// Needed for CRC in emulation mode;
// same construction as in ISO 14443;
// different initial value (CRC_ICLASS)
-#include "iso14443crc.h"
+#include "../common/iso14443crc.h"
+#include "../common/iso15693tools.h"
+ #include "iso15693tools.h"
+
static int timeout = 4096;
--- /dev/null
- 0x02 =
+#include "mifaredesfire.h"
+
+#define MAX_APPLICATION_COUNT 28
+#define MAX_FILE_COUNT 16
+#define MAX_FRAME_SIZE 60
+#define NOT_YET_AUTHENTICATED 255
+#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5)
+
+// the block number for the ISO14443-4 PCB
+uint8_t pcb_blocknum = 0;
+// Deselect card by sending a s-block. the crc is precalced for speed
+static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
+
+//static uint8_t __msg[MAX_FRAME_SIZE] = { 0x0A, 0x00, 0x00, /* ..., */ 0x00 };
+/* PCB CID CMD PAYLOAD */
+//static uint8_t __res[MAX_FRAME_SIZE];
+
+bool InitDesfireCard(){
+
+ // Make sure it is off.
+// FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+// SpinDelay(300);
+
+ byte_t cardbuf[USB_CMD_DATA_SIZE];
+ memset(cardbuf,0,sizeof(cardbuf));
+
+ iso14a_set_tracing(TRUE);
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+
+ iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
+ int len = iso14443a_select_card(NULL,card,NULL);
+
+ if (!len) {
+ if (MF_DBGLEVEL >= 1) {
+ Dbprintf("Can't select card");
+ }
+ OnError();
+ return false;
+ }
+ return true;
+}
+
++// ARG0 flag enums
++enum {
++ NONE = 0x00,
++ INIT = 0x01,
++ DISCONNECT = 0x02,
++ FOO = 0x04,
++ BAR = 0x08,
++} CmdOptions ;
++
+void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
+
+ /* ARG0 contains flags.
+ 0x01 = init card.
- Dbprintf(" flags: %02X", flags);
- Dbprintf(" len : %02X", datalen);
- print_result("to send: ", datain, datalen);
++ 0x02 = No Disconnect
+ 0x03
+ */
+ uint8_t flags = arg0;
+ size_t datalen = arg1;
+ uint8_t resp[RECV_RES_SIZE];
+ memset(resp,0,sizeof(resp));
+
+ if (MF_DBGLEVEL >= 4) {
- if ( flags & 0x01 ){
++ Dbprintf(" flags : %02X", flags);
++ Dbprintf(" len : %02X", datalen);
++ print_result(" RX : ", datain, datalen);
+ }
+
- cmd_send(CMD_ACK,1,len,0,resp,len);
++ if ( flags & INIT ){
+ if ( !InitDesfireCard() )
+ return;
+ }
+
+ int len = DesfireAPDU(datain, datalen, resp);
++ print_result(" <--: ", resp, len);
+ if ( !len ) {
+ if (MF_DBGLEVEL >= 4) {
+ print_result("ERR <--: ", resp, len);
+ }
+ OnError();
+ return;
+ }
-
- OnSuccess();
+
- // transmit a DESELECT COMMAND for Desfire.
- ReaderTransmit(deselect_cmd, 3 , NULL);
- // reset the pcb_blocknum,
++ // reset the pcb_blocknum,
++ pcb_blocknum = 0;
++
++ if ( flags & DISCONNECT )
++ OnSuccess();
++
++ cmd_send(CMD_ACK,1,len,0,resp,len);
+}
+
+void MifareDesfireGetInformation(){
+
+ int len = 0;
+ uint8_t resp[USB_CMD_DATA_SIZE];
+ uint8_t dataout[USB_CMD_DATA_SIZE];
+ byte_t cardbuf[USB_CMD_DATA_SIZE];
+
+ memset(resp,0,sizeof(resp));
+ memset(dataout,0, sizeof(dataout));
+ memset(cardbuf,0,sizeof(cardbuf));
+
+ /*
+ 1 = PCB 1
+ 2 = cid 2
+ 3 = desfire command 3
+ 4-5 = crc 4 key
+ 5-6 crc
+ PCB == 0x0A because sending CID byte.
+ CID == 0x00 first card?
+ */
+ iso14a_clear_trace();
+ iso14a_set_tracing(TRUE);
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+
+ // card select - information
+ iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
+ byte_t isOK = iso14443a_select_card(NULL, card, NULL);
+ if (isOK != 1) {
+ if (MF_DBGLEVEL >= 1) {
+ Dbprintf("Can't select card");
+ }
+ OnError();
+ return;
+ }
+
+ memcpy(dataout,card->uid,7);
+
+ LED_A_ON();
+ LED_B_OFF();
+ LED_C_OFF();
+
+ uint8_t cmd[] = {GET_VERSION};
+ size_t cmd_len = sizeof(cmd);
+
+ len = DesfireAPDU(cmd, cmd_len, resp);
+ if ( !len ) {
+ print_result("ERROR <--: ", resp, len);
+ OnError();
+ return;
+ }
+
+ LED_A_OFF();
+ LED_B_ON();
+ memcpy(dataout+7,resp+3,7);
+
+ // ADDITION_FRAME 1
+ cmd[0] = ADDITIONAL_FRAME;
+ len = DesfireAPDU(cmd, cmd_len, resp);
+ if ( !len ) {
+ print_result("ERROR <--: ", resp, len);
+ OnError();
+ return;
+ }
+
+ LED_B_OFF();
+ LED_C_ON();
+ memcpy(dataout+7+7,resp+3,7);
+
+ // ADDITION_FRAME 2
+ len = DesfireAPDU(cmd, cmd_len, resp);
+ if ( !len ) {
+ print_result("ERROR <--: ", resp, len);
+ OnError();
+ return;
+ }
+
+ memcpy(dataout+7+7+7,resp+3,14);
+
+ cmd_send(CMD_ACK,1,0,0,dataout,sizeof(dataout));
+
+ // reset the pcb_blocknum,
+ pcb_blocknum = 0;
+ OnSuccess();
+}
+
+void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain){
+
+ uint8_t null_key_data[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ //uint8_t new_key_data[8] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 };
+ int res = 0;
+
+ desfirekey_t default_key = Desfire_des_key_new_with_version (null_key_data);
+
+ // res = Desfire_select_application (tags[i], aid);
+ if (res < 0) {
+ print_result("default key: ", default_key->data, 24 );
+ return;
+ }
+
+ return;
+ // pcb cid cmd key crc1 cr2
+ //uint8_t cmd2[] = {0x02,0x00,GET_KEY_VERSION, 0x00, 0x00, 0x00 };
+
+ //uint8_t* bigbuffer = mifare_get_bigbufptr();
+ byte_t isOK = 1;
+ uint8_t resp[256];
+ uint8_t key[24];
+ uint8_t IV[16];
+
+ // första byten håller keylength.
