#remove one of the following defines and comment out the relevant line
#in the next section to remove that particular feature from compilation
-APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG
+APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -fno-strict-aliasing
#-DWITH_LCD
#SRC_LCD = fonts.c LCD.c
$(SRC_LCD) \
$(SRC_ISO15693) \
$(SRC_LF) \
- appmain.c printf.c \
+ appmain.c \
+ printf.c \
util.c \
string.c \
usb_cdc.c \
{
byte_t len = strlen(str);
cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
-// /* this holds up stuff unless we're connected to usb */
-// if (!UsbConnected())
-// return;
-//
-// UsbCommand c;
-// c.cmd = CMD_DEBUG_PRINT_STRING;
-// c.arg[0] = strlen(str);
-// if(c.arg[0] > sizeof(c.d.asBytes)) {
-// c.arg[0] = sizeof(c.d.asBytes);
-// }
-// memcpy(c.d.asBytes, str, c.arg[0]);
-//
-// UsbSendPacket((uint8_t *)&c, sizeof(c));
-// // TODO fix USB so stupid things like this aren't req'd
-// SpinDelay(50);
}
#if 0
void DbpIntegers(int x1, int x2, int x3)
{
cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
-// /* this holds up stuff unless we're connected to usb */
-// if (!UsbConnected())
-// return;
-//
-// UsbCommand c;
-// c.cmd = CMD_DEBUG_PRINT_INTEGERS;
-// c.arg[0] = x1;
-// c.arg[1] = x2;
-// c.arg[2] = x3;
-//
-// UsbSendPacket((uint8_t *)&c, sizeof(c));
-// // XXX
-// SpinDelay(50);
}
#endif
extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
void SendVersion(void)
{
- char temp[256]; /* Limited data payload in USB packets */
+ char temp[512]; /* Limited data payload in USB packets */
DbpString("Prox/RFID mark3 RFID instrument");
/* Try to find the bootrom version information. Expect to find a pointer at
int selected = 0;
int playing = 0;
+ int cardRead = 0;
// Turn on selected LED
LED(selected + 1, 0);
for (;;)
{
-// UsbPoll(FALSE);
usb_poll();
WDT_HIT();
SpinDelay(300);
// Button was held for a second, begin recording
- if (button_pressed > 0)
+ if (button_pressed > 0 && cardRead == 0)
{
LEDsoff();
LED(selected + 1, 0);
// If we were previously playing, set playing off
// so next button push begins playing what we recorded
playing = 0;
+
+ cardRead = 1;
+
+ }
+
+ else if (button_pressed > 0 && cardRead == 1)
+ {
+ LEDsoff();
+ LED(selected + 1, 0);
+ LED(LED_ORANGE, 0);
+
+ // record
+ Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
+
+ // wait for button to be released
+ while(BUTTON_PRESS())
+ WDT_HIT();
+
+ /* need this delay to prevent catching some weird data */
+ SpinDelay(500);
+
+ CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
+ Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
+
+ LEDsoff();
+ LED(selected + 1, 0);
+ // Finished recording
+
+ // If we were previously playing, set playing off
+ // so next button push begins playing what we recorded
+ playing = 0;
+
+ cardRead = 0;
+
}
// Change where to record (or begin playing)
cmd_send(CMD_ACK,0,0,0,0,0);
break;
case CMD_HID_DEMOD_FSK:
- CmdHIDdemodFSK(c->arg[0], 0, 0, 1); // Demodulate HID tag
+ CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
break;
case CMD_HID_SIM_TAG:
- CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
+ CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
break;
- case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
+ case CMD_HID_CLONE_TAG:
CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;
case CMD_IO_DEMOD_FSK:
- CmdIOdemodFSK(c->arg[0], 0, 0, 1); // Demodulate IO tag
+ CmdIOdemodFSK(c->arg[0], 0, 0, 1);
break;
- case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
+ case CMD_IO_CLONE_TAG:
CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
break;
case CMD_EM410X_DEMOD:
case CMD_LF_SIMULATE_BIDIR:
SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
break;
- case CMD_INDALA_CLONE_TAG: // Clone Indala 64-bit tag by UID to T55x7
+ case CMD_INDALA_CLONE_TAG:
CopyIndala64toT55x7(c->arg[0], c->arg[1]);
break;
- case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
+ case CMD_INDALA_CLONE_TAG_L:
CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
break;
case CMD_T55XX_READ_BLOCK:
case CMD_T55XX_WRITE_BLOCK:
T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;
- case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
+ case CMD_T55XX_READ_TRACE:
T55xxReadTrace();
break;
- case CMD_PCF7931_READ: // Read PCF7931 tag
+ case CMD_PCF7931_READ:
ReadPCF7931();
cmd_send(CMD_ACK,0,0,0,0,0);
-// UsbSendPacket((uint8_t*)&ack, sizeof(ack));
break;
case CMD_EM4X_READ_WORD:
EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
ReaderIso15693(c->arg[0]);
break;
case CMD_SIMTAG_ISO_15693:
- SimTagIso15693(c->arg[0]);
+ SimTagIso15693(c->arg[0], c->d.asBytes);
break;
#endif
case CMD_SIMULATE_TAG_ISO_14443a:
SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
break;
+
case CMD_EPA_PACE_COLLECT_NONCE:
EPA_PACE_Collect_Nonce(c);
break;
break;
// Work with "magic Chinese" card
- case CMD_MIFARE_EML_CSETBLOCK:
+ case CMD_MIFARE_CSETBLOCK:
MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
- case CMD_MIFARE_EML_CGETBLOCK:
+ case CMD_MIFARE_CGETBLOCK:
MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
+ case CMD_MIFARE_CIDENT:
+ MifareCIdent();
+ break;
// mifare sniffer
case CMD_MIFARE_SNIFFER:
break;
case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
-// UsbCommand n;
-// if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
-// n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
-// } else {
-// n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
-// }
-// n.arg[0] = c->arg[0];
- // memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
- // LED_B_ON();
- // usb_write((uint8_t *)&n, sizeof(n));
- // UsbSendPacket((uint8_t *)&n, sizeof(n));
- // LED_B_OFF();
LED_B_ON();
for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
uint8_t *b = (uint8_t *)BigBuf;
- memcpy(b+c->arg[0], c->d.asBytes, 48);
- //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
-// UsbSendPacket((uint8_t*)&ack, sizeof(ack));
+ memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
cmd_send(CMD_ACK,0,0,0,0,0);
break;
}
case CMD_DEVICE_INFO: {
uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
-// UsbSendPacket((uint8_t*)&c, sizeof(c));
cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);
break;
}
LED_B_OFF();
LED_A_OFF();
- // Init USB device`
+ // Init USB device
usb_enable();
-// UsbStart();
// The FPGA gets its clock from us from PCK0 output, so set that up.
AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
UsbPacketReceived(rx,rx_len);
}
}
-// UsbPoll(FALSE);
-
WDT_HIT();
#ifdef WITH_LF
void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
+void MifareCIdent(); // is "magic chinese" card?
/// iso15693.h
void RecordRawAdcSamplesIso15693(void);
void AcquireRawAdcSamplesIso15693(void);
void ReaderIso15693(uint32_t parameter); // Simulate an ISO15693 reader - greg
-void SimTagIso15693(uint32_t parameter); // simulate an ISO15693 tag - greg
+void SimTagIso15693(uint32_t parameter, uint8_t *uid); // simulate an ISO15693 tag - greg
void BruteforceIso15693Afi(uint32_t speed); // find an AFI of a tag - atrox
void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8_t data[]); // send arbitrary commands from CLI - atrox
void SetDebugIso15693(uint32_t flag);
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
+ Dbprintf("epa - no select cardaccess");
return -1;
}
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
+ Dbprintf("epa - no read cardaccess");
return -1;
}
// send the USB packet
cmd_send(CMD_ACK,step,func_return,0,0,0);
-//UsbSendPacket((void *)ack, sizeof(UsbCommand));
}
//-----------------------------------------------------------------------------
*/
// return value of a function
- int func_return;
+ int func_return = 0;
// // initialize ack with 0s
// memset(ack->arg, 0, 12);
// save received information
// ack->arg[1] = func_return;
// memcpy(ack->d.asBytes, nonce, func_return);
-// UsbSendPacket((void *)ack, sizeof(UsbCommand));
cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
}
//-----------------------------------------------------------------------------
int EPA_Setup()
{
- // return code
+
int return_code = 0;
- // card UID
uint8_t uid[10];
- // card select information
+ uint8_t pps_response[3];
+ uint8_t pps_response_par[1];
iso14a_card_select_t card_select_info;
+
// power up the field
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
+ iso14a_set_timeout(10500);
+
// select the card
return_code = iso14443a_select_card(uid, &card_select_info, NULL);
if (return_code != 1) {
+ Dbprintf("Epa: Can't select card");
return 1;
}
// send the PPS request
ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
- uint8_t pps_response[3];
- uint8_t pps_response_par[1];
return_code = ReaderReceive(pps_response, pps_response_par);
if (return_code != 3 || pps_response[0] != 0xD0) {
return return_code == 0 ? 2 : return_code;
// Disable timer during configuration
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
- // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
+ // Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
// external trigger rising edge, load RA on rising edge of TIOA.
AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING;
- // Enable and reset counter
- AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
-
// Reset the received frame, frame count and timing info
memset(rx,0x00,sizeof(rx));
frame_count = 0;
response = 0;
overflow = 0;
+
+ // Enable and reset counter
+ AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
while(!BUTTON_PRESS()) {
// Watchdog hit
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-// Dbprintf("frame received: %d",frame_count);
-// Dbprintf("Authentication Attempts: %d",(auth_table_len/8));
-// DbpString("All done");
+
+ DbpString("Sim Stopped");
+
}
void ReaderHitag(hitag_function htf, hitag_data* htd) {
case RHT2F_CRYPTO: {
DbpString("Authenticating using key:");
- memcpy(key,htd->crypto.key,4);
+ memcpy(key,htd->crypto.key,4); //HACK; 4 or 6?? I read both in the code.
Dbhexdump(6,key,false);
blocknr = 0;
bQuiet = false;
else {
modulation = bit & Demod.syncBit;
modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
- //modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
Demod.samples += 4;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- /*if(OutOfNDecoding((b & 0xf0) >> 4)) {
- *len = Uart.byteCnt;
- return TRUE;
- }*/
+
if(OutOfNDecoding(b & 0x0f)) {
*len = Uart.byteCnt;
return TRUE;
*/
int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf)
{
-
-
// CSN followed by two CRC bytes
uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0};
//Signal tracer
// Can be used to get a trigger for an oscilloscope..
LED_C_OFF();
+
if(!GetIClassCommandFromReader(receivedCmd, &len, 100)) {
buttonPressed = true;
break;
int samples = 0;
// This is tied to other size changes
- // uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
CodeIClassCommand(frame,len);
// Select the card
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
skip = !skip;
if(skip) continue;
- /*if(ManchesterDecoding((b>>4) & 0xf)) {
- *samples = ((c - 1) << 3) + 4;
- return TRUE;
- }*/
+
if(ManchesterDecoding(b & 0x0f)) {
*samples = c << 3;
return TRUE;
// only, since we are receiving, not transmitting).
// Signal field is off with the appropriate LED
LED_D_OFF();
- FpgaWriteConfWord(
- FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
// Now run a `software UART' on the stream of incoming samples.
// Modulate BPSK
// Signal field is off with the appropriate LED
LED_D_OFF();
- FpgaWriteConfWord(
- FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
AT91C_BASE_SSC->SSC_THR = 0xff;
FpgaSetupSsc();
1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
};
-
void iso14a_set_trigger(bool enable) {
trigger = enable;
}
Uart.twoBits = (Uart.twoBits << 8) | bit;
if (Uart.state == STATE_UNSYNCD) { // not yet synced
+
if (Uart.highCnt < 7) { // wait for a stable unmodulated signal
if (Uart.twoBits == 0xffff) {
Uart.highCnt++;
if (Uart.len) {
return TRUE; // we are finished with decoding the raw data sequence
} else {
- UartReset(); // Nothing received - try again
+ UartReset(); // Nothing receiver - start over
}
}
if (Uart.state == STATE_START_OF_COMMUNICATION) { // error - must not follow directly after SOC
Demod.endTime = 0;
}
-
void DemodInit(uint8_t *data, uint8_t *parity)
{
Demod.output = data;
// Send startbit
ToSend[++ToSendMax] = SEC_D;
-
LastProxToAirDuration = 8 * ToSendMax - 4;
for(uint16_t i = 0; i < len; i++) {
response1[1] = 0x00;
sak = 0x28;
} break;
+ case 5: { // MIFARE TNP3XXX
+ // Says: I am a toy
+ response1[0] = 0x01;
+ response1[1] = 0x0f;
+ sak = 0x01;
+ } break;
default: {
Dbprintf("Error: unkown tagtype (%d)",tagType);
return;
// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
p_response = NULL;
} else if(receivedCmd[0] == 0x50) { // Received a HALT
-// DbpString("Reader requested we HALT!:");
+
if (tracing) {
LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
}
// do the tracing for the previous reader request and this tag answer:
uint8_t par[MAX_PARITY_SIZE];
GetParity(p_response->response, p_response->response_n, par);
+
EmLogTrace(Uart.output,
Uart.len,
Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG,
// clear TXRDY
AT91C_BASE_SSC->SSC_THR = SEC_Y;
- // for(uint16_t c = 0; c < 10;) { // standard delay for each transfer (allow tag to be ready after last transmission)
- // if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
- // AT91C_BASE_SSC->SSC_THR = SEC_Y;
- // c++;
- // }
- // }
-
uint16_t c = 0;
for(;;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
}
NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
-
}
void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
{
-
CodeIso14443aBitsAsReaderPar(frame, bits, par);
// Send command to tag
// Receive the ATQA
if(!ReaderReceive(resp, resp_par)) return 0;
- //Dbprintf("atqa: %02x %02x",resp[1],resp[0]);
if(p_hi14a_card) {
memcpy(p_hi14a_card->atqa, resp, 2);
memcpy(uid_resp, resp, 4);
}
uid_resp_len = 4;
- //Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
// calculate crypto UID. Always use last 4 Bytes.
if(cuid_ptr) {
if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
// http://www.nxp.com/documents/application_note/AN10927.pdf
- // This was earlier:
- //memcpy(uid_resp, uid_resp + 1, 3);
- // But memcpy should not be used for overlapping arrays,
- // and memmove appears to not be available in the arm build.
- // Therefore:
uid_resp[0] = uid_resp[1];
uid_resp[1] = uid_resp[2];
uid_resp[2] = uid_resp[3];
p_hi14a_card->ats_len = 0;
}
- if( (sak & 0x20) == 0) {
- return 2; // non iso14443a compliant tag
- }
+ // non iso14443a compliant tag
+ if( (sak & 0x20) == 0) return 2;
// Request for answer to select
AppendCrc14443a(rats, 2);
if (!(len = ReaderReceive(resp, resp_par))) return 0;
+
if(p_hi14a_card) {
memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
p_hi14a_card->ats_len = len;
// reset the PCB block number
iso14_pcb_blocknum = 0;
-
return 1;
}
}
if(param & ISO14A_SET_TIMEOUT) {
- iso14a_timeout = c->arg[2];
+ iso14a_set_timeout(c->arg[2]);
}
if(param & ISO14A_APDU) {
uint32_t nt = 0;
uint32_t previous_nt = 0;
static uint32_t nt_attacked = 0;
- byte_t par_list[8] = {0,0,0,0,0,0,0,0};
- byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
+ byte_t par_list[8] = {0x00};
+ byte_t ks_list[8] = {0x00};
static uint32_t sync_time;
static uint32_t sync_cycles;
uint16_t consecutive_resyncs = 0;
int isOK = 0;
-
-
if (first_try) {
mf_nr_ar3 = 0;
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
//-----------------------------------------------------------------------------
static void TransmitTo15693Reader(const uint8_t *cmd, int len, int *samples, int *wait)
{
- int c;
-
-// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR); // No requirement to energise my coils
+ int c = 0;
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);
if(*wait < 10) { *wait = 10; }
- c = 0;
for(;;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = cmd[c];
AT91C_BASE_SSC->SSC_THR = 0x43;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- int8_t b;
- b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
+ int8_t b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
// The samples are correlations against I and Q versions of the
// tone that the tag AM-modulates, so every other sample is I,
//-----------------------------------------------------------------------------
void AcquireRawAdcSamplesIso15693(void)
{
- int c = 0;
uint8_t *dest = (uint8_t *)BigBuf;
- int getNext = 0;
+ int c = 0;
+ int getNext = 0;
int8_t prev = 0;
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
void RecordRawAdcSamplesIso15693(void)
{
+ uint8_t *dest = (uint8_t *)BigBuf;
+
int c = 0;
- uint8_t *dest = (uint8_t *)BigBuf;
int getNext = 0;
-
int8_t prev = 0;
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
}
// Now the VICC>VCD responses when we are simulating a tag
- static void BuildInventoryResponse(void)
+ static void BuildInventoryResponse( uint8_t *uid)
{
uint8_t cmd[12];
uint16_t crc;
// one sub-carrier, inventory, 1 slot, fast rate
// AFI is at bit 5 (1<<4) when doing an INVENTORY
- cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1);
- cmd[1] = 0;
+ //(1 << 2) | (1 << 5) | (1 << 1);
+ cmd[0] = 0; //
+ cmd[1] = 0; // DSFID (data storage format identifier). 0x00 = not supported
// 64-bit UID
- cmd[2] = 0x32;
- cmd[3]= 0x4b;
- cmd[4] = 0x03;
- cmd[5] = 0x01;
- cmd[6] = 0x00;
- cmd[7] = 0x10;
- cmd[8] = 0x05;
- cmd[9]= 0xe0;
+ cmd[2] = uid[7]; //0x32;
+ cmd[3] = uid[6]; //0x4b;
+ cmd[4] = uid[5]; //0x03;
+ cmd[5] = uid[4]; //0x01;
+ cmd[6] = uid[3]; //0x00;
+ cmd[7] = uid[2]; //0x10;
+ cmd[8] = uid[1]; //0x05;
+ cmd[9] = uid[0]; //0xe0;
//Now the CRC
crc = Crc(cmd, 10);
cmd[10] = crc & 0xff;
LED_C_OFF();
LED_D_OFF();
-//DbpString(parameter);
-
- //uint8_t *answer0 = (((uint8_t *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)
uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
uint8_t *answer2 = (((uint8_t *)BigBuf) + 3760);
uint8_t *answer3 = (((uint8_t *)BigBuf) + 3860);
- //uint8_t *TagUID= (((uint8_t *)BigBuf) + 3960); // where we hold the uid for hi15reader
-// int answerLen0 = 0;
+
int answerLen1 = 0;
int answerLen2 = 0;
int answerLen3 = 0;
- int i=0; // counter
+ int i = 0;
+ int samples = 0;
+ int tsamples = 0;
+ int wait = 0;
+ int elapsed = 0;
+ uint8_t TagUID[8] = {0x00};
+
// Blank arrays
- memset(BigBuf + 3660, 0, 300);
+ memset(BigBuf + 3660, 0x00, 300);
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
// Setup SSC
FpgaSetupSsc();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(200);
- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
- FpgaSetupSsc();
-
// Give the tags time to energize
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
SpinDelay(200);
LED_C_OFF();
LED_D_OFF();
- int samples = 0;
- int tsamples = 0;
- int wait = 0;
- int elapsed = 0;
-
// FIRST WE RUN AN INVENTORY TO GET THE TAG UID
// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME
- uint8_t TagUID[8] = {0, 0, 0, 0, 0, 0, 0, 0}; // where we hold the uid for hi15reader
-
-// BuildIdentifyRequest();
-// //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
-// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
-// // Now wait for a response
-// responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ;
-// if (responseLen0 >=12) // we should do a better check than this
-// {
-// // really we should check it is a valid mesg
-// // but for now just grab what we think is the uid
-// TagUID[0] = receivedAnswer0[2];
-// TagUID[1] = receivedAnswer0[3];
-// TagUID[2] = receivedAnswer0[4];
-// TagUID[3] = receivedAnswer0[5];
-// TagUID[4] = receivedAnswer0[6];
-// TagUID[5] = receivedAnswer0[7];
-// TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code
-// DbpIntegers(TagUID[6],TagUID[5],TagUID[4]);
-//}
// Now send the IDENTIFY command
BuildIdentifyRequest();
- //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
- TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
+
+ TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);
+
// Now wait for a response
answerLen1 = GetIso15693AnswerFromTag(answer1, 100, &samples, &elapsed) ;
if (answerLen1 >=12) // we should do a better check than this
{
-
TagUID[0] = answer1[2];
TagUID[1] = answer1[3];
TagUID[2] = answer1[4];
TagUID[6] = answer1[8]; // IC Manufacturer code
TagUID[7] = answer1[9]; // always E0
- // Now send the SELECT command
- // since the SELECT command is optional, we should not rely on it.
-//// BuildSelectRequest(TagUID);
-// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
- // Now wait for a response
-/// answerLen2 = GetIso15693AnswerFromTag(answer2, 100, &samples, &elapsed);
-
- // Now send the MULTI READ command
-// BuildArbitraryRequest(*TagUID,parameter);
-/// BuildArbitraryCustomRequest(TagUID,parameter);
-// BuildReadBlockRequest(*TagUID,parameter);
-// BuildSysInfoRequest(*TagUID);
- //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
-/// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3
- // Now wait for a response
-/// answerLen3 = GetIso15693AnswerFromTag(answer3, 100, &samples, &elapsed) ;
-
}
Dbprintf("%d octets read from IDENTIFY request:", answerLen1);
// UID is reverse
if (answerLen1>=12)
- //Dbprintf("UID = %*D",8,TagUID," ");
- Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",TagUID[7],TagUID[6],TagUID[5],
- TagUID[4],TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
+ Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",
+ TagUID[7],TagUID[6],TagUID[5],TagUID[4],
+ TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
Dbprintf("%d octets read from SELECT request:", answerLen2);
DbdecodeIso15693Answer(answerLen3,answer3);
Dbhexdump(answerLen3,answer3,true);
-
// read all pages
if (answerLen1>=12 && DEBUG) {
i=0;
}
}
-// str2[0]=0;
-// for(i = 0; i < responseLen3; i++) {
-// itoa(str1,receivedAnswer3[i]);
-// strncat(str2,str1,8);
-// }
-// DbpString(str2);
-
LED_A_OFF();
LED_B_OFF();
LED_C_OFF();
// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands
// all demodulation performed in arm rather than host. - greg
-void SimTagIso15693(uint32_t parameter)
+void SimTagIso15693(uint32_t parameter, uint8_t *uid)
{
LED_A_ON();
LED_B_ON();
LED_C_OFF();
LED_D_OFF();
- uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
+ uint8_t *buf = (((uint8_t *)BigBuf) + 3660); //
+
int answerLen1 = 0;
+ int samples = 0;
+ int tsamples = 0;
+ int wait = 0;
+ int elapsed = 0;
- // Blank arrays
- memset(answer1, 0, 100);
+ memset(buf, 0x00, 100);
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
- // Setup SSC
- FpgaSetupSsc();
-
- // Start from off (no field generated)
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelay(200);
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
FpgaSetupSsc();
- // Give the tags time to energize
-// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); // NO GOOD FOR SIM TAG!!!!
