[FL-2759], [FL-2766] NFC collect params for mfkey32 attack (#1643)

* nfc: start nfc over rpc * nfc: add detect reader state * nfc: add reader analyzer * nfc: rework reader analyzer * reader_analyzer: print collected nonces to debug * reader analyzer: add save on SD card * reader_analyzer: separate mfkey related part to different file * mfkey32: add logic for collecting parameters * nfc: rework pcap with reader analyzer * nfc: add logger for reader * nfc: clean up * nfc: add detect reader view * nfc: add detect reader and mfkey nonces scenes * nfc: add mfkey comlplete scene * nfc: add new assets * nfc: fix gui * nfc: fix iso14443-4 UID emulation * nfc: add no sd card notification * nfc: fix grammar Co-authored-by: あく <alleteam@gmail.com>
2022-09-03 15:25:36 +03:00
parent ed2c607dd3
commit 1853359d78
24 changed files with 1154 additions and 251 deletions
--- a/firmware/targets/f7/furi_hal/furi_hal_nfc.c
+++ b/firmware/targets/f7/furi_hal/furi_hal_nfc.c
@@ -217,7 +217,6 @@ bool furi_hal_nfc_listen(
    }
    rfalLowPowerModeStop();
    rfalNfcDiscoverParam params = {
-        .compMode = RFAL_COMPLIANCE_MODE_NFC,
        .techs2Find = RFAL_NFC_LISTEN_TECH_A,
        .totalDuration = 1000,
        .devLimit = 1,
@@ -230,6 +229,11 @@ bool furi_hal_nfc_listen(
        .notifyCb = NULL,
        .activate_after_sak = activate_after_sak,
    };
+    if(FURI_BIT(sak, 5)) {
+        params.compMode = RFAL_COMPLIANCE_MODE_EMV;
+    } else {
+        params.compMode = RFAL_COMPLIANCE_MODE_NFC;
+    }
    params.lmConfigPA.nfcidLen = uid_len;
    memcpy(params.lmConfigPA.nfcid, uid, uid_len);
    params.lmConfigPA.SENS_RES[0] = atqa[0];
@@ -271,6 +275,10 @@ void furi_hal_nfc_listen_sleep() {
    st25r3916ExecuteCommand(ST25R3916_CMD_GOTO_SLEEP);
 }

+void furi_hal_nfc_stop_cmd() {
+    st25r3916ExecuteCommand(ST25R3916_CMD_STOP);
+}
+
 bool furi_hal_nfc_listen_rx(FuriHalNfcTxRxContext* tx_rx, uint32_t timeout_ms) {
    furi_assert(tx_rx);

@@ -283,6 +291,9 @@ bool furi_hal_nfc_listen_rx(FuriHalNfcTxRxContext* tx_rx, uint32_t timeout_ms) {
            if(st25r3916GetInterrupt(ST25R3916_IRQ_MASK_RXE)) {
                furi_hal_nfc_read_fifo(tx_rx->rx_data, &tx_rx->rx_bits);
                data_received = true;
+                if(tx_rx->sniff_rx) {
+                    tx_rx->sniff_rx(tx_rx->rx_data, tx_rx->rx_bits, false, tx_rx->sniff_context);
+                }
                break;
            }
            continue;
@@ -497,14 +508,14 @@ static bool furi_hal_nfc_transparent_tx_rx(FuriHalNfcTxRxContext* tx_rx, uint16_
    furi_hal_spi_bus_handle_init(&furi_hal_spi_bus_handle_nfc);
    st25r3916ExecuteCommand(ST25R3916_CMD_UNMASK_RECEIVE_DATA);

-    if(tx_rx->sniff_tx) {
-        tx_rx->sniff_tx(tx_rx->tx_data, tx_rx->tx_bits, false, tx_rx->sniff_context);
-    }
-
    // Manually wait for interrupt
    furi_hal_gpio_init(&gpio_nfc_irq_rfid_pull, GpioModeInput, GpioPullDown, GpioSpeedVeryHigh);
    st25r3916ClearAndEnableInterrupts(ST25R3916_IRQ_MASK_RXE);

+    if(tx_rx->sniff_tx) {
+        tx_rx->sniff_tx(tx_rx->tx_data, tx_rx->tx_bits, false, tx_rx->sniff_context);
+    }
+
    uint32_t irq = 0;
    uint8_t rxe = 0;
    uint32_t start = DWT->CYCCNT;
--- a/firmware/targets/furi_hal_include/furi_hal_nfc.h
+++ b/firmware/targets/furi_hal_include/furi_hal_nfc.h
@@ -120,6 +120,8 @@ void furi_hal_nfc_field_off();
 */
 void furi_hal_nfc_start_sleep();

+void furi_hal_nfc_stop_cmd();
+
 /** NFC stop sleep
 */
 void furi_hal_nfc_exit_sleep();