]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
chg: LF t55xx trace
authoriceman1001 <iceman@iuse.se>
Mon, 6 Oct 2014 17:42:50 +0000 (19:42 +0200)
committericeman1001 <iceman@iuse.se>
Mon, 6 Oct 2014 17:42:50 +0000 (19:42 +0200)
new:  LF t55xx info

25 files changed:
armsrc/Makefile
armsrc/appmain.c
armsrc/apps.h
armsrc/crapto1.c
armsrc/desfire_crypto.h
armsrc/desfire_key.c
armsrc/desfire_key.h
armsrc/iso14443a.c
armsrc/lfops.c
armsrc/mifaredesfire.c
armsrc/mifaredesfire.h
armsrc/util.c
client/.history [new file with mode: 0644]
client/cmddata.c
client/cmdhfmfdes.c
client/cmdhfmfdes.h
client/cmdlfem4x.c
client/cmdlft55xx.c
client/cmdlft55xx.h
client/ui.c
client/ui.h
common/Makefile.common
common/desfire.h
cp2tau [new file with mode: 0644]
iceman.txt [new file with mode: 0644]

index ea19491ad3414c38cad40db865844a825f8c4cfb..d37e935ac3cd7df26d416d16cf5a15bb85206609 100644 (file)
@@ -16,10 +16,10 @@ APP_CFLAGS  = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_
 #SRC_LCD = fonts.c LCD.c
 SRC_LF = lfops.c hitag2.c
 SRC_ISO15693 = iso15693.c iso15693tools.c 
-SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
-SRC_ISO14443b = iso14443.c
-SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c 
-SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c
+SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c 
+SRC_ISO14443b = iso14443.c 
+SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c 
+SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c 
 
 THUMBSRC = start.c \
        $(SRC_LCD) \
@@ -41,9 +41,8 @@ ARMSRC = fpgaloader.c \
        $(SRC_CRC) \
        legic_prng.c \
        iclass.c \
-       mifaredesfire.c \
-       desfire_crypto.c \
-       desfire_key.c
+       mifaredesfire.c
+       
 
 # stdint.h provided locally until GCC 4.5 becomes C99 compliant
 APP_CFLAGS += -I.
index 6fd6cdcc3cd0332309f37524df93a4e86eca2628..afed56b77b5a7f2b4b2792e0ed9823d6f0839db5 100644 (file)
@@ -18,9 +18,9 @@
 #include "util.h"
 #include "printf.h"
 #include "string.h"
-
 #include <stdarg.h>
 
+
 #include "legicrf.h"
 #include "../include/hitag2.h"
 
@@ -842,7 +842,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
                        MifareDES_Auth1(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
                        break;
                case CMD_MIFARE_DESFIRE_AUTH2:
-                       MifareDES_Auth2(c->arg[0],c->d.asBytes);
+                       //MifareDES_Auth2(c->arg[0],c->d.asBytes);
                        break;
                // case CMD_MIFARE_DES_READER:
                        // ReaderMifareDES(c->arg[0], c->arg[1], c->d.asBytes);
index 90313aec157d6c8f63b08c52f6bb90863689e5f8..6f96875bc23e3dd10d9e4a7141c5e4ae91784b07 100644 (file)
 
 #include <stdint.h>
 #include <stddef.h>
-#include <sys/types.h>
-
 #include <stdlib.h>
+#include <sys/types.h>
 #include <string.h>
 #include <strings.h>
 
-
 #include "../include/common.h"
 #include "../include/hitag2.h"
 #include "../include/mifare.h"
 
 //#include <openssl/des.h>
 //#include <openssl/aes.h>
-
 //#include "des.h"
 //#include "aes.h"
 #include "../common/desfire.h"
 #include "../common/crc32.h"
-//#include "desfire_crypto.h"
-//#include "desfire_key.h"
-
 
 // The large multi-purpose buffer, typically used to hold A/D samples,
 // maybe processed in some way.
@@ -156,6 +150,7 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode );
 void T55xxReadTrace(void);
+void TurnReadLFOn();
 int DemodPCF7931(uint8_t **outBlocks);
 int IsBlock0PCF7931(uint8_t *Block);
 int IsBlock1PCF7931(uint8_t *Block);
@@ -209,30 +204,17 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
 
 // mifaredesfire.h
-bool           InitDesfireCard();
-void           MifareSendCommand(uint8_t arg0,uint8_t arg1, uint8_t *datain);
-void           MifareDesfireGetInformation();
-void           MifareDES_Auth1(uint8_t arg0,uint8_t arg1,uint8_t arg2, uint8_t *datain);
-void           MifareDES_Auth2(uint32_t arg0, uint8_t *datain);
-int            mifare_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);
-void           ReaderMifareDES(uint32_t param, uint32_t param2, uint8_t * datain);
-int            DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout);
-size_t         CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout);
-void           OnSuccess();
-void           OnError();
+bool   InitDesfireCard();
+void   MifareSendCommand(uint8_t arg0,uint8_t arg1, uint8_t *datain);
+void   MifareDesfireGetInformation();
+void   MifareDES_Auth1(uint8_t arg0,uint8_t arg1,uint8_t arg2, uint8_t *datain);
+void   ReaderMifareDES(uint32_t param, uint32_t param2, uint8_t * datain);
+int    DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout);
+size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout);
+void   OnSuccess();
+void   OnError();
+
 
-// desfire_key.h
-desfirekey_t           Desfire_des_key_new (const uint8_t value[8]);
-desfirekey_t           Desfire_3des_key_new (const uint8_t value[16]);
-desfirekey_t           Desfire_des_key_new_with_version (const uint8_t value[8]);
-desfirekey_t           Desfire_3des_key_new_with_version (const uint8_t value[16]);
-desfirekey_t           Desfire_3k3des_key_new (const uint8_t value[24]);
-desfirekey_t           Desfire_3k3des_key_new_with_version (const uint8_t value[24]);
-desfirekey_t           Desfire_aes_key_new (const uint8_t value[16]);
-desfirekey_t           Desfire_aes_key_new_with_version (const uint8_t value[16], uint8_t version);
-uint8_t                Desfire_key_get_version (desfirekey_t key);
-void                   Desfire_key_set_version (desfirekey_t key, uint8_t version);
-desfirekey_t           Desfire_session_key_new (const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey);
 
 // desfire_crypto.h
 void   *mifare_cryto_preprocess_data (desfiretag_t tag, void *data, size_t *nbytes, off_t offset, int communication_settings);
@@ -247,8 +229,6 @@ void    cmac_generate_subkeys (desfirekey_t key);
 void    cmac (const desfirekey_t  key, uint8_t *ivect, const uint8_t *data, size_t len, uint8_t *cmac);
 
 
-
-
 /// iso15693.h
 void RecordRawAdcSamplesIso15693(void);
 void AcquireRawAdcSamplesIso15693(void);
index 9d491d1271ff1fdcda05b5ae980e1530f8d00ccc..17b78e327909e3afe52fa1cdb89fecd0f06b3eae 100644 (file)
@@ -454,7 +454,7 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8])
 \r
        odd = lfsr_prefix_ks(ks, 1);\r
        even = lfsr_prefix_ks(ks, 0);\r
-\r
+       \r
        s = statelist = malloc((sizeof *statelist) << 20);\r
        if(!s || !odd || !even) {\r
                free(statelist);\r
index d580ccc8bee0c40c3b3bee35edb1edfff52c5464..698f11e32ea836ec9f902931712b6ecc8064708d 100644 (file)
@@ -11,5 +11,4 @@
 #include "des.h"
 //#include "aes.h"
 
-
 #endif
index b829013e10b4c990c89b2bce2dc12420985db3c5..b3aa14e91fdd8d9db5782047ac41a07f4b323e37 100644 (file)
@@ -16,8 +16,8 @@
  * 
  * $Id$
  */
-
- #include "desfire_key.h"
+#include <stdlib.h>
+#include "desfire_key.h"
 
 static inline void update_key_schedules (desfirekey_t key);
 
@@ -29,67 +29,68 @@ static inline void update_key_schedules (desfirekey_t key) {
     // }
 }
 
-desfirekey_t Desfire_des_key_new (const uint8_t value[8]) {
+void Desfire_des_key_new (const uint8_t value[8], desfirekey_t key) {
     uint8_t data[8];
     memcpy (data, value, 8);
     for (int n=0; n < 8; n++)
         data[n] &= 0xfe;
-    return Desfire_des_key_new_with_version (data);
+    Desfire_des_key_new_with_version (data, key);
 }
 
-desfirekey_t Desfire_des_key_new_with_version (const uint8_t value[8]) {
-    desfirekey_t key = NULL;
-       key->type = T_DES;
-       memcpy (key->data, value, 8);
-       memcpy (key->data+8, value, 8);
-       update_key_schedules (key);
-    return key;
+void Desfire_des_key_new_with_version (const uint8_t value[8], desfirekey_t key) {
+       if ( key != NULL) {
+               key->type = T_DES;
+               memcpy (key->data, value, 8);
+               memcpy (key->data+8, value, 8);
+               update_key_schedules (key);
+       }
 }
 
-desfirekey_t Desfire_3des_key_new (const uint8_t value[16]) {
+void Desfire_3des_key_new (const uint8_t value[16], desfirekey_t key) {
     uint8_t data[16];
     memcpy (data, value, 16);
     for (int n=0; n < 8; n++)
         data[n] &= 0xfe;
     for (int n=8; n < 16; n++)
         data[n] |= 0x01;
-    return Desfire_3des_key_new_with_version (data);
+    Desfire_3des_key_new_with_version (data, key);
 }
 
-desfirekey_t Desfire_3des_key_new_with_version (const uint8_t value[16]) {
-    desfirekey_t key = NULL;
-       key->type = T_3DES;
-       memcpy (key->data, value, 16);
-       update_key_schedules (key);
-    return key;
+void Desfire_3des_key_new_with_version (const uint8_t value[16], desfirekey_t key) {
+    if ( key != NULL ){
+               key->type = T_3DES;
+               memcpy (key->data, value, 16);
+               update_key_schedules (key);
+       }
 }
 
-desfirekey_t Desfire_3k3des_key_new (const uint8_t value[24]) {
+void Desfire_3k3des_key_new (const uint8_t value[24], desfirekey_t key) {
     uint8_t data[24];
     memcpy (data, value, 24);
     for (int n=0; n < 8; n++)
         data[n] &= 0xfe;
-    return Desfire_3k3des_key_new_with_version (data);
+    Desfire_3k3des_key_new_with_version (data, key);
 }
 
-desfirekey_t Desfire_3k3des_key_new_with_version (const uint8_t value[24]) {
-    desfirekey_t key = NULL;
-    key->type = T_3K3DES;
-    memcpy (key->data, value, 24);
-    update_key_schedules (key);
-    return key;
+void Desfire_3k3des_key_new_with_version (const uint8_t value[24], desfirekey_t key) {
+       if ( key != NULL){
+               key->type = T_3K3DES;
+               memcpy (key->data, value, 24);
+               update_key_schedules (key);
+       }
 }
 
-desfirekey_t Desfire_aes_key_new (const uint8_t value[16]) {
-    return Desfire_aes_key_new_with_version (value, 0);
+ void Desfire_aes_key_new (const uint8_t value[16], desfirekey_t key) {
+    Desfire_aes_key_new_with_version (value, 0, key);
 }
 
-desfirekey_t Desfire_aes_key_new_with_version (const uint8_t value[16], uint8_t version) {
-    desfirekey_t key = NULL;
-       memcpy (key->data, value, 16);
-       key->type = T_AES;
-       key->aes_version = version;
-    return key;
+ void Desfire_aes_key_new_with_version (const uint8_t value[16], uint8_t version, desfirekey_t key) {
+
+       if (key != NULL) {
+               memcpy (key->data, value, 16);
+               key->type = T_AES;
+               key->aes_version = version;
+       }
 }
 
 uint8_t Desfire_key_get_version (desfirekey_t key) {
@@ -98,7 +99,6 @@ uint8_t Desfire_key_get_version (desfirekey_t key) {
     for (int n = 0; n < 8; n++) {
         version |= ((key->data[n] & 1) << (7 - n));
     }
-
     return version;
 }
 
@@ -118,9 +118,7 @@ void Desfire_key_set_version (desfirekey_t key, uint8_t version)
     }
 }
 
-desfirekey_t Desfire_session_key_new (const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey) {
-
-    desfirekey_t key = NULL;
+void Desfire_session_key_new (const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key) {
 
     uint8_t buffer[24];
 
