X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/117d9ec25c7cbc88555a6a990293ca95a544b915..b67f7ec359806293a6da14208bad56b842dedb60:/armsrc/hitag2.c diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 68916748..4b173d6f 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -21,41 +21,16 @@ #include "util.h" #include "hitag2.h" #include "string.h" +#include "BigBuf.h" static bool bQuiet; -bool bCrypto; -bool bAuthenticating; -bool bPwd; -bool bSuccessful; +static bool bCrypto; +static bool bAuthenticating; +static bool bPwd; +static bool bSuccessful; -int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader) -{ - static uint16_t traceLen = 0; - uint8_t *trace = BigBuf_get_addr(); - - // Return when trace is full - if (traceLen >= TRACE_SIZE) return FALSE; - - // Trace the random, i'm curious - rsamples += iSamples; - trace[traceLen++] = ((rsamples >> 0) & 0xff); - trace[traceLen++] = ((rsamples >> 8) & 0xff); - trace[traceLen++] = ((rsamples >> 16) & 0xff); - trace[traceLen++] = ((rsamples >> 24) & 0xff); - if (!bReader) { - trace[traceLen - 1] |= 0x80; - } - trace[traceLen++] = ((dwParity >> 0) & 0xff); - trace[traceLen++] = ((dwParity >> 8) & 0xff); - trace[traceLen++] = ((dwParity >> 16) & 0xff); - trace[traceLen++] = ((dwParity >> 24) & 0xff); - trace[traceLen++] = iBits; - memcpy(trace + traceLen, btBytes, nbytes(iBits)); - traceLen += nbytes(iBits); - return TRUE; -} struct hitag2_tag { uint32_t uid; @@ -89,20 +64,17 @@ static struct hitag2_tag tag = { }, }; -//#define TRACE_LENGTH 3000 -//uint8_t *trace = (uint8_t *) BigBuf; -//int traceLen = 0; -//int rsamples = 0; - -#define AUTH_TABLE_OFFSET FREE_BUFFER_OFFSET -#define AUTH_TABLE_LENGTH FREE_BUFFER_SIZE -size_t auth_table_pos = 0; -size_t auth_table_len = AUTH_TABLE_LENGTH; +// ToDo: define a meaningful maximum size for auth_table. The bigger this is, the lower will be the available memory for traces. +// Historically it used to be FREE_BUFFER_SIZE, which was 2744. +#define AUTH_TABLE_LENGTH 2744 +static byte_t* auth_table; +static size_t auth_table_pos = 0; +static size_t auth_table_len = AUTH_TABLE_LENGTH; -byte_t password[4]; -byte_t NrAr[8]; -byte_t key[8]; -uint64_t cipher_state; +static byte_t password[4]; +static byte_t NrAr[8]; +static byte_t key[8]; +static uint64_t cipher_state; /* Following is a modified version of cryptolib.com/ciphers/hitag2/ */ // Software optimized 48-bit Philips/NXP Mifare Hitag2 PCF7936/46/47/52 stream cipher algorithm by I.C. Wiener 2006-2007. @@ -180,14 +152,14 @@ static u32 _hitag2_byte (u64 * x) return c; } -int hitag2_reset(void) +static int hitag2_reset(void) { tag.state = TAG_STATE_RESET; tag.crypto_active = 0; return 0; } -int hitag2_init(void) +static int hitag2_init(void) { // memcpy(&tag, &resetdata, sizeof(tag)); hitag2_reset(); @@ -303,10 +275,9 @@ static void hitag_send_frame(const byte_t* frame, size_t frame_len) LOW(GPIO_SSC_DOUT); } -void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) + +static void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { - byte_t* auth_table; - auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; byte_t rx_air[HITAG_FRAME_LEN]; // Copy the (original) received frame how it is send over the air @@ -462,6 +433,7 @@ static void hitag_reader_send_bit(int bit) { LED_A_OFF(); } + static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) { // Send the content of the frame @@ -480,7 +452,7 @@ static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) size_t blocknr; -bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { +static bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { // Reset the transmission frame length *txlen = 0; @@ -535,7 +507,7 @@ bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) return true; } -bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { +static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { // Reset the transmission frame length *txlen = 0; @@ -628,7 +600,7 @@ bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { } -bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { +static bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { // Reset the transmission frame length *txlen = 0; @@ -668,10 +640,8 @@ bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txl return true; } -bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { - byte_t* auth_table; - auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; +static bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { // Reset the transmission frame length *txlen = 0; @@ -684,17 +654,17 @@ bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_ if (bCrypto) { Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed, removed entry!",NrAr[0],NrAr[1],NrAr[2],NrAr[3],NrAr[4],NrAr[5],NrAr[6],NrAr[7]); - // Removing failed entry from authentiations table - memcpy(auth_table+auth_table_pos,auth_table+auth_table_pos+8,8); - auth_table_len -= 8; + // Removing failed entry from authentiations table + memcpy(auth_table+auth_table_pos,auth_table+auth_table_pos+8,8); + auth_table_len -= 8; - // Return if we reached the end of the authentiactions table + // Return if we reached the end of the authentications table bCrypto = false; if (auth_table_pos == auth_table_len) { return false; } - - // Copy the next authentication attempt in row (at the same position, b/c we removed last failed entry) + + // Copy the next authentication attempt in row (at the same position, b/c we removed last failed entry) memcpy(NrAr,auth_table+auth_table_pos,8); } *txlen = 5; @@ -727,6 +697,7 @@ bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_ return true; } + void SnoopHitag(uint32_t type) { int frame_count; int response; @@ -739,15 +710,15 @@ void SnoopHitag(uint32_t type) { byte_t rx[HITAG_FRAME_LEN]; size_t rxlen=0; - // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); - auth_table_len = 0; auth_table_pos = 0; - byte_t* auth_table; - auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; + BigBuf_free(); + auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH); memset(auth_table, 0x00, AUTH_TABLE_LENGTH); + + // Clean up trace and prepare it for storing frames + set_tracing(TRUE); + clear_trace(); DbpString("Starting Hitag2 snoop"); LED_D_ON(); @@ -771,7 +742,7 @@ void SnoopHitag(uint32_t type) { AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - // Disable timer during configuration + // Disable timer during configuration AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, @@ -951,15 +922,17 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { bool bQuitTraceFull = false; bQuiet = false; - // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); auth_table_len = 0; auth_table_pos = 0; byte_t* auth_table; - auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; + BigBuf_free(); + auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH); memset(auth_table, 0x00, AUTH_TABLE_LENGTH); + // Clean up trace and prepare it for storing frames + set_tracing(TRUE); + clear_trace(); + DbpString("Starting Hitag2 simulation"); LED_D_ON(); hitag2_init(); @@ -1139,22 +1112,20 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { bool bStop; bool bQuitTraceFull = false; - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - // Reset the return status - bSuccessful = false; + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + // Reset the return status + bSuccessful = false; // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); - byte_t* auth_table; - auth_table = (byte_t *)BigBuf_get_addr() + AUTH_TABLE_OFFSET; + set_tracing(TRUE); + clear_trace(); DbpString("Starting Hitag reader family"); // Check configuration switch(htf) { case RHT2F_PASSWORD: { - Dbprintf("List identifier in password mode"); + Dbprintf("List identifier in password mode"); memcpy(password,htd->pwd.password,4); blocknr = 0; bQuitTraceFull = false; @@ -1168,7 +1139,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { Dbhexdump(8,NrAr,false); bQuiet = false; bCrypto = false; - bAuthenticating = false; + bAuthenticating = false; bQuitTraceFull = true; } break; @@ -1176,17 +1147,17 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { DbpString("Authenticating using key:"); memcpy(key,htd->crypto.key,4); //HACK; 4 or 6?? I read both in the code. Dbhexdump(6,key,false); - blocknr = 0; + blocknr = 0; bQuiet = false; bCrypto = false; - bAuthenticating = false; + bAuthenticating = false; bQuitTraceFull = true; } break; case RHT2F_TEST_AUTH_ATTEMPTS: { Dbprintf("Testing %d authentication attempts",(auth_table_len/8)); auth_table_pos = 0; - memcpy(NrAr,auth_table,8); + memcpy(NrAr, auth_table, 8); bQuitTraceFull = false; bQuiet = false; bCrypto = false;