Revert "Merge pull request #32 from RfidResearchGroup/master"
This reverts commit40d2a3c072, reversing changes made to15d584e060.
This commit is contained in:
mwalker33
@@ -150,7 +150,6 @@ enum DESFIRE_CMD {
|
||||
GET_FREE_MEMORY = 0x6e,
|
||||
GET_FILE_IDS = 0x6f,
|
||||
GET_FILE_SETTINGS = 0xf5,
|
||||
GET_DF_NAMES = 0x6d,
|
||||
CHANGE_FILE_SETTINGS = 0x5f,
|
||||
CREATE_STD_DATA_FILE = 0xcd,
|
||||
CREATE_BACKUP_DATA_FILE = 0xcb,
|
||||
|
||||
31
armsrc/epa.c
31
armsrc/epa.c
@@ -263,7 +263,7 @@ static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return) {
|
||||
EPA_Finish();
|
||||
|
||||
// send the USB packet
|
||||
reply_mix(CMD_ACK, step, func_return, 0, 0, 0);
|
||||
reply_old(CMD_ACK, step, func_return, 0, 0, 0);
|
||||
}
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
@@ -280,8 +280,12 @@ void EPA_PACE_Collect_Nonce(PacketCommandNG *c) {
|
||||
* d:
|
||||
* Encrypted nonce
|
||||
*/
|
||||
|
||||
// return value of a function
|
||||
int func_return = 0;
|
||||
|
||||
// set up communication
|
||||
int func_return = EPA_Setup();
|
||||
func_return = EPA_Setup();
|
||||
if (func_return != 0) {
|
||||
EPA_PACE_Collect_Nonce_Abort(1, func_return);
|
||||
return;
|
||||
@@ -331,7 +335,7 @@ void EPA_PACE_Collect_Nonce(PacketCommandNG *c) {
|
||||
EPA_Finish();
|
||||
|
||||
// save received information
|
||||
reply_mix(CMD_ACK, 0, func_return, 0, nonce, func_return);
|
||||
reply_old(CMD_ACK, 0, func_return, 0, nonce, func_return);
|
||||
}
|
||||
|
||||
//-----------------------------------------------------------------------------
|
||||
@@ -443,7 +447,7 @@ void EPA_PACE_Replay(PacketCommandNG *c) {
|
||||
if (c->oldarg[0] != 0) {
|
||||
// make sure it's not too big
|
||||
if (c->oldarg[2] > apdus_replay[c->oldarg[0] - 1].len) {
|
||||
reply_mix(CMD_ACK, 1, 0, 0, NULL, 0);
|
||||
reply_old(CMD_ACK, 1, 0, 0, NULL, 0);
|
||||
}
|
||||
memcpy(apdus_replay[c->oldarg[0] - 1].data + c->oldarg[1],
|
||||
c->data.asBytes,
|
||||
@@ -454,7 +458,7 @@ void EPA_PACE_Replay(PacketCommandNG *c) {
|
||||
} else {
|
||||
apdu_lengths_replay[c->oldarg[0] - 1] += c->oldarg[2];
|
||||
}
|
||||
reply_mix(CMD_ACK, 0, 0, 0, NULL, 0);
|
||||
reply_old(CMD_ACK, 0, 0, 0, NULL, 0);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -465,7 +469,7 @@ void EPA_PACE_Replay(PacketCommandNG *c) {
|
||||
func_return = EPA_Setup();
|
||||
if (func_return != 0) {
|
||||
EPA_Finish();
|
||||
reply_mix(CMD_ACK, 2, func_return, 0, NULL, 0);
|
||||
reply_old(CMD_ACK, 2, func_return, 0, NULL, 0);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -488,12 +492,12 @@ void EPA_PACE_Replay(PacketCommandNG *c) {
|
||||
|| response_apdu[func_return - 4] != 0x90
|
||||
|| response_apdu[func_return - 3] != 0x00)) {
|
||||
EPA_Finish();
|
||||
reply_mix(CMD_ACK, 3 + i, func_return, 0, timings, 20);
|
||||
reply_old(CMD_ACK, 3 + i, func_return, 0, timings, 20);
|
||||
return;
|
||||
}
|
||||
}
|
||||
EPA_Finish();
|
||||
reply_mix(CMD_ACK, 0, 0, 0, timings, 20);
|
||||
