ADD: midnitesnakes desfire, ultralight changes from Unstable branch.
ADD: Marshmellows fixes for the LF (demods) commands, (LF SEACH) ADD: Holimans changes with hash1_brute FIXES: minor fixes with some calls to "free" and redundant debug statement and code cleanup. removal of commented code.
This commit is contained in:
iceman1001
@@ -18,7 +18,7 @@ SRC_LF = lfops.c hitag2.c
|
||||
SRC_ISO15693 = iso15693.c iso15693tools.c
|
||||
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
|
||||
SRC_ISO14443b = iso14443.c
|
||||
SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c
|
||||
SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
|
||||
SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c
|
||||
|
||||
THUMBSRC = start.c \
|
||||
@@ -35,14 +35,14 @@ THUMBSRC = start.c \
|
||||
# These are to be compiled in ARM mode
|
||||
ARMSRC = fpgaloader.c \
|
||||
legicrf.c \
|
||||
lfdemod.c \
|
||||
$(SRC_ISO14443a) \
|
||||
$(SRC_ISO14443b) \
|
||||
$(SRC_CRAPTO1) \
|
||||
$(SRC_CRC) \
|
||||
legic_prng.c \
|
||||
iclass.c \
|
||||
mifaredesfire.c
|
||||
|
||||
iclass.c
|
||||
|
||||
|
||||
# stdint.h provided locally until GCC 4.5 becomes C99 compliant
|
||||
APP_CFLAGS += -I.
|
||||
|
||||
@@ -656,6 +656,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
|
||||
case CMD_IO_CLONE_TAG:
|
||||
CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
|
||||
break;
|
||||
case CMD_EM410X_DEMOD:
|
||||
CmdEM410xdemod(c->arg[0], 0, 0, 1);
|
||||
break;
|
||||
case CMD_EM410X_WRITE_TAG:
|
||||
WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
|
||||
break;
|
||||
|
||||
@@ -149,6 +149,7 @@ void SimulateTagLowFrequencyA(int period, int gap);
|
||||
|
||||
void CmdHIDsimTAG(int hi, int lo, uint8_t ledcontrol);
|
||||
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol);
|
||||
void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol);
|
||||
void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol);
|
||||
void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an ioProx card to T5557/T5567
|
||||
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
|
||||
@@ -213,6 +214,10 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
|
||||
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
|
||||
void MifareCIdent(); // is "magic chinese" card?
|
||||
|
||||
//desfire
|
||||
void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain);
|
||||
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain);
|
||||
|
||||
// mifaredesfire.h
|
||||
bool InitDesfireCard();
|
||||
void MifareSendCommand(uint8_t arg0,uint8_t arg1, uint8_t *datain);
|
||||
|
||||
@@ -44,12 +44,12 @@ static void quicksort(uint32_t* const start, uint32_t* const stop)
|
||||
else if(*rit > *start)
|
||||
--rit;
|
||||
else
|
||||
*it ^= (*it ^= *rit, *rit ^= *it);
|
||||
*it ^= ( (*it ^= *rit ), *rit ^= *it);
|
||||
|
||||
if(*rit >= *start)
|
||||
--rit;
|
||||
if(rit != start)
|
||||
*rit ^= (*rit ^= *start, *start ^= *rit);
|
||||
*rit ^= ( (*rit ^= *start), *start ^= *rit);
|
||||
|
||||
quicksort(start, rit - 1);
|
||||
quicksort(rit + 1, stop);
|
||||
|
||||
279
armsrc/lfops.c
279
armsrc/lfops.c
@@ -11,11 +11,12 @@
|
||||
#include "../include/proxmark3.h"
|
||||
#include "apps.h"
|
||||
#include "util.h"
|
||||
#include "../include/hitag2.h"
|
||||
#include "../common/crc16.h"
|
||||
#include "../common/lfdemod.h"
|
||||
#include "string.h"
|
||||
#include "crapto1.h"
|
||||
#include "mifareutil.h"
|
||||
#include "mifareutil.h"
|
||||
#include "../include/hitag2.h"
|
||||
|
||||
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
|
||||
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
|
||||
@@ -721,105 +722,12 @@ void CmdHIDsimTAG(int hi, int lo, uint8_t ledcontrol)
|
||||
LED_A_OFF();
|
||||
}
|
||||
|
||||
//translate wave to 11111100000 (1 for each short wave 0 for each long wave)
|
||||
size_t fsk_demod(uint8_t * dest, size_t size)
|
||||
{
|
||||
uint32_t last_transition = 0;
|
||||
uint32_t idx = 1;
|
||||
uint32_t maxVal=0;
|
||||
// // we don't care about actual value, only if it's more or less than a
|
||||
// // threshold essentially we capture zero crossings for later analysis
|
||||
|
||||
// we do care about the actual value as sometimes near the center of the
|
||||
// wave we may get static that changes direction of wave for one value
|
||||
// if our value is too low it might affect the read. and if our tag or
|
||||
// antenna is weak a setting too high might not see anything. [marshmellow]
|
||||
if (size<100) return size;
|
||||
for(idx=1; idx<100; idx++){
|
||||
if(maxVal<dest[idx]) maxVal = dest[idx];
|
||||
}
|
||||
// set close to the top of the wave threshold with 13% margin for error
|
||||
// less likely to get a false transition up there.
