diff --git a/armsrc/iclass.c b/armsrc/iclass.c index e44b54fd9..a1631d95d 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -36,9 +36,10 @@ #include "protocols.h" #include "ticks.h" #include "iso15693.h" -#include "iclass_cmd.h" /* iclass_card_select_t struct */ +#include "iclass_cmd.h" // iclass_card_select_t struct +#include "i2c.h" // i2c defines (SIM module access) -static uint8_t get_pagemap(const picopass_hdr_t *hdr) { +uint8_t get_pagemap(const picopass_hdr_t *hdr) { return (hdr->conf.fuses & (FUSE_CRYPT0 | FUSE_CRYPT1)) >> 3; } @@ -52,23 +53,6 @@ static uint8_t get_pagemap(const picopass_hdr_t *hdr) { #define ICLASS_16KS_SIZE 0x100 * 8 #endif -// iCLASS has a slightly different timing compared to ISO15693. According to the picopass data sheet the tag response is expected 330us after -// the reader command. This is measured from end of reader EOF to first modulation of the tag's SOF which starts with a 56,64us unmodulated period. -// 330us = 140 ssp_clk cycles @ 423,75kHz when simulating. -// 56,64us = 24 ssp_clk_cycles -#define DELAY_ICLASS_VCD_TO_VICC_SIM (140 - 26) // (140 - 24) - -// times in ssp_clk_cycles @ 3,3625MHz when acting as reader -#define DELAY_ICLASS_VICC_TO_VCD_READER DELAY_ISO15693_VICC_TO_VCD_READER - -// times in samples @ 212kHz when acting as reader -#define ICLASS_READER_TIMEOUT_ACTALL 330 // 1558us, nominal 330us + 7slots*160us = 1450us -#define ICLASS_READER_TIMEOUT_UPDATE 3390 // 16000us, nominal 4-15ms -#define ICLASS_READER_TIMEOUT_OTHERS 80 // 380us, nominal 330us - -#define AddCrc(data, len) compute_crc(CRC_ICLASS, (data), (len), (data)+(len), (data)+(len)+1) - - /* * CARD TO READER * in ISO15693-2 mode - Manchester @@ -1245,7 +1229,7 @@ send: } // THE READER CODE -static void iclass_send_as_reader(uint8_t *frame, int len, uint32_t *start_time, uint32_t *end_time, bool shallow_mod) { +void iclass_send_as_reader(uint8_t *frame, int len, uint32_t *start_time, uint32_t *end_time, bool shallow_mod) { CodeIso15693AsReader(frame, len); tosend_t *ts = get_tosend(); TransmitTo15693Tag(ts->buf, ts->max, start_time, shallow_mod); @@ -1902,7 +1886,7 @@ void iClass_WriteBlock(uint8_t *msg) { } // verify write - if (pagemap == PICOPASS_SECURE_PAGEMODE && payload->req.blockno == 2) { + if ((pagemap != PICOPASS_NON_SECURE_PAGEMODE) && (payload->req.blockno == 2)) { // check response. e-purse update swaps first and second half if (memcmp(payload->data + 4, resp, 4) || memcmp(payload->data, resp + 4, 4)) { res = false; @@ -1910,7 +1894,7 @@ void iClass_WriteBlock(uint8_t *msg) { } } - if (pagemap == PICOPASS_SECURE_PAGEMODE && (payload->req.blockno == 3 || payload->req.blockno == 4)) { + if ((pagemap != PICOPASS_NON_SECURE_PAGEMODE) && (payload->req.blockno == 3 || payload->req.blockno == 4)) { // check response. Key updates always return 0xffffffffffffffff uint8_t all_ff[8] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; if (memcmp(all_ff, resp, sizeof(all_ff))) { diff --git a/armsrc/iclass.h b/armsrc/iclass.h index 363c042ab..30846ff36 100644 --- a/armsrc/iclass.h +++ b/armsrc/iclass.h @@ -21,6 +21,23 @@ #include "common.h" #include "iclass_cmd.h" +// iCLASS has a slightly different timing compared to ISO15693. According to the picopass data sheet the tag response is expected 330us after +// the reader command. This is measured from end of reader EOF to first modulation of the tag's SOF which starts with a 56,64us unmodulated period. +// 330us = 140 ssp_clk cycles @ 423,75kHz when simulating. +// 56,64us = 24 ssp_clk_cycles +#define DELAY_ICLASS_VCD_TO_VICC_SIM (140 - 26) // (140 - 24) + +// times in ssp_clk_cycles @ 3,3625MHz when acting as reader +#define DELAY_ICLASS_VICC_TO_VCD_READER DELAY_ISO15693_VICC_TO_VCD_READER + + +// times in samples @ 212kHz when acting as reader +#define ICLASS_READER_TIMEOUT_ACTALL 330 // 1558us, nominal 330us + 7slots*160us = 1450us +#define ICLASS_READER_TIMEOUT_UPDATE 3390 // 16000us, nominal 4-15ms +#define ICLASS_READER_TIMEOUT_OTHERS 80 // 380us, nominal 330us + +#define AddCrc(data, len) compute_crc(CRC_ICLASS, (data), (len), (data)+(len), (data)+(len)+1) + void SniffIClass(uint8_t jam_search_len, uint8_t *jam_search_string); void ReaderIClass(uint8_t flags); @@ -43,4 +60,7 @@ bool iclass_read_block(uint16_t blockno, uint8_t *data, uint32_t *start_time, ui bool select_iclass_tag(picopass_hdr_t *hdr, bool use_credit_key, uint32_t *eof_time, bool shallow_mod); bool authenticate_iclass_tag(iclass_auth_req_t *payload, picopass_hdr_t *hdr, uint32_t *start_time, uint32_t *eof_time, uint8_t *mac_out); + +uint8_t get_pagemap(const picopass_hdr_t *hdr); +void iclass_send_as_reader(uint8_t *frame, int len, uint32_t *start_time, uint32_t *end_time, bool shallow_mod); #endif diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 96b6dae81..0583c714f 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -2191,7 +2191,7 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) { int isok = iclass_write_block(blockno, data, mac, key, use_credit_key, elite, rawkey, use_replay, verbose, auth, shallow_mod); switch (isok) { case PM3_SUCCESS: - PrintAndLogEx(SUCCESS, "Wrote block " _YELLOW_("%d") "/" _YELLOW_("0x%02X") " ( " _GREEN_("ok") " )", blockno, blockno); + PrintAndLogEx(SUCCESS, "Wrote block " _YELLOW_("%d") " / " _YELLOW_("0x%02X") " ( " _GREEN_("ok") " )", blockno, blockno); break; case PM3_ETEAROFF: if (verbose) @@ -2201,6 +2201,7 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) { PrintAndLogEx(FAILED, "Writing failed"); break; } + PrintAndLogEx(NORMAL, ""); return isok; } diff --git a/include/protocols.h b/include/protocols.h index 0b9604676..db088fd22 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -442,9 +442,10 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define FUSE_RA 0x01 // Picopass Pagemode fuses -#define PICOPASS_NON_SECURE_PAGEMODE 0x01 -#define PICOPASS_SECURE_PAGEMODE 0x03 - +#define PICOPASS_SECURE_PAGEMODE_AUTH_DISABLED 0x00 +#define PICOPASS_NON_SECURE_PAGEMODE 0x01 +#define PICOPASS_SECURE_PAGEMODE_KEYS_LOCKED 0x02 +#define PICOPASS_SECURE_PAGEMODE_KEYS_MODIFIABLE 0x03 // ISO 7816-4 Basic interindustry commands. For command APDU's. #define ISO7816_READ_BINARY 0xB0