]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifarecmd.c
3d5dcdef10a48f73ca889c7ae6e742f68b49e6d8
[proxmark3-svn] / armsrc / mifarecmd.c
1 //-----------------------------------------------------------------------------
2 // Merlok - June 2011, 2012
3 // Gerhard de Koning Gans - May 2008
4 // Hagen Fritsch - June 2010
5 // Midnitesnake - Dec 2013
6 // Andy Davies - Apr 2014
7 // Iceman - May 2014
8 //
9 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
10 // at your option, any later version. See the LICENSE.txt file for the text of
11 // the license.
12 //-----------------------------------------------------------------------------
13 // Routines to support ISO 14443 type A.
14 //-----------------------------------------------------------------------------
15
16 #include "mifarecmd.h"
17 #include "apps.h"
18 #include "util.h"
19
20 #include "des.h"
21 #include "crc.h"
22
23 // the block number for the ISO14443-4 PCB
24 uint8_t pcb_blocknum = 0;
25 // Deselect card by sending a s-block. the crc is precalced for speed
26 static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
27
28
29 //-----------------------------------------------------------------------------
30 // Select, Authenticate, Read a MIFARE tag.
31 // read block
32 //-----------------------------------------------------------------------------
33 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
34 {
35 // params
36 uint8_t blockNo = arg0;
37 uint8_t keyType = arg1;
38 uint64_t ui64Key = 0;
39 ui64Key = bytes_to_num(datain, 6);
40
41 // variables
42 byte_t isOK = 0;
43 byte_t dataoutbuf[16];
44 uint8_t uid[10];
45 uint32_t cuid;
46 struct Crypto1State mpcs = {0, 0};
47 struct Crypto1State *pcs;
48 pcs = &mpcs;
49
50 // clear trace
51 clear_trace();
52 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
53
54 LED_A_ON();
55 LED_B_OFF();
56 LED_C_OFF();
57
58 while (true) {
59 if(!iso14443a_select_card(uid, NULL, &cuid)) {
60 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
61 break;
62 };
63
64 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
65 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
66 break;
67 };
68
69 if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) {
70 if (MF_DBGLEVEL >= 1) Dbprintf("Read block error");
71 break;
72 };
73
74 if(mifare_classic_halt(pcs, cuid)) {
75 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
76 break;
77 };
78
79 isOK = 1;
80 break;
81 }
82
83 // ----------------------------- crypto1 destroy
84 crypto1_destroy(pcs);
85
86 if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");
87
88 LED_B_ON();
89 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
90 LED_B_OFF();
91
92 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
93 LEDsoff();
94 }
95
96 void MifareUC_Auth1(uint8_t arg0, uint8_t *datain){
97
98 byte_t dataoutbuf[16] = {0x00};
99 uint8_t uid[10] = {0x00};
100 uint32_t cuid = 0x00;
101
102 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
103
104 clear_trace();
105 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
106
107 if(!iso14443a_select_card(uid, NULL, &cuid)) {
108 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
109 OnError(0);
110 return;
111 };
112
113 if(mifare_ultra_auth1(dataoutbuf)){
114 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");
115 OnError(1);
116 return;
117 }
118
119 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");
120
121 cmd_send(CMD_ACK,1,cuid,0,dataoutbuf,11);
122 LEDsoff();
123 }
124 void MifareUC_Auth2(uint32_t arg0, uint8_t *datain){
125
126 uint8_t key[16] = {0x00};
127 byte_t dataoutbuf[16] = {0x00};
128
129 memcpy(key, datain, 16);
130
131 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
132
133 if(mifare_ultra_auth2(key, dataoutbuf)){
134 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part2: Fail...");
135 OnError(1);
136 return;
137 }
138
139 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
140
141 cmd_send(CMD_ACK,1,0,0,dataoutbuf,11);
142 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
143 LEDsoff();
144 }
145
146 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
147 {
148 uint8_t blockNo = arg0;
149 byte_t dataout[16] = {0x00};
150 uint8_t uid[10] = {0x00};
151 uint8_t key[16] = {0x00};
152 bool usePwd = (arg1 == 1);
153
154 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
155
156 clear_trace();
157 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
158
159 int len = iso14443a_select_card(uid, NULL, NULL);
160 if(!len) {
161 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);
162 OnError(1);
163 return;
164 }
165
166 // authenticate here.
