From 4973f23d3c2d2086ec694a13602b21a19726ab49 Mon Sep 17 00:00:00 2001
From: marshmellow42 <marshmellowrf@gmail.com>
Date: Wed, 27 May 2015 12:24:13 -0400
Subject: [PATCH 1/1] clean up mfu device side code
+ add xor calc to util (prep for desfire)
commented out MifareUWriteBlockCompat as it isn't used in client
currently (it is a command we could support.. but why?)
relabeled a few device side mfu functions to be clearer.
---
armsrc/appmain.c | 8 ++---
armsrc/apps.h | 4 +--
armsrc/mifarecmd.c | 27 +++++++--------
armsrc/mifareutil.c | 84 ++++++++++++++++++++++++---------------------
armsrc/mifareutil.h | 16 +++++----
client/util.c | 13 +++++--
client/util.h | 2 ++
7 files changed, 85 insertions(+), 69 deletions(-)
diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index f8594fcc..c226c726 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -841,11 +841,11 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_MIFARE_WRITEBL:
MifareWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
- case CMD_MIFAREU_WRITEBL_COMPAT:
- MifareUWriteBlock(c->arg[0], c->d.asBytes);
- break;
+ //case CMD_MIFAREU_WRITEBL_COMPAT:
+ //MifareUWriteBlockCompat(c->arg[0], c->d.asBytes);
+ //break;
case CMD_MIFAREU_WRITEBL:
- MifareUWriteBlock_Special(c->arg[0], c->arg[1], c->d.asBytes);
+ MifareUWriteBlock(c->arg[0], c->arg[1], c->d.asBytes);
break;
case CMD_MIFARE_NESTED:
MifareNested(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
diff --git a/armsrc/apps.h b/armsrc/apps.h
index dfd1fe52..6360b664 100644
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -170,8 +170,8 @@ void MifareUC_Auth(uint8_t arg0, uint8_t *datain);
void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain);
void MifareReadSector(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
-void MifareUWriteBlock(uint8_t arg0,uint8_t *datain);
-void MifareUWriteBlock_Special(uint8_t arg0, uint8_t arg1, uint8_t *datain);
+//void MifareUWriteBlockCompat(uint8_t arg0,uint8_t *datain);
+void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain);
void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareChkKeys(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
void Mifare1ksim(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain);
diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c
index 884da913..bf6c404a 100644
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@@ -254,7 +254,6 @@ void MifareUReadCard(uint8_t arg0, uint16_t arg1, uint8_t arg2, uint8_t *datain)
{
// free eventually allocated BigBuf memory
BigBuf_free();
- // clear trace
clear_trace();
// params
@@ -416,7 +415,8 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)
LEDsoff();
}
-void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
+/* // Command not needed but left for future testing
+void MifareUWriteBlockCompat(uint8_t arg0, uint8_t *datain)
{
uint8_t blockNo = arg0;
byte_t blockdata[16] = {0x00};
@@ -436,7 +436,7 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
return;
};
- if(mifare_ultra_writeblock(blockNo, blockdata)) {
+ if(mifare_ultra_writeblock_compat(blockNo, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(0);
return; };
@@ -453,6 +453,7 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
+*/
// Arg0 : Block to write to.
// Arg1 : 0 = use no authentication.
@@ -460,7 +461,7 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t *datain)
// 2 = use 0x1B authentication.
// datain : 4 first bytes is data to be written.
// : 4/16 next bytes is authentication key.
