traceLen += iLen;
// parity bytes
- if (parity != NULL && iLen != 0) {
- memcpy(trace + traceLen, parity, num_paritybytes);
+ if (iLen != 0) {
+ if (parity != NULL) {
+ memcpy(trace + traceLen, parity, num_paritybytes);
+ } else {
+ memset(trace + traceLen, 0x00, num_paritybytes);
+ }
}
traceLen += num_paritybytes;
- if(traceLen +4 < max_traceLen)
- { //If it hadn't been cleared, for whatever reason..
- memset(trace+traceLen,0x44, 4);
- }
-
return TRUE;
}
+
+
int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int readerToTag)
{
/**
return TRUE;
}
+
+
// Emulator memory
uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){
uint8_t* mem = BigBuf_get_EM_addr();
ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
}
+void AppendCrc14443b(uint8_t* data, int len)
+{
+ ComputeCrc14443(CRC_14443_B,data,len,data+len,data+len+1);
+}
+
+
//=============================================================================
// ISO 14443 Type A - Miller decoder
//=============================================================================
// 0111 - a 2 tick wide pause shifted left
// 1001 - a 2 tick wide pause shifted right
const bool Mod_Miller_LUT[] = {
-// TRUE, TRUE, FALSE, TRUE, FALSE, FALSE, FALSE, FALSE,
-// TRUE, TRUE, FALSE, FALSE, TRUE, FALSE, FALSE, FALSE
FALSE, TRUE, FALSE, TRUE, FALSE, FALSE, FALSE, TRUE,
FALSE, TRUE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE
};
// Sequence X followed by Sequence Y followed by Sequence Z (111100x1 11111111 00x11111)
// we therefore look for a ...xx11111111111100x11111xxxxxx... pattern
// (12 '1's followed by 2 '0's, eventually followed by another '0', followed by 5 '1's)
-#define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00000111 11111111 11101111 10000000
-#define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00000111 11111111 10001111 10000000
+ #define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00000111 11111111 11101111 10000000
+ #define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00000111 11111111 10001111 10000000
if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 0)) == ISO14443A_STARTBIT_PATTERN >> 0) Uart.syncBit = 7;
else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 1)) == ISO14443A_STARTBIT_PATTERN >> 1) Uart.syncBit = 6;
else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 2)) == ISO14443A_STARTBIT_PATTERN >> 2) Uart.syncBit = 5;
TRUE)) break;
}
/* And ready to receive another command. */
- UartInit(receivedCmd, receivedCmdPar);
+ UartReset();
/* And also reset the demod code, which might have been */
/* false-triggered by the commands from the reader. */
DemodReset();
// And ready to receive another response.
DemodReset();
+ // And reset the Miller decoder including itS (now outdated) input buffer
+ UartInit(receivedCmd, receivedCmdPar);
+
LED_C_OFF();
}
TagIsActive = (Demod.state != DEMOD_UNSYNCD);
}
// Only transmit parity bit if we transmitted a complete byte
- if (j == 8) {
+ if (j == 8 && parity != NULL) {
// Get the parity bit
if (parity[i>>3] & (0x80 >> (i&0x0007))) {
// Sequence X
}
}
+
void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
{
CodeIso14443aBitsAsReaderPar(frame, bits, par);
}
}
+
void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
{
ReaderTransmitBitsPar(frame, len*8, par, timing);
}
+
void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
{
// Generate parity and redirect
ReaderTransmitBitsPar(frame, len, par, timing);
}
+
void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing)
{
// Generate parity and redirect
if(param & ISO14A_RAW) {
if(param & ISO14A_APPEND_CRC) {
- AppendCrc14443a(cmd,len);
+ if(param & ISO14A_TOPAZMODE) {
+ AppendCrc14443b(cmd,len);
+ } else {
+ AppendCrc14443a(cmd,len);
+ }
len += 2;
if (lenbits) lenbits += 16;
}
- if(lenbits>0) {
- GetParity(cmd, lenbits/8, par);
- ReaderTransmitBitsPar(cmd, lenbits, par, NULL);
- } else {
- ReaderTransmit(cmd,len, NULL);
+ if(lenbits>0) { // want to send a specific number of bits (e.g. short commands)
+ if(param & ISO14A_TOPAZMODE) {
+ int bits_to_send = lenbits;
+ uint16_t i = 0;
+ ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity
+ bits_to_send -= 7;
+ while (bits_to_send > 0) {
+ ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 8), NULL, NULL); // following bytes are 8 bit and no parity
+ bits_to_send -= 8;
+ }
+ } else {
+ GetParity(cmd, lenbits/8, par);
+ ReaderTransmitBitsPar(cmd, lenbits, par, NULL); // bytes are 8 bit with odd parity
+ }
+ } else { // want to send complete bytes only
+ if(param & ISO14A_TOPAZMODE) {
+ uint16_t i = 0;
+ ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy
+ while (i < len) {
+ ReaderTransmitBitsPar(&cmd[i++], 8, NULL, NULL); // following bytes: 8 bits, no paritiy
+ }
+ } else {
+ ReaderTransmit(cmd,len, NULL); // 8 bits, odd parity
+ }
}
arg0 = ReaderReceive(buf, par);
cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
// And ready to receive another response.
