From: Frederik Möllers <frederikmoellers@posteo.de>
Date: Mon, 6 Jul 2015 16:01:34 +0000 (+0200)
Subject: ISO 14443 type B support for EPA functionality
X-Git-Tag: v2.3.0~38^2~2
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/4be2708381b07e36c4ced1393c99ef845aec90f7?ds=sidebyside
ISO 14443 type B support for EPA functionality
Added iso14443b_setup and iso14443b_apdu for general setup and
communication with ISO 14443 type B tags.
Updated EPA (German electronic ID card) functionality to support both
card types.
---
diff --git a/armsrc/epa.c b/armsrc/epa.c
index 6bd8692e..50c7d878 100644
--- a/armsrc/epa.c
+++ b/armsrc/epa.c
@@ -12,10 +12,11 @@
//-----------------------------------------------------------------------------
#include "iso14443a.h"
+#include "iso14443b.h"
#include "epa.h"
#include "cmd.h"
-// Protocol and Parameter Selection Request
+// Protocol and Parameter Selection Request for ISO 14443 type A cards
// use regular (1x) speed in both directions
// CRC is already included
static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
@@ -100,6 +101,28 @@ static struct {
// lengths of the replay APDUs
static uint8_t apdu_lengths_replay[5];
+// type of card (ISO 14443 A or B)
+static char iso_type = 0;
+
+//-----------------------------------------------------------------------------
+// Wrapper for sending APDUs to type A and B cards
+//-----------------------------------------------------------------------------
+int EPA_APDU(uint8_t *apdu, size_t length, uint8_t *response)
+{
+ switch(iso_type)
+ {
+ case 'a':
+ return iso14_apdu(apdu, (uint16_t) length, response);
+ break;
+ case 'b':
+ return iso14443b_apdu(apdu, length, response);
+ break;
+ default:
+ return 0;
+ break;
+ }
+}
+
//-----------------------------------------------------------------------------
// Closes the communication channel and turns off the field
//-----------------------------------------------------------------------------
@@ -107,6 +130,7 @@ void EPA_Finish()
{
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
+ iso_type = 0;
}
//-----------------------------------------------------------------------------
@@ -204,26 +228,26 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
int rapdu_length = 0;
// select the file EF.CardAccess
- rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
+ rapdu_length = EPA_APDU((uint8_t *)apdu_select_binary_cardaccess,
sizeof(apdu_select_binary_cardaccess),
response_apdu);
- if (rapdu_length != 6
+ if (rapdu_length < 6
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
- Dbprintf("epa - no select cardaccess");
+ DbpString("Failed to select EF.CardAccess!");
return -1;
}
// read the file
- rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
+ rapdu_length = EPA_APDU((uint8_t *)apdu_read_binary,
sizeof(apdu_read_binary),
response_apdu);
if (rapdu_length <= 6
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
- Dbprintf("epa - no read cardaccess");
+ Dbprintf("Failed to read EF.CardAccess!");
return -1;
}
@@ -338,7 +362,7 @@ int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
// send it
uint8_t response_apdu[262];
- int send_return = iso14_apdu(apdu,
+ int send_return = EPA_APDU(apdu,
sizeof(apdu),
response_apdu);
// check if the command succeeded
@@ -409,7 +433,7 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
apdu[4] = apdu_length - 5;
// send it
uint8_t response_apdu[6];
- int send_return = iso14_apdu(apdu,
+ int send_return = EPA_APDU(apdu,
apdu_length,
response_apdu);
// check if the command succeeded
@@ -460,16 +484,13 @@ void EPA_PACE_Replay(UsbCommand *c)
return;
}
- // increase the timeout (at least some cards really do need this!)/////////////
- // iso14a_set_timeout(0x0003FFFF);
-
// response APDU
uint8_t response_apdu[300] = {0};
// now replay the data and measure the timings
for (int i = 0; i < sizeof(apdu_lengths_replay); i++) {
StartCountUS();
- func_return = iso14_apdu(apdus_replay[i].data,
+ func_return = EPA_APDU(apdus_replay[i].data,
apdu_lengths_replay[i],
response_apdu);
timings[i] = GetCountUS();
@@ -501,18 +522,33 @@ int EPA_Setup()
uint8_t pps_response_par[1];
iso14a_card_select_t card_select_info;
+ // first, look for type A cards
// power up the field
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
// select the card
return_code = iso14443a_select_card(uid, &card_select_info, NULL);
- if (return_code != 1) {
- return 1;
+ if (return_code == 1) {
+ // send the PPS request
+ ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
+ return_code = ReaderReceive(pps_response, pps_response_par);
+ if (return_code != 3 || pps_response[0] != 0xD0) {
+ return return_code == 0 ? 2 : return_code;
+ }
+ Dbprintf("ISO 14443 Type A");
+ iso_type = 'a';
+ return 0;
}
- // send the PPS request
- ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
- return_code = ReaderReceive(pps_response, pps_response_par);
- if (return_code != 3 || pps_response[0] != 0xD0) {
