github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: some possible null - ref bugs in 'iclass' , 'iso15693' deviceside.

Browse source 
FIX: 0 is not a reference.
FIX: iso15693 - wait wasn't implemented
chg: 'hf 15' getTagInfo_15 renamned.
chg: 'hf iclass loclass' some output got newline
This commit is contained in:
iceman1001 2017-08-19 09:49:41 +02:00
commit 823a814cf6
4 changed files with 463 additions and 501 deletions
Download patch file Download diff file Expand all files Collapse all files

832
armsrc/iclass.c
View file

File diff suppressed because it is too large Load diff

67
armsrc/iso15693.c
View file

@ -219,33 +219,38 @@ static void TransmitTo15693Tag(const uint8_t *cmd, int len, int *samples, int *w
int c; int c;
volatile uint32_t r; volatile uint32_t r;
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
if(*wait < 10) { *wait = 10; }
if (wait) {
// for(c = 0; c < *wait;) { if (*wait < 10) { *wait = 10; }
// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { for (c = 0; c < *wait;) {
// AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing! if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
// ++c; AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing!
// } ++c;
// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { }
// r = AT91C_BASE_SSC->SSC_RHR; if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
// (void)r; r = AT91C_BASE_SSC->SSC_RHR; (void)r;
// } }
// WDT_HIT(); WDT_HIT();
// } }
}
c = 0; c = 0;
for(;;) { for(;;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = cmd[c]; AT91C_BASE_SSC->SSC_THR = cmd[c];
if( ++c >= len) break; if( ++c >= len) break;
} }
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = AT91C_BASE_SSC->SSC_RHR; r = AT91C_BASE_SSC->SSC_RHR; (void)r;
(void)r;
} }
WDT_HIT(); WDT_HIT();
} }
*samples = (c + *wait) << 3; if (samples) {
if (wait)
*samples = (c + *wait) << 3;
else
*samples = c << 3;
}
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
@ -256,20 +261,36 @@ static void TransmitTo15693Reader(const uint8_t *cmd, int len, int *samples, int
int c = 0; int c = 0;
volatile uint32_t r; volatile uint32_t r;
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);
if(*wait < 10) { *wait = 10; } if (wait) {
if (*wait < 10) { *wait = 10; }
for (c = 0; c < *wait;) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing!
++c;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = AT91C_BASE_SSC->SSC_RHR; (void)r;
}
WDT_HIT();
}
}
for(;;) { for(;;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = cmd[c]; AT91C_BASE_SSC->SSC_THR = cmd[c];
if( ++c >= len) break; if( ++c >= len) break;
} }
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = AT91C_BASE_SSC->SSC_RHR; r = AT91C_BASE_SSC->SSC_RHR; (void)r;
(void)r;
} }
WDT_HIT(); WDT_HIT();
} }
*samples = (c + *wait) << 3; if (samples) {
if (wait)
*samples = (c + *wait) << 3;
else
*samples = c << 3;
}
} }

38
client/cmdhf15.c
View file

@ -236,7 +236,7 @@ int getUID(uint8_t *buf)
// get a product description based on the UID // get a product description based on the UID
// uid[8] tag uid // uid[8] tag uid
// returns description of the best match // returns description of the best match
static char* getTagInfo(uint8_t *uid) { static char* getTagInfo_15(uint8_t *uid) {
uint64_t myuid, mask; uint64_t myuid, mask;
int i = 0, best = -1; int i = 0, best = -1;
memcpy(&myuid, uid, sizeof(uint64_t)); memcpy(&myuid, uid, sizeof(uint64_t));
@ -381,8 +381,8 @@ int HF15Reader(const char *Cmd, bool verbose)
return 0; return 0;
} }
PrintAndLog("Tag UID : %s",sprintUID(NULL,uid)); PrintAndLog("Tag UID : %s", sprintUID(NULL,uid));
PrintAndLog("Tag Info: %s",getTagInfo(uid)); PrintAndLog("Tag Info: %s", getTagInfo_15(uid));
return 1; return 1;
} }
@ -447,18 +447,18 @@ int CmdHF15DumpMem(const char*Cmd) {
return 0; return 0;
} }
PrintAndLog("Reading memory from tag UID=%s",sprintUID(NULL,uid)); PrintAndLog("Reading memory from tag UID=%s", sprintUID(NULL, uid));
PrintAndLog("Tag Info: %s",getTagInfo(uid)); PrintAndLog("Tag Info: %s", getTagInfo_15(uid));
for (int retry=0; retry<5; retry++) { for (int retry=0; retry<5; retry++) {
req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[1]=ISO15_CMD_READ; req[1]=ISO15_CMD_READ;
memcpy(&req[2],uid,8); memcpy(&req[2], uid, 8);
req[10]=blocknum; req[10] = blocknum;
reqlen=AddCrc(req,11); reqlen = AddCrc(req, 11);
c.arg[0]=reqlen; c.arg[0] = reqlen;
SendCommand(&c); SendCommand(&c);
@ -549,10 +549,10 @@ int CmdHF15CmdInquiry(const char *Cmd)
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
if (resp.arg[0]>=12) { if (resp.arg[0]>=12) {
recv = resp.d.asBytes; recv = resp.d.asBytes;
PrintAndLog("UID=%s",sprintUID(NULL,&recv[2])); PrintAndLog("UID=%s", sprintUID(NULL, &recv[2]));
PrintAndLog("Tag Info: %s",getTagInfo(&recv[2])); PrintAndLog("Tag Info: %s", getTagInfo_15(&recv[2]));
} else { } else {
PrintAndLog("Response to short, just %i bytes. No tag?\n",resp.arg[0]); PrintAndLog("Response to short, just %i bytes. No tag?\n", resp.arg[0]);
} }
} else { } else {
PrintAndLog("timeout."); PrintAndLog("timeout.");
@ -813,14 +813,14 @@ int CmdHF15CmdSysinfo(const char *Cmd) {
if (!(recv[0] & ISO15_RES_ERROR)) { if (!(recv[0] & ISO15_RES_ERROR)) {
*output=0; // reset outputstring *output=0; // reset outputstring
for ( i=1; i<resp.arg[0]-2; i++) { for ( i=1; i<resp.arg[0]-2; i++) {
sprintf(output+strlen(output),"%02X ",recv[i]); sprintf(output+strlen(output), "%02X ", recv[i]);
} }
strcat(output,"\n\r"); strcat(output, "\n\r");
strcat(output,"UID = "); strcat(output, "UID = ");
strcat(output,sprintUID(NULL,recv+2)); strcat(output, sprintUID(NULL, recv+2));
strcat(output,"\n\r"); strcat(output, "\n\r");
strcat(output,getTagInfo(recv+2)); //ABC strcat(output, getTagInfo_15(recv+2)); //ABC
strcat(output,"\n\r"); strcat(output, "\n\r");
i=10; i=10;
if (recv[1] & 0x01) if (recv[1] & 0x01)
sprintf(output+strlen(output),"DSFID supported, set to %02X\n\r",recv[i++]); sprintf(output+strlen(output),"DSFID supported, set to %02X\n\r",recv[i++]);

27
client/cmdhficlass.c
View file

@ -240,32 +240,29 @@ int CmdHFiClassSnoop(const char *Cmd) {
} }
int CmdHFiClassSim(const char *Cmd) { int CmdHFiClassSim(const char *Cmd) {
uint8_t simType = 0;
uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
if (strlen(Cmd)<1) return usage_hf_iclass_sim(); if (strlen(Cmd)<1) return usage_hf_iclass_sim();
uint8_t simType = 0;
uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
simType = param_get8ex(Cmd, 0, 0, 10); simType = param_get8ex(Cmd, 0, 0, 10);
if(simType == 0) if (simType == 0) {
{
if (param_gethex(Cmd, 1, CSN, 16)) { if (param_gethex(Cmd, 1, CSN, 16)) {
PrintAndLog("A CSN should consist of 16 HEX symbols"); PrintAndLog("A CSN should consist of 16 HEX symbols");
return usage_hf_iclass_sim(); return usage_hf_iclass_sim();
} }
PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8)); PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));
} }
if(simType > 3) if (simType > 3) {
{
PrintAndLog("Undefined simptype %d", simType); PrintAndLog("Undefined simptype %d", simType);
return usage_hf_iclass_sim(); return usage_hf_iclass_sim();
} }
uint8_t numberOfCSNs=0; uint8_t numberOfCSNs = 0;
if(simType == 2) if (simType == 2) {
{
UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}}; UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}};
UsbCommand resp = {0}; UsbCommand resp = {0};
@ -283,7 +280,7 @@ int CmdHFiClassSim(const char *Cmd) {
0X0C, 0X90, 0X32, 0XF3, 0X5D, 0XFF, 0X12, 0XE0 // 10,13 0X0C, 0X90, 0X32, 0XF3, 0X5D, 0XFF, 0X12, 0XE0 // 10,13
}; };
/* /* 00 13 94 7e 76 ff 12 e0
// pre-defined 15 CSN by Carl55 // pre-defined 15 CSN by Carl55
// but new entry[0] by iceman // but new entry[0] by iceman
uint8_t csns[8*NUM_CSNS] = { uint8_t csns[8*NUM_CSNS] = {
@ -328,13 +325,13 @@ int CmdHFiClassSim(const char *Cmd) {
* CC are all zeroes, CSN is the same as was sent in * CC are all zeroes, CSN is the same as was sent in
**/ **/
void* dump = malloc(datalen); void* dump = malloc(datalen);
memset(dump,0,datalen);//<-- Need zeroes for the CC-field memset(dump, 0, datalen);//<-- Need zeroes for the CC-field
uint8_t i = 0; uint8_t i = 0;
for(i = 0 ; i < NUM_CSNS ; i++) { for (i = 0 ; i < NUM_CSNS ; i++) {
memcpy(dump+i*24, csns+i*8, 8); //CSN memcpy(dump + i*24, csns + i*8, 8); //CSN
//8 zero bytes here... //8 zero bytes here...
//Then comes NR_MAC (eight bytes from the response) //Then comes NR_MAC (eight bytes from the response)
memcpy(dump+i*24+16, resp.d.asBytes+i*8, 8); memcpy(dump + i*24 + 16, resp.d.asBytes + i*8, 8);
} }
/** Now, save to dumpfile **/ /** Now, save to dumpfile **/
saveFile("iclass_mac_attack", "bin", dump, datalen); saveFile("iclass_mac_attack", "bin", dump, datalen);