#include "LCD.h"
#endif
+ // Craig Young - 14a stand-alone code
+ #ifdef WITH_ISO14443a_StandAlone
+ #include "iso14443a.h"
+ #endif
+
#define abs(x) ( ((x)<0) ? -(x) : (x) )
//=============================================================================
cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
}
- #ifdef WITH_LF
- // samy's sniff and repeat routine
- void SamyRun()
- {
- DbpString("Stand-alone mode! No PC necessary.");
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+ #if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF)
- // 3 possible options? no just 2 for now
#define OPTS 2
- int high[OPTS], low[OPTS];
-
+ void StandAloneMode()
+ {
+ DbpString("Stand-alone mode! No PC necessary.");
// Oooh pretty -- notify user we're in elite samy mode now
LED(LED_RED, 200);
LED(LED_ORANGE, 200);
LED(LED_ORANGE, 200);
LED(LED_RED, 200);
+ }
+
+ #endif
+
+
+
+ #ifdef WITH_ISO14443a_StandAlone
+ void StandAloneMode14a()
+ {
+ StandAloneMode();
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
+ int selected = 0;
+ int playing = 0;
+ int cardRead[OPTS] = {0};
+ uint8_t readUID[10] = {0};
+ uint32_t uid_1st[OPTS]={0};
+ uint32_t uid_2nd[OPTS]={0};
+
+ LED(selected + 1, 0);
+
+ for (;;)
+ {
+ usb_poll();
+ WDT_HIT();
+
+ // Was our button held down or pressed?
+ int button_pressed = BUTTON_HELD(1000);
+ SpinDelay(300);
+
+ // Button was held for a second, begin recording
+ if (button_pressed > 0 && cardRead[selected] == 0)
+ {
+ LEDsoff();
+ LED(selected + 1, 0);
+ LED(LED_RED2, 0);
+
+ // record
+ Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
+
+ // wait for button to be released
+ while(BUTTON_PRESS())
+ WDT_HIT();
+ /* need this delay to prevent catching some weird data */
+ SpinDelay(500);
+ /* Code for reading from 14a tag */
+ uint8_t uid[10] ={0};
+ uint32_t cuid;
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
+
+ for ( ; ; )
+ {
+ WDT_HIT();
+ if (!iso14443a_select_card(uid, NULL, &cuid))
+ continue;
+ else
+ {
+ Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
+ memcpy(readUID,uid,10*sizeof(uint8_t));
+ uint8_t *dst = (uint8_t *)&uid_1st[selected];
+ // Set UID byte order
+ for (int i=0; i<4; i++)
+ dst[i] = uid[3-i];
+ dst = (uint8_t *)&uid_2nd[selected];
+ for (int i=0; i<4; i++)
+ dst[i] = uid[7-i];
+ break;
+ }
+ }
+ LEDsoff();
+ LED(LED_GREEN, 200);
+ LED(LED_ORANGE, 200);
+ LED(LED_GREEN, 200);
+ LED(LED_ORANGE, 200);
+
+ LEDsoff();
+ LED(selected + 1, 0);
+ // Finished recording
+
+ // If we were previously playing, set playing off
+ // so next button push begins playing what we recorded
+ playing = 0;
+
+ cardRead[selected] = 1;
+
+ }
+ /* MF UID clone */
+ else if (button_pressed > 0 && cardRead[selected] == 1)
+ {
+ LEDsoff();
+ LED(selected + 1, 0);
+ LED(LED_ORANGE, 250);
+
+
+ // record
+ Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
+
+ // wait for button to be released
+ while(BUTTON_PRESS())
+ {
+ // Delay cloning until card is in place
+ WDT_HIT();
+ }
+ Dbprintf("Starting clone. [Bank: %u]", selected);
+ // need this delay to prevent catching some weird data
+ SpinDelay(500);
+ // Begin clone function here:
+ /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
+ UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
+ memcpy(c.d.asBytes, data, 16);
+ SendCommand(&c);
+
+ Block read is similar:
+ UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
+ We need to imitate that call with blockNo 0 to set a uid.
