github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-12 04:35:28 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/iceman1001/proxmark3

Browse Source
This commit is contained in:
iceman 2016-01-12 21:58:03 +01:00
commit 63852b2f51
14 changed files with 183 additions and 161 deletions

2
armsrc/BigBuf.c

@ -58,7 +58,7 @@ void BigBuf_Clear_ext(bool verbose)
{
memset(BigBuf,0,BIGBUF_SIZE);
if (verbose)
Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE);
Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE);
}

2
armsrc/Makefile

@ -21,6 +21,7 @@ SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443b.c
SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c
SRC_EMV = tlv.c emvdataels.c emvutil.c emvcmd.c
#the FPGA bitstream files. Note: order matters!
FPGA_BITSTREAMS = fpga_lf.bit fpga_hf.bit
@ -62,6 +63,7 @@ ARMSRC = fpgaloader.c \
optimized_cipher.c \
hfsnoop.c \
parity.c
# $(SRC_EMV)
# Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
include ../common/Makefile.common

20
armsrc/appmain.c

@ -405,8 +405,8 @@ void StandAloneMode14a()
/* need this delay to prevent catching some weird data */
SpinDelay(500);
/* Code for reading from 14a tag */
uint8_t uid[10] ={0};
uint32_t cuid;
uint8_t uid[10] = {0};
uint32_t cuid = 0;
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
for ( ; ; )
@ -1089,7 +1089,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
case CMD_READER_MIFARE:
ReaderMifare(c->arg[0]);
ReaderMifare(c->arg[0], c->arg[1]);
break;
case CMD_MIFARE_READBL:
MifareReadBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
@ -1186,7 +1186,19 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_MIFARE_COLLECT_NONCES:
break;
#endif
#ifdef WITH_EMV
case CMD_EMV_TRANSACTION:
EMVTransaction();
break;
case CMD_EMV_GET_RANDOM_NUM:
//EMVgetUDOL();
break;
case CMD_EMV_LOAD_VALUE:
EMVloadvalue(c->arg[0], c->d.asBytes);
break;
case CMD_EMV_DUMP_CARD:
EMVdumpcard();
#endif
#ifdef WITH_ICLASS
// Makes use of ISO14443a FPGA Firmware
case CMD_SNOOP_ICLASS:

8
armsrc/apps.h

@ -121,7 +121,8 @@ void EPA_PACE_Collect_Nonce(UsbCommand * c);
void EPA_PACE_Replay(UsbCommand *c);
// mifarecmd.h
void ReaderMifare(bool first_try);
//void ReaderMifare(bool first_try);
void ReaderMifare(bool first_try, uint8_t block );
int32_t dist_nt(uint32_t nt1, uint32_t nt2);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
@ -211,5 +212,10 @@ bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* d
/// util.h
void HfSnoop(int , int);
//EMV functions emvcmd.h
void EMVTransaction(void);
void EMVgetUDOL(void);
void EMVloadvalue(uint32_t tag, uint8_t* datain);
void EMVdumpcard(void);
#endif

10
armsrc/hitag2.c

@ -714,8 +714,8 @@ void SnoopHitag(uint32_t type) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
// Clean up trace and prepare it for storing frames
set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
auth_table_len = 0;
auth_table_pos = 0;
@ -928,9 +928,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
// Clean up trace and prepare it for storing frames
set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
auth_table_len = 0;
auth_table_pos = 0;
byte_t* auth_table;
@ -1121,9 +1121,9 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
bSuccessful = false;
// Clean up trace and prepare it for storing frames
set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
DbpString("Starting Hitag reader family");
// Check configuration

