RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-12-27 10:34:08 +08:00
Code Issues Projects Releases Packages Wiki Activity

@frederikmoellers EPA changes, with APDU for ISO14443b support

Browse source
This commit is contained in:
iceman1001 2015-07-13 00:04:16 +02:00
parent b10a759fef
commit a62bf3afe1
3 changed files with 163 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
armsrc/epa.c
View file

@ -12,10 +12,11 @@
//-----------------------------------------------------------------------------
#include "iso14443a.h"
#include "iso14443b.h"
#include "epa.h"
#include "cmd.h"
// Protocol and Parameter Selection Request
// Protocol and Parameter Selection Request for ISO 14443 type A cards
// use regular (1x) speed in both directions
// CRC is already included
static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6};
@ -100,6 +101,28 @@ static struct {
// lengths of the replay APDUs
static uint8_t apdu_lengths_replay[5];
// type of card (ISO 14443 A or B)
static char iso_type = 0;
//-----------------------------------------------------------------------------
// Wrapper for sending APDUs to type A and B cards
//-----------------------------------------------------------------------------
int EPA_APDU(uint8_t *apdu, size_t length, uint8_t *response)
{
switch(iso_type)
{
case 'a':
return iso14_apdu(apdu, (uint16_t) length, response);
break;
case 'b':
return iso14443b_apdu(apdu, length, response);
break;
default:
return 0;
break;
}
}
//-----------------------------------------------------------------------------
// Closes the communication channel and turns off the field
//-----------------------------------------------------------------------------
@ -107,6 +130,7 @@ void EPA_Finish()
{
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
iso_type = 0;
}
//-----------------------------------------------------------------------------
@ -204,26 +228,26 @@ int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length)
int rapdu_length = 0;
// select the file EF.CardAccess
rapdu_length = iso14_apdu((uint8_t *)apdu_select_binary_cardaccess,
rapdu_length = EPA_APDU((uint8_t *)apdu_select_binary_cardaccess,
sizeof(apdu_select_binary_cardaccess),
response_apdu);
if (rapdu_length != 6
if (rapdu_length < 6
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
Dbprintf("epa - no select cardaccess");
DbpString("Failed to select EF.CardAccess!");
return -1;
}
// read the file
rapdu_length = iso14_apdu((uint8_t *)apdu_read_binary,
rapdu_length = EPA_APDU((uint8_t *)apdu_read_binary,
sizeof(apdu_read_binary),
response_apdu);
if (rapdu_length <= 6
|| response_apdu[rapdu_length - 4] != 0x90
|| response_apdu[rapdu_length - 3] != 0x00)
{
Dbprintf("epa - no read cardaccess");
Dbprintf("Failed to read EF.CardAccess!");
return -1;
}
@ -338,7 +362,7 @@ int EPA_PACE_Get_Nonce(uint8_t requested_length, uint8_t *nonce)
// send it
uint8_t response_apdu[262];
int send_return = iso14_apdu(apdu,
int send_return = EPA_APDU(apdu,
sizeof(apdu),
response_apdu);
// check if the command succeeded
@ -409,7 +433,7 @@ int EPA_PACE_MSE_Set_AT(pace_version_info_t pace_version_info, uint8_t password)
apdu[4] = apdu_length - 5;
// send it
uint8_t response_apdu[6];
int send_return = iso14_apdu(apdu,
int send_return = EPA_APDU(apdu,
apdu_length,
response_apdu);
// check if the command succeeded
@ -469,7 +493,7 @@ void EPA_PACE_Replay(UsbCommand *c)
// now replay the data and measure the timings
for (int i = 0; i < sizeof(apdu_lengths_replay); i++) {
StartCountUS();
func_return = iso14_apdu(apdus_replay[i].data,
func_return = EPA_APDU(apdus_replay[i].data,
apdu_lengths_replay[i],
response_apdu);
timings[i] = GetCountUS();
@ -501,18 +525,33 @@ int EPA_Setup()
uint8_t pps_response_par[1];
iso14a_card_select_t card_select_info;
// first, look for type A cards
// power up the field
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
// select the card
return_code = iso14443a_select_card(uid, &card_select_info, NULL);
if (return_code != 1) {
return 1;
}
if (return_code == 1) {
// send the PPS request
ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
return_code = ReaderReceive(pps_response, pps_response_par);
if (return_code != 3 || pps_response[0] != 0xD0) {
return return_code == 0 ? 2 : return_code;
}
Dbprintf("ISO 14443 Type A");
iso_type = 'a';
return 0;
}
// if we're here, there is no type A card, so we look for type B
// power up the field
iso14443b_setup();
// select the card
return_code = iso14443b_select_card();
if (return_code == 1) {
Dbprintf("ISO 14443 Type B");
iso_type = 'b';
return 0;
}
Dbprintf("No card found.");
return 1;
}

2
armsrc/epa.h
View file

@ -19,7 +19,7 @@ typedef struct {
uint8_t parameter_id;
} pace_version_info_t;
// note: EPA_PACE_Collect_Nonce is declared in apps.h
// note: EPA_PACE_Collect_Nonce and EPA_PACE_Replay are declared in apps.h
// general functions
void EPA_Finish();

