From: iceman1001 <iceman@iuse.se>
Date: Mon, 5 Jan 2015 14:51:27 +0000 (+0100)
Subject: CHG: generic code clean up. Removal of commented code.
X-Git-Tag: v2.0.0-rc1~63
X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/3fe4ff4f0329d6bde9585b77966d42dfc3f612f5?ds=sidebyside;hp=6f101995b633112d092b4f61b9fb2345f85ba353
CHG: generic code clean up. Removal of commented code.
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD: tnp3xx support
ADD: nxp tag idents.
ADD: identifiction of chinese backdoor commands to hf 14a reader.
---
diff --git a/armsrc/Makefile b/armsrc/Makefile
index 6f0a2aef..f87cf0a1 100644
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@@ -24,7 +24,8 @@ THUMBSRC = start.c \
$(SRC_LCD) \
$(SRC_ISO15693) \
$(SRC_LF) \
- appmain.c printf.c \
+ appmain.c \
+ printf.c \
util.c \
string.c \
usb_cdc.c \
diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 57c485e8..3c92a7fd 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -82,40 +82,12 @@ void DbpString(char *str)
{
byte_t len = strlen(str);
cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
-// /* this holds up stuff unless we're connected to usb */
-// if (!UsbConnected())
-// return;
-//
-// UsbCommand c;
-// c.cmd = CMD_DEBUG_PRINT_STRING;
-// c.arg[0] = strlen(str);
-// if(c.arg[0] > sizeof(c.d.asBytes)) {
-// c.arg[0] = sizeof(c.d.asBytes);
-// }
-// memcpy(c.d.asBytes, str, c.arg[0]);
-//
-// UsbSendPacket((uint8_t *)&c, sizeof(c));
-// // TODO fix USB so stupid things like this aren't req'd
-// SpinDelay(50);
}
#if 0
void DbpIntegers(int x1, int x2, int x3)
{
cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
-// /* this holds up stuff unless we're connected to usb */
-// if (!UsbConnected())
-// return;
-//
-// UsbCommand c;
-// c.cmd = CMD_DEBUG_PRINT_INTEGERS;
-// c.arg[0] = x1;
-// c.arg[1] = x2;
-// c.arg[2] = x3;
-//
-// UsbSendPacket((uint8_t *)&c, sizeof(c));
-// // XXX
-// SpinDelay(50);
}
#endif
@@ -332,7 +304,7 @@ extern struct version_information version_information;
extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
void SendVersion(void)
{
- char temp[256]; /* Limited data payload in USB packets */
+ char temp[512]; /* Limited data payload in USB packets */
DbpString("Prox/RFID mark3 RFID instrument");
/* Try to find the bootrom version information. Expect to find a pointer at
@@ -381,13 +353,13 @@ void SamyRun()
int selected = 0;
int playing = 0;
+ int cardRead = 0;
// Turn on selected LED
LED(selected + 1, 0);
for (;;)
{
-// UsbPoll(FALSE);
usb_poll();
WDT_HIT();
@@ -396,7 +368,7 @@ void SamyRun()
SpinDelay(300);
// Button was held for a second, begin recording
- if (button_pressed > 0)
+ if (button_pressed > 0 && cardRead == 0)
{
LEDsoff();
LED(selected + 1, 0);
@@ -422,6 +394,40 @@ void SamyRun()
// If we were previously playing, set playing off
// so next button push begins playing what we recorded
playing = 0;
+
+ cardRead = 1;
+
+ }
+
+ else if (button_pressed > 0 && cardRead == 1)
+ {
+ LEDsoff();
+ LED(selected + 1, 0);
+ LED(LED_ORANGE, 0);
+
+ // record
+ Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
+
+ // wait for button to be released
+ while(BUTTON_PRESS())
+ WDT_HIT();
+
+ /* need this delay to prevent catching some weird data */
+ SpinDelay(500);
+
+ CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
+ Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
+
+ LEDsoff();
+ LED(selected + 1, 0);
+ // Finished recording
+
+ // If we were previously playing, set playing off
+ // so next button push begins playing what we recorded
+ playing = 0;
+
+ cardRead = 0;
+
}
// Change where to record (or begin playing)
@@ -635,18 +641,18 @@ void UsbPacketReceived(uint8_t *packet, int len)
cmd_send(CMD_ACK,0,0,0,0,0);
break;
case CMD_HID_DEMOD_FSK:
- CmdHIDdemodFSK(c->arg[0], 0, 0, 1); // Demodulate HID tag
+ CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
break;
case CMD_HID_SIM_TAG:
- CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
+ CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
break;
- case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
+ case CMD_HID_CLONE_TAG:
CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;
case CMD_IO_DEMOD_FSK:
- CmdIOdemodFSK(c->arg[0], 0, 0, 1); // Demodulate IO tag
+ CmdIOdemodFSK(c->arg[0], 0, 0, 1);
break;
- case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
+ case CMD_IO_CLONE_TAG:
CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
break;
case CMD_EM410X_DEMOD:
@@ -669,10 +675,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_LF_SIMULATE_BIDIR:
SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
break;
- case CMD_INDALA_CLONE_TAG: // Clone Indala 64-bit tag by UID to T55x7
+ case CMD_INDALA_CLONE_TAG:
CopyIndala64toT55x7(c->arg[0], c->arg[1]);
break;
- case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
+ case CMD_INDALA_CLONE_TAG_L:
CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
break;
case CMD_T55XX_READ_BLOCK:
@@ -681,13 +687,12 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_T55XX_WRITE_BLOCK:
T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;
- case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
+ case CMD_T55XX_READ_TRACE:
T55xxReadTrace();
break;
- case CMD_PCF7931_READ: // Read PCF7931 tag
+ case CMD_PCF7931_READ:
ReadPCF7931();
cmd_send(CMD_ACK,0,0,0,0,0);
-// UsbSendPacket((uint8_t*)&ack, sizeof(ack));
break;
case CMD_EM4X_READ_WORD:
EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
@@ -733,7 +738,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
ReaderIso15693(c->arg[0]);
break;
case CMD_SIMTAG_ISO_15693:
- SimTagIso15693(c->arg[0]);
+ SimTagIso15693(c->arg[0], c->d.asBytes);
break;
#endif
@@ -782,6 +787,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_SIMULATE_TAG_ISO_14443a:
SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
break;
+
case CMD_EPA_PACE_COLLECT_NONCE:
EPA_PACE_Collect_Nonce(c);
break;
@@ -838,12 +844,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
// Work with "magic Chinese" card
- case CMD_MIFARE_EML_CSETBLOCK:
+ case CMD_MIFARE_CSETBLOCK:
MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
- case CMD_MIFARE_EML_CGETBLOCK:
+ case CMD_MIFARE_CGETBLOCK:
MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
+ case CMD_MIFARE_CIDENT:
+ MifareCIdent();
+ break;
// mifare sniffer
case CMD_MIFARE_SNIFFER:
@@ -894,18 +903,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
-// UsbCommand n;
-// if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
-// n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
-// } else {
-// n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
-// }
-// n.arg[0] = c->arg[0];
- // memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
- // LED_B_ON();
- // usb_write((uint8_t *)&n, sizeof(n));
- // UsbSendPacket((uint8_t *)&n, sizeof(n));
- // LED_B_OFF();
LED_B_ON();
for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
@@ -919,9 +916,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
uint8_t *b = (uint8_t *)BigBuf;
- memcpy(b+c->arg[0], c->d.asBytes, 48);
- //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
-// UsbSendPacket((uint8_t*)&ack, sizeof(ack));
+ memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
cmd_send(CMD_ACK,0,0,0,0,0);
break;
}
@@ -979,7 +974,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_DEVICE_INFO: {
uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
-// UsbSendPacket((uint8_t*)&c, sizeof(c));
cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
break;
}
@@ -1006,9 +1000,8 @@ void __attribute__((noreturn)) AppMain(void)
LED_B_OFF();
LED_A_OFF();
- // Init USB device`
+ // Init USB device
usb_enable();
-// UsbStart();
// The FPGA gets its clock from us from PCK0 output, so set that up.
AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
@@ -1044,8 +1037,6 @@ void __attribute__((noreturn)) AppMain(void)
UsbPacketReceived(rx,rx_len);
}
}
-// UsbPoll(FALSE);
-
WDT_HIT();
#ifdef WITH_LF
diff --git a/armsrc/apps.h b/armsrc/apps.h
index ed51c7b9..eafee559 100644
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -192,12 +192,13 @@ void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
+void MifareCIdent(); // is "magic chinese" card?
/// iso15693.h
void RecordRawAdcSamplesIso15693(void);
void AcquireRawAdcSamplesIso15693(void);
void ReaderIso15693(uint32_t parameter); // Simulate an ISO15693 reader - greg
-void SimTagIso15693(uint32_t parameter); // simulate an ISO15693 tag - greg
+void SimTagIso15693(uint32_t parameter, uint8_t *uid); // simulate an ISO15693 tag - greg
void BruteforceIso15693Afi(uint32_t speed); // find an AFI of a tag - atrox
void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8_t data[]); // send arbitrary commands from CLI - atrox
void SetDebugIso15693(uint32_t flag);
diff --git a/armsrc/epa.c b/armsrc/epa.c
index fb19656d..bec79e61 100644
--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@@ -185,6 +185,7 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
+ Dbprintf("epa - no select cardaccess");
return -1;
}
@@ -196,6 +197,7 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
+ Dbprintf("epa - no read cardaccess");
return -1;
}
@@ -223,7 +225,6 @@ static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
// send the USB packet
cmd_send(CMD_ACK,step,func_return,0,0,0);
-//UsbSendPacket((void *)ack, sizeof(UsbCommand));
}
//-----------------------------------------------------------------------------
@@ -243,7 +244,7 @@ void EPA_PACE_Collect_Nonce(UsbCommand *c)
*/
// return value of a function
- int func_return;
+ int func_return = 0;
// // initialize ack with 0s
// memset(ack->arg, 0, 12);
@@ -301,7 +302,6 @@ void EPA_PACE_Collect_Nonce(UsbCommand *c)
// save received information
// ack->arg[1] = func_return;
// memcpy(ack->d.asBytes, nonce, func_return);
-// UsbSendPacket((void *)ack, sizeof(UsbCommand));
cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
}
@@ -416,25 +416,27 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
//-----------------------------------------------------------------------------
int EPA_Setup()
{
- // return code
+
int return_code = 0;
- // card UID
uint8_t uid[10];
- // card select information
+ uint8_t pps_response[3];
+ uint8_t pps_response_par[1];
iso14a_card_select_t card_select_info;
+
// power up the field
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
+ iso14a_set_timeout(10500);
+
// select the card
return_code = iso14443a_select_card(uid, &card_select_info, NULL);
if (return_code != 1) {
+ Dbprintf("Epa: Can't select card");
return 1;
}
// send the PPS request
ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
- uint8_t pps_response[3];
- uint8_t pps_response_par[1];
return_code = ReaderReceive(pps_response, pps_response_par);
if (return_code != 3 || pps_response[0] != 0xD0) {
return return_code == 0 ? 2 : return_code;
diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c
index 839240bd..27a5d508 100644
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@@ -990,18 +990,18 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
// Disable timer during configuration
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
- // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
+ // Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
// external trigger rising edge, load RA on rising edge of TIOA.
AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING;
- // Enable and reset counter
- AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
-
// Reset the received frame, frame count and timing info
memset(rx,0x00,sizeof(rx));
frame_count = 0;
response = 0;
overflow = 0;
+
+ // Enable and reset counter
+ AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
while(!BUTTON_PRESS()) {
// Watchdog hit
@@ -1105,9 +1105,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-// Dbprintf("frame received: %d",frame_count);
-// Dbprintf("Authentication Attempts: %d",(auth_table_len/8));
-// DbpString("All done");
+
+ DbpString("Sim Stopped");
+
}
void ReaderHitag(hitag_function htf, hitag_data* htd) {
@@ -1158,7 +1158,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
case RHT2F_CRYPTO: {
DbpString("Authenticating using key:");
- memcpy(key,htd->crypto.key,4);
+ memcpy(key,htd->crypto.key,4); //HACK; 4 or 6?? I read both in the code.
