From 95e635947bc4628b713fa00d7a533a881bca7fc4 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 26 Nov 2014 13:52:39 +0100 Subject: [PATCH] ADD: the option to simulate tnp3xxx inthe command "hf mf sim" ADD: found some new default keys ADD: changed alot of memorys buffers to use constant values. like usbbuffer sizes, tracelogs, etc etc ADD: all changes Peter filmoore has in his pull request. --- armsrc/appmain.c | 10 +++++--- armsrc/apps.h | 9 ++++--- armsrc/iclass.c | 28 ++++++++++------------ armsrc/iso14443a.c | 38 ++++++++++++++++++++---------- armsrc/iso14443a.h | 2 +- armsrc/mifareutil.h | 2 +- armsrc/string.h | 4 ++-- armsrc/util.c | 9 +++++++ armsrc/util.h | 2 ++ client/cmdhf14a.c | 9 +++---- client/cmdhf14b.c | 11 ++++----- client/cmdhfepa.c | 3 ++- client/cmdhficlass.c | 4 ++-- client/cmdhfmf.c | 9 +++---- client/cmdhfmfdes.c | 10 ++------ client/cmdhfmfdes.h | 2 +- client/cmdlfhitag.c | 11 ++++----- client/data.h | 2 ++ client/lualibs/mf_default_keys.lua | 12 ++++++++++ client/scripts/tnp3sim.lua | 2 +- include/usb_cmd.h | 2 ++ 21 files changed, 106 insertions(+), 75 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index be904b4f..09acf41f 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -311,7 +311,7 @@ extern struct version_information version_information; extern char *_bootphase1_version_pointer, _flash_start, _flash_end; void SendVersion(void) { - char temp[256]; /* Limited data payload in USB packets */ + char temp[512]; /* Limited data payload in USB packets */ DbpString("Prox/RFID mark3 RFID instrument"); /* Try to find the bootrom version information. Expect to find a pointer at @@ -367,9 +367,8 @@ void SamyRun() for (;;) { -// UsbPoll(FALSE); usb_poll(); - WDT_HIT(); + WDT_HIT(); // Was our button held down or pressed? int button_pressed = BUTTON_HELD(1000); @@ -792,10 +791,15 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_SIMULATE_TAG_ISO_14443a: SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID break; + case CMD_EPA_PACE_COLLECT_NONCE: EPA_PACE_Collect_Nonce(c); break; + // case CMD_EPA_: + // EpaFoo(c); + // break; + case CMD_READER_MIFARE: ReaderMifare(c->arg[0]); break; diff --git a/armsrc/apps.h b/armsrc/apps.h index 0db2a19d..c9616e5e 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -32,10 +32,13 @@ // The large multi-purpose buffer, typically used to hold A/D samples, // maybe processed in some way. -uint32_t BigBuf[10000]; +//#define BIG_BUFF_SIZE 10000 // PM3 w. 256KB ram +#define BIG_BUFF_SIZE 10000 // PM3 w. 512KB ram + +uint32_t BigBuf[BIG_BUFF_SIZE]; // BIG CHANGE - UNDERSTAND THIS BEFORE WE COMMIT #define TRACE_OFFSET 0 -#define TRACE_SIZE 3000 +#define TRACE_SIZE 4096 #define RECV_CMD_OFFSET 3032 #define RECV_CMD_SIZE 64 #define RECV_RES_OFFSET 3096 @@ -45,7 +48,7 @@ uint32_t BigBuf[10000]; #define FREE_BUFFER_OFFSET 7256 #define FREE_BUFFER_SIZE 2744 -extern const uint8_t OddByteParity[256]; +//extern const uint8_t OddByteParity[256]; extern uint8_t *trace; // = (uint8_t *) BigBuf; extern int traceLen; // = 0; extern int rsamples; // = 0; diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 6ceb436b..91a802ca 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -228,7 +228,8 @@ static RAMFUNC int OutOfNDecoding(int bit) // Calculate the parity bit for the client... Uart.parityBits <<= 1; - Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)]; + //Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)]; + Uart.parityBits ^= oddparity(Uart.shiftReg & 0xff); Uart.bitCnt = 0; Uart.shiftReg = 0; @@ -251,7 +252,8 @@ static RAMFUNC int OutOfNDecoding(int bit) // Calculate the parity bit for the client... Uart.parityBits <<= 1; - Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)]; + //Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)]; + Uart.parityBits ^= oddparity((Uart.dropPosition & 0xff)); Uart.bitCnt = 0; Uart.shiftReg = 0; @@ -452,8 +454,7 @@ static RAMFUNC int ManchesterDecoding(int v) else { modulation = bit & Demod.syncBit; modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit; - //modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit; - + Demod.samples += 4; if(Demod.posCount==0) { @@ -488,7 +489,8 @@ static RAMFUNC int ManchesterDecoding(int v) Demod.output[Demod.len] = 0x0f; Demod.len++; Demod.parityBits <<= 1; - Demod.parityBits ^= OddByteParity[0x0f]; + //Demod.parityBits ^= OddByteParity[0x0f]; + Demod.parityBits ^= oddparity(0x0f); Demod.state = DEMOD_UNSYNCD; // error = 0x0f; return TRUE; @@ -613,7 +615,8 @@ static RAMFUNC int ManchesterDecoding(int v) // FOR ISO15639 PARITY NOT SEND OTA, JUST CALCULATE IT FOR THE CLIENT Demod.parityBits <<= 1; - Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)]; + //Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)]; + Demod.parityBits ^= oddparity((Demod.shiftReg & 0xff)); Demod.bitCount = 0; Demod.shiftReg = 0; @@ -870,10 +873,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen) } if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - /*if(OutOfNDecoding((b & 0xf0) >> 4)) { - *len = Uart.byteCnt; - return TRUE; - }*/ + if(OutOfNDecoding(b & 0x0f)) { *len = Uart.byteCnt; return TRUE; @@ -1395,7 +1395,6 @@ void ReaderTransmitIClass(uint8_t* frame, int len) int par = 0; // This is tied to other size changes - // uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024; CodeIClassCommand(frame,len); // Select the card @@ -1435,7 +1434,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples, for(;;) { WDT_HIT(); - if(BUTTON_PRESS()) return FALSE; + if(BUTTON_PRESS()) return FALSE; if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!! @@ -1446,10 +1445,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples, b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; skip = !skip; if(skip) continue; - /*if(ManchesterDecoding((b>>4) & 0xf)) { - *samples = ((c - 1) << 3) + 4; - return TRUE; - }*/ + if(ManchesterDecoding(b & 0x0f)) { *samples = c << 3; return TRUE; diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 6fe83c6e..fcd51d63 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -124,6 +124,8 @@ uint32_t LastProxToAirDuration; #define SEC_Y 0x00 #define SEC_Z 0xc0 +//replaced large parity table with small parity generation function - saves flash code +/* const uint8_t OddByteParity[256] = { 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, @@ -142,7 +144,7 @@ const uint8_t OddByteParity[256] = { 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1 }; - +*/ void iso14a_set_trigger(bool enable) { trigger = enable; @@ -165,10 +167,12 @@ void iso14a_set_timeout(uint32_t timeout) { // Generate the parity value for a byte sequence // //----------------------------------------------------------------------------- +/* byte_t oddparity (const byte_t bt) { return OddByteParity[bt]; } +*/ uint32_t GetParity(const uint8_t * pbtCmd, int iLen) { @@ -178,7 +182,8 @@ uint32_t GetParity(const uint8_t * pbtCmd, int iLen) // Generate the parity bits for (i = 0; i < iLen; i++) { // and save them to a 32Bit word - dwPar |= ((OddByteParity[pbtCmd[i]]) << i); + //dwPar |= ((OddByteParity[pbtCmd[i]]) << i); + dwPar |= (oddparity(pbtCmd[i]) << i); } return dwPar; } @@ -683,7 +688,8 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, int len, uint32_t dwParity } // Get the parity bit - if ((dwParity >> i) & 0x01) { + //if ((dwParity >> i) & 0x01) { + if (oddparity(cmd[i]) & 0x01) { ToSend[++ToSendMax] = SEC_D; LastProxToAirDuration = 8 * ToSendMax - 4; } else { @@ -891,6 +897,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data) response1[1] = 0x00; sak = 0x28; } break; + case 5: { // MIFARE TNP3XXX + // Says: I am a toy + response1[0] = 0x01; + response1[1] = 0x0f; + sak = 0x01; + } break; default: { Dbprintf("Error: unkown tagtype (%d)",tagType); return; @@ -1695,7 +1707,7 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u memcpy(uid_resp,resp,4); } uid_resp_len = 4; - // Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]); + // calculate crypto UID. Always use last 4 Bytes. if(cuid_ptr) { @@ -1713,6 +1725,8 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u