-#define MODE_SIM_CSN 0
-#define MODE_EXIT_AFTER_MAC 1
-#define MODE_FULLSIM 2
-
-int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf);
-/**
- * @brief SimulateIClass simulates an iClass card.
- * @param arg0 type of simulation
- * - 0 uses the first 8 bytes in usb data as CSN
- * - 2 "dismantling iclass"-attack. This mode iterates through all CSN's specified
- * in the usb data. This mode collects MAC from the reader, in order to do an offline
- * attack on the keys. For more info, see "dismantling iclass" and proxclone.com.
- * - Other : Uses the default CSN (031fec8af7ff12e0)
- * @param arg1 - number of CSN's contained in datain (applicable for mode 2 only)
- * @param arg2
- * @param datain
- */
-void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
-{
- uint32_t simType = arg0;
- uint32_t numberOfCSNS = arg1;
- FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
-
- // Enable and clear the trace
- set_tracing(true);
- clear_trace();
- //Use the emulator memory for SIM
- uint8_t *emulator = BigBuf_get_EM_addr();
-
- if(simType == 0) {
- // Use the CSN from commandline
- memcpy(emulator, datain, 8);
- doIClassSimulation(MODE_SIM_CSN,NULL);
- }else if(simType == 1)
- {
- //Default CSN
- uint8_t csn_crc[] = { 0x03, 0x1f, 0xec, 0x8a, 0xf7, 0xff, 0x12, 0xe0, 0x00, 0x00 };
- // Use the CSN from commandline
- memcpy(emulator, csn_crc, 8);
- doIClassSimulation(MODE_SIM_CSN,NULL);
- }
- else if(simType == 2)
- {
-
- uint8_t mac_responses[USB_CMD_DATA_SIZE] = { 0 };
- Dbprintf("Going into attack mode, %d CSNS sent", numberOfCSNS);
- // In this mode, a number of csns are within datain. We'll simulate each one, one at a time
- // in order to collect MAC's from the reader. This can later be used in an offlne-attack
- // in order to obtain the keys, as in the "dismantling iclass"-paper.
- int i = 0;
- for( ; i < numberOfCSNS && i*8+8 < USB_CMD_DATA_SIZE; i++)
- {
- // The usb data is 512 bytes, fitting 65 8-byte CSNs in there.