- set_tracing(FALSE);
-}
-
-typedef struct {
- uint32_t cuid;
- uint8_t sector;
- uint8_t keytype;
- uint32_t nonce;
- uint32_t ar;
- uint32_t nr;
- uint32_t nonce2;
- uint32_t ar2;
- uint32_t nr2;
-} nonces_t;
-
-/**
- *MIFARE 1K simulate.
- *
- *@param flags :
- * FLAG_INTERACTIVE - In interactive mode, we are expected to finish the operation with an ACK
- * FLAG_4B_UID_IN_DATA - means that there is a 4-byte UID in the data-section, we're expected to use that
- * FLAG_7B_UID_IN_DATA - means that there is a 7-byte UID in the data-section, we're expected to use that
- * FLAG_10B_UID_IN_DATA - use 10-byte UID in the data-section not finished
- * FLAG_NR_AR_ATTACK - means we should collect NR_AR responses for bruteforcing later
- *@param exitAfterNReads, exit simulation after n blocks have been read, 0 is infinite ...
- * (unless reader attack mode enabled then it runs util it gets enough nonces to recover all keys attmpted)
- */
-void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *datain)
-{
- int cardSTATE = MFEMUL_NOFIELD;
- int _UID_LEN = 0; // 4, 7, 10
- int _7BUID = 0;
- int vHf = 0; // in mV
- int res;
- uint32_t selTimer = 0;
- uint32_t authTimer = 0;
- uint16_t len = 0;
- uint8_t cardWRBL = 0;
- uint8_t cardAUTHSC = 0;
- uint8_t cardAUTHKEY = 0xff; // no authentication
- uint32_t cardRr = 0;
- uint32_t cuid = 0;
- //uint32_t rn_enc = 0;
- uint32_t ans = 0;
- uint32_t cardINTREG = 0;
- uint8_t cardINTBLOCK = 0;
- struct Crypto1State mpcs = {0, 0};
- struct Crypto1State *pcs;
- pcs = &mpcs;
- uint32_t numReads = 0;//Counts numer of times reader read a block
- uint8_t receivedCmd[MAX_MIFARE_FRAME_SIZE];
- uint8_t receivedCmd_par[MAX_MIFARE_PARITY_SIZE];
- uint8_t response[MAX_MIFARE_FRAME_SIZE];
- uint8_t response_par[MAX_MIFARE_PARITY_SIZE];
-
- uint8_t rATQA[] = {0x04, 0x00}; // Mifare classic 1k 4BUID
- uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
- uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; // !!!
- uint8_t rUIDBCC3[] = {0xde, 0xad, 0xbe, 0xaf, 0x62};
-
- uint8_t rSAK[] = {0x08, 0xb6, 0xdd};
- uint8_t rSAK1[] = {0x04, 0xda, 0x17};
- uint8_t rSAK2[] = {0x04, 0xda, 0x17}; //need to look up
-
- uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04};
- uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00};
-
- //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
- // This will be used in the reader-only attack.
