From 534983d7352171526a6d43b112e0baaefdb1e3cd Mon Sep 17 00:00:00 2001 From: "adam@algroup.co.uk" Date: Tue, 13 Jul 2010 13:39:30 +0000 Subject: [PATCH] iso14a reader patches [Hagen Fritsch] --- armsrc/appmain.c | 2 +- armsrc/apps.h | 2 +- armsrc/iso14443a.c | 188 ++++++++++++++++++++++++++++----------------- armsrc/iso14443a.h | 13 ++++ client/Makefile | 1 + client/cmdhf14a.c | 31 +++++++- client/cmdmain.c | 32 ++++++-- client/cmdmain.h | 3 +- client/proxusb.c | 7 +- client/util.c | 23 ++++++ client/util.h | 1 + include/common.h | 35 +++++++++ 12 files changed, 249 insertions(+), 89 deletions(-) create mode 100644 armsrc/iso14443a.h create mode 100644 client/util.c create mode 100644 client/util.h create mode 100644 include/common.h diff --git a/armsrc/appmain.c b/armsrc/appmain.c index ed89fe98..bfce2953 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -643,7 +643,7 @@ void UsbPacketReceived(uint8_t *packet, int len) #ifdef WITH_ISO14443a case CMD_READER_ISO_14443a: - ReaderIso14443a(c->arg[0]); + ReaderIso14443a(c, &ack); break; #endif diff --git a/armsrc/apps.h b/armsrc/apps.h index 2245ecb8..c3d3bae1 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -99,7 +99,7 @@ void SnoopIso14443(void); /// iso14443a.h void SnoopIso14443a(void); void SimulateIso14443aTag(int tagType, int TagUid); // ## simulate iso14443a tag -void ReaderIso14443a(uint32_t parameter); +void ReaderIso14443a(UsbCommand * c, UsbCommand * ack); void ReaderMifare(uint32_t parameter); /// iso15693.h diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index e228b7fd..c3f6647b 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1,5 +1,6 @@ //----------------------------------------------------------------------------- // Gerhard de Koning Gans - May 2008 +// Hagen Fritsch - June 2010 // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -14,11 +15,13 @@ #include "string.h" #include "iso14443crc.h" +#include "iso14443a.h" static uint8_t *trace = (uint8_t *) BigBuf; static int traceLen = 0; static int rsamples = 0; static int tracing = TRUE; +static uint32_t iso14a_timeout; // CARD TO READER // Sequence D: 11110000 modulation with subcarrier during first half @@ -61,6 +64,11 @@ static const uint8_t OddByteParity[256] = { #define DMA_BUFFER_SIZE 4096 #define TRACE_LENGTH 3000 +uint8_t trigger = 0; +void iso14a_set_trigger(int enable) { + trigger = enable; +} + //----------------------------------------------------------------------------- // Generate the parity value for a byte sequence // @@ -78,7 +86,7 @@ uint32_t GetParity(const uint8_t * pbtCmd, int iLen) return dwPar; } -static void AppendCrc14443a(uint8_t* data, int len) +void AppendCrc14443a(uint8_t* data, int len) { ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1); } @@ -454,6 +462,7 @@ static int ManchesterDecoding(int v) Demod.parityBits = 0; Demod.samples = 0; if(Demod.posCount) { + if(trigger) LED_A_OFF(); switch(Demod.syncBit) { case 0x08: Demod.samples = 3; break; case 0x04: Demod.samples = 2; break; @@ -1389,30 +1398,30 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, int maxLen, int int c; // Set FPGA mode to "reader listen mode", no modulation (listen - // only, since we are receiving, not transmitting). - // Signal field is on with the appropriate LED - LED_D_ON(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); + // only, since we are receiving, not transmitting). + // Signal field is on with the appropriate LED + LED_D_ON(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); - // Now get the answer from the card - Demod.output = receivedResponse; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; + // Now get the answer from the card + Demod.output = receivedResponse; + Demod.len = 0; + Demod.state = DEMOD_UNSYNCD; uint8_t b; if (elapsed) *elapsed = 0; c = 0; for(;;) { - WDT_HIT(); + WDT_HIT(); - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!! + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!! if (elapsed) (*elapsed)++; - } - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - if(c < 2048) { c++; } else { return FALSE; } - b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + } + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + if(c < iso14a_timeout) { c++; } else { return FALSE; } + b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; if(ManchesterDecoding((b>>4) & 0xf)) { *samples = ((c - 1) << 3) + 4; return TRUE; @@ -1421,8 +1430,8 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, int maxLen, int *samples = c << 3; return TRUE; } - } - } + } + } } void ReaderTransmitShort(const uint8_t* bt) @@ -1450,6 +1459,8 @@ void ReaderTransmitPar(uint8_t* frame, int len, uint32_t par) // Select the card TransmitFor14443a(ToSend, ToSendMax, &samples, &wait); + if(trigger) + LED_A_ON(); // Store reader command in buffer if (tracing) LogTrace(frame,len,0,par,TRUE); @@ -1472,62 +1483,72 @@ int ReaderReceive(uint8_t* receivedAnswer) } /* performs iso14443a anticolision procedure - * fills the uid pointer */ -int iso14443a_select_card(uint8_t * uid_ptr) { + * fills the uid pointer unless NULL + * fills resp_data unless NULL */ +int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * resp_data) { uint8_t wupa[] = { 0x52 }; uint8_t sel_all[] = { 0x93,0x20 }; uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - uint8_t sel_all_c2[] = { 0x95,0x20 }; - uint8_t sel_uid_c2[] = { 0x95,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; uint8_t rats[] = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0 uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes uint8_t* uid = resp + 7; + uint8_t sak = 0x04; // cascade uid + int cascade_level = 0; + int len; // Broadcast for a card, WUPA (0x52) will force response from all cards in the field ReaderTransmitShort(wupa); // Receive the ATQA if(!ReaderReceive(resp)) return 0; - // if(*(uint16_t *) resp == 0x4403) MIFARE_CLASSIC - // if(*(uint16_t *) resp == 0x0400) MIFARE_DESFIRE - ReaderTransmit(sel_all,sizeof(sel_all)); // SELECT_ALL + if(resp_data) + memcpy(resp_data->atqa, resp, 2); + + ReaderTransmit(sel_all,sizeof(sel_all)); if(!ReaderReceive(uid)) return 0; - // Construct SELECT UID command - // First copy the 5 bytes (Mifare Classic) after the 93 70 - memcpy(sel_uid+2,uid,5); - // Secondly compute the two CRC bytes at the end - AppendCrc14443a(sel_uid,7); - - ReaderTransmit(sel_uid,sizeof(sel_uid)); - // Receive the SAK - if (!ReaderReceive(resp)) return 0; - - // OK we have selected at least at cascade 1, lets see if first byte of UID was 0x88 in + // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in // which case we need to make a cascade 2 request and select - this is a long UID - // When the UID is not complete, the 3nd bit (from the right) is set in the SAK. - if (resp[0] &= 0x04) + // While the UID is not complete, the 3nd bit (from the right) is set in the SAK. + for(; sak & 0x04; cascade_level++) { - ReaderTransmit(sel_all_c2,sizeof(sel_all_c2)); - if (!ReaderReceive(uid+5)) return 0; + // SELECT_* (L1: 0x93, L2: 0x95, L3: 0x97) + sel_uid[0] = sel_all[0] = 0x93 + cascade_level * 2; + + // SELECT_ALL + ReaderTransmit(sel_all,sizeof(sel_all)); + if (!ReaderReceive(resp)) return 0; + if(uid_ptr) memcpy(uid_ptr + cascade_level*4, resp, 4); // Construct SELECT UID command - memcpy(sel_uid_c2+2,uid+5,5); - AppendCrc14443a(sel_uid_c2,7); - ReaderTransmit(sel_uid_c2,sizeof(sel_uid_c2)); + memcpy(sel_uid+2,resp,5); + AppendCrc14443a(sel_uid,7); + ReaderTransmit(sel_uid,sizeof(sel_uid)); + // Receive the SAK if (!ReaderReceive(resp)) return 0; + sak = resp[0]; } - if(uid_ptr) memcpy(uid_ptr, uid, 10); - if( (resp[0] & 0x20) == 0) + if(resp_data) { + resp_data->sak = sak; + resp_data->ats_len = 0; + } + + if( (sak & 0x20) == 0) return 2; // non iso14443a compliant tag + // Request for answer to select AppendCrc14443a(rats, 2); ReaderTransmit(rats, sizeof(rats)); if (!(len = ReaderReceive(resp))) return 0; + if(resp_data) { + memcpy(resp_data->ats, resp, sizeof(resp_data->ats)); + resp_data->ats_len = len; + } + return 1; } @@ -1547,52 +1568,75 @@ void iso14443a_setup() { LED_D_ON(); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); SpinDelay(200); + + iso14a_timeout = 2048; //default } +int iso14_apdu(uint8_t * cmd, size_t cmd_len, void * data) { + uint8_t real_cmd[cmd_len+4]; + real_cmd[0] = 0x0a; //I-Block + real_cmd[1] = 0x00; //CID: 0 //FIXME: allow multiple selected cards + memcpy(real_cmd+2, cmd, cmd_len); + AppendCrc14443a(real_cmd,cmd_len+2); + + ReaderTransmit(real_cmd, cmd_len+4); + size_t len = ReaderReceive(data); + if(!len) + return -1; //DATA LINK ERROR + + return len; +} + + //----------------------------------------------------------------------------- // Read an ISO 14443a tag. Send out commands and store answers. // //----------------------------------------------------------------------------- -void ReaderIso14443a(uint32_t parameter) +void ReaderIso14443a(UsbCommand * c, UsbCommand * ack) { + iso14a_command_t param = c->arg[0]; + uint8_t * cmd = c->d.asBytes; + size_t len = c->arg[1]; - // Mifare AUTH - uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b }; -// uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00 }; + if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(1); - uint8_t* receivedAnswer = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes - traceLen = 0; + if(param & ISO14A_CONNECT) { + iso14443a_setup(); + ack->arg[0] = iso14443a_select_card(ack->d.asBytes, (iso14a_card_select_t *) (ack->d.asBytes+12)); + UsbSendPacket((void *)ack, sizeof(UsbCommand)); + } - iso14443a_setup(); + if(param & ISO14A_SET_TIMEOUT) { + iso14a_timeout = c->arg[2]; + } - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); + if(param & ISO14A_SET_TIMEOUT) { + iso14a_timeout = c->arg[2]; + } - while(traceLen < TRACE_LENGTH) - { - // Test if the action was cancelled - if(BUTTON_PRESS()) break; + if(param & ISO14A_APDU) { + ack->arg[0] = iso14_apdu(cmd, len, ack->d.asBytes); + UsbSendPacket((void *)ack, sizeof(UsbCommand)); + } - if(!iso14443a_select_card(NULL)) { - DbpString("iso14443a setup failed"); - break; + if(param & ISO14A_RAW) { + if(param & ISO14A_APPEND_CRC) { + AppendCrc14443a(cmd,len); + len += 2; } + ReaderTransmit(cmd,len); + ack->arg[0] = ReaderReceive(ack->d.asBytes); + UsbSendPacket((void *)ack, sizeof(UsbCommand)); + } - // Transmit MIFARE_CLASSIC_AUTH - ReaderTransmit(mf_auth,sizeof(mf_auth)); + if(param & ISO14A_REQUEST_TRIGGER) iso14a_set_trigger(0); - // Receive the (16 bit) "random" nonce - if (!ReaderReceive(receivedAnswer)) continue; - } + if(param & ISO14A_NO_DISCONNECT) + return; - // Thats it... FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); - Dbprintf("%x %x %x", rsamples, 0xCC, 0xCC); - DbpString("ready.."); } - //----------------------------------------------------------------------------- // Read an ISO 14443a tag. Send out commands and store answers. // @@ -1638,7 +1682,7 @@ void ReaderMifare(uint32_t parameter) break; } - if(!iso14443a_select_card(NULL)) continue; + if(!iso14443a_select_card(NULL, NULL)) continue; // Transmit MIFARE_CLASSIC_AUTH ReaderTransmit(mf_auth,sizeof(mf_auth)); diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h new file mode 100644 index 00000000..c7e023d4 --- /dev/null +++ b/armsrc/iso14443a.h @@ -0,0 +1,13 @@ +#ifndef __ISO14443A_H +#define __ISO14443A_H +#include "common.h" + +extern void AppendCrc14443a(uint8_t* data, int len); +extern void ReaderTransmitShort(const uint8_t* bt); +extern void ReaderTransmit(uint8_t* frame, int len); +extern int ReaderReceive(uint8_t* receivedAnswer); +extern void iso14443a_setup(); +extern int iso14443a_select_card(uint8_t * uid_ptr, iso14a_card_select_t * card_info); +extern void iso14a_set_trigger(int enable); + +#endif /* __ISO14443A_H */ diff --git a/client/Makefile b/client/Makefile index 368e2487..0d323424 100644 --- a/client/Makefile +++ b/client/Makefile @@ -45,6 +45,7 @@ CMDSRCS = \ data.c \ graph.c \ ui.c \ + util.c \ cmddata.c \ cmdhf.c \ cmdhf14a.c \ diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index a6fa5a85..145f6a67 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -1,5 +1,5 @@ //----------------------------------------------------------------------------- -// Copyright (C) 2010 iZsh +// Copyright (C) 2010 iZsh , Hagen Fritsch // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -17,6 +17,7 @@ #include "ui.h" #include "cmdparser.h" #include "cmdhf14a.h" +#include "common.h" static int CmdHelp(const char *Cmd); @@ -147,6 +148,11 @@ int CmdHF14AList(const char *Cmd) return 0; } +void iso14a_set_timeout(uint32_t timeout) { + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_SET_TIMEOUT, 0, timeout}}; + SendCommand(&c); +} + int CmdHF14AMifare(const char *Cmd) { UsbCommand c = {CMD_READER_MIFARE, {strtol(Cmd, NULL, 0), 0, 0}}; @@ -156,9 +162,26 @@ int CmdHF14AMifare(const char *Cmd) int CmdHF14AReader(const char *Cmd) { - UsbCommand c = {CMD_READER_ISO_14443a, {strtol(Cmd, NULL, 0), 0, 0}}; - SendCommand(&c); - return 0; + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}}; + SendCommand(&c); + UsbCommand * resp = WaitForResponse(CMD_ACK); + uint8_t * uid = resp->d.asBytes; + iso14a_card_select_t * card = uid + 12; + + if(resp->arg[0] == 0) { + PrintAndLog("iso14443a card select failed"); + return 0; + } + + PrintAndLog("ATQA : %02x %02x", card->atqa[0], card->atqa[1]); + PrintAndLog(" UID : %s", sprint_hex(uid, 12)); + PrintAndLog(" SAK : %02x [%d]", card->sak, resp->arg[0]); + if(resp->arg[0] == 1) + PrintAndLog(" ATS : %s", sprint_hex(card->ats, card->ats_len)); + else + PrintAndLog("proprietary non-iso14443a card found, RATS not supported"); + + return resp->arg[0]; } // ## simulate iso14443a tag diff --git a/client/cmdmain.c b/client/cmdmain.c index 203a250c..3388d75f 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -25,6 +25,7 @@ unsigned int current_command = CMD_UNKNOWN; unsigned int received_command = CMD_UNKNOWN; +UsbCommand current_response; static int CmdHelp(const char *Cmd); static int CmdQuit(const char *Cmd); @@ -53,12 +54,25 @@ int CmdQuit(const char *Cmd) return 0; } -void WaitForResponse(uint32_t response_type) +UsbCommand * WaitForResponseTimeout(uint32_t response_type, uint32_t ms_timeout) { + UsbCommand * ret = ¤t_response; + int i=0; + + for(i=0; received_command != response_type && i < ms_timeout / 10; i++) { + msleep(10); // XXX ugh + } + + if(received_command != response_type) + ret = NULL; + + received_command = CMD_UNKNOWN; + + return ret; +} + +UsbCommand * WaitForResponse(uint32_t response_type) { - while (received_command != response_type) { - msleep(10); // XXX ugh - } - received_command = CMD_UNKNOWN; + return WaitForResponseTimeout(response_type, -1); } //----------------------------------------------------------------------------- @@ -137,7 +151,11 @@ void UsbCommandReceived(UsbCommand *UC) return; default: unexpected_response: - PrintAndLog("unrecognized command %08x\n", UC->cmd); - break; + + if(UC->cmd != CMD_ACK) + PrintAndLog("unrecognized command %08x\n", UC->cmd); + else + memcpy(¤t_response, UC, sizeof(UsbCommand)); + received_command = UC->cmd; } } diff --git a/client/cmdmain.h b/client/cmdmain.h index edd0205f..3a4145c1 100644 --- a/client/cmdmain.h +++ b/client/cmdmain.h @@ -15,6 +15,7 @@ void UsbCommandReceived(UsbCommand *UC); void CommandReceived(char *Cmd); -void WaitForResponse(uint32_t response_type); +UsbCommand * WaitForResponseTimeout(uint32_t response_type, uint32_t ms_timeout); +UsbCommand * WaitForResponse(uint32_t response_type); #endif diff --git a/client/proxusb.c b/client/proxusb.c index f1d0458b..3c2b20b4 100644 --- a/client/proxusb.c +++ b/client/proxusb.c @@ -151,9 +151,10 @@ usb_dev_handle* findProxmark(int verbose, unsigned int *iface) fprintf(stdout, "\nConnected units:\n"); - for (int i = 0; i < iUnit; i++) - fprintf(stdout, "\t%d. SN: %s\n", i+1, units[i].serial_number); - + for (int i = 0; i < iUnit; i++) { + struct usb_device * dev = usb_device(units[i].handle); + fprintf(stdout, "\t%d. SN: %s [%s/%s]\n", i+1, units[i].serial_number, dev->bus->dirname, dev->filename); + } if (iUnit > 1) { while (iSelection < 1 || iSelection > iUnit) { fprintf(stdout, "Which unit do you want to connect to? "); diff --git a/client/util.c b/client/util.c new file mode 100644 index 00000000..2c02d119 --- /dev/null +++ b/client/util.c @@ -0,0 +1,23 @@ +#include +#include + +void print_hex(const uint8_t * data, const size_t len) +{ + size_t i; + + for (i=0; i < len; i++) + printf("%02x ", data[i]); + + printf("\n"); +} + +char * sprint_hex(const uint8_t * data, const size_t len) { + static char buf[1024]; + char * tmp = buf; + size_t i; + + for (i=0; i < len && i < 1024/3; i++, tmp += 3) + sprintf(tmp, "%02x ", data[i]); + + return buf; +} diff --git a/client/util.h b/client/util.h new file mode 100644 index 00000000..48330799 --- /dev/null +++ b/client/util.h @@ -0,0 +1 @@ +void print_hex(const uint8_t * data, const size_t len); diff --git a/include/common.h b/include/common.h new file mode 100644 index 00000000..eb519f63 --- /dev/null +++ b/include/common.h @@ -0,0 +1,35 @@ +//----------------------------------------------------------------------------- +// Hagen Fritsch - June 2010 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. + +//----------------------------------------------------------------------------- +// Interlib Definitions +//----------------------------------------------------------------------------- + +#ifndef __COMMON_H +#define __COMMON_H + +//----------------------------------------------------------------------------- +// ISO 14443A +//----------------------------------------------------------------------------- +typedef struct { + uint8_t atqa[2]; + uint8_t sak; + uint8_t ats_len; + uint8_t ats[20]; //FIXME: size? +} __attribute__((__packed__)) iso14a_card_select_t; + +typedef enum ISO14A_COMMAND { + ISO14A_CONNECT = 1, + ISO14A_NO_DISCONNECT = 2, + ISO14A_APDU = 4, + ISO14A_RAW = 8, + ISO14A_REQUEST_TRIGGER = 0x10, + ISO14A_APPEND_CRC = 0x20, + ISO14A_SET_TIMEOUT = 0x40 +} iso14a_command_t; + +#endif -- 2.39.5