]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
Merge branch 'master' of https://github.com/Proxmark/proxmark3
authoriceman1001 <iceman@iuse.se>
Fri, 19 Sep 2014 08:50:34 +0000 (10:50 +0200)
committericeman1001 <iceman@iuse.se>
Fri, 19 Sep 2014 08:50:34 +0000 (10:50 +0200)
Conflicts:
armsrc/appmain.c
armsrc/apps.h
armsrc/iclass.c
client/Makefile
client/cmdhficlass.c
client/loclass/cipher.c
client/loclass/fileutils.c
client/loclass/ikeys.h
include/usb_cmd.h

1  2 
armsrc/apps.h
armsrc/iclass.c
armsrc/mifaredesfire.c
client/Makefile
client/cmdhficlass.c
client/cmdhfmfdes.c
client/cmdhfmfdes.h

diff --cc armsrc/apps.h
Simple merge
diff --cc armsrc/iclass.c
index f71607d2bedee62fbcefc33fc9ccf5fc2fee84ec,0ff24bfdd08f8eb0eb45f90e045b4b9db87a22fb..6ceb436b81d1e56fa1f397894204685660d1fd3e
  // Needed for CRC in emulation mode;
  // same construction as in ISO 14443;
  // different initial value (CRC_ICLASS)
 -#include "iso14443crc.h"
 +#include "../common/iso14443crc.h"
 +#include "../common/iso15693tools.h"
+ #include "iso15693tools.h"
  
 +
  static int timeout = 4096;
  
  
index 6660ef75cdf0194da0bea76abcb55cf285604457,0000000000000000000000000000000000000000..60f5ec0391723e92e140aed9dfdea57a3b8bf338
mode 100644,000000..100644
--- /dev/null
@@@ -1,574 -1,0 +1,585 @@@
-               0x02 =
 +#include "mifaredesfire.h"
 +
 +#define MAX_APPLICATION_COUNT 28
 +#define MAX_FILE_COUNT 16
 +#define MAX_FRAME_SIZE 60
 +#define NOT_YET_AUTHENTICATED 255
 +#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5)
 +
 +// the block number for the ISO14443-4 PCB
 +uint8_t pcb_blocknum = 0;
 +// Deselect card by sending a s-block. the crc is precalced for speed
 +static  uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
 +
 +//static uint8_t __msg[MAX_FRAME_SIZE] = { 0x0A, 0x00, 0x00, /* ..., */ 0x00 };
 +/*                                       PCB   CID   CMD    PAYLOAD    */
 +//static uint8_t __res[MAX_FRAME_SIZE];
 +
 +bool InitDesfireCard(){
 +
 +      // Make sure it is off.
 +//    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 +//    SpinDelay(300);
 +      
 +      byte_t cardbuf[USB_CMD_DATA_SIZE];
 +      memset(cardbuf,0,sizeof(cardbuf));
 +      
 +      iso14a_set_tracing(TRUE);
 +      iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 +      
 +      iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
 +      int len = iso14443a_select_card(NULL,card,NULL);
 +
 +      if (!len) {
 +              if (MF_DBGLEVEL >= 1) {
 +                      Dbprintf("Can't select card");
 +              }
 +              OnError();
 +              return false;
 +      }
 +      return true;
 +}
 +
++// ARG0 flag enums
++enum  {
++ NONE         =       0x00,
++ INIT                 =       0x01,
++ DISCONNECT = 0x02,
++ FOO          =       0x04,
++ BAR          =       0x08,
++} CmdOptions ;
++
 +void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
 +      
 +      /* ARG0 contains flags.
 +              0x01 = init card.
-               Dbprintf(" flags: %02X", flags);
-               Dbprintf(" len  : %02X", datalen);
-               print_result("to send: ", datain, datalen);
++              0x02 = No Disconnect
 +              0x03
 +      */
 +      uint8_t flags = arg0;
 +      size_t datalen = arg1;
 +      uint8_t resp[RECV_RES_SIZE];
 +      memset(resp,0,sizeof(resp));
 +      
 +      if (MF_DBGLEVEL >= 4) {
-       if ( flags & 0x01 ){
++              Dbprintf(" flags : %02X", flags);
++              Dbprintf(" len   : %02X", datalen);
++              print_result(" RX    : ", datain, datalen);
 +      }
 +      
-       cmd_send(CMD_ACK,1,len,0,resp,len);
++      if ( flags & INIT ){
 +              if ( !InitDesfireCard() )
 +                      return;
 +      }
 +      
 +      int len = DesfireAPDU(datain, datalen, resp);
++      print_result(" <--: ", resp, len);      
 +      if ( !len ) {
 +              if (MF_DBGLEVEL >= 4) {
 +                      print_result("ERR <--: ", resp, len);   
 +              }
 +              OnError();
 +              return;
 +      }
-       OnSuccess();
 +      
-       // transmit a DESELECT COMMAND for Desfire. 
-       ReaderTransmit(deselect_cmd, 3 , NULL);
-       // reset the pcb_blocknum,
++      // reset the pcb_blocknum,
++      pcb_blocknum = 0;
++      
++      if ( flags & DISCONNECT )
++              OnSuccess();
++      
++      cmd_send(CMD_ACK,1,len,0,resp,len);
 +}
 +
 +void MifareDesfireGetInformation(){
 +              
 +      int len = 0;
 +      uint8_t resp[USB_CMD_DATA_SIZE];
 +      uint8_t dataout[USB_CMD_DATA_SIZE];
 +      byte_t cardbuf[USB_CMD_DATA_SIZE];
 +      
 +      memset(resp,0,sizeof(resp));
 +      memset(dataout,0, sizeof(dataout));
 +      memset(cardbuf,0,sizeof(cardbuf));
 +      
 +      /*
 +              1 = PCB                                 1
 +              2 = cid                                 2
 +              3 = desfire command             3 
 +              4-5 = crc                               4  key
 +                                                              5-6 crc                                                         
 +              PCB == 0x0A because sending CID byte.
 +              CID == 0x00 first card?         
