github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-19 04:49:38 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into fido

Browse source
This commit is contained in:
Oleg Moiseenko 2018-10-25 20:25:07 +03:00 committed by GitHub
commit 8dbe4330e8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 1352 additions and 690 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -10,6 +10,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
### Added
- Added `hf emv scan` - commands for scan EMV card and dump data to json file (Merlok)
- `hf mfp` group of commands (Merlok)
- Added `hf fido` - FIDO U2F authenticator commands https://fidoalliance.org/ (Merlok)
## [v3.1.0][2018-10-10]

42
CI/appveyor.yml
View file

@ -66,9 +66,20 @@ clone_script:
Write-Host "[ OK ]" -ForegroundColor Green
Write-Host "Fill msys\etc\fstab file..." -NoNewLine
Write-Host "Fill msys2\etc\fstab file..." -NoNewLine
New-Item c:\ProxSpace\msys\etc\fstab -type file -force -value "#Win32_Path Mount_Point`nc:\ProxSpace\devkitARM /devkitARM`nc:\ProxSpace\Qt\5.6 /qt `nc:\ProxSpace\pm3 /pm3`n"
New-Item c:\ProxSpace\msys2\etc\fstab -type file -force -value "# For a description of the file format, see the Users Guide`n# http://cygwin.com/cygwin-ug-net/using.html#mount-table`nnone / cygdrive binary,posix=0,noacl,user 0 0 `nC:\ProxSpace\pm3 /pm3 ntfs noacl 0 0 `nC:\ProxSpace\gcc-arm-none-eabi /gcc-arm-none-eabi ntfs noacl 0 0 `n"
Write-Host "[ OK ]" -ForegroundColor Green
Write-Host "Update msys2 packages..." -NoNewLine
$env:Path = "C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;$env:Path"
C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start /dev/null 1> msys1.txt 2>&1
C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start /dev/null 1> msys1.txt 2>&1
Write-Host "[ OK ]" -ForegroundColor Green
install:
@ -84,12 +95,25 @@ install:
}
build_script:
- ps: >-
$env:Path = "C:\ProxSpace\msys\bin;$env:Path"
"C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;$env:Path"
$env:MINGW_HOME="C:\ProxSpace\msys2\mingw32"
$env:MSYS_HOME="C:\ProxSpace\msys2"
$env:MSYSTEM="MINGW32"
$env:MINGW_PREFIX="/mingw32"
$env:SHELL="/bin/bash"
$env:MSYSTEM_CHOST="i686-w64-mingw32"
#make
bash -lc -i "pwd;make all"
bash -c -i 'pwd;make clean;make all'
#some checks
@ -268,19 +292,19 @@ test_script:
#proxmark logic tests
ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed'}
ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;./proxmark3 -h | grep -q Execute && echo Passed || echo Failed'}
ExecTest "proxmark help hardnested" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed'}
ExecTest "proxmark help hardnested" "proxmark3 -h" {bash -lc 'cd ~/client;./proxmark3 -h | grep -q hardnested && echo Passed || echo Failed'}
ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf'"} "at_enc"
ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;./proxmark3 comx -c 'hf mf'"} "at_enc"
ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000'"} "found:"
ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;./proxmark3 comx -c 'hf mf hardnested t 1 000000000000'"} "found:"
#proxmark crypto tests
ExecTest "hf emv test" "hf emv test" {bash -lc "cd ~/client;proxmark3 comx -c 'hf emv test'"} "Tests ?OK"
ExecTest "hf emv test" "hf emv test" {bash -lc "cd ~/client;./proxmark3 comx -c 'hf emv test'"} "Tests ?OK"
if ($global:TestsPassed) {

1060
armsrc/iso15693.c
View file

File diff suppressed because it is too large Load diff

24
armsrc/util.c
View file

@ -373,13 +373,13 @@ void StartCountSspClk()
AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK // TC1 Clock = MCK(48MHz)/2 = 24MHz
| AT91C_TC_CPCSTOP // Stop clock on RC compare
| AT91C_TC_EEVTEDG_RISING // Trigger on rising edge of Event
| AT91C_TC_EEVT_TIOB // Event-Source: TIOB1 (= ssp_clk from FPGA = 13,56MHz/16)
| AT91C_TC_EEVT_TIOB // Event-Source: TIOB1 (= ssp_clk from FPGA = 13,56MHz/16 ... 13,56MHz/4)
| AT91C_TC_ENETRG // Enable external trigger event
| AT91C_TC_WAVESEL_UP // Upmode without automatic trigger on RC compare
| AT91C_TC_WAVE // Waveform Mode
| AT91C_TC_AEEVT_SET // Set TIOA1 on external event
| AT91C_TC_ACPC_CLEAR; // Clear TIOA1 on RC Compare
AT91C_BASE_TC1->TC_RC = 0x04; // RC Compare value = 0x04
AT91C_BASE_TC1->TC_RC = 0x02; // RC Compare value = 0x02
// use TC0 to count TIOA1 pulses
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // disable TC0
@ -402,7 +402,7 @@ void StartCountSspClk()
AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN; // enable TC2
//
// synchronize the counter with the ssp_frame signal. Note: FPGA must be in any iso14443 mode, otherwise SSC_FRAME and SSC_CLK signals would not be present
// synchronize the counter with the ssp_frame signal. Note: FPGA must be in a FPGA mode with SSC transfer, otherwise SSC_FRAME and SSC_CLK signals would not be present
//
while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME)); // wait for ssp_frame to go high (start of frame)
while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME); // wait for ssp_frame to be low
@ -430,15 +430,15 @@ void ResetSspClk(void) {
}
uint32_t RAMFUNC GetCountSspClk(){
uint32_t tmp_count;
tmp_count = (AT91C_BASE_TC2->TC_CV << 16) | AT91C_BASE_TC0->TC_CV;
if ((tmp_count & 0x0000ffff) == 0) { //small chance that we may have missed an increment in TC2
return (AT91C_BASE_TC2->TC_CV << 16);
}
else {
return tmp_count;
}
uint32_t GetCountSspClk(){
uint32_t hi, lo;
do {
hi = AT91C_BASE_TC2->TC_CV;
lo = AT91C_BASE_TC0->TC_CV;
} while(hi != AT91C_BASE_TC2->TC_CV);
return (hi << 16) | lo;
}

