diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 017d5eff7..aedf3f191 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -1169,12 +1169,11 @@ int doIClassSimulation(uint8_t csn[], int breakAfterMacReceived, uint8_t *reader } else if(receivedCmd[0] == 0x05) { // Reader random and reader MAC!!! // Do not respond - // We do not know what to answer, so lets keep quit + // We do not know what to answer, so lets keep quiet resp = resp1; respLen = 0; //order = 5; respdata = NULL; respsize = 0; if (breakAfterMacReceived){ - // TODO, actually return this to the caller instead of just // dbprintf:ing ... Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]); Dbprintf("RDR: (len=%02d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",len, @@ -1478,8 +1477,8 @@ void ReaderIClass(uint8_t arg0) { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); // Reset trace buffer - memset(trace, 0x44, RECV_CMD_OFFSET); - traceLen = 0; + iso14a_set_tracing(TRUE); + iso14a_clear_trace(); // Setup SSC FpgaSetupSsc(); @@ -1554,10 +1553,11 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { } memory; uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes + // Enable and clear the trace + iso14a_set_tracing(TRUE); + iso14a_clear_trace(); + - // Reset trace buffer - memset(trace, 0x44, RECV_CMD_OFFSET); - traceLen = 0; // Setup SSC FpgaSetupSsc(); @@ -1681,15 +1681,16 @@ void IClass_iso14443A_GetPublic(uint8_t arg0) { uint8_t identify[] = { 0x0c }; uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t readcheck_cc[]= { 0x88, 0x02 }; - //uint8_t read[] = { 0x0c, 0x00, 0x00, 0x00 }; - uint8_t card_data[24]={0}; - - //bool read_success=false; - uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes - // Reset trace buffer - memset(trace, 0x44, RECV_CMD_OFFSET); - traceLen = 0; + uint8_t card_data[24]={0}; + uint8_t* resp = (((uint8_t *)BigBuf) + 3560); // was 3560 - tied to other size changes + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + + int read_success= 0; + + // Enable and clear the trace + iso14a_set_tracing(TRUE); + iso14a_clear_trace(); // Setup SSC FpgaSetupSsc(); @@ -1708,67 +1709,50 @@ void IClass_iso14443A_GetPublic(uint8_t arg0) { LED_A_ON(); - for(int i=0;i<1;i++) { - - if(traceLen > TRACE_SIZE) { - DbpString("Trace full"); - break; - } - - if (BUTTON_PRESS()) break; + // Send act_all + ReaderTransmitIClass(act_all, 1); + // Card present? + if(ReaderReceiveIClass(resp)) { + ReaderTransmitIClass(identify, 1); + if(ReaderReceiveIClass(resp) == 10) { + //Copy the Anti-collision CSN to our select-packet + memcpy(&select[1],resp,8); + Dbprintf("Anti-collision CSN: %02x %02x %02x %02x %02x %02x %02x %02x"); + //Select the card + ReaderTransmitIClass(select, sizeof(select)); - // Send act_all - ReaderTransmitIClass(act_all, 1); - // Card present? - if(ReaderReceiveIClass(resp)) { - ReaderTransmitIClass(identify, 1); - if(ReaderReceiveIClass(resp) == 10) { - // Select card - memcpy(&select[1],resp,8); - ReaderTransmitIClass(select, sizeof(select)); + if(ReaderReceiveIClass(resp) == 10) { + Dbprintf(" Selected CSN: %02x %02x %02x %02x %02x %02x %02x %02x", + resp[0], resp[1], resp[2], + resp[3], resp[4], resp[5], + resp[6], resp[7]); + //Save CSN in response data + memcpy(card_data,resp,8); + //Flag that we got to at least stage 1, read CSN + read_success = 1; + + // Card selected + Dbprintf("Readcheck on Sector 2"); + ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); + if(ReaderReceiveIClass(resp) == 8) { + Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x", + resp[0], resp[1], resp[2], + resp[3], resp[4], resp[5], + resp[6], resp[7]); + //Save CC (e-purse) in response data + memcpy(card_data+8,resp,8); + //Got both + read_success = 2; + } + } + } + } + WDT_HIT(); - if(ReaderReceiveIClass(resp) == 10) { - Dbprintf(" Selected CSN: %02x %02x %02x %02x %02x %02x %02x %02x", - resp[0], resp[1], resp[2], - resp[3], resp[4], resp[5], - resp[6], resp[7]); - } - memcpy(card_data,resp,8); - // Card selected - Dbprintf("Readcheck on Sector 2"); - ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); - if(ReaderReceiveIClass(resp) == 8) { - Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x", - resp[0], resp[1], resp[2], - resp[3], resp[4], resp[5], - resp[6], resp[7]); - } - memcpy(card_data+8,resp,8); - //prep to read config block - /* read card configuration block - while(!read_success){ - uint8_t sector_config=0x01; - memcpy(read+1,§or_config,1); - ReaderTransmitIClass(read, sizeof(read)); - if(ReaderReceiveIClass(resp) == 8) { - Dbprintf(" CC: %02x %02x %02x %02x %02x %02x %02x %02x", - resp[0], resp[1], resp[2], - resp[3], resp[4], resp[5], - resp[6], resp[7]); - read_success=true; - memcpy(card_data+16,resp,8); - } - }*/ - } - } - WDT_HIT(); - } - //Dbprintf("DEBUG: %02x%02x%02x%02x%02x%02x%02x%02x",card_data[0],card_data[1],card_data[2],card_data[3],card_data[4],card_data[5],card_data[6],card_data[7]); - //Dbprintf("DEBUG: %02x%02x%02x%02x%02x%02x%02x%02x",card_data[8],card_data[9],card_data[10],card_data[11],card_data[12],card_data[13],card_data[14],card_data[15]); LED_A_OFF(); LED_B_ON(); - //send data back to the client - cmd_send(CMD_ACK,0,0,0,card_data,16); + //Send back to client + cmd_send(CMD_ACK,read_success,0,0,card_data,16); LED_B_OFF(); } diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 91b5d8980..01bdfc11b 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -1,7 +1,7 @@ //----------------------------------------------------------------------------- // Copyright (C) 2010 iZsh , Hagen Fritsch // Copyright (C) 2011 Gerhard de Koning Gans -// Copyright (C) 2014 Midnitesnake & Andy Davies +// Copyright (C) 2014 Midnitesnake & Andy Davies & Martin Holst Swende // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -88,7 +88,7 @@ int CmdHFiClassList(const char *Cmd) timestamp = *((uint32_t *)(got+i)); parityBits = *((uint32_t *)(got+i+4)); len = got[i+8]; - frame = (got+i+9); + frame = (got+i+9); uint32_t next_timestamp = (*((uint32_t *)(got+i+9))) & 0x7fffffff; tagToReader = timestamp & 0x80000000; @@ -98,7 +98,7 @@ int CmdHFiClassList(const char *Cmd) first_timestamp = timestamp; } - // Break and stick with current result if buffer was not completely full + // Break and stick with current result idf buffer was not completely full if (frame[0] == 0x44 && frame[1] == 0x44 && frame[2] == 0x44 && frame[3] == 0x44) break; char line[1000] = ""; @@ -453,8 +453,6 @@ int CmdHFiClassReader_Dump(const char *Cmd) if (strlen(Cmd)<1) { - //PrintAndLog("Usage: hf iclass dump "); - //PrintAndLog(" sample: hf iclass dump 0011223344556677 aabbccddeeffgghh FFFFFFFFFFFFFFFF"); PrintAndLog("Usage: hf iclass dump "); PrintAndLog(" sample: hf iclass dump 0011223344556677"); return 0; @@ -465,43 +463,43 @@ int CmdHFiClassReader_Dump(const char *Cmd) PrintAndLog("KEY must include 16 HEX symbols"); return 1; } - - /*if (param_gethex(Cmd, 1, CSN, 16)) - { - PrintAndLog("CSN must include 16 HEX symbols"); - return 1; - } - if (param_gethex(Cmd, 2, CC_temp, 16)) - { - PrintAndLog("CC must include 16 HEX symbols"); - return 1; - }*/ - + UsbCommand c = {CMD_ICLASS_ISO14443A_GETPUBLIC, {0}}; - //memcpy(c.d.asBytes, MAC, 4); + SendCommand(&c); UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) { - uint8_t isOK = resp.arg[0] & 0xff; - uint8_t * data = resp.d.asBytes; - - memcpy(CSN,data,8); - memcpy(CCNR,data+8,8); - PrintAndLog("DEBUG: %s",sprint_hex(CSN,8)); - PrintAndLog("DEBUG: %s",sprint_hex(CCNR,8)); - PrintAndLog("isOk:%02x", isOK); - } else { - PrintAndLog("Command execute timeout"); - } + uint8_t isOK = resp.arg[0] & 0xff; + uint8_t * data = resp.d.asBytes; - diversifyKey(CSN,KEY, div_key); - doMAC(CCNR,div_key, MAC); + memcpy(CSN,data,8); + memcpy(CCNR,data+8,8); - UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}}; - memcpy(d.d.asBytes, MAC, 4); - SendCommand(&d); + PrintAndLog("isOk:%02x", isOK); + + if(isOK > 0) + { + PrintAndLog("CSN: %s",sprint_hex(CSN,8)); + } + if(isOK > 1) + { + PrintAndLog("CC: %s",sprint_hex(CCNR,8)); + diversifyKey(CSN,KEY, div_key); + doMAC(CCNR,div_key, MAC); + + UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}}; + memcpy(d.d.asBytes, MAC, 4); + SendCommand(&d); + + }else{ + PrintAndLog("Failed to obtain CC! Aborting"); + } + } else { + PrintAndLog("Command execute timeout"); + } return 0; }