Merge branch 'master' of https://github.com/marshmellow42/proxmark3

diff --git a/armsrc/Makefile b/armsrc/Makefile
index 6f0a2aefdc15069c9c01d7cf18aaffed49b61630..b9019541e7d886a7fe573abf9eaa81f84f717a98 100644 (file)
--- a/armsrc/Makefile
+++ b/armsrc/Makefile
@@ -10,7 +10,7 @@ APP_INCLUDES = apps.h
 
 #remove one of the following defines and comment out the relevant line
 #in the next section to remove that particular feature from compilation  
-APP_CFLAGS     = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG
+APP_CFLAGS     = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -fno-strict-aliasing
 #-DWITH_LCD 
 
 #SRC_LCD = fonts.c LCD.c
@@ -24,7 +24,8 @@ THUMBSRC = start.c \
        $(SRC_LCD) \
        $(SRC_ISO15693) \
        $(SRC_LF) \
-       appmain.c printf.c \
+       appmain.c \
+       printf.c \
        util.c \
        string.c \
        usb_cdc.c \

diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 57c485e878b0c15cee795319d8561d004210e31e..3c92a7fd28c07b50b1bd76929bb9ba1aff45f245 100644 (file)
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -82,40 +82,12 @@ void DbpString(char *str)
 {
   byte_t len = strlen(str);
   cmd_send(CMD_DEBUG_PRINT_STRING,len,0,0,(byte_t*)str,len);
-//     /* this holds up stuff unless we're connected to usb */
-//     if (!UsbConnected())
-//             return;
-//
-//     UsbCommand c;
-//     c.cmd = CMD_DEBUG_PRINT_STRING;
-//     c.arg[0] = strlen(str);
-//     if(c.arg[0] > sizeof(c.d.asBytes)) {
-//             c.arg[0] = sizeof(c.d.asBytes);
-//     }
-//     memcpy(c.d.asBytes, str, c.arg[0]);
-//
-//     UsbSendPacket((uint8_t *)&c, sizeof(c));
-//     // TODO fix USB so stupid things like this aren't req'd
-//     SpinDelay(50);
 }
 
 #if 0
 void DbpIntegers(int x1, int x2, int x3)
 {
   cmd_send(CMD_DEBUG_PRINT_INTEGERS,x1,x2,x3,0,0);
-//     /* this holds up stuff unless we're connected to usb */
-//     if (!UsbConnected())
-//             return;
-//
-//     UsbCommand c;
-//     c.cmd = CMD_DEBUG_PRINT_INTEGERS;
-//     c.arg[0] = x1;
-//     c.arg[1] = x2;
-//     c.arg[2] = x3;
-//
-//     UsbSendPacket((uint8_t *)&c, sizeof(c));
-//     // XXX
-//     SpinDelay(50);
 }
 #endif
 
@@ -332,7 +304,7 @@ extern struct version_information version_information;
 extern char *_bootphase1_version_pointer, _flash_start, _flash_end;
 void SendVersion(void)
 {
-       char temp[256]; /* Limited data payload in USB packets */
+       char temp[512]; /* Limited data payload in USB packets */
        DbpString("Prox/RFID mark3 RFID instrument");
 
        /* Try to find the bootrom version information. Expect to find a pointer at
@@ -381,13 +353,13 @@ void SamyRun()
 
        int selected = 0;
        int playing = 0;
+       int cardRead = 0;
 
        // Turn on selected LED
        LED(selected + 1, 0);
 
        for (;;)
        {
-//             UsbPoll(FALSE);
                usb_poll();
     WDT_HIT();
 
@@ -396,7 +368,7 @@ void SamyRun()
                SpinDelay(300);
 
                // Button was held for a second, begin recording
-               if (button_pressed > 0)
+               if (button_pressed > 0 && cardRead == 0)
                {
                        LEDsoff();
                        LED(selected + 1, 0);
@@ -422,6 +394,40 @@ void SamyRun()
                        // If we were previously playing, set playing off
                        // so next button push begins playing what we recorded
                        playing = 0;
+                       
+                       cardRead = 1;
+       
+               }
+
+               else if (button_pressed > 0 && cardRead == 1)
+               {
+                                       LEDsoff();
+                                       LED(selected + 1, 0);
+                                       LED(LED_ORANGE, 0);
+
+                                       // record
+                                       Dbprintf("Cloning %x %x %x", selected, high[selected], low[selected]);
+
+                                       // wait for button to be released
+                                       while(BUTTON_PRESS())
+                                               WDT_HIT();
+
+                                       /* need this delay to prevent catching some weird data */
+                                       SpinDelay(500);
+
+                                       CopyHIDtoT55x7(high[selected], low[selected], 0, 0);
+                                       Dbprintf("Cloned %x %x %x", selected, high[selected], low[selected]);
+
+                                       LEDsoff();
+                                       LED(selected + 1, 0);
+                                       // Finished recording
+
+                                       // If we were previously playing, set playing off
+                                       // so next button push begins playing what we recorded
+                                       playing = 0;
+                                       
+                                       cardRead = 0;
+                       
                }
 
                // Change where to record (or begin playing)
@@ -635,18 +641,18 @@ void UsbPacketReceived(uint8_t *packet, int len)
                        cmd_send(CMD_ACK,0,0,0,0,0);
                        break;
                case CMD_HID_DEMOD_FSK:
-                       CmdHIDdemodFSK(c->arg[0], 0, 0, 1);                                     // Demodulate HID tag
+                       CmdHIDdemodFSK(c->arg[0], 0, 0, 1);
                        break;
                case CMD_HID_SIM_TAG:
-                       CmdHIDsimTAG(c->arg[0], c->arg[1], 1);                                  // Simulate HID tag by ID
+                       CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
                        break;
-               case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
+               case CMD_HID_CLONE_TAG:
                        CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
                        break;
                case CMD_IO_DEMOD_FSK:
-                       CmdIOdemodFSK(c->arg[0], 0, 0, 1);                                      // Demodulate IO tag
+                       CmdIOdemodFSK(c->arg[0], 0, 0, 1);
                        break;
-               case CMD_IO_CLONE_TAG: // Clone IO tag by ID to T55x7
+               case CMD_IO_CLONE_TAG:
                        CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
                        break;
                case CMD_EM410X_DEMOD:
@@ -669,10 +675,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_LF_SIMULATE_BIDIR:
                        SimulateTagLowFrequencyBidir(c->arg[0], c->arg[1]);
                        break;
-               case CMD_INDALA_CLONE_TAG:                                      // Clone Indala 64-bit tag by UID to T55x7
+               case CMD_INDALA_CLONE_TAG:
                        CopyIndala64toT55x7(c->arg[0], c->arg[1]);                                      
                        break;
-               case CMD_INDALA_CLONE_TAG_L:                                    // Clone Indala 224-bit tag by UID to T55x7
+               case CMD_INDALA_CLONE_TAG_L:
                        CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
                        break;
                case CMD_T55XX_READ_BLOCK:
@@ -681,13 +687,12 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_T55XX_WRITE_BLOCK:
                        T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
                        break;
-               case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
+               case CMD_T55XX_READ_TRACE:
                        T55xxReadTrace();
                        break;
-               case CMD_PCF7931_READ: // Read PCF7931 tag
+               case CMD_PCF7931_READ:
                        ReadPCF7931();
                        cmd_send(CMD_ACK,0,0,0,0,0);
-//             UsbSendPacket((uint8_t*)&ack, sizeof(ack));
                        break;
                case CMD_EM4X_READ_WORD:
                        EM4xReadWord(c->arg[1], c->arg[2],c->d.asBytes[0]);
@@ -733,7 +738,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
                        ReaderIso15693(c->arg[0]);
                        break;
                case CMD_SIMTAG_ISO_15693:
-                       SimTagIso15693(c->arg[0]);
+                       SimTagIso15693(c->arg[0], c->d.asBytes);
                        break;
 #endif
 
@@ -782,6 +787,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_SIMULATE_TAG_ISO_14443a:
                        SimulateIso14443aTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);  // ## Simulate iso14443a tag - pass tag type & UID
                        break;
+                       
                case CMD_EPA_PACE_COLLECT_NONCE:
                        EPA_PACE_Collect_Nonce(c);
                        break;
@@ -838,12 +844,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
                        break;
                        
                // Work with "magic Chinese" card
-               case CMD_MIFARE_EML_CSETBLOCK:
+               case CMD_MIFARE_CSETBLOCK:
                        MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
                        break;
-               case CMD_MIFARE_EML_CGETBLOCK:
+               case CMD_MIFARE_CGETBLOCK:
                        MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
                        break;
+               case CMD_MIFARE_CIDENT:
+                       MifareCIdent();
+                       break;
                        
                // mifare sniffer
                case CMD_MIFARE_SNIFFER:
@@ -894,18 +903,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
                        break;
 
                case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
-//                     UsbCommand n;
-//                     if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
-//                             n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
-//                     } else {
-//                             n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
-//                     }
-//                     n.arg[0] = c->arg[0];
-      //                       memcpy(n.d.asBytes, BigBuf+c->arg[0], 48); // 12*sizeof(uint32_t)
-      //                       LED_B_ON();
-      //      usb_write((uint8_t *)&n, sizeof(n));
-      //                       UsbSendPacket((uint8_t *)&n, sizeof(n));
-      //                       LED_B_OFF();
 
                        LED_B_ON();
                        for(size_t i=0; i<c->arg[1]; i += USB_CMD_DATA_SIZE) {
@@ -919,9 +916,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
 
                case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
                        uint8_t *b = (uint8_t *)BigBuf;
-                       memcpy(b+c->arg[0], c->d.asBytes, 48);
-                       //Dbprintf("copied 48 bytes to %i",b+c->arg[0]);
-//                     UsbSendPacket((uint8_t*)&ack, sizeof(ack));
+                       memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
                        cmd_send(CMD_ACK,0,0,0,0,0);
                        break;
                }       
@@ -979,7 +974,6 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_DEVICE_INFO: {
                        uint32_t dev_info = DEVICE_INFO_FLAG_OSIMAGE_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_OS;
                        if(common_area.flags.bootrom_present) dev_info |= DEVICE_INFO_FLAG_BOOTROM_PRESENT;
-//                     UsbSendPacket((uint8_t*)&c, sizeof(c));
                        cmd_send(CMD_DEVICE_INFO,dev_info,0,0,0,0);     
                        break;
                }
@@ -1006,9 +1000,8 @@ void  __attribute__((noreturn)) AppMain(void)
        LED_B_OFF();
        LED_A_OFF();
 
-  // Init USB device`
+       // Init USB device
   usb_enable();
-//     UsbStart();
 
        // The FPGA gets its clock from us from PCK0 output, so set that up.
        AT91C_BASE_PIOA->PIO_BSR = GPIO_PCK0;
@@ -1044,8 +1037,6 @@ void  __attribute__((noreturn)) AppMain(void)
         UsbPacketReceived(rx,rx_len);
       }
     }
-//             UsbPoll(FALSE);
-
                WDT_HIT();
 
 #ifdef WITH_LF

diff --git a/armsrc/apps.h b/armsrc/apps.h
index ed51c7b94894faf9413b9d84e91b3aae5bbedd81..eafee559a899bc17976cabfe10786212c000fbc7 100644 (file)
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -192,12 +192,13 @@ void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
 void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
 void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);  // Work with "magic Chinese" card
 void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
+void MifareCIdent();  // is "magic chinese" card?
 
 /// iso15693.h
 void RecordRawAdcSamplesIso15693(void);
 void AcquireRawAdcSamplesIso15693(void);
 void ReaderIso15693(uint32_t parameter);       // Simulate an ISO15693 reader - greg
-void SimTagIso15693(uint32_t parameter);       // simulate an ISO15693 tag - greg
+void SimTagIso15693(uint32_t parameter, uint8_t *uid); // simulate an ISO15693 tag - greg
 void BruteforceIso15693Afi(uint32_t speed); // find an AFI of a tag - atrox
 void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8_t data[]); // send arbitrary commands from CLI - atrox 
 void SetDebugIso15693(uint32_t flag);

diff --git a/armsrc/epa.c b/armsrc/epa.c
index fb19656d1dd1d345a8c72f016415691a47e8c9a3..bec79e61d075852c3d088c4667c21e8c97faf53d 100644 (file)
--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@@ -185,6 +185,7 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
            || response_apdu[rapdu_length - 4] != 0x90
            || response_apdu[rapdu_length - 3] != 0x00)
        {
+               Dbprintf("epa - no select cardaccess");
                return -1;
        }
        
@@ -196,6 +197,7 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
            || response_apdu[rapdu_length - 4] != 0x90
            || response_apdu[rapdu_length - 3] != 0x00)
        {
+               Dbprintf("epa - no read cardaccess");
                return -1;
        }
        
@@ -223,7 +225,6 @@ static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
        
        // send the USB packet
   cmd_send(CMD_ACK,step,func_return,0,0,0);
-//UsbSendPacket((void *)ack, sizeof(UsbCommand));
 }
 
 //-----------------------------------------------------------------------------
@@ -243,7 +244,7 @@ void EPA_PACE_Collect_Nonce(UsbCommand *c)
         */
 
        // return value of a function
-       int func_return;
+       int func_return = 0;
 
 //     // initialize ack with 0s
 //     memset(ack->arg, 0, 12);
@@ -301,7 +302,6 @@ void EPA_PACE_Collect_Nonce(UsbCommand *c)
        // save received information
 //     ack->arg[1] = func_return;
 //     memcpy(ack->d.asBytes, nonce, func_return);
-//     UsbSendPacket((void *)ack, sizeof(UsbCommand));
   cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
 }
 
@@ -416,25 +416,27 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
 //-----------------------------------------------------------------------------
 int EPA_Setup()
 {
-       // return code
+
        int return_code = 0;
-       // card UID
        uint8_t uid[10];
-       // card select information
+       uint8_t pps_response[3];
+       uint8_t pps_response_par[1];
        iso14a_card_select_t card_select_info;
+
        // power up the field
        iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
 
+       iso14a_set_timeout(10500);
+       
        // select the card
        return_code = iso14443a_select_card(uid, &card_select_info, NULL);
        if (return_code != 1) {
+               Dbprintf("Epa: Can't select card");
                return 1;
        }
 
        // send the PPS request
        ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
-       uint8_t pps_response[3];
-       uint8_t pps_response_par[1];
        return_code = ReaderReceive(pps_response, pps_response_par);
        if (return_code != 3 || pps_response[0] != 0xD0) {
                return return_code == 0 ? 2 : return_code;

diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c
index 839240bd3d464d58269b589d5e340c609d19d77d..27a5d50851d04bb57c24b98cf43db2817482f101 100644 (file)
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
@@ -990,18 +990,18 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
   // Disable timer during configuration        
        AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
 
-       // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
+       // Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger,
        // external trigger rising edge, load RA on rising edge of TIOA.
        AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING;
        
-       // Enable and reset counter
-       AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
-
        // Reset the received frame, frame count and timing info
        memset(rx,0x00,sizeof(rx));
        frame_count = 0;
        response = 0;
        overflow = 0;
+
+       // Enable and reset counter
+       AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
        
        while(!BUTTON_PRESS()) {
                // Watchdog hit
@@ -1105,9 +1105,9 @@ void SimulateHitagTag(bool tag_mem_supplied, byte_t* data) {
        AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
        AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-//     Dbprintf("frame received: %d",frame_count);
-//     Dbprintf("Authentication Attempts: %d",(auth_table_len/8));
-//     DbpString("All done");
+       
+       DbpString("Sim Stopped");
+       
 }
 
 void ReaderHitag(hitag_function htf, hitag_data* htd) {
@@ -1158,7 +1158,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
       
                case RHT2F_CRYPTO: {
                        DbpString("Authenticating using key:");
-                       memcpy(key,htd->crypto.key,4);
+                       memcpy(key,htd->crypto.key,4);    //HACK; 4 or 6??  I read both in the code.
                        Dbhexdump(6,key,false);
       blocknr = 0;
                        bQuiet = false;

diff --git a/armsrc/iclass.c b/armsrc/iclass.c
index 3844ab143f242d2c4554abb18f0163a14aa6e2b9..ea9af7d4f4fa11c9b84f15d4a8ea0ee6314bd02f 100644 (file)
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@@ -433,7 +433,6 @@ static RAMFUNC int ManchesterDecoding(int v)
        else {
                modulation = bit & Demod.syncBit;
                modulation |= ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
-               //modulation = ((bit << 1) ^ ((Demod.buffer & 0x08) >> 3)) & Demod.syncBit;
 
                Demod.samples += 4;
 
@@ -842,10 +841,7 @@ static int GetIClassCommandFromReader(uint8_t *received, int *len, int maxLen)
         }
         if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
             uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-                       /*if(OutOfNDecoding((b & 0xf0) >> 4)) {
-                               *len = Uart.byteCnt;
-                               return TRUE;
-                       }*/
+
                        if(OutOfNDecoding(b & 0x0f)) {
                                *len = Uart.byteCnt;
                                return TRUE;
@@ -1001,8 +997,6 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain
  */
 int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader_mac_buf)
 {
-
-
        // CSN followed by two CRC bytes
        uint8_t response2[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
        uint8_t response3[] = { 0,0,0,0,0,0,0,0,0,0};
@@ -1106,6 +1100,7 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader
                //Signal tracer
                // Can be used to get a trigger for an oscilloscope..
                LED_C_OFF();
+
                if(!GetIClassCommandFromReader(receivedCmd, &len, 100)) {
                        buttonPressed = true;
                        break;
@@ -1368,7 +1363,6 @@ void ReaderTransmitIClass(uint8_t* frame, int len)
        int samples = 0;
 
