]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
ADD: added the possibility to choose which block num to attack with "hf mf mifare...
authoriceman1001 <iceman@iuse.se>
Wed, 20 Jan 2016 21:26:01 +0000 (22:26 +0100)
committericeman1001 <iceman@iuse.se>
Wed, 20 Jan 2016 21:26:01 +0000 (22:26 +0100)
14 files changed:
armsrc/BigBuf.c
armsrc/Makefile
armsrc/appmain.c
armsrc/apps.h
armsrc/hitag2.c
armsrc/iclass.c
armsrc/iso14443a.c
armsrc/iso14443b.c
armsrc/mifarecmd.c
armsrc/mifaredesfire.c
armsrc/mifaresniff.c
client/cmdhflegic.c
client/cmdhfmf.c
client/cmdhfmfhard.c

index f3f23ddc9fe40b56004c1fe27e93fce17b1900ec..da86e9d3ccdbd98c469ffa1b84acebbcdcd9413b 100644 (file)
@@ -58,7 +58,7 @@ void BigBuf_Clear_ext(bool verbose)
 {
        memset(BigBuf,0,BIGBUF_SIZE);
        if (verbose) 
-       Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE);
+               Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE);
 }
 
 
index f4e7495d5606aef7f7f268f2d175efe92948dc1d..36113ebeca9869ece7e812777fb957a6c9447462 100644 (file)
@@ -21,6 +21,7 @@ SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
 SRC_ISO14443b = iso14443b.c
 SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
 SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c 
+SRC_EMV = tlv.c emvdataels.c emvutil.c emvcmd.c                                                                         
 
 #the FPGA bitstream files. Note: order matters!
 FPGA_BITSTREAMS = fpga_lf.bit fpga_hf.bit
@@ -62,6 +63,7 @@ ARMSRC = fpgaloader.c \
        optimized_cipher.c \
        hfsnoop.c \
        parity.c
+#  $(SRC_EMV)
 
 # Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
 include ../common/Makefile.common
index 22657815ebaeb398a5e64c8d899cee40fa953c62..10db4a39f986d9b67eb904f3b3a15b60da19330b 100644 (file)
@@ -405,8 +405,8 @@ void StandAloneMode14a()
                        /* need this delay to prevent catching some weird data */
                        SpinDelay(500);
                        /* Code for reading from 14a tag */
-                       uint8_t uid[10]  ={0};
-                       uint32_t cuid;
+                       uint8_t uid[10] {0};
+                       uint32_t cuid = 0;
                        iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
 
                        for ( ; ; )
@@ -1089,7 +1089,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
                        break;
                        
                case CMD_READER_MIFARE:
-            ReaderMifare(c->arg[0]);
+            ReaderMifare(c->arg[0], c->arg[1]);
                        break;
                case CMD_MIFARE_READBL:
                        MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
@@ -1186,7 +1186,19 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_MIFARE_COLLECT_NONCES:
                        break;
 #endif
-
+#ifdef WITH_EMV
+               case CMD_EMV_TRANSACTION:
+                       EMVTransaction();
+                       break;
+        case CMD_EMV_GET_RANDOM_NUM:
+            //EMVgetUDOL();
+            break;
+        case CMD_EMV_LOAD_VALUE:
+            EMVloadvalue(c->arg[0], c->d.asBytes);  
+            break;
+        case CMD_EMV_DUMP_CARD:
+            EMVdumpcard();
+#endif
 #ifdef WITH_ICLASS
                // Makes use of ISO14443a FPGA Firmware
                case CMD_SNOOP_ICLASS:
index 83cd94ec88a77c6fe52dd4c56f083a4931ebaced..1d23caa4f5ed18453ef53100678acdfed404e630 100644 (file)
@@ -121,7 +121,8 @@ void EPA_PACE_Collect_Nonce(UsbCommand * c);
 void EPA_PACE_Replay(UsbCommand *c);
 
