RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-18 03:00:58 +08:00
Code Issues Projects Releases Packages Wiki Activity

chg 'hf iclass chk' - increased timeout, switch off antenna before each run in order to reset card, three retires. all this make it more stable.

Browse source
This commit is contained in:
iceman1001 2018-02-04 10:20:38 +01:00
parent dc25f9212f
commit 6a9ddf6e69
3 changed files with 28 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
armsrc/iclass.c
View file

@ -1739,7 +1739,7 @@ static int GetIClassAnswer(uint8_t* receivedResponse, int maxLen, int *samples,
// Set FPGA mode to "reader listen mode", no modulation (listen // Set FPGA mode to "reader listen mode", no modulation (listen
// only, since we are receiving, not transmitting). // only, since we are receiving, not transmitting).
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN);
SpinDelayUs(330); //310 Tout= 330us (iso15603-2) (330/21.3) take consideration for clock increments. SpinDelayUs(320); //310 Tout= 330us (iso15603-2) (330/21.3) take consideration for clock increments.
// clear RXRDY: // clear RXRDY:
uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
@ -2171,7 +2171,13 @@ void iClass_ReadCheck(uint8_t blockNo, uint8_t keyType) {
void iClass_Authentication(uint8_t *mac) { void iClass_Authentication(uint8_t *mac) {
uint8_t check[] = { ICLASS_CMD_CHECK, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t check[] = { ICLASS_CMD_CHECK, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t resp[ICLASS_BUFFER_SIZE]; uint8_t resp[ICLASS_BUFFER_SIZE];
memcpy(check+5, mac, 4);
// copy MAC to check command (readersignature)
check[5] = mac[0];
check[6] = mac[1];
check[7] = mac[2];
check[8] = mac[3];
//memcpy(check+5, mac, 4);
// 6 retries // 6 retries
bool isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 6); bool isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 6);
@ -2208,6 +2214,9 @@ void iClass_Authentication_fast(uint64_t arg0, uint64_t arg1, uint8_t *datain) {
LED_A_ON(); LED_A_ON();
switch_off();
SpinDelay(20);
setupIclassReader(); setupIclassReader();
int read_status = 0; int read_status = 0;
@ -2218,43 +2227,42 @@ void iClass_Authentication_fast(uint64_t arg0, uint64_t arg1, uint8_t *datain) {
read_status = handshakeIclassTag_ext(card_data, use_credit_key); read_status = handshakeIclassTag_ext(card_data, use_credit_key);
if ( startup_limit-- == 0 ) { if ( startup_limit-- == 0 ) {
Dbprintf("Handshake status | %d (fail 10)", read_status); Dbprintf("[-] Handshake status | %d (fail 10)", read_status);
isOK = 99; isOK = 99;
goto out; goto out;
} }
}; };
// since handshakeIclassTag_ext call sends s readcheck, we start with sending first response.
// Keychunk loop // Keychunk loop
for (i = 0; i < keyCount; i++) { for (i = 0; i < keyCount; i++) {
LED_C_INV();
// Allow button press / usb cmd to interrupt device // Allow button press / usb cmd to interrupt device
if (BUTTON_PRESS() && !usb_poll_validate_length()) break; if (BUTTON_PRESS() && !usb_poll_validate_length()) break;
WDT_HIT(); WDT_HIT();
LED_B_ON(); LED_B_ON();
// Auth Sequence MUST begin with reading e-purse. (block2)
// Card selected, now read e-purse (cc) (block2) (only 8 bytes no CRC)
ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
if (ReaderReceiveIClass(resp) == 8) {
}
LED_B_OFF();
// copy MAC to check command (readersignature) // copy MAC to check command (readersignature)
check[5] = keys[i].mac[0]; check[5] = keys[i].mac[0];
check[6] = keys[i].mac[1]; check[6] = keys[i].mac[1];
check[7] = keys[i].mac[2]; check[7] = keys[i].mac[2];
check[8] = keys[i].mac[3]; check[8] = keys[i].mac[3];
// expect 4bytes, 3 retries times.. // expect 4bytes, 2 retries times..
isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 2); isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 3);
if ( isOK ) if ( isOK )
goto out; goto out;
SpinDelayUs(350); //iClass (iso15693-2) should timeout after 330us. SpinDelayUs(400); //iClass (iso15693-2) should timeout after 330us.
// Auth Sequence MUST begin with reading e-purse. (block2)
// Card selected, now read e-purse (cc) (block2) (only 8 bytes no CRC)
ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
// if (ReaderReceiveIClass(resp) == 8) {
// }
LED_B_OFF();
} }
out: out:

3
client/cmdhficlass.c
View file

@ -811,7 +811,7 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v
memcpy(CCNR, data+16, 8); memcpy(CCNR, data+16, 8);
if (isOK > 0) { if (isOK > 0) {
PrintAndLog("CCNR: %s MISSING NCN",sprint_hex(CCNR, 8)); if (verbose) PrintAndLog("CCNR: %s MISSING NCN", sprint_hex(CCNR, 8));
} }
if (isOK <= 1){ if (isOK <= 1){
@ -1915,7 +1915,6 @@ int CmdHFiClassCheckKeys(const char *Cmd) {
printf("[-] one more try\n"); printf("[-] one more try\n");
} }
} }
DropField();
if ( !got_csn ) { if ( !got_csn ) {
PrintAndLog("[!] can't select card, aborting..."); PrintAndLog("[!] can't select card, aborting...");

3
client/default_iclass_keys.dic
View file

@ -3,4 +3,5 @@
# -- iceman fork version -- # -- iceman fork version --
# -- contribute to this list, sharing is caring -- # -- contribute to this list, sharing is caring --
AEA684A6DAB23278 -- AA1 AEA684A6DAB23278 -- AA1
7665544332211000 -- key1 7665544332211000 -- key1
0123456789ABCDEF -- SAGEM