RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-11-11 01:55:38 +08:00
Code Issues Projects Releases Packages Wiki Activity
proxmark3/armsrc/mifareutil.c

628 lines
18 KiB
C
Raw Normal View History

1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
//-----------------------------------------------------------------------------
small improvements, added new command `hf mf sniff` (there will be cool sniffer). But now... here is optimized hf 14a snoop. As I see it works the same as th old version.
2012-07-07 00:19:05 +08:00
// Merlok, May 2011, 2012
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
// Many authors, whom made it possible
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
// Work with mifare cards.
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
//-----------------------------------------------------------------------------
First check in.
2014-09-12 05:23:46 +08:00
#include "../include/proxmark3.h"
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
#include "apps.h"
#include "util.h"
#include "string.h"
First check in.
2014-09-12 05:23:46 +08:00
#include "../common/iso14443crc.h"
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
#include "iso14443a.h"
#include "crapto1.h"
#include "mifareutil.h"
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
int MF_DBGLEVEL = MF_DBG_ALL;
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
// memory management
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* get_bigbufptr_recvrespbuf(void) {
return (((uint8_t *)BigBuf) + RECV_RESP_OFFSET);
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* get_bigbufptr_recvcmdbuf(void) {
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
return (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* get_bigbufptr_emlcardmem(void) {
return (((uint8_t *)BigBuf) + CARD_MEMORY_OFFSET);
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
}
// crypto1 helpers
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len){
uint8_t bt = 0;
int i;
if (len != 1) {
for (i = 0; i < len; i++)
data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];
} else {
bt = 0;
for (i = 0; i < 4; i++)
bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data[0], i)) << i;
data[0] = bt;
}
return;
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
void mf_crypto1_encrypt(struct Crypto1State *pcs, uint8_t *data, uint16_t len, uint8_t *par) {
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
uint8_t bt = 0;
int i;
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
par[0] = 0;
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
for (i = 0; i < len; i++) {
bt = data[i];
data[i] = crypto1_byte(pcs, 0x00, 0) ^ data[i];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
if((i&0x0007) == 0)
par[i>>3] = 0;
par[i>>3] |= (((filter(pcs->odd) ^ oddparity(bt)) & 0x01)<<(7-(i&0x0007)));
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
}
return;
}
uint8_t mf_crypto1_encrypt4bit(struct Crypto1State *pcs, uint8_t data) {
uint8_t bt = 0;
int i;
for (i = 0; i < 4; i++)
bt |= (crypto1_bit(pcs, 0, 0) ^ BIT(data, i)) << i;
return bt;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
}
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
// send commands
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int mifare_sendcmd_short(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
{
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
return mifare_sendcmd_shortex(pcs, crypted, cmd, data, answer, answer_parity, timing);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
{
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t dcmd[8];
dcmd[0] = cmd;
ADD: started with adding a LF AWID26 write function. not done yet. ADD: latest pwpiwi & holiman changes.
2014-12-19 20:46:02 +08:00
dcmd[1] = data[0];
dcmd[2] = data[1];
dcmd[3] = data[2];
dcmd[4] = data[3];
dcmd[5] = data[4];
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
AppendCrc14443a(dcmd, 6);
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int len = ReaderReceive(answer, answer_parity);
First check in.
2014-09-12 05:23:46 +08:00
if(!len) {
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2;
First check in.
2014-09-12 05:23:46 +08:00
}
return len;
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int mifare_sendcmd_short_mfucauth(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t *data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
First check in.
2014-09-12 05:23:46 +08:00
{
uint8_t dcmd[19];
int len;
dcmd[0] = cmd;
memcpy(dcmd+1,data,16);
AppendCrc14443a(dcmd, 17);
ReaderTransmit(dcmd, sizeof(dcmd), timing);
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = ReaderReceive(answer, answer_parity);
First check in.
2014-09-12 05:23:46 +08:00
if(!len) {
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = ReaderReceive(answer,answer_parity);
First check in.
