From 9d87eb66500080f76d81b8d453f3f5340717c001 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Mon, 18 May 2015 13:11:00 -0400 Subject: [PATCH] MF ultralight code cleanup --- armsrc/appmain.c | 1 - armsrc/mifarecmd.c | 38 +++++++++----- armsrc/mifareutil.c | 15 +++--- client/cmdhfmfu.c | 102 ++++++++++++++++++++---------------- client/lualibs/commands.lua | 8 ++- include/usb_cmd.h | 5 +- 6 files changed, 93 insertions(+), 76 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 7b94f8a3..96644b9a 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -830,7 +830,6 @@ void UsbPacketReceived(uint8_t *packet, int len) MifareUC_Auth(c->arg[0],c->d.asBytes); break; case CMD_MIFAREU_READCARD: - case CMD_MIFAREUC_READCARD: MifareUReadCard(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); break; case CMD_MIFAREUC_SETPWD: diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 1f8f4ee8..23652070 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -106,17 +106,17 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){ return; }; - if(mifare_ultra_auth(keybytes) == 1){ + if(!mifare_ultra_auth(keybytes)){ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed"); OnError(1); return; } - cmd_send(CMD_ACK,1,0,0,0,0); if (turnOffField) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } + cmd_send(CMD_ACK,1,0,0,0,0); } // Arg0 = BlockNo, @@ -146,7 +146,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) uint8_t key[16] = {0x00}; memcpy(key, datain, sizeof(key) ); - if ( mifare_ultra_auth(key) == 1 ) { + if ( !mifare_ultra_auth(key) ) { OnError(1); return; } @@ -157,7 +157,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) uint8_t pwd[4] = {0x00}; memcpy(pwd, datain, 4); uint8_t pack[4] = {0,0,0,0}; - if (mifare_ul_ev1_auth(pwd, pack) == 1) { + if (!mifare_ul_ev1_auth(pwd, pack)) { OnError(1); return; } @@ -255,8 +255,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) uint16_t blocks = arg1; bool useKey = (arg2 == 1); //UL_C bool usePwd = (arg2 == 2); //UL_EV1/NTAG - int countblocks = 0; - uint8_t dataout[176] = {0x00}; + uint32_t countblocks = 0; + uint8_t *dataout = BigBuf_get_addr(); LEDsoff(); LED_A_ON(); @@ -275,7 +275,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) uint8_t key[16] = {0x00}; memcpy(key, datain, sizeof(key) ); - if ( mifare_ultra_auth(key) == 1 ) { + if ( !mifare_ultra_auth(key) ) { OnError(1); return; } @@ -287,19 +287,30 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) memcpy(pwd, datain, sizeof(pwd)); uint8_t pack[4] = {0,0,0,0}; - if (mifare_ul_ev1_auth(pwd, pack) == 1){ + if (!mifare_ul_ev1_auth(pwd, pack)){ OnError(1); return; } } for (int i = 0; i < blocks; i++){ - len = mifare_ultra_readblock(blockNo * 4 + i, dataout + 4 * i); + if ((i*4) + 4 > BigBuf_get_traceLen()) { + Dbprintf("Data exceeds buffer!!"); + break; + } + + len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i); if (len) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i); - OnError(2); - return; + // if no blocks read - error out + if (i==0){ + OnError(2); + return; + } else { + //stop at last successful read block and return what we got + break; + } } else { countblocks++; } @@ -314,9 +325,8 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain) if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks); - len = blocks * 4; - - cmd_send(CMD_ACK, 1, len, 0, dataout, len); + countblocks *= 4; + cmd_send(CMD_ACK, 1, countblocks, countblocks, 0, 0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); } diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 0469364c..77169a36 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -322,15 +322,14 @@ int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){ len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL); if (len != 4) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len); - OnError(1); - return 1; + return 0; } if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Auth Resp: %02x%02x%02x%02x", resp[0],resp[1],resp[2],resp[3]); memcpy(pack, resp, 4); - return 0; + return 1; } int mifare_ultra_auth(uint8_t *keybytes){ @@ -353,8 +352,7 @@ int mifare_ultra_auth(uint8_t *keybytes){ len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL); if (len != 11) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]); - OnError(1); - return 1; + return 0; } // tag nonce. @@ -386,8 +384,7 @@ int mifare_ultra_auth(uint8_t *keybytes){ len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL); if (len != 11) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]); - OnError(1); - return 1; + return 0; } uint8_t enc_resp[8] = { 0,0,0,0,0,0,0,0 }; @@ -398,7 +395,7 @@ int mifare_ultra_auth(uint8_t *keybytes){ tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b); if ( memcmp(resp_random_a, random_a, 8) != 0 ) { if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication"); - return 1; + return 0; } if (MF_DBGLEVEL >= MF_DBG_EXTENDED) { @@ -418,7 +415,7 @@ int mifare_ultra_auth(uint8_t *keybytes){ resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3], resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]); } - return 0; + return 1; } int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData) diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index a22ff859..15fa8e42 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -14,9 +14,10 @@ #include "mifare.h" #include "util.h" #include "protocols.h" +#include "data.h" #define MAX_UL_BLOCKS 0x0f -#define MAX_ULC_BLOCKS 0x2f +#define MAX_ULC_BLOCKS 0x2b #define MAX_ULEV1a_BLOCKS 0x12 #define MAX_ULEV1b_BLOCKS 0x20 #define MAX_NTAG_213 0x2c @@ -191,10 +192,10 @@ static int ulc_authentication( uint8_t *key, bool switch_off_field ){ memcpy(c.d.asBytes, key, 16); SendCommand(&c); UsbCommand resp; - if ( !WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) return -1; - if ( resp.arg[0] == 1 ) return 0; + if ( !WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) return 0; + if ( resp.arg[0] == 1 ) return 1; - return -2; + return 0; } static int ulev1_requestAuthentication( uint8_t *pwd, uint8_t *pack, uint16_t packLength ){ @@ -631,22 +632,20 @@ int CmdHF14AMfUInfo(const char *Cmd){ PrintAndLog("-------------------------------------------------------------"); ul_print_type(tagtype, 6); - status = ul_select(&card); - if ( status < 1 ){ - PrintAndLog("iso14443a card select failed"); - ul_switch_off_field(); - return status; - } - - if ( hasAuthKey ) { - if ((tagtype & UL_C)) { - //will select card automatically - if (ulc_authentication(authenticationkey, false) != 0) { - ul_switch_off_field(); - PrintAndLog("Error: Authentication Failed UL-C"); - return 0; - } - } else { + if ( hasAuthKey && (tagtype & UL_C)) { + //will select card automatically and close connection on error + if (!ulc_authentication(authenticationkey, false)) { + PrintAndLog("Error: Authentication Failed UL-C"); + return 0; + } + } else { + status = ul_select(&card); + if ( status < 1 ){ + PrintAndLog("iso14443a card select failed"); + ul_switch_off_field(); + return status; + } + if (hasAuthKey) { len = ulev1_requestAuthentication(authenticationkey, pack, sizeof(pack)); if (len < 1) { ul_switch_off_field(); @@ -674,6 +673,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ status = ul_read(0x28, ulc_conf, sizeof(ulc_conf)); if ( status == -1 ){ PrintAndLog("Error: tag didn't answer to READ UL-C"); + ul_switch_off_field(); return status; } ulc_print_configuration(ulc_conf); @@ -690,22 +690,21 @@ int CmdHF14AMfUInfo(const char *Cmd){ ulc_print_3deskey(ulc_deskey); } else { + ul_switch_off_field(); // if we called info with key, just return if ( hasAuthKey ) return 1; PrintAndLog("Trying some default 3des keys"); for (uint8_t i = 0; i < KEYS_3DES_COUNT; ++i ){ key = default_3des_keys[i]; - if (ulc_authentication(key, true) == 0){ + if (ulc_authentication(key, true)){ PrintAndLog("Found default 3des key: "); //%s", sprint_hex(key,16)); uint8_t keySwap[16]; memcpy(keySwap, SwapEndian64(key,16,8), 16); ulc_print_3deskey(keySwap); - ul_switch_off_field(); return 1; } } - ul_switch_off_field(); return 1; //return even if key not found (UL_C is done) } } @@ -763,14 +762,19 @@ int CmdHF14AMfUInfo(const char *Cmd){ // 1-7 = ... should we even