+ uint8_t keylen = datain[0];
+ memcpy(key, datain+1, keylen);
+
+ if (MF_DBGLEVEL >= 1) {
+
+ Dbprintf("MODE: %d", mode);
+ Dbprintf("ALGO: %d", algo);
+ Dbprintf("KEYNO: %d", keyno);
+ Dbprintf("KEYLEN: %d", keylen);
+
+ print_result("KEY", key, keylen);
+ }
+
+ // card select - information
+ byte_t buf[USB_CMD_DATA_SIZE];
+ iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
+
+ // test of DES on ARM side.
+ /*
+ if ( mode == 1){
+ uint8_t IV[8];
+ uint8_t plain[16];
+ uint8_t encData[16];
+
+ uint8_t tmpData[8];
+ uint8_t tmpPlain[8];
+
+ memset(IV, 0, 8);
+ memset(tmpData, 0 ,8);
+ memset(tmpPlain,0 ,8);
+ memcpy(key, datain, 8);
+ memcpy(plain, datain+30, 16);
+
+ for(uint8_t i=0; i< sizeof(plain); i=i+8 ){
+
+ memcpy(tmpPlain, plain+i, 8);
+ des_enc( &tmpData, &tmpPlain, &key);
+ memcpy(encData+i, tmpData, 8);
+ }
+ }
+*/
+
+ iso14a_clear_trace();
+
+ iso14a_set_tracing(TRUE);
+
+ // power up the field
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+
+ // select the card
+ isOK = iso14443a_select_card(resp, card, NULL);
+ if (isOK != 1) {
+ if (MF_DBGLEVEL >= 1) {
+ Dbprintf("CAN'T SELECT CARD, SOMETHING WENT WRONG BEFORE AUTH");
+ }
+ OnError();
+ return;
+ }
+
+ LED_A_ON();
+ LED_B_OFF();
+ LED_C_OFF();
+
+ // 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
+ // 4 olika crypto algo DES, 3DES, 3K3DES, AES
+ // 3 olika kommunikations sätt, PLAIN,MAC,CRYPTO
+
+ // des, nyckel 0,
+ switch (mode){
+ case 1:
+ // if ( SendDesfireCommand(AUTHENTICATE, &keyno, resp) > 0 ){
+ // // fick nonce från kortet
+ // }
+ break;
+ case 2:
+ //SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp);
+ break;
+ case 3:{
+ AesCtx ctx;
+ if ( AesCtxIni(&ctx, IV, key, KEY128, CBC) < 0 ){
+ if (MF_DBGLEVEL >= 1) {
+ Dbprintf("AES context failed to init");
+ }
+ OnError();
+ return;
+ }
+ uint8_t real_cmd[6];
+ real_cmd[0] = 0x90;
+ real_cmd[1] = 0x02;
+ real_cmd[2] = AUTHENTICATE_AES;
+ real_cmd[3] = keyno;
+
+ AppendCrc14443a(real_cmd, 4);
+ ReaderTransmit(real_cmd, sizeof(real_cmd), NULL);
+
+ int len = ReaderReceive(resp);
+ if(!len) {
+ OnError();
+ return;
+ }
+
+ print_result("RX:", resp, len);
+
+ enum DESFIRE_STATUS status = resp[1];
+ if ( status != ADDITIONAL_FRAME) {
+ OnError();
+ return;
+ }
+
+ // tags enc nonce
+ uint8_t encRndB[16];
+ uint8_t decRndB[16];
+ uint8_t nonce[16];
+ uint8_t both[32];
+ uint8_t encBoth[32];
+
+ memset(nonce, 0, 16);
+ memcpy( encRndB, resp+2, 16);
+
+ // dekryptera tagnonce.
