Merge branch 'master' into fix_hf_15

CHANGELOG.md

@@ -2,19 +2,26 @@
 All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
-
 ## [unreleased][unreleased]
 
+### Changed
+
+### Fixed
+
+### Added
+
+## [v3.1.0][2018-10-10]
+
 ### Changed
 - Adjusted `lf cmdread` to respond to client when complete and the client will then automatically call `data samples`
-- Improved backdoor detection missbehaving magic s50/1k tag (Fl0-0)
+- Improved backdoor detection misbehaving magic s50/1k tag (Fl0-0)
 - Deleted wipe functionality from `hf mf csetuid` (Merlok)
 - Changed `hf mf nested` logic (Merlok)
 - Added `hf mf nested` mode: autosearch keys for attack (from well known keys) (Merlok)
 - `hf mf nested` Check keys after they have found (Merlok)
 - `hf mf chk` Move main cycle to arm (Merlok)
 - Changed proxmark command line parameter `flush` to `-f` or `-flush` (Merlok)
-- Changed `hf 14a reader` to just reqest-anticilission-select sequence (Merlok)
+- Changed `hf 14a reader` to just request-anticolission-select sequence (Merlok)
 - Changed `hf 14a raw` - works with LED's and some exchange logic (Merlok)
 - Changed TLV parser messages to more convenient (Merlok)
 - Rewritten Legic Prime reader (`hf legic reader`, `write` and `fill`) - it is using xcorrelation now (AntiCat)
@@ -25,20 +32,22 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 ### Fixed
 - Changed start sequence in Qt mode (fix: short commands hangs main Qt thread) (Merlok)
 - Changed driver file proxmark3.inf to support both old and new Product/Vendor IDs (piwi)
+- Changed all command line parsers in `hf emv` commands to argtable (Merlok)
+- Implemented AppNap API, fixing #283 and #627 OSX USB comm issues (AntiCat)
 
 ### Added
 - Added `sc` smartcard (contact card) commands - reader, info, raw, upgrade, setclock, list (hardware version RDV4.0 only) must turn option on in makefile options (Willok, Iceman, marshmellow)
 - Added a bitbang mode to `lf cmdread` if delay is 0 the cmd bits turn off and on the antenna with 0 and 1 respectively (marshmellow)
 - Added PAC/Stanley detection to lf search (marshmellow)
 - Added lf pac demod and lf pac read - extracts the raw blocks from a PAC/Stanley tag (marshmellow)
-- Added hf mf c* commands compatibity for 4k and gen1b backdoor (Fl0-0)
+- Added hf mf c* commands compatibility for 4k and gen1b backdoor (Fl0-0)
 - Added backdoor detection for gen1b magic s70/4k tag (Fl0-0)
 - Added data fsktonrz, a fsk cleaning/demodulating routine for weak fsk signal. Note: follow this up with a `data rawdemod nr` to finish demoding your signal. (marshmellow)
 - Added lf em 410xbrute, LF EM410x reader bruteforce attack by simulating UIDs from a file (Fl0-0)
 - Added `hf mf cwipe` command. It wipes "magic Chinese" card. For 1a generation it uses card's "wipe" command. For gen1a and gen1b it uses a write command. (Merlok)
 - Added to `hf mf nested` source key check before attack (Merlok)
 - Added to `hf mf nested` after attack it checks all found keys on non-open sectors (Merlok)
-- `hf mf chk` Added setings to set iso14443a operations timeout. default timeout set to 500us (Merlok)
+- `hf mf chk` Added settings to set iso14443a operations timeout. default timeout set to 500us (Merlok)
 - Added to `hf mf nested` parameters `s` and `ss` for checking slow cards (Merlok)
 - Added to proxmark command line parameters `w` - wait 20s for serial port (Merlok)
 - Added to proxmark command line parameters `c` and `l` - execute command and lua script from command line (Merlok)
@@ -55,6 +64,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 - Added to `hf emv exec` SDA, DDA, fast DDA, CDA calculations for VISA and Mastercard and some other compatible EMV cards (Merlok)
 - Added `hf emv test` - crypto tests for DES, AES, SHA, RSA, SDA, DDA, CDA and some other crypto functions (Merlok)
 - Added `hf list mf` - deciphers crypto1 stream and works with first authentication and weak nested authentications (Merlok)
+- Added to `hf emv` commands: `gpo`, `readrec`, `genac`, `challenge`, `intauth` - commands working with EMV cards (Merlok)
 - Added `lf hid encode` and `lf hid decode` commands to translate printed HID card data to and from the packed data transmitted by a prox tag (grauerfuchs)
 - Added `lf hid write` command, which operates as a macro for encode followed by clone operations (grauerfuchs)
 

