github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-11 15:56:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
marshmellow42 2015-02-14 21:16:27 -05:00
commit 8db0534ed1
28 changed files with 1587 additions and 1428 deletions
Download patch file Download diff file Expand all files Collapse all files

150
armsrc/BigBuf.c
View file

@ -26,10 +26,9 @@ static uint16_t BigBuf_hi = BIGBUF_SIZE;
// pointer to the emulator memory.
static uint8_t *emulator_memory = NULL;
// trace related global variables
// (only one left). ToDo: make this static as well?
uint16_t traceLen = 0;
// trace related variables
static uint16_t traceLen = 0;
int tracing = 1; //Last global one.. todo static?
// get the address of BigBuf
uint8_t *BigBuf_get_addr(void)
@ -95,3 +94,146 @@ uint16_t BigBuf_max_traceLen(void)
{
return BigBuf_hi;
}
void clear_trace() {
uint8_t *trace = BigBuf_get_addr();
uint16_t max_traceLen = BigBuf_max_traceLen();
memset(trace, 0x44, max_traceLen);
traceLen = 0;
}
void set_tracing(bool enable) {
tracing = enable;
}
/**
* Get the number of bytes traced
* @return
*/
uint16_t BigBuf_get_traceLen(void)
{
return traceLen;
}
/**
This is a function to store traces. All protocols can use this generic tracer-function.
The traces produced by calling this function can be fetched on the client-side
by 'hf list raw', alternatively 'hf list <proto>' for protocol-specific
annotation of commands/responses.
**/
bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag)
{
if (!tracing) return FALSE;
uint8_t *trace = BigBuf_get_addr();
uint16_t num_paritybytes = (iLen-1)/8 + 1; // number of valid paritybytes in *parity
uint16_t duration = timestamp_end - timestamp_start;
// Return when trace is full
uint16_t max_traceLen = BigBuf_max_traceLen();
if (traceLen + sizeof(iLen) + sizeof(timestamp_start) + sizeof(duration) + num_paritybytes + iLen >= max_traceLen) {
tracing = FALSE; // don't trace any more
return FALSE;
}
// Traceformat:
// 32 bits timestamp (little endian)
// 16 bits duration (little endian)
// 16 bits data length (little endian, Highest Bit used as readerToTag flag)
// y Bytes data
// x Bytes parity (one byte per 8 bytes data)
// timestamp (start)
trace[traceLen++] = ((timestamp_start >> 0) & 0xff);
trace[traceLen++] = ((timestamp_start >> 8) & 0xff);
trace[traceLen++] = ((timestamp_start >> 16) & 0xff);
trace[traceLen++] = ((timestamp_start >> 24) & 0xff);
// duration
trace[traceLen++] = ((duration >> 0) & 0xff);
trace[traceLen++] = ((duration >> 8) & 0xff);
// data length
trace[traceLen++] = ((iLen >> 0) & 0xff);
trace[traceLen++] = ((iLen >> 8) & 0xff);
// readerToTag flag
if (!readerToTag) {
trace[traceLen - 1] |= 0x80;
}
// data bytes
if (btBytes != NULL && iLen != 0) {
memcpy(trace + traceLen, btBytes, iLen);
}
traceLen += iLen;
// parity bytes
if (parity != NULL && iLen != 0) {
memcpy(trace + traceLen, parity, num_paritybytes);
}
traceLen += num_paritybytes;
if(traceLen +4 < max_traceLen)
{ //If it hadn't been cleared, for whatever reason..
memset(trace+traceLen,0x44, 4);
}
return TRUE;
}
int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int readerToTag)
{
/**
Todo, rewrite the logger to use the generic functionality instead. It should be noted, however,
that this logger takes number of bits as argument, not number of bytes.
**/
if (!tracing) return FALSE;
uint8_t *trace = BigBuf_get_addr();
uint16_t iLen = nbytes(iBits);
// Return when trace is full
if (traceLen + sizeof(rsamples) + sizeof(dwParity) + sizeof(iBits) + iLen > BigBuf_max_traceLen()) return FALSE;
//Hitag traces appear to use this traceformat:
// 32 bits timestamp (little endian,Highest Bit used as readerToTag flag)
// 32 bits parity
// 8 bits size (number of bits in the trace entry, not number of bytes)
// y Bytes data
rsamples += iSamples;
trace[traceLen++] = ((rsamples >> 0) & 0xff);
trace[traceLen++] = ((rsamples >> 8) & 0xff);
trace[traceLen++] = ((rsamples >> 16) & 0xff);
trace[traceLen++] = ((rsamples >> 24) & 0xff);
if (!readerToTag) {
trace[traceLen - 1] |= 0x80;
}
trace[traceLen++] = ((dwParity >> 0) & 0xff);
trace[traceLen++] = ((dwParity >> 8) & 0xff);
trace[traceLen++] = ((dwParity >> 16) & 0xff);
trace[traceLen++] = ((dwParity >> 24) & 0xff);
trace[traceLen++] = iBits;
memcpy(trace + traceLen, btBytes, iLen);
traceLen += iLen;
return TRUE;
}
// Emulator memory
uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){
uint8_t* mem = BigBuf_get_EM_addr();
if(offset+length < CARD_MEMORY_SIZE)
{
memcpy(mem+offset, data, length);
return 0;
}else
{
Dbprintf("Error, trying to set memory outside of bounds! %d > %d", (offset+length), CARD_MEMORY_SIZE);
return 1;
}
}

8
armsrc/BigBuf.h
View file

@ -29,6 +29,10 @@ extern uint8_t *BigBuf_malloc(uint16_t);
extern void BigBuf_free(void);
extern void BigBuf_free_keep_EM(void);
extern uint16_t traceLen;
uint16_t BigBuf_get_traceLen(void);
void clear_trace();
void set_tracing(bool enable);
bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader);
uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length);
#endif /* __BIGBUF_H */

10
armsrc/appmain.c
View file

@ -24,6 +24,7 @@
#include "legicrf.h"
#include <hitag2.h>
#include "lfsampling.h"
#include "BigBuf.h"
#ifdef WITH_LCD
#include "LCD.h"
#endif
@ -899,6 +900,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_READER_ICLASS_REPLAY:
ReaderIClass_Replay(c->arg[0], c->d.asBytes);
break;
case CMD_ICLASS_EML_MEMSET:
emlSet(c->d.asBytes,c->arg[0], c->arg[1]);
break;
#endif
case CMD_SIMULATE_TAG_HF_LISTEN:
@ -933,10 +937,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
uint8_t *BigBuf = BigBuf_get_addr();
for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
size_t len = MIN((c->arg[1] - i),USB_CMD_DATA_SIZE);
cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,traceLen,BigBuf+c->arg[0]+i,len);
cmd_send(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K,i,len,BigBuf_get_traceLen(),BigBuf+c->arg[0]+i,len);
}
// Trigger a finish downloading signal with an ACK frame
cmd_send(CMD_ACK,1,0,traceLen,getSamplingConfig(),sizeof(sample_config));
cmd_send(CMD_ACK,1,0,BigBuf_get_traceLen(),getSamplingConfig(),sizeof(sample_config));
LED_B_OFF();
break;
@ -1012,7 +1016,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
void __attribute__((noreturn)) AppMain(void)
{
SpinDelay(100);
clear_trace();
if(common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
/* Initialize common area */
memset(&common_area, 0, sizeof(common_area));

3
armsrc/apps.h
View file

@ -152,8 +152,7 @@ void ReaderIso14443a(UsbCommand * c);
bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t len, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *parity);
void iso14a_set_trigger(bool enable);
void iso14a_clear_trace();
void iso14a_set_tracing(bool enable);
void RAMFUNC SniffMifare(uint8_t param);
/// epa.h

5
armsrc/epa.c
View file

@ -257,9 +257,6 @@ void EPA_PACE_Collect_Nonce(UsbCommand *c)
return;
}
// increase the timeout (at least some cards really do need this!)
iso14a_set_timeout(0x0002FFFF);
// read the CardAccess file
// this array will hold the CardAccess file
uint8_t card_access[256] = {0};
@ -426,8 +423,6 @@ int EPA_Setup()
// power up the field
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
iso14a_set_timeout(10500);
// select the card
return_code = iso14443a_select_card(uid, &card_select_info, NULL);
if (return_code != 1) {

