]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifarecmd.c
Fix Issue #843 - hf mf chk - t Doesnt save to emulator memory
[proxmark3-svn] / armsrc / mifarecmd.c
index a3f0d374430ce9c9c7786f3853b76c7f017b5441..a3807cf7150adefc05f534aedf19302f52ae74bc 100644 (file)
 \r
 #include "mifarecmd.h"\r
 \r
-#include "apps.h"\r
 #include "util.h"\r
 #include "parity.h"\r
 #include "crc.h"\r
+#include "fpgaloader.h"\r
 \r
-#define AUTHENTICATION_TIMEOUT 848                     // card times out 1ms after wrong authentication (according to NXP documentation)\r
-#define PRE_AUTHENTICATION_LEADTIME 400                // some (non standard) cards need a pause after select before they are ready for first authentication\r
-\r
+#define HARDNESTED_AUTHENTICATION_TIMEOUT 848                  // card times out 1ms after wrong authentication (according to NXP documentation)\r
+#define HARDNESTED_PRE_AUTHENTICATION_LEADTIME 400             // some (non standard) cards need a pause after select before they are ready for first authentication \r
 \r
+/*\r
 // the block number for the ISO14443-4 PCB\r
 static uint8_t pcb_blocknum = 0;\r
 // Deselect card by sending a s-block. the crc is precalced for speed\r
 static  uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};\r
 \r
+static void OnSuccess(){\r
+       pcb_blocknum = 0;\r
+       ReaderTransmit(deselect_cmd, 3 , NULL);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
+*/\r
+\r
+static void OnError(uint8_t reason){\r
+       // pcb_blocknum = 0;\r
+       // ReaderTransmit(deselect_cmd, 3 , NULL);\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LED_D_OFF();\r
+       cmd_send(CMD_ACK,0,reason,0,0,0);\r
+       LED_A_OFF();\r
+}\r
+\r
 //-----------------------------------------------------------------------------\r
 // Select, Authenticate, Read a MIFARE tag.\r
 // read block\r
 //-----------------------------------------------------------------------------\r
 void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
-  // params\r
+       LED_A_ON();\r
+\r
        uint8_t blockNo = arg0;\r
        uint8_t keyType = arg1;\r
        uint64_t ui64Key = 0;\r
        ui64Key = bytes_to_num(datain, 6);\r
 \r
-       // variables\r
        byte_t isOK = 0;\r
        byte_t dataoutbuf[16];\r
        uint8_t uid[10];\r
@@ -54,10 +71,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
        clear_trace();\r
 \r
-       LED_A_ON();\r
-       LED_B_OFF();\r
-       LED_C_OFF();\r
-\r
        while (true) {\r
                if(!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) {\r
                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
@@ -98,21 +111,18 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
 void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){\r
 \r
+       LED_A_ON();\r
        bool turnOffField = (arg0 == 1);\r
 \r
-       LED_A_ON(); LED_B_OFF(); LED_C_OFF();\r
-\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
-       clear_trace();\r
-\r
-       if(!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {\r
+       if (!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");\r
                OnError(0);\r
                return;\r
        };\r
 \r
-       if(!mifare_ultra_auth(keybytes)){\r
+       if (!mifare_ultra_auth(keybytes)){\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");\r
                OnError(1);\r
                return;\r
@@ -120,9 +130,11 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
 \r
        if (turnOffField) {\r
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-               LEDsoff();\r
+               LED_D_OFF();\r
        }\r
+\r
        cmd_send(CMD_ACK,1,0,0,0,0);\r
+       LED_A_OFF();\r
 }\r
 \r
 // Arg0 = BlockNo,\r
@@ -130,17 +142,15 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
 // datain = PWD bytes,\r
 void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)\r
 {\r
+       LED_A_ON();\r
+\r
        uint8_t blockNo = arg0;\r
        byte_t dataout[16] = {0x00};\r
        bool useKey = (arg1 == 1); //UL_C\r
        bool usePwd = (arg1 == 2); //UL_EV1/NTAG\r
 \r
-       LEDsoff();\r
-       LED_A_ON();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
-       clear_trace();\r
-\r
        int len = iso14443a_select_card(NULL, NULL, NULL, true, 0, true);\r
        if(!len) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card (RC:%02X)",len);\r
@@ -149,7 +159,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
        }\r
 \r
        // UL-C authentication\r
-       if ( useKey ) {\r
+       if (useKey) {\r
                uint8_t key[16] = {0x00};\r
                memcpy(key, datain, sizeof(key) );\r
 \r
@@ -160,7 +170,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
        }\r
 \r
        // UL-EV1 / NTAG authentication\r
-       if ( usePwd ) {\r
+       if (usePwd) {\r
                uint8_t pwd[4] = {0x00};\r
                memcpy(pwd, datain, 4);\r
                uint8_t pack[4] = {0,0,0,0};\r
