]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - armsrc/mifarecmd.c
minor bugfix and enhancement to hf 14a reader
[proxmark3-svn] / armsrc / mifarecmd.c
index f18b75a08a37936484b15fe0a41542ba0b0d93b6..6a491b532a73739aaf9da9540fe5014fab2bbe91 100644 (file)
@@ -28,7 +28,7 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        // variables\r
        byte_t isOK = 0;\r
        byte_t dataoutbuf[16];\r
-       uint8_t uid[8];\r
+       uint8_t uid[10];\r
        uint32_t cuid;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
@@ -38,7 +38,7 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        iso14a_clear_trace();\r
 //     iso14a_set_tracing(false);\r
 \r
-       iso14443a_setup();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
@@ -78,11 +78,12 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        memset(uid, 0x44, 4);\r
        LogTrace(uid, 4, 0, 0, TRUE);\r
 \r
-       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-       memcpy(ack.d.asBytes, dataoutbuf, 16);\r
+//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
+//     memcpy(ack.d.asBytes, dataoutbuf, 16);\r
        \r
        LED_B_ON();\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+  cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
        LED_B_OFF();\r
 \r
 \r
@@ -93,6 +94,60 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
 }\r
 \r
+void MifareUReadBlock(uint8_t arg0,uint8_t *datain)\r
+{\r
+    // params\r
+       uint8_t blockNo = arg0;\r
+       \r
+       // variables\r
+       byte_t isOK = 0;\r
+       byte_t dataoutbuf[16];\r
+       uint8_t uid[10];\r
+       uint32_t cuid;\r
+    \r
+       // clear trace\r
+       iso14a_clear_trace();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+    \r
+       LED_A_ON();\r
+       LED_B_OFF();\r
+       LED_C_OFF();\r
+    \r
+       while (true) {\r
+               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+            if (MF_DBGLEVEL >= 1)      Dbprintf("Can't select card");\r
+                       break;\r
+               };\r
+        \r
+               if(mifare_ultra_readblock(cuid, blockNo, dataoutbuf)) {\r
+            if (MF_DBGLEVEL >= 1)      Dbprintf("Read block error");\r
+                       break;\r
+               };\r
+        \r
+               if(mifare_ultra_halt(cuid)) {\r
+            if (MF_DBGLEVEL >= 1)      Dbprintf("Halt error");\r
+                       break;\r
+               };\r
+               \r
+               isOK = 1;\r
+               break;\r
+       }\r
+       \r
+       if (MF_DBGLEVEL >= 2)   DbpString("READ BLOCK FINISHED");\r
+    \r
+       // add trace trailer\r
+       memset(uid, 0x44, 4);\r
+       LogTrace(uid, 4, 0, 0, TRUE);\r
+       LED_B_ON();\r
+        cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
+       LED_B_OFF();\r
+    \r
+    \r
+    // Thats it...\r
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+       LEDsoff();\r
+}\r
+\r
 //-----------------------------------------------------------------------------\r
 // Select, Authenticaate, Read an MIFARE tag. \r
 // read sector (data = 4 x 16 bytes = 64 bytes)\r
@@ -108,7 +163,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        // variables\r
        byte_t isOK = 0;\r
        byte_t dataoutbuf[16 * 4];\r
-       uint8_t uid[8];\r
+       uint8_t uid[10];\r
        uint32_t cuid;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
@@ -118,7 +173,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        iso14a_clear_trace();\r
 //     iso14a_set_tracing(false);\r
 \r
-       iso14443a_setup();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
@@ -170,17 +225,18 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        memset(uid, 0x44, 4);\r
        LogTrace(uid, 4, 0, 0, TRUE);\r
 \r
-       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-       memcpy(ack.d.asBytes, dataoutbuf, 16 * 2);\r
+//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
+//     memcpy(ack.d.asBytes, dataoutbuf, 16 * 2);\r
        \r
        LED_B_ON();\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-\r
-       SpinDelay(100);\r
+  cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,32);\r
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+//     SpinDelay(100);\r
        \r
-       memcpy(ack.d.asBytes, dataoutbuf + 16 * 2, 16 * 2);\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-       LED_B_OFF();    \r
+//     memcpy(ack.d.asBytes, dataoutbuf + 16 * 2, 16 * 2);\r
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+  cmd_send(CMD_ACK,isOK,0,0,dataoutbuf+32, 32);\r
+       LED_B_OFF();\r
 \r
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
@@ -189,6 +245,66 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
 }\r
 \r
