// internal sending function. not a RAMFUNC.
bool intMfSniffSend() {
int pckSize = 0;
int pckLen = traceLen;
int pckNum = 0;
FpgaDisableSscDma();
while (pckLen > 0) {
pckSize = MIN(USB_CMD_DATA_SIZE, pckLen);
LED_B_ON();
cmd_send(CMD_ACK, 1, pckSize, pckNum, trace + traceLen - pckLen, pckSize);
LED_B_OFF();
pckLen -= pckSize;
pckNum++;
}
LED_B_ON();
cmd_send(CMD_ACK,2,0,0,0,0);
LED_B_OFF();
iso14a_clear_trace();
return TRUE;
}
// internal sending function. not a RAMFUNC.
bool intMfSniffSend() {
int pckSize = 0;
int pckLen = BigBuf_get_traceLen();
int pckNum = 0;
uint8_t *trace = BigBuf_get_addr();
FpgaDisableSscDma();
while (pckLen > 0) {
pckSize = MIN(USB_CMD_DATA_SIZE, pckLen);
LED_B_ON();
cmd_send(CMD_ACK, 1, BigBuf_get_traceLen(), pckSize, trace + BigBuf_get_traceLen() - pckLen, pckSize);
LED_B_OFF();
pckLen -= pckSize;
pckNum++;
}
LED_B_ON();
cmd_send(CMD_ACK,2,0,0,0,0);
LED_B_OFF();
clear_trace();
return TRUE;
}
int main(int argc, char **argv)
{
int bufsize = 1024*1024;
char buffer[bufsize], *bstate;
int n;
Net_timeout_t dt;
NetStream_t *ns;
char cmd[512];
char *host;
int port = 6714;
int timeout = 15;
if (argc < 2) {
printf("get_version -a | host [port timeout]\n");
printf(" -a -Use the local host and default port\n");
return(0);
}
if (strcmp(argv[1], "-a") == 0) {
host = (char *)malloc(1024);
gethostname(host, 1023);
} else {
host = argv[1];
}
if (argc > 2) port = atoi(argv[2]);
if (argc == 4) timeout = atoi(argv[3]);
set_net_timeout(&dt, timeout, 0);
sprintf(cmd, "1 4 5 %d\n", timeout); // IBP_ST_VERSION command
assert(apr_initialize() == APR_SUCCESS);
dns_cache_init(10);
ns = cmd_send(host, port, cmd, &bstate, timeout);
if (ns == NULL) return(-1);
if (bstate != NULL) free(bstate);
//** Read the result. Termination occurs when the line "END" is read.
//** Note that readline_netstream strips the "\n" from the end of the line
n = NS_OK;
while (n == NS_OK) {
n = readline_netstream(ns, buffer, bufsize, dt);
if (n == NS_OK) {
if (strcmp(buffer, "END") == 0) {
n = NS_OK+1;
} else {
printf("%s\n", buffer);
}
}
}
//** Close the connection
close_netstream(ns);
apr_terminate();
return(0);
}
int
cmd_handler_mc1322x(const uint8_t *data, int len)
{
if(data[0] == '!') {
if(data[1] == 'C') {
printf("mc1322x_cmd: setting channel: %d\n", data[2]);
set_channel(data[2]-11);
return 1;
} else if(data[1] == 'M') {
printf("mc1322x_cmd: Got MAC\n");
memcpy(uip_lladdr.addr, data+2, sizeof(uip_lladdr.addr));
rimeaddr_set_node_addr((rimeaddr_t *) uip_lladdr.addr);
return 1;
}
} else if(data[0] == '?') {
if(data[1] == 'C') {
uint8_t buf[4];
printf("mc1322x_cmd: getting channel: %d\n", data[2]);
buf[0] = '!';
buf[1] = 'C';
//Not implemented in MACA driver
buf[2] = 0;
cmd_send(buf, 3);
return 1;
}
}
return 0;
}
bool MfSniffEnd(void){
LED_B_ON();
cmd_send(CMD_ACK,0,0,0,0,0);
LED_B_OFF();
return FALSE;
}
/*---------------------------------------------------------------------------*/
static int
slip_radio_cmd_handler(const uint8_t *data, int len)
{
int i;
if(data[0] == '!') {
/* should send out stuff to the radio - ignore it as IP */
/* --- s e n d --- */
if(data[1] == 'S') {
int pos;
packet_ids[packet_pos] = data[2];
packetbuf_clear();
pos = packetutils_deserialize_atts(&data[3], len - 3);
if(pos < 0) {
PRINTF("slip-radio: illegal packet attributes\n");
return 1;
}
pos += 3;
len -= pos;
if(len > PACKETBUF_SIZE) {
len = PACKETBUF_SIZE;
}
memcpy(packetbuf_dataptr(), &data[pos], len);
packetbuf_set_datalen(len);
PRINTF("slip-radio: sending %u (%d bytes)\n",
data[2], packetbuf_datalen());
/* parse frame before sending to get addresses, etc. */
no_framer.parse();
NETSTACK_MAC.send(packet_sent, &packet_ids[packet_pos]);
packet_pos++;
if(packet_pos >= sizeof(packet_ids)) {
packet_pos = 0;
}
return 1;
} else if(data[1] == 'R' && len == 2) {
#if !CONTIKI_TARGET_CC2538DK
PRINTF("Rebooting\n");
watchdog_reboot();
#endif
return 1;
}
} else if(uip_buf[0] == '?') {
PRINTF("Got request message of type %c\n", uip_buf[1]);
if(data[1] == 'M' && len == 2) {
/* this is just a test so far... just to see if it works */
uip_buf[0] = '!';
uip_buf[1] = 'M';
for(i = 0; i < 8; i++) {
uip_buf[2 + i] = uip_lladdr.addr[i];
}
uip_len = 10;
cmd_send(uip_buf, uip_len);
return 1;
}
}
return 0;
}
int
cmd_handler_cc2420(const uint8_t *data, int len)
{
if(data[0] == '!') {
if(data[1] == 'C' && len == 3) {
