]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifarecmd.c
MAJOR update, added hitag2 reader, emulation and eavesdropping, lots of new code...
[proxmark3-svn] / armsrc / mifarecmd.c
index fca4f69b6dac9bc5afb58a4c3c94ccb213ab8d7b..f18b75a08a37936484b15fe0a41542ba0b0d93b6 100644 (file)
@@ -1,5 +1,5 @@
 //-----------------------------------------------------------------------------\r
 //-----------------------------------------------------------------------------\r
-// Merlok - June 2011\r
+// Merlok - June 2011, 2012\r
 // Gerhard de Koning Gans - May 2008\r
 // Hagen Fritsch - June 2010\r
 //\r
 // Gerhard de Koning Gans - May 2008\r
 // Hagen Fritsch - June 2010\r
 //\r
@@ -35,7 +35,7 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        pcs = &mpcs;\r
 \r
        // clear trace\r
        pcs = &mpcs;\r
 \r
        // clear trace\r
-       iso14a_clear_tracelen();\r
+       iso14a_clear_trace();\r
 //     iso14a_set_tracing(false);\r
 \r
        iso14443a_setup();\r
 //     iso14a_set_tracing(false);\r
 \r
        iso14443a_setup();\r
@@ -115,7 +115,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        pcs = &mpcs;\r
 \r
        // clear trace\r
        pcs = &mpcs;\r
 \r
        // clear trace\r
-       iso14a_clear_tracelen();\r
+       iso14a_clear_trace();\r
 //     iso14a_set_tracing(false);\r
 \r
        iso14443a_setup();\r
 //     iso14a_set_tracing(false);\r
 \r
        iso14443a_setup();\r
@@ -213,7 +213,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        pcs = &mpcs;\r
 \r
        // clear trace\r
        pcs = &mpcs;\r
 \r
        // clear trace\r
-       iso14a_clear_tracelen();\r
+       iso14a_clear_trace();\r
 //  iso14a_set_tracing(false);\r
 \r
        iso14443a_setup();\r
 //  iso14a_set_tracing(false);\r
 \r
        iso14443a_setup();\r
@@ -298,7 +298,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
        uint8_t uid[8];\r
        uint32_t cuid, nt1, nt2, nttmp, nttest, par, ks1;\r
        uint8_t par_array[4];\r
        uint8_t uid[8];\r
        uint32_t cuid, nt1, nt2, nttmp, nttest, par, ks1;\r
        uint8_t par_array[4];\r
-       nestedVector nvector[NES_MAX_INFO + 1][10];\r
+       nestedVector nvector[NES_MAX_INFO + 1][11];\r
        int nvectorcount[NES_MAX_INFO + 1];\r
        int ncount = 0;\r
        UsbCommand ack = {CMD_ACK, {0, 0, 0}};\r
        int nvectorcount[NES_MAX_INFO + 1];\r
        int ncount = 0;\r
        UsbCommand ack = {CMD_ACK, {0, 0, 0}};\r
@@ -311,7 +311,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
        for (i = 0; i < NES_MAX_INFO + 1; i++) nvectorcount[i] = 11;  //  11 - empty block;\r
        \r
        // clear trace\r
        for (i = 0; i < NES_MAX_INFO + 1; i++) nvectorcount[i] = 11;  //  11 - empty block;\r
        \r
        // clear trace\r
-       iso14a_clear_tracelen();\r
+       iso14a_clear_trace();\r
   iso14a_set_tracing(false);\r
        \r
        iso14443a_setup();\r
   iso14a_set_tracing(false);\r
        \r
        iso14443a_setup();\r
@@ -417,8 +417,9 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
                }\r
                \r
                ncount = 0;\r
                }\r
                \r
                ncount = 0;\r
-               for (m = dmin - NS_TOLERANCE; m < dmax + NS_TOLERANCE; m++) {\r
-                       nttest = prng_successor(nt1, m);\r
+               nttest = prng_successor(nt1, dmin - NS_TOLERANCE);\r
+               for (m = dmin - NS_TOLERANCE + 1; m < dmax + NS_TOLERANCE; m++) {\r
+                       nttest = prng_successor(nttest, 1);\r
                        ks1 = nt2 ^ nttest;\r
 \r
                        if (valid_nonce(nttest, nt2, ks1, par_array) && (ncount < 11)){\r
                        ks1 = nt2 ^ nttest;\r
 \r
                        if (valid_nonce(nttest, nt2, ks1, par_array) && (ncount < 11)){\r
@@ -538,7 +539,7 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        MF_DBGLEVEL = MF_DBG_NONE;\r
        \r
        // clear trace\r
        MF_DBGLEVEL = MF_DBG_NONE;\r
        \r
        // clear trace\r
-       iso14a_clear_tracelen();\r
+       iso14a_clear_trace();\r
   iso14a_set_tracing(TRUE);\r
 \r
        iso14443a_setup();\r
   iso14a_set_tracing(TRUE);\r
 \r
        iso14443a_setup();\r
@@ -636,10 +637,11 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 \r
        // variables\r
        byte_t dataoutbuf[16];\r
 \r
        // variables\r
        byte_t dataoutbuf[16];\r
+       byte_t dataoutbuf2[16];\r
        uint8_t uid[8];\r
 \r
        // clear trace\r
        uint8_t uid[8];\r
 \r
        // clear trace\r
-       iso14a_clear_tracelen();\r
+       iso14a_clear_trace();\r
        iso14a_set_tracing(false);\r
        \r
        iso14443a_setup();\r
        iso14a_set_tracing(false);\r
