dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CHG: refactor CRC16 algos. This is a big change, most likely some parts broke, hard to test it all.

Browse Source
This commit is contained in:
iceman1001
2018-02-01 15:19:47 +01:00
parent d2e9f4a743
commit 52d69ed4ee
35 changed files with 512 additions and 674 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
armsrc/Makefile
View File

@@ -44,13 +44,12 @@ APP_CFLAGS = -DWITH_CRC \
SRC_LCD = fonts.c LCD.c
SRC_LF = lfops.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c
SRC_ISO15693 = iso15693.c iso15693tools.c
#SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c epa.c mifaresim.c
#SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresniff.c
#SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c
SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c
SRC_ISO14443b = iso14443b.c
SRC_FELICA = felica.c
SRC_CRAPTO1 = crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c
SRC_CRC = crc.c crc16.c crc32.c
SRC_ICLASS = iclass.c optimized_cipher.c
SRC_LEGIC = legicrf.c legic_prng.c
SRC_FLASH = flash.c

2
armsrc/Standalone/hf_colin.c
View File

@@ -737,7 +737,7 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
};
memcpy(d_block, datain, 16);
AppendCrc14443a(d_block, 16);
AddCrc14A(d_block, 16);
ReaderTransmit(d_block, sizeof(d_block), NULL);
if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
// if (MF_DBGLEVEL >= 1)

4
armsrc/apps.h
View File

@@ -113,7 +113,6 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks);
void RAMFUNC SniffIso14443b(void);
void SendRawCommand14443B(uint32_t, uint32_t, uint8_t, uint8_t[]);
void SendRawCommand14443B_Ex(UsbCommand *c);
void AppendCrc14443b(uint8_t* data, int len);
void ClearFpgaShiftingRegisters(void);
// iso14443a.h
@@ -205,12 +204,11 @@ void RAMFUNC SniffIClass(void);
void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void ReaderIClass(uint8_t arg0);
void ReaderIClass_Replay(uint8_t arg0,uint8_t *MAC);
void IClass_iso14443A_GetPublic(uint8_t arg0);
void iClass_Authentication(uint8_t *MAC);
void iClass_Authentication_fast(uint64_t arg0, uint64_t arg1, uint8_t *datain);
void iClass_WriteBlock(uint8_t blockNo, uint8_t *data);
void iClass_ReadBlk(uint8_t blockNo);
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *readdata);
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *data, uint8_t datalen);
void iClass_Dump(uint8_t blockno, uint8_t numblks);
void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data);
void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType);

7
armsrc/desfire_crypto.c
View File

@@ -258,7 +258,7 @@ void* mifare_cryto_preprocess_data (desfiretag_t tag, void *data, size_t *nbytes
// ... CRC ...
switch (DESFIRE (tag)->authentication_scheme) {
case AS_LEGACY:
AppendCrc14443a(res + offset, *nbytes - offset);
AddCrc14A(res + offset, *nbytes - offset);
*nbytes += 2;
break;
case AS_NEW:
@@ -445,9 +445,8 @@ void* mifare_cryto_postprocess_data (desfiretag_t tag, void *data, size_t *nbyte
uint32_t crc;
switch (DESFIRE (tag)->authentication_scheme) {
case AS_LEGACY:
end_crc_pos = crc_pos + 2;
AppendCrc14443a (res, end_crc_pos);
AddCrc14A(res, end_crc_pos);
end_crc_pos = crc_pos + 2;
//

