+
+ // Sending timeslot of ISO14443a frame
+ sync_time = (sync_time & 0xfffffff8 ) + sync_cycles + catch_up_cycles;
+ catch_up_cycles = 0;
+
+ // if we missed the sync time already, advance to the next nonce repeat
+ while( GetCountSspClk() > sync_time) {
+ ++elapsed_prng_sequences;
+ sync_time = (sync_time & 0xfffffff8 ) + sync_cycles;
+ }
+
+ // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
+ ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
+
+ // Receive the (4 Byte) "random" nonce from TAG
+ if (!ReaderReceive(receivedAnswer, receivedAnswerPar))
+ continue;
+
+ previous_nt = nt;
+ nt = bytes_to_num(receivedAnswer, 4);
+
+ // Transmit reader nonce with fake par
+ ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);
+
+ // we didn't calibrate our clock yet,
+ // iceman: has to be calibrated every time.
+ if (previous_nt && !nt_attacked) {
+
+ nt_distance = dist_nt(previous_nt, nt);
+
+ // if no distance between, then we are in sync.
+ if (nt_distance == 0) {
+ nt_attacked = nt;
+ } else {
+ if (nt_distance == -99999) { // invalid nonce received
+ ++unexpected_random;
+ if (unexpected_random > MAX_UNEXPECTED_RANDOM) {
+ isOK = -3; // Card has an unpredictable PRNG. Give up
+ break;
+ } else {
+ if (sync_cycles <= 0) sync_cycles += PRNG_SEQUENCE_LENGTH;
+ LED_B_OFF();
+ continue; // continue trying...
+ }
+ }
+
+ if (++sync_tries > MAX_SYNC_TRIES) {
+ isOK = -4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly
+ break;
+ }
+
+ sync_cycles = (sync_cycles - nt_distance)/elapsed_prng_sequences;
+
+ if (sync_cycles <= 0)
+ sync_cycles += PRNG_SEQUENCE_LENGTH;
+
+ if (MF_DBGLEVEL >= 4)
+ Dbprintf("calibrating in cycle %d. nt_distance=%d, elapsed_prng_sequences=%d, new sync_cycles: %d\n", i, nt_distance, elapsed_prng_sequences, sync_cycles);
+
+ LED_B_OFF();
+ continue;
+ }
+ }
+ LED_B_OFF();
+
+ if ( (nt != nt_attacked) && nt_attacked) { // we somehow lost sync. Try to catch up again...
+
+ catch_up_cycles = ABS(dist_nt(nt_attacked, nt));
+ if (catch_up_cycles == 99999) { // invalid nonce received. Don't resync on that one.
+ catch_up_cycles = 0;
+ continue;
+ }
+ // average?
+ catch_up_cycles /= elapsed_prng_sequences;
+
+ if (catch_up_cycles == last_catch_up) {
+ ++consecutive_resyncs;
+ } else {
+ last_catch_up = catch_up_cycles;
+ consecutive_resyncs = 0;
+ }
+
+ if (consecutive_resyncs < 3) {
+ if (MF_DBGLEVEL >= 4)
+ Dbprintf("Lost sync in cycle %d. nt_distance=%d. Consecutive Resyncs = %d. Trying one time catch up...\n", i, catch_up_cycles, consecutive_resyncs);
+ } else {
+ sync_cycles += catch_up_cycles;
+
+ if (MF_DBGLEVEL >= 4)
+ Dbprintf("Lost sync in cycle %d for the fourth time consecutively (nt_distance = %d). Adjusting sync_cycles to %d.\n", i, catch_up_cycles, sync_cycles);
+
+ last_catch_up = 0;
+ catch_up_cycles = 0;
+ consecutive_resyncs = 0;
+ }
+ continue;
+ }
+
+ // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
+ if (ReaderReceive(receivedAnswer, receivedAnswerPar)) {
+ catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer
+
+ if (nt_diff == 0)
+ par_low = par[0] & 0xE0; // there is no need to check all parities for other nt_diff. Parity Bits for mf_nr_ar[0..2] won't change
+
+ par_list[nt_diff] = SwapBits(par[0], 8);
+ ks_list[nt_diff] = receivedAnswer[0] ^ 0x05; // xor with NACK value to get keystream
+
+ // Test if the information is complete
+ if (nt_diff == 0x07) {
+ isOK = 1;
+ break;
+ }
+
+ nt_diff = (nt_diff + 1) & 0x07;
+ mf_nr_ar[3] = (mf_nr_ar[3] & 0x1F) | (nt_diff << 5);
+ par[0] = par_low;
+
+ } else {
+ // No NACK.
