]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/iso14443a.c
Fixed error with mifare_autopwn where keys were reversed, see http://www.proxmark...
[proxmark3-svn] / armsrc / iso14443a.c
index bd7e758d0b0796ac62883060a8923d876ed0b42c..b3316ef0b637b617c707c2eb9017eab0ec8807fa 100644 (file)
@@ -88,25 +88,25 @@ void iso14a_set_timeout(uint32_t timeout) {
 //-----------------------------------------------------------------------------
 byte_t oddparity (const byte_t bt)
 {
 //-----------------------------------------------------------------------------
 byte_t oddparity (const byte_t bt)
 {
-  return OddByteParity[bt];
+       return OddByteParity[bt];
 }
 
 uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
 {
 }
 
 uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
 {
-  int i;
-  uint32_t dwPar = 0;
+       int i;
+       uint32_t dwPar = 0;
 
 
-  // Generate the encrypted data
-  for (i = 0; i < iLen; i++) {
-    // Save the encrypted parity bit
-    dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
-  }
-  return dwPar;
+       // Generate the encrypted data
+       for (i = 0; i < iLen; i++) {
+               // Save the encrypted parity bit
+               dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+       }
+       return dwPar;
 }
 
 void AppendCrc14443a(uint8_t* data, int len)
 {
 }
 
 void AppendCrc14443a(uint8_t* data, int len)
 {
-  ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
+       ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
 }
 
 // The function LogTrace() is also used by the iClass implementation in iClass.c
 }
 
 // The function LogTrace() is also used by the iClass implementation in iClass.c
@@ -584,7 +584,7 @@ void RAMFUNC SnoopIso14443a(uint8_t param) {
        
        LEDsoff();
        // init trace buffer
        
        LEDsoff();
        // init trace buffer
-    iso14a_clear_trace();
+       iso14a_clear_trace();
 
        // We won't start recording the frames that we acquire until we trigger;
        // a good trigger condition to get started is probably when we see a
 
        // We won't start recording the frames that we acquire until we trigger;
        // a good trigger condition to get started is probably when we see a
@@ -775,54 +775,54 @@ static void CodeIso14443aAsTag(const uint8_t *cmd, int len){
        CodeIso14443aAsTagPar(cmd, len, GetParity(cmd, len));
 }
 
        CodeIso14443aAsTagPar(cmd, len, GetParity(cmd, len));
 }
 
-//-----------------------------------------------------------------------------
-// This is to send a NACK kind of answer, its only 3 bits, I know it should be 4
-//-----------------------------------------------------------------------------
-static void CodeStrangeAnswerAsTag()
-{
-       int i;
-
-    ToSendReset();
-
-       // Correction bit, might be removed when not needed
-       ToSendStuffBit(0);
-       ToSendStuffBit(0);
-       ToSendStuffBit(0);
-       ToSendStuffBit(0);
-       ToSendStuffBit(1);  // 1
-       ToSendStuffBit(0);
-       ToSendStuffBit(0);
-       ToSendStuffBit(0);
-
-       // Send startbit
-       ToSend[++ToSendMax] = SEC_D;
-
-       // 0
-       ToSend[++ToSendMax] = SEC_E;
-
-       // 0
-       ToSend[++ToSendMax] = SEC_E;
-
-       // 1
-       ToSend[++ToSendMax] = SEC_D;
-
-    // Send stopbit
-       ToSend[++ToSendMax] = SEC_F;
-
-       // Flush the buffer in FPGA!!
-       for(i = 0; i < 5; i++) {
-               ToSend[++ToSendMax] = SEC_F;
-       }
-
-    // Convert from last byte pos to length
-    ToSendMax++;
-}
+////-----------------------------------------------------------------------------
+//// This is to send a NACK kind of answer, its only 3 bits, I know it should be 4
+////-----------------------------------------------------------------------------
+//static void CodeStrangeAnswerAsTag()
+//{
+//     int i;
+//
+//     ToSendReset();
+//
+//     // Correction bit, might be removed when not needed
+//     ToSendStuffBit(0);
+//     ToSendStuffBit(0);
+//     ToSendStuffBit(0);
+//     ToSendStuffBit(0);
+//     ToSendStuffBit(1);  // 1
+//     ToSendStuffBit(0);
+//     ToSendStuffBit(0);
+//     ToSendStuffBit(0);
+//
+//     // Send startbit
+//     ToSend[++ToSendMax] = SEC_D;
+//
+//     // 0
+//     ToSend[++ToSendMax] = SEC_E;
+//
+//     // 0
+//     ToSend[++ToSendMax] = SEC_E;
+//
+//     // 1
+//     ToSend[++ToSendMax] = SEC_D;
+//
+//     // Send stopbit
+//     ToSend[++ToSendMax] = SEC_F;
+//
+//     // Flush the buffer in FPGA!!
+//     for(i = 0; i < 5; i++) {
+//             ToSend[++ToSendMax] = SEC_F;
+//     }
+//
+//     // Convert from last byte pos to length
+//     ToSendMax++;
+//}
 
