#include "../common/crc.h"\r
\r
//-----------------------------------------------------------------------------\r
-// Select, Authenticaate, Read an MIFARE tag. \r
+// Select, Authenticate, Read a MIFARE tag. \r
// read block\r
//-----------------------------------------------------------------------------\r
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
// ----------------------------- crypto1 destroy\r
crypto1_destroy(pcs);\r
\r
- if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");\r
+ if (MF_DBGLEVEL >= 2) DbpString("READ BLOCK FINISHED");\r
\r
LED_B_ON();\r
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card, something went wrong before auth");\r
};\r
-\r
- \r
- \r
\r
if(mifare_ultra_auth1(cuid, dataoutbuf)){\r
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part1: Fail."); \r
\r
void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)\r
{\r
- // params\r
- uint8_t sectorNo = arg0;\r
- int Pages=arg1;\r
+ // params\r
+ uint8_t sectorNo = arg0;\r
+ int Pages=arg1;\r
int count_Pages=0;\r
- // variables\r
- byte_t isOK = 0;\r
- byte_t dataoutbuf[44 * 4];\r
- uint8_t uid[10];\r
- uint32_t cuid;\r
+ // variables\r
+ byte_t isOK = 0;\r
+ byte_t dataoutbuf[176];\r
+ uint8_t uid[10];\r
+ uint32_t cuid;\r
\r
- // clear trace\r
- iso14a_clear_trace();\r
+ // clear trace\r
+ iso14a_clear_trace();\r
\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
- LED_A_ON();\r
- LED_B_OFF();\r
- LED_C_OFF();\r
- Dbprintf("Pages %d",Pages);\r
+ LED_A_ON();\r
+ LED_B_OFF();\r
+ LED_C_OFF();\r
+ Dbprintf("Pages %d",Pages);\r
while (true) {\r
if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
isOK = 1;\r
break;\r
}\r
- Dbprintf("Pages read %d",count_Pages);\r
- if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");\r
+ Dbprintf("Pages read %d",count_Pages);\r
+ if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");\r
\r
LED_B_ON();\r
if (Pages==16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64);\r
if (Pages==44 && count_Pages>16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,176);\r
LED_B_OFF();\r
\r
- // Thats it...\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
- LEDsoff();\r
+ // Thats it...\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LEDsoff();\r
\r
}\r
\r
}\r
\r
// Return 1 if the nonce is invalid else return 0\r
-int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, byte_t * parity) {\r
+int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t * parity) {\r
return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \\r
(oddparity((Nt >> 16) & 0xFF) == ((parity[1]) ^ oddparity((NtEnc >> 16) & 0xFF) ^ BIT(Ks1,8))) & \\r
(oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;\r
uint16_t davg;\r
static uint16_t dmin, dmax;\r
uint8_t uid[10];\r
- uint32_t cuid, nt1, nt2, nttmp, nttest, par, ks1;\r
+ uint32_t cuid, nt1, nt2, nttmp, nttest, ks1;\r
+ uint8_t par[1];\r
uint32_t target_nt[2], target_ks[2];\r
\r
uint8_t par_array[4];\r
struct Crypto1State mpcs = {0, 0};\r
struct Crypto1State *pcs;\r
pcs = &mpcs;\r
- uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
\r
uint32_t auth1_time, auth2_time;\r
static uint16_t delta_time;\r
// statistics on nonce distance\r
if (calibrate) { // for first call only. Otherwise reuse previous calibration\r
LED_B_ON();\r
+ WDT_HIT();\r
\r
davg = dmax = 0;\r
- dmin = 2000;\r
+ dmin = 2000; \r
delta_time = 0;\r
\r
for (rtr = 0; rtr < 17; rtr++) {\r
};\r
\r
nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160\r
- for (i = 101; i < 1200; i++) {\r
+ for (i = 141; i < 1200; i++) {\r
nttmp = prng_successor(nttmp, 1);\r
- if (nttmp == nt2) break;\r
+ if (nttmp == nt2) {break;}\r
}\r
\r
if (i != 1200) {\r
}\r
}\r
\r
- if (rtr <= 1) return;\r
+ if (rtr <= 1) return;\r
\r
davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
\r
// get crypted nonces for target sector\r
for(i=0; i < 2; i++) { // look for exactly two different nonces\r
\r
+ WDT_HIT(); \r
+ if(BUTTON_PRESS()) {\r
+ DbpString("Nested: cancelled");\r