16
armsrc/iclass.c

@ -653,8 +653,9 @@ void RAMFUNC SnoopIClass(void)
// The DMA buffer, used to stream samples from the FPGA
uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
iso14a_set_trigger(FALSE);
int lastRxCounter;
@ -985,8 +986,9 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// Enable and clear the trace
set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
//Use the emulator memory for SIM
uint8_t *emulator = BigBuf_get_EM_addr();
@ -1323,10 +1325,8 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
GetParity(trace_data, trace_data_size, parity);
LogTrace(trace_data, trace_data_size, (t2r_time-time_0) << 4, (t2r_time-time_0) << 4, parity, FALSE);
}
if(!tracing) {
if(!tracing)
DbpString("Trace full");
//break;
}
}
}
@ -1570,9 +1570,9 @@ void setupIclassReader()
{
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// Reset trace buffer
set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
// Setup SSC
FpgaSetupSsc();
// Start from off (no field generated)
@ -1693,7 +1693,9 @@ void ReaderIClass(uint8_t arg0) {
while(!BUTTON_PRESS())
{
if (try_once && tryCnt > 5) break;
tryCnt++;
if(!tracing) {
DbpString("Trace full");
break;

131
armsrc/iso14443a.c

@ -1211,10 +1211,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
//p_response = &responses[9];
} else if(receivedCmd[0] == 0x50) { // Received a HALT
if (tracing) {
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
}
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
p_response = NULL;
} else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request
@ -1236,9 +1233,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
p_response = &responses[6]; order = 70;
}
} else if (order == 7 && len == 8) { // Received {nr] and {ar} (part of authentication)
if (tracing) {
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
}
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
uint32_t nonce = bytes_to_num(response5,4);
uint32_t nr = bytes_to_num(receivedCmd,4);
uint32_t ar = bytes_to_num(receivedCmd+4,4);
@ -1352,9 +1347,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
default: {
// Never seen this command before
if (tracing) {
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
}
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
Dbprintf("Received unknown command (len=%d):",len);
Dbhexdump(len,receivedCmd,false);
// Do not respond
@ -1372,9 +1365,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
Dbprintf("Error preparing tag response");
if (tracing) {
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
}
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break;
}
p_response = &dynamic_response_info;
@ -1396,7 +1387,7 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data)
if (p_response != NULL) {
EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
// do the tracing for the previous reader request and this tag answer:
uint8_t par[MAX_PARITY_SIZE];
uint8_t par[MAX_PARITY_SIZE] = {0x00};
GetParity(p_response->response, p_response->response_n, par);
EmLogTrace(Uart.output,
@ -1781,24 +1772,20 @@ int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par){
bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity)
{
if (tracing) {
// we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
// end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
// with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
uint16_t reader_modlen = reader_EndTime - reader_StartTime;
uint16_t approx_fdt = tag_StartTime - reader_EndTime;
uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
reader_EndTime = tag_StartTime - exact_fdt;
reader_StartTime = reader_EndTime - reader_modlen;
// we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
// end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
// with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
uint16_t reader_modlen = reader_EndTime - reader_StartTime;
uint16_t approx_fdt = tag_StartTime - reader_EndTime;
uint16_t exact_fdt = (approx_fdt - 20 + 32)/64 * 64 + 20;
reader_EndTime = tag_StartTime - exact_fdt;
reader_StartTime = reader_EndTime - reader_modlen;
if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE))
return FALSE;
else
return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
} else {
return TRUE;
}
if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE))
return FALSE;
else
return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
}
//-----------------------------------------------------------------------------
@ -1847,8 +1834,7 @@ void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t
LED_A_ON();
// Log reader command in trace buffer
if (tracing)
LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, TRUE);
LogTrace(frame, nbytes(bits), LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_READER, (LastTimeProxToAirStart + LastProxToAirDuration)*16 + DELAY_ARM2AIR_AS_READER, par, TRUE);
}
void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
@ -1877,9 +1863,7 @@ int ReaderReceiveOffset(uint8_t* receivedAnswer, uint16_t offset, uint8_t *parit
if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset))
return FALSE;
if (tracing)
LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
return Demod.len;
}
@ -1888,9 +1872,7 @@ int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity)
if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0))
