X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/d19929cbe8d681b60496ca6d9d9cbd806822e163..e1deabc0eb11451828e2e8dd18c0d723b3a7eff8:/armsrc/hitag2.c diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 75513232..4596d3f1 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -21,11 +21,13 @@ #include "util.h" #include "hitag2.h" #include "string.h" +#include "BigBuf.h" static bool bQuiet; - -bool bCrypto; -bool bPwd; +static bool bCrypto; +static bool bAuthenticating; +static bool bPwd; +static bool bSuccessful; struct hitag2_tag { uint32_t uid; @@ -41,8 +43,7 @@ struct hitag2_tag { byte_t sectors[12][4]; }; -static struct hitag2_tag tag; -static const struct hitag2_tag resetdata = { +static struct hitag2_tag tag = { .state = TAG_STATE_RESET, .sectors = { // Password mode: | Crypto mode: [0] = { 0x02, 0x4e, 0x02, 0x20}, // UID | UID @@ -60,19 +61,17 @@ static const struct hitag2_tag resetdata = { }, }; -//#define TRACE_LENGTH 3000 -//uint8_t *trace = (uint8_t *) BigBuf; -//int traceLen = 0; -//int rsamples = 0; - -#define AUTH_TABLE_OFFSET FREE_BUFFER_OFFSET -#define AUTH_TABLE_LENGTH FREE_BUFFER_SIZE -byte_t* auth_table = (byte_t *)BigBuf+AUTH_TABLE_OFFSET; -size_t auth_table_pos = 0; -size_t auth_table_len = AUTH_TABLE_LENGTH; +// ToDo: define a meaningful maximum size for auth_table. The bigger this is, the lower will be the available memory for traces. +// Historically it used to be FREE_BUFFER_SIZE, which was 2744. +#define AUTH_TABLE_LENGTH 2744 +static byte_t* auth_table; +static size_t auth_table_pos = 0; +static size_t auth_table_len = AUTH_TABLE_LENGTH; -byte_t password[4]; -byte_t NrAr[8]; +static byte_t password[4]; +static byte_t NrAr[8]; +static byte_t key[8]; +static uint64_t cipher_state; /* Following is a modified version of cryptolib.com/ciphers/hitag2/ */ // Software optimized 48-bit Philips/NXP Mifare Hitag2 PCF7936/46/47/52 stream cipher algorithm by I.C. Wiener 2006-2007. @@ -95,7 +94,6 @@ byte_t NrAr[8]; #define rotl64(x, n) ((((u64)(x))<<((n)&63))+(((u64)(x))>>((0-(n))&63))) // Single bit Hitag2 functions: - #define i4(x,a,b,c,d) ((u32)((((x)>>(a))&1)+(((x)>>(b))&1)*2+(((x)>>(c))&1)*4+(((x)>>(d))&1)*8)) static const u32 ht2_f4a = 0x2C79; // 0010 1100 0111 1001 @@ -104,7 +102,7 @@ static const u32 ht2_f5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 101 static u32 _f20 (const u64 x) { - u32 i5; + u32 i5; i5 = ((ht2_f4a >> i4 (x, 1, 2, 4, 5)) & 1)* 1 + ((ht2_f4b >> i4 (x, 7,11,13,14)) & 1)* 2 @@ -117,8 +115,8 @@ static u32 _f20 (const u64 x) static u64 _hitag2_init (const u64 key, const u32 serial, const u32 IV) { - u32 i; - u64 x = ((key & 0xFFFF) << 32) + serial; + u32 i; + u64 x = ((key & 0xFFFF) << 32) + serial; for (i = 0; i < 32; i++) { @@ -130,7 +128,7 @@ static u64 _hitag2_init (const u64 key, const u32 serial, const u32 IV) static u64 _hitag2_round (u64 *state) { - u64 x = *state; + u64 x = *state; x = (x >> 1) + ((((x >> 0) ^ (x >> 2) ^ (x >> 3) ^ (x >> 6) @@ -142,44 +140,47 @@ static u64 _hitag2_round (u64 *state) return _f20 (x); } +// "MIKRON" = O N M I K R +// Key = 4F 4E 4D 49 4B 52 - Secret 48-bit key +// Serial = 49 43 57 69 - Serial number of the tag, transmitted in clear +// Random = 65 6E 45 72 - Random IV, transmitted in clear +//~28~DC~80~31 = D7 23 7F CE - Authenticator value = inverted first 4 bytes of the keystream + +// The code below must print out "D7 23 7F CE 8C D0 37 A9 57 49 C1 E6 48 00 8A B6". +// The inverse of the first 4 bytes is sent to the tag to