Mirrors/unleashed-firmware
2
0
Fork 0
mirror of https://github.com/DarkFlippers/unleashed-firmware synced 2024-11-10 06:54:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'flipperdevices/dev' into dev

Browse source
This commit is contained in:
Eng1n33r 2022-07-03 21:04:15 +03:00
commit cba5cb745c
No known key found for this signature in database
GPG key ID: 7FAD1CA551A0D528
42 changed files with 2766 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.github/workflows/build.yml vendored
View file

@ -144,7 +144,7 @@ jobs:
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: 'Install with web updater'
body-includes: 'Compiled firmware for commit'
- name: 'Create or update comment'
if: ${{ !github.event.pull_request.head.repo.fork && github.event.pull_request}}
@ -153,7 +153,10 @@ jobs:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
[Install with web updater](https://my.flipp.dev/?url=https://update.flipperzero.one/builds/firmware/${{steps.names.outputs.artifacts-path}}/flipper-z-${{steps.names.outputs.default-target}}-update-${{steps.names.outputs.suffix}}.tgz&channel=${{steps.names.outputs.artifacts-path}}&version=${{steps.names.outputs.short-hash}}).
**Compiled firmware for commit `${{steps.names.outputs.short-hash}}`:**
- [📦 Update package](https://update.flipperzero.one/builds/firmware/${{steps.names.outputs.artifacts-path}}/flipper-z-${{steps.names.outputs.default-target}}-update-${{steps.names.outputs.suffix}}.tgz)
- [📥 DFU file](https://update.flipperzero.one/builds/firmware/${{steps.names.outputs.artifacts-path}}/flipper-z-${{steps.names.outputs.default-target}}-full-${{steps.names.outputs.suffix}}.dfu)
- [☁️ Web updater](https://my.flipp.dev/?url=https://update.flipperzero.one/builds/firmware/${{steps.names.outputs.artifacts-path}}/flipper-z-${{steps.names.outputs.default-target}}-update-${{steps.names.outputs.suffix}}.tgz&channel=${{steps.names.outputs.artifacts-path}}&version=${{steps.names.outputs.short-hash}})
edit-mode: replace
compact:

3
.gitmodules vendored
View file

@ -25,3 +25,6 @@
[submodule "lib/scons"]
path = lib/scons
url = https://github.com/SCons/scons.git
[submodule "lib/mbedtls"]
path = lib/mbedtls
url = https://github.com/Mbed-TLS/mbedtls.git

10
applications/nfc/nfc_worker.c
View file

@ -1,6 +1,8 @@
#include "nfc_worker_i.h"
#include <furi_hal.h>
#include <platform.h>
#define TAG "NfcWorker"
/***************************** NFC Worker API *******************************/
@ -495,9 +497,11 @@ void nfc_worker_emulate_mifare_classic(NfcWorker* nfc_worker) {
NfcaSignal* nfca_signal = nfca_signal_alloc();
tx_rx.nfca_signal = nfca_signal;
rfal_platform_spi_acquire();
furi_hal_nfc_listen_start(nfc_data);
while(nfc_worker->state == NfcWorkerStateEmulateMifareClassic) {
if(furi_hal_nfc_listen(
nfc_data->uid, nfc_data->uid_len, nfc_data->atqa, nfc_data->sak, true, 300)) {
if(furi_hal_nfc_listen_rx(&tx_rx, 300)) {
mf_classic_emulator(&emulator, &tx_rx);
}
}
@ -510,6 +514,8 @@ void nfc_worker_emulate_mifare_classic(NfcWorker* nfc_worker) {
}
nfca_signal_free(nfca_signal);
rfal_platform_spi_release();
}
void nfc_worker_read_mifare_desfire(NfcWorker* nfc_worker) {

11
applications/picopass/application.fam Normal file
View file

@ -0,0 +1,11 @@
App(
appid="picopass",
name="PicoPass Reader",
apptype=FlipperAppType.PLUGIN,
entry_point="picopass_app",
cdefines=["APP_PICOPASS"],
requires=["gui"],
stack_size=1 * 1024,
icon="A_Plugins_14",
order=30,
)

436
applications/picopass/picopass.c Normal file
View file

@ -0,0 +1,436 @@
#include "picopass.h"
#include <furi.h>
#include <gui/gui.h>
#include <input/input.h>
#include <stdlib.h>
#include <st25r3916.h>
#include <rfal_analogConfig.h>
#include <rfal_rf.h>
#include <rfal_nfc.h>
#include <storage/storage.h>
#include <lib/toolbox/path.h>
#define TAG "PicoPass"
#define PICOPASS_APP_ICLASS_KEY_PATH "/any/picopass/iclass_key.bin"
#define PICOPASS_APP_ICLASS_DECRYPT_KEY_PATH "/any/picopass/iclass_decryptionkey.bin"
typedef enum {
EventTypeTick,
EventTypeKey,
} EventType;
typedef struct {
EventType type;
InputEvent input;
} PluginEvent;
typedef struct {
bool valid;
uint8_t bitLength;
uint8_t FacilityCode;
uint16_t CardNumber;
} WiegandRecord;
typedef struct {
bool biometrics;
uint8_t encryption;
uint8_t credential[8];
uint8_t pin0[8];
uint8_t pin1[8];
WiegandRecord record;
} PACS;
enum State { INIT, KEYS_MISSING, READY, RESULT };
typedef struct {
enum State state;
PACS pacs;
} PluginState;
uint8_t iclass_key[8] = {0}; // NB: not the permuted version
uint8_t iclass_decryptionkey[16] = {0};
ApplicationArea AA1;
static bool picopass_load_keys() {
Storage* storage = furi_record_open("storage");
File* file = storage_file_alloc(storage);
if(!storage_file_open(file, PICOPASS_APP_ICLASS_KEY_PATH, FSAM_READ, FSOM_OPEN_EXISTING)) {
FURI_LOG_E(TAG, "Unable to open iClass key");
storage_file_free(file);
furi_record_close("storage");
return false;
};
storage_file_read(file, iclass_key, sizeof(iclass_key));
storage_file_close(file);
FURI_LOG_D(TAG, "iClass key loaded");
if(!storage_file_open(
file, PICOPASS_APP_ICLASS_DECRYPT_KEY_PATH, FSAM_READ, FSOM_OPEN_EXISTING)) {
FURI_LOG_E(TAG, "Unable to open iClass decryption key");
storage_file_free(file);
furi_record_close("storage");
return false;
};
storage_file_read(file, iclass_decryptionkey, sizeof(iclass_decryptionkey));
storage_file_close(file);
FURI_LOG_D(TAG, "iClass decryption key loaded");
storage_file_free(file);
furi_record_close("storage");
return true;
}
static void render_callback(Canvas* const canvas, void* ctx) {
const PluginState* plugin_state = acquire_mutex((ValueMutex*)ctx, 25);
if(plugin_state == NULL) {
return;
}
// border around the edge of the screen
canvas_draw_frame(canvas, 0, 0, 128, 64);
canvas_set_font(canvas, FontPrimary);
if(plugin_state->state == INIT) {
canvas_draw_str_aligned(canvas, 64, 32, AlignCenter, AlignTop, "Loading...");
} else if(plugin_state->state == KEYS_MISSING) {
canvas_draw_str_aligned(canvas, 64, 32, AlignCenter, AlignTop, "Keys missing");
} else if(plugin_state->state == READY) {
canvas_draw_str_aligned(canvas, 64, 32, AlignCenter, AlignTop, "Push center to scan");
} else if(plugin_state->state == RESULT) {
char raw_credential[25] = {0};
sprintf(
raw_credential,
"%02x %02x %02x %02x %02x %02x %02x %02x",
plugin_state->pacs.credential[0],
plugin_state->pacs.credential[1],
plugin_state->pacs.credential[2],
plugin_state->pacs.credential[3],
plugin_state->pacs.credential[4],
plugin_state->pacs.credential[5],
plugin_state->pacs.credential[6],
plugin_state->pacs.credential[7]);
canvas_draw_str_aligned(canvas, 64, 34, AlignCenter, AlignTop, raw_credential);
if(plugin_state->pacs.record.valid) {
char parsed[20] = {0};
sprintf(
parsed,
"FC: %03u CN: %05u",
plugin_state->pacs.record.FacilityCode,
plugin_state->pacs.record.CardNumber);
canvas_draw_str_aligned(canvas, 64, 32, AlignCenter, AlignBottom, parsed);
}
}
release_mutex((ValueMutex*)ctx, plugin_state);
}
static void input_callback(InputEvent* input_event, osMessageQueueId_t event_queue) {
furi_assert(event_queue);
PluginEvent event = {.type = EventTypeKey, .input = *input_event};
osMessageQueuePut(event_queue, &event, 0, osWaitForever);
}
static void picopass_state_init(PluginState* const plugin_state) {
plugin_state->state = INIT;
if(picopass_load_keys()) {
plugin_state->state = READY;
} else {
plugin_state->state = KEYS_MISSING;
}
}
ReturnCode decrypt(uint8_t* enc_data, uint8_t* dec_data) {
uint8_t key[32] = {0};
memcpy(key, iclass_decryptionkey, sizeof(iclass_decryptionkey));
mbedtls_des3_context ctx;
mbedtls_des3_init(&ctx);
mbedtls_des3_set2key_dec(&ctx, key);
mbedtls_des3_crypt_ecb(&ctx, enc_data, dec_data);
mbedtls_des3_free(&ctx);
return ERR_NONE;
}
ReturnCode parseWiegand(uint8_t* data, WiegandRecord* record) {
uint32_t* halves = (uint32_t*)data;
if(halves[0] == 0) {
uint8_t leading0s = __builtin_clz(REVERSE_BYTES_U32(halves[1]));
record->bitLength = 31 - leading0s;
} else {
uint8_t leading0s = __builtin_clz(REVERSE_BYTES_U32(halves[0]));
record->bitLength = 63 - leading0s;
}
FURI_LOG_D(TAG, "bitLength: %d", record->bitLength);
if(record->bitLength == 26) {
uint8_t* v4 = data + 4;
v4[0] = 0;
uint32_t bot = v4[3] | (v4[2] << 8) | (v4[1] << 16) | (v4[0] << 24);
record->CardNumber = (bot >> 1) & 0xFFFF;
record->FacilityCode = (bot >> 17) & 0xFF;
record->valid = true;
} else {
record->CardNumber = 0;
record->FacilityCode = 0;
record->valid = false;
}
return ERR_NONE;
}
ReturnCode disable_field(ReturnCode rc) {
st25r3916TxRxOff();
rfalLowPowerModeStart();
return rc;
}
ReturnCode picopass_read_card(ApplicationArea* AA1) {
rfalPicoPassIdentifyRes idRes;
rfalPicoPassSelectRes selRes;
rfalPicoPassReadCheckRes rcRes;
rfalPicoPassCheckRes chkRes;
ReturnCode err;
uint8_t div_key[8] = {0};
uint8_t mac[4] = {0};
uint8_t ccnr[12] = {0};
st25r3916TxRxOn();
rfalLowPowerModeStop();
rfalWorker();
err = rfalPicoPassPollerInitialize();
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "rfalPicoPassPollerInitialize error %d\n", err);
return disable_field(err);
}
err = rfalFieldOnAndStartGT();
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "rfalFieldOnAndStartGT error %d\n", err);
return disable_field(err);
}
err = rfalPicoPassPollerCheckPresence();
if(err != ERR_RF_COLLISION) {
FURI_LOG_E(TAG, "rfalPicoPassPollerCheckPresence error %d\n", err);
return disable_field(err);
}
err = rfalPicoPassPollerIdentify(&idRes);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "rfalPicoPassPollerIdentify error %d\n", err);
return disable_field(err);
}
err = rfalPicoPassPollerSelect(idRes.CSN, &selRes);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "rfalPicoPassPollerSelect error %d\n", err);
return disable_field(err);
}
err = rfalPicoPassPollerReadCheck(&rcRes);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "rfalPicoPassPollerReadCheck error %d", err);
return disable_field(err);
}
memcpy(ccnr, rcRes.CCNR, sizeof(rcRes.CCNR)); // last 4 bytes left 0
diversifyKey(selRes.CSN, iclass_key, div_key);
opt_doReaderMAC(ccnr, div_key, mac);
err = rfalPicoPassPollerCheck(mac, &chkRes);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "rfalPicoPassPollerCheck error %d", err);
return disable_field(err);
}
for(size_t i = 0; i < 4; i++) {
FURI_LOG_D(TAG, "rfalPicoPassPollerReadBlock block %d", i + 6);
err = rfalPicoPassPollerReadBlock(i + 6, &(AA1->block[i]));
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "rfalPicoPassPollerReadBlock error %d", err);
return disable_field(err);
}
}
return disable_field(ERR_NONE);
}
int32_t picopass_app(void* p) {
UNUSED(p);
osMessageQueueId_t event_queue = osMessageQueueNew(8, sizeof(PluginEvent), NULL);
PluginState* plugin_state = malloc(sizeof(PluginState));
picopass_state_init(plugin_state);
ValueMutex state_mutex;
if(!init_mutex(&state_mutex, plugin_state, sizeof(PluginState))) {
FURI_LOG_E("Hello_world", "cannot create mutex\r\n");
free(plugin_state);
return 255;
}
// Set system callbacks
ViewPort* view_port = view_port_alloc();
view_port_draw_callback_set(view_port, render_callback, &state_mutex);
view_port_input_callback_set(view_port, input_callback, event_queue);
// Open GUI and register view_port
Gui* gui = furi_record_open("gui");
gui_add_view_port(gui, view_port, GuiLayerFullscreen);
PluginEvent event;
ReturnCode err;
for(bool processing = true; processing;) {
osStatus_t event_status = osMessageQueueGet(event_queue, &event, NULL, 100);
PluginState* plugin_state = (PluginState*)acquire_mutex_block(&state_mutex);
if(event_status == osOK) {
// press events
if(event.type == EventTypeKey) {
if(event.input.type == InputTypePress) {
switch(event.input.key) {
case InputKeyUp:
FURI_LOG_D(TAG, "Input Up");
break;
case InputKeyDown:
FURI_LOG_D(TAG, "Input Down");
break;
case InputKeyRight:
FURI_LOG_D(TAG, "Input Right");
break;
case InputKeyLeft:
FURI_LOG_D(TAG, "Input Left");
break;
case InputKeyOk:
FURI_LOG_D(TAG, "Input OK");
err = picopass_read_card(&AA1);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "picopass_read_card error %d", err);
plugin_state->state = READY;
break;
}
FURI_LOG_D(TAG, "read OK");
plugin_state->pacs.biometrics = AA1.block[0].data[4];
plugin_state->pacs.encryption = AA1.block[0].data[7];
if(plugin_state->pacs.encryption == 0x17) {
FURI_LOG_D(TAG, "3DES Encrypted");
err = decrypt(AA1.block[1].data, plugin_state->pacs.credential);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "decrypt error %d", err);
break;
}
FURI_LOG_D(TAG, "Decrypted 7");
err = decrypt(AA1.block[2].data, plugin_state->pacs.pin0);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "decrypt error %d", err);
break;
}
FURI_LOG_D(TAG, "Decrypted 8");
err = decrypt(AA1.block[3].data, plugin_state->pacs.pin1);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "decrypt error %d", err);
break;
}
FURI_LOG_D(TAG, "Decrypted 9");
} else if(plugin_state->pacs.encryption == 0x14) {
FURI_LOG_D(TAG, "No Encryption");
memcpy(
plugin_state->pacs.credential,
AA1.block[1].data,
RFAL_PICOPASS_MAX_BLOCK_LEN);
memcpy(
plugin_state->pacs.pin0,
AA1.block[2].data,
RFAL_PICOPASS_MAX_BLOCK_LEN);
memcpy(
plugin_state->pacs.pin1,
AA1.block[3].data,
RFAL_PICOPASS_MAX_BLOCK_LEN);
} else if(plugin_state->pacs.encryption == 0x15) {
FURI_LOG_D(TAG, "DES Encrypted");
} else {
FURI_LOG_D(TAG, "Unknown encryption");
break;
}
FURI_LOG_D(
TAG,
"credential %02x%02x%02x%02x%02x%02x%02x%02x",
plugin_state->pacs.credential[0],
plugin_state->pacs.credential[1],
plugin_state->pacs.credential[2],
plugin_state->pacs.credential[3],
plugin_state->pacs.credential[4],
plugin_state->pacs.credential[5],
plugin_state->pacs.credential[6],
plugin_state->pacs.credential[7]);
FURI_LOG_D(
TAG,
"pin0 %02x%02x%02x%02x%02x%02x%02x%02x",
plugin_state->pacs.pin0[0],
plugin_state->pacs.pin0[1],
plugin_state->pacs.pin0[2],
plugin_state->pacs.pin0[3],
plugin_state->pacs.pin0[4],
plugin_state->pacs.pin0[5],
plugin_state->pacs.pin0[6],
plugin_state->pacs.pin0[7]);
FURI_LOG_D(
TAG,
"pin1 %02x%02x%02x%02x%02x%02x%02x%02x",
plugin_state->pacs.pin1[0],
plugin_state->pacs.pin1[1],
plugin_state->pacs.pin1[2],
plugin_state->pacs.pin1[3],
plugin_state->pacs.pin1[4],
plugin_state->pacs.pin1[5],
plugin_state->pacs.pin1[6],
plugin_state->pacs.pin1[7]);
err = parseWiegand(
plugin_state->pacs.credential, &plugin_state->pacs.record);
if(err != ERR_NONE) {
FURI_LOG_E(TAG, "parse error %d", err);
break;
}
if(plugin_state->pacs.record.valid) {
FURI_LOG_D(
TAG,
"FC: %03d CN: %05d",
plugin_state->pacs.record.FacilityCode,
plugin_state->pacs.record.CardNumber);
}
plugin_state->state = RESULT;
break;
case InputKeyBack:
FURI_LOG_D(TAG, "Input Back");
processing = false;
break;
}
}
}
} else {
// FURI_LOG_D(TAG, "osMessageQueue: event timeout");
// event timeout
}
view_port_update(view_port);
release_mutex(&state_mutex, plugin_state);
}
view_port_enabled_set(view_port, false);
gui_remove_view_port(gui, view_port);
furi_record_close("gui");
view_port_free(view_port);
osMessageQueueDelete(event_queue);
return 0;
}