178
armsrc/iclass.c
View File

@@ -41,8 +41,6 @@
// Needed for CRC in emulation mode;
// same construction as in ISO 14443;
// different initial value (CRC_ICLASS)
#include "iso14443crc.h"
#include "iso15693tools.h"
#include "crc16.h"
#include "protocols.h"
#include "optimized_cipher.h"
@@ -66,6 +64,8 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf);
#define ICLASS_BUFFER_SIZE 32
#endif
#define AddCrc(data, len) compute_crc(CRC_ICLASS, (data), (len), (data)+(len), (data)+(len)+1)
//-----------------------------------------------------------------------------
// The software UART that receives commands from the reader, and its state
// variables.
@@ -981,8 +981,9 @@ static bool GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen)
// only, since we are receiving, not transmitting).
// Signal field is off with the appropriate LED
LED_D_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);
uart_init(received);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);
// clear RXRDY:
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
@@ -1222,9 +1223,6 @@ out:
switch_off();
BigBuf_free_keep_EM();
}
void AppendCrc(uint8_t* data, int len) {
ComputeCrc14443(CRC_ICLASS, data, len, data+len, data+len+1);
}
/**
* @brief Does the actual simulation
@@ -1252,9 +1250,9 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
rotateCSN(csn_data, anticoll_data);
// Compute CRC on both CSNs
ComputeCrc14443(CRC_ICLASS, anticoll_data, 8, &anticoll_data[8], &anticoll_data[9]);
ComputeCrc14443(CRC_ICLASS, csn_data, 8, &csn_data[8], &csn_data[9]);
AddCrc(anticoll_data, 8);
AddCrc(csn_data, 8);
uint8_t diversified_key[8] = { 0 };
// e-Purse
uint8_t card_challenge_data[8] = { 0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff };
@@ -1300,7 +1298,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
uint8_t *resp_conf = BigBuf_malloc(28);
int resp_conf_len;
uint8_t conf_data[10] = {0x12,0xFF,0xFF,0xFF,0x7F,0x1F,0xFF,0x3C,0x00,0x00};
ComputeCrc14443(CRC_ICLASS, conf_data, 8, &conf_data[8], &conf_data[9]);
AddCrc(conf_data, 8);
// e-Purse
// 18: Takes 2 bytes for SOF/EOF and 8 * 2 = 16 bytes (2 bytes/bit)
@@ -1311,7 +1309,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
uint8_t *resp_aia = BigBuf_malloc(28);
int resp_aia_len;
uint8_t aia_data[10] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00};
ComputeCrc14443(CRC_ICLASS, aia_data, 8, &aia_data[8], &aia_data[9]);
AddCrc(aia_data, 8);
// receive command
uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
@@ -1387,7 +1385,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
LED_A_ON();
bool buttonPressed = false;
uint16_t response_delay = 1;
while (!exitLoop) {
WDT_HIT();
@@ -1403,7 +1401,6 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
r2t_etime = ((GetCountSspClk() - time_0) << 4 ) - r2t_stime;
// 330us normal wait, adjusted for our execution
response_delay = 230;
LED_C_ON(); //Signal tracer
@@ -1413,28 +1410,57 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
trace_data = sof_data;
trace_data_size = sizeof(sof_data);
// adjusted for 330 + (160*num of slot)
response_delay = 330 + 160 * 1;
goto send;
} else if (receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 1) { // 0x0C
// Reader asks for anticollission CSN
modulated_response = resp_anticoll; modulated_response_size = resp_anticoll_len; //order = 2;
trace_data = anticoll_data;
trace_data_size = sizeof(anticoll_data);
goto send;
} else if (receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY) { // 0x0C
if (len == 1) {
// Reader asks for anticollission CSN
modulated_response = resp_anticoll; modulated_response_size = resp_anticoll_len; //order = 2;
trace_data = anticoll_data;
trace_data_size = sizeof(anticoll_data);
goto send;
}
if (len == 4){
// block0,1,2,5 is always readable.
switch (receivedCmd[1]){
case 0: // csn (0c 00)
modulated_response = resp_csn; modulated_response_size = resp_csn_len;
trace_data = csn_data;
trace_data_size = sizeof(csn_data);
break;
case 1: // configuration (0c 01)
modulated_response = resp_conf; modulated_response_size = resp_conf_len;
trace_data = conf_data;
trace_data_size = sizeof(conf_data);
break;
case 2: // e-purse (0c 02)
modulated_response = resp_cc; modulated_response_size = resp_cc_len;
trace_data = card_challenge_data;
trace_data_size = sizeof(card_challenge_data);
break;
case 5:// Application Issuer Area (0c 05)
modulated_response = resp_aia; modulated_response_size = resp_aia_len;
trace_data = aia_data;
trace_data_size = sizeof(aia_data);
break;
default: break;
}
goto send;
}
} else if (receivedCmd[0] == ICLASS_CMD_SELECT) { // 0x81
// Reader selects anticollission CSN.
// Tag sends the corresponding real CSN
modulated_response = resp_csn; modulated_response_size = resp_csn_len; //order = 3;
trace_data = csn_data;
trace_data_size = sizeof(csn_data);
goto send;
goto send;
} else if (receivedCmd[0] == ICLASS_CMD_READCHECK_KD) { // 0x88
// Read e-purse (88 02)
modulated_response = resp_cc; modulated_response_size = resp_cc_len; //order = 4;
trace_data = card_challenge_data;
trace_data_size = sizeof(card_challenge_data);
LED_B_ON();
goto send;
goto send;
} else if (receivedCmd[0] == ICLASS_CMD_READCHECK_KC) { // 0x18
// Read e-purse (18 02)
modulated_response = resp_cc; modulated_response_size = resp_cc_len; //order = 4;
@@ -1454,8 +1480,6 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
memcpy(data_response, ToSend, ToSendMax);
modulated_response = data_response;
modulated_response_size = ToSendMax;
response_delay = 0;//We need to hurry here...
//exitLoop = true;
} else {
// Not fullsim, we don't respond
// We do not know what to answer, so lets keep quiet
@@ -1484,41 +1508,12 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
trace_data = NULL;
trace_data_size = 0;
goto send;
// sim 2 / 4,
} else if (simulationMode == MODE_EXIT_AFTER_MAC && receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 4){ // 0x0C
// block0,1,2,5 is always readable.
uint16_t blk = receivedCmd[1];
switch (blk){
case 0: // csn (0c 00)
modulated_response = resp_csn; modulated_response_size = resp_csn_len;
trace_data = csn_data;
trace_data_size = sizeof(csn_data);
break;
case 1: // configuration (0c 01)
modulated_response = resp_conf; modulated_response_size = resp_conf_len;
trace_data = conf_data;
trace_data_size = sizeof(conf_data);
break;
case 2: // e-purse (0c 02)
modulated_response = resp_cc; modulated_response_size = resp_cc_len;
trace_data = card_challenge_data;
trace_data_size = sizeof(card_challenge_data);
break;
case 5:// Application Issuer Area (0c 05)
modulated_response = resp_aia; modulated_response_size = resp_aia_len;
trace_data = aia_data;
trace_data_size = sizeof(aia_data);
break;
default: break;
}
goto send;
} else if (simulationMode == MODE_FULLSIM && receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 4){ // 0x0C
//Read block
uint16_t blk = receivedCmd[1];
//Take the data...
