Merge branch 'master' of https://github.com/Proxmark/proxmark3

Conflicts: armsrc/iclass.c armsrc/lfops.c client/cmdlf.c common/lfdemod.c include/usb_cmd.h
2025-03-05 20:43:12 +08:00 · 2015-03-30 21:11:37 +02:00 · 2015-03-30 21:11:37 +02:00 · 02d352fea7
commit 02d352fea7
parent ec09716a65 616970b3d1
10 changed files with 4186 additions and 4180 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,28 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
+
+## [Unreleased][unreleased]
+### Changed
+- Iclass read, `hf iclass read` now also reads tag config and prints configuration. (holiman)
+
+### Fixed
+- Fixed issue #19, problems with LF T55xx commands (marshmellow)
+
+### Added
+- Added changelog
+
+## [2.0.0] - 2015-03-25
+### Changed
+- LF sim operations now abort when new commands arrive over the USB - not required to push the device button anymore.
+
+### Fixed
+- Mifare simulation, `hf mf sim` (was broken a long time) (pwpiwi)
+- Major improvements in LF area and data operations. (marshmellow, iceman1001)
+- Issues regarding LF simulation (pwpiwi)
+
+### Added
+- iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers don't seem to enforce update. (holiman).
+- iClass decryption. Proxmark can now decrypt data on an iclass tag, but requires you to have the HID decryption key locally on your computer, as this is not bundled with the sourcecode. 
+
+
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
@ -1628,7 +1628,10 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
 	static uint8_t act_all[]     = { 0x0a };
 	static uint8_t identify[]    = { 0x0c };
 	static uint8_t select[]      = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-	static uint8_t readcheck_cc[]= { 0x88, 0x02 };
+
+
+	static uint8_t readcheck_cc[]= { 0x88, 0x02,};
+
 	uint8_t resp[ICLASS_BUFFER_SIZE];

 	uint8_t read_status = 0;
@ -1663,27 +1666,32 @@ uint8_t handshakeIclassTag(uint8_t *card_data)
 	if(ReaderReceiveIClass(resp) == 8) {
 		//Save CC (e-purse) in response data
 		memcpy(card_data+8,resp,8);
-
-		//Got both
-		read_status = 2;
+		read_status++;
 	}

 	return read_status;
 }

+
 // Reader iClass Anticollission
 void ReaderIClass(uint8_t arg0) {

-    uint8_t card_data[24]={0};
+	uint8_t card_data[6 * 8]={0xFF};
    uint8_t last_csn[8]={0};
 	
+	//Read conf block CRC(0x01) => 0xfa 0x22
+	uint8_t readConf[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x01, 0xfa, 0x22};
+	//Read conf block CRC(0x05) => 0xde  0x64
+	uint8_t readAA[] = { ICLASS_CMD_READ_OR_IDENTIFY,0x05, 0xde, 0x64};
+
+
    int read_status= 0;
+	uint8_t result_status = 0;
    bool abort_after_read = arg0 & FLAG_ICLASS_READER_ONLY_ONCE;
-	bool get_cc = arg0 & FLAG_ICLASS_READER_GET_CC;
+
 	set_tracing(TRUE);
    setupIclassReader();

-    size_t datasize = 0;
    while(!BUTTON_PRESS())
    {

@ -1696,15 +1704,40 @@ void ReaderIClass(uint8_t arg0) {
 		read_status = handshakeIclassTag(card_data);

 		if(read_status == 0) continue;
-		if(read_status == 1) datasize = 8;
-		if(read_status == 2) datasize = 16;
+		if(read_status == 1) result_status = FLAG_ICLASS_READER_CSN;
+		if(read_status == 2) result_status = FLAG_ICLASS_READER_CSN|FLAG_ICLASS_READER_CC;

-		//Todo, read the public blocks 1,5 aswell:
-		//
-		// 0 : CSN (we already have)
+		// handshakeIclass returns CSN|CC, but the actual block
+		// layout is CSN|CONFIG|CC, so here we reorder the data,
+		// moving CC forward 8 bytes
+		memcpy(card_data+16,card_data+8, 8);
+		//Read block 1, config
+		if(arg0 & FLAG_ICLASS_READER_CONF)
+		{
+			if(sendCmdGetResponseWithRetries(readConf, sizeof(readConf),card_data+8, 10, 10))
+			{
+				Dbprintf("Failed to dump config block");
+			}else
+			{
+				result_status |= FLAG_ICLASS_READER_CONF;
+			}
+		}
+
+		//Read block 5, AA
+		if(arg0 & FLAG_ICLASS_READER_AA){
+			if(sendCmdGetResponseWithRetries(readAA, sizeof(readAA),card_data+(8*4), 10, 10))
+			{
+//				Dbprintf("Failed to dump AA block");
+			}else
+			{
+				result_status |= FLAG_ICLASS_READER_AA;
+			}
+		}
+
+		// 0 : CSN
 		// 1 : Configuration
-		// 2 : e-purse (we already have)
-		// (3,4 write-only)
+		// 2 : e-purse
+		// (3,4 write-only, kc and kd)
 		// 5 Application issuer area
 		//
 		//Then we can 'ship' back the 8 * 5 bytes of data,
@ -1714,10 +1747,10 @@ void ReaderIClass(uint8_t arg0) {
                    //Send back to client, but don't bother if we already sent this
                    if(memcmp(last_csn, card_data, 8) != 0)
 		{
-
-			if(!get_cc || (get_cc && read_status == 2))
+			// If caller requires that we get CC, continue until we got it
+			if( (arg0 & read_status & FLAG_ICLASS_READER_CC) || !(arg0 & FLAG_ICLASS_READER_CC))
 			{
-                        cmd_send(CMD_ACK,read_status,0,0,card_data,datasize);
+				cmd_send(CMD_ACK,result_status,0,0,card_data,sizeof(card_data));
 				if(abort_after_read) {
 					LED_A_OFF();
 					return;
@ -1725,7 +1758,7 @@ void ReaderIClass(uint8_t arg0) {
                    //Save that we already sent this....
                        memcpy(last_csn, card_data, 8);
 			}
-			//If 'get_cc' was specified and we didn't get a CC, we'll just keep trying...
+
 		}
 		LED_B_OFF();
    }
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
--- a/client/cmddata.c
+++ b/client/cmddata.c
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@ -30,6 +30,7 @@
 #include "loclass/elite_crack.h"
 #include "loclass/fileutils.h"
 #include "protocols.h"
+#include "usb_cmd.h"

 static int CmdHelp(const char *Cmd);

@ -166,29 +167,25 @@ int CmdHFiClassSim(const char *Cmd)

 int CmdHFiClassReader(const char *Cmd)
 {
-	UsbCommand c = {CMD_READER_ICLASS, {0}};
+	UsbCommand c = {CMD_READER_ICLASS, {FLAG_ICLASS_READER_CSN|
+					FLAG_ICLASS_READER_CONF|FLAG_ICLASS_READER_AA}};
 	SendCommand(&c);
 	UsbCommand resp;
 	while(!ukbhit()){
 		if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
-			uint8_t isOK    = resp.arg[0] & 0xff;
+			uint8_t readStatus    = resp.arg[0] & 0xff;
 			uint8_t * data  = resp.d.asBytes;

-			PrintAndLog("isOk:%02x", isOK);
-			if( isOK == 0){
+			PrintAndLog("Readstatus:%02x", readStatus);
+			if( readStatus == 0){
 				//Aborted
 				PrintAndLog("Quitting...");
 				return 0;
 			}
-			if(isOK > 0)
-			{
-				PrintAndLog("CSN: %s",sprint_hex(data,8));
-			}
-			if(isOK >= 1)
-			{
-				PrintAndLog("CC: %s",sprint_hex(data+8,8));
-			}else{
-				PrintAndLog("No CC obtained");
+			if( readStatus & FLAG_ICLASS_READER_CSN) PrintAndLog("CSN: %s",sprint_hex(data,8));
+			if( readStatus & FLAG_ICLASS_READER_CC)  PrintAndLog("CC: %s",sprint_hex(data+16,8));
+			if( readStatus & FLAG_ICLASS_READER_CONF){
+				printIclassDumpInfo(data);
 			}
 		} else {
 			PrintAndLog("Command execute timeout");
@ -269,7 +266,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
 	uint8_t key_sel_p[8] = { 0 };

 	UsbCommand c = {CMD_READER_ICLASS, {0}};
-	c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC;
+	c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_CC;
 	SendCommand(&c);


@ -284,7 +281,7 @@ int CmdHFiClassReader_Dump(const char *Cmd)
 	uint8_t * data  = resp.d.asBytes;

 	memcpy(CSN,data,8);
-	memcpy(CCNR,data+8,8);
+	memcpy(CCNR,data+16,8);