return FALSE;
if (tracing)
LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
return Demod.len;
}
@ -2006,7 +1988,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
if (!ReaderReceive(resp, resp_par)) return 0;
sak = resp[0];
// Test if more parts of the uid are coming
// Test if more parts of the uid are coming
if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
// http://www.nxp.com/documents/application_note/AN10927.pdf
@ -2081,7 +2063,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
}
int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
uint8_t parity[MAX_PARITY_SIZE];
uint8_t parity[MAX_PARITY_SIZE] = {0x00};
uint8_t real_cmd[cmd_len+4];
real_cmd[0] = 0x0a; //I-Block
// put block number into the PCB
@ -2120,20 +2102,19 @@ void ReaderIso14443a(UsbCommand *c)
size_t lenbits = c->arg[1] >> 16;
uint32_t timeout = c->arg[2];
uint32_t arg0 = 0;
byte_t buf[USB_CMD_DATA_SIZE];
uint8_t par[MAX_PARITY_SIZE];
byte_t buf[USB_CMD_DATA_SIZE] = {0x00};
uint8_t par[MAX_PARITY_SIZE] = {0x00};
if(param & ISO14A_CONNECT) {
if (param & ISO14A_CONNECT)
clear_trace();
}
set_tracing(TRUE);
if(param & ISO14A_REQUEST_TRIGGER) {
if (param & ISO14A_REQUEST_TRIGGER)
iso14a_set_trigger(TRUE);
}
if(param & ISO14A_CONNECT) {
if (param & ISO14A_CONNECT) {
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
if(!(param & ISO14A_NO_SELECT)) {
iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
@ -2142,16 +2123,15 @@ void ReaderIso14443a(UsbCommand *c)
}
}
if(param & ISO14A_SET_TIMEOUT) {
if (param & ISO14A_SET_TIMEOUT)
iso14a_set_timeout(timeout);
}
if(param & ISO14A_APDU) {
if (param & ISO14A_APDU) {
arg0 = iso14_apdu(cmd, len, buf);
cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
}
if(param & ISO14A_RAW) {
if (param & ISO14A_RAW) {
if(param & ISO14A_APPEND_CRC) {
if(param & ISO14A_TOPAZMODE) {
AppendCrc14443b(cmd,len);
@ -2190,13 +2170,12 @@ void ReaderIso14443a(UsbCommand *c)
cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
}
if(param & ISO14A_REQUEST_TRIGGER) {
if (param & ISO14A_REQUEST_TRIGGER)
iso14a_set_trigger(FALSE);
}
if(param & ISO14A_NO_DISCONNECT) {
if (param & ISO14A_NO_DISCONNECT)
return;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
set_tracing(FALSE);
@ -2209,20 +2188,19 @@ void ReaderIso14443a(UsbCommand *c)
// Therefore try in alternating directions.
int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
uint16_t i;
uint32_t nttmp1, nttmp2;
if (nt1 == nt2) return 0;
nttmp1 = nt1;
nttmp2 = nt2;
for (i = 1; i < 0xFFFF; i++) {
uint16_t i;
uint32_t nttmp1 = nt1;
uint32_t nttmp2 = nt2;
for (i = 1; i < 0xFFFF; ++i) {
nttmp1 = prng_successor(nttmp1, 1);
if (nttmp1 == nt2) return i;
nttmp2 = prng_successor(nttmp2, 1);
if (nttmp2 == nt1) return -i;
}
if (nttmp2 == nt1) return -i;
}
return(-99999); // either nt1 or nt2 are invalid nonces
}
@ -2234,13 +2212,18 @@ int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
// Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
// (article by Nicolas T. Courtois, 2009)
//-----------------------------------------------------------------------------
void ReaderMifare(bool first_try)
void ReaderMifare(bool first_try, uint8_t block )
{
// Mifare AUTH
uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
//uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
//uint8_t mf_auth[] = { 0x60,0x05, 0x58, 0x2c };
uint8_t mf_auth[] = { 0x60,0x00, 0x00, 0x00 };
uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
static uint8_t mf_nr_ar3;
mf_auth[1] = block;
AppendCrc14443a(mf_auth, 2);
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
@ -3006,15 +2989,14 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK
{
// Interactive mode flag, means we need to send ACK
if(flags & FLAG_INTERACTIVE) {
//May just aswell send the collected ar_nr in the response aswell
uint8_t len = ar_nr_collected*5*4;
cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len);
}
if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 )
{
if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 ) {
if(ar_nr_collected > 1 ) {
Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
Dbprintf("../tools/mfkey/mfkey32 %06x%08x %08x %08x %08x %08x %08x",
@ -3063,9 +3045,8 @@ void RAMFUNC SniffMifare(uint8_t param) {
// param:
// bit 0 - trigger from first card answer
// bit 1 - trigger from first reader 7-bit request
// C(red) A(yellow) B(green)
LEDsoff();
// init trace buffer
clear_trace();
set_tracing(TRUE);
@ -3073,8 +3054,9 @@ void RAMFUNC SniffMifare(uint8_t param) {
// The command (reader -> tag) that we're receiving.
// The length of a received command will in most cases be no more than 18 bytes.
// So 32 should be enough!
uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};
uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};
uint8_t receivedCmdPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
// The response (tag -> reader) that we're receiving.
uint8_t receivedResponse[MAX_MIFARE_FRAME_SIZE] = {0x00};
uint8_t receivedResponsePar[MAX_MIFARE_PARITY_SIZE] = {0x00};
@ -3083,6 +3065,7 @@ void RAMFUNC SniffMifare(uint8_t param) {
// free eventually allocated BigBuf memory
BigBuf_free();
// allocate the DMA buffer, used to stream samples from the FPGA
uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
uint8_t *data = dmaBuf;

