From 5633768e810ca38305968e4875aeaf60f60a4ecf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?An=C5=BEe=20Jen=C5=A1terle?= Date: Fri, 5 Mar 2021 10:58:52 +0100 Subject: [PATCH] desfire emulation standalone --- armsrc/Standalone/Makefile.hal | 5 +- armsrc/Standalone/Makefile.inc | 4 ++ armsrc/Standalone/hf_emuldes.c | 111 +++++++++++++++++++++++++++++++++ 3 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 armsrc/Standalone/hf_emuldes.c diff --git a/armsrc/Standalone/Makefile.hal b/armsrc/Standalone/Makefile.hal index 552267611..3c0420f2d 100644 --- a/armsrc/Standalone/Makefile.hal +++ b/armsrc/Standalone/Makefile.hal @@ -50,6 +50,9 @@ define KNOWN_STANDALONE_DEFINITIONS | HF_COLIN | Mifare ultra fast sniff/sim/clone | | (RDV4 only) | - Colin Brigato | +----------------------------------------------------------+ +| HF_EMULDES | DESfire 14a simulation | +| | - Anze Jensterle | ++----------------------------------------------------------+ | HF_ICECLASS | Simulate HID iCLASS legacy ags | | (RDV4 only) | storing in flashmem | +----------------------------------------------------------+ @@ -71,7 +74,7 @@ define KNOWN_STANDALONE_DEFINITIONS endef STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE -STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MSDSAL HF_TCPRST HF_YOUNG +STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_EMULDES HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MSDSAL HF_TCPRST HF_YOUNG STANDALONE_MODES_REQ_SMARTCARD := STANDALONE_MODES_REQ_FLASH := LF_ICEHID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),) diff --git a/armsrc/Standalone/Makefile.inc b/armsrc/Standalone/Makefile.inc index 519dc2087..bda3b2719 100644 --- a/armsrc/Standalone/Makefile.inc +++ b/armsrc/Standalone/Makefile.inc @@ -77,3 +77,7 @@ endif ifneq (,$(findstring WITH_STANDALONE_LF_THAREXDE,$(APP_CFLAGS))) SRC_STANDALONE = lf_tharexde.c endif +# WITH_STANDALONE_HF_EMULDES +ifneq (,$(findstring WITH_STANDALONE_HF_EMULDES,$(APP_CFLAGS))) + SRC_STANDALONE = hf_emuldes.c +endif \ No newline at end of file diff --git a/armsrc/Standalone/hf_emuldes.c b/armsrc/Standalone/hf_emuldes.c new file mode 100644 index 000000000..20a64bf00 --- /dev/null +++ b/armsrc/Standalone/hf_emuldes.c @@ -0,0 +1,111 @@ +//----------------------------------------------------------------------------- +// Copyright 2020 Anze Jensterle +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// main code for standalone HF/iso14a emulator +//----------------------------------------------------------------------------- + +/* + * `hf_basicbreak` scans a card + */ + +#include "standalone.h" +#include "proxmark3_arm.h" +#include "appmain.h" +#include "fpgaloader.h" +#include "util.h" +#include "dbprint.h" +#include "ticks.h" +#include "string.h" +#include "BigBuf.h" +#include "iso14443a.h" +#include "protocols.h" +#include "cmd.h" + +#define STATE_READ 0 +#define STATE_EMUL 1 + +typedef struct { + uint8_t uid[10]; + uint8_t uidlen; + uint8_t atqa[2]; + uint8_t sak; +} PACKED card_clone_t; + +void ModInfo(void) { + DbpString("hf_emuldes: standalone DESfire that scans a card and then emulates UID, SAK and ATQA"); +} + +void RunMod(void) { + StandAloneMode(); + Dbprintf("HF DESfire emulator started"); + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + + // the main loop for your standalone mode + for (;;) { + WDT_HIT(); + + // exit from RunMod, send a usbcommand. + if (data_available()) break; + + iso14a_card_select_t card; + card_clone_t clone; + + SpinDelay(500); + + // 0 = search, 1 = read, 2 = emul + int state = STATE_READ; + + DbpString("Scanning..."); + int button_pressed = BUTTON_NO_CLICK; + for (;;) { + // Was our button held down or pressed? + button_pressed = BUTTON_HELD(1000); + + if (button_pressed != BUTTON_NO_CLICK || data_available()) + break; + else if (state == STATE_READ) { + iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); + if (!iso14443a_select_card(NULL, &card, NULL, true, 0, true)) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + SpinDelay(500); + continue; + } else { + Dbprintf("Found card with SAQ: %02X, ATQA: %02X %02X, UID: ", card.sak, card.atqa[0], card.atqa[1]); + Dbhexdump(card.uidlen, card.uid, 0); + clone.uidlen = card.uidlen; + clone.sak = card.sak; + clone.atqa[0] = card.atqa[0]; + clone.atqa[1] = card.atqa[1]; + memcpy(clone.uid, card.uid, card.uidlen); + state = STATE_EMUL; + } + } else if (state == STATE_EMUL) { + uint8_t flags; + if (clone.uidlen == 4) flags |= FLAG_4B_UID_IN_DATA; + else if (clone.uidlen == 7) flags |= FLAG_7B_UID_IN_DATA; + else if (clone.uidlen == 10) flags |= FLAG_10B_UID_IN_DATA; + else { + Dbprintf("Unusual UID length, something is wrong. Try again please."); + state = STATE_READ; + continue; + } + + Dbprintf("Starting simulation, press pm3-button to stop and go back to search state."); + SimulateIso14443aTag(3, flags, card.uid, 0); + + // Go back to search state if user presses pm3-button + state = STATE_READ; + } + } + if (button_pressed == BUTTON_HOLD) //Holding down the button + break; + } + + DbpString("exiting"); + LEDsoff(); +}