-
- //allow collecting up to 8 sets of nonces to allow recovery of 8 keys
- #define ATTACK_KEY_COUNT 8
- nonces_t ar_nr_resp[ATTACK_KEY_COUNT*2]; //*2 for 2 separate attack types
- memset(ar_nr_resp, 0x00, sizeof(ar_nr_resp));
-
- uint8_t ar_nr_collected[ATTACK_KEY_COUNT*2];
- memset(ar_nr_collected, 0x00, sizeof(ar_nr_collected));
- bool gettingMoebius = false;
- uint8_t nonce1_count = 0;
- uint8_t nonce2_count = 0;
- uint8_t moebius_n_count = 0;
- uint8_t mM = 0; //moebius_modifier for collection storage
-
- // Authenticate response - nonce
- uint32_t nonce = bytes_to_num(rAUTH_NT, 4);
-
- //-- Determine the UID
- // Can be set from emulator memory, incoming data
- // and can be 7 or 4 bytes long
- if (flags & FLAG_4B_UID_IN_DATA)
- {
- // 4B uid comes from data-portion of packet
- memcpy(rUIDBCC1,datain,4);
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- _UID_LEN = 4;
- } else if (flags & FLAG_7B_UID_IN_DATA) {
- // 7B uid comes from data-portion of packet
- memcpy(&rUIDBCC1[1],datain,3);
- memcpy(rUIDBCC2, datain+3, 4);
- _7BUID = true;
- _UID_LEN = 7;
- } else if (flags & FLAG_10B_UID_IN_DATA) {
- memcpy(&rUIDBCC1[1], datain, 3);
- memcpy(&rUIDBCC2[1], datain+3, 3);
- memcpy( rUIDBCC3, datain+6, 4);
- _UID_LEN = 10;
- } else {
- // get UID from emul memory - guess at length
- emlGetMemBt(receivedCmd, 7, 1);
- _7BUID = !(receivedCmd[0] == 0x00);
- if (!_7BUID) { // ---------- 4BUID
- emlGetMemBt(rUIDBCC1, 0, 4);
- _UID_LEN = 4;
- } else { // ---------- 7BUID
- emlGetMemBt(&rUIDBCC1[1], 0, 3);
- emlGetMemBt(rUIDBCC2, 3, 4);
- _UID_LEN = 7;
- }
- }
-
- switch (_UID_LEN) {
- case 4:
- // save CUID
- cuid = bytes_to_num(rUIDBCC1, 4);
- // BCC
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- if (MF_DBGLEVEL >= 2) {
- Dbprintf("4B UID: %02x%02x%02x%02x",
- rUIDBCC1[0],
- rUIDBCC1[1],
- rUIDBCC1[2],
- rUIDBCC1[3]
- );
- }
- break;
- case 7:
- rATQA[0] |= 0x40;
- // save CUID
- cuid = bytes_to_num(rUIDBCC2, 4);
- // CascadeTag, CT
- rUIDBCC1[0] = 0x88;
- // BCC
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
- if (MF_DBGLEVEL >= 2) {
- Dbprintf("7B UID: %02x %02x %02x %02x %02x %02x %02x",
- rUIDBCC1[1],
- rUIDBCC1[2],
- rUIDBCC1[3],
- rUIDBCC2[0],
- rUIDBCC2[1],
- rUIDBCC2[2],
- rUIDBCC2[3]
- );
- }
- break;
- case 10:
- rATQA[0] |= 0x80;
- //sak_10[0] &= 0xFB;
- // save CUID
- cuid = bytes_to_num(rUIDBCC3, 4);
- // CascadeTag, CT
- rUIDBCC1[0] = 0x88;
- rUIDBCC2[0] = 0x88;
- // BCC
- rUIDBCC1[4] = rUIDBCC1[0] ^ rUIDBCC1[1] ^ rUIDBCC1[2] ^ rUIDBCC1[3];
- rUIDBCC2[4] = rUIDBCC2[0] ^ rUIDBCC2[1] ^ rUIDBCC2[2] ^ rUIDBCC2[3];
- rUIDBCC3[4] = rUIDBCC3[0] ^ rUIDBCC3[1] ^ rUIDBCC3[2] ^ rUIDBCC3[3];
-
- if (MF_DBGLEVEL >= 2) {
- Dbprintf("10B UID: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
- rUIDBCC1[1],
- rUIDBCC1[2],
- rUIDBCC1[3],
- rUIDBCC2[1],
- rUIDBCC2[2],
- rUIDBCC2[3],
- rUIDBCC3[0],
- rUIDBCC3[1],
- rUIDBCC3[2],
- rUIDBCC3[3]
- );
- }
- break;
- default:
- break;
- }
-
- // We need to listen to the high-frequency, peak-detected path.
- iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
-
- // free eventually allocated BigBuf memory but keep Emulator Memory
- BigBuf_free_keep_EM();
-
- // clear trace
- clear_trace();
- set_tracing(TRUE);
-
- bool finished = FALSE;
- while (!BUTTON_PRESS() && !finished && !usb_poll_validate_length()) {
- WDT_HIT();
-
- // find reader field
- if (cardSTATE == MFEMUL_NOFIELD) {
- vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
- if (vHf > MF_MINFIELDV) {
- cardSTATE_TO_IDLE();
- LED_A_ON();
- }
- }
- if (cardSTATE == MFEMUL_NOFIELD) continue;
-
- //Now, get data
- res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
- if (res == 2) { //Field is off!