+void MifareUReadCard(uint8_t arg0, uint8_t *datain)\r
+{\r
+  // params\r
+        uint8_t sectorNo = arg0;\r
+        \r
+        // variables\r
+        byte_t isOK = 0;\r
+        byte_t dataoutbuf[16 * 4];\r
+        uint8_t uid[10];\r
+        uint32_t cuid;\r
+\r
+        // clear trace\r
+        iso14a_clear_trace();\r
+//      iso14a_set_tracing(false);\r
+\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+        LED_A_ON();\r
+        LED_B_OFF();\r
+        LED_C_OFF();\r
+\r
+        while (true) {\r
+                if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+                        break;\r
+                };\r
+               for(int sec=0;sec<16;sec++){\r
+                    if(mifare_ultra_readblock(cuid, sectorNo * 4 + sec, dataoutbuf + 4 * sec)) {\r
+                    if (MF_DBGLEVEL >= 1)   Dbprintf("Read block %d error",sec);\r
+                        break;\r
+                    };\r
+                }\r
+                if(mifare_ultra_halt(cuid)) {\r
+                if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                        break;\r
+                };\r
+\r
+                isOK = 1;\r
+                break;\r
+        }\r
+        \r
+        if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");\r
+\r
+        // add trace trailer\r
+        memset(uid, 0x44, 4);\r
+        LogTrace(uid, 4, 0, 0, TRUE);\r
+        \r
+        LED_B_ON();\r
+               cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64);\r
+  //cmd_send(CMD_ACK,isOK,0,0,dataoutbuf+32, 32);\r
+        LED_B_OFF();\r
+\r
+        // Thats it...\r
+        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+        LEDsoff();\r
+//  iso14a_set_tracing(TRUE);\r
+\r
+}\r
+\r
+\r
 //-----------------------------------------------------------------------------\r
 // Select, Authenticaate, Read an MIFARE tag. \r
 // read block\r
@@ -206,7 +322,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        \r
        // variables\r
        byte_t isOK = 0;\r
-       uint8_t uid[8];\r
+       uint8_t uid[10];\r
        uint32_t cuid;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
@@ -216,7 +332,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        iso14a_clear_trace();\r
 //  iso14a_set_tracing(false);\r
 \r
-       iso14443a_setup();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
@@ -256,11 +372,12 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        memset(uid, 0x44, 4);\r
        LogTrace(uid, 4, 0, 0, TRUE);\r
 \r
-       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
+//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
        \r
        LED_B_ON();\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-       LED_B_OFF();    \r
+       cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+       LED_B_OFF();\r
 \r
 \r
        // Thats it...\r
@@ -270,6 +387,131 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
 }\r
 \r
+void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)\r
+{\r
+        // params\r
+        uint8_t blockNo = arg0;\r
+        byte_t blockdata[16];\r
+\r
+        memset(blockdata,'\0',16);\r
+        memcpy(blockdata, datain,16);\r
+        \r
+        // variables\r
+        byte_t isOK = 0;\r
+        uint8_t uid[10];\r
+        uint32_t cuid;\r
+\r
+        // clear trace\r
+        iso14a_clear_trace();\r
+       //  iso14a_set_tracing(false);\r
+\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+        LED_A_ON();\r
+        LED_B_OFF();\r
+        LED_C_OFF();\r
+\r
+        while (true) {\r
+                if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+                        break;\r
+                };\r
+\r
+                if(mifare_ultra_writeblock(cuid, blockNo, blockdata)) {\r
+                        if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
+                        break;\r
+                };\r
+\r
+                if(mifare_ultra_halt(cuid)) {\r
+                        if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                        break;\r
+                };\r
+                \r
+                isOK = 1;\r
+                break;\r
+        }\r
+        \r
+        if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
+\r
+        // add trace trailer\r
+        memset(uid, 0x44, 4);\r
+        LogTrace(uid, 4, 0, 0, TRUE);\r
+\r
+        LED_B_ON();\r
+       cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+//      UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+        LED_B_OFF();\r
+\r
+\r
+        // Thats it...\r
+        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+        LEDsoff();\r
+//  iso14a_set_tracing(TRUE);\r
+\r
+}\r
+\r
+void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)\r
+{\r
