X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/92690507ab259c52f0bc54cd19acc88d46ec16e3..refs/pull/117/head:/armsrc/mifarecmd.c
diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 03e191e0..939c9002 100644
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -16,8 +16,6 @@
#include "mifarecmd.h"
#include "apps.h"
#include "util.h"
-
-#include "des.h"
#include "crc.h"
// the block number for the ISO14443-4 PCB
@@ -25,7 +23,6 @@ uint8_t pcb_blocknum = 0;
// Deselect card by sending a s-block. the crc is precalced for speed
static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
-
//-----------------------------------------------------------------------------
// Select, Authenticate, Read a MIFARE tag.
// read block
@@ -93,147 +90,76 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LEDsoff();
}
-void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){
+void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
- byte_t dataoutbuf[16] = {0x00};
- uint8_t uid[10] = {0x00};
- uint32_t cuid = 0x00;
+ bool turnOffField = (arg0 == 1);
LED_A_ON(); LED_B_OFF(); LED_C_OFF();
-
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
- if(!iso14443a_select_card(uid, NULL, &cuid)) {
+ if(!iso14443a_select_card(NULL, NULL, NULL)) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
OnError(0);
return;
};
- if(mifare_ultra_auth1(dataoutbuf)){
- if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");
+ if(!mifare_ultra_auth(keybytes)){
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
OnError(1);
return;
}
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");
-
- cmd_send(CMD_ACK,1,cuid,0,dataoutbuf,11);
- LEDsoff();
-}
-void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){
-
- uint8_t key[16] = {0x00};
- byte_t dataoutbuf[16] = {0x00};
-
- memcpy(key, datain, 16);
-
- LED_A_ON(); LED_B_OFF(); LED_C_OFF();
-
- if(mifare_ultra_auth2(key, dataoutbuf)){
- if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part2: Fail...");
- OnError(1);
- return;
+ if (turnOffField) {
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LEDsoff();
}
-
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
-
- cmd_send(CMD_ACK,1,0,0,dataoutbuf,11);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LEDsoff();
+ cmd_send(CMD_ACK,1,0,0,0,0);
}
+// Arg0 = BlockNo,
+// Arg1 = UsePwd bool
+// datain = PWD bytes,
void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
{
uint8_t blockNo = arg0;
byte_t dataout[16] = {0x00};
- uint8_t uid[10] = {0x00};
- uint8_t key[16] = {0x00};
- bool usePwd = (arg1 == 1);
-
- LED_A_ON(); LED_B_OFF(); LED_C_OFF();
+ bool useKey = (arg1 == 1); //UL_C
+ bool usePwd = (arg1 == 2); //UL_EV1/NTAG
+ LEDsoff();
+ LED_A_ON();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
- int len = iso14443a_select_card(uid, NULL, NULL);
+ int len = iso14443a_select_card(NULL, NULL, NULL);
if(!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);
OnError(1);
return;
}
- // authenticate here.
- if ( usePwd ) {
-
- memcpy(key, datain, 16);
+ // UL-C authentication
+ if ( useKey ) {
+ uint8_t key[16] = {0x00};
+ memcpy(key, datain, sizeof(key) );
- // Dbprintf("KEY: %02x %02x %02x %02x %02x %02x %02x %02x", key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7] );
- // Dbprintf("KEY: %02x %02x %02x %02x %02x %02x %02x %02x", key[8],key[9],key[10],key[11],key[12],key[13],key[14],key[15] );
-
- uint8_t a[8] = {1,1,1,1,1,1,1,1 };
- uint8_t b[8] = {0x00};
- uint8_t enc_b[8] = {0x00};
- uint8_t ab[16] = {0x00};
- uint8_t enc_ab[16] = {0x00};
- uint8_t enc_key[8] = {0x00};
-
- uint16_t len;
- uint8_t receivedAnswer[MAX_FRAME_SIZE];
- uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
-
- len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);
- if (len != 11) {
- if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+ if ( !mifare_ultra_auth(key) ) {
OnError(1);
return;
}
+ }
- // tag nonce.
- memcpy(enc_b,receivedAnswer+1,8);
-
- // decrypt nonce.
