github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-13 00:33:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added the changes to armsrc for milfare ultralight C and Desfire commands

Browse source
This commit is contained in:
midnitesnake 2014-11-09 11:30:29 +00:00
parent a88dc6ab3b
commit 16a372ab75
7 changed files with 2067 additions and 1695 deletions
Download patch file Download diff file Expand all files Collapse all files

18
armsrc/appmain.c
View file

@ -801,7 +801,16 @@ void UsbPacketReceived(uint8_t *packet, int len)
MifareUReadBlock(c->arg[0],c->d.asBytes); MifareUReadBlock(c->arg[0],c->d.asBytes);
break; break;
case CMD_MIFAREU_READCARD: case CMD_MIFAREU_READCARD:
MifareUReadCard(c->arg[0],c->d.asBytes); MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
break;
case CMD_MIFAREUC_READCARD:
MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
break;
case CMD_MIFAREUC_AUTH1:
MifareUC_Auth1(c->arg[0],c->d.asBytes);
break;
case CMD_MIFAREUC_AUTH2:
MifareUC_Auth2(c->arg[0],c->d.asBytes);
break; break;
case CMD_MIFARE_READSC: case CMD_MIFARE_READSC:
MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
@ -824,7 +833,12 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_SIMULATE_MIFARE_CARD: case CMD_SIMULATE_MIFARE_CARD:
Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); Mifare1ksim(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break; break;
case CMD_MIFARE_DES_AUTH1:
Mifare_DES_Auth1(c->arg[0],c->d.asBytes);
break;
case CMD_MIFARE_DES_AUTH2:
Mifare_DES_Auth2(c->arg[0],c->d.asBytes);
break;
// emulator // emulator
case CMD_MIFARE_SET_DBGMODE: case CMD_MIFARE_SET_DBGMODE:
MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); MifareSetDbgLvl(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);

15
armsrc/apps.h
View file

@ -171,12 +171,8 @@ void EPA_PACE_Collect_Nonce(UsbCommand * c);
void ReaderMifare(bool first_try); void ReaderMifare(bool first_try);
int32_t dist_nt(uint32_t nt1, uint32_t nt2); int32_t dist_nt(uint32_t nt1, uint32_t nt2);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
void MifareUReadBlock(uint8_t arg0,uint8_t *datain);
void MifareUReadCard(uint8_t arg0,uint8_t *datain);
void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareUWriteBlock(uint8_t arg0,uint8_t *datain);
void MifareUWriteBlock_Special(uint8_t arg0,uint8_t *datain);
void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain); void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
@ -187,6 +183,17 @@ void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
//ultralight
void MifareUReadBlock(uint8_t arg0,uint8_t *datain);
void MifareUC_Auth1(uint8_t arg0, uint8_t *datain);
void MifareUC_Auth2(uint32_t arg0, uint8_t *datain);
void MifareUReadCard(uint8_t arg0,int Pages,uint8_t *datain);
void MifareUCReadCard(uint8_t arg0,int Pages,uint8_t *datain);
void MifareUWriteBlock(uint8_t arg0,uint8_t *datain);
void MifareUWriteBlock_Special(uint8_t arg0,uint8_t *datain);
//desfire
void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain);
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain);
/// iso15693.h /// iso15693.h
void RecordRawAdcSamplesIso15693(void); void RecordRawAdcSamplesIso15693(void);