+        // params\r
+        uint8_t blockNo = arg0;\r
+        byte_t blockdata[4];\r
+        \r
+       memcpy(blockdata, datain,4);\r
+\r
+        // variables\r
+        byte_t isOK = 0;\r
+        uint8_t uid[10];\r
+        uint32_t cuid;\r
+\r
+        // clear trace\r
+        iso14a_clear_trace();\r
+        //  iso14a_set_tracing(false);\r
+\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+        LED_A_ON();\r
+        LED_B_OFF();\r
+        LED_C_OFF();\r
+\r
+        while (true) {\r
+                        if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                        if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
+                        break;\r
+                };\r
+\r
+                if(mifare_ultra_special_writeblock(cuid, blockNo, blockdata)) {\r
+                        if (MF_DBGLEVEL >= 1)   Dbprintf("Write block error");\r
+                        break;\r
+                };\r
+\r
+                if(mifare_ultra_halt(cuid)) {\r
+                        if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
+                        break;\r
+                };\r
+\r
+                isOK = 1;\r
+                break;\r
+        }\r
+\r
+        if (MF_DBGLEVEL >= 2)   DbpString("WRITE BLOCK FINISHED");\r
+\r
+        // add trace trailer\r
+       memset(uid, 0x44, 4);\r
+        LogTrace(uid, 4, 0, 0, TRUE);\r
+\r
+       LED_B_ON();\r
+        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+//      UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+        LED_B_OFF();\r
+\r
+\r
+        // Thats it...\r
+        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+        LEDsoff();\r
+//  iso14a_set_tracing(TRUE);\r
+\r
+}\r
+\r
 // Return 1 if the nonce is invalid else return 0\r
 int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, byte_t * parity) {\r
        return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \\r
@@ -277,185 +519,191 @@ int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, byte_t * parity) {
        (oddparity((Nt >> 8) & 0xFF) == ((parity[2]) ^ oddparity((NtEnc >> 8) & 0xFF) ^ BIT(Ks1,0)))) ? 1 : 0;\r
 }\r
 \r
+\r
+\r
 //-----------------------------------------------------------------------------\r
 // MIFARE nested authentication. \r
 // \r
 //-----------------------------------------------------------------------------\r
-void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)\r
+void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *datain)\r
 {\r
        // params\r
-       uint8_t blockNo = arg0;\r
-       uint8_t keyType = arg1;\r
-       uint8_t targetBlockNo = arg2 & 0xff;\r
-       uint8_t targetKeyType = (arg2 >> 8) & 0xff;\r
+       uint8_t blockNo = arg0 & 0xff;\r
+       uint8_t keyType = (arg0 >> 8) & 0xff;\r
+       uint8_t targetBlockNo = arg1 & 0xff;\r
+       uint8_t targetKeyType = (arg1 >> 8) & 0xff;\r
        uint64_t ui64Key = 0;\r
 \r
        ui64Key = bytes_to_num(datain, 6);\r
        \r
        // variables\r
-       int rtr, i, j, m, len;\r
-       int davg, dmin, dmax;\r
-       uint8_t uid[8];\r
+       uint16_t rtr, i, j, len;\r
+       uint16_t davg;\r
+       static uint16_t dmin, dmax;\r
+       uint8_t uid[10];\r
        uint32_t cuid, nt1, nt2, nttmp, nttest, par, ks1;\r
+       uint32_t target_nt[2], target_ks[2];\r
+       \r
        uint8_t par_array[4];\r
-       nestedVector nvector[NES_MAX_INFO + 1][11];\r
-       int nvectorcount[NES_MAX_INFO + 1];\r
-       int ncount = 0;\r
-       UsbCommand ack = {CMD_ACK, {0, 0, 0}};\r
+       uint16_t ncount = 0;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
        pcs = &mpcs;\r
        uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
 \r
-       //init\r
-       for (i = 0; i < NES_MAX_INFO + 1; i++) nvectorcount[i] = 11;  //  11 - empty block;\r
-       \r
+       uint32_t auth1_time, auth2_time;\r
+       static uint16_t delta_time;\r
+\r
        // clear trace\r
        iso14a_clear_trace();\r
-  iso14a_set_tracing(false);\r
+       iso14a_set_tracing(false);\r
        \r
-       iso14443a_setup();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        LED_A_ON();\r
-       LED_B_ON();\r
        LED_C_OFF();\r
 \r
-  FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-  SpinDelay(200);\r
-       \r
-       davg = dmax = 0;\r
-       dmin = 2000;\r
-\r
-       // test nonce distance\r
-       for (rtr = 0; rtr < 10; rtr++) {\r
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-    SpinDelay(100);\r
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
 \r
-    // Test if the action was cancelled\r
-    if(BUTTON_PRESS()) {\r
-      break;\r
-    }\r
+       // statistics on nonce distance\r
+       if (calibrate) {        // for first call only. Otherwise reuse previous calibration\r