167 if ( usePwd ) {
168
169 memcpy(key, datain, 16);
170
171 // Dbprintf("KEY: %02x %02x %02x %02x %02x %02x %02x %02x", key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7] );
172 // Dbprintf("KEY: %02x %02x %02x %02x %02x %02x %02x %02x", key[8],key[9],key[10],key[11],key[12],key[13],key[14],key[15] );
173
174 uint8_t a[8] = {1,1,1,1,1,1,1,1 };
175 uint8_t b[8] = {0x00};
176 uint8_t enc_b[8] = {0x00};
177 uint8_t ab[16] = {0x00};
178 uint8_t enc_ab[16] = {0x00};
179 uint8_t enc_key[8] = {0x00};
180
181 uint16_t len;
182 uint8_t receivedAnswer[MAX_FRAME_SIZE];
183 uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
184
185 len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);
186 if (len != 11) {
187 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
188 OnError(1);
189 return;
190 }
191
192 // tag nonce.
193 memcpy(enc_b,receivedAnswer+1,8);
194
195 // decrypt nonce.
196 tdes_2key_dec(b, enc_b, 8, key );
197
198 Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x", enc_b[0],enc_b[1],enc_b[2],enc_b[3],enc_b[4],enc_b[5],enc_b[6],enc_b[7] );
199 Dbprintf(" B: %02x %02x %02x %02x %02x %02x %02x %02x", b[0],b[1],b[2],b[3],b[4],b[5],b[6],b[7] );
200 rol(b,8);
201
202 memcpy(ab ,a,8);
203 memcpy(ab+8,b,8);
204
205 Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[0],ab[1],ab[2],ab[3],ab[4],ab[5],ab[6],ab[7] );
206 Dbprintf("AB: %02x %02x %02x %02x %02x %02x %02x %02x", ab[8],ab[9],ab[10],ab[11],ab[12],ab[13],ab[14],ab[15] );
207
208 // encrypt
209 tdes_2key_enc(enc_ab, ab, 16, key);
210
211 Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", enc_ab[0],enc_ab[1],enc_ab[2],enc_ab[3],enc_ab[4],enc_ab[5],enc_ab[6],enc_ab[7] );
212 Dbprintf("e_enc_ab: %02x %02x %02x %02x %02x %02x %02x %02x", enc_ab[8],enc_ab[9],enc_ab[10],enc_ab[11],enc_ab[12],enc_ab[13],enc_ab[14],enc_ab[15] );
213
214 len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, enc_ab, receivedAnswer, receivedAnswerPar, NULL);
215 if (len != 11) {
216 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
217 OnError(1);
218 return;
219 }
220
221 // the tags' encryption of our nonce, A.
222 memcpy(enc_key, receivedAnswer+1, 8);
223
224 // clear B.
225 memset(b, 0x00, 8);
226
227 // decrypt
228 tdes_2key_dec(b, enc_key, 8, key );
229 if ( memcmp(a, b, 8) == 0 )
230 Dbprintf("Verified key");
231 else
232 Dbprintf("failed authentication");
233
234 Dbprintf("a: %02x %02x %02x %02x %02x %02x %02x %02x", a[0],a[1],a[2],a[3],a[4],a[5],a[6],a[7] );
235 Dbprintf("b: %02x %02x %02x %02x %02x %02x %02x %02x", b[0],b[1],b[2],b[3],b[4],b[5],b[6],b[7] );
236 }
237
238 if( mifare_ultra_readblock(blockNo, dataout) ) {
239 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
240 OnError(2);
241 return;
242 }
243
244 if( mifare_ultra_halt() ) {
245 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
246 OnError(3);
247 return;
248 }
249
250 cmd_send(CMD_ACK,1,0,0,dataout,16);
251 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
252 LEDsoff();
253 }
254 //-----------------------------------------------------------------------------
255 // Select, Authenticate, Read a MIFARE tag.