+ AesDecrypt(&ctx, encRndB, decRndB, 16);
+
+ rol(decRndB,16);
+
+ memcpy(both, nonce,16);
+ memcpy(both+16, decRndB ,16 );
+
+ AesEncrypt(&ctx, both, encBoth, 32 );
+
+ uint8_t real_cmd_A[36];
+ real_cmd_A[0] = 0x03;
+ real_cmd_A[1] = ADDITIONAL_FRAME;
+
+ memcpy(real_cmd_A+2, encBoth, sizeof(encBoth) );
+ AppendCrc14443a(real_cmd_A, 34);
+ ReaderTransmit(real_cmd_A, sizeof(real_cmd_A), NULL);
+
+ len = ReaderReceive(resp);
+
+ print_result("Auth1a ", resp, 36);
+
+ status = resp[1];
+ if ( status != OPERATION_OK) {
+ Dbprintf("Cmd Error: %02x Len: %d", status,len);
+ OnError();
+ return;
+ }
+
+ break;
+ }
+
+ }
+
+ OnSuccess(resp);
+}
+
+// 3 olika ISO sätt att skicka data till DESFIRE (direkt, inkapslat, inkapslat ISO)
+// cmd = cmd bytes to send
+// cmd_len = length of cmd
+// dataout = pointer to response data array
+int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
+
+ uint32_t status = 0;
+ size_t wrappedLen = 0;
+ uint8_t wCmd[USB_CMD_DATA_SIZE];
+
+ wrappedLen = CreateAPDU( cmd, cmd_len, wCmd);
+
+ if (MF_DBGLEVEL >= 4) {
+ print_result("WCMD <--: ", wCmd, wrappedLen);
+ }
+ ReaderTransmit( wCmd, wrappedLen, NULL);
+
+ status = ReaderReceive(dataout);
+
+ if(!status){
+ return FALSE; //DATA LINK ERROR
+ }
+ // if we received an I- or R(ACK)-Block with a block number equal to the
+ // current block number, toggle the current block number
+ else if (status >= 4 // PCB+CID+CRC = 4 bytes
+ && ((dataout[0] & 0xC0) == 0 // I-Block
+ || (dataout[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0
+ && (dataout[0] & 0x01) == pcb_blocknum) // equal block numbers
+ {
+ pcb_blocknum ^= 1; //toggle next block
+ }
+ return status;
+}
+
+// CreateAPDU
+size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){
+
+ size_t cmdlen = MIN(len+4, USB_CMD_DATA_SIZE-1);
+
+ uint8_t cmd[cmdlen];
+ memset(cmd, 0, cmdlen);
+
+ cmd[0] = 0x0A; // 0x0A = skicka cid, 0x02 = ingen cid. Särskilda bitar //
+ cmd[0] |= pcb_blocknum; // OR the block number into the PCB
+ cmd[1] = 0x00; // CID: 0x00 //FIXME: allow multiple selected cards
+
+ memcpy(cmd+2, datain, len);
+ AppendCrc14443a(cmd, len+2);
+
+ memcpy(dataout, cmd, cmdlen);
+
+ return cmdlen;
+}
+
+ // crc_update(&desfire_crc32, 0, 1); /* CMD_WRITE */
+ // crc_update(&desfire_crc32, addr, addr_sz);
+ // crc_update(&desfire_crc32, byte, 8);
+ // uint32_t crc = crc_finish(&desfire_crc32);
+
+
+ /* Version
+
+ //uint8_t versionCmd1[] = {0x02, 0x60};
+ //uint8_t versionCmd2[] = {0x03, 0xaf};
+ //uint8_t versionCmd3[] = {0x02, 0xaf};
+
+ // AUTH 1 - CMD: 0x02, 0x0A, 0x00 = Auth
+ // 0x02 = status byte för simpla svar?!?
+ // 0x0a = krypto typ
+ // 0x00 = key nr
+ //uint8_t initAuthCmdDES[] = {0x02, 0x0a, 0x00}; // DES
+ //uint8_t initAuthCmd3DES[] = {0x02, 0x1a, 0x00}; // 3DES
+ //uint8_t initAuthCmdAES[] = {0x02, 0xaa, 0x00}; // AES
+ // auth 1 - answer command
+ // 0x03 = status byte för komplexa typer?
+ // 0xaf = additional frame
+ // LEN = 1+1+32+2 = 36
+ //uint8_t answerAuthCmd[34] = {0x03, 0xaf};
+
+ // Lägg till CRC
+ //AppendCrc14443a(versionCmd1,sizeof(versionCmd1));
+*/
+
+ // Sending commands
+ /*ReaderTransmit(versionCmd1,sizeof(versionCmd1)+2, NULL);
+ len = ReaderReceive(buffer);
+ print_result("Get Version 3", buffer, 9);
+ */
+
+ // for( int i = 0; i < 8; i++){
+ // // Auth 1 - Request authentication
+ // ReaderTransmit(initAuthCmdAES,sizeof(initAuthCmdAES)+2, NULL);
+ // //len = ReaderReceive(buffer);
+
+ // // 0xAE = authentication error
+ // if (buffer[1] == 0xae) {
+ // Dbprintf("Cmd Error: %02x", buffer[1]);
+ // OnError();
+ // return;
+ // }
+
+ // // tags enc nonce
+ // memcpy(encRndB, buffer+2, 16);
+
+ // // dekryptera svaret från tag.
