From 5f18400cbed6a590661f52d184ac8a930719973f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 7 Jul 2017 12:38:49 +0200 Subject: [PATCH] FIX: 'hf iclass reader' marshmellows fixes. CHG: removing some #define TRUE --- armsrc/BigBuf.c | 4 +- armsrc/emvcmd.c | 14 +++--- armsrc/fpgaloader.c | 19 +++++--- armsrc/fpgaloader.h | 2 +- armsrc/iclass.c | 109 +++++++++++++++++++++++-------------------- armsrc/iso14443a.c | 90 +++++++++++++++++------------------ armsrc/iso14443b.c | 30 ++++++------ client/cmdhficlass.c | 14 +++--- client/cmdhficlass.h | 1 + client/flasher.c | 2 + client/graph.c | 2 +- client/mifarehost.c | 12 +++++ common/crc.c | 10 ++-- 13 files changed, 167 insertions(+), 142 deletions(-) diff --git a/armsrc/BigBuf.c b/armsrc/BigBuf.c index cf0c26b2b..752aa3467 100644 --- a/armsrc/BigBuf.c +++ b/armsrc/BigBuf.c @@ -196,7 +196,7 @@ bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_ } traceLen += num_paritybytes; - return TRUE; + return true; } @@ -239,7 +239,7 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP memcpy(trace + traceLen, btBytes, iLen); traceLen += iLen; - return TRUE; + return true; } diff --git a/armsrc/emvcmd.c b/armsrc/emvcmd.c index 7055e2590..76e467ba0 100644 --- a/armsrc/emvcmd.c +++ b/armsrc/emvcmd.c @@ -458,7 +458,7 @@ void EMVTransaction() //setup stuff BigBuf_free(); BigBuf_Clear_ext(false); clear_trace(); - set_tracing(TRUE); + set_tracing(true); uint8_t *resp = BigBuf_malloc(256); @@ -777,7 +777,7 @@ void SimulateEMVcard() BigBuf_malloc((allocatedtaglen*8) +(allocatedtaglen) + (TAG_RESPONSE_COUNT * 3)); // clear trace clear_trace(); - set_tracing(TRUE); + set_tracing(true); // Prepare the responses of the anticollision phase // there will be not enough time to do this at the moment the reader sends it REQA @@ -854,7 +854,7 @@ void SimulateEMVcard() //we're an EMV card - so no read commands p_response = NULL; } else if(receivedCmd[0] == 0x50) { // Received a HALT - LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); + LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true); p_response = NULL; order = HLTA; } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request @@ -865,7 +865,7 @@ void SimulateEMVcard() p_response = &responses[ATS]; order = RATS; } else if (order == AUTH && len == 8) { // Received {nr] and {ar} (part of authentication) - LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); + LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true); uint32_t nr = bytes_to_num(receivedCmd,4); uint32_t ar = bytes_to_num(receivedCmd+4,4); Dbprintf("Auth attempt {nr}{ar}: %08x %08x",nr,ar); @@ -935,7 +935,7 @@ void SimulateEMVcard() default: { // Never seen this command before - LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); + LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true); Dbprintf("Received unknown command (len=%d):",len); Dbhexdump(len,receivedCmd,false); // Do not respond @@ -952,12 +952,12 @@ void SimulateEMVcard() dynamic_response_info.response_n += 2; if(dynamic_response_info.response_n > readerPacketLen){ //throw error if our reader doesn't support the send packet length Dbprintf("Error: tag response is longer then what the reader supports, TODO:implement command chaining"); - LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); + LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true); break; } if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) { Dbprintf("Error preparing tag response"); - LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); + LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true); break; } p_response = &dynamic_response_info; diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c index e8c3028f3..b205555b2 100644 --- a/armsrc/fpgaloader.c +++ b/armsrc/fpgaloader.c @@ -143,7 +143,7 @@ void FpgaSetupSscExt(uint8_t clearPCER) { AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN; } void FpgaSetupSsc(void) { - FpgaSetupSscExt(TRUE); + FpgaSetupSscExt(true); } //----------------------------------------------------------------------------- // Set up DMA to receive samples from the FPGA. We will use the PDC, with @@ -183,7 +183,7 @@ static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8 return res; } - ++uncompressed_bytes_cnt; + uncompressed_bytes_cnt++; return *fpga_image_ptr++; } @@ -547,10 +547,15 @@ void SetAdcMuxFor(uint32_t whichGpio) HIGH(whichGpio); } -void Fpga_print_status(void) -{ +void Fpga_print_status(void) { Dbprintf("Fgpa"); - if(downloaded_bitstream == FPGA_BITSTREAM_HF) Dbprintf(" mode.............HF"); - else if(downloaded_bitstream == FPGA_BITSTREAM_LF) Dbprintf(" mode.............LF"); - else Dbprintf(" mode.............