 static void Code4bitAnswerAsTag(uint8_t cmd)
 {
        int i;
 
 
 static void Code4bitAnswerAsTag(uint8_t cmd)
 {
        int i;
 
-    ToSendReset();
+       ToSendReset();
 
        // Correction bit, might be removed when not needed
        ToSendStuffBit(0);
 
        // Correction bit, might be removed when not needed
        ToSendStuffBit(0);
@@ -855,8 +855,8 @@ static void Code4bitAnswerAsTag(uint8_t cmd)
                ToSend[++ToSendMax] = SEC_F;
        }
 
                ToSend[++ToSendMax] = SEC_F;
        }
 
-    // Convert from last byte pos to length
-    ToSendMax++;
+       // Convert from last byte pos to length
+       ToSendMax++;
 }
 
 //-----------------------------------------------------------------------------
 }
 
 //-----------------------------------------------------------------------------
@@ -908,15 +908,76 @@ int EmSendCmdEx(uint8_t *resp, int respLen, int correctionNeeded);
 int EmSendCmd(uint8_t *resp, int respLen);
 int EmSendCmdPar(uint8_t *resp, int respLen, uint32_t par);
 
 int EmSendCmd(uint8_t *resp, int respLen);
 int EmSendCmdPar(uint8_t *resp, int respLen, uint32_t par);
 
+static uint8_t* free_buffer_pointer = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);
+
+typedef struct {
+  uint8_t* response;
+  size_t   response_n;
+  uint8_t* modulation;
+  size_t   modulation_n;
+} tag_response_info_t;
+
+void reset_free_buffer() {
+  free_buffer_pointer = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);
+}
+
+bool prepare_tag_modulation(tag_response_info_t* response_info, size_t max_buffer_size) {
+       // Exmaple response, answer to MIFARE Classic read block will be 16 bytes + 2 CRC = 18 bytes
+       // This will need the following byte array for a modulation sequence
+       //    144        data bits (18 * 8)
+       //     18        parity bits
+       //      2        Start and stop
+       //      1        Correction bit (Answer in 1172 or 1236 periods, see FPGA)
+       //      1        just for the case
+       // ----------- +
+       //    166 bytes, since every bit that needs to be send costs us a byte
+       //
+  
+  // Prepare the tag modulation bits from the message
+  CodeIso14443aAsTag(response_info->response,response_info->response_n);
+  
+  // Make sure we do not exceed the free buffer space
+  if (ToSendMax > max_buffer_size) {
+    Dbprintf("Out of memory, when modulating bits for tag answer:");
+    Dbhexdump(response_info->response_n,response_info->response,false);
+    return false;
+  }
+  
+  // Copy the byte array, used for this modulation to the buffer position
+  memcpy(response_info->modulation,ToSend,ToSendMax);
+  
+  // Store the number of bytes that were used for encoding/modulation
+  response_info->modulation_n = ToSendMax;
+  
+  return true;
+}
+
+bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) {
+  // Retrieve and store the current buffer index
+  response_info->modulation = free_buffer_pointer;
+  
+  // Determine the maximum size we can use from our buffer
+  size_t max_buffer_size = (((uint8_t *)BigBuf)+FREE_BUFFER_OFFSET+FREE_BUFFER_SIZE)-free_buffer_pointer;
+  
+  // Forward the prepare tag modulation function to the inner function
+  if (prepare_tag_modulation(response_info,max_buffer_size)) {
+    // Update the free buffer offset
+    free_buffer_pointer += ToSendMax;
+    return true;
+  } else {
+    return false;
+  }
+}
+
 //-----------------------------------------------------------------------------
 // Main loop of simulated tag: receive commands from reader, decide what
 // response to send, and send it.
 //-----------------------------------------------------------------------------
 void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 {
 //-----------------------------------------------------------------------------
 // Main loop of simulated tag: receive commands from reader, decide what
 // response to send, and send it.
 //-----------------------------------------------------------------------------
 void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 {
-  // Enable and clear the trace
+       // Enable and clear the trace
        tracing = TRUE;
        tracing = TRUE;
-  iso14a_clear_trace();
+       iso14a_clear_trace();
 
