]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifarecmd.c
projects / proxmark3-svn / blob
? search:


b9f8e81efe49a587617c961b6aab741c0260fee1
[proxmark3-svn] / armsrc / mifarecmd.c
1 //-----------------------------------------------------------------------------
2 // Merlok - June 2011, 2012
3 // Gerhard de Koning Gans - May 2008
4 // Hagen Fritsch - June 2010
5 // Midnitesnake - Dec 2013
6 // Andy Davies - Apr 2014
7 // Iceman - May 2014
8 //
9 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
10 // at your option, any later version. See the LICENSE.txt file for the text of
11 // the license.
12 //-----------------------------------------------------------------------------
13 // Routines to support ISO 14443 type A.
14 //-----------------------------------------------------------------------------
15
16 #include "mifarecmd.h"
17 #include "apps.h"
18 #include "util.h"
19 #include "crc.h"
20
21 //-----------------------------------------------------------------------------
22 // Select, Authenticate, Read a MIFARE tag.
23 // read block
24 //-----------------------------------------------------------------------------
25 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
26 {
27 // params
28 uint8_t blockNo = arg0;
29 uint8_t keyType = arg1;
30 uint64_t ui64Key = 0;
31 ui64Key = bytes_to_num(datain, 6);
32
33 // variables
34 byte_t isOK = 0;
35 byte_t dataoutbuf[16];
36 uint8_t uid[10];
37 uint32_t cuid;
38 struct Crypto1State mpcs = {0, 0};
39 struct Crypto1State *pcs;
40 pcs = &mpcs;
41
42 // clear trace
43 clear_trace();
44 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
45
46 LED_A_ON();
47 LED_B_OFF();
48 LED_C_OFF();
49
50 while (true) {
51 if(!iso14443a_select_card(uid, NULL, &cuid)) {
52 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
53 break;
54 };
55
56 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
57 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
58 break;
59 };
60
61 if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) {
62 if (MF_DBGLEVEL >= 1) Dbprintf("Read block error");
63 break;
64 };
65
66 if(mifare_classic_halt(pcs, cuid)) {
67 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
68 break;
69 };
70
71 isOK = 1;
72 break;
73 }
74
75 // ----------------------------- crypto1 destroy
76 crypto1_destroy(pcs);
77
78 if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");
79
80 LED_B_ON();
81 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);
82 LED_B_OFF();
83
84 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
85 LEDsoff();
86 }
87
88 void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
89
90 bool turnOffField = (arg0 == 1);
91
92 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
93 clear_trace();
94 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
95
96 if(!iso14443a_select_card(NULL, NULL, NULL)) {
97 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
98 OnError(0);
99 return;
100 };
101
102 if(!mifare_ultra_auth(keybytes)){
103 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
104 OnError(1);
105 return;
106 }
107
108 if (turnOffField) {
109 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
110 LEDsoff();
111 }
112 cmd_send(CMD_ACK,1,0,0,0,0);
113 }
114
115 // Arg0 = BlockNo,
116 // Arg1 = UsePwd bool
117 // datain = PWD bytes,
118 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
119 {
120 uint8_t blockNo = arg0;
121 byte_t dataout[16] = {0x00};
122 bool useKey = (arg1 == 1); //UL_C
123 bool usePwd = (arg1 == 2); //UL_EV1/NTAG
124
125 LEDsoff();
126 LED_A_ON();
127 clear_trace();
128 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
129
130 int len = iso14443a_select_card(NULL, NULL, NULL);
131 if(!len) {
132 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);
133 OnError(1);
134 return;
135 }
136
137 // UL-C authentication
138 if ( useKey ) {
139 uint8_t key[16] = {0x00};
140 memcpy(key, datain, sizeof(key) );
141
142 if ( !mifare_ultra_auth(key) ) {
143 OnError(1);
144 return;
145 }
146 }
147
148 // UL-EV1 / NTAG authentication
149 if ( usePwd ) {
150 uint8_t pwd[4] = {0x00};
151 memcpy(pwd, datain, 4);
152 uint8_t pack[4] = {0,0,0,0};
153 if (!mifare_ul_ev1_auth(pwd, pack)) {
154 OnError(1);
155 return;
156 }
157 }
158
159 if( mifare_ultra_readblock(blockNo, dataout) ) {
160 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");
161 OnError(2);
162 return;
163 }
164
165 if( mifare_ultra_halt() ) {
166 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
167 OnError(3);
168 return;
169 }
170
171 cmd_send(CMD_ACK,1,0,0,dataout,16);
172 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
173 LEDsoff();
174 }
175
176 //-----------------------------------------------------------------------------
177 // Select, Authenticate, Read a MIFARE tag.
