]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifarecmd.c
projects / proxmark3-svn / blob
? search:


5d10ad8161c2a97227ff9fbd91b728d87bfb68a9
[proxmark3-svn] / armsrc / mifarecmd.c
1 //-----------------------------------------------------------------------------
2 // Merlok - June 2011, 2012
3 // Gerhard de Koning Gans - May 2008
4 // Hagen Fritsch - June 2010
5 // Midnitesnake - Dec 2013
6 // Andy Davies - Apr 2014
7 // Iceman - May 2014
8 //
9 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
10 // at your option, any later version. See the LICENSE.txt file for the text of
11 // the license.
12 //-----------------------------------------------------------------------------
13 // Routines to support ISO 14443 type A.
14 //-----------------------------------------------------------------------------
15
16 #include "mifarecmd.h"
17 #include "apps.h"
18 #include "util.h"
19
20 #include "crc.h"
21
22 //-----------------------------------------------------------------------------
23 // Select, Authenticate, Read a MIFARE tag.
24 // read block
25 //-----------------------------------------------------------------------------
26 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
27 {
28 // params
29 uint8_t blockNo = arg0;
30 uint8_t keyType = arg1;
31 uint64_t ui64Key = 0;
32 ui64Key = bytes_to_num(datain, 6);
33
34 // variables
35 byte_t isOK = 0;
36 byte_t dataoutbuf[16];
37 uint8_t uid[10];
38 uint32_t cuid;
39 struct Crypto1State mpcs = {0, 0};
40 struct Crypto1State *pcs;
41 pcs = &mpcs;
42
43 // clear trace
44 clear_trace();
45 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
46
47 LED_A_ON();
48 LED_B_OFF();
49 LED_C_OFF();
50
51 while (true) {
52 if(!iso14443a_select_card(uid, NULL, &cuid)) {
53 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
54 break;
55 };
56
57 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
58 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
59 break;
60 };
61
62 if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) {
63 if (MF_DBGLEVEL >= 1) Dbprintf("Read block error");
64 break;
65 };
66
67 if(mifare_classic_halt(pcs, cuid)) {
68 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
69 break;
70 };
71
72 isOK = 1;
73 break;
74 }
75
76 // ----------------------------- crypto1 destroy
77 crypto1_destroy(pcs);
78
79 if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");
80
81 LED_B_ON();
82 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
83 LED_B_OFF();
84
85 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
86 LEDsoff();
87 }
88
89 void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
90
91 bool turnOffField = (arg0 == 1);
92
93 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
94 clear_trace();
95 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
96
97 if(!iso14443a_select_card(NULL, NULL, NULL)) {
98 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
99 OnError(0);
100 return;
101 };
102
103 if(!mifare_ultra_auth(keybytes)){
104 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
105 OnError(1);
106 return;
107 }
108
109 if (turnOffField) {
110 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
111 LEDsoff();
112 }
113 cmd_send(CMD_ACK,1,0,0,0,0);
114 }
115
116 // Arg0 = BlockNo,
117 // Arg1 = UsePwd bool
118 // datain = PWD bytes,
119 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
120 {
121 uint8_t blockNo = arg0;
122 byte_t dataout[16] = {0x00};
123 bool useKey = (arg1 == 1); //UL_C
124 bool usePwd = (arg1 == 2); //UL_EV1/NTAG
125
126 LEDsoff();
127 LED_A_ON();
128 clear_trace();
129 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
130
131 int len = iso14443a_select_card(NULL, NULL, NULL);
132 if(!len) {
133 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);
134 OnError(1);
135 return;
136 }
137
138 // UL-C authentication
139 if ( useKey ) {
140 uint8_t key[16] = {0x00};
141 memcpy(key, datain, sizeof(key) );
142
143 if ( !mifare_ultra_auth(key) ) {
144 OnError(1);
145 return;
146 }
147 }
148
149 // UL-EV1 / NTAG authentication
150 if ( usePwd ) {
151 uint8_t pwd[4] = {0x00};
152 memcpy(pwd, datain, 4);
153 uint8_t pack[4] = {0,0,0,0};
154 if (!mifare_ul_ev1_auth(pwd, pack)) {
155 OnError(1);
156 return;
157 }
158 }
159
160 if( mifare_ultra_readblock(blockNo, dataout) ) {
161 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
162 OnError(2);
163 return;
164 }
165
166 if( mifare_ultra_halt() ) {
167 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
168 OnError(3);
169 return;
170 }
171
172 cmd_send(CMD_ACK,1,0,0,dataout,16);
173 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
174 LEDsoff();
175 }
176
177 //-----------------------------------------------------------------------------
178 // Select, Authenticate, Read a MIFARE tag.