- cardSTATE = MFEMUL_NOFIELD;
- LEDsoff();
- continue;
- } else if (res == 1) {
- break; //return value 1 means button press
- }
-
- // REQ or WUP request in ANY state and WUP in HALTED state
- if (len == 1 && ((receivedCmd[0] == ISO14443A_CMD_REQA && cardSTATE != MFEMUL_HALTED) || receivedCmd[0] == ISO14443A_CMD_WUPA)) {
- selTimer = GetTickCount();
- EmSendCmdEx(rATQA, sizeof(rATQA), (receivedCmd[0] == ISO14443A_CMD_WUPA));
- cardSTATE = MFEMUL_SELECT1;
-
- // init crypto block
- LED_B_OFF();
- LED_C_OFF();
- crypto1_destroy(pcs);
- cardAUTHKEY = 0xff;
- continue;
- }
-
- switch (cardSTATE) {
- case MFEMUL_NOFIELD:
- case MFEMUL_HALTED:
- case MFEMUL_IDLE:{
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
- case MFEMUL_SELECT1:{
- // select all
- if (len == 2 && (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x20)) {
- if (MF_DBGLEVEL >= 4) Dbprintf("SELECT ALL received");
- EmSendCmd(rUIDBCC1, sizeof(rUIDBCC1));
- break;
- }
-
- if (MF_DBGLEVEL >= 4 && len == 9 && receivedCmd[0] == 0x93 && receivedCmd[1] == 0x70 )
- {
- Dbprintf("SELECT %02x%02x%02x%02x received",receivedCmd[2],receivedCmd[3],receivedCmd[4],receivedCmd[5]);
- }
- // select card
- // check correct sak values... (marshmellow)
- if (len == 9 &&
- (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC1, 4) == 0)) {
- switch(_UID_LEN) {
- case 4:
- cardSTATE = MFEMUL_WORK;
- LED_B_ON();
- if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol1 time: %d", GetTickCount() - selTimer);
- EmSendCmd(rSAK, sizeof(rSAK));
- break;
- case 7:
- cardSTATE = MFEMUL_SELECT2;
- EmSendCmd(rSAK1, sizeof(rSAK1));
- break;
- case 10:
- cardSTATE = MFEMUL_SELECT2;
- EmSendCmd(rSAK2, sizeof(rSAK2));
- break;
- default:break;
- }
- } else {
- cardSTATE_TO_IDLE();
- }
- break;
- }
- case MFEMUL_SELECT3:{
- if (!len) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
- if (len == 2 && (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && receivedCmd[1] == 0x20)) {
- EmSendCmd(rUIDBCC3, sizeof(rUIDBCC3));
- break;
- }
- if (len == 9 &&
- (receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 &&
- receivedCmd[1] == 0x70 &&
- memcmp(&receivedCmd[2], rUIDBCC3, 4) == 0) ) {
-
- EmSendCmd(rSAK2, sizeof(rSAK2));
- cardSTATE = MFEMUL_WORK;
- LED_B_ON();
- if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol3 time: %d", GetTickCount() - selTimer);
- break;
- }
- cardSTATE_TO_IDLE();
- break;
- }
- case MFEMUL_AUTH1:{
- if( len != 8)
- {
- cardSTATE_TO_IDLE();
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
-
- uint32_t nr = bytes_to_num(receivedCmd, 4);
- uint32_t ar = bytes_to_num(&receivedCmd[4], 4);
-
- //Collect AR/NR per keytype & sector
- if(flags & FLAG_NR_AR_ATTACK) {
- for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
- if ( ar_nr_collected[i+mM]==0 || ((cardAUTHSC == ar_nr_resp[i+mM].sector) && (cardAUTHKEY == ar_nr_resp[i+mM].keytype) && (ar_nr_collected[i+mM] > 0)) ) {
- // if first auth for sector, or matches sector and keytype of previous auth
- if (ar_nr_collected[i+mM] < 2) {
- // if we haven't already collected 2 nonces for this sector
- if (ar_nr_resp[ar_nr_collected[i+mM]].ar != ar) {
- // Avoid duplicates... probably not necessary, ar should vary.
- if (ar_nr_collected[i+mM]==0) {
- // first nonce collect
- ar_nr_resp[i+mM].cuid = cuid;
- ar_nr_resp[i+mM].sector = cardAUTHSC;
- ar_nr_resp[i+mM].keytype = cardAUTHKEY;
- ar_nr_resp[i+mM].nonce = nonce;
- ar_nr_resp[i+mM].nr = nr;
- ar_nr_resp[i+mM].ar = ar;
- nonce1_count++;
- //add this nonce to first moebius nonce
- ar_nr_resp[i+ATTACK_KEY_COUNT].cuid = cuid;
- ar_nr_resp[i+ATTACK_KEY_COUNT].sector = cardAUTHSC;
- ar_nr_resp[i+ATTACK_KEY_COUNT].keytype = cardAUTHKEY;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nonce = nonce;
- ar_nr_resp[i+ATTACK_KEY_COUNT].nr = nr;
- ar_nr_resp[i+ATTACK_KEY_COUNT].ar = ar;
- ar_nr_collected[i+ATTACK_KEY_COUNT]++;
- } else { //second nonce collect (std and moebius)
- ar_nr_resp[i+mM].nonce2 = nonce;
- ar_nr_resp[i+mM].nr2 = nr;
- ar_nr_resp[i+mM].ar2 = ar;
- if (!gettingMoebius) {
- nonce2_count++;
- //check if this was the last second nonce we need for std attack
- if ( nonce2_count == nonce1_count ) {
- //done collecting std test switch to moebius
- //finish incrementing last sample
- ar_nr_collected[i+mM]++;
- //switch to moebius collection
- gettingMoebius = true;
- mM = ATTACK_KEY_COUNT;
- nonce = nonce*7;
- break;
- }
- } else {
- moebius_n_count++;
- //if we've collected all the nonces we need - finish.
- if (nonce1_count == moebius_n_count) finished = true;
- }
- }
- ar_nr_collected[i+mM]++;
- }
- } else { //already collected 2 nonces for sector - dump out
- //finished = true;
- }
- // we found right spot for this nonce stop looking
- break;
- }
- }
- }
-
- // --- crypto
- crypto1_word(pcs, nr , 1);
- cardRr = ar ^ crypto1_word(pcs, 0, 0);
-
- // test if auth OK
- if (cardRr != prng_successor(nonce, 64)){
- if (MF_DBGLEVEL >= 2) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x",
- cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
- cardRr, prng_successor(nonce, 64));
- // Shouldn't we respond anything here?
- // Right now, we don't nack or anything, which causes the
- // reader to do a WUPA after a while. /Martin
- // -- which is the correct response. /piwi
- cardSTATE_TO_IDLE();
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
-
- //auth successful
- ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0);
-
- num_to_bytes(ans, 4, rAUTH_AT);
- // --- crypto
- EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
- LED_C_ON();
- cardSTATE = MFEMUL_WORK;
- if (MF_DBGLEVEL >= 4) Dbprintf("AUTH COMPLETED for sector %d with key %c. time=%d",
- cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B',
- GetTickCount() - authTimer);
- break;
- }
- case MFEMUL_SELECT2:{
- if (!len) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
- if (len == 2 && (receivedCmd[0] == 0x95 && receivedCmd[1] == 0x20)) {
- EmSendCmd(rUIDBCC2, sizeof(rUIDBCC2));
- break;
- }
-
- // select 2 card
- if (len == 9 &&
- (receivedCmd[0] == 0x95 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC2, 4) == 0)) {
- //which sak now? (marshmellow)
- EmSendCmd(rSAK, sizeof(rSAK));
- switch(_UID_LEN) {
- case 7:
- cardSTATE = MFEMUL_WORK;
- LED_B_ON();
- if (MF_DBGLEVEL >= 4) Dbprintf("--> WORK. anticol2 time: %d", GetTickCount() - selTimer);
- break;
- case 10:
- cardSTATE = MFEMUL_SELECT3;
- break;
- default:break;
- }
- break;
- }
-
- // i guess there is a command). go into the work state.
