+ uint8_t card_data[6 * 8]={0xFF};
+ uint8_t last_csn[8]={0};
+
+ //Read conf block CRC(0x01) => 0xfa 0x22
+ uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22};
+ //Read conf block CRC(0x05) => 0xde 0x64
+ uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64};
+
+
+ int read_status= 0;
+ uint8_t result_status = 0;
+ bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
+
+ set_tracing(TRUE);
+ setupIclassReader();
+
+ while(!BUTTON_PRESS())
+ {
+
+ if(!tracing) {
+ DbpString("Trace full");
+ break;
+ }
+ WDT_HIT();
+
+ read_status = handshakeIclassTag(card_data);
+
+ if(read_status == 0) continue;
+ if(read_status == 1) result_status = FLAG_ICLASS_READER_CSN;
+ if(read_status == 2) result_status = FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CC;
+
+ // handshakeIclass returns CSN|CC, but the actual block
+ // layout is CSN|CONFIG|CC, so here we reorder the data,
+ // moving CC forward 8 bytes
+ memcpy(card_data+16,card_data+8, 8);
+ //Read block 1, config
+ if(arg0 & FLAG_ICLASS_READER_CONF)
+ {
+ if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10))
+ {
+ Dbprintf("Failed to dump config block");
+ }else
+ {
+ result_status |= FLAG_ICLASS_READER_CONF;
+ }
+ }
+
+ //Read block 5, AA
+ if(arg0 & FLAG_ICLASS_READER_AA){
+ if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10))
+ {
+// Dbprintf("Failed to dump AA block");
+ }else
+ {
+ result_status |= FLAG_ICLASS_READER_AA;
+ }
+ }
+
+ // 0 : CSN
+ // 1 : Configuration
+ // 2 : e-purse
+ // (3,4 write-only, kc and kd)
+ // 5 Application issuer area
+ //
+ //Then we can 'ship' back the 8 * 5 bytes of data,
+ // with 0xFF:s in block 3 and 4.
+
+ LED_B_ON();
+ //Send back to client, but don't bother if we already sent this
+ if(memcmp(last_csn, card_data, 8) != 0)
+ {
+ // If caller requires that we get CC, continue until we got it
+ if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC))
+ {
+ cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
+ if(abort_after_read) {
+ LED_A_OFF();
+ return;
+ }
+ //Save that we already sent this....
+ memcpy(last_csn, card_data, 8);
+ }
+
+ }
+ LED_B_OFF();
+ }
+ cmd_send(CMD_ACK,0,0,0,card_data, 0);
+ LED_A_OFF();
+}
+
+void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
+
+ uint8_t card_data[USB_CMD_DATA_SIZE]={0};
+ uint16_t block_crc_LUT[255] = {0};
+
+ {//Generate a lookup table for block crc
+ for(int block = 0; block < 255; block++){
+ char bl = block;
+ block_crc_LUT[block] = iclass_crc16(&bl ,1);
+ }
+ }
+ //Dbprintf("Lookup table: %02x %02x %02x" ,block_crc_LUT[0],block_crc_LUT[1],block_crc_LUT[2]);
+
+ uint8_t check[] = { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 };
+
+ uint16_t crc = 0;
+ uint8_t cardsize=0;
+ uint8_t mem=0;
+
+ static struct memory_t{
+ int k16;
+ int book;
+ int k2;
+ int lockauth;
+ int keyaccess;
+ } memory;
+
+ uint8_t resp[ICLASS_BUFFER_SIZE];
+
+ setupIclassReader();
+ set_tracing(TRUE);
+
+ while(!BUTTON_PRESS()) {
+
+ WDT_HIT();
+
+ if(!tracing) {
+ DbpString("Trace full");
+ break;
+ }
+
+ uint8_t read_status = handshakeIclassTag(card_data);
+ if(read_status < 2) continue;
+
+ //for now replay captured auth (as cc not updated)
+ memcpy(check+5,MAC,4);
+
+ if(sendCmdGetResponseWithRetries(check, sizeof(check),resp, 4, 5))
+ {
+ Dbprintf("Error: Authentication Fail!");
+ continue;
+ }
+
+ //first get configuration block (block 1)
+ crc = block_crc_LUT[1];
+ read[1]=1;
+ read[2] = crc >> 8;
+ read[3] = crc & 0xff;
+
+ if(sendCmdGetResponseWithRetries(read, sizeof(read),resp, 10, 10))
+ {
+ Dbprintf("Dump config (block 1) failed");
+ continue;
+ }
+
+ mem=resp[5];
+ memory.k16= (mem & 0x80);
+ memory.book= (mem & 0x20);
+ memory.k2= (mem & 0x8);
+ memory.lockauth= (mem & 0x2);
+ memory.keyaccess= (mem & 0x1);
+
+ cardsize = memory.k16 ? 255 : 32;
+ WDT_HIT();
+ //Set card_data to all zeroes, we'll fill it with data
+ memset(card_data,0x0,USB_CMD_DATA_SIZE);
+ uint8_t failedRead =0;
+ uint32_t stored_data_length =0;
+ //then loop around remaining blocks
+ for(int block=0; block < cardsize; block++){
+
+ read[1]= block;
+ crc = block_crc_LUT[block];
+ read[2] = crc >> 8;
+ read[3] = crc & 0xff;
+
+ if(!sendCmdGetResponseWithRetries(read, sizeof(read), resp, 10, 10))
+ {
+ Dbprintf(" %02x: %02x %02x %02x %02x %02x %02x %02x %02x",
+ block, resp[0], resp[1], resp[2],
+ resp[3], resp[4], resp[5],
+ resp[6], resp[7]);
+
+ //Fill up the buffer
+ memcpy(card_data+stored_data_length,resp,8);
+ stored_data_length += 8;
+ if(stored_data_length +8 > USB_CMD_DATA_SIZE)
+ {//Time to send this off and start afresh
+ cmd_send(CMD_ACK,
+ stored_data_length,//data length
+ failedRead,//Failed blocks?
+ 0,//Not used ATM
+ card_data, stored_data_length);
+ //reset
+ stored_data_length = 0;
+ failedRead = 0;
+ }
+
+ }else{
+ failedRead = 1;
+ stored_data_length +=8;//Otherwise, data becomes misaligned
+ Dbprintf("Failed to dump block %d", block);
+ }
+ }
+
+ //Send off any remaining data
+ if(stored_data_length > 0)
+ {
+ cmd_send(CMD_ACK,
+ stored_data_length,//data length
+ failedRead,//Failed blocks?
+ 0,//Not used ATM
+ card_data, stored_data_length);
+ }
+ //If we got here, let's break
+ break;
+ }
+ //Signal end of transmission
+ cmd_send(CMD_ACK,
+ 0,//data length
+ 0,//Failed blocks?
+ 0,//Not used ATM
+ card_data, 0);
+
+ LED_A_OFF();
+}
+
+//2. Create Read method (cut-down from above) based off responses from 1.
+// Since we have the MAC could continue to use replay function.
+//3. Create Write method
+/*
+void IClass_iso14443A_write(uint8_t arg0, uint8_t blockNo, uint8_t *data, uint8_t *MAC) {