reply_old(CMD_ACK, 0, 0, 0, timings, 20);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -502,13 +506,14 @@ void EPA_PACE_Replay(PacketCommandNG *c) {
|
||||
// Returns 0 on success or a non-zero error code on failure
|
||||
//-----------------------------------------------------------------------------
|
||||
int EPA_Setup() {
|
||||
uint8_t uid[10];
|
||||
iso14a_card_select_t card_a_info;
|
||||
|
||||
// first, look for type A cards
|
||||
// power up the field
|
||||
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
|
||||
iso14a_card_select_t card_a_info;
|
||||
int return_code = iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false);
|
||||
|
||||
// select the card
|
||||
int return_code = iso14443a_select_card(uid, &card_a_info, NULL, true, 0, false);
|
||||
if (return_code == 1) {
|
||||
uint8_t pps_response[3];
|
||||
uint8_t pps_response_par[1];
|
||||
@@ -523,14 +528,12 @@ int EPA_Setup() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
|
||||
// if we're here, there is no type A card, so we look for type B
|
||||
// power up the field
|
||||
iso14443b_setup();
|
||||
iso14b_card_select_t card_b_info;
|
||||
// select the card
|
||||
return_code = iso14443b_select_card(&card_b_info);
|
||||
|
||||
if (return_code == 0) {
|
||||
Dbprintf("ISO 14443 Type B");
|
||||
iso_type = 'b';
|
||||
|
||||
@@ -621,7 +621,7 @@ void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip) {
|
||||
set_tracelen(BigBuf_max_traceLen());
|
||||
|
||||
Dbprintf("Felica sniffing done, tracelen: %i, use hf list felica for annotations", BigBuf_get_traceLen());
|
||||
reply_mix(CMD_ACK, 1, numbts, 0, 0, 0);
|
||||
reply_old(CMD_ACK, 1, numbts, 0, 0, 0);
|
||||
LED_D_OFF();
|
||||
}
|
||||
|
||||
@@ -812,5 +812,5 @@ void felica_dump_lite_s() {
|
||||
|
||||
//setting tracelen - important! it was set by buffer overflow before
|
||||
set_tracelen(cnt);
|
||||
reply_mix(CMD_ACK, isOK, cnt, 0, 0, 0);
|
||||
reply_old(CMD_ACK, isOK, cnt, 0, 0, 0);
|
||||
}
|
||||
|
||||
@@ -1407,7 +1407,7 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) {
|
||||
set_tracing(false);
|
||||
|
||||
lf_finalize();
|
||||
reply_mix(CMD_ACK, bSuccessful, 0, 0, 0, 0);
|
||||
reply_old(CMD_ACK, bSuccessful, 0, 0, 0, 0);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1624,7 +1624,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
|
||||
|
||||
lf_finalize();
|
||||
|
||||
reply_mix(CMD_ACK, bSuccessful, 0, 0, 0, 0);
|
||||
reply_old(CMD_ACK, bSuccessful, 0, 0, 0, 0);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1860,5 +1860,5 @@ void check_challenges(bool file_given, uint8_t *data) {
|
||||
|
||||
set_tracing(false);
|
||||
lf_finalize();
|
||||
reply_mix(CMD_ACK, bSuccessful, 0, 0, 0, 0);
|
||||
reply_old(CMD_ACK, bSuccessful, 0, 0, 0, 0);
|
||||
}
|
||||
|
||||
@@ -438,7 +438,7 @@ void LegicRfInfo(void) {
|
||||
}
|
||||
|
||||
// OK
|
||||
reply_mix(CMD_ACK, 1, 0, 0, (uint8_t *)&card, sizeof(legic_card_select_t));
|
||||
reply_old(CMD_ACK, 1, 0, 0, (uint8_t *)&card, sizeof(legic_card_select_t));
|
||||
|
||||
OUT:
|
||||
