//-----------------------------------------------------------------------------\r
\r
#include "mifarecmd.h"\r
-#include "apps.h"\r
-#include "util.h"\r
-#include "crc.h"\r
-#include "protocols.h"\r
-#include "parity.h"\r
\r
//-----------------------------------------------------------------------------\r
// Select, Authenticate, Read a MIFARE tag. \r
LED_C_OFF();\r
\r
while (true) {\r
- if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
break;\r
};\r
break;\r
}\r
\r
- // ----------------------------- crypto1 destroy\r
crypto1_destroy(pcs);\r
\r
if (MF_DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED");\r
\r
- LED_B_ON();\r
cmd_send(CMD_ACK,isOK,0,0,0,0);\r
- LED_B_OFF();\r
\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
// Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on \r
// Computer and Communications Security, 2015\r
//-----------------------------------------------------------------------------\r
-#define AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)\r
+#define AUTHENTICATION_TIMEOUT 848 //848 // card times out 1ms after wrong authentication (according to NXP documentation)\r
#define PRE_AUTHENTICATION_LEADTIME 400 // some (non standard) cards need a pause after select before they are ready for first authentication \r
\r
void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain)\r
LED_A_ON();\r
LED_C_OFF();\r
\r
+ BigBuf_free(); BigBuf_Clear_ext(false); \r
+ clear_trace();\r
+ set_tracing(FALSE);\r
+ \r
if (initialize) {\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
- clear_trace();\r
- set_tracing(true);\r
}\r
\r
LED_C_ON();\r
\r
+ uint8_t dummy_answer = 0; \r
uint16_t num_nonces = 0;\r
bool have_uid = false;\r
for (uint16_t i = 0; i <= USB_CMD_DATA_SIZE - 9; ) {\r
}\r
\r
// send a dummy byte as reader response in order to trigger the cards authentication timeout\r
- uint8_t dummy_answer = 0;\r
ReaderTransmit(&dummy_answer, 1, NULL);\r
timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT;\r
\r
memcpy(buf+i, receivedAnswer, 4);\r
nt_par_enc = par_enc[0] & 0xf0;\r
} else {\r
- nt_par_enc |= par_enc[0] >> 4;\r
+ nt_par_enc |= par_enc[0] >> 4;\r
memcpy(buf+i+4, receivedAnswer, 4);\r
memcpy(buf+i+8, &nt_par_enc, 1);\r
i += 9;\r
}\r
\r
LED_C_OFF();\r
- \r
- crypto1_destroy(pcs);\r
- \r
+ crypto1_destroy(pcs); \r
LED_B_ON();\r
cmd_send(CMD_ACK, isOK, cuid, num_nonces, buf, sizeof(buf));\r
LED_B_OFF();\r
// \r
//-----------------------------------------------------------------------------\r
void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) {\r
- uint8_t blockNo = arg0 & 0xff;\r
- uint8_t keyType = (arg0 >> 8) & 0xff;\r
- bool clearTrace = arg1;\r
+#define STD_SEARCH 1\r
+#define EXT_SEARCH 2\r
+\r
+ uint8_t blockNo = arg0 & 0xFF;\r
+ uint8_t keyType = (arg0 >> 8) & 0xFF;\r
+ //uint8_t searchType = (arg1 >> 8 ) & 0xFF;\r
+ bool clearTrace = arg1 & 0xFF;\r
uint8_t keyCount = arg2;\r
uint64_t ui64Key = 0;\r
\r
\r
continue;\r
}\r
- isOK = 1;\r
- break;\r
+ \r
+ // found a key.\r
+ //\r
+ //if ( searchType == EXT_SEARCH) {\r
+ \r
+ //}\r
+ //else {\r
+ isOK = 1;\r
+ break;\r
+ //}\r
}\r
\r
LED_B_ON();\r
if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
errormsg = MAGIC_UID;\r
- // break;\r
}\r
- \r
- if ( mifare_classic_halt_ex(NULL) ) break;\r
+ mifare_classic_halt_ex(NULL);\r
+ break;\r
}\r
\r
// wipe tag, fill it with zeros\r
break;\r
}\r
\r
- if ( mifare_classic_halt_ex(NULL) ) break;\r