179 // read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)
180 //-----------------------------------------------------------------------------
181 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
182 {
183 // params
184 uint8_t sectorNo = arg0;
185 uint8_t keyType = arg1;
186 uint64_t ui64Key = 0;
187 ui64Key = bytes_to_num(datain, 6);
188
189 // variables
190 byte_t isOK = 0;
191 byte_t dataoutbuf[16 * 16];
192 uint8_t uid[10];
193 uint32_t cuid;
194 struct Crypto1State mpcs = {0, 0};
195 struct Crypto1State *pcs;
196 pcs = &mpcs;
197
198 // clear trace
199 clear_trace();
200
201 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
202
203 LED_A_ON();
204 LED_B_OFF();
205 LED_C_OFF();
206
207 isOK = 1;
208 if(!iso14443a_select_card(uid, NULL, &cuid)) {
209 isOK = 0;
210 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
211 }
212
213
214 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
215 isOK = 0;
216 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
217 }
218
219 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
220 if(mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf + 16 * blockNo)) {
221 isOK = 0;
222 if (MF_DBGLEVEL >= 1) Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo);
223 break;
224 }
225 }
226
227 if(mifare_classic_halt(pcs, cuid)) {
228 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
229 }
230
231 // ----------------------------- crypto1 destroy
232 crypto1_destroy(pcs);
233
234 if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");
235
236 LED_B_ON();
237 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo));
238 LED_B_OFF();
239
240 // Thats it...
241 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
242 LEDsoff();
243 }
244
245 // arg0 = blockNo (start)
246 // arg1 = Pages (number of blocks)
247 // arg2 = useKey
248 // datain = KEY bytes
249 void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
250 {
251 // free eventually allocated BigBuf memory
252 BigBuf_free();
253 clear_trace();
254
255 // params
256 uint8_t blockNo = arg0;
257 uint16_t blocks = arg1;
258 bool useKey = (arg2 == 1); //UL_C
259 bool usePwd = (arg2 == 2); //UL_EV1/NTAG
260 uint32_t countblocks = 0;
261 uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);
262 if (dataout == NULL){
263 Dbprintf("out of memory");
264 OnError(1);
265 return;
266 }
267
268 LEDsoff();
269 LED_A_ON();
270 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
271
272 int len = iso14443a_select_card(NULL, NULL, NULL);
273 if (!len) {
274 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);
275 OnError(1);
276 return;
277 }
278
279 // UL-C authentication
280 if ( useKey ) {
281 uint8_t key[16] = {0x00};
282 memcpy(key, datain, sizeof(key) );
283
284 if ( !mifare_ultra_auth(key) ) {
285 OnError(1);
286 return;
287 }
288 }
289
290 // UL-EV1 / NTAG authentication
291 if (usePwd) {
292 uint8_t pwd[4] = {0x00};
293 memcpy(pwd, datain, sizeof(pwd));
294 uint8_t pack[4] = {0,0,0,0};
295
296 if (!mifare_ul_ev1_auth(pwd, pack)){
297 OnError(1);
298 return;
299 }
300 }
301
302 for (int i = 0; i < blocks; i++){
303 if ((i*4) + 4 >= CARD_MEMORY_SIZE) {
304 Dbprintf("Data exceeds buffer!!");
305 break;
306 }
307
308 len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);
309
310 if (len) {
311 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
312 // if no blocks read - error out
313 if (i==0){
314 OnError(2);
315 return;
316 } else {
317 //stop at last successful read block and return what we got
318 break;
319 }
320 } else {
321 countblocks++;
322 }
323 }
324
325 len = mifare_ultra_halt();
326 if (len) {
327 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
328 OnError(3);
329 return;
330 }
331
332 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
333
334 countblocks *= 4;
335
336 cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);
337 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
338 LEDsoff();
339 BigBuf_free();
340 }
341
342 //-----------------------------------------------------------------------------
343 // Select, Authenticate, Write a MIFARE tag.