2014-09-12 05:23:46 +08:00
}
if(len==1) {
if (MF_DBGLEVEL >= 1) Dbprintf("NAK - Authentication failed.");
return 1;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
}
return len;
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
{
uint8_t dcmd[4], ecmd[4];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t pos, res;
uint8_t par[1]; // 1 Byte parity is enough here
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
dcmd[0] = cmd;
dcmd[1] = data;
AppendCrc14443a(dcmd, 2);
memcpy(ecmd, dcmd, sizeof(dcmd));
if (crypted) {
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
par[0] = 0;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
for (pos = 0; pos < 4; pos++)
{
ecmd[pos] = crypto1_byte(pcs, 0x00, 0) ^ dcmd[pos];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
par[0] |= (((filter(pcs->odd) ^ oddparity(dcmd[pos])) & 0x01) << (7-pos));
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
}
Major rework of hf mf nested: - PM: used GetCountMifare in MifareNested() for improved timing accuracy and to deliver better quality nonces - PM: MifareNested now delivers exactly two different nonces to avoid time consuming multiple lfsr_recovery32() on client side - Client: replaced quicksort by bucketsort in crapto1.c which is faster - Client: use multithreading (two parallel calls to lfsr_recovery32()) - Client: fixed a small bug in mfnested() (always showed trgkey=0) - Client: introduced a mutex for PrintAndLog() to avoid interlaced printing Minor rework of hf mf chk: - Avoid time consuming off/on cycles. Send a "halt" instead.
2013-09-15 17:33:17 +08:00
ReaderTransmitPar(ecmd, sizeof(ecmd), par, timing);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
} else {
Major rework of hf mf nested: - PM: used GetCountMifare in MifareNested() for improved timing accuracy and to deliver better quality nonces - PM: MifareNested now delivers exactly two different nonces to avoid time consuming multiple lfsr_recovery32() on client side - Client: replaced quicksort by bucketsort in crapto1.c which is faster - Client: use multithreading (two parallel calls to lfsr_recovery32()) - Client: fixed a small bug in mfnested() (always showed trgkey=0) - Client: introduced a mutex for PrintAndLog() to avoid interlaced printing Minor rework of hf mf chk: - Avoid time consuming off/on cycles. Send a "halt" instead.
2013-09-15 17:33:17 +08:00
ReaderTransmit(dcmd, sizeof(dcmd), timing);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int len = ReaderReceive(answer, par);
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
if (answer_parity) *answer_parity = par[0];
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
if (crypted == CRYPT_ALL) {
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
if (len == 1) {
res = 0;
for (pos = 0; pos < 4; pos++)
res |= (crypto1_bit(pcs, 0, 0) ^ BIT(answer[0], pos)) << pos;
answer[0] = res;
} else {
for (pos = 0; pos < len; pos++)
{
answer[pos] = crypto1_byte(pcs, 0x00, 0) ^ answer[pos];
}
}
}
return len;
}
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
// mifare commands
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int mifare_classic_auth(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested)
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
{
Major rework of hf mf nested: - PM: used GetCountMifare in MifareNested() for improved timing accuracy and to deliver better quality nonces - PM: MifareNested now delivers exactly two different nonces to avoid time consuming multiple lfsr_recovery32() on client side - Client: replaced quicksort by bucketsort in crapto1.c which is faster - Client: use multithreading (two parallel calls to lfsr_recovery32()) - Client: fixed a small bug in mfnested() (always showed trgkey=0) - Client: introduced a mutex for PrintAndLog() to avoid interlaced printing Minor rework of hf mf chk: - Avoid time consuming off/on cycles. Send a "halt" instead.