2
client/Makefile
View file

@ -110,6 +110,7 @@ CMDSRCS = $(SRC_SMARTCARD) \
polarssl/bignum.c\
polarssl/rsa.c\
polarssl/sha1.c\
polarssl/libpcrypto.c\
cliparser/argtable3.c\
cliparser/cliparser.c\
mfkey.c\
@ -120,6 +121,7 @@ CMDSRCS = $(SRC_SMARTCARD) \
loclass/fileutils.c\
whereami.c\
mifarehost.c\
mifare4.c\
parity.c\
crc.c \
crc16.c \

2
client/cliparser/cliparser.c
View file

@ -156,7 +156,7 @@ int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int
int ibuf = 0;
uint8_t buf[256] = {0};
int res = CLIParamStrToBuf(argstr, buf, maxdatalen, &ibuf);
int res = CLIParamStrToBuf(argstr, buf, maxdatalen * 2, &ibuf); // *2 because here HEX
if (res || !ibuf)
return res;

1
client/cliparser/cliparser.h
View file

@ -17,6 +17,7 @@
#define arg_getsize(a) (sizeof(a) / sizeof(a[0]))
#define arg_get_lit(n)(((struct arg_lit*)argtable[n])->count)
#define arg_get_int_count(n)(((struct arg_int*)argtable[n])->count)
#define arg_get_int(n)(((struct arg_int*)argtable[n])->ival[0])
#define arg_get_str(n)((struct arg_str*)argtable[n])
#define arg_get_str_len(n)(strlen(((struct arg_str*)argtable[n])->sval[0]))

10
client/cmdhf14a.c
View file

@ -750,6 +750,11 @@ int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leav
recv = resp.d.asBytes;
int iLen = resp.arg[0];
if(!iLen) {
PrintAndLog("14aRAW ERROR: No card response.");
return 1;
}
*dataoutlen = iLen - 2;
if (*dataoutlen < 0)
*dataoutlen = 0;
@ -766,11 +771,6 @@ int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leav
memcpy(dataout, &recv[2], *dataoutlen);
if(!iLen) {
PrintAndLog("14aRAW ERROR: No card response.");
return 1;
}
// CRC Check
if (iLen == -1) {
PrintAndLog("14aRAW ERROR: ISO 14443A CRC error.");

