From add0504deaacb2736dd7ff04c95daf9ce1d025ad Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 24 Apr 2015 18:41:49 +0200 Subject: [PATCH] ADD: Started a "collect nonces" concept to be able to analyse the tag generated nonces. --- armsrc/appmain.c | 3 ++ armsrc/apps.h | 3 ++ armsrc/mifarecmd.c | 70 +++++++++++++++++++++++++++++++++++++++++- armsrc/mifaredesfire.c | 2 +- armsrc/mifareutil.c | 6 ++-- include/usb_cmd.h | 2 ++ 6 files changed, 81 insertions(+), 5 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index f3136fa0..f5989bd6 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -919,6 +919,9 @@ void UsbPacketReceived(uint8_t *packet, int len) MifareSendCommand(c->arg[0], c->arg[1], c->d.asBytes); break; + case CMD_MIFARE_COLLECT_NONCES: + MifareCollectNonces(c->arg[0], c->[1]); + break; #endif #ifdef WITH_ICLASS diff --git a/armsrc/apps.h b/armsrc/apps.h index 84376ed6..81203001 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -19,6 +19,7 @@ #include #include #include "../common/crc32.h" +#include "../common/lfdemod.h" #include "BigBuf.h" #include "../include/hitag2.h" #include "../include/mifare.h" @@ -196,6 +197,8 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai void MifareCIdent(); // is "magic chinese" card? void MifareUSetPwd(uint8_t arg0, uint8_t *datain); +void MifareCollectNonces(uint32_t arg0, uint32_t arg1); + //desfire void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain); void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index a240bed4..ef536d96 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1218,7 +1218,75 @@ void MifareCIdent(){ cmd_send(CMD_ACK,isOK,0,0,0,0); } - // +void MifareCollectNonces(uint32_t arg0, uint32_t arg1){ + + BigBuf_free(); + + uint32_t iterations = arg0; + uint8_t uid[10] = {0x00}; + + uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE); + uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE); + + uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b }; + + // get memory from BigBuf. + uint8_t *nonces = BigBuf_malloc(iterations * 4); + + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + clear_trace(); + set_tracing(TRUE); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + for (int i = 0; i < iterations; i++) { + + WDT_HIT(); + + // Test if the action was cancelled + if(BUTTON_PRESS()) break; + + // if(mifare_classic_halt(pcs, cuid)) { + // if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); + //} + + if(!iso14443a_select_card(uid, NULL, NULL)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + continue; + }; + + // Transmit MIFARE_CLASSIC_AUTH. + ReaderTransmit(mf_auth, sizeof(mf_auth), NULL); + + // Receive the (4 Byte) "random" nonce + if (!ReaderReceive(response, responsePar)) { + if (MF_DBGLEVEL >= 1) Dbprintf("Couldn't receive tag nonce"); + continue; + } + + nonces[i*4] = bytes_to_num(response, 4); + } + + int packLen = iterations * 4; + int packSize = 0; + int packNum = 0; + while (packLen > 0) { + packSize = MIN(USB_CMD_DATA_SIZE, packLen); + LED_B_ON(); + cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize); + LED_B_OFF(); + + packLen -= packSize; + packNum++; + } + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} + +// // DESFIRE // diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 979e2f39..e7632c96 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -433,7 +433,7 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){ size_t len = 0; size_t wrappedLen = 0; - uint8_t wCmd[USB_CMD_DATA_SIZE] = {0}; + uint8_t wCmd[USB_CMD_DATA_SIZE] = {0x00}; uint8_t resp[MAX_FRAME_SIZE]; uint8_t par[MAX_PARITY_SIZE]; diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 8fa5e498..987a858c 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -365,9 +365,9 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl { // variables uint16_t len, i; - uint32_t pos; - uint8_t par[3] = {0}; // enough for 18 Bytes to send - byte_t res; + uint32_t pos = 0; + uint8_t par[3] = {0x00}; // enough for 18 Bytes to send + byte_t res = 0; uint8_t d_block[18], d_block_enc[18]; uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 74d494c2..d61a2558 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -193,6 +193,8 @@ typedef struct{ #define CMD_MIFARE_DESFIRE_INFO 0x072d #define CMD_MIFARE_DESFIRE 0x072e +#define CMD_MIFARE_COLLECT_NONCES 0x072f + #define CMD_UNKNOWN 0xFFFF -- 2.39.5