-void MifareUWriteBlock_Special(uint8_t arg0, uint8_t arg1, uint8_t *datain)
+void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain)
{
uint8_t blockNo = arg0;
bool useKey = (arg1 == 1); //UL_C
@@ -502,7 +503,7 @@ void MifareUWriteBlock_Special(uint8_t arg0, uint8_t arg1, uint8_t *datain)
}
}
- if(mifare_ultra_special_writeblock(blockNo, blockdata)) {
+ if(mifare_ultra_writeblock(blockNo, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(0);
return;
@@ -542,7 +543,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[6];
blockdata[2] = pwd[5];
blockdata[3] = pwd[4];
- if(mifare_ultra_special_writeblock( 44, blockdata)) {
+ if(mifare_ultra_writeblock( 44, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(44);
return;
@@ -552,7 +553,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[2];
blockdata[2] = pwd[1];
blockdata[3] = pwd[0];
- if(mifare_ultra_special_writeblock( 45, blockdata)) {
+ if(mifare_ultra_writeblock( 45, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(45);
return;
@@ -562,7 +563,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[14];
blockdata[2] = pwd[13];
blockdata[3] = pwd[12];
- if(mifare_ultra_special_writeblock( 46, blockdata)) {
+ if(mifare_ultra_writeblock( 46, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(46);
return;
@@ -572,7 +573,7 @@ void MifareUSetPwd(uint8_t arg0, uint8_t *datain){
blockdata[1] = pwd[10];
blockdata[2] = pwd[9];
blockdata[3] = pwd[8];
- if(mifare_ultra_special_writeblock( 47, blockdata)) {
+ if(mifare_ultra_writeblock( 47, blockdata)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Write block error");
OnError(47);
return;
@@ -1265,14 +1266,12 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
isOK = mifare_desfire_des_auth2(cuid, key, dataout);
if( isOK) {
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
- Dbprintf("Authentication part2: Failed");
- //OnError(4);
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) Dbprintf("Authentication part2: Failed");
+ OnError(4);
return;
}
- if (MF_DBGLEVEL >= MF_DBG_EXTENDED)
- DbpString("AUTH 2 FINISHED");
+ if (MF_DBGLEVEL >= MF_DBG_EXTENDED) DbpString("AUTH 2 FINISHED");
cmd_send(CMD_ACK, isOK, 0, 0, dataout, sizeof(dataout));
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c
index 2f84797b..c706e78a 100644
--- a/armsrc/mifareutil.c
+++ b/armsrc/mifareutil.c
@@ -65,73 +65,74 @@ uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data) {
return bt;
}
-// send commands
+// send 2 byte commands
int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
{
return mifare_sendcmd_shortex(pcs, crypted, cmd, data, answer, answer_parity, timing);
}
-int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
+// send X byte basic commands
+int mifare_sendcmd(uint8_t cmd, uint8_t* data, uint8_t data_size, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
{
- uint8_t dcmd[8];
- dcmd[0] = cmd;
- dcmd[1] = data[0];
- dcmd[2] = data[1];
- dcmd[3] = data[2];
- dcmd[4] = data[3];
- dcmd[5] = data[4];
- AppendCrc14443a(dcmd, 6);
- ReaderTransmit(dcmd, sizeof(dcmd), NULL);
+ uint8_t dcmd[data_size+3];
+ dcmd[0] = cmd;
+ memcpy(dcmd+1,data,data_size);
+ AppendCrc14443a(dcmd, data_size+1);
+ ReaderTransmit(dcmd, sizeof(dcmd), timing);
int len = ReaderReceive(answer, answer_parity);
if(!len) {
- if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
- return 2;
- }
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("%02X Cmd failed. Card timeout.", cmd);
+ len = ReaderReceive(answer,answer_parity);
+ //return 0;
+ }
return len;
}
+/*
int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
{
- uint8_t dcmd[19];
+ uint8_t dcmd[19];
int len;
- dcmd[0] = cmd;
- memcpy(dcmd+1,data,16);
+ dcmd[0] = cmd;
+ memcpy(dcmd+1,data,16);
AppendCrc14443a(dcmd, 17);
ReaderTransmit(dcmd, sizeof(dcmd), timing);
len = ReaderReceive(answer, answer_parity);
if(!len) {
- if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout.");
- len = ReaderReceive(answer,answer_parity);
- }
- if(len==1) {
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout.");
+ len = ReaderReceive(answer,answer_parity);
+ }
+ if(len==1) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("NAK - Authentication failed.");
return 1;
- }
+ }
return len;
}
int mifare_sendcmd_short_mfuev1auth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
{
- uint8_t dcmd[7];
+ uint8_t dcmd[7];
int len;
- dcmd[0] = cmd;
- memcpy(dcmd+1,data,4);
+ dcmd[0] = cmd;
+ memcpy(dcmd+1,data,4);
AppendCrc14443a(dcmd, 5);
-
+
ReaderTransmit(dcmd, sizeof(dcmd), timing);
len = ReaderReceive(answer, answer_parity);
if(!len) {
- if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout.");
- len = ReaderReceive(answer,answer_parity);
- }
- if(len==1) {
+ if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Authentication failed. Card timeout.");
+ len = ReaderReceive(answer,answer_parity);
+ }
+ if(len==1) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("NAK - Authentication failed.");
return 1;
- }
+ }
return len;
}
+*/
+// send 2 byte commands
int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
{
uint8_t dcmd[4], ecmd[4];
@@ -319,7 +320,8 @@ int mifare_ul_ev1_auth(uint8_t *keybytes, uint8_t *pack){
memcpy(key, keybytes, 4);
Dbprintf("EV1 Auth : %02x%02x%02x%02x", key[0], key[1], key[2], key[3]);
- len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL);
+ len = mifare_sendcmd(0x1B, key, sizeof(key), resp, respPar, NULL);