103
client/cmdhf15.c
View file

@ -35,6 +35,7 @@
#include "util.h"
#include "cmdparser.h"
#include "iso15693tools.h"
#include "protocols.h"
#include "cmdmain.h"
#define FrameSOF Iso15693FrameSOF
@ -212,18 +213,17 @@ int getUID(uint8_t *buf)
for (int retry=0;retry<3; retry++) { // don't give up the at the first try
req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
req[1]=ISO15_CMD_INVENTORY;
req[2]=0; // mask length
reqlen=AddCrc(req,3);
c.arg[0]=reqlen;
req[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1;
req[1] = ISO15693_INVENTORY;
req[2] = 0; // mask length
reqlen = AddCrc(req,3);
c.arg[0] = reqlen;
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
recv = resp.d.asBytes;
if (resp.arg[0]>=12 && ISO15_CRC_CHECK==Crc(recv,12)) {
if (resp.arg[0]>=12 && ISO15693_CRC_CHECK==Crc(recv,12)) {
memcpy(buf,&recv[2],8);
return 1;
}
@ -424,6 +424,7 @@ int CmdHF15Sim(const char *Cmd)
PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
PrintAndLog("Press the button to stop simulation");
UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
memcpy(c.d.asBytes,uid,8);
@ -462,20 +463,19 @@ int CmdHF15DumpMem(const char*Cmd) {
for (int retry=0; retry<5; retry++) {
req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[1]=ISO15_CMD_READ;
req[0]= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS;
req[1] = ISO15693_READBLOCK;
memcpy(&req[2],uid,8);
req[10]=blocknum;
reqlen=AddCrc(req,11);
c.arg[0]=reqlen;
req[10] = blocknum;
reqlen = AddCrc(req,11);
c.arg[0] = reqlen;
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
recv = resp.d.asBytes;
if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15_RES_ERROR)) {
if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15693_RES_ERROR)) {
retry=0;
*output=0; // reset outputstring
sprintf(output, "Block %02x ",blocknum);
@ -499,7 +499,7 @@ int CmdHF15DumpMem(const char*Cmd) {
// TODO: need fix
// if (resp.arg[0]<3)
// PrintAndLog("Lost Connection");
// else if (ISO15_CRC_CHECK!=Crc(resp.d.asBytes,resp.arg[0]))
// else if (ISO15693_CRC_CHECK!=Crc(resp.d.asBytes,resp.arg[0]))
// PrintAndLog("CRC Failed");
// else
// PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1]));
@ -547,12 +547,11 @@ int CmdHF15CmdInquiry(const char *Cmd)
uint8_t *req=c.d.asBytes;
int reqlen=0;
req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
req[1]=ISO15_CMD_INVENTORY;
req[2]=0; // mask length
req[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1;
req[1] = ISO15693_INVENTORY;
req[2] = 0; // mask length
reqlen=AddCrc(req,3);
c.arg[0]=reqlen;
c.arg[0] = reqlen;
SendCommand(&c);
@ -706,7 +705,7 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle
while (**cmd==' ' || **cmd=='\t') (*cmd)++;
if (strstr(*cmd,"-o")==*cmd) {
req[reqlen]=ISO15_REQ_OPTION;
req[reqlen]=ISO15693_REQ_OPTION;
(*cmd)+=2;
}
@ -721,36 +720,32 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle
case 's':
case 'S':
// you must have selected the tag earlier
req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_NONINVENTORY | ISO15_REQ_SELECT;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen+=iso15cmdlen;
req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_SELECT;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen += iso15cmdlen;
break;
case 'u':
case 'U':
// unaddressed mode may not be supported by all vendors
req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_NONINVENTORY;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen+=iso15cmdlen;
req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen += iso15cmdlen;
break;
case '*':
// we scan for the UID ourself
req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen+=iso15cmdlen;
if (!getUID(uid)) {
PrintAndLog("No Tag found");
return 0;
}
memcpy(req+reqlen,uid,8);
PrintAndLog("Detected UID %s",sprintUID(NULL,uid));
reqlen+=8;
if (!getUID(uid)) {
PrintAndLog("No Tag found");
return 0;
}
memcpy(req+reqlen,uid,8);
PrintAndLog("Detected UID %s",sprintUID(NULL,uid));
reqlen+=8;
break;
default:
req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen+=iso15cmdlen;
@ -809,7 +804,7 @@ int CmdHF15CmdSysinfo(const char *Cmd) {
return 0;
}
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_SYSINFO},1);
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_GET_SYSTEM_INFO},1);
reqlen=c.arg[0];
reqlen=AddCrc(req,reqlen);
@ -819,8 +814,8 @@ int CmdHF15CmdSysinfo(const char *Cmd) {
if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15_RES_ERROR)) {
if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15693_RES_ERROR)) {
*output=0; // reset outputstring
for ( i=1; i<resp.arg[0]-2; i++) {
sprintf(output+strlen(output),"%02X ",recv[i]);
@ -896,7 +891,7 @@ int CmdHF15CmdReadmulti(const char *Cmd) {
return 0;
}
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_READMULTI},1);