178 // read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)
179 //-----------------------------------------------------------------------------
180 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
181 {
182 // params
183 uint8_t sectorNo = arg0;
184 uint8_t keyType = arg1;
185 uint64_t ui64Key = 0;
186 ui64Key = bytes_to_num(datain, 6);
187
188 // variables
189 byte_t isOK = 0;
190 byte_t dataoutbuf[16 * 16];
191 uint8_t uid[10];
192 uint32_t cuid;
193 struct Crypto1State mpcs = {0, 0};
194 struct Crypto1State *pcs;
195 pcs = &mpcs;
196
197 // clear trace
198 clear_trace();
199
200 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
201
202 LED_A_ON();
203 LED_B_OFF();
204 LED_C_OFF();
205
206 isOK = 1;
207 if(!iso14443a_select_card(uid, NULL, &cuid)) {
208 isOK = 0;
209 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
210 }
211
212
213 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
214 isOK = 0;
215 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
216 }
217
218 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
219 if(mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf + 16 * blockNo)) {
220 isOK = 0;
221 if (MF_DBGLEVEL >= 1) Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo);
222 break;
223 }
224 }
225
226 if(mifare_classic_halt(pcs, cuid)) {
227 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
228 }
229
230 // ----------------------------- crypto1 destroy
231 crypto1_destroy(pcs);
232
233 if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");
234
235 LED_B_ON();
236 cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo));
237 LED_B_OFF();
238
239 // Thats it...
240 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
241 LEDsoff();
242 }
243
244 // arg0 = blockNo (start)
245 // arg1 = Pages (number of blocks)
246 // arg2 = useKey
247 // datain = KEY bytes
248 void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
249 {
250 // free eventually allocated BigBuf memory
251 BigBuf_free();
252 clear_trace();
253
254 // params
255 uint8_t blockNo = arg0;
256 uint16_t blocks = arg1;
257 bool useKey = (arg2 == 1); //UL_C
258 bool usePwd = (arg2 == 2); //UL_EV1/NTAG
259 uint32_t countblocks = 0;
260 uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);
261 if (dataout == NULL){
262 Dbprintf("out of memory");
263 OnError(1);
264 return;
265 }
266
267 LEDsoff();
268 LED_A_ON();
269 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
270
271 int len = iso14443a_select_card(NULL, NULL, NULL);
272 if (!len) {
273 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);
274 OnError(1);
275 return;
276 }
277
278 // UL-C authentication
279 if ( useKey ) {
280 uint8_t key[16] = {0x00};
281 memcpy(key, datain, sizeof(key) );
282
283 if ( !mifare_ultra_auth(key) ) {
284 OnError(1);
285 return;
286 }
287 }
288
289 // UL-EV1 / NTAG authentication
290 if (usePwd) {
291 uint8_t pwd[4] = {0x00};
292 memcpy(pwd, datain, sizeof(pwd));
293 uint8_t pack[4] = {0,0,0,0};
294
295 if (!mifare_ul_ev1_auth(pwd, pack)){
296 OnError(1);
297 return;
298 }
299 }
300
301 for (int i = 0; i < blocks; i++){
302 if ((i*4) + 4 >= CARD_MEMORY_SIZE) {
303 Dbprintf("Data exceeds buffer!!");
304 break;
305 }
306
307 len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);
308
309 if (len) {
310 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
311 // if no blocks read - error out
312 if (i==0){
313 OnError(2);
314 return;
315 } else {
316 //stop at last successful read block and return what we got
317 break;
318 }
319 } else {
320 countblocks++;
321 }
322 }
323
324 len = mifare_ultra_halt();
325 if (len) {
326 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");
327 OnError(3);
328 return;
329 }
330
331 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
332
333 countblocks *= 4;
334
335 cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);
336 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
337 LEDsoff();
338 BigBuf_free();
339 }
340
341 //-----------------------------------------------------------------------------
342 // Select, Authenticate, Write a MIFARE tag.