        // This function contains the tag emulation
        uint8_t sak;
 
        // This function contains the tag emulation
        uint8_t sak;
@@ -990,57 +1051,41 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
        ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
 
        uint8_t response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce
        ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
 
        uint8_t response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce
-       uint8_t response6[] = { 0x03, 0x3B, 0x00, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS
-       ComputeCrc14443(CRC_14443_A, response6, 3, &response6[3], &response6[4]);
-
-       uint8_t *resp = NULL;
-       int respLen;
-
-  // Longest possible response will be 16 bytes + 2 CRC = 18 bytes
-       // This will need
-       //    144        data bits (18 * 8)
-       //     18        parity bits
-       //      2        Start and stop
-       //      1        Correction bit (Answer in 1172 or 1236 periods, see FPGA)
-       //      1        just for the case
-       // ----------- +
-       //    166
-       //
-       // 166 bytes, since every bit that needs to be send costs us a byte
-       //
-
-       // Respond with card type
-       uint8_t *resp1 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET);
-       int resp1Len;
-
-       // Anticollision cascade1 - respond with uid
-       uint8_t *resp2 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET + 166);
-       int resp2Len;
-
-       // Anticollision cascade2 - respond with 2nd half of uid if asked
-       // we're only going to be asked if we set the 1st byte of the UID (during cascade1) to 0x88
-       uint8_t *resp2a = (((uint8_t *)BigBuf) + 1140);
-       int resp2aLen;
-
-       // Acknowledge select - cascade 1
-       uint8_t *resp3 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET + (166*2));
-       int resp3Len;
-
-       // Acknowledge select - cascade 2
-       uint8_t *resp3a = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET + (166*3));
-       int resp3aLen;
-
-       // Response to a read request - not implemented atm
-       uint8_t *resp4 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET + (166*4));
-//     int resp4Len;
-
-       // Authenticate response - nonce
-       uint8_t *resp5 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET + (166*5));
-       int resp5Len;
-
-       // Authenticate response - nonce
-       uint8_t *resp6 = (((uint8_t *)BigBuf) + FREE_BUFFER_OFFSET + (166*6));
-       int resp6Len;
+       uint8_t response6[] = { 0x04, 0x58, 0x00, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS
+       ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]);
+
+  #define TAG_RESPONSE_COUNT 7
+  tag_response_info_t responses[TAG_RESPONSE_COUNT] = {
+    { .response = response1,  .response_n = sizeof(response1)  },  // Answer to request - respond with card type
+    { .response = response2,  .response_n = sizeof(response2)  },  // Anticollision cascade1 - respond with uid
+    { .response = response2a, .response_n = sizeof(response2a) },  // Anticollision cascade2 - respond with 2nd half of uid if asked
+    { .response = response3,  .response_n = sizeof(response3)  },  // Acknowledge select - cascade 1
+    { .response = response3a, .response_n = sizeof(response3a) },  // Acknowledge select - cascade 2
+    { .response = response5,  .response_n = sizeof(response5)  },  // Authentication answer (random nonce)
+    { .response = response6,  .response_n = sizeof(response6)  },  // dummy ATS (pseudo-ATR), answer to RATS
+  };
+
+  // Allocate 512 bytes for the dynamic modulation, created when the reader querries for it
+  // Such a response is less time critical, so we can prepare them on the fly
+  #define DYNAMIC_RESPONSE_BUFFER_SIZE 64
+  #define DYNAMIC_MODULATION_BUFFER_SIZE 512
+  uint8_t dynamic_response_buffer[DYNAMIC_RESPONSE_BUFFER_SIZE];
+  uint8_t dynamic_modulation_buffer[DYNAMIC_MODULATION_BUFFER_SIZE];
+  tag_response_info_t dynamic_response_info = {
+    .response = dynamic_response_buffer,
+    .response_n = 0,
+    .modulation = dynamic_modulation_buffer,
+    .modulation_n = 0
+  };
+  
+  // Reset the offset pointer of the free buffer
+  reset_free_buffer();
+  
+  // Prepare the responses of the anticollision phase
+       // there will be not enough time to do this at the moment the reader sends it REQA
+  for (size_t i=0; i<TAG_RESPONSE_COUNT; i++) {
+    prepare_allocated_tag_modulation(&responses[i]);
+  }
 
        uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
        int len;
 
        uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
        int len;
@@ -1052,130 +1097,121 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
        // Just to allow some checks
        int happened = 0;
        int happened2 = 0;
        // Just to allow some checks
        int happened = 0;
        int happened2 = 0;
-
        int cmdsRecvd = 0;
        int cmdsRecvd = 0;
-       uint8_t* respdata = NULL;
-       int respsize = 0;
-//     uint8_t nack = 0x04;
-
-       memset(receivedCmd, 0x44, RECV_CMD_SIZE);
-
-       // Prepare the responses of the anticollision phase
-       // there will be not enough time to do this at the moment the reader sends it REQA
-
-       // Answer to request
-       CodeIso14443aAsTag(response1, sizeof(response1));
-       memcpy(resp1, ToSend, ToSendMax); resp1Len = ToSendMax;
-
-       // Send our UID (cascade 1)
-       CodeIso14443aAsTag(response2, sizeof(response2));
-       memcpy(resp2, ToSend, ToSendMax); resp2Len = ToSendMax;
-
-       // Answer to select (cascade1)
-       CodeIso14443aAsTag(response3, sizeof(response3));
-       memcpy(resp3, ToSend, ToSendMax); resp3Len = ToSendMax;
-
-       // Send the cascade 2 2nd part of the uid
-       CodeIso14443aAsTag(response2a, sizeof(response2a));
-       memcpy(resp2a, ToSend, ToSendMax); resp2aLen = ToSendMax;
-
-       // Answer to select (cascade 2)
-       CodeIso14443aAsTag(response3a, sizeof(response3a));
-       memcpy(resp3a, ToSend, ToSendMax); resp3aLen = ToSendMax;
-
-       // Strange answer is an example of rare message size (3 bits)
-       CodeStrangeAnswerAsTag();
-       memcpy(resp4, ToSend, ToSendMax);// resp4Len = ToSendMax;
-
-       // Authentication answer (random nonce)
-       CodeIso14443aAsTag(response5, sizeof(response5));
-       memcpy(resp5, ToSend, ToSendMax); resp5Len = ToSendMax;
-
-       // dummy ATS (pseudo-ATR), answer to RATS
-       CodeIso14443aAsTag(response6, sizeof(response6));
-       memcpy(resp6, ToSend, ToSendMax); resp6Len = ToSendMax;
 
