From 0e78f384044806b98361b8060f1666a87ecfea7f Mon Sep 17 00:00:00 2001 From: Yukai Li Date: Mon, 4 Jul 2022 05:16:59 -0600 Subject: [PATCH] nfc: On-device tag generator (#1319) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * nfc: Add tag generator base * nfc: Fix BCC generation * nfc: Add MFUL EV1 generators * nfc: Fix typos in generator * nfc: Add NTAG21x generators * nfc: More const * nfc: Add NTAG I2C generators * nfc: Add field names to generator initializers * nfc: Move generators to add manually scene * nfc: Revise tag generator UX * nfc: Revert add manually menu item name * nfc: Remove unused scene start submenu index Co-authored-by: あく Co-authored-by: gornekich --- applications/nfc/helpers/nfc_generators.c | 327 ++++++++++++++++++ applications/nfc/helpers/nfc_generators.h | 13 + applications/nfc/nfc.c | 3 + applications/nfc/nfc_i.h | 5 + applications/nfc/scenes/nfc_scene_config.h | 1 + .../nfc/scenes/nfc_scene_generate_info.c | 55 +++ applications/nfc/scenes/nfc_scene_set_type.c | 17 + 7 files changed, 421 insertions(+) create mode 100644 applications/nfc/helpers/nfc_generators.c create mode 100644 applications/nfc/helpers/nfc_generators.h create mode 100644 applications/nfc/scenes/nfc_scene_generate_info.c mode change 100755 => 100644 applications/nfc/scenes/nfc_scene_set_type.c diff --git a/applications/nfc/helpers/nfc_generators.c b/applications/nfc/helpers/nfc_generators.c new file mode 100644 index 00000000..67d9be7a --- /dev/null +++ b/applications/nfc/helpers/nfc_generators.c @@ -0,0 +1,327 @@ +#include +#include "nfc_generators.h" + +#define NXP_MANUFACTURER_ID (0x04) + +static const uint8_t version_bytes_mf0ulx1[] = {0x00, 0x04, 0x03, 0x00, 0x01, 0x00, 0x00, 0x03}; +static const uint8_t version_bytes_ntag21x[] = {0x00, 0x04, 0x04, 0x02, 0x01, 0x00, 0x00, 0x03}; +static const uint8_t version_bytes_ntag_i2c[] = {0x00, 0x04, 0x04, 0x05, 0x02, 0x00, 0x00, 0x03}; +static const uint8_t default_data_ntag213[] = {0x01, 0x03, 0xA0, 0x0C, 0x34, 0x03, 0x00, 0xFE}; +static const uint8_t default_data_ntag215_216[] = {0x03, 0x00, 0xFE}; +static const uint8_t default_data_ntag_i2c[] = {0xE1, 0x10, 0x00, 0x00, 0x03, 0x00, 0xFE}; +static const uint8_t default_config_ntag_i2c[] = {0x01, 0x00, 0xF8, 0x48, 0x08, 0x01, 0x00, 0x00}; + +static void nfc_generate_common_start(NfcDeviceData* data) { + nfc_device_data_clear(data); +} + +static void nfc_generate_mf_ul_uid(uint8_t* uid) { + uid[0] = NXP_MANUFACTURER_ID; + furi_hal_random_fill_buf(&uid[1], 6); + // I'm not sure how this is generated, but the upper nybble always seems to be 8 + uid[6] &= 0x0F; + uid[6] |= 0x80; +} + +static void nfc_generate_mf_ul_common(NfcDeviceData* data) { + data->nfc_data.type = FuriHalNfcTypeA; + data->nfc_data.interface = FuriHalNfcInterfaceRf; + data->nfc_data.uid_len = 7; + nfc_generate_mf_ul_uid(data->nfc_data.uid); + data->nfc_data.atqa[0] = 0x44; + data->nfc_data.atqa[1] = 0x00; + data->nfc_data.sak = 0x00; + data->protocol = NfcDeviceProtocolMifareUl; +} + +static void nfc_generate_calc_bcc(uint8_t* uid, uint8_t* bcc0, uint8_t* bcc1) { + *bcc0 = 0x88 ^ uid[0] ^ uid[1] ^ uid[2]; + *bcc1 = uid[3] ^ uid[4] ^ uid[5] ^ uid[6]; +} + +static void nfc_generate_mf_ul_copy_uid_with_bcc(NfcDeviceData* data) { + MfUltralightData* mful = &data->mf_ul_data; + memcpy(mful->data, data->nfc_data.uid, 3); + memcpy(&mful->data[4], &data->nfc_data.uid[3], 4); + nfc_generate_calc_bcc(data->nfc_data.uid, &mful->data[3], &mful->data[8]); +} + +static void nfc_generate_mf_ul_orig(NfcDeviceData* data) { + nfc_generate_common_start(data); + nfc_generate_mf_ul_common(data); + + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeUnknown; + mful->data_size = 16 * 4; + nfc_generate_mf_ul_copy_uid_with_bcc(data); + // TODO: what's internal byte on page 2? + memset(&mful->data[4 * 4], 0xFF, 4); +} + +static void nfc_generate_mf_ul_with_config_common(NfcDeviceData* data, uint8_t num_pages) { + nfc_generate_common_start(data); + nfc_generate_mf_ul_common(data); + + MfUltralightData* mful = &data->mf_ul_data; + mful->data_size = num_pages * 4; + nfc_generate_mf_ul_copy_uid_with_bcc(data); + uint16_t config_index = (num_pages - 4) * 4; + mful->data[config_index] = 0x04; // STRG_MOD_EN + mful->data[config_index + 3] = 0xFF; // AUTH0 + mful->data[config_index + 5] = 0x05; // VCTID + memset(&mful->data[config_index + 8], 0xFF, 4); // Default PWD + if(num_pages > 20) mful->data[config_index - 1] = MF_UL_TEARING_FLAG_DEFAULT; +} + +static void nfc_generate_mf_ul_ev1_common(NfcDeviceData* data, uint8_t num_pages) { + nfc_generate_mf_ul_with_config_common(data, num_pages); + MfUltralightData* mful = &data->mf_ul_data; + memcpy(&mful->version, version_bytes_mf0ulx1, sizeof(version_bytes_mf0ulx1)); + for(size_t i = 0; i < 3; ++i) { + mful->tearing[i] = MF_UL_TEARING_FLAG_DEFAULT; + } + // TODO: what's internal byte on page 2? +} + +static void nfc_generate_mf_ul_11(NfcDeviceData* data) { + nfc_generate_mf_ul_ev1_common(data, 20); + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeUL11; + mful->version.prod_subtype = 0x01; + mful->version.storage_size = 0x0B; + mful->data[16 * 4] = 0x00; // Low capacitance version does not have STRG_MOD_EN +} + +static void nfc_generate_mf_ul_h11(NfcDeviceData* data) { + nfc_generate_mf_ul_ev1_common(data, 20); + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeUL11; + mful->version.prod_subtype = 0x02; + mful->version.storage_size = 0x0B; +} + +static void nfc_generate_mf_ul_21(NfcDeviceData* data) { + nfc_generate_mf_ul_ev1_common(data, 41); + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeUL21; + mful->version.prod_subtype = 0x01; + mful->version.storage_size = 0x0E; + mful->data[37 * 4] = 0x00; // Low capacitance version does not have STRG_MOD_EN +} + +static void nfc_generate_mf_ul_h21(NfcDeviceData* data) { + nfc_generate_mf_ul_ev1_common(data, 41); + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeUL21; + mful->version.prod_subtype = 0x02; + mful->version.storage_size = 0x0E; +} + +static void nfc_generate_ntag21x_common(NfcDeviceData* data, uint8_t num_pages) { + nfc_generate_mf_ul_with_config_common(data, num_pages); + MfUltralightData* mful = &data->mf_ul_data; + memcpy(&mful->version, version_bytes_ntag21x, sizeof(version_bytes_mf0ulx1)); + mful->data[9] = 0x48; // Internal byte + // Capability container + mful->data[12] = 0xE1; + mful->data[13] = 0x10; +} + +static void nfc_generate_ntag213(NfcDeviceData* data) { + nfc_generate_ntag21x_common(data, 45); + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeNTAG213; + mful->version.storage_size = 0x0F; + mful->data[14] = 0x12; + // Default contents + memcpy(&mful->data[16], default_data_ntag213, sizeof(default_data_ntag213)); +} + +static void nfc_generate_ntag215(NfcDeviceData* data) { + nfc_generate_ntag21x_common(data, 135); + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeNTAG215; + mful->version.storage_size = 0x11; + mful->data[14] = 0x3E; + // Default contents + memcpy(&mful->data[16], default_data_ntag215_216, sizeof(default_data_ntag215_216)); +} + +static void nfc_generate_ntag216(NfcDeviceData* data) { + nfc_generate_ntag21x_common(data, 231); + MfUltralightData* mful = &data->mf_ul_data; + mful->type = MfUltralightTypeNTAG216; + mful->version.storage_size = 0x13; + mful->data[14] = 0x6D; + // Default contents + memcpy(&mful->data[16], default_data_ntag215_216, sizeof(default_data_ntag215_216)); +} + +static void + nfc_generate_ntag_i2c_common(NfcDeviceData* data, MfUltralightType type, uint16_t num_pages) { + nfc_generate_common_start(data); + nfc_generate_mf_ul_common(data); + + MfUltralightData* mful = &data->mf_ul_data; + mful->type = type; + memcpy(&mful->version, version_bytes_ntag_i2c, sizeof(version_bytes_ntag_i2c)); + mful->data_size = num_pages * 4; + memcpy(mful->data, data->nfc_data.uid, data->nfc_data.uid_len); + mful->data[7] = data->nfc_data.sak; + mful->data[8] = data->nfc_data.atqa[0]; + mful->data[9] = data->nfc_data.atqa[1]; + + uint16_t config_register_page; + uint16_t session_register_page; + + // Sync with mifare_ultralight.c + switch(type) { + case MfUltralightTypeNTAGI2C1K: + config_register_page = 227; + session_register_page = 229; + break; + case MfUltralightTypeNTAGI2C2K: + config_register_page = 481; + session_register_page = 483; + break; + case MfUltralightTypeNTAGI2CPlus1K: + case MfUltralightTypeNTAGI2CPlus2K: + config_register_page = 232; + session_register_page = 234; + break; + default: + furi_assert(false); + break; + } + + memcpy( + &mful->data[config_register_page * 4], + default_config_ntag_i2c, + sizeof(default_config_ntag_i2c)); + memcpy( + &mful->data[session_register_page * 4], + default_config_ntag_i2c, + sizeof(default_config_ntag_i2c)); +} + +static void nfc_generate_ntag_i2c_1k(NfcDeviceData* data) { + nfc_generate_ntag_i2c_common(data, MfUltralightTypeNTAGI2C1K, 231); + MfUltralightData* mful = &data->mf_ul_data; + mful->version.prod_ver_minor = 0x01; + mful->version.storage_size = 0x13; + + memcpy(&mful->data[12], default_data_ntag_i2c, sizeof(default_data_ntag_i2c)); + mful->data[14] = 0x6D; // Size of tag in CC +} + +static void nfc_generate_ntag_i2c_2k(NfcDeviceData* data) { + nfc_generate_ntag_i2c_common(data, MfUltralightTypeNTAGI2C2K, 485); + MfUltralightData* mful = &data->mf_ul_data; + mful->version.prod_ver_minor = 0x01; + mful->version.storage_size = 0x15; + + memcpy(&mful->data[12], default_data_ntag_i2c, sizeof(default_data_ntag_i2c)); + mful->data[14] = 0xEA; // Size of tag in CC +} + +static void nfc_generate_ntag_i2c_plus_common( + NfcDeviceData* data, + MfUltralightType type, + uint16_t num_pages) { + nfc_generate_ntag_i2c_common(data, type, num_pages); + + MfUltralightData* mful = &data->mf_ul_data; + uint16_t config_index = 227 * 4; + mful->data[config_index + 3] = 0xFF; // AUTH0 + memset(&mful->data[config_index + 8], 0xFF, 4); // Default PWD +} + +static void nfc_generate_ntag_i2c_plus_1k(NfcDeviceData* data) { + nfc_generate_ntag_i2c_plus_common(data, MfUltralightTypeNTAGI2CPlus1K, 236); + MfUltralightData* mful = &data->mf_ul_data; + mful->version.prod_ver_minor = 0x02; + mful->version.storage_size = 0x13; +} + +static void nfc_generate_ntag_i2c_plus_2k(NfcDeviceData* data) { + nfc_generate_ntag_i2c_plus_common(data, MfUltralightTypeNTAGI2CPlus2K, 492); + MfUltralightData* mful = &data->mf_ul_data; + mful->version.prod_ver_minor = 0x02; + mful->version.storage_size = 0x15; +} + +static const NfcGenerator mf_ul_generator = { + .name = "Mifare Ultralight", + .generator_func = nfc_generate_mf_ul_orig, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator mf_ul_11_generator = { + .name = "Mifare Ultralight EV1 11", + .generator_func = nfc_generate_mf_ul_11, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator mf_ul_h11_generator = { + .name = "Mifare Ultralight EV1 H11", + .generator_func = nfc_generate_mf_ul_h11, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator mf_ul_21_generator = { + .name = "Mifare Ultralight EV1 21", + .generator_func = nfc_generate_mf_ul_21, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator mf_ul_h21_generator = { + .name = "Mifare Ultralight EV1 H21", + .generator_func = nfc_generate_mf_ul_h21, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator ntag213_generator = { + .name = "NTAG213", + .generator_func = nfc_generate_ntag213, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator ntag215_generator = { + .name = "NTAG215", + .generator_func = nfc_generate_ntag215, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator ntag216_generator = { + .name = "NTAG216", + .generator_func = nfc_generate_ntag216, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator ntag_i2c_1k_generator = { + .name = "NTAG I2C 1k", + .generator_func = nfc_generate_ntag_i2c_1k, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator ntag_i2c_2k_generator = { + .name = "NTAG I2C 2k", + .generator_func = nfc_generate_ntag_i2c_2k, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator ntag_i2c_plus_1k_generator = { + .name = "NTAG I2C Plus 1k", + .generator_func = nfc_generate_ntag_i2c_plus_1k, + .next_scene = NfcSceneMifareUlMenu}; + +static const NfcGenerator ntag_i2c_plus_2k_generator = { + .name = "NTAG I2C Plus 2k", + .generator_func = nfc_generate_ntag_i2c_plus_2k, + .next_scene = NfcSceneMifareUlMenu}; + +const NfcGenerator* const nfc_generators[] = { + &mf_ul_generator, + &mf_ul_11_generator, + &mf_ul_h11_generator, + &mf_ul_21_generator, + &mf_ul_h21_generator, + &ntag213_generator, + &ntag215_generator, + &ntag216_generator, + &ntag_i2c_1k_generator, + &ntag_i2c_2k_generator, + &ntag_i2c_plus_1k_generator, + &ntag_i2c_plus_2k_generator, + NULL, +}; diff --git a/applications/nfc/helpers/nfc_generators.h b/applications/nfc/helpers/nfc_generators.h new file mode 100644 index 00000000..10a05591 --- /dev/null +++ b/applications/nfc/helpers/nfc_generators.h @@ -0,0 +1,13 @@ +#pragma once + +#include "../nfc_i.h" + +typedef void (*NfcGeneratorFunc)(NfcDeviceData* data); + +struct NfcGenerator { + const char* name; + NfcGeneratorFunc generator_func; + NfcScene next_scene; +}; + +extern const NfcGenerator* const nfc_generators[]; diff --git a/applications/nfc/nfc.c b/applications/nfc/nfc.c index adc3b149..1999ba6a 100755 --- a/applications/nfc/nfc.c +++ b/applications/nfc/nfc.c @@ -84,6 +84,9 @@ Nfc* nfc_alloc() { view_dispatcher_add_view( nfc->view_dispatcher, NfcViewDictAttack, dict_attack_get_view(nfc->dict_attack)); + // Generator + nfc->generator = NULL; + return nfc; } diff --git a/applications/nfc/nfc_i.h b/applications/nfc/nfc_i.h index a640d957..cdbe3bea 100755 --- a/applications/nfc/nfc_i.h +++ b/applications/nfc/nfc_i.h @@ -33,6 +33,9 @@ #define NFC_SEND_NOTIFICATION_TRUE (1UL) #define NFC_TEXT_STORE_SIZE 128 +// Forward declaration due to circular dependency +typedef struct NfcGenerator NfcGenerator; + struct Nfc { NfcWorker* worker; ViewDispatcher* view_dispatcher; @@ -55,6 +58,8 @@ struct Nfc { Widget* widget; BankCard* bank_card; DictAttack* dict_attack; + + const NfcGenerator* generator; }; typedef enum { diff --git a/applications/nfc/scenes/nfc_scene_config.h b/applications/nfc/scenes/nfc_scene_config.h index e6351d42..5cf2c86f 100755 --- a/applications/nfc/scenes/nfc_scene_config.h +++ b/applications/nfc/scenes/nfc_scene_config.h @@ -37,3 +37,4 @@ ADD_SCENE(nfc, read_mifare_classic, ReadMifareClassic) ADD_SCENE(nfc, emulate_mifare_classic, EmulateMifareClassic) ADD_SCENE(nfc, mifare_classic_menu, MifareClassicMenu) ADD_SCENE(nfc, dict_not_found, DictNotFound) +ADD_SCENE(nfc, generate_info, GenerateInfo) diff --git a/applications/nfc/scenes/nfc_scene_generate_info.c b/applications/nfc/scenes/nfc_scene_generate_info.c new file mode 100644 index 00000000..7fb7eb94 --- /dev/null +++ b/applications/nfc/scenes/nfc_scene_generate_info.c @@ -0,0 +1,55 @@ +#include "../nfc_i.h" +#include "../helpers/nfc_generators.h" + +void nfc_scene_generate_info_dialog_callback(DialogExResult result, void* context) { + Nfc* nfc = context; + + view_dispatcher_send_custom_event(nfc->view_dispatcher, result); +} + +void nfc_scene_generate_info_on_enter(void* context) { + Nfc* nfc = context; + + // Setup dialog view + FuriHalNfcDevData* data = &nfc->dev->dev_data.nfc_data; + DialogEx* dialog_ex = nfc->dialog_ex; + dialog_ex_set_right_button_text(dialog_ex, "More"); + + // Create info text + string_t info_str; + string_init_printf( + info_str, "%s\n%s\nUID:", nfc->generator->name, nfc_get_dev_type(data->type)); + // Append UID + for(int i = 0; i < data->uid_len; ++i) { + string_cat_printf(info_str, " %02X", data->uid[i]); + } + nfc_text_store_set(nfc, string_get_cstr(info_str)); + string_clear(info_str); + + dialog_ex_set_text(dialog_ex, nfc->text_store, 0, 0, AlignLeft, AlignTop); + dialog_ex_set_context(dialog_ex, nfc); + dialog_ex_set_result_callback(dialog_ex, nfc_scene_generate_info_dialog_callback); + + view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewDialogEx); +} + +bool nfc_scene_generate_info_on_event(void* context, SceneManagerEvent event) { + Nfc* nfc = context; + bool consumed = false; + + if(event.type == SceneManagerEventTypeCustom) { + if(event.event == DialogExResultRight) { + scene_manager_next_scene(nfc->scene_manager, nfc->generator->next_scene); + consumed = true; + } + } + + return consumed; +} + +void nfc_scene_generate_info_on_exit(void* context) { + Nfc* nfc = context; + + // Clean views + dialog_ex_reset(nfc->dialog_ex); +} diff --git a/applications/nfc/scenes/nfc_scene_set_type.c b/applications/nfc/scenes/nfc_scene_set_type.c old mode 100755 new mode 100644 index 0fe63424..ec6d1144 --- a/applications/nfc/scenes/nfc_scene_set_type.c +++ b/applications/nfc/scenes/nfc_scene_set_type.c @@ -1,9 +1,11 @@ #include "../nfc_i.h" #include "m-string.h" +#include "../helpers/nfc_generators.h" enum SubmenuIndex { SubmenuIndexNFCA4, SubmenuIndexNFCA7, + SubmenuIndexGeneratorsStart, }; void nfc_scene_set_type_submenu_callback(void* context, uint32_t index) { @@ -22,6 +24,14 @@ void nfc_scene_set_type_on_enter(void* context) { submenu, "NFC-A 7-bytes UID", SubmenuIndexNFCA7, nfc_scene_set_type_submenu_callback, nfc); submenu_add_item( submenu, "NFC-A 4-bytes UID", SubmenuIndexNFCA4, nfc_scene_set_type_submenu_callback, nfc); + + // Generators + int i = SubmenuIndexGeneratorsStart; + for(const NfcGenerator* const* generator = nfc_generators; *generator != NULL; + ++generator, ++i) { + submenu_add_item(submenu, (*generator)->name, i, nfc_scene_set_type_submenu_callback, nfc); + } + view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewMenu); } @@ -40,6 +50,13 @@ bool nfc_scene_set_type_on_event(void* context, SceneManagerEvent event) { nfc->dev->format = NfcDeviceSaveFormatUid; scene_manager_next_scene(nfc->scene_manager, NfcSceneSetSak); consumed = true; + } else { + nfc_device_clear(nfc->dev); + nfc->generator = nfc_generators[event.event - SubmenuIndexGeneratorsStart]; + nfc->generator->generator_func(&nfc->dev->dev_data); + + scene_manager_next_scene(nfc->scene_manager, NfcSceneGenerateInfo); + consumed = true; } } return consumed;