 +      */
 +      iso14a_clear_trace();
 +      iso14a_set_tracing(TRUE);
 +      iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 +
 +      // card select - information
 +      iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
 +      byte_t isOK = iso14443a_select_card(NULL, card, NULL);
 +      if (isOK != 1) {
 +              if (MF_DBGLEVEL >= 1) {
 +                      Dbprintf("Can't select card");
 +              }
 +              OnError();
 +              return;
 +      }
 +
 +      memcpy(dataout,card->uid,7);
 +
 +      LED_A_ON();
 +      LED_B_OFF();
 +      LED_C_OFF();
 +      
 +      uint8_t cmd[] = {GET_VERSION};  
 +      size_t cmd_len = sizeof(cmd);
 +      
 +      len =  DesfireAPDU(cmd, cmd_len, resp);
 +      if ( !len ) {
 +              print_result("ERROR <--: ", resp, len); 
 +              OnError();
 +              return;
 +      }
 +      
 +      LED_A_OFF();
 +      LED_B_ON();
 +      memcpy(dataout+7,resp+3,7);
 +      
 +      // ADDITION_FRAME 1
 +      cmd[0] = ADDITIONAL_FRAME;
 +      len =  DesfireAPDU(cmd, cmd_len, resp);
 +      if ( !len ) {
 +              print_result("ERROR <--: ", resp, len); 
 +              OnError();
 +              return;
 +      }       
 +      
 +      LED_B_OFF();
 +      LED_C_ON();
 +      memcpy(dataout+7+7,resp+3,7);
 +
 +      // ADDITION_FRAME 2
 +      len =  DesfireAPDU(cmd, cmd_len, resp);
 +      if ( !len ) {
 +              print_result("ERROR <--: ", resp, len); 
 +              OnError();
 +              return;
 +      }
 +      
 +      memcpy(dataout+7+7+7,resp+3,14);
 +      
 +      cmd_send(CMD_ACK,1,0,0,dataout,sizeof(dataout));
 +              
 +      // reset the pcb_blocknum,
 +      pcb_blocknum = 0;
 +      OnSuccess();
 +}
 +
 +void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain){
 +
 +      uint8_t null_key_data[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
 +      //uint8_t new_key_data[8]  = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 };
 +      int res = 0;
 +      
 +      desfirekey_t default_key = Desfire_des_key_new_with_version (null_key_data);
 +
 +      // res = Desfire_select_application (tags[i], aid);
 +      if (res < 0) {
 +              print_result("default key: ", default_key->data, 24 );
 +              return;
 +      }
 +                              
 +      return;
 +      //                pcb  cid  cmd               key   crc1  cr2           
 +      //uint8_t cmd2[] = {0x02,0x00,GET_KEY_VERSION, 0x00, 0x00, 0x00 };
 +
 +      //uint8_t* bigbuffer = mifare_get_bigbufptr();
 +      byte_t isOK = 1;
 +      uint8_t resp[256];
 +      uint8_t key[24];
 +      uint8_t IV[16];
 +      
 +      // första byten håller keylength.
 +      uint8_t keylen = datain[0];
 +      memcpy(key, datain+1, keylen);
 +      
 +      if (MF_DBGLEVEL >= 1) {
 +              
 +              Dbprintf("MODE: %d", mode);
 +              Dbprintf("ALGO: %d", algo);
 +              Dbprintf("KEYNO: %d", keyno);
 +              Dbprintf("KEYLEN: %d", keylen);
 +              
 +              print_result("KEY", key, keylen);
 +      }
 +      
 +      // card select - information
 +      byte_t buf[USB_CMD_DATA_SIZE];
 +      iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
 +      
 +      // test of DES on ARM side.
 +      /* 
 +      if ( mode == 1){
 +              uint8_t IV[8];
 +              uint8_t plain[16];
 +              uint8_t encData[16];
 +
 +              uint8_t tmpData[8];
 +              uint8_t tmpPlain[8];
 +              
 +              memset(IV, 0, 8);
 +              memset(tmpData, 0 ,8);
 +              memset(tmpPlain,0 ,8);
 +              memcpy(key, datain, 8);
 +              memcpy(plain, datain+30, 16);
 +              
 +              for(uint8_t i=0; i< sizeof(plain); i=i+8 ){
 +              
 +                      memcpy(tmpPlain, plain+i, 8);
 +                      des_enc( &tmpData, &tmpPlain, &key);
 +                      memcpy(encData+i, tmpData, 8);
 +              }
 +      }
 +*/
 +
 +      iso14a_clear_trace();
 +
 +      iso14a_set_tracing(TRUE);
 +
 +      // power up the field
 +      iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 +
 +      // select the card
 +      isOK = iso14443a_select_card(resp, card, NULL);
 +      if (isOK != 1) {
 +              if (MF_DBGLEVEL >= 1) {
 +                      Dbprintf("CAN'T SELECT CARD, SOMETHING WENT WRONG BEFORE AUTH");
 +              }
 +              OnError();
 +              return;
 +      }
 +
 +      LED_A_ON();
 +      LED_B_OFF();
 +      LED_C_OFF();
 +      
 +      // 3 olika sätt att authenticera.   AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
 +      // 4 olika crypto algo   DES, 3DES, 3K3DES, AES
 +      // 3 olika kommunikations sätt,   PLAIN,MAC,CRYPTO
 +      
 +      // des, nyckel 0, 
 +      switch (mode){
 +              case 1:
 +                      // if ( SendDesfireCommand(AUTHENTICATE, &keyno, resp) > 0 ){
 +                              // // fick nonce från kortet
 +                      // }
 +                      break;
 +              case 2:
 +                      //SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp);
 +                      break;
 +              case 3:{
 +                      AesCtx ctx;
 +                      if ( AesCtxIni(&ctx, IV, key, KEY128, CBC) < 0 ){
 +                              if (MF_DBGLEVEL >= 1) {
 +                                      Dbprintf("AES context failed to init");
 +                              }
 +                              OnError();
 +                              return;
 +                      }
 +                      uint8_t real_cmd[6];
 +                      real_cmd[0] = 0x90;
 +                      real_cmd[1] = 0x02;
 +                      real_cmd[2] = AUTHENTICATE_AES;
 +                      real_cmd[3] = keyno;
 +                      
 +                      AppendCrc14443a(real_cmd, 4);
 +                      ReaderTransmit(real_cmd, sizeof(real_cmd), NULL);
 +      
 +                      int len = ReaderReceive(resp);
 +                      if(!len) {
 +                              OnError();
 +                              return;
 +                      }
 +
 +                      print_result("RX:", resp, len);
 +   
 +                      enum DESFIRE_STATUS status = resp[1];
 +                      if ( status != ADDITIONAL_FRAME) {
 +                              OnError();
 +                              return;
 +                      }
 +                      
 +                      // tags enc nonce
 +                      uint8_t encRndB[16];
 +                      uint8_t decRndB[16];
 +                      uint8_t nonce[16];
 +                      uint8_t both[32];
 +                      uint8_t encBoth[32];
 +
 +                      memset(nonce, 0, 16);
 +                      memcpy( encRndB, resp+2, 16);
 +
 +                      // dekryptera tagnonce.
