Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-05-09 05:49:09 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ofw_dev' into dev [ci skip]

Browse Source
This commit is contained in:
MX
2024-02-09 22:04:24 +03:00
parent 7ab888bb98 bcdb9cb13c
commit 5b97ddc842
44 changed files with 1698 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
applications/main/nfc/api/gallagher/gallagher_util.c Normal file
View File

@@ -0,0 +1,59 @@
/* gallagher_util.c - Utilities for parsing Gallagher cards (New Zealand).
* Author: Nick Mooney (nick@mooney.nz)
*
* Reference: https://github.com/megabug/gallagher-research
*/
#include "gallagher_util.h"
#define GALLAGHER_CREDENTIAL_SECTOR 15
/* The Gallagher obfuscation algorithm is a 256-byte substitution table. The below array is generated from
* https://github.com/megabug/gallagher-research/blob/master/formats/cardholder/substitution-table.bin.
*/
const uint8_t GALLAGHER_DECODE_TABLE[256] = {
0x2f, 0x6e, 0xdd, 0xdf, 0x1d, 0xf, 0xb0, 0x76, 0xad, 0xaf, 0x7f, 0xbb, 0x77, 0x85, 0x11,
0x6d, 0xf4, 0xd2, 0x84, 0x42, 0xeb, 0xf7, 0x34, 0x55, 0x4a, 0x3a, 0x10, 0x71, 0xe7, 0xa1,
0x62, 0x1a, 0x3e, 0x4c, 0x14, 0xd3, 0x5e, 0xb2, 0x7d, 0x56, 0xbc, 0x27, 0x82, 0x60, 0xe3,
0xae, 0x1f, 0x9b, 0xaa, 0x2b, 0x95, 0x49, 0x73, 0xe1, 0x92, 0x79, 0x91, 0x38, 0x6c, 0x19,
0xe, 0xa9, 0xe2, 0x8d, 0x66, 0xc7, 0x5a, 0xf5, 0x1c, 0x80, 0x99, 0xbe, 0x4e, 0x41, 0xf0,
0xe8, 0xa6, 0x20, 0xab, 0x87, 0xc8, 0x1e, 0xa0, 0x59, 0x7b, 0xc, 0xc3, 0x3c, 0x61, 0xcc,
0x40, 0x9e, 0x6, 0x52, 0x1b, 0x32, 0x8c, 0x12, 0x93, 0xbf, 0xef, 0x3b, 0x25, 0xd, 0xc2,
0x88, 0xd1, 0xe0, 0x7, 0x2d, 0x70, 0xc6, 0x29, 0x6a, 0x4d, 0x47, 0x26, 0xa3, 0xe4, 0x8b,
0xf6, 0x97, 0x2c, 0x5d, 0x3d, 0xd7, 0x96, 0x28, 0x2, 0x8, 0x30, 0xa7, 0x22, 0xc9, 0x65,
0xf8, 0xb7, 0xb4, 0x8a, 0xca, 0xb9, 0xf2, 0xd0, 0x17, 0xff, 0x46, 0xfb, 0x9a, 0xba, 0x8f,
0xb6, 0x69, 0x68, 0x8e, 0x21, 0x6f, 0xc4, 0xcb, 0xb3, 0xce, 0x51, 0xd4, 0x81, 0x0, 0x2e,
0x9c, 0x74, 0x63, 0x45, 0xd9, 0x16, 0x35, 0x5f, 0xed, 0x78, 0x9f, 0x1, 0x48, 0x4, 0xc1,
0x33, 0xd6, 0x4f, 0x94, 0xde, 0x31, 0x9d, 0xa, 0xac, 0x18, 0x4b, 0xcd, 0x98, 0xb8, 0x37,
0xa2, 0x83, 0xec, 0x3, 0xd8, 0xda, 0xe5, 0x7a, 0x6b, 0x53, 0xd5, 0x15, 0xa4, 0x43, 0xe9,
0x90, 0x67, 0x58, 0xc0, 0xa5, 0xfa, 0x2a, 0xb1, 0x75, 0x50, 0x39, 0x5c, 0xe6, 0xdc, 0x89,
0xfc, 0xcf, 0xfe, 0xf9, 0x57, 0x54, 0x64, 0xa8, 0xee, 0x23, 0xb, 0xf1, 0xea, 0xfd, 0xdb,
0xbd, 0x9, 0xb5, 0x5b, 0x5, 0x86, 0x13, 0xf3, 0x24, 0xc5, 0x3f, 0x44, 0x72, 0x7c, 0x7e,
0x36};
// The second block of a Gallagher credential sector is the literal
// "www.cardax.com " (note two padding spaces)
const uint8_t GALLAGHER_CARDAX_ASCII[MF_CLASSIC_BLOCK_SIZE] =
{'w', 'w', 'w', '.', 'c', 'a', 'r', 'd', 'a', 'x', '.', 'c', 'o', 'm', ' ', ' '};
/* Precondition: cardholder_data_obfuscated points to at least 8 safe-to-read bytes of memory.
*/
void gallagher_deobfuscate_and_parse_credential(
GallagherCredential* credential,
const uint8_t* cardholder_data_obfuscated) {
uint8_t cardholder_data_deobfuscated[8];
for(int i = 0; i < 8; i++) {
cardholder_data_deobfuscated[i] = GALLAGHER_DECODE_TABLE[cardholder_data_obfuscated[i]];
}
// Pull out values from the deobfuscated data
credential->region = (cardholder_data_deobfuscated[3] >> 1) & 0x0F;
credential->facility = ((uint16_t)(cardholder_data_deobfuscated[5] & 0x0F) << 12) +
((uint16_t)cardholder_data_deobfuscated[1] << 4) +
(((uint16_t)cardholder_data_deobfuscated[7] >> 4) & 0x0F);
credential->card = ((uint32_t)cardholder_data_deobfuscated[0] << 16) +
((uint32_t)(cardholder_data_deobfuscated[4] & 0x1F) << 11) +
((uint32_t)cardholder_data_deobfuscated[2] << 3) +
(((uint32_t)cardholder_data_deobfuscated[3] >> 5) & 0x07);
credential->issue = cardholder_data_deobfuscated[7] & 0x0F;
}

33
applications/main/nfc/api/gallagher/gallagher_util.h Normal file
View File

@@ -0,0 +1,33 @@
/* gallagher_util.h - Utilities for parsing Gallagher cards (New Zealand).
* Author: Nick Mooney (nick@mooney.nz)
*
* Reference: https://github.com/megabug/gallagher-research
*/
#pragma once
#include <lib/nfc/protocols/mf_classic/mf_classic.h>
#define GALLAGHER_CREDENTIAL_SECTOR 15
#ifdef __cplusplus
extern "C" {
#endif
extern const uint8_t GALLAGHER_DECODE_TABLE[256];
extern const uint8_t GALLAGHER_CARDAX_ASCII[MF_CLASSIC_BLOCK_SIZE];
typedef struct GallagherCredential {
uint8_t region;
uint8_t issue;
uint16_t facility;
uint32_t card;
} GallagherCredential;
void gallagher_deobfuscate_and_parse_credential(
GallagherCredential* credential,
const uint8_t* cardholder_data_obfuscated);
#ifdef __cplusplus
}
#endif

9
applications/main/nfc/api/nfc_app_api_interface.h Normal file
View File

@@ -0,0 +1,9 @@
#pragma once
#include <flipper_application/api_hashtable/api_hashtable.h>
/*
* Resolver interface with private application's symbols.
* Implementation is contained in app_api_table.c
*/
extern const ElfApiInterface* const nfc_application_api_interface;