printf("cc2420_cmd: setting channel: %d\n", data[2]);
cc2420_set_channel(data[2]);
return 1;
} else if(data[1] == 'M' && len == 10) {
printf("cc2420_cmd: Got MAC\n");
memcpy(uip_lladdr.addr, data+2, sizeof(uip_lladdr.addr));
linkaddr_set_node_addr((linkaddr_t *) uip_lladdr.addr);
uint16_t shortaddr = (linkaddr_node_addr.u8[0] << 8) +
linkaddr_node_addr.u8[1];
cc2420_set_pan_addr(IEEE802154_PANID, shortaddr, linkaddr_node_addr.u8);
return 1;
}
} else if(data[0] == '?') {
if(data[1] == 'C' && len == 2) {
uint8_t buf[4];
printf("cc2420_cmd: getting channel: %d\n", data[2]);
buf[0] = '!';
buf[1] = 'C';
buf[2] = cc2420_get_channel();
cmd_send(buf, 3);
return 1;
}
}
return 0;
}
//-----------------------------------------------------------------------------
// Abort helper function for EPA_PACE_Collect_Nonce
// sets relevant data in ack, sends the response
//-----------------------------------------------------------------------------
static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
{
// power down the field
EPA_Finish();
// send the USB packet
cmd_send(CMD_ACK,step,func_return,0,0,0);
}
int gcmd_edi(char *cmd, t_pm *pm)
{
if (nsp_get(cmd) != 1)
{
cmd_put(-1, cmd);
cmd_send(pm, "mct\n");
return (-1);
}
ping_save(pm);
cmd_put(1, cmd);
return (1);
}
void
cmd_list_send(struct cmd_list *cmdlist, struct buffer *b)
{
struct cmd *cmd;
u_int n;
n = 0;
TAILQ_FOREACH(cmd, cmdlist, qentry)
n++;
buffer_write(b, &n, sizeof n);
TAILQ_FOREACH(cmd, cmdlist, qentry)
cmd_send(cmd, b);
}
static int
ws_execute(struct http_client *c, const char *frame, size_t frame_len) {
struct cmd*(*fun_extract)(struct http_client *, const char *, size_t) = NULL;
formatting_fun fun_reply = NULL;
if((c->path_sz == 1 && strncmp(c->path, "/", 1) == 0) ||
strncmp(c->path, "/.json", 6) == 0) {
fun_extract = json_ws_extract;
fun_reply = json_reply;
} else if(strncmp(c->path, "/.raw", 5) == 0) {
fun_extract = raw_ws_extract;
fun_reply = raw_reply;
}
if(fun_extract) {
/* Parse websocket frame into a cmd object. */
struct cmd *cmd = fun_extract(c, frame, frame_len);
if(cmd) {
/* copy client info into cmd. */
cmd_setup(cmd, c);
cmd->is_websocket = 1;
if (c->pub_sub != NULL) {
/* This client already has its own connection
* to Redis due to a subscription; use it from
* now on. */
cmd->ac = c->pub_sub->ac;
} else if (cmd_is_subscribe(cmd)) {
/* New subscribe command; make new Redis context
* for this client */
cmd->ac = pool_connect(c->w->pool, cmd->database, 0);
c->pub_sub = cmd;
cmd->pub_sub_client = c;
} else {
/* get Redis connection from pool */
cmd->ac = (redisAsyncContext*)pool_get_context(c->w->pool);
}
/* send it off */
cmd_send(cmd, fun_reply);
return 0;
}
}
return -1;
}
/*---------------------------------------------------------------------------*/
void
cmd_input(const uint8_t *data, int data_len)
{
int i;
for(i = 0; cmd_handlers[i] != NULL; i++) {
if(cmd_handlers[i](data, data_len)) {
/* Command has been handled */
return;
}
}
/* Unknown command */
cmd_send((uint8_t *)"EUnknown command", 16);
}
//-----------------------------------------------------------------------------
// Abort helper function for EPA_PACE_Collect_Nonce
// sets relevant data in ack, sends the response
//-----------------------------------------------------------------------------
static void EPA_PACE_Collect_Nonce_Abort(uint8_t step, int func_return)
{
// // step in which the failure occured
// ack->arg[0] = step;
// // last return code
// ack->arg[1] = func_return;
// power down the field
EPA_Finish();
// send the USB packet
cmd_send(CMD_ACK,step,func_return,0,0,0);
//UsbSendPacket((void *)ack, sizeof(UsbCommand));
}
/*---------------------------------------------------------------------------*/
int
border_router_cmd_handler(const uint8_t *data, int len)
{
/* handle global repair, etc here */
if(data[0] == '!') {
PRINTF("Got configuration message of type %c\n", data[1]);
if(data[1] == 'G') {
/* This is supposed to be from stdin */
printf("Performing Global Repair...\n");
rpl_repair_root(RPL_DEFAULT_INSTANCE);
return 1;
} else if(data[1] == 'M') {
/* We need to know that this is from the slip-radio here. */
PRINTF("Setting MAC address\n");
border_router_set_mac(&data[2]);
return 1;
} else if(data[1] == 'C') {
/* We need to know that this is from the slip-radio here. */
