]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifarecmd.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ADD: @icsom changes and additions to lua scripts for LEGIC
[proxmark3-svn] / armsrc / mifarecmd.c
diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 6a491b532a73739aaf9da9540fe5014fab2bbe91..c0e357b8cb478a91aa64023e8a90838b7a3ff210 100644 (file)
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -2,6 +2,9 @@
 // Merlok - June 2011, 2012\r
 // Gerhard de Koning Gans - May 2008\r
 // Hagen Fritsch - June 2010\r
 // Merlok - June 2011, 2012\r
 // Gerhard de Koning Gans - May 2008\r
 // Hagen Fritsch - June 2010\r
+// Midnitesnake - Dec 2013\r
+// Andy Davies  - Apr 2014\r
+// Iceman - May 2014\r
 //\r
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
 // at your option, any later version. See the LICENSE.txt file for the text of\r
 //\r
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
 // at your option, any later version. See the LICENSE.txt file for the text of\r
@@ -12,9 +15,13 @@
 \r
 #include "mifarecmd.h"\r
 #include "apps.h"\r
 \r
 #include "mifarecmd.h"\r
 #include "apps.h"\r
+#include "util.h"\r
+#include "crc.h"\r
+#include "protocols.h"\r
+#include "parity.h"\r
 \r
 //-----------------------------------------------------------------------------\r
 \r
 //-----------------------------------------------------------------------------\r
-// Select, Authenticaate, Read an MIFARE tag. \r
+// Select, Authenticate, Read a MIFARE tag. \r
 // read block\r
 //-----------------------------------------------------------------------------\r
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
 // read block\r
 //-----------------------------------------------------------------------------\r
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
@@ -27,41 +34,40 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        \r
        // variables\r
        byte_t isOK = 0;\r
        \r
        // variables\r
        byte_t isOK = 0;\r
-       byte_t dataoutbuf[16];\r
-       uint8_t uid[10];\r
-       uint32_t cuid;\r
+       byte_t dataoutbuf[16] = {0x00};\r
+       uint8_t uid[10] = {0x00};\r
+       uint32_t cuid = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
-       // clear trace\r
-       iso14a_clear_trace();\r
-//     iso14a_set_tracing(false);\r
-\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
+       clear_trace();\r
+       set_tracing(true);\r
+\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
        while (true) {\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
        while (true) {\r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+               if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
                        break;\r
                };\r
 \r
                if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
                        break;\r
                };\r
 \r
                if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Auth error");\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("Auth error");\r
                        break;\r
                };\r
                \r
                if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) {\r
                        break;\r
                };\r
                \r
                if(mifare_classic_readblock(pcs, cuid, blockNo, dataoutbuf)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block error");\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("Read block error");\r
                        break;\r
                };\r
 \r
                if(mifare_classic_halt(pcs, cuid)) {\r
                        break;\r
                };\r
 \r
                if(mifare_classic_halt(pcs, cuid)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
                        break;\r
                };\r
                \r
                        break;\r
                };\r
                \r
@@ -74,83 +80,110 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        \r
        if (MF_DBGLEVEL >= 2)   DbpString("READ BLOCK FINISHED");\r
 \r
        \r
        if (MF_DBGLEVEL >= 2)   DbpString("READ BLOCK FINISHED");\r
 \r
-       // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
-\r
-//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-//     memcpy(ack.d.asBytes, dataoutbuf, 16);\r
-       \r
        LED_B_ON();\r
        LED_B_ON();\r
-  cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+       cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
        LED_B_OFF();\r
 \r
        LED_B_OFF();\r
 \r
-\r
-  // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
+}\r
+\r
+void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){\r
 \r
 \r
+       bool turnOffField = (arg0 == 1);\r
+\r
+       LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
+\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       clear_trace();\r
+       set_tracing(true);\r
+\r
+       if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
+               OnError(0);\r
+               return;\r
+       };\r
+       \r
+       if(!mifare_ultra_auth(keybytes)){\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");\r
+               OnError(1);\r
+               return;\r
+       }\r
+\r
+       if (turnOffField) {\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               LEDsoff();\r
+       }\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
 }\r
 \r
 }\r
 \r
-void MifareUReadBlock(uint8_t arg0,uint8_t *datain)\r
+// Arg0 = BlockNo,\r
+// Arg1 = UsePwd bool\r
+// datain = PWD bytes,\r
+void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
 {\r
 {\r
-    // params\r
        uint8_t blockNo = arg0;\r
        uint8_t blockNo = arg0;\r
-       \r
-       // variables\r
-       byte_t isOK = 0;\r
-       byte_t dataoutbuf[16];\r
-       uint8_t uid[10];\r
-       uint32_t cuid;\r
-    \r
-       // clear trace\r
-       iso14a_clear_trace();\r
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-    \r
+       byte_t dataout[16] = {0x00};\r
+       bool useKey = (arg1 == 1); //UL_C\r
+       bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
+\r
+       LEDsoff();\r
        LED_A_ON();\r
        LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
-    \r
-       while (true) {\r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-            if (MF_DBGLEVEL >= 1)      Dbprintf("Can't select card");\r
-                       break;\r
-               };\r
-        \r
-               if(mifare_ultra_readblock(cuid, blockNo, dataoutbuf)) {\r
-            if (MF_DBGLEVEL >= 1)      Dbprintf("Read block error");\r
-                       break;\r
-               };\r
-        \r
-               if(mifare_ultra_halt(cuid)) {\r
-            if (MF_DBGLEVEL >= 1)      Dbprintf("Halt error");\r
-                       break;\r
-               };\r
-               \r
-               isOK = 1;\r
-               break;\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       clear_trace();\r
+       set_tracing(true);\r
+\r
+       int len = iso14443a_select_card(NULL, NULL, NULL, true, 0);\r
+       if(!len) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);\r
+               OnError(1);\r
+               return;\r
        }\r
        }\r
-       \r
-       if (MF_DBGLEVEL >= 2)   DbpString("READ BLOCK FINISHED");\r
-    \r
-       // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
-       LED_B_ON();\r
-        cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
-       LED_B_OFF();\r
-    \r
-    \r
-    // Thats it...\r
+\r
+       // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};\r
+               memcpy(key, datain, sizeof(key) );\r
+\r
+               if ( !mifare_ultra_auth(key) ) {\r
+                       OnError(1);\r
+                       return;\r
+               }\r
+       }\r
+\r
+       // UL-EV1 / NTAG authentication\r
+       if ( usePwd ) {\r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain, 4);\r
+               uint8_t pack[4] = {0,0,0,0};\r
+               if (!mifare_ul_ev1_auth(pwd, pack)) {\r
+                       OnError(1);\r
+                       return;\r
+               }\r
+       }       \r
+\r
+       if( mifare_ultra_readblock(blockNo, dataout) ) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");\r
+               OnError(2);\r
+               return;\r
+       }\r
+\r
+       if( mifare_ultra_halt() ) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
+               OnError(3);\r
+               return;\r
+       }\r
+\r
+    cmd_send(CMD_ACK,1,0,0,dataout,16);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
-// Select, Authenticaate, Read an MIFARE tag. \r
-// read sector (data = 4 x 16 bytes = 64 bytes)\r
+// Select, Authenticate, Read a MIFARE tag. \r
+// read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)\r
 //-----------------------------------------------------------------------------\r
 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
 //-----------------------------------------------------------------------------\r
 void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
@@ -162,151 +195,160 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        \r
        // variables\r
        byte_t isOK = 0;\r
        \r
        // variables\r
        byte_t isOK = 0;\r
-       byte_t dataoutbuf[16 * 4];\r
-       uint8_t uid[10];\r
-       uint32_t cuid;\r
+       byte_t dataoutbuf[16 * 16];\r
+       uint8_t uid[10] = {0x00};\r
+       uint32_t cuid = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
-       // clear trace\r
-       iso14a_clear_trace();\r
-//     iso14a_set_tracing(false);\r
-\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
+       clear_trace();\r
+       set_tracing(true);\r
+       \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
-       while (true) {\r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+       isOK = 1;\r