27
applications/main/nfc/api/nfc_app_api_table.cpp Normal file
View File

@@ -0,0 +1,27 @@
#include <flipper_application/api_hashtable/api_hashtable.h>
#include <flipper_application/api_hashtable/compilesort.hpp>
/*
* This file contains an implementation of a symbol table
* with private app's symbols. It is used by composite API resolver
* to load plugins that use internal application's APIs.
*/
#include "nfc_app_api_table_i.h"
static_assert(!has_hash_collisions(nfc_app_api_table), "Detected API method hash collision!");
constexpr HashtableApiInterface nfc_application_hashtable_api_interface{
{
.api_version_major = 0,
.api_version_minor = 0,
/* generic resolver using pre-sorted array */
.resolver_callback = &elf_resolve_from_hashtable,
},
/* pointers to application's API table boundaries */
.table_cbegin = nfc_app_api_table.cbegin(),
.table_cend = nfc_app_api_table.cend(),
};
/* Casting to generic resolver to use in Composite API resolver */
extern "C" const ElfApiInterface* const nfc_application_api_interface =
&nfc_application_hashtable_api_interface;

13
applications/main/nfc/api/nfc_app_api_table_i.h Normal file
View File

@@ -0,0 +1,13 @@
#include "gallagher/gallagher_util.h"
/*
* A list of app's private functions and objects to expose for plugins.
* It is used to generate a table of symbols for import resolver to use.
* TBD: automatically generate this table from app's header files
*/
static constexpr auto nfc_app_api_table = sort(create_array_t<sym_entry>(
API_METHOD(
gallagher_deobfuscate_and_parse_credential,
void,
(GallagherCredential * credential, const uint8_t* cardholder_data_obfuscated)),
API_VARIABLE(GALLAGHER_CARDAX_ASCII, const uint8_t*)));

38
applications/main/nfc/application.fam
View File

@@ -9,7 +9,7 @@ App(
order=30,
resources="resources",
sources=[
"*.c",
"*.c*",
"!plugins",
"!nfc_cli.c",
],
@@ -29,6 +29,33 @@ App(
sources=["plugins/supported_cards/all_in_one.c"],
)
App(
appid="microel_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="microel_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/microel.c"],
)
App(
appid="mizip_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="mizip_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/mizip.c"],
)
App(
appid="hi_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="hi_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/hi.c"],
)
App(
appid="opal_parser",
apptype=FlipperAppType.PLUGIN,
@@ -155,6 +182,15 @@ App(
sources=["plugins/supported_cards/zolotaya_korona_online.c"],
)
App(
appid="gallagher_parser",
apptype=FlipperAppType.PLUGIN,
entry_point="gallagher_plugin_ep",
targets=["f7"],
requires=["nfc"],
sources=["plugins/supported_cards/gallagher.c"],
)
App(
appid="clipper_parser",
apptype=FlipperAppType.PLUGIN,

42
applications/main/nfc/helpers/nfc_supported_cards.c
View File

@@ -1,9 +1,11 @@
#include "nfc_supported_cards.h"
#include "../api/nfc_app_api_interface.h"
#include "../plugins/supported_cards/nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h>
#include <flipper_application/plugins/plugin_manager.h>
#include <flipper_application/plugins/composite_resolver.h>
#include <loader/firmware_api/firmware_api.h>
#include <furi.h>
@@ -45,6 +47,7 @@ typedef struct {
} NfcSupportedCardsLoadContext;
struct NfcSupportedCards {
CompositeApiResolver* api_resolver;
NfcSupportedCardsPluginCache_t plugins_cache_arr;
NfcSupportedCardsLoadState load_state;
NfcSupportedCardsLoadContext* load_context;
@@ -52,6 +55,11 @@ struct NfcSupportedCards {
NfcSupportedCards* nfc_supported_cards_alloc() {
NfcSupportedCards* instance = malloc(sizeof(NfcSupportedCards));
instance->api_resolver = composite_api_resolver_alloc();
composite_api_resolver_add(instance->api_resolver, firmware_api_interface);
composite_api_resolver_add(instance->api_resolver, nfc_application_api_interface);
NfcSupportedCardsPluginCache_init(instance->plugins_cache_arr);
return instance;
@@ -67,8 +75,9 @@ void nfc_supported_cards_free(NfcSupportedCards* instance) {
NfcSupportedCardsPluginCache* plugin_cache = NfcSupportedCardsPluginCache_ref(iter);
furi_string_free(plugin_cache->path);
}
NfcSupportedCardsPluginCache_clear(instance->plugins_cache_arr);
composite_api_resolver_free(instance->api_resolver);
free(instance);
}
@@ -100,15 +109,17 @@ static void nfc_supported_cards_load_context_free(NfcSupportedCardsLoadContext*
free(instance);
}
static const NfcSupportedCardsPlugin*
nfc_supported_cards_get_plugin(NfcSupportedCardsLoadContext* instance, FuriString* path) {
static const NfcSupportedCardsPlugin* nfc_supported_cards_get_plugin(
NfcSupportedCardsLoadContext* instance,
const FuriString* path,
const ElfApiInterface* api_interface) {
furi_assert(instance);
furi_assert(path);
const NfcSupportedCardsPlugin* plugin = NULL;
do {
if(instance->app) flipper_application_free(instance->app);
instance->app = flipper_application_alloc(instance->storage, firmware_api_interface);
instance->app = flipper_application_alloc(instance->storage, api_interface);
if(flipper_application_preload(instance->app, furi_string_get_cstr(path)) !=
FlipperApplicationPreloadStatusSuccess)
break;
@@ -129,8 +140,9 @@ static const NfcSupportedCardsPlugin*
return plugin;
}
static const NfcSupportedCardsPlugin*
nfc_supported_cards_get_next_plugin(NfcSupportedCardsLoadContext* instance) {
static const NfcSupportedCardsPlugin* nfc_supported_cards_get_next_plugin(
NfcSupportedCardsLoadContext* instance,
const ElfApiInterface* api_interface) {
const NfcSupportedCardsPlugin* plugin = NULL;
do {
@@ -145,7 +157,7 @@ static const NfcSupportedCardsPlugin*
path_concat(NFC_SUPPORTED_CARDS_PLUGINS_PATH, instance->file_name, instance->file_path);
plugin = nfc_supported_cards_get_plugin(instance, instance->file_path);
plugin = nfc_supported_cards_get_plugin(instance, instance->file_path, api_interface);
} while(plugin == NULL); //-V654
return plugin;
@@ -162,8 +174,10 @@ void nfc_supported_cards_load_cache(NfcSupportedCards* instance) {
instance->load_context = nfc_supported_cards_load_context_alloc();
while(true) {
const ElfApiInterface* api_interface =
composite_api_resolver_get(instance->api_resolver);
const NfcSupportedCardsPlugin* plugin =
nfc_supported_cards_get_next_plugin(instance->load_context);
nfc_supported_cards_get_next_plugin(instance->load_context, api_interface);
if(plugin == NULL) break; //-V547
NfcSupportedCardsPluginCache plugin_cache = {}; //-V779
@@ -216,8 +230,10 @@ bool nfc_supported_cards_read(NfcSupportedCards* instance, NfcDevice* device, Nf
if(plugin_cache->protocol != protocol) continue;
if((plugin_cache->feature & NfcSupportedCardsPluginFeatureHasRead) == 0) continue;
const NfcSupportedCardsPlugin* plugin =
nfc_supported_cards_get_plugin(instance->load_context, plugin_cache->path);
const ElfApiInterface* api_interface =
composite_api_resolver_get(instance->api_resolver);
const NfcSupportedCardsPlugin* plugin = nfc_supported_cards_get_plugin(
instance->load_context, plugin_cache->path, api_interface);
if(plugin == NULL) continue;
if(plugin->verify) {
@@ -262,8 +278,10 @@ bool nfc_supported_cards_parse(
if(plugin_cache->protocol != protocol) continue;
if((plugin_cache->feature & NfcSupportedCardsPluginFeatureHasParse) == 0) continue;
const NfcSupportedCardsPlugin* plugin =
nfc_supported_cards_get_plugin(instance->load_context, plugin_cache->path);
const ElfApiInterface* api_interface =
composite_api_resolver_get(instance->api_resolver);
const NfcSupportedCardsPlugin* plugin = nfc_supported_cards_get_plugin(
instance->load_context, plugin_cache->path, api_interface);
if(plugin == NULL) continue;
if(plugin->parse) {

3
applications/main/nfc/helpers/protocol_support/mf_classic/mf_classic.c
View File