256 // read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)
257 //-----------------------------------------------------------------------------
258 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
259 {
260 // params
261 uint8_t sectorNo = arg0;
262 uint8_t keyType = arg1;
263 uint64_t ui64Key = 0;
264 ui64Key = bytes_to_num(datain, 6);
265
266 // variables
267 byte_t isOK = 0;
268 byte_t dataoutbuf[16 * 16];
269 uint8_t uid[10];
270 uint32_t cuid;
271 struct Crypto1State mpcs = {0, 0};
272 struct Crypto1State *pcs;
273 pcs = &mpcs;
274
275 // clear trace
276 clear_trace();
277
278 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
279
280 LED_A_ON();
281 LED_B_OFF();
282 LED_C_OFF();
283
284 isOK = 1;
285 if(!iso14443a_select_card(uid, NULL, &cuid)) {
286 isOK = 0;
287 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
288 }
289
290
291 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
292 isOK = 0;
293 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
294 }
295
296 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
297 if(mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf + 16 * blockNo)) {
298 isOK = 0;
299 if (MF_DBGLEVEL >= 1) Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo);
300 break;
301 }
302 }
303
304 if(mifare_classic_halt(pcs, cuid)) {
305 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
306 }
307
308 // ----------------------------- crypto1 destroy
309 crypto1_destroy(pcs);
310
311 if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");
312
313 LED_B_ON();
314 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo));
315 LED_B_OFF();
316
317 // Thats it...
318 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
319 LEDsoff();
320 }
321
322 void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)
323 {
324 // params
325 uint8_t sectorNo = arg0;
326 int Pages = arg1;
327 int countpages = 0;
328 byte_t dataout[176] = {0x00};;
329 uint32_t cuid = 0x00;
330
331 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
332 clear_trace();
333 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
334
335 int len = iso14443a_select_card(NULL, NULL, &cuid);
336 if (!len) {
337 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);
338 OnError(1);
339 return;
340 }
341
342 for (int i = 0; i < Pages; i++){
343
344 len = mifare_ultra_readblock(sectorNo * 4 + i, dataout + 4 * i);
345
346 if (len) {
347 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
348 OnError(2);
349 return;
350 } else {
351 countpages++;
352 }
353 }
354
355 len = mifare_ultra_halt();
356 if (len) {
357 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
358 OnError(3);
359 return;
360 }
361
362 if (MF_DBGLEVEL >= MF_DBG_ALL) Dbprintf("Pages read %d", countpages);
363
364 // len = 16*4; //64 bytes
365
366 // Read a UL-C
367 // if (Pages == 44 && countpages > 16)
368 // len = 176;
369 len = Pages * 4;
370
371 cmd_send(CMD_ACK, 1, 0, 0, dataout, len);
372 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
373 LEDsoff();
374 }
375
376 //-----------------------------------------------------------------------------
377 // Select, Authenticate, Write a MIFARE tag.
378 // read block
379 //-----------------------------------------------------------------------------
380 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
381 {
382 // params
383 uint8_t blockNo = arg0;
384 uint8_t keyType = arg1;
385 uint64_t ui64Key = 0;
386 byte_t blockdata[16];
387
388 ui64Key = bytes_to_num(datain, 6);
389 memcpy(blockdata, datain + 10, 16);
390
391 // variables
392 byte_t isOK = 0;
393 uint8_t uid[10];
394 uint32_t cuid;
395 struct Crypto1State mpcs = {0, 0};
396 struct Crypto1State *pcs;
397 pcs = &mpcs;
398
399 // clear trace
400 clear_trace();
401
402 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
403
404 LED_A_ON();
405 LED_B_OFF();
406 LED_C_OFF();
407
408 while (true) {
409 if(!iso14443a_select_card(uid, NULL, &cuid)) {
410 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
411 break;
412 };
413
414 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
415 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
416 break;
417 };
418
419 if(mifare_classic_writeblock(pcs, cuid, blockNo, blockdata)) {
420 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
421 break;
422 };
423
424 if(mifare_classic_halt(pcs, cuid)) {
425 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
426 break;
427 };
428
429 isOK = 1;
430 break;
431 }
432
433 // ----------------------------- crypto1 destroy
434 crypto1_destroy(pcs);
435
436 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
437
438 LED_B_ON();
439 cmd_send(CMD_ACK,isOK,0,0,0,0);
440 LED_B_OFF();
441
442
443 // Thats it...
444 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
445 LEDsoff();
446 }
447
448 void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
449 {
450 uint8_t blockNo = arg0;
451 byte_t blockdata[16] = {0x00};
452
453 memcpy(blockdata, datain, 16);
454
455 uint8_t uid[10] = {0x00};
456
457 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
458
459 clear_trace();
460 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
461
462 if(!iso14443a_select_card(uid, NULL, NULL)) {
463 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
464 OnError(0);
465 return;
466 };
467
468 if(mifare_ultra_writeblock(blockNo, blockdata)) {
469 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
470 OnError(0);
471 return; };
472
473 if(mifare_ultra_halt()) {
474 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
475 OnError(0);
476 return;
477 };
478
479 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
480
481 cmd_send(CMD_ACK,1,0,0,0,0);
482 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
483 LEDsoff();
484 }
485
486 void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
487 {
488 uint8_t blockNo = arg0;
489 byte_t blockdata[4] = {0x00};
490
491 memcpy(blockdata, datain,4);
492
493 uint8_t uid[10] = {0x00};
494
495 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
496 clear_trace();
497 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
498
499 if(!iso14443a_select_card(uid, NULL, NULL)) {
500 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
501 OnError(0);
502 return;
503 };
504
505 if(mifare_ultra_special_writeblock(blockNo, blockdata)) {
506 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
507 OnError(0);
508 return;
509 };
510
511 if(mifare_ultra_halt()) {
512 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
513 OnError(0);
514 return;
515 };
516
517 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
518
519 cmd_send(CMD_ACK,1,0,0,0,0);
520 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
521 LEDsoff();
522 }
523
524 void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
525
526 uint8_t pwd[16] = {0x00};
527 byte_t blockdata[4] = {0x00};
528
529 memcpy(pwd, datain, 16);
530
531 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
532 clear_trace();
533 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
534
535 if(!iso14443a_select_card(NULL, NULL, NULL)) {
536 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
537 OnError(0);
538 return;
539 };
540
541 blockdata[0] = pwd[7];
542 blockdata[1] = pwd[6];
543 blockdata[2] = pwd[5];
544 blockdata[3] = pwd[4];
545 if(mifare_ultra_special_writeblock( 44, blockdata)) {
546 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
547 OnError(44);
548 return;
549 };
550
551 blockdata[0] = pwd[3];
552 blockdata[1] = pwd[2];
553 blockdata[2] = pwd[1];
554 blockdata[3] = pwd[0];
555 if(mifare_ultra_special_writeblock( 45, blockdata)) {
556 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
557 OnError(45);
558 return;
559 };
560
561 blockdata[0] = pwd[15];
562 blockdata[1] = pwd[14];
563 blockdata[2] = pwd[13];
564 blockdata[3] = pwd[12];
565 if(mifare_ultra_special_writeblock( 46, blockdata)) {
566 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
567 OnError(46);
568 return;
569 };
570
571 blockdata[0] = pwd[11];
572 blockdata[1] = pwd[10];
573 blockdata[2] = pwd[9];
574 blockdata[3] = pwd[8];
575 if(mifare_ultra_special_writeblock( 47, blockdata)) {
576 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
577 OnError(47);
578 return;
579 };
580
581 if(mifare_ultra_halt()) {
582 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
583 OnError(0);
584 return;
585 };
586
587 cmd_send(CMD_ACK,1,0,0,0,0);
588 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
589 LEDsoff();
590 }
591
592 // Return 1 if the nonce is invalid else return 0
593 int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {
594 return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \
595 (oddparity((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \
596 (oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;
597 }
598
599
600 //-----------------------------------------------------------------------------
601 // MIFARE nested authentication.
602 //
603 //-----------------------------------------------------------------------------
604 void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain)
605 {
606 // params
607 uint8_t blockNo = arg0 & 0xff;
608 uint8_t keyType = (arg0 >> 8) & 0xff;
609 uint8_t targetBlockNo = arg1 & 0xff;
610 uint8_t targetKeyType = (arg1 >> 8) & 0xff;
611 uint64_t ui64Key = 0;
612
613 ui64Key = bytes_to_num(datain, 6);
614
615 // variables
616 uint16_t rtr, i, j, len;
617 uint16_t davg;
618 static uint16_t dmin, dmax;
619 uint8_t uid[10];
620 uint32_t cuid, nt1, nt2, nttmp, nttest, ks1;
621 uint8_t par[1];
622 uint32_t target_nt[2], target_ks[2];
623
624 uint8_t par_array[4];
625 uint16_t ncount = 0;
626 struct Crypto1State mpcs = {0, 0};
627 struct Crypto1State *pcs;
628 pcs = &mpcs;
629 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
630
631 uint32_t auth1_time, auth2_time;
632 static uint16_t delta_time;
633
634 // free eventually allocated BigBuf memory
635 BigBuf_free();
636 // clear trace
637 clear_trace();
638 set_tracing(false);
639
640 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
641
642 LED_A_ON();
643 LED_C_OFF();
644
645
646 // statistics on nonce distance
647 if (calibrate) { // for first call only. Otherwise reuse previous calibration
648 LED_B_ON();
649 WDT_HIT();
650
651 davg = dmax = 0;
652 dmin = 2000;
653 delta_time = 0;
654
655 for (rtr = 0; rtr < 17; rtr++) {
656
657 // prepare next select. No need to power down the card.
658 if(mifare_classic_halt(pcs, cuid)) {
659 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
660 rtr--;
661 continue;
662 }
663
664 if(!iso14443a_select_card(uid, NULL, &cuid)) {
665 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
666 rtr--;
667 continue;
668 };
669
670 auth1_time = 0;
671 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
672 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
673 rtr--;
674 continue;
675 };
676
677 if (delta_time) {
678 auth2_time = auth1_time + delta_time;
679 } else {
680 auth2_time = 0;
681 }
682 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {
683 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error");
684 rtr--;
685 continue;
686 };
687
688 nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160
689 for (i = 101; i < 1200; i++) {
690 nttmp = prng_successor(nttmp, 1);
691 if (nttmp == nt2) break;
692 }
693
694 if (i != 1200) {
695 if (rtr != 0) {
696 davg += i;
697 dmin = MIN(dmin, i);
698 dmax = MAX(dmax, i);
699 }
700 else {
701 delta_time = auth2_time - auth1_time + 32; // allow some slack for proper timing
702 }
703 if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);
704 }
705 }
706
707 if (rtr <= 1) return;
708
709 davg = (davg + (rtr - 1)/2) / (rtr - 1);
710
711 if (MF_DBGLEVEL >= 3) Dbprintf("min=%d max=%d avg=%d, delta_time=%d", dmin, dmax, davg, delta_time);
712
713 dmin = davg - 2;
714 dmax = davg + 2;
715
716 LED_B_OFF();
717
718 }
719 // -------------------------------------------------------------------------------------------------
720
721 LED_C_ON();
722
723 // get crypted nonces for target sector
724 for(i=0; i < 2; i++) { // look for exactly two different nonces
725
726 target_nt[i] = 0;
727 while(target_nt[i] == 0) { // continue until we have an unambiguous nonce
728
729 // prepare next select. No need to power down the card.
730 if(mifare_classic_halt(pcs, cuid)) {
731 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
732 continue;
733 }
734
735 if(!iso14443a_select_card(uid, NULL, &cuid)) {
736 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
737 continue;
738 };
739
740 auth1_time = 0;
741 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
742 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
743 continue;
744 };
745
746 // nested authentication
747 auth2_time = auth1_time + delta_time;
748 len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
749 if (len != 4) {
750 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);
751 continue;
752 };
753
754 nt2 = bytes_to_num(receivedAnswer, 4);
755 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);
756
757 // Parity validity check
758 for (j = 0; j < 4; j++) {
759 par_array[j] = (oddparity(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01));
760 }
761
762 ncount = 0;
763 nttest = prng_successor(nt1, dmin - 1);
764 for (j = dmin; j < dmax + 1; j++) {
765 nttest = prng_successor(nttest, 1);
766 ks1 = nt2 ^ nttest;
767
768 if (valid_nonce(nttest, nt2, ks1, par_array)){
769 if (ncount > 0) { // we are only interested in disambiguous nonces, try again
770 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i+1, j);
771 target_nt[i] = 0;
772 break;
773 }
774 target_nt[i] = nttest;
775 target_ks[i] = ks1;
776 ncount++;
777 if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces
778 target_nt[i] = 0;
779 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j);
780 break;
781 }
782 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: valid, ntdist=%d", i+1, j);
783 }
784 }
785 if (target_nt[i] == 0 && j == dmax+1 && MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (all invalid)", i+1);
786 }
787 }
788
789 LED_C_OFF();
790
791 // ----------------------------- crypto1 destroy
792 crypto1_destroy(pcs);
793
794 byte_t buf[4 + 4 * 4];
795 memcpy(buf, &cuid, 4);
796 memcpy(buf+4, &target_nt[0], 4);
797 memcpy(buf+8, &target_ks[0], 4);
798 memcpy(buf+12, &target_nt[1], 4);
799 memcpy(buf+16, &target_ks[1], 4);
800
801 LED_B_ON();
802 cmd_send(CMD_ACK, 0, 2, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));
803 LED_B_OFF();
804
805 if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED");
806
807 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
808 LEDsoff();
809 set_tracing(TRUE);
810 }
811
812 //-----------------------------------------------------------------------------
813 // MIFARE check keys. key count up to 85.