9
applications/picopass/picopass.h Normal file
View file

@ -0,0 +1,9 @@
#pragma once
#include <rfal_picopass.h>
#include <loclass/optimized_ikeys.h>
#include <loclass/optimized_cipher.h>
#include <mbedtls/des.h>
#define PP_MAX_DUMP_SIZE 1024
#define FURI_HAL_PICOPASS_UID_MAX_LEN 10

3
applications/subghz/helpers/subghz_custom_event.h
View file

@ -43,6 +43,7 @@ typedef enum {
SubGhzCustomEventSceneShowOnlyRX,
SubGhzCustomEventSceneAnalyzerLock,
SubGhzCustomEventSceneAnalyzerUnlock,
SubGhzCustomEventSceneSettingLock,
SubGhzCustomEventSceneExit,
SubGhzCustomEventSceneStay,
@ -50,6 +51,8 @@ typedef enum {
SubGhzCustomEventViewReceiverOK,
SubGhzCustomEventViewReceiverConfig,
SubGhzCustomEventViewReceiverBack,
SubGhzCustomEventViewReceiverOffDisplay,
SubGhzCustomEventViewReceiverUnlock,
SubGhzCustomEventViewReadRAWBack,
SubGhzCustomEventViewReadRAWIDLE,

23
applications/subghz/scenes/subghz_scene_read_raw.c
View file

@ -106,6 +106,7 @@ void subghz_scene_read_raw_on_enter(void* context) {
bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
SubGhz* subghz = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
switch(event.event) {
case SubGhzCustomEventViewReadRAWBack:
@ -141,7 +142,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
}
}
}
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWTXRXStop:
@ -156,14 +157,14 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
subghz_sleep(subghz);
};
subghz->state_notifications = SubGhzNotificationStateIDLE;
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWConfig:
scene_manager_set_scene_state(
subghz->scene_manager, SubGhzSceneReadRAW, SubGhzCustomEventManagerSet);
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneReceiverConfig);
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWErase:
@ -175,7 +176,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
}
subghz->txrx->rx_key_state = SubGhzRxKeyStateIDLE;
notification_message(subghz->notifications, &sequence_reset_rgb);
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWMore:
@ -184,7 +185,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
subghz->scene_manager, SubGhzSceneReadRAW, SubGhzCustomEventManagerSet);
subghz->txrx->rx_key_state = SubGhzRxKeyStateRAWLoad;
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneMoreRAW);
return true;
consumed = true;
} else {
furi_crash("SubGhz: RAW file name update error.");
}
@ -214,7 +215,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
}
}
}
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWSendStop:
@ -224,7 +225,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
subghz_sleep(subghz);
}
subghz_read_raw_stop_send(subghz->subghz_read_raw);
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWIDLE:
@ -255,7 +256,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
subghz->state_notifications = SubGhzNotificationStateIDLE;
subghz->txrx->rx_key_state = SubGhzRxKeyStateAddKey;
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWREC:
@ -281,7 +282,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneShowError);
}
}
return true;
consumed = true;
break;
case SubGhzCustomEventViewReadRAWSave:
@ -291,7 +292,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
subghz->txrx->rx_key_state = SubGhzRxKeyStateBack;
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneSaveName);
}
return true;
consumed = true;
break;
default:
@ -315,7 +316,7 @@ bool subghz_scene_read_raw_on_event(void* context, SceneManagerEvent event) {
break;
}
}
return false;
return consumed;
}
void subghz_scene_read_raw_on_exit(void* context) {

45
applications/subghz/scenes/subghz_scene_receiver.c
View file

@ -14,6 +14,23 @@ static const NotificationSequence subghs_sequence_rx = {
NULL,
};
static const NotificationSequence subghs_sequence_rx_locked = {
&message_green_255,
&message_display_backlight_on,
&message_vibro_on,
&message_note_c6,
&message_delay_50,
&message_sound_off,
&message_vibro_off,
&message_delay_500,
&message_display_backlight_off,
NULL,
};
static void subghz_scene_receiver_update_statusbar(void* context) {
SubGhz* subghz = context;
string_t history_stat_str;
@ -92,6 +109,8 @@ void subghz_scene_receiver_on_enter(void* context) {
subghz->txrx->rx_key_state = SubGhzRxKeyStateStart;
}
subghz_view_receiver_set_lock(subghz->subghz_receiver, subghz->lock);
//Load history to receiver
subghz_view_receiver_exit(subghz->subghz_receiver);
for(uint8_t i = 0; i < subghz_history_get_item(subghz->txrx->history); i++) {
@ -126,11 +145,10 @@ void subghz_scene_receiver_on_enter(void* context) {
bool subghz_scene_receiver_on_event(void* context, SceneManagerEvent event) {
SubGhz* subghz = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
switch(event.event) {
case SubGhzCustomEventViewReceiverBack:
// Stop CC1101 Rx
subghz->state_notifications = SubGhzNotificationStateIDLE;
if(subghz->txrx->txrx_state == SubGhzTxRxStateRx) {
@ -151,20 +169,28 @@ bool subghz_scene_receiver_on_event(void* context, SceneManagerEvent event) {
scene_manager_search_and_switch_to_previous_scene(
subghz->scene_manager, SubGhzSceneStart);
}
return true;
consumed = true;
break;
case SubGhzCustomEventViewReceiverOK:
subghz->txrx->idx_menu_chosen =
subghz_view_receiver_get_idx_menu(subghz->subghz_receiver);
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneReceiverInfo);
return true;
consumed = true;
break;
case SubGhzCustomEventViewReceiverConfig:
subghz->state_notifications = SubGhzNotificationStateIDLE;
subghz->txrx->idx_menu_chosen =
subghz_view_receiver_get_idx_menu(subghz->subghz_receiver);
scene_manager_next_scene(subghz->scene_manager, SubGhzSceneReceiverConfig);
return true;
consumed = true;
break;
case SubGhzCustomEventViewReceiverOffDisplay:
notification_message(subghz->notifications, &sequence_display_backlight_off);
consumed = true;
break;
case SubGhzCustomEventViewReceiverUnlock:
subghz->lock = SubGhzLockOff;
consumed = true;
break;
default:
break;
@ -174,20 +200,23 @@ bool subghz_scene_receiver_on_event(void* context, SceneManagerEvent event) {
subghz_hopper_update(subghz);
subghz_scene_receiver_update_statusbar(subghz);
}
switch(subghz->state_notifications) {
case SubGhzNotificationStateRx:
notification_message(subghz->notifications, &sequence_blink_cyan_10);
break;
case SubGhzNotificationStateRxDone:
notification_message(subghz->notifications, &subghs_sequence_rx);
if(subghz->lock != SubGhzLockOn) {
notification_message(subghz->notifications, &subghs_sequence_rx);
} else {
notification_message(subghz->notifications, &subghs_sequence_rx_locked);
}
subghz->state_notifications = SubGhzNotificationStateRx;
break;
default:
break;
}
}
return false;
return consumed;
}
void subghz_scene_receiver_on_exit(void* context) {

38
applications/subghz/scenes/subghz_scene_receiver_config.c
View file

@ -1,5 +1,12 @@
#include "../subghz_i.h"
enum SubGhzSettingIndex {
SubGhzSettingIndexFrequency,
SubGhzSettingIndexHopping,
SubGhzSettingIndexModulation,
SubGhzSettingIndexLock,
};
#define PRESET_COUNT 4
const char* const preset_text[PRESET_COUNT] = {
"AM270",
@ -137,6 +144,15 @@ static void subghz_scene_receiver_config_set_hopping_runing(VariableItem* item)
subghz->txrx->hopper_state = hopping_value[index];
}
static void subghz_scene_receiver_config_var_list_enter_callback(void* context, uint32_t index) {
furi_assert(context);
SubGhz* subghz = context;
if(index == SubGhzSettingIndexLock) {
view_dispatcher_send_custom_event(
subghz->view_dispatcher, SubGhzCustomEventSceneSettingLock);
}
}
void subghz_scene_receiver_config_on_enter(void* context) {
SubGhz* subghz = context;
VariableItem* item;
@ -185,13 +201,29 @@ void subghz_scene_receiver_config_on_enter(void* context) {
variable_item_set_current_value_index(item, value_index);
variable_item_set_current_value_text(item, preset_text[value_index]);
if(scene_manager_get_scene_state(subghz->scene_manager, SubGhzSceneReadRAW) !=
SubGhzCustomEventManagerSet) {
variable_item_list_add(subghz->variable_item_list, "Lock Keyboard", 1, NULL, NULL);
variable_item_list_set_enter_callback(
subghz->variable_item_list,
subghz_scene_receiver_config_var_list_enter_callback,
subghz);
}
view_dispatcher_switch_to_view(subghz->view_dispatcher, SubGhzViewIdVariableItemList);
}
bool subghz_scene_receiver_config_on_event(void* context, SceneManagerEvent event) {
UNUSED(context);
UNUSED(event);
return false;
SubGhz* subghz = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == SubGhzCustomEventSceneSettingLock) {
subghz->lock = SubGhzLockOn;
scene_manager_previous_scene(subghz->scene_manager);
consumed = true;
}
}
return consumed;
}
void subghz_scene_receiver_config_on_exit(void* context) {

3
applications/subghz/subghz.c
View file

@ -138,7 +138,8 @@ SubGhz* subghz_alloc() {
subghz->setting = subghz_setting_alloc();
subghz_setting_load(subghz->setting, "/ext/subghz/assets/setting_user");
//init Worker & Protocol & History
//init Worker & Protocol & History & KeyBoard
subghz->lock = SubGhzLockOff;
subghz->txrx = malloc(sizeof(SubGhzTxRx));
subghz->txrx->frequency = subghz_setting_get_default_frequency(subghz->setting);
subghz->txrx->preset = FuriHalSubGhzPresetOok650Async;

1
applications/subghz/subghz_i.h
View file

@ -1,5 +1,6 @@
#pragma once
#include "helpers/subghz_types.h"
#include "subghz.h"
#include "views/receiver.h"
#include "views/transmitter.h"