 // mifarecmd.h
-void ReaderMifare(bool first_try);
+//void ReaderMifare(bool first_try);
+void ReaderMifare(bool first_try, uint8_t block );
 int32_t dist_nt(uint32_t nt1, uint32_t nt2);
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
@@ -211,5 +212,10 @@ bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* d
 
 /// util.h
 void HfSnoop(int , int);
+//EMV functions emvcmd.h
+void EMVTransaction(void);
+void EMVgetUDOL(void);
+void EMVloadvalue(uint32_t tag, uint8_t* datain);
+void EMVdumpcard(void);
 
 #endif
index d1005f3c86baad1a099d57e2ff1cf5ec5d594eb3..1147cb8d31a42fdee6dbf06e5dac9075e82c74bb 100644 (file)
@@ -714,8 +714,8 @@ void SnoopHitag(uint32_t type) {
        FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 
        // Clean up trace and prepare it for storing frames
-       set_tracing(TRUE);
        clear_trace();
+       set_tracing(TRUE);
        
        auth_table_len = 0;
        auth_table_pos = 0;
@@ -928,9 +928,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
        FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 
        // Clean up trace and prepare it for storing frames
-       set_tracing(TRUE);
        clear_trace();
-
+       set_tracing(TRUE);
+       
        auth_table_len = 0;
        auth_table_pos = 0;
     byte_t* auth_table;
@@ -1121,9 +1121,9 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
        bSuccessful = false;
   
        // Clean up trace and prepare it for storing frames
-       set_tracing(TRUE);
        clear_trace();
-
+       set_tracing(TRUE);
+       
        DbpString("Starting Hitag reader family");
 
        // Check configuration
index 7a68ea6bcbb478302cd05a10c2e874293dd6e2c3..101ca06088710b9182f69ddfa8c7cf92bdbb0074 100644 (file)
@@ -653,8 +653,9 @@ void RAMFUNC SnoopIClass(void)
     // The DMA buffer, used to stream samples from the FPGA
     uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
  
-       set_tracing(TRUE);
        clear_trace();
+       set_tracing(TRUE);
+       
     iso14a_set_trigger(FALSE);
 
     int lastRxCounter;
@@ -985,8 +986,9 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
        FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 
        // Enable and clear the trace
-       set_tracing(TRUE);
        clear_trace();
+       set_tracing(TRUE);
+
        //Use the emulator memory for SIM
        uint8_t *emulator = BigBuf_get_EM_addr();
 
@@ -1323,10 +1325,8 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
                                GetParity(trace_data, trace_data_size, parity);
                                LogTrace(trace_data, trace_data_size, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE);
                        }
-                       if(!tracing) {
+                       if(!tracing)
                                DbpString("Trace full");
-                               //break;
-                       }
 
                }
        }
@@ -1570,9 +1570,9 @@ void setupIclassReader()
 {
     FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
     // Reset trace buffer
-       set_tracing(TRUE);
        clear_trace();
-
+       set_tracing(TRUE);
+       
     // Setup SSC
     FpgaSetupSsc();
     // Start from off (no field generated)
@@ -1693,7 +1693,9 @@ void ReaderIClass(uint8_t arg0) {
     while(!BUTTON_PRESS())
     {
                if (try_once && tryCnt > 5) break; 
+               
                tryCnt++;
+               
                if(!tracing) {
                        DbpString("Trace full");
                        break;
index 8a925475e1869356120ed7949a20708601f6c3f7..1c4d0f05f35129c994deb0c178d1161ca887b4a3 100644 (file)
@@ -1211,10 +1211,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
                        //p_response = &responses[9];                           
                
                } else if(receivedCmd[0] == 0x50) {     // Received a HALT
-
-                       if (tracing) {
-                               LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
-                       }
+                       LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
                        p_response = NULL;
                } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) {   // Received an authentication request
                                        