814 //
815 //-----------------------------------------------------------------------------
816 void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
817 {
818 // params
819 uint8_t blockNo = arg0;
820 uint8_t keyType = arg1;
821 uint8_t keyCount = arg2;
822 uint64_t ui64Key = 0;
823
824 // variables
825 int i;
826 byte_t isOK = 0;
827 uint8_t uid[10];
828 uint32_t cuid;
829 struct Crypto1State mpcs = {0, 0};
830 struct Crypto1State *pcs;
831 pcs = &mpcs;
832
833 // clear debug level
834 int OLD_MF_DBGLEVEL = MF_DBGLEVEL;
835 MF_DBGLEVEL = MF_DBG_NONE;
836
837 // clear trace
838 clear_trace();
839 set_tracing(TRUE);
840
841 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
842
843 LED_A_ON();
844 LED_B_OFF();
845 LED_C_OFF();
846
847 for (i = 0; i < keyCount; i++) {
848 if(mifare_classic_halt(pcs, cuid)) {
849 if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Halt error");
850 }
851
852 if(!iso14443a_select_card(uid, NULL, &cuid)) {
853 if (OLD_MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card");
854 break;
855 };
856
857 ui64Key = bytes_to_num(datain + i * 6, 6);
858 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
859 continue;
860 };
861
862 isOK = 1;
863 break;
864 }
865
866 // ----------------------------- crypto1 destroy
867 crypto1_destroy(pcs);
868
869 LED_B_ON();
870 cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);
871 LED_B_OFF();
872
873 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
874 LEDsoff();
875
876 // restore debug level
877 MF_DBGLEVEL = OLD_MF_DBGLEVEL;
878 }
879
880 //-----------------------------------------------------------------------------
881 // MIFARE commands set debug level
882 //
883 //-----------------------------------------------------------------------------
884 void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
885 MF_DBGLEVEL = arg0;
886 Dbprintf("Debug level: %d", MF_DBGLEVEL);
887 }
888
889 //-----------------------------------------------------------------------------
890 // Work with emulator memory
891 //
892 //-----------------------------------------------------------------------------
893 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
894 emlClearMem();
895 }
896
897 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
898 emlSetMem(datain, arg0, arg1); // data, block num, blocks count
899 }
900
901 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
902 byte_t buf[USB_CMD_DATA_SIZE];
903 emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)
904
905 LED_B_ON();
906 cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);
907 LED_B_OFF();
908 }
909
910 //-----------------------------------------------------------------------------
911 // Load a card into the emulator memory
912 //
913 //-----------------------------------------------------------------------------
914 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
915 uint8_t numSectors = arg0;
916 uint8_t keyType = arg1;
917 uint64_t ui64Key = 0;
918 uint32_t cuid;
919 struct Crypto1State mpcs = {0, 0};
920 struct Crypto1State *pcs;
921 pcs = &mpcs;
922
923 // variables
924 byte_t dataoutbuf[16];
925 byte_t dataoutbuf2[16];
926 uint8_t uid[10];
927
928 // clear trace
929 clear_trace();
930 set_tracing(false);
931
932 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
933
934 LED_A_ON();
935 LED_B_OFF();
936 LED_C_OFF();
937
938 bool isOK = true;
939
940 if(!iso14443a_select_card(uid, NULL, &cuid)) {
941 isOK = false;
942 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
943 }
944
945 for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
946 ui64Key = emlGetKey(sectorNo, keyType);
947 if (sectorNo == 0){
948 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
949 isOK = false;
950 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo);
951 break;
952 }
953 } else {
954 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {
955 isOK = false;
956 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo);
957 break;
958 }
959 }
960
961 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
962 if(isOK && mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {
963 isOK = false;
964 if (MF_DBGLEVEL >= 1) Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo);
965 break;
966 };
967 if (isOK) {
968 if (blockNo < NumBlocksPerSector(sectorNo) - 1) {