2013-09-15 17:33:17 +08:00
return mifare_classic_authex(pcs, uid, blockNo, keyType, ui64Key, isNested, NULL, NULL);
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
}
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t * ntptr, uint32_t *timing)
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
{
// variables
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
int len;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
uint32_t pos;
uint8_t tmp4[4];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t par[1] = {0x00};
byte_t nr[4];
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
uint32_t nt, ntpp; // Supplied tag nonce
uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
// Transmit MIFARE_CLASSIC_AUTH
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer, receivedAnswerPar, timing);
if (MF_DBGLEVEL >= 4) Dbprintf("rand tag nonce len: %x", len);
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
if (len != 4) return 1;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
// "random" reader nonce:
nr[0] = 0x55;
nr[1] = 0x41;
nr[2] = 0x49;
nr[3] = 0x92;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
// Save the tag nonce (nt)
nt = bytes_to_num(receivedAnswer, 4);
// ----------------------------- crypto1 create
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
if (isNested)
crypto1_destroy(pcs);
// Init cipher with key
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
crypto1_create(pcs, ui64Key);
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
if (isNested == AUTH_NESTED) {
// decrypt nt with help of new key
nt = crypto1_word(pcs, nt ^ uid, 1) ^ nt;
} else {
// Load (plain) uid^nt into the cipher
crypto1_word(pcs, nt ^ uid, 0);
}
// some statistic
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (!ntptr && (MF_DBGLEVEL >= 3))
improved version of "hf 14a mifare" command with merge with utility nonce2key
2011-05-31 19:31:20 +08:00
Dbprintf("auth uid: %08x nt: %08x", uid, nt);
// save Nt
if (ntptr)
*ntptr = nt;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
// Generate (encrypted) nr+parity by loading it into the cipher (Nr)
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
par[0] = 0;
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
for (pos = 0; pos < 4; pos++)
{
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
mf_nr_ar[pos] = crypto1_byte(pcs, nr[pos], 0) ^ nr[pos];
par[0] |= (((filter(pcs->odd) ^ oddparity(nr[pos])) & 0x01) << (7-pos));
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
}
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
// Skip 32 bits in pseudo random generator
nt = prng_successor(nt,32);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
// ar+parity
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
for (pos = 4; pos < 8; pos++)
{
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nt = prng_successor(nt,8);
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
mf_nr_ar[pos] = crypto1_byte(pcs,0x00,0) ^ (nt & 0xff);
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
par[0] |= (((filter(pcs->odd) ^ oddparity(nt & 0xff)) & 0x01) << (7-pos));
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
}
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
// Transmit reader nonce and reader answer
Major rework of hf mf nested: - PM: used GetCountMifare in MifareNested() for improved timing accuracy and to deliver better quality nonces - PM: MifareNested now delivers exactly two different nonces to avoid time consuming multiple lfsr_recovery32() on client side - Client: replaced quicksort by bucketsort in crapto1.c which is faster - Client: use multithreading (two parallel calls to lfsr_recovery32()) - Client: fixed a small bug in mfnested() (always showed trgkey=0) - Client: introduced a mutex for PrintAndLog() to avoid interlaced printing Minor rework of hf mf chk: - Avoid time consuming off/on cycles. Send a "halt" instead.
2013-09-15 17:33:17 +08:00
ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
// Receive 4 byte tag answer
len = ReaderReceive(receivedAnswer, receivedAnswerPar);
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
if (!len)
{
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 2;
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
}
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
memcpy(tmp4, receivedAnswer, 4);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
ntpp = prng_successor(nt, 32) ^ crypto1_word(pcs, 0,0);
if (ntpp != bytes_to_num(tmp4, 4)) {
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Error card response.");
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 3;
}
return 0;
}
int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
// variables
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
int len;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
uint8_t bt[2];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
// command MIFARE_CLASSIC_READBLOCK
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short(pcs, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
if (len == 1) {
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 1;
}
if (len != 18) {
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: card timeout. len: %x", len);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 2;
}
memcpy(bt, receivedAnswer + 16, 2);
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
AppendCrc14443a(receivedAnswer, 16);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd CRC response error.");
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 3;
}
memcpy(blockData, receivedAnswer, 16);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
return 0;
First check in.
2014-09-12 05:23:46 +08:00
}
int mifare_ultra_auth1(uint32_t uid, uint8_t *blockData){
// variables
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t len;
First check in.