344 // read block
345 //-----------------------------------------------------------------------------
346 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
347 {
348 // params
349 uint8_t blockNo = arg0;
350 uint8_t keyType = arg1;
351 uint64_t ui64Key = 0;
352 byte_t blockdata[16];
353
354 ui64Key = bytes_to_num(datain, 6);
355 memcpy(blockdata, datain + 10, 16);
356
357 // variables
358 byte_t isOK = 0;
359 uint8_t uid[10];
360 uint32_t cuid;
361 struct Crypto1State mpcs = {0, 0};
362 struct Crypto1State *pcs;
363 pcs = &mpcs;
364
365 // clear trace
366 clear_trace();
367
368 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
369
370 LED_A_ON();
371 LED_B_OFF();
372 LED_C_OFF();
373
374 while (true) {
375 if(!iso14443a_select_card(uid, NULL, &cuid)) {
376 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
377 break;
378 };
379
380 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
381 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
382 break;
383 };
384
385 if(mifare_classic_writeblock(pcs, cuid, blockNo, blockdata)) {
386 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
387 break;
388 };
389
390 if(mifare_classic_halt(pcs, cuid)) {
391 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
392 break;
393 };
394
395 isOK = 1;
396 break;
397 }
398
399 // ----------------------------- crypto1 destroy
400 crypto1_destroy(pcs);
401
402 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
403
404 LED_B_ON();
405 cmd_send(CMD_ACK,isOK,0,0,0,0);
406 LED_B_OFF();
407
408
409 // Thats it...
410 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
411 LEDsoff();
412 }
413
414 /* // Command not needed but left for future testing
415 void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
416 {
417 uint8_t blockNo = arg0;
418 byte_t blockdata[16] = {0x00};
419
420 memcpy(blockdata, datain, 16);
421
422 uint8_t uid[10] = {0x00};
423
424 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
425
426 clear_trace();
427 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
428
429 if(!iso14443a_select_card(uid, NULL, NULL)) {
430 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
431 OnError(0);
432 return;
433 };
434
435 if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {
436 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
437 OnError(0);
438 return; };
439
440 if(mifare_ultra_halt()) {
441 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
442 OnError(0);
443 return;
444 };
445
446 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
447
448 cmd_send(CMD_ACK,1,0,0,0,0);
449 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
450 LEDsoff();
451 }
452 */
453
454 // Arg0 : Block to write to.
455 // Arg1 : 0 = use no authentication.
456 // 1 = use 0x1A authentication.
457 // 2 = use 0x1B authentication.
458 // datain : 4 first bytes is data to be written.
459 // : 4/16 next bytes is authentication key.
460 void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
461 {
462 uint8_t blockNo = arg0;
463 bool useKey = (arg1 == 1); //UL_C
464 bool usePwd = (arg1 == 2); //UL_EV1/NTAG
465 byte_t blockdata[4] = {0x00};
466
467 memcpy(blockdata, datain,4);
468
469 LEDsoff();
470 LED_A_ON();
471 clear_trace();
472 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
473
474 if(!iso14443a_select_card(NULL, NULL, NULL)) {
475 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
476 OnError(0);
477 return;
478 };
479
480 // UL-C authentication
481 if ( useKey ) {
482 uint8_t key[16] = {0x00};
483 memcpy(key, datain+4, sizeof(key) );
484
485 if ( !mifare_ultra_auth(key) ) {
486 OnError(1);
487 return;
488 }
489 }
490
491 // UL-EV1 / NTAG authentication
492 if (usePwd) {
493 uint8_t pwd[4] = {0x00};
494 memcpy(pwd, datain+4, 4);
495 uint8_t pack[4] = {0,0,0,0};
496 if (!mifare_ul_ev1_auth(pwd, pack)) {
497 OnError(1);
498 return;
499 }
500 }
501
502 if(mifare_ultra_writeblock(blockNo, blockdata)) {
503 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
504 OnError(0);
505 return;
