ADD: HF 14A READER is now able to see if a presented card responses to the chinese magic backdoor commands.

FIX: simple namechange of some defines where it hinted it was related to "eml" when it wasn't.
2025-08-22 22:23:38 -07:00 · 2014-12-26 21:32:58 +01:00 · 2014-12-26 21:32:58 +01:00 · d52e4e8819
commit d52e4e8819
parent 1b492a97af
6 changed files with 73 additions and 39 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -854,12 +854,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			break;
 			
 		// Work with "magic Chinese" card
-		case CMD_MIFARE_EML_CSETBLOCK:
+		case CMD_MIFARE_CSETBLOCK:
 			MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
 			break;
-		case CMD_MIFARE_EML_CGETBLOCK:
+		case CMD_MIFARE_CGETBLOCK:
 			MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
 			break;
+		case CMD_MIFARE_CIDENT:
+			MifareCIdent();
+			break;
 			
 		// mifare sniffer
 		case CMD_MIFARE_SNIFFER:
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -211,6 +211,7 @@ void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);  // Work with "magic Chinese" card
 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
+void MifareCIdent();  // is "magic chinese" card?

 // mifaredesfire.h
 bool 	InitDesfireCard();
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -937,29 +937,22 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	
 	// variables
 	byte_t isOK = 0;
-	uint8_t uid[10];
-	uint8_t d_block[18];
+	uint8_t uid[10] = {0x00};
+	uint8_t d_block[18] = {0x00};
 	uint32_t cuid;
 	
-	memset(uid, 0x00, 10);
 	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 	
 	// reset FPGA and LED
 	if (workFlags & 0x08) {
-		iso14a_clear_trace();
-		iso14a_set_tracing(TRUE);
-
-		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
-
 		LED_A_ON();
 		LED_B_OFF();
 		LED_C_OFF();
-	
-		//SpinDelay(300);
-		//FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-		//SpinDelay(100);
-		//FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+		
+		iso14a_clear_trace();
+		iso14a_set_tracing(TRUE);
+		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	}

 	while (true) {
@ -967,7 +960,6 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 		// get UID from chip
 		if (workFlags & 0x01) {
 			if(!iso14443a_select_card(uid, NULL, &cuid)) {
-				Dbprintf("ICE");
 				if (MF_DBGLEVEL >= 1)	Dbprintf("Can't select card");
 				break;
 			};
@ -1065,28 +1057,20 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	
 	// variables
 	byte_t isOK = 0;
-	uint8_t data[18];
+	uint8_t data[18] = {0x00};
 	uint32_t cuid = 0;
 	
-	memset(data, 0x00, 18);
 	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 	
 	if (workFlags & 0x08) {
-		// clear trace
-		iso14a_clear_trace();
-		iso14a_set_tracing(TRUE);
-
-		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
-
 		LED_A_ON();
 		LED_B_OFF();
 		LED_C_OFF();
-	
-		// SpinDelay(300);
-		// FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-		// SpinDelay(100);
-		// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+
+		iso14a_clear_trace();
+		iso14a_set_tracing(TRUE);
+		iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	}

 	while (true) {
@ -1132,3 +1116,35 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 	}
 }

+void MifareCIdent(){
+  
+	// card commands
+	uint8_t wupC1[]       = { 0x40 }; 
+	uint8_t wupC2[]       = { 0x43 }; 
+	
+	// variables
+	byte_t isOK = 1;
+	
+	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	
+	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+	
+	ReaderTransmitBitsPar(wupC1,7,0, NULL);
+	if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
+		isOK = 0;
+	};
+
+	ReaderTransmit(wupC2, sizeof(wupC2), NULL);
+	if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
+		isOK = 0;
+	};
+
+	if (mifare_classic_halt(NULL, 0)) {
+		isOK = 0;
+	};
+
+	cmd_send(CMD_ACK,isOK,0,0,0,0);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+}
+
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@ -24,11 +24,11 @@ bool InitDesfireCard(){
 	
 	byte_t cardbuf[USB_CMD_DATA_SIZE];
 	memset(cardbuf,0,sizeof(cardbuf));
+	iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
 	
 	iso14a_set_tracing(TRUE);
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	
-	iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
 	int len = iso14443a_select_card(NULL,card,NULL);

 	if (!len) {
@ -350,7 +350,7 @@ size_t CreateAPDU( uint8_t *datain, size_t len, uint8_t *dataout){
 	
 	cmd[0] = 0x0A;  //  0x0A = skicka cid,  0x02 = ingen cid. Särskilda bitar //
 	cmd[0] |= pcb_blocknum; // OR the block number into the PCB	
-	cmd[1] = 0x00;  //  CID: 0x00 //FIXME: allow multiple selected cards
+	cmd[1] = 0x00;  //  CID: 0x00 //TODO: allow multiple selected cards
 	
 	memcpy(cmd+2, datain, len);
 	AppendCrc14443a(cmd, len+2);
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@ -225,12 +225,6 @@ int CmdHF14AReader(const char *Cmd)
 	    memcpy(&card.ats, resp.d.asBytes, resp.arg[0]);
 		card.ats_len = resp.arg[0];				// note: ats_len includes CRC Bytes
 	} 
-
-	// disconnect
-	c.arg[0] = 0;
-	c.arg[1] = 0;
-	c.arg[2] = 0;
-	SendCommand(&c);
 	
 	if(card.ats_len >= 3) {			// a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
 		bool ta1 = 0, tb1 = 0, tc1 = 0;
@ -370,6 +364,23 @@ int CmdHF14AReader(const char *Cmd)
 		PrintAndLog("proprietary non iso14443-4 card found, RATS not supported");
 	}

+	
+	// try to see if card responses to "chinese magic backdoor" commands.
+	c.cmd = CMD_MIFARE_CIDENT;
+	c.arg[0] = 0;
+	c.arg[1] = 0;
+	c.arg[2] = 0;	
+	SendCommand(&c);
+	WaitForResponse(CMD_ACK,&resp);
+	uint8_t isOK  = resp.arg[0] & 0xff;
+	PrintAndLog(" Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") );
+	
+	// disconnect
+	c.arg[0] = 0;
+	c.arg[1] = 0;
+	c.arg[2] = 0;
+	SendCommand(&c);
+	
 	return select_status;
 }

--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@ -137,8 +137,11 @@ typedef struct {
 #define CMD_MIFARE_EML_MEMSET                                             0x0602
 #define CMD_MIFARE_EML_MEMGET                                             0x0603
 #define CMD_MIFARE_EML_CARDLOAD                                           0x0604
-#define CMD_MIFARE_EML_CSETBLOCK                                          0x0605
-#define CMD_MIFARE_EML_CGETBLOCK                                          0x0606
+
+// magic chinese card commands
+#define CMD_MIFARE_CSETBLOCK                                              0x0605
+#define CMD_MIFARE_CGETBLOCK                                              0x0606
+#define CMD_MIFARE_CIDENT                                                 0x0607

 #define CMD_SIMULATE_MIFARE_CARD                                          0x0610