Dbhexdump(6,key,false);
blocknr = 0;
bQuiet = false;
diff --git a/armsrc/iclass.c b/armsrc/iclass.c
index 3844ab14..625cf39b 100644
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -433,7 +433,6 @@ static RAMFUNC int ManchesterDecoding(int v)
else {
modulation = bit & Demod.syncBit;
modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
- //modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
Demod.samples += 4;
@@ -842,10 +841,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen)
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- /*if(OutOfNDecoding((b & 0xf0) >> 4)) {
- *len = Uart.byteCnt;
- return TRUE;
- }*/
+
if(OutOfNDecoding(b & 0x0f)) {
*len = Uart.byteCnt;
return TRUE;
@@ -1001,8 +997,6 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
*/
int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf)
{
-
-
// CSN followed by two CRC bytes
uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0};
@@ -1106,6 +1100,7 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
//Signal tracer
// Can be used to get a trigger for an oscilloscope..
LED_C_OFF();
+
if(!GetIClassCommandFromReader(receivedCmd, &len, 100)) {
buttonPressed = true;
break;
@@ -1368,7 +1363,6 @@ void ReaderTransmitIClass(uint8_t* frame, int len)
int samples = 0;
// This is tied to other size changes
- // uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
CodeIClassCommand(frame,len);
// Select the card
@@ -1423,10 +1417,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
skip = !skip;
if(skip) continue;
- /*if(ManchesterDecoding((b>>4) & 0xf)) {
- *samples = ((c - 1) << 3) + 4;
- return TRUE;
- }*/
+
if(ManchesterDecoding(b & 0x0f)) {
*samples = c << 3;
return TRUE;
diff --git a/armsrc/iso14443.c b/armsrc/iso14443.c
index 7a445bcb..e9483189 100644
--- a/armsrc/iso14443.c
+++ b/armsrc/iso14443.c
@@ -293,8 +293,7 @@ static int GetIso14443CommandFromReader(uint8_t *received, int *len, int maxLen)
// only, since we are receiving, not transmitting).
// Signal field is off with the appropriate LED
LED_D_OFF();
- FpgaWriteConfWord(
- FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
// Now run a `software UART' on the stream of incoming samples.
@@ -401,8 +400,7 @@ void SimulateIso14443Tag(void)
// Modulate BPSK
// Signal field is off with the appropriate LED
LED_D_OFF();
- FpgaWriteConfWord(
- FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
AT91C_BASE_SSC->SSC_THR = 0xff;
FpgaSetupSsc();
diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index a4632aa5..c2f809fe 100644
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -144,7 +144,6 @@ const uint8_t OddByteParity[256] = {
1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
};
-
void iso14a_set_trigger(bool enable) {
trigger = enable;
}
@@ -310,6 +309,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
Uart.twoBits = (Uart.twoBits << 8) | bit;
if (Uart.state == STATE_UNSYNCD) { // not yet synced
+
if (Uart.highCnt < 7) { // wait for a stable unmodulated signal
if (Uart.twoBits == 0xffff) {
Uart.highCnt++;
@@ -399,7 +399,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
if (Uart.len) {
return TRUE; // we are finished with decoding the raw data sequence
} else {
- UartReset(); // Nothing received - try again
+ UartReset(); // Nothing receiver - start over
}
}
if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC
@@ -473,7 +473,6 @@ void DemodReset()
Demod.endTime = 0;
}
-
void DemodInit(uint8_t *data, uint8_t *parity)
{
Demod.output = data;
@@ -763,7 +762,6 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par
// Send startbit
ToSend[++ToSendMax] = SEC_D;
-
LastProxToAirDuration = 8 * ToSendMax - 4;
for(uint16_t i = 0; i < len; i++) {
@@ -990,6 +988,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
response1[1] = 0x00;
sak = 0x28;
} break;
+ case 5: { // MIFARE TNP3XXX
+ // Says: I am a toy
+ response1[0] = 0x01;
+ response1[1] = 0x0f;
+ sak = 0x01;
+ } break;
default: {
Dbprintf("Error: unkown tagtype (%d)",tagType);
return;
@@ -1123,7 +1127,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
p_response = NULL;
} else if(receivedCmd[0] == 0x50) { // Received a HALT
-// DbpString("Reader requested we HALT!:");
+
if (tracing) {
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
}
@@ -1228,6 +1232,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
// do the tracing for the previous reader request and this tag answer:
uint8_t par[MAX_PARITY_SIZE];
GetParity(p_response->response, p_response->response_n, par);
+
EmLogTrace(Uart.output,
Uart.len,
Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
@@ -1308,13 +1313,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
// clear TXRDY
AT91C_BASE_SSC->SSC_THR = SEC_Y;
- // for(uint16_t c = 0; c < 10;) { // standard delay for each transfer (allow tag to be ready after last transmission)
- // if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
- // AT91C_BASE_SSC->SSC_THR = SEC_Y;
- // c++;
- // }
- // }
-
uint16_t c = 0;
for(;;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
@@ -1327,7 +1325,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
}
NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
-
}
@@ -1669,7 +1666,6 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive
void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
{
-
CodeIso14443aBitsAsReaderPar(frame, bits, par);
// Send command to tag
@@ -1744,7 +1740,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
// Receive the ATQA
if(!ReaderReceive(resp, resp_par)) return 0;
- //Dbprintf("atqa: %02x %02x",resp[1],resp[0]);
if(p_hi14a_card) {
memcpy(p_hi14a_card->atqa, resp, 2);
@@ -1800,7 +1795,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
memcpy(uid_resp, resp, 4);
}
uid_resp_len = 4;
- //Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
// calculate crypto UID. Always use last 4 Bytes.
if(cuid_ptr) {
@@ -1822,11 +1816,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
// http://www.nxp.com/documents/application_note/AN10927.pdf
- // This was earlier:
- //memcpy(uid_resp, uid_resp + 1, 3);
- // But memcpy should not be used for overlapping arrays,
- // and memmove appears to not be available in the arm build.
- // Therefore:
uid_resp[0] = uid_resp[1];
uid_resp[1] = uid_resp[2];
uid_resp[2] = uid_resp[3];
@@ -1849,9 +1838,8 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
p_hi14a_card->ats_len = 0;
}
- if( (sak & 0x20) == 0) {
- return 2; // non iso14443a compliant tag
- }
+ // non iso14443a compliant tag
+ if( (sak & 0x20) == 0) return 2;
// Request for answer to select
AppendCrc14443a(rats, 2);
@@ -1859,6 +1847,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
if (!(len = ReaderReceive(resp, resp_par))) return 0;
+
if(p_hi14a_card) {
memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
p_hi14a_card->ats_len = len;
@@ -1866,7 +1855,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
// reset the PCB block number
iso14_pcb_blocknum = 0;
-
return 1;
}
@@ -1957,7 +1945,7 @@ void ReaderIso14443a(UsbCommand *c)
}
if(param & ISO14A_SET_TIMEOUT) {
- iso14a_timeout = c->arg[2];
+ iso14a_set_timeout(c->arg[2]);
}
if(param & ISO14A_APDU) {
@@ -2047,8 +2035,8 @@ void ReaderMifare(bool first_try)
uint32_t nt = 0;
uint32_t previous_nt = 0;
static uint32_t nt_attacked = 0;
- byte_t par_list[8] = {0,0,0,0,0,0,0,0};
- byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
+ byte_t par_list[8] = {0x00};
+ byte_t ks_list[8] = {0x00};
static uint32_t sync_time;
static uint32_t sync_cycles;
@@ -2057,8 +2045,6 @@ void ReaderMifare(bool first_try)
uint16_t consecutive_resyncs = 0;
int isOK = 0;
-
-
if (first_try) {
mf_nr_ar3 = 0;
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c
index ed7beb6f..ec8120b9 100644
--- a/armsrc/iso15693.c
+++ b/armsrc/iso15693.c
@@ -263,13 +263,10 @@ static void TransmitTo15693Tag(const uint8_t *cmd, int len, int *samples, int *w
//-----------------------------------------------------------------------------
static void TransmitTo15693Reader(const uint8_t *cmd, int len, int *samples, int *wait)
{
- int c;
-
-// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR); // No requirement to energise my coils
+ int c = 0;
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);
if(*wait < 10) { *wait = 10; }
- c = 0;
for(;;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = cmd[c];
@@ -464,8 +461,7 @@ static int GetIso15693AnswerFromSniff(uint8_t *receivedResponse, int maxLen, int
AT91C_BASE_SSC->SSC_THR = 0x43;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- int8_t b;
- b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
+ int8_t b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
// The samples are correlations against I and Q versions of the
// tone that the tag AM-modulates, so every other sample is I,
@@ -600,10 +596,10 @@ static void BuildIdentifyRequest(void);
//-----------------------------------------------------------------------------
void AcquireRawAdcSamplesIso15693(void)
{
- int c = 0;
uint8_t *dest = (uint8_t *)BigBuf;
- int getNext = 0;
+ int c = 0;
+ int getNext = 0;
int8_t prev = 0;
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@@ -682,10 +678,10 @@ void AcquireRawAdcSamplesIso15693(void)
void RecordRawAdcSamplesIso15693(void)
{
+ uint8_t *dest = (uint8_t *)BigBuf;
+
int c = 0;
- uint8_t *dest = (uint8_t *)BigBuf;
int getNext = 0;
-
int8_t prev = 0;
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@@ -836,24 +832,25 @@ static void BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber )
}
// Now the VICC>VCD responses when we are simulating a tag
- static void BuildInventoryResponse(void)
+ static void BuildInventoryResponse( uint8_t *uid)
{
uint8_t cmd[12];
uint16_t crc;
// one sub-carrier, inventory, 1 slot, fast rate
// AFI is at bit 5 (1<<4) when doing an INVENTORY
- cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1);
- cmd[1] = 0;
+ //(1 << 2) | (1 << 5) | (1 << 1);
+ cmd[0] = 0; //
+ cmd[1] = 0; // DSFID (data storage format identifier). 0x00 = not supported
// 64-bit UID
- cmd[2] = 0x32;
- cmd[3]= 0x4b;
- cmd[4] = 0x03;
- cmd[5] = 0x01;
- cmd[6] = 0x00;
- cmd[7] = 0x10;
- cmd[8] = 0x05;
- cmd[9]= 0xe0;
+ cmd[2] = uid[7]; //0x32;
+ cmd[3] = uid[6]; //0x4b;
+ cmd[4] = uid[5]; //0x03;
+ cmd[5] = uid[4]; //0x01;
+ cmd[6] = uid[3]; //0x00;
+ cmd[7] = uid[2]; //0x10;
+ cmd[8] = uid[1]; //0x05;
+ cmd[9] = uid[0]; //0xe0;
//Now the CRC
crc = Crc(cmd, 10);
cmd[10] = crc & 0xff;
@@ -1002,23 +999,27 @@ void ReaderIso15693(uint32_t parameter)
LED_C_OFF();
LED_D_OFF();
-//DbpString(parameter);
-
- //uint8_t *answer0 = (((uint8_t *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)
uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
uint8_t *answer2 = (((uint8_t *)BigBuf) + 3760);
uint8_t *answer3 = (((uint8_t *)BigBuf) + 3860);
- //uint8_t *TagUID= (((uint8_t *)BigBuf) + 3960); // where we hold the uid for hi15reader
-// int answerLen0 = 0;
+
int answerLen1 = 0;
int answerLen2 = 0;
int answerLen3 = 0;
- int i=0; // counter
+ int i = 0;
+ int samples = 0;
+ int tsamples = 0;
+ int wait = 0;
+ int elapsed = 0;
+ uint8_t TagUID[8] = {0x00};
+
// Blank arrays
- memset(BigBuf + 3660, 0, 300);
+ memset(BigBuf + 3660, 0x00, 300);
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
// Setup SSC
FpgaSetupSsc();
@@ -1026,9 +1027,6 @@ void ReaderIso15693(uint32_t parameter)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(200);
- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
- FpgaSetupSsc();
-
// Give the tags time to energize
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
SpinDelay(200);
@@ -1038,44 +1036,19 @@ void ReaderIso15693(uint32_t parameter)
LED_C_OFF();
LED_D_OFF();
- int samples = 0;
- int tsamples = 0;
- int wait = 0;
- int elapsed = 0;
-
// FIRST WE RUN AN INVENTORY TO GET THE TAG UID
// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME
- uint8_t TagUID[8] = {0, 0, 0, 0, 0, 0, 0, 0}; // where we hold the uid for hi15reader
-
-// BuildIdentifyRequest();
-// //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
-// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
-// // Now wait for a response
-// responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ;
-// if (responseLen0 >=12) // we should do a better check than this
-// {
-// // really we should check it is a valid mesg
-// // but for now just grab what we think is the uid
-// TagUID[0] = receivedAnswer0[2];
-// TagUID[1] = receivedAnswer0[3];
-// TagUID[2] = receivedAnswer0[4];
-// TagUID[3] = receivedAnswer0[5];
-// TagUID[4] = receivedAnswer0[6];
-// TagUID[5] = receivedAnswer0[7];
-// TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code
-// DbpIntegers(TagUID[6],TagUID[5],TagUID[4]);
-//}
// Now send the IDENTIFY command
BuildIdentifyRequest();
- //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
- TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
+
+ TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);
+
// Now wait for a response
answerLen1 = GetIso15693AnswerFromTag(answer1, 100, &samples, &elapsed) ;
if (answerLen1 >=12) // we should do a better check than this
{
-
TagUID[0] = answer1[2];
TagUID[1] = answer1[3];
TagUID[2] = answer1[4];
@@ -1085,23 +1058,6 @@ void ReaderIso15693(uint32_t parameter)
TagUID[6] = answer1[8]; // IC Manufacturer code
TagUID[7] = answer1[9]; // always E0
- // Now send the SELECT command
- // since the SELECT command is optional, we should not rely on it.