506 };
507
508 if(mifare_ultra_halt()) {
509 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
510 OnError(0);
511 return;
512 };
513
514 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
515
516 cmd_send(CMD_ACK,1,0,0,0,0);
517 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
518 LEDsoff();
519 }
520
521 void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
522
523 uint8_t pwd[16] = {0x00};
524 byte_t blockdata[4] = {0x00};
525
526 memcpy(pwd, datain, 16);
527
528 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
529 clear_trace();
530 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
531
532 if(!iso14443a_select_card(NULL, NULL, NULL)) {
533 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
534 OnError(0);
535 return;
536 };
537
538 blockdata[0] = pwd[7];
539 blockdata[1] = pwd[6];
540 blockdata[2] = pwd[5];
541 blockdata[3] = pwd[4];
542 if(mifare_ultra_writeblock( 44, blockdata)) {
543 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
544 OnError(44);
545 return;
546 };
547
548 blockdata[0] = pwd[3];
549 blockdata[1] = pwd[2];
550 blockdata[2] = pwd[1];
551 blockdata[3] = pwd[0];
552 if(mifare_ultra_writeblock( 45, blockdata)) {
553 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
554 OnError(45);
555 return;
556 };
557
558 blockdata[0] = pwd[15];
559 blockdata[1] = pwd[14];
560 blockdata[2] = pwd[13];
561 blockdata[3] = pwd[12];
562 if(mifare_ultra_writeblock( 46, blockdata)) {
563 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
564 OnError(46);
565 return;
566 };
567
568 blockdata[0] = pwd[11];
569 blockdata[1] = pwd[10];
570 blockdata[2] = pwd[9];
571 blockdata[3] = pwd[8];
572 if(mifare_ultra_writeblock( 47, blockdata)) {
573 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
574 OnError(47);
575 return;
576 };
577
578 if(mifare_ultra_halt()) {
579 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
580 OnError(0);
581 return;
582 };
583
584 cmd_send(CMD_ACK,1,0,0,0,0);
585 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
586 LEDsoff();
587 }
588
589 // Return 1 if the nonce is invalid else return 0
590 int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {
591 return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \
592 (oddparity((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \
593 (oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;
594 }
595
596
597 //-----------------------------------------------------------------------------
598 // MIFARE nested authentication.
599 //
600 //-----------------------------------------------------------------------------
601 void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain)
602 {
603 // params
604 uint8_t blockNo = arg0 & 0xff;
605 uint8_t keyType = (arg0 >> 8) & 0xff;
606 uint8_t targetBlockNo = arg1 & 0xff;
607 uint8_t targetKeyType = (arg1 >> 8) & 0xff;
608 uint64_t ui64Key = 0;
609
610 ui64Key = bytes_to_num(datain, 6);
611
612 // variables
613 uint16_t rtr, i, j, len;
614 uint16_t davg;
615 static uint16_t dmin, dmax;
616 uint8_t uid[10];
617 uint32_t cuid, nt1, nt2, nttmp, nttest, ks1;
618 uint8_t par[1];
619 uint32_t target_nt[2], target_ks[2];
620
621 uint8_t par_array[4];
622 uint16_t ncount = 0;
623 struct Crypto1State mpcs = {0, 0};
624 struct Crypto1State *pcs;
625 pcs = &mpcs;
626 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
627
628 uint32_t auth1_time, auth2_time;
629 static uint16_t delta_time;
630
631 // free eventually allocated BigBuf memory
632 BigBuf_free();
633 // clear trace
634 clear_trace();
635 set_tracing(false);
636
637 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
638
639 LED_A_ON();
640 LED_C_OFF();
641
642
643 // statistics on nonce distance
644 if (calibrate) { // for first call only. Otherwise reuse previous calibration
645 LED_B_ON();
646 WDT_HIT();
647
648 davg = dmax = 0;
649 dmin = 2000;
650 delta_time = 0;
651
652 for (rtr = 0; rtr < 17; rtr++) {
653
654 // prepare next select. No need to power down the card.
