github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

FIX: "hf 14a read" / "hf mf *" / "hf mfdes info" and failure when calling these commands serveral times in row.

Browse source 
For long transactions the sspclock compare with >1 instead of >=1 ..   Now the timer resets properly.
CHG: use some #define constants for iso-commands.
This commit is contained in:
iceman1001 2016-09-23 21:28:07 +02:00
commit f885043422
6 changed files with 44 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

11
armsrc/iso14443a.c
View file

@ -1835,10 +1835,10 @@ int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity) {
// if anticollision is false, then the UID must be provided in uid_ptr[] // if anticollision is false, then the UID must be provided in uid_ptr[]
// and num_cascades must be set (1: 4 Byte UID, 2: 7 Byte UID, 3: 10 Byte UID) // and num_cascades must be set (1: 4 Byte UID, 2: 7 Byte UID, 3: 10 Byte UID)
int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades) { int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades) {
uint8_t wupa[] = { 0x52 }; // 0x26 - REQA 0x52 - WAKE-UP uint8_t wupa[] = { ISO14443A_CMD_WUPA }; // 0x26 - ISO14443A_CMD_REQA 0x52 - ISO14443A_CMD_WUPA
uint8_t sel_all[] = { 0x93,0x20 }; uint8_t sel_all[] = { ISO14443A_CMD_ANTICOLL_OR_SELECT,0x20 };
uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; uint8_t sel_uid[] = { ISO14443A_CMD_ANTICOLL_OR_SELECT,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t rats[] = { 0xE0,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0 uint8_t rats[] = { ISO14443A_CMD_RATS,0x80,0x00,0x00 }; // FSD=256, FSDI=8, CID=0
uint8_t resp[MAX_FRAME_SIZE] = {0}; // theoretically. A usual RATS will be much smaller uint8_t resp[MAX_FRAME_SIZE] = {0}; // theoretically. A usual RATS will be much smaller
uint8_t resp_par[MAX_PARITY_SIZE] = {0}; uint8_t resp_par[MAX_PARITY_SIZE] = {0};
byte_t uid_resp[4] = {0}; byte_t uid_resp[4] = {0};
@ -2009,7 +2009,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
DemodReset(); DemodReset();
UartReset(); UartReset();
NextTransferTime = 2 * DELAY_ARM2AIR_AS_READER; NextTransferTime = 2 * DELAY_ARM2AIR_AS_READER;
iso14a_set_timeout(10*106); // 10ms default iso14a_set_timeout(20*106); // 20ms default
} }
int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) { int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
@ -2045,7 +2045,6 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data) {
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Read an ISO 14443a tag. Send out commands and store answers. // Read an ISO 14443a tag. Send out commands and store answers.
//
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
void ReaderIso14443a(UsbCommand *c) { void ReaderIso14443a(UsbCommand *c) {
iso14a_command_t param = c->arg[0]; iso14a_command_t param = c->arg[0];

5
armsrc/mifarecmd.c
View file

@ -379,7 +379,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LED_C_OFF(); LED_C_OFF();
while (true) { while (true) {
if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) { if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
break; break;
}; };
@ -403,14 +403,11 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
break; break;
} }
// ----------------------------- crypto1 destroy
crypto1_destroy(pcs); crypto1_destroy(pcs);
if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED"); if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,0,0); cmd_send(CMD_ACK,isOK,0,0,0,0);
LED_B_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff(); LEDsoff();

