From f5ed4d12de19dcf59a3d5ecdcd9f75f5c747dd3e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 19 Dec 2014 13:46:02 +0100 Subject: [PATCH] ADD: started with adding a LF AWID26 write function. not done yet. ADD: latest pwpiwi & holiman changes. --- armsrc/epa.c | 100 +++---------- armsrc/hitag2.c | 2 +- armsrc/iclass.c | 12 +- armsrc/iso14443.c | 3 +- armsrc/iso14443a.c | 22 +-- armsrc/lfops.c | 79 +++++++++-- armsrc/mifarecmd.c | 44 +++--- armsrc/mifaredesfire.c | 22 +-- armsrc/mifareutil.c | 9 +- client/Makefile | 1 + client/cmdhf14a.c | 93 ++++++------- client/cmdhfepa.c | 5 +- client/cmdhficlass.c | 44 ++++-- client/cmdhfmf.c | 262 ++--------------------------------- client/cmdlf.c | 2 + client/cmdlfawid26.c | 102 ++++++++++++++ client/cmdlfawid26.h | 16 +++ client/loclass/elite_crack.c | 14 +- 18 files changed, 368 insertions(+), 464 deletions(-) create mode 100644 client/cmdlfawid26.c create mode 100644 client/cmdlfawid26.h diff --git a/armsrc/epa.c b/armsrc/epa.c index a3c6669e..0bbd2dd7 100644 --- a/armsrc/epa.c +++ b/armsrc/epa.c @@ -108,9 +108,9 @@ size_t EPA_Parse_CardAccess(uint8_t *data, if (data[index] == 0x31 || data[index] == 0x30) { // enter the set (skip tag + length) index += 2; - // extended length + // check for extended length if ((data[index - 1] & 0x80) != 0) { - index += (data[index] & 0x7F); + index += (data[index-1] & 0x7F); } } // OID @@ -423,89 +423,31 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password) //----------------------------------------------------------------------------- int EPA_Setup() { - // return code - //int return_code = 0; - - // card UID - //uint8_t uid[10] = {0x00}; - + + int return_code = 0; + uint8_t uid[10]; + uint8_t pps_response[3]; + uint8_t pps_response_par[1]; + iso14a_card_select_t card_select_info; + // power up the field iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); - iso14a_clear_trace(); - iso14a_set_tracing(TRUE); - iso14a_set_timeout(10500); - // card select information - byte_t cardbuf[USB_CMD_DATA_SIZE]; - memset(cardbuf,0,USB_CMD_DATA_SIZE); - iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; + iso14a_set_timeout(10500); // select the card - // if (!iso14443a_select_card(uid, &card_info, NULL)) { - // Dbprintf("Epa: Can't select card"); - // return -1; - // } - - uint8_t wupa[] = { 0x26 }; // 0x26 - REQA 0x52 - WAKE-UP - uint8_t sel_all[] = { 0x93,0x20 }; - uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - uint8_t rats[] = { 0xE0,0x81,0x00,0x00 }; // FSD=256, FSDI=8, CID=1 - - uint8_t *resp = ((uint8_t *)BigBuf) + RECV_RESP_OFFSET; - uint8_t *resp_par = ((uint8_t *)BigBuf) + RECV_RESP_PAR_OFFSET; - - byte_t uid_resp[4]; - size_t uid_resp_len = 4; - - uint8_t sak = 0x04; // cascade uid - int len; - - // Broadcast for a card, WUPA (0x52) will force response from all cards in the field - ReaderTransmitBitsPar(wupa,7,0, NULL); - - // Receive the ATQA - if(!ReaderReceive(resp, resp_par)) return -1; - - // SELECT_ALL - ReaderTransmit(sel_all,sizeof(sel_all), NULL); - if (!ReaderReceive(resp, resp_par)) return -1; - - // uid response from tag - memcpy(uid_resp,resp,uid_resp_len); - - // Construct SELECT UID command - // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC) - memcpy(sel_uid+2,uid_resp,4); // the UID - sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC - AppendCrc14443a(sel_uid,7); // calculate and add CRC - ReaderTransmit(sel_uid,sizeof(sel_uid), NULL); - - // Receive the SAK - if (!ReaderReceive(resp, resp_par)) return -1; - sak = resp[0]; - - // Request for answer to select - AppendCrc14443a(rats, 2); - ReaderTransmit(rats, sizeof(rats), NULL); - - if ( !(len = ReaderReceive(resp, resp_par) )) return -1; + return_code = iso14443a_select_card(uid, &card_select_info, NULL); + if (return_code != 1) { + Dbprintf("Epa: Can't select card"); + return 1; + } - // populate the collected data. - memcpy( card->uid, uid_resp, uid_resp_len); - card->uidlen += uid_resp_len; - card->sak = sak; - card->ats_len = len; - memcpy(card->ats, resp, sizeof(card->ats)); - - // send the PPS request - // ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL); - // uint8_t pps_response[3]; - // uint8_t pps_response_par[1]; - // return_code = ReaderReceive(pps_response,pps_response_par); - // if (return_code != 3 || pps_response[0] != 0xD0) { - // return return_code == 0 ? 2 : return_code; - // } + ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL); + return_code = ReaderReceive(pps_response, pps_response_par); + if (return_code != 3 || pps_response[0] != 0xD0) { + return return_code == 0 ? 