X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/8258f409697ab41a6858ef9bdcdf406989223bbb..569009f3f75891524dda1411b6f3c4c51c0e1ac2:/armsrc/mifarecmd.c?ds=inline
diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 1f8f4ee8..5d10ad81 100644
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -19,12 +19,6 @@
#include "crc.h"
-// the block number for the ISO14443-4 PCB
-uint8_t pcb_blocknum = 0;
-// Deselect card by sending a s-block. the crc is precalced for speed
-static uint8_t deselect_cmd[] = {0xc2,0xe0,0xb4};
-
-
//-----------------------------------------------------------------------------
// Select, Authenticate, Read a MIFARE tag.
// read block
@@ -106,17 +100,17 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *keybytes){
return;
};
- if(mifare_ultra_auth(keybytes) == 1){
+ if(!mifare_ultra_auth(keybytes)){
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed");
OnError(1);
return;
}
- cmd_send(CMD_ACK,1,0,0,0,0);
if (turnOffField) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
+ cmd_send(CMD_ACK,1,0,0,0,0);
}
// Arg0 = BlockNo,
@@ -146,7 +140,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) );
- if ( mifare_ultra_auth(key) == 1 ) {
+ if ( !mifare_ultra_auth(key) ) {
OnError(1);
return;
}
@@ -157,7 +151,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
uint8_t pwd[4] = {0x00};
memcpy(pwd, datain, 4);
uint8_t pack[4] = {0,0,0,0};
- if (mifare_ul_ev1_auth(pwd, pack) == 1) {
+ if (!mifare_ul_ev1_auth(pwd, pack)) {
OnError(1);
return;
}
@@ -175,7 +169,7 @@ void MifareUReadBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
return;
}
- cmd_send(CMD_ACK,1,0,0,dataout,16);
+ cmd_send(CMD_ACK,1,0,0,dataout,16);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
@@ -215,7 +209,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
isOK = 0;
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
}
-
+
if(isOK && mifare_classic_auth(pcs, cuid, FirstBlockOfSector(sectorNo), keyType, ui64Key, AUTH_FIRST)) {
isOK = 0;
@@ -248,19 +242,31 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LEDsoff();
}
+// arg0 = blockNo (start)
+// arg1 = Pages (number of blocks)
+// arg2 = useKey
+// datain = KEY bytes
void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
{
+ // free eventually allocated BigBuf memory
+ BigBuf_free();
+ clear_trace();
+
// params
uint8_t blockNo = arg0;
uint16_t blocks = arg1;
bool useKey = (arg2 == 1); //UL_C
bool usePwd = (arg2 == 2); //UL_EV1/NTAG
- int countblocks = 0;
- uint8_t dataout[176] = {0x00};
+ uint32_t countblocks = 0;
+ uint8_t *dataout = BigBuf_malloc(CARD_MEMORY_SIZE);
+ if (dataout == NULL){
+ Dbprintf("out of memory");
+ OnError(1);
+ return;
+ }
LEDsoff();
LED_A_ON();
- clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
int len = iso14443a_select_card(NULL, NULL, NULL);
@@ -275,7 +281,7 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
uint8_t key[16] = {0x00};
memcpy(key, datain, sizeof(key) );
- if ( mifare_ultra_auth(key) == 1 ) {
+ if ( !mifare_ultra_auth(key) ) {
OnError(1);
return;
}
@@ -287,19 +293,30 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
memcpy(pwd, datain, sizeof(pwd));
uint8_t pack[4] = {0,0,0,0};
- if (mifare_ul_ev1_auth(pwd, pack) == 1){
+ if (!mifare_ul_ev1_auth(pwd, pack)){
OnError(1);
return;
}
}
for (int i = 0; i < blocks; i++){
- len = mifare_ultra_readblock(blockNo * 4 + i, dataout + 4 * i);
+ if ((i*4) + 4 >= CARD_MEMORY_SIZE) {
+ Dbprintf("Data exceeds buffer!!");
+ break;
+ }
+ len = mifare_ultra_readblock(blockNo + i, dataout + 4 * i);
+
if (len) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Read block %d error",i);
- OnError(2);
+ // if no blocks read - error out
+ if (i==0){
+ OnError(2);
return;
+ } else {
+ //stop at last successful read block and return what we got
+ break;
+ }
} else {
countblocks++;
}
@@ -314,11 +331,12 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Blocks read %d", countblocks);
- len = blocks * 4;
+ countblocks *= 4;
- cmd_send(CMD_ACK, 1, len, 0, dataout, len);
+ cmd_send(CMD_ACK, 1, countblocks, BigBuf_max_traceLen(), 0, 0);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
+ BigBuf_free();
}
//-----------------------------------------------------------------------------
@@ -393,7 +411,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LEDsoff();
}
-void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
+/* // Command not needed but left for future testing
+void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
{
uint8_t blockNo = arg0;
byte_t blockdata[16] = {0x00};
@@ -413,7 +432,7 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
return;
};
- if(mifare_ultra_writeblock(blockNo, blockdata)) {
+ if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(0);
return; };
@@ -430,10 +449,19 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
-
-void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
+*/
+
+// Arg0 : Block to write to.
+// Arg1 : 0 = use no authentication.
+// 1 = use 0x1A authentication.
+// 2 = use 0x1B authentication.
+// datain : 4 first bytes is data to be written.
+// : 4/16 next bytes is authentication key.
+void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
{
uint8_t blockNo = arg0;
+ bool useKey = (arg1 == 1); //UL_C
+ bool usePwd = (arg1 == 2); //UL_EV1/NTAG
byte_t blockdata[4] = {0x00};
memcpy(blockdata, datain,4);
@@ -449,7 +477,29 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
return;
};
- if(mifare_ultra_special_writeblock(blockNo, blockdata)) {
+ // UL-C authentication
+ if ( useKey ) {
+ uint8_t key[16] = {0x00};
+ memcpy(key, datain+4, sizeof(key) );
+
+ if ( !mifare_ultra_auth(key) ) {
+ OnError(1);
+ return;
+ }
+ }
+
+ // UL-EV1 / NTAG authentication
+ if (usePwd) {
+ uint8_t pwd[4] = {0x00};
+ memcpy(pwd, datain+4, 4);
+ uint8_t pack[4] = {0,0,0,0};
+ if (!mifare_ul_ev1_auth(pwd, pack)) {
+ OnError(1);
+ return;
+ }
+ }
+
+ if(mifare_ultra_writeblock(blockNo, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(0);
return;
@@ -489,7 +539,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[6];
blockdata[2] = pwd[5];
blockdata[3] = pwd[4];
- if(mifare_ultra_special_writeblock( 44, blockdata)) {
+ if(mifare_ultra_writeblock( 44, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(44);
return;
@@ -499,7 +549,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[2];
blockdata[2] = pwd[1];
blockdata[3] = pwd[0];
- if(mifare_ultra_special_writeblock( 45, blockdata)) {
+ if(mifare_ultra_writeblock( 45, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(45);
return;
@@ -509,7 +559,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[14];
blockdata[2] = pwd[13];
blockdata[3] = pwd[12];
- if(mifare_ultra_special_writeblock( 46, blockdata)) {
+ if(mifare_ultra_writeblock( 46, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(46);
return;
@@ -519,7 +569,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[10];
blockdata[2] = pwd[9];
blockdata[3] = pwd[8];
- if(mifare_ultra_special_writeblock( 47, blockdata)) {
+ if(mifare_ultra_writeblock( 47, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(47);
return;
@@ -692,7 +742,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
// nested authentication
auth2_time = auth1_time + delta_time;
- len = mifare_sendcmd_shortex(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
+ len = mifare_sendcmd_short(pcs, AUTH_NESTED, 0x60 + (targetKeyType & 0x01), targetBlockNo, receivedAnswer, par, &auth2_time);
if (len != 4) {
if (MF_DBGLEVEL >= 1) Dbprintf("Nested: Auth2 error len=%d", len);
continue;
@@ -986,12 +1036,12 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
if (workFlags & 0x01) {
if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
- break;
+ //break;
};
if(mifare_classic_halt(NULL, cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
- break;
+ //break;
};
};
@@ -1170,7 +1220,74 @@ void MifareCIdent(){
cmd_send(CMD_ACK,isOK,0,0,0,0);
}
- //
+void MifareCollectNonces(uint32_t arg0, uint32_t arg1){
+
+ BigBuf_free();
+
+ uint32_t iterations = arg0;
+ uint8_t uid[10] = {0x00};
+
+ uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);
+ uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);
+
+ uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
+
+ // get memory from BigBuf.
+ uint8_t *nonces = BigBuf_malloc(iterations * 4);
+
+ LED_A_ON();
+ LED_B_OFF();
+ LED_C_OFF();
+
+ clear_trace();
+ set_tracing(TRUE);
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+
+ for (int i = 0; i < iterations; i++) {
+
+ WDT_HIT();
+
+ // Test if the action was cancelled
+ if(BUTTON_PRESS()) break;
+
+ // if(mifare_classic_halt(pcs, cuid)) {
+ // if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
+ //}
+
+ if(!iso14443a_select_card(uid, NULL, NULL)) {
+ if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
+ continue;
+ };
+
+ // Transmit MIFARE_CLASSIC_AUTH.
+ ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);
+
+ // Receive the (4 Byte) "random" nonce
+ if (!ReaderReceive(response, responsePar)) {
+ if (MF_DBGLEVEL >= 1) Dbprintf("Couldn't receive tag nonce");
+ continue;
+ }
+
+ nonces[i*4] = bytes_to_num(response, 4);
+ }
+
+ int packLen = iterations * 4;
+ int packSize = 0;
+ int packNum = 0;
+ while (packLen > 0) {
+ packSize = MIN(USB_CMD_DATA_SIZE, packLen);
+ LED_B_ON();
+ cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);
+ LED_B_OFF();
+
+ packLen -= packSize;
+ packNum++;
+ }
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ LEDsoff();
+}
+
+//
// DESFIRE
//
@@ -1178,7 +1295,7 @@ void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
byte_t dataout[11] = {0x00};
uint8_t uid[10] = {0x00};
- uint32_t cuid;
+ uint32_t cuid = 0x00;
clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@@ -1204,39 +1321,22 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
uint32_t cuid = arg0;
uint8_t key[16] = {0x00};
- byte_t isOK = 0;
byte_t dataout[12] = {0x00};
+ byte_t isOK = 0;
memcpy(key, datain, 16);
isOK = mifare_desfire_des_auth2(cuid, key, dataout);
if( isOK) {
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
- Dbprintf("Authentication part2: Failed");
- //OnError(4);
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");
+ OnError(4);
return;
}
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
- DbpString("AUTH 2 FINISHED");
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
-}
-
-void OnSuccess(){
- pcb_blocknum = 0;
- ReaderTransmit(deselect_cmd, 3 , NULL);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LEDsoff();
-}
-
-void OnError(uint8_t reason){
- pcb_blocknum = 0;
- ReaderTransmit(deselect_cmd, 3 , NULL);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- cmd_send(CMD_ACK,0,reason,0,0,0);
- LEDsoff();
-}
+}
\ No newline at end of file