X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/57850d9dfb117d68d21e09b3ca25d25f147f75ac..a8ee668770c99f651346266a506b79192e944ab3:/armsrc/iso14443a.c diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 7822ee22..21f70c3e 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -857,10 +857,12 @@ bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) { //----------------------------------------------------------------------------- // Main loop of simulated tag: receive commands from reader, decide what // response to send, and send it. +// 'hf 14a sim' //----------------------------------------------------------------------------- void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { - //Here, we collect CUID, NT, NR, AR, CUID, NT2, NR2, AR2 + // Here, we collect CUID, block1, keytype1, NT1, NR1, AR1, CUID, block2, keytyp2, NT2, NR2, AR2 + // it should also collect block, keytype. // This can be used in a reader-only attack. uint32_t ar_nr_responses[] = {0,0,0,0,0,0,0,0,0,0}; uint8_t ar_nr_collected = 0; @@ -1173,13 +1175,14 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { if(ar_nr_collected > 1 ) { if (MF_DBGLEVEL >= 2 && !(flags & FLAG_INTERACTIVE)) { Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:"); - Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x", + Dbprintf("../tools/mfkey/mfkey32v2.exe %08x %08x %08x %08x %08x %08x %08x", ar_nr_responses[0], // CUID - ar_nr_responses[1], // NT - ar_nr_responses[2], // AR1 - ar_nr_responses[3], // NR1 - ar_nr_responses[6], // AR2 - ar_nr_responses[7] // NR2 + ar_nr_responses[1], // NT_1 + ar_nr_responses[2], // AR_1 + ar_nr_responses[3], // NR_1 + ar_nr_responses[5], // NT_2 + ar_nr_responses[6], // AR_2 + ar_nr_responses[7] // NR_2 ); } uint8_t len = ar_nr_collected*4*4; @@ -1570,7 +1573,7 @@ int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen, bool correctionNeeded) { b = AT91C_BASE_SSC->SSC_RHR; (void) b; // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line) - for (uint16_t j = 0; j < 5; j++) { // allow timeout - better late than never + for (uint8_t j = 0; j < 5; j++) { // allow timeout - better late than never while(!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)); if (AT91C_BASE_SSC->SSC_RHR) break; }