 +                      AesDecrypt(&ctx, encRndB, decRndB, 16);
 +                      
 +                      rol(decRndB,16);
 +                      
 +                      memcpy(both, nonce,16);
 +                      memcpy(both+16, decRndB ,16 );
 +
 +                      AesEncrypt(&ctx, both, encBoth, 32 );
 +
 +                      uint8_t real_cmd_A[36];
 +                      real_cmd_A[0] = 0x03;
 +                      real_cmd_A[1] = ADDITIONAL_FRAME;
 +                      
 +                      memcpy(real_cmd_A+2, encBoth, sizeof(encBoth) );
 +                      AppendCrc14443a(real_cmd_A, 34);
 +                      ReaderTransmit(real_cmd_A, sizeof(real_cmd_A), NULL);
 +              
 +                      len = ReaderReceive(resp);
 +
 +                      print_result("Auth1a ", resp, 36);
 +                      
 +                      status = resp[1];
 +                      if ( status != OPERATION_OK)    {
 +                              Dbprintf("Cmd Error: %02x  Len: %d", status,len);
 +                              OnError();
 +                              return;
 +                      }
 +                              
 +                              break;
 +                      }
 +                      
 +      }
 +      
 +      OnSuccess(resp);
 +}
 +
 +// 3 olika ISO sätt att skicka data till DESFIRE (direkt, inkapslat, inkapslat ISO)
 +// cmd  =  cmd bytes to send
 +// cmd_len = length of cmd
 +// dataout = pointer to response data array
 +int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
 +
 +      uint32_t status = 0;
 +      size_t wrappedLen = 0;
 +      uint8_t wCmd[USB_CMD_DATA_SIZE];
 +      
 +      wrappedLen = CreateAPDU( cmd, cmd_len, wCmd);
 +      
 +      if (MF_DBGLEVEL >= 4) {
 +              print_result("WCMD <--: ", wCmd, wrappedLen);   
 +      }
 +      ReaderTransmit( wCmd, wrappedLen, NULL);
 +
 +      status = ReaderReceive(dataout);
 +      
 +      if(!status){
 +              return FALSE; //DATA LINK ERROR
 +      }
 +      // if we received an I- or R(ACK)-Block with a block number equal to the
 +      // current block number, toggle the current block number
 +      else if (status >= 4 // PCB+CID+CRC = 4 bytes
 +               && ((dataout[0] & 0xC0) == 0 // I-Block
 +                   || (dataout[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0
 +               && (dataout[0] & 0x01) == pcb_blocknum) // equal block numbers
 +      {
 +              pcb_blocknum ^= 1;  //toggle next block 
 +      }
 +      return status;
 +}     
 +
 +// CreateAPDU
 +size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){
 +      
 +      size_t cmdlen = MIN(len+4, USB_CMD_DATA_SIZE-1);
 +
 +      uint8_t cmd[cmdlen];
 +      memset(cmd, 0, cmdlen);
 +      
 +      cmd[0] = 0x0A;  //  0x0A = skicka cid,  0x02 = ingen cid. Särskilda bitar //
 +      cmd[0] |= pcb_blocknum; // OR the block number into the PCB     
 +      cmd[1] = 0x00;  //  CID: 0x00 //FIXME: allow multiple selected cards
 +      
 +      memcpy(cmd+2, datain, len);
 +      AppendCrc14443a(cmd, len+2);
 +      
 +      memcpy(dataout, cmd, cmdlen);
 +      
 +      return cmdlen;
 +}
 +
 +                      // crc_update(&desfire_crc32, 0, 1); /* CMD_WRITE */
 +                      // crc_update(&desfire_crc32, addr, addr_sz);
 +                      // crc_update(&desfire_crc32, byte, 8);
 +                      // uint32_t crc = crc_finish(&desfire_crc32);
 +                      
 +
 +      /* Version
 +      
 +      //uint8_t versionCmd1[] = {0x02, 0x60};
 +      //uint8_t versionCmd2[] = {0x03, 0xaf};
 +      //uint8_t versionCmd3[] = {0x02, 0xaf};
 +
 +    // AUTH 1  -  CMD: 0x02, 0x0A, 0x00  = Auth
 +      // 0x02 = status byte för simpla svar?!? 
 +      // 0x0a = krypto typ
 +      // 0x00 = key nr
 +      //uint8_t initAuthCmdDES[]  = {0x02, 0x0a, 0x00};  // DES
 +      //uint8_t initAuthCmd3DES[] = {0x02, 0x1a, 0x00};  // 3DES
 +      //uint8_t initAuthCmdAES[]  = {0x02, 0xaa, 0x00};  // AES
 +      // auth 1 - answer command
 +      // 0x03 = status byte för komplexa typer?
 +      // 0xaf = additional frame
 +      // LEN = 1+1+32+2 = 36
 +      //uint8_t answerAuthCmd[34] = {0x03, 0xaf}; 
 +
 +      // Lägg till CRC
 +      //AppendCrc14443a(versionCmd1,sizeof(versionCmd1));
 +*/
 +
 +      // Sending commands
 +      /*ReaderTransmit(versionCmd1,sizeof(versionCmd1)+2, NULL);
 +      len = ReaderReceive(buffer);
 +      print_result("Get Version 3", buffer, 9);
 +      */
 +      
 +      // for( int i = 0; i < 8; i++){
 +              // // Auth 1 - Request authentication
 +              // ReaderTransmit(initAuthCmdAES,sizeof(initAuthCmdAES)+2, NULL);
 +              // //len = ReaderReceive(buffer);
 +
 +              // // 0xAE =  authentication error
 +              // if (buffer[1] == 0xae)       {
 +                              // Dbprintf("Cmd Error: %02x", buffer[1]);
 +                              // OnError();
 +                              // return;
 +              // }
 +
 +              // // tags enc nonce
 +              // memcpy(encRndB, buffer+2, 16);
 +
 +              // // dekryptera svaret från tag.