100
armsrc/iso14443b.c

@ -345,7 +345,7 @@ void SimulateIso14443bTag(void)
// response to HLTB and ATTRIB
static const uint8_t response2[] = {0x00, 0x78, 0xF0};
uint8_t parity[MAX_PARITY_SIZE];
uint8_t parity[MAX_PARITY_SIZE] = {0x00};
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@ -383,14 +383,12 @@ void SimulateIso14443bTag(void)
for(;;) {
if(!GetIso14443bCommandFromReader(receivedCmd, &len)) {
Dbprintf("button pressed, received %d commands", cmdsRecvd);
break;
if (!GetIso14443bCommandFromReader(receivedCmd, &len)) {
Dbprintf("button pressed, received %d commands", cmdsRecvd);
break;
}
if (tracing) {
LogTrace(receivedCmd, len, 0, 0, parity, TRUE);
}
LogTrace(receivedCmd, len, 0, 0, parity, TRUE);
// Good, look at the command now.
if ( (len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len) == 0)
@ -410,14 +408,14 @@ void SimulateIso14443bTag(void)
// And print whether the CRC fails, just for good measure
uint8_t b1, b2;
if (len >= 3){ // if crc exists
ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2);
if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) {
// Not so good, try again.
DbpString("+++CRC fail");
} else {
DbpString("CRC passes");
}
ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2);
if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) {
// Not so good, try again.
DbpString("+++CRC fail");
} else {
DbpString("CRC passes");
}
}
//get rid of compiler warning
respCodeLen = 0;
@ -462,7 +460,7 @@ void SimulateIso14443bTag(void)
AT91C_BASE_SSC->SSC_THR = respCode[i++];
FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}
if(BUTTON_PRESS()) break;
if(BUTTON_PRESS()) break;
}
// Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
@ -475,8 +473,7 @@ void SimulateIso14443bTag(void)
}
}
// trace the response:
if (tracing) LogTrace(resp, respLen, 0, 0, parity, FALSE);
LogTrace(resp, respLen, 0, 0, parity, FALSE);
}
FpgaDisableSscDma();
set_tracing(FALSE);
@ -793,8 +790,8 @@ static void GetSamplesFor14443bDemod(int n, bool quiet)
}
//Tracing
if (tracing && Demod.len > 0) {
uint8_t parity[MAX_PARITY_SIZE];
if (Demod.len > 0) {
uint8_t parity[MAX_PARITY_SIZE] = {0x00};
LogTrace(Demod.output, Demod.len, 0, 0, parity, FALSE);
}
}
@ -1216,7 +1213,7 @@ void RAMFUNC SnoopIso14443b(void)
upTo = dmaBuf;
lastRxCounter = ISO14443B_DMA_BUFFER_SIZE;
FpgaSetupSscDma((uint8_t*) dmaBuf, ISO14443B_DMA_BUFFER_SIZE);
uint8_t parity[MAX_PARITY_SIZE];
uint8_t parity[MAX_PARITY_SIZE] = {0x00};
bool TagIsActive = FALSE;
bool ReaderIsActive = FALSE;
@ -1245,10 +1242,12 @@ void RAMFUNC SnoopIso14443b(void)
Dbprintf("blew circular buffer! behindBy=%d", behindBy);
break;
}
if(!tracing) {
DbpString("Reached trace limit");
DbpString("Trace full");
break;
}
if(BUTTON_PRESS()) {
DbpString("cancelled");
break;
@ -1258,26 +1257,26 @@ void RAMFUNC SnoopIso14443b(void)
