From d52e4e881910964f151e0ea51dd5621e6ab6315e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 26 Dec 2014 21:32:58 +0100 Subject: [PATCH] ADD: HF 14A READER is now able to see if a presented card responses to the chinese magic backdoor commands. FIX: simple namechange of some defines where it hinted it was related to "eml" when it wasn't. --- armsrc/appmain.c | 7 +++-- armsrc/apps.h | 1 + armsrc/mifarecmd.c | 70 ++++++++++++++++++++++++++---------------- armsrc/mifaredesfire.c | 4 +-- client/cmdhf14a.c | 23 ++++++++++---- include/usb_cmd.h | 7 +++-- 6 files changed, 73 insertions(+), 39 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index c3cf3999..33944c1d 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -854,12 +854,15 @@ void UsbPacketReceived(uint8_t *packet, int len) break; // Work with "magic Chinese" card - case CMD_MIFARE_EML_CSETBLOCK: + case CMD_MIFARE_CSETBLOCK: MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; - case CMD_MIFARE_EML_CGETBLOCK: + case CMD_MIFARE_CGETBLOCK: MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; + case CMD_MIFARE_CIDENT: + MifareCIdent(); + break; // mifare sniffer case CMD_MIFARE_SNIFFER: diff --git a/armsrc/apps.h b/armsrc/apps.h index 6725741f..5e1926f9 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -211,6 +211,7 @@ void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); +void MifareCIdent(); // is "magic chinese" card? // mifaredesfire.h bool InitDesfireCard(); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 1352215e..ee2132ef 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -937,29 +937,22 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // variables byte_t isOK = 0; - uint8_t uid[10]; - uint8_t d_block[18]; + uint8_t uid[10] = {0x00}; + uint8_t d_block[18] = {0x00}; uint32_t cuid; - memset(uid, 0x00, 10); uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf(); uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE; // reset FPGA and LED if (workFlags & 0x08) { - iso14a_clear_trace(); - iso14a_set_tracing(TRUE); - - iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - LED_A_ON(); LED_B_OFF(); LED_C_OFF(); - - //SpinDelay(300); - //FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - //SpinDelay(100); - //FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + + iso14a_clear_trace(); + iso14a_set_tracing(TRUE); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); } while (true) { @@ -967,7 +960,6 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // get UID from chip if (workFlags & 0x01) { if(!iso14443a_select_card(uid, NULL, &cuid)) { - Dbprintf("ICE"); if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); break; }; @@ -1065,28 +1057,20 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai // variables byte_t isOK = 0; - uint8_t data[18]; + uint8_t data[18] = {0x00}; uint32_t cuid = 0; - memset(data, 0x00, 18); uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf(); uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE; if (workFlags & 0x08) { - // clear trace - iso14a_clear_trace(); - iso14a_set_tracing(TRUE); - - iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - LED_A_ON(); LED_B_OFF(); LED_C_OFF(); - - // SpinDelay(300); - // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - // SpinDelay(100); - // FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); + + iso14a_clear_trace(); + iso14a_set_tracing(TRUE); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); } while (true) { @@ -1132,3 +1116,35 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai } } +void MifareCIdent(){ + + // card commands + uint8_t wupC1[] = { 0x40 }; + uint8_t wupC2[] = { 0x43 }; + + // variables + byte_t isOK = 1; + + uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf(); + uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE; + + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + + ReaderTransmitBitsPar(wupC1,7,0, NULL); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { + isOK = 0; + }; + + ReaderTransmit(wupC2, sizeof(wupC2), NULL); + if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { + isOK = 0; + }; + + if (mifare_classic_halt(NULL, 0)) { + isOK = 0; + }; + + cmd_send(CMD_ACK,isOK,0,0,0,0); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); +} + diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 56166777..75119322 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -24,11 +24,11 @@ bool InitDesfireCard(){ byte_t cardbuf[USB_CMD_DATA_SIZE]; memset(cardbuf,0,sizeof(cardbuf)); + iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; iso14a_set_tracing(TRUE); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; int len = iso14443a_select_card(NULL,card,NULL); if (!len) { @@ -350,7 +350,7 @@ size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){ cmd[0] = 0x0A; // 0x0A = skicka cid, 0x02 = ingen cid. Särskilda bitar // cmd[0] |= pcb_blocknum; // OR the block number into the PCB - cmd[1] = 0x00; // CID: 0x00 //FIXME: allow multiple selected cards + cmd[1] = 0x00; // CID: 0x00 //TODO: allow multiple selected cards memcpy(cmd+2, datain, len); AppendCrc14443a(cmd, len+2); diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index f09c555b..27f0ac36 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -225,12 +225,6 @@ int CmdHF14AReader(const char *Cmd) memcpy(&card.ats, resp.d.asBytes, resp.arg[0]); card.ats_len = resp.arg[0]; // note: ats_len includes CRC Bytes } - - // disconnect - c.arg[0] = 0; - c.arg[1] = 0; - c.arg[2] = 0; - SendCommand(&c); if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes bool ta1 = 0, tb1 = 0, tc1 = 0; @@ -370,6 +364,23 @@ int CmdHF14AReader(const char *Cmd) PrintAndLog("proprietary non iso14443-4 card found, RATS not supported"); } + + // try to see if card responses to "chinese magic backdoor" commands. + c.cmd = CMD_MIFARE_CIDENT; + c.arg[0] = 0; + c.arg[1] = 0; + c.arg[2] = 0; + SendCommand(&c); + WaitForResponse(CMD_ACK,&resp); + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog(" Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") ); + + // disconnect + c.arg[0] = 0; + c.arg[1] = 0; + c.arg[2] = 0; + SendCommand(&c); + return select_status; } diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 55df18f4..65631d98 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -137,8 +137,11 @@ typedef struct { #define CMD_MIFARE_EML_MEMSET 0x0602 #define CMD_MIFARE_EML_MEMGET 0x0603 #define CMD_MIFARE_EML_CARDLOAD 0x0604 -#define CMD_MIFARE_EML_CSETBLOCK 0x0605 -#define CMD_MIFARE_EML_CGETBLOCK 0x0606 + +// magic chinese card commands +#define CMD_MIFARE_CSETBLOCK 0x0605 +#define CMD_MIFARE_CGETBLOCK 0x0606 +#define CMD_MIFARE_CIDENT 0x0607 #define CMD_SIMULATE_MIFARE_CARD 0x0610 -- 2.39.5