343 // read block
344 //-----------------------------------------------------------------------------
345 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
346 {
347 // params
348 uint8_t blockNo = arg0;
349 uint8_t keyType = arg1;
350 uint64_t ui64Key = 0;
351 byte_t blockdata[16];
352
353 ui64Key = bytes_to_num(datain, 6);
354 memcpy(blockdata, datain + 10, 16);
355
356 // variables
357 byte_t isOK = 0;
358 uint8_t uid[10];
359 uint32_t cuid;
360 struct Crypto1State mpcs = {0, 0};
361 struct Crypto1State *pcs;
362 pcs = &mpcs;
363
364 // clear trace
365 clear_trace();
366
367 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
368
369 LED_A_ON();
370 LED_B_OFF();
371 LED_C_OFF();
372
373 while (true) {
374 if(!iso14443a_select_card(uid, NULL, &cuid)) {
375 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
376 break;
377 };
378
379 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
380 if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");
381 break;
382 };
383
384 if(mifare_classic_writeblock(pcs, cuid, blockNo, blockdata)) {
385 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
386 break;
387 };
388
389 if(mifare_classic_halt(pcs, cuid)) {
390 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
391 break;
392 };
393
394 isOK = 1;
395 break;
396 }
397
398 // ----------------------------- crypto1 destroy
399 crypto1_destroy(pcs);
400
401 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
402
403 LED_B_ON();
404 cmd_send(CMD_ACK,isOK,0,0,0,0);
405 LED_B_OFF();
406
407
408 // Thats it...
409 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
410 LEDsoff();
411 }
412
413 /* // Command not needed but left for future testing
414 void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
415 {
416 uint8_t blockNo = arg0;
417 byte_t blockdata[16] = {0x00};
418
419 memcpy(blockdata, datain, 16);
420
421 uint8_t uid[10] = {0x00};
422
423 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
424
425 clear_trace();
426 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
427
428 if(!iso14443a_select_card(uid, NULL, NULL)) {
429 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
430 OnError(0);
431 return;
432 };
433
434 if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {
435 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
436 OnError(0);
437 return; };
438
439 if(mifare_ultra_halt()) {
440 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
441 OnError(0);
442 return;
443 };
444
445 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
446
447 cmd_send(CMD_ACK,1,0,0,0,0);
448 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
449 LEDsoff();
450 }
451 */
452
453 // Arg0 : Block to write to.
454 // Arg1 : 0 = use no authentication.
455 // 1 = use 0x1A authentication.
456 // 2 = use 0x1B authentication.
457 // datain : 4 first bytes is data to be written.
458 // : 4/16 next bytes is authentication key.
459 void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
460 {
461 uint8_t blockNo = arg0;
462 bool useKey = (arg1 == 1); //UL_C
463 bool usePwd = (arg1 == 2); //UL_EV1/NTAG
464 byte_t blockdata[4] = {0x00};
465
466 memcpy(blockdata, datain,4);
467
468 LEDsoff();
469 LED_A_ON();
470 clear_trace();
471 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
472
473 if(!iso14443a_select_card(NULL, NULL, NULL)) {
474 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
475 OnError(0);
476 return;
477 };
478
479 // UL-C authentication
480 if ( useKey ) {
481 uint8_t key[16] = {0x00};
482 memcpy(key, datain+4, sizeof(key) );
483
484 if ( !mifare_ultra_auth(key) ) {
485 OnError(1);
486 return;
487 }
488 }
489
490 // UL-EV1 / NTAG authentication
491 if (usePwd) {
492 uint8_t pwd[4] = {0x00};
493 memcpy(pwd, datain+4, 4);
494 uint8_t pack[4] = {0,0,0,0};
495 if (!mifare_ul_ev1_auth(pwd, pack)) {
496 OnError(1);
497 return;
498 }
499 }
500
501 if(mifare_ultra_writeblock(blockNo, blockdata)) {
502 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
503 OnError(0);
504 return;
505 };
506
507 if(mifare_ultra_halt()) {
508 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