2014-09-12 05:23:46 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
First check in.
2014-09-12 05:23:46 +08:00
// command MIFARE_CLASSIC_READBLOCK
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, receivedAnswer,receivedAnswerPar ,NULL);
First check in.
2014-09-12 05:23:46 +08:00
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len == 11) {
if (MF_DBGLEVEL >= 1) Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10]);
memcpy(blockData, receivedAnswer, 11);
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
return 0;
First check in.
2014-09-12 05:23:46 +08:00
}
//else something went wrong???
return 1;
}
int mifare_ultra_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
// variables
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t len;
First check in.
2014-09-12 05:23:46 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
First check in.
2014-09-12 05:23:46 +08:00
// command MIFARE_CLASSIC_READBLOCK
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, key, receivedAnswer, receivedAnswerPar, NULL);
First check in.
2014-09-12 05:23:46 +08:00
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len == 11){
if (MF_DBGLEVEL >= 1) Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10]);
memcpy(blockData, receivedAnswer, 11);
return 0;
}
//something went wrong?
return 1;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
}
int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
// variables
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t len;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
uint8_t bt[2];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
// command MIFARE_CLASSIC_READBLOCK
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len != 18) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: card timeout. len: %x", len);
return 2;
}
memcpy(bt, receivedAnswer + 16, 2);
AppendCrc14443a(receivedAnswer, 16);
if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd CRC response error.");
return 3;
}
memcpy(blockData, receivedAnswer, 14);
return 0;
}
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
// variables
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t len, i;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
uint32_t pos;
ADD: started with adding a LF AWID26 write function. not done yet. ADD: latest pwpiwi & holiman changes.
2014-12-19 20:46:02 +08:00
uint8_t par[3] = {0}; // enough for 18 Bytes to send
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
byte_t res;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
uint8_t d_block[18], d_block_enc[18];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
// command MIFARE_CLASSIC_WRITEBLOCK
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short(pcs, 1, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 1;
}
memcpy(d_block, blockData, 16);
AppendCrc14443a(d_block, 16);
// crypto
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
for (pos = 0; pos < 18; pos++)
{
d_block_enc[pos] = crypto1_byte(pcs, 0x00, 0) ^ d_block[pos];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
par[pos>>3] |= (((filter(pcs->odd) ^ oddparity(d_block[pos])) & 0x01) << (7 - (pos&0x0007)));
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
}
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
Major rework of hf mf nested: - PM: used GetCountMifare in MifareNested() for improved timing accuracy and to deliver better quality nonces - PM: MifareNested now delivers exactly two different nonces to avoid time consuming multiple lfsr_recovery32() on client side - Client: replaced quicksort by bucketsort in crapto1.c which is faster - Client: use multithreading (two parallel calls to lfsr_recovery32()) - Client: fixed a small bug in mfnested() (always showed trgkey=0) - Client: introduced a mutex for PrintAndLog() to avoid interlaced printing Minor rework of hf mf chk: - Avoid time consuming off/on cycles. Send a "halt" instead.
