]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/iclass.c
28cfcaa66c407bf5a54d3c47afe817be5ad1cd71
[proxmark3-svn] / armsrc / iclass.c
1 //-----------------------------------------------------------------------------
2 // Gerhard de Koning Gans - May 2008
3 // Hagen Fritsch - June 2010
4 // Gerhard de Koning Gans - May 2011
5 // Gerhard de Koning Gans - June 2012 - Added iClass card and reader emulation
6 // piwi - 2019
7 //
8 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
9 // at your option, any later version. See the LICENSE.txt file for the text of
10 // the license.
11 //-----------------------------------------------------------------------------
12 // Routines to support iClass.
13 //-----------------------------------------------------------------------------
14 // Contribution made during a security research at Radboud University Nijmegen
15 //
16 // Please feel free to contribute and extend iClass support!!
17 //-----------------------------------------------------------------------------
18
19 #include "iclass.h"
20
21 #include "proxmark3.h"
22 #include "apps.h"
23 #include "util.h"
24 #include "string.h"
25 #include "printf.h"
26 #include "common.h"
27 #include "cmd.h"
28 #include "iso14443a.h"
29 #include "iso15693.h"
30 // Needed for CRC in emulation mode;
31 // same construction as in ISO 14443;
32 // different initial value (CRC_ICLASS)
33 #include "iso14443crc.h"
34 #include "iso15693tools.h"
35 #include "protocols.h"
36 #include "optimized_cipher.h"
37 #include "usb_cdc.h" // for usb_poll_validate_length
38 #include "fpgaloader.h"
39
40 // iCLASS has a slightly different timing compared to ISO15693. According to the picopass data sheet the tag response is expected 330us after
41 // the reader command. This is measured from end of reader EOF to first modulation of the tag's SOF which starts with a 56,64us unmodulated period.
42 // 330us = 140 ssp_clk cycles @ 423,75kHz when simulating.
43 // 56,64us = 24 ssp_clk_cycles
44 #define DELAY_ICLASS_VCD_TO_VICC_SIM (140 - 24)
45 // times in ssp_clk_cycles @ 3,3625MHz when acting as reader
46 #define DELAY_ICLASS_VICC_TO_VCD_READER DELAY_ISO15693_VICC_TO_VCD_READER
47 // times in samples @ 212kHz when acting as reader
48 #define ICLASS_READER_TIMEOUT_ACTALL 330 // 1558us, nominal 330us + 7slots*160us = 1450us
49 #define ICLASS_READER_TIMEOUT_UPDATE 3390 // 16000us, nominal 4-15ms
50 #define ICLASS_READER_TIMEOUT_OTHERS 80 // 380us, nominal 330us
51
52 #define ICLASS_BUFFER_SIZE 34 // we expect max 34 bytes as tag answer (response to READ4)
53
54
55 //=============================================================================
56 // A `sniffer' for iClass communication
57 // Both sides of communication!
58 //=============================================================================
59 void SnoopIClass(uint8_t jam_search_len, uint8_t *jam_search_string) {
60 SnoopIso15693(jam_search_len, jam_search_string);
61 }
62
63
64 void rotateCSN(uint8_t* originalCSN, uint8_t* rotatedCSN) {
65 int i;
66 for (i = 0; i < 8; i++) {
67 rotatedCSN[i] = (originalCSN[i] >> 3) | (originalCSN[(i+1)%8] << 5);
68 }
69 }
70
71
72 // Encode SOF only
73 static void CodeIClassTagSOF() {
74 ToSendReset();
75 ToSend[++ToSendMax] = 0x1D;
76 ToSendMax++;
77 }
78
79
80 static void AppendCrc(uint8_t *data, int len) {
81 ComputeCrc14443(CRC_ICLASS, data, len, data+len, data+len+1);
82 }
83
84
85 /**
86 * @brief Does the actual simulation
87 */
88 int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) {
89
90 // free eventually allocated BigBuf memory
91 BigBuf_free_keep_EM();
92
93 uint16_t page_size = 32 * 8;
94 uint8_t current_page = 0;
95
96 // maintain cipher states for both credit and debit key for each page
97 State cipher_state_KC[8];
98 State cipher_state_KD[8];
99 State *cipher_state = &cipher_state_KD[0];
100
101 uint8_t *emulator = BigBuf_get_EM_addr();
102 uint8_t *csn = emulator;
103
104 // CSN followed by two CRC bytes
105 uint8_t anticoll_data[10];
106 uint8_t csn_data[10];
107 memcpy(csn_data, csn, sizeof(csn_data));
108 Dbprintf("Simulating CSN %02x%02x%02x%02x%02x%02x%02x%02x", csn[0], csn[1], csn[2], csn[3], csn[4], csn[5], csn[6], csn[7]);
109
110 // Construct anticollision-CSN
111 rotateCSN(csn_data, anticoll_data);
112
113 // Compute CRC on both CSNs
114 AppendCrc(anticoll_data, 8);
115 AppendCrc(csn_data, 8);
116
117 uint8_t diversified_key_d[8] = { 0x00 };
118 uint8_t diversified_key_c[8] = { 0x00 };
119 uint8_t *diversified_key = diversified_key_d;
120
121 // configuration block
122 uint8_t conf_block[10] = {0x12, 0xFF, 0xFF, 0xFF, 0x7F, 0x1F, 0xFF, 0x3C, 0x00, 0x00};
123
124 // e-Purse
125 uint8_t card_challenge_data[8] = { 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
126
127 if (simulationMode == ICLASS_SIM_MODE_FULL) {
128 // initialize from page 0
129 memcpy(conf_block, emulator + 8 * 1, 8);
130 memcpy(card_challenge_data, emulator + 8 * 2, 8); // e-purse
131 memcpy(diversified_key_d, emulator + 8 * 3, 8); // Kd
132 memcpy(diversified_key_c, emulator + 8 * 4, 8); // Kc
133 }
134
135 AppendCrc(conf_block, 8);
136
137 // save card challenge for sim2,4 attack
138 if (reader_mac_buf != NULL) {
139 memcpy(reader_mac_buf, card_challenge_data, 8);
140 }
141
142 if (conf_block[5] & 0x80) {
143 page_size = 256 * 8;
144 }
145
146 // From PicoPass DS:
147 // When the page is in personalization mode this bit is equal to 1.