@@ -1236,9 +1233,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
                                p_response = &responses[6]; order = 70;
                        }
                } else if (order == 7 && len == 8) { // Received {nr] and {ar} (part of authentication)
-                       if (tracing) {
-                               LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
-                       }
+                       LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
                        uint32_t nonce = bytes_to_num(response5,4);
                        uint32_t nr = bytes_to_num(receivedCmd,4);
                        uint32_t ar = bytes_to_num(receivedCmd+4,4);
@@ -1352,9 +1347,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
 
                                default: {
                                        // Never seen this command before
-                                       if (tracing) {
-                                               LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
-                                       }
+                                       LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
                                        Dbprintf("Received unknown command (len=%d):",len);
                                        Dbhexdump(len,receivedCmd,false);
                                        // Do not respond
@@ -1372,9 +1365,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
         
                                if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
                                        Dbprintf("Error preparing tag response");
-                                       if (tracing) {
-                                               LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
-                                       }
+                                       LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
                                        break;
                                }
                                p_response = &dynamic_response_info;
@@ -1396,7 +1387,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
                if (p_response != NULL) {
                        EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
                        // do the tracing for the previous reader request and this tag answer:
-                       uint8_t par[MAX_PARITY_SIZE];
+                       uint8_t par[MAX_PARITY_SIZE] = {0x00};
                        GetParity(p_response->response, p_response->response_n, par);
        
                        EmLogTrace(Uart.output, 
@@ -1781,24 +1772,20 @@ int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){
 bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
                                 uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity)
 {
-       if (tracing) {
-               // we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
-               // end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
-               // with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
-               uint16_t reader_modlen = reader_EndTime - reader_StartTime;
-               uint16_t approx_fdt = tag_StartTime - reader_EndTime;
-               uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
-               reader_EndTime = tag_StartTime - exact_fdt;
-               reader_StartTime = reader_EndTime - reader_modlen;
+       // we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
+       // end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
+       // with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
+       uint16_t reader_modlen = reader_EndTime - reader_StartTime;
+       uint16_t approx_fdt = tag_StartTime - reader_EndTime;
+       uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
+       reader_EndTime = tag_StartTime - exact_fdt;
+       reader_StartTime = reader_EndTime - reader_modlen;
                
-               if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE))
-                       return FALSE;
-               else 
-                       return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
-               
-       } else {
-               return TRUE;
-       }
+       if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE))
+               return FALSE;
+       else 
+               return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
+
 }
 
 //-----------------------------------------------------------------------------
@@ -1847,8 +1834,7 @@ void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t
                LED_A_ON();
   
        // Log reader command in trace buffer
-       if (tracing)
-               LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, TRUE);
+       LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, TRUE);
 }
 
 void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
@@ -1877,9 +1863,7 @@ int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parit
        if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset)) 
                return FALSE;
 
-       if (tracing)
-               LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
-
+       LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
        return Demod.len;
 }
 
@@ -1888,9 +1872,7 @@ int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity)
        if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) 
                return FALSE;
 
-       if (tracing)
-               LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
-
+       LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
        return Demod.len;
 }
 
@@ -2006,7 +1988,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
                if (!ReaderReceive(resp, resp_par)) return 0;
                sak = resp[0];
 
-    // Test if more parts of the uid are coming
+               // Test if more parts of the uid are coming
                if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
                        // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
                        // http://www.nxp.com/documents/application_note/AN10927.pdf
@@ -2081,7 +2063,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
 }
 
 int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
-       uint8_t parity[MAX_PARITY_SIZE];
+       uint8_t parity[MAX_PARITY_SIZE] = {0x00};
        uint8_t real_cmd[cmd_len+4];
        real_cmd[0] = 0x0a; //I-Block
        // put block number into the PCB
@@ -2120,20 +2102,19 @@ void ReaderIso14443a(UsbCommand *c)
        size_t lenbits = c->arg[1] >> 16;
        uint32_t timeout = c->arg[2];
        uint32_t arg0 = 0;
-       byte_t buf[USB_CMD_DATA_SIZE];
-       uint8_t par[MAX_PARITY_SIZE];
+       byte_t buf[USB_CMD_DATA_SIZE] = {0x00};
+       uint8_t par[MAX_PARITY_SIZE] = {0x00};
   
-       if(param & ISO14A_CONNECT) {
+       if (param & ISO14A_CONNECT)
                clear_trace();
-       }
 
        set_tracing(TRUE);
 
-       if(param & ISO14A_REQUEST_TRIGGER) {
+       if (param & ISO14A_REQUEST_TRIGGER)
                iso14a_set_trigger(TRUE);
-       }
 
-       if(param & ISO14A_CONNECT) {
+
+       if (param & ISO14A_CONNECT) {
                iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
                if(!(param & ISO14A_NO_SELECT)) {
                        iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
@@ -2142,16 +2123,15 @@ void ReaderIso14443a(UsbCommand *c)
                }
        }
 
-       if(param & ISO14A_SET_TIMEOUT) {
+       if (param & ISO14A_SET_TIMEOUT)
                iso14a_set_timeout(timeout);
-       }
 
-       if(param & ISO14A_APDU) {
+       if (param & ISO14A_APDU) {
                arg0 = iso14_apdu(cmd, len, buf);
                cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
        }
 
-       if(param & ISO14A_RAW) {
+       if (param & ISO14A_RAW) {
                if(param & ISO14A_APPEND_CRC) {
                        if(param & ISO14A_TOPAZMODE) {
                                AppendCrc14443b(cmd,len);
@@ -2190,13 +2170,12 @@ void ReaderIso14443a(UsbCommand *c)
                cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
        }
 
-       if(param & ISO14A_REQUEST_TRIGGER) {
+       if (param & ISO14A_REQUEST_TRIGGER)
                iso14a_set_trigger(FALSE);
-       }
 
-       if(param & ISO14A_NO_DISCONNECT) {
+
+       if (param & ISO14A_NO_DISCONNECT)
                return;
-       }
 
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        set_tracing(FALSE);
@@ -2209,20 +2188,19 @@ void ReaderIso14443a(UsbCommand *c)
 // Therefore try in alternating directions.
 int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
 
-       uint16_t i;
-       uint32_t nttmp1, nttmp2;
-
        if (nt1 == nt2) return 0;
-
-       nttmp1 = nt1;
-       nttmp2 = nt2;
        
-       for (i = 1; i < 0xFFFF; i++) {
+       uint16_t i;
+       uint32_t nttmp1 = nt1;
+       uint32_t nttmp2 = nt2;
+       
+       for (i = 1; i < 0xFFFF; ++i) {
                nttmp1 = prng_successor(nttmp1, 1);
                if (nttmp1 == nt2) return i;
+
                nttmp2 = prng_successor(nttmp2, 1);
-                       if (nttmp2 == nt1) return -i;
-               }
+               if (nttmp2 == nt1) return -i;
+       }
        
        return(-99999); // either nt1 or nt2 are invalid nonces
 }
@@ -2234,13 +2212,18 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
 // Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
 // (article by Nicolas T. Courtois, 2009)
 //-----------------------------------------------------------------------------
-void ReaderMifare(bool first_try)
+void ReaderMifare(bool first_try, uint8_t block )
 {
        // Mifare AUTH
-       uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
+       //uint8_t mf_auth[]    = { 0x60,0x00,0xf5,0x7b };
+       //uint8_t mf_auth[]    = { 0x60,0x05, 0x58, 0x2c };
+       uint8_t mf_auth[]    = { 0x60,0x00, 0x00, 0x00 };
        uint8_t mf_nr_ar[]   = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
        static uint8_t mf_nr_ar3;
 
+       mf_auth[1] = block;
+       AppendCrc14443a(mf_auth, 2);
+       
        uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};
        uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
 
@@ -3006,15 +2989,14 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        LEDsoff();
 