memcpy(data_generic_trace, emulator+(blk << 3),8);
//Add crc
AppendCrc(data_generic_trace, 8);
AddCrc(data_generic_trace, 8);
trace_data = data_generic_trace;
trace_data_size = 10;
CodeIClassTagAnswer(trace_data , trace_data_size);
@@ -1535,8 +1530,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
//Take the data...
memcpy(data_generic_trace, receivedCmd+2, 8);
//Add crc
AppendCrc(data_generic_trace, 8);
AddCrc(data_generic_trace, 8);
trace_data = data_generic_trace;
trace_data_size = 10;
CodeIClassTagAnswer(trace_data, trace_data_size);
@@ -1544,7 +1538,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
memcpy(data_response, ToSend, ToSendMax);
modulated_response = data_response;
modulated_response_size = ToSendMax;
response_delay = 4600 * 1.5; // tPROG 4-15ms
// response_delay = 4600 * 1.5; // tPROG 4-15ms
goto send;
// } else if(receivedCmd[0] == ICLASS_CMD_PAGESEL) { // 0x84
//Pagesel
@@ -1565,14 +1559,14 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) {
trace_data = NULL;
trace_data_size = 0;
}
send:
/**
A legit tag has about 330us delay between reader EOT and tag SOF.
**/
if (modulated_response_size > 0) {
t2r_stime = (GetCountSspClk() - time_0) << 4;
SendIClassAnswer(modulated_response, modulated_response_size, response_delay);
SendIClassAnswer(modulated_response, modulated_response_size, 0);
t2r_etime = ((GetCountSspClk() - time_0) << 4 ) - t2r_stime;
}
@@ -1597,8 +1591,8 @@ send:
* @param delay
*/
static int SendIClassAnswer(uint8_t *resp, int respLen, uint16_t delay) {
int i = 0; // d = 0;
uint8_t b = 0;
int i = 0;
volatile uint8_t b = 0;
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K_8BIT);
AT91C_BASE_SSC->SSC_THR = 0x00;
@@ -1630,7 +1624,7 @@ static int SendIClassAnswer(uint8_t *resp, int respLen, uint16_t delay) {
static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int *wait) {
int c = 0;
volatile uint32_t r;
volatile uint32_t b;
bool firstpart = true;
uint8_t sendbyte;
@@ -1665,7 +1659,7 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int
}
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = AT91C_BASE_SSC->SSC_RHR; (void)r;
b = AT91C_BASE_SSC->SSC_RHR; (void)b;
}
}
@@ -1829,8 +1823,6 @@ void setupIclassReader() {
// Signal field is on with the appropriate LED
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
SpinDelay(300);
init_table(CRC_15_ICLASS);
// Start the timer
StartCountSspClk();
@@ -1843,6 +1835,8 @@ bool sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint8_t* re
ReaderTransmitIClass(command, cmdsize);
//iceman - if received size is bigger than expected, we smash the stack here
// since its called with fixed sized arrays
if (expected_size == ReaderReceiveIClass(resp))
return true;
}
@@ -2057,14 +2051,12 @@ void ReaderIClass(uint8_t arg0) {
// turn off afterwards
void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
uint16_t crc = 0;
uint8_t cardsize = 0;
uint8_t mem = 0;
uint8_t check[] = { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 };
uint8_t card_data[USB_CMD_DATA_SIZE] = {0};
uint8_t resp[ICLASS_BUFFER_SIZE] = {0};
uint8_t tmp[] = {1};
static struct memory_t{
int k16;
@@ -2092,10 +2084,8 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
}
//first get configuration block (block 1)
crc = crc16_iclass( tmp , 1);
read[1] = 1;
read[2] = crc >> 8;
read[3] = crc & 0xff;
AddCrc( read+1, 1 );
if (!sendCmdGetResponseWithRetries(read, sizeof(read), resp, 10, 5)) {
DbpString("Dump config (block 1) failed");
@@ -2121,11 +2111,7 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
for ( uint16_t block=0; block < cardsize; block++) {
read[1] = block;
//crc = block_crc_LUT[block];
tmp[0] = block & 0xFF;
crc = crc16_iclass( tmp , 1);
read[2] = crc >> 8;
read[3] = crc & 0xff;
AddCrc( read+1, 1 );
if (sendCmdGetResponseWithRetries(read, sizeof(read), resp, 10, 5)) {
Dbprintf(" %02x: %02x %02x %02x %02x %02x %02x %02x %02x",
@@ -2296,30 +2282,29 @@ out:
LED_C_OFF();
}
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *readdata) {
uint8_t readcmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockNo, 0x00, 0x00}; //0x88, 0x00 // can i use 0C?
uint16_t crc = crc16_iclass(readcmd+1, 1);
readcmd[2] = crc >> 8;
readcmd[3] = crc & 0xff;
uint8_t resp[] = {0,0,0,0,0,0,0,0,0,0};
bool isOK = sendCmdGetResponseWithRetries(readcmd, sizeof(readcmd), resp, 10, 5);
memcpy(readdata, resp, sizeof(resp));
// Tries to read block.
// retries 5times.
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *data, uint8_t len) {
//uint8_t resp[] = BigBuf_malloc(len);
uint8_t resp[20];
uint8_t cmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockNo, 0x00, 0x00}; //0x88, 0x00 // can i use 0C?
AddCrc( cmd+1, 1 );
bool isOK = sendCmdGetResponseWithRetries(cmd, sizeof(cmd), resp, len, 5);
memcpy(data, resp, len);
return isOK;
}
// turn off afterwards
void iClass_ReadBlk(uint8_t blockno) {
uint8_t readblockdata[] = {0,0,0,0,0,0,0,0,0,0};
bool isOK = false;
isOK = iClass_ReadBlock(blockno, readblockdata);
cmd_send(CMD_ACK, isOK, 0, 0, readblockdata, 8);
uint8_t data[] = {0,0,0,0,0,0,0,0,0,0};
bool isOK = iClass_ReadBlock(blockno, data, sizeof(data));
cmd_send(CMD_ACK, isOK, 0, 0, data, 8);
switch_off();
}
// turn off afterwards
void iClass_Dump(uint8_t blockno, uint8_t numblks) {
uint8_t readblockdata[] = {0,0,0,0,0,0,0,0,0,0};
uint8_t blockdata[] = {0,0,0,0,0,0,0,0,0,0};
bool isOK = false;
uint8_t blkCnt = 0;
@@ -2334,17 +2319,17 @@ void iClass_Dump(uint8_t blockno, uint8_t numblks) {
memset(dataout, 0xFF, 255*8);
for (;blkCnt < numblks; blkCnt++) {
isOK = iClass_ReadBlock(blockno + blkCnt, readblockdata);
isOK = iClass_ReadBlock(blockno + blkCnt, blockdata, sizeof(blockdata));
// 0xBB is the internal debug separator byte..
if (!isOK || (readblockdata[0] == 0xBB || readblockdata[7] == 0xBB || readblockdata[2] == 0xBB)) { //try again
isOK = iClass_ReadBlock(blockno + blkCnt, readblockdata);
if (!isOK || (blockdata[0] == 0xBB || blockdata[7] == 0xBB || blockdata[2] == 0xBB)) { //try again
isOK = iClass_ReadBlock(blockno + blkCnt, blockdata, sizeof(blockdata));
if (!isOK) {
Dbprintf("Block %02X failed to read", blkCnt + blockno);
break;
}
}
memcpy(dataout + (blkCnt * 8), readblockdata, 8);
memcpy(dataout + (blkCnt * 8), blockdata, 8);
}
//return pointer to dump memory in arg3
cmd_send(CMD_ACK, isOK, blkCnt, BigBuf_max_traceLen(), 0, 0);
@@ -2353,12 +2338,11 @@ void iClass_Dump(uint8_t blockno, uint8_t numblks) {
}
bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
uint8_t resp[] = {0,0,0,0,0,0,0,0,0,0};
uint8_t write[] = { ICLASS_CMD_UPDATE, blockNo, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
memcpy(write+2, data, 12); // data + mac
uint16_t crc = crc16_iclass(write+1, 13);
write[14] = crc >> 8;
write[15] = crc & 0xff;
uint8_t resp[] = {0,0,0,0,0,0,0,0,0,0};
AddCrc(write+1, 13);
bool isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 5);
if (isOK) { //if reader responded correctly

