Merge branch 'ofw_dev' into dev [ci skip]

This commit is contained in:
MX 2024-02-09 22:04:24 +03:00
commit 5b97ddc842
No known key found for this signature in database
GPG key ID: 7CCC66B7DBDD1C83
44 changed files with 1698 additions and 137 deletions

View file

@ -0,0 +1,59 @@
/* gallagher_util.c - Utilities for parsing Gallagher cards (New Zealand).
* Author: Nick Mooney (nick@mooney.nz)
*
* Reference: https://github.com/megabug/gallagher-research
*/
#include "gallagher_util.h"
#define GALLAGHER_CREDENTIAL_SECTOR 15
/* The Gallagher obfuscation algorithm is a 256-byte substitution table. The below array is generated from
* https://github.com/megabug/gallagher-research/blob/master/formats/cardholder/substitution-table.bin.
*/
const uint8_t GALLAGHER_DECODE_TABLE[256] = {
0x2f, 0x6e, 0xdd, 0xdf, 0x1d, 0xf, 0xb0, 0x76, 0xad, 0xaf, 0x7f, 0xbb, 0x77, 0x85, 0x11,
0x6d, 0xf4, 0xd2, 0x84, 0x42, 0xeb, 0xf7, 0x34, 0x55, 0x4a, 0x3a, 0x10, 0x71, 0xe7, 0xa1,
0x62, 0x1a, 0x3e, 0x4c, 0x14, 0xd3, 0x5e, 0xb2, 0x7d, 0x56, 0xbc, 0x27, 0x82, 0x60, 0xe3,
0xae, 0x1f, 0x9b, 0xaa, 0x2b, 0x95, 0x49, 0x73, 0xe1, 0x92, 0x79, 0x91, 0x38, 0x6c, 0x19,
0xe, 0xa9, 0xe2, 0x8d, 0x66, 0xc7, 0x5a, 0xf5, 0x1c, 0x80, 0x99, 0xbe, 0x4e, 0x41, 0xf0,
0xe8, 0xa6, 0x20, 0xab, 0x87, 0xc8, 0x1e, 0xa0, 0x59, 0x7b, 0xc, 0xc3, 0x3c, 0x61, 0xcc,
0x40, 0x9e, 0x6, 0x52, 0x1b, 0x32, 0x8c, 0x12, 0x93, 0xbf, 0xef, 0x3b, 0x25, 0xd, 0xc2,
0x88, 0xd1, 0xe0, 0x7, 0x2d, 0x70, 0xc6, 0x29, 0x6a, 0x4d, 0x47, 0x26, 0xa3, 0xe4, 0x8b,
0xf6, 0x97, 0x2c, 0x5d, 0x3d, 0xd7, 0x96, 0x28, 0x2, 0x8, 0x30, 0xa7, 0x22, 0xc9, 0x65,
0xf8, 0xb7, 0xb4, 0x8a, 0xca, 0xb9, 0xf2, 0xd0, 0x17, 0xff, 0x46, 0xfb, 0x9a, 0xba, 0x8f,
0xb6, 0x69, 0x68, 0x8e, 0x21, 0x6f, 0xc4, 0xcb, 0xb3, 0xce, 0x51, 0xd4, 0x81, 0x0, 0x2e,
0x9c, 0x74, 0x63, 0x45, 0xd9, 0x16, 0x35, 0x5f, 0xed, 0x78, 0x9f, 0x1, 0x48, 0x4, 0xc1,
0x33, 0xd6, 0x4f, 0x94, 0xde, 0x31, 0x9d, 0xa, 0xac, 0x18, 0x4b, 0xcd, 0x98, 0xb8, 0x37,
0xa2, 0x83, 0xec, 0x3, 0xd8, 0xda, 0xe5, 0x7a, 0x6b, 0x53, 0xd5, 0x15, 0xa4, 0x43, 0xe9,
0x90, 0x67, 0x58, 0xc0, 0xa5, 0xfa, 0x2a, 0xb1, 0x75, 0x50, 0x39, 0x5c, 0xe6, 0xdc, 0x89,
0xfc, 0xcf, 0xfe, 0xf9, 0x57, 0x54, 0x64, 0xa8, 0xee, 0x23, 0xb, 0xf1, 0xea, 0xfd, 0xdb,
0xbd, 0x9, 0xb5, 0x5b, 0x5, 0x86, 0x13, 0xf3, 0x24, 0xc5, 0x3f, 0x44, 0x72, 0x7c, 0x7e,
0x36};
// The second block of a Gallagher credential sector is the literal
// "www.cardax.com " (note two padding spaces)
const uint8_t GALLAGHER_CARDAX_ASCII[MF_CLASSIC_BLOCK_SIZE] =
{'w', 'w', 'w', '.', 'c', 'a', 'r', 'd', 'a', 'x', '.', 'c', 'o', 'm', ' ', ' '};
/* Precondition: cardholder_data_obfuscated points to at least 8 safe-to-read bytes of memory.
*/
void gallagher_deobfuscate_and_parse_credential(
GallagherCredential* credential,
const uint8_t* cardholder_data_obfuscated) {
uint8_t cardholder_data_deobfuscated[8];
for(int i = 0; i < 8; i++) {
cardholder_data_deobfuscated[i] = GALLAGHER_DECODE_TABLE[cardholder_data_obfuscated[i]];
}
// Pull out values from the deobfuscated data
credential->region = (cardholder_data_deobfuscated[3] >> 1) & 0x0F;
credential->facility = ((uint16_t)(cardholder_data_deobfuscated[5] & 0x0F) << 12) +
((uint16_t)cardholder_data_deobfuscated[1] << 4) +
(((uint16_t)cardholder_data_deobfuscated[7] >> 4) & 0x0F);
credential->card = ((uint32_t)cardholder_data_deobfuscated[0] << 16) +
((uint32_t)(cardholder_data_deobfuscated[4] & 0x1F) << 11) +
((uint32_t)cardholder_data_deobfuscated[2] << 3) +
(((uint32_t)cardholder_data_deobfuscated[3] >> 5) & 0x07);
credential->issue = cardholder_data_deobfuscated[7] & 0x0F;
}

View file

@ -0,0 +1,33 @@
/* gallagher_util.h - Utilities for parsing Gallagher cards (New Zealand).
* Author: Nick Mooney (nick@mooney.nz)
*
* Reference: https://github.com/megabug/gallagher-research
*/
#pragma once
#include <lib/nfc/protocols/mf_classic/mf_classic.h>
#define GALLAGHER_CREDENTIAL_SECTOR 15
#ifdef __cplusplus
extern "C" {
#endif
extern const uint8_t GALLAGHER_DECODE_TABLE[256];
extern const uint8_t GALLAGHER_CARDAX_ASCII[MF_CLASSIC_BLOCK_SIZE];
typedef struct GallagherCredential {
uint8_t region;
uint8_t issue;
uint16_t facility;
uint32_t card;
} GallagherCredential;
void gallagher_deobfuscate_and_parse_credential(
GallagherCredential* credential,
const uint8_t* cardholder_data_obfuscated);
#ifdef __cplusplus
}
#endif

View file

@ -0,0 +1,9 @@
#pragma once
#include <flipper_application/api_hashtable/api_hashtable.h>
/*
* Resolver interface with private application's symbols.
* Implementation is contained in app_api_table.c
*/
extern const ElfApiInterface* const nfc_application_api_interface;

View file

@ -0,0 +1,27 @@
#include <flipper_application/api_hashtable/api_hashtable.h>
#include <flipper_application/api_hashtable/compilesort.hpp>
/*
* This file contains an implementation of a symbol table
* with private app's symbols. It is used by composite API resolver
* to load plugins that use internal application's APIs.
*/
#include "nfc_app_api_table_i.h"
static_assert(!has_hash_collisions(nfc_app_api_table), "Detected API method hash collision!");
constexpr HashtableApiInterface nfc_application_hashtable_api_interface{
{
.api_version_major = 0,
.api_version_minor = 0,
/* generic resolver using pre-sorted array */
.resolver_callback = &elf_resolve_from_hashtable,
},
/* pointers to application's API table boundaries */
.table_cbegin = nfc_app_api_table.cbegin(),
.table_cend = nfc_app_api_table.cend(),
};
/* Casting to generic resolver to use in Composite API resolver */
extern "C" const ElfApiInterface* const nfc_application_api_interface =
&nfc_application_hashtable_api_interface;

View file

@ -0,0 +1,13 @@
#include "gallagher/gallagher_util.h"
/*
* A list of app's private functions and objects to expose for plugins.
* It is used to generate a table of symbols for import resolver to use.
* TBD: automatically generate this table from app's header files
*/
static constexpr auto nfc_app_api_table = sort(create_array_t<sym_entry>(
API_METHOD(
gallagher_deobfuscate_and_parse_credential,
void,
(GallagherCredential * credential, const uint8_t* cardholder_data_obfuscated)),
API_VARIABLE(GALLAGHER_CARDAX_ASCII, const uint8_t*)));

View file

@ -9,7 +9,7 @@ App(
order=30, order=30,
resources="resources", resources="resources",
sources=[ sources=[
"*.c", "*.c*",
"!plugins", "!plugins",
"!nfc_cli.c", "!nfc_cli.c",
], ],
@ -29,6 +29,33 @@ App(
sources=["plugins/supported_cards/all_in_one.c"], sources=["plugins/supported_cards/all_in_one.c"],
) )
App(
appid="microel_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="microel_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/microel.c"],
)
App(
appid="mizip_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="mizip_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/mizip.c"],
)
App(
appid="hi_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="hi_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/hi.c"],
)
App( App(
appid="opal_parser", appid="opal_parser",
apptype=FlipperAppType.PLUGIN, apptype=FlipperAppType.PLUGIN,
@ -155,6 +182,15 @@ App(
sources=["plugins/supported_cards/zolotaya_korona_online.c"], sources=["plugins/supported_cards/zolotaya_korona_online.c"],
) )
App(
appid="gallagher_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="gallagher_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/gallagher.c"],
)
App( App(
appid="clipper_parser", appid="clipper_parser",
apptype=FlipperAppType.PLUGIN, apptype=FlipperAppType.PLUGIN,