-//// BuildSelectRequest(TagUID);
-// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
- // Now wait for a response
-/// answerLen2 = GetIso15693AnswerFromTag(answer2, 100, &samples, &elapsed);
-
- // Now send the MULTI READ command
-// BuildArbitraryRequest(*TagUID,parameter);
-/// BuildArbitraryCustomRequest(TagUID,parameter);
-// BuildReadBlockRequest(*TagUID,parameter);
-// BuildSysInfoRequest(*TagUID);
- //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
-/// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
- // Now wait for a response
-/// answerLen3 = GetIso15693AnswerFromTag(answer3, 100, &samples, &elapsed) ;
-
}
Dbprintf("%d octets read from IDENTIFY request:", answerLen1);
@@ -1110,9 +1066,9 @@ void ReaderIso15693(uint32_t parameter)
// UID is reverse
if (answerLen1>=12)
- //Dbprintf("UID = %*D",8,TagUID," ");
- Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",TagUID[7],TagUID[6],TagUID[5],
- TagUID[4],TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
+ Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",
+ TagUID[7],TagUID[6],TagUID[5],TagUID[4],
+ TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
Dbprintf("%d octets read from SELECT request:", answerLen2);
@@ -1123,7 +1079,6 @@ void ReaderIso15693(uint32_t parameter)
DbdecodeIso15693Answer(answerLen3,answer3);
Dbhexdump(answerLen3,answer3,true);
-
// read all pages
if (answerLen1>=12 && DEBUG) {
i=0;
@@ -1141,13 +1096,6 @@ void ReaderIso15693(uint32_t parameter)
}
}
-// str2[0]=0;
-// for(i = 0; i < responseLen3; i++) {
-// itoa(str1,receivedAnswer3[i]);
-// strncat(str2,str1,8);
-// }
-// DbpString(str2);
-
LED_A_OFF();
LED_B_OFF();
LED_C_OFF();
@@ -1156,32 +1104,31 @@ void ReaderIso15693(uint32_t parameter)
// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands
// all demodulation performed in arm rather than host. - greg
-void SimTagIso15693(uint32_t parameter)
+void SimTagIso15693(uint32_t parameter, uint8_t *uid)
{
LED_A_ON();
LED_B_ON();
LED_C_OFF();
LED_D_OFF();
- uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
+ uint8_t *buf = (((uint8_t *)BigBuf) + 3660); //
+
int answerLen1 = 0;
+ int samples = 0;
+ int tsamples = 0;
+ int wait = 0;
+ int elapsed = 0;
- // Blank arrays
- memset(answer1, 0, 100);
+ memset(buf, 0x00, 100);
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
- // Setup SSC
- FpgaSetupSsc();
-
- // Start from off (no field generated)
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(200);
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
FpgaSetupSsc();
- // Give the tags time to energize
-// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); // NO GOOD FOR SIM TAG!!!!
+ // Start from off (no field generated)
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(200);
LED_A_OFF();
@@ -1189,24 +1136,26 @@ void SimTagIso15693(uint32_t parameter)
LED_C_ON();
LED_D_OFF();
- int samples = 0;
- int tsamples = 0;
- int wait = 0;
- int elapsed = 0;
-
- answerLen1 = GetIso15693AnswerFromSniff(answer1, 100, &samples, &elapsed) ;
+ // Listen to reader
+ answerLen1 = GetIso15693AnswerFromSniff(buf, 100, &samples, &elapsed) ;
if (answerLen1 >=1) // we should do a better check than this
{
// Build a suitable reponse to the reader INVENTORY cocmmand
- BuildInventoryResponse();
+ // not so obsvious, but in the call to BuildInventoryResponse, the command is copied to the global ToSend buffer used below.
+
+ BuildInventoryResponse(uid);
+
TransmitTo15693Reader(ToSend,ToSendMax, &tsamples, &wait);
}
Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1,
- answer1[0], answer1[1], answer1[2],
- answer1[3], answer1[4], answer1[5],
- answer1[6], answer1[7], answer1[8]);
+ buf[0], buf[1], buf[2], buf[3],
+ buf[4], buf[5], buf[6], buf[7], buf[8]);
+
+ Dbprintf("Simulationg uid: %x %x %x %x %x %x %x %x",
+ uid[0], uid[1], uid[2], uid[3],
+ uid[4], uid[5], uid[6], uid[7]);
LED_A_OFF();
LED_B_OFF();
@@ -1275,12 +1224,8 @@ void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8
recvlen=SendDataTag(data,datalen,1,speed,(recv?&recvbuf:NULL));
if (recv) {
-// n.cmd=/* CMD_ISO_15693_COMMAND_DONE */ CMD_ACK;
-// n.arg[0]=recvlen>48?48:recvlen;
-// memcpy(n.d.asBytes, recvbuf, 48);
LED_B_ON();
cmd_send(CMD_ACK,recvlen>48?48:recvlen,0,0,recvbuf,48);
-// UsbSendPacket((uint8_t *)&n, sizeof(n));
LED_B_OFF();
if (DEBUG) {
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index ab196325..edddb1c6 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -179,8 +179,6 @@ void ReadTItag(void)
signed char *dest = (signed char *)BigBuf;
int n = sizeof(BigBuf);
- // int *dest = GraphBuffer;
- // int n = GraphTraceLen;
// 128 bit shift register [shift3:shift2:shift1:shift0]
uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0;
@@ -625,6 +623,7 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
if (ledcontrol)
LED_A_ON();
+
SimulateTagLowFrequency(n, 0, ledcontrol);
if (ledcontrol)
@@ -718,7 +717,6 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
hi2 = hi = lo = 0;
}
WDT_HIT();
- //SpinDelay(50);
}
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
@@ -1337,7 +1335,6 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
// Clone Indala 64-bit tag by UID to T55x7
void CopyIndala64toT55x7(int hi, int lo)
{
-
//Program the 2 data blocks for supplied 64bit UID
// and the block 0 for Indala64 format
T55xxWriteBlock(hi,1,0,0);
@@ -1351,12 +1348,10 @@ void CopyIndala64toT55x7(int hi, int lo)
// T5567WriteBlock(0x603E1042,0);
DbpString("DONE!");
-
}
void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7)
{
-
//Program the 7 data blocks for supplied 224bit UID
// and the block 0 for Indala224 format
T55xxWriteBlock(uid1,1,0,0);
@@ -1375,7 +1370,6 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
// T5567WriteBlock(0x603E10E2,0);
DbpString("DONE!");
-
}
@@ -1525,7 +1519,6 @@ int IsBlock1PCF7931(uint8_t *Block) {
return 0;
}
-
#define ALLOC 16
void ReadPCF7931() {
@@ -1785,6 +1778,7 @@ void SendForward(uint8_t fwd_bit_count) {
}
}
+
void EM4xLogin(uint32_t Password) {
uint8_t fwd_bit_count;
diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 344b0f3e..8541553b 100644
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -2,6 +2,9 @@
// Merlok - June 2011, 2012
// Gerhard de Koning Gans - May 2008
// Hagen Fritsch - June 2010
+// Midnitesnake - Dec 2013
+// Andy Davies - Apr 2014
+// Iceman - May 2014
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
@@ -36,8 +39,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
// clear trace
iso14a_clear_trace();
-// iso14a_set_tracing(false);
-
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
@@ -81,8 +82,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
-// iso14a_set_tracing(TRUE);
-
}
void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
@@ -129,14 +128,10 @@ void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
LED_B_OFF();
-
-
- // Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
-
//-----------------------------------------------------------------------------
// Select, Authenticate, Read a MIFARE tag.
