fix some iclass reader bugs (#350)

endless loop in reader if no tag was found
button press on pm3 did not cancel.
led_b was left on in some cases
also moved 14b detection to last in hf search to help speed up the
command for the other tags.  14b is slow (does multiple tests)
Thanks to @Fl0-0 and @pwpiwi for their idenfication of some of the
issues.

armsrc/iclass.c

@@ -49,6 +49,7 @@
 #include "iso15693tools.h"
 #include "protocols.h"
 #include "optimized_cipher.h"
+#include "usb_cdc.h" // for usb_poll_validate_length
 
 static int timeout = 4096;
 
@@ -1681,7 +1682,7 @@ void ReaderIClass(uint8_t arg0) {
 
 	uint8_t card_data[6 * 8]={0};
 	memset(card_data, 0xFF, sizeof(card_data));
-	uint8_t last_csn[8]={0};
+	uint8_t last_csn[8]={0,0,0,0,0,0,0,0};
 	uint8_t resp[ICLASS_BUFFER_SIZE];
 	memset(resp, 0xFF, sizeof(resp));
 	//Read conf block CRC(0x01) => 0xfa 0x22
@@ -1707,9 +1708,11 @@ void ReaderIClass(uint8_t arg0) {
 	setupIclassReader();
 
 	uint16_t tryCnt=0;
-	while(!BUTTON_PRESS())
+	bool userCancelled = BUTTON_PRESS() || usb_poll_validate_length();
+	while(!userCancelled)
 	{
-		if (try_once && tryCnt > 5) break; 
+		// if only looking for one card try 2 times if we missed it the first time
+		if (try_once && tryCnt > 2) break; 
 		tryCnt++;
 		if(!tracing) {
 			DbpString("Trace full");
@@ -1759,7 +1762,8 @@ void ReaderIClass(uint8_t arg0) {
 		// with 0xFF:s in block 3 and 4.
 
 		LED_B_ON();
-		//Send back to client, but don't bother if we already sent this
+		//Send back to client, but don't bother if we already sent this - 
+		//  only useful if looping in arm (not try_once && not abort_after_read)
 		if(memcmp(last_csn, card_data, 8) != 0)
 		{
 			// If caller requires that we get Conf, CC, AA, continue until we got it
@@ -1767,6 +1771,7 @@ void ReaderIClass(uint8_t arg0) {
 				cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
 				if(abort_after_read) {
 					LED_A_OFF();
+					LED_B_OFF();
 					return;
 				}
 				//Save that we already sent this....
@@ -1775,8 +1780,13 @@ void ReaderIClass(uint8_t arg0) {
 
 		}
 		LED_B_OFF();
+		userCancelled = BUTTON_PRESS() || usb_poll_validate_length();
+	}
+	if (userCancelled) {
+		cmd_send(CMD_ACK,0xFF,0,0,card_data, 0);
+	} else {
+		cmd_send(CMD_ACK,0,0,0,card_data, 0);
 	}
-	cmd_send(CMD_ACK,0,0,0,card_data, 0);
 	LED_A_OFF();
 }
 

client/cmdhf.c

@@ -673,16 +673,17 @@ int CmdHFSearch(const char *Cmd){
 		PrintAndLog("\nValid iClass Tag (or PicoPass Tag) Found - Quiting Search\n");
 		return ans;
 	}
-	ans = HF14BInfo(false);
-	if (ans) {
-		PrintAndLog("\nValid ISO14443B Tag Found - Quiting Search\n");
-		return ans;
-	}
 	ans = HF15Reader("", false);
 	if (ans) {
 		PrintAndLog("\nValid ISO15693 Tag Found - Quiting Search\n");
 		return ans;
 	}
+	//14b is longest test currently (and rarest chip type) ... put last
+	ans = HF14BInfo(false);
+	if (ans) {
+		PrintAndLog("\nValid ISO14443B Tag Found - Quiting Search\n");
+		return ans;
+	}
 	PrintAndLog("\nno known/supported 13.56 MHz tags found\n");
 	return 0;
 }

client/cmdhficlass.c

@@ -191,8 +191,12 @@ int HFiClassReader(const char *Cmd, bool loop, bool verbose) {
 			uint8_t readStatus = resp.arg[0] & 0xff;
 			uint8_t *data = resp.d.asBytes;
 
-			// no tag found
-			if( readStatus == 0) continue;
+			// no tag found or button pressed
+			if( (readStatus == 0 && !loop) || readStatus == 0xFF) {
+				// abort
+				if (verbose) PrintAndLog("Quitting...");
+				return 0;
+			}
 
 			if( readStatus & FLAG_ICLASS_READER_CSN) {
 				PrintAndLog("   CSN: %s",sprint_hex(data,8));
@@ -1708,7 +1712,7 @@ static command_t CommandTable[] =
 	{"loclass",     CmdHFiClass_loclass,        	1,	"[options..] Use loclass to perform bruteforce of reader attack dump"},
 	{"managekeys",  CmdHFiClassManageKeys,      	1,	"[options..] Manage the keys to use with iClass"},
 	{"readblk",     CmdHFiClass_ReadBlock,      	0,	"[options..] Authenticate and Read iClass block"},
-	{"reader",      CmdHFiClassReader,          	0,	"            Read an iClass tag"},
+	{"reader",      CmdHFiClassReader,          	0,	"            Look for iClass tags until a key or the pm3 button is pressed"},
 	{"readtagfile", CmdHFiClassReadTagFile,     	1,	"[options..] Display Content from tagfile"},
 	{"replay",      CmdHFiClassReader_Replay,   	0,	"<mac>       Read an iClass tag via Reply Attack"},
 	{"sim",         CmdHFiClassSim,             	0,	"[options..] Simulate iClass tag"},