@@ -128,14 +126,14 @@ desfirekey_t Desfire_session_key_new (const uint8_t rnda[], const uint8_t rndb[]
     case T_DES:
         memcpy (buffer, rnda, 4);
         memcpy (buffer+4, rndb, 4);
-        key = Desfire_des_key_new_with_version (buffer);
+        Desfire_des_key_new_with_version (buffer, key);
         break;
     case T_3DES:
         memcpy (buffer, rnda, 4);
         memcpy (buffer+4, rndb, 4);
         memcpy (buffer+8, rnda+4, 4);
         memcpy (buffer+12, rndb+4, 4);
-        key = Desfire_3des_key_new_with_version (buffer);
+        Desfire_3des_key_new_with_version (buffer, key);
         break;
     case T_3K3DES:
         memcpy (buffer, rnda, 4);
@@ -144,15 +142,14 @@ desfirekey_t Desfire_session_key_new (const uint8_t rnda[], const uint8_t rndb[]
         memcpy (buffer+12, rndb+6, 4);
         memcpy (buffer+16, rnda+12, 4);
         memcpy (buffer+20, rndb+12, 4);
-        key = Desfire_3k3des_key_new (buffer);
+        Desfire_3k3des_key_new (buffer, key);
         break;
     case T_AES:
         memcpy (buffer, rnda, 4);
         memcpy (buffer+4, rndb, 4);
         memcpy (buffer+8, rnda+12, 4);
         memcpy (buffer+12, rndb+12, 4);
-        key = Desfire_aes_key_new (buffer);
+        Desfire_aes_key_new (buffer, key);
         break;
     }
-    return key;
 }
\ No newline at end of file
index ae1249b4a51c5bb1967fae3a1fa9f9795413fc2e..0d99903ec49c2c9e718d8188f4b99c8d543046cb 100644 (file)
@@ -1,10 +1,17 @@
-#ifndef __DESFIRE_KEY_H
-#define __DESFIRE_KEY_H
-
-#include <string.h>
-#include <stdint.h>
-#include <stdarg.h>
-
+#ifndef __DESFIRE_KEY_INCLUDED
+#define __DESFIRE_KEY_INCLUDED
 #include "iso14443a.h"
-#include "../common/desfire.h"
+// desfire_key.h
+void           Desfire_des_key_new (const uint8_t value[8], desfirekey_t key);
+void           Desfire_3des_key_new (const uint8_t value[16], desfirekey_t key);
+void           Desfire_des_key_new_with_version (const uint8_t value[8], desfirekey_t key);
+void           Desfire_3des_key_new_with_version (const uint8_t value[16], desfirekey_t key);
+void           Desfire_3k3des_key_new (const uint8_t value[24], desfirekey_t key);
+void           Desfire_3k3des_key_new_with_version (const uint8_t value[24], desfirekey_t key);
+void           Desfire_aes_key_new (const uint8_t value[16], desfirekey_t key);
+void           Desfire_aes_key_new_with_version (const uint8_t value[16], uint8_t version,desfirekey_t key);
+uint8_t        Desfire_key_get_version (desfirekey_t key);
+void           Desfire_key_set_version (desfirekey_t key, uint8_t version);
+void           Desfire_session_key_new (const uint8_t rnda[], const uint8_t rndb[], desfirekey_t authkey, desfirekey_t key);
+
 #endif
\ No newline at end of file
index f87527ea68200ce01a69a0b6456c4d8880b25ebb..3b17bd4b393b59f5579a3b674c543cbb937a702e 100644 (file)
@@ -1205,13 +1205,6 @@ static void TransmitFor14443a(const uint8_t *cmd, int len, uint32_t *timing)
        // clear TXRDY
        AT91C_BASE_SSC->SSC_THR = SEC_Y;
 
-       // for(uint16_t c = 0; c < 10;) {       // standard delay for each transfer (allow tag to be ready after last transmission)
-               // if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
-                       // AT91C_BASE_SSC->SSC_THR = SEC_Y;     
-                       // c++;
-               // }
-       // }
-
        uint16_t c = 0;
        for(;;) {
                if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
@@ -1223,8 +1216,7 @@ static void TransmitFor14443a(const uint8_t *cmd, int len, uint32_t *timing)
                }
        }
        
-       NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
-       
+       NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);  
 }
 
 
index 11fc8c50a7864ee1f8a28d442dee66e7ac1a7af3..0c0f027569da23824128c4ff49757db0eb601e1d 100644 (file)
@@ -31,8 +31,10 @@ void LFSetupFPGAForADC(int divisor, bool lf_field)
 
        // Connect the A/D to the peak-detected low-frequency path.
        SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
+       
        // Give it a bit of time for the resonant antenna to settle.
-       SpinDelay(50);
+       SpinDelay(150);
+       
        // Now set up the SSC to get the ADC samples that are now streaming at us.
        FpgaSetupSsc();
 }
@@ -1090,14 +1092,14 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
  */
 
 /* T55x7 configuration register definitions */
-#define T55x7_POR_DELAY                        0x00000001
-#define T55x7_ST_TERMINATOR            0x00000008
-#define T55x7_PWD                      0x00000010
+#define T55x7_POR_DELAY                                0x00000001
+#define T55x7_ST_TERMINATOR                    0x00000008
+#define T55x7_PWD                                      0x00000010
 #define T55x7_MAXBLOCK_SHIFT           5
-#define T55x7_AOR                      0x00000200
-#define T55x7_PSKCF_RF_2               0
-#define T55x7_PSKCF_RF_4               0x00000400
-#define T55x7_PSKCF_RF_8               0x00000800
+#define T55x7_AOR                                      0x00000200
+#define T55x7_PSKCF_RF_2                       0
+#define T55x7_PSKCF_RF_4                       0x00000400
+#define T55x7_PSKCF_RF_8                       0x00000800
 #define T55x7_MODULATION_DIRECT                0
 #define T55x7_MODULATION_PSK1          0x00001000
 #define T55x7_MODULATION_PSK2          0x00002000
@@ -1108,17 +1110,17 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 #define T55x7_MODULATION_FSK2a         0x00007000
 #define T55x7_MODULATION_MANCHESTER    0x00008000
 #define T55x7_MODULATION_BIPHASE       0x00010000
-#define T55x7_BITRATE_RF_8             0
-#define T55x7_BITRATE_RF_16            0x00040000
-#define T55x7_BITRATE_RF_32            0x00080000
-#define T55x7_BITRATE_RF_40            0x000C0000
-#define T55x7_BITRATE_RF_50            0x00100000
-#define T55x7_BITRATE_RF_64            0x00140000
+#define T55x7_BITRATE_RF_8                     0
+#define T55x7_BITRATE_RF_16                    0x00040000
+#define T55x7_BITRATE_RF_32                    0x00080000
+#define T55x7_BITRATE_RF_40                    0x000C0000
+#define T55x7_BITRATE_RF_50                    0x00100000
+#define T55x7_BITRATE_RF_64                    0x00140000
 #define T55x7_BITRATE_RF_100           0x00180000
 #define T55x7_BITRATE_RF_128           0x001C0000
 
 /* T5555 (Q5) configuration register definitions */
-#define T5555_ST_TERMINATOR            0x00000001
+#define T5555_ST_TERMINATOR                    0x00000001
 #define T5555_MAXBLOCK_SHIFT           0x00000001
 #define T5555_MODULATION_MANCHESTER    0
 #define T5555_MODULATION_PSK1          0x00000010
@@ -1128,34 +1130,35 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 #define T5555_MODULATION_FSK2          0x00000050
 #define T5555_MODULATION_BIPHASE       0x00000060
 #define T5555_MODULATION_DIRECT                0x00000070
-#define T5555_INVERT_OUTPUT            0x00000080
-#define T5555_PSK_RF_2                 0
-#define T5555_PSK_RF_4                 0x00000100
-#define T5555_PSK_RF_8                 0x00000200
-#define T5555_USE_PWD                  0x00000400
-#define T5555_USE_AOR                  0x00000800
-#define T5555_BITRATE_SHIFT            12
-#define T5555_FAST_WRITE               0x00004000
-#define T5555_PAGE_SELECT              0x00008000
+#define T5555_INVERT_OUTPUT                    0x00000080
+#define T5555_PSK_RF_2                         0
+#define T5555_PSK_RF_4                         0x00000100
+#define T5555_PSK_RF_8                         0x00000200
+#define T5555_USE_PWD                          0x00000400
+#define T5555_USE_AOR                          0x00000800
+#define T5555_BITRATE_SHIFT                    12
+#define T5555_FAST_WRITE                       0x00004000
+#define T5555_PAGE_SELECT                      0x00008000
 
 /*
  * Relevant times in microsecond
  * To compensate antenna falling times shorten the write times
  * and enlarge the gap ones.
  */
-#define START_GAP 250
-#define WRITE_GAP 160
-#define WRITE_0   144 // 192
-#define WRITE_1   400 // 432 for T55x7; 448 for E5550
+#define START_GAP 30*8 // 10 - 50fc 250
+#define WRITE_GAP 20*8 //  8 - 30fc
+#define WRITE_0   24*8 // 16 - 31fc 24fc 192
+#define WRITE_1   54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550
 
-// VALUES TAKEN FROM EM4x function: SendForward
-//  START_GAP = 440; //(55*8)
-//  WRITE_GAP = 128; //(16*8)
-//  WRITE_1 = 256 32*8; //32 cycles at 125Khz (8us each) 1
-//    //These timings work for 4469/4269/4305 (with the 55*8 above)
-//  WRITE_0 = 23*8 , 9*8  SpinDelayUs(23*8); // (8us each) 0
+//  VALUES TAKEN FROM EM4x function: SendForward
+//  START_GAP = 440;       (55*8) cycles at 125Khz (8us = 1cycle)
+//  WRITE_GAP = 128;       (16*8)
+//  WRITE_1   = 256 32*8;  (32*8) 
 
+//  These timings work for 4469/4269/4305 (with the 55*8 above)
+//  WRITE_0 = 23*8 , 9*8  SpinDelayUs(23*8); 
 
+#define T55xx_SAMPLES_SIZE             12000 // 32 x 32 x 10  (32 bit times numofblock (7), times clock skip..)
 
 // Write one bit to card
 void T55xxWriteBit(int bit)
@@ -1163,7 +1166,7 @@ void T55xxWriteBit(int bit)
        FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
        FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
        FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-       if (bit == 0)
+       if (!bit)
                SpinDelayUs(WRITE_0);
        else
                SpinDelayUs(WRITE_1);
@@ -1174,15 +1177,11 @@ void T55xxWriteBit(int bit)
 // Write one card block in page 0, no lock
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
 {
-       unsigned int i;
-
-       FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+       uint32_t i = 0;
 
-       // Give it a bit of time for the resonant antenna to settle.
-       // And for the tag to fully power up
-       SpinDelay(150);
+       // Set up FPGA, 125kHz
+       // Wait for config.. (192+8190xPOW)x8 == 67ms
+       LFSetupFPGAForADC(0, true);
 
        // Now start writting
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@@ -1191,11 +1190,11 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
        // Opcode
        T55xxWriteBit(1);
        T55xxWriteBit(0); //Page 0
-  if (PwdMode == 1){
-    // Pwd
-    for (i = 0x80000000; i != 0; i >>= 1)
-      T55xxWriteBit(Pwd & i);
-  }
+       if (PwdMode == 1){
+               // Pwd
+               for (i = 0x80000000; i != 0; i >>= 1)
+                       T55xxWriteBit(Pwd & i);
+       }
        // Lock bit
        T55xxWriteBit(0);
 
@@ -1219,28 +1218,16 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
 {
        uint8_t *dest =  mifare_get_bigbufptr();
-       uint16_t bufferlength = 16000;
+       uint16_t bufferlength = T55xx_SAMPLES_SIZE;
        uint32_t i = 0;
 
        // Clear destination buffer before sending the command  0x80 = average.
        memset(dest, 0x80, bufferlength);
-  
-       FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-       
-       // Connect the A/D to the peak-detected low-frequency path.
-       SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-       // Now set up the SSC to get the ADC samples that are now streaming at us.
-       FpgaSetupSsc();
-  
-       LED_D_ON();
-       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-  
-       // Give it a bit of time for the resonant antenna to settle.
-       // And for the tag to fully power up
-       SpinDelay(150);
-  
-       // Now start writting
+
+       // Set up FPGA, 125kHz
+       // Wait for config.. (192+8190xPOW)x8 == 67ms
+       LFSetupFPGAForADC(0, true);
+
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        SpinDelayUs(START_GAP);
   
@@ -1258,9 +1245,8 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
        for (i = 0x04; i != 0; i >>= 1)
                T55xxWriteBit(Block & i);
   
-  // Turn field on to read the response
-       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+       // Turn field on to read the response
+       TurnReadLFOn();
   
        // Now do the acquisition
        i = 0;
@@ -1271,43 +1257,28 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
                }
                if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
                        dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-                       LED_D_OFF();
                        ++i;
+                       LED_D_OFF();
                        if (i > bufferlength) break;
                }
        }
  
        cmd_send(CMD_ACK,0,0,0,0,0);
-  
-  FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
        LED_D_OFF();
 }
 
 // Read card traceability data (page 1)
 void T55xxReadTrace(void){
        uint8_t *dest =  mifare_get_bigbufptr();
-       uint16_t bufferlength = 16000;
+       uint16_t bufferlength = T55xx_SAMPLES_SIZE;
        int i=0;
        
        // Clear destination buffer before sending the command 0x80 = average
        memset(dest, 0x80, bufferlength);  
   
-       FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-               
-       // Connect the A/D to the peak-detected low-frequency path.
-       SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-       // Now set up the SSC to get the ADC samples that are now streaming at us.
-       FpgaSetupSsc();
-  
-       LED_D_ON();
-       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
-  
-       // Give it a bit of time for the resonant antenna to settle.
-       // And for the tag to fully power up
-       SpinDelay(150);
+       LFSetupFPGAForADC(0, true);
   
-       // Now start writting
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        SpinDelayUs(START_GAP);
   
@@ -1315,12 +1286,10 @@ void T55xxReadTrace(void){
        T55xxWriteBit(1);
        T55xxWriteBit(1); //Page 1
   
-  // Turn field on to read the response
-       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+       // Turn field on to read the response
+       TurnReadLFOn();
   
