X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/bf8328e92802fd5f2b63a038ac0b3fc0eeac8581..04d2721b3c7c4113e627d3f953835bde932065db:/armsrc/mifareutil.c

diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c
index 7c856557..163eca79 100644
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@@ -93,10 +93,30 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
 	AppendCrc14443a(dcmd, 6);
 	ReaderTransmit(dcmd, sizeof(dcmd), NULL);
 	int len = ReaderReceive(answer, answer_parity);
-	if(!len)
-	{
+	if(!len) {
                 if (MF_DBGLEVEL >= 1)   Dbprintf("Authentication failed. Card timeout.");
                 return 2;
+    }
+	return len;
+}
+
+int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
+{
+    uint8_t dcmd[19];
+	int len; 
+    dcmd[0] = cmd;
+    memcpy(dcmd+1,data,16);
+	AppendCrc14443a(dcmd, 17);
+	
+	ReaderTransmit(dcmd, sizeof(dcmd), timing);
+	len = ReaderReceive(answer, answer_parity);
+	if(!len) {
+        if (MF_DBGLEVEL >= MF_DBG_ERROR)   Dbprintf("Authentication failed. Card timeout.");
+        len = ReaderReceive(answer,answer_parity);
+    }
+    if(len==1)	{
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)   Dbprintf("NAK - Authentication failed.");
+		return 1;
         }
 	return len;
 }
@@ -149,7 +169,7 @@ int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cm
 	return len;
 }
 
-// mifare commands
+// mifare classic commands
 int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested) 
 {
 	return mifare_classic_authex(pcs, uid, blockNo, keyType, ui64Key, isNested, NULL, NULL);
@@ -278,12 +298,61 @@ int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blo
 	return 0;
 }
 
+// mifare ultralight commands
+int mifare_ultra_auth1(uint32_t uid, uint8_t *blockData){
+
+	uint16_t len;
+	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	
+	len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);
+	if (len == 1) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+		return 1;
+	}
+	if (len != 11)
+		return 1;
+
+	if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
+		Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+			receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
+			receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
+			receivedAnswer[10]);
+		}
+	memcpy(blockData, receivedAnswer, 11);
+	return 0;
+}
+
+int mifare_ultra_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
+
+	uint16_t len;
+	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	
+	len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, key, receivedAnswer, receivedAnswerPar, NULL);
+	if (len == 1) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+		return 1;
+	}
+	if (len != 11)
+		return 1;	
+	
+	if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
+		Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+			receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
+			receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
+			receivedAnswer[10]);
+	}
+	memcpy(blockData, receivedAnswer, 11);
+	return 0;
+}
+
 int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 {
-	// variables
 	uint16_t len;
 	uint8_t	bt[2];
-	
 	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 	
@@ -291,18 +360,21 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 	// command MIFARE_CLASSIC_READBLOCK
 	len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
 	if (len == 1) {
-		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
 		return 1;
 	}
 	if (len != 18) {
-		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: card timeout. len: %x", len);
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Error: card timeout. len: %x", len);
 		return 2;
 	}
     
 	memcpy(bt, receivedAnswer + 16, 2);
 	AppendCrc14443a(receivedAnswer, 16);
 	if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
-		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd CRC response error.");
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd CRC response error.");
 		return 3;
 	}
 	
@@ -360,10 +432,9 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl
 
 int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
 {
-    // variables
     uint16_t len;     
     uint8_t par[3] = {0};  // enough for 18 parity bits
-    uint8_t d_block[18];
+	uint8_t d_block[18] = {0x00};
     uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
         
@@ -371,45 +442,43 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
     len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);
 
     if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
-        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);  
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);  
         return 1;
     }
 
-	memset(d_block,'\0',18);
 	memcpy(d_block, blockData, 16);
     AppendCrc14443a(d_block, 16);
 
 	ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);
 
-    // Receive the response
     len = ReaderReceive(receivedAnswer, receivedAnswerPar);    
 
 	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
-        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
         return 2;
     }        
-
     return 0;
 } 
 
 int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 {
     uint16_t len;
-    uint8_t d_block[8];
+	uint8_t d_block[8] = {0x00};
     uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
 	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
 
     // command MIFARE_CLASSIC_WRITEBLOCK
-	memset(d_block,'\0',8);
 	d_block[0]= blockNo;
 	memcpy(d_block+1,blockData,4);
 	AppendCrc14443a(d_block, 6);
 
-	//i know the data send here is correct
     len = mifare_sendcmd_short_special(NULL, 1, 0xA2, d_block, receivedAnswer, receivedAnswerPar, NULL);
 
     if (receivedAnswer[0] != 0x0A) {   //  0x0a - ACK
-        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
         return 1;
     }
 
    return 0;
@@ -423,7 +492,8 @@ int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
 
 	len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
 	if (len != 0) {
-		if (MF_DBGLEVEL >= 1)	Dbprintf("halt error. response len: %x", len);  
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("halt error. response len: %x", len);  
 		return 1;
 	}
 
@@ -438,10 +508,10 @@ int mifare_ultra_halt(uint32_t uid)
     
 	len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
 	if (len != 0) {
-		if (MF_DBGLEVEL >= 1)	Dbprintf("halt error. response len: %x", len);
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("halt error. response len: %x", len);
 		return 1;
 	}
-    
 	return 0;
 }
 
@@ -553,3 +623,98 @@ void emlClearMem(void) {
 	emlSetMem((uint8_t *)uid, 0, 1);
 	return;
 }
+
+
+// Mifare desfire commands
+int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
+{
+    uint8_t dcmd[5] = {0x00};
+    dcmd[0] = cmd;
+    memcpy(dcmd+1,data,2);
+	AppendCrc14443a(dcmd, 3);
+	
+	ReaderTransmit(dcmd, sizeof(dcmd), NULL);
+	int len = ReaderReceive(answer, answer_parity);
+	if(!len) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR) 
+			Dbprintf("Authentication failed. Card timeout.");
+		return 1;
+    }
+	return len;
+}
+
+int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing)
+{
+    uint8_t dcmd[20] = {0x00};
+    dcmd[0] = cmd;
+    memcpy(dcmd+1,data,17);
+	AppendCrc14443a(dcmd, 18);
+
+	ReaderTransmit(dcmd, sizeof(dcmd), NULL);
+	int len = ReaderReceive(answer, answer_parity);
+	if(!len){
+        if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Authentication failed. Card timeout.");
+		return 1;
+    }
+	return len;
+}
+
+int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){
+
+	int len;
+	// load key, keynumber
+	uint8_t data[2]={0x0a, 0x00};
+	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	
+	len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);
+	if (len == 1) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
+		return 1;
+	}
+	
+	if (len == 12) {
+		if (MF_DBGLEVEL >= MF_DBG_EXTENDED)	{
+			Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+				receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
+				receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
+				receivedAnswer[10],receivedAnswer[11]);
+			}
+			memcpy(blockData, receivedAnswer, 12);
+	        return 0;
+	}
+	return 1;
+}
+
+int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
+
+	int len;
+	uint8_t data[17] = {0x00};
+	data[0] = 0xAF;
+	memcpy(data+1,key,16);
+	
+	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
+	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+	
+	len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);
+	
+	if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) {
+		if (MF_DBGLEVEL >= MF_DBG_ERROR)
+			Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);
+		return 1;
+	}
+	
+	if (len == 12){
+		if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
+			Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+				receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
+				receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
+				receivedAnswer[10],receivedAnswer[11]);
+			}
+		memcpy(blockData, receivedAnswer, 12);
+		return 0;
+	}
+	return 1;
+}
\ No newline at end of file