github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 05:13:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch 'master' into temp

Browse source
This commit is contained in:
McEloff 2019-04-08 10:26:30 +03:00 committed by GitHub
commit 4588384587
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
223 changed files with 4256 additions and 2894 deletions
Download patch file Download diff file Expand all files Collapse all files

60
Installation_Instructions/Arch-Linux-Installation-Instructions.md Normal file
View file

@ -0,0 +1,60 @@
# Setup and build for ArchLinux
## Notes
Kali and ArchLinux users usually must kill their modem manager in order for the proxmark3 to enumerate properly.
`sudo apt remove modemmanager`
## Manual Installation
Run
```sh
sudo pacman -Sy base-devel p7zip libusb readline ncurses arm-none-eabi-newlib --needed
```
```sh
yaourt -S termcap
```
```sh
sudo apt remove modemmanager
```
or
```sh
systemctl stop ModemManager
systemctl disable ModemManager
```
Clone fork
```sh
git clone https://github.com/RfidResearchGroup/proxmark3.git
```
Get the latest commits
```sh
git pull
```
Install the blacklist rules and add user to dialout group (if you on a Linux/ubuntu/debian).
If you do this one, you need to logout and login in again to make sure your rights got changed.
```sh
make udev
```
Clean and complete compilation
```sh
make clean && make all
```
Flash the BOOTROM & FULLIMAGE
```sh
client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
```
Change into the client folder
```sh
cd client
```
Run the client
```sh
./proxmark3 /dev/ttyACM0
```

24
Installation_Instructions/Coverity-Scan-Config-&-Run.md Normal file
View file

@ -0,0 +1,24 @@
## Coverity Scan Config & Run
Download the Coverity Scan Self-buld and install it.
You will need to configure ARM-NON-EABI- Compiler for it to use:
Configure
```sh
cov-configure --comptype gcc --compiler /opt/devkitpro/devkitARM/bin/arm-none-eabi-gcc
```
Run it (I'm running on Ubuntu)
```sh
cov-build --dir cov-int make all
```
Make a tarball
```sh
tar czvf proxmark3.tgz cov-int
```
Upload it to coverity.com

98
Installation_Instructions/Kali-Installation-Instructions.md Normal file
View file

@ -0,0 +1,98 @@
# Kali Installation
Kali users usually must kill their modem manager in order for the proxmark3 to enumerate properly.
```sh
sudo apt remove modemmanager
```
# Video Installation guide
[![Kali Installation tutorial](https://github.com/5w0rdfish/Proxmark3-RDV4-ParrotOS/blob/master/screenshot-www.youtube.com-2019.03.17-20-44-33.png)](https://youtu.be/t5eBPS6lV3E "Kali Linux Installation Tutorial")
---
## Manual Install
First what we want to do is get an update for the system. If you need to upgrade do this **before** the install
An upgrade was carried out prior to following these instructions.
### Update
```sh
sudo apt-get update
```
### Requirements.
```sh
sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev \
libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi
```
If you do get any issues during the requirements installation, I have found it to help using the synaptic package manager.
### Clone Fork
```sh
git clone https://github.com/RfidResearchGroup/proxmark3.git
```
### Change directory into the directory created
```sh
cd proxmark3
```
### Get the latest commits
```sh
git pull
```
### Remove Modem Manager
```sh
sudo apt remove modemmanager
```
### Reboot Kali
```sh
reboot
```
### Change directory back to proxmark3
```sh
cd proxmark3
```
### Clean and Compile
Clean and complete compile
```sh
make clean && make all
```
### Check Connection
Once this is complete run the following comands to make sure the proxmark is being picked up by your computer.
```sh
sudo dmesg | grep -i usb
```
It should show up as a CDC device:
```sh
[10416.555108] usb 2-1.2: Product: PM3
[10416.555111] usb 2-1.2: Manufacturer: proxmark.org
[10416.555871] cdc_acm 2-1.2:1.0: ttyACM0: USB ACM device
```
### Flash the BOOTROM & FULLIMAGE
```sh
client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
```
> **Note** If you have any issues connecting or during the flash, follow the steps listed [here](https://github.com/RfidResearchGroup/proxmark3/issues/35) and use the command sudo apt remove modemmanager
### Change into the client folder
```sh
cd client
```
### Run the client
```sh
./proxmark3 /dev/ttyACM0
```
### Run a test command
```sh
hw tune
```

29
Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md Normal file
View file

@ -0,0 +1,29 @@
## Homebrew (Mac OS X)
These instructions comes from @Chrisfu, where I got the proxmark3.rb scriptfile from.
Further questions about Mac & Homebrew, contact @Chrisfu (https://github.com/chrisfu/)
1. Install homebrew if you haven't yet already done so: http://brew.sh/
2. Tap this repo: `brew tap RfidResearchGroup/proxmark3`
3. Install Proxmark3: `brew install proxmark3` for stable release or `brew install --HEAD proxmark3` for latest non-stable from GitHub.
Upgrading HomeBrew tap formula
-----------------------------
*This method is useful for those looking to run bleeding-edge versions of iceman's client. Keep this in mind when attempting to update your HomeBrew tap formula as this procedure could easily cause a build to break if an update is unstable on macOS.*
Tested on macOS High Sierra 10.13.2
*Note: This assumes you have already installed iceman's fork from HomeBrew as mentioned above*
1. Force HomeBrew to pull the latest source from github
`brew upgrade --fetch-HEAD RfidResearchGroup/proxmark3`
2. Flash the bootloader & fullimage.elf
* With your Proxmark3 unplugged from your machine, press and hold the button on your Proxmark 3 as you plug it into a USB port. Continue to hold the button until after this step is complete and the `proxmark3-flasher` command outputs "Have a nice day!"*
`$ sudo proxmark3-flasher /dev/tty.usbmodem881 -b /usr/local/Cellar/proxmark3/HEAD-6a710ef/share/firmware/bootrom.elf /usr/local/Cellar/proxmark3/HEAD-6a710ef/share/firmware/fullimage.elf`
`$ sudo proxmark3-flasher /dev/tty.usbmodem881 `
4. Enjoy the update

98
Installation_Instructions/Parrot-OS-Proxmark3-RDV4-installation.md Normal file
View file

@ -0,0 +1,98 @@
# Parrot OS Installation
## Notes
Some further notes can be found at @5w0rdfish repo [Proxmark Installation for Parrot OS](https://github.com/5w0rdfish/Proxmark3-RDV4-ParrotOS)
# Video Installation guide
[![ParrotOS Installation tutorial](https://github.com/5w0rdfish/Proxmark3-RDV4-ParrotOS/blob/master/screenshot-www.youtube.com-2019.03.17-20-44-33.png)](https://youtu.be/Wl9AsrU4igo "ParrotOS Installation Tutorial")
---
## Manual Install
First what we want to do is get an update for the system. If you need to upgrade do this **before** the install
### Update
```sh
sudo apt-get update
```
### Requirements.
```sh
sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev \
libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi
```
If you do get any issues during the requirements installation, I have found it to help using the synaptic package manager.
### Clone Fork
```sh
git clone https://github.com/RfidResearchGroup/proxmark3.git
```
### Change directory into the directory created
```sh
cd proxmark3
```
### Get the latest commits
```sh
git pull
```
### Make Udev
Iceman has made the udev script which takes care of the blacklist rules. This should take care of the remove modem manager.
The make udev command also create's an alias for the pm3 under /dev which you will use to connect to the proxmark.
```sh
sudo make udev
```
> **Note** If you have any issues connecting or during the flash, follow the steps listed [here](https://github.com/RfidResearchGroup/proxmark3/issues/35) and use the command sudo apt remove modemmanager
Log out and log back in again. And now we are all set to take the next step.
### Clean and Compile
Clean and complete compilation *within the proxmark3 folder*
```sh
make clean && make all
```
### Check Connection
Once this is complete run the following comands to make sure the proxmark is being picked up by your computer.
```sh
sudo dmesg | grep -i usb
```
It should show up as a CDC device:
```sh
[10416.555108] usb 2-1.2: Product: PM3
[10416.555111] usb 2-1.2: Manufacturer: proxmark.org
[10416.555871] cdc_acm 2-1.2:1.0: ttyACM0: USB ACM device
```
### Flash the BOOTROM & FULLIMAGE
```sh
client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
```
### Change into the client folder
```sh
cd client
```
### Run the client
``` sh
./proxmark3 /dev/pm #press tab on the keyboard for it to detect the proxmark
```
or
### Run the client
```sh
./proxmark3 /dev/ttyACM0
```
### Run a test command
```sh
hw tune
```

102
Installation_Instructions/Ubuntu-Installation-Instructions.md Normal file
View file

@ -0,0 +1,102 @@
# Setup and build for UBUNTU
## Notes
GC made updates to allow this to build easily on Ubuntu 14.04.2 LTS, 15.10 or 16.04
See the [Proxmark3 Ubuntu wiki page](https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux)
A nice and cool install script made by @daveio is found here:
https://github.com/daveio/attacksurface/blob/master/proxmark3/pm3-setup.sh
Iceman has also added this script to the fork.
https://github.com/RfidResearchGroup/proxmark3/blob/master/install.sh
# Video Installation guide
[![ParrotOS Installation tutorial](https://github.com/5w0rdfish/Proxmark3-RDV4-ParrotOS/blob/master/screenshot-www.youtube.com-2019.03.17-20-44-33.png)](https://youtu.be/DThmkH8CdMo "Ubuntu Installation Tutorial")
---
## Manual Installation
### Update
```sh
sudo apt-get update
```
### Requirements
```sh
sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi
```
### Clone Fork
```sh
git clone https://github.com/RfidResearchGroup/proxmark3.git
```
### Change Directory
```sh
cd proxmark3
```
### Get the latest commits
```sh
git pull
```
### Install the blacklist rules and add user to dialout group.
```sh
sudo make udev
```
### Restart
Restart Ubuntu
### Enter proxmark folder
```sh
cd proxmark3
```
### Clean and Compile
```sh
make clean && make all
```
### Check Connection
Once this is complete run the following comands to make sure the proxmark is being picked up by your computer.
```sh
sudo dmesg | grep -i usb
```
### Flash the BOOTROM & FULLIMAGE
```sh
client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
```
### Issues
If you have issues with the install please try the following below or head on over to the proxmark forum.
#### Remove Modem Manager
```sh
sudo apt remove modemmanager
```
and then restart ubuntu.
### Change into the client folder
```sh
cd client
```
### Run the client
``` sh
./proxmark3 /dev/pm #press tab on the keyboard for it to detect the proxmark
```
or
### Run the client
```sh
./proxmark3 /dev/ttyACM0
```
### Run a test command
```sh
hw tune
```

83
Installation_Instructions/Windows-Installation-Instructions.md Normal file
View file

@ -0,0 +1,83 @@
# Building on Windows
You will need to use the Gator96100 Proxspace package to assist in your windows installation.
This can be downloaded from https://github.com/Gator96100/ProxSpace/
## Notes
If you receive gcc errors using v3.1 during build, download and use v2.2. This may help resolve the issue.
- https://github.com/Gator96100/ProxSpace/releases/tag/v3.1 (release v3.1 with gcc v7.3.0 )
- https://github.com/Gator96100/ProxSpace/releases/tag/v2.2 (release v2.2 with gcc v5.3.0 arm-none-eabi-gcc v7.1.0)
---
# Video Installation guide
[![Windows Installation tutorial](https://github.com/5w0rdfish/Proxmark3-RDV4-ParrotOS/blob/master/screenshot-www.youtube.com-2019.03.17-20-44-33.png)](https://youtu.be/zzF0NCMJnYU "Windows Installation Tutorial")
## Manual Installation
### Driver Installation
Install required drivers for your windows installation. You will may need admin privileges to do this.
(This is covered in the video) Step by step guides are online such as [RiscCorps](https://store.ryscc.com/blogs/news/how-to-install-a-proxmark3-driver-on-windows-10)
### Install Github
Install Github for Windows https://desktop.github.com/
### Download / clone Proxspace repo
Download the required proxspace repo. https://github.com/Gator96100/ProxSpace/
Extract 'ProxSpace' to a location on drive without spaces.
For example D:\OneDrive\Documents\GitHub is ok whereas C:\My Documents\My Projects\proxspace is not.
### Clone RFID RESEARCH GROUP files
Clone fork
```sh
git clone https://github.com/RfidResearchGroup/proxmark3.git
```
### Copy files to Proxspace
Copy all the contents from the proxmark3 folder into the proxspace pm3 folder
### Run the .bat
Run runme.bat or runme64.bat depending on your Windows architecture.
Please note you will need to use / as you are using BASH.
### Make
CLEAN COMPILE inside the pm3 window.
```sh
make clean && make all
```
### Flash the image
Flash the BOOTROM & FULLIMAGE
```sh
client/flasher.exe comX -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf
```
### Run the client
Assuming you have Proxmark3 Windows drivers installed you can run the Proxmark software where "X" is the com port number assigned to proxmark3 under Windows.
Change into the client folder
```sh
cd client
```
Run the client
```sh
./proxmark3.exe comX
```
### Test
Check your firmware revision on the Proxmark III with
```sh
hw ver
```
For basic help type help. Or for help on a set of sub commands type the command followed by help. For example hf mf help.
Make sure you head over to the use of [proxmark area](https://github.com/5w0rdfish/proxmark3/tree/master/Use_of_Proxmark) to help you get on your way!

12
Makefile
View file

@ -56,7 +56,7 @@ recovery/%: FORCE
$(MAKE) -C recovery $(patsubst recovery/%,%,$@)
FORCE: # Dummy target to force remake in the subdirectories, even if files exist (this Makefile doesn't know about the prerequisites)
.PHONY: all clean help _test bootrom flash-bootrom os flash-os flash-all recovery client mfkey nounce2key style FORCE
.PHONY: all clean help _test bootrom flash-bootrom os flash-os flash-all recovery client mfkey nounce2key style checks FORCE
help:
@echo "Multi-OS Makefile"
@ -76,6 +76,9 @@ help:
@echo "+ mfkey - Make tools/mfkey"
@echo "+ nounce2key - Make tools/nounce2key"
@echo
@echo "+ style - Apply some automated source code formatting rules"
@echo "+ checks - Detect various encoding issues in source code"
@echo
@echo "Possible platforms: try \"make PLATFORM=\" for more info, default is PM3RDV4"
client: client/all
@ -133,10 +136,15 @@ style:
-exec sh -c "echo >> {}" \;
# Apply astyle on *.c, *.h, *.cpp
find . \( -name "*.[ch]" -or -name "*.cpp" \) -exec astyle --formatted --mode=c --suffix=none \
--indent=spaces=4 --indent-switches --indent-preprocessor \
--indent=spaces=4 --indent-switches \
--keep-one-line-blocks --max-instatement-indent=60 \
--style=google --pad-oper --unpad-paren --pad-header \
--align-pointer=name {} \;
# Detecting weird codepages.
checks:
find . \( -name "*.[ch]" -or -name "*.cpp" -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "Makefile" \) \
-exec sh -c "cat {} |recode utf8.. >/dev/null || echo {}" \;
# Dummy target to test for GNU make availability
_test:

332
README.md
View file

@ -1,72 +1,34 @@
Proxmark3 RDV40 dedicated repo, based on iceman fork
Proxmark3 RDV4.0 Dedicated Github
===============
This repo is based on iceman fork for proxmark3. It is dedicated to bringing the most out of the new features for proxmark3 RDV4.0 new hardware and design.
[![Latest release](https://img.shields.io/github/release/RfidResearchGroup/proxmark3.svg)](https://github.com/RfidResearchGroup/proxmark3/releases/latest)
## Notice
This repo is based on iceman fork for proxmark3. It is dedicated to bring the most out of the new features for proxmark3 RDV40 device.
<a href="http://www.youtube.com/watch?feature=player_embedded&v=uyJ-y0kSWfc
" target="_blank"><img src="https://github.com/5w0rdfish/proxmark3/blob/master/prox.png"
alt="Yuotube" width="100%" height="auto" border="10" /></a>
# Donations
Nothing says thank you as much as a donation, https://www.patreon.com/iceman1001
---
## ToC
- Coverity Scan Config & Run
- Whats changed?
- Why didn't you based it on offical PM3 Master?
- Why don't you add this or that functionality?
- PM3 GUI
- Development
- KALI and ARCHLINUX users
- Setup and build for UBUNTU
- Setup and build for ArchLinux
- Homebrew (Mac OS X)
- Upgrading HomeBrew tap formula
- Building on Windows
- Gator96100 distro
- Build and run
- Validating proxmark client functionality
- Run the following commands
- Quit client
- First things on your RDV40
- Verify sim module firmware version
- The end
## Coverity Scan Config & Run
Download the Coverity Scan Self-buld and install it.
You will need to configure ARM-NON-EABI- Compiler for it to use:
- Configure
`cov-configure --comptype gcc --compiler /opt/devkitpro/devkitARM/bin/arm-none-eabi-gcc`
- Run it (I'm running on Ubuntu)
`cov-build --dir cov-int make all`
- Make a tarball
`tar czvf proxmark3.tgz cov-int`
- Upload it to coverity.com
# PROXMARK INSTALLATION AND OVERVIEW
| FAQ's & Updates | Installation | Use of the Proxmark |
| ------------- |:-------------:| -----:|
|[Whats changed?](#whats-changed) | [Setup and build for ArchLinux](/Installation_Instructions/Arch-Linux-Installation-Instructions.md) | [Validating proxmark client functionality](/Use_of_Proxmark/1_Validation.md)|
|[Development](#development) | [Setup and build for UBUNTU](/Installation_Instructions/Ubuntu-Installation-Instructions.md) | [First Use and Verification](/Use_of_Proxmark/2_Configuration-and-Verification.md) |
| [Why don't you add this or that functionality?](#why-dont-you-add-this-or-that-functionality) | [Homebrew (Mac OS X) & Upgrading HomeBrew Tap Forumula](/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md) | [Commands & Features](/Use_of_Proxmark/3_Commands-and-Features.md)|
|[Why didn't you based it on offical PM3 Master?](#why-didnt-you-based-it-on-offical-pm3-master) |[ParrotOS Installation ](/Installation_Instructions/Parrot-OS-Proxmark3-RDV4-installation.md)|[PM3 GUI](#pm3-gui)
|[Notices](#notices)|[Setup and build for Windows](/Installation_Instructions/Windows-Installation-Instructions.md)||
|[Issues](#issues)|[Coverity Scan Config & Run](/Installation_Instructions/Coverity-Scan-Config-%26-Run.md)||
||[Kali Linux Installation Instructions](/Installation_Instructions/Kali-Installation-Instructions.md)|
---
## Whats changed?
* added flash memory 256kb.
* added smart card module
* added FPC connector
---
## Why didn't you based it on offical PM3 Master?
The separation from offical pm3 repo gives us very much freedom to create a firmware/client that suits the RDV40 features. We don't want to mess up the offical pm3 repo with RDV40 specific code.
## Why don't you add this or that functionality?
Give us a hint, and we'll see if we can't merge in the stuff you have.
## PM3 GUI
The official PM3-GUI from Gaucho will not work.
The new universial GUI will work. [Proxmark3 Univerisal GUI](https://github.com/burma69/PM3UniversalGUI)
## Development
This fork now compiles just fine on
- Windows/mingw environment with Qt5.6.1 & GCC 4.8
@ -75,248 +37,30 @@ This fork now compiles just fine on
- ParrotOS
- WSL (Windows subsystem linux) on Windows 10
- Docker container
---
## Why didn't you based it on offical PM3 Master?
The separation from offical pm3 repo gives us very much freedom to create a firmware/client that suits the RDV40 features. We don't want to mess up the offical pm3 repo with RDV40 specific code.
## KALI and ARCHLINUX users
## Why don't you add this or that functionality?
Give us a hint, and we'll see if we can't merge in the stuff you have.
## PM3 GUI
The official PM3-GUI from Gaucho will not work.
The new universial GUI will work. [Proxmark3 Universal GUI](https://github.com/burma69/PM3UniversalGUI)
## Notices
Kali and ArchLinux users usually must kill their modem manager in order for the proxmark3 to enumerate properly.
```sh
sudo apt remove modemmanager
```
or
```sh
systemctl stop ModemManager
systemctl disable ModemManager
```
## Setup and build for UBUNTU
GC made updates to allow this to build easily on Ubuntu 14.04.2 LTS, 15.10 or 16.04
See https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux
A nice and cool install script made by @daveio is found here:
https://github.com/daveio/attacksurface/blob/master/proxmark3/pm3-setup.sh
I have also added this script to the fork.
https://github.com/RfidResearchGroup/proxmark3/blob/master/install.sh
- Run
`sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi`
- Clone fork
`git clone https://github.com/RfidResearchGroup/proxmark3.git`
- Get the latest commits
`git pull`
- Install the blacklist rules and add user to dialout group (if you on a Linux/ubuntu/debian). If you do this one, you need to logout and login in again to make sure your rights got changed.
`make udev`
- Clean and complete compilation
`make clean && make all`
- Flash the BOOTROM & FULLIMAGE
`client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf`
- Change into the client folder
`cd client`
- Run the client
`./proxmark3 /dev/ttyACM0`
## Setup and build for ArchLinux
- Run
`sudo pacman -Sy base-devel p7zip libusb readline ncurses arm-none-eabi-newlib --needed`
`yaourt -S termcap`
- Remove modemmanager
`sudo apt remove modemmanager`
- Clone fork
`git clone https://github.com/RfidResearchGroup/proxmark3.git`
## Issues
Please see the [Proxmark Forum](http://www.proxmark.org/forum/index.php) and see if your issue is listed in the first instance google is your friend :) Questions will be answered via the forum by Iceman and the team.
- Get the latest commits
`git pull`
## The end
- Install the blacklist rules and add user to dialout group (if you on a Linux/ubuntu/debian). If you do this one, you need to logout and login in again to make sure your rights got changed.
`make udev`
[@herrmann1001](https://mobile.twitter.com/herrmann1001) at host iuse.se
July 2018, Sweden
updated Feb 2019 [@5w0rdfish](https://mobile.twitter.com/5w0rdFish)
- Clean and complete compilation
`make clean && make all`
# Donations
Nothing says thank you as much as a donation, https://www.patreon.com/iceman1001
- Flash the BOOTROM & FULLIMAGE
`client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf`
- Change into the client folder
`cd client`
- Run the client
`./proxmark3 /dev/ttyACM0`
## Homebrew (Mac OS X)
These instructions comes from @Chrisfu, where I got the proxmark3.rb scriptfile from.
Further questions about Mac & Homebrew, contact @Chrisfu (https://github.com/chrisfu/)
1. Install homebrew if you haven't yet already done so: http://brew.sh/
2. Tap this repo: `brew tap RfidResearchGroup/proxmark3`
3. Install Proxmark3: `brew install proxmark3` for stable release or `brew install --HEAD proxmark3` for latest non-stable from GitHub.
Upgrading HomeBrew tap formula
-----------------------------
*This method is useful for those looking to run bleeding-edge versions of iceman's client. Keep this in mind when attempting to update your HomeBrew tap formula as this procedure could easily cause a build to break if an update is unstable on macOS.*
Tested on macOS High Sierra 10.13.2
*Note: This assumes you have already installed iceman's fork from HomeBrew as mentioned above*
1. Force HomeBrew to pull the latest source from github
`brew upgrade --fetch-HEAD RfidResearchGroup/proxmark3`
2. Flash the bootloader & fullimage.elf
* With your Proxmark3 unplugged from your machine, press and hold the button on your Proxmark 3 as you plug it into a USB port. Continue to hold the button until after this step is complete and the `proxmark3-flasher` command outputs "Have a nice day!"*
`$ sudo proxmark3-flasher /dev/tty.usbmodem881 -b /usr/local/Cellar/proxmark3/HEAD-6a710ef/share/firmware/bootrom.elf /usr/local/Cellar/proxmark3/HEAD-6a710ef/share/firmware/fullimage.elf`
`$ sudo proxmark3-flasher /dev/tty.usbmodem881 `
4. Enjoy the update
## Building on Windows
### Gator96100 distro
Rather than download and install every one of these packages, a new ProxSpace
environment archive file will be made available for download on the project
page at @Gator96100's repo
Afterwards just clone the iceman repo or download someone elses.
Read instructions on @Gator96100 repo page. (https://github.com/Gator96100/ProxSpace/)
Links
- https://github.com/Gator96100/ProxSpace/releases/tag/v3.1 (release v3.1 with gcc v7.3.0 )
- https://github.com/Gator96100/ProxSpace/releases/tag/v2.2 (release v2.2 with gcc v5.3.0 arm-none-eabi-gcc v7.1.0)
### Build and run
- Clone fork
`git clone https://github.com/RfidResearchGroup/proxmark3.git`
- Get the latest commits
`git pull`
- CLEAN COMPILE
`make clean && make all`
Assuming you have Proxmark3 Windows drivers installed you can run the Proxmark software where "X" is the com port number assigned to proxmark3 under Windows.
- Flash the BOOTROM & FULLIMAGE
`client/flasher.exe comX -b bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf`
- Change into the client folder
`cd client`
- Run the client
`proxmark3.exe comX`
## Validating proxmark client functionality
If all went well you should get some information about the firmware and memory usage as well as the prompt, something like this.
>[=] UART Setting serial baudrate 460800
>
>Proxmark3 RFID instrument
>
> [ CLIENT ]
>
> client: iceman build for RDV40 with flashmem; smartcard;
>
> [ ARM ]
>
> bootrom: iceman/master/4517531c-dirty-unclean 2018-12-13 15:42:24
>
> os: iceman/master/5a34550a-dirty-unclean 2019-01-07 23:04:07
>
> [ FPGA ]
>
> LF image built for 2s30vq100 on 2018/ 9/ 8 at 13:57:51
>
> HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23
>
> [ Hardware ]
>
>--= uC: AT91SAM7S512 Rev B
>
>--= Embedded Processor: ARM7TDMI
>
>--= Nonvolatile Program Memory Size: 512K bytes, Used: 247065 bytes (47%) Free: 277223 bytes (53%)
>
>--= Second Nonvolatile Program Memory Size: None
>
>--= Internal SRAM Size: 64K bytes
>
>--= Architecture Identifier: AT91SAM7Sxx Series
>
>--= Nonvolatile Program Memory Type: Embedded Flash Memory
>
> pm3 -->
### Run the following commands
pm3 --> hw status
pm3 --> hw version
pm3 --> hw tune
You are now ready to use your newly upgraded proxmark3 device. Many commands uses the **h** parameter to show a help text. The client uses a arcaic command structure which will be hard to grasp at first. Here are some commands to start off with.
pm3 --> hf
pm3 --> hf 14a info
pm3 --> lf
pm3 --> lf search
### Quit client
pm3 --> quit
### First things on your RDV40
You will need to run these commands to make sure your rdv4 is prepared
pm3 --> mem load f default_keys m
pm3 --> mem load f default_pwd t
pm3 --> mem load f default_iclass_keys i
pm3 --> lf t55xx deviceconfig a 29 b 17 c 15 d 47 e 15 p
### Verify sim module firmware version
To make sure you got the latest sim module firmware.
_Lastest version is v3.11_
pm3 --> hw status
Find version in the long output, look for these two lines
#db# Smart card module (ISO 7816)
#db# version.................v2.06
This version is obselete. The following command upgrades your device sim module firmware.
Don't not turn of your device during the execution of this command.
pm3 --> sc upgrade f ../tools/simmodule/SIM011.BIN
You get the following output, this is a successful execution.
[!] WARNING - Smartcard socket firmware upgrade.
[!] A dangerous command, do wrong and you will brick the smart card socket
[+] Smartcard socket firmware uploading to PM3
..
[+] Smartcard socket firmware updating, don't turn off your PM3!
#db# FW 0000
#db# FW 0080
#db# FW 0100
#db# FW 0180
#db# FW 0200
#db# FW 0280
[+] Smartcard socket firmware upgraded successful
## the end
`iceman at host iuse.se`
`July 2018, Sweden`

57
Use_of_Proxmark/1_Validation.md Normal file
View file

@ -0,0 +1,57 @@
## 1. Validating proxmark client functionality
If all went well you should get some information about the firmware and memory usage as well as the prompt, something like this.
We should be able to answer ..can I connect to my proxmark device? does it respond?
>[=] UART Setting serial baudrate 460800
>
>Proxmark3 RFID instrument
>
> [ CLIENT ]
>
> client: iceman build for RDV40 with flashmem; smartcard;
>
> [ ARM ]
>
> bootrom: iceman/master/4517531c-dirty-unclean 2018-12-13 15:42:24
>
> os: iceman/master/5a34550a-dirty-unclean 2019-01-07 23:04:07
>
> [ FPGA ]
>
> LF image built for 2s30vq100 on 2018/ 9/ 8 at 13:57:51
>
> HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23
>
> [ Hardware ]
>
>--= uC: AT91SAM7S512 Rev B
>
>--= Embedded Processor: ARM7TDMI
>
>--= Nonvolatile Program Memory Size: 512K bytes, Used: 247065 bytes (47%) Free: 277223 bytes (53%)
>
>--= Second Nonvolatile Program Memory Size: None
>
>--= Internal SRAM Size: 64K bytes
>
>--= Architecture Identifier: AT91SAM7Sxx Series
>
>--= Nonvolatile Program Memory Type: Embedded Flash Memory
>
> pm3 -->
### Run the following commands
pm3 --> hw status
pm3 --> hw version
pm3 --> hw tune
You are now ready to use your newly upgraded proxmark3 device. Many commands uses the **h** parameter to show a help text. The client uses a arcaic command structure which will be hard to grasp at first. Here are some commands to start off with.
pm3 --> hf
pm3 --> hf 14a info
pm3 --> lf
pm3 --> lf search
### Quit client
pm3 --> quit

