github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 18:48:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into feature/iso15693-standalone

Browse source
This commit is contained in:
Iceman 2021-05-06 00:23:33 +02:00 committed by GitHub
commit d0f2f6622b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 352 additions and 299 deletions
Download patch file Download diff file Expand all files Collapse all files

12
armsrc/appmain.c
View file

@ -1257,8 +1257,8 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t pwd[4];
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
DisablePrivacySlixLIso15693(payload->pwd);
break;
DisablePrivacySlixLIso15693(payload->pwd);
break;
}
#endif
@ -1317,8 +1317,8 @@ static void PacketReceived(PacketCommandNG *packet) {
SimulateIso14443bTag(packet->data.asBytes);
break;
}
case CMD_HF_ISO14443B_COMMAND: {
iso14b_raw_cmd_t *payload = (iso14b_raw_cmd_t*)packet->data.asBytes;
case CMD_HF_ISO14443B_COMMAND: {
iso14b_raw_cmd_t *payload = (iso14b_raw_cmd_t *)packet->data.asBytes;
SendRawCommand14443B_Ex(payload);
break;
}
@ -1704,14 +1704,14 @@ static void PacketReceived(PacketCommandNG *packet) {
break;
}
case CMD_HF_ICLASS_CHKKEYS: {
iClass_Authentication_fast((iclass_chk_t*)packet->data.asBytes);
iClass_Authentication_fast((iclass_chk_t *)packet->data.asBytes);
break;
}
case CMD_HF_ICLASS_DUMP: {
iClass_Dump(packet->data.asBytes);
break;
}
case CMD_HF_ICLASS_RESTORE: {
case CMD_HF_ICLASS_RESTORE: {
iClass_Restore((iclass_restore_req_t *)packet->data.asBytes);
break;
}

2
armsrc/iclass.c
View file

@ -1546,7 +1546,7 @@ void iClass_Authentication_fast(iclass_chk_t *p) {
Iso15693InitReader();
bool isOK = false;
uint32_t start_time = 0, eof_time = 0;
if (select_iclass_tag(&hdr, p->use_credit_key, &eof_time) == false)
goto out;

2
armsrc/iso14443a.c
View file

@ -2671,7 +2671,7 @@ int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32
} // else force RATS
if ((sak & 0x20) == 0) Dbprintf("Forcing RATS according to hf 14a config");
// RATS, Request for answer to select
if (no_rats == false) {
uint8_t rats[] = { ISO14443A_CMD_RATS, 0x80, 0x00, 0x00 }; // FSD=256, FSDI=8, CID=0