+ // AesDecrypt(&ctx, encRndB, decRndB, 16);
+
+ // rol8(decRndB,16);
+ // memcpy(RndARndB, RndA,16);
+ // memcpy(RndARndB+16, decRndB ,16 );
+
+ // AesEncrypt(&ctx, RndARndB, encRndARndB, 32 );
+
+ // memcpy(answerAuthCmd+2, encRndARndB, 32);
+ // AppendCrc14443a(answerAuthCmd,sizeof(answerAuthCmd));
+
+ // ReaderTransmit(answerAuthCmd,sizeof(answerAuthCmd)+2, NULL);
+
+ // len = ReaderReceive(buffer);
+
+ // print_result("Auth1a ", buffer, 8);
+ // Dbprintf("Rx len: %02x", len);
+
+ // if (buffer[1] == 0xCA) {
+ // Dbprintf("Cmd Error: %02x Len: %d", buffer[1],len);
+ // cmd_send(CMD_ACK,0,0,0,0,0);
+ // key[1] = i;
+ // AesCtxIni(&ctx, iv, key, KEY128, CBC);
+ // }
+ // }
+
+ //des_dec(decRndB, encRndB, key);
+
+ //Do crypto magic
+ /*
+ DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
+ memcpy(RndARndB,RndA,8);
+ memcpy(RndARndB+8,RndB,8);
+ PrintAndLog(" RA+B:%s",sprint_hex(RndARndB, 16));
+ DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
+ PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
+ */
+
+
+int mifare_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
+
+ uint8_t* buffer = mifare_get_bigbufptr();
+ uint8_t dcmd[19];
+
+ dcmd[0] = 0xAF;
+ memcpy(dcmd+1,key,16);
+ AppendCrc14443a(dcmd, 17);
+
+
+ ReaderTransmit(dcmd, sizeof(dcmd), NULL);
+ int len = ReaderReceive(buffer);
+ if(!len) {
+ if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
+ len = ReaderReceive(buffer);
+ }
+
+ if(len==1) {
+ if (MF_DBGLEVEL >= 1) {
+ Dbprintf("NAK - Authentication failed.");
+ Dbprintf("Cmd Error: %02x", buffer[0]);
+ }
+ return 1;
+ }
+
+ if (len == 11){
+ if (MF_DBGLEVEL >= 1) {
+ Dbprintf("Auth2 Resp: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
+ buffer[0],buffer[1],buffer[2],buffer[3],buffer[4],
+ buffer[5],buffer[6],buffer[7],buffer[8],buffer[9],
+ buffer[10]);
+ }
+ return 0;
+ }
+ return 1;
+}
+
+void MifareDES_Auth2(uint32_t arg0, uint8_t *datain){
+
+ return;
+ uint32_t cuid = arg0;
+ uint8_t key[16];
+
+ byte_t isOK = 0;
+ byte_t dataoutbuf[16];
+
+ memset(key, 0, 16);
+ memcpy(key, datain, 16);
+
+ LED_A_ON();
+ LED_B_OFF();
+ LED_C_OFF();
+
+ if(mifare_des_auth2(cuid, key, dataoutbuf)){
+ if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail...");
+ }
+ isOK=1;
+ if (MF_DBGLEVEL >= 2) DbpString("AUTH 2 FINISHED");
+
+ LED_B_ON();
+ cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,11);
+ LED_B_OFF();
+
+ // Thats it...
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LEDsoff();
+}
+
+void OnSuccess(){
- cmd_send(CMD_ACK,0,0,0,0,0);
- ReaderTransmit(deselect_cmd, 3 , NULL);
- // reset the pcb_blocknum,
+ pcb_blocknum = 0;
++ ReaderTransmit(deselect_cmd, 3 , NULL);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LEDsoff();
+}
+
+void OnError(){
+ pcb_blocknum = 0;
++ ReaderTransmit(deselect_cmd, 3 , NULL);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
++ cmd_send(CMD_ACK,0,0,0,0,0);
+ LEDsoff();
+}
LUAPLATFORM = generic
ifneq (,$(findstring MINGW,$(platform)))
-CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
-QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4
+CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -I$(QTDIR)/include/QtWidgets
+QTLDLIBS = -L$(QTDIR)/lib -lQt5Core -lQt5Gui -lQt5Widgets
MOC = $(QTDIR)/bin/moc
LUAPLATFORM = mingw
+ else ifeq ($(platform),Darwin)
+ CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4
+ QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
+ MOC = $(shell pkg-config --variable=moc_location QtCore)
+ LUAPLATFORM = macosx
else
CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4
QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
cmdhflegic.c \
cmdhficlass.c \
cmdhfmf.c \
+ cmdhfmfu.c \
+ cmdhfmfdes.c \
+ cmdhfdes.c \
cmdhw.c \
cmdlf.c \
- cmdlfhid.c \
cmdlfio.c \
+ cmdlfhid.c \
cmdlfem4x.c \
cmdlfhitag.c \
cmdlfti.c \
if (strlen(Cmd)<1) {
PrintAndLog("Usage: hf iclass replay <MAC>");
PrintAndLog(" sample: hf iclass replay 00112233");
- return 0;
+ return 0;
- }
+ }
if (param_gethex(Cmd, 0, MAC, 8)) {
PrintAndLog("MAC must include 8 HEX symbols");
static command_t CommandTable[] =
{
- {"help", CmdHelp, 1, "This help"},
- {"list", CmdHFiClassList, 0, "List iClass history"},
- {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"},
- {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"},
+ {"help", CmdHelp, 1, "This help"},
+ {"list", CmdHFiClassList, 0, "List iClass history"},
+ {"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"},
+ {"sim", CmdHFiClassSim, 0, "Simulate iClass tag"},
- {"reader", CmdHFiClassReader, 0, "Read an iClass tag"},
+ {"reader",CmdHFiClassReader, 0, "Read an iClass tag"},
+ {"replay",CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"},
+ {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"},
+ {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"},
+ {"replay", CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"},
+ {"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"},
+ {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"},
{NULL, NULL, 0, NULL}
};
--- /dev/null
- UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
+//-----------------------------------------------------------------------------
+// Copyright (C) 2014 Iceman
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// High frequency MIFARE Desfire commands
+//-----------------------------------------------------------------------------
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <openssl/des.h>
+#include "cmdmain.h"
+#include "proxmark3.h"
+#include "../include/common.h"
+#include "../include/mifare.h"
+#include "../common/iso14443crc.h"
+#include "data.h"
+#include "ui.h"
+#include "cmdparser.h"
+#include "util.h"
+#include "cmdhfmfdes.h"
+
+
+uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
+uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
+
+
+static int CmdHelp(const char *Cmd);
+static void xor(unsigned char * dst, unsigned char * src, size_t len);
+static int32_t le24toh (uint8_t data[3]);
+
+
+int CmdHF14ADesWb(const char *Cmd)
+{
+/* uint8_t blockNo = 0;
+ uint8_t keyType = 0;
+ uint8_t key[6] = {0, 0, 0, 0, 0, 0};
+ uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+ char cmdp = 0x00;
+
+ if (strlen(Cmd)<3) {
+ PrintAndLog("Usage: hf mf wrbl <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");
+ PrintAndLog(" sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");
+ return 0;
+ }
+
+ blockNo = param_get8(Cmd, 0);
+ cmdp = param_getchar(Cmd, 1);
+ if (cmdp == 0x00) {
+ PrintAndLog("Key type must be A or B");
+ return 1;
+ }
+ if (cmdp != 'A' && cmdp != 'a') keyType = 1;
+ if (param_gethex(Cmd, 2, key, 12)) {
+ PrintAndLog("Key must include 12 HEX symbols");
+ return 1;
+ }
+ if (param_gethex(Cmd, 3, bldata, 32)) {
+ PrintAndLog("Block data must include 32 HEX symbols");
+ return 1;
+ }
+ PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6));
+ PrintAndLog("--data: %s", sprint_hex(bldata, 16));
+
+ UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
+ memcpy(c.d.asBytes, key, 6);
+ memcpy(c.d.asBytes + 10, bldata, 16);
+ SendCommand(&c);
+
+ UsbCommand resp;
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ uint8_t isOK = resp.arg[0] & 0xff;
+ PrintAndLog("isOk:%02x", isOK);
+ } else {
+ PrintAndLog("Command execute timeout");
+ }
+ */
+ return 0;
+}
+
+int CmdHF14ADesRb(const char *Cmd)
+{
+ // uint8_t blockNo = 0;
+ // uint8_t keyType = 0;
+ // uint8_t key[6] = {0, 0, 0, 0, 0, 0};
+
+ // char cmdp = 0x00;
+
+
+ // if (strlen(Cmd)<3) {
+ // PrintAndLog("Usage: hf mf rdbl <block number> <key A/B> <key (12 hex symbols)>");
+ // PrintAndLog(" sample: hf mf rdbl 0 A FFFFFFFFFFFF ");
+ // return 0;
+ // }
+
+ // blockNo = param_get8(Cmd, 0);
+ // cmdp = param_getchar(Cmd, 1);
+ // if (cmdp == 0x00) {
+ // PrintAndLog("Key type must be A or B");
+ // return 1;
+ // }
+ // if (cmdp != 'A' && cmdp != 'a') keyType = 1;
+ // if (param_gethex(Cmd, 2, key, 12)) {
+ // PrintAndLog("Key must include 12 HEX symbols");
+ // return 1;
+ // }
+ // PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6));
+
+ // UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
+ // memcpy(c.d.asBytes, key, 6);
+ // SendCommand(&c);
+
+ // UsbCommand resp;
+ // if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ // uint8_t isOK = resp.arg[0] & 0xff;
+ // uint8_t * data = resp.d.asBytes;
+
+ // if (isOK)
+ // PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));
+ // else
+ // PrintAndLog("isOk:%02x", isOK);
+ // } else {
+ // PrintAndLog("Command execute timeout");
+ // }
+
+ return 0;
+}
+
+int CmdHF14ADesInfo(const char *Cmd){
+
+ UsbCommand c = {CMD_MIFARE_DESFIRE_INFO};
+ SendCommand(&c);
+ UsbCommand resp;
+
+ if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+ PrintAndLog("Command execute timeout");
+ return 0;
+ }
+ uint8_t isOK = resp.arg[0] & 0xff;
+ if ( !isOK ){
+ PrintAndLog("Command unsuccessful");
+ return 0;
+ }
+
+ PrintAndLog("---Desfire Information---------------------------------------");
+ PrintAndLog("-------------------------------------------------------------");
+ PrintAndLog(" UID : %s",sprint_hex(resp.d.asBytes, 7));
+ PrintAndLog(" Batch number : %s",sprint_hex(resp.d.asBytes+28,5));
+ PrintAndLog(" Production date : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]);
+ PrintAndLog("-------------------------------------------------------------");
+ PrintAndLog(" Hardware Information");
+ PrintAndLog(" Vendor Id : %s", GetVendorStr(resp.d.asBytes[7]));
+ PrintAndLog(" Type : 0x%02X",resp.d.asBytes[8]);
+ PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[9]);
+ PrintAndLog(" Version : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]);
