#define FREE_BUFFER_OFFSET (CARD_MEMORY_OFFSET + CARD_MEMORY_SIZE)
#define FREE_BUFFER_SIZE (BIGBUF_SIZE - FREE_BUFFER_OFFSET - 1)
+/*
+The statements above translates into this :
+BIGBUF_SIZE = 40000
+TRACE_OFFSET = 0
+TRACE_SIZE = 3000
+RECV_CMD_OFFSET = 3000
+MAX_FRAME_SIZE = 256
+MAX_PARITY_SIZE = 32
+RECV_CMD_PAR_OFFSET = 3256
+RECV_RESP_OFFSET = 3288
+RECV_RESP_PAR_OFFSET= 3544
+CARD_MEMORY_OFFSET = 3576
+CARD_MEMORY_SIZE = 4096
+DMA_BUFFER_OFFSET = 3576
+DMA_BUFFER_SIZE = 4096
+FREE_BUFFER_OFFSET = 7672
+FREE_BUFFER_SIZE = 32327
+ */
+
extern const uint8_t OddByteParity[256];
extern uint8_t *trace; // = (uint8_t *) BigBuf;
extern int traceLen; // = 0;
#define FPGA_HF_SIMULATOR_MODULATE_BPSK (1<<0)
#define FPGA_HF_SIMULATOR_MODULATE_212K (2<<0)
#define FPGA_HF_SIMULATOR_MODULATE_424K (4<<0)
+#define FPGA_HF_SIMULATOR_MODULATE_424K_8BIT 0x5//101
+
// Options for ISO14443A
#define FPGA_HF_ISO14443A_SNIFFER (0<<0)
#define FPGA_HF_ISO14443A_TAGSIM_LISTEN (1<<0)
int32_t dist_nt(uint32_t nt1, uint32_t nt2);
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data);
void MifareUReadBlock(uint8_t arg0,uint8_t *datain);
- void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain);
+ void MifareUC_Auth1(uint8_t arg0, uint8_t *datain);
+ void MifareUC_Auth2(uint32_t arg0, uint8_t *datain);
+ void MifareUReadCard(uint8_t arg0, int Pages, uint8_t *datain);
void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareUWriteBlock(uint8_t arg0,uint8_t *datain);
}
// The second response contains the (mandatory) first 24 bits of the UID
-- uint8_t response2[5];
++ uint8_t response2[5] = {0x00};
// Check if the uid uses the (optional) part
-- uint8_t response2a[5];
++ uint8_t response2a[5] = {0x00};
++
if (uid_2nd) {
response2[0] = 0x88;
num_to_bytes(uid_1st,3,response2+1);
response2[4] = response2[0] ^ response2[1] ^ response2[2] ^ response2[3];
// Prepare the mandatory SAK (for 4 and 7 byte UID)
-- uint8_t response3[3];
++ uint8_t response3[3] = {0x00};
response3[0] = sak;
ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]);
// Prepare the optional second SAK (for 7 byte UID), drop the cascade bit
-- uint8_t response3a[3];
++ uint8_t response3a[3] = {0x00};
response3a[0] = sak & 0xFB;
ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
Dbprintf("Multiple tags detected. Collision after Bit %d", Demod.collisionPos);
for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point
uint16_t UIDbit = (resp[i/8] >> (i % 8)) & 0x01;
- uid_resp[uid_resp_bits & 0xf8] |= UIDbit << (uid_resp_bits % 8);
+ uid_resp[uid_resp_bits / 8] |= UIDbit << (uid_resp_bits % 8);
}
uid_resp[uid_resp_bits/8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position
uid_resp_bits++;
if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
Dbprintf("Can't select card");\r
-- OnError(0);\r
++ //OnError(0);\r
return;\r
};\r
\r
if(mifare_ultra_auth1(cuid, dataoutbuf)){\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Authentication part1: Fail.");\r
-- OnError(1);\r
++ //OnError(1);\r
return;\r
}\r
\r
if(mifare_ultra_auth2(cuid, key, dataoutbuf)){\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Authentication part2: Fail...");\r
-- OnError(1);\r
++ //OnError(1);\r
return; \r
}\r
\r
if(!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Can't select card");\r
-- OnError(1);\r
++ //OnError(1);\r
return;\r
};\r
\r
if(mifare_desfire_des_auth1(cuid, dataout)){\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Authentication part1: Fail.");\r
-- OnError(4);\r
++ //OnError(4);\r
return;\r
}\r
\r
if( isOK) {\r
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
Dbprintf("Authentication part2: Failed"); \r
-- OnError(4);\r
++ //OnError(4);\r
return;\r
}\r
\r
cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
--}
++}
\r
static int sniffState = SNF_INIT;\r
static uint8_t sniffUIDType;\r
--static uint8_t sniffUID[8];\r
--static uint8_t sniffATQA[2];\r
++static uint8_t sniffUID[8] = {0x00};\r
++static uint8_t sniffATQA[2] = {0x00};\r
static uint8_t sniffSAK;\r
--static uint8_t sniffBuf[16];\r
++static uint8_t sniffBuf[16] = {0x00};\r
static uint32_t timerData = 0;\r
\r
\r
emlSetMem((uint8_t *)uid, 0, 1);\r
return;\r
}\r
++\r
++\r
++// Mifare desfire commands\r
++int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)\r
++{\r
++ uint8_t dcmd[5] = {0x00};\r
++ dcmd[0] = cmd;\r
++ memcpy(dcmd+1,data,2);\r
++ AppendCrc14443a(dcmd, 3);\r
++ \r
++ ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r
++ int len = ReaderReceive(answer, answer_parity);\r
++ if(!len) {\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
++ Dbprintf("Authentication failed. Card timeout.");\r
++ return 1;\r
++ }\r
++ return len;\r
++}\r
++\r
++int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing)\r
++{\r
++ uint8_t dcmd[20] = {0x00};\r
++ dcmd[0] = cmd;\r
++ memcpy(dcmd+1,data,17);\r
++ AppendCrc14443a(dcmd, 18);\r
++\r
++ ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r
++ int len = ReaderReceive(answer, answer_parity);\r
++ if(!len){\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
++ Dbprintf("Authentication failed. Card timeout.");\r
++ return 1;\r
++ }\r
++ return len;\r
++}\r
++\r
++int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){\r
++\r
++ int len;\r
++ // load key, keynumber\r
++ uint8_t data[2]={0x0a, 0x00};\r
++ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
++ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
++ \r
++ len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);\r
++ if (len == 1) {\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
++ Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
++ return 1;\r
++ }\r
++ \r
++ if (len == 12) {\r
++ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
++ Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
++ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
++ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
++ receivedAnswer[10],receivedAnswer[11]);\r
++ }\r
++ memcpy(blockData, receivedAnswer, 12);\r
++ return 0;\r
++ }\r
++ return 1;\r
++}\r
++\r
++int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){\r
++\r
++ int len;\r
++ uint8_t data[17] = {0x00};\r
++ data[0] = 0xAF;\r
++ memcpy(data+1,key,16);\r
++ \r
++ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
++ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
++ \r
++ len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);\r
++ \r
++ if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) {\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
++ Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);\r
++ return 1;\r
++ }\r
++ \r
++ if (len == 12){\r
++ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
++ Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
++ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
++ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
++ receivedAnswer[10],receivedAnswer[11]);\r
++ }\r
++ memcpy(blockData, receivedAnswer, 12);\r
++ return 0;\r
++ }\r
++ return 1;\r
++}
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid);
int mifare_ultra_halt(uint32_t uid);
\r
++// desfire\r
++int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);\r
++int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing);\r
++int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);\r
++int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);\r
// crypto functions
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
VPATH = ../common
OBJDIR = obj
--LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm
++LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm -lcrypto
LDFLAGS = $(COMMON_FLAGS)
--CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
++CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
LUAPLATFORM = generic
--
ifneq (,$(findstring MINGW,$(platform)))
CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4
projects / proxmark3-svn / commitdiff