70
armsrc/iso14443a.c
View File

@@ -152,9 +152,6 @@ void GetParity(const uint8_t *pbtCmd, uint16_t iLen, uint8_t *par) {
par[paritybyte_cnt] = parityBits;
}
void AppendCrc14443a(uint8_t* data, int len) {
ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
}
//=============================================================================
// ISO 14443 Type A - Miller decoder
@@ -887,7 +884,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
// PACK
response8[0] = 0x80;
response8[1] = 0x80;
ComputeCrc14443(CRC_14443_A, response8, 2, &response8[2], &response8[3]);
compute_crc(CRC_14443_A, response8, 2, &response8[2], &response8[3]);
// uid not supplied then get from emulator memory
if (data[0]==0) {
uint16_t start = 4 * (0+12);
@@ -944,12 +941,12 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
// Prepare the mandatory SAK (for 4 and 7 byte UID)
uint8_t response3[3] = {sak, 0x00, 0x00};
ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]);
compute_crc(CRC_14443_A, response3, 1, &response3[1], &response3[2]);
// Prepare the optional second SAK (for 7 byte UID), drop the cascade bit
uint8_t response3a[3] = {0x00};
response3a[0] = sak & 0xFB;
ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
compute_crc(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
// Tag NONCE.
uint8_t response5[4];
@@ -959,7 +956,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
// TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1
// TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us)
// TC(1) = 0x02: CID supported, NAD not supported
ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]);
compute_crc(CRC_14443_A, response6, 4, &response6[4], &response6[5]);
// Prepare GET_VERSION (different for UL EV-1 / NTAG)
// uint8_t response7_EV1[] = {0x00, 0x04, 0x03, 0x01, 0x01, 0x00, 0x0b, 0x03, 0xfd, 0xf7}; //EV1 48bytes VERSION.
@@ -1058,14 +1055,14 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
uint16_t start = 4 * (block+12);
uint8_t emdata[MAX_MIFARE_FRAME_SIZE];
emlGetMemBt( emdata, start, 16);
AppendCrc14443a(emdata, 16);
AddCrc14A(emdata, 16);
EmSendCmd(emdata, sizeof(emdata));
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
p_response = NULL;
} else { // all other tags (16 byte block tags)
uint8_t emdata[MAX_MIFARE_FRAME_SIZE];
emlGetMemBt( emdata, block, 16);
AppendCrc14443a(emdata, 16);
AddCrc14A(emdata, 16);
EmSendCmd(emdata, sizeof(emdata));
// EmSendCmd(data+(4*receivedCmd[1]),16);
// Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]);
@@ -1078,7 +1075,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
int start = (receivedCmd[1]+12) * 4;
int len = (receivedCmd[2] - receivedCmd[1] + 1) * 4;
emlGetMemBt( emdata, start, len);
AppendCrc14443a(emdata, len);
AddCrc14A(emdata, len);
EmSendCmd(emdata, len+2);
p_response = NULL;
} else if (receivedCmd[0] == MIFARE_ULEV1_READSIG && tagType == 7) { // Received a READ SIGNATURE --
@@ -1086,7 +1083,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
uint16_t start = 4 * 4;
uint8_t emdata[34];
emlGetMemBt( emdata, start, 32);
AppendCrc14443a(emdata, 32);
AddCrc14A(emdata, 32);
EmSendCmd(emdata, sizeof(emdata));
p_response = NULL;
} else if (receivedCmd[0] == MIFARE_ULEV1_READ_CNT && tagType == 7) { // Received a READ COUNTER --
@@ -1098,7 +1095,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
} else {
uint8_t cmd[] = {0x00,0x00,0x00,0x14,0xa5};
num_to_bytes(counters[index], 3, cmd);
AppendCrc14443a(cmd, sizeof(cmd)-2);
AddCrc14A(cmd, sizeof(cmd)-2);
EmSendCmd(cmd,sizeof(cmd));
}
p_response = NULL;
@@ -1135,7 +1132,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
EmSendCmd(nack,sizeof(nack));
} else {
emlGetMemBt( emdata, 10+index, 1);
AppendCrc14443a(emdata, sizeof(emdata)-2);
AddCrc14A(emdata, sizeof(emdata)-2);
EmSendCmd(emdata, sizeof(emdata));
}
p_response = NULL;
@@ -1146,7 +1143,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
if ( tagType == 7 ) { // IF NTAG /EV1 0x60 == GET_VERSION, not a authentication request.
uint8_t emdata[10];
emlGetMemBt( emdata, 0, 8 );
AppendCrc14443a(emdata, sizeof(emdata)-2);
AddCrc14A(emdata, sizeof(emdata)-2);
EmSendCmd(emdata, sizeof(emdata));
p_response = NULL;
} else {
@@ -1242,7 +1239,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
uint16_t start = 13; // first 4 blocks of emu are [getversion answer - check tearing - pack - 0x00]
uint8_t emdata[4];
emlGetMemBt( emdata, start, 2);
AppendCrc14443a(emdata, 2);
AddCrc14A(emdata, 2);
EmSendCmd(emdata, sizeof(emdata));
p_response = NULL;
uint32_t pwd = bytes_to_num(receivedCmd+1,4);
@@ -1308,7 +1305,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t* data) {
dynamic_response_info.response[1] = receivedCmd[1];
// Add CRC bytes, always used in ISO 14443A-4 compliant cards
AppendCrc14443a(dynamic_response_info.response, dynamic_response_info.response_n);
AddCrc14A(dynamic_response_info.response, dynamic_response_info.response_n);
dynamic_response_info.response_n += 2;
if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
@@ -1420,12 +1417,16 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
// clear TXRDY
AT91C_BASE_SSC->SSC_THR = SEC_Y;
volatile uint8_t b;