        // Now do the acquisition
-       i = 0;
        for(;;) {
                if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
                        AT91C_BASE_SSC->SSC_THR = 0x43;
@@ -1328,18 +1297,26 @@ void T55xxReadTrace(void){
                }
                if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
                        dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+                       ++i;
                        LED_D_OFF();
-                       ++i;                    
+               
                        if (i >= bufferlength) break;
                }
        }
   
        cmd_send(CMD_ACK,0,0,0,0,0);
-  
-  FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
        LED_D_OFF();
 }
 
+void TurnReadLFOn(){
+       FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
+       // Give it a bit of time for the resonant antenna to settle.
+       //SpinDelay(30);
+       SpinDelayUs(8*150);
+}
+
 /*-------------- Cloning routines -----------*/
 // Copy HID id to card and setup block 0 config
 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
@@ -1453,7 +1430,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
   }
   
        // Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long)
-       T55xxWriteBlock(T55x7_BITRATE_RF_50    |
+       T55xxWriteBlock(T55x7_BITRATE_RF_50  |
                   T55x7_MODULATION_FSK2a |
                   last_block << T55x7_MAXBLOCK_SHIFT,
                   0,0,0);
@@ -1596,7 +1573,6 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
 // Clone Indala 64-bit tag by UID to T55x7
 void CopyIndala64toT55x7(int hi, int lo)
 {
-
        //Program the 2 data blocks for supplied 64bit UID
        // and the block 0 for Indala64 format
        T55xxWriteBlock(hi,1,0,0);
@@ -1607,15 +1583,13 @@ void CopyIndala64toT55x7(int hi, int lo)
                        2 << T55x7_MAXBLOCK_SHIFT,
                        0, 0, 0);
        //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
-//     T5567WriteBlock(0x603E1042,0);
+       //      T5567WriteBlock(0x603E1042,0);
 
        DbpString("DONE!");
-
 }      
 
 void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7)
 {
-
        //Program the 7 data blocks for supplied 224bit UID
        // and the block 0 for Indala224 format
        T55xxWriteBlock(uid1,1,0,0);
@@ -1631,10 +1605,9 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
                        7 << T55x7_MAXBLOCK_SHIFT,
                        0,0,0);
        //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
-//     T5567WriteBlock(0x603E10E2,0);
+       //      T5567WriteBlock(0x603E10E2,0);
 
        DbpString("DONE!");
-
 }
 
 
@@ -2059,44 +2032,47 @@ void EM4xLogin(uint32_t Password) {
 void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
   
        uint8_t *dest =  mifare_get_bigbufptr();
-       uint16_t bufferlength = 16000;
+       uint16_t bufferlength = 12000;
        uint32_t i = 0;
 
        // Clear destination buffer before sending the command  0x80 = average.
        memset(dest, 0x80, bufferlength);
        
-  uint8_t fwd_bit_count;
+       uint8_t fwd_bit_count;
   
-  //If password mode do login
-  if (PwdMode == 1) EM4xLogin(Pwd);
+       //If password mode do login
+       if (PwdMode == 1) EM4xLogin(Pwd);
   
-  forward_ptr = forwardLink_data;
-  fwd_bit_count = Prepare_Cmd( FWD_CMD_READ );
-  fwd_bit_count += Prepare_Addr( Address );
+       forward_ptr = forwardLink_data;
+       fwd_bit_count = Prepare_Cmd( FWD_CMD_READ );
+       fwd_bit_count += Prepare_Addr( Address );
   
-  // Connect the A/D to the peak-detected low-frequency path.
-  SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
-  // Now set up the SSC to get the ADC samples that are now streaming at us.
-  FpgaSetupSsc();
+       // Connect the A/D to the peak-detected low-frequency path.
+       SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
+       // Now set up the SSC to get the ADC samples that are now streaming at us.
+       FpgaSetupSsc();
   
-  SendForward(fwd_bit_count);
+       SendForward(fwd_bit_count);
   
-  // Now do the acquisition
-  i = 0;
-  for(;;) {
-    if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
-      AT91C_BASE_SSC->SSC_THR = 0x43;
-    }
-    if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
-      dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-               ++i;
-      if (i >= bufferlength) break;
-    }
-  }
+       // // Turn field on to read the response
+       // TurnReadLFOn();
+       
+       // Now do the acquisition
+       i = 0;
+       for(;;) {
+               if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
+                       AT91C_BASE_SSC->SSC_THR = 0x43;
+               }
+               if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
+                       dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+                       ++i;
+                       if (i >= bufferlength) break;
+               }
+       }
   
        cmd_send(CMD_ACK,0,0,0,0,0);
-  FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
-  LED_D_OFF();
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+       LED_D_OFF();
 }
 
 void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
index 60f5ec0391723e92e140aed9dfdea57a3b8bf338..60c941ebd33bab6ca7cd53430b04d7769b15cee4 100644 (file)
@@ -45,7 +45,7 @@ enum  {
  NONE          =       0x00,
  INIT          =       0x01,
  DISCONNECT =  0x02,
FOO           =       0x04,
CLEARTRACE    =       0x04,
  BAR           =       0x08,
 } CmdOptions ;
 
@@ -53,7 +53,7 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
        
        /* ARG0 contains flags.
                0x01 = init card.
-               0x02 = No Disconnect
+               0x02 = Disconnect
                0x03
        */
        uint8_t flags = arg0;
@@ -67,17 +67,21 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
                print_result(" RX    : ", datain, datalen);
        }
        
+       if ( flags & CLEARTRACE ){
+               iso14a_clear_trace();
+       }
+       
        if ( flags & INIT ){
                if ( !InitDesfireCard() )
                        return;
        }
        
        int len = DesfireAPDU(datain, datalen, resp);
-       print_result(" <--: ", resp, len);      
-       if ( !len ) {
                if (MF_DBGLEVEL >= 4) {
                        print_result("ERR <--: ", resp, len);   
                }
+
+       if ( !len ) {
                OnError();
                return;
        }
@@ -85,8 +89,9 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
        // reset the pcb_blocknum,
        pcb_blocknum = 0;
        
-       if ( flags & DISCONNECT )
+       if ( flags & DISCONNECT ){
                OnSuccess();
+       }
        
        cmd_send(CMD_ACK,1,len,0,resp,len);
 }
@@ -178,87 +183,28 @@ void MifareDesfireGetInformation(){
 
 void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain){
 
-       uint8_t null_key_data[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-       //uint8_t new_key_data[8]  = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 };
-       int res = 0;
-       
-       desfirekey_t default_key = Desfire_des_key_new_with_version (null_key_data);
-
-       // res = Desfire_select_application (tags[i], aid);
-       if (res < 0) {
-               print_result("default key: ", default_key->data, 24 );
-               return;
-       }
-                               
-       return;
-       //                pcb  cid  cmd               key   crc1  cr2           
-       //uint8_t cmd2[] = {0x02,0x00,GET_KEY_VERSION, 0x00, 0x00, 0x00 };
+       int len = 0;
+       //uint8_t PICC_MASTER_KEY8[8] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47};
+       uint8_t PICC_MASTER_KEY16[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
+       //uint8_t null_key_data8[8] = {0x00};
+       //uint8_t null_key_data16[16] = {0x00}; 
+       //uint8_t new_key_data8[8]  = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
+       //uint8_t new_key_data16[16]  = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF};
 
        //uint8_t* bigbuffer = mifare_get_bigbufptr();
-       byte_t isOK = 1;
-       uint8_t resp[256];
-       uint8_t key[24];
-       uint8_t IV[16];
-       
-       // första byten hÃ¥ller keylength.
-       uint8_t keylen = datain[0];
-       memcpy(key, datain+1, keylen);
-       
-       if (MF_DBGLEVEL >= 1) {
-               
-               Dbprintf("MODE: %d", mode);
-               Dbprintf("ALGO: %d", algo);
-               Dbprintf("KEYNO: %d", keyno);
-               Dbprintf("KEYLEN: %d", keylen);
-               
-               print_result("KEY", key, keylen);
-       }
-       
-       // card select - information
-       byte_t buf[USB_CMD_DATA_SIZE];
-       iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
-       
-       // test of DES on ARM side.
-       /* 
-       if ( mode == 1){
-               uint8_t IV[8];
-               uint8_t plain[16];
-               uint8_t encData[16];
-
-               uint8_t tmpData[8];
-               uint8_t tmpPlain[8];
-               
-               memset(IV, 0, 8);
-               memset(tmpData, 0 ,8);
-               memset(tmpPlain,0 ,8);
-               memcpy(key, datain, 8);
-               memcpy(plain, datain+30, 16);
-               
-               for(uint8_t i=0; i< sizeof(plain); i=i+8 ){
-               
-                       memcpy(tmpPlain, plain+i, 8);
-                       des_enc( &tmpData, &tmpPlain, &key);
-                       memcpy(encData+i, tmpData, 8);
-               }
-       }
-*/
-
-       iso14a_clear_trace();
+       uint8_t resp[256] = {0x00};
+       uint8_t IV[16] = {0x00};
 
-       iso14a_set_tracing(TRUE);
-
-       // power up the field
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+       size_t datalen = datain[0];
+       
+       uint8_t cmd[40] = {0x00};
+       uint8_t encRndB[16] = {0x00};
+       uint8_t decRndB[16] = {0x00};
+       uint8_t nonce[16] = {0x00};
+       uint8_t both[32] = {0x00};
+       uint8_t encBoth[32] = {0x00};
 
-       // select the card
-       isOK = iso14443a_select_card(resp, card, NULL);
-       if (isOK != 1) {
-               if (MF_DBGLEVEL >= 1) {
-                       Dbprintf("CAN'T SELECT CARD, SOMETHING WENT WRONG BEFORE AUTH");
-               }
-               OnError();
-               return;
-       }
+       InitDesfireCard();
 
        LED_A_ON();
        LED_B_OFF();
@@ -279,82 +225,78 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
                        //SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp);
                        break;
                case 3:{
+               
+                       //defaultkey
+                       uint8_t keybytes[16];
+                       if (datain[1] == 0xff){
+                               memcpy(keybytes,PICC_MASTER_KEY16,16); 
+                       } else{
+                               memcpy(keybytes, datain+1, datalen);
+                       }
+                       
+                       struct desfire_key defaultkey = {0};
+                       desfirekey_t key = &defaultkey;
+                       Desfire_aes_key_new( keybytes, key);
+               
                        AesCtx ctx;
-                       if ( AesCtxIni(&ctx, IV, key, KEY128, CBC) < 0 ){
-                               if (MF_DBGLEVEL >= 1) {
+                       if ( AesCtxIni(&ctx, IV, key->data, KEY128, CBC) < 0 ){
+                               if( MF_DBGLEVEL >= 4) {
                                        Dbprintf("AES context failed to init");
                                }
                                OnError();
                                return;
                        }
-                       uint8_t real_cmd[6];
-                       real_cmd[0] = 0x90;
-                       real_cmd[1] = 0x02;
-                       real_cmd[2] = AUTHENTICATE_AES;
-                       real_cmd[3] = keyno;
                        
-                       AppendCrc14443a(real_cmd, 4);
-                       ReaderTransmit(real_cmd, sizeof(real_cmd), NULL);
-       
-                       int len = ReaderReceive(resp);
-                       if(!len) {
-                               OnError();
-                               return;
-                       }
-
-                       print_result("RX:", resp, len);
-   
-                       enum DESFIRE_STATUS status = resp[1];
-                       if ( status != ADDITIONAL_FRAME) {
+                       cmd[0] = AUTHENTICATE_AES;
+                       cmd[1] = 0x00;  //keynumber
+                       len = DesfireAPDU(cmd, 2, resp);
+                       if ( !len ) {
+                               if (MF_DBGLEVEL >= 1) {
+                                       DbpString("Authentication failed. Card timeout.");
+                               }
                                OnError();
                                return;
                        }
                        
-                       // tags enc nonce
-                       uint8_t encRndB[16];
-                       uint8_t decRndB[16];
-                       uint8_t nonce[16];
-                       uint8_t both[32];
-                       uint8_t encBoth[32];
-
-                       memset(nonce, 0, 16);
-                       memcpy( encRndB, resp+2, 16);
-
+                       memcpy( encRndB, resp+3, 16);
+               
                        // dekryptera tagnonce.
                        AesDecrypt(&ctx, encRndB, decRndB, 16);
-                       
                        rol(decRndB,16);
-                       
                        memcpy(both, nonce,16);
                        memcpy(both+16, decRndB ,16 );
-
                        AesEncrypt(&ctx, both, encBoth, 32 );
-
-                       uint8_t real_cmd_A[36];
-                       real_cmd_A[0] = 0x03;
-                       real_cmd_A[1] = ADDITIONAL_FRAME;
                        
-                       memcpy(real_cmd_A+2, encBoth, sizeof(encBoth) );
-                       AppendCrc14443a(real_cmd_A, 34);
-                       ReaderTransmit(real_cmd_A, sizeof(real_cmd_A), NULL);
-               
-                       len = ReaderReceive(resp);
-
-                       print_result("Auth1a ", resp, 36);
+                       cmd[0] = ADDITIONAL_FRAME;
+                       memcpy(cmd+1, encBoth, 32 );
                        
