proxmark3/armsrc/iso14443a.h

//-----------------------------------------------------------------------------
// Merlok - June 2011
// Gerhard de Koning Gans - May 2008
// Hagen Fritsch - June 2010
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Routines to support ISO 14443 type A.
//-----------------------------------------------------------------------------

#ifndef __ISO14443A_H
#define __ISO14443A_H

#ifdef __cplusplus
extern "C" {
#endif

#include "pm3_cmd.h"
#include "cmd.h"
#include "apps.h"
#include "util.h"
#include "string.h"
#include "crc16.h"
#include "mifaresniff.h"
#include "crapto1/crapto1.h"
#include "mifareutil.h"
#include "parity.h"
#include "mifare.h"  // structs

// When the PM acts as tag and is receiving it takes
// 2 ticks delay in the RF part (for the first falling edge),
// 3 ticks for the A/D conversion,
// 8 ticks on average until the start of the SSC transfer,
// 8 ticks until the SSC samples the first data
// 7*16 ticks to complete the transfer from FPGA to ARM
// 8 ticks until the next ssp_clk rising edge
// 4*16 ticks until we measure the time
// - 8*16 ticks because we measure the time of the previous transfer
#define DELAY_AIR2ARM_AS_TAG (2 + 3 + 8 + 8 + 7*16 + 8 + 4*16 - 8*16)

typedef struct {
    enum {
        DEMOD_UNSYNCD,
        // DEMOD_HALF_SYNCD,
        // DEMOD_MOD_FIRST_HALF,
        // DEMOD_NOMOD_FIRST_HALF,
        DEMOD_MANCHESTER_DATA
    } state;
    uint16_t twoBits;
    uint16_t highCnt;
    uint16_t bitCount;
    uint16_t collisionPos;
    uint16_t syncBit;
    uint8_t  parityBits;
    uint8_t  parityLen;
    uint16_t shiftReg;
    uint16_t samples;
    uint16_t len;
    uint32_t startTime, endTime;
    uint8_t  *output;
    uint8_t  *parity;
} tDemod;
/*
typedef enum {
    MOD_NOMOD = 0,
    MOD_SECOND_HALF,
    MOD_FIRST_HALF,
    MOD_BOTH_HALVES
    } Modulation_t;
*/

typedef struct {
    enum {
        STATE_UNSYNCD,
        STATE_START_OF_COMMUNICATION,
        STATE_MILLER_X,
        STATE_MILLER_Y,
        STATE_MILLER_Z,
        // DROP_NONE,
        // DROP_FIRST_HALF,
    } state;
    uint16_t shiftReg;
    int16_t bitCount;
    uint16_t len;
    //uint16_t byteCntMax;
    uint16_t posCnt;
    uint16_t syncBit;
    uint8_t  parityBits;
    uint8_t  parityLen;
    uint32_t fourBits;
    uint32_t startTime, endTime;
    uint8_t *output;
    uint8_t *parity;
} tUart;

#ifndef AddCrc14A
# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1)
#endif

#ifndef AddCrc14B
# define AddCrc14B(data, len) compute_crc(CRC_14443_B, (data), (len), (data)+(len), (data)+(len)+1)
#endif

#ifndef CheckCrc14A
# define CheckCrc14A(data, len)	check_crc(CRC_14443_A, (data), (len))
#endif

void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par);

tDemod *GetDemod(void);
void DemodReset(void);
void DemodInit(uint8_t *data, uint8_t *par);
tUart *GetUart(void);
void UartReset(void);
void UartInit(uint8_t *data, uint8_t *par);
RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);
RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);

void RAMFUNC SniffIso14443a(uint8_t param);
void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);
void iso14443a_antifuzz(uint32_t flags);
void ReaderIso14443a(PacketCommandNG *c);
void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing);
void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing);
void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing);
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *par);

void iso14443a_setup(uint8_t fpga_minor_mode);
int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint8_t *res);
int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);
int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades);
void iso14a_set_trigger(bool enable);

int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen);
int EmSend4bit(uint8_t resp);
int EmSendCmd(uint8_t *resp, uint16_t respLen);
int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision);
int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *par);
int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par);
int EmSendCmdParEx(uint8_t *resp, uint16_t respLen, uint8_t *par, bool collision);
int EmSendPrecompiledCmd(tag_response_info_t *p_response);

bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *max_buffer_size);

bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
                uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity);

void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype);
void DetectNACKbug();

#ifdef __cplusplus
}
#endif

#endif /* __ISO14443A_H */
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements 2011-06-07 20:35:52 +08:00			`//-----------------------------------------------------------------------------`
			`// Merlok - June 2011`
			`// Gerhard de Koning Gans - May 2008`
			`// Hagen Fritsch - June 2010`
			`//`
			`// This code is licensed to you under the terms of the GNU GPL, version 2 or,`
			`// at your option, any later version. See the LICENSE.txt file for the text of`
			`// the license.`
			`//-----------------------------------------------------------------------------`
			`// Routines to support ISO 14443 type A.`
			`//-----------------------------------------------------------------------------`

iso14a reader patches [Hagen Fritsch] 2010-07-13 21:39:30 +08:00			`#ifndef __ISO14443A_H`
			`#define __ISO14443A_H`
CHG: fiddled with the headerfiles... and makefile... Tried to make them behave nice. So it isnt a hell to add new functions from third-party (like des, aes etc) Added a lot of #ifndef , extern C, Move inside from ARMSRC -> THUMBS, which made the compiled image smaller.. I don't know if it broke anything. Moved MF_DBGLEVEL definitions into common.h Moved print_result from util.c into appmain.c Also split up some struct typedef into header files so they could be reused in other code places. ''' danger ''' this might have broken stuff... 2017-01-25 07:33:03 +08:00
			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00
Rename few USB -> PM3 to avoid misleading interpretations 2019-05-01 03:10:11 +08:00			`#include "pm3_cmd.h"`
CHG: fiddled with the headerfiles... and makefile... Tried to make them behave nice. So it isnt a hell to add new functions from third-party (like des, aes etc) Added a lot of #ifndef , extern C, Move inside from ARMSRC -> THUMBS, which made the compiled image smaller.. I don't know if it broke anything. Moved MF_DBGLEVEL definitions into common.h Moved print_result from util.c into appmain.c Also split up some struct typedef into header files so they could be reused in other code places. ''' danger ''' this might have broken stuff... 2017-01-25 07:33:03 +08:00			`#include "cmd.h"`
CHG: cleaning up. 2016-08-05 03:37:43 +08:00			`#include "apps.h"`
			`#include "util.h"`
			`#include "string.h"`
CHG: refactor CRC16 algos. This is a big change, most likely some parts broke, hard to test it all. 2018-02-01 22:19:47 +08:00			`#include "crc16.h"`
"hf mf sniff" low level logics works. 2012-07-11 23:52:33 +08:00			`#include "mifaresniff.h"`
fixes: armside 2017-07-30 16:01:30 +08:00			`#include "crapto1/crapto1.h"`
CHG: cleaning up. 2016-08-05 03:37:43 +08:00			`#include "mifareutil.h"`
			`#include "parity.h"`
draft for a Mifare classic NACK bug detection. the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug. -in short, ref https://github.com/iceman1001/proxmark3/issues/141 NACK bug; when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct. This is a strong oracle which is used in the darkside attack. 2017-12-05 02:36:26 +08:00			`#include "mifare.h" // structs`
iso14a reader patches [Hagen Fritsch] 2010-07-13 21:39:30 +08:00
hf mf sim 2019-03-16 04:04:25 +08:00			`// When the PM acts as tag and is receiving it takes`
			`// 2 ticks delay in the RF part (for the first falling edge),`
			`// 3 ticks for the A/D conversion,`
			`// 8 ticks on average until the start of the SSC transfer,`
			`// 8 ticks until the SSC samples the first data`
			`// 7*16 ticks to complete the transfer from FPGA to ARM`
			`// 8 ticks until the next ssp_clk rising edge`
			`// 4*16 ticks until we measure the time`
			`// - 8*16 ticks because we measure the time of the previous transfer`
			`#define DELAY_AIR2ARM_AS_TAG (2 + 3 + 8 + 8 + 716 + 8 + 416 - 8*16)`

small improvements, added new command `hf mf sniff` (there will be cool sniffer). But now... here is optimized hf 14a snoop. As I see it works the same as th old version. 2012-07-07 00:19:05 +08:00			`typedef struct {`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`enum {`
			`DEMOD_UNSYNCD,`
			`// DEMOD_HALF_SYNCD,`
			`// DEMOD_MOD_FIRST_HALF,`
			`// DEMOD_NOMOD_FIRST_HALF,`
			`DEMOD_MANCHESTER_DATA`
			`} state;`
			`uint16_t twoBits;`
			`uint16_t highCnt;`
			`uint16_t bitCount;`
			`uint16_t collisionPos;`
			`uint16_t syncBit;`
			`uint8_t parityBits;`
			`uint8_t parityLen;`
			`uint16_t shiftReg;`
			`uint16_t samples;`
			`uint16_t len;`
			`uint32_t startTime, endTime;`
			`uint8_t *output;`
			`uint8_t *parity;`
small improvements, added new command `hf mf sniff` (there will be cool sniffer). But now... here is optimized hf 14a snoop. As I see it works the same as th old version. 2012-07-07 00:19:05 +08:00			`} tDemod;`
ADD: 'hf felica reader' - added pm3 as FeliCa reader ADD: raw commands - added the basis for sending RAW commands to FeliCa. CHG: CRC16 rework, uses table based implementation. This will change more functions as I go on. 2018-01-29 20:42:02 +08:00			`/*`
- fixed iso1443a ManchesterDecoder in order to fix broken Snoop/Sniff - enhanced tracing: hf 14a list now shows meaningful timing information. With new option f it also shows the frame delay times (fdt) - small fix for hf 14b list - it used to run into the trace trailer - hf 14a sim now obeys iso14443 timing (fdt of 1172 or 1234 resp.) Note: you need to flash FPGA as well. More details in http://www.proxmark.org/forum/viewtopic.php?pid=9721#p9721 2014-02-20 04:35:04 +08:00			`typedef enum {`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`MOD_NOMOD = 0,`
			`MOD_SECOND_HALF,`
			`MOD_FIRST_HALF,`
			`MOD_BOTH_HALVES`
			`} Modulation_t;`
ADD: 'hf felica reader' - added pm3 as FeliCa reader ADD: raw commands - added the basis for sending RAW commands to FeliCa. CHG: CRC16 rework, uses table based implementation. This will change more functions as I go on. 2018-01-29 20:42:02 +08:00			`*/`
- fixed iso1443a ManchesterDecoder in order to fix broken Snoop/Sniff - enhanced tracing: hf 14a list now shows meaningful timing information. With new option f it also shows the frame delay times (fdt) - small fix for hf 14b list - it used to run into the trace trailer - hf 14a sim now obeys iso14443 timing (fdt of 1172 or 1234 resp.) Note: you need to flash FPGA as well. More details in http://www.proxmark.org/forum/viewtopic.php?pid=9721#p9721 2014-02-20 04:35:04 +08:00
small improvements, added new command `hf mf sniff` (there will be cool sniffer). But now... here is optimized hf 14a snoop. As I see it works the same as th old version. 2012-07-07 00:19:05 +08:00			`typedef struct {`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`enum {`
			`STATE_UNSYNCD,`
			`STATE_START_OF_COMMUNICATION,`
			`STATE_MILLER_X,`
			`STATE_MILLER_Y,`
			`STATE_MILLER_Z,`
			`// DROP_NONE,`
			`// DROP_FIRST_HALF,`
make style 2019-03-10 07:00:59 +08:00			`} state;`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`uint16_t shiftReg;`
			`int16_t bitCount;`
			`uint16_t len;`
			`//uint16_t byteCntMax;`
			`uint16_t posCnt;`
			`uint16_t syncBit;`
			`uint8_t parityBits;`
			`uint8_t parityLen;`
			`uint32_t fourBits;`
			`uint32_t startTime, endTime;`
- fixed iso1443a ManchesterDecoder in order to fix broken Snoop/Sniff - enhanced tracing: hf 14a list now shows meaningful timing information. With new option f it also shows the frame delay times (fdt) - small fix for hf 14b list - it used to run into the trace trailer - hf 14a sim now obeys iso14443 timing (fdt of 1172 or 1234 resp.) Note: you need to flash FPGA as well. More details in http://www.proxmark.org/forum/viewtopic.php?pid=9721#p9721 2014-02-20 04:35:04 +08:00			`uint8_t *output;`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`uint8_t *parity;`
small improvements, added new command `hf mf sniff` (there will be cool sniffer). But now... here is optimized hf 14a snoop. As I see it works the same as th old version. 2012-07-07 00:19:05 +08:00			`} tUart;`

CHG: refactor CRC16 algos. This is a big change, most likely some parts broke, hard to test it all. 2018-02-01 22:19:47 +08:00			`#ifndef AddCrc14A`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`# define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1)`
CHG: refactor CRC16 algos. This is a big change, most likely some parts broke, hard to test it all. 2018-02-01 22:19:47 +08:00			`#endif`

			`#ifndef AddCrc14B`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`# define AddCrc14B(data, len) compute_crc(CRC_14443_B, (data), (len), (data)+(len), (data)+(len)+1)`
CHG: refactor CRC16 algos. This is a big change, most likely some parts broke, hard to test it all. 2018-02-01 22:19:47 +08:00			`#endif`

