Merge pull request #127 from frederikmoellers/master

ISO 14443 type B support for (German) electronic ID cards
2025-08-13 01:56:59 -07:00 · 2015-07-13 12:22:10 +02:00 · 2015-07-13 12:22:10 +02:00 · a83d091885
commit a83d091885
parent 5ebdce44c0 2c3c08bd2f
6 changed files with 198 additions and 44 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac

 ## [unreleased][unreleased]

+### Changed
+- EPA functions (`hf epa`) now support both ISO 14443-A and 14443-B cards (frederikmoellers)

 ## [2.2.0][2015-07-12]

--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@ -12,10 +12,11 @@
 //-----------------------------------------------------------------------------

 #include "iso14443a.h"
+#include "iso14443b.h"
 #include "epa.h"
 #include "cmd.h"

-// Protocol and Parameter Selection Request
+// Protocol and Parameter Selection Request for ISO 14443 type A cards
 // use regular (1x) speed in both directions
 // CRC is already included
 static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
@ -100,6 +101,28 @@ static struct {
 // lengths of the replay APDUs
 static uint8_t apdu_lengths_replay[5];

+// type of card (ISO 14443 A or B)
+static char iso_type = 0;
+
+//-----------------------------------------------------------------------------
+// Wrapper for sending APDUs to type A and B cards
+//-----------------------------------------------------------------------------
+int EPA_APDU(uint8_t *apdu, size_t length, uint8_t *response)
+{
+	switch(iso_type)
+	{
+		case 'a':
+			return iso14_apdu(apdu, (uint16_t) length, response);
+			break;
+		case 'b':
+			return iso14443b_apdu(apdu, length, response);
+			break;
+		default:
+			return 0;
+			break;
+	}
+}
+
 //-----------------------------------------------------------------------------
 // Closes the communication channel and turns off the field
 //-----------------------------------------------------------------------------
@ -107,6 +130,7 @@ void EPA_Finish()
 {
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
+	iso_type = 0;
 }

 //-----------------------------------------------------------------------------
@ -204,26 +228,26 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
 	int rapdu_length = 0;

 	// select the file EF.CardAccess
-	rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
+	rapdu_length = EPA_APDU((uint8_t *)apdu_select_binary_cardaccess,
 	                          sizeof(apdu_select_binary_cardaccess),
 	                          response_apdu);
-	if (rapdu_length != 6
+	if (rapdu_length < 6
 	    || response_apdu[rapdu_length - 4] != 0x90
 	    || response_apdu[rapdu_length - 3] != 0x00)
 	{
-		Dbprintf("epa - no select cardaccess");
+		DbpString("Failed to select EF.CardAccess!");
 		return -1;
 	}

 	// read the file
-	rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
+	rapdu_length = EPA_APDU((uint8_t *)apdu_read_binary,
 	                          sizeof(apdu_read_binary),
 	                          response_apdu);
 	if (rapdu_length <= 6
 	    || response_apdu[rapdu_length - 4] != 0x90
 	    || response_apdu[rapdu_length - 3] != 0x00)
 	{
-		Dbprintf("epa - no read cardaccess");
+		Dbprintf("Failed to read EF.CardAccess!");
 		return -1;
 	}

@ -338,7 +362,7 @@ int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)

 	// send it
 	uint8_t response_apdu[262];
-	int send_return = iso14_apdu(apdu,
+	int send_return = EPA_APDU(apdu,
 	                             sizeof(apdu),
 	                             response_apdu);
 	// check if the command succeeded
@ -409,7 +433,7 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
 	apdu[4] = apdu_length - 5;
 	// send it
 	uint8_t response_apdu[6];
-	int send_return = iso14_apdu(apdu,
+	int send_return = EPA_APDU(apdu,
 	                             apdu_length,
 	                             response_apdu);
 	// check if the command succeeded
@ -460,16 +484,13 @@ void EPA_PACE_Replay(UsbCommand *c)
 		return;
 	}

-	// increase the timeout (at least some cards really do need this!)/////////////
-	// iso14a_set_timeout(0x0003FFFF);
-
 	// response APDU
 	uint8_t response_apdu[300] = {0};

 	// now replay the data and measure the timings
 	for (int i = 0; i < sizeof(apdu_lengths_replay); i++) {
 		StartCountUS();
-		func_return = iso14_apdu(apdus_replay[i].data,
+		func_return = EPA_APDU(apdus_replay[i].data,
 		                         apdu_lengths_replay[i],
 		                         response_apdu);
 		timings[i] = GetCountUS();
@ -501,18 +522,33 @@ int EPA_Setup()
 	uint8_t pps_response_par[1];
 	iso14a_card_select_t card_select_info;