148 // Once the application issuer has personalized and coded its dedicated areas, this bit must be set to 0:
149 // the page is then "in application mode".
150 bool personalization_mode = conf_block[7] & 0x80;
151
152 // chip memory may be divided in 8 pages
153 uint8_t max_page = conf_block[4] & 0x10 ? 0 : 7;
154
155 // Precalculate the cipher states, feeding it the CC
156 cipher_state_KD[0] = opt_doTagMAC_1(card_challenge_data, diversified_key_d);
157 cipher_state_KC[0] = opt_doTagMAC_1(card_challenge_data, diversified_key_c);
158 if (simulationMode == ICLASS_SIM_MODE_FULL) {
159 for (int i = 1; i < max_page; i++) {
160 uint8_t *epurse = emulator + i*page_size + 8*2;
161 uint8_t *Kd = emulator + i*page_size + 8*3;
162 uint8_t *Kc = emulator + i*page_size + 8*4;
163 cipher_state_KD[i] = opt_doTagMAC_1(epurse, Kd);
164 cipher_state_KC[i] = opt_doTagMAC_1(epurse, Kc);
165 }
166 }
167
168 int exitLoop = 0;
169 // Reader 0a
170 // Tag 0f
171 // Reader 0c
172 // Tag anticoll. CSN
173 // Reader 81 anticoll. CSN
174 // Tag CSN
175
176 uint8_t *modulated_response;
177 int modulated_response_size = 0;
178 uint8_t *trace_data = NULL;
179 int trace_data_size = 0;
180
181 // Respond SOF -- takes 1 bytes
182 uint8_t *resp_sof = BigBuf_malloc(1);
183 int resp_sof_Len;
184
185 // Anticollision CSN (rotated CSN)
186 // 22: Takes 2 bytes for SOF/EOF and 10 * 2 = 20 bytes (2 bytes/byte)
187 uint8_t *resp_anticoll = BigBuf_malloc(22);
188 int resp_anticoll_len;
189
190 // CSN (block 0)
191 // 22: Takes 2 bytes for SOF/EOF and 10 * 2 = 20 bytes (2 bytes/byte)
192 uint8_t *resp_csn = BigBuf_malloc(22);
193 int resp_csn_len;
194
195 // configuration (block 1) picopass 2ks
196 uint8_t *resp_conf = BigBuf_malloc(22);
197 int resp_conf_len;
198
199 // e-Purse (block 2)
200 // 18: Takes 2 bytes for SOF/EOF and 8 * 2 = 16 bytes (2 bytes/bit)
201 uint8_t *resp_cc = BigBuf_malloc(18);
202 int resp_cc_len;
203
204 // Kd, Kc (blocks 3 and 4). Cannot be read. Always respond with 0xff bytes only
205 uint8_t *resp_ff = BigBuf_malloc(22);
206 int resp_ff_len;
207 uint8_t ff_data[10] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00};
208 AppendCrc(ff_data, 8);
209
210 // Application Issuer Area (block 5)
211 uint8_t *resp_aia = BigBuf_malloc(22);
212 int resp_aia_len;
213 uint8_t aia_data[10] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00};
214 AppendCrc(aia_data, 8);
215
216 uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
217 int len;
218
219 // Prepare card messages
220
221 // First card answer: SOF only
222 CodeIClassTagSOF();
223 memcpy(resp_sof, ToSend, ToSendMax);
224 resp_sof_Len = ToSendMax;
225
226 // Anticollision CSN
227 CodeIso15693AsTag(anticoll_data, sizeof(anticoll_data));
228 memcpy(resp_anticoll, ToSend, ToSendMax);
229 resp_anticoll_len = ToSendMax;
230
231 // CSN (block 0)
232 CodeIso15693AsTag(csn_data, sizeof(csn_data));
233 memcpy(resp_csn, ToSend, ToSendMax);
234 resp_csn_len = ToSendMax;
235
236 // Configuration (block 1)
237 CodeIso15693AsTag(conf_block, sizeof(conf_block));
238 memcpy(resp_conf, ToSend, ToSendMax);
239 resp_conf_len = ToSendMax;
240
241 // e-Purse (block 2)
242 CodeIso15693AsTag(card_challenge_data, sizeof(card_challenge_data));
243 memcpy(resp_cc, ToSend, ToSendMax);
244 resp_cc_len = ToSendMax;
245
246 // Kd, Kc (blocks 3 and 4)
247 CodeIso15693AsTag(ff_data, sizeof(ff_data));
248 memcpy(resp_ff, ToSend, ToSendMax);
249 resp_ff_len = ToSendMax;
250
251 // Application Issuer Area (block 5)
252 CodeIso15693AsTag(aia_data, sizeof(aia_data));
253 memcpy(resp_aia, ToSend, ToSendMax);
254 resp_aia_len = ToSendMax;
255
256 //This is used for responding to READ-block commands or other data which is dynamically generated
257 uint8_t *data_generic_trace = BigBuf_malloc(32 + 2); // 32 bytes data + 2byte CRC is max tag answer
