NFC FeliCa: Service Directory Traverse + Dump All Unencrypted-Readable Services' Blocks (#4254)

* SimpleArray attached to FelicaData * tx rx done. response parsing done (in log) * dynamic vector as buffer. rendering begin * On screen render for directory tree * flags in render to indicate is_public_readable * beautify render flags * format * offload dynamic vector into individual files * saving. exposed dir tree writing for double use * save: additional formatting * save: clean up and some additional notes * load done * delete unnecessary debug log * Load: safer way to handle backward compatibility `parsed` being true is only contingent on whether the header (device type, UID, etc) are correctly read. The detailed data can be absent if saved from previous versions. Side effects: 1. The data format version number must not increment. 2. Newer sections of dumps must be appended in the end of the file. * format * handle block reading according to IC type Old version was aimed for FeliCa Lite dumping, which doesn't apply to FeliCa standard. Thus they need to be diverged in the poller run workflow. * read block content works. rendering begin * Render Refactor: dir & dump view from submenu * Render: show IC type name * IC parsing function cleanup * Revert "IC parsing function cleanup" This reverts commit ee3f7bf125b54b10d238b0aeb657ba15f27f93ba. * Load: Standard dump. Fully backward compatible * format * sync API version * format saved file * delete unused variable * clean ups * IC type addition * correction * beautify attribute parsing * correction * Lite save: delete extra line * correction: FeliCa link in Lite-S mode * format * Save: simplify printing * update IC type parsing * conform to api standard: const resp ptr to ptr also slightly faster and more readable block dump loop * disambiguate workflow type vs ic type It was too confusing to have the ic name string telling you one thing and ic_type enum saying the other. Might as well use better naming to indicate the use case for the two things * beautify on device render * reject dynamic_vector, embrace m-array * lint * use full variable name * partial fix: poller context's data proper init * edit unit test dump IC code and a small bug fix for the Lite auth workflow * unit test felica dump PMm correction * Fixes for static analysis warnings --------- Co-authored-by: hedger <hedger@nanode.su> Co-authored-by: hedger <hedger@users.noreply.github.com>
2026-05-23 05:24:46 -07:00 · 2025-10-01 18:54:08 +04:00
parent fad487df0e
commit 85b6b2b896
18 changed files with 1219 additions and 89 deletions
--- a/lib/nfc/protocols/felica/felica_poller.c
+++ b/lib/nfc/protocols/felica/felica_poller.c
@@ -1,4 +1,6 @@
 #include "felica_poller_i.h"
+#include <mlib/m-array.h>
+#include <mlib/m-core.h>

 #include <nfc/protocols/nfc_poller_base.h>

@@ -7,6 +9,10 @@

 #define TAG "FelicaPoller"

+ARRAY_DEF(felica_service_array, FelicaService, M_POD_OPLIST); // -V658
+ARRAY_DEF(felica_area_array, FelicaArea, M_POD_OPLIST); // -V658
+ARRAY_DEF(felica_public_block_array, FelicaPublicBlock, M_POD_OPLIST); // -V658
+
 typedef NfcCommand (*FelicaPollerReadHandler)(FelicaPoller* instance);

 const FelicaData* felica_poller_get_data(FelicaPoller* instance) {
@@ -79,15 +85,30 @@ NfcCommand felica_poller_state_handler_activate(FelicaPoller* instance) {
    FelicaError error = felica_poller_activate(instance, instance->data);
    if(error == FelicaErrorNone) {
        furi_hal_random_fill_buf(instance->data->data.fs.rc.data, FELICA_DATA_BLOCK_SIZE);
+        felica_get_workflow_type(instance->data);

        instance->felica_event.type = FelicaPollerEventTypeRequestAuthContext;
        instance->felica_event_data.auth_context = &instance->auth.context;

        instance->callback(instance->general_event, instance->context);

+        switch(instance->data->workflow_type) {
+        case FelicaStandard:
+            instance->state = FelicaPollerStateTraverseStandardSystem;
+            break;
+        case FelicaLite:
+            instance->state = FelicaPollerStateReadLiteBlocks;
+            break;
+        default:
+            // Unimplemented
+            instance->state = FelicaPollerStateReadSuccess;
+            break;
+        }
+
        bool skip_auth = instance->auth.context.skip_auth;
-        instance->state = skip_auth ? FelicaPollerStateReadBlocks :
-                                      FelicaPollerStateAuthenticateInternal;
+        if(!skip_auth) {
+            instance->state = FelicaPollerStateAuthenticateInternal;
+        }
    } else if(error != FelicaErrorTimeout) {
        instance->felica_event.type = FelicaPollerEventTypeError;
        instance->felica_event_data.error = error;
@@ -105,7 +126,18 @@ NfcCommand felica_poller_state_handler_auth_internal(FelicaPoller* instance) {
        instance->data->data.fs.rc.data,
        instance->auth.session_key.data);

-    instance->state = FelicaPollerStateReadBlocks;
+    switch(instance->data->workflow_type) {
+    case FelicaStandard:
+        instance->state = FelicaPollerStateTraverseStandardSystem;
+        break;
+    case FelicaLite:
+        instance->state = FelicaPollerStateReadLiteBlocks;
+        break;
+    default:
+        // Unimplemented
+        instance->state = FelicaPollerStateReadSuccess;
+        break;
+    }

    uint8_t blocks[3] = {FELICA_BLOCK_INDEX_RC, 0, 0};
    FelicaPollerWriteCommandResponse* tx_resp;
@@ -145,7 +177,6 @@ NfcCommand felica_poller_state_handler_auth_internal(FelicaPoller* instance) {

 NfcCommand felica_poller_state_handler_auth_external(FelicaPoller* instance) {
    FURI_LOG_D(TAG, "Auth External");
-    instance->state = FelicaPollerStateReadBlocks;
    uint8_t blocks[2];

    instance->data->data.fs.state.data[0] = 1;
@@ -183,12 +214,177 @@ NfcCommand felica_poller_state_handler_auth_external(FelicaPoller* instance) {
        memcpy(instance->data->data.fs.state.data, rx_resp->data, FELICA_DATA_BLOCK_SIZE);
        instance->auth.context.auth_status.external = instance->data->data.fs.state.data[0];
    } while(false);
-    instance->state = FelicaPollerStateReadBlocks;
+
+    switch(instance->data->workflow_type) {
+    case FelicaStandard:
+        instance->state = FelicaPollerStateTraverseStandardSystem;
+        break;
+    case FelicaLite:
+        instance->state = FelicaPollerStateReadLiteBlocks;
+        break;
+    default:
+        // Unimplemented
+        instance->state = FelicaPollerStateReadSuccess;
+        break;
+    }
+
    return NfcCommandContinue;
 }

-NfcCommand felica_poller_state_handler_read_blocks(FelicaPoller* instance) {
-    FURI_LOG_D(TAG, "Read Blocks");
+NfcCommand felica_poller_state_handler_traverse_standard_system(FelicaPoller* instance) {
+    FURI_LOG_D(TAG, "Traverse Standard System");
+
+    FelicaListServiceCommandResponse* response;
+
+    felica_service_array_t service_buffer;
+    felica_service_array_init(service_buffer);
+    felica_area_array_t area_buffer;
+    felica_area_array_init(area_buffer);
+
+    for(uint16_t cursor = 0; cursor < 0xFFFF; cursor++) {
+        FelicaError error = felica_poller_list_service_by_cursor(instance, cursor, &response);
+        if(error != FelicaErrorNone) {
+            FURI_LOG_E(TAG, "Error %d at cursor %04X", error, cursor);
+            break;
+        }
+
+        uint8_t len = response->header.length;
+        const uint8_t* list_service_payload = response->data;
+        uint16_t code_begin = (uint16_t)(list_service_payload[0] | (list_service_payload[1] << 8));
+
+        if(len != 0x0C && len != 0x0E) {
+            FURI_LOG_E(TAG, "Bad command resp length 0x%02X at cursor 0x%04X", len, cursor);
+            break;
+        }
+
+        if(code_begin == 0xFFFF) {
+            FURI_LOG_D(TAG, "Traverse complete");
+            break;
+        }
+
+        if(len == 0x0E) {
+            FelicaArea* area = felica_area_array_push_raw(area_buffer);
+            memset(area, 0, sizeof *area);
+            area->code = code_begin;
+            area->first_idx = (uint16_t)felica_service_array_size(service_buffer);
+            area->last_idx = 0;
+        } else {
+            FelicaService* service = felica_service_array_push_raw(service_buffer);
+            memset(service, 0, sizeof *service);
+            service->code = code_begin;
+            service->attr = (uint8_t)(code_begin & 0x3F);
+
+            if(felica_area_array_size(area_buffer)) {
+                FelicaArea* current_area = felica_area_array_back(area_buffer);
+                current_area->last_idx = (uint16_t)(felica_service_array_size(service_buffer) - 1);
+            }
+        }
+    }
+
+    const size_t service_num = felica_service_array_size(service_buffer);
+    const size_t area_num = felica_area_array_size(area_buffer);
+
+    if(service_num) {
+        simple_array_init(instance->data->services, (uint32_t)service_num);
+        memcpy(
+            simple_array_get(instance->data->services, 0),
+            service_buffer->ptr,
+            service_num * sizeof(FelicaService));
+    } else {
+        simple_array_reset(instance->data->services);
+    }
+
+    if(area_num) {
+        simple_array_init(instance->data->areas, (uint32_t)area_num);
+        memcpy(
+            simple_array_get(instance->data->areas, 0),
+            area_buffer->ptr,
+            area_num * sizeof(FelicaArea));
+    } else {
+        simple_array_reset(instance->data->areas);
+    }
+
+    FURI_LOG_I(
+        TAG,
+        "Services found: %lu, Areas found: %lu",
+        simple_array_get_count(instance->data->services),
+        simple_array_get_count(instance->data->areas));
+
+    felica_service_array_clear(service_buffer);
+    felica_area_array_clear(area_buffer);
+
+    instance->state = FelicaPollerStateReadStandardBlocks;
+    return NfcCommandContinue;
+}
+
+NfcCommand felica_poller_state_handler_read_standard_blocks(FelicaPoller* instance) {
+    FURI_LOG_D(TAG, "Read Standard Blocks");
+
+    const uint32_t service_count = simple_array_get_count(instance->data->services);
+
+    felica_public_block_array_t public_block_buffer;
+    felica_public_block_array_init(public_block_buffer);
+
+    instance->state = FelicaPollerStateReadSuccess;
+    bool have_read_anything = false;
+
+    for(uint32_t i = 0; i < service_count; i++) {
+        const FelicaService* service = simple_array_get(instance->data->services, i);
+
+        if((service->attr & FELICA_SERVICE_ATTRIBUTE_UNAUTH_READ) == 0) continue;
+
+        uint8_t block_count = 1;
+        uint8_t block_list[1] = {0};
+        FelicaError error = FelicaErrorNone;
+        FelicaPollerReadCommandResponse* response;
+        do {
+            error = felica_poller_read_blocks(
+                instance, block_count, block_list, service->code, &response);
+
+            if(error != FelicaErrorNone) {
+                break;
+            }
+
+            if(response->SF1 == 0 && response->SF2 == 0) {
+                FelicaPublicBlock* public_block =
+                    felica_public_block_array_push_raw(public_block_buffer);
+                memset(public_block, 0, sizeof *public_block);
+                memcpy(public_block->block.data, response->data, FELICA_DATA_BLOCK_SIZE);
+
+                public_block->service_code = service->code;
+                public_block->block_idx = block_list[0];
+
+                have_read_anything = true;
+                block_list[0]++;
+            } else {
+                break; // No more blocks to read in this service, ok to continue for loop
+            }
+        } while(block_list[0] < FELICA_STANDARD_MAX_BLOCK_COUNT);
+
+        if(error != FelicaErrorNone) {
+            instance->felica_event.type = FelicaPollerEventTypeError;
+            instance->felica_event_data.error = error;
+            instance->state = FelicaPollerStateReadFailed;
+            break;
+        }
+    }
+
+    if(have_read_anything) {
+        const size_t n = felica_public_block_array_size(public_block_buffer);
+        simple_array_init(instance->data->public_blocks, (uint32_t)n);
+        memcpy(
+            simple_array_get(instance->data->public_blocks, 0),
+            public_block_buffer->ptr,
+            n * sizeof(FelicaPublicBlock));
+    }
+
+    felica_public_block_array_clear(public_block_buffer);
+
+    return NfcCommandContinue;
+}
+
+NfcCommand felica_poller_state_handler_read_lite_blocks(FelicaPoller* instance) {
+    FURI_LOG_D(TAG, "Read Lite Blocks");

    uint8_t block_count = 1;
    uint8_t block_list[4] = {0, 0, 0, 0};
@@ -266,7 +462,10 @@ static const FelicaPollerReadHandler felica_poller_handler[FelicaPollerStateNum]
    [FelicaPollerStateActivated] = felica_poller_state_handler_activate,
    [FelicaPollerStateAuthenticateInternal] = felica_poller_state_handler_auth_internal,
    [FelicaPollerStateAuthenticateExternal] = felica_poller_state_handler_auth_external,
-    [FelicaPollerStateReadBlocks] = felica_poller_state_handler_read_blocks,
+    [FelicaPollerStateTraverseStandardSystem] =
+        felica_poller_state_handler_traverse_standard_system,
+    [FelicaPollerStateReadStandardBlocks] = felica_poller_state_handler_read_standard_blocks,
+    [FelicaPollerStateReadLiteBlocks] = felica_poller_state_handler_read_lite_blocks,
    [FelicaPollerStateReadSuccess] = felica_poller_state_handler_read_success,
    [FelicaPollerStateReadFailed] = felica_poller_state_handler_read_failed,
 };