655 if(mifare_classic_halt(pcs, cuid)) {
656 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
657 rtr--;
658 continue;
659 }
660
661 if(!iso14443a_select_card(uid, NULL, &cuid)) {
662 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
663 rtr--;
664 continue;
665 };
666
667 auth1_time = 0;
668 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
669 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
670 rtr--;
671 continue;
672 };
673
674 if (delta_time) {
675 auth2_time = auth1_time + delta_time;
676 } else {
677 auth2_time = 0;
678 }
679 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {
680 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error");
681 rtr--;
682 continue;
683 };
684
685 nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160
686 for (i = 101; i < 1200; i++) {
687 nttmp = prng_successor(nttmp, 1);
688 if (nttmp == nt2) break;
689 }
690
691 if (i != 1200) {
692 if (rtr != 0) {
693 davg += i;
694 dmin = MIN(dmin, i);
695 dmax = MAX(dmax, i);
696 }
697 else {
698 delta_time = auth2_time - auth1_time + 32; // allow some slack for proper timing
699 }
700 if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);
701 }
702 }
703
704 if (rtr <= 1) return;
705
706 davg = (davg + (rtr - 1)/2) / (rtr - 1);
707
708 if (MF_DBGLEVEL >= 3) Dbprintf("min=%d max=%d avg=%d, delta_time=%d", dmin, dmax, davg, delta_time);
709
710 dmin = davg - 2;
711 dmax = davg + 2;
712
713 LED_B_OFF();
714
715 }
716 // -------------------------------------------------------------------------------------------------
717
718 LED_C_ON();
719
720 // get crypted nonces for target sector
721 for(i=0; i < 2; i++) { // look for exactly two different nonces
722
723 target_nt[i] = 0;
724 while(target_nt[i] == 0) { // continue until we have an unambiguous nonce
725
726 // prepare next select. No need to power down the card.
727 if(mifare_classic_halt(pcs, cuid)) {
728 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
729 continue;
730 }
731
732 if(!iso14443a_select_card(uid, NULL, &cuid)) {
733 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
734 continue;
735 };
736
737 auth1_time = 0;
738 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
739 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
740 continue;
741 };
742
743 // nested authentication
744 auth2_time = auth1_time + delta_time;
745 len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
746 if (len != 4) {
747 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);
748 continue;
749 };
750
751 nt2 = bytes_to_num(receivedAnswer, 4);
752 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);
753
754 // Parity validity check
755 for (j = 0; j < 4; j++) {
756 par_array[j] = (oddparity(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01));
757 }
758
759 ncount = 0;
760 nttest = prng_successor(nt1, dmin - 1);
761 for (j = dmin; j < dmax + 1; j++) {
762 nttest = prng_successor(nttest, 1);
763 ks1 = nt2 ^ nttest;
764
765 if (valid_nonce(nttest, nt2, ks1, par_array)){
766 if (ncount > 0) { // we are only interested in disambiguous nonces, try again
767 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i+1, j);
768 target_nt[i] = 0;
769 break;
770 }
771 target_nt[i] = nttest;
772 target_ks[i] = ks1;
773 ncount++;
774 if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces
775 target_nt[i] = 0;
776 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j);
777 break;
778 }
779 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: valid, ntdist=%d", i+1, j);
780 }
781 }
782 if (target_nt[i] == 0 && j == dmax+1 && MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (all invalid)", i+1);
783 }
784 }
785
786 LED_C_OFF();
787
788 // ----------------------------- crypto1 destroy
789 crypto1_destroy(pcs);
790
791 byte_t buf[4 + 4 * 4];
792 memcpy(buf, &cuid, 4);
793 memcpy(buf+4, &target_nt[0], 4);
794 memcpy(buf+8, &target_ks[0], 4);
795 memcpy(buf+12, &target_nt[1], 4);
796 memcpy(buf+16, &target_ks[1], 4);
797
798 LED_B_ON();
799 cmd_send(CMD_ACK, 0, 2, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));
800 LED_B_OFF();
801
802 if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED");
803
804 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
805 LEDsoff();
806 set_tracing(TRUE);
807 }
808
809 //-----------------------------------------------------------------------------
810 // MIFARE check keys. key count up to 85.