        // This is tied to other size changes
-       //      uint8_t* frame_addr = ((uint8_t*)BigBuf) + 2024;
        CodeIClassCommand(frame,len);
 
        // Select the card
@@ -1423,10 +1417,7 @@ static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples,
                        b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
                        skip = !skip;
                        if(skip) continue;
-                       /*if(ManchesterDecoding((b>>4) & 0xf)) {
-                               *samples = ((c - 1) << 3) + 4;
-                               return TRUE;
-                       }*/
+               
                        if(ManchesterDecoding(b & 0x0f)) {
                                *samples = c << 3;
                                return  TRUE;
@@ -1594,7 +1585,7 @@ void ReaderIClass(uint8_t arg0) {
 
 void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
 
-       uint8_t card_data[24]={0};
+       uint8_t card_data[USB_CMD_DATA_SIZE]={0};
        uint16_t block_crc_LUT[255] = {0};
 
        {//Generate a lookup table for block crc
@@ -1667,7 +1658,10 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
 
                cardsize = memory.k16 ? 255 : 32;
                WDT_HIT();
-
+               //Set card_data to all zeroes, we'll fill it with data
+               memset(card_data,0x0,USB_CMD_DATA_SIZE);
+               uint8_t failedRead =0;
+               uint8_t stored_data_length =0;
                //then loop around remaining blocks
                for(int block=0; block < cardsize; block++){
 
@@ -1683,14 +1677,47 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) {
                                                resp[3], resp[4], resp[5],
                                                resp[6], resp[7]);
 
+                               //Fill up the buffer
+                               memcpy(card_data+stored_data_length,resp,8);
+                               stored_data_length += 8;
+
+                               if(stored_data_length +8 > USB_CMD_DATA_SIZE)
+                               {//Time to send this off and start afresh
+                                       cmd_send(CMD_ACK,
+                                                        stored_data_length,//data length
+                                                        failedRead,//Failed blocks?
+                                                        0,//Not used ATM
+                                                        card_data, stored_data_length);
+                                       //reset
+                                       stored_data_length = 0;
+                                       failedRead = 0;
+                               }
+
                        }else{
+                               failedRead = 1;
+                               stored_data_length +=8;//Otherwise, data becomes misaligned
                                Dbprintf("Failed to dump block %d", block);
-
                        }
                }
+               //Send off any remaining data
+               if(stored_data_length > 0)
+               {
+                       cmd_send(CMD_ACK,
+                                        stored_data_length,//data length
+                                        failedRead,//Failed blocks?
+                                        0,//Not used ATM
+                                        card_data, stored_data_length);
+               }
                //If we got here, let's break
                break;
        }
+       //Signal end of transmission
+       cmd_send(CMD_ACK,
+                        0,//data length
+                        0,//Failed blocks?
+                        0,//Not used ATM
+                        card_data, 0);
+
        LED_A_OFF();
 }
 

diff --git a/armsrc/iso14443.c b/armsrc/iso14443.c
index 7a445bcb89a72536b8293bc7f0513b418b188fdc..e9483189d3c92fe4a293439d21d314a15fbc4774 100644 (file)
--- a/armsrc/iso14443.c
+++ b/armsrc/iso14443.c
@@ -293,8 +293,7 @@ static int GetIso14443CommandFromReader(uint8_t *received, int *len, int maxLen)
     // only, since we are receiving, not transmitting).
     // Signal field is off with the appropriate LED
     LED_D_OFF();
-    FpgaWriteConfWord(
-       FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
+    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
 
 
     // Now run a `software UART' on the stream of incoming samples.
@@ -401,8 +400,7 @@ void SimulateIso14443Tag(void)
         // Modulate BPSK
         // Signal field is off with the appropriate LED
         LED_D_OFF();
-        FpgaWriteConfWord(
-               FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
+        FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);
         AT91C_BASE_SSC->SSC_THR = 0xff;
         FpgaSetupSsc();
 

diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c
index a4632aa543cff67e05fb3b1d4c74cc56c95ca76a..c2f809fee19ad706e54ee27043b6cd8c27adac56 100644 (file)
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@@ -144,7 +144,6 @@ const uint8_t OddByteParity[256] = {
   1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1
 };
 
-
 void iso14a_set_trigger(bool enable) {
        trigger = enable;
 }
@@ -310,6 +309,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
        Uart.twoBits = (Uart.twoBits << 8) | bit;
        
        if (Uart.state == STATE_UNSYNCD) {                                                                                              // not yet synced
+       
                if (Uart.highCnt < 7) {                                                                                                 // wait for a stable unmodulated signal
                        if (Uart.twoBits == 0xffff) {
                                Uart.highCnt++;
@@ -399,7 +399,7 @@ static RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time)
                                        if (Uart.len) {
                                                return TRUE;                                                                                    // we are finished with decoding the raw data sequence
                                        } else {
-                                               UartReset();                                                                                    // Nothing received - try again
+                                               UartReset();                                    // Nothing receiver - start over
                                        }
                                }
                                if (Uart.state == STATE_START_OF_COMMUNICATION) {                               // error - must not follow directly after SOC
@@ -473,7 +473,6 @@ void DemodReset()
        Demod.endTime = 0;
 }
 
-
 void DemodInit(uint8_t *data, uint8_t *parity)
 {
        Demod.output = data;
@@ -763,7 +762,6 @@ static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, uint8_t *par
        
        // Send startbit
        ToSend[++ToSendMax] = SEC_D;
-       
        LastProxToAirDuration = 8 * ToSendMax - 4;
 
        for(uint16_t i = 0; i < len; i++) {
@@ -990,6 +988,12 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
                        response1[1] = 0x00;
                        sak = 0x28;
                } break;
+               case 5: { // MIFARE TNP3XXX
+                       // Says: I am a toy
+                       response1[0] = 0x01;
+                       response1[1] = 0x0f;
+                       sak = 0x01;
+               } break;                
                default: {
                        Dbprintf("Error: unkown tagtype (%d)",tagType);
                        return;
@@ -1123,7 +1127,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
                        // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
                        p_response = NULL;
                } else if(receivedCmd[0] == 0x50) {     // Received a HALT
-//                     DbpString("Reader requested we HALT!:");
+
                        if (tracing) {
                                LogTrace(receivedCmd, Uart.len, Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, TRUE);
                        }
@@ -1228,6 +1232,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
                        // do the tracing for the previous reader request and this tag answer:
                        uint8_t par[MAX_PARITY_SIZE];
                        GetParity(p_response->response, p_response->response_n, par);
+       
                        EmLogTrace(Uart.output, 
                                                Uart.len, 
                                                Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, 
@@ -1308,13 +1313,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
        // clear TXRDY
        AT91C_BASE_SSC->SSC_THR = SEC_Y;
 
-       // for(uint16_t c = 0; c < 10;) {       // standard delay for each transfer (allow tag to be ready after last transmission)
-               // if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
-                       // AT91C_BASE_SSC->SSC_THR = SEC_Y;     
-                       // c++;
-               // }
-       // }
-
        uint16_t c = 0;
        for(;;) {
                if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
@@ -1327,7 +1325,6 @@ static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing
        }
        
        NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
-       
 }
 
 
@@ -1669,7 +1666,6 @@ static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receive
 
 void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
 {
-
        CodeIso14443aBitsAsReaderPar(frame, bits, par);
   
        // Send command to tag
@@ -1744,7 +1740,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
        
        // Receive the ATQA
        if(!ReaderReceive(resp, resp_par)) return 0;
-       //Dbprintf("atqa: %02x %02x",resp[1],resp[0]);
 
        if(p_hi14a_card) {
                memcpy(p_hi14a_card->atqa, resp, 2);
@@ -1800,7 +1795,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
                        memcpy(uid_resp, resp, 4);
                }
                uid_resp_len = 4;
-               //Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
 
                // calculate crypto UID. Always use last 4 Bytes.
                if(cuid_ptr) {
@@ -1822,11 +1816,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
                if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
                        // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
                        // http://www.nxp.com/documents/application_note/AN10927.pdf
-                       // This was earlier:
-                       //memcpy(uid_resp, uid_resp + 1, 3);
-                       // But memcpy should not be used for overlapping arrays, 
-                       // and memmove appears to not be available in the arm build. 
-                       // Therefore:
                        uid_resp[0] = uid_resp[1];
                        uid_resp[1] = uid_resp[2];
                        uid_resp[2] = uid_resp[3]; 
@@ -1849,9 +1838,8 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
                p_hi14a_card->ats_len = 0;
        }
 
-       if( (sak & 0x20) == 0) {
-               return 2; // non iso14443a compliant tag
-       }
+       // non iso14443a compliant tag
+       if( (sak & 0x20) == 0) return 2; 
 
        // Request for answer to select
        AppendCrc14443a(rats, 2);
@@ -1859,6 +1847,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 
        if (!(len = ReaderReceive(resp, resp_par))) return 0;
 
+       
        if(p_hi14a_card) {
                memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
                p_hi14a_card->ats_len = len;
@@ -1866,7 +1855,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 
        // reset the PCB block number
        iso14_pcb_blocknum = 0;
-       
        return 1;       
 }
 
@@ -1957,7 +1945,7 @@ void ReaderIso14443a(UsbCommand *c)
        }
 
        if(param & ISO14A_SET_TIMEOUT) {
-               iso14a_timeout = c->arg[2];
+               iso14a_set_timeout(c->arg[2]);
        }
 
        if(param & ISO14A_APDU) {
@@ -2047,8 +2035,8 @@ void ReaderMifare(bool first_try)
        uint32_t nt = 0;
        uint32_t previous_nt = 0;
        static uint32_t nt_attacked = 0;
-       byte_t par_list[8] = {0,0,0,0,0,0,0,0};
-       byte_t ks_list[8] = {0,0,0,0,0,0,0,0};
+       byte_t par_list[8] = {0x00};
+       byte_t ks_list[8] = {0x00};
 
        static uint32_t sync_time;
        static uint32_t sync_cycles;
@@ -2057,8 +2045,6 @@ void ReaderMifare(bool first_try)
        uint16_t consecutive_resyncs = 0;
        int isOK = 0;
 
-
-
        if (first_try) { 
                mf_nr_ar3 = 0;
                iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);

diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c
index ed7beb6fb95ab029321bb7fcb0c514f8f5e9c851..ec8120b9d810a9f5844ef1275b62cb3ae3f5c606 100644 (file)
--- a/armsrc/iso15693.c
+++ b/armsrc/iso15693.c
@@ -263,13 +263,10 @@ static void TransmitTo15693Tag(const uint8_t *cmd, int len, int *samples, int *w
 //-----------------------------------------------------------------------------
 static void TransmitTo15693Reader(const uint8_t *cmd, int len, int *samples, int *wait)
 {
-    int c;
-
-//     FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR);        // No requirement to energise my coils
+    int c = 0;
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);
        if(*wait < 10) { *wait = 10; }
 
-    c = 0;
     for(;;) {
         if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
             AT91C_BASE_SSC->SSC_THR = cmd[c];
@@ -464,8 +461,7 @@ static int GetIso15693AnswerFromSniff(uint8_t *receivedResponse, int maxLen, int
                        AT91C_BASE_SSC->SSC_THR = 0x43;
                }
                if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
-                       int8_t b;
-                       b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
+                       int8_t b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
 
                        // The samples are correlations against I and Q versions of the
                        // tone that the tag AM-modulates, so every other sample is I,
@@ -600,10 +596,10 @@ static void BuildIdentifyRequest(void);
 //-----------------------------------------------------------------------------
 void AcquireRawAdcSamplesIso15693(void)
 {
-       int c = 0;
        uint8_t *dest = (uint8_t *)BigBuf;
-       int getNext = 0;
 
+       int c = 0;
+       int getNext = 0;
        int8_t prev = 0;
 
        FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@@ -682,10 +678,10 @@ void AcquireRawAdcSamplesIso15693(void)
 
 void RecordRawAdcSamplesIso15693(void)
 {
+       uint8_t *dest =  (uint8_t *)BigBuf;
+
        int c = 0;
-       uint8_t *dest = (uint8_t *)BigBuf;
        int getNext = 0;
-
        int8_t prev = 0;
 
        FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
@@ -836,24 +832,25 @@ static void BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber )
 }
 
 // Now the VICC>VCD responses when we are simulating a tag
- static void BuildInventoryResponse(void)
+ static void BuildInventoryResponse( uint8_t *uid)
 {
        uint8_t cmd[12];
 
        uint16_t crc;
        // one sub-carrier, inventory, 1 slot, fast rate
        // AFI is at bit 5 (1<<4) when doing an INVENTORY
-       cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1);
-       cmd[1] = 0;
+    //(1 << 2) | (1 << 5) | (1 << 1);
+       cmd[0] = 0; // 
+       cmd[1] = 0; // DSFID (data storage format identifier).  0x00 = not supported
        // 64-bit UID
-       cmd[2] = 0x32;
-       cmd[3]= 0x4b;
-       cmd[4] = 0x03;
-       cmd[5] = 0x01;
-       cmd[6] = 0x00;
-       cmd[7] = 0x10;
-       cmd[8] = 0x05;
-       cmd[9]= 0xe0;
+       cmd[2] = uid[7]; //0x32;
+       cmd[3] = uid[6]; //0x4b;
+       cmd[4] = uid[5]; //0x03;
+       cmd[5] = uid[4]; //0x01;
+       cmd[6] = uid[3]; //0x00;
+       cmd[7] = uid[2]; //0x10;
+       cmd[8] = uid[1]; //0x05;
+       cmd[9] = uid[0]; //0xe0;
        //Now the CRC
        crc = Crc(cmd, 10);
        cmd[10] = crc & 0xff;
@@ -1002,23 +999,27 @@ void ReaderIso15693(uint32_t parameter)
        LED_C_OFF();
        LED_D_OFF();
 
-//DbpString(parameter);
-
-       //uint8_t *answer0 = (((uint8_t *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)
        uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
        uint8_t *answer2 = (((uint8_t *)BigBuf) + 3760);
        uint8_t *answer3 = (((uint8_t *)BigBuf) + 3860);
-       //uint8_t *TagUID= (((uint8_t *)BigBuf) + 3960);                // where we hold the uid for hi15reader
-//     int answerLen0 = 0;
+
        int answerLen1 = 0;
        int answerLen2 = 0;
        int answerLen3 = 0;
-       int i=0; // counter
+       int i = 0;
+       int samples = 0;
+       int tsamples = 0;
+       int wait = 0;
+       int elapsed = 0;
+       uint8_t TagUID[8] = {0x00};
+
 
        // Blank arrays
-       memset(BigBuf + 3660, 0, 300);
+       memset(BigBuf + 3660, 0x00, 300);
 
        FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
+       SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
        // Setup SSC
        FpgaSetupSsc();
 
@@ -1026,9 +1027,6 @@ void ReaderIso15693(uint32_t parameter)
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        SpinDelay(200);
 
-       SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
-       FpgaSetupSsc();
-
        // Give the tags time to energize
        FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
        SpinDelay(200);
@@ -1038,44 +1036,19 @@ void ReaderIso15693(uint32_t parameter)
        LED_C_OFF();
        LED_D_OFF();
 
-       int samples = 0;
-       int tsamples = 0;
-       int wait = 0;
-       int elapsed = 0;
-
        // FIRST WE RUN AN INVENTORY TO GET THE TAG UID
        // THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME
-        uint8_t TagUID[8] = {0, 0, 0, 0, 0, 0, 0, 0};          // where we hold the uid for hi15reader
-
-//     BuildIdentifyRequest();
-//     //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
-//     TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);  // No longer ToSendMax+3
-//     // Now wait for a response
-//     responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ;
-//     if (responseLen0 >=12) // we should do a better check than this
-//     {
-//             // really we should check it is a valid mesg
-//             // but for now just grab what we think is the uid
-//             TagUID[0] = receivedAnswer0[2];
-//             TagUID[1] = receivedAnswer0[3];
-//             TagUID[2] = receivedAnswer0[4];
-//             TagUID[3] = receivedAnswer0[5];
-//             TagUID[4] = receivedAnswer0[6];
-//             TagUID[5] = receivedAnswer0[7];
-//             TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code
-//     DbpIntegers(TagUID[6],TagUID[5],TagUID[4]);
-//}
 
        // Now send the IDENTIFY command
        BuildIdentifyRequest();
-       //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
-       TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);  // No longer ToSendMax+3
+       
+       TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);
+       
        // Now wait for a response
        answerLen1 = GetIso15693AnswerFromTag(answer1, 100, &samples, &elapsed) ;
 
        if (answerLen1 >=12) // we should do a better check than this
        {
-
                TagUID[0] = answer1[2];
                TagUID[1] = answer1[3];
                TagUID[2] = answer1[4];
@@ -1085,23 +1058,6 @@ void ReaderIso15693(uint32_t parameter)
                TagUID[6] = answer1[8]; // IC Manufacturer code
                TagUID[7] = answer1[9]; // always E0
 
-               // Now send the SELECT command
-               // since the SELECT command is optional, we should not rely on it.
-////                           BuildSelectRequest(TagUID);
-//             TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);  // No longer ToSendMax+3
-               // Now wait for a response
-///            answerLen2 = GetIso15693AnswerFromTag(answer2, 100, &samples, &elapsed);
-
-               // Now send the MULTI READ command
-//             BuildArbitraryRequest(*TagUID,parameter);
-///            BuildArbitraryCustomRequest(TagUID,parameter);
-//             BuildReadBlockRequest(*TagUID,parameter);
-//             BuildSysInfoRequest(*TagUID);
-               //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
-///            TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);  // No longer ToSendMax+3
-               // Now wait for a response
-///            answerLen3 = GetIso15693AnswerFromTag(answer3, 100, &samples, &elapsed) ;
-
        }
 