samples += 2;
if (!TagIsActive) { // no need to try decoding reader data if the tag is sending
if(Handle14443bUartBit(ci & 0x01)) {
if(triggered && tracing) {
if (Handle14443bUartBit(ci & 0x01)) {
if ( triggered)
LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, TRUE);
/* And ready to receive another command. */
UartReset();
/* And also reset the demod code, which might have been */
/* false-triggered by the commands from the reader. */
DemodReset();
}
/* And ready to receive another command. */
UartReset();
/* And also reset the demod code, which might have been */
/* false-triggered by the commands from the reader. */
DemodReset();
}
if(Handle14443bUartBit(cq & 0x01)) {
if(triggered && tracing) {
if (Handle14443bUartBit(cq & 0x01)) {
if (triggered)
LogTrace(Uart.output, Uart.byteCnt, samples, samples, parity, TRUE);
}
/* And ready to receive another command. */
UartReset();
/* And also reset the demod code, which might have been */
/* false-triggered by the commands from the reader. */
DemodReset();
}
/* And ready to receive another command. */
UartReset();
/* And also reset the demod code, which might have been */
/* false-triggered by the commands from the reader. */
DemodReset();
}
ReaderIsActive = (Uart.state > STATE_GOT_FALLING_EDGE_OF_SOF);
}
@ -1285,25 +1284,21 @@ void RAMFUNC SnoopIso14443b(void)
// is this | 0x01 the error? & 0xfe in https://github.com/Proxmark/proxmark3/issues/103
if(Handle14443bSamplesDemod(ci & 0xfe, cq & 0xfe)) {
//Use samples as a time measurement
if(tracing)
{
//uint8_t parity[MAX_PARITY_SIZE];
//Use samples as a time measurement
LogTrace(Demod.output, Demod.len, samples, samples, parity, FALSE);
}
triggered = TRUE;
// And ready to receive another response.
DemodReset();
}
triggered = TRUE;
// And ready to receive another response.
DemodReset();
}
TagIsActive = (Demod.state > DEMOD_GOT_FALLING_EDGE_OF_SOF);
}
}
FpgaDisableSscDma();
LEDsoff();
set_tracing(FALSE);
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
DbpString("Snoop statistics:");
Dbprintf(" Max behind by: %i", maxBehindBy);
@ -1311,6 +1306,7 @@ void RAMFUNC SnoopIso14443b(void)
Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt);
Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax);
Dbprintf(" Trace length: %i", BigBuf_get_traceLen());
set_tracing(FALSE);
}
@ -1337,13 +1333,13 @@ void SendRawCommand14443B(uint32_t datalen, uint32_t recv, uint8_t powerfield, u
CodeAndTransmit14443bAsReader(data, datalen);
}
if(recv) {
if (recv) {
GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, FALSE);
uint16_t iLen = MIN(Demod.len, USB_CMD_DATA_SIZE);
cmd_send(CMD_ACK, iLen, 0, 0, Demod.output, iLen);
}
if(!powerfield) {
if (!powerfield) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
FpgaDisableSscDma();
set_tracing(FALSE);

