EM4x70 Authentication support

2020-12-12 09:59:30 -05:00
parent 7b7698843f
commit a6024a8622
7 changed files with 138 additions and 1 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -1178,6 +1178,10 @@ static void PacketReceived(PacketCommandNG *packet) {
            em4x70_unlock((em4x70_data_t *)packet->data.asBytes);
            break;
        }
+        case CMD_LF_EM4X70_AUTH: {
+            em4x70_auth((em4x70_data_t *)packet->data.asBytes);
+            break;
+        }
 #endif

 #ifdef WITH_ISO15693
--- a/armsrc/em4x70.c
+++ b/armsrc/em4x70.c
@@ -360,6 +360,46 @@ static bool check_ack(void) {
    return false;
 }

+static int authenticate(const uint8_t *rnd, const uint8_t *frnd, uint8_t *response) {
+
+    if (find_listen_window(true)) {
+
+        em4x70_send_nibble(EM4X70_COMMAND_AUTH, true);
+        
+        // Send 56-bit Random number
+        for(int i=0;i<7;i++) {
+            em4x70_send_byte(rnd[i]);
+        }
+        
+        // Send 7 x 0's (Diversity bits)
+        for(int i=0; i<7; i++) {
+            em4x70_send_bit(0);
+        }
+        
+        // Send 28-bit f(RN)
+
+        // Send first 24 bits
+        for(int i=0; i < 3; i++) {
+            em4x70_send_byte(frnd[i]);
+        }
+        
+        // Send last 4 bits (no parity)
+        em4x70_send_nibble((frnd[3] >> 4) & 0xf, false);
+
+        // Receive header, 20-bit g(RN), LIW
+        uint8_t grnd[EM4X70_MAX_RECEIVE_LENGTH] = {0};
+        int num = em4x70_receive(grnd);
+        if(num < 10) {
+            Dbprintf("Auth failed");
+            return PM3_ESOFT;
+        }
+        bits2bytes(grnd, 24, response);
+        return PM3_SUCCESS;
+    }
+
+    return PM3_ESOFT;
+}
+
 static int send_pin(const uint32_t pin) {

    // sends pin code for unlocking
@@ -387,7 +427,7 @@ static int send_pin(const uint32_t pin) {
            // <w> Writes Lock Bits
            WaitTicks(TICKS_PER_FC * EM4X70_T_TAG_WEE);
            // <-- Receive header + ID
-            uint8_t tag_id[64];
+            uint8_t tag_id[EM4X70_MAX_RECEIVE_LENGTH];
            int num  = em4x70_receive(tag_id);
            if(num < 32) {
                Dbprintf("Invalid ID Received");
@@ -731,4 +771,25 @@ void em4x70_unlock(em4x70_data_t *etd) {
    reply_ng(CMD_LF_EM4X70_UNLOCK, status, tag.data, sizeof(tag.data));
 }

+void em4x70_auth(em4x70_data_t *etd) {
+
+    uint8_t status = 0;
+    uint8_t response[3] = {0};
+
+    command_parity = etd->parity;
+
+    init_tag();
+    EM4170_setup_read();
+
+    // Find the Tag
+    if (get_signalproperties() && find_EM4X70_Tag()) {
+
+        // Authenticate and get tag response
+        status = authenticate(etd->rnd, etd->frnd, response) == PM3_SUCCESS;
+    }
+
+    StopTicks();
+    lf_finalize();
+    reply_ng(CMD_LF_EM4X70_AUTH, status, response, sizeof(response));
+}

--- a/armsrc/em4x70.h
+++ b/armsrc/em4x70.h
@@ -20,5 +20,6 @@ typedef struct {
 void em4x70_info(em4x70_data_t *etd);
 void em4x70_write(em4x70_data_t *etd);
 void em4x70_unlock(em4x70_data_t *etd);
+void em4x70_auth(em4x70_data_t *etd);

 #endif /* EM4x70_H */