+ if (nt_diff == 0 && first_try) {
+ par[0]++;
+ if (par[0] == 0x00) { // tried all 256 possible parities without success. Card doesn't send NACK.
+ isOK = -2;
+ break;
+ }
+ } else {
+ // Why this?
+ par[0] = ((par[0] & 0x1F) + 1) | par_low;
+ }
+ }
+
+ // reset the resyncs since we got a complete transaction on right time.
+ consecutive_resyncs = 0;
+ } // end for loop
+
+ mf_nr_ar[3] &= 0x1F;
+
+ if (MF_DBGLEVEL >= 4) Dbprintf("Number of sent auth requestes: %u", i);
+
+ uint8_t buf[28] = {0x00};
+ memset(buf, 0x00, sizeof(buf));
+ num_to_bytes(cuid, 4, buf);
+ num_to_bytes(nt, 4, buf + 4);
+ memcpy(buf + 8, par_list, 8);
+ memcpy(buf + 16, ks_list, 8);
+ memcpy(buf + 24, mf_nr_ar, 4);
+
+ cmd_send(CMD_ACK, isOK, 0, 0, buf, sizeof(buf) );
+
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LEDsoff();
+ set_tracing(FALSE);
+}
+
+
+/**
+ *MIFARE 1K simulate.
+ *
+ *@param flags :
+ * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK
+ * FLAG_4B_UID_IN_DATA - use 4-byte UID in the data-section
+ * FLAG_7B_UID_IN_DATA - use 7-byte UID in the data-section
+ * FLAG_10B_UID_IN_DATA - use 10-byte UID in the data-section
+ * FLAG_UID_IN_EMUL - use 4-byte UID from emulator memory
+ * FLAG_NR_AR_ATTACK - collect NR_AR responses for bruteforcing later
+ *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is inifite
+ */
+void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain) {
+ int cardSTATE = MFEMUL_NOFIELD;
+ int _UID_LEN = 0; // 4, 7, 10
+ int vHf = 0; // in mV
+ int res = 0;
+ uint32_t selTimer = 0;
+ uint32_t authTimer = 0;
+ uint16_t len = 0;
+ uint8_t cardWRBL = 0;
+ uint8_t cardAUTHSC = 0;
+ uint8_t cardAUTHKEY = 0xff; // no authentication
+ uint32_t cuid = 0;
+ uint32_t ans = 0;
+ uint32_t cardINTREG = 0;
+ uint8_t cardINTBLOCK = 0;
+ struct Crypto1State mpcs = {0, 0};
+ struct Crypto1State *pcs;
+ pcs = &mpcs;
+ uint32_t numReads = 0; // Counts numer of times reader read a block
+ uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};
+ uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE] = {0x00};
+ uint8_t response[MAX_MIFARE_FRAME_SIZE] = {0x00};
+ uint8_t response_par[MAX_MIFARE_PARITY_SIZE] = {0x00};
+
+ uint8_t atqa[] = {0x04, 0x00}; // Mifare classic 1k
+ uint8_t sak_4[] = {0x0C, 0x00, 0x00}; // CL1 - 4b uid
+ uint8_t sak_7[] = {0x0C, 0x00, 0x00}; // CL2 - 7b uid
+ uint8_t sak_10[] = {0x0C, 0x00, 0x00}; // CL3 - 10b uid
+ // uint8_t sak[] = {0x09, 0x3f, 0xcc }; // Mifare Mini
+
+ uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
+ uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
+ uint8_t rUIDBCC3[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
+
+ uint8_t rAUTH_NT[] = {0x01, 0x01, 0x01, 0x01}; // very random nonce
+ // uint8_t rAUTH_NT[] = {0x55, 0x41, 0x49, 0x92};// nonce from nested? why this?
+ uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
+
+ // Here, we collect CUID, NT, NR, AR, CUID2, NT2, NR2, AR2
+ // This can be used in a reader-only attack.
+ nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; // for 2 separate attack types (nml, moebius)
+ memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
+
+ uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2]; // for 2nd attack type (moebius)
+ memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
+ uint8_t nonce1_count = 0;
+ uint8_t nonce2_count = 0;
+ uint8_t moebius_n_count = 0;
+ bool gettingMoebius = false;
+ uint8_t mM = 0; // moebius_modifier for collection storage
+ bool doBufResetNext = false;
+
+ // Authenticate response - nonce
+ uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
+
+ // -- Determine the UID
+ // Can be set from emulator memory or incoming data
+ // Length: 4,7,or 10 bytes
+ if ( (flags & FLAG_UID_IN_EMUL) == FLAG_UID_IN_EMUL)
+ emlGetMemBt(datain, 0, 10); // load 10bytes from EMUL to the datain pointer. to be used below.
+
+ if ( (flags & FLAG_4B_UID_IN_DATA) == FLAG_4B_UID_IN_DATA) {
+ memcpy(rUIDBCC1, datain, 4);
+ _UID_LEN = 4;
+ } else if ( (flags & FLAG_7B_UID_IN_DATA) == FLAG_7B_UID_IN_DATA) {
+ memcpy(&rUIDBCC1[1], datain, 3);
+ memcpy( rUIDBCC2, datain+3, 4);
+ _UID_LEN = 7;
+ } else if ( (flags & FLAG_10B_UID_IN_DATA) == FLAG_10B_UID_IN_DATA) {
+ memcpy(&rUIDBCC1[1], datain, 3);
+ memcpy(&rUIDBCC2[1], datain+3, 3);
+ memcpy( rUIDBCC3, datain+6, 4);
+ _UID_LEN = 10;
+ }
+
+ switch (_UID_LEN) {
+ case 4:
+ sak_4[0] &= 0xFB;
+ // save CUID
+ cuid = bytes_to_num(rUIDBCC1, 4);
+ // BCC
+ rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
+ if (MF_DBGLEVEL >= 2) {
+ Dbprintf("4B UID: %02x%02x%02x%02x",
+ rUIDBCC1[0],
+ rUIDBCC1[1],
+ rUIDBCC1[2],
+ rUIDBCC1[3]
+ );
+ }
+ break;
+ case 7:
+ atqa[0] |= 0x40;
+ sak_7[0] &= 0xFB;
+ // save CUID
+ cuid = bytes_to_num(rUIDBCC2, 4);
+ // CascadeTag, CT
+ rUIDBCC1[0] = 0x88;
+ // BCC
+ rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
+ rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
+ if (MF_DBGLEVEL >= 2) {
+ Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x",
+ rUIDBCC1[1],
+ rUIDBCC1[2],
+ rUIDBCC1[3],
+ rUIDBCC2[0],
+ rUIDBCC2[1],
+ rUIDBCC2[2],
+ rUIDBCC2[3]
+ );
+ }
+ break;
+ case 10:
+ atqa[0] |= 0x80;
+ sak_10[0] &= 0xFB;
+ // save CUID
+ cuid = bytes_to_num(rUIDBCC3, 4);
+ // CascadeTag, CT
+ rUIDBCC1[0] = 0x88;
+ rUIDBCC2[0] = 0x88;
+ // BCC
+ rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
+ rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
+ rUIDBCC3[4] = rUIDBCC3[0] ^ rUIDBCC3[1] ^ rUIDBCC3[2] ^ rUIDBCC3[3];
+
+ if (MF_DBGLEVEL >= 2) {
+ Dbprintf("10B UID: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
+ rUIDBCC1[1],
+ rUIDBCC1[2],
+ rUIDBCC1[3],
+ rUIDBCC2[1],
+ rUIDBCC2[2],
+ rUIDBCC2[3],
+ rUIDBCC3[0],
+ rUIDBCC3[1],
+ rUIDBCC3[2],
+ rUIDBCC3[3]
+ );
+ }
+ break;
+ default:
+ break;
+ }
+ // calc some crcs
+ ComputeCrc14443(CRC_14443_A, sak_4, 1, &sak_4[1], &sak_4[2]);
+ ComputeCrc14443(CRC_14443_A, sak_7, 1, &sak_7[1], &sak_7[2]);
+ ComputeCrc14443(CRC_14443_A, sak_10, 1, &sak_10[1], &sak_10[2]);
+
+ // We need to listen to the high-frequency, peak-detected path.
+ iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
+
+ // free eventually allocated BigBuf memory but keep Emulator Memory
+ BigBuf_free_keep_EM();
+ clear_trace();
+ set_tracing(TRUE);
+
+ bool finished = FALSE;
+ while (!BUTTON_PRESS() && !finished && !usb_poll_validate_length()) {
+ WDT_HIT();
+
+ // find reader field
+ if (cardSTATE == MFEMUL_NOFIELD) {
+ vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
+ if (vHf > MF_MINFIELDV) {
+ cardSTATE_TO_IDLE();
+ LED_A_ON();
+ }
+ }
+ if (cardSTATE == MFEMUL_NOFIELD) continue;
+
+ // Now, get data
+ res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
+ if (res == 2) { //Field is off!
+ cardSTATE = MFEMUL_NOFIELD;
+ LEDsoff();
+ continue;
+ } else if (res == 1) {
+ break; // return value 1 means button press
+ }
+
+ // REQ or WUP request in ANY state and WUP in HALTED state
+ // this if-statement doesn't match the specification above. (iceman)
+ if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
+ selTimer = GetTickCount();
+ EmSendCmdEx(atqa, sizeof(atqa), (receivedCmd[0] == ISO14443A_CMD_WUPA));
+ cardSTATE = MFEMUL_SELECT1;
+ crypto1_destroy(pcs);
+ cardAUTHKEY = 0xff;
+ LEDsoff();
+ nonce++;
+ continue;
+ }
+
+ switch (cardSTATE) {
+ case MFEMUL_NOFIELD:
+ case MFEMUL_HALTED:
+ case MFEMUL_IDLE:{
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+ break;
+ }
+ case MFEMUL_SELECT1:{
+ if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x20)) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL received");
+ EmSendCmd(rUIDBCC1, sizeof(rUIDBCC1));
+ break;
+ }
+ // select card
+ if (len == 9 &&
+ ( receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT &&
+ receivedCmd[1] == 0x70 &&
+ memcmp(&receivedCmd[2], rUIDBCC1, 4) == 0)) {
+
+ // SAK 4b
+ EmSendCmd(sak_4, sizeof(sak_4));
+ switch(_UID_LEN){
+ case 4:
+ cardSTATE = MFEMUL_WORK;
+ LED_B_ON();
+ if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol1 time: %d", GetTickCount() - selTimer);
+ continue;
+ case 7:
+ case 10:
+ cardSTATE = MFEMUL_SELECT2;
+ continue;
+ default:break;
+ }
+ } else {
+ cardSTATE_TO_IDLE();
+ }
+ break;
+ }
+ case MFEMUL_SELECT2:{
+ if (!len) {
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+ break;
+ }
+ if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x20)) {
+ EmSendCmd(rUIDBCC2, sizeof(rUIDBCC2));
+ break;
+ }
+ if (len == 9 &&
+ (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 &&
+ receivedCmd[1] == 0x70 &&
+ memcmp(&receivedCmd[2], rUIDBCC2, 4) == 0) ) {
+
+ EmSendCmd(sak_7, sizeof(sak_7));
+ switch(_UID_LEN){
+ case 7:
+ cardSTATE = MFEMUL_WORK;
+ LED_B_ON();
+ if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol2 time: %d", GetTickCount() - selTimer);
+ continue;
+ case 10:
+ cardSTATE = MFEMUL_SELECT3;
+ continue;
+ default:break;
+ }
+ }
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ case MFEMUL_SELECT3:{
+ if (!len) {
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+ break;
+ }
+ if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && receivedCmd[1] == 0x20)) {
+ EmSendCmd(rUIDBCC3, sizeof(rUIDBCC3));
+ break;
+ }
+ if (len == 9 &&
+ (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 &&
+ receivedCmd[1] == 0x70 &&
+ memcmp(&receivedCmd[2], rUIDBCC3, 4) == 0) ) {
+
+ EmSendCmd(sak_10, sizeof(sak_10));
+ cardSTATE = MFEMUL_WORK;
+ LED_B_ON();
+ if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol3 time: %d", GetTickCount() - selTimer);
+ break;
+ }
+ cardSTATE_TO_IDLE();
+ break;
+ }
+ case MFEMUL_AUTH1:{
+ if( len != 8) {
+ cardSTATE_TO_IDLE();
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+ break;
+ }
+
+ uint32_t nr = bytes_to_num(receivedCmd, 4);
+ uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
+
+ if (doBufResetNext) {
+ // Reset, lets try again!
