//----------------------------------------------------------------------------- // Read the file EF.CardAccess and save it into a buffer (at most max_length bytes) // Returns -1 on failure or the length of the data on success // TODO: for the moment this sends only 1 APDU regardless of the requested length //----------------------------------------------------------------------------- int EPA_Read_CardAccess(uint8_t *buffer, size_t max_length) { // the response APDU of the card // since the card doesn't always care for the expected length we send it, // we reserve 262 bytes here just to be safe (256-byte APDU + SW + ISO frame) uint8_t response_apdu[262]; int rapdu_length = 0; // select the file EF.CardAccess rapdu_length = EPA_APDU((uint8_t *)apdu_select_binary_cardaccess, sizeof(apdu_select_binary_cardaccess), response_apdu); if (rapdu_length < 6 || response_apdu[rapdu_length - 4] != 0x90 || response_apdu[rapdu_length - 3] != 0x00) { DbpString("Failed to select EF.CardAccess!"); return -1; } // read the file rapdu_length = EPA_APDU((uint8_t *)apdu_read_binary, sizeof(apdu_read_binary), response_apdu); if (rapdu_length <= 6 || response_apdu[rapdu_length - 4] != 0x90 || response_apdu[rapdu_length - 3] != 0x00) { Dbprintf("Failed to read EF.CardAccess!"); return -1; } // copy the content into the buffer // length of data available: apdu_length - 4 (ISO frame) - 2 (SW) size_t to_copy = rapdu_length - 6; to_copy = to_copy < max_length ? to_copy : max_length; memcpy(buffer, response_apdu+2, to_copy); return to_copy; }
void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain){ int len = 0; //uint8_t PICC_MASTER_KEY8[8] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47}; uint8_t PICC_MASTER_KEY16[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f }; uint8_t null_key_data8[8] = {0x00}; //uint8_t null_key_data16[16] = {0x00}; //uint8_t new_key_data8[8] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77}; //uint8_t new_key_data16[16] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF}; uint8_t resp[256] = {0x00}; uint8_t IV[16] = {0x00}; size_t datalen = datain[0]; uint8_t cmd[40] = {0x00}; uint8_t encRndB[16] = {0x00}; uint8_t decRndB[16] = {0x00}; uint8_t nonce[16] = {0x00}; uint8_t both[32] = {0x00}; uint8_t encBoth[32] = {0x00}; InitDesfireCard(); LED_A_ON(); LED_B_OFF(); LED_C_OFF(); // 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32) // 4 olika crypto algo DES, 3DES, 3K3DES, AES // 3 olika kommunikations sätt, PLAIN,MAC,CRYPTO // des, nyckel 0, switch (mode){ case 1:{ uint8_t keybytes[16]; uint8_t RndA[8] = {0x00}; uint8_t RndB[8] = {0x00}; if (algo == 2) { if (datain[1] == 0xff){ memcpy(keybytes,PICC_MASTER_KEY16,16); } else { memcpy(keybytes, datain+1, datalen); } } else { if (algo == 1) { if (datain[1] == 0xff){ memcpy(keybytes,null_key_data8,8); } else{ memcpy(keybytes, datain+1, datalen); } } } struct desfire_key defaultkey = {0}; desfirekey_t key = &defaultkey; if (algo == 2) Desfire_3des_key_new_with_version(keybytes, key); else if (algo ==1) Desfire_des_key_new(keybytes, key); cmd[0] = AUTHENTICATE; cmd[1] = keyno; //keynumber len = DesfireAPDU(cmd, 2, resp); if ( !len ) { if (MF_DBGLEVEL >= MF_DBG_ERROR) { DbpString("Authentication