From 5642809be5ba6fb31d074085ec517dae27fce89d Mon Sep 17 00:00:00 2001 From: Frank Wu Date: Thu, 11 Jun 2020 20:17:33 +0800 Subject: [PATCH 1/5] Added preliminary support for NTAG215 (cherry picked from commit 83a835033b40b9ae09b457bc0592e1df2bf31a07) --- .../Application/MifareUltralight.c | 55 ++++++++++++++++--- .../Application/MifareUltralight.h | 3 + Firmware/Chameleon-Mini/Configuration.c | 17 ++++++ Firmware/Chameleon-Mini/Configuration.h | 1 + 4 files changed, 67 insertions(+), 9 deletions(-) diff --git a/Firmware/Chameleon-Mini/Application/MifareUltralight.c b/Firmware/Chameleon-Mini/Application/MifareUltralight.c index 1ce11c2e..bb329b38 100644 --- a/Firmware/Chameleon-Mini/Application/MifareUltralight.c +++ b/Firmware/Chameleon-Mini/Application/MifareUltralight.c @@ -89,10 +89,13 @@ #define VERSION_INFO_LENGTH 8 #define SIGNATURE_LENGTH 32 +#define CONFIG_AREA_START_ADDRESS MIFARE_ULTRALIGHT_PAGE_SIZE * 0x83 + static enum { UL_EV0, UL_C, UL_EV1, + UL_NTAG_215 } Flavor; static enum { @@ -202,6 +205,19 @@ static void AppInitEV1Common(void) { AppInitCommon(); } +static void AppInitNTAG215Common(void) { + uint8_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; + uint8_t Access; + + /* Set up the emulation flavor */ + Flavor = UL_NTAG_215; + /* Fetch some of the configuration into RAM */ + MemoryReadBlock(&FirstAuthenticatedPage, ConfigAreaAddress + CONF_AUTH0_OFFSET, 1); + MemoryReadBlock(&Access, ConfigAreaAddress + CONF_ACCESS_OFFSET, 1); + ReadAccessProtected = !!(Access & CONF_ACCESS_PROT); + AppInitCommon(); +} + void MifareUltralightEV11AppInit(void) { PageCount = MIFARE_ULTRALIGHT_EV11_PAGES; AppInitEV1Common(); @@ -212,6 +228,11 @@ void MifareUltralightEV12AppInit(void) { AppInitEV1Common(); } +void MifareUltralightNTAG215AppInit(void) { + PageCount = MIFARE_ULTRALIGHT_NTAG_215_PAGES; + AppInitNTAG215Common(); +} + void MifareUltralightAppReset(void) { State = STATE_IDLE; } @@ -414,14 +435,26 @@ static uint16_t AppProcess(uint8_t *const Buffer, uint16_t ByteCount) { case CMD_GET_VERSION: { /* Provide hardcoded version response */ - Buffer[0] = 0x00; - Buffer[1] = 0x04; - Buffer[2] = 0x03; - Buffer[3] = 0x01; /**/ - Buffer[4] = 0x01; - Buffer[5] = 0x00; - Buffer[6] = PageCount == MIFARE_ULTRALIGHT_EV11_PAGES ? 0x0B : 0x0E; - Buffer[7] = 0x03; + if (Flavor == UL_EV1) { //VERSION RESPONSE FOR EV1 + Buffer[0] = 0x00; + Buffer[1] = 0x04; + Buffer[2] = 0x03; + Buffer[3] = 0x01; /**/ + Buffer[4] = 0x01; + Buffer[5] = 0x00; + Buffer[6] = PageCount == MIFARE_ULTRALIGHT_EV11_PAGES ? 0x0B : 0x0E; + Buffer[7] = 0x03; + } else { //VERSION RESPONSE FOR NTAG 215 + /* Provide hardcoded version response */ + Buffer[0] = 0x00; + Buffer[1] = 0x04; + Buffer[2] = 0x04; + Buffer[3] = 0x02; + Buffer[4] = 0x01; + Buffer[5] = 0x00; + Buffer[6] = 0x11; + Buffer[7] = 0x03; + } ISO14443AAppendCRCA(Buffer, VERSION_INFO_LENGTH); return (VERSION_INFO_LENGTH + ISO14443A_CRCA_SIZE) * 8; } @@ -459,7 +492,11 @@ static uint16_t AppProcess(uint8_t *const Buffer, uint16_t ByteCount) { return