2013-09-15 17:33:17 +08:00
ReaderTransmitPar(d_block_enc, sizeof(d_block_enc), par, NULL);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
// Receive the response
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = ReaderReceive(receivedAnswer, receivedAnswerPar);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
res = 0;
for (i = 0; i < 4; i++)
res |= (crypto1_bit(pcs, 0, 0) ^ BIT(receivedAnswer[0], i)) << i;
if ((len != 1) || (res != 0x0A)) {
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd send data2 Error: %02x", res);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 2;
}
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
return 0;
}
int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
// variables
uint16_t len;
uint8_t par[3] = {0}; // enough for 18 parity bits
uint8_t d_block[18];
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
// command MIFARE_CLASSIC_WRITEBLOCK
len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);
return 1;
}
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
memset(d_block,'\0',18);
memcpy(d_block, blockData, 16);
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
AppendCrc14443a(d_block, 16);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
// Receive the response
len = ReaderReceive(receivedAnswer, receivedAnswerPar);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
if ((len != 1) || (receivedAnswer[0] != 0x0A)) { // 0x0a - ACK
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
return 2;
}
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
return 0;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
}
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t len;
uint8_t d_block[8];
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
// command MIFARE_CLASSIC_WRITEBLOCK
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
memset(d_block,'\0',8);
d_block[0]= blockNo;
memcpy(d_block+1,blockData,4);
AppendCrc14443a(d_block, 6);
//i know the data send here is correct
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short_special(NULL, 1, 0xA2, d_block, receivedAnswer, receivedAnswerPar, NULL);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
if (receivedAnswer[0] != 0x0A) { // 0x0a - ACK
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Send Error: %02x %d", receivedAnswer[0],len);
return 1;
}
return 0;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
}
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid)
{
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t len;
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
nested authentication works ok (tested) and code cleaning
2011-05-26 23:20:03 +08:00
if (len != 0) {
1. fixed hf 14a mifare. added functionality to ignore one Nt 2. completed hf 14a nested 3. added hf 14a chk to check keys 5. added check keys to hf 14a mifare and hf 14a nested 6. added debug level to mifare commands 7. small bugs and improvements
2011-06-07 20:35:52 +08:00
if (MF_DBGLEVEL >= 1) Dbprintf("halt error. response len: %x", len);
1. Mifare read block command 2. Mifare read sector (via 1) 3. Mifare write block 4. fixed several bugs in iso 14443 select added Issue 23 Issue 26
2011-05-26 20:55:15 +08:00
return 1;
}
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
return 0;
}
int mifare_ultra_halt(uint32_t uid)
{
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint16_t len;
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
if (len != 0) {
if (MF_DBGLEVEL >= 1) Dbprintf("halt error. response len: %x", len);
return 1;
}
return 0;
}
fix/add support for 4K (and other non 1K) card sizes in hf mf commands - hf mf rdsc (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39 - hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards - hf mf dump (add): added (optional) card size parameter and support for non 1K cards - hf mf dump (fix): Access Condition 011 not handled correctly (tried to access with key A) - hf mf restore (add): added (optional) card size parameter and support for non 1K cards - hf mf nested (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39 - hf mf nested (fix): always dumped 16 keys to dumpkeys.bin instead of correct number - hf mf chk (fix): always dumped 16 keys to dumpkeys.bin instead of correct number - hf mf eget (fix): displayed three instead of one block - hf mf eload (add): load 4K .eml files (but accepts 1K .eml files for backwards compatibility) - hf mf esave (add): always save the whole emulator memory (4K) instead of 1K only - hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