-                       status = resp[1];
-                       if ( status != OPERATION_OK)    {
-                               Dbprintf("Cmd Error: %02x  Len: %d", status,len);
-                               OnError();
+                       len = DesfireAPDU(cmd, 33, resp);  // 1 + 32 == 33
+                       if ( !len ) {
+                               if (MF_DBGLEVEL >= 1) {
+                                       DbpString("Authentication failed. Card timeout.");
+                               }
+                OnError();
                                return;
                        }
-                               
-                               break;
+                       
+                       if ( resp[2] == 0x00 ){
+                               // Create AES Session key               
+                               struct desfire_key sessionKey = {0};
+                               desfirekey_t skey = &sessionKey;
+                               Desfire_session_key_new( nonce, decRndB , key, skey );
+                               print_result("SESSION : ", skey->data, 16);
+                       } else {
+                               DbpString("Authetication failed.");
+                               OnError();
+                               return;
                        }
                        
+                       break;
+               }       
        }
        
-       OnSuccess(resp);
+       OnSuccess();
+       cmd_send(CMD_ACK,1,len,0,resp,len);
 }
 
 // 3 olika ISO sätt att skicka data till DESFIRE (direkt, inkapslat, inkapslat ISO)
@@ -365,7 +307,7 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
 
        uint32_t status = 0;
        size_t wrappedLen = 0;
-       uint8_t wCmd[USB_CMD_DATA_SIZE];
+       uint8_t wCmd[USB_CMD_DATA_SIZE] = {0};
        
        wrappedLen = CreateAPDU( cmd, cmd_len, wCmd);
        
@@ -376,7 +318,10 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
 
        status = ReaderReceive(dataout);
        
-       if(!status){
+       if( status == 0x00){
+               if (MF_DBGLEVEL >= 4) {
+                       Dbprintf("fukked");
+               }
                return FALSE; //DATA LINK ERROR
        }
        // if we received an I- or R(ACK)-Block with a block number equal to the
@@ -411,163 +356,10 @@ size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){
        return cmdlen;
 }
 
-                       // crc_update(&desfire_crc32, 0, 1); /* CMD_WRITE */
-                       // crc_update(&desfire_crc32, addr, addr_sz);
-                       // crc_update(&desfire_crc32, byte, 8);
-                       // uint32_t crc = crc_finish(&desfire_crc32);
-                       
-
-       /* Version
-       
-       //uint8_t versionCmd1[] = {0x02, 0x60};
-       //uint8_t versionCmd2[] = {0x03, 0xaf};
-       //uint8_t versionCmd3[] = {0x02, 0xaf};
-
-    // AUTH 1  -  CMD: 0x02, 0x0A, 0x00  = Auth
-       // 0x02 = status byte för simpla svar?!? 
-       // 0x0a = krypto typ
-       // 0x00 = key nr
-       //uint8_t initAuthCmdDES[]  = {0x02, 0x0a, 0x00};  // DES
-       //uint8_t initAuthCmd3DES[] = {0x02, 0x1a, 0x00};  // 3DES
-       //uint8_t initAuthCmdAES[]  = {0x02, 0xaa, 0x00};  // AES
-       // auth 1 - answer command
-       // 0x03 = status byte för komplexa typer?
-       // 0xaf = additional frame
-       // LEN = 1+1+32+2 = 36
-       //uint8_t answerAuthCmd[34] = {0x03, 0xaf}; 
-
-       // Lägg till CRC
-       //AppendCrc14443a(versionCmd1,sizeof(versionCmd1));
-*/
-
-       // Sending commands
-       /*ReaderTransmit(versionCmd1,sizeof(versionCmd1)+2, NULL);
-       len = ReaderReceive(buffer);
-       print_result("Get Version 3", buffer, 9);
-       */
-       
-       // for( int i = 0; i < 8; i++){
-               // // Auth 1 - Request authentication
-               // ReaderTransmit(initAuthCmdAES,sizeof(initAuthCmdAES)+2, NULL);
-               // //len = ReaderReceive(buffer);
-
-               // // 0xAE =  authentication error
-               // if (buffer[1] == 0xae)       {
-                               // Dbprintf("Cmd Error: %02x", buffer[1]);
-                               // OnError();
-                               // return;
-               // }
-
-               // // tags enc nonce
-               // memcpy(encRndB, buffer+2, 16);
-
-               // // dekryptera svaret frÃ¥n tag.
-               // AesDecrypt(&ctx, encRndB, decRndB, 16);
-
-               // rol8(decRndB,16);
-               // memcpy(RndARndB, RndA,16);
-               // memcpy(RndARndB+16, decRndB ,16 );
-
-               // AesEncrypt(&ctx, RndARndB, encRndARndB, 32 );
-
-               // memcpy(answerAuthCmd+2, encRndARndB, 32);
-               // AppendCrc14443a(answerAuthCmd,sizeof(answerAuthCmd));
-       
-               // ReaderTransmit(answerAuthCmd,sizeof(answerAuthCmd)+2, NULL);
-
-               // len = ReaderReceive(buffer);
-
-               // print_result("Auth1a ", buffer, 8);
-               // Dbprintf("Rx len: %02x", len);
-
-               // if (buffer[1] == 0xCA)       {
-                               // Dbprintf("Cmd Error: %02x  Len: %d", buffer[1],len);
-                               // cmd_send(CMD_ACK,0,0,0,0,0);
-                               // key[1] = i;
-                               // AesCtxIni(&ctx, iv, key, KEY128, CBC);
-               // }
-       // }
-
-       //des_dec(decRndB, encRndB, key);
-       
-    //Do crypto magic
-       /*
-    DES_ede2_cbc_encrypt(e_RndB,RndB,sizeof(e_RndB),&ks1,&ks2,&iv,0);
-    memcpy(RndARndB,RndA,8);
-    memcpy(RndARndB+8,RndB,8);
-    PrintAndLog("     RA+B:%s",sprint_hex(RndARndB, 16));
-    DES_ede2_cbc_encrypt(RndARndB,RndARndB,sizeof(RndARndB),&ks1,&ks2,&e_RndB,1);
-    PrintAndLog("enc(RA+B):%s",sprint_hex(RndARndB, 16));
-    */
-
-
-int mifare_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
-       
-       uint8_t* buffer = mifare_get_bigbufptr();
-       uint8_t dcmd[19];
-    
-       dcmd[0] = 0xAF;
-    memcpy(dcmd+1,key,16);
-       AppendCrc14443a(dcmd, 17);
-       
-
-       ReaderTransmit(dcmd, sizeof(dcmd), NULL);
-       int len = ReaderReceive(buffer);
-       if(!len) {
-          if (MF_DBGLEVEL >= 1)   Dbprintf("Authentication failed. Card timeout.");
-          len = ReaderReceive(buffer);
-    }
-    
-       if(len==1)      {
-        if (MF_DBGLEVEL >= 1) {
-                       Dbprintf("NAK - Authentication failed.");
-                       Dbprintf("Cmd Error: %02x", buffer[0]);
-               }
-               return 1;
-       }
-
-       if (len == 11){
-               if (MF_DBGLEVEL >= 1) {
-                       Dbprintf("Auth2 Resp: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
-                                         buffer[0],buffer[1],buffer[2],buffer[3],buffer[4],
-                                         buffer[5],buffer[6],buffer[7],buffer[8],buffer[9],
-                                         buffer[10]);
-               }
-               return 0;
-       }
-       return 1;
-}
-
-void MifareDES_Auth2(uint32_t arg0, uint8_t *datain){
-
-       return;
-       uint32_t cuid = arg0;
-       uint8_t key[16];
-
-       byte_t isOK = 0;
-       byte_t dataoutbuf[16];
-       
-    memset(key, 0, 16);
-       memcpy(key, datain, 16);
-    
-       LED_A_ON();
-       LED_B_OFF();
-       LED_C_OFF();
-
-       if(mifare_des_auth2(cuid, key, dataoutbuf)){
-           if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail...");    
-       }
-       isOK=1;
-       if (MF_DBGLEVEL >= 2)   DbpString("AUTH 2 FINISHED");
-    
-       LED_B_ON();
-    cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,11);
-       LED_B_OFF();
-    
-    // Thats it...
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-       LEDsoff();
-}
+       // crc_update(&desfire_crc32, 0, 1); /* CMD_WRITE */
+       // crc_update(&desfire_crc32, addr, addr_sz);
+       // crc_update(&desfire_crc32, byte, 8);
+       // uint32_t crc = crc_finish(&desfire_crc32);
 
 void OnSuccess(){
        pcb_blocknum = 0;
index fc661f22275ea438f5256049230a29f0f2fc1540..659e0057339a1bab8ab0c10bbbcd9108645981ac 100644 (file)
@@ -8,7 +8,7 @@
 
 #include "../common/iso14443crc.h"
 #include "iso14443a.h"
-#include "crapto1.h"
+#include "desfire_key.h"
 #include "mifareutil.h"
 #include "../include/common.h"
 
index f20e4b42a75b44220e1e54b24a20b45fc30d2965..8ff5b68d560669b4070e316d733c2957293a3d00 100644 (file)
@@ -20,7 +20,7 @@ void print_result(char *name, uint8_t *buf, size_t len) {
 
    if ( len % 16 == 0 ) {
           for(; p-buf < len; p += 16)
-       Dbprintf("[%s:%02x/%02x] %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
+       Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
                                name,
                                p-buf,
                                len,
@@ -29,7 +29,7 @@ void print_result(char *name, uint8_t *buf, size_t len) {
    }
    else {
    for(; p-buf < len; p += 8)
-       Dbprintf("[%s:%02x/%02x] %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+       Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
    }
 }
 
diff --git a/client/.history b/client/.history
new file mode 100644 (file)
index 0000000..176dec9
--- /dev/null
@@ -0,0 +1,8 @@
+hw tune
+lf read
+data plot
+data sample 4000
+lf t55xx rd 0
+lf t55xx trac
+lf t55xx rd 1
+lf t55xx rd 2
index 72bc52e67ab995fa91a5b9aa8e68008363d2da64..e7be98840f5459443cfb2aa2e681b9f6d332c1f9 100644 (file)
@@ -74,12 +74,14 @@ int Cmdaskdemod(const char *Cmd)
   int i;
   int c, high = 0, low = 0;
 
-  // TODO: complain if we do not give 2 arguments here !
-  // (AL - this doesn't make sense! we're only using one argument!!!)
   sscanf(Cmd, "%i", &c);
 
-  /* Detect high and lows and clock */
-  // (AL - clock???)
+  if (c != 0 && c != 1) {
+    PrintAndLog("Invalid argument: %s", Cmd);
+    return 0;
+  }
+  
+  /* Detect high and lows */
   for (i = 0; i < GraphTraceLen; ++i)
   {
     if (GraphBuffer[i] > high)
@@ -87,11 +89,7 @@ int Cmdaskdemod(const char *Cmd)
     else if (GraphBuffer[i] < low)
       low = GraphBuffer[i];
   }
-  if (c != 0 && c != 1) {
-    PrintAndLog("Invalid argument: %s", Cmd);
-    return 0;
-  }
-
+  
   if (GraphBuffer[0] > 0) {
     GraphBuffer[0] = 1-c;
   } else {
index f3217df20e6364931057a606837d1d380f3e829f..c0c7a67ec0c87180404b5e0e26932144326cb68e 100644 (file)
 #include "util.h"
 #include "cmdhfmfdes.h"
 
+uint8_t CMDPOS = 0;
+uint8_t LENPOS = 1;
 
 uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
 uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
 uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
-
+uint8_t key_picc_data[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
 
 static int CmdHelp(const char *Cmd);
 static void xor(unsigned char * dst, unsigned char * src, size_t len);
@@ -147,13 +149,13 @@ int CmdHF14ADesInfo(const char *Cmd){
                PrintAndLog("Command unsuccessful");
                return 0;
        }  
-       
-       PrintAndLog("---Desfire Information---------------------------------------");
+       PrintAndLog("");
+       PrintAndLog("-- Desfire Information --------------------------------------");
        PrintAndLog("-------------------------------------------------------------");
        PrintAndLog("  UID                : %s",sprint_hex(resp.d.asBytes, 7));
        PrintAndLog("  Batch number       : %s",sprint_hex(resp.d.asBytes+28,5));
        PrintAndLog("  Production date    : week %02x, 20%02x",resp.d.asBytes[33], resp.d.asBytes[34]);
-       PrintAndLog("-------------------------------------------------------------");
+       PrintAndLog("  -----------------------------------------------------------");
        PrintAndLog("  Hardware Information");
        PrintAndLog("      Vendor Id      : %s", GetVendorStr(resp.d.asBytes[7]));
        PrintAndLog("      Type           : 0x%02X",resp.d.asBytes[8]);
@@ -161,7 +163,7 @@ int CmdHF14ADesInfo(const char *Cmd){
        PrintAndLog("      Version        : %d.%d",resp.d.asBytes[10], resp.d.asBytes[11]);
        PrintAndLog("      Storage size   : %s",GetCardSizeStr(resp.d.asBytes[12]));
        PrintAndLog("      Protocol       : %s",GetProtocolStr(resp.d.asBytes[13]));
-       PrintAndLog("-------------------------------------------------------------");
+       PrintAndLog("  -----------------------------------------------------------");
        PrintAndLog("  Software Information");
        PrintAndLog("      Vendor Id      : %s",GetVendorStr(resp.d.asBytes[14]));
        PrintAndLog("      Type           : 0x%02X",resp.d.asBytes[15]);
@@ -171,53 +173,15 @@ int CmdHF14ADesInfo(const char *Cmd){
        PrintAndLog("      Protocol       : %s", GetProtocolStr(resp.d.asBytes[20]));
        PrintAndLog("-------------------------------------------------------------");
        
+       // Master Key settings
+       GetKeySettings(NULL);
        