66
armsrc/iso14443b.c
View file

@ -26,12 +26,12 @@
#include "ticks.h"
#include "iso14b.h" // defines for ETU conversions
/*
/*
* Current timing issues with ISO14443-b implementation
* Proxmark3
* Carrier Frequency 13.56MHz
* Proxmark3
* Carrier Frequency 13.56MHz
* SSP_CLK runs at 13.56MHz / 4 = 3,39MHz
*
*
*
* PROBLEM 1.
* ----------
@ -62,7 +62,7 @@
#define DELAY_ARM_TO_TAG 16
#define DELAY_TAG_TO_ARM 32
// SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when sniffing.
// SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when sniffing.
// All values should be multiples of 16
#define DELAY_TAG_TO_ARM_SNIFF 32
#define DELAY_READER_TO_ARM_SNIFF 32
@ -86,7 +86,7 @@
*
* FWI_max == 2^14 = 16384
* FWT(max) = (256 x 16 / fc) * 16384 == 4949
*
*
* Which gives a maximum Frame Waiting time of FWT(max) == 4949 ms
* FWT(max) in ETU 4949000 / 9.4395 µS = 524286 ETU
*
@ -106,12 +106,12 @@
// Activation frame waiting time
// 512 ETU?
// 65536/fc == 4833 µS or 4.833ms
// SSP_CLK = 4833 µS * 3.39 = 16384
// SSP_CLK = 4833 µS * 3.39 = 16384
#ifndef FWT_TIMEOUT_14B
# define FWT_TIMEOUT_14B (16384)
#endif
#endif
// ETU 14 * 9.4395 µS = 132 µS == 0.132ms
// ETU 14 * 9.4395 µS = 132 µS == 0.132ms
// TR2, counting from start of PICC EOF 14 ETU.
#define DELAY_ISO14443B_PICC_TO_PCD_READER ETU_TO_SSP(14)
#define DELAY_ISO14443B_PCD_TO_PICC_READER ETU_TO_SSP(15)
@ -126,7 +126,7 @@
* TR0 = FWT(1), FWT(2), FWT(3) .. FWT(14)
*
*
* TR0
* TR0
*/
#ifndef ISO14B_TR0
# define ISO14B_TR0 ETU_TO_SSP(32)
@ -140,7 +140,7 @@
// TR0 max is 151/fsc = 151/848kHz = 302us or 64 samples from FPGA
// 32 ETU * 9.4395 µS == 302 µS
// 32 * 8 = 256 sub carrier cycles,
// 256 / 4 = 64 I/Q pairs.
// 256 / 4 = 64 I/Q pairs.
// since 1 I/Q pair after 4 subcarrier cycles at 848kHz subcarrier
#endif
@ -195,16 +195,16 @@ static uint32_t iso14b_timeout = FWT_TIMEOUT_14B;
* Elementary Time Unit (ETU)
* --------------------------
* ETU is used to denotate 1 bit period i.e. how long one bit transfer takes.
*
*
* - 128 Carrier cycles / 13.56MHz = 8 Subcarrier units / 848kHz = 1/106kHz = 9.4395 µS
* - 16 Carrier cycles = 1 Subcarrier unit = 1.17 µS
*
* Definition
* ----------
* 1 ETU = 128 / ( D x fc )
* 1 ETU = 128 / ( D x fc )
* where
* D = divisor. Which inital is 1
* fc = carrier frequency
* fc = carrier frequency
* gives
* 1 ETU = 128 / fc
* 1 ETU = 128 / 13 560 000 = 9.4395 µS
@ -212,7 +212,7 @@ static uint32_t iso14b_timeout = FWT_TIMEOUT_14B;
*
* (note: It seems we are using the subcarrier as base for our time calculations rather than the field clock)
*
* - 1 ETU = 1/106 KHz
* - 1 ETU = 1/106 KHz
* - 1 ETU = 8 subcarrier units ( 8 / 848kHz )
* - 1 ETU = 1 bit period
*
@ -260,14 +260,14 @@ static uint32_t iso14b_timeout = FWT_TIMEOUT_14B;
* let calc how long it takes the reader to send a message
* SOF 10 ETU + 4 data bytes + 2 crc bytes + EOF 2 ETU
* 10 + (4+2 * 10) + 2 = 72 ETU
* 72 * 9.4395 = 680 µS or 0.68 ms
*
* 72 * 9.4395 = 680 µS or 0.68 ms
*
*
* -> TO VERIFY THIS BELOW <-
* --------------------------
* The mode FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK which we use to simulate tag
* works like this:
* Simulation per definition is "inversed" effect on the reader antenna.
* works like this:
* Simulation per definition is "inversed" effect on the reader antenna.
* - A 1-bit input to the FPGA becomes 8 pulses at 847.5kHz (1.18µS / pulse) == 9.44us
* - A 0-bit input to the FPGA becomes an unmodulated time of 1.18µS or does it become 8 nonpulses for 9.44us
*
@ -278,13 +278,13 @@ static uint32_t iso14b_timeout = FWT_TIMEOUT_14B;
*
* FPGA doesn't seem to work with ETU. It seems to work with pulse / duration instead.
*
* This means that we are using a bit rate of 106 kbit/s, or fc/128.
* This means that we are using a bit rate of 106 kbit/s, or fc/128.
* Oversample by 4, which ought to make things practical for the ARM
* (fc/32, 423.8 kbits/s, ~52 kbytes/s)
*
* We are sampling the signal at FC/32, we are reporting over SSP to PM3 each
*
* Current I/Q pair sampling
* We are sampling the signal at FC/32, we are reporting over SSP to PM3 each
*
* Current I/Q pair sampling
* -------------------------
* Let us report a correlation every 64 samples. I.e.
* 1 I/Q pair after 4 subcarrier cycles for the 848kHz subcarrier,
@ -303,7 +303,7 @@ static uint32_t iso14b_timeout = FWT_TIMEOUT_14B;
*
* sample: 3sec == 3000ms
*
* 13560000 * 1000 / 128 * 3000 == 13560000000 / 384000 ==
* 13560000 * 1000 / 128 * 3000 == 13560000000 / 384000 ==
* 13560000 / 384 = 35312 FWT
*
* 35312 * 9.4395 ==
@ -428,7 +428,7 @@ static void Uart14bInit(uint8_t *data) {
Uart14bReset();
}
// param timeout accepts ETU
// param timeout accepts ETU
static void iso14b_set_timeout(uint32_t timeout_etu) {
uint32_t ssp = ETU_TO_SSP(timeout_etu);
@ -445,7 +445,7 @@ static void iso14b_set_timeout(uint32_t timeout_etu) {
// keep track of FWT, also updates the timeout
static void iso14b_set_fwt(uint8_t fwt) {
iso14b_fwt = fwt;
iso14b_set_timeout( 32 << fwt );
iso14b_set_timeout(32 << fwt);
}
static void iso14b_set_maxframesize(uint16_t size) {
@ -1370,7 +1370,7 @@ static int Get14443bAnswerFromTag(uint8_t *response, uint16_t max_len, uint32_t
break;
}
if (((GetCountSspClkDelta(dma_start_time) ) > timeout) && Demod.state < DEMOD_PHASE_REF_TRAINING) {
if (((GetCountSspClkDelta(dma_start_time)) > timeout) && Demod.state < DEMOD_PHASE_REF_TRAINING) {
ret = -1;
break;
}
@ -1402,7 +1402,7 @@ static void TransmitFor14443b_AsReader(uint32_t *start_time) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_SHALLOW_MOD);
// TR2 minimum 14 ETUs
if (*start_time < ISO14B_TR0) {
// *start_time = DELAY_ARM_TO_TAG;
@ -1562,15 +1562,15 @@ int iso14443b_apdu(uint8_t const *msg, size_t msg_len, bool send_chaining, void
uint32_t save_iso14b_timeout_spp = iso14b_timeout;
// 2 high bits mandatory set to 0b
// byte1 - WTXM [1..59].
// 2 high bits mandatory set to 0b
// byte1 - WTXM [1..59].
uint8_t wtxm = data_bytes[1] & 0x3F;
// command FWT = FWT * WTXM
uint32_t fwt_temp = iso14b_fwt * wtxm;
// temporarily increase timeout
iso14b_set_timeout( (32 << fwt_temp));
iso14b_set_timeout((32 << fwt_temp));
// Transmit WTX back
data_bytes[1] = wtxm;
@ -2176,7 +2176,7 @@ void SendRawCommand14443B_Ex(iso14b_raw_cmd_t *o) {
// receive buffer
uint8_t buf[PM3_CMD_DATA_SIZE];
memset(buf, 0 , sizeof(buf));
memset(buf, 0, sizeof(buf));
if (DBGLEVEL > DBG_DEBUG) {
Dbprintf("14b raw: param, %04x", o->flags);
}