2014-09-11 01:04:50 +08:00
// Mifare Memory Structure: up to 32 Sectors with 4 blocks each (1k and 2k cards),
// plus evtl. 8 sectors with 16 blocks each (4k cards)
uint8_t NumBlocksPerSector(uint8_t sectorNo)
{
if (sectorNo < 32)
return 4;
else
return 16;
}
uint8_t FirstBlockOfSector(uint8_t sectorNo)
{
if (sectorNo < 32)
return sectorNo * 4;
else
return 32*4 + (sectorNo - 32) * 16;
}
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 16:43:23 +08:00
// work with emulator memory
void emlSetMem(uint8_t *data, int blockNum, int blocksCount) {
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
memcpy(emCARD + blockNum * 16, data, blocksCount * 16);
}
void emlGetMem(uint8_t *data, int blockNum, int blocksCount) {
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
memcpy(data, emCARD + blockNum * 16, blocksCount * 16);
}
void emlGetMemBt(uint8_t *data, int bytePtr, int byteCount) {
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
memcpy(data, emCARD + bytePtr, byteCount);
}
1. emulator works. tested on ARC1302, NXP pegoda, touchtag, my firm's readers. 2. added increment, decrement, restore, transfer commands 3. fixed several small bugs and small code cleaning 4. there is strange behavier in the emulator: for 7BUID is seems that there is must be a feature that cam make work card withouth 2nd anticollision loop. NXP reader authenticates, but cant read card contents. all the rest readers works, BUT.... my 7BUID mifare card dont work AT ALL .... I dont know what i should do )
2011-06-25 21:03:01 +08:00
int emlCheckValBl(int blockNum) {
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
1. emulator works. tested on ARC1302, NXP pegoda, touchtag, my firm's readers. 2. added increment, decrement, restore, transfer commands 3. fixed several small bugs and small code cleaning 4. there is strange behavier in the emulator: for 7BUID is seems that there is must be a feature that cam make work card withouth 2nd anticollision loop. NXP reader authenticates, but cant read card contents. all the rest readers works, BUT.... my 7BUID mifare card dont work AT ALL .... I dont know what i should do )
2011-06-25 21:03:01 +08:00
uint8_t* data = emCARD + blockNum * 16;
if ((data[0] != (data[4] ^ 0xff)) || (data[0] != data[8]) ||
(data[1] != (data[5] ^ 0xff)) || (data[1] != data[9]) ||
(data[2] != (data[6] ^ 0xff)) || (data[2] != data[10]) ||
(data[3] != (data[7] ^ 0xff)) || (data[3] != data[11]) ||
(data[12] != (data[13] ^ 0xff)) || (data[12] != data[14]) ||
(data[12] != (data[15] ^ 0xff))
)
return 1;
return 0;
}
int emlGetValBl(uint32_t *blReg, uint8_t *blBlock, int blockNum) {
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
1. emulator works. tested on ARC1302, NXP pegoda, touchtag, my firm's readers. 2. added increment, decrement, restore, transfer commands 3. fixed several small bugs and small code cleaning 4. there is strange behavier in the emulator: for 7BUID is seems that there is must be a feature that cam make work card withouth 2nd anticollision loop. NXP reader authenticates, but cant read card contents. all the rest readers works, BUT.... my 7BUID mifare card dont work AT ALL .... I dont know what i should do )
2011-06-25 21:03:01 +08:00
uint8_t* data = emCARD + blockNum * 16;
if (emlCheckValBl(blockNum)) {
return 1;
}
memcpy(blReg, data, 4);
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
*blBlock = data[12];
1. emulator works. tested on ARC1302, NXP pegoda, touchtag, my firm's readers. 2. added increment, decrement, restore, transfer commands 3. fixed several small bugs and small code cleaning 4. there is strange behavier in the emulator: for 7BUID is seems that there is must be a feature that cam make work card withouth 2nd anticollision loop. NXP reader authenticates, but cant read card contents. all the rest readers works, BUT.... my 7BUID mifare card dont work AT ALL .... I dont know what i should do )
2011-06-25 21:03:01 +08:00
return 0;
}
int emlSetValBl(uint32_t blReg, uint8_t blBlock, int blockNum) {
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
1. emulator works. tested on ARC1302, NXP pegoda, touchtag, my firm's readers. 2. added increment, decrement, restore, transfer commands 3. fixed several small bugs and small code cleaning 4. there is strange behavier in the emulator: for 7BUID is seems that there is must be a feature that cam make work card withouth 2nd anticollision loop. NXP reader authenticates, but cant read card contents. all the rest readers works, BUT.... my 7BUID mifare card dont work AT ALL .... I dont know what i should do )
2011-06-25 21:03:01 +08:00
uint8_t* data = emCARD + blockNum * 16;
memcpy(data + 0, &blReg, 4);
memcpy(data + 8, &blReg, 4);
blReg = blReg ^ 0xffffffff;
memcpy(data + 4, &blReg, 4);
data[12] = blBlock;
data[13] = blBlock ^ 0xff;
data[14] = blBlock;
data[15] = blBlock ^ 0xff;
return 0;
}
1. updated usb commands 2. added abilities to: clear, get, set, load from card, load from nested card emulator dump 3. tried to fix proxmark promt have seen everywhere (not so good) 4. reorganized arm code
2011-06-18 02:39:54 +08:00
uint64_t emlGetKey(int sectorNum, int keyType) {
uint8_t key[6];
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
1. updated usb commands 2. added abilities to: clear, get, set, load from card, load from nested card emulator dump 3. tried to fix proxmark promt have seen everywhere (not so good) 4. reorganized arm code
2011-06-18 02:39:54 +08:00
fix/add support for 4K (and other non 1K) card sizes in hf mf commands - hf mf rdsc (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39 - hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards - hf mf dump (add): added (optional) card size parameter and support for non 1K cards - hf mf dump (fix): Access Condition 011 not handled correctly (tried to access with key A) - hf mf restore (add): added (optional) card size parameter and support for non 1K cards - hf mf nested (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39 - hf mf nested (fix): always dumped 16 keys to dumpkeys.bin instead of correct number - hf mf chk (fix): always dumped 16 keys to dumpkeys.bin instead of correct number - hf mf eget (fix): displayed three instead of one block - hf mf eload (add): load 4K .eml files (but accepts 1K .eml files for backwards compatibility) - hf mf esave (add): always save the whole emulator memory (4K) instead of 1K only - hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
2014-09-11 01:04:50 +08:00
memcpy(key, emCARD + 16 * (FirstBlockOfSector(sectorNum) + NumBlocksPerSector(sectorNum) - 1) + keyType * 10, 6);
1. updated usb commands 2. added abilities to: clear, get, set, load from card, load from nested card emulator dump 3. tried to fix proxmark promt have seen everywhere (not so good) 4. reorganized arm code
2011-06-18 02:39:54 +08:00
return bytes_to_num(key, 6);
}
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
void emlClearMem(void) {
Enhanced hf mf chk , add default key,support dic file and so on. modify hf mf mifare to automatically use an invalid key'nt try again. make some changes to support mifare classic 4k.
2012-05-30 11:45:55 +08:00
int b;
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
const uint8_t trailer[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0x80, 0x69, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
const uint8_t uid[] = {0xe6, 0x84, 0x87, 0xf3, 0x16, 0x88, 0x04, 0x00, 0x46, 0x8e, 0x45, 0x55, 0x4d, 0x70, 0x41, 0x04};
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
uint8_t* emCARD = get_bigbufptr_emlcardmem();
Enhanced hf mf chk , add default key,support dic file and so on. modify hf mf mifare to automatically use an invalid key'nt try again. make some changes to support mifare classic 4k.
2012-05-30 11:45:55 +08:00
Applied Holiman's fixes for iclass.c and CSNs Applied PwPiwi's new parity fix. Applied Marshmellw's fixes for FSKdemod (HID, IO) FIX: a potential bigbuffer fault given pwpiwi's change inside lfops.c CmdIOdemodFSK & CmdHIDdemodFSK FIX: change some "int" parameters to uint's. FIX: changed the lfops.c - DoAcquisition125k_internal to respect pwpiwi's definitions of FREE_BUFFER_OFFSET HEADS up: The ultralight functions hasn't been verified since pwpiwi's changes.
2014-12-18 03:33:21 +08:00
memset(emCARD, 0, CARD_MEMORY_SIZE);
Enhanced hf mf chk , add default key,support dic file and so on. modify hf mf mifare to automatically use an invalid key'nt try again. make some changes to support mifare classic 4k.
2012-05-30 11:45:55 +08:00
// fill sectors trailer data
for(b = 3; b < 256; b<127?(b+=4):(b+=16)) {
emlSetMem((uint8_t *)trailer, b , 1);
}
1. fixed send manchester 2. emulator commands select, authenticate, read block, write block works 3. nested authentication - not working (maybe next release) 4. small bugfixes 5. mifare1ksim - in alpha state!!! code not so clear!!!
2011-06-16 22:43:49 +08:00
// uid
emlSetMem((uint8_t *)uid, 0, 1);
return;
}
Reference in a new issue Copy permalink