+               LED_B_ON();\r
 \r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                       break;\r
-               };\r
+               davg = dmax = 0;\r
+               dmin = 2000;\r
+               delta_time = 0;\r
                \r
-               if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Auth1 error");\r
-                       break;\r
-               };\r
+               for (rtr = 0; rtr < 17; rtr++) {\r
 \r
-               if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Auth2 error");\r
-                       break;\r
-               };\r
-               \r
-               nttmp = prng_successor(nt1, 500);\r
-               for (i = 501; i < 2000; i++) {\r
-                       nttmp = prng_successor(nttmp, 1);\r
-                       if (nttmp == nt2) break;\r
+                       // prepare next select. No need to power down the card.\r
+                       if(mifare_classic_halt(pcs, cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Halt error");\r
+                               rtr--;\r
+                               continue;\r
+                       }\r
+\r
+                       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Can't select card");\r
+                               rtr--;\r
+                               continue;\r
+                       };\r
+\r
+                       auth1_time = 0;\r
+                       if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth1 error");\r
+                               rtr--;\r
+                               continue;\r
+                       };\r
+\r
+                       if (delta_time) {\r
+                               auth2_time = auth1_time + delta_time;\r
+                       } else {\r
+                               auth2_time = 0;\r
+                       }\r
+                       if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_NESTED, &nt2, &auth2_time)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error");\r
+                               rtr--;\r
+                               continue;\r
+                       };\r
+\r
+                       nttmp = prng_successor(nt1, 100);                               //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160\r
+                       for (i = 101; i < 1200; i++) {\r
+                               nttmp = prng_successor(nttmp, 1);\r
+                               if (nttmp == nt2) break;\r
+                       }\r
+\r
+                       if (i != 1200) {\r
+                               if (rtr != 0) {\r
+                                       davg += i;\r
+                                       dmin = MIN(dmin, i);\r
+                                       dmax = MAX(dmax, i);\r
+                               }\r
+                               else {\r
+                                       delta_time = auth2_time - auth1_time + 32;  // allow some slack for proper timing\r
+                               }\r
+                               if (MF_DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i);\r
+                       }\r
                }\r
                \r
-               if (i != 2000) {\r
-                       davg += i;\r
-                       if (dmin > i) dmin = i;\r
-                       if (dmax < i) dmax = i;\r
-                       if (MF_DBGLEVEL >= 4)   Dbprintf("r=%d nt1=%08x nt2=%08x distance=%d", rtr, nt1, nt2, i);\r
-               }\r
-       }\r
-       \r
-       if (rtr == 0)   return;\r
+               if (rtr <= 1)   return;\r
 \r
-       davg = davg / rtr;\r
-       if (MF_DBGLEVEL >= 3)   Dbprintf("distance: min=%d max=%d avg=%d", dmin, dmax, davg);\r
-\r
-       LED_B_OFF();\r
+               davg = (davg + (rtr - 1)/2) / (rtr - 1);\r
+               \r
+               if (MF_DBGLEVEL >= 3) Dbprintf("min=%d max=%d avg=%d, delta_time=%d", dmin, dmax, davg, delta_time);\r
 \r
+               dmin = davg - 2;\r
+               dmax = davg + 2;\r
+               \r
+               LED_B_OFF();\r
+       \r
+       }\r
 //  -------------------------------------------------------------------------------------------------  \r
        \r
        LED_C_ON();\r
 \r
        //  get crypted nonces for target sector\r
-       for (rtr = 0; rtr < NS_RETRIES_GETNONCE; rtr++) {\r
-       if (MF_DBGLEVEL >= 4)                   Dbprintf("------------------------------");\r
+       for(i=0; i < 2; i++) { // look for exactly two different nonces\r
 \r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-    SpinDelay(100);\r
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
-\r
-    // Test if the action was cancelled\r
-    if(BUTTON_PRESS()) {\r
-      break;\r
-    }\r
-\r