38
Use_of_Proxmark/2_Configuration-and-Verification.md Normal file
View file

@ -0,0 +1,38 @@
### First things on your RDV40
You will need to run these commands to make sure your rdv4 is prepared
pm3 --> mem load f default_keys m
pm3 --> mem load f default_pwd t
pm3 --> mem load f default_iclass_keys i
pm3 --> lf t55xx deviceconfig a 29 b 17 c 15 d 47 e 15 p
### Verify sim module firmware version
To make sure you got the latest sim module firmware.
_Lastest version is v3.11_
pm3 --> hw status
Find version in the long output, look for these two lines
#db# Smart card module (ISO 7816)
#db# version.................v2.06
This version is obselete. The following command upgrades your device sim module firmware.
Don't not turn of your device during the execution of this command.
pm3 --> sc upgrade f ../tools/simmodule/SIM011.BIN
You get the following output, this is a successful execution.
[!] WARNING - Smartcard socket firmware upgrade.
[!] A dangerous command, do wrong and you will brick the smart card socket
[+] Smartcard socket firmware uploading to PM3
..
[+] Smartcard socket firmware updating, don't turn off your PM3!
#db# FW 0000
#db# FW 0080
#db# FW 0100
#db# FW 0180
#db# FW 0200
#db# FW 0280
[+] Smartcard socket firmware upgraded successful

21
Use_of_Proxmark/3_Commands-and-Features.md Normal file
View file

@ -0,0 +1,21 @@
# Commands and Features
## New Features in RDV4
Further details coming soon
### Run the following commands
pm3 --> hw status
pm3 --> hw version
pm3 --> hw tune
You are now ready to use your newly upgraded proxmark3 device. Many commands uses the **h** parameter to show a help text. The client uses a arcaic command structure which will be hard to grasp at first. Here are some commands to start off with.
pm3 --> hf
pm3 --> hf 14a info
pm3 --> lf
pm3 --> lf search
### Quit client
pm3 --> quit

36
armsrc/BigBuf.h
View file

@ -25,22 +25,22 @@
#define CARD_MEMORY_SIZE 4096
#define DMA_BUFFER_SIZE 256 //128 (how big is the dma?!?
extern uint8_t *BigBuf_get_addr(void);
extern uint8_t *BigBuf_get_EM_addr(void);
extern uint16_t BigBuf_max_traceLen(void);
extern void BigBuf_Clear(void);
extern void BigBuf_Clear_ext(bool verbose);
extern void BigBuf_Clear_keep_EM(void);
extern void BigBuf_Clear_EM(void);
extern uint8_t *BigBuf_malloc(uint16_t);
extern void BigBuf_free(void);
extern void BigBuf_free_keep_EM(void);
extern void BigBuf_print_status(void);
extern uint32_t BigBuf_get_traceLen(void);
extern void clear_trace(void);
extern void set_tracing(bool enable);
extern void set_tracelen(uint32_t value);
extern bool get_tracing(void);
extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);
uint8_t *BigBuf_get_addr(void);
uint8_t *BigBuf_get_EM_addr(void);
uint16_t BigBuf_max_traceLen(void);
void BigBuf_Clear(void);
void BigBuf_Clear_ext(bool verbose);
void BigBuf_Clear_keep_EM(void);
void BigBuf_Clear_EM(void);
uint8_t *BigBuf_malloc(uint16_t);
void BigBuf_free(void);
void BigBuf_free_keep_EM(void);
void BigBuf_print_status(void);
uint32_t BigBuf_get_traceLen(void);
void clear_trace(void);
void set_tracing(bool enable);
void set_tracelen(uint32_t value);
bool get_tracing(void);
bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);
#endif /* __BIGBUF_H */

6
armsrc/Makefile
View file

@ -60,15 +60,14 @@ APP_CFLAGS = $(PLATFORM_DEFS) \
SRC_LF = lfops.c hitag2_crypto.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c
SRC_ISO15693 = iso15693.c iso15693tools.c
#SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c
SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c
SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c
SRC_ISO14443b = iso14443b.c
SRC_FELICA = felica.c
SRC_CRAPTO1 = crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
SRC_CRC = crc.c crc16.c crc32.c
SRC_ICLASS = iclass.c optimized_cipher.c
SRC_LEGIC = legicrf.c legicrfsim.c legic_prng.c
SRC_BEE = bee.c
# SRC_BEE = bee.c
# RDV40 related hardware support
ifneq (,$(findstring WITH_FLASH,$(APP_CFLAGS)))
@ -162,7 +161,6 @@ THUMBSRC = start.c \
string.c \
BigBuf.c \
ticks.c \
random.c \
hfsnoop.c

12
armsrc/Standalone/hf_bog.c
View file

@ -85,7 +85,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
uint8_t *data = dmaBuf;
uint8_t previous_data = 0;
int dataLen = 0;
int dataLen;
bool TagIsActive = false;
bool ReaderIsActive = false;
@ -110,7 +110,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
// triggered == false -- to wait first for card
bool triggered = !(param & 0x03);
uint32_t rsamples = 0;
uint32_t my_rsamples = 0;
// Current captured passwords counter
uint8_t auth_attempts = 0;
@ -151,11 +151,11 @@ void RAMFUNC SniffAndStore(uint8_t param) {
LED_A_OFF();
// Need two samples to feed Miller and Manchester-Decoder
if (rsamples & 0x01) {
if (my_rsamples & 0x01) {
if (!TagIsActive) { // no need to try decoding reader data if the tag is sending
uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4);
if (MillerDecoding(readerdata, (rsamples - 1) * 4)) {
if (MillerDecoding(readerdata, (my_rsamples - 1) * 4)) {
LED_C_ON();
// check - if there is a short 7bit request from reader
@ -190,7 +190,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
// no need to try decoding tag data if the reader is sending - and we cannot afford the time
if (!ReaderIsActive) {
uint8_t tagdata = (previous_data << 4) | (*data & 0x0F);
if (ManchesterDecoding(tagdata, 0, (rsamples - 1) * 4)) {
if (ManchesterDecoding(tagdata, 0, (my_rsamples - 1) * 4)) {
LED_B_ON();
if (!LogTrace(receivedResp,
@ -214,7 +214,7 @@ void RAMFUNC SniffAndStore(uint8_t param) {
}
previous_data = *data;
rsamples++;
my_rsamples++;
data++;
if (data == dmaBuf + DMA_BUFFER_SIZE) {
data = dmaBuf;

7
armsrc/Standalone/hf_bog.h
View file

@ -6,10 +6,6 @@
// StandAlone Mod
//-----------------------------------------------------------------------------
#ifndef FALSE
#define FALSE 0
#endif
#ifndef __HF_BOG_H
#define __HF_BOG_H
@ -24,8 +20,7 @@
#include <string.h>
#include "apps.h"
#include "printf.h"
#include "parity.h"
#include "random.h"
#endif /* __HF_BOG_H */

121
armsrc/Standalone/hf_colin.c
View file

@ -76,12 +76,14 @@ void cjSetCursLeft() {
void cjTabulize() { DbprintfEx(FLAG_RAWPRINT, "\t\t\t"); }
/*
void cjPrintKey(uint64_t key, uint8_t *foundKey, uint16_t sectorNo, uint8_t type) {
char tosendkey[13];
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[0], foundKey[1], foundKey[2], foundKey[3], foundKey[4], foundKey[5]);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x | KEY : %s | TYP: %d", sectorNo, tosendkey, type);
}
*/
void ReadLastTagFromFlash() {
SpinOff(0);
@ -89,7 +91,6 @@ void ReadLastTagFromFlash() {
LED_B_ON();
LED_C_ON();
LED_D_ON();
uint16_t isok = 0;
uint32_t startidx = 0;
uint16_t len = 1024;
@ -109,7 +110,7 @@ void ReadLastTagFromFlash() {
for (size_t i = 0; i < len; i += size) {
len = MIN((len - i), size);
isok = Flash_ReadDataCont(startidx + i, mem, len);
uint16_t isok = Flash_ReadDataCont(startidx + i, mem, len);
if (isok == len) {
emlSetMem(mem, 0, 64);
} else {
@ -137,8 +138,6 @@ void WriteTagToFlash(uint8_t index, size_t size) {
LED_C_ON();
LED_D_ON();
uint8_t isok = 0;
uint16_t res = 0;
uint32_t len = size;
uint32_t bytes_sent = 0;
uint32_t bytes_remaining = len;
@ -168,10 +167,10 @@ void WriteTagToFlash(uint8_t index, size_t size) {
memcpy(buff, data + bytes_sent, bytes_in_packet);
bytes_remaining -= bytes_in_packet;
res = Flash_WriteDataCont(bytes_sent + (index * size), buff, bytes_in_packet);
uint16_t res = Flash_WriteDataCont(bytes_sent + (index * size), buff, bytes_in_packet);
bytes_sent += bytes_in_packet;
isok = (res == bytes_in_packet) ? 1 : 0;
uint8_t isok = (res == bytes_in_packet) ? 1 : 0;
if (!isok) {
DbprintfEx(FLAG_NOLOG, "FlashMem write FAILEd [offset %u]", bytes_sent);
@ -305,14 +304,14 @@ void RunMod() {
// and why not a simple memset abuse to 0xffize the whole space in one go ?
// uint8_t foundKey[2][40][6]; //= [ {0xff} ]; /* C99 abusal 6.7.8.21
uint8_t foundKey[2][40][6];
for (uint16_t t = 0; t < 2; t++) {
for (uint16_t i = 0; i < 2; i++) {
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
foundKey[t][sectorNo][0] = 0xFF;
foundKey[t][sectorNo][1] = 0xFF;
foundKey[t][sectorNo][2] = 0xFF;
foundKey[t][sectorNo][3] = 0xFF;
foundKey[t][sectorNo][4] = 0xFF;
foundKey[t][sectorNo][5] = 0xFF;
foundKey[i][sectorNo][0] = 0xFF;
foundKey[i][sectorNo][1] = 0xFF;
foundKey[i][sectorNo][2] = 0xFF;
foundKey[i][sectorNo][3] = 0xFF;
foundKey[i][sectorNo][4] = 0xFF;
foundKey[i][sectorNo][5] = 0xFF;
}
}
@ -465,12 +464,12 @@ failtag:
;
// Type 0 / A first
uint16_t t = 0;
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
num_to_bytes(0x484558414354, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
for (uint16_t s = 0; s < sectorsCnt; s++) {
num_to_bytes(0x484558414354, 6, foundKey[t][s]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][s][0], foundKey[t][s][1], foundKey[t][s][2],
foundKey[t][s][3], foundKey[t][s][4], foundKey[t][s][5]);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
}
t = 1;
uint16_t sectorNo = 0;
@ -611,14 +610,19 @@ failtag:
// emlClearMem();
// A very weak one...
for (uint16_t t = 0; t < 2; t++) {
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
num_to_bytes(key64, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
for (uint16_t i = 0; i < 2; i++) {
for (uint16_t s = 0; s < sectorsCnt; s++) {
num_to_bytes(key64, 6, foundKey[i][s]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
foundKey[i][s][0],
foundKey[i][s][1],
foundKey[i][s][2],
foundKey[i][s][3],
foundKey[i][s][4],
foundKey[i][s][5]
);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, i);
}
}
trapped = 1;
@ -644,25 +648,33 @@ failtag:
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s>>>>>>>>>>>>!*DONE*!<<<<<<<<<<<<<<%s", _GREEN_, _WHITE_);
;
t = 0;
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
num_to_bytes(0x414c41524f4e, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
for (uint16_t s = 0; s < sectorsCnt; s++) {
num_to_bytes(0x414c41524f4e, 6, foundKey[t][s]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
foundKey[t][s][0],
foundKey[t][s][1],
foundKey[t][s][2],
foundKey[t][s][3],
foundKey[t][s][4],
foundKey[t][s][5]);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
;
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
}
t = 1;
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++) {
num_to_bytes(0x424c41524f4e, 6, foundKey[t][sectorNo]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x", foundKey[t][sectorNo][0], foundKey[t][sectorNo][1], foundKey[t][sectorNo][2],
foundKey[t][sectorNo][3], foundKey[t][sectorNo][4], foundKey[t][sectorNo][5]);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", sectorNo, tosendkey, t);
t = 1;
for (uint16_t s = 0; s < sectorsCnt; s++) {
num_to_bytes(0x424c41524f4e, 6, foundKey[t][s]);
sprintf(tosendkey, "%02x%02x%02x%02x%02x%02x",
foundKey[t][s][0],
foundKey[t][s][1],
foundKey[t][s][2],
foundKey[t][s][3],
foundKey[t][s][4],
foundKey[t][s][5]);
cjSetCursRight();
DbprintfEx(FLAG_NOLOG, "SEC: %02x ; KEY : %s ; TYP: %d", s, tosendkey, t);
}
trapped = 1;
break;
@ -801,7 +813,6 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
uint8_t numSectors = arg0;
uint8_t keyType = arg1;
uint64_t ui64Key = 0;
struct Crypto1State mpcs = {0, 0};
struct Crypto1State *pcs;
@ -823,40 +834,40 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
DbprintfEx(FLAG_RAWPRINT, "Can't select card");
}
for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
ui64Key = emlGetKey(sectorNo, keyType);
if (sectorNo == 0) {
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
for (uint8_t s = 0; isOK && s < numSectors; s++) {
uint64_t ui64Key = emlGetKey(s, keyType);
if (s == 0) {
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(s), keyType, ui64Key, AUTH_FIRST)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth error", sectorNo);
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth error", s);
break;
}
} else {
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {
if (isOK && mifare_classic_auth(pcs, cjcuid, FirstBlockOfSector(s), keyType, ui64Key, AUTH_NESTED)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth nested error", sectorNo);
DbprintfEx(FLAG_NOLOG, "Sector[%2d]. Auth nested error", s);
break;
}
}
for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
if (isOK && mifare_classic_readblock(pcs, cjcuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {
for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(s); blockNo++) {
if (isOK && mifare_classic_readblock(pcs, cjcuid, FirstBlockOfSector(s) + blockNo, dataoutbuf)) {
isOK = false;
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "Error reading sector %2d block %2d", sectorNo, blockNo);
DbprintfEx(FLAG_NOLOG, "Error reading sector %2d block %2d", s, blockNo);
break;
};
if (isOK) {
*datain = 1;
if (blockNo < NumBlocksPerSector(sectorNo) - 1) {
emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);
if (blockNo < NumBlocksPerSector(s) - 1) {
emlSetMem(dataoutbuf, FirstBlockOfSector(s) + blockNo, 1);
} else {
// sector trailer, keep the keys, set only the AC
emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
emlGetMem(dataoutbuf2, FirstBlockOfSector(s) + blockNo, 1);
memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);
emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
emlSetMem(dataoutbuf2, FirstBlockOfSector(s) + blockNo, 1);
}
} else {
*datain = 0;

10
armsrc/Standalone/hf_mattyrun.c
View file

@ -295,17 +295,15 @@ void RunMod() {
/*
Iterates through each sector checking if there is a correct key.
*/
int key = -1;
int block = 0;
bool err = 0;
bool allKeysFound = true;
uint32_t size = mfKeysCnt;
for (int type = !keyType; type < 2 && !err; keyType == 2 ? (type++) : (type = 2)) {
block = blockNo;
int block = blockNo;
for (int sec = 0; sec < sectorsCnt && !err; ++sec) {
Dbprintf("\tCurrent sector:%3d, block:%3d, key type: %c, key count: %i ", sec, block, type ? 'B' : 'A', mfKeysCnt);
key = saMifareChkKeys(block, type, true, size, &keyBlock[0], &key64);
int key = saMifareChkKeys(block, type, true, size, &keyBlock[0], &key64);
if (key == -1) {
LED(LED_RED, 50); //red
Dbprintf("\t✕ Key not found for this sector!");
@ -393,12 +391,12 @@ void RunMod() {
Needs further testing.
*/
if (fillFromEmulator) {
uint8_t retry = 5, cnt;
uint8_t retry = 5;
Dbprintf("\t Trying to dump into blank card.");
int flags = 0;
LED_A_ON(); //yellow
for (int blockNum = 0; blockNum < 16 * 4; blockNum += 1) {
cnt = 0;
uint8_t cnt = 0;
emlGetMem(mblock, blockNum, 1);
// switch on field and send magic sequence
if (blockNum == 0) flags = 0x08 + 0x02;

2
armsrc/Standalone/hf_young.c
View file

@ -166,7 +166,7 @@ void RunMod() {
playing = 1;
} else {
Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0], oldBlock0[1], oldBlock0[2], oldBlock0[3]);
memcpy(newBlock0, oldBlock0, 16);
memcpy(newBlock0 + 5, oldBlock0 + 5, 11);
// Copy uid for bank (2nd is for longer UIDs not supported if classic)
memcpy(newBlock0, uids[selected].uid, 4);

2
armsrc/Standalone/standalone.h
View file

@ -14,6 +14,6 @@
#include <stdbool.h> // for bool
#include <inttypes.h> // PRIu64
extern void RunMod();
void RunMod();
#endif /* __STANDALONE_H */

27
armsrc/appmain.c
View file

@ -23,6 +23,7 @@
#include "lfsampling.h"
#include "BigBuf.h"
#include "mifareutil.h"
#include "mifaresim.h"
#include "hitag.h"
#define DEBUG 1
@ -78,10 +79,12 @@ void ToSendStuffBit(int b) {
}
}
/* useful when debugging new protocol implementations like FeliCa
void PrintToSendBuffer(void) {
DbpString("Printing ToSendBuffer:");
Dbhexdump(ToSendMax, ToSend, 0);
}
*/
void print_result(char *name, uint8_t *buf, size_t len) {
@ -159,18 +162,17 @@ void Dbprintf(const char *fmt, ...) {
// prints HEX & ASCII
void Dbhexdump(int len, uint8_t *d, bool bAsci) {
#if DEBUG
int l = 0, i;
char ascii[9];
while (len > 0) {
l = (len > 8) ? 8 : len;
int l = (len > 8) ? 8 : len;
memcpy(ascii, d, l);
ascii[l] = 0;
// filter safe ascii
for (i = 0; i < l; i++) {
for (int i = 0; i < l; i++) {
if (ascii[i] < 32 || ascii[i] > 126) {
ascii[i] = '.';
}
@ -230,7 +232,7 @@ uint16_t AvgAdc(int ch) {
void MeasureAntennaTuning(void) {
uint8_t LF_Results[256];
uint32_t i, adcval = 0, peak = 0, peakv = 0, peakf = 0;
uint32_t i, peak = 0, peakv = 0, peakf = 0;
uint32_t v_lf125 = 0, v_lf134 = 0, v_hf = 0; // in mV
memset(LF_Results, 0, sizeof(LF_Results));
@ -253,7 +255,7 @@ void MeasureAntennaTuning(void) {
WDT_HIT();
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
SpinDelay(20);
adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
uint32_t adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
if (i == 95)
v_lf125 = adcval; // voltage at 125Khz
if (i == 89)
@ -1177,8 +1179,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: {
LED_B_ON();
uint8_t *mem = BigBuf_get_addr();
bool isok = false;
size_t len = 0;
uint32_t startidx = c->arg[0];
uint32_t numofbytes = c->arg[1];
// arg0 = startindex
@ -1187,8 +1187,8 @@ void UsbPacketReceived(uint8_t *packet, int len) {
//Dbprintf("transfer to client parameters: %" PRIu32 " | %" PRIu32 " | %" PRIu32, startidx, numofbytes, c->arg[2]);
for (size_t i = 0; i < numofbytes; i += USB_CMD_DATA_SIZE) {
len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
isok = cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, i, len, BigBuf_get_traceLen(), mem + startidx + i, len);
size_t len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
bool isok = cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, i, len, BigBuf_get_traceLen(), mem + startidx + i, len);
if (isok != 0)
Dbprintf("transfer to client failed :: | bytes between %d - %d (%d)", i, i + len, len);
}
@ -1251,7 +1251,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
break;
case CMD_FLASHMEM_READ: {
LED_B_ON();
uint16_t isok = 0;
uint32_t startidx = c->arg[0];
uint16_t len = c->arg[1];
@ -1269,7 +1268,7 @@ void UsbPacketReceived(uint8_t *packet, int len) {
len = MIN((len - i), size);
Dbprintf("FlashMem reading | %d | %d | %d |", startidx + i, i, len);
isok = Flash_ReadDataCont(startidx + i, mem, len);
uint16_t isok = Flash_ReadDataCont(startidx + i, mem, len);
if (isok == len) {
print_result("Chunk: ", mem, len);
} else {
@ -1367,8 +1366,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
LED_B_ON();
uint8_t *mem = BigBuf_malloc(USB_CMD_DATA_SIZE);
bool isok = false;
size_t len = 0;
uint32_t startidx = c->arg[0];
uint32_t numofbytes = c->arg[1];
// arg0 = startindex
@ -1380,9 +1377,9 @@ void UsbPacketReceived(uint8_t *packet, int len) {
}
for (size_t i = 0; i < numofbytes; i += USB_CMD_DATA_SIZE) {
len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
size_t len = MIN((numofbytes - i), USB_CMD_DATA_SIZE);
isok = Flash_ReadDataCont(startidx + i, mem, len);
bool isok = Flash_ReadDataCont(startidx + i, mem, len);
if (!isok)
Dbprintf("reading flash memory failed :: | bytes between %d - %d", i, len);

47
armsrc/apps.h
View file

@ -58,15 +58,15 @@ void Dbhexdump(int len, uint8_t *d, bool bAsci);
uint16_t AvgAdc(int ch);
void print_result(char *name, uint8_t *buf, size_t len);
void PrintToSendBuffer(void);
//void PrintToSendBuffer(void);
void ToSendStuffBit(int b);
void ToSendReset(void);
void ListenReaderField(int limit);
extern int ToSendMax;
extern uint8_t ToSend[];
extern void StandAloneMode(void);
extern void printStandAloneModes(void);
void StandAloneMode(void);
void printStandAloneModes(void);
/// lfops.h
extern uint8_t decimation;
@ -85,9 +85,9 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol);
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, int ledcontrol, int numcycles);
void CmdHIDsimTAG(uint32_t hi, uint32_t lo, int ledcontrol);
void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol);
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol);
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol);
void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol);
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol);
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol);
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol);
@ -99,8 +99,8 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
void T55xxResetRead(void);
void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t PwdMode);
void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t PwdMode);
void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg);
void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg);
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
void T55xxWakeUp(uint32_t Pwd);
void T55xx_ChkPwds(void);
@ -130,20 +130,20 @@ void ReaderIso14443a(UsbCommand *c);
// Also used in iclass.c
//bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t len, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *parity);
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
void iso14a_set_trigger(bool enable);
// also used in emv
bool prepare_allocated_tag_modulation(tag_response_info_t *response_info);
int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len);
//bool prepare_allocated_tag_modulation(tag_response_info_t *response_info);
//int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len);
// epa.h
void EPA_PACE_Collect_Nonce(UsbCommand *c);
void EPA_PACE_Replay(UsbCommand *c);
// mifarecmd.h
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
void MifareUC_Auth(uint8_t arg0, uint8_t *datain);
void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes);
void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain);
void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
@ -154,7 +154,6 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
void MifareAcquireNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain);
void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareSetDbgLvl(uint16_t arg0);
void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
@ -212,15 +211,15 @@ void Iso15693InitReader(void);
void RAMFUNC SniffIClass(void);
void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void ReaderIClass(uint8_t arg0);
void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC);
void iClass_Authentication(uint8_t *MAC);
void ReaderIClass_Replay(uint8_t arg0, uint8_t *mac);
void iClass_Authentication(uint8_t *mac);
void iClass_Authentication_fast(uint64_t arg0, uint64_t arg1, uint8_t *datain);
void iClass_WriteBlock(uint8_t blockNo, uint8_t *data);
void iClass_ReadBlk(uint8_t blockNo);
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *data, uint8_t datalen);
void iClass_WriteBlock(uint8_t blockno, uint8_t *data);
void iClass_ReadBlk(uint8_t blockno);
bool iClass_ReadBlock(uint8_t blockno, uint8_t *data, uint8_t len);
void iClass_Dump(uint8_t blockno, uint8_t numblks);
void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data);
void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType);
void iClass_ReadCheck(uint8_t blockno, uint8_t keytype);
// cmd.h
uint8_t cmd_receive(UsbCommand *cmd);
@ -230,10 +229,10 @@ uint8_t cmd_send(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void
void HfSniff(int, int);
//felica.c
extern void felica_sendraw(UsbCommand *c);
extern void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip);
extern void felica_sim_lite(uint64_t uid);
extern void felica_dump_lite_s();
void felica_sendraw(UsbCommand *c);
void felica_sniff(uint32_t samplesToSkip, uint32_t triggersToSkip);
void felica_sim_lite(uint64_t uid);
void felica_dump_lite_s();
#ifdef __cplusplus

10
armsrc/buzzer.h
View file

@ -20,11 +20,11 @@
#define note_7 506
#define note_8 0
extern void Ring_BEE_ONCE(uint16_t music_note);
extern void Ring_BEE_TIME(uint16_t music_note, uint16_t count);
extern void ring_2_7khz(uint16_t count);
extern void Ring_ALL(uint16_t count);
extern void Ring_Little_Star(uint16_t count);
void Ring_BEE_ONCE(uint16_t music_note);
void Ring_BEE_TIME(uint16_t music_note, uint16_t count);
void ring_2_7khz(uint16_t count);
void Ring_ALL(uint16_t count);
void Ring_Little_Star(uint16_t count);
#endif

2
armsrc/flashmem.c
View file

@ -504,10 +504,12 @@ bool Flash_Erase64k(uint8_t block) {
return true;
}
/*
// Erase chip
void Flash_EraseChip(void) {
FlashSendLastByte(CHIPERASE);
}
*/
void Flashmem_print_status(void) {
DbpString("Flash memory");

12
armsrc/flashmem.h
View file

@ -101,9 +101,6 @@
#define MAX_BLOCKS 4
#define MAX_SECTORS 16
#define MCK 48000000
//#define FLASH_BAUD 24000000
#define FLASH_MINFAST 24000000 //33000000
@ -113,9 +110,8 @@
#define FASTFLASH (FLASHMEM_SPIBAUDRATE > FLASH_MINFAST)
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
extern void Dbprintf(const char *fmt, ...);
void Dbprintf(const char *fmt, ...);
void FlashmemSetSpiBaudrate(uint32_t baudrate);
bool FlashInit();
@ -129,7 +125,6 @@ void Flash_TransferAdresse(uint32_t address);
bool Flash_CheckBusy(uint32_t timeout);
void Flash_WriteEnable();
bool Flash_WipeMemoryPage(uint8_t page);
bool Flash_WipeMemory();
@ -137,18 +132,13 @@ bool Flash_Erase4k(uint8_t block, uint8_t sector);
//bool Flash_Erase32k(uint32_t address);
bool Flash_Erase64k(uint8_t block);
void Flash_UniqueID(uint8_t *uid);
uint8_t Flash_ReadID(void);
uint16_t Flash_ReadData(uint32_t address, uint8_t *out, uint16_t len);
uint16_t Flash_ReadDataCont(uint32_t address, uint8_t *out, uint16_t len);
uint16_t Flash_Write(uint32_t address, uint8_t *in, uint16_t len);
uint16_t Flash_WriteData(uint32_t address, uint8_t *in, uint16_t len);
uint16_t Flash_WriteDataCont(uint32_t address, uint8_t *in, uint16_t len);
void Flashmem_print_status(void);
#endif

4
armsrc/fpgaloader.c
View file

@ -229,7 +229,9 @@ static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_s
compressed_fpga_stream->zalloc = &fpga_inflate_malloc;
compressed_fpga_stream->zfree = &fpga_inflate_free;
inflateInit2(compressed_fpga_stream, 0);
int res = inflateInit2(compressed_fpga_stream, 0);
if ( res < 0 )
return false;
fpga_image_ptr = output_buffer;

2
armsrc/fpgaloader.h
View file

@ -37,7 +37,7 @@ int FpgaGetCurrent(void);
void SetAdcMuxFor(uint32_t whichGpio);
// extern and generel turn off the antenna method
extern void switch_off(void);
void switch_off(void);
// definitions for multiple FPGA config files support
#define FPGA_BITSTREAM_LF 1