187
armsrc/mifarecmd.c
View file

@ -2,6 +2,8 @@
// Merlok - June 2011, 2012 // Merlok - June 2011, 2012
// Gerhard de Koning Gans - May 2008 // Gerhard de Koning Gans - May 2008
// Hagen Fritsch - June 2010 // Hagen Fritsch - June 2010
// Midnitesnake - Dec 2013
// Andy Davies - Apr 2014
// //
// This code is licensed to you under the terms of the GNU GPL, version 2 or, // This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of // at your option, any later version. See the LICENSE.txt file for the text of
@ -78,12 +80,8 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
memset(uid, 0x44, 4); memset(uid, 0x44, 4);
LogTrace(uid, 4, 0, 0, TRUE); LogTrace(uid, 4, 0, 0, TRUE);
// UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};
// memcpy(ack.d.asBytes, dataoutbuf, 16);
LED_B_ON(); LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16); cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
// UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));
LED_B_OFF(); LED_B_OFF();
@ -94,11 +92,8 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
} }
void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
{
// params
uint8_t blockNo = arg0;
void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){
// variables // variables
byte_t isOK = 0; byte_t isOK = 0;
byte_t dataoutbuf[16]; byte_t dataoutbuf[16];
@ -113,6 +108,83 @@ void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
LED_B_OFF(); LED_B_OFF();
LED_C_OFF(); LED_C_OFF();
if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card, something went wrong before auth");
};
if(mifare_ultra_auth1(cuid, dataoutbuf)){
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part1: Fail.");
}
isOK=1;
if (MF_DBGLEVEL >= 2) DbpString("AUTH 1 FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,cuid,0,dataoutbuf,11);
LED_B_OFF();
// Thats it...
//FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){
// params
uint32_t cuid = arg0;
uint8_t key[16]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
memcpy(key, datain, 16);
// clear trace
//iso14a_clear_trace();
//iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
// Dbprintf("Sending %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
// key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7],key[8],
// key[9],key[10],key[11],key[12],key[13],key[14],key[15]);
if(mifare_ultra_auth2(cuid, key, dataoutbuf)){
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail...");
}
isOK=1;
if (MF_DBGLEVEL >= 2) DbpString("AUTH 2 FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,11);
LED_B_OFF();
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
void MifareUReadBlock(uint8_t arg0, uint8_t *datain )
{
// params
uint8_t blockNo = arg0;
//uint8_t key[16]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
uint8_t uid[10];
uint32_t cuid;
//memcpy(key, datain + 10, 26);
// clear trace
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
while (true) { while (true) {
if(!iso14443a_select_card(uid, NULL, &cuid)) { if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
@ -128,7 +200,6 @@ void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error"); if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
break; break;
}; };
isOK = 1; isOK = 1;
break; break;
} }
@ -245,14 +316,15 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
} }
void MifareUReadCard(uint8_t arg0, uint8_t *datain) void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
{ {
// params // params
uint8_t sectorNo = arg0; uint8_t sectorNo = arg0;
int Pages=arg1;
int count_Pages=0;
// variables // variables
byte_t isOK = 0; byte_t isOK = 0;
byte_t dataoutbuf[16 * 4]; byte_t dataoutbuf[44 * 4];
uint8_t uid[10]; uint8_t uid[10];
uint32_t cuid; uint32_t cuid;
@ -265,16 +337,18 @@ void MifareUReadCard(uint8_t arg0, uint8_t *datain)
LED_A_ON(); LED_A_ON();
LED_B_OFF(); LED_B_OFF();
LED_C_OFF(); LED_C_OFF();
Dbprintf("Pages %d",Pages);
while (true) { while (true) {
if(!iso14443a_select_card(uid, NULL, &cuid)) { if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
break; break;
}; };
for(int sec=0;sec<16;sec++){ for(int sec=0;sec<Pages;sec++){
if(mifare_ultra_readblock(cuid, sectorNo * 4 + sec, dataoutbuf + 4 * sec)) { if(mifare_ultra_readblock(cuid, sectorNo * 4 + sec, dataoutbuf + 4 * sec)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Read block %d error",sec); if (MF_DBGLEVEL >= 1) Dbprintf("Read block %d error",sec);
break; break;
}else{
count_Pages++;
}; };
} }
if(mifare_ultra_halt(cuid)) { if(mifare_ultra_halt(cuid)) {
@ -285,15 +359,17 @@ void MifareUReadCard(uint8_t arg0, uint8_t *datain)
isOK = 1; isOK = 1;
break; break;
} }
Dbprintf("Pages read %d",count_Pages);
if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED"); if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");
// add trace trailer // add trace trailer
memset(uid, 0x44, 4); //memset(uid, 0x44, 4);
LogTrace(uid, 4, 0, 0, TRUE); //LogTrace(uid, 4, 0, 0, TRUE);
LED_B_ON(); LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64); if (Pages==16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64);
if (Pages==44 && count_Pages==16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64);
if (Pages==44 && count_Pages>16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,176);
//cmd_send(CMD_ACK,isOK,0,0,dataoutbuf+32, 32); //cmd_send(CMD_ACK,isOK,0,0,dataoutbuf+32, 32);
LED_B_OFF(); LED_B_OFF();
@ -1194,3 +1270,78 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
} }
} }
//
// DESFIRE
//
void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
uint8_t uid[10];
uint32_t cuid;
// clear trace
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card, something went wrong before auth");
};
if(mifare_desfire_des_auth1(cuid, dataoutbuf)){
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part1: Fail.");
}
isOK=1;
if (MF_DBGLEVEL >= 2) DbpString("AUTH 1 FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,cuid,0,dataoutbuf,11);
LED_B_OFF();
// Thats it...
//FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
// params
uint32_t cuid = arg0;
uint8_t key[16]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
memcpy(key, datain, 16);
// clear trace
//iso14a_clear_trace();
//iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
// Dbprintf("Sending %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
// key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7],key[8],
// key[9],key[10],key[11],key[12],key[13],key[14],key[15]);
if(mifare_desfire_des_auth2(cuid, key, dataoutbuf)){
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail...");
}
isOK=1;
if (MF_DBGLEVEL >= 2) DbpString("AUTH 2 FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,12);
LED_B_OFF();
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}