armsrc/iso15693.c

@@ -175,8 +175,6 @@ static void CodeIso15693AsReader(uint8_t *cmd, int n)
 	for(i = 0; i < 4; i++) {
 		ToSendStuffBit(1);
 	}
-
-	ToSendMax++;
 }
 
 // encode data using "1 out of 256" scheme

client/Makefile

@@ -37,10 +37,12 @@ endif
 LUAPLATFORM = generic
 platform = $(shell uname)
 ifneq (,$(findstring MINGW,$(platform)))
-    LUAPLATFORM = mingw
+		LUAPLATFORM = mingw
 else
 	ifeq ($(platform),Darwin)
 		LUAPLATFORM = macosx
+		OBJCSRCS = util_darwin.m
+		LDFLAGS += -framework Foundation -framework AppKit
 	else
 		LUALIB +=  -ldl
 		LDLIBS +=  -ltermcap -lncurses
@@ -210,6 +212,7 @@ QTGUISRCS = proxgui.cpp proxguiqt.cpp proxguiqt.moc.cpp guidummy.cpp
 
 COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)
 CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o)
+OBJCOBJS = $(OBJCSRCS:%.m=$(OBJDIR)/%.o)
 ZLIBOBJS = $(ZLIBSRCS:%.c=$(OBJDIR)/%.o)
 MULTIARCHOBJS = $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_NOSIMD.o) \
 			$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_MMX.o) \
@@ -235,7 +238,7 @@ endif
 			
 BINS = proxmark3 flasher fpga_compress
 WINBINS = $(patsubst %, %.exe, $(BINS))
-CLEAN = $(BINS) $(WINBINS) $(COREOBJS) $(CMDOBJS) $(ZLIBOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h
+CLEAN = $(BINS) $(WINBINS) $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(ZLIBOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h
 
 # need to assign dependancies to build these first...
 all: lua_build jansson_build $(BINS)
@@ -244,10 +247,10 @@ all-static: LDLIBS:=-static $(LDLIBS)
 all-static: proxmark3 flasher fpga_compress
 
 proxmark3: LDLIBS+=$(LUALIB) $(JANSSONLIB) $(QTLDLIBS)
-proxmark3: $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) lualibs/usb_cmd.lua
+proxmark3: $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) lualibs/usb_cmd.lua
-	$(LD) $(LDFLAGS) $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) $(LDLIBS) -o $@
+	$(LD) $(LDFLAGS) $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) $(LDLIBS) -o $@
 
-flasher: $(OBJDIR)/flash.o $(OBJDIR)/flasher.o $(COREOBJS)
+flasher: $(OBJDIR)/flash.o $(OBJDIR)/flasher.o $(COREOBJS) $(OBJCOBJS)
 	$(LD) $(LDFLAGS) $^ $(LDLIBS) -o $@
 
 fpga_compress: $(OBJDIR)/fpga_compress.o $(ZLIBOBJS)
@@ -310,6 +313,10 @@ $(OBJDIR)/%.o : %.cpp $(OBJDIR)/%.d
 	$(CXX) $(DEPFLAGS) $(CXXFLAGS) $(QTINCLUDES) -c -o $@ $<
 	$(POSTCOMPILE)
 