uint16_t c = 0;
while (c < len) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = cmd[c];
c++;
AT91C_BASE_SSC->SSC_THR = cmd[c++];
}
//iceman test
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
b = (uint16_t)(AT91C_BASE_SSC->SSC_RHR); (void)b;
}
}
NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
@@ -1586,7 +1587,7 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
}
int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen) {
uint8_t b;
volatile uint8_t b;
uint16_t i = 0;
uint32_t ThisTransferTime;
bool correctionNeeded;
@@ -1631,7 +1632,10 @@ int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen) {
AT91C_BASE_SSC->SSC_THR = resp[i++];
FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
b = (uint16_t)(AT91C_BASE_SSC->SSC_RHR); (void)b;
}
if(BUTTON_PRESS()) break;
}
@@ -1943,7 +1947,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_card, uint32_
sel_uid[1] = 0x70; // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
memcpy(sel_uid+2, uid_resp, 4); // the UID received during anticollision, or the provided UID
sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC
AppendCrc14443a(sel_uid, 7); // calculate and add CRC
AddCrc14A(sel_uid, 7); // calculate and add CRC
ReaderTransmit(sel_uid, sizeof(sel_uid), NULL);
// Receive the SAK
@@ -1980,7 +1984,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_card, uint32_
// RATS, Request for answer to select
if ( !no_rats ) {
AppendCrc14443a(rats, 2);
AddCrc14A(rats, 2);
ReaderTransmit(rats, sizeof(rats), NULL);
len = ReaderReceive(resp, resp_par);
@@ -2032,7 +2036,7 @@ int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades) {
//sel_uid[1] = 0x70; // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
memcpy(sel_uid+2, uid_resp, 4); // the UID received during anticollision, or the provided UID
sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC
AppendCrc14443a(sel_uid, 7); // calculate and add CRC
AddCrc14A(sel_uid, 7); // calculate and add CRC
ReaderTransmit(sel_uid, sizeof(sel_uid), NULL);
// Receive the SAK
@@ -2112,7 +2116,7 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
// put block number into the PCB
real_cmd[0] |= iso14_pcb_blocknum;
memcpy(real_cmd + 1, cmd, cmd_len);
AppendCrc14443a(real_cmd, cmd_len + 1);
AddCrc14A(real_cmd, cmd_len + 1);
ReaderTransmit(real_cmd, cmd_len + 3, NULL);
@@ -2131,7 +2135,7 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
// byte1 - WTXM [1..59]. command FWT=FWT*WTXM
data_bytes[1] = data_bytes[1] & 0x3f; // 2 high bits mandatory set to 0b
// now need to fix CRC.
AppendCrc14443a(data_bytes, len - 2);
AddCrc14A(data_bytes, len - 2);
// transmit S-Block
ReaderTransmit(data_bytes, len, NULL);
// retrieve the result again (with increased timeout)
@@ -2152,7 +2156,7 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
}
// crc check
if (len >=3 && !CheckCrc14443(CRC_14443_A, data_bytes, len)) {
if (len >=3 && !check_crc(CRC_14443_A, data_bytes, len)) {
return -1;
}
@@ -2221,9 +2225,9 @@ void ReaderIso14443a(UsbCommand *c) {
// Don't append crc on empty bytearray...
if ( len > 0 ) {
if ((param & ISO14A_TOPAZMODE))
AppendCrc14443b(cmd, len);
AddCrc14B(cmd, len);
else
AppendCrc14443a(cmd, len);
AddCrc14A(cmd, len);
len += 2;
if (lenbits) lenbits += 16;
@@ -2344,7 +2348,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) {
static uint8_t par_low = 0;
static uint8_t mf_nr_ar3 = 0;
AppendCrc14443a(mf_auth, 2);
AddCrc14A(mf_auth, 2);
if (first_try) {
sync_time = GetCountSspClk() & 0xfffffff8;
@@ -2921,9 +2925,9 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
break;
}
// calc some crcs
ComputeCrc14443(CRC_14443_A, sak_4, 1, &sak_4[1], &sak_4[2]);
ComputeCrc14443(CRC_14443_A, sak_7, 1, &sak_7[1], &sak_7[2]);
ComputeCrc14443(CRC_14443_A, sak_10, 1, &sak_10[1], &sak_10[2]);
compute_crc(CRC_14443_A, sak_4, 1, &sak_4[1], &sak_4[2]);
compute_crc(CRC_14443_A, sak_7, 1, &sak_7[1], &sak_7[2]);
compute_crc(CRC_14443_A, sak_10, 1, &sak_10[1], &sak_10[2]);
// We need to listen to the high-frequency, peak-detected path.
iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
@@ -3247,7 +3251,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
if (MF_DBGLEVEL >= 4) Dbprintf("Reader reading block %d (0x%02x)", receivedCmd[1], receivedCmd[1]);
emlGetMem(response, receivedCmd[1], 1);
AppendCrc14443a(response, 16);
AddCrc14A(response, 16);
mf_crypto1_encrypt(pcs, response, 18, response_par);
EmSendCmdPar(response, 18, response_par);
numReads++;

11
armsrc/iso14443a.h
View File

@@ -22,7 +22,7 @@ extern "C" {
#include "apps.h"
#include "util.h"
#include "string.h"
#include "iso14443crc.h"
#include "crc16.h"
#include "mifaresniff.h"
#include "crapto1/crapto1.h"
#include "mifareutil.h"
@@ -85,8 +85,15 @@ typedef struct {
uint8_t *parity;
} tUart;
#ifndef AddCrc14A
# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1)
#endif
#ifndef AddCrc14B
# define AddCrc14B(data, len) compute_crc(CRC_14443_B, (data), (len), (data)+(len), (data)+(len)+1)
#endif
extern void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
extern void AppendCrc14443a(uint8_t *data, int len);
extern tDemod* GetDemod(void);
extern void DemodReset(void);