+ // Start from off (no field generated)
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(200);
LED_A_OFF();
LED_C_ON();
LED_D_OFF();
- int samples = 0;
- int tsamples = 0;
- int wait = 0;
- int elapsed = 0;
-
- answerLen1 = GetIso15693AnswerFromSniff(answer1, 100, &samples, &elapsed) ;
+ // Listen to reader
+ answerLen1 = GetIso15693AnswerFromSniff(buf, 100, &samples, &elapsed) ;
if (answerLen1 >=1) // we should do a better check than this
{
// Build a suitable reponse to the reader INVENTORY cocmmand
- BuildInventoryResponse();
+ // not so obsvious, but in the call to BuildInventoryResponse, the command is copied to the global ToSend buffer used below.
+
+ BuildInventoryResponse(uid);
+
TransmitTo15693Reader(ToSend,ToSendMax, &tsamples, &wait);
}
Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1,
- answer1[0], answer1[1], answer1[2],
- answer1[3], answer1[4], answer1[5],
- answer1[6], answer1[7], answer1[8]);
+ buf[0], buf[1], buf[2], buf[3],
+ buf[4], buf[5], buf[6], buf[7], buf[8]);
+
+ Dbprintf("Simulationg uid: %x %x %x %x %x %x %x %x",
+ uid[0], uid[1], uid[2], uid[3],
+ uid[4], uid[5], uid[6], uid[7]);
LED_A_OFF();
LED_B_OFF();
recvlen=SendDataTag(data,datalen,1,speed,(recv?&recvbuf:NULL));
if (recv) {
-// n.cmd=/* CMD_ISO_15693_COMMAND_DONE */ CMD_ACK;
-// n.arg[0]=recvlen>48?48:recvlen;
-// memcpy(n.d.asBytes, recvbuf, 48);
LED_B_ON();
cmd_send(CMD_ACK,recvlen>48?48:recvlen,0,0,recvbuf,48);
-// UsbSendPacket((uint8_t *)&n, sizeof(n));
LED_B_OFF();
if (DEBUG) {
signed char *dest = (signed char *)BigBuf;
int n = sizeof(BigBuf);
- // int *dest = GraphBuffer;
- // int n = GraphTraceLen;
// 128 bit shift register [shift3:shift2:shift1:shift0]
uint32_t shift3 = 0, shift2 = 0, shift1 = 0, shift0 = 0;
if (ledcontrol)
LED_A_ON();
+
SimulateTagLowFrequency(n, 0, ledcontrol);
if (ledcontrol)
hi2 = hi = lo = 0;
}
WDT_HIT();
- //SpinDelay(50);
}
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
// Clone Indala 64-bit tag by UID to T55x7
void CopyIndala64toT55x7(int hi, int lo)
{
-
//Program the 2 data blocks for supplied 64bit UID
// and the block 0 for Indala64 format
T55xxWriteBlock(hi,1,0,0);
// T5567WriteBlock(0x603E1042,0);
DbpString("DONE!");
-
}
void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7)
{
-
//Program the 7 data blocks for supplied 224bit UID
// and the block 0 for Indala224 format
T55xxWriteBlock(uid1,1,0,0);
// T5567WriteBlock(0x603E10E2,0);
DbpString("DONE!");
-
}
return 0;
}
-
#define ALLOC 16
void ReadPCF7931() {
}
}
+
void EM4xLogin(uint32_t Password) {
uint8_t fwd_bit_count;
// Merlok - June 2011, 2012\r
// Gerhard de Koning Gans - May 2008\r
// Hagen Fritsch - June 2010\r
+// Midnitesnake - Dec 2013\r
+// Andy Davies - Apr 2014\r
+// Iceman - May 2014\r
//\r
// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
// at your option, any later version. See the LICENSE.txt file for the text of\r
\r
// clear trace\r
iso14a_clear_trace();\r
-// iso14a_set_tracing(false);\r
-\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
LED_A_ON();\r
// Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
-// iso14a_set_tracing(TRUE);\r
-\r
}\r
\r
void MifareUReadBlock(uint8_t arg0,uint8_t *datain)\r
LED_B_ON();\r
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
LED_B_OFF();\r
- \r
- \r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}\r
\r
-\r
//-----------------------------------------------------------------------------\r
// Select, Authenticate, Read a MIFARE tag. \r
// read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)\r
ui64Key = bytes_to_num(datain, 6);\r
\r
// variables\r
- byte_t isOK;\r
+ byte_t isOK = 0;\r
byte_t dataoutbuf[16 * 16];\r
uint8_t uid[10];\r
uint32_t cuid;\r
\r
// clear trace\r
iso14a_clear_trace();\r
-// iso14a_set_tracing(false);\r
\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");\r
}\r
\r
- \r
// ----------------------------- crypto1 destroy\r
crypto1_destroy(pcs);\r
\r
// Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
-// iso14a_set_tracing(TRUE);\r
}\r
\r
\r
\r
// clear trace\r
iso14a_clear_trace();\r
-// iso14a_set_tracing(false);\r
\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
// Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
-// iso14a_set_tracing(TRUE);\r
-\r
}\r
\r
-\r
void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)\r
{\r
// params\r
\r
// clear trace\r
iso14a_clear_trace();\r
- // iso14a_set_tracing(false);\r
\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
// iso14a_set_tracing(TRUE);\r
}\r
\r
-\r
void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)\r
{\r
// params\r
\r
// clear trace\r
iso14a_clear_trace();\r
- // iso14a_set_tracing(false);\r
\r
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
cmd_send(CMD_ACK,isOK,0,0,0,0);\r
LED_B_OFF();\r
\r
-\r
// Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
-// iso14a_set_tracing(TRUE);\r
-\r
}\r
\r
-\r
// Return 1 if the nonce is invalid else return 0\r
int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {\r
return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \\r
// statistics on nonce distance\r
if (calibrate) { // for first call only. Otherwise reuse previous calibration\r
LED_B_ON();\r
+ WDT_HIT();\r
\r
davg = dmax = 0;\r
dmin = 2000;\r
cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
LED_B_OFF();\r
\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
\r
Dbprintf("Debug level: %d", MF_DBGLEVEL);\r
}\r
\r
-\r
//-----------------------------------------------------------------------------\r
// Work with emulator memory\r
// \r
emlClearMem();\r
}\r
\r
-\r
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
emlSetMem(datain, arg0, arg1); // data, block num, blocks count\r
}\r
\r
-\r
void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-\r
- byte_t buf[48];\r
+ byte_t buf[USB_CMD_DATA_SIZE];\r
emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
\r
LED_B_ON();\r
- cmd_send(CMD_ACK,arg0,arg1,0,buf,48);\r
+ cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);\r
LED_B_OFF();\r
}\r
\r
-\r
//-----------------------------------------------------------------------------\r
// Load a card into the emulator memory\r
// \r
\r
// variables\r
byte_t isOK = 0;\r
- uint8_t uid[10];\r
- uint8_t d_block[18];\r
+ uint8_t uid[10] = {0x00};\r
+ uint8_t d_block[18] = {0x00};\r
uint32_t cuid;\r
\r
- memset(uid, 0x00, 10);\r
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
+ // reset FPGA and LED\r
if (workFlags & 0x08) {\r
- // clear trace\r
- iso14a_clear_trace();\r
- iso14a_set_tracing(TRUE);\r
-\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
\r
- SpinDelay(300);\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
- SpinDelay(100);\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+ iso14a_clear_trace();\r
+ iso14a_set_tracing(TRUE);\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
}\r
\r
while (true) {\r
+\r
// get UID from chip\r
if (workFlags & 0x01) {\r
if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
LED_B_OFF();\r
\r
if ((workFlags & 0x10) || (!isOK)) {\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}\r
\r
// variables\r
byte_t isOK = 0;\r
- uint8_t data[18];\r
+ uint8_t data[18] = {0x00};\r
uint32_t cuid = 0;\r
\r
- memset(data, 0x00, 18);\r
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
if (workFlags & 0x08) {\r
- // clear trace\r
- iso14a_clear_trace();\r
- iso14a_set_tracing(TRUE);\r
-\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
\r
- SpinDelay(300);\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
- SpinDelay(100);\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+ iso14a_clear_trace();\r
+ iso14a_set_tracing(TRUE);\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
}\r
\r
while (true) {\r
LED_B_OFF();\r
\r
if ((workFlags & 0x10) || (!isOK)) {\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}\r
}\r
\r
+void MifareCIdent(){\r
+ \r
+ // card commands\r
+ uint8_t wupC1[] = { 0x40 }; \r
+ uint8_t wupC2[] = { 0x43 }; \r
+ \r
+ // variables\r
+ byte_t isOK = 1;\r
+ \r
+ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
+ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
+\r
+ ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ isOK = 0;\r
+ };\r
+\r
+ ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
+ if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+ isOK = 0;\r
+ };\r
+\r
+ if (mifare_classic_halt(NULL, 0)) {\r
+ isOK = 0;\r
+ };\r
+\r
+ cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+}\r
+\r
+ //\r
+// DESFIRE\r
+//\r
#include "mifaresniff.h"\r
#include "apps.h"\r
\r
-\r
static int sniffState = SNF_INIT;\r
static uint8_t sniffUIDType;\r
static uint8_t sniffUID[8];\r
uint8_t bt = 0;\r
int i;\r
par[0] = 0;\r
+ \r
for (i = 0; i < len; i++) {\r
bt = data[i];\r
data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];\r
- if((i&0x0007) == 0) par[i>>3] = 0;\r
+ if((i&0x0007) == 0) \r
+ par[i>>3] = 0;\r
par[i>>3] |= (((filter(pcs->odd) ^ oddparity(bt)) & 0x01)<<(7-(i&0x0007)));\r
} \r
return;\r
int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
{
- uint8_t dcmd[8];//, ecmd[4];
- //uint32_t par=0;
-
+ uint8_t dcmd[8];
dcmd[0] = cmd;
dcmd[1] = data[0];
dcmd[2] = data[1];
dcmd[4] = data[3];
dcmd[5] = data[4];
AppendCrc14443a(dcmd, 6);
- //Dbprintf("Data command: %02x", dcmd[0]);
- //Dbprintf("Data R: %02x %02x %02x %02x %02x %02x %02x", dcmd[1],dcmd[2],dcmd[3],dcmd[4],dcmd[5],dcmd[6],dcmd[7]);
-
- //memcpy(ecmd, dcmd, sizeof(dcmd));
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);
if(!len)
int len; \r
uint32_t pos;\r
uint8_t tmp4[4];\r
- uint8_t par[1] = {0};\r
+ uint8_t par[1] = {0x00};\r
byte_t nr[4];\r
uint32_t nt, ntpp; // Supplied tag nonce\r
\r
if (ntptr)\r
*ntptr = nt;\r
\r
- \r
// Generate (encrypted) nr+parity by loading it into the cipher (Nr)\r
par[0] = 0;\r
for (pos = 0; pos < 4; pos++)\r
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
+ \r
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if (len == 1) {
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
// variables
- int len, i; \r
+ uint16_t len, i; \r
uint32_t pos;\r
uint8_t par[3] = {0}; // enough for 18 Bytes to send\r
