github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-12 08:16:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source 
Conflicts:
	client/cmdlf.c
This commit is contained in:
marshmellow42 2015-01-13 16:02:23 -05:00
commit ae6ead3dc8
54 changed files with 8139 additions and 2647 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/appmain.c
View file

@ -802,7 +802,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
MifareUReadBlock(c->arg[0],c->d.asBytes);
break;
case CMD_MIFAREU_READCARD:
MifareUReadCard(c->arg[0],c->d.asBytes);
MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
break;
case CMD_MIFARE_READSC:
MifareReadSector(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);

2
armsrc/apps.h
View file

@ -177,7 +177,7 @@ void ReaderMifare(bool first_try);
int32_t dist_nt(uint32_t nt1, uint32_t nt2);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
void MifareUReadBlock(uint8_t arg0,uint8_t *datain);
void MifareUReadCard(uint8_t arg0,uint8_t *datain);
void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain);
void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareUWriteBlock(uint8_t arg0,uint8_t *datain);

4
armsrc/hitag2.c
View file

@ -744,7 +744,7 @@ void SnoopHitag(uint32_t type) {
// Set up eavesdropping mode, frequency divisor which will drive the FPGA
// and analog mux selection.
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
RELAY_OFF();
@ -968,7 +968,7 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
// Set up simulator mode, frequency divisor which will drive the FPGA
// and analog mux selection.
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
RELAY_OFF();

2
armsrc/iso14443a.c
View file

@ -1812,7 +1812,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
if (!ReaderReceive(resp, resp_par)) return 0;
sak = resp[0];
// Test if more parts of the uid are comming
// Test if more parts of the uid are coming
if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
// http://www.nxp.com/documents/application_note/AN10927.pdf

2638
armsrc/lfops.c
View file

File diff suppressed because it is too large Load diff

174
armsrc/mifarecmd.c
View file

@ -15,6 +15,7 @@
#include "mifarecmd.h"
#include "apps.h"
#include "util.h"
//-----------------------------------------------------------------------------
// Select, Authenticate, Read a MIFARE tag.
@ -86,48 +87,40 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
{
// params
uint8_t blockNo = arg0;
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
uint8_t uid[10];
byte_t dataout[16] = {0x00};
uint8_t uid[10] = {0x00};
uint32_t cuid;
// clear trace
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
while (true) {
if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
break;
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
int len = iso14443a_select_card(uid, NULL, &cuid);
if(!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
//OnError(1);
return;
};
if(mifare_ultra_readblock(cuid, blockNo, dataoutbuf)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Read block error");
break;
len = mifare_ultra_readblock(cuid, blockNo, dataout);
if(len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
//OnError(2);
return;
};
if(mifare_ultra_halt(cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
break;
len = mifare_ultra_halt(cuid);
if(len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
//OnError(3);
return;
};
isOK = 1;
break;
}
if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
LED_B_OFF();
cmd_send(CMD_ACK,1,0,0,dataout,16);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
@ -200,58 +193,70 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LEDsoff();
}
void MifareUReadCard(uint8_t arg0, uint8_t *datain)
void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
{
// params
uint8_t sectorNo = arg0;
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16 * 4];
uint8_t uid[10];
uint32_t cuid;
int Pages = arg1;
int count_Pages = 0;
byte_t dataout[176] = {0x00};;
uint8_t uid[10] = {0x00};
uint32_t cuid;
// clear trace
iso14a_clear_trace();
// iso14a_set_tracing(false);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
if (MF_DBGLEVEL >= MF_DBG_ALL)
Dbprintf("Pages %d",Pages);
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
int len = iso14443a_select_card(uid, NULL, &cuid);
if (!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Can't select card");
//OnError(1);
return;
}
for (int i = 0; i < Pages; i++){
len = mifare_ultra_readblock(cuid, sectorNo * 4 + i, dataout + 4 * i);
if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Read block %d error",i);
//OnError(2);
return;
} else {
count_Pages++;
}
}
len = mifare_ultra_halt(cuid);
if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Halt error");
//OnError(3);
return;
}
if (MF_DBGLEVEL >= MF_DBG_ALL) {
Dbprintf("Pages read %d", count_Pages);
}
while (true) {
if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
break;
};
for(int sec=0;sec<16;sec++){
if(mifare_ultra_readblock(cuid, sectorNo * 4 + sec, dataoutbuf + 4 * sec)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Read block %d error",sec);
break;
};
}
if(mifare_ultra_halt(cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
break;
};
isOK = 1;
break;
}
if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64);
LED_B_OFF();
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
len = 16*4; //64 bytes
// Read a UL-C
if (Pages == 44 && count_Pages > 16)
len = 176;
cmd_send(CMD_ACK, 1, 0, 0, dataout, len);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
@ -331,19 +336,16 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
{
// params
uint8_t blockNo = arg0;
byte_t blockdata[16];
byte_t blockdata[16] = {0x00};
memset(blockdata,'\0',16);
memcpy(blockdata, datain,16);
// variables
byte_t isOK = 0;
uint8_t uid[10];
uint8_t uid[10] = {0x00};
uint32_t cuid;
// clear trace
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
@ -372,33 +374,25 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,0,0);
LED_B_OFF();
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
// iso14a_set_tracing(TRUE);
}
void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
{
// params
uint8_t blockNo = arg0;
byte_t blockdata[4];
byte_t blockdata[4] = {0x00};
memcpy(blockdata, datain,4);
// variables
byte_t isOK = 0;
uint8_t uid[10];
uint8_t uid[10] = {0x00};
uint32_t cuid;
// clear trace
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
@ -427,11 +421,7 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,0,0);
LED_B_OFF();
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}

39
armsrc/mifareutil.c
View file

@ -149,7 +149,7 @@ int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cm
return len;
}
// mifare commands
// mifare classic commands
int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested)
{
return mifare_classic_authex(pcs, uid, blockNo, keyType, ui64Key, isNested, NULL, NULL);
@ -280,10 +280,8 @@ int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blo
int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
// variables
uint16_t len;
uint8_t bt[2];
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@ -291,18 +289,21 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len != 18) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: card timeout. len: %x", len);
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd Error: card timeout. len: %x", len);
return 2;
}
memcpy(bt, receivedAnswer + 16, 2);
AppendCrc14443a(receivedAnswer, 16);
if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd CRC response error.");
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd CRC response error.");
return 3;
}
@ -360,10 +361,9 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl
int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
// variables
uint16_t len;
uint8_t par[3] = {0}; // enough for 18 parity bits
uint8_t d_block[18];
uint8_t d_block[18] = {0x00};
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@ -371,45 +371,43 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);
return 1;
}
memset(d_block,'\0',18);
memcpy(d_block, blockData, 16);
AppendCrc14443a(d_block, 16);
ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);
// Receive the response
len = ReaderReceive(receivedAnswer, receivedAnswerPar);
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
return 2;
}
return 0;
}
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
uint16_t len;
uint8_t d_block[8];
uint8_t d_block[8] = {0x00};
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
// command MIFARE_CLASSIC_WRITEBLOCK
memset(d_block,'\0',8);
d_block[0]= blockNo;
memcpy(d_block+1,blockData,4);
AppendCrc14443a(d_block, 6);
//i know the data send here is correct
len = mifare_sendcmd_short_special(NULL, 1, 0xA2, d_block, receivedAnswer, receivedAnswerPar, NULL);
if (receivedAnswer[0] != 0x0A) { // 0x0a - ACK
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
return 1;
}
return 0;
@ -423,7 +421,8 @@ int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
if (len != 0) {
if (MF_DBGLEVEL >= 1) Dbprintf("halt error. response len: %x", len);
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("halt error. response len: %x", len);
return 1;
}
@ -438,10 +437,10 @@ int mifare_ultra_halt(uint32_t uid)
len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
if (len != 0) {
if (MF_DBGLEVEL >= 1) Dbprintf("halt error. response len: %x", len);
if (MF_DBGLEVEL >= MF_DBG_ERROR)
Dbprintf("halt error. response len: %x", len);
return 1;
}
return 0;
}

5
armsrc/string.c
View file

@ -48,6 +48,11 @@ int memcmp(const void *av, const void *bv, int len)
return 0;
}
void memxor(uint8_t * dest, uint8_t * src, size_t len) {
for( ; len > 0; len--,dest++,src++)
*dest ^= *src;
}
int strlen(const char *str)
{
int l = 0;

1
armsrc/string.h
View file

@ -19,6 +19,7 @@ int strlen(const char *str);
RAMFUNC void *memcpy(void *dest, const void *src, int len);
void *memset(void *dest, int c, int len);
RAMFUNC int memcmp(const void *av, const void *bv, int len);
void memxor(uint8_t * dest, uint8_t * src, size_t len);
char *strncat(char *dest, const char *src, unsigned int n);
char *strcat(char *dest, const char *src);
void strreverse(char s[]);

40
armsrc/util.c
View file

@ -13,6 +13,26 @@
#include "string.h"
#include "apps.h"
void print_result(char *name, uint8_t *buf, size_t len) {
uint8_t *p = buf;
if ( len % 16 == 0 ) {
for(; p-buf < len; p += 16)
Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
name,
p-buf,
len,
p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7],p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]
);
}
else {
for(; p-buf < len; p += 8)
Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
}
}
size_t nbytes(size_t nbits) {
return (nbits/8)+((nbits%8)>0);
}
@ -45,6 +65,26 @@ uint64_t bytes_to_num(uint8_t* src, size_t len)
return num;
}
// RotateLeft - Ultralight, Desfire
void rol(uint8_t *data, const size_t len){
uint8_t first = data[0];
for (size_t i = 0; i < len-1; i++) {
data[i] = data[i+1];
}
data[len-1] = first;
}
void lsl (uint8_t *data, size_t len) {
for (size_t n = 0; n < len - 1; n++) {
data[n] = (data[n] << 1) | (data[n+1] >> 7);
}
data[len - 1] <<= 1;
}
int32_t le24toh (uint8_t data[3])
{
return (data[2] << 16) | (data[1] << 8) | data[0];
}
void LEDsoff()
{
LED_A_OFF();

4
armsrc/util.h
View file

@ -27,10 +27,14 @@
#define BUTTON_DOUBLE_CLICK -2
#define BUTTON_ERROR -99
void print_result(char *name, uint8_t *buf, size_t len);
size_t nbytes(size_t nbits);
uint32_t SwapBits(uint32_t value, int nrbits);
void num_to_bytes(uint64_t n, size_t len, uint8_t* dest);
uint64_t bytes_to_num(uint8_t* src, size_t len);
void rol(uint8_t *data, const size_t len);
void lsl (uint8_t *data, size_t len);
int32_t le24toh (uint8_t data[3]);
void SpinDelay(int ms);
void SpinDelayUs(int us);

19
bootrom/bootrom.c
View file

@ -103,13 +103,11 @@ void UsbPacketReceived(uint8_t *packet, int len) {
switch(c->cmd) {
case CMD_DEVICE_INFO: {
dont_ack = 1;
// c->cmd = CMD_DEVICE_INFO;
arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM |
DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH;
if(common_area.flags.osimage_present) {
arg0 |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT;
}
// UsbSendPacket(packet, len);
cmd_send(CMD_DEVICE_INFO,arg0,1,2,0,0);
} break;
@ -125,10 +123,8 @@ void UsbPacketReceived(uint8_t *packet, int len) {
case CMD_FINISH_WRITE: {
uint32_t* flash_mem = (uint32_t*)(&_flash_start);
// p = (volatile uint32_t *)&_flash_start;
for (size_t j=0; j<2; j++) {
for(i = 0+(64*j); i < 64+(64*j); i++) {
//p[i+60] = c->d.asDwords[i];
flash_mem[i] = c->d.asDwords[i];
}
@ -138,8 +134,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
if( ((flash_address+AT91C_IFLASH_PAGE_SIZE-1) >= end_addr) || (flash_address < start_addr) ) {
/* Disallow write */
dont_ack = 1;
// c->cmd = CMD_NACK;
// UsbSendPacket(packet, len);
cmd_send(CMD_NACK,0,0,0,0,0);
} else {
uint32_t page_n = (flash_address - ((uint32_t)flash_mem)) / AT91C_IFLASH_PAGE_SIZE;
@ -147,7 +141,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
AT91C_BASE_EFC0->EFC_FCR = MC_FLASH_COMMAND_KEY |
MC_FLASH_COMMAND_PAGEN(page_n) |
AT91C_MC_FCMD_START_PROG;
// arg0 = (address - ((uint32_t)flash_s));
}
// Wait until flashing of page finishes
@ -155,15 +148,12 @@ void UsbPacketReceived(uint8_t *packet, int len) {
while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & AT91C_MC_FRDY));
if(sr & (AT91C_MC_LOCKE | AT91C_MC_PROGE)) {
dont_ack = 1;
// c->cmd = CMD_NACK;
cmd_send(CMD_NACK,0,0,0,0,0);
// UsbSendPacket(packet, len);
}
}
} break;
case CMD_HARDWARE_RESET: {
// USB_D_PLUS_PULLUP_OFF();
usb_disable();
AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;
} break;
@ -189,8 +179,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
} else {
start_addr = end_addr = 0;
dont_ack = 1;
// c->cmd = CMD_NACK;
// UsbSendPacket(packet, len);
cmd_send(CMD_NACK,0,0,0,0,0);
}
}
@ -202,8 +190,6 @@ void UsbPacketReceived(uint8_t *packet, int len) {
}
if(!dont_ack) {
// c->cmd = CMD_ACK;
// UsbSendPacket(packet, len);
cmd_send(CMD_ACK,arg0,0,0,0,0);
}
}
@ -219,23 +205,18 @@ static void flash_mode(int externally_entered)
usb_enable();
for (volatile size_t i=0; i<0x100000; i++);
// UsbStart();
for(;;) {
WDT_HIT();
if (usb_poll()) {
rx_len = usb_read(rx,sizeof(UsbCommand));
if (rx_len) {
// DbpString("starting to flash");
UsbPacketReceived(rx,rx_len);
}
}
// UsbPoll(TRUE);
if(!externally_entered && !BUTTON_PRESS()) {
/* Perform a reset to leave flash mode */
// USB_D_PLUS_PULLUP_OFF();
usb_disable();
LED_B_ON();
AT91C_BASE_RSTC->RSTC_RCR = RST_CONTROL_KEY | AT91C_RSTC_PROCRST;

5
client/Makefile
View file

@ -13,9 +13,9 @@ CXX=g++
VPATH = ../common
OBJDIR = obj
LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm -lcrypto
LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm
LDFLAGS = $(COMMON_FLAGS)
CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
LUAPLATFORM = generic
ifneq (,$(findstring MINGW,$(platform)))
@ -94,6 +94,7 @@ CMDSRCS = nonce2key/crapto1.c\
scripting.c\
cmdscript.c\
pm3_bitlib.c\
aes.c\
COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o)