|
||||
// (but have to be careful not to go too high and miss some short waves)
|
||||
uint32_t threshold_value = (uint32_t)(maxVal*.87); idx=1;
|
||||
//uint8_t threshold_value = 127;
|
||||
|
||||
// sync to first lo-hi transition, and threshold
|
||||
|
||||
//Need to threshold first sample
|
||||
dest[0] = (dest[0] < threshold_value) ? 0 : 1;
|
||||
|
||||
size_t numBits = 0;
|
||||
// count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
|
||||
// or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
|
||||
// between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
|
||||
for(idx = 1; idx < size; idx++) {
|
||||
// threshold current value
|
||||
dest[idx] = (dest[idx] < threshold_value) ? 0 : 1;
|
||||
|
||||
// Check for 0->1 transition
|
||||
if (dest[idx-1] < dest[idx]) { // 0 -> 1 transition
|
||||
|
||||
dest[numBits] = (idx-last_transition < 9) ? 1 : 0;
|
||||
last_transition = idx;
|
||||
numBits++;
|
||||
}
|
||||
}
|
||||
return numBits; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0
|
||||
}
|
||||
|
||||
uint32_t myround(float f)
|
||||
{
|
||||
if (f >= 2000) return 2000;//something bad happened
|
||||
return (uint32_t) (f + (float)0.5);
|
||||
}
|
||||
|
||||
//translate 11111100000 to 10
|
||||
size_t aggregate_bits(uint8_t *dest,size_t size, uint8_t rfLen, uint8_t maxConsequtiveBits, uint8_t invert )// uint8_t h2l_crossing_value,uint8_t l2h_crossing_value,
|
||||
{
|
||||
uint8_t lastval=dest[0];
|
||||
uint32_t idx=0;
|
||||
size_t numBits=0;
|
||||
uint32_t n=1;
|
||||
|
||||
for( idx=1; idx < size; idx++) {
|
||||
|
||||
if (dest[idx]==lastval) {
|
||||
n++;
|
||||
continue;
|
||||
}
|
||||
//if lastval was 1, we have a 1->0 crossing
|
||||
if ( dest[idx-1]==1 ) {
|
||||
n=myround((float)(n+1)/((float)(rfLen)/(float)8));
|
||||
//n=(n+1) / h2l_crossing_value;
|
||||
} else {// 0->1 crossing
|
||||
n=myround((float)(n+1)/((float)(rfLen-2)/(float)10));
|
||||
//n=(n+1) / l2h_crossing_value;
|
||||
}
|
||||
if (n == 0) n = 1;
|
||||
|
||||
if(n < maxConsequtiveBits)
|
||||
{
|
||||
if ( invert==0)
|
||||
memset(dest+numBits, dest[idx-1] , n);
|
||||
else
|
||||
memset(dest+numBits, dest[idx-1]^1 , n);
|
||||
|
||||
numBits += n;
|
||||
}
|
||||
n=0;
|
||||
lastval=dest[idx];
|
||||
}//end for
|
||||
|
||||
return numBits;
|
||||
|
||||
}
|
||||
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
|
||||
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
|
||||
{
|
||||
uint8_t *dest = get_bigbufptr_recvrespbuf();
|
||||
|
||||
size_t size=0,idx=0; //, found=0;
|
||||
size_t size=0; //, found=0;
|
||||
uint32_t hi2=0, hi=0, lo=0;
|
||||
|
||||
// Configure to go in 125Khz listen mode
|
||||
@@ -831,58 +739,21 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
|
||||
if (ledcontrol) LED_A_ON();
|
||||
|
||||
DoAcquisition125k_internal(-1,true);
|
||||
|
||||
size = sizeof(BigBuf);
|
||||
if (size < 2000) continue;
|
||||
// FSK demodulator
|
||||
size = fsk_demod(dest, FREE_BUFFER_SIZE);
|
||||
|
||||
// we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
|
||||
// 1->0 : fc/8 in sets of 6 (RF/50 / 8 = 6.25)
|
||||
// 0->1 : fc/10 in sets of 5 (RF/50 / 10= 5)
|
||||
// do not invert
|
||||
size = aggregate_bits(dest,size, 50,5,0); //6,5,5,0
|
||||
int bitLen = HIDdemodFSK(dest,size,&hi2,&hi,&lo);