        Dbprintf("%d octets read from IDENTIFY request:", answerLen1);
@@ -1110,9 +1066,9 @@ void ReaderIso15693(uint32_t parameter)
 
        // UID is reverse
        if (answerLen1>=12) 
-               //Dbprintf("UID = %*D",8,TagUID," ");
-               Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",TagUID[7],TagUID[6],TagUID[5],
-                       TagUID[4],TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
+               Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",
+                       TagUID[7],TagUID[6],TagUID[5],TagUID[4],
+                       TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
 
 
        Dbprintf("%d octets read from SELECT request:", answerLen2);
@@ -1123,7 +1079,6 @@ void ReaderIso15693(uint32_t parameter)
        DbdecodeIso15693Answer(answerLen3,answer3);
        Dbhexdump(answerLen3,answer3,true);
 
- 
        // read all pages
        if (answerLen1>=12 && DEBUG) {
                i=0;                    
@@ -1141,13 +1096,6 @@ void ReaderIso15693(uint32_t parameter)
                } 
        }
 
-//     str2[0]=0;
-//     for(i = 0; i < responseLen3; i++) {
-//             itoa(str1,receivedAnswer3[i]);
-//             strncat(str2,str1,8);
-//     }
-//     DbpString(str2);
-
        LED_A_OFF();
        LED_B_OFF();
        LED_C_OFF();
@@ -1156,32 +1104,31 @@ void ReaderIso15693(uint32_t parameter)
 
 // Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands
 // all demodulation performed in arm rather than host. - greg
-void SimTagIso15693(uint32_t parameter)
+void SimTagIso15693(uint32_t parameter, uint8_t *uid)
 {
        LED_A_ON();
        LED_B_ON();
        LED_C_OFF();
        LED_D_OFF();
 
-       uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
+       uint8_t *buf = (((uint8_t *)BigBuf) + 3660); //
+       
        int answerLen1 = 0;
+       int samples = 0;
+       int tsamples = 0;
+       int wait = 0;
+       int elapsed = 0;
 
-       // Blank arrays
-       memset(answer1, 0, 100);
+       memset(buf, 0x00, 100);
 
        FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
-       // Setup SSC
-       FpgaSetupSsc();
-
-       // Start from off (no field generated)
-       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-       SpinDelay(200);
 
        SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
        FpgaSetupSsc();
 
-       // Give the tags time to energize
-//     FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);  // NO GOOD FOR SIM TAG!!!!
+       // Start from off (no field generated)
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
        SpinDelay(200);
 
        LED_A_OFF();
@@ -1189,24 +1136,26 @@ void SimTagIso15693(uint32_t parameter)
        LED_C_ON();
        LED_D_OFF();
 
-       int samples = 0;
-       int tsamples = 0;
-       int wait = 0;
-       int elapsed = 0;
-
-       answerLen1 = GetIso15693AnswerFromSniff(answer1, 100, &samples, &elapsed) ;
+       // Listen to reader
+       answerLen1 = GetIso15693AnswerFromSniff(buf, 100, &samples, &elapsed) ;
 
        if (answerLen1 >=1) // we should do a better check than this
        {
                // Build a suitable reponse to the reader INVENTORY cocmmand
-               BuildInventoryResponse();
+               // not so obsvious, but in the call to BuildInventoryResponse,  the command is copied to the global ToSend buffer used below.
+               
+               BuildInventoryResponse(uid);
+       
                TransmitTo15693Reader(ToSend,ToSendMax, &tsamples, &wait);
        }
 
        Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1,
-               answer1[0], answer1[1], answer1[2],
-               answer1[3], answer1[4], answer1[5],
-               answer1[6], answer1[7], answer1[8]);
+               buf[0], buf[1], buf[2], buf[3],
+               buf[4], buf[5], buf[6], buf[7], buf[8]);
+
+       Dbprintf("Simulationg uid: %x %x %x %x %x %x %x %x",
+               uid[0], uid[1], uid[2], uid[3],
+               uid[4], uid[5], uid[6], uid[7]);
 
        LED_A_OFF();
        LED_B_OFF();
@@ -1275,12 +1224,8 @@ void DirectTag15693Command(uint32_t datalen,uint32_t speed, uint32_t recv, uint8
        recvlen=SendDataTag(data,datalen,1,speed,(recv?&recvbuf:NULL));
 
        if (recv) { 
-//             n.cmd=/* CMD_ISO_15693_COMMAND_DONE */ CMD_ACK;
-//             n.arg[0]=recvlen>48?48:recvlen;
-//             memcpy(n.d.asBytes, recvbuf, 48);
                LED_B_ON();
     cmd_send(CMD_ACK,recvlen>48?48:recvlen,0,0,recvbuf,48);
-//             UsbSendPacket((uint8_t *)&n, sizeof(n));
                LED_B_OFF();    
                
                if (DEBUG) {

diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 344b0f3ed060069ab2520e8cb50cc1429b4ea591..8541553ba28b0386aa4d22aae49f771301d09813 100644 (file)
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -2,6 +2,9 @@
 // Merlok - June 2011, 2012\r
 // Gerhard de Koning Gans - May 2008\r
 // Hagen Fritsch - June 2010\r
+// Midnitesnake - Dec 2013\r
+// Andy Davies  - Apr 2014\r
+// Iceman - May 2014\r
 //\r
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
 // at your option, any later version. See the LICENSE.txt file for the text of\r
@@ -36,8 +39,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
        // clear trace\r
        iso14a_clear_trace();\r
-//     iso14a_set_tracing(false);\r
-\r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
        LED_A_ON();\r
@@ -81,8 +82,6 @@ void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
-\r
 }\r
 \r
 void MifareUReadBlock(uint8_t arg0,uint8_t *datain)\r
@@ -129,14 +128,10 @@ void MifareUReadBlock(uint8_t arg0,uint8_t *datain)
        LED_B_ON();\r
     cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,16);\r
        LED_B_OFF();\r
-    \r
-    \r
-    // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 }\r
 \r
-\r
 //-----------------------------------------------------------------------------\r
 // Select, Authenticate, Read a MIFARE tag. \r
 // read sector (data = 4 x 16 bytes = 64 bytes, or 16 x 16 bytes = 256 bytes)\r
@@ -150,7 +145,7 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        ui64Key = bytes_to_num(datain, 6);\r
        \r
        // variables\r
-       byte_t isOK;\r
+       byte_t isOK = 0;\r
        byte_t dataoutbuf[16 * 16];\r
        uint8_t uid[10];\r
        uint32_t cuid;\r
@@ -160,7 +155,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
        // clear trace\r
        iso14a_clear_trace();\r
-//     iso14a_set_tracing(false);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
@@ -192,7 +186,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
                if (MF_DBGLEVEL >= 1)   Dbprintf("Halt error");\r
        }\r
 \r
-       \r
        //  ----------------------------- crypto1 destroy\r
        crypto1_destroy(pcs);\r
        \r
@@ -205,7 +198,6 @@ void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
 }\r
 \r
 \r
@@ -288,7 +280,6 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
 \r
        // clear trace\r
        iso14a_clear_trace();\r
-//  iso14a_set_tracing(false);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
@@ -334,11 +325,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
-\r
 }\r
 \r
-\r
 void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)\r
 {\r
         // params\r
@@ -355,7 +343,6 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
 \r
         // clear trace\r
         iso14a_clear_trace();\r
-       //  iso14a_set_tracing(false);\r
 \r
                iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
@@ -396,7 +383,6 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
 //  iso14a_set_tracing(TRUE);\r
 }\r
 \r
-\r
 void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)\r
 {\r
        // params\r
@@ -412,7 +398,6 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
 \r
        // clear trace\r
        iso14a_clear_trace();\r
-       //  iso14a_set_tracing(false);\r
 \r
        iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
 \r
@@ -446,15 +431,11 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t *datain)
        cmd_send(CMD_ACK,isOK,0,0,0,0);\r
        LED_B_OFF();\r
 \r
-\r
        // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
-//  iso14a_set_tracing(TRUE);\r
-\r
 }\r
 \r
-\r
 // Return 1 if the nonce is invalid else return 0\r
 int valid_nonce(uint32_t Nt, uint32_t NtEnc, uint32_t Ks1, uint8_t *parity) {\r
        return ((oddparity((Nt >> 24) & 0xFF) == ((parity[0]) ^ oddparity((NtEnc >> 24) & 0xFF) ^ BIT(Ks1,16))) & \\r
@@ -510,6 +491,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t calibrate, uint8_t *dat
        // statistics on nonce distance\r
        if (calibrate) {        // for first call only. Otherwise reuse previous calibration\r
                LED_B_ON();\r
+               WDT_HIT();\r
 \r
                davg = dmax = 0;\r
                dmin = 2000;\r
@@ -733,7 +715,6 @@ void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
     cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
        LED_B_OFF();\r
 \r
-  // Thats it...\r
        FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
        LEDsoff();\r
 \r
@@ -750,7 +731,6 @@ void MifareSetDbgLvl(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        Dbprintf("Debug level: %d", MF_DBGLEVEL);\r
 }\r
 \r
-\r
 //-----------------------------------------------------------------------------\r
 // Work with emulator memory\r
 // \r
@@ -759,23 +739,19 @@ void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
        emlClearMem();\r
 }\r
 \r
-\r
 void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
        emlSetMem(datain, arg0, arg1); // data, block num, blocks count\r
 }\r
 \r
-\r
 void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){\r
-\r
-       byte_t buf[48];\r
+       byte_t buf[USB_CMD_DATA_SIZE];\r
        emlGetMem(buf, arg0, arg1); // data, block num, blocks count (max 4)\r
 \r
        LED_B_ON();\r
-       cmd_send(CMD_ACK,arg0,arg1,0,buf,48);\r
+       cmd_send(CMD_ACK,arg0,arg1,0,buf,USB_CMD_DATA_SIZE);\r
        LED_B_OFF();\r
 }\r
 \r
-\r
 //-----------------------------------------------------------------------------\r
 // Load a card into the emulator memory\r
 // \r
@@ -884,32 +860,26 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        \r
        // variables\r
        byte_t isOK = 0;\r
-       uint8_t uid[10];\r
-       uint8_t d_block[18];\r
+       uint8_t uid[10] = {0x00};\r
+       uint8_t d_block[18] = {0x00};\r
        uint32_t cuid;\r
        \r
-       memset(uid, 0x00, 10);\r
        uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
        uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
 \r
+       // reset FPGA and LED\r
        if (workFlags & 0x08) {\r
-               // clear trace\r
-               iso14a_clear_trace();\r
-               iso14a_set_tracing(TRUE);\r
-\r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_C_OFF();\r
        \r
-               SpinDelay(300);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-               SpinDelay(100);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+               iso14a_clear_trace();\r
+               iso14a_set_tracing(TRUE);\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        }\r
 \r
        while (true) {\r
+\r
                // get UID from chip\r
                if (workFlags & 0x01) {\r
                        if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
@@ -988,7 +958,6 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        LED_B_OFF();\r
 \r
        if ((workFlags & 0x10) || (!isOK)) {\r
-               // Thats it...\r
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
                LEDsoff();\r
        }\r
@@ -1011,28 +980,20 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        \r
        // variables\r
        byte_t isOK = 0;\r
-       uint8_t data[18];\r
+       uint8_t data[18] = {0x00};\r
        uint32_t cuid = 0;\r
        \r
-       memset(data, 0x00, 18);\r
        uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
        uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
        \r
        if (workFlags & 0x08) {\r
-               // clear trace\r
-               iso14a_clear_trace();\r
-               iso14a_set_tracing(TRUE);\r
-\r
-               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
-\r
                LED_A_ON();\r
                LED_B_OFF();\r
                LED_C_OFF();\r
        \r
-               SpinDelay(300);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
-               SpinDelay(100);\r
-               FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
+               iso14a_clear_trace();\r
+               iso14a_set_tracing(TRUE);\r
+               iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
        }\r
 \r
        while (true) {\r
@@ -1073,9 +1034,40 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
        LED_B_OFF();\r
 \r
        if ((workFlags & 0x10) || (!isOK)) {\r
-               // Thats it...\r
                FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
                LEDsoff();\r
        }\r
 }\r
 \r
+void MifareCIdent(){\r
+  \r
+       // card commands\r
+       uint8_t wupC1[]       = { 0x40 }; \r
+       uint8_t wupC2[]       = { 0x43 }; \r
+       \r
+       // variables\r
+       byte_t isOK = 1;\r
+       \r
+       uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
+       uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
+\r
+       ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
+       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+               isOK = 0;\r
+       };\r
+\r
+       ReaderTransmit(wupC2, sizeof(wupC2), NULL);\r
+       if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {\r
+               isOK = 0;\r
+       };\r
+\r
+       if (mifare_classic_halt(NULL, 0)) {\r
+               isOK = 0;\r
+       };\r
+\r
+       cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+}\r
+\r
+                       //\r
+// DESFIRE\r
+//\r

diff --git a/armsrc/mifaresniff.c b/armsrc/mifaresniff.c
index 910ea74d519147afb76267ef32e3afb0a5c2b57f..fed127725f9c3caf86b394a2e2fed1bf6e816711 100644 (file)
--- a/armsrc/mifaresniff.c
+++ b/armsrc/mifaresniff.c
@@ -11,7 +11,6 @@
 #include "mifaresniff.h"\r
 #include "apps.h"\r
 \r
-\r
 static int sniffState = SNF_INIT;\r
 static uint8_t sniffUIDType;\r
 static uint8_t sniffUID[8];\r

diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c
index 5122d0ec1710eec74fee30aaa58161da2a9a6273..7c856557149329cd00438a81538c9bd0c41a3c4f 100644 (file)
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@@ -54,10 +54,12 @@ void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, u
        uint8_t bt = 0;\r
        int i;\r
        par[0] = 0;\r
+       \r
        for (i = 0; i < len; i++) {\r
                bt = data[i];\r
                data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];\r
-               if((i&0x0007) == 0) par[i>>3] = 0;\r
+               if((i&0x0007) == 0) \r
+                       par[i>>3] = 0;\r
                par[i>>3] |= (((filter(pcs->odd) ^ oddparity(bt)) & 0x01)<<(7-(i&0x0007)));\r
        }       \r
        return;\r
@@ -81,9 +83,7 @@ int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd,
 
 int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
 {
-    uint8_t dcmd[8];//, ecmd[4];
-    //uint32_t par=0;
-
+       uint8_t dcmd[8];
     dcmd[0] = cmd;
     dcmd[1] = data[0];
        dcmd[2] = data[1];
@@ -91,10 +91,6 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
        dcmd[4] = data[3];
        dcmd[5] = data[4];
        AppendCrc14443a(dcmd, 6);
-       //Dbprintf("Data command: %02x", dcmd[0]);
-       //Dbprintf("Data R: %02x %02x %02x %02x %02x %02x %02x", dcmd[1],dcmd[2],dcmd[3],dcmd[4],dcmd[5],dcmd[6],dcmd[7]);
-
-        //memcpy(ecmd, dcmd, sizeof(dcmd));
        ReaderTransmit(dcmd, sizeof(dcmd), NULL);
        int len = ReaderReceive(answer, answer_parity);
        if(!len)
@@ -165,7 +161,7 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN
        int len;        \r
        uint32_t pos;\r
        uint8_t tmp4[4];\r
-       uint8_t par[1] = {0};\r
+       uint8_t par[1] = {0x00};\r
        byte_t nr[4];\r
        uint32_t nt, ntpp; // Supplied tag nonce\r
        \r
@@ -210,7 +206,6 @@ int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockN
        if (ntptr)\r
                *ntptr = nt;\r
 \r
-               \r
        // Generate (encrypted) nr+parity by loading it into the cipher (Nr)\r
        par[0] = 0;\r
        for (pos = 0; pos < 4; pos++)\r
@@ -292,6 +287,7 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
        uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
        uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
        
+       \r
        // command MIFARE_CLASSIC_READBLOCK
        len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
        if (len == 1) {
@@ -318,7 +314,7 @@ int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
 {
        // variables
-       int len, i;     \r
+       uint16_t len, i;        \r
        uint32_t pos;\r
        uint8_t par[3] = {0};           // enough for 18 Bytes to send\r
        byte_t res;\r
@@ -367,7 +363,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
     // variables
     uint16_t len;     
     uint8_t par[3] = {0};  // enough for 18 parity bits
-        
     uint8_t d_block[18];
     uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
        uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@@ -400,7 +395,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
 {
     uint16_t len;
-
     uint8_t d_block[8];
     uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
        uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@@ -418,16 +412,12 @@ int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *bloc
         if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
         return 1;
     }
-\r
-    return 0;
+\r    return 0;
 }
 
 int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid) 
 {
-       // variables
        uint16_t len;   \r
-       \r
-       // Mifare HALT\r
        uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
        uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
 \r
@@ -443,8 +433,6 @@ int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
 int mifare_ultra_halt(uint32_t uid)
 {
        uint16_t len;
-       
-       // Mifare HALT
        uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();\r
        uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
     