1454
client/aes.c Normal file
View file

File diff suppressed because it is too large Load diff

257
client/aes.h Normal file
View file

@ -0,0 +1,257 @@
/**
* \file aes.h
*
* \brief AES block cipher
*
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_AES_H
#define POLARSSL_AES_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl_config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
typedef UINT32 uint32_t;
#else
#include <inttypes.h>
#endif
/* padlock.c and aesni.c rely on these values! */
#define AES_ENCRYPT 1
#define AES_DECRYPT 0
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
#if !defined(POLARSSL_AES_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief AES context structure
*
* \note buf is able to hold 32 extra bytes, which can be used:
* - for alignment purposes if VIA padlock is used, and/or
* - to simplify key expansion in the 256-bit case by
* generating an extra round key
*/
typedef struct
{
int nr; /*!< number of rounds */
uint32_t *rk; /*!< AES round keys */
uint32_t buf[68]; /*!< unaligned data */
}
aes_context;
/**
* \brief Initialize AES context
*
* \param ctx AES context to be initialized
*/
void aes_init( aes_context *ctx );
/**
* \brief Clear AES context
*
* \param ctx AES context to be cleared
*/
void aes_free( aes_context *ctx );
/**
* \brief AES key schedule (encryption)
*
* \param ctx AES context to be initialized
* \param key encryption key
* \param keysize must be 128, 192 or 256
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/
int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
unsigned int keysize );
/**
* \brief AES key schedule (decryption)
*
* \param ctx AES context to be initialized
* \param key decryption key
* \param keysize must be 128, 192 or 256
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/
int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
unsigned int keysize );
/**
* \brief AES-ECB block encryption/decryption
*
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param input 16-byte input block
* \param output 16-byte output block
*
* \return 0 if successful
*/
int aes_crypt_ecb( aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16] );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/**
* \brief AES-CBC buffer encryption/decryption
* Length should be a multiple of the block
* size (16 bytes)
*
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
*/
int aes_crypt_cbc( aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/**
* \brief AES-CFB128 buffer encryption/decryption.
*
* Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
* \param iv_off offset in IV (updated after use)
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful
*/
int aes_crypt_cfb128( aes_context *ctx,
int mode,
size_t length,
size_t *iv_off,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
/**
* \brief AES-CFB8 buffer encryption/decryption.
*
* Note: Due to the nature of CFB you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful
*/
int aes_crypt_cfb8( aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /*POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
/**
* \brief AES-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
*
* Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
* \param ctx AES context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
* should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten
* by the function.
* \param input The input data stream
* \param output The output data stream
*
* \return 0 if successful
*/
int aes_crypt_ctr( aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CTR */
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_AES_ALT */
#include "aes_alt.h"
#endif /* POLARSSL_AES_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int aes_self_test( int verbose );
#ifdef __cplusplus
}
#endif
#endif /* aes.h */

1847
client/cmddata.c
View file

File diff suppressed because it is too large Load diff

10
client/cmdhf.c
View file

@ -342,8 +342,7 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
// Rough guess that this is a command from the reader
// For iClass the command byte is not part of the CRC
ComputeCrc14443(CRC_ICLASS, &frame[1], data_len-3, &b1, &b2);
}
else {
} else {
// For other data.. CRC might not be applicable (UPDATE commands etc.)
ComputeCrc14443(CRC_ICLASS, frame, data_len-2, &b1, &b2);
}
@ -363,7 +362,6 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
}
}
}
}
char *crc = crcError ? "!crc" :" ";
@ -371,8 +369,10 @@ uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool sho
if(!isResponse)
{
if(iclass) annotateIclass(explanation,sizeof(explanation),frame,data_len);
else annotateIso14443a(explanation,sizeof(explanation),frame,data_len);
if(iclass)
annotateIclass(explanation,sizeof(explanation),frame,data_len);
else
annotateIso14443a(explanation,sizeof(explanation),frame,data_len);
}
int num_lines = (data_len - 1)/16 + 1;

166
client/cmdhf14a.c
View file

@ -27,6 +27,102 @@
static int CmdHelp(const char *Cmd);
static void waitCmd(uint8_t iLen);
// structure and database for uid -> tagtype lookups
typedef struct {
uint8_t uid;
char* desc;
} manufactureName;
const manufactureName manufactureMapping[] = {
// ID, "Vendor Country"
{ 0x01, "Motorola UK" },
{ 0x02, "ST Microelectronics SA France" },
{ 0x03, "Hitachi, Ltd Japan" },
{ 0x04, "NXP Semiconductors Germany" },
{ 0x05, "Infineon Technologies AG Germany" },
{ 0x06, "Cylink USA" },
{ 0x07, "Texas Instrument France" },
{ 0x08, "Fujitsu Limited Japan" },
{ 0x09, "Matsushita Electronics Corporation, Semiconductor Company Japan" },
{ 0x0A, "NEC Japan" },
{ 0x0B, "Oki Electric Industry Co. Ltd Japan" },
{ 0x0C, "Toshiba Corp. Japan" },
{ 0x0D, "Mitsubishi Electric Corp. Japan" },
{ 0x0E, "Samsung Electronics Co. Ltd Korea" },
{ 0x0F, "Hynix / Hyundai, Korea" },
{ 0x10, "LG-Semiconductors Co. Ltd Korea" },
{ 0x11, "Emosyn-EM Microelectronics USA" },
{ 0x12, "INSIDE Technology France" },
{ 0x13, "ORGA Kartensysteme GmbH Germany" },
{ 0x14, "SHARP Corporation Japan" },
{ 0x15, "ATMEL France" },
{ 0x16, "EM Microelectronic-Marin SA Switzerland" },
{ 0x17, "KSW Microtec GmbH Germany" },
{ 0x18, "ZMD AG Germany" },
{ 0x19, "XICOR, Inc. USA" },
{ 0x1A, "Sony Corporation Japan Identifier Company Country" },
{ 0x1B, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" },
{ 0x1C, "Emosyn USA" },
{ 0x1D, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" },
{ 0x1E, "Magellan Technology Pty Limited Australia" },
{ 0x1F, "Melexis NV BO Switzerland" },
{ 0x20, "Renesas Technology Corp. Japan" },
{ 0x21, "TAGSYS France" },
{ 0x22, "Transcore USA" },
{ 0x23, "Shanghai belling corp., ltd. China" },
{ 0x24, "Masktech Germany Gmbh Germany" },
{ 0x25, "Innovision Research and Technology Plc UK" },
{ 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" },
{ 0x27, "Cypak AB Sweden" },
{ 0x28, "Ricoh Japan" },
{ 0x29, "ASK France" },
{ 0x2A, "Unicore Microsystems, LLC Russian Federation" },
{ 0x2B, "Dallas Semiconductor/Maxim USA" },
{ 0x2C, "Impinj, Inc. USA" },
{ 0x2D, "RightPlug Alliance USA" },
{ 0x2E, "Broadcom Corporation USA" },
{ 0x2F, "MStar Semiconductor, Inc Taiwan, ROC" },
{ 0x30, "BeeDar Technology Inc. USA" },
{ 0x31, "RFIDsec Denmark" },
{ 0x32, "Schweizer Electronic AG Germany" },
{ 0x33, "AMIC Technology Corp Taiwan" },
{ 0x34, "Mikron JSC Russia" },
{ 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" },
{ 0x36, "IDS Microchip AG Switzerland" },
{ 0x37, "Kovio USA" },
{ 0x38, "HMT Microelectronic Ltd Switzerland Identifier Company Country" },
{ 0x39, "Silicon Craft Technology Thailand" },
{ 0x3A, "Advanced Film Device Inc. Japan" },
{ 0x3B, "Nitecrest Ltd UK" },
{ 0x3C, "Verayo Inc. USA" },
{ 0x3D, "HID Global USA" },
{ 0x3E, "Productivity Engineering Gmbh Germany" },
{ 0x3F, "Austriamicrosystems AG (reserved) Austria" },
{ 0x40, "Gemalto SA France" },
{ 0x41, "Renesas Electronics Corporation Japan" },
{ 0x42, "3Alogics Inc Korea" },
{ 0x43, "Top TroniQ Asia Limited Hong Kong" },
{ 0x44, "Gentag Inc (USA) USA" },
{ 0x00, "no tag-info available" } // must be the last entry
};
// get a product description based on the UID
// uid[8] tag uid
// returns description of the best match
char* getTagInfo(uint8_t uid) {
int i;
int len = sizeof(manufactureMapping) / sizeof(manufactureName);
for ( i = 0; i < len; ++i )
if ( uid == manufactureMapping[i].uid)
return manufactureMapping[i].desc;
//No match, return default
return manufactureMapping[len-1].desc;
}
int CmdHF14AList(const char *Cmd)
{
PrintAndLog("Deprecated command, use 'hf list 14a' instead");
@ -65,6 +161,12 @@ int CmdHF14AReader(const char *Cmd)
PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
// Double & triple sized UID, can be mapped to a manufacturer.
// HACK: does this apply for Ultralight cards?
if ( card.uidlen > 4 ) {
PrintAndLog("MANUFACTURER : %s", getTagInfo(card.uid[0]));
}
switch (card.sak) {
case 0x00: PrintAndLog("TYPE : NXP MIFARE Ultralight | Ultralight C"); break;
case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break;
@ -83,7 +185,6 @@ int CmdHF14AReader(const char *Cmd)
default: ;
}
// try to request ATS even if tag claims not to support it
if (select_status == 2) {
uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
@ -98,13 +199,6 @@ int CmdHF14AReader(const char *Cmd)
card.ats_len = resp.arg[0]; // note: ats_len includes CRC Bytes
}
// disconnect
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
bool ta1 = 0, tb1 = 0, tc1 = 0;
int pos;
@ -243,6 +337,24 @@ int CmdHF14AReader(const char *Cmd)
PrintAndLog("proprietary non iso14443-4 card found, RATS not supported");
}
// try to see if card responses to "chinese magic backdoor" commands.
c.cmd = CMD_MIFARE_CIDENT;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
uint8_t isOK = resp.arg[0] & 0xff;
PrintAndLog(" Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") );
// disconnect
c.cmd = CMD_READER_ISO_14443a;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
return select_status;
}
@ -397,19 +509,22 @@ int CmdHF14ACmdRaw(const char *cmd) {
uint8_t active=0;
uint8_t active_select=0;
uint16_t numbits=0;
uint16_t timeout=0;
uint8_t bTimeout=0;
char buf[5]="";
int i=0;
uint8_t data[100];
uint8_t data[USB_CMD_DATA_SIZE];
unsigned int datalen=0, temp;
if (strlen(cmd)<2) {
PrintAndLog("Usage: hf 14a raw [-r] [-c] [-p] [-f] [-b] <number of bits> <0A 0B 0C ... hex>");
PrintAndLog("Usage: hf 14a raw [-r] [-c] [-p] [-f] [-b] [-t] <number of bits> <0A 0B 0C ... hex>");
PrintAndLog(" -r do not read response");
PrintAndLog(" -c calculate and append CRC");
PrintAndLog(" -p leave the signal field ON after receive");
PrintAndLog(" -a active signal field ON without select");
PrintAndLog(" -s active signal field ON with select");
PrintAndLog(" -b number of bits to send. Useful for send partial byte");
PrintAndLog(" -t timeout");
return 0;
}
@ -442,6 +557,14 @@ int CmdHF14ACmdRaw(const char *cmd) {
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i-=2;
break;
case 't':
bTimeout=1;
sscanf(cmd+i+2,"%d",&temp);
timeout = temp & 0xFFFF;
i+=3;
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i+=2;
break;
default:
PrintAndLog("Invalid option");
return 0;
@ -459,15 +582,19 @@ int CmdHF14ACmdRaw(const char *cmd) {
if (strlen(buf)>=2) {
sscanf(buf,"%x",&temp);
data[datalen]=(uint8_t)(temp & 0xff);
datalen++;
*buf=0;
if (++datalen>sizeof(data)){
if (crc)
PrintAndLog("Buffer is full, we can't add CRC to your data");
break;
}
}
continue;
}
PrintAndLog("Invalid char on input");
return 0;
}
if(crc && datalen>0)
if(crc && datalen>0 && datalen<sizeof(data)-2)
{
uint8_t first, second;
ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
@ -481,13 +608,22 @@ int CmdHF14ACmdRaw(const char *cmd) {
if(active)
c.arg[0] |= ISO14A_NO_SELECT;
}
if(bTimeout){
#define MAX_TIMEOUT 624*105 // max timeout is 624 ms
c.arg[0] |= ISO14A_SET_TIMEOUT;
c.arg[2] = timeout * 105; // each bit is about 9.4 us
if(c.arg[2]>MAX_TIMEOUT) {
c.arg[2] = MAX_TIMEOUT;
PrintAndLog("Set timeout to 624 ms. The max we can wait for response");
}
}
if(power)
c.arg[0] |= ISO14A_NO_DISCONNECT;
if(datalen>0)
c.arg[0] |= ISO14A_RAW;
c.arg[1] = datalen;
c.arg[2] = numbits;
// Max buffer is USB_CMD_DATA_SIZE
c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen);
SendCommand(&c);
@ -507,7 +643,7 @@ static void waitCmd(uint8_t iSelect)
UsbCommand resp;
char *hexout;
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
recv = resp.d.asBytes;
uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
PrintAndLog("received %i octets",iLen);

1
client/cmdhf14a.h
View file

@ -20,4 +20,5 @@ int CmdHF14AReader(const char *Cmd);
int CmdHF14ASim(const char *Cmd);
int CmdHF14ASnoop(const char *Cmd);
char* getTagInfo(uint8_t uid);
#endif

38
client/cmdhf14b.c
View file

@ -23,7 +23,6 @@
#include "cmdhf14b.h"
#include "cmdmain.h"
static int CmdHelp(const char *Cmd);
int CmdHF14BDemod(const char *Cmd)
@ -146,7 +145,7 @@ demodError:
int CmdHF14BList(const char *Cmd)
{
uint8_t got[960];
uint8_t got[TRACE_BUFFER_SIZE];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
@ -158,9 +157,8 @@ int CmdHF14BList(const char *Cmd)
int prev = -1;
for(;;) {
if(i >= 900) {
break;
}
if(i >= TRACE_BUFFER_SIZE) { break; }
bool isResponse;
int timestamp = *((uint32_t *)(got+i));
@ -177,7 +175,7 @@ int CmdHF14BList(const char *Cmd)
if(len > 100) {
break;
}
if(i + len >= 900) {
if(i + len >= TRACE_BUFFER_SIZE) {
break;
}
@ -406,20 +404,27 @@ int CmdHF14BWrite( const char *Cmd){
bool isSrix4k = true;
char str[20];
if (cmdp == 'h' || cmdp == 'H') {
if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
PrintAndLog("");
PrintAndLog(" sample: hf 14b write 1 127 11223344");
PrintAndLog(" sample: hf 14b write 1 255 11223344");
PrintAndLog(" sample: hf 14b write 2 15 11223344");
PrintAndLog(" sample: hf 14b write 2 255 11223344");
PrintAndLog(" [1 = SRIX4K]");
PrintAndLog(" [2 = SRI512]");
PrintAndLog(" [BLOCK number depends on tag, special block == FF]");
PrintAndLog(" sample: hf 14b write 1 7F 11223344");
PrintAndLog(" : hf 14b write 1 FF 11223344");
PrintAndLog(" : hf 14b write 2 15 11223344");
PrintAndLog(" : hf 14b write 2 FF 11223344");
return 0;
}
if ( param_getchar(Cmd, 0) == '2' )
if ( cmdp == '2' )
isSrix4k = false;
blockno = param_get8(Cmd, 1);
//blockno = param_get8(Cmd, 1);
if ( param_gethex(Cmd,1, &blockno, 2) ) {
PrintAndLog("Block number must include 2 HEX symbols");
return 0;
}
if ( isSrix4k ){
if ( blockno > 0x7f && blockno != 0xff ){
@ -439,11 +444,12 @@ int CmdHF14BWrite( const char *Cmd){
}
if ( blockno == 0xff)
PrintAndLog("Writing to special block %02X [ %s]", blockno, sprint_hex(data,4) );
PrintAndLog("[%s] Write special block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512" , blockno, sprint_hex(data,4) );
else
PrintAndLog("Writing to block %02X [ %s]", blockno, sprint_hex(data,4) );
PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data,4) );
sprintf(str, "-c -p 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
CmdHF14BCmdRaw(str);
return 0;
}