-       UsbCommand c1 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }};
-       c1.d.asBytes[0] = GET_KEY_SETTINGS;
-    SendCommand(&c1);
-       if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
-               return 0;
-       }  
-       
-       PrintAndLog("  Master Key settings");
-       if (  resp.d.asBytes[3] & (1 << 3 ) )
-               PrintAndLog("     0x08 Configuration changeable");
-       else
-               PrintAndLog("     0x08 Configuration NOT changeable");
-
-       if (  resp.d.asBytes[3] & (1 << 2 ) )
-               PrintAndLog("     0x04 PICC Master Key not required for create / delete");
-       else 
-               PrintAndLog("     0x04 PICC Master Key required for create / delete");
-
-       if (  resp.d.asBytes[3] & (1 << 1 ) )
-               PrintAndLog("     0x02 Free directory list access without PICC Master Key");
-       else
-               PrintAndLog("     0x02 Directory list access with PICC Master Key");
-       
-       if (  resp.d.asBytes[3] & (1 << 0 ) )
-               PrintAndLog("     0x01 Allow changing the Master Key");
-       else
-               PrintAndLog("     0x01 Master Key is not changeable anymore");
-       
-       //                                      init   len
-       UsbCommand c2 = {CMD_MIFARE_DESFIRE, { 0x03, 0x02 }};
-    c2.d.asBytes[0] = GET_KEY_VERSION;
-       c2.d.asBytes[1] = 0x00;
-       SendCommand(&c2);
-       if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
-               return 0;
-       }
-       
-       PrintAndLog("");
-       PrintAndLog("     Max number of keys  : %d", resp.d.asBytes[4]);
-       PrintAndLog("     Master key Version  : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
-       PrintAndLog("-------------------------------------------------------------");
-       
-
-       UsbCommand c3 = {CMD_MIFARE_DESFIRE, { 0x03, 0x01 }};
-       c3.d.asBytes[0] = GET_FREE_MEMORY;
-    SendCommand(&c3);
+       // Free memory on card
+       c.cmd = CMD_MIFARE_DESFIRE;
+       c.arg[0] = (INIT | DISCONNECT);
+       c.arg[1] = 0x01;
+       c.d.asBytes[0] = GET_FREE_MEMORY;
+    SendCommand(&c);
        if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
                return 0;
        }  
@@ -225,7 +189,7 @@ int CmdHF14ADesInfo(const char *Cmd){
        uint8_t tmp[3];
        memcpy(tmp, resp.d.asBytes+3,3); 
 
-       PrintAndLog("     Free memory on card : %d bytes", le24toh( tmp ));
+       PrintAndLog("   Available free memory on card       : %d bytes", le24toh( tmp ));
        PrintAndLog("-------------------------------------------------------------");
 
        /*
@@ -240,12 +204,7 @@ int CmdHF14ADesInfo(const char *Cmd){
                keys 4,5,6,7     RW
                keys 8,9,10,11   W
                keys 12,13,14,15 R
-               
-               Session key:
-                       16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7)
-                       8  : RndA(byte0-byte3) + RndB(byte0-byte3) 
-                       
-                       AES 16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte12-byte15) + RndB(byte12-byte15)
+       
        */
        
     return 1;
@@ -296,29 +255,202 @@ char * GetProtocolStr(uint8_t id){
        return buf;
 }
 
-int CmdHF14ADesEnumApplications(const char *Cmd){
+void GetKeySettings( uint8_t *aid){
        
-       uint32_t options = 0x00;
+       char messStr[512] = {0x00};
+       char *str = messStr;
+       uint8_t isOK = 0;
+       uint32_t options = NONE;
+       UsbCommand c;
+       UsbCommand resp;
+
+       //memset(messStr, 0x00, 512);
        
-       options |= INIT;
-       options  |= DISCONNECT;
+       c.cmd = CMD_MIFARE_DESFIRE;
+       
+       if ( aid == NULL ){
+               PrintAndLog(" CMK - PICC, Card Master Key settings ");
+               PrintAndLog("");
+               c.arg[CMDPOS] = (INIT | DISCONNECT);
+               c.arg[LENPOS] =  0x01;
+               c.d.asBytes[0] = GET_KEY_SETTINGS;  // 0x45
+               SendCommand(&c);
+               if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}  
+               isOK  = resp.arg[0] & 0xff;
+               if ( !isOK ){
+                       PrintAndLog("   Can't select master application");      
+                       return;
+               }       
+
+               str = (resp.d.asBytes[3] & (1 << 3 )) ? "YES":"NO";     
+               PrintAndLog("   [0x08] Configuration changeable       : %s", str);
+               str = (resp.d.asBytes[3] & (1 << 2 )) ? "NO":"YES";
+               PrintAndLog("   [0x04] CMK required for create/delete : %s",str);
+               str = (resp.d.asBytes[3] & (1 << 1 )) ? "NO":"YES";
+               PrintAndLog("   [0x02] Directory list access with CMK : %s",str);
+               str = (resp.d.asBytes[3] & (1 << 0 )) ? "YES" : "NO";
+               PrintAndLog("   [0x01] CMK is changeable              : %s", str);
+                       
+               c.arg[LENPOS] = 0x02; //LEN
+               c.d.asBytes[0] = GET_KEY_VERSION; //0x64
+               c.d.asBytes[1] = 0x00;
+               SendCommand(&c);
+               if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {
+                       return;
+               }
+               isOK  = resp.arg[0] & 0xff;
+               if ( !isOK ){
+                       PrintAndLog("   Can't read key-version");
+                       return;
+               }
+               PrintAndLog("");
+               PrintAndLog("   Max number of keys       : %d", resp.d.asBytes[4]);
+               PrintAndLog("   Master key Version       : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
+               PrintAndLog("   ----------------------------------------------------------");
+               
+               c.arg[LENPOS] = 0x02; //LEN
+               c.d.asBytes[0] = AUTHENTICATE; //0x0A
+               c.d.asBytes[1] = 0x00; // KEY 0
+               SendCommand(&c);
+               if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
+               isOK  = resp.d.asBytes[2] & 0xff;
+               PrintAndLog("   [0x0A] Authenticate      : %s", ( isOK==0xAE ) ? "NO":"YES");
+
+               c.d.asBytes[0] = AUTHENTICATE_ISO; //0x1A
+               SendCommand(&c);
+               if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
+               isOK  = resp.d.asBytes[2] & 0xff;
+               PrintAndLog("   [0x1A] Authenticate ISO  : %s", ( isOK==0xAE ) ? "NO":"YES");
+               
+               c.d.asBytes[0] = AUTHENTICATE_AES; //0xAA
+               SendCommand(&c);
+               if ( !WaitForResponseTimeout(CMD_ACK,&resp,1000) ) {return;}
+               isOK  = resp.d.asBytes[2] & 0xff;
+               PrintAndLog("   [0xAA] Authenticate AES  : %s", ( isOK==0xAE ) ? "NO":"YES");
+               PrintAndLog("");
+               PrintAndLog("   ----------------------------------------------------------");
+               
+       } else {
+               PrintAndLog(" AMK - Application Master Key settings");
+               
+               // SELECT AID
+               c.arg[0] = (INIT | CLEARTRACE);
+               c.arg[LENPOS] = 0x04;
+               c.d.asBytes[0] = SELECT_APPLICATION;  // 0x5a
+               memcpy(c.d.asBytes+1, aid, 3);
+               SendCommand(&c);
+               
+               if (!WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+                       PrintAndLog("   Timed-out");
+                       return;
+               } 
+               isOK  = resp.arg[0] & 0xff;
+               if ( !isOK ){
+                       PrintAndLog("   Can't select AID: %s",sprint_hex(aid,3));       
+                       return;
+               }               
+               
+               // KEY SETTINGS
+               options = NONE;
+               c.arg[0] = options;
+               c.arg[LENPOS] = 0x01;
+               c.d.asBytes[0] = GET_KEY_SETTINGS; // 0x45              
+               SendCommand(&c);
+               if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+                       return;
+               }
+               isOK  = resp.arg[0] & 0xff;
+               if ( !isOK ){
+                       PrintAndLog("   Can't read Application Master key settings");
+               } else {
+                       // Access rights.
+                       uint8_t rights = (resp.d.asBytes[3] >> 4 && 0xff);
+                       switch (rights){
+                               case 0x00:
+                                       str = "AMK authentication is necessary to change any key (default)";
+                                       break;
+                               case 0x0e:
+                                       str = "Authentication with the key to be changed (same KeyNo) is necessary to change a key";
+                                       break;
+                               case 0x0f:
+                                       str = "All keys (except AMK,see Bit0) within this application are frozen";
+                                       break;
+                               default:
+                                       str = "Authentication with the specified key is necessary to change any ley. A change key and a PICC master key (CMK) can only be changed after authentication with the master key. For keys other then the master or change key, an authentication with the same key is needed.";
+                                       break;
+                       }
+                       PrintAndLog("Changekey Access rights");
+                       PrintAndLog("-- %s",str);
+                       PrintAndLog("");        
+                       // same as CMK
+                       str = (resp.d.asBytes[3] & (1 << 3 )) ? "YES":"NO";     
+                       PrintAndLog("   0x08 Configuration changeable       : %s", str);
+                       str = (resp.d.asBytes[3] & (1 << 2 )) ? "NO":"YES";
+                       PrintAndLog("   0x04 AMK required for create/delete : %s",str);
+                       str = (resp.d.asBytes[3] & (1 << 1 )) ? "NO":"YES";
+                       PrintAndLog("   0x02 Directory list access with AMK : %s",str);
+                       str = (resp.d.asBytes[3] & (1 << 0 )) ? "YES" : "NO";
+                       PrintAndLog("   0x01 AMK is changeable              : %s", str);
+               }
+               
+               // KEY VERSION  - AMK 
+               c.arg[0] = NONE;
+               c.arg[LENPOS] = 0x02;
+               c.d.asBytes[0] = GET_KEY_VERSION; //0x64
+               c.d.asBytes[1] = 0x00;
+               SendCommand(&c);
+               if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+                       PrintAndLog("   Timed-out");
+                       return;
+               }
+               
+               int numOfKeys;
+               
+               isOK  = resp.arg[0] & 0xff;
+               if ( !isOK ){
+                       PrintAndLog("   Can't read Application Master key version. Trying all keys");
+                       numOfKeys = MAX_NUM_KEYS;
+               }
+               else{
+                       numOfKeys = resp.d.asBytes[4];
+                       PrintAndLog("");
+                       PrintAndLog("     Max number of keys  : %d", numOfKeys );
+                       PrintAndLog("     Application Master key Version  : %d (0x%02x)", resp.d.asBytes[3], resp.d.asBytes[3]);
+                       PrintAndLog("-------------------------------------------------------------");                   
+               }
+               
+               // LOOP over numOfKeys that we got before. 
+               // From 0x01 to numOfKeys.  We already got 0x00. (AMK)
+               for(int i=0x01; i<=0x0f; ++i){
+                                       
+               }
+               
+               
+       }
+}
+
+int CmdHF14ADesEnumApplications(const char *Cmd){
+       
+       uint8_t isOK = 0x00;
+       uint8_t aid[3];
+       uint32_t options = (INIT | DISCONNECT);
        
        UsbCommand c = {CMD_MIFARE_DESFIRE, {options , 0x01 }};
        c.d.asBytes[0] = GET_APPLICATION_IDS;  //0x6a
+       
     SendCommand(&c);
        UsbCommand resp;
                
        if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
                return 0;
        }  
-       
-       uint8_t isOK  = resp.arg[0] & 0xff;
+       isOK  = resp.arg[0] & 0xff;
        if ( !isOK ){
                PrintAndLog("Command unsuccessful");
                return 0;
        } 
-       
-       PrintAndLog("---Desfire Enum Applications --------------------------------");
+       PrintAndLog("");        
+       PrintAndLog("-- Desfire Enumerate Applications ---------------------------");
        PrintAndLog("-------------------------------------------------------------");
 
        UsbCommand respAid;
@@ -331,47 +463,73 @@ int CmdHF14ADesEnumApplications(const char *Cmd){
                PrintAndLog(" Aid %d : %02X %02X %02X ",num ,resp.d.asBytes[i],resp.d.asBytes[i+1],resp.d.asBytes[i+2]);
                num++;
                
-               options = INIT;
-
-               UsbCommand cAid = {CMD_MIFARE_DESFIRE, { options, 0x04 }};
-               cAid.d.asBytes[0] = SELECT_APPLICATION;  // 0x5a
-               cAid.d.asBytes[1] = resp.d.asBytes[i];
-               cAid.d.asBytes[2] = resp.d.asBytes[i+1];                
-               cAid.d.asBytes[3] = resp.d.asBytes[i+2];
-               SendCommand(&cAid);
+               aid[0] = resp.d.asBytes[i];
+               aid[1] = resp.d.asBytes[i+1];
+               aid[2] = resp.d.asBytes[i+2];
+               GetKeySettings(aid);
+               
+               // Select Application
+               c.arg[CMDPOS] = INIT;
+               c.arg[LENPOS] = 0x04; 
+               c.d.asBytes[0] = SELECT_APPLICATION;  // 0x5a
+               c.d.asBytes[1] = resp.d.asBytes[i];
+               c.d.asBytes[2] = resp.d.asBytes[i+1];           
+               c.d.asBytes[3] = resp.d.asBytes[i+2];
+               SendCommand(&c);
                
                if (!WaitForResponseTimeout(CMD_ACK,&respAid,1500) ) {
                        PrintAndLog("   Timed-out");
                        continue;
                } 
-               uint8_t isOK  = respAid.arg[0] & 0xff;
-               if ( !isOK ){
+               isOK  = respAid.d.asBytes[2] & 0xff;
+               if ( isOK != 0x00 ){
                        PrintAndLog("   Can't select AID: %s",sprint_hex(resp.d.asBytes+i,3));  
                        continue;
                }
        