116
armsrc/iso14443b.c
View file

@ -16,10 +16,13 @@
#include "iso14443crc.h"
#define RECEIVE_SAMPLES_TIMEOUT 200000
#define ISO14443B_DMA_BUFFER_SIZE 512
#define RECEIVE_SAMPLES_TIMEOUT 0x0003FFFF
#define ISO14443B_DMA_BUFFER_SIZE 256
uint8_t PowerOn = TRUE;
// PCB Block number for APDUs
static uint8_t pcb_blocknum = 0;
//=============================================================================
// An ISO 14443 Type B tag. We listen for commands from the reader, using
// a UART kind of thing that's implemented in software. When we get a
@ -636,6 +639,7 @@ static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq)
if(Demod.posCount < 10*2) { // low phase of SOF too short (< 9 etu). Note: spec is >= 10, but FPGA tends to "smear" edges
Demod.state = DEMOD_UNSYNCD;
} else {
LED_C_ON(); // Got SOF
Demod.state = DEMOD_AWAITING_START_BIT;
Demod.posCount = 0;
Demod.len = 0;
@ -693,7 +697,6 @@ static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq)
Demod.bitCount++;
if(Demod.bitCount == 10) {
LED_C_ON();
uint16_t s = Demod.shiftReg;
if((s & 0x200) && !(s & 0x001)) { // stop bit == '1', start bit == '0'
uint8_t b = (s >> 1);
@ -809,7 +812,7 @@ static void GetSamplesFor14443bDemod(int n, bool quiet)
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
if (!quiet) {
if (!quiet && Demod.len == 0) {
Dbprintf("max behindby = %d, samples = %d, gotFrame = %d, Demod.len = %d, Demod.sumI = %d, Demod.sumQ = %d",
max,
samples,
@ -837,6 +840,9 @@ static void TransmitFor14443b(void)
FpgaSetupSsc();
// Start the timer
StartCountSspClk();
while(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
AT91C_BASE_SSC->SSC_THR = 0xff;
}
@ -950,6 +956,99 @@ static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len)
}
}
/* Sends an APDU to the tag
* TODO: check CRC and preamble
*/
int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response)
{
uint8_t message_frame[message_length + 4];
// PCB
message_frame[0] = 0x0A | pcb_blocknum;
pcb_blocknum ^= 1;
// CID
message_frame[1] = 0;
// INF
memcpy(message_frame + 2, message, message_length);
// EDC (CRC)
ComputeCrc14443(CRC_14443_B, message_frame, message_length + 2, &message_frame[message_length + 2], &message_frame[message_length + 3]);
// send
CodeAndTransmit14443bAsReader(message_frame, message_length + 4);
// get response
GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT*100, TRUE);
if(Demod.len < 3)
{
return 0;
}
// TODO: Check CRC
// copy response contents
if(response != NULL)
{
memcpy(response, Demod.output, Demod.len);
}
return Demod.len;
}
/* Perform the ISO 14443 B Card Selection procedure
* Currently does NOT do any collision handling.
* It expects 0-1 cards in the device's range.
* TODO: Support multiple cards (perform anticollision)
* TODO: Verify CRC checksums
*/
int iso14443b_select_card()
{
// WUPB command (including CRC)
// Note: WUPB wakes up all tags, REQB doesn't wake up tags in HALT state
static const uint8_t wupb[] = { 0x05, 0x00, 0x08, 0x39, 0x73 };
// ATTRIB command (with space for CRC)
uint8_t attrib[] = { 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00};
// first, wake up the tag
CodeAndTransmit14443bAsReader(wupb, sizeof(wupb));
GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, TRUE);
// ATQB too short?
if (Demod.len < 14)
{
return 2;
}
// select the tag
// copy the PUPI to ATTRIB
memcpy(attrib + 1, Demod.output + 1, 4);
/* copy the protocol info from ATQB (Protocol Info -> Protocol_Type) into
ATTRIB (Param 3) */
attrib[7] = Demod.output[10] & 0x0F;
ComputeCrc14443(CRC_14443_B, attrib, 9, attrib + 9, attrib + 10);
CodeAndTransmit14443bAsReader(attrib, sizeof(attrib));
GetSamplesFor14443bDemod(RECEIVE_SAMPLES_TIMEOUT, TRUE);
// Answer to ATTRIB too short?
if(Demod.len < 3)
{
return 2;
}
// reset PCB block number
pcb_blocknum = 0;
return 1;
}
// Set up ISO 14443 Type B communication (similar to iso14443a_setup)
void iso14443b_setup() {
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
BigBuf_free();
// Set up the synchronous serial port
FpgaSetupSsc();
// connect Demodulated Signal to ADC:
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
// Signal field is on with the appropriate LED
LED_D_ON();
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD);
// Start the timer
StartCountSspClk();
DemodReset();
UartReset();
}
//-----------------------------------------------------------------------------
// Read a SRI512 ISO 14443B tag.
@ -1252,12 +1351,19 @@ void RAMFUNC SnoopIso14443b(void)
*/
void SendRawCommand14443B(uint32_t datalen, uint32_t recv, uint8_t powerfield, uint8_t data[])
{
iso14443b_setup();
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
BigBuf_free();
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
if ( !PowerOn ){
FpgaSetupSsc();
}
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
// Start the timer
StartCountSspClk();
DemodReset();
UartReset();
if ( datalen == 0 && recv == 0 && powerfield == 0){
clear_trace();