added ISO15693 (NfcV) reading, saving, emulating and revealing from p…

…rivacy mode (unlock) (#2316) * added support for ISO15693 (NfcV) emulation, added support for reading SLIX tags * SLIX: fixed crash situation when an invalid password was requested * ISO15693: show emulate menu when opening file * rename NfcV emulate scene to match other NfcV names * optimize allocation size for signals * ISO15693: further optimizations of allocation and free code * ISO15693: reduce latency on state machine reset * respond with block security status when option flag is set * increased maximum memory size to match standard added security status handling/load/save added SELECT/QUIET handling more fine grained allocation routines and checks fix memset sizes * added "Listen NfcV Reader" to sniff traffic from reader to card * added correct description to delete menu * also added DSFID/AFI handling and locking * increase sniff log size * scale NfcV frequency a bit, add echo mode, fix signal level at the end * use symbolic modulated/unmodulated GPIO levels * honor AFI field, decrease verbosity and removed debug code * refactor defines for less namespace pollution by using NFCV_ prefixes * correct an oversight that original cards return an generic error when addressing outside block range * use inverse modulation, increasing readable range significantly * rework and better document nfc chip initialization * nfcv code review fixes * Disable accidentally left on signal debug gpio output * Improve NFCV Read/Info GUIs. Authored by @xMasterX, committed by @nvx * Fix crash that occurs when you exit from NFCV emulation and start it again. Authored by @xMasterX, committed by @nvx * Remove delay from emulation loop. This improves compatibility when the reader is Android. * Lib: digital signal debug output pin info Co-authored-by: Tiernan Messmer <[email protected]> Co-authored-by: MX <[email protected]> Co-authored-by: gornekich <[email protected]> Co-authored-by: あく <[email protected]>
flipperdevices · Jun 8, 2023 · c186d2b · c186d2b
1 parent 436194e
commit c186d2b
Show file tree

Hide file tree

Showing 27 changed files with 3,737 additions and 33 deletions.
diff --git a/applications/main/nfc/helpers/nfc_custom_event.h b/applications/main/nfc/helpers/nfc_custom_event.h
@@ -12,4 +12,6 @@ enum NfcCustomEvent {
     NfcCustomEventDictAttackSkip,
     NfcCustomEventRpcLoad,
     NfcCustomEventRpcSessionClose,
+    NfcCustomEventUpdateLog,
+    NfcCustomEventSaveShadow,
 };
diff --git a/applications/main/nfc/nfc.c b/applications/main/nfc/nfc.c
@@ -290,6 +290,9 @@ int32_t nfc_app(void* p) {
                 } else if(nfc->dev->format == NfcDeviceSaveFormatMifareClassic) {
                     scene_manager_next_scene(nfc->scene_manager, NfcSceneMfClassicEmulate);
                     DOLPHIN_DEED(DolphinDeedNfcEmulate);
+                } else if(nfc->dev->format == NfcDeviceSaveFormatNfcV) {
+                    scene_manager_next_scene(nfc->scene_manager, NfcSceneNfcVEmulate);
+                    DOLPHIN_DEED(DolphinDeedNfcEmulate);
                 } else if(nfc->dev->format == NfcDeviceSaveFormatBankCard) {
                     scene_manager_next_scene(nfc->scene_manager, NfcSceneDeviceInfo);
                 } else {

diff --git a/applications/main/nfc/scenes/nfc_scene_config.h b/applications/main/nfc/scenes/nfc_scene_config.h
@@ -14,6 +14,13 @@ ADD_SCENE(nfc, file_select, FileSelect)
 ADD_SCENE(nfc, emulate_uid, EmulateUid)
 ADD_SCENE(nfc, nfca_read_success, NfcaReadSuccess)
 ADD_SCENE(nfc, nfca_menu, NfcaMenu)
+ADD_SCENE(nfc, nfcv_menu, NfcVMenu)
+ADD_SCENE(nfc, nfcv_unlock_menu, NfcVUnlockMenu)
+ADD_SCENE(nfc, nfcv_key_input, NfcVKeyInput)
+ADD_SCENE(nfc, nfcv_unlock, NfcVUnlock)
+ADD_SCENE(nfc, nfcv_emulate, NfcVEmulate)
+ADD_SCENE(nfc, nfcv_sniff, NfcVSniff)
+ADD_SCENE(nfc, nfcv_read_success, NfcVReadSuccess)
 ADD_SCENE(nfc, mf_ultralight_read_success, MfUltralightReadSuccess)
 ADD_SCENE(nfc, mf_ultralight_data, MfUltralightData)
 ADD_SCENE(nfc, mf_ultralight_menu, MfUltralightMenu)