196
armsrc/mifareutil.c
View file

@ -13,6 +13,8 @@
#include "apps.h" #include "apps.h"
#include "util.h" #include "util.h"
#include "string.h" #include "string.h"
#include <stdio.h>
#include <stdlib.h>
#include "iso14443crc.h" #include "iso14443crc.h"
#include "iso14443a.h" #include "iso14443a.h"
@ -88,11 +90,7 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
//uint32_t par=0; //uint32_t par=0;
dcmd[0] = cmd; dcmd[0] = cmd;
dcmd[1] = data[0]; memcpy(dcmd+1,data,5);
dcmd[2] = data[1];
dcmd[3] = data[2];
dcmd[4] = data[3];
dcmd[5] = data[4];
AppendCrc14443a(dcmd, 6); AppendCrc14443a(dcmd, 6);
//Dbprintf("Data command: %02x", dcmd[0]); //Dbprintf("Data command: %02x", dcmd[0]);
//Dbprintf("Data R: %02x %02x %02x %02x %02x %02x %02x", dcmd[1],dcmd[2],dcmd[3],dcmd[4],dcmd[5],dcmd[6],dcmd[7]); //Dbprintf("Data R: %02x %02x %02x %02x %02x %02x %02x", dcmd[1],dcmd[2],dcmd[3],dcmd[4],dcmd[5],dcmd[6],dcmd[7]);
@ -105,6 +103,40 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout."); if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2; return 2;
} }
return len;
}
int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint32_t *timing)
{
uint8_t dcmd[19];//, ecmd[4];
int len;
//uint32_t par=0;
dcmd[0] = cmd;
memcpy(dcmd+1,data,16);
AppendCrc14443a(dcmd, 17);
//Dbprintf("Data command: %02x", dcmd[0]);
//Dbprintf("Data R: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", dcmd[0], dcmd[1],dcmd[2],dcmd[3],dcmd[4],dcmd[5],dcmd[6],dcmd[7],dcmd[8],dcmd[9],dcmd[10],dcmd[11],dcmd[12],dcmd[13],dcmd[14],dcmd[15],dcmd[16],dcmd[17],dcmd[18]);
//uint32_t time=0;
//uint8_t wupa[] = { 0x52 };
//ReaderTransmitBitsPar(wupa,7,0, NULL);
// Receive the ATQA
//if(!ReaderReceive(answer)) return 0;
ReaderTransmit(dcmd, sizeof(dcmd), timing);
len = ReaderReceive(answer);
if(!len)
{
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
len = ReaderReceive(answer);
}
if(len==1)
{
if (MF_DBGLEVEL >= 1) Dbprintf("NAK - Authentication failed.");
return 1;
}
return len; return len;
} }
@ -282,6 +314,55 @@ int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blo
return 0; return 0;
} }
int mifare_ultra_auth1(uint32_t uid, uint8_t *blockData){
// variables
int len;
uint8_t* receivedAnswer = mifare_get_bigbufptr();
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,NULL);
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len == 11) {
if (MF_DBGLEVEL >= 1) Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10]);
memcpy(blockData, receivedAnswer, 11);
return 0;
}
//else something went wrong???
return 1;
}
int mifare_ultra_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
// variables
int len;
uint8_t* receivedAnswer = mifare_get_bigbufptr();
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, key, receivedAnswer,NULL);
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len == 11){
if (MF_DBGLEVEL >= 1) Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10]);
memcpy(blockData, receivedAnswer, 11);
return 0;
}
//something went wrong?
return 1;
}
int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData) int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{ {
// variables // variables
@ -544,3 +625,108 @@ void emlClearMem(void) {
emlSetMem((uint8_t *)uid, 0, 1); emlSetMem((uint8_t *)uid, 0, 1);
return; return;
} }
//
//DESFIRE
//
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *timing)
{
uint8_t dcmd[5];//, ecmd[4];
//dcmd= (uint8_t *) malloc(data_len+3);
//uint32_t par=0;
dcmd[0] = cmd;
memcpy(dcmd+1,data,2);
AppendCrc14443a(dcmd, 3);
//Dbprintf("Data command: %02x", dcmd[0]);
//Dbprintf("Data R: %02x %02x", dcmd[1],dcmd[2]);
//memcpy(ecmd, dcmd, sizeof(dcmd));
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer);
if(!len)
{
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2;
}
//free(dcmd);
return len;
}
int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *timing)
{
uint8_t dcmd[20];//, ecmd[4];
//dcmd= (uint8_t *) malloc(data_len+3);
//uint32_t par=0;
dcmd[0] = cmd;
memcpy(dcmd+1,data,17);
AppendCrc14443a(dcmd, 18);
//Dbprintf("Data command: %02x", dcmd[0]);
//Dbprintf("Data R: %02x %02x %02x %02x", dcmd[1],dcmd[2],dcmd[3],dcmd[4]);
//memcpy(ecmd, dcmd, sizeof(dcmd));
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer);
if(!len)
{
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2;
}
//free(dcmd);
return len;
}
int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){
// variables
int len;
// load key, keynumber
uint8_t data[2]={0x0a, 0x00};
//uint8_t data_len=2;
uint8_t* receivedAnswer = mifare_get_bigbufptr();
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,NULL);
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len == 12) {
if (MF_DBGLEVEL >= 1) Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10],receivedAnswer[11]);
memcpy(blockData, receivedAnswer, 12);
return 0;
}
//else something went wrong???
return 1;
}
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
// variables
int len;
uint8_t data[17]={0xaf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
memcpy(data+1,key,16);
uint8_t* receivedAnswer = mifare_get_bigbufptr();
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer,NULL);
if ((receivedAnswer[0] == 0x03)&&(receivedAnswer[1] == 0xae)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);
return 1;
}
if (len == 12){
if (MF_DBGLEVEL >= 1) Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10],receivedAnswer[11]);
memcpy(blockData, receivedAnswer, 12);
return 0;
}
//something went wrong?
return 1;
}