printf("Channel is:%d\n", data[2]);
return 1;
} else if(data[1] == 'R') {
/* We need to know that this is from the slip-radio here. */
PRINTF("Packet data report for sid:%d st:%d tx:%d\n",
data[2], data[3], data[4]);
packet_sent(data[2], data[3], data[4]);
return 1;
} else if(data[1] == 'D') {
/* We need to know that this is from the slip-radio here... */
PRINTF("Sensor data received\n");
border_router_set_sensors((const char *)&data[2], len - 2);
return 1;
}
} else if(data[0] == '?') {
PRINTF("Got request message of type %c\n", data[1]);
if(data[1] == 'M') {
uint8_t buf[20];
char* hexchar = "0123456789abcdef";
int j;
/* this is just a test so far... just to see if it works */
buf[0] = '!';
buf[1] = 'M';
for(j = 0; j < 8; j++) {
buf[2 + j * 2] = hexchar[uip_lladdr.addr[j] >> 4];
buf[3 + j * 2] = hexchar[uip_lladdr.addr[j] & 15];
}
cmd_send(buf, 18);
return 1;
} else if(data[1] == 'C') {
/*---------------------------------------------------------------------------*/
void
cmd_input(const uint8_t *data, int data_len)
{
int i;
char text[30];
for(i = 0; cmd_handlers[i] != NULL; i++) {
if(cmd_handlers[i](data, data_len)) {
/* Command has been handled */
return;
}
}
/* Unknown command */
sprintf(text, "EUnknown command %x%x (%d)", data[0], data[1], data_len);
cmd_send((uint8_t *)text, strlen(text));
}
int main(int argc, char **argv)
{
int bufsize = 1024*1024;
char buffer[bufsize], *bstate;
int i, port, delay, timeout, slen;
char *host, *rid, *msg;
NetStream_t *ns;
if (argc < 5) {
printf("ibp_detach_rid host port RID delay_before_umount [msg]\n");
printf("\n");
return(0);
}
i = 1;
host = argv[i]; i++;
port = atoi(argv[i]); i++;
rid = argv[i]; i++;
delay = atoi(argv[i]); i++;
timeout = 3600;
if (timeout < delay) timeout = delay + 30; //** Make sure the timeout is longer than the delay
msg = "";
if (argc > i) msg = argv[i];
slen = strlen(msg);
sprintf(buffer, "1 92 %s %d %d %d %s\n", rid, delay, timeout, slen, msg); // IBP_INTERNAL_RID_UMOUNT command
//printf("argc=%d i=%d command=%s\n", argc, i, buffer);
//return(0);
assert(apr_initialize() == APR_SUCCESS);
dns_cache_init(10);
ns = cmd_send(host, port, buffer, &bstate, timeout);
if (ns == NULL) return(-1);
if (bstate != NULL) free(bstate);
//** Close the connection
close_netstream(ns);
apr_terminate();
return(0);
}
void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain){
/* ARG0 contains flags.
0x01 = init card.
0x02 = Disconnect
0x03
*/
uint8_t flags = arg0;
size_t datalen = arg1;
uint8_t resp[RECEIVE_SIZE];
memset(resp,0,sizeof(resp));
if (MF_DBGLEVEL >= 4) {
Dbprintf(" flags : %02X", flags);
Dbprintf(" len : %02X", datalen);
print_result(" RX : ", datain, datalen);
}
if ( flags & CLEARTRACE )
clear_trace();
if ( flags & INIT ){
if ( !InitDesfireCard() )
return;
}
int len = DesfireAPDU(datain, datalen, resp);
if (MF_DBGLEVEL >= 4)
print_result("ERR <--: ", resp, len);
if ( !len ) {
OnError(2);
return;
}
// reset the pcb_blocknum,
pcb_blocknum = 0;
if ( flags & DISCONNECT )
OnSuccess();
cmd_send(CMD_ACK,1,len,0,resp,len);
}
/*---------------------------------------------------------------------------*/
static void
packet_sent(void *ptr, int status, int transmissions)
{
uint8_t buf[20];
uint8_t sid;
int pos;
sid = *((uint8_t *)ptr);
PRINTF("Slip-radio: packet sent! sid: %d, status: %d, tx: %d\n",
sid, status, transmissions);
/* packet callback from lower layers */
/* neighbor_info_packet_sent(status, transmissions); */
pos = 0;
buf[pos++] = '!';
buf[pos++] = 'R';
buf[pos++] = sid;
buf[pos++] = status; /* one byte ? */
buf[pos++] = transmissions;
cmd_send(buf, pos);
}
int
cmd_handler_cooja(const uint8_t *data, int len)
{
if(data[0] == '!') {
if(data[1] == 'C' && len == 3) {
printf("cooja_cmd: setting channel: %d\n", data[2]);
radio_set_channel(data[2]);
//Enable radio
NETSTACK_RDC.off(1);
return 1;
} else if(data[1] == 'M' && len == 10) {
if(!linkaddr_cmp((linkaddr_t *)(data+2), &linkaddr_null)) {
printf("cooja_cmd: Got MAC\n");
if(linkaddr_cmp(&default_link_addr, &linkaddr_null)) {
linkaddr_copy(&default_link_addr, &linkaddr_node_addr);
}
memcpy(uip_lladdr.addr, data+2, sizeof(uip_lladdr.addr));
linkaddr_set_node_addr((linkaddr_t *) uip_lladdr.addr);
} else {
printf("cooja_cmd: Clear MAC disabled\n");
if(!linkaddr_cmp(&default_link_addr, &linkaddr_null)) {
memcpy(uip_lladdr.addr, &default_link_addr, sizeof(uip_lladdr.addr));
linkaddr_set_node_addr(&default_link_addr);
}
//Stop radio
NETSTACK_RDC.off(0);
}
return 1;
}
} else if(data[0] == '?') {
if(data[1] == 'C' && len == 2) {
uint8_t buf[4];
printf("cooja_cmd: getting channel: %d\n", data[2]);
buf[0] = '!';
buf[1] = 'C';
buf[2] = 0;
cmd_send(buf, 3);
return 1;
}
}
return 0;
}
static int
ws_execute(struct http_client *c, const char *frame, size_t frame_len) {
struct cmd*(*fun_extract)(struct http_client *, const char *, size_t) = NULL;
formatting_fun fun_reply = NULL;
if((c->path_sz == 1 && strncmp(c->path, "/", 1) == 0) ||
strncmp(c->path, "/.json", 6) == 0) {
fun_extract = json_ws_extract;
fun_reply = json_reply;
} else if(strncmp(c->path, "/.raw", 5) == 0) {
fun_extract = raw_ws_extract;
fun_reply = raw_reply;
}
if(fun_extract) {
/* Parse websocket frame into a cmd object. */
struct cmd *cmd = fun_extract(c, frame, frame_len);
if(cmd) {
/* copy client info into cmd. */
cmd_setup(cmd, c);
cmd->is_websocket = 1;
/* get Redis connection from pool */
cmd->ac = (redisAsyncContext*)pool_get_context(c->w->pool);
/* send it off */
cmd_send(cmd, fun_reply);
return 0;
}
}
return -1;
}
void MifareDES_Auth1(uint8_t mode, uint8_t algo, uint8_t keyno, uint8_t *datain){
int len = 0;
//uint8_t PICC_MASTER_KEY8[8] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47};
uint8_t PICC_MASTER_KEY16[16] = { 0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f };
uint8_t null_key_data8[8] = {0x00};
//uint8_t null_key_data16[16] = {0x00};
//uint8_t new_key_data8[8] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
//uint8_t new_key_data16[16] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF};
uint8_t resp[256] = {0x00};
uint8_t IV[16] = {0x00};
size_t datalen = datain[0];
uint8_t cmd[40] = {0x00};
uint8_t encRndB[16] = {0x00};
uint8_t decRndB[16] = {0x00};
uint8_t nonce[16] = {0x00};
uint8_t both[32] = {0x00};
uint8_t encBoth[32] = {0x00};
InitDesfireCard();
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
// 3 olika sätt att authenticera. AUTH (CRC16) , AUTH_ISO (CRC32) , AUTH_AES (CRC32)
// 4 olika crypto algo DES, 3DES, 3K3DES, AES
// 3 olika kommunikations sätt, PLAIN,MAC,CRYPTO
// des, nyckel 0,
switch (mode){
case 1:{
uint8_t keybytes[16];
uint8_t RndA[8] = {0x00};
uint8_t RndB[8] = {0x00};
if (algo == 2) {
if (datain[1] == 0xff){
memcpy(keybytes,PICC_MASTER_KEY16,16);
} else {
memcpy(keybytes, datain+1, datalen);
}
} else {
if (algo == 1) {
if (datain[1] == 0xff){
memcpy(keybytes,null_key_data8,8);
} else{
memcpy(keybytes, datain+1, datalen);
}
}
}
struct desfire_key defaultkey = {0};
desfirekey_t key = &defaultkey;
if (algo == 2)
Desfire_3des_key_new_with_version(keybytes, key);
else if (algo ==1)
Desfire_des_key_new(keybytes, key);
cmd[0] = AUTHENTICATE;
cmd[1] = keyno; //keynumber
len = DesfireAPDU(cmd, 2, resp);
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
if ( resp[2] == 0xaf ){
} else {
DbpString("Authetication failed. Invalid key number.");
OnError(3);
return;
}
memcpy( encRndB, resp+3, 8);
if (algo == 2)
tdes_dec(&decRndB, &encRndB, key->data);
else if (algo == 1)
des_dec(&decRndB, &encRndB, key->data);
memcpy(RndB, decRndB, 8);
rol(decRndB,8);
// This should be random
uint8_t decRndA[8] = {0x00};
memcpy(RndA, decRndA, 8);
uint8_t encRndA[8] = {0x00};
if (algo == 2)
tdes_dec(&encRndA, &decRndA, key->data);
else if (algo == 1)
des_dec(&encRndA, &decRndA, key->data);
memcpy(both, encRndA, 8);
for (int x = 0; x < 8; x++) {
decRndB[x] = decRndB[x] ^ encRndA[x];
}
if (algo == 2)
tdes_dec(&encRndB, &decRndB, key->data);
else if (algo == 1)
des_dec(&encRndB, &decRndB, key->data);
memcpy(both + 8, encRndB, 8);
cmd[0] = ADDITIONAL_FRAME;
memcpy(cmd+1, both, 16 );
len = DesfireAPDU(cmd, 17, resp);
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
if ( resp[2] == 0x00 ){
struct desfire_key sessionKey = {0};
desfirekey_t skey = &sessionKey;
Desfire_session_key_new( RndA, RndB , key, skey );
//print_result("SESSION : ", skey->data, 8);
memcpy(encRndA, resp+3, 8);
if (algo == 2)
tdes_dec(&encRndA, &encRndA, key->data);
else if (algo == 1)
des_dec(&encRndA, &encRndA, key->data);
rol(decRndA,8);
for (int x = 0; x < 8; x++) {
if (decRndA[x] != encRndA[x]) {
DbpString("Authetication failed. Cannot varify PICC.");
OnError(4);
return;
}
}
//Change the selected key to a new value.
/*
// Current key is a 3DES key, change it to a DES key
if (algo == 2) {
cmd[0] = CHANGE_KEY;
cmd[1] = keyno;
uint8_t newKey[16] = {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77};
uint8_t first, second;
uint8_t buff1[8] = {0x00};
uint8_t buff2[8] = {0x00};
uint8_t buff3[8] = {0x00};
memcpy(buff1,newKey, 8);
memcpy(buff2,newKey + 8, 8);
ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
memcpy(buff3, &first, 1);
memcpy(buff3 + 1, &second, 1);
tdes_dec(&buff1, &buff1, skey->data);
memcpy(cmd+2,buff1,8);
for (int x = 0; x < 8; x++) {
buff2[x] = buff2[x] ^ buff1[x];
}
tdes_dec(&buff2, &buff2, skey->data);
memcpy(cmd+10,buff2,8);
for (int x = 0; x < 8; x++) {
buff3[x] = buff3[x] ^ buff2[x];
}
tdes_dec(&buff3, &buff3, skey->data);
memcpy(cmd+18,buff3,8);
// The command always times out on the first attempt, this will retry until a response
// is recieved.
len = 0;
while(!len) {
len = DesfireAPDU(cmd,26,resp);
}
} else {
// Current key is a DES key, change it to a 3DES key
if (algo == 1) {
cmd[0] = CHANGE_KEY;
cmd[1] = keyno;
uint8_t newKey[16] = {0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f};
uint8_t first, second;
uint8_t buff1[8] = {0x00};
uint8_t buff2[8] = {0x00};
uint8_t buff3[8] = {0x00};
memcpy(buff1,newKey, 8);
memcpy(buff2,newKey + 8, 8);
ComputeCrc14443(CRC_14443_A, newKey, 16, &first, &second);
memcpy(buff3, &first, 1);
memcpy(buff3 + 1, &second, 1);
des_dec(&buff1, &buff1, skey->data);
memcpy(cmd+2,buff1,8);
for (int x = 0; x < 8; x++) {
buff2[x] = buff2[x] ^ buff1[x];
}
des_dec(&buff2, &buff2, skey->data);
memcpy(cmd+10,buff2,8);
for (int x = 0; x < 8; x++) {
buff3[x] = buff3[x] ^ buff2[x];
}
des_dec(&buff3, &buff3, skey->data);
memcpy(cmd+18,buff3,8);
// The command always times out on the first attempt, this will retry until a response
// is recieved.
len = 0;
while(!len) {
len = DesfireAPDU(cmd,26,resp);
}
}
}
*/
OnSuccess();
if (algo == 2)
cmd_send(CMD_ACK,1,0,0,skey->data,16);
else if (algo == 1)
cmd_send(CMD_ACK,1,0,0,skey->data,8);
} else {
DbpString("Authetication failed.");
OnError(6);
return;
}
}
break;
case 2:
//SendDesfireCommand(AUTHENTICATE_ISO, &keyno, resp);
break;
case 3:{
//defaultkey
uint8_t keybytes[16] = {0x00};
if (datain[1] == 0xff){
memcpy(keybytes,PICC_MASTER_KEY16,16);
} else{
memcpy(keybytes, datain+1, datalen);
}
struct desfire_key defaultkey = {0x00};
desfirekey_t key = &defaultkey;
Desfire_aes_key_new( keybytes, key);
AesCtx ctx;
if ( AesCtxIni(&ctx, IV, key->data, KEY128, CBC) < 0 ){
if( MF_DBGLEVEL >= 4) {
Dbprintf("AES context failed to init");
}
OnError(7);
return;
}
cmd[0] = AUTHENTICATE_AES;
cmd[1] = 0x00; //keynumber
len = DesfireAPDU(cmd, 2, resp);
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
memcpy( encRndB, resp+3, 16);
// dekryptera tagnonce.
AesDecrypt(&ctx, encRndB, decRndB, 16);
rol(decRndB,16);
memcpy(both, nonce,16);
memcpy(both+16, decRndB ,16 );
AesEncrypt(&ctx, both, encBoth, 32 );
cmd[0] = ADDITIONAL_FRAME;
memcpy(cmd+1, encBoth, 32 );
len = DesfireAPDU(cmd, 33, resp); // 1 + 32 == 33
if ( !len ) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
DbpString("Authentication failed. Card timeout.");
}
OnError(3);
return;
}
if ( resp[2] == 0x00 ){
// Create AES Session key
struct desfire_key sessionKey = {0};
desfirekey_t skey = &sessionKey;
Desfire_session_key_new( nonce, decRndB , key, skey );
print_result("SESSION : ", skey->data, 16);
} else {
DbpString("Authetication failed.");
OnError(7);
return;
}
break;
}
}
OnSuccess();
cmd_send(CMD_ACK,1,len,0,resp,len);
}
int main(int argc, char **argv)
{
int run_help = 0;
int run_version = 0;
char proc[256];
char path[256];
pid_t pid = getpid();
sprintf(proc, "/proc/%d/exe", pid);
if (readlink(proc, path, 256) == -1) {
fprintf(stderr, "failed to read execution path from /proc\n");
return 1;
}
if (strcmp(path, "/usr/sbin/bolo") == 0)
return cmd_aggregator(argc, argc, argv);
int i;
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-h") == 0
|| strcmp(argv[i], "-?") == 0
|| strcmp(argv[i], "--help") == 0) {
run_help = 1;
continue;
}
if (strcmp(argv[i], "-V") == 0
|| strcmp(argv[i], "--version") == 0) {
run_version = 1;
continue;
}
if (argv[i][0] == '-') {
fprintf(stderr, "Invalid option `%s'\n", argv[i]);
return 1;
}
break;
}
if (run_help) return cmd_help(i, argc, argv);
if (run_version) return cmd_version(i, argc, argv);
if (i == argc) return cmd_help(i, argc, argv);
if (strcmp(argv[i], "help") == 0)
return cmd_help(i, argc, argv);
if (strcmp(argv[i], "version") == 0)
return cmd_version(i, argc, argv);
if (strcmp(argv[i], "aggr") == 0
|| strcmp(argv[i], "aggregator") == 0)
return cmd_aggregator(i, argc, argv);
if (strcmp(argv[i], "cache") == 0)
return cmd_cache(i, argc, argv);
if (strcmp(argv[i], "forget") == 0)
return cmd_forget(i, argc, argv);
if (strcmp(argv[i], "name") == 0)
return cmd_name(i, argc, argv);
if (strcmp(argv[i], "query") == 0)
return cmd_query(i, argc, argv);
if (strcmp(argv[i], "send") == 0)
return cmd_send(i, argc, argv);
if (strcmp(argv[i], "spy") == 0)
return cmd_spy(i, argc, argv);
if (strcmp(argv[i], "tail") == 0)
return cmd_tail(i, argc, argv);
fprintf(stderr, "Unrecognized command `%s'. See bolo --help.\n", argv[i]);
return 1;
}
//-----------------------------------------------------------------------------
// Acquire one encrypted PACE nonce
//-----------------------------------------------------------------------------
void EPA_PACE_Collect_Nonce(UsbCommand *c)
{
/*
* ack layout:
* arg:
* 1. element
* step where the error occured or 0 if no error occured
* 2. element
* return code of the last executed function
* d:
* Encrypted nonce
*/
// return value of a function
int func_return;
// // initialize ack with 0s
// memset(ack->arg, 0, 12);
// memset(ack->d.asBytes, 0, 48);
// set up communication
func_return = EPA_Setup();
if (func_return != 0) {
EPA_PACE_Collect_Nonce_Abort(1, func_return);
return;
}
// increase the timeout (at least some cards really do need this!)
iso14a_set_timeout(0x0002FFFF);
// read the CardAccess file
// this array will hold the CardAccess file
uint8_t card_access[256] = {0};
int card_access_length = EPA_Read_CardAccess(card_access, 256);
// the response has to be at least this big to hold the OID
if (card_access_length < 18) {
EPA_PACE_Collect_Nonce_Abort(2, card_access_length);
return;
}
// this will hold the PACE info of the card
pace_version_info_t pace_version_info;
// search for the PACE OID
func_return = EPA_Parse_CardAccess(card_access,
card_access_length,
&pace_version_info);
if (func_return != 0 || pace_version_info.version == 0) {
EPA_PACE_Collect_Nonce_Abort(3, func_return);
return;
}
// initiate the PACE protocol
// use the CAN for the password since that doesn't change
func_return = EPA_PACE_MSE_Set_AT(pace_version_info, 2);
// now get the nonce
uint8_t nonce[256] = {0};
uint8_t requested_size = (uint8_t)c->arg[0];
func_return = EPA_PACE_Get_Nonce(requested_size, nonce);
// check if the command succeeded
if (func_return < 0)
{
EPA_PACE_Collect_Nonce_Abort(4, func_return);
return;
}
// all done, return
EPA_Finish();
// save received information
// ack->arg[1] = func_return;
// memcpy(ack->d.asBytes, nonce, func_return);
// UsbSendPacket((void *)ack, sizeof(UsbCommand));
cmd_send(CMD_ACK,0,func_return,0,nonce,func_return);
}
cmd_res_t cmd_lic(char *args)
{
cmd_send("GPL");
return CMD_SILENT;
}
cmd_res_t cmd_fwv(char *args)
{
cmd_send(FW_VERSION);
return CMD_SILENT;
}
cmd_response_t
cmd_run(struct worker *w, struct http_client *client,
const char *uri, size_t uri_len,
const char *body, size_t body_len) {
char *qmark = memchr(uri, '?', uri_len);
char *slash;
const char *p, *cmd_name = uri;
int cmd_len;
int param_count = 0, cur_param = 1;
struct cmd *cmd;
formatting_fun f_format;
/* count arguments */
if(qmark) {
uri_len = qmark - uri;
}
for(p = uri; p && p < uri + uri_len; param_count++) {
p = memchr(p+1, '/', uri_len - (p+1-uri));
}
if(body && body_len) { /* PUT request */
param_count++;
}
if(param_count == 0) {
return CMD_PARAM_ERROR;
}
cmd = cmd_new(param_count);
cmd->fd = client->fd;
cmd->database = w->s->cfg->database;
/* get output formatting function */
uri_len = cmd_select_format(client, cmd, uri, uri_len, &f_format);
/* add HTTP info */
cmd_setup(cmd, client);
/* check if we only have one command or more. */
slash = memchr(uri, '/', uri_len);
if(slash) {
/* detect DB number by checking if first arg is only numbers */
int has_db = 1;
int db_num = 0;
for(p = uri; p < slash; ++p) {
if(*p < '0' || *p > '9') {
has_db = 0;
break;
}
db_num = db_num * 10 + (*p - '0');
}
/* shift to next arg if a db was set up */
if(has_db) {
char *next;
cmd->database = db_num;
cmd->count--; /* overcounted earlier */
cmd_name = slash + 1;
if((next = memchr(cmd_name, '/', uri_len - (slash - uri)))) {
cmd_len = next - cmd_name;
} else {
cmd_len = uri_len - (slash - uri + 1);
}
} else {
cmd_len = slash - uri;
}
} else {
cmd_len = uri_len;
}
/* there is always a first parameter, it's the command name */
cmd->argv[0] = malloc(cmd_len);
memcpy(cmd->argv[0], cmd_name, cmd_len);
cmd->argv_len[0] = cmd_len;
/* check that the client is able to run this command */
if(!acl_allow_command(cmd, w->s->cfg, client)) {
cmd_free(cmd);
return CMD_ACL_FAIL;
}
if(cmd_is_subscribe(cmd)) {
/* create a new connection to Redis */
cmd->ac = (redisAsyncContext*)pool_connect(w->pool, cmd->database, 0);
/* register with the client, used upon disconnection */
client->pub_sub = cmd;
cmd->pub_sub_client = client;
} else if(cmd->database != w->s->cfg->database) {
/* create a new connection to Redis for custom DBs */
cmd->ac = (redisAsyncContext*)pool_connect(w->pool, cmd->database, 0);
} else {
/* get a connection from the pool */
cmd->ac = (redisAsyncContext*)pool_get_context(w->pool);
}
/* no args (e.g. INFO command) */
if(!slash) {
if(!cmd->ac) {
cmd_free(cmd);
return CMD_REDIS_UNAVAIL;
}
redisAsyncCommandArgv(cmd->ac, f_format, cmd, 1,
(const char **)cmd->argv, cmd->argv_len);
return CMD_SENT;
}
p = cmd_name + cmd_len + 1;
while(p < uri + uri_len) {
const char *arg = p;
int arg_len;
char *next = memchr(arg, '/', uri_len - (arg-uri));
if(!next || next > uri + uri_len) { /* last argument */
p = uri + uri_len;
arg_len = p - arg;
} else { /* found a slash */
arg_len = next - arg;
p = next + 1;
}
/* record argument */
cmd->argv[cur_param] = decode_uri(arg, arg_len, &cmd->argv_len[cur_param], 1);
cur_param++;
}
if(body && body_len) { /* PUT request */
cmd->argv[cur_param] = malloc(body_len);
memcpy(cmd->argv[cur_param], body, body_len);
cmd->argv_len[cur_param] = body_len;
}
/* send it off! */
if(cmd->ac) {
cmd_send(cmd, f_format);
return CMD_SENT;
}
/* failed to find a suitable connection to Redis. */
cmd_free(cmd);
client->pub_sub = NULL;
return CMD_REDIS_UNAVAIL;
}
void OnError(uint8_t reason){
cmd_send(CMD_ACK,0,reason,0,0,0);
OnSuccess();
}
//-----------------------------------------------------------------------------
// Perform the PACE protocol by replaying given APDUs
//-----------------------------------------------------------------------------
void EPA_PACE_Replay(UsbCommand *c)
{
uint32_t timings[sizeof(apdu_lengths_replay) / sizeof(apdu_lengths_replay[0])] = {0};
// if an APDU has been passed, save it
if (c->arg[0] != 0) {
// make sure it's not too big
if(c->arg[2] > apdus_replay[c->arg[0] - 1].len)
{
cmd_send(CMD_ACK, 1, 0, 0, NULL, 0);
}
memcpy(apdus_replay[c->arg[0] - 1].data + c->arg[1],
c->d.asBytes,
c->arg[2]);
// save/update APDU length
if (c->arg[1] == 0) {
apdu_lengths_replay[c->arg[0] - 1] = c->arg[2];
} else {
apdu_lengths_replay[c->arg[0] - 1] += c->arg[2];
}
cmd_send(CMD_ACK, 0, 0, 0, NULL, 0);
return;
}
// return value of a function
int func_return;
// set up communication
func_return = EPA_Setup();
if (func_return != 0) {
EPA_Finish();
cmd_send(CMD_ACK, 2, func_return, 0, NULL, 0);
return;
}
// increase the timeout (at least some cards really do need this!)/////////////
// iso14a_set_timeout(0x0003FFFF);
// response APDU
uint8_t response_apdu[300] = {0};
// now replay the data and measure the timings
for (int i = 0; i < sizeof(apdu_lengths_replay); i++) {
StartCountUS();
func_return = EPA_APDU(apdus_replay[i].data,
apdu_lengths_replay[i],
response_apdu);
timings[i] = GetCountUS();
// every step but the last one should succeed
if (i < sizeof(apdu_lengths_replay) - 1
&& (func_return < 6
|| response_apdu[func_return - 4] != 0x90
|| response_apdu[func_return - 3] != 0x00))
{
EPA_Finish();
cmd_send(CMD_ACK, 3 + i, func_return, 0, timings, 20);
return;
}
}
EPA_Finish();
cmd_send(CMD_ACK,0,0,0,timings,20);
return;
}
void ReadPCF7931() {
uint8_t Blocks[8][17];
uint8_t tmpBlocks[4][16];
int i, j, ind, ind2, n;
int num_blocks = 0;
int max_blocks = 8;
int ident = 0;
int error = 0;
int tries = 0;
memset(Blocks, 0, 8*17*sizeof(uint8_t));
do {
memset(tmpBlocks, 0, 4*16*sizeof(uint8_t));
n = DemodPCF7931((uint8_t**)tmpBlocks);
if(!n)
error++;
if(error==10 && num_blocks == 0) {
Dbprintf("Error, no tag or bad tag");
return;
}
else if (tries==20 || error==10) {
Dbprintf("Error reading the tag");
Dbprintf("Here is the partial content");
goto end;
}
for(i=0; i<n; i++)
Dbprintf("(dbg) %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
tmpBlocks[i][0], tmpBlocks[i][1], tmpBlocks[i][2], tmpBlocks[i][3], tmpBlocks[i][4], tmpBlocks[i][5], tmpBlocks[i][6], tmpBlocks[i][7],
tmpBlocks[i][8], tmpBlocks[i][9], tmpBlocks[i][10], tmpBlocks[i][11], tmpBlocks[i][12], tmpBlocks[i][13], tmpBlocks[i][14], tmpBlocks[i][15]);
if(!ident) {
for(i=0; i<n; i++) {
if(IsBlock0PCF7931(tmpBlocks[i])) {
// Found block 0 ?
if(i < n-1 && IsBlock1PCF7931(tmpBlocks[i+1])) {
// Found block 1!
// \o/
ident = 1;
memcpy(Blocks[0], tmpBlocks[i], 16);
Blocks[0][ALLOC] = 1;
memcpy(Blocks[1], tmpBlocks[i+1], 16);
Blocks[1][ALLOC] = 1;
max_blocks = MAX((Blocks[1][14] & 0x7f), Blocks[1][15]) + 1;
// Debug print
Dbprintf("(dbg) Max blocks: %d", max_blocks);
num_blocks = 2;
// Handle following blocks
for(j=i+2, ind2=2; j!=i; j++, ind2++, num_blocks++) {
if(j==n) j=0;
if(j==i) break;
memcpy(Blocks[ind2], tmpBlocks[j], 16);
Blocks[ind2][ALLOC] = 1;
}
break;
}
}
}
}
else {
for(i=0; i<n; i++) { // Look for identical block in known blocks
if(memcmp(tmpBlocks[i], "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)) { // Block is not full of 00
for(j=0; j<max_blocks; j++) {
if(Blocks[j][ALLOC] == 1 && !memcmp(tmpBlocks[i], Blocks[j], 16)) {
// Found an identical block
for(ind=i-1,ind2=j-1; ind >= 0; ind--,ind2--) {
if(ind2 < 0)
ind2 = max_blocks;
if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found
// Dbprintf("Tmp %d -> Block %d", ind, ind2);
memcpy(Blocks[ind2], tmpBlocks[ind], 16);
Blocks[ind2][ALLOC] = 1;
num_blocks++;
if(num_blocks == max_blocks) goto end;
}
}
for(ind=i+1,ind2=j+1; ind < n; ind++,ind2++) {
if(ind2 > max_blocks)
ind2 = 0;
if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found
// Dbprintf("Tmp %d -> Block %d", ind, ind2);
memcpy(Blocks[ind2], tmpBlocks[ind], 16);
Blocks[ind2][ALLOC] = 1;
num_blocks++;
if(num_blocks == max_blocks) goto end;
}
}
}
}
}
}
}
tries++;
if (BUTTON_PRESS()) return;
} while (num_blocks != max_blocks);
end:
Dbprintf("-----------------------------------------");
Dbprintf("Memory content:");
Dbprintf("-----------------------------------------");
for(i=0; i<max_blocks; i++) {
if(Blocks[i][ALLOC]==1)
Dbprintf("%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
Blocks[i][0], Blocks[i][1], Blocks[i][2], Blocks[i][3], Blocks[i][4], Blocks[i][5], Blocks[i][6], Blocks[i][7],
Blocks[i][8], Blocks[i][9], Blocks[i][10], Blocks[i][11], Blocks[i][12], Blocks[i][13], Blocks[i][14], Blocks[i][15]);
else
Dbprintf("<missing block %d>", i);
}
Dbprintf("-----------------------------------------");
cmd_send(CMD_ACK,0,0,0,0,0);
}
void MifareDesfireGetInformation(){
int len = 0;
uint8_t resp[USB_CMD_DATA_SIZE] = {0x00};
uint8_t dataout[USB_CMD_DATA_SIZE] = {0x00};
byte_t cardbuf[USB_CMD_DATA_SIZE] = {0x00};
/*
1 = PCB 1
2 = cid 2
3 = desfire command 3
4-5 = crc 4 key
5-6 crc
PCB == 0x0A because sending CID byte.
CID == 0x00 first card?
*/
clear_trace();
set_tracing(TRUE);
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
// card select - information
iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
byte_t isOK = iso14443a_select_card(NULL, card, NULL, true, 0);
if ( isOK == 0) {
if (MF_DBGLEVEL >= MF_DBG_ERROR) {
Dbprintf("Can't select card");
}
OnError(1);
return;
}
memcpy(dataout,card->uid,7);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
uint8_t cmd[] = {GET_VERSION};
size_t cmd_len = sizeof(cmd);
len = DesfireAPDU(cmd, cmd_len, resp);
if ( !len ) {
print_result("ERROR <--: ", resp, len);
OnError(2);
return;
}
LED_A_OFF();
LED_B_ON();
memcpy(dataout+7,resp+3,7);
// ADDITION_FRAME 1
cmd[0] = ADDITIONAL_FRAME;
len = DesfireAPDU(cmd, cmd_len, resp);
if ( !len ) {
print_result("ERROR <--: ", resp, len);
OnError(2);
return;
}
LED_B_OFF();
LED_C_ON();
memcpy(dataout+7+7,resp+3,7);
// ADDITION_FRAME 2
len = DesfireAPDU(cmd, cmd_len, resp);
if ( !len ) {
print_result("ERROR <--: ", resp, len);
OnError(2);
return;
}
memcpy(dataout+7+7+7,resp+3,14);
cmd_send(CMD_ACK,1,0,0,dataout,sizeof(dataout));
// reset the pcb_blocknum,
pcb_blocknum = 0;
OnSuccess();
}