-               options = DISCONNECT;
-               UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { options, 0x01 }};
-               cFiles.d.asBytes[0] = GET_FILE_IDS; // 0x6f
-               SendCommand(&cFiles);
+               // Get File IDs
+               c.arg[CMDPOS] = NONE;
+               c.arg[LENPOS] = 0x01;
+               c.d.asBytes[0] = GET_FILE_IDS; // 0x6f
+               SendCommand(&c);
                
                if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
                        PrintAndLog("   Timed-out");
                        continue;
                } else {
-               
-                       uint8_t isOK  = respFiles.arg[0] & 0xff;
+                       isOK  = respFiles.d.asBytes[2] & 0xff;
                        if ( !isOK ){
-                               PrintAndLog("   No files found");
-                               continue;
+                               PrintAndLog("   Can't get file ids ");
+                       } else {                        
+                               int respfileLen = resp.arg[1]-3-2;                      
+                               for (int j=0; j< respfileLen; ++j){
+                                       PrintAndLog("   Fileid %d :", resp.d.asBytes[j+3]);
+                               }
                        }
+               }
+               
+               // Get ISO File IDs
+               c.arg[CMDPOS] = DISCONNECT;
+               c.arg[LENPOS] = 0x01;
+               c.d.asBytes[0] = GET_ISOFILE_IDS; // 0x61
+               SendCommand(&c);
                
-                       int respfileLen = resp.arg[1]-3-2;                      
-                       for (int j=0; j< respfileLen; ++j){
-                               PrintAndLog("   Fileid %d :", resp.d.asBytes[j+3]);
+               if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
+                       PrintAndLog("   Timed-out");
+                       continue;
+               } else {
+                       isOK  = respFiles.d.asBytes[2] & 0xff;
+                       if ( !isOK ){
+                               PrintAndLog("   Can't get ISO file ids ");
+                       } else {                        
+                               int respfileLen = resp.arg[1]-3-2;                      
+                               for (int j=0; j< respfileLen; ++j){
+                                       PrintAndLog(" ISO  Fileid %d :", resp.d.asBytes[j+3]);
+                               }
                        }
                }
                
+               
        }
        PrintAndLog("-------------------------------------------------------------");
        
@@ -386,7 +544,7 @@ int CmdHF14ADesNonces(const char *Cmd){
 //
 // MIAFRE DesFire Authentication
 //
-#define BUFSIZE 64 
+#define BUFSIZE 256 
 int CmdHF14ADesAuth(const char *Cmd){
     
        // NR  DESC             KEYLENGHT
@@ -395,22 +553,19 @@ int CmdHF14ADesAuth(const char *Cmd){
        // 2 = 3DES             16
        // 3 = 3K 3DES  24
        // 4 = AES              16
-       
-       // AUTHENTICTION MODES:
-       // 1 Normal
-       // 2 ISO
-       // 3 AES
-       
+
        uint8_t keylength = 8;
-       //unsigned char testinput[] = { 0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,0x00};
-       unsigned char key[24]; // =       { 0x75,0x28,0x78,0x39,0x74,0x93,0xCB,0x70};   
+       unsigned char key[24];  
        
     if (strlen(Cmd)<3) {
         PrintAndLog("Usage:  hf mfdes auth <1|2|3> <1|2|3|4> <keyno> <key> ");
-               PrintAndLog("               AUTH modes 1 = normal, 2 = iso, 3 = aes");
-               PrintAndLog("               Crypto: 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
-               PrintAndLog("               keynumber");
+               PrintAndLog("               Auth modes");
+               PrintAndLog("                 1 = normal, 2 = iso, 3 = aes");
+               PrintAndLog("               Crypto");
+               PrintAndLog("                 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES");
+               PrintAndLog("");
         PrintAndLog("        sample: hf mfdes auth 1 1 0 11223344");
+               PrintAndLog("        sample: hf mfdes auth 3 4 0 404142434445464748494a4b4c4d4e4f");
         return 0;
     } 
        uint8_t cmdAuthMode     = param_get8(Cmd,0);
@@ -473,29 +628,27 @@ int CmdHF14ADesAuth(const char *Cmd){
        
        c.d.asBytes[0] = keylength;
        memcpy(c.d.asBytes+1, key, keylength);
-       //memcpy(c.d.asBytes + 30, testinput, keylength);
        
     SendCommand(&c);
        UsbCommand resp;
        
-       if (WaitForResponseTimeout(CMD_ACK,&resp,3000)) {
-               uint8_t isOK  = resp.arg[0] & 0xff;
-               PrintAndLog("isOk:%02x", isOK);
-
-       } else {
-               PrintAndLog("Command execute timeout");
+       if (!WaitForResponseTimeout(CMD_ACK,&resp,3000)) {
+               PrintAndLog("Client command execute timeout");
                return 0;
        }  
 
-       uint8_t * data= resp.d.asBytes;
+       uint8_t isOK  = resp.arg[0] & 0xff;
+       if ( isOK) {
+               uint8_t * data= resp.d.asBytes;
                
-       // PrintAndLog("-------------------------------------------------------------");
-        PrintAndLog("  Key        :%s",sprint_hex(key, keylength));
-       // PrintAndLog("  Plain      :%s",sprint_hex(testinput, keylength));
-       PrintAndLog("  Encoded    :%s",sprint_hex(data, keylength));
-       PrintAndLog("-------------------------------------------------------------");
-       //PrintAndLog("  Expected   :B5 21 9E E8 1A A7 49 9D 21 96 68 7E 13 97 38 56");
-       
+               PrintAndLog("  Key        :%s",sprint_hex(key, keylength));
+               PrintAndLog("  SESSION    :%s",sprint_hex(data, keylength));
+               PrintAndLog("-------------------------------------------------------------");
+               //PrintAndLog("  Expected   :B5 21 9E E8 1A A7 49 9D 21 96 68 7E 13 97 38 56");
+       } else{
+               PrintAndLog("Client command failed.");
+       }
+       PrintAndLog("-------------------------------------------------------------");   
     return 1;
 }
 
index 8ecf36d37569d73a9d5baad4164f91428adbab47..06f592edda673d58b9b66afd399581144883ae14 100644 (file)
@@ -18,22 +18,23 @@ int CmdHF14ADesNonces(const char *Cmd);
 char * GetCardSizeStr( uint8_t fsize );
 char * GetVendorStr( uint8_t id);
 char * GetProtocolStr(uint8_t id);
+void GetKeySettings( uint8_t * aid);
 
 // Command options for Desfire behavior.
 enum  {
  NONE          =       0x00,
  INIT          =       0x01,
  DISCONNECT =  0x02,
FOO           =       0x04,
CLEARTRACE    =       0x04,
  BAR           =       0x08,
 } CmdOptions ;
 
 
-#define  CREATE_APPLICATION                    0xca
-#define  DELETE_APPLICATION                    0xda
-#define  GET_APPLICATION_IDS                   0x6a
-#define      SELECT_APPLICATION                0x5a
-#define      FORMAT_PICC                               0xfc
+#define  CREATE_APPLICATION                     0xca
+#define  DELETE_APPLICATION                     0xda
+#define  GET_APPLICATION_IDS                    0x6a
+#define      SELECT_APPLICATION                 0x5a
+#define      FORMAT_PICC                                0xfc
 #define      GET_VERSION                                0x60
 #define      READ_DATA                                          0xbd
 #define      WRITE_DATA                                         0x3d
@@ -48,6 +49,7 @@ enum  {
 #define      ABORT_TRANSACTION                          0xa7
 #define      GET_FREE_MEMORY             0x6e
 #define        GET_FILE_IDS                             0x6f
+#define        GET_ISOFILE_IDS                          0x61
 #define     GET_FILE_SETTINGS                   0xf5
 #define     CHANGE_FILE_SETTINGS                0x5f
 #define     CREATE_STD_DATA_FILE                0xcd
@@ -65,9 +67,9 @@ enum  {
 #define     GET_KEY_VERSION                     0x64
 #define     AUTHENTICATION_FRAME                0xAF
 
-
+#define MAX_NUM_KEYS 0x0F
 #define MAX_APPLICATION_COUNT 28
-#define MAX_FILE_COUNT 16
+#define MAX_FILE_COUNT 32
 #define MAX_FRAME_SIZE 60
 #define NOT_YET_AUTHENTICATED 255
 #define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5)
\ No newline at end of file
index 3c46d3b1239c52227c0d6679d09705bd3afe755e..8380bcba87e793eccd0b6200a261a7284bfb4f23 100644 (file)
@@ -21,7 +21,7 @@
 #include "cmdlfem4x.h"
 #include "util.h"
 #include "data.h"
-#define LF_TRACE_BUFF_SIZE 16000
+#define LF_TRACE_BUFF_SIZE 12000
 
 char *global_em410xId;
 
@@ -526,29 +526,20 @@ int CmdReadWord(const char *Cmd)
        SendCommand(&c);
        WaitForResponse(CMD_ACK, NULL);
 
-       uint8_t data[LF_TRACE_BUFF_SIZE];
-       memset(data, 0x00, LF_TRACE_BUFF_SIZE);
+       uint8_t data[LF_TRACE_BUFF_SIZE] = {0x00};
 
        GetFromBigBuf(data,LF_TRACE_BUFF_SIZE,3560);  //3560 -- should be offset..
        WaitForResponseTimeout(CMD_ACK,NULL, 1500);
 
        for (int j = 0; j < LF_TRACE_BUFF_SIZE; j++) {
-               GraphBuffer[j] = ((int)data[j]) - 128;
+               GraphBuffer[j] = ((int)data[j]);
        }
        GraphTraceLen = LF_TRACE_BUFF_SIZE;
-         
-       // BiDirectional
-       //CmdDirectionalThreshold("70 -60");    
        
-       // Askdemod
-       //Cmdaskdemod("1");
-       
-       uint8_t bits[1000];
+       uint8_t bits[1000] = {0x00};
        uint8_t * bitstream = bits;
-       memset(bitstream, 0x00, sizeof(bits));
-       
        manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream);
-       
+       RepaintGraphWindow();
   return 0;
 }
 
@@ -575,28 +566,21 @@ int CmdReadWordPWD(const char *Cmd)
        SendCommand(&c);
        WaitForResponse(CMD_ACK, NULL);
                
-       uint8_t data[LF_TRACE_BUFF_SIZE];
-       memset(data, 0x00, LF_TRACE_BUFF_SIZE);
+       uint8_t data[LF_TRACE_BUFF_SIZE] = {0x00};
 
        GetFromBigBuf(data,LF_TRACE_BUFF_SIZE,3560);  //3560 -- should be offset..
        WaitForResponseTimeout(CMD_ACK,NULL, 1500);
 
        for (int j = 0; j < LF_TRACE_BUFF_SIZE; j++) {
-               GraphBuffer[j] = ((int)data[j]) - 128;
+               GraphBuffer[j] = ((int)data[j]);
        }
        GraphTraceLen = LF_TRACE_BUFF_SIZE;
-
-       // BiDirectional
-       //CmdDirectionalThreshold("70 -60");    
        
-       // Askdemod
-       //Cmdaskdemod("1");
-               
-       uint8_t bits[1000];
+       uint8_t bits[1000] = {0x00};
        uint8_t * bitstream = bits;
-       memset(bitstream, 0x00, sizeof(bits));
        
        manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream);
+       RepaintGraphWindow();
   return 0;
 }
 