2 : return_code; + } - return -1; + return 0; } \ No newline at end of file diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 33cc3b7f..dc4c4232 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -1158,7 +1158,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { case RHT2F_CRYPTO: { DbpString("Authenticating using key:"); - memcpy(key,htd->crypto.key,6); + memcpy(key,htd->crypto.key,6); // 4 or 6 ?? Dbhexdump(6,key,false); blocknr = 0; bQuiet = false; diff --git a/armsrc/iclass.c b/armsrc/iclass.c index f53f3041..74705b49 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -549,7 +549,7 @@ static RAMFUNC int ManchesterDecoding(int v) // Tag response does not need to be a complete byte! if(Demod.len > 0 || Demod.bitCount > 0) { if(Demod.bitCount > 1) { // was > 0, do not interpret last closing bit, is part of EOF - Demod.shiftReg >>= (9 - Demod.bitCount); // rright align data + Demod.shiftReg >>= (9 - Demod.bitCount); // right align data Demod.output[Demod.len] = Demod.shiftReg & 0xff; Demod.len++; } @@ -1145,7 +1145,8 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader respsize = 0; if (breakAfterMacReceived){ // dbprintf:ing ... - Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]); + Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x" + ,csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]); Dbprintf("RDR: (len=%02d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",len, receivedCmd[0], receivedCmd[1], receivedCmd[2], receivedCmd[3], receivedCmd[4], receivedCmd[5], @@ -1264,8 +1265,8 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int FpgaSetupSsc(); if (wait) - if(*wait < 10) - *wait = 10; + { + if(*wait < 10) *wait = 10; for(c = 0; c < *wait;) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { @@ -1279,6 +1280,9 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int WDT_HIT(); } + } + + uint8_t sendbyte; bool firstpart = TRUE; c = 0; diff --git a/armsrc/iso14443.c b/armsrc/iso14443.c index 28ab54d6..775c583a 100644 --- a/armsrc/iso14443.c +++ b/armsrc/iso14443.c @@ -293,8 +293,7 @@ static int GetIso14443CommandFromReader(uint8_t *received, int *len, int maxLen) // only, since we are receiving, not transmitting). // Signal field is off with the appropriate LED LED_D_OFF(); - FpgaWriteConfWord( - FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION); // Now run a `software UART' on the stream of incoming samples. diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 7dfa53e7..d8edc209 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -310,10 +310,11 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) if (Uart.state == STATE_UNSYNCD) { // not yet synced if (Uart.highCnt < 7) { // wait for a stable unmodulated signal - if (Uart.twoBits == 0xffff) + if (Uart.twoBits == 0xffff) { Uart.highCnt++; - else + } else { Uart.highCnt = 0; + } } else { Uart.syncBit = 0xFFFF; // not set // look for 00xx1111 (the start bit) @@ -1602,8 +1603,7 @@ int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity, uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity) { - if (!tracing) return true; - + if (tracing) { // we cannot exactly measure the end and start of a received command from reader. However we know that the delay from // end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp. // with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated: @@ -1614,8 +1614,10 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start reader_StartTime = reader_EndTime - reader_modlen; if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE)) { return FALSE; - } else - return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE)); + } else return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE)); + } else { + return TRUE; + } } //----------------------------------------------------------------------------- @@ -1703,7 +1705,6 @@ int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parit int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) { if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) return FALSE; - if (tracing) { LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE); } @@ -1714,7 +1715,7 @@ int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) * fills the uid pointer unless NULL * fills resp_data unless NULL */ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, uint32_t* cuid_ptr) { - //uint8_t halt[] = { 0x50 }; // HALT + //uint8_t halt[] = { 0x50, 0x00, 0x57, 0xCD }; // HALT uint8_t wupa[] = { 0x52 }; // WAKE-UP //uint8_t reqa[] = { 0x26 }; // REQUEST A uint8_t sel_all[] = { 0x93,0x20 }; @@ -1731,6 +1732,7 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u // test for the SKYLANDERS TOY. //ReaderTransmit(halt,sizeof(halt), NULL); + //len = ReaderReceive(resp, resp_par); // Broadcast for a card, WUPA (0x52) will force response from all cards in the field ReaderTransmitBitsPar(wupa,7,0, NULL); @@ -1808,7 +1810,6 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u // Receive the SAK if (!ReaderReceive(resp, resp_par)) return 0; sak = resp[0]; - // Test if more parts of the uid are coming if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) { @@ -1844,7 +1845,8 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u AppendCrc14443a(rats, 2); ReaderTransmit(rats, sizeof(rats), NULL); - if (!