80
armsrc/iso14443b.c
View File

@@ -169,10 +169,6 @@ static void iso14b_set_maxframesize(uint16_t size) {
if(MF_DBGLEVEL >= 3) Dbprintf("ISO14443B Max frame size set to %d bytes", Uart.byteCntMax);
}
void AppendCrc14443b(uint8_t* data, int len) {
ComputeCrc14443(CRC_14443_B, data, len, data+len, data+len+1);
}
//-----------------------------------------------------------------------------
// Code up a string of octets at layer 2 (including CRC, we don't generate
// that here) so that they can be transmitted to the reader. Doesn't transmit
@@ -457,7 +453,11 @@ static int GetIso14443bCommandFromReader(uint8_t *received, uint16_t *len) {
AT91C_BASE_SSC->SSC_THR = 0xFF;
++c;
}
}
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
b = (uint16_t)(AT91C_BASE_SSC->SSC_RHR); (void)b;
}
}
*/
// Now run a `software UART' on the stream of incoming samples.
@@ -588,9 +588,8 @@ void SimulateIso14443bTag(uint32_t pupi) {
// ...PUPI/UID supplied from user. Adjust ATQB response accordingly
if ( pupi > 0 ) {
uint8_t len = sizeof(respATQB);
num_to_bytes(pupi, 4, respATQB+1);
ComputeCrc14443(CRC_14443_B, respATQB, 12, &respATQB[len-2], &respATQB[len-1]);
AddCrc14B(respATQB, 12);
}
// prepare "ATQB" tag answer (encoded):
@@ -685,10 +684,9 @@ void SimulateIso14443bTag(uint32_t pupi) {
Dbprintf("new cmd from reader: len=%d, cmdsRecvd=%d", len, cmdsReceived);
// CRC Check
uint8_t b1, b2;
if (len >= 3){ // if crc exists
ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2);
if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1])
if (!check_crc(CRC_14443_B, receivedCmd, len))
DbpString("+++CRC fail");
else
DbpString("CRC passes");
@@ -1042,10 +1040,10 @@ static void TransmitFor14443b_AsReader(void) {
// Send frame loop
for(c = 0; c < ToSendMax;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = ToSend[c++];
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
b = AT91C_BASE_SSC->SSC_RHR; (void)b;
}
}
@@ -1156,7 +1154,7 @@ static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len) {
* TODO: check CRC and preamble
*/
uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response) {
uint8_t crc[2] = {0x00, 0x00};
uint8_t message_frame[message_length + 4];
// PCB
message_frame[0] = 0x0A | pcb_blocknum;
@@ -1166,7 +1164,7 @@ uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *r
// INF
memcpy(message_frame + 2, message, message_length);
// EDC (CRC)
ComputeCrc14443(CRC_14443_B, message_frame, message_length + 2, &message_frame[message_length + 2], &message_frame[message_length + 3]);
AddCrc14B(message_frame, message_length + 2);
// send
CodeAndTransmit14443bAsReader(message_frame, message_length + 4); //no
// get response
@@ -1175,8 +1173,7 @@ uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *r
return 0;
// VALIDATE CRC
ComputeCrc14443(CRC_14443_B, Demod.output, Demod.len-2, &crc[0], &crc[1]);
if ( crc[0] != Demod.output[Demod.len-2] || crc[1] != Demod.output[Demod.len-1] )
if (!check_crc(CRC_14443_B, Demod.output, Demod.len))
return 0;
// copy response contents
@@ -1194,8 +1191,6 @@ uint8_t iso14443b_select_srx_card(iso14b_card_select_t *card ) {
static const uint8_t init_srx[] = { ISO14443B_INITIATE, 0x00, 0x97, 0x5b };
// SELECT command (with space for CRC)
uint8_t select_srx[] = { ISO14443B_SELECT, 0x00, 0x00, 0x00};
// temp to calc crc.
uint8_t crc[2] = {0x00, 0x00};
CodeAndTransmit14443bAsReader(init_srx, sizeof(init_srx));
GetTagSamplesFor14443bDemod(); //no
@@ -1207,15 +1202,15 @@ uint8_t iso14443b_select_srx_card(iso14b_card_select_t *card ) {
select_srx[1] = Demod.output[0];
ComputeCrc14443(CRC_14443_B, select_srx, 2, &select_srx[2], &select_srx[3]);
AddCrc14B(select_srx, 2);
CodeAndTransmit14443bAsReader(select_srx, sizeof(select_srx));
GetTagSamplesFor14443bDemod(); //no
if (Demod.len != 3) return 2;
// Check the CRC of the answer:
ComputeCrc14443(CRC_14443_B, Demod.output, Demod.len-2 , &crc[0], &crc[1]);
if(crc[0] != Demod.output[1] || crc[1] != Demod.output[2]) return 3;
if (!check_crc(CRC_14443_B, Demod.output, Demod.len)) return 3;
// Check response from the tag: should be the same UID as the command we just sent:
if (select_srx[1] != Demod.output[0]) return 1;
@@ -1223,15 +1218,14 @@ uint8_t iso14443b_select_srx_card(iso14b_card_select_t *card ) {
// First get the tag's UID:
select_srx[0] = ISO14443B_GET_UID;
ComputeCrc14443(CRC_14443_B, select_srx, 1 , &select_srx[1], &select_srx[2]);
AddCrc14B(select_srx, 1);
CodeAndTransmit14443bAsReader(select_srx, 3); // Only first three bytes for this one
GetTagSamplesFor14443bDemod(); //no
if (Demod.len != 10) return 2;
// The check the CRC of the answer
ComputeCrc14443(CRC_14443_B, Demod.output, Demod.len-2, &crc[0], &crc[1]);
if(crc[0] != Demod.output[8] || crc[1] != Demod.output[9]) return 3;
// The check the CRC of the answer
