From 3d93d4f940e3251b3d18dfb1aa0839aa784cd573 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Thu, 18 Sep 2014 14:15:48 +0200
Subject: [PATCH] Add:  simple Application enum. Fix:  Minor overflows found by
 Holiman.

---
 armsrc/mifaredesfire.c |  8 +++----
 client/cmdhfmfdes.c    | 54 ++++++++++++++++++++++++++++++++++++------
 client/cmdhfmfdes.h    |  9 ++++++-
 3 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c
index ee7dc8f3..6660ef75 100644
--- a/armsrc/mifaredesfire.c
+++ b/armsrc/mifaredesfire.c
@@ -71,7 +71,7 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
 		OnError();
 		return;
 	}
-	cmd_send(CMD_ACK,1,0,0,resp,len);
+	cmd_send(CMD_ACK,1,len,0,resp,len);
 	
 
 	OnSuccess();
@@ -279,7 +279,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
 			real_cmd[2] = AUTHENTICATE_AES;
 			real_cmd[3] = keyno;
 			
-			AppendCrc14443a(real_cmd, 2);
+			AppendCrc14443a(real_cmd, 4);
 			ReaderTransmit(real_cmd, sizeof(real_cmd), NULL);
 	
 			int len = ReaderReceive(resp);
@@ -321,7 +321,7 @@ void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno,  uint8_t *datain
 			real_cmd_A[1] = ADDITIONAL_FRAME;
 			
 			memcpy(real_cmd_A+2, encBoth, sizeof(encBoth) );
-			AppendCrc14443a(real_cmd_A, sizeof(real_cmd_A));
+			AppendCrc14443a(real_cmd_A, 34);
 			ReaderTransmit(real_cmd_A, sizeof(real_cmd_A), NULL);
 		
 			len = ReaderReceive(resp);
@@ -514,7 +514,7 @@ int mifare_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
 
 	if (len == 11){
 		if (MF_DBGLEVEL >= 1) {
-			Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+			Dbprintf("Auth2 Resp: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
 					  buffer[0],buffer[1],buffer[2],buffer[3],buffer[4],
 					  buffer[5],buffer[6],buffer[7],buffer[8],buffer[9],
 					  buffer[10]);
diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c
index 5df89d5a..824236be 100644
--- a/client/cmdhfmfdes.c
+++ b/client/cmdhfmfdes.c
@@ -144,7 +144,7 @@ int CmdHF14ADesInfo(const char *Cmd){
 	}
 	uint8_t isOK  = resp.arg[0] & 0xff;
 	if ( !isOK ){
-		PrintAndLog("Command unsuccessfull");
+		PrintAndLog("Command unsuccessful");
 		return 0;
 	}  
 	
@@ -227,10 +227,9 @@ int CmdHF14ADesInfo(const char *Cmd){
 
 	PrintAndLog("     Free memory on card : %d bytes", le24toh( tmp ));
 	PrintAndLog("-------------------------------------------------------------");
+
 	/*
-		Card Master key (CMK)  0x00 on AID = 00 00 00 (card level)
-		0x1
-		
+		Card Master key (CMK)  0x00 on AID = 00 00 00 (card level) 0x1
 		Application Master Key (AMK) 0x00 on AID != 00 00 00
 		Application keys (APK) = 0x01-0x0D
 		Application free = 0x0E
@@ -242,9 +241,6 @@ int CmdHF14ADesInfo(const char *Cmd){
 		keys 8,9,10,11   W
 		keys 12,13,14,15 R
 		
-		KEY Versioning.
-			Se GetKeyVersion (samma nyckel kan ha olika versionen?)
-			
 		Session key:
 			16 : RndA(byte0-byte3) + RndB(byte0-byte3) + RndA(byte4-byte7) + RndB(byte4-byte7)
 			8  : RndA(byte0-byte3) + RndB(byte0-byte3) 
@@ -301,6 +297,50 @@ char * GetProtocolStr(uint8_t id){
 }
 
 int CmdHF14ADesEnumApplications(const char *Cmd){
+	
+	UsbCommand c = {CMD_MIFARE_DESFIRE, { 0x01, 0x01 }};
+	c.d.asBytes[0] = GET_APPLICATION_IDS;
+    SendCommand(&c);
+	UsbCommand resp;
+		
+	if ( !WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
+		return 0;
+	}  
+	
+	uint8_t isOK  = resp.arg[0] & 0xff;
+	if ( !isOK ){
+		PrintAndLog("Command unsuccessful");
+		return 0;
+	} 
+	
+	PrintAndLog("---Desfire Enum Applications --------------------------------");
+	PrintAndLog("-------------------------------------------------------------");
+
+	//UsbCommand respFiles;
+	
+	uint8_t num = 0;
+	int max = resp.arg[1] -3 -2;
+	
+	for(int i=3; i<=max; i+=3){
+		PrintAndLog(" Aid %d : %s ",num ,sprint_hex(resp.d.asBytes+i,3));
+		num++;
+		
+		// UsbCommand cFiles = {CMD_MIFARE_DESFIRE, { 0x01, 0x04 }};
+		// cFiles.d.asBytes[0] = GET_FILE_IDS;
+		// cFiles.d.asBytes[1] = resp.d.asBytes+i;
+		// cFiles.d.asBytes[2] = resp.d.asBytes+i+1;
+		// cFiles.d.asBytes[3] = resp.d.asBytes+i+2;
+		// SendCommand(&cFiles);
+		
+		// if ( !WaitForResponseTimeout(CMD_ACK,&respFiles,1500) ) {
+			// PrintAndLog("   No files found");
+			// break;
+		// }
+		
+	}
+	PrintAndLog("-------------------------------------------------------------");
+	
+	
 	return 1;
 }
 
diff --git a/client/cmdhfmfdes.h b/client/cmdhfmfdes.h
index 12cb8e86..15bb9a23 100644
--- a/client/cmdhfmfdes.h
+++ b/client/cmdhfmfdes.h
@@ -55,4 +55,11 @@ char * GetProtocolStr(uint8_t id);
 #define     GET_KEY_SETTINGS 			 0x45
 #define     CHANGE_KEY 					 0xc4
 #define     GET_KEY_VERSION 			 0x64
-#define     AUTHENTICATION_FRAME 		 0xAF
\ No newline at end of file
+#define     AUTHENTICATION_FRAME 		 0xAF
+
+
+#define MAX_APPLICATION_COUNT 28
+#define MAX_FILE_COUNT 16
+#define MAX_FRAME_SIZE 60
+#define NOT_YET_AUTHENTICATED 255
+#define FRAME_PAYLOAD_SIZE (MAX_FRAME_SIZE - 5)
\ No newline at end of file
-- 
2.39.5