 	PrintAndLog("isOk:%02x", isOK);

--- a/client/graph.c
+++ b/client/graph.c
@ -146,7 +146,7 @@ uint8_t GetPskCarrier(const char str[], bool printAns, bool verbose)
 	}
 	//uint8_t countPSK_FC(uint8_t *BitStream, size_t size)

-	carrier = countPSK_FC(grph,size);
+	carrier = countFC(grph,size,0);
 	// Only print this message if we're not looping something
 	if (printAns){
 		PrintAndLog("Auto-detected PSK carrier rate: %d", carrier);
@ -232,8 +232,7 @@ uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose)
 	uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
 	size_t size = getFromGraphBuf(BitStream);
 	if (size==0) return 0;
-	uint8_t dummy = 0;
-	uint16_t ans = countFC(BitStream, size, &dummy); 
+	uint16_t ans = countFC(BitStream, size, 1); 
 	if (ans==0) {
 		if (verbose) PrintAndLog("DEBUG: No data found");
 		return 0;
--- a/common/ldscript.common
+++ b/common/ldscript.common
@ -14,6 +14,7 @@ MEMORY
 	bootphase1 : ORIGIN = 0x00100000, LENGTH = 0x200             /* Phase 1 bootloader: Copies real bootloader to RAM */
 	bootphase2 : ORIGIN = 0x00100200, LENGTH = 0x2000 - 0x200    /* Main bootloader code, stored in Flash, executed from RAM */
 	fpgaimage  : ORIGIN = 0x00102000, LENGTH = 96k - 0x2000      /* Place where the FPGA image will end up */
+	//osimage    : ORIGIN = 0x00118000, LENGTH = 256K - 96k        /* Place where the main OS will end up */
 	osimage    : ORIGIN = 0x00118000, LENGTH = 256K - 96k        /* Place where the main OS will end up */
 	ram        : ORIGIN = 0x00200000, LENGTH = 64K - 0x20        /* RAM, minus small common area */
 	commonarea : ORIGIN = 0x00200000 + 64K - 0x20, LENGTH = 0x20 /* Communication between bootloader and main OS */
--- a/common/lfdemod.c
+++ b/common/lfdemod.c
--- a/common/lfdemod.h
+++ b/common/lfdemod.h
@ -19,7 +19,6 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr);
 uint8_t DetectCleanAskWave(uint8_t dest[], size_t size, int high, int low);
 int askmandemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr);
 uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo);
-//uint64_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx);
 int ManchesterEncode(uint8_t *BitStream, size_t size);
 int manrawdecode(uint8_t *BitStream, size_t *size);
 int BiphaseRawDecode(uint8_t * BitStream, size_t *size, int offset, int invert);
@ -34,20 +33,16 @@ void psk1TOpsk2(uint8_t *BitStream, size_t size);
 void psk2TOpsk1(uint8_t *BitStream, size_t size);
 int DetectNRZClock(uint8_t dest[], size_t size, int clock);
 int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
-void pskCleanWave(uint8_t *bitStream, size_t size);
 int PyramiddemodFSK(uint8_t *dest, size_t *size);
 int AWIDdemodFSK(uint8_t *dest, size_t *size);
 size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen);
-uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t *mostFC);
+uint16_t countFC(uint8_t *BitStream, size_t size, uint8_t fskAdj);
 uint8_t detectFSKClk(uint8_t *BitStream, size_t size, uint8_t fcHigh, uint8_t fcLow);
 int getHiLo(uint8_t *BitStream, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo);
 int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
 uint8_t preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx);
 uint8_t parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType);
-uint8_t justNoise(uint8_t *BitStream, size_t size);
-uint8_t countPSK_FC(uint8_t *BitStream, size_t size);
 int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert);
 int DetectPSKClock(uint8_t dest[], size_t size, int clock);
-void askAmp(uint8_t *BitStream, size_t size);

 #endif
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@ -205,7 +205,11 @@ typedef struct{

 //Iclass reader flags
 #define FLAG_ICLASS_READER_ONLY_ONCE 0x01
-#define FLAG_ICLASS_READER_GET_CC       0x02
+#define FLAG_ICLASS_READER_CC       0x02
+#define FLAG_ICLASS_READER_CSN		0x04
+#define FLAG_ICLASS_READER_CONF		0x08
+#define FLAG_ICLASS_READER_AA		0x10
+


 // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions: