github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-15 01:33:00 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

MF ultralight code cleanup

Browse source
This commit is contained in:
marshmellow42 2015-05-18 13:11:00 -04:00
parent 8258f40969
commit 9d87eb6650
6 changed files with 93 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

1
armsrc/appmain.c
View file

@ -830,7 +830,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
MifareUC_Auth(c->arg[0],c->d.asBytes); MifareUC_Auth(c->arg[0],c->d.asBytes);
break; break;
case CMD_MIFAREU_READCARD: case CMD_MIFAREU_READCARD:
case CMD_MIFAREUC_READCARD:
MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break; break;
case CMD_MIFAREUC_SETPWD: case CMD_MIFAREUC_SETPWD:

38
armsrc/mifarecmd.c
View file

@ -106,17 +106,17 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
return; return;
}; };
if(mifare_ultra_auth(keybytes) == 1){ if(!mifare_ultra_auth(keybytes)){
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed"); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
OnError(1); OnError(1);
return; return;
} }
cmd_send(CMD_ACK,1,0,0,0,0);
if (turnOffField) { if (turnOffField) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff(); LEDsoff();
} }
cmd_send(CMD_ACK,1,0,0,0,0);
} }
// Arg0 = BlockNo, // Arg0 = BlockNo,
@ -146,7 +146,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
uint8_t key[16] = {0x00}; uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) ); memcpy(key, datain, sizeof(key) );
if ( mifare_ultra_auth(key) == 1 ) { if ( !mifare_ultra_auth(key) ) {
OnError(1); OnError(1);
return; return;
} }
@ -157,7 +157,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
uint8_t pwd[4] = {0x00}; uint8_t pwd[4] = {0x00};
memcpy(pwd, datain, 4); memcpy(pwd, datain, 4);
uint8_t pack[4] = {0,0,0,0}; uint8_t pack[4] = {0,0,0,0};
if (mifare_ul_ev1_auth(pwd, pack) == 1) { if (!mifare_ul_ev1_auth(pwd, pack)) {
OnError(1); OnError(1);
return; return;
} }
@ -255,8 +255,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
uint16_t blocks = arg1; uint16_t blocks = arg1;
bool useKey = (arg2 == 1); //UL_C bool useKey = (arg2 == 1); //UL_C
bool usePwd = (arg2 == 2); //UL_EV1/NTAG bool usePwd = (arg2 == 2); //UL_EV1/NTAG
int countblocks = 0; uint32_t countblocks = 0;
uint8_t dataout[176] = {0x00}; uint8_t *dataout = BigBuf_get_addr();
LEDsoff(); LEDsoff();
LED_A_ON(); LED_A_ON();
@ -275,7 +275,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
uint8_t key[16] = {0x00}; uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) ); memcpy(key, datain, sizeof(key) );
if ( mifare_ultra_auth(key) == 1 ) { if ( !mifare_ultra_auth(key) ) {
OnError(1); OnError(1);
return; return;
} }
@ -287,19 +287,30 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
memcpy(pwd, datain, sizeof(pwd)); memcpy(pwd, datain, sizeof(pwd));
uint8_t pack[4] = {0,0,0,0}; uint8_t pack[4] = {0,0,0,0};
if (mifare_ul_ev1_auth(pwd, pack) == 1){ if (!mifare_ul_ev1_auth(pwd, pack)){
OnError(1); OnError(1);
return; return;
} }
} }
for (int i = 0; i < blocks; i++){ for (int i = 0; i < blocks; i++){
len = mifare_ultra_readblock(blockNo * 4 + i, dataout + 4 * i); if ((i*4) + 4 > BigBuf_get_traceLen()) {
Dbprintf("Data exceeds buffer!!");
break;
}
len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);
if (len) { if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
OnError(2); // if no blocks read - error out
return; if (i==0){
OnError(2);
return;
} else {
//stop at last successful read block and return what we got
break;
}
} else { } else {
countblocks++; countblocks++;
} }
@ -314,9 +325,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks); if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
len = blocks * 4; countblocks *= 4;
cmd_send(CMD_ACK, 1, countblocks, countblocks, 0, 0);
cmd_send(CMD_ACK, 1, len, 0, dataout, len);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff(); LEDsoff();
} }