Mifare Ultralight/NTAG simulation. Add WRITE and COMPATIBLE_WRITE support 2019-04-04 01:56:15 +08:00			`#ifndef CheckCrc14A`
remove old iso14443crc.c, fully replaced by crc16.c functions. 2019-04-09 16:12:15 +08:00			`# define CheckCrc14A(data, len) check_crc(CRC_14443_A, (data), (len))`
make style 2019-04-07 01:09:01 +08:00			`#endif`
Mifare Ultralight/NTAG simulation. Add WRITE and COMPATIBLE_WRITE support 2019-04-04 01:56:15 +08:00
style 2019-04-06 07:00:54 +08:00			`void GetParity(const uint8_t pbtCmd, uint16_t len, uint8_t par);`

			`tDemod *GetDemod(void);`
			`void DemodReset(void);`
args names 2019-04-07 02:21:03 +08:00			`void DemodInit(uint8_t data, uint8_t par);`
style 2019-04-06 07:00:54 +08:00			`tUart *GetUart(void);`
			`void UartReset(void);`
args names 2019-04-07 02:21:03 +08:00			`void UartInit(uint8_t data, uint8_t par);`
style 2019-04-06 07:00:54 +08:00			`RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time);`
			`RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time);`

			`void RAMFUNC SniffIso14443a(uint8_t param);`
			`void SimulateIso14443aTag(int tagType, int flags, uint8_t *data);`
			`void iso14443a_antifuzz(uint32_t flags);`
Rename few stuff for consistency 2019-04-18 18:43:35 +08:00			`void ReaderIso14443a(PacketCommandNG *c);`
style 2019-04-06 07:00:54 +08:00			`void ReaderTransmit(uint8_t frame, uint16_t len, uint32_t timing);`
			`void ReaderTransmitBitsPar(uint8_t frame, uint16_t bits, uint8_t par, uint32_t *timing);`
			`void ReaderTransmitPar(uint8_t frame, uint16_t len, uint8_t par, uint32_t *timing);`
			`int ReaderReceive(uint8_t receivedAnswer, uint8_t par);`

			`void iso14443a_setup(uint8_t fpga_minor_mode);`
			`int iso14_apdu(uint8_t cmd, uint16_t cmd_len, bool send_chaining, void data, uint8_t *res);`
iso14443a_select_card resp_data -> p_card 2019-04-07 18:18:15 +08:00			`int iso14443a_select_card(uint8_t uid_ptr, iso14a_card_select_t p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats);`
style 2019-04-06 07:00:54 +08:00			`int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades);`
			`void iso14a_set_trigger(bool enable);`

			`int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen);`
			`int EmSend4bit(uint8_t resp);`
			`int EmSendCmd(uint8_t *resp, uint16_t respLen);`
			`int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision);`
args names 2019-04-07 02:21:03 +08:00			`int EmGetCmd(uint8_t received, uint16_t len, uint8_t *par);`
style 2019-04-06 07:00:54 +08:00			`int EmSendCmdPar(uint8_t resp, uint16_t respLen, uint8_t par);`
			`int EmSendCmdParEx(uint8_t resp, uint16_t respLen, uint8_t par, bool collision);`
'hf mf sim' + 'hf 14a sim' now back to stable 2019-04-10 04:07:17 +08:00			`int EmSendPrecompiledCmd(tag_response_info_t *p_response);`
Merge branch 'master' into hf_mf_sim 2019-04-06 07:22:15 +08:00
			`bool prepare_allocated_tag_modulation(tag_response_info_t response_info, uint8_t buffer, size_t max_buffer_size);`
hf mf sim 2019-03-16 04:04:25 +08:00
ADD: simulating can now handle triplesized UID (10b) CHG: moved some mifare #DEFINES into protocols.h (ACK,NACK..) 2016-04-14 17:09:17 +08:00			`bool EmLogTrace(uint8_t reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t reader_Parity,`
armsrc: fix mix of spaces & tabs 2019-03-10 03:34:41 +08:00			`uint8_t tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t tag_Parity);`
syntax sugar 2017-01-21 18:33:14 +08:00
make style 2019-03-10 07:00:59 +08:00			`void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype);`
draft for a Mifare classic NACK bug detection. the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug. -in short, ref https://github.com/iceman1001/proxmark3/issues/141 NACK bug; when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct. This is a strong oracle which is used in the darkside attack. 2017-12-05 02:36:26 +08:00			`void DetectNACKbug();`
syntax sugar 2017-01-21 18:33:14 +08:00
			`#ifdef __cplusplus`
			`}`
remove spurious spaces & tabs at end of lines 2019-03-09 15:59:13 +08:00			`#endif`
syntax sugar 2017-01-21 18:33:14 +08:00
iso14a reader patches [Hagen Fritsch] 2010-07-13 21:39:30 +08:00			`#endif /* __ISO14443A_H */`