 +              // AesDecrypt(&ctx, encRndB, decRndB, 16);
 +
 +              // rol8(decRndB,16);
 +              // memcpy(RndARndB, RndA,16);
 +              // memcpy(RndARndB+16, decRndB ,16 );
 +
 +              // AesEncrypt(&ctx, RndARndB, encRndARndB, 32 );
 +
 +              // memcpy(answerAuthCmd+2, encRndARndB, 32);
 +              // AppendCrc14443a(answerAuthCmd,sizeof(answerAuthCmd));
 +      
 +              // ReaderTransmit(answerAuthCmd,sizeof(answerAuthCmd)+2, NULL);
 +
 +              // len = ReaderReceive(buffer);
 +
 +              // print_result("Auth1a ", buffer, 8);
 +              // Dbprintf("Rx len: %02x", len);
 +
 +              // if (buffer[1] == 0xCA)       {
 +                              // Dbprintf("Cmd Error: %02x  Len: %d", buffer[1],len);
 +                              // cmd_send(CMD_ACK,0,0,0,0,0);
 +                              // key[1] = i;
 +                              // AesCtxIni(&ctx, iv, key, KEY128, CBC);
 +              // }
 +      // }
 +
 +      //des_dec(decRndB, encRndB, key);
 +      
 +    //Do crypto magic
 +      /*
 +    DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
 +    memcpy(RndARndB,RndA,8);
 +    memcpy(RndARndB+8,RndB,8);
 +    PrintAndLog("     RA+B:%s",sprint_hex(RndARndB, 16));
 +    DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
 +    PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
 +    */
 +
 +
 +int mifare_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
 +      
 +      uint8_t* buffer = mifare_get_bigbufptr();
 +      uint8_t dcmd[19];
 +    
 +      dcmd[0] = 0xAF;
 +    memcpy(dcmd+1,key,16);
 +      AppendCrc14443a(dcmd, 17);
 +      
 +
 +      ReaderTransmit(dcmd, sizeof(dcmd), NULL);
 +      int len = ReaderReceive(buffer);
 +      if(!len) {
 +          if (MF_DBGLEVEL >= 1)   Dbprintf("Authentication failed. Card timeout.");
 +          len = ReaderReceive(buffer);
 +    }
 +    
 +      if(len==1)      {
 +        if (MF_DBGLEVEL >= 1) {
 +                      Dbprintf("NAK - Authentication failed.");
 +                      Dbprintf("Cmd Error: %02x", buffer[0]);
 +              }
 +              return 1;
 +      }
 +
 +      if (len == 11){
 +              if (MF_DBGLEVEL >= 1) {
 +                      Dbprintf("Auth2 Resp: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
 +                                        buffer[0],buffer[1],buffer[2],buffer[3],buffer[4],
 +                                        buffer[5],buffer[6],buffer[7],buffer[8],buffer[9],
 +                                        buffer[10]);
 +              }
 +              return 0;
 +      }
 +      return 1;
 +}
 +
 +void MifareDES_Auth2(uint32_t arg0, uint8_t *datain){
 +
 +      return;
 +      uint32_t cuid = arg0;
 +      uint8_t key[16];
 +
 +      byte_t isOK = 0;
 +      byte_t dataoutbuf[16];
 +      
 +    memset(key, 0, 16);
 +      memcpy(key, datain, 16);
 +    
 +      LED_A_ON();
 +      LED_B_OFF();
 +      LED_C_OFF();
 +
 +      if(mifare_des_auth2(cuid, key, dataoutbuf)){
 +          if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail...");    
 +      }
 +      isOK=1;
 +      if (MF_DBGLEVEL >= 2)   DbpString("AUTH 2 FINISHED");
 +    
 +      LED_B_ON();
 +    cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,11);
 +      LED_B_OFF();
 +    
 +    // Thats it...
 +      FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 +      LEDsoff();
 +}
 +
 +void OnSuccess(){
-       cmd_send(CMD_ACK,0,0,0,0,0);
-       ReaderTransmit(deselect_cmd, 3 , NULL);
-       // reset the pcb_blocknum,
 +      pcb_blocknum = 0;
++      ReaderTransmit(deselect_cmd, 3 , NULL);
 +      FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 +      LEDsoff();
 +}
 +
 +void OnError(){
 +      pcb_blocknum = 0;
++      ReaderTransmit(deselect_cmd, 3 , NULL);
 +      FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
++      cmd_send(CMD_ACK,0,0,0,0,0);
 +      LEDsoff();
 +}
diff --cc client/Makefile
index 026db7985f56bb504a61b81ca2883782166508c4,05ffc66710657df664a3ec71b8dd7db1e5fa1eec..1aa801eebbab757032cb3c6aee6544ca8d6140db
@@@ -19,10 -19,15 +19,15 @@@ CFLAGS = -std=c99  -I. -I../include -I.
  LUAPLATFORM = generic
  
  ifneq (,$(findstring MINGW,$(platform)))
 -CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
 -QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4
 +CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -I$(QTDIR)/include/QtWidgets 
 +QTLDLIBS = -L$(QTDIR)/lib  -lQt5Core -lQt5Gui -lQt5Widgets 
  MOC = $(QTDIR)/bin/moc
  LUAPLATFORM = mingw
+ else ifeq ($(platform),Darwin)
+ CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4
+ QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
+ MOC = $(shell pkg-config --variable=moc_location QtCore)
+ LUAPLATFORM = macosx
  else
  CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O4
  QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
@@@ -73,13 -78,10 +78,13 @@@ CMDSRCS =  nonce2key/crapto1.c
                        cmdhflegic.c \
                        cmdhficlass.c \
                        cmdhfmf.c \
 +                      cmdhfmfu.c \
 +                      cmdhfmfdes.c \
 +            cmdhfdes.c \
                        cmdhw.c \
                        cmdlf.c \
-                       cmdlfhid.c \
                        cmdlfio.c \
+                       cmdlfhid.c \
                        cmdlfem4x.c \
                        cmdlfhitag.c \
                        cmdlfti.c \
index e32664f5c7a2117c916bb538b906b7c43c54d3f2,7156b1188809ab9c492ac52a2efb4d2e32e270e6..bd215a611ccf370eccc5c6d7e3e8d85afab2c638
@@@ -436,8 -437,8 +436,8 @@@ int CmdHFiClassReader_Replay(const cha
    if (strlen(Cmd)<1) {
      PrintAndLog("Usage:  hf iclass replay <MAC>");
      PrintAndLog("        sample: hf iclass replay 00112233");
 -    return 0;
 +      return 0;
-   }   
+   }
  
    if (param_gethex(Cmd, 0, MAC, 8)) {
      PrintAndLog("MAC must include 8 HEX symbols");
@@@ -645,14 -647,14 +646,17 @@@ int CmdHFiClass_iso14443A_write(const c
  
  static command_t CommandTable[] = 
  {
 -  {"help",    CmdHelp,                        1,      "This help"},
 -  {"list",    CmdHFiClassList,        0,      "List iClass history"},
 -  {"snoop",   CmdHFiClassSnoop,       0,      "Eavesdrop iClass communication"},
 -  {"sim",     CmdHFiClassSim,         0,      "Simulate iClass tag"},
 +  {"help",    CmdHelp,        1, "This help"},
 +  {"list",    CmdHFiClassList,   0, "List iClass history"},
 +  {"snoop",   CmdHFiClassSnoop,  0, "Eavesdrop iClass communication"},
 +  {"sim",     CmdHFiClassSim,    0, "Simulate iClass tag"},
-   {"reader",  CmdHFiClassReader, 0, "Read an iClass tag"},
+   {"reader",CmdHFiClassReader,        0,      "Read an iClass tag"},
+   {"replay",CmdHFiClassReader_Replay, 0,      "Read an iClass tag via Reply Attack"},
+   {"dump",    CmdHFiClassReader_Dump, 0,              "Authenticate and Dump iClass tag"},
+   {"write",   CmdHFiClass_iso14443A_write,    0,      "Authenticate and Write iClass block"},
 +  {"replay",  CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"},
 +  {"dump",      CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"},
 +  {"write",   CmdHFiClass_iso14443A_write,    0,      "Authenticate and Write iClass block"},
    {NULL, NULL, 0, NULL}
  };
  
index 824236be7981b1f7ea543fbbf71782f7a0e9d0d4,0000000000000000000000000000000000000000..f3217df20e6364931057a606837d1d380f3e829f
mode 100644,000000..100644
--- /dev/null
@@@ -1,503 -1,0 +1,538 @@@
-       UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
 +//-----------------------------------------------------------------------------
 +// Copyright (C) 2014 Iceman
 +//
 +// This code is licensed to you under the terms of the GNU GPL, version 2 or,
 +// at your option, any later version. See the LICENSE.txt file for the text of
 +// the license.