15
armsrc/mifareutil.c
View file

@ -322,15 +322,14 @@ int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){
len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL); len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL);
if (len != 4) { if (len != 4) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len);
OnError(1); return 0;
return 1;
} }
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
Dbprintf("Auth Resp: %02x%02x%02x%02x", resp[0],resp[1],resp[2],resp[3]); Dbprintf("Auth Resp: %02x%02x%02x%02x", resp[0],resp[1],resp[2],resp[3]);
memcpy(pack, resp, 4); memcpy(pack, resp, 4);
return 0; return 1;
} }
int mifare_ultra_auth(uint8_t *keybytes){ int mifare_ultra_auth(uint8_t *keybytes){
@ -353,8 +352,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL); len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL);
if (len != 11) { if (len != 11) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);
OnError(1); return 0;
return 1;
} }
// tag nonce. // tag nonce.
@ -386,8 +384,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL); len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);
if (len != 11) { if (len != 11) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);
OnError(1); return 0;
return 1;
} }
uint8_t enc_resp[8] = { 0,0,0,0,0,0,0,0 }; uint8_t enc_resp[8] = { 0,0,0,0,0,0,0,0 };
@ -398,7 +395,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b); tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);
if ( memcmp(resp_random_a, random_a, 8) != 0 ) { if ( memcmp(resp_random_a, random_a, 8) != 0 ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication"); if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");
return 1; return 0;
} }
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
@ -418,7 +415,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3], resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3],
resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]); resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]);
} }
return 0; return 1;
} }
int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData) int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData)

102
client/cmdhfmfu.c
View file

@ -14,9 +14,10 @@
#include "mifare.h" #include "mifare.h"
#include "util.h" #include "util.h"
#include "protocols.h" #include "protocols.h"
#include "data.h"
#define MAX_UL_BLOCKS 0x0f #define MAX_UL_BLOCKS 0x0f
#define MAX_ULC_BLOCKS 0x2f #define MAX_ULC_BLOCKS 0x2b
#define MAX_ULEV1a_BLOCKS 0x12 #define MAX_ULEV1a_BLOCKS 0x12
#define MAX_ULEV1b_BLOCKS 0x20 #define MAX_ULEV1b_BLOCKS 0x20
#define MAX_NTAG_213 0x2c #define MAX_NTAG_213 0x2c
@ -191,10 +192,10 @@ static int ulc_authentication( uint8_t *key, bool switch_off_field ){
memcpy(c.d.asBytes, key, 16); memcpy(c.d.asBytes, key, 16);
SendCommand(&c); SendCommand(&c);
UsbCommand resp; UsbCommand resp;
if ( !WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) return -1; if ( !WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) return 0;
if ( resp.arg[0] == 1 ) return 0; if ( resp.arg[0] == 1 ) return 1;
return -2; return 0;
} }
static int ulev1_requestAuthentication( uint8_t *pwd, uint8_t *pack, uint16_t packLength ){ static int ulev1_requestAuthentication( uint8_t *pwd, uint8_t *pack, uint16_t packLength ){
@ -631,22 +632,20 @@ int CmdHF14AMfUInfo(const char *Cmd){
PrintAndLog("-------------------------------------------------------------"); PrintAndLog("-------------------------------------------------------------");
ul_print_type(tagtype, 6); ul_print_type(tagtype, 6);
status = ul_select(&card); if ( hasAuthKey && (tagtype & UL_C)) {
if ( status < 1 ){ //will select card automatically and close connection on error
PrintAndLog("iso14443a card select failed"); if (!ulc_authentication(authenticationkey, false)) {
ul_switch_off_field(); PrintAndLog("Error: Authentication Failed UL-C");
return status; return 0;
} }
} else {
if ( hasAuthKey ) { status = ul_select(&card);
if ((tagtype & UL_C)) { if ( status < 1 ){
//will select card automatically PrintAndLog("iso14443a card select failed");
if (ulc_authentication(authenticationkey, false) != 0) { ul_switch_off_field();
ul_switch_off_field(); return status;
PrintAndLog("Error: Authentication Failed UL-C"); }
return 0; if (hasAuthKey) {
}
} else {
len = ulev1_requestAuthentication(authenticationkey, pack, sizeof(pack)); len = ulev1_requestAuthentication(authenticationkey, pack, sizeof(pack));
if (len < 1) { if (len < 1) {
ul_switch_off_field(); ul_switch_off_field();
@ -674,6 +673,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
status = ul_read(0x28, ulc_conf, sizeof(ulc_conf)); status = ul_read(0x28, ulc_conf, sizeof(ulc_conf));
if ( status == -1 ){ if ( status == -1 ){
PrintAndLog("Error: tag didn't answer to READ UL-C"); PrintAndLog("Error: tag didn't answer to READ UL-C");
ul_switch_off_field();
return status; return status;
} }
ulc_print_configuration(ulc_conf); ulc_print_configuration(ulc_conf);
@ -690,22 +690,21 @@ int CmdHF14AMfUInfo(const char *Cmd){
ulc_print_3deskey(ulc_deskey); ulc_print_3deskey(ulc_deskey);
} else { } else {
ul_switch_off_field();
// if we called info with key, just return // if we called info with key, just return
if ( hasAuthKey ) return 1; if ( hasAuthKey ) return 1;
PrintAndLog("Trying some default 3des keys"); PrintAndLog("Trying some default 3des keys");
for (uint8_t i = 0; i < KEYS_3DES_COUNT; ++i ){ for (uint8_t i = 0; i < KEYS_3DES_COUNT; ++i ){
key = default_3des_keys[i]; key = default_3des_keys[i];
if (ulc_authentication(key, true) == 0){ if (ulc_authentication(key, true)){
PrintAndLog("Found default 3des key: "); //%s", sprint_hex(key,16)); PrintAndLog("Found default 3des key: "); //%s", sprint_hex(key,16));
uint8_t keySwap[16]; uint8_t keySwap[16];
memcpy(keySwap, SwapEndian64(key,16,8), 16); memcpy(keySwap, SwapEndian64(key,16,8), 16);
ulc_print_3deskey(keySwap); ulc_print_3deskey(keySwap);
ul_switch_off_field();
return 1; return 1;
} }
} }
ul_switch_off_field();
return 1; //return even if key not found (UL_C is done) return 1; //return even if key not found (UL_C is done)
} }
} }
@ -763,14 +762,19 @@ int CmdHF14AMfUInfo(const char *Cmd){
// 1-7 = ... should we even try then? // 1-7 = ... should we even try then?
if ( authlim == 0 ){ if ( authlim == 0 ){
PrintAndLog("\n--- Known EV1/NTAG passwords."); PrintAndLog("\n--- Known EV1/NTAG passwords.");
len = 0;
for (uint8_t i = 0; i < 3; ++i ){ for (uint8_t i = 0; i < KEYS_PWD_COUNT; ++i ){
key = default_pwd_pack[i]; key = default_pwd_pack[i];
if ( len > -1 ){ len = ulev1_requestAuthentication(key, pack, sizeof(pack));
len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len >= 1) {
if (len == 1) { PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]); break;
break; } else {
status = ul_select(&card);
if ( status < 1 ){
PrintAndLog("iso14443a card select failed - ev1 auth");
ul_switch_off_field();
return status;
} }
} }
} }
@ -783,6 +787,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
status = ul_read(3, cc, sizeof(cc)); status = ul_read(3, cc, sizeof(cc));
if ( status == -1 ){ if ( status == -1 ){
PrintAndLog("Error: tag didn't answer to READ ntag"); PrintAndLog("Error: tag didn't answer to READ ntag");
ul_switch_off_field();
return status; return status;
} }
ntag_print_CC(cc); ntag_print_CC(cc);
@ -988,8 +993,10 @@ int CmdHF14AMfUDump(const char *Cmd){
errors = param_gethex(tempStr, 0, key, dataLen); errors = param_gethex(tempStr, 0, key, dataLen);
else if (dataLen == 8) //ev1/ntag else if (dataLen == 8) //ev1/ntag
errors = param_gethex(tempStr, 0, key, dataLen); errors = param_gethex(tempStr, 0, key, dataLen);
else else{
PrintAndLog("\nERROR: Key is incorrect length\n");
errors = true; errors = true;
}
cmdp += 2; cmdp += 2;
hasPwd = true; hasPwd = true;
@ -1042,8 +1049,7 @@ int CmdHF14AMfUDump(const char *Cmd){
ul_print_type(tagtype, 0); ul_print_type(tagtype, 0);
PrintAndLog("Reading tag memory..."); PrintAndLog("Reading tag memory...");
UsbCommand c = {CMD_MIFAREU_READCARD, {startPage,Pages}};
UsbCommand c = {CMD_MIFAREUC_READCARD, {startPage,Pages}};
if ( hasPwd ) { if ( hasPwd ) {
if (tagtype & UL_C) if (tagtype & UL_C)
c.arg[2] = 1; //UL_C auth c.arg[2] = 1; //UL_C auth
@ -1058,15 +1064,20 @@ int CmdHF14AMfUDump(const char *Cmd){
PrintAndLog("Command execute time-out"); PrintAndLog("Command execute time-out");
return 1; return 1;
} }
PrintAndLog ("%u,%u",resp.arg[0],resp.arg[1]); if (resp.arg[0] != 1) {
uint8_t isOK = resp.arg[0] & 0xff;
if (isOK) {
memcpy(data, resp.d.asBytes, resp.arg[1]);
} else {
PrintAndLog("Failed reading block: (%02x)", i); PrintAndLog("Failed reading block: (%02x)", i);
return 1; return 1;
} }
uint32_t bufferSize = resp.arg[1];
if (bufferSize > sizeof(data)) {
PrintAndLog("Data exceeded Buffer size!");
bufferSize = sizeof(data);
}
GetFromBigBuf(data, bufferSize, 0);
WaitForResponse(CMD_ACK,NULL);
Pages = bufferSize/4;
// Load lock bytes. // Load lock bytes.
int j = 0; int j = 0;
@ -1088,11 +1099,14 @@ int CmdHF14AMfUDump(const char *Cmd){
} }
} }
// add keys // add keys to block dump
if (hasPwd){ //UL_C if (hasPwd && (tagtype & UL_C)){ //UL_C
memcpy(data + Pages*4, key, dataLen/2); memcpy(data + Pages*4, key, dataLen/2);
Pages += 4; Pages += 4;
} } else if (hasPwd) { //not sure output is in correct location.
memcpy(data + Pages*4, key, dataLen/2);
Pages += 1;
}
for (i = 0; i < Pages; ++i) { for (i = 0; i < Pages; ++i) {
if ( i < 3 ) { if ( i < 3 ) {
@ -1186,7 +1200,7 @@ void rol (uint8_t *data, const size_t len){
// //
int CmdHF14AMfucAuth(const char *Cmd){ int CmdHF14AMfucAuth(const char *Cmd){
uint8_t keyNo = 0; uint8_t keyNo = 3;
bool errors = false; bool errors = false;
char cmdp = param_getchar(Cmd, 0); char cmdp = param_getchar(Cmd, 0);
@ -1216,11 +1230,11 @@ int CmdHF14AMfucAuth(const char *Cmd){
} }
uint8_t *key = default_3des_keys[keyNo]; uint8_t *key = default_3des_keys[keyNo];
if (ulc_authentication(key, true) == 0) if (ulc_authentication(key, true))
PrintAndLog("Authentication successful. 3des key: %s",sprint_hex(key, 16)); PrintAndLog("Authentication successful. 3des key: %s",sprint_hex(key, 16));
else else
PrintAndLog("Authentication failed"); PrintAndLog("Authentication failed");
return 0; return 0;
} }

