From b05796c7c4ec60dc5e7087e402182c2c4aaeb833 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Sun, 26 May 2019 13:42:27 -0400
Subject: [PATCH] chg: hf mf dbg\nchg: hf mf sim\nchg: hf 14a sim - uses NG

---
 armsrc/appmain.c   | 25 ++++++++++++++++++++-----
 armsrc/apps.h      |  1 -
 armsrc/iso14443a.c |  2 +-
 armsrc/iso14443a.h |  2 +-
 armsrc/mifaresim.c | 10 ++++++----
 client/cmdhf14a.c  | 38 +++++++++++++++++++++-----------------
 client/cmdhfmf.c   | 23 +++++++++++++++++------
 7 files changed, 66 insertions(+), 35 deletions(-)

diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index b9b77f6ea..089b7f7c5 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -1017,9 +1017,16 @@ static void PacketReceived(PacketCommandNG *packet) {
         case CMD_READER_ISO_14443a:
             ReaderIso14443a(packet);
             break;
-        case CMD_SIMULATE_TAG_ISO_14443a:
-            SimulateIso14443aTag(packet->oldarg[0], packet->oldarg[1], packet->data.asBytes);  // ## Simulate iso14443a tag - pass tag type & UID
+        case CMD_SIMULATE_TAG_ISO_14443a: {
+            struct p {
+               uint8_t tagtype;
+               uint8_t flags;
+               uint8_t uid[10];
+            } PACKED;
+            struct p* payload = (struct p*) packet->data.asBytes;            
+            SimulateIso14443aTag(payload->tagtype, payload->flags, payload->uid);  // ## Simulate iso14443a tag - pass tag type & UID
             break;
+            }
         case CMD_ANTIFUZZ_ISO_14443a:
             iso14443a_antifuzz(packet->oldarg[0]);
             break;
@@ -1076,13 +1083,20 @@ static void PacketReceived(PacketCommandNG *packet) {
             MifareChkKeys_fast(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes);
             break;
         }
-        case CMD_SIMULATE_MIFARE_CARD:
-            Mifare1ksim(packet->oldarg[0], packet->oldarg[1], packet->data.asBytes);
+        case CMD_SIMULATE_MIFARE_CARD: {
+            struct p {
+               uint16_t flags;
+               uint8_t exitAfter;
+               uint8_t uid[10];
+            } PACKED;
+            struct p* payload = (struct p*) packet->data.asBytes;   
+            Mifare1ksim(payload->flags, payload->exitAfter, payload->uid);
+            }
             break;
 
         // emulator
         case CMD_MIFARE_SET_DBGMODE:
-            MifareSetDbgLvl(packet->oldarg[0]);
+            MifareSetDbgLvl(packet->data.asBytes[0]);
             break;
         case CMD_MIFARE_EML_MEMCLR:
             MifareEMemClr();
@@ -1362,6 +1376,7 @@ static void PacketReceived(PacketCommandNG *packet) {
             uint8_t *mem = BigBuf_get_addr();
             uint32_t startidx = packet->oldarg[0];
             uint32_t numofbytes = packet->oldarg[1];
+
             // arg0 = startindex
             // arg1 = length bytes to transfer
             // arg2 = BigBuf tracelen
diff --git a/armsrc/apps.h b/armsrc/apps.h
index 952185244..756567185 100644
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -129,7 +129,6 @@ void ClearFpgaShiftingRegisters(void);
 
 // iso14443a.h
 void RAMFUNC SniffIso14443a(uint8_t param);
-void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);
 void ReaderIso14443a(PacketCommandNG *c);
 
 // Also used in iclass.c
diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index 48b7fddee..38edc7a1b 100644
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -1028,7 +1028,7 @@ static bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_res
 // response to send, and send it.
 // 'hf 14a sim'
 //-----------------------------------------------------------------------------
-void SimulateIso14443aTag(int tagType, int flags, uint8_t *data) {
+void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) {
 
 #define ATTACK_KEY_COUNT 8 // keep same as define in cmdhfmf.c -> readerAttack()
 
diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h
index 4d898e18d..5ebc3e645 100644
--- a/armsrc/iso14443a.h
+++ b/armsrc/iso14443a.h
@@ -119,7 +119,7 @@ RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);
 RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);
 
 void RAMFUNC SniffIso14443a(uint8_t param);
-void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);
+void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data);
 void iso14443a_antifuzz(uint32_t flags);
 void ReaderIso14443a(PacketCommandNG *c);
 void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c
index 3e49e379e..c503c2926 100644
--- a/armsrc/mifaresim.c
+++ b/armsrc/mifaresim.c
@@ -960,7 +960,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
 