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_READ_MULTI_BLOCK},1);
reqlen=c.arg[0];
pagenum=strtol(cmd,NULL,0);
@ -920,8 +915,8 @@ int CmdHF15CmdReadmulti(const char *Cmd) {
if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15_RES_ERROR)) {
if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15693_RES_ERROR)) {
*output=0; // reset outputstring
for ( int i=1; i<resp.arg[0]-2; i++) {
sprintf(output+strlen(output),"%02X ",recv[i]);
@ -974,7 +969,7 @@ int CmdHF15CmdRead(const char *Cmd) {
return 0;
}
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_READ},1);
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_READBLOCK},1);
reqlen=c.arg[0];
pagenum=strtol(cmd,NULL,0);
@ -993,8 +988,8 @@ int CmdHF15CmdRead(const char *Cmd) {
if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15_RES_ERROR)) {
if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15693_RES_ERROR)) {
*output=0; // reset outputstring
//sprintf(output, "Block %2i ",blocknum);
for ( int i=1; i<resp.arg[0]-2; i++) {
@ -1051,7 +1046,7 @@ int CmdHF15CmdWrite(const char *Cmd) {
return 0;
}
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_WRITE},1);
prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_WRITEBLOCK},1);
reqlen=c.arg[0];
// *cmd -> page num ; *cmd2 -> data
@ -1086,8 +1081,8 @@ int CmdHF15CmdWrite(const char *Cmd) {
if (WaitForResponseTimeout(CMD_ACK,&resp,2000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15_RES_ERROR)) {
if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
if (!(recv[0] & ISO15693_RES_ERROR)) {
PrintAndLog("OK");
} else {
PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1]));

114
client/cmdhfmf.c
View file

@ -29,7 +29,7 @@
#include "hardnested/hardnested_bf_core.h"
#include "cliparser/cliparser.h"
#include "cmdhf14a.h"
#include <polarssl/aes.h>
#include "mifare4.h"
#define NESTED_SECTOR_RETRY 10 // how often we try mfested() until we give up
@ -2637,50 +2637,12 @@ int CmdDecryptTraceCmds(const char *Cmd){
return tryDecryptWord(param_get32ex(Cmd,0,0,16),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),data,len/2);
}
int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
aes_context aes;
aes_init(&aes);
if (aes_setkey_enc(&aes, key, 128))
return 1;
if (aes_crypt_cbc(&aes, AES_ENCRYPT, length, iiv, input, output))
return 2;
aes_free(&aes);
return 0;
}
int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
aes_context aes;
aes_init(&aes);
if (aes_setkey_dec(&aes, key, 128))
return 1;
if (aes_crypt_cbc(&aes, AES_DECRYPT, length, iiv, input, output))
return 2;
aes_free(&aes);
return 0;
}
int CmdHF14AMfAuth4(const char *cmd) {
uint8_t keyn[20] = {0};
int keynlen = 0;
uint8_t key[16] = {0};
int keylen = 0;
uint8_t data[257] = {0};
int datalen = 0;
uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
uint8_t Rnd2[17] = {0};
CLIParserInit("hf mf auth4",
"Executes AES authentication command in ISO14443-4",
"Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
@ -2694,8 +2656,8 @@ int CmdHF14AMfAuth4(const char *cmd) {
};
CLIExecWithReturn(cmd, argtable, true);
CLIGetStrWithReturn(1, keyn, &keynlen);
CLIGetStrWithReturn(2, key, &keylen);
CLIGetHexWithReturn(1, keyn, &keynlen);
CLIGetHexWithReturn(2, key, &keylen);
CLIParserFree();
if (keynlen != 2) {
@ -2708,73 +2670,7 @@ int CmdHF14AMfAuth4(const char *cmd) {
return 1;
}
uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
int res = ExchangeRAW14a(cmd1, sizeof(cmd1), true, true, data, sizeof(data), &datalen);
if (res) {
PrintAndLog("ERROR exchande raw error: %d", res);
DropField();
return 2;
}
PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
if (datalen < 1) {
PrintAndLog("ERROR: card response length: %d", datalen);
DropField();
return 3;
}
if (data[0] != 0x90) {
PrintAndLog("ERROR: card response error: %02x", data[2]);
DropField();
return 3;
}
if (datalen != 19) { // code 1b + 16b + crc 2b
PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
DropField();
return 3;
}
aes_decode(NULL, key, &data[1], Rnd2, 16);
Rnd2[16] = Rnd2[0];
PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
uint8_t cmd2[33] = {0};
cmd2[0] = 0x72;
uint8_t raw[32] = {0};
memmove(raw, Rnd1, 16);
memmove(&raw[16], &Rnd2[1], 16);
aes_encode(NULL, key, raw, &cmd2[1], 32);
PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
if (res) {
PrintAndLog("ERROR exchande raw error: %d", res);
DropField();
return 4;
}
PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
aes_decode(NULL, key, &data[1], raw, 32);
PrintAndLog("res: %s", sprint_hex(raw, 32));
PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
if (memcmp(&raw[4], &Rnd1[1], 16)) {
PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
DropField();
return 5;
}
DropField();
PrintAndLog("\nAuthentication OK");
return 0;
return MifareAuth4(NULL, keyn, key, true, false, true);
}
static command_t CommandTable[] =