failed. Card timeout."); } OnError(3); return; } if ( resp[2] == 0xaf ){ } else { DbpString("Authetication failed. Invalid key number."); OnError(3); return; } memcpy( encRndB, resp+3, 8); if (algo == 2) tdes_dec(&decRndB, &encRndB, key->data); else if (algo == 1) des_dec(&decRndB, &encRndB, key->data); memcpy(RndB, decRndB, 8); rol(decRndB,8); // This should be random uint8_t decRndA[8] = {0x00}; memcpy(RndA, decRndA, 8); uint8_t encRndA[8] = {0x00}; if (algo == 2) tdes_dec(&encRndA, &decRndA, key->data); else if (algo == 1) des_dec(&encRndA, &decRndA, key->data); memcpy(both, encRndA, 8); for (int x = 0; x < 8; x++) { decRndB[x] = decRndB[x] ^ encRndA[x]; } if (algo == 2) tdes_dec(&encRndB, &decRndB, key->data); else if (algo == 1) des_dec(&encRndB, &decRndB, key->data); memcpy(both + 8, encRndB, 8); cmd[0] = ADDITIONAL_FRAME; memcpy(cmd+1, both, 16 ); len = DesfireAPDU(cmd, 17, resp); if ( !len ) { if (MF_DBGLEVEL >= MF_DBG_ERROR) { DbpString("Authentication failed. Card timeout."); } OnError(3); return; } if ( resp[2] == 0x00 ){ struct desfire_key sessionKey = {0}; desfirekey_t skey = &sessionKey; Desfire_session_key_new( RndA, RndB , key, skey ); //print_result("SESSION : ", skey->data, 8); memcpy(encRndA, resp+3, 8); if (algo == 2) tdes_dec(&encRndA, &encRndA, key->data); else if (algo == 1) des_dec(&encRndA, &encRndA, key->data); rol(decRndA,8); for (int x = 0; x < 8; x++) { if (decRndA[x] != encRndA[x]) { DbpString("Authetication failed. Cannot varify PICC."); OnError(4); return; } } //Change the selected key to a new value. /* // Current key is a 3DES key, change it to a DES key if (algo == 2) { cmd[0] = CHANGE_KEY; cmd[1] = keyno; uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77}; uint8_t first, second; uint8_t buff1[8] = {0x00}; uint8_t buff2[8] = {0x00}; uint8_t buff3[8] = {0x00}; memcpy(buff1,newKey, 8); memcpy(buff2,newKey + 8, 8); ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second); memcpy(buff3, &first, 1); memcpy(buff3 + 1, &second, 1); tdes_dec(&buff1, &buff1, skey->data); memcpy(cmd+2,buff1,8); for (int x = 0; x < 8; x++) { buff2[x] = buff2[x] ^ buff1[x]; } tdes_dec(&buff2, &buff2, skey->data); memcpy(cmd+10,buff2,8); for (int x = 0; x < 8; x++) { buff3[x] = buff3[x] ^ buff2[x]; } tdes_dec(&buff3, &buff3, skey->data); memcpy(cmd+18,buff3,8); // The command always times out on the first attempt, this will retry until a response // is recieved. len = 0; while(!len) { len = DesfireAPDU(cmd,26,resp); } } else { // Current key is a DES key, change it to a 3DES key if (algo == 1) { cmd[0] = CHANGE_KEY; cmd[1] = keyno; uint8_t newKey[16] = {0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f}; uint8_t first, second; uint8_t buff1[8] = {0x00}; uint8_t buff2[8] = {0x00}; uint8_t buff3[8] = {0x00}; memcpy(buff1,newKey, 8); memcpy(buff2,newKey + 8, 8); ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second); memcpy(buff3, &first, 1); memcpy(buff3 + 1, &second, 1); des_dec(&buff1, &buff1, skey->data); memcpy(cmd+2,buff1,8); for (int x = 0; x < 8; x++) { buff2[x] = buff2[x] ^ buff1[x]; } des_dec(&buff2, &buff2, skey->data); memcpy(cmd+10,buff2,8); for (int x = 0; x < 8; x++) { buff3[x] = buff3[x] ^ buff2[x]; } des_dec(&buff3, &buff3, skey->data); memcpy(cmd+18,buff3,8); // The command always times out on the first attempt, this will retry until a response // is recieved. len = 0; while(!len) { len = DesfireAPDU(cmd,26,resp); } } } */ OnSuccess(); if (algo == 2) cmd_send(CMD_ACK,1,0,0,skey->data,16); else if (algo == 1) cmd_send(CMD_ACK,1,0,0,skey->data,8); } else { DbpString("Authetication failed."); OnError(6); return; } } break; case 2: //SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp); break; case 3:{ //defaultkey uint8_t keybytes[16] = {0x00}; if (datain[1] == 0xff){ memcpy(keybytes,PICC_MASTER_KEY16,16); } else{ memcpy(keybytes, datain+1, datalen); } struct desfire_key defaultkey = {0x00}; desfirekey_t key = &defaultkey; Desfire_aes_key_new( keybytes, key); AesCtx ctx; if ( AesCtxIni(&ctx, IV, key->data, KEY128, CBC) < 0 ){ if( MF_DBGLEVEL >= 4) { Dbprintf("AES context failed to init"); } OnError(7); return; } cmd[0] = AUTHENTICATE_AES; cmd[1] = 0x00; //keynumber len = DesfireAPDU(cmd, 2, resp); if ( !len ) { if (MF_DBGLEVEL >= MF_DBG_ERROR) { DbpString("Authentication failed. Card timeout."); } OnError(3); return; } memcpy( encRndB, resp+3, 16); // dekryptera tagnonce. AesDecrypt(&ctx, encRndB, decRndB, 16); rol(decRndB,16); memcpy(both, nonce,16); memcpy(both+16, decRndB ,16 ); AesEncrypt(&ctx, both, encBoth, 32 ); cmd[0] = ADDITIONAL_FRAME; memcpy(cmd+1, encBoth, 32 ); len = DesfireAPDU(cmd, 33, resp); // 1 + 32 == 33 if ( !len ) { if (MF_DBGLEVEL >= MF_DBG_ERROR) { DbpString("Authentication failed. Card timeout."); } OnError(3); return; } if ( resp[2] == 0x00 ){ // Create AES Session key struct desfire_key sessionKey = {0}; desfirekey_t skey = &sessionKey; Desfire_session_key_new( nonce, decRndB , key, skey ); print_result("SESSION : ", skey->data, 16); } else { DbpString("Authetication failed."); OnError(7); return; } break; } } OnSuccess(); cmd_send(CMD_ACK,1,len,0,resp,len); }
void SendCmdPCF7931(uint32_t * tab){ uint16_t u=0; uint16_t tempo=0; Dbprintf("SENDING DATA FRAME..."); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU ); LED_A_ON(); // steal this pin from the SSP and use it to control the modulation AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; //initialization of the timer AT91C_BASE_PMC->PMC_PCER |= (0x1 << 12) | (0x1 << 13) | (0x1 << 14); AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE; AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // timer disable AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV3_CLOCK; //clock at 48/32 MHz AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; AT91C_BASE_TCB->TCB_BCR = 1; tempo = AT91C_BASE_TC0->TC_CV; for(u=0;tab[u]!= 0;u+=3){ // modulate antenna HIGH(GPIO_SSC_DOUT); while(tempo != tab[u]){ tempo = AT91C_BASE_TC0->TC_CV; } // stop modulating antenna LOW(GPIO_SSC_DOUT); while(tempo != tab[u+1]){ tempo = AT91C_BASE_TC0->TC_CV; } // modulate antenna HIGH(GPIO_SSC_DOUT); while(tempo != tab[u+2]){ tempo = AT91C_BASE_TC0->TC_CV; } } LED_A_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelay(200); AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // timer disable DbpString("FINISH !"); DbpString("(Could be usefull to send the same trame many times)"); LED(0xFFFF, 1000); }