Merged with master

diff --cc armsrc/appmain.c
Simple merge

diff --cc armsrc/apps.h
Simple merge

diff --cc armsrc/iclass.c
index be27aa3ad6d11ed9f13fd8c2b7f4c7e22a3624bc,9c5e8b2bef03751e637f77e75e5b9ed30debcc59..d5cd366dad9c1288403579b271739a21cb873928
--- 1/armsrc/iclass.c
--- 2/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@@ -665,10 -681,16 +665,12 @@@ void RAMFUNC SnoopIClass(void
      // The command (reader -> tag) that we're receiving.
        // The length of a received command will in most cases be no more than 18 bytes.
        // So 32 should be enough!
 -    uint8_t *receivedCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
 +      uint8_t *readerToTagCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
      // The response (tag -> reader) that we're receiving.
 -    uint8_t *receivedResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
 +      uint8_t *tagToReaderResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
  
 -    // As we receive stuff, we copy it from receivedCmd or receivedResponse
 -    // into trace, along with its length and other annotations.
 -    //uint8_t *trace = (uint8_t *)BigBuf;
 -    
+     FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+  
      // reset traceLen to 0
      iso14a_set_tracing(TRUE);
      iso14a_clear_trace();
@@@ -954,80 -987,27 +956,82 @@@ static void CodeIClassTagSOF(
        // Convert from last byte pos to length
        ToSendMax++;
  }
 -
 -//-----------------------------------------------------------------------------
 -// Simulate iClass Card
 -// Only CSN (Card Serial Number)
 -// 
 -//-----------------------------------------------------------------------------
 -void SimulateIClass(uint8_t arg0, uint8_t *datain)
 +int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf);
 +/**
 + * @brief SimulateIClass simulates an iClass card.
 + * @param arg0 type of simulation
 + *                    - 0 uses the first 8 bytes in usb data as CSN
 + *                    - 2 "dismantling iclass"-attack. This mode iterates through all CSN's specified
 + *                    in the usb data. This mode collects MAC from the reader, in order to do an offline
 + *                    attack on the keys. For more info, see "dismantling iclass" and proxclone.com.
 + *                    - Other : Uses the default CSN (031fec8af7ff12e0)
 + * @param arg1 - number of CSN's contained in datain (applicable for mode 2 only)
 + * @param arg2
 + * @param datain
 + */
 +void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
  {
 -      uint8_t simType = arg0;
 -
 +      uint32_t simType = arg0;
 +      uint32_t numberOfCSNS = arg1;
+       FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
  
 -  // Enable and clear the trace
 -      tracing = TRUE;
 -      traceLen = 0;
 -  memset(trace, 0x44, TRACE_SIZE);
 +      // Enable and clear the trace
 +      iso14a_set_tracing(TRUE);
 +      iso14a_clear_trace();
 +
 +      uint8_t csn_crc[] = { 0x03, 0x1f, 0xec, 0x8a, 0xf7, 0xff, 0x12, 0xe0, 0x00, 0x00 };
 +      if(simType == 0) {
 +              // Use the CSN from commandline
 +              memcpy(csn_crc, datain, 8);
 +              doIClassSimulation(csn_crc,0,NULL);
 +      }else if(simType == 1)
 +      {
 +              doIClassSimulation(csn_crc,0,NULL);
 +      }
 +      else if(simType == 2)
 +      {
 +
 +              uint8_t mac_responses[64] = { 0 };
 +              Dbprintf("Going into attack mode");
 +              // In this mode, a number of csns are within datain. We'll simulate each one, one at a time
 +              // in order to collect MAC's from the reader. This can later be used in an offlne-attack
 +              // in order to obtain the keys, as in the "dismantling iclass"-paper.
 +              int i = 0;
 +              for( ; i < numberOfCSNS && i*8+8 < USB_CMD_DATA_SIZE; i++)
 +              {
 +                      // The usb data is 512 bytes, fitting 65 8-byte CSNs in there.
 +
 +                      memcpy(csn_crc, datain+(i*8), 8);
 +                      if(doIClassSimulation(csn_crc,1,mac_responses))
 +                      {
 +                              return; // Button pressed
 +                      }
 +              }
 +              cmd_send(CMD_ACK,CMD_SIMULATE_TAG_ICLASS,i,0,mac_responses,i*8);
 +
 +      }
 +      else{
 +              // We may want a mode here where we hardcode the csns to use (from proxclone).
 +              // That will speed things up a little, but not required just yet.
 +              Dbprintf("The mode is not implemented, reserved for future use");
 +      }
 +      Dbprintf("Done...");
 +
 +}
 +/**
 + * @brief Does the actual simulation
 + * @param csn - csn to use
 + * @param breakAfterMacReceived if true, returns after reader MAC has been received.
 + */
 +int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf)
 +{
 +
+ 
        // CSN followed by two CRC bytes
        uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
 -      uint8_t response3[] = { 0x03, 0x1f, 0xec, 0x8a, 0xf7, 0xff, 0x12, 0xe0, 0x00, 0x00 };
 -
 +      uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0};
 +      memcpy(response3,csn,sizeof(response3));
 +      Dbprintf("Simulating CSN %02x%02x%02x%02x%02x%02x%02x%02x",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]);
        // e-Purse
        uint8_t response4[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  
@@@ -1469,8 -1430,10 +1473,10 @@@ void ReaderIClass(uint8_t arg0) 
  
        uint8_t* resp = (((uint8_t *)BigBuf) + 3560);   // was 3560 - tied to other size changes
  
+     FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ 
        // Reset trace buffer
 -      memset(trace, 0x44, RECV_CMD_OFFSET);
 +      memset(trace, 0x44, RECV_CMD_OFFSET);
        traceLen = 0;
  
        // Setup SSC

diff --cc armsrc/iso14443a.c
Simple merge