NAK_FRAME_SIZE; } /* Read and compare the password */ - MemoryReadBlock(Password, ConfigAreaAddress + CONF_PASSWORD_OFFSET, 4); + if (Flavor == UL_EV1) { //VERSION RESPONSE FOR EV1 + MemoryReadBlock(Password, ConfigAreaAddress + CONF_PASSWORD_OFFSET, 4); + } else { //VERSION RESPONSE FOR NTAG 215 + MemoryReadBlock(Password, CONFIG_AREA_START_ADDRESS + CONF_PASSWORD_OFFSET, 4); + } if (Password[0] != Buffer[1] || Password[1] != Buffer[2] || Password[2] != Buffer[3] || Password[3] != Buffer[4]) { Buffer[0] = NAK_AUTH_FAILED; return NAK_FRAME_SIZE; diff --git a/Firmware/Chameleon-Mini/Application/MifareUltralight.h b/Firmware/Chameleon-Mini/Application/MifareUltralight.h index 91ac96b5..6cb773fd 100644 --- a/Firmware/Chameleon-Mini/Application/MifareUltralight.h +++ b/Firmware/Chameleon-Mini/Application/MifareUltralight.h @@ -21,13 +21,16 @@ #define MIFARE_ULTRALIGHT_PAGES 16 #define MIFARE_ULTRALIGHT_EV11_PAGES 20 #define MIFARE_ULTRALIGHT_EV12_PAGES 41 +#define MIFARE_ULTRALIGHT_NTAG_215_PAGES 135 //135 pages total, from 0 to 134 #define MIFARE_ULTRALIGHT_MEM_SIZE (MIFARE_ULTRALIGHT_PAGES * MIFARE_ULTRALIGHT_PAGE_SIZE) #define MIFARE_ULTRALIGHT_EV11_MEM_SIZE (MIFARE_ULTRALIGHT_EV11_PAGES * MIFARE_ULTRALIGHT_PAGE_SIZE) #define MIFARE_ULTRALIGHT_EV12_MEM_SIZE (MIFARE_ULTRALIGHT_EV12_PAGES * MIFARE_ULTRALIGHT_PAGE_SIZE) +#define MIFARE_ULTRALIGHT_NTAG_215_MEM_SIZE ( MIFARE_ULTRALIGHT_NTAG_215_PAGES * MIFARE_ULTRALIGHTC_PAGE_SIZE ) void MifareUltralightAppInit(void); void MifareUltralightEV11AppInit(void); void MifareUltralightEV12AppInit(void); +void MifareUltralightNTAG215AppInit(void); void MifareUltralightAppReset(void); void MifareUltralightAppTask(void); diff --git a/Firmware/Chameleon-Mini/Configuration.c b/Firmware/Chameleon-Mini/Configuration.c index aef4fb82..31286910 100644 --- a/Firmware/Chameleon-Mini/Configuration.c +++ b/Firmware/Chameleon-Mini/Configuration.c @@ -19,6 +19,7 @@ static const MapEntryType PROGMEM ConfigurationMap[] = { { .Id = CONFIG_MF_ULTRALIGHT_EV1_80B, .Text = "MF_ULTRALIGHT_EV1_80B" }, { .Id = CONFIG_MF_ULTRALIGHT_EV1_164B, .Text = "MF_ULTRALIGHT_EV1_164B" }, {.Id = CONFIG_MF_ULTRALIGHT_C, .Text = "MF_ULTRALIGHT_C"}, + { .Id = CONFIG_MF_ULTRALIGHT_NTAG_215, .Text = "MF_ULTRALIGHT_NTAG_215" }, #endif #ifdef CONFIG_MF_CLASSIC_MINI_4B_SUPPORT { .Id = CONFIG_MF_CLASSIC_MINI_4B, .Text = "MF_CLASSIC_MINI_4B" }, @@ -156,6 +157,22 @@ static const PROGMEM ConfigurationType ConfigurationTable[] = { .ReadOnly = false, .TagFamily = TAG_FAMILY_ISO14443A }, + [CONFIG_MF_ULTRALIGHT_NTAG_215] = { + .CodecInitFunc = ISO14443ACodecInit, + .CodecDeInitFunc = ISO14443ACodecDeInit, + .CodecTaskFunc = ISO14443ACodecTask, + .ApplicationInitFunc = MifareUltralightNTAG215AppInit, + .ApplicationResetFunc = MifareUltralightAppReset, + .ApplicationTaskFunc = MifareUltralightAppTask, + .ApplicationTickFunc = ApplicationTickDummy, + .ApplicationProcessFunc = MifareUltralightAppProcess, + .ApplicationGetUidFunc = MifareUltralightGetUid, + .ApplicationSetUidFunc = MifareUltralightSetUid, + .UidSize = MIFARE_ULTRALIGHT_UID_SIZE, + .MemorySize = MIFARE_ULTRALIGHT_NTAG_215_MEM_SIZE, + .ReadOnly = false, + .TagFamily = TAG_FAMILY_ISO14443A + }, #endif #ifdef CONFIG_MF_CLASSIC_MINI_4B_SUPPORT [CONFIG_MF_CLASSIC_MINI_4B] = { diff --git a/Firmware/Chameleon-Mini/Configuration.h b/Firmware/Chameleon-Mini/Configuration.h index f348d44c..4f58ac47 100644 --- a/Firmware/Chameleon-Mini/Configuration.h +++ b/Firmware/Chameleon-Mini/Configuration.h @@ -25,6 +25,7 @@ typedef enum { CONFIG_MF_ULTRALIGHT_C, CONFIG_MF_ULTRALIGHT_EV1_80B, CONFIG_MF_ULTRALIGHT_EV1_164B, + CONFIG_MF_ULTRALIGHT_NTAG_215, #endif #ifdef CONFIG_MF_CLASSIC_MINI_4B_SUPPORT CONFIG_MF_CLASSIC_MINI_4B, From a62aee33c1a1375463eadb5b7385dba2f7272d7d Mon Sep 17 00:00:00 2001 From: Frank Wu Date: Thu, 11 Jun 2020 21:42:43 +0800 Subject: [PATCH 2/5] Refactoring the useless code (cherry picked from commit 4b13ab123e9a4cef49cd8e74b27d3dc789fa71f6) --- Firmware/Chameleon-Mini/Application/MifareUltralight.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Firmware/Chameleon-Mini/Application/MifareUltralight.c b/Firmware/Chameleon-Mini/Application/MifareUltralight.c index bb329b38..18227ef8 100644 --- a/Firmware/Chameleon-Mini/Application/MifareUltralight.c +++ b/Firmware/Chameleon-Mini/Application/MifareUltralight.c @@ -89,8 +89,6 @@ #define VERSION_INFO_LENGTH 8 #define SIGNATURE_LENGTH 32 -#define CONFIG_AREA_START_ADDRESS MIFARE_ULTRALIGHT_PAGE_SIZE * 0x83 - static enum { UL_EV0, UL_C, @@ -492,11 +490,7 @@ static uint16_t AppProcess(uint8_t *const Buffer, uint16_t ByteCount) { return NAK_FRAME_SIZE; } /* Read and compare the password */ - if (Flavor == UL_EV1) { //VERSION RESPONSE FOR EV1 - MemoryReadBlock(Password, ConfigAreaAddress + CONF_PASSWORD_OFFSET, 4); - } else { //VERSION RESPONSE FOR NTAG 215 - MemoryReadBlock(Password, CONFIG_AREA_START_ADDRESS + CONF_PASSWORD_OFFSET, 4); - } + MemoryReadBlock(Password, ConfigAreaAddress + CONF_PASSWORD_OFFSET, 4); if (Password[0] != Buffer[1] || Password[1] != Buffer[2] || Password[2] != Buffer[3] || Password[3] != Buffer[4]) { Buffer[0] = NAK_AUTH_FAILED; return NAK_FRAME_SIZE; From fd0b203548104d3be10e95e961f36f2da78858a7 Mon Sep 17 00:00:00 2001 From: Frank Wu Date: Fri, 12 Jun 2020 22:32:20 +0800 Subject: [PATCH 3/5] update NAK comment for NTAG (cherry picked from commit 928cc10bcd09c008d80a2e9c499289d0cb8568de) --- Firmware/Chameleon-Mini/Application/MifareUltralight.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Firmware/Chameleon-Mini/Application/MifareUltralight.c b/Firmware/Chameleon-Mini/Application/MifareUltralight.c index 18227ef8..cae7f4ce 100644 --- a/Firmware/Chameleon-Mini/Application/MifareUltralight.c +++ b/Firmware/Chameleon-Mini/Application/MifareUltralight.c @@ -21,12 +21,13 @@ #define ACK_FRAME_SIZE 4 /* Bits */ #define NAK_INVALID_ARG 0x00 #define NAK_CRC_ERROR 0x01 -#define NAK_CTR_ERROR 0x04 +#define NAK_CTR_ERROR 0x04 /* counter overflow for EV1 */ +#define NAK_NOT_AUTHED 0x04 /* invalid authentication & counter