+       if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+               isOK = 0;\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                       break;\r
-               };\r
-\r
-               if(mifare_classic_auth(pcs, cuid, sectorNo * 4, keyType, ui64Key, AUTH_FIRST)) {\r
+       }\r
+       \r
+       \r
+       if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
+               isOK = 0;\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Auth error");\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Auth error");\r
+       }\r
+       \r
+       for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
+               if(mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf + 16 * blockNo)) {\r
+                       isOK = 0;\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("Read sector %2d block %2d error", sectorNo, blockNo);\r
                        break;\r
                        break;\r
-               };\r
-               \r
-               if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 0, dataoutbuf + 16 * 0)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 0 error");\r
-                       break;\r
-               };\r
-               if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 1, dataoutbuf + 16 * 1)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 1 error");\r
-                       break;\r
-               };\r
-               if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 2, dataoutbuf + 16 * 2)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 2 error");\r
-                       break;\r
-               };\r
-               if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 3, dataoutbuf + 16 * 3)) {\r
-               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 3 error");\r
-                       break;\r
-               };\r
+               }\r
+       }\r
                \r
                \r
-               if(mifare_classic_halt(pcs, cuid)) {\r
+       if(mifare_classic_halt(pcs, cuid)) {\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                       break;\r
-               };\r
-\r
-               isOK = 1;\r
-               break;\r
        }\r
        }\r
-       \r
+\r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
        \r
        if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");\r
 \r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
        \r
        if (MF_DBGLEVEL >= 2) DbpString("READ SECTOR FINISHED");\r
 \r
-       // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
-\r
-//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-//     memcpy(ack.d.asBytes, dataoutbuf, 16 * 2);\r
-       \r
        LED_B_ON();\r
        LED_B_ON();\r
-  cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,32);\r
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-//     SpinDelay(100);\r
-       \r
-//     memcpy(ack.d.asBytes, dataoutbuf + 16 * 2, 16 * 2);\r
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-  cmd_send(CMD_ACK,isOK,0,0,dataoutbuf+32, 32);\r
+       cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16*NumBlocksPerSector(sectorNo));\r
        LED_B_OFF();\r
 \r
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
        LED_B_OFF();\r
 \r
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
-\r
 }\r
 \r
 }\r
 \r
-void MifareUReadCard(uint8_t arg0, uint8_t *datain)\r
+// arg0 = blockNo (start)\r
+// arg1 = Pages (number of blocks)\r
+// arg2 = useKey\r
+// datain = KEY bytes\r
+void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
 {\r
-  // params\r
-        uint8_t sectorNo = arg0;\r
-        \r
-        // variables\r
-        byte_t isOK = 0;\r
-        byte_t dataoutbuf[16 * 4];\r
-        uint8_t uid[10];\r
-        uint32_t cuid;\r
-\r
-        // clear trace\r
-        iso14a_clear_trace();\r
-//      iso14a_set_tracing(false);\r
+       LEDsoff();\r
+       LED_A_ON();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
 \r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       // free eventually allocated BigBuf memory\r
+       BigBuf_free(); BigBuf_Clear_ext(false);\r
+       clear_trace();\r
+       set_tracing(true);\r
+       \r
+       // params\r
+       uint8_t blockNo = arg0;\r
+       uint16_t blocks = arg1;\r
+       bool useKey = (arg2 == 1); //UL_C\r
+       bool usePwd = (arg2 == 2); //UL_EV1/NTAG\r
+       uint32_t countblocks = 0;\r
+       uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);\r
+       if (dataout == NULL){\r
+               Dbprintf("out of memory");\r
+               OnError(1);\r
+               return;\r
+       }\r
+\r
+       int len = iso14443a_select_card(NULL, NULL, NULL, true, 0);\r
+       if (!len) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%d)",len);\r
+               OnError(1);\r
+               return;\r
+       }\r
 \r
 \r
-        LED_A_ON();\r
-        LED_B_OFF();\r
-        LED_C_OFF();\r
-\r
-        while (true) {\r
-                if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                        break;\r
-                };\r
-               for(int sec=0;sec<16;sec++){\r
-                    if(mifare_ultra_readblock(cuid, sectorNo * 4 + sec, dataoutbuf + 4 * sec)) {\r
-                    if (MF_DBGLEVEL >= 1)   Dbprintf("Read block %d error",sec);\r
-                        break;\r
-                    };\r
-                }\r
-                if(mifare_ultra_halt(cuid)) {\r
-                if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                        break;\r
-                };\r
-\r
-                isOK = 1;\r
-                break;\r
-        }\r
-        \r
-        if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");\r
-\r
-        // add trace trailer\r
-        memset(uid, 0x44, 4);\r
-        LogTrace(uid, 4, 0, 0, TRUE);\r
-        \r
-        LED_B_ON();\r
-               cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64);\r
-  //cmd_send(CMD_ACK,isOK,0,0,dataoutbuf+32, 32);\r
-        LED_B_OFF();\r
-\r
-        // Thats it...\r
-        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
+       // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};\r
+               memcpy(key, datain, sizeof(key) );\r
 \r
 \r
-}\r
+               if ( !mifare_ultra_auth(key) ) {\r
+                       OnError(1);\r
+                       return;\r
+               }\r
+       }\r
+\r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) {\r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain, sizeof(pwd));\r
+               uint8_t pack[4] = {0,0,0,0};\r
+\r
+               if (!mifare_ul_ev1_auth(pwd, pack)){\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+\r
+       for (int i = 0; i < blocks; i++){\r
+               if ((i*4) + 4 >= CARD_MEMORY_SIZE) {\r
+                       Dbprintf("Data exceeds buffer!!");\r
+                       break;\r
+               }\r
+\r
+               len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);\r
+               \r
+               if (len) {\r
+                       if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);\r
+                       // if no blocks read - error out\r
+                       if (i==0){\r
+                               OnError(2);\r
+                       return;\r
+                       } else {\r
+                               //stop at last successful read block and return what we got\r
+                               break;\r
+                       }\r
+               } else {\r
+                       countblocks++;\r
+               }\r
+       }\r
+\r
+       len = mifare_ultra_halt();\r
+       if (len) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
+               OnError(3);\r
+               return;\r
+       }\r
+\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);\r
 \r
 \r
+       countblocks *= 4;\r
+\r
+       cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+       BigBuf_free();\r
+}\r
 \r
 //-----------------------------------------------------------------------------\r
 \r
 //-----------------------------------------------------------------------------\r
-// Select, Authenticaate, Read an MIFARE tag. \r
+// Select, Authenticate, Write a MIFARE tag. \r
 // read block\r
 //-----------------------------------------------------------------------------\r
 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
 // read block\r
 //-----------------------------------------------------------------------------\r
 void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
@@ -315,31 +357,30 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        uint8_t blockNo = arg0;\r
        uint8_t keyType = arg1;\r
        uint64_t ui64Key = 0;\r
        uint8_t blockNo = arg0;\r
        uint8_t keyType = arg1;\r
        uint64_t ui64Key = 0;\r
-       byte_t blockdata[16];\r
+       byte_t blockdata[16] = {0x00};\r
 \r
        ui64Key = bytes_to_num(datain, 6);\r
        memcpy(blockdata, datain + 10, 16);\r
        \r
        // variables\r
        byte_t isOK = 0;\r
 \r
        ui64Key = bytes_to_num(datain, 6);\r
        memcpy(blockdata, datain + 10, 16);\r
        \r
        // variables\r
        byte_t isOK = 0;\r
-       uint8_t uid[10];\r
-       uint32_t cuid;\r
+       uint8_t uid[10] = {0x00};\r
+       uint32_t cuid = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
-       // clear trace\r
-       iso14a_clear_trace();\r
-//  iso14a_set_tracing(false);\r
-\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
+       clear_trace();\r
+       set_tracing(true);\r
+       \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
        while (true) {\r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
        while (true) {\r
-                       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                       if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