- tdes_2key_dec(b, enc_b, 8, key );
-
- Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x", enc_b[0],enc_b[1],enc_b[2],enc_b[3],enc_b[4],enc_b[5],enc_b[6],enc_b[7] );
- Dbprintf(" B: %02x %02x %02x %02x %02x %02x %02x %02x", b[0],b[1],b[2],b[3],b[4],b[5],b[6],b[7] );
- rol(b,8);
-
- memcpy(ab ,a,8);
- memcpy(ab+8,b,8);
-
- Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[0],ab[1],ab[2],ab[3],ab[4],ab[5],ab[6],ab[7] );
- Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[8],ab[9],ab[10],ab[11],ab[12],ab[13],ab[14],ab[15] );
-
- // encrypt
- tdes_2key_enc(enc_ab, ab, 16, key);
-
- Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", enc_ab[0],enc_ab[1],enc_ab[2],enc_ab[3],enc_ab[4],enc_ab[5],enc_ab[6],enc_ab[7] );
- Dbprintf("e_enc_ab: %02x %02x %02x %02x %02x %02x %02x %02x", enc_ab[8],enc_ab[9],enc_ab[10],enc_ab[11],enc_ab[12],enc_ab[13],enc_ab[14],enc_ab[15] );
-
- len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, enc_ab, receivedAnswer, receivedAnswerPar, NULL);
- if (len != 11) {
- if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+ // UL-EV1 / NTAG authentication
+ if ( usePwd ) {
+ uint8_t pwd[4] = {0x00};
+ memcpy(pwd, datain, 4);
+ uint8_t pack[4] = {0,0,0,0};
+ if (!mifare_ul_ev1_auth(pwd, pack)) {
OnError(1);
return;
}
-
- // the tags' encryption of our nonce, A.
- memcpy(enc_key, receivedAnswer+1, 8);
-
- // clear B.
- memset(b, 0x00, 8);
-
- // decrypt
- tdes_2key_dec(b, enc_key, 8, key );
- if ( memcmp(a, b, 8) == 0 )
- Dbprintf("Verified key");
- else
- Dbprintf("failed authentication");
-
- Dbprintf("a: %02x %02x %02x %02x %02x %02x %02x %02x", a[0],a[1],a[2],a[3],a[4],a[5],a[6],a[7] );
- Dbprintf("b: %02x %02x %02x %02x %02x %02x %02x %02x", b[0],b[1],b[2],b[3],b[4],b[5],b[6],b[7] );
- }
+ }
if( mifare_ultra_readblock(blockNo, dataout) ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
@@ -246,11 +172,12 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
OnError(3);
return;
}
-
+
cmd_send(CMD_ACK,1,0,0,dataout,16);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
+
//-----------------------------------------------------------------------------
// Select, Authenticate, Read a MIFARE tag.
// read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)
@@ -319,17 +246,31 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LEDsoff();
}
-void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
+// arg0 = blockNo (start)
+// arg1 = Pages (number of blocks)
+// arg2 = useKey
+// datain = KEY bytes
+void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
{
+ // free eventually allocated BigBuf memory
+ BigBuf_free();
+ clear_trace();
+
// params
- uint8_t sectorNo = arg0;
- int Pages = arg1;
- int countpages = 0;
- byte_t dataout[176] = {0x00};;
+ uint8_t blockNo = arg0;
+ uint16_t blocks = arg1;
+ bool useKey = (arg2 == 1); //UL_C
+ bool usePwd = (arg2 == 2); //UL_EV1/NTAG
+ uint32_t countblocks = 0;
+ uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);
+ if (dataout == NULL){
+ Dbprintf("out of memory");
+ OnError(1);
+ return;
+ }
LEDsoff();
LED_A_ON();
- clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
int len = iso14443a_select_card(NULL, NULL, NULL);
@@ -338,34 +279,68 @@ void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
OnError(1);
return;
}
+
+ // UL-C authentication
+ if ( useKey ) {
+ uint8_t key[16] = {0x00};
+ memcpy(key, datain, sizeof(key) );
+
+ if ( !mifare_ultra_auth(key) ) {
+ OnError(1);
+ return;
+ }
+ }
+
+ // UL-EV1 / NTAG authentication
+ if (usePwd) {
+ uint8_t pwd[4] = {0x00};
+ memcpy(pwd, datain, sizeof(pwd));
+ uint8_t pack[4] = {0,0,0,0};
+
+ if (!mifare_ul_ev1_auth(pwd, pack)){
+ OnError(1);
+ return;
+ }
+ }
+
+ for (int i = 0; i < blocks; i++){
+ if ((i*4) + 4 >= CARD_MEMORY_SIZE) {
+ Dbprintf("Data exceeds buffer!!");
+ break;
+ }
- for (int i = 0; i < Pages; i++){
-
- len = mifare_ultra_readblock(sectorNo * 4 + i, dataout + 4 * i);
-
+ len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);
+
if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
- OnError(2);
- return;
+ // if no blocks read - error out
+ if (i==0){
+ OnError(2);
+ return;
+ } else {
+ //stop at last successful read block and return what we got
+ break;
+ }
} else {
- countpages++;
+ countblocks++;
}
}
-
+
len = mifare_ultra_halt();
if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
OnError(3);
return;
}
-
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Pages read %d", countpages);
- len = Pages * 4;
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
+
+ countblocks *= 4;
- cmd_send(CMD_ACK, 1, 0, 0, dataout, len);
+ cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
+ BigBuf_free();
}
//-----------------------------------------------------------------------------
@@ -440,7 +415,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LEDsoff();
}
-void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
+/* // Command not needed but left for future testing
+void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
{
uint8_t blockNo = arg0;
byte_t blockdata[16] = {0x00};
@@ -460,7 +436,7 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
return;
};
- if(mifare_ultra_writeblock(blockNo, blockdata)) {
+ if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(0);
return; };
@@ -477,27 +453,57 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
-
-void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
+*/
+
+// Arg0 : Block to write to.
+// Arg1 : 0 = use no authentication.
+// 1 = use 0x1A authentication.
+// 2 = use 0x1B authentication.
+// datain : 4 first bytes is data to be written.
+// : 4/16 next bytes is authentication key.
+void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
{
uint8_t blockNo = arg0;
+ bool useKey = (arg1 == 1); //UL_C
+ bool usePwd = (arg1 == 2); //UL_EV1/NTAG
byte_t blockdata[4] = {0x00};
-
- memcpy(blockdata, datain,4);
- uint8_t uid[10] = {0x00};
+ memcpy(blockdata, datain,4);
- LED_A_ON(); LED_B_OFF(); LED_C_OFF();
+ LEDsoff();
+ LED_A_ON();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
- if(!iso14443a_select_card(uid, NULL, NULL)) {
+ if(!iso14443a_select_card(NULL, NULL, NULL)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
OnError(0);
return;
};
- if(mifare_ultra_special_writeblock(blockNo, blockdata)) {
+ // UL-C authentication
+ if ( useKey ) {
+ uint8_t key[16] = {0x00};
+ memcpy(key, datain+4, sizeof(key) );
+
+ if ( !mifare_ultra_auth(key) ) {
+ OnError(1);
+ return;
+ }
+ }
+
+ // UL-EV1 / NTAG authentication
+ if (usePwd) {
+ uint8_t pwd[4] = {0x00};
+ memcpy(pwd, datain+4, 4);
+ uint8_t pack[4] = {0,0,0,0};
+ if (!mifare_ul_ev1_auth(pwd, pack)) {
+ OnError(1);
+ return;
+ }
+ }
+
+ if(mifare_ultra_writeblock(blockNo, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(0);
return;
@@ -537,7 +543,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[6];
blockdata[2] = pwd[5];
blockdata[3] = pwd[4];
- if(mifare_ultra_special_writeblock( 44, blockdata)) {
+ if(mifare_ultra_writeblock( 44, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(44);
return;
@@ -547,7 +553,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[2];
blockdata[2] = pwd[1];
blockdata[3] = pwd[0];
- if(mifare_ultra_special_writeblock( 45, blockdata)) {
+ if(mifare_ultra_writeblock( 45, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(45);
return;
@@ -557,7 +563,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[14];
blockdata[2] = pwd[13];
blockdata[3] = pwd[12];
- if(mifare_ultra_special_writeblock( 46, blockdata)) {
+ if(mifare_ultra_writeblock( 46, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(46);
return;
@@ -567,7 +573,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[10];
blockdata[2] = pwd[9];
blockdata[3] = pwd[8];
- if(mifare_ultra_special_writeblock( 47, blockdata)) {
+ if(mifare_ultra_writeblock( 47, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(47);
return;
@@ -711,7 +717,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
LED_B_OFF();
}
-// -------------------------------------------------------------------------------------------------
+ // -------------------------------------------------------------------------------------------------
LED_C_ON();
@@ -740,7 +746,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
// nested authentication
auth2_time = auth1_time + delta_time;
- len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
+ len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
if (len != 4) {
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);
continue;
@@ -1233,21 +1239,18 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
int len = iso14443a_select_card(uid, NULL, &cuid);
if(!len) {
- if (MF_DBGLEVEL >= MF_DBG_ERROR)
- Dbprintf("Can't select card");
- //OnError(1);
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
+ OnError(1);
return;
};
if(mifare_desfire_des_auth1(cuid, dataout)){
- if (MF_DBGLEVEL >= MF_DBG_ERROR)
- Dbprintf("Authentication part1: Fail.");
- //OnError(4);
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");
+ OnError(4);
return;
}
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");
-
cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));
}
@@ -1263,14 +1266,12 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
isOK = mifare_desfire_des_auth2(cuid, key, dataout);
if( isOK) {
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
- Dbprintf("Authentication part2: Failed");
- //OnError(4);
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");
+ OnError(4);
return;
}
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
- DbpString("AUTH 2 FINISHED");
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);