@@ -170,13 +180,13 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
                }\r
        }\r
 \r
-       if( mifare_ultra_readblock(blockNo, dataout) ) {\r
+       if (mifare_ultra_readblock(blockNo, dataout)) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block error");\r
                OnError(2);\r
                return;\r
        }\r
 \r
-       if( mifare_ultra_halt() ) {\r
+       if (mifare_ultra_halt()) {\r
                if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Halt error");\r
                OnError(3);\r
                return;\r
@@ -184,7 +194,8 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
 \r
        cmd_send(CMD_ACK,1,0,0,dataout,16);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-       LEDsoff();\r
+       LED_D_OFF();\r
+       LED_A_OFF();\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
@@ -260,13 +271,11 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 // datain = KEY bytes\r
 void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
-       LEDsoff();\r
        LED_A_ON();\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        // free eventually allocated BigBuf memory\r
        BigBuf_free();\r
-       clear_trace();\r
 \r
        // params\r
        uint8_t blockNo = arg0;\r
@@ -289,7 +298,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
        }\r
 \r
        // UL-C authentication\r
-       if ( useKey ) {\r
+       if (useKey) {\r
                uint8_t key[16] = {0x00};\r
                memcpy(key, datain, sizeof(key) );\r
 \r
@@ -341,14 +350,14 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
                return;\r
        }\r
 \r
-       if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);\r
+       if (MF_DBGLEVEL >= MF_DBG_DEBUG) Dbprintf("Blocks read %d", countblocks);\r
 \r
-       countblocks *= 4;\r
+       cmd_send(CMD_ACK, 1, countblocks*4, BigBuf_max_traceLen(), 0, 0);\r
 \r
-       cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-       LEDsoff();\r
+       LED_D_OFF();\r
        BigBuf_free();\r
+       LED_A_OFF();\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
@@ -681,7 +690,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
                }\r
 \r
                if (slow) {\r
-                       timeout = GetCountSspClk() + PRE_AUTHENTICATION_LEADTIME;\r
+                       timeout = GetCountSspClk() + HARDNESTED_PRE_AUTHENTICATION_LEADTIME;\r
                        while(GetCountSspClk() < timeout);\r
                }\r
 \r
@@ -698,11 +707,12 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags,
                        continue;\r
                }\r
 \r
-               // send a dummy byte as reader response in order to trigger the cards authentication timeout\r
-               uint8_t dummy_answer = 0;\r
-               ReaderTransmit(&dummy_answer, 1, NULL);\r
-               timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT;\r
+               // send an incomplete dummy response in order to trigger the card's authentication failure timeout\r
+               uint8_t dummy_answer[1] = {0};\r
+               ReaderTransmit(dummy_answer, 1, NULL);\r
 \r
+               timeout = GetCountSspClk() + HARDNESTED_AUTHENTICATION_TIMEOUT;\r
+               \r
                num_nonces++;\r
                if (num_nonces % 2) {\r
                        memcpy(buf+i, receivedAnswer, 4);\r
@@ -961,24 +971,14 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
 // MIFARE check keys. key count up to 85.\r
 //\r
 //-----------------------------------------------------------------------------\r
-void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
+void MifareChkKeys(uint16_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)\r
 {\r
        uint8_t blockNo = arg0 & 0xff;\r
        uint8_t keyType = (arg0 >> 8) & 0xff;\r
-       bool clearTrace = arg1;\r
+       bool clearTrace = arg1 & 0x01;\r
+       bool multisectorCheck = arg1 & 0x02;\r
+       uint8_t set14aTimeout = (arg1 >> 8) & 0xff;\r
        uint8_t keyCount = arg2;\r
-       uint64_t ui64Key = 0;\r
-\r
-       bool have_uid = false;\r
-       uint8_t cascade_levels = 0;\r
-       uint32_t timeout = 0;\r
-       int i;\r
-       byte_t isOK = 0;\r
-       uint8_t uid[10];\r
-       uint32_t cuid;\r
-       struct Crypto1State mpcs = {0, 0};\r
-       struct Crypto1State *pcs;\r
-       pcs = &mpcs;\r
 \r
        // clear debug level\r
        int OLD_MF_DBGLEVEL = MF_DBGLEVEL;\r
@@ -992,53 +992,34 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        if (clearTrace) clear_trace();\r
        set_tracing(true);\r
 \r
-       for (i = 0; i < keyCount; i++) {\r
-//             if(mifare_classic_halt(pcs, cuid)) {\r
-//                     if (MF_DBGLEVEL >= 1)   Dbprintf("ChkKeys: Halt error");\r
-//             }\r
+       if (set14aTimeout){\r
+               iso14a_set_timeout(set14aTimeout * 10); // timeout: ms = x/106  35-minimum, 50-OK 106-recommended 500-safe\r