        // We need to listen to the high-frequency, peak-detected path.
        SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
        FpgaSetupSsc();
 
        cmdsRecvd = 0;
 
        // We need to listen to the high-frequency, peak-detected path.
        SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
        FpgaSetupSsc();
 
        cmdsRecvd = 0;
+  tag_response_info_t* p_response;
 
        LED_A_ON();
        for(;;) {
 
        LED_A_ON();
        for(;;) {
+    // Clean receive command buffer
+    memset(receivedCmd, 0x44, RECV_CMD_SIZE);
        
                if(!GetIso14443aCommandFromReader(receivedCmd, &len, RECV_CMD_SIZE)) {
        
                if(!GetIso14443aCommandFromReader(receivedCmd, &len, RECV_CMD_SIZE)) {
-                       DbpString("button press");
+                       DbpString("Button press");
                        break;
                }
     
                        break;
                }
     
-    if (tracing) {
+               if (tracing) {
                        LogTrace(receivedCmd,len, 0, Uart.parityBits, TRUE);
                        LogTrace(receivedCmd,len, 0, Uart.parityBits, TRUE);
-    }
+               }
+    
+    p_response = NULL;
     
                // doob - added loads of debug strings so we can see what the reader is saying to us during the sim as hi14alist is not populated
                // Okay, look at the command now.
                lastorder = order;
                if(receivedCmd[0] == 0x26) { // Received a REQUEST
     
