MF ultralight code cleanup

This commit is contained in:
marshmellow42 2015-05-18 13:11:00 -04:00
parent 8258f40969
commit 9d87eb6650
6 changed files with 93 additions and 76 deletions

View file

@ -830,7 +830,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
MifareUC_Auth(c->arg[0],c->d.asBytes);
break;
case CMD_MIFAREU_READCARD:
case CMD_MIFAREUC_READCARD:
MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
case CMD_MIFAREUC_SETPWD:

View file

@ -106,17 +106,17 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
return;
};
if(mifare_ultra_auth(keybytes) == 1){
if(!mifare_ultra_auth(keybytes)){
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
OnError(1);
return;
}
cmd_send(CMD_ACK,1,0,0,0,0);
if (turnOffField) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
cmd_send(CMD_ACK,1,0,0,0,0);
}
// Arg0 = BlockNo,
@ -146,7 +146,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) );
if ( mifare_ultra_auth(key) == 1 ) {
if ( !mifare_ultra_auth(key) ) {
OnError(1);
return;
}
@ -157,7 +157,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
uint8_t pwd[4] = {0x00};
memcpy(pwd, datain, 4);
uint8_t pack[4] = {0,0,0,0};
if (mifare_ul_ev1_auth(pwd, pack) == 1) {
if (!mifare_ul_ev1_auth(pwd, pack)) {
OnError(1);
return;
}
@ -255,8 +255,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
uint16_t blocks = arg1;
bool useKey = (arg2 == 1); //UL_C
bool usePwd = (arg2 == 2); //UL_EV1/NTAG
int countblocks = 0;
uint8_t dataout[176] = {0x00};
uint32_t countblocks = 0;
uint8_t *dataout = BigBuf_get_addr();
LEDsoff();
LED_A_ON();
@ -275,7 +275,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) );
if ( mifare_ultra_auth(key) == 1 ) {
if ( !mifare_ultra_auth(key) ) {
OnError(1);
return;
}
@ -287,19 +287,30 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
memcpy(pwd, datain, sizeof(pwd));
uint8_t pack[4] = {0,0,0,0};
if (mifare_ul_ev1_auth(pwd, pack) == 1){
if (!mifare_ul_ev1_auth(pwd, pack)){
OnError(1);
return;
}
}
for (int i = 0; i < blocks; i++){
len = mifare_ultra_readblock(blockNo * 4 + i, dataout + 4 * i);
if ((i*4) + 4 > BigBuf_get_traceLen()) {
Dbprintf("Data exceeds buffer!!");
break;
}
len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);
if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
// if no blocks read - error out
if (i==0){
OnError(2);
return;
} else {
//stop at last successful read block and return what we got
break;
}
} else {
countblocks++;
}
@ -314,9 +325,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
len = blocks * 4;
cmd_send(CMD_ACK, 1, len, 0, dataout, len);
countblocks *= 4;
cmd_send(CMD_ACK, 1, countblocks, countblocks, 0, 0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}

View file

@ -322,15 +322,14 @@ int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){
len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL);
if (len != 4) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len);
OnError(1);
return 1;
return 0;
}
if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
Dbprintf("Auth Resp: %02x%02x%02x%02x", resp[0],resp[1],resp[2],resp[3]);
memcpy(pack, resp, 4);
return 0;
return 1;
}
int mifare_ultra_auth(uint8_t *keybytes){
@ -353,8 +352,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL);
if (len != 11) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);
OnError(1);
return 1;
return 0;
}
// tag nonce.
@ -386,8 +384,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);
if (len != 11) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);
OnError(1);
return 1;
return 0;
}
uint8_t enc_resp[8] = { 0,0,0,0,0,0,0,0 };
@ -398,7 +395,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);
if ( memcmp(resp_random_a, random_a, 8) != 0 ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");
return 1;
return 0;
}
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
@ -418,7 +415,7 @@ int mifare_ultra_auth(uint8_t *keybytes){
resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3],
resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]);
}
return 0;
return 1;
}
int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData)