- if (len != 4) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
- cardSTATE = MFEMUL_WORK;
- //goto lbWORK;
- //intentional fall-through to the next case-stmt
- }
-
- case MFEMUL_WORK:{
- if (len == 0) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
-
- bool encrypted_data = (cardAUTHKEY != 0xFF) ;
-
- if(encrypted_data) {
- // decrypt seqence
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- }
-
- if (len == 4 && (receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61)) {
-
- // if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack
- if (receivedCmd[1] >= 16 * 4 && !(flags & FLAG_NR_AR_ATTACK)) {
- //is this the correct response to an auth on a out of range block? marshmellow
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- break;
- }
-
- authTimer = GetTickCount();
- cardAUTHSC = receivedCmd[1] / 4; // received block num
- cardAUTHKEY = receivedCmd[0] - 0x60;
- crypto1_destroy(pcs);//Added by martin
- crypto1_create(pcs, emlGetKey(cardAUTHSC, cardAUTHKEY));
- //uint64_t key=emlGetKey(cardAUTHSC, cardAUTHKEY);
- //Dbprintf("key: %04x%08x",(uint32_t)(key>>32)&0xFFFF,(uint32_t)(key&0xFFFFFFFF));
-
- if (!encrypted_data) { // first authentication
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader authenticating for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
-
- crypto1_word(pcs, cuid ^ nonce, 0);//Update crypto state
- num_to_bytes(nonce, 4, rAUTH_AT); // Send nonce
- } else { // nested authentication
- if (MF_DBGLEVEL >= 4) Dbprintf("Reader doing nested authentication for block %d (0x%02x) with key %d",receivedCmd[1] ,receivedCmd[1],cardAUTHKEY );
- ans = nonce ^ crypto1_word(pcs, cuid ^ nonce, 0);
- num_to_bytes(ans, 4, rAUTH_AT);
- }
-
- EmSendCmd(rAUTH_AT, sizeof(rAUTH_AT));
- //Dbprintf("Sending rAUTH %02x%02x%02x%02x", rAUTH_AT[0],rAUTH_AT[1],rAUTH_AT[2],rAUTH_AT[3]);
- cardSTATE = MFEMUL_AUTH1;
- break;
- }
-
- // rule 13 of 7.5.3. in ISO 14443-4. chaining shall be continued
- // BUT... ACK --> NACK
- if (len == 1 && receivedCmd[0] == CARD_ACK) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
-
- // rule 12 of 7.5.3. in ISO 14443-4. R(NAK) --> R(ACK)
- if (len == 1 && receivedCmd[0] == CARD_NACK_NA) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- break;
- }
-
- if(len != 4) {
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
-
- if(receivedCmd[0] == 0x30 // read block
- || receivedCmd[0] == 0xA0 // write block
- || receivedCmd[0] == 0xC0 // inc
- || receivedCmd[0] == 0xC1 // dec
- || receivedCmd[0] == 0xC2 // restore
- || receivedCmd[0] == 0xB0) { // transfer
- if (receivedCmd[1] >= 16 * 4) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- break;
- }
-
- if (receivedCmd[1] / 4 != cardAUTHSC) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02x) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd[0],receivedCmd[1],cardAUTHSC);
- break;
- }
- }
- // read block
- if (receivedCmd[0] == 0x30) {
- if (MF_DBGLEVEL >= 4) {
- Dbprintf("Reader reading block %d (0x%02x)",receivedCmd[1],receivedCmd[1]);
- }
- emlGetMem(response, receivedCmd[1], 1);
- AppendCrc14443a(response, 16);
- mf_crypto1_encrypt(pcs, response, 18, response_par);
- EmSendCmdPar(response, 18, response_par);
- numReads++;
- if(exitAfterNReads > 0 && numReads == exitAfterNReads) {
- Dbprintf("%d reads done, exiting", numReads);
- finished = true;
- }
- break;
- }
- // write block
- if (receivedCmd[0] == 0xA0) {
- if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0xA0 write block %d (%02x)",receivedCmd[1],receivedCmd[1]);
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- cardSTATE = MFEMUL_WRITEBL2;
- cardWRBL = receivedCmd[1];
- break;
- }
- // increment, decrement, restore
