//-------------------------------------------------------------------------------------
static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing)
{
-
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
uint32_t ThisTransferTime = 0;
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = cmd[c];
c++;
- if(c >= len) {
+ if(c >= len)
break;
- }
}
}
void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity)
{
int i, j;
- int last;
+ int last = 0;
uint8_t b;
ToSendReset();
// Start of Communication (Seq. Z)
ToSend[++ToSendMax] = SEC_Z;
LastProxToAirDuration = 8 * (ToSendMax+1) - 6;
- last = 0;
size_t bytecount = nbytes(bits);
// Generate send structure for the data bits
Code4bitAnswerAsTag(resp);
int res = EmSendCmd14443aRaw(ToSend, ToSendMax, correctionNeeded);
// do the tracing for the previous reader request and this tag answer:
- uint8_t par[1];
+ uint8_t par[1] = {0x00};
GetParity(&resp, 1, par);
EmLogTrace(Uart.output,
Uart.len,
}
int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded){
- uint8_t par[MAX_PARITY_SIZE];
+ uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(resp, respLen, par);
return EmSendCmdExPar(resp, respLen, correctionNeeded, par);
}
int EmSendCmd(uint8_t *resp, uint16_t respLen){
- uint8_t par[MAX_PARITY_SIZE];
+ uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(resp, respLen, par);
return EmSendCmdExPar(resp, respLen, false, par);
}
uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
reader_EndTime = tag_StartTime - exact_fdt;
reader_StartTime = reader_EndTime - reader_modlen;
- if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE)) {
+
+ if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE))
return FALSE;
- } else return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
+ else
+ return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
+
} else {
return TRUE;
}
LED_A_ON();
// Log reader command in trace buffer
- if (tracing) {
+ if (tracing)
LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, TRUE);
- }
}
void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
{
// Generate parity and redirect
- uint8_t par[MAX_PARITY_SIZE];
+ uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(frame, len/8, par);
ReaderTransmitBitsPar(frame, len, par, timing);
}
void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing)
{
// Generate parity and redirect
- uint8_t par[MAX_PARITY_SIZE];
+ uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(frame, len, par);
ReaderTransmitBitsPar(frame, len*8, par, timing);
}
int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parity)
{
- if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset)) return FALSE;
- if (tracing) {
+ if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset))
+ return FALSE;
+
+ if (tracing)
LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
- }
+
return Demod.len;
}
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity)
{
- if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) return FALSE;
- if (tracing) {
+ if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0))
+ return FALSE;
+
+ if (tracing)
LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
- }
+
return Demod.len;
}
static byte_t par_low = 0;
bool led_on = TRUE;
uint8_t uid[10] = {0};
- uint32_t cuid;
+ uint32_t cuid = 0;
uint32_t nt = 0;
uint32_t previous_nt = 0;
static int32_t sync_cycles = 0;
int catch_up_cycles = 0;
int last_catch_up = 0;
- uint16_t elapsed_prng_sequences;
+ uint16_t elapsed_prng_sequences = 0;
uint16_t consecutive_resyncs = 0;
int isOK = 0;
int16_t debug_info_nr = -1;
uint16_t strategy = 0;
int32_t debug_info[MAX_STRATEGY][NUM_DEBUG_INFOS];
- uint32_t select_time;
- uint32_t halt_time;
+ uint32_t select_time = 0;
+ uint32_t halt_time = 0;
for(uint16_t i = 0; TRUE; ++i) {
SpinDelay(200);
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
SpinDelay(100);
+ WDT_HIT();
}
if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {
while(GetCountSspClk() > sync_time) {
elapsed_prng_sequences++;
sync_time = (sync_time & 0xfffffff8) + sync_cycles;
- }
+ }
// Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
+
} else {
// collect some information on tag nonces for debugging:
#define DEBUG_FIXED_SYNC_CYCLES PRNG_SEQUENCE_LENGTH
} else {
if (nt_diff == 0 && first_try) {
par[0]++;
- if (par[0] == 0x00) { // tried all 256 possible parities without success. Card doesn't send NACK.
+ if (par[0] == 0x00) { // tried all 256 possible parities without success. Card doesn't send NACK.
isOK = -2;
break;
}
}
}
-
mf_nr_ar[3] &= 0x1F;
-
+
+ WDT_HIT();
+
if (isOK == -4) {
if (MF_DBGLEVEL >= 3) {
for (uint16_t i = 0; i <= MAX_STRATEGY; ++i) {
struct Crypto1State *pcs;
pcs = &mpcs;
uint32_t numReads = 0;//Counts numer of times reader read a block
- uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE];
- uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE];
- uint8_t response[MAX_MIFARE_FRAME_SIZE];
- uint8_t response_par[MAX_MIFARE_PARITY_SIZE];
+ uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};
+ uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE] = {0x00};
+ uint8_t response[MAX_MIFARE_FRAME_SIZE] = {0x00};
+ uint8_t response_par[MAX_MIFARE_PARITY_SIZE] = {0x00};
uint8_t rATQA[] = {0x04, 0x00}; // Mifare classic 1k 4BUID
uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
}\r
\r
UsbCommand resp;\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {\r
+ if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {\r
isOK = resp.arg[0];\r
uid = (uint32_t)bytes_to_num(resp.d.asBytes + 0, 4);\r
nt = (uint32_t)bytes_to_num(resp.d.asBytes + 4, 4);\r
}\r
t1 = clock() - t1;\r
if ( t1 > 0 ){\r
- PrintAndLog("Time in darkside: %f ticks - %1.2f sec\n", (float)t1, ((float)t1)/CLOCKS_PER_SEC);\r
+ PrintAndLog("Time in darkside: %.0f ticks - %4.2f sec\n (%u)", (float)t1, ((float)t1)/CLOCKS_PER_SEC, CLOCKS_PER_SEC);\r
}\r
return 0;\r
}\r
\r
if (!res) {\r
e_sector[i].Key[j] = key64;\r
- e_sector[i].foundKey[j] = 1;\r
+ e_sector[i].foundKey[j] = TRUE;\r
}\r
}\r
}\r
if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) continue;\r
\r
uint8_t isOK = resp.arg[0] & 0xff;\r
- uint8_t *data = resp.d.asBytes;\r
-\r
- if (isOK) {\r
+ if (!isOK) continue;\r
\r
- key64 = bytes_to_num(data+10, 6);\r
- if (key64) {\r
- PrintAndLog("Data:%s", sprint_hex(data+10, 6));\r
- e_sector[i].foundKey[1] = 1;\r
- e_sector[i].Key[1] = key64;\r
- }\r
+ uint8_t *data = resp.d.asBytes;\r
+ key64 = bytes_to_num(data+10, 6);\r
+ if (key64) {\r
+ PrintAndLog("Data:%s", sprint_hex(data+10, 6));\r
+ e_sector[i].foundKey[1] = 1;\r
+ e_sector[i].Key[1] = key64;\r
}\r
}\r
}\r
\r
t1 = clock() - t1;\r
- if ( t1 > 0 ) {\r
- PrintAndLog("Time in nested: %f ticks %1.2f sec (%1.2f sec per key)\n\n", (float)t1, ((float)t1)/CLOCKS_PER_SEC, ((float)t1)/iterations/CLOCKS_PER_SEC);\r
- }\r
+ if ( t1 > 0 )\r
+ PrintAndLog("Time in nested: %.0f ticks %4.2f sec (%4.2f sec per key)\n", (float)t1, ((float)t1)/CLOCKS_PER_SEC, ((float)t1)/iterations/CLOCKS_PER_SEC);\r
\r
- PrintAndLog("-----------------------------------------------\nIterations count: %d\n\n", iterations);\r
//print them\r
- PrintAndLog("|---|----------------|---|----------------|---|");\r
- PrintAndLog("|sec|key A |res|key B |res|");\r
- PrintAndLog("|---|----------------|---|----------------|---|");\r
- for (i = 0; i < SectorsCnt; i++) {\r
- PrintAndLog("|%03d| %012"llx" | %d | %012"llx" | %d |", i,\r
- e_sector[i].Key[0], \r
- e_sector[i].foundKey[0], \r
- e_sector[i].Key[1], \r
- e_sector[i].foundKey[1]\r
- );\r
- }\r
- PrintAndLog("|---|----------------|---|----------------|---|");\r
+ printKeyTable( SectorsCnt, e_sector );\r
\r
// transfer them to the emulator\r
if (transferToEml) {\r
uint8_t *keyBlock = NULL, *p;\r
uint8_t stKeyBlock = 20;\r
\r
+ sector *e_sector = NULL;\r
+ \r
int i, res;\r
int keycnt = 0;\r
char ctmp = 0x00;\r
uint8_t keyType = 0;\r
uint64_t key64 = 0;\r
\r
+ uint8_t tempkey[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
+ \r
int transferToEml = 0;\r
int createDumpFile = 0;\r
\r
}\r
\r
// initialize storage for found keys\r
- bool validKey[2][40];\r
- uint8_t foundKey[2][40][6];\r
- for (uint16_t t = 0; t < 2; t++) {\r
- for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
- validKey[t][sectorNo] = false;\r
- for (uint16_t i = 0; i < 6; i++) {\r
- foundKey[t][sectorNo][i] = 0xff;\r
- }\r
- }\r
+ e_sector = calloc(SectorsCnt, sizeof(sector));\r
+ if (e_sector == NULL) {\r
+ free(keyBlock);\r
+ return 1;\r
}\r
+\r
+ uint8_t trgKeyType = 0;\r
+ \r
// time\r
clock_t t1 = clock();\r
- \r
- for ( int t = !keyType; t < 2; keyType==2?(t++):(t=2) ) {\r
- int b=blockNo;\r
+ \r
+ // check keys.\r
+ for (trgKeyType = 0; trgKeyType < 2; ++trgKeyType) {\r
+ int b = blockNo;\r
for (int i = 0; i < SectorsCnt; ++i) {\r
- PrintAndLog("--sector:%2d, block:%3d, key type:%C, key count:%2d ", i, b, t?'B':'A', keycnt);\r
- uint32_t max_keys = keycnt>USB_CMD_DATA_SIZE/6?USB_CMD_DATA_SIZE/6:keycnt;\r
- for (uint32_t c = 0; c < keycnt; c+=max_keys) {\r
- uint32_t size = keycnt-c>max_keys?max_keys:keycnt-c;\r
- res = mfCheckKeys(b, t, true, size, &keyBlock[6*c], &key64);\r
- if (res != 1) {\r
- if (!res) {\r
- PrintAndLog("Found valid key:[%012"llx"]",key64);\r
- num_to_bytes(key64, 6, foundKey[t][i]);\r
- validKey[t][i] = true;\r
- } \r
+ \r
+ // skip already found keys.\r
+ if (e_sector[i].foundKey[trgKeyType]) continue;\r
+ \r
+ PrintAndLog("--sector:%2d, block:%3d, key type:%C, key count:%2d ", i, b, trgKeyType ? 'B':'A', keycnt);\r
+ \r
+ uint32_t max_keys = keycnt > (USB_CMD_DATA_SIZE/6) ? (USB_CMD_DATA_SIZE/6) : keycnt;\r
+ \r
+ for (uint32_t c = 0; c < keycnt; c += max_keys) {\r
+ \r
+ uint32_t size = keycnt-c > max_keys ? max_keys : keycnt-c;\r
+ \r
+ res = mfCheckKeys(b, trgKeyType, true, size, &keyBlock[6*c], &key64);\r
+ if (!res) {\r
+ PrintAndLog("Found valid key:[%012"llx"]",key64); \r
+ e_sector[i].Key[trgKeyType] = key64;\r
+ e_sector[i].foundKey[trgKeyType] = TRUE;\r
+ break;\r
} else {\r
- PrintAndLog("Command execute timeout");\r
+ e_sector[i].Key[trgKeyType] = 0xffffffffffff;\r
+ e_sector[i].foundKey[trgKeyType] = FALSE;\r
}\r
}\r
- b<127?(b+=4):(b+=16); \r
+ b < 127 ? ( b +=4 ) : ( b += 16 ); \r
}\r
}\r
- t1 = clock() - t1;\r
- if ( t1 > 0 ){\r
- printf("Time in checkkeys: %f ticks %1.2f sec (%1.2f sec per key)\n\n", (float)t1, ((float)t1)/CLOCKS_PER_SEC, ((float)t1)/keycnt/CLOCKS_PER_SEC);\r
+ // 20160116 If Sector A is found, but not Sector B, try just reading it of the tag?\r
+ PrintAndLog("testing to read B...");\r
+ for (i = 0; i < SectorsCnt; i++) {\r
+ // KEY A but not KEY B\r
+ if ( e_sector[i].foundKey[0] && !e_sector[i].foundKey[1] ) {\r
+ \r
+ uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);\r
+ \r
+ UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};\r