(len = ReaderReceive(resp, resp_par))) return 2; + len = ReaderReceive(resp, resp_par); + if(!len) return 0; if(p_hi14a_card) { memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats)); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 15af6d65..fa0516c9 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -769,7 +769,7 @@ size_t aggregate_bits(uint8_t *dest,size_t size, uint8_t h2l_crossing_value,uint continue; } //if lastval was 1, we have a 1->0 crossing - if ( dest[idx-1]==1 ) { + if ( dest[idx-1] ) { n=(n+1) / h2l_crossing_value; } else {// 0->1 crossing n=(n+1) / l2h_crossing_value; @@ -814,11 +814,13 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) size = fsk_demod(dest, FREE_BUFFER_SIZE); // we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns - // 1->0 : fc/8 in sets of 6 - // 0->1 : fc/10 in sets of 5 + // 1->0 : fc/8 in sets of 6 (RF/50 / 8 = 6.25) + // 0->1 : fc/10 in sets of 5 (RF/50 / 10= 5) // do not invert size = aggregate_bits(dest,size, 6,5,5,0); + WDT_HIT(); + // final loop, go over previously decoded manchester data and decode into usable tag ID // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0 uint8_t frame_marker_mask[] = {1,1,1,0,0,0}; @@ -851,17 +853,64 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol) { if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0) { - if (hi2 != 0){ + if (hi2 != 0){ //extra large HID tags Dbprintf("TAG ID: %x%08x%08x (%d)", (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); } - else { - Dbprintf("TAG ID: %x%08x (%d)", - (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); + else { //standard HID tags <38 bits + //Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd + uint8_t bitlen = 0; + uint32_t fc = 0; + uint32_t cardnum = 0; + if (((hi>>5)&1)==1){//if bit 38 is set then < 37 bit format is used + uint32_t lo2=0; + lo2=(((hi & 31) << 12) | (lo>>20)); //get bits 21-37 to check for format len bit + uint8_t idx3 = 1; + while(lo2>1){ //find last bit set to 1 (format len bit) + lo2=lo2>>1; + idx3++; + } + bitlen =idx3+19; + fc =0; + cardnum=0; + if(bitlen==26){ + cardnum = (lo>>1)&0xFFFF; + fc = (lo>>17)&0xFF; + } + if(bitlen==37){ + cardnum = (lo>>1)&0x7FFFF; + fc = ((hi&0xF)<<12)|(lo>>20); + } + if(bitlen==34){ + cardnum = (lo>>1)&0xFFFF; + fc= ((hi&1)<<15)|(lo>>17); + } + if(bitlen==35){ + cardnum = (lo>>1)&0xFFFFF; + fc = ((hi&1)<<11)|(lo>>21); + } + } + else { //if bit 38 is not set then 37 bit format is used + bitlen= 37; + fc =0; + cardnum=0; + if(bitlen==37){ + cardnum = (lo>>1)&0x7FFFF; + fc = ((hi&0xF)<<12)|(lo>>20); + } + } + //Dbprintf("TAG ID: %x%08x (%d)", + // (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); + Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d", + (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF, + (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum); + } + if (findone){ + if (ledcontrol) LED_A_OFF(); + return; } } } - // reset hi2 = hi = lo = 0; numshifts = 0; @@ -890,8 +939,7 @@ uint32_t bytebits_to_byte(uint8_t* src, int numbits) void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) { - uint8_t *dest = get_bigbufptr_recvrespbuf(); - + uint8_t *dest = (uint8_t *)BigBuf; size_t size=0, idx=0; uint32_t code=0, code2=0; uint8_t isFinish = 0; @@ -906,13 +954,13 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) if (ledcontrol) LED_A_ON(); DoAcquisition125k_internal(-1,true); + size = sizeof(BigBuf); // FSK demodulator - size = fsk_demod(dest, FREE_BUFFER_SIZE); - + size = fsk_demod(dest, size); // we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns - // 1->0 : fc/8 in sets of 7 - // 0->1 : fc/10 in sets of 6 + // 1->0 : fc/8 in sets of 7 (RF/64 / 8 = 8) + // 0->1 : fc/10 in sets of 6 (RF/64 / 10 = 6.4) size = aggregate_bits(dest, size, 7,6,13,1); //13 max Consecutive should be ok as most 0s in row should be 10 for init seq - invert bits //Index map @@ -1601,9 +1649,12 @@ int DemodPCF7931(uint8_t **outBlocks) { block_done = 0; half_switch = 0; } + if(i < GraphTraceLen) + { if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0; else dir = 1; } + } if(bitidx==255) bitidx=0; warnings = 0; diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 519ea2b0..b9b8098a 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -20,7 +20,7 @@ #include "../common/crc.h" //----------------------------------------------------------------------------- -// Select, Authenticaate, Read an MIFARE tag. +// Select, Authenticate, Read a MIFARE tag. // read block //----------------------------------------------------------------------------- void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) @@ -267,25 +267,25 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain) { - // params - uint8_t sectorNo = arg0; - int Pages=arg1; + // params + uint8_t sectorNo = arg0; + int Pages=arg1; int count_Pages=0; - // variables - byte_t isOK = 0; - byte_t dataoutbuf[44 * 4]; - uint8_t uid[10]; - uint32_t cuid; + // variables + byte_t isOK = 0; + byte_t dataoutbuf[176]; + uint8_t uid[10]; + uint32_t cuid; - // clear trace - iso14a_clear_trace(); + // clear