136
applications/subghz/views/receiver.c
View file

@ -11,6 +11,7 @@
#define FRAME_HEIGHT 12
#define MAX_LEN_PX 100
#define MENU_ITEMS 4u
#define UNLOCK_CNT 3
typedef struct {
string_t item_str;
@ -34,7 +35,17 @@ static const Icon* ReceiverItemIcons[] = {
[SubGhzProtocolTypeDynamic] = &I_Lock_7x8,
};
typedef enum {
SubGhzViewReceiverBarShowDefault,
SubGhzViewReceiverBarShowLock,
SubGhzViewReceiverBarShowToUnlockPress,
SubGhzViewReceiverBarShowUnlock,
} SubGhzViewReceiverBarShow;
struct SubGhzViewReceiver {
SubGhzLock lock;
uint8_t lock_count;
osTimerId_t timer;
View* view;
SubGhzViewReceiverCallback callback;
void* context;
@ -48,8 +59,29 @@ typedef struct {
uint16_t idx;
uint16_t list_offset;
uint16_t history_item;
SubGhzViewReceiverBarShow bar_show;
} SubGhzViewReceiverModel;
void subghz_view_receiver_set_lock(SubGhzViewReceiver* subghz_receiver, SubGhzLock lock) {
furi_assert(subghz_receiver);
subghz_receiver->lock_count = 0;
if(lock == SubGhzLockOn) {
subghz_receiver->lock = lock;
with_view_model(
subghz_receiver->view, (SubGhzViewReceiverModel * model) {
model->bar_show = SubGhzViewReceiverBarShowLock;
return true;
});
osTimerStart(subghz_receiver->timer, pdMS_TO_TICKS(1000));
} else {
with_view_model(
subghz_receiver->view, (SubGhzViewReceiverModel * model) {
model->bar_show = SubGhzViewReceiverBarShowDefault;
return true;
});
}
}
void subghz_view_receiver_set_callback(
SubGhzViewReceiver* subghz_receiver,
SubGhzViewReceiverCallback callback,
@ -138,17 +170,6 @@ void subghz_view_receiver_draw(Canvas* canvas, SubGhzViewReceiverModel* model) {
canvas_set_font(canvas, FontSecondary);
elements_button_left(canvas, "Config");
canvas_draw_str(canvas, 44, 62, string_get_cstr(model->frequency_str));
canvas_draw_str(canvas, 79, 62, string_get_cstr(model->preset_str));
canvas_draw_str(canvas, 96, 62, string_get_cstr(model->history_stat_str));
if(model->history_item == 0) {
canvas_draw_icon(canvas, 0, 0, &I_Scanning_123x52);
canvas_set_font(canvas, FontPrimary);
canvas_draw_str(canvas, 63, 46, "Scanning...");
canvas_draw_line(canvas, 46, 51, 125, 51);
return;
}
canvas_draw_line(canvas, 46, 51, 125, 51);
bool scrollbar = model->history_item > 4;
@ -175,12 +196,96 @@ void subghz_view_receiver_draw(Canvas* canvas, SubGhzViewReceiverModel* model) {
elements_scrollbar_pos(canvas, 128, 0, 49, model->idx, model->history_item);
}
string_clear(str_buff);
canvas_set_color(canvas, ColorBlack);
if(model->history_item == 0) {
canvas_draw_icon(canvas, 0, 0, &I_Scanning_123x52);
canvas_set_font(canvas, FontPrimary);
canvas_draw_str(canvas, 63, 46, "Scanning...");
canvas_draw_line(canvas, 46, 51, 125, 51);
canvas_set_font(canvas, FontSecondary);
}
switch(model->bar_show) {
case SubGhzViewReceiverBarShowLock:
canvas_draw_icon(canvas, 64, 55, &I_Lock_7x8);
canvas_draw_str(canvas, 74, 62, "Locked");
break;
case SubGhzViewReceiverBarShowToUnlockPress:
canvas_draw_str(canvas, 44, 62, string_get_cstr(model->frequency_str));
canvas_draw_str(canvas, 79, 62, string_get_cstr(model->preset_str));
canvas_draw_str(canvas, 96, 62, string_get_cstr(model->history_stat_str));
canvas_set_font(canvas, FontSecondary);
elements_bold_rounded_frame(canvas, 14, 8, 99, 48);
elements_multiline_text(canvas, 65, 26, "To unlock\npress:");
canvas_draw_icon(canvas, 65, 42, &I_Pin_back_arrow_10x8);
canvas_draw_icon(canvas, 80, 42, &I_Pin_back_arrow_10x8);
canvas_draw_icon(canvas, 95, 42, &I_Pin_back_arrow_10x8);
canvas_draw_icon(canvas, 16, 13, &I_WarningDolphin_45x42);
canvas_draw_dot(canvas, 17, 61);
break;
case SubGhzViewReceiverBarShowUnlock:
canvas_draw_icon(canvas, 64, 55, &I_Unlock_7x8);
canvas_draw_str(canvas, 74, 62, "Unlocked");
break;
default:
canvas_draw_str(canvas, 44, 62, string_get_cstr(model->frequency_str));
canvas_draw_str(canvas, 79, 62, string_get_cstr(model->preset_str));
canvas_draw_str(canvas, 96, 62, string_get_cstr(model->history_stat_str));
break;
}
}
static void subghz_view_receiver_timer_callback(void* context) {
furi_assert(context);
SubGhzViewReceiver* subghz_receiver = context;
with_view_model(
subghz_receiver->view, (SubGhzViewReceiverModel * model) {
model->bar_show = SubGhzViewReceiverBarShowDefault;
return true;
});
if(subghz_receiver->lock_count < UNLOCK_CNT) {
subghz_receiver->callback(
SubGhzCustomEventViewReceiverOffDisplay, subghz_receiver->context);
} else {
subghz_receiver->lock = SubGhzLockOff;
subghz_receiver->callback(SubGhzCustomEventViewReceiverUnlock, subghz_receiver->context);
}
subghz_receiver->lock_count = 0;
}
bool subghz_view_receiver_input(InputEvent* event, void* context) {
furi_assert(context);
SubGhzViewReceiver* subghz_receiver = context;
if(subghz_receiver->lock == SubGhzLockOn) {
with_view_model(
subghz_receiver->view, (SubGhzViewReceiverModel * model) {
model->bar_show = SubGhzViewReceiverBarShowToUnlockPress;
return true;
});
if(subghz_receiver->lock_count == 0) {
osTimerStart(subghz_receiver->timer, pdMS_TO_TICKS(1000));
}
if(event->key == InputKeyBack && event->type == InputTypeShort) {
subghz_receiver->lock_count++;
}
if(subghz_receiver->lock_count >= UNLOCK_CNT) {
// subghz_receiver->callback(
// SubGhzCustomEventViewReceiverUnlock, subghz_receiver->context);
with_view_model(
subghz_receiver->view, (SubGhzViewReceiverModel * model) {
model->bar_show = SubGhzViewReceiverBarShowUnlock;
return true;
});
//subghz_receiver->lock = SubGhzLockOff;
osTimerStart(subghz_receiver->timer, pdMS_TO_TICKS(650));
}
return true;
}
if(event->key == InputKeyBack && event->type == InputTypeShort) {
subghz_receiver->callback(SubGhzCustomEventViewReceiverBack, subghz_receiver->context);
} else if(
@ -240,6 +345,7 @@ void subghz_view_receiver_exit(void* context) {
model->history_item = 0;
return false;
});
osTimerStop(subghz_receiver->timer);
}
SubGhzViewReceiver* subghz_view_receiver_alloc() {
@ -247,6 +353,9 @@ SubGhzViewReceiver* subghz_view_receiver_alloc() {
// View allocation and configuration
subghz_receiver->view = view_alloc();
subghz_receiver->lock = SubGhzLockOff;
subghz_receiver->lock_count = 0;
view_allocate_model(
subghz_receiver->view, ViewModelTypeLocking, sizeof(SubGhzViewReceiverModel));
view_set_context(subghz_receiver->view, subghz_receiver);
@ -260,11 +369,13 @@ SubGhzViewReceiver* subghz_view_receiver_alloc() {
string_init(model->frequency_str);
string_init(model->preset_str);
string_init(model->history_stat_str);
model->bar_show = SubGhzViewReceiverBarShowDefault;
model->history = malloc(sizeof(SubGhzReceiverHistory));
SubGhzReceiverMenuItemArray_init(model->history->data);
return true;
});
subghz_receiver->timer =
osTimerNew(subghz_view_receiver_timer_callback, osTimerOnce, subghz_receiver, NULL);
return subghz_receiver;
}
@ -285,6 +396,7 @@ void subghz_view_receiver_free(SubGhzViewReceiver* subghz_receiver) {
free(model->history);
return false;
});
osTimerDelete(subghz_receiver->timer);
view_free(subghz_receiver->view);
free(subghz_receiver);
}

3
applications/subghz/views/receiver.h
View file

@ -1,12 +1,15 @@
#pragma once
#include <gui/view.h>
#include "../helpers/subghz_types.h"
#include "../helpers/subghz_custom_event.h"
typedef struct SubGhzViewReceiver SubGhzViewReceiver;
typedef void (*SubGhzViewReceiverCallback)(SubGhzCustomEvent event, void* context);
void subghz_view_receiver_set_lock(SubGhzViewReceiver* subghz_receiver, SubGhzLock keyboard);
void subghz_view_receiver_set_callback(
SubGhzViewReceiver* subghz_receiver,
SubGhzViewReceiverCallback callback,

184
applications/unit_tests/nfc/nfc_test.c Normal file
View file

@ -0,0 +1,184 @@
#include <furi.h>
#include <furi_hal.h>
#include <applications/storage/storage.h>
#include <lib/flipper_format/flipper_format.h>
#include <lib/nfc_protocols/nfca.h>
#include <lib/digital_signal/digital_signal.h>
#include <lib/flipper_format/flipper_format_i.h>
#include <lib/toolbox/stream/file_stream.h>
#include "../minunit.h"
#define TAG "NfcTest"
#define NFC_TEST_RESOURCES_DIR "/ext/unit_tests/nfc/"
#define NFC_TEST_SIGNAL_SHORT_FILE "nfc_nfca_signal_short.nfc"
#define NFC_TEST_SIGNAL_LONG_FILE "nfc_nfca_signal_long.nfc"
static const char* nfc_test_file_type = "Flipper NFC test";
static const uint32_t nfc_test_file_version = 1;
#define NFC_TEST_DATA_MAX_LEN 18
#define NFC_TETS_TIMINGS_MAX_LEN 1350
typedef struct {
Storage* storage;
NfcaSignal* signal;
uint32_t test_data_len;
uint8_t test_data[NFC_TEST_DATA_MAX_LEN];
uint32_t test_timings_len;
uint32_t test_timings[NFC_TETS_TIMINGS_MAX_LEN];
} NfcTest;
static NfcTest* nfc_test = NULL;
static void nfc_test_alloc() {
nfc_test = malloc(sizeof(NfcTest));
nfc_test->signal = nfca_signal_alloc();
nfc_test->storage = furi_record_open("storage");
}
static void nfc_test_free() {
furi_assert(nfc_test);
furi_record_close("storage");
nfca_signal_free(nfc_test->signal);
free(nfc_test);
nfc_test = NULL;
}
static bool nfc_test_read_signal_from_file(const char* file_name) {
bool success = false;
FlipperFormat* file = flipper_format_file_alloc(nfc_test->storage);
string_t file_type;
string_init(file_type);
uint32_t file_version = 0;
do {
if(!flipper_format_file_open_existing(file, file_name)) break;
if(!flipper_format_read_header(file, file_type, &file_version)) break;
if(string_cmp_str(file_type, nfc_test_file_type) || file_version != nfc_test_file_version)
break;
if(!flipper_format_read_uint32(file, "Data length", &nfc_test->test_data_len, 1)) break;
if(nfc_test->test_data_len > NFC_TEST_DATA_MAX_LEN) break;
if(!flipper_format_read_hex(
file, "Plain data", nfc_test->test_data, nfc_test->test_data_len))
break;
if(!flipper_format_read_uint32(file, "Timings length", &nfc_test->test_timings_len, 1))
break;
if(nfc_test->test_timings_len > NFC_TETS_TIMINGS_MAX_LEN) break;
if(!flipper_format_read_uint32(
file, "Timings", nfc_test->test_timings, nfc_test->test_timings_len))
break;
success = true;
} while(false);
string_clear(file_type);
flipper_format_free(file);
return success;
}
static bool nfc_test_digital_signal_test_encode(
const char* file_name,
uint32_t encode_max_time,
uint32_t timing_tolerance,
uint32_t timings_sum_tolerance) {
furi_assert(nfc_test);
bool success = false;
uint32_t time = 0;
uint32_t dut_timings_sum = 0;
uint32_t ref_timings_sum = 0;
uint8_t parity[10] = {};
do {
// Read test data
if(!nfc_test_read_signal_from_file(file_name)) break;
// Encode signal
FURI_CRITICAL_ENTER();
time = DWT->CYCCNT;
nfca_signal_encode(
nfc_test->signal, nfc_test->test_data, nfc_test->test_data_len * 8, parity);
digital_signal_prepare_arr(nfc_test->signal->tx_signal);
time = (DWT->CYCCNT - time) / furi_hal_delay_instructions_per_microsecond();
FURI_CRITICAL_EXIT();
// Check timings
if(time > encode_max_time) {
FURI_LOG_E(
TAG, "Encoding time: %d us while accepted value: %d us", time, encode_max_time);
break;
}
// Check data
if(nfc_test->signal->tx_signal->edge_cnt != nfc_test->test_timings_len) {
FURI_LOG_E(TAG, "Not equal timings buffers length");
break;
}
uint32_t timings_diff = 0;
uint32_t* ref = nfc_test->test_timings;
uint32_t* dut = nfc_test->signal->tx_signal->reload_reg_buff;
bool timing_check_success = true;
for(size_t i = 0; i < nfc_test->test_timings_len; i++) {
timings_diff = dut[i] > ref[i] ? dut[i] - ref[i] : ref[i] - dut[i];
dut_timings_sum += dut[i];
ref_timings_sum += ref[i];
if(timings_diff > timing_tolerance) {
FURI_LOG_E(
TAG, "Too big differece in %d timings. Ref: %d, DUT: %d", i, ref[i], dut[i]);
timing_check_success = false;
break;
}
}
if(!timing_check_success) break;
uint32_t sum_diff = dut_timings_sum > ref_timings_sum ? dut_timings_sum - ref_timings_sum :
ref_timings_sum - dut_timings_sum;
if(sum_diff > timings_sum_tolerance) {
FURI_LOG_E(
TAG,
"Too big difference in timings sum. Ref: %d, DUT: %d",
ref_timings_sum,
dut_timings_sum);
break;
}
FURI_LOG_I(TAG, "Encoding time: %d us. Acceptable time: %d us", time, encode_max_time);
FURI_LOG_I(
TAG,
"Timings sum difference: %d [1/64MHZ]. Acceptable difference: %d [1/64MHz]",
sum_diff,
timings_sum_tolerance);
success = true;
} while(false);
return success;
}
MU_TEST(nfc_digital_signal_test) {
mu_assert(
nfc_test_digital_signal_test_encode(
NFC_TEST_RESOURCES_DIR NFC_TEST_SIGNAL_SHORT_FILE, 500, 1, 37),
"NFC short digital signal test failed\r\n");
mu_assert(
nfc_test_digital_signal_test_encode(
NFC_TEST_RESOURCES_DIR NFC_TEST_SIGNAL_LONG_FILE, 2000, 1, 37),
"NFC long digital signal test failed\r\n");
}
MU_TEST_SUITE(nfc) {
nfc_test_alloc();
MU_RUN_TEST(nfc_digital_signal_test);
nfc_test_free();
}
int run_minunit_test_nfc() {
MU_RUN_SUITE(nfc);
return MU_EXIT_CODE;
}

2
applications/unit_tests/test_index.c
View file

@ -19,6 +19,7 @@ int run_minunit_test_stream();
int run_minunit_test_storage();
int run_minunit_test_subghz();
int run_minunit_test_dirwalk();
int run_minunit_test_nfc();
void minunit_print_progress(void) {
static char progress[] = {'\\', '|', '/', '-'};
@ -67,6 +68,7 @@ void unit_tests_cli(Cli* cli, string_t args, void* context) {
test_result |= run_minunit_test_infrared_decoder_encoder();
test_result |= run_minunit_test_rpc();
test_result |= run_minunit_test_subghz();
test_result |= run_minunit_test_nfc();
cycle_counter = (furi_hal_get_tick() - cycle_counter);

6
assets/unit_tests/nfc/nfc_nfca_signal_long.nfc Normal file
View file

@ -0,0 +1,6 @@
Filetype: Flipper NFC test
Version: 1
Data length: 18
Plain data: f1 99 41 43 a1 2f 23 01 de f3 c5 8d 91 4b 1e 50 4a c9
Timings length: 1304
Timings: 37 37 36 37 37 37 36 339 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 640 37 37 37 37 36 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 641 37 37 36 37 37 37 36 339 37 37 36 37 37 37 36 37 37 37 36 37 37 37 37 640 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 339 37 37 36 37 37 37 36 37 37 37 37 36 37 37 37 640 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 641 37 36 37 37 37 37 36 339 37 37 36 37 37 37 36 339 37 37 36 37 37 37 37 338 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 339 36 37 37 37 37 36 37 37 37 36 37 37 37 36 37 641 37 37 36 37 37 37 36 339 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 37 36 37 37 37 37 36 37 641 37 36 37 37 37 36 37 37 37 36 37 37 37 37 36 339 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 641 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 640 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 339 36 37 37 37 37 36 37 37 37 36 37 37 37 36 37 641 37 36 37 37 37 37 36 339 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 339 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 339 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 36 37 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 641 37 37 36 37 37 37 36 37 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 641 37 36 37 37 37 37 36 339 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 641 37 36 37 37 37 36 37 37 37 36 37 37 37 36 37 641 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 36 37 37 37 37 36 37 641 37 36 37 37 37 36 37 37 37 36 37 37 37 37 36 641 37 37 36 37 37 37 36 37 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 339 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 37 37 36 37 37 37 36 37 641 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 338 37 37 37 37 36 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 641 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 641 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 641 37 37 36 37 37 37 37 338 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 339 36 37 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 36 37 37 37 37 36 339 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 37 37 36 37 37 37 36 37 641 37 37 36 37 37 37 36 37 37 37 36 37 37 37 37 640 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 641 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 37 37 37 36 37 37 37 36 641 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 339 36 37 37 37 36 37 37 37 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 641 37 37 36 37 37 37 36 0