@@ -199,6 +199,9 @@ static bool nfc_scene_read_menu_on_event_mf_classic(NfcApp* instance, SceneManag
} else if(event.event == SubmenuIndexDictAttack) {
scene_manager_next_scene(instance->scene_manager, NfcSceneMfClassicDictAttack);
consumed = true;
} else if(event.event == SubmenuIndexCommonEdit) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSetUid);
consumed = true;
}
}

11
applications/main/nfc/helpers/protocol_support/mf_ultralight/mf_ultralight.c
View File

@@ -266,16 +266,21 @@ static void nfc_scene_emulate_on_enter_mf_ultralight(NfcApp* instance) {
static bool nfc_scene_read_and_saved_menu_on_event_mf_ultralight(
NfcApp* instance,
SceneManagerEvent event) {
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == SubmenuIndexUnlock) {
scene_manager_next_scene(instance->scene_manager, NfcSceneMfUltralightUnlockMenu);
return true;
consumed = true;
} else if(event.event == SubmenuIndexWrite) {
scene_manager_next_scene(instance->scene_manager, NfcSceneMfUltralightWrite);
return true;
consumed = true;
} else if(event.event == SubmenuIndexCommonEdit) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSetUid);
consumed = true;
}
}
return false;
return consumed;
}
const NfcProtocolSupportBase nfc_protocol_support_mf_ultralight = {

9
applications/main/nfc/helpers/protocol_support/nfc_protocol_support.c
View File

@@ -233,6 +233,15 @@ static void nfc_protocol_support_scene_read_menu_on_enter(NfcApp* instance) {
nfc_protocol_support_common_submenu_callback,
instance);
if(scene_manager_has_previous_scene(instance->scene_manager, NfcSceneGenerateInfo)) {
submenu_add_item(
submenu,
"Change UID",
SubmenuIndexCommonEdit,
nfc_protocol_support_common_submenu_callback,
instance);
}
if(nfc_protocol_support_has_feature(protocol, NfcProtocolFeatureEmulateUid)) {
submenu_add_item(
submenu,

64
applications/main/nfc/helpers/slix_unlock.c Normal file
View File

@@ -0,0 +1,64 @@
#include "slix_unlock.h"
#include <furi/furi.h>
#define SLIX_UNLOCK_PASSWORD_NUM_MAX (2)
struct SlixUnlock {
SlixUnlockMethod method;
SlixPassword password_arr[SLIX_UNLOCK_PASSWORD_NUM_MAX];
size_t password_arr_len;
size_t password_idx;
};
static const SlixPassword tonie_box_pass_arr[] = {0x5B6EFD7F, 0x0F0F0F0F};
SlixUnlock* slix_unlock_alloc() {
SlixUnlock* instance = malloc(sizeof(SlixUnlock));
return instance;
}
void slix_unlock_free(SlixUnlock* instance) {
furi_assert(instance);
free(instance);
}
void slix_unlock_reset(SlixUnlock* instance) {
furi_assert(instance);
memset(instance, 0, sizeof(SlixUnlock));
}
void slix_unlock_set_method(SlixUnlock* instance, SlixUnlockMethod method) {
furi_assert(instance);
instance->method = method;
if(method == SlixUnlockMethodTonieBox) {
instance->password_arr_len = COUNT_OF(tonie_box_pass_arr);
memcpy(instance->password_arr, tonie_box_pass_arr, sizeof(tonie_box_pass_arr));
}
}
void slix_unlock_set_password(SlixUnlock* instance, SlixPassword password) {
furi_assert(instance);
furi_assert(instance->method == SlixUnlockMethodManual);
instance->password_arr[0] = password;
instance->password_arr_len = 1;
}
bool slix_unlock_get_next_password(SlixUnlock* instance, SlixPassword* password) {
furi_assert(instance);
furi_assert(password);
bool password_set = false;
if(instance->password_arr_len) {
*password = instance->password_arr[instance->password_idx++];
instance->password_idx %= instance->password_arr_len;
password_set = true;
}
return password_set;
}

30
applications/main/nfc/helpers/slix_unlock.h Normal file
View File

@@ -0,0 +1,30 @@
#pragma once
#include <nfc/protocols/slix/slix.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
SlixUnlockMethodManual,
SlixUnlockMethodTonieBox,
} SlixUnlockMethod;
typedef struct SlixUnlock SlixUnlock;
SlixUnlock* slix_unlock_alloc();
void slix_unlock_free(SlixUnlock* instance);
void slix_unlock_reset(SlixUnlock* instance);
void slix_unlock_set_method(SlixUnlock* instance, SlixUnlockMethod method);
void slix_unlock_set_password(SlixUnlock* instance, SlixPassword password);
bool slix_unlock_get_next_password(SlixUnlock* instance, SlixPassword* password);
#ifdef __cplusplus
}
#endif

2
applications/main/nfc/nfc_app.c
View File

@@ -51,6 +51,7 @@ NfcApp* nfc_app_alloc() {
instance->nfc = nfc_alloc();
instance->mf_ul_auth = mf_ultralight_auth_alloc();
instance->slix_unlock = slix_unlock_alloc();
instance->mfc_key_cache = mf_classic_key_cache_alloc();
instance->nfc_supported_cards = nfc_supported_cards_alloc();
@@ -141,6 +142,7 @@ void nfc_app_free(NfcApp* instance) {
nfc_free(instance->nfc);
mf_ultralight_auth_free(instance->mf_ul_auth);
slix_unlock_free(instance->slix_unlock);
mf_classic_key_cache_free(instance->mfc_key_cache);
nfc_supported_cards_free(instance->nfc_supported_cards);

2
applications/main/nfc/nfc_app_i.h
View File

@@ -33,6 +33,7 @@
#include "helpers/nfc_emv_parser.h"
#include "helpers/mf_classic_key_cache.h"
#include "helpers/nfc_supported_cards.h"
#include "helpers/slix_unlock.h"
#include <dialogs/dialogs.h>
#include <storage/storage.h>
@@ -130,6 +131,7 @@ struct NfcApp {
NfcListener* listener;
MfUltralightAuth* mf_ul_auth;
SlixUnlock* slix_unlock;
NfcMfClassicDictAttackContext nfc_dict_context;
Mfkey32Logger* mfkey32_logger;
MfUserDict* mf_user_dict;

87
applications/main/nfc/plugins/supported_cards/gallagher.c Normal file
View File

@@ -0,0 +1,87 @@
/* gallagher.c - NFC supported cards plugin for Gallagher access control cards (New Zealand).
* Author: Nick Mooney (nick@mooney.nz)
*
* Reference: https://github.com/megabug/gallagher-research
*/
#include "nfc_supported_card_plugin.h"
#include "../../api/gallagher/gallagher_util.h"
#include <flipper_application/flipper_application.h>
#include <nfc/protocols/mf_classic/mf_classic.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <nfc/helpers/nfc_util.h>
static bool gallagher_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
if(!(data->type == MfClassicType1k || data->type == MfClassicType4k)) {
return false;
}
// It's possible for a single tag to contain multiple credentials,
// but this is currently unimplementecd.
const uint8_t credential_sector_start_block_number =
mf_classic_get_first_block_num_of_sector(GALLAGHER_CREDENTIAL_SECTOR);
// Test 1: The first 8 bytes and the second 8 bytes should be bitwise inverses.
const uint8_t* credential_block_start_ptr =
&data->block[credential_sector_start_block_number].data[0];
uint64_t cardholder_credential = nfc_util_bytes2num(credential_block_start_ptr, 8);
uint64_t cardholder_credential_inverse = nfc_util_bytes2num(credential_block_start_ptr + 8, 8);
// Due to endianness, this is testing the bytes in the wrong order,
// but the result still should be correct.
if(cardholder_credential != ~cardholder_credential_inverse) {
return false;
}
// Test 2: The contents of the second block should be equal to the GALLAGHER_CARDAX_ASCII constant.
const uint8_t* cardax_block_start_ptr =
&data->block[credential_sector_start_block_number + 1].data[0];
if(memcmp(cardax_block_start_ptr, GALLAGHER_CARDAX_ASCII, MF_CLASSIC_BLOCK_SIZE) != 0) {
return false;
}
// Deobfuscate the credential data
GallagherCredential credential;
gallagher_deobfuscate_and_parse_credential(&credential, credential_block_start_ptr);
char display_region = 'A';
// Per https://github.com/megabug/gallagher-research/blob/master/formats/cardholder/cardholder.md,
// regions are generally A-P.
if(credential.region < 16) {
display_region = display_region + (char)credential.region;
} else {
display_region = '?';
}
furi_string_cat_printf(
parsed_data,
"\e#Gallagher NZ\nFacility %c%u\nCard %lu (IL %u)",
display_region,
credential.facility,
credential.card,
credential.issue);
return true;
}
static const NfcSupportedCardsPlugin gallagher_plugin = {
.protocol = NfcProtocolMfClassic,
.verify = NULL,
.read = NULL,
.parse = gallagher_parse,
};
static const FlipperAppPluginDescriptor gallagher_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &gallagher_plugin,
};
/* Plugin entry point */
const FlipperAppPluginDescriptor* gallagher_plugin_ep() {
return &gallagher_plugin_descriptor;
}