-       if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK
-       {
+       // Interactive mode flag, means we need to send ACK
+       if(flags & FLAG_INTERACTIVE) {
                //May just aswell send the collected ar_nr in the response aswell
                uint8_t len = ar_nr_collected*5*4;
                cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len);
        }
 
-       if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 )
-       {
+       if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 ) {
                if(ar_nr_collected > 1 ) {
                        Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
                        Dbprintf("../tools/mfkey/mfkey32 %06x%08x %08x %08x %08x %08x %08x",
@@ -3063,9 +3045,8 @@ void RAMFUNC SniffMifare(uint8_t param) {
        // param:
        // bit 0 - trigger from first card answer
        // bit 1 - trigger from first reader 7-bit request
-
-       // C(red) A(yellow) B(green)
        LEDsoff();
+
        // init trace buffer
        clear_trace();
        set_tracing(TRUE);
@@ -3073,8 +3054,9 @@ void RAMFUNC SniffMifare(uint8_t param) {
        // The command (reader -> tag) that we're receiving.
        // The length of a received command will in most cases be no more than 18 bytes.
        // So 32 should be enough!
-       uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};
+       uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};    
        uint8_t receivedCmdPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
+
        // The response (tag -> reader) that we're receiving.
        uint8_t receivedResponse[MAX_MIFARE_FRAME_SIZE] = {0x00};
        uint8_t receivedResponsePar[MAX_MIFARE_PARITY_SIZE] = {0x00};
@@ -3083,6 +3065,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
 
        // free eventually allocated BigBuf memory
        BigBuf_free();
+       
        // allocate the DMA buffer, used to stream samples from the FPGA
        uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
        uint8_t *data = dmaBuf;
index 0b9962e1e5cf5ffe727051163ede8e9a4c0d6aad..9d033f61c450bea1c7c45b83c57f5e04d3744ea8 100644 (file)
@@ -345,7 +345,7 @@ void SimulateIso14443bTag(void)
        // response to HLTB and ATTRIB
        static const uint8_t response2[] = {0x00, 0x78, 0xF0};
 
-       uint8_t parity[MAX_PARITY_SIZE];
+       uint8_t parity[MAX_PARITY_SIZE] = {0x00};
                                
        FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 
@@ -383,14 +383,12 @@ void SimulateIso14443bTag(void)
 
        for(;;) {
 
-               if(!GetIso14443bCommandFromReader(receivedCmd, &len)) {
-               Dbprintf("button pressed, received %d commands", cmdsRecvd);
-               break;
+               if (!GetIso14443bCommandFromReader(receivedCmd, &len)) {
+                       Dbprintf("button pressed, received %d commands", cmdsRecvd);
+                       break;
                }
 
-               if (tracing) {
-                       LogTrace(receivedCmd, len, 0, 0, parity, TRUE);
-               }
+               LogTrace(receivedCmd, len, 0, 0, parity, TRUE);
 
                // Good, look at the command now.
                if ( (len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len) == 0)
@@ -410,14 +408,14 @@ void SimulateIso14443bTag(void)
                        // And print whether the CRC fails, just for good measure
                        uint8_t b1, b2;
                        if (len >= 3){ // if crc exists
-                       ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2);
-                       if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) {
-                               // Not so good, try again.
-                               DbpString("+++CRC fail");
-               
-                       } else {
-                               DbpString("CRC passes");
-                       }
+                               ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2);
+                               if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) {
+                                       // Not so good, try again.
+                                       DbpString("+++CRC fail");
+                       
+                               } else {
+                                       DbpString("CRC passes");
+                               }
                        }
                        //get rid of compiler warning
                        respCodeLen = 0;
@@ -462,7 +460,7 @@ void SimulateIso14443bTag(void)
                                AT91C_BASE_SSC->SSC_THR = respCode[i++];
                                FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
                        }
-                               if(BUTTON_PRESS()) break;
+                       if(BUTTON_PRESS()) break;
                }
                
                // Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
@@ -475,8 +473,7 @@ void SimulateIso14443bTag(void)
                        }
                }
                
-               // trace the response:
-               if (tracing) LogTrace(resp, respLen, 0, 0, parity, FALSE);                      
+               LogTrace(resp, respLen, 0, 0, parity, FALSE);                   
        }
        FpgaDisableSscDma();
        set_tracing(FALSE);     
@@ -793,8 +790,8 @@ static void GetSamplesFor14443bDemod(int n, bool quiet)
        }
 
        //Tracing
-       if (tracing && Demod.len > 0) {
-               uint8_t parity[MAX_PARITY_SIZE];
+       if (Demod.len > 0) {
+               uint8_t parity[MAX_PARITY_SIZE] = {0x00};
                LogTrace(Demod.output, Demod.len, 0, 0, parity, FALSE);
        }
 }
@@ -1216,7 +1213,7 @@ void RAMFUNC SnoopIso14443b(void)
        upTo = dmaBuf;
        lastRxCounter = ISO14443B_DMA_BUFFER_SIZE;
        FpgaSetupSscDma((uint8_t*) dmaBuf, ISO14443B_DMA_BUFFER_SIZE);
-       uint8_t parity[MAX_PARITY_SIZE];
+       uint8_t parity[MAX_PARITY_SIZE] = {0x00};
 
        bool TagIsActive = FALSE;
        bool ReaderIsActive = FALSE;
@@ -1245,10 +1242,12 @@ void RAMFUNC SnoopIso14443b(void)
                                Dbprintf("blew circular buffer! behindBy=%d", behindBy);
                                break;
                        }
+                       
                        if(!tracing) {
-                               DbpString("Reached trace limit");
+                               DbpString("Trace full");
                                break;
                        }
+                       
                        if(BUTTON_PRESS()) {
                                DbpString("cancelled");
                                break;
@@ -1258,26 +1257,26 @@ void RAMFUNC SnoopIso14443b(void)
                samples += 2;
 
                if (!TagIsActive) {                                                     // no need to try decoding reader data if the tag is sending
-                       if(Handle14443bUartBit(ci & 0x01)) {
-                       if(triggered && tracing) {
+                       if (Handle14443bUartBit(ci & 0x01)) {
+                               if ( triggered)
                                        LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, TRUE);
+
+                               /* And ready to receive another command. */
+                               UartReset();
+                               /* And also reset the demod code, which might have been */
+                               /* false-triggered by the commands from the reader. */
+                               DemodReset();
                        }
-                       /* And ready to receive another command. */
-                       UartReset();
-                       /* And also reset the demod code, which might have been */
-                       /* false-triggered by the commands from the reader. */
-                       DemodReset();
-               }
-                       if(Handle14443bUartBit(cq & 0x01)) {
-                       if(triggered && tracing) {
+                       if (Handle14443bUartBit(cq & 0x01)) {
+                               if (triggered)
                                        LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, TRUE);
-                       }
-                       /* And ready to receive another command. */
-                       UartReset();
-                       /* And also reset the demod code, which might have been */
-                       /* false-triggered by the commands from the reader. */
-                       DemodReset();
-               }
+
+                                       /* And ready to receive another command. */
+                                       UartReset();
+                                       /* And also reset the demod code, which might have been */
+                                       /* false-triggered by the commands from the reader. */
+                                       DemodReset();
+                               }
                        ReaderIsActive = (Uart.state > STATE_GOT_FALLING_EDGE_OF_SOF);
                }
 
@@ -1285,25 +1284,21 @@ void RAMFUNC SnoopIso14443b(void)
                        // is this | 0x01 the error?   & 0xfe  in https://github.com/Proxmark/proxmark3/issues/103
                        if(Handle14443bSamplesDemod(ci & 0xfe, cq & 0xfe)) {
 
-                       //Use samples as a time measurement
-                       if(tracing)
-                       {
-                               //uint8_t parity[MAX_PARITY_SIZE];
+                               //Use samples as a time measurement
                                LogTrace(Demod.output, Demod.len, samples, samples, parity, FALSE);
-                       }
-                       triggered = TRUE;
 
