ADD: new defines: iso14443_CMD_AUTH_KEYA, iso14443_CMD_AUTH_KEYB, iso14443_CMD_AUTH_RESPONSE, iso14443_CMD_AUTH_STEP1, iso14443_CMD_AUTH_STEP2, CHINESE_BACKDOOR_INIT, CHINESE_BACKDOOR_STEP2,
REM: removed old comments in bootrom.c CHG: mifare ultralight & desfire commands inside arm has been cleaned up. Next step is to refactor it into armsrc/mifaredesfire.c
This commit is contained in:
iceman1001
@@ -15,7 +15,7 @@ OBJDIR = obj
|
||||
|
||||
LDLIBS = -L/mingw/lib -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lm -lreadline -lpthread -lcrypto -lgdi32
|
||||
LDFLAGS = $(COMMON_FLAGS)
|
||||
CFLAGS = -std=c99 -I. -I../include -I../common -I/mingw/include -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
|
||||
CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/mingw/include -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
|
||||
LUAPLATFORM = generic
|
||||
|
||||
ifneq (,$(findstring MINGW,$(platform)))
|
||||
|
||||
@@ -50,9 +50,11 @@ int CmdHFTune(const char *Cmd)
|
||||
#define iso14443_CMD_WUPA 0x52
|
||||
#define iso14443_CMD_SELECT 0x93
|
||||
#define iso14443_CMD_SELECT_2 0x95
|
||||
#define iso14443_CMD_SELECT_3 0x97
|
||||
#define iso14443_CMD_REQ 0x26
|
||||
#define iso14443_CMD_READBLOCK 0x30
|
||||
#define iso14443_CMD_WRITEBLOCK 0xA0
|
||||
#define iso14443_CMD_WRITE 0xA2
|
||||
#define iso14443_CMD_INC 0xC0
|
||||
#define iso14443_CMD_DEC 0xC1
|
||||
#define iso14443_CMD_RESTORE 0xC2
|
||||
@@ -60,6 +62,15 @@ int CmdHFTune(const char *Cmd)
|
||||
#define iso14443_CMD_HALT 0x50
|
||||
#define iso14443_CMD_RATS 0xE0
|
||||
|
||||
#define iso14443_CMD_AUTH_KEYA 0x60
|
||||
#define iso14443_CMD_AUTH_KEYB 0x61
|
||||
|
||||
#define iso14443_CMD_AUTH_STEP1 0x1A
|
||||
#define iso14443_CMD_AUTH_STEP2 0xAA
|
||||
#define iso14443_CMD_AUTH_RESPONSE 0xAF
|
||||
|
||||
#define CHINESE_BACKDOOR_INIT 0x40
|
||||
#define CHINESE_BACKDOOR_STEP2 0x43
|
||||
|
||||
void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
|
||||
{
|
||||
@@ -79,12 +90,22 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
|
||||
case iso14443_CMD_REQ: snprintf(exp,size,"REW"); break;
|
||||
case iso14443_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
|
||||
case iso14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
|
||||
case iso14443_CMD_WRITE: snprintf(exp,size,"WRITE"); break;
|
||||
case iso14443_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break;
|
||||
case iso14443_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break;
|
||||
case iso14443_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
|
||||
case iso14443_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
|
||||
case iso14443_CMD_HALT: snprintf(exp,size,"HALT"); break;
|
||||
case iso14443_CMD_RATS: snprintf(exp,size,"RATS"); break;
|
||||
|
||||
case iso14443_CMD_AUTH_KEYA: snprintf(exp,size,"AUTH KEY A"); break;
|
||||
case iso14443_CMD_AUTH_KEYB: snprintf(exp,size,"AUTH KEY B"); break;
|
||||
case iso14443_CMD_AUTH_STEP1: snprintf(exp,size,"AUTH REQ NONCE"); break;
|
||||
case iso14443_CMD_AUTH_STEP2: snprintf(exp,size,"AUTH STEP 2"); break;
|
||||
case iso14443_CMD_AUTH_RESPONSE: snprintf(exp,size,"AUTH RESPONSE"); break;
|
||||
|
||||
case CHINESE_BACKDOOR_INIT: snprintf(exp,size,"BACKDOOR INIT");break;
|
||||
case CHINESE_BACKDOOR_STEP2: snprintf(exp,size,"BACKDOOR STEP2");break;
|
||||
default: snprintf(exp,size,"?"); break;
|
||||
}
|
||||
return;
|
||||
@@ -92,7 +113,6 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
|
||||
|
||||
void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
|
||||
{
|
||||
|
||||
if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ)
|
||||
{
|
||||
snprintf(exp,size,"READ(%d)",cmd[1]);
|
||||
@@ -115,7 +135,6 @@ void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
|
||||
}
|
||||
|
||||
|
||||
|
||||
uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool showWaitCycles)
|
||||
{
|
||||
bool isResponse;
|
||||
@@ -181,8 +200,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
|
||||
// Rough guess that this is a command from the reader
|
||||
// For iClass the command byte is not part of the CRC
|
||||
ComputeCrc14443(CRC_ICLASS, &frame[1], data_len-3, &b1, &b2);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
// For other data.. CRC might not be applicable (UPDATE commands etc.)
