//
//-----------------------------------------------------------------------------
-#include "proxmark3.h"
+#include "../include/proxmark3.h"
#include "apps.h"
#include "util.h"
#include "string.h"
// Needed for CRC in emulation mode;
// same construction as in ISO 14443;
// different initial value (CRC_ICLASS)
-#include "iso14443crc.h"
+#include "../common/iso14443crc.h"
+#include "../common/iso15693tools.h"
#include "iso15693tools.h"
+
static int timeout = 4096;
// Calculate the parity bit for the client...
Uart.parityBits <<= 1;
- Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
+ //Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
+ Uart.parityBits ^= oddparity(Uart.shiftReg & 0xff);
Uart.bitCnt = 0;
Uart.shiftReg = 0;
// Calculate the parity bit for the client...
Uart.parityBits <<= 1;
- Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
+ //Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
+ Uart.parityBits ^= oddparity((Uart.dropPosition & 0xff));
Uart.bitCnt = 0;
Uart.shiftReg = 0;
else {
modulation = bit & Demod.syncBit;
modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
- //modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
-
+
Demod.samples += 4;
if(Demod.posCount==0) {
Demod.output[Demod.len] = 0x0f;
Demod.len++;
Demod.parityBits <<= 1;
- Demod.parityBits ^= OddByteParity[0x0f];
+ //Demod.parityBits ^= OddByteParity[0x0f];
+ Demod.parityBits ^= oddparity(0x0f);
Demod.state = DEMOD_UNSYNCD;
// error = 0x0f;
return TRUE;
// FOR ISO15639 PARITY NOT SEND OTA, JUST CALCULATE IT FOR THE CLIENT
Demod.parityBits <<= 1;
- Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
+ //Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
+ Demod.parityBits ^= oddparity((Demod.shiftReg & 0xff));
Demod.bitCount = 0;
Demod.shiftReg = 0;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- /*if(OutOfNDecoding((b & 0xf0) >> 4)) {
- *len = Uart.byteCnt;
- return TRUE;
- }*/
+
if(OutOfNDecoding(b & 0x0f)) {
*len = Uart.byteCnt;
return TRUE;
} else if(receivedCmd[0] == 0x05) {
// Reader random and reader MAC!!!
// Do not respond
- // We do not know what to answer, so lets keep quit
+ // We do not know what to answer, so lets keep quiet
resp = resp1; respLen = 0; //order = 5;
respdata = NULL;
respsize = 0;
if (breakAfterMacReceived){
- // TODO, actually return this to the caller instead of just
// dbprintf:ing ...
Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]);
Dbprintf("RDR: (len=%02d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",len,
int par = 0;
// This is tied to other size changes
- // uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
CodeIClassCommand(frame,len);
// Select the card
for(;;) {
WDT_HIT();
- if(BUTTON_PRESS()) return FALSE;
+ if(BUTTON_PRESS()) return FALSE;
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!!
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
skip = !skip;
if(skip) continue;
- /*if(ManchesterDecoding((b>>4) & 0xf)) {
- *samples = ((c - 1) << 3) + 4;
- return TRUE;
- }*/
+
if(ManchesterDecoding(b & 0x0f)) {
*samples = c << 3;
return TRUE;
return Demod.len;
}
+void setupIclassReader()
+{
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ // Reset trace buffer
+ iso14a_set_tracing(TRUE);
+ iso14a_clear_trace();
+
+ // Setup SSC
+ FpgaSetupSsc();
+ // Start from off (no field generated)
+ // Signal field is off with the appropriate LED
+ LED_D_OFF();
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ SpinDelay(200);
+
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
+ // Now give it time to spin up.
+ // Signal field is on with the appropriate LED
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+ SpinDelay(200);
+ LED_A_ON();
+
+}
+
// Reader iClass Anticollission
void ReaderIClass(uint8_t arg0) {
uint8_t act_all[] = { 0x0a };
uint8_t identify[] = { 0x0c };
uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ uint8_t readcheck_cc[]= { 0x88, 0x02 };
- uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
-
- FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ uint8_t card_data[24]={0};
+ uint8_t last_csn[8]={0};
- // Reset trace buffer
- memset(trace, 0x44, RECV_CMD_OFFSET);
- traceLen = 0;
-
- // Setup SSC
- FpgaSetupSsc();
- // Start from off (no field generated)
- // Signal field is off with the appropriate LED
- LED_D_OFF();
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(200);
+ uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+ int read_status= 0;
+ bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
- // Now give it time to spin up.
