FIX: simple namechange of some defines where it hinted it was related to "eml" when it wasn't.
break;
// Work with "magic Chinese" card
- case CMD_MIFARE_EML_CSETBLOCK:
+ case CMD_MIFARE_CSETBLOCK:
MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
- case CMD_MIFARE_EML_CGETBLOCK:
+ case CMD_MIFARE_CGETBLOCK:
MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
+ case CMD_MIFARE_CIDENT:
+ MifareCIdent();
+ break;
// mifare sniffer
case CMD_MIFARE_SNIFFER:
void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
+void MifareCIdent(); // is "magic chinese" card?
// mifaredesfire.h
bool InitDesfireCard();
\r
// variables\r
byte_t isOK = 0;\r
- uint8_t uid[10];\r
- uint8_t d_block[18];\r
+ uint8_t uid[10] = {0x00};\r
+ uint8_t d_block[18] = {0x00};\r
uint32_t cuid;\r
\r
- memset(uid, 0x00, 10);\r
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
// reset FPGA and LED\r
if (workFlags & 0x08) {\r
- iso14a_clear_trace();\r
- iso14a_set_tracing(TRUE);\r
-\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
- \r
- //SpinDelay(300);\r
- //FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
- //SpinDelay(100);\r
- //FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+ \r
+ iso14a_clear_trace();\r
+ iso14a_set_tracing(TRUE);\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
}\r
\r
while (true) {\r
// get UID from chip\r
if (workFlags & 0x01) {\r
if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
- Dbprintf("ICE");\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
break;\r
};\r
\r
// variables\r
byte_t isOK = 0;\r
- uint8_t data[18];\r
+ uint8_t data[18] = {0x00};\r
uint32_t cuid = 0;\r
\r
- memset(data, 0x00, 18);\r
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
if (workFlags & 0x08) {\r
- // clear trace\r
- iso14a_clear_trace();\r
- iso14a_set_tracing(TRUE);\r
-\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
- \r
- // SpinDelay(300);\r
- // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
- // SpinDelay(100);\r
- // FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+\r
+ iso14a_clear_trace();\r
+ iso14a_set_tracing(TRUE);\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
}\r
\r
while (true) {\r
}\r
}\r
\r
+void MifareCIdent(){\r
+ \r
+ // card commands\r
+ uint8_t wupC1[] = { 0x40 }; \r
+ uint8_t wupC2[] = { 0x43 }; \r
+ \r
+ // variables\r
+ byte_t isOK = 1;\r
+ \r
+ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
+ \r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+ \r
+ ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ isOK = 0;\r
+ };\r
+\r
+ ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ isOK = 0;\r
+ };\r
+\r
+ if (mifare_classic_halt(NULL, 0)) {\r
+ isOK = 0;\r
+ };\r
+\r
+ cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+}\r
+\r
byte_t cardbuf[USB_CMD_DATA_SIZE];
memset(cardbuf,0,sizeof(cardbuf));
+ iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
iso14a_set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
- iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
int len = iso14443a_select_card(NULL,card,NULL);
if (!len) {
cmd[0] = 0x0A; // 0x0A = skicka cid, 0x02 = ingen cid. Särskilda bitar //
cmd[0] |= pcb_blocknum; // OR the block number into the PCB
- cmd[1] = 0x00; // CID: 0x00 //FIXME: allow multiple selected cards
+ cmd[1] = 0x00; // CID: 0x00 //TODO: allow multiple selected cards
memcpy(cmd+2, datain, len);
AppendCrc14443a(cmd, len+2);
memcpy(&card.ats, resp.d.asBytes, resp.arg[0]);
card.ats_len = resp.arg[0]; // note: ats_len includes CRC Bytes
}
-
- // disconnect
- c.arg[0] = 0;
- c.arg[1] = 0;
- c.arg[2] = 0;
- SendCommand(&c);
if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
bool ta1 = 0, tb1 = 0, tc1 = 0;
PrintAndLog("proprietary non iso14443-4 card found, RATS not supported");
}
+
+ // try to see if card responses to "chinese magic backdoor" commands.
+ c.cmd = CMD_MIFARE_CIDENT;
+ c.arg[0] = 0;
+ c.arg[1] = 0;
+ c.arg[2] = 0;
+ SendCommand(&c);
+ WaitForResponse(CMD_ACK,&resp);
+ uint8_t isOK = resp.arg[0] & 0xff;
+ PrintAndLog(" Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") );
+
+ // disconnect
+ c.arg[0] = 0;
+ c.arg[1] = 0;
+ c.arg[2] = 0;
+ SendCommand(&c);
+
return select_status;
}
#define CMD_MIFARE_EML_MEMSET 0x0602
#define CMD_MIFARE_EML_MEMGET 0x0603
#define CMD_MIFARE_EML_CARDLOAD 0x0604
-#define CMD_MIFARE_EML_CSETBLOCK 0x0605
-#define CMD_MIFARE_EML_CGETBLOCK 0x0606
+
+// magic chinese card commands
+#define CMD_MIFARE_CSETBLOCK 0x0605
+#define CMD_MIFARE_CGETBLOCK 0x0606
+#define CMD_MIFARE_CIDENT 0x0607
#define CMD_SIMULATE_MIFARE_CARD 0x0610
projects / proxmark3-svn / commitdiff