|
||||
ComputeCrc14443(CRC_ICLASS, frame, data_len-2, &b1, &b2);
|
||||
}
|
||||
@@ -191,7 +209,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
|
||||
crcError = true;
|
||||
}
|
||||
|
||||
}else{//Iso 14443a
|
||||
} else {//Iso 14443a
|
||||
|
||||
ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2);
|
||||
|
||||
@@ -202,7 +220,6 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
char *crc = crcError ? "!crc" :" ";
|
||||
|
||||
@@ -210,8 +227,10 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
|
||||
|
||||
if(!isResponse)
|
||||
{
|
||||
if(iclass) annotateIclass(explanation,sizeof(explanation),frame,data_len);
|
||||
else annotateIso14443a(explanation,sizeof(explanation),frame,data_len);
|
||||
if(iclass)
|
||||
annotateIclass(explanation,sizeof(explanation),frame,data_len);
|
||||
else
|
||||
annotateIso14443a(explanation,sizeof(explanation),frame,data_len);
|
||||
}
|
||||
|
||||
int num_lines = (data_len - 1)/16 + 1;
|
||||
@@ -227,7 +246,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
|
||||
} else {
|
||||
PrintAndLog(" | | | %-64s| %s| %s",
|
||||
line[j],
|
||||
(j == num_lines-1)?crc:" ",
|
||||
(j == num_lines-1) ? crc : " ",
|
||||
(j == num_lines-1) ? explanation : "");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1956,7 +1956,7 @@ int GetCardSize()
|
||||
if ( ((atqa & 0xffff) == 0x0008) && (sak == 0x38) ) return 4;
|
||||
|
||||
|
||||
PrintAndLog("BEFOOO 1K %02X", (atqa & 0xff0f));
|
||||
//PrintAndLog("BEFOOO 1K %02X", (atqa & 0xff0f));
|
||||
|
||||
// MIFARE Plus (4 Byte UID or 4 Byte RID)
|
||||
// MIFARE Plus (7 Byte UID)
|
||||
|
||||
@@ -88,12 +88,12 @@ int CmdHF14AMfUWrBl(const char *Cmd){
|
||||
UsbCommand resp;
|
||||
|
||||
if (strlen(Cmd)<3) {
|
||||
PrintAndLog("Usage: hf mfu uwrbl <block number> <block data > [w]");
|
||||
PrintAndLog("Usage: hf mfu wrbl <block number> <block data > [w]");
|
||||
PrintAndLog(" [block number] ");
|
||||
PrintAndLog(" [block data] - (8 hex symbols)");
|
||||
PrintAndLog(" [w] - Chinese magic ultralight-c tag ");
|
||||
PrintAndLog("");
|
||||
PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
|
||||
PrintAndLog(" sample: hf mfu wrbl 0 01020304");
|
||||
return 0;
|
||||
}
|
||||
blockNo = param_get8(Cmd, 0);
|
||||
@@ -198,8 +198,8 @@ int CmdHF14AMfURdBl(const char *Cmd){
|
||||
uint8_t blockNo = 0;
|
||||
|
||||
if (strlen(Cmd)<1) {
|
||||
PrintAndLog("Usage: hf mfu urdbl <block number>");
|
||||
PrintAndLog(" sample: hfu mfu urdbl 0");
|
||||
PrintAndLog("Usage: hf mfu rdbl <block number>");
|
||||
PrintAndLog(" sample: hfu mfu rdbl 0");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -436,60 +436,70 @@ int CmdHF14AMfucAuth(const char *Cmd){
|
||||
DES_key_schedule ks1,ks2;
|
||||
DES_cblock key1,key2;
|
||||
|
||||
char cmdp = param_getchar(Cmd, 0);
|
||||
//
|
||||
memset(iv, 0, 8);
|
||||
|
||||
if (strlen(Cmd)<1) {
|
||||
if (cmdp == 'h' || cmdp == 'H') {
|
||||
PrintAndLog("Usage: hf mfu auth k <key number>");
|
||||
PrintAndLog(" sample: hf mfu auth k 0");
|
||||
PrintAndLog(" 1 = all zeros key");
|
||||
PrintAndLog(" 2 = 0x00-0x0F key");
|
||||
PrintAndLog(" 3 = nfc key");
|
||||
PrintAndLog(" 4 = all ones key");
|
||||
PrintAndLog(" defaults to 3DES standard key");
|
||||
PrintAndLog(" sample : hf mfu auth k");
|
||||
PrintAndLog(" : hf mfu auth k 3");
|
||||
return 0;
|
||||
}
|
||||
|
||||
//Change key to user defined one
|
||||
if (strchr(Cmd,'k') != 0){
|
||||
//choose a key
|
||||
keyNo = param_get8(Cmd, 1);
|
||||
switch(keyNo){
|
||||
if (cmdp == 'k' || cmdp == 'K'){
|
||||
|
||||
keyNo = param_get8(Cmd, 1);
|
||||
|
||||
switch(keyNo){
|
||||
case 0:
|
||||
memcpy(key,key1_blnk_data,16);
|
||||
break;
|
||||
case 1:
|
||||
memcpy(key,key2_defa_data,16);
|
||||
break;
|
||||
case 2:
|
||||
case 2:
|
||||
memcpy(key,key4_nfc_data,16);
|
||||
break;
|
||||
case 3:
|
||||
case 3:
|
||||
memcpy(key,key5_ones_data,16);
|
||||
break;
|
||||
default:
|
||||
memcpy(key,key3_3des_data,16);
|
||||
break;
|
||||
}
|
||||
}else{
|
||||
} else {
|
||||
memcpy(key,key3_3des_data,16);
|
||||
}
|
||||
|
||||
memcpy(key1,key,8);
|
||||
memcpy(key2,key+8,8);
|
||||
DES_set_key((DES_cblock *)key1,&ks1);
|
||||
DES_set_key((DES_cblock *)key2,&ks2);
|
||||
|
||||
//Auth1
|
||||
UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
|
||||
SendCommand(&c);
|
||||
UsbCommand resp;
|
||||
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
|
||||
uint8_t isOK = resp.arg[0] & 0xff;
|
||||
cuid = resp.arg[1];
|
||||
uint8_t * data= resp.d.asBytes;
|
||||
//Auth1
|
||||
UsbCommand c = {CMD_MIFAREUC_AUTH1, {blockNo}};
|
||||
SendCommand(&c);
|
||||
UsbCommand resp;
|
||||
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
|
||||
uint8_t isOK = resp.arg[0] & 0xff;
|
||||
cuid = resp.arg[1];
|
||||
uint8_t * data= resp.d.asBytes;
|
||||
|
||||
if (isOK){
|
||||
PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
|
||||
memcpy(e_RndB,data+1,8);
|
||||
if (isOK){
|
||||
PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
|
||||
memcpy(e_RndB,data+1,8);
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Command execute timeout");
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Command execute timeout");
|
||||
}
|
||||
|
||||
//Do crypto magic
|
||||
DES_random_key(&RndA);
|
||||
@@ -508,18 +518,18 @@ int CmdHF14AMfucAuth(const char *Cmd){
|
||||
memcpy(d.d.asBytes,RndARndB, 16);
|
||||
SendCommand(&d);
|
||||
|
||||
UsbCommand respb;
|
||||
if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
|
||||
uint8_t isOK = respb.arg[0] & 0xff;
|
||||
uint8_t * data2= respb.d.asBytes;
|
||||
UsbCommand respb;
|
||||
if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
|
||||
uint8_t isOK = respb.arg[0] & 0xff;
|
||||
uint8_t * data2= respb.d.asBytes;
|
||||
|
||||
if (isOK){
|
||||
PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
|
||||
}
|
||||
|
||||
} else {
|
||||
PrintAndLog("Command execute timeout");
|
||||
}
|
||||
if (isOK){
|
||||
PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Command execute timeout");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -531,8 +541,8 @@ int CmdHF14AMfUCRdBl(const char *Cmd)
|
||||
uint8_t blockNo = 0;
|
||||
|
||||
if (strlen(Cmd)<1) {
|
||||
PrintAndLog("Usage: hf mfu ucrdbl <block number>");
|
||||
PrintAndLog(" sample: hf mfu ucrdbl 0");
|
||||
PrintAndLog("Usage: hf mfu crdbl <block number>");
|
||||
PrintAndLog(" sample: hf mfu crdbl 0");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -571,8 +581,8 @@ int CmdHF14AMfUCWrBl(const char *Cmd){
|
||||
UsbCommand resp;
|
||||
|
||||
if (strlen(Cmd)<3) {
|
||||
PrintAndLog("Usage: hf mfu ucwrbl <block number> <block data (8 hex symbols)> [w]");
|
||||
PrintAndLog(" sample: hf mfu uwrbl 0 01020304");
|
||||
PrintAndLog("Usage: hf mfu cwrbl <block number> <block data (8 hex symbols)> [w]");
|
||||
PrintAndLog(" sample: hf mfu wrbl 0 01020304");
|
||||
return 0;
|
||||
}
|
||||
blockNo = param_get8(Cmd, 0);
|
||||
|
||||
@@ -52,11 +52,8 @@ void ReceiveCommand(UsbCommand* rxcmd) {
|
||||
while (true) {
|
||||
rxlen = sizeof(UsbCommand) - (prx-prxcmd);
|
||||
if (uart_receive(sp,prx,&rxlen)) {
|
||||
// printf("received [%zd] bytes\n",rxlen);
|
||||
prx += rxlen;
|
||||
if ((prx-prxcmd) >= sizeof(UsbCommand)) {
|
||||
// printf("received: ");
|
||||
// cmd_debug(rxcmd);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user