X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/bcf61bd34ab2747580aabf648093e5854b7283ed..c9216a92aa50549dd3e6d014866e469d5c28c362:/armsrc/iso14443a.c diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index e1943b26..8aa99d67 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -673,6 +673,7 @@ void RAMFUNC SniffIso14443a(uint8_t param) { } /* And ready to receive another command. */ UartReset(); + //UartInit(receivedCmd, receivedCmdPar); /* And also reset the demod code, which might have been */ /* false-triggered by the commands from the reader. */ DemodReset(); @@ -912,7 +913,9 @@ bool prepare_tag_modulation(tag_response_info_t* response_info, size_t max_buffe // Coded responses need one byte per bit to transfer (data, parity, start, stop, correction) // 28 * 8 data bits, 28 * 1 parity bits, 7 start bits, 7 stop bits, 7 correction bits // -> need 273 bytes buffer -#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 273 +// 44 * 8 data bits, 44 * 1 parity bits, 9 start bits, 9 stop bits, 9 correction bits --370 +// 47 * 8 data bits, 47 * 1 parity bits, 10 start bits, 10 stop bits, 10 correction bits +#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 453 bool prepare_allocated_tag_modulation(tag_response_info_t* response_info) { // Retrieve and store the current buffer index @@ -946,6 +949,12 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) uint8_t sak; + uint8_t blockzeros[512]; + memset(blockzeros, 0x00, sizeof(blockzeros)); + + // PACK response to PWD AUTH for EV1/NTAG + uint8_t response8[4]; + // The first response contains the ATQA (note: bytes are transmitted in reverse order). uint8_t response1[2]; @@ -958,7 +967,7 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) } break; case 2: { // MIFARE Ultralight // Says: I am a stupid memory tag, no crypto - response1[0] = 0x04; + response1[0] = 0x44; response1[1] = 0x00; sak = 0x00; } break; @@ -986,6 +995,16 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) response1[1] = 0x00; sak = 0x09; } break; + case 7: { // NTAG? + // Says: I am a NTAG, + response1[0] = 0x44; + response1[1] = 0x00; + sak = 0x00; + // PACK + response8[0] = 0x80; + response8[1] = 0x80; + ComputeCrc14443(CRC_14443_A, response8, 2, &response8[2], &response8[3]); + } break; default: { Dbprintf("Error: unkown tagtype (%d)",tagType); return; @@ -1007,7 +1026,7 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) response2a[0] = data[3]; response2a[1] = data[4]; response2a[2] = data[5]; - response2a[3] = data[7]; + response2a[3] = data[6]; //?? response2a[4] = response2a[0] ^ response2a[1] ^ response2a[2] ^ response2a[3]; // Configure the ATQA and SAK accordingly @@ -1034,7 +1053,7 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) response3a[0] = sak & 0xFB; ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]); - uint8_t response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce + uint8_t response5[] = { 0x01, 0x01, 0x01, 0x01 }; // Very random tag nonce uint8_t response6[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS: // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present, // TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1 @@ -1042,7 +1061,14 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) // TC(1) = 0x02: CID supported, NAD not supported ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]); - #define TAG_RESPONSE_COUNT 7 + // Prepare GET_VERSION (different for EV-1 / NTAG) + //uint8_t response7_EV1[] = {0x00, 0x04, 0x03, 0x01, 0x01, 0x00, 0x0b, 0x03, 0xfd, 0xf7}; //EV1 48bytes VERSION. + uint8_t response7_NTAG[] = {0x00, 0x04, 0x04, 0x02, 0x01, 0x00, 0x11, 0x03, 0x01, 0x9e}; //NTAG 215 + + // Prepare CHK_TEARING + uint8_t response9[] = {0xBD,0x90,0x3f}; + + #define TAG_RESPONSE_COUNT 10 tag_response_info_t responses[TAG_RESPONSE_COUNT] = { { .response = response1, .response_n = sizeof(response1) }, // Answer to request - respond with card type { .response = response2, .response_n = sizeof(response2) }, // Anticollision cascade1 - respond with uid @@ -1051,6 +1077,9 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) { .response = response3a, .response_n = sizeof(response3a) }, // Acknowledge select - cascade 2 { .response = response5, .response_n = sizeof(response5) }, // Authentication answer (random nonce) { .response = response6, .response_n = sizeof(response6) }, // dummy ATS (pseudo-ATR), answer to RATS + { .response = response7_NTAG, .response_n = sizeof(response7_NTAG) }, // EV1/NTAG GET_VERSION response + { .response = response8, .response_n = sizeof(response8) }, // EV1/NTAG PACK response + { .response = response9, .response_n = sizeof(response9) } // EV1/NTAG CHK_TEAR response }; // Allocate 512 bytes for the dynamic modulation, created when the reader queries for it @@ -1126,10 +1155,60 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) } else if(receivedCmd[1] == 0x70 && receivedCmd[0] == 0x95) { // Received a SELECT (cascade 2) p_response = &responses[4]; order = 30; } else if(receivedCmd[0] == 0x30) { // Received a (plain) READ - EmSendCmdEx(data+(4*receivedCmd[1]),16,false); - // Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]); - // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below - p_response = NULL; + uint8_t block = receivedCmd[1]; + if ( tagType == 7 ) { + + if ( block < 4 ) { + //NTAG 215 + uint8_t start = 4 * block; + + uint8_t blockdata[50] = { + data[0],data[1],data[2], 0x88 ^ data[0] ^ data[1] ^ data[2], + data[3],data[4],data[5],data[6], + data[3] ^ data[4] ^ data[5] ^ data[6],0x48,0x0f,0xe0, + 0xe1,0x10,0x12,0x00, + 0x03,0x00,0xfe,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, + 0x00,0x00}; + AppendCrc14443a(blockdata+start, 16); + + EmSendCmdEx( blockdata+start, 18, false); + } else { + AppendCrc14443a(blockzeros, 16); + EmSendCmdEx(blockzeros,18,false); + } + p_response = NULL; + + } else { + EmSendCmdEx(data+(4*block),16,false); + // Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]); + // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below + p_response = NULL; + } + } else if(receivedCmd[0] == 0x3A) { // Received a FAST READ (ranged read) -- just returns all zeros. + uint8_t len = (receivedCmd[2] - receivedCmd[1] ) * 4; + AppendCrc14443a(blockzeros,len); + EmSendCmdEx(blockzeros,len+2,false); + p_response = NULL; + } else if(receivedCmd[0] == 0x3C && tagType == 7) { // Received a READ SIGNATURE -- + // ECC data, taken from a NTAG215 amiibo token. might work. LEN: 32, + 2 crc + uint8_t data[] = {0x56,0x06,0xa6,0x4f,0x43,0x32,0x53,0x6f, + 0x43,0xda,0x45,0xd6,0x61,0x38,0xaa,0x1e, + 0xcf,0xd3,0x61,0x36,0xca,0x5f,0xbb,0x05, + 0xce,0x21,0x24,0x5b,0xa6,0x7a,0x79,0x07, + 0x00,0x00}; + AppendCrc14443a(data, sizeof(data)); + EmSendCmdEx(data,sizeof(data),false); + p_response = NULL; + } else if(receivedCmd[0] == 0x39 && tagType == 7) { // Received a READ COUNTER -- + uint8_t data[] = {0x00,0x00,0x00,0x14,0xa5}; + //AppendCrc14443a(data, sizeof(data)); + EmSendCmdEx(data,sizeof(data),false); + p_response = NULL; + } else if(receivedCmd[0] == 0x3E && tagType == 7) { // Received a CHECK_TEARING_EVENT -- + p_response = &responses[9]; } else if(receivedCmd[0] == 0x50) { // Received a HALT if (tracing) { @@ -1137,7 +1216,12 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) } p_response = NULL; } else if(receivedCmd[0] == 0x60 || receivedCmd[0] == 0x61) { // Received an authentication request - p_response = &responses[5]; order = 7; + + if ( tagType == 7 ) { // IF NTAG /EV1 0x60 == GET_VERSION, not a authentication request. + p_response = &responses[7]; + } else { + p_response = &responses[5]; order = 7; + } } else if(receivedCmd[0] == 0xE0) { // Received a RATS request if (tagType == 1 || tagType == 2) { // RATS not supported EmSend4bit(CARD_NACK_NA); @@ -1186,10 +1270,19 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,len,0,&ar_nr_responses,len); ar_nr_collected = 0; memset(ar_nr_responses, 0x00, len); - Dbprintf("ICE"); } } - } else { + } else if (receivedCmd[0] == 0x1a ) // ULC authentication + { + + } + else if (receivedCmd[0] == 0x1b) // NTAG / EV-1 authentication + { + if ( tagType == 7 ) { + p_response = &responses[8]; // PACK response + } + } + else { // Check for ISO 14443A-4 compliant commands, look at left nibble switch (receivedCmd[0]) { @@ -1293,10 +1386,12 @@ void SimulateIso14443aTag(int tagType, int flags, int uid_2nd, byte_t* data) } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - - Dbprintf("%x %x %x", happened, happened2, cmdsRecvd); - LED_A_OFF(); BigBuf_free_keep_EM(); + LED_A_OFF(); + + Dbprintf("-[ Wake ups after halt [%d]", happened); + Dbprintf("-[ Messages after halt [%d]", happened2); + Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd); } @@ -2311,7 +2406,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * uint8_t cardWRBL = 0; uint8_t cardAUTHSC = 0; uint8_t cardAUTHKEY = 0xff; // no authentication - uint32_t cardRr = 0; +// uint32_t cardRr = 0; uint32_t cuid = 0; //uint32_t rn_enc = 0; uint32_t ans = 0; @@ -2329,16 +2424,17 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * uint8_t rATQA[] = {0x04, 0x00}; // Mifare classic 1k 4BUID uint8_t rUIDBCC1[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; uint8_t rUIDBCC2[] = {0xde, 0xad, 0xbe, 0xaf, 0x62}; // !!! - uint8_t rSAK[] = {0x08, 0xb6, 0xdd}; + //uint8_t rSAK[] = {0x08, 0xb6, 0xdd}; // Mifare Classic + uint8_t rSAK[] = {0x09, 0x3f, 0xcc }; // Mifare Mini uint8_t rSAK1[] = {0x04, 0xda, 0x17}; - uint8_t rAUTH_NT[] = {0x01, 0x02, 0x03, 0x04}; + uint8_t rAUTH_NT[] = {0x01, 0x01, 0x01, 0x01}; uint8_t rAUTH_AT[] = {0x00, 0x00, 0x00, 0x00}; //Here, we collect UID,NT,AR,NR,UID2,NT2,AR2,NR2 // This can be used in a reader-only attack. // (it can also be retrieved via 'hf 14a list', but hey... - uint32_t ar_nr_responses[] = {0,0,0,0,0,0,0,0}; + uint32_t ar_nr_responses[] = {0,0,0,0,0,0,0,0,0,0}; uint8_t ar_nr_collected = 0; // free eventually allocated BigBuf memory but keep Emulator Memory @@ -2377,6 +2473,11 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * } } + // save uid. + ar_nr_responses[0*5] = bytes_to_num(rUIDBCC1+1, 3); + if ( _7BUID ) + ar_nr_responses[0*5+1] = bytes_to_num(rUIDBCC2, 4); + /* * Regardless of what method was used to set the UID, set fifth byte and modify * the ATQA for 4 or 7-byte UID @@ -2419,7 +2520,6 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if(cardSTATE == MFEMUL_NOFIELD) continue; //Now, get data - res = EmGetCmd(receivedCmd, &len, receivedCmd_par); if (res == 2) { //Field is off! cardSTATE = MFEMUL_NOFIELD; @@ -2490,39 +2590,42 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * uint32_t nr = bytes_to_num(&receivedCmd[4], 4); //Collect AR/NR - if(ar_nr_collected < 2 && cardAUTHSC == 2){ + //if(ar_nr_collected < 2 && cardAUTHSC == 2){ + if(ar_nr_collected < 2){ if(ar_nr_responses[2] != ar) {// Avoid duplicates... probably not necessary, ar should vary. - ar_nr_responses[ar_nr_collected*4] = cuid; - ar_nr_responses[ar_nr_collected*4+1] = nonce; - ar_nr_responses[ar_nr_collected*4+2] = ar; - ar_nr_responses[ar_nr_collected*4+3] = nr; + //ar_nr_responses[ar_nr_collected*5] = 0; + //ar_nr_responses[ar_nr_collected*5+1] = 0; + ar_nr_responses[ar_nr_collected*5+2] = nonce; + ar_nr_responses[ar_nr_collected*5+3] = nr; + ar_nr_responses[ar_nr_collected*5+4] = ar; ar_nr_collected++; } // Interactive mode flag, means we need to send ACK if(flags & FLAG_INTERACTIVE && ar_nr_collected == 2) { finished = true; - } + } } // --- crypto - crypto1_word(pcs, ar , 1); - cardRr = nr ^ crypto1_word(pcs, 0, 0); - - // test if auth OK - if (cardRr != prng_successor(nonce, 64)){ - if (MF_DBGLEVEL >= 2) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x", - cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B', - cardRr, prng_successor(nonce, 64)); + //crypto1_word(pcs, ar , 1); + //cardRr = nr ^ crypto1_word(pcs, 0, 0); + + //test if auth OK + //if (cardRr != prng_successor(nonce, 64)){ + + //if (MF_DBGLEVEL >= 4) Dbprintf("AUTH FAILED for sector %d with key %c. cardRr=%08x, succ=%08x", + // cardAUTHSC, cardAUTHKEY == 0 ? 'A' : 'B', + // cardRr, prng_successor(nonce, 64)); // Shouldn't we respond anything here? // Right now, we don't nack or anything, which causes the // reader to do a WUPA after a while. /Martin // -- which is the correct response. /piwi - cardSTATE_TO_IDLE(); - LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); - break; - } + //cardSTATE_TO_IDLE(); + //LogTrace(Uart.output, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE); + //break; + //} ans = prng_successor(nonce, 96) ^ crypto1_word(pcs, 0, 0); @@ -2630,13 +2733,13 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * || receivedCmd[0] == 0xB0) { // transfer if (receivedCmd[1] >= 16 * 4) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]); + if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) on out of range block: %d (0x%02x), nacking",receivedCmd[0],receivedCmd[1],receivedCmd[1]); break; } if (receivedCmd[1] / 4 != cardAUTHSC) { EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); - if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate (0x%02) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd[0],receivedCmd[1],cardAUTHSC); + if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate (0x%02) on block (0x%02x) not authenticated for (0x%02x), nacking",receivedCmd[0],receivedCmd[1],cardAUTHSC); break; } } @@ -2668,7 +2771,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if (receivedCmd[0] == 0xC0 || receivedCmd[0] == 0xC1 || receivedCmd[0] == 0xC2) { if (MF_DBGLEVEL >= 4) Dbprintf("RECV 0x%02x inc(0xC1)/dec(0xC0)/restore(0xC2) block %d (%02x)",receivedCmd[0],receivedCmd[1],receivedCmd[1]); if (emlCheckValBl(receivedCmd[1])) { - if (MF_DBGLEVEL >= 2) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking"); + if (MF_DBGLEVEL >= 4) Dbprintf("Reader tried to operate on block, but emlCheckValBl failed, nacking"); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); break; } @@ -2770,35 +2873,37 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t * if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK { //May just aswell send the collected ar_nr in the response aswell - cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,1,0,&ar_nr_responses,ar_nr_collected*4*4); + uint8_t len = ar_nr_collected*5*4; + cmd_send(CMD_ACK, CMD_SIMULATE_MIFARE_CARD, len, 0, &ar_nr_responses, len); } if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 ) { if(ar_nr_collected > 1 ) { Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:"); - Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x", - ar_nr_responses[0], // UID - ar_nr_responses[1], // NT - ar_nr_responses[2], // AR1 - ar_nr_responses[3], // NR1 - ar_nr_responses[6], // AR2 - ar_nr_responses[7] // NR2 + Dbprintf("../tools/mfkey/mfkey32 %06x%08x %08x %08x %08x %08x %08x", + ar_nr_responses[0], // UID1 + ar_nr_responses[1], // UID2 + ar_nr_responses[2], // NT + ar_nr_responses[3], // AR1 + ar_nr_responses[4], // NR1 + ar_nr_responses[8], // AR2 + ar_nr_responses[9] // NR2 ); } else { Dbprintf("Failed to obtain two AR/NR pairs!"); if(ar_nr_collected > 0 ) { - Dbprintf("Only got these: UID=%08x, nonce=%08x, AR1=%08x, NR1=%08x", - ar_nr_responses[0], // UID - ar_nr_responses[1], // NT - ar_nr_responses[2], // AR1 - ar_nr_responses[3] // NR1 + Dbprintf("Only got these: UID=%07x%08x, nonce=%08x, AR1=%08x, NR1=%08x", + ar_nr_responses[0], // UID1 + ar_nr_responses[1], // UID2 + ar_nr_responses[2], // NT + ar_nr_responses[3], // AR1 + ar_nr_responses[4] // NR1 ); } } } - if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen()); - + if (MF_DBGLEVEL >= 1) Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", tracing, BigBuf_get_traceLen()); } @@ -2919,7 +3024,8 @@ void RAMFUNC SniffMifare(uint8_t param) { if (MfSniffLogic(receivedCmd, Uart.len, Uart.parity, Uart.bitCount, TRUE)) break; /* And ready to receive another command. */ - UartInit(receivedCmd, receivedCmdPar); + //UartInit(receivedCmd, receivedCmdPar); + UartReset(); /* And also reset the demod code */ DemodReset();