258 uint8_t *data_response = BigBuf_malloc( (32 + 2) * 2 + 2);
259
260 bool buttonPressed = false;
261 enum { IDLE, ACTIVATED, SELECTED, HALTED } chip_state = IDLE;
262
263 while (!exitLoop) {
264 WDT_HIT();
265
266 uint32_t reader_eof_time = 0;
267 len = GetIso15693CommandFromReader(receivedCmd, MAX_FRAME_SIZE, &reader_eof_time);
268 if (len < 0) {
269 buttonPressed = true;
270 break;
271 }
272
273 // Now look at the reader command and provide appropriate responses
274 // default is no response:
275 modulated_response = NULL;
276 modulated_response_size = 0;
277 trace_data = NULL;
278 trace_data_size = 0;
279
280 if (receivedCmd[0] == ICLASS_CMD_ACTALL && len == 1) {
281 // Reader in anticollision phase
282 if (chip_state != HALTED) {
283 modulated_response = resp_sof;
284 modulated_response_size = resp_sof_Len;
285 chip_state = ACTIVATED;
286 }
287
288 } else if (receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 1) { // identify
289 // Reader asks for anticollision CSN
290 if (chip_state == SELECTED || chip_state == ACTIVATED) {
291 modulated_response = resp_anticoll;
292 modulated_response_size = resp_anticoll_len;
293 trace_data = anticoll_data;
294 trace_data_size = sizeof(anticoll_data);
295 }
296
297 } else if (receivedCmd[0] == ICLASS_CMD_SELECT && len == 9) {
298 // Reader selects anticollision CSN.
299 // Tag sends the corresponding real CSN
300 if (chip_state == ACTIVATED || chip_state == SELECTED) {
301 if (!memcmp(receivedCmd+1, anticoll_data, 8)) {
302 modulated_response = resp_csn;
303 modulated_response_size = resp_csn_len;
304 trace_data = csn_data;
305 trace_data_size = sizeof(csn_data);
306 chip_state = SELECTED;
307 } else {
308 chip_state = IDLE;
309 }
310 } else if (chip_state == HALTED) {
311 // RESELECT with CSN
312 if (!memcmp(receivedCmd+1, csn_data, 8)) {
313 modulated_response = resp_csn;
314 modulated_response_size = resp_csn_len;
315 trace_data = csn_data;
316 trace_data_size = sizeof(csn_data);
317 chip_state = SELECTED;
318 }
319 }
320
321 } else if (receivedCmd[0] == ICLASS_CMD_READ_OR_IDENTIFY && len == 4) { // read block
322 uint16_t blockNo = receivedCmd[1];
323 if (chip_state == SELECTED) {
324 if (simulationMode == ICLASS_SIM_MODE_EXIT_AFTER_MAC) {
325 // provide defaults for blocks 0 ... 5
326 switch (blockNo) {
327 case 0: // csn (block 00)
328 modulated_response = resp_csn;
329 modulated_response_size = resp_csn_len;
330 trace_data = csn_data;
331 trace_data_size = sizeof(csn_data);
332 break;
333 case 1: // configuration (block 01)
334 modulated_response = resp_conf;
335 modulated_response_size = resp_conf_len;
336 trace_data = conf_block;
337 trace_data_size = sizeof(conf_block);
338 break;
339 case 2: // e-purse (block 02)
340 modulated_response = resp_cc;
341 modulated_response_size = resp_cc_len;
342 trace_data = card_challenge_data;
343 trace_data_size = sizeof(card_challenge_data);
344 // set epurse of sim2,4 attack
345 if (reader_mac_buf != NULL) {
346 memcpy(reader_mac_buf, card_challenge_data, 8);
347 }
348 break;
349 case 3:
350 case 4: // Kd, Kc, always respond with 0xff bytes
351 modulated_response = resp_ff;
352 modulated_response_size = resp_ff_len;
353 trace_data = ff_data;
354 trace_data_size = sizeof(ff_data);
355 break;
356 case 5: // Application Issuer Area (block 05)
357 modulated_response = resp_aia;
358 modulated_response_size = resp_aia_len;
359 trace_data = aia_data;
360 trace_data_size = sizeof(aia_data);
361 break;
362 // default: don't respond
363 }
364 } else if (simulationMode == ICLASS_SIM_MODE_FULL) {
365 if (blockNo == 3 || blockNo == 4) { // Kd, Kc, always respond with 0xff bytes
366 modulated_response = resp_ff;
367 modulated_response_size = resp_ff_len;
368 trace_data = ff_data;
369 trace_data_size = sizeof(ff_data);
370 } else { // use data from emulator memory
