X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/902cb3c00b49535f0de9a3b6d5ba0c54260ccac1..84ca27b33a1e667fb21d789f3c2c3a12d68b256e:/armsrc/mifaresniff.c?ds=sidebyside diff --git a/armsrc/mifaresniff.c b/armsrc/mifaresniff.c index 45878000..7f94b0fe 100644 --- a/armsrc/mifaresniff.c +++ b/armsrc/mifaresniff.c @@ -10,110 +10,112 @@ #include "mifaresniff.h" #include "apps.h" +#include "proxmark3.h" +#include "util.h" +#include "string.h" +#include "iso14443crc.h" +#include "iso14443a.h" +#include "crapto1/crapto1.h" +#include "mifareutil.h" +#include "common.h" + static int sniffState = SNF_INIT; static uint8_t sniffUIDType; -static uint8_t sniffUID[8]; -static uint8_t sniffATQA[2]; +static uint8_t sniffUID[8] = {0x00}; +static uint8_t sniffATQA[2] = {0x00}; static uint8_t sniffSAK; -static uint8_t sniffBuf[16]; -static int timerData = 0; +static uint8_t sniffBuf[16] = {0x00}; +static uint32_t timerData = 0; -int MfSniffInit(void){ - rsamples = 0; +bool MfSniffInit(void){ memset(sniffUID, 0x00, 8); memset(sniffATQA, 0x00, 2); sniffSAK = 0; sniffUIDType = SNF_UID_4; - return 0; + return FALSE; } -int MfSniffEnd(void){ - UsbCommand ack = {CMD_ACK, {0, 0, 0}}; - +bool MfSniffEnd(void){ LED_B_ON(); - UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); + cmd_send(CMD_ACK,0,0,0,0,0); LED_B_OFF(); - return 0; + return FALSE; } -int RAMFUNC MfSniffLogic(const uint8_t * data, int len, uint32_t parity, int bitCnt, int reader) { +bool RAMFUNC MfSniffLogic(const uint8_t *data, uint16_t len, uint8_t *parity, uint16_t bitCnt, bool reader) { - if ((len == 1) && (bitCnt = 9) && (data[0] > 0x0F)) { + if (reader && (len == 1) && (bitCnt == 7)) { // reset on 7-Bit commands from reader sniffState = SNF_INIT; } switch (sniffState) { case SNF_INIT:{ - if ((reader) && (len == 1) && (bitCnt == 9) && ((data[0] == 0x26) || (data[0] == 0x52))) { + if ((len == 1) && (reader) && (bitCnt == 7) ) { // REQA or WUPA from reader sniffUIDType = SNF_UID_4; memset(sniffUID, 0x00, 8); memset(sniffATQA, 0x00, 2); sniffSAK = 0; - sniffState = SNF_WUPREQ; } break; } case SNF_WUPREQ:{ - if ((!reader) && (len == 2)) { + if ((!reader) && (len == 2)) { // ATQA from tag memcpy(sniffATQA, data, 2); - sniffState = SNF_ATQA; } break; } case SNF_ATQA:{ - if ((reader) && (len == 2) && (data[0] == 0x93) && (data[1] == 0x20)) { + if ((reader) && (len == 2) && (data[0] == 0x93) && (data[1] == 0x20)) { // Select ALL from reader sniffState = SNF_ANTICOL1; } break; } case SNF_ANTICOL1:{ - if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { + if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { // UID from tag (CL1) memcpy(sniffUID + 3, data, 4); - sniffState = SNF_UID1; } break; } case SNF_UID1:{ - if ((reader) && (len == 9) && (data[0] == 0x93) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { + if ((reader) && (len == 9) && (data[0] == 0x93) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { // Select 4 Byte UID from reader sniffState = SNF_SAK; } break; } case SNF_SAK:{ - if ((!reader) && (len == 3) && (CheckCrc14443(CRC_14443_A, data, 3))) { + if ((!reader) && (len == 3) && (CheckCrc14443(CRC_14443_A, data, 3))) { // SAK from card? sniffSAK = data[0]; - if (sniffUID[3] == 0x88) { + if (sniffUID[3] == 0x88) { // CL2 UID part to be expected sniffState = SNF_ANTICOL2; - } else { + } else { // select completed sniffState = SNF_CARD_IDLE; } } break; } case SNF_ANTICOL2:{ - if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { - memcpy(sniffUID, data, 4); + if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { // CL2 UID + memcpy(sniffUID, sniffUID+4, 3); + memcpy(sniffUID+3, data, 4); sniffUIDType = SNF_UID_7; - sniffState = SNF_UID2; - } + } break; } case SNF_UID2:{ - if ((reader) && (len == 9) && (data[0] == 0x95) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { + if ((reader) && (len == 9) && (data[0] == 0x95) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { // Select 2nd part of 7 Byte UID sniffState = SNF_SAK; - Dbprintf("SNF_SAK"); } break; } - case SNF_CARD_IDLE:{ + case SNF_CARD_IDLE:{ // trace the card select sequence sniffBuf[0] = 0xFF; sniffBuf[1] = 0xFF; memcpy(sniffBuf + 2, sniffUID, 7); @@ -121,19 +123,16 @@ int RAMFUNC MfSniffLogic(const uint8_t * data, int len, uint32_t parity, int bit sniffBuf[11] = sniffSAK; sniffBuf[12] = 0xFF; sniffBuf[13] = 0xFF; - LogTrace(sniffBuf, 14, 0, parity, true); - timerData = GetTickCount(); - } - case SNF_CARD_CMD:{ - LogTrace(data, len, 0, parity, true); - + LogTrace(sniffBuf, 14, 0, 0, NULL, TRUE); + } // intentionally no break; + case SNF_CARD_CMD:{ + LogTrace(data, len, 0, 0, NULL, TRUE); sniffState = SNF_CARD_RESP; timerData = GetTickCount(); break; } case SNF_CARD_RESP:{ - LogTrace(data, len, 0, parity, false); - + LogTrace(data, len, 0, 0, NULL, FALSE); sniffState = SNF_CARD_CMD; timerData = GetTickCount(); break; @@ -144,49 +143,41 @@ int RAMFUNC MfSniffLogic(const uint8_t * data, int len, uint32_t parity, int bit break; } - return 0; + + return FALSE; } -int RAMFUNC MfSniffSend(int maxTimeoutMs) { - if (traceLen && (timerData + maxTimeoutMs < GetTickCount())) { +bool RAMFUNC MfSniffSend(uint16_t maxTimeoutMs) { + if (BigBuf_get_traceLen() && (GetTickCount() > timerData + maxTimeoutMs)) { return intMfSniffSend(); } - return 0; + return FALSE; } -// internal seding function. not a RAMFUNC. -int intMfSniffSend() { - +// internal sending function. not a RAMFUNC. +bool intMfSniffSend() { + int pckSize = 0; - int pckLen = traceLen; + int pckLen = BigBuf_get_traceLen(); int pckNum = 0; + uint8_t *trace = BigBuf_get_addr(); - if (!traceLen) return 0; - FpgaDisableSscDma(); - while (pckLen > 0) { - pckSize = MIN(32, pckLen); - UsbCommand ack = {CMD_ACK, {1, pckSize, pckNum}}; - memcpy(ack.d.asBytes, trace + traceLen - pckLen, pckSize); - + pckSize = MIN(USB_CMD_DATA_SIZE, pckLen); LED_B_ON(); - UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); - SpinDelay(20); + cmd_send(CMD_ACK, 1, BigBuf_get_traceLen(), pckSize, trace + BigBuf_get_traceLen() - pckLen, pckSize); LED_B_OFF(); pckLen -= pckSize; pckNum++; } - UsbCommand ack = {CMD_ACK, {2, 0, 0}}; - LED_B_ON(); - UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand)); + cmd_send(CMD_ACK,2,0,0,0,0); LED_B_OFF(); - traceLen = 0; - memset(trace, 0x44, TRACE_SIZE); + clear_trace(); - return 1; + return TRUE; }