- if (receivedCmd[0] == 0xC0 || receivedCmd[0] == 0xC1 || receivedCmd[0] == 0xC2) {
- if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- if (emlCheckValBl(receivedCmd[1])) {
- if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking");
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- if (receivedCmd[0] == 0xC1)
- cardSTATE = MFEMUL_INTREG_INC;
- if (receivedCmd[0] == 0xC0)
- cardSTATE = MFEMUL_INTREG_DEC;
- if (receivedCmd[0] == 0xC2)
- cardSTATE = MFEMUL_INTREG_REST;
- cardWRBL = receivedCmd[1];
- break;
- }
- // transfer
- if (receivedCmd[0] == 0xB0) {
- if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x transfer block %d (%02x)",receivedCmd[0],receivedCmd[1],receivedCmd[1]);
- if (emlSetValBl(cardINTREG, cardINTBLOCK, receivedCmd[1]))
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- else
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- break;
- }
- // halt
- if (receivedCmd[0] == 0x50 && receivedCmd[1] == 0x00) {
- LED_B_OFF();
- LED_C_OFF();
- cardSTATE = MFEMUL_HALTED;
- if (MF_DBGLEVEL >= 4) Dbprintf("--> HALTED. Selected time: %d ms", GetTickCount() - selTimer);
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- break;
- }
- // RATS
- if (receivedCmd[0] == 0xe0) {//RATS
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
- // command not allowed
- if (MF_DBGLEVEL >= 4) Dbprintf("Received command not allowed, nacking");
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- break;
- }
- case MFEMUL_WRITEBL2:{
- if (len == 18){
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- emlSetMem(receivedCmd, cardWRBL, 1);
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_ACK));
- cardSTATE = MFEMUL_WORK;
- } else {
- cardSTATE_TO_IDLE();
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- }
- break;
- }
-
- case MFEMUL_INTREG_INC:{
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- memcpy(&ans, receivedCmd, 4);
- if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- cardSTATE_TO_IDLE();
- break;
- }
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- cardINTREG = cardINTREG + ans;
- cardSTATE = MFEMUL_WORK;
- break;
- }
- case MFEMUL_INTREG_DEC:{
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- memcpy(&ans, receivedCmd, 4);
- if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- cardSTATE_TO_IDLE();
- break;
- }
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- cardINTREG = cardINTREG - ans;
- cardSTATE = MFEMUL_WORK;
- break;
- }
- case MFEMUL_INTREG_REST:{
- mf_crypto1_decrypt(pcs, receivedCmd, len);
- memcpy(&ans, receivedCmd, 4);
- if (emlGetValBl(&cardINTREG, &cardINTBLOCK, cardWRBL)) {
- EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
- cardSTATE_TO_IDLE();
- break;
- }
- LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
- cardSTATE = MFEMUL_WORK;
- break;
- }
- }
- }
-
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LEDsoff();
-
- if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1)
- {
- for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- for ( uint8_t i = ATTACK_KEY_COUNT; i < ATTACK_KEY_COUNT*2; i++) {
- if (ar_nr_collected[i] == 2) {
- Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i<ATTACK_KEY_COUNT/2) ? "keyA" : "keyB", ar_nr_resp[i].sector);
- Dbprintf("../tools/mfkey/mfkey32v2 %08x %08x %08x %08x %08x %08x %08x",
- ar_nr_resp[i].cuid, //UID
- ar_nr_resp[i].nonce, //NT
- ar_nr_resp[i].nr, //NR1
- ar_nr_resp[i].ar, //AR1
- ar_nr_resp[i].nonce2,//NT2
- ar_nr_resp[i].nr2, //NR2
- ar_nr_resp[i].ar2 //AR2
- );
- }
- }
- }
- if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen());
-
- if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK
- {
- //Send the collected ar_nr in the response
- cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_resp,sizeof(ar_nr_resp));
- }
-