trace + iso14a_clear_trace(); - iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - Dbprintf("Pages %d",Pages); + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + Dbprintf("Pages %d",Pages); while (true) { if(!iso14443a_select_card(uid, NULL, &cuid)) { if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); @@ -307,8 +307,8 @@ void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain) isOK = 1; break; } - Dbprintf("Pages read %d",count_Pages); - if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED"); + Dbprintf("Pages read %d",count_Pages); + if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED"); LED_B_ON(); if (Pages==16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64); @@ -316,9 +316,9 @@ void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain) if (Pages==44 && count_Pages>16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,176); LED_B_OFF(); - // Thats it... - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); + // Thats it... + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); } @@ -792,7 +792,6 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6); LED_B_OFF(); - // Thats it... FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); @@ -1127,7 +1126,6 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai LED_B_OFF(); if ((workFlags & 0x10) || (!isOK)) { - // Thats it... FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index 4a580371..0d8de438 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -78,9 +78,9 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){ } int len = DesfireAPDU(datain, datalen, resp); - if (MF_DBGLEVEL >= 4) { - print_result("ERR <--: ", resp, len); - } + if (MF_DBGLEVEL >= 4) { + print_result("ERR <--: ", resp, len); + } if ( !len ) { OnError(); @@ -124,7 +124,7 @@ void MifareDesfireGetInformation(){ // card select - information iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; byte_t isOK = iso14443a_select_card(NULL, card, NULL); - if (isOK != 1) { + if ( isOK == 0) { if (MF_DBGLEVEL >= 1) { Dbprintf("Can't select card"); } @@ -306,7 +306,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain // dataout = pointer to response data array int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){ - uint32_t status = 0; + size_t len = 0; size_t wrappedLen = 0; uint8_t wCmd[USB_CMD_DATA_SIZE] = {0}; @@ -320,9 +320,9 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){ } ReaderTransmit( wCmd, wrappedLen, NULL); - status = ReaderReceive(resp, resp_par); + len = ReaderReceive(resp, resp_par); - if( status == 0x00){ + if( len == 0x00 ){ if (MF_DBGLEVEL >= 4) { Dbprintf("fukked"); } @@ -330,16 +330,16 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){ } // if we received an I- or R(ACK)-Block with a block number equal to the // current block number, toggle the current block number - else if (status >= 4 // PCB+CID+CRC = 4 bytes + else if (len >= 4 // PCB+CID+CRC = 4 bytes && ((resp[0] & 0xC0) == 0 // I-Block || (resp[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0 && (resp[0] & 0x01) == pcb_blocknum) // equal block numbers { pcb_blocknum ^= 1; //toggle next block } - // copy response to - dataout = resp; - return status; + + memcpy(dataout, resp, len); + return len; } // CreateAPDU diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index d2841497..dcea901d 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -85,8 +85,11 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint { uint8_t dcmd[8]; dcmd[0] = cmd; - memcpy(dcmd+1,data,5); - + dcmd[1] = data[0]; + dcmd[2] = data[1]; + dcmd[3] = data[2]; + dcmd[4] = data[3]; + dcmd[5] = data[4]; AppendCrc14443a(dcmd, 6); ReaderTransmit(dcmd, sizeof(dcmd), NULL); int len = ReaderReceive(answer, answer_parity); @@ -383,7 +386,7 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl // variables uint16_t len, i; uint32_t pos; - uint8_t par[3] = {0x00}; + uint8_t par[3] = {0}; // enough for 18 Bytes to send byte_t res; uint8_t d_block[18], d_block_enc[18]; diff --git a/client/Makefile b/client/Makefile index 2d52e3df..7ef23fa6 100644 --- a/client/Makefile +++ b/client/Makefile @@ -83,6 +83,7 @@ CMDSRCS = nonce2key/crapto1.c\ cmdhfdes.c \ cmdhw.c \ cmdlf.c \ + cmdlfawid26.c \ cmdlfio.c \ cmdlfhid.c \ cmdlfem4x.c \ diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 46720d44..97d102be 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -40,9 +40,7 @@ int CmdHF14AList(const char *Cmd) return 0; } - if (param == 'f') { - ShowWaitCycles = true; - } + ShowWaitCycles = (param == 'f'); // for the time being. Need better Bigbuf handling. #define TRACE_SIZE 3000 @@ -56,8 +54,8 @@ int CmdHF14AList(const char *Cmd) PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer"); PrintAndLog("All times are in carrier periods (1/13.56Mhz)"); PrintAndLog(""); - PrintAndLog(" Start | End | Src | Data"); - PrintAndLog("-----------|-----------|-----|--------"); + PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC "); + PrintAndLog("-----------|-----------|-----|-----------------------------------------------------------------------"); uint16_t tracepos = 0; uint16_t duration; @@ -70,44 +68,40 @@ int CmdHF14AList(const char *Cmd) for (;;) { - if(tracepos >= TRACE_SIZE) { - break; - } + if(tracepos >= TRACE_SIZE) break; timestamp = *((uint32_t *)(trace + tracepos)); + + // Break and stick with current result if buffer was not completely full + if (timestamp == 0x44444444) break; + if(tracepos == 0) { first_timestamp = timestamp; } + tracepos += 4; duration = *((uint16_t *)(trace + tracepos)); tracepos += 2; data_len = *((uint16_t *)(trace + tracepos)); tracepos += 2; + isResponse = false; if (data_len & 0x8000) { data_len &= 0x7fff; isResponse = true; - } else { - isResponse = false; } - + parity_len = (data_len-1)/8 + 1; - - if (tracepos + data_len + parity_len >= TRACE_SIZE) { - break; - } + + if (tracepos + data_len + parity_len >= TRACE_SIZE) break; uint8_t *frame = trace + tracepos; tracepos += data_len; uint8_t *parityBytes = trace + tracepos; tracepos += parity_len; - - // Break and stick with current result if buffer was not completely full - if (timestamp == 0x44444444) break; - - char line[1000] = ""; - int j; - for (j = 0; j < data_len; j++) { + + char line[16][110]; + for (int j = 0; j < data_len; j++) { int oddparity = 0x01; int k; @@ -117,47 +111,53 @@ int CmdHF14AList(const char *Cmd) uint8_t parityBits = parityBytes[j>>3]; if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) { - sprintf(line+(j*4), "%02x! ", frame[j]); + sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]); } else { - sprintf(line+(j*4), "%02x ", frame[j]); + sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]); } } - - char crc[6] = ""; + + char crc[5] = {0x00}; if (data_len > 2) { uint8_t b1, b2; ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2); if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) { - sprintf(crc, (isResponse & (data_len < 6)) ? "" : " !crc"); - } else { - sprintf(crc, ""); - } + sprintf(crc, (isResponse & (data_len < 6)) ? "" : "!crc"); + } } EndOfTransmissionTimestamp = timestamp + duration; - - PrintAndLog(" %9d | %9d | %s | %s %s", - (timestamp - first_timestamp), - (EndOfTransmissionTimestamp - first_timestamp), - (isResponse ? "Tag" : "Rdr"), - line, - crc); + int num_lines = (data_len - 1)/16 + 1; + + for (int j = 0; j < num_lines; j++) { + if (j == 0) { + PrintAndLog(" %9d | %9d | %s | %-64s| %s", + (timestamp - first_timestamp), + (EndOfTransmissionTimestamp - first_timestamp), + (isResponse ? "Tag" : "Rdr"), + line[j], + (j == num_lines-1)?crc:"" + ); + } else { + PrintAndLog(" | | | %-64s| %s", + line[j], + (j == num_lines-1)?crc:""); + } + } bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000; if (ShowWaitCycles && !isResponse && next_isResponse) { uint32_t next_timestamp = *((uint32_t *)(trace + tracepos)); if (next_timestamp != 0x44444444) { - PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d", - (EndOfTransmissionTimestamp - first_timestamp), - (next_timestamp - first_timestamp), - " ", - (next_timestamp - EndOfTransmissionTimestamp)); - } + PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d", + (EndOfTransmissionTimestamp - first_timestamp), + (next_timestamp - first_timestamp), + " ", + (next_timestamp - EndOfTransmissionTimestamp)); } - + } } - return 0; } @@ -168,8 +168,7 @@ void iso14a_set_timeout(uint32_t timeout) { int CmdHF14AReader(const char *Cmd) { - //UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; - UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT , 0, 0}}; + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}}; SendCommand(&c); UsbCommand resp; diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c index c893da76..ecdb311c 100644 --- a/client/cmdhfepa.c +++ b/client/cmdhfepa.c @@ -54,10 +54,10 @@ int CmdHFEPACollectPACENonces(const char *Cmd) size_t nonce_length = resp.arg[1]; char *nonce = (char *) malloc(2 * nonce_length + 1); for(int j = 0; j < nonce_length; j++) { - snprintf(nonce + (2 * j), 3, "%02X", resp.d.asBytes[j]); + snprintf(nonce + (2 * j), "%02X", resp.d.asBytes[j]); } // print nonce - PrintAndLog("Length: %d, Nonce: %s",resp.arg[1], nonce); + PrintAndLog("Length: %d, Nonce: %s", nonce_length, nonce); } if (i < n - 1) { sleep(d); @@ -68,7 +68,6 @@ int CmdHFEPACollectPACENonces(const char *Cmd) return 1; } -// UI-related stuff // UI-related stuff static const command_t CommandTable[] = diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 370b36e9..e033422a 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -342,6 +342,17 @@ int CmdHFiClassSim(const char *Cmd) UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}}; UsbCommand resp = {0}; + /*uint8_t csns[8 * NUM_CSNS] = { + 0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0 , + 0x00,0x13,0x94,0x7e,0x76,0xff,0x12,0xe0 , + 0x2a,0x99,0xac,0x79,0xec,0xff,0x12,0xe0 , + 0x17,0x12,0x01,0xfd,0xf7,0xff,0x12,0xe0 , + 0xcd,0x56,0x01,0x7c,0x6f,0xff,0x12,0xe0 , + 0x4b,0x5e,0x0b,0x72,0xef,0xff,0x12,0xe0 , + 0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0 , + 0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0 }; +*/ + uint8_t csns[8*NUM_CSNS] = { 0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0, 0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0, @@ -501,17 +512,31 @@ int CmdHFiClassReader_Dump(const char *Cmd) } + UsbCommand resp; + uint8_t key_sel[8] = {0}; + uint8_t key_sel_p[8] = { 0 }; + + //HACK -- Below is for testing without access to a tag + uint8_t fake_dummy_test = false; + if(fake_dummy_test) + { + uint8_t xdata[16] = {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0, //CSN from http://www.proxmark.org/forum/viewtopic.php?pid=11230#p11230 + 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; // Just a random CC. Would be good to add a real testcase here + memcpy(resp.d.asBytes,xdata, 16); + resp.arg[0] = 2; + } + + //End hack + UsbCommand c = {CMD_READER_ICLASS, {0}}; c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE; - + if(!fake_dummy_test) SendCommand(&c); - UsbCommand resp; - uint8_t key_sel[8] = {0x00}; - uint8_t key_sel_p[8] = {0x00}; - - if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) { + + + if (fake_dummy_test || WaitForResponseTimeout(CMD_ACK,&resp,4500)) { uint8_t isOK = resp.arg[0] & 0xff; uint8_t * data = resp.d.asBytes; @@ -528,7 +553,6 @@ int CmdHFiClassReader_Dump(const char *Cmd) { if(elite) { - //Get the key index (hash1) uint8_t key_index[8] = {0}; @@ -536,6 +560,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) printvar("hash1", key_index,8); for(i = 0; i < 8 ; i++) key_sel[i] = keytable[key_index[i]] & 0xFF; + PrintAndLog("Pre-fortified 'permuted' HS key that would be needed by an iclass reader to talk to above CSN:"); printvar("k_sel", key_sel,8); //Permute from iclass format to standard format permutekey_rev(key_sel,key_sel_p); @@ -552,8 +577,11 @@ int CmdHFiClassReader_Dump(const char *Cmd) used_key = KEY; } + + PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:"); printvar("Used key",used_key,8); diversifyKey(CSN,used_key, div_key); + PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):"); printvar("Div key", div_key, 8); printvar("CC_NR:",CCNR,12); doMAC(CCNR,12,div_key, MAC); @@ -561,7 +589,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}}; memcpy(d.d.asBytes, MAC, 4); - SendCommand(&d); + if(!fake_dummy_test) SendCommand(&d); }else{ PrintAndLog("Failed to obtain CC! Aborting"); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index c28563e2..748e9c45 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -34,7 +34,7 @@ start: SendCommand(&c); //flush queue - while (ukbhit()) getchar(); + while (ukbhit()) getchar(); // wait cycle while (true) { @@ -66,19 +66,19 @@ start: if (isOK != 1) return 1; // execute original function from util nonce2key - if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key)) - { + if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key)) { isOK = 2; PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt); } else { printf("------------------------------------------------------------------\n"); - PrintAndLog("Key found:%012"llx" \n", r_key); + PrintAndLog("Key found :%012"llx" \n", r_key); num_to_bytes(r_key, 6, keyBlock); isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key); } + if (!isOK) - PrintAndLog("Found valid key:%012"llx, r_key); + PrintAndLog("Found valid key :%012"llx, r_key); else { if (isOK != 2) PrintAndLog("Found invalid key. "); @@ -87,6 +87,7 @@ start: goto start; } + PrintAndLog(""); return 0; } @@ -139,117 +140,6 @@ int CmdHF14AMfWrBl(const char *Cmd) return 0; } -/* dublett finns i CMDHFMFU.C -int CmdHF14AMfUWrBl(const char *Cmd) -{ - uint8_t blockNo = 0; - bool chinese_card=0; - uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - UsbCommand resp; - - if (strlen(Cmd)<3) { - PrintAndLog("Usage: hf mf uwrbl "); - PrintAndLog(" sample: hf mf uwrbl 0 01020304"); - return 0; - } - - blockNo = param_get8(Cmd, 0); - if (param_gethex(Cmd, 1, bldata, 8)) { - PrintAndLog("Block data must include 8 HEX symbols"); - return 1; - } - - if (strchr(Cmd,'w') != 0) { - chinese_card=1; - } - - switch(blockNo){ - case 0: - if (!chinese_card){ - PrintAndLog("Access Denied"); - }else{ - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(d.d.asBytes,bldata, 4); - SendCommand(&d); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - } - break; - case 1: - if (!chinese_card){ - PrintAndLog("Access Denied"); - }else{ - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(d.d.asBytes,bldata, 4); - SendCommand(&d); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - } - break; - case 2: - if (!chinese_card){ - PrintAndLog("Access Denied"); - }else{ - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(c.d.asBytes, bldata, 4); - SendCommand(&c); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - } - break; - case 3: - PrintAndLog("--specialblock no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(d.d.asBytes,bldata, 4); - SendCommand(&d); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - break; - default: - PrintAndLog("--block no:%d", blockNo); - PrintAndLog("--data: %s", sprint_hex(bldata, 4)); - UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}}; - memcpy(e.d.asBytes,bldata, 4); - SendCommand(&e); - - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - break; - } - return 0; -} -*/ int CmdHF14AMfRdBl(const char *Cmd) { uint8_t blockNo = 0; @@ -298,133 +188,6 @@ int CmdHF14AMfRdBl(const char *Cmd) return 0; } -/* dublett finns i CMDHFMFU.C -int CmdHF14AMfURdBl(const char *Cmd) -{ - uint8_t blockNo = 0; - - if (strlen(Cmd)<1) { - PrintAndLog("Usage: hf mf urdbl "); - PrintAndLog(" sample: hf mf urdbl 0"); - return 0; - } - - blockNo = param_get8(Cmd, 0); - PrintAndLog("--block no:%d", blockNo); - - UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}}; - SendCommand(&c); - - UsbCommand resp; - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - uint8_t isOK = resp.arg[0] & 0xff; - uint8_t *data = resp.d.asBytes; - - if (isOK) - PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4)); - else - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } - - return 0; -} -*/ - -/* dublett finns i CMDHFMFU.C -int CmdHF14AMfURdCard(const char *Cmd) -{ - int i; - uint8_t sectorNo = 0; - uint8_t *lockbytes_t=NULL; - uint8_t lockbytes[2]={0,0}; - bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - - uint8_t isOK = 0; - uint8_t * data = NULL; - - if (sectorNo > 15) { - PrintAndLog("Sector number must be less than 16"); - return 1; - } - PrintAndLog("Attempting to Read Ultralight... "); - - UsbCommand c = {CMD_MIFAREU_READCARD, {sectorNo}}; - SendCommand(&c); - - UsbCommand resp; - if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { - isOK = resp.arg[0] & 0xff; - data = resp.d.asBytes; - - PrintAndLog("isOk:%02x", isOK); - if (isOK) - for (i = 0; i < 16; i++) { - switch(i){ - case 2: - //process lock bytes - lockbytes_t=data+(i*4); - lockbytes[0]=lockbytes_t[2]; - lockbytes[1]=lockbytes_t[3]; - for(int j=0; j<16; j++){ - bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8)); - } - //PrintAndLog("LB %02x %02x", lockbytes[0],lockbytes[1]); - //PrintAndLog("LB2b %02x %02x %02x %02x %02x %02x %02x %02x",bit[8],bit[9],bit[10],bit[11],bit[12],bit[13],bit[14],bit[15]); - PrintAndLog("Block %3d:%s ", i,sprint_hex(data + i * 4, 4)); - break; - case 3: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]); - break; - case 4: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]); - break; - case 5: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]); - break; - case 6: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]); - break; - case 7: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]); - break; - case 8: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]); - break; - case 9: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]); - break; - case 10: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]); - break; - case 11: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]); - break; - case 12: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]); - break; - case 13: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]); - break; - case 14: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]); - break; - case 15: - PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]); - break; - default: - PrintAndLog("Block %3d:%s ", i,sprint_hex(data + i * 4, 4)); - break; - } - } - } else { - PrintAndLog("Command execute timeout"); - } - return 0; -} -*/ - int CmdHF14AMfRdSc(const char *Cmd) { int i; @@ -482,7 +245,6 @@ int CmdHF14AMfRdSc(const char *Cmd) return 0; } - uint8_t FirstBlockOfSector(uint8_t sectorNo) { if (sectorNo < 32) { @@ -492,7 +254,6 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo) } } - uint8_t NumBlocksPerSector(uint8_t sectorNo) { if (sectorNo < 32) { @@ -502,7 +263,6 @@ uint8_t NumBlocksPerSector(uint8_t sectorNo) } } - int CmdHF14AMfDump(const char *Cmd) { uint8_t sectorNo, blockNo; @@ -677,7 +437,6 @@ int CmdHF14AMfDump(const char *Cmd) return 0; } - int CmdHF14AMfRestore(const char *Cmd) { uint8_t sectorNo,blockNo; @@ -744,6 +503,7 @@ int CmdHF14AMfRestore(const char *Cmd) if (fread(bldata, 1, 16, fdump) == 0) { PrintAndLog("File reading error (dumpdata.bin)."); + fclose(fdump); return 2; } @@ -778,11 +538,9 @@ int CmdHF14AMfRestore(const char *Cmd) } fclose(fdump); - return 0; } - int CmdHF14AMfNested(const char *Cmd) { int i, j, res, iterations; @@ -1028,7 +786,6 @@ int CmdHF14AMfNested(const char *Cmd) return 0; } - int CmdHF14AMfChk(const char *Cmd) { if (strlen(Cmd)<3) { @@ -1256,11 +1013,10 @@ int CmdHF14AMfChk(const char *Cmd) } free(keyBlock); - + PrintAndLog(""); return 0; } - int CmdHF14AMf1kSim(const char *Cmd) { uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0}; @@ -1326,7 +1082,6 @@ int CmdHF14AMf1kSim(const char *Cmd) return 0; } - int CmdHF14AMfDbg(const char *Cmd) { int dbgMode = param_get32ex(Cmd, 0, 0, 10); @@ -1374,7 +1129,6 @@ int CmdHF14AMfEGet(const char *Cmd) return 0; } - int CmdHF14AMfEClear(const char *Cmd) { if (param_getchar(Cmd, 0) == 'h') { diff --git a/client/cmdlf.c b/client/cmdlf.c index 132a4c5f..2f55cd22 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -20,6 +20,7 @@ #include "cmdmain.h" #include "cmddata.h" #include "cmdlf.h" +#include "cmdlfawid26.h" #include "cmdlfhid.h" #include "cmdlfti.h" #include "cmdlfem4x.h" @@ -580,6 +581,7 @@ static command_t CommandTable[] = {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, + {"avid", CmdLFAWID26, 1, "{ AWID26 tags }"}, {"em4x", CmdLFEM4X, 1, "{ EM4X tags }"}, {"hid", CmdLFHID, 1, "{ HID tags }"}, {"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders }"}, diff --git a/client/cmdlfawid26.c b/client/cmdlfawid26.c new file mode 100644 index 00000000..63b35fdd --- /dev/null +++ b/client/cmdlfawid26.c @@ -0,0 +1,102 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency AWID26 commands +//----------------------------------------------------------------------------- + +#include +#include +#include +#include "proxmark3.h" +#include "ui.h" +#include "graph.h" +#include "cmdmain.h" +#include "cmdparser.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "cmdlfawid26.h" +#include "util.h" +#include "data.h" + + +static int CmdHelp(const char *Cmd); + +int CmdClone(const char *Cmd) +{ + char cmdp = param_getchar(Cmd, 0); + + if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') { + PrintAndLog("Usage: lf awid26 write []"); + PrintAndLog(" [], "); + PrintAndLog(""); + PrintAndLog(" sample: lf awid26 write 26 2233"); + PrintAndLog(" : lf awid26 write 26 15 2233"); + return 0; + } + + //sscanf(Cmd, "%d %d", &facilitycode, &cardno); + + // char block0 = "00107060"; + // char block1 = "00107060"; + // char block2 = "00107060"; + // char block3 = "00107060"; + + + + // PrintAndLog("Writing block %d with data %08X", Block, Data); + return 0; +} + +// int CmdReadTrace(const char *Cmd) +// { + + // uint8_t bits[LF_BITSSTREAM_LEN] = {0x00}; + // uint8_t * bitstream = bits; + + // uint8_t si = 5; + // uint32_t bl0 = PackBits(si, 32, bitstream); + // uint32_t bl1 = PackBits(si+32, 32, bitstream); + + // uint32_t acl = PackBits(si, 8, bitstream); si += 8; + // uint32_t mfc = PackBits(si, 8, bitstream); si += 8; + // uint32_t cid = PackBits(si, 5, bitstream); si += 5; + // uint32_t icr = PackBits(si, 3, bitstream); si += 3; + // uint32_t year = PackBits(si, 4, bitstream); si += 4; + // uint32_t quarter = PackBits(si, 2, bitstream); si += 2; + // uint32_t lotid = PackBits(si, 12, bitstream); si += 12; + // uint32_t wafer = PackBits(si, 5, bitstream); si += 5; + // uint32_t dw = PackBits(si, 15, bitstream); + + // PrintAndLog(""); + // PrintAndLog("-- T55xx Trace Information ----------------------------------"); + // PrintAndLog("-------------------------------------------------------------"); + // PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", acl, acl); + // PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d)", mfc, mfc); + // PrintAndLog(" CID : 0x%02X (%d)", cid, cid); + // PrintAndLog(" ICR IC Revision : %d",icr ); + + + // return 0; +// } + +static command_t CommandTable[] = +{ + {"help", CmdHelp, 1, "This help"}, + {"clone", CmdClone, 0, " -- clone to a t55xx tag"}, + {NULL, NULL, 0, NULL} +}; + +int CmdLFAWID26(const char *Cmd) +{ + CmdsParse(CommandTable, Cmd); + return 0; +} + +int CmdHelp(const char *Cmd) +{ + CmdsHelp(CommandTable); + return 0; +} diff --git a/client/cmdlfawid26.h b/client/cmdlfawid26.h new file mode 100644 index 00000000..c0facf51 --- /dev/null +++ b/client/cmdlfawid26.h @@ -0,0 +1,16 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency AWID 26 commands +//----------------------------------------------------------------------------- + +#ifndef CMDLFAWID26_H__ +#define CMDLFAWID26_H__ + +int CmdLFAWID26(const char *Cmd); + +int CmdClone(const char *Cmd); +#endif diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index a2bd6647..3801d662 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -151,9 +151,9 @@ void hash1(uint8_t csn[] , uint8_t k[]) k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7]; k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7]; k[2] = rr(swap( csn[2]+k[1] )); - k[3] = rr(swap( csn[3]+k[0] )); - k[4] = ~rr(swap( csn[4]+k[2] ))+1; - k[5] = ~rr(swap( csn[5]+k[3] ))+1; + k[3] = rl(swap( csn[3]+k[0] )); + k[4] = ~rr( csn[4]+k[2] )+1; + k[5] = ~rl( csn[5]+k[3] )+1; k[6] = rr( csn[6]+(k[4]^0x3c) ); k[7] = rl( csn[7]+(k[5]^0xc3) ); int i; @@ -563,9 +563,13 @@ int bruteforceFile(const char *filename, uint16_t keytable[]) fseek(f, 0, SEEK_SET); uint8_t *dump = malloc(fsize); - fread(dump, fsize, 1, f); - fclose(f); + size_t bytes_read = fread(dump, fsize, 1, f); + fclose(f); + if (bytes_read < fsize) + { + prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize ); + } return bruteforceDump(dump,fsize,keytable); } /** -- 2.39.5