+ Dbprintf("Re-read after previous NR_AR_ATTACK, resetting buffer");
+ memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
+ memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
+ mM = 0;
+ doBufResetNext = false;
+ }
+
+ for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
+ if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) {
+
+ // if first auth for sector, or matches sector and keytype of previous auth
+ if (ar_nr_collected[i+mM] < 2) {
+ // if we haven't already collected 2 nonces for this sector
+ if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
+ // Avoid duplicates... probably not necessary, ar should vary.
+ if (ar_nr_collected[i+mM]==0) {
+ // first nonce collect
+ ar_nr_resp[i+mM].cuid = cuid;
+ ar_nr_resp[i+mM].sector = cardAUTHSC;
+ ar_nr_resp[i+mM].keytype = cardAUTHKEY;
+ ar_nr_resp[i+mM].nonce = nonce;
+ ar_nr_resp[i+mM].nr = nr;
+ ar_nr_resp[i+mM].ar = ar;
+ nonce1_count++;
+ // add this nonce to first moebius nonce
+ ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
+ ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
+ ar_nr_collected[i+ATTACK_KEY_COUNT]++;
+ } else { // second nonce collect (std and moebius)
+ ar_nr_resp[i+mM].nonce2 = nonce;
+ ar_nr_resp[i+mM].nr2 = nr;
+ ar_nr_resp[i+mM].ar2 = ar;
+ if (!gettingMoebius) {
+ nonce2_count++;
+ // check if this was the last second nonce we need for std attack
+ if ( nonce2_count == nonce1_count ) {
+ // done collecting std test switch to moebius
+ // first finish incrementing last sample
+ ar_nr_collected[i+mM]++;
+ // switch to moebius collection
+ gettingMoebius = true;
+ mM = ATTACK_KEY_COUNT;
+ break;
+ }
+ } else {
+ moebius_n_count++;
+ // if we've collected all the nonces we need - finish.
+
+ if (nonce1_count == moebius_n_count) {
+ cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp));
+ nonce1_count = 0;
+ nonce2_count = 0;
+ moebius_n_count = 0;
+ gettingMoebius = false;
+ doBufResetNext = true;
+ finished = ( ((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE));
+ }
+ }
+ }
+ ar_nr_collected[i+mM]++;
+ }
+ }
+ // we found right spot for this nonce stop looking
+ break;
+ }
+ }
+
+
+ /*
+ // Collect AR/NR
+ // if(ar_nr_collected < 2 && cardAUTHSC == 2){
+ if(ar_nr_collected < 2) {
+ // if(ar_nr_responses[2] != nr) {
+ ar_nr_responses[ar_nr_collected*4] = cuid;
+ ar_nr_responses[ar_nr_collected*4+1] = nonce;
+ ar_nr_responses[ar_nr_collected*4+2] = nr;
+ ar_nr_responses[ar_nr_collected*4+3] = ar;
+ ar_nr_collected++;
+ // }
+
+ // Interactive mode flag, means we need to send ACK
+ finished = ( ((flags & FLAG_INTERACTIVE) == FLAG_INTERACTIVE)&& ar_nr_collected == 2);
+ }
+
+ crypto1_word(pcs, ar , 1);
+ cardRr = nr ^ crypto1_word(pcs, 0, 0);
+
+ test if auth OK
+ if (cardRr != prng_successor(nonce, 64)){
+
+ if (MF_DBGLEVEL >= 4) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
+ cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
+ cardRr, prng_successor(nonce, 64));
+ Shouldn't we respond anything here?
