int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout);
size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout);
void OnSuccess();
-void OnError();
+void OnError(uint8_t reason);
\r
void MifareUReadBlock(uint8_t arg0,uint8_t *datain)\r
{\r
- // params\r
uint8_t blockNo = arg0;\r
- \r
- // variables\r
- byte_t isOK = 0;\r
- byte_t dataoutbuf[16] = {0x00};\r
+ byte_t dataout[16] = {0x00};\r
uint8_t uid[10] = {0x00};\r
uint32_t cuid;\r
\r
- // clear trace\r
- iso14a_clear_trace();\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
- \r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
+\r
+ iso14a_clear_trace();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
- while (true) {\r
- if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
- break;\r
- };\r
- \r
- if(mifare_ultra_readblock(cuid, blockNo, dataoutbuf)) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Read block error");\r
- break;\r
- };\r
- \r
- if(mifare_ultra_halt(cuid)) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
- break;\r
- };\r
- \r
- isOK = 1;\r
- break;\r
- }\r
+ int len = iso14443a_select_card(uid, NULL, &cuid);\r
+ if(!len) {\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
+ OnError(1);\r
+ return;\r
+ };\r
\r
- if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");\r
- \r
- LED_B_ON();\r
- cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
- LED_B_OFF();\r
+ len = mifare_ultra_readblock(cuid, blockNo, dataout);\r
+ if(len) {\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");\r
+ OnError(2);\r
+ return;\r
+ };\r
+ \r
+ len = mifare_ultra_halt(cuid);\r
+ if(len) {\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
+ OnError(3);\r
+ return;\r
+ };\r
+ \r
+ cmd_send(CMD_ACK,1,0,0,dataout,16);\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}\r
uint8_t sectorNo = arg0;\r
int Pages = arg1;\r
int count_Pages = 0;\r
- byte_t dataoutbuf[176] = {0x00};;\r
+ byte_t dataout[176] = {0x00};;\r
uint8_t uid[10] = {0x00};\r
uint32_t cuid;\r
-\r
- iso14a_clear_trace();\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
+ \r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
- \r
+\r
if (MF_DBGLEVEL >= MF_DBG_ALL) \r
Dbprintf("Pages %d",Pages);\r
\r
- if (!iso14443a_select_card(uid, NULL, &cuid)) {\r
+ iso14a_clear_trace();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+ int len = iso14443a_select_card(uid, NULL, &cuid);\r
+ \r
+ if (!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
Dbprintf("Can't select card");\r
- OnError();\r
+ OnError(1);\r
return;\r
}\r
\r
for (int i = 0; i < Pages; i++){\r
- if (mifare_ultra_readblock(cuid, sectorNo * 4 + i, dataoutbuf + 4 * i)) {\r
+ \r
+ len = mifare_ultra_readblock(cuid, sectorNo * 4 + i, dataout + 4 * i);\r
+ \r
+ if (len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
Dbprintf("Read block %d error",i);\r
- OnError();\r
+ OnError(2);\r
return;\r
} else {\r
count_Pages++;\r
}\r
}\r
\r
- if (mifare_ultra_halt(cuid)) {\r
+ len = mifare_ultra_halt(cuid);\r
+ if (len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
Dbprintf("Halt error");\r
- OnError();\r
+ OnError(3);\r
return;\r
}\r
\r
if (MF_DBGLEVEL >= MF_DBG_ALL) {\r
- Dbprintf("Pages read %d",count_Pages);\r
- DbpString("Read card finished");\r
+ Dbprintf("Pages read %d", count_Pages);\r
}\r
\r
- int len = 16*4; //64 bytes\r
+ len = 16*4; //64 bytes\r
\r
// Read a UL-C\r
if (Pages == 44 && count_Pages > 16) \r
len = 176;\r
\r
- cmd_send(CMD_ACK, 1, 0, 0, dataoutbuf, len);\r
- \r
+ cmd_send(CMD_ACK, 1, 0, 0, dataout, len); \r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}\r
cmd_send(CMD_ACK,isOK,0,0,0,0);\r
}\r
\r
- //\r
+//\r
// DESFIRE\r
//\r
\r
void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){\r
- // variables\r
- byte_t isOK = 0;\r
+\r
byte_t dataout[11] = {0x00};\r
uint8_t uid[10] = {0x00};\r
uint32_t cuid;\r
iso14a_clear_trace();\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
- if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card, something went wrong before auth");\r
