RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-14 03:03:14 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fixed minor bugs in iclass fullsim, does not work yet though

Browse source
This commit is contained in:
Martin Holst Swende 2015-02-21 20:47:40 +01:00
parent 1defcf606f
commit b19caaefc2
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
armsrc/iclass.c
View file

@ -1085,7 +1085,7 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
// Tag CSN // Tag CSN
uint8_t *modulated_response; uint8_t *modulated_response;
int modulated_response_size; int modulated_response_size = 0;
uint8_t* trace_data = NULL; uint8_t* trace_data = NULL;
int trace_data_size = 0; int trace_data_size = 0;
@ -1132,8 +1132,10 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
CodeIClassTagAnswer(card_challenge_data, sizeof(card_challenge_data)); CodeIClassTagAnswer(card_challenge_data, sizeof(card_challenge_data));
memcpy(resp_cc, ToSend, ToSendMax); resp_cc_len = ToSendMax; memcpy(resp_cc, ToSend, ToSendMax); resp_cc_len = ToSendMax;
//This is used for responding to READ-block commands //This is used for responding to READ-block commands or other data which is dynamically generated
uint8_t *data_response = BigBuf_malloc(8 * 2 + 2); uint8_t *data_response = BigBuf_malloc(8 * 2 + 2);
//This is used for responding to READ-block commands or other data which is dynamically generated
uint8_t *data_generic_trace = BigBuf_malloc(8 * 2 + 2);
// Start from off (no field generated) // Start from off (no field generated)
//FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); //FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -1201,7 +1203,8 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
//Reader just sent us NR and MAC(k,cc * nr) //Reader just sent us NR and MAC(k,cc * nr)
//The diversified key should be stored on block 3 //The diversified key should be stored on block 3
//However, from a typical dump, the key will not be there //However, from a typical dump, the key will not be there
uint8_t *diversified_key = { 0 }; uint8_t diversified_key[8] = { 0 };
//Get the diversified key from emulator memory //Get the diversified key from emulator memory
memcpy(diversified_key, emulator+(8*3),8); memcpy(diversified_key, emulator+(8*3),8);
uint8_t ccnr[12] = { 0 }; uint8_t ccnr[12] = { 0 };
@ -1210,7 +1213,8 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
//Put nr there //Put nr there
memcpy(ccnr+8, receivedCmd+1,4); memcpy(ccnr+8, receivedCmd+1,4);
//Now, calc MAC //Now, calc MAC
doMAC(ccnr,diversified_key, trace_data); doMAC(ccnr,diversified_key, data_generic_trace);
trace_data = data_generic_trace;
trace_data_size = 4; trace_data_size = 4;
CodeIClassTagAnswer(trace_data , trace_data_size); CodeIClassTagAnswer(trace_data , trace_data_size);
memcpy(data_response, ToSend, ToSendMax); memcpy(data_response, ToSend, ToSendMax);
@ -1253,6 +1257,13 @@ int doIClassSimulation( int simulationMode, uint8_t *reader_mac_buf)
modulated_response = data_response; modulated_response = data_response;
modulated_response_size = ToSendMax; modulated_response_size = ToSendMax;
} }
else if(receivedCmd[0] == ICLASS_CMD_PAGESEL)
{//Pagesel
//Pagesel enables to select a page in the selected chip memory and return its configuration block
//Chips with a single page will not answer to this command
// It appears we're fine ignoring this.
//Otherwise, we should answer 8bytes (block) + 2bytes CRC
}
else { else {
//#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44 //#db# Unknown command received from reader (len=5): 26 1 0 f6 a 44 44 44 44
// Never seen this command before // Never seen this command before