+%.o: %.m
+$(OBJDIR)/%.o : %.m $(OBJDIR)/%.d
+	$(CC) $(DEPFLAGS) $(CFLAGS) -c -o $@ $<
+	$(POSTCOMPILE)
 
 #$(CMDOBJS) $(COREOBJS): $(notdir $(%.c)) %.d
 #	$(CC) $(DEPFLAGS) $(CFLAGS) -c -o $@ $<
@@ -325,6 +332,7 @@ $(OBJDIR)/%.o : %.cpp $(OBJDIR)/%.d
 
 DEPENDENCY_FILES = $(patsubst %.c, $(OBJDIR)/%.d, $(CORESRCS) $(CMDSRCS) $(ZLIBSRCS) $(MULTIARCHSRCS)) \
 	$(patsubst %.cpp, $(OBJDIR)/%.d, $(QTGUISRCS)) \
+	$(patsubst %.m, $(OBJDIR)/%.d, $(OBJCSRCS)) \
 	$(OBJDIR)/proxmark3.d $(OBJDIR)/flash.d $(OBJDIR)/flasher.d $(OBJDIR)/fpga_compress.d
 
 $(DEPENDENCY_FILES): ;

client/cliparser/cliparser.c

@@ -80,6 +80,10 @@ enum ParserState {
 #define isSpace(c)(c == ' ' || c == '\t')
 
 int CLIParserParseString(const char* str, void* vargtable[], size_t vargtableLen, bool allowEmptyExec) {
+	return CLIParserParseStringEx(str, vargtable, vargtableLen, allowEmptyExec, false);
+}
+
+int CLIParserParseStringEx(const char* str, void* vargtable[], size_t vargtableLen, bool allowEmptyExec, bool clueData) {
 	int argc = 0;
 	char *argv[200] = {NULL};
 	
@@ -99,7 +103,7 @@ int CLIParserParseString(const char* str, void* vargtable[], size_t vargtableLen
 	for (int i = 0; i < len; i++) {
 		switch(state){
 			case PS_FIRST: // first char
-				if (str[i] == '-'){ // first char before space is '-' - next element - option
+				if (!clueData || str[i] == '-'){ // first char before space is '-' - next element - option OR not "clueData" for not-option fields
 					state = PS_OPTION;
 
 					if (spaceptr) {
@@ -148,7 +152,24 @@ void CLIParserFree() {
 
 // convertors
 int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int *datalen) {
-	switch(param_gethex_to_eol(argstr->sval[0], 0, data, maxdatalen, datalen)) {
+	*datalen = 0;
+	if (!argstr->count)
+		return 0;
+	
+	char buf[256] = {0};
+	int ibuf = 0;
+	
+	for (int i = 0; i < argstr->count; i++) {
+		int len = strlen(argstr->sval[i]);
+		memcpy(&buf[ibuf], argstr->sval[i], len);
+		ibuf += len;
+	}
+	buf[ibuf] = 0;
+  
+	if (!ibuf)
+		return 0;
+	
+	switch(param_gethex_to_eol(buf, 0, data, maxdatalen, datalen)) {
 	case 1:
 		printf("Parameter error: Invalid HEX value.\n");
 		return 1;

client/cliparser/cliparser.h

@@ -19,6 +19,10 @@
 #define arg_get_lit(n)(((struct arg_lit*)argtable[n])->count)
 #define arg_get_int(n)(((struct arg_int*)argtable[n])->ival[0])
 #define arg_get_str(n)((struct arg_str*)argtable[n])
+#define arg_get_str_len(n)(strlen(((struct arg_str*)argtable[n])->sval[0]))
+
+#define arg_strx1(shortopts, longopts, datatype, glossary) (arg_strn((shortopts), (longopts), (datatype), 1, 250, (glossary)))
+#define arg_strx0(shortopts, longopts, datatype, glossary) (arg_strn((shortopts), (longopts), (datatype), 0, 250, (glossary)))
 
