Exemplo n.º 1
0
int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
{
    // variables
    uint16_t len;     
    uint8_t par[3] = {0};  // enough for 18 parity bits
        
    uint8_t d_block[18];
    uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
        
    // command MIFARE_CLASSIC_WRITEBLOCK
    len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);

    if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);  
        return 1;
    }

	memset(d_block,'\0',18);
	memcpy(d_block, blockData, 16);
    AppendCrc14443a(d_block, 16);

	ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);

    // Receive the response
    len = ReaderReceive(receivedAnswer, receivedAnswerPar);    

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
        if (MF_DBGLEVEL >= 1)   Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
        return 2;
    }        

    return 0;
} 
Exemplo n.º 2
0
int mifare_ultra_writeblock(uint8_t blockNo, uint8_t *blockData) 
{
	uint16_t len;
	uint8_t par[3] = {0};  // enough for 18 parity bits
	uint8_t d_block[18] = {0x00};
	uint8_t receivedAnswer[MAX_FRAME_SIZE];
	uint8_t receivedAnswerPar[MAX_PARITY_SIZE];

	// command MIFARE_CLASSIC_WRITEBLOCK
	len = mifare_sendcmd_short(NULL, true, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
		if (MF_DBGLEVEL >= MF_DBG_ERROR)
			Dbprintf("Cmd Addr Error: %02x", receivedAnswer[0]);
		return 1;
	}

	memcpy(d_block, blockData, 16);
	AppendCrc14443a(d_block, 16);

	ReaderTransmitPar(d_block, sizeof(d_block), par, NULL);

	len = ReaderReceive(receivedAnswer, receivedAnswerPar);

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
		if (MF_DBGLEVEL >= MF_DBG_ERROR)
			Dbprintf("Cmd Data Error: %02x %d", receivedAnswer[0],len);
		return 2;
	}
	return 0;
}
Exemplo n.º 3
0
int mifare_sendcmd_shortex(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t data, uint8_t *answer, uint8_t *answer_parity, uint32_t *timing)
{
	uint8_t dcmd[4], ecmd[4];
	uint16_t pos, res;
	uint8_t par[1];			// 1 Byte parity is enough here
	dcmd[0] = cmd;
	dcmd[1] = data;
	AppendCrc14443a(dcmd, 2);
	
	memcpy(ecmd, dcmd, sizeof(dcmd));
	
	if (crypted) {
		par[0] = 0;
		for (pos = 0; pos < 4; pos++)
		{
			ecmd[pos] = crypto1_byte(pcs, 0x00, 0) ^ dcmd[pos];
			par[0] |= (((filter(pcs->odd) ^ oddparity(dcmd[pos])) & 0x01) << (7-pos));
		}	

		ReaderTransmitPar(ecmd, sizeof(ecmd), par, timing);

	} else {
		ReaderTransmit(dcmd, sizeof(dcmd), timing);
	}

	int len = ReaderReceive(answer, par);
	
	if (answer_parity) *answer_parity = par[0];
	
	if (crypted == CRYPT_ALL) {
		if (len == 1) {
			res = 0;
			for (pos = 0; pos < 4; pos++)
				res |= (crypto1_bit(pcs, 0, 0) ^ BIT(answer[0], pos)) << pos;
				
			answer[0] = res;
			
		} else {
			for (pos = 0; pos < len; pos++)
			{
				answer[pos] = crypto1_byte(pcs, 0x00, 0) ^ answer[pos];
			}
		}
	}
	
	return len;
}
Exemplo n.º 4
0
int mifare_classic_writeblock(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t *blockData) 
{
	// variables
	int len, i;	
	uint32_t pos;
	uint8_t par[3] = {0};		// enough for 18 Bytes to send
	byte_t res;
	
	uint8_t d_block[18], d_block_enc[18];
	uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
	
	// command MIFARE_CLASSIC_WRITEBLOCK
	len = mifare_sendcmd_short(pcs, 1, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL);

	if ((len != 1) || (receivedAnswer[0] != 0x0A)) {   //  0x0a - ACK
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd Error: %02x", receivedAnswer[0]);  
		return 1;
	}
	
	memcpy(d_block, blockData, 16);
	AppendCrc14443a(d_block, 16);
	