72
armsrc/iso15693.c
View file

@ -2114,50 +2114,50 @@ void SetTag15693Uid(uint8_t *uid) {
static void init_password_15693_slixl(uint8_t *buffer, uint8_t *pwd, uint8_t *rnd) {
memcpy(buffer, pwd, 4);
if(rnd) {
buffer[0] ^= rnd[0];
buffer[1] ^= rnd[1];
buffer[2] ^= rnd[0];
buffer[3] ^= rnd[1];
}
if (rnd) {
buffer[0] ^= rnd[0];
buffer[1] ^= rnd[1];
buffer[2] ^= rnd[0];
buffer[3] ^= rnd[1];
}
}
static bool get_rnd_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *rnd) {
// 0x04, == NXP from manufacture id list.
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_GET_RANDOM_NUMBER, 0x04, 0x00, 0x00 };
AddCrc15(c, 3);
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_GET_RANDOM_NUMBER, 0x04, 0x00, 0x00 };
AddCrc15(c, 3);
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
int recvlen = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time);
if (recvlen != 5) {
return false;
}
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
int recvlen = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time);
if (recvlen != 5) {
return false;
}
if(rnd) {
memcpy(rnd, &recvbuf[1], 2);
}
return true;
if (rnd) {
memcpy(rnd, &recvbuf[1], 2);
}
return true;
}
static uint32_t set_pass_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t pass_id, uint8_t *password) {
uint8_t rnd[2];
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
uint8_t rnd[2];
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
// 0x04, == NXP from manufacture id list.
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_SET_PASSWORD, 0x04, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
init_password_15693_slixl(&c[4], password, rnd);
AddCrc15(c, 8);
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_SET_PASSWORD, 0x04, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
init_password_15693_slixl(&c[4], password, rnd);
AddCrc15(c, 8);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
int recvlen = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time);
if (recvlen != 3) {
return PM3_EWRONGANSWER;
}
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
int recvlen = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time);
if (recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
return PM3_SUCCESS;
}
/*
@ -2226,11 +2226,11 @@ static uint32_t destroy_15693_slixl(uint32_t start_time, uint32_t *eof_time, uin
*/
void DisablePrivacySlixLIso15693(uint8_t *password) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
// 4 == pass id.
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
// 4 == pass id.
int res = set_pass_15693_slixl(start_time, &eof_time, 0x10, password);
reply_ng(CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY, res, NULL, 0);
switch_off();

2
armsrc/mifaresim.c
View file

@ -878,7 +878,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
if (blockNo == 4) {
p_em += blockNo * 16;
// TLV in NDEF, flip length between
// TLV in NDEF, flip length between
// 4 | 03 21 D1 02 1C 53 70 91 01 09 54 02 65 6E 4C 69
// 0xFF means long length
// 0xFE mean max short length