 +//-----------------------------------------------------------------------------
 +// High frequency MIFARE Desfire commands
 +//-----------------------------------------------------------------------------
 +
 +#include <stdio.h>
 +#include <stdlib.h>
 +#include <string.h>
 +#include <ctype.h>
 +#include <openssl/des.h>
 +#include "cmdmain.h"
 +#include "proxmark3.h"
 +#include "../include/common.h"
 +#include "../include/mifare.h"
 +#include "../common/iso14443crc.h"
 +#include "data.h"
 +#include "ui.h"
 +#include "cmdparser.h"
 +#include "util.h"
 +#include "cmdhfmfdes.h"
 +
 +
 +uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
 +uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
 +uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
 +
 +
 +static int CmdHelp(const char *Cmd);
 +static void xor(unsigned char * dst, unsigned char * src, size_t len);
 +static int32_t le24toh (uint8_t data[3]);
 +
 +
 +int CmdHF14ADesWb(const char *Cmd)
 +{
 +/*    uint8_t blockNo = 0;
 +      uint8_t keyType = 0;
 +      uint8_t key[6] = {0, 0, 0, 0, 0, 0};
 +      uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
 +      
 +      char cmdp       = 0x00;
 +
 +      if (strlen(Cmd)<3) {
 +              PrintAndLog("Usage:  hf mf wrbl    <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");
 +              PrintAndLog("        sample: hf mf wrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");
 +              return 0;
 +      }       
 +
 +      blockNo = param_get8(Cmd, 0);
 +      cmdp = param_getchar(Cmd, 1);
 +      if (cmdp == 0x00) {
 +              PrintAndLog("Key type must be A or B");
 +              return 1;
 +      }
 +      if (cmdp != 'A' && cmdp != 'a') keyType = 1;
 +      if (param_gethex(Cmd, 2, key, 12)) {
 +              PrintAndLog("Key must include 12 HEX symbols");
 +              return 1;
 +      }
 +      if (param_gethex(Cmd, 3, bldata, 32)) {
 +              PrintAndLog("Block data must include 32 HEX symbols");
 +              return 1;
 +      }
 +      PrintAndLog("--block no:%02x key type:%02x key:%s", blockNo, keyType, sprint_hex(key, 6));
 +      PrintAndLog("--data: %s", sprint_hex(bldata, 16));
 +      
 +  UsbCommand c = {CMD_MIFARE_WRITEBL, {blockNo, keyType, 0}};
 +      memcpy(c.d.asBytes, key, 6);
 +      memcpy(c.d.asBytes + 10, bldata, 16);
 +  SendCommand(&c);
 +
 +      UsbCommand resp;
 +      if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
 +              uint8_t isOK  = resp.arg[0] & 0xff;
 +              PrintAndLog("isOk:%02x", isOK);
 +      } else {
 +              PrintAndLog("Command execute timeout");
 +      }
 + */
 +      return 0;
 +}
 +
 +int CmdHF14ADesRb(const char *Cmd)
 +{
 +      // uint8_t blockNo = 0;
 +      // uint8_t keyType = 0;
 +      // uint8_t key[6] = {0, 0, 0, 0, 0, 0};
 +      
 +      // char cmdp    = 0x00;
 +
 +
 +      // if (strlen(Cmd)<3) {
 +              // PrintAndLog("Usage:  hf mf rdbl    <block number> <key A/B> <key (12 hex symbols)>");
 +              // PrintAndLog("        sample: hf mf rdbl 0 A FFFFFFFFFFFF ");
 +              // return 0;
 +      // }    
 +      
 +      // blockNo = param_get8(Cmd, 0);
 +      // cmdp = param_getchar(Cmd, 1);
 +      // if (cmdp == 0x00) {
 +              // PrintAndLog("Key type must be A or B");
 +              // return 1;
 +      // }
 +      // if (cmdp != 'A' && cmdp != 'a') keyType = 1;
 +      // if (param_gethex(Cmd, 2, key, 12)) {
 +              // PrintAndLog("Key must include 12 HEX symbols");
 +              // return 1;
 +      // }
 +      // PrintAndLog("--block no:%02x key type:%02x key:%s ", blockNo, keyType, sprint_hex(key, 6));
 +      
 +  // UsbCommand c = {CMD_MIFARE_READBL, {blockNo, keyType, 0}};
 +      // memcpy(c.d.asBytes, key, 6);
 +  // SendCommand(&c);
 +
 +      // UsbCommand resp;
 +      // if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
 +              // uint8_t                isOK  = resp.arg[0] & 0xff;
 +              // uint8_t              * data  = resp.d.asBytes;
 +
 +              // if (isOK)
 +                      // PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 16));
 +              // else
 +                      // PrintAndLog("isOk:%02x", isOK);
 +      // } else {
 +              // PrintAndLog("Command execute timeout");
 +      // }
 +
 +  return 0;
 +}
 +
 +int CmdHF14ADesInfo(const char *Cmd){
 +
 +      UsbCommand c = {CMD_MIFARE_DESFIRE_INFO};
 +    SendCommand(&c);
 +      UsbCommand resp;
 +      
 +      if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
 +              PrintAndLog("Command execute timeout");
 +              return 0;
 +      }
 +      uint8_t isOK  = resp.arg[0] & 0xff;
 +      if ( !isOK ){
 +              PrintAndLog("Command unsuccessful");
 +              return 0;
 +      }  
 +      
 +      PrintAndLog("---Desfire Information---------------------------------------");
 +      PrintAndLog("-------------------------------------------------------------");
 +      PrintAndLog("  UID                : %s",sprint_hex(resp.d.asBytes, 7));
 +      PrintAndLog("  Batch number       : %s",sprint_hex(resp.d.asBytes+28,5));
 +      PrintAndLog("  Production date    : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]);
 +      PrintAndLog("-------------------------------------------------------------");
 +      PrintAndLog("  Hardware Information");
 +      PrintAndLog("      Vendor Id      : %s", GetVendorStr(resp.d.asBytes[7]));
 +      PrintAndLog("      Type           : 0x%02X",resp.d.asBytes[8]);
 +      PrintAndLog("      Subtype        : 0x%02X",resp.d.asBytes[9]);
 +      PrintAndLog("      Version        : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]);
 +      PrintAndLog("      Storage size   : %s",GetCardSizeStr(resp.d.asBytes[12]));
 +      PrintAndLog("      Protocol       : %s",GetProtocolStr(resp.d.asBytes[13]));
 +      PrintAndLog("-------------------------------------------------------------");