+ PrintAndLog(" Storage size : %s",GetCardSizeStr(resp.d.asBytes[12]));
+ PrintAndLog(" Protocol : %s",GetProtocolStr(resp.d.asBytes[13]));
+ PrintAndLog("-------------------------------------------------------------");
+ PrintAndLog(" Software Information");
+ PrintAndLog(" Vendor Id : %s",GetVendorStr(resp.d.asBytes[14]));
+ PrintAndLog(" Type : 0x%02X",resp.d.asBytes[15]);
+ PrintAndLog(" Subtype : 0x%02X",resp.d.asBytes[16]);
+ PrintAndLog(" Version : %d.%d",resp.d.asBytes[17], resp.d.asBytes[18]);
+ PrintAndLog(" storage size : %s", GetCardSizeStr(resp.d.asBytes[19]));
+ PrintAndLog(" Protocol : %s", GetProtocolStr(resp.d.asBytes[20]));
+ PrintAndLog("-------------------------------------------------------------");
+
+
- PrintAndLog(" 0x08 Configuration changeable;");
++ UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }};
+ c1.d.asBytes[0] = GET_KEY_SETTINGS;
+ SendCommand(&c1);
+ if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+ return 0;
+ }
+
+ PrintAndLog(" Master Key settings");
+ if ( resp.d.asBytes[3] & (1 << 3 ) )
- PrintAndLog(" 0x08 Configuration NOT changeable;");
++ PrintAndLog(" 0x08 Configuration changeable");
+ else
- PrintAndLog(" 0x04 PICC Master Key not required for create / delete;");
++ PrintAndLog(" 0x08 Configuration NOT changeable");
+
+ if ( resp.d.asBytes[3] & (1 << 2 ) )
- PrintAndLog(" 0x04 PICC Master Key required for create / delete;");
++ PrintAndLog(" 0x04 PICC Master Key not required for create / delete");
+ else
- PrintAndLog(" 0x02 Free directory list access without PICC Master Key;");
++ PrintAndLog(" 0x04 PICC Master Key required for create / delete");
+
+ if ( resp.d.asBytes[3] & (1 << 1 ) )
- PrintAndLog(" 0x02 Directory list access with PICC Master Key;");
++ PrintAndLog(" 0x02 Free directory list access without PICC Master Key");
+ else
- PrintAndLog(" 0x01 Allow changing the Master Key;");
++ PrintAndLog(" 0x02 Directory list access with PICC Master Key");
+
+ if ( resp.d.asBytes[3] & (1 << 0 ) )
- PrintAndLog(" 0x01 Master Key is not changeable anymore;");
++ PrintAndLog(" 0x01 Allow changing the Master Key");
+ else
- UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x01, 0x02 }};
++ PrintAndLog(" 0x01 Master Key is not changeable anymore");
+
+ // init len
- PrintAndLog(" Max number of keys : %d", resp.d.asBytes[2]);
++ UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x03, 0x02 }};
+ c2.d.asBytes[0] = GET_KEY_VERSION;
+ c2.d.asBytes[1] = 0x00;
+ SendCommand(&c2);
+ if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+ return 0;
+ }
+
+ PrintAndLog("");
- UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
++ PrintAndLog(" Max number of keys : %d", resp.d.asBytes[4]);
+ PrintAndLog(" Master key Version : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
+ PrintAndLog("-------------------------------------------------------------");
+
+
- Card Master key (CMK) 0x00 on AID = 00 00 00 (card level) 0x1
- Application Master Key (AMK) 0x00 on AID != 00 00 00
- Application keys (APK) = 0x01-0x0D
- Application free = 0x0E
- Application never = 0x0F
++ UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }};
+ c3.d.asBytes[0] = GET_FREE_MEMORY;
+ SendCommand(&c3);
+ if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
+ return 0;
+ }
+
+ uint8_t tmp[3];
+ memcpy(tmp, resp.d.asBytes+3,3);
+
+ PrintAndLog(" Free memory on card : %d bytes", le24toh( tmp ));
+ PrintAndLog("-------------------------------------------------------------");
+
+ /*
- UsbCommand c = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
- c.d.asBytes[0] = GET_APPLICATION_IDS;
++ Card Master key (CMK) 0x00 AID = 00 00 00 (card level)
++ Application Master Key (AMK) 0x00 AID != 00 00 00
++ Application keys (APK) 0x01-0x0D
++ Application free 0x0E
++ Application never 0x0F
+
+ ACCESS RIGHTS:
+ keys 0,1,2,3 C
+ keys 4,5,6,7 RW
+ keys 8,9,10,11 W
+ keys 12,13,14,15 R
+
+ Session key:
+ 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7)
+ 8 : RndA(byte0-byte3) + RndB(byte0-byte3)
+
+ AES 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte12-byte15) + RndB(byte12-byte15)
+ */
+
+ return 1;
+}
+
+char * GetVendorStr( uint8_t id){
+ static char buf[30];
+ char *retStr = buf;
+
+ if ( id == 0x04 )
+ sprintf(retStr, "0x%02X (NXP)",id);
+ else
+ sprintf(retStr,"0x%02X (Unknown)",id);
+ return buf;
+}
+
+/*
+ The 7 MSBits (= n) code the storage size itself based on 2^n,
+ the LSBit is set to '0' if the size is exactly 2^n
+ and set to '1' if the storage size is between 2^n and 2^(n+1).
+ For this version of DESFire the 7 MSBits are set to 0x0C (2^12 = 4096) and the LSBit is '0'.
+*/
+char * GetCardSizeStr( uint8_t fsize ){
+
+ static char buf[30];
+ char *retStr = buf;
+
+ uint16_t usize = 1 << ((fsize >>1) + 1);
+ uint16_t lsize = 1 << (fsize >>1);
+
+ // is LSB set?