509 OnError(0);
510 return;
511 };
512
513 if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");
514
515 cmd_send(CMD_ACK,1,0,0,0,0);
516 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
517 LEDsoff();
518 }
519
520 void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
521
522 uint8_t pwd[16] = {0x00};
523 byte_t blockdata[4] = {0x00};
524
525 memcpy(pwd, datain, 16);
526
527 LED_A_ON(); LED_B_OFF(); LED_C_OFF();
528 clear_trace();
529 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
530
531 if(!iso14443a_select_card(NULL, NULL, NULL)) {
532 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
533 OnError(0);
534 return;
535 };
536
537 blockdata[0] = pwd[7];
538 blockdata[1] = pwd[6];
539 blockdata[2] = pwd[5];
540 blockdata[3] = pwd[4];
541 if(mifare_ultra_writeblock( 44, blockdata)) {
542 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
543 OnError(44);
544 return;
545 };
546
547 blockdata[0] = pwd[3];
548 blockdata[1] = pwd[2];
549 blockdata[2] = pwd[1];
550 blockdata[3] = pwd[0];
551 if(mifare_ultra_writeblock( 45, blockdata)) {
552 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
553 OnError(45);
554 return;
555 };
556
557 blockdata[0] = pwd[15];
558 blockdata[1] = pwd[14];
559 blockdata[2] = pwd[13];
560 blockdata[3] = pwd[12];
561 if(mifare_ultra_writeblock( 46, blockdata)) {
562 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
563 OnError(46);
564 return;
565 };
566
567 blockdata[0] = pwd[11];
568 blockdata[1] = pwd[10];
569 blockdata[2] = pwd[9];
570 blockdata[3] = pwd[8];
571 if(mifare_ultra_writeblock( 47, blockdata)) {
572 if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
573 OnError(47);
574 return;
575 };
576
577 if(mifare_ultra_halt()) {
578 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
579 OnError(0);
580 return;
581 };
582
583 cmd_send(CMD_ACK,1,0,0,0,0);
584 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
585 LEDsoff();
586 }
587
588 // Return 1 if the nonce is invalid else return 0
589 int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {
590 return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \
591 (oddparity((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \
592 (oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;
593 }
594
595
596 //-----------------------------------------------------------------------------
597 // MIFARE nested authentication.
598 //
599 //-----------------------------------------------------------------------------
600 void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain)
601 {
602 // params
603 uint8_t blockNo = arg0 & 0xff;
604 uint8_t keyType = (arg0 >> 8) & 0xff;
605 uint8_t targetBlockNo = arg1 & 0xff;
606 uint8_t targetKeyType = (arg1 >> 8) & 0xff;
607 uint64_t ui64Key = 0;
608
609 ui64Key = bytes_to_num(datain, 6);
610
611 // variables
612 uint16_t rtr, i, j, len;
613 uint16_t davg;
614 static uint16_t dmin, dmax;
615 uint8_t uid[10];
616 uint32_t cuid, nt1, nt2, nttmp, nttest, ks1;
617 uint8_t par[1];
618 uint32_t target_nt[2], target_ks[2];
619
620 uint8_t par_array[4];
621 uint16_t ncount = 0;
622 struct Crypto1State mpcs = {0, 0};
623 struct Crypto1State *pcs;
624 pcs = &mpcs;
625 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
626
627 uint32_t auth1_time, auth2_time;
628 static uint16_t delta_time;
629
630 // free eventually allocated BigBuf memory
631 BigBuf_free();
632 // clear trace
633 clear_trace();
634 set_tracing(false);
635
636 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
637
638 LED_A_ON();
639 LED_C_OFF();
640
641
642 // statistics on nonce distance
643 int16_t isOK = 0;
644 #define NESTED_MAX_TRIES 12
645 uint16_t unsuccessfull_tries = 0;
646 if (calibrate) { // for first call only. Otherwise reuse previous calibration
647 LED_B_ON();
648 WDT_HIT();
649
650 davg = dmax = 0;
651 dmin = 2000;
652 delta_time = 0;
653
654 for (rtr = 0; rtr < 17; rtr++) {
655
656 // Test if the action was cancelled
657 if(BUTTON_PRESS()) {
658 isOK = -2;
659 break;
660 }
661
662 // prepare next select. No need to power down the card.