 #define CLIExecWithReturn(cmd, atbl, ifempty) if (CLIParserParseString(cmd, atbl, arg_getsize(atbl), ifempty)){CLIParserFree();return 0;}
 #define CLIGetStrBLessWithReturn(paramnum, data, datalen, delta) if (CLIParamHexToBuf(arg_get_str(paramnum), data, sizeof(data) - (delta), datalen)) {CLIParserFree();return 1;}
@@ -26,6 +30,7 @@
 
 extern int CLIParserInit(char *vprogramName, char *vprogramHint, char *vprogramHelp);
 extern int CLIParserParseString(const char* str, void* argtable[], size_t vargtableLen, bool allowEmptyExec);
+extern int CLIParserParseStringEx(const char* str, void* vargtable[], size_t vargtableLen, bool allowEmptyExec, bool clueData);
 extern int CLIParserParseArg(int argc, char **argv, void* argtable[], size_t vargtableLen, bool allowEmptyExec);
 extern void CLIParserFree();
 

client/cmdhf14a.c

@@ -648,6 +648,95 @@ void DropField() {
 	SendCommand(&c);
 }
 
+int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
+	uint16_t cmdc = 0;
+	*dataoutlen = 0;
+	
+	if (activateField) {
+		UsbCommand resp;
+
+		// Anticollision + SELECT card
+		UsbCommand ca = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT | ISO14A_CLEAR_TRACE, 0, 0}};
+		SendCommand(&ca);
+		if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+			PrintAndLog("14aRAW ERROR: Proxmark connection timeout.");
+			return 1;
+		}
+
+		// check result
+		if (resp.arg[0] == 0) {
+			PrintAndLog("14aRAW ERROR: No card in field.");
+			return 1;
+		}
+
+		if (resp.arg[0] != 1 && resp.arg[0] != 2) {
+			PrintAndLog("14aRAW ERROR: card not in iso14443-4. res=%d.", resp.arg[0]);
+			return 1;
+		}
+
+		if (resp.arg[0] == 2) {		// 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
+			// get ATS 
+			UsbCommand cr = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT, 2, 0}}; 
+			uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
+			memcpy(cr.d.asBytes, rats, 2);
+			SendCommand(&cr);
+			if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+				PrintAndLog("14aRAW ERROR: Proxmark connection timeout.");
+				return 1;
+			}
+			
+			if (resp.arg[0] <= 0) { // ats_len
+				PrintAndLog("14aRAW ERROR: Can't get ATS.");
+				return 1;
+			}
+		}
+	}
+	
+	if (leaveSignalON)
+		cmdc |= ISO14A_NO_DISCONNECT;
+
+	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | cmdc, (datainlen & 0xFFFF), 0}}; 
+	memcpy(c.d.asBytes, datain, datainlen);
+	SendCommand(&c);
+	
+    uint8_t *recv;
+    UsbCommand resp;
+
+    if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+        recv = resp.d.asBytes;
+        int iLen = resp.arg[0];
+		
+		*dataoutlen = iLen - 2;
+		if (*dataoutlen < 0)
+			*dataoutlen = 0;
+		
+		if (maxdataoutlen && *dataoutlen > maxdataoutlen) {
+			PrintAndLog("14aRAW ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen);
+			return 2;
+		}
+		
+		memcpy(dataout, recv, *dataoutlen);
+		
+        if(!iLen) {
+			PrintAndLog("14aRAW ERROR: No card response.");
+            return 1;
+		}
+
+		// CRC Check
+		if (iLen == -1) {
+			PrintAndLog("14aRAW ERROR: ISO 14443A CRC error.");
+			return 3;
+		}
+
+
+    } else {
+        PrintAndLog("14aRAW ERROR: Reply timeout.");
+		return 4;
+    }
+	
+	return 0;
+}
+
 int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
 	uint16_t cmdc = 0;
 	
@@ -742,7 +831,7 @@ int CmdHF14AAPDU(const char *cmd) {
 		arg_lit0("sS",  "select",  "activate field and select card"),
 		arg_lit0("kK",  "keep",    "leave the signal field ON after receive response"),
 		arg_lit0("tT",  "tlv",     "executes TLV decoder if it possible"),
-		arg_str1(NULL,  NULL,      "<APDU (hex)>", NULL),
+		arg_strx1(NULL, NULL,      "<APDU (hex)>", NULL),
 		arg_param_end
 	};
 	CLIExecWithReturn(cmd, argtable, false);
@@ -807,7 +896,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
 		arg_int0("t",   "timeout", NULL, "timeout in ms"),
 		arg_lit0("T",   "topaz",   "use Topaz protocol to send command"),
 		arg_lit0("3",   NULL,      "ISO14443-3 select only (skip RATS)"),
-		arg_str1(NULL,  NULL,      "<data (hex)>", NULL),
+		arg_strx1(NULL, NULL,      "<data (hex)>", NULL),
 		arg_param_end
 	};
 	// defaults

client/cmdhf14a.h

@@ -25,6 +25,7 @@ int CmdHF14ASnoop(const char *Cmd);
 char* getTagInfo(uint8_t uid);
 
 extern void DropField();
+extern int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
 extern int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen);
 
 #endif

client/cmdhfmf.c

@@ -27,6 +27,9 @@
 #include "mifare.h"
 #include "mfkey.h"
 #include "hardnested/hardnested_bf_core.h"
+#include "cliparser/cliparser.h"
+#include "cmdhf14a.h"
+#include <polarssl/aes.h>
 
 #define NESTED_SECTOR_RETRY     10			// how often we try mfested() until we give up
 
@@ -2634,6 +2637,149 @@ int CmdDecryptTraceCmds(const char *Cmd){
 	return tryDecryptWord(param_get32ex(Cmd,0,0,16),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),data,len/2);
 }
 
+int aes_encode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
+	uint8_t iiv[16] = {0};
+	if (iv)
+		memcpy(iiv, iv, 16);
+	
+	aes_context aes;
+	aes_init(&aes);
+	if (aes_setkey_enc(&aes, key, 128))
+		return 1;
+	if (aes_crypt_cbc(&aes, AES_ENCRYPT, length, iiv, input, output))
+		return 2;
+	aes_free(&aes);
+
+	return 0;
+}
+
+int aes_decode(uint8_t *iv, uint8_t *key, uint8_t *input, uint8_t *output, int length){
+	uint8_t iiv[16] = {0};
+	if (iv)
+		memcpy(iiv, iv, 16);
+	
+	aes_context aes;
+	aes_init(&aes);
+	if (aes_setkey_dec(&aes, key, 128))
+		return 1;
+	if (aes_crypt_cbc(&aes, AES_DECRYPT, length, iiv, input, output))
+		return 2;
+	aes_free(&aes);
+
+	return 0;
+}
+
+int CmdHF14AMfAuth4(const char *cmd) {
+	uint8_t keyn[20] = {0};
+	int keynlen = 0;
+	uint8_t key[16] = {0};
+	int keylen = 0;
+	uint8_t data[257] = {0};
+	int datalen = 0;
+	
+	uint8_t Rnd1[17] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
+	uint8_t Rnd2[17] = {0};
+	
+	
+	CLIParserInit("hf mf auth4", 
+		"Executes AES authentication command in ISO14443-4", 
+		"Usage:\n\thf mf auth4 4000 000102030405060708090a0b0c0d0e0f -> executes authentication\n"
+			"\thf mf auth4 9003 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -> executes authentication\n");
+
+	void* argtable[] = {
+		arg_param_begin,
+		arg_str1(NULL,  NULL,     "<Key Num (HEX 2 bytes)>", NULL),
+		arg_str1(NULL,  NULL,     "<Key Value (HEX 16 bytes)>", NULL),
+		arg_param_end
+	};
+	CLIExecWithReturn(cmd, argtable, true);
+	
+	CLIGetStrWithReturn(1, keyn, &keynlen);
+	CLIGetStrWithReturn(2, key, &keylen);
+	CLIParserFree();
+	
+	if (keynlen != 2) {
+		PrintAndLog("ERROR: <Key Num> must be 2 bytes long instead of: %d", keynlen);
+		return 1;
+	}
+	
+	if (keylen != 16) {
+		PrintAndLog("ERROR: <Key Value> must be 16 bytes long instead of: %d", keylen);
+		return 1;
+	}
+
+	uint8_t cmd1[] = {0x0a, 0x00, 0x70, keyn[1], keyn[0], 0x00};
+	int res = ExchangeRAW14a(cmd1, sizeof(cmd1), true, true, data, sizeof(data), &datalen);
+	if (res) {
+		PrintAndLog("ERROR exchande raw error: %d", res);
+		return 2;
+	}
+	
+	PrintAndLog("<phase1: %s", sprint_hex(data, datalen));
+		
+	if (datalen < 3) {
+		PrintAndLog("ERROR: card response length: %d", datalen);
+		return 3;
+	}
+	
+	if (data[0] != 0x0a || data[1] != 0x00) {
+		PrintAndLog("ERROR: card response. Framing error. :%s", sprint_hex(data, 2));
+		return 3;
+	}
+
+	if (data[2] != 0x90) {
+		PrintAndLog("ERROR: card response error: %02x", data[2]);
+		return 3;
+	}
+
+	if (datalen != 19) {
+		PrintAndLog("ERROR: card response must be 16 bytes long instead of: %d", datalen);
+		return 3;
+	}
+	
+    aes_decode(NULL, key, &data[3], Rnd2, 16);
+	Rnd2[16] = Rnd2[0];
+	PrintAndLog("Rnd2: %s", sprint_hex(Rnd2, 16));
+
+	uint8_t cmd2[35] = {0};
+	cmd2[0] = 0x0b;
+	cmd2[1] = 0x00;
+	cmd2[2] = 0x72;
+
+	uint8_t raw[32] = {0};
+	memmove(raw, Rnd1, 16);
+	memmove(&raw[16], &Rnd2[1], 16);
+
+    aes_encode(NULL, key, raw, &cmd2[3], 32);
+	PrintAndLog(">phase2: %s", sprint_hex(cmd2, 35));
+	
+	res = ExchangeRAW14a(cmd2, sizeof(cmd2), false, false, data, sizeof(data), &datalen);
+	if (res) {
+		PrintAndLog("ERROR exchande raw error: %d", res);
+		DropField();
+		return 4;
+	}
+	
+	PrintAndLog("<phase2: %s", sprint_hex(data, datalen));
+
+    aes_decode(NULL, key, &data[3], raw, 32);
+	PrintAndLog("res: %s", sprint_hex(raw, 32));
+	
+	PrintAndLog("Rnd1`: %s", sprint_hex(&raw[4], 16));
+	if (memcmp(&raw[4], &Rnd1[1], 16)) {
+		PrintAndLog("\nERROR: Authentication FAILED. rnd not equal");
+		PrintAndLog("rnd1 reader: %s", sprint_hex(&Rnd1[1], 16));
+		PrintAndLog("rnd1   card: %s", sprint_hex(&raw[4], 16));
+		DropField();
+		return 5;
+	}
+
+	DropField();
+	PrintAndLog("\nAuthentication OK");
+	
+	return 0;
+}
+
 static command_t CommandTable[] =
 {
   {"help",             CmdHelp,                 1, "This help"},
@@ -2643,6 +2789,7 @@ static command_t CommandTable[] =
   {"dump",             CmdHF14AMfDump,          0, "Dump MIFARE classic tag to binary file"},
   {"restore",  	       CmdHF14AMfRestore,       0, "Restore MIFARE classic binary file to BLANK tag"},
   {"wrbl",             CmdHF14AMfWrBl,          0, "Write MIFARE classic block"},
+  {"auth4",            CmdHF14AMfAuth4,         0, "ISO14443-4 AES authentication"},
   {"chk",              CmdHF14AMfChk,           0, "Test block keys"},
   {"mifare",           CmdHF14AMifare,          0, "Read parity error messages."},
   {"hardnested",       CmdHF14AMfNestedHard,    0, "Nested attack for hardened Mifare cards"},

client/comms.c

@@ -18,6 +18,7 @@
 #include "uart.h"
 #include "ui.h"
 #include "common.h"
+#include "util_darwin.h"
 #include "util_posix.h"
 
 
@@ -198,6 +199,10 @@ __attribute__((force_align_arg_pointer))
 	UsbCommand rx;
 	UsbCommand *prx = ℞
 
+#if defined(__MACH__) && defined(__APPLE__)
+	disableAppNap("Proxmark3 polling UART");
+#endif
+
 	while (conn->run) {
 		rxlen = 0;
 		bool ACK_received = false;
@@ -236,6 +241,10 @@ __attribute__((force_align_arg_pointer))
 		pthread_mutex_unlock(&txBufferMutex);
 	}
 
+#if defined(__MACH__) && defined(__APPLE__)
+	enableAppNap();
+#endif
+
 	pthread_exit(NULL);
 	return NULL;
 }
@@ -333,7 +342,20 @@ bool OpenProxmark(void *port, bool wait_for_port, int timeout, bool flash_mode)
 
 void CloseProxmark(void) {
 	conn.run = false;
+
+#ifdef __BIONIC__
+	// In Android O and later, if an invalid pthread_t is passed to pthread_join, it calls fatal().
+	// https://github.com/aosp-mirror/platform_bionic/blob/ed16b344e75f422fb36fbfd91fb30de339475880/libc/bionic/pthread_internal.cpp#L116-L128
+	//
+	// In Bionic libc, pthread_t is an integer.
+
+	if (USB_communication_thread != 0) {
+		pthread_join(USB_communication_thread, NULL);
+	}
+#else
+	// pthread_t is a struct on other libc, treat as an opaque memory reference
 	pthread_join(USB_communication_thread, NULL);
+#endif
 
 	if (sp) {
 		uart_close(sp);
@@ -351,6 +373,9 @@ void CloseProxmark(void) {
 	// Clean up our state
 	sp = NULL;
 	serial_port_name = NULL;
+#ifdef __BIONIC__
+	memset(&USB_communication_thread, 0, sizeof(pthread_t));
+#endif
 }
 
 

client/proxguiqt.cpp

@@ -26,6 +26,10 @@
 #include <string.h>
 #include "proxgui.h"
 #include <QtGui>
+
+extern "C" {
+#include "util_darwin.h"
+}
 //#include <ctime>
 
 bool g_useOverlays = false;
@@ -60,7 +64,12 @@ void ProxGuiQT::_ShowGraphWindow(void)
 		return;
 
 	if (!plotwidget)
+	{
+#if defined(__MACH__) && defined(__APPLE__)
+		makeFocusable();
+#endif
 		plotwidget = new ProxWidget();
+	}
 
 	plotwidget->show();
 }
@@ -108,6 +117,11 @@ void ProxGuiQT::MainLoop()
 	//start proxmark thread after starting event loop
 	QTimer::singleShot(200, this, SLOT(_StartProxmarkThread()));
 
+#if defined(__MACH__) && defined(__APPLE__)
+	//Prevent the terminal from loosing focus during launch by making the client unfocusable
+	makeUnfocusable();
+#endif
+
 	plotapp->exec();
 }
 