302
client/cmdhfmfp.c
View file

@ -21,9 +21,67 @@
#include "ui.h"
#include "cmdhf14a.h"
#include "mifare.h"
#include "mifare4.h"
#include "cliparser/cliparser.h"
#include "polarssl/libpcrypto.h"
static const uint8_t DefaultKey[16] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
typedef struct {
uint8_t Code;
const char *Description;
} PlusErrorsElm;
static const PlusErrorsElm PlusErrors[] = {
{0xFF, ""},
{0x00, "Unknown error"},
{0x09, "Invalid block number"},
{0x0b, "Command code error"},
{0x0c, "Length error"},
{0x90, "OK"},
};
int PlusErrorsLen = sizeof(PlusErrors) / sizeof(PlusErrorsElm);
const char * GetErrorDescription(uint8_t errorCode) {
for(int i = 0; i < PlusErrorsLen; i++)
if (errorCode == PlusErrors[i].Code)
return PlusErrors[i].Description;
return PlusErrors[0].Description;
}
static int CmdHelp(const char *Cmd);
static bool VerboseMode = false;
void SetVerboseMode(bool verbose) {
VerboseMode = verbose;
}
int intExchangeRAW14aPlus(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
if(VerboseMode)
PrintAndLog(">>> %s", sprint_hex(datain, datainlen));
int res = ExchangeRAW14a(datain, datainlen, activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen);
if(VerboseMode)
PrintAndLog("<<< %s", sprint_hex(dataout, *dataoutlen));
return res;
}
int MFPWritePerso(uint8_t *keyNum, uint8_t *key, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
uint8_t rcmd[3 + 16] = {0xa8, keyNum[1], keyNum[0], 0x00};
memmove(&rcmd[3], key, 16);
return intExchangeRAW14aPlus(rcmd, sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen);
}
int MFPCommitPerso(bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
uint8_t rcmd[1] = {0xaa};
return intExchangeRAW14aPlus(rcmd, sizeof(rcmd), activateField, leaveSignalON, dataout, maxdataoutlen, dataoutlen);
}
int CmdHFMFPInfo(const char *cmd) {
if (cmd && strlen(cmd) > 0)
@ -103,10 +161,254 @@ int CmdHFMFPInfo(const char *cmd) {
return 0;
}
int CmdHFMFPWritePerso(const char *cmd) {
uint8_t keyNum[64] = {0};
int keyNumLen = 0;
uint8_t key[64] = {0};
int keyLen = 0;
CLIParserInit("hf mfp wrp",
"Executes Write Perso command. Can be used in SL0 mode only.",
"Usage:\n\thf mfp wrp 4000 000102030405060708090a0b0c0d0e0f -> write key (00..0f) to key number 4000 \n"
"\thf mfp wrp 4000 -> write default key(0xff..0xff) to key number 4000");
void* argtable[] = {
arg_param_begin,
arg_lit0("vV", "verbose", "show internal data."),
arg_str1(NULL, NULL, "<HEX key number (2b)>", NULL),
arg_strx0(NULL, NULL, "<HEX key (16b)>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, true);
bool verbose = arg_get_lit(1);
CLIGetHexWithReturn(2, keyNum, &keyNumLen);
CLIGetHexWithReturn(3, key, &keyLen);
CLIParserFree();
SetVerboseMode(verbose);
if (!keyLen) {
memmove(key, DefaultKey, 16);
keyLen = 16;
}
if (keyNumLen != 2) {
PrintAndLog("Key number length must be 2 bytes instead of: %d", keyNumLen);
return 1;
}
if (keyLen != 16) {
PrintAndLog("Key length must be 16 bytes instead of: %d", keyLen);
return 1;
}
uint8_t data[250] = {0};
int datalen = 0;
int res = MFPWritePerso(keyNum, key, true, false, data, sizeof(data), &datalen);
if (res) {
PrintAndLog("Exchange error: %d", res);
return res;
}
if (datalen != 3) {
PrintAndLog("Command must return 3 bytes instead of: %d", datalen);
return 1;
}
if (data[0] != 0x90) {
PrintAndLog("Command error: %02x %s", data[0], GetErrorDescription(data[0]));
return 1;
}
PrintAndLog("Write OK.");
return 0;
}
uint16_t CardAddresses[] = {0x9000, 0x9001, 0x9002, 0x9003, 0x9004, 0xA000, 0xA001, 0xA080, 0xA081, 0xC000, 0xC001};
int CmdHFMFPInitPerso(const char *cmd) {
int res;
uint8_t key[256] = {0};
int keyLen = 0;
uint8_t keyNum[2] = {0};
uint8_t data[250] = {0};
int datalen = 0;
CLIParserInit("hf mfp initp",
"Executes Write Perso command for all card's keys. Can be used in SL0 mode only.",
"Usage:\n\thf mfp initp 000102030405060708090a0b0c0d0e0f -> fill all the keys with key (00..0f)\n"
"\thf mfp initp -vv -> fill all the keys with default key(0xff..0xff) and show all the data exchange");
void* argtable[] = {
arg_param_begin,
arg_litn("vV", "verbose", 0, 2, "show internal data."),
arg_strx0(NULL, NULL, "<HEX key (16b)>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, true);
bool verbose = arg_get_lit(1);
bool verbose2 = arg_get_lit(1) > 1;
CLIGetHexWithReturn(2, key, &keyLen);
CLIParserFree();
if (keyLen && keyLen != 16) {
PrintAndLog("Key length must be 16 bytes instead of: %d", keyLen);
return 1;
}
if (!keyLen)
memmove(key, DefaultKey, 16);
SetVerboseMode(verbose2);
for (uint16_t sn = 0x4000; sn < 0x4050; sn++) {
keyNum[0] = sn >> 8;
keyNum[1] = sn & 0xff;
res = MFPWritePerso(keyNum, key, (sn == 0x4000), true, data, sizeof(data), &datalen);
if (!res && (datalen == 3) && data[0] == 0x09) {
PrintAndLog("2k card detected.");
break;
}
if (res || (datalen != 3) || data[0] != 0x90) {
PrintAndLog("Write error on address %04x", sn);
break;
}
}
SetVerboseMode(verbose);
for (int i = 0; i < sizeof(CardAddresses) / 2; i++) {
keyNum[0] = CardAddresses[i] >> 8;
keyNum[1] = CardAddresses[i] & 0xff;
res = MFPWritePerso(keyNum, key, false, true, data, sizeof(data), &datalen);
if (!res && (datalen == 3) && data[0] == 0x09) {
PrintAndLog("Skipped[%04x]...", CardAddresses[i]);
} else {
if (res || (datalen != 3) || data[0] != 0x90) {
PrintAndLog("Write error on address %04x", CardAddresses[i]);
break;
}
}
}
DropField();
if (res)
return res;
PrintAndLog("Done.");
return 0;
}
int CmdHFMFPCommitPerso(const char *cmd) {
CLIParserInit("hf mfp commitp",
"Executes Commit Perso command. Can be used in SL0 mode only.",
"Usage:\n\thf mfp commitp -> \n");
void* argtable[] = {
arg_param_begin,
arg_lit0("vV", "verbose", "show internal data."),
arg_int0(NULL, NULL, "SL mode", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, true);
bool verbose = arg_get_lit(1);
CLIParserFree();
SetVerboseMode(verbose);
uint8_t data[250] = {0};
int datalen = 0;
int res = MFPCommitPerso(true, false, data, sizeof(data), &datalen);
if (res) {
PrintAndLog("Exchange error: %d", res);
return res;
}
if (datalen != 3) {
PrintAndLog("Command must return 3 bytes instead of: %d", datalen);
return 1;
}
if (data[0] != 0x90) {
PrintAndLog("Command error: %02x %s", data[0], GetErrorDescription(data[0]));
return 1;
}
PrintAndLog("Switch level OK.");
return 0;
}
int CmdHFMFPAuth(const char *cmd) {
uint8_t keyn[250] = {0};
int keynlen = 0;
uint8_t key[250] = {0};
int keylen = 0;
CLIParserInit("hf mfp auth",
"Executes AES authentication command in ISO14443-4",
"Usage:\n\thf mfp auth 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
"\thf mfp auth 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -v -> executes authentication and shows all the system data\n");
void* argtable[] = {
arg_param_begin,
arg_lit0("vV", "verbose", "show internal data."),
arg_str1(NULL, NULL, "<Key Num (HEX 2 bytes)>", NULL),
arg_str1(NULL, NULL, "<Key Value (HEX 16 bytes)>", NULL),
arg_param_end
};
CLIExecWithReturn(cmd, argtable, true);
bool verbose = arg_get_lit(1);
CLIGetHexWithReturn(2, keyn, &keynlen);
CLIGetHexWithReturn(3, key, &keylen);
CLIParserFree();
if (keynlen != 2) {
PrintAndLog("ERROR: <Key Num> must be 2 bytes long instead of: %d", keynlen);
return 1;
}
if (keylen != 16) {
PrintAndLog("ERROR: <Key Value> must be 16 bytes long instead of: %d", keylen);
return 1;
}
return MifareAuth4(NULL, keyn, key, true, false, verbose);
}
int CmdHFMFPRdbl(const char *cmd) {
//mf4Session session
//int res = MifareAuth4(&session, keyn, key, true, false, verbose);
//res = Read();
return 0;
}
int CmdHFMFPRdsc(const char *cmd) {
return 0;
}
int CmdHFMFPWrbl(const char *cmd) {
return 0;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"info", CmdHFMFPInfo, 0, "Info about Mifare Plus tag"},
{"wrp", CmdHFMFPWritePerso, 0, "Write Perso command"},
{"initp", CmdHFMFPInitPerso, 0, "Fills all the card's keys"},
{"commitp", CmdHFMFPCommitPerso, 0, "Move card to SL1 or SL3 mode"},
{"auth", CmdHFMFPAuth, 0, "Authentication in iso1443-4"},
// {"rdbl", CmdHFMFPRdbl, 0, "Read blocks"},
// {"rdsc", CmdHFMFPRdsc, 0, "Read sectors"},
// {"wrbl", CmdHFMFPWrbl, 0, "Write blocks"},
{NULL, NULL, 0, NULL}
};