View file

@ -1,9 +1,11 @@
#include "nfc_supported_cards.h" #include "nfc_supported_cards.h"
#include "../api/nfc_app_api_interface.h"
#include "../plugins/supported_cards/nfc_supported_card_plugin.h" #include "../plugins/supported_cards/nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h> #include <flipper_application/flipper_application.h>
#include <flipper_application/plugins/plugin_manager.h> #include <flipper_application/plugins/plugin_manager.h>
#include <flipper_application/plugins/composite_resolver.h>
#include <loader/firmware_api/firmware_api.h> #include <loader/firmware_api/firmware_api.h>
#include <furi.h> #include <furi.h>
@ -45,6 +47,7 @@ typedef struct {
} NfcSupportedCardsLoadContext; } NfcSupportedCardsLoadContext;
struct NfcSupportedCards { struct NfcSupportedCards {
CompositeApiResolver* api_resolver;
NfcSupportedCardsPluginCache_t plugins_cache_arr; NfcSupportedCardsPluginCache_t plugins_cache_arr;
NfcSupportedCardsLoadState load_state; NfcSupportedCardsLoadState load_state;
NfcSupportedCardsLoadContext* load_context; NfcSupportedCardsLoadContext* load_context;
@ -52,6 +55,11 @@ struct NfcSupportedCards {
NfcSupportedCards* nfc_supported_cards_alloc() { NfcSupportedCards* nfc_supported_cards_alloc() {
NfcSupportedCards* instance = malloc(sizeof(NfcSupportedCards)); NfcSupportedCards* instance = malloc(sizeof(NfcSupportedCards));
instance->api_resolver = composite_api_resolver_alloc();
composite_api_resolver_add(instance->api_resolver, firmware_api_interface);
composite_api_resolver_add(instance->api_resolver, nfc_application_api_interface);
NfcSupportedCardsPluginCache_init(instance->plugins_cache_arr); NfcSupportedCardsPluginCache_init(instance->plugins_cache_arr);
return instance; return instance;
@ -67,8 +75,9 @@ void nfc_supported_cards_free(NfcSupportedCards* instance) {
NfcSupportedCardsPluginCache* plugin_cache = NfcSupportedCardsPluginCache_ref(iter); NfcSupportedCardsPluginCache* plugin_cache = NfcSupportedCardsPluginCache_ref(iter);
furi_string_free(plugin_cache->path); furi_string_free(plugin_cache->path);
} }
NfcSupportedCardsPluginCache_clear(instance->plugins_cache_arr); NfcSupportedCardsPluginCache_clear(instance->plugins_cache_arr);
composite_api_resolver_free(instance->api_resolver);
free(instance); free(instance);
} }
@ -100,15 +109,17 @@ static void nfc_supported_cards_load_context_free(NfcSupportedCardsLoadContext*
free(instance); free(instance);
} }
static const NfcSupportedCardsPlugin* static const NfcSupportedCardsPlugin* nfc_supported_cards_get_plugin(
nfc_supported_cards_get_plugin(NfcSupportedCardsLoadContext* instance, FuriString* path) { NfcSupportedCardsLoadContext* instance,
const FuriString* path,
const ElfApiInterface* api_interface) {
furi_assert(instance); furi_assert(instance);
furi_assert(path); furi_assert(path);
const NfcSupportedCardsPlugin* plugin = NULL; const NfcSupportedCardsPlugin* plugin = NULL;
do { do {
if(instance->app) flipper_application_free(instance->app); if(instance->app) flipper_application_free(instance->app);
instance->app = flipper_application_alloc(instance->storage, firmware_api_interface); instance->app = flipper_application_alloc(instance->storage, api_interface);
if(flipper_application_preload(instance->app, furi_string_get_cstr(path)) != if(flipper_application_preload(instance->app, furi_string_get_cstr(path)) !=
FlipperApplicationPreloadStatusSuccess) FlipperApplicationPreloadStatusSuccess)
break; break;
@ -129,8 +140,9 @@ static const NfcSupportedCardsPlugin*
return plugin; return plugin;
} }
static const NfcSupportedCardsPlugin* static const NfcSupportedCardsPlugin* nfc_supported_cards_get_next_plugin(
nfc_supported_cards_get_next_plugin(NfcSupportedCardsLoadContext* instance) { NfcSupportedCardsLoadContext* instance,
const ElfApiInterface* api_interface) {
const NfcSupportedCardsPlugin* plugin = NULL; const NfcSupportedCardsPlugin* plugin = NULL;
do { do {
@ -145,7 +157,7 @@ static const NfcSupportedCardsPlugin*
path_concat(NFC_SUPPORTED_CARDS_PLUGINS_PATH, instance->file_name, instance->file_path); path_concat(NFC_SUPPORTED_CARDS_PLUGINS_PATH, instance->file_name, instance->file_path);
plugin = nfc_supported_cards_get_plugin(instance, instance->file_path); plugin = nfc_supported_cards_get_plugin(instance, instance->file_path, api_interface);
} while(plugin == NULL); //-V654 } while(plugin == NULL); //-V654
return plugin; return plugin;
@ -162,8 +174,10 @@ void nfc_supported_cards_load_cache(NfcSupportedCards* instance) {
instance->load_context = nfc_supported_cards_load_context_alloc(); instance->load_context = nfc_supported_cards_load_context_alloc();
while(true) { while(true) {
const ElfApiInterface* api_interface =
composite_api_resolver_get(instance->api_resolver);
const NfcSupportedCardsPlugin* plugin = const NfcSupportedCardsPlugin* plugin =
nfc_supported_cards_get_next_plugin(instance->load_context); nfc_supported_cards_get_next_plugin(instance->load_context, api_interface);
if(plugin == NULL) break; //-V547 if(plugin == NULL) break; //-V547
NfcSupportedCardsPluginCache plugin_cache = {}; //-V779 NfcSupportedCardsPluginCache plugin_cache = {}; //-V779
@ -216,8 +230,10 @@ bool nfc_supported_cards_read(NfcSupportedCards* instance, NfcDevice* device, Nf
if(plugin_cache->protocol != protocol) continue; if(plugin_cache->protocol != protocol) continue;
if((plugin_cache->feature & NfcSupportedCardsPluginFeatureHasRead) == 0) continue; if((plugin_cache->feature & NfcSupportedCardsPluginFeatureHasRead) == 0) continue;
const NfcSupportedCardsPlugin* plugin = const ElfApiInterface* api_interface =
nfc_supported_cards_get_plugin(instance->load_context, plugin_cache->path); composite_api_resolver_get(instance->api_resolver);
const NfcSupportedCardsPlugin* plugin = nfc_supported_cards_get_plugin(
instance->load_context, plugin_cache->path, api_interface);
if(plugin == NULL) continue; if(plugin == NULL) continue;
if(plugin->verify) { if(plugin->verify) {
@ -262,8 +278,10 @@ bool nfc_supported_cards_parse(
if(plugin_cache->protocol != protocol) continue; if(plugin_cache->protocol != protocol) continue;
if((plugin_cache->feature & NfcSupportedCardsPluginFeatureHasParse) == 0) continue; if((plugin_cache->feature & NfcSupportedCardsPluginFeatureHasParse) == 0) continue;
const NfcSupportedCardsPlugin* plugin = const ElfApiInterface* api_interface =
nfc_supported_cards_get_plugin(instance->load_context, plugin_cache->path); composite_api_resolver_get(instance->api_resolver);
const NfcSupportedCardsPlugin* plugin = nfc_supported_cards_get_plugin(
instance->load_context, plugin_cache->path, api_interface);
if(plugin == NULL) continue; if(plugin == NULL) continue;
if(plugin->parse) { if(plugin->parse) {

View file

@ -199,6 +199,9 @@ static bool nfc_scene_read_menu_on_event_mf_classic(NfcApp* instance, SceneManag
} else if(event.event == SubmenuIndexDictAttack) { } else if(event.event == SubmenuIndexDictAttack) {
scene_manager_next_scene(instance->scene_manager, NfcSceneMfClassicDictAttack); scene_manager_next_scene(instance->scene_manager, NfcSceneMfClassicDictAttack);
consumed = true; consumed = true;
} else if(event.event == SubmenuIndexCommonEdit) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSetUid);
consumed = true;
} }
} }

View file

@ -266,16 +266,21 @@ static void nfc_scene_emulate_on_enter_mf_ultralight(NfcApp* instance) {
static bool nfc_scene_read_and_saved_menu_on_event_mf_ultralight( static bool nfc_scene_read_and_saved_menu_on_event_mf_ultralight(
NfcApp* instance, NfcApp* instance,
SceneManagerEvent event) { SceneManagerEvent event) {
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) { if(event.type == SceneManagerEventTypeCustom) {
if(event.event == SubmenuIndexUnlock) { if(event.event == SubmenuIndexUnlock) {
scene_manager_next_scene(instance->scene_manager, NfcSceneMfUltralightUnlockMenu); scene_manager_next_scene(instance->scene_manager, NfcSceneMfUltralightUnlockMenu);
return true; consumed = true;
} else if(event.event == SubmenuIndexWrite) { } else if(event.event == SubmenuIndexWrite) {
scene_manager_next_scene(instance->scene_manager, NfcSceneMfUltralightWrite); scene_manager_next_scene(instance->scene_manager, NfcSceneMfUltralightWrite);
return true; consumed = true;
} else if(event.event == SubmenuIndexCommonEdit) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSetUid);
consumed = true;
} }
} }
return false; return consumed;
} }
const NfcProtocolSupportBase nfc_protocol_support_mf_ultralight = { const NfcProtocolSupportBase nfc_protocol_support_mf_ultralight = {

View file

@ -233,6 +233,15 @@ static void nfc_protocol_support_scene_read_menu_on_enter(NfcApp* instance) {
nfc_protocol_support_common_submenu_callback, nfc_protocol_support_common_submenu_callback,
instance); instance);
if(scene_manager_has_previous_scene(instance->scene_manager, NfcSceneGenerateInfo)) {
submenu_add_item(
submenu,
"Change UID",
SubmenuIndexCommonEdit,
nfc_protocol_support_common_submenu_callback,
instance);
}
if(nfc_protocol_support_has_feature(protocol, NfcProtocolFeatureEmulateUid)) { if(nfc_protocol_support_has_feature(protocol, NfcProtocolFeatureEmulateUid)) {
submenu_add_item( submenu_add_item(
submenu, submenu,

View file

@ -0,0 +1,64 @@
#include "slix_unlock.h"
#include <furi/furi.h>
#define SLIX_UNLOCK_PASSWORD_NUM_MAX (2)
struct SlixUnlock {
SlixUnlockMethod method;
SlixPassword password_arr[SLIX_UNLOCK_PASSWORD_NUM_MAX];
size_t password_arr_len;
size_t password_idx;
};
static const SlixPassword tonie_box_pass_arr[] = {0x5B6EFD7F, 0x0F0F0F0F};
SlixUnlock* slix_unlock_alloc() {
SlixUnlock* instance = malloc(sizeof(SlixUnlock));
return instance;
}
void slix_unlock_free(SlixUnlock* instance) {
furi_assert(instance);
free(instance);
}
void slix_unlock_reset(SlixUnlock* instance) {
furi_assert(instance);
memset(instance, 0, sizeof(SlixUnlock));
}
void slix_unlock_set_method(SlixUnlock* instance, SlixUnlockMethod method) {
furi_assert(instance);
instance->method = method;
if(method == SlixUnlockMethodTonieBox) {
instance->password_arr_len = COUNT_OF(tonie_box_pass_arr);
memcpy(instance->password_arr, tonie_box_pass_arr, sizeof(tonie_box_pass_arr));
}
}
void slix_unlock_set_password(SlixUnlock* instance, SlixPassword password) {
furi_assert(instance);
furi_assert(instance->method == SlixUnlockMethodManual);
instance->password_arr[0] = password;
instance->password_arr_len = 1;
}
bool slix_unlock_get_next_password(SlixUnlock* instance, SlixPassword* password) {
furi_assert(instance);
furi_assert(password);
bool password_set = false;
if(instance->password_arr_len) {
*password = instance->password_arr[instance->password_idx++];
instance->password_idx %= instance->password_arr_len;
password_set = true;
}
return password_set;
}

View file

@ -0,0 +1,30 @@
#pragma once
#include <nfc/protocols/slix/slix.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
SlixUnlockMethodManual,
SlixUnlockMethodTonieBox,
} SlixUnlockMethod;
typedef struct SlixUnlock SlixUnlock;
SlixUnlock* slix_unlock_alloc();
void slix_unlock_free(SlixUnlock* instance);
void slix_unlock_reset(SlixUnlock* instance);
void slix_unlock_set_method(SlixUnlock* instance, SlixUnlockMethod method);
void slix_unlock_set_password(SlixUnlock* instance, SlixPassword password);
bool slix_unlock_get_next_password(SlixUnlock* instance, SlixPassword* password);
#ifdef __cplusplus
}
#endif

View file

@ -51,6 +51,7 @@ NfcApp* nfc_app_alloc() {
instance->nfc = nfc_alloc(); instance->nfc = nfc_alloc();
instance->mf_ul_auth = mf_ultralight_auth_alloc(); instance->mf_ul_auth = mf_ultralight_auth_alloc();
instance->slix_unlock = slix_unlock_alloc();
instance->mfc_key_cache = mf_classic_key_cache_alloc(); instance->mfc_key_cache = mf_classic_key_cache_alloc();
instance->nfc_supported_cards = nfc_supported_cards_alloc(); instance->nfc_supported_cards = nfc_supported_cards_alloc();
@ -141,6 +142,7 @@ void nfc_app_free(NfcApp* instance) {
nfc_free(instance->nfc); nfc_free(instance->nfc);
mf_ultralight_auth_free(instance->mf_ul_auth); mf_ultralight_auth_free(instance->mf_ul_auth);
slix_unlock_free(instance->slix_unlock);
mf_classic_key_cache_free(instance->mfc_key_cache); mf_classic_key_cache_free(instance->mfc_key_cache);
nfc_supported_cards_free(instance->nfc_supported_cards); nfc_supported_cards_free(instance->nfc_supported_cards);

View file

@ -33,6 +33,7 @@
#include "helpers/nfc_emv_parser.h" #include "helpers/nfc_emv_parser.h"
#include "helpers/mf_classic_key_cache.h" #include "helpers/mf_classic_key_cache.h"
#include "helpers/nfc_supported_cards.h" #include "helpers/nfc_supported_cards.h"
#include "helpers/slix_unlock.h"
#include <dialogs/dialogs.h> #include <dialogs/dialogs.h>
#include <storage/storage.h> #include <storage/storage.h>
@ -130,6 +131,7 @@ struct NfcApp {
NfcListener* listener; NfcListener* listener;
MfUltralightAuth* mf_ul_auth; MfUltralightAuth* mf_ul_auth;
SlixUnlock* slix_unlock;
NfcMfClassicDictAttackContext nfc_dict_context; NfcMfClassicDictAttackContext nfc_dict_context;
Mfkey32Logger* mfkey32_logger; Mfkey32Logger* mfkey32_logger;
MfUserDict* mf_user_dict; MfUserDict* mf_user_dict;

View file

@ -0,0 +1,87 @@
/* gallagher.c - NFC supported cards plugin for Gallagher access control cards (New Zealand).
* Author: Nick Mooney (nick@mooney.nz)
*
* Reference: https://github.com/megabug/gallagher-research
*/
#include "nfc_supported_card_plugin.h"
#include "../../api/gallagher/gallagher_util.h"
#include <flipper_application/flipper_application.h>
#include <nfc/protocols/mf_classic/mf_classic.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <nfc/helpers/nfc_util.h>
static bool gallagher_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
if(!(data->type == MfClassicType1k || data->type == MfClassicType4k)) {
return false;
}
// It's possible for a single tag to contain multiple credentials,
// but this is currently unimplementecd.
const uint8_t credential_sector_start_block_number =
mf_classic_get_first_block_num_of_sector(GALLAGHER_CREDENTIAL_SECTOR);
// Test 1: The first 8 bytes and the second 8 bytes should be bitwise inverses.
const uint8_t* credential_block_start_ptr =
&data->block[credential_sector_start_block_number].data[0];
uint64_t cardholder_credential = nfc_util_bytes2num(credential_block_start_ptr, 8);
uint64_t cardholder_credential_inverse = nfc_util_bytes2num(credential_block_start_ptr + 8, 8);
// Due to endianness, this is testing the bytes in the wrong order,
// but the result still should be correct.
if(cardholder_credential != ~cardholder_credential_inverse) {
return false;
}
// Test 2: The contents of the second block should be equal to the GALLAGHER_CARDAX_ASCII constant.
const uint8_t* cardax_block_start_ptr =
&data->block[credential_sector_start_block_number + 1].data[0];
if(memcmp(cardax_block_start_ptr, GALLAGHER_CARDAX_ASCII, MF_CLASSIC_BLOCK_SIZE) != 0) {
return false;
}
// Deobfuscate the credential data
GallagherCredential credential;
gallagher_deobfuscate_and_parse_credential(&credential, credential_block_start_ptr);
char display_region = 'A';
// Per https://github.com/megabug/gallagher-research/blob/master/formats/cardholder/cardholder.md,
// regions are generally A-P.
if(credential.region < 16) {
display_region = display_region + (char)credential.region;
} else {
display_region = '?';
}
furi_string_cat_printf(
parsed_data,
"\e#Gallagher NZ\nFacility %c%u\nCard %lu (IL %u)",
display_region,
credential.facility,
credential.card,
credential.issue);
return true;
}
static const NfcSupportedCardsPlugin gallagher_plugin = {
.protocol = NfcProtocolMfClassic,
.verify = NULL,
.read = NULL,
.parse = gallagher_parse,
};
static const FlipperAppPluginDescriptor gallagher_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &gallagher_plugin,
};
/* Plugin entry point */
const FlipperAppPluginDescriptor* gallagher_plugin_ep() {
return &gallagher_plugin_descriptor;
}