View file

@ -14,9 +14,10 @@
#include "mifare.h"
#include "util.h"
#include "protocols.h"
#include "data.h"
#define MAX_UL_BLOCKS 0x0f
#define MAX_ULC_BLOCKS 0x2f
#define MAX_ULC_BLOCKS 0x2b
#define MAX_ULEV1a_BLOCKS 0x12
#define MAX_ULEV1b_BLOCKS 0x20
#define MAX_NTAG_213 0x2c
@ -191,10 +192,10 @@ static int ulc_authentication( uint8_t *key, bool switch_off_field ){
memcpy(c.d.asBytes, key, 16);
SendCommand(&c);
UsbCommand resp;
if ( !WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) return -1;
if ( resp.arg[0] == 1 ) return 0;
if ( !WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) return 0;
if ( resp.arg[0] == 1 ) return 1;
return -2;
return 0;
}
static int ulev1_requestAuthentication( uint8_t *pwd, uint8_t *pack, uint16_t packLength ){
@ -631,22 +632,20 @@ int CmdHF14AMfUInfo(const char *Cmd){
PrintAndLog("-------------------------------------------------------------");
ul_print_type(tagtype, 6);
if ( hasAuthKey && (tagtype & UL_C)) {
//will select card automatically and close connection on error
if (!ulc_authentication(authenticationkey, false)) {
PrintAndLog("Error: Authentication Failed UL-C");
return 0;
}
} else {
status = ul_select(&card);
if ( status < 1 ){
PrintAndLog("iso14443a card select failed");
ul_switch_off_field();
return status;
}
if (hasAuthKey) {
if ((tagtype & UL_C)) {
//will select card automatically
if (ulc_authentication(authenticationkey, false) != 0) {
ul_switch_off_field();
PrintAndLog("Error: Authentication Failed UL-C");
return 0;
}
} else {
len = ulev1_requestAuthentication(authenticationkey, pack, sizeof(pack));
if (len < 1) {
ul_switch_off_field();
@ -674,6 +673,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
status = ul_read(0x28, ulc_conf, sizeof(ulc_conf));
if ( status == -1 ){
PrintAndLog("Error: tag didn't answer to READ UL-C");
ul_switch_off_field();
return status;
}
ulc_print_configuration(ulc_conf);
@ -690,22 +690,21 @@ int CmdHF14AMfUInfo(const char *Cmd){
ulc_print_3deskey(ulc_deskey);
} else {
ul_switch_off_field();
// if we called info with key, just return
if ( hasAuthKey ) return 1;
PrintAndLog("Trying some default 3des keys");
for (uint8_t i = 0; i < KEYS_3DES_COUNT; ++i ){
key = default_3des_keys[i];
if (ulc_authentication(key, true) == 0){
if (ulc_authentication(key, true)){
PrintAndLog("Found default 3des key: "); //%s", sprint_hex(key,16));
uint8_t keySwap[16];
memcpy(keySwap, SwapEndian64(key,16,8), 16);
ulc_print_3deskey(keySwap);
ul_switch_off_field();
return 1;
}
}
ul_switch_off_field();
return 1; //return even if key not found (UL_C is done)
}
}
@ -763,14 +762,19 @@ int CmdHF14AMfUInfo(const char *Cmd){
// 1-7 = ... should we even try then?
if ( authlim == 0 ){
PrintAndLog("\n--- Known EV1/NTAG passwords.");
for (uint8_t i = 0; i < 3; ++i ){
len = 0;
for (uint8_t i = 0; i < KEYS_PWD_COUNT; ++i ){
key = default_pwd_pack[i];
if ( len > -1 ){
len = ulev1_requestAuthentication(key, pack, sizeof(pack));
if (len == 1) {
if (len >= 1) {
PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]);
break;
