diff --git a/firmware/targets/f7/furi_hal/furi_hal_nfc.c b/firmware/targets/f7/furi_hal/furi_hal_nfc.c index e18fa3819..88b34aae9 100644 --- a/firmware/targets/f7/furi_hal/furi_hal_nfc.c +++ b/firmware/targets/f7/furi_hal/furi_hal_nfc.c @@ -602,49 +602,6 @@ static bool furi_hal_nfc_transparent_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_ return ret; } -static bool furi_hal_nfc_fully_transparent_raw_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_t timeout_ms) { - furi_assert(tx_rx); - - bool received = false; - - tx_rx->rx_bits = 0; - - if(tx_rx->tx_bits) { - nfca_trans_rx_pause(&tx_rx->nfca_trans_state); - furi_hal_gpio_write(&gpio_spi_r_mosi, false); - digital_sequence_send(tx_rx->nfca_signal->tx_signal); - furi_hal_gpio_write(&gpio_spi_r_mosi, false); - nfca_trans_rx_continue(&tx_rx->nfca_trans_state); - - if(tx_rx->sniff_tx) { - tx_rx->sniff_tx(tx_rx->tx_data, tx_rx->tx_bits, false, tx_rx->sniff_context); - } - } - - if(timeout_ms) { - tx_rx->nfca_trans_state.bits_received = 0; - received = nfca_trans_rx_loop(&tx_rx->nfca_trans_state, timeout_ms); - - if(received) { - if(tx_rx->nfca_trans_state.bits_received > 7) { - tx_rx->rx_bits = tx_rx->nfca_trans_state.bits_received/9 * 8; - for(size_t pos = 0; pos < tx_rx->rx_bits/8; pos++) { - tx_rx->rx_data[pos] = tx_rx->nfca_trans_state.frame_data[pos]; - } - } else { - tx_rx->rx_bits = tx_rx->nfca_trans_state.bits_received; - tx_rx->rx_data[0] = tx_rx->nfca_trans_state.frame_data[0] & ~(0xFF << tx_rx->rx_bits); - } - - if(tx_rx->sniff_rx) { - tx_rx->sniff_rx(tx_rx->rx_data, tx_rx->rx_bits, false, tx_rx->sniff_context); - } - } - } - - return received; -} - static bool furi_hal_nfc_fully_transparent_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_t timeout_ms) { furi_assert(tx_rx); @@ -786,12 +743,11 @@ void furi_hal_nfc_gen_bitstream(FuriHalNfcTxRxContext* tx_rx, uint8_t *buffer, s bool furi_hal_nfc_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_t timeout_ms) { furi_assert(tx_rx); - if(tx_rx->tx_rx_type == FuriHalNfcTxRxFullyRawTransparent) { - return furi_hal_nfc_fully_transparent_raw_tx_rx(tx_rx, timeout_ms); - } + /* send and receive data using transparent mode */ if(tx_rx->tx_rx_type == FuriHalNfcTxRxFullyTransparent) { return furi_hal_nfc_fully_transparent_tx_rx(tx_rx, timeout_ms); } + /* send data using transparent mode and receive data in standard mode */ if(tx_rx->tx_rx_type == FuriHalNfcTxRxTransparent) { return furi_hal_nfc_transparent_tx_rx(tx_rx, timeout_ms); } diff --git a/firmware/targets/furi_hal_include/furi_hal_nfc.h b/firmware/targets/furi_hal_include/furi_hal_nfc.h index 12ce91523..a43b76cf0 100644 --- a/firmware/targets/furi_hal_include/furi_hal_nfc.h +++ b/firmware/targets/furi_hal_include/furi_hal_nfc.h @@ -47,7 +47,6 @@ typedef enum { FuriHalNfcTxRxTypeRaw, FuriHalNfcTxRxTypeRxRaw, FuriHalNfcTxRxTransparent, - FuriHalNfcTxRxFullyRawTransparent, FuriHalNfcTxRxFullyTransparent } FuriHalNfcTxRxType; diff --git a/lib/nfc/nfc_worker.c b/lib/nfc/nfc_worker.c index e2c3d5229..03d8862d0 100644 --- a/lib/nfc/nfc_worker.c +++ b/lib/nfc/nfc_worker.c @@ -641,7 +641,7 @@ void nfc_worker_emulate_nfcv(NfcWorker* nfc_worker) { furi_delay_ms(0); } nfcv_emu_deinit(nfcv_data); - + if(furi_hal_rtc_is_flag_set(FuriHalRtcFlagDebug)) { reader_analyzer_stop(nfc_worker->reader_analyzer); } @@ -867,7 +867,37 @@ void nfc_worker_mf_classic_dict_attack(NfcWorker* nfc_worker) { } void nfc_worker_emulate_mf_classic(NfcWorker* nfc_worker) { + FuriHalNfcTxRxContext tx_rx = {}; + FuriHalNfcDevData* nfc_data = &nfc_worker->dev_data->nfc_data; + MfClassicEmulator emulator = { + .cuid = nfc_util_bytes2num(&nfc_data->uid[nfc_data->uid_len - 4], 4), + .data = nfc_worker->dev_data->mf_classic_data, + .data_changed = false, + }; + NfcaSignal* nfca_signal = nfca_signal_alloc(); + tx_rx.nfca_signal = nfca_signal; + rfal_platform_spi_acquire(); + + furi_hal_nfc_listen_start(nfc_data); + while(nfc_worker->state == NfcWorkerStateMfClassicEmulate) { + if(furi_hal_nfc_listen_rx(&tx_rx, 300)) { + mf_classic_emulator(&emulator, &tx_rx); + } + } + if(emulator.data_changed) { + nfc_worker->dev_data->mf_classic_data = emulator.data; + if(nfc_worker->callback) { + nfc_worker->callback(NfcWorkerEventSuccess, nfc_worker->context); + } + emulator.data_changed = false; + } + + nfca_signal_free(nfca_signal); +} + +/* software-defined variant of MFC emulation, seems to also struggle with frame errors etc */ +void nfc_worker_emulate_mf_classic_trans(NfcWorker* nfc_worker) { FuriHalNfcTxRxContext tx_rx = {}; FuriHalNfcDevData* nfc_data = &nfc_worker->dev_data->nfc_data; MfClassicEmulator emulator = { @@ -883,8 +913,10 @@ void nfc_worker_emulate_mf_classic(NfcWorker* nfc_worker) { furi_hal_nfc_listen_start(nfc_data); nfca_trans_rx_init(&tx_rx.nfca_trans_state); + /* we are usingthe fully transparent ISO14443-A mode */ tx_rx.tx_rx_type = FuriHalNfcTxRxFullyTransparent; + /* prepare some answers to save time */ uint8_t tx_buffer_aticoll[32]; memcpy(tx_buffer_aticoll, &nfc_data->uid, 4); nfca_append_crc16(tx_buffer_aticoll, 4); diff --git a/lib/nfc/protocols/nfcv.c b/lib/nfc/protocols/nfcv.c index 2d96b82d7..9557c28fa 100644 --- a/lib/nfc/protocols/nfcv.c +++ b/lib/nfc/protocols/nfcv.c @@ -150,14 +150,12 @@ bool nfcv_read_card( -void nfcv_crc(uint8_t* data, uint32_t length, uint8_t* out) { +void nfcv_crc(uint8_t* data, uint32_t length) { uint32_t reg = 0xFFFF; - uint32_t i = 0; - uint32_t j = 0; - for (i = 0; i < length; i++) { + for (size_t i = 0; i < length; i++) { reg = reg ^ ((uint32_t)data[i]); - for (j = 0; j < 8; j++) { + for (size_t j = 0; j < 8; j++) { if (reg & 0x0001) { reg = (reg >> 1) ^ 0x8408; } else { @@ -168,8 +166,8 @@ void nfcv_crc(uint8_t* data, uint32_t length, uint8_t* out) { uint16_t crc = ~(uint16_t)(reg & 0xffff); - out[0] = crc & 0xFF; - out[1] = crc >> 8; + data[length + 0] = crc & 0xFF; + data[length + 1] = crc >> 8; } void nfcv_emu_free(NfcVData* data) { @@ -191,7 +189,6 @@ void nfcv_emu_free(NfcVData* data) { } void nfcv_emu_alloc(NfcVData* data) { - if(!data->emulation.nfcv_signal) { /* assuming max frame length is 255 bytes */ data->emulation.nfcv_signal = digital_sequence_alloc(8 * 255 + 2, &gpio_spi_r_mosi); @@ -260,8 +257,7 @@ void nfcv_emu_alloc(NfcVData* data) { } -void nfcv_emu_send_raw(NfcVData* nfcv, uint8_t* data, uint8_t length) { - +static void nfcv_emu_send_raw(NfcVData* nfcv, uint8_t* data, uint8_t length) { digital_sequence_clear(nfcv->emulation.nfcv_signal); digital_sequence_add(nfcv->emulation.nfcv_signal, NFCV_SIG_SOF); @@ -281,28 +277,22 @@ void nfcv_emu_send_raw(NfcVData* nfcv, uint8_t* data, uint8_t length) { furi_hal_gpio_write(&gpio_spi_r_mosi, false); } -void nfcv_emu_send(FuriHalNfcTxRxContext* tx_rx, NfcVData* nfcv, uint8_t* data, uint8_t length) { - uint8_t buffer[64]; +static void nfcv_emu_send(FuriHalNfcTxRxContext* tx_rx, NfcVData* nfcv, uint8_t* data, uint8_t length) { - if(length + 2 > (uint8_t)sizeof(buffer)) { - return; - } - - memcpy(buffer, data, length); - nfcv_crc(buffer, length, &buffer[length]); - nfcv_emu_send_raw(nfcv, buffer, length + 2); + nfcv_crc(data, length); + nfcv_emu_send_raw(nfcv, data, length + 2); if(tx_rx->sniff_tx) { - tx_rx->sniff_tx(buffer, (length + 2) * 8, false, tx_rx->sniff_context); + tx_rx->sniff_tx(data, (length + 2) * 8, false, tx_rx->sniff_context); } } -void nfcv_uidcpy(uint8_t *dst, uint8_t *src) { +static void nfcv_uidcpy(uint8_t *dst, uint8_t *src) { for(int pos = 0; pos < 8; pos++) { dst[pos] = src[7-pos]; } } -int nfcv_uidcmp(uint8_t *dst, uint8_t *src) { +static int nfcv_uidcmp(uint8_t *dst, uint8_t *src) { for(int pos = 0; pos < 8; pos++) { if(dst[pos] != src[7-pos]) { return 1; @@ -311,17 +301,7 @@ int nfcv_uidcmp(uint8_t *dst, uint8_t *src) { return 0; } -uint32_t nfcv_read_le(uint8_t *data, uint32_t length) { - uint32_t value = 0; - - for(uint32_t pos = 0; pos < length; pos++) { - value |= data[pos] << ((int)pos * 8); - } - - return value; -} - -uint32_t nfcv_read_be(uint8_t *data, uint32_t length) { +static uint32_t nfcv_read_be(uint8_t *data, uint32_t length) { uint32_t value = 0; for(uint32_t pos = 0; pos < length; pos++) { @@ -345,6 +325,7 @@ void nfcv_emu_handle_packet(FuriHalNfcTxRxContext* tx_rx, FuriHalNfcDevData* nfc uint8_t address_offset = 2 + (advanced ? 1 : 0); uint8_t payload_offset = address_offset + (addressed ? 8 : 0); uint8_t *address = &payload[address_offset]; + uint8_t response_buffer[32]; if(addressed && nfcv_uidcmp(address, nfc_data->uid)) { FURI_LOG_D(TAG, "addressed command 0x%02X, but not for us:", command); @@ -353,7 +334,6 @@ void nfcv_emu_handle_packet(FuriHalNfcTxRxContext* tx_rx, FuriHalNfcDevData* nfc return; } - uint8_t response_buffer[32]; switch(nfcv_data->type) { case NfcVTypeSlixL: @@ -511,7 +491,8 @@ void nfcv_emu_handle_packet(FuriHalNfcTxRxContext* tx_rx, FuriHalNfcDevData* nfc uint32_t pass_expect = nfcv_read_be(password, 4); uint32_t pass_received = nfcv_read_be(password_rcv, 4); - if(pass_expect == pass_received) { + /* if the password is all-zeroes, just accept any password*/ + if(!pass_expect || pass_expect == pass_received) { nfcv_data->sub_data.slix_l.privacy = false; response_buffer[0] = ISO15693_NOERROR; nfcv_emu_send(tx_rx, nfcv_data, response_buffer, 1);