github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-08 06:00:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

upgrading 'hf mfu' (#830)

Browse source 
* chg: write new dump file format by @mceloff
* chg: rename 'hf mfu dump' option 'n' to 'f' to align with other commands and RRG repo
* chg: replace ISO14443A_CMD_READBLOCK by MIFARE_CMD_READBLOCK, same for WRITEBLOCK
* fix: mifare_ultra_readblock() returned 14 bytes instead of 16
* chg: param_gethex_ex() now checks maximum output buffer length
* chg: ul_comp_write() was incomplete and for magic testing only
* fix: 16bit ULC counter had been displayed as 32bit
* chg: add check for 7 Byte UID, drop check for ATQA in type identification GetHF14AMfU_Type()
* fix: send HALT instead of dropping field in order to maintain a defined state
* chg: DropField() when command ends
* chg: check for invalid page ranges in 'hf mfu dump'
* fix: print correct lock bits when page range is used
* fix: do not write (incomplete) dumpfile when page range is used
* add: use UID for filename when no filename is given (RRG repo)
* chg: don't clear trace on each ULC authentication, clear trace at beginning of each command
* fix: don't send (DESFire?) deselect command after authentication
This commit is contained in:
pwpiwi 2019-06-06 07:33:12 +02:00 committed by GitHub
parent d38bb3acc3
commit b8dd1ef649
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 729 additions and 772 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/apps.h
View file

@ -142,8 +142,6 @@ void MifareDES_Auth1(uint8_t arg0,uint8_t arg1,uint8_t arg2, uint8_t *datain);
void ReaderMifareDES(uint32_t param, uint32_t param2, uint8_t * datain);
int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout);
size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout);
void OnSuccess();
void OnError(uint8_t reason);
/// iclass.h

5
armsrc/iclass.c
View file

@ -1963,7 +1963,10 @@ void iClass_Dump(uint8_t blockno, uint8_t numblks) {
uint8_t *dataout = BigBuf_malloc(255*8);
if (dataout == NULL){
Dbprintf("out of memory");
OnError(1);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
cmd_send(CMD_ACK,0,1,0,0,0);
LED_A_OFF();
return;
}
memset(dataout,0xFF,255*8);