39
armsrc/hitag2.c
View file

@ -21,6 +21,7 @@
#include "util.h"
#include "hitag2.h"
#include "string.h"
#include "BigBuf.h"
static bool bQuiet;
@ -30,32 +31,6 @@ static bool bPwd;
static bool bSuccessful;
static int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader)
{
static uint16_t traceLen = 0;
uint8_t *trace = BigBuf_get_addr();
// Return when trace is full
if (traceLen + sizeof(rsamples) + sizeof(dwParity) + sizeof(iBits) + nbytes(iBits) > BigBuf_max_traceLen()) return FALSE;
// Trace the random, i'm curious
rsamples += iSamples;
trace[traceLen++] = ((rsamples >> 0) & 0xff);
trace[traceLen++] = ((rsamples >> 8) & 0xff);
trace[traceLen++] = ((rsamples >> 16) & 0xff);
trace[traceLen++] = ((rsamples >> 24) & 0xff);
if (!bReader) {
trace[traceLen - 1] |= 0x80;
}
trace[traceLen++] = ((dwParity >> 0) & 0xff);
trace[traceLen++] = ((dwParity >> 8) & 0xff);
trace[traceLen++] = ((dwParity >> 16) & 0xff);
trace[traceLen++] = ((dwParity >> 24) & 0xff);
trace[traceLen++] = iBits;
memcpy(trace + traceLen, btBytes, nbytes(iBits));
traceLen += nbytes(iBits);
return TRUE;
}
struct hitag2_tag {
uint32_t uid;
@ -742,8 +717,8 @@ void SnoopHitag(uint32_t type) {
memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
// Clean up trace and prepare it for storing frames
iso14a_set_tracing(TRUE);
iso14a_clear_trace();
set_tracing(TRUE);
clear_trace();
DbpString("Starting Hitag2 snoop");
LED_D_ON();
@ -955,8 +930,8 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
memset(auth_table, 0x00, AUTH_TABLE_LENGTH);
// Clean up trace and prepare it for storing frames
iso14a_set_tracing(TRUE);
iso14a_clear_trace();
set_tracing(TRUE);
clear_trace();
DbpString("Starting Hitag2 simulation");
LED_D_ON();
@ -1142,8 +1117,8 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
bSuccessful = false;
// Clean up trace and prepare it for storing frames
iso14a_set_tracing(TRUE);
iso14a_clear_trace();
set_tracing(TRUE);
clear_trace();
DbpString("Starting Hitag reader family");

29
armsrc/iclass.c
View file

@ -652,9 +652,8 @@ void RAMFUNC SnoopIClass(void)
// The DMA buffer, used to stream samples from the FPGA
uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
// reset traceLen to 0
iso14a_set_tracing(TRUE);
iso14a_clear_trace();
set_tracing(TRUE);
clear_trace();
iso14a_set_trigger(FALSE);
int lastRxCounter;
@ -805,12 +804,12 @@ void RAMFUNC SnoopIClass(void)
DbpString("COMMAND FINISHED");
Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt);
Dbprintf("%x %x %x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
Dbprintf("%x %x %x", Uart.byteCntMax, BigBuf_get_traceLen(), (int)Uart.output[0]);
done:
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
Dbprintf("%x %x %x", maxBehindBy, Uart.state, Uart.byteCnt);
Dbprintf("%x %x %x", Uart.byteCntMax, traceLen, (int)Uart.output[0]);
Dbprintf("%x %x %x", Uart.byteCntMax, BigBuf_get_traceLen(), (int)Uart.output[0]);
LED_A_OFF();
LED_B_OFF();
LED_C_OFF();
@ -987,8 +986,8 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// Enable and clear the trace
iso14a_set_tracing(TRUE);
iso14a_clear_trace();
set_tracing(TRUE);
clear_trace();
uint8_t csn_crc[] = { 0x03, 0x1f, 0xec, 0x8a, 0xf7, 0xff, 0x12, 0xe0, 0x00, 0x00 };
if(simType == 0) {
@ -1488,8 +1487,8 @@ void setupIclassReader()
{
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// Reset trace buffer
iso14a_set_tracing(TRUE);
iso14a_clear_trace();
set_tracing(TRUE);
clear_trace();
// Setup SSC
FpgaSetupSsc();
@ -1585,14 +1584,14 @@ void ReaderIClass(uint8_t arg0) {
int read_status= 0;
bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
bool get_cc = arg0 & FLAG_ICLASS_READER_GET_CC;
set_tracing(TRUE);
setupIclassReader();
size_t datasize = 0;
while(!BUTTON_PRESS())
{
if(traceLen > BigBuf_max_traceLen()) {
if(!tracing) {
DbpString("Trace full");
break;
}
@ -1658,13 +1657,13 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
uint8_t resp[ICLASS_BUFFER_SIZE];
setupIclassReader();
set_tracing(TRUE);
while(!BUTTON_PRESS()) {
WDT_HIT();
if(traceLen > BigBuf_max_traceLen()) {
if(!tracing) {
DbpString("Trace full");
break;
}
@ -1705,7 +1704,7 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
//Set card_data to all zeroes, we'll fill it with data
memset(card_data,0x0,USB_CMD_DATA_SIZE);
uint8_t failedRead =0;
uint8_t stored_data_length =0;
uint32_t stored_data_length =0;
//then loop around remaining blocks
for(int block=0; block < cardsize; block++){
@ -1724,7 +1723,6 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
//Fill up the buffer
memcpy(card_data+stored_data_length,resp,8);
stored_data_length += 8;
if(stored_data_length +8 > USB_CMD_DATA_SIZE)
{//Time to send this off and start afresh
cmd_send(CMD_ACK,
@ -1743,6 +1741,7 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
Dbprintf("Failed to dump block %d", block);
}
}
//Send off any remaining data
if(stored_data_length > 0)
{