byte_t res;\r
// variables
uint16_t len;
uint8_t par[3] = {0}; // enough for 18 parity bits
-
uint8_t d_block[18];
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
uint16_t len;
-
uint8_t d_block[8];
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
return 1;
}
-\r
- return 0;
+\r return 0;
}
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
{
- // variables
uint16_t len; \r
- \r
- // Mifare HALT\r
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
\r
int mifare_ultra_halt(uint32_t uid)
{
uint16_t len;
-
- // Mifare HALT
uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
// work with emulator memory
void emlSetMem(uint8_t *data, int blockNum, int blocksCount) {
uint8_t* emCARD = get_bigbufptr_emlcardmem();
- \r
memcpy(emCARD + blockNum * 16, data, blocksCount * 16);\r
}\r
\r
void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {\r
uint8_t* emCARD = get_bigbufptr_emlcardmem();\r
- \r
memcpy(data, emCARD + blockNum * 16, blocksCount * 16);\r
}\r
\r
void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount) {\r
uint8_t* emCARD = get_bigbufptr_emlcardmem();\r
- \r
memcpy(data, emCARD + bytePtr, byteCount);\r
}\r
\r
\r
memcpy(blReg, data, 4);\r
*blBlock = data[12];\r
- \r
return 0;\r
}\r
\r
#ifndef __STRING_H
#define __STRING_H
+#include <stdint.h>
+#include <util.h>
+
int strlen(const char *str);
-void *memcpy(void *dest, const void *src, int len);
+RAMFUNC void *memcpy(void *dest, const void *src, int len);
void *memset(void *dest, int c, int len);
-int memcmp(const void *av, const void *bv, int len);
+RAMFUNC int memcmp(const void *av, const void *bv, int len);
char *strncat(char *dest, const char *src, unsigned int n);
char *strcat(char *dest, const char *src);
void strreverse(char s[]);
VPATH = ../common
OBJDIR = obj
-LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread ../liblua/liblua.a
+LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm -lcrypto
LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
+CFLAGS = -std=c99 -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
LUAPLATFORM = generic
ifneq (,$(findstring MINGW,$(platform)))
//prints binary found and saves in graphbuffer for further commands
int Cmdaskrawdemod(const char *Cmd)
{
- uint32_t i;
+
int invert=0;
int clk=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
}
int BitLen = getFromGraphBuf(BitStream);
int errCnt=0;
- errCnt = askrawdemod(BitStream, &BitLen,&clk,&invert);
+ errCnt = askrawdemod(BitStream, &BitLen, &clk, &invert);
if (errCnt==-1){ //throw away static - allow 1 and -1 (in case of threshold command first)
PrintAndLog("no data found");
return 0;
PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
//PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
//move BitStream back to GraphBuffer
-
- ClearGraph(0);
- for (i=0; i < BitLen; ++i){
- GraphBuffer[i]=BitStream[i];
- }
- GraphTraceLen=BitLen;
- RepaintGraphWindow();
-
- //output
+ setGraphBuf(BitStream, BitLen);
+
if (errCnt>0){
PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
}
+
PrintAndLog("ASK demoded bitstream:");
+
// Now output the bitstream to the scrollback by line of 16 bits
printBitStream(BitStream,BitLen);
bit ^= 1;
AppendGraph(0, clock, bit);
- // for (j = 0; j < (int)(clock/2); j++)
- // GraphBuffer[(i * clock) + j] = bit ^ 1;
- // for (j = (int)(clock/2); j < clock; j++)
- // GraphBuffer[(i * clock) + j] = bit;
}
RepaintGraphWindow();
int CmdDetectClockRate(const char *Cmd)
{
GetClock("",0,0);
- //int clock = DetectASKClock(0);
- //PrintAndLog("Auto-detected clock rate: %d", clock);
return 0;
}
PrintAndLog("actual data bits start at sample %d", maxPos);
PrintAndLog("length %d/%d", highLen, lowLen);
- uint8_t bits[46];
- bits[sizeof(bits)-1] = '\0';
+ uint8_t bits[46] = {0x00};
// find bit pairs and manchester decode them
for (i = 0; i < arraylen(bits) - 1; ++i) {
int CmdSamples(const char *Cmd)
{
- int cnt = 0;
- int n;
- uint8_t got[40000];
-
- n = strtol(Cmd, NULL, 0);
- if (n == 0) n = 6000;
- if (n > sizeof(got)) n = sizeof(got);
+ uint8_t got[40000] = {0x00};
+
+ int n = strtol(Cmd, NULL, 0);
+ if (n == 0)
+ n = 20000;
+
+ if (n > sizeof(got))
+ n = sizeof(got);
- PrintAndLog("Reading %d samples\n", n);
+ PrintAndLog("Reading %d samples from device memory\n", n);
GetFromBigBuf(got,n,0);
WaitForResponse(CMD_ACK,NULL);
- for (int j = 0; j < n; j++) {
- GraphBuffer[cnt++] = ((int)got[j]) - 128;
+ for (int j = 0; j < n; ++j) {
+ GraphBuffer[j] = ((int)got[j]) - 128;
}
-
- PrintAndLog("Done!\n");
GraphTraceLen = n;
RepaintGraphWindow();
return 0;
{"help", CmdHelp, 1, "This help"},
{"amp", CmdAmp, 1, "Amplify peaks"},
{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
- {"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional[clock will try Auto-detect])"},
- {"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK tags and output binary (args optional[clock will try Auto-detect])"},
+ {"askmandemod", Cmdaskmandemod, 1, "[clock] [invert <0|1>] -- Attempt to demodulate ASK/Manchester tags and output binary"},
+ {"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert <0|1>] -- Attempt to demodulate ASK tags and output binary"},
{"autocorr", CmdAutoCorr, 1, "<window length> -- Autocorrelation over window"},
{"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] Biphase decode binary stream already in graph buffer (offset = bit to start decode from)"},
{"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"},
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "graph.h"
#include "ui.h"
switch (card.sak) {
case 0x00: PrintAndLog("TYPE : NXP MIFARE Ultralight | Ultralight C"); break;
+ case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break;
case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); break;
case 0x08: PrintAndLog("TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1"); break;
case 0x09: PrintAndLog("TYPE : NXP MIFARE Mini 0.3k"); break;
PrintAndLog(" 2 = MIFARE Ultralight");
PrintAndLog(" 3 = MIFARE DESFIRE");
PrintAndLog(" 4 = ISO/IEC 14443-4");
+ PrintAndLog(" 5 = MIFARE TNP3XXX");
PrintAndLog("");
return 1;
}
// At lease save the mandatory first part of the UID
c.arg[0] = long_uid & 0xffffffff;
-
- // At lease save the mandatory first part of the UID
- c.arg[0] = long_uid & 0xffffffff;
-
if (c.arg[1] == 0) {
PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
}
#include <string.h>
#include <stdint.h>
#include "iso14443crc.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
+#include "util.h"
#include "ui.h"
#include "cmdparser.h"
#include "cmdhf14b.h"
#include "cmdmain.h"
+
static int CmdHelp(const char *Cmd);
int CmdHF14BDemod(const char *Cmd)
return 0;
}
+int CmdHF14BWrite( const char *Cmd){
+
+/*
+ * For SRIX4K blocks 00 - 7F
+ * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
+ *
+ * For SR512 blocks 00 - 0F
+ * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
+ *
+ * Special block FF = otp_lock_reg block.
+ * Data len 4 bytes-
+ */
+ char cmdp = param_getchar(Cmd, 0);
+ uint8_t blockno = -1;
+ uint8_t data[4] = {0x00};
+ bool isSrix4k = true;
+ char str[20];
+
+ if (cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
+ PrintAndLog("");
+ PrintAndLog(" sample: hf 14b write 1 127 11223344");
+ PrintAndLog(" sample: hf 14b write 1 255 11223344");
+ PrintAndLog(" sample: hf 14b write 2 15 11223344");
+ PrintAndLog(" sample: hf 14b write 2 255 11223344");
+ return 0;
+ }
+
+ if ( param_getchar(Cmd, 0) == '2' )
+ isSrix4k = false;
+
+ blockno = param_get8(Cmd, 1);
+
+ if ( isSrix4k ){
+ if ( blockno > 0x7f && blockno != 0xff ){
+ PrintAndLog("Block number out of range");
+ return 0;
+ }
+ } else {
+ if ( blockno > 0x0f && blockno != 0xff ){
+ PrintAndLog("Block number out of range");
+ return 0;
+ }
+ }
+
+ if (param_gethex(Cmd, 2, data, 8)) {
+ PrintAndLog("Data must include 8 HEX symbols");
+ return 0;
+ }
+
+ if ( blockno == 0xff)
+ PrintAndLog("Writing to special block %02X [ %s]", blockno, sprint_hex(data,4) );
+ else
+ PrintAndLog("Writing to block %02X [ %s]", blockno, sprint_hex(data,4) );
+
+ sprintf(str, "-c -p 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
+ CmdHF14BCmdRaw(str);
+ return 0;
+}
+
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"sri512read", CmdSri512Read, 0, "Read contents of a SRI512 tag"},
{"srix4kread", CmdSrix4kRead, 0, "Read contents of a SRIX4K tag"},
{"raw", CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
+ {"write", CmdHF14BWrite, 0, "Write data to a SRI512 | SRIX4K tag"},
{NULL, NULL, 0, NULL}
};
int CmdHF14BSnoop(const char *Cmd);
int CmdSri512Read(const char *Cmd);
int CmdSrix4kRead(const char *Cmd);
+int CmdHF14BWrite( const char *cmd);
#endif
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
-//#include "proxusb.h"
+
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
#include "ui.h"
+#include "util.h"
#include "cmdparser.h"
#include "cmdhf15.h"
#include "iso15693tools.h"
{ 0xE001000000000000LL, 16, "Motorola" },
{ 0xE002000000000000LL, 16, "ST Microelectronics" },
{ 0xE003000000000000LL, 16, "Hitachi" },
- { 0xE004000000000000LL, 16, "Philips" },
- { 0xE004010000000000LL, 24, "Philips; IC SL2 ICS20" },
+ { 0xE004000000000000LL, 16, "NXP(Philips)" },
+ { 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" },
+ { 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" },
+ { 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" },
{ 0xE005000000000000LL, 16, "Infineon" },
{ 0xE005400000000000LL, 24, "Infineon; 56x32bit" },
{ 0xE006000000000000LL, 16, "Cylinc" },
// Simulation is still not working very good
int CmdHF15Sim(const char *Cmd)
{
- UsbCommand c = {CMD_SIMTAG_ISO_15693, {strtol(Cmd, NULL, 0), 0, 0}};
+ char cmdp = param_getchar(Cmd, 0);
+ uint8_t uid[8] = {0x00};
+
+ //E0 16 24 00 00 00 00 00
+ if (cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: hf 15 sim <UID>");
+ PrintAndLog("");
+ PrintAndLog(" sample: hf 15 sim E016240000000000");
+ return 0;
+ }
+
+ if (param_gethex(Cmd, 0, uid, 16)) {
+ PrintAndLog("UID must include 16 HEX symbols");
+ return 0;
+ }
+
+ PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
+ uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
