mirror of
https://github.com/Next-Flip/Momentum-Firmware.git
synced 2026-06-16 20:09:44 -07:00
further cleanups towards a proper merge
SLIX-L accepts all passwords when password is zero
This commit is contained in:
g3gg0
@@ -602,49 +602,6 @@ static bool furi_hal_nfc_transparent_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_
|
||||
return ret;
|
||||
}
|
||||
|
||||
static bool furi_hal_nfc_fully_transparent_raw_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_t timeout_ms) {
|
||||
furi_assert(tx_rx);
|
||||
|
||||
bool received = false;
|
||||
|
||||
tx_rx->rx_bits = 0;
|
||||
|
||||
if(tx_rx->tx_bits) {
|
||||
nfca_trans_rx_pause(&tx_rx->nfca_trans_state);
|
||||
furi_hal_gpio_write(&gpio_spi_r_mosi, false);
|
||||
digital_sequence_send(tx_rx->nfca_signal->tx_signal);
|
||||
furi_hal_gpio_write(&gpio_spi_r_mosi, false);
|
||||
nfca_trans_rx_continue(&tx_rx->nfca_trans_state);
|
||||
|
||||
if(tx_rx->sniff_tx) {
|
||||
tx_rx->sniff_tx(tx_rx->tx_data, tx_rx->tx_bits, false, tx_rx->sniff_context);
|
||||
}
|
||||
}
|
||||
|
||||
if(timeout_ms) {
|
||||
tx_rx->nfca_trans_state.bits_received = 0;
|
||||
received = nfca_trans_rx_loop(&tx_rx->nfca_trans_state, timeout_ms);
|
||||
|
||||
if(received) {
|
||||
if(tx_rx->nfca_trans_state.bits_received > 7) {
|
||||
tx_rx->rx_bits = tx_rx->nfca_trans_state.bits_received/9 * 8;
|
||||
for(size_t pos = 0; pos < tx_rx->rx_bits/8; pos++) {
|
||||
tx_rx->rx_data[pos] = tx_rx->nfca_trans_state.frame_data[pos];
|
||||
}
|
||||
} else {
|
||||
tx_rx->rx_bits = tx_rx->nfca_trans_state.bits_received;
|
||||
tx_rx->rx_data[0] = tx_rx->nfca_trans_state.frame_data[0] & ~(0xFF << tx_rx->rx_bits);
|
||||
}
|
||||
|
||||
if(tx_rx->sniff_rx) {
|
||||
tx_rx->sniff_rx(tx_rx->rx_data, tx_rx->rx_bits, false, tx_rx->sniff_context);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return received;
|
||||
}
|
||||
|
||||
static bool furi_hal_nfc_fully_transparent_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_t timeout_ms) {
|
||||
furi_assert(tx_rx);
|
||||
|
||||
@@ -786,12 +743,11 @@ void furi_hal_nfc_gen_bitstream(FuriHalNfcTxRxContext* tx_rx, uint8_t *buffer, s
|
||||
bool furi_hal_nfc_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_t timeout_ms) {
|
||||
furi_assert(tx_rx);
|
||||
|
||||
if(tx_rx->tx_rx_type == FuriHalNfcTxRxFullyRawTransparent) {
|
||||
return furi_hal_nfc_fully_transparent_raw_tx_rx(tx_rx, timeout_ms);
|
||||
}
|
||||
/* send and receive data using transparent mode */
|
||||
if(tx_rx->tx_rx_type == FuriHalNfcTxRxFullyTransparent) {
|
||||
return furi_hal_nfc_fully_transparent_tx_rx(tx_rx, timeout_ms);
|
||||
}
|
||||
/* send data using transparent mode and receive data in standard mode */
|
||||
if(tx_rx->tx_rx_type == FuriHalNfcTxRxTransparent) {
|
||||
return furi_hal_nfc_transparent_tx_rx(tx_rx, timeout_ms);
|
||||
}
|
||||
|
||||
@@ -47,7 +47,6 @@ typedef enum {
|
||||
FuriHalNfcTxRxTypeRaw,
|
||||
FuriHalNfcTxRxTypeRxRaw,
|
||||
FuriHalNfcTxRxTransparent,
|
||||
FuriHalNfcTxRxFullyRawTransparent,
|
||||
FuriHalNfcTxRxFullyTransparent
|
||||
} FuriHalNfcTxRxType;
|
||||
|
||||
|
||||
+33
-1
@@ -641,7 +641,7 @@ void nfc_worker_emulate_nfcv(NfcWorker* nfc_worker) {
|
||||
furi_delay_ms(0);
|
||||
}
|
||||
nfcv_emu_deinit(nfcv_data);
|
||||
|
||||
|
||||
if(furi_hal_rtc_is_flag_set(FuriHalRtcFlagDebug)) {
|
||||
reader_analyzer_stop(nfc_worker->reader_analyzer);
|
||||
}
|
||||
@@ -867,7 +867,37 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) {
|
||||
}
|
||||
|
||||
void nfc_worker_emulate_mf_classic(NfcWorker* nfc_worker) {
|
||||
FuriHalNfcTxRxContext tx_rx = {};
|
||||
FuriHalNfcDevData* nfc_data = &nfc_worker->dev_data->nfc_data;
|
||||
MfClassicEmulator emulator = {
|
||||
.cuid = nfc_util_bytes2num(&nfc_data->uid[nfc_data->uid_len - 4], 4),
|
||||
.data = nfc_worker->dev_data->mf_classic_data,
|
||||
.data_changed = false,
|
||||
};
|
||||
NfcaSignal* nfca_signal = nfca_signal_alloc();
|
||||
tx_rx.nfca_signal = nfca_signal;
|
||||
|
||||
rfal_platform_spi_acquire();
|
||||
|
||||
furi_hal_nfc_listen_start(nfc_data);
|
||||
while(nfc_worker->state == NfcWorkerStateMfClassicEmulate) {
|
||||
if(furi_hal_nfc_listen_rx(&tx_rx, 300)) {
|
||||
mf_classic_emulator(&emulator, &tx_rx);
|
||||
}
|
||||
}
|
||||
if(emulator.data_changed) {
|
||||
nfc_worker->dev_data->mf_classic_data = emulator.data;
|
||||
if(nfc_worker->callback) {
|
||||
nfc_worker->callback(NfcWorkerEventSuccess, nfc_worker->context);
|
||||
}
|
||||
emulator.data_changed = false;
|
||||
}
|
||||
|
||||
nfca_signal_free(nfca_signal);
|
||||
}
|
||||
|
||||
/* software-defined variant of MFC emulation, seems to also struggle with frame errors etc */
|
||||
void nfc_worker_emulate_mf_classic_trans(NfcWorker* nfc_worker) {
|
||||
FuriHalNfcTxRxContext tx_rx = {};
|
||||
FuriHalNfcDevData* nfc_data = &nfc_worker->dev_data->nfc_data;
|
||||
MfClassicEmulator emulator = {
|
||||
@@ -883,8 +913,10 @@ void nfc_worker_emulate_mf_classic(NfcWorker* nfc_worker) {
|
||||
furi_hal_nfc_listen_start(nfc_data);
|
||||
nfca_trans_rx_init(&tx_rx.nfca_trans_state);
|
||||
|
||||
/* we are usingthe fully transparent ISO14443-A mode */
|
||||
tx_rx.tx_rx_type = FuriHalNfcTxRxFullyTransparent;
|
||||
|
||||
/* prepare some answers to save time */
|
||||
uint8_t tx_buffer_aticoll[32];
|
||||
memcpy(tx_buffer_aticoll, &nfc_data->uid, 4);
|
||||
nfca_append_crc16(tx_buffer_aticoll, 4);
|
||||
|
||||
+16
-35
@@ -150,14 +150,12 @@ bool nfcv_read_card(
|
||||
|
||||
|
||||
|
||||
void nfcv_crc(uint8_t* data, uint32_t length, uint8_t* out) {
|
||||
void nfcv_crc(uint8_t* data, uint32_t length) {
|
||||
uint32_t reg = 0xFFFF;
|
||||
uint32_t i = 0;
|
||||
uint32_t j = 0;
|
||||
|
||||
for (i = 0; i < length; i++) {
|
||||
for (size_t i = 0; i < length; i++) {
|
||||
reg = reg ^ ((uint32_t)data[i]);
|
||||
for (j = 0; j < 8; j++) {
|
||||
for (size_t j = 0; j < 8; j++) {
|
||||
if (reg & 0x0001) {
|
||||
reg = (reg >> 1) ^ 0x8408;
|
||||
} else {
|
||||
@@ -168,8 +166,8 @@ void nfcv_crc(uint8_t* data, uint32_t length, uint8_t* out) {
|
||||
|
||||
uint16_t crc = ~(uint16_t)(reg & 0xffff);
|
||||
|
||||
out[0] = crc & 0xFF;
|
||||
out[1] = crc >> 8;
|
||||
data[length + 0] = crc & 0xFF;
|
||||
data[length + 1] = crc >> 8;
|
||||
}
|
||||
|
||||
void nfcv_emu_free(NfcVData* data) {
|
||||
@@ -191,7 +189,6 @@ void nfcv_emu_free(NfcVData* data) {
|
||||
}
|
||||
|
||||
void nfcv_emu_alloc(NfcVData* data) {
|
||||
|
||||
if(!data->emulation.nfcv_signal) {
|
||||
/* assuming max frame length is 255 bytes */
|
||||
data->emulation.nfcv_signal = digital_sequence_alloc(8 * 255 + 2, &gpio_spi_r_mosi);
|
||||
@@ -260,8 +257,7 @@ void nfcv_emu_alloc(NfcVData* data) {
|
||||
}
|
||||
|
||||
|
||||
void nfcv_emu_send_raw(NfcVData* nfcv, uint8_t* data, uint8_t length) {
|
||||
|
||||
static void nfcv_emu_send_raw(NfcVData* nfcv, uint8_t* data, uint8_t length) {
|
||||
digital_sequence_clear(nfcv->emulation.nfcv_signal);
|
||||
digital_sequence_add(nfcv->emulation.nfcv_signal, NFCV_SIG_SOF);
|
||||
|
||||
@@ -281,28 +277,22 @@ void nfcv_emu_send_raw(NfcVData* nfcv, uint8_t* data, uint8_t length) {
|
||||
furi_hal_gpio_write(&gpio_spi_r_mosi, false);
|
||||
}
|
||||
|
||||
void nfcv_emu_send(FuriHalNfcTxRxContext* tx_rx, NfcVData* nfcv, uint8_t* data, uint8_t length) {
|
||||
uint8_t buffer[64];
|
||||
static void nfcv_emu_send(FuriHalNfcTxRxContext* tx_rx, NfcVData* nfcv, uint8_t* data, uint8_t length) {
|
||||
|
||||
if(length + 2 > (uint8_t)sizeof(buffer)) {
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy(buffer, data, length);
|
||||
nfcv_crc(buffer, length, &buffer[length]);
|
||||
nfcv_emu_send_raw(nfcv, buffer, length + 2);
|
||||
nfcv_crc(data, length);
|
||||
nfcv_emu_send_raw(nfcv, data, length + 2);
|
||||
if(tx_rx->sniff_tx) {
|
||||
tx_rx->sniff_tx(buffer, (length + 2) * 8, false, tx_rx->sniff_context);
|
||||
tx_rx->sniff_tx(data, (length + 2) * 8, false, tx_rx->sniff_context);
|
||||
}
|
||||
}
|
||||
|
||||
void nfcv_uidcpy(uint8_t *dst, uint8_t *src) {
|
||||
static void nfcv_uidcpy(uint8_t *dst, uint8_t *src) {
|
||||
for(int pos = 0; pos < 8; pos++) {
|
||||
dst[pos] = src[7-pos];
|
||||
}
|
||||
}
|
||||
|
||||
int nfcv_uidcmp(uint8_t *dst, uint8_t *src) {
|
||||
static int nfcv_uidcmp(uint8_t *dst, uint8_t *src) {
|
||||
for(int pos = 0; pos < 8; pos++) {
|
||||
if(dst[pos] != src[7-pos]) {
|
||||
return 1;
|
||||
@@ -311,17 +301,7 @@ int nfcv_uidcmp(uint8_t *dst, uint8_t *src) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
uint32_t nfcv_read_le(uint8_t *data, uint32_t length) {
|
||||
uint32_t value = 0;
|
||||
|
||||
for(uint32_t pos = 0; pos < length; pos++) {
|
||||
value |= data[pos] << ((int)pos * 8);
|
||||
}
|
||||
|
||||
return value;
|
||||
}
|
||||
|
||||
uint32_t nfcv_read_be(uint8_t *data, uint32_t length) {
|
||||
static uint32_t nfcv_read_be(uint8_t *data, uint32_t length) {
|
||||
uint32_t value = 0;
|
||||
|
||||
for(uint32_t pos = 0; pos < length; pos++) {
|
||||
@@ -345,6 +325,7 @@ void nfcv_emu_handle_packet(FuriHalNfcTxRxContext* tx_rx, FuriHalNfcDevData* nfc
|
||||
uint8_t address_offset = 2 + (advanced ? 1 : 0);
|
||||
uint8_t payload_offset = address_offset + (addressed ? 8 : 0);
|
||||
uint8_t *address = &payload[address_offset];
|
||||
uint8_t response_buffer[32];
|
||||
|
||||
if(addressed && nfcv_uidcmp(address, nfc_data->uid)) {
|
||||
FURI_LOG_D(TAG, "addressed command 0x%02X, but not for us:", command);
|
||||
@@ -353,7 +334,6 @@ void nfcv_emu_handle_packet(FuriHalNfcTxRxContext* tx_rx, FuriHalNfcDevData* nfc
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t response_buffer[32];
|
||||
|
||||
switch(nfcv_data->type) {
|
||||
case NfcVTypeSlixL:
|
||||
@@ -511,7 +491,8 @@ void nfcv_emu_handle_packet(FuriHalNfcTxRxContext* tx_rx, FuriHalNfcDevData* nfc
|
||||
uint32_t pass_expect = nfcv_read_be(password, 4);
|
||||
uint32_t pass_received = nfcv_read_be(password_rcv, 4);
|
||||
|
||||
if(pass_expect == pass_received) {
|
||||
/* if the password is all-zeroes, just accept any password*/
|
||||
if(!pass_expect || pass_expect == pass_received) {
|
||||
nfcv_data->sub_data.slix_l.privacy = false;
|
||||
response_buffer[0] = ISO15693_NOERROR;
|
||||
nfcv_emu_send(tx_rx, nfcv_data, response_buffer, 1);
|
||||
|
||||
Reference in New Issue
Block a user