From: marshmellow42 Date: Tue, 21 Jul 2015 01:26:35 +0000 (-0400) Subject: Merge remote-tracking branch 'upstream/master' into iclass X-Git-Tag: v2.3.0~22^2~11 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/6b659d2406c776790483f2029ee95bdf22b6e659?ds=sidebyside;hp=-c Merge remote-tracking branch 'upstream/master' into iclass --- 6b659d2406c776790483f2029ee95bdf22b6e659 diff --combined armsrc/appmain.c index 906379a7,7aa353b2..3c22fbb1 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@@ -29,6 -29,11 +29,11 @@@ #include "LCD.h" #endif + // Craig Young - 14a stand-alone code + #ifdef WITH_ISO14443a_StandAlone + #include "iso14443a.h" + #endif + #define abs(x) ( ((x)<0) ? -(x) : (x) ) //============================================================================= @@@ -293,18 -298,13 +298,13 @@@ void SendVersion(void cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString)); } - #ifdef WITH_LF - // samy's sniff and repeat routine - void SamyRun() - { - DbpString("Stand-alone mode! No PC necessary."); - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + #if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF) - // 3 possible options? no just 2 for now #define OPTS 2 - int high[OPTS], low[OPTS]; - + void StandAloneMode() + { + DbpString("Stand-alone mode! No PC necessary."); // Oooh pretty -- notify user we're in elite samy mode now LED(LED_RED, 200); LED(LED_ORANGE, 200); @@@ -316,6 -316,216 +316,216 @@@ LED(LED_ORANGE, 200); LED(LED_RED, 200); + } + + #endif + + + + #ifdef WITH_ISO14443a_StandAlone + void StandAloneMode14a() + { + StandAloneMode(); + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + + int selected = 0; + int playing = 0; + int cardRead[OPTS] = {0}; + uint8_t readUID[10] = {0}; + uint32_t uid_1st[OPTS]={0}; + uint32_t uid_2nd[OPTS]={0}; + + LED(selected + 1, 0); + + for (;;) + { + usb_poll(); + WDT_HIT(); + + // Was our button held down or pressed? + int button_pressed = BUTTON_HELD(1000); + SpinDelay(300); + + // Button was held for a second, begin recording + if (button_pressed > 0 && cardRead[selected] == 0) + { + LEDsoff(); + LED(selected + 1, 0); + LED(LED_RED2, 0); + + // record + Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected); + + // wait for button to be released + while(BUTTON_PRESS()) + WDT_HIT(); + /* need this delay to prevent catching some weird data */ + SpinDelay(500); + /* Code for reading from 14a tag */ + uint8_t uid[10] ={0}; + uint32_t cuid; + iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); + + for ( ; ; ) + { + WDT_HIT(); + if (!iso14443a_select_card(uid, NULL, &cuid)) + continue; + else + { + Dbprintf("Read UID:"); Dbhexdump(10,uid,0); + memcpy(readUID,uid,10*sizeof(uint8_t)); + uint8_t *dst = (uint8_t *)&uid_1st[selected]; + // Set UID byte order + for (int i=0; i<4; i++) + dst[i] = uid[3-i]; + dst = (uint8_t *)&uid_2nd[selected]; + for (int i=0; i<4; i++) + dst[i] = uid[7-i]; + break; + } + } + LEDsoff(); + LED(LED_GREEN, 200); + LED(LED_ORANGE, 200); + LED(LED_GREEN, 200); + LED(LED_ORANGE, 200); + + LEDsoff(); + LED(selected + 1, 0); + // Finished recording + + // If we were previously playing, set playing off + // so next button push begins playing what we recorded + playing = 0; + + cardRead[selected] = 1; + + } + /* MF UID clone */ + else if (button_pressed > 0 && cardRead[selected] == 1) + { + LEDsoff(); + LED(selected + 1, 0); + LED(LED_ORANGE, 250); + + + // record + Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]); + + // wait for button to be released + while(BUTTON_PRESS()) + { + // Delay cloning until card is in place + WDT_HIT(); + } + Dbprintf("Starting clone. [Bank: %u]", selected); + // need this delay to prevent catching