133
client/cmdhf15.c
View file

@ -55,38 +55,135 @@ typedef struct {
const productName uidmapping[] = {
// UID, #significant Bits, "Vendor(+Product)"
{ 0xE001000000000000LL, 16, "Motorola" },
{ 0xE002000000000000LL, 16, "ST Microelectronics" },
{ 0xE003000000000000LL, 16, "Hitachi" },
{ 0xE004000000000000LL, 16, "NXP(Philips)" },
{ 0xE001000000000000LL, 16, "Motorola UK" },
// E0 02 xx
// 02 = ST Microelectronics
// XX = IC id (Chip ID Family)
{ 0xE002000000000000LL, 16, "ST Microelectronics SA France" },
{ 0xE002050000000000LL, 24, "ST Microelectronics; LRI64 [IC id = 05]"},
{ 0xE002080000000000LL, 24, "ST Microelectronics; LRI2K [IC id = 08]"},
{ 0xE0020A0000000000LL, 24, "ST Microelectronics; LRIS2K [IC id = 10]"},
{ 0xE002440000000000LL, 24, "ST Microelectronics; LRIS64K [IC id = 68]"},
{ 0xE003000000000000LL, 16, "Hitachi, Ltd Japan" },
// E0 04 xx
// 04 = Manufacturer code (Philips/NXP)
// XX = IC id (Chip ID Family)
//I-Code SLI SL2 ICS20 [IC id = 01]
//I-Code SLI-S [IC id = 02]
//I-Code SLI-L [IC id = 03]
//I-Code SLIX [IC id = 01 + bit36 set to 1 (starting from bit0 - different from normal SLI)]
//I-Code SLIX-S [IC id = 02 + bit36 set to 1]
//I-Code SLIX-L [IC id = 03 + bit36 set to 1]
{ 0xE004000000000000LL, 16, "NXP Semiconductors Germany (Philips)" },
{ 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" },
{ 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" },
{ 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" },
{ 0xE005000000000000LL, 16, "Infineon" },
{ 0xE005400000000000LL, 24, "Infineon; 56x32bit" },
{ 0xE006000000000000LL, 16, "Cylinc" },
{ 0xE007000000000000LL, 16, "Texas Instrument; " },
// E0 05 XX .. .. ..
// 05 = Manufacturer code (Infineon)
// XX = IC id (Chip ID Family)
{ 0xE005000000000000LL, 16, "Infineon Technologies AG Germany" },
{ 0xE005A10000000000LL, 24, "Infineon; SRF55V01P [IC id = 161] plain mode 1kBit"},
{ 0xE005A80000000000LL, 24, "Infineon; SRF55V01P [IC id = 168] pilot series 1kBit"},
{ 0xE005400000000000LL, 24, "Infineon; SRF55V02P [IC id = 64] plain mode 2kBit"},
{ 0xE005000000000000LL, 24, "Infineon; SRF55V10P [IC id = 00] plain mode 10KBit"},
{ 0xE005500000000000LL, 24, "Infineon; SRF55V02S [IC id = 80] secure mode 2kBit"},
{ 0xE005100000000000LL, 24, "Infineon; SRF55V10S [IC id = 16] secure mode 10KBit"},
{ 0xE0051E0000000000LL, 23, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"},
{ 0xE005200000000000LL, 21, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"},
{ 0xE006000000000000LL, 16, "Cylink USA" },
// E0 07 xx
// 07 = Texas Instruments
// XX = from bit 41 to bit 43 = product configuration - from bit 44 to bit 47 IC id (Chip ID Family)
//Tag IT RFIDType-I Plus, 2kBit, TI Inlay
//Tag-it HF-I Plus Inlay [IC id = 00] -> b'0000 000 2kBit
//Tag-it HF-I Plus Chip [IC id = 64] -> b'1000 000 2kBit
//Tag-it HF-I Standard Chip / Inlays [IC id = 96] -> b'1100 000 256Bit
//Tag-it HF-I Pro Chip / Inlays [IC id = 98] -> b'1100 010 256Bit, Password protection
{ 0xE007000000000000LL, 16, "Texas Instrument France" },
{ 0xE007000000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit" },
{ 0xE007100000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Chip; 64x32bit" },
{ 0xE007800000000000LL, 23, "Texas Instrument; Tag-it HF-I Plus (RF-HDT-DVBB tag or Third Party Products)" },
{ 0xE007C00000000000LL, 23, "Texas Instrument; Tag-it HF-I Standard; 8x32bit" },
{ 0xE007C40000000000LL, 23, "Texas Instrument; Tag-it HF-I Pro; 8x23bit; password" },
{ 0xE008000000000000LL, 16, "Fujitsu" },
{ 0xE009000000000000LL, 16, "Matsushita" },
{ 0xE00A000000000000LL, 16, "NEC" },
{ 0xE00B000000000000LL, 16, "Oki Electric" },
{ 0xE00C000000000000LL, 16, "Toshiba" },
{ 0xE00D000000000000LL, 16, "Mitsubishi" },
{ 0xE00E000000000000LL, 16, "Samsung" },
{ 0xE00F000000000000LL, 16, "Hyundai" },
{ 0xE010000000000000LL, 16, "LG-Semiconductors" },
{ 0xE008000000000000LL, 16, "Fujitsu Limited Japan" },
{ 0xE009000000000000LL, 16, "Matsushita Electronics Corporation, Semiconductor Company Japan" },
{ 0xE00A000000000000LL, 16, "NEC Japan" },
{ 0xE00B000000000000LL, 16, "Oki Electric Industry Co. Ltd Japan" },
{ 0xE00C000000000000LL, 16, "Toshiba Corp. Japan" },
{ 0xE00D000000000000LL, 16, "Mitsubishi Electric Corp. Japan" },
{ 0xE00E000000000000LL, 16, "Samsung Electronics Co. Ltd Korea" },
{ 0xE00F000000000000LL, 16, "Hynix / Hyundai, Korea" },
{ 0xE010000000000000LL, 16, "LG-Semiconductors Co. Ltd Korea" },
{ 0xE011000000000000LL, 16, "Emosyn-EM Microelectronics USA" },
{ 0xE012000000000000LL, 16, "HID Corporation" },
{ 0xE016000000000000LL, 16, "EM-Marin SA (Skidata)" },
{ 0xE012000000000000LL, 16, "INSIDE Technology France" },
{ 0xE013000000000000LL, 16, "ORGA Kartensysteme GmbH Germany" },
{ 0xE014000000000000LL, 16, "SHARP Corporation Japan" },
{ 0xE015000000000000LL, 16, "ATMEL France" },
{ 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)" },
{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" },
{ 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" },
{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" },
{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },
{ 0xE017000000000000LL, 16, "KSW Microtec GmbH Germany" },
{ 0xE018000000000000LL, 16, "ZMD AG Germany" },
{ 0xE019000000000000LL, 16, "XICOR, Inc. USA" },
{ 0xE01A000000000000LL, 16, "Sony Corporation Japan Identifier Company Country" },
{ 0xE01B000000000000LL, 16, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" },
{ 0xE01C000000000000LL, 16, "Emosyn USA" },
{ 0xE01D000000000000LL, 16, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" },
{ 0xE01E000000000000LL, 16, "Magellan Technology Pty Limited Australia" },
{ 0xE01F000000000000LL, 16, "Melexis NV BO Switzerland" },
{ 0xE020000000000000LL, 16, "Renesas Technology Corp. Japan" },
{ 0xE021000000000000LL, 16, "TAGSYS France" },
{ 0xE022000000000000LL, 16, "Transcore USA" },
{ 0xE023000000000000LL, 16, "Shanghai belling corp., ltd. China" },
{ 0xE024000000000000LL, 16, "Masktech Germany Gmbh Germany" },
{ 0xE025000000000000LL, 16, "Innovision Research and Technology Plc UK" },
{ 0xE026000000000000LL, 16, "Hitachi ULSI Systems Co., Ltd. Japan" },
{ 0xE027000000000000LL, 16, "Cypak AB Sweden" },
{ 0xE028000000000000LL, 16, "Ricoh Japan" },
{ 0xE029000000000000LL, 16, "ASK France" },
{ 0xE02A000000000000LL, 16, "Unicore Microsystems, LLC Russian Federation" },
{ 0xE02B000000000000LL, 16, "Dallas Semiconductor/Maxim USA" },
{ 0xE02C000000000000LL, 16, "Impinj, Inc. USA" },
{ 0xE02D000000000000LL, 16, "RightPlug Alliance USA" },
{ 0xE02E000000000000LL, 16, "Broadcom Corporation USA" },
{ 0xE02F000000000000LL, 16, "MStar Semiconductor, Inc Taiwan, ROC" },
{ 0xE030000000000000LL, 16, "BeeDar Technology Inc. USA" },
{ 0xE031000000000000LL, 16, " RFIDsec Denmark" },
{ 0xE032000000000000LL, 16, " Schweizer Electronic AG Germany" },
{ 0xE033000000000000LL, 16, " AMIC Technology Corp Taiwan" },
{ 0xE034000000000000LL, 16, "Mikron JSC Russia" },
{ 0xE035000000000000LL, 16, "Fraunhofer Institute for Photonic Microsystems Germany" },
{ 0xE036000000000000LL, 16, "IDS Microchip AG Switzerland" },
{ 0xE037000000000000LL, 16, "Kovio USA" },
{ 0xE038000000000000LL, 16, "HMT Microelectronic Ltd Switzerland Identifier Company Country" },
{ 0xE039000000000000LL, 16, "Silicon Craft Technology Thailand" },
{ 0xE03A000000000000LL, 16, "Advanced Film Device Inc. Japan" },
{ 0xE03B000000000000LL, 16, "Nitecrest Ltd UK" },
{ 0xE03C000000000000LL, 16, "Verayo Inc. USA" },
{ 0xE03D000000000000LL, 16, "HID Global USA" },
{ 0xE03E000000000000LL, 16, "Productivity Engineering Gmbh Germany" },
{ 0xE03F000000000000LL, 16, "Austriamicrosystems AG (reserved) Austria" },
{ 0xE040000000000000LL, 16, "Gemalto SA France" },
{ 0xE041000000000000LL, 16, "Renesas Electronics Corporation Japan" },
{ 0xE042000000000000LL, 16, "3Alogics Inc Korea" },
{ 0xE043000000000000LL, 16, "Top TroniQ Asia Limited Hong Kong" },
{ 0xE044000000000000LL, 16, "Gentag Inc (USA) USA" },
{ 0,0,"no tag-info available" } // must be the last entry
};

23
client/cmdhflegic.c
View file

@ -16,7 +16,7 @@
#include "cmdparser.h"
#include "cmdhflegic.h"
#include "cmdmain.h"
#include "util.h"
static int CmdHelp(const char *Cmd);
static command_t CommandTable[] =
@ -218,7 +218,24 @@ int CmdLegicRFRead(const char *Cmd)
int CmdLegicLoad(const char *Cmd)
{
FILE *f = fopen(Cmd, "r");
char filename[FILE_PATH_SIZE] = {0x00};
int len = 0;
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {
PrintAndLog("It loads datasamples from the file `filename`");
PrintAndLog("Usage: hf legic load <file name>");
PrintAndLog(" sample: hf legic load filename");
return 0;
}
len = strlen(Cmd);
if (len > FILE_PATH_SIZE) {
PrintAndLog("Filepath too long (was %s bytes), max allowed is %s ", len, FILE_PATH_SIZE);
return 0;
}
memcpy(filename, Cmd, len);
FILE *f = fopen(filename, "r");
if(!f) {
PrintAndLog("couldn't open '%s'", Cmd);
return -1;
@ -251,7 +268,7 @@ int CmdLegicSave(const char *Cmd)
int requested = 1024;
int offset = 0;
int delivered = 0;
char filename[1024];
char filename[FILE_PATH_SIZE];
uint8_t got[1024];
sscanf(Cmd, " %s %i %i", filename, &requested, &offset);