                        break;\r
                };\r
                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
                        break;\r
                };\r
@@ -368,159 +409,336 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        \r
        if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
 \r
        \r
        if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
 \r
-       // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
-\r
-//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-       \r
        LED_B_ON();\r
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
        LED_B_ON();\r
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
        LED_B_OFF();\r
 \r
 \r
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
        LED_B_OFF();\r
 \r
 \r
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
-\r
 }\r
 \r
 }\r
 \r
-void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)\r
+/* // Command not needed but left for future testing \r
+void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)\r
 {\r
 {\r
-        // params\r
-        uint8_t blockNo = arg0;\r
-        byte_t blockdata[16];\r
-\r
-        memset(blockdata,'\0',16);\r
-        memcpy(blockdata, datain,16);\r
-        \r
-        // variables\r
-        byte_t isOK = 0;\r
-        uint8_t uid[10];\r
-        uint32_t cuid;\r
-\r
-        // clear trace\r
-        iso14a_clear_trace();\r
-       //  iso14a_set_tracing(false);\r
+       uint8_t blockNo = arg0;\r
+       byte_t blockdata[16] = {0x00};\r
 \r
 \r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       memcpy(blockdata, datain, 16);\r
 \r
 \r
-        LED_A_ON();\r
-        LED_B_OFF();\r
-        LED_C_OFF();\r
-\r
-        while (true) {\r
-                if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                        break;\r
-                };\r
-\r
-                if(mifare_ultra_writeblock(cuid, blockNo, blockdata)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
-                        break;\r
-                };\r
-\r
-                if(mifare_ultra_halt(cuid)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                        break;\r
-                };\r
-                \r
-                isOK = 1;\r
-                break;\r
-        }\r
-        \r
-        if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
-\r
-        // add trace trailer\r
-        memset(uid, 0x44, 4);\r
-        LogTrace(uid, 4, 0, 0, TRUE);\r
-\r
-        LED_B_ON();\r
-       cmd_send(CMD_ACK,isOK,0,0,0,0);\r
-//      UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-        LED_B_OFF();\r
-\r
-\r
-        // Thats it...\r
-        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
+       uint8_t uid[10] = {0x00};\r
 \r
 \r
-}\r
+       LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
+\r
+       clear_trace();\r
+       set_tracing(true);\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       if(!iso14443a_select_card(uid, NULL, NULL, true, 0)) {\r
+               if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
+               OnError(0);\r
+               return; };\r
+\r
+       if(mifare_ultra_halt()) {\r
+               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
 \r
 \r
-void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
+*/\r
+\r
+// Arg0   : Block to write to.\r
+// Arg1   : 0 = use no authentication.\r
+//          1 = use 0x1A authentication.\r
+//          2 = use 0x1B authentication.\r
+// datain : 4 first bytes is data to be written.\r
+//        : 4/16 next bytes is authentication key.\r
+void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
 {\r
 {\r
-        // params\r
-        uint8_t blockNo = arg0;\r
-        byte_t blockdata[4];\r
-        \r
+       uint8_t blockNo = arg0;\r
+       bool useKey = (arg1 == 1); //UL_C\r
+       bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
+       byte_t blockdata[4] = {0x00};\r
+\r
        memcpy(blockdata, datain,4);\r
        memcpy(blockdata, datain,4);\r
+       \r
+       LEDsoff();\r
+       LED_A_ON();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
 \r
-        // variables\r
-        byte_t isOK = 0;\r
-        uint8_t uid[10];\r
-        uint32_t cuid;\r
+       clear_trace();\r
+       set_tracing(true);\r
+       \r
+       if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};       \r
+               memcpy(key, datain+4, sizeof(key) );\r
+\r
+               if ( !mifare_ultra_auth(key) ) {\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+       \r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) { \r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain+4, 4);\r
+               uint8_t pack[4] = {0,0,0,0};\r
+               if (!mifare_ul_ev1_auth(pwd, pack)) {\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+       \r
+       if(mifare_ultra_writeblock(blockNo, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(0);\r
+               return;\r
+       };\r
 \r
 \r
-        // clear trace\r
-        iso14a_clear_trace();\r
-        //  iso14a_set_tracing(false);\r
+       if(mifare_ultra_halt()) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
+               OnError(0);\r
+               return;\r
+       };\r
 \r
 \r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");\r
 \r
 \r
-        LED_A_ON();\r
-        LED_B_OFF();\r
-        LED_C_OFF();\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
 \r
 \r
-        while (true) {\r
-                        if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                        break;\r
-                };\r
+void MifareUSetPwd(uint8_t arg0, uint8_t *datain){\r
+       \r
+       uint8_t pwd[16] = {0x00};\r
+       byte_t blockdata[4] = {0x00};\r
+       \r
+       memcpy(pwd, datain, 16);\r
+       \r
+       LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
 \r
-                if(mifare_ultra_special_writeblock(cuid, blockNo, blockdata)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
-                        break;\r
-                };\r
+       clear_trace();\r
+       set_tracing(true);\r
+       \r
+       if(!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       blockdata[0] = pwd[7];\r
+       blockdata[1] = pwd[6];\r
+       blockdata[2] = pwd[5];\r
+       blockdata[3] = pwd[4];\r
+       if(mifare_ultra_writeblock( 44, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(44);\r
+               return;\r
+       };\r
+\r
+       blockdata[0] = pwd[3];\r
+       blockdata[1] = pwd[2];\r
+       blockdata[2] = pwd[1];\r
+       blockdata[3] = pwd[0];\r
+       if(mifare_ultra_writeblock( 45, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(45);\r
+               return;\r
+       };\r
+\r
+       blockdata[0] = pwd[15];\r
+       blockdata[1] = pwd[14];\r
+       blockdata[2] = pwd[13];\r
+       blockdata[3] = pwd[12];\r
+       if(mifare_ultra_writeblock( 46, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(46);\r
+               return;\r
+       };\r
+\r
+       blockdata[0] = pwd[11];\r
+       blockdata[1] = pwd[10];\r
+       blockdata[2] = pwd[9];\r
+       blockdata[3] = pwd[8];\r
+       if(mifare_ultra_writeblock( 47, blockdata)) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
+               OnError(47);\r
+               return;\r
+       };      \r
+\r
+       if(mifare_ultra_halt()) {\r
+               if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
+               OnError(0);\r
+               return;\r
+       };\r
+\r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
 \r
 \r
-                if(mifare_ultra_halt(cuid)) {\r
-                        if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                        break;\r
-                };\r
+// Return 1 if the nonce is invalid else return 0\r
+int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {\r
+       return ((oddparity8((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity8((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \\r
+       (oddparity8((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity8((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \\r
+       (oddparity8((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity8((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;\r
+}\r
 \r
 \r
-                isOK = 1;\r
-                break;\r
-        }\r
 \r
 \r
-        if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
+//-----------------------------------------------------------------------------\r
+// acquire encrypted nonces in order to perform the attack described in\r
+// Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened\r
+// Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on \r
+// Computer and Communications Security, 2015\r
+//-----------------------------------------------------------------------------\r
+void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain)\r
+{\r
+       uint64_t ui64Key = 0;\r
+       uint8_t uid[10] = {0x00};\r
+       uint32_t cuid = 0;\r
+       uint8_t cascade_levels = 0;\r
+       struct Crypto1State mpcs = {0, 0};\r
+       struct Crypto1State *pcs;\r
+       pcs = &mpcs;\r
+       uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};\r
+       int16_t isOK = 0;\r
+       uint8_t par_enc[1] = {0x00};\r
+       uint8_t nt_par_enc = 0;\r
+       uint8_t buf[USB_CMD_DATA_SIZE] = {0x00};\r
+       uint32_t timeout = 0;\r
+       \r
+       uint8_t blockNo = arg0 & 0xff;\r
+       uint8_t keyType = (arg0 >> 8) & 0xff;\r
+       uint8_t targetBlockNo = arg1 & 0xff;\r
+       uint8_t targetKeyType = (arg1 >> 8) & 0xff;\r
+       ui64Key = bytes_to_num(datain, 6);\r
+       bool initialize = flags & 0x0001;\r
+       bool slow = flags & 0x0002;\r
+       bool field_off = flags & 0x0004;\r
+       \r
+       #define AUTHENTICATION_TIMEOUT 848                      // card times out 1ms after wrong authentication (according to NXP documentation)\r
+       #define PRE_AUTHENTICATION_LEADTIME 400         // some (non standard) cards need a pause after select before they are ready for first authentication \r
+       \r
+       LED_A_ON();\r
+       LED_C_OFF();\r
 \r
 \r
-        // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-        LogTrace(uid, 4, 0, 0, TRUE);\r
+       if (initialize) {\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+               clear_trace();\r
+               set_tracing(true);\r
+       }\r
+       \r
+       LED_C_ON();\r
+       \r
+       uint16_t num_nonces = 0;\r
+       bool have_uid = false;\r
+       for (uint16_t i = 0; i <= USB_CMD_DATA_SIZE - 9; ) {\r
+\r
+               // Test if the action was cancelled\r
+               if(BUTTON_PRESS()) {\r
+                       isOK = 2;\r
+                       field_off = true;\r
+                       break;\r
+               }\r
 \r
 \r
-       LED_B_ON();\r
-        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
-//      UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-        LED_B_OFF();\r
+               if (!have_uid) { // need a full select cycle to get the uid first\r
+                       iso14a_card_select_t card_info;         \r
+                       if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("AcquireNonces: Can't select card (ALL)");\r
+                               continue;\r
+                       }\r
+                       switch (card_info.uidlen) {\r
+                               case 4 : cascade_levels = 1; break;\r
+                               case 7 : cascade_levels = 2; break;\r
+                               case 10: cascade_levels = 3; break;\r
+                               default: break;\r
+                       }\r
+                       have_uid = true;        \r
+               } else { // no need for anticollision. We can directly select the card\r
+                       if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("AcquireNonces: Can't select card (UID)");\r
+                               continue;\r
+                       }\r
+               }\r
+               \r
+               if (slow) {\r
+                       timeout = GetCountSspClk() + PRE_AUTHENTICATION_LEADTIME;\r
+                       while(GetCountSspClk() < timeout);\r
+               }\r
+\r
+               uint32_t nt1;\r
+               if (mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, NULL)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("AcquireNonces: Auth1 error");\r
+                       continue;\r
+               }\r
+\r
+               // nested authentication\r
+               uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par_enc, NULL);\r
+               if (len != 4) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("AcquireNonces: Auth2 error len=%d", len);\r
+                       continue;\r
+               }\r
+       \r
+               // send a dummy byte as reader response in order to trigger the cards authentication timeout\r
+               uint8_t dummy_answer = 0;\r
+               ReaderTransmit(&dummy_answer, 1, NULL);\r
+               timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT;\r
+               \r
+               num_nonces++;\r
+               if (num_nonces % 2) {\r
+                       memcpy(buf+i, receivedAnswer, 4);\r
+                       nt_par_enc = par_enc[0] & 0xf0;\r
+               } else {\r
+                       nt_par_enc |= par_enc[0] >> 4;\r
+                       memcpy(buf+i+4, receivedAnswer, 4);\r
+                       memcpy(buf+i+8, &nt_par_enc, 1);\r
+                       i += 9;\r
+               }\r
 \r
 \r
+               // wait for the card to become ready again\r
+               while(GetCountSspClk() < timeout);\r
+       \r
+       }\r
 \r
 \r
-        // Thats it...\r
-        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
+       LED_C_OFF();\r
+       \r
+       crypto1_destroy(pcs);\r
+       \r
+       LED_B_ON();\r
+       cmd_send(CMD_ACK, isOK, cuid, num_nonces, buf, sizeof(buf));\r
+       LED_B_OFF();\r
 \r
 \r
-}\r
+       if (MF_DBGLEVEL >= 3)   DbpString("AcquireEncryptedNonces finished");\r
 \r
 \r
-// Return 1 if the nonce is invalid else return 0\r
-int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, byte_t * parity) {\r
-       return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \\r
-       (oddparity((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \\r
-       (oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;\r
+       if (field_off) {\r
+               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+               LEDsoff();\r
+       }\r
 }\r
 \r
 \r
 }\r
 \r
 \r
-\r
 //-----------------------------------------------------------------------------\r
 // MIFARE nested authentication. \r
 // \r
 //-----------------------------------------------------------------------------\r
 // MIFARE nested authentication. \r
 // \r
@@ -538,35 +756,40 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
        \r
        // variables\r
        uint16_t rtr, i, j, len;\r
        \r
        // variables\r
        uint16_t rtr, i, j, len;\r
-       uint16_t davg;\r
+       uint16_t davg = 0;\r
        static uint16_t dmin, dmax;\r
        static uint16_t dmin, dmax;\r
-       uint8_t uid[10];\r
-       uint32_t cuid, nt1, nt2, nttmp, nttest, par, ks1;\r
-       uint32_t target_nt[2], target_ks[2];\r
+       uint8_t uid[10] = {0x00};\r
+       uint32_t cuid = 0, nt1, nt2, nttmp, nttest, ks1;\r
+       uint8_t par[1] = {0x00};\r
+       uint32_t target_nt[2] = {0x00}, target_ks[2] = {0x00};\r
        \r
        \r
-       uint8_t par_array[4];\r
+       uint8_t par_array[4] = {0x00};\r
        uint16_t ncount = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
        uint16_t ncount = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
-       uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+       uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};\r
 \r
        uint32_t auth1_time, auth2_time;\r
 \r
        uint32_t auth1_time, auth2_time;\r
-       static uint16_t delta_time;\r
-\r
-       // clear trace\r
-       iso14a_clear_trace();\r
-       iso14a_set_tracing(false);\r
-       \r
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       static uint16_t delta_time = 0;\r
 \r
        LED_A_ON();\r
        LED_C_OFF();\r
 \r
        LED_A_ON();\r
        LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
 \r
+       // free eventually allocated BigBuf memory\r
+       BigBuf_free(); BigBuf_Clear_ext(false);\r
+       \r
+       if (calibrate) clear_trace();\r
+       set_tracing(true);\r
 \r
        // statistics on nonce distance\r
 \r
        // statistics on nonce distance\r
+       int16_t isOK = 0;\r
+       #define NESTED_MAX_TRIES 12\r
+       uint16_t unsuccessfull_tries = 0;\r
        if (calibrate) {        // for first call only. Otherwise reuse previous calibration\r
                LED_B_ON();\r
        if (calibrate) {        // for first call only. Otherwise reuse previous calibration\r
                LED_B_ON();\r
+               WDT_HIT();\r
 \r
                davg = dmax = 0;\r
                dmin = 2000;\r
 \r
                davg = dmax = 0;\r
                dmin = 2000;\r
@@ -574,6 +797,12 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
                \r
                for (rtr = 0; rtr < 17; rtr++) {\r
 \r
                \r
                for (rtr = 0; rtr < 17; rtr++) {\r
 \r
+                       // Test if the action was cancelled\r
+                       if(BUTTON_PRESS()) {\r
+                               isOK = -2;\r
+                               break;\r
+                       }\r
+\r
                        // prepare next select. No need to power down the card.\r
                        if(mifare_classic_halt(pcs, cuid)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Halt error");\r
                        // prepare next select. No need to power down the card.\r
                        if(mifare_classic_halt(pcs, cuid)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Halt error");\r
@@ -581,7 +810,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
                                continue;\r
                        }\r
 \r
                                continue;\r
                        }\r
 \r
-                       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                       if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Can't select card");\r
                                rtr--;\r
                                continue;\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Can't select card");\r
                                rtr--;\r
                                continue;\r
@@ -593,12 +822,8 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
                                rtr--;\r
                                continue;\r
                        };\r
                                rtr--;\r
                                continue;\r
                        };\r
+                       auth2_time = (delta_time) ? auth1_time + delta_time : 0;\r
 \r
 \r
-                       if (delta_time) {\r
-                               auth2_time = auth1_time + delta_time;\r
-                       } else {\r
-                               auth2_time = 0;\r
-                       }\r
                        if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error");\r
                                rtr--;\r
                        if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error");\r
                                rtr--;\r
@@ -607,7 +832,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
 \r
                        nttmp = prng_successor(nt1, 100);                               //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160\r
                        for (i = 101; i < 1200; i++) {\r
 \r
                        nttmp = prng_successor(nt1, 100);                               //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160\r
                        for (i = 101; i < 1200; i++) {\r
-                               nttmp = prng_successor(nttmp, 1);\r
+                               nttmp = prng_successor_one(nttmp);\r
                                if (nttmp == nt2) break;\r
                        }\r
 \r
                                if (nttmp == nt2) break;\r
                        }\r
 \r
@@ -621,27 +846,29 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
                                        delta_time = auth2_time - auth1_time + 32;  // allow some slack for proper timing\r
                                }\r
                                if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);\r
                                        delta_time = auth2_time - auth1_time + 32;  // allow some slack for proper timing\r
                                }\r
                                if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);\r
+                       } else {\r
+                               unsuccessfull_tries++;\r
+                               if (unsuccessfull_tries > NESTED_MAX_TRIES) {   // card isn't vulnerable to nested attack (random numbers are not predictable)\r
+                                       isOK = -3;\r
+                               }\r
                        }\r
                }\r
                        }\r
                }\r
-               \r
-               if (rtr <= 1)   return;\r
 \r
                davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
                \r
 \r
                davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
                \r
-               if (MF_DBGLEVEL >= 3) Dbprintf("min=%d max=%d avg=%d, delta_time=%d", dmin, dmax, davg, delta_time);\r
+               if (MF_DBGLEVEL >= 3) Dbprintf("rtr=%d isOK=%d min=%d max=%d avg=%d, delta_time=%d", rtr, isOK, dmin, dmax, davg, delta_time);\r
 \r
                dmin = davg - 2;\r
                dmax = davg + 2;\r
                \r
                LED_B_OFF();\r
 \r
                dmin = davg - 2;\r
                dmax = davg + 2;\r
                \r
                LED_B_OFF();\r
-       \r
        }\r
 //  -------------------------------------------------------------------------------------------------  \r
        \r
        LED_C_ON();\r
 \r
        //  get crypted nonces for target sector\r
        }\r
 //  -------------------------------------------------------------------------------------------------  \r
        \r
        LED_C_ON();\r
 \r
        //  get crypted nonces for target sector\r
-       for(i=0; i < 2; i++) { // look for exactly two different nonces\r
+       for(i=0; i < 2 && !isOK; i++) { // look for exactly two different nonces\r
 \r
                target_nt[i] = 0;\r
                while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
 \r
                target_nt[i] = 0;\r
                while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
@@ -652,7 +879,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
                                continue;\r
                        }\r
 \r
                                continue;\r
                        }\r
 \r
-                       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                       if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Can't select card");\r
                                continue;\r
                        };\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Can't select card");\r
                                continue;\r
                        };\r
@@ -665,25 +892,29 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
 \r
                        // nested authentication\r
                        auth2_time = auth1_time + delta_time;\r
 \r
                        // nested authentication\r
                        auth2_time = auth1_time + delta_time;\r
-                       len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, &par, &auth2_time);\r
+\r
+                       len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);\r
                        if (len != 4) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error len=%d", len);\r
                                continue;\r
                        };\r
                \r
                        nt2 = bytes_to_num(receivedAnswer, 4);          \r
                        if (len != 4) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error len=%d", len);\r
                                continue;\r
                        };\r
                \r
                        nt2 = bytes_to_num(receivedAnswer, 4);          \r
-                       if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par);\r
+                       if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);\r
                        \r
                        // Parity validity check\r
                        \r
                        // Parity validity check\r
-                       for (j = 0; j < 4; j++) {\r
-                               par_array[j] = (oddparity(receivedAnswer[j]) != ((par & 0x08) >> 3));\r
-                               par = par << 1;\r
-                       }\r
+//                     for (j = 0; j < 4; j++) {\r
+//                             par_array[j] = (oddparity8(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01));\r
+//                     }\r
+                       par_array[0] = (oddparity8(receivedAnswer[0]) != ((par[0] >> (7-0)) & 0x01));\r
+                       par_array[1] = (oddparity8(receivedAnswer[1]) != ((par[0] >> (7-1)) & 0x01));\r
+                       par_array[2] = (oddparity8(receivedAnswer[2]) != ((par[0] >> (7-2)) & 0x01));\r
+                       par_array[3] = (oddparity8(receivedAnswer[3]) != ((par[0] >> (7-3)) & 0x01));\r
                        \r
                        ncount = 0;\r
                        nttest = prng_successor(nt1, dmin - 1);\r
                        for (j = dmin; j < dmax + 1; j++) {\r
                        \r
                        ncount = 0;\r
                        nttest = prng_successor(nt1, dmin - 1);\r
                        for (j = dmin; j < dmax + 1; j++) {\r
-                               nttest = prng_successor(nttest, 1);\r
+                               nttest = prng_successor_one(nttest);\r
                                ks1 = nt2 ^ nttest;\r
 \r
                                if (valid_nonce(nttest, nt2, ks1, par_array)){\r
                                ks1 = nt2 ^ nttest;\r
 \r
                                if (valid_nonce(nttest, nt2, ks1, par_array)){\r
@@ -712,11 +943,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
        \r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
        \r
-       // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
-\r
-       byte_t buf[4 + 4 * 4];\r
+       byte_t buf[4 + 4 * 4] = {0};\r
        memcpy(buf, &cuid, 4);\r
        memcpy(buf+4, &target_nt[0], 4);\r
        memcpy(buf+8, &target_ks[0], 4);\r
        memcpy(buf, &cuid, 4);\r
        memcpy(buf+4, &target_nt[0], 4);\r
        memcpy(buf+8, &target_ks[0], 4);\r
@@ -724,33 +951,34 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
        memcpy(buf+16, &target_ks[1], 4);\r
        \r
        LED_B_ON();\r
        memcpy(buf+16, &target_ks[1], 4);\r
        \r
        LED_B_ON();\r
-       cmd_send(CMD_ACK, 0, 2, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
+       cmd_send(CMD_ACK, isOK, 0, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
        LED_B_OFF();\r
 \r
        if (MF_DBGLEVEL >= 3)   DbpString("NESTED FINISHED");\r
 \r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
        LED_B_OFF();\r
 \r
        if (MF_DBGLEVEL >= 3)   DbpString("NESTED FINISHED");\r
 \r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-       iso14a_set_tracing(TRUE);\r
+       set_tracing(FALSE);\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
 // MIFARE check keys. key count up to 85. \r
 // \r
 //-----------------------------------------------------------------------------\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
 // MIFARE check keys. key count up to 85. \r
 // \r
 //-----------------------------------------------------------------------------\r
-void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
+void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
   // params\r
 {\r
   // params\r
-       uint8_t blockNo = arg0;\r
-       uint8_t keyType = arg1;\r
+       uint8_t blockNo = arg0 & 0xff;\r
+       uint8_t keyType = (arg0 >> 8) & 0xff;\r
+       bool clearTrace = arg1;\r
        uint8_t keyCount = arg2;\r
        uint64_t ui64Key = 0;\r
        \r
        // variables\r
        int i;\r
        byte_t isOK = 0;\r
        uint8_t keyCount = arg2;\r
        uint64_t ui64Key = 0;\r
        \r
        // variables\r
        int i;\r
        byte_t isOK = 0;\r
-       uint8_t uid[10];\r
-       uint32_t cuid;\r
+       uint8_t uid[10] = {0x00};\r
+       uint32_t cuid = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
@@ -759,57 +987,42 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        int OLD_MF_DBGLEVEL = MF_DBGLEVEL;      \r
        MF_DBGLEVEL = MF_DBG_NONE;\r
        \r
        int OLD_MF_DBGLEVEL = MF_DBGLEVEL;      \r
        MF_DBGLEVEL = MF_DBG_NONE;\r
        \r
-       // clear trace\r
-       iso14a_clear_trace();\r
-       iso14a_set_tracing(TRUE);\r
-\r
+       LEDsoff();\r
+       LED_A_ON();\r
+       \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
-       LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
+       if (clearTrace) \r
+               clear_trace();\r
+       \r
+       set_tracing(TRUE);\r
 \r
 \r
-//     SpinDelay(300);\r
-       for (i = 0; i < keyCount; i++) {\r
-//             FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-//             SpinDelay(100);\r
-//             FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
-               // prepare next select by sending a HALT. There is no need to power down the card.\r
-               if(mifare_classic_halt(pcs, cuid)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("ChkKeys: Halt error");\r
-               }\r
+       for (i = 0; i < keyCount; ++i) {\r
 \r
 \r
-               // SpinDelay(50);\r
-               \r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+               if (!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
                        if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("ChkKeys: Can't select card");\r
                        break;\r
                        if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("ChkKeys: Can't select card");\r
                        break;\r
-               };\r
+               }\r
 \r
                ui64Key = bytes_to_num(datain + i * 6, 6);\r
 \r
                ui64Key = bytes_to_num(datain + i * 6, 6);\r
-               if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
+               if (mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
+                       if (mifare_classic_halt(pcs, cuid))\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("ChkKeys: Halt error");\r
                        continue;\r
                        continue;\r
-               };\r
+               }\r
                \r
                isOK = 1;\r
                break;\r
        }\r
        \r
                \r
                isOK = 1;\r
                break;\r
        }\r
        \r
-       //  ----------------------------- crypto1 destroy\r
-       crypto1_destroy(pcs);\r
-       \r
-       // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
-\r
        LED_B_ON();\r
     cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
        LED_B_ON();\r
     cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
-       LED_B_OFF();\r
 \r
 \r
-  // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-\r
+       set_tracing(FALSE);\r
+       crypto1_destroy(pcs);\r
+       \r
        // restore debug level\r
        MF_DBGLEVEL = OLD_MF_DBGLEVEL;  \r
 }\r
        // restore debug level\r
        MF_DBGLEVEL = OLD_MF_DBGLEVEL;  \r
 }\r
@@ -826,24 +1039,29 @@ void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 //-----------------------------------------------------------------------------\r
 // Work with emulator memory\r
 // \r
 //-----------------------------------------------------------------------------\r
 // Work with emulator memory\r
 // \r
+// Note: we call FpgaDownloadAndGo(FPGA_BITSTREAM_HF) here although FPGA is not\r
+// involved in dealing with emulator memory. But if it is called later, it might\r
+// destroy the Emulator Memory.\r
 //-----------------------------------------------------------------------------\r
 //-----------------------------------------------------------------------------\r
+\r
 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
 void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
        emlClearMem();\r
 }\r
 \r
 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
        emlClearMem();\r
 }\r
 \r
 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-       emlSetMem(datain, arg0, arg1); // data, block num, blocks count\r
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
+       if (arg2==0) arg2 = 16; // backwards compat... default bytewidth\r
+       emlSetMem_xt(datain, arg0, arg1, arg2); // data, block num, blocks count, block byte width\r
 }\r
 \r
 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
 }\r
 \r
 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-//     UsbCommand ack = {CMD_ACK, {arg0, arg1, 0}};\r
-\r
-  byte_t buf[48];\r
-       emlGetMem(buf, arg0, arg1); // data, block num, blocks count\r
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);\r
+       byte_t buf[USB_CMD_DATA_SIZE] = {0x00};\r
+       emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
 \r
        LED_B_ON();\r
 \r
        LED_B_ON();\r
-  cmd_send(CMD_ACK,arg0,arg1,0,buf,48);\r
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+       cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);\r
        LED_B_OFF();\r
 }\r
 \r
        LED_B_OFF();\r
 }\r
 \r
@@ -852,87 +1070,72 @@ void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
 // \r
 //-----------------------------------------------------------------------------\r
 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
 // \r
 //-----------------------------------------------------------------------------\r
 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-       int i;\r
-       uint8_t sectorNo = 0;\r
+       uint8_t numSectors = arg0;\r
        uint8_t keyType = arg1;\r
        uint64_t ui64Key = 0;\r
        uint8_t keyType = arg1;\r
        uint64_t ui64Key = 0;\r
-       uint32_t cuid;\r
+       uint32_t cuid = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        // variables\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
 \r
        // variables\r
-       byte_t dataoutbuf[16];\r
-       byte_t dataoutbuf2[16];\r
-       uint8_t uid[10];\r
-\r
-       // clear trace\r
-       iso14a_clear_trace();\r
-       iso14a_set_tracing(false);\r
-       \r
-       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       byte_t dataoutbuf[16] = {0x00};\r
+       byte_t dataoutbuf2[16] = {0x00};\r
+       uint8_t uid[10] = {0x00};\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        \r
        \r
-       while (true) {\r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                       break;\r
-               };\r
-               \r
-               for (i = 0; i < 16; i++) {\r
-                       sectorNo = i;\r
-                       ui64Key = emlGetKey(sectorNo, keyType);\r
+       clear_trace();\r
+       set_tracing(TRUE);\r
        \r
        \r
-                       if (!i){\r
-                               if(mifare_classic_auth(pcs, cuid, sectorNo * 4, keyType, ui64Key, AUTH_FIRST)) {\r
-                                       if (MF_DBGLEVEL >= 1)   Dbprintf("Sector[%d]. Auth error", i);\r
-                                       break;\r
-                               }\r
-                       } else {\r
-                               if(mifare_classic_auth(pcs, cuid, sectorNo * 4, keyType, ui64Key, AUTH_NESTED)) {\r
-                                       if (MF_DBGLEVEL >= 1)   Dbprintf("Sector[%d]. Auth nested error", i);\r
-                                       break;\r
-                               }\r
-                       }\r
+       bool isOK = true;\r
+\r
+       if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+               isOK = false;\r
+               if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+       }\r
                \r
                \r
-                       if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 0, dataoutbuf)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 0 error");\r
-                               break;\r
-                       };\r
-                       emlSetMem(dataoutbuf, sectorNo * 4 + 0, 1);\r
-                       \r
-                       if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 1, dataoutbuf)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 1 error");\r
+       for (uint8_t sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
+               ui64Key = emlGetKey(sectorNo, keyType);\r
+               if (sectorNo == 0){\r
+                       if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
+                               isOK = false;\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Sector[%2d]. Auth error", sectorNo);\r
                                break;\r
                                break;\r
-                       };\r
-                       emlSetMem(dataoutbuf, sectorNo * 4 + 1, 1);\r
-\r
-                       if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 2, dataoutbuf)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 2 error");\r
+                       }\r
+               } else {\r
+                       if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_NESTED)) {\r
+                               isOK = false;\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Sector[%2d]. Auth nested error", sectorNo);\r
                                break;\r
                                break;\r
-                       };\r
-                       emlSetMem(dataoutbuf, sectorNo * 4 + 2, 1);\r
-\r
-                       // get block 3 bytes 6-9\r
-                       if(mifare_classic_readblock(pcs, cuid, sectorNo * 4 + 3, dataoutbuf)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Read block 3 error");\r
+                       }\r
+               }\r
+               \r
+               for (uint8_t blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
+                       if(isOK && mifare_classic_readblock(pcs, cuid, FirstBlockOfSector(sectorNo) + blockNo, dataoutbuf)) {\r
+                               isOK = false;\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Error reading sector %2d block %2d", sectorNo, blockNo);\r
                                break;\r
                                break;\r
-                       };\r
-                       emlGetMem(dataoutbuf2, sectorNo * 4 + 3, 1);\r
-                       memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);\r
-                       emlSetMem(dataoutbuf2,  sectorNo * 4 + 3, 1);\r
+                       }\r
+                       if (isOK) {\r
+                               if (blockNo < NumBlocksPerSector(sectorNo) - 1) {\r
