github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1830 from jmichelp/master

Browse source 
Smartcard module firmware 4.12
This commit is contained in:
Iceman 2022-12-05 20:28:25 +01:00 committed by GitHub
commit 9f589fed9a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 66 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -18,6 +18,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
- Added `hf mf gload, gsave, ggetblk, gsetblk` for Gen4 GTU in mifare classic mode (@DidierA) - Added `hf mf gload, gsave, ggetblk, gsetblk` for Gen4 GTU in mifare classic mode (@DidierA)
- Fixed SPI flash overflow when loading dictionnaries into flash. Breaking change: added 1 more sector for Mifare - dictionnaries should be loaded again (@jmichelp) - Fixed SPI flash overflow when loading dictionnaries into flash. Breaking change: added 1 more sector for Mifare - dictionnaries should be loaded again (@jmichelp)
- Fixed `lf hitag dump` - Should now work as described in the command help (@natmchugh) - Fixed `lf hitag dump` - Should now work as described in the command help (@natmchugh)
- Fixed wired smartcard APDU chaining logic and allow 256 bytes ADPU payload. Need SIM firmware 4.12 to work (jmichel@)
## [Radium.4.15864][2022-10-29] ## [Radium.4.15864][2022-10-29]
- Changed `lf indala sim` - now accepts fc / cn (@iceman1001) - Changed `lf indala sim` - now accepts fc / cn (@iceman1001)

70
armsrc/i2c.c
View file

@ -53,7 +53,8 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) {
#define I2C_DELAY_2CLK I2CSpinDelayClk(2) #define I2C_DELAY_2CLK I2CSpinDelayClk(2)
#define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x)) #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x))
#define ISO7618_MAX_FRAME 255 // The SIM module v4 supports up to 384 bytes for the length.
#define ISO7816_MAX_FRAME 260
// try i2c bus recovery at 100kHz = 5us high, 5us low // try i2c bus recovery at 100kHz = 5us high, 5us low
void I2C_recovery(void) { void I2C_recovery(void) {
@ -395,8 +396,8 @@ bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address) {
} }
//Sends array of data (Array, length, command to be written , SlaveDevice address ). //Sends array of data (Array, length, command to be written , SlaveDevice address ).
// len = uint8 (max buffer to write 256bytes) // len = uint16 because we need to write up to 256 bytes
bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { bool I2C_BufferWrite(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) {
bool bBreak = true; bool bBreak = true;
do { do {
if (!I2C_Start()) if (!I2C_Start())
@ -433,8 +434,8 @@ bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t dev
} }
// read one array of data (Data array, Readout length, command to be written , SlaveDevice address ). // read one array of data (Data array, Readout length, command to be written , SlaveDevice address ).
// len = uint8 (max buffer to read 256bytes) // len = uint16 because we need to read up to 256bytes
int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address) { int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address) {
if (!data || len == 0) if (!data || len == 0)
return 0; return 0;
@ -445,6 +446,7 @@ int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
bool bBreak = true; bool bBreak = true;
uint16_t readcount = 0; uint16_t readcount = 0;
uint16_t recv_len = 0;
do { do {
if (!I2C_Start()) if (!I2C_Start())
@ -484,12 +486,35 @@ int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
len--; len--;
// The first byte in response is the message length // Starting firmware v4 the length is encoded on the first two bytes.
if (!readcount && (len > *data)) { // This only applies if command is I2C_DEVICE_CMD_READ.
if (device_cmd == I2C_DEVICE_CMD_READ) {
switch (readcount) {
case 0:
// Length (MSB)
recv_len = (*data) << 8;
break;
case 1:
// Length (LSB)
recv_len += *data;
// Adjust len if needed
if (len > recv_len) {
len = recv_len;
}
break;
default:
// Data byte received
data++;
break;
}
} else {
// Length is encoded on 1 byte
if ((readcount == 0) && (len > *data)) {
len = *data; len = *data;
} else { } else {
data++; data++;
} }
}
readcount++; readcount++;
// acknowledgements. After last byte send NACK. // acknowledgements. After last byte send NACK.
@ -501,8 +526,8 @@ int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
I2C_Stop(); I2C_Stop();
// return bytecount - first byte (which is length byte) // return bytecount - bytes encoding length
return --readcount; return readcount - (device_cmd == I2C_DEVICE_CMD_READ ? 2 : 1);
} }
int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address) { int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address) {
@ -612,10 +637,14 @@ bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t d
void I2C_print_status(void) { void I2C_print_status(void) {
DbpString(_CYAN_("Smart card module (ISO 7816)")); DbpString(_CYAN_("Smart card module (ISO 7816)"));
uint8_t maj, min; uint8_t maj, min;
if (I2C_get_version(&maj, &min) == PM3_SUCCESS) if (I2C_get_version(&maj, &min) == PM3_SUCCESS) {
Dbprintf(" version................. " _YELLOW_("v%x.%02d"), maj, min); Dbprintf(" version................. " _YELLOW_("v%x.%02d"), maj, min);
else if (maj < 4) {
DbpString(" " _RED_("Outdated firmware.") " Please upgrade to v4.x or above.");
}
} else {
DbpString(" version................. " _RED_("FAILED")); DbpString(" version................. " _RED_("FAILED"));
}
} }
int I2C_get_version(uint8_t *maj, uint8_t *min) { int I2C_get_version(uint8_t *maj, uint8_t *min) {
@ -631,7 +660,7 @@ int I2C_get_version(uint8_t *maj, uint8_t *min) {
} }
// Will read response from smart card module, retries 3 times to get the data. // Will read response from smart card module, retries 3 times to get the data.
bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) { bool sc_rx_bytes(uint8_t *dest, uint16_t *destlen) {
uint8_t i = 5; uint8_t i = 5;
int16_t len = 0; int16_t len = 0;
@ -656,7 +685,7 @@ bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) {
if (len <= 1) if (len <= 1)
return false; return false;
*destlen = (uint8_t)len & 0xFF; *destlen = len;
return true; return true;
} }
@ -678,7 +707,10 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) {
return false; return false;
// read bytes from module // read bytes from module
uint8_t len = sizeof(card_ptr->atr); uint16_t len = sizeof(card_ptr->atr);
if (len > sizeof(card_ptr->atr)) {
len = sizeof(card_ptr->atr);
}
if (sc_rx_bytes(card_ptr->atr, &len) == false) if (sc_rx_bytes(card_ptr->atr, &len) == false)
return false; return false;
@ -697,7 +729,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) {
uint8_t chksum = 0; uint8_t chksum = 0;
// xor property. will be zero when xored with chksum. // xor property. will be zero when xored with chksum.
for (uint8_t i = 1; i < len; ++i) for (uint16_t i = 1; i < len; ++i)
chksum ^= card_ptr->atr[i]; chksum ^= card_ptr->atr[i];
if (chksum) { if (chksum) {
@ -706,7 +738,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) {
} }
} }
card_ptr->atr_len = len; card_ptr->atr_len = (uint8_t) (len & 0xff);
if (verbose) { if (verbose) {
LogTrace(card_ptr->atr, card_ptr->atr_len, 0, 0, NULL, false); LogTrace(card_ptr->atr, card_ptr->atr_len, 0, 0, NULL, false);
} }
@ -732,8 +764,8 @@ void SmartCardAtr(void) {
void SmartCardRaw(smart_card_raw_t *p) { void SmartCardRaw(smart_card_raw_t *p) {
LED_D_ON(); LED_D_ON();
uint8_t len = 0; uint16_t len = 0;
uint8_t *resp = BigBuf_malloc(ISO7618_MAX_FRAME); uint8_t *resp = BigBuf_malloc(ISO7816_MAX_FRAME);
// check if alloacted... // check if alloacted...
smartcard_command_t flags = p->flags; smartcard_command_t flags = p->flags;
@ -777,7 +809,7 @@ void SmartCardRaw(smart_card_raw_t *p) {
} }
// read bytes from module // read bytes from module
len = ISO7618_MAX_FRAME; len = ISO7816_MAX_FRAME;
res = sc_rx_bytes(resp, &len); res = sc_rx_bytes(resp, &len);
if (res) { if (res) {
LogTrace(resp, len, 0, 0, NULL, false); LogTrace(resp, len, 0, 0, NULL, false);