+ crypto1_destroy(pcs);\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LEDsoff();\r
+ return;\r
+ }\r
+\r
target_nt[i] = 0;\r
while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
- \r
+ \r
// prepare next select. No need to power down the card.\r
if(mifare_classic_halt(pcs, cuid)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Halt error");\r
\r
// nested authentication\r
auth2_time = auth1_time + delta_time;\r
- len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, &par, &auth2_time);\r
+ len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);\r
if (len != 4) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);\r
continue;\r
};\r
\r
nt2 = bytes_to_num(receivedAnswer, 4); \r
- if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par);\r
+ if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par[0]);\r
\r
// Parity validity check\r
for (j = 0; j < 4; j++) {\r
- par_array[j] = (oddparity(receivedAnswer[j]) != ((par & 0x08) >> 3));\r
- par = par << 1;\r
+ par_array[j] = (oddparity(receivedAnswer[j]) != ((par[0] >> (7-j)) & 0x01));\r
}\r
\r
ncount = 0;\r
if (target_nt[i] == 0 && j == dmax+1 && MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (all invalid)", i+1);\r
}\r
}\r
-\r
+ \r
LED_C_OFF();\r
\r
// ----------------------------- crypto1 destroy\r
crypto1_destroy(pcs);\r
\r
- // add trace trailer\r
- memset(uid, 0x44, 4);\r
- LogTrace(uid, 4, 0, 0, TRUE);\r
-\r
byte_t buf[4 + 4 * 4];\r
memcpy(buf, &cuid, 4);\r
memcpy(buf+4, &target_nt[0], 4);\r
cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
LED_B_OFF();\r
\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
\r
}\r
\r
void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
- byte_t buf[48];\r
+ byte_t buf[USB_CMD_DATA_SIZE];\r
emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
\r
LED_B_ON();\r
- cmd_send(CMD_ACK,arg0,arg1,0,buf,48);\r
+ cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);\r
LED_B_OFF();\r
}\r
\r
uint32_t cuid;\r
\r
memset(uid, 0x00, 10);\r
- uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
if (workFlags & 0x08) {\r
// clear trace\r
\r
// reset chip\r
if (needWipe){\r
- ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
- if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+ ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
break;\r
};\r
\r
ReaderTransmit(wipeC, sizeof(wipeC), NULL);\r
- if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");\r
break;\r
};\r
\r
// write block\r
if (workFlags & 0x02) {\r
- ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
- if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+ ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
break;\r
};\r
\r
ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
- if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");\r
break;\r
};\r
}\r
\r
- if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+ if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");\r
break;\r
};\r
AppendCrc14443a(d_block, 16);\r
\r
ReaderTransmit(d_block, sizeof(d_block), NULL);\r
- if ((ReaderReceive(receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+ if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");\r
break;\r
}; \r
uint32_t cuid = 0;\r
\r
memset(data, 0x00, 18);\r
- uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
+ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
if (workFlags & 0x08) {\r
// clear trace\r
while (true) {\r
if (workFlags & 0x02) {\r
ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
- if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");\r
break;\r
};\r
\r
ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
- if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");\r
break;\r
};\r
}\r
\r
// read block\r
- if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, NULL) != 18)) {\r
+ if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("read block send command error");\r
break;\r
};\r
LED_B_OFF();\r
\r
if ((workFlags & 0x10) || (!isOK)) {\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}\r
projects / proxmark3-svn / blobdiff