ADD: Started a "collect nonces" concept to be able to analyse the tag generated nonces.

This commit is contained in:
iceman1001 2015-04-24 18:41:49 +02:00
parent 395f6a814f
commit add0504dea
6 changed files with 81 additions and 5 deletions

View file

@ -919,6 +919,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
MifareSendCommand(c->arg[0], c->arg[1], c->d.asBytes);
break;
case CMD_MIFARE_COLLECT_NONCES:
MifareCollectNonces(c->arg[0], c->[1]);
break;
#endif
#ifdef WITH_ICLASS

View file

@ -19,6 +19,7 @@
#include <string.h>
#include <strings.h>
#include "../common/crc32.h"
#include "../common/lfdemod.h"
#include "BigBuf.h"
#include "../include/hitag2.h"
#include "../include/mifare.h"
@ -196,6 +197,8 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
void MifareCIdent(); // is "magic chinese" card?
void MifareUSetPwd(uint8_t arg0, uint8_t *datain);
void MifareCollectNonces(uint32_t arg0, uint32_t arg1);
//desfire
void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain);
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain);

View file

@ -1218,7 +1218,75 @@ void MifareCIdent(){
cmd_send(CMD_ACK,isOK,0,0,0,0);
}
//
void MifareCollectNonces(uint32_t arg0, uint32_t arg1){
BigBuf_free();
uint32_t iterations = arg0;
uint8_t uid[10] = {0x00};
uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);
uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);
uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
// get memory from BigBuf.
uint8_t *nonces = BigBuf_malloc(iterations * 4);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
clear_trace();
set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
for (int i = 0; i < iterations; i++) {
WDT_HIT();
// Test if the action was cancelled
if(BUTTON_PRESS()) break;
// if(mifare_classic_halt(pcs, cuid)) {
// if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
//}
if(!iso14443a_select_card(uid, NULL, NULL)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
continue;
};
// Transmit MIFARE_CLASSIC_AUTH.
ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);
// Receive the (4 Byte) "random" nonce
if (!ReaderReceive(response, responsePar)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Couldn't receive tag nonce");
continue;
}
nonces[i*4] = bytes_to_num(response, 4);
}
int packLen = iterations * 4;
int packSize = 0;
int packNum = 0;
while (packLen > 0) {
packSize = MIN(USB_CMD_DATA_SIZE, packLen);
LED_B_ON();
cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);
LED_B_OFF();
packLen -= packSize;
packNum++;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
//
// DESFIRE
//

View file

@ -433,7 +433,7 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
size_t len = 0;
size_t wrappedLen = 0;
uint8_t wCmd[USB_CMD_DATA_SIZE] = {0};
uint8_t wCmd[USB_CMD_DATA_SIZE] = {0x00};
uint8_t resp[MAX_FRAME_SIZE];
uint8_t par[MAX_PARITY_SIZE];

View file

@ -365,9 +365,9 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl
{
// variables
uint16_t len, i;
uint32_t pos;
uint8_t par[3] = {0}; // enough for 18 Bytes to send
byte_t res;
uint32_t pos = 0;
uint8_t par[3] = {0x00}; // enough for 18 Bytes to send
byte_t res = 0;
uint8_t d_block[18], d_block_enc[18];
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];

View file

@ -193,6 +193,8 @@ typedef struct{
#define CMD_MIFARE_DESFIRE_INFO 0x072d
#define CMD_MIFARE_DESFIRE 0x072e
#define CMD_MIFARE_COLLECT_NONCES 0x072f
#define CMD_UNKNOWN 0xFFFF