210
client/cmdhfmf.c
View file

@ -66,8 +66,7 @@ start:
if (isOK != 1) return 1;
// execute original function from util nonce2key
if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key))
{
if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key)) {
isOK = 2;
PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt);
} else {
@ -512,8 +511,8 @@ int CmdHF14AMfDump(const char *Cmd)
return 2;
}
}
fclose(fin);
// Read access rights to sectors
PrintAndLog("|-----------------------------------------|");
PrintAndLog("|------ Reading sector access bits...-----|");
@ -544,8 +543,6 @@ int CmdHF14AMfDump(const char *Cmd)
}
}
// Read blocks and print to file
PrintAndLog("|-----------------------------------------|");
PrintAndLog("|----- Dumping all blocks to file... -----|");
PrintAndLog("|-----------------------------------------|");
@ -629,8 +626,8 @@ int CmdHF14AMfRestore(const char *Cmd)
{
uint8_t sectorNo,blockNo;
uint8_t keyType = 0;
uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
uint8_t key[6] = {0xFF};
uint8_t bldata[16] = {0x00};
uint8_t keyA[40][6];
uint8_t keyB[40][6];
uint8_t numSectors;
@ -657,20 +654,15 @@ int CmdHF14AMfRestore(const char *Cmd)
return 0;
}
if ((fdump = fopen("dumpdata.bin","rb")) == NULL) {
PrintAndLog("Could not find file dumpdata.bin");
return 1;
}
if ((fkeys = fopen("dumpkeys.bin","rb")) == NULL) {
PrintAndLog("Could not find file dumpkeys.bin");
fclose(fdump);
return 1;
}
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
if (fread(keyA[sectorNo], 1, 6, fkeys) == 0) {
PrintAndLog("File reading error (dumpkeys.bin).");
fclose(fdump);
fclose(fkeys);
return 2;
}
@ -679,13 +671,17 @@ int CmdHF14AMfRestore(const char *Cmd)
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
if (fread(keyB[sectorNo], 1, 6, fkeys) == 0) {
PrintAndLog("File reading error (dumpkeys.bin).");
fclose(fdump);
fclose(fkeys);
return 2;
}
}
fclose(fkeys);
if ((fdump = fopen("dumpdata.bin","rb")) == NULL) {
PrintAndLog("Could not find file dumpdata.bin");
return 1;
}
PrintAndLog("Restoring dumpdata.bin to card");
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
@ -743,7 +739,7 @@ int CmdHF14AMfNested(const char *Cmd)
uint8_t trgKeyType = 0;
uint8_t SectorsCnt = 0;
uint8_t key[6] = {0, 0, 0, 0, 0, 0};
uint8_t keyBlock[6*6];
uint8_t keyBlock[13*6];
uint64_t key64 = 0;
bool transferToEml = false;
@ -773,11 +769,15 @@ int CmdHF14AMfNested(const char *Cmd)
cmdp = param_getchar(Cmd, 0);
blockNo = param_get8(Cmd, 1);
ctmp = param_getchar(Cmd, 2);
if (ctmp != 'a' && ctmp != 'A' && ctmp != 'b' && ctmp != 'B') {
PrintAndLog("Key type must be A or B");
return 1;
}
if (ctmp != 'A' && ctmp != 'a') keyType = 1;
if (ctmp != 'A' && ctmp != 'a')
keyType = 1;
if (param_gethex(Cmd, 3, key, 12)) {
PrintAndLog("Key must include 12 HEX symbols");
return 1;
@ -791,8 +791,10 @@ int CmdHF14AMfNested(const char *Cmd)
PrintAndLog("Target key type must be A or B");
return 1;
}
if (ctmp != 'A' && ctmp != 'a') trgKeyType = 1;
if (ctmp != 'A' && ctmp != 'a')
trgKeyType = 1;
} else {
switch (cmdp) {
case '0': SectorsCnt = 05; break;
case '1': SectorsCnt = 16; break;
@ -854,6 +856,14 @@ int CmdHF14AMfNested(const char *Cmd)
num_to_bytes(0xa0a1a2a3a4a5, 6, (uint8_t*)(keyBlock + 3 * 6));
num_to_bytes(0xb0b1b2b3b4b5, 6, (uint8_t*)(keyBlock + 4 * 6));
num_to_bytes(0xaabbccddeeff, 6, (uint8_t*)(keyBlock + 5 * 6));
num_to_bytes(0x4d3a99c351dd, 6, (uint8_t*)(keyBlock + 6 * 6));
num_to_bytes(0x1a982c7e459a, 6, (uint8_t*)(keyBlock + 7 * 6));
num_to_bytes(0xd3f7d3f7d3f7, 6, (uint8_t*)(keyBlock + 8 * 6));
num_to_bytes(0x714c5c886e97, 6, (uint8_t*)(keyBlock + 9 * 6));
num_to_bytes(0x587ee5f9350f, 6, (uint8_t*)(keyBlock + 10 * 6));
num_to_bytes(0xa0478cc39091, 6, (uint8_t*)(keyBlock + 11 * 6));
num_to_bytes(0x533cb6c723f6, 6, (uint8_t*)(keyBlock + 12 * 6));
num_to_bytes(0x8fd0a4f256e9, 6, (uint8_t*)(keyBlock + 13 * 6));
PrintAndLog("Testing known keys. Sector count=%d", SectorsCnt);
for (i = 0; i < SectorsCnt; i++) {
@ -869,7 +879,6 @@ int CmdHF14AMfNested(const char *Cmd)
}
}
// nested sectors
iterations = 0;
PrintAndLog("nested...");
@ -882,8 +891,7 @@ int CmdHF14AMfNested(const char *Cmd)
if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {
PrintAndLog("Nested error.\n");
free(e_sector);
return 2;
}
return 2; }
else {
calibrate = false;
}
@ -972,7 +980,7 @@ int CmdHF14AMfChk(const char *Cmd)
}
FILE * f;
char filename[256]={0};
char filename[FILE_PATH_SIZE]={0};
char buf[13];
uint8_t *keyBlock = NULL, *p;
uint8_t stKeyBlock = 20;
@ -1064,7 +1072,7 @@ int CmdHF14AMfChk(const char *Cmd)
keycnt++;
} else {
// May be a dic file
if ( param_getstr(Cmd, 2 + i,filename) > 255 ) {
if ( param_getstr(Cmd, 2 + i,filename) >= FILE_PATH_SIZE ) {
PrintAndLog("File name too long");
free(keyBlock);
return 2;
@ -1345,26 +1353,44 @@ int CmdHF14AMfESet(const char *Cmd)
int CmdHF14AMfELoad(const char *Cmd)
{
FILE * f;
char filename[20];
char filename[FILE_PATH_SIZE];
char *fnameptr = filename;
char buf[64];
uint8_t buf8[64];
int i, len, blockNum;
int i, len, blockNum, numBlocks;
int nameParamNo = 1;
memset(filename, 0, sizeof(filename));
memset(buf, 0, sizeof(buf));
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {
char ctmp = param_getchar(Cmd, 0);
if ( ctmp == 'h' || ctmp == 0x00) {
PrintAndLog("It loads emul dump from the file `filename.eml`");
PrintAndLog("Usage: hf mf eload <file name w/o `.eml`>");
PrintAndLog("Usage: hf mf eload [card memory] <file name w/o `.eml`>");
PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");
PrintAndLog("");
PrintAndLog(" sample: hf mf eload filename");
PrintAndLog(" hf mf eload 4 filename");
return 0;
}
len = strlen(Cmd);
if (len > 14) len = 14;
switch (ctmp) {
case '0' : numBlocks = 5*4; break;
case '1' :
case '\0': numBlocks = 16*4; break;
case '2' : numBlocks = 32*4; break;
case '4' : numBlocks = 256; break;
default: {
numBlocks = 16*4;
nameParamNo = 0;
}
}
len = param_getstr(Cmd,nameParamNo,filename);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
fnameptr += len;
sprintf(fnameptr, ".eml");
@ -1379,14 +1405,16 @@ int CmdHF14AMfELoad(const char *Cmd)
blockNum = 0;
while(!feof(f)){
memset(buf, 0, sizeof(buf));
if (fgets(buf, sizeof(buf), f) == NULL) {
if((blockNum == 16*4) || (blockNum == 32*4 + 8*16)) { // supports both old (1K) and new (4K) .eml files)
break;
}
if (blockNum >= numBlocks) break;
PrintAndLog("File reading error.");
fclose(f);
return 2;
}
if (strlen(buf) < 32){
if(strlen(buf) && feof(f))
break;
@ -1394,6 +1422,7 @@ int CmdHF14AMfELoad(const char *Cmd)
fclose(f);
return 2;
}
for (i = 0; i < 32; i += 2) {
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);
}
@ -1405,12 +1434,12 @@ int CmdHF14AMfELoad(const char *Cmd)
}
blockNum++;
if (blockNum >= 32*4 + 8*16) break;
if (blockNum >= numBlocks) break;
}
fclose(f);
if ((blockNum != 16*4) && (blockNum != 32*4 + 8*16)) {
PrintAndLog("File content error. There must be 64 or 256 blocks.");
if ((blockNum != numBlocks)) {
PrintAndLog("File content error. Got %d must be %d blocks.",blockNum, numBlocks);
return 4;
}
PrintAndLog("Loaded %d blocks from file: %s", blockNum, filename);
@ -1421,45 +1450,70 @@ int CmdHF14AMfELoad(const char *Cmd)
int CmdHF14AMfESave(const char *Cmd)
{
FILE * f;
char filename[20];
char filename[FILE_PATH_SIZE];
char * fnameptr = filename;
uint8_t buf[64];
int i, j, len;
int i, j, len, numBlocks;
int nameParamNo = 1;
memset(filename, 0, sizeof(filename));
memset(buf, 0, sizeof(buf));
if (param_getchar(Cmd, 0) == 'h') {
char ctmp = param_getchar(Cmd, 0);
if ( ctmp == 'h' || ctmp == 'H') {
PrintAndLog("It saves emul dump into the file `filename.eml` or `cardID.eml`");
PrintAndLog("Usage: hf mf esave [file name w/o `.eml`]");
PrintAndLog(" Usage: hf mf esave [card memory] [file name w/o `.eml`]");
PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");
PrintAndLog("");
PrintAndLog(" sample: hf mf esave ");
PrintAndLog(" hf mf esave filename");
PrintAndLog(" hf mf esave 4");
PrintAndLog(" hf mf esave 4 filename");
return 0;
}
len = strlen(Cmd);
if (len > 14) len = 14;
switch (ctmp) {
case '0' : numBlocks = 5*4; break;
case '1' :
case '\0': numBlocks = 16*4; break;
case '2' : numBlocks = 32*4; break;
case '4' : numBlocks = 256; break;
default: {
numBlocks = 16*4;
nameParamNo = 0;
}
}
len = param_getstr(Cmd,nameParamNo,filename);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
// user supplied filename?
if (len < 1) {
// get filename
// get filename (UID from memory)
if (mfEmlGetMem(buf, 0, 1)) {
PrintAndLog("Cant get block: %d", 0);
return 1;
PrintAndLog("Can\'t get UID from block: %d", 0);
sprintf(filename, "dump.eml");
}
for (j = 0; j < 7; j++, fnameptr += 2)
sprintf(fnameptr, "%02x", buf[j]);
sprintf(fnameptr, "%02X", buf[j]);
} else {
memcpy(filename, Cmd, len);
fnameptr += len;
}
// add file extension
sprintf(fnameptr, ".eml");
// open file
f = fopen(filename, "w+");
if ( !f ) {
PrintAndLog("Can't open file %s ", filename);
return 1;
}
// put hex
for (i = 0; i < 32*4 + 8*16; i++) {
for (i = 0; i < numBlocks; i++) {
if (mfEmlGetMem(buf, i, 1)) {
PrintAndLog("Cant get block: %d", i);
break;
@ -1470,7 +1524,7 @@ int CmdHF14AMfESave(const char *Cmd)
}
fclose(f);
PrintAndLog("Saved to file: %s", filename);
PrintAndLog("Saved %d blocks to file: %s", numBlocks, filename);
return 0;
}
@ -1519,13 +1573,34 @@ int CmdHF14AMfECFill(const char *Cmd)
int CmdHF14AMfEKeyPrn(const char *Cmd)
{
int i;
uint8_t numSectors;
uint8_t data[16];
uint64_t keyA, keyB;
if (param_getchar(Cmd, 0) == 'h') {
PrintAndLog("It prints the keys loaded in the emulator memory");
PrintAndLog("Usage: hf mf ekeyprn [card memory]");
PrintAndLog(" [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");
PrintAndLog("");
PrintAndLog(" sample: hf mf ekeyprn 1");
return 0;
}
char cmdp = param_getchar(Cmd, 0);
switch (cmdp) {
case '0' : numSectors = 5; break;
case '1' :
case '\0': numSectors = 16; break;
case '2' : numSectors = 32; break;
case '4' : numSectors = 40; break;
default: numSectors = 16;
}
PrintAndLog("|---|----------------|----------------|");
PrintAndLog("|sec|key A |key B |");
PrintAndLog("|---|----------------|----------------|");
for (i = 0; i < 40; i++) {
for (i = 0; i < numSectors; i++) {
if (mfEmlGetMem(data, FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1, 1)) {
PrintAndLog("error get block %d", FirstBlockOfSector(i) + NumBlocksPerSector(i) - 1);
break;
@ -1615,15 +1690,15 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
int CmdHF14AMfCLoad(const char *Cmd)
{
FILE * f;
char filename[20];
char filename[FILE_PATH_SIZE] = {0x00};
char * fnameptr = filename;
char buf[64];
uint8_t buf8[64];
char buf[64] = {0x00};
uint8_t buf8[64] = {0x00};
uint8_t fillFromEmulator = 0;
int i, len, blockNum, flags;
memset(filename, 0, sizeof(filename));
memset(buf, 0, sizeof(buf));
// memset(filename, 0, sizeof(filename));
// memset(buf, 0, sizeof(buf));
if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) {
PrintAndLog("It loads magic Chinese card (only works with!!!) from the file `filename.eml`");
@ -1656,7 +1731,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
return 0;
} else {
len = strlen(Cmd);
if (len > 14) len = 14;
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
fnameptr += len;
@ -1701,7 +1776,7 @@ int CmdHF14AMfCLoad(const char *Cmd)
}
fclose(f);
if (blockNum != 16 * 4){
if (blockNum != 16 * 4 && blockNum != 32 * 4 + 8 * 16){
PrintAndLog("File content error. There must be 64 blocks");
return 4;
}
@ -1779,14 +1854,14 @@ int CmdHF14AMfCGetSc(const char *Cmd) {
int CmdHF14AMfCSave(const char *Cmd) {
FILE * f;
char filename[20];
char filename[FILE_PATH_SIZE] = {0x00};
char * fnameptr = filename;
uint8_t fillFromEmulator = 0;
uint8_t buf[64];
uint8_t buf[64] = {0x00};
int i, j, len, flags;
memset(filename, 0, sizeof(filename));
memset(buf, 0, sizeof(buf));
// memset(filename, 0, sizeof(filename));
// memset(buf, 0, sizeof(buf));
if (param_getchar(Cmd, 0) == 'h') {
PrintAndLog("It saves `magic Chinese` card dump into the file `filename.eml` or `cardID.eml`");
@ -1821,7 +1896,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
return 0;
} else {
len = strlen(Cmd);
if (len > 14) len = 14;
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
if (len < 1) {
// get filename
@ -1841,6 +1916,11 @@ int CmdHF14AMfCSave(const char *Cmd) {
// open file
f = fopen(filename, "w+");
if (f == NULL) {
PrintAndLog("File not found or locked.");
return 1;
}
// put hex
flags = CSETBLOCK_INIT_FIELD + CSETBLOCK_WUPC;
for (i = 0; i < 16 * 4; i++) {
@ -2020,9 +2100,9 @@ static command_t CommandTable[] =
{"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},
{"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},
{"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},
{"csetblk", CmdHF14AMfCSetBlk, 0, "Write block into magic Chinese card"},
{"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block from magic Chinese card"},
{"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector from magic Chinese card"},
{"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},
{"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},
{"cgetsc", CmdHF14AMfCGetSc, 0, "Read sector - Magic Chinese card"},
{"cload", CmdHF14AMfCLoad, 0, "Load dump into magic Chinese card"},
{"csave", CmdHF14AMfCSave, 0, "Save dump from magic Chinese card into file or emulator"},
{NULL, NULL, 0, NULL}

3
client/cmdhw.c
View file

@ -13,7 +13,6 @@
#include <string.h>
#include <limits.h>
#include "ui.h"
//#include "proxusb.h"
#include "proxmark3.h"
#include "cmdparser.h"
#include "cmdhw.h"
@ -418,7 +417,7 @@ static command_t CommandTable[] =
{"setlfdivisor", CmdSetDivisor, 0, "<19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)"},
{"setmux", CmdSetMux, 0, "<loraw|hiraw|lopkd|hipkd> -- Set the ADC mux to a specific value"},
{"tune", CmdTune, 0, "Measure antenna tuning"},
{"version", CmdVersion, 0, "Show version inforation about the connected Proxmark"},
{"version", CmdVersion, 0, "Show version information about the connected Proxmark"},
{NULL, NULL, 0, NULL}
};

