Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-05-14 15:38:35 -07:00
Code Issues Packages Projects Releases Wiki Activity

add picopass emulation

Browse Source
This commit is contained in:
Tiernan Messmer
2022-12-22 09:37:37 +10:00
parent 4900e8b7a2
commit 78119a519a
21 changed files with 1054 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
applications/external/picopass/lib/loclass/optimized_cipher.c vendored
View File

@@ -280,7 +280,22 @@ void loclass_opt_doTagMAC_2(
loclass_opt_output(div_key_p, &_init, mac); loclass_opt_output(div_key_p, &_init, mac);
} }
void loclass_iclass_calc_div_key(uint8_t* csn, uint8_t* key, uint8_t* div_key, bool elite) { void loclass_opt_doBothMAC_2(
LoclassState_t _init,
uint8_t* nr,
uint8_t rmac[4],
uint8_t tmac[4],
const uint8_t* div_key_p) {
loclass_opt_suc(div_key_p, &_init, nr, 4, false);
// Save internal state for reuse before outputting
LoclassState_t nr_state = _init;
loclass_opt_output(div_key_p, &_init, rmac);
// Feed the 32 0 bits for the tag mac
loclass_opt_suc(div_key_p, &nr_state, NULL, 0, true);
loclass_opt_output(div_key_p, &nr_state, tmac);
}
void loclass_iclass_calc_div_key(uint8_t* csn, const uint8_t* key, uint8_t* div_key, bool elite) {
if(elite) { if(elite) {
uint8_t keytable[128] = {0}; uint8_t keytable[128] = {0};
uint8_t key_index[8] = {0}; uint8_t key_index[8] = {0};

17
applications/external/picopass/lib/loclass/optimized_cipher.h vendored
View File

@@ -93,6 +93,21 @@ void loclass_opt_doTagMAC_2(
uint8_t mac[4], uint8_t mac[4],
const uint8_t* div_key_p); const uint8_t* div_key_p);
/**
* The same as loclass_opt_doTagMAC_2, but calculates both the reader and tag MACs at the same time
* @param _init - precalculated cipher state
* @param nr - the reader challenge
* @param rmac - where to store the reader MAC
* @param tmac - where to store the tag MAC
* @param div_key_p - the key to use
*/
void loclass_opt_doBothMAC_2(
LoclassState_t _init,
uint8_t* nr,
uint8_t rmac[4],
uint8_t tmac[4],
const uint8_t* div_key_p);
void loclass_doMAC_N(uint8_t* in_p, uint8_t in_size, uint8_t* div_key_p, uint8_t mac[4]); void loclass_doMAC_N(uint8_t* in_p, uint8_t in_size, uint8_t* div_key_p, uint8_t mac[4]);
void loclass_iclass_calc_div_key(uint8_t* csn, uint8_t* key, uint8_t* div_key, bool elite); void loclass_iclass_calc_div_key(uint8_t* csn, const uint8_t* key, uint8_t* div_key, bool elite);
#endif // OPTIMIZED_CIPHER_H #endif // OPTIMIZED_CIPHER_H

6
applications/external/picopass/lib/loclass/optimized_elite.c vendored
View File

@@ -153,7 +153,7 @@ Definition 14. Define the rotate key function loclass_rk : (F 82 ) 8 × N → (F
loclass_rk(x [0] . . . x [7] , 0) = x [0] . . . x [7] loclass_rk(x [0] . . . x [7] , 0) = x [0] . . . x [7]
loclass_rk(x [0] . . . x [7] , n + 1) = loclass_rk(loclass_rl(x [0] ) . . . loclass_rl(x [7] ), n) loclass_rk(x [0] . . . x [7] , n + 1) = loclass_rk(loclass_rl(x [0] ) . . . loclass_rl(x [7] ), n)
**/ **/
static void loclass_rk(uint8_t* key, uint8_t n, uint8_t* outp_key) { static void loclass_rk(const uint8_t* key, uint8_t n, uint8_t* outp_key) {
memcpy(outp_key, key, 8); memcpy(outp_key, key, 8);
uint8_t j; uint8_t j;
while(n-- > 0) { while(n-- > 0) {
@@ -172,7 +172,7 @@ static void loclass_desdecrypt_iclass(uint8_t* iclass_key, uint8_t* input, uint8
mbedtls_des_crypt_ecb(&loclass_ctx_dec, input, output); mbedtls_des_crypt_ecb(&loclass_ctx_dec, input, output);
} }
static void loclass_desencrypt_iclass(uint8_t* iclass_key, uint8_t* input, uint8_t* output) { static void loclass_desencrypt_iclass(const uint8_t* iclass_key, uint8_t* input, uint8_t* output) {
uint8_t key_std_format[8] = {0}; uint8_t key_std_format[8] = {0};
loclass_permutekey_rev(iclass_key, key_std_format); loclass_permutekey_rev(iclass_key, key_std_format);
mbedtls_des_setkey_enc(&loclass_ctx_enc, key_std_format); mbedtls_des_setkey_enc(&loclass_ctx_enc, key_std_format);
@@ -185,7 +185,7 @@ static void loclass_desencrypt_iclass(uint8_t* iclass_key, uint8_t* input, uint8
* @param loclass_hash1 loclass_hash1 * @param loclass_hash1 loclass_hash1
* @param key_sel output key_sel=h[loclass_hash1[i]] * @param key_sel output key_sel=h[loclass_hash1[i]]
*/ */
void loclass_hash2(uint8_t* key64, uint8_t* outp_keytable) { void loclass_hash2(const uint8_t* key64, uint8_t* outp_keytable) {
/** /**
*Expected: *Expected:
* High Security Key Table * High Security Key Table

2
applications/external/picopass/lib/loclass/optimized_elite.h vendored
View File

@@ -53,6 +53,6 @@ void loclass_permutekey_rev(const uint8_t key[8], uint8_t dest[8]);
* @param k output * @param k output
*/ */
void loclass_hash1(const uint8_t* csn, uint8_t* k); void loclass_hash1(const uint8_t* csn, uint8_t* k);
void loclass_hash2(uint8_t* key64, uint8_t* outp_keytable); void loclass_hash2(const uint8_t* key64, uint8_t* outp_keytable);
#endif #endif

100
applications/external/picopass/loclass_writer.c vendored Normal file
View File

@@ -0,0 +1,100 @@
#include "loclass_writer.h"
#include <furi/furi.h>
#include <furi_hal.h>
#include <storage/storage.h>
#include <stream/stream.h>
#include <stream/buffered_file_stream.h>
struct LoclassWriter {
Stream* file_stream;
};
#define LOCLASS_LOGS_PATH EXT_PATH("apps_data/picopass/.loclass.log")
LoclassWriter* loclass_writer_alloc() {
LoclassWriter* instance = malloc(sizeof(LoclassWriter));
Storage* storage = furi_record_open(RECORD_STORAGE);
instance->file_stream = buffered_file_stream_alloc(storage);
if(!buffered_file_stream_open(
instance->file_stream, LOCLASS_LOGS_PATH, FSAM_WRITE, FSOM_OPEN_APPEND)) {
buffered_file_stream_close(instance->file_stream);
stream_free(instance->file_stream);
free(instance);
instance = NULL;
}
furi_record_close(RECORD_STORAGE);
return instance;
}
void loclass_writer_free(LoclassWriter* instance) {
furi_assert(instance != NULL);
buffered_file_stream_close(instance->file_stream);
stream_free(instance->file_stream);
free(instance);
}
bool loclass_writer_write_start_stop(LoclassWriter* instance, bool start) {
FuriHalRtcDateTime curr_dt;
furi_hal_rtc_get_datetime(&curr_dt);
uint32_t curr_ts = furi_hal_rtc_datetime_to_timestamp(&curr_dt);
FuriString* str = furi_string_alloc_printf(
"loclass-v1-info ts %lu %s\n", curr_ts, start ? "started" : "finished");
bool write_success = stream_write_string(instance->file_stream, str);
furi_string_free(str);
return write_success;
}
bool loclass_writer_write_params(
LoclassWriter* instance,
uint8_t log_no,
const uint8_t csn[8],
const uint8_t epurse[8],
const uint8_t nr[4],
const uint8_t mac[4]) {
furi_assert(instance != NULL);
FuriHalRtcDateTime curr_dt;
furi_hal_rtc_get_datetime(&curr_dt);
uint32_t curr_ts = furi_hal_rtc_datetime_to_timestamp(&curr_dt);
FuriString* str = furi_string_alloc_printf(
"loclass-v1-mac ts %lu no %u "
"csn %02x%02x%02x%02x%02x%02x%02x%02x "
"cc %02x%02x%02x%02x%02x%02x%02x%02x "
"nr %02x%02x%02x%02x "
"mac %02x%02x%02x%02x\n",
curr_ts,
log_no,
csn[0],
csn[1],
csn[2],
csn[3],
csn[4],
csn[5],
csn[6],
csn[7],
epurse[0],
epurse[1],
epurse[2],
epurse[3],
epurse[4],
epurse[5],
epurse[6],
epurse[7],
nr[0],
nr[1],
nr[2],
nr[3],
mac[0],
mac[1],
mac[2],
mac[3]);
bool write_success = stream_write_string(instance->file_stream, str);
furi_string_free(str);
return write_success;
}

20
applications/external/picopass/loclass_writer.h vendored Normal file
View File

@@ -0,0 +1,20 @@
#pragma once
#include <stdint.h>
#include <stdbool.h>
typedef struct LoclassWriter LoclassWriter;
LoclassWriter* loclass_writer_alloc();
void loclass_writer_free(LoclassWriter* instance);
bool loclass_writer_write_start_stop(LoclassWriter* instance, bool start);
bool loclass_writer_write_params(
LoclassWriter* instance,
uint8_t log_no,
const uint8_t csn[8],
const uint8_t epurse[8],
const uint8_t nr[4],
const uint8_t mac[4]);

18
applications/external/picopass/picopass.c vendored
View File

@@ -79,6 +79,10 @@ Picopass* picopass_alloc() {
PicopassViewDictAttack, PicopassViewDictAttack,
dict_attack_get_view(picopass->dict_attack)); dict_attack_get_view(picopass->dict_attack));
picopass->loclass = loclass_alloc();
view_dispatcher_add_view(
picopass->view_dispatcher, PicopassViewLoclass, loclass_get_view(picopass->loclass));
return picopass; return picopass;
} }
@@ -112,6 +116,9 @@ void picopass_free(Picopass* picopass) {
view_dispatcher_remove_view(picopass->view_dispatcher, PicopassViewDictAttack); view_dispatcher_remove_view(picopass->view_dispatcher, PicopassViewDictAttack);
dict_attack_free(picopass->dict_attack); dict_attack_free(picopass->dict_attack);
view_dispatcher_remove_view(picopass->view_dispatcher, PicopassViewLoclass);
loclass_free(picopass->loclass);
// Worker // Worker
picopass_worker_stop(picopass->worker); picopass_worker_stop(picopass->worker);
picopass_worker_free(picopass->worker); picopass_worker_free(picopass->worker);
@@ -153,6 +160,13 @@ static const NotificationSequence picopass_sequence_blink_start_cyan = {
NULL, NULL,
}; };
static const NotificationSequence picopass_sequence_blink_start_magenta = {
&message_blink_start_10,
&message_blink_set_color_magenta,
&message_do_not_reset,
NULL,
};
static const NotificationSequence picopass_sequence_blink_stop = { static const NotificationSequence picopass_sequence_blink_stop = {
&message_blink_stop, &message_blink_stop,
NULL, NULL,
@@ -162,6 +176,10 @@ void picopass_blink_start(Picopass* picopass) {
notification_message(picopass->notifications, &picopass_sequence_blink_start_cyan); notification_message(picopass->notifications, &picopass_sequence_blink_start_cyan);
} }
void picopass_blink_emulate_start(Picopass* picopass) {
notification_message(picopass->notifications, &picopass_sequence_blink_start_magenta);
}
void picopass_blink_stop(Picopass* picopass) { void picopass_blink_stop(Picopass* picopass) {
notification_message(picopass->notifications, &picopass_sequence_blink_stop); notification_message(picopass->notifications, &picopass_sequence_blink_stop);
} }

60
applications/external/picopass/picopass_device.h vendored
View File

@@ -7,6 +7,7 @@
#include <mbedtls/des.h> #include <mbedtls/des.h>
#include "rfal_picopass.h" #include "rfal_picopass.h"
#include "loclass_writer.h"
#include <optimized_ikeys.h> #include <optimized_ikeys.h>
#include <optimized_cipher.h> #include <optimized_cipher.h>
#include "helpers/iclass_elite_dict.h" #include "helpers/iclass_elite_dict.h"
@@ -24,6 +25,49 @@
#define PICOPASS_AIA_BLOCK_INDEX 5 #define PICOPASS_AIA_BLOCK_INDEX 5
#define PICOPASS_PACS_CFG_BLOCK_INDEX 6 #define PICOPASS_PACS_CFG_BLOCK_INDEX 6
// Personalization Mode
#define PICOPASS_FUSE_PERS 0x80
// Crypt1 // 1+1 (crypt1+crypt0) means secured and keys changable
#define PICOPASS_FUSE_CRYPT1 0x10
// Crypt0 // 1+0 means secure and keys locked, 0+1 means not secured, 0+0 means disable auth entirely
#define PICOPASS_FUSE_CRTPT0 0x08
#define PICOPASS_FUSE_CRYPT10 (PICOPASS_FUSE_CRYPT1 | PICOPASS_FUSE_CRTPT0)
// Read Access, 1 meanns anonymous read enabled, 0 means must auth to read applicaion
#define PICOPASS_FUSE_RA 0x01
// PicoPass command bytes:
// Low nibble used for command
// High nibble used for options and checksum (MSB)
// The only option we care about in 15693 mode is the key
// which is only used by READCHECK, so for simplicity we
// don't bother breaking down the command and flags into parts
// READ: ADDRESS(1) CRC16(2) -> DATA(8) CRC16(2)
// IDENTIFY: No args -> ASNB(8) CRC16(2)
#define PICOPASS_CMD_READ_OR_IDENTIFY 0x0C
// ADDRESS(1) CRC16(2) -> DATA(32) CRC16(2)
#define PICOPASS_CMD_READ4 0x06
// ADDRESS(1) DATA(8) SIGN(4)|CRC16(2) -> DATA(8) CRC16(2)
#define PICOPASS_CMD_UPDATE 0x87
// ADDRESS(1) -> DATA(8)
#define PICOPASS_CMD_READCHECK_KD 0x88
// ADDRESS(1) -> DATA(8)
#define PICOPASS_CMD_READCHECK_KC 0x18
// CHALLENGE(4) READERSIGNATURE(4) -> CHIPRESPONSE(4)
#define PICOPASS_CMD_CHECK 0x05
// No args -> SOF
#define PICOPASS_CMD_ACTALL 0x0A
// No args -> SOF
#define PICOPASS_CMD_ACT 0x8E
// ASNB(8)|SERIALNB(8) -> SERIALNB(8) CRC16(2)
#define PICOPASS_CMD_SELECT 0x81
// No args -> SERIALNB(8) CRC16(2)
#define PICOPASS_CMD_DETECT 0x0F
// No args -> SOF
#define PICOPASS_CMD_HALT 0x00
// PAGE(1) CRC16(2) -> BLOCK1(8) CRC16(2)
#define PICOPASS_CMD_PAGESEL 0x84
#define PICOPASS_APP_FOLDER ANY_PATH("picopass")
#define PICOPASS_APP_EXTENSION ".picopass" #define PICOPASS_APP_EXTENSION ".picopass"
#define PICOPASS_APP_SHADOW_EXTENSION ".pas" #define PICOPASS_APP_SHADOW_EXTENSION ".pas"
@@ -49,6 +93,13 @@ typedef enum {
PicopassDeviceSaveFormatLF, PicopassDeviceSaveFormatLF,
} PicopassDeviceSaveFormat; } PicopassDeviceSaveFormat;
typedef enum {
PicopassEmulatorStateHalt,
PicopassEmulatorStateIdle,
PicopassEmulatorStateActive,
PicopassEmulatorStateSelected,
} PicopassEmulatorState;
typedef struct { typedef struct {
bool valid; bool valid;
uint8_t bitLength; uint8_t bitLength;
@@ -80,6 +131,15 @@ typedef struct {
IclassEliteDictAttackData iclass_elite_dict_attack_data; IclassEliteDictAttackData iclass_elite_dict_attack_data;
} PicopassDeviceData; } PicopassDeviceData;
typedef struct {
PicopassEmulatorState state;
LoclassState_t cipher_state;
uint8_t key_block_num; // in loclass mode used to store csn#
bool loclass_mode;
bool loclass_got_std_key;
LoclassWriter* loclass_writer;
} PicopassEmulatorCtx;
typedef struct { typedef struct {
Storage* storage; Storage* storage;
DialogsApp* dialogs; DialogsApp* dialogs;

9
applications/external/picopass/picopass_i.h vendored
View File

@@ -22,6 +22,7 @@
#include "scenes/picopass_scene.h" #include "scenes/picopass_scene.h"
#include "views/dict_attack.h" #include "views/dict_attack.h"
#include "views/loclass.h"
#include <storage/storage.h> #include <storage/storage.h>
#include <lib/toolbox/path.h> #include <lib/toolbox/path.h>
@@ -29,6 +30,10 @@
#define PICOPASS_TEXT_STORE_SIZE 128 #define PICOPASS_TEXT_STORE_SIZE 128
#define LOCLASS_NUM_CSNS 9
// Collect 2 MACs per CSN to account for keyroll modes
#define LOCLASS_MACS_TO_COLLECT (LOCLASS_NUM_CSNS * 2)
enum PicopassCustomEvent { enum PicopassCustomEvent {
// Reserve first 100 events for button types and indexes, starting from 0 // Reserve first 100 events for button types and indexes, starting from 0
PicopassCustomEventReserved = 100, PicopassCustomEventReserved = 100,
@@ -63,6 +68,7 @@ struct Picopass {
TextInput* text_input; TextInput* text_input;
Widget* widget; Widget* widget;
DictAttack* dict_attack; DictAttack* dict_attack;
Loclass* loclass;
}; };
typedef enum { typedef enum {
@@ -72,6 +78,7 @@ typedef enum {
PicopassViewTextInput, PicopassViewTextInput,
PicopassViewWidget, PicopassViewWidget,
PicopassViewDictAttack, PicopassViewDictAttack,
PicopassViewLoclass,
} PicopassView; } PicopassView;
Picopass* picopass_alloc(); Picopass* picopass_alloc();
@@ -82,6 +89,8 @@ void picopass_text_store_clear(Picopass* picopass);
void picopass_blink_start(Picopass* picopass); void picopass_blink_start(Picopass* picopass);
void picopass_blink_emulate_start(Picopass* picopass);
void picopass_blink_stop(Picopass* picopass); void picopass_blink_stop(Picopass* picopass);
void picopass_show_loading_popup(void* context, bool show); void picopass_show_loading_popup(void* context, bool show);

516
applications/external/picopass/picopass_worker.c vendored
View File

@@ -1,9 +1,25 @@
#include "picopass_worker_i.h" #include "picopass_worker_i.h"
#include <flipper_format/flipper_format.h> #include <flipper_format/flipper_format.h>
#include <lib/nfc/protocols/nfcv.h>
#define TAG "PicopassWorker" #define TAG "PicopassWorker"
#define HAS_MASK(x, b) ((x & b) == b)
// CSNs from Proxmark3 repo
static const uint8_t loclass_csns[LOCLASS_NUM_CSNS][PICOPASS_BLOCK_LEN] = {
{0x01, 0x0A, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0},
{0x0C, 0x06, 0x0C, 0xFE, 0xF7, 0xFF, 0x12, 0xE0},
{0x10, 0x97, 0x83, 0x7B, 0xF7, 0xFF, 0x12, 0xE0},
{0x13, 0x97, 0x82, 0x7A, 0xF7, 0xFF, 0x12, 0xE0},
{0x07, 0x0E, 0x0D, 0xF9, 0xF7, 0xFF, 0x12, 0xE0},
{0x14, 0x96, 0x84, 0x76, 0xF7, 0xFF, 0x12, 0xE0},
{0x17, 0x96, 0x85, 0x71, 0xF7, 0xFF, 0x12, 0xE0},
{0xCE, 0xC5, 0x0F, 0x77, 0xF7, 0xFF, 0x12, 0xE0},
{0xD2, 0x5A, 0x82, 0xF8, 0xF7, 0xFF, 0x12, 0xE0},
};
static void picopass_worker_enable_field() { static void picopass_worker_enable_field() {
furi_hal_nfc_ll_txrx_on(); furi_hal_nfc_ll_txrx_on();
furi_hal_nfc_exit_sleep(); furi_hal_nfc_exit_sleep();
@@ -68,6 +84,21 @@ void picopass_worker_stop(PicopassWorker* picopass_worker) {
furi_assert(picopass_worker); furi_assert(picopass_worker);
furi_assert(picopass_worker->thread); furi_assert(picopass_worker->thread);
if(furi_thread_get_state(picopass_worker->thread) == FuriThreadStateStopped) {
return;
}
if(picopass_worker->state == PicopassWorkerStateBroken ||
picopass_worker->state == PicopassWorkerStateReady) {
return;
}
if(picopass_worker->state != PicopassWorkerStateEmulate &&
picopass_worker->state != PicopassWorkerStateLoclass) {
// Can't do this while emulating in transparent mode as SPI isn't active
picopass_worker_disable_field(ERR_NONE);
}
if(furi_thread_get_state(picopass_worker->thread) != FuriThreadStateStopped) { if(furi_thread_get_state(picopass_worker->thread) != FuriThreadStateStopped) {
picopass_worker_change_state(picopass_worker, PicopassWorkerStateStop); picopass_worker_change_state(picopass_worker, PicopassWorkerStateStop);
furi_thread_join(picopass_worker->thread); furi_thread_join(picopass_worker->thread);
@@ -587,15 +618,22 @@ void picopass_worker_elite_dict_attack(PicopassWorker* picopass_worker) {
int32_t picopass_worker_task(void* context) { int32_t picopass_worker_task(void* context) {
PicopassWorker* picopass_worker = context; PicopassWorker* picopass_worker = context;
picopass_worker_enable_field();
if(picopass_worker->state == PicopassWorkerStateDetect) { if(picopass_worker->state == PicopassWorkerStateDetect) {
picopass_worker_enable_field();
picopass_worker_detect(picopass_worker); picopass_worker_detect(picopass_worker);
} else if(picopass_worker->state == PicopassWorkerStateWrite) { } else if(picopass_worker->state == PicopassWorkerStateWrite) {
picopass_worker_enable_field();
picopass_worker_write(picopass_worker); picopass_worker_write(picopass_worker);
} else if(picopass_worker->state == PicopassWorkerStateWriteKey) { } else if(picopass_worker->state == PicopassWorkerStateWriteKey) {
picopass_worker_enable_field();
picopass_worker_write_key(picopass_worker); picopass_worker_write_key(picopass_worker);
} else if(picopass_worker->state == PicopassWorkerStateEliteDictAttack) { } else if(picopass_worker->state == PicopassWorkerStateEliteDictAttack) {
picopass_worker_enable_field();
picopass_worker_elite_dict_attack(picopass_worker); picopass_worker_elite_dict_attack(picopass_worker);
} else if(picopass_worker->state == PicopassWorkerStateEmulate) {
picopass_worker_emulate(picopass_worker, false);
} else if(picopass_worker->state == PicopassWorkerStateLoclass) {
picopass_worker_emulate(picopass_worker, true);
} else if(picopass_worker->state == PicopassWorkerStateStop) { } else if(picopass_worker->state == PicopassWorkerStateStop) {
FURI_LOG_D(TAG, "Worker state stop"); FURI_LOG_D(TAG, "Worker state stop");
// no-op // no-op
@@ -749,3 +787,479 @@ void picopass_worker_write_key(PicopassWorker* picopass_worker) {
furi_delay_ms(100); furi_delay_ms(100);
} }
} }
// from proxmark3 armsrc/iclass.c rotateCSN
static void picopass_anticoll_csn(uint8_t* rotated_csn, const uint8_t* original_csn) {
for(uint8_t i = 0; i < 8; i++) {
rotated_csn[i] = (original_csn[i] >> 3) | (original_csn[(i + 1) % 8] << 5);
}
}
static void picopass_append_crc(uint8_t* buf, uint16_t size) {
uint16_t crc = rfalPicoPassCalculateCcitt(0xE012, buf, size);
buf[size] = crc & 0xFF;
buf[size + 1] = crc >> 8;
}
static inline void picopass_emu_read_blocks(
NfcVData* nfcv_data,
uint8_t* buf,
uint8_t block_num,
uint8_t block_count) {
memcpy(
buf, nfcv_data->data + (block_num * PICOPASS_BLOCK_LEN), block_count * PICOPASS_BLOCK_LEN);
}
static inline void picopass_emu_write_blocks(
NfcVData* nfcv_data,
const uint8_t* buf,
uint8_t block_num,
uint8_t block_count) {
memcpy(
nfcv_data->data + (block_num * PICOPASS_BLOCK_LEN), buf, block_count * PICOPASS_BLOCK_LEN);
}
static void picopass_init_cipher_state(NfcVData* nfcv_data, PicopassEmulatorCtx* ctx) {
uint8_t cc[PICOPASS_BLOCK_LEN];
uint8_t key[PICOPASS_BLOCK_LEN];
picopass_emu_read_blocks(nfcv_data, cc, PICOPASS_EPURSE_BLOCK_INDEX, 1);
picopass_emu_read_blocks(nfcv_data, key, ctx->key_block_num, 1);
ctx->cipher_state = loclass_opt_doTagMAC_1(cc, key);
}
static void
loclass_update_csn(FuriHalNfcDevData* nfc_data, NfcVData* nfcv_data, PicopassEmulatorCtx* ctx) {
// collect two nonces in a row for each CSN
uint8_t csn_num = (ctx->key_block_num / 2) % LOCLASS_NUM_CSNS;
memcpy(nfc_data->uid, loclass_csns[csn_num], PICOPASS_BLOCK_LEN);
picopass_emu_write_blocks(nfcv_data, loclass_csns[csn_num], PICOPASS_CSN_BLOCK_INDEX, 1);
}
static void picopass_emu_handle_packet(
FuriHalNfcTxRxContext* tx_rx,
FuriHalNfcDevData* nfc_data,
void* nfcv_data_in) {
NfcVData* nfcv_data = (NfcVData*)nfcv_data_in;
PicopassEmulatorCtx* ctx = nfcv_data->emu_protocol_ctx;
uint8_t response[34];
uint8_t response_length = 0;
uint8_t key_block_num = PICOPASS_KD_BLOCK_INDEX;
const uint8_t block_ff[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
if(nfcv_data->frame_length < 1) {
return;
}
switch(nfcv_data->frame[0]) {
case PICOPASS_CMD_ACTALL: // No args
if(nfcv_data->frame_length != 1) {
return;
}
if(ctx->state != PicopassEmulatorStateHalt) {
ctx->state = PicopassEmulatorStateActive;
}
// Send SOF only
break;
case PICOPASS_CMD_ACT: // No args
if(nfcv_data->frame_length != 1 || ctx->state != PicopassEmulatorStateActive) {
return;
}
// Send SOF only
break;
case PICOPASS_CMD_HALT: // No args
if(nfcv_data->frame_length != 1 || ctx->state != PicopassEmulatorStateSelected) {
return;
}
// Technically we should go to StateHalt, but since we can't detect the field dropping we drop to idle instead
ctx->state = PicopassEmulatorStateIdle;
// Send SOF only
break;
case PICOPASS_CMD_READ_OR_IDENTIFY:
if(nfcv_data->frame_length == 1 &&
ctx->state == PicopassEmulatorStateActive) { // PICOPASS_CMD_IDENTIFY
// ASNB(8) CRC16(2)
picopass_anticoll_csn(response, nfc_data->uid);
picopass_append_crc(response, PICOPASS_BLOCK_LEN);
response_length = PICOPASS_BLOCK_LEN + 2;
break;
} else if(
nfcv_data->frame_length == 4 &&
ctx->state == PicopassEmulatorStateSelected) { // PICOPASS_CMD_READ ADDRESS(1) CRC16(2)
if(nfcv_data->frame[1] >= PICOPASS_MAX_APP_LIMIT) {
return;
}
// TODO: Check CRC?
// TODO: Check auth?
// DATA(8) CRC16(2)
if(nfcv_data->frame[1] == PICOPASS_KD_BLOCK_INDEX ||
nfcv_data->frame[1] == PICOPASS_KC_BLOCK_INDEX) {
// Reading Kd or Kc blocks always returns FF's
memcpy(response, block_ff, PICOPASS_BLOCK_LEN);
} else {
picopass_emu_read_blocks(nfcv_data, response, nfcv_data->frame[1], 1);
}
picopass_append_crc(response, PICOPASS_BLOCK_LEN);
response_length = PICOPASS_BLOCK_LEN + 2;
break;
}
return;
case PICOPASS_CMD_READ4: // ADDRESS(1) CRC16(2)
if(nfcv_data->frame_length != 4 || ctx->state != PicopassEmulatorStateSelected ||
nfcv_data->frame[1] + 4 >= PICOPASS_MAX_APP_LIMIT) {
return;
}
// TODO: Check CRC?
// TODO: Check auth?
uint8_t blockNum = nfcv_data->frame[1];
// DATA(32) CRC16(2)
picopass_emu_read_blocks(nfcv_data, response, blockNum, 4);
if(blockNum == 4) {
// Kc is block 4, so just redact first block of response
memcpy(response, block_ff, PICOPASS_BLOCK_LEN);
} else if(blockNum < 4) {
// Kd is block 3
uint8_t* kdOffset = response + ((3 - blockNum) * PICOPASS_BLOCK_LEN);
memcpy(kdOffset, block_ff, PICOPASS_BLOCK_LEN);
if(blockNum != 0) {
// Redact Kc
memcpy(kdOffset + PICOPASS_BLOCK_LEN, block_ff, PICOPASS_BLOCK_LEN);
}
}
picopass_append_crc(response, PICOPASS_BLOCK_LEN * 4);
response_length = (PICOPASS_BLOCK_LEN * 4) + 2;
break;
case PICOPASS_CMD_SELECT: // ASNB(8)|SERIALNB(8)
if(nfcv_data->frame_length != 9) {
return;
}
uint8_t select_csn[PICOPASS_BLOCK_LEN];
if(ctx->state == PicopassEmulatorStateHalt || ctx->state == PicopassEmulatorStateIdle) {
memcpy(select_csn, nfc_data->uid, PICOPASS_BLOCK_LEN);
} else {
picopass_anticoll_csn(select_csn, nfc_data->uid);
}
if(memcmp(nfcv_data->frame + 1, select_csn, PICOPASS_BLOCK_LEN)) {
if(ctx->state == PicopassEmulatorStateActive) {
ctx->state = PicopassEmulatorStateIdle;
} else if(ctx->state == PicopassEmulatorStateSelected) {
// Technically we should go to StateHalt, but since we can't detect the field dropping we drop to idle instead
ctx->state = PicopassEmulatorStateIdle;
}
return;
}
ctx->state = PicopassEmulatorStateSelected;
// SERIALNB(8) CRC16(2)
memcpy(response, nfc_data->uid, PICOPASS_BLOCK_LEN);
picopass_append_crc(response, PICOPASS_BLOCK_LEN);
response_length = PICOPASS_BLOCK_LEN + 2;
break;
case PICOPASS_CMD_READCHECK_KC: // ADDRESS(1)
key_block_num = PICOPASS_KC_BLOCK_INDEX;
// fallthrough
case PICOPASS_CMD_READCHECK_KD: // ADDRESS(1)
if(nfcv_data->frame_length != 2 || nfcv_data->frame[1] != PICOPASS_EPURSE_BLOCK_INDEX ||
ctx->state != PicopassEmulatorStateSelected) {
return;
}
if(ctx->key_block_num != key_block_num && !ctx->loclass_mode) {
ctx->key_block_num = key_block_num;
picopass_init_cipher_state(nfcv_data, ctx);
}
// DATA(8)
picopass_emu_read_blocks(nfcv_data, response, nfcv_data->frame[1], 1);
response_length = PICOPASS_BLOCK_LEN;
break;
case PICOPASS_CMD_CHECK: // CHALLENGE(4) READERSIGNATURE(4)
if(nfcv_data->frame_length != 9 || ctx->state != PicopassEmulatorStateSelected) {
return;
}
if(ctx->loclass_mode) {
// LOCLASS Reader attack mode
// Copy EPURSE
uint8_t cc[PICOPASS_BLOCK_LEN];
picopass_emu_read_blocks(nfcv_data, cc, PICOPASS_EPURSE_BLOCK_INDEX, 1);
// Check if the nonce is from a standard key
uint8_t key[PICOPASS_BLOCK_LEN];
loclass_iclass_calc_div_key(nfc_data->uid, picopass_iclass_key, key, false);
ctx->cipher_state = loclass_opt_doTagMAC_1(cc, key);
uint8_t rmac[4];
loclass_opt_doBothMAC_2(ctx->cipher_state, nfcv_data->frame + 1, rmac, response, key);
if(!memcmp(nfcv_data->frame + 5, rmac, 4)) {
// MAC from reader matches Standard Key, keyroll mode or non-elite keyed reader.
// Either way no point logging it.
FURI_LOG_W(TAG, "loclass: standard key detected during collection");
ctx->loclass_got_std_key = true;
ctx->state = PicopassEmulatorStateIdle;
return;
}
// Copy CHALLENGE (nr) and READERSIGNATURE (mac) from frame
uint8_t nr[4];
memcpy(nr, nfcv_data->frame + 1, 4);
uint8_t mac[4];
memcpy(mac, nfcv_data->frame + 5, 4);
FURI_LOG_I(TAG, "loclass: got nr/mac pair");
loclass_writer_write_params(
ctx->loclass_writer, ctx->key_block_num, nfc_data->uid, cc, nr, mac);
// Rotate to the next CSN
ctx->key_block_num = (ctx->key_block_num + 1) % (LOCLASS_NUM_CSNS * 2);
loclass_update_csn(nfc_data, nfcv_data, ctx);
ctx->state = PicopassEmulatorStateIdle;
return;
}
uint8_t key[PICOPASS_BLOCK_LEN];
picopass_emu_read_blocks(nfcv_data, key, ctx->key_block_num, 1);
uint8_t rmac[4];
loclass_opt_doBothMAC_2(ctx->cipher_state, nfcv_data->frame + 1, rmac, response, key);
if(memcmp(nfcv_data->frame + 5, rmac, 4)) {
// Bad MAC from reader, do not send a response.
FURI_LOG_I(TAG, "Got bad MAC from reader");
return;
}
// CHIPRESPONSE(4)
response_length = 4;
break;
case PICOPASS_CMD_UPDATE: // ADDRESS(1) DATA(8) SIGN(4)|CRC16(2)
if((nfcv_data->frame_length != 12 && nfcv_data->frame_length != 14) ||
ctx->state != PicopassEmulatorStateSelected) {
return;
}
if(nfcv_data->frame[1] >= PICOPASS_MAX_APP_LIMIT) {
return;
}
uint8_t cfgBlock[PICOPASS_BLOCK_LEN];
picopass_emu_read_blocks(nfcv_data, cfgBlock, PICOPASS_CONFIG_BLOCK_INDEX, 1);
bool persMode = HAS_MASK(cfgBlock[7], PICOPASS_FUSE_PERS);
if((nfcv_data->frame[1] == PICOPASS_CSN_BLOCK_INDEX) // CSN is always read only
||
(!persMode &&
!HAS_MASK(cfgBlock[3], 0x80)) // Chip is in RO mode, no updated possible (even ePurse)
|| (!persMode &&
nfcv_data->frame[1] ==
PICOPASS_AIA_BLOCK_INDEX) // AIA can only be set in personalisation mode
|| (!persMode &&
(nfcv_data->frame[1] == PICOPASS_KD_BLOCK_INDEX ||
nfcv_data->frame[1] == PICOPASS_KC_BLOCK_INDEX) &&
(!HAS_MASK(cfgBlock[7], PICOPASS_FUSE_CRYPT10)))) {
return; // TODO: Is this the right response?
}
if(nfcv_data->frame[1] >= 6 && nfcv_data->frame[1] <= 12) {
if(!HAS_MASK(
cfgBlock[3],
1 << (nfcv_data->frame[1] - 6))) { // bit0 is block6, up to bit6 being block12
// Block is marked as read-only, deny writing
return; // TODO: Is this the right response?
}
}
// TODO: Check CRC/SIGN depending on if in secure mode
// Check correct key
// -> Kd only allows decrementing e-Purse
// -> per-app controlled by key access config
//bool keyAccess = HAS_MASK(cfgBlock[5], 0x01);
// -> must auth with that key to change it
uint8_t blockOffset = nfcv_data->frame[1];
uint8_t block[PICOPASS_BLOCK_LEN];
switch(nfcv_data->frame[1]) {
case PICOPASS_CONFIG_BLOCK_INDEX:
block[0] = cfgBlock[0]; // Applications Limit
block[1] = cfgBlock[1] & nfcv_data->frame[3]; // OTP
block[2] = cfgBlock[2] & nfcv_data->frame[4]; // OTP
block[3] = cfgBlock[3] & nfcv_data->frame[5]; // Block Write Lock
block[4] = cfgBlock[4]; // Chip Config
block[5] = cfgBlock[5]; // Memory Config
block[6] = nfcv_data->frame[8]; // EAS
block[7] = cfgBlock[7]; // Fuses
// Some parts allow w (but not e) if in persMode
if(persMode) {
block[0] &= nfcv_data->frame[2]; // Applications Limit
block[4] &= nfcv_data->frame[6]; // Chip Config
block[5] &= nfcv_data->frame[7]; // Memory Config
block[7] &= nfcv_data->frame[9]; // Fuses
} else {
// Fuses allows setting Crypt1/0 from 1 to 0 only during application mode
block[7] &= nfcv_data->frame[9] | ~PICOPASS_FUSE_CRYPT10;
}
break;
case PICOPASS_EPURSE_BLOCK_INDEX:
// ePurse updates swap first and second half of the block each update
memcpy(block + 4, nfcv_data->frame + 2, 4);
memcpy(block, nfcv_data->frame + 6, 4);
break;
case PICOPASS_KD_BLOCK_INDEX:
// fallthrough
case PICOPASS_KC_BLOCK_INDEX:
if(!persMode) {
picopass_emu_read_blocks(nfcv_data, block, blockOffset, 1);
for(uint8_t i = 0; i < sizeof(PICOPASS_BLOCK_LEN); i++)
block[i] ^= nfcv_data->frame[i + 2];
break;
}
// Use default case when in personalisation mode
// fallthrough
default:
memcpy(block, nfcv_data->frame + 2, PICOPASS_BLOCK_LEN);
break;
}
picopass_emu_write_blocks(nfcv_data, block, blockOffset, 1);
if((nfcv_data->frame[1] == ctx->key_block_num ||
nfcv_data->frame[1] == PICOPASS_EPURSE_BLOCK_INDEX) &&
!ctx->loclass_mode)
picopass_init_cipher_state(nfcv_data, ctx);
// DATA(8) CRC16(2)
if(nfcv_data->frame[1] == PICOPASS_KD_BLOCK_INDEX ||
nfcv_data->frame[1] == PICOPASS_KD_BLOCK_INDEX) {
// Key updates always return FF's
memcpy(response, block_ff, PICOPASS_BLOCK_LEN);
} else {
memcpy(response, block, PICOPASS_BLOCK_LEN);
}
picopass_append_crc(response, PICOPASS_BLOCK_LEN);
response_length = PICOPASS_BLOCK_LEN + 2;
break;
case PICOPASS_CMD_PAGESEL: // PAGE(1) CRC16(2)
// Chips with a single page do not answer to this command
// BLOCK1(8) CRC16(2)
return;
case PICOPASS_CMD_DETECT:
// TODO - not used by iClass though
return;
default:
return;
}
NfcVSendFlags flags = NfcVSendFlagsSof | NfcVSendFlagsOneSubcarrier | NfcVSendFlagsHighRate;
if(response_length > 0) {
flags |= NfcVSendFlagsEof;
}
nfcv_emu_send(
tx_rx,
nfcv_data,
response,
response_length,
flags,
nfcv_data->eof_timestamp + NFCV_FDT_FC(4000)); // 3650 is ~254uS 4000 is ~283uS
}
void picopass_worker_emulate(PicopassWorker* picopass_worker, bool loclass_mode) {
FuriHalNfcTxRxContext tx_rx = {};
PicopassEmulatorCtx emu_ctx = {
.state = PicopassEmulatorStateIdle,
.key_block_num = PICOPASS_KD_BLOCK_INDEX,
.loclass_mode = loclass_mode,
.loclass_got_std_key = false,
.loclass_writer = NULL,
};
FuriHalNfcDevData nfc_data = {
.uid_len = PICOPASS_BLOCK_LEN,
};
NfcVData* nfcv_data = malloc(sizeof(NfcVData));
nfcv_data->block_size = PICOPASS_BLOCK_LEN;
nfcv_data->emu_protocol_ctx = &emu_ctx;
nfcv_data->emu_protocol_handler = &picopass_emu_handle_packet;
PicopassDeviceData* dev_data = picopass_worker->dev_data;
PicopassBlock* blocks = dev_data->AA1;
if(loclass_mode) {
// Setup blocks for loclass attack
emu_ctx.key_block_num = 0;
loclass_update_csn(&nfc_data, nfcv_data, &emu_ctx);
uint8_t conf[8] = {0x12, 0xFF, 0xFF, 0xFF, 0x7F, 0x1F, 0xFF, 0x3C};
picopass_emu_write_blocks(nfcv_data, conf, PICOPASS_CONFIG_BLOCK_INDEX, 1);
uint8_t epurse[8] = {0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
picopass_emu_write_blocks(nfcv_data, epurse, PICOPASS_EPURSE_BLOCK_INDEX, 1);
uint8_t aia[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
picopass_emu_write_blocks(nfcv_data, aia, PICOPASS_AIA_BLOCK_INDEX, 1);
emu_ctx.loclass_writer = loclass_writer_alloc();
loclass_writer_write_start_stop(emu_ctx.loclass_writer, true);
} else {
memcpy(nfc_data.uid, blocks[PICOPASS_CSN_BLOCK_INDEX].data, PICOPASS_BLOCK_LEN);
memcpy(nfcv_data->data, blocks, sizeof(dev_data->AA1));
picopass_init_cipher_state(nfcv_data, &emu_ctx);
}
uint8_t last_loclass_csn_num = 0;
bool loclass_got_std_key = false;
nfcv_emu_init(&nfc_data, nfcv_data);
while(picopass_worker->state == PicopassWorkerStateEmulate ||
picopass_worker->state == PicopassWorkerStateLoclass) {
if(nfcv_emu_loop(&tx_rx, &nfc_data, nfcv_data, 500)) {
if(picopass_worker->callback) {
if((loclass_mode) && (last_loclass_csn_num != emu_ctx.key_block_num)) {
last_loclass_csn_num = emu_ctx.key_block_num;
picopass_worker->callback(
PicopassWorkerEventLoclassGotMac, picopass_worker->context);
} else if((loclass_mode) && !loclass_got_std_key && emu_ctx.loclass_got_std_key) {
loclass_got_std_key = true;
picopass_worker->callback(
PicopassWorkerEventLoclassGotStandardKey, picopass_worker->context);
} else {
picopass_worker->callback(
PicopassWorkerEventSuccess, picopass_worker->context);
}
}
}
}
if(emu_ctx.loclass_writer) {
loclass_writer_write_start_stop(emu_ctx.loclass_writer, false);
loclass_writer_free(emu_ctx.loclass_writer);
}
nfcv_emu_deinit(nfcv_data);
free(nfcv_data);
}

4
applications/external/picopass/picopass_worker.h vendored
View File

@@ -15,6 +15,8 @@ typedef enum {
PicopassWorkerStateWrite, PicopassWorkerStateWrite,
PicopassWorkerStateWriteKey, PicopassWorkerStateWriteKey,
PicopassWorkerStateEliteDictAttack, PicopassWorkerStateEliteDictAttack,
PicopassWorkerStateEmulate,
PicopassWorkerStateLoclass,
// Transition // Transition
PicopassWorkerStateStop, PicopassWorkerStateStop,
} PicopassWorkerState; } PicopassWorkerState;
@@ -32,6 +34,8 @@ typedef enum {
PicopassWorkerEventCardDetected, PicopassWorkerEventCardDetected,
PicopassWorkerEventNewDictKeyBatch, PicopassWorkerEventNewDictKeyBatch,
PicopassWorkerEventNoDictFound, PicopassWorkerEventNoDictFound,
PicopassWorkerEventLoclassGotMac,
PicopassWorkerEventLoclassGotStandardKey,
} PicopassWorkerEvent; } PicopassWorkerEvent;
typedef void (*PicopassWorkerCallback)(PicopassWorkerEvent event, void* context); typedef void (*PicopassWorkerCallback)(PicopassWorkerEvent event, void* context);

2
applications/external/picopass/picopass_worker_i.h vendored
View File

@@ -1,6 +1,7 @@
#pragma once #pragma once
#include "picopass_worker.h" #include "picopass_worker.h"
#include "loclass_writer.h"
#include "picopass_i.h" #include "picopass_i.h"
#include <furi.h> #include <furi.h>
@@ -32,3 +33,4 @@ int32_t picopass_worker_task(void* context);
void picopass_worker_detect(PicopassWorker* picopass_worker); void picopass_worker_detect(PicopassWorker* picopass_worker);
void picopass_worker_write(PicopassWorker* picopass_worker); void picopass_worker_write(PicopassWorker* picopass_worker);
void picopass_worker_write_key(PicopassWorker* picopass_worker); void picopass_worker_write_key(PicopassWorker* picopass_worker);
void picopass_worker_emulate(PicopassWorker* picopass_worker, bool loclass_mode);

3
applications/external/picopass/rfal_picopass.c vendored
View File

@@ -29,8 +29,7 @@ static uint16_t rfalPicoPassUpdateCcitt(uint16_t crcSeed, uint8_t dataByte) {
return crc; return crc;
} }
static uint16_t uint16_t rfalPicoPassCalculateCcitt(uint16_t preloadValue, const uint8_t* buf, uint16_t length) {
rfalPicoPassCalculateCcitt(uint16_t preloadValue, const uint8_t* buf, uint16_t length) {
uint16_t crc = preloadValue; uint16_t crc = preloadValue;
uint16_t index; uint16_t index;

2
applications/external/picopass/rfal_picopass.h vendored
View File

@@ -38,6 +38,8 @@ typedef struct {
uint8_t crc[2]; uint8_t crc[2];
} rfalPicoPassReadBlockRes; } rfalPicoPassReadBlockRes;
uint16_t rfalPicoPassCalculateCcitt(uint16_t preloadValue, const uint8_t* buf, uint16_t length);
FuriHalNfcReturn rfalPicoPassPollerInitialize(void); FuriHalNfcReturn rfalPicoPassPollerInitialize(void);
FuriHalNfcReturn rfalPicoPassPollerCheckPresence(void); FuriHalNfcReturn rfalPicoPassPollerCheckPresence(void);
FuriHalNfcReturn rfalPicoPassPollerIdentify(rfalPicoPassIdentifyRes* idRes); FuriHalNfcReturn rfalPicoPassPollerIdentify(rfalPicoPassIdentifyRes* idRes);

2
applications/external/picopass/scenes/picopass_scene_config.h vendored
View File

@@ -15,3 +15,5 @@ ADD_SCENE(picopass, read_factory_success, ReadFactorySuccess)
ADD_SCENE(picopass, write_key, WriteKey) ADD_SCENE(picopass, write_key, WriteKey)
ADD_SCENE(picopass, key_menu, KeyMenu) ADD_SCENE(picopass, key_menu, KeyMenu)
ADD_SCENE(picopass, elite_dict_attack, EliteDictAttack) ADD_SCENE(picopass, elite_dict_attack, EliteDictAttack)
ADD_SCENE(picopass, emulate, Emulate)
ADD_SCENE(picopass, loclass, Loclass)

58
applications/external/picopass/scenes/picopass_scene_emulate.c vendored Normal file
View File

@@ -0,0 +1,58 @@
#include "../picopass_i.h"
#include <dolphin/dolphin.h>
void picopass_emulate_worker_callback(PicopassWorkerEvent event, void* context) {
furi_assert(context);
Picopass* picopass = context;
view_dispatcher_send_custom_event(picopass->view_dispatcher, event);
}
void picopass_scene_emulate_on_enter(void* context) {
Picopass* picopass = context;
DOLPHIN_DEED(DolphinDeedNfcEmulate);
Widget* widget = picopass->widget;
widget_reset(widget);
widget_add_icon_element(widget, 0, 3, &I_RFIDDolphinSend_97x61);
widget_add_string_element(widget, 89, 32, AlignCenter, AlignTop, FontPrimary, "Emulating");
widget_add_string_element(widget, 89, 42, AlignCenter, AlignTop, FontPrimary, "PicoPass");
// Setup view
view_dispatcher_switch_to_view(picopass->view_dispatcher, PicopassViewWidget);
// Start worker
picopass_worker_start(
picopass->worker,
PicopassWorkerStateEmulate,
&picopass->dev->dev_data,
picopass_emulate_worker_callback,
picopass);
picopass_blink_emulate_start(picopass);
}
bool picopass_scene_emulate_on_event(void* context, SceneManagerEvent event) {
Picopass* picopass = context;
bool consumed = false;
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == PicopassCustomEventWorkerExit) {
consumed = true;
}
} else if(event.type == SceneManagerEventTypeBack) {
consumed = scene_manager_previous_scene(picopass->scene_manager);
}
return consumed;
}
void picopass_scene_emulate_on_exit(void* context) {
Picopass* picopass = context;
picopass_blink_stop(picopass);
// Stop worker
picopass_worker_stop(picopass->worker);
// Clear view
widget_reset(picopass->widget);
}

80
applications/external/picopass/scenes/picopass_scene_loclass.c vendored Normal file
View File

@@ -0,0 +1,80 @@
#include "../picopass_i.h"
#include <dolphin/dolphin.h>
void picopass_loclass_worker_callback(PicopassWorkerEvent event, void* context) {
furi_assert(context);
Picopass* picopass = context;
view_dispatcher_send_custom_event(picopass->view_dispatcher, event);
}
void picopass_loclass_result_callback(void* context) {
furi_assert(context);
Picopass* picopass = context;
view_dispatcher_send_custom_event(picopass->view_dispatcher, PicopassCustomEventViewExit);
}
void picopass_scene_loclass_on_enter(void* context) {
Picopass* picopass = context;
DOLPHIN_DEED(DolphinDeedNfcEmulate);
scene_manager_set_scene_state(picopass->scene_manager, PicopassSceneLoclass, 0);
loclass_set_callback(picopass->loclass, picopass_loclass_result_callback, picopass);
// Start worker
picopass_worker_start(
picopass->worker,
PicopassWorkerStateLoclass,
&picopass->dev->dev_data,
picopass_loclass_worker_callback,
picopass);
picopass_blink_emulate_start(picopass);
loclass_set_header(picopass->loclass, "Loclass");
view_dispatcher_switch_to_view(picopass->view_dispatcher, PicopassViewLoclass);
}
bool picopass_scene_loclass_on_event(void* context, SceneManagerEvent event) {
Picopass* picopass = context;
bool consumed = false;
uint32_t loclass_macs_collected =
scene_manager_get_scene_state(picopass->scene_manager, PicopassSceneLoclass);
if(event.type == SceneManagerEventTypeCustom) {
if(event.event == PicopassWorkerEventLoclassGotMac) {
loclass_macs_collected++;
scene_manager_set_scene_state(
picopass->scene_manager, PicopassSceneLoclass, loclass_macs_collected);
loclass_set_num_macs(picopass->loclass, loclass_macs_collected);
if(loclass_macs_collected >= LOCLASS_MACS_TO_COLLECT) {
scene_manager_previous_scene(picopass->scene_manager);
}
consumed = true;
} else if(event.event == PicopassWorkerEventLoclassGotStandardKey) {
loclass_set_header(picopass->loclass, "Loclass (Got Std Key)");
consumed = true;
} else if(event.event == PicopassCustomEventViewExit) {
consumed = scene_manager_previous_scene(picopass->scene_manager);
}
} else if(event.type == SceneManagerEventTypeBack) {
consumed = scene_manager_previous_scene(picopass->scene_manager);
}
return consumed;
}
void picopass_scene_loclass_on_exit(void* context) {
Picopass* picopass = context;
picopass_blink_stop(picopass);
// Stop worker
picopass_worker_stop(picopass->worker);
loclass_reset(picopass->loclass);
// Clear view
widget_reset(picopass->widget);
}

10
applications/external/picopass/scenes/picopass_scene_saved_menu.c vendored
View File

@@ -4,6 +4,7 @@ enum SubmenuIndex {
SubmenuIndexDelete, SubmenuIndexDelete,
SubmenuIndexInfo, SubmenuIndexInfo,
SubmenuIndexWrite, SubmenuIndexWrite,
SubmenuIndexEmulate,
}; };
void picopass_scene_saved_menu_submenu_callback(void* context, uint32_t index) { void picopass_scene_saved_menu_submenu_callback(void* context, uint32_t index) {
@@ -26,6 +27,12 @@ void picopass_scene_saved_menu_on_enter(void* context) {
submenu, "Info", SubmenuIndexInfo, picopass_scene_saved_menu_submenu_callback, picopass); submenu, "Info", SubmenuIndexInfo, picopass_scene_saved_menu_submenu_callback, picopass);
submenu_add_item( submenu_add_item(
submenu, "Write", SubmenuIndexWrite, picopass_scene_saved_menu_submenu_callback, picopass); submenu, "Write", SubmenuIndexWrite, picopass_scene_saved_menu_submenu_callback, picopass);
submenu_add_item(
submenu,
"Emulate",
SubmenuIndexEmulate,
picopass_scene_saved_menu_submenu_callback,
picopass);
submenu_set_selected_item( submenu_set_selected_item(
picopass->submenu, picopass->submenu,
@@ -51,6 +58,9 @@ bool picopass_scene_saved_menu_on_event(void* context, SceneManagerEvent event)
} else if(event.event == SubmenuIndexWrite) { } else if(event.event == SubmenuIndexWrite) {
scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteCard); scene_manager_next_scene(picopass->scene_manager, PicopassSceneWriteCard);
consumed = true; consumed = true;
} else if(event.event == SubmenuIndexEmulate) {
scene_manager_next_scene(picopass->scene_manager, PicopassSceneEmulate);
consumed = true;
} }
} }

9
applications/external/picopass/scenes/picopass_scene_start.c vendored
View File

@@ -3,6 +3,7 @@ enum SubmenuIndex {
SubmenuIndexRead, SubmenuIndexRead,
SubmenuIndexEliteDictAttack, SubmenuIndexEliteDictAttack,
SubmenuIndexSaved, SubmenuIndexSaved,
SubmenuIndexLoclass,
}; };
void picopass_scene_start_submenu_callback(void* context, uint32_t index) { void picopass_scene_start_submenu_callback(void* context, uint32_t index) {
@@ -24,6 +25,9 @@ void picopass_scene_start_on_enter(void* context) {
submenu_add_item( submenu_add_item(
submenu, "Saved", SubmenuIndexSaved, picopass_scene_start_submenu_callback, picopass); submenu, "Saved", SubmenuIndexSaved, picopass_scene_start_submenu_callback, picopass);
submenu_add_item(
submenu, "Loclass", SubmenuIndexLoclass, picopass_scene_start_submenu_callback, picopass);
submenu_set_selected_item( submenu_set_selected_item(
submenu, scene_manager_get_scene_state(picopass->scene_manager, PicopassSceneStart)); submenu, scene_manager_get_scene_state(picopass->scene_manager, PicopassSceneStart));
picopass_device_clear(picopass->dev); picopass_device_clear(picopass->dev);
@@ -52,6 +56,11 @@ bool picopass_scene_start_on_event(void* context, SceneManagerEvent event) {
picopass->scene_manager, PicopassSceneStart, SubmenuIndexEliteDictAttack); picopass->scene_manager, PicopassSceneStart, SubmenuIndexEliteDictAttack);
scene_manager_next_scene(picopass->scene_manager, PicopassSceneEliteDictAttack); scene_manager_next_scene(picopass->scene_manager, PicopassSceneEliteDictAttack);
consumed = true; consumed = true;
} else if(event.event == SubmenuIndexLoclass) {
scene_manager_set_scene_state(
picopass->scene_manager, PicopassSceneLoclass, PicopassSceneLoclass);
scene_manager_next_scene(picopass->scene_manager, PicopassSceneLoclass);
consumed = true;
} }
} }

106
applications/external/picopass/views/loclass.c vendored Normal file
View File

@@ -0,0 +1,106 @@
#include "loclass.h"
#include "../picopass_worker_i.h"
#include <gui/elements.h>
struct Loclass {
View* view;
LoclassCallback callback;
void* context;
};
typedef struct {
FuriString* header;
uint8_t num_macs;
} LoclassViewModel;
static void loclass_draw_callback(Canvas* canvas, void* model) {
LoclassViewModel* m = model;
char draw_str[32] = {};
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(canvas, 64, 0, AlignCenter, AlignTop, furi_string_get_cstr(m->header));
float progress = m->num_macs == 0 ? 0 :
(float)(m->num_macs) / (float)(LOCLASS_MACS_TO_COLLECT);
if(progress > 1.0) {
progress = 1.0;
}
snprintf(draw_str, sizeof(draw_str), "%d/%d", m->num_macs, LOCLASS_MACS_TO_COLLECT);
elements_progress_bar_with_text(canvas, 0, 20, 128, progress, draw_str);
elements_button_center(canvas, "Skip");
}
static bool loclass_input_callback(InputEvent* event, void* context) {
Loclass* loclass = context;
bool consumed = false;
if(event->type == InputTypeShort && event->key == InputKeyOk) {
if(loclass->callback) {
loclass->callback(loclass->context);
}
consumed = true;
}
return consumed;
}
Loclass* loclass_alloc() {
Loclass* loclass = malloc(sizeof(Loclass));
loclass->view = view_alloc();
view_allocate_model(loclass->view, ViewModelTypeLocking, sizeof(LoclassViewModel));
view_set_draw_callback(loclass->view, loclass_draw_callback);
view_set_input_callback(loclass->view, loclass_input_callback);
view_set_context(loclass->view, loclass);
with_view_model(
loclass->view, LoclassViewModel * model, { model->header = furi_string_alloc(); }, false);
return loclass;
}
void loclass_free(Loclass* loclass) {
furi_assert(loclass);
with_view_model(
loclass->view, LoclassViewModel * model, { furi_string_free(model->header); }, false);
view_free(loclass->view);
free(loclass);
}
void loclass_reset(Loclass* loclass) {
furi_assert(loclass);
with_view_model(
loclass->view,
LoclassViewModel * model,
{
model->num_macs = 0;
furi_string_reset(model->header);
},
false);
}
View* loclass_get_view(Loclass* loclass) {
furi_assert(loclass);
return loclass->view;
}
void loclass_set_callback(Loclass* loclass, LoclassCallback callback, void* context) {
furi_assert(loclass);
furi_assert(callback);
loclass->callback = callback;
loclass->context = context;
}
void loclass_set_header(Loclass* loclass, const char* header) {
furi_assert(loclass);
furi_assert(header);
with_view_model(
loclass->view, LoclassViewModel * model, { furi_string_set(model->header, header); }, true);
}
void loclass_set_num_macs(Loclass* loclass, uint16_t num_macs) {
furi_assert(loclass);
with_view_model(
loclass->view, LoclassViewModel * model, { model->num_macs = num_macs; }, true);
}

22
applications/external/picopass/views/loclass.h vendored Normal file
View File

@@ -0,0 +1,22 @@
#pragma once
#include <stdint.h>
#include <gui/view.h>
#include <gui/modules/widget.h>
typedef struct Loclass Loclass;
typedef void (*LoclassCallback)(void* context);
Loclass* loclass_alloc();
void loclass_free(Loclass* loclass);
void loclass_reset(Loclass* loclass);
View* loclass_get_view(Loclass* loclass);
void loclass_set_callback(Loclass* loclass, LoclassCallback callback, void* context);
void loclass_set_header(Loclass* loclass, const char* header);
void loclass_set_num_macs(Loclass* loclass, uint16_t num_macs);