279
armsrc/iso14443.c
View file

@ -19,11 +19,11 @@
//static void GetSamplesFor14443(int weTx, int n);
#define DEMOD_TRACE_SIZE 4096
/*#define DEMOD_TRACE_SIZE 4096
#define READER_TAG_BUFFER_SIZE 2048
#define TAG_READER_BUFFER_SIZE 2048
#define DEMOD_DMA_BUFFER_SIZE 1024
*/
//=============================================================================
// An ISO 14443 Type B tag. We listen for commands from the reader, using
// a UART kind of thing that's implemented in software. When we get a
@ -616,9 +616,34 @@ static RAMFUNC int Handle14443SamplesDemod(int ci, int cq)
if (Demod.state == DEMOD_UNSYNCD) LED_C_OFF(); // Not synchronized...
return FALSE;
}
static void DemodReset()
{
// Clear out the state of the "UART" that receives from the tag.
Demod.len = 0;
Demod.state = DEMOD_UNSYNCD;
memset(Demod.output, 0x00, MAX_FRAME_SIZE);
}
static void DemodInit(uint8_t *data)
{
Demod.output = data;
DemodReset();
}
static void UartReset()
{
Uart.byteCntMax = MAX_FRAME_SIZE;
Uart.state = STATE_UNSYNCD;
Uart.byteCnt = 0;
Uart.bitCnt = 0;
}
static void UartInit(uint8_t *data)
{
Uart.output = data;
UartReset();
}
/*
* Demodulate the samples we received from the tag
* Demodulate the samples we received from the tag, also log to tracebuffer
* weTx: set to 'TRUE' if we behave like a reader
* set to 'FALSE' if we behave like a snooper
* quiet: set to 'TRUE' to disable debug output
@ -627,34 +652,31 @@ static void GetSamplesFor14443Demod(int weTx, int n, int quiet)
{
int max = 0;
int gotFrame = FALSE;
int lastRxCounter, ci, cq, samples = 0;
//# define DMA_BUFFER_SIZE 8
uint8_t *dmaBuf;
// Allocate memory from BigBuf for some buffers
// free all previous allocations first
BigBuf_free();
int lastRxCounter;
uint8_t *upTo;
// The command (reader -> tag) that we're receiving.
uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
int ci, cq;
// The response (tag -> reader) that we're receiving.
uint8_t *receivedResponse = BigBuf_malloc(MAX_FRAME_SIZE);
int samples = 0;
// The DMA buffer, used to stream samples from the FPGA
uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
// Clear out the state of the "UART" that receives from the tag.
uint8_t *BigBuf = BigBuf_get_addr();
memset(BigBuf, 0x00, 400);
Demod.output = BigBuf;
Demod.len = 0;
Demod.state = DEMOD_UNSYNCD;
// Set up the demodulator for tag -> reader responses.
DemodInit(receivedResponse);
// Set up the demodulator for the reader -> tag commands
UartInit(receivedCmd);
// And the UART that receives from the reader
Uart.output = BigBuf + 1024;
Uart.byteCntMax = 100;
Uart.state = STATE_UNSYNCD;
// Setup and start DMA.
FpgaSetupSscDma(dmaBuf, DMA_BUFFER_SIZE);
// Setup for the DMA.
dmaBuf = BigBuf + 32;
upTo = dmaBuf;
lastRxCounter = DEMOD_DMA_BUFFER_SIZE;
FpgaSetupSscDma(dmaBuf, DEMOD_DMA_BUFFER_SIZE);
uint8_t *upTo= dmaBuf;
lastRxCounter = DMA_BUFFER_SIZE;
// Signal field is ON with the appropriate LED:
if (weTx) LED_D_ON(); else LED_D_OFF();
@ -667,20 +689,20 @@ static void GetSamplesFor14443Demod(int weTx, int n, int quiet)
int behindBy = lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR;
if(behindBy > max) max = behindBy;
while(((lastRxCounter-AT91C_BASE_PDC_SSC->PDC_RCR) & (DEMOD_DMA_BUFFER_SIZE-1))
while(((lastRxCounter-AT91C_BASE_PDC_SSC->PDC_RCR) & (DMA_BUFFER_SIZE-1))
> 2)
{
ci = upTo[0];
cq = upTo[1];
upTo += 2;
if(upTo - dmaBuf > DEMOD_DMA_BUFFER_SIZE) {
upTo -= DEMOD_DMA_BUFFER_SIZE;
if(upTo - dmaBuf > DMA_BUFFER_SIZE) {
upTo -= DMA_BUFFER_SIZE;
AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) upTo;
AT91C_BASE_PDC_SSC->PDC_RNCR = DEMOD_DMA_BUFFER_SIZE;
AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
}
lastRxCounter -= 2;
if(lastRxCounter <= 0) {
lastRxCounter += DEMOD_DMA_BUFFER_SIZE;
lastRxCounter += DMA_BUFFER_SIZE;
}
samples += 2;
@ -699,6 +721,12 @@ static void GetSamplesFor14443Demod(int weTx, int n, int quiet)
}
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
if (!quiet) Dbprintf("%x %x %x", max, gotFrame, Demod.len);
//Tracing
if (tracing && Demod.len > 0) {
uint8_t parity[MAX_PARITY_SIZE];
GetParity(Demod.output , Demod.len, parity);
LogTrace(Demod.output,Demod.len, 0, 0, parity, FALSE);
}
}
//-----------------------------------------------------------------------------
@ -854,6 +882,20 @@ void AcquireRawAdcSamplesIso14443(uint32_t parameter)
SendRawCommand14443B(sizeof(cmd1),1,1,cmd1);
}
/**
Convenience function to encode, transmit and trace iso 14443b comms
**/
static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len)
{
CodeIso14443bAsReader(cmd, len);
TransmitFor14443();
if (tracing) {
uint8_t parity[MAX_PARITY_SIZE];
GetParity(cmd, len, parity);
LogTrace(cmd,len, 0, 0, parity, TRUE);
}
}
//-----------------------------------------------------------------------------
// Read a SRI512 ISO 14443 tag.
//
@ -865,6 +907,9 @@ void AcquireRawAdcSamplesIso14443(uint32_t parameter)
//-----------------------------------------------------------------------------
void ReadSTMemoryIso14443(uint32_t dwLast)
{
clear_trace();
set_tracing(TRUE);
uint8_t i = 0x00;
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@ -886,8 +931,8 @@ void ReadSTMemoryIso14443(uint32_t dwLast)
// First command: wake up the tag using the INITIATE command
uint8_t cmd1[] = { 0x06, 0x00, 0x97, 0x5b};
CodeIso14443bAsReader(cmd1, sizeof(cmd1));
TransmitFor14443();
CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1));
// LED_A_ON();
GetSamplesFor14443Demod(TRUE, 2000,TRUE);
// LED_A_OFF();
@ -904,8 +949,8 @@ void ReadSTMemoryIso14443(uint32_t dwLast)
cmd1[0] = 0x0E; // 0x0E is SELECT
cmd1[1] = Demod.output[0];
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);
CodeIso14443bAsReader(cmd1, sizeof(cmd1));
TransmitFor14443();
CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1));
// LED_A_ON();
GetSamplesFor14443Demod(TRUE, 2000,TRUE);
// LED_A_OFF();
@ -928,8 +973,8 @@ void ReadSTMemoryIso14443(uint32_t dwLast)
// First get the tag's UID:
cmd1[0] = 0x0B;
ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]);
CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one
TransmitFor14443();
CodeAndTransmit14443bAsReader(cmd1, 3); // Only first three bytes for this one
// LED_A_ON();
GetSamplesFor14443Demod(TRUE, 2000,TRUE);
// LED_A_OFF();
@ -960,8 +1005,8 @@ void ReadSTMemoryIso14443(uint32_t dwLast)
}
cmd1[1] = i;
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);
CodeIso14443bAsReader(cmd1, sizeof(cmd1));
TransmitFor14443();
CodeAndTransmit14443bAsReader(cmd1, sizeof(cmd1));
// LED_A_ON();
GetSamplesFor14443Demod(TRUE, 2000,TRUE);
// LED_A_OFF();
@ -1014,18 +1059,12 @@ void RAMFUNC SnoopIso14443(void)
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
BigBuf_free();
// The command (reader -> tag) that we're working on receiving.
uint8_t *receivedCmd = BigBuf_malloc(READER_TAG_BUFFER_SIZE);
// The response (tag -> reader) that we're working on receiving.
uint8_t *receivedResponse = BigBuf_malloc(TAG_READER_BUFFER_SIZE);