|
||||
|
||||
WDT_HIT();
|
||||
|
||||
if (bitLen>0 && lo>0){
|
||||
// final loop, go over previously decoded manchester data and decode into usable tag ID
|
||||
// 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
|
||||
uint8_t frame_marker_mask[] = {1,1,1,0,0,0};
|
||||
int numshifts = 0;
|
||||
idx = 0;
|
||||
//one scan
|
||||
uint8_t sameCardCount =0;
|
||||
while( idx + sizeof(frame_marker_mask) < size) {
|
||||
// search for a start of frame marker
|
||||
if (sameCardCount>2) break; //only up to 2 valid sets of data for the same read of looping card data
|
||||
if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
|
||||
{ // frame marker found
|
||||
idx+=sizeof(frame_marker_mask);
|
||||
|
||||
while(dest[idx] != dest[idx+1] && idx < size-2)
|
||||
{
|
||||
// Keep going until next frame marker (or error)
|
||||
// Shift in a bit. Start by shifting high registers
|
||||
hi2=(hi2<<1)|(hi>>31);
|
||||
hi=(hi<<1)|(lo>>31);
|
||||
//Then, shift in a 0 or one into low
|
||||
if (dest[idx] && !dest[idx+1]) // 1 0
|
||||
lo=(lo<<1)|0;
|
||||
else // 0 1
|
||||
lo=(lo<<1)|
|
||||
1;
|
||||
numshifts ++;
|
||||
idx += 2;
|
||||
}
|
||||
//Dbprintf("Num shifts: %d ", numshifts);
|
||||
// Hopefully, we read a tag and hit upon the next frame marker
|
||||
if(idx + sizeof(frame_marker_mask) < size)
|
||||
{
|
||||
if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
|
||||
{
|
||||
if (hi2 != 0){ //extra large HID tags
|
||||
Dbprintf("TAG ID: %x%08x%08x (%d)",
|
||||
(unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
|
||||
}
|
||||
else { //standard HID tags <38 bits
|
||||
}else { //standard HID tags <38 bits
|
||||
//Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd
|
||||
uint8_t bitlen = 0;
|
||||
uint32_t fc = 0;
|
||||
@@ -930,50 +801,86 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
|
||||
(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF,
|
||||
(unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum);
|
||||
}
|
||||
sameCardCount++;
|
||||
if (findone){
|
||||
if (ledcontrol) LED_A_OFF();
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
// reset
|
||||
hi2 = hi = lo = 0;
|
||||
numshifts = 0;
|
||||
} else {
|
||||
idx++;
|
||||
}
|
||||
}
|
||||
WDT_HIT();
|
||||
//SpinDelay(50);
|
||||
}
|
||||
DbpString("Stopped");
|
||||
if (ledcontrol) LED_A_OFF();
|
||||
}
|
||||
|
||||
void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
|
||||
{
|
||||
uint8_t *dest = (uint8_t *)BigBuf;
|
||||
|
||||
size_t size=0; //, found=0;
|
||||
uint32_t bitLen=0;
|
||||
int clk=0, invert=0, errCnt=0;
|
||||
uint64_t lo=0;
|
||||
// Configure to go in 125Khz listen mode
|
||||
LFSetupFPGAForADC(95, true);
|
||||
|
||||
while(!BUTTON_PRESS()) {
|
||||
|
||||
WDT_HIT();
|
||||
if (ledcontrol) LED_A_ON();
|
||||
|
||||
DoAcquisition125k_internal(-1,true);
|
||||
size = sizeof(BigBuf);
|
||||
if (size < 2000) continue;
|
||||
// FSK demodulator
|
||||
//int askmandemod(uint8_t *BinStream,uint32_t *BitLen,int *clk, int *invert);
|
||||
bitLen=size;
|
||||
//Dbprintf("DEBUG: Buffer got");
|
||||
errCnt = askmandemod(dest,&bitLen,&clk,&invert); //HIDdemodFSK(dest,size,&hi2,&hi,&lo);
|
||||
//Dbprintf("DEBUG: ASK Got");
|
||||
WDT_HIT();
|
||||
|
||||
if (errCnt>=0){
|
||||
lo = Em410xDecode(dest,bitLen);
|
||||