103
client/cmdlf.c
View file

@ -19,6 +19,7 @@
#include "cmdparser.h"
#include "cmdmain.h"
#include "cmddata.h"
#include "util.h"
#include "cmdlf.h"
#include "cmdlfhid.h"
#include "cmdlfti.h"
@ -110,9 +111,9 @@ int CmdFlexdemod(const char *Cmd)
i = 0;
int phase = 0;
for (bit = 0; bit < 64; bit++) {
phase = (bits[bit] == 0) ? 0 : 1;
int j;
for (j = 0; j < 32; j++) {
GraphBuffer[i++] = phase;
@ -123,7 +124,7 @@ int CmdFlexdemod(const char *Cmd)
RepaintGraphWindow();
return 0;
}
int CmdIndalaDemod(const char *Cmd)
{
// Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID
@ -167,7 +168,7 @@ int CmdIndalaDemod(const char *Cmd)
count = 0;
}
}
if (rawbit>0){
PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
@ -198,7 +199,7 @@ int CmdIndalaDemod(const char *Cmd)
break;
}
}
if (start == rawbit - uidlen + 1) {
PrintAndLog("nothing to wait for");
return 0;
@ -217,7 +218,7 @@ int CmdIndalaDemod(const char *Cmd)
int bit;
i = start;
int times = 0;
if (uidlen > rawbit) {
PrintAndLog("Warning: not enough raw bits to get a full UID");
for (bit = 0; bit < rawbit; bit++) {
@ -235,12 +236,12 @@ int CmdIndalaDemod(const char *Cmd)
}
times = 1;
}
//convert UID to HEX
uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
int idx;
uid1 = uid2 = 0;
if (uidlen==64){
for( idx=0; idx<64; idx++) {
if (showbits[idx] == '0') {
@ -249,7 +250,7 @@ int CmdIndalaDemod(const char *Cmd)
} else {
uid1=(uid1<<1)|(uid2>>31);
uid2=(uid2<<1)|1;
}
}
}
PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
}
@ -263,10 +264,10 @@ int CmdIndalaDemod(const char *Cmd)
uid4=(uid4<<1)|(uid5>>31);
uid5=(uid5<<1)|(uid6>>31);
uid6=(uid6<<1)|(uid7>>31);
if (showbits[idx] == '0')
if (showbits[idx] == '0')
uid7 = (uid7<<1) | 0;
else
else
uid7 = (uid7<<1) | 1;
}
PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
@ -291,7 +292,7 @@ int CmdIndalaDemod(const char *Cmd)
PrintAndLog("Occurrences: %d (expected %d)", times, (rawbit - start) / uidlen);
// Remodulating for tag cloning
// HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod)
// HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod)
// since this changes graphbuffer data.
GraphTraceLen = 32*uidlen;
i = 0;
@ -380,10 +381,8 @@ static void ChkBitstream(const char *str)
int i;
/* convert to bitstream if necessary */
for (i = 0; i < (int)(GraphTraceLen / 2); i++)
{
if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0)
{
for (i = 0; i < (int)(GraphTraceLen / 2); i++){
if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0) {
CmdBitstream(str);
break;
}
@ -392,7 +391,7 @@ static void ChkBitstream(const char *str)
int CmdLFSim(const char *Cmd)
{
int i;
int i,j;
static int gap;
sscanf(Cmd, "%i", &gap);
@ -400,18 +399,20 @@ int CmdLFSim(const char *Cmd)
/* convert to bitstream if necessary */
ChkBitstream(Cmd);
PrintAndLog("Sending data, please wait...");
for (i = 0; i < GraphTraceLen; i += 48) {
printf("Sending [%d bytes]", GraphTraceLen);
for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) {
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
int j;
for (j = 0; j < 48; j++) {
for (j = 0; j < USB_CMD_DATA_SIZE; j++) {
c.d.asBytes[j] = GraphBuffer[i+j];
}
SendCommand(&c);
WaitForResponse(CMD_ACK,NULL);
printf(".");
}
PrintAndLog("Starting simulator...");
printf("\n");
PrintAndLog("Starting to simulate");
UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
SendCommand(&c);
return 0;
@ -554,42 +555,42 @@ int CmdVchDemod(const char *Cmd)
int CmdLFfind(const char *Cmd)
{
int ans=0;
if (!offline){
ans=CmdLFRead("");
ans=CmdSamples("20000");
}
if (GraphTraceLen<1000) return 0;
PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag");
PrintAndLog("Checking for known tags:");
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: lf search <0|1>");
PrintAndLog(" <use data from Graphbuffer>, if not set, try reading data from tag.");
PrintAndLog("");
PrintAndLog(" sample: lf search");
PrintAndLog(" : lf search 1");
return 0;
}
if (!offline || (cmdp != '1') ){
ans=CmdLFRead("");
ans=CmdSamples("20000");
} else if (GraphTraceLen < 1000) {
PrintAndLog("Data in Graphbuffer was too small.");
return 0;
}
PrintAndLog("Checking for known tags:");
ans=Cmdaskmandemod("");
if (ans>0) {
PrintAndLog("Valid EM410x ID Found!");
return 1;
}
if (ans>0) return 1;
ans=CmdFSKdemodHID("");
if (ans>0) {
PrintAndLog("Valid HID Prox ID Found!");
return 1;
}
if (ans>0) return 1;
ans=CmdFSKdemodIO("");
if (ans>0) {
PrintAndLog("Valid IO Prox ID Found!");
return 1;
}
if (ans>0) return 1;
//add psk and indala
ans=CmdIndalaDecode("");
if (ans>0) {
PrintAndLog("Valid Indala ID Found!");
return 1;
}
// ans=CmdIndalaDemod("224");
// if (ans>0) return 1;
ans=CmdIndalaDemod("");
if (ans>0) return 1;
ans=CmdIndalaDemod("224");
if (ans>0) return 1;
PrintAndLog("No Known Tags Found!\n");
return 0;
}
static command_t CommandTable[] =
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"cmdread", CmdLFCommandRead, 0, "<off period> <'0' period> <'1' period> <command> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"},
@ -616,7 +617,7 @@ static command_t CommandTable[] =
int CmdLF(const char *Cmd)
{
CmdsParse(CommandTable, Cmd);
return 0;
return 0;
}
int CmdHelp(const char *Cmd)

38
client/cmdlfem4x.c
View file

@ -19,6 +19,7 @@
#include "cmddata.h"
#include "cmdlf.h"
#include "cmdlfem4x.h"
char *global_em410xId;
static int CmdHelp(const char *Cmd);
@ -66,7 +67,7 @@ int CmdEM410xRead(const char *Cmd)
parity[0] = parity[1] = parity[2] = parity[3] = 0;
header = rows = 0;
/* manchester demodulate */
// manchester demodulate
bit = bit2idx = 0;
for (i = 0; i < (int)(GraphTraceLen / clock); i++)
{
@ -77,9 +78,9 @@ int CmdEM410xRead(const char *Cmd)
/* Find out if we hit both high and low peaks */
for (j = 0; j < clock; j++)
{
if (GraphBuffer[(i * clock) + j] == high)
if (GraphBuffer[(i * clock) + j] >= high)
hithigh = 1;
else if (GraphBuffer[(i * clock) + j] == low)
else if (GraphBuffer[(i * clock) + j] <= low)
hitlow = 1;
/* it doesn't count if it's the first part of our read
@ -149,6 +150,8 @@ retest:
PrintAndLog("EM410x Tag ID: %s", id);
PrintAndLog("Unique Tag ID: %s", id2);
global_em410xId = id;
/* Stop any loops */
return 1;
}
@ -177,8 +180,10 @@ retest:
}
/* if we've already retested after flipping bits, return */
if (retested++)
if (retested++){
PrintAndLog("Failed to decode");
return 0;
}
/* if this didn't work, try flipping bits */
for (i = 0; i < bit2idx; i++)
@ -293,6 +298,14 @@ int CmdEM410xWatch(const char *Cmd)
return 0;
}
int CmdEM410xWatchnSpoof(const char *Cmd)
{
CmdEM410xWatch(Cmd);
PrintAndLog("# Replaying : %s",global_em410xId);
CmdEM410xSim(global_em410xId);
return 0;
}
/* Read the transmitted data of an EM4x50 tag
* Format:
*
@ -507,12 +520,12 @@ int CmdEM410xWrite(const char *Cmd)
int CmdReadWord(const char *Cmd)
{
int Word = 16; //default to invalid word
int Word = -1; //default to invalid word
UsbCommand c;
sscanf(Cmd, "%d", &Word);
if (Word > 15) {
if ( (Word > 15) | (Word < 0) ) {
PrintAndLog("Word must be between 0 and 15");
return 1;
}
@ -530,13 +543,13 @@ int CmdReadWord(const char *Cmd)
int CmdReadWordPWD(const char *Cmd)
{
int Word = 16; //default to invalid word
int Word = -1; //default to invalid word
int Password = 0xFFFFFFFF; //default to blank password
UsbCommand c;
sscanf(Cmd, "%d %x", &Word, &Password);
if (Word > 15) {
if ( (Word > 15) | (Word < 0) ) {
PrintAndLog("Word must be between 0 and 15");
return 1;
}
@ -565,7 +578,7 @@ int CmdWriteWord(const char *Cmd)
return 1;
}
PrintAndLog("Writting word %d with data %08X", Word, Data);
PrintAndLog("Writing word %d with data %08X", Word, Data);
c.cmd = CMD_EM4X_WRITE_WORD;
c.d.asBytes[0] = 0x0; //Normal mode
@ -578,7 +591,7 @@ int CmdWriteWord(const char *Cmd)
int CmdWriteWordPWD(const char *Cmd)
{
int Word = 8; //default to invalid word
int Word = 16; //default to invalid word
int Data = 0xFFFFFFFF; //default to blank data
int Password = 0xFFFFFFFF; //default to blank password
UsbCommand c;
@ -590,7 +603,7 @@ int CmdWriteWordPWD(const char *Cmd)
return 1;
}
PrintAndLog("Writting word %d with data %08X and password %08X", Word, Data, Password);
PrintAndLog("Writing word %d with data %08X and password %08X", Word, Data, Password);
c.cmd = CMD_EM4X_WRITE_WORD;
c.d.asBytes[0] = 0x1; //Password mode
@ -601,8 +614,6 @@ int CmdWriteWordPWD(const char *Cmd)
return 0;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
@ -610,6 +621,7 @@ static command_t CommandTable[] =
{"em410xread", CmdEM410xRead, 1, "[clock rate] -- Extract ID from EM410x tag"},
{"em410xsim", CmdEM410xSim, 0, "<UID> -- Simulate EM410x tag"},
{"em410xwatch", CmdEM410xWatch, 0, "['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)"},
{"em410xspoof", CmdEM410xWatchnSpoof, 0, "['h'] --- Watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)" },
{"em410xwrite", CmdEM410xWrite, 1, "<UID> <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate"},
{"em4x50read", CmdEM4x50Read, 1, "Extract data from EM4x50 tag"},
{"readword", CmdReadWord, 1, "<Word> -- Read EM4xxx word data"},

1
client/cmdlfem4x.h
View file

@ -16,6 +16,7 @@ int CmdEMdemodASK(const char *Cmd);
int CmdEM410xRead(const char *Cmd);
int CmdEM410xSim(const char *Cmd);
int CmdEM410xWatch(const char *Cmd);
int CmdEM410xWatchnSpoof(const char *Cmd);
int CmdEM410xWrite(const char *Cmd);
int CmdEM4x50Read(const char *Cmd);
int CmdReadWord(const char *Cmd);

56
client/cmdlfhitag.c
View file

@ -29,7 +29,7 @@ size_t nbytes(size_t nbits) {
int CmdLFHitagList(const char *Cmd)
{
uint8_t got[3000];
uint8_t got[TRACE_BUFFER_SIZE];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
@ -39,11 +39,25 @@ int CmdLFHitagList(const char *Cmd)
int i = 0;
int prev = -1;
int len = strlen(Cmd);
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf = NULL;
if (len > FILE_PATH_SIZE)
len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
if (strlen(filename) > 0) {
if ((pf = fopen(filename,"wb")) == NULL) {
PrintAndLog("Error: Could not open file [%s]",filename);
return 1;
}
}
for (;;) {
if(i >= 1900) {
break;
}
if(i >= TRACE_BUFFER_SIZE) { break; }
bool isResponse;
int timestamp = *((uint32_t *)(got+i));
@ -68,9 +82,7 @@ int CmdLFHitagList(const char *Cmd)
if (len > 100) {
break;
}
if (i + len >= 1900) {
break;
}
if (i + len >= TRACE_BUFFER_SIZE) { break;}
uint8_t *frame = (got+i+9);
@ -103,18 +115,22 @@ int CmdLFHitagList(const char *Cmd)
line);
// if (pf) {
// fprintf(pf," +%7d: %3d: %s %s\n",
// (prev < 0 ? 0 : (timestamp - prev)),
// bits,
// (isResponse ? "TAG" : " "),
// line);
// }
if (pf) {
fprintf(pf," +%7d: %3d: %s %s\n",
(prev < 0 ? 0 : (timestamp - prev)),
bits,
(isResponse ? "TAG" : " "),
line);
}
prev = timestamp;
i += (len + 9);
}
if (pf) {
fclose(pf);
PrintAndLog("Recorded activity succesfully written to file: %s", filename);
}
return 0;
}
@ -126,12 +142,14 @@ int CmdLFHitagSnoop(const char *Cmd) {
}
int CmdLFHitagSim(const char *Cmd) {
UsbCommand c = {CMD_SIMULATE_HITAG};
char filename[256] = { 0x00 };
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf;
bool tag_mem_supplied;
param_getstr(Cmd,0,filename);
int len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
if (strlen(filename) > 0) {
if ((pf = fopen(filename,"rb+")) == NULL) {
@ -227,9 +245,9 @@ int CmdLFHitagReader(const char *Cmd) {
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdLFHitagList, 1, "List Hitag trace history"},
{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
{"sim", CmdLFHitagSim, 1, "Simulate Hitag transponder"},
{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
{NULL, NULL, 0, NULL}
};

2
client/cmdmain.c
View file

@ -132,7 +132,7 @@ int getCommand(UsbCommand* response)
bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
UsbCommand resp;
if (response == NULL)
response = &resp;

3
client/data.h
View file

@ -13,6 +13,9 @@
#include <stdint.h>
//trace buffer size as defined in armsrc/apps.h TRACE_SIZE
#define TRACE_BUFFER_SIZE 4096
#define FILE_PATH_SIZE 1000
#define SAMPLE_BUFFER_SIZE 64
extern uint8_t* sample_buf;

3
client/flasher.c
View file

@ -52,11 +52,8 @@ void ReceiveCommand(UsbCommand* rxcmd) {
while (true) {
rxlen = sizeof(UsbCommand) - (prx-prxcmd);
if (uart_receive(sp,prx,&rxlen)) {
// printf("received [%zd] bytes\n",rxlen);
prx += rxlen;
if ((prx-prxcmd) >= sizeof(UsbCommand)) {
// printf("received: ");
// cmd_debug(rxcmd);
return;
}
}

80
client/graph.c
View file

@ -20,74 +20,76 @@ int GraphTraceLen;
/* write a bit to the graph */
void AppendGraph(int redraw, int clock, int bit)
{
int i;
int i;
for (i = 0; i < (int)(clock / 2); ++i)
GraphBuffer[GraphTraceLen++] = bit ^ 1;
for (i = 0; i < (int)(clock / 2); ++i)
GraphBuffer[GraphTraceLen++] = bit ^ 1;
for (i = (int)(clock / 2); i < clock; ++i)
GraphBuffer[GraphTraceLen++] = bit;
for (i = (int)(clock / 2); i < clock; ++i)
GraphBuffer[GraphTraceLen++] = bit;
if (redraw)
RepaintGraphWindow();
if (redraw)
RepaintGraphWindow();
}
// clear out our graph window
int ClearGraph(int redraw)
{
int gtl = GraphTraceLen;
GraphTraceLen = 0;
int gtl = GraphTraceLen;
memset(GraphBuffer, 0x00, GraphTraceLen);
if (redraw)
RepaintGraphWindow();
GraphTraceLen = 0;
return gtl;
if (redraw)
RepaintGraphWindow();
return gtl;
}
// DETECT CLOCK NOW IN LFDEMOD.C
void setGraphBuf(uint8_t *buff, size_t size)
{
int i=0;
ClearGraph(0);
for (; i < size; ++i){
int i=0;
ClearGraph(0);
for (; i < size; ++i){
GraphBuffer[i]=buff[i]-128;
}
GraphTraceLen=size;
RepaintGraphWindow();
return;
}
GraphTraceLen=size;
RepaintGraphWindow();
return;
}
size_t getFromGraphBuf(uint8_t *buff)
{
uint32_t i;
for (i=0;i<GraphTraceLen;++i){
if (GraphBuffer[i]>127) GraphBuffer[i]=127; //trim
if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim
buff[i]=(uint8_t)(GraphBuffer[i]+128);
}
return i;
uint32_t i;
for (i=0;i<GraphTraceLen;++i){
if (GraphBuffer[i]>127) GraphBuffer[i]=127; //trim
if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim
buff[i]=(uint8_t)(GraphBuffer[i]+128);
}
return i;
}
// Get or auto-detect clock rate
int GetClock(const char *str, int peak, int verbose)
{
int clock;
sscanf(str, "%i", &clock);
if (!strcmp(str, ""))
clock = 0;
int clock;
sscanf(str, "%i", &clock);
if (!strcmp(str, ""))
clock = 0;
// Auto-detect clock
if (!clock)
{
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
if (!clock)
{
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
size_t size = getFromGraphBuf(grph);
clock = DetectASKClock(grph,size,0);
clock = DetectASKClock(grph,size,0);
// Only print this message if we're not looping something
if (!verbose){
PrintAndLog("Auto-detected clock rate: %d", clock);
}
}
if (!verbose){
PrintAndLog("Auto-detected clock rate: %d", clock);
}
}
return clock;
return clock;
}
int GetNRZpskClock(const char *str, int peak, int verbose)