24
armsrc/mifarecmd.c

@ -44,6 +44,7 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
LED_A_ON();
LED_B_OFF();
@ -96,6 +97,7 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
@ -131,6 +133,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
int len = iso14443a_select_card(NULL, NULL, NULL, true, 0);
if(!len) {
@ -202,7 +205,8 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
@ -258,7 +262,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
// free eventually allocated BigBuf memory
BigBuf_free();
clear_trace();
set_tracing(true);
// params
uint8_t blockNo = arg0;
uint16_t blocks = arg1;
@ -368,7 +373,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
@ -426,6 +432,7 @@ void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
LED_A_ON(); LED_B_OFF(); LED_C_OFF();
clear_trace();
set_tracing(true);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
if(!iso14443a_select_card(uid, NULL, NULL, true, 0)) {
@ -473,7 +480,8 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
OnError(0);
@ -532,7 +540,8 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
OnError(0);
@ -982,7 +991,9 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LED_C_OFF();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
if (clearTrace) clear_trace();
if (clearTrace)
clear_trace();
set_tracing(TRUE);
for (i = 0; i < keyCount; i++) {
@ -1354,6 +1365,7 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
int len = iso14443a_select_card(uid, NULL, &cuid, true, 0);
if(!len) {

9
armsrc/mifaredesfire.c

@ -63,9 +63,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
print_result(" RX : ", datain, datalen);
}
if ( flags & CLEARTRACE ){
if ( flags & CLEARTRACE )
clear_trace();
}
if ( flags & INIT ){
if ( !InitDesfireCard() )
@ -73,9 +72,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
}
int len = DesfireAPDU(datain, datalen, resp);
if (MF_DBGLEVEL >= 4) {
if (MF_DBGLEVEL >= 4)
print_result("ERR <--: ", resp, len);
}
if ( !len ) {
OnError(2);
@ -85,9 +83,8 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
// reset the pcb_blocknum,
pcb_blocknum = 0;
if ( flags & DISCONNECT ){
if ( flags & DISCONNECT )
OnSuccess();
}
cmd_send(CMD_ACK,1,len,0,resp,len);
}

1
armsrc/mifaresniff.c

@ -169,6 +169,5 @@ bool intMfSniffSend() {
LED_B_OFF();
clear_trace();
return TRUE;
}

2
client/cmdhflegic.c

@ -202,7 +202,7 @@ int CmdLegicLoad(const char *Cmd) {
}
char line[80];
int offset = 0, j;
int offset = 0;
uint32_t data[8] = {0x00};
while ( fgets(line, sizeof(line), f) ) {

17
client/cmdhfmf.c

@ -21,8 +21,17 @@ int CmdHF14AMifare(const char *Cmd)
uint64_t par_list = 0, ks_list = 0, r_key = 0;
int16_t isOK = 0;
int tmpchar;
uint8_t blockNo = 0;
UsbCommand c = {CMD_READER_MIFARE, {true, 0, 0}};
char cmdp = param_getchar(Cmd, 0);
if ( cmdp == 'H' || cmdp == 'h') {
PrintAndLog("Usage: hf mf mifare <block number>");
PrintAndLog(" sample: hf mf mifare 0");
return 0;
}
blockNo = param_get8(Cmd, 0);
UsbCommand c = {CMD_READER_MIFARE, {true, blockNo, 0}};
// message
printf("-------------------------------------------------------------------------\n");
@ -754,6 +763,8 @@ int CmdHF14AMfNested(const char *Cmd)
uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);
PrintAndLog("Reading block %d", sectrail);
UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};
num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A
clearCommandBuffer();
@ -1159,9 +1170,11 @@ int CmdHF14AMfChk(const char *Cmd)
for (i = 0; i < SectorsCnt; i++) {
// KEY A but not KEY B
if ( e_sector[i].foundKey[0] && !e_sector[i].foundKey[1] ) {
uint8_t sectrail = (FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);
PrintAndLog("Reading block %d", sectrail);
UsbCommand c = {CMD_MIFARE_READBL, {sectrail, 0, 0}};
num_to_bytes(e_sector[i].Key[0], 6, c.d.asBytes); // KEY A
clearCommandBuffer();

2
client/cmdhfmfhard.c

@ -88,7 +88,7 @@ typedef struct noncelist {
} noncelist_t;
static uint32_t cuid;
static uint32_t cuid = 0;
static noncelist_t nonces[256];
static uint8_t best_first_bytes[256];
static uint16_t first_byte_Sum = 0;