8
client/lualibs/commands.lua
View file

@ -135,11 +135,9 @@ local _commands = {
CMD_MIFARE_SNIFFER = 0x0630, CMD_MIFARE_SNIFFER = 0x0630,
--//ultralightC --//ultralightC
CMD_MIFAREUC_AUTH1 = 0x0724, CMD_MIFAREUC_AUTH = 0x0724,
CMD_MIFAREUC_AUTH2 = 0x0725, CMD_MIFAREUC_SETPWD = 0x0727,
CMD_MIFAREUC_READCARD = 0x0726, CMD_MIFAREU_SETUID = 0x0728,
CMD_MIFAREUC_SETPWD = 0x0727,
CMD_MIFAREU_SETUID = 0x0728,
--// mifare desfire --// mifare desfire
CMD_MIFARE_DESFIRE_READBL = 0x0728, CMD_MIFARE_DESFIRE_READBL = 0x0728,

5
include/usb_cmd.h
View file

@ -174,9 +174,8 @@ typedef struct{
#define CMD_MIFARE_SNIFFER 0x0630 #define CMD_MIFARE_SNIFFER 0x0630
//ultralightC //ultralightC
#define CMD_MIFAREUC_AUTH1 0x0724 #define CMD_MIFAREUC_AUTH 0x0724
#define CMD_MIFAREUC_AUTH2 0x0725 //0x0725 and 0x0726 no longer used
#define CMD_MIFAREUC_READCARD 0x0726
#define CMD_MIFAREUC_SETPWD 0x0727 #define CMD_MIFAREUC_SETPWD 0x0727