Merge branch 'master' of https://github.com/Proxmark/proxmark3

[proxmark3-svn] / armsrc / mifarecmd.c

diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 0586a25db1b8882678ca3bd3080bcb37437d9293..c56f2337e68b0cdb8c12c2543b4e1c4a8c52f4ce 100644 (file)
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -117,6 +117,8 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
                LEDsoff();\r
        }\r
        cmd_send(CMD_ACK,1,0,0,0,0);\r
+       }       \r
+       cmd_send(CMD_ACK,1,0,0,0,0);\r
 }\r
 \r
 // Arg0 = BlockNo,\r
@@ -175,7 +177,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
                return;\r
        }\r
 \r
-       cmd_send(CMD_ACK,1,0,0,dataout,16);\r
+    cmd_send(CMD_ACK,1,0,0,dataout,16);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 }\r
@@ -215,7 +217,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
                isOK = 0;\r
                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
        }\r
-\r
+       \r
        \r
        if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {\r
                isOK = 0;\r
@@ -248,6 +250,10 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        LEDsoff();\r
 }\r
 \r
+// arg0 = blockNo (start)\r
+// arg1 = Pages (number of blocks)\r
+// arg2 = useKey\r
+// datain = KEY bytes\r
 void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
        // free eventually allocated BigBuf memory\r
@@ -308,14 +314,43 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
                        break;\r
                }\r
        \r
-               len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);\r
+        // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};       \r
+               memcpy(key, datain, sizeof(key) );\r
+\r
+               if ( !mifare_ultra_auth(key) ) {\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+\r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) { \r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain, sizeof(pwd));\r
+               uint8_t pack[4] = {0,0,0,0};\r
 \r
+               if (!mifare_ul_ev1_auth(pwd, pack)){\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+       \r
+       for (int i = 0; i < blocks; i++){\r
+               if ((i*4) + 4 > CARD_MEMORY_SIZE) {\r
+                       Dbprintf("Data exceeds buffer!!");\r
+                       break;\r
+               }\r
+       \r
+               len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);\r
+               \r
                if (len) {\r
                        if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);\r
                        // if no blocks read - error out\r
                        if (i==0){\r
                                OnError(2);\r
-                               return;\r
+                       return;\r
                        } else {\r
                                //stop at last successful read block and return what we got\r
                                break;\r
@@ -450,9 +485,17 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
        LEDsoff();\r
 }\r
 \r
-void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)\r
+// Arg0   : Block to write to.\r
+// Arg1   : 0 = use no authentication.\r
+//          1 = use 0x1A authentication.\r
+//          2 = use 0x1B authentication.\r
+// datain : 4 first bytes is data to be written.\r
+//        : 4/16 next bytes is authentication key.\r
+void MifareUWriteBlock_Special(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
 {\r
        uint8_t blockNo = arg0;\r
+       bool useKey = (arg1 == 1); //UL_C\r
+       bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
        byte_t blockdata[4] = {0x00};\r
 \r
        memcpy(blockdata, datain,4);\r
@@ -468,6 +511,28 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
                return;\r
        };\r
 \r
+       // UL-C authentication\r
+       if ( useKey ) {\r
+               uint8_t key[16] = {0x00};       \r
+               memcpy(key, datain+4, sizeof(key) );\r
+\r
+               if ( !mifare_ultra_auth(key) ) {\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+       \r
+       // UL-EV1 / NTAG authentication\r
+       if (usePwd) { \r
+               uint8_t pwd[4] = {0x00};\r
+               memcpy(pwd, datain+4, 4);\r
+               uint8_t pack[4] = {0,0,0,0};\r
+               if (!mifare_ul_ev1_auth(pwd, pack)) {\r
+                       OnError(1);\r
+                       return;                 \r
+               }\r
+       }\r
+       \r
        if(mifare_ultra_special_writeblock(blockNo, blockdata)) {\r
                if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");\r
                OnError(0);\r
@@ -1005,12 +1070,12 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                if (workFlags & 0x01) {\r
                        if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                               break;\r
+                               //break;\r
                        };\r
 \r
                        if(mifare_classic_halt(NULL, cuid)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
-                               break;\r
+                               //break;\r
                        };\r
                };\r
        \r
@@ -1189,7 +1254,74 @@ void MifareCIdent(){
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
 }\r
 \r
-                       //\r
+void MifareCollectNonces(uint32_t arg0, uint32_t arg1){\r
+\r
+       BigBuf_free();\r
+\r
+       uint32_t iterations = arg0;\r
+       uint8_t uid[10] = {0x00};\r
+\r
+       uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);\r
+       uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);\r
+\r
+       uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };\r
+       \r
+       // get memory from BigBuf.\r
+       uint8_t *nonces = BigBuf_malloc(iterations * 4);\r
+\r
+       LED_A_ON();\r
+       LED_B_OFF();\r
+       LED_C_OFF();\r
+\r
+       clear_trace();\r
+       set_tracing(TRUE);\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+       \r
+       for (int i = 0; i < iterations; i++) {\r
+                                               \r
+               WDT_HIT();\r
+\r
+               // Test if the action was cancelled\r
+               if(BUTTON_PRESS()) break;\r
+               \r
+               //              if(mifare_classic_halt(pcs, cuid)) {\r
+               //                      if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
+               //}\r
+\r
+               if(!iso14443a_select_card(uid, NULL, NULL)) {\r
+                       if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
+                       continue;\r
+               };\r
+\r
+               // Transmit MIFARE_CLASSIC_AUTH.\r
+               ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);\r
+\r
+               // Receive the (4 Byte) "random" nonce\r
+               if (!ReaderReceive(response, responsePar)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("Couldn't receive tag nonce");\r
+                       continue;\r
+               }       \r
+               \r
+               nonces[i*4] = bytes_to_num(response, 4);\r
+       }\r
+               \r
+       int packLen =  iterations * 4;\r
+       int packSize = 0;\r
+       int packNum = 0;\r
+       while (packLen > 0) {\r
+               packSize = MIN(USB_CMD_DATA_SIZE, packLen);\r
+               LED_B_ON();\r
+               cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);\r
+               LED_B_OFF();\r
+\r
+               packLen -= packSize;\r
+               packNum++;\r
+       }\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
+\r
+//\r
 // DESFIRE\r
 //\r
 \r
@@ -1197,7 +1329,7 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
 \r
        byte_t dataout[11] = {0x00};\r
        uint8_t uid[10] = {0x00};\r
-       uint32_t cuid;\r
+       uint32_t cuid = 0x00;\r
     \r
        clear_trace();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
@@ -1223,22 +1355,20 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
 \r
        uint32_t cuid = arg0;\r
        uint8_t key[16] = {0x00};\r
-       byte_t isOK = 0;\r
        byte_t dataout[12] = {0x00};\r
+       byte_t isOK = 0;\r
     \r
        memcpy(key, datain, 16);\r
        \r
        isOK = mifare_desfire_des_auth2(cuid, key, dataout);\r
        \r
        if( isOK) {\r
-           if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
-                       Dbprintf("Authentication part2: Failed");  \r
-               //OnError(4);\r
+           if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");  \r
+               OnError(4);\r
                return;\r
        }\r
 \r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
-               DbpString("AUTH 2 FINISHED");\r
+       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");\r
 \r
        cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r