%d", downloaded_bitstream); + switch(downloaded_bitstream) { + case FPGA_BITSTREAM_HF: Dbprintf(" mode....................HF"); break; + case FPGA_BITSTREAM_LF: Dbprintf(" mode....................LF"); break; + default: Dbprintf(" mode....................%d", downloaded_bitstream); break; + } +} + +int FpgaGetCurrent() { + return downloaded_bitstream; } diff --git a/armsrc/fpgaloader.h b/armsrc/fpgaloader.h index f9fddb11a..1f9b3ac8d 100644 --- a/armsrc/fpgaloader.h +++ b/armsrc/fpgaloader.h @@ -28,6 +28,7 @@ void FpgaSetupSsc(void); void SetupSpi(int mode); bool FpgaSetupSscDma(uint8_t *buf, int len); void Fpga_print_status(); +int FpgaGetCurrent(); #define FpgaDisableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; #define FpgaEnableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; void SetAdcMuxFor(uint32_t whichGpio); @@ -66,7 +67,6 @@ void SetAdcMuxFor(uint32_t whichGpio); // Options for the HF reader, correlating against rx from tag #define FPGA_HF_READER_RX_XCORR_848_KHZ (1<<0) #define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1) -#define FPGA_HF_READER_RX_XCORR_QUARTER_FREQ (1<<2) // Options for the HF simulated tag, how to modulate #define FPGA_HF_SIMULATOR_NO_MODULATION (0<<0) // 0000 #define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0) // 0001 diff --git a/armsrc/iclass.c b/armsrc/iclass.c index f5e821cb3..43fa98583 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -45,6 +45,7 @@ #include "iso15693tools.h" #include "protocols.h" #include "optimized_cipher.h" +#include "usb_cdc.h" // for usb_poll_validate_length static int timeout = 4096; @@ -95,7 +96,7 @@ static RAMFUNC int OutOfNDecoding(int bit) Uart.output[Uart.byteCnt] = Uart.bitBuffer & 0xFF; Uart.byteCnt++; Uart.swapper = 0; - if(Uart.byteCnt > 15) { return TRUE; } + if(Uart.byteCnt > 15) { return true; } } else { Uart.swapper = 1; @@ -137,7 +138,7 @@ static RAMFUNC int OutOfNDecoding(int bit) Uart.byteCnt++; } else { - return TRUE; + return true; } } else if(Uart.state != STATE_START_OF_COMMUNICATION) { @@ -256,7 +257,7 @@ static RAMFUNC int OutOfNDecoding(int bit) Uart.byteCnt++; Uart.output[Uart.byteCnt] = 0xAA; Uart.byteCnt++; - return TRUE; + return true; }*/ } @@ -468,7 +469,7 @@ static RAMFUNC int ManchesterDecoding(int v) Demod.len++; Demod.state = DEMOD_UNSYNCD; // error = 0x0f; - return TRUE; + return true; } else { Demod.state = DEMOD_ERROR_WAIT; @@ -552,7 +553,7 @@ static RAMFUNC int ManchesterDecoding(int v) } Demod.state = DEMOD_UNSYNCD; - return TRUE; + return true; } else { Demod.output[Demod.len] = 0xad; @@ -607,7 +608,7 @@ static RAMFUNC int ManchesterDecoding(int v) Demod.len++; Demod.output[Demod.len] = 0xBB; Demod.len++; - return TRUE; + return true; } } @@ -650,7 +651,7 @@ void RAMFUNC SnoopIClass(void) uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE); clear_trace(); - set_tracing(TRUE); + set_tracing(true); iso14a_set_trigger(FALSE); @@ -747,12 +748,12 @@ void RAMFUNC SnoopIClass(void) time_stop = (GetCountSspClk()-time_0) << 4; LED_C_ON(); - //if(!LogTrace(Uart.output,Uart.byteCnt, rsamples, Uart.parityBits,TRUE)) break; - //if(!LogTrace(NULL, 0, Uart.endTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER, 0, TRUE)) break; + //if(!LogTrace(Uart.output,Uart.byteCnt, rsamples, Uart.parityBits,true)) break; + //if(!LogTrace(NULL, 0, Uart.endTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER, 0, true)) break; if(tracing) { uint8_t parity[MAX_PARITY_SIZE]; GetParity(Uart.output, Uart.byteCnt, parity); - LogTrace(Uart.output,Uart.byteCnt, time_start, time_stop, parity, TRUE); + LogTrace(Uart.output,Uart.byteCnt, time_start, time_stop, parity, true); } /* And ready to receive another command. */ @@ -851,7 +852,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen) if(OutOfNDecoding(b & 0x0f)) { *len = Uart.byteCnt; - return TRUE; + return true; } } } @@ -987,7 +988,7 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain // Enable and clear the trace clear_trace(); - set_tracing(TRUE); + set_tracing(true); //Use the emulator memory for SIM uint8_t *emulator = BigBuf_get_EM_addr(); @@ -1320,7 +1321,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf) if (tracing) { uint8_t parity[MAX_PARITY_SIZE]; GetParity(receivedCmd, len, parity); - LogTrace(receivedCmd,len, (r2t_time-time_0)<< 4, (r2t_time-time_0) << 4, parity, TRUE); + LogTrace(receivedCmd,len, (r2t_time-time_0)<< 4, (r2t_time-time_0) << 4, parity, true); if (trace_data != NULL) { GetParity(trace_data, trace_data_size, parity); @@ -1408,7 +1409,7 @@ static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int uint8_t sendbyte; - bool firstpart = TRUE; + bool firstpart = true; c = 0; for(;;) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { @@ -1500,7 +1501,7 @@ void ReaderTransmitIClass(uint8_t* frame, int len) if (tracing) { uint8_t par[MAX_PARITY_SIZE]; GetParity(frame, len, par); - LogTrace(frame, len, rsamples, rsamples, par, TRUE); + LogTrace(frame, len, rsamples, rsamples, par, true); } } @@ -1552,7 +1553,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples, if(ManchesterDecoding(b & 0x0f)) { *samples = c << 3; - return TRUE; + return true; } } } @@ -1577,7 +1578,7 @@ void setupIclassReader() FpgaDownloadAndGo(FPGA_BITSTREAM_HF); // Reset trace buffer clear_trace(); - set_tracing(TRUE); + set_tracing(true); // Setup SSC FpgaSetupSsc(); @@ -1675,34 +1676,37 @@ uint8_t handshakeIclassTag(uint8_t *card_data){ // Reader iClass Anticollission void ReaderIClass(uint8_t arg0) { - uint8_t card_data[6 * 8]={0}; + uint8_t card_data[6 * 8] = {0}; memset(card_data, 0xFF, sizeof(card_data)); - uint8_t last_csn[8]={0}; + uint8_t last_csn[8] = {0}; //Read conf block CRC(0x01) => 0xfa 0x22 - uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22}; + uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY, 0x01, 0xfa, 0x22}; //Read conf block CRC(0x05) => 0xde 0x64 - uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64}; - + uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY, 0x05, 0xde, 0x64}; int read_status= 0; uint8_t result_status = 0; bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE; bool try_once = arg0 & FLAG_ICLASS_READER_ONE_TRY; bool use_credit_key = false; - if (arg0 & FLAG_ICLASS_READER_CEDITKEY) + uint16_t tryCnt = 0; + + if ((arg0 & FLAG_ICLASS_READER_CEDITKEY) == FLAG_ICLASS_READER_CEDITKEY) use_credit_key = true; - set_tracing(TRUE); + + set_tracing(true); + setupIclassReader(); - uint16_t tryCnt=0; - while(!BUTTON_PRESS()) - { - if (try_once && tryCnt > 5) break; + bool userCancelled = BUTTON_PRESS() || usb_poll_validate_length(); + while (!userCancelled) { + // if only looking for one card try 2 times if we missed it the first time + if (try_once && tryCnt > 2) break; tryCnt++; - if(!tracing) { + if (!tracing) { DbpString("Trace full"); break; } @@ -1710,19 +1714,17 @@ void ReaderIClass(uint8_t arg0) { read_status = handshakeIclassTag_ext(card_data, use_credit_key); - if(read_status == 0) continue; - if(read_status == 1) result_status = FLAG_ICLASS_READER_CSN; - if(read_status == 2) result_status = FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CC; + if (read_status == 0) continue; + if (read_status == 1) result_status = FLAG_ICLASS_READER_CSN; + if (read_status == 2) result_status = FLAG_ICLASS_READER_CSN | FLAG_ICLASS_READER_CC; // handshakeIclass returns CSN|CC, but the actual block // layout is CSN|CONFIG|CC, so here we reorder the data, // moving CC forward 8 bytes - memcpy(card_data+16,card_data+8, 8); + memcpy(card_data+16, card_data+8, 8); //Read block 1, config - if(arg0 & FLAG_ICLASS_READER_CONF) - { - if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10)) - { + if ( (arg0 & FLAG_ICLASS_READER_CONF) == FLAG_ICLASS_READER_CONF ) { + if (sendCmdGetResponseWithRetries(readConf, sizeof(readConf), card_data+8, 10, 10)) { result_status |= FLAG_ICLASS_READER_CONF; } else { Dbprintf("Failed to dump config block"); @@ -1730,9 +1732,8 @@ void ReaderIClass(uint8_t arg0) { } //Read block 5, AA - if(arg0 & FLAG_ICLASS_READER_AA){ - if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10)) - { + if ( (arg0 & FLAG_ICLASS_READER_AA) == FLAG_ICLASS_READER_AA ) { + if (sendCmdGetResponseWithRetries(readAA, sizeof(readAA), card_data+(8*5), 10, 10)) { result_status |= FLAG_ICLASS_READER_AA; } else { //Dbprintf("Failed to dump AA block"); @@ -1748,16 +1749,16 @@ void ReaderIClass(uint8_t arg0) { //Then we can 'ship' back the 8 * 5 bytes of data, // with 0xFF:s in block 3 and 4. - LED_B_ON(); - //Send back to client, but don't bother if we already sent this - if(memcmp(last_csn, card_data, 8) != 0) - { + LED_B_ON(); + //Send back to client, but don't bother if we already sent this + if(memcmp(last_csn, card_data, 8) != 0) { // If caller requires that we get CC, continue until we got it + // only useful if looping in arm (not try_once && not abort_after_read) if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC)) { - cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data)); - if(abort_after_read) { - LED_A_OFF(); + cmd_send(CMD_ACK, result_status, 0, 0, card_data, sizeof(card_data) ); + if (abort_after_read) { + LEDsoff(); set_tracing(FALSE); return; } @@ -1766,9 +1767,15 @@ void ReaderIClass(uint8_t arg0) { } } LED_B_OFF(); - } - cmd_send(CMD_ACK,0,0,0,card_data, 0); - LED_A_OFF(); + userCancelled = BUTTON_PRESS() || usb_poll_validate_length(); + } + + if (userCancelled) + cmd_send(CMD_ACK, 0xFF, 0, 0, card_data, 0); + else + cmd_send(CMD_ACK, 0, 0, 0, card_data, 0); + + LEDsoff(); set_tracing(FALSE); } @@ -1803,7 +1810,7 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { uint8_t resp[ICLASS_BUFFER_SIZE]; setupIclassReader(); - set_tracing(TRUE); + set_tracing(true); while(!BUTTON_PRESS()) { diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index a4ef60f1a..5437a615a 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1,4 +1,4 @@ - //----------------------------------------------------------------------------- +//----------------------------------------------------------------------------- // Merlok - June 2011, 2012 // Gerhard de Koning Gans - May 2008 // Hagen Fritsch - June 2010 @@ -242,10 +242,8 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) { // Sequence X followed by Sequence Y followed by Sequence Z (111100x1 11111111 00x11111) // we therefore look for a ...xx1111 11111111 00x11111xxxxxx... pattern // (12 '1's followed by 2 '0's, eventually followed by another '0', followed by 5 '1's) - // -#define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00001111 11111111 1110 1111 10000000 -#define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00001111 11111111 1000 1111 10000000 - + #define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00000111 11111111 11101111 10000000 + #define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00000111 11111111 10001111 10000000 if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 0)) == ISO14443A_STARTBIT_PATTERN >> 0) Uart.syncBit = 7; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 1)) == ISO14443A_STARTBIT_PATTERN >> 1) Uart.syncBit = 6; else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 2)) == ISO14443A_STARTBIT_PATTERN >> 2) Uart.syncBit = 5; @@ -714,7 +712,7 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par ToSend[++ToSendMax] = SEC_F; // Convert from last byte pos to length - ++ToSendMax; + ToSendMax++; } static void CodeIso14443aAsTag(const uint8_t *cmd, uint16_t len) { @@ -1409,12 +1407,12 @@ void PrepareDelayedTransfer(uint16_t delay) { uint8_t bits_shifted = 0; uint16_t i = 0; - for (i = 0; i < delay; ++i) + for (i = 0; i < delay; i++) bitmask |= (0x01 << i); ToSend[ToSendMax++] = 0x00; - for (i = 0; i < ToSendMax; ++i) { + for (i = 0; i < ToSendMax; i++) { bits_to_shift = ToSend[i] & bitmask; ToSend[i] = ToSend[i] >> delay; ToSend[i] = ToSend[i] | (bits_shifted << (8 - delay)); @@ -1432,6 +1430,7 @@ void PrepareDelayedTransfer(uint16_t delay) { // if != 0: delay transfer until time specified //------------------------------------------------------------------------------------- static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); uint32_t