@@ -481,19 +469,16 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo)
 // work with emulator memory
 void emlSetMem(uint8_t *data, int blockNum, int blocksCount) {
        uint8_t* emCARD = get_bigbufptr_emlcardmem();
-       \r
        memcpy(emCARD + blockNum * 16, data, blocksCount * 16);\r
 }\r
 \r
 void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {\r
        uint8_t* emCARD = get_bigbufptr_emlcardmem();\r
-       \r
        memcpy(data, emCARD + blockNum * 16, blocksCount * 16);\r
 }\r
 \r
 void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount) {\r
        uint8_t* emCARD = get_bigbufptr_emlcardmem();\r
-       \r
        memcpy(data, emCARD + bytePtr, byteCount);\r
 }\r
 \r
@@ -522,7 +507,6 @@ int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) {
        \r
        memcpy(blReg, data, 4);\r
        *blBlock = data[12];\r
-       \r
        return 0;\r
 }\r
 \r

diff --git a/armsrc/string.h b/armsrc/string.h
index 46ee218d1a42947a3b109bc7e61a4d2a26ae7940..421c2bf0e21e3d9952786b0d89d1a2e3b8cd3dcc 100644 (file)
--- a/armsrc/string.h
+++ b/armsrc/string.h
@@ -12,10 +12,13 @@
 #ifndef __STRING_H
 #define __STRING_H
 
+#include <stdint.h>
+#include <util.h>
+
 int strlen(const char *str);
-void *memcpy(void *dest, const void *src, int len);
+RAMFUNC void *memcpy(void *dest, const void *src, int len);
 void *memset(void *dest, int c, int len);
-int memcmp(const void *av, const void *bv, int len);
+RAMFUNC int memcmp(const void *av, const void *bv, int len);
 char *strncat(char *dest, const char *src, unsigned int n);
 char *strcat(char *dest, const char *src);
 void strreverse(char s[]);

diff --git a/client/Makefile b/client/Makefile
index b2b215e177d899f71a40c7f3508073e477d9e8c0..37616e4855180fd7b41e35c8109bafc8769ffd84 100644 (file)
--- a/client/Makefile
+++ b/client/Makefile
@@ -13,7 +13,7 @@ CXX=g++
 VPATH = ../common
 OBJDIR = obj
 
-LDLIBS = -L/opt/local/lib -L/usr/local/lib -lreadline -lpthread ../liblua/liblua.a
+LDLIBS = -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lreadline -lpthread -lm -lcrypto
 LDFLAGS = $(COMMON_FLAGS)
 CFLAGS = -std=c99 -lcrypto -I. -I../include -I../common -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 
 LUAPLATFORM = generic

diff --git a/client/cmdhf.c b/client/cmdhf.c
index 85cc542583d3339b79584518f654d5c3f6b40766..2da4c2d90779e5438eeed92758365116c84db067 100644 (file)
--- a/client/cmdhf.c
+++ b/client/cmdhf.c
@@ -10,7 +10,6 @@
 
 #include <stdio.h>
 #include <string.h>
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "graph.h"
 #include "ui.h"
@@ -35,9 +34,97 @@ int CmdHFTune(const char *Cmd)
 // for the time being. Need better Bigbuf handling.
 #define TRACE_SIZE 3000
 
+//The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501
+/*
+ISO14443A (usually NFC tags)
+       26 (7bits) = REQA
+       30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes)
+       A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK])
+       52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA)
+       93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
+       93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
+       95 20 = Anticollision of cascade level2
+       95 70 = Select of cascade level2
+       50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card)
+Mifare
+       60 = Authenticate with KeyA
+       61 = Authenticate with KeyB
+       40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A)
+       C0 = Decrement
+       C1 = Increment
+       C2 = Restore
+       B0 = Transfer
+Ultralight C
+       A0 = Compatibility Write (to accomodate MIFARE commands)
+       1A = Step1 Authenticate
+       AF = Step2 Authenticate
+
+
+ISO14443B
+       05 = REQB
+       1D = ATTRIB
+       50 = HALT
+SRIX4K (tag does not respond to 05)
+       06 00 = INITIATE
+       0E xx = SELECT ID (xx = Chip-ID)
+       0B = Get UID
+       08 yy = Read Block (yy = block number)
+       09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
+       0C = Reset to Inventory
+       0F = Completion
+       0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
+
+
+ISO15693
+       MANDATORY COMMANDS (all ISO15693 tags must support those)
+               01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
+               02 = Stay Quiet
+       OPTIONAL COMMANDS (not all tags support them)
+               20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
+               21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
+               22 = Lock Block
+               23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
+               25 = Select
+               26 = Reset to Ready
+               27 = Write AFI
+               28 = Lock AFI
+               29 = Write DSFID
+               2A = Lock DSFID
+               2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
+               2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)
+
+EM Microelectronic CUSTOM COMMANDS
+       A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type)
+       A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value)
+       B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info)
+       E4 = Login (followed by 1byte IC Manufacturer code+4bytes password)
+NXP/Philips CUSTOM COMMANDS
+       A0 = Inventory Read
+       A1 = Fast Inventory Read
+       A2 = Set EAS
+       A3 = Reset EAS
+       A4 = Lock EAS
+       A5 = EAS Alarm
+       A6 = Password Protect EAS
+       A7 = Write EAS ID
+       A8 = Read EPC
+       B0 = Inventory Page Read
+       B1 = Fast Inventory Page Read
+       B2 = Get Random Number
+       B3 = Set Password
+       B4 = Write Password
+       B5 = Lock Password
+       B6 = Bit Password Protection
+       B7 = Lock Page Protection Condition
+       B8 = Get Multiple Block Protection Status
+       B9 = Destroy SLI
+       BA = Enable Privacy
+       BB = 64bit Password Protection
+       40 = Long Range CMD (Standard ISO/TR7003:1990)
+               */
+
 #define ICLASS_CMD_ACTALL 0x0A
-#define ICLASS_CMD_IDENTIFY 0x0C
-#define ICLASS_CMD_READ 0x0C
+#define ICLASS_CMD_READ_OR_IDENTIFY 0x0C
 #define ICLASS_CMD_SELECT 0x81
 #define ICLASS_CMD_PAGESEL 0x84
 #define ICLASS_CMD_READCHECK 0x88
@@ -45,62 +132,108 @@ int CmdHFTune(const char *Cmd)
 #define ICLASS_CMD_SOF 0x0F
 #define ICLASS_CMD_HALT 0x00
 
-#define iso14443_CMD_WUPA       0x52
-#define iso14443_CMD_SELECT     0x93
-#define iso14443_CMD_SELECT_2   0x95
-#define iso14443_CMD_REQ        0x26
-#define iso14443_CMD_READBLOCK  0x30
-#define iso14443_CMD_WRITEBLOCK 0xA0
-#define iso14443_CMD_INC        0xC0
-#define iso14443_CMD_DEC        0xC1
-#define iso14443_CMD_RESTORE    0xC2
-#define iso14443_CMD_TRANSFER   0xB0
-#define iso14443_CMD_HALT       0x50
-#define iso14443_CMD_RATS       0xE0
+#define ISO14443_CMD_REQA       0x26
+#define ISO14443_CMD_READBLOCK  0x30
+#define ISO14443_CMD_WUPA       0x52
+#define ISO14443_CMD_ANTICOLL_OR_SELECT     0x93
+#define ISO14443_CMD_ANTICOLL_OR_SELECT_2   0x95
+#define ISO14443_CMD_WRITEBLOCK 0xA0 // or 0xA2 ?
+#define ISO14443_CMD_HALT       0x50
+#define ISO14443_CMD_RATS       0xE0
+
+#define MIFARE_AUTH_KEYA           0x60
+#define MIFARE_AUTH_KEYB           0x61
+#define MIFARE_MAGICMODE           0x40
+#define MIFARE_CMD_INC          0xC0
+#define MIFARE_CMD_DEC          0xC1
+#define MIFARE_CMD_RESTORE      0xC2
+#define MIFARE_CMD_TRANSFER     0xB0
+
+#define MIFARE_ULC_WRITE        0xA0
+#define MIFARE_ULC_AUTH_1       0x1A
+#define MIFARE_ULC_AUTH_2        0xAF
+
+#define ISO14443B_REQB         0x05
+#define ISO14443B_ATTRIB       0x1D
+#define ISO14443B_HALT         0x50
+
+//First byte is 26
+#define ISO15693_INVENTORY     0x01
+#define ISO15693_STAYQUIET     0x02
+//First byte is 02
+#define ISO15693_READBLOCK            0x20
+#define ISO15693_WRITEBLOCK           0x21
+#define ISO15693_LOCKBLOCK            0x22
+#define ISO15693_READ_MULTI_BLOCK     0x23
+#define ISO15693_SELECT               0x25
+#define ISO15693_RESET_TO_READY       0x26
+#define ISO15693_WRITE_AFI            0x27
+#define ISO15693_LOCK_AFI             0x28
+#define ISO15693_WRITE_DSFID          0x29
+#define ISO15693_LOCK_DSFID           0x2A
+#define ISO15693_GET_SYSTEM_INFO      0x2B
+#define ISO15693_READ_MULTI_SECSTATUS 0x2C
+
+
 
 
 void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
 {
        switch(cmd[0])
        {
-       case iso14443_CMD_WUPA:            snprintf(exp,size,"WUPA"); break;
-       case iso14443_CMD_SELECT:{
-               if(cmdsize > 2)
+       case ISO14443_CMD_WUPA:        snprintf(exp,size,"WUPA"); break;
+       case ISO14443_CMD_ANTICOLL_OR_SELECT:{
+               // 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
+               // 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
+               if(cmd[2] == 0x70)
                {
                        snprintf(exp,size,"SELECT_UID"); break;
                }else
                {
-                       snprintf(exp,size,"SELECT_ALL"); break;
+                       snprintf(exp,size,"ANTICOLL"); break;
+               }
+       }
+       case ISO14443_CMD_ANTICOLL_OR_SELECT_2:{
+               //95 20 = Anticollision of cascade level2
+               //95 70 = Select of cascade level2
+               if(cmd[2] == 0x70)
+               {
+                       snprintf(exp,size,"SELECT_UID-2"); break;
+               }else
+               {
+                       snprintf(exp,size,"ANTICOLL-2"); break;
                }
        }
-       case iso14443_CMD_SELECT_2:    snprintf(exp,size,"SELECT_2"); break;
-       case iso14443_CMD_REQ:         snprintf(exp,size,"REW"); break;
-       case iso14443_CMD_READBLOCK:   snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
-       case iso14443_CMD_WRITEBLOCK:  snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
-       case iso14443_CMD_INC:         snprintf(exp,size,"INC(%d)",cmd[1]); break;
-       case iso14443_CMD_DEC:         snprintf(exp,size,"DEC(%d)",cmd[1]); break;
-       case iso14443_CMD_RESTORE:     snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
-       case iso14443_CMD_TRANSFER:    snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
-       case iso14443_CMD_HALT:        snprintf(exp,size,"HALT"); break;
-       case iso14443_CMD_RATS:        snprintf(exp,size,"RATS"); break;
-       default:                       snprintf(exp,size,"?"); break;
+       case ISO14443_CMD_REQA:       snprintf(exp,size,"REQA"); break;
+       case ISO14443_CMD_READBLOCK:  snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
+       case ISO14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
+       case ISO14443_CMD_HALT:       snprintf(exp,size,"HALT"); break;
+       case ISO14443_CMD_RATS:       snprintf(exp,size,"RATS"); break;
+       case MIFARE_CMD_INC:          snprintf(exp,size,"INC(%d)",cmd[1]); break;
+       case MIFARE_CMD_DEC:          snprintf(exp,size,"DEC(%d)",cmd[1]); break;
+       case MIFARE_CMD_RESTORE:      snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
+       case MIFARE_CMD_TRANSFER:     snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
+       case MIFARE_AUTH_KEYA:        snprintf(exp,size,"AUTH-A"); break;
+       case MIFARE_AUTH_KEYB:        snprintf(exp,size,"AUTH-B"); break;
+       case MIFARE_MAGICMODE:        snprintf(exp,size,"MAGIC"); break;
+       default:                      snprintf(exp,size,"?"); break;
        }
        return;
 }
 
 void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
 {
-
-       if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ)
-       {
-                 snprintf(exp,size,"READ(%d)",cmd[1]);
-                 return;
-       }
-
        switch(cmd[0])
        {
        case ICLASS_CMD_ACTALL:      snprintf(exp,size,"ACTALL"); break;
-       case ICLASS_CMD_IDENTIFY:    snprintf(exp,size,"IDENTIFY"); break;
+       case ICLASS_CMD_READ_OR_IDENTIFY:{
+               if(cmdsize > 1){
+                       snprintf(exp,size,"READ(%d)",cmd[1]);
+               }else{
+                       snprintf(exp,size,"IDENTIFY");
+               }
+               break;
+       }
        case ICLASS_CMD_SELECT:      snprintf(exp,size,"SELECT"); break;
        case ICLASS_CMD_PAGESEL:     snprintf(exp,size,"PAGESEL"); break;
        case ICLASS_CMD_READCHECK:   snprintf(exp,size,"READCHECK"); break;
@@ -112,7 +245,37 @@ void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
        return;
 }
 
+void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
+{
+
+       if(cmd[0] == 0x26)
+       {
+               switch(cmd[1]){
+               case ISO15693_INVENTORY           :snprintf(exp, size, "INVENTORY");break;
+               case ISO15693_STAYQUIET           :snprintf(exp, size, "STAY_QUIET");break;
+               default:                     snprintf(exp,size,"?"); break;
 
+               }
+       }else if(cmd[0] == 0x02)
+       {
+               switch(cmd[1])
+               {
+               case ISO15693_READBLOCK            :snprintf(exp, size, "READBLOCK");break;
+               case ISO15693_WRITEBLOCK           :snprintf(exp, size, "WRITEBLOCK");break;
+               case ISO15693_LOCKBLOCK            :snprintf(exp, size, "LOCKBLOCK");break;
+               case ISO15693_READ_MULTI_BLOCK     :snprintf(exp, size, "READ_MULTI_BLOCK");break;
+               case ISO15693_SELECT               :snprintf(exp, size, "SELECT");break;
+               case ISO15693_RESET_TO_READY       :snprintf(exp, size, "RESET_TO_READY");break;
+               case ISO15693_WRITE_AFI            :snprintf(exp, size, "WRITE_AFI");break;
+               case ISO15693_LOCK_AFI             :snprintf(exp, size, "LOCK_AFI");break;
+               case ISO15693_WRITE_DSFID          :snprintf(exp, size, "WRITE_DSFID");break;
+               case ISO15693_LOCK_DSFID           :snprintf(exp, size, "LOCK_DSFID");break;
+               case ISO15693_GET_SYSTEM_INFO      :snprintf(exp, size, "GET_SYSTEM_INFO");break;
+               case ISO15693_READ_MULTI_SECSTATUS :snprintf(exp, size, "READ_MULTI_SECSTATUS");break;
+               default:                     snprintf(exp,size,"?"); break;
+               }
+       }
+}
 
 uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool showWaitCycles)
 {

diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 36ffe1b805f5c240f3ee78ab22c2c1b7a16e636e..673737e2fd233fec4c42d96a85d966a48aab79be 100644 (file)
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -67,6 +67,7 @@ int CmdHF14AReader(const char *Cmd)
 
        switch (card.sak) {
                case 0x00: PrintAndLog("TYPE : NXP MIFARE Ultralight | Ultralight C"); break;
+               case 0x01: PrintAndLog("TYPE : NXP TNP3xxx Activision Game Appliance"); break;
                case 0x04: PrintAndLog("TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); break;
                case 0x08: PrintAndLog("TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1"); break;
                case 0x09: PrintAndLog("TYPE : NXP MIFARE Mini 0.3k"); break;
@@ -301,6 +302,7 @@ int CmdHF14ASim(const char *Cmd)
                PrintAndLog("           2 = MIFARE Ultralight");
                PrintAndLog("           3 = MIFARE DESFIRE");
                PrintAndLog("           4 = ISO/IEC 14443-4");
+               PrintAndLog("           5 = MIFARE TNP3XXX");           
                PrintAndLog("");
                return 1;
        }
@@ -328,10 +330,6 @@ int CmdHF14ASim(const char *Cmd)
                // At lease save the mandatory first part of the UID
                c.arg[0] = long_uid & 0xffffffff;
 
-       
-       // At lease save the mandatory first part of the UID
-       c.arg[0] = long_uid & 0xffffffff;
-       
        if (c.arg[1] == 0) {
                PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
        }

diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c
index c42d54c585888e37aa0b6e2104464de3d67a18f4..7e4cbd009787452bf77f1f4a5e70c536f2634d32 100644 (file)
--- a/client/cmdhf14b.c
+++ b/client/cmdhf14b.c
@@ -14,15 +14,16 @@
 #include <string.h>
 #include <stdint.h>
 #include "iso14443crc.h"
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
+#include "util.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "cmdhf14b.h"
 #include "cmdmain.h"
 
+
 static int CmdHelp(const char *Cmd);
 
 int CmdHF14BDemod(const char *Cmd)
@@ -387,6 +388,66 @@ int CmdHF14BCmdRaw (const char *cmd) {
     return 0;
 }
 
