// Hagen Fritsch - June 2010\r
// Midnitesnake - Dec 2013\r
// Andy Davies - Apr 2014\r
-// Iceman - May 2014\r
+// Iceman - May 2014,2015,2016\r
//\r
// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
// at your option, any later version. See the LICENSE.txt file for the text of\r
break;\r
}\r
\r
- // ----------------------------- crypto1 destroy\r
crypto1_destroy(pcs);\r
\r
if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");\r
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
}\r
\r
- // ----------------------------- crypto1 destroy\r
- crypto1_destroy(pcs);\r
- \r
if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");\r
\r
+ crypto1_destroy(pcs);\r
+\r
LED_B_ON();\r
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo));\r
LED_B_OFF();\r
\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
+ set_tracing(FALSE);\r
}\r
\r
// arg0 = blockNo (start)\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
BigBuf_free();\r
+ set_tracing(FALSE);\r
}\r
\r
//-----------------------------------------------------------------------------\r
cmd_send(CMD_ACK,isOK,0,0,0,0);\r
LED_B_OFF();\r
\r
-\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
+ set_tracing(FALSE);\r
}\r
\r
/* // Command not needed but left for future testing \r
cmd_send(CMD_ACK,1,0,0,0,0);\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
+ set_tracing(FALSE);\r
}\r
\r
void MifareUSetPwd(uint8_t arg0, uint8_t *datain){\r
cmd_send(CMD_ACK,1,0,0,0,0);\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
+ set_tracing(FALSE);\r
}\r
\r
// Return 1 if the nonce is invalid else return 0\r
// Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on \r
// Computer and Communications Security, 2015\r
//-----------------------------------------------------------------------------\r
+#define AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)\r
+#define PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication \r
+\r
void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain)\r
{\r
uint64_t ui64Key = 0;\r
bool slow = flags & 0x0002;\r
bool field_off = flags & 0x0004;\r
\r
- #define AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)\r
- #define PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication \r
- \r
LED_A_ON();\r
LED_C_OFF();\r
\r
memcpy(buf+i+8, &nt_par_enc, 1);\r
i += 9;\r
}\r
-\r
// wait for the card to become ready again\r
- while(GetCountSspClk() < timeout);\r
- \r
+ while(GetCountSspClk() < timeout); \r
}\r
\r
LED_C_OFF();\r
if (field_off) {\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
+ set_tracing(FALSE);\r
}\r
}\r
\r
\r
LED_C_OFF();\r
\r
- // ----------------------------- crypto1 destroy\r
crypto1_destroy(pcs);\r
\r
byte_t buf[4 + 4 * 4] = {0};\r
// MIFARE check keys. key count up to 85. \r
// \r
//-----------------------------------------------------------------------------\r
-void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
-{\r
- // params\r
+void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) {\r
uint8_t blockNo = arg0 & 0xff;\r
uint8_t keyType = (arg0 >> 8) & 0xff;\r
bool clearTrace = arg1;\r
uint8_t keyCount = arg2;\r
uint64_t ui64Key = 0;\r
\r
- // variables\r
+ bool have_uid = FALSE;\r
+ uint8_t cascade_levels = 0;\r
+ uint32_t timeout = 0;\r
+ \r
int i;\r
byte_t isOK = 0;\r
uint8_t uid[10] = {0x00};\r
\r
for (i = 0; i < keyCount; ++i) {\r
\r
- mifare_classic_halt(pcs, cuid);\r
- \r
- if (!iso14443a_select_card(uid, NULL, &cuid, true, 0))\r
- break;\r
+ //mifare_classic_halt(pcs, cuid);\r
\r
+ // this part is from Piwi's faster nonce collecting part in Hardnested.\r
+ if (!have_uid) { // need a full select cycle to get the uid first\r
+ iso14a_card_select_t card_info; \r
+ if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card (ALL)");\r
+ break;\r
+ }\r
+ switch (card_info.uidlen) {\r
+ case 4 : cascade_levels = 1; break;\r
+ case 7 : cascade_levels = 2; break;\r
+ case 10: cascade_levels = 3; break;\r
+ default: break;\r
+ }\r
+ have_uid = TRUE; \r
+ } else { // no need for anticollision. We can directly select the card\r
+ if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card (UID)");\r
+ continue;\r
+ }\r
+ }\r
+ \r
ui64Key = bytes_to_num(datain + i * 6, 6);\r
\r
- if (mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST))\r
+ if (mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
+\r
+ uint8_t dummy_answer = 0;\r
+ ReaderTransmit(&dummy_answer, 1, NULL);\r
+ timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT;\r
+ \r
+ // wait for the card to become ready again\r
+ while(GetCountSspClk() < timeout);\r
+ \r
continue;\r
- \r
+ }\r
isOK = 1;\r
break;\r
}\r
cmd_send(CMD_ACK,0,reason,0,0,0);\r
OnSuccessMagic();\r
}\r
-\r
-void MifareCollectNonces(uint32_t arg0, uint32_t arg1){\r
-}\r
-\r
//\r
// DESFIRE\r
//\r
-\r
void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){\r
-\r
byte_t dataout[12] = {0x00};\r
uint8_t uid[10] = {0x00};\r
uint32_t cuid = 0;\r
}\r
\r
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");\r
- cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));\r
+ cmd_send(CMD_ACK, 1, cuid, 0, dataout, sizeof(dataout));\r
}\r
\r
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){\r
-\r
uint32_t cuid = arg0;\r
uint8_t key[16] = {0x00};\r
byte_t dataout[12] = {0x00};\r
cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
+ set_tracing(FALSE);\r
}
\ No newline at end of file