extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
void SendVersion(void)
{
- char temp[256]; /* Limited data payload in USB packets */
+ char temp[512]; /* Limited data payload in USB packets */
DbpString("Prox/RFID mark3 RFID instrument");
/* Try to find the bootrom version information. Expect to find a pointer at
for (;;)
{
-// UsbPoll(FALSE);
usb_poll();
- WDT_HIT();
+ WDT_HIT();
// Was our button held down or pressed?
int button_pressed = BUTTON_HELD(1000);
case CMD_SIMULATE_TAG_ISO_14443a:
SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); // ## Simulate iso14443a tag - pass tag type & UID
break;
+
case CMD_EPA_PACE_COLLECT_NONCE:
EPA_PACE_Collect_Nonce(c);
break;
+ // case CMD_EPA_:
+ // EpaFoo(c);
+ // break;
+
case CMD_READER_MIFARE:
ReaderMifare(c->arg[0]);
break;
// The large multi-purpose buffer, typically used to hold A/D samples,
// maybe processed in some way.
-uint32_t BigBuf[10000];
+//#define BIG_BUFF_SIZE 10000 // PM3 w. 256KB ram
+#define BIG_BUFF_SIZE 10000 // PM3 w. 512KB ram
+
+uint32_t BigBuf[BIG_BUFF_SIZE];
// BIG CHANGE - UNDERSTAND THIS BEFORE WE COMMIT
#define TRACE_OFFSET 0
-#define TRACE_SIZE 3000
+#define TRACE_SIZE 4096
#define RECV_CMD_OFFSET 3032
#define RECV_CMD_SIZE 64
#define RECV_RES_OFFSET 3096
#define FREE_BUFFER_OFFSET 7256
#define FREE_BUFFER_SIZE 2744
-extern const uint8_t OddByteParity[256];
+//extern const uint8_t OddByteParity[256];
extern uint8_t *trace; // = (uint8_t *) BigBuf;
extern int traceLen; // = 0;
extern int rsamples; // = 0;
// Calculate the parity bit for the client...
Uart.parityBits <<= 1;
- Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
+ //Uart.parityBits ^= OddByteParity[(Uart.shiftReg & 0xff)];
+ Uart.parityBits ^= oddparity(Uart.shiftReg & 0xff);
Uart.bitCnt = 0;
Uart.shiftReg = 0;
// Calculate the parity bit for the client...
Uart.parityBits <<= 1;
- Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
+ //Uart.parityBits ^= OddByteParity[(Uart.dropPosition & 0xff)];
+ Uart.parityBits ^= oddparity((Uart.dropPosition & 0xff));
Uart.bitCnt = 0;
Uart.shiftReg = 0;
else {
modulation = bit & Demod.syncBit;
modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
- //modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
-
+
Demod.samples += 4;
if(Demod.posCount==0) {
Demod.output[Demod.len] = 0x0f;
Demod.len++;
Demod.parityBits <<= 1;
- Demod.parityBits ^= OddByteParity[0x0f];
+ //Demod.parityBits ^= OddByteParity[0x0f];
+ Demod.parityBits ^= oddparity(0x0f);
Demod.state = DEMOD_UNSYNCD;
// error = 0x0f;
return TRUE;
// FOR ISO15639 PARITY NOT SEND OTA, JUST CALCULATE IT FOR THE CLIENT
Demod.parityBits <<= 1;
- Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
+ //Demod.parityBits ^= OddByteParity[(Demod.shiftReg & 0xff)];
+ Demod.parityBits ^= oddparity((Demod.shiftReg & 0xff));
Demod.bitCount = 0;
Demod.shiftReg = 0;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
- /*if(OutOfNDecoding((b & 0xf0) >> 4)) {
- *len = Uart.byteCnt;
- return TRUE;
- }*/
+
if(OutOfNDecoding(b & 0x0f)) {
*len = Uart.byteCnt;
return TRUE;
int par = 0;
// This is tied to other size changes
- // uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
CodeIClassCommand(frame,len);
// Select the card
for(;;) {
WDT_HIT();
- if(BUTTON_PRESS()) return FALSE;
+ if(BUTTON_PRESS()) return FALSE;
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!!
b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
skip = !skip;
if(skip) continue;
- /*if(ManchesterDecoding((b>>4) & 0xf)) {
- *samples = ((c - 1) << 3) + 4;
- return TRUE;
- }*/
+
if(ManchesterDecoding(b & 0x0f)) {
*samples = c << 3;
return TRUE;
#define SEC_Y 0x00
#define SEC_Z 0xc0
+//replaced large parity table with small parity generation function - saves flash code
+/*
const uint8_t OddByteParity[256] = {
1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1,
0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0,
1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
};
-
+*/
void iso14a_set_trigger(bool enable) {
trigger = enable;
// Generate the parity value for a byte sequence
//
//-----------------------------------------------------------------------------
+/*
byte_t oddparity (const byte_t bt)
{
return OddByteParity[bt];
}
+*/
uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
{
// Generate the parity bits
for (i = 0; i < iLen; i++) {
// and save them to a 32Bit word
- dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+ //dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+ dwPar |= (oddparity(pbtCmd[i]) << i);
}
return dwPar;
}
}
// Get the parity bit
- if ((dwParity >> i) & 0x01) {
+ //if ((dwParity >> i) & 0x01) {
+ if (oddparity(cmd[i]) & 0x01) {
ToSend[++ToSendMax] = SEC_D;
LastProxToAirDuration = 8 * ToSendMax - 4;
} else {
response1[1] = 0x00;
sak = 0x28;
} break;
+ case 5: { // MIFARE TNP3XXX
+ // Says: I am a toy
+ response1[0] = 0x01;
+ response1[1] = 0x0f;
+ sak = 0x01;
+ } break;
default: {
Dbprintf("Error: unkown tagtype (%d)",tagType);
return;
memcpy(uid_resp,resp,4);
}
uid_resp_len = 4;
- // Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
+
// calculate crypto UID. Always use last 4 Bytes.
if(cuid_ptr) {
if (!ReaderReceive(resp)) return 0;
sak = resp[0];
+ //Dbprintf("SAK: %02x",resp[0]);
+
// Test if more parts of the uid are comming
if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
// Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
// Signal field is on with the appropriate LED
- if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD
- || fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) {
+ if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD || fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN) {
LED_D_ON();
} else {
LED_D_OFF();
if(param & ISO14A_APPEND_CRC) {
AppendCrc14443a(cmd,len);
len += 2;
- lenbits += 16;
+ if(lenbits>0)
+ lenbits += 16;
}
- if(lenbits>0) {
-
+ if(lenbits>0) {
ReaderTransmitBitsPar(cmd,lenbits,GetParity(cmd,lenbits/8), NULL);
} else {
ReaderTransmit(cmd,len, NULL);
uint32_t nt = 0;
uint32_t previous_nt = 0;
static uint32_t nt_attacked = 0;
- byte_t par_list[8] = {0,0,0,0,0,0,0,0};
- byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
+ byte_t par_list[8] = {0x00};
+ byte_t ks_list[8] = {0x00};
static uint32_t sync_time;
static uint32_t sync_cycles;
uint16_t consecutive_resyncs = 0;
int isOK = 0;
-
-
if (first_try) {
mf_nr_ar3 = 0;
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
LED_C_OFF();
+ Dbprintf("Mifare: Before loopen");
for(uint16_t i = 0; TRUE; i++) {
WDT_HIT();
-extern byte_t oddparity (const byte_t bt);
+//extern byte_t oddparity (const byte_t bt);
extern uint32_t GetParity(const uint8_t *pbtCmd, int iLen);