// read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)
@@ -150,7 +145,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
ui64Key = bytes_to_num(datain, 6);
// variables
- byte_t isOK;
+ byte_t isOK = 0;
byte_t dataoutbuf[16 * 16];
uint8_t uid[10];
uint32_t cuid;
@@ -160,7 +155,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
// clear trace
iso14a_clear_trace();
-// iso14a_set_tracing(false);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@@ -192,7 +186,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
}
-
// ----------------------------- crypto1 destroy
crypto1_destroy(pcs);
@@ -205,7 +198,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
-// iso14a_set_tracing(TRUE);
}
@@ -288,7 +280,6 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
// clear trace
iso14a_clear_trace();
-// iso14a_set_tracing(false);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@@ -334,11 +325,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
-// iso14a_set_tracing(TRUE);
-
}
-
void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
{
// params
@@ -355,7 +343,6 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
// clear trace
iso14a_clear_trace();
- // iso14a_set_tracing(false);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@@ -396,7 +383,6 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
// iso14a_set_tracing(TRUE);
}
-
void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
{
// params
@@ -412,7 +398,6 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
// clear trace
iso14a_clear_trace();
- // iso14a_set_tracing(false);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@@ -446,15 +431,11 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
cmd_send(CMD_ACK,isOK,0,0,0,0);
LED_B_OFF();
-
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
-// iso14a_set_tracing(TRUE);
-
}
-
// Return 1 if the nonce is invalid else return 0
int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {
return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \
@@ -510,6 +491,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
// statistics on nonce distance
if (calibrate) { // for first call only. Otherwise reuse previous calibration
LED_B_ON();
+ WDT_HIT();
davg = dmax = 0;
dmin = 2000;
@@ -733,7 +715,6 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);
LED_B_OFF();
- // Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
@@ -750,7 +731,6 @@ void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
Dbprintf("Debug level: %d", MF_DBGLEVEL);
}
-
//-----------------------------------------------------------------------------
// Work with emulator memory
//
@@ -759,23 +739,19 @@ void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
emlClearMem();
}
-
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
emlSetMem(datain, arg0, arg1); // data, block num, blocks count
}
-
void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
-
- byte_t buf[48];
+ byte_t buf[USB_CMD_DATA_SIZE];
emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)
LED_B_ON();
- cmd_send(CMD_ACK,arg0,arg1,0,buf,48);
+ cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);
LED_B_OFF();
}
-
//-----------------------------------------------------------------------------
// Load a card into the emulator memory
//
@@ -884,32 +860,26 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
// variables
byte_t isOK = 0;
- uint8_t uid[10];
- uint8_t d_block[18];
+ uint8_t uid[10] = {0x00};
+ uint8_t d_block[18] = {0x00};
uint32_t cuid;
- memset(uid, 0x00, 10);
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+ // reset FPGA and LED
if (workFlags & 0x08) {
- // clear trace
- iso14a_clear_trace();
- iso14a_set_tracing(TRUE);
-
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
-
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
- SpinDelay(300);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(100);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+ iso14a_clear_trace();
+ iso14a_set_tracing(TRUE);
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
}
while (true) {
+
// get UID from chip
if (workFlags & 0x01) {
if(!iso14443a_select_card(uid, NULL, &cuid)) {
@@ -988,7 +958,6 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
LED_B_OFF();
if ((workFlags & 0x10) || (!isOK)) {
- // Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
@@ -1011,28 +980,20 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
// variables
byte_t isOK = 0;
- uint8_t data[18];
+ uint8_t data[18] = {0x00};
uint32_t cuid = 0;
- memset(data, 0x00, 18);
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
if (workFlags & 0x08) {
- // clear trace
- iso14a_clear_trace();
- iso14a_set_tracing(TRUE);
-
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
-
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
- SpinDelay(300);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(100);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+ iso14a_clear_trace();
+ iso14a_set_tracing(TRUE);
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
}
while (true) {
@@ -1073,9 +1034,40 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
LED_B_OFF();
if ((workFlags & 0x10) || (!isOK)) {
- // Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
}
+void MifareCIdent(){
+
+ // card commands
+ uint8_t wupC1[] = { 0x40 };
+ uint8_t wupC2[] = { 0x43 };
+
+ // variables
+ byte_t isOK = 1;
+
+ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+
+ ReaderTransmitBitsPar(wupC1,7,0, NULL);
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
+ isOK = 0;
+ };
+
+ ReaderTransmit(wupC2, sizeof(wupC2), NULL);
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
+ isOK = 0;
+ };
+
+ if (mifare_classic_halt(NULL, 0)) {
+ isOK = 0;
+ };
+
+ cmd_send(CMD_ACK,isOK,0,0,0,0);
+}
+
+ //
+// DESFIRE
+//
diff --git a/armsrc/mifaresniff.c b/armsrc/mifaresniff.c
index 910ea74d..fed12772 100644
--- a/armsrc/mifaresniff.c
+++ b/armsrc/mifaresniff.c
@@ -11,7 +11,6 @@
#include "mifaresniff.h"
#include "apps.h"
-
static int sniffState = SNF_INIT;
static uint8_t sniffUIDType;
static uint8_t sniffUID[8];
diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c
index 5122d0ec..7c856557 100644
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@@ -54,10 +54,12 @@ void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, u
uint8_t bt = 0;
int i;
par[0] = 0;
+
for (i = 0; i < len; i++) {
bt = data[i];
data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];
- if((i&0x0007) == 0) par[i>>3] = 0;
+ if((i&0x0007) == 0)
+ par[i>>3] = 0;
par[i>>3] |= (((filter(pcs->odd) ^ oddparity(bt)) & 0x01)<<(7-(i&0x0007)));
}
return;
@@ -81,9 +83,7 @@ int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd,
int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
{
- uint8_t dcmd[8];//, ecmd[4];
- //uint32_t par=0;
-
+ uint8_t dcmd[8];
dcmd[0] = cmd;
dcmd[1] = data[0];
dcmd[2] = data[1];
@@ -91,10 +91,6 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
dcmd[4] = data[3];
dcmd[5] = data[4];
AppendCrc14443a(dcmd, 6);
- //Dbprintf("Data command: %02x", dcmd[0]);
- //Dbprintf("Data R: %02x %02x %02x %02x %02x %02x %02x", dcmd[1],dcmd[2],dcmd[3],dcmd[4],dcmd[5],dcmd[6],dcmd[7]);
-
- //memcpy(ecmd, dcmd, sizeof(dcmd));
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);
if(!len)
@@ -165,7 +161,7 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN
int len;
uint32_t pos;
uint8_t tmp4[4];
- uint8_t par[1] = {0};
+ uint8_t par[1] = {0x00};
byte_t nr[4];
uint32_t nt, ntpp; // Supplied tag nonce
@@ -210,7 +206,6 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN
if (ntptr)
*ntptr = nt;
-
// Generate (encrypted) nr+parity by loading it into the cipher (Nr)
par[0] = 0;
for (pos = 0; pos < 4; pos++)
@@ -292,6 +287,7 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if (len == 1) {
@@ -318,7 +314,7 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
// variables
- int len, i;
+ uint16_t len, i;
uint32_t pos;
uint8_t par[3] = {0}; // enough for 18 Bytes to send
byte_t res;
@@ -367,7 +363,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
// variables
uint16_t len;
uint8_t par[3] = {0}; // enough for 18 parity bits
-
uint8_t d_block[18];
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@@ -400,7 +395,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
uint16_t len;
-
uint8_t d_block[8];
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@@ -418,16 +412,12 @@ int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *bloc
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
return 1;
}
-
- return 0;
+
return 0;
}
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
{
- // variables
uint16_t len;
-
- // Mifare HALT
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@@ -443,8 +433,6 @@ int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
int mifare_ultra_halt(uint32_t uid)
{
uint16_t len;
-
- // Mifare HALT
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@@ -481,19 +469,16 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo)
// work with emulator memory
void emlSetMem(uint8_t *data, int blockNum, int blocksCount) {
uint8_t* emCARD = get_bigbufptr_emlcardmem();
-
memcpy(emCARD + blockNum * 16, data, blocksCount * 16);
}
void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {
uint8_t* emCARD = get_bigbufptr_emlcardmem();
-
memcpy(data, emCARD + blockNum * 16, blocksCount * 16);
}
void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount) {
uint8_t* emCARD = get_bigbufptr_emlcardmem();
-
memcpy(data, emCARD + bytePtr, byteCount);
}
@@ -522,7 +507,6 @@ int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) {
memcpy(blReg, data, 4);
*blBlock = data[12];
-
return 0;
}
diff --git a/client/cmddata.c b/client/cmddata.c
index d8a0fcf6..38917a33 100644
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -329,7 +329,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd)
//prints binary found and saves in graphbuffer for further commands
int Cmdaskrawdemod(const char *Cmd)
{
- uint32_t i;
+
int invert=0;
int clk=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
@@ -340,7 +340,7 @@ int Cmdaskrawdemod(const char *Cmd)
}
int BitLen = getFromGraphBuf(BitStream);
int errCnt=0;
- errCnt = askrawdemod(BitStream, &BitLen,&clk,&invert);
+ errCnt = askrawdemod(BitStream, &BitLen, &clk, &invert);
if (errCnt==-1){ //throw away static - allow 1 and -1 (in case of threshold command first)
PrintAndLog("no data found");
return 0;
@@ -349,19 +349,14 @@ int Cmdaskrawdemod(const char *Cmd)
PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
//PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
//move BitStream back to GraphBuffer
-
- ClearGraph(0);
- for (i=0; i < BitLen; ++i){
- GraphBuffer[i]=BitStream[i];
- }
- GraphTraceLen=BitLen;
- RepaintGraphWindow();
-
- //output
+ setGraphBuf(BitStream, BitLen);
+
if (errCnt>0){
PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
}
+
PrintAndLog("ASK demoded bitstream:");
+
// Now output the bitstream to the scrollback by line of 16 bits
printBitStream(BitStream,BitLen);
@@ -477,10 +472,6 @@ int CmdBitstream(const char *Cmd)
bit ^= 1;
AppendGraph(0, clock, bit);
- // for (j = 0; j < (int)(clock/2); j++)
- // GraphBuffer[(i * clock) + j] = bit ^ 1;
- // for (j = (int)(clock/2); j < clock; j++)
- // GraphBuffer[(i * clock) + j] = bit;
}
RepaintGraphWindow();
@@ -510,8 +501,6 @@ int CmdDec(const char *Cmd)
int CmdDetectClockRate(const char *Cmd)
{
GetClock("",0,0);
- //int clock = DetectASKClock(0);
- //PrintAndLog("Auto-detected clock rate: %d", clock);
return 0;
}
@@ -773,8 +762,7 @@ int CmdFSKdemod(const char *Cmd) //old CmdFSKdemod needs updating
PrintAndLog("actual data bits start at sample %d", maxPos);
PrintAndLog("length %d/%d", highLen, lowLen);
- uint8_t bits[46];
- bits[sizeof(bits)-1] = '\0';
+ uint8_t bits[46] = {0x00};
// find bit pairs and manchester decode them
for (i = 0; i < arraylen(bits) - 1; ++i) {
@@ -881,22 +869,21 @@ int CmdHpf(const char *Cmd)
int CmdSamples(const char *Cmd)
{
- int cnt = 0;
- int n;
- uint8_t got[40000];
-
- n = strtol(Cmd, NULL, 0);
- if (n == 0) n = 6000;
- if (n > sizeof(got)) n = sizeof(got);
+ uint8_t got[40000] = {0x00};
+
+ int n = strtol(Cmd, NULL, 0);
+ if (n == 0)
+ n = 20000;
+
+ if (n > sizeof(got))
+ n = sizeof(got);
- PrintAndLog("Reading %d samples\n", n);
+ PrintAndLog("Reading %d samples from device memory\n", n);
GetFromBigBuf(got,n,0);
WaitForResponse(CMD_ACK,NULL);
- for (int j = 0; j < n; j++) {
- GraphBuffer[cnt++] = ((int)got[j]) - 128;
+ for (int j = 0; j < n; ++j) {
+ GraphBuffer[j] = ((int)got[j]) - 128;
}
-
- PrintAndLog("Done!\n");
GraphTraceLen = n;
RepaintGraphWindow();
return 0;
@@ -1340,8 +1327,8 @@ static command_t CommandTable[] =
{"help", CmdHelp, 1, "This help"},
{"amp", CmdAmp, 1, "Amplify peaks"},
{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
- {"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional[clock will try Auto-detect])"},
- {"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK tags and output binary (args optional[clock will try Auto-detect])"},
+ {"askmandemod", Cmdaskmandemod, 1, "[clock] [invert <0|1>] -- Attempt to demodulate ASK/Manchester tags and output binary"},
+ {"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert <0|1>] -- Attempt to demodulate ASK tags and output binary"},
{"autocorr", CmdAutoCorr, 1, "<window length> -- Autocorrelation over window"},
{"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] Biphase decode binary stream already in graph buffer (offset = bit to start decode from)"},
{"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"},
diff --git a/client/cmdhf.c b/client/cmdhf.c
index 85cc5425..550f8e86 100644
--- a/client/cmdhf.c
+++ b/client/cmdhf.c
@@ -10,7 +10,6 @@
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "graph.h"
#include "ui.h"
diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 36ffe1b8..673737e2 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -67,6 +67,7 @@ int CmdHF14AReader(const char *Cmd)
switch (card.sak) {
case 0x00: PrintAndLog("TYPE : NXP MIFARE Ultralight | Ultralight C"); break;
+ case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break;
case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); break;
case 0x08: PrintAndLog("TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1"); break;
case 0x09: PrintAndLog("TYPE : NXP MIFARE Mini 0.3k"); break;
@@ -301,6 +302,7 @@ int CmdHF14ASim(const char *Cmd)
PrintAndLog(" 2 = MIFARE Ultralight");
PrintAndLog(" 3 = MIFARE DESFIRE");
PrintAndLog(" 4 = ISO/IEC 14443-4");
+ PrintAndLog(" 5 = MIFARE TNP3XXX");
PrintAndLog("");
return 1;
}
@@ -328,10 +330,6 @@ int CmdHF14ASim(const char *Cmd)
// At lease save the mandatory first part of the UID
c.arg[0] = long_uid & 0xffffffff;
-
- // At lease save the mandatory first part of the UID
- c.arg[0] = long_uid & 0xffffffff;
-
if (c.arg[1] == 0) {
PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
}
diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c
index c42d54c5..7e4cbd00 100644
--- a/client/cmdhf14b.c
+++ b/client/cmdhf14b.c
@@ -14,15 +14,16 @@
#include <string.h>
#include <stdint.h>
#include "iso14443crc.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
+#include "util.h"
#include "ui.h"
#include "cmdparser.h"
#include "cmdhf14b.h"
#include "cmdmain.h"
+
static int CmdHelp(const char *Cmd);
int CmdHF14BDemod(const char *Cmd)
@@ -387,6 +388,66 @@ int CmdHF14BCmdRaw (const char *cmd) {
return 0;
}
+int CmdHF14BWrite( const char *Cmd){
+
+/*
+ * For SRIX4K blocks 00 - 7F
+ * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
+ *
+ * For SR512 blocks 00 - 0F
+ * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
+ *
+ * Special block FF = otp_lock_reg block.