                // doob - added loads of debug strings so we can see what the reader is saying to us during the sim as hi14alist is not populated
                // Okay, look at the command now.
                lastorder = order;
                if(receivedCmd[0] == 0x26) { // Received a REQUEST
-                       resp = resp1; respLen = resp1Len; order = 1;
-                       respdata = response1;
-                       respsize = sizeof(response1);
+                       p_response = &responses[0]; order = 1;
                } else if(receivedCmd[0] == 0x52) { // Received a WAKEUP
                } else if(receivedCmd[0] == 0x52) { // Received a WAKEUP
-                       resp = resp1; respLen = resp1Len; order = 6;
-                       respdata = response1;
-                       respsize = sizeof(response1);
+                       p_response = &responses[0]; order = 6;
                } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) {   // Received request for UID (cascade 1)
                } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) {   // Received request for UID (cascade 1)
-                       resp = resp2; respLen = resp2Len; order = 2;
-                       respdata = response2;
-                       respsize = sizeof(response2);
+                       p_response = &responses[1]; order = 2;
                } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x95) { // Received request for UID (cascade 2)
                } else if(receivedCmd[1] == 0x20 && receivedCmd[0] == 0x95) { // Received request for UID (cascade 2)
-                       resp = resp2a; respLen = resp2aLen; order = 20;
-                       respdata = response2a;
-                       respsize = sizeof(response2a);
+                       p_response = &responses[2]; order = 20;
                } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x93) {   // Received a SELECT (cascade 1)
                } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x93) {   // Received a SELECT (cascade 1)
-                       resp = resp3; respLen = resp3Len; order = 3;
-                       respdata = response3;
-                       respsize = sizeof(response3);
+                       p_response = &responses[3]; order = 3;
                } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x95) {   // Received a SELECT (cascade 2)
                } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x95) {   // Received a SELECT (cascade 2)
-                       resp = resp3a; respLen = resp3aLen; order = 30;
-                       respdata = response3a;
-                       respsize = sizeof(response3a);
+                       p_response = &responses[4]; order = 30;
                } else if(receivedCmd[0] == 0x30) {     // Received a (plain) READ
                } else if(receivedCmd[0] == 0x30) {     // Received a (plain) READ
-//                     resp = resp4; respLen = resp4Len; order = 4; // Do nothing
-//                     respdata = &nack;
-//                     respsize = sizeof(nack); // 4-bit answer
-      EmSendCmdEx(data+(4*receivedCmd[0]),16,false);
+                       EmSendCmdEx(data+(4*receivedCmd[0]),16,false);
                        Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]);
                        Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]);
-      // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
-      respLen = 0;
+                       // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
+      p_response = NULL;
                } else if(receivedCmd[0] == 0x50) {     // Received a HALT
 //                     DbpString("Reader requested we HALT!:");
                } else if(receivedCmd[0] == 0x50) {     // Received a HALT
 //                     DbpString("Reader requested we HALT!:");
-                       // Do not respond
-                       resp = resp1; respLen = 0; order = 0;
-                       respdata = NULL;
-                       respsize = 0;
+      p_response = NULL;
                } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) {   // Received an authentication request
                } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) {   // Received an authentication request
-                       resp = resp5; respLen = resp5Len; order = 7;
-                       respdata = response5;
-                       respsize = sizeof(response5);
+                       p_response = &responses[5]; order = 7;
                } else if(receivedCmd[0] == 0xE0) {     // Received a RATS request
                } else if(receivedCmd[0] == 0xE0) {     // Received a RATS request
-                       resp = resp6; respLen = resp6Len; order = 70;
-                       respdata = response6;
-                       respsize = sizeof(response6);
-               } else {
-      if (order == 7 && len ==8) {
-        uint32_t nr = bytes_to_num(receivedCmd,4);
-        uint32_t ar = bytes_to_num(receivedCmd+4,4);
-        Dbprintf("Auth attempt {nr}{ar}: %08x %08x",nr,ar);
-      } else {
-        // Never seen this command before
-        Dbprintf("Received unknown command (len=%d):",len);
-        Dbhexdump(len,receivedCmd,false);
+                       p_response = &responses[6]; order = 70;
+               } else if (order == 7 && len ==8) { // Received authentication request
+      uint32_t nr = bytes_to_num(receivedCmd,4);
+      uint32_t ar = bytes_to_num(receivedCmd+4,4);
+      Dbprintf("Auth attempt {nr}{ar}: %08x %08x",nr,ar);
+    } else {
+      // Check for ISO 14443A-4 compliant commands, look at left nibble
+      switch (receivedCmd[0]) {
+
+        case 0x0B:
+        case 0x0A: { // IBlock (command)
+          dynamic_response_info.response[0] = receivedCmd[0];
+          dynamic_response_info.response[1] = 0x00;
+          dynamic_response_info.response[2] = 0x90;
+          dynamic_response_info.response[3] = 0x00;
+          dynamic_response_info.response_n = 4;
+        } break;
+
+        case 0x1A:
+        case 0x1B: { // Chaining command
+          dynamic_response_info.response[0] = 0xaa | ((receivedCmd[0]) & 1);
+          dynamic_response_info.response_n = 2;
+        } break;
+
+        case 0xaa:
+        case 0xbb: {
+          dynamic_response_info.response[0] = receivedCmd[0] ^ 0x11;
+          dynamic_response_info.response_n = 2;
+        } break;
+          
+        case 0xBA: { //
+          memcpy(dynamic_response_info.response,"\xAB\x00",2);
+          dynamic_response_info.response_n = 2;
+        } break;
+
+        case 0xCA:
+        case 0xC2: { // Readers sends deselect command
+          memcpy(dynamic_response_info.response,"\xCA\x00",2);
+          dynamic_response_info.response_n = 2;
+        } break;
+
+        default: {
+          // Never seen this command before
+          Dbprintf("Received unknown command (len=%d):",len);
+          Dbhexdump(len,receivedCmd,false);
+          // Do not respond
+          dynamic_response_info.response_n = 0;
+        } break;
+      }
+      
+      if (dynamic_response_info.response_n > 0) {
+        // Copy the CID from the reader query
+        dynamic_response_info.response[1] = receivedCmd[1];
+
+        // Add CRC bytes, always used in ISO 14443A-4 compliant cards
+        AppendCrc14443a(dynamic_response_info.response,dynamic_response_info.response_n);
+        dynamic_response_info.response_n += 2;
+        
+        if (prepare_tag_modulation(&dynamic_response_info,DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
+          Dbprintf("Error preparing tag response");
+          break;
+        }
+        p_response = &dynamic_response_info;
       }
       }
-      // Do not respond
-      resp = resp1; respLen = 0; order = 0;
-      respdata = NULL;
-      respsize = 0;
                }
 
