X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/16cfceb68966bb3022dee37f4c3f4f1bace3f9c5..bdeac4021ae44ba5efa58c236ad48a0c1597ae06:/armsrc/iso14443a.c

diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index 7a08f999..76a76673 100644
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -1,4 +1,4 @@
- //-----------------------------------------------------------------------------
+  //-----------------------------------------------------------------------------
 // Merlok - June 2011, 2012
 // Gerhard de Koning Gans - May 2008
 // Hagen Fritsch - June 2010
@@ -759,7 +759,7 @@ static void Code4bitAnswerAsTag(uint8_t cmd) {
 // Stop when button is pressed
 // Or return TRUE when command is captured
 //-----------------------------------------------------------------------------
-static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) {
+int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) {
     // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
     // only, since we are receiving, not transmitting).
     // Signal field is off with the appropriate LED
@@ -918,7 +918,11 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
 				memcpy(data+3, emdata+4, 4); // uid bytes 3-7
 				flags |= FLAG_7B_UID_IN_DATA;
 			}
-		} break;		
+		} break;	
+		case 8: { // MIFARE Classic 4k
+			response1[0] = 0x02;
+			sak = 0x18;
+		} break;
 		default: {
 			Dbprintf("Error: unkown tagtype (%d)",tagType);
 			return;
@@ -1357,40 +1361,6 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) {
 	BigBuf_free_keep_EM();
 	LED_A_OFF();
 
-	/*	
-	if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) {
-
-		for ( uint8_t	i = 0; i < ATTACK_KEY_COUNT; i++) {
-			if (ar_nr_collected[i] == 2) {
-				Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
-				Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
-						ar_nr_resp[i].cuid,  //UID
-						ar_nr_resp[i].nonce, //NT
-						ar_nr_resp[i].nr,    //NR1
-						ar_nr_resp[i].ar,    //AR1
-						ar_nr_resp[i].nr2,   //NR2
-						ar_nr_resp[i].ar2    //AR2
-						);
-			}
-		}	
-
-		for ( uint8_t	i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
-			if (ar_nr_collected[i] == 2) {
-				Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
-				Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
-						ar_nr_resp[i].cuid,  //UID
-						ar_nr_resp[i].nonce, //NT
-						ar_nr_resp[i].nr,    //NR1
-						ar_nr_resp[i].ar,    //AR1
-						ar_nr_resp[i].nonce2,//NT2
-						ar_nr_resp[i].nr2,   //NR2
-						ar_nr_resp[i].ar2    //AR2
-						);
-			}
-		}
-	}
-	*/
-		
 	if (MF_DBGLEVEL >= 4){
 		Dbprintf("-[ Wake ups after halt  [%d]", happened);
 		Dbprintf("-[ Messages after halt  [%d]", happened2);
@@ -1563,7 +1533,7 @@ void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *p
 // Stop when button is pressed (return 1) or field was gone (return 2)
 // Or return 0 when command is captured
 //-----------------------------------------------------------------------------
-static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
+int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
 	*len = 0;
 
 	uint32_t timer = 0, vtime = 0;
@@ -2043,7 +2013,6 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
 	{
 		iso14_pcb_blocknum ^= 1;
 	}
-
 	return len;
 }
 
@@ -2788,34 +2757,37 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 					}
 				}
 
-				/*
-				// Interactive mode flag, means we need to send ACK
+				crypto1_word(pcs, nr , 1);
+				uint32_t cardRr = ar ^ crypto1_word(pcs, 0, 0);
 				
-				crypto1_word(pcs, ar , 1);
-				cardRr = nr ^ crypto1_word(pcs, 0, 0);
-				
-				test if auth OK
+				//test if auth OK
 				if (cardRr != prng_successor(nonce, 64)){
 					
-					if (MF_DBGLEVEL >= 4) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
-						cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
-							cardRr, prng_successor(nonce, 64));
-					Shouldn't we respond anything here?
-					Right now, we don't nack or anything, which causes the
-					reader to do a WUPA after a while. /Martin
-					-- which is the correct response. /piwi
+					if (MF_DBGLEVEL >= 3) {
+						Dbprintf("AUTH FAILED for sector %d with key %c. [nr=%08x  cardRr=%08x] [nt=%08x succ=%08x]"
+							, cardAUTHSC
+							, (cardAUTHKEY == 0) ? 'A' : 'B'
+							, nr
+							, cardRr
+							, nonce // nt
+							, prng_successor(nonce, 64)
+						);
+					}
+					// Shouldn't we respond anything here?
+					// Right now, we don't nack or anything, which causes the
+					// reader to do a WUPA after a while. /Martin
+					// -- which is the correct response. /piwi
 					cardSTATE_TO_IDLE();
 					LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
 					break;
 				}
-				*/
 				
 				ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
 				num_to_bytes(ans, 4, rAUTH_AT);
 				EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
 				LED_C_ON();
 				
-				if (MF_DBGLEVEL >= 4) {
+				if (MF_DBGLEVEL >= 1) {
 					Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d", 
 						cardAUTHSC, 
 						cardAUTHKEY == 0 ? 'A' : 'B',
@@ -2839,24 +2811,24 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
 				                 receivedCmd[0] == MIFARE_AUTH_KEYB)  ) {
 
 					authTimer = GetTickCount();
-					cardAUTHSC = receivedCmd[1] / 4;  // received block num
-					cardAUTHKEY = receivedCmd[0] - 0x60; // & 1
+					cardAUTHSC = receivedCmd[1] / 4;  // received block -> sector
+					cardAUTHKEY = receivedCmd[0] & 0x1;
 					crypto1_destroy(pcs);
+					
+					// load key into crypto
 					crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
 
-					if (!encrypted_data) { 
+					if (!encrypted_data) {
 						// first authentication
-						crypto1_word(pcs, cuid ^ nonce, 0);// Update crypto state
-						num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
-						
-						if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY  );
-
+						// Update crypto state init  (UID ^ NONCE)
+						crypto1_word(pcs, cuid ^ nonce, 0);
+						num_to_bytes(nonce, 4, rAUTH_AT);
 					} else {
 						// nested authentication
 						ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0); 
 						num_to_bytes(ans, 4, rAUTH_AT);
 
-						if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
+						if (MF_DBGLEVEL >= 3) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %c", receivedCmd[1], receivedCmd[1], 	cardAUTHKEY == 0 ? 'A' : 'B');
 					}
 
 					EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));