7
armsrc/mifareutil.h
View file

@ -56,6 +56,7 @@ extern int MF_DBGLEVEL;
uint8_t* mifare_get_bigbufptr(void); uint8_t* mifare_get_bigbufptr(void);
int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t *timing); int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t *timing);
int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint8_t *timing); int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint8_t *timing);
int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint32_t *timing);
int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t * parptr, uint32_t *timing); int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t * parptr, uint32_t *timing);
int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, \ int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, \
@ -63,6 +64,8 @@ int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, \
int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, \ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, \
uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint64_t isNested, uint32_t * ntptr, uint32_t *timing); uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint64_t isNested, uint32_t * ntptr, uint32_t *timing);
int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
int mifare_ultra_auth1(uint32_t cuid, uint8_t *blockData);
int mifare_ultra_auth2(uint32_t cuid, uint8_t *key, uint8_t *blockData);
int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData);
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData); int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData);
@ -70,6 +73,10 @@ int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *bloc
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid); int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid);
int mifare_ultra_halt(uint32_t uid); int mifare_ultra_halt(uint32_t uid);
//desfire
int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);
// crypto functions // crypto functions
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len); void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, int len, uint32_t *par); void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, int len, uint32_t *par);

9
include/usb_cmd.h
View file

@ -153,9 +153,16 @@ typedef struct {
#define CMD_MIFAREU_WRITEBL_COMPAT 0x0722 #define CMD_MIFAREU_WRITEBL_COMPAT 0x0722
#define CMD_MIFAREU_WRITEBL 0x0723 #define CMD_MIFAREU_WRITEBL 0x0723
#define CMD_MIFARE_CHKKEYS 0x0623 #define CMD_MIFARE_CHKKEYS 0x0623
#define CMD_MIFARE_SNIFFER 0x0630 #define CMD_MIFARE_SNIFFER 0x0630
//ultralightC
#define CMD_MIFAREUC_AUTH1 0x0724
#define CMD_MIFAREUC_AUTH2 0x0725
#define CMD_MIFAREUC_READCARD 0x0726
//desfire
#define CMD_MIFARE_DES_AUTH1 0x0730
#define CMD_MIFARE_DES_AUTH2 0x0731
#define CMD_UNKNOWN 0xFFFF #define CMD_UNKNOWN 0xFFFF