X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0387cd3393d87edf07cdd37dc942b6e561ce499a..61fe90736be4400f09fb5f56e2de48d11a0ae0a7:/armsrc/iclass.c

diff --git a/armsrc/iclass.c b/armsrc/iclass.c
index a976217d..f289d24e 100644
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -47,8 +47,9 @@
 // different initial value (CRC_ICLASS)
 #include "iso14443crc.h"
 #include "iso15693tools.h"
-#include "cipher.h"
 #include "protocols.h"
+#include "optimized_cipher.h"
+
 static int timeout = 4096;
 
 
@@ -1052,6 +1053,8 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
 	// free eventually allocated BigBuf memory
 	BigBuf_free_keep_EM();
 
+	State cipher_state;
+//	State cipher_state_reserve;
 	uint8_t *csn = BigBuf_get_EM_addr();
 	uint8_t *emulator = csn;
 	uint8_t sof_data[] = { 0x0F} ;
@@ -1068,12 +1071,18 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
 	ComputeCrc14443(CRC_ICLASS, anticoll_data, 8, &anticoll_data[8], &anticoll_data[9]);
 	ComputeCrc14443(CRC_ICLASS, csn_data, 8, &csn_data[8], &csn_data[9]);
 
+	//The diversified key should be stored on block 3
+	uint8_t diversified_key[8] = { 0 };
+	//Get the diversified key from emulator memory
+	memcpy(diversified_key, emulator+(8*3),8);
 	// e-Purse
 	uint8_t card_challenge_data[8] = { 0x00 };
 	if(simulationMode == MODE_FULLSIM)
 	{
 		//Card challenge, a.k.a e-purse is on block 2
 		memcpy(card_challenge_data,emulator + (8 * 2) , 8);
+		//Precalculate the cipher state, feeding it the CC
+		opt_doTagMAC_1(card_challenge_data,diversified_key);
 	}
 
 	int exitLoop = 0;
@@ -1085,7 +1094,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
 	// Tag    CSN
 
 	uint8_t *modulated_response;
-	int modulated_response_size;
+	int modulated_response_size = 0;
 	uint8_t* trace_data = NULL;
 	int trace_data_size = 0;
 
@@ -1132,8 +1141,10 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
 	CodeIClassTagAnswer(card_challenge_data, sizeof(card_challenge_data));
 	memcpy(resp_cc, ToSend, ToSendMax); resp_cc_len = ToSendMax;
 
-	//This is used for responding to READ-block commands
+	//This is used for responding to READ-block commands or other data which is dynamically generated
 	uint8_t *data_response = BigBuf_malloc(8 * 2 + 2);
+	//This is used for responding to READ-block commands or other data which is dynamically generated
+	uint8_t *data_generic_trace = BigBuf_malloc(8 * 2 + 2);
 
 	// Start from off (no field generated)
 	//FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@@ -1197,25 +1208,17 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
 		} else if(receivedCmd[0] == ICLASS_CMD_CHECK) {
 			// Reader random and reader MAC!!!
 			if(simulationMode == MODE_FULLSIM)
-			{	//This is what we must do..
-				//Reader just sent us NR and MAC(k,cc * nr)
-				//The diversified key should be stored on block 3
-				//However, from a typical dump, the key will not be there
-				uint8_t *diversified_key = { 0 };
-				//Get the diversified key from emulator memory
-				memcpy(diversified_key, emulator+(8*3),8);
-				uint8_t ccnr[12] = { 0 };
-				//Put our cc there (block 2)
-				memcpy(ccnr, emulator + (8 * 2), 8);
-				//Put nr there
-				memcpy(ccnr+8, receivedCmd+1,4);
-				//Now, calc MAC
-				doMAC(ccnr,diversified_key, trace_data);
+			{
+				//NR, from reader, is in receivedCmd +1
+				opt_doTagMAC_2(cipher_state,receivedCmd+1,data_generic_trace,diversified_key);
+
+				trace_data = data_generic_trace;
 				trace_data_size = 4;
 				CodeIClassTagAnswer(trace_data , trace_data_size);
 				memcpy(data_response, ToSend, ToSendMax);
 				modulated_response = data_response;
 				modulated_response_size = ToSendMax;
+				//exitLoop = true;
 			}else
 			{	//Not fullsim, we don't respond
 				// We do not know what to answer, so lets keep quiet
@@ -1253,6 +1256,13 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
 			modulated_response = data_response;
 			modulated_response_size = ToSendMax;
 		}
+		else if(receivedCmd[0] == ICLASS_CMD_PAGESEL)
+		{//Pagesel
+			//Pagesel enables to select a page in the selected chip memory and return its configuration block
+			//Chips with a single page will not answer to this command
+			// It appears we're fine ignoring this.
+			//Otherwise, we should answer 8bytes (block) + 2bytes CRC
+		}
 		else {
 			//#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44
 			// Never seen this command before