226
applications/main/nfc/plugins/supported_cards/hi.c Normal file
View File

@@ -0,0 +1,226 @@
#include "nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h>
#include <nfc/nfc_device.h>
#include <nfc/helpers/nfc_util.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <stdint.h>
#define TAG "HI!"
#define KEY_LENGTH 6
#define HI_KEY_TO_GEN 5
#define UID_LENGTH 7
typedef struct {
uint64_t a;
uint64_t b;
} MfClassicKeyPair;
typedef struct {
MfClassicKeyPair* keys;
uint32_t verify_sector;
} HiCardConfig;
static MfClassicKeyPair hi_1k_keys[] = {
{.a = 0xa0a1a2a3a4a5, .b = 0x30871CF60CF1}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0x000000000000, .b = 0x000000000000}, // 002
{.a = 0x000000000000, .b = 0x000000000000}, // 003
{.a = 0x000000000000, .b = 0x000000000000}, // 004
{.a = 0x42FFE4C76209, .b = 0x7B30CFD04CBD}, // 005
{.a = 0x01ED8145BDF8, .b = 0x92257F472FCE}, // 006
{.a = 0x7583A07D21A6, .b = 0x51CA6EA8EE26}, // 007
{.a = 0x1E10BF5D6A1D, .b = 0x87B9B9BFABA6}, // 008
{.a = 0xF9DB1B2B21BA, .b = 0x80A781F4134C}, // 009
{.a = 0x7F5283FACB72, .b = 0x73250009D75A}, // 010
{.a = 0xE48E86A03078, .b = 0xCFFBBF08A254}, // 011
{.a = 0x39AB26301F60, .b = 0xC71A6E532C83}, // 012
{.a = 0xAD656C6C639F, .b = 0xFD9819CBD20A}, // 013
{.a = 0xF0E15160DB3E, .b = 0x3F622D515ADD}, // 014
{.a = 0x03F44E033C42, .b = 0x61E897875F46}, // 015
};
//KDF
void hi_generate_key(uint8_t* uid, uint8_t keyA[5][KEY_LENGTH], uint8_t keyB[5][KEY_LENGTH]) {
// Static XOR table for key generation
static const uint8_t xor_table_keyB[4][6] = {
{0x1F, 0xC4, 0x4D, 0x94, 0x6A, 0x31},
{0x12, 0xC1, 0x5C, 0x70, 0xDF, 0x31},
{0x56, 0xF0, 0x13, 0x1B, 0x63, 0xF2},
{0x4E, 0xFA, 0xC2, 0xF8, 0xC9, 0xCC}};
static const uint8_t xor_table_keyA[4][6] = {
{0xB6, 0xE6, 0xAE, 0x72, 0x91, 0x0D},
{0x6D, 0x38, 0x50, 0xFB, 0x42, 0x89},
{0x1E, 0x5F, 0xC7, 0xED, 0xAA, 0x02},
{0x7E, 0xB9, 0xCA, 0xF1, 0x9C, 0x59}};
// Permutation table for rearranging elements in uid
static const uint8_t xorOrderA[6] = {0, 1, 2, 3, 0, 2};
static const uint8_t xorOrderB[6] = {1, 3, 3, 2, 1, 0};
// Generate key based on uid and XOR table
for(uint8_t j = 1; j < 5; j++) {
for(uint8_t i = 0; i < 6; i++) {
keyA[j][i] = uid[xorOrderA[i]] ^ xor_table_keyA[j - 1][i];
keyB[j][i] = uid[xorOrderB[i]] ^ xor_table_keyB[j - 1][i];
}
}
}
static bool hi_get_card_config(HiCardConfig* config, MfClassicType type) {
bool success = true;
if(type == MfClassicType1k) {
config->verify_sector = 0;
config->keys = hi_1k_keys;
} else {
success = false;
}
return success;
}
static bool hi_verify_type(Nfc* nfc, MfClassicType type) {
bool verified = false;
do {
HiCardConfig cfg = {};
if(!hi_get_card_config(&cfg, type)) break;
const uint8_t block_num = mf_classic_get_first_block_num_of_sector(cfg.verify_sector);
FURI_LOG_D(TAG, "Verifying sector %lu", cfg.verify_sector);
MfClassicKey key = {0};
nfc_util_num2bytes(cfg.keys[cfg.verify_sector].b, COUNT_OF(key.data), key.data);
MfClassicAuthContext auth_context;
MfClassicError error =
mf_classic_poller_sync_auth(nfc, block_num, &key, MfClassicKeyTypeB, &auth_context);
if(error != MfClassicErrorNone) {
FURI_LOG_D(
TAG, "Failed to read block %u: %d, this is not a HI card", block_num, error);
break;
}
FURI_LOG_D(TAG, "Found a HI Card");
verified = true;
} while(false);
return verified;
}
static bool hi_verify(Nfc* nfc) {
return hi_verify_type(nfc, MfClassicType1k);
}
static bool hi_read(Nfc* nfc, NfcDevice* device) {
FURI_LOG_D(TAG, "Entering HI KDF");
furi_assert(nfc);
furi_assert(device);
bool is_read = false;
MfClassicData* data = mf_classic_alloc();
nfc_device_copy_data(device, NfcProtocolMfClassic, data);
do {
MfClassicType type = MfClassicType1k;
MfClassicError error = mf_classic_poller_sync_detect_type(nfc, &type);
if(error != MfClassicErrorNone) break;
HiCardConfig cfg = {};
if(!hi_get_card_config(&cfg, data->type)) break;
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
uint8_t keyA[HI_KEY_TO_GEN][KEY_LENGTH];
uint8_t keyB[HI_KEY_TO_GEN][KEY_LENGTH];
hi_generate_key(uid, keyA, keyB);
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
if(cfg.keys[i].a == 0x000000000000 && cfg.keys[i].b == 0x000000000000) {
cfg.keys[i].a = nfc_util_bytes2num(keyA[i], KEY_LENGTH);
cfg.keys[i].b = nfc_util_bytes2num(keyB[i], KEY_LENGTH);
}
}
MfClassicDeviceKeys keys = {};
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
nfc_util_num2bytes(cfg.keys[i].a, sizeof(MfClassicKey), keys.key_a[i].data);
FURI_BIT_SET(keys.key_a_mask, i);
nfc_util_num2bytes(cfg.keys[i].b, sizeof(MfClassicKey), keys.key_b[i].data);
FURI_BIT_SET(keys.key_b_mask, i);
}
error = mf_classic_poller_sync_read(nfc, &keys, data);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "Failed to read data");
break;
}
nfc_device_set_data(device, NfcProtocolMfClassic, data);
is_read = mf_classic_is_card_read(data);
} while(false);
mf_classic_free(data);
return is_read;
}
static bool hi_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
bool parsed = false;
do {
// Verify card type
HiCardConfig cfg = {};
if(!hi_get_card_config(&cfg, data->type)) break;
// Verify key
MfClassicSectorTrailer* sec_tr =
mf_classic_get_sector_trailer_by_sector(data, cfg.verify_sector);
uint64_t key = nfc_util_bytes2num(sec_tr->key_b.data, 6);
if(key != cfg.keys[cfg.verify_sector].b) return false;
//Get UID
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
//parse data
furi_string_cat_printf(parsed_data, "\e#HI! Card\n");
furi_string_cat_printf(parsed_data, "UID:");
for(size_t i = 0; i < UID_LENGTH; i++) {
furi_string_cat_printf(parsed_data, " %02X", uid[i]);
}
furi_string_cat_printf(parsed_data, "\n");
parsed = true;
} while(false);
return parsed;
}
/* Actual implementation of app<>plugin interface */
static const NfcSupportedCardsPlugin hi_plugin = {
.protocol = NfcProtocolMfClassic,
.verify = hi_verify,
.read = hi_read,
.parse = hi_parse,
};
/* Plugin descriptor to comply with basic plugin specification */
static const FlipperAppPluginDescriptor hi_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &hi_plugin,
};
/* Plugin entry point - must return a pointer to const descriptor */
const FlipperAppPluginDescriptor* hi_plugin_ep() {
return &hi_plugin_descriptor;
}