@@ -181,8 +195,7 @@ ProxWidget::ProxWidget(QWidget *parent, ProxGuiQT *master) : QWidget(parent)
 	this->master = master;
 	resize(800,500);
 
-	/** Setup the controller widget **/
+	// Setup the controller widget
-
 	controlWidget = new QWidget();
 	opsController = new Ui::Form();
 	opsController->setupUi(controlWidget);
@@ -204,23 +217,17 @@ ProxWidget::ProxWidget(QWidget *parent, ProxGuiQT *master) : QWidget(parent)
 	QObject::connect(opsController->horizontalSlider_dirthr_down, SIGNAL(valueChanged(int)), this, SLOT(vchange_dthr_down(int)));
 	QObject::connect(opsController->horizontalSlider_askedge, SIGNAL(valueChanged(int)), this, SLOT(vchange_askedge(int)));
 
-	controlWidget->show();
-
 	// Set up the plot widget, which does the actual plotting
-
 	plot = new Plot(this);
-	/*
-	QSlider* slider = new QSlider(Qt::Horizontal);
-	slider->setFocusPolicy(Qt::StrongFocus);
-	slider->setTickPosition(QSlider::TicksBothSides);
-	slider->setTickInterval(10);
-	slider->setSingleStep(1);
-	*/
 	QVBoxLayout *layout = new QVBoxLayout;
-	//layout->addWidget(slider);
 	layout->addWidget(plot);
 	setLayout(layout);
-	//printf("Proxwidget Constructor just set layout\r\n");
+	show(); // places the window on the screen.
+
+	// Move controller widget below plot
+	controlWidget->move(x(),y()+frameSize().height());
+	controlWidget->resize(size().width(), controlWidget->size().height());
+	controlWidget->show();
 }
 
 // not 100% sure what i need in this block

client/util_darwin.h

@@ -0,0 +1,20 @@
+//-----------------------------------------------------------------------------
+// (c) 2018 AntiCat
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// macOS framework bindings
+//-----------------------------------------------------------------------------
+
+#ifndef UTIL_DARWIN_H__
+#define UTIL_DARWIN_H__
+
+void disableAppNap(const char* reason);
+void enableAppNap();
+
+void makeUnfocusable();
+void makeFocusable();
+
+#endif

client/util_darwin.m

@@ -0,0 +1,55 @@
+//-----------------------------------------------------------------------------
+// (c) 2018 AntiCat
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// macOS framework bindings
+//-----------------------------------------------------------------------------
+
+#import "util_darwin.h"
+
+#import <Foundation/NSString.h>
+#import <Foundation/NSProcessInfo.h>
+#import <AppKit/NSApplication.h>
+
+static id activity = nil;
+
+//OS X Version 10.10 is defined in OS X 10.10 and later
+#if defined(MAC_OS_X_VERSION_10_10)
+void disableAppNap(const char* reason) {
+	if(activity == nil) {
+		//NSLog(@"disableAppNap: %@", @(reason));
+		activity = [[NSProcessInfo processInfo] beginActivityWithOptions:NSActivityBackground reason:@(reason)];
+		[activity retain];
+	}
+}
+
+void enableAppNap() {
+	if(activity != nil) {
+		//NSLog(@"enableAppNap");
+		[[NSProcessInfo processInfo] endActivity:activity];
+		[activity release];
+		activity = nil;
+	}
+}
+
+#else
+void disableAppNap(const char* reason) { }
+void enableAppNap() { }
+#endif
+
+//OS X Version 10.6 is defined in OS X 10.6 and later
+#if defined(MAC_OS_X_VERSION_10_6)
+void makeUnfocusable() {
+	[NSApp setActivationPolicy:NSApplicationActivationPolicyProhibited];
+}
+
+void makeFocusable() {
+	[NSApp setActivationPolicy:NSApplicationActivationPolicyRegular];
+}
+#else
+void makeUnfocusable() { }
+void makeFocusable() { }
+#endif