6
assets/unit_tests/nfc/nfc_nfca_signal_short.nfc Normal file
View file

@ -0,0 +1,6 @@
Filetype: Flipper NFC test
Version: 1
Data length: 4
Plain data: 14 d8 a0 c9
Timings length: 296
Timings: 37 37 36 37 37 37 36 641 37 37 36 37 37 37 37 338 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 641 37 36 37 37 37 36 37 339 37 36 37 37 37 37 36 339 37 37 36 37 37 37 36 339 37 37 37 36 37 37 37 338 37 37 37 36 37 37 37 338 37 37 37 37 36 37 37 339 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 641 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 339 37 37 36 37 37 37 37 640 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 339 36 37 37 37 36 37 37 339 37 36 37 37 37 36 37 339 37 36 37 37 37 36 37 339 37 37 36 37 37 37 36 37 37 37 36 37 37 37 36 641 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 641 36 37 37 37 36 37 37 37 36 37 37 37 36 37 37 641 37 36 37 37 37 36 37 339 37 36 37 37 37 37 36 37 37 37 36 37 37 37 36 641 37 37 36 37 37 37 37 338 37 37 37 36 37 37 37 36 37 37 37 36 37 37 37 339 36 37 37 37 36 37 37 641 36 37 37 37 37 36 37 0

2
firmware.scons
View file

@ -195,6 +195,8 @@ fwelf = fwenv["FW_ELF"] = fwenv.Program(
# 2nd round
"flipperformat",
"toolbox",
"mbedtls",
"loclass",
],
)

119
firmware/targets/f7/furi_hal/furi_hal_nfc.c
View file

@ -8,6 +8,9 @@
#include <lib/digital_signal/digital_signal.h>
#include <furi_hal_delay.h>
#include <furi_hal_spi.h>
#include <furi_hal_gpio.h>
#include <furi_hal_resources.h>
#define TAG "FuriHalNfc"
@ -19,6 +22,8 @@ osEventFlagsId_t event = NULL;
#define EVENT_FLAG_STOP (1UL << 2)
#define EVENT_FLAG_ALL (EVENT_FLAG_INTERRUPT | EVENT_FLAG_STATE_CHANGED | EVENT_FLAG_STOP)
#define FURI_HAL_NFC_UID_INCOMPLETE (0x04)
void furi_hal_nfc_init() {
ReturnCode ret = rfalNfcInitialize();
if(ret == ERR_NONE) {
@ -243,6 +248,108 @@ bool furi_hal_nfc_listen(
return true;
}
static void furi_hal_nfc_read_fifo(uint8_t* data, uint16_t* bits) {
uint8_t fifo_status[2];
uint8_t rx_buff[64];
st25r3916ReadMultipleRegisters(
ST25R3916_REG_FIFO_STATUS1, fifo_status, ST25R3916_FIFO_STATUS_LEN);
uint16_t rx_bytes =
((((uint16_t)fifo_status[1] & ST25R3916_REG_FIFO_STATUS2_fifo_b_mask) >>
ST25R3916_REG_FIFO_STATUS2_fifo_b_shift)
<< 8);
rx_bytes |= (((uint16_t)fifo_status[0]) & 0x00FFU);
st25r3916ReadFifo(rx_buff, rx_bytes);
memcpy(data, rx_buff, rx_bytes);
*bits = rx_bytes * 8;
}
void furi_hal_nfc_listen_sleep() {
st25r3916ExecuteCommand(ST25R3916_CMD_GOTO_SLEEP);
}
bool furi_hal_nfc_listen_rx(FuriHalNfcTxRxContext* tx_rx, uint32_t timeout_ms) {
furi_assert(tx_rx);
// Wait for interrupts
uint32_t start = osKernelGetTickCount();
bool data_received = false;
while(true) {
if(furi_hal_gpio_read(&gpio_nfc_irq_rfid_pull) == true) {
st25r3916CheckForReceivedInterrupts();
if(st25r3916GetInterrupt(ST25R3916_IRQ_MASK_RXE)) {
furi_hal_nfc_read_fifo(tx_rx->rx_data, &tx_rx->rx_bits);
data_received = true;
break;
}
continue;
}
if(osKernelGetTickCount() - start > timeout_ms) {
FURI_LOG_D(TAG, "Interrupt waiting timeout");
break;
}
}
return data_received;
}
void furi_hal_nfc_listen_start(FuriHalNfcDevData* nfc_data) {
furi_assert(nfc_data);
furi_hal_gpio_init(&gpio_nfc_irq_rfid_pull, GpioModeInput, GpioPullDown, GpioSpeedVeryHigh);
// Clear interrupts
st25r3916ClearInterrupts();
// Mask all interrupts
st25r3916DisableInterrupts(ST25R3916_IRQ_MASK_ALL);
// RESET
st25r3916ExecuteCommand(ST25R3916_CMD_STOP);
// Setup registers
st25r3916WriteRegister(
ST25R3916_REG_OP_CONTROL,
ST25R3916_REG_OP_CONTROL_en | ST25R3916_REG_OP_CONTROL_rx_en |
ST25R3916_REG_OP_CONTROL_en_fd_auto_efd);
st25r3916WriteRegister(
ST25R3916_REG_MODE,
ST25R3916_REG_MODE_targ_targ | ST25R3916_REG_MODE_om3 | ST25R3916_REG_MODE_om0);
st25r3916WriteRegister(
ST25R3916_REG_PASSIVE_TARGET,
ST25R3916_REG_PASSIVE_TARGET_fdel_2 | ST25R3916_REG_PASSIVE_TARGET_fdel_0 |
ST25R3916_REG_PASSIVE_TARGET_d_ac_ap2p | ST25R3916_REG_PASSIVE_TARGET_d_212_424_1r);
st25r3916WriteRegister(ST25R3916_REG_MASK_RX_TIMER, 0x02);
// Mask interrupts
uint32_t clear_irq_mask =
(ST25R3916_IRQ_MASK_RXE | ST25R3916_IRQ_MASK_RXE_PTA | ST25R3916_IRQ_MASK_WU_A_X |
ST25R3916_IRQ_MASK_WU_A);
st25r3916EnableInterrupts(clear_irq_mask);
// Set 4 or 7 bytes UID
if(nfc_data->uid_len == 4) {
st25r3916ChangeRegisterBits(
ST25R3916_REG_AUX, ST25R3916_REG_AUX_nfc_id_mask, ST25R3916_REG_AUX_nfc_id_4bytes);
} else {
st25r3916ChangeRegisterBits(
ST25R3916_REG_AUX, ST25R3916_REG_AUX_nfc_id_mask, ST25R3916_REG_AUX_nfc_id_7bytes);
}
// Write PT Memory
uint8_t pt_memory[15] = {};
memcpy(pt_memory, nfc_data->uid, nfc_data->uid_len);
pt_memory[10] = nfc_data->atqa[0];
pt_memory[11] = nfc_data->atqa[1];
if(nfc_data->uid_len == 4) {
pt_memory[12] = nfc_data->sak & ~FURI_HAL_NFC_UID_INCOMPLETE;
} else {
pt_memory[12] = nfc_data->sak | FURI_HAL_NFC_UID_INCOMPLETE;
}
pt_memory[13] = nfc_data->sak & ~FURI_HAL_NFC_UID_INCOMPLETE;
pt_memory[14] = nfc_data->sak & ~FURI_HAL_NFC_UID_INCOMPLETE;
st25r3916WritePTMem(pt_memory, sizeof(pt_memory));
// Go to sence
st25r3916ExecuteCommand(ST25R3916_CMD_GOTO_SENSE);
}
void rfal_interrupt_callback_handler() {
osEventFlagsSet(event, EVENT_FLAG_INTERRUPT);
}
@ -369,23 +476,18 @@ bool furi_hal_nfc_emulate_nfca(
static bool furi_hal_nfc_transparent_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_t timeout_ms) {
furi_assert(tx_rx->nfca_signal);
platformDisableIrqCallback();
bool ret = false;
// Start transparent mode
st25r3916ExecuteCommand(ST25R3916_CMD_TRANSPARENT_MODE);
// Reconfigure gpio
// Reconfigure gpio for Transparent mode
furi_hal_spi_bus_handle_deinit(&furi_hal_spi_bus_handle_nfc);
furi_hal_gpio_init(&gpio_spi_r_sck, GpioModeInput, GpioPullUp, GpioSpeedLow);
furi_hal_gpio_init(&gpio_spi_r_miso, GpioModeInput, GpioPullUp, GpioSpeedLow);
furi_hal_gpio_init(&gpio_nfc_cs, GpioModeInput, GpioPullUp, GpioSpeedLow);
furi_hal_gpio_init(&gpio_spi_r_mosi, GpioModeOutputPushPull, GpioPullNo, GpioSpeedVeryHigh);
furi_hal_gpio_write(&gpio_spi_r_mosi, false);
// Send signal
FURI_CRITICAL_ENTER();
nfca_signal_encode(tx_rx->nfca_signal, tx_rx->tx_data, tx_rx->tx_bits, tx_rx->tx_parity);
digital_signal_send(tx_rx->nfca_signal->tx_signal, &gpio_spi_r_mosi);
FURI_CRITICAL_EXIT();
furi_hal_gpio_write(&gpio_spi_r_mosi, false);
// Configure gpio back to SPI and exit transparent
@ -443,7 +545,6 @@ static bool furi_hal_nfc_transparent_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_
}
st25r3916ClearInterrupts();
platformEnableIrqCallback();
return ret;
}

68
firmware/targets/f7/furi_hal/furi_hal_spi_config.c
View file

@ -188,6 +188,72 @@ inline static void furi_hal_spi_bus_r_handle_event_callback(
}
}
inline static void furi_hal_spi_bus_nfc_handle_event_callback(
FuriHalSpiBusHandle* handle,
FuriHalSpiBusHandleEvent event,
const LL_SPI_InitTypeDef* preset) {
if(event == FuriHalSpiBusHandleEventInit) {
// Configure GPIOs in normal SPI mode
furi_hal_gpio_init_ex(
handle->miso,
GpioModeAltFunctionPushPull,
GpioPullNo,
GpioSpeedVeryHigh,
GpioAltFn5SPI1);
furi_hal_gpio_init_ex(
handle->mosi,
GpioModeAltFunctionPushPull,
GpioPullNo,
GpioSpeedVeryHigh,
GpioAltFn5SPI1);
furi_hal_gpio_init_ex(
handle->sck,
GpioModeAltFunctionPushPull,
GpioPullNo,
GpioSpeedVeryHigh,
GpioAltFn5SPI1);
furi_hal_gpio_write(handle->cs, true);
furi_hal_gpio_init(handle->cs, GpioModeOutputPushPull, GpioPullNo, GpioSpeedVeryHigh);
} else if(event == FuriHalSpiBusHandleEventDeinit) {
// Configure GPIOs for st25r3916 Transparent mode
furi_hal_gpio_init(handle->sck, GpioModeInput, GpioPullUp, GpioSpeedLow);
furi_hal_gpio_init(handle->miso, GpioModeInput, GpioPullUp, GpioSpeedLow);
furi_hal_gpio_init(handle->cs, GpioModeInput, GpioPullUp, GpioSpeedLow);
furi_hal_gpio_write(handle->mosi, false);
furi_hal_gpio_init(handle->mosi, GpioModeOutputPushPull, GpioPullNo, GpioSpeedVeryHigh);
} else if(event == FuriHalSpiBusHandleEventActivate) {
LL_SPI_Init(handle->bus->spi, (LL_SPI_InitTypeDef*)preset);
LL_SPI_SetRxFIFOThreshold(handle->bus->spi, LL_SPI_RX_FIFO_TH_QUARTER);
LL_SPI_Enable(handle->bus->spi);
furi_hal_gpio_init_ex(
handle->miso,
GpioModeAltFunctionPushPull,
GpioPullNo,
GpioSpeedVeryHigh,
GpioAltFn5SPI1);
furi_hal_gpio_init_ex(
handle->mosi,
GpioModeAltFunctionPushPull,
GpioPullNo,
GpioSpeedVeryHigh,
GpioAltFn5SPI1);
furi_hal_gpio_init_ex(
handle->sck,
GpioModeAltFunctionPushPull,
GpioPullNo,
GpioSpeedVeryHigh,
GpioAltFn5SPI1);
} else if(event == FuriHalSpiBusHandleEventDeactivate) {
furi_hal_gpio_init(handle->miso, GpioModeAnalog, GpioPullNo, GpioSpeedLow);
furi_hal_gpio_init(handle->mosi, GpioModeAnalog, GpioPullNo, GpioSpeedLow);
furi_hal_gpio_init(handle->sck, GpioModeAnalog, GpioPullNo, GpioSpeedLow);
LL_SPI_Disable(handle->bus->spi);
}
}
static void furi_hal_spi_bus_handle_subghz_event_callback(
FuriHalSpiBusHandle* handle,
FuriHalSpiBusHandleEvent event) {
@ -206,7 +272,7 @@ FuriHalSpiBusHandle furi_hal_spi_bus_handle_subghz = {
static void furi_hal_spi_bus_handle_nfc_event_callback(
FuriHalSpiBusHandle* handle,
FuriHalSpiBusHandleEvent event) {
furi_hal_spi_bus_r_handle_event_callback(handle, event, &furi_hal_spi_preset_2edge_low_8m);
furi_hal_spi_bus_nfc_handle_event_callback(handle, event, &furi_hal_spi_preset_2edge_low_8m);
}
FuriHalSpiBusHandle furi_hal_spi_bus_handle_nfc = {

33
firmware/targets/furi_hal_include/furi_hal_nfc.h
View file

@ -163,6 +163,39 @@ bool furi_hal_nfc_listen(
bool activate_after_sak,
uint32_t timeout);
/** Start Target Listen mode
* @note RFAL free implementation
*
* @param nfc_data FuriHalNfcDevData instance
*/
void furi_hal_nfc_listen_start(FuriHalNfcDevData* nfc_data);
/** Read data in Target Listen mode
* @note Must be called only after furi_hal_nfc_listen_start()
*
* @param tx_rx FuriHalNfcTxRxContext instance
* @param timeout_ms timeout im ms
*
* @return true on not empty receive
*/
bool furi_hal_nfc_listen_rx(FuriHalNfcTxRxContext* tx_rx, uint32_t timeout_ms);
/** Set Target in Sleep state */
void furi_hal_nfc_listen_sleep();
/** Emulate NFC-A Target
* @note RFAL based implementation
*
* @param uid NFC-A UID
* @param uid_len NFC-A UID length
* @param atqa NFC-A ATQA
* @param sak NFC-A SAK
* @param callback FuriHalNfcEmulateCallback instance
* @param context pointer to context for callback
* @param timeout timeout in ms
*
* @return true on success
*/
bool furi_hal_nfc_emulate_nfca(
uint8_t* uid,
uint8_t uid_len,

2
lib/SConscript
View file

@ -72,6 +72,8 @@ libs = env.BuildModules(
"subghz",
"appframe",
"misc",
"mbedtls",
"loclass",
],
)

65
lib/ST25RFAL002/include/rfal_picopass.h Normal file
View file

@ -0,0 +1,65 @@
#ifndef RFAL_PICOPASS_H
#define RFAL_PICOPASS_H
/*
******************************************************************************
* INCLUDES
******************************************************************************
*/
#include "platform.h"
#include "rfal_rf.h"
#include "st_errno.h"
#define RFAL_PICOPASS_UID_LEN 8
#define RFAL_PICOPASS_MAX_BLOCK_LEN 8
#define RFAL_PICOPASS_TXRX_FLAGS \
(RFAL_TXRX_FLAGS_CRC_TX_MANUAL | RFAL_TXRX_FLAGS_AGC_ON | RFAL_TXRX_FLAGS_PAR_RX_REMV | \
RFAL_TXRX_FLAGS_CRC_RX_KEEP)
enum {
RFAL_PICOPASS_CMD_ACTALL = 0x0A,
RFAL_PICOPASS_CMD_IDENTIFY = 0x0C,
RFAL_PICOPASS_CMD_SELECT = 0x81,
RFAL_PICOPASS_CMD_READCHECK = 0x88,
RFAL_PICOPASS_CMD_CHECK = 0x05,
RFAL_PICOPASS_CMD_READ = 0x0C,
};
typedef struct {
uint8_t CSN[RFAL_PICOPASS_UID_LEN]; // Anti-collision CSN
uint8_t crc[2];
} rfalPicoPassIdentifyRes;
typedef struct {
uint8_t CSN[RFAL_PICOPASS_UID_LEN]; // Real CSN
uint8_t crc[2];
} rfalPicoPassSelectRes;
typedef struct {
uint8_t CCNR[8];
} rfalPicoPassReadCheckRes;
typedef struct {
uint8_t mac[4];
} rfalPicoPassCheckRes;
typedef struct {
uint8_t data[RFAL_PICOPASS_MAX_BLOCK_LEN];
uint8_t crc[2];
} rfalPicoPassReadBlockRes;
typedef struct {
rfalPicoPassReadBlockRes block[4];
} ApplicationArea;
ReturnCode rfalPicoPassPollerInitialize(void);
ReturnCode rfalPicoPassPollerCheckPresence(void);
ReturnCode rfalPicoPassPollerIdentify(rfalPicoPassIdentifyRes* idRes);
ReturnCode rfalPicoPassPollerSelect(uint8_t* csn, rfalPicoPassSelectRes* selRes);
ReturnCode rfalPicoPassPollerReadCheck(rfalPicoPassReadCheckRes* rcRes);
ReturnCode rfalPicoPassPollerCheck(uint8_t* mac, rfalPicoPassCheckRes* chkRes);
ReturnCode rfalPicoPassPollerReadBlock(uint8_t blockNum, rfalPicoPassReadBlockRes* readRes);
#endif /* RFAL_PICOPASS_H */

26
lib/ST25RFAL002/platform.c
View file

@ -6,11 +6,13 @@
typedef struct {
FuriThread* thread;
volatile PlatformIrqCallback callback;
bool need_spi_lock;
} RfalPlatform;
static volatile RfalPlatform rfal_platform = {
.thread = NULL,
.callback = NULL,
.need_spi_lock = true,
};
void nfc_isr(void* _ctx) {
@ -71,10 +73,30 @@ bool platformSpiTxRx(const uint8_t* txBuf, uint8_t* rxBuf, uint16_t len) {
return ret;
}
void platformProtectST25RComm() {
// Until we completely remove RFAL, NFC works with SPI from rfal_platform_irq_thread and nfc_worker
// threads. Some nfc features already stop using RFAL and work with SPI from nfc_worker only.
// rfal_platform_spi_acquire() and rfal_platform_spi_release() functions are used to lock SPI for a
// long term without locking it for each SPI transaction. This is needed for time critical communications.
void rfal_platform_spi_acquire() {
platformDisableIrqCallback();
rfal_platform.need_spi_lock = false;
furi_hal_spi_acquire(&furi_hal_spi_bus_handle_nfc);
}
void platformUnprotectST25RComm() {
void rfal_platform_spi_release() {
furi_hal_spi_release(&furi_hal_spi_bus_handle_nfc);
rfal_platform.need_spi_lock = true;
platformEnableIrqCallback();
}
void platformProtectST25RComm() {
if(rfal_platform.need_spi_lock) {
furi_hal_spi_acquire(&furi_hal_spi_bus_handle_nfc);
}
}
void platformUnprotectST25RComm() {
if(rfal_platform.need_spi_lock) {
furi_hal_spi_release(&furi_hal_spi_bus_handle_nfc);
}
}

2
lib/ST25RFAL002/platform.h
View file

@ -19,6 +19,8 @@ void platformDisableIrqCallback();
bool platformSpiTxRx(const uint8_t* txBuf, uint8_t* rxBuf, uint16_t len);
void platformProtectST25RComm();
void platformUnprotectST25RComm();
void rfal_platform_spi_acquire();
void rfal_platform_spi_release();
#define ST25R_SS_PIN NFC_CS_Pin
#define ST25R_SS_PORT NFC_CS_GPIO_Port

172
lib/ST25RFAL002/source/rfal_picopass.c Normal file
View file

@ -0,0 +1,172 @@
#include "rfal_picopass.h"
#include "utils.h"
typedef struct {
uint8_t CMD;
uint8_t CSN[RFAL_PICOPASS_UID_LEN];
} rfalPicoPassSelectReq;
typedef struct {
uint8_t CMD;
uint8_t null[4];
uint8_t mac[4];
} rfalPicoPassCheckReq;
ReturnCode rfalPicoPassPollerInitialize(void) {
ReturnCode ret;
EXIT_ON_ERR(ret, rfalSetMode(RFAL_MODE_POLL_PICOPASS, RFAL_BR_26p48, RFAL_BR_26p48));
rfalSetErrorHandling(RFAL_ERRORHANDLING_NFC);
rfalSetGT(RFAL_GT_PICOPASS);
rfalSetFDTListen(RFAL_FDT_LISTEN_PICOPASS_POLLER);
rfalSetFDTPoll(RFAL_FDT_POLL_PICOPASS_POLLER);
return ERR_NONE;
}
ReturnCode rfalPicoPassPollerCheckPresence(void) {
ReturnCode ret;
uint8_t txBuf[1] = {RFAL_PICOPASS_CMD_ACTALL};
uint8_t rxBuf[32] = {0};
uint16_t recvLen = 0;
uint32_t flags = RFAL_PICOPASS_TXRX_FLAGS;
uint32_t fwt = rfalConvMsTo1fc(20);
ret = rfalTransceiveBlockingTxRx(txBuf, 1, rxBuf, 32, &recvLen, flags, fwt);
return ret;
}
ReturnCode rfalPicoPassPollerIdentify(rfalPicoPassIdentifyRes* idRes) {
ReturnCode ret;
uint8_t txBuf[1] = {RFAL_PICOPASS_CMD_IDENTIFY};
uint16_t recvLen = 0;
uint32_t flags = RFAL_PICOPASS_TXRX_FLAGS;
uint32_t fwt = rfalConvMsTo1fc(20);
ret = rfalTransceiveBlockingTxRx(
txBuf,
sizeof(txBuf),
(uint8_t*)idRes,
sizeof(rfalPicoPassIdentifyRes),
&recvLen,
flags,
fwt);
// printf("identify rx: %d %s\n", recvLen, hex2Str(idRes->CSN, RFAL_PICOPASS_UID_LEN));
return ret;
}
ReturnCode rfalPicoPassPollerSelect(uint8_t* csn, rfalPicoPassSelectRes* selRes) {
ReturnCode ret;
rfalPicoPassSelectReq selReq;
selReq.CMD = RFAL_PICOPASS_CMD_SELECT;
ST_MEMCPY(selReq.CSN, csn, RFAL_PICOPASS_UID_LEN);
uint16_t recvLen = 0;
uint32_t flags = RFAL_PICOPASS_TXRX_FLAGS;
uint32_t fwt = rfalConvMsTo1fc(20);
ret = rfalTransceiveBlockingTxRx(
(uint8_t*)&selReq,
sizeof(rfalPicoPassSelectReq),
(uint8_t*)selRes,
sizeof(rfalPicoPassSelectRes),
&recvLen,
flags,
fwt);
// printf("select rx: %d %s\n", recvLen, hex2Str(selRes->CSN, RFAL_PICOPASS_UID_LEN));
if(ret == ERR_TIMEOUT) {
return ERR_NONE;
}
return ret;
}
ReturnCode rfalPicoPassPollerReadCheck(rfalPicoPassReadCheckRes* rcRes) {
ReturnCode ret;
uint8_t txBuf[2] = {RFAL_PICOPASS_CMD_READCHECK, 0x02};
uint16_t recvLen = 0;
uint32_t flags = RFAL_PICOPASS_TXRX_FLAGS;
uint32_t fwt = rfalConvMsTo1fc(20);
ret = rfalTransceiveBlockingTxRx(
txBuf,
sizeof(txBuf),
(uint8_t*)rcRes,
sizeof(rfalPicoPassReadCheckRes),
&recvLen,
flags,
fwt);
// printf("readcheck rx: %d %s\n", recvLen, hex2Str(rcRes->CCNR, 8));
if(ret == ERR_CRC) {
return ERR_NONE;
}
return ret;
}
ReturnCode rfalPicoPassPollerCheck(uint8_t* mac, rfalPicoPassCheckRes* chkRes) {
ReturnCode ret;
rfalPicoPassCheckReq chkReq;
chkReq.CMD = RFAL_PICOPASS_CMD_CHECK;
ST_MEMCPY(chkReq.mac, mac, 4);
ST_MEMSET(chkReq.null, 0, 4);
uint16_t recvLen = 0;
uint32_t flags = RFAL_PICOPASS_TXRX_FLAGS;
uint32_t fwt = rfalConvMsTo1fc(20);
// printf("check tx: %s\n", hex2Str((uint8_t *)&chkReq, sizeof(rfalPicoPassCheckReq)));
ret = rfalTransceiveBlockingTxRx(
(uint8_t*)&chkReq,
sizeof(rfalPicoPassCheckReq),
(uint8_t*)chkRes,
sizeof(rfalPicoPassCheckRes),
&recvLen,
flags,
fwt);
// printf("check rx: %d %s\n", recvLen, hex2Str(chkRes->mac, 4));
if(ret == ERR_CRC) {
return ERR_NONE;
}
return ret;
}
ReturnCode rfalPicoPassPollerReadBlock(uint8_t blockNum, rfalPicoPassReadBlockRes* readRes) {
ReturnCode ret;
/*
* ./reveng -w 16 -s 0c07cc47 0c064556 0c083bbf 0c09b2ae
width=16 poly=0x1021 init=0xd924 refin=true refout=true xorout=0x0000 check=0x1329 residue=0x0000 name=(none)
0c 06 45 56
0c 07 cc 47
0c 08 3b bf
0c 09 b2 ae
*/
uint8_t readCmds[4][4] = {
{RFAL_PICOPASS_CMD_READ, 6, 0x45, 0x56},
{RFAL_PICOPASS_CMD_READ, 7, 0xcc, 0x47},
{RFAL_PICOPASS_CMD_READ, 8, 0x3b, 0xbf},
{RFAL_PICOPASS_CMD_READ, 9, 0xb2, 0xae}};
uint8_t* txBuf = readCmds[blockNum - 6];
uint16_t recvLen = 0;
uint32_t flags = RFAL_PICOPASS_TXRX_FLAGS;
uint32_t fwt = rfalConvMsTo1fc(20);
ret = rfalTransceiveBlockingTxRx(
txBuf,
sizeof(txBuf),
(uint8_t*)readRes,
sizeof(rfalPicoPassReadBlockRes),
&recvLen,
flags,
fwt);
// printf("check rx: %d %s\n", recvLen, hex2Str(readRes->data, RFAL_PICOPASS_MAX_BLOCK_LEN));
return ret;
}

46
lib/digital_signal/digital_signal.c
View file

@ -5,14 +5,17 @@
#include <stm32wbxx_ll_tim.h>
#include <math.h>
#pragma GCC optimize("O3,unroll-loops,Ofast")
#define F_TIM (64000000.0)
#define T_TIM (1.0 / F_TIM)
#define T_TIM 1562 //15.625 ns *100
#define T_TIM_DIV2 781 //15.625 ns / 2 *100
DigitalSignal* digital_signal_alloc(uint32_t max_edges_cnt) {
DigitalSignal* signal = malloc(sizeof(DigitalSignal));
signal->start_level = true;
signal->edges_max_cnt = max_edges_cnt;
signal->edge_timings = malloc(max_edges_cnt * sizeof(float));
signal->edge_timings = malloc(max_edges_cnt * sizeof(uint32_t));
signal->reload_reg_buff = malloc(max_edges_cnt * sizeof(uint32_t));
signal->edge_cnt = 0;
@ -48,10 +51,10 @@ bool digital_signal_append(DigitalSignal* signal_a, DigitalSignal* signal_b) {
signal_a->edge_timings[signal_a->edge_cnt] += signal_b->edge_timings[0];
}
}
memcpy(
&signal_a->edge_timings[signal_a->edge_cnt],
&signal_b->edge_timings[start_copy],
(signal_b->edge_cnt - start_copy) * sizeof(float));
for(size_t i = 0; i < signal_b->edge_cnt - start_copy; i++) {
signal_a->edge_timings[signal_a->edge_cnt + i] = signal_b->edge_timings[start_copy + i];
}
signal_a->edge_cnt += signal_b->edge_cnt - start_copy;
return true;
@ -69,34 +72,33 @@ uint32_t digital_signal_get_edges_cnt(DigitalSignal* signal) {
return signal->edge_cnt;
}
float digital_signal_get_edge(DigitalSignal* signal, uint32_t edge_num) {
uint32_t digital_signal_get_edge(DigitalSignal* signal, uint32_t edge_num) {
furi_assert(signal);
furi_assert(edge_num < signal->edge_cnt);
return signal->edge_timings[edge_num];
}
static void digital_signal_prepare_arr(DigitalSignal* signal) {
float t_signal = 0;
float t_current = 0;
float r = 0;
float r_int = 0;
float r_dec = 0;
void digital_signal_prepare_arr(DigitalSignal* signal) {
uint32_t t_signal_rest = signal->edge_timings[0];
uint32_t r_count_tick_arr = 0;
uint32_t r_rest_div = 0;
for(size_t i = 0; i < signal->edge_cnt - 1; i++) {
t_signal += signal->edge_timings[i];
r = (t_signal - t_current) / T_TIM;
r_dec = modff(r, &r_int);
if(r_dec < 0.5f) {
signal->reload_reg_buff[i] = (uint32_t)r_int - 1;
r_count_tick_arr = t_signal_rest / T_TIM;
r_rest_div = t_signal_rest % T_TIM;
t_signal_rest = signal->edge_timings[i + 1] + r_rest_div;
if(r_rest_div < T_TIM_DIV2) {
signal->reload_reg_buff[i] = r_count_tick_arr - 1;
} else {
signal->reload_reg_buff[i] = (uint32_t)r_int;
signal->reload_reg_buff[i] = r_count_tick_arr;
t_signal_rest -= T_TIM;
}
t_current += (signal->reload_reg_buff[i] + 1) * T_TIM;
}
}
bool digital_signal_send(DigitalSignal* signal, const GpioPin* gpio) {
void digital_signal_send(DigitalSignal* signal, const GpioPin* gpio) {
furi_assert(signal);
furi_assert(gpio);
@ -168,6 +170,4 @@ bool digital_signal_send(DigitalSignal* signal, const GpioPin* gpio) {
LL_TIM_SetCounter(TIM2, 0);
LL_DMA_DisableChannel(DMA1, LL_DMA_CHANNEL_1);
LL_DMA_DisableChannel(DMA1, LL_DMA_CHANNEL_2);
return true;
}

8
lib/digital_signal/digital_signal.h
View file

@ -10,7 +10,7 @@ typedef struct {
bool start_level;
uint32_t edge_cnt;
uint32_t edges_max_cnt;
float* edge_timings;
uint32_t* edge_timings;
uint32_t* reload_reg_buff;
} DigitalSignal;
@ -20,10 +20,12 @@ void digital_signal_free(DigitalSignal* signal);
bool digital_signal_append(DigitalSignal* signal_a, DigitalSignal* signal_b);
void digital_signal_prepare_arr(DigitalSignal* signal);
bool digital_signal_get_start_level(DigitalSignal* signal);
uint32_t digital_signal_get_edges_cnt(DigitalSignal* signal);
float digital_signal_get_edge(DigitalSignal* signal, uint32_t edge_num);
uint32_t digital_signal_get_edge(DigitalSignal* signal, uint32_t edge_num);
bool digital_signal_send(DigitalSignal* signal, const GpioPin* gpio);
void digital_signal_send(DigitalSignal* signal, const GpioPin* gpio);

19
lib/loclass.scons Normal file
View file

@ -0,0 +1,19 @@
Import("env")
env.Append(
CPPPATH=[
"#/lib/loclass",
],
CPPDEFINES=[
],
)
libenv = env.Clone(FW_LIB_NAME="loclass")
libenv.ApplyLibFlags()
sources = Glob("loclass/*.c", source=True)
lib = libenv.StaticLibrary("${FW_LIB_NAME}", sources)
libenv.Install("${LIB_DIST_DIR}", lib)
Return("lib")

338
lib/loclass/optimized_cipher.c Normal file
View file

@ -0,0 +1,338 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
/*
This file contains an optimized version of the MAC-calculation algorithm. Some measurements on
a std laptop showed it runs in about 1/3 of the time:
Std: 0.428962
Opt: 0.151609
Additionally, it is self-reliant, not requiring e.g. bitstreams from the cipherutils, thus can
be easily dropped into a code base.
The optimizations have been performed in the following steps:
* Parameters passed by reference instead of by value.
* Iteration instead of recursion, un-nesting recursive loops into for-loops.
* Handling of bytes instead of individual bits, for less shuffling and masking
* Less creation of "objects", structs, and instead reuse of alloc:ed memory
* Inlining some functions via #define:s
As a consequence, this implementation is less generic. Also, I haven't bothered documenting this.
For a thorough documentation, check out the MAC-calculation within cipher.c instead.
-- MHS 2015
**/
/**
The runtime of opt_doTagMAC_2() with the MHS optimized version was 403 microseconds on Proxmark3.
This was still to slow for some newer readers which didn't want to wait that long.
Further optimizations to speedup the MAC calculations:
* Optimized opt_Tt logic
* Look up table for opt_select
* Removing many unnecessary bit maskings (& 0x1)
* updating state in place instead of alternating use of a second state structure
* remove the necessity to reverse bits of input and output bytes
opt_doTagMAC_2() now completes in 270 microseconds.
-- piwi 2019
**/
/**
add the possibility to do iCLASS on device only
-- iceman 2020
**/
#include "optimized_cipher.h"
#include "optimized_elite.h"
#include "optimized_ikeys.h"
#include "optimized_cipherutils.h"
static const uint8_t opt_select_LUT[256] = {
00, 03, 02, 01, 02, 03, 00, 01, 04, 07, 07, 04, 06, 07, 05, 04,
01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04,
06, 05, 04, 07, 04, 05, 06, 07, 06, 05, 05, 06, 04, 05, 07, 06,
07, 04, 05, 06, 04, 05, 06, 07, 07, 04, 04, 07, 04, 05, 07, 06,
06, 05, 04, 07, 04, 05, 06, 07, 02, 01, 01, 02, 00, 01, 03, 02,
03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06,
00, 03, 02, 01, 02, 03, 00, 01, 00, 03, 03, 00, 02, 03, 01, 00,
05, 06, 07, 04, 06, 07, 04, 05, 05, 06, 06, 05, 06, 07, 05, 04,
02, 01, 00, 03, 00, 01, 02, 03, 06, 05, 05, 06, 04, 05, 07, 06,
03, 00, 01, 02, 00, 01, 02, 03, 07, 04, 04, 07, 04, 05, 07, 06,
02, 01, 00, 03, 00, 01, 02, 03, 02, 01, 01, 02, 00, 01, 03, 02,
03, 00, 01, 02, 00, 01, 02, 03, 03, 00, 00, 03, 00, 01, 03, 02,
04, 07, 06, 05, 06, 07, 04, 05, 00, 03, 03, 00, 02, 03, 01, 00,
01, 02, 03, 00, 02, 03, 00, 01, 05, 06, 06, 05, 06, 07, 05, 04,
04, 07, 06, 05, 06, 07, 04, 05, 04, 07, 07, 04, 06, 07, 05, 04,
01, 02, 03, 00, 02, 03, 00, 01, 01, 02, 02, 01, 02, 03, 01, 00
};
/********************** the table above has been generated with this code: ********
#include "util.h"
static void init_opt_select_LUT(void) {
for (int r = 0; r < 256; r++) {
uint8_t r_ls2 = r << 2;
uint8_t r_and_ls2 = r & r_ls2;
uint8_t r_or_ls2 = r | r_ls2;
uint8_t z0 = (r_and_ls2 >> 5) ^ ((r & ~r_ls2) >> 4) ^ ( r_or_ls2 >> 3);
uint8_t z1 = (r_or_ls2 >> 6) ^ ( r_or_ls2 >> 1) ^ (r >> 5) ^ r;
uint8_t z2 = ((r & ~r_ls2) >> 4) ^ (r_and_ls2 >> 3) ^ r;
opt_select_LUT[r] = (z0 & 4) | (z1 & 2) | (z2 & 1);
}
print_result("", opt_select_LUT, 256);
}
***********************************************************************************/
#define opt__select(x,y,r) (4 & (((r & (r << 2)) >> 5) ^ ((r & ~(r << 2)) >> 4) ^ ( (r | r << 2) >> 3)))\
|(2 & (((r | r << 2) >> 6) ^ ( (r | r << 2) >> 1) ^ (r >> 5) ^ r ^ ((x^y) << 1)))\
|(1 & (((r & ~(r << 2)) >> 4) ^ ((r & (r << 2)) >> 3) ^ r ^ x))
/*
* Some background on the expression above can be found here...
uint8_t xopt__select(bool x, bool y, uint8_t r)
{
//r: r0 r1 r2 r3 r4 r5 r6 r7
//r_ls2: r2 r3 r4 r5 r6 r7 0 0
// z0
// z1
// uint8_t z0 = (r0 & r2) ^ (r1 & ~r3) ^ (r2 | r4); // <-- original
uint8_t z0 = (r_and_ls2 >> 5) ^ ((r & ~r_ls2) >> 4) ^ ( r_or_ls2 >> 3);
// uint8_t z1 = (r0 | r2) ^ ( r5 | r7) ^ r1 ^ r6 ^ x ^ y; // <-- original
uint8_t z1 = (r_or_ls2 >> 6) ^ ( r_or_ls2 >> 1) ^ (r >> 5) ^ r ^ ((x^y) << 1);
// uint8_t z2 = (r3 & ~r5) ^ (r4 & r6 ) ^ r7 ^ x; // <-- original
uint8_t z2 = ((r & ~r_ls2) >> 4) ^ (r_and_ls2 >> 3) ^ r ^ x;
return (z0 & 4) | (z1 & 2) | (z2 & 1);
}
*/
static void opt_successor(const uint8_t *k, State_t *s, uint8_t y) {
// #define opt_T(s) (0x1 & ((s->t >> 15) ^ (s->t >> 14) ^ (s->t >> 10) ^ (s->t >> 8) ^ (s->t >> 5) ^ (s->t >> 4)^ (s->t >> 1) ^ s->t))
// uint8_t Tt = opt_T(s);
uint16_t Tt = s->t & 0xc533;
Tt = Tt ^ (Tt >> 1);
Tt = Tt ^ (Tt >> 4);
Tt = Tt ^ (Tt >> 10);
Tt = Tt ^ (Tt >> 8);
s->t = (s->t >> 1);
s->t |= (Tt ^ (s->r >> 7) ^ (s->r >> 3)) << 15;
uint8_t opt_B = s->b;
opt_B ^= s->b >> 6;
opt_B ^= s->b >> 5;
opt_B ^= s->b >> 4;
s->b = s->b >> 1;
s->b |= (opt_B ^ s->r) << 7;
uint8_t opt_select = opt_select_LUT[s->r] & 0x04;
opt_select |= (opt_select_LUT[s->r] ^ ((Tt ^ y) << 1)) & 0x02;
opt_select |= (opt_select_LUT[s->r] ^ Tt) & 0x01;
uint8_t r = s->r;
s->r = (k[opt_select] ^ s->b) + s->l ;
s->l = s->r + r;
}
static void opt_suc(const uint8_t *k, State_t *s, const uint8_t *in, uint8_t length, bool add32Zeroes) {
for (int i = 0; i < length; i++) {
uint8_t head;
head = in[i];
opt_successor(k, s, head);
head >>= 1;
opt_successor(k, s, head);
head >>= 1;
opt_successor(k, s, head);
head >>= 1;
opt_successor(k, s, head);
head >>= 1;
opt_successor(k, s, head);
head >>= 1;
opt_successor(k, s, head);
head >>= 1;
opt_successor(k, s, head);
head >>= 1;
opt_successor(k, s, head);
}
//For tag MAC, an additional 32 zeroes
if (add32Zeroes) {
for (int i = 0; i < 16; i++) {
opt_successor(k, s, 0);
opt_successor(k, s, 0);
}
}
}
static void opt_output(const uint8_t *k, State_t *s, uint8_t *buffer) {
for (uint8_t times = 0; times < 4; times++) {
uint8_t bout = 0;
bout |= (s->r & 0x4) >> 2;
opt_successor(k, s, 0);
bout |= (s->r & 0x4) >> 1;
opt_successor(k, s, 0);
bout |= (s->r & 0x4);
opt_successor(k, s, 0);
bout |= (s->r & 0x4) << 1;
opt_successor(k, s, 0);
bout |= (s->r & 0x4) << 2;
opt_successor(k, s, 0);
bout |= (s->r & 0x4) << 3;
opt_successor(k, s, 0);
bout |= (s->r & 0x4) << 4;
opt_successor(k, s, 0);
bout |= (s->r & 0x4) << 5;
opt_successor(k, s, 0);
buffer[times] = bout;
}
}
static void opt_MAC(uint8_t *k, uint8_t *input, uint8_t *out) {
State_t _init = {
((k[0] ^ 0x4c) + 0xEC) & 0xFF,// l
((k[0] ^ 0x4c) + 0x21) & 0xFF,// r
0x4c, // b
0xE012 // t
};
opt_suc(k, &_init, input, 12, false);
opt_output(k, &_init, out);
}
static void opt_MAC_N(uint8_t *k, uint8_t *input, uint8_t in_size, uint8_t *out) {
State_t _init = {
((k[0] ^ 0x4c) + 0xEC) & 0xFF,// l
((k[0] ^ 0x4c) + 0x21) & 0xFF,// r
0x4c, // b
0xE012 // t
};
opt_suc(k, &_init, input, in_size, false);
opt_output(k, &_init, out);
}
void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]) {
uint8_t dest [] = {0, 0, 0, 0, 0, 0, 0, 0};
opt_MAC(div_key_p, cc_nr_p, dest);
memcpy(mac, dest, 4);
}
void opt_doReaderMAC_2(State_t _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p) {
opt_suc(div_key_p, &_init, nr, 4, false);
opt_output(div_key_p, &_init, mac);
}
void doMAC_N(uint8_t *in_p, uint8_t in_size, uint8_t *div_key_p, uint8_t mac[4]) {
uint8_t dest [] = {0, 0, 0, 0, 0, 0, 0, 0};
opt_MAC_N(div_key_p, in_p, in_size, dest);
memcpy(mac, dest, 4);
}
void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]) {
State_t _init = {
((div_key_p[0] ^ 0x4c) + 0xEC) & 0xFF,// l
((div_key_p[0] ^ 0x4c) + 0x21) & 0xFF,// r
0x4c, // b
0xE012 // t
};
opt_suc(div_key_p, &_init, cc_p, 12, true);
opt_output(div_key_p, &_init, mac);
}
/**
* The tag MAC can be divided (both can, but no point in dividing the reader mac) into
* two functions, since the first 8 bytes are known, we can pre-calculate the state
* reached after feeding CC to the cipher.
* @param cc_p
* @param div_key_p
* @return the cipher state
*/
State_t opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p) {
State_t _init = {
((div_key_p[0] ^ 0x4c) + 0xEC) & 0xFF,// l
((div_key_p[0] ^ 0x4c) + 0x21) & 0xFF,// r
0x4c, // b
0xE012 // t
};
opt_suc(div_key_p, &_init, cc_p, 8, false);
return _init;
}
/**
* The second part of the tag MAC calculation, since the CC is already calculated into the state,
* this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag
* MAC response.
* @param _init - precalculated cipher state
* @param nr - the reader challenge
* @param mac - where to store the MAC
* @param div_key_p - the key to use
*/
void opt_doTagMAC_2(State_t _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p) {
opt_suc(div_key_p, &_init, nr, 4, true);
opt_output(div_key_p, &_init, mac);
}
void iclass_calc_div_key(uint8_t *csn, uint8_t *key, uint8_t *div_key, bool elite) {
if (elite) {
uint8_t keytable[128] = {0};
uint8_t key_index[8] = {0};
uint8_t key_sel[8] = { 0 };
uint8_t key_sel_p[8] = { 0 };
hash2(key, keytable);
hash1(csn, key_index);
for (uint8_t i = 0; i < 8 ; i++)
key_sel[i] = keytable[key_index[i]];
//Permute from iclass format to standard format
permutekey_rev(key_sel, key_sel_p);
diversifyKey(csn, key_sel_p, div_key);
} else {
diversifyKey(csn, key, div_key);
}
}

90
lib/loclass/optimized_cipher.h Normal file
View file

@ -0,0 +1,90 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// More recently from https://github.com/RfidResearchGroup/proxmark3
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
#ifndef OPTIMIZED_CIPHER_H
#define OPTIMIZED_CIPHER_H
#include <stdlib.h>
#include <string.h>
#include <stdbool.h>
#include <stdint.h>
/**
* Definition 1 (Cipher state). A cipher state of iClass s is an element of F 40/2
* consisting of the following four components:
* 1. the left register l = (l 0 . . . l 7 ) F 8/2 ;
* 2. the right register r = (r 0 . . . r 7 ) F 8/2 ;
* 3. the top register t = (t 0 . . . t 15 ) F 16/2 .
* 4. the bottom register b = (b 0 . . . b 7 ) F 8/2 .
**/
typedef struct {
uint8_t l;
uint8_t r;
uint8_t b;
uint16_t t;
} State_t;
/** The reader MAC is MAC(key, CC * NR )
**/
void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]);
void opt_doReaderMAC_2(State_t _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p);
/**
* The tag MAC is MAC(key, CC * NR * 32x0))
*/
void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]);
/**
* The tag MAC can be divided (both can, but no point in dividing the reader mac) into
* two functions, since the first 8 bytes are known, we can pre-calculate the state
* reached after feeding CC to the cipher.
* @param cc_p
* @param div_key_p
* @return the cipher state
*/
State_t opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p);
/**
* The second part of the tag MAC calculation, since the CC is already calculated into the state,
* this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag
* MAC response.
* @param _init - precalculated cipher state
* @param nr - the reader challenge
* @param mac - where to store the MAC
* @param div_key_p - the key to use
*/
void opt_doTagMAC_2(State_t _init, uint8_t *nr, uint8_t mac[4], const uint8_t *div_key_p);
void doMAC_N(uint8_t *in_p, uint8_t in_size, uint8_t *div_key_p, uint8_t mac[4]);
void iclass_calc_div_key(uint8_t *csn, uint8_t *key, uint8_t *div_key, bool elite);
#endif // OPTIMIZED_CIPHER_H

137
lib/loclass/optimized_cipherutils.c Normal file
View file

@ -0,0 +1,137 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
#include "optimized_cipherutils.h"
#include <stdint.h>
/**
*
* @brief Return and remove the first bit (x0) in the stream : <x0 x1 x2 x3 ... xn >
* @param stream
* @return
*/
bool headBit(BitstreamIn_t *stream) {
int bytepos = stream->position >> 3; // divide by 8
int bitpos = (stream->position++) & 7; // mask out 00000111
return (*(stream->buffer + bytepos) >> (7 - bitpos)) & 1;
}
/**
* @brief Return and remove the last bit (xn) in the stream: <x0 x1 x2 ... xn>
* @param stream
* @return
*/
bool tailBit(BitstreamIn_t *stream) {
int bitpos = stream->numbits - 1 - (stream->position++);
int bytepos = bitpos >> 3;
bitpos &= 7;
return (*(stream->buffer + bytepos) >> (7 - bitpos)) & 1;
}
/**
* @brief Pushes bit onto the stream
* @param stream
* @param bit
*/
void pushBit(BitstreamOut_t *stream, bool bit) {
int bytepos = stream->position >> 3; // divide by 8
int bitpos = stream->position & 7;
*(stream->buffer + bytepos) |= (bit) << (7 - bitpos);
stream->position++;
stream->numbits++;
}
/**
* @brief Pushes the lower six bits onto the stream
* as b0 b1 b2 b3 b4 b5 b6
* @param stream
* @param bits
*/
void push6bits(BitstreamOut_t *stream, uint8_t bits) {
pushBit(stream, bits & 0x20);
pushBit(stream, bits & 0x10);
pushBit(stream, bits & 0x08);
pushBit(stream, bits & 0x04);
pushBit(stream, bits & 0x02);
pushBit(stream, bits & 0x01);
}
/**
* @brief bitsLeft
* @param stream
* @return number of bits left in stream
*/
int bitsLeft(BitstreamIn_t *stream) {
return stream->numbits - stream->position;
}
/**
* @brief numBits
* @param stream
* @return Number of bits stored in stream
*/
void x_num_to_bytes(uint64_t n, size_t len, uint8_t *dest) {
while (len--) {
dest[len] = (uint8_t) n;
n >>= 8;
}
}
uint64_t x_bytes_to_num(uint8_t *src, size_t len) {
uint64_t num = 0;
while (len--) {
num = (num << 8) | (*src);
src++;
}
return num;
}
uint8_t reversebytes(uint8_t b) {
b = (b & 0xF0) >> 4 | (b & 0x0F) << 4;
b = (b & 0xCC) >> 2 | (b & 0x33) << 2;
b = (b & 0xAA) >> 1 | (b & 0x55) << 1;
return b;
}
void reverse_arraybytes(uint8_t *arr, size_t len) {
uint8_t i;
for (i = 0; i < len ; i++) {
arr[i] = reversebytes(arr[i]);
}
}
void reverse_arraycopy(uint8_t *arr, uint8_t *dest, size_t len) {
uint8_t i;
for (i = 0; i < len ; i++) {
dest[i] = reversebytes(arr[i]);
}
}

64
lib/loclass/optimized_cipherutils.h Normal file
View file

@ -0,0 +1,64 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// More recently from https://github.com/RfidResearchGroup/proxmark3
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
#ifndef CIPHERUTILS_H
#define CIPHERUTILS_H
#include <stdint.h>
#include <stdbool.h>
#include <stdlib.h>
typedef struct {
uint8_t *buffer;
uint8_t numbits;
uint8_t position;
} BitstreamIn_t;
typedef struct {
uint8_t *buffer;
uint8_t numbits;
uint8_t position;
} BitstreamOut_t;
bool headBit(BitstreamIn_t *stream);
bool tailBit(BitstreamIn_t *stream);
void pushBit(BitstreamOut_t *stream, bool bit);
int bitsLeft(BitstreamIn_t *stream);
void push6bits(BitstreamOut_t *stream, uint8_t bits);
void x_num_to_bytes(uint64_t n, size_t len, uint8_t *dest);
uint64_t x_bytes_to_num(uint8_t *src, size_t len);
uint8_t reversebytes(uint8_t b);
void reverse_arraybytes(uint8_t *arr, size_t len);
void reverse_arraycopy(uint8_t *arr, uint8_t *dest, size_t len);
#endif // CIPHERUTILS_H

234
lib/loclass/optimized_elite.c Normal file
View file

@ -0,0 +1,234 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
#include "optimized_elite.h"
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <mbedtls/des.h>
#include "optimized_ikeys.h"
/**
* @brief Permutes a key from standard NIST format to Iclass specific format
* from http://www.proxmark.org/forum/viewtopic.php?pid=11220#p11220
*
* If you permute [6c 8d 44 f9 2a 2d 01 bf] you get [8a 0d b9 88 bb a7 90 ea] as shown below.
*
* 1 0 1 1 1 1 1 1 bf
* 0 0 0 0 0 0 0 1 01
* 0 0 1 0 1 1 0 1 2d
* 0 0 1 0 1 0 1 0 2a
* 1 1 1 1 1 0 0 1 f9
* 0 1 0 0 0 1 0 0 44
* 1 0 0 0 1 1 0 1 8d
* 0 1 1 0 1 1 0 0 6c
*
* 8 0 b 8 b a 9 e
* a d 9 8 b 7 0 a
*
* @param key
* @param dest
*/
void permutekey(const uint8_t key[8], uint8_t dest[8]) {
int i;
for (i = 0 ; i < 8 ; i++) {
dest[i] = (((key[7] & (0x80 >> i)) >> (7 - i)) << 7) |
(((key[6] & (0x80 >> i)) >> (7 - i)) << 6) |
(((key[5] & (0x80 >> i)) >> (7 - i)) << 5) |
(((key[4] & (0x80 >> i)) >> (7 - i)) << 4) |
(((key[3] & (0x80 >> i)) >> (7 - i)) << 3) |
(((key[2] & (0x80 >> i)) >> (7 - i)) << 2) |
(((key[1] & (0x80 >> i)) >> (7 - i)) << 1) |
(((key[0] & (0x80 >> i)) >> (7 - i)) << 0);
}
}
/**
* Permutes a key from iclass specific format to NIST format
* @brief permutekey_rev
* @param key
* @param dest
*/
void permutekey_rev(const uint8_t key[8], uint8_t dest[8]) {
int i;
for (i = 0 ; i < 8 ; i++) {
dest[7 - i] = (((key[0] & (0x80 >> i)) >> (7 - i)) << 7) |
(((key[1] & (0x80 >> i)) >> (7 - i)) << 6) |
(((key[2] & (0x80 >> i)) >> (7 - i)) << 5) |
(((key[3] & (0x80 >> i)) >> (7 - i)) << 4) |
(((key[4] & (0x80 >> i)) >> (7 - i)) << 3) |
(((key[5] & (0x80 >> i)) >> (7 - i)) << 2) |
(((key[6] & (0x80 >> i)) >> (7 - i)) << 1) |
(((key[7] & (0x80 >> i)) >> (7 - i)) << 0);
}
}
/**
* Helper function for hash1
* @brief rr
* @param val
* @return
*/
static uint8_t rr(uint8_t val) {
return val >> 1 | ((val & 1) << 7);
}
/**
* Helper function for hash1
* @brief rl
* @param val
* @return
*/
static uint8_t rl(uint8_t val) {
return val << 1 | ((val & 0x80) >> 7);
}
/**
* Helper function for hash1
* @brief swap
* @param val
* @return
*/
static uint8_t swap(uint8_t val) {
return ((val >> 4) & 0xFF) | ((val & 0xFF) << 4);
}
/**
* Hash1 takes CSN as input, and determines what bytes in the keytable will be used
* when constructing the K_sel.
* @param csn the CSN used
* @param k output
*/
void hash1(const uint8_t csn[], uint8_t k[]) {
k[0] = csn[0] ^ csn[1] ^ csn[2] ^ csn[3] ^ csn[4] ^ csn[5] ^ csn[6] ^ csn[7];
k[1] = csn[0] + csn[1] + csn[2] + csn[3] + csn[4] + csn[5] + csn[6] + csn[7];
k[2] = rr(swap(csn[2] + k[1]));
k[3] = rl(swap(csn[3] + k[0]));
k[4] = ~rr(csn[4] + k[2]) + 1;
k[5] = ~rl(csn[5] + k[3]) + 1;
k[6] = rr(csn[6] + (k[4] ^ 0x3c));
k[7] = rl(csn[7] + (k[5] ^ 0xc3));
k[7] &= 0x7F;
k[6] &= 0x7F;
k[5] &= 0x7F;
k[4] &= 0x7F;
k[3] &= 0x7F;
k[2] &= 0x7F;
k[1] &= 0x7F;
k[0] &= 0x7F;
}
/**
Definition 14. Define the rotate key function rk : (F 82 ) 8 × N (F 82 ) 8 as
rk(x [0] . . . x [7] , 0) = x [0] . . . x [7]
rk(x [0] . . . x [7] , n + 1) = rk(rl(x [0] ) . . . rl(x [7] ), n)
**/
static void rk(uint8_t *key, uint8_t n, uint8_t *outp_key) {
memcpy(outp_key, key, 8);
uint8_t j;
while (n-- > 0) {
for (j = 0; j < 8 ; j++)
outp_key[j] = rl(outp_key[j]);
}
return;
}
static mbedtls_des_context ctx_enc;
static mbedtls_des_context ctx_dec;
static void desdecrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) {
uint8_t key_std_format[8] = {0};
permutekey_rev(iclass_key, key_std_format);
mbedtls_des_setkey_dec(&ctx_dec, key_std_format);
mbedtls_des_crypt_ecb(&ctx_dec, input, output);
}
static void desencrypt_iclass(uint8_t *iclass_key, uint8_t *input, uint8_t *output) {
uint8_t key_std_format[8] = {0};
permutekey_rev(iclass_key, key_std_format);
mbedtls_des_setkey_enc(&ctx_enc, key_std_format);
mbedtls_des_crypt_ecb(&ctx_enc, input, output);
}
/**
* @brief Insert uint8_t[8] custom master key to calculate hash2 and return key_select.
* @param key unpermuted custom key
* @param hash1 hash1
* @param key_sel output key_sel=h[hash1[i]]
*/
void hash2(uint8_t *key64, uint8_t *outp_keytable) {
/**
*Expected:
* High Security Key Table
00 F1 35 59 A1 0D 5A 26 7F 18 60 0B 96 8A C0 25 C1
10 BF A1 3B B0 FF 85 28 75 F2 1F C6 8F 0E 74 8F 21
20 14 7A 55 16 C8 A9 7D B3 13 0C 5D C9 31 8D A9 B2
30 A3 56 83 0F 55 7E DE 45 71 21 D2 6D C1 57 1C 9C
40 78 2F 64 51 42 7B 64 30 FA 26 51 76 D3 E0 FB B6
50 31 9F BF 2F 7E 4F 94 B4 BD 4F 75 91 E3 1B EB 42
60 3F 88 6F B8 6C 2C 93 0D 69 2C D5 20 3C C1 61 95
70 43 08 A0 2F FE B3 26 D7 98 0B 34 7B 47 70 A0 AB
**** The 64-bit HS Custom Key Value = 5B7C62C491C11B39 ******/
uint8_t key64_negated[8] = {0};
uint8_t z[8][8] = {{0}, {0}};
uint8_t temp_output[8] = {0};
//calculate complement of key
int i;
for (i = 0; i < 8; i++)
key64_negated[i] = ~key64[i];
// Once again, key is on iclass-format
desencrypt_iclass(key64, key64_negated, z[0]);
uint8_t y[8][8] = {{0}, {0}};
// y[0]=DES_dec(z[0],~key)
// Once again, key is on iclass-format
desdecrypt_iclass(z[0], key64_negated, y[0]);
for (i = 1; i < 8; i++) {
rk(key64, i, temp_output);
desdecrypt_iclass(temp_output, z[i - 1], z[i]);
desencrypt_iclass(temp_output, y[i - 1], y[i]);
}
if (outp_keytable != NULL) {
for (i = 0 ; i < 8 ; i++) {
memcpy(outp_keytable + i * 16, y[i], 8);
memcpy(outp_keytable + 8 + i * 16, z[i], 8);
}
}
}

58
lib/loclass/optimized_elite.h Normal file
View file

@ -0,0 +1,58 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// More recently from https://github.com/RfidResearchGroup/proxmark3
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
#ifndef ELITE_CRACK_H
#define ELITE_CRACK_H
#include <stdint.h>
#include <stdlib.h>
void permutekey(const uint8_t key[8], uint8_t dest[8]);
/**
* Permutes a key from iclass specific format to NIST format
* @brief permutekey_rev
* @param key
* @param dest
*/
void permutekey_rev(const uint8_t key[8], uint8_t dest[8]);
/**
* Hash1 takes CSN as input, and determines what bytes in the keytable will be used
* when constructing the K_sel.
* @param csn the CSN used
* @param k output
*/
void hash1(const uint8_t *csn, uint8_t *k);
void hash2(uint8_t *key64, uint8_t *outp_keytable);
#endif

321
lib/loclass/optimized_ikeys.c Normal file
View file

@ -0,0 +1,321 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
/**
From "Dismantling iclass":
This section describes in detail the built-in key diversification algorithm of iClass.
Besides the obvious purpose of deriving a card key from a master key, this
algorithm intends to circumvent weaknesses in the cipher by preventing the
usage of certain weak keys. In order to compute a diversified key, the iClass
reader first encrypts the card identity id with the master key K, using single
DES. The resulting ciphertext is then input to a function called hash0 which
outputs the diversified key k.
k = hash0(DES enc (id, K))
Here the DES encryption of id with master key K outputs a cryptogram c
of 64 bits. These 64 bits are divided as c = x, y, z [0] , . . . , z [7] F 82 × F 82 × (F 62 ) 8
which is used as input to the hash0 function. This function introduces some
obfuscation by performing a number of permutations, complement and modulo
operations, see Figure 2.5. Besides that, it checks for and removes patterns like
similar key bytes, which could produce a strong bias in the cipher. Finally, the
output of hash0 is the diversified card key k = k [0] , . . . , k [7] (F 82 ) 8 .
**/
#include "optimized_ikeys.h"
#include <stdint.h>
#include <stdbool.h>
#include <inttypes.h>
#include <mbedtls/des.h>
#include "optimized_cipherutils.h"
static uint8_t pi[35] = {
0x0F, 0x17, 0x1B, 0x1D, 0x1E, 0x27, 0x2B, 0x2D,
0x2E, 0x33, 0x35, 0x39, 0x36, 0x3A, 0x3C, 0x47,
0x4B, 0x4D, 0x4E, 0x53, 0x55, 0x56, 0x59, 0x5A,
0x5C, 0x63, 0x65, 0x66, 0x69, 0x6A, 0x6C, 0x71,
0x72, 0x74, 0x78
};
static mbedtls_des_context ctx_enc;
/**
* @brief The key diversification algorithm uses 6-bit bytes.
* This implementation uses 64 bit uint to pack seven of them into one
* variable. When they are there, they are placed as follows:
* XXXX XXXX N0 .... N7, occupying the last 48 bits.
*
* This function picks out one from such a collection
* @param all
* @param n bitnumber
* @return
*/
static uint8_t getSixBitByte(uint64_t c, int n) {
return (c >> (42 - 6 * n)) & 0x3F;
}
/**
* @brief Puts back a six-bit 'byte' into a uint64_t.
* @param c buffer
* @param z the value to place there
* @param n bitnumber.
*/
static void pushbackSixBitByte(uint64_t *c, uint8_t z, int n) {
//0x XXXX YYYY ZZZZ ZZZZ ZZZZ
// ^z0 ^z7
//z0: 1111 1100 0000 0000
uint64_t masked = z & 0x3F;
uint64_t eraser = 0x3F;
masked <<= 42 - 6 * n;
eraser <<= 42 - 6 * n;
//masked <<= 6*n;
//eraser <<= 6*n;
eraser = ~eraser;
(*c) &= eraser;
(*c) |= masked;
}
/**
* @brief Swaps the z-values.
* If the input value has format XYZ0Z1...Z7, the output will have the format
* XYZ7Z6...Z0 instead
* @param c
* @return
*/
static uint64_t swapZvalues(uint64_t c) {
uint64_t newz = 0;
pushbackSixBitByte(&newz, getSixBitByte(c, 0), 7);
pushbackSixBitByte(&newz, getSixBitByte(c, 1), 6);
pushbackSixBitByte(&newz, getSixBitByte(c, 2), 5);
pushbackSixBitByte(&newz, getSixBitByte(c, 3), 4);
pushbackSixBitByte(&newz, getSixBitByte(c, 4), 3);
pushbackSixBitByte(&newz, getSixBitByte(c, 5), 2);
pushbackSixBitByte(&newz, getSixBitByte(c, 6), 1);
pushbackSixBitByte(&newz, getSixBitByte(c, 7), 0);
newz |= (c & 0xFFFF000000000000);
return newz;
}
/**
* @return 4 six-bit bytes chunked into a uint64_t,as 00..00a0a1a2a3
*/
static uint64_t ck(int i, int j, uint64_t z) {
if (i == 1 && j == -1) {
// ck(1, 1, z [0] . . . z [3] ) = z [0] . . . z [3]
return z;
} else if (j == -1) {
// ck(i, 1, z [0] . . . z [3] ) = ck(i 1, i 2, z [0] . . . z [3] )
return ck(i - 1, i - 2, z);
}
if (getSixBitByte(z, i) == getSixBitByte(z, j)) {
//ck(i, j 1, z [0] . . . z [i] ← j . . . z [3] )
uint64_t newz = 0;
int c;
for (c = 0; c < 4; c++) {
uint8_t val = getSixBitByte(z, c);
if (c == i)
pushbackSixBitByte(&newz, j, c);
else
pushbackSixBitByte(&newz, val, c);
}
return ck(i, j - 1, newz);
} else {
return ck(i, j - 1, z);
}
}
/**
Definition 8.
Let the function check : (F 62 ) 8 (F 62 ) 8 be defined as
check(z [0] . . . z [7] ) = ck(3, 2, z [0] . . . z [3] ) · ck(3, 2, z [4] . . . z [7] )
where ck : N × N × (F 62 ) 4 (F 62 ) 4 is defined as
ck(1, 1, z [0] . . . z [3] ) = z [0] . . . z [3]
ck(i, 1, z [0] . . . z [3] ) = ck(i 1, i 2, z [0] . . . z [3] )
ck(i, j, z [0] . . . z [3] ) =
ck(i, j 1, z [0] . . . z [i] j . . . z [3] ), if z [i] = z [j] ;
ck(i, j 1, z [0] . . . z [3] ), otherwise
otherwise.
**/
static uint64_t check(uint64_t z) {
//These 64 bits are divided as c = x, y, z [0] , . . . , z [7]
// ck(3, 2, z [0] . . . z [3] )
uint64_t ck1 = ck(3, 2, z);
// ck(3, 2, z [4] . . . z [7] )
uint64_t ck2 = ck(3, 2, z << 24);
//The ck function will place the values
// in the middle of z.
ck1 &= 0x00000000FFFFFF000000;
ck2 &= 0x00000000FFFFFF000000;
return ck1 | ck2 >> 24;
}
static void permute(BitstreamIn_t *p_in, uint64_t z, int l, int r, BitstreamOut_t *out) {
if (bitsLeft(p_in) == 0)
return;
bool pn = tailBit(p_in);
if (pn) { // pn = 1
uint8_t zl = getSixBitByte(z, l);
push6bits(out, zl + 1);
permute(p_in, z, l + 1, r, out);
} else { // otherwise
uint8_t zr = getSixBitByte(z, r);
push6bits(out, zr);
permute(p_in, z, l, r + 1, out);
}
}
/**
* @brief
*Definition 11. Let the function hash0 : F 82 × F 82 × (F 62 ) 8 (F 82 ) 8 be defined as
* hash0(x, y, z [0] . . . z [7] ) = k [0] . . . k [7] where
* z'[i] = (z[i] mod (63-i)) + i i = 0...3
* z'[i+4] = (z[i+4] mod (64-i)) + i i = 0...3
* = check(z');
* @param c
* @param k this is where the diversified key is put (should be 8 bytes)
* @return
*/
void hash0(uint64_t c, uint8_t k[8]) {
c = swapZvalues(c);
//These 64 bits are divided as c = x, y, z [0] , . . . , z [7]
// x = 8 bits
// y = 8 bits
// z0-z7 6 bits each : 48 bits
uint8_t x = (c & 0xFF00000000000000) >> 56;
uint8_t y = (c & 0x00FF000000000000) >> 48;
uint64_t zP = 0;
for (int n = 0; n < 4 ; n++) {
uint8_t zn = getSixBitByte(c, n);
uint8_t zn4 = getSixBitByte(c, n + 4);
uint8_t _zn = (zn % (63 - n)) + n;
uint8_t _zn4 = (zn4 % (64 - n)) + n;
pushbackSixBitByte(&zP, _zn, n);
pushbackSixBitByte(&zP, _zn4, n + 4);
}
uint64_t zCaret = check(zP);
uint8_t p = pi[x % 35];
if (x & 1) //Check if x7 is 1
p = ~p;
BitstreamIn_t p_in = { &p, 8, 0 };
uint8_t outbuffer[] = {0, 0, 0, 0, 0, 0, 0, 0};
BitstreamOut_t out = {outbuffer, 0, 0};
permute(&p_in, zCaret, 0, 4, &out); //returns 48 bits? or 6 8-bytes
//Out is now a buffer containing six-bit bytes, should be 48 bits
// if all went well
//Shift z-values down onto the lower segment
uint64_t zTilde = x_bytes_to_num(outbuffer, sizeof(outbuffer));
zTilde >>= 16;
for (int i = 0; i < 8; i++) {
// the key on index i is first a bit from y
// then six bits from z,
// then a bit from p
// Init with zeroes
k[i] = 0;
// First, place yi leftmost in k
//k[i] |= (y << i) & 0x80 ;
// First, place y(7-i) leftmost in k
k[i] |= (y << (7 - i)) & 0x80 ;
uint8_t zTilde_i = getSixBitByte(zTilde, i);
// zTildeI is now on the form 00XXXXXX
// with one leftshift, it'll be
// 0XXXXXX0
// So after leftshift, we can OR it into k
// However, when doing complement, we need to
// again MASK 0XXXXXX0 (0x7E)
zTilde_i <<= 1;
//Finally, add bit from p or p-mod
//Shift bit i into rightmost location (mask only after complement)
uint8_t p_i = p >> i & 0x1;
if (k[i]) { // yi = 1
k[i] |= ~zTilde_i & 0x7E;
k[i] |= p_i & 1;
k[i] += 1;
} else { // otherwise
k[i] |= zTilde_i & 0x7E;
k[i] |= (~p_i) & 1;
}
}
}
/**
* @brief Performs Elite-class key diversification
* @param csn
* @param key
* @param div_key
*/
void diversifyKey(uint8_t *csn, uint8_t *key, uint8_t *div_key) {
// Prepare the DES key
mbedtls_des_setkey_enc(&ctx_enc, key);
uint8_t crypted_csn[8] = {0};
// Calculate DES(CSN, KEY)
mbedtls_des_crypt_ecb(&ctx_enc, csn, crypted_csn);
//Calculate HASH0(DES))
uint64_t c_csn = x_bytes_to_num(crypted_csn, sizeof(crypted_csn));
hash0(c_csn, div_key);
}

66
lib/loclass/optimized_ikeys.h Normal file
View file

@ -0,0 +1,66 @@
//-----------------------------------------------------------------------------
// Borrowed initially from https://github.com/holiman/loclass
// More recently from https://github.com/RfidResearchGroup/proxmark3
// Copyright (C) 2014 Martin Holst Swende
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
// WARNING
//
// THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
//
// USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
// PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
// AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
//
// THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
//-----------------------------------------------------------------------------
// It is a reconstruction of the cipher engine used in iClass, and RFID techology.
//
// The implementation is based on the work performed by
// Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
// Milosch Meriac in the paper "Dismantling IClass".
//-----------------------------------------------------------------------------
#ifndef IKEYS_H
#define IKEYS_H
#include <inttypes.h>
/**
* @brief
*Definition 11. Let the function hash0 : F 82 × F 82 × (F 62 ) 8 (F 82 ) 8 be defined as
* hash0(x, y, z [0] . . . z [7] ) = k [0] . . . k [7] where
* z'[i] = (z[i] mod (63-i)) + i i = 0...3
* z'[i+4] = (z[i+4] mod (64-i)) + i i = 0...3
* = check(z');
* @param c
* @param k this is where the diversified key is put (should be 8 bytes)
* @return
*/
void hash0(uint64_t c, uint8_t k[8]);
/**
* @brief Performs Elite-class key diversification
* @param csn
* @param key
* @param div_key
*/
void diversifyKey(uint8_t *csn, uint8_t *key, uint8_t *div_key);
/**
* @brief Permutes a key from standard NIST format to Iclass specific format
* @param key
* @param dest
*/
#endif // IKEYS_H

1
lib/mbedtls Submodule

@ -0,0 +1 @@
Subproject commit d65aeb37349ad1a50e0f6c9b694d4b5290d60e49

20
lib/mbedtls.scons Normal file
View file

@ -0,0 +1,20 @@
Import("env")
env.Append(
CPPPATH=[
"#/lib/mbedtls",
"#/lib/mbedtls/include",
],
CPPDEFINES=[
],
)
libenv = env.Clone(FW_LIB_NAME="mbedtls")
libenv.ApplyLibFlags()
sources = ["mbedtls/library/des.c", "mbedtls/library/platform_util.c"]
lib = libenv.StaticLibrary("${FW_LIB_NAME}", sources)
libenv.Install("${LIB_DIST_DIR}", lib)
Return("lib")

34
lib/nfc_protocols/mifare_classic.c
View file

@ -537,25 +537,23 @@ bool mf_classic_emulator(MfClassicEmulator* emulator, FuriHalNfcTxRxContext* tx_
// Read command
while(!command_processed) {
if(!is_encrypted) {
// Read first frame
tx_rx->tx_bits = 0;
tx_rx->tx_rx_type = FuriHalNfcTxRxTypeDefault;
}
if(!furi_hal_nfc_tx_rx(tx_rx, 300)) {
FURI_LOG_D(
TAG, "Error in tx rx. Tx :%d bits, Rx: %d bits", tx_rx->tx_bits, tx_rx->rx_bits);
break;
}
if(!is_encrypted) {
memcpy(plain_data, tx_rx->rx_data, tx_rx->rx_bits / 8);
} else {
if(!furi_hal_nfc_tx_rx(tx_rx, 300)) {
FURI_LOG_D(
TAG,
"Error in tx rx. Tx :%d bits, Rx: %d bits",
tx_rx->tx_bits,
tx_rx->rx_bits);
break;
}
mf_crypto1_decrypt(&emulator->crypto, tx_rx->rx_data, tx_rx->rx_bits, plain_data);
}
// TODO Check crc
if(plain_data[0] == 0x50 && plain_data[1] == 00) {
if(plain_data[0] == 0x50 && plain_data[1] == 0x00) {
FURI_LOG_T(TAG, "Halt received");
furi_hal_nfc_listen_sleep();
command_processed = true;
break;
} else if(plain_data[0] == 0x60 || plain_data[0] == 0x61) {
@ -564,11 +562,11 @@ bool mf_classic_emulator(MfClassicEmulator* emulator, FuriHalNfcTxRxContext* tx_
uint8_t sector_trailer_block = mf_classic_get_sector_trailer(block);
MfClassicSectorTrailer* sector_trailer =
(MfClassicSectorTrailer*)emulator->data.block[sector_trailer_block].value;
if(plain_data[0] == 0x61) {
key = nfc_util_bytes2num(sector_trailer->key_b, 6);
if(plain_data[0] == 0x60) {
key = nfc_util_bytes2num(sector_trailer->key_a, 6);
access_key = MfClassicKeyA;
} else {
key = nfc_util_bytes2num(sector_trailer->key_a, 6);
key = nfc_util_bytes2num(sector_trailer->key_b, 6);
access_key = MfClassicKeyB;
}
@ -581,8 +579,12 @@ bool mf_classic_emulator(MfClassicEmulator* emulator, FuriHalNfcTxRxContext* tx_
if(!is_encrypted) {
crypto1_word(&emulator->crypto, emulator->cuid ^ nonce, 0);
memcpy(tx_rx->tx_data, nt, sizeof(nt));
tx_rx->tx_parity[0] = 0;
for(size_t i = 0; i < sizeof(nt); i++) {
tx_rx->tx_parity[0] |= nfc_util_odd_parity8(nt[i]) << (7 - i);
}
tx_rx->tx_bits = sizeof(nt) * 8;
tx_rx->tx_rx_type = FuriHalNfcTxRxTypeRxRaw;
tx_rx->tx_rx_type = FuriHalNfcTxRxTransparent;
} else {
mf_crypto1_encrypt(
&emulator->crypto,

13
lib/nfc_protocols/nfca.c
View file

@ -8,7 +8,10 @@
#define NFCA_CRC_INIT (0x6363)
#define NFCA_F_SIG (13560000.0)
#define NFCA_T_SIG (1.0 / NFCA_F_SIG)
#define T_SIG 7374 //73.746ns*100
#define T_SIG_x8 58992 //T_SIG*8
#define T_SIG_x8_x8 471936 //T_SIG*8*8
#define T_SIG_x8_x9 530928 //T_SIG*8*9
#define NFCA_SIGNAL_MAX_EDGES (1350)
@ -64,15 +67,15 @@ static void nfca_add_bit(DigitalSignal* signal, bool bit) {
if(bit) {
signal->start_level = true;
for(size_t i = 0; i < 7; i++) {
signal->edge_timings[i] = 8 * NFCA_T_SIG;
signal->edge_timings[i] = T_SIG_x8;
}
signal->edge_timings[7] = 9 * 8 * NFCA_T_SIG;
signal->edge_timings[7] = T_SIG_x8_x9;
signal->edge_cnt = 8;
} else {
signal->start_level = false;
signal->edge_timings[0] = 8 * 8 * NFCA_T_SIG;
signal->edge_timings[0] = T_SIG_x8_x8;
for(size_t i = 1; i < 9; i++) {
signal->edge_timings[i] = 8 * NFCA_T_SIG;
signal->edge_timings[i] = T_SIG_x8;
}
signal->edge_cnt = 9;
}