diff --git a/applications/main/nfc/scenes/nfc_scene_delete.c b/applications/main/nfc/scenes/nfc_scene_delete.c
@@ -31,6 +31,8 @@ void nfc_scene_delete_on_enter(void* context) {
         nfc->widget, 64, 24, AlignCenter, AlignTop, FontSecondary, furi_string_get_cstr(temp_str));
 
     NfcProtocol protocol = nfc->dev->dev_data.protocol;
+    const char* nfc_type = "NFC-A";
+
     if(protocol == NfcDeviceProtocolEMV) {
         furi_string_set(temp_str, "EMV bank card");
     } else if(protocol == NfcDeviceProtocolMifareUl) {
@@ -39,12 +41,15 @@ void nfc_scene_delete_on_enter(void* context) {
         furi_string_set(temp_str, nfc_mf_classic_type(nfc->dev->dev_data.mf_classic_data.type));
     } else if(protocol == NfcDeviceProtocolMifareDesfire) {
         furi_string_set(temp_str, "MIFARE DESFire");
+    } else if(protocol == NfcDeviceProtocolNfcV) {
+        furi_string_set(temp_str, "ISO15693 tag");
+        nfc_type = "NFC-V";
     } else {
         furi_string_set(temp_str, "Unknown ISO tag");
     }
     widget_add_string_element(
         nfc->widget, 64, 34, AlignCenter, AlignTop, FontSecondary, furi_string_get_cstr(temp_str));
-    widget_add_string_element(nfc->widget, 64, 44, AlignCenter, AlignTop, FontSecondary, "NFC-A");
+    widget_add_string_element(nfc->widget, 64, 44, AlignCenter, AlignTop, FontSecondary, nfc_type);
     furi_string_free(temp_str);
 
     view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewWidget);

diff --git a/applications/main/nfc/scenes/nfc_scene_extra_actions.c b/applications/main/nfc/scenes/nfc_scene_extra_actions.c
@@ -4,6 +4,8 @@ enum SubmenuIndex {
     SubmenuIndexReadCardType,
     SubmenuIndexMfClassicKeys,
     SubmenuIndexMfUltralightUnlock,
+    SubmenuIndexNfcVUnlock,
+    SubmenuIndexNfcVSniff,
 };
 
 void nfc_scene_extra_actions_submenu_callback(void* context, uint32_t index) {
@@ -34,6 +36,18 @@ void nfc_scene_extra_actions_on_enter(void* context) {
         SubmenuIndexMfUltralightUnlock,
         nfc_scene_extra_actions_submenu_callback,
         nfc);
+    submenu_add_item(
+        submenu,
+        "Unlock SLIX-L",
+        SubmenuIndexNfcVUnlock,
+        nfc_scene_extra_actions_submenu_callback,
+        nfc);
+    submenu_add_item(
+        submenu,
+        "Listen NfcV Reader",
+        SubmenuIndexNfcVSniff,
+        nfc_scene_extra_actions_submenu_callback,
+        nfc);
     submenu_set_selected_item(
         submenu, scene_manager_get_scene_state(nfc->scene_manager, NfcSceneExtraActions));
     view_dispatcher_switch_to_view(nfc->view_dispatcher, NfcViewMenu);
@@ -58,6 +72,12 @@ bool nfc_scene_extra_actions_on_event(void* context, SceneManagerEvent event) {
             scene_manager_set_scene_state(nfc->scene_manager, NfcSceneReadCardType, 0);
             scene_manager_next_scene(nfc->scene_manager, NfcSceneReadCardType);
             consumed = true;
+        } else if(event.event == SubmenuIndexNfcVUnlock) {
+            scene_manager_next_scene(nfc->scene_manager, NfcSceneNfcVUnlockMenu);
+            consumed = true;
+        } else if(event.event == SubmenuIndexNfcVSniff) {
+            scene_manager_next_scene(nfc->scene_manager, NfcSceneNfcVSniff);
+            consumed = true;
         }
         scene_manager_set_scene_state(nfc->scene_manager, NfcSceneExtraActions, event.event);
     }

