cvs.zerfleddert.de Git - proxmark3-svn/blobdiff

index b1d3690f768968ef390d0e77aabbaa670194331f..2722ccb2ef04b62c41a3945a1a0be1d390f396ed 100644 (file)

--- a/armsrc/iso14443a.c

+++ b/armsrc/iso14443a.c

@@ -144,7 +144,6 @@ const uint8_t OddByteParity[256] = {

1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1

};

1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1

};

void iso14a_set_trigger(bool enable) {

trigger = enable;

}

void iso14a_set_trigger(bool enable) {

trigger = enable;

}

@@ -310,6 +309,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)

Uart.twoBits = (Uart.twoBits << 8) | bit;

if (Uart.state == STATE_UNSYNCD) { // not yet synced

Uart.twoBits = (Uart.twoBits << 8) | bit;

if (Uart.state == STATE_UNSYNCD) { // not yet synced

if (Uart.highCnt < 7) { // wait for a stable unmodulated signal

if (Uart.twoBits == 0xffff) {

Uart.highCnt++;

if (Uart.highCnt < 7) { // wait for a stable unmodulated signal

if (Uart.twoBits == 0xffff) {

Uart.highCnt++;

@@ -395,7 +395,11 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)

} else if (Uart.len & 0x0007) { // there are some parity bits to store

Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align remaining parity bits

Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store them

} else if (Uart.len & 0x0007) { // there are some parity bits to store

Uart.parityBits <<= (8 - (Uart.len&0x0007)); // left align remaining parity bits

Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store them

+ }

+ if (Uart.len) {

return TRUE; // we are finished with decoding the raw data sequence

+ } else {

+ UartReset(); // Nothing receiver - start over

}

if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC

}

if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC

@@ -469,7 +473,6 @@ void DemodReset()

Demod.endTime = 0;

}

Demod.endTime = 0;

}

void DemodInit(uint8_t *data, uint8_t *parity)

{

Demod.output = data;

void DemodInit(uint8_t *data, uint8_t *parity)

{

Demod.output = data;

@@ -558,6 +561,8 @@ static RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non

} else if (Demod.len & 0x0007) { // there are some parity bits to store

Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits

Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them

} else if (Demod.len & 0x0007) { // there are some parity bits to store

Demod.parityBits <<= (8 - (Demod.len&0x0007)); // left align remaining parity bits

Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them

+ }

+ if (Demod.len) {

return TRUE; // we are finished with decoding the raw data sequence

} else { // nothing received. Start over

DemodReset();

return TRUE; // we are finished with decoding the raw data sequence

} else { // nothing received. Start over

DemodReset();

@@ -757,7 +762,6 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par

// Send startbit

ToSend[++ToSendMax] = SEC_D;

// Send startbit

ToSend[++ToSendMax] = SEC_D;

LastProxToAirDuration = 8 * ToSendMax - 4;

for(uint16_t i = 0; i < len; i++) {

LastProxToAirDuration = 8 * ToSendMax - 4;

for(uint16_t i = 0; i < len; i++) {

@@ -984,6 +988,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)

response1[1] = 0x00;

sak = 0x28;

} break;

response1[1] = 0x00;

sak = 0x28;

} break;

+ case 5: { // MIFARE TNP3XXX

+ // Says: I am a toy

+ response1[0] = 0x01;

+ response1[1] = 0x0f;

+ sak = 0x01;

+ } break;

default: {

Dbprintf("Error: unkown tagtype (%d)",tagType);

return;

default: {

Dbprintf("Error: unkown tagtype (%d)",tagType);

return;

@@ -991,10 +1001,11 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)

}

// The second response contains the (mandatory) first 24 bits of the UID

}

// The second response contains the (mandatory) first 24 bits of the UID

- uint8_t response2[5];

+ uint8_t response2[5] = {0x00};

// Check if the uid uses the (optional) part

- uint8_t response2a[5];

+ uint8_t response2a[5] = {0x00};

if (uid_2nd) {

response2[0] = 0x88;

num_to_bytes(uid_1st,3,response2+1);

if (uid_2nd) {

response2[0] = 0x88;

num_to_bytes(uid_1st,3,response2+1);