-               if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Can't select card");\r
-                       break;\r
-               };\r
+               target_nt[i] = 0;\r
+               while(target_nt[i] == 0) { // continue until we have an unambiguous nonce\r
                \r
-               if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1)) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Auth1 error");\r
-                       break;\r
-               };\r
+                       // prepare next select. No need to power down the card.\r
+                       if(mifare_classic_halt(pcs, cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Halt error");\r
+                               continue;\r
+                       }\r
 \r
-               // nested authentication\r
-               len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, &par);\r
-               if (len != 4) {\r
-                       if (MF_DBGLEVEL >= 1)   Dbprintf("Auth2 error len=%d", len);\r
-                       break;\r
-               };\r
-       \r
-               nt2 = bytes_to_num(receivedAnswer, 4);          \r
-               if (MF_DBGLEVEL >= 4)   Dbprintf("r=%d nt1=%08x nt2enc=%08x nt2par=%08x", rtr, nt1, nt2, par);\r
-               \r
-               // Parity validity check\r
-               for (i = 0; i < 4; i++) {\r
-                       par_array[i] = (oddparity(receivedAnswer[i]) != ((par & 0x08) >> 3));\r
-                       par = par << 1;\r
-               }\r
+                       if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Can't select card");\r
+                               continue;\r
+                       };\r
                \r
-               ncount = 0;\r
-               nttest = prng_successor(nt1, dmin - NS_TOLERANCE);\r
-               for (m = dmin - NS_TOLERANCE + 1; m < dmax + NS_TOLERANCE; m++) {\r
-                       nttest = prng_successor(nttest, 1);\r
-                       ks1 = nt2 ^ nttest;\r
-\r
-                       if (valid_nonce(nttest, nt2, ks1, par_array) && (ncount < 11)){\r
-                               \r
-                               nvector[NES_MAX_INFO][ncount].nt = nttest;\r
-                               nvector[NES_MAX_INFO][ncount].ks1 = ks1;\r
-                               ncount++;\r
-                               nvectorcount[NES_MAX_INFO] = ncount;\r
-                               if (MF_DBGLEVEL >= 4)   Dbprintf("valid m=%d ks1=%08x nttest=%08x", m, ks1, nttest);\r
-                       }\r
+                       auth1_time = 0;\r
+                       if(mifare_classic_authex(pcs, cuid, blockNo, keyType, ui64Key, AUTH_FIRST, &nt1, &auth1_time)) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth1 error");\r
+                               continue;\r
+                       };\r
 \r
-               }\r
+                       // nested authentication\r
+                       auth2_time = auth1_time + delta_time;\r
+                       len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, &par, &auth2_time);\r
+                       if (len != 4) {\r
+                               if (MF_DBGLEVEL >= 1)   Dbprintf("Nested: Auth2 error len=%d", len);\r
+                               continue;\r
+                       };\r
                \r
-               // select vector with length less than got\r
-               if (nvectorcount[NES_MAX_INFO] != 0) {\r
-                       m = NES_MAX_INFO;\r
+                       nt2 = bytes_to_num(receivedAnswer, 4);          \r
+                       if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: Testing nt1=%08x nt2enc=%08x nt2par=%02x", i+1, nt1, nt2, par);\r
                        \r
-                       for (i = 0; i < NES_MAX_INFO; i++)\r
-                               if (nvectorcount[i] > 10) {\r
-                                       m = i;\r
-                                       break;\r
-                               }\r
-                               \r
-                       if (m == NES_MAX_INFO)\r
-                               for (i = 0; i < NES_MAX_INFO; i++)\r
-                                       if (nvectorcount[NES_MAX_INFO] < nvectorcount[i]) {\r
-                                               m = i;\r
+                       // Parity validity check\r
+                       for (j = 0; j < 4; j++) {\r
+                               par_array[j] = (oddparity(receivedAnswer[j]) != ((par & 0x08) >> 3));\r
+                               par = par << 1;\r
+                       }\r
+                       \r
+                       ncount = 0;\r
+                       nttest = prng_successor(nt1, dmin - 1);\r
+                       for (j = dmin; j < dmax + 1; j++) {\r