14
armsrc/hitag2_crypto.h
View file

@ -22,13 +22,13 @@ struct hitag2_tag {
uint8_t sectors[12][4];
};
extern uint32_t _f20(const uint64_t x);
extern uint64_t _hitag2_init(const uint64_t key, const uint32_t serial, const uint32_t IV);
extern uint64_t _hitag2_round(uint64_t *state);
extern uint32_t _hitag2_byte(uint64_t *x);
extern void hitag2_cipher_reset(struct hitag2_tag *tag, const uint8_t *iv);
extern int hitag2_cipher_authenticate(uint64_t *cs, const uint8_t *authenticator_is);
extern int hitag2_cipher_transcrypt(uint64_t *cs, uint8_t *data, uint16_t bytes, uint16_t bits) ;
uint32_t _f20(const uint64_t x);
uint64_t _hitag2_init(const uint64_t key, const uint32_t serial, const uint32_t IV);
uint64_t _hitag2_round(uint64_t *state);
uint32_t _hitag2_byte(uint64_t *x);
void hitag2_cipher_reset(struct hitag2_tag *tag, const uint8_t *iv);
int hitag2_cipher_authenticate(uint64_t *cs, const uint8_t *authenticator_is);
int hitag2_cipher_transcrypt(uint64_t *cs, uint8_t *data, uint16_t bytes, uint16_t bits) ;
#ifdef __cplusplus
}
#endif

7
armsrc/hitagS.c
View file

@ -1451,7 +1451,7 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) {
* Authenticates to the Tag with the given Key or Challenge.
* Writes the given 32Bit data into page_
*/
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) {
StopTicks();
@ -1467,7 +1467,6 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
int tag_sof;
int t_wait = HITAG_T_WAIT_MAX;
bool bStop;
int page = page_;
unsigned char crc;
uint8_t data[4] = {0, 0, 0, 0};
@ -1509,7 +1508,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
}
}
Dbprintf("Page: %d", page_);
Dbprintf("Page: %d", page);
Dbprintf("DATA: %02X %02X %02X %02X", data[0], data[1], data[2], data[3]);
tag.pstate = HT_READY;
@ -1582,7 +1581,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page_) {
if (rxlen == 0 && tag.tstate == HT_WRITING_PAGE_ACK) {
//no write access on this page
Dbprintf("no write access on page %d", page_);
Dbprintf("no write access on page %d", page);
bStop = !false;
} else if (rxlen == 0 && tag.tstate != HT_WRITING_PAGE_DATA) {
//start the authetication

40
armsrc/iclass.c
View file

@ -855,7 +855,7 @@ void RAMFUNC SniffIClass(void) {
//int datalen = 0;
uint32_t previous_data = 0;
uint32_t time_0 = 0, time_start = 0, time_stop = 0;
uint32_t time_0 = 0, time_start = 0, time_stop;
uint32_t sniffCounter = 0;
bool TagIsActive = false;
bool ReaderIsActive = false;
@ -1395,7 +1395,7 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) {
// To control where we are in the protocol
uint32_t time_0 = GetCountSspClk();
uint32_t t2r_stime = 0, t2r_etime = 0;
uint32_t r2t_stime = 0, r2t_etime = 0;
uint32_t r2t_stime, r2t_etime = 0;
LED_A_ON();
bool buttonPressed = false;
@ -1626,7 +1626,7 @@ send:
*/
static int SendIClassAnswer(uint8_t *resp, int respLen, uint16_t delay) {
int i = 0;
volatile uint8_t b = 0;
volatile uint8_t b;
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K_8BIT);
@ -1720,7 +1720,6 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int
//-----------------------------------------------------------------------------
void CodeIClassCommand(const uint8_t *cmd, int len) {
int i, j, k;
uint8_t b;
ToSendReset();
@ -1732,7 +1731,7 @@ void CodeIClassCommand(const uint8_t *cmd, int len) {
// Modulate the bytes
for (i = 0; i < len; i++) {
b = cmd[i];
uint8_t b = cmd[i];
for (j = 0; j < 4; j++) {
for (k = 0; k < 4; k++) {
@ -1875,14 +1874,13 @@ void setupIclassReader() {
}
bool sendCmdGetResponseWithRetries(uint8_t *command, size_t cmdsize, uint8_t *resp, uint8_t expected_size, uint8_t retries) {
uint8_t got_n = 0;
while (retries-- > 0) {
ReaderTransmitIClass(command, cmdsize);
//iceman - if received size is bigger than expected, we smash the stack here
// since its called with fixed sized arrays
got_n = ReaderReceiveIClass(resp);
uint8_t got_n = ReaderReceiveIClass(resp);
// 0xBB is the internal debug separator byte..
if (expected_size != got_n || (resp[0] == 0xBB || resp[7] == 0xBB || resp[2] == 0xBB)) {
@ -1983,9 +1981,7 @@ void ReaderIClass(uint8_t arg0) {
//Read App Issuer Area block CRC(0x05) => 0xde 0x64
uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY, 0x05, 0xde, 0x64};
int read_status = 0;
uint16_t tryCnt = 0;
uint8_t result_status = 0;
bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE; // flag to read until one tag is found successfully
bool try_once = arg0 & FLAG_ICLASS_READER_ONE_TRY; // flag to not to loop continuously, looking for tag
@ -2008,9 +2004,9 @@ void ReaderIClass(uint8_t arg0) {
}
tryCnt++;
result_status = 0;
uint8_t result_status = 0;
read_status = handshakeIclassTag_ext(card_data, use_credit_key);
int read_status = handshakeIclassTag_ext(card_data, use_credit_key);
if (read_status == 0) continue;
if (read_status == 1) result_status = FLAG_ICLASS_READER_CSN;
@ -2107,7 +2103,7 @@ void ReaderIClass(uint8_t arg0) {
}
// turn off afterwards
void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
void ReaderIClass_Replay(uint8_t arg0, uint8_t *mac) {
uint8_t cardsize = 0;
uint8_t mem = 0;
@ -2134,7 +2130,7 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
if (read_status < 2) continue;
//for now replay captured auth (as cc not updated)
memcpy(check + 5, MAC, 4);
memcpy(check + 5, mac, 4);
if (!sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 5)) {
DbpString("Error: Authentication Fail!");
@ -2227,8 +2223,8 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
// not used. ?!? ( CMD_ICLASS_READCHECK)
// turn off afterwards
void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType) {
uint8_t readcheck[] = { keyType, blockNo };
void iClass_ReadCheck(uint8_t blockno, uint8_t keytype) {
uint8_t readcheck[] = { keytype, blockno };
uint8_t resp[] = {0, 0, 0, 0, 0, 0, 0, 0};
size_t isOK = 0;
isOK = sendCmdGetResponseWithRetries(readcheck, sizeof(readcheck), resp, sizeof(resp), 6);
@ -2348,9 +2344,9 @@ out:
// Tries to read block.
// retries 10times.
bool iClass_ReadBlock(uint8_t blockNo, uint8_t *data, uint8_t len) {
bool iClass_ReadBlock(uint8_t blockno, uint8_t *data, uint8_t len) {
uint8_t resp[10];
uint8_t cmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockNo, 0x00, 0x00};
uint8_t cmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockno, 0x00, 0x00};
AddCrc(cmd + 1, 1);
// expect size 10, retry 5times
bool isOK = sendCmdGetResponseWithRetries(cmd, sizeof(cmd), resp, 10, 5);
@ -2402,10 +2398,10 @@ void iClass_Dump(uint8_t blockno, uint8_t numblks) {
BigBuf_free();
}
bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
bool iClass_WriteBlock_ext(uint8_t blockno, uint8_t *data) {
uint8_t resp[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
uint8_t write[] = { ICLASS_CMD_UPDATE, blockNo, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t write[] = { ICLASS_CMD_UPDATE, blockno, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
memcpy(write + 2, data, 12); // data + mac
AddCrc(write + 1, 13);
@ -2416,7 +2412,7 @@ bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
if (memcmp(write + 2, resp, 8)) {
//if not programming key areas (note key blocks don't get programmed with actual key data it is xor data)
if (blockNo != 3 && blockNo != 4) {
if (blockno != 3 && blockno != 4) {
isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 5);
}
}
@ -2425,8 +2421,8 @@ bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
}
// turn off afterwards
void iClass_WriteBlock(uint8_t blockNo, uint8_t *data) {
bool isOK = iClass_WriteBlock_ext(blockNo, data);
void iClass_WriteBlock(uint8_t blockno, uint8_t *data) {
bool isOK = iClass_WriteBlock_ext(blockno, data);
cmd_send(CMD_ACK, isOK, 0, 0, 0, 0);
switch_off();
}

794
armsrc/iso14443a.c
View file

@ -16,9 +16,6 @@ static uint32_t iso14a_timeout;
uint8_t colpos = 0;
int rsamples = 0;
//int ReqCount;
//char CollisionIndicators[10*8];
uint8_t trigger = 0;
// the block number for the ISO14443-4 PCB
static uint8_t iso14_pcb_blocknum = 0;
@ -53,17 +50,6 @@ static uint8_t *free_buffer_pointer;
// 1 tick to assign mod_sig_coil
#define DELAY_ARM2AIR_AS_READER (4*16 + 8*16 + 8 + 8 + 1)
// When the PM acts as tag and is receiving it takes
// 2 ticks delay in the RF part (for the first falling edge),
// 3 ticks for the A/D conversion,
// 8 ticks on average until the start of the SSC transfer,
// 8 ticks until the SSC samples the first data
// 7*16 ticks to complete the transfer from FPGA to ARM
// 8 ticks until the next ssp_clk rising edge
// 4*16 ticks until we measure the time
// - 8*16 ticks because we measure the time of the previous transfer
#define DELAY_AIR2ARM_AS_TAG (2 + 3 + 8 + 8 + 7*16 + 8 + 4*16 - 8*16)
// The FPGA will report its internal sending delay in
uint16_t FpgaSendQueueDelay;
// the 5 first bits are the number of bits buffered in mod_sig_buf
@ -135,12 +121,12 @@ uint32_t iso14a_get_timeout(void) {
//-----------------------------------------------------------------------------
// Generate the parity value for a byte sequence
//-----------------------------------------------------------------------------
void GetParity(const uint8_t *pbtCmd, uint16_t iLen, uint8_t *par) {
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par) {
uint16_t paritybit_cnt = 0;
uint16_t paritybyte_cnt = 0;
uint8_t parityBits = 0;
for (uint16_t i = 0; i < iLen; i++) {
for (uint16_t i = 0; i < len; i++) {
// Generate the parity bits
parityBits |= ((oddparity8(pbtCmd[i])) << (7 - paritybit_cnt));
if (paritybit_cnt == 7) {
@ -207,9 +193,9 @@ void UartReset(void) {
Uart.syncBit = 9999;
}
void UartInit(uint8_t *data, uint8_t *parity) {
void UartInit(uint8_t *data, uint8_t *par) {
Uart.output = data;
Uart.parity = parity;
Uart.parity = par;
UartReset();
}
@ -380,9 +366,9 @@ void DemodReset(void) {
Demod.samples = 0;
}
void DemodInit(uint8_t *data, uint8_t *parity) {
void DemodInit(uint8_t *data, uint8_t *par) {
Demod.output = data;
Demod.parity = parity;
Demod.parity = par;
DemodReset();
}
@ -514,8 +500,7 @@ void RAMFUNC SniffIso14443a(uint8_t param) {
uint8_t *data = dmaBuf;
uint8_t previous_data = 0;
int maxDataLen = 0;
int dataLen = 0;
int maxDataLen = 0, dataLen;
bool TagIsActive = false;
bool ReaderIsActive = false;
@ -650,7 +635,7 @@ void RAMFUNC SniffIso14443a(uint8_t param) {
//-----------------------------------------------------------------------------
// Prepare tag messages
//-----------------------------------------------------------------------------
static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *parity, bool collision) {
static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par, bool collision) {
//uint8_t localCol = 0;
ToSendReset();
@ -693,7 +678,7 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par
LastProxToAirDuration = 8 * ToSendMax;
} else {
// Get the parity bit
if (parity[i >> 3] & (0x80 >> (i & 0x0007))) {
if (par[i >> 3] & (0x80 >> (i & 0x0007))) {
ToSend[++ToSendMax] = SEC_D;
LastProxToAirDuration = 8 * ToSendMax - 4;
} else {
@ -755,12 +740,40 @@ static void Code4bitAnswerAsTag(uint8_t cmd) {
ToSendMax++;
}
static uint8_t *LastReaderTraceTime = NULL;
void EmLogTraceReader(void) {
// remember last reader trace start to fix timing info later
LastReaderTraceTime = BigBuf_get_addr() + BigBuf_get_traceLen();
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
}
static void FixLastReaderTraceTime(uint32_t tag_StartTime) {
uint32_t reader_EndTime = Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG;
uint32_t reader_StartTime = Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG;
uint16_t reader_modlen = reader_EndTime - reader_StartTime;
uint16_t approx_fdt = tag_StartTime - reader_EndTime;
uint16_t exact_fdt = (approx_fdt - 20 + 32) / 64 * 64 + 20;
reader_StartTime = tag_StartTime - exact_fdt - reader_modlen;
LastReaderTraceTime[0] = (reader_StartTime >> 0) & 0xff;
LastReaderTraceTime[1] = (reader_StartTime >> 8) & 0xff;
LastReaderTraceTime[2] = (reader_StartTime >> 16) & 0xff;
LastReaderTraceTime[3] = (reader_StartTime >> 24) & 0xff;
}
static void EmLogTraceTag(uint8_t *tag_data, uint16_t tag_len, uint8_t *tag_Parity, uint32_t ProxToAirDuration) {
uint32_t tag_StartTime = LastTimeProxToAirStart * 16 + DELAY_ARM2AIR_AS_TAG;
uint32_t tag_EndTime = (LastTimeProxToAirStart + ProxToAirDuration) * 16 + DELAY_ARM2AIR_AS_TAG;
LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, false);
FixLastReaderTraceTime(tag_StartTime);
}
//-----------------------------------------------------------------------------
// Wait for commands from reader
// stop when button is pressed
// or return TRUE when command is captured
//-----------------------------------------------------------------------------
int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) {
static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *par, int *len) {
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
// only, since we are receiving, not transmitting).
// Signal field is off with the appropriate LED
@ -768,7 +781,7 @@ int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len)
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);
// Now run a `software UART` on the stream of incoming samples.
UartInit(received, parity);
UartInit(received, par);
// clear RXRDY:
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
@ -780,6 +793,7 @@ int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len)
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
if (MillerDecoding(b, 0)) {
*len = Uart.len;
EmLogTraceReader();
return true;
}
}
@ -787,7 +801,7 @@ int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len)
return false;
}
bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffer_size) {
static bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffer_size) {
// Example response, answer to MIFARE Classic read block will be 16 bytes + 2 CRC = 18 bytes
// This will need the following byte array for a modulation sequence
// 144 data bits (18 * 8)
@ -825,23 +839,21 @@ bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffe
// 47 * 8 data bits, 47 * 1 parity bits, 10 start bits, 10 stop bits, 10 correction bits
#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 453
bool prepare_allocated_tag_modulation(tag_response_info_t *response_info) {
// Retrieve and store the current buffer index
response_info->modulation = free_buffer_pointer;
bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *max_buffer_size) {
// Determine the maximum size we can use from our buffer
size_t max_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
// Retrieve and store the current buffer index
response_info->modulation = *buffer;
// Forward the prepare tag modulation function to the inner function
if (prepare_tag_modulation(response_info, max_buffer_size)) {
// Update the free buffer offset
free_buffer_pointer += ToSendMax;
if (prepare_tag_modulation(response_info, *max_buffer_size)) {
// Update the free buffer offset and the remaining buffer size
*buffer += ToSendMax;
*max_buffer_size -= ToSendMax;
return true;
} else {
return false;
}
}
//-----------------------------------------------------------------------------
// Main loop of simulated tag: receive commands from reader, decide what
// response to send, and send it.
@ -1040,12 +1052,13 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t *data) {
// allocate buffers:
uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
//free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
size_t free_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
// Prepare the responses of the anticollision phase
// there will be not enough time to do this at the moment the reader sends it REQA
for (size_t i = 0; i < TAG_RESPONSE_COUNT; i++)
prepare_allocated_tag_modulation(&responses[i]);
prepare_allocated_tag_modulation(&responses[i], &free_buffer_pointer, &free_buffer_size);
int len = 0;
@ -1121,7 +1134,7 @@ void SimulateIso14443aTag(int tagType, int flags, uint8_t *data) {
uint8_t emdata[MAX_FRAME_SIZE];
// first 12 blocks of emu are [getversion answer - check tearing - pack - 0x00 - signature]
int start = (receivedCmd[1] + 12) * 4;
int len = (receivedCmd[2] - receivedCmd[1] + 1) * 4;
len = (receivedCmd[2] - receivedCmd[1] + 1) * 4;
emlGetMemBt(emdata, start, len);
AddCrc14A(emdata, len);
EmSendCmd(emdata, len + 2);
@ -1506,7 +1519,7 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
//-----------------------------------------------------------------------------
// Prepare reader command (in bits, support short frames) to send to FPGA
//-----------------------------------------------------------------------------
void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *parity) {
void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *par) {
int i, j;
int last = 0;
uint8_t b;
@ -1545,9 +1558,9 @@ void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8
}
// Only transmit parity bit if we transmitted a complete byte
if (j == 8 && parity != NULL) {
if (j == 8 && par != NULL) {
// Get the parity bit
if (parity[i >> 3] & (0x80 >> (i & 0x0007))) {
if (par[i >> 3] & (0x80 >> (i & 0x0007))) {
// Sequence X
ToSend[++ToSendMax] = SEC_X;
LastProxToAirDuration = 8 * (ToSendMax + 1) - 2;
@ -1585,8 +1598,8 @@ void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8
//-----------------------------------------------------------------------------
// Prepare reader command to send to FPGA
//-----------------------------------------------------------------------------
void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *parity) {
CodeIso14443aBitsAsReaderPar(cmd, len * 8, parity);
void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *par) {
CodeIso14443aBitsAsReaderPar(cmd, len * 8, par);
}
//-----------------------------------------------------------------------------
@ -1594,7 +1607,7 @@ void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *p
// Stop when button is pressed (return 1) or field was gone (return 2)
// Or return 0 when command is captured
//-----------------------------------------------------------------------------
int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *par) {
*len = 0;
uint32_t timer = 0, vtime = 0;
@ -1618,7 +1631,7 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
// Now run a 'software UART' on the stream of incoming samples.
UartInit(received, parity);
UartInit(received, par);
// Clear RXRDY:
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
@ -1634,7 +1647,7 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF];
AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
if (analogCnt >= 32) {
if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
if ((MAX_ADC_HF_VOLTAGE_RDV40 * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
vtime = GetTickCount();
if (!timer) timer = vtime;
// 50ms no field --> card to idle state
@ -1650,6 +1663,7 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
if (MillerDecoding(b, 0)) {
*len = Uart.len;
EmLogTraceReader();
return 0;
}
}
@ -1768,11 +1782,30 @@ int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision) {
return EmSendCmdParEx(resp, respLen, par, collision);
}
bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity) {
int EmSendPrecompiledCmd(tag_response_info_t *response_info) {
int ret = EmSendCmd14443aRaw(response_info->modulation, response_info->modulation_n);
// do the tracing for the previous reader request and this tag answer:
EmLogTraceTag(response_info->response, response_info->response_n,
&(response_info->par), response_info->ProxToAirDuration);
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
Dbprintf("response_info->response %02X", response_info->response);
Dbprintf("response_info->response_n %02X", response_info->response_n);
Dbprintf("response_info->par %02X", &(response_info->par));
}
return ret;
}
bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime,
uint32_t reader_EndTime, uint8_t *reader_Parity, uint8_t *tag_data,
uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity) {
// we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
// end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
// with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
uint16_t reader_modlen = reader_EndTime - reader_StartTime;
uint16_t approx_fdt = tag_StartTime - reader_EndTime;
uint16_t exact_fdt = (approx_fdt - 20 + 32) / 64 * 64 + 20;
@ -1850,17 +1883,17 @@ void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing) {
ReaderTransmitBitsPar(frame, len * 8, par, timing);
}
int ReaderReceiveOffset(uint8_t *receivedAnswer, uint16_t offset, uint8_t *parity) {
if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, offset))
int ReaderReceiveOffset(uint8_t *receivedAnswer, uint16_t offset, uint8_t *par) {
if (!GetIso14443aAnswerFromTag(receivedAnswer, par, offset))
return false;
LogTrace(receivedAnswer, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, parity, false);
LogTrace(receivedAnswer, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, par, false);
return Demod.len;
}
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) {
if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0))
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *par) {
if (!GetIso14443aAnswerFromTag(receivedAnswer, par, 0))
return false;
LogTrace(receivedAnswer, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, parity, false);
LogTrace(receivedAnswer, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, par, false);
return Demod.len;
}
@ -2962,653 +2995,6 @@ void DetectNACKbug() {
set_tracing(false);
}
/**
*MIFARE 1K simulate.
*
*@param flags :
* FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK
* FLAG_4B_UID_IN_DATA - use 4-byte UID in the data-section
* FLAG_7B_UID_IN_DATA - use 7-byte UID in the data-section
* FLAG_10B_UID_IN_DATA - use 10-byte UID in the data-section
* FLAG_UID_IN_EMUL - use 4-byte UID from emulator memory
* FLAG_NR_AR_ATTACK - collect NR_AR responses for bruteforcing later
*@param exitAfterNReads, exit simulation after n blocks have been read, 0 is inifite
* (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
*/
void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain) {
int cardSTATE = MFEMUL_NOFIELD;
int _UID_LEN = 0; // 4, 7, 10
int _SECTORS = 16; // 16, 32, 40
int vHf = 0; // in mV
int res = 0;
uint32_t selTimer = 0;
uint32_t authTimer = 0;
uint16_t len = 0;
uint8_t cardWRBL = 0;
uint8_t cardAUTHSC = 0;
uint8_t cardAUTHKEY = 0xff; // no authentication
uint32_t cuid = 0;
uint32_t ans = 0;
uint32_t cardINTREG = 0;
uint8_t cardINTBLOCK = 0;
struct Crypto1State mpcs = {0, 0};
struct Crypto1State *pcs;
pcs = &mpcs;
uint32_t numReads = 0; // Counts numer of times reader read a block
uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};
uint8_t decryptedCmd[MAX_MIFARE_FRAME_SIZE] = {0x00};
uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE] = {0x00};
uint8_t response[MAX_MIFARE_FRAME_SIZE] = {0x00};
uint8_t response_par[MAX_MIFARE_PARITY_SIZE] = {0x00};
uint8_t atqa[] = {0x04, 0x00}; // Mifare classic 1k
uint8_t sak_4[] = {0x0C, 0x00, 0x00}; // CL1 - 4b uid
uint8_t sak_7[] = {0x0C, 0x00, 0x00}; // CL2 - 7b uid
uint8_t sak_10[] = {0x0C, 0x00, 0x00}; // CL3 - 10b uid
// uint8_t sak[] = {0x09, 0x3f, 0xcc }; // Mifare Mini
uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
uint8_t rUIDBCC3[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
// TAG Nonce - Authenticate response
uint8_t rAUTH_NT[4];
uint8_t rAUTH_NT_keystream[4];
uint32_t nonce = 0;
// uint8_t rAUTH_NT[] = {0x55, 0x41, 0x49, 0x92};// nonce from nested? why this?
// uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
// Here, we collect CUID, NT, NR, AR, CUID2, NT2, NR2, AR2
// This can be used in a reader-only attack.
nonces_t ar_nr_nonces[ATTACK_KEY_COUNT];
memset(ar_nr_nonces, 0x00, sizeof(ar_nr_nonces));
// -- Determine the UID
// Can be set from emulator memory or incoming data
// Length: 4,7,or 10 bytes
if ((flags & FLAG_UID_IN_EMUL) == FLAG_UID_IN_EMUL)
emlGetMemBt(datain, 0, 10); // load 10bytes from EMUL to the datain pointer. to be used below.
if ((flags & FLAG_4B_UID_IN_DATA) == FLAG_4B_UID_IN_DATA) {
memcpy(rUIDBCC1, datain, 4);
_UID_LEN = 4;
} else if ((flags & FLAG_7B_UID_IN_DATA) == FLAG_7B_UID_IN_DATA) {
memcpy(&rUIDBCC1[1], datain, 3);
memcpy(rUIDBCC2, datain + 3, 4);
_UID_LEN = 7;
} else if ((flags & FLAG_10B_UID_IN_DATA) == FLAG_10B_UID_IN_DATA) {
memcpy(&rUIDBCC1[1], datain, 3);
memcpy(&rUIDBCC2[1], datain + 3, 3);
memcpy(rUIDBCC3, datain + 6, 4);
_UID_LEN = 10;
}
switch (_UID_LEN) {
case 4:
sak_4[0] &= 0xFB;
// save CUID
cuid = bytes_to_num(rUIDBCC1, 4);
// BCC
rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
if (MF_DBGLEVEL >= 2) {
Dbprintf("4B UID: %02x%02x%02x%02x",
rUIDBCC1[0],
rUIDBCC1[1],
rUIDBCC1[2],
rUIDBCC1[3]
);
}
break;
case 7:
atqa[0] |= 0x40;
sak_7[0] &= 0xFB;
// save CUID
cuid = bytes_to_num(rUIDBCC2, 4);
// CascadeTag, CT
rUIDBCC1[0] = 0x88;
// BCC
rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
if (MF_DBGLEVEL >= 2) {
Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x",
rUIDBCC1[1],
rUIDBCC1[2],
rUIDBCC1[3],
rUIDBCC2[0],
rUIDBCC2[1],
rUIDBCC2[2],
rUIDBCC2[3]
);
}
break;
case 10:
atqa[0] |= 0x80;
sak_10[0] &= 0xFB;
// save CUID
cuid = bytes_to_num(rUIDBCC3, 4);
// CascadeTag, CT
rUIDBCC1[0] = 0x88;
rUIDBCC2[0] = 0x88;
// BCC
rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
rUIDBCC3[4] = rUIDBCC3[0] ^ rUIDBCC3[1] ^ rUIDBCC3[2] ^ rUIDBCC3[3];
if (MF_DBGLEVEL >= 2) {
Dbprintf("10B UID: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
rUIDBCC1[1],
rUIDBCC1[2],
rUIDBCC1[3],
rUIDBCC2[1],
rUIDBCC2[2],
rUIDBCC2[3],
rUIDBCC3[0],
rUIDBCC3[1],
rUIDBCC3[2],
rUIDBCC3[3]
);
}
break;
default:
break;
}
// calc some crcs
AddCrc14A(sak_4, sizeof(sak_4) - 2);
AddCrc14A(sak_7, sizeof(sak_7) - 2);
AddCrc14A(sak_10, sizeof(sak_10) - 2);
// We need to listen to the high-frequency, peak-detected path.
iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
// free eventually allocated BigBuf memory but keep Emulator Memory
BigBuf_free_keep_EM();
clear_trace();
set_tracing(true);
LED_D_ON();
bool finished = false;
while (!BUTTON_PRESS() && !finished && !usb_poll_validate_length()) {
WDT_HIT();
// find reader field
if (cardSTATE == MFEMUL_NOFIELD) {
vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
if (vHf > MF_MINFIELDV) {
cardSTATE_TO_IDLE();
LED_A_ON();
}
}
if (cardSTATE == MFEMUL_NOFIELD) continue;
// Now, get data
res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
if (res == 2) { //Field is off!
cardSTATE = MFEMUL_NOFIELD;
LEDsoff();
continue;
} else if (res == 1) {
break; // return value 1 means button press
}
// REQ or WUP request in ANY state and WUP in HALTED state
// this if-statement doesn't match the specification above. (iceman)
if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
selTimer = GetTickCount();
EmSendCmd(atqa, sizeof(atqa));
cardSTATE = MFEMUL_SELECT1;
crypto1_destroy(pcs);
cardAUTHKEY = 0xff;
nonce = prng_successor(selTimer, 32);
num_to_bytes(nonce, 4, rAUTH_NT);
num_to_bytes(cuid ^ nonce, 4, rAUTH_NT_keystream);
continue;
}
switch (cardSTATE) {
case MFEMUL_NOFIELD:
case MFEMUL_HALTED:
case MFEMUL_IDLE: {
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
break;
}
case MFEMUL_SELECT1: {
if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && receivedCmd[1] == 0x20)) {
if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL received");
EmSendCmd(rUIDBCC1, sizeof(rUIDBCC1));
break;
}
// select card
if (len == 9 &&
(receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT &&
receivedCmd[1] == 0x70 &&
memcmp(&receivedCmd[2], rUIDBCC1, 4) == 0)) {
// SAK 4b
EmSendCmd(sak_4, sizeof(sak_4));
switch (_UID_LEN) {
case 4:
cardSTATE = MFEMUL_WORK;
LED_B_ON();
if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol1 time: %d", GetTickCount() - selTimer);
continue;
case 7:
case 10:
cardSTATE = MFEMUL_SELECT2;
continue;
default:
break;
}
} else {
cardSTATE_TO_IDLE();
}
break;
}
case MFEMUL_SELECT2: {
if (!len) {
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
break;
}
if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && receivedCmd[1] == 0x20)) {
EmSendCmd(rUIDBCC2, sizeof(rUIDBCC2));
break;
}
if (len == 9 &&
(receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 &&
receivedCmd[1] == 0x70 &&
memcmp(&receivedCmd[2], rUIDBCC2, 4) == 0)) {
EmSendCmd(sak_7, sizeof(sak_7));
switch (_UID_LEN) {
case 7:
cardSTATE = MFEMUL_WORK;
LED_B_ON();
if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol2 time: %d", GetTickCount() - selTimer);
continue;
case 10:
cardSTATE = MFEMUL_SELECT3;
continue;
default:
break;
}
}
cardSTATE_TO_IDLE();
break;
}
case MFEMUL_SELECT3: {
if (!len) {
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
break;
}
if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && receivedCmd[1] == 0x20)) {
EmSendCmd(rUIDBCC3, sizeof(rUIDBCC3));
break;
}
if (len == 9 &&
(receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 &&
receivedCmd[1] == 0x70 &&
memcmp(&receivedCmd[2], rUIDBCC3, 4) == 0)) {
EmSendCmd(sak_10, sizeof(sak_10));
cardSTATE = MFEMUL_WORK;
LED_B_ON();
if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol3 time: %d", GetTickCount() - selTimer);
break;
}
cardSTATE_TO_IDLE();
break;
}
case MFEMUL_AUTH1: {
if (len != 8) {
cardSTATE_TO_IDLE();
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
break;
}
uint32_t nr = bytes_to_num(receivedCmd, 4);
uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
// Collect AR/NR per keytype & sector
if ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK) {
int8_t index = -1;
int8_t empty = -1;
for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
// find which index to use
if ((cardAUTHSC == ar_nr_nonces[i].sector) && (cardAUTHKEY == ar_nr_nonces[i].keytype))
index = i;
// keep track of empty slots.
if (ar_nr_nonces[i].state == EMPTY)
empty = i;
}
// if no empty slots. Choose first and overwrite.
if (index == -1) {
if (empty == -1) {
index = 0;
ar_nr_nonces[index].state = EMPTY;
} else {
index = empty;
}
}
switch (ar_nr_nonces[index].state) {
case EMPTY: {
// first nonce collect
ar_nr_nonces[index].cuid = cuid;
ar_nr_nonces[index].sector = cardAUTHSC;
ar_nr_nonces[index].keytype = cardAUTHKEY;
ar_nr_nonces[index].nonce = nonce;
ar_nr_nonces[index].nr = nr;
ar_nr_nonces[index].ar = ar;
ar_nr_nonces[index].state = FIRST;
break;
}
case FIRST : {
// second nonce collect
ar_nr_nonces[index].nonce2 = nonce;
ar_nr_nonces[index].nr2 = nr;
ar_nr_nonces[index].ar2 = ar;
ar_nr_nonces[index].state = SECOND;
// send to client
cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, 0, 0, &ar_nr_nonces[index], sizeof(nonces_t));
ar_nr_nonces[index].state = EMPTY;
ar_nr_nonces[index].sector = 0;
ar_nr_nonces[index].keytype = 0;
break;
}
default:
break;
}
}
crypto1_word(pcs, nr, 1);
uint32_t cardRr = ar ^ crypto1_word(pcs, 0, 0);
//test if auth OK
if (cardRr != prng_successor(nonce, 64)) {
if (MF_DBGLEVEL >= 3) {
Dbprintf("AUTH FAILED for sector %d with key %c. [nr=%08x cardRr=%08x] [nt=%08x succ=%08x]"
, cardAUTHSC
, (cardAUTHKEY == 0) ? 'A' : 'B'
, nr
, cardRr
, nonce // nt
, prng_successor(nonce, 64)
);
}
// sends encrypted NACK response to do no wait timeout
cardSTATE_TO_IDLE();
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
break;
}
/*
ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
num_to_bytes(ans, 4, rAUTH_AT);
EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
*/
ans = prng_successor(nonce, 96);
num_to_bytes(ans, 4, response);
mf_crypto1_encrypt(pcs, response, 4, response_par);
EmSendCmdPar(response, 4, response_par);
LED_C_ON();
if (MF_DBGLEVEL >= 3) {
Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d",
cardAUTHSC,
cardAUTHKEY == 0 ? 'A' : 'B',
GetTickCount() - authTimer
);
}
cardSTATE = MFEMUL_WORK;
break;
}
case MFEMUL_WORK: {
if (len == 0) {
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
break;
}
bool encrypted_data = (cardAUTHKEY != 0xFF) ;
uint8_t *pRecvCmd = receivedCmd;
if (encrypted_data) {
// decrypt request to separate buffer, trace log saves encrypted source sequence
mf_crypto1_decryptEx(pcs, receivedCmd, len, decryptedCmd);
pRecvCmd = decryptedCmd;
}
uint8_t block = 0;
uint8_t sector = 0;
if (len == 4 && (pRecvCmd[0] == MIFARE_AUTH_KEYA ||
pRecvCmd[0] == MIFARE_AUTH_KEYB)) {
// received block -> sector
block = pRecvCmd[1];
sector = MifareBlockToSector(block);
if (cardAUTHSC >= _SECTORS) {
EmSend4bit(encrypted_data ? mf_crypto1_encrypt4bit(pcs, CARD_NACK_IV) : CARD_NACK_IV);
if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) on out of range block: %d (0x%02x), nacking", pRecvCmd[0], block, block);
break;
}
authTimer = GetTickCount();
cardAUTHSC = sector;
cardAUTHKEY = pRecvCmd[0] & 0x1;
crypto1_destroy(pcs);
// load key into crypto
crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
if (!encrypted_data) {
// first authentication
// Update crypto state init (UID ^ NONCE)
crypto1_word(pcs, cuid ^ nonce, 0);
EmSendCmd(rAUTH_NT, sizeof(rAUTH_NT));
} else {
// nested authentication
/*
ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0)
num_to_bytes(ans, 4, rAUTH_AT);
*/
mf_crypto1_encryptEx(pcs, rAUTH_NT, rAUTH_NT_keystream, response, 4, response_par);
EmSendCmdPar(response, 4, response_par);
if (MF_DBGLEVEL >= 3) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %c", block, block, cardAUTHKEY == 0 ? 'A' : 'B');
}
cardSTATE = MFEMUL_AUTH1;
break;
}
// rule 13 of 7.5.3. in ISO 14443-4. chaining shall be continued
// BUT... ACK --> NACK
if (len == 1 && pRecvCmd[0] == CARD_ACK) {
EmSend4bit(encrypted_data ? mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA) : CARD_NACK_NA);
break;
}
// rule 12 of 7.5.3. in ISO 14443-4. R(NAK) --> R(ACK)
if (len == 1 && pRecvCmd[0] == CARD_NACK_NA) {
EmSend4bit(encrypted_data ? mf_crypto1_encrypt4bit(pcs, CARD_ACK) : CARD_ACK);
break;
}
// halt
if (len > 1 && pRecvCmd[0] == ISO14443A_CMD_HALT && pRecvCmd[1] == 0x00) {
LED_B_OFF();
LED_C_OFF();
cardSTATE = MFEMUL_HALTED;
if (MF_DBGLEVEL >= 4) Dbprintf("--> HALTED. Selected time: %d ms", GetTickCount() - selTimer);
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
cardAUTHKEY = 0xff;
break;
}
// RATS
if (pRecvCmd[0] == ISO14443A_CMD_RATS) {
EmSend4bit(encrypted_data ? mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA) : CARD_NACK_NA);
break;
}
if (pRecvCmd[0] == ISO14443A_CMD_READBLOCK ||
pRecvCmd[0] == ISO14443A_CMD_WRITEBLOCK ||
pRecvCmd[0] == MIFARE_CMD_INC ||
pRecvCmd[0] == MIFARE_CMD_DEC ||
pRecvCmd[0] == MIFARE_CMD_RESTORE ||
pRecvCmd[0] == MIFARE_CMD_TRANSFER) {
if (!encrypted_data) {
EmSend4bit(CARD_NACK_NA);
if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) under non-encrypted state, nacking", pRecvCmd[0]);
break;
}
if (len != 4) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
if (MF_DBGLEVEL >= 4) Dbprintf("Request (0x%02) has invalid length, nacking", pRecvCmd[0]);
break;
}
block = pRecvCmd[1];
sector = MifareBlockToSector(block);
if (sector >= _SECTORS) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) on out of range block: %d (0x%02x), nacking", pRecvCmd[0], block, block);
break;
}
if (sector != cardAUTHSC) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) on block (0x%02x) not authenticated for (0x%02x) sector, nacking", pRecvCmd[0], block, cardAUTHSC);
break;
}
}
// read block
if (pRecvCmd[0] == ISO14443A_CMD_READBLOCK) {
if (MF_DBGLEVEL >= 4) Dbprintf("Reader reading block %d (0x%02x)", block, block);
emlGetMem(response, block, 1);
AddCrc14A(response, 16);
mf_crypto1_encrypt(pcs, response, 18, response_par);
EmSendCmdPar(response, 18, response_par);
numReads++;
if (exitAfterNReads > 0 && numReads >= exitAfterNReads) {
Dbprintf("%d reads done, exiting", numReads);
finished = true;
}
break;
}
// write block
if (pRecvCmd[0] == ISO14443A_CMD_WRITEBLOCK) {
if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0xA0 write block %d (%02x)", block, block);
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
cardSTATE = MFEMUL_WRITEBL2;
cardWRBL = block;
break;
}
// increment, decrement, restore
if (pRecvCmd[0] == MIFARE_CMD_INC ||
pRecvCmd[0] == MIFARE_CMD_DEC ||
pRecvCmd[0] == MIFARE_CMD_RESTORE) {
if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)", pRecvCmd[0], block, block);
if (emlCheckValBl(block)) {
if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking");
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
break;
}
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
if (pRecvCmd[0] == MIFARE_CMD_INC) cardSTATE = MFEMUL_INTREG_INC;
if (pRecvCmd[0] == MIFARE_CMD_DEC) cardSTATE = MFEMUL_INTREG_DEC;
if (pRecvCmd[0] == MIFARE_CMD_RESTORE) cardSTATE = MFEMUL_INTREG_REST;
cardWRBL = block;
break;
}
// transfer
if (pRecvCmd[0] == MIFARE_CMD_TRANSFER) {
if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x transfer block %d (%02x)", pRecvCmd[0], block, block);
if (emlSetValBl(cardINTREG, cardINTBLOCK, block))
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
else
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
break;
}
// command not allowed
if (MF_DBGLEVEL >= 4) Dbprintf("Received command not allowed, nacking");
EmSend4bit(encrypted_data ? mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA) : CARD_NACK_NA);
break;
}
case MFEMUL_WRITEBL2: {
if (len == 18) {
mf_crypto1_decryptEx(pcs, receivedCmd, len, decryptedCmd);
emlSetMem(decryptedCmd, cardWRBL, 1);
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
cardSTATE = MFEMUL_WORK;
} else {
cardSTATE_TO_IDLE();
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
}
break;
}
case MFEMUL_INTREG_INC: {
mf_crypto1_decryptEx(pcs, receivedCmd, len, decryptedCmd);
memcpy(&ans, decryptedCmd, 4);
if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
cardSTATE_TO_IDLE();
break;
}
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
cardINTREG = cardINTREG + ans;
cardSTATE = MFEMUL_WORK;
break;
}
case MFEMUL_INTREG_DEC: {
mf_crypto1_decryptEx(pcs, receivedCmd, len, decryptedCmd);
memcpy(&ans, decryptedCmd, 4);
if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
cardSTATE_TO_IDLE();
break;
}
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
cardINTREG = cardINTREG - ans;
cardSTATE = MFEMUL_WORK;
break;
}
case MFEMUL_INTREG_REST: {
mf_crypto1_decryptEx(pcs, receivedCmd, len, decryptedCmd);
memcpy(&ans, decryptedCmd, 4);
if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
cardSTATE_TO_IDLE();
break;
}
LogTrace(Uart.output, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
cardSTATE = MFEMUL_WORK;
break;
}
}
}
if (MF_DBGLEVEL >= 1)
Dbprintf("Emulator stopped. Trace length: %d ", BigBuf_get_traceLen());
cmd_send(CMD_ACK, 1, 0, 0, 0, 0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
set_tracing(false);
void AppendCrc14443a(uint8_t *data, int len) {
compute_crc(CRC_14443_A, data, len, data + len, data + len + 1);
}