663 if(mifare_classic_halt(pcs, cuid)) {
664 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
665 rtr--;
666 continue;
667 }
668
669 if(!iso14443a_select_card(uid, NULL, &cuid)) {
670 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
671 rtr--;
672 continue;
673 };
674
675 auth1_time = 0;
676 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
677 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
678 rtr--;
679 continue;
680 };
681
682 if (delta_time) {
683 auth2_time = auth1_time + delta_time;
684 } else {
685 auth2_time = 0;
686 }
687 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {
688 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error");
689 rtr--;
690 continue;
691 };
692
693 nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160
694 for (i = 101; i < 1200; i++) {
695 nttmp = prng_successor(nttmp, 1);
696 if (nttmp == nt2) break;
697 }
698
699 if (i != 1200) {
700 if (rtr != 0) {
701 davg += i;
702 dmin = MIN(dmin, i);
703 dmax = MAX(dmax, i);
704 }
705 else {
706 delta_time = auth2_time - auth1_time + 32; // allow some slack for proper timing
707 }
708 if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);
709 } else {
710 unsuccessfull_tries++;
711 if (unsuccessfull_tries > NESTED_MAX_TRIES) { // card isn't vulnerable to nested attack (random numbers are not predictable)
712 isOK = -3;
713 }
714 }
715 }
716
717 davg = (davg + (rtr - 1)/2) / (rtr - 1);
718
719 if (MF_DBGLEVEL >= 3) Dbprintf("rtr=%d isOK=%d min=%d max=%d avg=%d, delta_time=%d", rtr, isOK, dmin, dmax, davg, delta_time);
720
721 dmin = davg - 2;
722 dmax = davg + 2;
723
724 LED_B_OFF();
725
726 }
727 // -------------------------------------------------------------------------------------------------
728
729 LED_C_ON();
730
731 // get crypted nonces for target sector
732 for(i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces
733
734 target_nt[i] = 0;
735 while(target_nt[i] == 0) { // continue until we have an unambiguous nonce
736
737 // prepare next select. No need to power down the card.
738 if(mifare_classic_halt(pcs, cuid)) {
739 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");
740 continue;
741 }
742
743 if(!iso14443a_select_card(uid, NULL, &cuid)) {
744 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Can't select card");
745 continue;
746 };
747
748 auth1_time = 0;
749 if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {
750 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth1 error");
751 continue;
752 };
753
754 // nested authentication
755 auth2_time = auth1_time + delta_time;
756 len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
757 if (len != 4) {
758 if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);
759 continue;
760 };
761
762 nt2 = bytes_to_num(receivedAnswer, 4);
763 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);
764
765 // Parity validity check
766 for (j = 0; j < 4; j++) {
767 par_array[j] = (oddparity(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01));
768 }
769
770 ncount = 0;
771 nttest = prng_successor(nt1, dmin - 1);
772 for (j = dmin; j < dmax + 1; j++) {
773 nttest = prng_successor(nttest, 1);
774 ks1 = nt2 ^ nttest;
775
776 if (valid_nonce(nttest, nt2, ks1, par_array)){
777 if (ncount > 0) { // we are only interested in disambiguous nonces, try again
778 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i+1, j);
779 target_nt[i] = 0;
780 break;
781 }
782 target_nt[i] = nttest;
783 target_ks[i] = ks1;
784 ncount++;
785 if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces
786 target_nt[i] = 0;
787 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j);
788 break;
789 }
790 if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: valid, ntdist=%d", i+1, j);
791 }
792 }
793 if (target_nt[i] == 0 && j == dmax+1 && MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (all invalid)", i+1);
794 }
795 }
796
797 LED_C_OFF();
798
799 // ----------------------------- crypto1 destroy
800 crypto1_destroy(pcs);
801
802 byte_t buf[4 + 4 * 4];
803 memcpy(buf, &cuid, 4);
804 memcpy(buf+4, &target_nt[0], 4);
805 memcpy(buf+8, &target_ks[0], 4);
806 memcpy(buf+12, &target_nt[1], 4);
807 memcpy(buf+16, &target_ks[1], 4);
808
809 LED_B_ON();
810 cmd_send(CMD_ACK, isOK, 0, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));
811 LED_B_OFF();
812
813 if (MF_DBGLEVEL >= 3) DbpString("NESTED FINISHED");
814
815 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
816 LEDsoff();
817 set_tracing(TRUE);
818 }
819
820 //-----------------------------------------------------------------------------
821 // MIFARE check keys. key count up to 85.
