ADD: Started a "collect nonces" concept to be able to analyse the tag generated nonces.

armsrc/appmain.c

@@ -919,6 +919,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
 			MifareSendCommand(c->arg[0], c->arg[1], c->d.asBytes);
 			break;
 
+		case CMD_MIFARE_COLLECT_NONCES:
+			MifareCollectNonces(c->arg[0], c->[1]);
+			break;
 #endif
 
 #ifdef WITH_ICLASS

armsrc/apps.h

@@ -19,6 +19,7 @@
 #include <string.h>
 #include <strings.h>
 #include "../common/crc32.h"
+#include "../common/lfdemod.h"
 #include "BigBuf.h"
 #include "../include/hitag2.h"
 #include "../include/mifare.h"
@@ -196,6 +197,8 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
 void MifareCIdent();  // is "magic chinese" card?
 void MifareUSetPwd(uint8_t arg0, uint8_t *datain);
 
+void MifareCollectNonces(uint32_t arg0, uint32_t arg1);
+
 //desfire
 void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain);
 void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain);					   

armsrc/mifarecmd.c

@@ -1218,7 +1218,75 @@ void MifareCIdent(){
 	cmd_send(CMD_ACK,isOK,0,0,0,0);
 }
 
-			//
+void MifareCollectNonces(uint32_t arg0, uint32_t arg1){
+
+	BigBuf_free();
+
+	uint32_t iterations = arg0;
+	uint8_t uid[10] = {0x00};
+
+	uint8_t *response = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE);
+	uint8_t *responsePar = BigBuf_malloc(MAX_MIFARE_PARITY_SIZE);
+
+	uint8_t mf_auth[] = { 0x60,0x00,0xf5,0x7b };
+	
+	// get memory from BigBuf.
+	uint8_t *nonces = BigBuf_malloc(iterations * 4);
+
+	LED_A_ON();
+	LED_B_OFF();
+	LED_C_OFF();
+
+	clear_trace();
+	set_tracing(TRUE);
+	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
+	
+	for (int i = 0; i < iterations; i++) {
+						
+		WDT_HIT();
+
+		// Test if the action was cancelled
+		if(BUTTON_PRESS()) break;
+		
+		//		if(mifare_classic_halt(pcs, cuid)) {
+		//			if (MF_DBGLEVEL >= 1) Dbprintf("Halt error");
+		//}
+
+		if(!iso14443a_select_card(uid, NULL, NULL)) {
+			if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
+			continue;
+		};
+
+		// Transmit MIFARE_CLASSIC_AUTH.
+		ReaderTransmit(mf_auth, sizeof(mf_auth), NULL);
+
+		// Receive the (4 Byte) "random" nonce
+		if (!ReaderReceive(response, responsePar)) {
+			if (MF_DBGLEVEL >= 1)	Dbprintf("Couldn't receive tag nonce");
+			continue;
+		}	
+		
+		nonces[i*4] = bytes_to_num(response, 4);
+	}
+		
+	int packLen =  iterations * 4;
+	int packSize = 0;
+	int packNum = 0;
+	while (packLen > 0) {
+		packSize = MIN(USB_CMD_DATA_SIZE, packLen);
+		LED_B_ON();
+		cmd_send(CMD_ACK, 77, 0, packSize, nonces - packLen, packSize);
+		LED_B_OFF();
+
+		packLen -= packSize;
+		packNum++;
+	}
+
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+	LEDsoff();
+}
+
+//
 // DESFIRE
 //
 

armsrc/mifaredesfire.c

@@ -433,7 +433,7 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
 
 	size_t len = 0;
 	size_t wrappedLen = 0;
-	uint8_t wCmd[USB_CMD_DATA_SIZE] = {0};
+	uint8_t wCmd[USB_CMD_DATA_SIZE] = {0x00};
 	
 	uint8_t resp[MAX_FRAME_SIZE];
     uint8_t par[MAX_PARITY_SIZE];

armsrc/mifareutil.c

@@ -365,9 +365,9 @@ int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t bl
 {
 	// variables
 	uint16_t len, i;	
-	uint32_t pos;
+	uint32_t pos = 0;
-	uint8_t par[3] = {0};		// enough for 18 Bytes to send
+	uint8_t par[3] = {0x00};		// enough for 18 Bytes to send
-	byte_t res;
+	byte_t res = 0;
 	
 	uint8_t d_block[18], d_block_enc[18];
 	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];

include/usb_cmd.h

@@ -193,6 +193,8 @@ typedef struct{
 #define CMD_MIFARE_DESFIRE_INFO                                           0x072d
 #define CMD_MIFARE_DESFIRE                                                0x072e
 
+#define CMD_MIFARE_COLLECT_NONCES										  0x072f
+
 #define CMD_UNKNOWN                                                       0xFFFF