overflow for NATG */ #define NAK_EEPROM_ERROR 0x05 #define NAK_OTHER_ERROR 0x06 /* NOTE: the spec is not crystal clear which error is returned */ -#define NAK_AUTH_REQUIRED NAK_OTHER_ERROR -#define NAK_AUTH_FAILED NAK_OTHER_ERROR +#define NAK_AUTH_REQUIRED NAK_OTHER_ERROR /* probably is NAK_NOT_AUTHED 0x04 */ +#define NAK_AUTH_FAILED NAK_OTHER_ERROR /* probably is NAK_NOT_AUTHED 0x04 */ #define NAK_FRAME_SIZE 4 /* ISO commands */ From 62c4f8084606b9b7db68847f90cc65fe22f5f921 Mon Sep 17 00:00:00 2001 From: HexRabbit Date: Sat, 13 Jun 2020 16:40:41 +0800 Subject: [PATCH 4/5] Enlarge `ConfigAreaAddress` size to avoid overflow (cherry picked from commit 9720e7eba203f1607202f12a545dc8702a4d76d3) --- Firmware/Chameleon-Mini/Application/MifareUltralight.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Firmware/Chameleon-Mini/Application/MifareUltralight.c b/Firmware/Chameleon-Mini/Application/MifareUltralight.c index cae7f4ce..805aaf59 100644 --- a/Firmware/Chameleon-Mini/Application/MifareUltralight.c +++ b/Firmware/Chameleon-Mini/Application/MifareUltralight.c @@ -192,7 +192,7 @@ void MifareUltralightAppInit(void) { } static void AppInitEV1Common(void) { - uint8_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; + uint16_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; uint8_t Access; /* Set up the emulation flavor */ @@ -205,7 +205,7 @@ static void AppInitEV1Common(void) { } static void AppInitNTAG215Common(void) { - uint8_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; + uint16_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; uint8_t Access; /* Set up the emulation flavor */ @@ -481,7 +481,7 @@ static uint16_t AppProcess(uint8_t *const Buffer, uint16_t ByteCount) { } case CMD_PWD_AUTH: { - uint8_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; + uint16_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; uint8_t Password[4]; /* Verify value and increment authentication attempt counter */ @@ -554,7 +554,7 @@ static uint16_t AppProcess(uint8_t *const Buffer, uint16_t ByteCount) { return (1 + ISO14443A_CRCA_SIZE) * 8; case CMD_VCSL: { - uint8_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; + uint16_t ConfigAreaAddress = PageCount * MIFARE_ULTRALIGHT_PAGE_SIZE - CONFIG_AREA_SIZE; /* Input is ignored completely */ /* Read out the value */ MemoryReadBlock(Buffer, ConfigAreaAddress + CONF_VCTID_OFFSET, 1); From c197325e536bf6a988402553ce473463ed2acd11 Mon Sep 17 00:00:00 2001 From: Frank Wu Date: Sat, 13 Jun 2020 17:43:08 +0800 Subject: [PATCH 5/5] Added empty dump example for NTAG215 (cherry picked from commit 61e455bfb47fbe93ec38ec7d112e01c976976190) --- Dumps/NTAG215_empty.bin | Bin 0 -> 540 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 Dumps/NTAG215_empty.bin diff --git a/Dumps/NTAG215_empty.bin b/Dumps/NTAG215_empty.bin new file mode 100644 index 0000000000000000000000000000000000000000..8b133bdf32b84f6b60ee73b14ce1316de19fa5a3 GIT binary patch literal 540 ocmZQk7Tp!ZV&C|}gMs0pfE@!f!#{>mFk(aCKgj3*fdE7U0A>CPXaE2J literal 0 HcmV?d00001