811 //
812 //-----------------------------------------------------------------------------
813 void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
814 {
815 // params
816 uint8_t blockNo = arg0;
817 uint8_t keyType = arg1;
818 uint8_t keyCount = arg2;
819 uint64_t ui64Key = 0;
820
821 // variables
822 int i;
823 byte_t isOK = 0;
824 uint8_t uid[10];
825 uint32_t cuid;
826 struct Crypto1State mpcs = {0, 0};
827 struct Crypto1State *pcs;
828 pcs = &mpcs;
829
830 // clear debug level
831 int OLD_MF_DBGLEVEL = MF_DBGLEVEL;
832 MF_DBGLEVEL = MF_DBG_NONE;
833
834 // clear trace
835 clear_trace();
836 set_tracing(TRUE);
837
838 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
839
840 LED_A_ON();
841 LED_B_OFF();
842 LED_C_OFF();
843
844 for (i = 0; i < keyCount; i++) {
845 if(mifare_classic_halt(pcs, cuid)) {
846 if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Halt error");
847 }
848
849 if(!iso14443a_select_card(uid, NULL, &cuid)) {
850 if (OLD_MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card");
851 break;
852 };
853
854 ui64Key = bytes_to_num(datain + i * 6, 6);
855 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
856 continue;
857 };
858
859 isOK = 1;
860 break;
861 }
862
863 // ----------------------------- crypto1 destroy
864 crypto1_destroy(pcs);
865
866 LED_B_ON();
867 cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);
868 LED_B_OFF();
869
870 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
871 LEDsoff();
872
873 // restore debug level
874 MF_DBGLEVEL = OLD_MF_DBGLEVEL;
875 }
876
877 //-----------------------------------------------------------------------------
878 // MIFARE commands set debug level
879 //
880 //-----------------------------------------------------------------------------
881 void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
882 MF_DBGLEVEL = arg0;
883 Dbprintf("Debug level: %d", MF_DBGLEVEL);
884 }
885
886 //-----------------------------------------------------------------------------
887 // Work with emulator memory
888 //
889 //-----------------------------------------------------------------------------
890 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
891 emlClearMem();
892 }
893
894 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
895 emlSetMem(datain, arg0, arg1); // data, block num, blocks count
896 }
897
898 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
899 byte_t buf[USB_CMD_DATA_SIZE];
900 emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)
901
902 LED_B_ON();
903 cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);
904 LED_B_OFF();
905 }
906
907 //-----------------------------------------------------------------------------
908 // Load a card into the emulator memory
909 //
910 //-----------------------------------------------------------------------------
911 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
912 uint8_t numSectors = arg0;
913 uint8_t keyType = arg1;
914 uint64_t ui64Key = 0;
915 uint32_t cuid;
916 struct Crypto1State mpcs = {0, 0};
917 struct Crypto1State *pcs;
918 pcs = &mpcs;
919
920 // variables
921 byte_t dataoutbuf[16];
922 byte_t dataoutbuf2[16];
923 uint8_t uid[10];
924
925 // clear trace
926 clear_trace();
927 set_tracing(false);
928
929 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
930
931 LED_A_ON();
932 LED_B_OFF();
933 LED_C_OFF();
934
935 bool isOK = true;
936
937 if(!iso14443a_select_card(uid, NULL, &cuid)) {
938 isOK = false;
939 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
940 }
941
942 for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
943 ui64Key = emlGetKey(sectorNo, keyType);
944 if (sectorNo == 0){
945 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
946 isOK = false;
947 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo);
948 break;
949 }
950 } else {
951 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {
952 isOK = false;
953 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo);
954 break;
955 }
956 }
957
958 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
959 if(isOK && mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {
960 isOK = false;
961 if (MF_DBGLEVEL >= 1) Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo);
962 break;
963 };
964 if (isOK) {
965 if (blockNo < NumBlocksPerSector(sectorNo) - 1) {
966 emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);
967 } else { // sector trailer, keep the keys, set only the AC
968 emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
969 memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);
970 emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
971 }
972 }
973 }
974
975 }
976
977 if(mifare_classic_halt(pcs, cuid)) {
978 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