ThisTransferTime = 0; @@ -1460,7 +1459,7 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing for(;;) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { AT91C_BASE_SSC->SSC_THR = cmd[c]; - ++c; + c++; if(c >= len) break; } @@ -1770,9 +1769,9 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive for(;;) { WDT_HIT(); - if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - if(ManchesterDecoding(b, offset, 0)) { + if (ManchesterDecoding(b, offset, 0)) { NextTransferTime = MAX(NextTransferTime, Demod.endTime - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/16 + FRAME_DELAY_TIME_PICC_TO_PCD); return true; } else if (c++ > iso14a_timeout && Demod.state == DEMOD_UNSYNCD) { @@ -1829,14 +1828,14 @@ int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) { // fills the card info record unless NULL // if anticollision is false, then the UID must be provided in uid_ptr[] // and num_cascades must be set (1: 4 Byte UID, 2: 7 Byte UID, 3: 10 Byte UID) -int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades) { +int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades) { uint8_t wupa[] = { ISO14443A_CMD_WUPA }; // 0x26 - ISO14443A_CMD_REQA 0x52 - ISO14443A_CMD_WUPA uint8_t sel_all[] = { ISO14443A_CMD_ANTICOLL_OR_SELECT,0x20 }; uint8_t sel_uid[] = { ISO14443A_CMD_ANTICOLL_OR_SELECT,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t rats[] = { ISO14443A_CMD_RATS,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0 uint8_t resp[MAX_FRAME_SIZE] = {0}; // theoretically. A usual RATS will be much smaller uint8_t resp_par[MAX_PARITY_SIZE] = {0}; - byte_t uid_resp[4] = {0}; + uint8_t uid_resp[4] = {0}; size_t uid_resp_len = 0; uint8_t sak = 0x04; // cascade uid @@ -1849,10 +1848,10 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u // Receive the ATQA if(!ReaderReceive(resp, resp_par)) return 0; - if(p_hi14a_card) { - memcpy(p_hi14a_card->atqa, resp, 2); - p_hi14a_card->uidlen = 0; - memset(p_hi14a_card->uid,0,10); + if(p_card) { + memcpy(p_card->atqa, resp, 2); + p_card->uidlen = 0; + memset(p_card->uid,0,10); } if (anticollision) { @@ -1950,15 +1949,15 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u if(uid_ptr && anticollision) memcpy(uid_ptr + (cascade_level*3), uid_resp, uid_resp_len); - if(p_hi14a_card) { - memcpy(p_hi14a_card->uid + (cascade_level*3), uid_resp, uid_resp_len); - p_hi14a_card->uidlen += uid_resp_len; + if(p_card) { + memcpy(p_card->uid + (cascade_level*3), uid_resp, uid_resp_len); + p_card->uidlen += uid_resp_len; } } - if(p_hi14a_card) { - p_hi14a_card->sak = sak; - p_hi14a_card->ats_len = 0; + if(p_card) { + p_card->sak = sak; + p_card->ats_len = 0; } // non iso14443a compliant tag @@ -1970,9 +1969,9 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u if (!(len = ReaderReceive(resp, resp_par))) return 0; - if(p_hi14a_card) { - memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats)); - p_hi14a_card->ats_len = len; + if(p_card) { + memcpy(p_card->ats, resp, sizeof(p_card->ats)); + p_card->ats_len = len; } // set default timeout based on ATS @@ -2035,7 +2034,6 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) { return len; } - //----------------------------------------------------------------------------- // Read an ISO 14443a tag. Send out commands and store answers. //----------------------------------------------------------------------------- @@ -2051,46 +2049,45 @@ void ReaderIso14443a(UsbCommand *c) { uint32_t timeout = c->arg[2]; uint8_t *cmd = c->d.asBytes; uint32_t arg0 = 0; - byte_t buf[USB_CMD_DATA_SIZE] = {0x00}; + uint8_t buf[USB_CMD_DATA_SIZE] = {0x00}; uint8_t par[MAX_PARITY_SIZE] = {0x00}; - if ((param & ISO14A_CONNECT) == ISO14A_CONNECT) + if ((param & ISO14A_CONNECT)) clear_trace(); set_tracing(true); - if ((param & ISO14A_REQUEST_TRIGGER) == ISO14A_REQUEST_TRIGGER) - iso14a_set_trigger(TRUE); + if ((param & ISO14A_REQUEST_TRIGGER)) + iso14a_set_trigger(true); - if ((param & ISO14A_CONNECT) == ISO14A_CONNECT) { - + if ((param & ISO14A_CONNECT)) { iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); // notify client selecting status. // if failed selecting, turn off antenna and quite. - if((param & ISO14A_NO_SELECT) != ISO14A_NO_SELECT) { + if( !