github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 13:00:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

cleaning up redundant functions. the extra checks in bigbuff might affect simulation

Browse source
This commit is contained in:
iceman1001 2024-01-24 23:41:48 +01:00
commit 6c1ebc3398
6 changed files with 59 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

14
armsrc/BigBuf.c
View file

@ -315,27 +315,29 @@ bool RAMFUNC LogTraceBits(const uint8_t *btBytes, uint16_t bitLen, uint32_t time
} }
// Emulator memory // Emulator memory
uint8_t emlSet(const uint8_t *data, uint32_t offset, uint32_t length) { int emlSet(const uint8_t *data, uint32_t offset, uint32_t length) {
uint8_t *mem = BigBuf_get_EM_addr(); uint8_t *mem = BigBuf_get_EM_addr();
if (offset + length <= CARD_MEMORY_SIZE) { if (offset + length <= CARD_MEMORY_SIZE) {
memcpy(mem + offset, data, length); memcpy(mem + offset, data, length);
return 0; return PM3_SUCCESS;
} }
Dbprintf("Error, trying to set memory outside of bounds! " _RED_("%d") " > %d", (offset + length), CARD_MEMORY_SIZE); Dbprintf("Error, trying to set memory outside of bounds! " _RED_("%d") " > %d", (offset + length), CARD_MEMORY_SIZE);
return 1; return PM3_EOUTOFBOUND;
} }
uint8_t emlGet(uint8_t *out, uint32_t offset, uint32_t length) {
int emlGet(uint8_t *out, uint32_t offset, uint32_t length) {
uint8_t *mem = BigBuf_get_EM_addr(); uint8_t *mem = BigBuf_get_EM_addr();
if (offset + length <= CARD_MEMORY_SIZE) { if (offset + length <= CARD_MEMORY_SIZE) {
memcpy(out, mem + offset, length); memcpy(out, mem + offset, length);
return 0; return PM3_SUCCESS;
} }
Dbprintf("Error, trying to read memory outside of bounds! " _RED_("%d") " > %d", (offset + length), CARD_MEMORY_SIZE); Dbprintf("Error, trying to read memory outside of bounds! " _RED_("%d") " > %d", (offset + length), CARD_MEMORY_SIZE);
return 1; return PM3_EOUTOFBOUND;
} }
// get the address of the ToSend buffer. Allocate part of Bigbuf for it, if not yet done // get the address of the ToSend buffer. Allocate part of Bigbuf for it, if not yet done
tosend_t *get_tosend(void) { tosend_t *get_tosend(void) {

4
armsrc/BigBuf.h
View file

@ -58,8 +58,8 @@ bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_
bool RAMFUNC LogTraceBits(const uint8_t *btBytes, uint16_t bitLen, uint32_t timestamp_start, uint32_t timestamp_end, bool reader2tag); bool RAMFUNC LogTraceBits(const uint8_t *btBytes, uint16_t bitLen, uint32_t timestamp_start, uint32_t timestamp_end, bool reader2tag);
bool LogTrace_ISO15693(const uint8_t *bytes, uint16_t len, uint32_t ts_start, uint32_t ts_end, const uint8_t *parity, bool reader2tag); bool LogTrace_ISO15693(const uint8_t *bytes, uint16_t len, uint32_t ts_start, uint32_t ts_end, const uint8_t *parity, bool reader2tag);
uint8_t emlSet(const uint8_t *data, uint32_t offset, uint32_t length); int emlSet(const uint8_t *data, uint32_t offset, uint32_t length);
uint8_t emlGet(uint8_t *out, uint32_t offset, uint32_t length); int emlGet(uint8_t *out, uint32_t offset, uint32_t length);
typedef struct { typedef struct {
int max; int max;

18
armsrc/iso14443a.c
View file

@ -1190,12 +1190,12 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r
if (tagType == 2 || tagType == 7) { if (tagType == 2 || tagType == 7) {
uint16_t start = MFU_DUMP_PREFIX_LENGTH; uint16_t start = MFU_DUMP_PREFIX_LENGTH;
uint8_t emdata[8]; uint8_t emdata[8];
emlGetMemBt(emdata, start, sizeof(emdata)); emlGet(emdata, start, sizeof(emdata));
memcpy(data, emdata, 3); // uid bytes 0-2 memcpy(data, emdata, 3); // uid bytes 0-2
memcpy(data + 3, emdata + 4, 4); // uid bytes 3-7 memcpy(data + 3, emdata + 4, 4); // uid bytes 3-7
flags |= FLAG_7B_UID_IN_DATA; flags |= FLAG_7B_UID_IN_DATA;
} else { } else {
emlGetMemBt(data, 0, 4); emlGet(data, 0, 4);
flags |= FLAG_4B_UID_IN_DATA; flags |= FLAG_4B_UID_IN_DATA;
} }
} }
@ -1285,8 +1285,8 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r
if (tagType == 7) { if (tagType == 7) {
uint8_t pwd[4] = {0, 0, 0, 0}; uint8_t pwd[4] = {0, 0, 0, 0};
uint8_t gen_pwd[4] = {0, 0, 0, 0}; uint8_t gen_pwd[4] = {0, 0, 0, 0};
emlGetMemBt(pwd, (*pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(pwd)); emlGet(pwd, (*pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(pwd));
emlGetMemBt(rPACK, (*pages) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(rPACK)); emlGet(rPACK, (*pages) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(rPACK));
Uint4byteToMemBe(gen_pwd, ul_ev1_pwdgenB(data)); Uint4byteToMemBe(gen_pwd, ul_ev1_pwdgenB(data));
if (memcmp(pwd, gen_pwd, sizeof(pwd)) == 0) { if (memcmp(pwd, gen_pwd, sizeof(pwd)) == 0) {
@ -1569,7 +1569,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *data, uint8_
// first blocks of emu are header // first blocks of emu are header
uint16_t start = block * 4 + MFU_DUMP_PREFIX_LENGTH; uint16_t start = block * 4 + MFU_DUMP_PREFIX_LENGTH;
uint8_t emdata[MAX_MIFARE_FRAME_SIZE]; uint8_t emdata[MAX_MIFARE_FRAME_SIZE];
emlGetMemBt(emdata, start, 16); emlGet(emdata, start, 16);
AddCrc14A(emdata, 16); AddCrc14A(emdata, 16);
EmSendCmd(emdata, sizeof(emdata)); EmSendCmd(emdata, sizeof(emdata));
numReads++; // Increment number of times reader requested a block numReads++; // Increment number of times reader requested a block
@ -1588,7 +1588,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *data, uint8_
p_response = &responses[RESP_INDEX_UIDC1]; p_response = &responses[RESP_INDEX_UIDC1];
} else { // all other tags (16 byte block tags) } else { // all other tags (16 byte block tags)
uint8_t emdata[MAX_MIFARE_FRAME_SIZE] = {0}; uint8_t emdata[MAX_MIFARE_FRAME_SIZE] = {0};
emlGetMemBt(emdata, block, 16); emlGet(emdata, block, 16);
AddCrc14A(emdata, 16); AddCrc14A(emdata, 16);
EmSendCmd(emdata, sizeof(emdata)); EmSendCmd(emdata, sizeof(emdata));
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
@ -1605,7 +1605,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *data, uint8_
// first blocks of emu are header // first blocks of emu are header
int start = block1 * 4 + MFU_DUMP_PREFIX_LENGTH; int start = block1 * 4 + MFU_DUMP_PREFIX_LENGTH;
len = (block2 - block1 + 1) * 4; len = (block2 - block1 + 1) * 4;
emlGetMemBt(emdata, start, len); emlGet(emdata, start, len);
AddCrc14A(emdata, len); AddCrc14A(emdata, len);
EmSendCmd(emdata, len + 2); EmSendCmd(emdata, len + 2);
} }
@ -1723,7 +1723,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *data, uint8_
p_response = NULL; p_response = NULL;
} else if (receivedCmd[0] == MIFARE_ULEV1_AUTH && len == 7 && tagType == 7) { // NTAG / EV-1 } else if (receivedCmd[0] == MIFARE_ULEV1_AUTH && len == 7 && tagType == 7) { // NTAG / EV-1
uint8_t pwd[4] = {0, 0, 0, 0}; uint8_t pwd[4] = {0, 0, 0, 0};
emlGetMemBt(pwd, (pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(pwd)); emlGet(pwd, (pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(pwd));
if (g_dbglevel >= DBG_DEBUG) { if (g_dbglevel >= DBG_DEBUG) {
Dbprintf("Reader sent password: "); Dbprintf("Reader sent password: ");
Dbhexdump(4, receivedCmd + 1, 0); Dbhexdump(4, receivedCmd + 1, 0);
@ -1747,7 +1747,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *data, uint8_
} else if (receivedCmd[0] == MIFARE_ULEV1_VCSL && len == 23 && tagType == 7) { } else if (receivedCmd[0] == MIFARE_ULEV1_VCSL && len == 23 && tagType == 7) {
uint8_t cmd[3] = {0, 0, 0}; uint8_t cmd[3] = {0, 0, 0};
emlGetMemBt(cmd, (pages - 2) * 4 + 1 + MFU_DUMP_PREFIX_LENGTH, 1); emlGet(cmd, (pages - 2) * 4 + 1 + MFU_DUMP_PREFIX_LENGTH, 1);
AddCrc14A(cmd, sizeof(cmd) - 2); AddCrc14A(cmd, sizeof(cmd) - 2);
EmSendCmd(cmd, sizeof(cmd)); EmSendCmd(cmd, sizeof(cmd));
p_response = NULL; p_response = NULL;

20
armsrc/mifaresim.c
View file

@ -238,7 +238,7 @@ static bool MifareSimInit(uint16_t flags, uint8_t *datain, uint16_t atqa, uint8_
// Get UID, SAK, ATQA from EMUL // Get UID, SAK, ATQA from EMUL
if ((flags & FLAG_UID_IN_EMUL) == FLAG_UID_IN_EMUL) { if ((flags & FLAG_UID_IN_EMUL) == FLAG_UID_IN_EMUL) {
uint8_t block0[16]; uint8_t block0[16];
emlGetMemBt(block0, 0, 16); emlGet(block0, 0, 16);
// If uid size defined, copy only uid from EMUL to use, backward compatibility for 'hf_colin.c', 'hf_mattyrun.c' // If uid size defined, copy only uid from EMUL to use, backward compatibility for 'hf_colin.c', 'hf_mattyrun.c'
if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) != 0) { if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) != 0) {
@ -1020,7 +1020,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
if (receivedCmd_len == 4 && (receivedCmd_dec[0] == MIFARE_CMD_INC || receivedCmd_dec[0] == MIFARE_CMD_DEC || receivedCmd_dec[0] == MIFARE_CMD_RESTORE)) { if (receivedCmd_len == 4 && (receivedCmd_dec[0] == MIFARE_CMD_INC || receivedCmd_dec[0] == MIFARE_CMD_DEC || receivedCmd_dec[0] == MIFARE_CMD_RESTORE)) {
blockNo = receivedCmd_dec[1]; blockNo = receivedCmd_dec[1];
if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)", receivedCmd_dec[0], blockNo, blockNo); if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)", receivedCmd_dec[0], blockNo, blockNo);
if (emlCheckValBl(blockNo)) { if (emlCheckValBl(blockNo) == false) {
if (g_dbglevel >= DBG_ERROR) Dbprintf("[MFEMUL_WORK] Reader tried to operate on block, but emlCheckValBl failed, nacking"); if (g_dbglevel >= DBG_ERROR) Dbprintf("[MFEMUL_WORK] Reader tried to operate on block, but emlCheckValBl failed, nacking");
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
FpgaDisableTracing(); FpgaDisableTracing();
@ -1056,11 +1056,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
if (receivedCmd_len == 4 && receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) { if (receivedCmd_len == 4 && receivedCmd_dec[0] == MIFARE_CMD_TRANSFER) {
blockNo = receivedCmd_dec[1]; blockNo = receivedCmd_dec[1];
if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] RECV 0x%02x transfer block %d (%02x)", receivedCmd_dec[0], blockNo, blockNo); if (g_dbglevel >= DBG_EXTENDED) Dbprintf("[MFEMUL_WORK] RECV 0x%02x transfer block %d (%02x)", receivedCmd_dec[0], blockNo, blockNo);
if (emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd_dec[1])) emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd_dec[1]);
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
else
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
FpgaDisableTracing(); FpgaDisableTracing();
break; break;
} }
@ -1072,8 +1069,9 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
LED_C_OFF(); LED_C_OFF();
cardSTATE = MFEMUL_HALTED; cardSTATE = MFEMUL_HALTED;
cardAUTHKEY = AUTHKEYNONE; cardAUTHKEY = AUTHKEYNONE;
if (g_dbglevel >= DBG_EXTENDED) if (g_dbglevel >= DBG_EXTENDED) {
Dbprintf("[MFEMUL_WORK] cardSTATE = MFEMUL_HALTED"); Dbprintf("[MFEMUL_WORK] cardSTATE = MFEMUL_HALTED");
}
break; break;
} }
@ -1291,7 +1289,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
case MFEMUL_INTREG_INC: { case MFEMUL_INTREG_INC: {
if (receivedCmd_len == 6) { if (receivedCmd_len == 6) {
mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t *)&ans); mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t *)&ans);
if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL) != PM3_SUCCESS) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
FpgaDisableTracing(); FpgaDisableTracing();
@ -1312,7 +1310,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
if (receivedCmd_len == 6) { // Data is encrypted if (receivedCmd_len == 6) { // Data is encrypted
// Decrypted cmd // Decrypted cmd
mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t *)&ans); mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t *)&ans);
if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL) != PM3_SUCCESS) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
FpgaDisableTracing(); FpgaDisableTracing();
@ -1330,7 +1328,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
// REST // REST
case MFEMUL_INTREG_REST: { case MFEMUL_INTREG_REST: {
mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t *)&ans); mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, (uint8_t *)&ans);
if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) { if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL) != PM3_SUCCESS) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
FpgaDisableTracing(); FpgaDisableTracing();

64
armsrc/mifareutil.c
View file

@ -629,56 +629,50 @@ void emlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int block_width)
} }
void emlGetMem(uint8_t *data, int blockNum, int blocksCount) { void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {
uint8_t *mem = BigBuf_get_EM_addr(); emlGet(data, (blockNum * 16), (blocksCount * 16));
memcpy(data, mem + blockNum * 16, blocksCount * 16);
} }
void emlGetMemBt(uint8_t *data, int offset, int byteCount) { bool emlCheckValBl(int blockNum) {
uint8_t *mem = BigBuf_get_EM_addr(); uint8_t *mem = BigBuf_get_EM_addr();
memcpy(data, mem + offset, byteCount); uint8_t *d = mem + (blockNum * 16);
}
int emlCheckValBl(int blockNum) { if ((d[0] != (d[4] ^ 0xff)) || (d[0] != d[8]) ||
uint8_t *mem = BigBuf_get_EM_addr(); (d[1] != (d[5] ^ 0xff)) || (d[1] != d[9]) ||
uint8_t *data = mem + blockNum * 16; (d[2] != (d[6] ^ 0xff)) || (d[2] != d[10]) ||
(d[3] != (d[7] ^ 0xff)) || (d[3] != d[11]) ||
if ((data[0] != (data[4] ^ 0xff)) || (data[0] != data[8]) || (d[12] != (d[13] ^ 0xff)) || (d[12] != d[14]) ||
(data[1] != (data[5] ^ 0xff)) || (data[1] != data[9]) || (d[12] != (d[15] ^ 0xff))) {
(data[2] != (data[6] ^ 0xff)) || (data[2] != data[10]) || return false;
(data[3] != (data[7] ^ 0xff)) || (data[3] != data[11]) || }
(data[12] != (data[13] ^ 0xff)) || (data[12] != data[14]) || return true;
(data[12] != (data[15] ^ 0xff))
)
return 1;
return 0;
} }
int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) { int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) {
uint8_t *mem = BigBuf_get_EM_addr(); uint8_t *mem = BigBuf_get_EM_addr();
uint8_t *data = mem + blockNum * 16; uint8_t *d = mem + blockNum * 16;
if (emlCheckValBl(blockNum)) if (emlCheckValBl(blockNum) == false) {
return 1; return PM3_ESOFT;
}
memcpy(blReg, data, 4); memcpy(blReg, d, 4);
*blBlock = data[12]; *blBlock = d[12];
return 0; return PM3_SUCCESS;
} }
int emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum) { void emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum) {
uint8_t *mem = BigBuf_get_EM_addr(); uint8_t *mem = BigBuf_get_EM_addr();
uint8_t *data = mem + blockNum * 16; uint8_t *d = mem + blockNum * 16;
memcpy(data + 0, &blReg, 4); memcpy(d + 0, &blReg, 4);
memcpy(data + 8, &blReg, 4); memcpy(d + 8, &blReg, 4);
blReg = blReg ^ 0xffffffff; blReg = blReg ^ 0xFFFFFFFF;
memcpy(data + 4, &blReg, 4); memcpy(d + 4, &blReg, 4);
data[12] = blBlock; d[12] = blBlock;
data[13] = blBlock ^ 0xff; d[13] = blBlock ^ 0xFF;
data[14] = blBlock; d[14] = blBlock;
data[15] = blBlock ^ 0xff; d[15] = blBlock ^ 0xFF;
return 0;
} }
uint64_t emlGetKey(int sectorNum, int keyType) { uint64_t emlGetKey(int sectorNum, int keyType) {

5
armsrc/mifareutil.h
View file

@ -117,10 +117,9 @@ uint8_t SectorTrailer(uint8_t blockNo);
void emlClearMem(void); void emlClearMem(void);
void emlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int block_width); void emlSetMem_xt(uint8_t *data, int blockNum, int blocksCount, int block_width);
void emlGetMem(uint8_t *data, int blockNum, int blocksCount); void emlGetMem(uint8_t *data, int blockNum, int blocksCount);
void emlGetMemBt(uint8_t *data, int offset, int byteCount);
uint64_t emlGetKey(int sectorNum, int keyType); uint64_t emlGetKey(int sectorNum, int keyType);
int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum); int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum);
int emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum); void emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum);
int emlCheckValBl(int blockNum); bool emlCheckValBl(int blockNum);
#endif #endif