82
armsrc/mifarecmd.c
View file

@ -23,24 +23,42 @@
#define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)
#define HARDNESTED_PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication
/*
// the block number for the ISO14443-4 PCB
static uint8_t pcb_blocknum = 0;
// Deselect card by sending a s-block. the crc is precalced for speed
static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
static void OnSuccess(){
pcb_blocknum = 0;
ReaderTransmit(deselect_cmd, 3 , NULL);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
*/
static void OnError(uint8_t reason){
// pcb_blocknum = 0;
// ReaderTransmit(deselect_cmd, 3 , NULL);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
cmd_send(CMD_ACK,0,reason,0,0,0);
LED_A_OFF();
}
//-----------------------------------------------------------------------------
// Select, Authenticate, Read a MIFARE tag.
// read block
//-----------------------------------------------------------------------------
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
{
// params
LED_A_ON();
uint8_t blockNo = arg0;
uint8_t keyType = arg1;
uint64_t ui64Key = 0;
ui64Key = bytes_to_num(datain, 6);
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
uint8_t uid[10];
@ -53,10 +71,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
clear_trace();
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
while (true) {
if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
@ -97,21 +111,18 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
LED_A_ON();
bool turnOffField = (arg0 == 1);
LED_A_ON(); LED_B_OFF(); LED_C_OFF();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
if(!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {
if (!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
OnError(0);
return;
};
if(!mifare_ultra_auth(keybytes)){
if (!mifare_ultra_auth(keybytes)){
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
OnError(1);
return;
@ -119,9 +130,11 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
if (turnOffField) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
LED_D_OFF();
}
cmd_send(CMD_ACK,1,0,0,0,0);
LED_A_OFF();
}
// Arg0 = BlockNo,
@ -129,17 +142,15 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
// datain = PWD bytes,
void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
{
LED_A_ON();
uint8_t blockNo = arg0;
byte_t dataout[16] = {0x00};
bool useKey = (arg1 == 1); //UL_C
bool usePwd = (arg1 == 2); //UL_EV1/NTAG
LEDsoff();
LED_A_ON();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
int len = iso14443a_select_card(NULL, NULL, NULL, true, 0, true);
if(!len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);
@ -148,7 +159,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
}
// UL-C authentication
if ( useKey ) {
if (useKey) {
uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) );
@ -159,7 +170,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
}
// UL-EV1 / NTAG authentication
if ( usePwd ) {
if (usePwd) {
uint8_t pwd[4] = {0x00};
memcpy(pwd, datain, 4);
uint8_t pack[4] = {0,0,0,0};
@ -169,13 +180,13 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
}
}
if( mifare_ultra_readblock(blockNo, dataout) ) {
if (mifare_ultra_readblock(blockNo, dataout)) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
OnError(2);
return;
}
if( mifare_ultra_halt() ) {
if (mifare_ultra_halt()) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
OnError(3);
return;
@ -183,7 +194,8 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
cmd_send(CMD_ACK,1,0,0,dataout,16);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
LED_D_OFF();
LED_A_OFF();
}
//-----------------------------------------------------------------------------
@ -259,13 +271,11 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
// datain = KEY bytes
void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
{
LEDsoff();
LED_A_ON();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
// free eventually allocated BigBuf memory
BigBuf_free();
clear_trace();
// params
uint8_t blockNo = arg0;
@ -288,7 +298,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
}
// UL-C authentication
if ( useKey ) {
if (useKey) {
uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) );
@ -340,14 +350,14 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
return;
}
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
if (MF_DBGLEVEL >= MF_DBG_DEBUG) Dbprintf("Blocks read %d", countblocks);
countblocks *= 4;
cmd_send(CMD_ACK, 1, countblocks*4, BigBuf_max_traceLen(), 0, 0);
cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
LED_D_OFF();
BigBuf_free();
LED_A_OFF();
}
//-----------------------------------------------------------------------------
@ -1598,17 +1608,3 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
LEDsoff();
}
void OnSuccess(){
pcb_blocknum = 0;
ReaderTransmit(deselect_cmd, 3 , NULL);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
void OnError(uint8_t reason){
pcb_blocknum = 0;
ReaderTransmit(deselect_cmd, 3 , NULL);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
cmd_send(CMD_ACK,0,reason,0,0,0);
LEDsoff();
}

8
armsrc/mifaresim.c
View file

@ -542,8 +542,8 @@ void MifareSim(uint8_t flags, uint8_t exitAfterNReads, uint8_t cardsize, uint8_t
break;
}
if(receivedCmd_dec[0] == ISO14443A_CMD_READBLOCK
|| receivedCmd_dec[0] == ISO14443A_CMD_WRITEBLOCK
if(receivedCmd_dec[0] == MIFARE_CMD_READBLOCK
|| receivedCmd_dec[0] == MIFARE_CMD_WRITEBLOCK
|| receivedCmd_dec[0] == MIFARE_CMD_INC
|| receivedCmd_dec[0] == MIFARE_CMD_DEC
|| receivedCmd_dec[0] == MIFARE_CMD_RESTORE
@ -562,7 +562,7 @@ void MifareSim(uint8_t flags, uint8_t exitAfterNReads, uint8_t cardsize, uint8_t
}
}
if (receivedCmd_dec[0] == ISO14443A_CMD_READBLOCK) {
if (receivedCmd_dec[0] == MIFARE_CMD_READBLOCK) {
uint8_t blockNo = receivedCmd_dec[1];
emlGetMem(response, blockNo, 1);
if (IsSectorTrailer(blockNo)) {
@ -593,7 +593,7 @@ void MifareSim(uint8_t flags, uint8_t exitAfterNReads, uint8_t cardsize, uint8_t
break;
}
if (receivedCmd_dec[0] == ISO14443A_CMD_WRITEBLOCK) {
if (receivedCmd_dec[0] == MIFARE_CMD_WRITEBLOCK) {
uint8_t blockNo = receivedCmd_dec[1];
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
FpgaDisableTracing();

2
armsrc/mifareutil.c
View file

@ -451,7 +451,7 @@ int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData)
return result;
}
memcpy(blockData, receivedAnswer, 14);
memcpy(blockData, receivedAnswer, 16);
return 0;
}

5
armsrc/mifareutil.h
View file

@ -25,11 +25,6 @@
#define AUTH_FIRST 0
#define AUTH_NESTED 2
// mifare 4bit card answers
#define CARD_ACK 0x0A // 1010 - ACK
#define CARD_NACK_NA 0x04 // 0100 - NACK, not allowed (command not allowed)
#define CARD_NACK_TR 0x05 // 0101 - NACK, transmission error
// reader voltage field detector
#define MF_MINFIELDV 4000

4
client/cmdhflist.c
View file

@ -415,8 +415,8 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
case ISO14443A_CMD_REQA:
snprintf(exp,size,"REQA");
break;
case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
case MIFARE_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
case MIFARE_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
case ISO14443A_CMD_HALT:
snprintf(exp,size,"HALT");
MifareAuthState = masNone;

13
client/cmdhfmf.c
View file

@ -1516,8 +1516,11 @@ int CmdHF14AMfSim(const char *Cmd) {
break;
case 'u':
case 'U':
param_gethex_ex(Cmd, cmdp+1, uid, &uidlen);
switch(uidlen) {
uidlen = 14;
if (param_gethex_ex(Cmd, cmdp+1, uid, &uidlen)) {
return usage_hf14_mfsim();
}
switch (uidlen) {
case 14: flags = FLAG_7B_UID_IN_DATA; break;
case 8: flags = FLAG_4B_UID_IN_DATA; break;
default: return usage_hf14_mfsim();
@ -2726,9 +2729,9 @@ int CmdHF14AMfSniff(const char *Cmd){
//needs nt, ar, at, Data to decrypt
int CmdDecryptTraceCmds(const char *Cmd){
uint8_t data[50];
int len = 0;
param_gethex_ex(Cmd,3,data,&len);
return tryDecryptWord(param_get32ex(Cmd,0,0,16),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),data,len/2);
int len = 100;
param_gethex_ex(Cmd, 3, data, &len);
return tryDecryptWord(param_get32ex(Cmd, 0, 0, 16), param_get32ex(Cmd, 1, 0, 16), param_get32ex(Cmd, 2, 0, 16), data, len/2);
}
int CmdHF14AMfAuth4(const char *cmd) {

1304
client/cmdhfmfu.c
View file

File diff suppressed because it is too large Load diff

17
client/util.c
View file

@ -117,9 +117,8 @@ void AddLogCurrentDT(char *fileName) {
AddLogLine(fileName, "\nanticollision: ", buff);
}
void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount) {
void FillFileNameByUID(char *fileName, uint8_t *uid, char *ext, int byteCount) {
char * fnameptr = fileName;
memset(fileName, 0x00, 200);
for (int j = 0; j < byteCount; j++, fnameptr += 2)
sprintf(fnameptr, "%02x", (unsigned int) uid[j]);
@ -323,13 +322,12 @@ uint32_t SwapBits(uint32_t value, int nrbits) {
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize){
static uint8_t buf[64];
memset(buf, 0x00, 64);
uint8_t *tmp = buf;
for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
for (size_t i = 0; i < blockSize; i++){
tmp[i+(blockSize*block)] = src[(blockSize-1-i)+(blockSize*block)];
buf[i+(blockSize*block)] = src[(blockSize-1-i)+(blockSize*block)];
}
}
return tmp;
return buf;
}
//assumes little endian
@ -338,7 +336,7 @@ char *printBits(size_t const size, void const * const ptr)
unsigned char *b = (unsigned char*) ptr;
unsigned char byte;
static char buf[1024];
char * tmp = buf;
char *tmp = buf;
int i, j;
for (i=size-1;i>=0;i--)
@ -354,7 +352,7 @@ char *printBits(size_t const size, void const * const ptr)
return buf;
}
char * printBitsPar(const uint8_t *b, size_t len) {
char *printBitsPar(const uint8_t *b, size_t len) {
static char buf1[512] = {0};
static char buf2[512] = {0};
static char *buf;
@ -519,7 +517,8 @@ int param_gethex(const char *line, int paramnum, uint8_t * data, int hexcnt)
return 0;
}
int param_gethex_ex(const char *line, int paramnum, uint8_t * data, int *hexcnt)
int param_gethex_ex(const char *line, int paramnum, uint8_t *data, int *hexcnt)
{
int bg, en, temp, i;
@ -528,6 +527,8 @@ int param_gethex_ex(const char *line, int paramnum, uint8_t * data, int *hexcnt)
if (param_getptr(line, &bg, &en, paramnum)) return 1;
if (en - bg + 1 > *hexcnt) return 1;
*hexcnt = en - bg + 1;
if (*hexcnt % 2) //error if not complete hex bytes
return 1;

59
common/protocols.h
View file

@ -105,44 +105,49 @@ NXP/Philips CUSTOM COMMANDS
#define ISO14443A_CMD_REQA 0x26
#define ISO14443A_CMD_READBLOCK 0x30
#define ISO14443A_CMD_WUPA 0x52
#define ISO14443A_CMD_ANTICOLL_OR_SELECT 0x93
#define ISO14443A_CMD_ANTICOLL_OR_SELECT_2 0x95
#define ISO14443A_CMD_ANTICOLL_OR_SELECT_3 0x97
#define ISO14443A_CMD_WRITEBLOCK 0xA0 // or 0xA2 ?
#define ISO14443A_CMD_HALT 0x50
#define ISO14443A_CMD_RATS 0xE0
#define MIFARE_AUTH_KEYA 0x60
#define MIFARE_AUTH_KEYB 0x61
#define MIFARE_MAGICWUPC1 0x40
#define MIFARE_MAGICWUPC2 0x43
#define MIFARE_MAGICWIPEC 0x41
#define MIFARE_CMD_INC 0xC0
#define MIFARE_CMD_DEC 0xC1
#define MIFARE_CMD_RESTORE 0xC2
#define MIFARE_CMD_TRANSFER 0xB0
#define MIFARE_CMD_READBLOCK 0x30
#define MIFARE_CMD_WRITEBLOCK 0xA0
#define MIFARE_AUTH_KEYA 0x60
#define MIFARE_AUTH_KEYB 0x61
#define MIFARE_MAGICWUPC1 0x40
#define MIFARE_MAGICWUPC2 0x43
#define MIFARE_MAGICWIPEC 0x41
#define MIFARE_CMD_INC 0xC0
#define MIFARE_CMD_DEC 0xC1
#define MIFARE_CMD_RESTORE 0xC2
#define MIFARE_CMD_TRANSFER 0xB0
#define MIFARE_EV1_PERSONAL_UID 0x40
#define MIFARE_EV1_SETMODE 0x43
#define MIFARE_EV1_PERSONAL_UID 0x40
#define MIFARE_EV1_SETMODE 0x43
#define MIFARE_ULC_WRITE 0xA2
#define MIFARE_ULC_COMP_WRITE MIFARE_CMD_WRITEBLOCK
#define MIFARE_ULC_AUTH_1 0x1A
#define MIFARE_ULC_AUTH_2 0xAF
#define MIFARE_ULC_WRITE 0xA2
//#define MIFARE_ULC__COMP_WRITE 0xA0
#define MIFARE_ULC_AUTH_1 0x1A
#define MIFARE_ULC_AUTH_2 0xAF
#define MIFARE_ULEV1_AUTH 0x1B
#define MIFARE_ULEV1_VERSION 0x60
#define MIFARE_ULEV1_FASTREAD 0x3A
#define MIFARE_ULEV1_WRITE 0xA2
#define MIFARE_ULEV1_COMP_WRITE MIFARE_CMD_WRITEBLOCK
#define MIFARE_ULEV1_READ_CNT 0x39
#define MIFARE_ULEV1_INCR_CNT 0xA5
#define MIFARE_ULEV1_READSIG 0x3C
#define MIFARE_ULEV1_CHECKTEAR 0x3E
#define MIFARE_ULEV1_VCSL 0x4B
// mifare 4bit card answers
#define CARD_ACK 0x0A // 1010 - ACK
#define CARD_NACK_NA 0x04 // 0100 - NACK, not allowed (command not allowed)
#define CARD_NACK_TR 0x05 // 0101 - NACK, transmission error
#define MIFARE_ULEV1_AUTH 0x1B
#define MIFARE_ULEV1_VERSION 0x60
#define MIFARE_ULEV1_FASTREAD 0x3A
//#define MIFARE_ULEV1_WRITE 0xA2
//#define MIFARE_ULEV1_COMP_WRITE 0xA0
#define MIFARE_ULEV1_READ_CNT 0x39
#define MIFARE_ULEV1_INCR_CNT 0xA5
#define MIFARE_ULEV1_READSIG 0x3C
#define MIFARE_ULEV1_CHECKTEAR 0x3E
#define MIFARE_ULEV1_VCSL 0x4B
/**
06 00 = INITIATE