228
applications/main/nfc/plugins/supported_cards/microel.c Normal file
View File

@@ -0,0 +1,228 @@
#include "nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h>
#include <nfc/nfc_device.h>
#include <nfc/helpers/nfc_util.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <stdint.h>
#define TAG "Microel"
#define KEY_LENGTH 6
#define UID_LENGTH 4
typedef struct {
uint64_t a;
uint64_t b;
} MfClassicKeyPair;
static MfClassicKeyPair microel_1k_keys[] = {
{.a = 0x000000000000, .b = 0x000000000000}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 002
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 003
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 004
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 005
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 006
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 007
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 008
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 009
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 010
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 011
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 012
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 013
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 014
{.a = 0xffffffffffff, .b = 0xffffffffffff}, // 015
};
const uint8_t verify_sector = 1;
void calculateSumHex(const uint8_t* uid, size_t uidSize, uint8_t sumHex[]) {
const uint8_t xorKey[] = {0x01, 0x92, 0xA7, 0x75, 0x2B, 0xF9};
int sum = 0;
for(size_t i = 0; i < uidSize; i++) {
sum += uid[i];
}
int sumTwoDigits = sum % 256;
if(sumTwoDigits % 2 == 1) {
sumTwoDigits += 2;
}
for(size_t i = 0; i < sizeof(xorKey); i++) {
sumHex[i] = sumTwoDigits ^ xorKey[i];
}
}
void generateKeyA(const uint8_t* uid, uint8_t uidSize, uint8_t keyA[]) {
uint8_t sumHex[6];
calculateSumHex(uid, uidSize, sumHex);
uint8_t firstCharacter = (sumHex[0] >> 4) & 0xF;
if(firstCharacter == 0x2 || firstCharacter == 0x3 || firstCharacter == 0xA ||
firstCharacter == 0xB) {
// XOR WITH 0x40
for(size_t i = 0; i < sizeof(sumHex); i++) {
keyA[i] = 0x40 ^ sumHex[i];
}
} else if(
firstCharacter == 0x6 || firstCharacter == 0x7 || firstCharacter == 0xE ||
firstCharacter == 0xF) {
// XOR WITH 0xC0
for(size_t i = 0; i < sizeof(sumHex); i++) {
keyA[i] = 0xC0 ^ sumHex[i];
}
} else {
//Key a is the same as sumHex
for(size_t i = 0; i < sizeof(sumHex); i++) {
keyA[i] = sumHex[i];
}
}
}
void generateKeyB(uint8_t keyA[], size_t keyASize, uint8_t keyB[]) {
for(size_t i = 0; i < keyASize; i++) {
keyB[i] = 0xFF ^ keyA[i];
}
}
static bool microel_read(Nfc* nfc, NfcDevice* device) {
FURI_LOG_D(TAG, "Entering Microel KDF");
furi_assert(nfc);
furi_assert(device);
bool is_read = false;
MfClassicData* data = mf_classic_alloc();
nfc_device_copy_data(device, NfcProtocolMfClassic, data);
do {
MfClassicType type = MfClassicType1k;
MfClassicError error = mf_classic_poller_sync_detect_type(nfc, &type);
if(error != MfClassicErrorNone) break;
//Get UID and check if it is 4 bytes
size_t uid_len;
const uint8_t* uid = mf_classic_get_uid(data, &uid_len);
FURI_LOG_D(TAG, "UID identified: %02X%02X%02X%02X", uid[0], uid[1], uid[2], uid[3]);
if(uid_len != UID_LENGTH) break;
// Generate keys
uint8_t keyA[KEY_LENGTH];
uint8_t keyB[KEY_LENGTH];
generateKeyA(uid, UID_LENGTH, keyA);
generateKeyB(keyA, KEY_LENGTH, keyB);
// Check key 0a to verify if it is a microel card
MfClassicKey key = {0};
nfc_util_num2bytes(nfc_util_bytes2num(keyA, KEY_LENGTH), COUNT_OF(key.data), key.data);
const uint8_t block_num = mf_classic_get_first_block_num_of_sector(0); // This is 0
MfClassicAuthContext auth_context;
error =
mf_classic_poller_sync_auth(nfc, block_num, &key, MfClassicKeyTypeA, &auth_context);
if(error != MfClassicErrorNone) {
break;
}
// Save keys generated to stucture
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
if(microel_1k_keys[i].a == 0x000000000000) {
microel_1k_keys[i].a = nfc_util_bytes2num(keyA, KEY_LENGTH);
}
if(microel_1k_keys[i].b == 0x000000000000) {
microel_1k_keys[i].b = nfc_util_bytes2num(keyB, KEY_LENGTH);
}
}
MfClassicDeviceKeys keys = {};
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
nfc_util_num2bytes(microel_1k_keys[i].a, sizeof(MfClassicKey), keys.key_a[i].data);
FURI_BIT_SET(keys.key_a_mask, i);
nfc_util_num2bytes(microel_1k_keys[i].b, sizeof(MfClassicKey), keys.key_b[i].data);
FURI_BIT_SET(keys.key_b_mask, i);
}
error = mf_classic_poller_sync_read(nfc, &keys, data);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "Failed to read data");
break;
}
nfc_device_set_data(device, NfcProtocolMfClassic, data);
is_read = mf_classic_is_card_read(data);
} while(false);
mf_classic_free(data);
return is_read;
}
static bool microel_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
bool parsed = false;
do {
//Get UID
size_t uid_len;
const uint8_t* uid = mf_classic_get_uid(data, &uid_len);
if(uid_len != UID_LENGTH) break;
// Generate key from uid
uint8_t keyA[KEY_LENGTH];
generateKeyA(uid, UID_LENGTH, keyA);
// Verify key
MfClassicSectorTrailer* sec_tr =
mf_classic_get_sector_trailer_by_sector(data, verify_sector);
uint64_t key = nfc_util_bytes2num(sec_tr->key_a.data, 6);
uint64_t key_for_check_from_array = nfc_util_bytes2num(keyA, KEY_LENGTH);
if(key != key_for_check_from_array) break;
//Get credit in block number 8
const uint8_t* temp_ptr = data->block[4].data;
uint16_t balance = (temp_ptr[6] << 8) | (temp_ptr[5]);
uint16_t previus_balance = (data->block[5].data[6] << 8) | (data->block[5].data[5]);
furi_string_cat_printf(parsed_data, "\e#Microel Card\n");
furi_string_cat_printf(parsed_data, "UID:");
for(size_t i = 0; i < UID_LENGTH; i++) {
furi_string_cat_printf(parsed_data, " %02X", uid[i]);
}
furi_string_cat_printf(
parsed_data, "\nCurrent Credit: %d.%02d E \n", balance / 100, balance % 100);
furi_string_cat_printf(
parsed_data,
"Previus Credit: %d.%02d E \n",
previus_balance / 100,
previus_balance % 100);
parsed = true;
} while(false);
return parsed;
}
/* Actual implementation of app<>plugin interface */
static const NfcSupportedCardsPlugin microel_plugin = {
.protocol = NfcProtocolMfClassic,
.verify =
NULL, // the verification I need is based on verifying the keys generated via uid and try to authenticate not like on mizip that there is default b0 but added verify in read function
.read = microel_read,
.parse = microel_parse,
};
/* Plugin descriptor to comply with basic plugin specification */
static const FlipperAppPluginDescriptor microel_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &microel_plugin,
};
/* Plugin entry point - must return a pointer to const descriptor */
const FlipperAppPluginDescriptor* microel_plugin_ep() {
return &microel_plugin_descriptor;
}

257
applications/main/nfc/plugins/supported_cards/mizip.c Normal file
View File

@@ -0,0 +1,257 @@
#include "nfc_supported_card_plugin.h"
#include <flipper_application/flipper_application.h>
#include <nfc/nfc_device.h>
#include <nfc/helpers/nfc_util.h>
#include <nfc/protocols/mf_classic/mf_classic_poller_sync.h>
#include <stdint.h>
#define TAG "MiZIP"
#define KEY_LENGTH 6
#define MIZIP_KEY_TO_GEN 5
#define UID_LENGTH 4
typedef struct {
uint64_t a;
uint64_t b;
} MfClassicKeyPair;
typedef struct {
MfClassicKeyPair* keys;
uint32_t verify_sector;
} MizipCardConfig;
static MfClassicKeyPair mizip_1k_keys[] = {
{.a = 0xa0a1a2a3a4a5, .b = 0xb4c132439eef}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0x000000000000, .b = 0x000000000000}, // 002
{.a = 0x000000000000, .b = 0x000000000000}, // 003
{.a = 0x000000000000, .b = 0x000000000000}, // 004
{.a = 0x0222179AB995, .b = 0x13321774F9B5}, // 005
{.a = 0xB25CBD76A7B4, .b = 0x7571359B4274}, // 006
{.a = 0xDA857B4907CC, .b = 0xD26B856175F7}, // 007
{.a = 0x16D85830C443, .b = 0x8F790871A21E}, // 008
{.a = 0x88BD5098FC82, .b = 0xFCD0D77745E4}, // 009
{.a = 0x983349449D78, .b = 0xEA2631FBDEDD}, // 010
{.a = 0xC599F962F3D9, .b = 0x949B70C14845}, // 011
{.a = 0x72E668846BE8, .b = 0x45490B5AD707}, // 012
{.a = 0xBCA105E5685E, .b = 0x248DAF9D674D}, // 013
{.a = 0x4F6FE072D1FD, .b = 0x4250A05575FA}, // 014
{.a = 0x56438ABE8152, .b = 0x59A45912B311}, // 015
};
static MfClassicKeyPair mizip_mini_keys[] = {
{.a = 0xa0a1a2a3a4a5, .b = 0xb4c132439eef}, // 000
{.a = 0x000000000000, .b = 0x000000000000}, // 001
{.a = 0x000000000000, .b = 0x000000000000}, // 002
{.a = 0x000000000000, .b = 0x000000000000}, // 003
{.a = 0x000000000000, .b = 0x000000000000}, // 004
};
//KDF
void mizip_generate_key(uint8_t* uid, uint8_t keyA[5][KEY_LENGTH], uint8_t keyB[5][KEY_LENGTH]) {
// Static XOR table for key generation
static const uint8_t xor_table_keyA[4][6] = {
{0x09, 0x12, 0x5A, 0x25, 0x89, 0xE5},
{0xAB, 0x75, 0xC9, 0x37, 0x92, 0x2F},
{0xE2, 0x72, 0x41, 0xAF, 0x2C, 0x09},
{0x31, 0x7A, 0xB7, 0x2F, 0x44, 0x90}};
static const uint8_t xor_table_keyB[4][6] = {
{0xF1, 0x2C, 0x84, 0x53, 0xD8, 0x21},
{0x73, 0xE7, 0x99, 0xFE, 0x32, 0x41},
{0xAA, 0x4D, 0x13, 0x76, 0x56, 0xAE},
{0xB0, 0x13, 0x27, 0x27, 0x2D, 0xFD}};
// Permutation table for rearranging elements in uid
static const uint8_t xorOrderA[6] = {0, 1, 2, 3, 0, 1};
static const uint8_t xorOrderB[6] = {2, 3, 0, 1, 2, 3};
// Generate key based on uid and XOR table
for(uint8_t j = 1; j < 5; j++) {
for(uint8_t i = 0; i < 6; i++) {
keyA[j][i] = uid[xorOrderA[i]] ^ xor_table_keyA[j - 1][i];
keyB[j][i] = uid[xorOrderB[i]] ^ xor_table_keyB[j - 1][i];
}
}
}
static bool mizip_get_card_config(MizipCardConfig* config, MfClassicType type) {
bool success = true;
if(type == MfClassicType1k) {
config->verify_sector = 0;
config->keys = mizip_1k_keys;
} else if(type == MfClassicTypeMini) {
config->verify_sector = 0;
config->keys = mizip_mini_keys;
} else {
success = false;
}
return success;
}
static bool mizip_verify_type(Nfc* nfc, MfClassicType type) {
bool verified = false;
do {
MizipCardConfig cfg = {};
if(!mizip_get_card_config(&cfg, type)) break;
const uint8_t block_num = mf_classic_get_first_block_num_of_sector(cfg.verify_sector);
FURI_LOG_D(TAG, "Verifying sector %lu", cfg.verify_sector);
MfClassicKey key = {0};
nfc_util_num2bytes(cfg.keys[cfg.verify_sector].b, COUNT_OF(key.data), key.data);
MfClassicAuthContext auth_context;
MfClassicError error =
mf_classic_poller_sync_auth(nfc, block_num, &key, MfClassicKeyTypeB, &auth_context);
if(error != MfClassicErrorNone) {
FURI_LOG_D(
TAG, "Failed to read block %u: %d, this is not a MiZIP card", block_num, error);
break;
}
FURI_LOG_D(TAG, "Found a MiZIP Card");
verified = true;
} while(false);
return verified;
}
static bool mizip_verify(Nfc* nfc) {
return mizip_verify_type(nfc, MfClassicType1k) || mizip_verify_type(nfc, MfClassicTypeMini);
}
static bool mizip_read(Nfc* nfc, NfcDevice* device) {
FURI_LOG_D(TAG, "Entering MiZIP KDF");
furi_assert(nfc);
furi_assert(device);
bool is_read = false;
MfClassicData* data = mf_classic_alloc();
nfc_device_copy_data(device, NfcProtocolMfClassic, data);
do {
MfClassicType type = MfClassicTypeMini;
MfClassicError error = mf_classic_poller_sync_detect_type(nfc, &type);
if(error != MfClassicErrorNone) break;
//temp fix but fix mf_classic_poller_sync_detect_type because view type mfclassic1k and not verify mfmini
data->type = MfClassicTypeMini;
MizipCardConfig cfg = {};
if(!mizip_get_card_config(&cfg, data->type)) break;
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
uint8_t keyA[MIZIP_KEY_TO_GEN][KEY_LENGTH];
uint8_t keyB[MIZIP_KEY_TO_GEN][KEY_LENGTH];
mizip_generate_key(uid, keyA, keyB);
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
if(cfg.keys[i].a == 0x000000000000 && cfg.keys[i].b == 0x000000000000) {
cfg.keys[i].a = nfc_util_bytes2num(keyA[i], KEY_LENGTH);
cfg.keys[i].b = nfc_util_bytes2num(keyB[i], KEY_LENGTH);
}
}
MfClassicDeviceKeys keys = {};
for(size_t i = 0; i < mf_classic_get_total_sectors_num(data->type); i++) {
nfc_util_num2bytes(cfg.keys[i].a, sizeof(MfClassicKey), keys.key_a[i].data);
FURI_BIT_SET(keys.key_a_mask, i);
nfc_util_num2bytes(cfg.keys[i].b, sizeof(MfClassicKey), keys.key_b[i].data);
FURI_BIT_SET(keys.key_b_mask, i);
}
error = mf_classic_poller_sync_read(nfc, &keys, data);
if(error != MfClassicErrorNone) {
FURI_LOG_W(TAG, "Failed to read data");
break;
}
nfc_device_set_data(device, NfcProtocolMfClassic, data);
is_read = mf_classic_is_card_read(data);
} while(false);
mf_classic_free(data);
return is_read;
}
static bool mizip_parse(const NfcDevice* device, FuriString* parsed_data) {
furi_assert(device);
furi_assert(parsed_data);
const MfClassicData* data = nfc_device_get_data(device, NfcProtocolMfClassic);
bool parsed = false;
do {
// Verify card type
MizipCardConfig cfg = {};
if(!mizip_get_card_config(&cfg, data->type)) break;
// Verify key
MfClassicSectorTrailer* sec_tr =
mf_classic_get_sector_trailer_by_sector(data, cfg.verify_sector);
uint64_t key = nfc_util_bytes2num(sec_tr->key_b.data, 6);
if(key != cfg.keys[cfg.verify_sector].b) return false;
//Get UID
uint8_t uid[UID_LENGTH];
memcpy(uid, data->iso14443_3a_data->uid, UID_LENGTH);
//Get credit
uint8_t credit_pointer = 0x08;
uint8_t previus_credit_pointer = 0x09;
if(data->block[10].data[0] == 0x55) {
credit_pointer = 0x09;
previus_credit_pointer = 0x08;
}
uint16_t balance = (data->block[credit_pointer].data[2] << 8) |
(data->block[credit_pointer].data[1]);
uint16_t previus_balance = (data->block[previus_credit_pointer].data[2] << 8) |
(data->block[previus_credit_pointer].data[1]);
//parse data
furi_string_cat_printf(parsed_data, "\e#MiZIP Card\n");
furi_string_cat_printf(parsed_data, "UID:");
for(size_t i = 0; i < UID_LENGTH; i++) {
furi_string_cat_printf(parsed_data, " %02X", uid[i]);
}
furi_string_cat_printf(
parsed_data, "\nCurrent Credit: %d.%02d E \n", balance / 100, balance % 100);
furi_string_cat_printf(
parsed_data,
"Previus Credit: %d.%02d E \n",
previus_balance / 100,
previus_balance % 100);
parsed = true;
} while(false);
return parsed;
}
/* Actual implementation of app<>plugin interface */
static const NfcSupportedCardsPlugin mizip_plugin = {
.protocol = NfcProtocolMfClassic,
.verify = mizip_verify,
.read = mizip_read,
.parse = mizip_parse,
};
/* Plugin descriptor to comply with basic plugin specification */
static const FlipperAppPluginDescriptor mizip_plugin_descriptor = {
.appid = NFC_SUPPORTED_CARD_PLUGIN_APP_ID,
.ep_api_version = NFC_SUPPORTED_CARD_PLUGIN_API_VERSION,
.entry_point = &mizip_plugin,
};
/* Plugin entry point - must return a pointer to const descriptor */
const FlipperAppPluginDescriptor* mizip_plugin_ep() {
return &mizip_plugin_descriptor;
}

5
applications/main/nfc/scenes/nfc_scene_config.h
View File

@@ -61,4 +61,9 @@ ADD_SCENE(nfc, set_sak, SetSak)
ADD_SCENE(nfc, set_atqa, SetAtqa)
ADD_SCENE(nfc, set_uid, SetUid)
ADD_SCENE(nfc, slix_unlock_menu, SlixUnlockMenu)
ADD_SCENE(nfc, slix_key_input, SlixKeyInput)
ADD_SCENE(nfc, slix_unlock, SlixUnlock)
ADD_SCENE(nfc, slix_unlock_success, SlixUnlockSuccess)
ADD_SCENE(nfc, generate_info, GenerateInfo)

10
applications/main/nfc/scenes/nfc_scene_extra_actions.c
View File

@@ -4,6 +4,7 @@ enum SubmenuIndex {
SubmenuIndexReadCardType,
SubmenuIndexMfClassicKeys,
SubmenuIndexMfUltralightUnlock,
SubmenuIndexSlixUnlock,
};
void nfc_scene_extra_actions_submenu_callback(void* context, uint32_t index) {
@@ -34,6 +35,12 @@ void nfc_scene_extra_actions_on_enter(void* context) {
SubmenuIndexMfUltralightUnlock,
nfc_scene_extra_actions_submenu_callback,
instance);
submenu_add_item(
submenu,
"Unlock SLIX-L",
SubmenuIndexSlixUnlock,
nfc_scene_extra_actions_submenu_callback,
instance);
submenu_set_selected_item(
submenu, scene_manager_get_scene_state(instance->scene_manager, NfcSceneExtraActions));
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewMenu);
@@ -54,6 +61,9 @@ bool nfc_scene_extra_actions_on_event(void* context, SceneManagerEvent event) {
} else if(event.event == SubmenuIndexReadCardType) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSelectProtocol);
consumed = true;
} else if(event.event == SubmenuIndexSlixUnlock) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlockMenu);
consumed = true;
}
scene_manager_set_scene_state(instance->scene_manager, NfcSceneExtraActions, event.event);
}

6
applications/main/nfc/scenes/nfc_scene_retry_confirm.c
View File

@@ -28,7 +28,11 @@ bool nfc_scene_retry_confirm_on_event(void* context, SceneManagerEvent event) {
if(event.event == DialogExResultRight) {
consumed = scene_manager_previous_scene(nfc->scene_manager);
} else if(event.event == DialogExResultLeft) {
if(scene_manager_has_previous_scene(nfc->scene_manager, NfcSceneMfClassicDictAttack)) {
if(scene_manager_has_previous_scene(nfc->scene_manager, NfcSceneSlixUnlock)) {
consumed = scene_manager_search_and_switch_to_previous_scene(
nfc->scene_manager, NfcSceneSlixUnlock);
} else if(scene_manager_has_previous_scene(
nfc->scene_manager, NfcSceneMfClassicDictAttack)) {
consumed = scene_manager_search_and_switch_to_previous_scene(
nfc->scene_manager, NfcSceneMfClassicDictAttack);
} else if(scene_manager_has_previous_scene(

4
applications/main/nfc/scenes/nfc_scene_set_uid.c
View File

@@ -44,6 +44,10 @@ bool nfc_scene_set_uid_on_event(void* context, SceneManagerEvent event) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSaveSuccess);
consumed = true;
}
} else if(scene_manager_has_previous_scene(instance->scene_manager, NfcSceneReadMenu)) {
scene_manager_search_and_switch_to_previous_scene(
instance->scene_manager, NfcSceneReadMenu);
consumed = true;
} else {
scene_manager_next_scene(instance->scene_manager, NfcSceneSaveName);
consumed = true;

48
applications/main/nfc/scenes/nfc_scene_slix_key_input.c Normal file
View File

@@ -0,0 +1,48 @@
#include "../nfc_app_i.h"
#include <nfc/helpers/nfc_util.h>
void nfc_scene_slix_key_input_byte_input_callback(void* context) {
NfcApp* instance = context;
SlixPassword password = nfc_util_bytes2num(instance->byte_input_store, sizeof(SlixPassword));
slix_unlock_set_password(instance->slix_unlock, password);
view_dispatcher_send_custom_event(instance->view_dispatcher, NfcCustomEventByteInputDone);
}
void nfc_scene_slix_key_input_on_enter(void* context) {
NfcApp* instance = context;
// Setup view
ByteInput* byte_input = instance->byte_input;
byte_input_set_header_text(byte_input, "Enter the password in hex");
byte_input_set_result_callback(
byte_input,
nfc_scene_slix_key_input_byte_input_callback,
NULL,
instance,
instance->byte_input_store,
sizeof(SlixPassword));
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewByteInput);
}
bool nfc_scene_slix_key_input_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == NfcCustomEventByteInputDone) {
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlock);
consumed = true;
}
}
return consumed;
}
void nfc_scene_slix_key_input_on_exit(void* context) {
NfcApp* instance = context;
// Clear view
byte_input_set_result_callback(instance->byte_input, NULL, NULL, NULL, NULL, 0);
byte_input_set_header_text(instance->byte_input, "");
}

