From 5de79e20f1413a24f3339917176241f3e2681c3d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Jul 2015 21:33:09 +0200 Subject: [PATCH 1/1] MOD:: reverse back changes to 14443b.c ADD: the hid-flasher/usb_cmd.h wasn't up to date with how it's other file /common/usb_cmd.h looks like. ADD: utils.lua 14443v crc inside LUA. ADD: utils.lua ConvertAsciiToHex method and minor adjustments checks. --- armsrc/iso14443b.c | 2 +- client/cmdhf14b.c | 2 +- client/hid-flasher/usb_cmd.h | 71 ++++++++++++++++++++++++++++++++---- client/lualibs/utils.lua | 40 +++++++++++++++----- client/scripting.c | 29 +++++++++++++-- client/scripts/14araw.lua | 4 +- 6 files changed, 123 insertions(+), 25 deletions(-) diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index fb8b4d66..0ea66a8d 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -1275,7 +1275,7 @@ void RAMFUNC SnoopIso14443b(void) if(!ReaderIsActive) { // no need to try decoding tag data if the reader is sending - and we cannot afford the time // is this | 0x01 the error? & 0xfe in https://github.com/Proxmark/proxmark3/issues/103 - if(Handle14443bSamplesDemod(ci | 0x01, cq | 0x01)) { + if(Handle14443bSamplesDemod(ci & 0xfe, cq & 0xfe)) { //Use samples as a time measurement if(tracing) diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index 060656c2..d9e56693 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -34,7 +34,7 @@ int CmdHF14BList(const char *Cmd) int CmdHF14BSim(const char *Cmd) { - UsbCommand c={CMD_SIMULATE_TAG_ISO_14443B}; + UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443B}; clearCommandBuffer(); SendCommand(&c); return 0; diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index dfada01d..c77477e8 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -23,14 +23,24 @@ typedef BYTE uint8_t; #define PACKED __attribute__((packed)) #endif +#define USB_CMD_DATA_SIZE 512 + typedef struct { - uint32_t cmd; - uint32_t arg[3]; + uint64_t cmd; + uint64_t arg[3]; union { - uint8_t asBytes[48]; - uint32_t asDwords[12]; + uint8_t asBytes[USB_CMD_DATA_SIZE]; + uint32_t asDwords[USB_CMD_DATA_SIZE/4]; } d; } PACKED UsbCommand; +// A struct used to send sample-configs over USB +typedef struct{ + uint8_t decimation; + uint8_t bits_per_sample; + bool averaging; + int divisor; + int trigger_threshold; +} sample_config; // For the bootloader #define CMD_DEVICE_INFO 0x0000 @@ -53,7 +63,6 @@ typedef struct { #define CMD_STATUS 0x0108 #define CMD_PING 0x0109 - // For low-frequency tags #define CMD_READ_TI_TYPE 0x0202 #define CMD_WRITE_TI_TYPE 0x0203 @@ -83,6 +92,7 @@ typedef struct { #define CMD_IO_DEMOD_FSK 0x021A #define CMD_IO_CLONE_TAG 0x021B #define CMD_EM410X_DEMOD 0x021c +// Sampling configuration for LF reader/snooper #define CMD_SET_LF_SAMPLING_CONFIG 0x021d #define CMD_FSK_SIM_TAG 0x021E #define CMD_ASK_SIM_TAG 0x021F @@ -95,6 +105,7 @@ typedef struct { #define CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693 0x0300 #define CMD_READ_SRI512_TAG 0x0303 #define CMD_READ_SRIX4K_TAG 0x0304 +#define CMD_ISO_14443B_COMMAND 0x0305 #define CMD_READER_ISO_15693 0x0310 #define CMD_SIMTAG_ISO_15693 0x0311 #define CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693 0x0312 @@ -102,6 +113,7 @@ typedef struct { #define CMD_ISO_15693_COMMAND_DONE 0x0314 #define CMD_ISO_15693_FIND_AFI 0x0315 #define CMD_ISO_15693_DEBUG 0x0316 +#define CMD_LF_SNOOP_RAW_ADC_SAMPLES 0x0317 // For Hitag2 transponders #define CMD_SNOOP_HITAG 0x0370 @@ -122,6 +134,9 @@ typedef struct { #define CMD_SNOOP_ICLASS 0x0392 #define CMD_SIMULATE_TAG_ICLASS 0x0393 #define CMD_READER_ICLASS 0x0394 +#define CMD_READER_ICLASS_REPLAY 0x0395 +#define CMD_ICLASS_ISO14443A_WRITE 0x0397 +#define CMD_ICLASS_EML_MEMSET 0x0398 // For measurements of the antenna tuning #define CMD_MEASURE_ANTENNA_TUNING 0x0400 @@ -138,8 +153,11 @@ typedef struct { #define CMD_MIFARE_EML_MEMSET 0x0602 #define CMD_MIFARE_EML_MEMGET 0x0603 #define CMD_MIFARE_EML_CARDLOAD 0x0604 -#define CMD_MIFARE_EML_CSETBLOCK 0x0605 -#define CMD_MIFARE_EML_CGETBLOCK 0x0606 + +// magic chinese card commands +#define CMD_MIFARE_CSETBLOCK 0x0605 +#define CMD_MIFARE_CGETBLOCK 0x0606 +#define CMD_MIFARE_CIDENT 0x0607 #define CMD_SIMULATE_MIFARE_CARD 0x0610 @@ -147,14 +165,53 @@ typedef struct { #define CMD_MIFARE_NESTED 0x0612 #define CMD_MIFARE_READBL 0x0620 +#define CMD_MIFAREU_READBL 0x0720 #define CMD_MIFARE_READSC 0x0621 +#define CMD_MIFAREU_READCARD 0x0721 #define CMD_MIFARE_WRITEBL 0x0622 +#define CMD_MIFAREU_WRITEBL 0x0722 +#define CMD_MIFAREU_WRITEBL_COMPAT 0x0723 + #define CMD_MIFARE_CHKKEYS 0x0623 #define CMD_MIFARE_SNIFFER 0x0630 +//ultralightC +#define CMD_MIFAREUC_AUTH 0x0724 +//0x0725 and 0x0726 no longer used +#define CMD_MIFAREUC_SETPWD 0x0727 + + +// mifare desfire +#define CMD_MIFARE_DESFIRE_READBL 0x0728 +#define CMD_MIFARE_DESFIRE_WRITEBL 0x0729 +#define CMD_MIFARE_DESFIRE_AUTH1 0x072a +#define CMD_MIFARE_DESFIRE_AUTH2 0x072b +#define CMD_MIFARE_DES_READER 0x072c +#define CMD_MIFARE_DESFIRE_INFO 0x072d +#define CMD_MIFARE_DESFIRE 0x072e + +#define CMD_MIFARE_COLLECT_NONCES 0x072f #define CMD_UNKNOWN 0xFFFF + +//Mifare simulation flags +#define FLAG_INTERACTIVE 0x01 +#define FLAG_4B_UID_IN_DATA 0x02 +#define FLAG_7B_UID_IN_DATA 0x04 +#define FLAG_NR_AR_ATTACK 0x08 + + +//Iclass reader flags +#define FLAG_ICLASS_READER_ONLY_ONCE 0x01 +#define FLAG_ICLASS_READER_CC 0x02 +#define FLAG_ICLASS_READER_CSN 0x04 +#define FLAG_ICLASS_READER_CONF 0x08 +#define FLAG_ICLASS_READER_AA 0x10 +#define FLAG_ICLASS_READER_ONE_TRY 0x20 + + + // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: /* Whether a bootloader that understands the common_area is present */ #define DEVICE_INFO_FLAG_BOOTROM_PRESENT (1<<0) diff --git a/client/lualibs/utils.lua b/client/lualibs/utils.lua index da179758..698017d9 100644 --- a/client/lualibs/utils.lua +++ b/client/lualibs/utils.lua @@ -69,6 +69,18 @@ local Utils = return outResults end, + ----ISO14443-B CRC + Crc14b = function(s) + if s == nil then return nil end + if #s == 0 then return nil end + if type(s) == 'string' then + local utils = require('utils') + local ascii = utils.ConvertHexToAscii(s) + local hashed = core.iso14443b_crc(ascii) + return utils.ConvertAsciiToHex(hashed) + end + return nil + end, ------------ CRC-16 ccitt checksums -- Takes a hex string and calculates a crc16 @@ -181,20 +193,18 @@ local Utils = --- -- Convert Byte array to string of hex ConvertBytesToHex = function(bytes) - if #bytes == 0 then - return '' - end + if bytes == nil then return '' end + if #bytes == 0 then return '' end local s={} - for i = 1, #(bytes) do + for i = 1, #bytes do s[i] = string.format("%02X",bytes[i]) end return table.concat(s) end, -- Convert byte array to string with ascii ConvertBytesToAscii = function(bytes) - if #bytes == 0 then - return '' - end + if bytes == nil then return '' end + if #bytes == 0 then return '' end local s={} for i = 1, #(bytes) do s[i] = string.char(bytes[i]) @@ -233,13 +243,23 @@ local Utils = end, ConvertHexToAscii = function(s) + if s == nil then return '' end + if #s == 0 then return '' end local t={} - if s == nil then return t end - if #s == 0 then return t end for k in s:gmatch"(%x%x)" do table.insert(t, string.char(tonumber(k,16))) end - return table.concat(t) + return table.concat(t) + end, + + ConvertAsciiToHex = function(s) + if s == nil then return '' end + if #s == 0 then return '' end + local t={} + for k in s:gmatch"(.)" do + table.insert(t, string.format("%02X", string.byte(k))) + end + return table.concat(t) end, Chars2num = function(s) diff --git a/client/scripting.c b/client/scripting.c index 75760663..63d7f44e 100644 --- a/client/scripting.c +++ b/client/scripting.c @@ -18,6 +18,7 @@ #include "util.h" #include "nonce2key/nonce2key.h" #include "../common/iso15693tools.h" +#include "iso14443crc.h" #include "../common/crc16.h" #include "../common/crc64.h" #include "../common/sha1.h" @@ -52,12 +53,11 @@ static int l_SendCommand(lua_State *L){ const char *data = luaL_checklstring(L, 1, &size); if(size != sizeof(UsbCommand)) { - printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand)); + printf("Got data size %d, expected %d" , size, sizeof(UsbCommand)); lua_pushstring(L,"Wrong data size"); return 1; } -// UsbCommand c = (*data); SendCommand((UsbCommand* )data); return 0; // no return values } @@ -100,7 +100,7 @@ static int l_WaitForResponseTimeout(lua_State *L){ if(WaitForResponseTimeout(cmd, &response, ms_timeout)) { //Push it as a string - lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand)); + lua_pushlstring(L,(const char *)&response, sizeof(UsbCommand)); return 1;// return 1 to signal one return value }else{ @@ -229,6 +229,28 @@ static int l_iso15693_crc(lua_State *L) return 1; } +static int l_iso14443b_crc(lua_State *L) +{ + /* void ComputeCrc14443(int CrcType, + const unsigned char *Data, int Length, + unsigned char *TransmitFirst, + unsigned char *TransmitSecond) + */ + unsigned char buf[USB_CMD_DATA_SIZE]; + size_t len = 0; + const char *data = luaL_checklstring(L, 1, &len); + if (USB_CMD_DATA_SIZE < len) + len = USB_CMD_DATA_SIZE-2; + + for (int i = 0; i < len; i += 2) { + sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]); + } + ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]); + + lua_pushlstring(L, (const char *)&buf, len+2); + return 1; +} + /* Simple AES 128 cbc hook up to OpenSSL. params: key, input @@ -483,6 +505,7 @@ int set_pm3_libraries(lua_State *L) {"clearCommandBuffer", l_clearCommandBuffer}, {"console", l_CmdConsole}, {"iso15693_crc", l_iso15693_crc}, + {"iso14443b_crc", l_iso14443b_crc}, {"aes128_decrypt", l_aes128decrypt_cbc}, {"aes128_decrypt_ecb", l_aes128decrypt_ecb}, {"aes128_encrypt", l_aes128encrypt_cbc}, diff --git a/client/scripts/14araw.lua b/client/scripts/14araw.lua index 0ce98656..a2e6ff53 100644 --- a/client/scripts/14araw.lua +++ b/client/scripts/14araw.lua @@ -155,9 +155,7 @@ end -- Sends an instruction to do nothing, only disconnect function disconnect() - local command = Command:new{cmd = cmds.CMD_READER_ISO_14443a, - arg1 = 0, -- Nothing - } + local command = Command:new{cmd = cmds.CMD_READER_ISO_14443a, arg1 = 0, } -- We can ignore the response here, no ACK is returned for this command -- Check /armsrc/iso14443a.c, ReaderIso14443a() for details return lib14a.sendToDevice(command,true) -- 2.39.5