+ * Data len 4 bytes-
+ */
+ char cmdp = param_getchar(Cmd, 0);
+ uint8_t blockno = -1;
+ uint8_t data[4] = {0x00};
+ bool isSrix4k = true;
+ char str[20];
+
+ if (cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
+ PrintAndLog("");
+ PrintAndLog(" sample: hf 14b write 1 127 11223344");
+ PrintAndLog(" sample: hf 14b write 1 255 11223344");
+ PrintAndLog(" sample: hf 14b write 2 15 11223344");
+ PrintAndLog(" sample: hf 14b write 2 255 11223344");
+ return 0;
+ }
+
+ if ( param_getchar(Cmd, 0) == '2' )
+ isSrix4k = false;
+
+ blockno = param_get8(Cmd, 1);
+
+ if ( isSrix4k ){
+ if ( blockno > 0x7f && blockno != 0xff ){
+ PrintAndLog("Block number out of range");
+ return 0;
+ }
+ } else {
+ if ( blockno > 0x0f && blockno != 0xff ){
+ PrintAndLog("Block number out of range");
+ return 0;
+ }
+ }
+
+ if (param_gethex(Cmd, 2, data, 8)) {
+ PrintAndLog("Data must include 8 HEX symbols");
+ return 0;
+ }
+
+ if ( blockno == 0xff)
+ PrintAndLog("Writing to special block %02X [ %s]", blockno, sprint_hex(data,4) );
+ else
+ PrintAndLog("Writing to block %02X [ %s]", blockno, sprint_hex(data,4) );
+
+ sprintf(str, "-c -p 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
+ CmdHF14BCmdRaw(str);
+ return 0;
+}
+
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
@@ -399,6 +460,7 @@ static command_t CommandTable[] =
{"sri512read", CmdSri512Read, 0, "Read contents of a SRI512 tag"},
{"srix4kread", CmdSrix4kRead, 0, "Read contents of a SRIX4K tag"},
{"raw", CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
+ {"write", CmdHF14BWrite, 0, "Write data to a SRI512 | SRIX4K tag"},
{NULL, NULL, 0, NULL}
};
diff --git a/client/cmdhf14b.h b/client/cmdhf14b.h
index 50d64762..cc8b9dbd 100644
--- a/client/cmdhf14b.h
+++ b/client/cmdhf14b.h
@@ -21,5 +21,6 @@ int CmdHFSimlisten(const char *Cmd);
int CmdHF14BSnoop(const char *Cmd);
int CmdSri512Read(const char *Cmd);
int CmdSrix4kRead(const char *Cmd);
+int CmdHF14BWrite( const char *cmd);
#endif
diff --git a/client/cmdhf15.c b/client/cmdhf15.c
index 2239e9e4..b1e04e9a 100644
--- a/client/cmdhf15.c
+++ b/client/cmdhf15.c
@@ -26,11 +26,12 @@
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
-//#include "proxusb.h"
+
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
#include "ui.h"
+#include "util.h"
#include "cmdparser.h"
#include "cmdhf15.h"
#include "iso15693tools.h"
@@ -58,8 +59,10 @@ const productName uidmapping[] = {
{ 0xE001000000000000LL, 16, "Motorola" },
{ 0xE002000000000000LL, 16, "ST Microelectronics" },
{ 0xE003000000000000LL, 16, "Hitachi" },
- { 0xE004000000000000LL, 16, "Philips" },
- { 0xE004010000000000LL, 24, "Philips; IC SL2 ICS20" },
+ { 0xE004000000000000LL, 16, "NXP(Philips)" },
+ { 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" },
+ { 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" },
+ { 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" },
{ 0xE005000000000000LL, 16, "Infineon" },
{ 0xE005400000000000LL, 24, "Infineon; 56x32bit" },
{ 0xE006000000000000LL, 16, "Cylinc" },
@@ -273,7 +276,28 @@ int CmdHF15Reader(const char *Cmd)
// Simulation is still not working very good
int CmdHF15Sim(const char *Cmd)
{
- UsbCommand c = {CMD_SIMTAG_ISO_15693, {strtol(Cmd, NULL, 0), 0, 0}};
+ char cmdp = param_getchar(Cmd, 0);
+ uint8_t uid[8] = {0x00};
+
+ //E0 16 24 00 00 00 00 00
+ if (cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: hf 15 sim <UID>");
+ PrintAndLog("");
+ PrintAndLog(" sample: hf 15 sim E016240000000000");
+ return 0;
+ }
+
+ if (param_gethex(Cmd, 0, uid, 16)) {
+ PrintAndLog("UID must include 16 HEX symbols");
+ return 0;
+ }
+
+ PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
+ uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
+
+ UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
+ memcpy(c.d.asBytes,uid,8);
+
SendCommand(&c);
return 0;
}
@@ -324,7 +348,7 @@ int CmdHF15DumpMem(const char*Cmd) {
if (!(recv[0] & ISO15_RES_ERROR)) {
retry=0;
*output=0; // reset outputstring
- sprintf(output, "Block %2i ",blocknum);
+ sprintf(output, "Block %02x ",blocknum);
for ( int i=1; i<resp.arg[0]-2; i++) { // data in hex
sprintf(output+strlen(output),"%02X ",recv[i]);
}
@@ -421,8 +445,9 @@ int CmdHF15CmdInquiry(const char *Cmd)
int CmdHF15CmdDebug( const char *cmd) {
int debug=atoi(cmd);
if (strlen(cmd)<1) {
- PrintAndLog("Usage: hf 15 cmd debug <0/1>");
- PrintAndLog(" 0..no debugging output 1..turn debugging on");
+ PrintAndLog("Usage: hf 15 cmd debug <0|1>");
+ PrintAndLog(" 0 no debugging");
+ PrintAndLog(" 1 turn debugging on");
return 0;
}
@@ -536,7 +561,7 @@ int CmdHF15CmdRaw (const char *cmd) {
int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) {
int temp;
uint8_t *req=c->d.asBytes;
- uint8_t uid[8] = {0};
+ uint8_t uid[8] = {0x00};
uint32_t reqlen=0;
// strip
diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c
index 8f6a6af2..3286ceb9 100644
--- a/client/cmdhfepa.c
+++ b/client/cmdhfepa.c
@@ -45,7 +45,7 @@ int CmdHFEPACollectPACENonces(const char *Cmd)
SendCommand(&c);
UsbCommand resp;
- WaitForResponse(CMD_ACK,&resp);
+ WaitForResponse(CMD_ACK,&resp);
// check if command failed
if (resp.arg[0] != 0) {
diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index dba4f113..b097eea8 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -16,7 +16,6 @@
#include <sys/stat.h>
#include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
#include "data.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index 8366b09b..bf874b62 100644
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -10,7 +10,6 @@
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "ui.h"
@@ -266,7 +265,6 @@ int CmdLegicSave(const char *Cmd)
int remainder = requested % 8;
requested = requested + 8 - remainder;
}
-
if (offset + requested > sizeof(got)) {
PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024");
return 0;
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 6d0bebd7..121736e9 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -36,7 +36,6 @@ start:
//flush queue
while (ukbhit()) getchar();
-
// wait cycle
while (true) {
printf(".");
@@ -78,6 +77,7 @@ start:
num_to_bytes(r_key, 6, keyBlock);
isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);
}
+
if (!isOK)
PrintAndLog("Found valid key:%012"llx, r_key);
else
@@ -88,6 +88,7 @@ start:
goto start;
}
+ PrintAndLog("");
return 0;
}
@@ -437,7 +438,6 @@ int CmdHF14AMfRdSc(const char *Cmd)
return 0;
}
-
uint8_t FirstBlockOfSector(uint8_t sectorNo)
{
if (sectorNo < 32) {
@@ -447,7 +447,6 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo)
}
}
-
uint8_t NumBlocksPerSector(uint8_t sectorNo)
{
if (sectorNo < 32) {
@@ -457,7 +456,6 @@ uint8_t NumBlocksPerSector(uint8_t sectorNo)
}
}
-
int CmdHF14AMfDump(const char *Cmd)
{
uint8_t sectorNo, blockNo;
@@ -497,8 +495,7 @@ int CmdHF14AMfDump(const char *Cmd)
return 1;
}
- // Read key file
-
+ // Read keys A from file
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {
PrintAndLog("File reading error.");
@@ -507,6 +504,7 @@ int CmdHF14AMfDump(const char *Cmd)
}
}
+ // Read keys B from file
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {
if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {
PrintAndLog("File reading error.");
@@ -556,6 +554,7 @@ int CmdHF14AMfDump(const char *Cmd)
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
bool received = false;
+
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
memcpy(c.d.asBytes, keyA[sectorNo], 6);
@@ -610,7 +609,6 @@ int CmdHF14AMfDump(const char *Cmd)
break;
}
}
-
}
if (isOK) {
@@ -627,10 +625,8 @@ int CmdHF14AMfDump(const char *Cmd)
return 0;
}
-
int CmdHF14AMfRestore(const char *Cmd)
{
-
uint8_t sectorNo,blockNo;
uint8_t keyType = 0;
uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
@@ -737,7 +733,6 @@ int CmdHF14AMfRestore(const char *Cmd)
return 0;
}
-
int CmdHF14AMfNested(const char *Cmd)
{
int i, j, res, iterations;
@@ -886,6 +881,7 @@ int CmdHF14AMfNested(const char *Cmd)
PrintAndLog("-----------------------------------------------");
if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {
PrintAndLog("Nested error.\n");
+ free(e_sector);
return 2;
}
else {
@@ -960,11 +956,9 @@ int CmdHF14AMfNested(const char *Cmd)
free(e_sector);
}
-
return 0;
}
-
int CmdHF14AMfChk(const char *Cmd)
{
if (strlen(Cmd)<3) {
@@ -994,7 +988,6 @@ int CmdHF14AMfChk(const char *Cmd)
int transferToEml = 0;
int createDumpFile = 0;
-
keyBlock = calloc(stKeyBlock, 6);
if (keyBlock == NULL) return 1;
@@ -1021,7 +1014,6 @@ int CmdHF14AMfChk(const char *Cmd)
num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));
}
-
if (param_getchar(Cmd, 0)=='*') {
blockNo = 3;
switch(param_getchar(Cmd+1, 0)) {
@@ -1114,6 +1106,7 @@ int CmdHF14AMfChk(const char *Cmd)
PrintAndLog("File: %s: not found or locked.", filename);
free(keyBlock);
return 1;
+
}
}
}
@@ -1191,11 +1184,10 @@ int CmdHF14AMfChk(const char *Cmd)
}
free(keyBlock);
-
+ PrintAndLog("");
return 0;
}
-
int CmdHF14AMf1kSim(const char *Cmd)
{
uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};
@@ -1261,7 +1253,6 @@ int CmdHF14AMf1kSim(const char *Cmd)
return 0;
}
-
int CmdHF14AMfDbg(const char *Cmd)
{
int dbgMode = param_get32ex(Cmd, 0, 0, 10);
@@ -1286,7 +1277,6 @@ int CmdHF14AMfDbg(const char *Cmd)
return 0;
}
-
int CmdHF14AMfEGet(const char *Cmd)
{
uint8_t blockNo = 0;
@@ -1310,7 +1300,6 @@ int CmdHF14AMfEGet(const char *Cmd)
return 0;
}
-
int CmdHF14AMfEClear(const char *Cmd)
{
if (param_getchar(Cmd, 0) == 'h') {
@@ -1383,7 +1372,7 @@ int CmdHF14AMfELoad(const char *Cmd)
// open file
f = fopen(filename, "r");
if (f == NULL) {
- PrintAndLog("File not found or locked.");
+ PrintAndLog("File %s not found or locked", filename);
return 1;
}
@@ -1407,8 +1396,8 @@ int CmdHF14AMfELoad(const char *Cmd)
}
for (i = 0; i < 32; i += 2) {
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);
-// PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16));
}
+
if (mfEmlSetMem(buf8, blockNum, 1)) {
PrintAndLog("Cant set emul block: %3d", blockNum);
fclose(f);
@@ -1476,7 +1465,7 @@ int CmdHF14AMfESave(const char *Cmd)
break;
}
for (j = 0; j < 16; j++)
- fprintf(f, "%02x", buf[j]);
+ fprintf(f, "%02X", buf[j]);
fprintf(f,"\n");
}
fclose(f);
@@ -1554,8 +1543,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
int CmdHF14AMfCSetUID(const char *Cmd)
{
uint8_t wipeCard = 0;
- uint8_t uid[8] = {0};
- uint8_t oldUid[8]= {0};
+ uint8_t uid[8] = {0x00};
+ uint8_t oldUid[8] = {0x00};
int res;
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
@@ -1583,10 +1572,10 @@ int CmdHF14AMfCSetUID(const char *Cmd)
}
PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));
+ PrintAndLog("new UID:%s", sprint_hex(uid, 4));
return 0;
}
-
int CmdHF14AMfCSetBlk(const char *Cmd)
{
uint8_t uid[8];
@@ -1721,7 +1710,6 @@ int CmdHF14AMfCLoad(const char *Cmd)
}
}
-
int CmdHF14AMfCGetBlk(const char *Cmd) {
uint8_t memBlock[16];
uint8_t blockNo = 0;
@@ -1877,7 +1865,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
int CmdHF14AMfSniff(const char *Cmd){
- // params
+
bool wantLogToFile = 0;
bool wantDecrypt = 0;
//bool wantSaveToEml = 0; TODO
@@ -1904,8 +1892,8 @@ int CmdHF14AMfSniff(const char *Cmd){
PrintAndLog(" l - save encrypted sequence to logfile `uid.log`");
PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`");
PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");
- PrintAndLog(" r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");
- PrintAndLog("Usage: hf mf sniff [l][d][e][r]");
+ PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");
+ PrintAndLog("Usage: hf mf sniff [l][d][e][f]");
PrintAndLog(" sample: hf mf sniff l d e");
return 0;
}
@@ -1961,8 +1949,9 @@ int CmdHF14AMfSniff(const char *Cmd){
PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);
num = 0;
while (bufPtr - buf < blockLen) {
- bufPtr += 6; // ignore void timing information
+ bufPtr += 6;
len = *((uint16_t *)bufPtr);
+
if(len & 0x8000) {
isTag = true;
len &= 0x7fff;
@@ -1971,6 +1960,7 @@ int CmdHF14AMfSniff(const char *Cmd){
}
bufPtr += 2;
if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {
+
memcpy(uid, bufPtr + 2, 7);
memcpy(atqa, bufPtr + 2 + 7, 2);
uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;
@@ -1985,18 +1975,21 @@ int CmdHF14AMfSniff(const char *Cmd){
FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);
AddLogCurrentDT(logHexFileName);
}
- if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);
+ if (wantDecrypt)
+ mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);
} else {
PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));
- if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);
- if (wantDecrypt) mfTraceDecode(bufPtr, len, wantSaveToEmlFile);
+ if (wantLogToFile)
+ AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);
+ if (wantDecrypt)
+ mfTraceDecode(bufPtr, len, wantSaveToEmlFile);
}
bufPtr += len;
bufPtr += ((len-1)/8+1); // ignore parity
num++;
}
}
- } // resp not NILL
+ } // resp not NULL
} // while (true)
return 0;
diff --git a/client/cmdhfmf.h b/client/cmdhfmf.h
index 62e856ad..22dfd4de 100644
--- a/client/cmdhfmf.h
+++ b/client/cmdhfmf.h
@@ -18,7 +18,6 @@
#include "proxmark3.h"
#include "iso14443crc.h"
#include "data.h"
-//#include "proxusb.h"
#include "ui.h"
#include "cmdparser.h"
#include "common.h"
diff --git a/client/cmdlf.c b/client/cmdlf.c
index d9b26e2a..18bcf747 100644
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@@ -12,7 +12,6 @@
#include <stdlib.h>
#include <string.h>
#include <limits.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
@@ -77,22 +76,18 @@ int CmdFlexdemod(const char *Cmd)
GraphBuffer[start] = 2;
GraphBuffer[start+1] = -2;
+ uint8_t bits[64] = {0x00};
- uint8_t bits[64];
-
- int bit;
+ int bit, sum;
i = start;
for (bit = 0; bit < 64; bit++) {
- int j;
- int sum = 0;
- for (j = 0; j < 16; j++) {
+ sum = 0;
+ for (int j = 0; j < 16; j++) {
sum += GraphBuffer[i++];
}
- if (sum > 0) {
- bits[bit] = 1;
- } else {
- bits[bit] = 0;
- }
+
+ bits[bit] = (sum > 0) ? 1 : 0;
+
PrintAndLog("bit %d sum %d", bit, sum);
}
@@ -110,15 +105,14 @@ int CmdFlexdemod(const char *Cmd)
}
}
+ // HACK writing back to graphbuffer.
GraphTraceLen = 32*64;
i = 0;
int phase = 0;
for (bit = 0; bit < 64; bit++) {
- if (bits[bit] == 0) {
- phase = 0;
- } else {
- phase = 1;
- }
+
+ phase = (bits[bit] == 0) ? 0 : 1;
+
int j;
for (j = 0; j < 32; j++) {
GraphBuffer[i++] = phase;
@@ -137,8 +131,10 @@ int CmdIndalaDemod(const char *Cmd)
int state = -1;
int count = 0;
int i, j;
+
// worst case with GraphTraceLen=64000 is < 4096
// under normal conditions it's < 2048
+
uint8_t rawbits[4096];
int rawbit = 0;
int worst = 0, worstPos = 0;
@@ -171,10 +167,14 @@ int CmdIndalaDemod(const char *Cmd)
count = 0;
}
}
+
if (rawbit>0){
PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
- } else return 0;
+ } else {
+ return 0;
+ }
+
// Finding the start of a UID
int uidlen, long_wait;
if (strcmp(Cmd, "224") == 0) {
@@ -184,6 +184,7 @@ int CmdIndalaDemod(const char *Cmd)
uidlen = 64;
long_wait = 29;
}
+
int start;
int first = 0;
for (start = 0; start <= rawbit - uidlen; start++) {
@@ -197,6 +198,7 @@ int CmdIndalaDemod(const char *Cmd)
break;
}
}
+
if (start == rawbit - uidlen + 1) {
PrintAndLog("nothing to wait for");
return 0;
@@ -210,12 +212,12 @@ int CmdIndalaDemod(const char *Cmd)
}
// Dumping UID
- uint8_t bits[224];
- char showbits[225];
- showbits[uidlen]='\0';
+ uint8_t bits[224] = {0x00};
+ char showbits[225] = {0x00};
int bit;
i = start;
int times = 0;
+
if (uidlen > rawbit) {
PrintAndLog("Warning: not enough raw bits to get a full UID");
for (bit = 0; bit < rawbit; bit++) {
@@ -237,8 +239,8 @@ int CmdIndalaDemod(const char *Cmd)
//convert UID to HEX
uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
int idx;
- uid1=0;
- uid2=0;
+ uid1 = uid2 = 0;
+
if (uidlen==64){
for( idx=0; idx<64; idx++) {
if (showbits[idx] == '0') {
@@ -252,11 +254,8 @@ int CmdIndalaDemod(const char *Cmd)
PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
}
else {
- uid3=0;
- uid4=0;
- uid5=0;
- uid6=0;
- uid7=0;
+ uid3 = uid4 = uid5 = uid6 = uid7 = 0;
+
for( idx=0; idx<224; idx++) {
uid1=(uid1<<1)|(uid2>>31);
uid2=(uid2<<1)|(uid3>>31);
@@ -264,15 +263,19 @@ int CmdIndalaDemod(const char *Cmd)
uid4=(uid4<<1)|(uid5>>31);
uid5=(uid5<<1)|(uid6>>31);
uid6=(uid6<<1)|(uid7>>31);
- if (showbits[idx] == '0') uid7=(uid7<<1)|0;
- else uid7=(uid7<<1)|1;
+
+ if (showbits[idx] == '0')
+ uid7 = (uid7<<1) | 0;
+ else
+ uid7 = (uid7<<1) | 1;
}
PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
}
// Checking UID against next occurrences
- for (; i + uidlen <= rawbit;) {
int failed = 0;
+ for (; i + uidlen <= rawbit;) {
+ failed = 0;
for (bit = 0; bit < uidlen; bit++) {
if (bits[bit] != rawbits[i++]) {
failed = 1;
@@ -284,9 +287,12 @@ int CmdIndalaDemod(const char *Cmd)
}
times += 1;
}
+
PrintAndLog("Occurrences: %d (expected %d)", times, (rawbit - start) / uidlen);
// Remodulating for tag cloning
+ // HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod)
+ // since this changes graphbuffer data.
GraphTraceLen = 32*uidlen;
i = 0;
int phase = 0;
@@ -309,15 +315,10 @@ int CmdIndalaDemod(const char *Cmd)
int CmdIndalaClone(const char *Cmd)
{
- unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
UsbCommand c;
- uid1=0;
- uid2=0;
- uid3=0;
- uid4=0;
- uid5=0;
- uid6=0;
- uid7=0;
+ unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
+
+ uid1 = uid2 = uid3 = uid4 = uid5 = uid6 = uid7 = 0;
int n = 0, i = 0;
if (strchr(Cmd,'l') != 0) {
@@ -339,9 +340,7 @@ int CmdIndalaClone(const char *Cmd)
c.d.asDwords[4] = uid5;
c.d.asDwords[5] = uid6;
c.d.asDwords[6] = uid7;
- }
- else
- {
+ } else {
while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
uid1 = (uid1 << 4) | (uid2 >> 28);
uid2 = (uid2 << 4) | (n & 0xf);
@@ -359,13 +358,16 @@ int CmdIndalaClone(const char *Cmd)
int CmdLFRead(const char *Cmd)
{
UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
+
// 'h' means higher-low-frequency, 134 kHz
if(*Cmd == 'h') {
c.arg[0] = 1;
} else if (*Cmd == '\0') {
c.arg[0] = 0;
} else if (sscanf(Cmd, "%"lli, &c.arg[0]) != 1) {
- PrintAndLog("use 'read' or 'read h', or 'read <divisor>'");
+ PrintAndLog("Samples 1: 'lf read'");
+ PrintAndLog(" 2: 'lf read h'");
+ PrintAndLog(" 3: 'lf read <divisor>'");
return 0;
}
SendCommand(&c);
@@ -417,7 +419,9 @@ int CmdLFSim(const char *Cmd)
int CmdLFSimBidir(const char *Cmd)
{
- /* Set ADC to twice the carrier for a slight supersampling */
+ // Set ADC to twice the carrier for a slight supersampling
+ // HACK: not implemented in ARMSRC.
+ PrintAndLog("Not implemented yet.");
UsbCommand c = {CMD_LF_SIMULATE_BIDIR, {47, 384, 0}};
SendCommand(&c);
return 0;
@@ -429,23 +433,17 @@ int CmdLFSimManchester(const char *Cmd)
static int clock, gap;
static char data[1024], gapstring[8];
- /* get settings/bits */
sscanf(Cmd, "%i %s %i", &clock, &data[0], &gap);
- /* clear our graph */
ClearGraph(0);
- /* fill it with our bitstream */
for (int i = 0; i < strlen(data) ; ++i)
AppendGraph(0, clock, data[i]- '0');
- /* modulate */
CmdManchesterMod("");
- /* show what we've done */
RepaintGraphWindow();
- /* simulate */
sprintf(&gapstring[0], "%i", gap);
CmdLFSim(gapstring);
return 0;
@@ -454,20 +452,23 @@ int CmdLFSimManchester(const char *Cmd)
int CmdLFSnoop(const char *Cmd)
{
UsbCommand c = {CMD_LF_SNOOP_RAW_ADC_SAMPLES};
+
// 'h' means higher-low-frequency, 134 kHz
c.arg[0] = 0;
c.arg[1] = -1;
- if (*Cmd == 0) {
- // empty
- } else if (*Cmd == 'l') {
+
+ if (*Cmd == 'l') {
sscanf(Cmd, "l %"lli, &c.arg[1]);
} else if(*Cmd == 'h') {
c.arg[0] = 1;
sscanf(Cmd, "h %"lli, &c.arg[1]);
} else if (sscanf(Cmd, "%"lli" %"lli, &c.arg[0], &c.arg[1]) < 1) {
- PrintAndLog("use 'snoop' or 'snoop {l,h} [trigger threshold]', or 'snoop <divisor> [trigger threshold]'");
+ PrintAndLog("usage 1: snoop");
+ PrintAndLog(" 2: snoop {l,h} [trigger threshold]");
+ PrintAndLog(" 3: snoop <divisor> [trigger threshold]");
return 0;
}
+
SendCommand(&c);
WaitForResponse(CMD_ACK,NULL);
return 0;
diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c
index 83f49db7..32a0ff7c 100644
--- a/client/cmdlfem4x.c
+++ b/client/cmdlfem4x.c
@@ -11,9 +11,9 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
+#include "util.h"
#include "graph.h"
#include "cmdparser.h"
#include "cmddata.h"
@@ -22,20 +22,16 @@
static int CmdHelp(const char *Cmd);
-
-
int CmdEMdemodASK(const char *Cmd)
{
- int findone=0;
+ char cmdp = param_getchar(Cmd, 0);
+ int findone = (cmdp == '1') ? 1 : 0;
UsbCommand c={CMD_EM410X_DEMOD};
- if(Cmd[0]=='1') findone=1;
c.arg[0]=findone;
SendCommand(&c);
return 0;
}
-
-
/* Read the ID of an EM410x tag.
* Format:
* 1111 1111 1 <-- standard non-repeatable header
@@ -48,8 +44,8 @@ int CmdEM410xRead(const char *Cmd)
{
int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low;
int parity[4];
- char id[11];
- char id2[11];
+ char id[11] = {0x00};
+ char id2[11] = {0x00};
int retested = 0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
high = low = 0;
@@ -201,7 +197,25 @@ retest:
*/
int CmdEM410xSim(const char *Cmd)
{
- int i, n, j, h, binary[4], parity[4];
+ int i, n, j, binary[4], parity[4];
+
+ char cmdp = param_getchar(Cmd, 0);
+ uint8_t uid[5] = {0x00};
+
+ if (cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: lf em4x 410xsim <UID>");
+ PrintAndLog("");
+ PrintAndLog(" sample: lf em4x 410xsim 0F0368568B");
+ return 0;
+ }
+
+ if (param_gethex(Cmd, 0, uid, 10)) {
+ PrintAndLog("UID must include 10 HEX symbols");
+ return 0;
+ }
+
+ PrintAndLog("Starting simulating UID %02X%02X%02X%02X%02X", uid[0],uid[1],uid[2],uid[3],uid[4]);
+ PrintAndLog("Press pm3-button to about simulation");
/* clock is 64 in EM410x tags */
int clock = 64;
@@ -209,9 +223,6 @@ int CmdEM410xSim(const char *Cmd)
/* clear our graph */
ClearGraph(0);
- /* write it out a few times */
- for (h = 0; h < 4; h++)
- {
/* write 9 start bits */
for (i = 0; i < 9; i++)
AppendGraph(0, clock, 1);
@@ -248,38 +259,38 @@ int CmdEM410xSim(const char *Cmd)
AppendGraph(0, clock, parity[3]);
/* stop bit */
- AppendGraph(0, clock, 0);
- }
-
- /* modulate that biatch */
- CmdManchesterMod("");
-
- /* booyah! */
- RepaintGraphWindow();
-
- CmdLFSim("");
+ AppendGraph(1, clock, 0);
+
+ CmdLFSim("240"); //240 start_gap.
return 0;
}
-/* Function is equivalent of loread + losamples + em410xread
- * looped until an EM410x tag is detected */
+/* Function is equivalent of lf read + data samples + em410xread
+ * looped until an EM410x tag is detected
+ *
+ * Why is CmdSamples("16000")?
+ * TBD: Auto-grow sample size based on detected sample rate. IE: If the
+ * rate gets lower, then grow the number of samples
+ * Changed by martin, 4000 x 4 = 16000,
+ * see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
+
+*/
int CmdEM410xWatch(const char *Cmd)
{
- int read_h = (*Cmd == 'h');
- do
- {
- CmdLFRead(read_h ? "h" : "");
- // 2000 samples is OK for clock=64, but not clock=32. Probably want
- // 8000 for clock=16. Don't want to go too high since old HID driver
- // is very slow
- // TBD: Auto-grow sample size based on detected sample rate. IE: If the
- // rate gets lower, then grow the number of samples
-
- // Changed by martin, 4000 x 4 = 16000,
- // see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
- CmdSamples("16000");
- } while ( ! CmdEM410xRead(""));
- return 0;
+ char cmdp = param_getchar(Cmd, 0);
+ int read_h = (cmdp == 'h');
+ do {
+ if (ukbhit()) {
+ printf("\naborted via keyboard!\n");
+ break;
+ }
+
+ CmdLFRead(read_h ? "h" : "");
+ CmdSamples("6000");
+ } while (
+ !CmdEM410xRead("")
+ );
+ return 0;
}
/* Read the transmitted data of an EM4x50 tag
diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c
index 5d841ae1..c6d54e78 100644
--- a/client/cmdlfhid.c
+++ b/client/cmdlfhid.c
@@ -10,7 +10,6 @@
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "graph.h"
@@ -41,8 +40,8 @@ int CmdHIDDemod(const char *Cmd)
int CmdHIDDemodFSK(const char *Cmd)
{
int findone=0;
+ if(Cmd[0]=='1') findone=1;
UsbCommand c={CMD_HID_DEMOD_FSK};
- if(Cmd[0]=='1') findone=1;
c.arg[0]=findone;
SendCommand(&c);
return 0;
@@ -59,6 +58,7 @@ int CmdHIDSim(const char *Cmd)
}
PrintAndLog("Emulating tag with ID %x%16x", hi, lo);
+ PrintAndLog("Press pm3-button to abort simulation");
UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
SendCommand(&c);
diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c
index 32d38aeb..ab4a2609 100644
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@@ -12,7 +12,6 @@
#include <stdlib.h>
#include <string.h>
#include "data.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
@@ -225,7 +224,7 @@ int CmdLFHitagReader(const char *Cmd) {
return 0;
}
-static command_t CommandTableHitag[] =
+static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdLFHitagList, 1, "List Hitag trace history"},
@@ -237,12 +236,12 @@ static command_t CommandTableHitag[] =
int CmdLFHitag(const char *Cmd)
{
- CmdsParse(CommandTableHitag, Cmd);
+ CmdsParse(CommandTable, Cmd);
return 0;
}
int CmdHelp(const char *Cmd)
{
- CmdsHelp(CommandTableHitag);
+ CmdsHelp(CommandTable);
return 0;
}
diff --git a/client/cmdlfio.c b/client/cmdlfio.c
index 7482ad97..14ce5498 100644
--- a/client/cmdlfio.c
+++ b/client/cmdlfio.c
@@ -3,7 +3,6 @@
#include <string.h>
#include <inttypes.h>
#include <limits.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
@@ -19,26 +18,21 @@ int CmdIODemodFSK(const char *Cmd)
{
int findone=0;
if(Cmd[0]=='1') findone=1;
+
UsbCommand c={CMD_IO_DEMOD_FSK};
c.arg[0]=findone;
SendCommand(&c);
return 0;
}
-
int CmdIOProxDemod(const char *Cmd){
if (GraphTraceLen < 4800) {
PrintAndLog("too short; need at least 4800 samples");
return 0;
}
-
GraphTraceLen = 4800;
for (int i = 0; i < GraphTraceLen; ++i) {
- if (GraphBuffer[i] < 0) {
- GraphBuffer[i] = 0;
- } else {
- GraphBuffer[i] = 1;
- }
+ GraphBuffer[i] = (GraphBuffer[i] < 0) ? 0 : 1;
}
RepaintGraphWindow();
return 0;
@@ -61,7 +55,7 @@ int CmdIOClone(const char *Cmd)
}
PrintAndLog("Cloning tag with ID %08x %08x", hi, lo);
-
+ PrintAndLog("Press pm3-button to abort simulation");
c.cmd = CMD_IO_CLONE_TAG;
c.arg[0] = hi;
c.arg[1] = lo;
diff --git a/client/cmdlfpcf7931.c b/client/cmdlfpcf7931.c
index 13917146..0d8fb93d 100644
--- a/client/cmdlfpcf7931.c
+++ b/client/cmdlfpcf7931.c
@@ -10,7 +10,6 @@
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "graph.h"
diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index 9783370c..a719c7ad 100644
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -10,7 +10,6 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "graph.h"
diff --git a/client/cmdlfti.c b/client/cmdlfti.c
index 26128e2f..cb5fcd79 100644
--- a/client/cmdlfti.c
+++ b/client/cmdlfti.c
@@ -11,7 +11,6 @@
#include <stdio.h>
#include <stdlib.h>
#include "crc16.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "ui.h"
diff --git a/client/cmdmain.c b/client/cmdmain.c
index b2723490..df3d4b2e 100644
--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@@ -28,9 +28,6 @@
unsigned int current_command = CMD_UNKNOWN;
-//unsigned int received_command = CMD_UNKNOWN;
-//UsbCommand current_response;
-//UsbCommand current_response_user;
static int CmdHelp(const char *Cmd);
static int CmdQuit(const char *Cmd);
@@ -47,9 +44,9 @@ static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help. Use '<command> help' for details of a particular command."},
{"data", CmdData, 1, "{ Plot window / data buffer manipulation... }"},
- {"hf", CmdHF, 1, "{ HF commands... }"},
+ {"hf", CmdHF, 1, "{ High Frequency commands... }"},
{"hw", CmdHW, 1, "{ Hardware commands... }"},
- {"lf", CmdLF, 1, "{ LF commands... }"},
+ {"lf", CmdLF, 1, "{ Low Frequency commands... }"},
{"script", CmdScript, 1,"{ Scripting commands }"},
{"quit", CmdQuit, 1, "Exit program"},
{"exit", CmdQuit, 1, "Exit program"},
@@ -146,10 +143,8 @@ bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeou
while(getCommand(response))
{
if(response->cmd == cmd){
- //We got what we expected
return true;
}
-
}
msleep(10); // XXX ugh
if (dm_seconds == 200) { // Two seconds elapsed
@@ -178,25 +173,12 @@ void CommandReceived(char *Cmd) {
//-----------------------------------------------------------------------------
void UsbCommandReceived(UsbCommand *UC)
{
- /*
- // Debug
- printf("UsbCommand length[len=%zd]\n",sizeof(UsbCommand));
- printf(" cmd[len=%zd]: %"llx"\n",sizeof(UC->cmd),UC->cmd);
- printf(" arg0[len=%zd]: %"llx"\n",sizeof(UC->arg[0]),UC->arg[0]);
- printf(" arg1[len=%zd]: %"llx"\n",sizeof(UC->arg[1]),UC->arg[1]);
- printf(" arg2[len=%zd]: %"llx"\n",sizeof(UC->arg[2]),UC->arg[2]);
- printf(" data[len=%zd]: %02x%02x%02x...\n",sizeof(UC->d.asBytes),UC->d.asBytes[0],UC->d.asBytes[1],UC->d.asBytes[2]);
- */
-
- // printf("%s(%x) current cmd = %x\n", __FUNCTION__, c->cmd, current_command);
- // If we recognize a response, return to avoid further processing
switch(UC->cmd) {
// First check if we are handling a debug message
case CMD_DEBUG_PRINT_STRING: {
- char s[USB_CMD_DATA_SIZE+1];
+ char s[USB_CMD_DATA_SIZE+1] = {0x00};
size_t len = MIN(UC->arg[0],USB_CMD_DATA_SIZE);
memcpy(s,UC->d.asBytes,len);
- s[len] = 0x00;
PrintAndLog("#db# %s ", s);
return;
} break;
@@ -206,67 +188,15 @@ void UsbCommandReceived(UsbCommand *UC)
return;
} break;
- // case CMD_MEASURED_ANTENNA_TUNING: {
- // int peakv, peakf;
- // int vLf125, vLf134, vHf;
- // vLf125 = UC->arg[0] & 0xffff;
- // vLf134 = UC->arg[0] >> 16;
- // vHf = UC->arg[1] & 0xffff;;
- // peakf = UC->arg[2] & 0xffff;
- // peakv = UC->arg[2] >> 16;
- // PrintAndLog("");
- // PrintAndLog("# LF antenna: %5.2f V @ 125.00 kHz", vLf125/1000.0);
- // PrintAndLog("# LF antenna: %5.2f V @ 134.00 kHz", vLf134/1000.0);
- // PrintAndLog("# LF optimal: %5.2f V @%9.2f kHz", peakv/1000.0, 12000.0/(peakf+1));
- // PrintAndLog("# HF antenna: %5.2f V @ 13.56 MHz", vHf/1000.0);
- // if (peakv<2000)
- // PrintAndLog("# Your LF antenna is unusable.");
- // else if (peakv<10000)
- // PrintAndLog("# Your LF antenna is marginal.");
- // if (vHf<2000)
- // PrintAndLog("# Your HF antenna is unusable.");
- // else if (vHf<5000)
- // PrintAndLog("# Your HF antenna is marginal.");
- // } break;
-
case CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K: {
-// printf("received samples: ");
-// print_hex(UC->d.asBytes,512);
sample_buf_len += UC->arg[1];
-// printf("samples: %zd offset: %d\n",sample_buf_len,UC->arg[0]);
memcpy(sample_buf+(UC->arg[0]),UC->d.asBytes,UC->arg[1]);
} break;
-
-// case CMD_ACK: {
-// PrintAndLog("Receive ACK\n");
-// } break;
-
- default: {
- // Maybe it's a response
- /*
- switch(current_command) {
- case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: {
- if (UC->cmd != CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K) {
- PrintAndLog("unrecognized command %08x\n", UC->cmd);
- break;
- }
-// int i;
- PrintAndLog("received samples %d\n",UC->arg[0]);
- memcpy(sample_buf+UC->arg[0],UC->d.asBytes,48);
- sample_buf_len += 48;
-// for(i=0; i<48; i++) sample_buf[i] = UC->d.asBytes[i];
- //received_command = UC->cmd;
- } break;
-
- default: {
- } break;
- }*/
- }
+ default:
break;
}
storeCommand(UC);
-
}
diff --git a/client/data.c b/client/data.c
index 51134d48..3f019326 100644
--- a/client/data.c
+++ b/client/data.c
@@ -12,7 +12,6 @@
#include <stdint.h>
#include "data.h"
#include "ui.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "cmdmain.h"
@@ -23,22 +22,6 @@ void GetFromBigBuf(uint8_t *dest, int bytes, int start_index)
{
sample_buf_len = 0;
sample_buf = dest;
-// start_index = ((start_index/12)*12);
-// int n = start_index + bytes;
- /*
- if (n % 48 != 0) {
- PrintAndLog("bad len in GetFromBigBuf");
- return;
- }
- */
UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {start_index, bytes, 0}};
SendCommand(&c);
-/*
- for (int i = start_index; i < n; i += 48) {
- UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {i, 0, 0}};
- SendCommand(&c);
-// WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K);
-// memcpy(dest+(i*4), sample_buf, 48);
- }
-*/
}
diff --git a/client/flash.c b/client/flash.c
index 3a0a1cda..4e222ece 100644
--- a/client/flash.c
+++ b/client/flash.c
@@ -13,7 +13,6 @@
#include <stdlib.h>
#include "proxmark3.h"
#include "sleep.h"
-//#include "proxusb.h"
#include "flash.h"
#include "elf.h"
#include "proxendian.h"
@@ -276,7 +275,6 @@ static int get_proxmark_state(uint32_t *state)
{
UsbCommand c;
c.cmd = CMD_DEVICE_INFO;
-// SendCommand_(&c);
SendCommand(&c);
UsbCommand resp;
ReceiveCommand(&resp);
@@ -391,7 +389,6 @@ int flash_start_flashing(int enable_bl_writes,char *serial_port_name)
c.arg[2] = 0;
}
SendCommand(&c);
-// SendCommand_(&c);
return wait_for_ack();
} else {
fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n");
@@ -408,22 +405,8 @@ static int write_block(uint32_t address, uint8_t *data, uint32_t length)
memset(block_buf, 0xFF, BLOCK_SIZE);
memcpy(block_buf, data, length);
UsbCommand c;
-/*
- c.cmd = {CMD_SETUP_WRITE};
- for (int i = 0; i < 240; i += 48) {
- memcpy(c.d.asBytes, block_buf + i, 48);
- c.arg[0] = i / 4;
- SendCommand(&c);
-// SendCommand_(&c);
- if (wait_for_ack() < 0) {
- return -1;
- }
- }
-*/
c.cmd = CMD_FINISH_WRITE;
c.arg[0] = address;
-// memcpy(c.d.asBytes, block_buf+240, 16);
-// SendCommand_(&c);
memcpy(c.d.asBytes, block_buf, length);
SendCommand(&c);
return wait_for_ack();
@@ -486,7 +469,6 @@ void flash_free(flash_file_t *ctx)
// just reset the unit
int flash_stop_flashing(void) {
UsbCommand c = {CMD_HARDWARE_RESET};
-// SendCommand_(&c);
SendCommand(&c);
msleep(100);
return 0;
diff --git a/client/loclass/fileutils.c b/client/loclass/fileutils.c
index 9ea9d145..f96f8652 100644
--- a/client/loclass/fileutils.c
+++ b/client/loclass/fileutils.c
@@ -11,8 +11,14 @@
* @return
*/
int fileExists(const char *filename) {
+
+#ifdef _WIN32
+ struct _stat st;
+ int result = _stat(filename, &st);
+#else
struct stat st;
int result = stat(filename, &st);
+#endif
return result == 0;
}
diff --git a/client/mifarehost.c b/client/mifarehost.c
index 378fb2e5..d025918d 100644
--- a/client/mifarehost.c
+++ b/client/mifarehost.c
@@ -26,8 +26,6 @@ int compar_int(const void * a, const void * b) {
else return -1;
}
-
-
// Compare 16 Bits out of cryptostate
int Compare16Bits(const void * a, const void * b) {
if ((*(uint64_t*)b & 0x00ff000000ff0000) == (*(uint64_t*)a & 0x00ff000000ff0000)) return 0;
@@ -35,7 +33,6 @@ int Compare16Bits(const void * a, const void * b) {
else return -1;
}
-
typedef
struct {
union {
@@ -70,16 +67,12 @@ void* nested_worker_thread(void *arg)
return statelist->head.slhead;
}
-
-
-
int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKey, bool calibrate)
{
uint16_t i, len;
uint32_t uid;
UsbCommand resp;
-
StateList_t statelists[2];
struct Crypto1State *p1, *p2, *p3, *p4;
@@ -239,12 +232,11 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
// "MAGIC" CARD
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
- uint8_t block0[16];
- memset(block0, 0, 16);
+ uint8_t block0[16] = {0x00};
memcpy(block0, uid, 4);
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
- block0[5] = 0x88;
+ block0[5] = 0x08;
block0[6] = 0x04;
block0[7] = 0x00;
@@ -252,9 +244,9 @@ int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
}
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params) {
- uint8_t isOK = 0;
- UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
+ uint8_t isOK = 0;
+ UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
memcpy(c.d.asBytes, data, 16);
SendCommand(&c);
@@ -273,7 +265,7 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uin
int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {
uint8_t isOK = 0;
- UsbCommand c = {CMD_MIFARE_EML_CGETBLOCK, {params, 0, blockNo}};
+ UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
SendCommand(&c);
UsbCommand resp;
@@ -296,7 +288,7 @@ static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00};
// variables
char logHexFileName[200] = {0x00};
static uint8_t traceCard[4096] = {0x00};
-static char traceFileName[200] = {0};
+static char traceFileName[200] = {0x00};
static int traceState = TRACE_IDLE;
static uint8_t traceCurBlock = 0;
static uint8_t traceCurKey = 0;
@@ -522,7 +514,6 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
case TRACE_AUTH1:
if (len == 4) {
traceState = TRACE_AUTH2;
-
nt = bytes_to_num(data, 4);
return 0;
} else {
@@ -558,6 +549,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, nr_enc, 1);
lfsr_rollback_word(revstate, uid ^ nt, 0);
+
crypto1_get_lfsr(revstate, &lfsr);
printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));
AddLogUint64(logHexFileName, "key> ", lfsr);
diff --git a/client/mifarehost.h b/client/mifarehost.h
index cb99a407..3e946cd9 100644
--- a/client/mifarehost.h
+++ b/client/mifarehost.h
@@ -15,7 +15,6 @@
#include "cmdmain.h"
#include "ui.h"
#include "data.h"
-//#include "proxusb.h"
#include "util.h"
#include "nonce2key/nonce2key.h"
#include "nonce2key/crapto1.h"
diff --git a/client/proxmark3.c b/client/proxmark3.c
index bf0f3817..16a8fa02 100644
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@@ -66,21 +66,6 @@ struct main_loop_arg {
char *script_cmds_file;
};
-//static void *usb_receiver(void *targ) {
-// struct receiver_arg *arg = (struct receiver_arg*)targ;
-// UsbCommand cmdbuf;
-//
-// while (arg->run) {
-// if (ReceiveCommandPoll(&cmdbuf)) {
-// UsbCommandReceived(&cmdbuf);
-// fflush(NULL);
-// }
-// }
-//
-// pthread_exit(NULL);
-// return NULL;
-//}
-
byte_t rx[0x1000000];
byte_t* prx = rx;
@@ -129,7 +114,7 @@ static void *main_loop(void *targ) {
}
FILE *script_file = NULL;
- char script_cmd_buf[256];
+ char script_cmd_buf[256]; // iceman, needs lua script the same file_path_buffer as the rest
if (arg->script_cmds_file)
{
@@ -211,14 +196,6 @@ static void *main_loop(void *targ) {
return NULL;
}
-//static void dumpHelp(char *parent, ...)
-//{
-// printf("## %s\n\n", parent);
-// CommandReceived(parent);
-//
-// printf("\n");
-//}
-
static void dumpAllHelp(int markdown)
{
printf("\n%sProxmark3 command dump%s\n\n",markdown?"# ":"",markdown?"":"\n======================");
@@ -258,17 +235,6 @@ int main(int argc, char* argv[]) {
};
pthread_t main_loop_t;
-/*
- usb_init();
- if (!OpenProxmark(1)) {
- fprintf(stderr,"PROXMARK3: NOT FOUND!\n");
- marg.usb_present = 0;
- offline = 1;
- } else {
- marg.usb_present = 1;
- offline = 0;
- }
-*/
sp = uart_open(argv[1]);
if (sp == INVALID_SERIAL_PORT) {
@@ -309,10 +275,6 @@ int main(int argc, char* argv[]) {
pthread_join(main_loop_t, NULL);
-// if (marg.usb_present == 1) {
-// CloseProxmark();
-// }
-
// Clean up the port
uart_close(sp);
diff --git a/include/usb_cmd.h b/include/usb_cmd.h
index 4d50de59..69c3c1b6 100644
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@@ -81,7 +81,7 @@ typedef struct {
#define CMD_EM4X_WRITE_WORD 0x0219
#define CMD_IO_DEMOD_FSK 0x021A
#define CMD_IO_CLONE_TAG 0x021B
-#define CMD_EM410X_DEMOD 0x021C
+#define CMD_EM410X_DEMOD 0x021c
/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
@@ -137,8 +137,11 @@ typedef struct {
#define CMD_MIFARE_EML_MEMSET 0x0602
#define CMD_MIFARE_EML_MEMGET 0x0603
#define CMD_MIFARE_EML_CARDLOAD 0x0604
-#define CMD_MIFARE_EML_CSETBLOCK 0x0605
-#define CMD_MIFARE_EML_CGETBLOCK 0x0606
+
+// magic chinese card commands
+#define CMD_MIFARE_CSETBLOCK 0x0605
+#define CMD_MIFARE_CGETBLOCK 0x0606
+#define CMD_MIFARE_CIDENT 0x0607
#define CMD_SIMULATE_MIFARE_CARD 0x0610
@@ -150,11 +153,25 @@ typedef struct {
#define CMD_MIFARE_READSC 0x0621
#define CMD_MIFAREU_READCARD 0x0721
#define CMD_MIFARE_WRITEBL 0x0622
-#define CMD_MIFAREU_WRITEBL_COMPAT 0x0722
-#define CMD_MIFAREU_WRITEBL 0x0723
+#define CMD_MIFAREU_WRITEBL 0x0722
+#define CMD_MIFAREU_WRITEBL_COMPAT 0x0723
+
#define CMD_MIFARE_CHKKEYS 0x0623
#define CMD_MIFARE_SNIFFER 0x0630
+//ultralightC
+#define CMD_MIFAREUC_AUTH1 0x0724
+#define CMD_MIFAREUC_AUTH2 0x0725
+#define CMD_MIFAREUC_READCARD 0x0726
+
+// mifare desfire
+#define CMD_MIFARE_DESFIRE_READBL 0x0728
+#define CMD_MIFARE_DESFIRE_WRITEBL 0x0729
+#define CMD_MIFARE_DESFIRE_AUTH1 0x072a
+#define CMD_MIFARE_DESFIRE_AUTH2 0x072b
+#define CMD_MIFARE_DES_READER 0x072c
+#define CMD_MIFARE_DESFIRE_INFO 0x072d
+#define CMD_MIFARE_DESFIRE 0x072e
#define CMD_UNKNOWN 0xFFFF