Merge pull request #337 from emsec/fix336

Fix336
emsec · Aug 29, 2023 · ad0eece · ad0eece
2 parents 25e6545 + f297cf0
commit ad0eece
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 21 deletions.
diff --git a/Doc/DESFireSupportReadme.md b/Doc/DESFireSupportReadme.md
@@ -20,7 +20,7 @@ The UID for the tag can be set using separate Chameleon terminal commands as
 usual for all other configurations.
 We can modify the remaining tag header information emulated by the tag as follows:
 ```bash
-DF_SETHDR=ATS xxxxxxxxxx
+DF_SETHDR=ATS NNxxxx[...]
 DF_SETHDR=ATQA xxxx
 DF_SETHDR=ManuID xx
 DF_SETHDR=HwType xx
@@ -34,6 +34,7 @@ DF_SETHDR=SwVers mmMM
 DF_SETHDR=BatchNo xxxxxxxxxx
 DF_SETHDR=ProdDate WWYY
 ```
+Warning! The ATS bytes have the following structure `NNxxxx[...]` where NN is the length of the entire ATS, including the length byte. The ATS (inc. the len byte) can be from 3 to 20 bytes long. The default is `067577810280`.
 
 ##### Examples:
 

diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFireChameleonTerminal.c b/Firmware/Chameleon-Mini/Application/DESFire/DESFireChameleonTerminal.c
@@ -56,23 +56,24 @@ CommandStatusIdType CommandDESFireSetHeaderProperty(char *OutParam, const char *
         return COMMAND_ERR_INVALID_USAGE_ID;
     }
     char hdrPropSpecStr[24];
-    char propSpecBytesStr[16];
-    BYTE propSpecBytes[16];
+    char propSpecBytesStr[44];
+    BYTE propSpecBytes[44];
     SIZET dataByteCount = 0x00;
     BYTE StatusError = 0x00;
-    if (!sscanf_P(InParams, PSTR("%24s %12s"), hdrPropSpecStr, propSpecBytesStr)) {
+    if (!sscanf_P(InParams, PSTR("%24s %40s"), hdrPropSpecStr, propSpecBytesStr)) {
         return COMMAND_ERR_INVALID_PARAM_ID;
     }
-    hdrPropSpecStr[23] = propSpecBytesStr[15] = '\0';
-    dataByteCount = HexStringToBuffer(propSpecBytes, 16, propSpecBytesStr);
+    hdrPropSpecStr[23] = propSpecBytesStr[43] = '\0';
+    dataByteCount = HexStringToBuffer(propSpecBytes, 44, propSpecBytesStr);
     if (!strcasecmp_P(hdrPropSpecStr, PSTR("ATS"))) {
-        if (dataByteCount != 5) {
+        if (dataByteCount != propSpecBytes[0] || 
+            dataByteCount < 3 || dataByteCount > 20) {
             StatusError = 1;
         } else {
             memcpy(&Picc.ATSBytes[0], propSpecBytes, dataByteCount);
+            Picc.ATSSize = dataByteCount;
         }
-    }
-    if (!strcasecmp_P(hdrPropSpecStr, PSTR("ATQA"))) {
+    } else if (!strcasecmp_P(hdrPropSpecStr, PSTR("ATQA"))) {
         if (dataByteCount != 2) {
             StatusError = 1;
         } else {

diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFireISO14443Support.c b/Firmware/Chameleon-Mini/Application/DESFire/DESFireISO14443Support.c
@@ -147,10 +147,10 @@ uint16_t ISO144434ProcessBlock(uint8_t *Buffer, uint16_t ByteCount, uint16_t Bit
              * NOTE: Some PCD implementations do a memcmp() over ATS bytes, which is completely wrong.
              */
             Iso144434CardID = Buffer[1] & 0x0F;
-            Buffer[0] = 0x06;
-            memcpy(&Buffer[1], &Picc.ATSBytes[1], 4);
-            Buffer[5] = 0x80;                              /* T1: dummy value for historical bytes */
-            ByteCount = 6;
+            //Buffer[0] = 0x06;
+            memcpy(&Buffer[0], &Picc.ATSBytes[0], Picc.ATSSize);
+            //Buffer[5] = 0x80;                              /* T1: dummy value for historical bytes */
+            ByteCount = Picc.ATSSize;
             ISO144434SwitchState(ISO14443_4_STATE_ACTIVE);
             return GetAndSetBufferCRCA(Buffer, ByteCount); /* PM3 'hf mfdes list' expects CRCA bytes on the RATS data */
         }

diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCControl.c b/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCControl.c
@@ -293,6 +293,8 @@ void FormatPicc(void) {
     Picc.ATSBytes[2] = DESFIRE_EV0_ATS_TA_BYTE;
     Picc.ATSBytes[3] = DESFIRE_EV0_ATS_TB_BYTE;
     Picc.ATSBytes[4] = DESFIRE_EV0_ATS_TC_BYTE;
+    Picc.ATSBytes[5] = 0x80;
+    Picc.ATSSize = DESFIRE_DEFAULT_ATS_SIZE;
     /* Set the first free slot to 1 -- slot 0 is the PICC app */
     AppDir.FirstFreeSlot = 0;
     /* Flush the new local struct data out to the FRAM: */

diff --git a/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCHeaderLayout.h b/Firmware/Chameleon-Mini/Application/DESFire/DESFirePICCHeaderLayout.h
@@ -62,6 +62,7 @@ extern bool DesfireATQAReset;
 #define DESFIRE_EV0_ATS_TA_BYTE         0x00 /* TA: Only the lowest bit rate is supported (normal is 0x77) */
 #define DESFIRE_EV0_ATS_TB_BYTE         0x81 /* TB: taken from the DESFire spec */
 #define DESFIRE_EV0_ATS_TC_BYTE         0x02 /* TC: taken from the DESFire spec */
+#define DESFIRE_DEFAULT_ATS_SIZE        0x06
 
 /* Defines for GetVersion */
 #define ID_PHILIPS_NXP                  0x04
@@ -135,7 +136,8 @@ typedef struct DESFIRE_FIRMWARE_PACKING DESFIRE_FIRMWARE_ALIGNAT {
     uint8_t ProductionWeek;
     uint8_t ProductionYear;
     uint8_t ATQA[2];
-    uint8_t ATSBytes[5];
+    uint8_t ATSBytes[20];
+    uint8_t ATSSize;
     /* Dynamic data: changes during the PICC's lifetime */
     uint16_t FirstFreeBlock;
     uint8_t TransactionStarted;

diff --git a/Firmware/Chameleon-Mini/Terminal/Commands.c b/Firmware/Chameleon-Mini/Terminal/Commands.c
@@ -429,8 +429,9 @@ CommandStatusIdType CommandExecParamSend(char *OutMessage, const char *InParams)
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     ApplicationReset();
     Reader14443CurrentCommand = Reader14443_Send;
@@ -471,8 +472,9 @@ CommandStatusIdType CommandExecParamSendRaw(char *OutMessage, const char *InPara
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     ApplicationReset();
     Reader14443CurrentCommand = Reader14443_Send_Raw;
@@ -516,8 +518,9 @@ CommandStatusIdType CommandExecDumpMFU(char *OutMessage) {
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
     ApplicationReset();
 
     Reader14443CurrentCommand = Reader14443_Read_MF_Ultralight;
@@ -547,8 +550,9 @@ CommandStatusIdType CommandExecGetUid(char *OutMessage) { // this function is fo
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
     ApplicationReset();
 
     Reader14443CurrentCommand = Reader14443_Get_UID;
@@ -563,8 +567,9 @@ CommandStatusIdType CommandExecIdentifyCard(char *OutMessage) {
 #ifndef CONFIG_ISO14443A_READER_SUPPORT
     return COMMAND_ERR_INVALID_USAGE_ID;
 #else
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO14443A_READER){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
     ApplicationReset();
 
     Reader14443CurrentCommand = Reader14443_Identify;
@@ -698,8 +703,9 @@ CommandStatusIdType CommandExecClone(char *OutMessage) {
 CommandStatusIdType CommandGetAutoThreshold(char *OutParam) {
 
     /* Only Execute the command if the current configuration is CONFIG_ISO15693_SNIFF */
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     /* Get Autothreshold mode */
     if (SniffISO15693GetAutoThreshold())
@@ -716,8 +722,9 @@ CommandStatusIdType CommandGetAutoThreshold(char *OutParam) {
 CommandStatusIdType CommandSetAutoThreshold(char *OutMessage, const char *InParam) {
 
     /* Only Execute the command if the current configuration is CONFIG_ISO15693_SNIFF */
-    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF)
+    if (GlobalSettings.ActiveSettingPtr->Configuration != CONFIG_ISO15693_SNIFF){
         return COMMAND_ERR_INVALID_USAGE_ID;
+    }
 
     if (COMMAND_IS_SUGGEST_STRING(InParam)) {
         snprintf(OutMessage, TERMINAL_BUFFER_SIZE, "%c (enable), %c (disable)", COMMAND_CHAR_TRUE, COMMAND_CHAR_FALSE);