Merge pull request #36 from Leptopt1los/dev

NFC Magic update to 1.5

Author: xMasterX

base_pack/nfc_magic/application.fam

@@ -10,7 +10,7 @@ App(
     ],
     stack_size=4 * 1024,
     fap_description="Application for writing to NFC tags with modifiable sector 0",
-    fap_version="1.4",
+    fap_version="1.5",
     fap_icon="assets/Nfc_10px.png",
     fap_category="NFC",
     fap_private_libs=[

base_pack/nfc_magic/lib/magic/protocols/gen4/gen4_poller.c

@@ -1,12 +1,10 @@
-#include "core/log.h"
 #include "gen4_poller_i.h"
+#include "protocols/gen4/gen4_poller.h"
 #include <nfc/protocols/iso14443_3a/iso14443_3a.h>
 #include <nfc/protocols/iso14443_3a/iso14443_3a_poller.h>
 #include <nfc/helpers/nfc_util.h>
 #include <nfc/nfc_poller.h>
 
-#include <furi/furi.h>
-
 #define GEN4_POLLER_THREAD_FLAG_DETECTED (1U << 0)
 
 typedef NfcCommand (*Gen4PollerStateHandler)(Gen4Poller* instance);
@@ -171,12 +169,16 @@ NfcCommand gen4_poller_request_mode_handler(Gen4Poller* instance) {
         instance->state = Gen4PollerStateRequestWriteData;
     } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeSetPassword) {
         instance->state = Gen4PollerStateChangePassword;
-    } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeSetDefaultCFG) {
+    } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeSetDefaultCfg) {
         instance->state = Gen4PollerStateSetDefaultConfig;
-    } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeGetCFG) {
+    } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeGetCfg) {
         instance->state = Gen4PollerStateGetCurrentConfig;
     } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeGetRevision) {
         instance->state = Gen4PollerStateGetRevision;
+    } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeSetShadowMode) {
+        instance->state = Gen4PollerStateSetShadowMode;
+    } else if(instance->gen4_event_data.request_mode.mode == Gen4PollerModeSetDirectWriteBlock0Mode) {
+        instance->state = Gen4PollerStateSetDirectWriteBlock0;
     } else {
         instance->state = Gen4PollerStateFail;
     }
@@ -269,13 +271,13 @@ static NfcCommand gen4_poller_write_mf_classic(Gen4Poller* instance) {
                 break;
             }
 
-            instance->config[6] = Gen4PollerShadowModeIgnore;
+            instance->config[6] = Gen4PollerShadowModeDisabled;
             instance->config[24] = iso3_data->atqa[0];
             instance->config[25] = iso3_data->atqa[1];
             instance->config[26] = iso3_data->sak;
             instance->config[27] = 0x00;
-            instance->config[28] = instance->total_blocks;
-            instance->config[29] = 0x01;
+            instance->config[28] = instance->total_blocks - 1;
+            instance->config[29] = Gen4PollerDirectWriteBlock0ModeDisabled;
 
             Gen4PollerError error = gen4_poller_set_config(
                 instance, instance->password, instance->config, sizeof(instance->config), false);
@@ -348,13 +350,13 @@ static NfcCommand gen4_poller_write_mf_ultralight(Gen4Poller* instance) {
                 break;
             }
 
-            instance->config[6] = Gen4PollerShadowModeHighSpeedIgnore;
+            instance->config[6] = Gen4PollerShadowModeHighSpeedDisabled;
             instance->config[24] = iso3_data->atqa[0];
             instance->config[25] = iso3_data->atqa[1];
             instance->config[26] = iso3_data->sak;
             instance->config[27] = 0x00;
-            instance->config[28] = instance->total_blocks;
-            instance->config[29] = 0x01;
+            instance->config[28] = instance->total_blocks - 1;
+            instance->config[29] = Gen4PollerDirectWriteBlock0ModeDisabled;
 
             Gen4PollerError error = gen4_poller_set_config(
                 instance, instance->password, instance->config, sizeof(instance->config), false);
@@ -534,6 +536,44 @@ NfcCommand gen4_poller_get_revision_handler(Gen4Poller* instance) {
     return command;
 }
 