extern void AppendCrc14443a(uint8_t *data, int len);
#define cardSTATE_TO_IDLE() cardSTATE = MFEMUL_IDLE; LED_B_OFF(); LED_C_OFF();\r
\r
//functions
-uint8_t* mifare_get_bigbufptr(void);
+
int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint32_t *timing);
int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint8_t *timing);
int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* amswer, uint32_t *timing);\r
#include <util.h>
int strlen(const char *str);
-void *memcpy(void *dest, const void *src, int len);
+RAMFUNC void *memcpy(void *dest, const void *src, int len);
void *memset(void *dest, int c, int len);
-int memcmp(const void *av, const void *bv, int len);
+RAMFUNC int memcmp(const void *av, const void *bv, int len);
void memxor(uint8_t * dest, uint8_t * src, size_t len);
char *strncat(char *dest, const char *src, unsigned int n);
char *strcat(char *dest, const char *src);
return (data[2] << 16) | (data[1] << 8) | data[0];
}
+//added here for parity calulations
+uint8_t oddparity(uint8_t bt)
+{
+ uint16_t v = bt;
+ v ^= v >> 4;
+ v &= 0xF;
+ return ((0x9669 >> v) & 1);
+}
+
void LEDsoff()
{
LED_A_OFF();
void rol(uint8_t *data, const size_t len);
void lsl (uint8_t *data, size_t len);
int32_t le24toh (uint8_t data[3]);
+//added parity generation function here
+uint8_t oddparity(uint8_t bt);
void SpinDelay(int ms);
void SpinDelayUs(int us);
ShowWaitCycles = true;
}
- uint8_t got[1920];
+ uint8_t got[TRACE_BUFFER_SIZE];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
uint32_t EndOfTransmissionTimestamp = 0;
for (;;) {
- if(i >= 1900) {
+ if(i >= TRACE_BUFFER_SIZE) {
break;
}
if (len > 100) {
break;
}
- if (i + len >= 1900) {
+ if (i + len >= TRACE_BUFFER_SIZE) {
break;
}
PrintAndLog(" 2 = MIFARE Ultralight");
PrintAndLog(" 3 = MIFARE DESFIRE");
PrintAndLog(" 4 = ISO/IEC 14443-4");
+ PrintAndLog(" 5 = MIFARE TNP3XXX");
PrintAndLog("");
return 1;
}
UsbCommand resp;
char *hexout;
- if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+ if (WaitForResponseTimeout(CMD_ACK,&resp,10000)) {
recv = resp.d.asBytes;
uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
PrintAndLog("received %i octets",iLen);
int CmdHF14BList(const char *Cmd)
{
- uint8_t got[960];
+ uint8_t got[TRACE_BUFFER_SIZE];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
int prev = -1;
for(;;) {
- if(i >= 900) {
- break;
- }
+
+ if(i >= TRACE_BUFFER_SIZE) { break; }
bool isResponse;
int timestamp = *((uint32_t *)(got+i));
if(len > 100) {
break;
}
- if(i + len >= 900) {
+ if(i + len >= TRACE_BUFFER_SIZE) {
break;
}
SendCommand(&c);
if (reply) {
- if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+ if (WaitForResponseTimeout(CMD_ACK,&resp,10000)) {
recv = resp.d.asBytes;
PrintAndLog("received %i octets",resp.arg[0]);
if(!resp.arg[0])
SendCommand(&c);
UsbCommand resp;
- WaitForResponse(CMD_ACK,&resp);
+ WaitForResponse(CMD_ACK,&resp);
// check if command failed
if (resp.arg[0] != 0) {
return 1;
}
+// UI-related stuff
// UI-related stuff
static const command_t CommandTable[] =
return 0;
}
- uint8_t got[1920];
+ uint8_t got[TRACE_BUFFER_SIZE];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
uint32_t EndOfTransmissionTimestamp = 0;
- for( i=0; i < 1900;)
+ for( i=0; i < TRACE_BUFFER_SIZE;)
{
//First 32 bits contain
// isResponse (1 bit)
\r