index a002bf3446ab3a9344b9bea082efad6ba2989ecc..30f5e68e97af0904bf6b679ca114491d0551ede4 100644 (file)
@@ -21,7 +21,8 @@
 #include "util.h"\r
 #include "data.h"\r
 \r
-#define LF_TRACE_BUFF_SIZE 16000\r
+\r
+#define LF_TRACE_BUFF_SIZE 12000 // 32 x 32 x 10  (32 bit times numofblock (7), times clock skip..)\r
 static int CmdHelp(const char *Cmd);\r
 \r
 \r
@@ -50,33 +51,25 @@ int CmdReadBlk(const char *Cmd)
        SendCommand(&c);\r
        WaitForResponse(CMD_ACK, NULL);\r
        \r
-       uint8_t data[LF_TRACE_BUFF_SIZE];\r
-       memset(data, 0x00, LF_TRACE_BUFF_SIZE);\r
+       uint8_t data[LF_TRACE_BUFF_SIZE] = {0x00};\r
        \r
        GetFromBigBuf(data,LF_TRACE_BUFF_SIZE,3560);  //3560 -- should be offset..\r
        WaitForResponseTimeout(CMD_ACK,NULL, 1500);\r
 \r
        for (int j = 0; j < LF_TRACE_BUFF_SIZE; j++) {\r
-               GraphBuffer[j] = ((int)data[j]) - 128;\r
+               GraphBuffer[j] = ((int)data[j]) ;\r
        }\r
        GraphTraceLen = LF_TRACE_BUFF_SIZE;\r
-         \r
-       // BiDirectional\r
-       //CmdDirectionalThreshold("70 60");\r
-       \r
-       // Askdemod\r
-       //Cmdaskdemod("1");\r
        \r
-       uint8_t bits[1000];\r
+       uint8_t bits[1000] = {0x00};\r
        uint8_t * bitstream = bits;\r
-       memset(bitstream, 0x00, sizeof(bits));\r
        \r
        manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream);\r
        \r
+       RepaintGraphWindow();\r
   return 0;\r
 }\r
 \r
-\r
 int CmdReadBlkPWD(const char *Cmd)\r
 {\r
        int Block = -1; //default to invalid block\r
@@ -100,8 +93,7 @@ int CmdReadBlkPWD(const char *Cmd)
        SendCommand(&c);\r
        WaitForResponse(CMD_ACK, NULL);\r
                \r
-       uint8_t data[LF_TRACE_BUFF_SIZE];\r
-       memset(data, 0x00, LF_TRACE_BUFF_SIZE);\r
+       uint8_t data[LF_TRACE_BUFF_SIZE] = {0x00};\r
 \r
        GetFromBigBuf(data,LF_TRACE_BUFF_SIZE,3560);  //3560 -- should be offset..\r
        WaitForResponseTimeout(CMD_ACK,NULL, 1500);\r
@@ -111,21 +103,14 @@ int CmdReadBlkPWD(const char *Cmd)
        }\r
        GraphTraceLen = LF_TRACE_BUFF_SIZE;\r
 \r
-       // BiDirectional\r
-       //CmdDirectionalThreshold("70 -60");    \r
-       \r
-       // Askdemod\r
-       //Cmdaskdemod("1");\r
-               \r
-       uint8_t bits[1000];\r
+       uint8_t bits[1000] = {0x00};\r
        uint8_t * bitstream = bits;\r
-       memset(bitstream, 0x00, sizeof(bits));\r
        \r
-       manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream);\r
+       manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream);  \r
+       RepaintGraphWindow();\r
   return 0;\r
 }\r
 \r
-\r
 int CmdWriteBlk(const char *Cmd)\r
 {\r
   int Block = 8; //default to invalid block\r
@@ -177,37 +162,249 @@ int CmdWriteBlkPWD(const char *Cmd)
 \r
 int CmdReadTrace(const char *Cmd)\r
 {\r
-       PrintAndLog(" Reading page 1 - tracedata");\r
-\r
-  UsbCommand c = {CMD_T55XX_READ_TRACE, {0, 0, 0}};\r
-  SendCommand(&c);\r
+       UsbCommand c = {CMD_T55XX_READ_TRACE, {0, 0, 0}};\r
+       SendCommand(&c);\r
        WaitForResponse(CMD_ACK, NULL);\r
 \r
-       uint8_t data[LF_TRACE_BUFF_SIZE];\r
-       memset(data, 0x00, LF_TRACE_BUFF_SIZE);\r
+       uint8_t data[LF_TRACE_BUFF_SIZE] = {0x00};\r
 \r
        GetFromBigBuf(data,LF_TRACE_BUFF_SIZE,3560);  //3560 -- should be offset..\r
        WaitForResponseTimeout(CMD_ACK,NULL, 1500);\r
 \r
        for (int j = 0; j < LF_TRACE_BUFF_SIZE; j++) {\r
-               GraphBuffer[j] = ((int)data[j]) - 128;\r
+               GraphBuffer[j] = ((int)data[j]);\r
+               //GraphBuffer[j] = ((int)data[j]) - 128;\r
        }\r
        GraphTraceLen = LF_TRACE_BUFF_SIZE;\r
        \r
-       // BiDirectional\r
-       //CmdDirectionalThreshold("70 -60");    \r
+       uint8_t bits[1000] = {0x00};\r
+       uint8_t * bitstream = bits;\r
        \r
-       // Askdemod\r
-       //Cmdaskdemod("1");\r
+       manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream);\r
+       RepaintGraphWindow();\r
 \r
+       uint8_t si = 5;\r
+       uint32_t bl0     = PackBits(si, 32, bitstream);\r
+       uint32_t bl1     = PackBits(si+32, 32, bitstream);\r
+       \r
+       uint32_t acl     = PackBits(si,  8, bitstream);\r
+       si += 8;\r
+       uint32_t mfc     = PackBits(si, 8, bitstream);\r
+       si += 8;\r
+       uint32_t cid     = PackBits(si, 5, bitstream);\r
+       si += 5;\r
+       uint32_t icr     = PackBits(si, 3, bitstream);\r
+       si += 3;\r
+       uint32_t year    = PackBits(si, 4, bitstream);\r
+       si += 4;\r
+       uint32_t quarter = PackBits(si, 2, bitstream);\r
+       si += 2;\r
+       uint32_t num     = PackBits(si, 12, bitstream);\r
+       si += 12;\r
+       uint32_t wafer   = PackBits(si, 5, bitstream);\r
+       si += 5;\r
+       uint32_t dw      = PackBits(si, 15, bitstream);\r
+       \r
+       PrintAndLog("");\r
+       PrintAndLog("-- T55xx Trace Information ----------------------------------");\r
+       PrintAndLog("-------------------------------------------------------------");\r
+       PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1)  : 0x%02X (%d)", acl, acl);\r
+       PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6)    : 0x%02X (%d)", mfc, mfc);\r
+       PrintAndLog(" CID                                     : 0x%02X (%d)", cid, cid);\r
+       PrintAndLog(" ICR IC Revision                         : %d",icr );\r
+       PrintAndLog(" Manufactured");\r
+       PrintAndLog("     Year/Quarter : %d/%d",2000+year, quarter );\r
+       PrintAndLog("     Number       : %d", num );\r
+       PrintAndLog("     Wafer number : %d", wafer);\r
+       PrintAndLog("     Die Number   : %d", dw);\r
+       PrintAndLog("-------------------------------------------------------------");\r
+       PrintAndLog(" Raw Data");\r
+       PrintAndLog("     Block 0  : %08X", bl0);\r
+       PrintAndLog("     Block 1  : %08X", bl1);\r
+       PrintAndLog("-------------------------------------------------------------");\r
+       /*\r
+       TRACE - BLOCK O\r
+               Bits    Definition                                                              HEX\r
+               1-8             ACL Allocation class (ISO/IEC 15963-1)  0xE0 \r
+               9-16    MFC Manufacturer ID (ISO/IEC 7816-6)    0x15 Atmel Corporation\r
+               17-21   CID                                                                             0x1 = Atmel ATA5577M1  0x2 = Atmel ATA5577M2 \r
+               22-24   ICR IC revision\r
+               25-28   YEAR (BCD encoded)                                              9 (= 2009)\r
+               29-30   QUARTER                                                                 1,2,3,4 \r
+               31-32   Number\r
+       \r
+       TRACE - BLOCK 1\r
+               1-12    Number\r
+               13-17   Wafer number\r
+               18-32   DW,  die number sequential\r
+       */\r
+       \r
+  return 0;\r
+}\r
 \r
-       uint8_t bits[1000];\r
+int CmdInfo(const char *Cmd){\r
+       /*\r
+               Page 0 Block 0 Configuration data.\r
+               Normal mode\r
+               Extended mode\r
+       */\r
+       // läs block 0 -  data finns i graphbuff\r
+       CmdReadBlk("0");\r
+       \r
+       uint8_t bits[1000] = {0x00};\r
        uint8_t * bitstream = bits;\r
-       memset(bitstream, 0x00, sizeof(bits));\r
        \r
        manchester_decode(GraphBuffer, LF_TRACE_BUFF_SIZE, bitstream);\r
+       \r
+       uint8_t si = 5;\r
+       uint32_t bl0     = PackBits(si, 32, bitstream);\r
+       \r
+       uint32_t safer   = PackBits(si, 4, bitstream); si += 4; \r
+       uint32_t resv   = PackBits(si, 7, bitstream); si += 7;\r
+       uint32_t dbr   = PackBits(si, 3, bitstream); si += 3;\r
+       uint32_t extend   = PackBits(si, 1, bitstream); si += 1;\r
+       uint32_t datamodulation   = PackBits(si, 5, bitstream); si += 5;\r
+       uint32_t pskcf   = PackBits(si, 2, bitstream); si += 2;\r
+       uint32_t aor   = PackBits(si, 1, bitstream); si += 1;   \r
+       uint32_t otp   = PackBits(si, 1, bitstream); si += 1;   \r
+       uint32_t maxblk   = PackBits(si, 3, bitstream); si += 3;\r
+       uint32_t pwd   = PackBits(si, 1, bitstream); si += 1;   \r
+       uint32_t sst   = PackBits(si, 1, bitstream); si += 1;   \r
+       uint32_t fw   = PackBits(si, 1, bitstream); si += 1;\r
+       uint32_t inv   = PackBits(si, 1, bitstream); si += 1;   \r
+       uint32_t por   = PackBits(si, 1, bitstream); si += 1;\r
                \r
-  return 0;\r
+       PrintAndLog("");\r
+       PrintAndLog("-- T55xx Configuration --------------------------------------");\r
+       PrintAndLog("-------------------------------------------------------------");\r
+       PrintAndLog(" Safer key                 : %s", GetSaferStr(safer));\r
+       PrintAndLog(" reserved                  : %d", resv);\r
+       PrintAndLog(" Data bit rate             : %s", GetBitRateStr(dbr));\r
+       PrintAndLog(" eXtended mode             : %s", (extend) ? "Yes - Warning":"No");\r
+       PrintAndLog(" Modulation                : %s", GetModulationStr(datamodulation) );\r
+       PrintAndLog(" PSK clock freq            : %d", pskcf);\r
+       PrintAndLog(" AOR - Answer on Request   : %s", (aor) ? "Yes":"No");\r
+       PrintAndLog(" OTP - One Time Pad        : %s", (otp) ? "Yes - Warning":"No" );\r
+       PrintAndLog(" Max block                 : %d", maxblk);\r
+       PrintAndLog(" Password mode             : %s", (pwd) ? "Yes":"No");\r
+       PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No");\r
+       PrintAndLog(" Fast Write                : %s", (fw) ? "Yes":"No");\r
+       PrintAndLog(" Inverse data              : %s", (inv) ? "Yes":"No");\r
+       PrintAndLog(" POR-Delay                 : %s", (por) ? "Yes":"No");\r
+       PrintAndLog("-------------------------------------------------------------");\r
+       PrintAndLog(" Raw Data");\r
+       PrintAndLog("     Block 0  : 0x%08X", bl0);\r
+       PrintAndLog("-------------------------------------------------------------");\r
+       \r
+       return 0;\r
+}\r
+\r
+char * GetBitRateStr(uint32_t id){\r
+       static char buf[40];\r
+       char *retStr = buf;\r
+               switch (id){\r
+               case 0: \r
+                       sprintf(retStr,"%d - RF/8",id);\r
+                       break;\r
+               case 1:\r
+                       sprintf(retStr,"%d - RF/16",id);\r
+                       break;\r
+               case 2:         \r
+                       sprintf(retStr,"%d - RF/32",id);\r
+                       break;\r
+               case 3:\r
+                       sprintf(retStr,"%d - RF/40",id);\r
+                       break;\r
+               case 4:\r
+                       sprintf(retStr,"%d - RF/50",id);\r
+                       break;\r
+               case 5:\r
+                       sprintf(retStr,"%d - RF/64",id);\r
+                       break;\r
+               case 6:\r
+                       sprintf(retStr,"%d - RF/100",id);\r
+                       break;\r
+               case 7:\r
+                       sprintf(retStr,"%d - RF/128",id);\r
+                       break;\r
+               default:\r
+                       sprintf(retStr,"%d - (Unknown)",id);\r
+                       break;\r
+               }\r
+\r
+       return buf;\r
+}\r
+\r
+\r
+char * GetSaferStr(uint32_t id){\r
+       static char buf[40];\r
+       char *retStr = buf;\r
+       \r
+       sprintf(retStr,"%d",id);\r
+       if (id == 6) {\r
+               sprintf(retStr,"%d - pasdwd",id);\r
+       }\r
+       if (id == 9 ){\r
+               sprintf(retStr,"%d - testmode ",id);\r
+       }\r
+       \r
+       return buf;\r
+}\r
+char * GetModulationStr( uint32_t id){\r
+       static char buf[40];\r
+       char *retStr = buf;\r
+       \r
+       switch (id){\r
+               case 0: \r
+                       sprintf(retStr,"%d - direct",id);\r
+                       break;\r
+               case 1:\r
+                       sprintf(retStr,"%d - PSK 1 phase change when input changes",id);\r
+                       break;\r
+               case 2:         \r
+                       sprintf(retStr,"%d - PSK 2 phase change on bitclk if input high",id);\r
+                       break;\r
+               case 3:\r
+                       sprintf(retStr,"%d - PSK 3 phase change on rising edge of input",id);\r
+                       break;\r
+               case 4:\r
+                       sprintf(retStr,"%d - FSK 1 RF/8  RF/5",id);\r
+                       break;\r
+               case 5:\r
+                       sprintf(retStr,"%d - FSK 2 RF/8  RF/10",id);\r
+                       break;\r
+               case 6:\r
+                       sprintf(retStr,"%d - FSK 1a RF/5  RF/8",id);\r
+                       break;\r
+               case 7:\r
+                       sprintf(retStr,"%d - FSK 2a RF/10  RF/8",id);\r
+                       break;\r
+               case 8:\r
+                       sprintf(retStr,"%d - Manschester",id);\r
+                       break;\r
+               case 16:\r
+                       sprintf(retStr,"%d - Biphase",id);\r
+                       break;\r
+               case 17:\r
+                       sprintf(retStr,"%d - Reserved",id);\r
+                       break;\r
+               default:\r
+                       sprintf(retStr,"0x%02X (Unknown)",id);\r
+                       break;\r
+               }\r
+       return buf;\r
+}\r
+\r
+\r
+uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){\r
+       \r
+       int i = start;\r
+       int j = len-1;\r
+       uint32_t tmp = 0;\r
+       for (; j >= 0; --j, ++i){\r
+               tmp     |= bits[i] << j;\r
+       }\r
+       return tmp;\r
 }\r
 \r
 static command_t CommandTable[] =\r
@@ -218,6 +415,7 @@ static command_t CommandTable[] =
   {"wr",     CmdWriteBlk,    0, "<Data> <Block> -- Write T55xx block data (page 0)"},\r
   {"wrPWD",  CmdWriteBlkPWD, 0, "<Data> <Block> <Password> -- Write T55xx block data in password mode(page 0)"},\r
   {"trace",  CmdReadTrace,   0, "Read T55xx traceability data (page 1)"},\r
+  {"info",   CmdInfo,        0, "Read T55xx configuration data (page 0 / block 0"},\r
   {NULL, NULL, 0, NULL}\r
 };\r
 \r
index 25503e8708f5c4fc0303e73824071c4451e564b5..d7be8add1384877de705ad7d58c59bc071b04f02 100644 (file)
@@ -17,5 +17,9 @@ int CmdReadBlkPWD(const char *Cmd);
 int CmdWriteBlk(const char *Cmd);\r
 int CmdWriteBLkPWD(const char *Cmd);\r
 int CmdReadTrace(const char *Cmd);\r
-\r
+int CmdInfo(const char *Cmd);\r
+char * GetBitRateStr(uint32_t id);\r
+char * GetSaferStr(uint32_t id);\r
+char * GetModulationStr( uint32_t id);\r
+uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bitstream);\r
 #endif\r
index 4f1b5d8592110011537405abf23c4669b36a30a3..b4e85575e16a213992395767e8219d0d4ff134d4 100644 (file)
 #include <stdarg.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <stdbool.h>
 #include <time.h>
 #include <readline/readline.h>
 #include <pthread.h>
-
 #include "ui.h"
+#include "loclass/cipherutils.h"
 