- return return_code == 0 ? 2 : return_code;
+
+ // if we're here, there is no type A card, so we look for type B
+ // power up the field
+ iso14443b_setup();
+ // select the card
+ return_code = iso14443b_select_card();
+ if (return_code == 1) {
+ Dbprintf("ISO 14443 Type B");
+ iso_type = 'b';
+ return 0;
}
- return 0;
+ Dbprintf("No card found.");
+ return 1;
}
diff --git a/armsrc/epa.h b/armsrc/epa.h
index 0c580205..d2ebed57 100644
--- a/armsrc/epa.h
+++ b/armsrc/epa.h
@@ -19,7 +19,7 @@ typedef struct {
uint8_t parameter_id;
} pace_version_info_t;
-// note: EPA_PACE_Collect_Nonce is declared in apps.h
+// note: EPA_PACE_Collect_Nonce and EPA_PACE_Replay are declared in apps.h
// general functions
void EPA_Finish();
diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c
index 1b5e07e1..f8e6046c 100644
--- a/armsrc/iso14443b.c
+++ b/armsrc/iso14443b.c
@@ -19,6 +19,9 @@
#define RECEIVE_SAMPLES_TIMEOUT 2000
#define ISO14443B_DMA_BUFFER_SIZE 256
+// PCB Block number for APDUs
+static uint8_t pcb_blocknum = 0;
+
//=============================================================================
// An ISO 14443 Type B tag. We listen for commands from the reader, using
// a UART kind of thing that's implemented in software. When we get a
@@ -896,6 +899,98 @@ static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len)
}
}
+/* Sends an APDU to the tag
+ * TODO: check CRC and preamble
+ */
+int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response)
+{
+ uint8_t message_frame[message_length + 4];
+ // PCB
+ message_frame[0] = 0x0A | pcb_blocknum;
+ pcb_blocknum ^= 1;
+ // CID
+ message_frame[1] = 0;
+ // INF
+ memcpy(message_frame + 2, message, message_length);
+ // EDC (CRC)
+ ComputeCrc14443(CRC_14443_B, message_frame, message_length + 2, &message_frame[message_length + 2], &message_frame[message_length + 3]);
+ // send
+ CodeAndTransmit14443bAsReader(message_frame, message_length + 4);
+ // get response
+ GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT*100, TRUE);
+ if(Demod.len < 3)
+ {
+ return 0;
+ }
+ // TODO: Check CRC
+ // copy response contents
+ if(response != NULL)
+ {
+ memcpy(response, Demod.output, Demod.len);
+ }
+ return Demod.len;
+}
+
+/* Perform the ISO 14443 B Card Selection procedure
+ * Currently does NOT do any collision handling.
+ * It expects 0-1 cards in the device's range.
+ * TODO: Support multiple cards (perform anticollision)
+ * TODO: Verify CRC checksums
+ */
+int iso14443b_select_card()
+{
+ // WUPB command (including CRC)
+ // Note: WUPB wakes up all tags, REQB doesn't wake up tags in HALT state
+ static const uint8_t wupb[] = { 0x05, 0x00, 0x08, 0x39, 0x73 };
+ // ATTRIB command (with space for CRC)
+ uint8_t attrib[] = { 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00};
+
+ // first, wake up the tag
+ CodeAndTransmit14443bAsReader(wupb, sizeof(wupb));
+ GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, TRUE);
+ // ATQB too short?
+ if (Demod.len < 14)
+ {
+ return 2;
+ }
+
+ // select the tag
+ // copy the PUPI to ATTRIB
+ memcpy(attrib + 1, Demod.output + 1, 4);
+ /* copy the protocol info from ATQB (Protocol Info -> Protocol_Type) into
+ ATTRIB (Param 3) */
+ attrib[7] = Demod.output[10] & 0x0F;
+ ComputeCrc14443(CRC_14443_B, attrib, 9, attrib + 9, attrib + 10);
+ CodeAndTransmit14443bAsReader(attrib, sizeof(attrib));
+ GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, TRUE);
+ // Answer to ATTRIB too short?
+ if(Demod.len < 3)
+ {
+ return 2;
+ }
+ // reset PCB block number
+ pcb_blocknum = 0;
+ return 1;
+}
+
+// Set up ISO 14443 Type B communication (similar to iso14443a_setup)
+void iso14443b_setup() {
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ // Set up the synchronous serial port
+ FpgaSetupSsc();
+ // connect Demodulated Signal to ADC:
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+
+ // Signal field is on with the appropriate LED
+ LED_D_ON();
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD);
+
+ // Start the timer
+ StartCountSspClk();
+
+ DemodReset();
+ UartReset();
+}
//-----------------------------------------------------------------------------
// Read a SRI512 ISO 14443B tag.
diff --git a/armsrc/iso14443b.h b/armsrc/iso14443b.h
new file mode 100644
index 00000000..f90c54f3
--- /dev/null
+++ b/armsrc/iso14443b.h
@@ -0,0 +1,21 @@
+//-----------------------------------------------------------------------------
+// Merlok - June 2011
+// Gerhard de Koning Gans - May 2008
+// Hagen Fritsch - June 2010
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Routines to support ISO 14443 type A.
+//-----------------------------------------------------------------------------
+
+#ifndef __ISO14443B_H
+#define __ISO14443B_H
+#include "common.h"
+
+int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);
+void iso14443b_setup();
+int iso14443b_select_card();
+
+#endif /* __ISO14443B_H */