if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending - and we cannot afford the time
// is this | 0x01 the error? & 0xfe in https://github.com/Proxmark/proxmark3/issues/103
- if(Handle14443bSamplesDemod(ci | 0x01, cq | 0x01)) {
+ if(Handle14443bSamplesDemod(ci & 0xfe, cq & 0xfe)) {
//Use samples as a time measurement
if(tracing)
int CmdHF14BSim(const char *Cmd)
{
- UsbCommand c={CMD_SIMULATE_TAG_ISO_14443B};
+ UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443B};
clearCommandBuffer();
SendCommand(&c);
return 0;
#define PACKED __attribute__((packed))
#endif
+#define USB_CMD_DATA_SIZE 512
+
typedef struct {
- uint32_t cmd;
- uint32_t arg[3];
+ uint64_t cmd;
+ uint64_t arg[3];
union {
- uint8_t asBytes[48];
- uint32_t asDwords[12];
+ uint8_t asBytes[USB_CMD_DATA_SIZE];
+ uint32_t asDwords[USB_CMD_DATA_SIZE/4];
} d;
} PACKED UsbCommand;
+// A struct used to send sample-configs over USB
+typedef struct{
+ uint8_t decimation;
+ uint8_t bits_per_sample;
+ bool averaging;
+ int divisor;
+ int trigger_threshold;
+} sample_config;
// For the bootloader
#define CMD_DEVICE_INFO 0x0000
#define CMD_STATUS 0x0108
#define CMD_PING 0x0109
-
// For low-frequency tags
#define CMD_READ_TI_TYPE 0x0202
#define CMD_WRITE_TI_TYPE 0x0203
#define CMD_IO_DEMOD_FSK 0x021A
#define CMD_IO_CLONE_TAG 0x021B
#define CMD_EM410X_DEMOD 0x021c
+// Sampling configuration for LF reader/snooper
#define CMD_SET_LF_SAMPLING_CONFIG 0x021d
#define CMD_FSK_SIM_TAG 0x021E
#define CMD_ASK_SIM_TAG 0x021F
#define CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693 0x0300
#define CMD_READ_SRI512_TAG 0x0303
#define CMD_READ_SRIX4K_TAG 0x0304
+#define CMD_ISO_14443B_COMMAND 0x0305
#define CMD_READER_ISO_15693 0x0310
#define CMD_SIMTAG_ISO_15693 0x0311
#define CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693 0x0312
#define CMD_ISO_15693_COMMAND_DONE 0x0314
#define CMD_ISO_15693_FIND_AFI 0x0315
#define CMD_ISO_15693_DEBUG 0x0316
+#define CMD_LF_SNOOP_RAW_ADC_SAMPLES 0x0317
// For Hitag2 transponders
#define CMD_SNOOP_HITAG 0x0370
#define CMD_SNOOP_ICLASS 0x0392
#define CMD_SIMULATE_TAG_ICLASS 0x0393
#define CMD_READER_ICLASS 0x0394
+#define CMD_READER_ICLASS_REPLAY 0x0395
+#define CMD_ICLASS_ISO14443A_WRITE 0x0397
+#define CMD_ICLASS_EML_MEMSET 0x0398
// For measurements of the antenna tuning
#define CMD_MEASURE_ANTENNA_TUNING 0x0400
#define CMD_MIFARE_EML_MEMSET 0x0602
#define CMD_MIFARE_EML_MEMGET 0x0603
#define CMD_MIFARE_EML_CARDLOAD 0x0604
-#define CMD_MIFARE_EML_CSETBLOCK 0x0605
-#define CMD_MIFARE_EML_CGETBLOCK 0x0606
+
+// magic chinese card commands
+#define CMD_MIFARE_CSETBLOCK 0x0605
+#define CMD_MIFARE_CGETBLOCK 0x0606
+#define CMD_MIFARE_CIDENT 0x0607
#define CMD_SIMULATE_MIFARE_CARD 0x0610
#define CMD_MIFARE_NESTED 0x0612
#define CMD_MIFARE_READBL 0x0620
+#define CMD_MIFAREU_READBL 0x0720
#define CMD_MIFARE_READSC 0x0621
+#define CMD_MIFAREU_READCARD 0x0721
#define CMD_MIFARE_WRITEBL 0x0622
+#define CMD_MIFAREU_WRITEBL 0x0722
+#define CMD_MIFAREU_WRITEBL_COMPAT 0x0723
+
#define CMD_MIFARE_CHKKEYS 0x0623
#define CMD_MIFARE_SNIFFER 0x0630
+//ultralightC
+#define CMD_MIFAREUC_AUTH 0x0724
+//0x0725 and 0x0726 no longer used
+#define CMD_MIFAREUC_SETPWD 0x0727
+
+
+// mifare desfire
+#define CMD_MIFARE_DESFIRE_READBL 0x0728
+#define CMD_MIFARE_DESFIRE_WRITEBL 0x0729
+#define CMD_MIFARE_DESFIRE_AUTH1 0x072a
+#define CMD_MIFARE_DESFIRE_AUTH2 0x072b
+#define CMD_MIFARE_DES_READER 0x072c
+#define CMD_MIFARE_DESFIRE_INFO 0x072d
+#define CMD_MIFARE_DESFIRE 0x072e
+
+#define CMD_MIFARE_COLLECT_NONCES 0x072f
#define CMD_UNKNOWN 0xFFFF
+
+//Mifare simulation flags
+#define FLAG_INTERACTIVE 0x01
+#define FLAG_4B_UID_IN_DATA 0x02
+#define FLAG_7B_UID_IN_DATA 0x04
+#define FLAG_NR_AR_ATTACK 0x08
+
+
+//Iclass reader flags
+#define FLAG_ICLASS_READER_ONLY_ONCE 0x01
+#define FLAG_ICLASS_READER_CC 0x02
+#define FLAG_ICLASS_READER_CSN 0x04
+#define FLAG_ICLASS_READER_CONF 0x08
+#define FLAG_ICLASS_READER_AA 0x10
+#define FLAG_ICLASS_READER_ONE_TRY 0x20
+
+
+
// CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions:
/* Whether a bootloader that understands the common_area is present */
#define DEVICE_INFO_FLAG_BOOTROM_PRESENT (1<<0)
return outResults\r
end,\r
\r
+ ----ISO14443-B CRC\r
+ Crc14b = function(s)\r
+ if s == nil then return nil end\r
+ if #s == 0 then return nil end\r
+ if type(s) == 'string' then\r
+ local utils = require('utils')\r
+ local ascii = utils.ConvertHexToAscii(s)\r
+ local hashed = core.iso14443b_crc(ascii)\r
+ return utils.ConvertAsciiToHex(hashed)\r
+ end\r
+ return nil \r
+ end,\r
\r
------------ CRC-16 ccitt checksums\r
-- Takes a hex string and calculates a crc16\r
---\r
-- Convert Byte array to string of hex\r
ConvertBytesToHex = function(bytes)\r
- if #bytes == 0 then\r
- return ''\r
- end\r
+ if bytes == nil then return '' end\r
+ if #bytes == 0 then return '' end\r
local s={}\r
- for i = 1, #(bytes) do\r
+ for i = 1, #bytes do\r
s[i] = string.format("%02X",bytes[i]) \r
end\r
return table.concat(s)\r
end, \r
-- Convert byte array to string with ascii\r
ConvertBytesToAscii = function(bytes)\r
- if #bytes == 0 then\r
- return ''\r
- end\r
+ if bytes == nil then return '' end\r
+ if #bytes == 0 then return '' end\r
local s={}\r
for i = 1, #(bytes) do\r
s[i] = string.char(bytes[i]) \r
end,\r
\r
ConvertHexToAscii = function(s)\r
+ if s == nil then return '' end\r
+ if #s == 0 then return '' end\r
local t={}\r
- if s == nil then return t end\r
- if #s == 0 then return t end\r
for k in s:gmatch"(%x%x)" do\r
table.insert(t, string.char(tonumber(k,16)))\r
end\r
- return table.concat(t) \r
+ return table.concat(t) \r
+ end,\r
+ \r
+ ConvertAsciiToHex = function(s) \r
+ if s == nil then return '' end\r
+ if #s == 0 then return '' end\r
+ local t={}\r
+ for k in s:gmatch"(.)" do\r
+ table.insert(t, string.format("%02X", string.byte(k)))\r
+ end\r
+ return table.concat(t)\r
end,\r
\r
Chars2num = function(s)\r
#include "util.h"
#include "nonce2key/nonce2key.h"
#include "../common/iso15693tools.h"
+#include "iso14443crc.h"
#include "../common/crc16.h"
#include "../common/crc64.h"
#include "../common/sha1.h"
const char *data = luaL_checklstring(L, 1, &size);
if(size != sizeof(UsbCommand))
{
- printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
+ printf("Got data size %d, expected %d" , size, sizeof(UsbCommand));
lua_pushstring(L,"Wrong data size");
return 1;
}
-// UsbCommand c = (*data);
SendCommand((UsbCommand* )data);
return 0; // no return values
}
if(WaitForResponseTimeout(cmd, &response, ms_timeout))
{
//Push it as a string
- lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand));
+ lua_pushlstring(L,(const char *)&response, sizeof(UsbCommand));
return 1;// return 1 to signal one return value
}else{
return 1;
}
+static int l_iso14443b_crc(lua_State *L)
+{
+ /* void ComputeCrc14443(int CrcType,
+ const unsigned char *Data, int Length,
+ unsigned char *TransmitFirst,
+ unsigned char *TransmitSecond)
+ */
+ unsigned char buf[USB_CMD_DATA_SIZE];
+ size_t len = 0;
+ const char *data = luaL_checklstring(L, 1, &len);
+ if (USB_CMD_DATA_SIZE < len)
+ len = USB_CMD_DATA_SIZE-2;
+
+ for (int i = 0; i < len; i += 2) {
+ sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
+ }
+ ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]);
+
+ lua_pushlstring(L, (const char *)&buf, len+2);
+ return 1;
+}
+
/*
Simple AES 128 cbc hook up to OpenSSL.
params: key, input
{"clearCommandBuffer", l_clearCommandBuffer},
{"console", l_CmdConsole},
{"iso15693_crc", l_iso15693_crc},
+ {"iso14443b_crc", l_iso14443b_crc},
{"aes128_decrypt", l_aes128decrypt_cbc},
{"aes128_decrypt_ecb", l_aes128decrypt_ecb},
{"aes128_encrypt", l_aes128encrypt_cbc},
-- Sends an instruction to do nothing, only disconnect
function disconnect()
- local command = Command:new{cmd = cmds.CMD_READER_ISO_14443a,
- arg1 = 0, -- Nothing
- }
+ local command = Command:new{cmd = cmds.CMD_READER_ISO_14443a, arg1 = 0, }
-- We can ignore the response here, no ACK is returned for this command
-- Check /armsrc/iso14443a.c, ReaderIso14443a() for details
return lib14a.sendToDevice(command,true)
local DEBUG = false -- the debug flag
local RANDOM = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'
-local band = bit32.band
-local bor = bit32.bor
-local lshift = bit32.lshift
-local rshift = bit32.rshift
-local byte = string.byte
-local char = string.char
-local sub = string.sub
-local format = string.format
-
-
-
local band = bit32.band
local bor = bit32.bor
local lshift = bit32.lshift
-- This is only meant to be used when errors occur
function oops(err)
print("ERROR: ",err)
+ return nil,err
end
---
-- Usage help