81
armsrc/iso14443a.h
View file

@ -27,9 +27,19 @@ extern "C" {
#include "crapto1/crapto1.h"
#include "mifareutil.h"
#include "parity.h"
#include "random.h"
#include "mifare.h" // structs
// When the PM acts as tag and is receiving it takes
// 2 ticks delay in the RF part (for the first falling edge),
// 3 ticks for the A/D conversion,
// 8 ticks on average until the start of the SSC transfer,
// 8 ticks until the SSC samples the first data
// 7*16 ticks to complete the transfer from FPGA to ARM
// 8 ticks until the next ssp_clk rising edge
// 4*16 ticks until we measure the time
// - 8*16 ticks because we measure the time of the previous transfer
#define DELAY_AIR2ARM_AS_TAG (2 + 3 + 8 + 8 + 7*16 + 8 + 4*16 - 8*16)
typedef struct {
enum {
DEMOD_UNSYNCD,
@ -97,49 +107,54 @@ typedef struct {
# define CheckCrc14A(data, len) check_crc(CRC_14443_A, (data), (len))
#endif
extern void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);
extern tDemod *GetDemod(void);
extern void DemodReset(void);
extern void DemodInit(uint8_t *data, uint8_t *parity);
extern tUart *GetUart(void);
extern void UartReset(void);
extern void UartInit(uint8_t *data, uint8_t *parity);
extern RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);
extern RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);
tDemod *GetDemod(void);
void DemodReset(void);
void DemodInit(uint8_t *data, uint8_t *par);
tUart *GetUart(void);
void UartReset(void);
void UartInit(uint8_t *data, uint8_t *par);
RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);
RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);
extern void RAMFUNC SniffIso14443a(uint8_t param);
extern void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);
extern void iso14443a_antifuzz(uint32_t flags);
extern void ReaderIso14443a(UsbCommand *c);
extern void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
extern void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
extern void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
extern int ReaderReceive(uint8_t *receivedAnswer, uint8_t *par);
void RAMFUNC SniffIso14443a(uint8_t param);
void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);
void iso14443a_antifuzz(uint32_t flags);
void ReaderIso14443a(UsbCommand *c);
void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *par);
extern void iso14443a_setup(uint8_t fpga_minor_mode);
extern int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint8_t *res);
extern int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *resp_data, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
extern int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades);
extern void iso14a_set_trigger(bool enable);
void iso14443a_setup(uint8_t fpga_minor_mode);
int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint8_t *res);
int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades);
void iso14a_set_trigger(bool enable);
extern int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen);
extern int EmSend4bit(uint8_t resp);
extern int EmSendCmd(uint8_t *resp, uint16_t respLen);
extern int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision);
extern int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity);
extern int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
extern int EmSendCmdParEx(uint8_t *resp, uint16_t respLen, uint8_t *par, bool collision);
extern int EmSendPrecompiledCmd(tag_response_info_t *response_info);
int EmSendPrecompiledCmd(tag_response_info_t *response_info);
int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen);
int EmSend4bit(uint8_t resp);
int EmSendCmd(uint8_t *resp, uint16_t respLen);
int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision);
int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *par);
int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
int EmSendCmdParEx(uint8_t *resp, uint16_t respLen, uint8_t *par, bool collision);
int EmSendPrecompiledCmd(tag_response_info_t *response_info);
void EmLogTraceReader(void);
bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *max_buffer_size);
bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity);
//extern bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *buffer_size);
void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype);
void DetectNACKbug();
void AppendCrc14443a(uint8_t *data, int len);
#ifdef __cplusplus
}
#endif

14
armsrc/iso14443b.h
View file

@ -34,15 +34,15 @@ extern "C" {
# define AddCrc14B(data, len) compute_crc(CRC_14443_B, (data), (len), (data)+(len), (data)+(len)+1)
#endif
extern void SendRawCommand14443B_Ex(UsbCommand *c);
extern void iso14443b_setup();
extern uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);
extern uint8_t iso14443b_select_card(iso14b_card_select_t *card);
extern uint8_t iso14443b_select_card_srx(iso14b_card_select_t *card);
void SendRawCommand14443B_Ex(UsbCommand *c);
void iso14443b_setup();
uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);
uint8_t iso14443b_select_card(iso14b_card_select_t *card);
uint8_t iso14443b_select_card_srx(iso14b_card_select_t *card);
// testfunctions
extern void WaitForFpgaDelayQueueIsEmpty(uint16_t delay);
extern void ClearFpgaShiftingRegisters(void);
void WaitForFpgaDelayQueueIsEmpty(uint16_t delay);
void ClearFpgaShiftingRegisters(void);
// States for 14B SIM command
#define SIM_NOFIELD 0

28
armsrc/iso15693.c
View file

@ -81,9 +81,9 @@
#define Logic1 Iso15693Logic1
#define FrameEOF Iso15693FrameEOF
#define Crc(data, len) crc(CRC_15693, (data), (len))
#define CheckCrc(data, len) check_crc(CRC_15693, (data), (len))
#define AddCrc(data, len) compute_crc(CRC_15693, (data), (len), (data)+(len), (data)+(len)+1)
//#define Crc(data, len) Crc(CRC_15693, (data), (len))
#define CheckCrc15(data, len) check_crc(CRC_15693, (data), (len))
#define AddCrc15(data, len) compute_crc(CRC_15693, (data), (len), (data)+(len), (data)+(len)+1)
#define sprintUID(target,uid) Iso15693sprintUID((target), (uid))
@ -621,18 +621,18 @@ void Iso15693InitReader(void) {
// Encode (into the ToSend buffers) an identify request, which is the first
// thing that you must send to a tag to get a response.
// It expects "out" to be at least CMD_ID_RESP large
static void BuildIdentifyRequest(uint8_t *out) {
// It expects "cmdout" to be at least CMD_ID_RESP large
static void BuildIdentifyRequest(uint8_t *cmdout) {
uint8_t cmd[CMD_ID_RESP] = {0, ISO15_CMD_INVENTORY, 0, 0, 0};
// flags
cmd[0] = ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
// no mask
cmd[2] = 0x00;
// CRC
AddCrc(cmd, 3);
AddCrc15(cmd, 3);
// coding as high speed (1 out of 4)
CodeIso15693AsReader(cmd, CMD_ID_RESP);
memcpy(out, cmd, CMD_ID_RESP);
memcpy(cmdout, cmd, CMD_ID_RESP);
}
// uid is in transmission order (which is reverse of display order)
@ -658,7 +658,7 @@ static void BuildReadBlockRequest(uint8_t **out, uint8_t *uid, uint8_t blockNumb
// Block number to read
cmd[10] = blockNumber;//0x00;
// CRC
AddCrc(cmd, 11);
AddCrc15(cmd, 11);
CodeIso15693AsReader(cmd, CMD_READ_RESP);
memcpy(out, cmd, CMD_ID_RESP);
}
@ -666,7 +666,7 @@ static void BuildReadBlockRequest(uint8_t **out, uint8_t *uid, uint8_t blockNumb
// Now the VICC>VCD responses when we are simulating a tag
// It expects "out" to be at least CMD_INV_RESP large
static void BuildInventoryResponse(uint8_t *out, uint8_t *uid) {
static void BuildInventoryResponse(uint8_t *cmdout, uint8_t *uid) {
uint8_t cmd[CMD_INV_RESP] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
@ -685,9 +685,9 @@ static void BuildInventoryResponse(uint8_t *out, uint8_t *uid) {
cmd[8] = uid[1]; //0x05;
cmd[9] = uid[0]; //0xe0;
// CRC
AddCrc(cmd, 10);
AddCrc15(cmd, 10);
CodeIso15693AsReader(cmd, CMD_INV_RESP);
memcpy(out, cmd, CMD_INV_RESP);
memcpy(cmdout, cmd, CMD_INV_RESP);
}
// Universal Method for sending to and recv bytes from a tag
@ -780,7 +780,7 @@ void DbdecodeIso15693Answer(int len, uint8_t *d) {
strncat(status, "No error ", DBD15STATLEN - strlen(status));
}
if (CheckCrc(d, len))
if (CheckCrc15(d, len))
strncat(status, "[+] crc OK", DBD15STATLEN - strlen(status));
else
strncat(status, "[!] crc fail", DBD15STATLEN - strlen(status));
@ -932,7 +932,7 @@ void BruteforceIso15693Afi(uint32_t speed) {
data[0] = ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
data[1] = ISO15_CMD_INVENTORY;
data[2] = 0; // mask length
AddCrc(data, 3);
AddCrc15(data, 3);
datalen += 2;
recvlen = SendDataTag(data, datalen, false, speed, buf);
@ -951,7 +951,7 @@ void BruteforceIso15693Afi(uint32_t speed) {
for (uint16_t i = 0; i < 256; i++) {
data[2] = i & 0xFF;
AddCrc(data, 4);
AddCrc15(data, 4);
datalen += 2;
recvlen = SendDataTag(data, datalen, false, speed, buf);
WDT_HIT();

6
armsrc/legicrf.h
View file

@ -14,8 +14,8 @@
#include "proxmark3.h"
extern void LegicRfInfo(void);
extern void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv);
extern void LegicRfWriter(uint16_t offset, uint16_t byte, uint8_t iv, uint8_t *data);
void LegicRfInfo(void);
void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv);
void LegicRfWriter(uint16_t offset, uint16_t len, uint8_t iv, uint8_t *data);
#endif /* __LEGICRF_H */

2
armsrc/legicrfsim.h
View file

@ -14,6 +14,6 @@
#include "proxmark3.h"
extern void LegicRfSimulate(uint8_t tagtype);
void LegicRfSimulate(uint8_t tagtype);
#endif /* __LEGICRFSIM_H */

73
armsrc/lfops.c
View file

@ -651,7 +651,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) {
#define DEBUG_FRAME_CONTENTS 1
void SimulateTagLowFrequencyBidir(int divisor, int t0) {
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen) {
}
// compose fc/5 fc/8 waveform (FSK1)
@ -901,7 +901,7 @@ static void stAskSimBit(int *n, uint8_t clock) {
}
// args clock, ask/man or askraw, invert, transmission separator
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol) {
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
set_tracing(false);
@ -914,20 +914,20 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream,
if (encoding == 2) { //biphase
uint8_t phase = 0;
for (i = 0; i < size; i++) {
biphaseSimBit(BitStream[i]^invert, &n, clk, &phase);
biphaseSimBit(bits[i]^invert, &n, clk, &phase);
}
if (phase == 1) { //run a second set inverted to keep phase in check
for (i = 0; i < size; i++) {
biphaseSimBit(BitStream[i]^invert, &n, clk, &phase);
biphaseSimBit(bits[i]^invert, &n, clk, &phase);
}
}
} else { // ask/manchester || ask/raw
for (i = 0; i < size; i++) {
askSimBit(BitStream[i]^invert, &n, clk, encoding);
askSimBit(bits[i]^invert, &n, clk, encoding);
}
if (encoding == 0 && BitStream[0] == BitStream[size - 1]) { //run a second set inverted (for ask/raw || biphase phase)
if (encoding == 0 && bits[0] == bits[size - 1]) { //run a second set inverted (for ask/raw || biphase phase)
for (i = 0; i < size; i++) {
askSimBit(BitStream[i]^invert ^ 1, &n, clk, encoding);
askSimBit(bits[i]^invert ^ 1, &n, clk, encoding);
}
}
}
@ -968,7 +968,7 @@ static void pskSimBit(uint8_t waveLen, int *n, uint8_t clk, uint8_t *curPhase, b
}
// args clock, carrier, invert,
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream, int ledcontrol) {
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
set_tracing(false);
@ -978,7 +978,7 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream,
uint8_t invert = arg2 & 0xFF;
uint8_t curPhase = 0;
for (i = 0; i < size; i++) {
if (BitStream[i] == curPhase) {
if (bits[i] == curPhase) {
pskSimBit(carrier, &n, clk, &curPhase, false);
} else {
pskSimBit(carrier, &n, clk, &curPhase, true);
@ -997,9 +997,8 @@ void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream,
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
size_t size = 0;
size_t size;
uint32_t hi2 = 0, hi = 0, lo = 0;
int idx = 0;
int dummyIdx = 0;
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
@ -1015,7 +1014,7 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
DoAcquisition_default(-1, true);
// FSK demodulator
size = 50 * 128 * 2; //big enough to catch 2 sequences of largest format
idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
int idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
if (idx < 0) continue;
if (idx > 0 && lo > 0 && (size == 96 || size == 192)) {
@ -1029,7 +1028,7 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
);
} else { //standard HID tags 44/96 bits
uint8_t bitlen = 0;
uint32_t fc = 0;
uint32_t fac = 0;
uint32_t cardnum = 0;
if (((hi >> 5) & 1) == 1) { //if bit 38 is set then < 37 bit format is used
@ -1041,35 +1040,35 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
idx3++;
}
bitlen = idx3 + 19;
fc = 0;
fac = 0;
cardnum = 0;
if (bitlen == 26) {
cardnum = (lo >> 1) & 0xFFFF;
fc = (lo >> 17) & 0xFF;
fac = (lo >> 17) & 0xFF;
}
if (bitlen == 37) {
cardnum = (lo >> 1) & 0x7FFFF;
fc = ((hi & 0xF) << 12) | (lo >> 20);
fac = ((hi & 0xF) << 12) | (lo >> 20);
}
if (bitlen == 34) {
cardnum = (lo >> 1) & 0xFFFF;
fc = ((hi & 1) << 15) | (lo >> 17);
fac = ((hi & 1) << 15) | (lo >> 17);
}
if (bitlen == 35) {
cardnum = (lo >> 1) & 0xFFFFF;
fc = ((hi & 1) << 11) | (lo >> 21);
fac = ((hi & 1) << 11) | (lo >> 21);
}
} else { //if bit 38 is not set then 37 bit format is used
bitlen = 37;
cardnum = (lo >> 1) & 0x7FFFF;
fc = ((hi & 0xF) << 12) | (lo >> 20);
fac = ((hi & 0xF) << 12) | (lo >> 20);
}
Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d",
hi,
lo,
(lo >> 1) & 0xFFFF,
bitlen,
fc,
fac,
cardnum
);
}
@ -1095,7 +1094,7 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
//big enough to catch 2 sequences of largest format
size_t size = 12800; //50 * 128 * 2;
int idx = 0, dummyIdx = 0;
int dummyIdx = 0;
BigBuf_Clear_keep_EM();
@ -1109,7 +1108,7 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
DoAcquisition_default(-1, true);
// FSK demodulator
idx = detectAWID(dest, &size, &dummyIdx);
int idx = detectAWID(dest, &size, &dummyIdx);
if (idx <= 0 || size != 96) continue;
// Index map
@ -1147,16 +1146,16 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
// w = wiegand parity
// (26 bit format shown)
uint32_t fc = 0;
uint32_t fac = 0;
uint32_t cardnum = 0;
uint32_t code1 = 0;
uint32_t code2 = 0;
uint8_t fmtLen = bytebits_to_byte(dest, 8);
if (fmtLen == 26) {
fc = bytebits_to_byte(dest + 9, 8);
fac = bytebits_to_byte(dest + 9, 8);
cardnum = bytebits_to_byte(dest + 17, 16);
code1 = bytebits_to_byte(dest + 8, fmtLen);
Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi2, rawHi, rawLo);
Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo);
} else {
cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16);
if (fmtLen > 32) {
@ -1174,8 +1173,6 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
*low = rawLo;
break;
}
// reset
idx = 0;
WDT_HIT();
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -1186,8 +1183,8 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
size_t size = 0, idx = 0;
int clk = 0, invert = 0, errCnt = 0, maxErr = 20;
size_t size, idx = 0;
int clk = 0, invert = 0, errCnt, maxErr = 20;
uint32_t hi = 0;
uint64_t lo = 0;
@ -1238,7 +1235,7 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
}
WDT_HIT();
hi = lo = size = idx = 0;
clk = invert = errCnt = 0;
clk = invert = 0;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("Stopped");
@ -1249,7 +1246,7 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int dummyIdx = 0, idx = 0;
int dummyIdx = 0;
uint32_t code = 0, code2 = 0;
uint8_t version = 0, facilitycode = 0, crc = 0;
uint16_t number = 0, calccrc = 0;
@ -1269,7 +1266,7 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
//fskdemod and get start index
WDT_HIT();
idx = detectIOProx(dest, &size, &dummyIdx);
int idx = detectIOProx(dest, &size, &dummyIdx);
if (idx < 0) continue;
//valid tag found
@ -1325,8 +1322,6 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
code = code2 = 0;
version = facilitycode = 0;
number = 0;
idx = 0;
WDT_HIT();
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -1481,8 +1476,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
bool PwdMode = arg0 & 0x1;
uint8_t Page = (arg0 & 0x2) >> 1;
bool brute_mem = arg0 & 0x4;
uint32_t i = 0;
uint32_t i;
// regular read mode
bool RegReadMode = (Block == 0xFF);
@ -1771,7 +1765,7 @@ void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5) {
#define EM410X_ID_LENGTH 40
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
int i, id_bit;
int i;
uint64_t id = EM410X_HEADER;
uint64_t rev_id = 0; // reversed ID
int c_parity[4]; // column parity
@ -1790,7 +1784,7 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
}
for (i = 0; i < EM410X_ID_LENGTH; ++i) {
id_bit = rev_id & 1;
int id_bit = rev_id & 1;
if (i % 4 == 0) {
// Don't write row parity bit at start of parsing
@ -1926,7 +1920,6 @@ uint8_t Prepare_Addr(uint8_t addr) {
//====================================================================
uint8_t Prepare_Data(uint16_t data_low, uint16_t data_hi) {
register uint8_t line_parity;
register uint8_t column_parity;
register uint8_t i, j;
register uint16_t data;
@ -1935,7 +1928,7 @@ uint8_t Prepare_Data(uint16_t data_low, uint16_t data_hi) {
column_parity = 0;
for (i = 0; i < 4; i++) {
line_parity = 0;
register uint8_t line_parity = 0;
for (j = 0; j < 8; j++) {
line_parity ^= data;
column_parity ^= (data & 1) << j;

4
armsrc/lfsampling.c
View file

@ -248,9 +248,9 @@ uint32_t ReadLF(bool activeField, bool silent, int sample_size) {
* Initializes the FPGA for reader-mode (field on), and acquires the samples.
* @return number of bits sampled
**/
uint32_t SampleLF(bool printCfg, int sample_size) {
uint32_t SampleLF(bool silent, int sample_size) {
BigBuf_Clear_ext(false);
return ReadLF(true, printCfg, sample_size);
return ReadLF(true, silent, sample_size);
}
/**
* Initializes the FPGA for sniffer-mode (field off), and acquires the samples.