 +      PrintAndLog("  Software Information");
 +      PrintAndLog("      Vendor Id      : %s",GetVendorStr(resp.d.asBytes[14]));
 +      PrintAndLog("      Type           : 0x%02X",resp.d.asBytes[15]);
 +      PrintAndLog("      Subtype        : 0x%02X",resp.d.asBytes[16]);
 +      PrintAndLog("      Version        : %d.%d",resp.d.asBytes[17], resp.d.asBytes[18]);
 +      PrintAndLog("      storage size   : %s", GetCardSizeStr(resp.d.asBytes[19]));
 +      PrintAndLog("      Protocol       : %s", GetProtocolStr(resp.d.asBytes[20]));
 +      PrintAndLog("-------------------------------------------------------------");
 +      
 +      
-               PrintAndLog("     0x08 Configuration changeable;");
++      UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }};
 +      c1.d.asBytes[0] = GET_KEY_SETTINGS;
 +    SendCommand(&c1);
 +      if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
 +              return 0;
 +      }  
 +      
 +      PrintAndLog("  Master Key settings");
 +      if (  resp.d.asBytes[3] & (1 << 3 ) )
-               PrintAndLog("     0x08 Configuration NOT changeable;");
++              PrintAndLog("     0x08 Configuration changeable");
 +      else
-               PrintAndLog("     0x04 PICC Master Key not required for create / delete;");
++              PrintAndLog("     0x08 Configuration NOT changeable");
 +
 +      if (  resp.d.asBytes[3] & (1 << 2 ) )
-               PrintAndLog("     0x04 PICC Master Key required for create / delete;");
++              PrintAndLog("     0x04 PICC Master Key not required for create / delete");
 +      else 
-               PrintAndLog("     0x02 Free directory list access without PICC Master Key;");
++              PrintAndLog("     0x04 PICC Master Key required for create / delete");
 +
 +      if (  resp.d.asBytes[3] & (1 << 1 ) )
-               PrintAndLog("     0x02 Directory list access with PICC Master Key;");
++              PrintAndLog("     0x02 Free directory list access without PICC Master Key");
 +      else
-               PrintAndLog("     0x01 Allow changing the Master Key;");
++              PrintAndLog("     0x02 Directory list access with PICC Master Key");
 +      
 +      if (  resp.d.asBytes[3] & (1 << 0 ) )
-               PrintAndLog("     0x01 Master Key is not changeable anymore;");
++              PrintAndLog("     0x01 Allow changing the Master Key");
 +      else
-       UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x01, 0x02 }};
++              PrintAndLog("     0x01 Master Key is not changeable anymore");
 +      
 +      //                                      init   len
-       PrintAndLog("     Max number of keys  : %d", resp.d.asBytes[2]);
++      UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x03, 0x02 }};
 +    c2.d.asBytes[0] = GET_KEY_VERSION;
 +      c2.d.asBytes[1] = 0x00;
 +      SendCommand(&c2);
 +      if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
 +              return 0;
 +      }
 +      
 +      PrintAndLog("");
-       UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
++      PrintAndLog("     Max number of keys  : %d", resp.d.asBytes[4]);
 +      PrintAndLog("     Master key Version  : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
 +      PrintAndLog("-------------------------------------------------------------");
 +      
 +
-               Card Master key (CMK)  0x00 on AID = 00 00 00 (card level) 0x1
-               Application Master Key (AMK) 0x00 on AID != 00 00 00
-               Application keys (APK) = 0x01-0x0D
-               Application free = 0x0E
-               Application never = 0x0F
++      UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }};
 +      c3.d.asBytes[0] = GET_FREE_MEMORY;
 +    SendCommand(&c3);
 +      if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
 +              return 0;
 +      }  
 +      
 +      uint8_t tmp[3];
 +      memcpy(tmp, resp.d.asBytes+3,3); 
 +
 +      PrintAndLog("     Free memory on card : %d bytes", le24toh( tmp ));
 +      PrintAndLog("-------------------------------------------------------------");
 +
 +      /*
-       UsbCommand c = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
-       c.d.asBytes[0] = GET_APPLICATION_IDS;
++              Card Master key (CMK)        0x00 AID = 00 00 00 (card level)
++              Application Master Key (AMK) 0x00 AID != 00 00 00
++              Application keys (APK)       0x01-0x0D
++              Application free             0x0E
++              Application never            0x0F
 +              
 +              ACCESS RIGHTS:
 +              keys 0,1,2,3     C
 +              keys 4,5,6,7     RW
 +              keys 8,9,10,11   W
 +              keys 12,13,14,15 R
 +              
 +              Session key:
 +                      16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7)
 +                      8  : RndA(byte0-byte3) + RndB(byte0-byte3) 
 +                      
 +                      AES 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte12-byte15) + RndB(byte12-byte15)
 +      */
 +      
 +    return 1;
 +}
 +
 +char * GetVendorStr( uint8_t id){
 +      static char buf[30];
 +      char *retStr = buf;
 +      
 +      if ( id == 0x04 )
 +              sprintf(retStr, "0x%02X (NXP)",id);
 +      else 
 +              sprintf(retStr,"0x%02X (Unknown)",id);
 +      return buf;
 +}
 +
 +/*
 +  The 7 MSBits (= n) code the storage size itself based on 2^n, 
 +  the LSBit is set to '0' if the size is exactly 2^n
 +      and set to '1' if the storage size is between 2^n and 2^(n+1). 
 +      For this version of DESFire the 7 MSBits are set to 0x0C (2^12 = 4096) and the LSBit is '0'.
 +*/
 +char * GetCardSizeStr( uint8_t fsize ){
 + 
 +      static char buf[30];
 +      char *retStr = buf;
 +
 +      uint16_t usize = 1 << ((fsize >>1) + 1);
 +      uint16_t lsize = 1 << (fsize >>1);
 +      
 +      // is  LSB set?