+ int len = iso14443a_select_card(uid, NULL, &cuid);\r
+ if(!len) {\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
+ Dbprintf("Can't select card");\r
+ OnError(1);\r
+ return;\r
};\r
\r
if(mifare_desfire_des_auth1(cuid, dataout)){\r
- if (MF_DBGLEVEL >= 1) \r
- Dbprintf("Authentication part1: Fail."); \r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
+ Dbprintf("Authentication part1: Fail.");\r
+ OnError(4);\r
+ return;\r
}\r
\r
- isOK = 1;\r
- if (MF_DBGLEVEL >= 2) DbpString("AUTH 1 FINISHED");\r
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");\r
\r
- cmd_send(CMD_ACK,isOK,cuid,0,dataout, sizeof(dataout));\r
+ cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));\r
}\r
\r
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){\r
byte_t dataout[12] = {0x00};\r
\r
memcpy(key, datain, 16);\r
- \r
- LED_A_ON();\r
- LED_B_OFF();\r
- LED_C_OFF();\r
\r
isOK = mifare_desfire_des_auth2(cuid, key, dataout);\r
\r
- if(isOK){\r
- if (MF_DBGLEVEL >= 2) \r
- DbpString("AUTH 2 FINISHED");\r
- cmd_send(CMD_ACK,isOK,0,0,dataout,sizeof(dataout));\r
- }\r
- else {\r
- if (MF_DBGLEVEL >= 2) \r
+ if( isOK) {\r
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
Dbprintf("Authentication part2: Failed"); \r
- OnError();\r
+ OnError(4);\r
+ return;\r
}\r
\r
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
+ DbpString("AUTH 2 FINISHED");\r
+\r
+ cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}
\ No newline at end of file
int len = iso14443a_select_card(NULL,card,NULL);
if (!len) {
- if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
- OnError();
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)
+ Dbprintf("Can't select card");
+ OnError(1);
return false;
}
return true;
}
if ( !len ) {
- OnError();
+ OnError(2);
return;
}
iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
byte_t isOK = iso14443a_select_card(NULL, card, NULL);
if ( isOK == 0) {
- if (MF_DBGLEVEL >= 1) {
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) {
Dbprintf("Can't select card");
}
- OnError();
+ OnError(1);
return;
}
len = DesfireAPDU(cmd, cmd_len, resp);
if ( !len ) {
print_result("ERROR <--: ", resp, len);
- OnError();
+ OnError(2);
return;
}
len = DesfireAPDU(cmd, cmd_len, resp);
if ( !len ) {
print_result("ERROR <--: ", resp, len);
- OnError();
+ OnError(2);
return;
}
len = DesfireAPDU(cmd, cmd_len, resp);
if ( !len ) {
print_result("ERROR <--: ", resp, len);
- OnError();
+ OnError(2);
return;
}
uint8_t encBoth[32] = {0x00};
InitDesfireCard();
-
- LED_A_ON();
- LED_B_OFF();
- LED_C_OFF();
// 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
// 4 olika crypto algo DES, 3DES, 3K3DES, AES
cmd[1] = keyno; //keynumber
len = DesfireAPDU(cmd, 2, resp);
if ( !len ) {
- if (MF_DBGLEVEL >= 1) {
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
- OnError();
+ OnError(3);
return;
}
if ( resp[2] == 0xaf ){
} else {
DbpString("Authetication failed. Invalid key number.");
- OnError();
+ OnError(3);
return;
}
len = DesfireAPDU(cmd, 17, resp);
if ( !len ) {
- if (MF_DBGLEVEL >= 1) {
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
- OnError();
+ OnError(3);
return;
}
for (int x = 0; x < 8; x++) {
if (decRndA[x] != encRndA[x]) {
DbpString("Authetication failed. Cannot varify PICC.");
- OnError();
+ OnError(4);
return;
}
}
} else {
DbpString("Authetication failed.");
- OnError();
+ OnError(6);
return;
}
if( MF_DBGLEVEL >= 4) {
Dbprintf("AES context failed to init");
}
- OnError();
+ OnError(7);
return;
}
cmd[1] = 0x00; //keynumber
len = DesfireAPDU(cmd, 2, resp);
if ( !len ) {
- if (MF_DBGLEVEL >= 1) {
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
- OnError();
+ OnError(3);
return;
}
len = DesfireAPDU(cmd, 33, resp); // 1 + 32 == 33
if ( !len ) {
- if (MF_DBGLEVEL >= 1) {
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
- OnError();
+ OnError(3);
return;
}
print_result("SESSION : ", skey->data, 16);
} else {
DbpString("Authetication failed.");