822 //
823 //-----------------------------------------------------------------------------
824 void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
825 {
826 // params
827 uint8_t blockNo = arg0;
828 uint8_t keyType = arg1;
829 uint8_t keyCount = arg2;
830 uint64_t ui64Key = 0;
831
832 // variables
833 int i;
834 byte_t isOK = 0;
835 uint8_t uid[10];
836 uint32_t cuid;
837 struct Crypto1State mpcs = {0, 0};
838 struct Crypto1State *pcs;
839 pcs = &mpcs;
840
841 // clear debug level
842 int OLD_MF_DBGLEVEL = MF_DBGLEVEL;
843 MF_DBGLEVEL = MF_DBG_NONE;
844
845 // clear trace
846 clear_trace();
847 set_tracing(TRUE);
848
849 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
850
851 LED_A_ON();
852 LED_B_OFF();
853 LED_C_OFF();
854
855 for (i = 0; i < keyCount; i++) {
856 if(mifare_classic_halt(pcs, cuid)) {
857 if (MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Halt error");
858 }
859
860 if(!iso14443a_select_card(uid, NULL, &cuid)) {
861 if (OLD_MF_DBGLEVEL >= 1) Dbprintf("ChkKeys: Can't select card");
862 break;
863 };
864
865 ui64Key = bytes_to_num(datain + i * 6, 6);
866 if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {
867 continue;
868 };
869
870 isOK = 1;
871 break;
872 }
873
874 // ----------------------------- crypto1 destroy
875 crypto1_destroy(pcs);
876
877 LED_B_ON();
878 cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);
879 LED_B_OFF();
880
881 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
882 LEDsoff();
883
884 // restore debug level
885 MF_DBGLEVEL = OLD_MF_DBGLEVEL;
886 }
887
888 //-----------------------------------------------------------------------------
889 // MIFARE commands set debug level
890 //
891 //-----------------------------------------------------------------------------
892 void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
893 MF_DBGLEVEL = arg0;
894 Dbprintf("Debug level: %d", MF_DBGLEVEL);
895 }
896
897 //-----------------------------------------------------------------------------
898 // Work with emulator memory
899 //
900 //-----------------------------------------------------------------------------
901 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
902 emlClearMem();
903 }
904
905 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
906 emlSetMem(datain, arg0, arg1); // data, block num, blocks count
907 }
908
909 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
910 byte_t buf[USB_CMD_DATA_SIZE];
911 emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)
912
913 LED_B_ON();
914 cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);
915 LED_B_OFF();
916 }
917
918 //-----------------------------------------------------------------------------
919 // Load a card into the emulator memory
920 //
921 //-----------------------------------------------------------------------------
922 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
923 uint8_t numSectors = arg0;
924 uint8_t keyType = arg1;
925 uint64_t ui64Key = 0;
926 uint32_t cuid;
927 struct Crypto1State mpcs = {0, 0};
928 struct Crypto1State *pcs;
929 pcs = &mpcs;
930
931 // variables
932 byte_t dataoutbuf[16];
933 byte_t dataoutbuf2[16];
934 uint8_t uid[10];
935
936 // clear trace
937 clear_trace();
938 set_tracing(false);
939
940 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
941
942 LED_A_ON();
943 LED_B_OFF();
944 LED_C_OFF();
945
946 bool isOK = true;
947
948 if(!iso14443a_select_card(uid, NULL, &cuid)) {
949 isOK = false;
950 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
951 }
952
953 for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
954 ui64Key = emlGetKey(sectorNo, keyType);
955 if (sectorNo == 0){
956 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
957 isOK = false;
958 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth error", sectorNo);
959 break;
960 }
961 } else {
962 if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {
963 isOK = false;
964 if (MF_DBGLEVEL >= 1) Dbprintf("Sector[%2d]. Auth nested error", sectorNo);
965 break;
966 }
967 }
968
969 for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
970 if(isOK && mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {
971 isOK = false;
972 if (MF_DBGLEVEL >= 1) Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo);
973 break;
974 };
975 if (isOK) {
976 if (blockNo < NumBlocksPerSector(sectorNo) - 1) {
977 emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);
978 } else { // sector trailer, keep the keys, set only the AC
979 emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
980 memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);
981 emlSetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);
982 }
983 }
984 }
985
986 }
987
988 if(mifare_classic_halt(pcs, cuid)) {