+                                       emlSetMem(dataoutbuf, FirstBlockOfSector(sectorNo) + blockNo, 1);\r
+                               } else {        // sector trailer, keep the keys, set only the AC\r
+                                       emlGetMem(dataoutbuf2, FirstBlockOfSector(sectorNo) + blockNo, 1);\r
+                                       memcpy(&dataoutbuf2[6], &dataoutbuf[6], 4);\r
+                                       emlSetMem(dataoutbuf2,  FirstBlockOfSector(sectorNo) + blockNo, 1);\r
+                               }\r
+                       }\r
                }\r
 \r
                }\r
 \r
-               if(mifare_classic_halt(pcs, cuid)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                       break;\r
-               };\r
-               \r
-               break;\r
-       }       \r
+       }\r
+\r
+       if(mifare_classic_halt(pcs, cuid))\r
+               if (MF_DBGLEVEL >= 1)\r
+                       Dbprintf("Halt error");\r
 \r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
 \r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
@@ -942,255 +1145,291 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        \r
        if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");\r
 \r
        \r
        if (MF_DBGLEVEL >= 2) DbpString("EMUL FILL SECTORS FINISHED");\r
 \r
-       // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
+       set_tracing(FALSE);\r
 }\r
 \r
 }\r
 \r
-//-----------------------------------------------------------------------------\r
-// MIFARE 1k emulator\r
-// \r
-//-----------------------------------------------------------------------------\r
-\r
 \r
 //-----------------------------------------------------------------------------\r
 // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)\r
 // \r
 \r
 //-----------------------------------------------------------------------------\r
 // Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)\r
 // \r
+// PARAMS - workFlags\r
+// bit 0 - need get UID\r
+// bit 1 - need wupC\r
+// bit 2 - need HALT after sequence\r
+// bit 3 - need turn on FPGA before sequence\r
+// bit 4 - need turn off FPGA\r
+// bit 5 - need to set datain instead of issuing USB reply (called via ARM for StandAloneMode14a)\r
+// bit 6 - wipe tag.\r
 //-----------------------------------------------------------------------------\r
 //-----------------------------------------------------------------------------\r
-void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-  \r
-  // params\r
-       uint8_t needWipe = arg0;\r
-       // bit 0 - need get UID\r
-       // bit 1 - need wupC\r
-       // bit 2 - need HALT after sequence\r
-       // bit 3 - need init FPGA and field before sequence\r
-       // bit 4 - need reset FPGA and LED\r
-       uint8_t workFlags = arg1;\r
-       uint8_t blockNo = arg2;\r
+// magic uid card generation 1 commands\r
+uint8_t wupC1[] = { MIFARE_MAGICWUPC1 }; \r
+uint8_t wupC2[] = { MIFARE_MAGICWUPC2 }; \r
+uint8_t wipeC[] = { MIFARE_MAGICWIPEC }; \r
        \r
        \r
-       // card commands\r
-       uint8_t wupC1[]       = { 0x40 }; \r
-       uint8_t wupC2[]       = { 0x43 }; \r
-       uint8_t wipeC[]       = { 0x41 }; \r
+void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){\r
+  \r
+       // params\r
+       uint8_t workFlags = arg0;\r
+       uint8_t blockNo = arg1;\r
        \r
        // variables\r
        \r
        // variables\r
-       byte_t isOK = 0;\r
-       uint8_t uid[10];\r
-       uint8_t d_block[18];\r
-       uint32_t cuid;\r
-       \r
-       memset(uid, 0x00, 10);\r
-       uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+       bool isOK = false; //assume we will get an error\r
+       uint8_t errormsg = 0x00;\r
+       uint8_t uid[10] = {0x00};\r
+       uint8_t data[18] = {0x00};\r
+       uint32_t cuid = 0;\r
        \r
        \r
-       if (workFlags & 0x08) {\r
-               // clear trace\r
-               iso14a_clear_trace();\r
-               iso14a_set_tracing(TRUE);\r
-\r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};\r
+       uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00};\r
 \r
 \r
+       if (workFlags & MAGIC_INIT) {\r
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_A_ON();\r
                LED_B_OFF();\r
-               LED_C_OFF();\r
-       \r
-               SpinDelay(300);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-               SpinDelay(100);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+               clear_trace();\r
+               set_tracing(TRUE);\r
        }\r
 \r
        }\r
 \r
+       //loop doesn't loop just breaks out if error\r
        while (true) {\r
        while (true) {\r
-               // get UID from chip\r
-               if (workFlags & 0x01) {\r
-                       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                               break;\r
-                       };\r
-\r
-                       if(mifare_classic_halt(NULL, cuid)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                               break;\r
-                       };\r
-               };\r
+               // read UID and return to client with write\r
+               if (workFlags & MAGIC_UID) {\r
+                       if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+                               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("Can't select card");\r
+                               errormsg = MAGIC_UID;\r
+                               // break;\r
+                       }\r
+                       \r
+                       if ( mifare_classic_halt_ex(NULL) ) break;\r
+               }\r
        \r
        \r
-               // reset chip\r
-               if (needWipe){\r
-      ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
-                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
+               // wipe tag, fill it with zeros\r
+               if (workFlags & MAGIC_WIPE){\r
+                       ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+                       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("wupC1 error");\r
+                               errormsg = MAGIC_WIPE;\r
                                break;\r
                                break;\r
-                       };\r
+                       }\r
 \r
                        ReaderTransmit(wipeC, sizeof(wipeC), NULL);\r
 \r
                        ReaderTransmit(wipeC, sizeof(wipeC), NULL);\r
-                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("wipeC error");\r
+                       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("wipeC error");\r
+                               errormsg = MAGIC_WIPE;\r
                                break;\r
                                break;\r
-                       };\r
+                       }\r
 \r
 \r
-                       if(mifare_classic_halt(NULL, cuid)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                               break;\r
-                       };\r
-               };      \r
+                       if ( mifare_classic_halt_ex(NULL) ) break;\r
+               }       \r
 \r
                // write block\r
 \r
                // write block\r
-               if (workFlags & 0x02) {\r
-      ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
-                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
+               if (workFlags & MAGIC_WUPC) {\r
+                       ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+                       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("wupC1 error");\r
+                               errormsg = MAGIC_WUPC;\r
                                break;\r
                                break;\r
-                       };\r
+                       }\r
 \r
                        ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
 \r
                        ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
-                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC2 error");\r
+                       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("wupC2 error");\r
+                               errormsg = MAGIC_WUPC;\r
                                break;\r
                                break;\r
-                       };\r
+                       }\r
                }\r
 \r
                }\r
 \r
-               if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("write block send command error");\r
+               if ((mifare_sendcmd_short(NULL, 0, ISO14443A_CMD_WRITEBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+                       if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("write block send command error");\r
+                       errormsg = 4;\r
                        break;\r
                        break;\r
-               };\r
+               }\r
        \r
        \r
-               memcpy(d_block, datain, 16);\r
-               AppendCrc14443a(d_block, 16);\r
+               memcpy(data, datain, 16);\r
+               AppendCrc14443a(data, 16);\r
        \r
        \r
-               ReaderTransmit(d_block, sizeof(d_block), NULL);\r
-               if ((ReaderReceive(receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("write block send data error");\r
+               ReaderTransmit(data, sizeof(data), NULL);\r
+               if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+                       if (MF_DBGLEVEL >= MF_DBG_ERROR)        Dbprintf("write block send data error");\r
+                       errormsg = 0;\r
                        break;\r
                        break;\r
-               };      \r
+               }       \r
        \r
        \r
-               if (workFlags & 0x04) {\r
