]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifaresniff.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
syntax suger
[proxmark3-svn] / armsrc / mifaresniff.c
1 //-----------------------------------------------------------------------------
2 // Merlok - 2012
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Routines to support mifare classic sniffer.
9 //-----------------------------------------------------------------------------
10
11 #include "mifaresniff.h"
12 #include "apps.h"
13
14 static int sniffState = SNF_INIT;
15 static uint8_t sniffUIDType;
16 static uint8_t sniffUID[8];
17 static uint8_t sniffATQA[2];
18 static uint8_t sniffSAK;
19 static uint8_t sniffBuf[16];
20 static uint32_t timerData;
21
22
23 bool MfSniffInit(void){
24 memset(sniffUID, 0x00, 8);
25 memset(sniffATQA, 0x00, 2);
26 sniffSAK = 0;
27 sniffUIDType = SNF_UID_4;
28 return FALSE;
29 }
30
31 bool MfSniffEnd(void){
32 LED_B_ON();
33 cmd_send(CMD_ACK,0,0,0,0,0);
34 LED_B_OFF();
35 return FALSE;
36 }
37
38 bool RAMFUNC MfSniffLogic(const uint8_t *data, uint16_t len, uint8_t *parity, uint16_t bitCnt, bool reader) {
39
40 if (reader && (len == 1) && (bitCnt == 7)) { // reset on 7-Bit commands from reader
41 sniffState = SNF_INIT;
42 }
43
44 switch (sniffState) {
45 case SNF_INIT:{
46 if ((len == 1) && (reader) && (bitCnt == 7) ) { // REQA or WUPA from reader
47 sniffUIDType = SNF_UID_4;
48 memset(sniffUID, 0x00, 8);
49 memset(sniffATQA, 0x00, 2);
50 sniffSAK = 0;
51 sniffState = SNF_WUPREQ;
52 }
53 break;
54 }
55 case SNF_WUPREQ:{
56 if ((!reader) && (len == 2)) { // ATQA from tag
57 memcpy(sniffATQA, data, 2);
58 sniffState = SNF_ATQA;
59 }
60 break;
61 }
62 case SNF_ATQA:{
63 if ((reader) && (len == 2) && (data[0] == 0x93) && (data[1] == 0x20)) { // Select ALL from reader
64 sniffState = SNF_ANTICOL1;
65 }
66 break;
67 }
68 case SNF_ANTICOL1:{
69 if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { // UID from tag (CL1)
70 memcpy(sniffUID + 3, data, 4);
71 sniffState = SNF_UID1;
72 }
73 break;
74 }
75 case SNF_UID1:{
76 if ((reader) && (len == 9) && (data[0] == 0x93) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { // Select 4 Byte UID from reader
77 sniffState = SNF_SAK;
78 }
79 break;
80 }
81 case SNF_SAK:{
82 if ((!reader) && (len == 3) && (CheckCrc14443(CRC_14443_A, data, 3))) { // SAK from card?
83 sniffSAK = data[0];
84 if (sniffUID[3] == 0x88) { // CL2 UID part to be expected
85 sniffState = SNF_ANTICOL2;
86 } else { // select completed
87 sniffState = SNF_CARD_IDLE;
88 }
89 }
90 break;
91 }
92 case SNF_ANTICOL2:{
93 if ((!reader) && (len == 5) && ((data[0] ^ data[1] ^ data[2] ^ data[3]) == data[4])) { // CL2 UID
94 memcpy(sniffUID, sniffUID+4, 3);
95 memcpy(sniffUID+3, data, 4);
96 sniffUIDType = SNF_UID_7;
97 sniffState = SNF_UID2;
98 }
99 break;
100 }
101 case SNF_UID2:{
102 if ((reader) && (len == 9) && (data[0] == 0x95) && (data[1] == 0x70) && (CheckCrc14443(CRC_14443_A, data, 9))) { // Select 2nd part of 7 Byte UID
103 sniffState = SNF_SAK;
104 }
105 break;
106 }
107 case SNF_CARD_IDLE:{ // trace the card select sequence
108 sniffBuf[0] = 0xFF;
109 sniffBuf[1] = 0xFF;
110 memcpy(sniffBuf + 2, sniffUID, 7);
111 memcpy(sniffBuf + 9, sniffATQA, 2);
112 sniffBuf[11] = sniffSAK;
113 sniffBuf[12] = 0xFF;
114 sniffBuf[13] = 0xFF;
115 LogTrace(sniffBuf, 14, 0, 0, NULL, TRUE);
116 } // intentionally no break;
117 case SNF_CARD_CMD:{
118 LogTrace(data, len, 0, 0, NULL, TRUE);
119 sniffState = SNF_CARD_RESP;
120 timerData = GetTickCount();
121 break;
122 }
123 case SNF_CARD_RESP:{
124 LogTrace(data, len, 0, 0, NULL, FALSE);
125 sniffState = SNF_CARD_CMD;
126 timerData = GetTickCount();
127 break;
128 }
129
130 default:
131 sniffState = SNF_INIT;
132 break;
133 }
134
135
136 return FALSE;
137 }
138
139 bool RAMFUNC MfSniffSend(uint16_t maxTimeoutMs) {
140 if (BigBuf_get_traceLen() && (GetTickCount() > timerData + maxTimeoutMs)) {
141 return intMfSniffSend();
142 }
143 return FALSE;
144 }
145
146 // internal sending function. not a RAMFUNC.
147 bool intMfSniffSend() {
148
149 int pckSize = 0;
150 int pckLen = BigBuf_get_traceLen();
151 int pckNum = 0;
152 uint8_t *trace = BigBuf_get_addr();
153
154 FpgaDisableSscDma();
155 while (pckLen > 0) {
156 pckSize = MIN(USB_CMD_DATA_SIZE, pckLen);
157 LED_B_ON();
158 cmd_send(CMD_ACK, 1, BigBuf_get_traceLen(), pckSize, trace + BigBuf_get_traceLen() - pckLen, pckSize);
159 LED_B_OFF();
160
161 pckLen -= pckSize;
162 pckNum++;
163 }
164
165 LED_B_ON();
166 cmd_send(CMD_ACK,2,0,0,0,0);
167 LED_B_OFF();
168
169 clear_trace();
170 return TRUE;
171 }
Proxmark3 GIT tracking
Impressum, Datenschutz