+	// first, look for type A cards
 	// power up the field
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
 	// select the card
 	return_code = iso14443a_select_card(uid, &card_select_info, NULL);
-	if (return_code != 1) {
-		return 1;
-	}
+	if (return_code == 1) {
 		// send the PPS request
 		ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
 		return_code = ReaderReceive(pps_response, pps_response_par);
 		if (return_code != 3 || pps_response[0] != 0xD0) {
 			return return_code == 0 ? 2 : return_code;
 		}
+		Dbprintf("ISO 14443 Type A");
+		iso_type = 'a';
 		return 0;
+	}
+
+	// if we're here, there is no type A card, so we look for type B
+	// power up the field
+	iso14443b_setup();
+	// select the card
+	return_code = iso14443b_select_card();
+	if (return_code == 1) {
+		Dbprintf("ISO 14443 Type B");
+		iso_type = 'b';
+		return 0;
+	}
+	Dbprintf("No card found.");
+	return 1;
 }
--- a/armsrc/epa.h
+++ b/armsrc/epa.h
@ -19,7 +19,7 @@ typedef struct {
 	uint8_t parameter_id;
 } pace_version_info_t;

-// note: EPA_PACE_Collect_Nonce is declared in apps.h
+// note: EPA_PACE_Collect_Nonce and EPA_PACE_Replay are declared in apps.h

 // general functions
 void EPA_Finish();
--- a/armsrc/iso14443b.c
+++ b/armsrc/iso14443b.c
@ -19,6 +19,9 @@
 #define RECEIVE_SAMPLES_TIMEOUT 2000
 #define ISO14443B_DMA_BUFFER_SIZE 256

+// PCB Block number for APDUs
+static uint8_t pcb_blocknum = 0;
+
 //=============================================================================
 // An ISO 14443 Type B tag. We listen for commands from the reader, using
 // a UART kind of thing that's implemented in software. When we get a
@ -896,6 +899,98 @@ static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len)
 	}
 }

+/* Sends an APDU to the tag
+ * TODO: check CRC and preamble
+ */
+int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response)
+{
+	uint8_t message_frame[message_length + 4];
+	// PCB
+	message_frame[0] = 0x0A | pcb_blocknum;
+	pcb_blocknum ^= 1;
+	// CID
+	message_frame[1] = 0;
+	// INF
+	memcpy(message_frame + 2, message, message_length);
+	// EDC (CRC)
+	ComputeCrc14443(CRC_14443_B, message_frame, message_length + 2, &message_frame[message_length + 2], &message_frame[message_length + 3]);
+	// send
+	CodeAndTransmit14443bAsReader(message_frame, message_length + 4);
+	// get response
+	GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT*100, TRUE);
+	if(Demod.len < 3)
+	{
+		return 0;
+	}
+	// TODO: Check CRC
+	// copy response contents
+	if(response != NULL)
+	{
+		memcpy(response, Demod.output, Demod.len);
+	}
+	return Demod.len;
+}
+
+/* Perform the ISO 14443 B Card Selection procedure
+ * Currently does NOT do any collision handling.
+ * It expects 0-1 cards in the device's range.
+ * TODO: Support multiple cards (perform anticollision)
+ * TODO: Verify CRC checksums
+ */
+int iso14443b_select_card()
+{
+	// WUPB command (including CRC)
+	// Note: WUPB wakes up all tags, REQB doesn't wake up tags in HALT state
+	static const uint8_t wupb[] = { 0x05, 0x00, 0x08, 0x39, 0x73 };
+	// ATTRIB command (with space for CRC)
+	uint8_t attrib[] = { 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00};
+
+	// first, wake up the tag
+	CodeAndTransmit14443bAsReader(wupb, sizeof(wupb));
+	GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, TRUE);
+	// ATQB too short?
+	if (Demod.len < 14)
+	{
+		return 2;
+	}
+
+    // select the tag
+    // copy the PUPI to ATTRIB
+    memcpy(attrib + 1, Demod.output + 1, 4);
+    /* copy the protocol info from ATQB (Protocol Info -> Protocol_Type) into
+    ATTRIB (Param 3) */
+    attrib[7] = Demod.output[10] & 0x0F;
+    ComputeCrc14443(CRC_14443_B, attrib, 9, attrib + 9, attrib + 10);
+    CodeAndTransmit14443bAsReader(attrib, sizeof(attrib));
+    GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, TRUE);
+    // Answer to ATTRIB too short?
+    if(Demod.len < 3)
+	{
+		return 2;
+	}
+	// reset PCB block number
+	pcb_blocknum = 0;
+	return 1;
+}
+
+// Set up ISO 14443 Type B communication (similar to iso14443a_setup)
+void iso14443b_setup() {
+	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+	// Set up the synchronous serial port
+	FpgaSetupSsc();
+	// connect Demodulated Signal to ADC:
+	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
+	// Signal field is on with the appropriate LED
+    LED_D_ON();
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD);
+
+	// Start the timer
+	StartCountSspClk();
+
+	DemodReset();
+	UartReset();
+}

 //-----------------------------------------------------------------------------
 // Read a SRI512 ISO 14443B tag.
--- a/armsrc/iso14443b.h
+++ b/armsrc/iso14443b.h
@ -0,0 +1,21 @@
+//-----------------------------------------------------------------------------
+// Merlok - June 2011
+// Gerhard de Koning Gans - May 2008
+// Hagen Fritsch - June 2010
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Routines to support ISO 14443 type A.
+//-----------------------------------------------------------------------------
+
+#ifndef __ISO14443B_H
+#define __ISO14443B_H
+#include "common.h"
+
+int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);
+void iso14443b_setup();
+int iso14443b_select_card();
+
+#endif /* __ISO14443B_H */