                 // Collect AR/NR per keytype & sector
                 if ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK) {
-                    if (MF_DBGLEVEL >= 0)	Dbprintf("FLAG_NR_AR_ATTACK");
+
                     for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
                         if (ar_nr_collected[i + mM] == 0 || ((cardAUTHSC == ar_nr_resp[i + mM].sector) && (cardAUTHKEY == ar_nr_resp[i + mM].keytype) && (ar_nr_collected[i + mM] > 0))) {
                             // if first auth for sector, or matches sector and keytype of previous auth
@@ -989,6 +989,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
                                         ar_nr_resp[i + mM].nonce2 = nonce;
                                         ar_nr_resp[i + mM].nr2 = nr;
                                         ar_nr_resp[i + mM].ar2 = ar;
+                                        
                                         if (!gettingMoebius) {
                                             nonce2_count++;
                                             // check if this was the last second nonce we need for std attack
@@ -1005,7 +1006,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
                                         } else {
                                             moebius_n_count++;
                                             // if we've collected all the nonces we need - finish.
-                                            if (nonce1_count == moebius_n_count) finished = true;
+                                            if (nonce1_count == moebius_n_count) 
+                                                finished = true;
                                         }
                                     }
                                     ar_nr_collected[i + mM]++;
@@ -1149,7 +1151,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
 
 
     // NR AR ATTACK
-    if (((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK) && (MF_DBGLEVEL >= 1)) {
+    if (((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK) && (MF_DBGLEVEL >= MF_DBG_INFO)) {
         for (uint8_t	i = 0; i < ATTACK_KEY_COUNT; i++) {
             if (ar_nr_collected[i] == 2) {
                 Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i < ATTACK_KEY_COUNT / 2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
@@ -1180,7 +1182,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
         }
     }
 
-    if (MF_DBGLEVEL >= 1)	{
+    if (MF_DBGLEVEL >= MF_DBG_ERROR)	{
         Dbprintf("Emulator stopped. Tracing: %d  trace length: %d ", get_tracing(), BigBuf_get_traceLen());
     }
 
diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 5d3ec4965..61fbf3379 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -406,24 +406,21 @@ static int CmdHF14ACUIDs(const char *Cmd) {
 }
 // ## simulate iso14443a tag
 int CmdHF14ASim(const char *Cmd) {
-    bool errors = false;
-    uint8_t flags = 0;
-    uint8_t tagtype = 1;
-    uint8_t cmdp = 0;
-    uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
     int uidlen = 0;
+    uint8_t flags = 0, tagtype = 1, cmdp = 0;
+    uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
     bool useUIDfromEML = true;
     bool setEmulatorMem = false;
     bool verbose = false;
+    bool errors = false;
     nonces_t data[1];
 
     while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
-        switch (param_getchar(Cmd, cmdp)) {
+        switch (tolower(param_getchar(Cmd, cmdp))) {
             case 'h':
-            case 'H':
                 return usage_hf_14a_sim();
             case 't':
-            case 'T':
                 // Retrieve the tag type
                 tagtype = param_get8ex(Cmd, cmdp + 1, 0, 10);
                 if (tagtype == 0)
@@ -431,15 +428,15 @@ int CmdHF14ASim(const char *Cmd) {
                 cmdp += 2;
                 break;
             case 'u':
-            case 'U':
                 // Retrieve the full 4,7,10 byte long uid
                 param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen);
+                uidlen >>= 1;
                 switch (uidlen) {
-                    //case 20: flags |= FLAG_10B_UID_IN_DATA; break;
-                    case 14:
+                    //case 10: flags |= FLAG_10B_UID_IN_DATA; break;
+                    case 7:
                         flags |= FLAG_7B_UID_IN_DATA;
                         break;
-                    case  8:
+                    case 4:
                         flags |= FLAG_4B_UID_IN_DATA;
                         break;
                     default:
@@ -447,23 +444,20 @@ int CmdHF14ASim(const char *Cmd) {
                         break;
                 }
                 if (!errors) {
-                    PrintAndLogEx(SUCCESS, "Emulating ISO/IEC 14443 type A tag with %d byte UID (%s)", uidlen >> 1, sprint_hex(uid, uidlen >> 1));
+                    PrintAndLogEx(SUCCESS, "Emulating ISO/IEC 14443 type A tag with %d byte UID (%s)", uidlen, sprint_hex(uid, uidlen));
                     useUIDfromEML = false;
                 }
                 cmdp += 2;
                 break;
             case 'v':
-            case 'V':
                 verbose = true;
                 cmdp++;
                 break;
             case 'x':
-            case 'X':
                 flags |= FLAG_NR_AR_ATTACK;
                 cmdp++;
                 break;
             case 'e':
-            case 'E':
                 setEmulatorMem = true;
                 cmdp++;
                 break;
@@ -480,8 +474,18 @@ int CmdHF14ASim(const char *Cmd) {
     if (useUIDfromEML)
         flags |= FLAG_UID_IN_EMUL;
 
