From 57f226c922050643880c566427cb1f084c8fdbbc Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 26 Oct 2020 00:38:13 +0100 Subject: [PATCH 1/4] smart upgrade - now uses NG, added crc for each transfer to verify data integrity before flashing --- armsrc/appmain.c | 38 +++++++++++++++++++-- armsrc/i2c.c | 7 ++-- client/src/cmdsmartcard.c | 69 ++++++++++++++++++++++++++------------- 3 files changed, 86 insertions(+), 28 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index f5eacc363..416bf91e4 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -46,6 +46,7 @@ #include "util.h" #include "ticks.h" #include "commonutil.h" +#include "crc16.h" #ifdef WITH_LCD #include "LCD.h" @@ -1630,13 +1631,44 @@ static void PacketReceived(PacketCommandNG *packet) { } case CMD_SMART_UPLOAD: { // upload file from client + struct p { + uint32_t idx; + uint32_t bytes_in_packet; + uint16_t crc; + uint8_t data[400]; + } PACKED; + struct p *payload = (struct p *)packet->data.asBytes; uint8_t *mem = BigBuf_get_addr(); - memcpy(mem + packet->oldarg[0], packet->data.asBytes, PM3_CMD_DATA_SIZE); - reply_mix(CMD_ACK, 1, 0, 0, 0, 0); + memcpy(mem + payload->idx, payload->data, payload->bytes_in_packet); + + uint8_t a = 0, b = 0; + compute_crc(CRC_14443_A, mem + payload->idx, payload->bytes_in_packet, &a, &b); + int res = PM3_SUCCESS; + if (payload->crc != (a << 8 | b)) { + DbpString("CRC Failed"); + res = PM3_ESOFT; + } + reply_ng(CMD_SMART_UPLOAD, res, NULL, 0); break; } case CMD_SMART_UPGRADE: { - SmartCardUpgrade(packet->oldarg[0]); + struct p { + uint16_t fw_size; + uint16_t crc; + } PACKED; + struct p *payload = (struct p *)packet->data.asBytes; + + uint8_t *fwdata = BigBuf_get_addr(); + uint8_t a = 0, b = 0; + compute_crc(CRC_14443_A, fwdata, payload->fw_size, &a, &b); + + if (payload->crc != (a << 8 | b)) { + Dbprintf("CRC Failed, 0x[%04x] != 0x[%02x%02x]", payload->crc, a, b); + reply_ng(CMD_SMART_UPGRADE, PM3_ESOFT, NULL, 0); + } else { + SmartCardUpgrade(payload->fw_size); + } + fwdata = NULL; break; } #endif diff --git a/armsrc/i2c.c b/armsrc/i2c.c index 92737214a..085f9e633 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -219,7 +219,7 @@ static bool I2C_WaitForSim(void) { // 8051 speaks with smart card. // 1000*50*3.07 = 153.5ms // 1byte transfer == 1ms with max frame being 256bytes - if (!WaitSCL_H_delay(20 * 1000 * 50)) + if (!WaitSCL_H_delay(10 * 1000 * 50)) return false; return true; @@ -807,7 +807,7 @@ void SmartCardUpgrade(uint64_t arg0) { } // writing takes time. - WaitMS(100); + WaitMS(50); // read res = I2C_ReadFW(verfiydata, size, msb, lsb, I2C_DEVICE_ADDRESS_BOOT); @@ -827,7 +827,8 @@ void SmartCardUpgrade(uint64_t arg0) { length -= size; pos += size; } - reply_mix(CMD_ACK, isOK, pos, 0, 0, 0); + + reply_ng(CMD_SMART_UPGRADE, (isOK) ? PM3_SUCCESS : PM3_ESOFT, NULL, 0); LED_C_OFF(); BigBuf_free(); } diff --git a/client/src/cmdsmartcard.c b/client/src/cmdsmartcard.c index 906a483e7..405bad8db 100644 --- a/client/src/cmdsmartcard.c +++ b/client/src/cmdsmartcard.c @@ -8,12 +8,10 @@ // Proxmark3 RDV40 Smartcard module commands //----------------------------------------------------------------------------- #include "cmdsmartcard.h" - #include #include - -#include "cmdparser.h" // command_t -#include "commonutil.h" // ARRAYLEN +#include "cmdparser.h" // command_t +#include "commonutil.h" // ARRAYLEN #include "protocols.h" #include "cmdtrace.h" #include "proxmark3.h" @@ -23,6 +21,7 @@ #include "emv/dump.h" #include "ui.h" #include "fileutils.h" +#include "crc16.h" // crc static int CmdHelp(const char *Cmd); @@ -626,45 +625,72 @@ static int CmdSmartUpgrade(const char *Cmd) { PrintAndLogEx(SUCCESS, "Sim module firmware uploading to PM3"); + PacketResponseNG resp; + //Send to device uint32_t index = 0; uint32_t bytes_sent = 0; uint32_t bytes_remaining = firmware_size; - // fast push mode - conn.block_after_ACK = true; - while (bytes_remaining > 0) { - uint32_t bytes_in_packet = MIN(PM3_CMD_DATA_SIZE, bytes_remaining); - if (bytes_in_packet == bytes_remaining) { - // Disable fast mode on last packet - conn.block_after_ACK = false; - } + + struct { + uint32_t idx; + uint32_t bytes_in_packet; + uint16_t crc; + uint8_t data[400]; + } PACKED upload; + + uint32_t bytes_in_packet = MIN(sizeof(upload.data), bytes_remaining); + + upload.idx = index + bytes_sent; + upload.bytes_in_packet = bytes_in_packet; + memcpy(upload.data, firmware + bytes_sent, bytes_in_packet); + + uint8_t a = 0, b = 0; + compute_crc(CRC_14443_A, upload.data, bytes_in_packet, &a, &b); + upload.crc = (a << 8 | b); + clearCommandBuffer(); - SendCommandOLD(CMD_SMART_UPLOAD, index + bytes_sent, bytes_in_packet, 0, firmware + bytes_sent, bytes_in_packet); - if (!WaitForResponseTimeout(CMD_ACK, NULL, 2000)) { + SendCommandNG(CMD_SMART_UPLOAD, (uint8_t *)&upload, sizeof(upload)); + if (!WaitForResponseTimeout(CMD_SMART_UPLOAD, &resp, 2000)) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); free(firmware); return PM3_ETIMEOUT; } - + + if (resp.status != PM3_SUCCESS) { + PrintAndLogEx(WARNING, "uploading to device failed"); + free(firmware); + return resp.status; + } bytes_remaining -= bytes_in_packet; bytes_sent += bytes_in_packet; PrintAndLogEx(INPLACE, "%d bytes sent", bytes_sent); } - free(firmware); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(SUCCESS, "Sim module firmware updating, don\'t turn off your PM3!"); - // trigger the firmware upgrade + // trigger the firmware upgrade clearCommandBuffer(); - SendCommandMIX(CMD_SMART_UPGRADE, firmware_size, 0, 0, NULL, 0); - PacketResponseNG resp; - if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { + struct { + uint16_t fw_size; + uint16_t crc; + } PACKED payload; + payload.fw_size = firmware_size; + + uint8_t a = 0, b = 0; + compute_crc(CRC_14443_A, firmware, firmware_size, &a, &b); + payload.crc = (a << 8 | b); + + free(firmware); + SendCommandNG(CMD_SMART_UPGRADE, (uint8_t *)&payload, sizeof(payload)); + if (!WaitForResponseTimeout(CMD_SMART_UPGRADE, &resp, 2500)) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); return PM3_ETIMEOUT; } - if ((resp.oldarg[0] & 0xFF)) { + + if ((resp.status == PM3_SUCCESS)) { PrintAndLogEx(SUCCESS, "Sim module firmware upgrade " _GREEN_("successful")); PrintAndLogEx(HINT, "run " _YELLOW_("`hw status`") " to validate the fw version "); } else { @@ -814,7 +840,6 @@ static int CmdSmartSetClock(const char *Cmd) { struct { uint32_t new_clk; } PACKED payload; - payload.new_clk = new_clk; clearCommandBuffer(); From 229c1053c0acefdfb8a95aa9920456368690fba0 Mon Sep 17 00:00:00 2001 From: dxl <64101226@qq.com> Date: Mon, 26 Oct 2020 16:28:41 +0800 Subject: [PATCH 2/4] delete some text. --- client/android/pm3_main.