- OnError();
+ OnError(7);
return;
}
-
break;
}
}
LEDsoff();
}
-void OnError(){
+void OnError(uint8_t reason){
pcb_blocknum = 0;
ReaderTransmit(deselect_cmd, 3 , NULL);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- cmd_send(CMD_ACK,0,0,0,0,0);
+ cmd_send(CMD_ACK,0,reason,0,0,0);
LEDsoff();
}
int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
{
uint8_t dcmd[8];
- dcmd[0] = cmd;
+ dcmd[0] = cmd;\r
dcmd[1] = data[0];\r
dcmd[2] = data[1];
dcmd[3] = data[2];\r
ReaderTransmit(dcmd, sizeof(dcmd), timing);\r
len = ReaderReceive(answer, answer_parity);\r
if(!len) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout.");\r
len = ReaderReceive(answer,answer_parity);\r
}\r
if(len==1) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("NAK - Authentication failed.");\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("NAK - Authentication failed.");\r
return 1;\r
}
return len;
return len;\r
}\r
\r
-// mifare commands\r
+// mifare classic commands\r
int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested) \r
{\r
return mifare_classic_authex(pcs, uid, blockNo, keyType, ui64Key, isNested, NULL, NULL);\r
return 0;
}\r
\r
+// mifare ultralight commands\r
int mifare_ultra_auth1(uint32_t uid, uint8_t *blockData){\r
- // variables\r
+\r
uint16_t len;\r
+ uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
- uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
- uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
- \r
- // command MIFARE_CLASSIC_READBLOCK\r
len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);\r
if (len == 1) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
return 1;\r
}\r
- if (len == 11) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
- receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
- receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
- receivedAnswer[10]);\r
- memcpy(blockData, receivedAnswer, 11);\r
- return 0;\r
- }\r
- //else something went wrong???\r
- return 1;\r
+ if (len != 11)\r
+ return 1;\r
+\r
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
+ Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
+ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
+ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
+ receivedAnswer[10]);\r
+ }\r
+ memcpy(blockData, receivedAnswer, 11);\r
+ return 0;\r
}\r
\r
int mifare_ultra_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){\r
- // variables\r
+\r
uint16_t len;\r
+ uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
- uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
- uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
- \r
- // command MIFARE_CLASSIC_READBLOCK\r
len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, key, receivedAnswer, receivedAnswerPar, NULL);\r
if (len == 1) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
return 1;\r
}\r
- if (len == 11){\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
- receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
- receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
- receivedAnswer[10]);\r
- memcpy(blockData, receivedAnswer, 11);\r
- return 0;\r
+ if (len != 11)\r
+ return 1; \r
+ \r
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
+ Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
+ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
+ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
+ receivedAnswer[10]);\r
}\r
- //something went wrong?\r
- return 1;\r
+ memcpy(blockData, receivedAnswer, 11);\r
+ return 0;\r
}
int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
- // variables
uint16_t len;
uint8_t bt[2];
-
- uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
- uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
+ uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if (len == 1) {
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len != 18) {
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: card timeout. len: %x", len);