} else {
status = ul_select(&card);
if ( status < 1 ){
PrintAndLog("iso14443a card select failed - ev1 auth");
ul_switch_off_field();
return status;
}
}
}
@ -783,6 +787,7 @@ int CmdHF14AMfUInfo(const char *Cmd){
status = ul_read(3, cc, sizeof(cc));
if ( status == -1 ){
PrintAndLog("Error: tag didn't answer to READ ntag");
ul_switch_off_field();
return status;
}
ntag_print_CC(cc);
@ -988,8 +993,10 @@ int CmdHF14AMfUDump(const char *Cmd){
errors = param_gethex(tempStr, 0, key, dataLen);
else if (dataLen == 8) //ev1/ntag
errors = param_gethex(tempStr, 0, key, dataLen);
else
else{
PrintAndLog("\nERROR: Key is incorrect length\n");
errors = true;
}
cmdp += 2;
hasPwd = true;
@ -1042,8 +1049,7 @@ int CmdHF14AMfUDump(const char *Cmd){
ul_print_type(tagtype, 0);
PrintAndLog("Reading tag memory...");
UsbCommand c = {CMD_MIFAREUC_READCARD, {startPage,Pages}};
UsbCommand c = {CMD_MIFAREU_READCARD, {startPage,Pages}};
if ( hasPwd ) {
if (tagtype & UL_C)
c.arg[2] = 1; //UL_C auth
@ -1058,15 +1064,20 @@ int CmdHF14AMfUDump(const char *Cmd){
PrintAndLog("Command execute time-out");
return 1;
}
PrintAndLog ("%u,%u",resp.arg[0],resp.arg[1]);
uint8_t isOK = resp.arg[0] & 0xff;
if (isOK) {
memcpy(data, resp.d.asBytes, resp.arg[1]);
} else {
if (resp.arg[0] != 1) {
PrintAndLog("Failed reading block: (%02x)", i);
return 1;
}
uint32_t bufferSize = resp.arg[1];
if (bufferSize > sizeof(data)) {
PrintAndLog("Data exceeded Buffer size!");
bufferSize = sizeof(data);
}
GetFromBigBuf(data, bufferSize, 0);
WaitForResponse(CMD_ACK,NULL);
Pages = bufferSize/4;
// Load lock bytes.
int j = 0;
@ -1088,10 +1099,13 @@ int CmdHF14AMfUDump(const char *Cmd){
}
}
// add keys
if (hasPwd){ //UL_C
// add keys to block dump
if (hasPwd && (tagtype & UL_C)){ //UL_C
memcpy(data + Pages*4, key, dataLen/2);
Pages += 4;
} else if (hasPwd) { //not sure output is in correct location.
memcpy(data + Pages*4, key, dataLen/2);
Pages += 1;
}
for (i = 0; i < Pages; ++i) {
@ -1186,7 +1200,7 @@ void rol (uint8_t *data, const size_t len){
//
int CmdHF14AMfucAuth(const char *Cmd){
uint8_t keyNo = 0;
uint8_t keyNo = 3;
bool errors = false;
char cmdp = param_getchar(Cmd, 0);
@ -1216,7 +1230,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
}
uint8_t *key = default_3des_keys[keyNo];
if (ulc_authentication(key, true) == 0)
if (ulc_authentication(key, true))
PrintAndLog("Authentication successful. 3des key: %s",sprint_hex(key, 16));
else
PrintAndLog("Authentication failed");

View file

@ -135,9 +135,7 @@ local _commands = {
CMD_MIFARE_SNIFFER = 0x0630,
--//ultralightC
CMD_MIFAREUC_AUTH1 = 0x0724,
CMD_MIFAREUC_AUTH2 = 0x0725,
CMD_MIFAREUC_READCARD = 0x0726,
CMD_MIFAREUC_AUTH = 0x0724,
CMD_MIFAREUC_SETPWD = 0x0727,
CMD_MIFAREU_SETUID = 0x0728,

View file

@ -174,9 +174,8 @@ typedef struct{
#define CMD_MIFARE_SNIFFER 0x0630
//ultralightC
#define CMD_MIFAREUC_AUTH1 0x0724
#define CMD_MIFAREUC_AUTH2 0x0725
#define CMD_MIFAREUC_READCARD 0x0726
#define CMD_MIFAREUC_AUTH 0x0724
//0x0725 and 0x0726 no longer used
#define CMD_MIFAREUC_SETPWD 0x0727