	// crypto
	for (pos = 0; pos < 18; pos++)
	{
		d_block_enc[pos] = crypto1_byte(pcs, 0x00, 0) ^ d_block[pos];
		par[pos>>3] |= (((filter(pcs->odd) ^ oddparity(d_block[pos])) & 0x01) << (7 - (pos&0x0007)));
	}	

	ReaderTransmitPar(d_block_enc, sizeof(d_block_enc), par, NULL);

	// Receive the response
	len = ReaderReceive(receivedAnswer, receivedAnswerPar);	

	res = 0;
	for (i = 0; i < 4; i++)
		res |= (crypto1_bit(pcs, 0, 0) ^ BIT(receivedAnswer[0], i)) << i;

	if ((len != 1) || (res != 0x0A)) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Cmd send data2 Error: %02x", res);  
		return 2;
	}
	
	return 0;
}
Exemplo n.º 5
0
int mifare_classic_authex(struct Crypto1State *pcs, uint32_t uid, uint8_t blockNo, uint8_t keyType, uint64_t ui64Key, uint8_t isNested, uint32_t *ntptr, uint32_t *timing) 
{
	// variables
	int len;	
	uint32_t pos;
	uint8_t tmp4[4];
	uint8_t par[1] = {0};
	byte_t nr[4];
	uint32_t nt, ntpp; // Supplied tag nonce
	
	uint8_t mf_nr_ar[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
	uint8_t *receivedAnswer = get_bigbufptr_recvrespbuf();
	uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
	
	// Transmit MIFARE_CLASSIC_AUTH
	len = mifare_sendcmd_short(pcs, isNested, 0x60 + (keyType & 0x01), blockNo, receivedAnswer, receivedAnswerPar, timing);
	if (MF_DBGLEVEL >= 4)	Dbprintf("rand tag nonce len: %x", len);  
	if (len != 4) return 1;
	
	// "random" reader nonce:
	nr[0] = 0x55;
	nr[1] = 0x41;
	nr[2] = 0x49;
	nr[3] = 0x92; 
	
	// Save the tag nonce (nt)
	nt = bytes_to_num(receivedAnswer, 4);

	//  ----------------------------- crypto1 create
	if (isNested)
		crypto1_destroy(pcs);

	// Init cipher with key
	crypto1_create(pcs, ui64Key);

	if (isNested == AUTH_NESTED) {
		// decrypt nt with help of new key 
		nt = crypto1_word(pcs, nt ^ uid, 1) ^ nt;
	} else {
		// Load (plain) uid^nt into the cipher
		crypto1_word(pcs, nt ^ uid, 0);
	}

	// some statistic
	if (!ntptr && (MF_DBGLEVEL >= 3))
		Dbprintf("auth uid: %08x nt: %08x", uid, nt);  
	
	// save Nt
	if (ntptr)
		*ntptr = nt;

		
	// Generate (encrypted) nr+parity by loading it into the cipher (Nr)
	par[0] = 0;
	for (pos = 0; pos < 4; pos++)
	{
		mf_nr_ar[pos] = crypto1_byte(pcs, nr[pos], 0) ^ nr[pos];
		par[0] |= (((filter(pcs->odd) ^ oddparity(nr[pos])) & 0x01) << (7-pos));
	}	
		
	// Skip 32 bits in pseudo random generator
	nt = prng_successor(nt,32);

	//  ar+parity
	for (pos = 4; pos < 8; pos++)
	{
		nt = prng_successor(nt,8);
		mf_nr_ar[pos] = crypto1_byte(pcs,0x00,0) ^ (nt & 0xff);
		par[0] |= (((filter(pcs->odd) ^ oddparity(nt & 0xff)) & 0x01) << (7-pos));
	}	
		
	// Transmit reader nonce and reader answer
	ReaderTransmitPar(mf_nr_ar, sizeof(mf_nr_ar), par, NULL);

	// Receive 4 byte tag answer
	len = ReaderReceive(receivedAnswer, receivedAnswerPar);
	if (!len)
	{
		if (MF_DBGLEVEL >= 1)	Dbprintf("Authentication failed. Card timeout.");
		return 2;
	}
	
	memcpy(tmp4, receivedAnswer, 4);
	ntpp = prng_successor(nt, 32) ^ crypto1_word(pcs, 0,0);
	
	if (ntpp != bytes_to_num(tmp4, 4)) {
		if (MF_DBGLEVEL >= 1)	Dbprintf("Authentication failed. Error card response.");
		return 3;
	}

	return 0;
}