Merge branch 'master' of https://github.com/holiman/proxmark3

Conflicts: armsrc/appmain.c armsrc/apps.h Step 1 for the Ultralight / Ultralight-c
2025-08-19 04:49:38 -07:00 · 2015-01-20 20:59:24 +01:00 · 2015-01-20 20:59:24 +01:00 · c8b6da2295
commit c8b6da2295
parent 5149e37e66 f164662363
8 changed files with 121 additions and 19 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -808,7 +808,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			MifareUC_Auth2(c->arg[0],c->d.asBytes);
 			break;
 		case CMD_MIFAREU_READCARD:
-			MifareUReadCard(c->arg[0], c->arg[1], c->d.asBytes);
+			MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
                        break;
 		case CMD_MIFAREUC_READCARD:
 			MifareUReadCard(c->arg[0],c->arg[1],c->d.asBytes);
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -200,7 +200,9 @@ void ReaderMifare(bool first_try);
 int32_t dist_nt(uint32_t nt1, uint32_t nt2);
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
 void MifareUReadBlock(uint8_t arg0,uint8_t *datain);
-void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain);
+void MifareUC_Auth1(uint8_t arg0, uint8_t *datain);
+void MifareUC_Auth2(uint32_t arg0, uint8_t *datain);
+void MifareUReadCard(uint8_t arg0, int Pages, uint8_t *datain);
 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
 void MifareUWriteBlock(uint8_t arg0,uint8_t *datain);
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -1001,10 +1001,11 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 	}
 	
 	// The second response contains the (mandatory) first 24 bits of the UID
-	uint8_t response2[5];
+	uint8_t response2[5] = {0x00};

 	// Check if the uid uses the (optional) part
-	uint8_t response2a[5];
+	uint8_t response2a[5] = {0x00};
+	
 	if (uid_2nd) {
 		response2[0] = 0x88;
 		num_to_bytes(uid_1st,3,response2+1);
@ -1025,12 +1026,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 	response2[4] = response2[0] ^ response2[1] ^ response2[2] ^ response2[3];

 	// Prepare the mandatory SAK (for 4 and 7 byte UID)
-	uint8_t response3[3];
+	uint8_t response3[3]  = {0x00};
 	response3[0] = sak;
 	ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]);

 	// Prepare the optional second SAK (for 7 byte UID), drop the cascade bit
-	uint8_t response3a[3];
+	uint8_t response3a[3]  = {0x00};
 	response3a[0] = sak & 0xFB;
 	ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);

--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -104,14 +104,14 @@ void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){
 	if(!iso14443a_select_card(uid, NULL, &cuid)) {
 		if (MF_DBGLEVEL >= MF_DBG_ERROR)
 			Dbprintf("Can't select card");
-		OnError(0);
+		//OnError(0);
 		return;
 	};
 	
 	if(mifare_ultra_auth1(cuid, dataoutbuf)){
 		if (MF_DBGLEVEL >= MF_DBG_ERROR)	
 			Dbprintf("Authentication part1: Fail.");
-		OnError(1);
+		//OnError(1);
 		return;
 	}

@ -138,7 +138,7 @@ void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){
 	if(mifare_ultra_auth2(cuid, key, dataoutbuf)){
 	    if (MF_DBGLEVEL >= MF_DBG_ERROR) 
 			Dbprintf("Authentication part2: Fail...");
-		OnError(1);
+		//OnError(1);
 		return;			
 	}
 	
@ -1141,14 +1141,14 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
 	if(!len) {
 		if (MF_DBGLEVEL >= MF_DBG_ERROR)	
 			Dbprintf("Can't select card");
-		OnError(1);
+		//OnError(1);
 		return;
 	};

 	if(mifare_desfire_des_auth1(cuid, dataout)){
 		if (MF_DBGLEVEL >= MF_DBG_ERROR)	
 			Dbprintf("Authentication part1: Fail.");
-		OnError(4);
+		//OnError(4);
 		return;
 	}

@ -1171,7 +1171,7 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
 	if( isOK) {
 	    if (MF_DBGLEVEL >= MF_DBG_EXTENDED) 
 			Dbprintf("Authentication part2: Failed");  
-		OnError(4);
+		//OnError(4);
 		return;
 	}

@ -1181,4 +1181,4 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
 	cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();
-}
+}
--- a/armsrc/mifaresniff.c
+++ b/armsrc/mifaresniff.c
@ -13,10 +13,10 @@

 static int sniffState = SNF_INIT;
 static uint8_t sniffUIDType;
-static uint8_t sniffUID[8];
-static uint8_t sniffATQA[2];
+static uint8_t sniffUID[8] = {0x00};
+static uint8_t sniffATQA[2] = {0x00};
 static uint8_t sniffSAK;
-static uint8_t sniffBuf[16];
+static uint8_t sniffBuf[16] = {0x00};
 static uint32_t timerData = 0;


--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@ -623,3 +623,98 @@ void emlClearMem(void) {
 	emlSetMem((uint8_t *)uid, 0, 1);
 	return;
 }
+
+
+// Mifare desfire commands
+int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
+{
+    uint8_t dcmd[5] = {0x00};
+    dcmd[0] = cmd;
+    memcpy(dcmd+1,data,2);
+	AppendCrc14443a(dcmd, 3);
+	
+	ReaderTransmit(dcmd, sizeof(dcmd), NULL);
+	int len = ReaderReceive(answer, answer_parity);
+	if(!len) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR) 
+			Dbprintf("Authentication failed. Card timeout.");
+		return 1;
+    }
+	return len;
+}
+
+int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing)
+{
+    uint8_t dcmd[20] = {0x00};
+    dcmd[0] = cmd;
+    memcpy(dcmd+1,data,17);
+	AppendCrc14443a(dcmd, 18);
+
+	ReaderTransmit(dcmd, sizeof(dcmd), NULL);
+	int len = ReaderReceive(answer, answer_parity);
+	if(!len){
+        if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Authentication failed. Card timeout.");
+		return 1;
+    }
+	return len;
+}
+
+int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){
+
+	int len;
+	// load key, keynumber
+	uint8_t data[2]={0x0a, 0x00};
+	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	
+	len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);
+	if (len == 1) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+		return 1;
+	}
+	
+	if (len == 12) {
+		if (MF_DBGLEVEL >= MF_DBG_EXTENDED)	{
+			Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+				receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
+				receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
+				receivedAnswer[10],receivedAnswer[11]);
+			}
+			memcpy(blockData, receivedAnswer, 12);
+	        return 0;
+	}
+	return 1;
+}
+
+int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
+
+	int len;
+	uint8_t data[17] = {0x00};
+	data[0] = 0xAF;
+	memcpy(data+1,key,16);
+	
+	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	
+	len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);
+	
+	if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);
+		return 1;
+	}
+	
+	if (len == 12){
+		if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
+			Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+				receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
+				receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
+				receivedAnswer[10],receivedAnswer[11]);
+			}
+		memcpy(blockData, receivedAnswer, 12);
+		return 0;
+	}
+	return 1;
+}
--- a/armsrc/mifareutil.h
+++ b/armsrc/mifareutil.h
@ -72,6 +72,11 @@ int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *bloc
 int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid); 
 int mifare_ultra_halt(uint32_t uid);

+// desfire
+int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
+int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing);
+int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);
+int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);

 // crypto functions
 void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
--- a/client/Makefile
+++ b/client/Makefile
@ -13,11 +13,10 @@ CXX=g++
 VPATH = ../common
 OBJDIR = obj

-LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm
+LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm -lcrypto
 LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 
+CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 
 LUAPLATFORM = generic
-
 ifneq (,$(findstring MINGW,$(platform)))
 CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
 QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4