View file

@ -0,0 +1,226 @@
#include "nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h>
#include <nfc/nfc_device.h>
#include <nfc/helpers/nfc_util.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <stdint.h>
#define TAG "HI!"
#define KEY_LENGTH 6
#define HI_KEY_TO_GEN 5
#define UID_LENGTH 7
typedef struct {
uint64_t a;
uint64_t b;
} MfClassicKeyPair;
typedef struct {
MfClassicKeyPair* keys;
uint32_t verify_sector;
} HiCardConfig;
static MfClassicKeyPair hi_1k_keys[] = {
{.a = 0xa0a1a2a3a4a5, .b = 0x30871CF60CF1}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0x000000000000, .b = 0x000000000000}, // 002
{.a = 0x000000000000, .b = 0x000000000000}, // 003
{.a = 0x000000000000, .b = 0x000000000000}, // 004
{.a = 0x42FFE4C76209, .b = 0x7B30CFD04CBD}, // 005
{.a = 0x01ED8145BDF8, .b = 0x92257F472FCE}, // 006
{.a = 0x7583A07D21A6, .b = 0x51CA6EA8EE26}, // 007
{.a = 0x1E10BF5D6A1D, .b = 0x87B9B9BFABA6}, // 008
{.a = 0xF9DB1B2B21BA, .b = 0x80A781F4134C}, // 009
{.a = 0x7F5283FACB72, .b = 0x73250009D75A}, // 010
{.a = 0xE48E86A03078, .b = 0xCFFBBF08A254}, // 011
{.a = 0x39AB26301F60, .b = 0xC71A6E532C83}, // 012
{.a = 0xAD656C6C639F, .b = 0xFD9819CBD20A}, // 013
{.a = 0xF0E15160DB3E, .b = 0x3F622D515ADD}, // 014
{.a = 0x03F44E033C42, .b = 0x61E897875F46}, // 015
};
//KDF
void hi_generate_key(uint8_t* uid, uint8_t keyA[5][KEY_LENGTH], uint8_t keyB[5][KEY_LENGTH]) {
// Static XOR table for key generation
static const uint8_t xor_table_keyB[4][6] = {
{0x1F, 0xC4, 0x4D, 0x94, 0x6A, 0x31},
{0x12, 0xC1, 0x5C, 0x70, 0xDF, 0x31},
{0x56, 0xF0, 0x13, 0x1B, 0x63, 0xF2},
{0x4E, 0xFA, 0xC2, 0xF8, 0xC9, 0xCC}};
static const uint8_t xor_table_keyA[4][6] = {
{0xB6, 0xE6, 0xAE, 0x72, 0x91, 0x0D},
{0x6D, 0x38, 0x50, 0xFB, 0x42, 0x89},
{0x1E, 0x5F, 0xC7, 0xED, 0xAA, 0x02},
{0x7E, 0xB9, 0xCA, 0xF1, 0x9C, 0x59}};
// Permutation table for rearranging elements in uid
static const uint8_t xorOrderA[6] = {0, 1, 2, 3, 0, 2};
static const uint8_t xorOrderB[6] = {1, 3, 3, 2, 1, 0};
// Generate key based on uid and XOR table
for(uint8_t j = 1; j < 5; j++) {
for(uint8_t i = 0; i < 6; i++) {
keyA[j][i] = uid[xorOrderA[i]] ^ xor_table_keyA[j - 1][i];
keyB[j][i] = uid[xorOrderB[i]] ^ xor_table_keyB[j - 1][i];
}
}
}
static bool hi_get_card_config(HiCardConfig* config, MfClassicType type) {
bool success = true;
if(type == MfClassicType1k) {
config->verify_sector = 0;
config->keys = hi_1k_keys;
} else {
success = false;
}
return success;
}
static bool hi_verify_type(Nfc* nfc, MfClassicType type) {
bool verified = false;
do {
HiCardConfig cfg = {};
if(!hi_get_card_config(&cfg, type)) break;
const uint8_t block_num = mf_classic_get_first_block_num_of_sector(cfg.verify_sector);
FURI_LOG_D(TAG, "Verifying sector %lu", cfg.verify_sector);
MfClassicKey key = {0};
nfc_util_num2bytes(cfg.keys[cfg.verify_sector].b, COUNT_OF(key.data), key.data);
MfClassicAuthContext auth_context;
MfClassicError error =
mf_classic_poller_sync_auth(nfc, block_num, &key, MfClassicKeyTypeB, &auth_context);
if(error != MfClassicErrorNone) {
FURI_LOG_D(
TAG, "Failed to read block %u: %d, this is not a HI card", block_num, error);
break;
}
FURI_LOG_D(TAG, "Found a HI Card");
verified = true;
} while(false);
return verified;
}
static bool hi_verify(Nfc* nfc) {
return hi_verify_type(nfc, MfClassicType1k);
}
static bool hi_read(Nfc* nfc, NfcDevice* device) {
FURI_LOG_D(TAG, "Entering HI KDF");
furi_assert(nfc);
furi_assert(device);
bool is_read = false;
MfClassicData* data = mf_classic_alloc();
nfc_device_copy_data(device, NfcProtocolMfClassic, data);
do {
MfClassicType type = MfClassicType1k;
MfClassicError error = mf_classic_poller_sync_detect_type(nfc, &type);
if(error != MfClassicErrorNone) break;
HiCardConfig cfg = {};
if(!hi_get_card_config(&cfg, data->type)) break;
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
uint8_t keyA[HI_KEY_TO_GEN][KEY_LENGTH];
uint8_t keyB[HI_KEY_TO_GEN][KEY_LENGTH];
hi_generate_key(uid, keyA, keyB);
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
if(cfg.keys[i].a == 0x000000000000 && cfg.keys[i].b == 0x000000000000) {
cfg.keys[i].a = nfc_util_bytes2num(keyA[i], KEY_LENGTH);
cfg.keys[i].b = nfc_util_bytes2num(keyB[i], KEY_LENGTH);
}
}
MfClassicDeviceKeys keys = {};
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
nfc_util_num2bytes(cfg.keys[i].a, sizeof(MfClassicKey), keys.key_a[i].data);
FURI_BIT_SET(keys.key_a_mask, i);
nfc_util_num2bytes(cfg.keys[i].b, sizeof(MfClassicKey), keys.key_b[i].data);
FURI_BIT_SET(keys.key_b_mask, i);
}
error = mf_classic_poller_sync_read(nfc, &keys, data);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "Failed to read data");
break;
}
nfc_device_set_data(device, NfcProtocolMfClassic, data);
is_read = mf_classic_is_card_read(data);
} while(false);
mf_classic_free(data);
return is_read;
}
static bool hi_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
bool parsed = false;
do {
// Verify card type
HiCardConfig cfg = {};
if(!hi_get_card_config(&cfg, data->type)) break;
// Verify key
MfClassicSectorTrailer* sec_tr =
mf_classic_get_sector_trailer_by_sector(data, cfg.verify_sector);
uint64_t key = nfc_util_bytes2num(sec_tr->key_b.data, 6);
if(key != cfg.keys[cfg.verify_sector].b) return false;
//Get UID
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
//parse data
furi_string_cat_printf(parsed_data, "\e#HI! Card\n");
furi_string_cat_printf(parsed_data, "UID:");
for(size_t i = 0; i < UID_LENGTH; i++) {
furi_string_cat_printf(parsed_data, " %02X", uid[i]);
}
furi_string_cat_printf(parsed_data, "\n");
parsed = true;
} while(false);
return parsed;
}
/* Actual implementation of app<>plugin interface */
static const NfcSupportedCardsPlugin hi_plugin = {
.protocol = NfcProtocolMfClassic,
.verify = hi_verify,
.read = hi_read,
.parse = hi_parse,
};
/* Plugin descriptor to comply with basic plugin specification */
static const FlipperAppPluginDescriptor hi_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &hi_plugin,
};
/* Plugin entry point - must return a pointer to const descriptor */
const FlipperAppPluginDescriptor* hi_plugin_ep() {
return &hi_plugin_descriptor;
}

View file

@ -0,0 +1,228 @@
#include "nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h>
#include <nfc/nfc_device.h>
#include <nfc/helpers/nfc_util.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <stdint.h>
#define TAG "Microel"
#define KEY_LENGTH 6
#define UID_LENGTH 4
typedef struct {
uint64_t a;
uint64_t b;
} MfClassicKeyPair;
static MfClassicKeyPair microel_1k_keys[] = {
{.a = 0x000000000000, .b = 0x000000000000}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 002
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 003
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 004
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 005
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 006
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 007
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 008
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 009
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 010
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 011
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 012
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 013
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 014
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 015
};
const uint8_t verify_sector = 1;
void calculateSumHex(const uint8_t* uid, size_t uidSize, uint8_t sumHex[]) {
const uint8_t xorKey[] = {0x01, 0x92, 0xA7, 0x75, 0x2B, 0xF9};
int sum = 0;
for(size_t i = 0; i < uidSize; i++) {
sum += uid[i];
}
int sumTwoDigits = sum % 256;
if(sumTwoDigits % 2 == 1) {
sumTwoDigits += 2;
}
for(size_t i = 0; i < sizeof(xorKey); i++) {
sumHex[i] = sumTwoDigits ^ xorKey[i];
}
}
void generateKeyA(const uint8_t* uid, uint8_t uidSize, uint8_t keyA[]) {
uint8_t sumHex[6];
calculateSumHex(uid, uidSize, sumHex);
uint8_t firstCharacter = (sumHex[0] >> 4) & 0xF;
if(firstCharacter == 0x2 || firstCharacter == 0x3 || firstCharacter == 0xA ||
firstCharacter == 0xB) {
// XOR WITH 0x40
for(size_t i = 0; i < sizeof(sumHex); i++) {
keyA[i] = 0x40 ^ sumHex[i];
}
} else if(
firstCharacter == 0x6 || firstCharacter == 0x7 || firstCharacter == 0xE ||
firstCharacter == 0xF) {
// XOR WITH 0xC0
for(size_t i = 0; i < sizeof(sumHex); i++) {
keyA[i] = 0xC0 ^ sumHex[i];
}
} else {
//Key a is the same as sumHex
for(size_t i = 0; i < sizeof(sumHex); i++) {
keyA[i] = sumHex[i];
}
}
}
void generateKeyB(uint8_t keyA[], size_t keyASize, uint8_t keyB[]) {
for(size_t i = 0; i < keyASize; i++) {
keyB[i] = 0xFF ^ keyA[i];
}
}
static bool microel_read(Nfc* nfc, NfcDevice* device) {
FURI_LOG_D(TAG, "Entering Microel KDF");
furi_assert(nfc);
furi_assert(device);
bool is_read = false;
MfClassicData* data = mf_classic_alloc();
nfc_device_copy_data(device, NfcProtocolMfClassic, data);
do {
MfClassicType type = MfClassicType1k;
MfClassicError error = mf_classic_poller_sync_detect_type(nfc, &type);
if(error != MfClassicErrorNone) break;
//Get UID and check if it is 4 bytes
size_t uid_len;
const uint8_t* uid = mf_classic_get_uid(data, &uid_len);
FURI_LOG_D(TAG, "UID identified: %02X%02X%02X%02X", uid[0], uid[1], uid[2], uid[3]);
if(uid_len != UID_LENGTH) break;
// Generate keys
uint8_t keyA[KEY_LENGTH];
uint8_t keyB[KEY_LENGTH];
generateKeyA(uid, UID_LENGTH, keyA);
generateKeyB(keyA, KEY_LENGTH, keyB);
// Check key 0a to verify if it is a microel card
MfClassicKey key = {0};
nfc_util_num2bytes(nfc_util_bytes2num(keyA, KEY_LENGTH), COUNT_OF(key.data), key.data);
const uint8_t block_num = mf_classic_get_first_block_num_of_sector(0); // This is 0
MfClassicAuthContext auth_context;
error =
mf_classic_poller_sync_auth(nfc, block_num, &key, MfClassicKeyTypeA, &auth_context);
if(error != MfClassicErrorNone) {
break;
}
// Save keys generated to stucture
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
if(microel_1k_keys[i].a == 0x000000000000) {
microel_1k_keys[i].a = nfc_util_bytes2num(keyA, KEY_LENGTH);
}
if(microel_1k_keys[i].b == 0x000000000000) {
microel_1k_keys[i].b = nfc_util_bytes2num(keyB, KEY_LENGTH);
}
}
MfClassicDeviceKeys keys = {};
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
nfc_util_num2bytes(microel_1k_keys[i].a, sizeof(MfClassicKey), keys.key_a[i].data);
FURI_BIT_SET(keys.key_a_mask, i);
nfc_util_num2bytes(microel_1k_keys[i].b, sizeof(MfClassicKey), keys.key_b[i].data);
FURI_BIT_SET(keys.key_b_mask, i);
}
error = mf_classic_poller_sync_read(nfc, &keys, data);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "Failed to read data");
break;
}
nfc_device_set_data(device, NfcProtocolMfClassic, data);
is_read = mf_classic_is_card_read(data);
} while(false);
mf_classic_free(data);
return is_read;
}
static bool microel_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
bool parsed = false;
do {
//Get UID
size_t uid_len;
const uint8_t* uid = mf_classic_get_uid(data, &uid_len);
if(uid_len != UID_LENGTH) break;
// Generate key from uid
uint8_t keyA[KEY_LENGTH];
generateKeyA(uid, UID_LENGTH, keyA);
// Verify key
MfClassicSectorTrailer* sec_tr =
mf_classic_get_sector_trailer_by_sector(data, verify_sector);
uint64_t key = nfc_util_bytes2num(sec_tr->key_a.data, 6);
uint64_t key_for_check_from_array = nfc_util_bytes2num(keyA, KEY_LENGTH);
if(key != key_for_check_from_array) break;
//Get credit in block number 8
const uint8_t* temp_ptr = data->block[4].data;
uint16_t balance = (temp_ptr[6] << 8) | (temp_ptr[5]);
uint16_t previus_balance = (data->block[5].data[6] << 8) | (data->block[5].data[5]);
furi_string_cat_printf(parsed_data, "\e#Microel Card\n");
furi_string_cat_printf(parsed_data, "UID:");
for(size_t i = 0; i < UID_LENGTH; i++) {
furi_string_cat_printf(parsed_data, " %02X", uid[i]);
}
furi_string_cat_printf(
parsed_data, "\nCurrent Credit: %d.%02d E \n", balance / 100, balance % 100);
furi_string_cat_printf(
parsed_data,
"Previus Credit: %d.%02d E \n",
previus_balance / 100,
previus_balance % 100);
parsed = true;
} while(false);
return parsed;
}
/* Actual implementation of app<>plugin interface */
static const NfcSupportedCardsPlugin microel_plugin = {
.protocol = NfcProtocolMfClassic,
.verify =
NULL, // the verification I need is based on verifying the keys generated via uid and try to authenticate not like on mizip that there is default b0 but added verify in read function
.read = microel_read,
.parse = microel_parse,
};
/* Plugin descriptor to comply with basic plugin specification */
static const FlipperAppPluginDescriptor microel_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &microel_plugin,
};
/* Plugin entry point - must return a pointer to const descriptor */
const FlipperAppPluginDescriptor* microel_plugin_ep() {
return &microel_plugin_descriptor;
}