118
client/mifare4.c Normal file
View file

@ -0,0 +1,118 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// iso14443-4 mifare commands
//-----------------------------------------------------------------------------
#include "mifare4.h"
#include <ctype.h>
#include <string.h>
#include "cmdhf14a.h"
#include "util.h"
#include "ui.h"
#include "polarssl/libpcrypto.h"
int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose) {
uint8_t data[257] = {0};
int datalen = 0;
uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
uint8_t Rnd2[17] = {0};
if (session)
session->Authenticated = false;
uint8_t cmd1[] = {0x70, keyn[1], keyn[0], 0x00};
int res = ExchangeRAW14a(cmd1, sizeof(cmd1), activateField, true, data, sizeof(data), &datalen);
if (res) {
PrintAndLog("ERROR exchande raw error: %d", res);
DropField();
return 2;
}
if (verbose)
PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
if (datalen < 1) {
PrintAndLog("ERROR: card response length: %d", datalen);
DropField();
return 3;
}
if (data[0] != 0x90) {
PrintAndLog("ERROR: card response error: %02x", data[2]);
DropField();
return 3;
}
if (datalen != 19) { // code 1b + 16b + crc 2b
PrintAndLog("ERROR: card response must be 19 bytes long instead of: %d", datalen);
DropField();
return 3;
}
aes_decode(NULL, key, &data[1], Rnd2, 16);
Rnd2[16] = Rnd2[0];
if (verbose)
PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
uint8_t cmd2[33] = {0};
cmd2[0] = 0x72;
uint8_t raw[32] = {0};
memmove(raw, Rnd1, 16);
memmove(&raw[16], &Rnd2[1], 16);
aes_encode(NULL, key, raw, &cmd2[1], 32);
if (verbose)
PrintAndLog(">phase2: %s", sprint_hex(cmd2, 33));
res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
if (res) {
PrintAndLog("ERROR exchande raw error: %d", res);
DropField();
return 4;
}
if (verbose)
PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
aes_decode(NULL, key, &data[1], raw, 32);
if (verbose) {
PrintAndLog("res: %s", sprint_hex(raw, 32));
PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
}
if (memcmp(&raw[4], &Rnd1[1], 16)) {
PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
if (verbose) {
PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
PrintAndLog("rnd1 card: %s", sprint_hex(&raw[4], 16));
}
DropField();
return 5;
}
if (!leaveSignalON)
DropField();
if (verbose)
PrintAndLog("");
if (session) {
session->Authenticated = true;
session->KeyNum = keyn[1] + (keyn[0] << 8);
memmove(session->Rnd1, Rnd1, 16);
memmove(session->Rnd2, Rnd2, 16);
}
PrintAndLog("Authentication OK");
return 0;
}

30
client/mifare4.h Normal file
View file

@ -0,0 +1,30 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// iso14443-4 mifare commands
//-----------------------------------------------------------------------------
#ifndef MIFARE4_H
#define MIFARE4_H
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
typedef struct {
bool Authenticated;
uint16_t KeyNum;
uint8_t Rnd1[16];
uint8_t Rnd2[16];
}mf4Session;
extern int MifareAuth4(mf4Session *session, uint8_t *keyn, uint8_t *key, bool activateField, bool leaveSignalON, bool verbose);
#endif // mifare4.h

