- //-----------------------------------------------------------------------------
+ //-----------------------------------------------------------------------------
// Merlok - June 2011, 2012
// Gerhard de Koning Gans - May 2008
// Hagen Fritsch - June 2010
// Stop when button is pressed
// Or return TRUE when command is captured
//-----------------------------------------------------------------------------
-static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) {
+int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) {
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
// only, since we are receiving, not transmitting).
// Signal field is off with the appropriate LED
memcpy(data+3, emdata+4, 4); // uid bytes 3-7
flags |= FLAG_7B_UID_IN_DATA;
}
- } break;
+ } break;
+ case 8: { // MIFARE Classic 4k
+ response1[0] = 0x02;
+ sak = 0x18;
+ } break;
default: {
Dbprintf("Error: unkown tagtype (%d)",tagType);
return;
BigBuf_free_keep_EM();
LED_A_OFF();
- /*
- if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) {
-
- for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
-
- for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nonce2,//NT2
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- }
- */
-
if (MF_DBGLEVEL >= 4){
Dbprintf("-[ Wake ups after halt [%d]", happened);
Dbprintf("-[ Messages after halt [%d]", happened2);
// Stop when button is pressed (return 1) or field was gone (return 2)
// Or return 0 when command is captured
//-----------------------------------------------------------------------------
-static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
+int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) {
*len = 0;
uint32_t timer = 0, vtime = 0;
{
iso14_pcb_blocknum ^= 1;
}
-
return len;
}
}
}
- /*
- // Interactive mode flag, means we need to send ACK
+ crypto1_word(pcs, nr , 1);
+ uint32_t cardRr = ar ^ crypto1_word(pcs, 0, 0);
- crypto1_word(pcs, ar , 1);
- cardRr = nr ^ crypto1_word(pcs, 0, 0);
-
- test if auth OK
+ //test if auth OK
if (cardRr != prng_successor(nonce, 64)){
- if (MF_DBGLEVEL >= 4) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
- cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
- cardRr, prng_successor(nonce, 64));
- Shouldn't we respond anything here?
- Right now, we don't nack or anything, which causes the
- reader to do a WUPA after a while. /Martin
- -- which is the correct response. /piwi
+ if (MF_DBGLEVEL >= 3) {
+ Dbprintf("AUTH FAILED for sector %d with key %c. [nr=%08x cardRr=%08x] [nt=%08x succ=%08x]"
+ , cardAUTHSC
+ , (cardAUTHKEY == 0) ? 'A' : 'B'
+ , nr
+ , cardRr
+ , nonce // nt
+ , prng_successor(nonce, 64)
+ );
+ }
+ // Shouldn't we respond anything here?
+ // Right now, we don't nack or anything, which causes the
+ // reader to do a WUPA after a while. /Martin
+ // -- which is the correct response. /piwi
cardSTATE_TO_IDLE();
LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
break;
}
- */
ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
num_to_bytes(ans, 4, rAUTH_AT);
EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
LED_C_ON();
- if (MF_DBGLEVEL >= 4) {
+ if (MF_DBGLEVEL >= 1) {
Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d",
cardAUTHSC,
cardAUTHKEY == 0 ? 'A' : 'B',
receivedCmd[0] == MIFARE_AUTH_KEYB) ) {
authTimer = GetTickCount();
- cardAUTHSC = receivedCmd[1] / 4; // received block num
- cardAUTHKEY = receivedCmd[0] - 0x60; // & 1
+ cardAUTHSC = receivedCmd[1] / 4; // received block -> sector
+ cardAUTHKEY = receivedCmd[0] & 0x1;
crypto1_destroy(pcs);
+
+ // load key into crypto
crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
- if (!encrypted_data) {
+ if (!encrypted_data) {
// first authentication
- crypto1_word(pcs, cuid ^ nonce, 0);// Update crypto state
- num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
-
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
-
+ // Update crypto state init (UID ^ NONCE)
+ crypto1_word(pcs, cuid ^ nonce, 0);
+ num_to_bytes(nonce, 4, rAUTH_AT);
} else {
// nested authentication
ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
num_to_bytes(ans, 4, rAUTH_AT);
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
+ if (MF_DBGLEVEL >= 3) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %c", receivedCmd[1], receivedCmd[1], cardAUTHKEY == 0 ? 'A' : 'B');
}
EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
projects / proxmark3-svn / blobdiff