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Error: card timeout. len: %x", len);
return 2;
}
memcpy(bt, receivedAnswer + 16, 2);
AppendCrc14443a(receivedAnswer, 16);
if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd CRC response error.");
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd CRC response error.");
return 3;
}
int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
- // variables
uint16_t len;
uint8_t par[3] = {0}; // enough for 18 parity bits
- uint8_t d_block[18];
- uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
- uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+ uint8_t d_block[18] = {0x00};
+ uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
// command MIFARE_CLASSIC_WRITEBLOCK
len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);
- return 1;
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);
+ return 1;
}
- memset(d_block,'\0',18);
memcpy(d_block, blockData, 16);
AppendCrc14443a(d_block, 16);
ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);
\r
- // Receive the response
len = ReaderReceive(receivedAnswer, receivedAnswerPar);
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
return 2;
}
-
return 0;
}
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
uint16_t len;
- uint8_t d_block[8];
- uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t d_block[8] = {0x00};
+ uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
// command MIFARE_CLASSIC_WRITEBLOCK
- memset(d_block,'\0',8);
d_block[0]= blockNo;
memcpy(d_block+1,blockData,4);
AppendCrc14443a(d_block, 6);
- //i know the data send here is correct
len = mifare_sendcmd_short_special(NULL, 1, 0xA2, d_block, receivedAnswer, receivedAnswerPar, NULL);
if (receivedAnswer[0] != 0x0A) { // 0x0a - ACK
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
return 1;
}
return 0;
\r
len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);\r
if (len != 0) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("halt error. response len: %x", len); \r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("halt error. response len: %x", len); \r
return 1;\r
}\r
\r
int mifare_ultra_halt(uint32_t uid)
{
uint16_t len; \r
- uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
if (len != 0) {
- if (MF_DBGLEVEL >= 1) Dbprintf("halt error. response len: %x", len);
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("halt error. response len: %x", len);
return 1;
- }
-\r
+ }\r
return 0;
}
return;\r
}\r
\r
-//\r
-//DESFIRE\r
-//\r
+\r
+// Mifare desfire commands\r
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)\r
{\r
uint8_t dcmd[5] = {0x00};\r
ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r
int len = ReaderReceive(answer, answer_parity);\r
if(!len) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");\r
- return 1;\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
+ Dbprintf("Authentication failed. Card timeout.");\r
+ return 1;\r
}\r
return len;\r
}\r
ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r
int len = ReaderReceive(answer, answer_parity);\r
if(!len){\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");\r
- return 1;\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Authentication failed. Card timeout.");\r
+ return 1;\r
}\r
return len;\r
}\r
\r
int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){\r
- // variables\r
+\r
int len;\r
// load key, keynumber\r
uint8_t data[2]={0x0a, 0x00};\r
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
- // command MIFARE_CLASSIC_READBLOCK\r
len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);\r
if (len == 1) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
return 1;\r
}\r
\r
if (len == 12) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
- receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
- receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
- receivedAnswer[10],receivedAnswer[11]);\r
- memcpy(blockData, receivedAnswer, 12);\r
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
+ Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
+ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
+ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
+ receivedAnswer[10],receivedAnswer[11]);\r
+ }\r
+ memcpy(blockData, receivedAnswer, 12);\r
return 0;\r
}\r
return 1;\r
}\r
\r
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){\r
- // variables\r
+\r
int len;\r
uint8_t data[17] = {0x00};\r
data[0] = 0xAF;\r
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
- // command MIFARE_CLASSIC_READBLOCK\r
len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);\r
\r
if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) {\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);\r
+ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
+ Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);\r
return 1;\r
}\r
+ \r
if (len == 12){\r
- if (MF_DBGLEVEL >= 1) Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
- receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
- receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
- receivedAnswer[10],receivedAnswer[11]);\r
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
+ Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
+ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
+ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
+ receivedAnswer[10],receivedAnswer[11]);\r
+ }\r
memcpy(blockData, receivedAnswer, 12);\r
return 0;\r
}\r
switch(c->cmd) {
case CMD_DEVICE_INFO: {
dont_ack = 1;
-// c->cmd = CMD_DEVICE_INFO;
arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM |
DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH;
if(common_area.flags.osimage_present) {
arg0 |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT;
}
-// UsbSendPacket(packet, len);
cmd_send(CMD_DEVICE_INFO,arg0,1,2,0,0);
} break;
case CMD_FINISH_WRITE: {
uint32_t* flash_mem = (uint32_t*)(&_flash_start);
-// p = (volatile uint32_t *)&_flash_start;
for (size_t j=0; j<2; j++) {
for(i = 0+(64*j); i < 64+(64*j); i++) {
- //p[i+60] = c->d.asDwords[i];
flash_mem[i] = c->d.asDwords[i];
}
if( ((flash_address+AT91C_IFLASH_PAGE_SIZE-1) >= end_addr) || (flash_address < start_addr) ) {
/* Disallow write */
dont_ack = 1;
- // c->cmd = CMD_NACK;
- // UsbSendPacket(packet, len);
cmd_send(CMD_NACK,0,0,0,0,0);
} else {
uint32_t page_n = (flash_address - ((uint32_t)flash_mem)) / AT91C_IFLASH_PAGE_SIZE;
AT91C_BASE_EFC0->EFC_FCR = MC_FLASH_COMMAND_KEY |
MC_FLASH_COMMAND_PAGEN(page_n) |
AT91C_MC_FCMD_START_PROG;
- // arg0 = (address - ((uint32_t)flash_s));
}
// Wait until flashing of page finishes
while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & AT91C_MC_FRDY));
if(sr & (AT91C_MC_LOCKE | AT91C_MC_PROGE)) {
dont_ack = 1;
- // c->cmd = CMD_NACK;
cmd_send(CMD_NACK,0,0,0,0,0);
- // UsbSendPacket(packet, len);
}
}
} break;
case CMD_HARDWARE_RESET: {
-// USB_D_PLUS_PULLUP_OFF();
usb_disable();
AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
} break;
} else {
start_addr = end_addr = 0;
dont_ack = 1;
-// c->cmd = CMD_NACK;
-// UsbSendPacket(packet, len);
cmd_send(CMD_NACK,0,0,0,0,0);
}
}
}
if(!dont_ack) {
-// c->cmd = CMD_ACK;
-// UsbSendPacket(packet, len);
cmd_send(CMD_ACK,arg0,0,0,0,0);
}
}
usb_enable();
for (volatile size_t i=0; i<0x100000; i++);
-// UsbStart();
for(;;) {
WDT_HIT();
if (usb_poll()) {
rx_len = usb_read(rx,sizeof(UsbCommand));
if (rx_len) {
-// DbpString("starting to flash");
UsbPacketReceived(rx,rx_len);
}
}
-// UsbPoll(TRUE);
-
if(!externally_entered && !BUTTON_PRESS()) {
/* Perform a reset to leave flash mode */
-// USB_D_PLUS_PULLUP_OFF();
- usb_disable();
+ usb_disable();
LED_B_ON();
AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
for(;;);
LDLIBS = -L/mingw/lib -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lm -lreadline -lpthread -lcrypto -lgdi32
LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -I. -I../include -I../common -I/mingw/include -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
+CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/mingw/include -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
LUAPLATFORM = generic
ifneq (,$(findstring MINGW,$(platform)))
#define iso14443_CMD_WUPA 0x52
#define iso14443_CMD_SELECT 0x93
#define iso14443_CMD_SELECT_2 0x95
+#define iso14443_CMD_SELECT_3 0x97
#define iso14443_CMD_REQ 0x26
#define iso14443_CMD_READBLOCK 0x30
#define iso14443_CMD_WRITEBLOCK 0xA0
+#define iso14443_CMD_WRITE 0xA2
#define iso14443_CMD_INC 0xC0
#define iso14443_CMD_DEC 0xC1
#define iso14443_CMD_RESTORE 0xC2
#define iso14443_CMD_HALT 0x50
#define iso14443_CMD_RATS 0xE0
+#define iso14443_CMD_AUTH_KEYA 0x60
+#define iso14443_CMD_AUTH_KEYB 0x61
+
+#define iso14443_CMD_AUTH_STEP1 0x1A
+#define iso14443_CMD_AUTH_STEP2 0xAA
+#define iso14443_CMD_AUTH_RESPONSE 0xAF
+
+#define CHINESE_BACKDOOR_INIT 0x40
+#define CHINESE_BACKDOOR_STEP2 0x43
void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
case iso14443_CMD_REQ: snprintf(exp,size,"REW"); break;
case iso14443_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
case iso14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
+ case iso14443_CMD_WRITE: snprintf(exp,size,"WRITE"); break;
case iso14443_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break;
case iso14443_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break;
case iso14443_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
case iso14443_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
case iso14443_CMD_HALT: snprintf(exp,size,"HALT"); break;
case iso14443_CMD_RATS: snprintf(exp,size,"RATS"); break;
+
+ case iso14443_CMD_AUTH_KEYA: snprintf(exp,size,"AUTH KEY A"); break;
+ case iso14443_CMD_AUTH_KEYB: snprintf(exp,size,"AUTH KEY B"); break;
+ case iso14443_CMD_AUTH_STEP1: snprintf(exp,size,"AUTH REQ NONCE"); break;
+ case iso14443_CMD_AUTH_STEP2: snprintf(exp,size,"AUTH STEP 2"); break;
+ case iso14443_CMD_AUTH_RESPONSE: snprintf(exp,size,"AUTH RESPONSE"); break;
+
+ case CHINESE_BACKDOOR_INIT: snprintf(exp,size,"BACKDOOR INIT");break;
+ case CHINESE_BACKDOOR_STEP2: snprintf(exp,size,"BACKDOOR STEP2");break;
default: snprintf(exp,size,"?"); break;
}
return;
void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
-
if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ)
{
snprintf(exp,size,"READ(%d)",cmd[1]);
}
-
uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool showWaitCycles)
{
bool isResponse;
// Rough guess that this is a command from the reader
// For iClass the command byte is not part of the CRC
ComputeCrc14443(CRC_ICLASS, &frame[1], data_len-3, &b1, &b2);
- }
- else {
+ } else {
// For other data.. CRC might not be applicable (UPDATE commands etc.)
ComputeCrc14443(CRC_ICLASS, frame, data_len-2, &b1, &b2);
}
crcError = true;
}
- }else{//Iso 14443a
+ } else {//Iso 14443a
ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2);
}
}
}
-
}
char *crc = crcError ? "!crc" :" ";
if(!isResponse)
{
- if(iclass) annotateIclass(explanation,sizeof(explanation),frame,data_len);
- else annotateIso14443a(explanation,sizeof(explanation),frame,data_len);
+ if(iclass)
+ annotateIclass(explanation,sizeof(explanation),frame,data_len);
+ else
+ annotateIso14443a(explanation,sizeof(explanation),frame,data_len);
}
int num_lines = (data_len - 1)/16 + 1;
} else {
PrintAndLog(" | | | %-64s| %s| %s",
line[j],
- (j == num_lines-1)?crc:" ",
+ (j == num_lines-1) ? crc : " ",
(j == num_lines-1) ? explanation : "");
}
}
if ( ((atqa & 0xffff) == 0x0008) && (sak == 0x38) ) return 4;\r
\r
\r
- PrintAndLog("BEFOOO 1K %02X", (atqa & 0xff0f));\r
+ //PrintAndLog("BEFOOO 1K %02X", (atqa & 0xff0f));\r
\r
// MIFARE Plus (4 Byte UID or 4 Byte RID)\r
// MIFARE Plus (7 Byte UID)\r
UsbCommand resp;
if (strlen(Cmd)<3) {
- PrintAndLog("Usage: hf mfu uwrbl <block number> <block data > [w]");
+ PrintAndLog("Usage: hf mfu wrbl <block number> <block data > [w]");
PrintAndLog(" [block number] ");
PrintAndLog(" [block data] - (8 hex symbols)");
PrintAndLog(" [w] - Chinese magic ultralight-c tag ");
