]>
git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/mifaresniff.c
bd9840e8cb4a8467e9b3c6b3719f0aede40a9d18
1 //-----------------------------------------------------------------------------
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Routines to support mifare classic sniffer.
9 //-----------------------------------------------------------------------------
11 #include "mifaresniff.h"
14 static int sniffState
= SNF_INIT
;
15 static uint8_t sniffUIDType
;
16 static uint8_t sniffUID
[8];
17 static uint8_t sniffATQA
[2];
18 static uint8_t sniffSAK
;
19 static uint8_t sniffBuf
[16];
20 static uint32_t timerData
= 0;
23 bool MfSniffInit(void){
24 memset(sniffUID
, 0x00, 8);
25 memset(sniffATQA
, 0x00, 2);
27 sniffUIDType
= SNF_UID_4
;
32 bool MfSniffEnd(void){
34 cmd_send(CMD_ACK
,0,0,0,0,0);
40 bool RAMFUNC
MfSniffLogic(const uint8_t *data
, uint16_t len
, uint32_t parity
, uint16_t bitCnt
, bool reader
) {
42 if (reader
&& (len
== 1) && (bitCnt
== 7)) { // reset on 7-Bit commands from reader
43 sniffState
= SNF_INIT
;
48 if ((len
== 1) && (reader
) && (bitCnt
== 7) ) { // REQA or WUPA from reader
49 sniffUIDType
= SNF_UID_4
;
50 memset(sniffUID
, 0x00, 8);
51 memset(sniffATQA
, 0x00, 2);
53 sniffState
= SNF_WUPREQ
;
58 if ((!reader
) && (len
== 2)) { // ATQA from tag
59 memcpy(sniffATQA
, data
, 2);
60 sniffState
= SNF_ATQA
;
65 if ((reader
) && (len
== 2) && (data
[0] == 0x93) && (data
[1] == 0x20)) { // Select ALL from reader
66 sniffState
= SNF_ANTICOL1
;
71 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) { // UID from tag (CL1)
72 memcpy(sniffUID
+ 3, data
, 4);
73 sniffState
= SNF_UID1
;
78 if ((reader
) && (len
== 9) && (data
[0] == 0x93) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) { // Select 4 Byte UID from reader
84 if ((!reader
) && (len
== 3) && (CheckCrc14443(CRC_14443_A
, data
, 3))) { // SAK from card?
86 if (sniffUID
[3] == 0x88) { // CL2 UID part to be expected
87 sniffState
= SNF_ANTICOL2
;
88 } else { // select completed
89 sniffState
= SNF_CARD_IDLE
;
95 if ((!reader
) && (len
== 5) && ((data
[0] ^ data
[1] ^ data
[2] ^ data
[3]) == data
[4])) { // CL2 UID
96 memcpy(sniffUID
, data
, 4);
97 sniffUIDType
= SNF_UID_7
;
98 sniffState
= SNF_UID2
;
103 if ((reader
) && (len
== 9) && (data
[0] == 0x95) && (data
[1] == 0x70) && (CheckCrc14443(CRC_14443_A
, data
, 9))) { // Select 2nd part of 7 Byte UID
104 sniffState
= SNF_SAK
;
108 case SNF_CARD_IDLE
:{ // trace the card select sequence
111 memcpy(sniffBuf
+ 2, sniffUID
, 7);
112 memcpy(sniffBuf
+ 9, sniffATQA
, 2);
113 sniffBuf
[11] = sniffSAK
;
116 LogTrace(sniffBuf
, 14, 0, parity
, true);
117 } // intentionally no break;
119 LogTrace(data
, len
, 0, parity
, true);
120 sniffState
= SNF_CARD_RESP
;
121 timerData
= GetTickCount();
125 LogTrace(data
, len
, 0, parity
, false);
126 sniffState
= SNF_CARD_CMD
;
127 timerData
= GetTickCount();
132 sniffState
= SNF_INIT
;
140 bool RAMFUNC
MfSniffSend(uint16_t maxTimeoutMs
) {
141 if (traceLen
&& (GetTickCount() > timerData
+ maxTimeoutMs
)) {
142 return intMfSniffSend();
147 // internal sending function. not a RAMFUNC.
148 bool intMfSniffSend() {
151 int pckLen
= traceLen
;
156 pckSize
= MIN(USB_CMD_DATA_SIZE
, pckLen
);
158 cmd_send(CMD_ACK
, 1, pckSize
, pckNum
, trace
+ traceLen
- pckLen
, pckSize
);
166 cmd_send(CMD_ACK
,2,0,0,0,0);
169 iso14a_clear_trace();