Exemple #1
0
int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
{
    // variables
    uint16_t len;     
    uint8_t par[3] = {0};  // enough for 18 parity bits
        
    uint8_t d_block[18];
    uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
        
    // command MIFARE_CLASSIC_WRITEBLOCK
    len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);

    if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);  
        return 1;
    }

	memset(d_block,'\0',18);
	memcpy(d_block, blockData, 16);
    AppendCrc14443a(d_block, 16);

	ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);

    // Receive the response
    len = ReaderReceive(receivedAnswer, receivedAnswerPar);    

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
        return 2;
    }        

    return 0;
} 
Exemple #2
0
int mifare_ultra_readblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
	// variables
	uint16_t len;
	uint8_t	bt[2];
	
	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
	
	// command MIFARE_CLASSIC_READBLOCK
	len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
	if (len == 1) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
		return 1;
	}
	if (len != 18) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: card timeout. len: %x", len);
		return 2;
	}
    
	memcpy(bt, receivedAnswer + 16, 2);
	AppendCrc14443a(receivedAnswer, 16);
	if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd CRC response error.");
		return 3;
	}
	
	memcpy(blockData, receivedAnswer, 14);
	return 0;
}
Exemple #3
0
int mifare_ultra_readblock(uint8_t blockNo, uint8_t *blockData)
{
	uint16_t len;
	uint8_t	bt[2];
	uint8_t receivedAnswer[MAX_FRAME_SIZE];
	uint8_t receivedAnswerPar[MAX_PARITY_SIZE];
	

	len = mifare_sendcmd_short(NULL, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
	if (len == 1) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
		return 1;
	}
	if (len != 18) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: card timeout. len: %x", len);
		return 2;
	}
    
	memcpy(bt, receivedAnswer + 16, 2);
	AppendCrc14443a(receivedAnswer, 16);
	if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd CRC response error.");
		return 3;
	}
	
	memcpy(blockData, receivedAnswer, 14);
	return 0;
}
Exemple #4
0
int mifare_classic_readblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
{
	// variables
	int len;	
	uint8_t	bt[2];
	
	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
	uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
	
	// command MIFARE_CLASSIC_READBLOCK
	len = mifare_sendcmd_short(pcs, 1, 0x30, blockNo, receivedAnswer, receivedAnswerPar, NULL);
	if (len == 1) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: %02x", receivedAnswer[0]);  
		return 1;
	}
	if (len != 18) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: card timeout. len: %x", len);  
		return 2;
	}

	memcpy(bt, receivedAnswer + 16, 2);
	AppendCrc14443a(receivedAnswer, 16);
	if (bt[0] != receivedAnswer[16] || bt[1] != receivedAnswer[17]) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd CRC response error.");  
		return 3;
	}
	
	memcpy(blockData, receivedAnswer, 16);
	return 0;
}
Exemple #5
0
int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData) 
{
	uint16_t len;
	uint8_t par[3] = {0};  // enough for 18 parity bits
	uint8_t d_block[18] = {0x00};
	uint8_t receivedAnswer[MAX_FRAME_SIZE];
	uint8_t receivedAnswerPar[MAX_PARITY_SIZE];

	// command MIFARE_CLASSIC_WRITEBLOCK
	len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
		if (MF_DBGLEVEL >= MF_DBG_ERROR)
			Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);
		return 1;
	}

	memcpy(d_block, blockData, 16);
	AppendCrc14443a(d_block, 16);

	ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);

	len = ReaderReceive(receivedAnswer, receivedAnswerPar);

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
		if (MF_DBGLEVEL >= MF_DBG_ERROR)
			Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
		return 2;
	}
	return 0;
}
Exemple #6
0
int mifare_classic_halt_ex(struct Crypto1State *pcs) {
	uint16_t len;	
	uint8_t receivedAnswer[4];
	uint8_t receivedAnswerPar[4];

	len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
	if (len != 0) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("halt error. response len: %x", len);  
		return 1;
	}
	return 0;
}
Exemple #7
0
int mifare_ultra_halt()
{
	uint16_t len;
	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
	uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
    
	len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
	if (len != 0) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR)
			Dbprintf("halt error. response len: %x", len);
		return 1;
	}
	return 0;
}
Exemple #8
0
int mifare_ultra_halt(uint32_t uid)
{
	uint16_t len;
	
	// Mifare HALT
	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
    
	len = mifare_sendcmd_short(NULL, true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
	if (len != 0) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("halt error. response len: %x", len);
		return 1;
	}
    
	return 0;
}
Exemple #9
0
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid) 
{
	// variables
	uint16_t len;	
	
	// Mifare HALT
	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;

	len = mifare_sendcmd_short(pcs, pcs == NULL ? false:true, 0x50, 0x00, receivedAnswer, receivedAnswerPar, NULL);
	if (len != 0) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("halt error. response len: %x", len);  
		return 1;
	}

	return 0;
}
Exemple #10
0
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
{
	// variables
	int len, i;	
	uint32_t pos;
	uint8_t par[3] = {0};		// enough for 18 Bytes to send
	byte_t res;
	
	uint8_t d_block[18], d_block_enc[18];
	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
	
	// command MIFARE_CLASSIC_WRITEBLOCK
	len = mifare_sendcmd_short(pcs, 1, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: %02x", receivedAnswer[0]);  
		return 1;
	}
	
	memcpy(d_block, blockData, 16);
	AppendCrc14443a(d_block, 16);
	
	// crypto
	for (pos = 0; pos < 18; pos++)
	{
		d_block_enc[pos] = crypto1_byte(pcs, 0x00, 0) ^ d_block[pos];
		par[pos>>3] |= (((filter(pcs->odd) ^ oddparity(d_block[pos])) & 0x01) << (7 - (pos&0x0007)));
	}	

	ReaderTransmitPar(d_block_enc, sizeof(d_block_enc), par, NULL);

	// Receive the response
	len = ReaderReceive(receivedAnswer, receivedAnswerPar);	

	res = 0;
	for (i = 0; i < 4; i++)
		res |= (crypto1_bit(pcs, 0, 0) ^ BIT(receivedAnswer[0], i)) << i;

	if ((len != 1) || (res != 0x0A)) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd send data2 Error: %02x", res);  
		return 2;
	}
	
	return 0;
}
Exemple #11
0
int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t *ntptr, uint32_t *timing) 
{
	// variables
	int len;	
	uint32_t pos;
	uint8_t tmp4[4];
	uint8_t par[1] = {0};
	byte_t nr[4];
	uint32_t nt, ntpp; // Supplied tag nonce
	
	uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
	
	// Transmit MIFARE_CLASSIC_AUTH
	len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer, receivedAnswerPar, timing);
	if (MF_DBGLEVEL >= 4)	Dbprintf("rand tag nonce len: %x", len);  
	if (len != 4) return 1;
	
	// "random" reader nonce:
	nr[0] = 0x55;
	nr[1] = 0x41;
	nr[2] = 0x49;
	nr[3] = 0x92; 
	
	// Save the tag nonce (nt)
	nt = bytes_to_num(receivedAnswer, 4);

	//  ----------------------------- crypto1 create
	if (isNested)
		crypto1_destroy(pcs);

	// Init cipher with key
	crypto1_create(pcs, ui64Key);

	if (isNested == AUTH_NESTED) {
		// decrypt nt with help of new key 
		nt = crypto1_word(pcs, nt ^ uid, 1) ^ nt;
	} else {
		// Load (plain) uid^nt into the cipher
		crypto1_word(pcs, nt ^ uid, 0);
	}

	// some statistic
	if (!ntptr && (MF_DBGLEVEL >= 3))
		Dbprintf("auth uid: %08x nt: %08x", uid, nt);  
	
	// save Nt
	if (ntptr)
		*ntptr = nt;

		
	// Generate (encrypted) nr+parity by loading it into the cipher (Nr)
	par[0] = 0;
	for (pos = 0; pos < 4; pos++)
	{
		mf_nr_ar[pos] = crypto1_byte(pcs, nr[pos], 0) ^ nr[pos];
		par[0] |= (((filter(pcs->odd) ^ oddparity(nr[pos])) & 0x01) << (7-pos));
	}	
		
	// Skip 32 bits in pseudo random generator
	nt = prng_successor(nt,32);

	//  ar+parity
	for (pos = 4; pos < 8; pos++)
	{
		nt = prng_successor(nt,8);
		mf_nr_ar[pos] = crypto1_byte(pcs,0x00,0) ^ (nt & 0xff);
		par[0] |= (((filter(pcs->odd) ^ oddparity(nt & 0xff)) & 0x01) << (7-pos));
	}	
		
	// Transmit reader nonce and reader answer
	ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);

	// Receive 4 byte tag answer
	len = ReaderReceive(receivedAnswer, receivedAnswerPar);
	if (!len)
	{
		if (MF_DBGLEVEL >= 1)	Dbprintf("Authentication failed. Card timeout.");
		return 2;
	}
	
	memcpy(tmp4, receivedAnswer, 4);
	ntpp = prng_successor(nt, 32) ^ crypto1_word(pcs, 0,0);
	
	if (ntpp != bytes_to_num(tmp4, 4)) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Authentication failed. Error card response.");
		return 3;
	}

	return 0;
}
Exemple #12
0
int mifare_ultra_auth(uint8_t *keybytes){

	/// 3des2k

	uint8_t random_a[8] = {1,1,1,1,1,1,1,1};
	uint8_t random_b[8] = {0x00};
	uint8_t enc_random_b[8] = {0x00};
	uint8_t rnd_ab[16] = {0x00};
	uint8_t IV[8] = {0x00};
	uint8_t key[16] = {0x00};
	memcpy(key, keybytes, 16);

	uint16_t len;
	uint8_t resp[19] = {0x00};
	uint8_t respPar[3] = {0,0,0};

	// REQUEST AUTHENTICATION
	len = mifare_sendcmd_short(NULL, 1, 0x1A, 0x00, resp, respPar ,NULL);
	if (len != 11) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);
		return 0;
	}

	// tag nonce.
	memcpy(enc_random_b,resp+1,8);

	// decrypt nonce.
	tdes_2key_dec(random_b, enc_random_b, sizeof(random_b), key, IV );
	rol(random_b,8);
	memcpy(rnd_ab  ,random_a,8);
	memcpy(rnd_ab+8,random_b,8);

	if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
		Dbprintf("enc_B: %02x %02x %02x %02x %02x %02x %02x %02x",
			enc_random_b[0],enc_random_b[1],enc_random_b[2],enc_random_b[3],enc_random_b[4],enc_random_b[5],enc_random_b[6],enc_random_b[7]);

		Dbprintf("    B: %02x %02x %02x %02x %02x %02x %02x %02x",
			random_b[0],random_b[1],random_b[2],random_b[3],random_b[4],random_b[5],random_b[6],random_b[7]);

		Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",
				rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);

		Dbprintf("rnd_ab: %02x %02x %02x %02x %02x %02x %02x %02x",
				rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15] );
	}

	// encrypt    out, in, length, key, iv
	tdes_2key_enc(rnd_ab, rnd_ab, sizeof(rnd_ab), key, enc_random_b);
	//len = mifare_sendcmd_short_mfucauth(NULL, 1, 0xAF, rnd_ab, resp, respPar, NULL);
	len = mifare_sendcmd(0xAF, rnd_ab, sizeof(rnd_ab), resp, respPar, NULL);
	if (len != 11) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Cmd Error: %02x", resp[0]);
		return 0;
	}

	uint8_t enc_resp[8] = { 0,0,0,0,0,0,0,0 };
	uint8_t resp_random_a[8] = { 0,0,0,0,0,0,0,0 };
	memcpy(enc_resp, resp+1, 8);

	// decrypt    out, in, length, key, iv 
	tdes_2key_dec(resp_random_a, enc_resp, 8, key, enc_random_b);
	if ( memcmp(resp_random_a, random_a, 8) != 0 ) {
		if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("failed authentication");
		return 0;
	}

	if (MF_DBGLEVEL >= MF_DBG_EXTENDED) {
		Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x", 
				rnd_ab[0],rnd_ab[1],rnd_ab[2],rnd_ab[3],
				rnd_ab[4],rnd_ab[5],rnd_ab[6],rnd_ab[7]);

		Dbprintf("e_AB: %02x %02x %02x %02x %02x %02x %02x %02x",
				rnd_ab[8],rnd_ab[9],rnd_ab[10],rnd_ab[11],
				rnd_ab[12],rnd_ab[13],rnd_ab[14],rnd_ab[15]);

		Dbprintf("a: %02x %02x %02x %02x %02x %02x %02x %02x",
				random_a[0],random_a[1],random_a[2],random_a[3],
				random_a[4],random_a[5],random_a[6],random_a[7]);

		Dbprintf("b: %02x %02x %02x %02x %02x %02x %02x %02x",
				resp_random_a[0],resp_random_a[1],resp_random_a[2],resp_random_a[3],
				resp_random_a[4],resp_random_a[5],resp_random_a[6],resp_random_a[7]);
	}
	return 1;
}