+       }\r
+       \r
+       if (multisectorCheck) {\r
+               TKeyIndex keyIndex = {{0}};\r
+               uint8_t sectorCnt = blockNo;\r
+               int res = MifareMultisectorChk(datain, keyCount, sectorCnt, keyType, OLD_MF_DBGLEVEL, &keyIndex);\r
 \r
-               // Iceman: use piwi's faster nonce collecting part in hardnested.\r
-               if (!have_uid) { // need a full select cycle to get the uid first\r
-                       iso14a_card_select_t card_info;\r
-                       if(!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) {\r
-                               if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("ChkKeys: Can't select card");\r
-                               --i; // try same key once again\r
-                               continue;\r
-                       }\r
-                       switch (card_info.uidlen) {\r
-                               case 4 : cascade_levels = 1; break;\r
-                               case 7 : cascade_levels = 2; break;\r
-                               case 10: cascade_levels = 3; break;\r
-                               default: break;\r
-                       }\r
-                       have_uid = true;\r
-               } else { // no need for anticollision. We can directly select the card\r
-                       if(!iso14443a_select_card(uid, NULL, NULL, false, cascade_levels, true)) {\r
-                               if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("ChkKeys: Can't select card (UID)");\r
-                               --i; // try same key once again\r
-                               continue;\r
-                       }\r
+               LED_B_ON();\r
+               if (res >= 0) {\r
+                       cmd_send(CMD_ACK, 1, 0, 0, keyIndex, 80);\r
+               } else {\r
+                       cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
                }\r
-\r
-               ui64Key = bytes_to_num(datain + i * 6, 6);\r
-               if(mifare_classic_auth(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST)) {\r
-                       uint8_t dummy_answer = 0;\r
-                       ReaderTransmit(&dummy_answer, 1, NULL);\r
-                       timeout = GetCountSspClk() + AUTHENTICATION_TIMEOUT;\r
-\r
-                       // wait for the card to become ready again\r
-                       while(GetCountSspClk() < timeout);\r
-                       continue;\r
+               LED_B_OFF();\r
+       } else {        \r
+               int res = MifareChkBlockKeys(datain, keyCount, blockNo, keyType, OLD_MF_DBGLEVEL);\r
+               \r
+               LED_B_ON();\r
+               if (res > 0) {\r
+                       cmd_send(CMD_ACK, 1, 0, 0, datain + (res - 1) * 6, 6);\r
+               } else {\r
+                       cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);\r
                }\r
-\r
-               isOK = 1;\r
-               break;\r
+               LED_B_OFF();\r
        }\r
 \r
-       LED_B_ON();\r
-    cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
-       LED_B_OFF();\r
-\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 \r
@@ -1178,7 +1159,7 @@ static bool isBlockTrailer(int blockN) {
        if (blockN >= 128 && blockN <= 256) {\r
                return ((blockN & 0x0F) == 0x0F);\r
        }\r
-       return FALSE;\r
+       return false;\r
 }\r
 \r
 void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
@@ -1543,6 +1524,14 @@ void MifareCIdent(){
 \r
        uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
        uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
+       \r
+       LED_A_ON();\r
+       LED_B_OFF();\r
+       LED_C_OFF();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+       clear_trace();\r
+       set_tracing(true);      \r
 \r
        ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
        if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == 0x0a)) {\r
@@ -1556,8 +1545,13 @@ void MifareCIdent(){
 \r
        // From iceman1001: removed the if,  since some magic tags misbehavies and send an answer to it.\r
        mifare_classic_halt(NULL, 0);\r
-\r
+       \r
+       LED_B_ON();\r
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+       LED_B_OFF();\r
+\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();      \r
 }\r
 \r
 //\r
@@ -1614,17 +1608,3 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
        LEDsoff();\r
 }\r
 \r
-void OnSuccess(){\r
-       pcb_blocknum = 0;\r
-       ReaderTransmit(deselect_cmd, 3 , NULL);\r
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-       LEDsoff();\r
-}\r
-\r
-void OnError(uint8_t reason){\r
-       pcb_blocknum = 0;\r
-       ReaderTransmit(deselect_cmd, 3 , NULL);\r
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-       cmd_send(CMD_ACK,0,reason,0,0,0);\r
-       LEDsoff();\r
-}\r
Impressum, Datenschutz