        \r
        iso14443a_setup();\r
@@ -687,6 +689,15 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                                break;\r
                        };\r
                        emlSetMem(dataoutbuf, sectorNo * 4 + 2, 1);\r
                                break;\r
                        };\r
                        emlSetMem(dataoutbuf, sectorNo * 4 + 2, 1);\r
+\r
+                       // get block 3 bytes 6-9\r
+                       if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 3, dataoutbuf)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 3 error");\r
+                               break;\r
+                       };\r
+                       emlGetMem(dataoutbuf2, sectorNo * 4 + 3, 1);\r
+                       memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);\r
+                       emlSetMem(dataoutbuf2,  sectorNo * 4 + 3, 1);\r
                }\r
 \r
                if(mifare_classic_halt(pcs, cuid)) {\r
                }\r
 \r
                if(mifare_classic_halt(pcs, cuid)) {\r
@@ -699,14 +710,15 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 \r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
 \r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
+\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
        \r
        if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");\r
 \r
        // add trace trailer\r
        memset(uid, 0x44, 4);\r
        LogTrace(uid, 4, 0, 0, TRUE);\r
        \r
        if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");\r
 \r
        // add trace trailer\r
        memset(uid, 0x44, 4);\r
        LogTrace(uid, 4, 0, 0, TRUE);\r
-       \r
-       Dbprintf("Loaded.");\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
@@ -714,3 +726,233 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 // \r
 //-----------------------------------------------------------------------------\r
 \r
 // \r
 //-----------------------------------------------------------------------------\r
 \r
+\r
+//-----------------------------------------------------------------------------\r
+// Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)\r
+// \r
+//-----------------------------------------------------------------------------\r
+void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+  \r
+  // params\r
+       uint8_t needWipe = arg0;\r
+       // bit 0 - need get UID\r
+       // bit 1 - need wupC\r
+       // bit 2 - need HALT after sequence\r
+       // bit 3 - need init FPGA and field before sequence\r
+       // bit 4 - need reset FPGA and LED\r
+       uint8_t workFlags = arg1;\r
+       uint8_t blockNo = arg2;\r
+       \r
+       // card commands\r
+       uint8_t wupC1[]       = { 0x40 }; \r
+       uint8_t wupC2[]       = { 0x43 }; \r
+       uint8_t wipeC[]       = { 0x41 }; \r
+       \r
+       // variables\r
+       byte_t isOK = 0;\r
+       uint8_t uid[8];\r
+       uint8_t d_block[18];\r
+       uint32_t cuid;\r
+       \r
+       memset(uid, 0x00, 8);\r
+       uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+       \r
+       if (workFlags & 0x08) {\r
+               // clear trace\r
+               iso14a_clear_trace();\r
+               iso14a_set_tracing(TRUE);\r
+\r
+               iso14443a_setup();\r
+\r
+               LED_A_ON();\r
+               LED_B_OFF();\r
+               LED_C_OFF();\r
+       \r
+               SpinDelay(300);\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               SpinDelay(100);\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+       }\r
+\r
+       while (true) {\r
+               // get UID from chip\r
+               if (workFlags & 0x01) {\r
+                       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+                               break;\r
+                       };\r
+\r
+                       if(mifare_classic_halt(NULL, cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                               break;\r
+                       };\r
+               };\r
+       \r
+               // reset chip\r
+               if (needWipe){\r
+                       ReaderTransmitShort(wupC1);\r
+                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
+                               break;\r
+                       };\r
+\r
+                       ReaderTransmit(wipeC, sizeof(wipeC));\r
+                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("wipeC error");\r
+                               break;\r
+                       };\r
+\r
+                       if(mifare_classic_halt(NULL, cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                               break;\r
+                       };\r
+               };      \r
+\r
+               // write block\r