// As we receive stuff, we copy it from receivedCmd or receivedResponse
// into trace, along with its length and other annotations.
uint8_t *trace = BigBuf_get_addr();
traceLen = 0;
clear_trace();
set_tracing(TRUE);
// The DMA buffer, used to stream samples from the FPGA.
uint8_t *dmaBuf = BigBuf_malloc(DEMOD_DMA_BUFFER_SIZE);
// The DMA buffer, used to stream samples from the FPGA
uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
int lastRxCounter;
uint8_t *upTo;
int ci, cq;
@ -1035,30 +1074,20 @@ void RAMFUNC SnoopIso14443(void)
// information in the trace buffer.
int samples = 0;
// Initialize the trace buffer
memset(trace, 0x44, BigBuf_max_traceLen());
// Set up the demodulator for tag -> reader responses.
Demod.output = receivedResponse;
Demod.len = 0;
Demod.state = DEMOD_UNSYNCD;
// And the reader -> tag commands
memset(&Uart, 0, sizeof(Uart));
Uart.output = receivedCmd;
Uart.byteCntMax = 100;
Uart.state = STATE_UNSYNCD;
DemodInit(BigBuf_malloc(MAX_FRAME_SIZE));
UartInit(BigBuf_malloc(MAX_FRAME_SIZE));
// Print some debug information about the buffer sizes
Dbprintf("Snooping buffers initialized:");
Dbprintf(" Trace: %i bytes", BigBuf_max_traceLen());
Dbprintf(" Reader -> tag: %i bytes", READER_TAG_BUFFER_SIZE);
Dbprintf(" tag -> Reader: %i bytes", TAG_READER_BUFFER_SIZE);
Dbprintf(" DMA: %i bytes", DEMOD_DMA_BUFFER_SIZE);
Dbprintf(" Reader -> tag: %i bytes", MAX_FRAME_SIZE);
Dbprintf(" tag -> Reader: %i bytes", MAX_FRAME_SIZE);
Dbprintf(" DMA: %i bytes", DMA_BUFFER_SIZE);
// And put the FPGA in the appropriate mode
// Signal field is off with the appropriate LED
LED_D_OFF();
// And put the FPGA in the appropriate mode
FpgaWriteConfWord(
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |
FPGA_HF_READER_RX_XCORR_SNOOP);
@ -1067,20 +1096,20 @@ void RAMFUNC SnoopIso14443(void)
// Setup for the DMA.
FpgaSetupSsc();
upTo = dmaBuf;
lastRxCounter = DEMOD_DMA_BUFFER_SIZE;
FpgaSetupSscDma((uint8_t *)dmaBuf, DEMOD_DMA_BUFFER_SIZE);
lastRxCounter = DMA_BUFFER_SIZE;
FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
uint8_t parity[MAX_PARITY_SIZE];
LED_A_ON();
// And now we loop, receiving samples.
for(;;) {
int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &
(DEMOD_DMA_BUFFER_SIZE-1);
(DMA_BUFFER_SIZE-1);
if(behindBy > maxBehindBy) {
maxBehindBy = behindBy;
if(behindBy > (9*DEMOD_DMA_BUFFER_SIZE/10)) { // TODO: understand whether we can increase/decrease as we want or not?
if(behindBy > (9*DMA_BUFFER_SIZE/10)) { // TODO: understand whether we can increase/decrease as we want or not?
Dbprintf("blew circular buffer! behindBy=0x%x", behindBy);
goto done;
break;
}
}
if(behindBy < 2) continue;
@ -1089,89 +1118,71 @@ void RAMFUNC SnoopIso14443(void)
cq = upTo[1];
upTo += 2;
lastRxCounter -= 2;
if(upTo - dmaBuf > DEMOD_DMA_BUFFER_SIZE) {
upTo -= DEMOD_DMA_BUFFER_SIZE;
lastRxCounter += DEMOD_DMA_BUFFER_SIZE;
if(upTo - dmaBuf > DMA_BUFFER_SIZE) {
upTo -= DMA_BUFFER_SIZE;
lastRxCounter += DMA_BUFFER_SIZE;
AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) upTo;
AT91C_BASE_PDC_SSC->PDC_RNCR = DEMOD_DMA_BUFFER_SIZE;
AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
}
samples += 2;
#define HANDLE_BIT_IF_BODY \
if(triggered) { \
trace[traceLen++] = ((samples >> 0) & 0xff); \
trace[traceLen++] = ((samples >> 8) & 0xff); \
trace[traceLen++] = ((samples >> 16) & 0xff); \
trace[traceLen++] = ((samples >> 24) & 0xff); \
trace[traceLen++] = 0; \
trace[traceLen++] = 0; \
trace[traceLen++] = 0; \
trace[traceLen++] = 0; \
trace[traceLen++] = Uart.byteCnt; \
memcpy(trace+traceLen, receivedCmd, Uart.byteCnt); \
traceLen += Uart.byteCnt; \
if(traceLen > 1000) break; \
} \
/* And ready to receive another command. */ \
memset(&Uart, 0, sizeof(Uart)); \
Uart.output = receivedCmd; \
Uart.byteCntMax = 100; \
Uart.state = STATE_UNSYNCD; \
/* And also reset the demod code, which might have been */ \
/* false-triggered by the commands from the reader. */ \
memset(&Demod, 0, sizeof(Demod)); \
Demod.output = receivedResponse; \
Demod.state = DEMOD_UNSYNCD; \
if(Handle14443UartBit(ci & 1)) {
HANDLE_BIT_IF_BODY
if(triggered && tracing) {
GetParity(Uart.output, Uart.byteCnt, parity);
LogTrace(Uart.output,Uart.byteCnt,samples, samples,parity,TRUE);
}
if(Uart.byteCnt==0) Dbprintf("[1] Error, Uart.byteCnt==0, Uart.bitCnt=%d", Uart.bitCnt);
/* And ready to receive another command. */
UartReset();
/* And also reset the demod code, which might have been */
/* false-triggered by the commands from the reader. */
DemodReset();
}
if(Handle14443UartBit(cq & 1)) {
HANDLE_BIT_IF_BODY
if(triggered && tracing) {
GetParity(Uart.output, Uart.byteCnt, parity);
LogTrace(Uart.output,Uart.byteCnt,samples, samples,parity,TRUE);
}
if(Uart.byteCnt==0) Dbprintf("[2] Error, Uart.byteCnt==0, Uart.bitCnt=%d", Uart.bitCnt);
/* And ready to receive another command. */
UartReset();
/* And also reset the demod code, which might have been */
/* false-triggered by the commands from the reader. */
DemodReset();
}
if(Handle14443SamplesDemod(ci, cq)) {
// timestamp, as a count of samples
trace[traceLen++] = ((samples >> 0) & 0xff);
trace[traceLen++] = ((samples >> 8) & 0xff);
trace[traceLen++] = ((samples >> 16) & 0xff);
trace[traceLen++] = 0x80 | ((samples >> 24) & 0xff);
// correlation metric (~signal strength estimate)
if(Demod.metricN != 0) {
Demod.metric /= Demod.metricN;
}
trace[traceLen++] = ((Demod.metric >> 0) & 0xff);
trace[traceLen++] = ((Demod.metric >> 8) & 0xff);
trace[traceLen++] = ((Demod.metric >> 16) & 0xff);
trace[traceLen++] = ((Demod.metric >> 24) & 0xff);
// length
trace[traceLen++] = Demod.len;
memcpy(trace+traceLen, receivedResponse, Demod.len);
traceLen += Demod.len;
if(traceLen > BigBuf_max_traceLen()) {
DbpString("Reached trace limit");
goto done;
}
//Use samples as a time measurement
if(tracing)
{
uint8_t parity[MAX_PARITY_SIZE];
GetParity(Demod.output, Demod.len, parity);
LogTrace(Demod.output,Demod.len,samples, samples,parity,FALSE);
}
triggered = TRUE;
LED_A_OFF();
LED_B_ON();
// And ready to receive another response.
memset(&Demod, 0, sizeof(Demod));
Demod.output = receivedResponse;
Demod.state = DEMOD_UNSYNCD;
DemodReset();
}
WDT_HIT();
if(BUTTON_PRESS()) {
DbpString("cancelled");
goto done;
}
if(!tracing) {
DbpString("Reached trace limit");
break;
}
done:
if(BUTTON_PRESS()) {
DbpString("cancelled");
break;
}
}
FpgaDisableSscDma();
LED_A_OFF();
LED_B_OFF();
LED_C_OFF();
@ -1181,7 +1192,7 @@ done:
Dbprintf(" Uart State: %x", Uart.state);
Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt);
Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax);
Dbprintf(" Trace length: %i", traceLen);
Dbprintf(" Trace length: %i", BigBuf_get_traceLen());
}
/*
@ -1222,8 +1233,8 @@ void SendRawCommand14443B(uint32_t datalen, uint32_t recv,uint8_t powerfield, ui
SpinDelay(200);
}
CodeIso14443bAsReader(data, datalen);
TransmitFor14443();
CodeAndTransmit14443bAsReader(data, datalen);
if(recv)
{
uint16_t iLen = MIN(Demod.len,USB_CMD_DATA_SIZE);