diff --git a/applications/main/nfc/scenes/nfc_scene_nfc_data_info.c b/applications/main/nfc/scenes/nfc_scene_nfc_data_info.c
@@ -41,19 +41,165 @@ void nfc_scene_nfc_data_info_on_enter(void* context) {
             temp_str, "\e#%s\n", nfc_mf_classic_type(dev_data->mf_classic_data.type));
     } else if(protocol == NfcDeviceProtocolMifareDesfire) {
         furi_string_cat_printf(temp_str, "\e#MIFARE DESFire\n");
+    } else if(protocol == NfcDeviceProtocolNfcV) {
+        switch(dev_data->nfcv_data.sub_type) {
+        case NfcVTypePlain:
+            furi_string_cat_printf(temp_str, "\e#ISO15693\n");
+            break;
+        case NfcVTypeSlix:
+            furi_string_cat_printf(temp_str, "\e#ISO15693 SLIX\n");
+            break;
+        case NfcVTypeSlixS:
+            furi_string_cat_printf(temp_str, "\e#ISO15693 SLIX-S\n");
+            break;
+        case NfcVTypeSlixL:
+            furi_string_cat_printf(temp_str, "\e#ISO15693 SLIX-L\n");
+            break;
+        case NfcVTypeSlix2:
+            furi_string_cat_printf(temp_str, "\e#ISO15693 SLIX2\n");
+            break;
+        default:
+            furi_string_cat_printf(temp_str, "\e#ISO15693 (unknown)\n");
+            break;
+        }
     } else {
         furi_string_cat_printf(temp_str, "\e#Unknown ISO tag\n");
     }
 
     // Set tag iso data
-    char iso_type = FURI_BIT(nfc_data->sak, 5) ? '4' : '3';
-    furi_string_cat_printf(temp_str, "ISO 14443-%c (NFC-A)\n", iso_type);
-    furi_string_cat_printf(temp_str, "UID:");
-    for(size_t i = 0; i < nfc_data->uid_len; i++) {
-        furi_string_cat_printf(temp_str, " %02X", nfc_data->uid[i]);
+    if(protocol == NfcDeviceProtocolNfcV) {
+        NfcVData* nfcv_data = &nfc->dev->dev_data.nfcv_data;
+
+        furi_string_cat_printf(temp_str, "UID:\n");
+        for(size_t i = 0; i < nfc_data->uid_len; i++) {
+            furi_string_cat_printf(temp_str, " %02X", nfc_data->uid[i]);
+        }
+        furi_string_cat_printf(temp_str, "\n");
+
+        furi_string_cat_printf(
+            temp_str,
+            "DSFID: %02X %s\n",
+            nfcv_data->dsfid,
+            (nfcv_data->security_status[0] & NfcVLockBitDsfid) ? "(locked)" : "");
+        furi_string_cat_printf(
+            temp_str,
+            "AFI: %02X %s\n",
+            nfcv_data->afi,
+            (nfcv_data->security_status[0] & NfcVLockBitAfi) ? "(locked)" : "");
+        furi_string_cat_printf(temp_str, "IC Ref: %02X\n", nfcv_data->ic_ref);
+        furi_string_cat_printf(temp_str, "Blocks: %02X\n", nfcv_data->block_num);
+        furi_string_cat_printf(temp_str, "Blocksize: %02X\n", nfcv_data->block_size);
+
+        switch(dev_data->nfcv_data.sub_type) {
+        case NfcVTypePlain:
+            furi_string_cat_printf(temp_str, "Type: Plain\n");
+            break;
+        case NfcVTypeSlix:
+            furi_string_cat_printf(temp_str, "Type: SLIX\n");
+            furi_string_cat_printf(temp_str, "Keys:\n");
+            furi_string_cat_printf(
+                temp_str,
+                " EAS      %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_eas, 4));
+            break;
+        case NfcVTypeSlixS:
+            furi_string_cat_printf(temp_str, "Type: SLIX-S\n");
+            furi_string_cat_printf(temp_str, "Keys:\n");
+            furi_string_cat_printf(
+                temp_str,
+                " Read     %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_read, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " Write    %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_write, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " Privacy  %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_privacy, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " Destroy  %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_destroy, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " EAS      %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_eas, 4));
+            break;
+        case NfcVTypeSlixL:
+            furi_string_cat_printf(temp_str, "Type: SLIX-L\n");
+            furi_string_cat_printf(temp_str, "Keys:\n");
+            furi_string_cat_printf(
+                temp_str,
+                " Privacy  %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_privacy, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " Destroy  %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_destroy, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " EAS      %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_eas, 4));
+            break;
+        case NfcVTypeSlix2:
+            furi_string_cat_printf(temp_str, "Type: SLIX2\n");
+            furi_string_cat_printf(temp_str, "Keys:\n");
+            furi_string_cat_printf(
+                temp_str,
+                " Read     %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_read, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " Write    %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_write, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " Privacy  %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_privacy, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " Destroy  %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_destroy, 4));
+            furi_string_cat_printf(
+                temp_str,
+                " EAS      %08llX\n",
+                nfc_util_bytes2num(nfcv_data->sub_data.slix.key_eas, 4));
+            break;
+        default:
+            furi_string_cat_printf(temp_str, "\e#ISO15693 (unknown)\n");
+            break;
+        }
+
+        furi_string_cat_printf(
+            temp_str, "Data (%d byte)\n", nfcv_data->block_num * nfcv_data->block_size);
+
+        int maxBlocks = nfcv_data->block_num;
+        if(maxBlocks > 32) {
+            maxBlocks = 32;
+            furi_string_cat_printf(temp_str, "(truncated to %d blocks)\n", maxBlocks);
+        }
+
+        for(int block = 0; block < maxBlocks; block++) {
+            const char* status = (nfcv_data->security_status[block] & 0x01) ? "(lck)" : "";
+            for(int pos = 0; pos < nfcv_data->block_size; pos++) {
+                furi_string_cat_printf(
+                    temp_str, " %02X", nfcv_data->data[block * nfcv_data->block_size + pos]);
+            }
+            furi_string_cat_printf(temp_str, " %s\n", status);
+        }
+
+    } else {
+        char iso_type = FURI_BIT(nfc_data->sak, 5) ? '4' : '3';
+        furi_string_cat_printf(temp_str, "ISO 14443-%c (NFC-A)\n", iso_type);
+        furi_string_cat_printf(temp_str, "UID:");
+        for(size_t i = 0; i < nfc_data->uid_len; i++) {
+            furi_string_cat_printf(temp_str, " %02X", nfc_data->uid[i]);
+        }
+        furi_string_cat_printf(
+            temp_str, "\nATQA: %02X %02X ", nfc_data->atqa[1], nfc_data->atqa[0]);
+        furi_string_cat_printf(temp_str, " SAK: %02X", nfc_data->sak);
     }
-    furi_string_cat_printf(temp_str, "\nATQA: %02X %02X ", nfc_data->atqa[1], nfc_data->atqa[0]);
-    furi_string_cat_printf(temp_str, " SAK: %02X", nfc_data->sak);
 
     // Set application specific data
     if(protocol == NfcDeviceProtocolMifareDesfire) {
@@ -139,6 +285,8 @@ bool nfc_scene_nfc_data_info_on_event(void* context, SceneManagerEvent event) {
                 consumed = true;
             } else if(protocol == NfcDeviceProtocolMifareClassic) {
                 scene_manager_next_scene(nfc->scene_manager, NfcSceneMfClassicData);
+            } else if(protocol == NfcDeviceProtocolNfcV) {
+                scene_manager_next_scene(nfc->scene_manager, NfcSceneNfcVMenu);
                 consumed = true;
             }
         }