@@ -1015,12 +1026,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)

response2[4] = response2[0] ^ response2[1] ^ response2[2] ^ response2[3];

// Prepare the mandatory SAK (for 4 and 7 byte UID)

response2[4] = response2[0] ^ response2[1] ^ response2[2] ^ response2[3];

// Prepare the mandatory SAK (for 4 and 7 byte UID)

- uint8_t response3[3];

+ uint8_t response3[3] = {0x00};

response3[0] = sak;

ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]);

// Prepare the optional second SAK (for 7 byte UID), drop the cascade bit

response3[0] = sak;

ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]);

// Prepare the optional second SAK (for 7 byte UID), drop the cascade bit

- uint8_t response3a[3];

+ uint8_t response3a[3] = {0x00};

response3a[0] = sak & 0xFB;

ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);

response3a[0] = sak & 0xFB;

ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);

@@ -1117,7 +1128,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)

// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below

p_response = NULL;

} else if(receivedCmd[0] == 0x50) { // Received a HALT

// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below

p_response = NULL;

} else if(receivedCmd[0] == 0x50) { // Received a HALT

-// DbpString("Reader requested we HALT!:");

if (tracing) {

LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);

}

if (tracing) {

LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);

}

@@ -1222,6 +1233,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)

// do the tracing for the previous reader request and this tag answer:

uint8_t par[MAX_PARITY_SIZE];

GetParity(p_response->response, p_response->response_n, par);

// do the tracing for the previous reader request and this tag answer:

uint8_t par[MAX_PARITY_SIZE];

GetParity(p_response->response, p_response->response_n, par);

EmLogTrace(Uart.output,

Uart.len,

Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,

EmLogTrace(Uart.output,

Uart.len,

Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,

@@ -1302,13 +1314,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing

// clear TXRDY

AT91C_BASE_SSC->SSC_THR = SEC_Y;

// clear TXRDY

AT91C_BASE_SSC->SSC_THR = SEC_Y;

- // for(uint16_t c = 0; c < 10;) { // standard delay for each transfer (allow tag to be ready after last transmission)

- // if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

- // AT91C_BASE_SSC->SSC_THR = SEC_Y;

- // c++;

- // }

uint16_t c = 0;

for(;;) {

if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

uint16_t c = 0;

for(;;) {

if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

@@ -1321,7 +1326,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing

}

NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);

}

NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);

}

@@ -1631,7 +1635,7 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start

//-----------------------------------------------------------------------------

static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset)

{

//-----------------------------------------------------------------------------

static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset)

{

- uint16_t c;

+ uint32_t c;

// Set FPGA mode to "reader listen mode", no modulation (listen

// only, since we are receiving, not transmitting).

// Set FPGA mode to "reader listen mode", no modulation (listen

// only, since we are receiving, not transmitting).

@@ -1663,7 +1667,6 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive

void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)

{

void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)

{

CodeIso14443aBitsAsReaderPar(frame, bits, par);

// Send command to tag

CodeIso14443aBitsAsReaderPar(frame, bits, par);

// Send command to tag

@@ -1738,7 +1741,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u

// Receive the ATQA

if(!ReaderReceive(resp, resp_par)) return 0;

// Receive the ATQA

if(!ReaderReceive(resp, resp_par)) return 0;

- //Dbprintf("atqa: %02x %02x",resp[1],resp[0]);

if(p_hi14a_card) {

memcpy(p_hi14a_card->atqa, resp, 2);

if(p_hi14a_card) {

memcpy(p_hi14a_card->atqa, resp, 2);

@@ -1771,7 +1773,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u

Dbprintf("Multiple tags detected. Collision after Bit %d", Demod.collisionPos);

for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point

uint16_t UIDbit = (resp[i/8] >> (i % 8)) & 0x01;

Dbprintf("Multiple tags detected. Collision after Bit %d", Demod.collisionPos);

for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point

uint16_t UIDbit = (resp[i/8] >> (i % 8)) & 0x01;

- uid_resp[uid_resp_bits & 0xf8] |= UIDbit << (uid_resp_bits % 8);