-                       if (mifare_classic_halt(NULL, cuid)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                               break;\r
-                       };\r
-               }\r
+               if (workFlags & MAGIC_OFF) \r
+                       if ( mifare_classic_halt_ex(NULL) ) break;\r
                \r
                \r
-               isOK = 1;\r
+               isOK = true;\r
                break;\r
                break;\r
-       }\r
-       \r
-//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-//     if (isOK) memcpy(ack.d.asBytes, uid, 4);\r
-       \r
-       // add trace trailer\r
-       /**\r
-       *       Removed by Martin, the uid is overwritten with 0x44, \r
-       *       which can 't be intended. \r
-       *\r
-       *       memset(uid, 0x44, 4);\r
-       *       LogTrace(uid, 4, 0, 0, TRUE);\r
-       **/\r
-       \r
 \r
 \r
-       LED_B_ON();\r
-  cmd_send(CMD_ACK,isOK,0,0,uid,4);\r
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-       LED_B_OFF();\r
+       } // end while  \r
 \r
 \r
-       if ((workFlags & 0x10) || (!isOK)) {\r
-               // Thats it...\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-               LEDsoff();\r
-       }\r
+       if (isOK )\r
+               cmd_send(CMD_ACK,1,0,0,uid,sizeof(uid));\r
+       else\r
+               OnErrorMagic(errormsg);\r
+\r
+       if (workFlags & MAGIC_OFF)\r
+               OnSuccessMagic();\r
 }\r
 \r
 }\r
 \r
-void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-  \r
-  // params\r
-       // bit 1 - need wupC\r
-       // bit 2 - need HALT after sequence\r
-       // bit 3 - need init FPGA and field before sequence\r
-       // bit 4 - need reset FPGA and LED\r
+void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){\r
+    \r
        uint8_t workFlags = arg0;\r
        uint8_t workFlags = arg0;\r
-       uint8_t blockNo = arg2;\r
-       \r
-       // card commands\r
-       uint8_t wupC1[]       = { 0x40 }; \r
-       uint8_t wupC2[]       = { 0x43 }; \r
+       uint8_t blockNo = arg1;\r
+       uint8_t errormsg = 0x00;\r
+       bool isOK = false; //assume we will get an error\r
        \r
        // variables\r
        \r
        // variables\r
-       byte_t isOK = 0;\r
-       uint8_t data[18];\r
-       uint32_t cuid = 0;\r
+       uint8_t data[MAX_MIFARE_FRAME_SIZE];\r
+       uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};\r
+       uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00};\r
        \r
        \r
-       memset(data, 0x00, 18);\r
-       uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+       memset(data, 0x00, sizeof(data));\r
        \r
        \r
-       if (workFlags & 0x08) {\r
-               // clear trace\r
-               iso14a_clear_trace();\r
-               iso14a_set_tracing(TRUE);\r
-\r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
+       if (workFlags & MAGIC_INIT) {\r
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_A_ON();\r
                LED_B_OFF();\r
-               LED_C_OFF();\r
-       \r
-               SpinDelay(300);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-               SpinDelay(100);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);       \r
+               clear_trace();\r
+               set_tracing(TRUE);\r
        }\r
 \r
        }\r
 \r
+       //loop doesn't loop just breaks out if error or done\r
        while (true) {\r
        while (true) {\r
-               if (workFlags & 0x02) {\r
+               if (workFlags & MAGIC_WUPC) {\r
                        ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
                        ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
-                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
+                       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wupC1 error");\r
+                               errormsg = MAGIC_WUPC;\r
                                break;\r
                                break;\r
-                       };\r
+                       }\r
 \r
                        ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
 \r
                        ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
-                       if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("wupC2 error");\r
+                       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+                               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wupC2 error");\r
+                               errormsg = MAGIC_WUPC;\r
                                break;\r
                                break;\r
-                       };\r
+                       }\r
                }\r
 \r
                }\r
 \r
-               // read block\r
-               if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, NULL) != 18)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("read block send command error");\r
+               // read block           \r
+               if ((mifare_sendcmd_short(NULL, 0, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {\r
+                       if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("read block send command error");\r
+                       errormsg = 0;\r
                        break;\r
                        break;\r
-               };\r
-               memcpy(data, receivedAnswer, 18);\r
-               \r
-               if (workFlags & 0x04) {\r
-                       if (mifare_classic_halt(NULL, cuid)) {\r
-                               if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                               break;\r
-                       };\r
                }\r
                \r
                }\r
                \r
-               isOK = 1;\r
+               memcpy(data, receivedAnswer, sizeof(data));\r
+               \r
+               // send HALT\r
+               if (workFlags & MAGIC_HALT)\r
+                       mifare_classic_halt_ex(NULL);\r
+\r
+               isOK = true;\r
                break;\r
        }\r
                break;\r
        }\r
+       // if MAGIC_DATAIN, the data stays on device side.\r
+       if (workFlags & MAGIC_DATAIN) {\r
+               if (isOK)\r
+                       memcpy(datain, data, sizeof(data));\r
+       } else {\r
+               if (isOK) \r
+                       cmd_send(CMD_ACK,1,0,0,data,sizeof(data));      \r
+               else \r
+                       OnErrorMagic(errormsg); \r
+       }\r
        \r
        \r
-//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-//     if (isOK) memcpy(ack.d.asBytes, data, 18);\r
+       if (workFlags & MAGIC_OFF)\r
+               OnSuccessMagic();\r
+}\r
+\r
+void MifareCIdent(){\r
        \r
        \r
-       // add trace trailer\r
-       /*\r
-       * Removed by Martin, this piece of overwrites the 'data' variable \r
-       * which is sent two lines down, and is obviously not correct. \r
-       * \r
-       * memset(data, 0x44, 4);\r
-       * LogTrace(data, 4, 0, 0, TRUE);\r
-       */\r
-       LED_B_ON();\r
-  cmd_send(CMD_ACK,isOK,0,0,data,18);\r
-//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-       LED_B_OFF();\r
+       // variables\r
+       bool isOK = true;       \r
+       uint8_t receivedAnswer[1] = {0x00};\r
+       uint8_t receivedAnswerPar[1] = {0x00};\r
 \r
 \r
-       if ((workFlags & 0x10) || (!isOK)) {\r
-               // Thats it...\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-               LEDsoff();\r
+       ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+               isOK = false;\r
+       }\r
+\r
+       ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
+       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+               isOK = false;\r
        }\r
        }\r
+\r
+       // removed the if,  since some magic tags misbehavies and send an answer to it.\r
+       mifare_classic_halt(NULL, 0);\r
+       cmd_send(CMD_ACK,isOK,0,0,0,0);\r
 }\r
 \r
 }\r
 \r
+void OnSuccessMagic(){\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+       set_tracing(FALSE);     \r
+}\r
+void OnErrorMagic(uint8_t reason){\r
+       //          ACK, ISOK, reason,0,0,0\r
+       cmd_send(CMD_ACK,0,reason,0,0,0);\r
+       OnSuccessMagic();\r
+}\r
+\r
+void MifareCollectNonces(uint32_t arg0, uint32_t arg1){\r
+}\r
+\r
+//\r
+// DESFIRE\r
+//\r
+\r
+void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){\r
+\r
+       byte_t dataout[12] = {0x00};\r
+       uint8_t uid[10] = {0x00};\r
+       uint32_t cuid = 0;\r
+    \r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       clear_trace();\r
+       set_tracing(true);\r
+\r
+       int len = iso14443a_select_card(uid, NULL, &cuid, true, 0);\r
+       if(!len) {\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
+               OnError(1);\r
+               return;\r
+       };\r
+\r
+       if(mifare_desfire_des_auth1(cuid, dataout)){\r
+               if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication part1: Fail.");\r
+               OnError(4);\r
+               return;\r
+       }\r
+\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 1 FINISHED");\r
+    cmd_send(CMD_ACK,1,cuid,0,dataout, sizeof(dataout));\r
+}\r
+\r
+void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){\r
+\r
+       uint32_t cuid = arg0;\r
+       uint8_t key[16] = {0x00};\r
+       byte_t dataout[12] = {0x00};\r
+       byte_t isOK = 0;\r
+    \r
+       memcpy(key, datain, 16);\r
+       \r
+       isOK = mifare_desfire_des_auth2(cuid, key, dataout);\r
+       \r
+       if( isOK) {\r
+           if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");  \r
+               OnError(4);\r
+               return;\r
+       }\r
+\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");\r
+\r
+       cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}
\ No newline at end of file
Proxmark3 GIT tracking
Impressum, Datenschutz