+
+ The get and set commands are handled in this file:
+ // Work with "magic Chinese" card
+ case CMD_MIFARE_CSETBLOCK:
+ MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+ break;
+ case CMD_MIFARE_CGETBLOCK:
+ MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+ //
+ break;
+
+ mfCSetUID provides example logic for UID set workflow:
+ -Read block0 from card in field with MifareCGetBlock()
+ -Configure new values without replacing reserved bytes
+ memcpy(block0, uid, 4); // Copy UID bytes from byte array
+ // Mifare UID BCC
+ block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
+ Bytes 5-7 are reserved SAK and ATQA for mifare classic
+ -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
+ */
+ uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
+ // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
+ MifareCGetBlock(0x1F, 1, 0, oldBlock0);
+ Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
+ memcpy(newBlock0,oldBlock0,16);
+ // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
+
+ newBlock0[0] = uid_1st[selected]>>24;
+ newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
+ newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
+ newBlock0[3] = 0xFF & (uid_1st[selected]);
+ newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
+ // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
+ MifareCSetBlock(0, 0xFF,0, newBlock0);
+ MifareCGetBlock(0x1F, 1, 0, testBlock0);
+ if (memcmp(testBlock0,newBlock0,16)==0)
+ {
+ DbpString("Cloned successfull!");
+ cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it
+ }
+ LEDsoff();
+ LED(selected + 1, 0);
+ // Finished recording
+
+ // If we were previously playing, set playing off
+ // so next button push begins playing what we recorded
+ playing = 0;
+
+ }
+ // Change where to record (or begin playing)
+ else if (button_pressed && cardRead[selected])
+ {
+ // Next option if we were previously playing
+ if (playing)
+ selected = (selected + 1) % OPTS;
+ playing = !playing;
+
+ LEDsoff();
+ LED(selected + 1, 0);
+
+ // Begin transmitting
+ if (playing)
+ {
+ LED(LED_GREEN, 0);
+ DbpString("Playing");
+ while (!BUTTON_HELD(500)) { // Loop simulating tag until the button is held a half-sec
+ Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
+ SimulateIso14443aTag(1,uid_1st[selected],uid_2nd[selected],NULL);
+ }
+ //cardRead[selected] = 1;
+ Dbprintf("Done playing [Bank: %u]",selected);
+
+ /* We pressed a button so ignore it here with a delay */
+ SpinDelay(300);
+
+ // when done, we're done playing, move to next option
+ selected = (selected + 1) % OPTS;
+ playing = !playing;
+ LEDsoff();
+ LED(selected + 1, 0);
+ }
+ else
+ while(BUTTON_PRESS())
+ WDT_HIT();
+ }
+ }
+ }
+ #elif WITH_LF
+ // samy's sniff and repeat routine
+ void SamyRun()
+ {
+ StandAloneMode();
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+ int high[OPTS], low[OPTS];
int selected = 0;
int playing = 0;
int cardRead = 0;
for (;;)
{
usb_poll();
- WDT_HIT();
+ WDT_HIT();
// Was our button held down or pressed?
int button_pressed = BUTTON_HELD(1000);
}
}
}
- #endif
+ #endif
/*
OBJECTIVE
Listen and detect an external reader. Determine the best location
break;
case CMD_T55XX_WRITE_BLOCK:
T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
+ cmd_send(CMD_ACK,0,0,0,0,0);
break;
case CMD_T55XX_READ_TRACE:
T55xxReadTrace();
case CMD_EM4X_WRITE_WORD:
EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;
+ case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation
+ CmdAWIDdemodFSK(c->arg[0], 0, 0, 1);
+ break;
#endif
#ifdef WITH_HITAG
ReaderIClass(c->arg[0]);
break;
case CMD_READER_ICLASS_REPLAY:
- ReaderIClass_Replay(c->arg[0], c->d.asBytes);
+ ReaderIClass_Replay(c->arg[0], c->d.asBytes);
break;
- case CMD_ICLASS_EML_MEMSET:
+ case CMD_ICLASS_EML_MEMSET:
emlSet(c->d.asBytes,c->arg[0], c->arg[1]);
break;
+ case CMD_ICLASS_WRITEBLOCK:
+ iClass_WriteBlock(c->arg[0], c->arg[1], c->d.asBytes);
+ break;
+ case CMD_ICLASS_READBLOCK:
+ iClass_ReadBlk(c->arg[0], c->arg[1]);
+ break;
+ case CMD_ICLASS_AUTHENTICATION:
+ iClass_Authentication(c->d.asBytes);
+ break;
+ case CMD_ICLASS_DUMP:
+ iClass_Dump(c->arg[0], c->arg[1], c->arg[2]);
+ break;
+ case CMD_ICLASS_CLONE:
+ iClass_Clone(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+ break;
#endif
case CMD_BUFF_CLEAR:
WDT_HIT();
#ifdef WITH_LF
+ #ifndef WITH_ISO14443a_StandAlone
if (BUTTON_HELD(1000) > 0)
SamyRun();
+ #endif
+ #endif
+ #ifdef WITH_ISO14443a
+ #ifdef WITH_ISO14443a_StandAlone
+ if (BUTTON_HELD(1000) > 0)
+ StandAloneMode14a();
+ #endif
#endif
}
}
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream);
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream);
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol);
+ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol); // Realtime demodulation mode for AWID26
void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol);
void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol);
void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an ioProx card to T5557/T5567
void OnError(uint8_t reason);
-
-
-
/// iso15693.h
void RecordRawAdcSamplesIso15693(void);
void AcquireRawAdcSamplesIso15693(void);
void ReaderIClass(uint8_t arg0);
void ReaderIClass_Replay(uint8_t arg0,uint8_t *MAC);
void IClass_iso14443A_GetPublic(uint8_t arg0);
+void iClass_Authentication(uint8_t *MAC);
+void iClass_WriteBlock(uint8_t blockNo, uint8_t keyType, uint8_t *data);
+void iClass_ReadBlk(uint8_t blockNo, uint8_t keyType);
+bool iClass_ReadBlock(uint8_t blockNo, uint8_t keyType, uint8_t *readdata);
+void iClass_Dump(uint8_t blockno, uint8_t numblks, uint8_t keyType);
+void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t keyType, uint8_t *data);
// hitag2.h
void SnoopHitag(uint32_t type);
#include "util.h"
#include "cmdlf.h"
#include "cmdlfhid.h"
+ #include "cmdlfawid.h"
#include "cmdlfti.h"
#include "cmdlfem4x.h"
#include "cmdlfhitag.h"
{"config", CmdLFSetConfig, 0, "Set config for LF sampling, bit/sample, decimation, frequency"},
{"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"},
{"hid", CmdLFHID, 1, "{ HID RFIDs... }"},
+ {"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"},
{"io", CmdLFIO, 1, "{ ioProx tags... }"},
{"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
{"indalaclone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
{"read", CmdLFRead, 0, "['s' silent] Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
{"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"},
{"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
- {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d <hexdata>] -- Simulate LF ASK tag from demodbuffer or input"},
+ {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [biphase/manchester/raw <'b'|'m'|'r'>] [msg separator 's'] [d <hexdata>] -- Simulate LF ASK tag from demodbuffer or input"},
{"simfsk", CmdLFfskSim, 0, "[c <clock>] [i] [H <fcHigh>] [L <fcLow>] [d <hexdata>] -- Simulate LF FSK tag from demodbuffer or input"},
{"simpsk", CmdLFpskSim, 0, "[1|2|3] [c <clock>] [i] [r <carrier>] [d <raw hex to sim>] -- Simulate LF PSK tag from demodbuffer or input"},
{"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
projects / proxmark3-svn / commitdiff