if (!ReaderReceive(resp)) return 0; sak = resp[0]; + //Dbprintf("SAK: %02x",resp[0]); + // Test if more parts of the uid are comming if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) { // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of: @@ -1770,8 +1784,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) { SetAdcMuxFor(GPIO_MUXSEL_HIPKD); // Signal field is on with the appropriate LED - if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD - || fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) { + if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD || fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) { LED_D_ON(); } else { LED_D_OFF(); @@ -1859,10 +1872,10 @@ void ReaderIso14443a(UsbCommand *c) if(param & ISO14A_APPEND_CRC) { AppendCrc14443a(cmd,len); len += 2; - lenbits += 16; + if(lenbits>0) + lenbits += 16; } - if(lenbits>0) { - + if(lenbits>0) { ReaderTransmitBitsPar(cmd,lenbits,GetParity(cmd,lenbits/8), NULL); } else { ReaderTransmit(cmd,len, NULL); @@ -1937,8 +1950,8 @@ void ReaderMifare(bool first_try) uint32_t nt = 0; uint32_t previous_nt = 0; static uint32_t nt_attacked = 0; - byte_t par_list[8] = {0,0,0,0,0,0,0,0}; - byte_t ks_list[8] = {0,0,0,0,0,0,0,0}; + byte_t par_list[8] = {0x00}; + byte_t ks_list[8] = {0x00}; static uint32_t sync_time; static uint32_t sync_cycles; @@ -1947,8 +1960,6 @@ void ReaderMifare(bool first_try) uint16_t consecutive_resyncs = 0; int isOK = 0; - - if (first_try) { mf_nr_ar3 = 0; iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); @@ -1971,6 +1982,7 @@ void ReaderMifare(bool first_try) LED_C_OFF(); + Dbprintf("Mifare: Before loopen"); for(uint16_t i = 0; TRUE; i++) { WDT_HIT(); diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index 3c3993ba..b2c59907 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -75,7 +75,7 @@ typedef struct { -extern byte_t oddparity (const byte_t bt); +//extern byte_t oddparity (const byte_t bt); extern uint32_t GetParity(const uint8_t *pbtCmd, int iLen); extern void AppendCrc14443a(uint8_t *data, int len); diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h index f9d74384..bd313699 100644 --- a/armsrc/mifareutil.h +++ b/armsrc/mifareutil.h @@ -53,7 +53,7 @@ extern int MF_DBGLEVEL; #define cardSTATE_TO_IDLE() cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF(); //functions -uint8_t* mifare_get_bigbufptr(void); + int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t *timing); int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint8_t *timing); int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint32_t *timing); diff --git a/armsrc/string.h b/armsrc/string.h index 1067b91f..6e2c7883 100644 --- a/armsrc/string.h +++ b/armsrc/string.h @@ -16,9 +16,9 @@ #include int strlen(const char *str); -void *memcpy(void *dest, const void *src, int len); +RAMFUNC void *memcpy(void *dest, const void *src, int len); void *memset(void *dest, int c, int len); -int memcmp(const void *av, const void *bv, int len); +RAMFUNC int memcmp(const void *av, const void *bv, int len); void memxor(uint8_t * dest, uint8_t * src, size_t len); char *strncat(char *dest, const char *src, unsigned int n); char *strcat(char *dest, const char *src); diff --git a/armsrc/util.c b/armsrc/util.c index 0558fb94..b1ef6ea0 100644 --- a/armsrc/util.c +++ b/armsrc/util.c @@ -85,6 +85,15 @@ int32_t le24toh (uint8_t data[3]) return (data[2] << 16) | (data[1] << 8) | data[0]; } +//added here for parity calulations +uint8_t oddparity(uint8_t bt) +{ + uint16_t v = bt; + v ^= v >> 4; + v &= 0xF; + return ((0x9669 >> v) & 1); +} + void LEDsoff() { LED_A_OFF(); diff --git a/armsrc/util.h b/armsrc/util.h index c6503395..80ed9b54 100644 --- a/armsrc/util.h +++ b/armsrc/util.h @@ -35,6 +35,8 @@ uint64_t bytes_to_num(uint8_t* src, size_t len); void rol(uint8_t *data, const size_t len); void lsl (uint8_t *data, size_t len); int32_t le24toh (uint8_t data[3]); +//added parity generation function here +uint8_t oddparity(uint8_t bt); void SpinDelay(int ms); void SpinDelayUs(int us); diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 0f2b5222..391908e7 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -44,7 +44,7 @@ int CmdHF14AList(const char *Cmd) ShowWaitCycles = true; } - uint8_t got[1920]; + uint8_t got[TRACE_BUFFER_SIZE]; GetFromBigBuf(got,sizeof(got),0); WaitForResponse(CMD_ACK,NULL); @@ -62,7 +62,7 @@ int CmdHF14AList(const char *Cmd) uint32_t EndOfTransmissionTimestamp = 0; for (;;) { - if(i >= 1900) { + if(i >= TRACE_BUFFER_SIZE) { break; } @@ -86,7 +86,7 @@ int CmdHF14AList(const char *Cmd) if (len > 100) { break; } - if (i + len >= 1900) { + if (i + len >= TRACE_BUFFER_SIZE) { break; } @@ -400,6 +400,7 @@ int CmdHF14ASim(const char *Cmd) PrintAndLog(" 2 = MIFARE Ultralight"); PrintAndLog(" 3 = MIFARE DESFIRE"); PrintAndLog(" 4 = ISO/IEC 14443-4"); + PrintAndLog(" 5 = MIFARE TNP3XXX"); PrintAndLog(""); return 1; } @@ -628,7 +629,7 @@ static void waitCmd(uint8_t iSelect) UsbCommand resp; char *hexout; - if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { + if (WaitForResponseTimeout(CMD_ACK,&resp,10000)) { recv = resp.d.asBytes; uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0]; PrintAndLog("received %i octets",iLen); diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index f580e6d5..2c4c5949 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -144,7 +144,7 @@ demodError: int CmdHF14BList(const char *Cmd) { - uint8_t got[960]; + uint8_t got[TRACE_BUFFER_SIZE]; GetFromBigBuf(got,sizeof(got),0); WaitForResponse(CMD_ACK,NULL); @@ -156,9 +156,8 @@ int CmdHF14BList(const char *Cmd) int prev = -1; for(;;) { - if(i >= 900) { - break; - } + + if(i >= TRACE_BUFFER_SIZE) { break; } bool isResponse; int timestamp = *((uint32_t *)(got+i)); @@ -175,7 +174,7 @@ int CmdHF14BList(const char *Cmd) if(len > 100) { break; } - if(i + len >= 900) { + if(i + len >= TRACE_BUFFER_SIZE) { break; } @@ -357,7 +356,7 @@ int CmdHF14BCmdRaw (const char *cmd) { SendCommand(&c); if (reply) { - if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { + if (WaitForResponseTimeout(CMD_ACK,&resp,10000)) { recv = resp.d.asBytes; PrintAndLog("received %i octets",resp.arg[0]); if(!resp.arg[0]) diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c index 92e61c68..c893da76 100644 --- a/client/cmdhfepa.c +++ b/client/cmdhfepa.c @@ -45,7 +45,7 @@ int CmdHFEPACollectPACENonces(const char *Cmd) SendCommand(&c); UsbCommand resp; - WaitForResponse(CMD_ACK,&resp); + WaitForResponse(CMD_ACK,&resp); // check if command failed if (resp.arg[0] != 0) { @@ -68,6 +68,7 @@ int CmdHFEPACollectPACENonces(const char *Cmd) return 1; } +// UI-related stuff // UI-related stuff static const command_t CommandTable[] = diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 47ff2db0..7bbf26b2 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -55,7 +55,7 @@ int CmdHFiClassList(const char *Cmd) return 0; } - uint8_t got[1920]; + uint8_t got[TRACE_BUFFER_SIZE]; GetFromBigBuf(got,sizeof(got),0); WaitForResponse(CMD_ACK,NULL); @@ -77,7 +77,7 @@ int CmdHFiClassList(const char *Cmd) uint32_t EndOfTransmissionTimestamp = 0; - for( i=0; i < 1900;) + for( i=0; i < TRACE_BUFFER_SIZE;) { //First 32 bits contain // isResponse (1 bit) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index b7f336db..54d0f4f1 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -2003,7 +2003,7 @@ int CmdHF14AMfCSave(const char *Cmd) { int CmdHF14AMfSniff(const char *Cmd){ - // params + bool wantLogToFile = 0; bool wantDecrypt = 0; //bool wantSaveToEml = 0; TODO @@ -2031,8 +2031,8 @@ int CmdHF14AMfSniff(const char *Cmd){ PrintAndLog(" l - save encrypted sequence to logfile `uid.log`"); PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`"); PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory"); - PrintAndLog(" r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`"); - PrintAndLog("Usage: hf mf sniff [l][d][e][r]"); + PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`"); + PrintAndLog("Usage: hf mf sniff [l][d][e][f]"); PrintAndLog(" sample: hf mf sniff l d e"); return 0; } @@ -2220,9 +2220,6 @@ int GetCardSize() return -1; } - - - static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index c0c7a67e..75aaa084 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -27,9 +27,9 @@ uint8_t CMDPOS = 0; uint8_t LENPOS = 1; -uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; +uint8_t key_zero_data[16] = { 0x00 }; +uint8_t key_ones_data[16] = { 0x01 }; uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }; -uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 }; uint8_t key_picc_data[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f }; static int CmdHelp(const char *Cmd); @@ -537,11 +537,6 @@ int CmdHF14ADesEnumApplications(const char *Cmd){ return 1; } -int CmdHF14ADesNonces(const char *Cmd){ - return 1; -} - -// // MIAFRE DesFire Authentication // #define BUFSIZE 256 @@ -670,7 +665,6 @@ static command_t CommandTable[] = {"wb", CmdHF14ADesWb, 0, "write MIFARE DesFire block"}, {"info", CmdHF14ADesInfo, 0, "Get MIFARE DesFire information"}, {"enum", CmdHF14ADesEnumApplications,0, "Tries enumerate all applications"}, - {"nonce", CmdHF14ADesNonces, 0, " Collect n>0 nonces"}, {NULL, NULL, 0, NULL} }; diff --git a/client/cmdhfmfdes.h b/client/cmdhfmfdes.h index 06f592ed..6ebc98ae 100644 --- a/client/cmdhfmfdes.h +++ b/client/cmdhfmfdes.h @@ -14,7 +14,7 @@ int CmdHF14ADesRb(const char* cmd); int CmdHF14ADesWb(const char* cmd); int CmdHF14ADesInfo(const char *Cmd); int CmdHF14ADesEnumApplications(const char *Cmd); -int CmdHF14ADesNonces(const char *Cmd); + char * GetCardSizeStr( uint8_t fsize ); char * GetVendorStr( uint8_t id); char * GetProtocolStr(uint8_t id); diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index ede03575..9a228b2b 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -29,7 +29,7 @@ size_t nbytes(size_t nbits) { int CmdLFHitagList(const char *Cmd) { - uint8_t got[3000]; + uint8_t got[TRACE_BUFFER_SIZE]; GetFromBigBuf(got,sizeof(got),0); WaitForResponse(CMD_ACK,NULL); @@ -44,9 +44,8 @@ int CmdLFHitagList(const char *Cmd) FILE* pf = NULL; for (;;) { - if(i >= 1900) { - break; - } + + if(i >= TRACE_BUFFER_SIZE) { break; } bool isResponse; int timestamp = *((uint32_t *)(got+i)); @@ -71,9 +70,7 @@ int CmdLFHitagList(const char *Cmd) if (len > 100) { break; } - if (i + len >= 1900) { - break; - } + if (i + len >= TRACE_BUFFER_SIZE) { break;} uint8_t *frame = (got+i+9); diff --git a/client/data.h b/client/data.h index eead3fa8..41bd9a41 100644 --- a/client/data.h +++ b/client/data.h @@ -13,6 +13,8 @@ #include +//trace buffer size as defined in armsrc/apps.h TRACE_SIZE +#define TRACE_BUFFER_SIZE 4096 #define FILE_PATH_SIZE 1000 #define SAMPLE_BUFFER_SIZE 64 diff --git a/client/lualibs/mf_default_keys.lua b/client/lualibs/mf_default_keys.lua index b9b414d8..810f0d6e 100644 --- a/client/lualibs/mf_default_keys.lua +++ b/client/lualibs/mf_default_keys.lua @@ -147,6 +147,18 @@ local _keys = { --]] '4b0b20107ccb', + --[[ + Kiev metro cards + --]] + '8fe644038790', + 'f14ee7cae863', + '632193be1c3c', + '569369c5a0e5', + '9de89e070277', + 'eff603e1efe9', + '644672bd4afe', + + 'b5ff67cba951', } --- diff --git a/client/scripts/tnp3sim.lua b/client/scripts/tnp3sim.lua index 02749d3e..f43dafa2 100644 --- a/client/scripts/tnp3sim.lua +++ b/client/scripts/tnp3sim.lua @@ -349,7 +349,7 @@ local function main(args) err = LoadEmulator(blocks) if err then return oops(err) end core.clearCommandBuffer() - print('The simulation is now prepared. run \"hf mf sim\" ') + print('The simulation is now prepared.\n --> run \"hf mf sim 5 '..uid..'\" <--') end end main(args) \ No newline at end of file diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 36fcf248..55df18f4 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -112,7 +112,9 @@ typedef struct { #define CMD_SIMULATE_TAG_LEGIC_RF 0x0387 #define CMD_READER_LEGIC_RF 0x0388 #define CMD_WRITER_LEGIC_RF 0x0389 + #define CMD_EPA_PACE_COLLECT_NONCE 0x038A +//#define CMD_EPA_ 0x038B #define CMD_SNOOP_ICLASS 0x0392 #define CMD_SIMULATE_TAG_ICLASS 0x0393 -- 2.39.2