+    struct {
+       uint8_t tagtype;
+       uint8_t flags;
+       uint8_t uid[10];
+    } PACKED payload;
+    
+    payload.tagtype = tagtype;
+    payload.flags = flags;
+    memcpy(payload.uid, uid, uidlen);
+    
     clearCommandBuffer();
-    SendCommandOLD(CMD_SIMULATE_TAG_ISO_14443a,  tagtype, flags, 0, uid, uidlen >> 1);
+    SendCommandNG(CMD_SIMULATE_TAG_ISO_14443a, (uint8_t *)&payload, sizeof(payload));
     PacketResponseNG resp;
 
     PrintAndLogEx(SUCCESS, "press pm3-button to abort simulation");
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index e1ec60b1c..6f5ce0bcc 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -2200,16 +2200,17 @@ static int CmdHF14AMfSim(const char *Cmd) {
                 break;
             case 'u':
                 param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen);
+                uidlen >>= 1;
                 switch (uidlen) {
-                    case 20:
+                    case 10:
                         flags |= FLAG_10B_UID_IN_DATA;
                         sprintf(uidsize, "10 byte");
                         break;
-                    case 14:
+                    case 7:
                         flags |= FLAG_7B_UID_IN_DATA;
                         sprintf(uidsize, "7 byte");
                         break;
-                    case  8:
+                    case 4:
                         flags |= FLAG_4B_UID_IN_DATA;
                         sprintf(uidsize, "4 byte");
                         break;
@@ -2243,7 +2244,7 @@ static int CmdHF14AMfSim(const char *Cmd) {
     PrintAndLogEx(INFO, _YELLOW_("Mifare %s") " | %s UID  " _YELLOW_("%s") ""
                   , csize
                   , uidsize
-                  , (uidlen == 0) ? "N/A" : sprint_hex(uid, uidlen >> 1)
+                  , (uidlen == 0) ? "N/A" : sprint_hex(uid, uidlen)
                  );
 
     PrintAndLogEx(INFO, "Options [ numreads: %d, flags: %d (0x%02x) ]"
@@ -2251,8 +2252,18 @@ static int CmdHF14AMfSim(const char *Cmd) {
                   , flags
                   , flags);
 
+    struct {
+       uint16_t flags;
+       uint8_t exitAfter;
+       uint8_t uid[10];
+    } PACKED payload;
+    
+    payload.flags = flags;
+    payload.exitAfter = exitAfterNReads;
+    memcpy(payload.uid, uid, uidlen);
+    
     clearCommandBuffer();
-    SendCommandOLD(CMD_SIMULATE_MIFARE_CARD, flags, exitAfterNReads, 0, uid, sizeof(uid));
+    SendCommandNG(CMD_SIMULATE_MIFARE_CARD, (uint8_t *)&payload, sizeof(payload));
     PacketResponseNG resp;
 
     if (flags & FLAG_INTERACTIVE) {
@@ -2439,7 +2450,7 @@ int CmdHF14AMfDbg(const char *Cmd) {
     uint8_t dbgMode = param_get8ex(Cmd, 0, 0, 10);
     if (dbgMode > 4) return usage_hf14_dbg();
 
-    SendCommandMIX(CMD_MIFARE_SET_DBGMODE, dbgMode, 0, 0, NULL, 0);
+    SendCommandNG(CMD_MIFARE_SET_DBGMODE, &dbgMode, 1);
     return 0;
 }