+int CmdHF14BWrite( const char *Cmd){
+
+/*
+ * For SRIX4K  blocks 00 - 7F
+ * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
+ *
+ * For SR512  blocks 00 - 0F
+ * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
+ * 
+ * Special block FF =  otp_lock_reg block.
+ * Data len 4 bytes-
+ */
+       char cmdp = param_getchar(Cmd, 0);
+       uint8_t blockno = -1;
+       uint8_t data[4] = {0x00};
+       bool isSrix4k = true;
+       char str[20];   
+
+       if (cmdp == 'h' || cmdp == 'H') {
+               PrintAndLog("Usage:  hf 14b write <1|2> <BLOCK> <DATA>");
+               PrintAndLog("");
+               PrintAndLog("     sample: hf 14b write 1 127 11223344");
+               PrintAndLog("     sample: hf 14b write 1 255 11223344");
+               PrintAndLog("     sample: hf 14b write 2 15 11223344");
+               PrintAndLog("     sample: hf 14b write 2 255 11223344");
+               return 0;
+       }
+
+       if ( param_getchar(Cmd, 0) == '2' )
+               isSrix4k = false;
+       
+       blockno = param_get8(Cmd, 1);
+       
+       if ( isSrix4k ){
+               if ( blockno > 0x7f && blockno != 0xff ){
+                       PrintAndLog("Block number out of range");
+                       return 0;
+               }               
+       } else {
+               if ( blockno > 0x0f && blockno != 0xff ){
+                       PrintAndLog("Block number out of range");
+                       return 0;
+               }               
+       }
+       
+       if (param_gethex(Cmd, 2, data, 8)) {
+               PrintAndLog("Data must include 8 HEX symbols");
+               return 0;
+       }
+ 
+       if ( blockno == 0xff)
+               PrintAndLog("Writing to special block %02X [ %s]", blockno,  sprint_hex(data,4) );
+       else
+               PrintAndLog("Writing to block %02X [ %s]", blockno,  sprint_hex(data,4) );
+ 
+       sprintf(str, "-c -p 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
+       CmdHF14BCmdRaw(str);
+       return 0;
+}
+
 static command_t CommandTable[] = 
 {
   {"help",        CmdHelp,        1, "This help"},
@@ -399,6 +460,7 @@ static command_t CommandTable[] =
   {"sri512read",  CmdSri512Read,  0, "Read contents of a SRI512 tag"},
   {"srix4kread",  CmdSrix4kRead,  0, "Read contents of a SRIX4K tag"},
   {"raw",         CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
+  {"write",       CmdHF14BWrite,  0, "Write data to a SRI512 | SRIX4K tag"},
   {NULL, NULL, 0, NULL}
 };
 

diff --git a/client/cmdhf14b.h b/client/cmdhf14b.h
index 50d6476286fab23f5c1f5fe80bd27930f4397e3f..cc8b9dbd810c15a889c40e406f6d4f980b5c5ca2 100644 (file)
--- a/client/cmdhf14b.h
+++ b/client/cmdhf14b.h
@@ -21,5 +21,6 @@ int CmdHFSimlisten(const char *Cmd);
 int CmdHF14BSnoop(const char *Cmd);
 int CmdSri512Read(const char *Cmd);
 int CmdSrix4kRead(const char *Cmd);
+int CmdHF14BWrite( const char *cmd);
 
 #endif

diff --git a/client/cmdhf15.c b/client/cmdhf15.c
index 2239e9e4634ff151e5181050800af12e294d574a..b1e04e9ab7a4362725fc0e47b8e98fa826b36a38 100644 (file)
--- a/client/cmdhf15.c
+++ b/client/cmdhf15.c
@@ -26,11 +26,12 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
-//#include "proxusb.h"
+
 #include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
 #include "ui.h"
+#include "util.h"
 #include "cmdparser.h"
 #include "cmdhf15.h"
 #include "iso15693tools.h"
@@ -58,8 +59,10 @@ const productName uidmapping[] = {
        { 0xE001000000000000LL, 16, "Motorola" },
        { 0xE002000000000000LL, 16, "ST Microelectronics" },
        { 0xE003000000000000LL, 16, "Hitachi" },
-       { 0xE004000000000000LL, 16, "Philips" },
-       { 0xE004010000000000LL, 24, "Philips; IC SL2 ICS20" },
+       { 0xE004000000000000LL, 16, "NXP(Philips)" },
+       { 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" },
+       { 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" },
+       { 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" },
        { 0xE005000000000000LL, 16, "Infineon" },
        { 0xE005400000000000LL, 24, "Infineon; 56x32bit" },
        { 0xE006000000000000LL, 16, "Cylinc" },
@@ -273,7 +276,28 @@ int CmdHF15Reader(const char *Cmd)
 // Simulation is still not working very good
 int CmdHF15Sim(const char *Cmd)
 {
-       UsbCommand c = {CMD_SIMTAG_ISO_15693, {strtol(Cmd, NULL, 0), 0, 0}};
+       char cmdp = param_getchar(Cmd, 0);
+       uint8_t uid[8] = {0x00};
+
+       //E0 16 24 00 00 00 00 00
+       if (cmdp == 'h' || cmdp == 'H') {
+               PrintAndLog("Usage:  hf 15 sim <UID>");
+               PrintAndLog("");
+               PrintAndLog("     sample: hf 15 sim E016240000000000");
+               return 0;
+       }
+
+       if (param_gethex(Cmd, 0, uid, 16)) {
+               PrintAndLog("UID must include 16 HEX symbols");
+               return 0;
+       }
+       
+       PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
+                       uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
+
+       UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
+       memcpy(c.d.asBytes,uid,8);
+       
        SendCommand(&c);
        return 0;
 }
@@ -324,7 +348,7 @@ int CmdHF15DumpMem(const char*Cmd) {
                                if (!(recv[0] & ISO15_RES_ERROR)) {
                                        retry=0;
                                        *output=0; // reset outputstring
-                                       sprintf(output, "Block %2i   ",blocknum);
+                                       sprintf(output, "Block %02x   ",blocknum);
                                        for ( int i=1; i<resp.arg[0]-2; i++) { // data in hex
                                                sprintf(output+strlen(output),"%02X ",recv[i]);
                                        }                                       
@@ -421,8 +445,9 @@ int CmdHF15CmdInquiry(const char *Cmd)
 int CmdHF15CmdDebug( const char *cmd) {
        int debug=atoi(cmd);
        if (strlen(cmd)<1) {
-               PrintAndLog("Usage: hf 15 cmd debug  <0/1>");
-               PrintAndLog("   0..no debugging output  1..turn debugging on"); 
+               PrintAndLog("Usage: hf 15 cmd debug  <0|1>");
+               PrintAndLog("   0 no debugging");
+               PrintAndLog("   1 turn debugging on");  
                return 0;
        }
 
@@ -536,7 +561,7 @@ int CmdHF15CmdRaw (const char *cmd) {
 int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) {
        int temp;
        uint8_t *req=c->d.asBytes;
-       uint8_t uid[8] = {0};
+       uint8_t uid[8] = {0x00};
        uint32_t reqlen=0;
 
        // strip

diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c
index 8f6a6af2d7b2a3c114bff2426faa7e040374ed18..3286ceb9cce45a2f9d9738219347044db63a303a 100644 (file)
--- a/client/cmdhfepa.c
+++ b/client/cmdhfepa.c
@@ -45,7 +45,7 @@ int CmdHFEPACollectPACENonces(const char *Cmd)
                SendCommand(&c);
                UsbCommand resp;
     
-    WaitForResponse(CMD_ACK,&resp);
+               WaitForResponse(CMD_ACK,&resp);
 
                // check if command failed
                if (resp.arg[0] != 0) {

diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index dba4f1132597bb8ff9ed8ad0aef4b6279bbf6966..03b39021e02991a51db554a6a571d767298b5220 100644 (file)
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -16,7 +16,6 @@
 #include <sys/stat.h>
 #include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
 #include "data.h"
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "cmdparser.h"
@@ -272,87 +271,111 @@ int CmdHFiClassReader_Dump(const char *Cmd)
   uint8_t key_sel[8] = {0};
   uint8_t key_sel_p[8] = { 0 };
 
-  //HACK -- Below is for testing without access to a tag
-  uint8_t fake_dummy_test = false;
-  if(fake_dummy_test)
-  {
-    uint8_t xdata[16] = {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0, //CSN from http://www.proxmark.org/forum/viewtopic.php?pid=11230#p11230
-                        0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; // Just a random CC. Would be good to add a real testcase here
-    memcpy(resp.d.asBytes,xdata, 16);
-    resp.arg[0] = 2;    
-  }
-  
-  //End hack
-
-
   UsbCommand c = {CMD_READER_ICLASS, {0}};
   c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC;
-  if(!fake_dummy_test)   
-    SendCommand(&c);
+  SendCommand(&c);
   
 
 
-  if (fake_dummy_test || WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
-        uint8_t isOK    = resp.arg[0] & 0xff;
-        uint8_t * data  = resp.d.asBytes;
+  if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
+  {
+         PrintAndLog("Command execute timeout");
+         return 0;
+  }
 
-        memcpy(CSN,data,8);
-        memcpy(CCNR,data+8,8);
+       uint8_t isOK    = resp.arg[0] & 0xff;
+       uint8_t * data  = resp.d.asBytes;
 
-        PrintAndLog("isOk:%02x", isOK);
+       memcpy(CSN,data,8);
+       memcpy(CCNR,data+8,8);
 
-        if(isOK > 0)
-        {
-            PrintAndLog("CSN: %s",sprint_hex(CSN,8));
-        }
-        if(isOK > 1)
-        {
-            if(elite)
-            {
-                //Get the key index (hash1)
-                uint8_t key_index[8] = {0};
-
-                hash1(CSN, key_index);
-                printvar("hash1", key_index,8);
-                for(i = 0; i < 8 ; i++)
-                    key_sel[i] = keytable[key_index[i]] & 0xFF;
-                PrintAndLog("Pre-fortified 'permuted' HS key that would be needed by an iclass reader to talk to above CSN:");
-                printvar("k_sel", key_sel,8);
-                //Permute from iclass format to standard format
-                permutekey_rev(key_sel,key_sel_p);
-                used_key = key_sel_p;
-            }else{
-                //Perhaps this should also be permuted to std format?
-                // Something like the code below? I have no std system
-                // to test this with /Martin
+       PrintAndLog("isOk:%02x", isOK);
 
-                //uint8_t key_sel_p[8] = { 0 };
-                //permutekey_rev(KEY,key_sel_p);
-                //used_key = key_sel_p;
+       if(isOK > 0)
+       {
+               PrintAndLog("CSN: %s",sprint_hex(CSN,8));
+       }
+       if(isOK <= 1){
+               PrintAndLog("Failed to obtain CC! Aborting");
+               return 0;
+       }
+       //Status 2 or higher
 
-                used_key = KEY;
+       if(elite)
+       {
+               //Get the key index (hash1)
+               uint8_t key_index[8] = {0};
+
+               hash1(CSN, key_index);
+               printvar("hash1", key_index,8);
+               for(i = 0; i < 8 ; i++)
+                       key_sel[i] = keytable[key_index[i]] & 0xFF;
+               PrintAndLog("Pre-fortified 'permuted' HS key that would be needed by an iclass reader to talk to above CSN:");
+               printvar("k_sel", key_sel,8);
+               //Permute from iclass format to standard format
+               permutekey_rev(key_sel,key_sel_p);
+               used_key = key_sel_p;
+       }else{
+               used_key = KEY;
+       }
 
-            }
+       PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:");
+       printvar("Used key",used_key,8);
+       diversifyKey(CSN,used_key, div_key);
+       PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
+       printvar("Div key", div_key, 8);
+       printvar("CC_NR:",CCNR,12);
+       doMAC(CCNR,12,div_key, MAC);
+       printvar("MAC", MAC, 4);
+
+       uint8_t iclass_data[32000] = {0};
+       uint8_t iclass_datalen = 0;
+       uint8_t iclass_blocksFailed = 0;//Set to 1 if dump was incomplete
+
+       UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
+       memcpy(d.d.asBytes, MAC, 4);
+       clearCommandBuffer();
+       SendCommand(&d);
+       PrintAndLog("Waiting for device to dump data. Press button on device and key on keyboard to abort...");
+       while (true) {
+               printf(".");
+               if (ukbhit()) {
+                       getchar();
+                       printf("\naborted via keyboard!\n");
+                       break;
+               }
+               if(WaitForResponseTimeout(CMD_ACK,&resp,4500))
+               {
+                       uint64_t dataLength = resp.arg[0];
+                       iclass_blocksFailed |= resp.arg[1];
+
+                       if(dataLength > 0)
+                       {
+                               memcpy(iclass_data, resp.d.asBytes,dataLength);
+                               iclass_datalen += dataLength;
+                       }else
+                       {//Last transfer, datalength 0 means the dump is finished
+                               PrintAndLog("Dumped %d bytes of data from tag. ", iclass_datalen);
+                               if(iclass_blocksFailed)
+                               {
+                                       PrintAndLog("OBS! Some blocks failed to be dumped correctly!");
+                               }
+                               if(iclass_datalen > 0)
+                               {
+                                       char filename[100] = {0};
+                                       //create a preferred filename
+                                       snprintf(filename, 100,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
+                                                        CSN[0],CSN[1],CSN[2],CSN[3],
+                                                        CSN[4],CSN[5],CSN[6],CSN[7]);
+                                       saveFile(filename,"bin",iclass_data, iclass_datalen );
+
+                               }
+                               //Aaaand we're finished
+                               return 0;
+                       }
+               }
+       }
 
-            PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:");
-            printvar("Used key",used_key,8);
-            diversifyKey(CSN,used_key, div_key);
-            PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
-            printvar("Div key", div_key, 8);
-            printvar("CC_NR:",CCNR,12);
-            doMAC(CCNR,12,div_key, MAC);
-            printvar("MAC", MAC, 4);
-
-            UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
-            memcpy(d.d.asBytes, MAC, 4);
-            if(!fake_dummy_test) SendCommand(&d);
-
-        }else{
-            PrintAndLog("Failed to obtain CC! Aborting");
-        }
-    } else {
-        PrintAndLog("Command execute timeout");
-    }
 
   return 0;
 }

diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index 8366b09bdb9bf69322a1c1d32669875bfc5f9631..bf874b624c40aad34a255834176233c4d1a65dbf 100644 (file)
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -10,7 +10,6 @@
 
 #include <stdio.h>
 #include <string.h>
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "ui.h"
@@ -266,7 +265,6 @@ int CmdLegicSave(const char *Cmd)
     int remainder = requested % 8;
     requested = requested + 8 - remainder;
   }
-  
   if (offset + requested > sizeof(got)) {
     PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024");
     return 0;