7
armsrc/mifarecmd.c
View file

@ -851,12 +851,13 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
// MIFARE nested authentication.
//
//-----------------------------------------------------------------------------
void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain) {
void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) {
// params
uint8_t blockNo = arg0 & 0xff;
uint8_t keyType = (arg0 >> 8) & 0xff;
uint8_t targetBlockNo = arg1 & 0xff;
uint8_t targetKeyType = (arg1 >> 8) & 0xff;
// calibrate = arg2
uint64_t ui64Key = 0;
ui64Key = bytes_to_num(datain, 6);
@ -888,14 +889,14 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
BigBuf_free();
BigBuf_Clear_ext(false);
if (calibrate) clear_trace();
if (arg2) clear_trace();
set_tracing(true);
// statistics on nonce distance
int16_t isOK = 0;
#define NESTED_MAX_TRIES 12
uint16_t unsuccessfull_tries = 0;
if (calibrate) { // for first call only. Otherwise reuse previous calibration
if (arg2) { // calibrate: for first call only. Otherwise reuse previous calibration
LED_B_ON();
WDT_HIT();

60
armsrc/mifaredesfire.c
View file

@ -167,8 +167,10 @@ void MifareDesfireGetInformation() {
OnSuccess();
}
void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain) {
void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) {
// mode = arg0
// algo = arg1
// keyno = arg2
int len = 0;
//uint8_t PICC_MASTER_KEY8[8] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47};
uint8_t PICC_MASTER_KEY16[16] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f };
@ -195,25 +197,25 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
LED_B_OFF();
LED_C_OFF();
// 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
// 4 olika crypto algo DES, 3DES, 3K3DES, AES
// 3 olika kommunikations sätt, PLAIN,MAC,CRYPTO
// 3 different way to authenticate AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
// 4 different crypto arg1 DES, 3DES, 3K3DES, AES
// 3 different communication modes, PLAIN,MAC,CRYPTO
// des, nyckel 0,
switch (mode) {
// des, key 0,
switch (arg0) {
case 1: {
uint8_t keybytes[16];
uint8_t RndA[8] = {0x00};
uint8_t RndB[8] = {0x00};
if (algo == 2) {
if (arg1 == 2) {
if (datain[1] == 0xff) {
memcpy(keybytes, PICC_MASTER_KEY16, 16);
} else {
memcpy(keybytes, datain + 1, datalen);
}
} else {
if (algo == 1) {
if (arg1 == 1) {
if (datain[1] == 0xff) {
memcpy(keybytes, null_key_data8, 8);
} else {
@ -225,13 +227,13 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
struct desfire_key defaultkey = {0};
desfirekey_t key = &defaultkey;
if (algo == 2)
if (arg1 == 2)
Desfire_3des_key_new_with_version(keybytes, key);
else if (algo == 1)
else if (arg1 == 1)
Desfire_des_key_new(keybytes, key);
cmd[0] = AUTHENTICATE;
cmd[1] = keyno; //keynumber
cmd[1] = arg2; //keynumber
len = DesfireAPDU(cmd, 2, resp);
if (!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
@ -249,9 +251,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
}
memcpy(encRndB, resp + 3, 8);
if (algo == 2)
if (arg1 == 2)
tdes_dec(&decRndB, &encRndB, key->data);
else if (algo == 1)
else if (arg1 == 1)
des_dec(&decRndB, &encRndB, key->data);
memcpy(RndB, decRndB, 8);
@ -262,9 +264,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
memcpy(RndA, decRndA, 8);
uint8_t encRndA[8] = {0x00};
if (algo == 2)
if (arg1 == 2)
tdes_dec(&encRndA, &decRndA, key->data);
else if (algo == 1)
else if (arg1 == 1)
des_dec(&encRndA, &decRndA, key->data);
memcpy(both, encRndA, 8);
@ -274,9 +276,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
}
if (algo == 2)
if (arg1 == 2)
tdes_dec(&encRndB, &decRndB, key->data);
else if (algo == 1)
else if (arg1 == 1)
des_dec(&encRndB, &decRndB, key->data);
memcpy(both + 8, encRndB, 8);
@ -302,9 +304,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
memcpy(encRndA, resp + 3, 8);
if (algo == 2)
if (arg1 == 2)
tdes_dec(&encRndA, &encRndA, key->data);
else if (algo == 1)
else if (arg1 == 1)
des_dec(&encRndA, &encRndA, key->data);
rol(decRndA, 8);
@ -320,9 +322,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
/*
// Current key is a 3DES key, change it to a DES key
if (algo == 2) {
if (arg1 == 2) {
cmd[0] = CHANGE_KEY;
cmd[1] = keyno;
cmd[1] = arg2;
uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
@ -362,9 +364,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
} else {
// Current key is a DES key, change it to a 3DES key
if (algo == 1) {
if (arg1 == 1) {
cmd[0] = CHANGE_KEY;
cmd[1] = keyno;
cmd[1] = arg2;
uint8_t newKey[16] = {0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f};
@ -406,9 +408,9 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
*/
OnSuccess();
if (algo == 2)
if (arg1 == 2)
cmd_send(CMD_ACK, 1, 0, 0, skey->data, 16);
else if (algo == 1)
else if (arg1 == 1)
cmd_send(CMD_ACK, 1, 0, 0, skey->data, 8);
} else {
DbpString("Authentication failed.");
@ -418,7 +420,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
}
break;
case 2:
//SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp);
//SendDesfireCommand(AUTHENTICATE_ISO, &arg2, resp);
break;
case 3: {
@ -495,7 +497,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain
cmd_send(CMD_ACK, 1, len, 0, resp, len);
}
// 3 olika ISO sätt att skicka data till DESFIRE (direkt, inkapslat, inkapslat ISO)
// 3 different ISO ways to send data to a DESFIRE (direct, capsuled, capsuled ISO)
// cmd = cmd bytes to send
// cmd_len = length of cmd
// dataout = pointer to response data array
@ -540,7 +542,7 @@ size_t CreateAPDU(uint8_t *datain, size_t len, uint8_t *dataout) {
uint8_t cmd[cmdlen];
memset(cmd, 0, cmdlen);
cmd[0] = 0x0A; // 0x0A = skicka cid, 0x02 = ingen cid. Särskilda bitar //
cmd[0] = 0x0A; // 0x0A = send cid, 0x02 = no cid.
cmd[0] |= pcb_blocknum; // OR the block number into the PCB
cmd[1] = 0x00; // CID: 0x00 //TODO: allow multiple selected cards

1253
armsrc/mifaresim.c Normal file
View file

File diff suppressed because it is too large Load diff

44
armsrc/mifaresim.h Normal file
View file

@ -0,0 +1,44 @@
//-----------------------------------------------------------------------------
// Merlok - June 2011, 2012
// Gerhard de Koning Gans - May 2008
// Hagen Fritsch - June 2010
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Mifare Classic Card Simulation
//-----------------------------------------------------------------------------
#ifndef __MIFARESIM_H
#define __MIFARESIM_H
#include <stdint.h>
void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain);
#define AC_DATA_READ 0
#define AC_DATA_WRITE 1
#define AC_DATA_INC 2
#define AC_DATA_DEC_TRANS_REST 3
#define AC_KEYA_READ 0
#define AC_KEYA_WRITE 1
#define AC_KEYB_READ 2
#define AC_KEYB_WRITE 3
#define AC_AC_READ 4
#define AC_AC_WRITE 5
#define AUTHKEYA 0
#define AUTHKEYB 1
#define AUTHKEYNONE 0xff
#define TAG_RESPONSE_COUNT 9 // number of precompiled responses
// Prepare ("precompile") the responses of the anticollision phase.
// There will be not enough time to do this at the moment the reader sends its REQA or SELECT
// There are 7 predefined responses with a total of 18 bytes data to transmit.
// Coded responses need one byte per bit to transfer (data, parity, start, stop, correction)
// 18 * 8 data bits, 18 * 1 parity bits, 5 start bits, 5 stop bits, 5 correction bits -> need 177 bytes buffer
#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 512 // number of bytes required for precompiled response
#endif

15
armsrc/mifareutil.c
View file

@ -596,7 +596,7 @@ void emlClearMem(void) {
memset(emCARD, 0, CARD_MEMORY_SIZE);
// fill sectors trailer data
for (uint16_t b = 3; b < 256; ((b < 127) ? (b += 4) : (b += 16)))
for (uint16_t b = 3; b <= MIFARE_4K_MAXBLOCK; ((b <= MIFARE_2K_MAXBLOCK) ? (b += 4) : (b += 16)))
emlSetMem((uint8_t *)trailer, b, 1);
// uid
@ -604,6 +604,19 @@ void emlClearMem(void) {
return;
}
uint8_t SectorTrailer(uint8_t blockNo) {
if (blockNo <= MIFARE_2K_MAXBLOCK) {
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Sector Trailer for block %d : %d", blockNo, (blockNo | 0x03));
return (blockNo | 0x03);
} else {
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Sector Trailer for block %d : %d", blockNo, (blockNo | 0x0f));
return (blockNo | 0x0f);
}
}
bool IsSectorTrailer(uint8_t blockNo) {
return (blockNo == SectorTrailer(blockNo));
}
// Mifare desfire commands
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing) {

33
armsrc/mifareutil.h
View file

@ -21,7 +21,6 @@
#include "iso14443a.h"
#include "crapto1/crapto1.h"
#include "des.h"
#include "random.h" // fast_prand, prand
// mifare authentication
#define CRYPT_NONE 0
@ -33,12 +32,26 @@
#define AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)
#define PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication
// mifare 4bit card answers
#define CARD_ACK 0x0A // 1010 - ACK
#define CARD_NACK_NA 0x04 // 0100 - NACK, not allowed (command not allowed)
#define CARD_NACK_TR 0x05 // 0101 - NACK, transmission error
// reader voltage field detector
#define MF_MINFIELDV 4000
// debug
// 0 - no debug messages 1 - error messages 2 - all messages 4 - extended debug mode
#define MF_DBG_NONE 0
#define MF_DBG_ERROR 1
#define MF_DBG_ALL 2
#define MF_DBG_EXTENDED 4
// Mifare 4k/2k/1k/mini Max Block / Max Sector
#define MIFARE_4K_MAXBLOCK 256
#define MIFARE_2K_MAXBLOCK 128
#define MIFARE_1K_MAXBLOCK 64
#define MIFARE_MINI_MAXBLOCK 20
#define MIFARE_MINI_MAXSECTOR 5
#define MIFARE_1K_MAXSECTOR 16
#define MIFARE_2K_MAXSECTOR 32
#define MIFARE_4K_MAXSECTOR 40
//mifare emulator states
#define MFEMUL_NOFIELD 0
@ -47,7 +60,6 @@
#define MFEMUL_SELECT2 3
#define MFEMUL_SELECT3 4
#define MFEMUL_AUTH1 5
#define MFEMUL_AUTH2 6
#define MFEMUL_WORK 7
#define MFEMUL_WRITEBL2 8
#define MFEMUL_INTREG_INC 9
@ -74,8 +86,8 @@ int mifare_classic_halt_ex(struct Crypto1State *pcs);
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
// Ultralight/NTAG...
int mifare_ul_ev1_auth(uint8_t *key, uint8_t *pack);
int mifare_ultra_auth(uint8_t *key);
int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack);
int mifare_ultra_auth(uint8_t *keybytes);
int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData);
//int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData);
int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData);
@ -88,7 +100,7 @@ int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);
// crypto functions
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len);
void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out);
void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par);
void mf_crypto1_encryptEx(struct Crypto1State *pcs, uint8_t *data_in, uint8_t *keystream, uint8_t *data_out, uint16_t len, uint8_t *par);
@ -98,6 +110,9 @@ uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data);
uint8_t NumBlocksPerSector(uint8_t sectorNo);
uint8_t FirstBlockOfSector(uint8_t sectorNo);
bool IsSectorTrailer(uint8_t blockNo);
uint8_t SectorTrailer(uint8_t blockNo);
// emulator functions
void emlClearMem(void);
void emlSetMem(uint8_t *data, int blockNum, int blocksCount);

4
armsrc/pcf7931.h
View file

@ -8,8 +8,8 @@
#include "string.h"
size_t DemodPCF7931(uint8_t **outBlocks);
bool IsBlock0PCF7931(uint8_t *Block);
bool IsBlock1PCF7931(uint8_t *Block);
bool IsBlock0PCF7931(uint8_t *block);
bool IsBlock1PCF7931(uint8_t *block);
void ReadPCF7931();
void SendCmdPCF7931(uint32_t *tab);
bool AddBytePCF7931(uint8_t byte, uint32_t *tab, int32_t l, int32_t p);

2
armsrc/printf.h
View file

@ -15,7 +15,7 @@
#include <stddef.h>
#include "string.h"
int kvsprintf(const char *format, void *arg, int radix, va_list ap) __attribute__((format(printf, 1, 0)));
int kvsprintf(const char *fmt, void *arg, int radix, va_list ap) __attribute__((format(printf, 1, 0)));
int vsprintf(char *dest, const char *fmt, va_list ap) __attribute__((format(printf, 2, 0)));
int sprintf(char *dest, const char *fmt, ...) __attribute__((format(printf, 2, 3)));

4
armsrc/start.c
View file

@ -48,7 +48,9 @@ static void uncompress_data_section(void) {
data_section.opaque = NULL;
// initialize zlib for inflate
inflateInit2(&data_section, 15);
int res = inflateInit2(&data_section, 15);
if ( res < 0 )
return;
// uncompress data segment to RAM
inflate(&data_section, Z_FINISH);

12
armsrc/ticks.h
View file

@ -37,11 +37,11 @@ void StartCountSspClk();
void ResetSspClk(void);
uint32_t RAMFUNC GetCountSspClk();
extern void StartTicks(void);
extern uint32_t GetTicks(void);
extern void WaitTicks(uint32_t ticks);
extern void WaitUS(uint16_t us);
extern void WaitMS(uint16_t ms);
void StartTicks(void);
uint32_t GetTicks(void);
void WaitTicks(uint32_t ticks);
void WaitUS(uint16_t us);
void WaitMS(uint16_t ms);
extern void StopTicks(void);
void StopTicks(void);
#endif

6
armsrc/util.h
View file

@ -84,9 +84,9 @@
size_t nbytes(size_t nbits);
extern uint32_t reflect(uint32_t v, int b); // used in crc.c ...
extern uint8_t reflect8(uint8_t b); // dedicated 8bit reversal
extern uint16_t reflect16(uint16_t b); // dedicated 16bit reversal
uint32_t reflect(uint32_t v, int b); // used in crc.c ...
uint8_t reflect8(uint8_t b); // dedicated 8bit reversal
uint16_t reflect16(uint16_t b); // dedicated 16bit reversal
void num_to_bytes(uint64_t n, size_t len, uint8_t *dest);
uint64_t bytes_to_num(uint8_t *src, size_t len);

3
bootrom/bootrom.c
View file

@ -311,10 +311,9 @@ void BootROM(void) {
common_area.magic = COMMON_AREA_MAGIC;
common_area.version = 1;
common_area.flags.bootrom_present = 1;
}
common_area.flags.bootrom_present = 1;
if (common_area.command == COMMON_AREA_COMMAND_ENTER_FLASH_MODE) {
common_area.command = COMMON_AREA_COMMAND_NONE;
flash_mode(1);

23
client/cliparser/argtable3.c
View file

@ -2960,10 +2960,19 @@ static int trex_class(TRex *exp) {
while (*exp->_p != ']' && exp->_p != exp->_eol) {
if (*exp->_p == '-' && first != -1) {
int r, t;
if (*exp->_p++ == ']') trex_error(exp, _SC("unfinished range"));
if (*exp->_p++ == ']') {
trex_error(exp, _SC("unfinished range"));
}
r = trex_newnode(exp, OP_RANGE);
if (first > *exp->_p) trex_error(exp, _SC("invalid range"));
if (exp->_nodes[first].type == OP_CCLASS) trex_error(exp, _SC("cannot use character classes in ranges"));
if (first > *exp->_p) {
trex_error(exp, _SC("invalid range"));
}
if (exp->_nodes[first].type == OP_CCLASS) {
trex_error(exp, _SC("cannot use character classes in ranges"));
}
exp->_nodes[r].left = exp->_nodes[first].type;
t = trex_escapechar(exp);
exp->_nodes[r].right = t;
@ -2984,8 +2993,6 @@ static int trex_class(TRex *exp) {
if (first != -1) {
int c = first;
exp->_nodes[chain].next = c;
chain = c;
first = -1;
}
/* hack? */
exp->_nodes[ret].left = exp->_nodes[ret].next;
@ -3263,7 +3270,6 @@ static const TRexChar *trex_matchnode(TRex *exp, TRexNode *node, const TRexChar
return asd;
}
return NULL;
break;
}
case OP_EXPR:
case OP_NOCAPEXPR: {
@ -4542,8 +4548,9 @@ void arg_print_formatted(FILE *fp,
const unsigned colwidth = (rmargin - lmargin) + 1;
/* Someone doesn't like us... */
if (line_end < line_start)
{ fprintf(fp, "%s\n", text); }
if (line_end == line_start) {
fprintf(fp, "%s\n", text);
}
while (line_end - 1 > line_start) {
/* Eat leading whitespaces. This is essential because while

2
client/cliparser/argtable3.h
View file

@ -271,7 +271,7 @@ struct arg_date *arg_daten(const char *shortopts,
int maxcount,
const char *glossary);
struct arg_end *arg_end(int maxerrors);
struct arg_end *arg_end(int maxcount);
/**** other functions *******************************************/

15
client/cliparser/cliparser.c
View file

@ -26,7 +26,6 @@ int CLIParserInit(char *vprogramName, char *vprogramHint, char *vprogramHelp) {
programHint = vprogramHint;
programHelp = vprogramHelp;
memset(buf, 0x00, 500);
return 0;
}
@ -155,12 +154,12 @@ int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int
*datalen = 0;
int ibuf = 0;
uint8_t buf[256] = {0};
int res = CLIParamStrToBuf(argstr, buf, maxdatalen * 2, &ibuf); // *2 because here HEX
uint8_t tmp_buf[256] = {0};
int res = CLIParamStrToBuf(argstr, tmp_buf, maxdatalen * 2, &ibuf); // *2 because here HEX
if (res || !ibuf)
return res;
switch (param_gethex_to_eol((char *)buf, 0, data, maxdatalen, datalen)) {
switch (param_gethex_to_eol((char *)tmp_buf, 0, data, maxdatalen, datalen)) {
case 1:
printf("Parameter error: Invalid HEX value.\n");
return 1;
@ -180,15 +179,15 @@ int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int
if (!argstr->count)
return 0;
uint8_t buf[256] = {0};
uint8_t tmp_buf[256] = {0};
int ibuf = 0;
for (int i = 0; i < argstr->count; i++) {
int len = strlen(argstr->sval[i]);
memcpy(&buf[ibuf], argstr->sval[i], len);
memcpy(&tmp_buf[ibuf], argstr->sval[i], len);
ibuf += len;
}
buf[ibuf] = 0;
tmp_buf[ibuf] = 0;
if (!ibuf)
return 0;
@ -196,7 +195,7 @@ int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int
if (ibuf > maxdatalen)
return 2;
memcpy(data, buf, ibuf);
memcpy(data, tmp_buf, ibuf);
*datalen = ibuf;
return 0;

14
client/cliparser/cliparser.h
View file

@ -31,11 +31,11 @@
#define CLIGetHexWithReturn(paramnum, data, datalen) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;}
#define CLIGetStrWithReturn(paramnum, data, datalen) if (CLIParamStrToBuf(arg_get_str(paramnum), data, sizeof(data), datalen)) {CLIParserFree();return 1;}
extern int CLIParserInit(char *vprogramName, char *vprogramHint, char *vprogramHelp);
extern int CLIParserParseString(const char *str, void *argtable[], size_t vargtableLen, bool allowEmptyExec);
extern int CLIParserParseStringEx(const char *str, void *vargtable[], size_t vargtableLen, bool allowEmptyExec, bool clueData);
extern int CLIParserParseArg(int argc, char **argv, void *argtable[], size_t vargtableLen, bool allowEmptyExec);
extern void CLIParserFree();
int CLIParserInit(char *vprogramName, char *vprogramHint, char *vprogramHelp);
int CLIParserParseString(const char *str, void *vargtable[], size_t vargtableLen, bool allowEmptyExec);
int CLIParserParseStringEx(const char *str, void *vargtable[], size_t vargtableLen, bool allowEmptyExec, bool clueData);
int CLIParserParseArg(int argc, char **argv, void *vargtable[], size_t vargtableLen, bool allowEmptyExec);
void CLIParserFree();
extern int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen);
extern int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen);
int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen);
int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen);

22
client/cmdanalyse.c
View file

@ -300,7 +300,7 @@ int CmdAnalyseCRC(const char *Cmd) {
// ISO14443 crc B
compute_crc(CRC_14443_B, data, len, &b1, &b2);
uint16_t crcBB_1 = b1 << 8 | b2;
uint16_t bbb = crc(CRC_14443_B, data, len);
uint16_t bbb = Crc(CRC_14443_B, data, len);
PrintAndLogEx(NORMAL, "ISO14443 crc B | %04x == %04x \n", crcBB_1, bbb);
@ -321,40 +321,40 @@ int CmdAnalyseCRC(const char *Cmd) {
PrintAndLogEx(NORMAL, "CRC16 based\n\n");
// input from commandline
PrintAndLogEx(NORMAL, "CCITT | %X (29B1 expected)", crc(CRC_CCITT, dataStr, sizeof(dataStr)));
PrintAndLogEx(NORMAL, "CCITT | %X (29B1 expected)", Crc(CRC_CCITT, dataStr, sizeof(dataStr)));
uint8_t poll[] = {0xb2, 0x4d, 0x12, 0x01, 0x01, 0x2e, 0x3d, 0x17, 0x26, 0x47, 0x80, 0x95, 0x00, 0xf1, 0x00, 0x00, 0x00, 0x01, 0x43, 0x00, 0xb3, 0x7f};
PrintAndLogEx(NORMAL, "FeliCa | %04X (B37F expected)", crc(CRC_FELICA, poll + 2, sizeof(poll) - 4));
PrintAndLogEx(NORMAL, "FeliCa | %04X (0000 expected)", crc(CRC_FELICA, poll + 2, sizeof(poll) - 2));
PrintAndLogEx(NORMAL, "FeliCa | %04X (B37F expected)", Crc(CRC_FELICA, poll + 2, sizeof(poll) - 4));
PrintAndLogEx(NORMAL, "FeliCa | %04X (0000 expected)", Crc(CRC_FELICA, poll + 2, sizeof(poll) - 2));
uint8_t sel_corr[] = { 0x40, 0xe1, 0xe1, 0xff, 0xfe, 0x5f, 0x02, 0x3c, 0x43, 0x01};
PrintAndLogEx(NORMAL, "iCLASS | %04x (0143 expected)", crc(CRC_ICLASS, sel_corr, sizeof(sel_corr) - 2));
PrintAndLogEx(NORMAL, "iCLASS | %04x (0143 expected)", Crc(CRC_ICLASS, sel_corr, sizeof(sel_corr) - 2));
PrintAndLogEx(NORMAL, "---------------------------------------------------------------\n\n\n");
// ISO14443 crc A
compute_crc(CRC_14443_A, dataStr, sizeof(dataStr), &b1, &b2);
uint16_t crcAA = b1 << 8 | b2;
PrintAndLogEx(NORMAL, "ISO14443 crc A | %04x or %04x (BF05 expected)\n", crcAA, crc(CRC_14443_A, dataStr, sizeof(dataStr)));
PrintAndLogEx(NORMAL, "ISO14443 crc A | %04x or %04x (BF05 expected)\n", crcAA, Crc(CRC_14443_A, dataStr, sizeof(dataStr)));
// ISO14443 crc B
compute_crc(CRC_14443_B, dataStr, sizeof(dataStr), &b1, &b2);
uint16_t crcBB = b1 << 8 | b2;
PrintAndLogEx(NORMAL, "ISO14443 crc B | %04x or %04x (906E expected)\n", crcBB, crc(CRC_14443_B, dataStr, sizeof(dataStr)));
PrintAndLogEx(NORMAL, "ISO14443 crc B | %04x or %04x (906E expected)\n", crcBB, Crc(CRC_14443_B, dataStr, sizeof(dataStr)));
// ISO15693 crc (x.25)
compute_crc(CRC_15693, dataStr, sizeof(dataStr), &b1, &b2);
uint16_t crcCC = b1 << 8 | b2;
PrintAndLogEx(NORMAL, "ISO15693 crc X25| %04x or %04x (906E expected)\n", crcCC, crc(CRC_15693, dataStr, sizeof(dataStr)));
PrintAndLogEx(NORMAL, "ISO15693 crc X25| %04x or %04x (906E expected)\n", crcCC, Crc(CRC_15693, dataStr, sizeof(dataStr)));
// ICLASS
compute_crc(CRC_ICLASS, dataStr, sizeof(dataStr), &b1, &b2);
uint16_t crcDD = b1 << 8 | b2;
PrintAndLogEx(NORMAL, "ICLASS crc | %04x or %04x\n", crcDD, crc(CRC_ICLASS, dataStr, sizeof(dataStr)));
PrintAndLogEx(NORMAL, "ICLASS crc | %04x or %04x\n", crcDD, Crc(CRC_ICLASS, dataStr, sizeof(dataStr)));
// FeliCa
compute_crc(CRC_FELICA, dataStr, sizeof(dataStr), &b1, &b2);
uint16_t crcEE = b1 << 8 | b2;
PrintAndLogEx(NORMAL, "FeliCa | %04x or %04x (31C3 expected)\n", crcEE, crc(CRC_FELICA, dataStr, sizeof(dataStr)));
PrintAndLogEx(NORMAL, "FeliCa | %04x or %04x (31C3 expected)\n", crcEE, Crc(CRC_FELICA, dataStr, sizeof(dataStr)));
free(data);
return 0;
@ -615,7 +615,7 @@ int CmdAnalyseA(const char *Cmd) {
}
*/
return 0;
// return 0;
// 14443-A
uint8_t u14_c[] = {0x09, 0x78, 0x00, 0x92, 0x02, 0x54, 0x13, 0x02, 0x04, 0x2d, 0xe8 }; // atqs w crc

8
client/cmdcrc.h
View file

@ -28,9 +28,9 @@
#include "ui.h"
#include "util.h"
extern int CmdCrc(const char *Cmd);
int CmdCrc(const char *Cmd);
extern int CmdrevengSearch(const char *Cmd);
extern int GetModels(char *Models[], int *count, uint8_t *width);
extern int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result);
int CmdrevengSearch(const char *Cmd);
int GetModels(char *Models[], int *count, uint8_t *width);
int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result);
#endif

