search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update atrs list
[RRG-proxmark3.git] / armsrc / iso14443a.c
blobd02055b0d841abee4709729212688ee6176cc562
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Jonathan Westhues, Nov 2006
3 // Copyright (C) Gerhard de Koning Gans - May 2008
4 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
5 //
6 // This program is free software: you can redistribute it and/or modify
7 // it under the terms of the GNU General Public License as published by
8 // the Free Software Foundation, either version 3 of the License, or
9 // (at your option) any later version.
10 //
11 // This program is distributed in the hope that it will be useful,
12 // but WITHOUT ANY WARRANTY; without even the implied warranty of
13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 // GNU General Public License for more details.
15 //
16 // See LICENSE.txt for the text of the license.
17 //-----------------------------------------------------------------------------
18 // Routines to support ISO 14443 type A.
19 //-----------------------------------------------------------------------------
20 #include "iso14443a.h"
21
22 #include "string.h"
23 #include "proxmark3_arm.h"
24 #include "cmd.h"
25 #include "appmain.h"
26 #include "BigBuf.h"
27 #include "fpgaloader.h"
28 #include "ticks.h"
29 #include "dbprint.h"
30 #include "util.h"
31 #include "util.h"
32 #include "parity.h"
33 #include "mifareutil.h"
34 #include "commonutil.h"
35 #include "crc16.h"
36 #include "protocols.h"
37 #include "generator.h"
38 #include "desfire_crypto.h" // UL-C authentication helpers
39
40 #define MAX_ISO14A_TIMEOUT 524288
41
42 // this timeout is in MS
43 static uint32_t iso14a_timeout;
44
45 static uint8_t colpos = 0;
46
47 // the block number for the ISO14443-4 PCB
48 static uint8_t iso14_pcb_blocknum = 0;
49
50 //
51 // ISO14443 timing:
52 //
53 // minimum time between the start bits of consecutive transfers from reader to tag: 7000 carrier (13.56MHz) cycles
54 #define REQUEST_GUARD_TIME (7000/16 + 1)
55 // minimum time between last modulation of tag and next start bit from reader to tag: 1172 carrier cycles
56 #define FRAME_DELAY_TIME_PICC_TO_PCD (1172/16 + 1)
57 // bool LastCommandWasRequest = false;
58
59 //
60 // Total delays including SSC-Transfers between ARM and FPGA. These are in carrier clock cycles (1/13,56MHz)
61 //
62 // When the PM acts as reader and is receiving tag data, it takes
63 // 3 ticks delay in the AD converter
64 // 16 ticks until the modulation detector completes and sets curbit
65 // 8 ticks until bit_to_arm is assigned from curbit
66 // 8*16 ticks for the transfer from FPGA to ARM
67 // 4*16 ticks until we measure the time
68 // - 8*16 ticks because we measure the time of the previous transfer
69 #define DELAY_AIR2ARM_AS_READER (3 + 16 + 8 + 8*16 + 4*16 - 8*16)
70
71 // When the PM acts as a reader and is sending, it takes
72 // 4*16 ticks until we can write data to the sending hold register
73 // 8*16 ticks until the SHR is transferred to the Sending Shift Register
74 // 8 ticks until the first transfer starts
75 // 8 ticks later the FPGA samples the data
76 // 1 tick to assign mod_sig_coil
77 #define DELAY_ARM2AIR_AS_READER (4*16 + 8*16 + 8 + 8 + 1)
78
79 // The FPGA will report its internal sending delay in
80 static uint16_t FpgaSendQueueDelay;
81 // the 5 first bits are the number of bits buffered in mod_sig_buf
82 // the last three bits are the remaining ticks/2 after the mod_sig_buf shift
83 #define DELAY_FPGA_QUEUE (FpgaSendQueueDelay<<1)
84
85 // When the PM acts as tag and is sending, it takes
86 // 4*16 + 8 ticks until we can write data to the sending hold register
87 // 8*16 ticks until the SHR is transferred to the Sending Shift Register
88 // 8 ticks later the FPGA samples the first data
89 // + 16 ticks until assigned to mod_sig
90 // + 1 tick to assign mod_sig_coil
91 // + a varying number of ticks in the FPGA Delay Queue (mod_sig_buf)
92 #define DELAY_ARM2AIR_AS_TAG (4*16 + 8 + 8*16 + 8 + 16 + 1 + DELAY_FPGA_QUEUE)
93
94 // When the PM acts as sniffer and is receiving tag data, it takes
95 // 3 ticks A/D conversion
96 // 14 ticks to complete the modulation detection
97 // 8 ticks (on average) until the result is stored in to_arm
98 // + the delays in transferring data - which is the same for
99 // sniffing reader and tag data and therefore not relevant
100 #define DELAY_TAG_AIR2ARM_AS_SNIFFER (3 + 14 + 8)
101
102 // When the PM acts as sniffer and is receiving reader data, it takes
103 // 2 ticks delay in analogue RF receiver (for the falling edge of the
104 // start bit, which marks the start of the communication)
105 // 3 ticks A/D conversion
106 // 8 ticks on average until the data is stored in to_arm.
107 // + the delays in transferring data - which is the same for
108 // sniffing reader and tag data and therefore not relevant
109 #define DELAY_READER_AIR2ARM_AS_SNIFFER (2 + 3 + 8)
110
111 //variables used for timing purposes:
112 //these are in ssp_clk cycles:
113 static uint32_t NextTransferTime;
114 static uint32_t LastTimeProxToAirStart;
115 static uint32_t LastProxToAirDuration;
116
117 // CARD TO READER - manchester
118 // Sequence D: 11110000 modulation with subcarrier during first half
119 // Sequence E: 00001111 modulation with subcarrier during second half
120 // Sequence F: 00000000 no modulation with subcarrier
121 // Sequence COLL: 11111111 load modulation over the full bitlength.
122 // Tricks the reader to think that multiple cards answer.
123 // (at least one card with 1 and at least one card with 0)
124 // READER TO CARD - miller
125 // Sequence X: 00001100 drop after half a period
126 // Sequence Y: 00000000 no drop
127 // Sequence Z: 11000000 drop at start
128 #define SEC_D 0xf0
129 #define SEC_E 0x0f
130 #define SEC_F 0x00
131 #define SEC_COLL 0xff
132 #define SEC_X 0x0c
133 #define SEC_Y 0x00
134 #define SEC_Z 0xc0
135
136 /*
137 Default HF 14a config is set to:
138 forceanticol = 0 (auto)
139 forcebcc = 0 (expect valid BCC)
140 forcecl2 = 0 (auto)
141 forcecl3 = 0 (auto)
142 forcerats = 0 (auto)
143 */
144 static hf14a_config hf14aconfig = { 0, 0, 0, 0, 0 } ;
145
146
147 // Polling frames and configurations
148 iso14a_polling_parameters_t WUPA_POLLING_PARAMETERS = {
149 .frames = { {{ ISO14443A_CMD_WUPA }, 1, 7, 0} },
150 .frame_count = 1,
151 .extra_timeout = 0,
152 };
153 iso14a_polling_parameters_t REQA_POLLING_PARAMETERS = {
154 .frames = { {{ ISO14443A_CMD_REQA }, 1, 7, 0} },
155 .frame_count = 1,
156 .extra_timeout = 0,
157 };
158
159 // parity isn't used much
160 static uint8_t parity_array[MAX_PARITY_SIZE] = {0};
161
162 // crypto1 stuff
163 static uint8_t crypto1_auth_state = AUTH_FIRST;
164 static uint32_t crypto1_uid;
165 struct Crypto1State crypto1_state = {0, 0};
166
167 void printHf14aConfig(void) {
168 DbpString(_CYAN_("HF 14a config"));
169 Dbprintf(" [a] Anticol override.... %s%s%s",
170 (hf14aconfig.forceanticol == 0) ? _GREEN_("std") " ( follow standard )" : "",
171 (hf14aconfig.forceanticol == 1) ? _RED_("force") " ( always do anticol )" : "",
172 (hf14aconfig.forceanticol == 2) ? _RED_("skip") " ( always skip anticol )" : ""
173 );
174 Dbprintf(" [b] BCC override........ %s%s%s",
175 (hf14aconfig.forcebcc == 0) ? _GREEN_("std") " ( follow standard )" : "",
176 (hf14aconfig.forcebcc == 1) ? _RED_("fix") " ( fix bad BCC )" : "",
177 (hf14aconfig.forcebcc == 2) ? _RED_("ignore") " ( ignore bad BCC, always use card BCC )" : ""
178 );
179 Dbprintf(" [2] CL2 override........ %s%s%s",
180 (hf14aconfig.forcecl2 == 0) ? _GREEN_("std") " ( follow standard )" : "",
181 (hf14aconfig.forcecl2 == 1) ? _RED_("force") " ( always do CL2 )" : "",
182 (hf14aconfig.forcecl2 == 2) ? _RED_("skip") " ( always skip CL2 )" : ""
183 );
184 Dbprintf(" [3] CL3 override........ %s%s%s",
185 (hf14aconfig.forcecl3 == 0) ? _GREEN_("std") " ( follow standard )" : "",
186 (hf14aconfig.forcecl3 == 1) ? _RED_("force") " ( always do CL3 )" : "",
187 (hf14aconfig.forcecl3 == 2) ? _RED_("skip") " ( always skip CL3 )" : ""
188 );
189 Dbprintf(" [r] RATS override....... %s%s%s",
190 (hf14aconfig.forcerats == 0) ? _GREEN_("std") " ( follow standard )" : "",
191 (hf14aconfig.forcerats == 1) ? _RED_("force") " ( always do RATS )" : "",
192 (hf14aconfig.forcerats == 2) ? _RED_("skip") " ( always skip RATS )" : ""
193 );
194 }
195
196 /**
197 * Called from the USB-handler to set the 14a configuration
198 * The 14a config is used for card selection sequence.
199 *
200 * Values set to '-1' implies no change
201 * @brief setSamplingConfig
202 * @param sc
203 */
204 void setHf14aConfig(const hf14a_config *hc) {
205
206 if ((hc->forceanticol >= 0) && (hc->forceanticol <= 2))
207 hf14aconfig.forceanticol = hc->forceanticol;
208 if ((hc->forcebcc >= 0) && (hc->forcebcc <= 2))
209 hf14aconfig.forcebcc = hc->forcebcc;
210 if ((hc->forcecl2 >= 0) && (hc->forcecl2 <= 2))
211 hf14aconfig.forcecl2 = hc->forcecl2;
212 if ((hc->forcecl3 >= 0) && (hc->forcecl3 <= 2))
213 hf14aconfig.forcecl3 = hc->forcecl3;
214 if ((hc->forcerats >= 0) && (hc->forcerats <= 2))
215 hf14aconfig.forcerats = hc->forcerats;
216 }
217
218 hf14a_config *getHf14aConfig(void) {
219 return &hf14aconfig;
220 }
221
222 void iso14a_set_trigger(bool enable) {
223 g_trigger = enable;
224 }
225
226 void iso14a_set_timeout(uint32_t timeout) {
227 iso14a_timeout = timeout + (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 128 + 2;
228 }
229
230 uint32_t iso14a_get_timeout(void) {
231 return iso14a_timeout - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 128 - 2;
232 }
233
234 //-----------------------------------------------------------------------------
235 // Generate the parity value for a byte sequence
236 //-----------------------------------------------------------------------------
237 void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par) {
238 uint16_t paritybit_cnt = 0;
239 uint16_t paritybyte_cnt = 0;
240 uint8_t parityBits = 0;
241
242 for (uint16_t i = 0; i < len; i++) {
243 // Generate the parity bits
244 parityBits |= ((oddparity8(pbtCmd[i])) << (7 - paritybit_cnt));
245 if (paritybit_cnt == 7) {
246 par[paritybyte_cnt] = parityBits; // save 8 Bits parity
247 parityBits = 0; // and advance to next Parity Byte
248 paritybyte_cnt++;
249 paritybit_cnt = 0;
250 } else {
251 paritybit_cnt++;
252 }
253 }
254
255 // save remaining parity bits
256 par[paritybyte_cnt] = parityBits;
257 }
258
259
260 //=============================================================================
261 // ISO 14443 Type A - Miller decoder
262 //=============================================================================
263 // Basics:
264 // This decoder is used when the PM3 acts as a tag.
265 // The reader will generate "pauses" by temporarily switching of the field.
266 // At the PM3 antenna we will therefore measure a modulated antenna voltage.
267 // The FPGA does a comparison with a threshold and would deliver e.g.:
268 // ........ 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1 1 1 .......
269 // The Miller decoder needs to identify the following sequences:
270 // 2 (or 3) ticks pause followed by 6 (or 5) ticks unmodulated: pause at beginning - Sequence Z ("start of communication" or a "0")
271 // 8 ticks without a modulation: no pause - Sequence Y (a "0" or "end of communication" or "no information")
272 // 4 ticks unmodulated followed by 2 (or 3) ticks pause: pause in second half - Sequence X (a "1")
273 // Note 1: the bitstream may start at any time. We therefore need to sync.
274 // Note 2: the interpretation of Sequence Y and Z depends on the preceding sequence.
275 //-----------------------------------------------------------------------------
276 static tUart14a Uart;
277
278 // Lookup-Table to decide if 4 raw bits are a modulation.
279 // We accept the following:
280 // 0001 - a 3 tick wide pause
281 // 0011 - a 2 tick wide pause, or a three tick wide pause shifted left
282 // 0111 - a 2 tick wide pause shifted left
283 // 1001 - a 2 tick wide pause shifted right
284 static const bool Mod_Miller_LUT[] = {
285 false, true, false, true, false, false, false, true,
286 false, true, false, false, false, false, false, false
287 };
288 #define IsMillerModulationNibble1(b) (Mod_Miller_LUT[(b & 0x000000F0) >> 4])
289 #define IsMillerModulationNibble2(b) (Mod_Miller_LUT[(b & 0x0000000F)])
290
291 tUart14a *GetUart14a(void) {
292 return &Uart;
293 }
294
295 void Uart14aReset(void) {
296 Uart.state = STATE_14A_UNSYNCD;
297 Uart.bitCount = 0;
298 Uart.len = 0; // number of decoded data bytes
299 Uart.parityLen = 0; // number of decoded parity bytes
300 Uart.shiftReg = 0; // shiftreg to hold decoded data bits
301 Uart.parityBits = 0; // holds 8 parity bits
302 Uart.startTime = 0;
303 Uart.endTime = 0;
304 Uart.fourBits = 0x00000000; // clear the buffer for 4 Bits
305 Uart.posCnt = 0;
306 Uart.syncBit = 9999;
307 }
308
309 void Uart14aInit(uint8_t *d, uint16_t n, uint8_t *par) {
310 Uart.output_len = n;
311 Uart.output = d;
312 Uart.parity = par;
313 Uart14aReset();
314 }
315
316 // use parameter non_real_time to provide a timestamp. Set to 0 if the decoder should measure real time
317 RAMFUNC bool MillerDecoding(uint8_t bit, uint32_t non_real_time) {
318
319 if (Uart.len == Uart.output_len) {
320 return true;
321 }
322
323 Uart.fourBits = (Uart.fourBits << 8) | bit;
324
325 if (Uart.state == STATE_14A_UNSYNCD) { // not yet synced
326 Uart.syncBit = 9999; // not set
327
328 // 00x11111 2|3 ticks pause followed by 6|5 ticks unmodulated Sequence Z (a "0" or "start of communication")
329 // 11111111 8 ticks unmodulation Sequence Y (a "0" or "end of communication" or "no information")
330 // 111100x1 4 ticks unmodulated followed by 2|3 ticks pause Sequence X (a "1")
331
332 // The start bit is one ore more Sequence Y followed by a Sequence Z (... 11111111 00x11111). We need to distinguish from
333 // Sequence X followed by Sequence Y followed by Sequence Z (111100x1 11111111 00x11111)
334 // we therefore look for a ...xx1111 11111111 00x11111xxxxxx... pattern
335 // (12 '1's followed by 2 '0's, eventually followed by another '0', followed by 5 '1's)
336 #define ISO14443A_STARTBIT_MASK 0x07FFEF80 // mask is 00000111 11111111 11101111 10000000
337 #define ISO14443A_STARTBIT_PATTERN 0x07FF8F80 // pattern is 00000111 11111111 10001111 10000000
338 if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 0)) == ISO14443A_STARTBIT_PATTERN >> 0) Uart.syncBit = 7;
339 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 1)) == ISO14443A_STARTBIT_PATTERN >> 1) Uart.syncBit = 6;
340 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 2)) == ISO14443A_STARTBIT_PATTERN >> 2) Uart.syncBit = 5;
341 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 3)) == ISO14443A_STARTBIT_PATTERN >> 3) Uart.syncBit = 4;
342 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 4)) == ISO14443A_STARTBIT_PATTERN >> 4) Uart.syncBit = 3;
343 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 5)) == ISO14443A_STARTBIT_PATTERN >> 5) Uart.syncBit = 2;
344 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 6)) == ISO14443A_STARTBIT_PATTERN >> 6) Uart.syncBit = 1;
345 else if ((Uart.fourBits & (ISO14443A_STARTBIT_MASK >> 7)) == ISO14443A_STARTBIT_PATTERN >> 7) Uart.syncBit = 0;
346
347 if (Uart.syncBit != 9999) { // found a sync bit
348 Uart.startTime = (non_real_time) ? non_real_time : (GetCountSspClk() & 0xfffffff8);
349 Uart.startTime -= Uart.syncBit;
350 Uart.endTime = Uart.startTime;
351 Uart.state = STATE_14A_START_OF_COMMUNICATION;
352 }
353
354 } else {
355
356 if (IsMillerModulationNibble1(Uart.fourBits >> Uart.syncBit)) {
357
358 if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation in both halves - error
359 Uart14aReset();
360 } else { // Modulation in first half = Sequence Z = logic "0"
361
362 if (Uart.state == STATE_14A_MILLER_X) { // error - must not follow after X
363 Uart14aReset();
364 } else {
365 Uart.bitCount++;
366 Uart.shiftReg = (Uart.shiftReg >> 1); // add a 0 to the shiftreg
367 Uart.state = STATE_14A_MILLER_Z;
368 Uart.endTime = Uart.startTime + 8 * (9 * Uart.len + Uart.bitCount + 1) - 6;
369
370 if (Uart.bitCount >= 9) { // if we decoded a full byte (including parity)
371 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff);
372 Uart.parityBits <<= 1; // make room for the parity bit
373 Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit
374 Uart.bitCount = 0;
375 Uart.shiftReg = 0;
376 if ((Uart.len & 0x0007) == 0) { // every 8 data bytes
377 Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits
378 Uart.parityBits = 0;
379 }
380 }
381 }
382 }
383 } else {
384
385 if (IsMillerModulationNibble2(Uart.fourBits >> Uart.syncBit)) { // Modulation second half = Sequence X = logic "1"
386
387 Uart.bitCount++;
388 Uart.shiftReg = (Uart.shiftReg >> 1) | 0x100; // add a 1 to the shiftreg
389 Uart.state = STATE_14A_MILLER_X;
390 Uart.endTime = Uart.startTime + 8 * (9 * Uart.len + Uart.bitCount + 1) - 2;
391
392 if (Uart.bitCount >= 9) { // if we decoded a full byte (including parity)
393
394 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff);
395 Uart.parityBits <<= 1; // make room for the new parity bit
396 Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit
397 Uart.bitCount = 0;
398 Uart.shiftReg = 0;
399
400 if ((Uart.len & 0x0007) == 0) { // every 8 data bytes
401 Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits
402 Uart.parityBits = 0;
403 }
404 }
405
406 } else { // no modulation in both halves - Sequence Y
407
408 if (Uart.state == STATE_14A_MILLER_Z || Uart.state == STATE_14A_MILLER_Y) { // Y after logic "0" - End of Communication
409
410 Uart.state = STATE_14A_UNSYNCD;
411 Uart.bitCount--; // last "0" was part of EOC sequence
412 Uart.shiftReg <<= 1; // drop it
413
414 if (Uart.bitCount > 0) { // if we decoded some bits
415 Uart.shiftReg >>= (9 - Uart.bitCount); // right align them
416 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff); // add last byte to the output
417 Uart.parityBits <<= 1; // add a (void) parity bit
418 Uart.parityBits <<= (8 - (Uart.len & 0x0007)); // left align parity bits
419 Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store it
420 return true;
421 }
422
423 if (Uart.len & 0x0007) { // there are some parity bits to store
424 Uart.parityBits <<= (8 - (Uart.len & 0x0007)); // left align remaining parity bits
425 Uart.parity[Uart.parityLen++] = Uart.parityBits; // and store them
426 }
427
428 if (Uart.len) {
429 return true; // we are finished with decoding the raw data sequence
430 } else {
431 Uart14aReset(); // Nothing received - start over
432 return false;
433 }
434 }
435
436 if (Uart.state == STATE_14A_START_OF_COMMUNICATION) { // error - must not follow directly after SOC
437 Uart14aReset();
438 } else { // a logic "0"
439
440 Uart.bitCount++;
441 Uart.shiftReg >>= 1; // add a 0 to the shiftreg
442 Uart.state = STATE_14A_MILLER_Y;
443
444 if (Uart.bitCount >= 9) { // if we decoded a full byte (including parity)
445
446 Uart.output[Uart.len++] = (Uart.shiftReg & 0xff);
447 Uart.parityBits <<= 1; // make room for the parity bit
448 Uart.parityBits |= ((Uart.shiftReg >> 8) & 0x01); // store parity bit
449 Uart.bitCount = 0;
450 Uart.shiftReg = 0;
451
452 // Every 8 data bytes, store 8 parity bits into a parity byte
453 if ((Uart.len & 0x0007) == 0) { // every 8 data bytes
454 Uart.parity[Uart.parityLen++] = Uart.parityBits; // store 8 parity bits
455 Uart.parityBits = 0;
456 }
457 }
458 }
459 }
460 }
461 }
462 return false; // not finished yet, need more data
463 }
464
465 //=============================================================================
466 // ISO 14443 Type A - Manchester decoder
467 //=============================================================================
468 // Basics:
469 // This decoder is used when the PM3 acts as a reader.