979 };
980
981 // ----------------------------- crypto1 destroy
982 crypto1_destroy(pcs);
983
984 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
985 LEDsoff();
986
987 if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");
988
989 }
990
991
992 //-----------------------------------------------------------------------------
993 // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)
994 //
995 //-----------------------------------------------------------------------------
996 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
997
998 // params
999 uint8_t needWipe = arg0;
1000 // bit 0 - need get UID
1001 // bit 1 - need wupC
1002 // bit 2 - need HALT after sequence
1003 // bit 3 - need init FPGA and field before sequence
1004 // bit 4 - need reset FPGA and LED
1005 uint8_t workFlags = arg1;
1006 uint8_t blockNo = arg2;
1007
1008 // card commands
1009 uint8_t wupC1[] = { 0x40 };
1010 uint8_t wupC2[] = { 0x43 };
1011 uint8_t wipeC[] = { 0x41 };
1012
1013 // variables
1014 byte_t isOK = 0;
1015 uint8_t uid[10] = {0x00};
1016 uint8_t d_block[18] = {0x00};
1017 uint32_t cuid;
1018
1019 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1020 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1021
1022 // reset FPGA and LED
1023 if (workFlags & 0x08) {
1024 LED_A_ON();
1025 LED_B_OFF();
1026 LED_C_OFF();
1027
1028 clear_trace();
1029 set_tracing(TRUE);
1030 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1031 }
1032
1033 while (true) {
1034
1035 // get UID from chip
1036 if (workFlags & 0x01) {
1037 if(!iso14443a_select_card(uid, NULL, &cuid)) {
1038 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
1039 //break;
1040 };
1041
1042 if(mifare_classic_halt(NULL, cuid)) {
1043 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1044 //break;
1045 };
1046 };
1047
1048 // reset chip
1049 if (needWipe){
1050 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1051 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1052 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1053 break;
1054 };
1055
1056 ReaderTransmit(wipeC, sizeof(wipeC), NULL);
1057 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1058 if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");
1059 break;
1060 };
1061
1062 if(mifare_classic_halt(NULL, cuid)) {
1063 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1064 break;
1065 };
1066 };
1067
1068 // write block
1069 if (workFlags & 0x02) {
1070 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1071 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1072 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1073 break;
1074 };
1075
1076 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1077 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1078 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1079 break;
1080 };
1081 }
1082
1083 if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
1084 if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");
1085 break;
1086 };
1087
1088 memcpy(d_block, datain, 16);
1089 AppendCrc14443a(d_block, 16);
1090
1091 ReaderTransmit(d_block, sizeof(d_block), NULL);
1092 if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
1093 if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");
1094 break;
1095 };
1096
1097 if (workFlags & 0x04) {
1098 if (mifare_classic_halt(NULL, cuid)) {
1099 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1100 break;
1101 };
1102 }
1103
1104 isOK = 1;
1105 break;
1106 }
1107
1108 LED_B_ON();
1109 cmd_send(CMD_ACK,isOK,0,0,uid,4);
1110 LED_B_OFF();
1111
1112 if ((workFlags & 0x10) || (!isOK)) {
1113 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1114 LEDsoff();
1115 }
1116 }
1117
1118
1119 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
1120
1121 // params
1122 // bit 1 - need wupC
1123 // bit 2 - need HALT after sequence
1124 // bit 3 - need init FPGA and field before sequence
1125 // bit 4 - need reset FPGA and LED
1126 uint8_t workFlags = arg0;
1127 uint8_t blockNo = arg2;
1128
1129 // card commands
1130 uint8_t wupC1[] = { 0x40 };
1131 uint8_t wupC2[] = { 0x43 };
1132
1133 // variables
1134 byte_t isOK = 0;
1135 uint8_t data[18] = {0x00};
1136 uint32_t cuid = 0;
1137
1138 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1139 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1140
1141 if (workFlags & 0x08) {
1142 LED_A_ON();
1143 LED_B_OFF();
1144 LED_C_OFF();
1145
1146 clear_trace();
1147 set_tracing(TRUE);
1148 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1149 }
1150
1151 while (true) {
1152 if (workFlags & 0x02) {
1153 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1154 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1155 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1156 break;