+ Right now, we don't nack or anything, which causes the
+ reader to do a WUPA after a while. /Martin
+ -- which is the correct response. /piwi
+ cardSTATE_TO_IDLE();
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+ break;
+ }
+ */
+
+ ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
+ num_to_bytes(ans, 4, rAUTH_AT);
+ EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
+ LED_C_ON();
+
+ if (MF_DBGLEVEL >= 4) {
+ Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d",
+ cardAUTHSC,
+ cardAUTHKEY == 0 ? 'A' : 'B',
+ GetTickCount() - authTimer
+ );
+ }
+ cardSTATE = MFEMUL_WORK;
+ break;
+ }
+ case MFEMUL_WORK:{
+ if (len == 0) {
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+ break;
+ }
+ bool encrypted_data = (cardAUTHKEY != 0xFF) ;
+
+ if(encrypted_data)
+ mf_crypto1_decrypt(pcs, receivedCmd, len);
+
+ if (len == 4 && (receivedCmd[0] == MIFARE_AUTH_KEYA ||
+ receivedCmd[0] == MIFARE_AUTH_KEYB) ) {
+
+ authTimer = GetTickCount();
+ cardAUTHSC = receivedCmd[1] / 4; // received block num
+ cardAUTHKEY = receivedCmd[0] - 0x60; // & 1
+ crypto1_destroy(pcs);
+ crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
+
+ if (!encrypted_data) {
+ // first authentication
+ crypto1_word(pcs, cuid ^ nonce, 0);// Update crypto state
+ num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
+
+ if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
+
+ } else {
+ // nested authentication
+ ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
+ num_to_bytes(ans, 4, rAUTH_AT);
+
+ if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
+ }
+
+ EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
+ cardSTATE = MFEMUL_AUTH1;
+ break;
+ }
+
+ // rule 13 of 7.5.3. in ISO 14443-4. chaining shall be continued
+ // BUT... ACK --> NACK
+ if (len == 1 && receivedCmd[0] == CARD_ACK) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ break;
+ }
+
+ // rule 12 of 7.5.3. in ISO 14443-4. R(NAK) --> R(ACK)
+ if (len == 1 && receivedCmd[0] == CARD_NACK_NA) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
+ break;
+ }
+
+ if(len != 4) {
+ LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
+ break;
+ }
+
+ if ( receivedCmd[0] == ISO14443A_CMD_READBLOCK ||
+ receivedCmd[0] == ISO14443A_CMD_WRITEBLOCK ||
+ receivedCmd[0] == MIFARE_CMD_INC ||
+ receivedCmd[0] == MIFARE_CMD_DEC ||
+ receivedCmd[0] == MIFARE_CMD_RESTORE ||
+ receivedCmd[0] == MIFARE_CMD_TRANSFER ) {
+
+ if (receivedCmd[1] >= 16 * 4) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
+ break;
+ }
+
+ if (receivedCmd[1] / 4 != cardAUTHSC) {
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
+ if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd[0],receivedCmd[1],cardAUTHSC);
+ break;
+ }
+ }
+ // read block
+ if (receivedCmd[0] == ISO14443A_CMD_READBLOCK) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("Reader reading block %d (0x%02x)", receivedCmd[1], receivedCmd[1]);
+
+ emlGetMem(response, receivedCmd[1], 1);
+ AppendCrc14443a(response, 16);
+ mf_crypto1_encrypt(pcs, response, 18, response_par);
+ EmSendCmdPar(response, 18, response_par);
+ numReads++;
+ if(exitAfterNReads > 0 && numReads >= exitAfterNReads) {
+ Dbprintf("%d reads done, exiting", numReads);
+ finished = true;
+ }
+ break;
+ }
+ // write block
+ if (receivedCmd[0] == ISO14443A_CMD_WRITEBLOCK) {
+ if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0xA0 write block %d (%02x)", receivedCmd[1], receivedCmd[1]);
+ EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
+ cardSTATE = MFEMUL_WRITEBL2;
+ cardWRBL = receivedCmd[1];
+ break;
+ }
+ // increment, decrement, restore
+ if ( receivedCmd[0] == MIFARE_CMD_INC ||
+ receivedCmd[0] == MIFARE_CMD_DEC ||
+ receivedCmd[0] == MIFARE_CMD_RESTORE) {