From 34e2af02a4a2837135a855111bfd7e2561fc6b83 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Fri, 23 Jun 2017 13:50:25 -0400 Subject: [PATCH] bug fix for hf iclass reader and iclass detection memory locations in code are now accurate and the CC output is not corrupted by the config's crc. also the looping and flags for what to read are now correctly implemented in the code. --- armsrc/iclass.c | 41 ++++++++++++++++++++++++----------------- client/cmdhficlass.c | 29 +++++++++++++---------------- 2 files changed, 37 insertions(+), 33 deletions(-) diff --git a/armsrc/iclass.c b/armsrc/iclass.c index eb5a5a79..f69d0be2 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -1661,7 +1661,7 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) //Flag that we got to at least stage 1, read CSN read_status = 1; - // Card selected, now read e-purse (cc) + // Card selected, now read e-purse (cc) (only 8 bytes no CRC) ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); if(ReaderReceiveIClass(resp) == 8) { //Save CC (e-purse) in response data @@ -1682,21 +1682,28 @@ void ReaderIClass(uint8_t arg0) { uint8_t card_data[6 * 8]={0}; memset(card_data, 0xFF, sizeof(card_data)); uint8_t last_csn[8]={0}; - + uint8_t resp[ICLASS_BUFFER_SIZE]; + memset(resp, 0xFF, sizeof(resp)); //Read conf block CRC(0x01) => 0xfa 0x22 uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22}; - //Read conf block CRC(0x05) => 0xde 0x64 + //Read App Issuer Area block CRC(0x05) => 0xde 0x64 uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64}; - int read_status= 0; uint8_t result_status = 0; + // flag to read until one tag is found successfully bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE; + // flag to only try 5 times to find one tag then return bool try_once = arg0 & FLAG_ICLASS_READER_ONE_TRY; - bool use_credit_key = false; - if (arg0 & FLAG_ICLASS_READER_CEDITKEY) - use_credit_key = true; - set_tracing(TRUE); + // if neither abort_after_read nor try_once then continue reading until button pressed. + + bool use_credit_key = arg0 & FLAG_ICLASS_READER_CEDITKEY; + // test flags for what blocks to be sure to read + uint8_t flagReadConfig = arg0 & FLAG_ICLASS_READER_CONF; + uint8_t flagReadCC = arg0 & FLAG_ICLASS_READER_CC; + uint8_t flagReadAA = arg0 & FLAG_ICLASS_READER_AA; + + set_tracing(true); setupIclassReader(); uint16_t tryCnt=0; @@ -1721,21 +1728,22 @@ void ReaderIClass(uint8_t arg0) { // moving CC forward 8 bytes memcpy(card_data+16,card_data+8, 8); //Read block 1, config - if(arg0 & FLAG_ICLASS_READER_CONF) - { - if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10)) + if(flagReadConfig) { + if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf), resp, 10, 10)) { result_status |= FLAG_ICLASS_READER_CONF; + memcpy(card_data+8, resp, 8); } else { Dbprintf("Failed to dump config block"); } } //Read block 5, AA - if(arg0 & FLAG_ICLASS_READER_AA){ - if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10)) + if(flagReadAA) { + if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA), resp, 10, 10)) { result_status |= FLAG_ICLASS_READER_AA; + memcpy(card_data+(8*5), resp, 8); } else { //Dbprintf("Failed to dump AA block"); } @@ -1747,16 +1755,15 @@ void ReaderIClass(uint8_t arg0) { // (3,4 write-only, kc and kd) // 5 Application issuer area // - //Then we can 'ship' back the 8 * 5 bytes of data, + //Then we can 'ship' back the 8 * 6 bytes of data, // with 0xFF:s in block 3 and 4. LED_B_ON(); //Send back to client, but don't bother if we already sent this if(memcmp(last_csn, card_data, 8) != 0) { - // If caller requires that we get CC, continue until we got it - if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC)) - { + // If caller requires that we get Conf, CC, AA, continue until we got it + if( (result_status ^ FLAG_ICLASS_READER_CSN ^ flagReadConfig ^ flagReadCC ^ flagReadAA) == 0) { cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data)); if(abort_after_read) { LED_A_OFF(); diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 55dd555a..05ca39e4 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -180,10 +180,10 @@ int CmdHFiClassSim(const char *Cmd) { int HFiClassReader(const char *Cmd, bool loop, bool verbose) { bool tagFound = false; - UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN| - FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_AA}}; + UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN | + FLAG_ICLASS_READER_CC | FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_AA | + FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY } }; // loop in client not device - else on windows have a communication error - c.arg[0] |= FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY; UsbCommand resp; while(!ukbhit()){ SendCommand(&c); @@ -191,27 +191,24 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose) { uint8_t readStatus = resp.arg[0] & 0xff; uint8_t *data = resp.d.asBytes; - if (verbose) - PrintAndLog("Readstatus:%02x", readStatus); - if( readStatus == 0){ - //Aborted - if (verbose) PrintAndLog("Quitting..."); - return 0; - } - if( readStatus & FLAG_ICLASS_READER_CSN){ + // no tag found + if( readStatus == 0) continue; + + if( readStatus & FLAG_ICLASS_READER_CSN) { PrintAndLog(" CSN: %s",sprint_hex(data,8)); tagFound = true; } - if( readStatus & FLAG_ICLASS_READER_CC) PrintAndLog(" CC: %s",sprint_hex(data+16,8)); - if( readStatus & FLAG_ICLASS_READER_CONF){ + if( readStatus & FLAG_ICLASS_READER_CC) { + PrintAndLog(" CC: %s",sprint_hex(data+16,8)); + } + if( readStatus & FLAG_ICLASS_READER_CONF) { printIclassDumpInfo(data); } - //TODO add iclass read block 05 and test iclass type.. if (readStatus & FLAG_ICLASS_READER_AA) { bool legacy = true; - PrintAndLog(" AppIA: %s",sprint_hex(data+8*4,8)); + PrintAndLog(" AppIA: %s",sprint_hex(data+8*5,8)); for (int i = 0; i<8; i++) { - if (data[8*4+i] != 0xFF) { + if (data[8*5+i] != 0xFF) { legacy = false; } } -- 2.39.5