switch_off();
|
||||
@@ -513,7 +513,7 @@ void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv) {
|
||||
}
|
||||
|
||||
// OK
|
||||
reply_mix(CMD_ACK, 1, len, 0, 0, 0);
|
||||
reply_old(CMD_ACK, 1, len, 0, legic_mem, len);
|
||||
|
||||
OUT:
|
||||
switch_off();
|
||||
@@ -552,7 +552,7 @@ void LegicRfWriter(uint16_t offset, uint16_t len, uint8_t iv, uint8_t *data) {
|
||||
}
|
||||
|
||||
// OK
|
||||
reply_mix(CMD_ACK, 1, len, 0, 0, 0);
|
||||
reply_old(CMD_ACK, 1, len, 0, legic_mem, len);
|
||||
|
||||
OUT:
|
||||
switch_off();
|
||||
|
||||
@@ -2040,7 +2040,7 @@ void T55xx_ChkPwds(uint8_t flags) {
|
||||
if (isok != sizeof(counter))
|
||||
goto OUT;
|
||||
|
||||
pwdCount = (uint16_t)(counter[1] << 8 | counter[0]);
|
||||
pwdCount = counter[1] << 8 | counter[0];
|
||||
|
||||
if (pwdCount == 0 || pwdCount == 0xFFFF)
|
||||
goto OUT;
|
||||
|
||||
@@ -204,7 +204,7 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
|
||||
uint8_t decRndB[16] = {0x00};
|
||||
uint8_t both[32] = {0x00};
|
||||
|
||||
//InitDesfireCard();
|
||||
InitDesfireCard();
|
||||
|
||||
LED_A_ON();
|
||||
LED_B_OFF();
|
||||
@@ -455,12 +455,8 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
|
||||
mbedtls_aes_init(&ctx);
|
||||
|
||||
cmd[0] = AUTHENTICATE_AES;
|
||||
cmd[1] = 0x0;
|
||||
cmd[2] = 0x0;
|
||||
cmd[3] = 0x1;
|
||||
cmd[4] = arg2; //keynumber
|
||||
cmd[5] = 0x0;
|
||||
len = DesfireAPDU(cmd, 6, resp);
|
||||
cmd[1] = 0x00; //keynumber
|
||||
len = DesfireAPDU(cmd, 2, resp);
|
||||
if (!len) {
|
||||
if (DBGLEVEL >= DBG_ERROR) {
|
||||
DbpString("Authentication failed. Card timeout.");
|
||||
@@ -469,7 +465,7 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy(encRndB, resp + 1, 16);
|
||||
memcpy(encRndB, resp + 3, 16);
|
||||
|
||||
// dekryptera tagnonce.
|
||||
if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) {
|
||||
@@ -495,13 +491,9 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
|
||||
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, 32, IV, both, encBoth);
|
||||
|
||||
cmd[0] = ADDITIONAL_FRAME;
|
||||
cmd[1] = 0x00;
|
||||
cmd[2] = 0x00;
|
||||
cmd[3] = 0x20;
|
||||
memcpy(cmd + 4, encBoth, 32);
|
||||
cmd[36]=0x0;
|
||||
memcpy(cmd + 1, encBoth, 32);
|
||||
|
||||
len = DesfireAPDU(cmd, 37, resp); // 4 + 32 + 1 == 37
|
||||
len = DesfireAPDU(cmd, 33, resp); // 1 + 32 == 33
|
||||
if (!len) {
|
||||
if (DBGLEVEL >= DBG_ERROR) {
|
||||
DbpString("Authentication failed. Card timeout.");
|
||||
@@ -510,7 +502,7 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
|
||||
return;
|
||||
}
|
||||
|
||||
if ((resp[1+16] == 0x91)&&(resp[1+16+1] == 0x00)) {
|
||||
if (resp[2] == 0x00) {
|
||||
// Create AES Session key
|
||||
struct desfire_key sessionKey = {0};
|
||||
desfirekey_t skey = &sessionKey;
|
||||
@@ -609,6 +601,6 @@ void OnSuccess() {
|
||||
}
|
||||
|
||||
void OnError(uint8_t reason) {
|
||||
reply_mix(CMD_ACK, 0, reason, 0, 0, 0);
|
||||
reply_old(CMD_ACK, 0, reason, 0, 0, 0);
|
||||
OnSuccess();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user