989 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
990 };
991
992 // ----------------------------- crypto1 destroy
993 crypto1_destroy(pcs);
994
995 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
996 LEDsoff();
997
998 if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");
999
1000 }
1001
1002
1003 //-----------------------------------------------------------------------------
1004 // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)
1005 //
1006 //-----------------------------------------------------------------------------
1007 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
1008
1009 // params
1010 uint8_t needWipe = arg0;
1011 // bit 0 - need get UID
1012 // bit 1 - need wupC
1013 // bit 2 - need HALT after sequence
1014 // bit 3 - need init FPGA and field before sequence
1015 // bit 4 - need reset FPGA and LED
1016 uint8_t workFlags = arg1;
1017 uint8_t blockNo = arg2;
1018
1019 // card commands
1020 uint8_t wupC1[] = { 0x40 };
1021 uint8_t wupC2[] = { 0x43 };
1022 uint8_t wipeC[] = { 0x41 };
1023
1024 // variables
1025 byte_t isOK = 0;
1026 uint8_t uid[10] = {0x00};
1027 uint8_t d_block[18] = {0x00};
1028 uint32_t cuid;
1029
1030 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1031 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1032
1033 // reset FPGA and LED
1034 if (workFlags & 0x08) {
1035 LED_A_ON();
1036 LED_B_OFF();
1037 LED_C_OFF();
1038
1039 clear_trace();
1040 set_tracing(TRUE);
1041 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1042 }
1043
1044 while (true) {
1045
1046 // get UID from chip
1047 if (workFlags & 0x01) {
1048 if(!iso14443a_select_card(uid, NULL, &cuid)) {
1049 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
1050 //break;
1051 };
1052
1053 if(mifare_classic_halt(NULL, cuid)) {
1054 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1055 //break;
1056 };
1057 };
1058
1059 // reset chip
1060 if (needWipe){
1061 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1062 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1063 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1064 break;
1065 };
1066
1067 ReaderTransmit(wipeC, sizeof(wipeC), NULL);
1068 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1069 if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");
1070 break;
1071 };
1072
1073 if(mifare_classic_halt(NULL, cuid)) {
1074 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1075 break;
1076 };
1077 };
1078
1079 // write block
1080 if (workFlags & 0x02) {
1081 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1082 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1083 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1084 break;
1085 };
1086
1087 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1088 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1089 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1090 break;
1091 };
1092 }
1093
1094 if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
1095 if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");
1096 break;
1097 };
1098
1099 memcpy(d_block, datain, 16);
1100 AppendCrc14443a(d_block, 16);
1101
1102 ReaderTransmit(d_block, sizeof(d_block), NULL);
1103 if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
1104 if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");
1105 break;
1106 };
1107
1108 if (workFlags & 0x04) {
1109 if (mifare_classic_halt(NULL, cuid)) {
1110 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1111 break;
1112 };
1113 }
1114
1115 isOK = 1;
1116 break;
1117 }
1118
1119 LED_B_ON();
1120 cmd_send(CMD_ACK,isOK,0,0,uid,4);
1121 LED_B_OFF();
1122
1123 if ((workFlags & 0x10) || (!isOK)) {
1124 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1125 LEDsoff();
1126 }
1127 }
1128
1129
1130 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
1131
1132 // params
1133 // bit 1 - need wupC
1134 // bit 2 - need HALT after sequence
1135 // bit 3 - need init FPGA and field before sequence
1136 // bit 4 - need reset FPGA and LED
1137 uint8_t workFlags = arg0;
1138 uint8_t blockNo = arg2;
1139
1140 // card commands
1141 uint8_t wupC1[] = { 0x40 };
1142 uint8_t wupC2[] = { 0x43 };
1143
1144 // variables
1145 byte_t isOK = 0;
1146 uint8_t data[18] = {0x00};
1147 uint32_t cuid = 0;
1148
1149 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1150 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1151
1152 if (workFlags & 0x08) {
1153 LED_A_ON();
1154 LED_B_OFF();
1155 LED_C_OFF();
1156
1157 clear_trace();
1158 set_tracing(TRUE);
1159 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1160 }
1161
1162 while (true) {
1163 if (workFlags & 0x02) {
1164 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1165 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1166 if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
1167 break;
1168 };
1169
1170 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1171 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1172 if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
1173 break;
1174 };
1175 }
1176
1177 // read block
1178 if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {
1179 if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error");
1180 break;
1181 };
1182 memcpy(data, receivedAnswer, 18);
1183
1184 if (workFlags & 0x04) {
1185 if (mifare_classic_halt(NULL, cuid)) {
1186 if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1187 break;
1188 };
1189 }
1190
1191 isOK = 1;
1192 break;
1193 }
1194
1195 LED_B_ON();
1196 cmd_send(CMD_ACK,isOK,0,0,data,18);
1197 LED_B_OFF();
1198
1199 if ((workFlags & 0x10) || (!isOK)) {
1200 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1201 LEDsoff();
1202 }
1203 }
1204
1205 void MifareCIdent(){
1206
1207 // card commands
1208 uint8_t wupC1[] = { 0x40 };
1209 uint8_t wupC2[] = { 0x43 };
1210
1211 // variables
1212 byte_t isOK = 1;
1213
1214 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
1215 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
1216
1217 ReaderTransmitBitsPar(wupC1,7,0, NULL);
1218 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1219 isOK = 0;
1220 };
1221
1222 ReaderTransmit(wupC2, sizeof(wupC2), NULL);
1223 if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
1224 isOK = 0;
1225 };
1226
1227 if (mifare_classic_halt(NULL, 0)) {
1228 isOK = 0;
1229 };
1230
1231 cmd_send(CMD_ACK,isOK,0,0,0,0);
1232 }
1233
1234 void MifareCollectNonces(uint32_t arg0, uint32_t arg1){
1235
1236 BigBuf_free();
1237
1238 uint32_t iterations = arg0;
1239 uint8_t uid[10] = {0x00};
1240
1241 uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);
1242 uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);
1243
1244 uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
1245
1246 // get memory from BigBuf.
1247 uint8_t *nonces = BigBuf_malloc(iterations * 4);
1248
1249 LED_A_ON();
1250 LED_B_OFF();
1251 LED_C_OFF();
1252
1253 clear_trace();
1254 set_tracing(TRUE);
1255 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1256
1257 for (int i = 0; i < iterations; i++) {
1258
1259 WDT_HIT();
1260
1261 // Test if the action was cancelled
1262 if(BUTTON_PRESS()) break;
1263
1264 // if(mifare_classic_halt(pcs, cuid)) {
1265 // if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
1266 //}
1267
1268 if(!iso14443a_select_card(uid, NULL, NULL)) {
1269 if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
1270 continue;
1271 };
1272
1273 // Transmit MIFARE_CLASSIC_AUTH.
1274 ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);
1275
1276 // Receive the (4 Byte) "random" nonce
1277 if (!ReaderReceive(response, responsePar)) {
1278 if (MF_DBGLEVEL >= 1) Dbprintf("Couldn't receive tag nonce");
1279 continue;
1280 }
1281
1282 nonces[i*4] = bytes_to_num(response, 4);
1283 }
1284
1285 int packLen = iterations * 4;
1286 int packSize = 0;
1287 int packNum = 0;
1288 while (packLen > 0) {
1289 packSize = MIN(USB_CMD_DATA_SIZE, packLen);
1290 LED_B_ON();
1291 cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);
1292 LED_B_OFF();
1293
1294 packLen -= packSize;
1295 packNum++;
1296 }
1297 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1298 LEDsoff();
1299 }
1300
1301 //
1302 // DESFIRE
1303 //
1304
1305 void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
1306
1307 byte_t dataout[11] = {0x00};
1308 uint8_t uid[10] = {0x00};
1309 uint32_t cuid = 0x00;
1310
1311 clear_trace();
1312 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
1313
1314 int len = iso14443a_select_card(uid, NULL, &cuid);
1315 if(!len) {
1316 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
1317 OnError(1);
1318 return;
1319 };
1320
1321 if(mifare_desfire_des_auth1(cuid, dataout)){
1322 if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");
1323 OnError(4);
1324 return;
1325 }
1326
1327 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");
1328 cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));
1329 }
1330
1331 void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
1332
1333 uint32_t cuid = arg0;
1334 uint8_t key[16] = {0x00};
1335 byte_t dataout[12] = {0x00};
1336 byte_t isOK = 0;
1337
1338 memcpy(key, datain, 16);
1339
1340 isOK = mifare_desfire_des_auth2(cuid, key, dataout);
1341
1342 if( isOK) {
1343 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");
1344 OnError(4);
1345 return;
1346 }
1347
1348 if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
1349
1350 cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
1351 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
1352 LEDsoff();
1353 }
Proxmark3 GIT tracking
Impressum, Datenschutz