View file

@ -0,0 +1,257 @@
#include "nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h>
#include <nfc/nfc_device.h>
#include <nfc/helpers/nfc_util.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <stdint.h>
#define TAG "MiZIP"
#define KEY_LENGTH 6
#define MIZIP_KEY_TO_GEN 5
#define UID_LENGTH 4
typedef struct {
uint64_t a;
uint64_t b;
} MfClassicKeyPair;
typedef struct {
MfClassicKeyPair* keys;
uint32_t verify_sector;
} MizipCardConfig;
static MfClassicKeyPair mizip_1k_keys[] = {
{.a = 0xa0a1a2a3a4a5, .b = 0xb4c132439eef}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0x000000000000, .b = 0x000000000000}, // 002
{.a = 0x000000000000, .b = 0x000000000000}, // 003
{.a = 0x000000000000, .b = 0x000000000000}, // 004
{.a = 0x0222179AB995, .b = 0x13321774F9B5}, // 005
{.a = 0xB25CBD76A7B4, .b = 0x7571359B4274}, // 006
{.a = 0xDA857B4907CC, .b = 0xD26B856175F7}, // 007
{.a = 0x16D85830C443, .b = 0x8F790871A21E}, // 008
{.a = 0x88BD5098FC82, .b = 0xFCD0D77745E4}, // 009
{.a = 0x983349449D78, .b = 0xEA2631FBDEDD}, // 010
{.a = 0xC599F962F3D9, .b = 0x949B70C14845}, // 011
{.a = 0x72E668846BE8, .b = 0x45490B5AD707}, // 012
{.a = 0xBCA105E5685E, .b = 0x248DAF9D674D}, // 013
{.a = 0x4F6FE072D1FD, .b = 0x4250A05575FA}, // 014
{.a = 0x56438ABE8152, .b = 0x59A45912B311}, // 015
};
static MfClassicKeyPair mizip_mini_keys[] = {
{.a = 0xa0a1a2a3a4a5, .b = 0xb4c132439eef}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0x000000000000, .b = 0x000000000000}, // 002
{.a = 0x000000000000, .b = 0x000000000000}, // 003
{.a = 0x000000000000, .b = 0x000000000000}, // 004
};
//KDF
void mizip_generate_key(uint8_t* uid, uint8_t keyA[5][KEY_LENGTH], uint8_t keyB[5][KEY_LENGTH]) {
// Static XOR table for key generation
static const uint8_t xor_table_keyA[4][6] = {
{0x09, 0x12, 0x5A, 0x25, 0x89, 0xE5},
{0xAB, 0x75, 0xC9, 0x37, 0x92, 0x2F},
{0xE2, 0x72, 0x41, 0xAF, 0x2C, 0x09},
{0x31, 0x7A, 0xB7, 0x2F, 0x44, 0x90}};
static const uint8_t xor_table_keyB[4][6] = {
{0xF1, 0x2C, 0x84, 0x53, 0xD8, 0x21},
{0x73, 0xE7, 0x99, 0xFE, 0x32, 0x41},
{0xAA, 0x4D, 0x13, 0x76, 0x56, 0xAE},
{0xB0, 0x13, 0x27, 0x27, 0x2D, 0xFD}};
// Permutation table for rearranging elements in uid
static const uint8_t xorOrderA[6] = {0, 1, 2, 3, 0, 1};
static const uint8_t xorOrderB[6] = {2, 3, 0, 1, 2, 3};
// Generate key based on uid and XOR table
for(uint8_t j = 1; j < 5; j++) {
for(uint8_t i = 0; i < 6; i++) {
keyA[j][i] = uid[xorOrderA[i]] ^ xor_table_keyA[j - 1][i];
keyB[j][i] = uid[xorOrderB[i]] ^ xor_table_keyB[j - 1][i];
}
}
}
static bool mizip_get_card_config(MizipCardConfig* config, MfClassicType type) {
bool success = true;
if(type == MfClassicType1k) {
config->verify_sector = 0;
config->keys = mizip_1k_keys;
} else if(type == MfClassicTypeMini) {
config->verify_sector = 0;
config->keys = mizip_mini_keys;
} else {
success = false;
}
return success;
}
static bool mizip_verify_type(Nfc* nfc, MfClassicType type) {
bool verified = false;
do {
MizipCardConfig cfg = {};
if(!mizip_get_card_config(&cfg, type)) break;
const uint8_t block_num = mf_classic_get_first_block_num_of_sector(cfg.verify_sector);
FURI_LOG_D(TAG, "Verifying sector %lu", cfg.verify_sector);
MfClassicKey key = {0};
nfc_util_num2bytes(cfg.keys[cfg.verify_sector].b, COUNT_OF(key.data), key.data);
MfClassicAuthContext auth_context;
MfClassicError error =
mf_classic_poller_sync_auth(nfc, block_num, &key, MfClassicKeyTypeB, &auth_context);
if(error != MfClassicErrorNone) {
FURI_LOG_D(
TAG, "Failed to read block %u: %d, this is not a MiZIP card", block_num, error);
break;
}
FURI_LOG_D(TAG, "Found a MiZIP Card");
verified = true;
} while(false);
return verified;
}
static bool mizip_verify(Nfc* nfc) {
return mizip_verify_type(nfc, MfClassicType1k) || mizip_verify_type(nfc, MfClassicTypeMini);
}
static bool mizip_read(Nfc* nfc, NfcDevice* device) {
FURI_LOG_D(TAG, "Entering MiZIP KDF");
furi_assert(nfc);
furi_assert(device);
bool is_read = false;
MfClassicData* data = mf_classic_alloc();
nfc_device_copy_data(device, NfcProtocolMfClassic, data);
do {
MfClassicType type = MfClassicTypeMini;
MfClassicError error = mf_classic_poller_sync_detect_type(nfc, &type);
if(error != MfClassicErrorNone) break;
//temp fix but fix mf_classic_poller_sync_detect_type because view type mfclassic1k and not verify mfmini
data->type = MfClassicTypeMini;
MizipCardConfig cfg = {};
if(!mizip_get_card_config(&cfg, data->type)) break;
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
uint8_t keyA[MIZIP_KEY_TO_GEN][KEY_LENGTH];
uint8_t keyB[MIZIP_KEY_TO_GEN][KEY_LENGTH];
mizip_generate_key(uid, keyA, keyB);
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
if(cfg.keys[i].a == 0x000000000000 && cfg.keys[i].b == 0x000000000000) {
cfg.keys[i].a = nfc_util_bytes2num(keyA[i], KEY_LENGTH);
cfg.keys[i].b = nfc_util_bytes2num(keyB[i], KEY_LENGTH);
}
}
MfClassicDeviceKeys keys = {};
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
nfc_util_num2bytes(cfg.keys[i].a, sizeof(MfClassicKey), keys.key_a[i].data);
FURI_BIT_SET(keys.key_a_mask, i);
nfc_util_num2bytes(cfg.keys[i].b, sizeof(MfClassicKey), keys.key_b[i].data);
FURI_BIT_SET(keys.key_b_mask, i);
}
error = mf_classic_poller_sync_read(nfc, &keys, data);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "Failed to read data");
break;
}
nfc_device_set_data(device, NfcProtocolMfClassic, data);
is_read = mf_classic_is_card_read(data);
} while(false);
mf_classic_free(data);
return is_read;
}
static bool mizip_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
bool parsed = false;
do {
// Verify card type
MizipCardConfig cfg = {};
if(!mizip_get_card_config(&cfg, data->type)) break;
// Verify key
MfClassicSectorTrailer* sec_tr =
mf_classic_get_sector_trailer_by_sector(data, cfg.verify_sector);
uint64_t key = nfc_util_bytes2num(sec_tr->key_b.data, 6);
if(key != cfg.keys[cfg.verify_sector].b) return false;
//Get UID
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
//Get credit
uint8_t credit_pointer = 0x08;
uint8_t previus_credit_pointer = 0x09;
if(data->block[10].data[0] == 0x55) {
credit_pointer = 0x09;
previus_credit_pointer = 0x08;
}
uint16_t balance = (data->block[credit_pointer].data[2] << 8) |
(data->block[credit_pointer].data[1]);
uint16_t previus_balance = (data->block[previus_credit_pointer].data[2] << 8) |
(data->block[previus_credit_pointer].data[1]);
//parse data
furi_string_cat_printf(parsed_data, "\e#MiZIP Card\n");
furi_string_cat_printf(parsed_data, "UID:");
for(size_t i = 0; i < UID_LENGTH; i++) {
furi_string_cat_printf(parsed_data, " %02X", uid[i]);
}
furi_string_cat_printf(
parsed_data, "\nCurrent Credit: %d.%02d E \n", balance / 100, balance % 100);
furi_string_cat_printf(
parsed_data,
"Previus Credit: %d.%02d E \n",
previus_balance / 100,
previus_balance % 100);
parsed = true;
} while(false);
return parsed;
}
/* Actual implementation of app<>plugin interface */
static const NfcSupportedCardsPlugin mizip_plugin = {
.protocol = NfcProtocolMfClassic,
.verify = mizip_verify,
.read = mizip_read,
.parse = mizip_parse,
};
/* Plugin descriptor to comply with basic plugin specification */
static const FlipperAppPluginDescriptor mizip_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &mizip_plugin,
};
/* Plugin entry point - must return a pointer to const descriptor */
const FlipperAppPluginDescriptor* mizip_plugin_ep() {
return &mizip_plugin_descriptor;
}

View file

@ -61,4 +61,9 @@ ADD_SCENE(nfc, set_sak, SetSak)
ADD_SCENE(nfc, set_atqa, SetAtqa) ADD_SCENE(nfc, set_atqa, SetAtqa)
ADD_SCENE(nfc, set_uid, SetUid) ADD_SCENE(nfc, set_uid, SetUid)
ADD_SCENE(nfc, slix_unlock_menu, SlixUnlockMenu)
ADD_SCENE(nfc, slix_key_input, SlixKeyInput)
ADD_SCENE(nfc, slix_unlock, SlixUnlock)
ADD_SCENE(nfc, slix_unlock_success, SlixUnlockSuccess)
ADD_SCENE(nfc, generate_info, GenerateInfo) ADD_SCENE(nfc, generate_info, GenerateInfo)

View file

@ -4,6 +4,7 @@ enum SubmenuIndex {
SubmenuIndexReadCardType, SubmenuIndexReadCardType,
SubmenuIndexMfClassicKeys, SubmenuIndexMfClassicKeys,
SubmenuIndexMfUltralightUnlock, SubmenuIndexMfUltralightUnlock,
SubmenuIndexSlixUnlock,
}; };
void nfc_scene_extra_actions_submenu_callback(void* context, uint32_t index) { void nfc_scene_extra_actions_submenu_callback(void* context, uint32_t index) {
@ -34,6 +35,12 @@ void nfc_scene_extra_actions_on_enter(void* context) {
SubmenuIndexMfUltralightUnlock, SubmenuIndexMfUltralightUnlock,
nfc_scene_extra_actions_submenu_callback, nfc_scene_extra_actions_submenu_callback,
instance); instance);
submenu_add_item(
submenu,
"Unlock SLIX-L",
SubmenuIndexSlixUnlock,
nfc_scene_extra_actions_submenu_callback,
instance);
submenu_set_selected_item( submenu_set_selected_item(
submenu, scene_manager_get_scene_state(instance->scene_manager, NfcSceneExtraActions)); submenu, scene_manager_get_scene_state(instance->scene_manager, NfcSceneExtraActions));
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewMenu); view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewMenu);
@ -54,6 +61,9 @@ bool nfc_scene_extra_actions_on_event(void* context, SceneManagerEvent event) {
} else if(event.event == SubmenuIndexReadCardType) { } else if(event.event == SubmenuIndexReadCardType) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSelectProtocol); scene_manager_next_scene(instance->scene_manager, NfcSceneSelectProtocol);
consumed = true; consumed = true;
} else if(event.event == SubmenuIndexSlixUnlock) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlockMenu);
consumed = true;
} }
scene_manager_set_scene_state(instance->scene_manager, NfcSceneExtraActions, event.event); scene_manager_set_scene_state(instance->scene_manager, NfcSceneExtraActions, event.event);
} }