371 memcpy(data_generic_trace, emulator + current_page*page_size + 8*blockNo, 8);
372 AppendCrc(data_generic_trace, 8);
373 trace_data = data_generic_trace;
374 trace_data_size = 10;
375 CodeIso15693AsTag(trace_data, trace_data_size);
376 memcpy(data_response, ToSend, ToSendMax);
377 modulated_response = data_response;
378 modulated_response_size = ToSendMax;
379 }
380 }
381 }
382
383 } else if ((receivedCmd[0] == ICLASS_CMD_READCHECK_KD
384 || receivedCmd[0] == ICLASS_CMD_READCHECK_KC) && receivedCmd[1] == 0x02 && len == 2) {
385 // Read e-purse (88 02 || 18 02)
386 if (chip_state == SELECTED) {
387 if(receivedCmd[0] == ICLASS_CMD_READCHECK_KD){
388 cipher_state = &cipher_state_KD[current_page];
389 diversified_key = diversified_key_d;
390 } else {
391 cipher_state = &cipher_state_KC[current_page];
392 diversified_key = diversified_key_c;
393 }
394 modulated_response = resp_cc;
395 modulated_response_size = resp_cc_len;
396 trace_data = card_challenge_data;
397 trace_data_size = sizeof(card_challenge_data);
398 }
399
400 } else if ((receivedCmd[0] == ICLASS_CMD_CHECK_KC
401 || receivedCmd[0] == ICLASS_CMD_CHECK_KD) && len == 9) {
402 // Reader random and reader MAC!!!
403 if (chip_state == SELECTED) {
404 if (simulationMode == ICLASS_SIM_MODE_FULL) {
405 //NR, from reader, is in receivedCmd+1
406 opt_doTagMAC_2(*cipher_state, receivedCmd+1, data_generic_trace, diversified_key);
407 trace_data = data_generic_trace;
408 trace_data_size = 4;
409 CodeIso15693AsTag(trace_data, trace_data_size);
410 memcpy(data_response, ToSend, ToSendMax);
411 modulated_response = data_response;
412 modulated_response_size = ToSendMax;
413 //exitLoop = true;
414 } else { // Not fullsim, we don't respond
415 // We do not know what to answer, so lets keep quiet
416 if (simulationMode == ICLASS_SIM_MODE_EXIT_AFTER_MAC) {
417 if (reader_mac_buf != NULL) {
418 // save NR and MAC for sim 2,4
419 memcpy(reader_mac_buf + 8, receivedCmd + 1, 8);
420 }
421 exitLoop = true;
422 }
423 }
424 }
425
426 } else if (receivedCmd[0] == ICLASS_CMD_HALT && len == 1) {
427 if (chip_state == SELECTED) {
428 // Reader ends the session
429 modulated_response = resp_sof;
430 modulated_response_size = resp_sof_Len;
431 chip_state = HALTED;
432 }
433
434 } else if (simulationMode == ICLASS_SIM_MODE_FULL && receivedCmd[0] == ICLASS_CMD_READ4 && len == 4) { // 0x06
435 //Read 4 blocks
436 if (chip_state == SELECTED) {
437 uint8_t blockNo = receivedCmd[1];
438 memcpy(data_generic_trace, emulator + current_page*page_size + blockNo*8, 8 * 4);
439 AppendCrc(data_generic_trace, 8 * 4);
440 trace_data = data_generic_trace;
441 trace_data_size = 8 * 4 + 2;
442 CodeIso15693AsTag(trace_data, trace_data_size);
443 memcpy(data_response, ToSend, ToSendMax);
444 modulated_response = data_response;
445 modulated_response_size = ToSendMax;
446 }
447
448 } else if (receivedCmd[0] == ICLASS_CMD_UPDATE && (len == 12 || len == 14)) {
449 // We're expected to respond with the data+crc, exactly what's already in the receivedCmd
450 // receivedCmd is now UPDATE 1b | ADDRESS 1b | DATA 8b | Signature 4b or CRC 2b
451 if (chip_state == SELECTED) {
452 uint8_t blockNo = receivedCmd[1];
453 if (blockNo == 2) { // update e-purse
454 memcpy(card_challenge_data, receivedCmd+2, 8);
455 CodeIso15693AsTag(card_challenge_data, sizeof(card_challenge_data));
456 memcpy(resp_cc, ToSend, ToSendMax);
457 resp_cc_len = ToSendMax;
458 cipher_state_KD[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_d);
459 cipher_state_KC[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_c);
460 if (simulationMode == ICLASS_SIM_MODE_FULL) {
461 memcpy(emulator + current_page*page_size + 8*2, card_challenge_data, 8);
462 }
463 } else if (blockNo == 3) { // update Kd
464 for (int i = 0; i < 8; i++) {
465 if (personalization_mode) {
466 diversified_key_d[i] = receivedCmd[2 + i];
467 } else {
468 diversified_key_d[i] ^= receivedCmd[2 + i];
469 }
470 }
471 cipher_state_KD[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_d);
472 if (simulationMode == ICLASS_SIM_MODE_FULL) {
473 memcpy(emulator + current_page*page_size + 8*3, diversified_key_d, 8);
474 }
475 } else if (blockNo == 4) { // update Kc
476 for (int i = 0; i < 8; i++) {
477 if (personalization_mode) {
478 diversified_key_c[i] = receivedCmd[2 + i];
479 } else {
480 diversified_key_c[i] ^= receivedCmd[2 + i];
481 }
482 }
483 cipher_state_KC[current_page] = opt_doTagMAC_1(card_challenge_data, diversified_key_c);
484 if (simulationMode == ICLASS_SIM_MODE_FULL) {
485 memcpy(emulator + current_page*page_size + 8*4, diversified_key_c, 8);
486 }
487 } else if (simulationMode == ICLASS_SIM_MODE_FULL) { // update any other data block
488 memcpy(emulator + current_page*page_size + 8*blockNo, receivedCmd+2, 8);
489 }
490 memcpy(data_generic_trace, receivedCmd + 2, 8);
491 AppendCrc(data_generic_trace, 8);
492 trace_data = data_generic_trace;
493 trace_data_size = 10;
494 CodeIso15693AsTag(trace_data, trace_data_size);
495 memcpy(data_response, ToSend, ToSendMax);
496 modulated_response = data_response;
497 modulated_response_size = ToSendMax;
498 }
499
500 } else if (receivedCmd[0] == ICLASS_CMD_PAGESEL && len == 4) {
501 // Pagesel
502 // Chips with a single page will not answer to this command
503 // Otherwise, we should answer 8bytes (conf block 1) + 2bytes CRC
504 if (chip_state == SELECTED) {
505 if (simulationMode == ICLASS_SIM_MODE_FULL && max_page > 0) {
506 current_page = receivedCmd[1];
507 memcpy(data_generic_trace, emulator + current_page*page_size + 8*1, 8);
508 memcpy(diversified_key_d, emulator + current_page*page_size + 8*3, 8);
509 memcpy(diversified_key_c, emulator + current_page*page_size + 8*4, 8);
510 cipher_state = &cipher_state_KD[current_page];
511 personalization_mode = data_generic_trace[7] & 0x80;
512 AppendCrc(data_generic_trace, 8);
513 trace_data = data_generic_trace;
514 trace_data_size = 10;
515 CodeIso15693AsTag(trace_data, trace_data_size);
516 memcpy(data_response, ToSend, ToSendMax);
517 modulated_response = data_response;
518 modulated_response_size = ToSendMax;
519 }
520 }
521
522 } else if (receivedCmd[0] == 0x26 && len == 5) {
523 // standard ISO15693 INVENTORY command. Ignore.
524
525 } else {
526 // don't know how to handle this command
527 char debug_message[250]; // should be enough
528 sprintf(debug_message, "Unhandled command (len = %d) received from reader:", len);
529 for (int i = 0; i < len && strlen(debug_message) < sizeof(debug_message) - 3 - 1; i++) {
530 sprintf(debug_message + strlen(debug_message), " %02x", receivedCmd[i]);
531 }
532 Dbprintf("%s", debug_message);
533 // Do not respond
534 }
535
536 /**
537 A legit tag has about 273,4us delay between reader EOT and tag SOF.
538 **/
539 if (modulated_response_size > 0) {
540 uint32_t response_time = reader_eof_time + DELAY_ICLASS_VCD_TO_VICC_SIM;
541 TransmitTo15693Reader(modulated_response, modulated_response_size, &response_time, 0, false);
542 LogTrace_ISO15693(trace_data, trace_data_size, response_time*32, response_time*32 + modulated_response_size/2, NULL, false);
543 }
544
545 }
546
547 if (buttonPressed)
548 {
549 DbpString("Button pressed");
550 }
551 return buttonPressed;
552 }
553
554 /**
555 * @brief SimulateIClass simulates an iClass card.
556 * @param arg0 type of simulation
557 * - 0 uses the first 8 bytes in usb data as CSN
558 * - 2 "dismantling iclass"-attack. This mode iterates through all CSN's specified
559 * in the usb data. This mode collects MAC from the reader, in order to do an offline
560 * attack on the keys. For more info, see "dismantling iclass" and proxclone.com.
561 * - Other : Uses the default CSN (031fec8af7ff12e0)
562 * @param arg1 - number of CSN's contained in datain (applicable for mode 2 only)
563 * @param arg2
564 * @param datain
565 */
566 void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) {
567
568 LED_A_ON();
569
570 uint32_t simType = arg0;
571 uint32_t numberOfCSNS = arg1;
572
573 // setup hardware for simulation:
574 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
575 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
576 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
577 LED_D_OFF();
578 FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR);
579 StartCountSspClk();
580
581 // Enable and clear the trace
582 set_tracing(true);
583 clear_trace();
584 //Use the emulator memory for SIM
585 uint8_t *emulator = BigBuf_get_EM_addr();
586
587 if (simType == ICLASS_SIM_MODE_CSN) {
588 // Use the CSN from commandline
589 memcpy(emulator, datain, 8);
590 doIClassSimulation(ICLASS_SIM_MODE_CSN, NULL);
591 } else if (simType == ICLASS_SIM_MODE_CSN_DEFAULT) {
592 //Default CSN
593 uint8_t csn_crc[] = { 0x03, 0x1f, 0xec, 0x8a, 0xf7, 0xff, 0x12, 0xe0, 0x00, 0x00 };
594 // Use the CSN from commandline
595 memcpy(emulator, csn_crc, 8);
596 doIClassSimulation(ICLASS_SIM_MODE_CSN, NULL);
597 } else if (simType == ICLASS_SIM_MODE_READER_ATTACK) {
598 uint8_t mac_responses[USB_CMD_DATA_SIZE] = { 0 };
599 Dbprintf("Going into attack mode, %d CSNS sent", numberOfCSNS);
600 // In this mode, a number of csns are within datain. We'll simulate each one, one at a time
601 // in order to collect MAC's from the reader. This can later be used in an offline-attack
602 // in order to obtain the keys, as in the "dismantling iclass"-paper.
603 int i;
604 for (i = 0; i < numberOfCSNS && i*16+16 <= USB_CMD_DATA_SIZE; i++) {
605 // The usb data is 512 bytes, fitting 32 responses (8 byte CC + 4 Byte NR + 4 Byte MAC = 16 Byte response).
606 memcpy(emulator, datain+(i*8), 8);
607 if (doIClassSimulation(ICLASS_SIM_MODE_EXIT_AFTER_MAC, mac_responses+i*16)) {
608 // Button pressed
609 break;
610 }
611 Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x",
612 datain[i*8+0], datain[i*8+1], datain[i*8+2], datain[i*8+3],
613 datain[i*8+4], datain[i*8+5], datain[i*8+6], datain[i*8+7]);
614 Dbprintf("NR,MAC: %02x %02x %02x %02x %02x %02x %02x %02x",
615 mac_responses[i*16+ 8], mac_responses[i*16+ 9], mac_responses[i*16+10], mac_responses[i*16+11],
616 mac_responses[i*16+12], mac_responses[i*16+13], mac_responses[i*16+14], mac_responses[i*16+15]);
617 SpinDelay(100); // give the reader some time to prepare for next CSN
618 }
619 cmd_send(CMD_ACK, CMD_SIMULATE_TAG_ICLASS, i, 0, mac_responses, i*16);
620 } else if (simType == ICLASS_SIM_MODE_FULL) {
621 //This is 'full sim' mode, where we use the emulator storage for data.
622 doIClassSimulation(ICLASS_SIM_MODE_FULL, NULL);
623 } else {
624 // We may want a mode here where we hardcode the csns to use (from proxclone).
625 // That will speed things up a little, but not required just yet.
626 Dbprintf("The mode is not implemented, reserved for future use");
627 }
628
629 Dbprintf("Done...");
630
631 LED_A_OFF();
632 }
633
634
635 /// THE READER CODE
636
637 static void ReaderTransmitIClass(uint8_t *frame, int len, uint32_t *start_time) {
638
639 CodeIso15693AsReader(frame, len);
640
641 TransmitTo15693Tag(ToSend, ToSendMax, start_time);
642
643 uint32_t end_time = *start_time + 32*(8*ToSendMax-4); // substract the 4 padding bits after EOF
644 LogTrace_ISO15693(frame, len, *start_time*4, end_time*4, NULL, true);
645 }
646
647
648 static bool sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint8_t* resp, size_t max_resp_size,
649 uint8_t expected_size, uint8_t tries, uint32_t start_time, uint32_t timeout, uint32_t *eof_time) {
650 while (tries-- > 0) {
651 ReaderTransmitIClass(command, cmdsize, &start_time);
652 if (expected_size == GetIso15693AnswerFromTag(resp, max_resp_size, timeout, eof_time)) {
653 return true;
654 }
655 }
656 return false;//Error
657 }
658
659
660 /**
661 * @brief Selects an iclass tag
662 * @param card_data where the CSN is stored for return
663 * @return false = fail
664 * true = success
665 */
666 static bool selectIclassTag(uint8_t *card_data, uint32_t *eof_time) {
667 uint8_t act_all[] = { 0x0a };
668 uint8_t identify[] = { 0x0c };
669 uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
670
671 uint8_t resp[ICLASS_BUFFER_SIZE];
672
673 uint32_t start_time = GetCountSspClk();
674
675 // Send act_all
676 ReaderTransmitIClass(act_all, 1, &start_time);
677 // Card present?
678 if (GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_ACTALL, eof_time) < 0) return false;//Fail
679
680 //Send Identify
681 start_time = *eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
682 ReaderTransmitIClass(identify, 1, &start_time);
683 //We expect a 10-byte response here, 8 byte anticollision-CSN and 2 byte CRC
684 uint8_t len = GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_OTHERS, eof_time);
685 if (len != 10) return false;//Fail
686
687 //Copy the Anti-collision CSN to our select-packet
688 memcpy(&select[1], resp, 8);
689 //Select the card
690 start_time = *eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
691 ReaderTransmitIClass(select, sizeof(select), &start_time);
692 //We expect a 10-byte response here, 8 byte CSN and 2 byte CRC
693 len = GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_OTHERS, eof_time);
694 if (len != 10) return false;//Fail
695
696 //Success - we got CSN
697 //Save CSN in response data
698 memcpy(card_data, resp, 8);
699
700 return true;
701 }
702
703
704 // Select an iClass tag and read all blocks which are always readable without authentication
705 void ReaderIClass(uint8_t flags) {
706
707 LED_A_ON();
708
709 uint8_t card_data[6 * 8] = {0};
710 memset(card_data, 0xFF, sizeof(card_data));
711 uint8_t resp[ICLASS_BUFFER_SIZE];
712 //Read conf block CRC(0x01) => 0xfa 0x22
713 uint8_t readConf[] = {ICLASS_CMD_READ_OR_IDENTIFY, 0x01, 0xfa, 0x22};
714 //Read e-purse block CRC(0x02) => 0x61 0x10
715 uint8_t readEpurse[] = {ICLASS_CMD_READ_OR_IDENTIFY, 0x02, 0x61, 0x10};
716 //Read App Issuer Area block CRC(0x05) => 0xde 0x64
717 uint8_t readAA[] = {ICLASS_CMD_READ_OR_IDENTIFY, 0x05, 0xde, 0x64};
718
719 uint8_t result_status = 0;
720
721 if (flags & FLAG_ICLASS_READER_INIT) {
722 Iso15693InitReader();
723 }
724
725 if (flags & FLAG_ICLASS_READER_CLEARTRACE) {
726 set_tracing(true);
727 clear_trace();
728 StartCountSspClk();
729 }
730
731 uint32_t start_time = 0;
732 uint32_t eof_time = 0;
733
734 if (selectIclassTag(resp, &eof_time)) {
735 result_status = FLAG_ICLASS_READER_CSN;
736 memcpy(card_data, resp, 8);
737 }
738
739 start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
740
741 //Read block 1, config
742 if (flags & FLAG_ICLASS_READER_CONF) {
743 if (sendCmdGetResponseWithRetries(readConf, sizeof(readConf), resp, sizeof(resp), 10, 10, start_time, ICLASS_READER_TIMEOUT_OTHERS, &eof_time)) {
744 result_status |= FLAG_ICLASS_READER_CONF;
745 memcpy(card_data+8, resp, 8);
746 } else {
747 Dbprintf("Failed to read config block");
748 }
749 start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
750 }
751
752 //Read block 2, e-purse
753 if (flags & FLAG_ICLASS_READER_CC) {
754 if (sendCmdGetResponseWithRetries(readEpurse, sizeof(readEpurse), resp, sizeof(resp), 10, 10, start_time, ICLASS_READER_TIMEOUT_OTHERS, &eof_time)) {
755 result_status |= FLAG_ICLASS_READER_CC;
756 memcpy(card_data + (8*2), resp, 8);
757 } else {
758 Dbprintf("Failed to read e-purse");
759 }
760 start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER;
761 }
762
763 //Read block 5, AA
764 if (flags & FLAG_ICLASS_READER_AA) {
765 if (sendCmdGetResponseWithRetries(readAA, sizeof(readAA), resp, sizeof(resp), 10, 10, start_time, ICLASS_READER_TIMEOUT_OTHERS, &eof_time)) {
766 result_status |= FLAG_ICLASS_READER_AA;
767 memcpy(card_data + (8*5), resp, 8);
768 } else {
769 Dbprintf("Failed to read AA block");
770 }
771 }
772
773 cmd_send(CMD_ACK, result_status, 0, 0, card_data, sizeof(card_data));
774
775 LED_A_OFF();
776 }
777
778
779 void iClass_Check(uint8_t *NRMAC) {
780 uint8_t check[9] = {ICLASS_CMD_CHECK_KD, 0x00};
781 uint8_t resp[4];
782 memcpy(check+1, NRMAC, 8);
783 uint32_t eof_time;
784 bool isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, sizeof(resp), 4, 3, 0, ICLASS_READER_TIMEOUT_OTHERS, &eof_time);
785 cmd_send(CMD_ACK, isOK, 0, 0, resp, sizeof(resp));
786 }
787
788
789 void iClass_Readcheck(uint8_t block, bool use_credit_key) {
790 uint8_t readcheck[2] = {ICLASS_CMD_READCHECK_KD, block};
791 if (use_credit_key) {
792 readcheck[0] = ICLASS_CMD_READCHECK_KC;
793 }
794 uint8_t resp[8];
795 uint32_t eof_time;
796 bool isOK = sendCmdGetResponseWithRetries(readcheck, sizeof(readcheck), resp, sizeof(resp), 8, 3, 0, ICLASS_READER_TIMEOUT_OTHERS, &eof_time);
797 cmd_send(CMD_ACK, isOK, 0, 0, resp, sizeof(resp));
798 }
799
800
801 static bool iClass_ReadBlock(uint8_t blockNo, uint8_t *readdata) {
802 uint8_t readcmd[] = {ICLASS_CMD_READ_OR_IDENTIFY, blockNo, 0x00, 0x00}; //0x88, 0x00 // can i use 0C?
803 uint8_t bl = blockNo;
804 uint16_t rdCrc = iclass_crc16(&bl, 1);
805 readcmd[2] = rdCrc >> 8;
806 readcmd[3] = rdCrc & 0xff;
807 uint8_t resp[10];
808 uint32_t eof_time;
809
810 bool isOK = sendCmdGetResponseWithRetries(readcmd, sizeof(readcmd), resp, sizeof(resp), 10, 10, 0, ICLASS_READER_TIMEOUT_OTHERS, &eof_time);
811 memcpy(readdata, resp, sizeof(resp));
812
813 return isOK;
814 }
815
816
817 void iClass_ReadBlk(uint8_t blockno) {
818
819 LED_A_ON();
820
821 uint8_t readblockdata[10];
822 bool isOK = iClass_ReadBlock(blockno, readblockdata);
823 cmd_send(CMD_ACK, isOK, 0, 0, readblockdata, 8);
824 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
825 LED_D_OFF();
826
827 LED_A_OFF();
828 }
829
830
831 void iClass_Dump(uint8_t startblock, uint8_t numblks) {
832
833 LED_A_ON();
834
835 uint8_t readblockdata[USB_CMD_DATA_SIZE+2] = {0};
836 bool isOK = false;
837 uint16_t blkCnt = 0;
838
839 if (numblks > USB_CMD_DATA_SIZE / 8) {
840 numblks = USB_CMD_DATA_SIZE / 8;
841 }
842
843 for (blkCnt = 0; blkCnt < numblks; blkCnt++) {
844 isOK = iClass_ReadBlock(startblock+blkCnt, readblockdata+8*blkCnt);
845 if (!isOK) {
846 Dbprintf("Block %02X failed to read", startblock+blkCnt);
847 break;
848 }
849 }
850
851 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
852 LED_D_OFF();
853
854 cmd_send(CMD_ACK, isOK, blkCnt, 0, readblockdata, blkCnt*8);
855
856 LED_A_OFF();
857 }
858
859
860 static bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) {
861
862 uint8_t write[16] = {ICLASS_CMD_UPDATE, blockNo};
863 memcpy(write+2, data, 12); // data + mac
864 AppendCrc(write+1, 13);
865 uint8_t resp[10];
866 bool isOK = false;
867 uint32_t eof_time = 0;
868
869 isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 10, 3, 0, ICLASS_READER_TIMEOUT_UPDATE, &eof_time);
870 if (!isOK) {
871 return false;
872 }
873
874 uint8_t all_ff[8] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
875 if (blockNo == 2) {
876 if (memcmp(data+4, resp, 4) || memcmp(data, resp+4, 4)) { // check response. e-purse update swaps first and second half
877 return false;
878 }
879 } else if (blockNo == 3 || blockNo == 4) {
880 if (memcmp(all_ff, resp, 8)) { // check response. Key updates always return 0xffffffffffffffff
881 return false;
882 }
883 } else {
884 if (memcmp(data, resp, 8)) { // check response. All other updates return unchanged data
885 return false;
886 }
887 }
888
889 return true;
890 }
891
892
893 void iClass_WriteBlock(uint8_t blockNo, uint8_t *data) {
894
895 LED_A_ON();
896
897 bool isOK = iClass_WriteBlock_ext(blockNo, data);
898 if (isOK) {
899 Dbprintf("Write block [%02x] successful", blockNo);
900 } else {
901 Dbprintf("Write block [%02x] failed", blockNo);
902 }
903 cmd_send(CMD_ACK, isOK, 0, 0, 0, 0);
904
905 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
906 LED_D_OFF();
907
908 LED_A_OFF();
909 }
910
911
912 void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data) {
913
914 LED_A_ON();
915
916 int written = 0;
917 int total_blocks = (endblock - startblock) + 1;
918
919 for (uint8_t block = startblock; block <= endblock; block++) {
920 // block number
921 if (iClass_WriteBlock_ext(block, data + (block-startblock)*12)) {
922 Dbprintf("Write block [%02x] successful", block);
923 written++;
924 } else {
925 Dbprintf("Write block [%02x] failed", block);
926 }
927 }
928
929 if (written == total_blocks)
930 Dbprintf("Clone complete");
931 else
932 Dbprintf("Clone incomplete");
933
934 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
935 LED_D_OFF();
936
937 cmd_send(CMD_ACK, 1, 0, 0, 0, 0);
938
939 LED_A_OFF();
940 }
Impressum, Datenschutz