authenticate. +// The rest is encrypted by XORing it with the subsequent keystream. + static u32 _hitag2_byte (u64 * x) { - u32 i, c; + u32 i, c; for (i = 0, c = 0; i < 8; i++) c += (u32) _hitag2_round (x) << (i^7); return c; } -size_t nbytes(size_t nbits) { - return (nbits/8)+((nbits%8)>0); -} - -int hitag2_reset(void) -{ +static int hitag2_reset(void) { tag.state = TAG_STATE_RESET; tag.crypto_active = 0; return 0; } -int hitag2_init(void) -{ - memcpy(&tag, &resetdata, sizeof(tag)); +static int hitag2_init(void) { hitag2_reset(); return 0; } static void hitag2_cipher_reset(struct hitag2_tag *tag, const byte_t *iv) { - uint64_t key = ((uint64_t)tag->sectors[2][2]) | - ((uint64_t)tag->sectors[2][3] << 8) | - ((uint64_t)tag->sectors[1][0] << 16) | - ((uint64_t)tag->sectors[1][1] << 24) | - ((uint64_t)tag->sectors[1][2] << 32) | - ((uint64_t)tag->sectors[1][3] << 40); - uint32_t uid = ((uint32_t)tag->sectors[0][0]) | - ((uint32_t)tag->sectors[0][1] << 8) | - ((uint32_t)tag->sectors[0][2] << 16) | - ((uint32_t)tag->sectors[0][3] << 24); + uint64_t key = ((uint64_t)tag->sectors[2][2]) | + ((uint64_t)tag->sectors[2][3] << 8) | + ((uint64_t)tag->sectors[1][0] << 16) | + ((uint64_t)tag->sectors[1][1] << 24) | + ((uint64_t)tag->sectors[1][2] << 32) | + ((uint64_t)tag->sectors[1][3] << 40); + uint32_t uid = ((uint32_t)tag->sectors[0][0]) | + ((uint32_t)tag->sectors[0][1] << 8) | + ((uint32_t)tag->sectors[0][2] << 16) | + ((uint32_t)tag->sectors[0][3] << 24); uint32_t iv_ = (((uint32_t)(iv[0]))) | (((uint32_t)(iv[1])) << 8) | (((uint32_t)(iv[2])) << 16) | @@ -225,16 +226,16 @@ static int hitag2_cipher_transcrypt(uint64_t* cs, byte_t *data, unsigned int byt #define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */ #define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */ -#define HITAG_T_TAG_ONE_HALF_PERIOD 10 -#define HITAG_T_TAG_TWO_HALF_PERIOD 25 -#define HITAG_T_TAG_THREE_HALF_PERIOD 41 -#define HITAG_T_TAG_FOUR_HALF_PERIOD 57 +#define HITAG_T_TAG_ONE_HALF_PERIOD 10 +#define HITAG_T_TAG_TWO_HALF_PERIOD 25 +#define HITAG_T_TAG_THREE_HALF_PERIOD 41 +#define HITAG_T_TAG_FOUR_HALF_PERIOD 57 -#define HITAG_T_TAG_HALF_PERIOD 16 -#define HITAG_T_TAG_FULL_PERIOD 32 +#define HITAG_T_TAG_HALF_PERIOD 16 +#define HITAG_T_TAG_FULL_PERIOD 32 -#define HITAG_T_TAG_CAPTURE_ONE_HALF 13 -#define HITAG_T_TAG_CAPTURE_TWO_HALF 25 +#define HITAG_T_TAG_CAPTURE_ONE_HALF 13 +#define HITAG_T_TAG_CAPTURE_TWO_HALF 25 #define HITAG_T_TAG_CAPTURE_THREE_HALF 41 #define HITAG_T_TAG_CAPTURE_FOUR_HALF 57 @@ -277,7 +278,8 @@ static void hitag_send_frame(const byte_t* frame, size_t frame_len) LOW(GPIO_SSC_DOUT); } -void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) + +static void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { byte_t rx_air[HITAG_FRAME_LEN]; @@ -396,8 +398,8 @@ void hitag2_handle_reader_command(byte_t* rx, const size_t rxlen, byte_t* tx, si break; } -// LogTrace(rx,nbytes(rxlen),0,0,false); -// LogTrace(tx,nbytes(*txlen),0,0,true); +// LogTraceHitag(rx,rxlen,0,0,false); +// LogTraceHitag(tx,*txlen,0,0,true); if(tag.crypto_active) { hitag2_cipher_transcrypt(&(tag.cs), tx, *txlen/8, *txlen%8); @@ -412,7 +414,7 @@ static void hitag_reader_send_bit(int bit) { // Binary puls length modulation (BPLM) is used to encode the data stream // This means that a transmission of a one takes longer than that of a zero - // Enable modulation, which means, drop the the field + // Enable modulation, which means, drop the field HIGH(GPIO_SSC_DOUT); // Wait for 4-10 times the carrier period @@ -425,15 +427,15 @@ static void hitag_reader_send_bit(int bit) { if(bit == 0) { // Zero bit: |_-| while(AT91C_BASE_TC0->TC_CV < T0*22); - // SpinDelayUs(16*8); + } else { // One bit: |_--| while(AT91C_BASE_TC0->TC_CV < T0*28); - // SpinDelayUs(22*8); } LED_A_OFF(); } + static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) { // Send the content of the frame @@ -442,7 +444,7 @@ static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) } // Send EOF AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - // Enable modulation, which means, drop the the field + // Enable modulation, which means, drop the field HIGH(GPIO_SSC_DOUT); // Wait for 4-10 times the carrier period while(AT91C_BASE_TC0->TC_CV < T0*6); @@ -450,7 +452,9 @@ static void hitag_reader_send_frame(const byte_t* frame, size_t frame_len) LOW(GPIO_SSC_DOUT); } -bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { +size_t blocknr; + +static bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { // Reset the transmission frame length *txlen = 0; @@ -473,23 +477,132 @@ bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) *txlen = 32; memcpy(tx,password,4); bPwd = true; + memcpy(tag.sectors[blocknr],rx,4); + blocknr++; } else { - DbpString("Password succesful!"); - // We are done... for now - return false; + + if(blocknr == 1){ + //store password in block1, the TAG answers with Block3, but we need the password in memory + memcpy(tag.sectors[blocknr],tx,4); + } else { + memcpy(tag.sectors[blocknr],rx,4); + } + + blocknr++; + if (blocknr > 7) { + DbpString("Read succesful!"); + bSuccessful = true; + return false; + } + *txlen = 10; + tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2); + tx[1] = ((blocknr^7) << 6); } } break; // Unexpected response - default: { + default: { + Dbprintf("Uknown frame length: %d",rxlen); + return false; + } break; + } + return true; +} + +static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { + // Reset the transmission frame length + *txlen = 0; + + if(bCrypto) { + hitag2_cipher_transcrypt(&cipher_state,rx,rxlen/8,rxlen%8); + } + + // Try to find out which command was send by selecting on length (in bits) + switch (rxlen) { + // No answer, try to resurrect + case 0: { + // Stop if there is no answer while we are in crypto mode (after sending NrAr) + if (bCrypto) { + // Failed during authentication + if (bAuthenticating) { + DbpString("Authentication failed!"); + return false; + } else { + // Failed reading a block, could be (read/write) locked, skip block and re-authenticate + if (blocknr == 1) { + // Write the low part of the key in memory + memcpy(tag.sectors[1],key+2,4); + } else if (blocknr == 2) { + // Write the high part of the key in memory + tag.sectors[2][0] = 0x00; + tag.sectors[2][1] = 0x00; + tag.sectors[2][2] = key[0]; + tag.sectors[2][3] = key[1]; + } else { + // Just put zero's in the memory (of the unreadable block) + memset(tag.sectors[blocknr],0x00,4); + } + blocknr++; + bCrypto = false; + } + } else { + *txlen = 5; + memcpy(tx,"\xc0",nbytes(*txlen)); + } + } break; + + // Received UID, crypto tag answer + case 32: { + if (!bCrypto) { + uint64_t ui64key = key[0] | ((uint64_t)key[1]) << 8 | ((uint64_t)key[2]) << 16 | ((uint64_t)key[3]) << 24 | ((uint64_t)key[4]) << 32 | ((uint64_t)key[5]) << 40; + uint32_t ui32uid = rx[0] | ((uint32_t)rx[1]) << 8 | ((uint32_t)rx[2]) << 16 | ((uint32_t)rx[3]) << 24; + cipher_state = _hitag2_init(rev64(ui64key), rev32(ui32uid), 0); + memset(tx,0x00,4); + memset(tx+4,0xff,4); + hitag2_cipher_transcrypt(&cipher_state,tx+4,4,0); + *txlen = 64; + bCrypto = true; + bAuthenticating = true; + } else { + // Check if we received answer tag (at) + if (bAuthenticating) { + bAuthenticating = false; + } else { + // Store the received block + memcpy(tag.sectors[blocknr],rx,4); + blocknr++; + } + if (blocknr > 7) { + DbpString("Read succesful!"); + bSuccessful = true; + return false; + } + *txlen = 10; + tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2); + tx[1] = ((blocknr^7) << 6); + } + } break; + + // Unexpected response + default: { Dbprintf("Uknown frame length: %d",rxlen); return false; } break; } + + + if(bCrypto) { + // We have to return now to avoid double encryption + if (!bAuthenticating) { + hitag2_cipher_transcrypt(&cipher_state, tx, *txlen/8, *txlen%8); + } + } + return true; } -bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { + +static bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { // Reset the transmission frame length *txlen = 0; @@ -514,8 +627,7 @@ bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txl bCrypto = true; } else { DbpString("Authentication succesful!"); - // We are done... for now - return false; + return true; } } break; @@ -529,7 +641,9 @@ bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txl return true; } -bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { + +static bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) { + // Reset the transmission frame length *txlen = 0; @@ -539,12 +653,19 @@ bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_ case 0: { // Stop if there is no answer while we are in crypto mode (after sending NrAr) if (bCrypto) { - Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed!",NrAr[0],NrAr[1],NrAr[2],NrAr[3],NrAr[4],NrAr[5],NrAr[6],NrAr[7]); + Dbprintf("auth: %02x%02x%02x%02x%02x%02x%02x%02x Failed, removed entry!",NrAr[0],NrAr[1],NrAr[2],NrAr[3],NrAr[4],NrAr[5],NrAr[6],NrAr[7]); + + // Removing failed entry from authentiations table + memcpy(auth_table+auth_table_pos,auth_table+auth_table_pos+8,8); + auth_table_len -= 8; + + // Return if we reached the end of the authentications table bCrypto = false; - if ((auth_table_pos+8) == auth_table_len) { + if (auth_table_pos == auth_table_len) { return false; } - auth_table_pos += 8; + + // Copy the next authentication attempt in row (at the same position, b/c we removed last failed entry) memcpy(NrAr,auth_table+auth_table_pos,8); } *txlen = 5; @@ -577,6 +698,7 @@ bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx, size_ return true; } + void SnoopHitag(uint32_t type) { int frame_count; int response; @@ -589,12 +711,19 @@ void SnoopHitag(uint32_t type) { byte_t rx[HITAG_FRAME_LEN]; size_t rxlen=0; + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + + // free eventually allocated BigBuf memory + BigBuf_free(); BigBuf_Clear_ext(false); + // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); - + clear_trace(); + set_tracing(TRUE); + auth_table_len = 0; auth_table_pos = 0; + + auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH); memset(auth_table, 0x00, AUTH_TABLE_LENGTH); DbpString("Starting Hitag2 snoop"); @@ -602,7 +731,7 @@ void SnoopHitag(uint32_t type) { // Set up eavesdropping mode, frequency divisor which will drive the FPGA // and analog mux selection. - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); @@ -618,7 +747,7 @@ void SnoopHitag(uint32_t type) { AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - // Disable timer during configuration + // Disable timer during configuration AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, @@ -639,7 +768,7 @@ void SnoopHitag(uint32_t type) { bSkip = true; tag_sof = 4; - while(!BUTTON_PRESS()) { + while(!BUTTON_PRESS() && !usb_poll_validate_length()) { // Watchdog hit WDT_HIT(); @@ -739,7 +868,7 @@ void SnoopHitag(uint32_t type) { // Check if frame was captured if(rxlen > 0) { frame_count++; - if (!LogTrace(rx,nbytes(rxlen),response,0,reader_frame)) { + if (!LogTraceHitag(rx,rxlen,response,0,reader_frame)) { DbpString("Trace full"); break; } @@ -781,7 +910,7 @@ void SnoopHitag(uint32_t type) { AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_A_OFF(); - + set_tracing(TRUE); // Dbprintf("frame received: %d",frame_count); // Dbprintf("Authentication Attempts: %d",(auth_table_len/8)); // DbpString("All done"); @@ -798,11 +927,20 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { bool bQuitTraceFull = false; bQuiet = false; + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + + // free eventually allocated BigBuf memory + BigBuf_free(); BigBuf_Clear_ext(false); + // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); + clear_trace(); + set_tracing(TRUE); + auth_table_len = 0; auth_table_pos = 0; + byte_t* auth_table; + + auth_table = (byte_t *)BigBuf_malloc(AUTH_TABLE_LENGTH); memset(auth_table, 0x00, AUTH_TABLE_LENGTH); DbpString("Starting Hitag2 simulation"); @@ -825,7 +963,7 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { // Set up simulator mode, frequency divisor which will drive the FPGA // and analog mux selection. - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz SetAdcMuxFor(GPIO_MUXSEL_LOPKD); RELAY_OFF(); @@ -844,23 +982,23 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC1); AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; - // Disable timer during configuration + // Disable timer during configuration AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + // Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, // external trigger rising edge, load RA on rising edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; - // Enable and reset counter - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; - // Reset the received frame, frame count and timing info memset(rx,0x00,sizeof(rx)); frame_count = 0; response = 0; overflow = 0; + + // Enable and reset counter + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; - while(!BUTTON_PRESS()) { + while(!BUTTON_PRESS() && !usb_poll_validate_length()) { // Watchdog hit WDT_HIT(); @@ -902,7 +1040,7 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { if(rxlen > 4) { frame_count++; if (!bQuiet) { - if (!LogTrace(rx,nbytes(rxlen),response,0,true)) { + if (!LogTraceHitag(rx,rxlen,response,0,true)) { DbpString("Trace full"); if (bQuitTraceFull) { break; @@ -931,7 +1069,7 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { hitag_send_frame(tx,txlen); // Store the frame in the trace if (!bQuiet) { - if (!LogTrace(tx,nbytes(txlen),0,0,false)) { + if (!LogTraceHitag(tx,txlen,0,0,false)) { DbpString("Trace full"); if (bQuitTraceFull) { break; @@ -962,9 +1100,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) { AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); -// Dbprintf("frame received: %d",frame_count); -// Dbprintf("Authentication Attempts: %d",(auth_table_len/8)); -// DbpString("All done"); + + DbpString("Sim Stopped"); + set_tracing(TRUE); } void ReaderHitag(hitag_function htf, hitag_data* htd) { @@ -982,35 +1120,53 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { int t_wait = HITAG_T_WAIT_MAX; bool bStop; bool bQuitTraceFull = false; - + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + // Reset the return status + bSuccessful = false; + // Clean up trace and prepare it for storing frames - iso14a_set_tracing(TRUE); - iso14a_clear_trace(); + clear_trace(); + set_tracing(TRUE); + DbpString("Starting Hitag reader family"); // Check configuration switch(htf) { case RHT2F_PASSWORD: { - Dbprintf("List identifier in password mode"); + Dbprintf("List identifier in password mode"); memcpy(password,htd->pwd.password,4); + blocknr = 0; bQuitTraceFull = false; bQuiet = false; bPwd = false; } break; + case RHT2F_AUTHENTICATE: { - DbpString("Authenticating in crypto mode"); + DbpString("Authenticating using nr,ar pair:"); memcpy(NrAr,htd->auth.NrAr,8); - Dbprintf("Reader-challenge:"); Dbhexdump(8,NrAr,false); bQuiet = false; bCrypto = false; + bAuthenticating = false; + bQuitTraceFull = true; + } break; + + case RHT2F_CRYPTO: { + DbpString("Authenticating using key:"); + memcpy(key,htd->crypto.key,6); //HACK; 4 or 6?? I read both in the code. + Dbhexdump(6,key,false); + blocknr = 0; + bQuiet = false; + bCrypto = false; + bAuthenticating = false; bQuitTraceFull = true; } break; case RHT2F_TEST_AUTH_ATTEMPTS: { Dbprintf("Testing %d authentication attempts",(auth_table_len/8)); auth_table_pos = 0; - memcpy(NrAr,auth_table,8); + memcpy(NrAr, auth_table, 8); bQuitTraceFull = false; bQuiet = false; bCrypto = false; @@ -1018,6 +1174,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { default: { Dbprintf("Error, unknown function: %d",htf); + set_tracing(FALSE); return; } break; } @@ -1084,9 +1241,10 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { t_wait = HITAG_T_WAIT_2; DbpString("Configured for hitag2 reader"); } else { - Dbprintf("Error, unknown hitag reader type: %d",htf); - return; - } + Dbprintf("Error, unknown hitag reader type: %d",htf); + set_tracing(FALSE); + return; + } while(!bStop && !BUTTON_PRESS()) { // Watchdog hit @@ -1096,7 +1254,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { if(rxlen > 0) { frame_count++; if (!bQuiet) { - if (!LogTrace(rx,nbytes(rxlen),response,0,false)) { + if (!LogTraceHitag(rx,rxlen,response,0,false)) { DbpString("Trace full"); if (bQuitTraceFull) { break; @@ -1116,11 +1274,15 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { case RHT2F_AUTHENTICATE: { bStop = !hitag2_authenticate(rx,rxlen,tx,&txlen); } break; + case RHT2F_CRYPTO: { + bStop = !hitag2_crypto(rx,rxlen,tx,&txlen); + } break; case RHT2F_TEST_AUTH_ATTEMPTS: { bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen); } break; default: { Dbprintf("Error, unknown function: %d",htf); + set_tracing(FALSE); return; } break; } @@ -1147,7 +1309,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { frame_count++; if (!bQuiet) { // Store the frame in the trace - if (!LogTrace(tx,nbytes(txlen),HITAG_T_WAIT_2,0,true)) { + if (!LogTraceHitag(tx,txlen,HITAG_T_WAIT_2,0,true)) { if (bQuitTraceFull) { break; } else { @@ -1228,7 +1390,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) { AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - -// Dbprintf("frame received: %d",frame_count); -// DbpString("All done"); -} + Dbprintf("DONE: frame received: %d",frame_count); + cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48); + set_tracing(FALSE); +} \ No newline at end of file