#include "util.h"
#include "string.h"
#include "common.h"
+#include "cmd.h"
// Needed for CRC in emulation mode;
// same construction as in ISO 14443;
// different initial value (CRC_ICLASS)
#include "iso14443crc.h"
+#include "iso15693tools.h"
static int timeout = 4096;
CodeIClassTagAnswer(response4, sizeof(response4));
memcpy(resp4, ToSend, ToSendMax); resp4Len = ToSendMax;
-
- // Start from off (no field generated)
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(200);
-
-
// We need to listen to the high-frequency, peak-detected path.
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
FpgaSetupSsc();
LED_A_ON();
for(;;) {
LED_B_OFF();
- //Signal tracer
- // Can be used to get a trigger for an oscilloscope..
- LED_C_OFF();
-
if(!GetIClassCommandFromReader(receivedCmd, &len, 100)) {
DbpString("button press");
break;
}
- //Signal tracer
- LED_C_ON();
-
// Okay, look at the command now.
if(receivedCmd[0] == 0x0a) {
static int SendIClassAnswer(uint8_t *resp, int respLen, int delay)
{
- int i = 0, d=0;//, u = 0, d = 0;
+ int i = 0, u = 0, d = 0;
uint8_t b = 0;
-
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);
-
+ // return 0;
+ // Modulate Manchester
+ // FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD424);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD);
AT91C_BASE_SSC->SSC_THR = 0x00;
FpgaSetupSsc();
- while(!BUTTON_PRESS()) {
- if((AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)){
- b = AT91C_BASE_SSC->SSC_RHR; (void) b;
+
+ // send cycle
+ for(;;) {
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+ volatile uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+ (void)b;
}
- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)){
- b = 0x00;
+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
if(d < delay) {
+ b = 0x00;
d++;
}
- else {
- if( i < respLen){
- b = resp[i];
- //Hack
- //b = 0xAC;
- }
- i++;
+ else if(i >= respLen) {
+ b = 0x00;
+ u++;
+ } else {
+ b = resp[i];
+ u++;
+ if(u > 1) { i++; u = 0; }
}
AT91C_BASE_SSC->SSC_THR = b;
- }
- if (i > respLen +4) break;
+ if(u > 4) break;
+ }
+ if(BUTTON_PRESS()) {
+ break;
+ }
}
return 0;
static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int *wait)
{
int c;
+
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
AT91C_BASE_SSC->SSC_THR = 0x00;
FpgaSetupSsc();
b = cmd[i];
for(j = 0; j < 4; j++) {
for(k = 0; k < 4; k++) {
- if(k == (b & 3)) {
- ToSend[++ToSendMax] = 0x0f;
- }
- else {
- ToSend[++ToSendMax] = 0x00;
- }
+ if(k == (b & 3)) {
+ ToSend[++ToSendMax] = 0x0f;
+ }
+ else {
+ ToSend[++ToSendMax] = 0x00;
+ }
}
b >>= 2;
}
LED_A_OFF();
}
+void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
+ uint8_t act_all[] = { 0x0a };
+ uint8_t identify[] = { 0x0c };
+ uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ uint8_t readcheck_cc[]= { 0x88, 0x02 };
+ uint8_t check[] = { 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 };
+
+ uint16_t crc = 0;
+ uint8_t cardsize=0;
+ bool read_success=false;
+ uint8_t mem=0;
+
+ static struct memory_t{
+ int k16;
+ int book;
+ int k2;
+ int lockauth;
+ int keyaccess;
+ } memory;
+
+ uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
+
+ // Reset trace buffer
+ memset(trace, 0x44, RECV_CMD_OFFSET);
+ traceLen = 0;
+
+ // Setup SSC
+ FpgaSetupSsc();
+ // Start from off (no field generated)
+ // Signal field is off with the appropriate LED
+ LED_D_OFF();
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ SpinDelay(200);
+
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
+ // Now give it time to spin up.
+ // Signal field is on with the appropriate LED
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+ SpinDelay(200);
+
+ LED_A_ON();
+
+ for(int i=0;i<1;i++) {
+
+ if(traceLen > TRACE_SIZE) {
+ DbpString("Trace full");
+ break;
+ }
+
+ if (BUTTON_PRESS()) break;
+
+ // Send act_all
+ ReaderTransmitIClass(act_all, 1);
+ // Card present?
+ if(ReaderReceiveIClass(resp)) {
+ ReaderTransmitIClass(identify, 1);
+ if(ReaderReceiveIClass(resp) == 10) {
+ // Select card
+ memcpy(&select[1],resp,8);
+ ReaderTransmitIClass(select, sizeof(select));
+
+ if(ReaderReceiveIClass(resp) == 10) {
+ Dbprintf(" Selected CSN: %02x %02x %02x %02x %02x %02x %02x %02x",
+ resp[0], resp[1], resp[2],
+ resp[3], resp[4], resp[5],
+ resp[6], resp[7]);
+ }
+ // Card selected
+ Dbprintf("Readcheck on Sector 2");
+ ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
+ if(ReaderReceiveIClass(resp) == 8) {
+ Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x",
+ resp[0], resp[1], resp[2],
+ resp[3], resp[4], resp[5],
+ resp[6], resp[7]);
+ }else return;
+ Dbprintf("Authenticate");
+ //for now replay captured auth (as cc not updated)
+ memcpy(check+5,MAC,4);
+ Dbprintf(" AA: %02x %02x %02x %02x",
+ check[5], check[6], check[7],check[8]);
+ ReaderTransmitIClass(check, sizeof(check));
+ if(ReaderReceiveIClass(resp) == 4) {
+ Dbprintf(" AR: %02x %02x %02x %02x",
+ resp[0], resp[1], resp[2],resp[3]);
+ }else {
+ Dbprintf("Error: Authentication Fail!");
+ return;
+ }
+ Dbprintf("Dump Contents");
+ //first get configuration block
+ read_success=false;
+ read[1]=1;
+ uint8_t *blockno=&read[1];
+ crc = iclass_crc16((char *)blockno,1);
+ read[2] = crc >> 8;
+ read[3] = crc & 0xff;
+ while(!read_success){
+ ReaderTransmitIClass(read, sizeof(read));
+ if(ReaderReceiveIClass(resp) == 10) {
+ read_success=true;
+ mem=resp[5];
+ memory.k16= (mem & 0x80);
+ memory.book= (mem & 0x20);
+ memory.k2= (mem & 0x8);
+ memory.lockauth= (mem & 0x2);
+ memory.keyaccess= (mem & 0x1);
+
+ }
+ }
+ if (memory.k16){
+ cardsize=255;
+ }else cardsize=32;
+ //then loop around remaining blocks
+ for(uint8_t j=0; j<cardsize; j++){
+ read_success=false;
+ uint8_t *blockno=&j;
+ //crc_data[0]=j;
+ read[1]=j;
+ crc = iclass_crc16((char *)blockno,1);
+ read[2] = crc >> 8;
+ read[3] = crc & 0xff;
+ while(!read_success){
+ ReaderTransmitIClass(read, sizeof(read));
+ if(ReaderReceiveIClass(resp) == 10) {
+ read_success=true;
+ Dbprintf(" %02x: %02x %02x %02x %02x %02x %02x %02x %02x",
+ j, resp[0], resp[1], resp[2],
+ resp[3], resp[4], resp[5],
+ resp[6], resp[7]);
+ }
+ }
+ }
+ }
+ }
+ WDT_HIT();
+ }
+
+ LED_A_OFF();
+}
+
+//1. Create Method to Read sectors/blocks 0,1,2 and Send to client
+void IClass_iso14443A_GetPublic(uint8_t arg0) {
+ uint8_t act_all[] = { 0x0a };
+ uint8_t identify[] = { 0x0c };
+ uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ uint8_t readcheck_cc[]= { 0x88, 0x02 };
+ //uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 };
+ uint8_t card_data[24]={0};
+
+ //bool read_success=false;
+ uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes
+
+ // Reset trace buffer
+ memset(trace, 0x44, RECV_CMD_OFFSET);
+ traceLen = 0;
+
+ // Setup SSC
+ FpgaSetupSsc();
+ // Start from off (no field generated)
+ // Signal field is off with the appropriate LED
+ LED_D_OFF();
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ SpinDelay(200);
+
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
+ // Now give it time to spin up.
+ // Signal field is on with the appropriate LED
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
+ SpinDelay(200);
+
+ LED_A_ON();
+
+ for(int i=0;i<1;i++) {
+
+ if(traceLen > TRACE_SIZE) {
+ DbpString("Trace full");
+ break;
+ }
+
+ if (BUTTON_PRESS()) break;
+
+ // Send act_all
+ ReaderTransmitIClass(act_all, 1);
+ // Card present?
+ if(ReaderReceiveIClass(resp)) {
+ ReaderTransmitIClass(identify, 1);
+ if(ReaderReceiveIClass(resp) == 10) {
+ // Select card
+ memcpy(&select[1],resp,8);
+ ReaderTransmitIClass(select, sizeof(select));
+
+ if(ReaderReceiveIClass(resp) == 10) {
+ Dbprintf(" Selected CSN: %02x %02x %02x %02x %02x %02x %02x %02x",
+ resp[0], resp[1], resp[2],
+ resp[3], resp[4], resp[5],
+ resp[6], resp[7]);
+ }
+ memcpy(card_data,resp,8);
+ // Card selected
+ Dbprintf("Readcheck on Sector 2");
+ ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
+ if(ReaderReceiveIClass(resp) == 8) {
+ Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x",
+ resp[0], resp[1], resp[2],
+ resp[3], resp[4], resp[5],
+ resp[6], resp[7]);
+ }
+ memcpy(card_data+8,resp,8);
+ //prep to read config block
+ /* read card configuration block
+ while(!read_success){
+ uint8_t sector_config=0x01;
+ memcpy(read+1,§or_config,1);
+ ReaderTransmitIClass(read, sizeof(read));
+ if(ReaderReceiveIClass(resp) == 8) {
+ Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x",
+ resp[0], resp[1], resp[2],
+ resp[3], resp[4], resp[5],
+ resp[6], resp[7]);
+ read_success=true;
+ memcpy(card_data+16,resp,8);
+ }
+ }*/
+ }
+ }
+ WDT_HIT();
+ }
+ //Dbprintf("DEBUG: %02x%02x%02x%02x%02x%02x%02x%02x",card_data[0],card_data[1],card_data[2],card_data[3],card_data[4],card_data[5],card_data[6],card_data[7]);
+ //Dbprintf("DEBUG: %02x%02x%02x%02x%02x%02x%02x%02x",card_data[8],card_data[9],card_data[10],card_data[11],card_data[12],card_data[13],card_data[14],card_data[15]);
+ LED_A_OFF();
+ LED_B_ON();
+ //send data back to the client
+ cmd_send(CMD_ACK,0,0,0,card_data,16);
+ LED_B_OFF();
+}
+
+//TODO: Create Write method
projects / proxmark3-svn / blobdiff