                // Count number of wakeups received after a halt
                }
 
                // Count number of wakeups received after a halt
@@ -1193,25 +1229,19 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
                if(cmdsRecvd > 999) {
                        DbpString("1000 commands later...");
                        break;
                if(cmdsRecvd > 999) {
                        DbpString("1000 commands later...");
                        break;
-               } else {
-                       cmdsRecvd++;
                }
                }
+               cmdsRecvd++;
 
 
-               if(respLen > 0) {
-                       EmSendCmd14443aRaw(resp, respLen, receivedCmd[0] == 0x52);
-               }
-               
-               if (tracing) {
-                       if (respdata != NULL) {
-                               LogTrace(respdata,respsize, 0, SwapBits(GetParity(respdata,respsize),respsize), FALSE);
-                       }
-                       if(traceLen > TRACE_SIZE) {
-                               DbpString("Trace full");
-                               break;
-                       }
-               }
-
-               memset(receivedCmd, 0x44, RECV_CMD_SIZE);
+               if (p_response != NULL) {
+      EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52);
+      if (tracing) {
+        LogTrace(p_response->response,p_response->response_n,0,SwapBits(GetParity(p_response->response,p_response->response_n),p_response->response_n),FALSE);
+        if(traceLen > TRACE_SIZE) {
+          DbpString("Trace full");
+//          break;
+        }
+      }
+    }
   }
 
        Dbprintf("%x %x %x", happened, happened2, cmdsRecvd);
   }
 
        Dbprintf("%x %x %x", happened, happened2, cmdsRecvd);
@@ -1242,9 +1272,6 @@ void PrepareDelayedTransfer(uint16_t delay)
        }
 }
 
        }
 }
 
-
-
-
 //-----------------------------------------------------------------------------
 // Transmit the command (to the tag) that was placed in ToSend[].
 // Parameter timing:
 //-----------------------------------------------------------------------------
 // Transmit the command (to the tag) that was placed in ToSend[].
 // Parameter timing:
@@ -1646,7 +1673,7 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
     p_hi14a_card->uidlen = 0;
     memset(p_hi14a_card->uid,0,10);
   }
     p_hi14a_card->uidlen = 0;
     memset(p_hi14a_card->uid,0,10);
   }
-       
+
   // clear uid
   if (uid_ptr) {
     memset(uid_ptr,0,10);
   // clear uid
   if (uid_ptr) {
     memset(uid_ptr,0,10);
@@ -1662,19 +1689,19 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
     // SELECT_ALL
     ReaderTransmit(sel_all,sizeof(sel_all), NULL);
     if (!ReaderReceive(resp)) return 0;
     // SELECT_ALL
     ReaderTransmit(sel_all,sizeof(sel_all), NULL);
     if (!ReaderReceive(resp)) return 0;
-    
+
     // First backup the current uid
     memcpy(uid_resp,resp,4);
     uid_resp_len = 4;
     //    Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
     // First backup the current uid
     memcpy(uid_resp,resp,4);
     uid_resp_len = 4;
     //    Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
-    
-       // calculate crypto UID. Always use last 4 Bytes.
-       if(cuid_ptr) {
-               *cuid_ptr = bytes_to_num(uid_resp, 4);
+
+        // calculate crypto UID. Always use last 4 Bytes.
+    if(cuid_ptr) {
+        *cuid_ptr = bytes_to_num(uid_resp, 4);
     }
 
     // Construct SELECT UID command
     }
 
     // Construct SELECT UID command
-               memcpy(sel_uid+2,resp,5);
+    memcpy(sel_uid+2,resp,5);
     AppendCrc14443a(sel_uid,7);
     ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);
 
     AppendCrc14443a(sel_uid,7);
     ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);
 
@@ -1689,11 +1716,11 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
       memcpy(uid_resp, uid_resp + 1, 3);
       uid_resp_len = 3;
     }
       memcpy(uid_resp, uid_resp + 1, 3);
       uid_resp_len = 3;
     }
-    
+
     if(uid_ptr) {
       memcpy(uid_ptr + (cascade_level*3), uid_resp, uid_resp_len);
     }
     if(uid_ptr) {
       memcpy(uid_ptr + (cascade_level*3), uid_resp, uid_resp_len);
     }
-    
+
     if(p_hi14a_card) {
       memcpy(p_hi14a_card->uid + (cascade_level*3), uid_resp, uid_resp_len);
       p_hi14a_card->uidlen += uid_resp_len;
     if(p_hi14a_card) {
       memcpy(p_hi14a_card->uid + (cascade_level*3), uid_resp, uid_resp_len);
       p_hi14a_card->uidlen += uid_resp_len;
@@ -1719,7 +1746,7 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
     memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
     p_hi14a_card->ats_len = len;
   }
     memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
     p_hi14a_card->ats_len = len;
   }
-       
+
   // reset the PCB block number
   iso14_pcb_blocknum = 0;
   return 1;
   // reset the PCB block number
   iso14_pcb_blocknum = 0;
   return 1;
@@ -1781,10 +1808,13 @@ void ReaderIso14443a(UsbCommand * c)
        iso14a_command_t param = c->arg[0];
        uint8_t * cmd = c->d.asBytes;
        size_t len = c->arg[1];
        iso14a_command_t param = c->arg[0];
        uint8_t * cmd = c->d.asBytes;
        size_t len = c->arg[1];
+       size_t lenbits = c->arg[2];
        uint32_t arg0 = 0;
        byte_t buf[USB_CMD_DATA_SIZE];
   
        uint32_t arg0 = 0;
        byte_t buf[USB_CMD_DATA_SIZE];
   
-       iso14a_clear_trace();
+       if(param & ISO14A_CONNECT) {
+               iso14a_clear_trace();
+       }
        iso14a_set_tracing(true);
 
        if(param & ISO14A_REQUEST_TRIGGER) {
        iso14a_set_tracing(true);
 
        if(param & ISO14A_REQUEST_TRIGGER) {
@@ -1793,8 +1823,11 @@ void ReaderIso14443a(UsbCommand * c)
 
        if(param & ISO14A_CONNECT) {
                iso14443a_setup();
 
        if(param & ISO14A_CONNECT) {
                iso14443a_setup();
-               arg0 = iso14443a_select_card(NULL, (iso14a_card_select_t*)buf, NULL);
-               cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(iso14a_card_select_t));
+               if(!(param & ISO14A_NO_SELECT)) {
+                       iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
+                       arg0 = iso14443a_select_card(NULL,card,NULL);
+                       cmd_send(CMD_ACK,arg0,card->uidlen,0,buf,sizeof(iso14a_card_select_t));
+               }
        }
 
        if(param & ISO14A_SET_TIMEOUT) {
        }
 
        if(param & ISO14A_SET_TIMEOUT) {
@@ -1815,7 +1848,11 @@ void ReaderIso14443a(UsbCommand * c)
                        AppendCrc14443a(cmd,len);
                        len += 2;
                }
                        AppendCrc14443a(cmd,len);
                        len += 2;
                }
-               ReaderTransmit(cmd,len, NULL);
+               if(lenbits>0) {
+                       ReaderTransmitBitsPar(cmd,lenbits,GetParity(cmd,lenbits/8), NULL);
+               } else {
+                       ReaderTransmit(cmd,len, NULL);
+               }
                arg0 = ReaderReceive(buf);
                cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
        }
                arg0 = ReaderReceive(buf);
                cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
        }
Impressum, Datenschutz