PrintAndLog("");
- PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
+ PrintAndLog(" sample: hf mfu wrbl 0 01020304");
return 0;
}
blockNo = param_get8(Cmd, 0);
uint8_t blockNo = 0;
if (strlen(Cmd)<1) {
- PrintAndLog("Usage: hf mfu urdbl <block number>");
- PrintAndLog(" sample: hfu mfu urdbl 0");
+ PrintAndLog("Usage: hf mfu rdbl <block number>");
+ PrintAndLog(" sample: hfu mfu rdbl 0");
return 0;
}
DES_key_schedule ks1,ks2;
DES_cblock key1,key2;
+ char cmdp = param_getchar(Cmd, 0);
//
memset(iv, 0, 8);
- if (strlen(Cmd)<1) {
+ if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf mfu auth k <key number>");
- PrintAndLog(" sample: hf mfu auth k 0");
+ PrintAndLog(" 1 = all zeros key");
+ PrintAndLog(" 2 = 0x00-0x0F key");
+ PrintAndLog(" 3 = nfc key");
+ PrintAndLog(" 4 = all ones key");
+ PrintAndLog(" defaults to 3DES standard key");
+ PrintAndLog(" sample : hf mfu auth k");
+ PrintAndLog(" : hf mfu auth k 3");
return 0;
}
//Change key to user defined one
- if (strchr(Cmd,'k') != 0){
- //choose a key
- keyNo = param_get8(Cmd, 1);
- switch(keyNo){
+ if (cmdp == 'k' || cmdp == 'K'){
+
+ keyNo = param_get8(Cmd, 1);
+
+ switch(keyNo){
case 0:
memcpy(key,key1_blnk_data,16);
break;
case 1:
memcpy(key,key2_defa_data,16);
break;
- case 2:
+ case 2:
memcpy(key,key4_nfc_data,16);
break;
- case 3:
+ case 3:
memcpy(key,key5_ones_data,16);
break;
default:
memcpy(key,key3_3des_data,16);
break;
}
- }else{
+ } else {
memcpy(key,key3_3des_data,16);
}
+
memcpy(key1,key,8);
memcpy(key2,key+8,8);
DES_set_key((DES_cblock *)key1,&ks1);
DES_set_key((DES_cblock *)key2,&ks2);
- //Auth1
- UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
- SendCommand(&c);
- UsbCommand resp;
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
- uint8_t isOK = resp.arg[0] & 0xff;
- cuid = resp.arg[1];
- uint8_t * data= resp.d.asBytes;
-
- if (isOK){
- PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
- memcpy(e_RndB,data+1,8);
+ //Auth1
+ UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
+ SendCommand(&c);
+ UsbCommand resp;
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ uint8_t isOK = resp.arg[0] & 0xff;
+ cuid = resp.arg[1];
+ uint8_t * data= resp.d.asBytes;
+
+ if (isOK){
+ PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
+ memcpy(e_RndB,data+1,8);
+ }
+ } else {
+ PrintAndLog("Command execute timeout");
+ return 0;
}
- } else {
- PrintAndLog("Command execute timeout");
- }
//Do crypto magic
DES_random_key(&RndA);
memcpy(d.d.asBytes,RndARndB, 16);
SendCommand(&d);
- UsbCommand respb;
- if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
- uint8_t isOK = respb.arg[0] & 0xff;
- uint8_t * data2= respb.d.asBytes;
+ UsbCommand respb;
+ if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
+ uint8_t isOK = respb.arg[0] & 0xff;
+ uint8_t * data2= respb.d.asBytes;
- if (isOK){
- PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
- }
-
- } else {
- PrintAndLog("Command execute timeout");
- }
+ if (isOK){
+ PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
+ }
+ } else {
+ PrintAndLog("Command execute timeout");
+ return 0;
+ }
return 1;
}
uint8_t blockNo = 0;
if (strlen(Cmd)<1) {
- PrintAndLog("Usage: hf mfu ucrdbl <block number>");
- PrintAndLog(" sample: hf mfu ucrdbl 0");
+ PrintAndLog("Usage: hf mfu crdbl <block number>");
+ PrintAndLog(" sample: hf mfu crdbl 0");
return 0;
}
UsbCommand resp;
if (strlen(Cmd)<3) {
- PrintAndLog("Usage: hf mfu ucwrbl <block number> <block data (8 hex symbols)> [w]");
- PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
+ PrintAndLog("Usage: hf mfu cwrbl <block number> <block data (8 hex symbols)> [w]");
+ PrintAndLog(" sample: hf mfu wrbl 0 01020304");
return 0;
}
blockNo = param_get8(Cmd, 0);
while (true) {
rxlen = sizeof(UsbCommand) - (prx-prxcmd);
if (uart_receive(sp,prx,&rxlen)) {
-// printf("received [%zd] bytes\n",rxlen);
prx += rxlen;
if ((prx-prxcmd) >= sizeof(UsbCommand)) {
-// printf("received: ");
-// cmd_debug(rxcmd);
return;
}
}