+                               nttest = prng_successor(nttest, 1);\r
+                               ks1 = nt2 ^ nttest;\r
+\r
+                               if (valid_nonce(nttest, nt2, ks1, par_array)){\r
+                                       if (ncount > 0) {               // we are only interested in disambiguous nonces, try again\r
+                                               if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i+1, j);\r
+                                               target_nt[i] = 0;\r
+                                               break;\r
+                                       }\r
+                                       target_nt[i] = nttest;\r
+                                       target_ks[i] = ks1;\r
+                                       ncount++;\r
+                                       if (i == 1 && target_nt[1] == target_nt[0]) { // we need two different nonces\r
+                                               target_nt[i] = 0;\r
+                                               if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#2: dismissed (= nonce#1), ntdist=%d", j);\r
                                                break;\r
                                        }\r
-                                       \r
-                       if (m != NES_MAX_INFO) {\r
-                               for (i = 0; i < nvectorcount[m]; i++) {\r
-                                       nvector[m][i] = nvector[NES_MAX_INFO][i];\r
+                                       if (MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: valid, ntdist=%d", i+1, j);\r
                                }\r
-                               nvectorcount[m] = nvectorcount[NES_MAX_INFO];\r
                        }\r
+                       if (target_nt[i] == 0 && j == dmax+1 && MF_DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (all invalid)", i+1);\r
                }\r
        }\r
 \r
@@ -468,53 +716,26 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
        memset(uid, 0x44, 4);\r
        LogTrace(uid, 4, 0, 0, TRUE);\r
 \r
-       for (i = 0; i < NES_MAX_INFO; i++) {\r
-               if (nvectorcount[i] > 10) continue;\r
-               \r
-               for (j = 0; j < nvectorcount[i]; j += 5) {\r
-                       ncount = nvectorcount[i] - j;\r
-                       if (ncount > 5) ncount = 5; \r
-\r
-                       ack.arg[0] = 0; // isEOF = 0\r
-                       ack.arg[1] = ncount;\r
-                       ack.arg[2] = targetBlockNo + (targetKeyType * 0x100);\r
-                       memset(ack.d.asBytes, 0x00, sizeof(ack.d.asBytes));\r
-                       \r
-                       memcpy(ack.d.asBytes, &cuid, 4);\r
-                       for (m = 0; m < ncount; m++) {\r
-                               memcpy(ack.d.asBytes + 8 + m * 8 + 0, &nvector[i][m + j].nt, 4);\r
-                               memcpy(ack.d.asBytes + 8 + m * 8 + 4, &nvector[i][m + j].ks1, 4);\r
-                       }\r
-       \r
-                       LED_B_ON();\r
-                       SpinDelay(100);\r
-                       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-                       LED_B_OFF();    \r
-               }\r
-       }\r
-\r
-       // finalize list\r
-       ack.arg[0] = 1; // isEOF = 1\r
-       ack.arg[1] = 0;\r
-       ack.arg[2] = 0;\r
-       memset(ack.d.asBytes, 0x00, sizeof(ack.d.asBytes));\r
+       byte_t buf[4 + 4 * 4];\r
+       memcpy(buf, &cuid, 4);\r
+       memcpy(buf+4, &target_nt[0], 4);\r
+       memcpy(buf+8, &target_ks[0], 4);\r
+       memcpy(buf+12, &target_nt[1], 4);\r
+       memcpy(buf+16, &target_ks[1], 4);\r
        \r
        LED_B_ON();\r
-       SpinDelay(300);\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
-       LED_B_OFF();    \r
+       cmd_send(CMD_ACK, 0, 2, targetBlockNo + (targetKeyType * 0x100), buf, sizeof(buf));\r
+       LED_B_OFF();\r
 \r
-       if (MF_DBGLEVEL >= 4)   DbpString("NESTED FINISHED");\r
+       if (MF_DBGLEVEL >= 3)   DbpString("NESTED FINISHED");\r
 \r
-       // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-       \r
-  iso14a_set_tracing(TRUE);\r
+       iso14a_set_tracing(TRUE);\r
 }\r
 \r
 //-----------------------------------------------------------------------------\r
-// MIFARE check keys. key count up to 8. \r
+// MIFARE check keys. key count up to 85\r
 // \r
 //-----------------------------------------------------------------------------\r
 void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
@@ -528,7 +749,7 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        // variables\r
        int i;\r
        byte_t isOK = 0;\r
-       uint8_t uid[8];\r
+       uint8_t uid[10];\r
        uint32_t cuid;\r
        struct Crypto1State mpcs = {0, 0};\r
        struct Crypto1State *pcs;\r
@@ -540,22 +761,28 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        \r
        // clear trace\r
        iso14a_clear_trace();\r
-  iso14a_set_tracing(TRUE);\r
+       iso14a_set_tracing(TRUE);\r
 \r
-       iso14443a_setup();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
        LED_C_OFF();\r
 \r
-       SpinDelay(300);\r
+//     SpinDelay(300);\r
        for (i = 0; i < keyCount; i++) {\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-    SpinDelay(100);\r
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+//             FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+//             SpinDelay(100);\r
+//             FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+               // prepare next select by sending a HALT. There is no need to power down the card.\r
+               if(mifare_classic_halt(pcs, cuid)) {\r
+                       if (MF_DBGLEVEL >= 1)   Dbprintf("ChkKeys: Halt error");\r
+               }\r
 \r
+               // SpinDelay(50);\r
+               \r
                if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
-                       if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("Can't select card");\r
+                       if (OLD_MF_DBGLEVEL >= 1)       Dbprintf("ChkKeys: Can't select card");\r
                        break;\r
                };\r
 \r
@@ -575,11 +802,8 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        memset(uid, 0x44, 4);\r
        LogTrace(uid, 4, 0, 0, TRUE);\r
 \r
-       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-       if (isOK) memcpy(ack.d.asBytes, datain + i * 6, 6);\r
-       \r
        LED_B_ON();\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+    cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
        LED_B_OFF();\r
 \r
   // Thats it...\r
@@ -612,12 +836,14 @@ void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
 }\r
 \r
 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-       UsbCommand ack = {CMD_ACK, {arg0, arg1, 0}};\r
+//     UsbCommand ack = {CMD_ACK, {arg0, arg1, 0}};\r
 \r
-       emlGetMem(ack.d.asBytes, arg0, arg1); // data, block num, blocks count\r
+  byte_t buf[48];\r
+       emlGetMem(buf, arg0, arg1); // data, block num, blocks count\r
 \r
        LED_B_ON();\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+  cmd_send(CMD_ACK,arg0,arg1,0,buf,48);\r
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
        LED_B_OFF();\r
 }\r
 \r
@@ -638,13 +864,13 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        // variables\r
        byte_t dataoutbuf[16];\r
        byte_t dataoutbuf2[16];\r
-       uint8_t uid[8];\r
+       uint8_t uid[10];\r
 \r
        // clear trace\r
        iso14a_clear_trace();\r
        iso14a_set_tracing(false);\r
        \r
-       iso14443a_setup();\r
+       iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        LED_A_ON();\r
        LED_B_OFF();\r
@@ -750,11 +976,11 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        \r
        // variables\r
        byte_t isOK = 0;\r
-       uint8_t uid[8];\r
+       uint8_t uid[10];\r
        uint8_t d_block[18];\r
        uint32_t cuid;\r
        \r
-       memset(uid, 0x00, 8);\r
+       memset(uid, 0x00, 10);\r
        uint8_t* receivedAnswer = mifare_get_bigbufptr();\r
        \r
        if (workFlags & 0x08) {\r
@@ -762,7 +988,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                iso14a_clear_trace();\r
                iso14a_set_tracing(TRUE);\r
 \r
-               iso14443a_setup();\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
                LED_A_ON();\r
                LED_B_OFF();\r
@@ -790,13 +1016,13 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        \r
                // reset chip\r
                if (needWipe){\r
-                       ReaderTransmitShort(wupC1);\r
+      ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
                        if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
                                break;\r
                        };\r
 \r
-                       ReaderTransmit(wipeC, sizeof(wipeC));\r
+                       ReaderTransmit(wipeC, sizeof(wipeC), NULL);\r
                        if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("wipeC error");\r
                                break;\r
@@ -810,20 +1036,20 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 \r
                // write block\r
                if (workFlags & 0x02) {\r
-                       ReaderTransmitShort(wupC1);\r
+      ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
                        if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
                                break;\r
                        };\r
 \r
-                       ReaderTransmit(wupC2, sizeof(wupC2));\r
+                       ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
                        if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("wupC2 error");\r
                                break;\r
                        };\r
                }\r
 \r
-               if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) {\r
+               if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {\r
                        if (MF_DBGLEVEL >= 1)   Dbprintf("write block send command error");\r
                        break;\r
                };\r
@@ -831,7 +1057,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                memcpy(d_block, datain, 16);\r
                AppendCrc14443a(d_block, 16);\r
        \r
-               ReaderTransmit(d_block, sizeof(d_block));\r
+               ReaderTransmit(d_block, sizeof(d_block), NULL);\r
                if ((ReaderReceive(receivedAnswer) != 1) || (receivedAnswer[0] != 0x0a)) {\r
                        if (MF_DBGLEVEL >= 1)   Dbprintf("write block send data error");\r
                        break;\r
@@ -848,15 +1074,22 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                break;\r
        }\r
        \r
-       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-       if (isOK) memcpy(ack.d.asBytes, uid, 4);\r
+//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
+//     if (isOK) memcpy(ack.d.asBytes, uid, 4);\r
        \r
        // add trace trailer\r
-       memset(uid, 0x44, 4);\r
-       LogTrace(uid, 4, 0, 0, TRUE);\r
+       /**\r
+       *       Removed by Martin, the uid is overwritten with 0x44, \r
+       *       which can 't be intended. \r
+       *\r
+       *       memset(uid, 0x44, 4);\r
+       *       LogTrace(uid, 4, 0, 0, TRUE);\r
+       **/\r
+       \r
 \r
        LED_B_ON();\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+  cmd_send(CMD_ACK,isOK,0,0,uid,4);\r
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
        LED_B_OFF();\r
 \r
        if ((workFlags & 0x10) || (!isOK)) {\r
@@ -893,7 +1126,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                iso14a_clear_trace();\r
                iso14a_set_tracing(TRUE);\r
 \r
-               iso14443a_setup();\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
                LED_A_ON();\r
                LED_B_OFF();\r
@@ -907,13 +1140,13 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 \r
        while (true) {\r
                if (workFlags & 0x02) {\r
-                       ReaderTransmitShort(wupC1);\r
+                       ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
                        if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("wupC1 error");\r
                                break;\r
                        };\r
 \r
-                       ReaderTransmit(wupC2, sizeof(wupC2));\r
+                       ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
                        if(!ReaderReceive(receivedAnswer) || (receivedAnswer[0] != 0x0a)) {\r
                                if (MF_DBGLEVEL >= 1)   Dbprintf("wupC2 error");\r
                                break;\r
@@ -921,7 +1154,7 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                }\r
 \r
                // read block\r
-               if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer) != 18)) {\r
+               if ((mifare_sendcmd_short(NULL, 0, 0x30, blockNo, receivedAnswer, NULL) != 18)) {\r
                        if (MF_DBGLEVEL >= 1)   Dbprintf("read block send command error");\r
                        break;\r
                };\r
@@ -938,15 +1171,20 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
                break;\r
        }\r
        \r
-       UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
-       if (isOK) memcpy(ack.d.asBytes, data, 18);\r
+//     UsbCommand ack = {CMD_ACK, {isOK, 0, 0}};\r
+//     if (isOK) memcpy(ack.d.asBytes, data, 18);\r
        \r
        // add trace trailer\r
-       memset(data, 0x44, 4);\r
-       LogTrace(data, 4, 0, 0, TRUE);\r
-\r
+       /*\r
+       * Removed by Martin, this piece of overwrites the 'data' variable \r
+       * which is sent two lines down, and is obviously not correct. \r
+       * \r
+       * memset(data, 0x44, 4);\r
+       * LogTrace(data, 4, 0, 0, TRUE);\r
+       */\r
        LED_B_ON();\r
-       UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
+  cmd_send(CMD_ACK,isOK,0,0,data,18);\r
+//     UsbSendPacket((uint8_t *)&ack, sizeof(UsbCommand));\r
        LED_B_OFF();\r
 \r
        if ((workFlags & 0x10) || (!isOK)) {\r
Impressum, Datenschutz