1
client/loclass/elite_crack.c
View file

@ -514,7 +514,6 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[])
*/
int bruteforceFile(const char *filename, uint16_t keytable[])
{
FILE *f = fopen(filename, "rb");
if(!f) {
prnlog("Failed to read from file '%s'", filename);

2
client/loclass/ikeys.c
View file

@ -725,7 +725,6 @@ int doTestsWithKnownInputs()
int readKeyFile(uint8_t key[8])
{
FILE *f;
int retval = 1;
f = fopen("iclass_key.bin", "rb");
@ -738,7 +737,6 @@ int readKeyFile(uint8_t key[8])
fclose(f);
}
return retval;
}

33
client/lualibs/commands.lua
View file

@ -64,6 +64,7 @@ local _commands = {
CMD_ISO_15693_COMMAND_DONE = 0x0314,
CMD_ISO_15693_FIND_AFI = 0x0315,
CMD_ISO_15693_DEBUG = 0x0316,
CMD_LF_SNOOP_RAW_ADC_SAMPLES = 0x0317,
--// For Hitag2 transponders
CMD_SNOOP_HITAG = 0x0370,
@ -80,10 +81,13 @@ local _commands = {
CMD_READER_LEGIC_RF = 0x0388,
CMD_WRITER_LEGIC_RF = 0x0389,
CMD_EPA_PACE_COLLECT_NONCE = 0x038A,
--//CMD_EPA_ = 0x038B,
CMD_SNOOP_ICLASS = 0x0392,
CMD_SIMULATE_TAG_ICLASS = 0x0393,
CMD_READER_ICLASS = 0x0394,
CMD_READER_ICLASS_REPLAY = 0x0395,
CMD_ICLASS_ISO14443A_WRITE = 0x0397,
--// For measurements of the antenna tuning
CMD_MEASURE_ANTENNA_TUNING = 0x0400,
@ -100,8 +104,11 @@ local _commands = {
CMD_MIFARE_EML_MEMSET = 0x0602,
CMD_MIFARE_EML_MEMGET = 0x0603,
CMD_MIFARE_EML_CARDLOAD = 0x0604,
CMD_MIFARE_EML_CSETBLOCK = 0x0605,
CMD_MIFARE_EML_CGETBLOCK = 0x0606,
--// magic chinese card commands
CMD_MIFARE_CSETBLOCK = 0x0605,
CMD_MIFARE_CGETBLOCK = 0x0606,
CMD_MIFARE_CIDENT = 0x0607,
CMD_SIMULATE_MIFARE_CARD = 0x0610,
@ -109,12 +116,33 @@ local _commands = {
CMD_MIFARE_NESTED = 0x0612,
CMD_MIFARE_READBL = 0x0620,
CMD_MIFAREU_READBL = 0x0720,
CMD_MIFARE_READSC = 0x0621,
CMD_MIFAREU_READCARD = 0x0721,
CMD_MIFARE_WRITEBL = 0x0622,
CMD_MIFAREU_WRITEBL = 0x0722,
CMD_MIFAREU_WRITEBL_COMPAT = 0x0723,
CMD_MIFARE_CHKKEYS = 0x0623,
CMD_MIFARE_SNIFFER = 0x0630,
--//ultralightC
CMD_MIFAREUC_AUTH1 = 0x0724,
CMD_MIFAREUC_AUTH2 = 0x0725,
CMD_MIFAREUC_READCARD = 0x0726,
--// mifare desfire
CMD_MIFARE_DESFIRE_READBL = 0x0728,
CMD_MIFARE_DESFIRE_WRITEBL = 0x0729,
CMD_MIFARE_DESFIRE_AUTH1 = 0x072a,
CMD_MIFARE_DESFIRE_AUTH2 = 0x072b,
CMD_MIFARE_DES_READER = 0x072c,
CMD_MIFARE_DESFIRE_INFO = 0x072d,
CMD_MIFARE_DESFIRE = 0x072e,
CMD_UNKNOWN = 0xFFFF,
}
@ -184,7 +212,6 @@ function Command:getBytes()
local data = self.data
local cmd = self.cmd
local arg1, arg2, arg3 = self.arg1, self.arg2, self.arg3
return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data);
end

63
client/lualibs/default_toys.lua Normal file
View file

@ -0,0 +1,63 @@
local _names = {
--[[
--]]
["0400"]="BASH",
["1600"]="BOOMER" ,
["1800"]="CAMO",
["3000"]="CHOPCHOP" ,
["2000"]="CYNDER",
["6400"]="JET-VAC",
["6700"]="FLASHWING",
["7000"]="TREE REX",
["7100"]="LIGHTCORE SHROOMBOOM",
["1C00"]="DARK SPYRO",
["0600"]="DINORANG" ,
["1200"]="DOUBLE TROUBLE" ,
["1500"]="DRILLSERGEANT" ,
["1400"]="DROBOT",
["0900"]="LIGHTCORE ERUPTOR" ,
["0B00"]="FLAMESLINGER" ,
["1F00"]="GHOST ROASTER",
["0E00"]="GILL GRUNT" ,
["1D00"]="HEX",
["0A00"]="IGNITOR",
["0300"]="LIGHTNINGROD",
["0700"]="LIGHTCORE PRISM BREAK",
["1500"]="SLAMBAM",
["0100"]="SONIC BOOM",
["1000"]="SPYRO",
["1A00"]="STEALTH ELF",
["1B00"]="STUMP SMASH",
["0800"]="SUNBURN",
["0500"]="TERRAFIN",
["1300"]="TRIGGER HAPPY",
["1100"]="VOODOOD",
["0200"]="WARNADO",
["0D00"]="WHAM SHELL",
["0000"]="WHIRLWIND",
["1700"]="WRECKING BALL",
["0C00"]="ZAP",
["1900"]="ZOOK",
["0300"]="DRAGON",
["012D"]="ICE",
["012E"]="PIRATE",
["0130"]="PVPUNLOCK",
["012F"]="UNDEAD",
["0200"]="ANVIL" ,
["CB00"]="CROSSED SWORDS",
["CC00"]="HOURGLASS",
["CA00"]="REGENERATION",
["C900"]="SECRET STASH",
["CD00"]="SHIELD",
["CF00"]="SPARX",
["CE00"]="SPEED BOOTS",
["0194"]="LEGENDARY BASH",
["0430"]="LEGENDARY CHOPCHOP",
["01A0"]="LEGENDARY SPYRO",
["01A3"]="LEGENDARY TRIGGER HAPPY",
["0202"]="PET GILL GRUNT",
["020E"]="PET STEALTH ELF",
["01F9"]="PET TERRAFIN",
["0207"]="PET TRIGGER HAPPY",
}
return _names

14
client/lualibs/html_dumplib.lua
View file

@ -47,6 +47,18 @@ local function save_HTML(javascript, filename)
end
local function save_TEXT(data,filename)
-- Open the output file
local outfile = io.open(filename, "w")
if outfile == nil then
return oops(string.format("Could not write to file %s",tostring(filename)))
end
outfile:write(data)
io.close(outfile)
return filename
end
local function save_BIN(data, filename)
-- Open the output file
@ -181,4 +193,6 @@ return {
convert_bin_to_html = convert_bin_to_html,
convert_eml_to_html = convert_eml_to_html,
convert_eml_to_bin = convert_eml_to_bin,
SaveAsBinary = save_BIN,
SaveAsText = save_TEXT,
}

1
client/lualibs/htmlskel.lua
View file

@ -55,6 +55,7 @@ local skel_1 = [[
return "UNKNOWN"
}
add("04,,,Mifare TNP3xxx Activision 1K,0f01,01");
add("04,,,Mifare Mini,0004,09");
add("04,,,Mifare Classic 1k/Mifare Plus(4 byte UID) 2K SL1,0004,08");
add("04,,,Mifare Plus (4 byte UID) 2K SL2,0004,10");

18
client/lualibs/mf_default_keys.lua
View file

@ -141,6 +141,24 @@ local _keys = {
'200000000000',
'a00000000000',
'b00000000000',
--[[
Should be for Mifare TNP3xxx tags A KEY.
--]]
'4b0b20107ccb',
--[[
Kiev metro cards
--]]
'8fe644038790',
'f14ee7cae863',
'632193be1c3c',
'569369c5a0e5',
'9de89e070277',
'eff603e1efe9',
'644672bd4afe',
'b5ff67cba951',
}
---

1
client/lualibs/read14a.lua
View file

@ -25,6 +25,7 @@ local ISO14A_COMMAND = {
local ISO14443a_TYPES = {}
ISO14443a_TYPES[0x00] = "NXP MIFARE Ultralight | Ultralight C"
ISO14443a_TYPES[0x01] = "NXP MIFARE TNP3xxx Activision Game Appliance"
ISO14443a_TYPES[0x04] = "NXP MIFARE (various !DESFire !DESFire EV1)"
ISO14443a_TYPES[0x08] = "NXP MIFARE CLASSIC 1k | Plus 2k"
ISO14443a_TYPES[0x09] = "NXP MIFARE Mini 0.3k"

171
client/lualibs/utils.lua
View file

@ -33,9 +33,86 @@ local Utils =
return answer
end,
------------ FILE READING
ReadDumpFile = function (filename)
if filename == nil then
return nil, 'Filename is empty'
end
if #filename == 0 then
return nil, 'Filename length is zero'
end
infile = io.open(filename, "rb")
if infile == nil then
return nil, string.format("Could not read file %s",filename)
end
local t = infile:read("*all")
len = string.len(t)
local _,hex = bin.unpack(("H%d"):format(len),t)
io.close(infile)
return hex
end,
------------ string split function
Split = function( inSplitPattern, outResults )
if not outResults then
outResults = {}
end
local start = 1
local splitStart, splitEnd = string.find( self, inSplitPattern, start )
while splitStart do
table.insert( outResults, string.sub( self, start, splitStart-1 ) )
start = splitEnd + 1
splitStart, splitEnd = string.find( self, inSplitPattern, start )
end
table.insert( outResults, string.sub( self, start ) )
return outResults
end,
------------ CRC-16 ccitt checksums
-- Takes a hex string and calculates a crc16
Crc16 = function(s)
if s == nil then return nil end
if #s == 0 then return nil end
if type(s) == 'string' then
local utils = require('utils')
local asc = utils.ConvertHexToAscii(s)
local hash = core.crc16(asc)
return hash
end
return nil
end,
-- input parameter is a string
-- Swaps the endianess and returns a number,
-- IE: 'cd7a' -> '7acd' -> 0x7acd
SwapEndianness = function(s, len)
if s == nil then return nil end
if #s == 0 then return '' end
if type(s) ~= 'string' then return nil end
local retval = 0
if len == 16 then
local t = s:sub(3,4)..s:sub(1,2)
retval = tonumber(t,16)
elseif len == 24 then
local t = s:sub(5,6)..s:sub(3,4)..s:sub(1,2)
retval = tonumber(t,16)
elseif len == 32 then
local t = s:sub(7,8)..s:sub(5,6)..s:sub(3,4)..s:sub(1,2)
retval = tonumber(t,16)
end
return retval
end,
------------ CONVERSIONS
--
-- Converts DECIMAL to HEX
ConvertDec2Hex = function(IN)
ConvertDecToHex = function(IN)
local B,K,OUT,I,D=16,"0123456789ABCDEF","",0
while IN>0 do
I=I+1
@ -46,12 +123,100 @@ local Utils =
end,
---
-- Convert Byte array to string of hex
ConvertBytes2String = function(bytes)
s = {}
ConvertBytesToHex = function(bytes)
if #bytes == 0 then
return ''
end
local s={}
for i = 1, #(bytes) do
s[i] = string.format("%02X",bytes[i])
end
return table.concat(s)
end,
-- Convert byte array to string with ascii
ConvertBytesToAscii = function(bytes)
if #bytes == 0 then
return ''
end
local s={}
for i = 1, #(bytes) do
s[i] = string.char(bytes[i])
end
return table.concat(s)
end,
ConvertHexToBytes = function(s)
local t={}
if s == nil then return t end
if #s == 0 then return t end
for k in s:gmatch"(%x%x)" do
table.insert(t,tonumber(k,16))
end
return t
end,
ConvertAsciiToBytes = function(s)
local t={}
if s == nil then return t end
if #s == 0 then return t end
for k in s:gmatch"(.)" do
table.insert(t, string.byte(k))
end
return t
end,
ConvertHexToAscii = function(s)
local t={}
if s == nil then return t end
if #s == 0 then return t end
for k in s:gmatch"(%x%x)" do
table.insert(t, string.char(tonumber(k,16)))
end
return table.concat(t)
end,
-- function convertStringToBytes(str)
-- local bytes = {}
-- local strLength = string.len(str)
-- for i=1,strLength do
-- table.insert(bytes, string.byte(str, i))
-- end
-- return bytes
-- end
-- function convertBytesToString(bytes)
-- local bytesLength = table.getn(bytes)
-- local str = ""
-- for i=1,bytesLength do
-- str = str .. string.char(bytes[i])
-- end
-- return str
-- end
-- function convertHexStringToBytes(str)
-- local bytes = {}
-- local strLength = string.len(str)
-- for k=2,strLength,2 do
-- local hexString = "0x" .. string.sub(str, (k - 1), k)
-- table.insert(bytes, hex.to_dec(hexString))
-- end
-- return bytes
-- end
-- function convertBytesToHexString(bytes)
-- local str = ""
-- local bytesLength = table.getn(bytes)
-- for i=1,bytesLength do
-- local hexString = string.sub(hex.to_hex(bytes[i]), 3)
-- if string.len(hexString) == 1 then
-- hexString = "0" .. hexString
-- end
-- str = str .. hexString
-- end
-- return str
-- end
}
return Utils

2179
client/polarssl_config.h Normal file
View file

File diff suppressed because it is too large Load diff

56
client/scripting.c
View file

@ -18,6 +18,8 @@
#include "util.h"
#include "nonce2key/nonce2key.h"
#include "../common/iso15693tools.h"
#include "../common/crc16.h"
#include "aes.h"
/**
* The following params expected:
* UsbCommand c
@ -224,6 +226,58 @@ static int l_iso15693_crc(lua_State *L)
return 1;
}
/*
Simple AES 128 cbc hook up to OpenSSL.
params: key, input
*/
static int l_aes(lua_State *L)
{
//Check number of arguments
int i;
size_t size;
const char *p_key = luaL_checklstring(L, 1, &size);
if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
const char *p_encTxt = luaL_checklstring(L, 2, &size);
unsigned char indata[16] = {0x00};
unsigned char outdata[16] = {0x00};
unsigned char aes_key[16] = {0x00};
unsigned char iv[16] = {0x00};
// convert key to bytearray
for (i = 0; i < 32; i += 2) {
sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
}
// convert input to bytearray
for (i = 0; i < 32; i += 2) {
sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
}
//AES_KEY key;
//AES_set_decrypt_key(aes_key, 128, &key);
//AES_cbc_encrypt(indata, outdata, sizeof(indata), &key, iv, AES_DECRYPT);
aes_context ctx;
aes_init(&ctx);
aes_setkey_enc(&ctx,(const unsigned char *)p_key,128);
aes_crypt_cbc(&ctx,AES_DECRYPT,sizeof(indata), iv, indata,outdata );
//Push decrypted array as a string
lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
return 1;// return 1 to signal one return value
}
static int l_crc16(lua_State *L)
{
size_t size;
const char *p_str = luaL_checklstring(L, 1, &size);
uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
lua_pushinteger(L, (int) retval);
return 1;
}
/**
* @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
* able to do "require('foobar')" if foobar.lua is within lualibs folder.
@ -261,6 +315,8 @@ int set_pm3_libraries(lua_State *L)
{"clearCommandBuffer", l_clearCommandBuffer},
{"console", l_CmdConsole},
{"iso15693_crc", l_iso15693_crc},
{"aes", l_aes},
{"crc16", l_crc16},
{NULL, NULL}
};

272
client/scripts/tnp3dump.lua Normal file
View file

@ -0,0 +1,272 @@
local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local lib14a = require('read14a')
local utils = require('utils')
local md5 = require('md5')
local dumplib = require('html_dumplib')
local toyNames = require('default_toys')
example =[[
1. script run tnp3dump
2. script run tnp3dump -n
3. script run tnp3dump -k aabbccddeeff
4. script run tnp3dump -k aabbccddeeff -n
5. script run tnp3dump -o myfile
6. script run tnp3dump -n -o myfile
7. script run tnp3dump -k aabbccddeeff -n -o myfile
]]
author = "Iceman"
usage = "script run tnp3dump -k <key> -n -o <filename>"
desc =[[
This script will try to dump the contents of a Mifare TNP3xxx card.
It will need a valid KeyA in order to find the other keys and decode the card.
Arguments:
-h : this help
-k <key> : Sector 0 Key A.
-n : Use the nested cmd to find all keys
-o : filename for the saved dumps
]]
local HASHCONSTANT = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = false -- the debug flag
local numBlocks = 64
local numSectors = 16
---
-- A debug printout-function
function dbg(args)
if not DEBUG then
return
end
if type(args) == "table" then
local i = 1
while result[i] do
dbg(result[i])
i = i+1
end
else
print("###", args)
end
end
---
-- This is only meant to be used when errors occur
function oops(err)
print("ERROR: ",err)
end
---
-- Usage help
function help()
print(desc)
print("Example usage")
print(example)
end
--
-- Exit message
function ExitMsg(msg)
print( string.rep('--',20) )
print( string.rep('--',20) )
print(msg)
print()
end
local function readdumpkeys(infile)
t = infile:read("*all")
len = string.len(t)
local len,hex = bin.unpack(("H%d"):format(len),t)
return hex
end
local function waitCmd()
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
if response then
local count,cmd,arg0 = bin.unpack('LL',response)
if(arg0==1) then
local count,arg1,arg2,data = bin.unpack('LLH511',response,count)
return data:sub(1,32)
else
return nil, "Couldn't read block.."
end
end
return nil, "No response from device"
end
local function computeCrc16(s)
local hash = core.crc16(utils.ConvertHexToAscii(s))
return hash
end
local function reverseCrcBytes(crc)
crc2 = crc:sub(3,4)..crc:sub(1,2)
return tonumber(crc2,16)
end
local function main(args)
print( string.rep('--',20) )
print( string.rep('--',20) )
local keyA
local cmd
local err
local useNested = false
local cmdReadBlockString = 'hf mf rdbl %d A %s'
local input = "dumpkeys.bin"
local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M%S");
-- Arguments for the script
for o, a in getopt.getopt(args, 'hk:no:') do
if o == "h" then return help() end
if o == "k" then keyA = a end
if o == "n" then useNested = true end
if o == "o" then outputTemplate = a end
end
-- validate input args.
keyA = keyA or '4b0b20107ccb'
if #(keyA) ~= 12 then
return oops( string.format('Wrong length of write key (was %d) expected 12', #keyA))
end
-- Turn off Debug
local cmdSetDbgOff = "hf mf dbg 0"
core.console( cmdSetDbgOff)
result, err = lib14a.read1443a(false)
if not result then
return oops(err)
end
core.clearCommandBuffer()
if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx
return oops('This is not a TNP3xxx tag. aborting.')
end
-- Show tag info
print((' Found tag : %s'):format(result.name))
print(('Using keyA : %s'):format(keyA))
--Trying to find the other keys
if useNested then
core.console( ('hf mf nested 1 0 A %s d'):format(keyA) )
end
core.clearCommandBuffer()
-- Loading keyfile
print('Loading dumpkeys.bin')
local hex, err = utils.ReadDumpFile(input)
if not hex then
return oops(err)
end
local akeys = hex:sub(0,12*16)
-- Read block 0
cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0,arg2 = 0,arg3 = 0, data = keyA}
err = core.SendCommand(cmd:getBytes())
if err then return oops(err) end
local block0, err = waitCmd()
if err then return oops(err) end
-- Read block 1
cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 1,arg2 = 0,arg3 = 0, data = keyA}
err = core.SendCommand(cmd:getBytes())
if err then return oops(err) end
local block1, err = waitCmd()
if err then return oops(err) end
local key
local pos = 0
local blockNo
local blocks = {}
print('Reading card data')
core.clearCommandBuffer()
-- main loop
io.write('Decrypting blocks > ')
for blockNo = 0, numBlocks-1, 1 do
if core.ukbhit() then
print("aborted by user")
break
end
pos = (math.floor( blockNo / 4 ) * 12)+1
key = akeys:sub(pos, pos + 11 )
cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = blockNo ,arg2 = 0,arg3 = 0, data = key}
local err = core.SendCommand(cmd:getBytes())
if err then return oops(err) end
local blockdata, err = waitCmd()
if err then return oops(err) end
if blockNo%4 ~= 3 then
if blockNo < 8 then
-- Block 0-7 not encrypted
blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,blockdata)
else
local base = ('%s%s%02x%s'):format(block0, block1, blockNo, HASHCONSTANT)
local baseStr = utils.ConvertHexToAscii(base)
local md5hash = md5.sumhexa(baseStr)
local aestest = core.aes(md5hash, blockdata)
local hex = utils.ConvertAsciiToBytes(aestest)
hex = utils.ConvertBytesToHex(hex)
-- blocks with zero not encrypted.
if string.find(blockdata, '^0+$') then
blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,blockdata)
else
blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,hex)
io.write( blockNo..',')
end
end
else
-- Sectorblocks, not encrypted
blocks[blockNo+1] = ('%02d :: %s%s'):format(blockNo,key,blockdata:sub(13,32))
end
end
io.write('\n')
core.clearCommandBuffer()
-- Print results
local bindata = {}
local emldata = ''
for _,s in pairs(blocks) do
local slice = s:sub(8,#s)
local str = utils.ConvertBytesToAscii(
utils.ConvertHexToBytes(slice)
)
emldata = emldata..slice..'\n'
for c in (str):gmatch('.') do
bindata[#bindata+1] = c
end
end
-- Write dump to files
if not DEBUG then
local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'.bin')
print(("Wrote a BIN dump to the file %s"):format(foo))
local bar = dumplib.SaveAsText(emldata, outputTemplate..'.eml')
print(("Wrote a EML dump to the file %s"):format(bar))
end
local uid = block0:sub(1,8)
local itemtype = block1:sub(1,4)
local cardid = block1:sub(9,24)
-- Show info
print( string.rep('--',20) )
print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
print( (' UID : 0x%s'):format(uid) )
print( (' CARDID : 0x%s'):format(cardid ) )
print( string.rep('--',20) )
end
main(args)

355
client/scripts/tnp3sim.lua Normal file
View file

@ -0,0 +1,355 @@
local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local lib14a = require('read14a')
local utils = require('utils')
local md5 = require('md5')
local toyNames = require('default_toys')
example =[[
1. script run tnp3sim
2. script run tnp3sim -m
3. script run tnp3sim -m -i myfile
]]
author = "Iceman"
usage = "script run tnp3sim -h -m -i <filename>"
desc =[[
This script will try to load a binary datadump of a Mifare TNP3xxx card.
It vill try to validate all checksums and view some information stored in the dump
For an experimental mode, it tries to manipulate some data.
At last it sends all data to the PM3 device memory where it can be used in the command "hf mf sim"
Arguments:
-h : this help
-m : Maxed out items (experimental)
-i : filename for the datadump to read (bin)
]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag
---
-- A debug printout-function
function dbg(args)
if not DEBUG then
return
end
if type(args) == "table" then
local i = 1
while result[i] do
dbg(result[i])
i = i+1
end
else
print("###", args)
end
end
---
-- This is only meant to be used when errors occur
function oops(err)
print("ERROR: ",err)
end
---
-- Usage help
function help()
print(desc)
print("Example usage")
print(example)
end
--
-- Exit message
function ExitMsg(msg)
print( string.rep('--',20) )
print( string.rep('--',20) )
print(msg)
print()
end
local function writedumpfile(infile)
t = infile:read("*all")
len = string.len(t)
local len,hex = bin.unpack(("H%d"):format(len),t)
return hex
end
-- blocks with data
-- there are two dataareas, in block 8 or block 36, ( 1==8 ,
-- checksum type = 0, 1, 2, 3
local function GetCheckSum(blocks, dataarea, chksumtype)
local crc
local area = 36
if dataarea == 1 then
area = 8
end
if chksumtype == 0 then
crc = blocks[1]:sub(29,32)
elseif chksumtype == 1 then
crc = blocks[area]:sub(29,32)
elseif chksumtype == 2 then
crc = blocks[area]:sub(25,28)
elseif chksumtype == 3 then
crc = blocks[area]:sub(21,24)
end
return utils.SwapEndianness(crc,16)
end
local function SetCheckSum(blocks, chksumtype)
if blocks == nil then return nil, 'Argument \"blocks\" nil' end
local newcrc
local area1 = 8
local area2 = 36
if chksumtype == 0 then
newcrc = ('%04X'):format(CalcCheckSum(blocks,1,0))
blocks[1] = blocks[1]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
elseif chksumtype == 1 then
newcrc = ('%04X'):format(CalcCheckSum(blocks,1,1))
blocks[area1] = blocks[area1]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
newcrc = ('%04X'):format(CalcCheckSum(blocks,2,1))
blocks[area2] = blocks[area2]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
elseif chksumtype == 2 then
newcrc = ('%04X'):format(CalcCheckSum(blocks,1,2))
blocks[area1] = blocks[area1]:sub(1,24)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area1]:sub(29,32)
newcrc = ('%04X'):format(CalcCheckSum(blocks,2,2))
blocks[area2] = blocks[area2]:sub(1,24)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area2]:sub(29,32)
elseif chksumtype == 3 then
newcrc = ('%04X'):format(CalcCheckSum(blocks,1,3))
blocks[area1] = blocks[area1]:sub(1,20)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area1]:sub(25,32)
newcrc = ('%04X'):format(CalcCheckSum(blocks,2,3))
blocks[area2] = blocks[area2]:sub(1,20)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area2]:sub(25,32)
end
end
function CalcCheckSum(blocks, dataarea, chksumtype)
local area = 36
if dataarea == 1 then
area = 8
end
if chksumtype == 0 then
data = blocks[0]..blocks[1]:sub(1,28)
elseif chksumtype == 1 then
data = blocks[area]:sub(1,28)..'0500'
elseif chksumtype == 2 then
data = blocks[area+1]..blocks[area+2]..blocks[area+4]
elseif chksumtype == 3 then
data = blocks[area+5]..blocks[area+6]..blocks[area+8]..string.rep('00',0xe0)
end
return utils.Crc16(data)
end
local function ValidateCheckSums(blocks)
local isOk, crc, calc
-- Checksum Type 0
crc = GetCheckSum(blocks,1,0)
calc = CalcCheckSum(blocks, 1, 0)
if crc == calc then isOk='Ok' else isOk = 'Error' end
io.write( ('TYPE 0 : %04x = %04x -- %s\n'):format(crc,calc,isOk))
-- Checksum Type 1 (DATAAREAHEADER 1)
crc = GetCheckSum(blocks,1,1)
calc = CalcCheckSum(blocks,1,1)
if crc == calc then isOk='Ok' else isOk = 'Error' end
io.write( ('TYPE 1 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))
-- Checksum Type 1 (DATAAREAHEADER 2)
crc = GetCheckSum(blocks,2,1)
calc = CalcCheckSum(blocks,2,1)
if crc == calc then isOk='Ok' else isOk = 'Error' end
io.write( ('TYPE 1 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
-- Checksum Type 2 (DATAAREA 1)
crc = GetCheckSum(blocks,1,2)
calc = CalcCheckSum(blocks,1,2)
if crc == calc then isOk='Ok' else isOk = 'Error' end
io.write( ('TYPE 2 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))
-- Checksum Type 2 (DATAAREA 2)
crc = GetCheckSum(blocks,2,2)
calc = CalcCheckSum(blocks,2,2)
if crc == calc then isOk='Ok' else isOk = 'Error' end
io.write( ('TYPE 2 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
-- Checksum Type 3 (DATAAREA 1)
crc = GetCheckSum(blocks,1,3)
calc = CalcCheckSum(blocks,1,3)
if crc == calc then isOk='Ok' else isOk = 'Error' end
io.write( ('TYPE 3 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))
-- Checksum Type 3 (DATAAREA 2)
crc = GetCheckSum(blocks,2,3)
calc = CalcCheckSum(blocks,2,3)
if crc == calc then isOk='Ok' else isOk = 'Error' end
io.write( ('TYPE 3 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
end
local function LoadEmulator(blocks)
local HASHCONSTANT = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'
local cmd
local blockdata
for _,b in pairs(blocks) do
blockdata = b
if _%4 ~= 3 then
if (_ >= 8 and _<=21) or (_ >= 36 and _<=49) then
local base = ('%s%s%02x%s'):format(blocks[0], blocks[1], _ , HASHCONSTANT)
local baseStr = utils.ConvertHexToAscii(base)
local key = md5.sumhexa(baseStr)
local enc = core.aes(key, blockdata)
local hex = utils.ConvertAsciiToBytes(enc)
hex = utils.ConvertBytesToHex(hex)
blockdata = hex
io.write( _..',')
end
end
cmd = Command:new{cmd = cmds.CMD_MIFARE_EML_MEMSET, arg1 = _ ,arg2 = 1,arg3 = 0, data = blockdata}
local err = core.SendCommand(cmd:getBytes())
if err then
return err
end
end
io.write('\n')
end
local function main(args)
print( string.rep('--',20) )
print( string.rep('--',20) )
local result, err, hex
local maxed = false
local inputTemplate = "dumpdata.bin"
local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M");
-- Arguments for the script
for o, a in getopt.getopt(args, 'hmi:o:') do
if o == "h" then return help() end
if o == "m" then maxed = true end
if o == "o" then outputTemplate = a end
if o == "i" then inputTemplate = a end
end
-- Turn off Debug
local cmdSetDbgOff = "hf mf dbg 0"
core.console( cmdSetDbgOff)
-- Look for tag present on reader,
result, err = lib14a.read1443a(false)
if not result then return oops(err) end
core.clearCommandBuffer()
if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx
return oops('This is not a TNP3xxx tag. aborting.')
end
-- Show tag info
print((' Found tag : %s'):format(result.name))
-- Load dump.bin file
print( (' Load data from %s'):format(inputTemplate))
hex, err = utils.ReadDumpFile(inputTemplate)
if not hex then return oops(err) end
local blocks = {}
local blockindex = 0
for i = 1, #hex, 32 do
blocks[blockindex] = hex:sub(i,i+31)
blockindex = blockindex + 1
end
if DEBUG then
print('Validating checksums in the loaded datadump')
ValidateCheckSums(blocks)
end
--
print( string.rep('--',20) )
print(' Gathering info')
local uid = blocks[0]:sub(1,8)
local itemtype = blocks[1]:sub(1,4)
local cardid = blocks[1]:sub(9,24)
-- Show info
print( string.rep('--',20) )
print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
print( (' UID : 0x%s'):format(uid) )
print( (' CARDID : 0x%s'):format(cardid ) )
print( string.rep('--',20) )
-- lets do something.
--
local experience = blocks[8]:sub(1,6)
print(('Experience : %d'):format(utils.SwapEndianness(experience,24)))
local money = blocks[8]:sub(7,10)
print(('Money : %d'):format(utils.SwapEndianness(money,16)))
local fairy = blocks[9]:sub(1,8)
--FD0F = Left, FF0F = Right
local path = 'not choosen'
if fairy:sub(2,2) == 'D' then
path = 'Left'
elseif fairy:sub(2,2) == 'F' then
path = 'Right'
end
print(('Fairy : %d [Path: %s] '):format(utils.SwapEndianness(fairy,24),path))
local hat = blocks[9]:sub(8,11)
print(('Hat : %d'):format(utils.SwapEndianness(hat,16)))
--0x0D 0x29 0x0A 0x02 16-bit hero points value. Maximum 100.
local heropoints = blocks[13]:sub(20,23)
print(('Hero points : %d'):format(utils.SwapEndianness(heropoints,16)))
--0x10 0x2C 0x0C 0x04 32 bit flag value indicating heroic challenges completed.
local challenges = blocks[16]:sub(25,32)
print(('Finished hero challenges : %d'):format(utils.SwapEndianness(challenges,32)))
if maxed then
print('Lets try to max out some values')
-- max out money, experience
--print (blocks[8])
blocks[8] = 'FFFFFF'..'FFFF'..blocks[8]:sub(11,32)
blocks[36] = 'FFFFFF'..'FFFF'..blocks[36]:sub(11,32)
--print (blocks[8])
-- max out hero challenges
--print (blocks[16])
blocks[16] = blocks[16]:sub(1,24)..'FFFFFFFF'
blocks[44] = blocks[44]:sub(1,24)..'FFFFFFFF'
--print (blocks[16])
-- max out heropoints
--print (blocks[13])
blocks[13] = blocks[13]:sub(1,19)..'0064'..blocks[13]:sub(24,32)
blocks[41] = blocks[41]:sub(1,19)..'0064'..blocks[41]:sub(24,32)
--print (blocks[13])
-- Update Checksums
print('Updating all checksums')
SetCheckSum(blocks, 3)
SetCheckSum(blocks, 2)
SetCheckSum(blocks, 1)
SetCheckSum(blocks, 0)
print('Validating all checksums')
ValidateCheckSums(blocks)
end
--Load dumpdata to emulator memory
if DEBUG then
print('Sending dumpdata to emulator memory')
err = LoadEmulator(blocks)
if err then return oops(err) end
core.clearCommandBuffer()
print('The simulation is now prepared.\n --> run \"hf mf sim 5 '..uid..'\" <--')
end
end
main(args)

151
client/util.c
View file

@ -13,6 +13,7 @@
#ifndef _WIN32
#include <termios.h>
#include <sys/ioctl.h>
int ukbhit(void)
{
int cnt = 0;
@ -45,12 +46,18 @@ int ukbhit(void) {
#endif
// log files functions
void AddLogLine(char *fileName, char *extData, char *c) {
void AddLogLine(char *file, char *extData, char *c) {
FILE *fLog = NULL;
char filename[FILE_PATH_SIZE] = {0x00};
int len = 0;
fLog = fopen(fileName, "a");
len = strlen(file);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, file, len);
fLog = fopen(filename, "a");
if (!fLog) {
printf("Could not append log file %s", fileName);
printf("Could not append log file %s", filename);
return;
}
@ -102,16 +109,31 @@ void print_hex(const uint8_t * data, const size_t len)
}
char * sprint_hex(const uint8_t * data, const size_t len) {
int maxLen = ( len > 1024/3) ? 1024/3 : len;
static char buf[1024];
char * tmp = buf;
size_t i;
for (i=0; i < len && i < 1024/3; i++, tmp += 3)
for (i=0; i < maxLen; ++i, tmp += 3)
sprintf(tmp, "%02x ", data[i]);
return buf;
}
char * sprint_bin(const uint8_t * data, const size_t len) {
int maxLen = ( len > 1024) ? 1024 : len;
static char buf[1024];
char * tmp = buf;
size_t i;
for (i=0; i < maxLen; ++i, ++tmp)
sprintf(tmp, "%u", data[i]);
return buf;
}
void num_to_bytes(uint64_t n, size_t len, uint8_t* dest)
{
while (len--) {
@ -131,6 +153,28 @@ uint64_t bytes_to_num(uint8_t* src, size_t len)
return num;
}
//assumes little endian
char * printBits(size_t const size, void const * const ptr)
{
unsigned char *b = (unsigned char*) ptr;
unsigned char byte;
static char buf[1024];
char * tmp = buf;
int i, j;
for (i=size-1;i>=0;i--)
{
for (j=7;j>=0;j--)
{
byte = b[i] & (1<<j);
byte >>= j;
sprintf(tmp, "%u", byte);
tmp++;
}
}
return buf;
}
// -------------------------------------------------------------------------
// string parameters lib
// -------------------------------------------------------------------------
@ -248,3 +292,102 @@ int param_getstr(const char *line, int paramnum, char * str)
return en - bg + 1;
}
/*
The following methods comes from Rfidler sourcecode.
https://github.com/ApertureLabsLtd/RFIDler/blob/master/firmware/Pic32/RFIDler.X/src/
*/
// convert hex to sequence of 0/1 bit values
// returns number of bits converted
int hextobinarray(char *target, char *source)
{
int length, i, count= 0;
char x;
length = strlen(source);
// process 4 bits (1 hex digit) at a time
while(length--)
{
x= *(source++);
// capitalize
if (x >= 'a' && x <= 'f')
x -= 32;
// convert to numeric value
if (x >= '0' && x <= '9')
x -= '0';
else if (x >= 'A' && x <= 'F')
x -= 'A' - 10;
else
return 0;
// output
for(i= 0 ; i < 4 ; ++i, ++count)
*(target++)= (x >> (3 - i)) & 1;
}
return count;
}
// convert hex to human readable binary string
int hextobinstring(char *target, char *source)
{
int length;
if(!(length= hextobinarray(target, source)))
return 0;
binarraytobinstring(target, target, length);
return length;
}
// convert binary array of 0x00/0x01 values to hex (safe to do in place as target will always be shorter than source)
// return number of bits converted
int binarraytohex(char *target, char *source, int length)
{
unsigned char i, x;
int j = length;
if(j % 4)
return 0;
while(j)
{
for(i= x= 0 ; i < 4 ; ++i)
x += ( source[i] << (3 - i));
sprintf(target,"%X", x);
++target;
source += 4;
j -= 4;
}
return length;
}
// convert binary array to human readable binary
void binarraytobinstring(char *target, char *source, int length)
{
int i;
for(i= 0 ; i < length ; ++i)
*(target++)= *(source++) + '0';
*target= '\0';
}
// return parity bit required to match type
uint8_t GetParity( char *bits, uint8_t type, int length)
{
int x;
for(x= 0 ; length > 0 ; --length)
x += bits[length - 1];
x %= 2;
return x ^ type;
}
// add HID parity to binary array: EVEN prefix for 1st half of ID, ODD suffix for 2nd half
void wiegand_add_parity(char *target, char *source, char length)
{
*(target++)= GetParity(source, EVEN, length / 2);
memcpy(target, source, length);
target += length;
*(target)= GetParity(source + length / 2, ODD, length / 2);
}

14
client/util.h
View file

@ -15,6 +15,7 @@
#include <string.h>
#include <ctype.h>
#include <time.h>
#include "data.h"
#ifndef MIN
# define MIN(a, b) (((a) < (b)) ? (a) : (b))
@ -22,6 +23,10 @@
#ifndef MAX
# define MAX(a, b) (((a) > (b)) ? (a) : (b))
#endif
#define TRUE 1
#define FALSE 0
#define EVEN 0
#define ODD 1
int ukbhit(void);
@ -33,9 +38,11 @@ void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount);
void print_hex(const uint8_t * data, const size_t len);
char * sprint_hex(const uint8_t * data, const size_t len);
char * sprint_bin(const uint8_t * data, const size_t len);
void num_to_bytes(uint64_t n, size_t len, uint8_t* dest);
uint64_t bytes_to_num(uint8_t* src, size_t len);
char * printBits(size_t const size, void const * const ptr);
char param_getchar(const char *line, int paramnum);
uint8_t param_get8(const char *line, int paramnum);
@ -45,3 +52,10 @@ uint64_t param_get64ex(const char *line, int paramnum, int deflt, int base);
int param_gethex(const char *line, int paramnum, uint8_t * data, int hexcnt);
int param_getstr(const char *line, int paramnum, char * str);
int hextobinarray( char *target, char *source);
int hextobinstring( char *target, char *source);
int binarraytohex( char *target, char *source, int length);
void binarraytobinstring(char *target, char *source, int length);
uint8_t GetParity( char *string, uint8_t type, int length);
void wiegand_add_parity(char *target, char *source, char length);

4
common/Makefile.common
View file

@ -54,7 +54,8 @@ DELETE=del /q
MOVE=ren
COPY=copy
PATHSEP=\\#
FLASH_TOOL=winsrc\\prox.exe
#FLASH_TOOL=winsrc\\prox.exe
FLASH_TOOL=winsrc\\flash.exe
DETECTED_OS=Windows
endif
@ -67,6 +68,7 @@ INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gp
CFLAGS = -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) -Os
LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n
LIBS = -lgcc
THUMBOBJ = $(patsubst %.c,$(OBJDIR)/%.o,$(THUMBSRC))

2
common/cmd.c
View file

@ -34,8 +34,6 @@
#include "string.h"
#include "proxmark3.h"
//static UsbCommand txcmd;
bool cmd_receive(UsbCommand* cmd) {
// Check if there is a usb packet available

23
common/crc16.c
View file

@ -8,6 +8,7 @@
#include "crc16.h"
unsigned short update_crc16( unsigned short crc, unsigned char c )
{
unsigned short i, v, tcrc = 0;
@ -20,3 +21,25 @@ unsigned short update_crc16( unsigned short crc, unsigned char c )
return ((crc >> 8) ^ tcrc)&0xffff;
}
uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial) {
if (length == 0)
return (~remainder);
for (int byte = 0; byte < length; ++byte) {
remainder ^= (message[byte] << 8);
for (uint8_t bit = 8; bit > 0; --bit) {
if (remainder & 0x8000) {
remainder = (remainder << 1) ^ polynomial;
} else {
remainder = (remainder << 1);
}
}
}
return remainder;
}
uint16_t crc16_ccitt(uint8_t const *message, int length) {
return crc16(message, length, 0xffff, 0x1021);
}

5
common/crc16.h
View file

@ -5,10 +5,11 @@
//-----------------------------------------------------------------------------
// CRC16
//-----------------------------------------------------------------------------
#include <stdint.h>
#ifndef __CRC16_H
#define __CRC16_H
unsigned short update_crc16(unsigned short crc, unsigned char c);
uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial);
uint16_t crc16_ccitt(uint8_t const *message, int length);
#endif

35
common/crc32.c Normal file
View file

@ -0,0 +1,35 @@
#include <stdint.h>
#include <stddef.h>
#include "crc32.h"
#define htole32(x) (x)
#define CRC32_PRESET 0xFFFFFFFF
static void crc32_byte (uint32_t *crc, const uint8_t value);
static void crc32_byte (uint32_t *crc, const uint8_t value) {
/* x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1 */
const uint32_t poly = 0xEDB88320;
*crc ^= value;
for (int current_bit = 7; current_bit >= 0; current_bit--) {
int bit_out = (*crc) & 0x00000001;
*crc >>= 1;
if (bit_out)
*crc ^= poly;
}
}
void crc32 (const uint8_t *data, const size_t len, uint8_t *crc) {
uint32_t desfire_crc = CRC32_PRESET;
for (size_t i = 0; i < len; i++) {
crc32_byte (&desfire_crc, data[i]);
}
*((uint32_t *)(crc)) = htole32 (desfire_crc);
}
void crc32_append (uint8_t *data, const size_t len) {
crc32 (data, len, data + len);
}

15
common/crc32.h Normal file
View file

@ -0,0 +1,15 @@
//-----------------------------------------------------------------------------
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// CRC32
//-----------------------------------------------------------------------------
#ifndef __CRC32_H
#define __CRC32_H
void crc32 (const uint8_t *data, const size_t len, uint8_t *crc);
void crc32_append (uint8_t *data, const size_t len);
#endif

8
common/usb_cdc.c
View file

@ -223,7 +223,6 @@ byte_t btReceiveBank = AT91C_UDP_RX_DATA_BK0;
void usb_disable() {
// Disconnect the USB device
AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU;
// SpinDelay(100);
// Clear all lingering interrupts
if(pUdp->UDP_ISR & AT91C_UDP_ENDBUSRES) {
@ -257,7 +256,6 @@ void usb_enable() {
// Wait for a short while
for (volatile size_t i=0; i<0x100000; i++);
// SpinDelay(100);
// Reconnect USB reconnect
AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU;
@ -304,8 +302,7 @@ uint32_t usb_read(byte_t* data, size_t len) {
uint32_t packetSize, nbBytesRcv = 0;
uint32_t time_out = 0;
while (len)
{
while (len) {
if (!usb_check()) break;
if ( pUdp->UDP_CSR[AT91C_EP_OUT] & bank ) {
@ -314,8 +311,7 @@ uint32_t usb_read(byte_t* data, size_t len) {
while(packetSize--)
data[nbBytesRcv++] = pUdp->UDP_FDR[AT91C_EP_OUT];
pUdp->UDP_CSR[AT91C_EP_OUT] &= ~(bank);
if (bank == AT91C_UDP_RX_DATA_BK0)
{
if (bank == AT91C_UDP_RX_DATA_BK0) {
bank = AT91C_UDP_RX_DATA_BK1;
} else {
bank = AT91C_UDP_RX_DATA_BK0;