(param & ISO14A_NO_SELECT) ) { iso14a_card_select_t *card = (iso14a_card_select_t*)buf; arg0 = iso14443a_select_card(NULL, card, NULL, true, 0); cmd_send(CMD_ACK, arg0, card->uidlen, 0, buf, sizeof(iso14a_card_select_t)); - if ( arg0 == 0 ) + if ( arg0 == 0 ) goto OUT; } } - if ((param & ISO14A_SET_TIMEOUT) == ISO14A_SET_TIMEOUT) + if ((param & ISO14A_SET_TIMEOUT)) iso14a_set_timeout(timeout); - if ((param & ISO14A_APDU) == ISO14A_APDU) { + if ((param & ISO14A_APDU)) { arg0 = iso14_apdu(cmd, len, buf); cmd_send(CMD_ACK, arg0, 0, 0, buf, sizeof(buf)); } - if ((param & ISO14A_RAW) == ISO14A_RAW) { - - if ((param & ISO14A_APPEND_CRC) == ISO14A_APPEND_CRC) { + if ((param & ISO14A_RAW)) { + + if ((param & ISO14A_APPEND_CRC)) { // Don't append crc on empty bytearray... if ( len > 0 ) { - if ((param & ISO14A_TOPAZMODE) == ISO14A_TOPAZMODE) + if ((param & ISO14A_TOPAZMODE)) AppendCrc14443b(cmd, len); else AppendCrc14443a(cmd, len); @@ -2101,7 +2098,7 @@ void ReaderIso14443a(UsbCommand *c) { } if (lenbits > 0) { // want to send a specific number of bits (e.g. short commands) - if ((param & ISO14A_TOPAZMODE) == ISO14A_TOPAZMODE) { + if ((param & ISO14A_TOPAZMODE)) { int bits_to_send = lenbits; uint16_t i = 0; ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity @@ -2115,7 +2112,7 @@ void ReaderIso14443a(UsbCommand *c) { ReaderTransmitBitsPar(cmd, lenbits, par, NULL); // bytes are 8 bit with odd parity } } else { // want to send complete bytes only - if ((param & ISO14A_TOPAZMODE) == ISO14A_TOPAZMODE) { + if ((param & ISO14A_TOPAZMODE)) { uint16_t i = 0; ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy while (i < len) { @@ -2129,14 +2126,15 @@ void ReaderIso14443a(UsbCommand *c) { cmd_send(CMD_ACK, arg0, 0, 0, buf, sizeof(buf)); } - if ((param & ISO14A_REQUEST_TRIGGER) == ISO14A_REQUEST_TRIGGER) + if ((param & ISO14A_REQUEST_TRIGGER)) iso14a_set_trigger(false); - if ((param & ISO14A_NO_DISCONNECT) == ISO14A_NO_DISCONNECT) + if ((param & ISO14A_NO_DISCONNECT)) return; OUT: FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(200); set_tracing(false); LEDsoff(); } @@ -2192,7 +2190,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype ) { uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00}; uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00}; uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough - byte_t nt_diff = 0; + uint8_t nt_diff = 0; uint32_t nt = 0; uint32_t previous_nt = 0; uint32_t cuid = 0; diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index 8802623d2..2746d8123 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -420,7 +420,7 @@ static RAMFUNC int Handle14443bReaderUartBit(uint8_t bit) { LED_A_OFF(); // Finished receiving Uart.state = STATE_UNSYNCD; if (Uart.byteCnt != 0) - return TRUE; + return true; } else { // this is an error @@ -479,7 +479,7 @@ static int GetIso14443bCommandFromReader(uint8_t *received, uint16_t *len) { for ( mask = 0x80; mask != 0; mask >>= 1) { if ( Handle14443bReaderUartBit(b & mask)) { *len = Uart.byteCnt; - return TRUE; + return true; } } } @@ -564,7 +564,7 @@ void SimulateIso14443bTag(uint32_t pupi) { BigBuf_free(); BigBuf_Clear_ext(false); clear_trace(); //sim - set_tracing(TRUE); + set_tracing(true); // connect Demodulated Signal to ADC: SetAdcMuxFor(GPIO_MUXSEL_HIPKD); @@ -643,7 +643,7 @@ void SimulateIso14443bTag(uint32_t pupi) { if (len == 5 ) { if ( (receivedCmd[0] == ISO14443B_REQB && (receivedCmd[2] & 0x8)== 0x8 && cardSTATE == SIM_HALTED) || receivedCmd[0] == ISO14443B_REQB ){ - LogTrace(receivedCmd, len, 0, 0, NULL, TRUE); + LogTrace(receivedCmd, len, 0, 0, NULL, true); cardSTATE = SIM_SELECTING; } } @@ -662,7 +662,7 @@ void SimulateIso14443bTag(uint32_t pupi) { //case SIM_NOFIELD: case SIM_HALTED: case SIM_IDLE: { - LogTrace(receivedCmd, len, 0, 0, NULL, TRUE); + LogTrace(receivedCmd, len, 0, 0, NULL, true); break; } case SIM_SELECTING: { @@ -928,7 +928,7 @@ static RAMFUNC int Handle14443bTagSamplesDemod(int ci, int cq) { LED_C_OFF(); // This is EOF (start, stop and all data bits == '0' - if (s == 0) return TRUE; + if (s == 0) return true; } } Demod.posCount = 0; @@ -1168,7 +1168,7 @@ static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len) { if(trigger) LED_A_ON(); - LogTrace(cmd, len, time_start, GetCountSspClk()-time_start, NULL, TRUE); + LogTrace(cmd, len, time_start, GetCountSspClk()-time_start, NULL, true); } /* Sends an APDU to the tag @@ -1388,7 +1388,7 @@ void ReadSTMemoryIso14443b(uint8_t numofblocks) // confusing things will happen if we don't reset them between reads. switch_off(); // before ReadStMemory - set_tracing(TRUE); + set_tracing(true); uint8_t i = 0x00; @@ -1510,7 +1510,7 @@ static void iso1444b_setup_snoop(void){ BigBuf_free(); BigBuf_Clear_ext(false); clear_trace();//setup snoop - set_tracing(TRUE); + set_tracing(true); // Initialize Demod and Uart structs DemodInit(BigBuf_malloc(MAX_FRAME_SIZE)); @@ -1566,7 +1566,7 @@ void RAMFUNC SnoopIso14443b(void) { // We won't start recording the frames that we acquire until we trigger; // a good trigger condition to get started is probably when we see a // response from the tag. - bool triggered = TRUE; // TODO: set and evaluate trigger condition + bool triggered = true; // TODO: set and evaluate trigger condition bool TagIsActive = FALSE; bool ReaderIsActive = FALSE; @@ -1622,7 +1622,7 @@ void RAMFUNC SnoopIso14443b(void) { time_stop = GetCountSspClk() - time_0; if (triggered) - LogTrace(Uart.output, Uart.byteCnt, time_start, time_stop, NULL, TRUE); + LogTrace(Uart.output, Uart.byteCnt, time_start, time_stop, NULL, true); /* And ready to receive another command. */ UartReset(); @@ -1638,7 +1638,7 @@ void RAMFUNC SnoopIso14443b(void) { time_stop = GetCountSspClk() - time_0; if (triggered) - LogTrace(Uart.output, Uart.byteCnt, time_start, time_stop, NULL, TRUE); + LogTrace(Uart.output, Uart.byteCnt, time_start, time_stop, NULL, true); /* And ready to receive another command. */ UartReset(); @@ -1662,7 +1662,7 @@ void RAMFUNC SnoopIso14443b(void) { LogTrace(Demod.output, Demod.len, time_start, time_stop, NULL, FALSE); - triggered = TRUE; + triggered = true; // And ready to receive another response. DemodReset(); @@ -1713,7 +1713,7 @@ void SendRawCommand14443B_Ex(UsbCommand *c) // turn on trigger (LED_A) if ((param & ISO14B_REQUEST_TRIGGER) == ISO14B_REQUEST_TRIGGER) - iso14b_set_trigger(TRUE); + iso14b_set_trigger(true); if ((param & ISO14B_CONNECT) == ISO14B_CONNECT) { // Make sure that we start from off, since the tags are stateful; @@ -1722,7 +1722,7 @@ void SendRawCommand14443B_Ex(UsbCommand *c) iso14443b_setup(); } - set_tracing(TRUE); + set_tracing(true); if ((param & ISO14B_SELECT_STD) == ISO14B_SELECT_STD) { iso14b_card_select_t *card = (iso14b_card_select_t*)buf; diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 0fec030a5..f340530b3 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -173,7 +173,7 @@ int usage_hf_iclass_managekeys(void) { return 0; } int usage_hf_iclass_reader(void) { - PrintAndLog("HELP : Act as a Iclass reader:\n"); + PrintAndLog("HELP : Act as a Iclass reader. Look for iClass tags until a key or the pm3 button is pressed\n"); PrintAndLog("Usage: hf iclass reader [h] [1]\n"); PrintAndLog("Options:"); PrintAndLog(" h This help text"); @@ -314,12 +314,11 @@ int CmdHFiClassSim(const char *Cmd) { int HFiClassReader(const char *Cmd, bool loop, bool verbose) { bool tagFound = false; - UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN | - FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_AA}}; + UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN | FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_AA}}; // loop in client not device - else on windows have a communication error c.arg[0] |= FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY; UsbCommand resp; - while(!ukbhit()){ + while (!ukbhit()){ clearCommandBuffer(); SendCommand(&c); if (WaitForResponseTimeout(CMD_ACK,&resp, 4500)) { @@ -327,8 +326,9 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose) { uint8_t *data = resp.d.asBytes; if (verbose) PrintAndLog("Readstatus:%02x", readStatus); - if( readStatus == 0){ - //Aborted + // no tag found or button pressed + if( (readStatus == 0 && !loop) || readStatus == 0xFF) { + // abort if (verbose) PrintAndLog("Quitting..."); return 0; } @@ -1692,7 +1692,7 @@ static command_t CommandTable[] = { {"loclass", CmdHFiClass_loclass, 1, "[options..] Use loclass to perform bruteforce of reader attack dump"}, {"managekeys", CmdHFiClassManageKeys, 1, "[options..] Manage the keys to use with iClass"}, {"readblk", CmdHFiClass_ReadBlock, 0, "[options..] Authenticate and Read iClass block"}, - {"reader", CmdHFiClassReader, 0, "Read an iClass tag"}, + {"reader", CmdHFiClassReader, 0, "Act like an iClass reader"}, {"readtagfile", CmdHFiClassReadTagFile, 1, "[options..] Display Content from tagfile"}, {"replay", CmdHFiClassReader_Replay, 0, " Read an iClass tag via Reply Attack"}, {"sim", CmdHFiClassSim, 0, "[options..] Simulate iClass tag"}, diff --git a/client/cmdhficlass.h b/client/cmdhficlass.h index d8869504f..39aad69e6 100644 --- a/client/cmdhficlass.h +++ b/client/cmdhficlass.h @@ -35,6 +35,7 @@ #include "cmdhfmfu.h" #include "cmdhf.h" #include "protocols.h" // picopass structs, +#include "usb_cdc.h" // for usb_poll_validate_length int CmdHFiClass(const char *Cmd); diff --git a/client/flasher.c b/client/flasher.c index fe3de3fe5..95c7d0388 100644 --- a/client/flasher.c +++ b/client/flasher.c @@ -17,6 +17,8 @@ #ifdef _WIN32 # define unlink(x) +#else +# include #endif static serial_port sp; diff --git a/client/graph.c b/client/graph.c index 762105620..b872f26a3 100644 --- a/client/graph.c +++ b/client/graph.c @@ -274,7 +274,7 @@ bool graphJustNoise(int *BitStream, int size) { //might not be high enough for noisy environments #define THRESHOLD 15; - bool isNoise = TRUE; + bool isNoise = true; for(int i=0; i < size && isNoise; i++){ isNoise = BitStream[i] < THRESHOLD; } diff --git a/client/mifarehost.c b/client/mifarehost.c index bfc86604c..f0537a442 100644 --- a/client/mifarehost.c +++ b/client/mifarehost.c @@ -701,4 +701,16 @@ bool detect_classic_prng(){ uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]); return validate_prng_nonce(nonce); +} +/* Detect Mifare Classic NACK bug +* +*/ +bool detect_classic_nackbug(){ + + // get nonce? + + // loop max 256 times, + // fixed nonce, different parity every call + + return false; } \ No newline at end of file diff --git a/common/crc.c b/common/crc.c index f9a15234e..8fe75cbf3 100644 --- a/common/crc.c +++ b/common/crc.c @@ -93,7 +93,7 @@ static void print_crc(crc_t *crc) { // width=8 poly=0x31 init=0x00 refin=true refout=true xorout=0x00 check=0xA1 name="CRC-8/MAXIM" uint32_t CRC8Maxim(uint8_t *buff, size_t size) { crc_t crc; - crc_init_ref(&crc, 8, 0x31, 0, 0, TRUE, TRUE); + crc_init_ref(&crc, 8, 0x31, 0, 0, true, true); for ( int i=0; i < size; ++i) crc_update2(&crc, buff[i], 8); return crc_finish(&crc); @@ -102,7 +102,7 @@ uint32_t CRC8Maxim(uint8_t *buff, size_t size) { // width=4 poly=0xC, reversed poly=0x7 init=0x5 refin=true refout=true xorout=0x0000 check= name="CRC-4/LEGIC" uint32_t CRC4Legic(uint8_t *cmd, size_t size) { crc_t crc; - crc_init_ref(&crc, 4, 0x19 >> 1, 0x5, 0, TRUE, TRUE); + crc_init_ref(&crc, 4, 0x19 >> 1, 0x5, 0, true, true); crc_update2(&crc, 1, 1); /* CMD_READ */ crc_update2(&crc, cmd[0], 8); crc_update2(&crc, cmd[1], 8); @@ -112,7 +112,7 @@ uint32_t CRC4Legic(uint8_t *cmd, size_t size) { // the CRC needs to be reversed before returned. uint32_t CRC8Legic(uint8_t *buff, size_t size) { crc_t crc; - crc_init_ref(&crc, 8, 0x63, 0x55, 0, TRUE, TRUE); + crc_init_ref(&crc, 8, 0x63, 0x55, 0, true, true); for ( int i = 0; i < size; ++i) crc_update2(&crc, buff[i], 8); return reflect(crc_finish(&crc), 8); @@ -127,7 +127,7 @@ uint32_t CRC16Legic(uint8_t *buff, size_t size, uint8_t uidcrc) { //uint16_t initial = uidcrc; initial |= initial << 8; crc_t crc; - crc_init_ref(&crc, 16, CRC16_POLY_LEGIC, initial, 0, TRUE, TRUE); + crc_init_ref(&crc, 16, CRC16_POLY_LEGIC, initial, 0, true, true); for ( int i=0; i < size; ++i) crc_update(&crc, buff[i], 8); return reflect(crc_finish(&crc), 16); @@ -136,7 +136,7 @@ uint32_t CRC16Legic(uint8_t *buff, size_t size, uint8_t uidcrc) { //w=16 poly=0x3d65 init=0x0000 refin=true refout=true xorout=0xffff check=0xea82 name="CRC-16/DNP" uint32_t CRC16_DNP(uint8_t *buff, size_t size) { crc_t crc; - crc_init_ref(&crc, 16, 0x3d65, 0, 0xffff, TRUE, TRUE); + crc_init_ref(&crc, 16, 0x3d65, 0, 0xffff, true, true); for ( int i=0; i < size; ++i) crc_update2(&crc, buff[i], 8);