+ uid_resp[uid_resp_bits / 8] |= UIDbit << (uid_resp_bits % 8);

}

uid_resp[uid_resp_bits/8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position

uid_resp_bits++;

}

uid_resp[uid_resp_bits/8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position

uid_resp_bits++;

@@ -1794,7 +1796,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u

memcpy(uid_resp, resp, 4);

}

uid_resp_len = 4;

memcpy(uid_resp, resp, 4);

}

uid_resp_len = 4;

- //Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);

// calculate crypto UID. Always use last 4 Bytes.

if(cuid_ptr) {

// calculate crypto UID. Always use last 4 Bytes.

if(cuid_ptr) {

@@ -1812,15 +1813,10 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u

if (!ReaderReceive(resp, resp_par)) return 0;

sak = resp[0];

if (!ReaderReceive(resp, resp_par)) return 0;

sak = resp[0];

- // Test if more parts of the uid are comming

+ // Test if more parts of the uid are coming

if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {

// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:

// http://www.nxp.com/documents/application_note/AN10927.pdf

if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {

// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:

// http://www.nxp.com/documents/application_note/AN10927.pdf

- // This was earlier:

- //memcpy(uid_resp, uid_resp + 1, 3);

- // But memcpy should not be used for overlapping arrays,

- // and memmove appears to not be available in the arm build.

- // Therefore:

uid_resp[0] = uid_resp[1];

uid_resp[1] = uid_resp[2];

uid_resp[2] = uid_resp[3];

uid_resp[0] = uid_resp[1];

uid_resp[1] = uid_resp[2];

uid_resp[2] = uid_resp[3];

@@ -1843,9 +1839,8 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u

p_hi14a_card->ats_len = 0;

}

p_hi14a_card->ats_len = 0;

}

- if( (sak & 0x20) == 0) {

- return 2; // non iso14443a compliant tag

- }

+ // non iso14443a compliant tag

+ if( (sak & 0x20) == 0) return 2;

// Request for answer to select

AppendCrc14443a(rats, 2);

// Request for answer to select

AppendCrc14443a(rats, 2);

@@ -1853,6 +1848,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u

if (!(len = ReaderReceive(resp, resp_par))) return 0;

if(p_hi14a_card) {

memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));

p_hi14a_card->ats_len = len;

if(p_hi14a_card) {

memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));

p_hi14a_card->ats_len = len;

@@ -1860,7 +1856,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u

// reset the PCB block number

iso14_pcb_blocknum = 0;

// reset the PCB block number

iso14_pcb_blocknum = 0;

return 1;

}

return 1;

}

@@ -1951,7 +1946,7 @@ void ReaderIso14443a(UsbCommand *c)

}

if(param & ISO14A_SET_TIMEOUT) {

}

if(param & ISO14A_SET_TIMEOUT) {

- iso14a_timeout = c->arg[2];

+ iso14a_set_timeout(c->arg[2]);

}

if(param & ISO14A_APDU) {

}

if(param & ISO14A_APDU) {

@@ -2041,8 +2036,8 @@ void ReaderMifare(bool first_try)

uint32_t nt = 0;

uint32_t previous_nt = 0;

static uint32_t nt_attacked = 0;

uint32_t nt = 0;

uint32_t previous_nt = 0;

static uint32_t nt_attacked = 0;

- byte_t par_list[8] = {0,0,0,0,0,0,0,0};

- byte_t ks_list[8] = {0,0,0,0,0,0,0,0};

+ byte_t par_list[8] = {0x00};

+ byte_t ks_list[8] = {0x00};

static uint32_t sync_time;

static uint32_t sync_cycles;

static uint32_t sync_time;

static uint32_t sync_cycles;

@@ -2051,8 +2046,6 @@ void ReaderMifare(bool first_try)

uint16_t consecutive_resyncs = 0;

int isOK = 0;

uint16_t consecutive_resyncs = 0;

int isOK = 0;

if (first_try) {

mf_nr_ar3 = 0;

iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);

if (first_try) {

mf_nr_ar3 = 0;

iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);