34
client/cmddata.c
View file

@ -237,26 +237,26 @@ int usage_data_fsktonrz() {
//set the demod buffer with given array of binary (one bit per byte)
//by marshmellow
void setDemodBuf(uint8_t *buf, size_t size, size_t start_idx) {
if (buf == NULL) return;
void setDemodBuff(uint8_t *buff, size_t size, size_t start_idx) {
if (buff == NULL) return;
if (size > MAX_DEMOD_BUF_LEN - start_idx)
size = MAX_DEMOD_BUF_LEN - start_idx;
for (size_t i = 0; i < size; i++)
DemodBuffer[i] = buf[start_idx++];
DemodBuffer[i] = buff[start_idx++];
DemodBufferLen = size;
}
bool getDemodBuf(uint8_t *buf, size_t *size) {
if (buf == NULL) return false;
bool getDemodBuff(uint8_t *buff, size_t *size) {
if (buff == NULL) return false;
if (size == NULL) return false;
if (*size == 0) return false;
*size = (*size > DemodBufferLen) ? DemodBufferLen : *size;
memcpy(buf, DemodBuffer, *size);
memcpy(buff, DemodBuffer, *size);
return true;
}
@ -521,7 +521,7 @@ int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType,
if (verbose) PrintAndLogEx(DEBUG, "DEBUG: (ASKDemod_ext) Using clock:%d, invert:%d, bits found:%d", clk, invert, BitLen);
//output
setDemodBuf(bits, BitLen, 0);
setDemodBuff(bits, BitLen, 0);
setClockGrid(clk, startIdx);
if (verbose) {
@ -608,7 +608,7 @@ int Cmdmandecoderaw(const char *Cmd) {
size_t idx = 0;
if (Em410xDecode(bits, &size, &idx, &hi, &id) == 1) {
//need to adjust to set bitstream back to manchester encoded data
//setDemodBuf(bits, size, idx);
//setDemodBuff(bits, size, idx);
printEM410x(hi, id);
}
}
@ -638,7 +638,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd) {
uint8_t bits[MAX_DEMOD_BUF_LEN] = {0};
size = sizeof(bits);
if (!getDemodBuf(bits, &size)) return 0;
if (!getDemodBuff(bits, &size)) return 0;
errCnt = BiphaseRawDecode(bits, &size, &offset, invert);
if (errCnt < 0) {
@ -658,7 +658,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd) {
//remove first bit from raw demod
if (offset)
setDemodBuf(DemodBuffer, DemodBufferLen - offset, offset);
setDemodBuff(DemodBuffer, DemodBufferLen - offset, offset);
setClockGrid(g_DemodClock, g_DemodStartIdx + g_DemodClock * offset / 2);
return 1;
@ -696,7 +696,7 @@ int ASKbiphaseDemod(const char *Cmd, bool verbose) {
return 0;
}
//success set DemodBuffer and return
setDemodBuf(BitStream, size, 0);
setDemodBuff(BitStream, size, 0);
setClockGrid(clk, startIdx + clk * offset / 2);
if (g_debugMode || verbose) {
PrintAndLogEx(NORMAL, "Biphase Decoded using offset: %d - clock: %d - # errors:%d - data:", offset, clk, errCnt);
@ -1067,7 +1067,7 @@ int FSKrawDemod(const char *Cmd, bool verbose) {
int startIdx = 0;
int size = fskdemod(bits, BitLen, rfLen, invert, fchigh, fclow, &startIdx);
if (size > 0) {
setDemodBuf(bits, size, 0);
setDemodBuff(bits, size, 0);
setClockGrid(rfLen, startIdx);
// Now output the bitstream to the scrollback by line of 16 bits
@ -1135,7 +1135,7 @@ int PSKDemod(const char *Cmd, bool verbose) {
}
}
//prime demod buffer for output
setDemodBuf(bits, bitlen, 0);
setDemodBuff(bits, bitlen, 0);
setClockGrid(clk, startIdx);
return 1;
}
@ -1185,7 +1185,7 @@ int CmdIdteckDemod(const char *Cmd) {
return 0;
}
}
setDemodBuf(DemodBuffer, 64, idx);
setDemodBuff(DemodBuffer, 64, idx);
//got a good demod
uint32_t id = 0;
@ -1238,7 +1238,7 @@ int NRZrawDemod(const char *Cmd, bool verbose) {
}
if (verbose || g_debugMode) PrintAndLogEx(DEBUG, "DEBUG: (NRZrawDemod) Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d", clk, invert, BitLen);
//prime demod buffer for output
setDemodBuf(bits, BitLen, 0);
setDemodBuff(bits, BitLen, 0);
setClockGrid(clk, clkStartIdx);
@ -1973,13 +1973,13 @@ int FSKToNRZ(int *data, int *dataLen, int clk, int LowToneFC, int HighToneFC) {
int firstClockEdge = 0;
ans = fskClocks((uint8_t *) &LowToneFC, (uint8_t *) &HighToneFC, (uint8_t *) &clk, &firstClockEdge);
if (g_debugMode > 1) {
PrintAndLog("DEBUG FSKtoNRZ: detected clocks: fc_low %i, fc_high %i, clk %i, firstClockEdge %i, ans %u", LowToneFC, HighToneFC, clk, firstClockEdge, ans);
PrintAndLogEx(NORMAL, "DEBUG FSKtoNRZ: detected clocks: fc_low %i, fc_high %i, clk %i, firstClockEdge %i, ans %u", LowToneFC, HighToneFC, clk, firstClockEdge, ans);
}
}
// currently only know fsk modulations with field clocks < 10 samples and > 4 samples. filter out to remove false positives (and possibly destroying ask/psk modulated waves...)
if (ans == 0 || clk == 0 || LowToneFC == 0 || HighToneFC == 0 || LowToneFC > 10 || HighToneFC < 4) {
if (g_debugMode > 1) {
PrintAndLog("DEBUG FSKtoNRZ: no fsk clocks found");
PrintAndLogEx(NORMAL,"DEBUG FSKtoNRZ: no fsk clocks found");
}
return 0;
}

6
client/cmddata.h
View file

@ -36,8 +36,8 @@ command_t *CmdDataCommands();
int CmdData(const char *Cmd);
void printDemodBuff(void);
void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx);
bool getDemodBuf(uint8_t *buff, size_t *size);
void setDemodBuff(uint8_t *buff, size_t size, size_t start_idx);
bool getDemodBuff(uint8_t *buff, size_t *size);
void save_restoreDB(uint8_t saveOpt);// option '1' to save DemodBuffer any other to restore
int CmdPrintDemodBuff(const char *Cmd);
@ -84,7 +84,7 @@ int NRZrawDemod(const char *Cmd, bool verbose);
int getSamples(int n, bool silent);
void setClockGrid(int clk, int offset);
int directionalThreshold(const int *in, int *out, size_t len, int8_t up, int8_t down);
extern int AskEdgeDetect(const int *in, int *out, int len, int threshold);
int AskEdgeDetect(const int *in, int *out, int len, int threshold);
int CmdDataIIR(const char *Cmd);

12
client/cmdflashmem.h
View file

@ -33,13 +33,13 @@ typedef enum {
DICTIONARY_ICLASS
} Dictionary_t;
extern int CmdFlashMem(const char *Cmd);
int CmdFlashMem(const char *Cmd);
extern int CmdFlashMemRead(const char *Cmd);
extern int CmdFlashMemLoad(const char *Cmd);
extern int CmdFlashMemSave(const char *Cmd);
extern int CmdFlashMemWipe(const char *Cmd);
extern int CmdFlashMemInfo(const char *Cmd);
int CmdFlashMemRead(const char *Cmd);
int CmdFlashMemLoad(const char *Cmd);
int CmdFlashMemSave(const char *Cmd);
int CmdFlashMemWipe(const char *Cmd);
int CmdFlashMemInfo(const char *Cmd);
#endif
#endif

12
client/cmdhf.h
View file

@ -33,11 +33,11 @@
#include "cmdhffido.h" // FIDO authenticators
#include "cmdtrace.h" // trace list
extern int CmdHF(const char *Cmd);
extern int CmdHFTune(const char *Cmd);
extern int CmdHFSearch(const char *Cmd);
extern int CmdHFSniff(const char *Cmd);
int CmdHF(const char *Cmd);
int CmdHFTune(const char *Cmd);
int CmdHFSearch(const char *Cmd);
int CmdHFSniff(const char *Cmd);
extern int usage_hf_search();
extern int usage_hf_sniff();
int usage_hf_search();
int usage_hf_sniff();
#endif

25
client/cmdhf14a.c
View file

@ -15,7 +15,7 @@
bool APDUInFramingEnable = true;
static int CmdHelp(const char *Cmd);
static int waitCmd(uint8_t iLen);
static int waitCmd(uint8_t iSelect);
static const manufactureName manufactureMapping[] = {
// ID, "Vendor Country"
@ -238,30 +238,30 @@ int Hf14443_4aGetCardData(iso14a_card_select_t *card) {
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
if (select_status == 0) {
PrintAndLog("E->iso14443a card select failed");
PrintAndLogEx(ERR, "E->iso14443a card select failed");
return 1;
}
if (select_status == 2) {
PrintAndLog("E->Card doesn't support iso14443-4 mode");
PrintAndLogEx(ERR, "E->Card doesn't support iso14443-4 mode");
return 1;
}
if (select_status == 3) {
PrintAndLog("E->Card doesn't support standard iso14443-3 anticollision");
PrintAndLog("\tATQA : %02x %02x", card->atqa[1], card->atqa[0]);
PrintAndLogEx(NORMAL, "E->Card doesn't support standard iso14443-3 anticollision");
PrintAndLogEx(NORMAL, "\tATQA : %02x %02x", card->atqa[1], card->atqa[0]);
return 1;
}
PrintAndLog(" UID: %s", sprint_hex(card->uid, card->uidlen));
PrintAndLog("ATQA: %02x %02x", card->atqa[1], card->atqa[0]);
PrintAndLog(" SAK: %02x [%" PRIu64 "]", card->sak, resp.arg[0]);
PrintAndLogEx(NORMAL, " UID: %s", sprint_hex(card->uid, card->uidlen));
PrintAndLogEx(NORMAL, "ATQA: %02x %02x", card->atqa[1], card->atqa[0]);
PrintAndLogEx(NORMAL, " SAK: %02x [%" PRIu64 "]", card->sak, resp.arg[0]);
if (card->ats_len < 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
PrintAndLog("E-> Error ATS length(%d) : %s", card->ats_len, sprint_hex(card->ats, card->ats_len));
PrintAndLogEx(NORMAL, "E-> Error ATS length(%d) : %s", card->ats_len, sprint_hex(card->ats, card->ats_len));
return 1;
}
PrintAndLog(" ATS: %s", sprint_hex(card->ats, card->ats_len));
PrintAndLogEx(NORMAL, " ATS: %s", sprint_hex(card->ats, card->ats_len));
return 0;
}
@ -418,7 +418,6 @@ int CmdHF14AInfo(const char *Cmd) {
c.arg[2] = 0;
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK, &resp);
memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
@ -692,8 +691,8 @@ int CmdHF14ACUIDs(const char *Cmd) {
PrintAndLogEx(WARNING, "card select failed.");
} else {
char uid_string[20];
for (uint16_t i = 0; i < card->uidlen; i++) {
sprintf(&uid_string[2 * i], "%02X", card->uid[i]);
for (uint16_t m = 0; m < card->uidlen; m++) {
sprintf(&uid_string[2 * m], "%02X", card->uid[m]);
}
PrintAndLogEx(NORMAL, "%s", uid_string);
}

34
client/cmdhf14a.h
View file

@ -39,23 +39,23 @@ typedef struct {
char *desc;
} manufactureName;
extern int CmdHF14A(const char *Cmd);
extern int CmdHF14AList(const char *Cmd);
extern int CmdHF14AReader(const char *Cmd);
extern int CmdHF14AInfo(const char *Cmd);
extern int CmdHF14ASim(const char *Cmd);
extern int CmdHF14ASniff(const char *Cmd);
extern int CmdHF14ACmdRaw(const char *Cmd);
extern int CmdHF14ACUIDs(const char *Cmd);
extern int CmdHF14AAntiFuzz(const char *Cmd);
int CmdHF14A(const char *Cmd);
int CmdHF14AList(const char *Cmd);
int CmdHF14AReader(const char *Cmd);
int CmdHF14AInfo(const char *Cmd);
int CmdHF14ASim(const char *Cmd);
int CmdHF14ASniff(const char *Cmd);
int CmdHF14ACmdRaw(const char *Cmd);
int CmdHF14ACUIDs(const char *Cmd);
int CmdHF14AAntiFuzz(const char *Cmd);
extern char *getTagInfo(uint8_t uid);
extern int Hf14443_4aGetCardData(iso14a_card_select_t *card);
extern int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
extern int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
char *getTagInfo(uint8_t uid);
int Hf14443_4aGetCardData(iso14a_card_select_t *card);
int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
extern int usage_hf_14a_sim(void);
extern int usage_hf_14a_sniff(void);
extern int usage_hf_14a_raw(void);
extern int usage_hf_14a_antifuzz(void);
int usage_hf_14a_sim(void);
int usage_hf_14a_sniff(void);
int usage_hf_14a_raw(void);
int usage_hf_14a_antifuzz(void);
#endif

26
client/cmdhf14b.h
View file

@ -37,23 +37,23 @@ int usage_hf_14b_sim(void);
int usage_hf_14b_read_srx(void);
int usage_hf_14b_write_srx(void);
extern int CmdHF14B(const char *Cmd);
extern int CmdHF14BList(const char *Cmd);
extern int CmdHF14BInfo(const char *Cmd);
extern int CmdHF14BSim(const char *Cmd);
extern int CmdHF14BSniff(const char *Cmd);
extern int CmdHF14BWrite(const char *cmd);
extern int CmdHF14BReader(const char *Cmd);
int CmdHF14B(const char *Cmd);
int CmdHF14BList(const char *Cmd);
int CmdHF14BInfo(const char *Cmd);
int CmdHF14BSim(const char *Cmd);
int CmdHF14BSniff(const char *Cmd);
int CmdHF14BWrite(const char *cmd);
int CmdHF14BReader(const char *Cmd);
extern int CmdHF14BDump(const char *Cmd);
int CmdHF14BDump(const char *Cmd);
extern bool HF14BInfo(bool verbose);
extern bool HF14BReader(bool verbose);
extern int CmdHF14BCmdRaw(const char *Cmd);
bool HF14BInfo(bool verbose);
bool HF14BReader(bool verbose);
int CmdHF14BCmdRaw(const char *Cmd);
// SRi ST Microelectronics read/write
extern int CmdHF14BReadSri(const char *Cmd);
extern int CmdHF14BWriteSri(const char *Cmd);
int CmdHF14BReadSri(const char *Cmd);
int CmdHF14BWriteSri(const char *Cmd);
bool waitCmd14b(bool verbose);
#endif

32
client/cmdhf15.c
View file

@ -29,9 +29,9 @@
#define Logic1 Iso15693Logic1
#define FrameEOF Iso15693FrameEOF
#define Crc(data, len) crc(CRC_15693, (data), (len))
#define CheckCrc(data, len) check_crc(CRC_15693, (data), (len))
#define AddCrc(data, len) compute_crc(CRC_15693, (data), (len), (data)+(len), (data)+(len)+1)
#define Crc15(data, len) Crc(CRC_15693, (data), (len))
#define CheckCrc15(data, len) check_crc(CRC_15693, (data), (len))
#define AddCrc15(data, len) compute_crc(CRC_15693, (data), (len), (data)+(len), (data)+(len)+1)
#define sprintUID(target, uid) Iso15693sprintUID((target), (uid))
@ -198,7 +198,7 @@ int getUID(uint8_t *buf) {
c.d.asBytes[1] = ISO15_CMD_INVENTORY;
c.d.asBytes[2] = 0; // mask length
AddCrc(c.d.asBytes, 3);
AddCrc15(c.d.asBytes, 3);
c.arg[0] = 5; // len
uint8_t retry;
@ -212,7 +212,7 @@ int getUID(uint8_t *buf) {
if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
uint8_t resplen = resp.arg[0];
if (resplen >= 12 && CheckCrc(resp.d.asBytes, 12)) {
if (resplen >= 12 && CheckCrc15(resp.d.asBytes, 12)) {
memcpy(buf, resp.d.asBytes + 2, 8);
return 1;
}
@ -479,7 +479,7 @@ int CmdHF15Demod(const char *Cmd) {
for (i = 0; i < k; i++)
PrintAndLogEx(NORMAL, "# %2d: %02x ", i, outBuf[i]);
PrintAndLogEx(NORMAL, "CRC %04x", Crc(outBuf, k - 2));
PrintAndLogEx(NORMAL, "CRC %04x", Crc15(outBuf, k - 2));
return 0;
}
@ -519,7 +519,7 @@ int CmdHF15Info(const char *Cmd) {
if (!prepareHF15Cmd(&cmd, &c, ISO15_CMD_SYSINFO))
return 0;
AddCrc(req, c.arg[0]);
AddCrc15(req, c.arg[0]);
c.arg[0] += 2;
//PrintAndLogEx(NORMAL, "cmd %s", sprint_hex(c.d.asBytes, reqlen) );
@ -721,7 +721,7 @@ int CmdHF15Dump(const char *Cmd) {
for (int retry = 0; retry < 5; retry++) {
req[10] = blocknum;
AddCrc(req, 11);
AddCrc15(req, 11);
c.arg[0] = 13;
clearCommandBuffer();
@ -737,7 +737,7 @@ int CmdHF15Dump(const char *Cmd) {
recv = resp.d.asBytes;
if (!CheckCrc(recv, len)) {
if (!CheckCrc15(recv, len)) {
PrintAndLogEx(FAILED, "crc fail");
continue;
}
@ -958,7 +958,7 @@ int CmdHF15Raw(const char *Cmd) {
}
if (crc) {
AddCrc(data, datalen);
AddCrc15(data, datalen);
datalen += 2;
}
@ -1099,7 +1099,7 @@ int CmdHF15Readmulti(const char *Cmd) {
req[reqlen++] = pagenum;
req[reqlen++] = pagecount;
AddCrc(req, reqlen);
AddCrc15(req, reqlen);
c.arg[0] = reqlen + 2;
clearCommandBuffer();
@ -1118,7 +1118,7 @@ int CmdHF15Readmulti(const char *Cmd) {
recv = resp.d.asBytes;
if (!CheckCrc(recv, status)) {
if (!CheckCrc15(recv, status)) {
PrintAndLogEx(FAILED, "CRC failed");
return 2;
}
@ -1178,7 +1178,7 @@ int CmdHF15Read(const char *Cmd) {
req[reqlen++] = (uint8_t)blocknum;
AddCrc(req, reqlen);
AddCrc15(req, reqlen);
c.arg[0] = reqlen + 2;
@ -1198,7 +1198,7 @@ int CmdHF15Read(const char *Cmd) {
recv = resp.d.asBytes;
if (!CheckCrc(recv, status)) {
if (!CheckCrc15(recv, status)) {
PrintAndLogEx(NORMAL, "CRC failed");
return 2;
}
@ -1261,7 +1261,7 @@ int CmdHF15Write(const char *Cmd) {
req[reqlen++] = temp & 0xff;
cmd2 += 2;
}
AddCrc(req, reqlen);
AddCrc15(req, reqlen);
c.arg[0] = reqlen + 2;
PrintAndLogEx(NORMAL, "iso15693 writing to page %02d (0x%02X) | data ", pagenum, pagenum);
@ -1282,7 +1282,7 @@ int CmdHF15Write(const char *Cmd) {
recv = resp.d.asBytes;
if (!CheckCrc(recv, status)) {
if (!CheckCrc15(recv, status)) {
PrintAndLogEx(FAILED, "CRC failed");
return 2;
}

56
client/cmdhf15.h
View file

@ -28,38 +28,38 @@
int CmdHF15(const char *Cmd);
extern int HF15Reader(const char *Cmd, bool verbose);
int HF15Reader(const char *Cmd, bool verbose);
extern int CmdHF15Demod(const char *Cmd);
extern int CmdHF15Samples(const char *Cmd);
extern int CmdHF15Info(const char *Cmd);
extern int CmdHF15Record(const char *Cmd);
extern int CmdHF15Reader(const char *Cmd);
extern int CmdHF15Sim(const char *Cmd);
extern int CmdHF15Afi(const char *Cmd);
extern int CmdHF15Dump(const char *Cmd);
extern int CmdHF15Raw(const char *cmd);
extern int CmdHF15Readmulti(const char *Cmd);
extern int CmdHF15Read(const char *Cmd);
extern int CmdHF15Write(const char *Cmd);
int CmdHF15Demod(const char *Cmd);
int CmdHF15Samples(const char *Cmd);
int CmdHF15Info(const char *Cmd);
int CmdHF15Record(const char *Cmd);
int CmdHF15Reader(const char *Cmd);
int CmdHF15Sim(const char *Cmd);
int CmdHF15Afi(const char *Cmd);
int CmdHF15Dump(const char *Cmd);
int CmdHF15Raw(const char *Cmd);
int CmdHF15Readmulti(const char *Cmd);
int CmdHF15Read(const char *Cmd);
int CmdHF15Write(const char *Cmd);
extern int CmdHF15Help(const char *Cmd);
int CmdHF15Help(const char *Cmd);
// usages
extern int usage_15_demod(void);
extern int usage_15_samples(void);
extern int usage_15_info(void);
extern int usage_15_record(void);
extern int usage_15_reader(void);
extern int usage_15_sim(void);
extern int usage_15_findafi(void);
extern int usage_15_dump(void);
extern int usage_15_restore(void);
extern int usage_15_raw(void);
int usage_15_demod(void);
int usage_15_samples(void);
int usage_15_info(void);
int usage_15_record(void);
int usage_15_reader(void);
int usage_15_sim(void);
int usage_15_findafi(void);
int usage_15_dump(void);
int usage_15_restore(void);
int usage_15_raw(void);
extern int usage_15_read(void);
extern int usage_15_write(void);
extern int usage_15_readmulti(void);
int usage_15_read(void);
int usage_15_write(void);
int usage_15_readmulti(void);
extern int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd);
int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd);
#endif

13
client/cmdhfepa.c
View file

@ -61,8 +61,8 @@ int CmdHFEPACollectPACENonces(const char *Cmd) {
// perform the PACE protocol by replaying APDUs
int CmdHFEPAPACEReplay(const char *Cmd) {
// the 4 APDUs which are replayed + their lengths
uint8_t msesa_apdu[41], gn_apdu[8], map_apdu[75];
uint8_t pka_apdu[75], ma_apdu[18], apdu_lengths[5] = {0};
uint8_t msesa_apdu[41] = {0}, gn_apdu[8] = {0}, map_apdu[75] = {0};
uint8_t pka_apdu[75] = {0}, ma_apdu[18] = {0}, apdu_lengths[5] = {0};
// pointers to the arrays to be able to iterate
uint8_t *apdus[] = {msesa_apdu, gn_apdu, map_apdu, pka_apdu, ma_apdu};
@ -74,15 +74,18 @@ int CmdHFEPAPACEReplay(const char *Cmd) {
// Proxmark response
UsbCommand resp;
int skip = 0, skip_add = 0, scan_return = 0;
int skip = 0, skip_add = 0, scan_return;
// for each APDU
for (int i = 0; i < sizeof(apdu_lengths); i++) {
// scan to next space or end of string
while (Cmd[skip] != ' ' && Cmd[skip] != '\0') {
// convert
scan_return = sscanf(Cmd + skip, "%2X%n",
scan_return = sscanf(Cmd + skip,
"%2X%n",
(unsigned int *)(apdus[i] + apdu_lengths[i]),
&skip_add);
&skip_add
);
if (scan_return < 1) {
PrintAndLogEx(NORMAL, (char *)usage_msg);
PrintAndLogEx(WARNING, "Not enough APDUs! Try again!");

6
client/cmdhfepa.h
View file

@ -25,8 +25,8 @@
#include "util_posix.h"
extern int CmdHFEPA(const char *Cmd);
extern int CmdHFEPACollectPACENonces(const char *Cmd);
extern int CmdHFEPAPACEReplay(const char *Cmd);
int CmdHFEPA(const char *Cmd);
int CmdHFEPACollectPACENonces(const char *Cmd);
int CmdHFEPAPACEReplay(const char *Cmd);
#endif // CMDHFEPA_H__

22
client/cmdhffelica.h
View file

@ -26,21 +26,21 @@
#include "cmdhf.h" // list cmd
#include "mifare.h" // felica_card_select_t struct
extern int CmdHFFelica(const char *Cmd);
extern int CmdHFFelicaList(const char *Cmd);
extern int CmdHFFelicaReader(const char *Cmd);
extern int CmdHFFelicaSim(const char *Cmd);
extern int CmdHFFelicaSniff(const char *Cmd);
extern int CmdHFFelicaCmdRaw(const char *Cmd);
int CmdHFFelica(const char *Cmd);
int CmdHFFelicaList(const char *Cmd);
int CmdHFFelicaReader(const char *Cmd);
int CmdHFFelicaSim(const char *Cmd);
int CmdHFFelicaSniff(const char *Cmd);
int CmdHFFelicaCmdRaw(const char *Cmd);
extern int usage_hf_felica_sim(void);
extern int usage_hf_felica_sniff(void);
extern int usage_hf_fFelica_raw(void);
int usage_hf_felica_sim(void);
int usage_hf_felica_sniff(void);
int usage_hf_fFelica_raw(void);
void waitCmdFelica(uint8_t iSelect);
//temp
extern int CmdHFFelicaSimLite(const char *Cmd);
extern int CmdHFFelicaDumpLite(const char *Cmd);
int CmdHFFelicaSimLite(const char *Cmd);
int CmdHFFelicaDumpLite(const char *Cmd);
#endif

2
client/cmdhffido.h
View file

@ -21,7 +21,7 @@
#ifndef CMDHFFIDO_H__
#define CMDHFFIDO_H__
extern int CmdHFFido(const char *Cmd);
int CmdHFFido(const char *Cmd);
#endif

15
client/cmdhficlass.c
View file

@ -405,7 +405,7 @@ int CmdHFiClassSim(const char *Cmd) {
break;
size_t datalen = NUM_CSNS * 24;
void *dump = calloc(datalen, sizeof(uint8_t));
uint8_t *dump = calloc(datalen, sizeof(uint8_t));
if (!dump) {
PrintAndLogEx(WARNING, "Failed to allocate memory");
return 2;
@ -458,7 +458,7 @@ int CmdHFiClassSim(const char *Cmd) {
break;
size_t datalen = NUM_CSNS * 24;
void *dump = calloc(datalen, sizeof(uint8_t));
uint8_t *dump = calloc(datalen, sizeof(uint8_t));
if (!dump) {
PrintAndLogEx(WARNING, "Failed to allocate memory");
return 2;
@ -636,7 +636,7 @@ int CmdHFiClassELoad(const char *Cmd) {
long fsize = ftell(f);
fseek(f, 0, SEEK_SET);
if (fsize < 0) {
if (fsize <= 0) {
PrintAndLogDevice(WARNING, "error, when getting filesize");
fclose(f);
return 1;
@ -729,7 +729,7 @@ int CmdHFiClassDecrypt(const char *Cmd) {
long fsize = ftell(f);
fseek(f, 0, SEEK_SET);
if (fsize < 0) {
if (fsize <= 0) {
PrintAndLogEx(WARNING, "error, when getting filesize");
fclose(f);
return 2;
@ -1109,7 +1109,7 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
PrintAndLogEx(WARNING, "command execute timeout 2");
return 0;
}
uint8_t isOK = resp.arg[0] & 0xff;
isOK = resp.arg[0] & 0xff;
blocksRead = resp.arg[1];
if (!isOK && !blocksRead) {
PrintAndLogEx(WARNING, "read block failed 2");
@ -1609,7 +1609,7 @@ int CmdHFiClassReadTagFile(const char *Cmd) {
long fsize = ftell(f);
fseek(f, 0, SEEK_SET);
if (fsize < 0) {
if (fsize <= 0) {
PrintAndLogEx(WARNING, "Error, when getting filesize");
fclose(f);
return 1;
@ -1766,7 +1766,7 @@ static int loadKeys(char *filename) {
long fsize = ftell(f);
fseek(f, 0, SEEK_SET);
if (fsize < 0) {
if (fsize <= 0) {
PrintAndLogEx(WARNING, "Error, when getting filesize");
fclose(f);
return 1;
@ -2194,7 +2194,6 @@ int CmdHFiClassLookUp(const char *Cmd) {
}
cmdp += 2;
break;
break;
case 'e':
use_elite = true;
cmdp++;