+ if ( fsize & (1 << 0 ) )
+ sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
+ else
+ sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);
+ return buf;
+}
+
+char * GetProtocolStr(uint8_t id){
+
+ static char buf[30];
+ char *retStr = buf;
+
+ if ( id == 0x05)
+ sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
+ else
+ sprintf(retStr,"0x%02X", id);
+ return buf;
+}
+
+int CmdHF14ADesEnumApplications(const char *Cmd){
+
- //UsbCommand respFiles;
++ uint32_t options = 0x00;
++
++ options |= INIT;
++ options |= DISCONNECT;
++
++ UsbCommand c = {CMD_MIFARE_DESFIRE, {options , 0x01 }};
++ c.d.asBytes[0] = GET_APPLICATION_IDS; //0x6a
+ SendCommand(&c);
+ UsbCommand resp;
+
+ if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+ return 0;
+ }
+
+ uint8_t isOK = resp.arg[0] & 0xff;
+ if ( !isOK ){
+ PrintAndLog("Command unsuccessful");
+ return 0;
+ }
+
+ PrintAndLog("---Desfire Enum Applications --------------------------------");
+ PrintAndLog("-------------------------------------------------------------");
+
- PrintAndLog(" Aid %d : %s ",num ,sprint_hex(resp.d.asBytes+i,3));
++ UsbCommand respAid;
++ UsbCommand respFiles;
+
+ uint8_t num = 0;
+ int max = resp.arg[1] -3 -2;
+
+ for(int i=3; i<=max; i+=3){
- // UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { 0x01, 0x04 }};
- // cFiles.d.asBytes[0] = GET_FILE_IDS;
- // cFiles.d.asBytes[1] = resp.d.asBytes+i;
- // cFiles.d.asBytes[2] = resp.d.asBytes+i+1;
- // cFiles.d.asBytes[3] = resp.d.asBytes+i+2;
- // SendCommand(&cFiles);
++ PrintAndLog(" Aid %d : %02X %02X %02X ",num ,resp.d.asBytes[i],resp.d.asBytes[i+1],resp.d.asBytes[i+2]);
+ num++;
+
- // if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
- // PrintAndLog(" No files found");
- // break;
- // }
++ options = INIT;
++
++ UsbCommand cAid = {CMD_MIFARE_DESFIRE, { options, 0x04 }};
++ cAid.d.asBytes[0] = SELECT_APPLICATION; // 0x5a
++ cAid.d.asBytes[1] = resp.d.asBytes[i];
++ cAid.d.asBytes[2] = resp.d.asBytes[i+1];
++ cAid.d.asBytes[3] = resp.d.asBytes[i+2];
++ SendCommand(&cAid);
++
++ if (!WaitForResponseTimeout(CMD_ACK,&respAid,1500) ) {
++ PrintAndLog(" Timed-out");
++ continue;
++ }
++ uint8_t isOK = respAid.arg[0] & 0xff;
++ if ( !isOK ){
++ PrintAndLog(" Can't select AID: %s",sprint_hex(resp.d.asBytes+i,3));
++ continue;
++ }
++
++ options = DISCONNECT;
++ UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { options, 0x01 }};
++ cFiles.d.asBytes[0] = GET_FILE_IDS; // 0x6f
++ SendCommand(&cFiles);
++
++ if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
++ PrintAndLog(" Timed-out");
++ continue;
++ } else {
++
++ uint8_t isOK = respFiles.arg[0] & 0xff;
++ if ( !isOK ){
++ PrintAndLog(" No files found");
++ continue;
++ }
+
++ int respfileLen = resp.arg[1]-3-2;
++ for (int j=0; j< respfileLen; ++j){
++ PrintAndLog(" Fileid %d :", resp.d.asBytes[j+3]);
++ }
++ }
+
+ }
+ PrintAndLog("-------------------------------------------------------------");
+
+
+ return 1;
+}
+
+int CmdHF14ADesNonces(const char *Cmd){
+ return 1;
+}
+
+//
+// MIAFRE DesFire Authentication
+//
+#define BUFSIZE 64
+int CmdHF14ADesAuth(const char *Cmd){
+
+ // NR DESC KEYLENGHT
+ // ------------------------
+ // 1 = DES 8
+ // 2 = 3DES 16
+ // 3 = 3K 3DES 24
+ // 4 = AES 16
+
+ // AUTHENTICTION MODES:
+ // 1 Normal
+ // 2 ISO
+ // 3 AES
+
+ uint8_t keylength = 8;
+ //unsigned char testinput[] = { 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00};
+ unsigned char key[24]; // = { 0x75,0x28,0x78,0x39,0x74,0x93,0xCB,0x70};
+
+ if (strlen(Cmd)<3) {
+ PrintAndLog("Usage: hf mfdes auth <1|2|3> <1|2|3|4> <keyno> <key> ");
+ PrintAndLog(" AUTH modes 1 = normal, 2 = iso, 3 = aes");
+ PrintAndLog(" Crypto: 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
+ PrintAndLog(" keynumber");
+ PrintAndLog(" sample: hf mfdes auth 1 1 0 11223344");
+ return 0;
+ }
+ uint8_t cmdAuthMode = param_get8(Cmd,0);
+ uint8_t cmdAuthAlgo = param_get8(Cmd,1);
+ uint8_t cmdKeyNo = param_get8(Cmd,2);
+
+ switch (cmdAuthMode)
+ {
+ case 1:
+ if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2) {
+ PrintAndLog("Crypto algo not valid for the auth mode");
+ return 1;
+ }
+ break;
+ case 2:
+ if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2 && cmdAuthAlgo != 3) {
+ PrintAndLog("Crypto algo not valid for the auth mode");
+ return 1;
+ }
+ break;
+ case 3:
+ if ( cmdAuthAlgo != 4) {
+ PrintAndLog("Crypto algo not valid for the auth mode");
+ return 1;
+ }
+ break;
+ default:
+ PrintAndLog("Wrong Auth mode");
+ return 1;
+ break;
