Iceman
@@ -930,12 +930,12 @@ static void PacketReceived(PacketCommandNG *packet) {
|
||||
|
||||
#ifdef WITH_HITAG
|
||||
case CMD_LF_HITAG_SNIFF: { // Eavesdrop Hitag tag, args = type
|
||||
SniffHitag();
|
||||
// SniffHitag(packet->oldarg[0]);
|
||||
SniffHitag2();
|
||||
// SniffHitag2(packet->oldarg[0]);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_HITAG_SIMULATE: { // Simulate Hitag tag, args = memory content
|
||||
SimulateHitagTag((bool)packet->oldarg[0], packet->data.asBytes);
|
||||
SimulateHitag2((bool)packet->oldarg[0], packet->data.asBytes);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_HITAG_READER: { // Reader for Hitag tags, args = type and function
|
||||
@@ -1176,6 +1176,14 @@ static void PacketReceived(PacketCommandNG *packet) {
|
||||
MifareChkKeys_fast(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_MIFARE_CHKKEYS_FILE: {
|
||||
struct p {
|
||||
uint8_t filename[32];
|
||||
} PACKED;
|
||||
struct p *payload = (struct p *) packet->data.asBytes;
|
||||
MifareChkKeys_file(payload->filename);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_MIFARE_SIMULATE: {
|
||||
struct p {
|
||||
uint16_t flags;
|
||||
|
||||
@@ -35,6 +35,12 @@
|
||||
#include "lfdemod.h"
|
||||
#include "commonutil.h"
|
||||
|
||||
|
||||
#define test_bit(data, i) (*(data + (i/8)) >> (7-(i % 8))) & 1
|
||||
#define set_bit(data, i) *(data + (i/8)) |= (1 << (7-(i % 8)))
|
||||
#define clear_bit(data, i) *(data + (i/8)) &= ~(1 << (7-(i % 8)))
|
||||
#define flip_bit(data, i) *(data + (i/8)) ^= (1 << (7-(i % 8)))
|
||||
|
||||
// Successful crypto auth
|
||||
static bool bCrypto;
|
||||
// Is in auth stage
|
||||
@@ -70,7 +76,6 @@ static enum {
|
||||
WRITE_STATE_PROG
|
||||
} writestate;
|
||||
|
||||
|
||||
// ToDo: define a meaningful maximum size for auth_table. The bigger this is, the lower will be the available memory for traces.
|
||||
// Historically it used to be FREE_BUFFER_SIZE, which was 2744.
|
||||
#define AUTH_TABLE_LENGTH 2744
|
||||
@@ -87,6 +92,11 @@ uint8_t nonce[4];
|
||||
bool key_no;
|
||||
static uint64_t cipher_state;
|
||||
|
||||
size_t blocknr;
|
||||
size_t flipped_bit = 0;
|
||||
uint32_t byte_value = 0;
|
||||
|
||||
|
||||
static int hitag2_reset(void) {
|
||||
tag.state = TAG_STATE_RESET;
|
||||
tag.crypto_active = 0;
|
||||
@@ -135,10 +145,12 @@ static int hitag2_init(void) {
|
||||
|
||||
static void hitag_send_bit(int bit) {
|
||||
LED_A_ON();
|
||||
|
||||
// Reset clock for the next bit
|
||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
|
||||
|
||||
// Fixed modulation, earlier proxmark version used inverted signal
|
||||
// check datasheet if reader uses BiPhase?
|
||||
if (bit == 0) {
|
||||
// Manchester: Unloaded, then loaded |__--|
|
||||
LOW(GPIO_SSC_DOUT);
|
||||
@@ -351,8 +363,6 @@ static uint32_t hitag_reader_send_frame(const uint8_t *frame, size_t frame_len)
|
||||
return wait;
|
||||
}
|
||||
|
||||
size_t blocknr;
|
||||
|
||||
uint8_t hitag_crc(uint8_t *data, size_t length) {
|
||||
uint8_t crc = 0xff;
|
||||
unsigned int byte, bit;
|
||||
@@ -371,10 +381,7 @@ uint8_t hitag_crc(uint8_t *data, size_t length) {
|
||||
return crc;
|
||||
}
|
||||
|
||||
#define test_bit(data, i) (*(data+(i/8)) >> (7-(i%8))) & 1
|
||||
#define set_bit(data, i) *(data+(i/8)) |= (1 << (7-(i%8)))
|
||||
#define clear_bit(data, i) *(data+(i/8)) &= ~(1 << (7-(i%8)))
|
||||
#define flip_bit(data, i) *(data+(i/8)) ^= (1 << (7-(i%8)))
|
||||
/*
|
||||
void fix_ac_decoding(uint8_t *input, size_t len) {
|
||||
// Reader routine tries to decode AC data after Manchester decoding
|
||||
// AC has double the bitrate, extract data from bit-pairs
|
||||
@@ -388,7 +395,12 @@ void fix_ac_decoding(uint8_t *input, size_t len) {
|
||||
}
|
||||
memcpy(input, temp, sizeof(temp));
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
// looks at number of received bits.
|
||||
// 0 = collision?
|
||||
// 32 = good response
|
||||
bool hitag_plain(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen, bool hitag_s) {
|
||||
uint8_t crc;
|
||||
*txlen = 0;
|
||||
@@ -457,9 +469,7 @@ bool hitag_plain(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen, bo
|
||||
return true;
|
||||
}
|
||||
|
||||
size_t flipped_bit = 0;
|
||||
|
||||
uint32_t byte_value = 0;
|
||||
bool hitag1_authenticate(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen) {
|
||||
uint8_t crc;
|
||||
*txlen = 0;
|
||||
@@ -958,7 +968,7 @@ static bool hitag2_read_uid(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t
|
||||
}
|
||||
|
||||
// Hitag2 Sniffing
|
||||
void SniffHitag(void) {
|
||||
void SniffHitag2(void) {
|
||||
|
||||
LEDsoff();
|
||||
StopTicks();
|
||||
@@ -1037,7 +1047,7 @@ void SniffHitag(void) {
|
||||
}
|
||||
|
||||
// Hitag2 simulation
|
||||
void SimulateHitagTag(bool tag_mem_supplied, uint8_t *data) {
|
||||
void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) {
|
||||
|
||||
StopTicks();
|
||||
|
||||
|
||||
@@ -14,8 +14,8 @@
|
||||
#include "common.h"
|
||||
#include "hitag.h"
|
||||
|
||||
void SniffHitag(void);
|
||||
void SimulateHitagTag(bool tag_mem_supplied, uint8_t *data);
|
||||
void SniffHitag2(void);
|
||||
void SimulateHitag2(bool tag_mem_supplied, uint8_t *data);
|
||||
void ReaderHitag(hitag_function htf, hitag_data *htd);
|
||||
void WriterHitag(hitag_function htf, hitag_data *htd, int page);
|
||||
|
||||
|
||||
@@ -188,6 +188,9 @@ void lf_init(bool reader) {
|
||||
|
||||
if (logging) initSampleBuffer(&bufsize);
|
||||
|
||||
sample_config *sc = getSamplingConfig();
|
||||
sc->decimation = 2;
|
||||
sc->averaging = 1;
|
||||
}
|
||||
|
||||
void lf_finalize() {
|
||||
@@ -202,6 +205,10 @@ void lf_finalize() {
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
|
||||
LEDsoff();
|
||||
|
||||
sample_config *sc = getSamplingConfig();
|
||||
sc->decimation = 1;
|
||||
sc->averaging = 0;
|
||||
}
|
||||
|
||||
size_t lf_detect_field_drop(size_t max) {
|
||||
|
||||
@@ -33,6 +33,7 @@
|
||||
#include "dbprint.h"
|
||||
#include "ticks.h"
|
||||
#include "usb_cdc.h" // usb_poll_validate_length
|
||||
#include "spiffs.h" // spiffs
|
||||
|
||||
#ifndef HARDNESTED_AUTHENTICATION_TIMEOUT
|
||||
# define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)
|
||||
@@ -1701,14 +1702,15 @@ void MifareChkKeys(uint8_t *datain) {
|
||||
bool found;
|
||||
} PACKED keyresult;
|
||||
keyresult.found = false;
|
||||
uint8_t blockNo, keyType, keyCount;
|
||||
uint8_t blockNo, keyType;
|
||||
uint16_t keyCount;
|
||||
bool clearTrace, have_uid = false;
|
||||
|
||||
keyType = datain[0];
|
||||
blockNo = datain[1];
|
||||
clearTrace = datain[2];
|
||||
keyCount = datain[3];
|
||||
datain += 4;
|
||||
keyCount = (datain[3] << 8) | datain[4];
|
||||
datain += 5;
|
||||
|
||||
LEDsoff();
|
||||
LED_A_ON();
|
||||
@@ -1780,6 +1782,27 @@ void MifareChkKeys(uint8_t *datain) {
|
||||
DBGLEVEL = oldbg;
|
||||
}
|
||||
|
||||
void MifareChkKeys_file(uint8_t *fn) {
|
||||
|
||||
SpinOff(0);
|
||||
|
||||
int changed = rdv40_spiffs_lazy_mount();
|
||||
uint32_t size = size_in_spiffs((char *)fn);
|
||||
uint8_t *mem = BigBuf_malloc(size);
|
||||
|
||||
rdv40_spiffs_read_as_filetype((char *)fn, mem, size, RDV40_SPIFFS_SAFETY_SAFE);
|
||||
|
||||
if (changed) {
|
||||
rdv40_spiffs_lazy_unmount();
|
||||
}
|
||||
|
||||
SpinOff(0);
|
||||
|
||||
MifareChkKeys(mem);
|
||||
|
||||
BigBuf_free();
|
||||
}
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
// Work with emulator memory
|
||||
//
|
||||
|
||||
@@ -31,6 +31,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
|
||||
void MifareAcquireNonces(uint32_t arg0, uint32_t flags);
|
||||
void MifareChkKeys(uint8_t *datain);
|
||||
void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
|
||||
void MifareChkKeys_file(uint8_t *fn);
|
||||
|
||||
void MifareEMemClr(void);
|
||||
void MifareEMemSet(uint8_t blockno, uint8_t blockcnt, uint8_t blockwidth, uint8_t *datain);
|
||||
|
||||
Reference in New Issue
Block a user