}
// The second response contains the (mandatory) first 24 bits of the UID
-- uint8_t response2[5];
++ uint8_t response2[5] = {0x00};
// Check if the uid uses the (optional) part
-- uint8_t response2a[5];
++ uint8_t response2a[5] = {0x00};
++
if (uid_2nd) {
response2[0] = 0x88;
num_to_bytes(uid_1st,3,response2+1);
response2[4] = response2[0] ^ response2[1] ^ response2[2] ^ response2[3];
// Prepare the mandatory SAK (for 4 and 7 byte UID)
-- uint8_t response3[3];
++ uint8_t response3[3] = {0x00};
response3[0] = sak;
ComputeCrc14443(CRC_14443_A, response3, 1, &response3[1], &response3[2]);
// Prepare the optional second SAK (for 7 byte UID), drop the cascade bit
-- uint8_t response3a[3];
++ uint8_t response3a[3] = {0x00};
response3a[0] = sak & 0xFB;
ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);
if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
Dbprintf("Can't select card");\r
-- OnError(0);\r
++ //OnError(0);\r
return;\r
};\r
\r
if(mifare_ultra_auth1(cuid, dataoutbuf)){\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Authentication part1: Fail.");\r
-- OnError(1);\r
++ //OnError(1);\r
return;\r
}\r
\r
if(mifare_ultra_auth2(cuid, key, dataoutbuf)){\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Authentication part2: Fail...");\r
-- OnError(1);\r
++ //OnError(1);\r
return; \r
}\r
\r
if(!len) {\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Can't select card");\r
-- OnError(1);\r
++ //OnError(1);\r
return;\r
};\r
\r
if(mifare_desfire_des_auth1(cuid, dataout)){\r
if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
Dbprintf("Authentication part1: Fail.");\r
-- OnError(4);\r
++ //OnError(4);\r
return;\r
}\r
\r
if( isOK) {\r
if (MF_DBGLEVEL >= MF_DBG_EXTENDED) \r
Dbprintf("Authentication part2: Failed"); \r
-- OnError(4);\r
++ //OnError(4);\r
return;\r
}\r
\r
cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
--}
++}
emlSetMem((uint8_t *)uid, 0, 1);\r
return;\r
}\r
++\r
++\r
++// Mifare desfire commands\r
++int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)\r
++{\r
++ uint8_t dcmd[5] = {0x00};\r
++ dcmd[0] = cmd;\r
++ memcpy(dcmd+1,data,2);\r
++ AppendCrc14443a(dcmd, 3);\r
++ \r
++ ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r
++ int len = ReaderReceive(answer, answer_parity);\r
++ if(!len) {\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR) \r
++ Dbprintf("Authentication failed. Card timeout.");\r
++ return 1;\r
++ }\r
++ return len;\r
++}\r
++\r
++int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing)\r
++{\r
++ uint8_t dcmd[20] = {0x00};\r
++ dcmd[0] = cmd;\r
++ memcpy(dcmd+1,data,17);\r
++ AppendCrc14443a(dcmd, 18);\r
++\r
++ ReaderTransmit(dcmd, sizeof(dcmd), NULL);\r
++ int len = ReaderReceive(answer, answer_parity);\r
++ if(!len){\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
++ Dbprintf("Authentication failed. Card timeout.");\r
++ return 1;\r
++ }\r
++ return len;\r
++}\r
++\r
++int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){\r
++\r
++ int len;\r
++ // load key, keynumber\r
++ uint8_t data[2]={0x0a, 0x00};\r
++ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
++ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
++ \r
++ len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);\r
++ if (len == 1) {\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
++ Dbprintf("Cmd Error: %02x", receivedAnswer[0]);\r
++ return 1;\r
++ }\r
++ \r
++ if (len == 12) {\r
++ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
++ Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
++ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
++ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
++ receivedAnswer[10],receivedAnswer[11]);\r
++ }\r
++ memcpy(blockData, receivedAnswer, 12);\r
++ return 0;\r
++ }\r
++ return 1;\r
++}\r
++\r
++int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){\r
++\r
++ int len;\r
++ uint8_t data[17] = {0x00};\r
++ data[0] = 0xAF;\r
++ memcpy(data+1,key,16);\r
++ \r
++ uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();\r
++ uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;\r
++ \r
++ len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);\r
++ \r
++ if ((receivedAnswer[0] == 0x03) && (receivedAnswer[1] == 0xae)) {\r
++ if (MF_DBGLEVEL >= MF_DBG_ERROR)\r
++ Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);\r
++ return 1;\r
++ }\r
++ \r
++ if (len == 12){\r
++ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {\r
++ Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",\r
++ receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],\r
++ receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],\r
++ receivedAnswer[10],receivedAnswer[11]);\r
++ }\r
++ memcpy(blockData, receivedAnswer, 12);\r
++ return 0;\r
++ }\r
++ return 1;\r
++}
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid);
int mifare_ultra_halt(uint32_t uid);
\r
++// desfire\r
++int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);\r
++int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing);\r
++int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);\r
++int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);\r
// crypto functions
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);
projects / proxmark3-svn / commitdiff