBGLEVEL = MF_DBGLEVEL;      \r
        MF_DBGLEVEL = MF_DBG_NONE;\r
        \r
-       // clear trace\r
-       clear_trace();\r
-       set_tracing(TRUE);\r
-\r
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       if (clearTrace) clear_trace();\r
+       set_tracing(TRUE);\r
 \r
        for (i = 0; i < keyCount; i++) {\r
                if(mifare_classic_halt(pcs, cuid)) {\r
 \r
        for (i = 0; i < keyCount; i++) {\r
                if(mifare_classic_halt(pcs, cuid)) {\r
@@ -844,7 +879,8 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 \r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-\r
+       set_tracing(FALSE);\r
+       \r
        // restore debug level\r
        MF_DBGLEVEL = OLD_MF_DBGLEVEL;  \r
 }\r
        // restore debug level\r
        MF_DBGLEVEL = OLD_MF_DBGLEVEL;  \r
 }\r
@@ -861,16 +897,24 @@ void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 //-----------------------------------------------------------------------------\r
 // Work with emulator memory\r
 // \r
 //-----------------------------------------------------------------------------\r
 // Work with emulator memory\r
 // \r
+// Note: we call FpgaDownloadAndGo(FPGA_BITSTREAM_HF) here although FPGA is not\r
+// involved in dealing with emulator memory. But if it is called later, it might\r
+// destroy the Emulator Memory.\r
 //-----------------------------------------------------------------------------\r
 //-----------------------------------------------------------------------------\r
+\r
 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
        emlClearMem();\r
 }\r
 \r
 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
        emlClearMem();\r
 }\r
 \r
 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-       emlSetMem(datain, arg0, arg1); // data, block num, blocks count\r
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
+       //emlSetMem(datain, arg0, arg1); // data, block num, blocks count        \r
+       emlSetMem_xt(datain, arg0, arg1, arg2); // data, block num, blocks count, block byte width\r
 }\r
 \r
 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
 }\r
 \r
 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
        byte_t buf[USB_CMD_DATA_SIZE];\r
        emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
 \r
        byte_t buf[USB_CMD_DATA_SIZE];\r
        emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
 \r
@@ -897,15 +941,13 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        byte_t dataoutbuf2[16];\r
        uint8_t uid[10];\r
 \r
        byte_t dataoutbuf2[16];\r
        uint8_t uid[10];\r
 \r
-       // clear trace\r
-       clear_trace();\r
-       set_tracing(false);\r
-       \r
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       \r
+       clear_trace();\r
+       set_tracing(TRUE);\r
        \r
        bool isOK = true;\r
 \r
        \r
        bool isOK = true;\r
 \r
@@ -961,6 +1003,7 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        \r
        if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");\r
 \r
        \r
        if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");\r
 \r
+       set_tracing(FALSE);\r
 }\r
 \r
 \r
 }\r
 \r
 \r
@@ -999,10 +1042,10 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_C_OFF();\r
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_C_OFF();\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        \r
                clear_trace();\r
                set_tracing(TRUE);\r
        \r
                clear_trace();\r
                set_tracing(TRUE);\r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        }\r
 \r
        while (true) {\r
        }\r
 \r
        while (true) {\r
@@ -1087,6 +1130,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        if ((workFlags & 0x10) || (!isOK)) {\r
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
                LEDsoff();\r
        if ((workFlags & 0x10) || (!isOK)) {\r
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
                LEDsoff();\r
+               set_tracing(FALSE);\r
        }\r
 }\r
 \r
        }\r
 }\r
 \r
@@ -1098,6 +1142,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        // bit 2 - need HALT after sequence\r
        // bit 3 - need init FPGA and field before sequence\r
        // bit 4 - need reset FPGA and LED\r
        // bit 2 - need HALT after sequence\r
        // bit 3 - need init FPGA and field before sequence\r
        // bit 4 - need reset FPGA and LED\r
+       // bit 5 - need to set datain instead of issuing USB reply (called via ARM for StandAloneMode14a)\r
        uint8_t workFlags = arg0;\r
        uint8_t blockNo = arg2;\r
        \r
        uint8_t workFlags = arg0;\r
        uint8_t blockNo = arg2;\r
        \r
@@ -1117,10 +1162,10 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_C_OFF();\r
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_C_OFF();\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        \r
                clear_trace();\r
                set_tracing(TRUE);\r
        \r
                clear_trace();\r
                set_tracing(TRUE);\r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        }\r
 \r
        while (true) {\r
        }\r
 \r
        while (true) {\r
@@ -1157,12 +1202,18 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        }\r
        \r
        LED_B_ON();\r
        }\r
        \r
        LED_B_ON();\r
+       if (workFlags & 0x20) {\r
+               if (isOK)\r
+                       memcpy(datain, data, 18);\r
+       }\r
+       else\r
        cmd_send(CMD_ACK,isOK,0,0,data,18);\r
        LED_B_OFF();\r
 \r
        if ((workFlags & 0x10) || (!isOK)) {\r
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
                LEDsoff();\r
        cmd_send(CMD_ACK,isOK,0,0,data,18);\r
        LED_B_OFF();\r
 \r
        if ((workFlags & 0x10) || (!isOK)) {\r
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
                LEDsoff();\r
+               set_tracing(FALSE);\r
        }\r
 }\r
 \r
        }\r
 }\r
 \r
@@ -1195,7 +1246,75 @@ void MifareCIdent(){
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
 }\r
 \r
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
 }\r
 \r
-                       //\r
+void MifareCollectNonces(uint32_t arg0, uint32_t arg1){\r
+\r
+       BigBuf_free();\r
+\r
+       uint32_t iterations = arg0;\r
+       uint8_t uid[10] = {0x00};\r
+\r
+       uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);\r
+       uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);\r
+\r
+       uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };\r
+       \r
+       // get memory from BigBuf.\r
+       uint8_t *nonces = BigBuf_malloc(iterations * 4);\r
+\r
+       LED_A_ON();\r
+       LED_B_OFF();\r
+       LED_C_OFF();\r
+       \r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       clear_trace();\r
+       set_tracing(TRUE);\r
+               \r
+       for (int i = 0; i < iterations; i++) {\r
+                                               \r
+               WDT_HIT();\r
+\r
+               // Test if the action was cancelled\r
+               if(BUTTON_PRESS()) break;\r
+               \r
+               //              if(mifare_classic_halt(pcs, cuid)) {\r
+               //                      if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
+               //}\r
+\r
+               if(!iso14443a_select_card(uid, NULL, NULL)) {\r
+                       if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
+                       continue;\r
+               };\r
+\r
+               // Transmit MIFARE_CLASSIC_AUTH.\r
+               ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);\r
+\r
+               // Receive the (4 Byte) "random" nonce\r
+               if (!ReaderReceive(response, responsePar)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("Couldn't receive tag nonce");\r
+                       continue;\r
+               }       \r
+               \r
+               nonces[i*4] = bytes_to_num(response, 4);\r
+       }\r
+               \r
+       int packLen =  iterations * 4;\r
+       int packSize = 0;\r
+       int packNum = 0;\r
+       while (packLen > 0) {\r
+               packSize = MIN(USB_CMD_DATA_SIZE, packLen);\r
+               LED_B_ON();\r
+               cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);\r
+               LED_B_OFF();\r
+\r
+               packLen -= packSize;\r
+               packNum++;\r
+       }\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+       set_tracing(FALSE);\r
+}\r
+\r
+//\r
 // DESFIRE\r
 //\r
 \r
 // DESFIRE\r
 //\r
 \r
@@ -1203,28 +1322,25 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
 \r
        byte_t dataout[11] = {0x00};\r
        uint8_t uid[10] = {0x00};\r
 \r
        byte_t dataout[11] = {0x00};\r
        uint8_t uid[10] = {0x00};\r
-       uint32_t cuid;\r
+       uint32_t cuid = 0x00;\r
     \r
     \r
-       clear_trace();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       clear_trace();\r
 \r
        int len = iso14443a_select_card(uid, NULL, &cuid);\r
        if(!len) {\r
 \r
        int len = iso14443a_select_card(uid, NULL, &cuid);\r
        if(!len) {\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)        \r
-                       Dbprintf("Can't select card");\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
                OnError(1);\r
                return;\r
        };\r
 \r
        if(mifare_desfire_des_auth1(cuid, dataout)){\r
                OnError(1);\r
                return;\r
        };\r
 \r
        if(mifare_desfire_des_auth1(cuid, dataout)){\r
-               if (MF_DBGLEVEL >= MF_DBG_ERROR)        \r
-                       Dbprintf("Authentication part1: Fail.");\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");\r
                OnError(4);\r
                return;\r
        }\r
 \r
        if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");\r
                OnError(4);\r
                return;\r
        }\r
 \r
        if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");\r
-    \r
     cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));\r
 }\r
 \r
     cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));\r
 }\r
 \r
@@ -1232,24 +1348,22 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
 \r
        uint32_t cuid = arg0;\r
        uint8_t key[16] = {0x00};\r
 \r
        uint32_t cuid = arg0;\r
        uint8_t key[16] = {0x00};\r
-       byte_t isOK = 0;\r
        byte_t dataout[12] = {0x00};\r
        byte_t dataout[12] = {0x00};\r
+       byte_t isOK = 0;\r
     \r
        memcpy(key, datain, 16);\r
        \r
        isOK = mifare_desfire_des_auth2(cuid, key, dataout);\r
        \r
        if( isOK) {\r
     \r
        memcpy(key, datain, 16);\r
        \r
        isOK = mifare_desfire_des_auth2(cuid, key, dataout);\r
        \r
        if( isOK) {\r
-           if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
-                       Dbprintf("Authentication part2: Failed");  \r
+           if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");  \r
                OnError(4);\r
                return;\r
        }\r
 \r
                OnError(4);\r
                return;\r
        }\r
 \r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
-               DbpString("AUTH 2 FINISHED");\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");\r
 \r
        cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 \r
        cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-}\r
+}
\ No newline at end of file
Proxmark3 GIT tracking
Impressum, Datenschutz