 +      if (  fsize & (1 << 0 ) )
 +              sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
 +      else 
 +              sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);             
 +      return buf;
 +}
 +
 +char * GetProtocolStr(uint8_t id){
 +
 +      static char buf[30];
 +      char *retStr = buf;
 +
 +      if ( id == 0x05)
 +              sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
 +      else
 +              sprintf(retStr,"0x%02X", id);   
 +      return buf;
 +}
 +
 +int CmdHF14ADesEnumApplications(const char *Cmd){
 +      
-       //UsbCommand respFiles;
++      uint32_t options = 0x00;
++      
++      options |= INIT;
++      options  |= DISCONNECT;
++      
++      UsbCommand c = {CMD_MIFARE_DESFIRE, {options , 0x01 }};
++      c.d.asBytes[0] = GET_APPLICATION_IDS;  //0x6a
 +    SendCommand(&c);
 +      UsbCommand resp;
 +              
 +      if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
 +              return 0;
 +      }  
 +      
 +      uint8_t isOK  = resp.arg[0] & 0xff;
 +      if ( !isOK ){
 +              PrintAndLog("Command unsuccessful");
 +              return 0;
 +      } 
 +      
 +      PrintAndLog("---Desfire Enum Applications --------------------------------");
 +      PrintAndLog("-------------------------------------------------------------");
 +
-               PrintAndLog(" Aid %d : %s ",num ,sprint_hex(resp.d.asBytes+i,3));
++      UsbCommand respAid;
++      UsbCommand respFiles;
 +      
 +      uint8_t num = 0;
 +      int max = resp.arg[1] -3 -2;
 +      
 +      for(int i=3; i<=max; i+=3){
-               // UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { 0x01, 0x04 }};
-               // cFiles.d.asBytes[0] = GET_FILE_IDS;
-               // cFiles.d.asBytes[1] = resp.d.asBytes+i;
-               // cFiles.d.asBytes[2] = resp.d.asBytes+i+1;
-               // cFiles.d.asBytes[3] = resp.d.asBytes+i+2;
-               // SendCommand(&cFiles);
++              PrintAndLog(" Aid %d : %02X %02X %02X ",num ,resp.d.asBytes[i],resp.d.asBytes[i+1],resp.d.asBytes[i+2]);
 +              num++;
 +              
-               // if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
-                       // PrintAndLog("   No files found");
-                       // break;
-               // }
++              options = INIT;
++
++              UsbCommand cAid = {CMD_MIFARE_DESFIRE, { options, 0x04 }};
++              cAid.d.asBytes[0] = SELECT_APPLICATION;  // 0x5a
++              cAid.d.asBytes[1] = resp.d.asBytes[i];
++              cAid.d.asBytes[2] = resp.d.asBytes[i+1];                
++              cAid.d.asBytes[3] = resp.d.asBytes[i+2];
++              SendCommand(&cAid);
++              
++              if (!WaitForResponseTimeout(CMD_ACK,&respAid,1500) ) {
++                      PrintAndLog("   Timed-out");
++                      continue;
++              } 
++              uint8_t isOK  = respAid.arg[0] & 0xff;
++              if ( !isOK ){
++                      PrintAndLog("   Can't select AID: %s",sprint_hex(resp.d.asBytes+i,3));  
++                      continue;
++              }
++      
++              options = DISCONNECT;
++              UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { options, 0x01 }};
++              cFiles.d.asBytes[0] = GET_FILE_IDS; // 0x6f
++              SendCommand(&cFiles);
++              
++              if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
++                      PrintAndLog("   Timed-out");
++                      continue;
++              } else {
++              
++                      uint8_t isOK  = respFiles.arg[0] & 0xff;
++                      if ( !isOK ){
++                              PrintAndLog("   No files found");
++                              continue;
++                      }
 +              
++                      int respfileLen = resp.arg[1]-3-2;                      
++                      for (int j=0; j< respfileLen; ++j){
++                              PrintAndLog("   Fileid %d :", resp.d.asBytes[j+3]);
++                      }
++              }
 +              
 +      }
 +      PrintAndLog("-------------------------------------------------------------");
 +      
 +      
 +      return 1;
 +}
 +
 +int CmdHF14ADesNonces(const char *Cmd){
 +      return 1;
 +}
 +
 +//
 +// MIAFRE DesFire Authentication
 +//
 +#define BUFSIZE 64 
 +int CmdHF14ADesAuth(const char *Cmd){
 +    
 +      // NR  DESC             KEYLENGHT
 +      // ------------------------
 +      // 1 = DES              8
 +      // 2 = 3DES             16
 +      // 3 = 3K 3DES  24
 +      // 4 = AES              16
 +      
 +      // AUTHENTICTION MODES:
 +      // 1 Normal
 +      // 2 ISO
 +      // 3 AES
 +      
 +      uint8_t keylength = 8;
 +      //unsigned char testinput[] = { 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00};
 +      unsigned char key[24]; // =       { 0x75,0x28,0x78,0x39,0x74,0x93,0xCB,0x70};   
 +      
 +    if (strlen(Cmd)<3) {
 +        PrintAndLog("Usage:  hf mfdes auth <1|2|3> <1|2|3|4> <keyno> <key> ");
 +              PrintAndLog("               AUTH modes 1 = normal, 2 = iso, 3 = aes");
 +              PrintAndLog("               Crypto: 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
 +              PrintAndLog("               keynumber");
 +        PrintAndLog("        sample: hf mfdes auth 1 1 0 11223344");
 +        return 0;
 +    } 
 +      uint8_t cmdAuthMode     = param_get8(Cmd,0);
 +      uint8_t cmdAuthAlgo     = param_get8(Cmd,1);
 +      uint8_t cmdKeyNo        = param_get8(Cmd,2);
 +      
 +      switch (cmdAuthMode)
 +      {
 +              case 1: 
 +                      if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2) {
 +                              PrintAndLog("Crypto algo not valid for the auth mode");
 +                              return 1;
 +                      }
 +                      break;
 +              case 2:
 +                      if ( cmdAuthAlgo != 1 && cmdAuthAlgo != 2 && cmdAuthAlgo != 3) {
 +                              PrintAndLog("Crypto algo not valid for the auth mode");
 +                              return 1;
 +                      }
 +                      break;
 +              case 3:
 +                      if ( cmdAuthAlgo != 4) {
 +                              PrintAndLog("Crypto algo not valid for the auth mode");
 +                              return 1;
 +                      }
 +                      break;
 +              default:
 +                      PrintAndLog("Wrong Auth mode");
 +                      return 1;
 +                      break;
 +      }
 +      
 +      switch (cmdAuthAlgo){
 +              case 2: 
 +                      keylength = 16;
 +                      PrintAndLog("3DES selected");