969 emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);
970 } else { // sector trailer, keep the keys, set only the AC
971 emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
972 memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);
973 emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
974 }
975 }
976 }
977
978 }
979
980 if(mifare_classic_halt(pcs, cuid)) {
981 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
982 };
983
984 // ----------------------------- crypto1 destroy
985 crypto1_destroy(pcs);
986
987 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
988 LEDsoff();
989
990 if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");
991
992 }
993
994
995 //-----------------------------------------------------------------------------
996 // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)
997 //
998 //-----------------------------------------------------------------------------
999 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
1000
1001 // params
1002 uint8_t needWipe = arg0;
1003 // bit 0 - need get UID
1004 // bit 1 - need wupC
1005 // bit 2 - need HALT after sequence
1006 // bit 3 - need init FPGA and field before sequence
1007 // bit 4 - need reset FPGA and LED
1008 uint8_t workFlags = arg1;
1009 uint8_t blockNo = arg2;
1010
1011 // card commands
1012 uint8_t wupC1[] = { 0x40 };
1013 uint8_t wupC2[] = { 0x43 };
1014 uint8_t wipeC[] = { 0x41 };
1015
1016 // variables
1017 byte_t isOK = 0;
1018 uint8_t uid[10] = {0x00};
1019 uint8_t d_block[18] = {0x00};
1020 uint32_t cuid;
1021
1022 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1023 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1024
1025 // reset FPGA and LED
1026 if (workFlags & 0x08) {
1027 LED_A_ON();
1028 LED_B_OFF();
1029 LED_C_OFF();
1030
1031 clear_trace();
1032 set_tracing(TRUE);
1033 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1034 }
1035
1036 while (true) {
1037
1038 // get UID from chip
1039 if (workFlags & 0x01) {
1040 if(!iso14443a_select_card(uid, NULL, &cuid)) {
1041 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
1042 break;
1043 };
1044
1045 if(mifare_classic_halt(NULL, cuid)) {
1046 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1047 break;
1048 };
1049 };
1050
1051 // reset chip
1052 if (needWipe){
1053 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1054 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1055 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1056 break;
1057 };
1058
1059 ReaderTransmit(wipeC, sizeof(wipeC), NULL);
1060 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1061 if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");
1062 break;
1063 };
1064
1065 if(mifare_classic_halt(NULL, cuid)) {
1066 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1067 break;
1068 };
1069 };
1070
1071 // write block
1072 if (workFlags & 0x02) {
1073 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1074 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1075 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1076 break;
1077 };
1078
1079 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1080 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1081 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1082 break;
1083 };
1084 }
1085
1086 if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
1087 if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");
1088 break;
1089 };
1090
1091 memcpy(d_block, datain, 16);
1092 AppendCrc14443a(d_block, 16);
1093
1094 ReaderTransmit(d_block, sizeof(d_block), NULL);
1095 if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
1096 if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");
1097 break;
1098 };
1099
1100 if (workFlags & 0x04) {
1101 if (mifare_classic_halt(NULL, cuid)) {
1102 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1103 break;
1104 };
1105 }
1106
1107 isOK = 1;
1108 break;
1109 }
1110
1111 LED_B_ON();
1112 cmd_send(CMD_ACK,isOK,0,0,uid,4);
1113 LED_B_OFF();
1114
1115 if ((workFlags & 0x10) || (!isOK)) {
1116 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1117 LEDsoff();
1118 }
1119 }
1120
1121
1122 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
1123
1124 // params
1125 // bit 1 - need wupC
1126 // bit 2 - need HALT after sequence
1127 // bit 3 - need init FPGA and field before sequence