470 // The tag will modulate the reader field by asserting different loads to it. As a consequence, the voltage
471 // at the reader antenna will be modulated as well. The FPGA detects the modulation for us and would deliver e.g. the following:
472 // ........ 0 0 1 1 1 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .......
473 // The Manchester decoder needs to identify the following sequences:
474 // 4 ticks modulated followed by 4 ticks unmodulated: Sequence D = 1 (also used as "start of communication")
475 // 4 ticks unmodulated followed by 4 ticks modulated: Sequence E = 0
476 // 8 ticks unmodulated: Sequence F = end of communication
477 // 8 ticks modulated: A collision. Save the collision position and treat as Sequence D
478 // Note 1: the bitstream may start at any time. We therefore need to sync.
479 // Note 2: parameter offset is used to determine the position of the parity bits (required for the anticollision command only)
480 static tDemod14a Demod;
481
482 // Lookup-Table to decide if 4 raw bits are a modulation.
483 // We accept three or four "1" in any position
484 static const bool Mod_Manchester_LUT[] = {
485 false, false, false, false, false, false, false, true,
486 false, false, false, true, false, true, true, true
487 };
488
489 #define IsManchesterModulationNibble1(b) (Mod_Manchester_LUT[(b & 0x00F0) >> 4])
490 #define IsManchesterModulationNibble2(b) (Mod_Manchester_LUT[(b & 0x000F)])
491
492 tDemod14a *GetDemod14a(void) {
493 return &Demod;
494 }
495 void Demod14aReset(void) {
496 Demod.state = DEMOD_14A_UNSYNCD;
497 Demod.twoBits = 0xFFFF; // buffer for 2 Bits
498 Demod.highCnt = 0;
499 Demod.bitCount = 0;
500 Demod.collisionPos = 0; // Position of collision bit
501 Demod.syncBit = 0xFFFF;
502 Demod.parityBits = 0;
503 Demod.parityLen = 0;
504 Demod.shiftReg = 0; // shiftreg to hold decoded data bits
505 Demod.samples = 0;
506 Demod.len = 0; // number of decoded data bytes
507 Demod.startTime = 0;
508 Demod.endTime = 0;
509 Demod.samples = 0;
510 }
511
512 void Demod14aInit(uint8_t *d, uint16_t n, uint8_t *par) {
513 Demod.output_len = n;
514 Demod.output = d;
515 Demod.parity = par;
516 Demod14aReset();
517 }
518
519 // use parameter non_real_time to provide a timestamp. Set to 0 if the decoder should measure real time
520 RAMFUNC int ManchesterDecoding(uint8_t bit, uint16_t offset, uint32_t non_real_time) {
521
522 if (Demod.len == Demod.output_len) {
523 return true;
524 }
525
526 Demod.twoBits = (Demod.twoBits << 8) | bit;
527
528 if (Demod.state == DEMOD_14A_UNSYNCD) {
529
530 if (Demod.highCnt < 2) { // wait for a stable unmodulated signal
531 if (Demod.twoBits == 0x0000) {
532 Demod.highCnt++;
533 } else {
534 Demod.highCnt = 0;
535 }
536 } else {
537 Demod.syncBit = 0xFFFF; // not set
538 if ((Demod.twoBits & 0x7700) == 0x7000) Demod.syncBit = 7;
539 else if ((Demod.twoBits & 0x3B80) == 0x3800) Demod.syncBit = 6;
540 else if ((Demod.twoBits & 0x1DC0) == 0x1C00) Demod.syncBit = 5;
541 else if ((Demod.twoBits & 0x0EE0) == 0x0E00) Demod.syncBit = 4;
542 else if ((Demod.twoBits & 0x0770) == 0x0700) Demod.syncBit = 3;
543 else if ((Demod.twoBits & 0x03B8) == 0x0380) Demod.syncBit = 2;
544 else if ((Demod.twoBits & 0x01DC) == 0x01C0) Demod.syncBit = 1;
545 else if ((Demod.twoBits & 0x00EE) == 0x00E0) Demod.syncBit = 0;
546 if (Demod.syncBit != 0xFFFF) {
547 Demod.startTime = non_real_time ? non_real_time : (GetCountSspClk() & 0xfffffff8);
548 Demod.startTime -= Demod.syncBit;
549 Demod.bitCount = offset; // number of decoded data bits
550 Demod.state = DEMOD_14A_MANCHESTER_DATA;
551 }
552 }
553 } else {
554
555 if (IsManchesterModulationNibble1(Demod.twoBits >> Demod.syncBit)) { // modulation in first half
556 if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // ... and in second half = collision
557 if (Demod.collisionPos == 0) {
558 Demod.collisionPos = (Demod.len << 3) + Demod.bitCount;
559 }
560 } // modulation in first half only - Sequence D = 1
561 Demod.bitCount++;
562 Demod.shiftReg = (Demod.shiftReg >> 1) | 0x100; // in both cases, add a 1 to the shiftreg
563 if (Demod.bitCount == 9) { // if we decoded a full byte (including parity)
564 Demod.output[Demod.len++] = (Demod.shiftReg & 0xff);
565 Demod.parityBits <<= 1; // make room for the parity bit
566 Demod.parityBits |= ((Demod.shiftReg >> 8) & 0x01); // store parity bit
567 Demod.bitCount = 0;
568 Demod.shiftReg = 0;
569 if ((Demod.len & 0x0007) == 0) { // every 8 data bytes
570 Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits
571 Demod.parityBits = 0;
572 }
573 }
574 Demod.endTime = Demod.startTime + 8 * (9 * Demod.len + Demod.bitCount + 1) - 4;
575 } else { // no modulation in first half
576 if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // and modulation in second half = Sequence E = 0
577 Demod.bitCount++;
578 Demod.shiftReg = (Demod.shiftReg >> 1); // add a 0 to the shiftreg
579 if (Demod.bitCount >= 9) { // if we decoded a full byte (including parity)
580 Demod.output[Demod.len++] = (Demod.shiftReg & 0xff);
581 Demod.parityBits <<= 1; // make room for the new parity bit
582 Demod.parityBits |= ((Demod.shiftReg >> 8) & 0x01); // store parity bit
583 Demod.bitCount = 0;
584 Demod.shiftReg = 0;
585 if ((Demod.len & 0x0007) == 0) { // every 8 data bytes
586 Demod.parity[Demod.parityLen++] = Demod.parityBits; // store 8 parity bits1
587 Demod.parityBits = 0;
588 }
589 }
590 Demod.endTime = Demod.startTime + 8 * (9 * Demod.len + Demod.bitCount + 1);
591 } else { // no modulation in both halves - End of communication
592
593 if (Demod.bitCount > 0) { // there are some remaining data bits
594 Demod.shiftReg >>= (9 - Demod.bitCount); // right align the decoded bits
595 Demod.output[Demod.len++] = Demod.shiftReg & 0xff; // and add them to the output
596 Demod.parityBits <<= 1; // add a (void) parity bit
597 Demod.parityBits <<= (8 - (Demod.len & 0x0007)); // left align remaining parity bits
598 Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them
599 return true;
600 } else if (Demod.len & 0x0007) { // there are some parity bits to store
601 Demod.parityBits <<= (8 - (Demod.len & 0x0007)); // left align remaining parity bits
602 Demod.parity[Demod.parityLen++] = Demod.parityBits; // and store them
603 }
604
605 if (Demod.len) {
606 return true; // we are finished with decoding the raw data sequence
607 } else { // nothing received. Start over
608 Demod14aReset();
609 }
610 }
611 }
612 }
613 return false; // not finished yet, need more data
614 }
615
616
617 // Thinfilm, Kovio mangles ISO14443A in the way that they don't use start bit nor parity bits.
618 static RAMFUNC int ManchesterDecoding_Thinfilm(uint8_t bit) {
619
620 if (Demod.len == Demod.output_len) {
621 return true;
622 }
623
624 Demod.twoBits = (Demod.twoBits << 8) | bit;
625
626 if (Demod.state == DEMOD_14A_UNSYNCD) {
627
628 if (Demod.highCnt < 2) { // wait for a stable unmodulated signal
629
630 if (Demod.twoBits == 0x0000) {
631 Demod.highCnt++;
632 } else {
633 Demod.highCnt = 0;
634 }
635
636 } else {
637 Demod.syncBit = 0xFFFF; // not set
638 if ((Demod.twoBits & 0x7700) == 0x7000) Demod.syncBit = 7;
639 else if ((Demod.twoBits & 0x3B80) == 0x3800) Demod.syncBit = 6;
640 else if ((Demod.twoBits & 0x1DC0) == 0x1C00) Demod.syncBit = 5;
641 else if ((Demod.twoBits & 0x0EE0) == 0x0E00) Demod.syncBit = 4;
642 else if ((Demod.twoBits & 0x0770) == 0x0700) Demod.syncBit = 3;
643 else if ((Demod.twoBits & 0x03B8) == 0x0380) Demod.syncBit = 2;
644 else if ((Demod.twoBits & 0x01DC) == 0x01C0) Demod.syncBit = 1;
645 else if ((Demod.twoBits & 0x00EE) == 0x00E0) Demod.syncBit = 0;
646
647 if (Demod.syncBit != 0xFFFF) {
648 Demod.startTime = (GetCountSspClk() & 0xfffffff8);
649 Demod.startTime -= Demod.syncBit;
650 Demod.bitCount = 1; // number of decoded data bits
651 Demod.shiftReg = 1;
652 Demod.state = DEMOD_14A_MANCHESTER_DATA;
653 }
654 }
655
656 } else {
657
658 if (IsManchesterModulationNibble1(Demod.twoBits >> Demod.syncBit)) { // modulation in first half
659
660 if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // ... and in second half = collision
661 if (Demod.collisionPos == 0) {
662 Demod.collisionPos = (Demod.len << 3) + Demod.bitCount;
663 }
664 } // modulation in first half only - Sequence D = 1
665 Demod.bitCount++;
666 Demod.shiftReg = (Demod.shiftReg << 1) | 0x1; // in both cases, add a 1 to the shiftreg
667
668 if (Demod.bitCount == 8) { // if we decoded a full byte
669 Demod.output[Demod.len++] = (Demod.shiftReg & 0xFF);
670 Demod.bitCount = 0;
671 Demod.shiftReg = 0;
672 }
673
674 Demod.endTime = Demod.startTime + 8 * (8 * Demod.len + Demod.bitCount + 1) - 4;
675
676 } else { // no modulation in first half
677
678 if (IsManchesterModulationNibble2(Demod.twoBits >> Demod.syncBit)) { // and modulation in second half = Sequence E = 0
679 Demod.bitCount++;
680 Demod.shiftReg = (Demod.shiftReg << 1); // add a 0 to the shiftreg
681 if (Demod.bitCount >= 8) { // if we decoded a full byte
682 Demod.output[Demod.len++] = (Demod.shiftReg & 0xFF);
683 Demod.bitCount = 0;
684 Demod.shiftReg = 0;
685 }
686 Demod.endTime = Demod.startTime + 8 * (8 * Demod.len + Demod.bitCount + 1);
687
688 } else { // no modulation in both halves - End of communication
689
690 if (Demod.bitCount) { // there are some remaining data bits
691 Demod.shiftReg <<= (8 - Demod.bitCount); // left align the decoded bits
692 Demod.output[Demod.len++] = Demod.shiftReg & 0xFF; // and add them to the output
693
694 // Dbprintf("A | len... %u - %u == 0x%02x", Demod.len, Demod.bitCount, Demod.output[0]);
695 return true;
696 }
697
698 if (Demod.len) {
699 return true; // we are finished with decoding the raw data sequence
700 } else { // nothing received. Start over
701 Demod14aReset();
702 }
703 }
704 }
705 }
706 return false; // not finished yet, need more data
707 }
708
709 //=============================================================================
710 // Finally, a `sniffer' for ISO 14443 Type A
711 // Both sides of communication!
712 //=============================================================================
713
714 //-----------------------------------------------------------------------------
715 // Record the sequence of commands sent by the reader to the tag, with
716 // triggering so that we start recording at the point that the tag is moved
717 // near the reader.
718 // "hf 14a sniff"
719 //-----------------------------------------------------------------------------
720 void RAMFUNC SniffIso14443a(uint8_t param) {
721 LEDsoff();
722 // param:
723 // bit 0 - trigger from first card answer
724 // bit 1 - trigger from first reader 7-bit request
725 iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
726
727 // Allocate memory from BigBuf for some buffers
728 // free all previous allocations first
729 BigBuf_free();
730 BigBuf_Clear_ext(false);
731 clear_trace();
732 set_tracing(true);
733
734 // The command (reader -> tag) that we're receiving.
735 uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
736 uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
737
738 // The response (tag -> reader) that we're receiving.
739 uint8_t *receivedResp = BigBuf_malloc(MAX_FRAME_SIZE);
740 uint8_t *receivedRespPar = BigBuf_malloc(MAX_PARITY_SIZE);
741
742 uint8_t previous_data = 0;
743 int maxDataLen = 0, dataLen;
744 bool TagIsActive = false;
745 bool ReaderIsActive = false;
746
747 // Set up the demodulator for tag -> reader responses.
748 Demod14aInit(receivedResp, MAX_FRAME_SIZE, receivedRespPar);
749
750 // Set up the demodulator for the reader -> tag commands
751 Uart14aInit(receivedCmd, MAX_FRAME_SIZE, receivedCmdPar);
752
753 if (g_dbglevel >= DBG_INFO) {
754 DbpString("Press " _GREEN_("pm3 button") " to abort sniffing");
755 }
756
757 // The DMA buffer, used to stream samples from the FPGA
758 dmabuf8_t *dma = get_dma8();
759 uint8_t *data = dma->buf;
760
761 // Setup and start DMA.
762 if (FpgaSetupSscDma((uint8_t *) dma->buf, DMA_BUFFER_SIZE) == false) {
763 if (g_dbglevel > 1) Dbprintf("FpgaSetupSscDma failed. Exiting");
764 return;
765 }
766
767 // We won't start recording the frames that we acquire until we trigger;
768 // a good trigger condition to get started is probably when we see a
769 // response from the tag.
770 // triggered == false -- to wait first for card
771 bool triggered = !(param & 0x03);
772
773 uint32_t rx_samples = 0;
774
775 // loop and listen
776 while (BUTTON_PRESS() == false) {
777 WDT_HIT();
778 LED_A_ON();
779
780 register int readBufDataP = data - dma->buf;
781 register int dmaBufDataP = DMA_BUFFER_SIZE - AT91C_BASE_PDC_SSC->PDC_RCR;
782 if (readBufDataP <= dmaBufDataP) {
783 dataLen = dmaBufDataP - readBufDataP;
784 } else {
785 dataLen = DMA_BUFFER_SIZE - readBufDataP + dmaBufDataP;
786 }
787
788 // test for length of buffer
789 if (dataLen > maxDataLen) {
790 maxDataLen = dataLen;
791 if (dataLen > (9 * DMA_BUFFER_SIZE / 10)) {
792 Dbprintf("[!] blew circular buffer! | datalen %u", dataLen);
793 break;
794 }
795 }
796 if (dataLen < 1) {
797 continue;
798 }
799
800 // primary buffer was stopped( <-- we lost data!
801 if (!AT91C_BASE_PDC_SSC->PDC_RCR) {
802 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) dma->buf;
803 AT91C_BASE_PDC_SSC->PDC_RCR = DMA_BUFFER_SIZE;
804 Dbprintf("[-] RxEmpty ERROR | data length %d", dataLen); // temporary
805 }
806 // secondary buffer sets as primary, secondary buffer was stopped
807 if (!AT91C_BASE_PDC_SSC->PDC_RNCR) {
808 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dma->buf;
809 AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
810 }
811
812 LED_A_OFF();
813
814 // Need two samples to feed Miller and Manchester-Decoder
815 if (rx_samples & 0x01) {
816
817 // no need to try decoding reader data if the tag is sending
818 if (TagIsActive == false) {
819
820 uint8_t readerdata = (previous_data & 0xF0) | (*data >> 4);
821
822 if (MillerDecoding(readerdata, (rx_samples - 1) * 4)) {
823 LED_C_ON();
824
825 // check - if there is a short 7bit request from reader
826 if ((!triggered) && (param & 0x02) && (Uart.len == 1) && (Uart.bitCount == 7)) {
827 triggered = true;
828 }
829
830 if (triggered) {
831 if (!LogTrace(receivedCmd,
832 Uart.len,
833 Uart.startTime * 16 - DELAY_READER_AIR2ARM_AS_SNIFFER,
834 Uart.endTime * 16 - DELAY_READER_AIR2ARM_AS_SNIFFER,
835 Uart.parity,
836 true)) {
837 break;
838 }
839 }
840 // ready to receive another command
841 Uart14aReset();
842 // reset the demod code, which might have been
843 // false-triggered by the commands from the reader
844 Demod14aReset();
845 LED_B_OFF();
846 }
847 ReaderIsActive = (Uart.state != STATE_14A_UNSYNCD);
848 }
849
850 // no need to try decoding tag data if the reader is sending - and we cannot afford the time
851 if (ReaderIsActive == false) {
852
853 uint8_t tagdata = (previous_data << 4) | (*data & 0x0F);
854
855 if (ManchesterDecoding(tagdata, 0, (rx_samples - 1) * 4)) {
856
857 LED_B_ON();
858
859 if (!LogTrace(receivedResp,
860 Demod.len,
861 Demod.startTime * 16 - DELAY_TAG_AIR2ARM_AS_SNIFFER,
862 Demod.endTime * 16 - DELAY_TAG_AIR2ARM_AS_SNIFFER,
863 Demod.parity,
864 false)) break;
865
866 if ((!triggered) && (param & 0x01)) {
867 triggered = true;
868 }
869
870 // ready to receive another response.
871 Demod14aReset();
872 // reset the Miller decoder including its (now outdated) input buffer
873 Uart14aReset();
874 //Uart14aInit(receivedCmd, MAX_FRAME_SIZE, receivedCmdPar);
875 LED_C_OFF();
876 }
877 TagIsActive = (Demod.state != DEMOD_14A_UNSYNCD);
878 }
879 }
880
881 previous_data = *data;
882 rx_samples++;
883 data++;
884 if (data == dma->buf + DMA_BUFFER_SIZE) {
885 data = dma->buf;
886 }
887 } // end main loop
888
889 FpgaDisableTracing();
890
891 if (g_dbglevel >= DBG_ERROR) {
892 Dbprintf("trace len = " _YELLOW_("%d"), BigBuf_get_traceLen());
893 }
894 switch_off();
895 }
896
897 //-----------------------------------------------------------------------------
898 // Prepare tag messages
899 //-----------------------------------------------------------------------------
900 static void CodeIso14443aAsTagPar(const uint8_t *cmd, uint16_t len, const uint8_t *par, bool collision) {
901
902 tosend_reset();
903
904 tosend_t *ts = get_tosend();
905
906 // Correction bit, might be removed when not needed
907 tosend_stuffbit(0);
908 tosend_stuffbit(0);
909 tosend_stuffbit(0);
910 tosend_stuffbit(0);
911 tosend_stuffbit(1); // <-----
912 tosend_stuffbit(0);
913 tosend_stuffbit(0);
914 tosend_stuffbit(0);
915
916 // Send startbit
917 ts->buf[++ts->max] = SEC_D;
918 LastProxToAirDuration = 8 * ts->max - 4;
919
920 for (uint16_t i = 0; i < len; i++) {
921 uint8_t b = cmd[i];
922
923 // Data bits
924 for (uint16_t j = 0; j < 8; j++) {
925 if (collision) {
926 ts->buf[++ts->max] = SEC_COLL;
927 } else {
928 if (b & 1) {
929 ts->buf[++ts->max] = SEC_D;
930 } else {
931 ts->buf[++ts->max] = SEC_E;
932 }
933 b >>= 1;
934 }
935 }
936
937 if (collision) {
938 ts->buf[++ts->max] = SEC_COLL;
939 LastProxToAirDuration = 8 * ts->max;
940 } else {
941 // Get the parity bit
942 if (par[i >> 3] & (0x80 >> (i & 0x0007))) {
943 ts->buf[++ts->max] = SEC_D;
944 LastProxToAirDuration = 8 * ts->max - 4;
945 } else {
946 ts->buf[++ts->max] = SEC_E;
947 LastProxToAirDuration = 8 * ts->max;
948 }
949 }
950 }
951
952 // Send stopbit
953 ts->buf[++ts->max] = SEC_F;
954
955 // Convert from last byte pos to length
956 ts->max++;
957 }
958
959 static void CodeIso14443aAsTagEx(const uint8_t *cmd, uint16_t len, bool collision) {
960 GetParity(cmd, len, parity_array);
961 CodeIso14443aAsTagPar(cmd, len, parity_array, collision);
962 }
963 static void CodeIso14443aAsTag(const uint8_t *cmd, uint16_t len) {
964 CodeIso14443aAsTagEx(cmd, len, false);
965 }
966
967 static void Code4bitAnswerAsTag(uint8_t cmd) {
968 uint8_t b = cmd;
969
970 tosend_reset();
971
972 tosend_t *ts = get_tosend();
973
974 // Correction bit, might be removed when not needed
975 tosend_stuffbit(0);
976 tosend_stuffbit(0);
977 tosend_stuffbit(0);
978 tosend_stuffbit(0);
979 tosend_stuffbit(1); // 1
980 tosend_stuffbit(0);
981 tosend_stuffbit(0);
982 tosend_stuffbit(0);
983
984 // Send startbit
985 ts->buf[++ts->max] = SEC_D;
986
987 for (uint8_t i = 0; i < 4; i++) {
988 if (b & 1) {
989 ts->buf[++ts->max] = SEC_D;
990 LastProxToAirDuration = 8 * ts->max - 4;
991 } else {
992 ts->buf[++ts->max] = SEC_E;
993 LastProxToAirDuration = 8 * ts->max;
994 }
995 b >>= 1;
996 }
997
998 // Send stopbit
999 ts->buf[++ts->max] = SEC_F;
1000
1001 // Convert from last byte pos to length
1002 ts->max++;
1003 }
1004
1005 //-----------------------------------------------------------------------------
1006 // Wait for commands from reader
1007 // stop when button is pressed or client usb connection resets
1008 // or return TRUE when command is captured
1009 //-----------------------------------------------------------------------------
1010 bool GetIso14443aCommandFromReader(uint8_t *received, uint16_t received_maxlen, uint8_t *par, int *len) {
1011 // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
1012 // only, since we are receiving, not transmitting).
