github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix: 'sc raw t' - tlv decoding work again

Browse source 
chg: 'sc brute' - now decodes TLV by default the found SFI
chg: 'sc raw' - better detection on armside when failing
This commit is contained in:
Chris 2018-09-25 02:54:51 +02:00
commit 97c0729289
2 changed files with 47 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

43
client/cmdsmartcard.c
View file

@ -72,6 +72,24 @@ int usage_sm_brute(void) {
return 0; return 0;
} }
static bool smart_select(bool silent) {
UsbCommand c = {CMD_SMART_ATR, {0, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
if ( !WaitForResponseTimeout(CMD_ACK, &resp, 2500) ) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return false;
}
uint8_t isok = resp.arg[0] & 0xFF;
if (!isok) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return false;
}
return true;
}
static int smart_wait(uint8_t *data) { static int smart_wait(uint8_t *data) {
UsbCommand resp; UsbCommand resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
@ -85,7 +103,7 @@ static int smart_wait(uint8_t *data) {
return -2; return -2;
} }
memcpy(data, resp.d.asBytes, len); memcpy(data, resp.d.asBytes, len);
PrintAndLogEx(SUCCESS, "%s", sprint_hex_inrow_ex(data, len, 32)); PrintAndLogEx(SUCCESS, " %d | %s", len, sprint_hex_inrow_ex(data, len, 32));
if (len >= 2) { if (len >= 2) {
PrintAndLogEx(SUCCESS, "%02X%02X | %s", data[len - 2], data[len - 1], GetAPDUCodeDescription(data[len - 2], data[len - 1])); PrintAndLogEx(SUCCESS, "%02X%02X | %s", data[len - 2], data[len - 1], GetAPDUCodeDescription(data[len - 2], data[len - 1]));
@ -197,7 +215,7 @@ int CmdSmartRaw(const char *Cmd) {
// reading response from smart card // reading response from smart card
if ( reply ) { if ( reply ) {
uint8_t* buf = malloc(USB_CMD_DATA_SIZE); uint8_t* buf = calloc(USB_CMD_DATA_SIZE, sizeof(uint8_t));
if ( !buf ) if ( !buf )
return 1; return 1;
@ -208,9 +226,9 @@ int CmdSmartRaw(const char *Cmd) {
} }
// TLV decoder // TLV decoder
if (decodeTLV && len > 4) { if (decodeTLV && len > 4)
TLVPrintFromBuffer(buf+1, len-2); TLVPrintFromBuffer(buf+1, len-3);
}
free(buf); free(buf);
} }
return 0; return 0;
@ -478,16 +496,21 @@ int CmdSmartBruteforceSFI(const char *Cmd) {
char ctmp = tolower(param_getchar(Cmd, 0)); char ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_sm_brute(); if (ctmp == 'h') return usage_sm_brute();
uint8_t data[5] = {0x00, 0xB2, 0x00, 0x00, 0x00}; uint8_t data[5] = {0x00, 0xB2, 0x00, 0x00, 0x00};
PrintAndLogEx(INFO, "Selecting"); PrintAndLogEx(INFO, "Selecting card");
if ( !smart_select(false) ) {
return 1;
}
PrintAndLogEx(INFO, "Selecting PPSE aid");
CmdSmartRaw("d 00a404000e325041592e5359532e444446303100"); CmdSmartRaw("d 00a404000e325041592e5359532e444446303100");
CmdSmartRaw("d 00a4040007a000000004101000"); CmdSmartRaw("d 00a4040007a000000004101000");
PrintAndLogEx(INFO, "starting"); PrintAndLogEx(INFO, "starting");
UsbCommand c = {CMD_SMART_RAW, {SC_RAW, sizeof(data), 0}}; UsbCommand c = {CMD_SMART_RAW, {SC_RAW, sizeof(data), 0}};
uint8_t* buf = malloc(USB_CMD_DATA_SIZE); uint8_t* buf = malloc(USB_CMD_DATA_SIZE);
if ( !buf ) if ( !buf )
return 1; return 1;
@ -511,7 +534,11 @@ int CmdSmartBruteforceSFI(const char *Cmd) {
memcpy(c.d.asBytes, data, sizeof(data) ); memcpy(c.d.asBytes, data, sizeof(data) );
clearCommandBuffer(); clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
smart_response(buf); uint8_t len = smart_response(buf);
// TLV decoder
if (len > 4)
TLVPrintFromBuffer(buf+1, len-3);
data[4] = 0; data[4] = 0;
} }

33
common/i2c.c
View file

@ -35,37 +35,28 @@ void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) {
for (c = delay * 2; c; c--) {}; for (c = delay * 2; c; c--) {};
} }
// 通讯延迟函数 ommunication delay function
#define I2C_DELAY_1CLK I2CSpinDelayClk(1) #define I2C_DELAY_1CLK I2CSpinDelayClk(1)
#define I2C_DELAY_2CLK I2CSpinDelayClk(2) #define I2C_DELAY_2CLK I2CSpinDelayClk(2)
#define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x)) #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x))
#define ISO7618_MAX_FRAME 255 #define ISO7618_MAX_FRAME 255
void I2C_init(void) { void I2C_init(void) {
// 配置复位引脚,关闭上拉,推挽输出,默认高
// Configure reset pin, close up pull up, push-pull output, default high // Configure reset pin, close up pull up, push-pull output, default high
AT91C_BASE_PIOA->PIO_PPUDR = GPIO_RST; AT91C_BASE_PIOA->PIO_PPUDR = GPIO_RST;
AT91C_BASE_PIOA->PIO_MDDR = GPIO_RST; AT91C_BASE_PIOA->PIO_MDDR = GPIO_RST;
// 配置 I2C 引脚,开启上拉,开漏输出
// Configure I2C pin, open up, open leakage // Configure I2C pin, open up, open leakage
AT91C_BASE_PIOA->PIO_PPUER |= (GPIO_SCL | GPIO_SDA); // ´ò¿ªÉÏÀ­ Open up the pull up AT91C_BASE_PIOA->PIO_PPUER |= (GPIO_SCL | GPIO_SDA); // ´ò¿ªÉÏÀ­ Open up the pull up
AT91C_BASE_PIOA->PIO_MDER |= (GPIO_SCL | GPIO_SDA); AT91C_BASE_PIOA->PIO_MDER |= (GPIO_SCL | GPIO_SDA);
// 默认三根线全部拉高
// default three lines all pull up // default three lines all pull up
AT91C_BASE_PIOA->PIO_SODR |= (GPIO_SCL | GPIO_SDA | GPIO_RST); AT91C_BASE_PIOA->PIO_SODR |= (GPIO_SCL | GPIO_SDA | GPIO_RST);
// 允许输出
// allow output
AT91C_BASE_PIOA->PIO_OER |= (GPIO_SCL | GPIO_SDA | GPIO_RST); AT91C_BASE_PIOA->PIO_OER |= (GPIO_SCL | GPIO_SDA | GPIO_RST);
AT91C_BASE_PIOA->PIO_PER |= (GPIO_SCL | GPIO_SDA | GPIO_RST); AT91C_BASE_PIOA->PIO_PER |= (GPIO_SCL | GPIO_SDA | GPIO_RST);
} }
// 设置复位状态
// set the reset state // set the reset state
void I2C_SetResetStatus(uint8_t LineRST, uint8_t LineSCK, uint8_t LineSDA) { void I2C_SetResetStatus(uint8_t LineRST, uint8_t LineSCK, uint8_t LineSDA) {
if (LineRST) if (LineRST)
@ -84,7 +75,6 @@ void I2C_SetResetStatus(uint8_t LineRST, uint8_t LineSCK, uint8_t LineSDA) {
LOW(GPIO_SDA); LOW(GPIO_SDA);
} }
// 复位进入主程序
// Reset the SIM_Adapter, then enter the main program // Reset the SIM_Adapter, then enter the main program
// Note: the SIM_Adapter will not enter the main program after power up. Please run this function before use SIM_Adapter. // Note: the SIM_Adapter will not enter the main program after power up. Please run this function before use SIM_Adapter.
void I2C_Reset_EnterMainProgram(void) { void I2C_Reset_EnterMainProgram(void) {
@ -96,9 +86,8 @@ void I2C_Reset_EnterMainProgram(void) {
SpinDelay(10); SpinDelay(10);
} }
// 复位进入引导模式
// Reset the SIM_Adapter, then enter the bootloader program // Reset the SIM_Adapter, then enter the bootloader program
// ReserveFor firmware update. // Reserve for firmware update.
void I2C_Reset_EnterBootloader(void) { void I2C_Reset_EnterBootloader(void) {
I2C_SetResetStatus(0, 1, 1); I2C_SetResetStatus(0, 1, 1);
SpinDelay(100); SpinDelay(100);
@ -106,7 +95,6 @@ void I2C_Reset_EnterBootloader(void) {
SpinDelay(10); SpinDelay(10);
} }
// 等待时钟变高
// Wait for the clock to go High. // Wait for the clock to go High.
bool WaitSCL_H_delay(uint32_t delay) { bool WaitSCL_H_delay(uint32_t delay) {
while (delay--) { while (delay--) {
@ -301,7 +289,6 @@ bool I2C_WriteCmd(uint8_t device_cmd, uint8_t device_address) {
return true; return true;
} }
// 写入1字节数据 (待写入数据,待写入地址,器件类型)
// Sends 1 byte data (Data to be written, command to be written , SlaveDevice address ). // Sends 1 byte data (Data to be written, command to be written , SlaveDevice address ).
bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) { bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) {
bool bBreak = true; bool bBreak = true;
@ -332,8 +319,7 @@ bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) {
return true; return true;
} }
// 写入1串数据待写入数组地址待写入长度待写入地址器件类型 //Sends array of data (Array, length, command to be written , SlaveDevice address ).
//Sends a string of data (Array, length, command to be written , SlaveDevice address ).
// len = uint8 (max buffer to write 256bytes) // len = uint8 (max buffer to write 256bytes)
bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) {
bool bBreak = true; bool bBreak = true;
@ -371,8 +357,7 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev
return true; return true;
} }
// 读出1串数据存放读出数据待读出长度带读出地址器件类型 // read one array of data (Data array, Readout length, command to be written , SlaveDevice address ).
// read 1 strings of data (Data array, Readout length, command to be written , SlaveDevice address ).
// len = uint8 (max buffer to read 256bytes) // len = uint8 (max buffer to read 256bytes)
int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) {
@ -460,12 +445,10 @@ int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
// msb
I2C_SendByte(msb); I2C_SendByte(msb);
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
// lsb
I2C_SendByte(lsb); I2C_SendByte(lsb);
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
@ -522,12 +505,10 @@ bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t d
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
// msb
I2C_SendByte(msb); I2C_SendByte(msb);
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
// lsb
I2C_SendByte(lsb); I2C_SendByte(lsb);
if (!I2C_WaitAck()) if (!I2C_WaitAck())
break; break;
@ -698,8 +679,12 @@ void SmartCardRaw( uint64_t arg0, uint64_t arg1, uint8_t *data ) {
// read bytes from module // read bytes from module
len = ISO7618_MAX_FRAME; len = ISO7618_MAX_FRAME;
sc_rx_bytes(resp, &len); bool res = sc_rx_bytes(resp, &len);
LogTrace(resp, len, 0, 0, NULL, false); if ( res ) {
LogTrace(resp, len, 0, 0, NULL, false);
} else {
len = 0;
}
} }
OUT: OUT:
cmd_send(CMD_ACK, len, 0, 0, resp, len); cmd_send(CMD_ACK, len, 0, 0, resp, len);