131
armsrc/iso14443a.c
View file

@ -20,10 +20,9 @@
#include "iso14443a.h"
#include "crapto1.h"
#include "mifareutil.h"
#include "BigBuf.h"
static uint32_t iso14a_timeout;
int rsamples = 0;
int tracing = TRUE;
uint8_t trigger = 0;
// the block number for the ISO14443-4 PCB
static uint8_t iso14_pcb_blocknum = 0;
@ -142,25 +141,40 @@ const uint8_t OddByteParity[256] = {
1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
};
void iso14a_set_trigger(bool enable) {
trigger = enable;
}
void iso14a_clear_trace() {
uint8_t *trace = BigBuf_get_addr();
uint16_t max_traceLen = BigBuf_max_traceLen();
memset(trace, 0x44, max_traceLen);
traceLen = 0;
}
void iso14a_set_tracing(bool enable) {
tracing = enable;
}
void iso14a_set_timeout(uint32_t timeout) {
iso14a_timeout = timeout;
if(MF_DBGLEVEL >= 3) Dbprintf("ISO14443A Timeout set to %ld (%dms)", iso14a_timeout, iso14a_timeout / 106);
}
void iso14a_set_ATS_timeout(uint8_t *ats) {
uint8_t tb1;
uint8_t fwi;
uint32_t fwt;
if (ats[0] > 1) { // there is a format byte T0
if ((ats[1] & 0x20) == 0x20) { // there is an interface byte TB(1)
if ((ats[1] & 0x10) == 0x10) { // there is an interface byte TA(1) preceding TB(1)
tb1 = ats[3];
} else {
tb1 = ats[2];
}
fwi = (tb1 & 0xf0) >> 4; // frame waiting indicator (FWI)
fwt = 256 * 16 * (1 << fwi); // frame waiting time (FWT) in 1/fc
iso14a_set_timeout(fwt/(8*16));
}
}
}
//-----------------------------------------------------------------------------
// Generate the parity value for a byte sequence
//
@ -199,63 +213,6 @@ void AppendCrc14443a(uint8_t* data, int len)
ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
}
// The function LogTrace() is also used by the iClass implementation in iClass.c
bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag)
{
if (!tracing) return FALSE;
uint8_t *trace = BigBuf_get_addr();
uint16_t num_paritybytes = (iLen-1)/8 + 1; // number of valid paritybytes in *parity
uint16_t duration = timestamp_end - timestamp_start;
// Return when trace is full
uint16_t max_traceLen = BigBuf_max_traceLen();
if (traceLen + sizeof(iLen) + sizeof(timestamp_start) + sizeof(duration) + num_paritybytes + iLen >= max_traceLen) {
tracing = FALSE; // don't trace any more
return FALSE;
}
// Traceformat:
// 32 bits timestamp (little endian)
// 16 bits duration (little endian)
// 16 bits data length (little endian, Highest Bit used as readerToTag flag)
// y Bytes data
// x Bytes parity (one byte per 8 bytes data)
// timestamp (start)
trace[traceLen++] = ((timestamp_start >> 0) & 0xff);
trace[traceLen++] = ((timestamp_start >> 8) & 0xff);
trace[traceLen++] = ((timestamp_start >> 16) & 0xff);
trace[traceLen++] = ((timestamp_start >> 24) & 0xff);
// duration
trace[traceLen++] = ((duration >> 0) & 0xff);
trace[traceLen++] = ((duration >> 8) & 0xff);
// data length
trace[traceLen++] = ((iLen >> 0) & 0xff);
trace[traceLen++] = ((iLen >> 8) & 0xff);
// readerToTag flag
if (!readerToTag) {
trace[traceLen - 1] |= 0x80;
}
// data bytes
if (btBytes != NULL && iLen != 0) {
memcpy(trace + traceLen, btBytes, iLen);
}
traceLen += iLen;
// parity bytes
if (parity != NULL && iLen != 0) {
memcpy(trace + traceLen, parity, num_paritybytes);
}
traceLen += num_paritybytes;
return TRUE;
}
//=============================================================================
// ISO 14443 Type A - Miller decoder
//=============================================================================
@ -616,8 +573,8 @@ void RAMFUNC SnoopIso14443a(uint8_t param) {
uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
// init trace buffer
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
uint8_t *data = dmaBuf;
uint8_t previous_data = 0;
@ -741,7 +698,7 @@ void RAMFUNC SnoopIso14443a(uint8_t param) {
FpgaDisableSscDma();
Dbprintf("maxDataLen=%d, Uart.state=%x, Uart.len=%d", maxDataLen, Uart.state, Uart.len);
Dbprintf("traceLen=%d, Uart.output[0]=%08x", traceLen, (uint32_t)Uart.output[0]);
Dbprintf("traceLen=%d, Uart.output[0]=%08x", BigBuf_get_traceLen(), (uint32_t)Uart.output[0]);
LEDsoff();
}
@ -1077,8 +1034,8 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
free_buffer_pointer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
// clear trace
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
// Prepare the responses of the anticollision phase
// there will be not enough time to do this at the moment the reader sends it REQA
@ -1667,7 +1624,7 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive
if(ManchesterDecoding(b, offset, 0)) {
NextTransferTime = MAX(NextTransferTime, Demod.endTime - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER)/16 + FRAME_DELAY_TIME_PICC_TO_PCD);
return TRUE;
} else if (c++ > iso14a_timeout) {
} else if (c++ > iso14a_timeout && Demod.state == DEMOD_UNSYNCD) {
return FALSE;
}
}
@ -1865,6 +1822,10 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
// reset the PCB block number
iso14_pcb_blocknum = 0;
// set default timeout based on ATS
iso14a_set_ATS_timeout(resp);
return 1;
}
@ -1936,10 +1897,10 @@ void ReaderIso14443a(UsbCommand *c)
uint8_t par[MAX_PARITY_SIZE];
if(param & ISO14A_CONNECT) {
iso14a_clear_trace();
clear_trace();
}
iso14a_set_tracing(TRUE);
set_tracing(TRUE);
if(param & ISO14A_REQUEST_TRIGGER) {
iso14a_set_trigger(TRUE);
@ -2035,8 +1996,8 @@ void ReaderMifare(bool first_try)
// free eventually allocated BigBuf memory. We want all for tracing.
BigBuf_free();
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
byte_t nt_diff = 0;
uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough
@ -2209,7 +2170,7 @@ void ReaderMifare(bool first_try)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
iso14a_set_tracing(FALSE);
set_tracing(FALSE);
}
/**
@ -2268,8 +2229,8 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
BigBuf_free_keep_EM();
// clear trace
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
// Authenticate response - nonce
uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
@ -2714,7 +2675,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
}
}
}
if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, traceLen);
if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen());
}
@ -2732,8 +2693,8 @@ void RAMFUNC SniffMifare(uint8_t param) {
// C(red) A(yellow) B(green)
LEDsoff();
// init trace buffer
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
// The command (reader -> tag) that we're receiving.
// The length of a received command will in most cases be no more than 18 bytes.

4
armsrc/iso14443a.h
View file

@ -85,9 +85,5 @@ extern void iso14443a_setup(uint8_t fpga_minor_mode);
extern int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, void *data);
extern int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *resp_data, uint32_t *cuid_ptr);
extern void iso14a_set_trigger(bool enable);
extern void iso14a_set_timeout(uint32_t timeout);
extern void iso14a_clear_trace();
extern void iso14a_set_tracing(bool enable);
#endif /* __ISO14443A_H */

2
armsrc/lfsampling.c
View file

@ -13,7 +13,7 @@
#include "lfsampling.h"
sample_config config = { 1, 8, 1, 88, 0 } ;
sample_config config = { 1, 8, 1, 95, 0 } ;
void printConfig()
{

40
armsrc/mifarecmd.c
View file

@ -41,7 +41,7 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
pcs = &mpcs;
// clear trace
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
@ -98,7 +98,7 @@ void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){
LED_B_OFF();
LED_C_OFF();
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
if(!iso14443a_select_card(uid, NULL, &cuid)) {
@ -162,7 +162,7 @@ void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
LED_B_OFF();
LED_C_OFF();
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
int len = iso14443a_select_card(uid, NULL, &cuid);
@ -213,7 +213,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
pcs = &mpcs;
// clear trace
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -276,7 +276,7 @@ void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
if (MF_DBGLEVEL >= MF_DBG_ALL)
Dbprintf("Pages %d",Pages);
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
int len = iso14443a_select_card(uid, NULL, &cuid);
@ -350,7 +350,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
pcs = &mpcs;
// clear trace
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -411,7 +411,7 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
uint8_t uid[10] = {0x00};
uint32_t cuid;
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
@ -458,7 +458,7 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
uint8_t uid[10] = {0x00};
uint32_t cuid;
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
@ -537,8 +537,8 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
// free eventually allocated BigBuf memory
BigBuf_free();
// clear trace
iso14a_clear_trace();
iso14a_set_tracing(false);
clear_trace();
set_tracing(false);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -709,7 +709,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
iso14a_set_tracing(TRUE);
set_tracing(TRUE);
}
//-----------------------------------------------------------------------------
@ -738,8 +738,8 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
MF_DBGLEVEL = MF_DBG_NONE;
// clear trace
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -829,8 +829,8 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
uint8_t uid[10];
// clear trace
iso14a_clear_trace();
iso14a_set_tracing(false);
clear_trace();
set_tracing(false);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -931,8 +931,8 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
LED_B_OFF();
LED_C_OFF();
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
}
@ -1049,8 +1049,8 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
LED_B_OFF();
LED_C_OFF();
iso14a_clear_trace();
iso14a_set_tracing(TRUE);
clear_trace();
set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
}
@ -1136,7 +1136,7 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
uint8_t uid[10] = {0x00};
uint32_t cuid;
iso14a_clear_trace();
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
int len = iso14443a_select_card(uid, NULL, &cuid);

8
armsrc/mifaresniff.c
View file

@ -139,7 +139,7 @@ bool RAMFUNC MfSniffLogic(const uint8_t *data, uint16_t len, uint8_t *parity, ui
}
bool RAMFUNC MfSniffSend(uint16_t maxTimeoutMs) {
if (traceLen && (GetTickCount() > timerData + maxTimeoutMs)) {
if (BigBuf_get_traceLen() && (GetTickCount() > timerData + maxTimeoutMs)) {
return intMfSniffSend();
}
return FALSE;
@ -149,7 +149,7 @@ bool RAMFUNC MfSniffSend(uint16_t maxTimeoutMs) {
bool intMfSniffSend() {
int pckSize = 0;
int pckLen = traceLen;
int pckLen = BigBuf_get_traceLen();
int pckNum = 0;
uint8_t *trace = BigBuf_get_addr();
@ -157,7 +157,7 @@ bool intMfSniffSend() {
while (pckLen > 0) {
pckSize = MIN(USB_CMD_DATA_SIZE, pckLen);
LED_B_ON();
cmd_send(CMD_ACK, 1, traceLen, pckSize, trace + traceLen - pckLen, pckSize);
cmd_send(CMD_ACK, 1, BigBuf_get_traceLen(), pckSize, trace + BigBuf_get_traceLen() - pckLen, pckSize);
LED_B_OFF();
pckLen -= pckSize;
@ -168,7 +168,7 @@ bool intMfSniffSend() {
cmd_send(CMD_ACK,2,0,0,0,0);
LED_B_OFF();
iso14a_clear_trace();
clear_trace();
return TRUE;
}

4
armsrc/util.c
View file

@ -12,6 +12,7 @@
#include "util.h"
#include "string.h"
#include "apps.h"
#include "BigBuf.h"
@ -34,7 +35,7 @@ void print_result(char *name, uint8_t *buf, size_t len) {
}
size_t nbytes(size_t nbits) {
return (nbits/8)+((nbits%8)>0);
return (nbits >> 3)+((nbits % 8) > 0);
}
uint32_t SwapBits(uint32_t value, int nrbits) {
@ -428,4 +429,3 @@ uint32_t RAMFUNC GetCountSspClk(){
}
}

64
client/cmdhf.c
View file

@ -157,9 +157,28 @@ NXP/Philips CUSTOM COMMANDS
#define MIFARE_ULC_AUTH_1 0x1A
#define MIFARE_ULC_AUTH_2 0xAF
/**
06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID)
0B = Get UID
08 yy = Read Block (yy = block number)
09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
0C = Reset to Inventory
0F = Completion
0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
**/
#define ISO14443B_REQB 0x05
#define ISO14443B_ATTRIB 0x1D
#define ISO14443B_HALT 0x50
#define ISO14443B_INITIATE 0x06
#define ISO14443B_SELECT 0x0E
#define ISO14443B_GET_UID 0x0B
#define ISO14443B_READ_BLK 0x08
#define ISO14443B_WRITE_BLK 0x09
#define ISO14443B_RESET 0x0C
#define ISO14443B_COMPLETION 0x0F
#define ISO14443B_AUTHENTICATE 0x0A
//First byte is 26
#define ISO15693_INVENTORY 0x01
@ -287,13 +306,33 @@ void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
}
}
}
/**
06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID)
0B = Get UID
08 yy = Read Block (yy = block number)
09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
0C = Reset to Inventory
0F = Completion
0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
**/
void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
switch(cmd[0]){
case ISO14443B_REQB : snprintf(exp,size,"REQB");break;
case ISO14443B_ATTRIB : snprintf(exp,size,"ATTRIB");break;
case ISO14443B_HALT : snprintf(exp,size,"HALT");break;
default: snprintf(exp,size ,"?");break;
case ISO14443B_INITIATE : snprintf(exp,size,"INITIATE");break;
case ISO14443B_SELECT : snprintf(exp,size,"SELECT(%d)",cmd[1]);break;
case ISO14443B_GET_UID : snprintf(exp,size,"GET UID");break;
case ISO14443B_READ_BLK : snprintf(exp,size,"READ_BLK(%d)", cmd[1]);break;
case ISO14443B_WRITE_BLK : snprintf(exp,size,"WRITE_BLK(%d)",cmd[1]);break;
case ISO14443B_RESET : snprintf(exp,size,"RESET");break;
case ISO14443B_COMPLETION : snprintf(exp,size,"COMPLETION");break;
case ISO14443B_AUTHENTICATE : snprintf(exp,size,"AUTHENTICATE");break;
default : snprintf(exp,size ,"?");break;
}
}
@ -412,15 +451,18 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
if (tracepos + data_len + parity_len > traceLen) {
return traceLen;
}
uint8_t *frame = trace + tracepos;
tracepos += data_len;
uint8_t *parityBytes = trace + tracepos;
tracepos += parity_len;
//--- Draw the data column
//char line[16][110];
char line[16][110];
for (int j = 0; j < data_len; j++) {
for (int j = 0; j < data_len && j/16 < 16; j++) {
int oddparity = 0x01;
int k;
@ -429,11 +471,17 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
}
uint8_t parityBits = parityBytes[j>>3];
if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) {
sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]);
snprintf(line[j/16]+(( j % 16) * 4),110, "%02x! ", frame[j]);
} else {
sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]);
snprintf(line[j/16]+(( j % 16) * 4),110, "%02x ", frame[j]);
}
}
if(data_len == 0)
{
if(data_len == 0){
sprintf(line[0],"<empty trace - possible error>");
}
}
//--- Draw the CRC column
@ -478,8 +526,8 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
annotateIso14443b(explanation,sizeof(explanation),frame,data_len);
}
int num_lines = (data_len - 1)/16 + 1;
for (int j = 0; j < num_lines; j++) {
int num_lines = MIN((data_len - 1)/16 + 1, 16);
for (int j = 0; j < num_lines ; j++) {
if (j == 0) {
PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s",
(timestamp - first_timestamp),

26
client/cmdhf14a.c
View file

@ -129,11 +129,6 @@ int CmdHF14AList(const char *Cmd)
return 0;
}
void iso14a_set_timeout(uint32_t timeout) {
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_SET_TIMEOUT, 0, timeout}};
SendCommand(&c);
}
int CmdHF14AReader(const char *Cmd)
{
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
@ -346,7 +341,7 @@ int CmdHF14AReader(const char *Cmd)
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
uint8_t isOK = resp.arg[0] & 0xff;
PrintAndLog(" Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") );
PrintAndLog("Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") );
// disconnect
c.cmd = CMD_READER_ISO_14443a;
@ -510,12 +505,13 @@ int CmdHF14ACmdRaw(const char *cmd) {
uint8_t active=0;
uint8_t active_select=0;
uint16_t numbits=0;
uint16_t timeout=0;
uint32_t timeout=0;
uint8_t bTimeout=0;
char buf[5]="";
int i=0;
uint8_t data[USB_CMD_DATA_SIZE];
unsigned int datalen=0, temp;
uint16_t datalen=0;
uint32_t temp;
if (strlen(cmd)<2) {
PrintAndLog("Usage: hf 14a raw [-r] [-c] [-p] [-f] [-b] [-t] <number of bits> <0A 0B 0C ... hex>");
@ -525,7 +521,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
PrintAndLog(" -a active signal field ON without select");
PrintAndLog(" -s active signal field ON with select");
PrintAndLog(" -b number of bits to send. Useful for send partial byte");
PrintAndLog(" -t timeout");
PrintAndLog(" -t timeout in ms");
return 0;
}
@ -561,7 +557,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
case 't':
bTimeout=1;
sscanf(cmd+i+2,"%d",&temp);
timeout = temp & 0xFFFF;
timeout = temp;
i+=3;
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i+=2;
@ -610,13 +606,13 @@ int CmdHF14ACmdRaw(const char *cmd) {
c.arg[0] |= ISO14A_NO_SELECT;
}
if(bTimeout){
#define MAX_TIMEOUT 624*105 // max timeout is 624 ms
#define MAX_TIMEOUT 40542464 // (2^32-1) * (8*16) / 13560000Hz * 1000ms/s =
c.arg[0] |= ISO14A_SET_TIMEOUT;
c.arg[2] = timeout * 105; // each bit is about 9.4 us
if(c.arg[2]>MAX_TIMEOUT) {
c.arg[2] = MAX_TIMEOUT;
PrintAndLog("Set timeout to 624 ms. The max we can wait for response");
if(timeout > MAX_TIMEOUT) {
timeout = MAX_TIMEOUT;
PrintAndLog("Set timeout to 40542 seconds (11.26 hours). The max we can wait for response");
}
c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us)
}
if(power)
c.arg[0] |= ISO14A_NO_DISCONNECT;

91
client/cmdhf14b.c
View file

@ -145,97 +145,10 @@ demodError:
int CmdHF14BList(const char *Cmd)
{
uint8_t *got = malloc(USB_CMD_DATA_SIZE);
PrintAndLog("Deprecated command, use 'hf list 14b' instead");
// Query for the actual size of the trace
UsbCommand response;
GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0);
WaitForResponse(CMD_ACK, &response);
uint16_t traceLen = response.arg[2];
if (traceLen > USB_CMD_DATA_SIZE) {
uint8_t *p = realloc(got, traceLen);
if (p == NULL) {
PrintAndLog("Cannot allocate memory for trace");
free(got);
return 2;
}
got = p;
GetFromBigBuf(got, traceLen, 0);
WaitForResponse(CMD_ACK,NULL);
}
PrintAndLog("recorded activity: (TraceLen = %d bytes)", traceLen);
PrintAndLog(" time :rssi: who bytes");
PrintAndLog("---------+----+----+-----------");
int i = 0;
int prev = -1;
for(;;) {
if(i >= traceLen) { break; }
bool isResponse;
int timestamp = *((uint32_t *)(got+i));
if(timestamp & 0x80000000) {
timestamp &= 0x7fffffff;
isResponse = 1;
} else {
isResponse = 0;
}
int metric = *((uint32_t *)(got+i+4));
int len = got[i+8];
if(len > 100) {
break;
}
if(i + len >= traceLen) {
break;
}
uint8_t *frame = (got+i+9);
// Break and stick with current result if buffer was not completely full
if (frame[0] == 0x44 && frame[1] == 0x44 && frame[2] == 0x44 && frame[3] == 0x44) break;
char line[1000] = "";
int j;
for(j = 0; j < len; j++) {
sprintf(line+(j*3), "%02x ", frame[j]);
}
char *crc;
if(len > 2) {
uint8_t b1, b2;
ComputeCrc14443(CRC_14443_B, frame, len-2, &b1, &b2);
if(b1 != frame[len-2] || b2 != frame[len-1]) {
crc = "**FAIL CRC**";
} else {
crc = "";
}
} else {
crc = "(SHORT)";
}
char metricString[100];
if(isResponse) {
sprintf(metricString, "%3d", metric);
} else {
strcpy(metricString, " ");
}
PrintAndLog(" +%7d: %s: %s %s %s",
(prev < 0 ? 0 : timestamp - prev),
metricString,
(isResponse ? "TAG" : " "), line, crc);
prev = timestamp;
i += (len + 9);
}
free(got);
return 0;
}
int CmdHF14BRead(const char *Cmd)
{
UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443, {strtol(Cmd, NULL, 0), 0, 0}};
@ -473,7 +386,7 @@ static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"demod", CmdHF14BDemod, 1, "Demodulate ISO14443 Type B from tag"},
{"list", CmdHF14BList, 0, "List ISO 14443 history"},
{"list", CmdHF14BList, 0, "[Deprecated] List ISO 14443b history"},
{"read", CmdHF14BRead, 0, "Read HF tag (ISO 14443)"},
{"sim", CmdHF14Sim, 0, "Fake ISO 14443 tag"},
{"simlisten", CmdHFSimlisten, 0, "Get HF samples as fake tag"},

1
client/cmdhf15.c
View file

@ -136,6 +136,7 @@ const productName uidmapping[] = {
{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" },
{ 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" },
{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" },
{ 0xE016240000000000LL, 24, "EM-Marin SA (Skidata); EM4233;" },
{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },
{ 0xE017000000000000LL, 16, "KSW Microtec GmbH Germany" },

84
client/cmdhficlass.c
View file

@ -329,8 +329,8 @@ int CmdHFiClassReader_Dump(const char *Cmd)
printvar("MAC", MAC, 4);
uint8_t iclass_data[32000] = {0};
uint8_t iclass_datalen = 0;
uint8_t iclass_blocksFailed = 0;//Set to 1 if dump was incomplete
uint32_t iclass_datalen = 0;
uint32_t iclass_blocksFailed = 0;//Set to 1 if dump was incomplete
UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
memcpy(d.d.asBytes, MAC, 4);
@ -346,11 +346,11 @@ int CmdHFiClassReader_Dump(const char *Cmd)
}
if(WaitForResponseTimeout(CMD_ACK,&resp,4500))
{
uint64_t dataLength = resp.arg[0];
uint32_t dataLength = resp.arg[0];
iclass_blocksFailed |= resp.arg[1];
if(dataLength > 0)
{
PrintAndLog("Got %d bytes data (total so far %d)" ,dataLength,iclass_datalen);
memcpy(iclass_data, resp.d.asBytes,dataLength);
iclass_datalen += dataLength;
}else
@ -368,7 +368,6 @@ int CmdHFiClassReader_Dump(const char *Cmd)
CSN[0],CSN[1],CSN[2],CSN[3],
CSN[4],CSN[5],CSN[6],CSN[7]);
saveFile(filename,"bin",iclass_data, iclass_datalen );
}
//Aaaand we're finished
return 0;
@ -380,6 +379,78 @@ int CmdHFiClassReader_Dump(const char *Cmd)
return 0;
}
int hf_iclass_eload_usage()
{
PrintAndLog("Loads iclass tag-dump into emulator memory on device");
PrintAndLog("Usage: hf iclass eload f <filename>");
PrintAndLog("");
PrintAndLog("Example: hf iclass eload f iclass_tagdump-aa162d30f8ff12f1.bin");
return 0;
}
int iclassEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
UsbCommand c = {CMD_MIFARE_EML_MEMSET, {blockNum, blocksCount, 0}};
memcpy(c.d.asBytes, data, blocksCount * 16);
SendCommand(&c);
return 0;
}
int CmdHFiClassELoad(const char *Cmd)
{
char opt = param_getchar(Cmd, 0);
if (strlen(Cmd)<1 || opt == 'h')
return hf_iclass_eload_usage();
//File handling and reading
FILE *f;
char filename[FILE_PATH_SIZE];
if(opt == 'f' && param_getstr(Cmd, 1, filename) > 0)
{
f = fopen(filename, "rb");
}else{
return hf_iclass_eload_usage();
}
if(!f) {
PrintAndLog("Failed to read from file '%s'", filename);
return 1;
}
fseek(f, 0, SEEK_END);
long fsize = ftell(f);
fseek(f, 0, SEEK_SET);
uint8_t *dump = malloc(fsize);
size_t bytes_read = fread(dump, 1, fsize, f);
fclose(f);
//Validate
if (bytes_read < fsize)
{
prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize );
free(dump);
return 1;
}
//Send to device
uint32_t bytes_sent = 0;
uint32_t bytes_remaining = bytes_read;
while(bytes_remaining > 0){
uint32_t bytes_in_packet = MIN(USB_CMD_DATA_SIZE, bytes_remaining);
UsbCommand c = {CMD_ICLASS_EML_MEMSET, {bytes_sent,bytes_in_packet,0}};
memcpy(c.d.asBytes, dump, bytes_in_packet);
SendCommand(&c);
bytes_remaining -= bytes_in_packet;
bytes_sent += bytes_in_packet;
}
free(dump);
PrintAndLog("Sent %d bytes of data to device emulator memory", bytes_sent);
return 0;
}
int CmdHFiClass_iso14443A_write(const char *Cmd)
{
uint8_t readerType = 0;
@ -512,8 +583,9 @@ static command_t CommandTable[] =
{"reader",CmdHFiClassReader, 0, "Read an iClass tag"},
{"replay",CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"},
{"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"},
{"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"},
// {"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"},
{"loclass", CmdHFiClass_loclass, 1, "Use loclass to perform bruteforce of reader attack dump"},
{"eload", CmdHFiClassELoad, 0, "[experimental] Load data into iclass emulator memory"},
{NULL, NULL, 0, NULL}
};

51
client/cmdhfmf.c
View file

@ -1433,27 +1433,60 @@ int CmdHF14AMfCSetUID(const char *Cmd)
uint8_t wipeCard = 0;
uint8_t uid[8] = {0x00};
uint8_t oldUid[8] = {0x00};
uint8_t atqa[2] = {0x00};
uint8_t sak[1] = {0x00};
uint8_t atqaPresent = 1;
int res;
char ctmp;
int argi=0;
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> <w>");
PrintAndLog("sample: hf mf csetuid 01020304 w");
PrintAndLog("Set UID for magic Chinese card (only works with!!!)");
PrintAndLog("If you want wipe card then add 'w' into command line. \n");
if (strlen(Cmd) < 1 || param_getchar(Cmd, argi) == 'h') {
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols] [w]");
PrintAndLog("sample: hf mf csetuid 01020304");
PrintAndLog("sample: hf mf csetuid 01020304 0004 08 w");
PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");
PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");
return 0;
}
if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {
if (param_getchar(Cmd, argi) && param_gethex(Cmd, argi, uid, 8)) {
PrintAndLog("UID must include 8 HEX symbols");
return 1;
}
argi++;
char ctmp = param_getchar(Cmd, 1);
if (ctmp == 'w' || ctmp == 'W') wipeCard = 1;
ctmp = param_getchar(Cmd, argi);
if (ctmp == 'w' || ctmp == 'W') {
wipeCard = 1;
atqaPresent = 0;
}
if (atqaPresent) {
if (param_getchar(Cmd, argi)) {
if (param_gethex(Cmd, argi, atqa, 4)) {
PrintAndLog("ATQA must include 4 HEX symbols");
return 1;
}
argi++;
if (!param_getchar(Cmd, argi) || param_gethex(Cmd, argi, sak, 2)) {
PrintAndLog("SAK must include 2 HEX symbols");
return 1;
}
argi++;
} else
atqaPresent = 0;
}
if(!wipeCard) {
ctmp = param_getchar(Cmd, argi);
if (ctmp == 'w' || ctmp == 'W') {
wipeCard = 1;
}
}
PrintAndLog("--wipe card:%s uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4));
res = mfCSetUID(uid, oldUid, wipeCard);
res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid, wipeCard);
if (res) {
PrintAndLog("Can't set UID. error=%d", res);
return 1;

1
client/cmdlf.c
View file

@ -414,7 +414,6 @@ int CmdLFSetConfig(const char *Cmd)
uint8_t cmdp =0;
while(param_getchar(Cmd, cmdp) != 0x00)
{
PrintAndLog("working %c", param_getchar(Cmd, cmdp));
switch(param_getchar(Cmd, cmdp))
{
case 'h':

35
client/mifarehost.c
View file

@ -231,28 +231,31 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
// "MAGIC" CARD
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe) {
uint8_t oldblock0[16] = {0x00};
uint8_t block0[16] = {0x00};
memcpy(block0, uid, 4);
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)
//block0[5] = 0x08;
//block0[6] = 0x04;
//block0[7] = 0x00;
block0[5] = 0x01; //sak
block0[6] = 0x01;
block0[7] = 0x0f;
int old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);
if ( old == 0) {
memcpy(block0+8, oldblock0+8, 8);
PrintAndLog("block 0: %s", sprint_hex(block0,16));
if (old == 0) {
memcpy(block0, oldblock0, 16);
PrintAndLog("old block 0: %s", sprint_hex(block0,16));
} else {
PrintAndLog("Couldn't get olddata. Will write over the last bytes of Block 0.");
PrintAndLog("Couldn't get old data. Will write over the last bytes of Block 0.");
}
// fill in the new values
// UID
memcpy(block0, uid, 4);
// Mifare UID BCC
block0[4] = block0[0]^block0[1]^block0[2]^block0[3];
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
if (sak!=NULL)
block0[5]=sak[0];
if (atqa!=NULL) {
block0[6]=atqa[1];
block0[7]=atqa[0];
}
PrintAndLog("new block 0: %s", sprint_hex(block0,16));
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
}

2
client/mifarehost.h
View file

@ -55,7 +55,7 @@ int mfCheckKeys (uint8_t blockNo, uint8_t keyType, uint8_t keycnt, uint8_t * key
int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe);
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe);
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params);
int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params);

1
client/util.c
View file

@ -237,7 +237,6 @@ uint8_t param_get8(const char *line, int paramnum)
uint8_t param_getdec(const char *line, int paramnum, uint8_t *destination)
{
uint8_t val = param_get8ex(line, paramnum, 255, 10);
printf("read %i", (int8_t ) val);
if( (int8_t) val == -1) return 1;
(*destination) = val;
return 0;

8
driver/77-mm-usb-device-blacklist.rules
View file

@ -7,4 +7,12 @@
#
# proxmark3
ACTION!="add|change", GOTO="mm_usb_device_blacklist_end"
SUBSYSTEM!="tty", GOTO="mm_ignore"
ATTRS{idVendor}=="2d2d" ATTRS{idProduct}=="504d", ENV{ID_MM_DEVICE_IGNORE}="1" SYMLINK+="pm3-%n"
LABEL="mm_ignore"
ATTRS{idVendor}=="2d2d" ATTRS{idProduct}=="504d", ENV{ID_MM_DEVICE_IGNORE}="1"
LABEL="mm_usb_device_blacklist_end"

BIN
fpga/fpga_hf.bit
View file

Binary file not shown.

2
fpga/hi_iso14443a.v
View file

@ -570,7 +570,7 @@ assign pwr_oe3 = 1'b0;
// TAGSIM_MOD: short circuit antenna with different resistances (modulated by sub_carrier modulated by mod_sig_coil)
// for pwr_oe4 = 1 (tristate): antenna load = 10k || 33 = 32,9 Ohms
// for pwr_oe4 = 0 (active): antenna load = 10k || 33 || 33 = 16,5 Ohms
assign pwr_oe4 = ~(mod_sig_coil & sub_carrier & (mod_type == `TAGSIM_MOD));
assign pwr_oe4 = mod_sig_coil & sub_carrier & (mod_type == `TAGSIM_MOD);
// This is all LF, so doesn't matter.
assign pwr_oe2 = 1'b0;

1
include/usb_cmd.h
View file

@ -131,6 +131,7 @@ typedef struct{
#define CMD_READER_ICLASS 0x0394
#define CMD_READER_ICLASS_REPLAY 0x0395
#define CMD_ICLASS_ISO14443A_WRITE 0x0397
#define CMD_ICLASS_EML_MEMSET 0x0398
// For measurements of the antenna tuning
#define CMD_MEASURE_ANTENNA_TUNING 0x0400