+
+ UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
+ memcpy(c.d.asBytes,uid,8);
+
SendCommand(&c);
return 0;
}
if (!(recv[0] & ISO15_RES_ERROR)) {
retry=0;
*output=0; // reset outputstring
- sprintf(output, "Block %2i ",blocknum);
+ sprintf(output, "Block %02x ",blocknum);
for ( int i=1; i<resp.arg[0]-2; i++) { // data in hex
sprintf(output+strlen(output),"%02X ",recv[i]);
}
int CmdHF15CmdDebug( const char *cmd) {
int debug=atoi(cmd);
if (strlen(cmd)<1) {
- PrintAndLog("Usage: hf 15 cmd debug <0/1>");
- PrintAndLog(" 0..no debugging output 1..turn debugging on");
+ PrintAndLog("Usage: hf 15 cmd debug <0|1>");
+ PrintAndLog(" 0 no debugging");
+ PrintAndLog(" 1 turn debugging on");
return 0;
}
int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) {
int temp;
uint8_t *req=c->d.asBytes;
- uint8_t uid[8] = {0};
+ uint8_t uid[8] = {0x00};
uint32_t reqlen=0;
// strip
SendCommand(&c);
UsbCommand resp;
- WaitForResponse(CMD_ACK,&resp);
+ WaitForResponse(CMD_ACK,&resp);
// check if command failed
if (resp.arg[0] != 0) {
#include <sys/stat.h>
#include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
#include "data.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "ui.h"
int remainder = requested % 8;
requested = requested + 8 - remainder;
}
-
if (offset + requested > sizeof(got)) {
PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024");
return 0;
//flush queue\r
while (ukbhit()) getchar();\r
\r
- \r
// wait cycle\r
while (true) {\r
printf(".");\r
num_to_bytes(r_key, 6, keyBlock);\r
isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
}\r
+ \r
if (!isOK) \r
PrintAndLog("Found valid key:%012"llx, r_key);\r
else\r
goto start;\r
}\r
\r
+ PrintAndLog("");\r
return 0;\r
}\r
\r
return 0;\r
}\r
\r
-\r
uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
{\r
if (sectorNo < 32) {\r
}\r
}\r
\r
-\r
uint8_t NumBlocksPerSector(uint8_t sectorNo)\r
{\r
if (sectorNo < 32) {\r
}\r
}\r
\r
-\r
int CmdHF14AMfDump(const char *Cmd)\r
{\r
uint8_t sectorNo, blockNo;\r
return 1;\r
}\r
\r
- // Read key file\r
-\r
+ // Read keys A from file\r
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {\r
PrintAndLog("File reading error.");\r
}\r
}\r
\r
+ // Read keys B from file\r
for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {\r
PrintAndLog("File reading error.");\r
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
bool received = false;\r
+ \r
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. \r
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
break;\r
}\r
}\r
-\r
}\r
\r
if (isOK) {\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfRestore(const char *Cmd)\r
{\r
-\r
uint8_t sectorNo,blockNo;\r
uint8_t keyType = 0;\r
uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfNested(const char *Cmd)\r
{\r
int i, j, res, iterations;\r
PrintAndLog("-----------------------------------------------");\r
if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {\r
PrintAndLog("Nested error.\n");\r
+ free(e_sector);\r
return 2;\r
}\r
else {\r
\r
free(e_sector);\r
}\r
-\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
if (strlen(Cmd)<3) {\r
int transferToEml = 0;\r
int createDumpFile = 0;\r
\r
-\r
keyBlock = calloc(stKeyBlock, 6);\r
if (keyBlock == NULL) return 1;\r
\r
num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
}\r
\r
- \r
if (param_getchar(Cmd, 0)=='*') {\r
blockNo = 3;\r
switch(param_getchar(Cmd+1, 0)) {\r
PrintAndLog("File: %s: not found or locked.", filename);\r
free(keyBlock);\r
return 1;\r
+ \r
}\r
}\r
}\r
}\r
\r
free(keyBlock);\r
-\r
+ PrintAndLog("");\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMf1kSim(const char *Cmd)\r
{\r
uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfDbg(const char *Cmd)\r
{\r
int dbgMode = param_get32ex(Cmd, 0, 0, 10);\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfEGet(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfEClear(const char *Cmd)\r
{\r
if (param_getchar(Cmd, 0) == 'h') {\r
// open file\r
f = fopen(filename, "r");\r
if (f == NULL) {\r
- PrintAndLog("File not found or locked.");\r
+ PrintAndLog("File %s not found or locked", filename);\r
return 1;\r
}\r
\r
}\r
for (i = 0; i < 32; i += 2) {\r
sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
-// PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16));\r
}\r
+ \r
if (mfEmlSetMem(buf8, blockNum, 1)) {\r
PrintAndLog("Cant set emul block: %3d", blockNum);\r
fclose(f);\r
break;\r
}\r
for (j = 0; j < 16; j++)\r
- fprintf(f, "%02x", buf[j]); \r
+ fprintf(f, "%02X", buf[j]); \r
fprintf(f,"\n");\r
}\r
fclose(f);\r
int CmdHF14AMfCSetUID(const char *Cmd)\r
{\r
uint8_t wipeCard = 0;\r
- uint8_t uid[8] = {0};\r
- uint8_t oldUid[8]= {0};\r
+ uint8_t uid[8] = {0x00};\r
+ uint8_t oldUid[8] = {0x00};\r
int res;\r
\r
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
}\r
\r
PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));\r
+ PrintAndLog("new UID:%s", sprint_hex(uid, 4));\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfCSetBlk(const char *Cmd)\r
{\r
uint8_t uid[8];\r
}\r
}\r
\r
-\r
int CmdHF14AMfCGetBlk(const char *Cmd) {\r
uint8_t memBlock[16];\r
uint8_t blockNo = 0;\r
\r
\r
int CmdHF14AMfSniff(const char *Cmd){\r
- // params\r
+\r
bool wantLogToFile = 0;\r
bool wantDecrypt = 0;\r
//bool wantSaveToEml = 0; TODO\r
PrintAndLog(" l - save encrypted sequence to logfile `uid.log`");\r
PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`");\r
PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r
- PrintAndLog(" r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
- PrintAndLog("Usage: hf mf sniff [l][d][e][r]");\r
+ PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
+ PrintAndLog("Usage: hf mf sniff [l][d][e][f]");\r
PrintAndLog(" sample: hf mf sniff l d e");\r
return 0;\r
} \r
PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);\r
num = 0;\r
while (bufPtr - buf < blockLen) {\r
- bufPtr += 6; // ignore void timing information\r
+ bufPtr += 6;\r
len = *((uint16_t *)bufPtr);\r
+\r
if(len & 0x8000) {\r
isTag = true;\r
len &= 0x7fff;\r
}\r
bufPtr += 2;\r
if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {\r
+ \r
memcpy(uid, bufPtr + 2, 7);\r
memcpy(atqa, bufPtr + 2 + 7, 2);\r
uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;\r
FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);\r
AddLogCurrentDT(logHexFileName);\r
} \r
- if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
+ if (wantDecrypt) \r
+ mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
} else {\r
PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
- if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
- if (wantDecrypt) mfTraceDecode(bufPtr, len, wantSaveToEmlFile);\r
+ if (wantLogToFile) \r
+ AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
+ if (wantDecrypt) \r
+ mfTraceDecode(bufPtr, len, wantSaveToEmlFile);\r
}\r
bufPtr += len;\r
bufPtr += ((len-1)/8+1); // ignore parity\r
num++;\r
}\r
}\r
- } // resp not NILL\r
+ } // resp not NULL\r
} // while (true)\r
\r
return 0;\r
#include "proxmark3.h"\r
#include "iso14443crc.h"\r
#include "data.h"\r
-//#include "proxusb.h"\r
#include "ui.h"\r
#include "cmdparser.h"\r
#include "common.h"\r
#include <stdlib.h>
#include <string.h>
#include <limits.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
GraphBuffer[start] = 2;
GraphBuffer[start+1] = -2;
+ uint8_t bits[64] = {0x00};
- uint8_t bits[64];
-
- int bit;
+ int bit, sum;
i = start;
for (bit = 0; bit < 64; bit++) {
- int j;
- int sum = 0;
- for (j = 0; j < 16; j++) {
+ sum = 0;
+ for (int j = 0; j < 16; j++) {
sum += GraphBuffer[i++];
}
- if (sum > 0) {
- bits[bit] = 1;
- } else {
- bits[bit] = 0;
- }
+
+ bits[bit] = (sum > 0) ? 1 : 0;
+
PrintAndLog("bit %d sum %d", bit, sum);
}
}
}
+ // HACK writing back to graphbuffer.
GraphTraceLen = 32*64;
i = 0;
int phase = 0;
for (bit = 0; bit < 64; bit++) {
- if (bits[bit] == 0) {
- phase = 0;
- } else {
- phase = 1;
- }
+
+ phase = (bits[bit] == 0) ? 0 : 1;
+
int j;
for (j = 0; j < 32; j++) {
GraphBuffer[i++] = phase;
int state = -1;
int count = 0;
int i, j;
+
// worst case with GraphTraceLen=64000 is < 4096
// under normal conditions it's < 2048
+
uint8_t rawbits[4096];
int rawbit = 0;
int worst = 0, worstPos = 0;
count = 0;
}
}
+
if (rawbit>0){
PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
- } else return 0;
+ } else {
+ return 0;
+ }
+
// Finding the start of a UID
int uidlen, long_wait;
if (strcmp(Cmd, "224") == 0) {
uidlen = 64;
long_wait = 29;
}
+
int start;
int first = 0;
for (start = 0; start <= rawbit - uidlen; start++) {
break;
}
}
+
if (start == rawbit - uidlen + 1) {
PrintAndLog("nothing to wait for");
return 0;
}
// Dumping UID
- uint8_t bits[224];
- char showbits[225];
- showbits[uidlen]='\0';
+ uint8_t bits[224] = {0x00};
+ char showbits[225] = {0x00};
int bit;
i = start;
int times = 0;
+
if (uidlen > rawbit) {
PrintAndLog("Warning: not enough raw bits to get a full UID");
for (bit = 0; bit < rawbit; bit++) {
//convert UID to HEX
uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
int idx;
- uid1=0;
- uid2=0;
+ uid1 = uid2 = 0;
+
if (uidlen==64){
for( idx=0; idx<64; idx++) {
if (showbits[idx] == '0') {
PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
}
else {
- uid3=0;
- uid4=0;
- uid5=0;
- uid6=0;
- uid7=0;
+ uid3 = uid4 = uid5 = uid6 = uid7 = 0;
+
for( idx=0; idx<224; idx++) {
uid1=(uid1<<1)|(uid2>>31);
uid2=(uid2<<1)|(uid3>>31);
uid4=(uid4<<1)|(uid5>>31);
uid5=(uid5<<1)|(uid6>>31);
uid6=(uid6<<1)|(uid7>>31);
- if (showbits[idx] == '0') uid7=(uid7<<1)|0;
- else uid7=(uid7<<1)|1;
+
+ if (showbits[idx] == '0')
+ uid7 = (uid7<<1) | 0;
+ else
+ uid7 = (uid7<<1) | 1;
}
PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
}
// Checking UID against next occurrences
- for (; i + uidlen <= rawbit;) {
int failed = 0;
+ for (; i + uidlen <= rawbit;) {
+ failed = 0;
for (bit = 0; bit < uidlen; bit++) {
if (bits[bit] != rawbits[i++]) {
failed = 1;
}
times += 1;
}
+
PrintAndLog("Occurrences: %d (expected %d)", times, (rawbit - start) / uidlen);
// Remodulating for tag cloning
+ // HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod)
+ // since this changes graphbuffer data.