//Dbprintf("DEBUG: EM GOT");
|
||||
//printEM410x(lo);
|
||||
if (lo>0){
|
||||
Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",(uint32_t)(lo>>32),(uint32_t)lo,(uint32_t)(lo&0xFFFF),(uint32_t)((lo>>16LL) & 0xFF),(uint32_t)(lo & 0xFFFFFF));
|
||||
}
|
||||
if (findone){
|
||||
if (ledcontrol) LED_A_OFF();
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
//Dbprintf("DEBUG: No Tag");
|
||||
}
|
||||
WDT_HIT();
|
||||
lo = 0;
|
||||
clk=0;
|
||||
invert=0;
|
||||
errCnt=0;
|
||||
size=0;
|
||||
//SpinDelay(50);
|
||||
}
|
||||
DbpString("Stopped");
|
||||
if (ledcontrol) LED_A_OFF();
|
||||
}
|
||||
|
||||
uint32_t bytebits_to_byte(uint8_t* src, int numbits)
|
||||
{
|
||||
uint32_t num = 0;
|
||||
for(int i = 0 ; i < numbits ; i++)
|
||||
{
|
||||
num = (num << 1) | (*src);
|
||||
src++;
|
||||
}
|
||||
return num;
|
||||
}
|
||||
|
||||
|
||||
void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
|
||||
{
|
||||
uint8_t *dest = (uint8_t *)BigBuf;
|
||||
size_t size=0, idx=0;
|
||||
size_t size=0;
|
||||
int idx=0;
|
||||
uint32_t code=0, code2=0;
|
||||
uint8_t isFinish = 0;
|
||||
|
||||
uint8_t version=0;
|
||||
uint8_t facilitycode=0;
|
||||
uint16_t number=0;
|
||||
// Configure to go in 125Khz listen mode
|
||||
LFSetupFPGAForADC(0, true);
|
||||
|
||||
while(!BUTTON_PRESS() & !isFinish) {
|
||||
while(!BUTTON_PRESS()) {
|
||||
|
||||
WDT_HIT();
|
||||
|
||||
@@ -982,23 +889,13 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
|
||||
DoAcquisition125k_internal(-1,true);
|
||||
size = sizeof(BigBuf);
|
||||
//make sure buffer has data
|
||||
if (size < 64) return;
|
||||
//test samples are not just noise
|
||||
uint8_t testMax=0;
|
||||
for(idx=0;idx<64;idx++){
|
||||
if (testMax<dest[idx]) testMax=dest[idx];
|
||||
}
|
||||
idx=0;
|
||||
//if not just noise
|
||||
if (testMax>170){
|
||||
//Dbprintf("testMax: %d",testMax);
|
||||
// FSK demodulator
|
||||
size = fsk_demod(dest, size);
|
||||
// we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
|
||||
// 1->0 : fc/8 in sets of 7 (RF/64 / 8 = 8)
|
||||
// 0->1 : fc/10 in sets of 6 (RF/64 / 10 = 6.4)
|
||||
size = aggregate_bits(dest, size, 64, 13, 1); //13 max Consecutive should be ok as most 0s in row should be 10 for init seq - invert bits
|
||||
if (size < 2000) continue;
|
||||
//fskdemod and get start index
|
||||
WDT_HIT();
|
||||
idx = IOdemodFSK(dest,size);
|
||||
if (idx>0){
|
||||
//valid tag found
|
||||
|
||||
//Index map
|
||||
//0 10 20 30 40 50 60
|
||||
//| | | | | | |
|
||||
@@ -1008,14 +905,6 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
|
||||
//
|
||||
//XSF(version)facility:codeone+codetwo
|
||||
//Handle the data
|
||||
uint8_t sameCardCount=0;
|
||||
uint8_t mask[] = {0,0,0,0,0,0,0,0,0,1};
|
||||
for( idx=0; idx < (size - 74); idx++) {
|
||||
if (sameCardCount>2) break;
|
||||
if ( memcmp(dest + idx, mask, sizeof(mask))==0) {
|
||||
//frame marker found
|
||||
if (!dest[idx+8] && dest[idx+17]==1 && dest[idx+26]==1 && dest[idx+35]==1 && dest[idx+44]==1 && dest[idx+53]==1){
|
||||
//confirmed proper separator bits found
|
||||
if(findone){ //only print binary if we are doing one
|
||||
Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx], dest[idx+1], dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]);
|
||||
Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]);
|
||||
@@ -1027,22 +916,20 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
|
||||
}
|
||||
code = bytebits_to_byte(dest+idx,32);
|
||||
code2 = bytebits_to_byte(dest+idx+32,32);
|
||||
short version = bytebits_to_byte(dest+idx+27,8); //14,4
|
||||
uint8_t facilitycode = bytebits_to_byte(dest+idx+19,8) ;
|
||||
uint16_t number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
|
||||
version = bytebits_to_byte(dest+idx+27,8); //14,4
|
||||
facilitycode = bytebits_to_byte(dest+idx+18,8) ;
|
||||
number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
|
||||
|
||||
Dbprintf("XSF(%02d)%02x:%d (%08x%08x)",version,facilitycode,number,code,code2);
|
||||
|
||||
Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
|
||||
// if we're only looking for one tag
|
||||
if (findone){
|
||||
if (ledcontrol) LED_A_OFF();
|
||||
isFinish = 1;
|
||||
break;
|
||||
}
|
||||
sameCardCount++;
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
code=code2=0;
|
||||
version=facilitycode=0;
|
||||
number=0;
|
||||
idx=0;
|
||||
}
|
||||
WDT_HIT();
|
||||
}
|
||||
|
||||
@@ -1145,3 +1145,78 @@ void MifareCIdent(){
|
||||
cmd_send(CMD_ACK,isOK,0,0,0,0);
|
||||
}
|
||||
|
||||
//
|
||||
// DESFIRE
|
||||
//
|
||||
|
||||
void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
|
||||
// variables
|
||||
byte_t isOK = 0;
|
||||
byte_t dataoutbuf[16];
|
||||
uint8_t uid[10];
|
||||
uint32_t cuid;
|
||||
|
||||
// clear trace
|
||||
iso14a_clear_trace();
|
||||
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
|
||||
|
||||
LED_A_ON();
|
||||
LED_B_OFF();
|
||||
LED_C_OFF();
|
||||
|
||||
|
||||
if(!iso14443a_select_card(uid, NULL, &cuid)) {
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card, something went wrong before auth");
|
||||
};
|
||||
|
||||
if(mifare_desfire_des_auth1(cuid, dataoutbuf)){
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part1: Fail.");
|
||||
}
|
||||
|
||||
isOK=1;
|
||||
if (MF_DBGLEVEL >= 2) DbpString("AUTH 1 FINISHED");
|
||||
|
||||
LED_B_ON();
|
||||
cmd_send(CMD_ACK,isOK,cuid,0,dataoutbuf,11);
|
||||
LED_B_OFF();
|
||||
|
||||
// Thats it...
|
||||
//FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
LEDsoff();
|
||||
}
|
||||
|
||||
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
|
||||
// params
|
||||
uint32_t cuid = arg0;
|
||||
uint8_t key[16]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
|
||||
// variables
|
||||
byte_t isOK = 0;
|
||||
byte_t dataoutbuf[16];
|
||||
|
||||
memcpy(key, datain, 16);
|
||||
// clear trace
|
||||
//iso14a_clear_trace();
|
||||
//iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
|
||||
|
||||
LED_A_ON();
|
||||
LED_B_OFF();
|
||||
LED_C_OFF();
|
||||
|
||||
// Dbprintf("Sending %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
||||
// key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7],key[8],
|
||||
// key[9],key[10],key[11],key[12],key[13],key[14],key[15]);
|
||||
|
||||
if(mifare_desfire_des_auth2(cuid, key, dataoutbuf)){
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail...");
|
||||
}
|
||||
isOK=1;
|
||||
if (MF_DBGLEVEL >= 2) DbpString("AUTH 2 FINISHED");
|
||||
|
||||
LED_B_ON();
|
||||
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,12);
|
||||
LED_B_OFF();
|
||||
|
||||
// Thats it...
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
LEDsoff();
|
||||
}
|
||||
@@ -94,8 +94,8 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
|
||||
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
|
||||
int len = ReaderReceive(answer, answer_parity);
|
||||
if(!len) {
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
|
||||
return 2;
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
|
||||
return 2;
|
||||
}
|
||||
return len;
|
||||
}
|
||||
@@ -433,7 +433,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
|
||||
// variables
|
||||
uint16_t len;
|
||||
uint8_t par[3] = {0}; // enough for 18 parity bits
|
||||
|
||||
uint8_t d_block[18];
|
||||
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
|
||||
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
|
||||
@@ -466,7 +465,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
|
||||
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
|
||||
{
|
||||
uint16_t len;
|
||||
|
||||
uint8_t d_block[8];
|
||||
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
|
||||
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
|
||||
@@ -625,3 +623,91 @@ void emlClearMem(void) {
|
||||
emlSetMem((uint8_t *)uid, 0, 1);
|
||||
return;
|
||||
}
|
||||
|
||||
//
|
||||
//DESFIRE
|
||||
//
|
||||
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
|
||||
{
|
||||
uint8_t dcmd[5] = {0x00};
|
||||
dcmd[0] = cmd;
|
||||
memcpy(dcmd+1,data,2);
|
||||
AppendCrc14443a(dcmd, 3);
|
||||
|
||||
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
|
||||
int len = ReaderReceive(answer, answer_parity);
|
||||
if(!len) {
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
|
||||
return 2;
|
||||
}
|
||||
return len;
|
||||
}
|
||||
|
||||
int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing)
|
||||
{
|
||||
uint8_t dcmd[20] = {0x00};
|
||||
dcmd[0] = cmd;
|
||||
memcpy(dcmd+1,data,17);
|
||||
AppendCrc14443a(dcmd, 18);
|
||||
|
||||
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
|
||||
int len = ReaderReceive(answer, answer_parity);
|
||||
if(!len){
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
|
||||
return 2;
|
||||
}
|
||||
return len;
|
||||
}
|
||||
|
||||
int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){
|
||||
// variables
|
||||
int len;
|
||||
// load key, keynumber
|
||||
uint8_t data[2]={0x0a, 0x00};
|
||||
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
|
||||
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
|
||||
|
||||
// command MIFARE_CLASSIC_READBLOCK
|
||||
len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);
|
||||
if (len == 1) {
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (len == 12) {
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
||||
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
|
||||
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
|
||||
receivedAnswer[10],receivedAnswer[11]);
|
||||
memcpy(blockData, receivedAnswer, 12);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
|
||||
// variables
|
||||
int len;
|
||||
uint8_t data[17]={0xaf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
|
||||
memcpy(data+1,key,16);
|
||||
|
||||
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
|
||||
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
|
||||
|
||||
// command MIFARE_CLASSIC_READBLOCK
|
||||
len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);
|
||||
|
||||
if ((receivedAnswer[0] == 0x03)&&(receivedAnswer[1] == 0xae)) {
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);
|
||||
return 1;
|
||||
}
|
||||
if (len == 12){
|
||||
if (MF_DBGLEVEL >= 1) Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
||||
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
|
||||
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
|
||||
receivedAnswer[10],receivedAnswer[11]);
|
||||
memcpy(blockData, receivedAnswer, 12);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
@@ -71,6 +71,12 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData);
|
||||
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData);
|
||||
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid);
|
||||
int mifare_ultra_halt(uint32_t uid);
|
||||
|
||||
// desfire
|
||||
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
|
||||
int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing);
|
||||
int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);
|
||||
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);
|
||||
|
||||
// crypto functions
|
||||
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
|
||||
|
||||
Reference in New Issue
Block a user