-                       // And ready to receive another response.
-                       DemodReset();
-               }
+                               triggered = TRUE;
+
+                               // And ready to receive another response.
+                               DemodReset();
+                       }
                        TagIsActive = (Demod.state > DEMOD_GOT_FALLING_EDGE_OF_SOF);
                }
        }
 
        FpgaDisableSscDma();
        LEDsoff();
-       set_tracing(FALSE);     
-               
+       
        AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
        DbpString("Snoop statistics:");
        Dbprintf("  Max behind by: %i", maxBehindBy);
@@ -1311,6 +1306,7 @@ void RAMFUNC SnoopIso14443b(void)
        Dbprintf("  Uart ByteCnt: %i", Uart.byteCnt);
        Dbprintf("  Uart ByteCntMax: %i", Uart.byteCntMax);
        Dbprintf("  Trace length: %i", BigBuf_get_traceLen());
+       set_tracing(FALSE);     
 }
 
 
@@ -1337,13 +1333,13 @@ void SendRawCommand14443B(uint32_t datalen, uint32_t recv, uint8_t powerfield, u
                CodeAndTransmit14443bAsReader(data, datalen);
        }
 
-       if(recv) {
+       if (recv) {
                GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, FALSE);
                uint16_t iLen = MIN(Demod.len, USB_CMD_DATA_SIZE);
                cmd_send(CMD_ACK, iLen, 0, 0, Demod.output, iLen);
        }
        
-       if(!powerfield) {
+       if (!powerfield) {
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
                FpgaDisableSscDma();
                set_tracing(FALSE);
index 0443c1f1c3c3da625deb24a77552b88d183fa011..a3ce6acf9595b6b7f9135503a8debb650f10f9b6 100644 (file)
@@ -44,6 +44,7 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
+       set_tracing(true);\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
@@ -96,6 +97,7 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
+       set_tracing(true);\r
 \r
        if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
@@ -131,6 +133,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
+       set_tracing(true);\r
 \r
        int len = iso14443a_select_card(NULL, NULL, NULL, true, 0);\r
        if(!len) {\r
@@ -202,7 +205,8 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
-\r
+       set_tracing(true);\r
+       \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
@@ -258,7 +262,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
        // free eventually allocated BigBuf memory\r
        BigBuf_free();\r
        clear_trace();\r
-\r
+       set_tracing(true);\r
+       \r
        // params\r
        uint8_t blockNo = arg0;\r
        uint16_t blocks = arg1;\r
@@ -368,7 +373,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
-\r
+       set_tracing(true);\r
+       \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
@@ -426,6 +432,7 @@ void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
        LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
 \r
        clear_trace();\r
+       set_tracing(true);\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        if(!iso14443a_select_card(uid, NULL, NULL, true, 0)) {\r
@@ -473,7 +480,8 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
-\r
+       set_tracing(true);\r
+       \r
        if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
                if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
                OnError(0);\r
@@ -532,7 +540,8 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        clear_trace();\r
-\r
+       set_tracing(true);\r
+       \r
        if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
                if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
                OnError(0);\r
@@ -982,7 +991,9 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        LED_C_OFF();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
-       if (clearTrace) clear_trace();\r
+       if (clearTrace) \r
+               clear_trace();\r
+       \r
        set_tracing(TRUE);\r
 \r
        for (i = 0; i < keyCount; i++) {\r
@@ -1354,6 +1365,7 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
     \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        clear_trace();\r
+       set_tracing(true);\r
 \r
        int len = iso14443a_select_card(uid, NULL, &cuid, true, 0);\r
        if(!len) {\r
index 8336d79330e588b7197fdb40896838ed663caf97..75cb9e732e857f4c54d55ecca63a8c313aa3471f 100644 (file)
@@ -63,9 +63,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
                print_result(" RX    : ", datain, datalen);
        }
        
-       if ( flags & CLEARTRACE ){
+       if ( flags & CLEARTRACE )
                clear_trace();
-       }
        
        if ( flags & INIT ){
                if ( !InitDesfireCard() )
@@ -73,9 +72,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
        }
        
        int len = DesfireAPDU(datain, datalen, resp);
-       if (MF_DBGLEVEL >= 4) {
+       if (MF_DBGLEVEL >= 4)
                print_result("ERR <--: ", resp, len);
-       }
 
        if ( !len ) {
                OnError(2);
@@ -85,9 +83,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
        // reset the pcb_blocknum,
        pcb_blocknum = 0;
        
-       if ( flags & DISCONNECT ){
+       if ( flags & DISCONNECT )
                OnSuccess();
-       }
        
        cmd_send(CMD_ACK,1,len,0,resp,len);
 }
index 0cc2963bc3a88c7c7854ea11689d75773f3265bf..3194f8d8c06a6510b4090db369b78a23c07a2ea2 100644 (file)
@@ -169,6 +169,5 @@ bool intMfSniffSend() {
        LED_B_OFF();\r
 \r
        clear_trace();\r
-       \r
        return TRUE;\r
 }\r
index 0971e3066e3ed0882c0497d1cf148d21eb74af0e..2d198820713e5252261a7b6e23c6db9bdb8d063a 100644 (file)
@@ -202,7 +202,7 @@ int CmdLegicLoad(const char *Cmd) {
     }
        
     char line[80]; 
-       int offset = 0, j
+       int offset = 0; 
        uint32_t data[8] = {0x00};
        
     while ( fgets(line, sizeof(line), f) ) {
index e10a88f3940c7ef37b7cf6496fa64609f70834b2..bd27ba0caa40ac08250d631a305d9d7b4a33e150 100644 (file)
@@ -21,8 +21,17 @@ int CmdHF14AMifare(const char *Cmd)
        uint64_t par_list = 0, ks_list = 0, r_key = 0;\r
        int16_t isOK = 0;\r
        int tmpchar; \r
+       uint8_t blockNo = 0;\r
+       \r
+       char cmdp = param_getchar(Cmd, 0);      \r
+       if ( cmdp == 'H' || cmdp == 'h') {\r
+               PrintAndLog("Usage:  hf mf mifare <block number>");\r
+               PrintAndLog("        sample: hf mf mifare 0");\r
+               return 0;\r
+       }       \r
        \r
-       UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}};\r
+       blockNo = param_get8(Cmd, 0);\r
+       UsbCommand c = {CMD_READER_MIFARE, {true, blockNo, 0}};\r
 \r
        // message\r
        printf("-------------------------------------------------------------------------\n");\r
@@ -754,6 +763,8 @@ int CmdHF14AMfNested(const char *Cmd)
                                \r
                                uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r
                                \r
+                               PrintAndLog("Reading block %d", sectrail);\r
+                                                       \r
                                UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};\r
                                num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A\r
                                clearCommandBuffer();\r
@@ -1159,9 +1170,11 @@ int CmdHF14AMfChk(const char *Cmd)
        for (i = 0; i < SectorsCnt; i++) {\r
                // KEY A  but not KEY B\r
                if ( e_sector[i].foundKey[0] && !e_sector[i].foundKey[1] ) {\r
-                       \r
+                                               \r
                        uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r
                        \r
+                       PrintAndLog("Reading block %d", sectrail);\r
+                       \r
                        UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};\r
                        num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A\r
                        clearCommandBuffer();\r
index e2d6da74ebd7c042b113eda6333c99bff2e62913..07421ea19b3bbb2ac14feeec6c981f476e3b019c 100644 (file)
@@ -88,7 +88,7 @@ typedef struct noncelist {
 } noncelist_t;
 
 
-static uint32_t cuid;
+static uint32_t cuid = 0;
 static noncelist_t nonces[256];
 static uint8_t best_first_bytes[256];
 static uint16_t first_byte_Sum = 0;
Impressum, Datenschutz