GraphTraceLen = 32*uidlen;
i = 0;
int phase = 0;
int CmdIndalaClone(const char *Cmd)
{
- unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
UsbCommand c;
- uid1=0;
- uid2=0;
- uid3=0;
- uid4=0;
- uid5=0;
- uid6=0;
- uid7=0;
+ unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
+
+ uid1 = uid2 = uid3 = uid4 = uid5 = uid6 = uid7 = 0;
int n = 0, i = 0;
if (strchr(Cmd,'l') != 0) {
c.d.asDwords[4] = uid5;
c.d.asDwords[5] = uid6;
c.d.asDwords[6] = uid7;
- }
- else
- {
+ } else {
while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
uid1 = (uid1 << 4) | (uid2 >> 28);
uid2 = (uid2 << 4) | (n & 0xf);
int CmdLFRead(const char *Cmd)
{
UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
+
// 'h' means higher-low-frequency, 134 kHz
if(*Cmd == 'h') {
c.arg[0] = 1;
} else if (*Cmd == '\0') {
c.arg[0] = 0;
} else if (sscanf(Cmd, "%"lli, &c.arg[0]) != 1) {
- PrintAndLog("use 'read' or 'read h', or 'read <divisor>'");
+ PrintAndLog("Samples 1: 'lf read'");
+ PrintAndLog(" 2: 'lf read h'");
+ PrintAndLog(" 3: 'lf read <divisor>'");
return 0;
}
SendCommand(&c);
int CmdLFSimBidir(const char *Cmd)
{
- /* Set ADC to twice the carrier for a slight supersampling */
+ // Set ADC to twice the carrier for a slight supersampling
+ // HACK: not implemented in ARMSRC.
+ PrintAndLog("Not implemented yet.");
UsbCommand c = {CMD_LF_SIMULATE_BIDIR, {47, 384, 0}};
SendCommand(&c);
return 0;
static int clock, gap;
static char data[1024], gapstring[8];
- /* get settings/bits */
sscanf(Cmd, "%i %s %i", &clock, &data[0], &gap);
- /* clear our graph */
ClearGraph(0);
- /* fill it with our bitstream */
for (int i = 0; i < strlen(data) ; ++i)
AppendGraph(0, clock, data[i]- '0');
- /* modulate */
CmdManchesterMod("");
- /* show what we've done */
RepaintGraphWindow();
- /* simulate */
sprintf(&gapstring[0], "%i", gap);
CmdLFSim(gapstring);
return 0;
int CmdLFSnoop(const char *Cmd)
{
UsbCommand c = {CMD_LF_SNOOP_RAW_ADC_SAMPLES};
+
// 'h' means higher-low-frequency, 134 kHz
c.arg[0] = 0;
c.arg[1] = -1;
- if (*Cmd == 0) {
- // empty
- } else if (*Cmd == 'l') {
+
+ if (*Cmd == 'l') {
sscanf(Cmd, "l %"lli, &c.arg[1]);
} else if(*Cmd == 'h') {
c.arg[0] = 1;
sscanf(Cmd, "h %"lli, &c.arg[1]);
} else if (sscanf(Cmd, "%"lli" %"lli, &c.arg[0], &c.arg[1]) < 1) {
- PrintAndLog("use 'snoop' or 'snoop {l,h} [trigger threshold]', or 'snoop <divisor> [trigger threshold]'");
+ PrintAndLog("usage 1: snoop");
+ PrintAndLog(" 2: snoop {l,h} [trigger threshold]");
+ PrintAndLog(" 3: snoop <divisor> [trigger threshold]");
return 0;
}
+
SendCommand(&c);
WaitForResponse(CMD_ACK,NULL);
return 0;
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
+#include "util.h"
#include "graph.h"
#include "cmdparser.h"
#include "cmddata.h"
static int CmdHelp(const char *Cmd);
-
-
int CmdEMdemodASK(const char *Cmd)
{
- int findone=0;
+ char cmdp = param_getchar(Cmd, 0);
+ int findone = (cmdp == '1') ? 1 : 0;
UsbCommand c={CMD_EM410X_DEMOD};
- if(Cmd[0]=='1') findone=1;
c.arg[0]=findone;
SendCommand(&c);
return 0;
}
-
-
/* Read the ID of an EM410x tag.
* Format:
* 1111 1111 1 <-- standard non-repeatable header
{
int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low;
int parity[4];
- char id[11];
- char id2[11];
+ char id[11] = {0x00};
+ char id2[11] = {0x00};
int retested = 0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
high = low = 0;
*/
int CmdEM410xSim(const char *Cmd)
{
- int i, n, j, h, binary[4], parity[4];
+ int i, n, j, binary[4], parity[4];
+
+ char cmdp = param_getchar(Cmd, 0);
+ uint8_t uid[5] = {0x00};
+
+ if (cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: lf em4x 410xsim <UID>");
+ PrintAndLog("");
+ PrintAndLog(" sample: lf em4x 410xsim 0F0368568B");
+ return 0;
+ }
+
+ if (param_gethex(Cmd, 0, uid, 10)) {
+ PrintAndLog("UID must include 10 HEX symbols");
+ return 0;
+ }
+
+ PrintAndLog("Starting simulating UID %02X%02X%02X%02X%02X", uid[0],uid[1],uid[2],uid[3],uid[4]);
+ PrintAndLog("Press pm3-button to about simulation");
/* clock is 64 in EM410x tags */
int clock = 64;
/* clear our graph */
ClearGraph(0);
- /* write it out a few times */
- for (h = 0; h < 4; h++)
- {
/* write 9 start bits */
for (i = 0; i < 9; i++)
AppendGraph(0, clock, 1);
AppendGraph(0, clock, parity[3]);
/* stop bit */
- AppendGraph(0, clock, 0);
- }
-
- /* modulate that biatch */
- CmdManchesterMod("");
-
- /* booyah! */
- RepaintGraphWindow();
-
- CmdLFSim("");
+ AppendGraph(1, clock, 0);
+
+ CmdLFSim("240"); //240 start_gap.
return 0;
}
-/* Function is equivalent of loread + losamples + em410xread
- * looped until an EM410x tag is detected */
+/* Function is equivalent of lf read + data samples + em410xread
+ * looped until an EM410x tag is detected
+ *
+ * Why is CmdSamples("16000")?
+ * TBD: Auto-grow sample size based on detected sample rate. IE: If the
+ * rate gets lower, then grow the number of samples
+ * Changed by martin, 4000 x 4 = 16000,
+ * see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
+
+*/
int CmdEM410xWatch(const char *Cmd)
{
- int read_h = (*Cmd == 'h');
- do
- {
- CmdLFRead(read_h ? "h" : "");
- // 2000 samples is OK for clock=64, but not clock=32. Probably want
- // 8000 for clock=16. Don't want to go too high since old HID driver
- // is very slow
- // TBD: Auto-grow sample size based on detected sample rate. IE: If the
- // rate gets lower, then grow the number of samples
-
- // Changed by martin, 4000 x 4 = 16000,
- // see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
- CmdSamples("16000");
- } while ( ! CmdEM410xRead(""));
- return 0;
+ char cmdp = param_getchar(Cmd, 0);
+ int read_h = (cmdp == 'h');
+ do {
+ if (ukbhit()) {
+ printf("\naborted via keyboard!\n");
+ break;
+ }
+
+ CmdLFRead(read_h ? "h" : "");
+ CmdSamples("6000");
+ } while (
+ !CmdEM410xRead("")
+ );
+ return 0;
}
/* Read the transmitted data of an EM4x50 tag
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "graph.h"
int CmdHIDDemodFSK(const char *Cmd)
{
int findone=0;
+ if(Cmd[0]=='1') findone=1;
UsbCommand c={CMD_HID_DEMOD_FSK};
- if(Cmd[0]=='1') findone=1;
c.arg[0]=findone;
SendCommand(&c);
return 0;
}
PrintAndLog("Emulating tag with ID %x%16x", hi, lo);
+ PrintAndLog("Press pm3-button to abort simulation");
UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
SendCommand(&c);
#include <stdlib.h>
#include <string.h>
#include "data.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
return 0;
}
-static command_t CommandTableHitag[] =
+static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdLFHitagList, 1, "List Hitag trace history"},
int CmdLFHitag(const char *Cmd)
{
- CmdsParse(CommandTableHitag, Cmd);
+ CmdsParse(CommandTable, Cmd);
return 0;
}
int CmdHelp(const char *Cmd)
{
- CmdsHelp(CommandTableHitag);
+ CmdsHelp(CommandTable);
return 0;
}
#include <string.h>
#include <inttypes.h>
#include <limits.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
{
int findone=0;
if(Cmd[0]=='1') findone=1;
+
UsbCommand c={CMD_IO_DEMOD_FSK};
c.arg[0]=findone;
SendCommand(&c);
return 0;
}
-
int CmdIOProxDemod(const char *Cmd){
if (GraphTraceLen < 4800) {
PrintAndLog("too short; need at least 4800 samples");
return 0;
}
-
GraphTraceLen = 4800;
for (int i = 0; i < GraphTraceLen; ++i) {
- if (GraphBuffer[i] < 0) {
- GraphBuffer[i] = 0;
- } else {
- GraphBuffer[i] = 1;
- }
+ GraphBuffer[i] = (GraphBuffer[i] < 0) ? 0 : 1;
}
RepaintGraphWindow();
return 0;
}
PrintAndLog("Cloning tag with ID %08x %08x", hi, lo);
-
+ PrintAndLog("Press pm3-button to abort simulation");
c.cmd = CMD_IO_CLONE_TAG;
c.arg[0] = hi;
c.arg[1] = lo;
#include <stdio.h>
#include <string.h>
-//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "graph.h"
#include <stdio.h>\r
#include <string.h>\r
#include <inttypes.h>\r
-//#include "proxusb.h"\r
#include "proxmark3.h"\r
#include "ui.h"\r
#include "graph.h"\r
#include <stdio.h>
#include <stdlib.h>
#include "crc16.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "ui.h"
unsigned int current_command = CMD_UNKNOWN;
-//unsigned int received_command = CMD_UNKNOWN;
-//UsbCommand current_response;
-//UsbCommand current_response_user;
static int CmdHelp(const char *Cmd);
static int CmdQuit(const char *Cmd);
{
{"help", CmdHelp, 1, "This help. Use '<command> help' for details of a particular command."},
{"data", CmdData, 1, "{ Plot window / data buffer manipulation... }"},
- {"hf", CmdHF, 1, "{ HF commands... }"},
+ {"hf", CmdHF, 1, "{ High Frequency commands... }"},
{"hw", CmdHW, 1, "{ Hardware commands... }"},
- {"lf", CmdLF, 1, "{ LF commands... }"},
+ {"lf", CmdLF, 1, "{ Low Frequency commands... }"},
{"script", CmdScript, 1,"{ Scripting commands }"},
{"quit", CmdQuit, 1, "Exit program"},
{"exit", CmdQuit, 1, "Exit program"},
UsbCommand resp;
- if (response == NULL) {
+ if (response == NULL)
response = &resp;
- }
+
// Wait until the command is received
for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
- while(getCommand(response))
- {
+ while(getCommand(response)) {
if(response->cmd == cmd){
- //We got what we expected
return true;
}
-
}
msleep(10); // XXX ugh
if (dm_seconds == 200) { // Two seconds elapsed
//-----------------------------------------------------------------------------
void UsbCommandReceived(UsbCommand *UC)
{
- /*
- // Debug
- printf("UsbCommand length[len=%zd]\n",sizeof(UsbCommand));
- printf(" cmd[len=%zd]: %"llx"\n",sizeof(UC->cmd),UC->cmd);
- printf(" arg0[len=%zd]: %"llx"\n",sizeof(UC->arg[0]),UC->arg[0]);
- printf(" arg1[len=%zd]: %"llx"\n",sizeof(UC->arg[1]),UC->arg[1]);
- printf(" arg2[len=%zd]: %"llx"\n",sizeof(UC->arg[2]),UC->arg[2]);
- printf(" data[len=%zd]: %02x%02x%02x...\n",sizeof(UC->d.asBytes),UC->d.asBytes[0],UC->d.asBytes[1],UC->d.asBytes[2]);
- */
-
- // printf("%s(%x) current cmd = %x\n", __FUNCTION__, c->cmd, current_command);
- // If we recognize a response, return to avoid further processing
- switch(UC->cmd) {
- // First check if we are handling a debug message
- case CMD_DEBUG_PRINT_STRING: {
- char s[USB_CMD_DATA_SIZE+1];
- size_t len = MIN(UC->arg[0],USB_CMD_DATA_SIZE);
- memcpy(s,UC->d.asBytes,len);
- s[len] = 0x00;
- PrintAndLog("#db# %s ", s);
- return;
- } break;
-
- case CMD_DEBUG_PRINT_INTEGERS: {
- PrintAndLog("#db# %08x, %08x, %08x \r\n", UC->arg[0], UC->arg[1], UC->arg[2]);
- return;
- } break;
-
- // case CMD_MEASURED_ANTENNA_TUNING: {
- // int peakv, peakf;
- // int vLf125, vLf134, vHf;
- // vLf125 = UC->arg[0] & 0xffff;
- // vLf134 = UC->arg[0] >> 16;
- // vHf = UC->arg[1] & 0xffff;;
- // peakf = UC->arg[2] & 0xffff;
- // peakv = UC->arg[2] >> 16;
- // PrintAndLog("");
- // PrintAndLog("# LF antenna: %5.2f V @ 125.00 kHz", vLf125/1000.0);
- // PrintAndLog("# LF antenna: %5.2f V @ 134.00 kHz", vLf134/1000.0);
- // PrintAndLog("# LF optimal: %5.2f V @%9.2f kHz", peakv/1000.0, 12000.0/(peakf+1));
- // PrintAndLog("# HF antenna: %5.2f V @ 13.56 MHz", vHf/1000.0);
- // if (peakv<2000)
- // PrintAndLog("# Your LF antenna is unusable.");
- // else if (peakv<10000)
- // PrintAndLog("# Your LF antenna is marginal.");
- // if (vHf<2000)
- // PrintAndLog("# Your HF antenna is unusable.");
- // else if (vHf<5000)
- // PrintAndLog("# Your HF antenna is marginal.");
- // } break;
-
- case CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K: {
-// printf("received samples: ");
-// print_hex(UC->d.asBytes,512);
- sample_buf_len += UC->arg[1];
-// printf("samples: %zd offset: %d\n",sample_buf_len,UC->arg[0]);
- memcpy(sample_buf+(UC->arg[0]),UC->d.asBytes,UC->arg[1]);
- } break;
-
-
-// case CMD_ACK: {
-// PrintAndLog("Receive ACK\n");
-// } break;
-
- default: {
- // Maybe it's a response
- /*
- switch(current_command) {
- case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: {
- if (UC->cmd != CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K) {
- PrintAndLog("unrecognized command %08x\n", UC->cmd);
- break;
- }
-// int i;
- PrintAndLog("received samples %d\n",UC->arg[0]);
- memcpy(sample_buf+UC->arg[0],UC->d.asBytes,48);
- sample_buf_len += 48;
-// for(i=0; i<48; i++) sample_buf[i] = UC->d.asBytes[i];
- //received_command = UC->cmd;
- } break;
-
- default: {
- } break;
- }*/
- }
- break;
- }
-
- storeCommand(UC);
+ switch(UC->cmd) {
+ // First check if we are handling a debug message
+ case CMD_DEBUG_PRINT_STRING: {
+ char s[USB_CMD_DATA_SIZE+1] = {0x00};
+ size_t len = MIN(UC->arg[0],USB_CMD_DATA_SIZE);
+ memcpy(s,UC->d.asBytes,len);
+ PrintAndLog("#db# %s ", s);
+ return;
+ } break;
+
+ case CMD_DEBUG_PRINT_INTEGERS: {
+ PrintAndLog("#db# %08x, %08x, %08x \r\n", UC->arg[0], UC->arg[1], UC->arg[2]);
+ return;
+ } break;
+
+ case CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K: {
+ sample_buf_len += UC->arg[1];
+ memcpy(sample_buf+(UC->arg[0]),UC->d.asBytes,UC->arg[1]);
+ } break;
+
+ default:
+ break;
+ }
+ storeCommand(UC);
}
#include <stdint.h>
#include "data.h"
#include "ui.h"
-//#include "proxusb.h"
#include "proxmark3.h"
#include "cmdmain.h"
{
sample_buf_len = 0;
sample_buf = dest;
-// start_index = ((start_index/12)*12);
-// int n = start_index + bytes;
- /*
- if (n % 48 != 0) {
- PrintAndLog("bad len in GetFromBigBuf");
- return;
- }
- */
UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {start_index, bytes, 0}};
SendCommand(&c);
-/*
- for (int i = start_index; i < n; i += 48) {
- UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {i, 0, 0}};
- SendCommand(&c);
-// WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K);
-// memcpy(dest+(i*4), sample_buf, 48);
- }
-*/
}
#include <stdlib.h>
#include "proxmark3.h"
#include "sleep.h"
-//#include "proxusb.h"
#include "flash.h"
#include "elf.h"
#include "proxendian.h"
{
UsbCommand c;
c.cmd = CMD_DEVICE_INFO;
-// SendCommand_(&c);
SendCommand(&c);
UsbCommand resp;
ReceiveCommand(&resp);
c.arg[2] = 0;
}
SendCommand(&c);
-// SendCommand_(&c);
return wait_for_ack();
} else {
fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n");
memset(block_buf, 0xFF, BLOCK_SIZE);
memcpy(block_buf, data, length);
UsbCommand c;
-/*
- c.cmd = {CMD_SETUP_WRITE};
- for (int i = 0; i < 240; i += 48) {
- memcpy(c.d.asBytes, block_buf + i, 48);
- c.arg[0] = i / 4;
- SendCommand(&c);
-// SendCommand_(&c);
- if (wait_for_ack() < 0) {
- return -1;
- }
- }
-*/
c.cmd = CMD_FINISH_WRITE;
c.arg[0] = address;
-// memcpy(c.d.asBytes, block_buf+240, 16);
-// SendCommand_(&c);
memcpy(c.d.asBytes, block_buf, length);
SendCommand(&c);
return wait_for_ack();
// just reset the unit
int flash_stop_flashing(void) {
UsbCommand c = {CMD_HARDWARE_RESET};
-// SendCommand_(&c);
SendCommand(&c);
msleep(100);
return 0;
* @return
*/
int fileExists(const char *filename) {
+
+#ifdef _WIN32
+ struct _stat st;
+ int result = _stat(filename, &st);
+#else
struct stat st;
int result = stat(filename, &st);
+#endif
return result == 0;
}
else return -1;\r
}\r
\r
-\r
-\r
// Compare 16 Bits out of cryptostate\r
int Compare16Bits(const void * a, const void * b) {\r
if ((*(uint64_t*)b & 0x00ff000000ff0000) == (*(uint64_t*)a & 0x00ff000000ff0000)) return 0;\r
else return -1;\r
}\r
\r
-\r
typedef \r
struct {\r
union {\r
return statelist->head.slhead;\r
}\r
\r
-\r
-\r
-\r
int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKey, bool calibrate) \r
{\r
uint16_t i, len;\r
uint32_t uid;\r
UsbCommand resp;\r
\r
- \r
StateList_t statelists[2];\r
struct Crypto1State *p1, *p2, *p3, *p4;\r
\r
// "MAGIC" CARD\r
\r
int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {\r
- uint8_t block0[16];\r
- memset(block0, 0, 16);\r
+ uint8_t block0[16] = {0x00};\r
memcpy(block0, uid, 4); \r
block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC\r
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7)\r
- block0[5] = 0x88;\r
+ block0[5] = 0x08;\r
block0[6] = 0x04;\r
block0[7] = 0x00;\r
\r
}\r
\r
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params) {\r
- uint8_t isOK = 0;\r
\r
- UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};\r
+ uint8_t isOK = 0;\r
+ UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};\r
memcpy(c.d.asBytes, data, 16); \r
SendCommand(&c);\r
\r
int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {\r
uint8_t isOK = 0;\r
\r
- UsbCommand c = {CMD_MIFARE_EML_CGETBLOCK, {params, 0, blockNo}};\r
+ UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};\r
SendCommand(&c);\r
\r
UsbCommand resp;\r
// variables\r
char logHexFileName[200] = {0x00};\r
static uint8_t traceCard[4096] = {0x00};\r
-static char traceFileName[200] = {0};\r
+static char traceFileName[200] = {0x00};\r
static int traceState = TRACE_IDLE;\r
static uint8_t traceCurBlock = 0;\r
static uint8_t traceCurKey = 0;\r
case TRACE_AUTH1: \r
if (len == 4) {\r
traceState = TRACE_AUTH2;\r
-\r
nt = bytes_to_num(data, 4);\r
return 0;\r
} else {\r
lfsr_rollback_word(revstate, 0, 0);\r
lfsr_rollback_word(revstate, nr_enc, 1);\r
lfsr_rollback_word(revstate, uid ^ nt, 0);\r
+\r
crypto1_get_lfsr(revstate, &lfsr);\r
printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));\r
AddLogUint64(logHexFileName, "key> ", lfsr); \r
#include "cmdmain.h"\r
#include "ui.h"\r
#include "data.h"\r
-//#include "proxusb.h"\r
#include "util.h"\r
#include "nonce2key/nonce2key.h"\r
#include "nonce2key/crapto1.h"\r
free(odd);\r
free(even);\r
return 0;\r
-\r
}\r
\r
s = statelist;\r
ProxWidget::ProxWidget(QWidget *parent) : QWidget(parent), GraphStart(0), GraphPixelsPerPoint(1)
{
- resize(600, 500);
+ resize(600, 300);
QPalette palette(QColor(0,0,0,0));
palette.setColor(QPalette::WindowText, QColor(255,255,255));
#include <unistd.h>
#include <readline/readline.h>
#include <readline/history.h>
-//#include "proxusb.h"
+
#include "proxmark3.h"
#include "proxgui.h"
#include "cmdmain.h"
volatile static bool txcmd_pending = false;
void SendCommand(UsbCommand *c) {
-#if 0
- printf("Sending %d bytes\n", sizeof(UsbCommand));
-#endif
-/*
- if (txcmd_pending) {
- ERR("Sending command failed, previous command is still pending");
- }
-*/
- if(offline)
- {
+ #if 0
+ printf("Sending %d bytes\n", sizeof(UsbCommand));
+ #endif
+
+ if (offline) {
PrintAndLog("Sending bytes to proxmark failed - offline");
return;
}
or disconnected. The main console thread is alive, but comm thread just spins here.
Not good.../holiman
**/
- while(txcmd_pending);
- txcmd = *c;
- txcmd_pending = true;
+ while(txcmd_pending);
+ txcmd = *c;
+ txcmd_pending = true;
}
struct receiver_arg {
- int run;
+ int run;
};
struct main_loop_arg {
- int usb_present;
- char *script_cmds_file;
+ int usb_present;
+ char *script_cmds_file;
};
-//static void *usb_receiver(void *targ) {
-// struct receiver_arg *arg = (struct receiver_arg*)targ;
-// UsbCommand cmdbuf;
-//
-// while (arg->run) {
-// if (ReceiveCommandPoll(&cmdbuf)) {
-// UsbCommandReceived(&cmdbuf);
-// fflush(NULL);
-// }
-// }
-//
-// pthread_exit(NULL);
-// return NULL;
-//}
-
byte_t rx[0x1000000];
byte_t* prx = rx;
static void *uart_receiver(void *targ) {
- struct receiver_arg *arg = (struct receiver_arg*)targ;
- size_t rxlen;
- size_t cmd_count;
-
- while (arg->run) {
- rxlen = sizeof(UsbCommand);
- if (uart_receive(sp,prx,&rxlen)) {
- prx += rxlen;
- if (((prx-rx) % sizeof(UsbCommand)) != 0) {
- continue;
- }
- cmd_count = (prx-rx) / sizeof(UsbCommand);
- // printf("received %d bytes, which represents %d commands\n",(prx-rx), cmd_count);
- for (size_t i=0; i<cmd_count; i++) {
- UsbCommandReceived((UsbCommand*)(rx+(i*sizeof(UsbCommand))));
- }
- }
- prx = rx;
-
- if(txcmd_pending) {
- if (!uart_send(sp,(byte_t*)&txcmd,sizeof(UsbCommand))) {
- PrintAndLog("Sending bytes to proxmark failed");
- }
- txcmd_pending = false;
- }
- }
-
- pthread_exit(NULL);
- return NULL;
+ struct receiver_arg *arg = (struct receiver_arg*)targ;
+ size_t rxlen;
+ size_t cmd_count;
+
+ while (arg->run) {
+ rxlen = sizeof(UsbCommand);
+ if (uart_receive(sp, prx, &rxlen)) {
+ prx += rxlen;
+ if (((prx-rx) % sizeof(UsbCommand)) != 0) {
+ continue;
+ }
+ cmd_count = (prx-rx) / sizeof(UsbCommand);
+
+ for (size_t i = 0; i < cmd_count; i++) {
+ UsbCommandReceived((UsbCommand*)(rx+(i*sizeof(UsbCommand))));
+ }
+ }
+ prx = rx;
+
+ if(txcmd_pending) {
+ if (!uart_send(sp, (byte_t*) &txcmd, sizeof(UsbCommand))) {
+ PrintAndLog("Sending bytes to proxmark failed");
+ }
+ txcmd_pending = false;
+ }
+ }
+
+ pthread_exit(NULL);
+ return NULL;
}
static void *main_loop(void *targ) {
- struct main_loop_arg *arg = (struct main_loop_arg*)targ;
- struct receiver_arg rarg;
- char *cmd = NULL;
- pthread_t reader_thread;
-
- if (arg->usb_present == 1) {
- rarg.run=1;
- // pthread_create(&reader_thread, NULL, &usb_receiver, &rarg);
- pthread_create(&reader_thread, NULL, &uart_receiver, &rarg);
- }
-
- FILE *script_file = NULL;
- char script_cmd_buf[256];
+ struct main_loop_arg *arg = (struct main_loop_arg*)targ;
+ struct receiver_arg rarg;
+ char *cmd = NULL;
+ pthread_t reader_thread;
- if (arg->script_cmds_file)
- {
- script_file = fopen(arg->script_cmds_file, "r");
- if (script_file)
- {
- printf("using 'scripting' commands file %s\n", arg->script_cmds_file);
- }
- }
+ if (arg->usb_present == 1) {
+ rarg.run = 1;
+ pthread_create(&reader_thread, NULL, &uart_receiver, &rarg);
+ }
+
+ FILE *script_file = NULL;
+ char script_cmd_buf[256]; // iceman, needs lua script the same file_path_buffer as the rest
+
+ if (arg->script_cmds_file) {
+ script_file = fopen(arg->script_cmds_file, "r");
+ if (script_file) {
+ printf("using 'scripting' commands file %s\n", arg->script_cmds_file);
+ }
+ }
read_history(".history");
- while(1)
- {
- // If there is a script file
- if (script_file)
- {
- if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file))
- {
- fclose(script_file);
- script_file = NULL;
- }
- else
- {
- char *nl;
- nl = strrchr(script_cmd_buf, '\r');
- if (nl) *nl = '\0';
- nl = strrchr(script_cmd_buf, '\n');
- if (nl) *nl = '\0';
-
- if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL)
- {
- memset(cmd, 0, strlen(script_cmd_buf));
- strcpy(cmd, script_cmd_buf);
- printf("%s\n", cmd);
- }
- }
- }
-
- if (!script_file)
+
+ while(1) {
+
+ // If there is a script file
+ if (script_file)
{
- cmd = readline(PROXPROMPT);
+ if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) {
+ fclose(script_file);
+ script_file = NULL;
+ } else {
+ char *nl;
+ nl = strrchr(script_cmd_buf, '\r');
+ if (nl) *nl = '\0';
+
+ nl = strrchr(script_cmd_buf, '\n');
+ if (nl) *nl = '\0';
+
+ if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) {
+ memset(cmd, 0, strlen(script_cmd_buf));
+ strcpy(cmd, script_cmd_buf);
+ printf("%s\n", cmd);
+ }
+ }
}
+ if (!script_file) {
+ PrintAndLog("FOO!!");
+ cmd = readline(PROXPROMPT);
+ PrintAndLog("BAR!!");
+ }
+
+ PrintAndLog("SNAFU!!");
if (cmd) {
+
while(cmd[strlen(cmd) - 1] == ' ')
- cmd[strlen(cmd) - 1] = 0x00;
+ cmd[strlen(cmd) - 1] = 0x00;
if (cmd[0] != 0x00) {
if (strncmp(cmd, "quit", 4) == 0) {
exit(0);
break;
}
-
CommandReceived(cmd);
add_history(cmd);
}
write_history(".history");
- if (arg->usb_present == 1) {
- rarg.run = 0;
- pthread_join(reader_thread, NULL);
- }
-
- if (script_file)
- {
- fclose(script_file);
- script_file = NULL;
- }
-
- ExitGraphics();
- pthread_exit(NULL);
- return NULL;
-}
+ if (arg->usb_present == 1) {
+ rarg.run = 0;
+ pthread_join(reader_thread, NULL);
+ }
-//static void dumpHelp(char *parent, ...)
-//{
-// printf("## %s\n\n", parent);
-// CommandReceived(parent);
-//
-// printf("\n");
-//}
+ if (script_file) {
+ fclose(script_file);
+ script_file = NULL;
+ }
+
+ ExitGraphics();
+ pthread_exit(NULL);
+ return NULL;
+}
static void dumpAllHelp(int markdown)
{
};
pthread_t main_loop_t;
-/*
- usb_init();
- if (!OpenProxmark(1)) {
- fprintf(stderr,"PROXMARK3: NOT FOUND!\n");
- marg.usb_present = 0;
- offline = 1;
- } else {
- marg.usb_present = 1;
- offline = 0;
- }
-*/
sp = uart_open(argv[1]);
if (sp == INVALID_SERIAL_PORT) {
pthread_join(main_loop_t, NULL);
-// if (marg.usb_present == 1) {
-// CloseProxmark();
-// }
-
// Clean up the port
uart_close(sp);
elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k\r
-- MIFARE Classic mini offers 320 bytes split into five sectors.\r
numSectors = 5\r
- elseif 0x10 == result.sak then-- "NXP MIFARE Plus 2k"\r
+ elseif 0x10 == result.sak then -- NXP MIFARE Plus 2k\r
numSectors = 32\r
+ elseif 0x01 == sak then -- NXP MIFARE TNP3xxx 1K\r
+ numSectors = 16\r
else\r
print("I don't know how many sectors there are on this type of card, defaulting to 16")\r
end \r
typ = 0
elseif 0x10 == sak then-- "NXP MIFARE Plus 2k"
typ = 2
+ elseif 0x01 == sak then-- "NXP MIFARE TNP3xxx 1K"
+ typ = 1
else
print("I don't know how many sectors there are on this type of card, defaulting to 16")
end
#define PIO_PDR (AT91_CAST(AT91_REG *) 0x00000004) // (PIO_PDR) PIO Disable Register
#define PIO_PSR (AT91_CAST(AT91_REG *) 0x00000008) // (PIO_PSR) PIO Status Register
#define PIO_OER (AT91_CAST(AT91_REG *) 0x00000010) // (PIO_OER) Output Enable Register
-#define PIO_ODR (AT91_CAST(AT91_REG *) 0x00000014) // (PIO_ODR) Output Disable Registerr
+#define PIO_ODR (AT91_CAST(AT91_REG *) 0x00000014) // (PIO_ODR) Output Disable Register
#define PIO_OSR (AT91_CAST(AT91_REG *) 0x00000018) // (PIO_OSR) Output Status Register
#define PIO_IFER (AT91_CAST(AT91_REG *) 0x00000020) // (PIO_IFER) Input Filter Enable Register
#define PIO_IFDR (AT91_CAST(AT91_REG *) 0x00000024) // (PIO_IFDR) Input Filter Disable Register
// Might as well have the hardware-specific defines everywhere.
#include "at91sam7s512.h"
#include "config_gpio.h"
+#include "usb_cmd.h"
#define WDT_HIT() AT91C_BASE_WDTC->WDTC_WDCR = 0xa5000001
#define TRUE 1
#define FALSE 0
-#include <usb_cmd.h>
-
//#define PACKED __attribute__((__packed__))
#define LED_A_ON() HIGH(GPIO_LED_A)
#define CMD_EM4X_WRITE_WORD 0x0219
#define CMD_IO_DEMOD_FSK 0x021A
#define CMD_IO_CLONE_TAG 0x021B
-#define CMD_EM410X_DEMOD 0x021C
+#define CMD_EM410X_DEMOD 0x021c
/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
#define CMD_MIFARE_EML_MEMSET 0x0602
#define CMD_MIFARE_EML_MEMGET 0x0603
#define CMD_MIFARE_EML_CARDLOAD 0x0604
-#define CMD_MIFARE_EML_CSETBLOCK 0x0605
-#define CMD_MIFARE_EML_CGETBLOCK 0x0606
+
+// magic chinese card commands
+#define CMD_MIFARE_CSETBLOCK 0x0605
+#define CMD_MIFARE_CGETBLOCK 0x0606
+#define CMD_MIFARE_CIDENT 0x0607
#define CMD_SIMULATE_MIFARE_CARD 0x0610
#define CMD_MIFARE_READSC 0x0621
#define CMD_MIFAREU_READCARD 0x0721
#define CMD_MIFARE_WRITEBL 0x0622
-#define CMD_MIFAREU_WRITEBL_COMPAT 0x0722
-#define CMD_MIFAREU_WRITEBL 0x0723
+#define CMD_MIFAREU_WRITEBL 0x0722
+#define CMD_MIFAREU_WRITEBL_COMPAT 0x0723
+
#define CMD_MIFARE_CHKKEYS 0x0623
#define CMD_MIFARE_SNIFFER 0x0630
+//ultralightC
+#define CMD_MIFAREUC_AUTH1 0x0724
+#define CMD_MIFAREUC_AUTH2 0x0725
+#define CMD_MIFAREUC_READCARD 0x0726
+
+// mifare desfire
+#define CMD_MIFARE_DESFIRE_READBL 0x0728
+#define CMD_MIFARE_DESFIRE_WRITEBL 0x0729
+#define CMD_MIFARE_DESFIRE_AUTH1 0x072a
+#define CMD_MIFARE_DESFIRE_AUTH2 0x072b
+#define CMD_MIFARE_DES_READER 0x072c
+#define CMD_MIFARE_DESFIRE_INFO 0x072d
+#define CMD_MIFARE_DESFIRE 0x072e
#define CMD_UNKNOWN 0xFFFF