70
applications/main/nfc/scenes/nfc_scene_slix_unlock.c Normal file
View File

@@ -0,0 +1,70 @@
#include "../nfc_app_i.h"
#include <nfc/protocols/slix/slix_poller.h>
NfcCommand nfc_scene_slix_unlock_worker_callback(NfcGenericEvent event, void* context) {
furi_assert(event.protocol == NfcProtocolSlix);
NfcCommand command = NfcCommandContinue;
NfcApp* instance = context;
SlixPollerEvent* slix_event = event.event_data;
if(slix_event->type == SlixPollerEventTypePrivacyUnlockRequest) {
SlixPassword pwd = 0;
bool get_password_success = slix_unlock_get_next_password(instance->slix_unlock, &pwd);
slix_event->data->privacy_password.password = pwd;
slix_event->data->privacy_password.password_set = get_password_success;
} else if(slix_event->type == SlixPollerEventTypeError) {
view_dispatcher_send_custom_event(instance->view_dispatcher, NfcCustomEventPollerFailure);
} else if(slix_event->type == SlixPollerEventTypeReady) {
nfc_device_set_data(
instance->nfc_device, NfcProtocolSlix, nfc_poller_get_data(instance->poller));
view_dispatcher_send_custom_event(instance->view_dispatcher, NfcCustomEventPollerSuccess);
command = NfcCommandStop;
}
return command;
}
void nfc_scene_slix_unlock_on_enter(void* context) {
NfcApp* instance = context;
popup_set_icon(instance->popup, 0, 8, &I_NFC_manual_60x50);
popup_set_header(instance->popup, "Unlocking", 97, 15, AlignCenter, AlignTop);
popup_set_text(
instance->popup, "Apply card to\nFlipper's back", 97, 27, AlignCenter, AlignTop);
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewPopup);
instance->poller = nfc_poller_alloc(instance->nfc, NfcProtocolSlix);
nfc_poller_start(instance->poller, nfc_scene_slix_unlock_worker_callback, instance);
}
bool nfc_scene_slix_unlock_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
UNUSED(instance);
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == NfcCustomEventPollerFailure) {
consumed = true;
} else if(event.event == NfcCustomEventPollerSuccess) {
notification_message(instance->notifications, &sequence_success);
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlockSuccess);
consumed = true;
}
} else if(event.type == SceneManagerEventTypeBack) {
consumed = scene_manager_search_and_switch_to_previous_scene(
instance->scene_manager, NfcSceneSlixUnlockMenu);
}
return consumed;
}
void nfc_scene_slix_unlock_on_exit(void* context) {
NfcApp* instance = context;
nfc_poller_stop(instance->poller);
nfc_poller_free(instance->poller);
popup_reset(instance->popup);
}

60
applications/main/nfc/scenes/nfc_scene_slix_unlock_menu.c Normal file
View File

@@ -0,0 +1,60 @@
#include "../nfc_app_i.h"
enum SubmenuIndex {
SubmenuIndexSlixUnlockMenuManual,
SubmenuIndexSlixUnlockMenuTonieBox,
};
void nfc_scene_slix_unlock_menu_submenu_callback(void* context, uint32_t index) {
NfcApp* instance = context;
view_dispatcher_send_custom_event(instance->view_dispatcher, index);
}
void nfc_scene_slix_unlock_menu_on_enter(void* context) {
NfcApp* instance = context;
Submenu* submenu = instance->submenu;
uint32_t state =
scene_manager_get_scene_state(instance->scene_manager, NfcSceneSlixUnlockMenu);
submenu_add_item(
submenu,
"Enter Password Manually",
SubmenuIndexSlixUnlockMenuManual,
nfc_scene_slix_unlock_menu_submenu_callback,
instance);
submenu_add_item(
submenu,
"Auth As TommyBox",
SubmenuIndexSlixUnlockMenuTonieBox,
nfc_scene_slix_unlock_menu_submenu_callback,
instance);
submenu_set_selected_item(submenu, state);
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewMenu);
}
bool nfc_scene_slix_unlock_menu_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == SubmenuIndexSlixUnlockMenuManual) {
slix_unlock_set_method(instance->slix_unlock, SlixUnlockMethodManual);
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixKeyInput);
consumed = true;
} else if(event.event == SubmenuIndexSlixUnlockMenuTonieBox) {
slix_unlock_set_method(instance->slix_unlock, SlixUnlockMethodTonieBox);
scene_manager_next_scene(instance->scene_manager, NfcSceneSlixUnlock);
consumed = true;
}
scene_manager_set_scene_state(
instance->scene_manager, NfcSceneSlixUnlockMenu, event.event);
}
return consumed;
}
void nfc_scene_slix_unlock_menu_on_exit(void* context) {
NfcApp* instance = context;
submenu_reset(instance->submenu);
}

71
applications/main/nfc/scenes/nfc_scene_slix_unlock_success.c Normal file
View File

@@ -0,0 +1,71 @@
#include "../nfc_app_i.h"
static void nfc_scene_slix_unlock_success_widget_callback(
GuiButtonType result,
InputType type,
void* context) {
NfcApp* instance = context;
if(type == InputTypeShort) {
view_dispatcher_send_custom_event(instance->view_dispatcher, result);
}
}
void nfc_scene_slix_unlock_success_on_enter(void* context) {
NfcApp* instance = context;
Widget* widget = instance->widget;
widget_add_string_element(widget, 0, 0, AlignLeft, AlignTop, FontPrimary, "SLIX Unlocked!");
FuriString* temp_str = furi_string_alloc_set_str("UID:");
size_t uid_len = 0;
const uint8_t* uid = nfc_device_get_uid(instance->nfc_device, &uid_len);
for(size_t i = 0; i < uid_len; i++) {
furi_string_cat_printf(temp_str, " %02X", uid[i]);
}
furi_string_cat_printf(temp_str, "\nPrivacy Mode: Disabled");
widget_add_string_multiline_element(
widget, 0, 12, AlignLeft, AlignTop, FontSecondary, furi_string_get_cstr(temp_str));
furi_string_free(temp_str);
widget_add_button_element(
widget,
GuiButtonTypeLeft,
"Retry",
nfc_scene_slix_unlock_success_widget_callback,
instance);
widget_add_button_element(
widget,
GuiButtonTypeRight,
"More",
nfc_scene_slix_unlock_success_widget_callback,
instance);
view_dispatcher_switch_to_view(instance->view_dispatcher, NfcViewWidget);
}
bool nfc_scene_slix_unlock_success_on_event(void* context, SceneManagerEvent event) {
NfcApp* instance = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == GuiButtonTypeLeft) {
scene_manager_next_scene(instance->scene_manager, NfcSceneRetryConfirm);
consumed = true;
} else if(event.event == GuiButtonTypeRight) {
scene_manager_next_scene(instance->scene_manager, NfcSceneReadMenu);
consumed = true;
}
} else if(event.type == SceneManagerEventTypeBack) {
scene_manager_next_scene(instance->scene_manager, NfcSceneExitConfirm);
consumed = true;
}
return consumed;
}
void nfc_scene_slix_unlock_success_on_exit(void* context) {
NfcApp* instance = context;
widget_reset(instance->widget);
}

6
applications/services/cli/cli.c
View File

@@ -6,6 +6,8 @@
#define TAG "CliSrv"
#define CLI_INPUT_LEN_LIMIT 256
Cli* cli_alloc() {
Cli* cli = malloc(sizeof(Cli));
@@ -356,7 +358,9 @@ void cli_process_input(Cli* cli) {
cli_handle_backspace(cli);
} else if(in_chr == CliSymbolAsciiCR) {
cli_handle_enter(cli);
} else if(in_chr >= 0x20 && in_chr < 0x7F) { //-V560
} else if(
(in_chr >= 0x20 && in_chr < 0x7F) && //-V560
(furi_string_size(cli->line) < CLI_INPUT_LEN_LIMIT)) {
if(cli->cursor_position == furi_string_size(cli->line)) {
furi_string_push_back(cli->line, in_chr);
cli_putc(cli, in_chr);