46
client/cmdhficlass.h
View file

@ -52,29 +52,29 @@ typedef struct iclass_prekey {
int CmdHFiClass(const char *Cmd);
extern int CmdHFiClassCalcNewKey(const char *Cmd);
extern int CmdHFiClassCloneTag(const char *Cmd);
extern int CmdHFiClassDecrypt(const char *Cmd);
extern int CmdHFiClassEncryptBlk(const char *Cmd);
extern int CmdHFiClassELoad(const char *Cmd);
extern int CmdHFiClassList(const char *Cmd);
extern int HFiClassReader(const char *Cmd, bool loop, bool verbose);
extern int CmdHFiClassReader(const char *Cmd);
extern int CmdHFiClassReader_Dump(const char *Cmd);
extern int CmdHFiClassReader_Replay(const char *Cmd);
extern int CmdHFiClassReadKeyFile(const char *filename);
extern int CmdHFiClassReadTagFile(const char *Cmd);
extern int CmdHFiClass_ReadBlock(const char *Cmd);
extern int CmdHFiClass_TestMac(const char *Cmd);
extern int CmdHFiClassManageKeys(const char *Cmd);
extern int CmdHFiClass_loclass(const char *Cmd);
extern int CmdHFiClassSniff(const char *Cmd);
extern int CmdHFiClassSim(const char *Cmd);
extern int CmdHFiClassWriteKeyFile(const char *Cmd);
extern int CmdHFiClass_WriteBlock(const char *Cmd);
extern int CmdHFiClassCheckKeys(const char *Cmd);
extern int CmdHFiClassLookUp(const char *Cmd);
extern int CmdHFiClassPermuteKey(const char *Cmd);
int CmdHFiClassCalcNewKey(const char *Cmd);
int CmdHFiClassCloneTag(const char *Cmd);
int CmdHFiClassDecrypt(const char *Cmd);
int CmdHFiClassEncryptBlk(const char *Cmd);
int CmdHFiClassELoad(const char *Cmd);
int CmdHFiClassList(const char *Cmd);
int HFiClassReader(const char *Cmd, bool loop, bool verbose);
int CmdHFiClassReader(const char *Cmd);
int CmdHFiClassReader_Dump(const char *Cmd);
int CmdHFiClassReader_Replay(const char *Cmd);
int CmdHFiClassReadKeyFile(const char *filename);
int CmdHFiClassReadTagFile(const char *Cmd);
int CmdHFiClass_ReadBlock(const char *Cmd);
int CmdHFiClass_TestMac(const char *Cmd);
int CmdHFiClassManageKeys(const char *Cmd);
int CmdHFiClass_loclass(const char *Cmd);
int CmdHFiClassSniff(const char *Cmd);
int CmdHFiClassSim(const char *Cmd);
int CmdHFiClassWriteKeyFile(const char *Cmd);
int CmdHFiClass_WriteBlock(const char *Cmd);
int CmdHFiClassCheckKeys(const char *Cmd);
int CmdHFiClassLookUp(const char *Cmd);
int CmdHFiClassPermuteKey(const char *Cmd);
void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t endblock, size_t filesize);
void HFiClassCalcDivKey(uint8_t *CSN, uint8_t *KEY, uint8_t *div_key, bool elite);

26
client/cmdhflegic.h
View file

@ -26,19 +26,19 @@
int CmdHFLegic(const char *Cmd);
extern int CmdLegicInfo(const char *Cmd);
extern int CmdLegicRdmem(const char *Cmd);
extern int CmdLegicLoad(const char *Cmd);
extern int CmdLegicRfSim(const char *Cmd);
extern int CmdLegicRfWrite(const char *Cmd);
extern int CmdLegicCalcCrc(const char *Cmd);
extern int CmdLegicDump(const char *Cmd);
extern int CmdLegicRestore(const char *Cmd);
extern int CmdLegicReader(const char *Cmd);
extern int CmdLegicELoad(const char *Cmd);
extern int CmdLegicESave(const char *Cmd);
extern int CmdLegicList(const char *Cmd);
extern int CmdLegicWipe(const char *Cmd);
int CmdLegicInfo(const char *Cmd);
int CmdLegicRdmem(const char *Cmd);
int CmdLegicLoad(const char *Cmd);
int CmdLegicRfSim(const char *Cmd);
int CmdLegicRfWrite(const char *Cmd);
int CmdLegicCalcCrc(const char *Cmd);
int CmdLegicDump(const char *Cmd);
int CmdLegicRestore(const char *Cmd);
int CmdLegicReader(const char *Cmd);
int CmdLegicELoad(const char *Cmd);
int CmdLegicESave(const char *Cmd);
int CmdLegicList(const char *Cmd);
int CmdLegicWipe(const char *Cmd);
int HFLegicReader(const char *Cmd, bool verbose);
int legic_print_type(uint32_t tagtype, uint8_t spaces);

43
client/cmdhflist.h
View file

@ -51,31 +51,32 @@ typedef struct {
uint32_t ks2; // ar ^ ar_enc
uint32_t ks3; // at ^ at_enc
} TAuthData;
extern void ClearAuthData();
extern uint8_t iso14443A_CRC_check(bool isResponse, uint8_t *d, uint8_t n);
extern uint8_t iso14443B_CRC_check(uint8_t *d, uint8_t n);
extern uint8_t mifare_CRC_check(bool isResponse, uint8_t *data, uint8_t len);
extern uint8_t iso15693_CRC_check(uint8_t *d, uint8_t n);
extern uint8_t iclass_CRC_check(bool isResponse, uint8_t *d, uint8_t n);
void ClearAuthData();
uint8_t iso14443A_CRC_check(bool isResponse, uint8_t *d, uint8_t n);
uint8_t iso14443B_CRC_check(uint8_t *d, uint8_t n);
uint8_t mifare_CRC_check(bool isResponse, uint8_t *data, uint8_t len);
uint8_t iso15693_CRC_check(uint8_t *d, uint8_t n);
uint8_t iclass_CRC_check(bool isResponse, uint8_t *d, uint8_t n);
int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateIclass(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateIso15693(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateTopaz(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateLegic(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateFelica(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateIso7816(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateIso14443b(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateMfDesfire(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
extern void annotateMifare(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, uint8_t paritysize, bool isResponse);
void annotateIclass(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateIso15693(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateTopaz(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateLegic(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateFelica(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateIso7816(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateIso14443b(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateMfDesfire(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize);
void annotateMifare(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, uint8_t paritysize, bool isResponse);
extern bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen);
extern bool NTParityChk(TAuthData *ad, uint32_t ntx);
extern bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity);
extern bool CheckCrypto1Parity(uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, uint8_t *parity_enc);
extern uint64_t GetCrypto1ProbableKey(TAuthData *ad);
bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen);
bool NTParityChk(TAuthData *ad, uint32_t ntx);
bool NestedCheckKey(uint64_t key, TAuthData *ad, uint8_t *cmd, uint8_t cmdsize, uint8_t *parity);
bool CheckCrypto1Parity(uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, uint8_t *parity_enc);
uint64_t GetCrypto1ProbableKey(TAuthData *ad);
#endif // CMDHFLIST

43
client/cmdhfmf.c
View file

@ -69,6 +69,10 @@ int usage_hf14_mf1ksim(void) {
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h this help");
PrintAndLogEx(NORMAL, " u (Optional) UID 4,7 or 10bytes. If not specified, the UID 4b from emulator memory will be used");
PrintAndLogEx(NORMAL, " t (Optional) 0 = MIFARE Mini");
PrintAndLogEx(NORMAL, " 1 = MIFARE Classic 1k (Default)");
PrintAndLogEx(NORMAL, " 1 = MIFARE Classic 2k");
PrintAndLogEx(NORMAL, " 4 = MIFARE Classic 4k");
PrintAndLogEx(NORMAL, " n (Optional) Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite");
PrintAndLogEx(NORMAL, " i (Optional) Interactive, means that console will not be returned until simulation finishes or is aborted");
PrintAndLogEx(NORMAL, " x (Optional) Crack, performs the 'reader attack', nr/ar attack against a reader");
@ -1679,7 +1683,7 @@ int CmdHF14AMfChk_fast(const char *Cmd) {
PrintAndLogEx(SUCCESS, "Running strategy %u", strategy);
// main keychunk loop
for (uint32_t i = 0; i < keycnt; i += chunksize) {
for (i = 0; i < keycnt; i += chunksize) {
if (ukbhit()) {
int gc = getchar();
@ -1713,7 +1717,7 @@ out:
// check..
uint8_t found_keys = 0;
for (uint8_t i = 0; i < sectorsCnt; ++i) {
for (i = 0; i < sectorsCnt; ++i) {
if (e_sector[i].foundKey[0])
found_keys++;
@ -1730,7 +1734,7 @@ out:
if (transferToEml) {
uint8_t block[16] = {0x00};
for (uint8_t i = 0; i < sectorsCnt; ++i) {
for ( i = 0; i < sectorsCnt; ++i) {
mfEmlGetMem(block, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);
if (e_sector[i].foundKey[0])
num_to_bytes(e_sector[i].Key[0], 6, block);
@ -1925,7 +1929,7 @@ int CmdHF14AMfChk(const char *Cmd) {
}
// empty e_sector
for (int i = 0; i < SectorsCnt; ++i) {
for (i = 0; i < SectorsCnt; ++i) {
e_sector[i].Key[0] = 0xffffffffffff;
e_sector[i].Key[1] = 0xffffffffffff;
e_sector[i].foundKey[0] = false;
@ -1944,7 +1948,7 @@ int CmdHF14AMfChk(const char *Cmd) {
for (trgKeyType = (keyType == 2) ? 0 : keyType; trgKeyType < 2; (keyType == 2) ? (++trgKeyType) : (trgKeyType = 2)) {
int b = blockNo;
for (int i = 0; i < SectorsCnt; ++i) {
for (i = 0; i < SectorsCnt; ++i) {
// skip already found keys.
if (e_sector[i].foundKey[trgKeyType]) continue;
@ -2018,7 +2022,7 @@ out:
if (transferToEml) {
uint8_t block[16] = {0x00};
for (uint8_t i = 0; i < SectorsCnt; ++i) {
for (i = 0; i < SectorsCnt; ++i) {
mfEmlGetMem(block, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1);
if (e_sector[i].foundKey[0])
num_to_bytes(e_sector[i].Key[0], 6, block);
@ -2132,7 +2136,7 @@ int CmdHF14AMf1kSim(const char *Cmd) {
uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
uint8_t exitAfterNReads = 0;
uint8_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA);
uint16_t flags = (FLAG_UID_IN_EMUL | FLAG_4B_UID_IN_DATA);
int uidlen = 0;
uint8_t cmdp = 0;
bool errors = false, verbose = false, setEmulatorMem = false;
@ -2154,6 +2158,31 @@ int CmdHF14AMf1kSim(const char *Cmd) {
exitAfterNReads = param_get8(Cmd, cmdp + 1);
cmdp += 2;
break;
case 't':
switch (param_get8(Cmd, cmdp + 1)) {
case 0:
// Mifare MINI
flags |= FLAG_MF_MINI;
break;
case 1:
// Mifare Classic 1k
flags |= FLAG_MF_1K;
break;
case 2:
// Mifare Classic 2k
flags |= FLAG_MF_2K;
break;
case 4:
// Mifare Classic 4k
flags |= FLAG_MF_4K;
break;
default:
// Mifare Classic 1k
flags |= FLAG_MF_1K;
break;
}
cmdp += 2;
break;
case 'u':
param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen);
switch (uidlen) {

68
client/cmdhfmf.h
View file

@ -33,41 +33,41 @@
#include "cliparser/cliparser.h" // argtable
#include "hardnested/hardnested_bf_core.h" // SetSIMDInstr
extern int CmdHFMF(const char *Cmd);
int CmdHFMF(const char *Cmd);
extern int CmdHF14AMfList(const char *Cmd);
extern int CmdHF14AMfDbg(const char *Cmd);
extern int CmdHF14AMfRdBl(const char *Cmd);
extern int CmdHF14AMfURdBl(const char *Cmd);
extern int CmdHF14AMfRdSc(const char *Cmd);
extern int CmdHF14SMfURdCard(const char *Cmd);
extern int CmdHF14AMfDump(const char *Cmd);
extern int CmdHF14AMfRestore(const char *Cmd);
extern int CmdHF14AMfWrBl(const char *Cmd);
extern int CmdHF14AMfUWrBl(const char *Cmd);
extern int CmdHF14AMfChk(const char *Cmd);
extern int CmdHF14AMfDarkside(const char *Cmd);
extern int CmdHF14AMfNested(const char *Cmd);
extern int CmdHF14AMfNestedHard(const char *Cmd);
//extern int CmdHF14AMfSniff(const char* Cmd);
extern int CmdHF14AMf1kSim(const char *Cmd);
extern int CmdHF14AMfKeyBrute(const char *Cmd);
extern int CmdHF14AMfEClear(const char *Cmd);
extern int CmdHF14AMfEGet(const char *Cmd);
extern int CmdHF14AMfESet(const char *Cmd);
extern int CmdHF14AMfELoad(const char *Cmd);
extern int CmdHF14AMfESave(const char *Cmd);
extern int CmdHF14AMfECFill(const char *Cmd);
extern int CmdHF14AMfEKeyPrn(const char *Cmd);
extern int CmdHF14AMfCSetUID(const char *Cmd);
extern int CmdHF14AMfCSetBlk(const char *Cmd);
extern int CmdHF14AMfCGetBlk(const char *Cmd);
extern int CmdHF14AMfCGetSc(const char *Cmd);
extern int CmdHF14AMfCLoad(const char *Cmd);
extern int CmdHF14AMfCSave(const char *Cmd);
extern int CmdHf14MfDecryptBytes(const char *Cmd);
extern int CmdHf14AMfSetMod(const char *Cmd);
extern int CmdHf14AMfNack(const char *Cmd);
int CmdHF14AMfList(const char *Cmd);
int CmdHF14AMfDbg(const char *Cmd);
int CmdHF14AMfRdBl(const char *Cmd);
int CmdHF14AMfURdBl(const char *Cmd);
int CmdHF14AMfRdSc(const char *Cmd);
int CmdHF14SMfURdCard(const char *Cmd);
int CmdHF14AMfDump(const char *Cmd);
int CmdHF14AMfRestore(const char *Cmd);
int CmdHF14AMfWrBl(const char *Cmd);
int CmdHF14AMfUWrBl(const char *Cmd);
int CmdHF14AMfChk(const char *Cmd);
int CmdHF14AMfDarkside(const char *Cmd);
int CmdHF14AMfNested(const char *Cmd);
int CmdHF14AMfNestedHard(const char *Cmd);
//int CmdHF14AMfSniff(const char* Cmd);
int CmdHF14AMf1kSim(const char *Cmd);
int CmdHF14AMfKeyBrute(const char *Cmd);
int CmdHF14AMfEClear(const char *Cmd);
int CmdHF14AMfEGet(const char *Cmd);
int CmdHF14AMfESet(const char *Cmd);
int CmdHF14AMfELoad(const char *Cmd);
int CmdHF14AMfESave(const char *Cmd);
int CmdHF14AMfECFill(const char *Cmd);
int CmdHF14AMfEKeyPrn(const char *Cmd);
int CmdHF14AMfCSetUID(const char *Cmd);
int CmdHF14AMfCSetBlk(const char *Cmd);
int CmdHF14AMfCGetBlk(const char *Cmd);
int CmdHF14AMfCGetSc(const char *Cmd);
int CmdHF14AMfCLoad(const char *Cmd);
int CmdHF14AMfCSave(const char *Cmd);
int CmdHf14MfDecryptBytes(const char *Cmd);
int CmdHf14AMfSetMod(const char *Cmd);
int CmdHf14AMfNack(const char *Cmd);
void showSectorTable(void);
void readerAttack(nonces_t data, bool setEmulatorMem, bool verbose);

6
client/cmdhfmfdes.h
View file

@ -11,9 +11,9 @@
#define __MFDESFIRE_H
int CmdHFMFDes(const char *Cmd);
int CmdHF14ADesAuth(const char *cmd);
int CmdHF14ADesRb(const char *cmd);
int CmdHF14ADesWb(const char *cmd);
int CmdHF14ADesAuth(const char *Cmd);
int CmdHF14ADesRb(const char *Cmd);
int CmdHF14ADesWb(const char *Cmd);
int CmdHF14ADesInfo(const char *Cmd);
int CmdHF14ADesEnumApplications(const char *Cmd);

1
client/cmdhfmfdesfire.h
View file

@ -1,5 +1,4 @@
static int CmdHelp(const char *Cmd);
int CmdHF14AMfDESAuth(const char *Cmd);
int CmdHFMFDesfire(const char *Cmd);
int CmdHelp(const char *Cmd);

115
client/cmdhfmfhard.c
View file

@ -1284,7 +1284,6 @@ static void simulate_MFplus_RNG(uint32_t test_cuid, uint64_t test_key, uint32_t
}
static void simulate_acquire_nonces() {
time_t time1 = time(NULL);
last_sample_clock = 0;
@ -1292,7 +1291,7 @@ static void simulate_acquire_nonces() {
hardnested_stage = CHECK_1ST_BYTES;
bool acquisition_completed = false;
uint32_t total_num_nonces = 0;
float brute_force;
float brute_force_depth;
bool reported_suma8 = false;
cuid = (rand() & 0xff) << 24 | (rand() & 0xff) << 16 | (rand() & 0xff) << 8 | (rand() & 0xff);
@ -1331,19 +1330,19 @@ static void simulate_acquire_nonces() {
apply_sum_a0();
}
update_nonce_data(true);
acquisition_completed = shrink_key_space(&brute_force);
acquisition_completed = shrink_key_space(&brute_force_depth);
if (!reported_suma8) {
char progress_string[80];
sprintf(progress_string, "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]);
hardnested_print_progress(num_acquired_nonces, progress_string, brute_force, 0);
hardnested_print_progress(num_acquired_nonces, progress_string, brute_force_depth, 0);
reported_suma8 = true;
} else {
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force, 0);
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force_depth, 0);
}
} else {
update_nonce_data(true);
acquisition_completed = shrink_key_space(&brute_force);
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force, 0);
acquisition_completed = shrink_key_space(&brute_force_depth);
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force_depth, 0);
}
} while (!acquisition_completed);
@ -1366,10 +1365,9 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_
bool field_off = false;
hardnested_stage = CHECK_1ST_BYTES;
bool acquisition_completed = false;
uint32_t flags = 0;
uint8_t write_buf[9];
uint32_t total_num_nonces = 0;
float brute_force;
//uint32_t total_num_nonces = 0;
float brute_force_depth;
bool reported_suma8 = false;
char progress_text[80];
FILE *fnonces = NULL;
@ -1380,7 +1378,7 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_
clearCommandBuffer();
do {
flags = 0;
uint32_t flags = 0;
flags |= initialize ? 0x0001 : 0;
flags |= slow ? 0x0002 : 0;
flags |= field_off ? 0x0004 : 0;
@ -1395,9 +1393,9 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_
if (initialize) {
if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) {
//strange second call (iceman)
UsbCommand c = {CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES, {blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, 4}};
UsbCommand c1 = {CMD_MIFARE_ACQUIRE_ENCRYPTED_NONCES, {blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, 4}};
clearCommandBuffer();
SendCommand(&c);
SendCommand(&c1);
return 1;
}
if (resp.arg[0]) return resp.arg[0]; // error during nested_hard
@ -1439,7 +1437,7 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_
}
bufp += 9;
}
total_num_nonces += num_sampled_nonces;
//total_num_nonces += num_sampled_nonces;
if (first_byte_num == 256) {
if (hardnested_stage == CHECK_1ST_BYTES) {
@ -1453,19 +1451,19 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_
apply_sum_a0();
}
update_nonce_data(true);
acquisition_completed = shrink_key_space(&brute_force);
acquisition_completed = shrink_key_space(&brute_force_depth);
if (!reported_suma8) {
char progress_string[80];
sprintf(progress_string, "Apply Sum property. Sum(a0) = %d", sums[first_byte_Sum]);
hardnested_print_progress(num_acquired_nonces, progress_string, brute_force, 0);
hardnested_print_progress(num_acquired_nonces, progress_string, brute_force_depth, 0);
reported_suma8 = true;
} else {
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force, 0);
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force_depth, 0);
}
} else {
update_nonce_data(true);
acquisition_completed = shrink_key_space(&brute_force);
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force, 0);
acquisition_completed = shrink_key_space(&brute_force_depth);
hardnested_print_progress(num_acquired_nonces, "Apply bit flip properties", brute_force_depth, 0);
}
}
@ -1652,7 +1650,8 @@ static uint_fast8_t reverse(uint_fast8_t b) {
static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even) {
uint32_t masks[2][8] = {{0x00fffff0, 0x00fffff8, 0x00fffff8, 0x00fffffc, 0x00fffffc, 0x00fffffe, 0x00fffffe, 0x00ffffff},
uint32_t masks[2][8] = {
{0x00fffff0, 0x00fffff8, 0x00fffff8, 0x00fffffc, 0x00fffffc, 0x00fffffe, 0x00fffffe, 0x00ffffff},
{0x00fffff0, 0x00fffff0, 0x00fffff8, 0x00fffff8, 0x00fffffc, 0x00fffffc, 0x00fffffe, 0x00fffffe}
};
@ -1664,6 +1663,7 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even
bool found_match = false;
for (uint8_t remaining_bits = 0; remaining_bits <= (~mask & 0xff); remaining_bits++) {
if (remaining_bits_match(num_common, bytes_diff, state, (state & mask) | remaining_bits, odd_even)) {
#ifdef DEBUG_KEY_ELIMINATION
if (bitflips_match(byte2, (state & mask) | remaining_bits, odd_even, true)) {
#else
@ -1674,7 +1674,9 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even
}
}
}
if (!found_match) {
#ifdef DEBUG_KEY_ELIMINATION
if (known_target_key != -1 && state == test_state[odd_even]) {
PrintAndLogEx(NORMAL, "all_bitflips_match() 1st Byte: %s test state (0x%06x): Eliminated. Bytes = %02x, %02x, Common Bits = %d\n",
@ -1694,7 +1696,6 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even
return true;
}
static void bitarray_to_list(uint8_t byte, uint32_t *bitarray, uint32_t *state_list, uint32_t *len, odd_even_t odd_even) {
uint32_t *p = state_list;
for (uint32_t state = next_state(bitarray, -1L); state < (1 << 24); state = next_state(bitarray, state)) {
@ -1716,7 +1717,7 @@ static void add_cached_states(statelist_t *candidates, uint16_t part_sum_a0, uin
static void add_matching_states(statelist_t *candidates, uint8_t part_sum_a0, uint8_t part_sum_a8, odd_even_t odd_even) {
uint32_t worstcase_size = 1 << 20;
const uint32_t worstcase_size = 1 << 20;
candidates->states[odd_even] = (uint32_t *)malloc(sizeof(uint32_t) * worstcase_size);
if (candidates->states[odd_even] == NULL) {
PrintAndLogEx(WARNING, "Out of memory error in add_matching_states() - statelist.\n");
@ -1773,28 +1774,26 @@ static statelist_t *add_more_candidates(void) {
return new_candidates;
}
static void add_bitflip_candidates(uint8_t byte) {
statelist_t *candidates = add_more_candidates();
statelist_t *candidates1 = add_more_candidates();
for (odd_even_t odd_even = EVEN_STATE; odd_even <= ODD_STATE; odd_even++) {
uint32_t worstcase_size = nonces[byte].num_states_bitarray[odd_even] + 1;
candidates->states[odd_even] = (uint32_t *)malloc(sizeof(uint32_t) * worstcase_size);
if (candidates->states[odd_even] == NULL) {
candidates1->states[odd_even] = (uint32_t *)malloc(sizeof(uint32_t) * worstcase_size);
if (candidates1->states[odd_even] == NULL) {
PrintAndLogEx(WARNING, "Out of memory error in add_bitflip_candidates().\n");
exit(4);
}
bitarray_to_list(byte, nonces[byte].states_bitarray[odd_even], candidates->states[odd_even], &(candidates->len[odd_even]), odd_even);
bitarray_to_list(byte, nonces[byte].states_bitarray[odd_even], candidates1->states[odd_even], &(candidates1->len[odd_even]), odd_even);
if (candidates->len[odd_even] + 1 < worstcase_size) {
candidates->states[odd_even] = realloc(candidates->states[odd_even], sizeof(uint32_t) * (candidates->len[odd_even] + 1));
if (candidates1->len[odd_even] + 1 < worstcase_size) {
candidates1->states[odd_even] = realloc(candidates1->states[odd_even], sizeof(uint32_t) * (candidates1->len[odd_even] + 1));
}
}
return;
}
static bool TestIfKeyExists(uint64_t key) {
struct Crypto1State *pcs;
pcs = crypto1_create(key);
@ -1840,7 +1839,6 @@ static bool TestIfKeyExists(uint64_t key) {
return false;
}
static work_status_t book_of_work[NUM_PART_SUMS][NUM_PART_SUMS][NUM_PART_SUMS][NUM_PART_SUMS];
static void init_book_of_work(void) {
@ -2014,12 +2012,12 @@ static void generate_candidates(uint8_t sum_a0_idx, uint8_t sum_a8_idx) {
// create and run worker threads
pthread_t thread_id[NUM_REDUCTION_WORKING_THREADS];
uint16_t sums[NUM_REDUCTION_WORKING_THREADS][3];
uint16_t sums1[NUM_REDUCTION_WORKING_THREADS][3];
for (uint16_t i = 0; i < NUM_REDUCTION_WORKING_THREADS; i++) {
sums[i][0] = sum_a0_idx;
sums[i][1] = sum_a8_idx;
sums[i][2] = i + 1;
pthread_create(thread_id + i, NULL, generate_candidates_worker_thread, sums[i]);
sums1[i][0] = sum_a0_idx;
sums1[i][1] = sum_a8_idx;
sums1[i][2] = i + 1;
pthread_create(thread_id + i, NULL, generate_candidates_worker_thread, sums1[i]);
}
// wait for threads to terminate:
@ -2046,7 +2044,6 @@ static void generate_candidates(uint8_t sum_a0_idx, uint8_t sum_a8_idx) {
hardnested_print_progress(num_acquired_nonces, "Apply Sum(a8) and all bytes bitflip properties", nonces[best_first_bytes[0]].expected_num_brute_force, 0);
}
static void free_candidates_memory(statelist_t *sl) {
if (sl == NULL)
return;
@ -2055,7 +2052,6 @@ static void free_candidates_memory(statelist_t *sl) {
free(sl);
}
static void pre_XOR_nonces(void) {
// prepare acquired nonces for faster brute forcing.
@ -2086,9 +2082,11 @@ static uint16_t SumProperty(struct Crypto1State *s) {
return (sum_odd * (16 - sum_even) + (16 - sum_odd) * sum_even);
}
static void Tests() {
if (known_target_key != -1) {
if (known_target_key == -1)
return;
for (odd_even_t odd_even = EVEN_STATE; odd_even <= ODD_STATE; odd_even++) {
uint32_t *bitset = nonces[best_first_bytes[0]].states_bitarray[odd_even];
if (!test_bit24(bitset, test_state[odd_even])) {
@ -2097,9 +2095,6 @@ static void Tests() {
best_first_bytes[0]);
}
}
}
if (known_target_key != -1) {
for (odd_even_t odd_even = EVEN_STATE; odd_even <= ODD_STATE; odd_even++) {
uint32_t *bitset = all_bitflips_bitarray[odd_even];
if (!test_bit24(bitset, test_state[odd_even])) {
@ -2108,11 +2103,12 @@ static void Tests() {
}
}
}
}
static void Tests2(void) {
if (known_target_key != -1) {
if (known_target_key == -1)
return;
for (odd_even_t odd_even = EVEN_STATE; odd_even <= ODD_STATE; odd_even++) {
uint32_t *bitset = nonces[best_first_byte_smallest_bitarray].states_bitarray[odd_even];
if (!test_bit24(bitset, test_state[odd_even])) {
@ -2121,9 +2117,7 @@ static void Tests2(void) {
best_first_byte_smallest_bitarray);
}
}
}
if (known_target_key != -1) {
for (odd_even_t odd_even = EVEN_STATE; odd_even <= ODD_STATE; odd_even++) {
uint32_t *bitset = all_bitflips_bitarray[odd_even];
if (!test_bit24(bitset, test_state[odd_even])) {
@ -2133,9 +2127,6 @@ static void Tests2(void) {
}
}
}
static uint16_t real_sum_a8 = 0;
static void set_test_state(uint8_t byte) {
@ -2148,7 +2139,6 @@ static void set_test_state(uint8_t byte) {
crypto1_destroy(pcs);
}
int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *trgkey, bool nonce_file_read, bool nonce_file_write, bool slow, int tests, uint64_t *foundkey, char *filename) {
char progress_text[80];
char instr_set[12] = {0};
@ -2176,6 +2166,7 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc
hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0);
sprintf(progress_text, "Starting Test #%" PRIu32 " ...", i + 1);
hardnested_print_progress(0, progress_text, (float)(1LL << 47), 0);
if (trgkey != NULL) {
known_target_key = bytes_to_num(trgkey, 6);
} else {
@ -2257,9 +2248,18 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc
}
}
#ifdef DEBUG_KEY_ELIMINATION
fprintf(fstats, "%1.1f;%1.0f;%d;%s\n", log(num_keys_tested) / log(2.0), (float)num_keys_tested / brute_force_per_second, key_found, failstr);
fprintf(fstats, "%1.1f;%1.0f;%c;%s\n",
log(num_keys_tested) / log(2.0),
(float)num_keys_tested / brute_force_per_second,
key_found ? 'Y' : 'N',
failstr
);
#else
fprintf(fstats, "%1.0f;%d\n", log(num_keys_tested) / log(2.0), (float)num_keys_tested / brute_force_per_second, key_found);
fprintf(fstats, "%1.0f;%d\n",
log(num_keys_tested) / log(2.0),
(float)num_keys_tested / brute_force_per_second,
key_found
);
#endif
free_nonces_memory();
@ -2293,8 +2293,8 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc
}
hardnested_stage = CHECK_1ST_BYTES | CHECK_2ND_BYTES;
update_nonce_data(false);
float brute_force;
shrink_key_space(&brute_force);
float brute_force_depth;
shrink_key_space(&brute_force_depth);
} else { // acquire nonces.
uint16_t is_OK = acquire_nonces(blockNo, keyType, key, trgBlockNo, trgKeyType, nonce_file_write, slow, filename);
if (is_OK != 0) {
@ -2304,7 +2304,6 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc
free_bitarray(all_bitflips_bitarray[EVEN_STATE]);
free_sum_bitarrays();
free_part_sum_bitarrays();
return is_OK;
}
}
@ -2373,7 +2372,6 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc
// and calculate new expected number of brute forces
update_expected_brute_force(best_first_bytes[0]);
}
}
}
@ -2383,6 +2381,5 @@ int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBloc
free_sum_bitarrays();
free_part_sum_bitarrays();
}
return 0;
}

4
client/cmdhfmfhard.h
View file

@ -41,8 +41,8 @@ typedef struct noncelist {
noncelistentry_t *first;
} noncelist_t;
extern int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *trgkey, bool nonce_file_read, bool nonce_file_write, bool slow, int tests, uint64_t *foundkey, char *filename);
extern void hardnested_print_progress(uint32_t nonces, char *activity, float brute_force, uint64_t min_diff_print_time);
int mfnestedhard(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *trgkey, bool nonce_file_read, bool nonce_file_write, bool slow, int tests, uint64_t *foundkey, char *filename);
void hardnested_print_progress(uint32_t nonces, char *activity, float brute_force, uint64_t min_diff_print_time);
#endif

2
client/cmdhfmfp.c
View file

@ -385,7 +385,7 @@ int CmdHFMFPRdbl(const char *cmd) {
}
if (blocksCount > 1 && mfIsSectorTrailer(blockn)) {
PrintAndLog("WARNING: trailer!");
PrintAndLogEx(WARNING, "WARNING: trailer!");
}
uint8_t sectorNum = mfSectorNum(blockn & 0xff);

2
client/cmdhfmfp.h
View file

@ -12,7 +12,7 @@
#include "mifare/mifaredefault.h"
extern int CmdHFMFP(const char *Cmd);
int CmdHFMFP(const char *Cmd);
#endif

4
client/cmdhfmfu.c
View file

@ -1134,8 +1134,6 @@ int CmdHF14AMfUInfo(const char *Cmd) {
// hasAuthKey, if we was called with key, skip test.
if (!authlim && !hasAuthKey) {
PrintAndLogEx(NORMAL, "\n--- Known EV1/NTAG passwords.");
len = 0;
// test pwd gen A
num_to_bytes(ul_ev1_pwdgenA(card.uid), 4, key);
len = ulev1_requestAuthentication(key, pack, sizeof(pack));
@ -2078,7 +2076,7 @@ int CmdHF14AMfURestore(const char *Cmd) {
fseek(f, 0, SEEK_END);
long fsize = ftell(f);
fseek(f, 0, SEEK_SET);
if (fsize < 0) {
if (fsize <= 0) {
PrintAndLogEx(WARNING, "Error, when getting filesize");
fclose(f);
return 1;

50
client/cmdhfmfu.h
View file

@ -25,40 +25,40 @@ typedef struct {
uint8_t data[1024];
} mfu_dump_t;
extern int CmdHF14AMfUWrBl(const char *Cmd);
extern int CmdHF14AMfURdBl(const char *Cmd);
int CmdHF14AMfUWrBl(const char *Cmd);
int CmdHF14AMfURdBl(const char *Cmd);
//Crypto Cards
extern int CmdHF14AMfucAuth(const char *Cmd);
extern int CmdHF14AMfucSetPwd(const char *Cmd);
extern int CmdHF14AMfucSetUid(const char *Cmd);
extern int CmdHF14AMfuGenDiverseKeys(const char *Cmd);
extern int CmdHF14AMfuPwdGen(const char *Cmd);
int CmdHF14AMfucAuth(const char *Cmd);
int CmdHF14AMfucSetPwd(const char *Cmd);
int CmdHF14AMfucSetUid(const char *Cmd);
int CmdHF14AMfuGenDiverseKeys(const char *Cmd);
int CmdHF14AMfuPwdGen(const char *Cmd);
//general stuff
extern int CmdHF14AMfUDump(const char *Cmd);
extern int CmdHF14AMfURestore(const char *Cmd);
extern int CmdHF14AMfUInfo(const char *Cmd);
extern int CmdHF14AMfUeLoad(const char *Cmd);
extern int CmdHF14AMfUSim(const char *Cmd);
int CmdHF14AMfUDump(const char *Cmd);
int CmdHF14AMfURestore(const char *Cmd);
int CmdHF14AMfUInfo(const char *Cmd);
int CmdHF14AMfUeLoad(const char *Cmd);
int CmdHF14AMfUSim(const char *Cmd);
extern uint32_t GetHF14AMfU_Type(void);
extern int ul_print_type(uint32_t tagtype, uint8_t spacer);
uint32_t GetHF14AMfU_Type(void);
int ul_print_type(uint32_t tagtype, uint8_t spaces);
void printMFUdump(mfu_dump_t *card);
void printMFUdumpEx(mfu_dump_t *card, uint16_t pages, uint8_t startpage);
extern int usage_hf_mfu_info(void);
extern int usage_hf_mfu_dump(void);
extern int usage_hf_mfu_rdbl(void);
extern int usage_hf_mfu_wrbl(void);
extern int usage_hf_mfu_eload(void);
extern int usage_hf_mfu_sim(void);
extern int usage_hf_mfu_ucauth(void);
extern int usage_hf_mfu_ucsetpwd(void);
extern int usage_hf_mfu_ucsetuid(void);
extern int usage_hf_mfu_gendiverse(void);
extern int usage_hf_mfu_pwdgen(void);
int usage_hf_mfu_info(void);
int usage_hf_mfu_dump(void);
int usage_hf_mfu_rdbl(void);
int usage_hf_mfu_wrbl(void);
int usage_hf_mfu_eload(void);
int usage_hf_mfu_sim(void);
int usage_hf_mfu_ucauth(void);
int usage_hf_mfu_ucsetpwd(void);
int usage_hf_mfu_ucsetuid(void);
int usage_hf_mfu_gendiverse(void);
int usage_hf_mfu_pwdgen(void);
int CmdHFMFUltra(const char *Cmd);

10
client/cmdhftopaz.h
View file

@ -25,10 +25,10 @@
#include "protocols.h"
#include "cmdhf.h"
extern int CmdHFTopaz(const char *Cmd);
extern int CmdHFTopazReader(const char *Cmd);
extern int CmdHFTopazSim(const char *Cmd);
extern int CmdHFTopazCmdRaw(const char *Cmd);
extern int CmdHFTopazList(const char *Cmd);
int CmdHFTopaz(const char *Cmd);
int CmdHFTopazReader(const char *Cmd);
int CmdHFTopazSim(const char *Cmd);
int CmdHFTopazCmdRaw(const char *Cmd);
int CmdHFTopazList(const char *Cmd);
#endif

8
client/cmdlf.c
View file

@ -228,7 +228,7 @@ int CmdFlexdemod(const char *Cmd) {
i = start;
for (bit = 0; bit < 64; bit++) {
sum = 0;
for (int j = 0; j < 16; j++) {
for (j = 0; j < 16; j++) {
sum += data[i++];
}
bits[bit] = (sum > 0) ? 1 : 0;
@ -509,7 +509,7 @@ int CmdLFfskSim(const char *Cmd) {
}
}
} else {
setDemodBuf(data, dataLen, 0);
setDemodBuff(data, dataLen, 0);
}
//default if not found
@ -603,7 +603,7 @@ int CmdLFaskSim(const char *Cmd) {
if (clk == 0)
clk = GetAskClock("0", false);
} else {
setDemodBuf(data, dataLen, 0);
setDemodBuff(data, dataLen, 0);
}
if (clk == 0) clk = 64;
if (encoding == 0) clk /= 2; //askraw needs to double the clock speed
@ -704,7 +704,7 @@ int CmdLFpskSim(const char *Cmd) {
PrintAndLogEx(NORMAL, "carrier: %d", carrier);
} else {
setDemodBuf(data, dataLen, 0);
setDemodBuff(data, dataLen, 0);
}
if (clk == 0) clk = 32;

40
client/cmdlf.h
View file

@ -55,28 +55,28 @@
int CmdLF(const char *Cmd);
extern int CmdLFSetConfig(const char *Cmd);
int CmdLFSetConfig(const char *Cmd);
extern int CmdLFCommandRead(const char *Cmd);
extern int CmdFlexdemod(const char *Cmd);
extern int CmdLFRead(const char *Cmd);
extern int CmdLFSim(const char *Cmd);
extern int CmdLFaskSim(const char *Cmd);
extern int CmdLFfskSim(const char *Cmd);
extern int CmdLFpskSim(const char *Cmd);
extern int CmdLFSimBidir(const char *Cmd);
extern int CmdLFSniff(const char *Cmd);
extern int CmdVchDemod(const char *Cmd);
extern int CmdLFfind(const char *Cmd);
int CmdLFCommandRead(const char *Cmd);
int CmdFlexdemod(const char *Cmd);
int CmdLFRead(const char *Cmd);
int CmdLFSim(const char *Cmd);
int CmdLFaskSim(const char *Cmd);
int CmdLFfskSim(const char *Cmd);
int CmdLFpskSim(const char *Cmd);
int CmdLFSimBidir(const char *Cmd);
int CmdLFSniff(const char *Cmd);
int CmdVchDemod(const char *Cmd);
int CmdLFfind(const char *Cmd);
extern bool lf_read(bool silent, uint32_t samples);
bool lf_read(bool silent, uint32_t samples);
// usages helptext
extern int usage_lf_cmdread(void);
extern int usage_lf_read(void);
extern int usage_lf_sniff(void);
extern int usage_lf_config(void);
extern int usage_lf_simfsk(void);
extern int usage_lf_simask(void);
extern int usage_lf_simpsk(void);
int usage_lf_cmdread(void);
int usage_lf_read(void);
int usage_lf_sniff(void);
int usage_lf_config(void);
int usage_lf_simfsk(void);
int usage_lf_simask(void);
int usage_lf_simpsk(void);
#endif

2
client/cmdlfawid.c
View file

@ -267,7 +267,7 @@ int CmdAWIDDemod(const char *Cmd) {
return 0;
}
setDemodBuf(bits, size, idx);
setDemodBuff(bits, size, idx);
setClockGrid(50, waveIdx + (idx * 50));

22
client/cmdlfawid.h
View file

@ -24,17 +24,17 @@
#include "util_posix.h"
extern int CmdLFAWID(const char *Cmd);
extern int CmdAWIDDemod(const char *Cmd);
extern int CmdAWIDRead(const char *Cmd);
extern int CmdAWIDSim(const char *Cmd);
extern int CmdAWIDClone(const char *Cmd);
extern int CmdAWIDBrute(const char *Cmd);
extern int getAWIDBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *bits);
int CmdLFAWID(const char *Cmd);
int CmdAWIDDemod(const char *Cmd);
int CmdAWIDRead(const char *Cmd);
int CmdAWIDSim(const char *Cmd);
int CmdAWIDClone(const char *Cmd);
int CmdAWIDBrute(const char *Cmd);
int getAWIDBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *bits);
extern int usage_lf_awid_read(void);
extern int usage_lf_awid_sim(void);
extern int usage_lf_awid_clone(void);
extern int usage_lf_awid_brute(void);
int usage_lf_awid_read(void);
int usage_lf_awid_sim(void);
int usage_lf_awid_clone(void);
int usage_lf_awid_brute(void);
#endif

2
client/cmdlfcotag.c
View file

@ -40,7 +40,7 @@ int CmdCOTAGDemod(const char *Cmd) {
return -1;
}
setDemodBuf(bits, bitlen, 0);
setDemodBuff(bits, bitlen, 0);
//got a good demod
uint16_t cn = bytebits_to_byteLSBF(bits + 1, 16);

8
client/cmdlfcotag.h
View file

@ -23,9 +23,9 @@
#define COTAG_BITS 264
#endif
extern int CmdLFCOTAG(const char *Cmd);
extern int CmdCOTAGRead(const char *Cmd);
extern int CmdCOTAGDemod(const char *Cmd);
int CmdLFCOTAG(const char *Cmd);
int CmdCOTAGRead(const char *Cmd);
int CmdCOTAGDemod(const char *Cmd);
extern int usage_lf_cotag_read(void);
int usage_lf_cotag_read(void);
#endif

25
client/cmdlfem4x.c
View file

@ -254,13 +254,12 @@ void printEM410x(uint32_t hi, uint64_t id) {
PrintAndLogEx(SUCCESS, "EM410x %s pattern found", (hi) ? "XL" : "");
uint64_t iii = 1;
uint64_t n = 1;
uint64_t id2lo = 0;
uint32_t ii = 0;
uint32_t i = 0;
for (ii = 5; ii > 0; ii--) {
uint8_t m, i = 0;
for (m = 5; m > 0; m--) {
for (i = 0; i < 8; i++) {
id2lo = (id2lo << 1LL) | ((id & (iii << (i + ((ii - 1) * 8)))) >> (i + ((ii - 1) * 8)));
id2lo = (id2lo << 1LL) | ((id & (n << (i + ((m - 1) * 8)))) >> (i + ((m - 1) * 8)));
}
}
@ -299,10 +298,9 @@ void printEM410x(uint32_t hi, uint64_t id) {
uint32_t p1id = (id & 0xFFFFFF);
uint8_t arr[32] = {0x00};
int i = 0;
int j = 23;
for (; i < 24; ++i, --j) {
arr[i] = (p1id >> i) & 1;
for (int k = 0 ; k < 24; ++k, --j) {
arr[k] = (p1id >> k) & 1;
}
uint32_t p1 = 0;
@ -356,7 +354,7 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) {
size_t idx = 0;
uint8_t bits[512] = {0};
size_t size = sizeof(bits);
if (!getDemodBuf(bits, &size)) {
if (!getDemodBuff(bits, &size)) {
PrintAndLogEx(DEBUG, "DEBUG: Error - Em410x problem during copy from ASK demod");
return 0;
}
@ -381,7 +379,7 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) {
}
//set GraphBuffer for clone or sim command
setDemodBuf(DemodBuffer, (size == 40) ? 64 : 128, idx + 1);
setDemodBuff(DemodBuffer, (size == 40) ? 64 : 128, idx + 1);
setClockGrid(g_DemodClock, g_DemodStartIdx + ((idx + 1)*g_DemodClock));
PrintAndLogEx(DEBUG, "DEBUG: Em410x idx: %d, Len: %d, Printing Demod Buffer:", idx, size);
@ -1109,7 +1107,7 @@ bool setDemodBufferEM(uint32_t *word, size_t idx) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM, failed removing parity");
return false;
}
setDemodBuf(DemodBuffer, 32, 0);
setDemodBuff(DemodBuffer, 32, 0);
*word = bytebits_to_byteLSBF(DemodBuffer, 32);
return true;
}
@ -1225,9 +1223,8 @@ int CmdEM4x05Write(const char *Cmd) {
if (strlen(Cmd) == 0 || ctmp == 'h') return usage_lf_em4x05_write();
bool usePwd = false;
uint8_t addr = 50; // default to invalid address
uint32_t data = 0; // default to blank data
uint32_t pwd = 1; // default to blank password
uint8_t addr;
uint32_t data, pwd;
addr = param_get8ex(Cmd, 0, 50, 10);
data = param_get32ex(Cmd, 1, 0, 16);

63
client/cmdlfem4x.h
View file

@ -25,44 +25,43 @@
#include "cmdlf.h"
#include "lfdemod.h"
extern int CmdLFEM4X(const char *Cmd);
int CmdLFEM4X(const char *Cmd);
int CmdEM410xDemod(const char *Cmd);
int CmdEM410xRead(const char *Cmd);
int CmdEM410xSim(const char *Cmd);
int CmdEM410xBrute(const char *Cmd);
int CmdEM410xWatch(const char *Cmd);
int CmdEM410xWatchnSpoof(const char *Cmd);
int CmdEM410xWrite(const char *Cmd);
int CmdEM4x05Dump(const char *Cmd);
int CmdEM4x05Info(const char *Cmd);
int CmdEM4x05Read(const char *Cmd);
int CmdEM4x05Write(const char *Cmd);
int CmdEM4x50Read(const char *Cmd);
int CmdEM4x50Write(const char *Cmd);
int CmdEM4x50Dump(const char *Cmd);
extern int CmdEM410xDemod(const char *Cmd);
extern int CmdEM410xRead(const char *Cmd);
extern int CmdEM410xSim(const char *Cmd);
extern int CmdEM410xBrute(const char *Cmd);
extern int CmdEM410xWatch(const char *Cmd);
extern int CmdEM410xWatchnSpoof(const char *Cmd);
extern int CmdEM410xWrite(const char *Cmd);
extern int CmdEM4x05Dump(const char *Cmd);
extern int CmdEM4x05Info(const char *Cmd);
extern int CmdEM4x05Read(const char *Cmd);
extern int CmdEM4x05Write(const char *Cmd);
extern int CmdEM4x50Read(const char *Cmd);
extern int CmdEM4x50Write(const char *Cmd);
extern int CmdEM4x50Dump(const char *Cmd);
extern int EM4x50Read(const char *Cmd, bool verbose);
int EM4x50Read(const char *Cmd, bool verbose);
bool EM4x05IsBlock0(uint32_t *word);
extern void printEM410x(uint32_t hi, uint64_t id);
extern int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo);
extern int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose);
void printEM410x(uint32_t hi, uint64_t id);
int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo);
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose);
extern int usage_lf_em410x_sim(void);
extern int usage_lf_em410x_ws(void);
extern int usage_lf_em410x_clone(void);
extern int usage_lf_em410x_sim(void);
extern int usage_lf_em410x_brute(void);
int usage_lf_em410x_sim(void);
int usage_lf_em410x_ws(void);
int usage_lf_em410x_clone(void);
int usage_lf_em410x_sim(void);
int usage_lf_em410x_brute(void);
extern int usage_lf_em4x50_dump(void);
extern int usage_lf_em4x50_read(void);
extern int usage_lf_em4x50_write(void);
int usage_lf_em4x50_dump(void);
int usage_lf_em4x50_read(void);
int usage_lf_em4x50_write(void);
extern int usage_lf_em4x05_dump(void);
extern int usage_lf_em4x05_read(void);
extern int usage_lf_em4x05_write(void);
extern int usage_lf_em4x05_info(void);
int usage_lf_em4x05_dump(void);
int usage_lf_em4x05_read(void);
int usage_lf_em4x05_write(void);
int usage_lf_em4x05_info(void);
#endif

4
client/cmdlffdx.c
View file

@ -186,7 +186,7 @@ int CmdFDXBdemodBI(const char *Cmd) {
return 0;
}
setDemodBuf(bs, 128, preambleIndex);
setDemodBuff(bs, 128, preambleIndex);
// remove marker bits (1's every 9th digit after preamble) (pType = 2)
size = removeParity(bs, preambleIndex + 11, 9, 2, 117);
@ -256,7 +256,7 @@ int CmdFdxDemod(const char *Cmd) {
}
// set and leave DemodBuffer intact
setDemodBuf(DemodBuffer, 128, preambleIndex);
setDemodBuff(DemodBuffer, 128, preambleIndex);
setClockGrid(g_DemodClock, g_DemodStartIdx + (preambleIndex * g_DemodClock));
// remove marker bits (1's every 9th digit after preamble) (pType = 2)
size = removeParity(DemodBuffer, 11, 9, 2, 117);

18
client/cmdlffdx.h
View file

@ -19,17 +19,17 @@
#include "protocols.h" // for T55xx config register definitions
#include "lfdemod.h" // parityTest
extern int CmdLFFdx(const char *Cmd);
extern int CmdFdxClone(const char *Cmd);
extern int CmdFdxSim(const char *Cmd);
extern int CmdFdxRead(const char *Cmd);
extern int CmdFdxDemod(const char *Cmd);
int CmdLFFdx(const char *Cmd);
int CmdFdxClone(const char *Cmd);
int CmdFdxSim(const char *Cmd);
int CmdFdxRead(const char *Cmd);
int CmdFdxDemod(const char *Cmd);
int getFDXBits(uint64_t national_id, uint16_t country, uint8_t isanimal, uint8_t isextended, uint32_t extended, uint8_t *bits);
extern int usage_lf_fdx_clone(void);
extern int usage_lf_fdx_sim(void);
extern int usage_lf_fdx_read(void);
extern int usage_lf_fdx_demod(void);
int usage_lf_fdx_clone(void);
int usage_lf_fdx_sim(void);
int usage_lf_fdx_read(void);
int usage_lf_fdx_demod(void);
#endif

2
client/cmdlfguard.c
View file

@ -220,7 +220,7 @@ int CmdGuardDemod(const char *Cmd) {
PrintAndLogEx(DEBUG, "DEBUG: gProxII byte %u after xor: %02x", (unsigned int)idx, ByteStream[idx]);
}
setDemodBuf(DemodBuffer, 96, preambleIndex);
setDemodBuff(DemodBuffer, 96, preambleIndex);
setClockGrid(g_DemodClock, g_DemodStartIdx + (preambleIndex * g_DemodClock));
//ByteStream contains 8 Bytes (64 bits) of decrypted raw tag data

14
client/cmdlfguard.h
View file

@ -22,12 +22,12 @@
#include "lfdemod.h" // parityTest
#include "crc.h"
extern int CmdLFGuard(const char *Cmd);
extern int CmdGuardDemod(const char *Cmd);
extern int CmdGuardRead(const char *Cmd);
extern int CmdGuardClone(const char *Cmd);
extern int CmdGuardSim(const char *Cmd);
int CmdLFGuard(const char *Cmd);
int CmdGuardDemod(const char *Cmd);
int CmdGuardRead(const char *Cmd);
int CmdGuardClone(const char *Cmd);
int CmdGuardSim(const char *Cmd);
extern int usage_lf_guard_clone(void);
extern int usage_lf_quard_sim(void);
int usage_lf_guard_clone(void);
int usage_lf_quard_sim(void);
#endif

6
client/cmdlfhid.c
View file

@ -155,7 +155,7 @@ int CmdHIDDemod(const char *Cmd) {
return 0;
}
setDemodBuf(bits, size, idx);
setDemodBuff(bits, size, idx);
setClockGrid(50, waveIdx + (idx * 50));
if (hi2 == 0 && hi == 0 && lo == 0) {
@ -459,8 +459,8 @@ int CmdHIDWiegand(const char *Cmd) {
uint8_t *bs = bits;
memset(bs, 0, sizeof(bits));
uint8_t ctmp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || strlen(Cmd) < 3 || ctmp == 'H' || ctmp == 'h') return usage_lf_hid_wiegand();
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (strlen(Cmd) < 3 || ctmp == 'h') return usage_lf_hid_wiegand();
oem = param_get8(Cmd, 0);
fc = param_get32ex(Cmd, 1, 0, 10);

26
client/cmdlfhid.h
View file

@ -24,20 +24,20 @@
#include "util_posix.h"
#include "lfdemod.h"
extern int CmdLFHID(const char *Cmd);
extern int CmdHIDDemod(const char *Cmd);
extern int CmdHIDRead(const char *Cmd);
extern int CmdHIDSim(const char *Cmd);
extern int CmdHIDClone(const char *Cmd);
extern int CmdHIDWiegand(const char *Cmd);
extern int CmdHIDBrute(const char *Cmd);
int CmdLFHID(const char *Cmd);
int CmdHIDDemod(const char *Cmd);
int CmdHIDRead(const char *Cmd);
int CmdHIDSim(const char *Cmd);
int CmdHIDClone(const char *Cmd);
int CmdHIDWiegand(const char *Cmd);
int CmdHIDBrute(const char *Cmd);
extern int usage_lf_hid_read(void);
extern int usage_lf_hid_wiegand(void);
extern int usage_lf_hid_sim(void);
extern int usage_lf_hid_clone(void);
extern int usage_lf_hid_brute(void);
int usage_lf_hid_read(void);
int usage_lf_hid_wiegand(void);
int usage_lf_hid_sim(void);
int usage_lf_hid_clone(void);
int usage_lf_hid_brute(void);
//void calc26(uint16_t fc, uint32_t cardno, uint8_t *out);
extern void calcWiegand(uint8_t fmtlen, uint16_t fc, uint64_t cardno, uint8_t *bits);
void calcWiegand(uint8_t fmtlen, uint16_t fc, uint64_t cardno, uint8_t *bits);
#endif

18
client/cmdlfhitag.h
View file

@ -11,15 +11,15 @@
#ifndef CMDLFHITAG_H__
#define CMDLFHITAG_H__
extern int CmdLFHitag(const char *Cmd);
int CmdLFHitag(const char *Cmd);
extern int CmdLFHitagList(const char *Cmd);
extern int CmdLFHitagSniff(const char *Cmd);
extern int CmdLFHitagSim(const char *Cmd);
extern int CmdLFHitagInfo(const char *Cmd);
extern int CmdLFHitagReader(const char *Cmd);
extern int CmdLFHitagCheckChallenges(const char *Cmd);
extern int CmdLFHitagWriter(const char *Cmd);
extern int CmdLFHitagDump(const char *cmd);
int CmdLFHitagList(const char *Cmd);
int CmdLFHitagSniff(const char *Cmd);
int CmdLFHitagSim(const char *Cmd);
int CmdLFHitagInfo(const char *Cmd);
int CmdLFHitagReader(const char *Cmd);
int CmdLFHitagCheckChallenges(const char *Cmd);
int CmdLFHitagWriter(const char *Cmd);
int CmdLFHitagDump(const char *Cmd);
#endif

16
client/cmdlfindala.c
View file

@ -208,7 +208,7 @@ int CmdIndalaDemod(const char *Cmd) {
PrintAndLogEx(DEBUG, "DEBUG: Error - Indala: error demoding psk idx: %d", idx);
return 0;
}
setDemodBuf(DemodBuffer, size, idx);
setDemodBuff(DemodBuffer, size, idx);
setClockGrid(g_DemodClock, g_DemodStartIdx + (idx * g_DemodClock));
//convert UID to HEX
@ -265,7 +265,9 @@ int CmdIndalaDemod(const char *Cmd) {
uid5 = bytebits_to_byte(DemodBuffer + 128, 32);
uid6 = bytebits_to_byte(DemodBuffer + 160, 32);
uid7 = bytebits_to_byte(DemodBuffer + 192, 32);
PrintAndLogEx(SUCCESS, "Indala Found - bitlength %d, UID = 0x%x%08x%08x%08x%08x%08x%08x"
PrintAndLogEx(
SUCCESS
, "Indala Found - bitlength %d, Raw 0x%x%08x%08x%08x%08x%08x%08x"
, DemodBufferLen
, uid1
, uid2
@ -444,9 +446,8 @@ int CmdIndalaDemodAlt(const char *Cmd) {
}
// Checking UID against next occurrences
int failed = 0;
for (; i + uidlen <= rawbit;) {
failed = 0;
int failed = 0;
for (bit = 0; bit < uidlen; bit++) {
if (bits[bit] != rawbits[i++]) {
failed = 1;
@ -466,14 +467,13 @@ int CmdIndalaDemodAlt(const char *Cmd) {
// since this changes graphbuffer data.
GraphTraceLen = 32 * uidlen;
i = 0;
int phase = 0;
int phase;
for (bit = 0; bit < uidlen; bit++) {
if (bits[bit] == 0) {
phase = 0;
} else {
phase = 1;
}
int j;
for (j = 0; j < 32; j++) {
GraphBuffer[i++] = phase;
phase = !phase;
@ -558,7 +558,7 @@ int CmdIndalaClone(const char *Cmd) {
UsbCommand c = {0, {0, 0, 0}};
if (isLongUid) {
PrintAndLogEx(INFO, "Preparing to clone Indala 224bit tag with UID %s", sprint_hex(data, datalen));
PrintAndLogEx(INFO, "Preparing to clone Indala 224bit tag with RawID %s", sprint_hex(data, datalen));
c.cmd = CMD_INDALA_CLONE_TAG_L;
c.d.asDwords[0] = bytes_to_num(data, 4);
c.d.asDwords[1] = bytes_to_num(data + 4, 4);
@ -568,7 +568,7 @@ int CmdIndalaClone(const char *Cmd) {
c.d.asDwords[5] = bytes_to_num(data + 20, 4);
c.d.asDwords[6] = bytes_to_num(data + 24, 4);
} else {
PrintAndLogEx(INFO, "Preparing to clone Indala 64bit tag with UID %s", sprint_hex(data, datalen));
PrintAndLogEx(INFO, "Preparing to clone Indala 64bit tag with RawID %s", sprint_hex(data, datalen));
c.cmd = CMD_INDALA_CLONE_TAG;
c.d.asDwords[0] = bytes_to_num(data, 4);
c.d.asDwords[1] = bytes_to_num(data + 4, 4);

Some files were not shown because too many files have changed in this diff Show more