if (!check_crc(CRC_14443_B, Demod.output, Demod.len)) return 3;
if (card) {
card->uidlen = 8;
@@ -1252,9 +1246,6 @@ uint8_t iso14443b_select_card(iso14b_card_select_t *card ) {
static const uint8_t wupb[] = { ISO14443B_REQB, 0x00, 0x08, 0x39, 0x73 };
// ATTRIB command (with space for CRC)
uint8_t attrib[] = { ISO14443B_ATTRIB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00};
// temp to calc crc.
uint8_t crc[2] = {0x00, 0x00};
// first, wake up the tag
CodeAndTransmit14443bAsReader(wupb, sizeof(wupb));
@@ -1264,8 +1255,7 @@ uint8_t iso14443b_select_card(iso14b_card_select_t *card ) {
if (Demod.len < 14) return 2;
// VALIDATE CRC
ComputeCrc14443(CRC_14443_B, Demod.output, Demod.len-2, &crc[0], &crc[1]);
if ( crc[0] != Demod.output[12] || crc[1] != Demod.output[13] )
if (!check_crc(CRC_14443_B, Demod.output, Demod.len))
return 3;
if (card) {
@@ -1279,7 +1269,7 @@ uint8_t iso14443b_select_card(iso14b_card_select_t *card ) {
// copy the protocol info from ATQB (Protocol Info -> Protocol_Type) into ATTRIB (Param 3)
attrib[7] = Demod.output[10] & 0x0F;
ComputeCrc14443(CRC_14443_B, attrib, 9, attrib + 9, attrib + 10);
AddCrc14B(attrib, 9);
CodeAndTransmit14443bAsReader(attrib, sizeof(attrib));
GetTagSamplesFor14443bDemod();//select_card
@@ -1288,8 +1278,7 @@ uint8_t iso14443b_select_card(iso14b_card_select_t *card ) {
if(Demod.len < 3) return 2;
// VALIDATE CRC
ComputeCrc14443(CRC_14443_B, Demod.output, Demod.len-2, &crc[0], &crc[1]);
if ( crc[0] != Demod.output[1] || crc[1] != Demod.output[2] )
if (!check_crc(CRC_14443_B, Demod.output, Demod.len) )
return 3;
if (card) {
@@ -1374,7 +1363,7 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) {
// Signal field is on with the appropriate LED
LED_D_ON();
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);
SpinDelay(20);
SpinDelay(100);
uint8_t i = 0x00;
@@ -1396,7 +1385,7 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) {
DbpString("[!] SELECT tag:");
cmd1[0] = ISO14443B_SELECT; // 0x0E is SELECT
cmd1[1] = Demod.output[0];
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);
AddCrc14B(cmd1, 2);
CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1)); //no
GetTagSamplesFor14443bDemod(); //no
if (Demod.len != 3) {
@@ -1405,8 +1394,8 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) {
return;
}
// Check the CRC of the answer:
ComputeCrc14443(CRC_14443_B, Demod.output, 1 , &cmd1[2], &cmd1[3]);
if(cmd1[2] != Demod.output[1] || cmd1[3] != Demod.output[2]) {
if (!check_crc(CRC_14443_B, Demod.output, Demod.len)) {
DbpString("[!] CRC Error reading select response.");
set_tracing(false);
return;
@@ -1421,7 +1410,7 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) {
// Tag is now selected,
// First get the tag's UID:
cmd1[0] = ISO14443B_GET_UID;
ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]);
AddCrc14B(cmd1, 1);
CodeAndTransmit14443bAsReader(cmd1, 3); // no -- Only first three bytes for this one
GetTagSamplesFor14443bDemod(); //no
if (Demod.len != 10) {
@@ -1430,8 +1419,8 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) {
return;
}
// The check the CRC of the answer (use cmd1 as temporary variable):
ComputeCrc14443(CRC_14443_B, Demod.output, 8, &cmd1[2], &cmd1[3]);
if(cmd1[2] != Demod.output[8] || cmd1[3] != Demod.output[9]) {
if (!check_crc(CRC_14443_B, Demod.output, Demod.len)) {
Dbprintf("[!] CRC Error reading block! Expected: %04x got: %04x", (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9]);
// Do not return;, let's go on... (we should retry, maybe ?)
}
@@ -1451,7 +1440,7 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) {
i = 0xff;
}
cmd1[1] = i;
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);
AddCrc14B(cmd1, 2);
CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1)); //no
GetTagSamplesFor14443bDemod(); //no
@@ -1460,8 +1449,8 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) {
return;
}
// The check the CRC of the answer (use cmd1 as temporary variable):
ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]);
if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) {
if (!check_crc(CRC_14443_B, Demod.output, Demod.len)) {
Dbprintf("[!] CRC Error reading block! Expected: %04x got: %04x",
(cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5]);
// Do not return;, let's go on... (we should retry, maybe ?)
@@ -1640,8 +1629,7 @@ void iso14b_set_trigger(bool enable) {
* none
*
*/
void SendRawCommand14443B_Ex(UsbCommand *c)
{
void SendRawCommand14443B_Ex(UsbCommand *c) {
iso14b_command_t param = c->arg[0];
size_t len = c->arg[1] & 0xffff;
uint8_t *cmd = c->d.asBytes;
@@ -1687,7 +1675,7 @@ void SendRawCommand14443B_Ex(UsbCommand *c)
if ((param & ISO14B_RAW) == ISO14B_RAW) {
if((param & ISO14B_APPEND_CRC) == ISO14B_APPEND_CRC) {
AppendCrc14443b(cmd, len);
AddCrc14B(cmd, len);
len += 2;
}