+ num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+\r
+ UsbCommand resp;\r
+ if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) continue;\r
+ \r
+ uint8_t isOK = resp.arg[0] & 0xff;\r
+ if (!isOK) continue;\r
+\r
+ uint8_t *data = resp.d.asBytes;\r
+ key64 = bytes_to_num(data+10, 6);\r
+ if (key64) {\r
+ PrintAndLog("Data:%s", sprint_hex(data+10, 6));\r
+ e_sector[i].foundKey[1] = 1;\r
+ e_sector[i].Key[1] = key64;\r
+ }\r
+ }\r
}\r
+ \r
+ t1 = clock() - t1;\r
+ if ( t1 > 0 )\r
+ printf("Time in checkkeys: %.0f ticks %1.2f sec (%1.2f sec per key)\n\n", (float)t1, ((float)t1)/CLOCKS_PER_SEC, ((float)t1)/keycnt/CLOCKS_PER_SEC);\r
\r
+ //print them\r
+ printKeyTable( SectorsCnt, e_sector );\r
+ \r
if (transferToEml) {\r
- uint8_t block[16];\r
- for (uint16_t sectorNo = 0; sectorNo < SectorsCnt; sectorNo++) {\r
- if (validKey[0][sectorNo] || validKey[1][sectorNo]) {\r
- mfEmlGetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
- for (uint16_t t = 0; t < 2; t++) {\r
- if (validKey[t][sectorNo]) {\r
- memcpy(block + t*10, foundKey[t][sectorNo], 6);\r
- }\r
- }\r
- mfEmlSetMem(block, FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 1);\r
- }\r
+ uint8_t block[16] = {0x00};\r
+ for (uint8_t i = 0; i < SectorsCnt; ++i ) {\r
+ mfEmlGetMem(block, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);\r
+ if (e_sector[i].foundKey[0])\r
+ num_to_bytes(e_sector[i].Key[0], 6, block);\r
+ if (e_sector[i].foundKey[1])\r
+ num_to_bytes(e_sector[i].Key[1], 6, block+10);\r
+ mfEmlSetMem(block, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);\r
}\r
PrintAndLog("Found keys have been transferred to the emulator memory");\r
}\r
-\r
+ \r
if (createDumpFile) {\r
FILE *fkeys = fopen("dumpkeys.bin","wb");\r
if (fkeys == NULL) { \r
PrintAndLog("Could not create file dumpkeys.bin");\r
free(keyBlock);\r
+ free(e_sector);\r
return 1;\r
}\r
- for (uint16_t t = 0; t < 2; t++) {\r
- fwrite(foundKey[t], 1, 6*SectorsCnt, fkeys);\r
+ PrintAndLog("Printing keys to binary file dumpkeys.bin...");\r
+ \r
+ for( i=0; i<SectorsCnt; i++) {\r
+ num_to_bytes(e_sector[i].Key[0], 6, tempkey);\r
+ fwrite ( tempkey, 1, 6, fkeys );\r
+ }\r
+ for(i=0; i<SectorsCnt; i++) {\r
+ num_to_bytes(e_sector[i].Key[1], 6, tempkey);\r
+ fwrite ( tempkey, 1, 6, fkeys );\r
}\r
fclose(fkeys);\r
- PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys.");\r
+ PrintAndLog("Found keys have been dumped to file dumpkeys.bin. 0xffffffffffff has been inserted for unknown keys."); \r
}\r
-\r
+ \r
free(keyBlock);\r
+ free(e_sector);\r
PrintAndLog("");\r
return 0;\r
}\r
\r
+void printKeyTable( uint8_t sectorscnt, sector *e_sector ){\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+ PrintAndLog("|sec|key A |res|key B |res|");\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+ for (uint8_t i = 0; i < sectorscnt; ++i) {\r
+ PrintAndLog("|%03d| %012"llx" | %d | %012"llx" | %d |", i,\r
+ e_sector[i].Key[0], e_sector[i].foundKey[0], \r
+ e_sector[i].Key[1], e_sector[i].foundKey[1]\r
+ );\r
+ }\r
+ PrintAndLog("|---|----------------|---|----------------|---|");\r
+}\r
+\r
int CmdHF14AMf1kSim(const char *Cmd)\r
{\r
uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};\r
projects / proxmark3-svn / commitdiff