some weird data + SpinDelay(500); + // Begin clone function here: + /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards: + UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}}; + memcpy(c.d.asBytes, data, 16); + SendCommand(&c); + + Block read is similar: + UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}}; + We need to imitate that call with blockNo 0 to set a uid. + + The get and set commands are handled in this file: + // Work with "magic Chinese" card + case CMD_MIFARE_CSETBLOCK: + MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; + case CMD_MIFARE_CGETBLOCK: + MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + // + break; + + mfCSetUID provides example logic for UID set workflow: + -Read block0 from card in field with MifareCGetBlock() + -Configure new values without replacing reserved bytes + memcpy(block0, uid, 4); // Copy UID bytes from byte array + // Mifare UID BCC + block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5 + Bytes 5-7 are reserved SAK and ATQA for mifare classic + -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it + */ + uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0}; + // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo + MifareCGetBlock(0x1F, 1, 0, oldBlock0); + Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]); + memcpy(newBlock0,oldBlock0,16); + // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic) + + newBlock0[0] = uid_1st[selected]>>24; + newBlock0[1] = 0xFF & (uid_1st[selected]>>16); + newBlock0[2] = 0xFF & (uid_1st[selected]>>8); + newBlock0[3] = 0xFF & (uid_1st[selected]); + newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3]; + // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain + MifareCSetBlock(0, 0xFF,0, newBlock0); + MifareCGetBlock(0x1F, 1, 0, testBlock0); + if (memcmp(testBlock0,newBlock0,16)==0) + { + DbpString("Cloned successfull!"); + cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it + } + LEDsoff(); + LED(selected + 1, 0); + // Finished recording + + // If we were previously playing, set playing off + // so next button push begins playing what we recorded + playing = 0; + + } + // Change where to record (or begin playing) + else if (button_pressed && cardRead[selected]) + { + // Next option if we were previously playing + if (playing) + selected = (selected + 1) % OPTS; + playing = !playing; + + LEDsoff(); + LED(selected + 1, 0); + + // Begin transmitting + if (playing) + { + LED(LED_GREEN, 0); + DbpString("Playing"); + while (!BUTTON_HELD(500)) { // Loop simulating tag until the button is held a half-sec + Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected); + SimulateIso14443aTag(1,uid_1st[selected],uid_2nd[selected],NULL); + } + //cardRead[selected] = 1; + Dbprintf("Done playing [Bank: %u]",selected); + + /* We pressed a button so ignore it here with a delay */ + SpinDelay(300); + + // when done, we're done playing, move to next option + selected = (selected + 1) % OPTS; + playing = !playing; + LEDsoff(); + LED(selected + 1, 0); + } + else + while(BUTTON_PRESS()) + WDT_HIT(); + } + } + } + #elif WITH_LF + // samy's sniff and repeat routine + void SamyRun() + { + StandAloneMode(); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + + int high[OPTS], low[OPTS]; int selected = 0; int playing = 0; int cardRead = 0; @@@ -326,7 -536,7 +536,7 @@@ for (;;) { usb_poll(); - WDT_HIT(); + WDT_HIT(); // Was our button held down or pressed? int button_pressed = BUTTON_HELD(1000); @@@ -439,8 -649,8 +649,8 @@@ } } } - #endif + #endif /* OBJECTIVE Listen and detect an external reader. Determine the best location @@@ -667,6 -877,7 +877,7 @@@ void UsbPacketReceived(uint8_t *packet break; case