+               if (workFlags & 0x02) {\r
+                       ReaderTransmitShort(wupC1);\r
+                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
+                               break;\r
+                       };\r
+\r
+                       ReaderTransmit(wupC2, sizeof(wupC2));\r
+                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC2 error");\r
+                               break;\r
+                       };\r
+               }\r
+\r
+               if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("write block send command error");\r
+                       break;\r
+               };\r
+       \r
+               memcpy(d_block, datain, 16);\r
+               AppendCrc14443a(d_block, 16);\r
+       \r
+               ReaderTransmit(d_block, sizeof(d_block));\r
+               if ((ReaderReceive(receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("write block send data error");\r
+                       break;\r
+               };      \r
+       \r
+               if (workFlags & 0x04) {\r
+                       if (mifare_classic_halt(NULL, cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                               break;\r
+                       };\r
+               }\r
+               \r
+               isOK = 1;\r
+               break;\r
+       }\r
+       \r
+       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
+       if (isOK) memcpy(ack.d.asBytes, uid, 4);\r
+       \r
+       // add trace trailer\r
+       memset(uid, 0x44, 4);\r
+       LogTrace(uid, 4, 0, 0, TRUE);\r
+\r
+       LED_B_ON();\r
+       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+       LED_B_OFF();\r
+\r
+       if ((workFlags & 0x10) || (!isOK)) {\r
+               // Thats it...\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               LEDsoff();\r
+       }\r
+}\r
+\r
+void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+  \r
+  // params\r
+       // bit 1 - need wupC\r
+       // bit 2 - need HALT after sequence\r
+       // bit 3 - need init FPGA and field before sequence\r
+       // bit 4 - need reset FPGA and LED\r
+       uint8_t workFlags = arg0;\r
+       uint8_t blockNo = arg2;\r
+       \r
+       // card commands\r
+       uint8_t wupC1[]       = { 0x40 }; \r
+       uint8_t wupC2[]       = { 0x43 }; \r
+       \r
+       // variables\r
+       byte_t isOK = 0;\r
+       uint8_t data[18];\r
+       uint32_t cuid = 0;\r
+       \r
+       memset(data, 0x00, 18);\r
+       uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+       \r
+       if (workFlags & 0x08) {\r
+               // clear trace\r
+               iso14a_clear_trace();\r
+               iso14a_set_tracing(TRUE);\r
+\r
+               iso14443a_setup();\r
+\r
+               LED_A_ON();\r
+               LED_B_OFF();\r
+               LED_C_OFF();\r
+       \r
+               SpinDelay(300);\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               SpinDelay(100);\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+       }\r
+\r
+       while (true) {\r
+               if (workFlags & 0x02) {\r
+                       ReaderTransmitShort(wupC1);\r
+                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
+                               break;\r
+                       };\r
+\r
+                       ReaderTransmit(wupC2, sizeof(wupC2));\r
+                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC2 error");\r
+                               break;\r
+                       };\r
+               }\r
+\r
+               // read block\r
+               if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer) != 18)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("read block send command error");\r
+                       break;\r
+               };\r
+               memcpy(data, receivedAnswer, 18);\r
+               \r
+               if (workFlags & 0x04) {\r
+                       if (mifare_classic_halt(NULL, cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                               break;\r
+                       };\r
+               }\r
+               \r
+               isOK = 1;\r
+               break;\r
+       }\r
+       \r
+       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
+       if (isOK) memcpy(ack.d.asBytes, data, 18);\r
+       \r
+       // add trace trailer\r
+       memset(data, 0x44, 4);\r
+       LogTrace(data, 4, 0, 0, TRUE);\r
+\r
+       LED_B_ON();\r
+       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+       LED_B_OFF();\r
+\r
+       if ((workFlags & 0x10) || (!isOK)) {\r
+               // Thats it...\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               LEDsoff();\r
+       }\r
+}\r
+\r
Impressum, Datenschutz