1157 };
1158
1159 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1160 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1161 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1162 break;
1163 };
1164 }
1165
1166 // read block
1167 if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {
1168 if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error");
1169 break;
1170 };
1171 memcpy(data, receivedAnswer, 18);
1172
1173 if (workFlags & 0x04) {
1174 if (mifare_classic_halt(NULL, cuid)) {
1175 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1176 break;
1177 };
1178 }
1179
1180 isOK = 1;
1181 break;
1182 }
1183
1184 LED_B_ON();
1185 cmd_send(CMD_ACK,isOK,0,0,data,18);
1186 LED_B_OFF();
1187
1188 if ((workFlags & 0x10) || (!isOK)) {
1189 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1190 LEDsoff();
1191 }
1192 }
1193
1194 void MifareCIdent(){
1195
1196 // card commands
1197 uint8_t wupC1[] = { 0x40 };
1198 uint8_t wupC2[] = { 0x43 };
1199
1200 // variables
1201 byte_t isOK = 1;
1202
1203 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1204 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1205
1206 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1207 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1208 isOK = 0;
1209 };
1210
1211 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1212 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1213 isOK = 0;
1214 };
1215
1216 if (mifare_classic_halt(NULL, 0)) {
1217 isOK = 0;
1218 };
1219
1220 cmd_send(CMD_ACK,isOK,0,0,0,0);
1221 }
1222
1223 void MifareCollectNonces(uint32_t arg0, uint32_t arg1){
1224
1225 BigBuf_free();
1226
1227 uint32_t iterations = arg0;
1228 uint8_t uid[10] = {0x00};
1229
1230 uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);
1231 uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);
1232
1233 uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
1234
1235 // get memory from BigBuf.
1236 uint8_t *nonces = BigBuf_malloc(iterations * 4);
1237
1238 LED_A_ON();
1239 LED_B_OFF();
1240 LED_C_OFF();
1241
1242 clear_trace();
1243 set_tracing(TRUE);
1244 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1245
1246 for (int i = 0; i < iterations; i++) {
1247
1248 WDT_HIT();
1249
1250 // Test if the action was cancelled
1251 if(BUTTON_PRESS()) break;
1252
1253 // if(mifare_classic_halt(pcs, cuid)) {
1254 // if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1255 //}
1256
1257 if(!iso14443a_select_card(uid, NULL, NULL)) {
1258 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
1259 continue;
1260 };
1261
1262 // Transmit MIFARE_CLASSIC_AUTH.
1263 ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);
1264
1265 // Receive the (4 Byte) "random" nonce
1266 if (!ReaderReceive(response, responsePar)) {
1267 if (MF_DBGLEVEL >= 1) Dbprintf("Couldn't receive tag nonce");
1268 continue;
1269 }
1270
1271 nonces[i*4] = bytes_to_num(response, 4);
1272 }
1273
1274 int packLen = iterations * 4;
1275 int packSize = 0;
1276 int packNum = 0;
1277 while (packLen > 0) {
1278 packSize = MIN(USB_CMD_DATA_SIZE, packLen);
1279 LED_B_ON();
1280 cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);
1281 LED_B_OFF();
1282
1283 packLen -= packSize;
1284 packNum++;
1285 }
1286 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1287 LEDsoff();
1288 }
1289
1290 //
1291 // DESFIRE
1292 //
1293
1294 void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
1295
1296 byte_t dataout[11] = {0x00};
1297 uint8_t uid[10] = {0x00};
1298 uint32_t cuid = 0x00;
1299
1300 clear_trace();
1301 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1302
1303 int len = iso14443a_select_card(uid, NULL, &cuid);
1304 if(!len) {
1305 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
1306 OnError(1);
1307 return;
1308 };
1309
1310 if(mifare_desfire_des_auth1(cuid, dataout)){
1311 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");
1312 OnError(4);
1313 return;
1314 }
1315
1316 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");
1317 cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));
1318 }
1319
1320 void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
1321
1322 uint32_t cuid = arg0;
1323 uint8_t key[16] = {0x00};
1324 byte_t dataout[12] = {0x00};
1325 byte_t isOK = 0;
1326
1327 memcpy(key, datain, 16);
1328
1329 isOK = mifare_desfire_des_auth2(cuid, key, dataout);
1330
1331 if( isOK) {
1332 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");
1333 OnError(4);
1334 return;
1335 }
1336
1337 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
1338
1339 cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
1340 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1341 LEDsoff();
1342 }
Proxmark3 GIT tracking
Impressum, Datenschutz