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 6d0bebd7f15f6cfbc7d30288710abdff033780ab..121736e99587103e2299d29006a4ab1e4c434970 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -36,7 +36,6 @@ start:
        //flush queue\r
        while (ukbhit())        getchar();\r
 \r
-       \r
        // wait cycle\r
        while (true) {\r
         printf(".");\r
@@ -78,6 +77,7 @@ start:
                num_to_bytes(r_key, 6, keyBlock);\r
                isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
        }\r
+       \r
        if (!isOK) \r
                PrintAndLog("Found valid key:%012"llx, r_key);\r
        else\r
@@ -88,6 +88,7 @@ start:
                goto start;\r
        }\r
        \r
+       PrintAndLog("");\r
        return 0;\r
 }\r
 \r
@@ -437,7 +438,6 @@ int CmdHF14AMfRdSc(const char *Cmd)
   return 0;\r
 }\r
 \r
-\r
 uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
 {\r
        if (sectorNo < 32) {\r
@@ -447,7 +447,6 @@ uint8_t FirstBlockOfSector(uint8_t sectorNo)
        }\r
 }\r
 \r
-\r
 uint8_t NumBlocksPerSector(uint8_t sectorNo)\r
 {\r
        if (sectorNo < 32) {\r
@@ -457,7 +456,6 @@ uint8_t NumBlocksPerSector(uint8_t sectorNo)
        }\r
 }\r
 \r
-\r
 int CmdHF14AMfDump(const char *Cmd)\r
 {\r
        uint8_t sectorNo, blockNo;\r
@@ -497,8 +495,7 @@ int CmdHF14AMfDump(const char *Cmd)
                return 1;\r
        }\r
        \r
-       // Read key file\r
-\r
+       // Read keys A from file\r
        for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
                if (fread( keyA[sectorNo], 1, 6, fin ) == 0) {\r
                        PrintAndLog("File reading error.");\r
@@ -507,6 +504,7 @@ int CmdHF14AMfDump(const char *Cmd)
                }\r
        }\r
        \r
+       // Read keys B from file\r
        for (sectorNo=0; sectorNo<numSectors; sectorNo++) {\r
                if (fread( keyB[sectorNo], 1, 6, fin ) == 0) {\r
                        PrintAndLog("File reading error.");\r
@@ -556,6 +554,7 @@ int CmdHF14AMfDump(const char *Cmd)
        for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {\r
                for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {\r
                        bool received = false;\r
+                       \r
                        if (blockNo == NumBlocksPerSector(sectorNo) - 1) {              // sector trailer. At least the Access Conditions can always be read with key A. \r
                                UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};\r
                                memcpy(c.d.asBytes, keyA[sectorNo], 6);\r
@@ -610,7 +609,6 @@ int CmdHF14AMfDump(const char *Cmd)
                                break;\r
                        }\r
                }\r
-\r
        }\r
 \r
        if (isOK) {\r
@@ -627,10 +625,8 @@ int CmdHF14AMfDump(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfRestore(const char *Cmd)\r
 {\r
-\r
        uint8_t sectorNo,blockNo;\r
        uint8_t keyType = 0;\r
        uint8_t key[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};\r
@@ -737,7 +733,6 @@ int CmdHF14AMfRestore(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfNested(const char *Cmd)\r
 {\r
        int i, j, res, iterations;\r
@@ -886,6 +881,7 @@ int CmdHF14AMfNested(const char *Cmd)
                                        PrintAndLog("-----------------------------------------------");\r
                                        if(mfnested(blockNo, keyType, key, FirstBlockOfSector(sectorNo), trgKeyType, keyBlock, calibrate)) {\r
                                                PrintAndLog("Nested error.\n");\r
+                                               free(e_sector);\r
                                                return 2;\r
                                        }\r
                                        else {\r
@@ -960,11 +956,9 @@ int CmdHF14AMfNested(const char *Cmd)
                \r
                free(e_sector);\r
        }\r
-\r
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfChk(const char *Cmd)\r
 {\r
        if (strlen(Cmd)<3) {\r
@@ -994,7 +988,6 @@ int CmdHF14AMfChk(const char *Cmd)
        int transferToEml = 0;\r
        int createDumpFile = 0;\r
 \r
-\r
        keyBlock = calloc(stKeyBlock, 6);\r
        if (keyBlock == NULL) return 1;\r
 \r
@@ -1021,7 +1014,6 @@ int CmdHF14AMfChk(const char *Cmd)
                num_to_bytes(defaultKeys[defaultKeyCounter], 6, (uint8_t*)(keyBlock + defaultKeyCounter * 6));\r
        }\r
        \r
-       \r
        if (param_getchar(Cmd, 0)=='*') {\r
                blockNo = 3;\r
                switch(param_getchar(Cmd+1, 0)) {\r
@@ -1114,6 +1106,7 @@ int CmdHF14AMfChk(const char *Cmd)
                                PrintAndLog("File: %s: not found or locked.", filename);\r
                                free(keyBlock);\r
                                return 1;\r
+                       \r
                        }\r
                }\r
        }\r
@@ -1191,11 +1184,10 @@ int CmdHF14AMfChk(const char *Cmd)
        }\r
 \r
        free(keyBlock);\r
-\r
+       PrintAndLog("");\r
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMf1kSim(const char *Cmd)\r
 {\r
        uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};\r
@@ -1261,7 +1253,6 @@ int CmdHF14AMf1kSim(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfDbg(const char *Cmd)\r
 {\r
        int dbgMode = param_get32ex(Cmd, 0, 0, 10);\r
@@ -1286,7 +1277,6 @@ int CmdHF14AMfDbg(const char *Cmd)
   return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfEGet(const char *Cmd)\r
 {\r
        uint8_t blockNo = 0;\r
@@ -1310,7 +1300,6 @@ int CmdHF14AMfEGet(const char *Cmd)
   return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfEClear(const char *Cmd)\r
 {\r
        if (param_getchar(Cmd, 0) == 'h') {\r
@@ -1383,7 +1372,7 @@ int CmdHF14AMfELoad(const char *Cmd)
        // open file\r
        f = fopen(filename, "r");\r
        if (f == NULL) {\r
-               PrintAndLog("File not found or locked.");\r
+               PrintAndLog("File %s not found or locked", filename);\r
                return 1;\r
        }\r
        \r
@@ -1407,8 +1396,8 @@ int CmdHF14AMfELoad(const char *Cmd)
                }\r
                for (i = 0; i < 32; i += 2) {\r
                        sscanf(&buf[i], "%02x", (unsigned int *)&buf8[i / 2]);\r
-//                     PrintAndLog("data[%02d]:%s", blockNum, sprint_hex(buf8, 16));\r
                }\r
+               \r
                if (mfEmlSetMem(buf8, blockNum, 1)) {\r
                        PrintAndLog("Cant set emul block: %3d", blockNum);\r
                        fclose(f);\r
@@ -1476,7 +1465,7 @@ int CmdHF14AMfESave(const char *Cmd)
                        break;\r
                }\r
                for (j = 0; j < 16; j++)\r
-                       fprintf(f, "%02x", buf[j]); \r
+                       fprintf(f, "%02X", buf[j]); \r
                fprintf(f,"\n");\r
        }\r
        fclose(f);\r
@@ -1554,8 +1543,8 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
 int CmdHF14AMfCSetUID(const char *Cmd)\r
 {\r
        uint8_t wipeCard = 0;\r
-       uint8_t uid[8] = {0};\r
-       uint8_t oldUid[8]= {0};\r
+       uint8_t uid[8] = {0x00};\r
+       uint8_t oldUid[8] = {0x00};\r
        int res;\r
 \r
        if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {\r
@@ -1583,10 +1572,10 @@ int CmdHF14AMfCSetUID(const char *Cmd)
                }\r
        \r
        PrintAndLog("old UID:%s", sprint_hex(oldUid, 4));\r
+       PrintAndLog("new UID:%s", sprint_hex(uid, 4));\r
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfCSetBlk(const char *Cmd)\r
 {\r
        uint8_t uid[8];\r
@@ -1721,7 +1710,6 @@ int CmdHF14AMfCLoad(const char *Cmd)
        }\r
 }\r
 \r
-\r
 int CmdHF14AMfCGetBlk(const char *Cmd) {\r
        uint8_t memBlock[16];\r
        uint8_t blockNo = 0;\r
@@ -1877,7 +1865,7 @@ int CmdHF14AMfCSave(const char *Cmd) {
 \r
 \r
 int CmdHF14AMfSniff(const char *Cmd){\r
-       // params\r
+\r
        bool wantLogToFile = 0;\r
        bool wantDecrypt = 0;\r
        //bool wantSaveToEml = 0; TODO\r
@@ -1904,8 +1892,8 @@ int CmdHF14AMfSniff(const char *Cmd){
                PrintAndLog("    l - save encrypted sequence to logfile `uid.log`");\r
                PrintAndLog("    d - decrypt sequence and put it to log file `uid.log`");\r
                PrintAndLog(" n/a   e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r
-               PrintAndLog("    r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
-               PrintAndLog("Usage:  hf mf sniff [l][d][e][r]");\r
+               PrintAndLog("    f - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
+               PrintAndLog("Usage:  hf mf sniff [l][d][e][f]");\r
                PrintAndLog("  sample: hf mf sniff l d e");\r
                return 0;\r
        }       \r
@@ -1961,8 +1949,9 @@ int CmdHF14AMfSniff(const char *Cmd){
                                PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);\r
                                num = 0;\r
                                while (bufPtr - buf < blockLen) {\r
-                                       bufPtr += 6;    // ignore void timing information\r
+                                       bufPtr += 6;\r
                                        len = *((uint16_t *)bufPtr);\r
+\r
                                        if(len & 0x8000) {\r
                                                isTag = true;\r
                                                len &= 0x7fff;\r
@@ -1971,6 +1960,7 @@ int CmdHF14AMfSniff(const char *Cmd){
                                        }\r
                                        bufPtr += 2;\r
                                        if ((len == 14) && (bufPtr[0] == 0xff) && (bufPtr[1] == 0xff) && (bufPtr[12] == 0xff) && (bufPtr[13] == 0xff)) {\r
+                                       \r
                                                memcpy(uid, bufPtr + 2, 7);\r
                                                memcpy(atqa, bufPtr + 2 + 7, 2);\r
                                                uid_len = (atqa[0] & 0xC0) == 0x40 ? 7 : 4;\r
@@ -1985,18 +1975,21 @@ int CmdHF14AMfSniff(const char *Cmd){
                                                        FillFileNameByUID(logHexFileName, uid + (7 - uid_len), ".log", uid_len);\r
                                                        AddLogCurrentDT(logHexFileName);\r
                                                }                                               \r
-                                               if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
+                                               if (wantDecrypt) \r
+                                                       mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
                                        } else {\r
                                                PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
-                                               if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
-                                               if (wantDecrypt) mfTraceDecode(bufPtr, len, wantSaveToEmlFile);\r
+                                               if (wantLogToFile) \r
+                                                       AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
+                                               if (wantDecrypt) \r
+                                                       mfTraceDecode(bufPtr, len, wantSaveToEmlFile);\r
                                        }\r
                                        bufPtr += len;\r
                                        bufPtr += ((len-1)/8+1);        // ignore parity\r
                                        num++;\r
                                }\r
                        }\r
-               } // resp not NILL\r
+               } // resp not NULL\r
        } // while (true)\r
        \r
        return 0;\r

diff --git a/client/cmdhfmf.h b/client/cmdhfmf.h
index 62e856ad6209cc3e98f462e404661db104ceddce..22dfd4de5071b709d8f10f06ae3c36fd51030a28 100644 (file)
--- a/client/cmdhfmf.h
+++ b/client/cmdhfmf.h
@@ -18,7 +18,6 @@
 #include "proxmark3.h"\r
 #include "iso14443crc.h"\r
 #include "data.h"\r
-//#include "proxusb.h"\r
 #include "ui.h"\r
 #include "cmdparser.h"\r
 #include "common.h"\r

diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c
index f29da8e0735be59f3f1edb2c2899f9777880f913..f6f103bf2b6df3ed432114edc703ac9b6f3e415a 100644 (file)
--- a/client/cmdlfem4x.c
+++ b/client/cmdlfem4x.c
@@ -11,9 +11,9 @@
 #include <stdio.h>
 #include <string.h>
 #include <inttypes.h>
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
+#include "util.h"
 #include "graph.h"
 #include "cmdparser.h"
 #include "cmddata.h"
@@ -22,20 +22,16 @@
 
 static int CmdHelp(const char *Cmd);
 
-
-
 int CmdEMdemodASK(const char *Cmd)
 {
-  int findone=0;
+       char cmdp = param_getchar(Cmd, 0);
+       int findone = (cmdp == '1') ? 1 : 0;    
   UsbCommand c={CMD_EM410X_DEMOD};
-  if(Cmd[0]=='1') findone=1;
   c.arg[0]=findone;
   SendCommand(&c);
   return 0;
 }
 
-
-
 /* Read the ID of an EM410x tag.
  * Format:
  *   1111 1111 1           <-- standard non-repeatable header
@@ -48,8 +44,8 @@ int CmdEM410xRead(const char *Cmd)
 {
   int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low;
   int parity[4];
-  char id[11];
-  char id2[11];
+  char id[11] = {0x00};
+  char id2[11] = {0x00};
   int retested = 0;
   uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
   high = low = 0;
@@ -201,7 +197,25 @@ retest:
  */
 int CmdEM410xSim(const char *Cmd)
 {
-  int i, n, j, h, binary[4], parity[4];
+       int i, n, j, binary[4], parity[4];
+
+       char cmdp = param_getchar(Cmd, 0);
+       uint8_t uid[5] = {0x00};
+
+       if (cmdp == 'h' || cmdp == 'H') {
+               PrintAndLog("Usage:  lf em4x 410xsim <UID>");
+               PrintAndLog("");
+               PrintAndLog("     sample: lf em4x 410xsim 0F0368568B");
+               return 0;
+       }
+
+       if (param_gethex(Cmd, 0, uid, 10)) {
+               PrintAndLog("UID must include 10 HEX symbols");
+               return 0;
+       }
+       
+       PrintAndLog("Starting simulating UID %02X%02X%02X%02X%02X", uid[0],uid[1],uid[2],uid[3],uid[4]);
+       PrintAndLog("Press pm3-button to about simulation");
 
   /* clock is 64 in EM410x tags */
   int clock = 64;
@@ -209,9 +223,6 @@ int CmdEM410xSim(const char *Cmd)
   /* clear our graph */
   ClearGraph(0);
 
-  /* write it out a few times */
-  for (h = 0; h < 4; h++)
-  {
     /* write 9 start bits */
     for (i = 0; i < 9; i++)
       AppendGraph(0, clock, 1);
@@ -248,38 +259,38 @@ int CmdEM410xSim(const char *Cmd)
     AppendGraph(0, clock, parity[3]);
 
     /* stop bit */
-    AppendGraph(0, clock, 0);
-  }
-
-  /* modulate that biatch */
-  CmdManchesterMod("");
-
-  /* booyah! */
-  RepaintGraphWindow();
-  
-  CmdLFSim("");
+  AppendGraph(1, clock, 0);
+ 
+  CmdLFSim("240"); //240 start_gap.
   return 0;
 }
 
-/* Function is equivalent of loread + losamples + em410xread
- * looped until an EM410x tag is detected */
+/* Function is equivalent of lf read + data samples + em410xread
+ * looped until an EM410x tag is detected 
+ * 
+ * Why is CmdSamples("16000")?
+ *  TBD: Auto-grow sample size based on detected sample rate.  IE: If the
+ *       rate gets lower, then grow the number of samples
+ *  Changed by martin, 4000 x 4 = 16000, 
+ *  see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
+
+*/
 int CmdEM410xWatch(const char *Cmd)
 {
-  int read_h = (*Cmd == 'h');
-  do
-  {
-    CmdLFRead(read_h ? "h" : "");
-    // 2000 samples is OK for clock=64, but not clock=32.  Probably want
-               //   8000 for clock=16.  Don't want to go too high since old HID driver
-               //   is very slow
-               // TBD: Auto-grow sample size based on detected sample rate.  IE: If the
-               //   rate gets lower, then grow the number of samples
-
-    // Changed by martin, 4000 x 4 = 16000, 
-    // see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
-               CmdSamples("16000");
- } while ( ! CmdEM410xRead(""));
-  return 0;
+       char cmdp = param_getchar(Cmd, 0);
+       int read_h = (cmdp == 'h');
+       do {
+               if (ukbhit()) {
+                       printf("\naborted via keyboard!\n");
+                       break;
+               }
+               
+               CmdLFRead(read_h ? "h" : "");
+               CmdSamples("6000");             
+       } while (
+               !CmdEM410xRead("") 
+       );
+       return 0;
 }
 
 /* Read the transmitted data of an EM4x50 tag

diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c
index 5d841ae12ace3fd60ff02c5611f73fb2a27a2a89..c6d54e78e24bbbbbf44f9342cdbb7c6567f278d6 100644 (file)
--- a/client/cmdlfhid.c
+++ b/client/cmdlfhid.c
@@ -10,7 +10,6 @@
 
 #include <stdio.h>
 #include <string.h>
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "graph.h"
@@ -41,8 +40,8 @@ int CmdHIDDemod(const char *Cmd)
 int CmdHIDDemodFSK(const char *Cmd)
 {
   int findone=0;
+       if(Cmd[0]=='1') findone=1;
   UsbCommand c={CMD_HID_DEMOD_FSK};
-  if(Cmd[0]=='1') findone=1;
   c.arg[0]=findone;
   SendCommand(&c);
   return 0;
@@ -59,6 +58,7 @@ int CmdHIDSim(const char *Cmd)
   }
 
   PrintAndLog("Emulating tag with ID %x%16x", hi, lo);
+  PrintAndLog("Press pm3-button to abort simulation");
 
   UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
   SendCommand(&c);

diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c
index 32d38aebef926dff73284e5ea3688dbe9a651462..ab4a26095c6eb53ffad04489efb497c8bfc97d17 100644 (file)
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@@ -12,7 +12,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include "data.h"
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "cmdparser.h"
@@ -225,7 +224,7 @@ int CmdLFHitagReader(const char *Cmd) {
   return 0;
 }
 
-static command_t CommandTableHitag[] = 
+static command_t CommandTable[] = 
 {
   {"help",    CmdHelp,           1, "This help"},
   {"list",    CmdLFHitagList,    1, "List Hitag trace history"},
@@ -237,12 +236,12 @@ static command_t CommandTableHitag[] =
 
 int CmdLFHitag(const char *Cmd)
 {
-  CmdsParse(CommandTableHitag, Cmd);
+  CmdsParse(CommandTable, Cmd);
   return 0;
 }
 
 int CmdHelp(const char *Cmd)
 {
-  CmdsHelp(CommandTableHitag);
+  CmdsHelp(CommandTable);
   return 0;
 }

diff --git a/client/cmdlfio.c b/client/cmdlfio.c
index 7482ad97687c3ac9561943617ce2bcaee292c60a..14ce5498dc3f16752410019f2f652f5c38520f85 100644 (file)
--- a/client/cmdlfio.c
+++ b/client/cmdlfio.c
@@ -3,7 +3,6 @@
 #include <string.h>
 #include <inttypes.h>
 #include <limits.h>
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
@@ -19,26 +18,21 @@ int CmdIODemodFSK(const char *Cmd)
 {
   int findone=0;
   if(Cmd[0]=='1') findone=1;
+       
   UsbCommand c={CMD_IO_DEMOD_FSK};
   c.arg[0]=findone;
   SendCommand(&c);
   return 0;
 }
 
-
 int CmdIOProxDemod(const char *Cmd){
   if (GraphTraceLen < 4800) {
     PrintAndLog("too short; need at least 4800 samples");
     return 0;
   }
-
   GraphTraceLen = 4800;
   for (int i = 0; i < GraphTraceLen; ++i) {
-    if (GraphBuffer[i] < 0) {
-      GraphBuffer[i] = 0;
-    } else {
-      GraphBuffer[i] = 1;
-    }
+    GraphBuffer[i] = (GraphBuffer[i] < 0) ? 0 : 1;
   }
   RepaintGraphWindow();
   return 0;
@@ -61,7 +55,7 @@ int CmdIOClone(const char *Cmd)
   }
 
   PrintAndLog("Cloning tag with ID %08x %08x", hi, lo);
-
+  PrintAndLog("Press pm3-button to abort simulation");
   c.cmd = CMD_IO_CLONE_TAG;
   c.arg[0] = hi;
   c.arg[1] = lo;

diff --git a/client/cmdlfpcf7931.c b/client/cmdlfpcf7931.c
index 13917146f8e510f23df8d949d326df881953e1af..0d8fb93d4c2d89024d26507f8039e2657a66b4b5 100644 (file)
--- a/client/cmdlfpcf7931.c
+++ b/client/cmdlfpcf7931.c
@@ -10,7 +10,6 @@
 
 #include <stdio.h>
 #include <string.h>
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "ui.h"
 #include "graph.h"

diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index 9783370ce19c0980cfa698649b9d3aecf0c009b7..a719c7ad7a56e4a6216e910aa4d28cad3069007d 100644 (file)
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -10,7 +10,6 @@
 #include <stdio.h>\r
 #include <string.h>\r
 #include <inttypes.h>\r
-//#include "proxusb.h"\r
 #include "proxmark3.h"\r
 #include "ui.h"\r
 #include "graph.h"\r

diff --git a/client/cmdlfti.c b/client/cmdlfti.c
index 26128e2f029f4a37ded25678348a8c3646a086ae..cb5fcd790b879544fd57ea3e09eb5370ce9223b0 100644 (file)
--- a/client/cmdlfti.c
+++ b/client/cmdlfti.c
@@ -11,7 +11,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include "crc16.h"
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "data.h"
 #include "ui.h"

diff --git a/client/cmdmain.c b/client/cmdmain.c
index b2723490535c46040a22b05cdb91febd69079806..8d590e9e6ce76ea0538cca4fa964ede1a0d79596 100644 (file)
--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@@ -28,9 +28,6 @@
 
 
 unsigned int current_command = CMD_UNKNOWN;
-//unsigned int received_command = CMD_UNKNOWN;
-//UsbCommand current_response;
-//UsbCommand current_response_user;
 
 static int CmdHelp(const char *Cmd);
 static int CmdQuit(const char *Cmd);
@@ -47,9 +44,9 @@ static command_t CommandTable[] =
 {
   {"help",  CmdHelp,  1, "This help. Use '<command> help' for details of a particular command."},
   {"data",  CmdData,  1, "{ Plot window / data buffer manipulation... }"},
-  {"hf",    CmdHF,    1, "{ HF commands... }"},
+  {"hf",       CmdHF,          1, "{ High Frequency commands... }"},
   {"hw",    CmdHW,    1, "{ Hardware commands... }"},
-  {"lf",    CmdLF,    1, "{ LF commands... }"},
+  {"lf",       CmdLF,          1, "{ Low Frequency commands... }"},
   {"script", CmdScript,   1,"{ Scripting commands }"},
   {"quit",  CmdQuit,  1, "Exit program"},
   {"exit",  CmdQuit,  1, "Exit program"},
@@ -136,20 +133,17 @@ bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeou
   
   UsbCommand resp;
 
-  if (response == NULL) {
+       if (response == NULL)
     response = &resp;
-  }
+
 
   // Wait until the command is received
   for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
 
-      while(getCommand(response))
-      {
+               while(getCommand(response)) {
           if(response->cmd == cmd){
-          //We got what we expected
           return true;
           }
-
       }
         msleep(10); // XXX ugh
         if (dm_seconds == 200) { // Two seconds elapsed
@@ -178,95 +172,30 @@ void CommandReceived(char *Cmd) {
 //-----------------------------------------------------------------------------
 void UsbCommandReceived(UsbCommand *UC)
 {
-  /*
-  //  Debug
-  printf("UsbCommand length[len=%zd]\n",sizeof(UsbCommand));
-  printf("  cmd[len=%zd]: %"llx"\n",sizeof(UC->cmd),UC->cmd);
-  printf(" arg0[len=%zd]: %"llx"\n",sizeof(UC->arg[0]),UC->arg[0]);
-  printf(" arg1[len=%zd]: %"llx"\n",sizeof(UC->arg[1]),UC->arg[1]);
-  printf(" arg2[len=%zd]: %"llx"\n",sizeof(UC->arg[2]),UC->arg[2]);
-  printf(" data[len=%zd]: %02x%02x%02x...\n",sizeof(UC->d.asBytes),UC->d.asBytes[0],UC->d.asBytes[1],UC->d.asBytes[2]);
-  */
-
-  //   printf("%s(%x) current cmd = %x\n", __FUNCTION__, c->cmd, current_command);
-  // If we recognize a response, return to avoid further processing
-  switch(UC->cmd) {
-      // First check if we are handling a debug message
-    case CMD_DEBUG_PRINT_STRING: {
-      char s[USB_CMD_DATA_SIZE+1];
-      size_t len = MIN(UC->arg[0],USB_CMD_DATA_SIZE);
-      memcpy(s,UC->d.asBytes,len);
-      s[len] = 0x00;
-      PrintAndLog("#db# %s       ", s);
-      return;
-    } break;
-
-    case CMD_DEBUG_PRINT_INTEGERS: {
-      PrintAndLog("#db# %08x, %08x, %08x       \r\n", UC->arg[0], UC->arg[1], UC->arg[2]);
-      return;
-    } break;
-
-    // case CMD_MEASURED_ANTENNA_TUNING: {
-      // int peakv, peakf;
-      // int vLf125, vLf134, vHf;
-      // vLf125 = UC->arg[0] & 0xffff;
-      // vLf134 = UC->arg[0] >> 16;
-      // vHf = UC->arg[1] & 0xffff;;
-      // peakf = UC->arg[2] & 0xffff;
-      // peakv = UC->arg[2] >> 16;
-      // PrintAndLog("");
-      // PrintAndLog("# LF antenna: %5.2f V @   125.00 kHz", vLf125/1000.0);
-      // PrintAndLog("# LF antenna: %5.2f V @   134.00 kHz", vLf134/1000.0);
-      // PrintAndLog("# LF optimal: %5.2f V @%9.2f kHz", peakv/1000.0, 12000.0/(peakf+1));
-      // PrintAndLog("# HF antenna: %5.2f V @    13.56 MHz", vHf/1000.0);
-      // if (peakv<2000)
-        // PrintAndLog("# Your LF antenna is unusable.");
-      // else if (peakv<10000)
-        // PrintAndLog("# Your LF antenna is marginal.");
-      // if (vHf<2000)
-        // PrintAndLog("# Your HF antenna is unusable.");
-      // else if (vHf<5000)
-        // PrintAndLog("# Your HF antenna is marginal.");
-    // } break;
-      
-    case CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K: {
-//      printf("received samples: ");
-//      print_hex(UC->d.asBytes,512);
-      sample_buf_len += UC->arg[1];
-//      printf("samples: %zd offset: %d\n",sample_buf_len,UC->arg[0]);
-      memcpy(sample_buf+(UC->arg[0]),UC->d.asBytes,UC->arg[1]);
-    } break;
-
-
-//    case CMD_ACK: {
-//      PrintAndLog("Receive ACK\n");
-//    } break;
-
-    default: {
-      // Maybe it's a response
-      /*
-      switch(current_command) {
-        case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K: {
-          if (UC->cmd != CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K) {
-            PrintAndLog("unrecognized command %08x\n", UC->cmd);
-            break;
-          }
-//          int i;
-          PrintAndLog("received samples %d\n",UC->arg[0]);
-          memcpy(sample_buf+UC->arg[0],UC->d.asBytes,48);
-          sample_buf_len += 48;
-//          for(i=0; i<48; i++) sample_buf[i] = UC->d.asBytes[i];
-          //received_command = UC->cmd;
-        } break;
-
-        default: {
-        } break;
-      }*/
-    }
-      break;
-  }
-
-  storeCommand(UC);
+       switch(UC->cmd) {
+               // First check if we are handling a debug message
+               case CMD_DEBUG_PRINT_STRING: {
+                       char s[USB_CMD_DATA_SIZE+1] = {0x00};
+                       size_t len = MIN(UC->arg[0],USB_CMD_DATA_SIZE);
+                       memcpy(s,UC->d.asBytes,len);
+                       PrintAndLog("#db# %s       ", s);
+                       return;
+               } break;
+
+               case CMD_DEBUG_PRINT_INTEGERS: {
+                       PrintAndLog("#db# %08x, %08x, %08x       \r\n", UC->arg[0], UC->arg[1], UC->arg[2]);
+                       return;
+               } break;
+
+               case CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K: {
+                       sample_buf_len += UC->arg[1];
+                       memcpy(sample_buf+(UC->arg[0]),UC->d.asBytes,UC->arg[1]);
+               } break;
+
+               default:
+                       break;
+       }
 
+       storeCommand(UC);
 }
 

diff --git a/client/data.c b/client/data.c
index 51134d487a279901e873616a1767120dee0e8511..3f0193266578b179a1dc1b247965fff150d2f38c 100644 (file)
--- a/client/data.c
+++ b/client/data.c
@@ -12,7 +12,6 @@
 #include <stdint.h>
 #include "data.h"
 #include "ui.h"
-//#include "proxusb.h"
 #include "proxmark3.h"
 #include "cmdmain.h"
 
@@ -23,22 +22,6 @@ void GetFromBigBuf(uint8_t *dest, int bytes, int start_index)
 {
   sample_buf_len = 0;
   sample_buf = dest;
-//     start_index = ((start_index/12)*12);
-//    int n = start_index + bytes;
-    /*
-     if (n % 48 != 0) {
-     PrintAndLog("bad len in GetFromBigBuf");
-     return;
-     }
-     */
   UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {start_index, bytes, 0}};
   SendCommand(&c);
-/*
-  for (int i = start_index; i < n; i += 48) {
-        UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {i, 0, 0}};
-        SendCommand(&c);
-//        WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K);
-//        memcpy(dest+(i*4), sample_buf, 48);
-    }
-*/
 }

diff --git a/client/flash.c b/client/flash.c
index 3a0a1cda61b8564fdad3012cddf4f7b88496d6a2..4e222ece2c213a3c898f8ecfb60890256dc3e63a 100644 (file)
--- a/client/flash.c
+++ b/client/flash.c
@@ -13,7 +13,6 @@
 #include <stdlib.h>
 #include "proxmark3.h"
 #include "sleep.h"
-//#include "proxusb.h"
 #include "flash.h"
 #include "elf.h"
 #include "proxendian.h"
@@ -276,7 +275,6 @@ static int get_proxmark_state(uint32_t *state)
 {
        UsbCommand c;
        c.cmd = CMD_DEVICE_INFO;
-//     SendCommand_(&c);
   SendCommand(&c);
        UsbCommand resp;
        ReceiveCommand(&resp);
@@ -391,7 +389,6 @@ int flash_start_flashing(int enable_bl_writes,char *serial_port_name)
                        c.arg[2] = 0;
                }
                SendCommand(&c);
-//             SendCommand_(&c);
                return wait_for_ack();
        } else {
                fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n");
@@ -408,22 +405,8 @@ static int write_block(uint32_t address, uint8_t *data, uint32_t length)
        memset(block_buf, 0xFF, BLOCK_SIZE);
        memcpy(block_buf, data, length);
   UsbCommand c;
-/*
-       c.cmd = {CMD_SETUP_WRITE};
-       for (int i = 0; i < 240; i += 48) {
-               memcpy(c.d.asBytes, block_buf + i, 48);
-               c.arg[0] = i / 4;
-               SendCommand(&c);
-//             SendCommand_(&c);
-               if (wait_for_ack() < 0) {
-                       return -1;
-    }
-       }
-*/
        c.cmd = CMD_FINISH_WRITE;
        c.arg[0] = address;
-//     memcpy(c.d.asBytes, block_buf+240, 16);
-//     SendCommand_(&c);
        memcpy(c.d.asBytes, block_buf, length);
   SendCommand(&c);
   return wait_for_ack();
@@ -486,7 +469,6 @@ void flash_free(flash_file_t *ctx)
 // just reset the unit
 int flash_stop_flashing(void) {
        UsbCommand c = {CMD_HARDWARE_RESET};
-//     SendCommand_(&c);
   SendCommand(&c);
   msleep(100);
   return 0;

diff --git a/client/loclass/fileutils.c b/client/loclass/fileutils.c
index 9ea9d1454df2af9861fcb20fc061ce5bdd8e53fa..206d9695c0e37f4f8decd168a667fb9d5208b5b4 100644 (file)
--- a/client/loclass/fileutils.c
+++ b/client/loclass/fileutils.c
@@ -11,8 +11,14 @@
  * @return
  */
 int fileExists(const char *filename) {
+
+#ifdef _WIN32
+       struct _stat st;
+       int result = _stat(filename, &st);
+#else
        struct stat st;
        int result = stat(filename, &st);
+#endif
        return result == 0;
 }
 
@@ -40,7 +46,7 @@ int saveFile(const char *preferredName, const char *suffix, const void* data, si
        }
        fwrite(data, 1, datalen, fileHandle);
        fclose(fileHandle);
-       PrintAndLog(">Saved data to '%s'", fileName);
+       PrintAndLog("Saved data to '%s'", fileName);
 
        free(fileName);
 

diff --git a/client/mifarehost.c b/client/mifarehost.c
index 378fb2e5150590a126e48b508198d65cf31f867c..d025918d9130aac580d0b564e32082243cdfa526 100644 (file)
--- a/client/mifarehost.c
+++ b/client/mifarehost.c
@@ -26,8 +26,6 @@ int compar_int(const void * a, const void * b) {
        else return -1;\r
 }\r
 \r
-\r
-\r
 // Compare 16 Bits out of cryptostate\r
 int Compare16Bits(const void * a, const void * b) {\r
        if ((*(uint64_t*)b & 0x00ff000000ff0000) == (*(uint64_t*)a & 0x00ff000000ff0000)) return 0;\r
@@ -35,7 +33,6 @@ int Compare16Bits(const void * a, const void * b) {
        else return -1;\r
 }\r
 \r
-\r
 typedef \r
        struct {\r
                union {\r
@@ -70,16 +67,12 @@ void* nested_worker_thread(void *arg)
        return statelist->head.slhead;\r
 }\r
 \r
-\r
-\r
-\r
 int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t * key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t * resultKey, bool calibrate) \r
 {\r
        uint16_t i, len;\r
        uint32_t uid;\r
        UsbCommand resp;\r
 \r
-       \r
        StateList_t statelists[2];\r
        struct Crypto1State *p1, *p2, *p3, *p4;\r
        \r
@@ -239,12 +232,11 @@ int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount) {
 // "MAGIC" CARD\r
 \r
 int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {\r
-       uint8_t block0[16];\r
-       memset(block0, 0, 16);\r
+       uint8_t block0[16] = {0x00};\r
        memcpy(block0, uid, 4); \r
        block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // Mifare UID BCC\r
        // mifare classic SAK(byte 5) and ATQA(byte 6 and 7)\r
-       block0[5] = 0x88;\r
+       block0[5] = 0x08;\r
        block0[6] = 0x04;\r
        block0[7] = 0x00;\r
        \r
@@ -252,9 +244,9 @@ int mfCSetUID(uint8_t *uid, uint8_t *oldUID, bool wantWipe) {
 }\r
 \r
 int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params) {\r
-       uint8_t isOK = 0;\r
 \r
-       UsbCommand c = {CMD_MIFARE_EML_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};\r
+       uint8_t isOK = 0;\r
+       UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};\r
        memcpy(c.d.asBytes, data, 16); \r
        SendCommand(&c);\r
 \r
@@ -273,7 +265,7 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uin
 int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {\r
        uint8_t isOK = 0;\r
 \r
-       UsbCommand c = {CMD_MIFARE_EML_CGETBLOCK, {params, 0, blockNo}};\r
+       UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};\r
        SendCommand(&c);\r
 \r
   UsbCommand resp;\r
@@ -296,7 +288,7 @@ static uint8_t trailerAccessBytes[4] = {0x08, 0x77, 0x8F, 0x00};
 // variables\r
 char logHexFileName[200] = {0x00};\r
 static uint8_t traceCard[4096] = {0x00};\r
-static char traceFileName[200] = {0};\r
+static char traceFileName[200] = {0x00};\r
 static int traceState = TRACE_IDLE;\r
 static uint8_t traceCurBlock = 0;\r
 static uint8_t traceCurKey = 0;\r
@@ -522,7 +514,6 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
        case TRACE_AUTH1: \r
                if (len == 4) {\r
                        traceState = TRACE_AUTH2;\r
-\r
                        nt = bytes_to_num(data, 4);\r
                        return 0;\r
                } else {\r
@@ -558,6 +549,7 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
                        lfsr_rollback_word(revstate, 0, 0);\r
                        lfsr_rollback_word(revstate, nr_enc, 1);\r
                        lfsr_rollback_word(revstate, uid ^ nt, 0);\r
+\r
                        crypto1_get_lfsr(revstate, &lfsr);\r
                        printf("key> %x%x\n", (unsigned int)((lfsr & 0xFFFFFFFF00000000) >> 32), (unsigned int)(lfsr & 0xFFFFFFFF));\r
                        AddLogUint64(logHexFileName, "key> ", lfsr); \r

diff --git a/client/mifarehost.h b/client/mifarehost.h
index cb99a4073840d7a9632e669a4fe8419bbab054f9..3e946cd9279550cdd2cd8e9d2fbddd98af57bce6 100644 (file)
--- a/client/mifarehost.h
+++ b/client/mifarehost.h
@@ -15,7 +15,6 @@
 #include "cmdmain.h"\r
 #include "ui.h"\r
 #include "data.h"\r
-//#include "proxusb.h"\r
 #include "util.h"\r
 #include "nonce2key/nonce2key.h"\r
 #include "nonce2key/crapto1.h"\r

diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c
index 61215420ff604ec464d40afd450998f0d0fada20..6c0fcafa09ef6bb9c038a6f593de93a0495d9400 100644 (file)
--- a/client/nonce2key/crapto1.c
+++ b/client/nonce2key/crapto1.c
@@ -549,7 +549,6 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8],
                                free(odd);\r
                                free(even);\r
                 return 0;\r
-\r
        }\r
 \r
        s = statelist;\r

diff --git a/client/proxguiqt.cpp b/client/proxguiqt.cpp
index a820fe419d44f0ba604cc3c323667b1e07101e2a..3e9bdfd5f7add82182a3675c015f560e44e84313 100644 (file)
--- a/client/proxguiqt.cpp
+++ b/client/proxguiqt.cpp
@@ -280,7 +280,7 @@ void ProxWidget::paintEvent(QPaintEvent *event)
 
 ProxWidget::ProxWidget(QWidget *parent) : QWidget(parent), GraphStart(0), GraphPixelsPerPoint(1)
 {
-       resize(600, 500);
+       resize(600, 300);
 
        QPalette palette(QColor(0,0,0,0));
        palette.setColor(QPalette::WindowText, QColor(255,255,255));

diff --git a/client/proxmark3.c b/client/proxmark3.c
index bf0f3817f5223c9c3f798f21e817ba67216b7e3e..0e2a698c1b8ca3783f2a1bc16d980539c423ce22 100644 (file)
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@@ -16,7 +16,7 @@
 #include <unistd.h>
 #include <readline/readline.h>
 #include <readline/history.h>
-//#include "proxusb.h"
+
 #include "proxmark3.h"
 #include "proxgui.h"
 #include "cmdmain.h"
@@ -34,16 +34,11 @@ static UsbCommand txcmd;
 volatile static bool txcmd_pending = false;
 
 void SendCommand(UsbCommand *c) {
-#if 0
-  printf("Sending %d bytes\n", sizeof(UsbCommand));
-#endif
-/*
-  if (txcmd_pending) {
-    ERR("Sending command failed, previous command is still pending");
-  }
-*/
-  if(offline)
-    {
+       #if 0
+               printf("Sending %d bytes\n", sizeof(UsbCommand));
+       #endif
+
+       if (offline) {
       PrintAndLog("Sending bytes to proxmark failed - offline");
       return;
     }
@@ -52,137 +47,116 @@ void SendCommand(UsbCommand *c) {
        or disconnected. The main console thread is alive, but comm thread just spins here.
        Not good.../holiman
        **/
-  while(txcmd_pending);
-  txcmd = *c;
-  txcmd_pending = true;
+       while(txcmd_pending);
+       txcmd = *c;
+       txcmd_pending = true;
 }
 
 struct receiver_arg {
-  int run;
+       int run;
 };
 
 struct main_loop_arg {
-  int usb_present;
-  char *script_cmds_file;
+       int usb_present;
+       char *script_cmds_file;
 };
 
-//static void *usb_receiver(void *targ) {
-//  struct receiver_arg *arg = (struct receiver_arg*)targ;
-//  UsbCommand cmdbuf;
-//
-//  while (arg->run) {
-//    if (ReceiveCommandPoll(&cmdbuf)) {
-//      UsbCommandReceived(&cmdbuf);
-//      fflush(NULL);
-//    }
-//  }
-//
-//  pthread_exit(NULL);
-//  return NULL;
-//}
-
 byte_t rx[0x1000000];
 byte_t* prx = rx;
 
 static void *uart_receiver(void *targ) {
-  struct receiver_arg *arg = (struct receiver_arg*)targ;
-  size_t rxlen;
-  size_t cmd_count;
-  
-  while (arg->run) {
-    rxlen = sizeof(UsbCommand);
-    if (uart_receive(sp,prx,&rxlen)) {
-      prx += rxlen;
-      if (((prx-rx) % sizeof(UsbCommand)) != 0) {
-        continue;
-      }
-      cmd_count = (prx-rx) / sizeof(UsbCommand);
-      //      printf("received %d bytes, which represents %d commands\n",(prx-rx), cmd_count);
-      for (size_t i=0; i<cmd_count; i++) {
-        UsbCommandReceived((UsbCommand*)(rx+(i*sizeof(UsbCommand))));
-      }
-    }
-    prx = rx;
-    
-    if(txcmd_pending) {
-      if (!uart_send(sp,(byte_t*)&txcmd,sizeof(UsbCommand))) {
-        PrintAndLog("Sending bytes to proxmark failed");
-      }
-      txcmd_pending = false;
-    }
-  }
-  
-  pthread_exit(NULL);
-  return NULL;
+       struct receiver_arg *arg = (struct receiver_arg*)targ;
+       size_t rxlen;
+       size_t cmd_count;
+
+       while (arg->run) {
+               rxlen = sizeof(UsbCommand);
+               if (uart_receive(sp, prx, &rxlen)) {
+                       prx += rxlen;
+                       if (((prx-rx) % sizeof(UsbCommand)) != 0) {
+                               continue;
+                       }
+                       cmd_count = (prx-rx) / sizeof(UsbCommand);
+
+                       for (size_t i = 0; i < cmd_count; i++) {
+                               UsbCommandReceived((UsbCommand*)(rx+(i*sizeof(UsbCommand))));
+                       }
+               }
+               prx = rx;
+
+               if(txcmd_pending) {
+                       if (!uart_send(sp, (byte_t*) &txcmd, sizeof(UsbCommand))) {
+                               PrintAndLog("Sending bytes to proxmark failed");
+                       }
+                       txcmd_pending = false;
+               }
+       }
+
+       pthread_exit(NULL);
+       return NULL;
 }
 
 static void *main_loop(void *targ) {
-  struct main_loop_arg *arg = (struct main_loop_arg*)targ;
-  struct receiver_arg rarg;
-  char *cmd = NULL;
-  pthread_t reader_thread;
-  
-  if (arg->usb_present == 1) {
-    rarg.run=1;
-    // pthread_create(&reader_thread, NULL, &usb_receiver, &rarg);
-    pthread_create(&reader_thread, NULL, &uart_receiver, &rarg);
-  }
-  
-  FILE *script_file = NULL;
-  char script_cmd_buf[256];
+       struct main_loop_arg *arg = (struct main_loop_arg*)targ;
+       struct receiver_arg rarg;
+       char *cmd = NULL;
+       pthread_t reader_thread;
   
-  if (arg->script_cmds_file)
-  {
-    script_file = fopen(arg->script_cmds_file, "r");
-    if (script_file)
-    {
-      printf("using 'scripting' commands file %s\n", arg->script_cmds_file);
-    }
-  }
+       if (arg->usb_present == 1) {
+               rarg.run = 1;
+               pthread_create(&reader_thread, NULL, &uart_receiver, &rarg);
+       }
+
+       FILE *script_file = NULL;
+       char script_cmd_buf[256];  // iceman, needs lua script the same file_path_buffer as the rest
+
+       if (arg->script_cmds_file) {
+               script_file = fopen(arg->script_cmds_file, "r");
+               if (script_file) {
+                       printf("using 'scripting' commands file %s\n", arg->script_cmds_file);
+               }
+       }
 
        read_history(".history");
-       while(1)
-  {
-    // If there is a script file
-    if (script_file)
-    {
-      if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file))
-      {
-        fclose(script_file);
-        script_file = NULL;
-      }
-      else
-      {
-        char *nl;
-        nl = strrchr(script_cmd_buf, '\r');
-        if (nl) *nl = '\0';
-        nl = strrchr(script_cmd_buf, '\n');
-        if (nl) *nl = '\0';
-        
-        if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL)
-        {
-          memset(cmd, 0, strlen(script_cmd_buf));
-          strcpy(cmd, script_cmd_buf);
-          printf("%s\n", cmd);
-        }
-      }
-    }
-               
-               if (!script_file)
+
+       while(1)  {
+
+               // If there is a script file
+               if (script_file)
                {
-      cmd = readline(PROXPROMPT);
+                       if (!fgets(script_cmd_buf, sizeof(script_cmd_buf), script_file)) {
+                               fclose(script_file);
+                               script_file = NULL;
+                       } else {
+                               char *nl;
+                               nl = strrchr(script_cmd_buf, '\r');
+                               if (nl) *nl = '\0';
+                               
+                               nl = strrchr(script_cmd_buf, '\n');
+                               if (nl) *nl = '\0';
+
+                               if ((cmd = (char*) malloc(strlen(script_cmd_buf) + 1)) != NULL) {
+                                       memset(cmd, 0, strlen(script_cmd_buf));
+                                       strcpy(cmd, script_cmd_buf);
+                                       printf("%s\n", cmd);
+                               }
+                       }
+               }
+               
+               if (!script_file) {
+                       cmd = readline(PROXPROMPT);
                }
                
                if (cmd) {
+
                        while(cmd[strlen(cmd) - 1] == ' ')
-        cmd[strlen(cmd) - 1] = 0x00;
+                               cmd[strlen(cmd) - 1] = 0x00;
                        
                        if (cmd[0] != 0x00) {
                                if (strncmp(cmd, "quit", 4) == 0) {
                                        exit(0);
                                        break;
                                }
-                               
                                CommandReceived(cmd);
                                add_history(cmd);
                        }
@@ -195,29 +169,20 @@ static void *main_loop(void *targ) {
   
        write_history(".history");
   
-  if (arg->usb_present == 1) {
-    rarg.run = 0;
-    pthread_join(reader_thread, NULL);
-  }
-  
-  if (script_file)
-  {
-    fclose(script_file);
-    script_file = NULL;
-  }
-  
-  ExitGraphics();
-  pthread_exit(NULL);
-  return NULL;
-}
+       if (arg->usb_present == 1) {
+               rarg.run = 0;
+               pthread_join(reader_thread, NULL);
+       }
 
-//static void dumpHelp(char  *parent, ...)
-//{
-//  printf("## %s\n\n", parent);
-//  CommandReceived(parent);
-//  
-//  printf("\n");
-//}
+       if (script_file) {
+               fclose(script_file);
+               script_file = NULL;
+       }
+
+       ExitGraphics();
+       pthread_exit(NULL);
+       return NULL;
+}
 
 static void dumpAllHelp(int markdown)
 {
@@ -258,17 +223,6 @@ int main(int argc, char* argv[]) {
        };
        pthread_t main_loop_t;
 
-/*
-  usb_init();
-  if (!OpenProxmark(1)) {
-    fprintf(stderr,"PROXMARK3: NOT FOUND!\n");
-    marg.usb_present = 0;
-    offline = 1;
-  } else {
-    marg.usb_present = 1;
-    offline = 0;
-  }
-*/
   
        sp = uart_open(argv[1]);
        if (sp == INVALID_SERIAL_PORT) {
@@ -309,10 +263,6 @@ int main(int argc, char* argv[]) {
 
        pthread_join(main_loop_t, NULL);
 
-//  if (marg.usb_present == 1) {
-//    CloseProxmark();
-//  }
-
        // Clean up the port
        uart_close(sp);
   

diff --git a/client/scripts/formatMifare.lua b/client/scripts/formatMifare.lua
index 1ced0c28d245f02c01b347ffa032b37b7075998e..0d735e98f72a7ce4d3c099fbfe916894cdca92a9 100644 (file)
--- a/client/scripts/formatMifare.lua
+++ b/client/scripts/formatMifare.lua
@@ -90,8 +90,10 @@ function GetCardInfo()
        elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k\r
                -- MIFARE Classic mini offers 320 bytes split into five sectors.\r
                numSectors = 5\r
-       elseif  0x10 == result.sak then-- "NXP MIFARE Plus 2k"\r
+       elseif  0x10 == result.sak then -- NXP MIFARE Plus 2k\r
                numSectors = 32\r
+       elseif  0x01 == sak then        -- NXP MIFARE TNP3xxx 1K\r
+               numSectors = 16\r
        else\r
                print("I don't know how many sectors there are on this type of card, defaulting to 16")\r
        end     \r

diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua
index 8d0d358fa72590936992ac147dff9cab4c55d015..eb98ffbf753809d64188a47448286e5760735498 100644 (file)
--- a/client/scripts/mifare_autopwn.lua
+++ b/client/scripts/mifare_autopwn.lua
@@ -133,6 +133,8 @@ function nested(key,sak)
                typ = 0
        elseif  0x10 == sak then-- "NXP MIFARE Plus 2k"
                typ = 2
+       elseif  0x01 == sak then-- "NXP MIFARE TNP3xxx 1K"
+               typ = 1
        else
                print("I don't know how many sectors there are on this type of card, defaulting to 16")
        end

diff --git a/include/at91sam7s512.h b/include/at91sam7s512.h
index 5be13622336448edb7bea32d11239d1f7d8efdb6..2cdcbce3873b09ed6fea4f7bf6c4c5632f1c0b6e 100644 (file)
--- a/include/at91sam7s512.h
+++ b/include/at91sam7s512.h
@@ -428,7 +428,7 @@ typedef struct _AT91S_PIO {
 #define PIO_PDR         (AT91_CAST(AT91_REG *)         0x00000004) // (PIO_PDR) PIO Disable Register
 #define PIO_PSR         (AT91_CAST(AT91_REG *)         0x00000008) // (PIO_PSR) PIO Status Register
 #define PIO_OER         (AT91_CAST(AT91_REG *)         0x00000010) // (PIO_OER) Output Enable Register
-#define PIO_ODR         (AT91_CAST(AT91_REG *)         0x00000014) // (PIO_ODR) Output Disable Registerr
+#define PIO_ODR         (AT91_CAST(AT91_REG *)         0x00000014) // (PIO_ODR) Output Disable Register
 #define PIO_OSR         (AT91_CAST(AT91_REG *)         0x00000018) // (PIO_OSR) Output Status Register
 #define PIO_IFER        (AT91_CAST(AT91_REG *)         0x00000020) // (PIO_IFER) Input Filter Enable Register
 #define PIO_IFDR        (AT91_CAST(AT91_REG *)         0x00000024) // (PIO_IFDR) Input Filter Disable Register

diff --git a/include/proxmark3.h b/include/proxmark3.h
index 8c9417da5e26d8d45fbc170af70c1f3e769fafd3..b3530c64f2ae22b920458e05e4f483340b1baac4 100644 (file)
--- a/include/proxmark3.h
+++ b/include/proxmark3.h
@@ -14,6 +14,7 @@
 // Might as well have the hardware-specific defines everywhere.
 #include "at91sam7s512.h"
 #include "config_gpio.h"
+#include "usb_cmd.h"
 
 #define WDT_HIT()                                                              AT91C_BASE_WDTC->WDTC_WDCR = 0xa5000001
 
@@ -67,8 +68,6 @@
 #define TRUE 1
 #define FALSE 0
 
-#include <usb_cmd.h>
-
 //#define PACKED __attribute__((__packed__))
 
 #define LED_A_ON()             HIGH(GPIO_LED_A)

diff --git a/include/usb_cmd.h b/include/usb_cmd.h
index 4d50de5941537c465e0237527099b6debcc6887e..69c3c1b6a0920a388650265a892e281b9e348977 100644 (file)
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@@ -81,7 +81,7 @@ typedef struct {
 #define CMD_EM4X_WRITE_WORD                                               0x0219
 #define CMD_IO_DEMOD_FSK                                                  0x021A
 #define CMD_IO_CLONE_TAG                                                  0x021B
-#define CMD_EM410X_DEMOD                                                                                                                                                                                               0x021C
+#define CMD_EM410X_DEMOD                                                                                                 0x021c
 
 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
 
@@ -137,8 +137,11 @@ typedef struct {
 #define CMD_MIFARE_EML_MEMSET                                             0x0602
 #define CMD_MIFARE_EML_MEMGET                                             0x0603
 #define CMD_MIFARE_EML_CARDLOAD                                           0x0604
-#define CMD_MIFARE_EML_CSETBLOCK                                          0x0605
-#define CMD_MIFARE_EML_CGETBLOCK                                          0x0606
+
+// magic chinese card commands
+#define CMD_MIFARE_CSETBLOCK                                              0x0605
+#define CMD_MIFARE_CGETBLOCK                                              0x0606
+#define CMD_MIFARE_CIDENT                                                 0x0607
 
 #define CMD_SIMULATE_MIFARE_CARD                                          0x0610
 
@@ -150,11 +153,25 @@ typedef struct {
 #define CMD_MIFARE_READSC                                                 0x0621
 #define CMD_MIFAREU_READCARD                                             0x0721
 #define CMD_MIFARE_WRITEBL                                                0x0622
-#define CMD_MIFAREU_WRITEBL_COMPAT                                       0x0722
-#define CMD_MIFAREU_WRITEBL                                              0x0723
+#define CMD_MIFAREU_WRITEBL                                                                      0x0722
+#define CMD_MIFAREU_WRITEBL_COMPAT                                                           0x0723
+
 #define CMD_MIFARE_CHKKEYS                                                0x0623
 
 #define CMD_MIFARE_SNIFFER                                                0x0630
+//ultralightC
+#define CMD_MIFAREUC_AUTH1                                                                       0x0724
+#define CMD_MIFAREUC_AUTH2                                                                       0x0725
+#define CMD_MIFAREUC_READCARD                                                                0x0726
+
+// mifare desfire
+#define CMD_MIFARE_DESFIRE_READBL                                         0x0728
+#define CMD_MIFARE_DESFIRE_WRITEBL                                        0x0729
+#define CMD_MIFARE_DESFIRE_AUTH1                                          0x072a
+#define CMD_MIFARE_DESFIRE_AUTH2                                          0x072b
+#define CMD_MIFARE_DES_READER                                             0x072c
+#define CMD_MIFARE_DESFIRE_INFO                                           0x072d
+#define CMD_MIFARE_DESFIRE                                                0x072e
 
 #define CMD_UNKNOWN                                                       0xFFFF