Increase MAX_MIFARE_FRAME_SIZE to cope with UL AES auth, and fix code using MAX_MIFARE_FRAME_SIZE while it should use MIFARE_BLOCK_SIZE + 2

2025-08-20 21:33:47 -07:00 · 2025-06-16 00:06:23 +02:00 · 2025-06-16 00:06:23 +02:00 · eb31bcad07
commit eb31bcad07
parent eb5aa9e08e
4 changed files with 11 additions and 11 deletions
--- a/armsrc/BigBuf.h
+++ b/armsrc/BigBuf.h
@ -23,8 +23,8 @@

 #define MAX_FRAME_SIZE          256 // maximum allowed ISO14443 frame
 #define MAX_PARITY_SIZE         ((MAX_FRAME_SIZE + 7) / 8)
-#define MAX_MIFARE_FRAME_SIZE   18  // biggest Mifare frame is answer to a read (one block = 16 Bytes) + 2 Bytes CRC
-#define MAX_MIFARE_PARITY_SIZE  3   // need 18 parity bits for the 18 Byte above. 3 Bytes are enough to store these
+#define MAX_MIFARE_FRAME_SIZE   19  // biggest Mifare frame is UL AES answer to AUTH (1 + 16 Bytes) + 2 Bytes CRC
+#define MAX_MIFARE_PARITY_SIZE  3   // need 19 parity bits for the 19 Byte above. 3 Bytes are enough to store these
 #define CARD_MEMORY_SIZE        4096
 // For now we're storing FM11RF08S nonces in the upper 1k of CARD_MEMORY_SIZE
 // but we might have to allocate extra space if one day we've to support sth like a FM11RF32S
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -1764,7 +1764,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *useruid, uin
                } else {
                    // first blocks of emu are header
                    uint16_t start = (block * 4) + MFU_DUMP_PREFIX_LENGTH;
-                    uint8_t emdata[MAX_MIFARE_FRAME_SIZE] = {0};
+                    uint8_t emdata[MIFARE_BLOCK_SIZE + 2] = {0};
                    emlGet(emdata, start, MIFARE_BLOCK_SIZE);
                    AddCrc14A(emdata, MIFARE_BLOCK_SIZE);
                    EmSendCmd(emdata, sizeof(emdata));
@ -1783,7 +1783,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *useruid, uin
                //   block1 = 4byte UID.
                p_response = &responses[RESP_INDEX_UIDC1];
            } else { // all other tags (16 byte block tags)
-                uint8_t emdata[MAX_MIFARE_FRAME_SIZE] = {0};
+                uint8_t emdata[MIFARE_BLOCK_SIZE + 2] = {0};
                emlGet(emdata, block, MIFARE_BLOCK_SIZE);
                AddCrc14A(emdata, MIFARE_BLOCK_SIZE);
                EmSendCmd(emdata, sizeof(emdata));
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -2909,7 +2909,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain) {
        }

        // read block
-        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar, NULL) != MAX_MIFARE_FRAME_SIZE)) {
+        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar, NULL) != MIFARE_BLOCK_SIZE + 2)) {
            if (g_dbglevel >= DBG_ERROR) Dbprintf("read block send command error");
            errormsg = 0;
            break;
@ -3515,7 +3515,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {

    int retval = PM3_SUCCESS;
    uint8_t block_cmd[5] = { 0x90, 0xf0, 0xcc, 0xcc, 0x10 };
-    uint8_t cmdlen = sizeof(block_cmd) + MAX_MIFARE_FRAME_SIZE;
+    uint8_t cmdlen = sizeof(block_cmd) + MIFARE_BLOCK_SIZE + 2;
    uint8_t *cmd = BigBuf_calloc(cmdlen);

    iso14a_card_select_t *card_info = (iso14a_card_select_t *) BigBuf_calloc(sizeof(iso14a_card_select_t));
@ -3532,7 +3532,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {

    bool doReselect = false;
    if (block_len < MIFARE_BLOCK_SIZE) {
-        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, 0, &cmd[sizeof(block_cmd)], MAX_MIFARE_FRAME_SIZE, NULL, NULL) != MAX_MIFARE_FRAME_SIZE)) {
+        if ((mifare_sendcmd_short(NULL, CRYPT_NONE, ISO14443A_CMD_READBLOCK, 0, &cmd[sizeof(block_cmd)], MIFARE_BLOCK_SIZE + 2, NULL, NULL) != MIFARE_BLOCK_SIZE + 2)) {
            if (g_dbglevel >= DBG_ERROR) Dbprintf("Read manufacturer block failed");
            retval = PM3_ESOFT;
            goto OUT;
@ -3567,7 +3567,7 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) {
            }
        }

-        retval = DoGen3Cmd(cmd, sizeof(block_cmd) + MAX_MIFARE_FRAME_SIZE);
+        retval = DoGen3Cmd(cmd, sizeof(block_cmd) + MIFARE_BLOCK_SIZE + 2);
    }

 OUT:
--- a/armsrc/mifaresim.c
+++ b/armsrc/mifaresim.c
@ -1039,8 +1039,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
                        }
                    }
                    AddCrc14A(response, MIFARE_BLOCK_SIZE);
-                    mf_crypto1_encrypt(pcs, response, MAX_MIFARE_FRAME_SIZE, response_par);
-                    EmSendCmdPar(response, MAX_MIFARE_FRAME_SIZE, response_par);
+                    mf_crypto1_encrypt(pcs, response, MIFARE_BLOCK_SIZE + 2, response_par);
+                    EmSendCmdPar(response, MIFARE_BLOCK_SIZE + 2, response_par);
                    FpgaDisableTracing();

                    if (g_dbglevel >= DBG_EXTENDED) {
@ -1309,7 +1309,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *uid, uint16_t
            // WRITE BL2
            case MFEMUL_WRITEBL2: {

-                if (receivedCmd_len == MAX_MIFARE_FRAME_SIZE) {
+                if (receivedCmd_len == MIFARE_BLOCK_SIZE + 2) {

                    mf_crypto1_decryptEx(pcs, receivedCmd, receivedCmd_len, receivedCmd_dec);