31
armsrc/mifaredesfire.c
View file

@ -19,17 +19,13 @@ static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
bool InitDesfireCard(){ bool InitDesfireCard(){
iso14a_card_select_t card;
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
set_tracing(TRUE); set_tracing(TRUE);
byte_t cardbuf[USB_CMD_DATA_SIZE] = {0x00}; if (!iso14443a_select_card(NULL, &card, NULL, true, 0)) {
iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; if (MF_DBGLEVEL >= MF_DBG_ERROR) DbpString("Can't select card");
int len = iso14443a_select_card(NULL,card,NULL,true,0);
if (!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Can't select card");
OnError(1); OnError(1);
return false; return false;
} }
@ -92,9 +88,9 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
void MifareDesfireGetInformation(){ void MifareDesfireGetInformation(){
int len = 0; int len = 0;
iso14a_card_select_t card;
uint8_t resp[USB_CMD_DATA_SIZE] = {0x00}; uint8_t resp[USB_CMD_DATA_SIZE] = {0x00};
uint8_t dataout[USB_CMD_DATA_SIZE] = {0x00}; uint8_t dataout[USB_CMD_DATA_SIZE] = {0x00};
byte_t cardbuf[USB_CMD_DATA_SIZE] = {0x00};
/* /*
1 = PCB 1 1 = PCB 1
@ -110,17 +106,13 @@ void MifareDesfireGetInformation(){
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
// card select - information // card select - information
iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf; if ( !iso14443a_select_card(NULL, &card, NULL, true, 0) ) {
byte_t isOK = iso14443a_select_card(NULL, card, NULL, true, 0); if (MF_DBGLEVEL >= MF_DBG_ERROR) DbpString("Can't select card");
if ( isOK == 0) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
Dbprintf("Can't select card");
}
OnError(1); OnError(1);
return; return;
} }
memcpy(dataout,card->uid,7); memcpy(dataout, card.uid, 7);
LED_A_ON(); LED_A_ON();
LED_B_OFF(); LED_B_OFF();
@ -507,19 +499,17 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
size_t len = 0; size_t len = 0;
size_t wrappedLen = 0; size_t wrappedLen = 0;
uint8_t wCmd[USB_CMD_DATA_SIZE] = {0x00}; uint8_t wCmd[USB_CMD_DATA_SIZE] = {0x00};
uint8_t resp[MAX_FRAME_SIZE]; uint8_t resp[MAX_FRAME_SIZE];
uint8_t par[MAX_PARITY_SIZE]; uint8_t par[MAX_PARITY_SIZE];
wrappedLen = CreateAPDU( cmd, cmd_len, wCmd); wrappedLen = CreateAPDU( cmd, cmd_len, wCmd);
if (MF_DBGLEVEL >= 4) { if (MF_DBGLEVEL >= 4)
print_result("WCMD <--: ", wCmd, wrappedLen); print_result("WCMD <--: ", wCmd, wrappedLen);
}
ReaderTransmit( wCmd, wrappedLen, NULL); ReaderTransmit( wCmd, wrappedLen, NULL);
len = ReaderReceive(resp, par); len = ReaderReceive(resp, par);
if ( !len ) { if ( !len ) {
if (MF_DBGLEVEL >= 4) Dbprintf("fukked"); if (MF_DBGLEVEL >= 4) Dbprintf("fukked");
return FALSE; //DATA LINK ERROR return FALSE; //DATA LINK ERROR
@ -566,6 +556,7 @@ size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){
void OnSuccess(){ void OnSuccess(){
pcb_blocknum = 0; pcb_blocknum = 0;
ReaderTransmit(deselect_cmd, 3 , NULL); ReaderTransmit(deselect_cmd, 3 , NULL);
mifare_ultra_halt();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff(); LEDsoff();
set_tracing(FALSE); set_tracing(FALSE);

25
armsrc/ticks.c
View file

@ -48,7 +48,7 @@ void SpinDelay(int ms) {
// SpinDelay(1000); // SpinDelay(1000);
// ti = GetTickCount() - ti; // ti = GetTickCount() - ti;
// Dbprintf("timer(1s): %d t=%d", ti, GetTickCount()); // Dbprintf("timer(1s): %d t=%d", ti, GetTickCount());
void StartTickCount() { void StartTickCount(void) {
// This timer is based on the slow clock. The slow clock frequency is between 22kHz and 40kHz. // This timer is based on the slow clock. The slow clock frequency is between 22kHz and 40kHz.
// We can determine the actual slow clock frequency by looking at the Main Clock Frequency Register. // We can determine the actual slow clock frequency by looking at the Main Clock Frequency Register.
uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & 0xffff; // = 16 * main clock frequency (16MHz) / slow clock frequency uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & 0xffff; // = 16 * main clock frequency (16MHz) / slow clock frequency
@ -60,14 +60,14 @@ void StartTickCount() {
/* /*
* Get the current count. * Get the current count.
*/ */
uint32_t RAMFUNC GetTickCount(){ uint32_t RAMFUNC GetTickCount(void){
return AT91C_BASE_RTTC->RTTC_RTVR;// was * 2; return AT91C_BASE_RTTC->RTTC_RTVR;// was * 2;
} }
// ------------------------------------------------------------------------- // -------------------------------------------------------------------------
// microseconds timer // microseconds timer
// ------------------------------------------------------------------------- // -------------------------------------------------------------------------
void StartCountUS() { void StartCountUS(void) {
AT91C_BASE_PMC->PMC_PCER |= (1 << 12) | (1 << 13) | (1 << 14); AT91C_BASE_PMC->PMC_PCER |= (1 << 12) | (1 << 13) | (1 << 14);
AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE; AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE;
@ -87,25 +87,20 @@ void StartCountUS() {
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
AT91C_BASE_TCB->TCB_BCR = 1; AT91C_BASE_TCB->TCB_BCR = 1;
while (AT91C_BASE_TC1->TC_CV > 1); while (AT91C_BASE_TC1->TC_CV >= 1);
} }
uint32_t RAMFUNC GetCountUS(){ uint32_t RAMFUNC GetCountUS(void){
//return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV / 15) * 10); //return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV / 15) * 10);
// By suggestion from PwPiwi, http://www.proxmark.org/forum/viewtopic.php?pid=17548#p17548 // By suggestion from PwPiwi, http://www.proxmark.org/forum/viewtopic.php?pid=17548#p17548
return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV * 2) / 3); return (AT91C_BASE_TC1->TC_CV * 0x8000) + ((AT91C_BASE_TC0->TC_CV * 2) / 3);
} }
void ResetUSClock(void) {
//enable clock of timer and software trigger
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
while (AT91C_BASE_TC1->TC_CV > 1);
}
// ------------------------------------------------------------------------- // -------------------------------------------------------------------------
// Timer for iso14443 commands. Uses ssp_clk from FPGA // Timer for iso14443 commands. Uses ssp_clk from FPGA
// ------------------------------------------------------------------------- // -------------------------------------------------------------------------
void StartCountSspClk() { void StartCountSspClk(void) {
AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1) | (1 << AT91C_ID_TC2); // Enable Clock to all timers AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1) | (1 << AT91C_ID_TC2); // Enable Clock to all timers
AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_TIOA1 // XC0 Clock = TIOA1 AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_TIOA1 // XC0 Clock = TIOA1
| AT91C_TCB_TC1XC1S_NONE // XC1 Clock = none | AT91C_TCB_TC1XC1S_NONE // XC1 Clock = none
@ -160,17 +155,17 @@ void StartCountSspClk() {
// The high word of the counter (TC2) will not reset until the low word (TC0) overflows. // The high word of the counter (TC2) will not reset until the low word (TC0) overflows.
// Therefore need to wait quite some time before we can use the counter. // Therefore need to wait quite some time before we can use the counter.
while (AT91C_BASE_TC2->TC_CV > 1); while (AT91C_BASE_TC2->TC_CV >= 1);
} }
void ResetSspClk(void) { void ResetSspClk(void) {
//enable clock of timer and software trigger //enable clock of timer and software trigger
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
while (AT91C_BASE_TC2->TC_CV >= 1);
} }
uint32_t RAMFUNC GetCountSspClk(){ uint32_t RAMFUNC GetCountSspClk(void) {
uint32_t tmp_count = (AT91C_BASE_TC2->TC_CV << 16) | AT91C_BASE_TC0->TC_CV; uint32_t tmp_count = (AT91C_BASE_TC2->TC_CV << 16) | AT91C_BASE_TC0->TC_CV;
if ((tmp_count & 0x0000ffff) == 0) //small chance that we may have missed an increment in TC2 if ((tmp_count & 0x0000ffff) == 0) //small chance that we may have missed an increment in TC2
return (AT91C_BASE_TC2->TC_CV << 16); return (AT91C_BASE_TC2->TC_CV << 16);

2
client/cmdhfmf.c
View file

@ -1050,7 +1050,7 @@ int CmdHF14AMfNestedHard(const char *Cmd) {
slow ? "Yes" : "No", slow ? "Yes" : "No",
tests); tests);
int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key?trgkey:NULL, nonce_file_read, nonce_file_write, slow, tests); int16_t isOK = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, know_target_key ? trgkey : NULL, nonce_file_read, nonce_file_write, slow, tests);
if (isOK) { if (isOK) {
switch (isOK) { switch (isOK) {

20
client/cmdlft55xx.c
View file

@ -547,6 +547,11 @@ bool tryDetectModulation(){
clk = GetAskClock("", FALSE, FALSE); clk = GetAskClock("", FALSE, FALSE);
if (clk>0) { if (clk>0) {
tests[hits].ST = TRUE; tests[hits].ST = TRUE;
// "0 0 1 " == clock auto, invert false, maxError 1.
// false = no verbose
// false = no emSearch
// 1 = Ask/Man
// st = true
if ( ASKDemod_ext("0 0 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) { if ( ASKDemod_ext("0 0 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
tests[hits].modulation = DEMOD_ASK; tests[hits].modulation = DEMOD_ASK;
tests[hits].bitrate = bitRate; tests[hits].bitrate = bitRate;
@ -555,6 +560,11 @@ bool tryDetectModulation(){
++hits; ++hits;
} }
tests[hits].ST = TRUE; tests[hits].ST = TRUE;
// "0 0 1 " == clock auto, invert true, maxError 1.
// false = no verbose
// false = no emSearch
// 1 = Ask/Man
// st = true
if ( ASKDemod_ext("0 1 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) { if ( ASKDemod_ext("0 1 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
tests[hits].modulation = DEMOD_ASK; tests[hits].modulation = DEMOD_ASK;
tests[hits].bitrate = bitRate; tests[hits].bitrate = bitRate;
@ -1249,8 +1259,11 @@ int CmdT55xxDump(const char *Cmd){
int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){ int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
// arg0 bitmodes: // arg0 bitmodes:
// bit0 = pwdmode // bit0 = pwdmode
// bit1 = page to read from // bit1 = page to read from
// arg1: which block to read
// arg2: password
uint8_t arg0 = (page<<1) | pwdmode; uint8_t arg0 = (page<<1) | pwdmode;
UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}}; UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}};
@ -1583,8 +1596,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
return 0; return 0;
} }
int tryOnePassword(uint32_t password) int tryOnePassword(uint32_t password) {
{
PrintAndLog("Trying password %08x", password); PrintAndLog("Trying password %08x", password);
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) { if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) {
PrintAndLog("Aquireing data from device failed. Quitting"); PrintAndLog("Aquireing data from device failed. Quitting");