+ mifare_classic_halt_ex(NULL);\r
} \r
\r
// write block\r
} \r
\r
if (workFlags & MAGIC_OFF) \r
- if ( mifare_classic_halt_ex(NULL) ) break;\r
+ mifare_classic_halt_ex(NULL);\r
\r
isOK = true;\r
break;\r
}\r
\r
void MifareCIdent(){\r
- \r
+ #define GEN_1A 1\r
+ #define GEN_1B 2\r
+ #define GEN_2 4\r
// variables\r
- bool isOK = true; \r
- uint8_t receivedAnswer[1] = {0x00};\r
- uint8_t receivedAnswerPar[1] = {0x00};\r
-\r
+ uint8_t isGen = 0;\r
+ uint8_t rec[1] = {0x00};\r
+ uint8_t recpar[1] = {0x00};\r
+ \r
+ // Generation 1 test\r
ReaderTransmitBitsPar(wupC1, 7, NULL, NULL);\r
- if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
- isOK = false;\r
- }\r
-\r
+ if(!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) {\r
+ goto TEST2;\r
+ };\r
+ isGen = GEN_1B;\r
+ \r
ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
- if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
- isOK = false;\r
- }\r
+ if(!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) {\r
+ goto OUT;\r
+ }; \r
+ isGen = GEN_1A;\r
+ goto OUT;\r
+\r
+TEST2:;\r
+/*\r
+ // Generation 2 test\r
+ struct Crypto1State mpcs = {0, 0};\r
+ struct Crypto1State *pcs = &mpcs;\r
\r
+ // halt previous.\r
+ mifare_classic_halt(NULL, 0);\r
+ \r
+ //select\r
+ if (!iso14443a_select_card(NULL, NULL, NULL, true, 0)) {\r
+ goto OUT;\r
+ };\r
+ \r
+ // MIFARE_CLASSIC_WRITEBLOCK 0xA0\r
+ // ACK 0x0a\r
+ uint16_t len = mifare_sendcmd_short(pcs, 1, 0xA0, 0, rec, recpar, NULL);\r
+ if ((len != 1) || (rec[0] != 0x0A)) { \r
+ isGen = GEN_2; \r
+ };\r
+ */\r
+OUT:;\r
// removed the if, since some magic tags misbehavies and send an answer to it.\r
mifare_classic_halt(NULL, 0);\r
- cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+ cmd_send(CMD_ACK,isGen, 0, 0, 0, 0);\r
}\r
\r
void OnSuccessMagic(){\r
cmd_send(CMD_ACK,0,reason,0,0,0);\r
OnSuccessMagic();\r
}\r
+\r
+void MifareSetMod(uint8_t mod, uint8_t *key) {\r
+ uint64_t ui64Key = bytes_to_num(key, 6);\r
+\r
+ // variables\r
+ uint8_t isOK = 0;\r
+ uint8_t uid[10] = {0};\r
+ uint32_t cuid = 0;\r
+ struct Crypto1State mpcs = {0, 0};\r
+ struct Crypto1State *pcs = &mpcs;\r
+ int respLen = 0;\r
+ uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0};\r
+ uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0};\r
+\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+ clear_trace();\r
+ set_tracing(true);\r
+\r
+ LED_A_ON();\r
+ LED_B_OFF();\r
+ LED_C_OFF();\r
+\r
+ while (true) {\r
+ if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
+ break;\r
+ }\r
+\r
+ if(mifare_classic_auth(pcs, cuid, 0, 0, ui64Key, AUTH_FIRST)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("Auth error");\r
+ break;\r
+ }\r
+\r
+ if (((respLen = mifare_sendcmd_short(pcs, 1, 0x43, mod, receivedAnswer, receivedAnswerPar, NULL)) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("SetMod error; response[0]: %hhX, len: %d", receivedAnswer[0], respLen);\r
+ break;\r
+ }\r
+\r
+ if(mifare_classic_halt(pcs, cuid)) {\r
+ if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
+ break;\r
+ }\r
+\r
+ isOK = 1;\r
+ break;\r
+ }\r
+\r
+ crypto1_destroy(pcs);\r
+\r
+ LED_B_ON();\r
+ cmd_send(CMD_ACK, isOK, 0, 0, 0, 0);\r
+ LED_B_OFF();\r
+\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LEDsoff();\r
+}\r
+\r
//\r
// DESFIRE\r
//\r
}\r
\r
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){\r
-\r
uint32_t cuid = arg0;\r
uint8_t key[16] = {0x00};\r
byte_t dataout[12] = {0x00};\r