 double CursorScaleFactor;
 int PlotGridX, PlotGridY, PlotGridXdefault= 64, PlotGridYdefault= 64;
@@ -85,22 +86,20 @@ void PrintAndLog(char *fmt, ...)
        pthread_mutex_unlock(&print_lock);  
 }
 
-
 void SetLogFilename(char *fn)
 {
   logfilename = fn;
 }
 
-
-int manchester_decode(const int * data, const size_t len, uint8_t * dataout){
+int manchester_decode( int * data, const size_t len, uint8_t * dataout){
        
        int bitlength = 0;
        int i, clock, high, low, startindex;
        low = startindex = 0;
        high = 1;
        uint8_t bitStream[len];
-
-       memset(bitStream, 0x00, len);   
+       
+       memset(bitStream, 0x00, len);
        
        /* Detect high and lows */
        for (i = 0; i < len; i++) {
@@ -112,19 +111,18 @@ int manchester_decode(const int * data, const size_t len, uint8_t * dataout){
        
        /* get clock */
        clock = GetT55x7Clock( data, len, high );       
-       startindex = DetectFirstTransition(data, len, high, low);
+       startindex = DetectFirstTransition(data, len, high);
   
-       PrintAndLog(" Clock      : %d", clock);
-       PrintAndLog(" startindex : %d", startindex);
+       PrintAndLog(" Clock       : %d", clock);
+       PrintAndLog(" startindex  : %d", startindex);
        
        if (high != 1)
                bitlength = ManchesterConvertFrom255(data, len, bitStream, high, low, clock, startindex);
        else
                bitlength= ManchesterConvertFrom1(data, len, bitStream, clock, startindex);
 
-       if ( bitlength > 0 ){
+       if ( bitlength > 0 )
                PrintPaddedManchester(bitStream, bitlength, clock);
-       }
 
        memcpy(dataout, bitStream, bitlength);
        
@@ -171,80 +169,112 @@ int manchester_decode(const int * data, const size_t len, uint8_t * dataout){
                break;
                default:  break;
        }
-       return 32;
+       
+       PrintAndLog(" Found Clock : %d  - trying to adjust", clock);
+       
+       // When detected clock is 31 or 33 then then return 
+       int clockmod = clock%8;
+       if ( clockmod == 7 ) 
+               clock += 1;
+       else if ( clockmod == 1 )
+               clock -= 1;
+       
+       return clock;
  }
  
- int DetectFirstTransition(const int * data, const size_t len, int high, int low){
+ int DetectFirstTransition(const int * data, const size_t len, int threshold){
 
-       int i, retval;
-       retval = 0;
-       /* 
-               Detect first transition Lo-Hi (arbitrary)       
-               skip to the first high
-       */
-         for (i = 0; i < len; ++i)
-               if (data[i] == high)
-                 break;
-                 
-         /* now look for the first low */
-         for (; i < len; ++i) {
-               if (data[i] == low) {
-                       retval = i;
+       int i =0;
+       /* now look for the first threshold */
+       for (; i < len; ++i) {
+               if (data[i] == threshold) {
                        break;
                }
-         }
-       return retval;
+       }
+       return i;
  }
 
  int ManchesterConvertFrom255(const int * data, const size_t len, uint8_t * dataout, int high, int low, int clock, int startIndex){
 
-       int i, j, hithigh, hitlow, first, bit, bitIndex;
-       i = startIndex;
+       int i, j, z, hithigh, hitlow, bitIndex, startType;
+       i = 0;
        bitIndex = 0;
+       
+       int isDamp = 0;
+       int damplimit = (int)((high / 2) * 0.3);
+       int dampHi =  (high/2)+damplimit;
+       int dampLow = (high/2)-damplimit;
+       int firstST = 0;
 
-       /*
-       * We assume the 1st bit is zero, it may not be
-       * the case: this routine (I think) has an init problem.
-       * Ed.
-       */
-       bit = 0; 
-
+       // i = clock frame of data
        for (; i < (int)(len / clock); i++)
        {
                hithigh = 0;
                hitlow = 0;
-               first = 1;
-
+               startType = -1;
+               z = startIndex + (i*clock);
+               isDamp = 0;
+               
+       
                /* Find out if we hit both high and low peaks */
                for (j = 0; j < clock; j++)
-               {
-                       if (data[(i * clock) + j] == high)
+               {               
+                       if (data[z+j] == high){
                                hithigh = 1;
-                       else if (data[(i * clock) + j] == low)
+                               if ( startType == -1)
+                                       startType = 1;
+                       }
+                       
+                       if (data[z+j] == low ){
                                hitlow = 1;
-
-                       /* it doesn't count if it's the first part of our read
-                          because it's really just trailing from the last sequence */
-                       if (first && (hithigh || hitlow))
-                         hithigh = hitlow = 0;
-                       else
-                         first = 0;
-
+                               if ( startType == -1)
+                                       startType = 0;
+                       } 
+               
                        if (hithigh && hitlow)
                          break;
                }
+               
+               // No high value found, are we in a dampening field?
+               if ( !hithigh ) {
+                       //PrintAndLog(" # Entering damp test at index : %d (%d)", z+j, j);
+                       for (j = 0; j < clock/2; j++)
+                       {
+                               if ( 
+                                    (data[z+j] <= dampHi && data[z+j] >= dampLow)
+                                  ){
+                                  isDamp = 1;
+                               }
+                               else 
+                                  isDamp = 0;
+                       }
+               }
 
-               /* If we didn't hit both high and low peaks, we had a bit transition */
-               if (!hithigh || !hitlow)
-                       bit ^= 1;
-
-               dataout[bitIndex++] = bit;
+               /*  Manchester Switching..
+                       0: High -> Low   
+                       1: Low -> High  
+               */
+               if (startType == 0)
+                       dataout[bitIndex++] = 1;
+               else if (startType == 1) 
+                       dataout[bitIndex++] = 0;
+               else
+                       dataout[bitIndex++] = 2;
+                       
+               if ( isDamp ) {
+                       firstST++;
+               }
+               
+               if ( firstST == 4)
+                       break;
        }
        return bitIndex;
  }
  
  int ManchesterConvertFrom1(const int * data, const size_t len, uint8_t * dataout, int clock, int startIndex){
 
+       PrintAndLog(" Path B");
        int i,j, bitindex, lc, tolerance, warnings;
        warnings = 0;
        int upperlimit = len*2/clock+8;
@@ -253,7 +283,7 @@ int manchester_decode(const int * data, const size_t len, uint8_t * dataout){
        tolerance = clock/4;
        uint8_t decodedArr[len];
        
-       /* Then detect duration between 2 successive transitions */
+       /* Detect duration between 2 successive transitions */
        for (bitindex = 1; i < len; i++) {
        
                if (data[i-1] != data[i]) {
@@ -350,19 +380,19 @@ int manchester_decode(const int * data, const size_t len, uint8_t * dataout){
        PrintAndLog("%s", sprint_hex(decodedArr, j));
 }
  
 void PrintPaddedManchester( uint8_t* bitStream, size_t len, size_t blocksize){
 
-         PrintAndLog(" Manchester decoded bitstream : %d bits", len);
+       PrintAndLog(" Manchester decoded  : %d bits", len);
          
-         uint8_t mod = len % blocksize;
-         uint8_t div = len / blocksize;
-         int i;
-         // Now output the bitstream to the scrollback by line of 16 bits
-         for (i = 0; i < div*blocksize; i+=blocksize) {
+       uint8_t mod = len % blocksize;
+       uint8_t div = len / blocksize;
+       int i;
+  
+       // Now output the bitstream to the scrollback by line of 16 bits
+       for (i = 0; i < div*blocksize; i+=blocksize) {
                PrintAndLog(" %s", sprint_bin(bitStream+i,blocksize) );
-         }
-         if ( mod > 0 ){
-               PrintAndLog(" %s", sprint_bin(bitStream+i, mod) );
-         }
-}
+       }
+       
+       if ( mod > 0 )
+               PrintAndLog(" %s", sprint_bin(bitStream+i, mod) );      
+}
\ No newline at end of file
index f599ef3c559c3b1466d06cd8152c34cfd0802545..823dccc2e1db1041344f202ebfb624e1d6b22925 100644 (file)
@@ -25,9 +25,9 @@ extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault;
 extern int offline;
 extern int flushAfterWrite;   //buzzy
 
-int manchester_decode(const int * data, const size_t len, uint8_t * dataout);
+int manchester_decode( int * data, const size_t len, uint8_t * dataout);
 int GetT55x7Clock( const int * data, const size_t len, int high );
-int DetectFirstTransition(const int * data, const size_t len, int high, int low);
+int DetectFirstTransition(const int * data, const size_t len, int low);
 void PrintPaddedManchester( uint8_t * bitStream, size_t len, size_t blocksize);
 void ManchesterDiffDecodedString( const uint8_t *bitStream, size_t len, uint8_t invert );
 int ManchesterConvertFrom255(const int * data, const size_t len, uint8_t * dataout, int high, int low, int clock, int startIndex);
index 2b2bb2fbd7c47fa514d5d2c05dadd890b9a69400..b30294a8e940dff2a3cc717f7f77f9eda1d1165b 100644 (file)
@@ -69,7 +69,7 @@ INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gp
 CFLAGS =  -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) -Os
 LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n
 
-LIBS = -lgcc
+LIBS = -lgcc 
 
 THUMBOBJ = $(patsubst %.c,$(OBJDIR)/%.o,$(THUMBSRC))
 ARMOBJ   = $(ARMSRC:%.c=$(OBJDIR)/%.o)
index 912ca9ffe04c4c4d240a1b8d14b98900928de898..c163c5c5ff26852b2cb16be35f552f7c88515064 100644 (file)
@@ -1,9 +1,10 @@
 #ifndef __DESFIRE_H
 #define __DESFIRE_H
 
+#include <string.h>
+#include <stdarg.h>
+
 #include "aes.h"
-#define DESFIRE(tag) ((struct desfire_tag *) tag)
-#define DESFIRE_KEY(key) ((struct desfire_key *) key)
 
 #define MAX_CRYPTO_BLOCK_SIZE 16
 /* Mifare DESFire EV1 Application crypto operations */
@@ -65,8 +66,9 @@ enum DESFIRE_CRYPTOALGO {
        T_AES = 0x03
 };
 
-struct desfire_key {
 
+#define DESFIRE_KEY(key) ((struct desfire_key *) key)
+struct desfire_key {
     enum DESFIRE_CRYPTOALGO type;
     uint8_t data[24];
     // DES_key_schedule ks1;
@@ -77,9 +79,9 @@ struct desfire_key {
     uint8_t cmac_sk2[24];
     uint8_t aes_version;
 };
-
 typedef struct desfire_key *desfirekey_t;
 
+#define DESFIRE(tag) ((struct desfire_tag *) tag)
 struct desfire_tag {
     iso14a_card_select_t info;
     int active;
diff --git a/cp2tau b/cp2tau
new file mode 100644 (file)
index 0000000..8b6ee4b
--- /dev/null
+++ b/cp2tau
@@ -0,0 +1,4 @@
+cp armsrc/obj/*.elf /z
+cp armsrc/obj/*.s19 /z
+cp bootrom/obj/*.elf /z
+cp bootrom/obj/*.s19 /z
diff --git a/iceman.txt b/iceman.txt
new file mode 100644 (file)
index 0000000..e69de29
Impressum, Datenschutz