Fix #336, DESFire ATS can be set to any size from 3 to 20

emsec · Aug 25, 2023 · 724ce5b · 724ce5b
1 parent 25e6545
commit 724ce5b
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 20 deletions.
diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFireChameleonTerminal.c b/Firmware/Chameleon-Mini/Application/DESFire/DESFireChameleonTerminal.c
@@ -56,23 +56,24 @@ CommandStatusIdType CommandDESFireSetHeaderProperty(char *OutParam, const char *
         return COMMAND_ERR_INVALID_USAGE_ID;
     }
     char hdrPropSpecStr[24];
-    char propSpecBytesStr[16];
-    BYTE propSpecBytes[16];
+    char propSpecBytesStr[44];
+    BYTE propSpecBytes[44];
     SIZET dataByteCount = 0x00;
     BYTE StatusError = 0x00;
-    if (!sscanf_P(InParams, PSTR("%24s %12s"), hdrPropSpecStr, propSpecBytesStr)) {
+    if (!sscanf_P(InParams, PSTR("%24s %40s"), hdrPropSpecStr, propSpecBytesStr)) {
         return COMMAND_ERR_INVALID_PARAM_ID;
     }
-    hdrPropSpecStr[23] = propSpecBytesStr[15] = '\0';
-    dataByteCount = HexStringToBuffer(propSpecBytes, 16, propSpecBytesStr);
+    hdrPropSpecStr[23] = propSpecBytesStr[43] = '\0';
+    dataByteCount = HexStringToBuffer(propSpecBytes, 44, propSpecBytesStr);
     if (!strcasecmp_P(hdrPropSpecStr, PSTR("ATS"))) {
-        if (dataByteCount != 5) {
+        if (dataByteCount != propSpecBytes[0] || 
+            dataByteCount < 3 || dataByteCount > 20) {
             StatusError = 1;
         } else {
             memcpy(&Picc.ATSBytes[0], propSpecBytes, dataByteCount);
+            Picc.ATSSize = dataByteCount;
         }
-    }
-    if (!strcasecmp_P(hdrPropSpecStr, PSTR("ATQA"))) {
+    } else if (!strcasecmp_P(hdrPropSpecStr, PSTR("ATQA"))) {
         if (dataByteCount != 2) {
             StatusError = 1;
         } else {

diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFireISO14443Support.c b/Firmware/Chameleon-Mini/Application/DESFire/DESFireISO14443Support.c
@@ -147,10 +147,10 @@ uint16_t ISO144434ProcessBlock(uint8_t *Buffer, uint16_t ByteCount, uint16_t Bit
              * NOTE: Some PCD implementations do a memcmp() over ATS bytes, which is completely wrong.
              */
             Iso144434CardID = Buffer[1] & 0x0F;
-            Buffer[0] = 0x06;
-            memcpy(&Buffer[1], &Picc.ATSBytes[1], 4);
-            Buffer[5] = 0x80;                              /* T1: dummy value for historical bytes */
-            ByteCount = 6;
+            //Buffer[0] = 0x06;
+            memcpy(&Buffer[0], &Picc.ATSBytes[0], Picc.ATSSize);
+            //Buffer[5] = 0x80;                              /* T1: dummy value for historical bytes */
+            ByteCount = Picc.ATSSize;
             ISO144434SwitchState(ISO14443_4_STATE_ACTIVE);
             return GetAndSetBufferCRCA(Buffer, ByteCount); /* PM3 'hf mfdes list' expects CRCA bytes on the RATS data */
         }

diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCControl.c b/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCControl.c
@@ -293,6 +293,8 @@ void FormatPicc(void) {
     Picc.ATSBytes[2] = DESFIRE_EV0_ATS_TA_BYTE;
     Picc.ATSBytes[3] = DESFIRE_EV0_ATS_TB_BYTE;
     Picc.ATSBytes[4] = DESFIRE_EV0_ATS_TC_BYTE;
+    Picc.ATSBytes[5] = 0x80;
+    Picc.ATSSize = DESFIRE_DEFAULT_ATS_SIZE;
     /* Set the first free slot to 1 -- slot 0 is the PICC app */
     AppDir.FirstFreeSlot = 0;
     /* Flush the new local struct data out to the FRAM: */

diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCHeaderLayout.h b/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCHeaderLayout.h
@@ -62,6 +62,7 @@ extern bool DesfireATQAReset;
 #define DESFIRE_EV0_ATS_TA_BYTE         0x00 /* TA: Only the lowest bit rate is supported (normal is 0x77) */
 #define DESFIRE_EV0_ATS_TB_BYTE         0x81 /* TB: taken from the DESFire spec */
 #define DESFIRE_EV0_ATS_TC_BYTE         0x02 /* TC: taken from the DESFire spec */
+#define DESFIRE_DEFAULT_ATS_SIZE        0x06
 
 /* Defines for GetVersion */
 #define ID_PHILIPS_NXP                  0x04
@@ -135,7 +136,8 @@ typedef struct DESFIRE_FIRMWARE_PACKING DESFIRE_FIRMWARE_ALIGNAT {
     uint8_t ProductionWeek;
     uint8_t ProductionYear;
     uint8_t ATQA[2];
-    uint8_t ATSBytes[5];
+    uint8_t ATSBytes[20];
+    uint8_t ATSSize;
     /* Dynamic data: changes during the PICC's lifetime */
     uint16_t FirstFreeBlock;
     uint8_t TransactionStarted;

diff --git a/Firmware/Chameleon-Mini/Terminal/Commands.c b/Firmware/Chameleon-Mini/Terminal/Commands.c
@@ -429,8 +429,9 @@ CommandStatusIdType CommandExecParamSend(char *OutMessage, const char *InParams)
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     ApplicationReset();
     Reader14443CurrentCommand = Reader14443_Send;
@@ -471,8 +472,9 @@ CommandStatusIdType CommandExecParamSendRaw(char *OutMessage, const char *InPara
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     ApplicationReset();
     Reader14443CurrentCommand = Reader14443_Send_Raw;
@@ -516,8 +518,9 @@ CommandStatusIdType CommandExecDumpMFU(char *OutMessage) {
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
     ApplicationReset();
 
     Reader14443CurrentCommand = Reader14443_Read_MF_Ultralight;
@@ -547,8 +550,9 @@ CommandStatusIdType CommandExecGetUid(char *OutMessage) { // this function is fo
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
     ApplicationReset();
 
     Reader14443CurrentCommand = Reader14443_Get_UID;
@@ -563,8 +567,9 @@ CommandStatusIdType CommandExecIdentifyCard(char *OutMessage) {
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
     ApplicationReset();
 
     Reader14443CurrentCommand = Reader14443_Identify;
@@ -698,8 +703,9 @@ CommandStatusIdType CommandExecClone(char *OutMessage) {
 CommandStatusIdType CommandGetAutoThreshold(char *OutParam) {
 
     /* Only Execute the command if the current configuration is CONFIG_ISO15693_SNIFF */
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     /* Get Autothreshold mode */
     if (SniffISO15693GetAutoThreshold())
@@ -716,8 +722,9 @@ CommandStatusIdType CommandGetAutoThreshold(char *OutParam) {
 CommandStatusIdType CommandSetAutoThreshold(char *OutMessage, const char *InParam) {
 
     /* Only Execute the command if the current configuration is CONFIG_ISO15693_SNIFF */
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     if (COMMAND_IS_SUGGEST_STRING(InParam)) {
         snprintf(OutMessage, TERMINAL_BUFFER_SIZE, "%c (enable), %c (disable)", COMMAND_CHAR_TRUE, COMMAND_CHAR_FALSE);