\r
int CmdHF14AMfSniff(const char *Cmd){\r
- // params\r
+\r
bool wantLogToFile = 0;\r
bool wantDecrypt = 0;\r
//bool wantSaveToEml = 0; TODO\r
PrintAndLog(" l - save encrypted sequence to logfile `uid.log`");\r
PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`");\r
PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r
- PrintAndLog(" r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
- PrintAndLog("Usage: hf mf sniff [l][d][e][r]");\r
+ PrintAndLog(" f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
+ PrintAndLog("Usage: hf mf sniff [l][d][e][f]");\r
PrintAndLog(" sample: hf mf sniff l d e");\r
return 0;\r
} \r
return -1;\r
}\r
\r
-\r
-\r
-\r
static command_t CommandTable[] =\r
{\r
{"help", CmdHelp, 1, "This help"},\r
uint8_t CMDPOS = 0;
uint8_t LENPOS = 1;
-uint8_t key_zero_data[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+uint8_t key_zero_data[16] = { 0x00 };
+uint8_t key_ones_data[16] = { 0x01 };
uint8_t key_defa_data[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
-uint8_t key_ones_data[16] = { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 };
uint8_t key_picc_data[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
static int CmdHelp(const char *Cmd);
return 1;
}
-int CmdHF14ADesNonces(const char *Cmd){
- return 1;
-}
-
-//
// MIAFRE DesFire Authentication
//
#define BUFSIZE 256
{"wb", CmdHF14ADesWb, 0, "write MIFARE DesFire block"},
{"info", CmdHF14ADesInfo, 0, "Get MIFARE DesFire information"},
{"enum", CmdHF14ADesEnumApplications,0, "Tries enumerate all applications"},
- {"nonce", CmdHF14ADesNonces, 0, "<n> Collect n>0 nonces"},
{NULL, NULL, 0, NULL}
};
int CmdHF14ADesWb(const char* cmd);
int CmdHF14ADesInfo(const char *Cmd);
int CmdHF14ADesEnumApplications(const char *Cmd);
-int CmdHF14ADesNonces(const char *Cmd);
+
char * GetCardSizeStr( uint8_t fsize );
char * GetVendorStr( uint8_t id);
char * GetProtocolStr(uint8_t id);
int CmdLFHitagList(const char *Cmd)
{
- uint8_t got[3000];
+ uint8_t got[TRACE_BUFFER_SIZE];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
FILE* pf = NULL;
for (;;) {
- if(i >= 1900) {
- break;
- }
+
+ if(i >= TRACE_BUFFER_SIZE) { break; }
bool isResponse;
int timestamp = *((uint32_t *)(got+i));
if (len > 100) {
break;
}
- if (i + len >= 1900) {
- break;
- }
+ if (i + len >= TRACE_BUFFER_SIZE) { break;}
uint8_t *frame = (got+i+9);
#include <stdint.h>
+//trace buffer size as defined in armsrc/apps.h TRACE_SIZE
+#define TRACE_BUFFER_SIZE 4096
#define FILE_PATH_SIZE 1000
#define SAMPLE_BUFFER_SIZE 64
--]]
'4b0b20107ccb',
+ --[[
+ Kiev metro cards
+ --]]
+ '8fe644038790',
+ 'f14ee7cae863',
+ '632193be1c3c',
+ '569369c5a0e5',
+ '9de89e070277',
+ 'eff603e1efe9',
+ '644672bd4afe',
+
+ 'b5ff67cba951',
}
---
err = LoadEmulator(blocks)
if err then return oops(err) end
core.clearCommandBuffer()
- print('The simulation is now prepared. run \"hf mf sim\" ')
+ print('The simulation is now prepared.\n --> run \"hf mf sim 5 '..uid..'\" <--')
end
end
main(args)
\ No newline at end of file
#define CMD_SIMULATE_TAG_LEGIC_RF 0x0387
#define CMD_READER_LEGIC_RF 0x0388
#define CMD_WRITER_LEGIC_RF 0x0389
+
#define CMD_EPA_PACE_COLLECT_NONCE 0x038A
+//#define CMD_EPA_ 0x038B
#define CMD_SNOOP_ICLASS 0x0392
#define CMD_SIMULATE_TAG_ICLASS 0x0393
projects / proxmark3-svn / commitdiff