]> cvs.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifarecmd.c
Fix memory bounds error
[proxmark3-svn] / armsrc / mifarecmd.c
index a3f0d374430ce9c9c7786f3853b76c7f017b5441..00fd638c4daf7743a0be32669426e77acec81923 100644 (file)
 #include "parity.h"\r
 #include "crc.h"\r
 \r
-#define AUTHENTICATION_TIMEOUT 848                     // card times out 1ms after wrong authentication (according to NXP documentation)\r
-#define PRE_AUTHENTICATION_LEADTIME 400                // some (non standard) cards need a pause after select before they are ready for first authentication\r
-\r
-\r
 // the block number for the ISO14443-4 PCB\r
 static uint8_t pcb_blocknum = 0;\r
 // Deselect card by sending a s-block. the crc is precalced for speed\r
@@ -961,24 +957,14 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
 // MIFARE check keys. key count up to 85.\r
 //\r
 //-----------------------------------------------------------------------------\r
-void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
+void MifareChkKeys(uint16_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
        uint8_t blockNo = arg0 & 0xff;\r
        uint8_t keyType = (arg0 >> 8) & 0xff;\r
-       bool clearTrace = arg1;\r
+       bool clearTrace = arg1 & 0x01;\r
+       bool multisectorCheck = arg1 & 0x02;\r
+       uint8_t set14aTimeout = (arg1 >> 8) & 0xff;\r
        uint8_t keyCount = arg2;\r
-       uint64_t ui64Key = 0;\r
-\r
-       bool have_uid = false;\r
-       uint8_t cascade_levels = 0;\r
-       uint32_t timeout = 0;\r
-       int i;\r
-       byte_t isOK = 0;\r
-       uint8_t uid[10];\r
-       uint32_t cuid;\r
-       struct Crypto1State mpcs = {0, 0};\r
-       struct Crypto1State *pcs;\r
-       pcs = &mpcs;\r
 \r
        // clear debug level\r
        int OLD_MF_DBGLEVEL = MF_DBGLEVEL;\r
@@ -992,53 +978,34 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        if (clearTrace) clear_trace();\r
        set_tracing(true);\r
 \r
-       for (i = 0; i < keyCount; i++) {\r
-//             if(mifare_classic_halt(pcs, cuid)) {\r
-//                     if (MF_DBGLEVEL >= 1)   Dbprintf("ChkKeys: Halt error");\r
-//             }\r
+       if (set14aTimeout){\r
+               iso14a_set_timeout(set14aTimeout * 10); // timeout: ms = x/106  35-minimum, 50-OK 106-recommended 500-safe\r
+       }\r
+       \r
+       if (multisectorCheck) {\r
+               TKeyIndex keyIndex = {{0}};\r
+               uint8_t sectorCnt = blockNo;\r
+               int res = MifareMultisectorChk(datain, keyCount, sectorCnt, keyType, OLD_MF_DBGLEVEL, &keyIndex);\r
 \r
-               // Iceman: use piwi's faster nonce collecting part in hardnested.\r
-               if (!have_uid) { // need a full select cycle to get the uid first\r
-                       iso14a_card_select_t card_info;\r
-                       if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) {\r
-                               if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("ChkKeys: Can't select card");\r
-                               --i; // try same key once again\r
-                               continue;\r
-                       }\r
-                       switch (card_info.uidlen) {\r
-                               case 4 : cascade_levels = 1; break;\r
-                               case 7 : cascade_levels = 2; break;\r
-                               case 10: cascade_levels = 3; break;\r
-                               default: break;\r
-                       }\r
-                       have_uid = true;\r
-               } else { // no need for anticollision. We can directly select the card\r
-                       if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels, true)) {\r
-                               if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("ChkKeys: Can't select card (UID)");\r
-                               --i; // try same key once again\r
-                               continue;\r
-                       }\r
+               LED_B_ON();\r
+               if (res >= 0) {\r
+                       cmd_send(CMD_ACK, 1, 0, 0, keyIndex, 80);\r
+               } else {\r
+                       cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
                }\r
-\r
-               ui64Key = bytes_to_num(datain + i * 6, 6);\r
-               if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
-                       uint8_t dummy_answer = 0;\r
-                       ReaderTransmit(&dummy_answer, 1, NULL);\r
-                       timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT;\r
-\r
-                       // wait for the card to become ready again\r
-                       while(GetCountSspClk() < timeout);\r
-                       continue;\r
+               LED_B_OFF();\r
+       } else {        \r
+               int res = MifareChkBlockKeys(datain, keyCount, blockNo, keyType, OLD_MF_DBGLEVEL);\r
+               \r
+               LED_B_ON();\r
+               if (res > 0) {\r
+                       cmd_send(CMD_ACK, 1, 0, 0, datain + (res - 1) * 6, 6);\r
+               } else {\r
+                       cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
                }\r
-\r
-               isOK = 1;\r
-               break;\r
+               LED_B_OFF();\r
        }\r
 \r
-       LED_B_ON();\r
-    cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
-       LED_B_OFF();\r
-\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 \r
@@ -1543,6 +1510,14 @@ void MifareCIdent(){
 \r
        uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
        uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
+       \r
+       LED_A_ON();\r
+       LED_B_OFF();\r
+       LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       clear_trace();\r
+       set_tracing(true);      \r
 \r
        ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
        if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == 0x0a)) {\r
@@ -1556,8 +1531,13 @@ void MifareCIdent(){
 \r
        // From iceman1001: removed the if,  since some magic tags misbehavies and send an answer to it.\r
        mifare_classic_halt(NULL, 0);\r
-\r
+       \r
+       LED_B_ON();\r
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+       LED_B_OFF();\r
+\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();      \r
 }\r
 \r
 //\r
Impressum, Datenschutz