View file

@ -28,7 +28,11 @@ bool nfc_scene_retry_confirm_on_event(void* context, SceneManagerEvent event) {
if(event.event == DialogExResultRight) { if(event.event == DialogExResultRight) {
consumed = scene_manager_previous_scene(nfc->scene_manager); consumed = scene_manager_previous_scene(nfc->scene_manager);
} else if(event.event == DialogExResultLeft) { } else if(event.event == DialogExResultLeft) {
if(scene_manager_has_previous_scene(nfc->scene_manager, NfcSceneMfClassicDictAttack)) { if(scene_manager_has_previous_scene(nfc->scene_manager, NfcSceneSlixUnlock)) {
consumed = scene_manager_search_and_switch_to_previous_scene(
nfc->scene_manager, NfcSceneSlixUnlock);
} else if(scene_manager_has_previous_scene(
nfc->scene_manager, NfcSceneMfClassicDictAttack)) {
consumed = scene_manager_search_and_switch_to_previous_scene( consumed = scene_manager_search_and_switch_to_previous_scene(
nfc->scene_manager, NfcSceneMfClassicDictAttack); nfc->scene_manager, NfcSceneMfClassicDictAttack);
} else if(scene_manager_has_previous_scene( } else if(scene_manager_has_previous_scene(

View file

@ -44,6 +44,10 @@ bool nfc_scene_set_uid_on_event(void* context, SceneManagerEvent event) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSaveSuccess); scene_manager_next_scene(instance->scene_manager, NfcSceneSaveSuccess);
consumed = true; consumed = true;
} }
} else if(scene_manager_has_previous_scene(instance->scene_manager, NfcSceneReadMenu)) {
scene_manager_search_and_switch_to_previous_scene(
instance->scene_manager, NfcSceneReadMenu);
consumed = true;
} else { } else {
scene_manager_next_scene(instance->scene_manager, NfcSceneSaveName); scene_manager_next_scene(instance->scene_manager, NfcSceneSaveName);
consumed = true; consumed = true;

View file

@ -0,0 +1,48 @@
#include "../nfc_app_i.h"
#include <nfc/helpers/nfc_util.h>
void nfc_scene_slix_key_input_byte_input_callback(void* context) {
NfcApp* instance = context;
SlixPassword password = nfc_util_bytes2num(instance->byte_input_store, sizeof(SlixPassword));
slix_unlock_set_password(instance->slix_unlock, password);
view_dispatcher_send_custom_event(instance->view_dispatcher, NfcCustomEventByteInputDone);
}
void nfc_scene_slix_key_input_on_enter(void* context) {
NfcApp* instance = context;
// Setup view
ByteInput* byte_input = instance->byte_input;
byte_input_set_header_text(byte_input, "Enter the password in hex");
byte_input_set_result_callback(
byte_input,
nfc_scene_slix_key_input_byte_input_callback,
NULL,
instance,
instance->byte_input_store,
sizeof(SlixPassword));
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewByteInput);
}
bool nfc_scene_slix_key_input_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == NfcCustomEventByteInputDone) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlock);
consumed = true;
}
}
return consumed;
}
void nfc_scene_slix_key_input_on_exit(void* context) {
NfcApp* instance = context;
// Clear view
byte_input_set_result_callback(instance->byte_input, NULL, NULL, NULL, NULL, 0);
byte_input_set_header_text(instance->byte_input, "");
}

View file

@ -0,0 +1,70 @@
#include "../nfc_app_i.h"
#include <nfc/protocols/slix/slix_poller.h>
NfcCommand nfc_scene_slix_unlock_worker_callback(NfcGenericEvent event, void* context) {
furi_assert(event.protocol == NfcProtocolSlix);
NfcCommand command = NfcCommandContinue;
NfcApp* instance = context;
SlixPollerEvent* slix_event = event.event_data;
if(slix_event->type == SlixPollerEventTypePrivacyUnlockRequest) {
SlixPassword pwd = 0;
bool get_password_success = slix_unlock_get_next_password(instance->slix_unlock, &pwd);
slix_event->data->privacy_password.password = pwd;
slix_event->data->privacy_password.password_set = get_password_success;
} else if(slix_event->type == SlixPollerEventTypeError) {
view_dispatcher_send_custom_event(instance->view_dispatcher, NfcCustomEventPollerFailure);
} else if(slix_event->type == SlixPollerEventTypeReady) {
nfc_device_set_data(
instance->nfc_device, NfcProtocolSlix, nfc_poller_get_data(instance->poller));
view_dispatcher_send_custom_event(instance->view_dispatcher, NfcCustomEventPollerSuccess);
command = NfcCommandStop;
}
return command;
}
void nfc_scene_slix_unlock_on_enter(void* context) {
NfcApp* instance = context;
popup_set_icon(instance->popup, 0, 8, &I_NFC_manual_60x50);
popup_set_header(instance->popup, "Unlocking", 97, 15, AlignCenter, AlignTop);
popup_set_text(
instance->popup, "Apply card to\nFlipper's back", 97, 27, AlignCenter, AlignTop);
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewPopup);
instance->poller = nfc_poller_alloc(instance->nfc, NfcProtocolSlix);
nfc_poller_start(instance->poller, nfc_scene_slix_unlock_worker_callback, instance);
}
bool nfc_scene_slix_unlock_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
UNUSED(instance);
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == NfcCustomEventPollerFailure) {
consumed = true;
} else if(event.event == NfcCustomEventPollerSuccess) {
notification_message(instance->notifications, &sequence_success);
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlockSuccess);
consumed = true;
}
} else if(event.type == SceneManagerEventTypeBack) {
consumed = scene_manager_search_and_switch_to_previous_scene(
instance->scene_manager, NfcSceneSlixUnlockMenu);
}
return consumed;
}
void nfc_scene_slix_unlock_on_exit(void* context) {
NfcApp* instance = context;
nfc_poller_stop(instance->poller);
nfc_poller_free(instance->poller);
popup_reset(instance->popup);
}

View file

@ -0,0 +1,60 @@
#include "../nfc_app_i.h"
enum SubmenuIndex {
SubmenuIndexSlixUnlockMenuManual,
SubmenuIndexSlixUnlockMenuTonieBox,
};
void nfc_scene_slix_unlock_menu_submenu_callback(void* context, uint32_t index) {
NfcApp* instance = context;
view_dispatcher_send_custom_event(instance->view_dispatcher, index);
}
void nfc_scene_slix_unlock_menu_on_enter(void* context) {
NfcApp* instance = context;
Submenu* submenu = instance->submenu;
uint32_t state =
scene_manager_get_scene_state(instance->scene_manager, NfcSceneSlixUnlockMenu);
submenu_add_item(
submenu,
"Enter Password Manually",
SubmenuIndexSlixUnlockMenuManual,
nfc_scene_slix_unlock_menu_submenu_callback,
instance);
submenu_add_item(
submenu,
"Auth As TommyBox",
SubmenuIndexSlixUnlockMenuTonieBox,
nfc_scene_slix_unlock_menu_submenu_callback,
instance);
submenu_set_selected_item(submenu, state);
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewMenu);
}
bool nfc_scene_slix_unlock_menu_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == SubmenuIndexSlixUnlockMenuManual) {
slix_unlock_set_method(instance->slix_unlock, SlixUnlockMethodManual);
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixKeyInput);
consumed = true;
} else if(event.event == SubmenuIndexSlixUnlockMenuTonieBox) {
slix_unlock_set_method(instance->slix_unlock, SlixUnlockMethodTonieBox);
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlock);
consumed = true;
}
scene_manager_set_scene_state(
instance->scene_manager, NfcSceneSlixUnlockMenu, event.event);
}
return consumed;
}
void nfc_scene_slix_unlock_menu_on_exit(void* context) {
NfcApp* instance = context;
submenu_reset(instance->submenu);
}

View file

@ -0,0 +1,71 @@
#include "../nfc_app_i.h"
static void nfc_scene_slix_unlock_success_widget_callback(
GuiButtonType result,
InputType type,
void* context) {
NfcApp* instance = context;
if(type == InputTypeShort) {
view_dispatcher_send_custom_event(instance->view_dispatcher, result);
}
}
void nfc_scene_slix_unlock_success_on_enter(void* context) {
NfcApp* instance = context;
Widget* widget = instance->widget;
widget_add_string_element(widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "SLIX Unlocked!");
FuriString* temp_str = furi_string_alloc_set_str("UID:");
size_t uid_len = 0;
const uint8_t* uid = nfc_device_get_uid(instance->nfc_device, &uid_len);
for(size_t i = 0; i < uid_len; i++) {
furi_string_cat_printf(temp_str, " %02X", uid[i]);
}
furi_string_cat_printf(temp_str, "\nPrivacy Mode: Disabled");
widget_add_string_multiline_element(
widget, 0, 12, AlignLeft, AlignTop, FontSecondary, furi_string_get_cstr(temp_str));
furi_string_free(temp_str);
widget_add_button_element(
widget,
GuiButtonTypeLeft,
"Retry",
nfc_scene_slix_unlock_success_widget_callback,
instance);
widget_add_button_element(
widget,
GuiButtonTypeRight,
"More",
nfc_scene_slix_unlock_success_widget_callback,
instance);
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewWidget);
}
bool nfc_scene_slix_unlock_success_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == GuiButtonTypeLeft) {
scene_manager_next_scene(instance->scene_manager, NfcSceneRetryConfirm);
consumed = true;
} else if(event.event == GuiButtonTypeRight) {
scene_manager_next_scene(instance->scene_manager, NfcSceneReadMenu);
consumed = true;
}
} else if(event.type == SceneManagerEventTypeBack) {
scene_manager_next_scene(instance->scene_manager, NfcSceneExitConfirm);
consumed = true;
}
return consumed;
}
void nfc_scene_slix_unlock_success_on_exit(void* context) {
NfcApp* instance = context;
widget_reset(instance->widget);
}

View file

@ -6,6 +6,8 @@
#define TAG "CliSrv" #define TAG "CliSrv"
#define CLI_INPUT_LEN_LIMIT 256
Cli* cli_alloc() { Cli* cli_alloc() {
Cli* cli = malloc(sizeof(Cli)); Cli* cli = malloc(sizeof(Cli));
@ -356,7 +358,9 @@ void cli_process_input(Cli* cli) {
cli_handle_backspace(cli); cli_handle_backspace(cli);
} else if(in_chr == CliSymbolAsciiCR) { } else if(in_chr == CliSymbolAsciiCR) {
cli_handle_enter(cli); cli_handle_enter(cli);
} else if(in_chr >= 0x20 && in_chr < 0x7F) { //-V560 } else if(
(in_chr >= 0x20 && in_chr < 0x7F) && //-V560
(furi_string_size(cli->line) < CLI_INPUT_LEN_LIMIT)) {
if(cli->cursor_position == furi_string_size(cli->line)) { if(cli->cursor_position == furi_string_size(cli->line)) {
furi_string_push_back(cli->line, in_chr); furi_string_push_back(cli->line, in_chr);
cli_putc(cli, in_chr); cli_putc(cli, in_chr);

View file

@ -67,17 +67,22 @@ void furi_timer_free(FuriTimer* instance) {
callb = (TimerCallback_t*)pvTimerGetTimerID(hTimer); callb = (TimerCallback_t*)pvTimerGetTimerID(hTimer);
furi_check(xTimerDelete(hTimer, portMAX_DELAY) == pdPASS);
while(furi_timer_is_running(instance)) furi_delay_tick(2);
if((uint32_t)callb & 1U) { if((uint32_t)callb & 1U) {
/* If callback memory was allocated, it is only safe to free it with
* the timer inactive. Send a stop command and wait for the timer to
* be in an inactive state.
*/
furi_check(xTimerStop(hTimer, portMAX_DELAY) == pdPASS);
while(furi_timer_is_running(instance)) furi_delay_tick(2);
/* Callback memory was allocated from dynamic pool, clear flag */ /* Callback memory was allocated from dynamic pool, clear flag */
callb = (TimerCallback_t*)((uint32_t)callb & ~1U); callb = (TimerCallback_t*)((uint32_t)callb & ~1U);
/* Return allocated memory to dynamic pool */ /* Return allocated memory to dynamic pool */
free(callb); free(callb);
} }
furi_check(xTimerDelete(hTimer, portMAX_DELAY) == pdPASS);
} }
FuriStatus furi_timer_start(FuriTimer* instance, uint32_t ticks) { FuriStatus furi_timer_start(FuriTimer* instance, uint32_t ticks) {
@ -170,4 +175,4 @@ void furi_timer_set_thread_priority(FuriTimerThreadPriority priority) {
} else { } else {
furi_crash(); furi_crash();
} }
} }

View file

@ -21,7 +21,7 @@ bool elf_resolve_from_hashtable(
auto find_res = auto find_res =
std::lower_bound(hashtable_interface->table_cbegin, hashtable_interface->table_cend, key); std::lower_bound(hashtable_interface->table_cbegin, hashtable_interface->table_cend, key);
if((find_res == hashtable_interface->table_cend || (find_res->hash != hash))) { if((find_res == hashtable_interface->table_cend || (find_res->hash != hash))) {
FURI_LOG_W( FURI_LOG_T(
TAG, "Can't find symbol with hash %lx @ %p!", hash, hashtable_interface->table_cbegin); TAG, "Can't find symbol with hash %lx @ %p!", hash, hashtable_interface->table_cbegin);
result = false; result = false;
} else { } else {