+NfcCommand gen4_poller_set_shadow_mode_handler(Gen4Poller* instance) {
+    NfcCommand command = NfcCommandContinue;
+
+    do {
+        Gen4PollerError error =
+            gen4_poller_set_shadow_mode(instance, instance->password, instance->shadow_mode);
+
+        if(error != Gen4PollerErrorNone) {
+            FURI_LOG_E(TAG, "Failed to set shadow mode: %d", error);
+            instance->state = Gen4PollerStateFail;
+            break;
+        }
+
+        instance->state = Gen4PollerStateSuccess;
+    } while(false);
+
+    return command;
+}
+
+NfcCommand gen4_poller_set_direct_write_block_0_mode_handler(Gen4Poller* instance) {
+    NfcCommand command = NfcCommandContinue;
+
+    do {
+        Gen4PollerError error = gen4_poller_set_direct_write_block_0_mode(
+            instance, instance->password, instance->direct_write_block_0_mode);
+
+        if(error != Gen4PollerErrorNone) {
+            FURI_LOG_E(TAG, "Failed to set direct write to block 0 mode: %d", error);
+            instance->state = Gen4PollerStateFail;
+            break;
+        }
+
+        instance->state = Gen4PollerStateSuccess;
+    } while(false);
+
+    return command;
+}
+
 NfcCommand gen4_poller_success_handler(Gen4Poller* instance) {
     NfcCommand command = NfcCommandContinue;
 
@@ -568,6 +608,8 @@ static const Gen4PollerStateHandler gen4_poller_state_handlers[Gen4PollerStateNu
     [Gen4PollerStateSetDefaultConfig] = gen4_poller_set_default_cfg_handler,
     [Gen4PollerStateGetCurrentConfig] = gen4_poller_get_current_cfg_handler,
     [Gen4PollerStateGetRevision] = gen4_poller_get_revision_handler,
+    [Gen4PollerStateSetShadowMode] = gen4_poller_set_shadow_mode_handler,
+    [Gen4PollerStateSetDirectWriteBlock0] = gen4_poller_set_direct_write_block_0_mode_handler,
     [Gen4PollerStateSuccess] = gen4_poller_success_handler,
     [Gen4PollerStateFail] = gen4_poller_fail_handler,
 

base_pack/nfc_magic/lib/magic/protocols/gen4/gen4_poller.h

@@ -38,9 +38,11 @@ typedef enum {
     Gen4PollerModeWrite,
     Gen4PollerModeSetPassword,
 
-    Gen4PollerModeSetDefaultCFG,
-    Gen4PollerModeGetCFG,
+    Gen4PollerModeSetDefaultCfg,
+    Gen4PollerModeGetCfg,
     Gen4PollerModeGetRevision,
+    Gen4PollerModeSetShadowMode,
+    Gen4PollerModeSetDirectWriteBlock0Mode
 } Gen4PollerMode;
 
 typedef struct {

base_pack/nfc_magic/lib/magic/protocols/gen4/gen4_poller_i.c

@@ -1,21 +1,26 @@
 #include "gen4_poller_i.h"
 
 #include "bit_buffer.h"
-#include "core/log.h"
+#include "protocols/gen4/gen4_poller.h"
 #include <nfc/protocols/iso14443_3a/iso14443_3a_poller.h>
 #include <nfc/helpers/nfc_util.h>
 
 #define GEN4_CMD_PREFIX (0xCF)
 
+#define GEN4_CMD_SET_SHD_MODE (0x32)
 #define GEN4_CMD_GET_CFG (0xC6)
 #define GEN4_CMD_GET_REVISION (0xCC)
 #define GEN4_CMD_WRITE (0xCD)
 #define GEN4_CMD_READ (0xCE)
+#define GEN4_CMD_SET_DW_BLOCK_0 (0xCF)
 #define GEN4_CMD_SET_CFG (0xF0)
 #define GEN4_CMD_FUSE_CFG (0xF1)
 #define GEN4_CMD_SET_PWD (0xFE)
 
-#define CONFIG_SIZE (32)
+#define GEM4_RESPONSE_SUCCESS (0x02)
+
+#define CONFIG_SIZE_MAX (32)
+#define CONFIG_SIZE_MIN (30)
 #define REVISION_SIZE (5)
 
 static Gen4PollerError gen4_poller_process_error(Iso14443_3aError error) {
@@ -30,6 +35,80 @@ static Gen4PollerError gen4_poller_process_error(Iso14443_3aError error) {
     return ret;
 }
 
+Gen4PollerError gen4_poller_set_shadow_mode(
+    Gen4Poller* instance,
+    uint32_t password,
+    Gen4PollerShadowMode mode) {
+    Gen4PollerError ret = Gen4PollerErrorNone;
+    bit_buffer_reset(instance->tx_buffer);
+
+    do {
+        uint8_t password_arr[4] = {};
+        nfc_util_num2bytes(password, COUNT_OF(password_arr), password_arr);
+        bit_buffer_append_byte(instance->tx_buffer, GEN4_CMD_PREFIX);
+        bit_buffer_append_bytes(instance->tx_buffer, password_arr, COUNT_OF(password_arr));
+        bit_buffer_append_byte(instance->tx_buffer, GEN4_CMD_SET_SHD_MODE);
+        bit_buffer_append_byte(instance->tx_buffer, mode);
+
+        Iso14443_3aError error = iso14443_3a_poller_send_standard_frame(
+            instance->iso3_poller, instance->tx_buffer, instance->rx_buffer, GEN4_POLLER_MAX_FWT);
+
+        if(error != Iso14443_3aErrorNone) {
+            ret = gen4_poller_process_error(error);
+            break;
+        }
+
+        uint16_t response = bit_buffer_get_size_bytes(instance->rx_buffer);
+
+        FURI_LOG_D(TAG, "Card response: 0x%02X, Shadow mode set: 0x%02X", response, mode);
+
+        if(response != GEM4_RESPONSE_SUCCESS) {
+            ret = Gen4PollerErrorProtocol;
+            break;
+        }
+
+    } while(false);
+
+    return ret;
+}
+
+Gen4PollerError gen4_poller_set_direct_write_block_0_mode(
+    Gen4Poller* instance,
+    uint32_t password,
+    Gen4PollerDirectWriteBlock0Mode mode) {
+    Gen4PollerError ret = Gen4PollerErrorNone;
+    bit_buffer_reset(instance->tx_buffer);
+
+    do {
+        uint8_t password_arr[4] = {};
+        nfc_util_num2bytes(password, COUNT_OF(password_arr), password_arr);
+        bit_buffer_append_byte(instance->tx_buffer, GEN4_CMD_PREFIX);
+        bit_buffer_append_bytes(instance->tx_buffer, password_arr, COUNT_OF(password_arr));
+        bit_buffer_append_byte(instance->tx_buffer, GEN4_CMD_SET_DW_BLOCK_0);
+        bit_buffer_append_byte(instance->tx_buffer, mode);
+
+        Iso14443_3aError error = iso14443_3a_poller_send_standard_frame(
+            instance->iso3_poller, instance->tx_buffer, instance->rx_buffer, GEN4_POLLER_MAX_FWT);
+
+        if(error != Iso14443_3aErrorNone) {
+            ret = gen4_poller_process_error(error);
+            break;
+        }
+        uint16_t response = bit_buffer_get_size_bytes(instance->rx_buffer);
+
+        FURI_LOG_D(
+            TAG, "Card response: 0x%02X, Direct write to block 0 mode set: 0x%02X", response, mode);
+
+        if(response != GEM4_RESPONSE_SUCCESS) {
+            ret = Gen4PollerErrorProtocol;
+            break;
+        }
+
+    } while(false);
+
+    return ret;
+}
+
 Gen4PollerError
     gen4_poller_get_config(Gen4Poller* instance, uint32_t password, uint8_t* config_result) {
     Gen4PollerError ret = Gen4PollerErrorNone;
@@ -52,11 +131,11 @@ Gen4PollerError
 
         size_t rx_bytes = bit_buffer_get_size_bytes(instance->rx_buffer);
 
-        if(rx_bytes != CONFIG_SIZE) {
+        if(rx_bytes != CONFIG_SIZE_MAX || rx_bytes != CONFIG_SIZE_MIN) {
             ret = Gen4PollerErrorProtocol;
             break;
         }
-        bit_buffer_write_bytes(instance->rx_buffer, config_result, CONFIG_SIZE);
+        bit_buffer_write_bytes(instance->rx_buffer, config_result, CONFIG_SIZE_MAX);
     } while(false);
 
     return ret;
@@ -83,7 +162,7 @@ Gen4PollerError
         }
 
         size_t rx_bytes = bit_buffer_get_size_bytes(instance->rx_buffer);
-        if(rx_bytes != 5) {
+        if(rx_bytes != REVISION_SIZE) {
             ret = Gen4PollerErrorProtocol;
             break;
         }
@@ -119,8 +198,11 @@ Gen4PollerError gen4_poller_set_config(
             break;
         }
 
-        size_t rx_bytes = bit_buffer_get_size_bytes(instance->rx_buffer);
-        if(rx_bytes != 2) {
+        uint16_t response = bit_buffer_get_size_bytes(instance->rx_buffer);
+
+        FURI_LOG_D(TAG, "Card response to set default config command: 0x%02X", response);
+
+        if(response != GEM4_RESPONSE_SUCCESS) {
             ret = Gen4PollerErrorProtocol;
             break;
         }
@@ -187,8 +269,16 @@ Gen4PollerError
             break;
         }
 
-        size_t rx_bytes = bit_buffer_get_size_bytes(instance->rx_buffer);
-        if(rx_bytes != 2) {
+        uint16_t response = bit_buffer_get_size_bytes(instance->rx_buffer);
+
+        FURI_LOG_D(
+            TAG,
+            "Trying to change password from 0x%08lX to 0x%08lX. Card response: 0x%02X",
+            pwd_current,
+            pwd_new,
+            response);
+
+        if(response != GEM4_RESPONSE_SUCCESS) {
             ret = Gen4PollerErrorProtocol;
             break;
         }

base_pack/nfc_magic/lib/magic/protocols/gen4/gen4_poller_i.h

@@ -36,12 +36,23 @@ typedef enum {
     Gen4PollerShadowModePreWrite = 0x00,
     // written data can be read once before restored to original
     Gen4PollerShadowModeRestore = 0x01,
-    // written data is discarded
-    Gen4PollerShadowModeIgnore = 0x02,
+    // shadow mode disabled
+    Gen4PollerShadowModeDisabled = 0x02,
     // apparently for UL?
-    Gen4PollerShadowModeHighSpeedIgnore = 0x03
+    Gen4PollerShadowModeHighSpeedDisabled = 0x03,
+    // work with new UMC. With old UMC is untested
+    Gen4PollerShadowModeSplit = 0x04,
 } Gen4PollerShadowMode;
 
+typedef enum {
+    // gen2 card behavour
+    Gen4PollerDirectWriteBlock0ModeEnabled = 0x00,
+    // common card behavour
+    Gen4PollerDirectWriteBlock0ModeDisabled = 0x01,
+    // default mode. same behavour as Gen4PollerDirectWriteBlock0ModeActivate
+    Gen4PollerDirectWriteBlock0ModeDefault = 0x02,
+} Gen4PollerDirectWriteBlock0Mode;
+
 typedef enum {
     Gen4PollerStateIdle,
     Gen4PollerStateRequestMode,
@@ -53,6 +64,8 @@ typedef enum {
     Gen4PollerStateSetDefaultConfig,
     Gen4PollerStateGetCurrentConfig,
     Gen4PollerStateGetRevision,
+    Gen4PollerStateSetShadowMode,
+    Gen4PollerStateSetDirectWriteBlock0,
 
     Gen4PollerStateSuccess,
     Gen4PollerStateFail,
@@ -78,6 +91,9 @@ struct Gen4Poller {
 
     uint8_t config[GEN4_POLLER_CONFIG_SIZE_MAX];
 
+    Gen4PollerShadowMode shadow_mode;
+    Gen4PollerDirectWriteBlock0Mode direct_write_block_0_mode;
+
     Gen4PollerEvent gen4_event;
     Gen4PollerEventData gen4_event_data;
 
@@ -107,6 +123,14 @@ Gen4PollerError
 Gen4PollerError
     gen4_poller_get_config(Gen4Poller* instance, uint32_t password, uint8_t* config_result);
 
+Gen4PollerError
+    gen4_poller_set_shadow_mode(Gen4Poller* instance, uint32_t password, Gen4PollerShadowMode mode);
+
+Gen4PollerError gen4_poller_set_direct_write_block_0_mode(
+    Gen4Poller* instance,
+    uint32_t password,
+    Gen4PollerDirectWriteBlock0Mode mode);
+
 #ifdef __cplusplus
 }
 #endif

base_pack/nfc_magic/scenes/nfc_magic_scene_config.h

@@ -5,11 +5,15 @@ ADD_SCENE(nfc_magic, magic_info, MagicInfo)
 ADD_SCENE(nfc_magic, gen1_menu, Gen1Menu)
 ADD_SCENE(nfc_magic, gen4_menu, Gen4Menu)
 ADD_SCENE(nfc_magic, gen4_actions_menu, Gen4ActionsMenu)
-ADD_SCENE(nfc_magic, gen4_get_cfg, Gen4GetCFG)
-ADD_SCENE(nfc_magic, gen4_set_cfg, Gen4SetCFG)
+ADD_SCENE(nfc_magic, gen4_get_cfg, Gen4GetCfg)
+ADD_SCENE(nfc_magic, gen4_set_cfg, Gen4SetCfg)
 ADD_SCENE(nfc_magic, gen4_revision, Gen4Revision)
 ADD_SCENE(nfc_magic, gen4_show_rev, Gen4ShowRev)
-ADD_SCENE(nfc_magic, gen4_show_cfg, Gen4ShowCFG)
+ADD_SCENE(nfc_magic, gen4_show_cfg, Gen4ShowCfg)
+ADD_SCENE(nfc_magic, gen4_select_shd_mode, Gen4SelectShdMode)
+ADD_SCENE(nfc_magic, gen4_set_shd_mode, Gen4SetShdMode)
+ADD_SCENE(nfc_magic, gen4_select_direct_write_block_0_mode, Gen4SelectDirectWriteBlock0Mode)
+ADD_SCENE(nfc_magic, gen4_set_direct_write_block_0_mode, Gen4SetDirectWriteBlock0Mode)
 ADD_SCENE(nfc_magic, gen4_fail, Gen4Fail)
 ADD_SCENE(nfc_magic, wipe, Wipe)
 ADD_SCENE(nfc_magic, wipe_fail, WipeFail)