64
common/iso15693tools.h
View file

@ -5,67 +5,9 @@
#define ISO15693_H__
// ISO15693 CRC
#define ISO15_CRC_PRESET (uint16_t)0xFFFF
#define ISO15_CRC_POLY (uint16_t)0x8408
#define ISO15_CRC_CHECK ((uint16_t)(~0xF0B8 & 0xFFFF)) // use this for checking of a correct crc
// REQUEST FLAGS
#define ISO15_REQ_SUBCARRIER_SINGLE 0x00 // Tag should respond using one subcarrier (ASK)
#define ISO15_REQ_SUBCARRIER_TWO 0x01 // Tag should respond using two subcarriers (FSK)
#define ISO15_REQ_DATARATE_LOW 0x00 // Tag should respond using low data rate
#define ISO15_REQ_DATARATE_HIGH 0x02 // Tag should respond using high data rate
#define ISO15_REQ_NONINVENTORY 0x00
#define ISO15_REQ_INVENTORY 0x04 // This is an inventory request - see inventory flags
#define ISO15_REQ_PROTOCOL_NONEXT 0x00
#define ISO15_REQ_PROTOCOL_EXT 0x08 // RFU
// REQUEST FLAGS when INVENTORY is not set
#define ISO15_REQ_SELECT 0x10 // only selected cards response
#define ISO15_REQ_ADDRESS 0x20 // this req contains an address
#define ISO15_REQ_OPTION 0x40 // Command specific option selector
//REQUEST FLAGS when INVENTORY is set
#define ISO15_REQINV_AFI 0x10 // AFI Field is present
#define ISO15_REQINV_SLOT1 0x20 // 1 Slot
#define ISO15_REQINV_SLOT16 0x00 // 16 Slots
#define ISO15_REQINV_OPTION 0x40 // Command specific option selector
//RESPONSE FLAGS
#define ISO15_RES_ERROR 0x01
#define ISO15_RES_EXT 0x08 // Protocol Extention
// RESPONSE ERROR CODES
#define ISO15_NOERROR 0x00
#define ISO15_ERROR_CMD_NOT_SUP 0x01 // Command not supported
#define ISO15_ERROR_CMD_NOT_REC 0x02 // Command not recognized (eg. parameter error)
#define ISO15_ERROR_CMD_OPTION 0x03 // Command option not supported
#define ISO15_ERROR_GENERIC 0x0F // No additional Info about this error
#define ISO15_ERROR_BLOCK_UNAVAILABLE 0x10
#define ISO15_ERROR_BLOCK_LOCKED_ALREADY 0x11 // cannot lock again
#define ISO15_ERROR_BLOCK_LOCKED 0x12 // cannot be changed
#define ISO15_ERROR_BLOCK_WRITE 0x13 // Writing was unsuccessful
#define ISO15_ERROR_BLOCL_WRITELOCK 0x14 // Locking was unsuccessful
// COMMAND CODES
#define ISO15_CMD_INVENTORY 0x01
#define ISO15_CMD_STAYQUIET 0x02
#define ISO15_CMD_READ 0x20
#define ISO15_CMD_WRITE 0x21
#define ISO15_CMD_LOCK 0x22
#define ISO15_CMD_READMULTI 0x23
#define ISO15_CMD_WRITEMULTI 0x24
#define ISO15_CMD_SELECT 0x25
#define ISO15_CMD_RESET 0x26
#define ISO15_CMD_WRITEAFI 0x27
#define ISO15_CMD_LOCKAFI 0x28
#define ISO15_CMD_WRITEDSFID 0x29
#define ISO15_CMD_LOCKDSFID 0x2A
#define ISO15_CMD_SYSINFO 0x2B
#define ISO15_CMD_SECSTATUS 0x2C
#define ISO15693_CRC_PRESET (uint16_t)0xFFFF
#define ISO15693_CRC_POLY (uint16_t)0x8408
#define ISO15693_CRC_CHECK ((uint16_t)(~0xF0B8 & 0xFFFF)) // use this for checking of a correct crc
uint16_t Iso15693Crc(uint8_t *v, int n);
int Iso15693AddCrc(uint8_t *req, int n);

44
common/polarssl/libpcrypto.c Normal file
View file

@ -0,0 +1,44 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// crypto commands
//-----------------------------------------------------------------------------
#include "polarssl/libpcrypto.h"
#include <polarssl/aes.h>
int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
aes_context aes;
aes_init(&aes);
if (aes_setkey_enc(&aes, key, 128))
return 1;
if (aes_crypt_cbc(&aes, AES_ENCRYPT, length, iiv, input, output))
return 2;
aes_free(&aes);
return 0;
}
int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
uint8_t iiv[16] = {0};
if (iv)
memcpy(iiv, iv, 16);
aes_context aes;
aes_init(&aes);
if (aes_setkey_dec(&aes, key, 128))
return 1;
if (aes_crypt_cbc(&aes, AES_DECRYPT, length, iiv, input, output))
return 2;
aes_free(&aes);
return 0;
}

20
common/polarssl/libpcrypto.h Normal file
View file

@ -0,0 +1,20 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2018 Merlok
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// crypto commands
//-----------------------------------------------------------------------------
#ifndef LIBPCRYPTO_H
#define LIBPCRYPTO_H
#include <stdint.h>
#include <stddef.h>
extern int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
extern int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length);
#endif /* libpcrypto.h */

60
common/protocols.h
View file

@ -167,22 +167,50 @@ NXP/Philips CUSTOM COMMANDS
#define ISO14443B_COMPLETION 0x0F
#define ISO14443B_AUTHENTICATE 0x0A
//First byte is 26
#define ISO15693_INVENTORY 0x01
#define ISO15693_STAYQUIET 0x02
//First byte is 02
#define ISO15693_READBLOCK 0x20
#define ISO15693_WRITEBLOCK 0x21
#define ISO15693_LOCKBLOCK 0x22
#define ISO15693_READ_MULTI_BLOCK 0x23
#define ISO15693_SELECT 0x25
#define ISO15693_RESET_TO_READY 0x26
#define ISO15693_WRITE_AFI 0x27
#define ISO15693_LOCK_AFI 0x28
#define ISO15693_WRITE_DSFID 0x29
#define ISO15693_LOCK_DSFID 0x2A
#define ISO15693_GET_SYSTEM_INFO 0x2B
#define ISO15693_READ_MULTI_SECSTATUS 0x2C
// ISO15693 COMMANDS
#define ISO15693_INVENTORY 0x01
#define ISO15693_STAYQUIET 0x02
#define ISO15693_READBLOCK 0x20
#define ISO15693_WRITEBLOCK 0x21
#define ISO15693_LOCKBLOCK 0x22
#define ISO15693_READ_MULTI_BLOCK 0x23
#define ISO15693_SELECT 0x25
#define ISO15693_RESET_TO_READY 0x26
#define ISO15693_WRITE_AFI 0x27
#define ISO15693_LOCK_AFI 0x28
#define ISO15693_WRITE_DSFID 0x29
#define ISO15693_LOCK_DSFID 0x2A
#define ISO15693_GET_SYSTEM_INFO 0x2B
#define ISO15693_READ_MULTI_SECSTATUS 0x2C
// ISO15693 REQUEST FLAGS
#define ISO15693_REQ_SUBCARRIER_TWO (1<<0)
#define ISO15693_REQ_DATARATE_HIGH (1<<1)
#define ISO15693_REQ_INVENTORY (1<<2)
#define ISO15693_REQ_PROTOCOL_EXT (1<<3) // RFU
#define ISO15693_REQ_OPTION (1<<6) // Command specific option selector
// when REQ_INVENTORY is not set
#define ISO15693_REQ_SELECT (1<<4) // only selected cards response
#define ISO15693_REQ_ADDRESS (1<<5) // this req contains an address
// when REQ_INVENTORY is set
#define ISO15693_REQINV_AFI (1<<4) // AFI Field is present
#define ISO15693_REQINV_SLOT1 (1<<5) // 1 Slot (16 slots if not set)
// ISO15693 RESPONSE FLAGS
#define ISO15693_RES_ERROR (1<<0)
#define ISO15693_RES_EXT (1<<3) // Protocol Extention
// ISO15693 RESPONSE ERROR CODES
#define ISO15693_NOERROR 0x00
#define ISO15693_ERROR_CMD_NOT_SUP 0x01 // Command not supported
#define ISO15693_ERROR_CMD_NOT_REC 0x02 // Command not recognized (eg. parameter error)
#define ISO15693_ERROR_CMD_OPTION 0x03 // Command option not supported
#define ISO15693_ERROR_GENERIC 0x0F // No additional Info about this error
#define ISO15693_ERROR_BLOCK_UNAVAILABLE 0x10
#define ISO15693_ERROR_BLOCK_LOCKED_ALREADY 0x11 // cannot lock again
#define ISO15693_ERROR_BLOCK_LOCKED 0x12 // cannot be changed
#define ISO15693_ERROR_BLOCK_WRITE 0x13 // Writing was unsuccessful
#define ISO15693_ERROR_BLOCL_WRITELOCK 0x14 // Locking was unsuccessful
// Topaz command set:

45
fpga/hi_simulate.v
View file

@ -16,6 +16,13 @@
// Jonathan Westhues, October 2006
//-----------------------------------------------------------------------------
// possible mod_types:
`define NO_MODULATION 3'b000
`define MODULATE_BPSK 3'b001
`define MODULATE_212K 3'b010
`define MODULATE_424K 3'b100
`define MODULATE_424K_8BIT 3'b101
module hi_simulate(
pck0, ck_1356meg, ck_1356megb,
pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
@ -35,10 +42,6 @@ module hi_simulate(
output dbg;
input [2:0] mod_type;
// Power amp goes between LOW and tri-state, so pwr_hi (and pwr_lo) can
// always be low.
assign pwr_hi = 1'b0;
assign pwr_lo = 1'b0;
// The comparator with hysteresis on the output from the peak detector.
reg after_hysteresis;
@ -52,8 +55,8 @@ end
// Divide 13.56 MHz to produce various frequencies for SSP_CLK
// and modulation. 11 bits allow for factors of up to /128.
reg [10:0] ssp_clk_divider;
// and modulation.
reg [7:0] ssp_clk_divider;
always @(posedge adc_clk)
ssp_clk_divider <= (ssp_clk_divider + 1);
@ -62,10 +65,10 @@ reg ssp_clk;
always @(negedge adc_clk)
begin
if(mod_type == 3'b101)
if(mod_type == `MODULATE_424K_8BIT)
// Get bit every at 53KHz (every 8th carrier bit of 424kHz)
ssp_clk <= ssp_clk_divider[7];
else if(mod_type == 3'b010)
else if(mod_type == `MODULATE_212K)
// Get next bit at 212kHz
ssp_clk <= ssp_clk_divider[5];
else
@ -89,7 +92,7 @@ always @(negedge ssp_clk)
reg ssp_frame;
always @(ssp_frame_divider_to_arm or ssp_frame_divider_from_arm or mod_type)
if(mod_type == 3'b000) // not modulating, so listening, to ARM
if(mod_type == `NO_MODULATION) // not modulating, so listening, to ARM
ssp_frame = (ssp_frame_divider_to_arm == 3'b000);
else
ssp_frame = (ssp_frame_divider_from_arm == 3'b000);
@ -102,27 +105,29 @@ always @(posedge ssp_clk)
// Modulating carrier frequency is fc/64 (212kHz) to fc/16 (848kHz). Reuse ssp_clk divider for that.
reg modulating_carrier;
always @(mod_type or ssp_clk or ssp_dout)
if(mod_type == 3'b000)
if (mod_type == `NO_MODULATION)
modulating_carrier <= 1'b0; // no modulation
else if(mod_type == 3'b001)
else if (mod_type == `MODULATE_BPSK)
modulating_carrier <= ssp_dout ^ ssp_clk_divider[3]; // XOR means BPSK
else if(mod_type == 3'b010)
else if (mod_type == `MODULATE_212K)
modulating_carrier <= ssp_dout & ssp_clk_divider[5]; // switch 212kHz subcarrier on/off
else if(mod_type == 3'b100 || mod_type == 3'b101)
else if (mod_type == `MODULATE_424K || mod_type == `MODULATE_424K_8BIT)
modulating_carrier <= ssp_dout & ssp_clk_divider[4]; // switch 424kHz modulation on/off
else
modulating_carrier <= 1'b0; // yet unused
// This one is all LF, so doesn't matter
assign pwr_oe2 = modulating_carrier;
// Toggle only one of these, since we are already producing much deeper
// Load modulation. Toggle only one of these, since we are already producing much deeper
// modulation than a real tag would.
assign pwr_oe1 = modulating_carrier;
assign pwr_oe4 = modulating_carrier;
assign pwr_hi = 1'b0; // HF antenna connected to GND
assign pwr_oe3 = 1'b0; // 10k Load
assign pwr_oe1 = modulating_carrier; // 33 Ohms Load
assign pwr_oe4 = modulating_carrier; // 33 Ohms Load
// This is all LF and doesn't matter
assign pwr_lo = 1'b0;
assign pwr_oe2 = 1'b0;
// This one is always on, so that we can watch the carrier.
assign pwr_oe3 = 1'b0;
assign dbg = ssp_din;