CMD_T55XX_WRITE_BLOCK: T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); + cmd_send(CMD_ACK,0,0,0,0,0); break; case CMD_T55XX_READ_TRACE: T55xxReadTrace(); @@@ -681,6 -892,9 +892,9 @@@ case CMD_EM4X_WRITE_WORD: EM4xWriteWord(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); break; + case CMD_AWID_DEMOD_FSK: // Set realtime AWID demodulation + CmdAWIDdemodFSK(c->arg[0], 0, 0, 1); + break; #endif #ifdef WITH_HITAG @@@ -860,26 -1074,11 +1074,26 @@@ ReaderIClass(c->arg[0]); break; case CMD_READER_ICLASS_REPLAY: - ReaderIClass_Replay(c->arg[0], c->d.asBytes); + ReaderIClass_Replay(c->arg[0], c->d.asBytes); break; - case CMD_ICLASS_EML_MEMSET: + case CMD_ICLASS_EML_MEMSET: emlSet(c->d.asBytes,c->arg[0], c->arg[1]); break; + case CMD_ICLASS_WRITEBLOCK: + iClass_WriteBlock(c->arg[0], c->arg[1], c->d.asBytes); + break; + case CMD_ICLASS_READBLOCK: + iClass_ReadBlk(c->arg[0], c->arg[1]); + break; + case CMD_ICLASS_AUTHENTICATION: + iClass_Authentication(c->d.asBytes); + break; + case CMD_ICLASS_DUMP: + iClass_Dump(c->arg[0], c->arg[1], c->arg[2]); + break; + case CMD_ICLASS_CLONE: + iClass_Clone(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes); + break; #endif case CMD_BUFF_CLEAR: @@@ -1043,8 -1242,16 +1257,16 @@@ void __attribute__((noreturn)) AppMain WDT_HIT(); #ifdef WITH_LF + #ifndef WITH_ISO14443a_StandAlone if (BUTTON_HELD(1000) > 0) SamyRun(); + #endif + #endif + #ifdef WITH_ISO14443a + #ifdef WITH_ISO14443a_StandAlone + if (BUTTON_HELD(1000) > 0) + StandAloneMode14a(); + #endif #endif } } diff --combined armsrc/apps.h index e8b43e9b,b5638ee1..868df266 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@@ -69,6 -69,7 +69,7 @@@ void CmdFSKsimTAG(uint16_t arg1, uint16 void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream); void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol); + void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol); // Realtime demodulation mode for AWID26 void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol); void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol); void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an ioProx card to T5557/T5567 @@@ -149,6 -150,9 +150,6 @@@ void OnSuccess() void OnError(uint8_t reason); - - - /// iso15693.h void RecordRawAdcSamplesIso15693(void); void AcquireRawAdcSamplesIso15693(void); @@@ -164,12 -168,6 +165,12 @@@ void SimulateIClass(uint32_t arg0, uint void ReaderIClass(uint8_t arg0); void ReaderIClass_Replay(uint8_t arg0,uint8_t *MAC); void IClass_iso14443A_GetPublic(uint8_t arg0); +void iClass_Authentication(uint8_t *MAC); +void iClass_WriteBlock(uint8_t blockNo, uint8_t keyType, uint8_t *data); +void iClass_ReadBlk(uint8_t blockNo, uint8_t keyType); +bool iClass_ReadBlock(uint8_t blockNo, uint8_t keyType, uint8_t *readdata); +void iClass_Dump(uint8_t blockno, uint8_t numblks, uint8_t keyType); +void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t keyType, uint8_t *data); // hitag2.h void SnoopHitag(uint32_t type); diff --combined client/cmdlf.c index 21b19b09,4c682a76..edf6c3a9 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@@ -22,6 -22,7 +22,7 @@@ #include "util.h" #include "cmdlf.h" #include "cmdlfhid.h" + #include "cmdlfawid.h" #include "cmdlfti.h" #include "cmdlfem4x.h" #include "cmdlfhitag.h" @@@ -1130,13 -1131,14 +1131,14 @@@ static command_t CommandTable[] {"config", CmdLFSetConfig, 0, "Set config for LF sampling, bit/sample, decimation, frequency"}, {"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"}, {"hid", CmdLFHID, 1, "{ HID RFIDs... }"}, + {"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"}, {"io", CmdLFIO, 1, "{ ioProx tags... }"}, {"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"}, {"indalaclone", CmdIndalaClone, 0, " ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"}, {"read", CmdLFRead, 0, "['s' silent] Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"}, {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, - {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, + {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [biphase/manchester/raw <'b'|'m'|'r'>] [msg separator 's'] [d ] -- Simulate LF ASK tag from demodbuffer or input"}, {"simfsk", CmdLFfskSim, 0, "[c ] [i] [H ] [L ] [d ] -- Simulate LF FSK tag from demodbuffer or input"}, {"simpsk", CmdLFpskSim, 0, "[1|2|3] [c ] [i] [r ] [d ] -- Simulate LF PSK tag from demodbuffer or input"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, diff --combined client/hid-flasher/usb_cmd.h index cc415352,f4013bab..e9474a77 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@@ -84,6 -84,7 +84,7 @@@ typedef struct #define CMD_FSK_SIM_TAG 0x021E #define CMD_ASK_SIM_TAG 0x021F #define CMD_PSK_SIM_TAG 0x0220 + #define CMD_AWID_DEMOD_FSK 0x0221 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ @@@ -114,16 -115,9 +115,16 @@@ #define CMD_WRITER_LEGIC_RF 0x0389 #define CMD_EPA_PACE_COLLECT_NONCE 0x038A +#define CMD_ICLASS_CLONE 0x0390 +#define CMD_ICLASS_DUMP 0x0391 #define CMD_SNOOP_ICLASS 0x0392 #define CMD_SIMULATE_TAG_ICLASS 0x0393 #define CMD_READER_ICLASS 0x0394 +#define CMD_READER_ICLASS_REPLAY 0x0395 +#define CMD_ICLASS_READBLOCK 0x0396 +#define CMD_ICLASS_WRITEBLOCK 0x0397 +#define CMD_ICLASS_EML_MEMSET 0x0398 +#define CMD_ICLASS_AUTHENTICATION 0x0399 // For measurements of the antenna tuning #define CMD_MEASURE_ANTENNA_TUNING 0x0400 diff --combined client/lualibs/commands.lua index 97f0b70a,127508e6..dab2e630 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@@ -54,6 -54,7 +54,7 @@@ local _commands = CMD_FSK_SIM_TAG = 0x021E, CMD_ASK_SIM_TAG = 0x021F, CMD_PSK_SIM_TAG = 0x0220, + CMD_AWID_DEMOD_FSK = 0x0221, --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ @@@ -86,16 -87,11 +87,16 @@@ CMD_EPA_PACE_COLLECT_NONCE = 0x038A, --//CMD_EPA_ = 0x038B, + CMD_ICLASS_CLONE = 0x0390, + CMD_ICLASS_DUMP = 0x0391, CMD_SNOOP_ICLASS = 0x0392, CMD_SIMULATE_TAG_ICLASS = 0x0393, CMD_READER_ICLASS = 0x0394, - CMD_READER_ICLASS_REPLAY = 0x0395, - CMD_ICLASS_ISO14443A_WRITE = 0x0397, + CMD_READER_ICLASS_REPLAY = 0x0395, + CMD_ICLASS_READBLOCK = 0x0396, + CMD_ICLASS_WRITEBLOCK = 0x0397, + CMD_ICLASS_EML_MEMSET = 0x0398, + CMD_ICLASS_AUTHENTICATION = 0x0399, --// For measurements of the antenna tuning CMD_MEASURE_ANTENNA_TUNING = 0x0400, diff --combined include/usb_cmd.h index 2618476a,e45bf35e..ef604102 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@@ -95,6 -95,7 +95,7 @@@ typedef struct #define CMD_FSK_SIM_TAG 0x021E #define CMD_ASK_SIM_TAG 0x021F #define CMD_PSK_SIM_TAG 0x0220 + #define CMD_AWID_DEMOD_FSK 0x0221 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ @@@ -128,16 -129,12 +129,16 @@@ #define CMD_EPA_PACE_COLLECT_NONCE 0x038A #define CMD_EPA_PACE_REPLAY 0x038B +#define CMD_ICLASS_CLONE 0x0390 +#define CMD_ICLASS_DUMP 0x0391 #define CMD_SNOOP_ICLASS 0x0392 #define CMD_SIMULATE_TAG_ICLASS 0x0393 #define CMD_READER_ICLASS 0x0394 #define CMD_READER_ICLASS_REPLAY 0x0395 -#define CMD_ICLASS_ISO14443A_WRITE 0x0397 +#define CMD_ICLASS_READBLOCK 0x0396 +#define CMD_ICLASS_WRITEBLOCK 0x0397 #define CMD_ICLASS_EML_MEMSET 0x0398 +#define CMD_ICLASS_AUTHENTICATION 0x0399 // For measurements of the antenna tuning #define CMD_MEASURE_ANTENNA_TUNING 0x0400 @@@ -208,7 -205,6 +209,7 @@@ #define FLAG_ICLASS_READER_CONF 0x08 #define FLAG_ICLASS_READER_AA 0x10 #define FLAG_ICLASS_READER_ONE_TRY 0x20 +#define FLAG_ICLASS_READER_CEDITKEY 0x40