 +                      break;
 +              case 3: 
 +                      keylength = 24;
 +                      PrintAndLog("3 key 3DES selected");
 +                      break;
 +              case 4:
 +                      keylength = 16;
 +                      PrintAndLog("AES selected");
 +                      break;
 +              default:
 +                      cmdAuthAlgo = 1;
 +                      keylength = 8;
 +                      PrintAndLog("DES selected");
 +                      break;
 +      }
 +
 +      // key
 +      if (param_gethex(Cmd, 3, key, keylength*2)) {
 +              PrintAndLog("Key must include %d HEX symbols", keylength);
 +              return 1;
 +      }
 +      // algo, nyckellängd, 
 +      UsbCommand c = {CMD_MIFARE_DESFIRE_AUTH1, { cmdAuthMode, cmdAuthAlgo, cmdKeyNo }};
 +      
 +      c.d.asBytes[0] = keylength;
 +      memcpy(c.d.asBytes+1, key, keylength);
 +      //memcpy(c.d.asBytes + 30, testinput, keylength);
 +      
 +    SendCommand(&c);
 +      UsbCommand resp;
 +      
 +      if (WaitForResponseTimeout(CMD_ACK,&resp,3000)) {
 +              uint8_t isOK  = resp.arg[0] & 0xff;
 +              PrintAndLog("isOk:%02x", isOK);
 +
 +      } else {
 +              PrintAndLog("Command execute timeout");
 +              return 0;
 +      }  
 +
 +      uint8_t * data= resp.d.asBytes;
 +              
 +      // PrintAndLog("-------------------------------------------------------------");
 +       PrintAndLog("  Key        :%s",sprint_hex(key, keylength));
 +      // PrintAndLog("  Plain      :%s",sprint_hex(testinput, keylength));
 +      PrintAndLog("  Encoded    :%s",sprint_hex(data, keylength));
 +      PrintAndLog("-------------------------------------------------------------");
 +      //PrintAndLog("  Expected   :B5 21 9E E8 1A A7 49 9D 21 96 68 7E 13 97 38 56");
 +      
 +    return 1;
 +}
 +
 +
 +static void xor(unsigned char * dst, unsigned char * src, size_t len) {
 +   for( ; len > 0; len--,dst++,src++)
 +       *dst ^= *src;
 +}
 +
 +static int32_t le24toh (uint8_t data[3]) {
 +    return (data[2] << 16) | (data[1] << 8) | data[0];
 +}
 +
 +static command_t CommandTable[] =
 +{
 +  {"help",            CmdHelp,                                        1, "This help"},
 +  {"auth",            CmdHF14ADesAuth,                        0, "Tries a MIFARE DesFire Authentication"},
 +  {"rb",              CmdHF14ADesRb,                          0, "Read MIFARE DesFire block"},
 +  {"wb",              CmdHF14ADesWb,                          0, "write MIFARE DesFire block"},
 +  {"info",            CmdHF14ADesInfo,                        0, "Get MIFARE DesFire information"},
 +  {"enum",            CmdHF14ADesEnumApplications,0, "Tries enumerate all applications"},
 +  {"nonce",           CmdHF14ADesNonces,                      0, "<n> Collect n>0 nonces"},
 +  {NULL, NULL, 0, NULL}
 +};
 +
 +int CmdHFMFDes(const char *Cmd)
 +{
 +   // flush
 +   WaitForResponseTimeout(CMD_ACK,NULL,100);
 +   CmdsParse(CommandTable, Cmd);
 +  return 0;
 +}
 +
 +int CmdHelp(const char *Cmd)
 +{
 +  CmdsHelp(CommandTable);
 +  return 0;
 +}
 +
 +
index 15bb9a23433515432449341c86e4ae5f19076df2,0000000000000000000000000000000000000000..8ecf36d37569d73a9d5baad4164f91428adbab47
mode 100644,000000..100644
--- /dev/null
@@@ -1,65 -1,0 +1,73 @@@
 +//-----------------------------------------------------------------------------
 +// Copyright (C) 2014 Iceman
 +//
 +// This code is licensed to you under the terms of the GNU GPL, version 2 or,
 +// at your option, any later version. See the LICENSE.txt file for the text of
 +// the license.
 +//-----------------------------------------------------------------------------
 +// High frequency MIFARE Desfire commands
 +//-----------------------------------------------------------------------------
 +
 +int CmdHFMFDes(const char *Cmd);
 +int CmdHF14ADesAuth(const char* cmd);
 +int CmdHF14ADesRb(const char* cmd);
 +int CmdHF14ADesWb(const char* cmd);
 +int CmdHF14ADesInfo(const char *Cmd);
 +int CmdHF14ADesEnumApplications(const char *Cmd);
 +int CmdHF14ADesNonces(const char *Cmd);
 +char * GetCardSizeStr( uint8_t fsize );
 +char * GetVendorStr( uint8_t id);
 +char * GetProtocolStr(uint8_t id);
 +
++// Command options for Desfire behavior.
++enum  {
++ NONE         =       0x00,
++ INIT                 =       0x01,
++ DISCONNECT = 0x02,
++ FOO          =       0x04,
++ BAR          =       0x08,
++} CmdOptions ;
 +
 +
 +#define  CREATE_APPLICATION                   0xca
 +#define  DELETE_APPLICATION                   0xda
 +#define  GET_APPLICATION_IDS                  0x6a
 +#define      SELECT_APPLICATION               0x5a
 +#define      FORMAT_PICC                              0xfc
 +#define      GET_VERSION                               0x60
 +#define      READ_DATA                                         0xbd
 +#define      WRITE_DATA                                        0x3d
 +#define      GET_VALUE                                         0x6c
 +#define      CREDIT                                    0x0c
 +#define      DEBIT                                             0xdc
 +#define      LIMITED_CREDIT                    0x1c
 +#define      WRITE_RECORD                              0x3b
 +#define      READ_RECORDS                              0xbb
 +#define     CLEAR_RECORD_FILE                          0xeb
 +#define      COMMIT_TRANSACTION                0xc7
 +#define      ABORT_TRANSACTION                         0xa7
 +#define      GET_FREE_MEMORY             0x6e
 +#define       GET_FILE_IDS                             0x6f
 +#define     GET_FILE_SETTINGS                          0xf5
 +#define     CHANGE_FILE_SETTINGS               0x5f
 +#define     CREATE_STD_DATA_FILE               0xcd
 +#define     CREATE_BACKUP_DATA_FILE    0xcb
 +#define     CREATE_VALUE_FILE                          0xcc
 +#define     CREATE_LINEAR_RECORD_FILE          0xc1
 +#define     CREATE_CYCLIC_RECORD_FILE          0xc0
 +#define     DELETE_FILE                                0xdf
 +#define     AUTHENTICATE                               0x0a  // AUTHENTICATE_NATIVE
 +#define       AUTHENTICATE_ISO                         0x1a  // AUTHENTICATE_STANDARD
 +#define       AUTHENTICATE_AES                         0xaa
 +#define     CHANGE_KEY_SETTINGS                0x54
 +#define     GET_KEY_SETTINGS                   0x45
 +#define     CHANGE_KEY                                         0xc4
 +#define     GET_KEY_VERSION                    0x64
 +#define     AUTHENTICATION_FRAME               0xAF
 +
 +
 +#define MAX_APPLICATION_COUNT 28
 +#define MAX_FILE_COUNT 16
 +#define MAX_FRAME_SIZE 60
 +#define NOT_YET_AUTHENTICATED 255
 +#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5)
Impressum, Datenschutz