View file

@ -35,26 +35,16 @@ static void nfc_generate_mf_ul_uid(uint8_t* uid) {
} }
static void nfc_generate_mf_ul_common(MfUltralightData* mfu_data) { static void nfc_generate_mf_ul_common(MfUltralightData* mfu_data) {
uint8_t uid[7];
mfu_data->iso14443_3a_data->uid_len = 7; mfu_data->iso14443_3a_data->uid_len = 7;
nfc_generate_mf_ul_uid(mfu_data->iso14443_3a_data->uid); nfc_generate_mf_ul_uid(uid);
mf_ultralight_set_uid(mfu_data, uid, 7);
mfu_data->iso14443_3a_data->atqa[0] = 0x44; mfu_data->iso14443_3a_data->atqa[0] = 0x44;
mfu_data->iso14443_3a_data->atqa[1] = 0x00; mfu_data->iso14443_3a_data->atqa[1] = 0x00;
mfu_data->iso14443_3a_data->sak = 0x00; mfu_data->iso14443_3a_data->sak = 0x00;
} }
static void nfc_generate_calc_bcc(uint8_t* uid, uint8_t* bcc0, uint8_t* bcc1) {
*bcc0 = 0x88 ^ uid[0] ^ uid[1] ^ uid[2];
*bcc1 = uid[3] ^ uid[4] ^ uid[5] ^ uid[6];
}
static void nfc_generate_mf_ul_copy_uid_with_bcc(MfUltralightData* mfu_data) {
memcpy(mfu_data->page[0].data, mfu_data->iso14443_3a_data->uid, 3);
memcpy(mfu_data->page[1].data, &mfu_data->iso14443_3a_data->uid[3], 4);
nfc_generate_calc_bcc(
mfu_data->iso14443_3a_data->uid, &mfu_data->page[0].data[3], &mfu_data->page[2].data[0]);
}
static void nfc_generate_mf_ul_orig(NfcDevice* nfc_device) { static void nfc_generate_mf_ul_orig(NfcDevice* nfc_device) {
MfUltralightData* mfu_data = mf_ultralight_alloc(); MfUltralightData* mfu_data = mf_ultralight_alloc();
nfc_generate_mf_ul_common(mfu_data); nfc_generate_mf_ul_common(mfu_data);
@ -62,7 +52,6 @@ static void nfc_generate_mf_ul_orig(NfcDevice* nfc_device) {
mfu_data->type = MfUltralightTypeUnknown; mfu_data->type = MfUltralightTypeUnknown;
mfu_data->pages_total = 16; mfu_data->pages_total = 16;
mfu_data->pages_read = 16; mfu_data->pages_read = 16;
nfc_generate_mf_ul_copy_uid_with_bcc(mfu_data);
memset(&mfu_data->page[4], 0xff, sizeof(MfUltralightPage)); memset(&mfu_data->page[4], 0xff, sizeof(MfUltralightPage));
nfc_device_set_data(nfc_device, NfcProtocolMfUltralight, mfu_data); nfc_device_set_data(nfc_device, NfcProtocolMfUltralight, mfu_data);
@ -74,7 +63,7 @@ static void nfc_generate_mf_ul_with_config_common(MfUltralightData* mfu_data, ui
mfu_data->pages_total = num_pages; mfu_data->pages_total = num_pages;
mfu_data->pages_read = num_pages; mfu_data->pages_read = num_pages;
nfc_generate_mf_ul_copy_uid_with_bcc(mfu_data);
uint16_t config_index = (num_pages - 4); uint16_t config_index = (num_pages - 4);
mfu_data->page[config_index].data[0] = 0x04; // STRG_MOD_EN mfu_data->page[config_index].data[0] = 0x04; // STRG_MOD_EN
mfu_data->page[config_index].data[3] = 0xff; // AUTH0 mfu_data->page[config_index].data[3] = 0xff; // AUTH0
@ -150,7 +139,6 @@ static void nfc_generate_ntag203(NfcDevice* nfc_device) {
mfu_data->type = MfUltralightTypeNTAG203; mfu_data->type = MfUltralightTypeNTAG203;
mfu_data->pages_total = 42; mfu_data->pages_total = 42;
mfu_data->pages_read = 42; mfu_data->pages_read = 42;
nfc_generate_mf_ul_copy_uid_with_bcc(mfu_data);
mfu_data->page[2].data[1] = 0x48; // Internal byte mfu_data->page[2].data[1] = 0x48; // Internal byte
memcpy(&mfu_data->page[3], default_data_ntag203, sizeof(MfUltralightPage)); //-V1086 memcpy(&mfu_data->page[3], default_data_ntag203, sizeof(MfUltralightPage)); //-V1086
@ -379,14 +367,7 @@ static void nfc_generate_mf_classic_block_0(
furi_assert(uid_len == 4 || uid_len == 7); furi_assert(uid_len == 4 || uid_len == 7);
furi_assert(block); furi_assert(block);
if(uid_len == 4) { if(uid_len == 7) {
// Calculate BCC
block[uid_len] = 0;
for(int i = 0; i < uid_len; i++) {
block[uid_len] ^= block[i];
}
} else {
uid_len -= 1; uid_len -= 1;
} }
@ -402,14 +383,12 @@ static void nfc_generate_mf_classic_block_0(
static void nfc_generate_mf_classic(NfcDevice* nfc_device, uint8_t uid_len, MfClassicType type) { static void nfc_generate_mf_classic(NfcDevice* nfc_device, uint8_t uid_len, MfClassicType type) {
MfClassicData* mfc_data = mf_classic_alloc(); MfClassicData* mfc_data = mf_classic_alloc();
nfc_generate_mf_classic_uid(mfc_data->block[0].data, uid_len); uint8_t uid[ISO14443_3A_MAX_UID_SIZE];
nfc_generate_mf_classic_common(mfc_data, uid_len, type);
// Set the UID nfc_generate_mf_classic_uid(uid, uid_len);
mfc_data->iso14443_3a_data->uid[0] = NXP_MANUFACTURER_ID; mf_classic_set_uid(mfc_data, uid, uid_len);
for(int i = 1; i < uid_len; i++) {
mfc_data->iso14443_3a_data->uid[i] = mfc_data->block[0].data[i]; nfc_generate_mf_classic_common(mfc_data, uid_len, type);
}
mf_classic_set_block_read(mfc_data, 0, &mfc_data->block[0]); mf_classic_set_block_read(mfc_data, 0, &mfc_data->block[0]);

View file

@ -32,17 +32,7 @@ static Iso15693_3Error iso15693_3_poller_filter_error(Iso15693_3Error error) {
} }
} }
static Iso15693_3Error iso15693_3_poller_prepare_trx(Iso15693_3Poller* instance) { Iso15693_3Error iso15693_3_poller_send_frame(
furi_assert(instance);
if(instance->state == Iso15693_3PollerStateIdle) {
return iso15693_3_poller_activate(instance, NULL);
}
return Iso15693_3ErrorNone;
}
static Iso15693_3Error iso15693_3_poller_frame_exchange(
Iso15693_3Poller* instance, Iso15693_3Poller* instance,
const BitBuffer* tx_buffer, const BitBuffer* tx_buffer,
BitBuffer* rx_buffer, BitBuffer* rx_buffer,
@ -156,7 +146,7 @@ Iso15693_3Error iso15693_3_poller_inventory(Iso15693_3Poller* instance, uint8_t*
Iso15693_3Error ret; Iso15693_3Error ret;
do { do {
ret = iso15693_3_poller_frame_exchange( ret = iso15693_3_poller_send_frame(
instance, instance->tx_buffer, instance->rx_buffer, ISO15693_3_FDT_POLL_FC); instance, instance->tx_buffer, instance->rx_buffer, ISO15693_3_FDT_POLL_FC);
if(ret != Iso15693_3ErrorNone) break; if(ret != Iso15693_3ErrorNone) break;
@ -183,7 +173,7 @@ Iso15693_3Error
Iso15693_3Error ret; Iso15693_3Error ret;
do { do {
ret = iso15693_3_poller_frame_exchange( ret = iso15693_3_poller_send_frame(
instance, instance->tx_buffer, instance->rx_buffer, ISO15693_3_FDT_POLL_FC); instance, instance->tx_buffer, instance->rx_buffer, ISO15693_3_FDT_POLL_FC);
if(ret != Iso15693_3ErrorNone) break; if(ret != Iso15693_3ErrorNone) break;
@ -284,20 +274,3 @@ Iso15693_3Error iso15693_3_poller_get_blocks_security(
return ret; return ret;
} }
Iso15693_3Error iso15693_3_poller_send_frame(
Iso15693_3Poller* instance,
const BitBuffer* tx_buffer,
BitBuffer* rx_buffer,
uint32_t fwt) {
Iso15693_3Error ret;
do {
ret = iso15693_3_poller_prepare_trx(instance);
if(ret != Iso15693_3ErrorNone) break;
ret = iso15693_3_poller_frame_exchange(instance, tx_buffer, rx_buffer, fwt);
} while(false);
return ret;
}

View file

@ -346,7 +346,25 @@ const uint8_t* mf_classic_get_uid(const MfClassicData* data, size_t* uid_len) {
bool mf_classic_set_uid(MfClassicData* data, const uint8_t* uid, size_t uid_len) { bool mf_classic_set_uid(MfClassicData* data, const uint8_t* uid, size_t uid_len) {
furi_assert(data); furi_assert(data);
return iso14443_3a_set_uid(data->iso14443_3a_data, uid, uid_len); bool uid_valid = iso14443_3a_set_uid(data->iso14443_3a_data, uid, uid_len);
if(uid_valid) {
uint8_t* block = data->block[0].data;
// Copy UID to block 0
memcpy(block, data->iso14443_3a_data->uid, uid_len);
if(uid_len == 4) {
// Calculate BCC byte
block[uid_len] = 0;
for(size_t i = 0; i < uid_len; i++) {
block[uid_len] ^= block[i];
}
}
}
return uid_valid;
} }
Iso14443_3aData* mf_classic_get_base_data(const MfClassicData* data) { Iso14443_3aData* mf_classic_get_base_data(const MfClassicData* data) {

View file

@ -482,7 +482,19 @@ const uint8_t* mf_ultralight_get_uid(const MfUltralightData* data, size_t* uid_l
bool mf_ultralight_set_uid(MfUltralightData* data, const uint8_t* uid, size_t uid_len) { bool mf_ultralight_set_uid(MfUltralightData* data, const uint8_t* uid, size_t uid_len) {
furi_assert(data); furi_assert(data);
return iso14443_3a_set_uid(data->iso14443_3a_data, uid, uid_len); bool uid_valid = iso14443_3a_set_uid(data->iso14443_3a_data, uid, uid_len);
if(uid_valid) {
// Copy UID across first 2 pages
memcpy(data->page[0].data, data->iso14443_3a_data->uid, 3);
memcpy(data->page[1].data, &data->iso14443_3a_data->uid[3], 4);
// Calculate BCC bytes
data->page[0].data[3] = 0x88 ^ uid[0] ^ uid[1] ^ uid[2];
data->page[2].data[0] = uid[3] ^ uid[4] ^ uid[5] ^ uid[6];
}
return uid_valid;
} }
Iso14443_3aData* mf_ultralight_get_base_data(const MfUltralightData* data) { Iso14443_3aData* mf_ultralight_get_base_data(const MfUltralightData* data) {

View file

@ -338,7 +338,7 @@ const Iso15693_3Data* slix_get_base_data(const SlixData* data) {
} }
SlixType slix_get_type(const SlixData* data) { SlixType slix_get_type(const SlixData* data) {
SlixType type = SlixTypeCount; SlixType type = SlixTypeUnknown;
do { do {
if(iso15693_3_get_manufacturer_id(data->iso15693_3_data) != SLIX_NXP_MANUFACTURER_CODE) if(iso15693_3_get_manufacturer_id(data->iso15693_3_data) != SLIX_NXP_MANUFACTURER_CODE)

View file

@ -37,6 +37,7 @@ extern "C" {
#define SLIX_TYPE_FEATURE_EAS (1U << 4) #define SLIX_TYPE_FEATURE_EAS (1U << 4)
#define SLIX_TYPE_FEATURE_SIGNATURE (1U << 5) #define SLIX_TYPE_FEATURE_SIGNATURE (1U << 5)
#define SLIX_TYPE_FEATURE_PROTECTION (1U << 6) #define SLIX_TYPE_FEATURE_PROTECTION (1U << 6)
#define SLIX_TYPE_FEATURE_NFC_SYSTEM_INFO (1U << 7)
typedef uint32_t SlixTypeFeatures; typedef uint32_t SlixTypeFeatures;
@ -56,7 +57,9 @@ typedef enum {
SlixTypeSlixS, SlixTypeSlixS,
SlixTypeSlixL, SlixTypeSlixL,
SlixTypeSlix2, SlixTypeSlix2,
SlixTypeCount, SlixTypeCount,
SlixTypeUnknown,
} SlixType; } SlixType;
typedef enum { typedef enum {
@ -71,6 +74,7 @@ typedef enum {
typedef uint32_t SlixPassword; typedef uint32_t SlixPassword;
typedef uint8_t SlixSignature[SLIX_SIGNATURE_SIZE]; typedef uint8_t SlixSignature[SLIX_SIGNATURE_SIZE];
typedef bool SlixPrivacy; typedef bool SlixPrivacy;
typedef uint16_t SlixRandomNumber;
typedef struct { typedef struct {
uint8_t pointer; uint8_t pointer;

View file

@ -99,6 +99,33 @@ SlixError slix_read_signature_response_parse(SlixSignature data, const BitBuffer
return error; return error;
} }
SlixError slix_get_random_number_response_parse(SlixRandomNumber* data, const BitBuffer* buf) {
SlixError error = SlixErrorNone;
do {
if(slix_error_response_parse(&error, buf)) break;
typedef struct {
uint8_t flags;
uint8_t random_number[2];
} SlixGetRandomNumberResponseLayout;
const size_t size_received = bit_buffer_get_size_bytes(buf);
const size_t size_required = sizeof(SlixGetRandomNumberResponseLayout);
if(size_received != size_required) {
error = SlixErrorFormat;
break;
}
const SlixGetRandomNumberResponseLayout* response =
(const SlixGetRandomNumberResponseLayout*)bit_buffer_get_data(buf);
*data = (response->random_number[1] << 8) | response->random_number[0];
} while(false);
return error;
}
void slix_set_password(SlixData* data, SlixPasswordType password_type, SlixPassword password) { void slix_set_password(SlixData* data, SlixPasswordType password_type, SlixPassword password) {
furi_assert(data); furi_assert(data);
furi_assert(password_type < SlixPasswordTypeCount); furi_assert(password_type < SlixPasswordTypeCount);

View file

@ -48,7 +48,7 @@ extern "C" {
#define SLIX_TYPE_FEATURES_SLIX2 \ #define SLIX_TYPE_FEATURES_SLIX2 \
(SLIX_TYPE_FEATURE_READ | SLIX_TYPE_FEATURE_WRITE | SLIX_TYPE_FEATURE_PRIVACY | \ (SLIX_TYPE_FEATURE_READ | SLIX_TYPE_FEATURE_WRITE | SLIX_TYPE_FEATURE_PRIVACY | \
SLIX_TYPE_FEATURE_DESTROY | SLIX_TYPE_FEATURE_EAS | SLIX_TYPE_FEATURE_SIGNATURE | \ SLIX_TYPE_FEATURE_DESTROY | SLIX_TYPE_FEATURE_EAS | SLIX_TYPE_FEATURE_SIGNATURE | \
SLIX_TYPE_FEATURE_PROTECTION) SLIX_TYPE_FEATURE_PROTECTION | SLIX_TYPE_FEATURE_NFC_SYSTEM_INFO)
#define SLIX2_FEATURE_FLAGS \ #define SLIX2_FEATURE_FLAGS \
(SLIX_FEATURE_FLAG_UM_PP | SLIX_FEATURE_FLAG_COUNTER | SLIX_FEATURE_FLAG_EAS_ID | \ (SLIX_FEATURE_FLAG_UM_PP | SLIX_FEATURE_FLAG_COUNTER | SLIX_FEATURE_FLAG_EAS_ID | \
@ -74,6 +74,8 @@ SlixError slix_get_nxp_system_info_response_parse(SlixData* data, const BitBuffe
SlixError slix_read_signature_response_parse(SlixSignature data, const BitBuffer* buf); SlixError slix_read_signature_response_parse(SlixSignature data, const BitBuffer* buf);
SlixError slix_get_random_number_response_parse(SlixRandomNumber* data, const BitBuffer* buf);
// Setters // Setters
void slix_set_password(SlixData* data, SlixPasswordType password_type, SlixPassword password); void slix_set_password(SlixData* data, SlixPasswordType password_type, SlixPassword password);

View file

@ -63,7 +63,7 @@ static NfcCommand slix_listener_run(NfcGenericEvent event, void* context) {
if(iso15693_3_event->type == Iso15693_3ListenerEventTypeCustomCommand) { if(iso15693_3_event->type == Iso15693_3ListenerEventTypeCustomCommand) {
const SlixError error = slix_listener_process_request(instance, rx_buffer); const SlixError error = slix_listener_process_request(instance, rx_buffer);
if(error == SlixErrorWrongPassword) { if(error == SlixErrorWrongPassword) {
command = NfcCommandStop; command = NfcCommandSleep;
} }
} }

View file

@ -31,7 +31,7 @@ static SlixPasswordType slix_listener_get_password_type_by_id(uint8_t id) {
static SlixPassword static SlixPassword
slix_listener_unxor_password(const SlixPassword password_xored, uint16_t random) { slix_listener_unxor_password(const SlixPassword password_xored, uint16_t random) {
return password_xored ^ ((SlixPassword)random << 16 | random); return REVERSE_BYTES_U32(password_xored ^ ((SlixPassword)random << 16 | random));
} }
static SlixError slix_listener_set_password( static SlixError slix_listener_set_password(

View file

@ -44,33 +44,83 @@ static void slix_poller_free(SlixPoller* instance) {
static NfcCommand slix_poller_handler_idle(SlixPoller* instance) { static NfcCommand slix_poller_handler_idle(SlixPoller* instance) {
iso15693_3_copy( iso15693_3_copy(
instance->data->iso15693_3_data, iso15693_3_poller_get_data(instance->iso15693_3_poller)); instance->data->iso15693_3_data, iso15693_3_poller_get_data(instance->iso15693_3_poller));
instance->type = slix_get_type(instance->data);
instance->poller_state = SlixPollerStateGetNxpSysInfo; if(instance->type >= SlixTypeCount) {
instance->error = SlixErrorNotSupported;
instance->poller_state = SlixPollerStateError;
} else {
instance->poller_state = SlixPollerStateGetNxpSysInfo;
}
return NfcCommandContinue; return NfcCommandContinue;
} }
static NfcCommand slix_poller_handler_get_nfc_system_info(SlixPoller* instance) { static NfcCommand slix_poller_handler_get_nfc_system_info(SlixPoller* instance) {
instance->error = slix_poller_get_nxp_system_info(instance, &instance->data->system_info); if(slix_type_has_features(instance->type, SLIX_TYPE_FEATURE_NFC_SYSTEM_INFO)) {
if(instance->error == SlixErrorNone) { instance->error = slix_poller_get_nxp_system_info(instance, &instance->data->system_info);
instance->poller_state = SlixPollerStateReadSignature; if(instance->error == SlixErrorNone) {
instance->poller_state = SlixPollerStateReadSignature;
} else {
instance->poller_state = SlixPollerStateError;
}
} else { } else {
instance->poller_state = SlixPollerStateError; instance->poller_state = SlixPollerStateReadSignature;
} }
return NfcCommandContinue; return NfcCommandContinue;
} }
static NfcCommand slix_poller_handler_read_signature(SlixPoller* instance) { static NfcCommand slix_poller_handler_read_signature(SlixPoller* instance) {
instance->error = slix_poller_read_signature(instance, &instance->data->signature); if(slix_type_has_features(instance->type, SLIX_TYPE_FEATURE_SIGNATURE)) {
if(instance->error == SlixErrorNone) { instance->error = slix_poller_read_signature(instance, &instance->data->signature);
instance->poller_state = SlixPollerStateReady; if(instance->error == SlixErrorNone) {
instance->poller_state = SlixPollerStateReady;
} else {
instance->poller_state = SlixPollerStateError;
}
} else { } else {
instance->poller_state = SlixPollerStateError; instance->poller_state = SlixPollerStateReady;
} }
return NfcCommandContinue; return NfcCommandContinue;
} }
static NfcCommand slix_poller_handler_privacy_unlock(SlixPoller* instance) {
NfcCommand command = NfcCommandContinue;
instance->poller_state = SlixPollerStateError;
instance->slix_event.type = SlixPollerEventTypePrivacyUnlockRequest;
command = instance->callback(instance->general_event, instance->context);
bool slix_unlocked = false;
do {
if(!instance->slix_event_data.privacy_password.password_set) break;
SlixPassword pwd = instance->slix_event_data.privacy_password.password;
FURI_LOG_I(TAG, "Trying to disable privacy mode with password: %08lX", pwd);
instance->error = slix_poller_get_random_number(instance, &instance->random_number);
if(instance->error != SlixErrorNone) break;
instance->error = slix_poller_set_password(instance, SlixPasswordTypePrivacy, pwd);
if(instance->error != SlixErrorNone) {
command = NfcCommandReset;
break;
}
FURI_LOG_I(TAG, "Privacy mode disabled");
instance->data->passwords[SlixPasswordTypePrivacy] = pwd;
instance->poller_state = SlixPollerStateIdle;
slix_unlocked = true;
} while(false);
if(!slix_unlocked) {
instance->error = SlixErrorTimeout;
instance->poller_state = SlixPollerStateError;
furi_delay_ms(100);
}
return command;
}
static NfcCommand slix_poller_handler_error(SlixPoller* instance) { static NfcCommand slix_poller_handler_error(SlixPoller* instance) {
instance->slix_event_data.error = instance->error; instance->slix_event_data.error = instance->error;
instance->slix_event.type = SlixPollerEventTypeError; instance->slix_event.type = SlixPollerEventTypeError;
@ -90,6 +140,7 @@ static const SlixPollerStateHandler slix_poller_state_handler[SlixPollerStateNum
[SlixPollerStateError] = slix_poller_handler_error, [SlixPollerStateError] = slix_poller_handler_error,
[SlixPollerStateGetNxpSysInfo] = slix_poller_handler_get_nfc_system_info, [SlixPollerStateGetNxpSysInfo] = slix_poller_handler_get_nfc_system_info,
[SlixPollerStateReadSignature] = slix_poller_handler_read_signature, [SlixPollerStateReadSignature] = slix_poller_handler_read_signature,
[SlixPollerStatePrivacyUnlock] = slix_poller_handler_privacy_unlock,
[SlixPollerStateReady] = slix_poller_handler_ready, [SlixPollerStateReady] = slix_poller_handler_ready,
}; };
@ -117,8 +168,8 @@ static NfcCommand slix_poller_run(NfcGenericEvent event, void* context) {
if(iso15693_3_event->type == Iso15693_3PollerEventTypeReady) { if(iso15693_3_event->type == Iso15693_3PollerEventTypeReady) {
command = slix_poller_state_handler[instance->poller_state](instance); command = slix_poller_state_handler[instance->poller_state](instance);
} else if(iso15693_3_event->type == Iso15693_3PollerEventTypeError) { } else if(iso15693_3_event->type == Iso15693_3PollerEventTypeError) {
instance->slix_event.type = SlixPollerEventTypeError; instance->poller_state = SlixPollerStatePrivacyUnlock;
command = instance->callback(instance->general_event, instance->context); command = slix_poller_state_handler[instance->poller_state](instance);
} }
return command; return command;
@ -138,11 +189,7 @@ static bool slix_poller_detect(NfcGenericEvent event, void* context) {
bool protocol_detected = false; bool protocol_detected = false;
if(iso15693_3_event->type == Iso15693_3PollerEventTypeReady) { if(iso15693_3_event->type == Iso15693_3PollerEventTypeReady) {
if(slix_get_type(instance->data) < SlixTypeCount) { protocol_detected = (slix_get_type(instance->data) < SlixTypeCount);
SlixSystemInfo system_info = {};
SlixError error = slix_poller_get_nxp_system_info(instance, &system_info);
protocol_detected = (error == SlixErrorNone);
}
} }
return protocol_detected; return protocol_detected;

View file

@ -18,14 +18,24 @@ typedef struct SlixPoller SlixPoller;
*/ */
typedef enum { typedef enum {
SlixPollerEventTypeError, /**< An error occured while reading card. */ SlixPollerEventTypeError, /**< An error occured while reading card. */
SlixPollerEventTypePrivacyUnlockRequest, /**< Poller requests password to disable privacy mode. */
SlixPollerEventTypeReady, /**< The card was successfully read by the poller. */ SlixPollerEventTypeReady, /**< The card was successfully read by the poller. */
} SlixPollerEventType; } SlixPollerEventType;
/**
* @brief Slix poller privacy unlock context data.
*/
typedef struct {
SlixPassword password; /**< Privacy password. */
bool password_set; /**< Filed to indicate that password was set or not. */
} SlixPollerEventDataPrivacyUnlockContext;
/** /**
* @brief Slixs poller event data. * @brief Slixs poller event data.
*/ */
typedef union { typedef union {
SlixError error; /**< Error code indicating card reaing fail reason. */ SlixError error; /**< Error code indicating card reaing fail reason. */
SlixPollerEventDataPrivacyUnlockContext privacy_password; /**< Privacy unlock event context. */
} SlixPollerEventData; } SlixPollerEventData;
/** /**
@ -80,6 +90,30 @@ SlixError slix_poller_get_nxp_system_info(SlixPoller* instance, SlixSystemInfo*
*/ */
SlixError slix_poller_read_signature(SlixPoller* instance, SlixSignature* data); SlixError slix_poller_read_signature(SlixPoller* instance, SlixSignature* data);
/**
* @brief Get random number from card.
*
* Must ONLY be used inside the callback function.
*
* @param[in, out] instance pointer to the instance to be used in the transaction.
* @param[out] data pointer to the SlixRandomNumber structure to be filled.
* @return SlixErrorNone on success, an error code on failure.
*/
SlixError slix_poller_get_random_number(SlixPoller* instance, SlixRandomNumber* data);
/**
* @brief Set password to card.
*
* Must ONLY be used inside the callback function.
*
* @param[in, out] instance pointer to the instance to be used in the transaction.
* @param[out] type SlixPasswordType instance.
* @param[out] password SlixPassword instance.
* @return SlixErrorNone on success, an error code on failure.
*/
SlixError
slix_poller_set_password(SlixPoller* instance, SlixPasswordType type, SlixPassword password);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View file

@ -1,4 +1,5 @@
#include "slix_poller_i.h" #include "slix_poller_i.h"
#include <nfc/helpers/nfc_util.h>
#include <furi.h> #include <furi.h>
@ -6,18 +7,22 @@
#define TAG "SlixPoller" #define TAG "SlixPoller"
static void slix_poller_prepare_request(SlixPoller* instance, uint8_t command) { static void slix_poller_prepare_request(SlixPoller* instance, uint8_t command, bool skip_uid) {
bit_buffer_reset(instance->tx_buffer); bit_buffer_reset(instance->tx_buffer);
bit_buffer_reset(instance->rx_buffer); bit_buffer_reset(instance->rx_buffer);
bit_buffer_append_byte( uint8_t flags = ISO15693_3_REQ_FLAG_SUBCARRIER_1 | ISO15693_3_REQ_FLAG_DATA_RATE_HI;
instance->tx_buffer, if(!skip_uid) {
ISO15693_3_REQ_FLAG_SUBCARRIER_1 | ISO15693_3_REQ_FLAG_DATA_RATE_HI | flags |= ISO15693_3_REQ_FLAG_T4_ADDRESSED;
ISO15693_3_REQ_FLAG_T4_ADDRESSED); }
bit_buffer_append_byte(instance->tx_buffer, flags);
bit_buffer_append_byte(instance->tx_buffer, command); bit_buffer_append_byte(instance->tx_buffer, command);
bit_buffer_append_byte(instance->tx_buffer, SLIX_NXP_MANUFACTURER_CODE); bit_buffer_append_byte(instance->tx_buffer, SLIX_NXP_MANUFACTURER_CODE);
iso15693_3_append_uid(instance->data->iso15693_3_data, instance->tx_buffer); if(!skip_uid) {
iso15693_3_append_uid(instance->data->iso15693_3_data, instance->tx_buffer);
}
} }
SlixError slix_poller_send_frame( SlixError slix_poller_send_frame(
@ -36,7 +41,7 @@ SlixError slix_poller_get_nxp_system_info(SlixPoller* instance, SlixSystemInfo*
furi_assert(instance); furi_assert(instance);
furi_assert(data); furi_assert(data);
slix_poller_prepare_request(instance, SLIX_CMD_GET_NXP_SYSTEM_INFORMATION); slix_poller_prepare_request(instance, SLIX_CMD_GET_NXP_SYSTEM_INFORMATION, false);
SlixError error = SlixErrorNone; SlixError error = SlixErrorNone;
@ -54,7 +59,7 @@ SlixError slix_poller_read_signature(SlixPoller* instance, SlixSignature* data)
furi_assert(instance); furi_assert(instance);
furi_assert(data); furi_assert(data);
slix_poller_prepare_request(instance, SLIX_CMD_READ_SIGNATURE); slix_poller_prepare_request(instance, SLIX_CMD_READ_SIGNATURE, false);
SlixError error = SlixErrorNone; SlixError error = SlixErrorNone;
@ -67,3 +72,56 @@ SlixError slix_poller_read_signature(SlixPoller* instance, SlixSignature* data)
return error; return error;
} }
SlixError slix_poller_get_random_number(SlixPoller* instance, SlixRandomNumber* data) {
furi_assert(instance);
furi_assert(data);
slix_poller_prepare_request(instance, SLIX_CMD_GET_RANDOM_NUMBER, true);
SlixError error = SlixErrorNone;
do {
error = slix_poller_send_frame(
instance, instance->tx_buffer, instance->rx_buffer, ISO15693_3_FDT_POLL_FC);
if(error != SlixErrorNone) break;
error = slix_get_random_number_response_parse(data, instance->rx_buffer);
} while(false);
return error;
}
SlixError
slix_poller_set_password(SlixPoller* instance, SlixPasswordType type, SlixPassword password) {
furi_assert(instance);
bool skip_uid = (type == SlixPasswordTypePrivacy);
slix_poller_prepare_request(instance, SLIX_CMD_SET_PASSWORD, skip_uid);
uint8_t password_type = (0x01 << type);
bit_buffer_append_byte(instance->tx_buffer, password_type);
uint8_t rn_l = instance->random_number >> 8;
uint8_t rn_h = instance->random_number;
uint32_t double_rand_num = (rn_h << 24) | (rn_l << 16) | (rn_h << 8) | rn_l;
uint32_t xored_password = double_rand_num ^ password;
uint8_t xored_password_arr[4] = {};
nfc_util_num2bytes(xored_password, 4, xored_password_arr);
bit_buffer_append_bytes(instance->tx_buffer, xored_password_arr, 4);
SlixError error = SlixErrorNone;
do {
error = slix_poller_send_frame(
instance, instance->tx_buffer, instance->rx_buffer, SLIX_POLLER_SET_PASSWORD_FWT);
if(error != SlixErrorNone) break;
size_t rx_len = bit_buffer_get_size_bytes(instance->rx_buffer);
if(rx_len != 1) {
error = SlixErrorWrongPassword;
}
} while(false);
return error;
}

View file

@ -4,6 +4,8 @@
#include "slix_poller.h" #include "slix_poller.h"
#define SLIX_POLLER_SET_PASSWORD_FWT (100000)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -12,6 +14,7 @@ typedef enum {
SlixPollerStateIdle, SlixPollerStateIdle,
SlixPollerStateGetNxpSysInfo, SlixPollerStateGetNxpSysInfo,
SlixPollerStateReadSignature, SlixPollerStateReadSignature,
SlixPollerStatePrivacyUnlock,
SlixPollerStateReady, SlixPollerStateReady,
SlixPollerStateError, SlixPollerStateError,
SlixPollerStateNum, SlixPollerStateNum,
@ -19,9 +22,11 @@ typedef enum {
struct SlixPoller { struct SlixPoller {
Iso15693_3Poller* iso15693_3_poller; Iso15693_3Poller* iso15693_3_poller;
SlixType type;
SlixData* data; SlixData* data;
SlixPollerState poller_state; SlixPollerState poller_state;
SlixError error; SlixError error;
SlixRandomNumber random_number;
BitBuffer* tx_buffer; BitBuffer* tx_buffer;
BitBuffer* rx_buffer; BitBuffer* rx_buffer;

View file

@ -7,13 +7,13 @@
#include "usb.h" #include "usb.h"
#include "usb_cdc.h" #include "usb_cdc.h"
#define CDC0_RXD_EP 0x01 #define CDC0_RXD_EP 0x02
#define CDC0_TXD_EP 0x82 #define CDC0_TXD_EP 0x82
#define CDC0_NTF_EP 0x83 #define CDC0_NTF_EP 0x81
#define CDC1_RXD_EP 0x04 #define CDC1_RXD_EP 0x04
#define CDC1_TXD_EP 0x85 #define CDC1_TXD_EP 0x84
#define CDC1_NTF_EP 0x86 #define CDC1_NTF_EP 0x83
#define CDC_NTF_SZ 0x08 #define CDC_NTF_SZ 0x08
@ -438,7 +438,9 @@ static void cdc_init(usbd_device* dev, FuriHalUsbInterface* intf, void* ctx) {
struct usb_string_descriptor* dev_prod_desc = malloc(len * 2 + 2); struct usb_string_descriptor* dev_prod_desc = malloc(len * 2 + 2);
dev_prod_desc->bLength = len * 2 + 2; dev_prod_desc->bLength = len * 2 + 2;
dev_prod_desc->bDescriptorType = USB_DTYPE_STRING; dev_prod_desc->bDescriptorType = USB_DTYPE_STRING;
for(uint8_t i = 0; i < len; i++) dev_prod_desc->wString[i] = name[i]; for(uint8_t i = 0; i < len; i++) {
dev_prod_desc->wString[i] = name[i];
}
name = (char*)furi_hal_version_get_name_ptr(); name = (char*)furi_hal_version_get_name_ptr();
len = (name == NULL) ? (0) : (strlen(name)); len = (name == NULL) ? (0) : (strlen(name));
@ -446,7 +448,9 @@ static void cdc_init(usbd_device* dev, FuriHalUsbInterface* intf, void* ctx) {
dev_serial_desc->bLength = (len + 5) * 2 + 2; dev_serial_desc->bLength = (len + 5) * 2 + 2;
dev_serial_desc->bDescriptorType = USB_DTYPE_STRING; dev_serial_desc->bDescriptorType = USB_DTYPE_STRING;
memcpy(dev_serial_desc->wString, "f\0l\0i\0p\0_\0", 5 * 2); memcpy(dev_serial_desc->wString, "f\0l\0i\0p\0_\0", 5 * 2);
for(uint8_t i = 0; i < len; i++) dev_serial_desc->wString[i + 5] = name[i]; for(uint8_t i = 0; i < len; i++) {
dev_serial_desc->wString[i + 5] = name[i];
}
cdc_if_cur->str_prod_descr = dev_prod_desc; cdc_if_cur->str_prod_descr = dev_prod_desc;
cdc_if_cur->str_serial_descr = dev_serial_desc; cdc_if_cur->str_serial_descr = dev_serial_desc;
@ -500,18 +504,20 @@ uint8_t furi_hal_cdc_get_ctrl_line_state(uint8_t if_num) {
} }
void furi_hal_cdc_send(uint8_t if_num, uint8_t* buf, uint16_t len) { void furi_hal_cdc_send(uint8_t if_num, uint8_t* buf, uint16_t len) {
if(if_num == 0) if(if_num == 0) {
usbd_ep_write(usb_dev, CDC0_TXD_EP, buf, len); usbd_ep_write(usb_dev, CDC0_TXD_EP, buf, len);
else } else {
usbd_ep_write(usb_dev, CDC1_TXD_EP, buf, len); usbd_ep_write(usb_dev, CDC1_TXD_EP, buf, len);
}
} }
int32_t furi_hal_cdc_receive(uint8_t if_num, uint8_t* buf, uint16_t max_len) { int32_t furi_hal_cdc_receive(uint8_t if_num, uint8_t* buf, uint16_t max_len) {
int32_t len = 0; int32_t len = 0;
if(if_num == 0) if(if_num == 0) {
len = usbd_ep_read(usb_dev, CDC0_RXD_EP, buf, max_len); len = usbd_ep_read(usb_dev, CDC0_RXD_EP, buf, max_len);
else } else {
len = usbd_ep_read(usb_dev, CDC1_RXD_EP, buf, max_len); len = usbd_ep_read(usb_dev, CDC1_RXD_EP, buf, max_len);
}
return ((len < 0) ? 0 : len); return ((len < 0) ? 0 : len);
} }
@ -540,14 +546,16 @@ static void cdc_rx_ep_callback(usbd_device* dev, uint8_t event, uint8_t ep) {
UNUSED(dev); UNUSED(dev);
UNUSED(event); UNUSED(event);
uint8_t if_num = 0; uint8_t if_num = 0;
if(ep == CDC0_RXD_EP) if(ep == CDC0_RXD_EP) {
if_num = 0; if_num = 0;
else } else {
if_num = 1; if_num = 1;
}
if(callbacks[if_num] != NULL) { if(callbacks[if_num] != NULL) {
if(callbacks[if_num]->rx_ep_callback != NULL) if(callbacks[if_num]->rx_ep_callback != NULL) {
callbacks[if_num]->rx_ep_callback(cb_ctx[if_num]); callbacks[if_num]->rx_ep_callback(cb_ctx[if_num]);
}
} }
} }
@ -555,14 +563,16 @@ static void cdc_tx_ep_callback(usbd_device* dev, uint8_t event, uint8_t ep) {
UNUSED(dev); UNUSED(dev);
UNUSED(event); UNUSED(event);
uint8_t if_num = 0; uint8_t if_num = 0;
if(ep == CDC0_TXD_EP) if(ep == CDC0_TXD_EP) {
if_num = 0; if_num = 0;
else } else {
if_num = 1; if_num = 1;
}
if(callbacks[if_num] != NULL) { if(callbacks[if_num] != NULL) {
if(callbacks[if_num]->tx_ep_callback != NULL) if(callbacks[if_num]->tx_ep_callback != NULL) {
callbacks[if_num]->tx_ep_callback(cb_ctx[if_num]); callbacks[if_num]->tx_ep_callback(cb_ctx[if_num]);
}
} }
} }
@ -642,25 +652,28 @@ static usbd_respond cdc_control(usbd_device* dev, usbd_ctlreq* req, usbd_rqc_cal
if(((USB_REQ_RECIPIENT | USB_REQ_TYPE) & req->bmRequestType) == if(((USB_REQ_RECIPIENT | USB_REQ_TYPE) & req->bmRequestType) ==
(USB_REQ_INTERFACE | USB_REQ_CLASS) && (USB_REQ_INTERFACE | USB_REQ_CLASS) &&
(req->wIndex == 0 || req->wIndex == 2)) { (req->wIndex == 0 || req->wIndex == 2)) {
if(req->wIndex == 0) if(req->wIndex == 0) {
if_num = 0; if_num = 0;
else } else {
if_num = 1; if_num = 1;
}
switch(req->bRequest) { switch(req->bRequest) {
case USB_CDC_SET_CONTROL_LINE_STATE: case USB_CDC_SET_CONTROL_LINE_STATE:
if(callbacks[if_num] != NULL) { if(callbacks[if_num] != NULL) {
cdc_ctrl_line_state[if_num] = req->wValue; cdc_ctrl_line_state[if_num] = req->wValue;
if(callbacks[if_num]->ctrl_line_callback != NULL) if(callbacks[if_num]->ctrl_line_callback != NULL) {
callbacks[if_num]->ctrl_line_callback( callbacks[if_num]->ctrl_line_callback(
cb_ctx[if_num], cdc_ctrl_line_state[if_num]); cb_ctx[if_num], cdc_ctrl_line_state[if_num]);
}
} }
return usbd_ack; return usbd_ack;
case USB_CDC_SET_LINE_CODING: case USB_CDC_SET_LINE_CODING:
memcpy(&cdc_config[if_num], req->data, sizeof(cdc_config[0])); memcpy(&cdc_config[if_num], req->data, sizeof(cdc_config[0]));
if(callbacks[if_num] != NULL) { if(callbacks[if_num] != NULL) {
if(callbacks[if_num]->config_callback != NULL) if(callbacks[if_num]->config_callback != NULL) {
callbacks[if_num]->config_callback(cb_ctx[if_num], &cdc_config[if_num]); callbacks[if_num]->config_callback(cb_ctx[if_num], &cdc_config[if_num]);
}
} }
return usbd_ack; return usbd_ack;
case USB_CDC_GET_LINE_CODING: case USB_CDC_GET_LINE_CODING: