Merge branch 'master' into temp
This commit is contained in:
McEloff
@@ -25,22 +25,22 @@
|
||||
#define CARD_MEMORY_SIZE 4096
|
||||
#define DMA_BUFFER_SIZE 256 //128 (how big is the dma?!?
|
||||
|
||||
extern uint8_t *BigBuf_get_addr(void);
|
||||
extern uint8_t *BigBuf_get_EM_addr(void);
|
||||
extern uint16_t BigBuf_max_traceLen(void);
|
||||
extern void BigBuf_Clear(void);
|
||||
extern void BigBuf_Clear_ext(bool verbose);
|
||||
extern void BigBuf_Clear_keep_EM(void);
|
||||
extern void BigBuf_Clear_EM(void);
|
||||
extern uint8_t *BigBuf_malloc(uint16_t);
|
||||
extern void BigBuf_free(void);
|
||||
extern void BigBuf_free_keep_EM(void);
|
||||
extern void BigBuf_print_status(void);
|
||||
extern uint32_t BigBuf_get_traceLen(void);
|
||||
extern void clear_trace(void);
|
||||
extern void set_tracing(bool enable);
|
||||
extern void set_tracelen(uint32_t value);
|
||||
extern bool get_tracing(void);
|
||||
extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
|
||||
extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);
|
||||
uint8_t *BigBuf_get_addr(void);
|
||||
uint8_t *BigBuf_get_EM_addr(void);
|
||||
uint16_t BigBuf_max_traceLen(void);
|
||||
void BigBuf_Clear(void);
|
||||
void BigBuf_Clear_ext(bool verbose);
|
||||
void BigBuf_Clear_keep_EM(void);
|
||||
void BigBuf_Clear_EM(void);
|
||||
uint8_t *BigBuf_malloc(uint16_t);
|
||||
void BigBuf_free(void);
|
||||
void BigBuf_free_keep_EM(void);
|
||||
void BigBuf_print_status(void);
|
||||
uint32_t BigBuf_get_traceLen(void);
|
||||
void clear_trace(void);
|
||||
void set_tracing(bool enable);
|
||||
void set_tracelen(uint32_t value);
|
||||
bool get_tracing(void);
|
||||
bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
|
||||
uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);
|
||||
#endif /* __BIGBUF_H */
|
||||
|
||||
@@ -60,15 +60,14 @@ APP_CFLAGS = $(PLATFORM_DEFS) \
|
||||
|
||||
SRC_LF = lfops.c hitag2_crypto.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c
|
||||
SRC_ISO15693 = iso15693.c iso15693tools.c
|
||||
#SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c
|
||||
SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c
|
||||
SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c
|
||||
SRC_ISO14443b = iso14443b.c
|
||||
SRC_FELICA = felica.c
|
||||
SRC_CRAPTO1 = crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
|
||||
SRC_CRC = crc.c crc16.c crc32.c
|
||||
SRC_ICLASS = iclass.c optimized_cipher.c
|
||||
SRC_LEGIC = legicrf.c legicrfsim.c legic_prng.c
|
||||
SRC_BEE = bee.c
|
||||
# SRC_BEE = bee.c
|
||||
|
||||
# RDV40 related hardware support
|
||||
ifneq (,$(findstring WITH_FLASH,$(APP_CFLAGS)))
|
||||
@@ -162,7 +161,6 @@ THUMBSRC = start.c \
|
||||
string.c \
|
||||
BigBuf.c \
|
||||
ticks.c \
|
||||
random.c \
|
||||
hfsnoop.c
|
||||
|
||||
|
||||
|
||||
@@ -85,7 +85,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
|
||||
uint8_t *data = dmaBuf;
|
||||
|
||||
uint8_t previous_data = 0;
|
||||
int dataLen = 0;
|
||||
int dataLen;
|
||||
bool TagIsActive = false;
|
||||
bool ReaderIsActive = false;
|
||||
|
||||
@@ -110,7 +110,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
|
||||
// triggered == false -- to wait first for card
|
||||
bool triggered = !(param & 0x03);
|
||||
|
||||
uint32_t rsamples = 0;
|
||||
uint32_t my_rsamples = 0;
|
||||
|
||||
// Current captured passwords counter
|
||||
uint8_t auth_attempts = 0;
|
||||
@@ -151,11 +151,11 @@ void RAMFUNC SniffAndStore(uint8_t param) {
|
||||
LED_A_OFF();
|
||||
|
||||
// Need two samples to feed Miller and Manchester-Decoder
|
||||
if (rsamples & 0x01) {
|
||||
if (my_rsamples & 0x01) {
|
||||
|
||||
if (!TagIsActive) { // no need to try decoding reader data if the tag is sending
|
||||
uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4);
|
||||
if (MillerDecoding(readerdata, (rsamples - 1) * 4)) {
|
||||
if (MillerDecoding(readerdata, (my_rsamples - 1) * 4)) {
|
||||
LED_C_ON();
|
||||
|
||||
// check - if there is a short 7bit request from reader
|
||||
@@ -190,7 +190,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
|
||||
// no need to try decoding tag data if the reader is sending - and we cannot afford the time
|
||||
if (!ReaderIsActive) {
|
||||
uint8_t tagdata = (previous_data << 4) | (*data & 0x0F);
|
||||
if (ManchesterDecoding(tagdata, 0, (rsamples - 1) * 4)) {
|
||||
if (ManchesterDecoding(tagdata, 0, (my_rsamples - 1) * 4)) {
|
||||
LED_B_ON();
|
||||
|
||||
if (!LogTrace(receivedResp,
|
||||
@@ -214,7 +214,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
|
||||
}
|
||||
|
||||
previous_data = *data;
|
||||
rsamples++;
|
||||
my_rsamples++;
|
||||
data++;
|
||||
if (data == dmaBuf + DMA_BUFFER_SIZE) {
|
||||
data = dmaBuf;
|
||||
|
||||
@@ -6,10 +6,6 @@
|
||||
// StandAlone Mod
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef FALSE
|
||||
#define FALSE 0
|
||||
#endif
|
||||
|
||||
#ifndef __HF_BOG_H
|
||||
#define __HF_BOG_H
|
||||
|
||||
@@ -24,8 +20,7 @@
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "printf.h"
|
||||
|
||||
#include "parity.h"
|
||||
#include "random.h"
|
||||
|
||||
|
||||
#endif /* __HF_BOG_H */
|
||||
|
||||
@@ -76,12 +76,14 @@ void cjSetCursLeft() {
|
||||
|
||||
void cjTabulize() { DbprintfEx(FLAG_RAWPRINT, "\t\t\t"); }
|
||||
|
||||
/*
|
||||
void cjPrintKey(uint64_t key, uint8_t *foundKey, uint16_t sectorNo, uint8_t type) {
|
||||
char tosendkey[13];
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[0], foundKey[1], foundKey[2], foundKey[3], foundKey[4], foundKey[5]);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x | KEY : %s | TYP: %d", sectorNo, tosendkey, type);
|
||||
}
|
||||
*/
|
||||
|
||||
void ReadLastTagFromFlash() {
|
||||
SpinOff(0);
|
||||
@@ -89,7 +91,6 @@ void ReadLastTagFromFlash() {
|
||||
LED_B_ON();
|
||||
LED_C_ON();
|
||||
LED_D_ON();
|
||||
uint16_t isok = 0;
|
||||
uint32_t startidx = 0;
|
||||
uint16_t len = 1024;
|
||||
|
||||
@@ -109,7 +110,7 @@ void ReadLastTagFromFlash() {
|
||||
|
||||
for (size_t i = 0; i < len; i += size) {
|
||||
len = MIN((len - i), size);
|
||||
isok = Flash_ReadDataCont(startidx + i, mem, len);
|
||||
uint16_t isok = Flash_ReadDataCont(startidx + i, mem, len);
|
||||
if (isok == len) {
|
||||
emlSetMem(mem, 0, 64);
|
||||
} else {
|
||||
@@ -137,8 +138,6 @@ void WriteTagToFlash(uint8_t index, size_t size) {
|
||||
LED_C_ON();
|
||||
LED_D_ON();
|
||||
|
||||
uint8_t isok = 0;
|
||||
uint16_t res = 0;
|
||||
uint32_t len = size;
|
||||
uint32_t bytes_sent = 0;
|
||||
uint32_t bytes_remaining = len;
|
||||
@@ -168,10 +167,10 @@ void WriteTagToFlash(uint8_t index, size_t size) {
|
||||
memcpy(buff, data + bytes_sent, bytes_in_packet);
|
||||
|
||||
bytes_remaining -= bytes_in_packet;
|
||||
res = Flash_WriteDataCont(bytes_sent + (index * size), buff, bytes_in_packet);
|
||||
uint16_t res = Flash_WriteDataCont(bytes_sent + (index * size), buff, bytes_in_packet);
|
||||
bytes_sent += bytes_in_packet;
|
||||
|
||||
isok = (res == bytes_in_packet) ? 1 : 0;
|
||||
uint8_t isok = (res == bytes_in_packet) ? 1 : 0;
|
||||
|
||||
if (!isok) {
|
||||
DbprintfEx(FLAG_NOLOG, "FlashMem write FAILEd [offset %u]", bytes_sent);
|
||||
@@ -305,14 +304,14 @@ void RunMod() {
|
||||
// and why not a simple memset abuse to 0xffize the whole space in one go ?
|
||||
// uint8_t foundKey[2][40][6]; //= [ {0xff} ]; /* C99 abusal 6.7.8.21
|
||||
uint8_t foundKey[2][40][6];
|
||||
for (uint16_t t = 0; t < 2; t++) {
|
||||
for (uint16_t i = 0; i < 2; i++) {
|
||||
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
|
||||
foundKey[t][sectorNo][0] = 0xFF;
|
||||
foundKey[t][sectorNo][1] = 0xFF;
|
||||
foundKey[t][sectorNo][2] = 0xFF;
|
||||
foundKey[t][sectorNo][3] = 0xFF;
|
||||
foundKey[t][sectorNo][4] = 0xFF;
|
||||
foundKey[t][sectorNo][5] = 0xFF;
|
||||
foundKey[i][sectorNo][0] = 0xFF;
|
||||
foundKey[i][sectorNo][1] = 0xFF;
|
||||
foundKey[i][sectorNo][2] = 0xFF;
|
||||
foundKey[i][sectorNo][3] = 0xFF;
|
||||
foundKey[i][sectorNo][4] = 0xFF;
|
||||
foundKey[i][sectorNo][5] = 0xFF;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -465,12 +464,12 @@ failtag:
|
||||
;
|
||||
// Type 0 / A first
|
||||
uint16_t t = 0;
|
||||
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
|
||||
num_to_bytes(0x484558414354, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(0x484558414354, 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1], foundKey[t][s][2],
|
||||
foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
|
||||
}
|
||||
t = 1;
|
||||
uint16_t sectorNo = 0;
|
||||
@@ -611,14 +610,19 @@ failtag:
|
||||
|
||||
// emlClearMem();
|
||||
// A very weak one...
|
||||
for (uint16_t t = 0; t < 2; t++) {
|
||||
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
|
||||
num_to_bytes(key64, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
for (uint16_t i = 0; i < 2; i++) {
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(key64, 6, foundKey[i][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
|
||||
foundKey[i][s][0],
|
||||
foundKey[i][s][1],
|
||||
foundKey[i][s][2],
|
||||
foundKey[i][s][3],
|
||||
foundKey[i][s][4],
|
||||
foundKey[i][s][5]
|
||||
);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, i);
|
||||
}
|
||||
}
|
||||
trapped = 1;
|
||||
@@ -644,25 +648,33 @@ failtag:
|
||||
cjSetCursLeft();
|
||||
|
||||
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
|
||||
;
|
||||
|
||||
t = 0;
|
||||
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
|
||||
num_to_bytes(0x414c41524f4e, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(0x414c41524f4e, 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
|
||||
foundKey[t][s][0],
|
||||
foundKey[t][s][1],
|
||||
foundKey[t][s][2],
|
||||
foundKey[t][s][3],
|
||||
foundKey[t][s][4],
|
||||
foundKey[t][s][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
;
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
|
||||
}
|
||||
t = 1;
|
||||
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
|
||||
num_to_bytes(0x424c41524f4e, 6, foundKey[t][sectorNo]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
|
||||
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
|
||||
cjSetCursRight();
|
||||
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
|
||||
t = 1;
|
||||
for (uint16_t s = 0; s < sectorsCnt; s++) {
|
||||
num_to_bytes(0x424c41524f4e, 6, foundKey[t][s]);
|
||||
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
|
||||
foundKey[t][s][0],
|
||||
foundKey[t][s][1],
|
||||
foundKey[t][s][2],
|
||||
foundKey[t][s][3],
|
||||
foundKey[t][s][4],
|
||||
foundKey[t][s][5]);
|
||||
cjSetCursRight();
|
||||
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
|
||||
}
|
||||
trapped = 1;
|
||||
break;
|
||||
@@ -801,7 +813,6 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
|
||||
|
||||
uint8_t numSectors = arg0;
|
||||
uint8_t keyType = arg1;
|
||||
uint64_t ui64Key = 0;
|
||||
|
||||
struct Crypto1State mpcs = {0, 0};
|
||||
struct Crypto1State *pcs;
|
||||
@@ -823,40 +834,40 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
|
||||
DbprintfEx(FLAG_RAWPRINT, "Can't select card");
|
||||
}
|
||||
|
||||
for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
|
||||
ui64Key = emlGetKey(sectorNo, keyType);
|
||||
if (sectorNo == 0) {
|
||||
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
|
||||
for (uint8_t s = 0; isOK && s < numSectors; s++) {
|
||||
uint64_t ui64Key = emlGetKey(s, keyType);
|
||||
if (s == 0) {
|
||||
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(s), keyType, ui64Key, AUTH_FIRST)) {
|
||||
isOK = false;
|
||||
if (MF_DBGLEVEL >= 1)
|
||||
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth error", sectorNo);
|
||||
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth error", s);
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {
|
||||
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(s), keyType, ui64Key, AUTH_NESTED)) {
|
||||
isOK = false;
|
||||
if (MF_DBGLEVEL >= 1)
|
||||
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth nested error", sectorNo);
|
||||
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth nested error", s);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
|
||||
if (isOK && mifare_classic_readblock(pcs, cjcuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {
|
||||
for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(s); blockNo++) {
|
||||
if (isOK && mifare_classic_readblock(pcs, cjcuid, FirstBlockOfSector(s) + blockNo, dataoutbuf)) {
|
||||
isOK = false;
|
||||
if (MF_DBGLEVEL >= 1)
|
||||
DbprintfEx(FLAG_NOLOG, "Error reading sector %2d block %2d", sectorNo, blockNo);
|
||||
DbprintfEx(FLAG_NOLOG, "Error reading sector %2d block %2d", s, blockNo);
|
||||
break;
|
||||
};
|
||||
if (isOK) {
|
||||
*datain = 1;
|
||||
if (blockNo < NumBlocksPerSector(sectorNo) - 1) {
|
||||
emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);
|
||||
if (blockNo < NumBlocksPerSector(s) - 1) {
|
||||
emlSetMem(dataoutbuf, FirstBlockOfSector(s) + blockNo, 1);
|
||||
} else {
|
||||
// sector trailer, keep the keys, set only the AC
|
||||
emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
|
||||
emlGetMem(dataoutbuf2, FirstBlockOfSector(s) + blockNo, 1);
|
||||
memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);
|
||||
emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
|
||||
emlSetMem(dataoutbuf2, FirstBlockOfSector(s) + blockNo, 1);
|
||||
}
|
||||
} else {
|
||||
*datain = 0;
|
||||
|
||||
@@ -295,17 +295,15 @@ void RunMod() {
|
||||
/*
|
||||
Iterates through each sector checking if there is a correct key.
|
||||
*/
|
||||
int key = -1;
|
||||
int block = 0;
|
||||
bool err = 0;
|
||||
bool allKeysFound = true;
|
||||
uint32_t size = mfKeysCnt;
|
||||
|
||||
for (int type = !keyType; type < 2 && !err; keyType == 2 ? (type++) : (type = 2)) {
|
||||
block = blockNo;
|
||||
int block = blockNo;
|
||||
for (int sec = 0; sec < sectorsCnt && !err; ++sec) {
|
||||
Dbprintf("\tCurrent sector:%3d, block:%3d, key type: %c, key count: %i ", sec, block, type ? 'B' : 'A', mfKeysCnt);
|
||||
key = saMifareChkKeys(block, type, true, size, &keyBlock[0], &key64);
|
||||
int key = saMifareChkKeys(block, type, true, size, &keyBlock[0], &key64);
|
||||
if (key == -1) {
|
||||
LED(LED_RED, 50); //red
|
||||
Dbprintf("\t✕ Key not found for this sector!");
|
||||
@@ -393,12 +391,12 @@ void RunMod() {
|
||||
Needs further testing.
|
||||
*/
|
||||
if (fillFromEmulator) {
|
||||
uint8_t retry = 5, cnt;
|
||||
uint8_t retry = 5;
|
||||
Dbprintf("\t Trying to dump into blank card.");
|
||||
int flags = 0;
|
||||
LED_A_ON(); //yellow
|
||||
for (int blockNum = 0; blockNum < 16 * 4; blockNum += 1) {
|
||||
cnt = 0;
|
||||
uint8_t cnt = 0;
|
||||
emlGetMem(mblock, blockNum, 1);
|
||||
// switch on field and send magic sequence
|
||||
if (blockNum == 0) flags = 0x08 + 0x02;
|
||||
|
||||
@@ -166,7 +166,7 @@ void RunMod() {
|
||||
playing = 1;
|
||||
} else {
|
||||
Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0], oldBlock0[1], oldBlock0[2], oldBlock0[3]);
|
||||
memcpy(newBlock0, oldBlock0, 16);
|
||||
memcpy(newBlock0 + 5, oldBlock0 + 5, 11);
|
||||
|
||||
// Copy uid for bank (2nd is for longer UIDs not supported if classic)
|
||||
memcpy(newBlock0, uids[selected].uid, 4);
|
||||
|
||||
@@ -14,6 +14,6 @@
|
||||
#include <stdbool.h> // for bool
|
||||
#include <inttypes.h> // PRIu64
|
||||
|
||||
extern void RunMod();
|
||||
void RunMod();
|
||||
|
||||
#endif /* __STANDALONE_H */
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
#include "lfsampling.h"
|
||||
#include "BigBuf.h"
|
||||
#include "mifareutil.h"
|
||||
#include "mifaresim.h"
|
||||
#include "hitag.h"
|
||||
|
||||
#define DEBUG 1
|
||||
@@ -78,10 +79,12 @@ void ToSendStuffBit(int b) {
|
||||
}
|
||||
}
|
||||
|
||||
/* useful when debugging new protocol implementations like FeliCa
|
||||
void PrintToSendBuffer(void) {
|
||||
DbpString("Printing ToSendBuffer:");
|
||||
Dbhexdump(ToSendMax, ToSend, 0);
|
||||
}
|
||||
*/
|
||||
|
||||
void print_result(char *name, uint8_t *buf, size_t len) {
|
||||
|
||||
@@ -159,18 +162,17 @@ void Dbprintf(const char *fmt, ...) {
|
||||
// prints HEX & ASCII
|
||||
void Dbhexdump(int len, uint8_t *d, bool bAsci) {
|
||||
#if DEBUG
|
||||
int l = 0, i;
|
||||
char ascii[9];
|
||||
|
||||
while (len > 0) {
|
||||
|
||||
l = (len > 8) ? 8 : len;
|
||||
int l = (len > 8) ? 8 : len;
|
||||
|
||||
memcpy(ascii, d, l);
|
||||
ascii[l] = 0;
|
||||
|
||||
// filter safe ascii
|
||||
for (i = 0; i < l; i++) {
|
||||
for (int i = 0; i < l; i++) {
|
||||
if (ascii[i] < 32 || ascii[i] > 126) {
|
||||
ascii[i] = '.';
|
||||
}
|
||||
@@ -230,7 +232,7 @@ uint16_t AvgAdc(int ch) {
|
||||
void MeasureAntennaTuning(void) {
|
||||
|
||||
uint8_t LF_Results[256];
|
||||
uint32_t i, adcval = 0, peak = 0, peakv = 0, peakf = 0;
|
||||
uint32_t i, peak = 0, peakv = 0, peakf = 0;
|
||||
uint32_t v_lf125 = 0, v_lf134 = 0, v_hf = 0; // in mV
|
||||
|
||||
memset(LF_Results, 0, sizeof(LF_Results));
|
||||
@@ -253,7 +255,7 @@ void MeasureAntennaTuning(void) {
|
||||
WDT_HIT();
|
||||
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
|
||||
SpinDelay(20);
|
||||
adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
|
||||
uint32_t adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
|
||||
if (i == 95)
|
||||
v_lf125 = adcval; // voltage at 125Khz
|
||||
if (i == 89)
|
||||
@@ -1177,8 +1179,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
|
||||
case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: {
|
||||
LED_B_ON();
|
||||
uint8_t *mem = BigBuf_get_addr();
|
||||
bool isok = false;
|
||||
size_t len = 0;
|
||||
uint32_t startidx = c->arg[0];
|
||||
uint32_t numofbytes = c->arg[1];
|
||||
// arg0 = startindex
|
||||
@@ -1187,8 +1187,8 @@ void UsbPacketReceived(uint8_t *packet, int len) {
|
||||
//Dbprintf("transfer to client parameters: %" PRIu32 " | %" PRIu32 " | %" PRIu32, startidx, numofbytes, c->arg[2]);
|
||||
|
||||
for (size_t i = 0; i < numofbytes; i += USB_CMD_DATA_SIZE) {
|
||||
len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
|
||||
isok = cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, i, len, BigBuf_get_traceLen(), mem + startidx + i, len);
|
||||
size_t len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
|
||||
bool isok = cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, i, len, BigBuf_get_traceLen(), mem + startidx + i, len);
|
||||
if (isok != 0)
|
||||
Dbprintf("transfer to client failed :: | bytes between %d - %d (%d)", i, i + len, len);
|
||||
}
|
||||
@@ -1251,7 +1251,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
|
||||
break;
|
||||
case CMD_FLASHMEM_READ: {
|
||||
LED_B_ON();
|
||||
uint16_t isok = 0;
|
||||
uint32_t startidx = c->arg[0];
|
||||
uint16_t len = c->arg[1];
|
||||
|
||||
@@ -1269,7 +1268,7 @@ void UsbPacketReceived(uint8_t *packet, int len) {
|
||||
len = MIN((len - i), size);
|
||||
|
||||
Dbprintf("FlashMem reading | %d | %d | %d |", startidx + i, i, len);
|
||||
isok = Flash_ReadDataCont(startidx + i, mem, len);
|
||||
uint16_t isok = Flash_ReadDataCont(startidx + i, mem, len);
|
||||
if (isok == len) {
|
||||
print_result("Chunk: ", mem, len);
|
||||
} else {
|
||||
@@ -1367,8 +1366,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
|
||||
|
||||
LED_B_ON();
|
||||
uint8_t *mem = BigBuf_malloc(USB_CMD_DATA_SIZE);
|
||||
bool isok = false;
|
||||
size_t len = 0;
|
||||
uint32_t startidx = c->arg[0];
|
||||
uint32_t numofbytes = c->arg[1];
|
||||
// arg0 = startindex
|
||||
@@ -1380,9 +1377,9 @@ void UsbPacketReceived(uint8_t *packet, int len) {
|
||||
}
|
||||
|
||||
for (size_t i = 0; i < numofbytes; i += USB_CMD_DATA_SIZE) {
|
||||