- // Signal field is on with the appropriate LED
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
- SpinDelay(200);
+ setupIclassReader();
- LED_A_ON();
-
- for(;;) {
-
- if(traceLen > TRACE_SIZE) {
- DbpString("Trace full");
- break;
- }
-
- if (BUTTON_PRESS()) break;
+ size_t datasize = 0;
+ while(!BUTTON_PRESS())
+ {
+ WDT_HIT();
- // Send act_all
- ReaderTransmitIClass(act_all, 1);
- // Card present?
- if(ReaderReceiveIClass(resp)) {
- ReaderTransmitIClass(identify, 1);
- if(ReaderReceiveIClass(resp) == 10) {
- // Select card
- memcpy(&select[1],resp,8);
- ReaderTransmitIClass(select, sizeof(select));
+ // Send act_all
+ ReaderTransmitIClass(act_all, 1);
+ // Card present?
+ if(ReaderReceiveIClass(resp)) {
+
+ ReaderTransmitIClass(identify, 1);
+
+ if(ReaderReceiveIClass(resp) == 10) {
+ //Copy the Anti-collision CSN to our select-packet
+ memcpy(&select[1],resp,8);
+ //Dbprintf("Anti-collision CSN: %02x %02x %02x %02x %02x %02x %02x %02x",resp[0], resp[1], resp[2],
+ // resp[3], resp[4], resp[5],
+ // resp[6], resp[7]);
+ //Select the card
+ ReaderTransmitIClass(select, sizeof(select));
+
+ if(ReaderReceiveIClass(resp) == 10) {
+ //Save CSN in response data
+ memcpy(card_data,resp,8);
+ datasize += 8;
+ //Flag that we got to at least stage 1, read CSN
+ read_status = 1;
+
+ // Card selected
+ //Dbprintf("Readcheck on Sector 2");
+ ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
+ if(ReaderReceiveIClass(resp) == 8) {
+ //Save CC (e-purse) in response data
+ memcpy(card_data+8,resp,8);
+ datasize += 8;
+ //Got both
+ read_status = 2;
+ }
+
+ LED_B_ON();
+ //Send back to client, but don't bother if we already sent this
+ if(memcmp(last_csn, card_data, 8) != 0)
+ cmd_send(CMD_ACK,read_status,0,0,card_data,datasize);
+
+ //Save that we already sent this....
+ if(read_status == 2)
+ memcpy(last_csn, card_data, 8);
+
+ LED_B_OFF();
+
+ if(abort_after_read) break;
+ }
+ }
+ }
- if(ReaderReceiveIClass(resp) == 10) {
- Dbprintf(" Selected CSN: %02x %02x %02x %02x %02x %02x %02x %02x",
- resp[0], resp[1], resp[2],
- resp[3], resp[4], resp[5],
- resp[6], resp[7]);
- }
- // Card selected, whats next... ;-)
- }
- }
- WDT_HIT();
- }
-
- LED_A_OFF();
+ if(traceLen > TRACE_SIZE) {
+ DbpString("Trace full");
+ break;
+ }
+ }
+ LED_A_OFF();
}
void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
- // Reset trace buffer
- memset(trace, 0x44, RECV_CMD_OFFSET);
- traceLen = 0;
-
- // Setup SSC
- FpgaSetupSsc();
- // Start from off (no field generated)
- // Signal field is off with the appropriate LED
- LED_D_OFF();
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(200);
-
- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
-
- // Now give it time to spin up.
- // Signal field is on with the appropriate LED
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
- SpinDelay(200);
+ setupIclassReader();
- LED_A_ON();
for(int i=0;i<1;i++) {
Dbprintf("Authenticate");
//for now replay captured auth (as cc not updated)
memcpy(check+5,MAC,4);
- Dbprintf(" AA: %02x %02x %02x %02x",
- check[5], check[6], check[7],check[8]);
+ //Dbprintf(" AA: %02x %02x %02x %02x",
+ // check[5], check[6], check[7],check[8]);
ReaderTransmitIClass(check, sizeof(check));
if(ReaderReceiveIClass(resp) == 4) {
Dbprintf(" AR: %02x %02x %02x %02x",
LED_A_OFF();
}
-//1. Create Method to Read sectors/blocks 0,1,2 and Send to client
-void IClass_iso14443A_GetPublic(uint8_t arg0) {
- uint8_t act_all[] = { 0x0a };
- uint8_t identify[] = { 0x0c };
- uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
- uint8_t readcheck_cc[]= { 0x88, 0x02 };
- //uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 };
- uint8_t card_data[24]={0};
-
- //bool read_success=false;
- uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
-
- // Reset trace buffer
- memset(trace, 0x44, RECV_CMD_OFFSET);
- traceLen = 0;
-
- // Setup SSC
- FpgaSetupSsc();
- // Start from off (no field generated)
- // Signal field is off with the appropriate LED
- LED_D_OFF();
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(200);
-
- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
-
- // Now give it time to spin up.
- // Signal field is on with the appropriate LED
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
- SpinDelay(200);
-
- LED_A_ON();
-
- for(int i=0;i<1;i++) {
-
- if(traceLen > TRACE_SIZE) {
- DbpString("Trace full");
- break;
- }
-
- if (BUTTON_PRESS()) break;
-
- // Send act_all
- ReaderTransmitIClass(act_all, 1);
- // Card present?
- if(ReaderReceiveIClass(resp)) {
- ReaderTransmitIClass(identify, 1);
- if(ReaderReceiveIClass(resp) == 10) {
- // Select card
- memcpy(&select[1],resp,8);
- ReaderTransmitIClass(select, sizeof(select));
-
- if(ReaderReceiveIClass(resp) == 10) {
- Dbprintf(" Selected CSN: %02x %02x %02x %02x %02x %02x %02x %02x",
- resp[0], resp[1], resp[2],
- resp[3], resp[4], resp[5],
- resp[6], resp[7]);
- }
- memcpy(card_data,resp,8);
- // Card selected
- Dbprintf("Readcheck on Sector 2");
- ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
- if(ReaderReceiveIClass(resp) == 8) {
- Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x",
- resp[0], resp[1], resp[2],
- resp[3], resp[4], resp[5],
- resp[6], resp[7]);
- }
- memcpy(card_data+8,resp,8);
- //prep to read config block
- /* read card configuration block
- while(!read_success){
- uint8_t sector_config=0x01;
- memcpy(read+1,§or_config,1);
- ReaderTransmitIClass(read, sizeof(read));
- if(ReaderReceiveIClass(resp) == 8) {
- Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x",
- resp[0], resp[1], resp[2],
- resp[3], resp[4], resp[5],
- resp[6], resp[7]);
- read_success=true;
- memcpy(card_data+16,resp,8);
- }
- }*/
- }
- }
- WDT_HIT();
- }
- //Dbprintf("DEBUG: %02x%02x%02x%02x%02x%02x%02x%02x",card_data[0],card_data[1],card_data[2],card_data[3],card_data[4],card_data[5],card_data[6],card_data[7]);
- //Dbprintf("DEBUG: %02x%02x%02x%02x%02x%02x%02x%02x",card_data[8],card_data[9],card_data[10],card_data[11],card_data[12],card_data[13],card_data[14],card_data[15]);
- LED_A_OFF();
- LED_B_ON();
- //send data back to the client
- cmd_send(CMD_ACK,0,0,0,card_data,16);
- LED_B_OFF();
-}
-
//2. Create Read method (cut-down from above) based off responses from 1.
// Since we have the MAC could continue to use replay function.
//3. Create Write method
uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
// Reset trace buffer
- memset(trace, 0x44, RECV_CMD_OFFSET);
+ memset(trace, 0x44, RECV_CMD_OFFSET);
traceLen = 0;
// Setup SSC
projects / proxmark3-svn / blobdiff