1013 // Signal field is off with the appropriate LED
1014 LED_D_OFF();
1015 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);
1016
1017 // Now run a `software UART` on the stream of incoming samples.
1018 Uart14aInit(received, received_maxlen, par);
1019
1020 // clear RXRDY:
1021 uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1022 (void)b;
1023
1024 uint8_t flip = 0;
1025 uint16_t checker = 4000;
1026 for (;;) {
1027
1028 WDT_HIT();
1029
1030 // ever 3 * 4000, check if we got any data from client
1031 // takes long time, usually messes with simualtion
1032 if (flip == 3) {
1033 if (data_available()) {
1034 return false;
1035 }
1036
1037 flip = 0;
1038 }
1039
1040 // button press, takes a bit time, might mess with simualtion
1041 if (checker-- == 0) {
1042 if (BUTTON_PRESS()) {
1043 return false;
1044 }
1045
1046 flip++;
1047 checker = 4000;
1048 }
1049
1050 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
1051 b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
1052 if (MillerDecoding(b, 0)) {
1053 *len = Uart.len;
1054 return true;
1055 }
1056 }
1057 }
1058 return false;
1059 }
1060
1061 bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffer_size) {
1062 // Example response, answer to MIFARE Classic read block will be 16 bytes + 2 CRC = 18 bytes
1063 // This will need the following byte array for a modulation sequence
1064 // 144 data bits (18 * 8)
1065 // 18 parity bits
1066 // 2 Start and stop
1067 // 1 Correction bit (Answer in 1172 or 1236 periods, see FPGA)
1068 // 1 just for the case
1069 // ----------- +
1070 // 166 bytes, since every bit that needs to be send costs us a byte
1071 //
1072 // Prepare the tag modulation bits from the message
1073 CodeIso14443aAsTag(response_info->response, response_info->response_n);
1074
1075 tosend_t *ts = get_tosend();
1076
1077 // Make sure we do not exceed the free buffer space
1078 if (ts->max > max_buffer_size) {
1079 Dbprintf("ToSend buffer, Out-of-bound, when modulating bits for tag answer:");
1080 Dbhexdump(response_info->response_n, response_info->response, false);
1081 return false;
1082 }
1083
1084 // Copy the byte array, used for this modulation to the buffer position
1085 memcpy(response_info->modulation, ts->buf, ts->max);
1086
1087 // Store the number of bytes that were used for encoding/modulation and the time needed to transfer them
1088 response_info->modulation_n = ts->max;
1089 response_info->ProxToAirDuration = LastProxToAirDuration;
1090 return true;
1091 }
1092
1093 bool prepare_allocated_tag_modulation(tag_response_info_t *response_info, uint8_t **buffer, size_t *max_buffer_size) {
1094
1095 tosend_t *ts = get_tosend();
1096
1097 // Retrieve and store the current buffer index
1098 response_info->modulation = *buffer;
1099
1100 // Forward the prepare tag modulation function to the inner function
1101 if (prepare_tag_modulation(response_info, *max_buffer_size)) {
1102 // Update the free buffer offset and the remaining buffer size
1103 *buffer += ts->max;
1104 *max_buffer_size -= ts->max;
1105 return true;
1106 } else {
1107 return false;
1108 }
1109 }
1110
1111 bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data,
1112 uint8_t *iRATs, size_t irats_len, tag_response_info_t **responses,
1113 uint32_t *cuid, uint32_t counters[3], uint8_t tearings[3], uint8_t *pages) {
1114 uint8_t sak = 0;
1115 // The first response contains the ATQA (note: bytes are transmitted in reverse order).
1116 static uint8_t rATQA[2] = { 0x00 };
1117 // The second response contains the (mandatory) first 24 bits of the UID
1118 static uint8_t rUIDc1[5] = { 0x00 };
1119 // For UID size 7,
1120 static uint8_t rUIDc2[5] = { 0x00 };
1121 // For UID size 10,
1122 static uint8_t rUIDc3[5] = { 0x00 };
1123 // Prepare the mandatory SAK (for 4, 7 and 10 byte UID)
1124 static uint8_t rSAKc1[3] = { 0x00 };
1125 // Prepare the optional second SAK (for 7 and 10 byte UID), drop the cascade bit for 7b
1126 static uint8_t rSAKc2[3] = { 0x00 };
1127 // Prepare the optional third SAK (for 10 byte UID), drop the cascade bit
1128 static uint8_t rSAKc3[3] = { 0x00 };
1129 // dummy ATS (pseudo-ATR), answer to RATS
1130 // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present,
1131 // TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1
1132 // TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us)
1133 // TC(1) = 0x02: CID supported, NAD not supported
1134 // static uint8_t rRATS[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 };
1135 static uint8_t rRATS[40] = { 0x05, 0x75, 0x80, 0x60, 0x02, 0x00, 0x00, 0x00 };
1136 uint8_t rRATS_len = 8;
1137
1138 // GET_VERSION response for EV1/NTAG
1139 static uint8_t rVERSION[10] = { 0x00 };
1140 // READ_SIG response for EV1/NTAG
1141 static uint8_t rSIGN[34] = { 0x00 };
1142 // PPS response
1143 static uint8_t rPPS[3] = { 0xD0 };
1144
1145 static uint8_t rPACK[4] = { 0x00, 0x00, 0x00, 0x00 };
1146
1147 switch (tagType) {
1148 case 1: { // MIFARE Classic 1k
1149 rATQA[0] = 0x04;
1150 sak = 0x08;
1151 break;
1152 }
1153 case 2: { // MIFARE Ultralight
1154 rATQA[0] = 0x44;
1155 sak = 0x00;
1156 // some first pages of UL/NTAG dump is special data
1157 mfu_dump_t *mfu_header = (mfu_dump_t *) BigBuf_get_EM_addr();
1158 *pages = MAX(mfu_header->pages, 15);
1159
1160 // counters and tearing flags
1161 // for old dumps with all zero headers, we need to set default values.
1162 for (uint8_t i = 0; i < 3; i++) {
1163
1164 counters[i] = le24toh(mfu_header->counter_tearing[i]);
1165
1166 if (mfu_header->counter_tearing[i][3] != 0x00) {
1167 tearings[i] = mfu_header->counter_tearing[i][3];
1168 }
1169 }
1170
1171 // GET_VERSION
1172 if (memcmp(mfu_header->version, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) == 0) {
1173 memcpy(rVERSION, "\x00\x04\x04\x02\x01\x00\x11\x03", 8);
1174 } else {
1175 memcpy(rVERSION, mfu_header->version, 8);
1176 }
1177 AddCrc14A(rVERSION, sizeof(rVERSION) - 2);
1178
1179 // READ_SIG
1180 memcpy(rSIGN, mfu_header->signature, 32);
1181 AddCrc14A(rSIGN, sizeof(rSIGN) - 2);
1182 break;
1183 }
1184 case 3: { // MIFARE DESFire
1185 rATQA[0] = 0x44;
1186 rATQA[1] = 0x03;
1187 sak = 0x20;
1188 memcpy(rRATS, "\x06\x75\x77\x81\x02\x80\x00\x00", 8);
1189 rRATS_len = 8;
1190 break;
1191 }
1192 case 4: { // ISO/IEC 14443-4 - javacard (JCOP)
1193 rATQA[0] = 0x04;
1194 sak = 0x28;
1195 break;
1196 }
1197 case 5: { // MIFARE TNP3XXX
1198 rATQA[0] = 0x01;
1199 rATQA[1] = 0x0f;
1200 sak = 0x01;
1201 break;
1202 }
1203 case 6: { // MIFARE Mini 320b
1204 rATQA[0] = 0x44;
1205 sak = 0x09;
1206 break;
1207 }
1208 case 7: { // NTAG 215
1209 rATQA[0] = 0x44;
1210 sak = 0x00;
1211 // some first pages of UL/NTAG dump is special data
1212 mfu_dump_t *mfu_header = (mfu_dump_t *) BigBuf_get_EM_addr();
1213 *pages = MAX(mfu_header->pages, 19);
1214
1215 // counters and tearing flags
1216 // for old dumps with all zero headers, we need to set default values.
1217 for (uint8_t i = 0; i < 3; i++) {
1218
1219 counters[i] = le24toh(mfu_header->counter_tearing[i]);
1220
1221 if (mfu_header->counter_tearing[i][3] != 0x00) {
1222 tearings[i] = mfu_header->counter_tearing[i][3];
1223 }
1224 }
1225
1226 // GET_VERSION
1227 if (memcmp(mfu_header->version, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) == 0) {
1228 memcpy(rVERSION, "\x00\x04\x04\x02\x01\x00\x11\x03", 8);
1229 } else {
1230 memcpy(rVERSION, mfu_header->version, 8);
1231 }
1232 AddCrc14A(rVERSION, sizeof(rVERSION) - 2);
1233
1234 // READ_SIG
1235 memcpy(rSIGN, mfu_header->signature, 32);
1236 AddCrc14A(rSIGN, sizeof(rSIGN) - 2);
1237 break;
1238 }
1239 case 8: { // MIFARE Classic 4k
1240 rATQA[0] = 0x02;
1241 sak = 0x18;
1242 break;
1243 }
1244 case 9: { // FM11RF005SH (Shanghai Metro)
1245 rATQA[0] = 0x03;
1246 rATQA[1] = 0x00;
1247 sak = 0x0A;
1248 break;
1249 }
1250 case 10: { // ST25TA IKEA Rothult
1251 rATQA[0] = 0x42;
1252 rATQA[1] = 0x00;
1253 sak = 0x20;
1254 break;
1255 }
1256 case 11: { // ISO/IEC 14443-4 - javacard (JCOP) / EMV
1257
1258 memcpy(rRATS, "\x13\x78\x80\x72\x02\x80\x31\x80\x66\xb1\x84\x0c\x01\x6e\x01\x83\x00\x90\x00", 19);
1259 rRATS_len = 19;
1260 rATQA[0] = 0x04;
1261 sak = 0x20;
1262 break;
1263 }
1264 case 12: { // HID Seos 4K card
1265 rATQA[0] = 0x01;
1266 sak = 0x20;
1267 break;
1268 }
1269 default: {
1270 if (g_dbglevel >= DBG_ERROR) Dbprintf("Error: unknown tagtype (%d)", tagType);
1271 return false;
1272 }
1273 }
1274
1275 // copy the iRATs if supplied.
1276 // iRATs is a pointer to 20 byte array
1277 // rRATS is a 40 byte array
1278 if ((flags & FLAG_RATS_IN_DATA) == FLAG_RATS_IN_DATA) {
1279 memcpy(rRATS, iRATs, irats_len);
1280 // rats len is dictated by the first char of the string, add 2 crc bytes
1281 rRATS_len = (iRATs[0] + 2);
1282 // Since its Varible length we can send value > 40 and overflow our array.
1283 // Even if RATS protocol defined as max 40 bytes doesn't mean people try stuff
1284 if (rRATS_len > sizeof(rRATS)) {
1285 if (g_dbglevel >= DBG_ERROR) Dbprintf("[-] ERROR: iRATS overflow. Max %zu, got %zu", sizeof(rRATS), rRATS_len);
1286 return false;
1287 }
1288 }
1289
1290 // if uid not supplied then get from emulator memory
1291 if ((memcmp(data, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 10) == 0) || IS_FLAG_UID_IN_EMUL(flags)) {
1292 if (tagType == 2 || tagType == 7) {
1293 uint16_t start = MFU_DUMP_PREFIX_LENGTH;
1294 uint8_t emdata[8];
1295 emlGet(emdata, start, sizeof(emdata));
1296 memcpy(data, emdata, 3); // uid bytes 0-2
1297 memcpy(data + 3, emdata + 4, 4); // uid bytes 3-7
1298 FLAG_SET_UID_IN_DATA(flags, 7);
1299 } else {
1300 emlGet(data, 0, 4);
1301 FLAG_SET_UID_IN_DATA(flags, 4);
1302 }
1303 }
1304
1305 if (IS_FLAG_UID_IN_DATA(flags, 4)) {
1306 rUIDc1[0] = data[0];
1307 rUIDc1[1] = data[1];
1308 rUIDc1[2] = data[2];
1309 rUIDc1[3] = data[3];
1310 rUIDc1[4] = rUIDc1[0] ^ rUIDc1[1] ^ rUIDc1[2] ^ rUIDc1[3];
1311
1312 // Configure the ATQA and SAK accordingly
1313 rATQA[0] &= 0xBF;
1314
1315 if (tagType == 11) {
1316 rSAKc1[0] = sak & 0xFC & 0X70;
1317 } else {
1318 rSAKc1[0] = sak & 0xFB;
1319 }
1320
1321 AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2);
1322
1323 *cuid = bytes_to_num(data, 4);
1324 } else if (IS_FLAG_UID_IN_DATA(flags, 7)) {
1325 rUIDc1[0] = MIFARE_SELECT_CT; // Cascade Tag marker
1326 rUIDc1[1] = data[0];
1327 rUIDc1[2] = data[1];
1328 rUIDc1[3] = data[2];
1329 rUIDc1[4] = rUIDc1[0] ^ rUIDc1[1] ^ rUIDc1[2] ^ rUIDc1[3];
1330
1331 rUIDc2[0] = data[3];
1332 rUIDc2[1] = data[4];
1333 rUIDc2[2] = data[5];
1334 rUIDc2[3] = data[6];
1335 rUIDc2[4] = rUIDc2[0] ^ rUIDc2[1] ^ rUIDc2[2] ^ rUIDc2[3];
1336
1337 // Configure the ATQA and SAK accordingly
1338 rATQA[0] &= 0xBF;
1339 rATQA[0] |= 0x40;
1340 rSAKc1[0] = 0x04;
1341 rSAKc2[0] = sak & 0xFB;
1342 AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2);
1343 AddCrc14A(rSAKc2, sizeof(rSAKc2) - 2);
1344
1345 *cuid = bytes_to_num(data + 3, 4);
1346
1347 } else if (IS_FLAG_UID_IN_DATA(flags, 10)) {
1348
1349 rUIDc1[0] = MIFARE_SELECT_CT; // Cascade Tag marker
1350 rUIDc1[1] = data[0];
1351 rUIDc1[2] = data[1];
1352 rUIDc1[3] = data[2];
1353 rUIDc1[4] = rUIDc1[0] ^ rUIDc1[1] ^ rUIDc1[2] ^ rUIDc1[3];
1354
1355 rUIDc2[0] = MIFARE_SELECT_CT; // Cascade Tag marker
1356 rUIDc2[1] = data[3];
1357 rUIDc2[2] = data[4];
1358 rUIDc2[3] = data[5];
1359 rUIDc2[4] = rUIDc2[0] ^ rUIDc2[1] ^ rUIDc2[2] ^ rUIDc2[3];
1360
1361 rUIDc3[0] = data[6];
1362 rUIDc3[1] = data[7];
1363 rUIDc3[2] = data[8];
1364 rUIDc3[3] = data[9];
1365 rUIDc3[4] = rUIDc3[0] ^ rUIDc3[1] ^ rUIDc3[2] ^ rUIDc3[3];
1366
1367 // Configure the ATQA and SAK accordingly
1368 rATQA[0] &= 0xBF;
1369 rATQA[0] |= 0x80;
1370 rSAKc1[0] = 0x04;
1371 rSAKc2[0] = 0x04;
1372 rSAKc3[0] = sak & 0xFB;
1373 AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2);
1374 AddCrc14A(rSAKc2, sizeof(rSAKc2) - 2);
1375 AddCrc14A(rSAKc3, sizeof(rSAKc3) - 2);
1376
1377 *cuid = bytes_to_num(data + 3 + 3, 4);
1378 } else {
1379 if (g_dbglevel >= DBG_ERROR) Dbprintf("[-] ERROR: UID size not defined");
1380 return false;
1381 }
1382
1383 AddCrc14A(rRATS, rRATS_len - 2);
1384
1385 AddCrc14A(rPPS, sizeof(rPPS) - 2);
1386
1387 // EV1/NTAG, set PWD w AMIIBO algo if all zero.
1388 if (tagType == 7) {
1389 uint8_t pwd[4] = {0, 0, 0, 0};
1390 uint8_t gen_pwd[4] = {0, 0, 0, 0};
1391 emlGet(pwd, (*pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(pwd));
1392 emlGet(rPACK, (*pages) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(rPACK));
1393
1394 Uint4byteToMemBe(gen_pwd, ul_ev1_pwdgenB(data));
1395 if (memcmp(pwd, gen_pwd, sizeof(pwd)) == 0) {
1396 rPACK[0] = 0x80;
1397 rPACK[1] = 0x80;
1398 }
1399 }
1400
1401 AddCrc14A(rPACK, sizeof(rPACK) - 2);
1402
1403 static tag_response_info_t responses_init[] = {
1404 { .response = rATQA, .response_n = sizeof(rATQA) }, // Answer to request - respond with card type
1405 { .response = rUIDc1, .response_n = sizeof(rUIDc1) }, // Anticollision cascade1 - respond with uid
1406 { .response = rUIDc2, .response_n = sizeof(rUIDc2) }, // Anticollision cascade2 - respond with 2nd half of uid if asked
1407 { .response = rUIDc3, .response_n = sizeof(rUIDc3) }, // Anticollision cascade3 - respond with 3rd half of uid if asked
1408 { .response = rSAKc1, .response_n = sizeof(rSAKc1) }, // Acknowledge select - cascade 1
1409 { .response = rSAKc2, .response_n = sizeof(rSAKc2) }, // Acknowledge select - cascade 2
1410 { .response = rSAKc3, .response_n = sizeof(rSAKc3) }, // Acknowledge select - cascade 3
1411 { .response = rRATS, .response_n = sizeof(rRATS) }, // dummy ATS (pseudo-ATR), answer to RATS
1412 { .response = rVERSION, .response_n = sizeof(rVERSION) }, // EV1/NTAG GET_VERSION response
1413 { .response = rSIGN, .response_n = sizeof(rSIGN) }, // EV1/NTAG READ_SIG response
1414 { .response = rPPS, .response_n = sizeof(rPPS) }, // PPS response
1415 { .response = rPACK, .response_n = sizeof(rPACK) } // PACK response
1416 };
1417
1418 // since rats len is variable now.
1419 responses_init[RESP_INDEX_RATS].response_n = rRATS_len;
1420
1421 // "precompiled" responses.
1422 // These exist for speed reasons. There are no time in the anti collision phase to calculate responses.
1423 // There are 12 predefined responses with a total of 84 bytes data to transmit.
1424 //
1425 // Coded responses need one byte per bit to transfer (data, parity, start, stop, correction)
1426 // 85 * 8 data bits, 85 * 1 parity bits, 12 start bits, 12 stop bits, 12 correction bits
1427 // 85 * 8 + 85 + 12 + 12 + 12 == 801
1428 // CHG:
1429 // 85 bytes normally (rats = 8 bytes)
1430 // 77 bytes + ratslen,
1431
1432 #define ALLOCATED_TAG_MODULATION_BUFFER_SIZE ( ((77 + rRATS_len) * 8) + 77 + rRATS_len + 12 + 12 + 12)
1433
1434 uint8_t *free_buffer = BigBuf_calloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE);
1435 // modulation buffer pointer and current buffer free space size
1436 uint8_t *free_buffer_pointer = free_buffer;
1437 size_t free_buffer_size = ALLOCATED_TAG_MODULATION_BUFFER_SIZE;
1438
1439 // Prepare the responses of the anticollision phase
1440 // there will be not enough time to do this at the moment the reader sends it REQA
1441 for (size_t i = 0; i < ARRAYLEN(responses_init); i++) {
1442 if (prepare_allocated_tag_modulation(&responses_init[i], &free_buffer_pointer, &free_buffer_size) == false) {
1443 BigBuf_free_keep_EM();
1444 if (g_dbglevel >= DBG_ERROR) Dbprintf("Not enough modulation buffer size, exit after %d elements", i);
1445 return false;
1446 }
1447 }
1448
1449 *responses = responses_init;
1450 return true;
1451 }
1452
1453 //-----------------------------------------------------------------------------
1454 // Main loop of simulated tag: receive commands from reader, decide what
1455 // response to send, and send it.
1456 // 'hf 14a sim'
1457 //-----------------------------------------------------------------------------
1458 void SimulateIso14443aTag(uint8_t tagType, uint16_t flags, uint8_t *data, uint8_t exitAfterNReads,
1459 uint8_t *iRATs, size_t irats_len) {
1460
1461 #define ATTACK_KEY_COUNT 16
1462
1463 tag_response_info_t *responses;
1464 uint32_t cuid = 0;
1465 uint32_t nonce = 0;
1466 uint32_t counters[3] = { 0x00, 0x00, 0x00 };
1467 uint8_t tearings[3] = { 0xbd, 0xbd, 0xbd };
1468 uint8_t pages = 0;
1469
1470 // Here, we collect CUID, block1, keytype1, NT1, NR1, AR1, CUID, block2, keytyp2, NT2, NR2, AR2
1471 // it should also collect block, keytype.
1472 uint8_t cardAUTHSC = 0;
1473 uint8_t cardAUTHKEY = 0xff; // no authentication
1474 // allow collecting up to 8 sets of nonces to allow recovery of up to 8 keys
1475
1476 nonces_t ar_nr_nonces[ATTACK_KEY_COUNT]; // for attack types moebius
1477 memset(ar_nr_nonces, 0x00, sizeof(ar_nr_nonces));
1478 uint8_t moebius_count = 0;
1479
1480 // command buffers
1481 uint8_t receivedCmd[MAX_FRAME_SIZE] = { 0x00 };
1482 uint8_t receivedCmdPar[MAX_PARITY_SIZE] = { 0x00 };
1483
1484 // free eventually allocated BigBuf memory but keep Emulator Memory
1485 BigBuf_free_keep_EM();
1486
1487 // Allocate 512 bytes for the dynamic modulation, created when the reader queries for it
1488 // Such a response is less time critical, so we can prepare them on the fly
1489 #define DYNAMIC_RESPONSE_BUFFER_SIZE 64
1490 #define DYNAMIC_MODULATION_BUFFER_SIZE 512
1491
1492 uint8_t *dynamic_response_buffer = BigBuf_calloc(DYNAMIC_RESPONSE_BUFFER_SIZE);
1493 uint8_t *dynamic_modulation_buffer = BigBuf_calloc(DYNAMIC_MODULATION_BUFFER_SIZE);
1494 tag_response_info_t dynamic_response_info = {
1495 .response = dynamic_response_buffer,
1496 .response_n = 0,
1497 .modulation = dynamic_modulation_buffer,
1498 .modulation_n = 0
1499 };
1500
1501 if (SimulateIso14443aInit(tagType, flags, data, iRATs, irats_len, &responses, &cuid, counters, tearings, &pages) == false) {
1502 BigBuf_free_keep_EM();
1503 reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
1504 return;
1505 }
1506
1507 // We need to listen to the high-frequency, peak-detected path.
1508 iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
1509
1510 iso14a_set_timeout(201400); // 106 * 19ms default *100?
1511
1512 int len = 0;
1513
1514 // To control where we are in the protocol
1515 #define ORDER_NONE 0
1516 //#define ORDER_REQA 1
1517 //#define ORDER_SELECT_ALL_CL1 2
1518 //#define ORDER_SELECT_CL1 3
1519 #define ORDER_HALTED 5
1520 #define ORDER_WUPA 6
1521 #define ORDER_AUTH 7
1522 //#define ORDER_SELECT_ALL_CL2 20
1523 //#define ORDER_SELECT_CL2 25
1524 //#define ORDER_SELECT_ALL_CL3 30
1525 //#define ORDER_SELECT_CL3 35
1526 #define ORDER_EV1_COMP_WRITE 40
1527 //#define ORDER_RATS 70
1528
1529 uint8_t order = ORDER_NONE;
1530 int retval = PM3_SUCCESS;
1531
1532 // Just to allow some checks
1533 // int happened = 0;
1534 // int happened2 = 0;
1535 int cmdsRecvd = 0;
1536 uint32_t numReads = 0; //Counts numer of times reader reads a block
1537
1538 // compatible write block number
1539 uint8_t wrblock = 0;
1540
1541 bool odd_reply = true;
1542
1543 clear_trace();
1544 set_tracing(true);
1545 LED_A_ON();
1546
1547 // main loop
1548 bool finished = false;
1549 while (finished == false) {
1550 // BUTTON_PRESS check done in GetIso14443aCommandFromReader
1551 WDT_HIT();
1552
1553 tag_response_info_t *p_response = NULL;
1554
1555 // Clean receive command buffer
1556 if (GetIso14443aCommandFromReader(receivedCmd, sizeof(receivedCmd), receivedCmdPar, &len) == false) {
1557 Dbprintf("Emulator stopped. Trace length: %d ", BigBuf_get_traceLen());
1558 retval = PM3_EOPABORTED;
1559 break;
1560 }
1561
1562 // we need to check "ordered" states before, because received data may be same to any command - is wrong!!!
1563 if (order == ORDER_EV1_COMP_WRITE && len == 18) {
1564 // MIFARE_ULC_COMP_WRITE part 2
1565 // 16 bytes data + 2 bytes crc, only least significant 4 bytes are written
1566 bool isCrcCorrect = CheckCrc14A(receivedCmd, len);
1567 if (isCrcCorrect) {
1568 // first blocks of emu are header
1569 emlSetMem_xt(receivedCmd, wrblock + MFU_DUMP_PREFIX_LENGTH / 4, 1, 4);
1570 // send ACK
1571 EmSend4bit(CARD_ACK);
1572 } else {
1573 // send NACK 0x1 == crc/parity error
1574 EmSend4bit(CARD_NACK_PA);
1575 }
1576 order = ORDER_NONE; // back to work state
1577 p_response = NULL;
1578
1579 } else if (order == ORDER_AUTH && len == 8) {
1580 // Received {nr] and {ar} (part of authentication)
1581 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
1582 uint32_t nr = bytes_to_num(receivedCmd, 4);
1583 uint32_t ar = bytes_to_num(receivedCmd + 4, 4);
1584
1585 // Collect AR/NR per keytype & sector
1586 if ((flags & FLAG_NR_AR_ATTACK) == FLAG_NR_AR_ATTACK) {
1587
1588 int8_t index = -1;
1589 int8_t empty = -1;
1590 for (uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) {
1591 // find which index to use
1592 if ((cardAUTHSC == ar_nr_nonces[i].sector) && (cardAUTHKEY == ar_nr_nonces[i].keytype))
1593 index = i;
1594
1595 // keep track of empty slots.
1596 if (ar_nr_nonces[i].state == EMPTY)
1597 empty = i;
1598 }
1599 // if no empty slots. Choose first and overwrite.
1600 if (index == -1) {
1601 if (empty == -1) {
1602 index = 0;
1603 ar_nr_nonces[index].state = EMPTY;
1604 } else {
1605 index = empty;
1606 }
1607 }
1608
1609 switch ((nonce_state)ar_nr_nonces[index].state) {
1610 case EMPTY: {
1611 // first nonce collect
1612 ar_nr_nonces[index].cuid = cuid;
1613 ar_nr_nonces[index].sector = cardAUTHSC;
1614 ar_nr_nonces[index].keytype = cardAUTHKEY;
1615 ar_nr_nonces[index].nonce = nonce;
1616 ar_nr_nonces[index].nr = nr;
1617 ar_nr_nonces[index].ar = ar;
1618 ar_nr_nonces[index].state = FIRST;
1619 break;
1620 }
1621 case FIRST : {
1622 // second nonce collect
1623 ar_nr_nonces[index].nonce2 = nonce;
1624 ar_nr_nonces[index].nr2 = nr;
1625 ar_nr_nonces[index].ar2 = ar;
1626 ar_nr_nonces[index].state = SECOND;
1627
1628 // send to client (one struct nonces_t)
1629 reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_SUCCESS, (uint8_t *)&ar_nr_nonces[index], sizeof(nonces_t));
1630
1631 ar_nr_nonces[index].state = EMPTY;
1632 ar_nr_nonces[index].sector = 0;
1633 ar_nr_nonces[index].keytype = 0;
1634
1635 moebius_count++;
1636 break;
1637 }
1638 default:
1639 break;
1640 }
1641 }
1642 order = ORDER_NONE; // back to work state
1643 p_response = NULL;
1644
1645 } else if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { // Received a REQUEST, but in HALTED, skip
1646 odd_reply = !odd_reply;
1647 if (odd_reply) {
1648 p_response = &responses[RESP_INDEX_ATQA];
1649 }
1650 } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP
1651 p_response = &responses[RESP_INDEX_ATQA];
1652 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1)
1653 p_response = &responses[RESP_INDEX_UIDC1];
1654 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2)
1655 p_response = &responses[RESP_INDEX_UIDC2];
1656 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 2) { // Received request for UID (cascade 3)
1657 p_response = &responses[RESP_INDEX_UIDC3];
1658 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1)
1659 p_response = &responses[RESP_INDEX_SAKC1];
1660 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2)
1661 p_response = &responses[RESP_INDEX_SAKC2];
1662 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 9) { // Received a SELECT (cascade 3)
1663 p_response = &responses[RESP_INDEX_SAKC3];
1664 } else if (receivedCmd[0] == ISO14443A_CMD_PPS) {
1665 p_response = &responses[RESP_INDEX_PPS];
1666 } else if (receivedCmd[0] == ISO14443A_CMD_READBLOCK && len == 4) { // Received a (plain) READ
1667 uint8_t block = receivedCmd[1];
1668 // if Ultralight or NTAG (4 byte blocks)
1669 if (tagType == 7 || tagType == 2) {
1670 if (block > pages) {
1671 // send NACK 0x0 == invalid argument
1672 EmSend4bit(CARD_NACK_IV);
1673 } else {
1674 // first blocks of emu are header
1675 uint16_t start = block * 4 + MFU_DUMP_PREFIX_LENGTH;
1676 uint8_t emdata[MAX_MIFARE_FRAME_SIZE];
1677 emlGet(emdata, start, 16);
1678 AddCrc14A(emdata, 16);
1679 EmSendCmd(emdata, sizeof(emdata));
1680 numReads++; // Increment number of times reader requested a block
1681
1682 if (exitAfterNReads > 0 && numReads == exitAfterNReads) {
1683 Dbprintf("[MFUEMUL_WORK] %d reads done, exiting", numReads);
1684 finished = true;
1685 }
1686 }
1687 // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
1688 p_response = NULL;
1689 } else if (tagType == 9 && block == 1) {
1690 // FM11005SH. 16blocks, 4bytes / block.
1691 // block0 = 2byte Customer ID (CID), 2byte Manufacture ID (MID)
1692 // block1 = 4byte UID.
1693 p_response = &responses[RESP_INDEX_UIDC1];
1694 } else { // all other tags (16 byte block tags)
1695 uint8_t emdata[MAX_MIFARE_FRAME_SIZE] = {0};
1696 emlGet(emdata, block, 16);
1697 AddCrc14A(emdata, 16);
1698 EmSendCmd(emdata, sizeof(emdata));
1699 // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
1700 p_response = NULL;
1701 }
1702 } else if (receivedCmd[0] == MIFARE_ULEV1_FASTREAD && len == 5) { // Received a FAST READ (ranged read)
1703 uint8_t block1 = receivedCmd[1];
1704 uint8_t block2 = receivedCmd[2];
1705 if (block1 > pages) {
1706 // send NACK 0x0 == invalid argument
1707 EmSend4bit(CARD_NACK_IV);
1708 } else {
1709 uint8_t emdata[MAX_FRAME_SIZE] = {0};
1710 // first blocks of emu are header
1711 int start = block1 * 4 + MFU_DUMP_PREFIX_LENGTH;
1712 len = (block2 - block1 + 1) * 4;
1713 emlGet(emdata, start, len);
1714 AddCrc14A(emdata, len);
1715 EmSendCmd(emdata, len + 2);
1716 }
1717 p_response = NULL;
1718 } else if (receivedCmd[0] == MIFARE_ULC_WRITE && len == 8 && (tagType == 2 || tagType == 7)) { // Received a WRITE
1719 // cmd + block + 4 bytes data + 2 bytes crc
1720 if (CheckCrc14A(receivedCmd, len)) {
1721 uint8_t block = receivedCmd[1];
1722 if (block > pages) {
1723 // send NACK 0x0 == invalid argument
1724 EmSend4bit(CARD_NACK_IV);
1725 } else {
1726 // first blocks of emu are header
1727 emlSetMem_xt(&receivedCmd[2], block + MFU_DUMP_PREFIX_LENGTH / 4, 1, 4);
1728 // send ACK
1729 EmSend4bit(CARD_ACK);
1730 }
1731 } else {
1732 // send NACK 0x1 == crc/parity error
1733 EmSend4bit(CARD_NACK_PA);
1734 }
1735 p_response = NULL;
1736 } else if (receivedCmd[0] == MIFARE_ULC_COMP_WRITE && len == 4 && (tagType == 2 || tagType == 7)) {
1737 // cmd + block + 2 bytes crc
1738 if (CheckCrc14A(receivedCmd, len)) {
1739 wrblock = receivedCmd[1];
1740 if (wrblock > pages) {
1741 // send NACK 0x0 == invalid argument
1742 EmSend4bit(CARD_NACK_IV);
1743 } else {
1744 // send ACK
1745 EmSend4bit(CARD_ACK);
1746 // go to part 2
1747 order = ORDER_EV1_COMP_WRITE;
1748 }
1749 } else {
1750 // send NACK 0x1 == crc/parity error
1751 EmSend4bit(CARD_NACK_PA);
1752 }
1753 p_response = NULL;
1754 } else if (receivedCmd[0] == MIFARE_ULEV1_READSIG && len == 4 && tagType == 7) { // Received a READ SIGNATURE --
1755 p_response = &responses[RESP_INDEX_SIGNATURE];
1756 } else if (receivedCmd[0] == MIFARE_ULEV1_READ_CNT && len == 4 && tagType == 7) { // Received a READ COUNTER --
1757 uint8_t index = receivedCmd[1];
1758 if (index > 2) {
1759 // send NACK 0x0 == invalid argument
1760 EmSend4bit(CARD_NACK_IV);
1761 } else {
1762 uint8_t cmd[] = {0x00, 0x00, 0x00, 0x14, 0xa5};
1763 htole24(counters[index], cmd);
1764 AddCrc14A(cmd, sizeof(cmd) - 2);
1765 EmSendCmd(cmd, sizeof(cmd));
1766 }
1767 p_response = NULL;
1768 } else if (receivedCmd[0] == MIFARE_ULEV1_INCR_CNT && len == 8 && tagType == 7) { // Received a INC COUNTER --
1769 uint8_t index = receivedCmd[1];
1770 if (index > 2) {
1771 // send NACK 0x0 == invalid argument
1772 EmSend4bit(CARD_NACK_IV);
1773 } else {
1774 uint32_t val = le24toh(receivedCmd + 2) + counters[index];
1775 // if new value + old value is bigger 24bits, fail
1776 if (val > 0xFFFFFF) {
1777 // send NACK 0x4 == counter overflow
1778 EmSend4bit(CARD_NACK_NA);
1779 } else {
1780 counters[index] = val;
1781 // send ACK
1782 EmSend4bit(CARD_ACK);
1783 }
1784 }
1785 p_response = NULL;
1786 } else if (receivedCmd[0] == MIFARE_ULEV1_CHECKTEAR && len == 4 && tagType == 7) { // Received a CHECK_TEARING_EVENT --
1787 // first 12 blocks of emu are [getversion answer - check tearing - pack - 0x00 - signature]
1788 uint8_t index = receivedCmd[1];
1789 if (index > 2) {
1790 // send NACK 0x0 == invalid argument
1791 EmSend4bit(CARD_NACK_IV);
1792 } else {
1793 uint8_t cmd[3] = {0, 0, 0};
1794 cmd[0] = tearings[index];
1795 AddCrc14A(cmd, sizeof(cmd) - 2);
1796 EmSendCmd(cmd, sizeof(cmd));
1797 }
1798 p_response = NULL;
1799 } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT
1800 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
1801 p_response = NULL;
1802 order = ORDER_HALTED;
1803 } else if (receivedCmd[0] == MIFARE_ULEV1_VERSION && len == 3 && (tagType == 2 || tagType == 7)) {
1804 p_response = &responses[RESP_INDEX_VERSION];
1805 } else if (receivedCmd[0] == MFDES_GET_VERSION && len == 4 && (tagType == 3)) {
1806 p_response = &responses[RESP_INDEX_VERSION];
1807 } else if ((receivedCmd[0] == MIFARE_AUTH_KEYA || receivedCmd[0] == MIFARE_AUTH_KEYB) && len == 4 && tagType != 2 && tagType != 7) { // Received an authentication request
1808 cardAUTHKEY = receivedCmd[0] - 0x60;
1809 cardAUTHSC = receivedCmd[1] / 4; // received block num
1810
1811 // incease nonce at AUTH requests. this is time consuming.
1812 nonce = prng_successor(GetTickCount(), 32);
1813 num_to_bytes(nonce, 4, dynamic_response_info.response);
1814 dynamic_response_info.response_n = 4;
1815
1816 prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE);
1817 p_response = &dynamic_response_info;
1818 order = ORDER_AUTH;
1819 } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { // Received a RATS request
1820 if (tagType == 1 || tagType == 2) { // RATS not supported
1821 EmSend4bit(CARD_NACK_NA);
1822 p_response = NULL;
1823 } else {
1824 p_response = &responses[RESP_INDEX_RATS];
1825 }
1826 } else if (receivedCmd[0] == MIFARE_ULC_AUTH_1) { // ULC authentication, or Desfire Authentication
1827 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
1828 p_response = NULL;
1829 } else if (receivedCmd[0] == MIFARE_ULEV1_AUTH && len == 7 && tagType == 7) { // NTAG / EV-1
1830 uint8_t pwd[4] = {0, 0, 0, 0};
1831 emlGet(pwd, (pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH, sizeof(pwd));
1832 if (g_dbglevel >= DBG_DEBUG) {
1833 Dbprintf("Reader sent password: ");
1834 Dbhexdump(4, receivedCmd + 1, 0);
1835 Dbprintf("Loaded password from memory: ");
1836 Dbhexdump(4, pwd, 0);
1837 }
1838
1839 if (memcmp(pwd, "\x00\x00\x00\x00", 4) == 0) {
1840 Uint4byteToMemLe(pwd, ul_ev1_pwdgenB(data));
1841 if (g_dbglevel >= DBG_DEBUG) Dbprintf("Calc pwd... %02X %02X %02X %02X", pwd[0], pwd[1], pwd[2], pwd[3]);
1842 }
1843
1844 if (memcmp(receivedCmd + 1, pwd, 4) == 0) {
1845 if (g_dbglevel >= DBG_DEBUG) Dbprintf("Password match, responding with PACK.");
1846 p_response = &responses[RESP_INDEX_PACK];
1847 } else {
1848 if (g_dbglevel >= DBG_DEBUG) Dbprintf("Password did not match, NACK_IV.");
1849 p_response = NULL;
1850 EmSend4bit(CARD_NACK_IV);
1851 }
1852
1853 } else if (receivedCmd[0] == MIFARE_ULEV1_VCSL && len == 23 && tagType == 7) {
1854 uint8_t cmd[3] = {0, 0, 0};
1855 emlGet(cmd, (pages - 2) * 4 + 1 + MFU_DUMP_PREFIX_LENGTH, 1);
1856 AddCrc14A(cmd, sizeof(cmd) - 2);
1857 EmSendCmd(cmd, sizeof(cmd));
1858 p_response = NULL;
1859
1860 } else {
1861
1862 // clear old dynamic responses
1863 dynamic_response_info.response_n = 0;
1864 dynamic_response_info.modulation_n = 0;
1865
1866 // ST25TA512B IKEA Rothult
1867 if (tagType == 10) {
1868 // we replay 90 00 for all commands but the read bin and we deny the verify cmd.
1869
1870 if (memcmp("\x02\xa2\xb0\x00\x00\x1d\x51\x69", receivedCmd, 8) == 0) {
1871 dynamic_response_info.response[0] = receivedCmd[0];
1872 memcpy(dynamic_response_info.response + 1, "\x00\x1b\xd1\x01\x17\x54\x02\x7a\x68\xa2\x34\xcb\xd0\xe2\x03\xc7\x3e\x62\x0b\xe8\xc6\x3c\x85\x2c\xc5\x31\x31\x31\x32\x90\x00", 31);
1873 dynamic_response_info.response_n = 32;
1874 } else if (memcmp("\x02\x00\x20\x00\x01\x00\x6e\xa9", receivedCmd, 8) == 0) {
1875 dynamic_response_info.response[0] = receivedCmd[0];
1876 dynamic_response_info.response[1] = 0x63;
1877 dynamic_response_info.response[2] = 0x00;
1878 dynamic_response_info.response_n = 3;
1879 } else if (memcmp("\x03\x00\x20\x00\x01\x10", receivedCmd, 6) == 0) {
1880 Dbprintf("Reader sent password: ");
1881 Dbhexdump(16, receivedCmd + 6, 0);
1882 dynamic_response_info.response[0] = receivedCmd[0];
1883 dynamic_response_info.response[1] = 0x90;
1884 dynamic_response_info.response[2] = 0x00;
1885 dynamic_response_info.response_n = 3;
1886 } else {
1887 dynamic_response_info.response[0] = receivedCmd[0];
1888 dynamic_response_info.response[1] = 0x90;
1889 dynamic_response_info.response[2] = 0x00;
1890 dynamic_response_info.response_n = 3;
1891 }
1892 } else {
1893
1894 // Check for ISO 14443A-4 compliant commands, look at left nibble
1895 switch (receivedCmd[0]) {
1896 case 0x02:
1897 case 0x03: { // IBlock (command no CID)
1898 dynamic_response_info.response[0] = receivedCmd[0];
1899 dynamic_response_info.response[1] = 0x90;
1900 dynamic_response_info.response[2] = 0x00;
1901 dynamic_response_info.response_n = 3;
1902 }
1903 break;
1904 case 0x0B:
1905 case 0x0A: { // IBlock (command CID)
1906 dynamic_response_info.response[0] = receivedCmd[0];
1907 dynamic_response_info.response[1] = 0x00;
1908 dynamic_response_info.response[2] = 0x90;
1909 dynamic_response_info.response[3] = 0x00;
1910 dynamic_response_info.response_n = 4;
1911 }
1912 break;
1913
1914 case 0x1A:
1915 case 0x1B: { // Chaining command
1916 dynamic_response_info.response[0] = 0xaa | ((receivedCmd[0]) & 1);
1917 dynamic_response_info.response_n = 2;
1918 }
1919 break;
1920
1921 case 0xAA:
1922 case 0xBB: {
1923 dynamic_response_info.response[0] = receivedCmd[0] ^ 0x11;
1924 dynamic_response_info.response_n = 2;
1925 }
1926 break;
1927
1928 case 0xBA: { // ping / pong
1929 dynamic_response_info.response[0] = 0xAB;
1930 dynamic_response_info.response[1] = 0x00;
1931 dynamic_response_info.response_n = 2;
1932 }
1933 break;
1934
1935 case 0xCA:
1936 case 0xC2: { // Readers sends deselect command
1937 dynamic_response_info.response[0] = 0xCA;
1938 dynamic_response_info.response[1] = 0x00;
1939 dynamic_response_info.response_n = 2;
1940 }
1941 break;
1942
1943 default: {
1944 // Never seen this command before
1945 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
1946 if (g_dbglevel >= DBG_DEBUG) {
1947 Dbprintf("Received unknown command (len=%d):", len);
1948 Dbhexdump(len, receivedCmd, false);
1949 }
1950 // Do not respond
1951 dynamic_response_info.response_n = 0;
1952 order = ORDER_NONE; // back to work state
1953 }
1954 break;
1955 }
1956
1957 }
1958 if (dynamic_response_info.response_n > 0) {
1959
1960 // Copy the CID from the reader query
1961 if (tagType != 10)
1962 dynamic_response_info.response[1] = receivedCmd[1];
1963
1964 // Add CRC bytes, always used in ISO 14443A-4 compliant cards
1965 AddCrc14A(dynamic_response_info.response, dynamic_response_info.response_n);
1966 dynamic_response_info.response_n += 2;
1967
1968 if (prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
1969 if (g_dbglevel >= DBG_DEBUG) DbpString("Error preparing tag response");
1970 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
1971 break;
1972 }
1973 p_response = &dynamic_response_info;
1974 }
1975 }
1976
1977 // Count number of wakeups received after a halt
1978 // if (order == ORDER_WUPA && lastorder == ORDER_HALTED) { happened++; }
1979
1980 // Count number of other messages after a halt
1981 // if (order != ORDER_WUPA && lastorder == ORDER_HALTED) { happened2++; }
1982
1983 cmdsRecvd++;
1984
1985 // Send response
1986 EmSendPrecompiledCmd(p_response);
1987 }
1988
1989 switch_off();
1990
1991 set_tracing(false);
1992 BigBuf_free_keep_EM();
1993
1994 if (g_dbglevel >= DBG_EXTENDED) {
1995 // Dbprintf("-[ Wake ups after halt [%d]", happened);
1996 // Dbprintf("-[ Messages after halt [%d]", happened2);
1997 Dbprintf("-[ Num of received cmd [%d]", cmdsRecvd);
1998 Dbprintf("-[ Num of moebius tries [%d]", moebius_count);
1999 }
2000
2001 reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0);
2002 }
2003
2004 // prepare a delayed transfer. This simply shifts ToSend[] by a number
2005 // of bits specified in the delay parameter.
2006 static void PrepareDelayedTransfer(uint16_t delay) {
2007 delay &= 0x07;
2008 if (!delay) return;
2009
2010 uint8_t bitmask = 0;
2011 uint8_t bits_shifted = 0;
2012
2013 for (uint16_t i = 0; i < delay; i++)
2014 bitmask |= (0x01 << i);
2015
2016 tosend_t *ts = get_tosend();
2017
2018 ts->buf[ts->max++] = 0x00;
2019
2020 for (uint32_t i = 0; i < ts->max; i++) {
2021 uint8_t bits_to_shift = ts->buf[i] & bitmask;
2022 ts->buf[i] = ts->buf[i] >> delay;
2023 ts->buf[i] = ts->buf[i] | (bits_shifted << (8 - delay));
2024 bits_shifted = bits_to_shift;
2025 }
2026 }
2027
2028
2029 //-------------------------------------------------------------------------------------
2030 // Transmit the command (to the tag) that was placed in ToSend[].
2031 // Parameter timing:
2032 // if NULL: transfer at next possible time, taking into account
2033 // request guard time and frame delay time
2034 // if == 0: transfer immediately and return time of transfer
2035 // if != 0: delay transfer until time specified
2036 //-------------------------------------------------------------------------------------
2037 static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) {
2038
2039 if (g_hf_field_active == false) {
2040 Dbprintf("Warning: HF field is off");
2041 return;
2042 }
2043 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
2044
2045 if (timing) {
2046 if (*timing == 0) // Measure time
2047 *timing = (GetCountSspClk() + 8) & 0xfffffff8;
2048 else
2049 PrepareDelayedTransfer(*timing & 0x00000007); // Delay transfer (fine tuning - up to 7 MF clock ticks)
2050
2051 while (GetCountSspClk() < (*timing & 0xfffffff8)) {}; // Delay transfer (multiple of 8 MF clock ticks)
2052 LastTimeProxToAirStart = *timing;
2053 } else {
2054
2055 uint32_t ThisTransferTime = 0;
2056 ThisTransferTime = ((MAX(NextTransferTime, GetCountSspClk()) & 0xfffffff8) + 8);
2057
2058 while (GetCountSspClk() < ThisTransferTime) {};
2059
2060 LastTimeProxToAirStart = ThisTransferTime;
2061 }
2062
2063 uint16_t c = 0;
2064 while (c < len) {
2065 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
2066 AT91C_BASE_SSC->SSC_THR = cmd[c];
2067 c++;
2068 }
2069 }
2070
2071 NextTransferTime = MAX(NextTransferTime, LastTimeProxToAirStart + REQUEST_GUARD_TIME);
2072 }
2073
2074 //-----------------------------------------------------------------------------
2075 // Prepare reader command (in bits, support short frames) to send to FPGA
2076 //-----------------------------------------------------------------------------
2077 static void CodeIso14443aBitsAsReaderPar(const uint8_t *cmd, uint16_t bits, const uint8_t *par) {
2078 int last = 0;
2079
2080 tosend_reset();
2081 tosend_t *ts = get_tosend();
2082
2083 // Start of Communication (Seq. Z)
2084 ts->buf[++ts->max] = SEC_Z;
2085 LastProxToAirDuration = 8 * (ts->max + 1) - 6;
2086
2087 size_t bytecount = nbytes(bits);
2088 // Generate send structure for the data bits
2089 for (int i = 0; i < bytecount; i++) {
2090 // Get the current byte to send
2091 uint8_t b = cmd[i];
2092 size_t bitsleft = MIN((bits - (i * 8)), 8);
2093 int j;
2094 for (j = 0; j < bitsleft; j++) {
2095 if (b & 1) {
2096 // Sequence X
2097 ts->buf[++ts->max] = SEC_X;
2098 LastProxToAirDuration = 8 * (ts->max + 1) - 2;
2099 last = 1;
2100 } else {
2101 if (last == 0) {
2102 // Sequence Z
2103 ts->buf[++ts->max] = SEC_Z;
2104 LastProxToAirDuration = 8 * (ts->max + 1) - 6;
2105 } else {
2106 // Sequence Y
2107 ts->buf[++ts->max] = SEC_Y;
2108 last = 0;
2109 }
2110 }
2111 b >>= 1;
2112 }
2113
2114 // Only transmit parity bit if we transmitted a complete byte
2115 if (j == 8 && par != NULL) {
2116 // Get the parity bit
2117 if (par[i >> 3] & (0x80 >> (i & 0x0007))) {
2118 // Sequence X
2119 ts->buf[++ts->max] = SEC_X;
2120 LastProxToAirDuration = 8 * (ts->max + 1) - 2;
2121 last = 1;
2122 } else {
2123 if (last == 0) {
2124 // Sequence Z
2125 ts->buf[++ts->max] = SEC_Z;
2126 LastProxToAirDuration = 8 * (ts->max + 1) - 6;
2127 } else {
2128 // Sequence Y
2129 ts->buf[++ts->max] = SEC_Y;
2130 last = 0;
2131 }
2132 }
2133 }
2134 }
2135
2136 // End of Communication: Logic 0 followed by Sequence Y
2137 if (last == 0) {
2138 // Sequence Z
2139 ts->buf[++ts->max] = SEC_Z;
2140 LastProxToAirDuration = 8 * (ts->max + 1) - 6;
2141 } else {
2142 // Sequence Y
2143 ts->buf[++ts->max] = SEC_Y;
2144 }
2145 ts->buf[++ts->max] = SEC_Y;
2146
2147 // Convert to length of command:
2148 ts->max++;
2149 }
2150
2151 //-----------------------------------------------------------------------------
2152 // Prepare reader command to send to FPGA
2153 //-----------------------------------------------------------------------------
2154 /*
2155 static void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *par) {
2156 CodeIso14443aBitsAsReaderPar(cmd, len * 8, par);
2157 }
2158 */
2159 //-----------------------------------------------------------------------------
2160 // Wait for commands from reader
2161 // Stop when button is pressed (return 1) or field was gone (return 2)
2162 // Or return 0 when command is captured
2163 //-----------------------------------------------------------------------------
2164 int EmGetCmd(uint8_t *received, uint16_t received_max_len, uint16_t *len, uint8_t *par) {
2165 *len = 0;
2166
2167 uint32_t timer = 0;
2168 int analogCnt = 0;
2169 int analogAVG = 0;
2170
2171 // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen
2172 // only, since we are receiving, not transmitting).
2173 // Signal field is off with the appropriate LED
2174 LED_D_OFF();
2175 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);
2176
2177 // Set ADC to read field strength
2178 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_SWRST;
2179 AT91C_BASE_ADC->ADC_MR =
2180 ADC_MODE_PRESCALE(63) |
2181 ADC_MODE_STARTUP_TIME(1) |
2182 ADC_MODE_SAMPLE_HOLD_TIME(15);
2183
2184 AT91C_BASE_ADC->ADC_CHER = ADC_CHANNEL(ADC_CHAN_HF);
2185
2186 // start ADC
2187 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
2188
2189 // Now run a 'software UART' on the stream of incoming samples.
2190 Uart14aInit(received, received_max_len, par);
2191
2192 // Clear RXRDY:
2193 uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2194 (void)b;
2195
2196 uint8_t flip = 0;
2197 uint16_t checker = 4000;
2198 for (;;) {
2199 WDT_HIT();
2200
2201 // ever 3 * 4000, check if we got any data from client
2202 // takes long time, usually messes with simualtion
2203 if (flip == 3) {
2204 if (data_available()) {
2205 Dbprintf("----------- " _GREEN_("Breaking / Data") " ----------");
2206 return false;
2207 }
2208 flip = 0;
2209 }
2210
2211 // button press, takes a bit time, might mess with simualtion
2212 if (checker-- == 0) {
2213 if (BUTTON_PRESS()) {
2214 Dbprintf("----------- " _GREEN_("Breaking / User aborted") " ----------");
2215 return false;
2216 }
2217
2218 flip++;
2219 checker = 4000;
2220 }
2221
2222
2223 // test if the field exists
2224 if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF)) {
2225
2226 analogCnt++;
2227
2228 analogAVG += (AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF] & 0x3FF);
2229
2230 AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START;
2231
2232 if (analogCnt >= 32) {
2233
2234 if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) {
2235
2236 if (timer == 0) {
2237 timer = GetTickCount();
2238 } else {
2239 // 4ms no field --> card to idle state
2240 if (GetTickCountDelta(timer) > 4) {
2241 return 2;
2242 }
2243 }
2244 } else {
2245 timer = 0;
2246 }
2247 analogCnt = 0;
2248 analogAVG = 0;
2249 }
2250 }
2251
2252 // receive and test the miller decoding
2253 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
2254 b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2255 if (MillerDecoding(b, 0)) {
2256 *len = Uart.len;
2257 return 0;
2258 }
2259 }
2260 }
2261 }
2262
2263 int EmSendCmd14443aRaw(const uint8_t *resp, uint16_t respLen) {
2264 volatile uint8_t b;
2265 uint16_t i = 0;
2266 uint32_t ThisTransferTime = 0;
2267 bool correction_needed;
2268
2269 // Modulate Manchester
2270 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_MOD);
2271
2272 // Include correction bit if necessary
2273 if (Uart.bitCount == 7) {
2274 // Short tags (7 bits) don't have parity, determine the correct value from MSB
2275 correction_needed = Uart.output[0] & 0x40;
2276 } else {
2277 // The parity bits are left-aligned
2278 correction_needed = Uart.parity[(Uart.len - 1) / 8] & (0x80 >> ((Uart.len - 1) & 7));
2279 }
2280 // 1236, so correction bit needed
2281 i = (correction_needed) ? 0 : 1;
2282
2283 // clear receiving shift register and holding register
2284 while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY));
2285 b = AT91C_BASE_SSC->SSC_RHR;
2286 (void) b;
2287
2288 // wait for the FPGA to signal fdt_indicator == 1 (the FPGA is ready to queue new data in its delay line)
2289 for (uint8_t j = 0; j < 5; j++) { // allow timeout - better late than never
2290 while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY));
2291 if (AT91C_BASE_SSC->SSC_RHR) {
2292 break;
2293 }
2294 }
2295
2296 while ((ThisTransferTime = GetCountSspClk()) & 0x00000007);
2297
2298 // Clear TXRDY:
2299 AT91C_BASE_SSC->SSC_THR = SEC_F;
2300
2301 // send cycle
2302 for (; i < respLen;) {
2303 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
2304 AT91C_BASE_SSC->SSC_THR = resp[i++];
2305 FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2306 }
2307 }
2308
2309 // Ensure that the FPGA Delay Queue is empty before we switch to TAGSIM_LISTEN again:
2310 uint8_t fpga_queued_bits = FpgaSendQueueDelay >> 3;
2311 for (i = 0; i <= (fpga_queued_bits >> 3) + 1;) {
2312 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
2313 AT91C_BASE_SSC->SSC_THR = SEC_F;
2314 FpgaSendQueueDelay = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2315 i++;
2316 }
2317 }
2318 LastTimeProxToAirStart = ThisTransferTime + (correction_needed ? 8 : 0);
2319 return PM3_SUCCESS;
2320 }
2321
2322 int EmSend4bit(uint8_t resp) {
2323 Code4bitAnswerAsTag(resp);
2324 tosend_t *ts = get_tosend();
2325 int res = EmSendCmd14443aRaw(ts->buf, ts->max);
2326 // do the tracing for the previous reader request and this tag answer:
2327 uint8_t par[1] = {0x00};
2328 GetParity(&resp, 1, par);
2329 EmLogTrace(Uart.output,
2330 Uart.len,
2331 Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG,
2332 Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG,
2333 Uart.parity,
2334 &resp,
2335 1,
2336 LastTimeProxToAirStart * 16 + DELAY_ARM2AIR_AS_TAG,
2337 (LastTimeProxToAirStart + LastProxToAirDuration) * 16 + DELAY_ARM2AIR_AS_TAG,
2338 par);
2339 return res;
2340 }
2341 int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par) {
2342 return EmSendCmdParEx(resp, respLen, par, false);
2343 }
2344 int EmSendCmdParEx(uint8_t *resp, uint16_t respLen, uint8_t *par, bool collision) {
2345 CodeIso14443aAsTagPar(resp, respLen, par, collision);
2346 tosend_t *ts = get_tosend();
2347 int res = EmSendCmd14443aRaw(ts->buf, ts->max);
2348
2349 // do the tracing for the previous reader request and this tag answer:
2350 EmLogTrace(Uart.output,
2351 Uart.len,
2352 Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG,
2353 Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG,
2354 Uart.parity,
2355 resp,
2356 respLen,
2357 LastTimeProxToAirStart * 16 + DELAY_ARM2AIR_AS_TAG,
2358 (LastTimeProxToAirStart + LastProxToAirDuration) * 16 + DELAY_ARM2AIR_AS_TAG,
2359 par);
2360 return res;
2361 }
2362 int EmSendCmd(uint8_t *resp, uint16_t respLen) {
2363 return EmSendCmdEx(resp, respLen, false);
2364 }
2365 int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool collision) {
2366 GetParity(resp, respLen, parity_array);
2367 return EmSendCmdParEx(resp, respLen, parity_array, collision);
2368 }
2369
2370 int EmSendPrecompiledCmd(tag_response_info_t *p_response) {
2371 if (p_response == NULL) return 0;
2372 int ret = EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n);
2373 // do the tracing for the previous reader request and this tag answer:
2374 GetParity(p_response->response, p_response->response_n, parity_array);
2375
2376 EmLogTrace(Uart.output,
2377 Uart.len,
2378 Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG,
2379 Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG,
2380 Uart.parity,
2381 p_response->response,
2382 p_response->response_n,
2383 LastTimeProxToAirStart * 16 + DELAY_ARM2AIR_AS_TAG,
2384 (LastTimeProxToAirStart + p_response->ProxToAirDuration) * 16 + DELAY_ARM2AIR_AS_TAG,
2385 parity_array);
2386 return ret;
2387 }
2388
2389 bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime,
2390 uint32_t reader_EndTime, uint8_t *reader_Parity, uint8_t *tag_data,
2391 uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity) {
2392
2393 // we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
2394 // end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
2395 // with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
2396
2397 uint16_t reader_modlen = reader_EndTime - reader_StartTime;
2398 uint16_t approx_fdt = tag_StartTime - reader_EndTime;
2399 uint16_t exact_fdt = (approx_fdt - 20 + 32) / 64 * 64 + 20;
2400 reader_EndTime = tag_StartTime - exact_fdt;
2401 reader_StartTime = reader_EndTime - reader_modlen;
2402
2403 if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, true))
2404 return false;
2405 else
2406 return (!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, false));
2407
2408 }
2409
2410 //-----------------------------------------------------------------------------
2411 // Kovio - Thinfilm barcode. TAG-TALK-FIRST -
2412 // Wait a certain time for tag response
2413 // If a response is captured return TRUE
2414 // If it takes too long return FALSE
2415 //-----------------------------------------------------------------------------
2416 bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint16_t rec_maxlen, uint8_t *received_len) {
2417
2418 if (g_hf_field_active == false) {
2419 Dbprintf("Warning: HF field is off");
2420 return false;
2421 }
2422
2423 // Set FPGA mode to "reader listen mode", no modulation (listen
2424 // only, since we are receiving, not transmitting).
2425 // Signal field is on with the appropriate LED
2426 LED_D_ON();
2427 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN);
2428
2429 // Now get the answer from the card
2430 Demod14aInit(receivedResponse, rec_maxlen, NULL);
2431
2432 // clear RXRDY:
2433 uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2434 (void)b;
2435
2436 uint32_t timeout = iso14a_get_timeout();
2437 uint32_t receive_timer = GetTickCount();
2438
2439 for (;;) {
2440 WDT_HIT();
2441
2442 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
2443 b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2444 if (ManchesterDecoding_Thinfilm(b)) {
2445 *received_len = Demod.len;
2446 LogTrace(receivedResponse, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, NULL, false);
2447 return true;
2448 }
2449 }
2450
2451 if (GetTickCountDelta(receive_timer) > timeout + 100) {
2452 break;
2453 }
2454 }
2455
2456 *received_len = Demod.len;
2457 LogTrace(receivedResponse, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, NULL, false);
2458 return false;
2459 }
2460
2461
2462 //-----------------------------------------------------------------------------
2463 // Wait a certain time for tag response
2464 // If a response is captured return TRUE
2465 // If it takes too long return FALSE
2466 //-----------------------------------------------------------------------------
2467 static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint16_t rec_maxlen, uint8_t *receivedResponsePar, uint16_t offset) {
2468 if (g_hf_field_active == false) {
2469 Dbprintf("Warning: HF field is off");
2470 return false;
2471 }
2472
2473 // Set FPGA mode to "reader listen mode", no modulation (listen
2474 // only, since we are receiving, not transmitting).
2475 // Signal field is on with the appropriate LED
2476 LED_D_ON();
2477 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN);
2478
2479 // Now get the answer from the card
2480 Demod14aInit(receivedResponse, rec_maxlen, receivedResponsePar);
2481
2482 // clear RXRDY:
2483 uint8_t b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2484 (void)b;
2485
2486 volatile uint32_t c = 0;
2487 uint32_t timeout = iso14a_get_timeout();
2488 uint32_t receive_timer = GetTickCount();
2489 for (;;) {
2490 WDT_HIT();
2491
2492 if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
2493 b = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
2494 if (ManchesterDecoding(b, offset, 0)) {
2495 NextTransferTime = MAX(NextTransferTime, Demod.endTime - (DELAY_AIR2ARM_AS_READER + DELAY_ARM2AIR_AS_READER) / 16 + FRAME_DELAY_TIME_PICC_TO_PCD);
2496 return true;
2497 } else if (c++ > timeout && Demod.state == DEMOD_14A_UNSYNCD) {
2498 return false;
2499 }
2500 }
2501
2502 // timeout already in ms + 100ms guard time
2503 if (GetTickCountDelta(receive_timer) > timeout + 100) {
2504 break;
2505 }
2506 }
2507 return false;
2508 }
2509
2510 void ReaderTransmitBitsPar(uint8_t *frame, uint16_t bits, uint8_t *par, uint32_t *timing) {
2511
2512 CodeIso14443aBitsAsReaderPar(frame, bits, par);
2513 // Send command to tag
2514 tosend_t *ts = get_tosend();
2515 TransmitFor14443a(ts->buf, ts->max, timing);
2516 if (g_trigger) LED_A_ON();
2517
2518 LogTrace(frame, nbytes(bits), (LastTimeProxToAirStart << 4) + DELAY_ARM2AIR_AS_READER, ((LastTimeProxToAirStart + LastProxToAirDuration) << 4) + DELAY_ARM2AIR_AS_READER, par, true);
2519 }
2520
2521 void ReaderTransmitPar(uint8_t *frame, uint16_t len, uint8_t *par, uint32_t *timing) {
2522 ReaderTransmitBitsPar(frame, len * 8, par, timing);
2523 }
2524
2525 static void ReaderTransmitBits(uint8_t *frame, uint16_t len, uint32_t *timing) {
2526 // Generate parity and redirect
2527 GetParity(frame, len / 8, parity_array);
2528 ReaderTransmitBitsPar(frame, len, parity_array, timing);
2529 }
2530
2531 void ReaderTransmit(uint8_t *frame, uint16_t len, uint32_t *timing) {
2532 // Generate parity and redirect
2533 GetParity(frame, len, parity_array);
2534 ReaderTransmitBitsPar(frame, len * 8, parity_array, timing);
2535 }
2536
2537 static uint16_t ReaderReceiveOffset(uint8_t *receivedAnswer, uint16_t answer_len, uint16_t offset, uint8_t *par) {
2538 if (GetIso14443aAnswerFromTag(receivedAnswer, answer_len, par, offset) == false) {
2539 return 0;
2540 }
2541 LogTrace(receivedAnswer, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, par, false);
2542 return Demod.len;
2543 }
2544
2545 uint16_t ReaderReceive(uint8_t *receivedAnswer, uint16_t answer_maxlen, uint8_t *par) {
2546 if (GetIso14443aAnswerFromTag(receivedAnswer, answer_maxlen, par, 0) == false) {
2547 return 0;
2548 }
2549 LogTrace(receivedAnswer, Demod.len, Demod.startTime * 16 - DELAY_AIR2ARM_AS_READER, Demod.endTime * 16 - DELAY_AIR2ARM_AS_READER, par, false);
2550 return Demod.len;
2551 }
2552
2553
2554 // This function misstreats the ISO 14443a anticollision procedure.
2555 // by fooling the reader there is a collision and forceing the reader to
2556 // increase the uid bytes. The might be an overflow, DoS will occur.
2557 void iso14443a_antifuzz(uint32_t flags) {
2558
2559 // We need to listen to the high-frequency, peak-detected path.
2560 iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
2561
2562 BigBuf_free_keep_EM();
2563 clear_trace();
2564 set_tracing(true);
2565
2566 int len = 0;
2567
2568 // allocate buffers:
2569 uint8_t *received = BigBuf_malloc(MAX_FRAME_SIZE);
2570 uint8_t *receivedPar = BigBuf_malloc(MAX_PARITY_SIZE);
2571 uint8_t *resp = BigBuf_malloc(20);
2572
2573 memset(received, 0x00, MAX_FRAME_SIZE);
2574 memset(received, 0x00, MAX_PARITY_SIZE);
2575 memset(resp, 0xFF, 20);
2576
2577 LED_A_ON();
2578 for (;;) {
2579 WDT_HIT();
2580
2581 // Clean receive command buffer
2582 if (!GetIso14443aCommandFromReader(received, MAX_FRAME_SIZE, receivedPar, &len)) {
2583 Dbprintf("Anti-fuzz stopped. Trace length: %d ", BigBuf_get_traceLen());
2584 break;
2585 }
2586 if (received[0] == ISO14443A_CMD_WUPA || received[0] == ISO14443A_CMD_REQA) {
2587 resp[0] = 0x04;
2588 resp[1] = 0x00;
2589
2590 if (IS_FLAG_UID_IN_DATA(flags, 7)) {
2591 resp[0] = 0x44;
2592 }
2593
2594 EmSendCmd(resp, 2);
2595 continue;
2596 }
2597
2598 // Received request for UID (cascade 1)
2599 //if (received[1] >= 0x20 && received[1] <= 0x57 && received[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT) {
2600 if (received[1] >= 0x20 && received[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT) {
2601 resp[0] = 0xFF;
2602 resp[1] = 0xFF;
2603 resp[2] = 0xFF;
2604 resp[3] = 0xFF;
2605 resp[4] = resp[0] ^ resp[1] ^ resp[2] ^ resp[3];
2606 colpos = 0;
2607
2608 if (IS_FLAG_UID_IN_DATA(flags, 7)) {
2609 resp[0] = MIFARE_SELECT_CT;
2610 colpos = 8;
2611 }
2612
2613 // trigger a faulty/collision response
2614 EmSendCmdEx(resp, 5, true);
2615 if (g_dbglevel >= DBG_EXTENDED) Dbprintf("ANTICOLL or SELECT %x", received[1]);
2616 LED_D_INV();
2617
2618 continue;
2619 } else if (received[1] == 0x20 && received[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2) { // Received request for UID (cascade 2)
2620 if (g_dbglevel >= DBG_EXTENDED) Dbprintf("ANTICOLL or SELECT_2");
2621 } else if (received[1] == 0x70 && received[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT) { // Received a SELECT (cascade 1)
2622 } else if (received[1] == 0x70 && received[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2) { // Received a SELECT (cascade 2)
2623 } else {
2624 Dbprintf("unknown command %x", received[0]);
2625 }
2626 }
2627
2628 reply_ng(CMD_HF_ISO14443A_ANTIFUZZ, PM3_SUCCESS, NULL, 0);
2629 switch_off();
2630 BigBuf_free_keep_EM();
2631 }
2632
2633 static void iso14a_set_ATS_times(const uint8_t *ats) {
2634
2635 if (ats[0] > 1) { // there is a format byte T0
2636 if ((ats[1] & 0x20) == 0x20) { // there is an interface byte TB(1)
2637 uint8_t tb1;
2638 if ((ats[1] & 0x10) == 0x10) { // there is an interface byte TA(1) preceding TB(1)
2639 tb1 = ats[3];
2640 } else {
2641 tb1 = ats[2];
2642 }
2643 uint8_t fwi = (tb1 & 0xf0) >> 4; // frame waiting time integer (FWI)
2644 if (fwi != 15) {
2645 uint32_t fwt = 256 * 16 * (1 << fwi); // frame waiting time (FWT) in 1/fc
2646 iso14a_set_timeout(fwt / (8 * 16));
2647 }
2648 uint8_t sfgi = tb1 & 0x0f; // startup frame guard time integer (SFGI)
2649 if (sfgi != 0 && sfgi != 15) {
2650 uint32_t sfgt = 256 * 16 * (1 << sfgi); // startup frame guard time (SFGT) in 1/fc
2651 NextTransferTime = MAX(NextTransferTime, Demod.endTime + (sfgt - DELAY_AIR2ARM_AS_READER - DELAY_ARM2AIR_AS_READER) / 16);
2652 }
2653 }
2654 }
2655 }
2656
2657
2658 static int GetATQA(uint8_t *resp, uint16_t resp_len, uint8_t *resp_par, iso14a_polling_parameters_t *polling_parameters) {
2659 #define WUPA_RETRY_TIMEOUT 10
2660
2661 uint32_t save_iso14a_timeout = iso14a_get_timeout();
2662 iso14a_set_timeout(1236 / 128 + 1); // response to WUPA is expected at exactly 1236/fc. No need to wait longer.
2663
2664 bool first_try = true;
2665 uint32_t retry_timeout = WUPA_RETRY_TIMEOUT * polling_parameters->frame_count + polling_parameters->extra_timeout;
2666 uint32_t start_time = 0;
2667 int len;
2668
2669 uint8_t current_frame = 0;
2670
2671 do {
2672 iso14a_polling_frame_t *frame_parameters = &polling_parameters->frames[current_frame];
2673
2674 if (frame_parameters->last_byte_bits == 8) {
2675 ReaderTransmit(frame_parameters->frame, frame_parameters->frame_length, NULL);
2676 } else {
2677 ReaderTransmitBitsPar(frame_parameters->frame, frame_parameters->last_byte_bits, NULL, NULL);
2678 }
2679
2680 if (frame_parameters->extra_delay) {
2681 SpinDelay(frame_parameters->extra_delay);
2682 }
2683
2684 // Receive the ATQA
2685 len = ReaderReceive(resp, resp_len, resp_par);
2686
2687 // We set the start_time here otherwise in some cases we miss the window and only ever try once
2688 if (first_try) {
2689 start_time = GetTickCount();
2690 }
2691
2692 first_try = false;
2693
2694 // Go over frame configurations, loop back when we reach the end
2695 current_frame = current_frame < (polling_parameters->frame_count - 1) ? current_frame + 1 : 0;
2696 } while (len == 0 && GetTickCountDelta(start_time) <= retry_timeout);
2697
2698 iso14a_set_timeout(save_iso14a_timeout);
2699 return len;
2700 }
2701
2702
2703 int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats) {
2704 return iso14443a_select_cardEx(uid_ptr, p_card, cuid_ptr, anticollision, num_cascades, no_rats, &WUPA_POLLING_PARAMETERS);
2705 }
2706
2707
2708 // performs iso14443a anticollision (optional) and card select procedure
2709 // fills the uid and cuid pointer unless NULL
2710 // fills the card info record unless NULL
2711 // if anticollision is false, then the UID must be provided in uid_ptr[]
2712 // and num_cascades must be set (1: 4 Byte UID, 2: 7 Byte UID, 3: 10 Byte UID)
2713 // requests ATS unless no_rats is true
2714 int iso14443a_select_cardEx(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr,
2715 bool anticollision, uint8_t num_cascades, bool no_rats,
2716 iso14a_polling_parameters_t *polling_parameters) {
2717
2718 uint8_t resp[MAX_FRAME_SIZE] = {0}; // theoretically. A usual RATS will be much smaller
2719
2720 uint8_t sak = 0; // cascade uid
2721 bool do_cascade = 1;
2722 int cascade_level = 0;
2723
2724 if (p_card) {
2725 p_card->uidlen = 0;
2726 memset(p_card->uid, 0, 10);
2727 p_card->ats_len = 0;
2728 }
2729
2730 if (GetATQA(resp, sizeof(resp), parity_array, polling_parameters) == 0) {
2731 return 0;
2732 }
2733
2734 if (p_card) {
2735 p_card->atqa[0] = resp[0];
2736 p_card->atqa[1] = resp[1];
2737 }
2738
2739 // 11RF005SH or 11RF005M, Read UID again
2740 if (p_card && p_card->atqa[1] == 0x00) {
2741
2742 if ((p_card->atqa[0] == 0x03) || (p_card->atqa[0] == 0x05)) {
2743
2744 // Read real UID
2745 uint8_t fudan_read[] = { 0x30, 0x01, 0x8B, 0xB9};
2746 ReaderTransmit(fudan_read, sizeof(fudan_read), NULL);
2747 if (ReaderReceive(resp, sizeof(resp), parity_array) == 0) {
2748 if (g_dbglevel >= DBG_INFO) Dbprintf("Card didn't answer to select all");
2749 return 0;
2750 }
2751
2752 memcpy(p_card->uid, resp, 4);
2753
2754 // select again?
2755 if (GetATQA(resp, sizeof(resp), parity_array, &WUPA_POLLING_PARAMETERS) == 0) {
2756 return 0;
2757 }
2758
2759 if (GetATQA(resp, sizeof(resp), parity_array, &WUPA_POLLING_PARAMETERS) == 0) {
2760 return 0;
2761 }
2762
2763 p_card->sak = 0x0A;
2764 p_card->uidlen = 4;
2765 return 1;
2766 }
2767 }
2768
2769 if (anticollision) {
2770 // clear uid
2771 if (uid_ptr)
2772 memset(uid_ptr, 0, 10);
2773 }
2774
2775 if (hf14aconfig.forceanticol == 0) {
2776 // check for proprietary anticollision:
2777 if ((resp[0] & 0x1F) == 0) {
2778 return 3;
2779 }
2780
2781 } else if (hf14aconfig.forceanticol == 2) {
2782 return 3; // force skipping anticol
2783 } // else force executing
2784
2785 // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in
2786 // which case we need to make a cascade 2 request and select - this is a long UID
2787 // While the UID is not complete, the 3nd bit (from the right) is set in the SAK.
2788 for (; do_cascade; cascade_level++) {
2789 // SELECT_* (L1: 0x93, L2: 0x95, L3: 0x97)
2790 uint8_t sel_all[] = { ISO14443A_CMD_ANTICOLL_OR_SELECT, 0x20 };
2791 uint8_t sel_uid[] = { ISO14443A_CMD_ANTICOLL_OR_SELECT, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
2792 uint8_t uid_resp[5] = {0}; // UID + original BCC
2793 sel_uid[0] = sel_all[0] = 0x93 + cascade_level * 2;
2794
2795 if (anticollision) {
2796
2797 // SELECT_ALL
2798 ReaderTransmit(sel_all, sizeof(sel_all), NULL);
2799 if (ReaderReceive(resp, sizeof(resp), parity_array) == 0) {
2800 if (g_dbglevel >= DBG_INFO) Dbprintf("Card didn't answer to CL%i select all", cascade_level + 1);
2801 return 0;
2802 }
2803
2804 if (Demod.collisionPos) { // we had a collision and need to construct the UID bit by bit
2805 memset(uid_resp, 0, 5);
2806 uint16_t uid_resp_bits = 0;
2807 uint16_t collision_answer_offset = 0;
2808
2809 // anti-collision-loop:
2810 while (Demod.collisionPos) {
2811 Dbprintf("Multiple tags detected. Collision after Bit %d", Demod.collisionPos);
2812
2813 for (uint16_t i = collision_answer_offset; i < Demod.collisionPos; i++, uid_resp_bits++) { // add valid UID bits before collision point
2814 uint16_t UIDbit = (resp[i / 8] >> (i % 8)) & 0x01;
2815 uid_resp[uid_resp_bits / 8] |= UIDbit << (uid_resp_bits % 8);
2816 }
2817
2818 uid_resp[uid_resp_bits / 8] |= 1 << (uid_resp_bits % 8); // next time select the card(s) with a 1 in the collision position
2819 uid_resp_bits++;
2820 // construct anticollision command:
2821 sel_uid[1] = ((2 + uid_resp_bits / 8) << 4) | (uid_resp_bits & 0x07); // length of data in bytes and bits
2822 for (uint16_t i = 0; i <= uid_resp_bits / 8; i++) {
2823 sel_uid[2 + i] = uid_resp[i];
2824 }
2825
2826 collision_answer_offset = uid_resp_bits % 8;
2827
2828 ReaderTransmitBits(sel_uid, 16 + uid_resp_bits, NULL);
2829 if (ReaderReceiveOffset(resp, sizeof(resp), collision_answer_offset, parity_array) == 0) {
2830 return 0;
2831 }
2832 }
2833
2834 // finally, add the last bits and BCC of the UID
2835 for (uint32_t i = collision_answer_offset; i < Demod.len * 8; i++, uid_resp_bits++) {
2836 uint16_t UIDbit = (resp[i / 8] >> (i % 8)) & 0x01;
2837 uid_resp[uid_resp_bits / 8] |= UIDbit << (uid_resp_bits % 8);
2838 }
2839
2840 } else { // no collision, use the response to SELECT_ALL as current uid
2841 memcpy(uid_resp, resp, 5); // UID + original BCC
2842 }
2843
2844 } else {
2845 if (cascade_level < num_cascades - 1) {
2846 uid_resp[0] = MIFARE_SELECT_CT;
2847 memcpy(uid_resp + 1, uid_ptr + cascade_level * 3, 3);
2848 } else {
2849 memcpy(uid_resp, uid_ptr + cascade_level * 3, 4);
2850 }
2851 }
2852 size_t uid_resp_len = 4;
2853
2854 // calculate crypto UID. Always use last 4 Bytes.
2855 if (cuid_ptr)
2856 *cuid_ptr = bytes_to_num(uid_resp, 4);
2857
2858 // Construct SELECT UID command
2859 sel_uid[1] = 0x70; // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
2860
2861 if (anticollision) {
2862
2863 memcpy(sel_uid + 2, uid_resp, 5); // the UID received during anticollision with original BCC
2864 uint8_t bcc = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate BCC
2865 if (sel_uid[6] != bcc) {
2866
2867 Dbprintf("BCC%d incorrect, got 0x%02x, expected 0x%02x", cascade_level, sel_uid[6], bcc);
2868
2869 if (hf14aconfig.forcebcc == 0) {
2870 Dbprintf("Aborting");
2871 return 0;
2872 } else if (hf14aconfig.forcebcc == 1) {
2873 sel_uid[6] = bcc;
2874 } // else use card BCC
2875
2876 Dbprintf("Using BCC%d =" _YELLOW_("0x%02x"), cascade_level, sel_uid[6]);
2877 }
2878 } else {
2879 memcpy(sel_uid + 2, uid_resp, 4); // the provided UID
2880 sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC
2881 }
2882
2883 AddCrc14A(sel_uid, 7); // calculate and add CRC
2884 ReaderTransmit(sel_uid, sizeof(sel_uid), NULL);
2885
2886 // Receive the SAK
2887 if (ReaderReceive(resp, sizeof(resp), parity_array) == 0) {
2888 if (g_dbglevel >= DBG_INFO) Dbprintf("Card didn't answer to select");
2889 return 0;
2890 }
2891 sak = resp[0];
2892
2893 // Test if more parts of the uid are coming
2894 do_cascade = (((sak & 0x04) /* && uid_resp[0] == MIFARE_SELECT_CT */) > 0);
2895
2896 if (cascade_level == 0) {
2897
2898 if (hf14aconfig.forcecl2 == 2) {
2899 do_cascade = false;
2900 } else if (hf14aconfig.forcecl2 == 1) {
2901 do_cascade = true;
2902 } // else 0==auto
2903 } else if (cascade_level == 1) {
2904
2905 if (hf14aconfig.forcecl3 == 2) {
2906 do_cascade = false;
2907 } else if (hf14aconfig.forcecl3 == 1) {
2908 do_cascade = true;
2909 } // else 0==auto
2910 }
2911 if (do_cascade) {
2912 // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of:
2913 // http://www.nxp.com/documents/application_note/AN10927.pdf
2914 uid_resp[0] = uid_resp[1];
2915 uid_resp[1] = uid_resp[2];
2916 uid_resp[2] = uid_resp[3];
2917 uid_resp_len = 3;
2918 }
2919
2920 if (uid_ptr && anticollision)
2921 memcpy(uid_ptr + (cascade_level * 3), uid_resp, uid_resp_len);
2922
2923 if (p_card) {
2924 memcpy(p_card->uid + (cascade_level * 3), uid_resp, uid_resp_len);
2925 p_card->uidlen += uid_resp_len;
2926 }
2927 }
2928
2929 if (p_card) {
2930 p_card->sak = sak;
2931 }
2932
2933 if (hf14aconfig.forcerats == 0) {
2934 // PICC compliant with iso14443a-4 ---> (SAK & 0x20 != 0)
2935 if ((sak & 0x20) == 0) {
2936 return 2;
2937 }
2938
2939 } else if (hf14aconfig.forcerats == 2) {
2940 if ((sak & 0x20) != 0) Dbprintf("Skipping RATS according to hf 14a config");
2941 return 2;
2942 } // else force RATS
2943
2944 if ((sak & 0x20) == 0) Dbprintf("Forcing RATS according to hf 14a config");
2945
2946 // RATS, Request for answer to select
2947 if (no_rats == false) {
2948
2949 uint8_t rats[] = { ISO14443A_CMD_RATS, 0x80, 0x31, 0x73 }; // FSD=256, FSDI=8, CID=0
2950 ReaderTransmit(rats, sizeof(rats), NULL);
2951 int len = ReaderReceive(resp, sizeof(resp), parity_array);
2952 if (len == 0) {
2953 return 0;
2954 }
2955
2956 if (p_card) {
2957 memcpy(p_card->ats, resp, sizeof(p_card->ats));
2958 p_card->ats_len = len;
2959 }
2960
2961 // reset the PCB block number
2962 iso14_pcb_blocknum = 0;
2963
2964 // set default timeout and delay next transfer based on ATS
2965 iso14a_set_ATS_times(resp);
2966 }
2967 return 1;
2968 }
2969
2970 int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades) {
2971 uint8_t resp[3] = { 0 }; // theoretically. max 1 Byte SAK, 2 Byte CRC, 3 bytes is enough
2972 uint8_t resp_par[1] = {0};
2973
2974 uint8_t sak = 0x04; // cascade uid
2975 int cascade_level = 1;
2976
2977 if (GetATQA(resp, sizeof(resp), resp_par, &WUPA_POLLING_PARAMETERS) == 0) {
2978 return 0;
2979 }
2980
2981 // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in
2982 // which case we need to make a cascade 2 request and select - this is a long UID
2983 // While the UID is not complete, the 3nd bit (from the right) is set in the SAK.
2984 for (; sak & 0x04; cascade_level++) {
2985 // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
2986 uint8_t sel_uid[9] = { ISO14443A_CMD_ANTICOLL_OR_SELECT, 0x70 };
2987
2988 // Construct SELECT UID command
2989 // SELECT_* (L1: 0x93, L2: 0x95, L3: 0x97)
2990 sel_uid[0] = ISO14443A_CMD_ANTICOLL_OR_SELECT + (cascade_level - 1) * 2;
2991
2992 // CT + UID
2993 if (cascade_level < num_cascades) {
2994 sel_uid[2] = MIFARE_SELECT_CT;
2995 memcpy(&sel_uid[3], uid_ptr + (cascade_level - 1) * 3, 3);
2996 } else {
2997 memcpy(&sel_uid[2], uid_ptr + (cascade_level - 1) * 3, 4);
2998 }
2999
3000 sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC
3001 AddCrc14A(sel_uid, 7); // calculate and add CRC
3002 ReaderTransmit(sel_uid, sizeof(sel_uid), NULL);
3003
3004 // Receive 1 Byte SAK, 2 Byte CRC
3005 if (ReaderReceive(resp, sizeof(resp), resp_par) != 3) {
3006 return 0;
3007 }
3008
3009 sak = resp[0];
3010 }
3011 return 1;
3012 }
3013
3014 void iso14443a_setup(uint8_t fpga_minor_mode) {
3015
3016 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
3017 // Set up the synchronous serial port
3018 FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A);
3019 // connect Demodulated Signal to ADC:
3020 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
3021
3022 LED_D_OFF();
3023 // Signal field is on with the appropriate LED
3024 if (fpga_minor_mode == FPGA_HF_ISO14443A_READER_MOD || fpga_minor_mode == FPGA_HF_ISO14443A_READER_LISTEN)
3025 LED_D_ON();
3026
3027 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | fpga_minor_mode);
3028 SpinDelay(50);
3029
3030 // Start the timer
3031 StartCountSspClk();
3032
3033 // Prepare the demodulation functions
3034 Demod14aReset();
3035 Uart14aReset();
3036 NextTransferTime = 2 * DELAY_ARM2AIR_AS_READER;
3037 iso14a_set_timeout(1060); // 106 * 10ms default
3038
3039 g_hf_field_active = true;
3040 }
3041
3042 /* Peter Fillmore 2015
3043 Added card id field to the function info from ISO14443A standard
3044
3045 b1 = Block Number
3046 b2 = RFU (always 1)
3047 b3 = depends on block
3048 b4 = Card ID following if set to 1
3049 b5 = depends on block type
3050 b6 = depends on block type
3051 b7,b8 = block type.
3052
3053 Coding of I-BLOCK:
3054 b8 b7 b6 b5 b4 b3 b2 b1
3055 0 0 0 x x x 1 x
3056 b5 = chaining bit
3057
3058 Coding of R-block:
3059 b8 b7 b6 b5 b4 b3 b2 b1
3060 1 0 1 x x 0 1 x
3061 b5 = ACK/NACK
3062
3063 Coding of S-block:
3064 b8 b7 b6 b5 b4 b3 b2 b1
3065 1 1 x x x 0 1 0
3066 b5,b6 = 00 - DESELECT
3067 11 - WTX
3068 */
3069 int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, uint16_t data_len, uint8_t *res) {
3070 uint8_t *real_cmd = BigBuf_calloc(cmd_len + 4);
3071
3072 if (cmd_len) {
3073 // ISO 14443 APDU frame: PCB [CID] [NAD] APDU CRC PCB=0x02
3074 real_cmd[0] = 0x02; // bnr,nad,cid,chn=0; i-block(0x00)
3075 if (send_chaining) {
3076 real_cmd[0] |= 0x10;
3077 }
3078 // put block number into the PCB
3079 real_cmd[0] |= iso14_pcb_blocknum;
3080 memcpy(real_cmd + 1, cmd, cmd_len);
3081 } else {
3082 // R-block. ACK
3083 real_cmd[0] = 0xA2; // r-block + ACK
3084 real_cmd[0] |= iso14_pcb_blocknum;
3085 }
3086 AddCrc14A(real_cmd, cmd_len + 1);
3087
3088 ReaderTransmit(real_cmd, cmd_len + 3, NULL);
3089
3090 size_t len = ReaderReceive(data, data_len, parity_array);
3091 uint8_t *data_bytes = (uint8_t *) data;
3092
3093 if (!len) {
3094 BigBuf_free();
3095 return 0; // DATA LINK ERROR
3096 } else {
3097 // S-Block WTX
3098 while (len && ((data_bytes[0] & 0xF2) == 0xF2)) {
3099 uint32_t save_iso14a_timeout = iso14a_get_timeout();
3100 // temporarily increase timeout
3101 iso14a_set_timeout(MAX((data_bytes[1] & 0x3f) * save_iso14a_timeout, MAX_ISO14A_TIMEOUT));
3102 // Transmit WTX back
3103 // byte1 - WTXM [1..59]. command FWT=FWT*WTXM
3104 data_bytes[1] = data_bytes[1] & 0x3f; // 2 high bits mandatory set to 0b
3105 // now need to fix CRC.
3106 AddCrc14A(data_bytes, len - 2);
3107 // transmit S-Block
3108 ReaderTransmit(data_bytes, len, NULL);
3109 // retrieve the result again (with increased timeout)
3110 len = ReaderReceive(data, data_len, parity_array);
3111 data_bytes = data;
3112 // restore timeout
3113 iso14a_set_timeout(save_iso14a_timeout);
3114 }
3115
3116 // if we received an I- or R(ACK)-Block with a block number equal to the
3117 // current block number, toggle the current block number
3118 if (len >= 3 // PCB+CRC = 3 bytes
3119 && ((data_bytes[0] & 0xC0) == 0 // I-Block
3120 || (data_bytes[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0
3121 && (data_bytes[0] & 0x01) == iso14_pcb_blocknum) { // equal block numbers
3122 iso14_pcb_blocknum ^= 1;
3123 }
3124
3125 // if we received I-block with chaining we need to send ACK and receive another block of data
3126 if (res) {
3127 *res = data_bytes[0];
3128 }
3129
3130 // crc check
3131 if (len >= 3 && !CheckCrc14A(data_bytes, len)) {
3132 BigBuf_free();
3133 return -1;
3134 }
3135
3136 }
3137
3138 if (len) {
3139 // cut frame byte
3140 len -= 1;
3141 // memmove(data_bytes, data_bytes + 1, len);
3142 for (int i = 0; i < len; i++) {
3143 data_bytes[i] = data_bytes[i + 1];
3144 }
3145 }
3146
3147 BigBuf_free();
3148 return len;
3149 }
3150
3151 //-----------------------------------------------------------------------------
3152 // Read an ISO 14443a tag. Send out commands and store answers.
3153 //-----------------------------------------------------------------------------
3154 // arg0 iso_14a flags
3155 // arg1 high :: number of bits, if you want to send 7bits etc
3156 // low :: len of commandbytes
3157 // arg2 timeout
3158 // d.asBytes command bytes to send
3159 void ReaderIso14443a(PacketCommandNG *c) {
3160 iso14a_command_t param = c->oldarg[0];
3161 size_t len = c->oldarg[1] & 0xffff;
3162 size_t lenbits = c->oldarg[1] >> 16;
3163 uint32_t timeout = c->oldarg[2];
3164 uint8_t *cmd = c->data.asBytes;
3165 uint32_t arg0;
3166
3167 uint8_t buf[PM3_CMD_DATA_SIZE_MIX] = {0x00};
3168
3169 if ((param & ISO14A_CONNECT) == ISO14A_CONNECT) {
3170 iso14_pcb_blocknum = 0;
3171 clear_trace();
3172 }
3173
3174 set_tracing(true);
3175
3176 if ((param & ISO14A_REQUEST_TRIGGER) == ISO14A_REQUEST_TRIGGER) {
3177 iso14a_set_trigger(true);
3178 }
3179
3180 if ((param & ISO14A_CONNECT) == ISO14A_CONNECT) {
3181 iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
3182
3183 // notify client selecting status.
3184 // if failed selecting, turn off antenna and quit.
3185 if ((param & ISO14A_NO_SELECT) != ISO14A_NO_SELECT) {
3186 iso14a_card_select_t *card = (iso14a_card_select_t *)buf;
3187
3188 arg0 = iso14443a_select_cardEx(
3189 NULL,
3190 card,
3191 &crypto1_uid,
3192 true,
3193 0,
3194 ((param & ISO14A_NO_RATS) == ISO14A_NO_RATS),
3195 ((param & ISO14A_USE_CUSTOM_POLLING) == ISO14A_USE_CUSTOM_POLLING) ? (iso14a_polling_parameters_t *)cmd : &WUPA_POLLING_PARAMETERS
3196 );
3197 // TODO: Improve by adding a cmd parser pointer and moving it by struct length to allow combining data with polling params
3198 FpgaDisableTracing();
3199
3200 if ((param & ISO14A_CRYPTO1MODE) == ISO14A_CRYPTO1MODE) {
3201 crypto1_auth_state = AUTH_FIRST;
3202 crypto1_deinit(&crypto1_state);
3203 }
3204
3205 reply_mix(CMD_ACK, arg0, card->uidlen, 0, buf, sizeof(iso14a_card_select_t));
3206 if (arg0 == 0) {
3207 goto OUT;
3208 }
3209 }
3210 }
3211 uint32_t save_iso14a_timeout = 0;
3212 if ((param & ISO14A_SET_TIMEOUT) == ISO14A_SET_TIMEOUT) {
3213 save_iso14a_timeout = iso14a_get_timeout();
3214 iso14a_set_timeout(timeout);
3215 }
3216
3217 if ((param & ISO14A_APDU) == ISO14A_APDU) {
3218 uint8_t res;
3219 arg0 = iso14_apdu(
3220 cmd,
3221 len,
3222 ((param & ISO14A_SEND_CHAINING) == ISO14A_SEND_CHAINING),
3223 buf,
3224 sizeof(buf),
3225 &res
3226 );
3227 FpgaDisableTracing();
3228
3229 reply_mix(CMD_ACK, arg0, res, 0, buf, sizeof(buf));
3230 }
3231
3232 if ((param & ISO14A_RAW) == ISO14A_RAW) {
3233 if ((param & ISO14A_CRYPTO1MODE) == ISO14A_CRYPTO1MODE) {
3234 // Intercept special Auth command 6xxx<key>CRCA
3235 if ((len == 10) && ((cmd[0] & 0xF0) == 0x60)) {
3236 uint64_t ui64key = bytes_to_num((uint8_t *)&cmd[2], 6);
3237 uint8_t res = 0x00;
3238 if (mifare_classic_authex_cmd(&crypto1_state, crypto1_uid, cmd[1], cmd[0], ui64key, crypto1_auth_state, NULL, NULL, NULL, NULL, false, false)) {
3239 if (g_dbglevel >= DBG_INFO) Dbprintf("Auth error");
3240 res = 0x04;
3241 } else {
3242 crypto1_auth_state = AUTH_NESTED;
3243 if (g_dbglevel >= DBG_INFO) Dbprintf("Auth succeeded");
3244 res = 0x0a;
3245 }
3246 reply_mix(CMD_ACK, 1, 0, 0, &res, 1);
3247 goto CMD_DONE;
3248 }
3249 }
3250 if ((param & ISO14A_APPEND_CRC) == ISO14A_APPEND_CRC) {
3251 // Don't append crc on empty bytearray...
3252 if (len > 0) {
3253
3254 if ((param & ISO14A_TOPAZMODE) == ISO14A_TOPAZMODE) {
3255 AddCrc14B(cmd, len);
3256 } else {
3257 AddCrc14A(cmd, len);
3258 }
3259
3260 len += 2;
3261
3262 if (lenbits) {
3263 lenbits += 16;
3264 }
3265 }
3266 }
3267 if ((param & ISO14A_CRYPTO1MODE) == ISO14A_CRYPTO1MODE) {
3268 // Force explicit parity
3269 lenbits = len * 8;
3270 }
3271 // want to send a specific number of bits (e.g. short commands)
3272 if (lenbits > 0) {
3273
3274 if ((param & ISO14A_TOPAZMODE) == ISO14A_TOPAZMODE) {
3275
3276 int bits_to_send = lenbits;
3277 uint16_t i = 0;
3278
3279 ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 7), NULL, NULL); // first byte is always short (7bits) and no parity
3280 bits_to_send -= 7;
3281
3282 while (bits_to_send > 0) {
3283 ReaderTransmitBitsPar(&cmd[i++], MIN(bits_to_send, 8), NULL, NULL); // following bytes are 8 bit and no parity
3284 bits_to_send -= 8;
3285 }
3286
3287 } else {
3288 GetParity(cmd, lenbits / 8, parity_array);
3289 if ((param & ISO14A_CRYPTO1MODE) == ISO14A_CRYPTO1MODE) {
3290 mf_crypto1_encrypt(&crypto1_state, cmd, len, parity_array);
3291 }
3292 ReaderTransmitBitsPar(cmd, lenbits, parity_array, NULL); // bytes are 8 bit with odd parity
3293 }
3294
3295 } else { // want to send complete bytes only
3296 if ((param & ISO14A_TOPAZMODE) == ISO14A_TOPAZMODE) {
3297
3298 size_t i = 0;
3299 ReaderTransmitBitsPar(&cmd[i++], 7, NULL, NULL); // first byte: 7 bits, no paritiy
3300
3301 while (i < len) {
3302 ReaderTransmitBitsPar(&cmd[i++], 8, NULL, NULL); // following bytes: 8 bits, no paritiy
3303 }
3304
3305 } else {
3306 ReaderTransmit(cmd, len, NULL); // 8 bits, odd parity
3307 }
3308 }
3309
3310 if ((param & ISO14A_TOPAZMODE) == ISO14A_TOPAZMODE) {
3311
3312 if (cmd[0] == TOPAZ_WRITE_E8 || cmd[0] == TOPAZ_WRITE_NE8) {
3313
3314 // tearoff occurred
3315 if (tearoff_hook() == PM3_ETEAROFF) {
3316 FpgaDisableTracing();
3317 reply_mix(CMD_ACK, 0, 0, 0, NULL, 0);
3318 } else {
3319 arg0 = ReaderReceive(buf, sizeof(buf), parity_array);
3320 FpgaDisableTracing();
3321 reply_mix(CMD_ACK, arg0, 0, 0, buf, sizeof(buf));
3322 }
3323
3324 } else {
3325 arg0 = ReaderReceive(buf, sizeof(buf), parity_array);
3326 FpgaDisableTracing();
3327 reply_mix(CMD_ACK, arg0, 0, 0, buf, sizeof(buf));
3328 }
3329
3330 } else {
3331
3332 // tearoff occurred
3333 if (tearoff_hook() == PM3_ETEAROFF) {
3334 FpgaDisableTracing();
3335 reply_mix(CMD_ACK, 0, 0, 0, NULL, 0);
3336 } else {
3337 arg0 = ReaderReceive(buf, sizeof(buf), parity_array);
3338
3339 if ((param & ISO14A_CRYPTO1MODE) == ISO14A_CRYPTO1MODE) {
3340 mf_crypto1_decrypt(&crypto1_state, buf, arg0);
3341 }
3342 FpgaDisableTracing();
3343 reply_mix(CMD_ACK, arg0, 0, 0, buf, sizeof(buf));
3344 }
3345 }
3346 }
3347 CMD_DONE:
3348 if ((param & ISO14A_REQUEST_TRIGGER) == ISO14A_REQUEST_TRIGGER)
3349 iso14a_set_trigger(false);
3350
3351 if ((param & ISO14A_SET_TIMEOUT) == ISO14A_SET_TIMEOUT) {
3352 iso14a_set_timeout(save_iso14a_timeout);
3353 }
3354
3355 if ((param & ISO14A_NO_DISCONNECT) == ISO14A_NO_DISCONNECT) {
3356 return;
3357 }
3358
3359 OUT:
3360 crypto1_auth_state = AUTH_FIRST;
3361 hf_field_off();
3362 set_tracing(false);
3363 }
3364
3365 // Determine the distance between two nonces.
3366 // Assume that the difference is small, but we don't know which is first.
3367 // Therefore try in alternating directions.
3368 static int32_t dist_nt(uint32_t nt1, uint32_t nt2) {
3369
3370 if (nt1 == nt2) return 0;
3371
3372 uint32_t nttmp1 = nt1;
3373 uint32_t nttmp2 = nt2;
3374
3375 for (uint16_t i = 1; i < 32768; i++) {
3376 nttmp1 = prng_successor(nttmp1, 1);
3377 if (nttmp1 == nt2) return i;
3378
3379 nttmp2 = prng_successor(nttmp2, 1);
3380 if (nttmp2 == nt1) return -i;
3381 }
3382
3383 return (-99999); // either nt1 or nt2 are invalid nonces
3384 }
3385
3386
3387 #define PRNG_SEQUENCE_LENGTH (1 << 16)
3388 #define MAX_UNEXPECTED_RANDOM 4 // maximum number of unexpected (i.e. real) random numbers when trying to sync. Then give up.
3389 #define MAX_SYNC_TRIES 32
3390
3391 //-----------------------------------------------------------------------------
3392 // Recover several bits of the cypher stream. This implements (first stages of)
3393 // the algorithm described in "The Dark Side of Security by Obscurity and
3394 // Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime"
3395 // (article by Nicolas T. Courtois, 2009)
3396 //-----------------------------------------------------------------------------
3397 void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {
3398
3399 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
3400
3401 BigBuf_free();
3402 BigBuf_Clear_ext(false);
3403 clear_trace();
3404 set_tracing(true);
3405
3406 uint8_t mf_auth[4] = { keytype, block, 0x00, 0x00 };
3407 uint8_t mf_nr_ar[8] = {0, 0, 0, 0, 0, 0, 0, 0};
3408 uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
3409 uint8_t par_list[8] = {0, 0, 0, 0, 0, 0, 0, 0};
3410 uint8_t ks_list[8] = {0, 0, 0, 0, 0, 0, 0, 0};
3411 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = {0x00};
3412 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = {0x00};
3413 uint8_t par[1] = {0}; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough
3414 uint8_t nt_diff = 0;
3415
3416 uint32_t nt = 0, previous_nt = 0, cuid = 0;
3417 uint32_t sync_time = GetCountSspClk() & 0xfffffff8;
3418
3419 int32_t catch_up_cycles = 0;
3420 int32_t last_catch_up = 0;
3421 int32_t isOK = 0;
3422
3423 uint16_t elapsed_prng_sequences = 1;
3424 uint16_t consecutive_resyncs = 0;
3425 uint16_t unexpected_random = 0;
3426 uint16_t sync_tries = 0;
3427
3428 bool have_uid = false;
3429 uint8_t cascade_levels = 0;
3430
3431 // static variables here, is re-used in the next call
3432 static int32_t sync_cycles = 0;
3433 static uint32_t nt_attacked = 0;
3434 static uint8_t mf_nr_ar3 = 0;
3435 static uint8_t par_low = 0;
3436
3437 int return_status = PM3_SUCCESS;
3438
3439 AddCrc14A(mf_auth, 2);
3440
3441 if (first_try) {
3442 sync_cycles = PRNG_SEQUENCE_LENGTH; // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
3443 nt_attacked = 0;
3444 mf_nr_ar3 = 0;
3445 par_low = 0;
3446 } else {
3447 // we were unsuccessful on a previous call.
3448 // Try another READER nonce (first 3 parity bits remain the same)
3449 mf_nr_ar3++;
3450 mf_nr_ar[3] = mf_nr_ar3;
3451 par[0] = par_low;
3452 }
3453
3454 LED_C_ON();
3455 uint16_t checkbtn_cnt = 0;
3456 uint16_t i;
3457 for (i = 0; true; ++i) {
3458
3459 bool received_nack = false;
3460
3461 WDT_HIT();
3462
3463 // Test if the action was cancelled
3464 if (checkbtn_cnt == 1000) {
3465 if (BUTTON_PRESS() || data_available()) {
3466 isOK = 5;
3467 return_status = PM3_EOPABORTED;
3468 break;
3469 }
3470 checkbtn_cnt = 0;
3471 }
3472 ++checkbtn_cnt;
3473
3474 // this part is from Piwi's faster nonce collecting part in Hardnested.
3475 if (!have_uid) { // need a full select cycle to get the uid first
3476 iso14a_card_select_t card_info;
3477 if (!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) {
3478 if (g_dbglevel >= DBG_INFO) Dbprintf("Mifare: Can't select card (ALL)");
3479 continue;
3480 }
3481 switch (card_info.uidlen) {
3482 case 4 :
3483 cascade_levels = 1;
3484 break;
3485 case 7 :
3486 cascade_levels = 2;
3487 break;
3488 case 10:
3489 cascade_levels = 3;
3490 break;
3491 default:
3492 break;
3493 }
3494 have_uid = true;
3495 } else { // no need for anticollision. We can directly select the card
3496 if (!iso14443a_fast_select_card(uid, cascade_levels)) {
3497 if (g_dbglevel >= DBG_INFO) Dbprintf("Mifare: Can't select card (UID)");
3498 continue;
3499 }
3500 }
3501
3502 elapsed_prng_sequences = 1;
3503
3504 // Sending timeslot of ISO14443a frame
3505 sync_time = (sync_time & 0xfffffff8) + sync_cycles + catch_up_cycles;
3506 catch_up_cycles = 0;
3507
3508 #define SYNC_TIME_BUFFER 16 // if there is only SYNC_TIME_BUFFER left before next planned sync, wait for next PRNG cycle
3509
3510 // if we missed the sync time already or are about to miss it, advance to the next nonce repeat
3511 while (sync_time < GetCountSspClk() + SYNC_TIME_BUFFER) {
3512 ++elapsed_prng_sequences;
3513 sync_time = (sync_time & 0xfffffff8) + sync_cycles;
3514 }
3515
3516 // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
3517 ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
3518
3519 // Receive the (4 Byte) "random" TAG nonce
3520 if (ReaderReceive(receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar) != 4)
3521 continue;
3522
3523 previous_nt = nt;
3524 nt = bytes_to_num(receivedAnswer, 4);
3525
3526 // Transmit reader nonce with fake par
3527 ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);
3528
3529 // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
3530 int resp_res = ReaderReceive(receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar);
3531 if (resp_res == 1)
3532 received_nack = true;
3533 else if (resp_res == 4) {
3534 // did we get lucky and got our dummykey to be valid?
3535 // however we don't feed key w uid it the prng..
3536 isOK = 6;
3537 return_status = PM3_ESOFT;
3538 break;
3539 }
3540
3541
3542 // we didn't calibrate our clock yet,
3543 // iceman: has to be calibrated every time.
3544 if (previous_nt && !nt_attacked) {
3545
3546 int nt_distance = dist_nt(previous_nt, nt);
3547
3548 // if no distance between, then we are in sync.
3549 if (nt_distance == 0) {
3550 nt_attacked = nt;
3551 } else {
3552 if (nt_distance == -99999) { // invalid nonce received
3553 unexpected_random++;
3554 if (unexpected_random > MAX_UNEXPECTED_RANDOM) {
3555 isOK = 3; // Card has an unpredictable PRNG. Give up
3556 return_status = PM3_ESOFT;
3557 break;
3558 } else {
3559 continue; // continue trying...
3560 }
3561 }
3562
3563 if (++sync_tries > MAX_SYNC_TRIES) {
3564 isOK = 4; // Card's PRNG runs at an unexpected frequency or resets unexpectedly
3565 return_status = PM3_ESOFT;
3566 break;
3567 }
3568
3569 sync_cycles = (sync_cycles - nt_distance) / elapsed_prng_sequences;
3570
3571 // no negative sync_cycles, and too small sync_cycles will result in continuous misses
3572 if (sync_cycles <= 10) sync_cycles += PRNG_SEQUENCE_LENGTH;
3573
3574 // reset sync_cycles
3575 if (sync_cycles > PRNG_SEQUENCE_LENGTH * 2) {
3576 sync_cycles = PRNG_SEQUENCE_LENGTH;
3577 sync_time = GetCountSspClk() & 0xfffffff8;
3578 }
3579
3580 if (g_dbglevel >= DBG_EXTENDED)
3581 Dbprintf("calibrating in cycle %d. nt_distance=%d, elapsed_prng_sequences=%d, new sync_cycles: %d\n", i, nt_distance, elapsed_prng_sequences, sync_cycles);
3582
3583 continue;
3584 }
3585 }
3586
3587 if ((nt != nt_attacked) && nt_attacked) { // we somehow lost sync. Try to catch up again...
3588
3589 catch_up_cycles = -dist_nt(nt_attacked, nt);
3590 if (catch_up_cycles == 99999) { // invalid nonce received. Don't resync on that one.
3591 catch_up_cycles = 0;
3592 continue;
3593 }
3594 // average?
3595 catch_up_cycles /= elapsed_prng_sequences;
3596
3597 if (catch_up_cycles == last_catch_up) {
3598 consecutive_resyncs++;
3599 } else {
3600 last_catch_up = catch_up_cycles;
3601 consecutive_resyncs = 0;
3602 }
3603
3604 if (consecutive_resyncs < 3) {
3605 if (g_dbglevel >= DBG_EXTENDED) {
3606 Dbprintf("Lost sync in cycle %d. nt_distance=%d. Consecutive Resyncs = %d. Trying one time catch up...\n", i, catch_up_cycles, consecutive_resyncs);
3607 }
3608 } else {
3609 sync_cycles += catch_up_cycles;
3610
3611 if (g_dbglevel >= DBG_EXTENDED)
3612 Dbprintf("Lost sync in cycle %d for the fourth time consecutively (nt_distance = %d). Adjusting sync_cycles to %d.\n", i, catch_up_cycles, sync_cycles);
3613
3614 last_catch_up = 0;
3615 catch_up_cycles = 0;
3616 consecutive_resyncs = 0;
3617 }
3618 continue;
3619 }
3620
3621 // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
3622 if (received_nack) {
3623 catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer
3624
3625 if (nt_diff == 0)
3626 par_low = par[0] & 0xE0; // there is no need to check all parities for other nt_diff. Parity Bits for mf_nr_ar[0..2] won't change
3627
3628 par_list[nt_diff] = reflect8(par[0]);
3629 ks_list[nt_diff] = receivedAnswer[0] ^ 0x05; // xor with NACK value to get keystream
3630
3631 // Test if the information is complete
3632 if (nt_diff == 0x07) {
3633 isOK = 1;
3634 return_status = PM3_SUCCESS;
3635 break;
3636 }
3637
3638 nt_diff = (nt_diff + 1) & 0x07;
3639 mf_nr_ar[3] = (mf_nr_ar[3] & 0x1F) | (nt_diff << 5);
3640 par[0] = par_low;
3641
3642 } else {
3643 // No NACK.
3644 if (nt_diff == 0 && first_try) {
3645 par[0]++;
3646 if (par[0] == 0) { // tried all 256 possible parities without success. Card doesn't send NACK.
3647 isOK = 2;
3648 return_status = PM3_ESOFT;
3649 break;
3650 }
3651 } else {
3652 // Why this?
3653 par[0] = ((par[0] & 0x1F) + 1) | par_low;
3654 }
3655 }
3656
3657 // reset the resyncs since we got a complete transaction on right time.
3658 consecutive_resyncs = 0;
3659 } // end for loop
3660
3661 mf_nr_ar[3] &= 0x1F;
3662
3663 if (g_dbglevel >= DBG_EXTENDED) Dbprintf("Number of sent auth requests: %u", i);
3664
3665 FpgaDisableTracing();
3666
3667 struct {
3668 int32_t isOK;
3669 uint8_t cuid[4];
3670 uint8_t nt[4];
3671 uint8_t par_list[8];
3672 uint8_t ks_list[8];
3673 uint8_t nr[4];
3674 uint8_t ar[4];
3675 } PACKED payload;
3676
3677 payload.isOK = isOK;
3678 num_to_bytes(cuid, 4, payload.cuid);
3679 num_to_bytes(nt, 4, payload.nt);
3680 memcpy(payload.par_list, par_list, sizeof(payload.par_list));
3681 memcpy(payload.ks_list, ks_list, sizeof(payload.ks_list));
3682 memcpy(payload.nr, mf_nr_ar, sizeof(payload.nr));
3683 memcpy(payload.ar, mf_nr_ar + 4, sizeof(payload.ar));
3684
3685 reply_ng(CMD_HF_MIFARE_READER, return_status, (uint8_t *)&payload, sizeof(payload));
3686
3687 hf_field_off();
3688 set_tracing(false);
3689 }
3690
3691 /*
3692 * Mifare Classic NACK-bug detection
3693 * Thanks to @doegox for the feedback and new approaches.
3694 */
3695 void DetectNACKbug(void) {
3696 uint8_t mf_auth[4] = { MIFARE_AUTH_KEYA, 0x00, 0xF5, 0x7B };
3697 uint8_t mf_nr_ar[8] = { 0x00 };
3698 uint8_t uid[10] = { 0x00 };
3699 uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE] = { 0x00 };
3700 uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE] = { 0x00 };
3701 uint8_t par[1] = {0x00 }; // maximum 8 Bytes to be sent here, 1 byte parity is therefore enough
3702
3703 uint32_t nt = 0, previous_nt = 0, nt_attacked = 0, cuid = 0;
3704 int32_t catch_up_cycles = 0, last_catch_up = 0;
3705 uint8_t cascade_levels = 0, num_nacks = 0, isOK = 0;
3706 uint16_t elapsed_prng_sequences = 1;
3707 uint16_t consecutive_resyncs = 0;
3708 uint16_t unexpected_random = 0;
3709 uint16_t sync_tries = 0;
3710 uint32_t sync_time = 0;
3711 bool have_uid = false;
3712
3713 int32_t status = PM3_SUCCESS;
3714
3715 // Mifare Classic's random generator repeats every 2^16 cycles (and so do the nonces).
3716 int32_t sync_cycles = PRNG_SEQUENCE_LENGTH;
3717
3718 BigBuf_free();
3719 BigBuf_Clear_ext(false);
3720 clear_trace();
3721 set_tracing(true);
3722 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
3723
3724 sync_time = GetCountSspClk() & 0xfffffff8;
3725
3726 LED_C_ON();
3727 uint16_t checkbtn_cnt = 0;
3728
3729 uint16_t i;
3730 for (i = 1; true; ++i) {
3731
3732 bool received_nack = false;
3733
3734 // Cards always leaks a NACK, no matter the parity
3735 if ((i == 10) && (num_nacks == i - 1)) {
3736 isOK = 2;
3737 break;
3738 }
3739
3740 WDT_HIT();
3741
3742 // Test if the action was cancelled
3743 if (checkbtn_cnt == 1000) {
3744 if (BUTTON_PRESS() || data_available()) {
3745 status = PM3_EOPABORTED;
3746 break;
3747 }
3748 checkbtn_cnt = 0;
3749 }
3750 ++checkbtn_cnt;
3751
3752 // this part is from Piwi's faster nonce collecting part in Hardnested.
3753 if (!have_uid) { // need a full select cycle to get the uid first
3754 iso14a_card_select_t card_info;
3755 if (!iso14443a_select_card(uid, &card_info, &cuid, true, 0, true)) {
3756 if (g_dbglevel >= DBG_INFO) Dbprintf("Mifare: Can't select card (ALL)");
3757 i = 0;
3758 continue;
3759 }
3760 switch (card_info.uidlen) {
3761 case 4 :
3762 cascade_levels = 1;
3763 break;
3764 case 7 :
3765 cascade_levels = 2;
3766 break;
3767 case 10:
3768 cascade_levels = 3;
3769 break;
3770 default:
3771 i = 0;
3772 have_uid = false;
3773 continue;
3774 }
3775 have_uid = true;
3776 } else { // no need for anticollision. We can directly select the card
3777 if (!iso14443a_fast_select_card(uid, cascade_levels)) {
3778 if (g_dbglevel >= DBG_INFO) Dbprintf("Mifare: Can't select card (UID)");
3779 i = 0;
3780 have_uid = false;
3781 continue;
3782 }
3783 }
3784
3785 elapsed_prng_sequences = 1;
3786
3787 // Sending timeslot of ISO14443a frame
3788 sync_time = (sync_time & 0xfffffff8) + sync_cycles + catch_up_cycles;
3789 catch_up_cycles = 0;
3790
3791 // if we missed the sync time already, advance to the next nonce repeat
3792 while (GetCountSspClk() > sync_time) {
3793 ++elapsed_prng_sequences;
3794 sync_time = (sync_time & 0xfffffff8) + sync_cycles;
3795 }
3796
3797 // Transmit MIFARE_CLASSIC_AUTH at synctime. Should result in returning the same tag nonce (== nt_attacked)
3798 ReaderTransmit(mf_auth, sizeof(mf_auth), &sync_time);
3799
3800 // Receive the (4 Byte) "random" TAG nonce
3801 if (ReaderReceive(receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar) == 0) {
3802 continue;
3803 }
3804
3805 previous_nt = nt;
3806 nt = bytes_to_num(receivedAnswer, 4);
3807
3808 // Transmit reader nonce with fake par
3809 ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);
3810
3811 // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
3812 if (ReaderReceive(receivedAnswer, sizeof(receivedAnswer), receivedAnswerPar)) {
3813 received_nack = true;
3814 num_nacks++;
3815 // ALWAYS leak Detection. Well, we could be lucky and get a response nack on first try.
3816 if (i == num_nacks) {
3817 continue;
3818 }
3819 }
3820
3821 // we didn't calibrate our clock yet,
3822 // iceman: has to be calibrated every time.
3823 if (previous_nt && !nt_attacked) {
3824
3825 int nt_distance = dist_nt(previous_nt, nt);
3826
3827 // if no distance between, then we are in sync.
3828 if (nt_distance == 0) {
3829 nt_attacked = nt;
3830 } else {
3831 if (nt_distance == -99999) { // invalid nonce received
3832 unexpected_random++;
3833 if (unexpected_random > MAX_UNEXPECTED_RANDOM) {
3834 // Card has an unpredictable PRNG. Give up
3835 isOK = 98;
3836 break;
3837 } else {
3838 if (sync_cycles <= 0) {
3839 sync_cycles += PRNG_SEQUENCE_LENGTH;
3840 }
3841 continue;
3842 }
3843 }
3844
3845 if (++sync_tries > MAX_SYNC_TRIES) {
3846 isOK = 97; // Card's PRNG runs at an unexpected frequency or resets unexpectedly
3847 break;
3848 }
3849
3850 sync_cycles = (sync_cycles - nt_distance) / elapsed_prng_sequences;
3851
3852 if (sync_cycles <= 0) {
3853 sync_cycles += PRNG_SEQUENCE_LENGTH;
3854 }
3855
3856 if (sync_cycles > PRNG_SEQUENCE_LENGTH * 2) {
3857 isOK = 96; // Card's PRNG runs at an unexpected frequency or resets unexpectedly
3858 break;
3859 }
3860
3861 if (g_dbglevel >= DBG_EXTENDED) {
3862 Dbprintf("calibrating in cycle %d. nt_distance=%d, elapsed_prng_sequences=%d, new sync_cycles: %d\n", i, nt_distance, elapsed_prng_sequences, sync_cycles);
3863 }
3864 continue;
3865 }
3866 }
3867
3868 if ((nt != nt_attacked) && nt_attacked) {
3869 // we somehow lost sync. Try to catch up again...
3870 catch_up_cycles = -dist_nt(nt_attacked, nt);
3871
3872 if (catch_up_cycles == 99999) {
3873 // invalid nonce received. Don't resync on that one.
3874 catch_up_cycles = 0;
3875 continue;
3876 }
3877 // average?
3878 catch_up_cycles /= elapsed_prng_sequences;
3879
3880 if (catch_up_cycles == last_catch_up) {
3881 consecutive_resyncs++;
3882 } else {
3883 last_catch_up = catch_up_cycles;
3884 consecutive_resyncs = 0;
3885 }
3886
3887 if (consecutive_resyncs < 3) {
3888 if (g_dbglevel >= DBG_EXTENDED) {
3889 Dbprintf("Lost sync in cycle %d. nt_distance=%d. Consecutive Resyncs = %d. Trying one time catch up...\n", i, catch_up_cycles, consecutive_resyncs);
3890 }
3891 } else {
3892 sync_cycles += catch_up_cycles;
3893
3894 if (g_dbglevel >= DBG_EXTENDED) {
3895 Dbprintf("Lost sync in cycle %d for the fourth time consecutively (nt_distance = %d). Adjusting sync_cycles to %d\n", i, catch_up_cycles, sync_cycles);
3896 Dbprintf("nt [%08x] attacted [%08x]", nt, nt_attacked);
3897 }
3898 last_catch_up = 0;
3899 catch_up_cycles = 0;
3900 consecutive_resyncs = 0;
3901 }
3902 continue;
3903 }
3904
3905 // Receive answer. This will be a 4 Bit NACK when the 8 parity bits are OK after decoding
3906 if (received_nack) {
3907 catch_up_cycles = 8; // the PRNG is delayed by 8 cycles due to the NAC (4Bits = 0x05 encrypted) transfer
3908 }
3909
3910 // we are testing all 256 possibilities.
3911 par[0]++;
3912
3913 // tried all 256 possible parities without success.
3914 if (par[0] == 0) {
3915 // did we get one NACK?
3916 if (num_nacks == 1) {
3917 isOK = 1;
3918 }
3919 break;
3920 }
3921
3922 // reset the resyncs since we got a complete transaction on right time.
3923 consecutive_resyncs = 0;
3924 } // end for loop
3925
3926 // num_nacks = number of nacks received. should be only 1. if not its a clone card which always sends NACK (parity == 0) ?
3927 // i = number of authentications sent. Not always 256, since we are trying to sync but close to it.
3928 FpgaDisableTracing();
3929
3930 uint8_t *data = BigBuf_malloc(4);
3931 data[0] = isOK;
3932 data[1] = num_nacks;
3933 num_to_bytes(i, 2, data + 2);
3934 reply_ng(CMD_HF_MIFARE_NACK_DETECT, status, data, 4);
3935
3936 BigBuf_free();
3937 hf_field_off();
3938 set_tracing(false);
3939 }
3940
3941 /* ///
3942 Based upon the SimulateIso14443aTag, this aims to instead take an AID Value you've supplied, and return your selected response.
3943 It can also continue after the AID has been selected, and respond to other request types.
3944 This was forked from the original function to allow for more flexibility in the future, and to increase the processing speed of the original function.
3945 /// */
3946
3947 void SimulateIso14443aTagAID(uint8_t tagType, uint16_t flags, uint8_t *data,
3948 uint8_t *iRATs, size_t irats_len, uint8_t *aid, uint8_t *resp,
3949 uint8_t *apdu, int aidLen, int respondLen, int apduLen, bool enumerate) {
3950 tag_response_info_t *responses;
3951 uint32_t cuid = 0;
3952 uint32_t counters[3] = { 0x00, 0x00, 0x00 };
3953 uint8_t tearings[3] = { 0xbd, 0xbd, 0xbd };
3954 uint8_t pages = 0;
3955
3956 // command buffers
3957 uint8_t receivedCmd[MAX_FRAME_SIZE] = { 0x00 };
3958 uint8_t receivedCmdPar[MAX_PARITY_SIZE] = { 0x00 };
3959
3960 // free eventually allocated BigBuf memory but keep Emulator Memory
3961 BigBuf_free_keep_EM();
3962
3963 // Increased the buffer size to allow for more complex responses
3964 #define DYNAMIC_RESPONSE_BUFFER2_SIZE 512
3965 #define DYNAMIC_MODULATION_BUFFER2_SIZE 1536
3966
3967 uint8_t *dynamic_response_buffer2 = BigBuf_calloc(DYNAMIC_RESPONSE_BUFFER2_SIZE);
3968 uint8_t *dynamic_modulation_buffer2 = BigBuf_calloc(DYNAMIC_MODULATION_BUFFER2_SIZE);
3969 tag_response_info_t dynamic_response_info = {
3970 .response = dynamic_response_buffer2,
3971 .response_n = 0,
3972 .modulation = dynamic_modulation_buffer2,
3973 .modulation_n = 0
3974 };
3975
3976 if (SimulateIso14443aInit(tagType, flags, data, iRATs, irats_len, &responses, &cuid, counters, tearings, &pages) == false) {
3977 BigBuf_free_keep_EM();
3978 reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
3979 return;
3980 }
3981
3982 // We need to listen to the high-frequency, peak-detected path.
3983 iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
3984
3985 iso14a_set_timeout(201400); // 106 * 19ms default *100?
3986
3987 int len = 0;
3988 int retval = PM3_SUCCESS;
3989 int sentCount = 0;
3990 bool odd_reply = true;
3991
3992 clear_trace();
3993 set_tracing(true);
3994 LED_A_ON();
3995
3996 // Filters for when this comes through
3997 static uint8_t aidFilter[30] = { 0x00 }; // Default AID Value
3998 static uint8_t aidResponse[100] = { 0x00 }; // Default AID Response
3999 static uint8_t apduCommand [100] = { 0x00 }; // Default APDU GetData Response
4000
4001 // Copy the AID, AID Response, and the GetData APDU response into our variables
4002 if (aid != 0) {
4003 memcpy(aidFilter, aid, aidLen);
4004 }
4005 if (resp != 0) {
4006 memcpy(aidResponse, resp, respondLen);
4007 }
4008 if (apdu != 0) {
4009 memcpy(apduCommand, apdu, apduLen);
4010 }
4011
4012
4013 // main loop
4014 bool finished = false;
4015 while (finished == false) {
4016 // BUTTON_PRESS check done in GetIso14443aCommandFromReader
4017 WDT_HIT();
4018
4019 tag_response_info_t *p_response = NULL;
4020
4021 // Clean receive command buffer
4022 if (GetIso14443aCommandFromReader(receivedCmd, sizeof(receivedCmd), receivedCmdPar, &len) == false) {
4023 Dbprintf("Emulator stopped. Trace length: %d ", BigBuf_get_traceLen());
4024 retval = PM3_EOPABORTED;
4025 break;
4026 }
4027
4028 if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { // Received a REQUEST, but in HALTED, skip
4029 odd_reply = !odd_reply;
4030 if (odd_reply) {
4031 p_response = &responses[RESP_INDEX_ATQA];
4032 }
4033 } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP
4034 p_response = &responses[RESP_INDEX_ATQA];
4035 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1)
4036 p_response = &responses[RESP_INDEX_UIDC1];
4037 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2)
4038 p_response = &responses[RESP_INDEX_UIDC2];
4039 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 2) { // Received request for UID (cascade 3)
4040 p_response = &responses[RESP_INDEX_UIDC3];
4041 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1)
4042 p_response = &responses[RESP_INDEX_SAKC1];
4043 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2)
4044 p_response = &responses[RESP_INDEX_SAKC2];
4045 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 9) { // Received a SELECT (cascade 3)
4046 p_response = &responses[RESP_INDEX_SAKC3];
4047 } else if (receivedCmd[0] == ISO14443A_CMD_PPS) {
4048 p_response = &responses[RESP_INDEX_PPS];
4049 } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT
4050 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
4051 p_response = NULL;
4052 finished = true;
4053 } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { // Received a RATS request
4054 p_response = &responses[RESP_INDEX_RATS];
4055 } else {
4056 // clear old dynamic responses
4057 dynamic_response_info.response_n = 0;
4058 dynamic_response_info.modulation_n = 0;
4059
4060 // Check for ISO 14443A-4 compliant commands, look at left nibble
4061 switch (receivedCmd[0]) {
4062 case 0x0B:
4063 case 0x0A: { // IBlock (command CID)
4064 dynamic_response_info.response[0] = receivedCmd[0];
4065 dynamic_response_info.response[1] = 0x00;
4066
4067 switch (receivedCmd[3]) { // APDU Class Byte
4068 // receivedCmd in this case is expecting to structured with a CID, then the APDU command for SelectFile
4069 // | IBlock (CID) | CID | APDU Command | CRC |
4070
4071 case 0xA4: { // SELECT FILE
4072 // Select File AID uses the following format for GlobalPlatform
4073 //
4074 // | 00 | A4 | 04 | 00 | xx | AID | 00 |
4075 // xx in this case is len of the AID value in hex
4076
4077 // aid len is found as a hex value in receivedCmd[6] (Index Starts at 0)
4078 int aid_len = receivedCmd[6];
4079 uint8_t *received_aid = &receivedCmd[7];
4080
4081 // aid enumeration flag
4082 if (enumerate == true) {
4083 Dbprintf("Received AID (%d):", aid_len);
4084 Dbhexdump(aid_len, received_aid, false);
4085 }
4086
4087 if (memcmp(aidFilter, received_aid, aid_len) == 0) { // Evaluate the AID sent by the Reader to the AID supplied
4088 // AID Response will be parsed here
4089 memcpy(dynamic_response_info.response + 2, aidResponse, respondLen + 2);
4090 dynamic_response_info.response_n = respondLen + 2;
4091 } else { // Any other SELECT FILE command will return with a Not Found
4092 dynamic_response_info.response[2] = 0x6A;
4093 dynamic_response_info.response[3] = 0x82;
4094 dynamic_response_info.response_n = 4;
4095 }
4096 }
4097 break;
4098
4099 case 0xDA: { // PUT DATA
4100 // Just send them a 90 00 response
4101 dynamic_response_info.response[2] = 0x90;
4102 dynamic_response_info.response[3] = 0x00;
4103 dynamic_response_info.response_n = 4;
4104 }
4105 break;
4106
4107 case 0xCA: { // GET DATA
4108 if (sentCount == 0) {
4109 // APDU Command will just be parsed here
4110 memcpy(dynamic_response_info.response + 2, apduCommand, apduLen + 2);
4111 dynamic_response_info.response_n = respondLen + 2;
4112 } else {
4113 finished = true;
4114 break;
4115 }
4116 sentCount++;
4117 }
4118 break;
4119 default : {
4120 // Any other non-listed command
4121 // Respond Not Found
4122 dynamic_response_info.response[2] = 0x6A;
4123 dynamic_response_info.response[3] = 0x82;
4124 dynamic_response_info.response_n = 4;
4125 }
4126 }
4127 break;
4128 }
4129 break;
4130
4131 case 0xCA:
4132 case 0xC2: { // Readers sends deselect command
4133 dynamic_response_info.response[0] = 0xCA;
4134 dynamic_response_info.response[1] = 0x00;
4135 dynamic_response_info.response_n = 2;
4136 finished = true;
4137 }
4138 break;
4139
4140 default: {
4141 // Never seen this command before
4142 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
4143 if (g_dbglevel >= DBG_DEBUG) {
4144 Dbprintf("Received unknown command (len=%d):", len);
4145 Dbhexdump(len, receivedCmd, false);
4146 }
4147 // Do not respond
4148 dynamic_response_info.response_n = 0;
4149 }
4150 break;
4151 }
4152 if (dynamic_response_info.response_n > 0) {
4153
4154 // Copy the CID from the reader query
4155 dynamic_response_info.response[1] = receivedCmd[1];
4156
4157 // Add CRC bytes, always used in ISO 14443A-4 compliant cards
4158 AddCrc14A(dynamic_response_info.response, dynamic_response_info.response_n);
4159 dynamic_response_info.response_n += 2;
4160
4161 if (prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
4162 if (g_dbglevel >= DBG_DEBUG) DbpString("Error preparing tag response");
4163 LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true);
4164 break;
4165 }
4166 p_response = &dynamic_response_info;
4167 }
4168 }
4169
4170 // Send response
4171 EmSendPrecompiledCmd(p_response);
4172 }
4173
4174 switch_off();
4175
4176 set_tracing(false);
4177 BigBuf_free_keep_EM();
4178
4179 reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0);
4180 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware