dandri/seader
1
0
Fork 0
mirror of https://github.com/bettse/seader.git synced 2026-03-30 18:35:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2a1be41d97d0fbee97521bef6df7c74df07f593e
seader/sam_api.c
CinderSocket 2d11e90d77 Format SAM and read-path updates
2026-03-07 00:31:31 -08:00

1549 lines
55 KiB
C
Raw Blame History

#include "sam_api.h"
#include "trace_log.h"
#include <toolbox/path.h>
#include <toolbox/version.h>
#include <bit_lib/bit_lib.h>
// #define ASN1_DEBUG true
#define TAG "SAMAPI"
#define ASN1_PREFIX 6
#define SEADER_ICLASS_SR_SIO_BASE_BLOCK 10
#define SEADER_SERIAL_FILE_NAME "sam_serial"
const uint8_t picopass_iclass_key[] = {0xaf, 0xa7, 0x85, 0xa7, 0xda, 0xb3, 0x33, 0x78};
const uint8_t seader_oid[] =
{0x2B, 0x06, 0x01, 0x04, 0x01, 0x81, 0xE4, 0x38, 0x01, 0x01, 0x02, 0x04};
#ifdef ASN1_DEBUG
char asn1_log[SEADER_UART_RX_BUF_SIZE] = {0};
#endif
// Helper function to log hex data efficiently without large static buffer
static void
seader_log_hex_data(const char* tag, const char* prefix, const uint8_t* data, size_t len) {
if(len == 0) return;
const size_t chunk_size =
32; // Process 32 bytes at a time (64 chars + null terminator = 65 bytes on stack)
char hex_chunk[chunk_size * 2 + 1];
if(len <= chunk_size) {
// Small data - single chunk
for(size_t i = 0; i < len; i++) {
snprintf(hex_chunk + (i * 2), sizeof(hex_chunk) - (i * 2), "%02x", data[i]);
}
hex_chunk[len * 2] = '\0';
FURI_LOG_D(tag, "%s: %s", prefix, hex_chunk);
} else {
// Large data - process in chunks
for(size_t offset = 0; offset < len; offset += chunk_size) {
size_t current_chunk = (len - offset > chunk_size) ? chunk_size : (len - offset);
for(size_t i = 0; i < current_chunk; i++) {
snprintf(
hex_chunk + (i * 2), sizeof(hex_chunk) - (i * 2), "%02x", data[offset + i]);
}
hex_chunk[current_chunk * 2] = '\0';
FURI_LOG_D(
tag, "%s[%zu-%zu]: %s", prefix, offset, offset + current_chunk - 1, hex_chunk);
}
}
}
#ifdef SEADER_ENABLE_TRACE_LOG
static void seader_trace_mfc_packed_frame(const char* prefix, const uint8_t* buffer, size_t len) {
if(!buffer || len == 0) {
seader_trace(TAG, "%s <empty>", prefix);
return;
}
if(len < 2) {
seader_trace_hex(TAG, prefix, buffer, len);
return;
}
uint8_t packed[SEADER_POLLER_MAX_BUFFER_SIZE] = {0};
if(len > sizeof(packed)) {
seader_trace_hex(TAG, prefix, buffer, len);
return;
}
memcpy(packed, buffer, len);
uint8_t parity = 0;
size_t decoded_len = len - 1;
uint8_t decoded[SEADER_POLLER_MAX_BUFFER_SIZE] = {0};
char parity_bits[SEADER_POLLER_MAX_BUFFER_SIZE + 1] = {0};
for(size_t i = 0; i < len; i++) {
bit_lib_reverse_bits(packed + i, 0, 8);
}
for(size_t i = 0; i < decoded_len; i++) {
bool val = bit_lib_get_bit(packed + i + 1, i);
bit_lib_set_bit(&parity, i, val);
}
for(size_t i = 0; i < decoded_len; i++) {
packed[i] = (packed[i] << i) | (packed[i + 1] >> (8 - i));
bit_lib_reverse_bits(packed + i, 0, 8);
decoded[i] = packed[i];
parity_bits[i] = bit_lib_get_bit(&parity, i) ? '1' : '0';
}
parity_bits[decoded_len] = '\0';
seader_trace_hex(TAG, prefix, buffer, len);
seader_trace_hex(TAG, "mfc tx decoded", decoded, decoded_len);
seader_trace(TAG, "mfc tx parity bits=%s", parity_bits);
}
static void
seader_trace_mfc_bitbuffer(const char* prefix, BitBuffer* buffer, bool include_parity) {
if(!buffer) {
seader_trace(TAG, "%s <null>", prefix);
return;
}
size_t len = bit_buffer_get_size_bytes(buffer);
uint8_t bytes[SEADER_POLLER_MAX_BUFFER_SIZE] = {0};
char parity_bits[SEADER_POLLER_MAX_BUFFER_SIZE + 1] = {0};
if(len > sizeof(bytes)) len = sizeof(bytes);
for(size_t i = 0; i < len; i++) {
bytes[i] = bit_buffer_get_byte(buffer, i);
if(include_parity) {
const uint8_t* parity = bit_buffer_get_parity(buffer);
parity_bits[i] = bit_lib_get_bit(parity, i) ? '1' : '0';
}
}
if(include_parity) {
parity_bits[len] = '\0';
}
seader_trace_hex(TAG, prefix, bytes, len);
if(include_parity) {
seader_trace(TAG, "%s parity=%s", prefix, parity_bits);
}
}
#else
static void seader_trace_mfc_packed_frame(const char* prefix, const uint8_t* buffer, size_t len) {
(void)prefix;
(void)buffer;
(void)len;
}
static void
seader_trace_mfc_bitbuffer(const char* prefix, BitBuffer* buffer, bool include_parity) {
(void)prefix;
(void)buffer;
(void)include_parity;
}
#endif
uint8_t updateBlock2[] = {RFAL_PICOPASS_CMD_UPDATE, 0x02};
uint8_t select_seos_app[] =
{0x00, 0xa4, 0x04, 0x00, 0x0a, 0xa0, 0x00, 0x00, 0x04, 0x40, 0x00, 0x01, 0x01, 0x00, 0x01, 0x00};
uint8_t select_desfire_app_no_le[] =
{0x00, 0xA4, 0x04, 0x00, 0x07, 0xD2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x00};
uint8_t FILE_NOT_FOUND[] = {0x6a, 0x82};
void* calloc(size_t count, size_t size) {
void* ptr = malloc(count * size);
if(ptr) {
memset(ptr, 0, count * size);
}
return ptr;
}
// Forward declarations
void seader_send_nfc_rx(Seader* seader, uint8_t* buffer, size_t len);
static void seader_abort_active_read(Seader* seader);
static void seader_sam_set_state(
Seader* seader,
SeaderSamState state,
SeaderSamIntent intent,
SamCommand_PR command) {
seader->sam_state = state;
seader->sam_intent = intent;
seader->samCommand = command;
seader_trace(TAG, "sam state=%d intent=%d cmd=%d", state, intent, command);
}
static SeaderSamIntent seader_sam_card_intent(const Seader* seader) {
if(seader->credential->type == SeaderCredentialTypeConfig) {
return SeaderSamIntentConfig;
} else if(seader->is_debug_enabled) {
return SeaderSamIntentReadPacs2;
} else {
return SeaderSamIntentReadPacs;
}
}
bool seader_sam_can_accept_card(const Seader* seader) {
return seader->sam_state == SeaderSamStateIdle;
}
bool seader_sam_has_active_card(const Seader* seader) {
return seader->sam_state == SeaderSamStateDetectPending ||
seader->sam_state == SeaderSamStateConversation ||
seader->sam_state == SeaderSamStateFinishing;
}
PicopassError seader_worker_fake_epurse_update(BitBuffer* tx_buffer, BitBuffer* rx_buffer) {
const uint8_t* buffer = bit_buffer_get_data(tx_buffer);
uint8_t fake_response[8];
memset(fake_response, 0, sizeof(fake_response));
memcpy(fake_response + 0, buffer + 6, 4);
memcpy(fake_response + 4, buffer + 2, 4);
bit_buffer_append_bytes(rx_buffer, fake_response, sizeof(fake_response));
iso13239_crc_append(Iso13239CrcTypePicopass, rx_buffer);
seader_log_hex_data(
TAG,
"Fake update E-Purse response",
bit_buffer_get_data(rx_buffer),
bit_buffer_get_size_bytes(rx_buffer));
return PicopassErrorNone;
}
void seader_virtual_picopass_state_machine(Seader* seader, uint8_t* buffer, size_t len) {
BitBuffer* tx_buffer = bit_buffer_alloc(len);
bit_buffer_append_bytes(tx_buffer, buffer, len);
BitBuffer* rx_buffer = bit_buffer_alloc(SEADER_POLLER_MAX_BUFFER_SIZE);
uint8_t config[PICOPASS_BLOCK_LEN] = {0x12, 0xff, 0xff, 0xff, 0x7f, 0x1f, 0xff, 0x3c};
uint8_t sr_aia[PICOPASS_BLOCK_LEN] = {0xFF, 0xff, 0xff, 0xff, 0xFF, 0xFf, 0xff, 0xFF};
uint8_t epurse[PICOPASS_BLOCK_LEN] = {0xff, 0xff, 0xff, 0xff, 0xe3, 0xff, 0xff, 0xff};
uint8_t pacs_sr_cfg[PICOPASS_BLOCK_LEN] = {0xA3, 0x03, 0x03, 0x03, 0x00, 0x03, 0xe0, 0x14};
uint8_t zeroes[PICOPASS_BLOCK_LEN] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
uint8_t tmac[4] = {};
uint8_t cc_p[12] = {};
uint8_t div_key[PICOPASS_BLOCK_LEN] = {};
uint8_t offset; // for READ4
do {
switch(buffer[0]) {
case RFAL_PICOPASS_CMD_READ_OR_IDENTIFY:
if(buffer[1] == AIA_INDEX) {
bit_buffer_append_bytes(rx_buffer, sr_aia, sizeof(sr_aia));
} else if(buffer[1] == PACS_CFG_INDEX) {
bit_buffer_append_bytes(rx_buffer, pacs_sr_cfg, sizeof(pacs_sr_cfg));
} else { // What i've seen is 0c 12
offset = buffer[1] - SEADER_ICLASS_SR_SIO_BASE_BLOCK;
bit_buffer_append_bytes(
rx_buffer,
seader->credential->sio + (PICOPASS_BLOCK_LEN * offset),
PICOPASS_BLOCK_LEN);
}
iso13239_crc_append(Iso13239CrcTypePicopass, rx_buffer);
break;
case RFAL_PICOPASS_CMD_UPDATE:
seader_worker_fake_epurse_update(tx_buffer, rx_buffer);
break;
case RFAL_PICOPASS_CMD_READCHECK_KD:
if(buffer[1] == EPURSE_INDEX) {
bit_buffer_append_bytes(rx_buffer, epurse, sizeof(epurse));
}
break;
case RFAL_PICOPASS_CMD_CHECK:
loclass_iclass_calc_div_key(
seader->credential->diversifier, picopass_iclass_key, div_key, false);
memcpy(cc_p, epurse, PICOPASS_BLOCK_LEN);
memcpy(cc_p + 8, buffer + 1, PICOPASS_MAC_LEN);
loclass_opt_doTagMAC(cc_p, div_key, tmac);
bit_buffer_append_bytes(rx_buffer, tmac, sizeof(tmac));
break;
case RFAL_PICOPASS_CMD_READ4:
if(buffer[1] < SEADER_ICLASS_SR_SIO_BASE_BLOCK) {
if(buffer[1] == PACS_CFG_INDEX) {
bit_buffer_append_bytes(rx_buffer, pacs_sr_cfg, sizeof(pacs_sr_cfg));
bit_buffer_append_bytes(rx_buffer, zeroes, sizeof(zeroes));
bit_buffer_append_bytes(rx_buffer, zeroes, sizeof(zeroes));
bit_buffer_append_bytes(rx_buffer, zeroes, sizeof(zeroes));
}
} else {
offset = buffer[1] - SEADER_ICLASS_SR_SIO_BASE_BLOCK;
bit_buffer_append_bytes(
rx_buffer,
seader->credential->sio + (PICOPASS_BLOCK_LEN * offset),
PICOPASS_BLOCK_LEN * 4);
}
iso13239_crc_append(Iso13239CrcTypePicopass, rx_buffer);
break;
case RFAL_PICOPASS_CMD_PAGESEL:
// this should be considered an attempt, but realisticly not working
bit_buffer_append_bytes(rx_buffer, config, sizeof(config));
iso13239_crc_append(Iso13239CrcTypePicopass, rx_buffer);
break;
}
seader_send_nfc_rx(
seader,
(uint8_t*)bit_buffer_get_data(rx_buffer),
bit_buffer_get_size_bytes(rx_buffer));
} while(false);
bit_buffer_free(tx_buffer);
bit_buffer_free(rx_buffer);
}
bool seader_send_apdu(
Seader* seader,
uint8_t CLA,
uint8_t INS,
uint8_t P1,
uint8_t P2,
uint8_t* payload,
uint8_t payloadLen,
bool in_scratchpad) {
SeaderWorker* seader_worker = seader->worker;
SeaderUartBridge* seader_uart = seader_worker->uart;
bool extended = seader_uart->T == 1;
uint8_t header_len = extended ? 7 : 5;
// Must account for MAX_FRAME_HEADERS headroom in scratchpad mode
if(MAX_FRAME_HEADERS + header_len + payloadLen > SEADER_UART_RX_BUF_SIZE) {
FURI_LOG_E(TAG, "Cannot send message, too long: %d", header_len + payloadLen);
return false;
}
uint8_t length = header_len + payloadLen;
uint8_t* apdu;
bool must_free = false;
uintptr_t tx_start = (uintptr_t)seader_uart->tx_buf;
uintptr_t tx_end = tx_start + SEADER_UART_RX_BUF_SIZE;
uintptr_t payload_addr = (uintptr_t)payload;
bool scratchpad_payload = false;
// in_scratchpad is only valid when the full payload range is inside tx_buf.
if(in_scratchpad && payload_addr >= tx_start + header_len && payload_addr <= tx_end) {
size_t available = (size_t)(tx_end - payload_addr);
scratchpad_payload = payloadLen <= available;
}
if(scratchpad_payload) {
apdu = (uint8_t*)(payload_addr - header_len);
} else {
apdu = malloc(length);
if(!apdu) {
FURI_LOG_E(TAG, "Failed to allocate memory for apdu in seader_send_apdu");
return false;
}
memcpy(apdu + header_len, payload, payloadLen);
must_free = true;
}
apdu[0] = CLA;
apdu[1] = INS;
apdu[2] = P1;
apdu[3] = P2;
if(extended) {
apdu[4] = 0x00;
apdu[5] = 0x00;
apdu[6] = payloadLen;
} else {
apdu[4] = payloadLen;
}
seader_log_hex_data(TAG, "seader_send_apdu", apdu, length);
if(seader_uart->T == 1) {
seader_send_t1(seader_uart, apdu, length);
} else {
seader_ccid_XfrBlock(seader_uart, apdu, length);
}
if(must_free) {
free(apdu);
}
return true;
}
#ifdef ASN1_DEBUG
static int seader_print_struct_callback(const void* buffer, size_t size, void* app_key) {
if(app_key) {
char* str = (char*)app_key;
size_t next = strlen(str);
strncpy(str + next, buffer, size);
} else {
uint8_t next = strlen(asn1_log);
strncpy(asn1_log + next, buffer, size);
}
return 0;
}
#endif
void seader_send_payload(
Seader* seader,
Payload_t* payload,
uint8_t from,
uint8_t to,
uint8_t replyTo) {
SeaderWorker* seader_worker = seader->worker;
SeaderUartBridge* seader_uart = seader_worker->uart;
uint8_t* scratchpad = seader_uart->tx_buf + MAX_FRAME_HEADERS;
size_t scratchpad_size = SEADER_UART_RX_BUF_SIZE - MAX_FRAME_HEADERS;
size_t max_der_len = UINT8_MAX - ASN1_PREFIX;
uint8_t* payload_buf = scratchpad;
bool payload_in_scratchpad = true;
asn_enc_rval_t er = der_encode_to_buffer(
&asn_DEF_Payload, payload, scratchpad + ASN1_PREFIX, scratchpad_size - ASN1_PREFIX);
if(er.encoded < 0 || ((size_t)er.encoded + ASN1_PREFIX) > UINT8_MAX) {
payload_buf = malloc(ASN1_PREFIX + max_der_len);
if(!payload_buf) {
FURI_LOG_E(TAG, "Failed to allocate DER fallback buffer");
return;
}
payload_in_scratchpad = false;
er = der_encode_to_buffer(
&asn_DEF_Payload, payload, payload_buf + ASN1_PREFIX, max_der_len);
}
if(er.encoded < 0) {
FURI_LOG_E(TAG, "Failed to encode payload");
if(!payload_in_scratchpad) {
free(payload_buf);
}
return;
}
size_t apdu_payload_len = ASN1_PREFIX + (size_t)er.encoded;
if(apdu_payload_len > UINT8_MAX) {
FURI_LOG_E(TAG, "Encoded payload too large for APDU: %d", (int)apdu_payload_len);
if(!payload_in_scratchpad) {
free(payload_buf);
}
return;
}
#ifdef ASN1_DEBUG
if(er.encoded > -1) {
char payloadDebug[384] = {0};
memset(payloadDebug, 0, sizeof(payloadDebug));
(&asn_DEF_Payload)
->op->print_struct(
&asn_DEF_Payload, payload, 1, seader_print_struct_callback, payloadDebug);
if(strlen(payloadDebug) > 0) {
FURI_LOG_D(TAG, "Sending payload[%d %d %d]: %s", to, from, replyTo, payloadDebug);
}
} else {
FURI_LOG_W(TAG, "Failed to print_struct payload");
}
#endif
//0xa0, 0xda, 0x02, 0x63, 0x00, 0x00, 0x0a,
//0x44, 0x0a, 0x44, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x96, 0x00
payload_buf[0] = from;
payload_buf[1] = to;
payload_buf[2] = replyTo;
payload_buf[3] = 0x00;
payload_buf[4] = 0x00;
payload_buf[5] = 0x00;
seader_send_apdu(
seader,
0xA0,
0xDA,
0x02,
0x63,
payload_buf,
(uint8_t)apdu_payload_len,
payload_in_scratchpad);
if(!payload_in_scratchpad) {
free(payload_buf);
}
}
void seader_send_process_config_card(Seader* seader) {
SamCommand_t samCommand = {0};
Payload_t payload = {0};
samCommand.present = SamCommand_PR_processConfigCard;
seader_sam_set_state(
seader, SeaderSamStateConversation, SeaderSamIntentConfig, samCommand.present);
payload.present = Payload_PR_samCommand;
payload.choice.samCommand = samCommand;
seader_send_payload(seader, &payload, 0x44, 0x0a, 0x44);
}
void seader_send_response(
Seader* seader,
Response_t* response,
uint8_t from,
uint8_t to,
uint8_t replyTo) {
Payload_t payload = {0};
payload.present = Payload_PR_response;
payload.choice.response = *response;
seader_send_payload(seader, &payload, from, to, replyTo);
}
void seader_send_request_pacs(Seader* seader) {
RequestPacs_t requestPacs = {0};
requestPacs.contentElementTag = ContentElementTag_implicitFormatPhysicalAccessBits;
SamCommand_t samCommand = {0};
samCommand.present = SamCommand_PR_requestPacs;
seader_sam_set_state(
seader, SeaderSamStateConversation, SeaderSamIntentReadPacs, samCommand.present);
samCommand.choice.requestPacs = requestPacs;
Payload_t payload = {0};
payload.present = Payload_PR_samCommand;
payload.choice.samCommand = samCommand;
seader_send_payload(
seader, &payload, ExternalApplicationA, SAMInterface, ExternalApplicationA);
}
void seader_send_request_pacs2(Seader* seader) {
OCTET_STRING_t oid = {
.buf = (uint8_t*)seader_oid,
.size = sizeof(seader_oid),
};
RequestPacs_t requestPacs = {0};
requestPacs.contentElementTag = ContentElementTag_implicitFormatPhysicalAccessBits;
requestPacs.oid = &oid;
SamCommand_t samCommand = {0};
samCommand.present = SamCommand_PR_requestPacs2;
seader_sam_set_state(
seader, SeaderSamStateConversation, SeaderSamIntentReadPacs2, samCommand.present);
samCommand.choice.requestPacs2 = requestPacs;
Payload_t payload = {0};
payload.present = Payload_PR_samCommand;
payload.choice.samCommand = samCommand;
seader_send_payload(
seader, &payload, ExternalApplicationA, SAMInterface, ExternalApplicationA);
}
void seader_worker_send_serial_number(Seader* seader) {
SamCommand_t samCommand = {0};
samCommand.present = SamCommand_PR_serialNumber;
seader_sam_set_state(
seader, SeaderSamStateSerialPending, SeaderSamIntentMaintenance, samCommand.present);
Payload_t payload = {0};
payload.present = Payload_PR_samCommand;
payload.choice.samCommand = samCommand;
seader_send_payload(
seader, &payload, ExternalApplicationA, SAMInterface, ExternalApplicationA);
}
void seader_worker_send_version(Seader* seader) {
SamCommand_t samCommand = {0};
samCommand.present = SamCommand_PR_version;
seader_sam_set_state(
seader, SeaderSamStateVersionPending, SeaderSamIntentMaintenance, samCommand.present);
Payload_t payload = {0};
payload.present = Payload_PR_samCommand;
payload.choice.samCommand = samCommand;
seader_send_payload(
seader, &payload, ExternalApplicationA, SAMInterface, ExternalApplicationA);
}
void seader_send_card_detected(Seader* seader, CardDetails_t* cardDetails) {
CardDetected_t cardDetected = {
.detectedCardDetails = *cardDetails,
};
SamCommand_t samCommand = {0};
samCommand.present = SamCommand_PR_cardDetected;
samCommand.choice.cardDetected = cardDetected;
Payload_t payload = {0};
payload.present = Payload_PR_samCommand;
payload.choice.samCommand = samCommand;
seader_trace(
TAG, "send cardDetected state=%d intent=%d", seader->sam_state, seader->sam_intent);
seader_send_payload(
seader, &payload, ExternalApplicationA, SAMInterface, ExternalApplicationA);
}
void seader_send_no_card_detected(Seader* seader) {
furi_assert(seader);
CardDetails_t cardDetails = {0};
uint8_t protocol_bytes[] = {0x00, FrameProtocol_none};
OCTET_STRING_fromBuf(
&cardDetails.protocol, (const char*)protocol_bytes, sizeof(protocol_bytes));
OCTET_STRING_fromBuf(&cardDetails.csn, "", 0);
seader_sam_set_state(
seader, SeaderSamStateClearPending, SeaderSamIntentNone, SamCommand_PR_cardDetected);
seader_trace(TAG, "send no-card cardDetected");
seader_send_card_detected(seader, &cardDetails);
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_CardDetails, &cardDetails);
}
bool seader_unpack_pacs(Seader* seader, uint8_t* buf, size_t size) {
SeaderCredential* seader_credential = seader->credential;
PAC_t pac = {0};
PAC_t* pac_p = &pac;
bool rtn = false;
asn_dec_rval_t rval = asn_decode(0, ATS_DER, &asn_DEF_PAC, (void**)&pac_p, buf, size);
if(rval.code == RC_OK) {
#ifdef ASN1_DEBUG
char pacDebug[384] = {0};
(&asn_DEF_PAC)
->op->print_struct(&asn_DEF_PAC, &pac, 1, seader_print_struct_callback, pacDebug);
if(strlen(pacDebug) > 0) {
FURI_LOG_D(TAG, "Received pac: %s", pacDebug);
}
#endif
if(seader_credential->sio[0] == 0x30) {
seader_log_hex_data(TAG, "SIO", seader_credential->sio, seader_credential->sio_len);
#ifdef ASN1_DEBUG
SIO_t sio = {0};
SIO_t* sio_p = &sio;
rval = asn_decode(
0,
ATS_DER,
&asn_DEF_SIO,
(void**)&sio_p,
seader_credential->sio,
seader_credential->sio_len);
if(rval.code == RC_OK) {
FURI_LOG_D(TAG, "Decoded SIO");
char sioDebug[384] = {0};
(&asn_DEF_SIO)
->op->print_struct(
&asn_DEF_SIO, &sio, 1, seader_print_struct_callback, sioDebug);
if(strlen(sioDebug) > 0) {
FURI_LOG_D(TAG, "SIO: %s", sioDebug);
}
} else {
FURI_LOG_W(TAG, "Failed to decode SIO %d consumed", rval.consumed);
}
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_SIO, &sio);
#endif
}
if(pac.size <= sizeof(seader_credential->credential)) {
// TODO: make credential into a 12 byte array
seader_credential->bit_length = pac.size * 8 - pac.bits_unused;
memcpy(&seader_credential->credential, pac.buf, pac.size);
seader_credential->credential = __builtin_bswap64(seader_credential->credential);
seader_credential->credential = seader_credential->credential >>
(64 - seader_credential->bit_length);
FURI_LOG_D(
TAG,
"credential (%d) %016llx",
seader_credential->bit_length,
seader_credential->credential);
rtn = true;
} else {
// PACS too big (probably bad data)
seader_abort_active_read(seader);
}
} else {
FURI_LOG_W(TAG, "Failed to decode PAC %d consumed, size %d", rval.consumed, size);
seader_abort_active_read(seader);
}
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_PAC, &pac);
return rtn;
}
// 800201298106683d052026b6820101
//300F800201298106683D052026B6820101
// ATR3:
// 800207358106793D81F9F385820104A51E8004000000018106053000000000820B323330353139313232395A830152
#define MAX_VERSION_SIZE 60
bool seader_parse_version(SeaderWorker* seader_worker, uint8_t* buf, size_t size) {
bool rtn = false;
if(size > MAX_VERSION_SIZE) {
// Too large to handle now
FURI_LOG_W(TAG, "Version of %d is too long to parse", size);
return false;
}
SamVersion_t version = {0};
SamVersion_t* version_p = &version;
// Add sequence prefix
uint8_t seq[MAX_VERSION_SIZE + 2] = {0x30};
seq[1] = (uint8_t)size;
memcpy(seq + 2, buf, size);
asn_dec_rval_t rval =
asn_decode(0, ATS_DER, &asn_DEF_SamVersion, (void**)&version_p, seq, size + 2);
if(rval.code == RC_OK) {
#ifdef ASN1_DEBUG
char versionDebug[128] = {0};
(&asn_DEF_SamVersion)
->op->print_struct(
&asn_DEF_SamVersion, &version, 1, seader_print_struct_callback, versionDebug);
if(strlen(versionDebug) > 0) {
FURI_LOG_D(TAG, "Received version: %s", versionDebug);
}
#endif
if(version.version.size == 2) {
memcpy(seader_worker->sam_version, version.version.buf, version.version.size);
FURI_LOG_I(
TAG,
"SAM Version: %d.%d",
seader_worker->sam_version[0],
seader_worker->sam_version[1]);
}
rtn = true;
} else {
FURI_LOG_W(TAG, "Failed to decode SamVersion %d consumed, size %d", rval.consumed, size);
}
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_SamVersion, &version);
return rtn;
}
bool seader_sam_save_serial(Seader* seader, uint8_t* buf, size_t size) {
SeaderCredential* cred = seader->credential;
const char* file_header = "SAM Serial Number";
const uint32_t file_version = 1;
bool use_load_path = true;
bool saved = false;
FlipperFormat* file = flipper_format_file_alloc(cred->storage);
FuriString* temp_str;
temp_str = furi_string_alloc();
do {
if(use_load_path && !furi_string_empty(cred->load_path)) {
// Get directory name
path_extract_dirname(furi_string_get_cstr(cred->load_path), temp_str);
// Make path to file to save
furi_string_cat_printf(temp_str, "/%s%s", SEADER_SERIAL_FILE_NAME, ".txt");
} else {
furi_string_printf(
temp_str, "%s/%s%s", STORAGE_APP_DATA_PATH_PREFIX, SEADER_SERIAL_FILE_NAME, ".txt");
}
// Open file
if(!flipper_format_file_open_always(file, furi_string_get_cstr(temp_str))) break;
if(!flipper_format_write_header_cstr(file, file_header, file_version)) break;
if(!flipper_format_write_hex(file, "Chip Serial Number", buf, size)) break;
saved = true;
} while(false);
if(!saved) {
dialog_message_show_storage_error(cred->dialogs, "Can not save\nserial file");
}
furi_string_free(temp_str);
flipper_format_free(file);
return saved;
}
bool seader_sam_save_serial_QR(Seader* seader, char* serial) {
SeaderCredential* cred = seader->credential;
const char* file_header = "QRCode";
const uint32_t file_version = 0;
bool saved = false;
FlipperFormat* file = flipper_format_file_alloc(cred->storage);
FuriString* temp_str;
temp_str = furi_string_alloc();
do {
storage_simply_mkdir(cred->storage, EXT_PATH("qrcodes"));
furi_string_printf(
temp_str, "%s/%s%s", EXT_PATH("qrcodes"), "seader_sam_serial", ".qrcode");
// Open file
if(!flipper_format_file_open_always(file, furi_string_get_cstr(temp_str))) break;
if(!flipper_format_write_header_cstr(file, file_header, file_version)) break;
if(!flipper_format_write_string_cstr(file, "Message", serial)) break;
saved = true;
} while(false);
if(!saved) {
dialog_message_show_storage_error(cred->dialogs, "Can not save\nQR file");
}
furi_string_free(temp_str);
flipper_format_free(file);
return saved;
}
bool seader_parse_serial_number(Seader* seader, uint8_t* buf, size_t size) {
// Create hex string for QR code (needs to be persistent)
char hex_string[size * 2 + 1];
for(uint8_t i = 0; i < size; i++) {
snprintf(hex_string + (i * 2), sizeof(hex_string) - (i * 2), "%02x", buf[i]);
}
hex_string[size * 2] = '\0';
seader_log_hex_data(TAG, "Received serial", buf, size);
seader_sam_save_serial_QR(seader, hex_string);
return seader_sam_save_serial(seader, buf, size);
}
static void seader_abort_active_read(Seader* seader) {
SeaderWorker* seader_worker = seader->worker;
FURI_LOG_W(TAG, "Abort active read stage=%d sam=%d", seader_worker->stage, seader->samCommand);
seader_trace(
TAG,
"abort stage=%d sam=%d state=%d intent=%d",
seader_worker->stage,
seader->samCommand,
seader->sam_state,
seader->sam_intent);
seader_worker->stage = SeaderPollerEventTypeFail;
if(!seader_sam_has_active_card(seader) && seader->sam_state != SeaderSamStateClearPending) {
seader_sam_set_state(
seader, SeaderSamStateIdle, SeaderSamIntentNone, SamCommand_PR_NOTHING);
}
view_dispatcher_send_custom_event(seader->view_dispatcher, SeaderCustomEventWorkerExit);
}
bool seader_parse_sam_response2(Seader* seader, SamResponse2_t* samResponse) {
uint8_t buffer[10];
switch(samResponse->present) {
case SamResponse2_PR_pacs:
FURI_LOG_I(TAG, "samResponse2 SamResponse2_PR_pacs");
if((seader->sam_state != SeaderSamStateConversation &&
seader->sam_state != SeaderSamStateFinishing) ||
seader->sam_intent != SeaderSamIntentReadPacs2) {
FURI_LOG_W(
TAG,
"Unexpected pacs2 response in state=%d intent=%d",
seader->sam_state,
seader->sam_intent);
seader_abort_active_read(seader);
break;
}
Pacs2_t pacs2 = samResponse->choice.pacs;
OCTET_STRING_t* pacs = pacs2.bits;
buffer[0] = 0x03;
buffer[1] = pacs->size & 0xFF;
memcpy(buffer + 2, pacs->buf, pacs->size);
if(seader_unpack_pacs(seader, buffer, pacs->size + 2)) {
view_dispatcher_send_custom_event(
seader->view_dispatcher, SeaderCustomEventPollerSuccess);
seader_sam_set_state(
seader, SeaderSamStateIdle, SeaderSamIntentNone, SamCommand_PR_NOTHING);
}
break;
case SamResponse2_PR_NOTHING:
FURI_LOG_I(TAG, "samResponse2 SamResponse2_PR_NOTHING");
seader_abort_active_read(seader);
break;
default:
FURI_LOG_I(TAG, "Unknown samResponse2 %d", samResponse->present);
seader_abort_active_read(seader);
break;
}
return false;
}
bool seader_parse_sam_response(Seader* seader, SamResponse_t* samResponse) {
SeaderWorker* seader_worker = seader->worker;
switch(seader->sam_state) {
case SeaderSamStateConversation:
case SeaderSamStateFinishing:
if(seader->sam_intent == SeaderSamIntentReadPacs) {
FURI_LOG_I(TAG, "samResponse read PACS");
if(seader_unpack_pacs(seader, samResponse->buf, samResponse->size)) {
view_dispatcher_send_custom_event(
seader->view_dispatcher, SeaderCustomEventPollerSuccess);
seader_sam_set_state(
seader, SeaderSamStateIdle, SeaderSamIntentNone, SamCommand_PR_NOTHING);
}
} else if(seader->sam_intent == SeaderSamIntentConfig) {
FURI_LOG_I(TAG, "samResponse config");
seader_worker->stage = SeaderPollerEventTypeFail;
seader_sam_set_state(
seader, SeaderSamStateIdle, SeaderSamIntentNone, SamCommand_PR_NOTHING);
} else {
FURI_LOG_W(TAG, "Unexpected samResponse intent=%d", seader->sam_intent);
seader_abort_active_read(seader);
}
break;
case SeaderSamStateVersionPending:
FURI_LOG_I(TAG, "samResponse version");
seader_parse_version(seader_worker, samResponse->buf, samResponse->size);
seader_worker_send_serial_number(seader);
break;
case SeaderSamStateSerialPending:
FURI_LOG_I(TAG, "samResponse serial");
seader_parse_serial_number(seader, samResponse->buf, samResponse->size);
seader_sam_set_state(
seader, SeaderSamStateIdle, SeaderSamIntentNone, SamCommand_PR_NOTHING);
break;
case SeaderSamStateDetectPending:
FURI_LOG_I(TAG, "samResponse cardDetected");
if(seader->sam_intent == SeaderSamIntentConfig) {
seader_send_process_config_card(seader);
} else if(seader->sam_intent == SeaderSamIntentReadPacs2) {
seader_send_request_pacs2(seader);
} else if(seader->sam_intent == SeaderSamIntentReadPacs) {
seader_send_request_pacs(seader);
} else {
FURI_LOG_W(TAG, "Unexpected detect intent=%d", seader->sam_intent);
seader_abort_active_read(seader);
}
break;
case SeaderSamStateClearPending:
FURI_LOG_I(TAG, "samResponse clear-detected-card ack");
seader_trace(TAG, "cardDetected ack clear stage=%d", seader_worker->stage);
seader_sam_set_state(
seader, SeaderSamStateIdle, SeaderSamIntentNone, SamCommand_PR_NOTHING);
break;
case SeaderSamStateIdle:
FURI_LOG_W(TAG, "Unexpected samResponse while idle");
seader_log_hex_data(TAG, "Unexpected samResponse", samResponse->buf, samResponse->size);
break;
default:
FURI_LOG_W(TAG, "Unhandled sam state %d", seader->sam_state);
seader_abort_active_read(seader);
break;
}
return false;
}
bool seader_parse_response(Seader* seader, Response_t* response) {
switch(response->present) {
case Response_PR_samResponse:
seader_parse_sam_response(seader, &response->choice.samResponse);
break;
case Response_PR_samResponse2:
seader_parse_sam_response2(seader, &response->choice.samResponse2);
break;
default:
FURI_LOG_D(TAG, "non-sam response");
break;
};
return false;
}
void seader_send_nfc_rx(Seader* seader, uint8_t* buffer, size_t len) {
OCTET_STRING_t rxData = {.buf = buffer, .size = len};
uint8_t status[] = {0x00, 0x00};
RfStatus_t rfStatus = {.buf = status, .size = 2};
NFCRx_t nfcRx = {0};
nfcRx.rfStatus = rfStatus;
nfcRx.data = &rxData;
NFCResponse_t nfcResponse = {0};
nfcResponse.present = NFCResponse_PR_nfcRx;
nfcResponse.choice.nfcRx = nfcRx;
Response_t response = {0};
response.present = Response_PR_nfcResponse;
response.choice.nfcResponse = nfcResponse;
seader_send_response(seader, &response, NFCInterface, SAMInterface, 0x0);
}
void seader_capture_sio(BitBuffer* tx_buffer, BitBuffer* rx_buffer, SeaderCredential* credential) {
const uint8_t* buffer = bit_buffer_get_data(tx_buffer);
size_t len = bit_buffer_get_size_bytes(tx_buffer);
const uint8_t* rxBuffer = bit_buffer_get_data(rx_buffer);
if(credential->type == SeaderCredentialTypePicopass) {
if(buffer[0] == RFAL_PICOPASS_CMD_READ_OR_IDENTIFY) {
FURI_LOG_D(TAG, "Picopass Read1 block %02x", buffer[1]);
}
if(buffer[0] == RFAL_PICOPASS_CMD_READ4) {
FURI_LOG_D(TAG, "Picopass Read4 block %02x", buffer[1]);
}
if(buffer[0] == RFAL_PICOPASS_CMD_READ4) {
uint8_t block_num = buffer[1];
if(credential->sio_len == 0 && rxBuffer[0] == 0x30) {
credential->sio_start_block = block_num;
}
uint8_t offset = (block_num - credential->sio_start_block) * PICOPASS_BLOCK_LEN;
memcpy(credential->sio + offset, rxBuffer, PICOPASS_BLOCK_LEN * 4);
credential->sio_len += PICOPASS_BLOCK_LEN * 4;
}
} else if(credential->type == SeaderCredentialType14A) {
// Desfire EV1 passes SIO in the clear
// The desfire_read command is 13 bytes in total, but we deliberately don't check the read length as newer SAM
// firmware versions read 5 bytes first to determine the length of the SIO from the ASN.1 tag length then do a
// second read with just the required length to skip reading any additional bytes at the end of the file
uint8_t desfire_read[] = {0x90, 0xbd, 0x00, 0x00, 0x07, 0x0f, 0x00, 0x00, 0x00};
if(len == 13 && memcmp(buffer, desfire_read, sizeof(desfire_read)) == 0 &&
rxBuffer[0] == 0x30) {
size_t sio_len =
bit_buffer_get_size_bytes(rx_buffer) - 2; // -2 for the APDU response bytes
if(sio_len > sizeof(credential->sio)) {
return;
}
credential->sio_len = sio_len;
memcpy(credential->sio, rxBuffer, credential->sio_len);
}
}
}
void seader_iso15693_transmit(
Seader* seader,
PicopassPoller* picopass_poller,
uint8_t* buffer,
size_t len) {
SeaderWorker* seader_worker = seader->worker;
BitBuffer* tx_buffer = bit_buffer_alloc(len);
BitBuffer* rx_buffer = bit_buffer_alloc(SEADER_POLLER_MAX_BUFFER_SIZE);
PicopassError error = PicopassErrorNone;
do {
bit_buffer_append_bytes(tx_buffer, buffer, len);
if(memcmp(buffer, updateBlock2, sizeof(updateBlock2)) == 0) {
error = seader_worker_fake_epurse_update(tx_buffer, rx_buffer);
} else {
error = picopass_poller_send_frame(
picopass_poller, tx_buffer, rx_buffer, SEADER_POLLER_MAX_FWT);
}
if(error == PicopassErrorIncorrectCrc) {
error = PicopassErrorNone;
}
if(error != PicopassErrorNone) {
seader_worker->stage = SeaderPollerEventTypeFail;
break;
}
seader_capture_sio(tx_buffer, rx_buffer, seader->credential);
seader_send_nfc_rx(
seader,
(uint8_t*)bit_buffer_get_data(rx_buffer),
bit_buffer_get_size_bytes(rx_buffer));
} while(false);
bit_buffer_free(tx_buffer);
bit_buffer_free(rx_buffer);
}
/* Assumes this is called in the context of the NFC API callback */
void seader_iso14443a_transmit(
Seader* seader,
Iso14443_4aPoller* iso14443_4a_poller,
uint8_t* buffer,
size_t len,
uint16_t timeout,
uint8_t format[3]) {
UNUSED(timeout);
UNUSED(format);
furi_assert(seader);
furi_assert(buffer);
furi_assert(iso14443_4a_poller);
SeaderWorker* seader_worker = seader->worker;
SeaderCredential* credential = seader->credential;
BitBuffer* tx_buffer =
bit_buffer_alloc(len + 1); // extra byte to allow for appending a Le byte sometimes
BitBuffer* rx_buffer = bit_buffer_alloc(SEADER_POLLER_MAX_BUFFER_SIZE);
do {
bit_buffer_append_bytes(tx_buffer, buffer, len);
if(seader->credential->isDesfireEV2 && sizeof(select_desfire_app_no_le) == len &&
memcmp(buffer, select_desfire_app_no_le, len) == 0) {
// If a DESFire EV2 card has previously sent a dodgy reply to a SELECT SeosApp
// future SELECT DESFire commands with no Le byte (Ne == 0) fail with SW 6C00 (Wrong length Le)
// If it has responded with a file not found (ie non-EV2 cards) to the SELECT SeosApp
// then the SELECT DESFire without the Le byte is accepted fine.
// No clue why this happens, but we have to deal with it annoyingly
// We can't just always add the Le byte as this breaks OG D40 cards, so only do it when needed
bit_buffer_append_byte(tx_buffer, 0x00); // Le byte of 0x00 is Ne 256
}
Iso14443_4aError error =
iso14443_4a_poller_send_block(iso14443_4a_poller, tx_buffer, rx_buffer);
if(error != Iso14443_4aErrorNone) {
FURI_LOG_W(TAG, "iso14443_4a_poller_send_block error %d", error);
seader_worker->stage = SeaderPollerEventTypeFail;
break;
}
// if the cAPDU was select seos app and the response starts with 6F228520
// then this is almost certainly a dodgy response from a DESFire EV2 card
// not a Seos card which old SAM firmware don't handle very well, so fake
// a FILD_NOT_FOUND response instead of the real response
if(sizeof(select_seos_app) == len && memcmp(buffer, select_seos_app, len) == 0 &&
bit_buffer_get_size_bytes(rx_buffer) == 38) {
const uint8_t ev2_select_reply_prefix[] = {0x6F, 0x22, 0x85, 0x20};
const uint8_t* rapdu = bit_buffer_get_data(rx_buffer);
if(memcmp(ev2_select_reply_prefix, rapdu, sizeof(ev2_select_reply_prefix)) == 0) {
FURI_LOG_I(
TAG,
"Intercept DESFire EV2 reply to SELECT SeosApp and return File Not Found");
seader->credential->isDesfireEV2 = true;
bit_buffer_reset(rx_buffer);
bit_buffer_append_bytes(rx_buffer, FILE_NOT_FOUND, sizeof(FILE_NOT_FOUND));
}
}
seader_capture_sio(tx_buffer, rx_buffer, credential);
seader_send_nfc_rx(
seader,
(uint8_t*)bit_buffer_get_data(rx_buffer),
bit_buffer_get_size_bytes(rx_buffer));
} while(false);
bit_buffer_free(tx_buffer);
bit_buffer_free(rx_buffer);
}
/* Assumes this is called in the context of the NFC API callback */
#define MF_CLASSIC_FWT_FC (60000)
void seader_mfc_transmit(
Seader* seader,
MfClassicPoller* mfc_poller,
uint8_t* buffer,
size_t len,
uint16_t timeout,
uint8_t format[3]) {
UNUSED(timeout);
furi_assert(seader);
furi_assert(buffer);
furi_assert(mfc_poller);
SeaderWorker* seader_worker = seader->worker;
BitBuffer* tx_buffer = bit_buffer_alloc(len);
BitBuffer* rx_buffer = bit_buffer_alloc(SEADER_POLLER_MAX_BUFFER_SIZE);
do {
seader_trace(
TAG,
"mfc tx format=%02x%02x%02x len=%u",
format[0],
format[1],
format[2],
(unsigned)len);
if((format[0] == 0x00 && format[1] == 0x00 && format[2] == 0x40) ||
(format[0] == 0x00 && format[1] == 0x00 && format[2] == 0x24) ||
(format[0] == 0x00 && format[1] == 0x00 && format[2] == 0x44)) {
seader_trace_mfc_packed_frame("mfc tx raw", buffer, len);
} else {
seader_trace_hex(TAG, "mfc tx raw", buffer, len);
}
if(format[0] == 0x00 && format[1] == 0xC0 && format[2] == 0x00) {
bit_buffer_append_bytes(tx_buffer, buffer, len);
MfClassicError error =
mf_classic_poller_send_frame(mfc_poller, tx_buffer, rx_buffer, MF_CLASSIC_FWT_FC);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "mf_classic_poller_send_frame error %d", error);
seader_trace(TAG, "mfc send_frame error=%d", error);
seader_worker->stage = SeaderPollerEventTypeFail;
break;
}
seader_trace_hex(
TAG,
"mfc rx raw",
bit_buffer_get_data(rx_buffer),
bit_buffer_get_size_bytes(rx_buffer));
} else if(
(format[0] == 0x00 && format[1] == 0x00 && format[2] == 0x40) ||
(format[0] == 0x00 && format[1] == 0x00 && format[2] == 0x24) ||
(format[0] == 0x00 && format[1] == 0x00 && format[2] == 0x44)) {
seader_log_hex_data(TAG, "NFC Send with parity", buffer, len);
// Only handles message up to 8 data bytes
uint8_t tx_parity = 0;
uint8_t len_without_parity = len - 1;
// Don't forget to swap the bits of buffer[8]
for(size_t i = 0; i < len; i++) {
bit_lib_reverse_bits(buffer + i, 0, 8);
}
// Pull out parity bits
for(size_t i = 0; i < len_without_parity; i++) {
bool val = bit_lib_get_bit(buffer + i + 1, i);
bit_lib_set_bit(&tx_parity, i, val);
}
for(size_t i = 0; i < len_without_parity; i++) {
buffer[i] = (buffer[i] << i) | (buffer[i + 1] >> (8 - i));
}
bit_buffer_append_bytes(tx_buffer, buffer, len_without_parity);
for(size_t i = 0; i < len_without_parity; i++) {
bit_lib_reverse_bits(buffer + i, 0, 8);
bit_buffer_set_byte_with_parity(
tx_buffer, i, buffer[i], bit_lib_get_bit(&tx_parity, i));
}
seader_trace_mfc_bitbuffer("mfc tx bitbuffer", tx_buffer, true);
// Log the BitBuffer contents efficiently
size_t tx_size = bit_buffer_get_size_bytes(tx_buffer);
uint8_t* tx_data = malloc(tx_size);
if(tx_data) {
for(uint8_t i = 0; i < tx_size; i++) {
tx_data[i] = bit_buffer_get_byte(tx_buffer, i);
}
seader_log_hex_data(TAG, "NFC Send without parity", tx_data, tx_size);
seader_trace_hex(TAG, "mfc tx no parity", tx_data, tx_size);
free(tx_data);
}
MfClassicError error = mf_classic_poller_send_custom_parity_frame(
mfc_poller, tx_buffer, rx_buffer, MF_CLASSIC_FWT_FC);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "mf_classic_poller_send_encrypted_frame error %d", error);
seader_trace(TAG, "mfc send_custom_parity error=%d", error);
if(error == MfClassicErrorTimeout &&
seader->credential->type == SeaderCredentialTypeMifareClassic) {
snprintf(
seader->read_error,
sizeof(seader->read_error),
"Protected read timed out.\nNo supported data\nor wrong key.");
}
seader_worker->stage = SeaderPollerEventTypeFail;
break;
}
size_t length = bit_buffer_get_size_bytes(rx_buffer);
const uint8_t* rx_parity = bit_buffer_get_parity(rx_buffer);
seader_trace_mfc_bitbuffer("mfc rx bitbuffer", rx_buffer, true);
// Log the BitBuffer contents efficiently
uint8_t* rx_data = malloc(length);
if(rx_data) {
for(uint8_t i = 0; i < length; i++) {
rx_data[i] = bit_buffer_get_byte(rx_buffer, i);
}
seader_log_hex_data(TAG, "NFC Response without parity", rx_data, length);
seader_trace_hex(TAG, "mfc rx no parity", rx_data, length);
free(rx_data);
}
uint8_t with_parity[SEADER_POLLER_MAX_BUFFER_SIZE];
memset(with_parity, 0, sizeof(with_parity));
for(size_t i = 0; i < length; i++) {
uint8_t b = bit_buffer_get_byte(rx_buffer, i);
bit_lib_reverse_bits(&b, 0, 8);
bit_buffer_set_byte(rx_buffer, i, b);
}
length = length + (length / 8) + 1;
uint8_t parts = 1 + length / 9;
for(size_t p = 0; p < parts; p++) {
uint8_t doffset = p * 9;
uint8_t soffset = p * 8;
for(size_t i = 0; i < 9; i++) {
with_parity[i + doffset] = bit_buffer_get_byte(rx_buffer, i + soffset) >> i;
if(i > 0) {
with_parity[i + doffset] |= bit_buffer_get_byte(rx_buffer, i + soffset - 1)
<< (9 - i);
}
if(i > 0) {
bool val = bit_lib_get_bit(rx_parity, i - 1);
bit_lib_set_bit(with_parity + i, i - 1, val);
}
}
}
for(size_t i = 0; i < length; i++) {
bit_lib_reverse_bits(with_parity + i, 0, 8);
}
bit_buffer_copy_bytes(rx_buffer, with_parity, length);
// Log the BitBuffer contents efficiently
uint8_t* rx_data_parity = malloc(length);
if(rx_data_parity) {
for(uint8_t i = 0; i < length; i++) {
rx_data_parity[i] = bit_buffer_get_byte(rx_buffer, i);
}
seader_log_hex_data(TAG, "NFC Response with parity", rx_data_parity, length);
seader_trace_hex(TAG, "mfc rx parity", rx_data_parity, length);
free(rx_data_parity);
}
} else {
FURI_LOG_W(TAG, "UNHANDLED FORMAT");
seader_trace(
TAG, "mfc unhandled format=%02x%02x%02x", format[0], format[1], format[2]);
}
seader_send_nfc_rx(
seader,
(uint8_t*)bit_buffer_get_data(rx_buffer),
bit_buffer_get_size_bytes(rx_buffer));
} while(false);
bit_buffer_free(tx_buffer);
bit_buffer_free(rx_buffer);
}
void seader_parse_nfc_command_transmit(
Seader* seader,
NFCSend_t* nfcSend,
SeaderPollerContainer* spc) {
long timeOut = nfcSend->timeOut;
Protocol_t protocol = nfcSend->protocol;
FrameProtocol_t frameProtocol = protocol.buf[1];
#ifdef ASN1_DEBUG
seader_log_hex_data(TAG, "Transmit data", nfcSend->data.buf, nfcSend->data.size);
#endif
if(seader->credential->type == SeaderCredentialTypeVirtual) {
seader_virtual_picopass_state_machine(seader, nfcSend->data.buf, nfcSend->data.size);
} else if(frameProtocol == FrameProtocol_iclass) {
seader_iso15693_transmit(
seader, spc->picopass_poller, nfcSend->data.buf, nfcSend->data.size);
} else if(frameProtocol == FrameProtocol_nfc) {
if(spc->iso14443_4a_poller) {
seader_iso14443a_transmit(
seader,
spc->iso14443_4a_poller,
nfcSend->data.buf,
nfcSend->data.size,
(uint16_t)timeOut,
nfcSend->format->buf);
} else if(spc->mfc_poller) {
seader_mfc_transmit(
seader,
spc->mfc_poller,
nfcSend->data.buf,
nfcSend->data.size,
(uint16_t)timeOut,
nfcSend->format->buf);
}
} else {
FURI_LOG_W(TAG, "unknown frame protocol %lx", frameProtocol);
}
}
void seader_parse_nfc_off(Seader* seader) {
FURI_LOG_D(TAG, "Set Field Off");
seader_trace(TAG, "nfcOff state=%d intent=%d", seader->sam_state, seader->sam_intent);
NFCResponse_t nfcResponse = {0};
nfcResponse.present = NFCResponse_PR_nfcAck;
Response_t response = {0};
response.present = Response_PR_nfcResponse;
response.choice.nfcResponse = nfcResponse;
seader_send_response(seader, &response, ExternalApplicationA, SAMInterface, 0);
if(seader->sam_state == SeaderSamStateConversation &&
(seader->sam_intent == SeaderSamIntentReadPacs ||
seader->sam_intent == SeaderSamIntentReadPacs2 ||
seader->sam_intent == SeaderSamIntentConfig)) {
seader_sam_set_state(
seader, SeaderSamStateFinishing, seader->sam_intent, seader->samCommand);
}
}
void seader_parse_nfc_command(Seader* seader, NFCCommand_t* nfcCommand, SeaderPollerContainer* spc) {
switch(nfcCommand->present) {
case NFCCommand_PR_nfcSend:
furi_assert(spc);
seader_parse_nfc_command_transmit(seader, &nfcCommand->choice.nfcSend, spc);
break;
case NFCCommand_PR_nfcOff:
seader_parse_nfc_off(seader);
if(spc != NULL) {
seader->worker->stage = SeaderPollerEventTypeComplete;
}
break;
default:
FURI_LOG_W(TAG, "unparsed NFCCommand");
break;
};
}
bool seader_worker_state_machine(
Seader* seader,
Payload_t* payload,
bool online,
SeaderPollerContainer* spc) {
bool processed = false;
switch(payload->present) {
case Payload_PR_response:
FURI_LOG_D(TAG, "Payload_PR_response");
seader_parse_response(seader, &payload->choice.response);
processed = true;
break;
case Payload_PR_nfcCommand:
FURI_LOG_D(TAG, "Payload_PR_nfcCommand");
if(online) {
seader_parse_nfc_command(seader, &payload->choice.nfcCommand, spc);
processed = true;
} else if(payload->choice.nfcCommand.present == NFCCommand_PR_nfcOff) {
seader_parse_nfc_command(seader, &payload->choice.nfcCommand, NULL);
processed = true;
} else {
seader_trace(
TAG,
"defer offline nfcSend state=%d intent=%d",
seader->sam_state,
seader->sam_intent);
}
break;
case Payload_PR_errorResponse:
FURI_LOG_W(TAG, "Payload_PR_errorResponse");
processed = true;
view_dispatcher_send_custom_event(seader->view_dispatcher, SeaderCustomEventWorkerExit);
break;
default:
FURI_LOG_W(TAG, "unhandled payload");
break;
};
return processed;
}
bool seader_process_success_response_i(
Seader* seader,
uint8_t* apdu,
size_t len,
bool online,
SeaderPollerContainer* spc) {
Payload_t payload = {0};
Payload_t* payload_p = &payload;
bool processed = false;
asn_dec_rval_t rval =
asn_decode(0, ATS_DER, &asn_DEF_Payload, (void**)&payload_p, apdu + 6, len - 6);
if(rval.code == RC_OK) {
#ifdef ASN1_DEBUG
if(online == false) {
seader_log_hex_data(TAG, "incoming APDU", apdu + 6, len - 6);
char payloadDebug[384] = {0};
memset(payloadDebug, 0, sizeof(payloadDebug));
(&asn_DEF_Payload)
->op->print_struct(
&asn_DEF_Payload, &payload, 1, seader_print_struct_callback, payloadDebug);
if(strlen(payloadDebug) > 0) {
FURI_LOG_D(TAG, "Received Payload: %s", payloadDebug);
} else {
FURI_LOG_D(TAG, "Received empty Payload");
}
} else {
FURI_LOG_D(TAG, "Online mode");
}
#endif
processed = seader_worker_state_machine(seader, &payload, online, spc);
} else {
seader_log_hex_data(TAG, "Failed to decode APDU payload", apdu, len);
seader_abort_active_read(seader);
}
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_Payload, &payload);
return processed;
}
NfcCommand seader_worker_card_detect(
Seader* seader,
uint8_t sak,
uint8_t* atqa,
const uint8_t* uid,
uint8_t uid_len,
uint8_t* ats,
uint8_t ats_len) {
UNUSED(atqa);
SeaderCredential* credential = seader->credential;
CardDetails_t cardDetails = {0};
OCTET_STRING_fromBuf(&cardDetails.csn, (const char*)uid, uid_len);
OCTET_STRING_t sak_string = {.buf = &sak, .size = 1};
OCTET_STRING_t ats_string = {.buf = ats, .size = ats_len};
uint8_t protocol_bytes[] = {0x00, 0x00};
// this won't hold true for Seos cards, but then we won't see the SIO from Seos cards anyway
// so it doesn't really matter
memcpy(credential->diversifier, uid, uid_len);
credential->diversifier_len = uid_len;
if(ats != NULL) { // type 4
protocol_bytes[1] = FrameProtocol_nfc;
OCTET_STRING_fromBuf(
&cardDetails.protocol, (const char*)protocol_bytes, sizeof(protocol_bytes));
cardDetails.sak = &sak_string;
// TODO: Update asn1 to change atqa to ats
cardDetails.atsOrAtqbOrAtr = &ats_string;
} else if(uid_len == 8) { // picopass
protocol_bytes[1] = FrameProtocol_iclass;
OCTET_STRING_fromBuf(
&cardDetails.protocol, (const char*)protocol_bytes, sizeof(protocol_bytes));
} else { // MFC
protocol_bytes[1] = FrameProtocol_nfc;
OCTET_STRING_fromBuf(
&cardDetails.protocol, (const char*)protocol_bytes, sizeof(protocol_bytes));
cardDetails.sak = &sak_string;
}
seader_sam_set_state(
seader,
SeaderSamStateDetectPending,
seader_sam_card_intent(seader),
SamCommand_PR_cardDetected);
seader_send_card_detected(seader, &cardDetails);
// Print version information for app and firmware for later review in log
const Version* version = version_get();
FURI_LOG_I(
TAG,
"Firmware origin: %s firmware version: %s app version: %s",
version_get_firmware_origin(version),
version_get_version(version),
FAP_VERSION);
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_CardDetails, &cardDetails);
return NfcCommandContinue;
}
Reference in New Issue View Git Blame Copy Permalink