6
armsrc/i2c.h
View file

@ -41,14 +41,14 @@ void I2C_Reset_EnterBootloader(void);
bool I2C_WriteCmd(uint8_t device_cmd, uint8_t device_address); bool I2C_WriteCmd(uint8_t device_cmd, uint8_t device_address);
bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address); bool I2C_WriteByte(uint8_t data, uint8_t device_cmd, uint8_t device_address);
bool I2C_BufferWrite(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address); bool I2C_BufferWrite(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address);
int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t device_address); int16_t I2C_BufferRead(uint8_t *data, uint16_t len, uint8_t device_cmd, uint8_t device_address);
// for firmware // for firmware
int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address); int16_t I2C_ReadFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address);
bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address); bool I2C_WriteFW(uint8_t *data, uint8_t len, uint8_t msb, uint8_t lsb, uint8_t device_address);
bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen); bool sc_rx_bytes(uint8_t *dest, uint16_t *destlen);
// //
bool GetATR(smart_card_atr_t *card_ptr, bool verbose); bool GetATR(smart_card_atr_t *card_ptr, bool verbose);

7
client/src/cmdsmartcard.c
View file

@ -329,10 +329,15 @@ static int smart_responseEx(uint8_t *out, int maxoutlen, bool verbose) {
} }
if (needGetData == true) { if (needGetData == true) {
// Don't discard data we already received except the SW code // Don't discard data we already received except the SW code.
// If we only received 1 byte, this is the echo of INS, we discard it.
totallen -= 2; totallen -= 2;
if (totallen == 1) {
totallen = 0;
}
int ofs = totallen; int ofs = totallen;
maxoutlen -= totallen; maxoutlen -= totallen;
PrintAndLogEx(INFO, "Keeping data (%d bytes): %s", ofs, sprint_hex(out, ofs));
int len = out[datalen - 1]; int len = out[datalen - 1];
if (len == 0 || len > MAX_APDU_SIZE) { if (len == 0 || len > MAX_APDU_SIZE) {

6
client/src/cmdsmartcard.h
View file

@ -22,10 +22,10 @@
#include "common.h" #include "common.h"
#include "pm3_cmd.h" // structs #include "pm3_cmd.h" // structs
// On ARM side, ISO7816_MAX_FRAME is set to 255 // On ARM side, ISO7816_MAX_FRAME is set to 260
// This means we can't receive more than 250 bytes of data to leave enough room for // This means we can receive a full short APDU (256 bytes) of data and have enough room for
// SW status code and surrounding metadata without creating a buffer overflow. // SW status code and surrounding metadata without creating a buffer overflow.
#define MAX_APDU_SIZE 250 #define MAX_APDU_SIZE 256
int CmdSmartcard(const char *Cmd); int CmdSmartcard(const char *Cmd);