1128 // bit 4 - need reset FPGA and LED
1129 uint8_t workFlags = arg0;
1130 uint8_t blockNo = arg2;
1131
1132 // card commands
1133 uint8_t wupC1[] = { 0x40 };
1134 uint8_t wupC2[] = { 0x43 };
1135
1136 // variables
1137 byte_t isOK = 0;
1138 uint8_t data[18] = {0x00};
1139 uint32_t cuid = 0;
1140
1141 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1142 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1143
1144 if (workFlags & 0x08) {
1145 LED_A_ON();
1146 LED_B_OFF();
1147 LED_C_OFF();
1148
1149 clear_trace();
1150 set_tracing(TRUE);
1151 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1152 }
1153
1154 while (true) {
1155 if (workFlags & 0x02) {
1156 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1157 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1158 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1159 break;
1160 };
1161
1162 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1163 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1164 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1165 break;
1166 };
1167 }
1168
1169 // read block
1170 if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {
1171 if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error");
1172 break;
1173 };
1174 memcpy(data, receivedAnswer, 18);
1175
1176 if (workFlags & 0x04) {
1177 if (mifare_classic_halt(NULL, cuid)) {
1178 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1179 break;
1180 };
1181 }
1182
1183 isOK = 1;
1184 break;
1185 }
1186
1187 LED_B_ON();
1188 cmd_send(CMD_ACK,isOK,0,0,data,18);
1189 LED_B_OFF();
1190
1191 if ((workFlags & 0x10) || (!isOK)) {
1192 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1193 LEDsoff();
1194 }
1195 }
1196
1197 void MifareCIdent(){
1198
1199 // card commands
1200 uint8_t wupC1[] = { 0x40 };
1201 uint8_t wupC2[] = { 0x43 };
1202
1203 // variables
1204 byte_t isOK = 1;
1205
1206 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1207 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1208
1209 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1210 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1211 isOK = 0;
1212 };
1213
1214 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1215 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1216 isOK = 0;
1217 };
1218
1219 if (mifare_classic_halt(NULL, 0)) {
1220 isOK = 0;
1221 };
1222
1223 cmd_send(CMD_ACK,isOK,0,0,0,0);
1224 }
1225
1226 //
1227 // DESFIRE
1228 //
1229
1230 void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
1231
1232 byte_t dataout[11] = {0x00};
1233 uint8_t uid[10] = {0x00};
1234 uint32_t cuid;
1235
1236 clear_trace();
1237 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1238
1239 int len = iso14443a_select_card(uid, NULL, &cuid);
1240 if(!len) {
1241 if (MF_DBGLEVEL >= MF_DBG_ERROR)
1242 Dbprintf("Can't select card");
1243 //OnError(1);
1244 return;
1245 };
1246
1247 if(mifare_desfire_des_auth1(cuid, dataout)){
1248 if (MF_DBGLEVEL >= MF_DBG_ERROR)
1249 Dbprintf("Authentication part1: Fail.");
1250 //OnError(4);
1251 return;
1252 }
1253
1254 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");
1255
1256 cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));
1257 }
1258
1259 void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
1260
1261 uint32_t cuid = arg0;
1262 uint8_t key[16] = {0x00};
1263 byte_t isOK = 0;
1264 byte_t dataout[12] = {0x00};
1265
1266 memcpy(key, datain, 16);
1267
1268 isOK = mifare_desfire_des_auth2(cuid, key, dataout);
1269
1270 if( isOK) {
1271 if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
1272 Dbprintf("Authentication part2: Failed");
1273 //OnError(4);
1274 return;
1275 }
1276
1277 if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
1278 DbpString("AUTH 2 FINISHED");
1279
1280 cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
1281 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1282 LEDsoff();
1283 }
1284
1285 void OnSuccess(){
1286 pcb_blocknum = 0;
1287 ReaderTransmit(deselect_cmd, 3 , NULL);
1288 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1289 LEDsoff();
1290 }
1291
1292 void OnError(uint8_t reason){
1293 pcb_blocknum = 0;
1294 ReaderTransmit(deselect_cmd, 3 , NULL);
1295 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1296 cmd_send(CMD_ACK,0,reason,0,0,0);
1297 LEDsoff();
1298 }
Impressum, Datenschutz