len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
|
||||
size_t len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
|
||||
|
||||
isok = Flash_ReadDataCont(startidx + i, mem, len);
|
||||
bool isok = Flash_ReadDataCont(startidx + i, mem, len);
|
||||
if (!isok)
|
||||
Dbprintf("reading flash memory failed :: | bytes between %d - %d", i, len);
|
||||
|
||||
|
||||
@@ -58,15 +58,15 @@ void Dbhexdump(int len, uint8_t *d, bool bAsci);
|
||||
uint16_t AvgAdc(int ch);
|
||||
|
||||
void print_result(char *name, uint8_t *buf, size_t len);
|
||||
void PrintToSendBuffer(void);
|
||||
//void PrintToSendBuffer(void);
|
||||
void ToSendStuffBit(int b);
|
||||
void ToSendReset(void);
|
||||
void ListenReaderField(int limit);
|
||||
extern int ToSendMax;
|
||||
extern uint8_t ToSend[];
|
||||
|
||||
extern void StandAloneMode(void);
|
||||
extern void printStandAloneModes(void);
|
||||
void StandAloneMode(void);
|
||||
void printStandAloneModes(void);
|
||||
|
||||
/// lfops.h
|
||||
extern uint8_t decimation;
|
||||
@@ -85,9 +85,9 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol);
|
||||
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
|
||||
void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, int ledcontrol, int numcycles);
|
||||
void CmdHIDsimTAG(uint32_t hi, uint32_t lo, int ledcontrol);
|
||||
void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol);
|
||||
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol);
|
||||
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol);
|
||||
void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol);
|
||||
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol);
|
||||
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol);
|
||||
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
|
||||
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26
|
||||
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol);
|
||||
@@ -99,8 +99,8 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
|
||||
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
|
||||
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
|
||||
void T55xxResetRead(void);
|
||||
void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t PwdMode);
|
||||
void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t PwdMode);
|
||||
void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg);
|
||||
void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg);
|
||||
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
|
||||
void T55xxWakeUp(uint32_t Pwd);
|
||||
void T55xx_ChkPwds(void);
|
||||
@@ -130,20 +130,20 @@ void ReaderIso14443a(UsbCommand *c);
|
||||
|
||||
// Also used in iclass.c
|
||||
//bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t len, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
|
||||
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *parity);
|
||||
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
|
||||
void iso14a_set_trigger(bool enable);
|
||||
// also used in emv
|
||||
bool prepare_allocated_tag_modulation(tag_response_info_t *response_info);
|
||||
int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len);
|
||||
//bool prepare_allocated_tag_modulation(tag_response_info_t *response_info);
|
||||
//int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len);
|
||||
|
||||
// epa.h
|
||||
void EPA_PACE_Collect_Nonce(UsbCommand *c);
|
||||
void EPA_PACE_Replay(UsbCommand *c);
|
||||
|
||||
// mifarecmd.h
|
||||
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
|
||||
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
|
||||
void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
|
||||
void MifareUC_Auth(uint8_t arg0, uint8_t *datain);
|
||||
void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes);
|
||||
void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain);
|
||||
void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
|
||||
void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
|
||||
@@ -154,7 +154,6 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
|
||||
void MifareAcquireNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain);
|
||||
void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
|
||||
void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
|
||||
void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
|
||||
void MifareSetDbgLvl(uint16_t arg0);
|
||||
void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
|
||||
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
|
||||
@@ -212,15 +211,15 @@ void Iso15693InitReader(void);
|
||||
void RAMFUNC SniffIClass(void);
|
||||
void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
|
||||
void ReaderIClass(uint8_t arg0);
|
||||
void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC);
|
||||
void iClass_Authentication(uint8_t *MAC);
|
||||
void ReaderIClass_Replay(uint8_t arg0, uint8_t *mac);
|
||||
void iClass_Authentication(uint8_t *mac);
|
||||
void iClass_Authentication_fast(uint64_t arg0, uint64_t arg1, uint8_t *datain);
|
||||
void iClass_WriteBlock(uint8_t blockNo, uint8_t *data);
|
||||
void iClass_ReadBlk(uint8_t blockNo);
|
||||
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *data, uint8_t datalen);
|
||||
void iClass_WriteBlock(uint8_t blockno, uint8_t *data);
|
||||
void iClass_ReadBlk(uint8_t blockno);
|
||||
bool iClass_ReadBlock(uint8_t blockno, uint8_t *data, uint8_t len);
|
||||
void iClass_Dump(uint8_t blockno, uint8_t numblks);
|
||||
void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data);
|
||||
void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType);
|
||||
void iClass_ReadCheck(uint8_t blockno, uint8_t keytype);
|
||||
|
||||
// cmd.h
|
||||
uint8_t cmd_receive(UsbCommand *cmd);
|
||||
@@ -230,10 +229,10 @@ uint8_t cmd_send(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void
|
||||
void HfSniff(int, int);
|
||||
|
||||
//felica.c
|
||||
extern void felica_sendraw(UsbCommand *c);
|
||||
extern void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip);
|
||||
extern void felica_sim_lite(uint64_t uid);
|
||||
extern void felica_dump_lite_s();
|
||||
void felica_sendraw(UsbCommand *c);
|
||||
void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip);
|
||||
void felica_sim_lite(uint64_t uid);
|
||||
void felica_dump_lite_s();
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@@ -20,11 +20,11 @@
|
||||
#define note_7 506
|
||||
#define note_8 0
|
||||
|
||||
extern void Ring_BEE_ONCE(uint16_t music_note);
|
||||
extern void Ring_BEE_TIME(uint16_t music_note, uint16_t count);
|
||||
extern void ring_2_7khz(uint16_t count);
|
||||
extern void Ring_ALL(uint16_t count);
|
||||
extern void Ring_Little_Star(uint16_t count);
|
||||
void Ring_BEE_ONCE(uint16_t music_note);
|
||||
void Ring_BEE_TIME(uint16_t music_note, uint16_t count);
|
||||
void ring_2_7khz(uint16_t count);
|
||||
void Ring_ALL(uint16_t count);
|
||||
void Ring_Little_Star(uint16_t count);
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
@@ -504,10 +504,12 @@ bool Flash_Erase64k(uint8_t block) {
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
// Erase chip
|
||||
void Flash_EraseChip(void) {
|
||||
FlashSendLastByte(CHIPERASE);
|
||||
}
|
||||
*/
|
||||
|
||||
void Flashmem_print_status(void) {
|
||||
DbpString("Flash memory");
|
||||
|
||||
@@ -101,9 +101,6 @@
|
||||
#define MAX_BLOCKS 4
|
||||
#define MAX_SECTORS 16
|
||||
|
||||
|
||||
|
||||
|
||||
#define MCK 48000000
|
||||
//#define FLASH_BAUD 24000000
|
||||
#define FLASH_MINFAST 24000000 //33000000
|
||||
@@ -113,9 +110,8 @@
|
||||
|
||||
#define FASTFLASH (FLASHMEM_SPIBAUDRATE > FLASH_MINFAST)
|
||||
|
||||
|
||||
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
|
||||
extern void Dbprintf(const char *fmt, ...);
|
||||
void Dbprintf(const char *fmt, ...);
|
||||
|
||||
void FlashmemSetSpiBaudrate(uint32_t baudrate);
|
||||
bool FlashInit();
|
||||
@@ -129,7 +125,6 @@ void Flash_TransferAdresse(uint32_t address);
|
||||
|
||||
bool Flash_CheckBusy(uint32_t timeout);
|
||||
|
||||
|
||||
void Flash_WriteEnable();
|
||||
bool Flash_WipeMemoryPage(uint8_t page);
|
||||
bool Flash_WipeMemory();
|
||||
@@ -137,18 +132,13 @@ bool Flash_Erase4k(uint8_t block, uint8_t sector);
|
||||
//bool Flash_Erase32k(uint32_t address);
|
||||
bool Flash_Erase64k(uint8_t block);
|
||||
|
||||
|
||||
void Flash_UniqueID(uint8_t *uid);
|
||||
uint8_t Flash_ReadID(void);
|
||||
uint16_t Flash_ReadData(uint32_t address, uint8_t *out, uint16_t len);
|
||||
|
||||
uint16_t Flash_ReadDataCont(uint32_t address, uint8_t *out, uint16_t len);
|
||||
|
||||
uint16_t Flash_Write(uint32_t address, uint8_t *in, uint16_t len);
|
||||
uint16_t Flash_WriteData(uint32_t address, uint8_t *in, uint16_t len);
|
||||
uint16_t Flash_WriteDataCont(uint32_t address, uint8_t *in, uint16_t len);
|
||||
void Flashmem_print_status(void);
|
||||
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
@@ -229,8 +229,10 @@ static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_s
|
||||
compressed_fpga_stream->zalloc = &fpga_inflate_malloc;
|
||||
compressed_fpga_stream->zfree = &fpga_inflate_free;
|
||||
|
||||
inflateInit2(compressed_fpga_stream, 0);
|
||||
|
||||
int res = inflateInit2(compressed_fpga_stream, 0);
|
||||
if ( res < 0 )
|
||||
return false;
|
||||
|
||||
fpga_image_ptr = output_buffer;
|
||||
|
||||
for (uint16_t i = 0; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++)
|
||||
|
||||
@@ -37,7 +37,7 @@ int FpgaGetCurrent(void);
|
||||
void SetAdcMuxFor(uint32_t whichGpio);
|
||||
|
||||
// extern and generel turn off the antenna method
|
||||
extern void switch_off(void);
|
||||
void switch_off(void);
|
||||
|
||||
// definitions for multiple FPGA config files support
|
||||
#define FPGA_BITSTREAM_LF 1
|
||||
|
||||
@@ -22,13 +22,13 @@ struct hitag2_tag {
|
||||
uint8_t sectors[12][4];
|
||||
};
|
||||
|
||||
extern uint32_t _f20(const uint64_t x);
|
||||
extern uint64_t _hitag2_init(const uint64_t key, const uint32_t serial, const uint32_t IV);
|
||||
extern uint64_t _hitag2_round(uint64_t *state);
|
||||
extern uint32_t _hitag2_byte(uint64_t *x);
|
||||
extern void hitag2_cipher_reset(struct hitag2_tag *tag, const uint8_t *iv);
|
||||
extern int hitag2_cipher_authenticate(uint64_t *cs, const uint8_t *authenticator_is);
|
||||
extern int hitag2_cipher_transcrypt(uint64_t *cs, uint8_t *data, uint16_t bytes, uint16_t bits) ;
|
||||
uint32_t _f20(const uint64_t x);
|
||||
uint64_t _hitag2_init(const uint64_t key, const uint32_t serial, const uint32_t IV);
|
||||
uint64_t _hitag2_round(uint64_t *state);
|
||||
uint32_t _hitag2_byte(uint64_t *x);
|
||||
void hitag2_cipher_reset(struct hitag2_tag *tag, const uint8_t *iv);
|
||||
int hitag2_cipher_authenticate(uint64_t *cs, const uint8_t *authenticator_is);
|
||||
int hitag2_cipher_transcrypt(uint64_t *cs, uint8_t *data, uint16_t bytes, uint16_t bits) ;
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -1451,7 +1451,7 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) {
|
||||
* Authenticates to the Tag with the given Key or Challenge.
|
||||
* Writes the given 32Bit data into page_
|
||||
*/
|
||||
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
|
||||
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
|
||||
|
||||
StopTicks();
|
||||
|
||||
@@ -1467,7 +1467,6 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
|
||||
int tag_sof;
|
||||
int t_wait = HITAG_T_WAIT_MAX;
|
||||
bool bStop;
|
||||
int page = page_;
|
||||
unsigned char crc;
|
||||
uint8_t data[4] = {0, 0, 0, 0};
|
||||
|
||||
@@ -1509,7 +1508,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
|
||||
}
|
||||
}
|
||||
|
||||
Dbprintf("Page: %d", page_);
|
||||
Dbprintf("Page: %d", page);
|
||||
Dbprintf("DATA: %02X %02X %02X %02X", data[0], data[1], data[2], data[3]);
|
||||
|
||||
tag.pstate = HT_READY;
|
||||
@@ -1582,7 +1581,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
|
||||
|
||||
if (rxlen == 0 && tag.tstate == HT_WRITING_PAGE_ACK) {
|
||||
//no write access on this page
|
||||
Dbprintf("no write access on page %d", page_);
|
||||
Dbprintf("no write access on page %d", page);
|
||||
bStop = !false;
|
||||
} else if (rxlen == 0 && tag.tstate != HT_WRITING_PAGE_DATA) {
|
||||
//start the authetication
|
||||
|
||||
@@ -855,7 +855,7 @@ void RAMFUNC SniffIClass(void) {
|
||||
|
||||
//int datalen = 0;
|
||||
uint32_t previous_data = 0;
|
||||
uint32_t time_0 = 0, time_start = 0, time_stop = 0;
|
||||
uint32_t time_0 = 0, time_start = 0, time_stop;
|
||||
uint32_t sniffCounter = 0;
|
||||
bool TagIsActive = false;
|
||||
bool ReaderIsActive = false;
|
||||
@@ -1395,7 +1395,7 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) {
|
||||
// To control where we are in the protocol
|
||||
uint32_t time_0 = GetCountSspClk();
|
||||
uint32_t t2r_stime = 0, t2r_etime = 0;
|
||||
uint32_t r2t_stime = 0, r2t_etime = 0;
|
||||
uint32_t r2t_stime, r2t_etime = 0;
|
||||
|
||||
LED_A_ON();
|
||||
bool buttonPressed = false;
|
||||
@@ -1626,7 +1626,7 @@ send:
|
||||
*/
|
||||
static int SendIClassAnswer(uint8_t *resp, int respLen, uint16_t delay) {
|
||||
int i = 0;
|
||||
volatile uint8_t b = 0;
|
||||
volatile uint8_t b;
|
||||
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K_8BIT);
|
||||
|
||||
@@ -1720,7 +1720,6 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int
|
||||
//-----------------------------------------------------------------------------
|
||||
void CodeIClassCommand(const uint8_t *cmd, int len) {
|
||||
int i, j, k;
|
||||
uint8_t b;
|
||||
|
||||
ToSendReset();
|
||||
|
||||
@@ -1732,7 +1731,7 @@ void CodeIClassCommand(const uint8_t *cmd, int len) {
|
||||
|
||||
// Modulate the bytes
|
||||
for (i = 0; i < len; i++) {
|
||||
b = cmd[i];
|
||||
uint8_t b = cmd[i];
|
||||
for (j = 0; j < 4; j++) {
|
||||
for (k = 0; k < 4; k++) {
|
||||
|
||||
@@ -1875,14 +1874,13 @@ void setupIclassReader() {
|
||||
}
|
||||
|
||||
bool sendCmdGetResponseWithRetries(uint8_t *command, size_t cmdsize, uint8_t *resp, uint8_t expected_size, uint8_t retries) {
|
||||
uint8_t got_n = 0;
|
||||
while (retries-- > 0) {
|
||||
|
||||
ReaderTransmitIClass(command, cmdsize);
|
||||
|
||||
//iceman - if received size is bigger than expected, we smash the stack here
|
||||
// since its called with fixed sized arrays
|
||||
got_n = ReaderReceiveIClass(resp);
|
||||
uint8_t got_n = ReaderReceiveIClass(resp);
|
||||
|
||||
// 0xBB is the internal debug separator byte..
|
||||
if (expected_size != got_n || (resp[0] == 0xBB || resp[7] == 0xBB || resp[2] == 0xBB)) {
|
||||
@@ -1983,9 +1981,7 @@ void ReaderIClass(uint8_t arg0) {
|
||||
//Read App Issuer Area block CRC(0x05) => 0xde 0x64
|
||||
uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY, 0x05, 0xde, 0x64};
|
||||
|
||||
int read_status = 0;
|
||||
uint16_t tryCnt = 0;
|
||||
uint8_t result_status = 0;
|
||||
|
||||
bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE; // flag to read until one tag is found successfully
|
||||
bool try_once = arg0 & FLAG_ICLASS_READER_ONE_TRY; // flag to not to loop continuously, looking for tag
|
||||
@@ -2008,9 +2004,9 @@ void ReaderIClass(uint8_t arg0) {
|
||||
}
|
||||
|
||||
tryCnt++;
|
||||
result_status = 0;
|
||||
uint8_t result_status = 0;
|
||||
|
||||
read_status = handshakeIclassTag_ext(card_data, use_credit_key);
|
||||
int read_status = handshakeIclassTag_ext(card_data, use_credit_key);
|
||||
|
||||
if (read_status == 0) continue;
|
||||
if (read_status == 1) result_status = FLAG_ICLASS_READER_CSN;
|
||||
@@ -2107,7 +2103,7 @@ void ReaderIClass(uint8_t arg0) {
|
||||
}
|
||||
|
||||
// turn off afterwards
|
||||
void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
|
||||
void ReaderIClass_Replay(uint8_t arg0, uint8_t *mac) {
|
||||
|
||||
uint8_t cardsize = 0;
|
||||
uint8_t mem = 0;
|
||||
@@ -2134,7 +2130,7 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
|
||||
if (read_status < 2) continue;
|
||||
|
||||
//for now replay captured auth (as cc not updated)
|
||||
memcpy(check + 5, MAC, 4);
|
||||
memcpy(check + 5, mac, 4);
|
||||
|
||||
if (!sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 5)) {
|
||||
DbpString("Error: Authentication Fail!");
|
||||
@@ -2227,8 +2223,8 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
|
||||
|
||||
// not used. ?!? ( CMD_ICLASS_READCHECK)
|
||||
// turn off afterwards
|
||||
void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType) {
|
||||
uint8_t readcheck[] = { keyType, blockNo };
|
||||
void iClass_ReadCheck(uint8_t blockno, uint8_t keytype) {
|
||||
uint8_t readcheck[] = { keytype, blockno };
|
||||
uint8_t resp[] = {0, 0, 0, 0, 0, 0, 0, 0};
|
||||
size_t isOK = 0;
|
||||
isOK = sendCmdGetResponseWithRetries(readcheck, sizeof(readcheck), resp, sizeof(resp), 6);
|
||||
@@ -2348,9 +2344,9 @@ out:
|
||||
|
||||
// Tries to read block.
|
||||
// retries 10times.
|
||||
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *data, uint8_t len) {
|
||||
bool iClass_ReadBlock(uint8_t blockno, uint8_t *data, uint8_t len) {
|
||||
uint8_t resp[10];
|
||||
uint8_t cmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockNo, 0x00, 0x00};
|
||||
uint8_t cmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockno, 0x00, 0x00};
|
||||
AddCrc(cmd + 1, 1);
|
||||
// expect size 10, retry 5times
|
||||
bool isOK = sendCmdGetResponseWithRetries(cmd, sizeof(cmd), resp, 10, 5);
|
||||
@@ -2402,10 +2398,10 @@ void iClass_Dump(uint8_t blockno, uint8_t numblks) {
|
||||
BigBuf_free();
|
||||
}
|
||||
|
||||
bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
|
||||
bool iClass_WriteBlock_ext(uint8_t blockno, uint8_t *data) {
|
||||
|
||||
uint8_t resp[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
||||
uint8_t write[] = { ICLASS_CMD_UPDATE, blockNo, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
uint8_t write[] = { ICLASS_CMD_UPDATE, blockno, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
memcpy(write + 2, data, 12); // data + mac
|
||||
AddCrc(write + 1, 13);
|
||||
|
||||
@@ -2416,7 +2412,7 @@ bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
|
||||
if (memcmp(write + 2, resp, 8)) {
|
||||
|
||||
//if not programming key areas (note key blocks don't get programmed with actual key data it is xor data)
|
||||
if (blockNo != 3 && blockNo != 4) {
|
||||
if (blockno != 3 && blockno != 4) {
|
||||
isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 5);
|
||||
}
|
||||
}
|
||||
@@ -2425,8 +2421,8 @@ bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
|
||||
}
|
||||
|
||||
// turn off afterwards
|
||||
void iClass_WriteBlock(uint8_t blockNo, uint8_t *data) {
|
||||
bool isOK = iClass_WriteBlock_ext(blockNo, data);
|
||||
void iClass_WriteBlock(uint8_t blockno, uint8_t *data) {
|
||||
bool isOK = iClass_WriteBlock_ext(blockno, data);
|
||||
cmd_send(CMD_ACK, isOK, 0, 0, 0, 0);
|
||||
switch_off();
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -27,9 +27,19 @@ extern "C" {
|
||||
#include "crapto1/crapto1.h"
|
||||
#include "mifareutil.h"
|
||||
#include "parity.h"
|
||||
#include "random.h"
|
||||
#include "mifare.h" // structs
|
||||
|
||||
// When the PM acts as tag and is receiving it takes
|
||||
// 2 ticks delay in the RF part (for the first falling edge),
|
||||
// 3 ticks for the A/D conversion,
|
||||
// 8 ticks on average until the start of the SSC transfer,
|
||||
// 8 ticks until the SSC samples the first data
|
||||
// 7*16 ticks to complete the transfer from FPGA to ARM
|
||||
// 8 ticks until the next ssp_clk rising edge
|
||||
// 4*16 ticks until we measure the time
|
||||
// - 8*16 ticks because we measure the time of the previous transfer
|
||||
#define DELAY_AIR2ARM_AS_TAG (2 + 3 + 8 + 8 + 7*16 + 8 + 4*16 - 8*16)
|
||||
|
||||
typedef struct {
|
||||
enum {
|
||||
DEMOD_UNSYNCD,
|
||||
@@ -95,51 +105,56 @@ typedef struct {
|
||||
|
||||
#ifndef CheckCrc14A
|
||||
# define CheckCrc14A(data, len) check_crc(CRC_14443_A, (data), (len))
|
||||
#endif
|
||||
#endif
|
||||
|
||||
extern void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
|
||||
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
|
||||
|
||||
extern tDemod *GetDemod(void);
|
||||
extern void DemodReset(void);
|
||||
extern void DemodInit(uint8_t *data, uint8_t *parity);
|
||||
extern tUart *GetUart(void);
|
||||
extern void UartReset(void);
|
||||
extern void UartInit(uint8_t *data, uint8_t *parity);
|
||||
extern RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);
|
||||
extern RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);
|
||||
tDemod *GetDemod(void);
|
||||
void DemodReset(void);
|
||||
void DemodInit(uint8_t *data, uint8_t *par);
|
||||
tUart *GetUart(void);
|
||||
void UartReset(void);
|
||||
void UartInit(uint8_t *data, uint8_t *par);
|
||||
RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);
|
||||
RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);
|
||||
|
||||
extern void RAMFUNC SniffIso14443a(uint8_t param);
|
||||
extern void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);
|
||||
extern void iso14443a_antifuzz(uint32_t flags);
|
||||
extern void ReaderIso14443a(UsbCommand *c);
|
||||
extern void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
|
||||
extern void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
|
||||
extern void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
|
||||
extern int ReaderReceive(uint8_t *receivedAnswer, uint8_t *par);
|
||||
void RAMFUNC SniffIso14443a(uint8_t param);
|
||||
void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);
|
||||
void iso14443a_antifuzz(uint32_t flags);
|
||||
void ReaderIso14443a(UsbCommand *c);
|
||||
void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
|
||||
void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
|
||||
void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
|
||||
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *par);
|
||||
|
||||
extern void iso14443a_setup(uint8_t fpga_minor_mode);
|
||||
extern int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint8_t *res);
|
||||
extern int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *resp_data, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
|
||||
extern int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades);
|
||||
extern void iso14a_set_trigger(bool enable);
|
||||
void iso14443a_setup(uint8_t fpga_minor_mode);
|
||||
int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint8_t *res);
|
||||
int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
|
||||
int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades);
|
||||
void iso14a_set_trigger(bool enable);
|
||||
|
||||
extern int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen);
|
||||
extern int EmSend4bit(uint8_t resp);
|
||||
extern int EmSendCmd(uint8_t *resp, uint16_t respLen);
|
||||
extern int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision);
|
||||
extern int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity);
|
||||
extern int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
|
||||
extern int EmSendCmdParEx(uint8_t *resp, uint16_t respLen, uint8_t *par, bool collision);
|
||||
extern int EmSendPrecompiledCmd(tag_response_info_t *response_info);
|
||||
int EmSendPrecompiledCmd(tag_response_info_t *response_info);
|
||||
int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen);
|
||||
int EmSend4bit(uint8_t resp);
|
||||
int EmSendCmd(uint8_t *resp, uint16_t respLen);
|
||||
int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision);
|
||||
int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *par);
|
||||
int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
|
||||
int EmSendCmdParEx(uint8_t *resp, uint16_t respLen, uint8_t *par, bool collision);
|
||||
int EmSendPrecompiledCmd(tag_response_info_t *response_info);
|
||||
|
||||
void EmLogTraceReader(void);
|
||||
|
||||
bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *max_buffer_size);
|
||||
|
||||
bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
|
||||
uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity);
|
||||
|
||||
//extern bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *buffer_size);
|
||||
|
||||
void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype);
|
||||
void DetectNACKbug();
|
||||
|
||||
void AppendCrc14443a(uint8_t *data, int len);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -34,15 +34,15 @@ extern "C" {
|
||||
# define AddCrc14B(data, len) compute_crc(CRC_14443_B, (data), (len), (data)+(len), (data)+(len)+1)
|
||||
#endif
|
||||
|
||||
extern void SendRawCommand14443B_Ex(UsbCommand *c);
|
||||
extern void iso14443b_setup();
|
||||
extern uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);
|
||||
extern uint8_t iso14443b_select_card(iso14b_card_select_t *card);
|
||||
extern uint8_t iso14443b_select_card_srx(iso14b_card_select_t *card);
|
||||
void SendRawCommand14443B_Ex(UsbCommand *c);
|
||||
void iso14443b_setup();
|
||||
uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);
|
||||
uint8_t iso14443b_select_card(iso14b_card_select_t *card);
|
||||
uint8_t iso14443b_select_card_srx(iso14b_card_select_t *card);
|
||||
|
||||
// testfunctions
|
||||
extern void WaitForFpgaDelayQueueIsEmpty(uint16_t delay);
|
||||
extern void ClearFpgaShiftingRegisters(void);
|
||||
void WaitForFpgaDelayQueueIsEmpty(uint16_t delay);
|
||||
void ClearFpgaShiftingRegisters(void);
|
||||
|
||||
// States for 14B SIM command
|
||||
#define SIM_NOFIELD 0
|
||||
|
||||
@@ -81,9 +81,9 @@
|
||||
#define Logic1 Iso15693Logic1
|
||||
#define FrameEOF Iso15693FrameEOF
|
||||
|
||||
#define Crc(data, len) crc(CRC_15693, (data), (len))
|
||||
#define CheckCrc(data, len) check_crc(CRC_15693, (data), (len))
|
||||
#define AddCrc(data, len) compute_crc(CRC_15693, (data), (len), (data)+(len), (data)+(len)+1)
|
||||
//#define Crc(data, len) Crc(CRC_15693, (data), (len))
|
||||
#define CheckCrc15(data, len) check_crc(CRC_15693, (data), (len))
|
||||
#define AddCrc15(data, len) compute_crc(CRC_15693, (data), (len), (data)+(len), (data)+(len)+1)
|
||||
|
||||
#define sprintUID(target,uid) Iso15693sprintUID((target), (uid))
|
||||
|
||||
@@ -621,18 +621,18 @@ void Iso15693InitReader(void) {
|
||||
|
||||
// Encode (into the ToSend buffers) an identify request, which is the first
|
||||
// thing that you must send to a tag to get a response.
|
||||
// It expects "out" to be at least CMD_ID_RESP large
|
||||
static void BuildIdentifyRequest(uint8_t *out) {
|
||||
// It expects "cmdout" to be at least CMD_ID_RESP large
|
||||
static void BuildIdentifyRequest(uint8_t *cmdout) {
|
||||
uint8_t cmd[CMD_ID_RESP] = {0, ISO15_CMD_INVENTORY, 0, 0, 0};
|
||||
// flags
|
||||
cmd[0] = ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
|
||||
// no mask
|
||||
cmd[2] = 0x00;
|
||||
// CRC
|
||||
AddCrc(cmd, 3);
|
||||
AddCrc15(cmd, 3);
|
||||
// coding as high speed (1 out of 4)
|
||||
CodeIso15693AsReader(cmd, CMD_ID_RESP);
|
||||
memcpy(out, cmd, CMD_ID_RESP);
|
||||
memcpy(cmdout, cmd, CMD_ID_RESP);
|
||||
}
|
||||
|
||||
// uid is in transmission order (which is reverse of display order)
|
||||
@@ -658,7 +658,7 @@ static void BuildReadBlockRequest(uint8_t **out, uint8_t *uid, uint8_t blockNumb
|
||||
// Block number to read
|
||||
cmd[10] = blockNumber;//0x00;
|
||||
// CRC
|
||||
AddCrc(cmd, 11);
|
||||
AddCrc15(cmd, 11);
|
||||
CodeIso15693AsReader(cmd, CMD_READ_RESP);
|
||||
memcpy(out, cmd, CMD_ID_RESP);
|
||||
}
|
||||
@@ -666,7 +666,7 @@ static void BuildReadBlockRequest(uint8_t **out, uint8_t *uid, uint8_t blockNumb
|
||||
|
||||
// Now the VICC>VCD responses when we are simulating a tag
|
||||
// It expects "out" to be at least CMD_INV_RESP large
|
||||
static void BuildInventoryResponse(uint8_t *out, uint8_t *uid) {
|
||||
static void BuildInventoryResponse(uint8_t *cmdout, uint8_t *uid) {
|
||||
|
||||
uint8_t cmd[CMD_INV_RESP] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
||||
|
||||
@@ -685,9 +685,9 @@ static void BuildInventoryResponse(uint8_t *out, uint8_t *uid) {
|
||||
cmd[8] = uid[1]; //0x05;
|
||||
cmd[9] = uid[0]; //0xe0;
|
||||
// CRC
|
||||
AddCrc(cmd, 10);
|
||||
AddCrc15(cmd, 10);
|
||||
CodeIso15693AsReader(cmd, CMD_INV_RESP);
|
||||
memcpy(out, cmd, CMD_INV_RESP);
|
||||
memcpy(cmdout, cmd, CMD_INV_RESP);
|
||||
}
|
||||
|
||||
// Universal Method for sending to and recv bytes from a tag
|
||||
@@ -780,7 +780,7 @@ void DbdecodeIso15693Answer(int len, uint8_t *d) {
|
||||
strncat(status, "No error ", DBD15STATLEN - strlen(status));
|
||||
}
|
||||
|
||||
if (CheckCrc(d, len))
|
||||
if (CheckCrc15(d, len))
|
||||
strncat(status, "[+] crc OK", DBD15STATLEN - strlen(status));
|
||||
else
|
||||
strncat(status, "[!] crc fail", DBD15STATLEN - strlen(status));
|
||||
@@ -932,7 +932,7 @@ void BruteforceIso15693Afi(uint32_t speed) {
|
||||
data[0] = ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
|
||||
data[1] = ISO15_CMD_INVENTORY;
|
||||
data[2] = 0; // mask length
|
||||
AddCrc(data, 3);
|
||||
AddCrc15(data, 3);
|
||||
datalen += 2;
|
||||
|
||||
recvlen = SendDataTag(data, datalen, false, speed, buf);
|
||||
@@ -951,7 +951,7 @@ void BruteforceIso15693Afi(uint32_t speed) {
|
||||
|
||||
for (uint16_t i = 0; i < 256; i++) {
|
||||
data[2] = i & 0xFF;
|
||||
AddCrc(data, 4);
|
||||
AddCrc15(data, 4);
|
||||
datalen += 2;
|
||||
recvlen = SendDataTag(data, datalen, false, speed, buf);
|
||||
WDT_HIT();
|
||||
|
||||
@@ -14,8 +14,8 @@
|
||||
|
||||
#include "proxmark3.h"
|
||||
|
||||
extern void LegicRfInfo(void);
|
||||
extern void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv);
|
||||
extern void LegicRfWriter(uint16_t offset, uint16_t byte, uint8_t iv, uint8_t *data);
|
||||
void LegicRfInfo(void);
|
||||
void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv);
|
||||
void LegicRfWriter(uint16_t offset, uint16_t len, uint8_t iv, uint8_t *data);
|
||||
|
||||
#endif /* __LEGICRF_H */
|
||||
|
||||
@@ -14,6 +14,6 @@
|
||||
|
||||
#include "proxmark3.h"
|
||||
|
||||
extern void LegicRfSimulate(uint8_t tagtype);
|
||||
void LegicRfSimulate(uint8_t tagtype);
|
||||
|
||||
#endif /* __LEGICRFSIM_H */
|
||||
|
||||
@@ -651,7 +651,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) {
|
||||
|
||||
|
||||
#define DEBUG_FRAME_CONTENTS 1
|
||||
void SimulateTagLowFrequencyBidir(int divisor, int t0) {
|
||||
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen) {
|
||||
}
|
||||
// compose fc/5 fc/8 waveform (FSK1)
|
||||
|
||||
@@ -901,7 +901,7 @@ static void stAskSimBit(int *n, uint8_t clock) {
|
||||
}
|
||||
|
||||
// args clock, ask/man or askraw, invert, transmission separator
|
||||
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol) {
|
||||
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol) {
|
||||
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
|
||||
set_tracing(false);
|
||||
|
||||
@@ -914,20 +914,20 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream,
|
||||
if (encoding == 2) { //biphase
|
||||
uint8_t phase = 0;
|
||||
for (i = 0; i < size; i++) {
|
||||
biphaseSimBit(BitStream[i]^invert, &n, clk, &phase);
|
||||
biphaseSimBit(bits[i]^invert, &n, clk, &phase);
|
||||
}
|
||||
if (phase == 1) { //run a second set inverted to keep phase in check
|
||||
for (i = 0; i < size; i++) {
|
||||
biphaseSimBit(BitStream[i]^invert, &n, clk, &phase);
|
||||
biphaseSimBit(bits[i]^invert, &n, clk, &phase);
|
||||
}
|
||||
}
|
||||
} else { // ask/manchester || ask/raw
|
||||
for (i = 0; i < size; i++) {
|
||||
askSimBit(BitStream[i]^invert, &n, clk, encoding);
|
||||
askSimBit(bits[i]^invert, &n, clk, encoding);
|
||||
}
|
||||
if (encoding == 0 && BitStream[0] == BitStream[size - 1]) { //run a second set inverted (for ask/raw || biphase phase)
|
||||
if (encoding == 0 && bits[0] == bits[size - 1]) { //run a second set inverted (for ask/raw || biphase phase)
|
||||
for (i = 0; i < size; i++) {
|
||||
askSimBit(BitStream[i]^invert ^ 1, &n, clk, encoding);
|
||||
askSimBit(bits[i]^invert ^ 1, &n, clk, encoding);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -968,7 +968,7 @@ static void pskSimBit(uint8_t waveLen, int *n, uint8_t clk, uint8_t *curPhase, b
|
||||
}
|
||||
|
||||
// args clock, carrier, invert,
|
||||
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol) {
|
||||
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol) {
|
||||
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
|
||||
set_tracing(false);
|
||||
|
||||
@@ -978,7 +978,7 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream,
|
||||
uint8_t invert = arg2 & 0xFF;
|
||||
uint8_t curPhase = 0;
|
||||
for (i = 0; i < size; i++) {
|
||||
if (BitStream[i] == curPhase) {
|
||||
if (bits[i] == curPhase) {
|
||||
pskSimBit(carrier, &n, clk, &curPhase, false);
|
||||
} else {
|
||||
pskSimBit(carrier, &n, clk, &curPhase, true);
|
||||
@@ -997,9 +997,8 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream,
|
||||
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
|
||||
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
|
||||
uint8_t *dest = BigBuf_get_addr();
|
||||
size_t size = 0;
|
||||
size_t size;
|
||||
uint32_t hi2 = 0, hi = 0, lo = 0;
|
||||
int idx = 0;
|
||||
int dummyIdx = 0;
|
||||
// Configure to go in 125Khz listen mode
|
||||
LFSetupFPGAForADC(95, true);
|
||||
@@ -1015,7 +1014,7 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
DoAcquisition_default(-1, true);
|
||||
// FSK demodulator
|
||||
size = 50 * 128 * 2; //big enough to catch 2 sequences of largest format
|
||||
idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
|
||||
int idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
|
||||
if (idx < 0) continue;
|
||||
|
||||
if (idx > 0 && lo > 0 && (size == 96 || size == 192)) {
|
||||
@@ -1029,7 +1028,7 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
);
|
||||
} else { //standard HID tags 44/96 bits
|
||||
uint8_t bitlen = 0;
|
||||
uint32_t fc = 0;
|
||||
uint32_t fac = 0;
|
||||
uint32_t cardnum = 0;
|
||||
|
||||
if (((hi >> 5) & 1) == 1) { //if bit 38 is set then < 37 bit format is used
|
||||
@@ -1041,35 +1040,35 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
idx3++;
|
||||
}
|
||||
bitlen = idx3 + 19;
|
||||
fc = 0;
|
||||
fac = 0;
|
||||
cardnum = 0;
|
||||
if (bitlen == 26) {
|
||||
cardnum = (lo >> 1) & 0xFFFF;
|
||||
fc = (lo >> 17) & 0xFF;
|
||||
fac = (lo >> 17) & 0xFF;
|
||||
}
|
||||
if (bitlen == 37) {
|
||||
cardnum = (lo >> 1) & 0x7FFFF;
|
||||
fc = ((hi & 0xF) << 12) | (lo >> 20);
|
||||
fac = ((hi & 0xF) << 12) | (lo >> 20);
|
||||
}
|
||||
if (bitlen == 34) {
|
||||
cardnum = (lo >> 1) & 0xFFFF;
|
||||
fc = ((hi & 1) << 15) | (lo >> 17);
|
||||
fac = ((hi & 1) << 15) | (lo >> 17);
|
||||
}
|
||||
if (bitlen == 35) {
|
||||
cardnum = (lo >> 1) & 0xFFFFF;
|
||||
fc = ((hi & 1) << 11) | (lo >> 21);
|
||||
fac = ((hi & 1) << 11) | (lo >> 21);
|
||||
}
|
||||
} else { //if bit 38 is not set then 37 bit format is used
|
||||
bitlen = 37;
|
||||
cardnum = (lo >> 1) & 0x7FFFF;
|
||||
fc = ((hi & 0xF) << 12) | (lo >> 20);
|
||||
fac = ((hi & 0xF) << 12) | (lo >> 20);
|
||||
}
|
||||
Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d",
|
||||
hi,
|
||||
lo,
|
||||
(lo >> 1) & 0xFFFF,
|
||||
bitlen,
|
||||
fc,
|
||||
fac,
|
||||
cardnum
|
||||
);
|
||||
}
|
||||
@@ -1095,7 +1094,7 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
//big enough to catch 2 sequences of largest format
|
||||
size_t size = 12800; //50 * 128 * 2;
|
||||
|
||||
int idx = 0, dummyIdx = 0;
|
||||
int dummyIdx = 0;
|
||||
|
||||
BigBuf_Clear_keep_EM();
|
||||
|
||||
@@ -1109,7 +1108,7 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
DoAcquisition_default(-1, true);
|
||||
// FSK demodulator
|
||||
|
||||
idx = detectAWID(dest, &size, &dummyIdx);
|
||||
int idx = detectAWID(dest, &size, &dummyIdx);
|
||||
|
||||
if (idx <= 0 || size != 96) continue;
|
||||
// Index map
|
||||
@@ -1147,16 +1146,16 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
// w = wiegand parity
|
||||
// (26 bit format shown)
|
||||
|
||||
uint32_t fc = 0;
|
||||
uint32_t fac = 0;
|
||||
uint32_t cardnum = 0;
|
||||
uint32_t code1 = 0;
|
||||
uint32_t code2 = 0;
|
||||
uint8_t fmtLen = bytebits_to_byte(dest, 8);
|
||||
if (fmtLen == 26) {
|
||||
fc = bytebits_to_byte(dest + 9, 8);
|
||||
fac = bytebits_to_byte(dest + 9, 8);
|
||||
cardnum = bytebits_to_byte(dest + 17, 16);
|
||||
code1 = bytebits_to_byte(dest + 8, fmtLen);
|
||||
Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo);
|
||||
Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo);
|
||||
} else {
|
||||
cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16);
|
||||
if (fmtLen > 32) {
|
||||
@@ -1174,8 +1173,6 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
*low = rawLo;
|
||||
break;
|
||||
}
|
||||
// reset
|
||||
idx = 0;
|
||||
WDT_HIT();
|
||||
}
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
@@ -1186,8 +1183,8 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
|
||||
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) {
|
||||
uint8_t *dest = BigBuf_get_addr();
|
||||
|
||||
size_t size = 0, idx = 0;
|
||||
int clk = 0, invert = 0, errCnt = 0, maxErr = 20;
|
||||
size_t size, idx = 0;
|
||||
int clk = 0, invert = 0, errCnt, maxErr = 20;
|
||||
uint32_t hi = 0;
|
||||
uint64_t lo = 0;
|
||||
|
||||
@@ -1238,7 +1235,7 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
|
||||
}
|
||||
WDT_HIT();
|
||||
hi = lo = size = idx = 0;
|
||||
clk = invert = errCnt = 0;
|
||||
clk = invert = 0;
|
||||
}
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
DbpString("Stopped");
|
||||
@@ -1249,7 +1246,7 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
|
||||
|
||||
uint8_t *dest = BigBuf_get_addr();
|
||||
|
||||
int dummyIdx = 0, idx = 0;
|
||||
int dummyIdx = 0;
|
||||
uint32_t code = 0, code2 = 0;
|
||||
uint8_t version = 0, facilitycode = 0, crc = 0;
|
||||
uint16_t number = 0, calccrc = 0;
|
||||
@@ -1269,7 +1266,7 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
|
||||
|
||||
//fskdemod and get start index
|
||||
WDT_HIT();
|
||||
idx = detectIOProx(dest, &size, &dummyIdx);
|
||||
int idx = detectIOProx(dest, &size, &dummyIdx);
|
||||
if (idx < 0) continue;
|
||||
//valid tag found
|
||||
|
||||
@@ -1325,8 +1322,6 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
|
||||
code = code2 = 0;
|
||||
version = facilitycode = 0;
|
||||
number = 0;
|
||||
idx = 0;
|
||||
|
||||
WDT_HIT();
|
||||
}
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
@@ -1481,8 +1476,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
|
||||
bool PwdMode = arg0 & 0x1;
|
||||
uint8_t Page = (arg0 & 0x2) >> 1;
|
||||
bool brute_mem = arg0 & 0x4;
|
||||
|
||||
uint32_t i = 0;
|
||||
uint32_t i;
|
||||
|
||||
// regular read mode
|
||||
bool RegReadMode = (Block == 0xFF);
|
||||
@@ -1771,7 +1765,7 @@ void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5) {
|
||||
#define EM410X_ID_LENGTH 40
|
||||
|
||||
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
|
||||
int i, id_bit;
|
||||
int i;
|
||||
uint64_t id = EM410X_HEADER;
|
||||
uint64_t rev_id = 0; // reversed ID
|
||||
int c_parity[4]; // column parity
|
||||
@@ -1790,7 +1784,7 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
|
||||
}
|
||||
|
||||
for (i = 0; i < EM410X_ID_LENGTH; ++i) {
|
||||
id_bit = rev_id & 1;
|
||||
int id_bit = rev_id & 1;
|
||||
|
||||
if (i % 4 == 0) {
|
||||
// Don't write row parity bit at start of parsing
|
||||
@@ -1926,7 +1920,6 @@ uint8_t Prepare_Addr(uint8_t addr) {
|
||||
//====================================================================
|
||||
uint8_t Prepare_Data(uint16_t data_low, uint16_t data_hi) {
|
||||
|
||||
register uint8_t line_parity;
|
||||
register uint8_t column_parity;
|
||||
register uint8_t i, j;
|
||||
register uint16_t data;
|
||||
@@ -1935,7 +1928,7 @@ uint8_t Prepare_Data(uint16_t data_low, uint16_t data_hi) {
|
||||
column_parity = 0;
|
||||
|
||||
for (i = 0; i < 4; i++) {
|
||||
line_parity = 0;
|
||||
register uint8_t line_parity = 0;
|
||||
for (j = 0; j < 8; j++) {
|
||||
line_parity ^= data;
|
||||
column_parity ^= (data & 1) << j;
|
||||
|
||||
@@ -248,9 +248,9 @@ uint32_t ReadLF(bool activeField, bool silent, int sample_size) {
|
||||
* Initializes the FPGA for reader-mode (field on), and acquires the samples.
|
||||
* @return number of bits sampled
|
||||
**/
|
||||
uint32_t SampleLF(bool printCfg, int sample_size) {
|
||||
uint32_t SampleLF(bool silent, int sample_size) {
|
||||
BigBuf_Clear_ext(false);
|
||||
return ReadLF(true, printCfg, sample_size);
|
||||
return ReadLF(true, silent, sample_size);
|
||||
}
|
||||
/**
|
||||
* Initializes the FPGA for sniffer-mode (field off), and acquires the samples.
|
||||
|
||||
@@ -851,12 +851,13 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
|
||||
// MIFARE nested authentication.
|
||||
//
|
||||
//-----------------------------------------------------------------------------
|
||||
void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain) {
|
||||
void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) {
|
||||
// params
|
||||
uint8_t blockNo = arg0 & 0xff;
|
||||
uint8_t keyType = (arg0 >> 8) & 0xff;
|
||||
uint8_t targetBlockNo = arg1 & 0xff;
|
||||
uint8_t targetKeyType = (arg1 >> 8) & 0xff;
|
||||
// calibrate = arg2
|
||||
uint64_t ui64Key = 0;
|
||||
|
||||
ui64Key = bytes_to_num(datain, 6);
|
||||
@@ -888,14 +889,14 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
|
||||
BigBuf_free();
|
||||
BigBuf_Clear_ext(false);
|
||||
|
||||
if (calibrate) clear_trace();
|
||||
if (arg2) clear_trace();
|
||||
set_tracing(true);
|
||||
|
||||
// statistics on nonce distance
|
||||
int16_t isOK = 0;
|
||||
#define NESTED_MAX_TRIES 12
|
||||
uint16_t unsuccessfull_tries = 0;
|
||||
if (calibrate) { // for first call only. Otherwise reuse previous calibration
|
||||
if (arg2) { // calibrate: for first call only. Otherwise reuse previous calibration
|
||||
LED_B_ON();
|
||||
WDT_HIT();
|
||||
|
||||
|
||||
@@ -167,8 +167,10 @@ void MifareDesfireGetInformation() {
|
||||
OnSuccess();
|
||||
}
|
||||
|
||||
void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain) {
|
||||
|
||||
void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) {
|
||||
// mode = arg0
|
||||
// algo = arg1
|
||||
// keyno = arg2
|
||||
int len = 0;
|
||||
//uint8_t PICC_MASTER_KEY8[8] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47};
|
||||
uint8_t PICC_MASTER_KEY16[16] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f };
|
||||
@@ -195,25 +197,25 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
LED_B_OFF();
|
||||
LED_C_OFF();
|
||||
|
||||
// 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
|
||||
// 4 olika crypto algo DES, 3DES, 3K3DES, AES
|
||||
// 3 olika kommunikations sätt, PLAIN,MAC,CRYPTO
|
||||
// 3 different way to authenticate AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
|
||||
// 4 different crypto arg1 DES, 3DES, 3K3DES, AES
|
||||
// 3 different communication modes, PLAIN,MAC,CRYPTO
|
||||
|
||||
// des, nyckel 0,
|
||||
switch (mode) {
|
||||
// des, key 0,
|
||||
switch (arg0) {
|
||||
case 1: {
|
||||
uint8_t keybytes[16];
|
||||
uint8_t RndA[8] = {0x00};
|
||||
uint8_t RndB[8] = {0x00};
|
||||
|
||||
if (algo == 2) {
|
||||
if (arg1 == 2) {
|
||||
if (datain[1] == 0xff) {
|
||||
memcpy(keybytes, PICC_MASTER_KEY16, 16);
|
||||
} else {
|
||||
memcpy(keybytes, datain + 1, datalen);
|
||||
}
|
||||
} else {
|
||||
if (algo == 1) {
|
||||
if (arg1 == 1) {
|
||||
if (datain[1] == 0xff) {
|
||||
memcpy(keybytes, null_key_data8, 8);
|
||||
} else {
|
||||
@@ -225,13 +227,13 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
struct desfire_key defaultkey = {0};
|
||||
desfirekey_t key = &defaultkey;
|
||||
|
||||
if (algo == 2)
|
||||
if (arg1 == 2)
|
||||
Desfire_3des_key_new_with_version(keybytes, key);
|
||||
else if (algo == 1)
|
||||
else if (arg1 == 1)
|
||||
Desfire_des_key_new(keybytes, key);
|
||||
|
||||
cmd[0] = AUTHENTICATE;
|
||||
cmd[1] = keyno; //keynumber
|
||||
cmd[1] = arg2; //keynumber
|
||||
len = DesfireAPDU(cmd, 2, resp);
|
||||
if (!len) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
|
||||
@@ -249,9 +251,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
}
|
||||
|
||||
memcpy(encRndB, resp + 3, 8);
|
||||
if (algo == 2)
|
||||
if (arg1 == 2)
|
||||
tdes_dec(&decRndB, &encRndB, key->data);
|
||||
else if (algo == 1)
|
||||
else if (arg1 == 1)
|
||||
des_dec(&decRndB, &encRndB, key->data);
|
||||
|
||||
memcpy(RndB, decRndB, 8);
|
||||
@@ -262,9 +264,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
memcpy(RndA, decRndA, 8);
|
||||
uint8_t encRndA[8] = {0x00};
|
||||
|
||||
if (algo == 2)
|
||||
if (arg1 == 2)
|
||||
tdes_dec(&encRndA, &decRndA, key->data);
|
||||
else if (algo == 1)
|
||||
else if (arg1 == 1)
|
||||
des_dec(&encRndA, &decRndA, key->data);
|
||||
|
||||
memcpy(both, encRndA, 8);
|
||||
@@ -274,9 +276,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
|
||||
}
|
||||
|
||||
if (algo == 2)
|
||||
if (arg1 == 2)
|
||||
tdes_dec(&encRndB, &decRndB, key->data);
|
||||
else if (algo == 1)
|
||||
else if (arg1 == 1)
|
||||
des_dec(&encRndB, &decRndB, key->data);
|
||||
|
||||
memcpy(both + 8, encRndB, 8);
|
||||
@@ -302,9 +304,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
|
||||
memcpy(encRndA, resp + 3, 8);
|
||||
|
||||
if (algo == 2)
|
||||
if (arg1 == 2)
|
||||
tdes_dec(&encRndA, &encRndA, key->data);
|
||||
else if (algo == 1)
|
||||
else if (arg1 == 1)
|
||||
des_dec(&encRndA, &encRndA, key->data);
|
||||
|
||||
rol(decRndA, 8);
|
||||
@@ -320,9 +322,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
/*
|
||||
|
||||
// Current key is a 3DES key, change it to a DES key
|
||||
if (algo == 2) {
|
||||
if (arg1 == 2) {
|
||||
cmd[0] = CHANGE_KEY;
|
||||
cmd[1] = keyno;
|
||||
cmd[1] = arg2;
|
||||
|
||||
uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
|
||||
|
||||
@@ -362,9 +364,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
|
||||
} else {
|
||||
// Current key is a DES key, change it to a 3DES key
|
||||
if (algo == 1) {
|
||||
if (arg1 == 1) {
|
||||
cmd[0] = CHANGE_KEY;
|
||||
cmd[1] = keyno;
|
||||
cmd[1] = arg2;
|
||||
|
||||
uint8_t newKey[16] = {0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f};
|
||||
|
||||
@@ -406,9 +408,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
*/
|
||||
|
||||
OnSuccess();
|
||||
if (algo == 2)
|
||||
if (arg1 == 2)
|
||||
cmd_send(CMD_ACK, 1, 0, 0, skey->data, 16);
|
||||
else if (algo == 1)
|
||||
else if (arg1 == 1)
|
||||
cmd_send(CMD_ACK, 1, 0, 0, skey->data, 8);
|
||||
} else {
|
||||
DbpString("Authentication failed.");
|
||||
@@ -418,7 +420,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
}
|
||||
break;
|
||||
case 2:
|
||||
//SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp);
|
||||
//SendDesfireCommand(AUTHENTICATE_ISO, &arg2, resp);
|
||||
break;
|
||||
case 3: {
|
||||
|
||||
@@ -495,7 +497,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
|
||||
cmd_send(CMD_ACK, 1, len, 0, resp, len);
|
||||
}
|
||||
|
||||
// 3 olika ISO sätt att skicka data till DESFIRE (direkt, inkapslat, inkapslat ISO)
|
||||
// 3 different ISO ways to send data to a DESFIRE (direct, capsuled, capsuled ISO)
|
||||
// cmd = cmd bytes to send
|
||||
// cmd_len = length of cmd
|
||||
// dataout = pointer to response data array
|
||||
@@ -540,7 +542,7 @@ size_t CreateAPDU(uint8_t *datain, size_t len, uint8_t *dataout) {
|
||||
uint8_t cmd[cmdlen];
|
||||
memset(cmd, 0, cmdlen);
|
||||
|
||||
cmd[0] = 0x0A; // 0x0A = skicka cid, 0x02 = ingen cid. Särskilda bitar //
|
||||
cmd[0] = 0x0A; // 0x0A = send cid, 0x02 = no cid.
|
||||
cmd[0] |= pcb_blocknum; // OR the block number into the PCB
|
||||
cmd[1] = 0x00; // CID: 0x00 //TODO: allow multiple selected cards
|
||||
|
||||
|
||||
1253
armsrc/mifaresim.c
Normal file
1253
armsrc/mifaresim.c
Normal file
File diff suppressed because it is too large
Load Diff
44
armsrc/mifaresim.h
Normal file
44
armsrc/mifaresim.h
Normal file
@@ -0,0 +1,44 @@
|
||||
//-----------------------------------------------------------------------------
|
||||
// Merlok - June 2011, 2012
|
||||
// Gerhard de Koning Gans - May 2008
|
||||
// Hagen Fritsch - June 2010
|
||||
//
|
||||
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
// at your option, any later version. See the LICENSE.txt file for the text of
|
||||
// the license.
|
||||
//-----------------------------------------------------------------------------
|
||||
// Mifare Classic Card Simulation
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
#ifndef __MIFARESIM_H
|
||||
#define __MIFARESIM_H
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain);
|
||||
|
||||
#define AC_DATA_READ 0
|
||||
#define AC_DATA_WRITE 1
|
||||
#define AC_DATA_INC 2
|
||||
#define AC_DATA_DEC_TRANS_REST 3
|
||||
#define AC_KEYA_READ 0
|
||||
#define AC_KEYA_WRITE 1
|
||||
#define AC_KEYB_READ 2
|
||||
#define AC_KEYB_WRITE 3
|
||||
#define AC_AC_READ 4
|
||||
#define AC_AC_WRITE 5
|
||||
|
||||
#define AUTHKEYA 0
|
||||
#define AUTHKEYB 1
|
||||
#define AUTHKEYNONE 0xff
|
||||
|
||||
#define TAG_RESPONSE_COUNT 9 // number of precompiled responses
|
||||
|
||||
// Prepare ("precompile") the responses of the anticollision phase.
|
||||
// There will be not enough time to do this at the moment the reader sends its REQA or SELECT
|
||||
// There are 7 predefined responses with a total of 18 bytes data to transmit.
|
||||
// Coded responses need one byte per bit to transfer (data, parity, start, stop, correction)
|
||||
// 18 * 8 data bits, 18 * 1 parity bits, 5 start bits, 5 stop bits, 5 correction bits -> need 177 bytes buffer
|
||||
#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 512 // number of bytes required for precompiled response
|
||||
|
||||
#endif
|
||||
@@ -596,7 +596,7 @@ void emlClearMem(void) {
|
||||
memset(emCARD, 0, CARD_MEMORY_SIZE);
|
||||
|
||||
// fill sectors trailer data
|
||||
for (uint16_t b = 3; b < 256; ((b < 127) ? (b += 4) : (b += 16)))
|
||||
for (uint16_t b = 3; b <= MIFARE_4K_MAXBLOCK; ((b <= MIFARE_2K_MAXBLOCK) ? (b += 4) : (b += 16)))
|
||||
emlSetMem((uint8_t *)trailer, b, 1);
|
||||
|
||||
// uid
|
||||
@@ -604,6 +604,19 @@ void emlClearMem(void) {
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t SectorTrailer(uint8_t blockNo) {
|
||||
if (blockNo <= MIFARE_2K_MAXBLOCK) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Sector Trailer for block %d : %d", blockNo, (blockNo | 0x03));
|
||||
return (blockNo | 0x03);
|
||||
} else {
|
||||
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Sector Trailer for block %d : %d", blockNo, (blockNo | 0x0f));
|
||||
return (blockNo | 0x0f);
|
||||
}
|
||||
}
|
||||
|
||||
bool IsSectorTrailer(uint8_t blockNo) {
|
||||
return (blockNo == SectorTrailer(blockNo));
|
||||
}
|
||||
|
||||
// Mifare desfire commands
|
||||
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing) {
|
||||
|
||||
@@ -21,7 +21,6 @@
|
||||
#include "iso14443a.h"
|
||||
#include "crapto1/crapto1.h"
|
||||
#include "des.h"
|
||||
#include "random.h" // fast_prand, prand
|
||||
|
||||
// mifare authentication
|
||||
#define CRYPT_NONE 0
|
||||
@@ -33,12 +32,26 @@
|
||||
#define AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)
|
||||
#define PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication
|
||||
|
||||
// mifare 4bit card answers
|
||||
#define CARD_ACK 0x0A // 1010 - ACK
|
||||
#define CARD_NACK_NA 0x04 // 0100 - NACK, not allowed (command not allowed)
|
||||
#define CARD_NACK_TR 0x05 // 0101 - NACK, transmission error
|
||||
// reader voltage field detector
|
||||
#define MF_MINFIELDV 4000
|
||||
|
||||
// debug
|
||||
// 0 - no debug messages 1 - error messages 2 - all messages 4 - extended debug mode
|
||||
#define MF_DBG_NONE 0
|
||||
#define MF_DBG_ERROR 1
|
||||
#define MF_DBG_ALL 2
|
||||
#define MF_DBG_EXTENDED 4
|
||||
|
||||
// Mifare 4k/2k/1k/mini Max Block / Max Sector
|
||||
#define MIFARE_4K_MAXBLOCK 256
|
||||
#define MIFARE_2K_MAXBLOCK 128
|
||||
#define MIFARE_1K_MAXBLOCK 64
|
||||
#define MIFARE_MINI_MAXBLOCK 20
|
||||
|
||||
#define MIFARE_MINI_MAXSECTOR 5
|
||||
#define MIFARE_1K_MAXSECTOR 16
|
||||
#define MIFARE_2K_MAXSECTOR 32
|
||||
#define MIFARE_4K_MAXSECTOR 40
|
||||
|
||||
//mifare emulator states
|
||||
#define MFEMUL_NOFIELD 0
|
||||
@@ -47,7 +60,6 @@
|
||||
#define MFEMUL_SELECT2 3
|
||||
#define MFEMUL_SELECT3 4
|
||||
#define MFEMUL_AUTH1 5
|
||||
#define MFEMUL_AUTH2 6
|
||||
#define MFEMUL_WORK 7
|
||||
#define MFEMUL_WRITEBL2 8
|
||||
#define MFEMUL_INTREG_INC 9
|
||||
@@ -74,8 +86,8 @@ int mifare_classic_halt_ex(struct Crypto1State *pcs);
|
||||
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
|
||||
|
||||
// Ultralight/NTAG...
|
||||
int mifare_ul_ev1_auth(uint8_t *key, uint8_t *pack);
|
||||
int mifare_ultra_auth(uint8_t *key);
|
||||
int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack);
|
||||
int mifare_ultra_auth(uint8_t *keybytes);
|
||||
int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData);
|
||||
//int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData);
|
||||
int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData);
|
||||
@@ -88,7 +100,7 @@ int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);
|
||||
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);
|
||||
|
||||
// crypto functions
|
||||
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
|
||||
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len);
|
||||
void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out);
|
||||
void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par);
|
||||
void mf_crypto1_encryptEx(struct Crypto1State *pcs, uint8_t *data_in, uint8_t *keystream, uint8_t *data_out, uint16_t len, uint8_t *par);
|
||||
@@ -98,6 +110,9 @@ uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data);
|
||||
uint8_t NumBlocksPerSector(uint8_t sectorNo);
|
||||
uint8_t FirstBlockOfSector(uint8_t sectorNo);
|
||||
|
||||
bool IsSectorTrailer(uint8_t blockNo);
|
||||
uint8_t SectorTrailer(uint8_t blockNo);
|
||||
|
||||
// emulator functions
|
||||
void emlClearMem(void);
|
||||
void emlSetMem(uint8_t *data, int blockNum, int blocksCount);
|
||||
|
||||
@@ -8,8 +8,8 @@
|
||||
#include "string.h"
|
||||
|
||||
size_t DemodPCF7931(uint8_t **outBlocks);
|
||||
bool IsBlock0PCF7931(uint8_t *Block);
|
||||
bool IsBlock1PCF7931(uint8_t *Block);
|
||||
bool IsBlock0PCF7931(uint8_t *block);
|
||||
bool IsBlock1PCF7931(uint8_t *block);
|
||||
void ReadPCF7931();
|
||||
void SendCmdPCF7931(uint32_t *tab);
|
||||
bool AddBytePCF7931(uint8_t byte, uint32_t *tab, int32_t l, int32_t p);
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
#include <stddef.h>
|
||||
#include "string.h"
|
||||
|
||||
int kvsprintf(const char *format, void *arg, int radix, va_list ap) __attribute__((format(printf, 1, 0)));
|
||||
int kvsprintf(const char *fmt, void *arg, int radix, va_list ap) __attribute__((format(printf, 1, 0)));
|
||||
int vsprintf(char *dest, const char *fmt, va_list ap) __attribute__((format(printf, 2, 0)));
|
||||
int sprintf(char *dest, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
|
||||
|
||||
|
||||
@@ -48,7 +48,9 @@ static void uncompress_data_section(void) {
|
||||
data_section.opaque = NULL;
|
||||
|
||||
// initialize zlib for inflate
|
||||
inflateInit2(&data_section, 15);
|
||||
int res = inflateInit2(&data_section, 15);
|
||||
if ( res < 0 )
|
||||
return;
|
||||
|
||||
// uncompress data segment to RAM
|
||||
inflate(&data_section, Z_FINISH);
|
||||
|
||||
@@ -37,11 +37,11 @@ void StartCountSspClk();
|
||||
void ResetSspClk(void);
|
||||
uint32_t RAMFUNC GetCountSspClk();
|
||||
|
||||
extern void StartTicks(void);
|
||||
extern uint32_t GetTicks(void);
|
||||
extern void WaitTicks(uint32_t ticks);
|
||||
extern void WaitUS(uint16_t us);
|
||||
extern void WaitMS(uint16_t ms);
|
||||
void StartTicks(void);
|
||||
uint32_t GetTicks(void);
|
||||
void WaitTicks(uint32_t ticks);
|
||||
void WaitUS(uint16_t us);
|
||||
void WaitMS(uint16_t ms);
|
||||
|
||||
extern void StopTicks(void);
|
||||
void StopTicks(void);
|
||||
#endif
|
||||
|
||||
@@ -84,9 +84,9 @@
|
||||
|
||||
size_t nbytes(size_t nbits);
|
||||
|
||||
extern uint32_t reflect(uint32_t v, int b); // used in crc.c ...
|
||||
extern uint8_t reflect8(uint8_t b); // dedicated 8bit reversal
|
||||
extern uint16_t reflect16(uint16_t b); // dedicated 16bit reversal
|
||||
uint32_t reflect(uint32_t v, int b); // used in crc.c ...
|
||||
uint8_t reflect8(uint8_t b); // dedicated 8bit reversal
|
||||
uint16_t reflect16(uint16_t b); // dedicated 16bit reversal
|
||||
|
||||
void num_to_bytes(uint64_t n, size_t len, uint8_t *dest);
|
||||
uint64_t bytes_to_num(uint8_t *src, size_t len);
|
||||
|
||||
Reference in New Issue
Block a user