+ }
+
+ switch (cmdAuthAlgo){
+ case 2:
+ keylength = 16;
+ PrintAndLog("3DES selected");
+ break;
+ case 3:
+ keylength = 24;
+ PrintAndLog("3 key 3DES selected");
+ break;
+ case 4:
+ keylength = 16;
+ PrintAndLog("AES selected");
+ break;
+ default:
+ cmdAuthAlgo = 1;
+ keylength = 8;
+ PrintAndLog("DES selected");
+ break;
+ }
+
+ // key
+ if (param_gethex(Cmd, 3, key, keylength*2)) {
+ PrintAndLog("Key must include %d HEX symbols", keylength);
+ return 1;
+ }
+ // algo, nyckellängd,
+ UsbCommand c = {CMD_MIFARE_DESFIRE_AUTH1, { cmdAuthMode, cmdAuthAlgo, cmdKeyNo }};
+
+ c.d.asBytes[0] = keylength;
+ memcpy(c.d.asBytes+1, key, keylength);
+ //memcpy(c.d.asBytes + 30, testinput, keylength);
+
+ SendCommand(&c);
+ UsbCommand resp;
+
+ if (WaitForResponseTimeout(CMD_ACK,&resp,3000)) {
+ uint8_t isOK = resp.arg[0] & 0xff;
+ PrintAndLog("isOk:%02x", isOK);
+
+ } else {
+ PrintAndLog("Command execute timeout");
+ return 0;
+ }
+
+ uint8_t * data= resp.d.asBytes;
+
+ // PrintAndLog("-------------------------------------------------------------");
+ PrintAndLog(" Key :%s",sprint_hex(key, keylength));
+ // PrintAndLog(" Plain :%s",sprint_hex(testinput, keylength));
+ PrintAndLog(" Encoded :%s",sprint_hex(data, keylength));
+ PrintAndLog("-------------------------------------------------------------");
+ //PrintAndLog(" Expected :B5 21 9E E8 1A A7 49 9D 21 96 68 7E 13 97 38 56");
+
+ return 1;
+}
+
+
+static void xor(unsigned char * dst, unsigned char * src, size_t len) {
+ for( ; len > 0; len--,dst++,src++)
+ *dst ^= *src;
+}
+
+static int32_t le24toh (uint8_t data[3]) {
+ return (data[2] << 16) | (data[1] << 8) | data[0];
+}
+
+static command_t CommandTable[] =
+{
+ {"help", CmdHelp, 1, "This help"},
+ {"auth", CmdHF14ADesAuth, 0, "Tries a MIFARE DesFire Authentication"},
+ {"rb", CmdHF14ADesRb, 0, "Read MIFARE DesFire block"},
+ {"wb", CmdHF14ADesWb, 0, "write MIFARE DesFire block"},
+ {"info", CmdHF14ADesInfo, 0, "Get MIFARE DesFire information"},
+ {"enum", CmdHF14ADesEnumApplications,0, "Tries enumerate all applications"},
+ {"nonce", CmdHF14ADesNonces, 0, "<n> Collect n>0 nonces"},
+ {NULL, NULL, 0, NULL}
+};
+
+int CmdHFMFDes(const char *Cmd)
+{
+ // flush
+ WaitForResponseTimeout(CMD_ACK,NULL,100);
+ CmdsParse(CommandTable, Cmd);
+ return 0;
+}
+
+int CmdHelp(const char *Cmd)
+{
+ CmdsHelp(CommandTable);
+ return 0;
+}
+
+
--- /dev/null
+//-----------------------------------------------------------------------------
+// Copyright (C) 2014 Iceman
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// High frequency MIFARE Desfire commands
+//-----------------------------------------------------------------------------
+
+int CmdHFMFDes(const char *Cmd);
+int CmdHF14ADesAuth(const char* cmd);
+int CmdHF14ADesRb(const char* cmd);
+int CmdHF14ADesWb(const char* cmd);
+int CmdHF14ADesInfo(const char *Cmd);
+int CmdHF14ADesEnumApplications(const char *Cmd);
+int CmdHF14ADesNonces(const char *Cmd);
+char * GetCardSizeStr( uint8_t fsize );
+char * GetVendorStr( uint8_t id);
+char * GetProtocolStr(uint8_t id);
+
++// Command options for Desfire behavior.
++enum {
++ NONE = 0x00,
++ INIT = 0x01,
++ DISCONNECT = 0x02,
++ FOO = 0x04,
++ BAR = 0x08,
++} CmdOptions ;
+
+
+#define CREATE_APPLICATION 0xca
+#define DELETE_APPLICATION 0xda
+#define GET_APPLICATION_IDS 0x6a
+#define SELECT_APPLICATION 0x5a
+#define FORMAT_PICC 0xfc
+#define GET_VERSION 0x60
+#define READ_DATA 0xbd
+#define WRITE_DATA 0x3d
+#define GET_VALUE 0x6c
+#define CREDIT 0x0c
+#define DEBIT 0xdc
+#define LIMITED_CREDIT 0x1c
+#define WRITE_RECORD 0x3b
+#define READ_RECORDS 0xbb
+#define CLEAR_RECORD_FILE 0xeb
+#define COMMIT_TRANSACTION 0xc7
+#define ABORT_TRANSACTION 0xa7
+#define GET_FREE_MEMORY 0x6e
+#define GET_FILE_IDS 0x6f
+#define GET_FILE_SETTINGS 0xf5
+#define CHANGE_FILE_SETTINGS 0x5f
+#define CREATE_STD_DATA_FILE 0xcd
+#define CREATE_BACKUP_DATA_FILE 0xcb
+#define CREATE_VALUE_FILE 0xcc
+#define CREATE_LINEAR_RECORD_FILE 0xc1
+#define CREATE_CYCLIC_RECORD_FILE 0xc0
+#define DELETE_FILE 0xdf
+#define AUTHENTICATE 0x0a // AUTHENTICATE_NATIVE
+#define AUTHENTICATE_ISO 0x1a // AUTHENTICATE_STANDARD
+#define AUTHENTICATE_AES 0xaa
+#define CHANGE_KEY_SETTINGS 0x54
+#define GET_KEY_SETTINGS 0x45
+#define CHANGE_KEY 0xc4
+#define GET_KEY_VERSION 0x64
+#define AUTHENTICATION_FRAME 0xAF
+
+
+#define MAX_APPLICATION_COUNT 28
+#define MAX_FILE_COUNT 16
+#define MAX_FRAME_SIZE 60
+#define NOT_YET_AUTHENTICATED 255
+#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5)