try then? if ( authlim == 0 ){ PrintAndLog("\n--- Known EV1/NTAG passwords."); - - for (uint8_t i = 0; i < 3; ++i ){ + len = 0; + for (uint8_t i = 0; i < KEYS_PWD_COUNT; ++i ){ key = default_pwd_pack[i]; - if ( len > -1 ){ - len = ulev1_requestAuthentication(key, pack, sizeof(pack)); - if (len == 1) { - PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]); - break; + len = ulev1_requestAuthentication(key, pack, sizeof(pack)); + if (len >= 1) { + PrintAndLog("Found a default password: %s || Pack: %02X %02X",sprint_hex(key, 4), pack[0], pack[1]); + break; + } else { + status = ul_select(&card); + if ( status < 1 ){ + PrintAndLog("iso14443a card select failed - ev1 auth"); + ul_switch_off_field(); + return status; } } } @@ -783,6 +787,7 @@ int CmdHF14AMfUInfo(const char *Cmd){ status = ul_read(3, cc, sizeof(cc)); if ( status == -1 ){ PrintAndLog("Error: tag didn't answer to READ ntag"); + ul_switch_off_field(); return status; } ntag_print_CC(cc); @@ -988,8 +993,10 @@ int CmdHF14AMfUDump(const char *Cmd){ errors = param_gethex(tempStr, 0, key, dataLen); else if (dataLen == 8) //ev1/ntag errors = param_gethex(tempStr, 0, key, dataLen); - else + else{ + PrintAndLog("\nERROR: Key is incorrect length\n"); errors = true; + } cmdp += 2; hasPwd = true; @@ -1042,8 +1049,7 @@ int CmdHF14AMfUDump(const char *Cmd){ ul_print_type(tagtype, 0); PrintAndLog("Reading tag memory..."); - - UsbCommand c = {CMD_MIFAREUC_READCARD, {startPage,Pages}}; + UsbCommand c = {CMD_MIFAREU_READCARD, {startPage,Pages}}; if ( hasPwd ) { if (tagtype & UL_C) c.arg[2] = 1; //UL_C auth @@ -1058,15 +1064,20 @@ int CmdHF14AMfUDump(const char *Cmd){ PrintAndLog("Command execute time-out"); return 1; } - PrintAndLog ("%u,%u",resp.arg[0],resp.arg[1]); - uint8_t isOK = resp.arg[0] & 0xff; - if (isOK) { - memcpy(data, resp.d.asBytes, resp.arg[1]); - } else { + if (resp.arg[0] != 1) { PrintAndLog("Failed reading block: (%02x)", i); return 1; } + uint32_t bufferSize = resp.arg[1]; + if (bufferSize > sizeof(data)) { + PrintAndLog("Data exceeded Buffer size!"); + bufferSize = sizeof(data); + } + GetFromBigBuf(data, bufferSize, 0); + WaitForResponse(CMD_ACK,NULL); + + Pages = bufferSize/4; // Load lock bytes. int j = 0; @@ -1088,11 +1099,14 @@ int CmdHF14AMfUDump(const char *Cmd){ } } - // add keys - if (hasPwd){ //UL_C + // add keys to block dump + if (hasPwd && (tagtype & UL_C)){ //UL_C memcpy(data + Pages*4, key, dataLen/2); Pages += 4; - } + } else if (hasPwd) { //not sure output is in correct location. + memcpy(data + Pages*4, key, dataLen/2); + Pages += 1; + } for (i = 0; i < Pages; ++i) { if ( i < 3 ) { @@ -1186,7 +1200,7 @@ void rol (uint8_t *data, const size_t len){ // int CmdHF14AMfucAuth(const char *Cmd){ - uint8_t keyNo = 0; + uint8_t keyNo = 3; bool errors = false; char cmdp = param_getchar(Cmd, 0); @@ -1216,11 +1230,11 @@ int CmdHF14AMfucAuth(const char *Cmd){ } uint8_t *key = default_3des_keys[keyNo]; - if (ulc_authentication(key, true) == 0) + if (ulc_authentication(key, true)) PrintAndLog("Authentication successful. 3des key: %s",sprint_hex(key, 16)); else PrintAndLog("Authentication failed"); - + return 0; } diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index b0257ef0..678c745e 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -135,11 +135,9 @@ local _commands = { CMD_MIFARE_SNIFFER = 0x0630, --//ultralightC - CMD_MIFAREUC_AUTH1 = 0x0724, - CMD_MIFAREUC_AUTH2 = 0x0725, - CMD_MIFAREUC_READCARD = 0x0726, - CMD_MIFAREUC_SETPWD = 0x0727, - CMD_MIFAREU_SETUID = 0x0728, + CMD_MIFAREUC_AUTH = 0x0724, + CMD_MIFAREUC_SETPWD = 0x0727, + CMD_MIFAREU_SETUID = 0x0728, --// mifare desfire CMD_MIFARE_DESFIRE_READBL = 0x0728, diff --git a/include/usb_cmd.h b/include/usb_cmd.h index f67eac58..357395d4 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -174,9 +174,8 @@ typedef struct{ #define CMD_MIFARE_SNIFFER 0x0630 //ultralightC -#define CMD_MIFAREUC_AUTH1 0x0724 -#define CMD_MIFAREUC_AUTH2 0x0725 -#define CMD_MIFAREUC_READCARD 0x0726 +#define CMD_MIFAREUC_AUTH 0x0724 +//0x0725 and 0x0726 no longer used #define CMD_MIFAREUC_SETPWD 0x0727 -- 2.39.2