11
armsrc/iso14443b.h
View File

@@ -22,11 +22,18 @@ extern "C" {
#include "apps.h"
#include "util.h"
#include "string.h"
#include "iso14443crc.h"
#include "crc16.h"
#include "mifare.h"
#include "protocols.h"
extern void AppendCrc14443b(uint8_t *data, int len);
#ifndef AddCrc14A
# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1)
#endif
#ifndef AddCrc14B
# define AddCrc14B(data, len) compute_crc(CRC_14443_B, (data), (len), (data)+(len), (data)+(len)+1)
#endif
extern void SendRawCommand14443B_Ex(UsbCommand *c);
extern void iso14443b_setup();
extern uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);

15
armsrc/iso15693.c
View File

@@ -81,9 +81,10 @@
#define Logic1 Iso15693Logic1
#define FrameEOF Iso15693FrameEOF
#define Crc(data,datalen) Iso15693Crc((data), (datalen))
#define AddCrc(data,datalen) Iso15693AddCrc((data), (datalen))
#define CheckCrc(data,datalen) Iso15693CheckCrc((data), (datalen))
#define Crc(data, len) crc(CRC_15693, (data), (len))
#define CheckCrc(data, len) check_crc(CRC_15693, (data), (len))
#define AddCrc(data, len) compute_crc(CRC_15693, (data), (len), (data)+(len), (data)+(len)+1)
#define sprintUID(target,uid) Iso15693sprintUID((target), (uid))
static void BuildIdentifyRequest(uint8_t *cmdout);
@@ -839,7 +840,7 @@ void DbdecodeIso15693Answer(int len, uint8_t *d) {
strncat(status ,"No error ", DBD15STATLEN);
}
if (CheckCrc(d,len))
if (CheckCrc(d, len))
strncat(status, "[+] crc OK", DBD15STATLEN);
else
strncat(status, "[!] crc fail", DBD15STATLEN);
@@ -1015,7 +1016,8 @@ void BruteforceIso15693Afi(uint32_t speed) {
data[0] = ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
data[1] = ISO15_CMD_INVENTORY;
data[2] = 0; // mask length
datalen = AddCrc(data, 3);
AddCrc(data, 3);
datalen += 2;
recvlen = SendDataTag(data, datalen, false, speed, buf);
@@ -1033,7 +1035,8 @@ void BruteforceIso15693Afi(uint32_t speed) {
for (uint16_t i = 0; i < 256; i++) {
data[2] = i & 0xFF;
datalen = AddCrc(data, 4);
AddCrc(data, 4);
datalen += 2;
recvlen = SendDataTag(data, datalen, false, speed, buf);
WDT_HIT();
if (recvlen >= 12) {

4
armsrc/mifarecmd.c
View File

@@ -676,7 +676,7 @@ void MifareAcquireNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *
// Transmit MIFARE_CLASSIC_AUTH
uint8_t dcmd[4] = {0x60 + (keyType & 0x01), blockNo, 0x00, 0x00};
AppendCrc14443a(dcmd, 2);
AddCrc14A(dcmd, 2);
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, par);
@@ -1721,7 +1721,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
}
memcpy(data, datain, 16);
AppendCrc14443a(data, 16);
AddCrc14A(data, 16);
ReaderTransmit(data, sizeof(data), NULL);
if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {

6
armsrc/mifaredesfire.c
View File

@@ -334,7 +334,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
memcpy(buff1,newKey, 8);
memcpy(buff2,newKey + 8, 8);
ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
compute_crc(CRC_14443_A, newKey, 16, &first, &second);
memcpy(buff3, &first, 1);
memcpy(buff3 + 1, &second, 1);
@@ -376,7 +376,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
memcpy(buff1,newKey, 8);
memcpy(buff2,newKey + 8, 8);
ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
compute_crc(CRC_14443_A, newKey, 16, &first, &second);
memcpy(buff3, &first, 1);
memcpy(buff3 + 1, &second, 1);
@@ -546,7 +546,7 @@ size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){
cmd[1] = 0x00; // CID: 0x00 //TODO: allow multiple selected cards
memcpy(cmd+2, datain, len);
AppendCrc14443a(cmd, len+2);
AddCrc14A(cmd, len+2);
memcpy(dataout, cmd, cmdlen);

16
armsrc/mifareutil.c
View File

@@ -62,7 +62,7 @@ int mifare_sendcmd(uint8_t cmd, uint8_t* data, uint8_t data_size, uint8_t* answe
uint8_t dcmd[data_size+3];
dcmd[0] = cmd;
memcpy(dcmd+1, data, data_size);
AppendCrc14443a(dcmd, data_size+1);
AddCrc14A(dcmd, data_size+1);
ReaderTransmit(dcmd, sizeof(dcmd), timing);
int len = ReaderReceive(answer, answer_parity);
if(!len) {
@@ -78,7 +78,7 @@ int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd,
uint8_t dcmd[4] = {cmd, data, 0x00, 0x00};
uint8_t ecmd[4] = {0x00, 0x00, 0x00, 0x00};
uint8_t par[1] = {0x00}; // 1 Byte parity is enough here
AppendCrc14443a(dcmd, 2);
AddCrc14A(dcmd, 2);
memcpy(ecmd, dcmd, sizeof(dcmd));
if (crypted) {
@@ -213,7 +213,7 @@ int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blo
}
memcpy(bt, receivedAnswer + 16, 2);
AppendCrc14443a(receivedAnswer, 16);
AddCrc14A(receivedAnswer, 16);
if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
if (MF_DBGLEVEL >= MF_DBG_ALL) Dbprintf("Cmd CRC response error.");
return 3;
@@ -351,7 +351,7 @@ int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData) {
}
memcpy(bt, receivedAnswer + 16, 2);
AppendCrc14443a(receivedAnswer, 16);
AddCrc14A(receivedAnswer, 16);
if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd CRC response error.");
return 3;
@@ -381,7 +381,7 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl
}
memcpy(d_block, blockData, 16);
AppendCrc14443a(d_block, 16);
AddCrc14A(d_block, 16);
// crypto
for (pos = 0; pos < 18; pos++) {
@@ -424,7 +424,7 @@ int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData) {
}
memcpy(d_block, blockData, 16);
AppendCrc14443a(d_block, 16);
AddCrc14A(d_block, 16);
ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);
@@ -586,7 +586,7 @@ void emlClearMem(void) {
// Mifare desfire commands
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing) {
uint8_t dcmd[5] = {cmd, data[0], data[1], 0x00, 0x00};
AppendCrc14443a(dcmd, 3);
AddCrc14A(dcmd, 3);
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);
@@ -601,7 +601,7 @@ int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t c
uint8_t dcmd[20] = {0x00};
dcmd[0] = cmd;
memcpy(dcmd+1,data,17);
AppendCrc14443a(dcmd, 18);
AddCrc14A(dcmd, 18);
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);