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/client/android/pm3_main.c b/client/android/pm3_main.c index 0da684e01..f7627658f 100644 --- a/client/android/pm3_main.c +++ b/client/android/pm3_main.c @@ -37,7 +37,7 @@ static char *g_android_executable_directory = NULL; static char *g_android_user_directory = NULL; -char version_information[] = {"ANDROID_LIBRARY 1.4.6 build by DXL"}; +char version_information[] = {""}; const char *get_my_executable_directory(void) { if (g_android_executable_directory == NULL) { @@ -86,7 +86,7 @@ jint Console(JNIEnv *env, jobject instance, jstring cmd_) { PrintAndLogEx(NORMAL, ""); - char *cmd = (char *)((*env)->GetStringUTFChars(env, cmd_, 0)); + char *cmd = (char *) ((*env)->GetStringUTFChars(env, cmd_, 0)); int ret = CommandReceived(cmd); if (ret == 99) { // exit / quit @@ -102,7 +102,7 @@ jint Console(JNIEnv *env, jobject instance, jstring cmd_) { * Is client running! * */ jboolean IsClientRunning(JNIEnv *env, jobject instance) { - return (jboolean)((jboolean) conn.run); + return (jboolean) ((jboolean) conn.run); } /* @@ -114,7 +114,7 @@ jboolean TestPm3(JNIEnv *env, jobject instance) { return false; } bool ret = (TestProxmark() == PM3_SUCCESS); - return (jboolean)(ret); + return (jboolean) (ret); } /* @@ -141,18 +141,18 @@ JNIEXPORT jint JNI_OnLoad(JavaVM *vm, void *reserved) { } jclass clz_test = (*jniEnv)->FindClass(jniEnv, "cn/rrg/devices/Proxmark3RRGRdv4"); JNINativeMethod methods[] = { - {"startExecute", "(Ljava/lang/String;)I", (void *) Console}, - {"stopExecute", "()V", (void *) ClosePm3}, - {"isExecuting", "()Z", (void *) IsClientRunning} + {"startExecute", "(Ljava/lang/String;)I", (void *) Console}, + {"stopExecute", "()V", (void *) ClosePm3}, + {"isExecuting", "()Z", (void *) IsClientRunning} }; JNINativeMethod methods1[] = { - {"testPm3", "()Z", (void *) TestPm3}, - {"closePm3", "()V", ClosePm3} + {"testPm3", "()Z", (void *) TestPm3}, + {"closePm3", "()V", ClosePm3} }; if ((*jniEnv)->RegisterNatives(jniEnv, clazz, methods, sizeof(methods) / sizeof(methods[0])) != - JNI_OK) { + JNI_OK) { return -1; } From caafbe27c770b428b87857f0a7cfdde310ea8591 Mon Sep 17 00:00:00 2001 From: dxl <64101226@qq.com> Date: Mon, 26 Oct 2020 16:30:05 +0800 Subject: [PATCH 3/4] Some file already deleted or renamed. --- client/android/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/android/CMakeLists.txt b/client/android/CMakeLists.txt index 69e71d5d5..708833696 100644 --- a/client/android/CMakeLists.txt +++ b/client/android/CMakeLists.txt @@ -127,6 +127,7 @@ add_library(pm3rrg_rdv4 SHARED ${PM3_ROOT}/client/src/cmdlfcotag.c ${PM3_ROOT}/client/src/cmdlfdestron.c ${PM3_ROOT}/client/src/cmdlfem4x.c + ${PM3_ROOT}/client/src/cmdlfem4x05.c ${PM3_ROOT}/client/src/cmdlfem4x50.c ${PM3_ROOT}/client/src/cmdlffdxb.c ${PM3_ROOT}/client/src/cmdlfgallagher.c @@ -150,7 +151,6 @@ add_library(pm3rrg_rdv4 SHARED ${PM3_ROOT}/client/src/cmdlfsecurakey.c ${PM3_ROOT}/client/src/cmdlft55xx.c ${PM3_ROOT}/client/src/cmdlfti.c - ${PM3_ROOT}/client/src/cmdlfverichip.c ${PM3_ROOT}/client/src/cmdlfviking.c ${PM3_ROOT}/client/src/cmdlfvisa2000.c ${PM3_ROOT}/client/src/cmdmain.c From d7d809a8e3d8d91d8483faaa417b2e46b6af7425 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 26 Oct 2020 10:00:44 +0100 Subject: [PATCH 4/4] remove extra parenthesis --- client/src/cmdsmartcard.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdsmartcard.c b/client/src/cmdsmartcard.c index 405bad8db..9959fe49b 100644 --- a/client/src/cmdsmartcard.c +++ b/client/src/cmdsmartcard.c @@ -690,7 +690,7 @@ static int CmdSmartUpgrade(const char *Cmd) { return PM3_ETIMEOUT; } - if ((resp.status == PM3_SUCCESS)) { + if (resp.status == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "Sim module firmware upgrade " _GREEN_("successful")); PrintAndLogEx(HINT, "run " _YELLOW_("`hw status`") " to validate the fw version "); } else {