+ //len = mifare_sendcmd_short_mfuev1auth(NULL, 0, 0x1B, key, resp, respPar, NULL);
if (len != 4) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x %u", resp[0], len);
return 0;
@@ -380,8 +382,8 @@ int mifare_ultra_auth(uint8_t *keybytes){
// encrypt out, in, length, key, iv
tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);
-
- len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);
+ //len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);
+ len = mifare_sendcmd(0xAF, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL);
if (len != 11) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);
return 0;
@@ -425,6 +427,7 @@ int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData)
uint8_t receivedAnswer[MAX_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
+
len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if (len == 1) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
@@ -493,7 +496,8 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl
return 0;
}
-int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData)
+/* // command not needed, but left for future testing
+int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData)
{
uint16_t len;
uint8_t par[3] = {0}; // enough for 18 parity bits
@@ -501,7 +505,6 @@ int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData)
uint8_t receivedAnswer[MAX_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
- // command MIFARE_CLASSIC_WRITEBLOCK
len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
@@ -524,20 +527,21 @@ int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData)
}
return 0;
}
+*/
-int mifare_ultra_special_writeblock(uint8_t blockNo, uint8_t *blockData)
+int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData)
{
uint16_t len;
- uint8_t d_block[8] = {0x00};
+ uint8_t d_block[5] = {0x00};
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
// command MIFARE_CLASSIC_WRITEBLOCK
d_block[0]= blockNo;
memcpy(d_block+1,blockData,4);
- AppendCrc14443a(d_block, 6);
+ //AppendCrc14443a(d_block, 6);
- len = mifare_sendcmd_short_special(NULL, 1, 0xA2, d_block, receivedAnswer, receivedAnswerPar, NULL);
+ len = mifare_sendcmd(0xA2, d_block, sizeof(d_block), receivedAnswer, receivedAnswerPar, NULL);
if (receivedAnswer[0] != 0x0A) { // 0x0a - ACK
if (MF_DBGLEVEL >= MF_DBG_ERROR)
diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h
index d4fcd818..ed955cc6 100644
--- a/armsrc/mifareutil.h
+++ b/armsrc/mifareutil.h
@@ -54,22 +54,24 @@ extern int MF_DBGLEVEL;
//functions
int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
-int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
-
-int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing);
-int mifare_sendcmd_short_mfuev1auth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing);
+int mifare_sendcmd(uint8_t cmd, uint8_t *data, uint8_t data_size, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
+//int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing);
+//int mifare_sendcmd_short_mfuev1auth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing);
int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
+// mifare classic
int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested);
int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t * ntptr, uint32_t *timing);
int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
+int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid);
+int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
+
+// Ultralight/NTAG...
int mifare_ul_ev1_auth(uint8_t *key, uint8_t *pack);
int mifare_ultra_auth(uint8_t *key);
int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData);
-int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData);
+//int mifare_ultra_writeblock_compat(uint8_t blockNo, uint8_t *blockData);
int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData);
-int mifare_ultra_special_writeblock(uint8_t blockNo, uint8_t *blockData);
-int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid);
int mifare_ultra_halt();
// desfire
diff --git a/client/util.c b/client/util.c
index cea9f7d7..1fc684b6 100644
--- a/client/util.c
+++ b/client/util.c
@@ -108,12 +108,12 @@ void print_hex(const uint8_t * data, const size_t len)
printf("\n");
}
-char * sprint_hex(const uint8_t * data, const size_t len) {
+char *sprint_hex(const uint8_t *data, const size_t len) {
int maxLen = ( len > 1024/3) ? 1024/3 : len;
static char buf[1024];
memset(buf, 0x00, 1024);
- char * tmp = buf;
+ char *tmp = buf;
size_t i;
for (i=0; i < maxLen; ++i, tmp += 3)
@@ -444,3 +444,12 @@ void wiegand_add_parity(char *target, char *source, char length)
target += length;
*(target)= GetParity(source + length / 2, ODD, length / 2);
}
+
+void xor(unsigned char *dst, unsigned char *src, size_t len) {
+ for( ; len > 0; len--,dst++,src++)
+ *dst ^= *src;
+}
+
+int32_t le24toh (uint8_t data[3]) {
+ return (data[2] << 16) | (data[1] << 8) | data[0];
+}
diff --git a/client/util.h b/client/util.h
index f58f64cb..2d2beaf4 100644
--- a/client/util.h
+++ b/client/util.h
@@ -63,3 +63,5 @@ void binarraytobinstring(char *target, char *source, int length);
uint8_t GetParity( char *string, uint8_t type, int length);
void wiegand_add_parity(char *target, char *source, char length);
+void xor(unsigned char *dst, unsigned char *src, size_t len);
+int32_t le24toh(uint8_t data[3]);
--
2.39.5