DemodReset();
+ // And reset the Miller decoder including its (now outdated) input buffer
+ UartInit(receivedCmd, receivedCmdPar);
}
TagIsActive = (Demod.state != DEMOD_UNSYNCD);
}
void annotateTopaz(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
-
switch(cmd[0]) {
case TOPAZ_REQA :snprintf(exp, size, "REQA");break;
case TOPAZ_WUPA :snprintf(exp, size, "WUPA");break;
case TOPAZ_READ :snprintf(exp, size, "READ");break;
case TOPAZ_WRITE_E :snprintf(exp, size, "WRITE-E");break;
case TOPAZ_WRITE_NE :snprintf(exp, size, "WRITE-NE");break;
+ case TOPAZ_RSEG :snprintf(exp, size, "RSEG");break;
+ case TOPAZ_READ8 :snprintf(exp, size, "READ8");break;
+ case TOPAZ_WRITE_E8 :snprintf(exp, size, "WRITE-E8");break;
+ case TOPAZ_WRITE_NE8 :snprintf(exp, size, "WRITE-NE8");break;
default: snprintf(exp,size,"?"); break;
}
}
bool merge_topaz_reader_frames(uint32_t timestamp, uint32_t *duration, uint16_t *tracepos, uint16_t traceLen, uint8_t *trace, uint8_t *frame, uint8_t *topaz_reader_command, uint16_t *data_len)
{
-#define MAX_TOPAZ_READER_CMD_LEN 9
+#define MAX_TOPAZ_READER_CMD_LEN 16
uint32_t last_timestamp = timestamp + *duration;
int num_lines = MIN((data_len - 1)/16 + 1, 16);
for (int j = 0; j < num_lines ; j++) {
if (j == 0) {
- PrintAndLog(" %9d | %9d | %s |%-64s | %s| %s",
+ PrintAndLog(" %10d | %10d | %s |%-64s | %s| %s",
(timestamp - first_timestamp),
(EndOfTransmissionTimestamp - first_timestamp),
(isResponse ? "Tag" : "Rdr"),
(j == num_lines-1) ? crc : " ",
(j == num_lines-1) ? explanation : "");
} else {
- PrintAndLog(" | | |%-64s | %s| %s",
+ PrintAndLog(" | | |%-64s | %s| %s",
line[j],
(j == num_lines-1) ? crc : " ",
(j == num_lines-1) ? explanation : "");
return 0;
}
+
int CmdHF14ACmdRaw(const char *cmd) {
UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
- uint8_t reply=1;
- uint8_t crc=0;
- uint8_t power=0;
- uint8_t active=0;
- uint8_t active_select=0;
- uint16_t numbits=0;
- uint32_t timeout=0;
- uint8_t bTimeout=0;
+ bool reply=1;
+ bool crc = FALSE;
+ bool power = FALSE;
+ bool active = FALSE;
+ bool active_select = FALSE;
+ uint16_t numbits = 0;
+ bool bTimeout = FALSE;
+ uint32_t timeout = 0;
+ bool topazmode = FALSE;
char buf[5]="";
- int i=0;
+ int i = 0;
uint8_t data[USB_CMD_DATA_SIZE];
- uint16_t datalen=0;
+ uint16_t datalen = 0;
uint32_t temp;
if (strlen(cmd)<2) {
PrintAndLog(" -s active signal field ON with select");
PrintAndLog(" -b number of bits to send. Useful for send partial byte");
PrintAndLog(" -t timeout in ms");
+ PrintAndLog(" -T use Topaz protocol to send command");
return 0;
}
+
// strip
while (*cmd==' ' || *cmd=='\t') cmd++;
if (cmd[i]=='-') {
switch (cmd[i+1]) {
case 'r':
- reply=0;
+ reply = FALSE;
break;
case 'c':
- crc=1;
+ crc = TRUE;
break;
case 'p':
- power=1;
+ power = TRUE;
break;
case 'a':
- active=1;
+ active = TRUE;
break;
case 's':
- active_select=1;
+ active_select = TRUE;
break;
case 'b':
sscanf(cmd+i+2,"%d",&temp);
i-=2;
break;
case 't':
- bTimeout=1;
+ bTimeout = TRUE;
sscanf(cmd+i+2,"%d",&temp);
timeout = temp;
i+=3;
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i-=2;
break;
+ case 'T':
+ topazmode = TRUE;
+ break;
default:
PrintAndLog("Invalid option");
return 0;
PrintAndLog("Invalid char on input");
return 0;
}
+
if(crc && datalen>0 && datalen<sizeof(data)-2)
{
uint8_t first, second;
- ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
+ if (topazmode) {
+ ComputeCrc14443(CRC_14443_B, data, datalen, &first, &second);
+ } else {
+ ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
+ }
data[datalen++] = first;
data[datalen++] = second;
}
}
if(bTimeout){
- #define MAX_TIMEOUT 40542464 // (2^32-1) * (8*16) / 13560000Hz * 1000ms/s =
+ #define MAX_TIMEOUT 40542464 // = (2^32-1) * (8*16) / 13560000Hz * 1000ms/s
c.arg[0] |= ISO14A_SET_TIMEOUT;
if(timeout > MAX_TIMEOUT) {
timeout = MAX_TIMEOUT;
}
c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us)
}
+
if(power)
c.arg[0] |= ISO14A_NO_DISCONNECT;
- if(datalen>0)
+
+ if(datalen > 0)
c.arg[0] |= ISO14A_RAW;
+ if(topazmode)
+ c.arg[0] |= ISO14A_TOPAZMODE;
+
// Max buffer is USB_CMD_DATA_SIZE
c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen);
return 0;
}
+
static void waitCmd(uint8_t iSelect)
{
uint8_t *recv;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
recv = resp.d.asBytes;
uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
- PrintAndLog("received %i octets",iLen);
+ PrintAndLog("received %i octets", iLen);
if(!iLen)
return;
hexout = (char *)malloc(iLen * 3 + 1);
#include "cmdhftopaz.h"
#include "cmdhf14a.h"
#include "ui.h"
+#include "mifare.h"
+#include "proxmark3.h"
+#include "iso14443crc.h"
+#include "protocols.h"
+
+
+
+static void topaz_switch_on_field(void)
+{
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_SELECT | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE, 0, 0}};
+ SendCommand(&c);
+
+ UsbCommand resp;
+ WaitForResponse(CMD_ACK, &resp);
+}
+
+
+static void topaz_switch_off_field(void)
+{
+ UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
+ SendCommand(&c);
+
+ UsbCommand resp;
+ WaitForResponse(CMD_ACK, &resp);
+}
+
+
+static void topaz_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response)
+{
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE, len, 0}};
+ memcpy(c.d.asBytes, cmd, len);
+ SendCommand(&c);
+
+ UsbCommand resp;
+ WaitForResponse(CMD_ACK, &resp);
+
+ memcpy(response, resp.d.asBytes, resp.arg[0]);
+}
+
+
+static void topaz_send_cmd(uint8_t *cmd, uint8_t len, uint8_t *response)
+{
+ if (len > 1) {
+ uint8_t first, second;
+ ComputeCrc14443(CRC_14443_B, cmd, len, &first, &second);
+ cmd[len] = first;
+ cmd[len+1] = second;
+ }
+
+ topaz_send_cmd_raw(cmd, len+2, response);
+}
+
+
+static void topaz_select(uint8_t *atqa, uint8_t *uid)
+{
+ // ToDo: implement anticollision
+ uint8_t rid_cmd[] = {TOPAZ_RID, 0, 0, 0, 0, 0, 0, 0, 0};
+ uint8_t wupa_cmd[] = {TOPAZ_WUPA};
+
+ topaz_switch_on_field();
+ topaz_send_cmd(wupa_cmd, sizeof(wupa_cmd), atqa);
+ topaz_send_cmd(rid_cmd, sizeof(rid_cmd) - 2, uid);
+ topaz_switch_off_field();
+}
+
int CmdHFTopazReader(const char *Cmd)
{
#define TOPAZ_READ 0x01 // Read (a single byte)
#define TOPAZ_WRITE_E 0x53 // Write-with-erase (a single byte)
#define TOPAZ_WRITE_NE 0x1a // Write-no-erase (a single byte)
+// additional commands for Dynamic Memory Model
+#define TOPAZ_RSEG 0x10 // Read segment
+#define TOPAZ_READ8 0x02 // Read (eight bytes)
+#define TOPAZ_WRITE_E8 0x54 // Write-with-erase (eight bytes)
+#define TOPAZ_WRITE_NE8 0x1B // Write-no-erase (eight bytes)
#define ISO_14443A 0
} __attribute__((__packed__)) iso14a_card_select_t;
typedef enum ISO14A_COMMAND {
- ISO14A_CONNECT = 1,
- ISO14A_NO_DISCONNECT = 2,
- ISO14A_APDU = 4,
- ISO14A_RAW = 8,
- ISO14A_REQUEST_TRIGGER = 0x10,
- ISO14A_APPEND_CRC = 0x20,
- ISO14A_SET_TIMEOUT = 0x40,
- ISO14A_NO_SELECT = 0x80
+ ISO14A_CONNECT = (1 << 0),
+ ISO14A_NO_DISCONNECT = (1 << 1),
+ ISO14A_APDU = (1 << 2),
+ ISO14A_RAW = (1 << 3),
+ ISO14A_REQUEST_TRIGGER = (1 << 4),
+ ISO14A_APPEND_CRC = (1 << 5),
+ ISO14A_SET_TIMEOUT = (1 << 6),
+ ISO14A_NO_SELECT = (1 << 7),
+ ISO14A_TOPAZMODE = (1 << 8)
} iso14a_command_t;
#endif // _MIFARE_H_
projects / proxmark3-svn / commitdiff