visus
/
framework-arduinoteensy-cxx20
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
PlatformIO package of the Teensy core framework compatible with GCC 10 & C++20
5 커밋
1 브렌치
브렌치: main
framework-arduinoteensy-cxx20/libraries/MFRC522/src/MFRC522Hack.cpp

MFRC522Hack.cpp 6.4KB
Raw 고유링크 Normal View 히스토리

initial commit
4 년 전
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203 
  1. #include "MFRC522Hack.h"

  2. 

  3. /**

  4.  * Performs the "magic sequence" needed to get Chinese UID changeable

  5.  * Mifare cards to allow writing to sector 0, where the card UID is stored.

  6.  *

  7.  * Note that you do not need to have selected the card through REQA or WUPA,

  8.  * this sequence works immediately when the card is in the reader vicinity.

  9.  * This means you can use this method even on "bricked" cards that your reader does

  10.  * not recognise anymore (see MFRC522Hack::MIFARE_UnbrickUidSector).

  11.  * 

  12.  * Of course with non-bricked devices, you're free to select them before calling this function.

  13.  */

  14. bool MFRC522Hack::MIFARE_OpenUidBackdoor(const bool logErrors) const {

  15. 	// Magic sequence:

  16. 	// > 50 00 57 CD (HALT + CRC)

  17. 	// > 40 (7 bits only)

  18. 	// < A (4 bits only)

  19. 	// > 43

  20. 	// < A (4 bits only)

  21. 	// Then you can write to sector 0 without authenticating

  22. 	

  23. 	_device->PICC_HaltA(); // 50 00 57 CD

  24. 	

  25. 	byte cmd = 0x40;

  26. 	byte validBits = 7; /* Our command is only 7 bits. After receiving card response,

  27. 						  this will contain amount of valid response bits. */

  28. 	byte response[32]; // Card's response is written here

  29. 	byte received;

  30. 	MFRC522::StatusCode status = _device->PCD_TransceiveData(&cmd, (byte) 1, response, &received, &validBits, (byte) 0,

  31. 														 false); // 40

  32. 	if (status != MFRC522::STATUS_OK) {

  33. 		if (logErrors) {

  34. 			Serial.println(

  35. 					F("Card did not respond to 0x40 after HALT command. Are you sure it is a UID changeable one?"));

  36. 			Serial.print(F("Error name: "));

  37. 			Serial.println(MFRC522Debug::GetStatusCodeName(status));

  38. 		}

  39. 		return false;

  40. 	}

  41. 	if (received != 1 || response[0] != 0x0A) {

  42. 		if (logErrors) {

  43. 			Serial.print(F("Got bad response on backdoor 0x40 command: "));

  44. 			Serial.print(response[0], HEX);

  45. 			Serial.print(F(" ("));

  46. 			Serial.print(validBits);

  47. 			Serial.print(F(" valid bits)\r\n"));

  48. 		}

  49. 		return false;

  50. 	}

  51. 	

  52. 	cmd = 0x43;

  53. 	validBits = 8;

  54. 	status = _device->PCD_TransceiveData(&cmd, (byte) 1, response, &received, &validBits, (byte) 0, false); // 43

  55. 	if (status != MFRC522::STATUS_OK) {

  56. 		if (logErrors) {

  57. 			Serial.println(F("Error in communication at command 0x43, after successfully executing 0x40"));

  58. 			Serial.print(F("Error name: "));

  59. 			Serial.println(MFRC522Debug::GetStatusCodeName(status));

  60. 		}

  61. 		return false;

  62. 	}

  63. 	if (received != 1 || response[0] != 0x0A) {

  64. 		if (logErrors) {

  65. 			Serial.print(F("Got bad response on backdoor 0x43 command: "));

  66. 			Serial.print(response[0], HEX);

  67. 			Serial.print(F(" ("));

  68. 			Serial.print(validBits);

  69. 			Serial.print(F(" valid bits)\r\n"));

  70. 		}

  71. 		return false;

  72. 	}

  73. 	

  74. 	// You can now write to sector 0 without authenticating!

  75. 	return true;

  76. } // End MIFARE_OpenUidBackdoor()

  77. 

  78. /**

  79.  * Reads entire block 0, including all manufacturer data, and overwrites

  80.  * that block with the new UID, a freshly calculated BCC, and the original

  81.  * manufacturer data.

  82.  *

  83.  * It assumes a default KEY A of 0xFFFFFFFFFFFF.

  84.  * Make sure to have selected the card before this function is called.

  85.  */

  86. bool MFRC522Hack::MIFARE_SetUid(const byte *newUid, const byte uidSize, const bool logErrors) const {

  87. 	

  88. 	// UID + BCC byte can not be larger than 16 together

  89. 	if (!newUid || !uidSize || uidSize > 15) {

  90. 		if (logErrors) {

  91. 			Serial.println(F("New UID buffer empty, size 0, or size > 15 given"));

  92. 		}

  93. 		return false;

  94. 	}

  95. 	

  96. 	// Authenticate for reading

  97. 	MFRC522::MIFARE_Key key = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};

  98. 	MFRC522::StatusCode status = _device->PCD_Authenticate(MFRC522::PICC_CMD_MF_AUTH_KEY_A, (byte) 1, &key, &(_device->uid));

  99. 	if (status != MFRC522::STATUS_OK) {

  100. 		

  101. 		if (status == MFRC522::STATUS_TIMEOUT) {

  102. 			// We get a read timeout if no card is selected yet, so let's select one

  103. 			

  104. 			// Wake the card up again if sleeping

  105. //			  byte atqa_answer[2];

  106. //			  byte atqa_size = 2;

  107. //			  PICC_WakeupA(atqa_answer, &atqa_size);

  108. 			

  109. 			if (!_device->PICC_IsNewCardPresent() || !_device->PICC_ReadCardSerial()) {

  110. 				Serial.println(F("No card was previously selected, and none are available. Failed to set UID."));

  111. 				return false;

  112. 			}

  113. 			

  114. 			status = _device->PCD_Authenticate(MFRC522::PICC_CMD_MF_AUTH_KEY_A, (byte) 1, &key, &(_device->uid));

  115. 			if (status != MFRC522::STATUS_OK) {

  116. 				// We tried, time to give up

  117. 				if (logErrors) {

  118. 					Serial.println(F("Failed to authenticate to card for reading, could not set UID: "));

  119. 					Serial.println(MFRC522Debug::GetStatusCodeName(status));

  120. 				}

  121. 				return false;

  122. 			}

  123. 		} else {

  124. 			if (logErrors) {

  125. 				Serial.print(F("PCD_Authenticate() failed: "));

  126. 				Serial.println(MFRC522Debug::GetStatusCodeName(status));

  127. 			}

  128. 			return false;

  129. 		}

  130. 	}

  131. 	

  132. 	// Read block 0

  133. 	byte block0_buffer[18];

  134. 	byte byteCount = sizeof(block0_buffer);

  135. 	status = _device->MIFARE_Read((byte) 0, block0_buffer, &byteCount);

  136. 	if (status != MFRC522::STATUS_OK) {

  137. 		if (logErrors) {

  138. 			Serial.print(F("MIFARE_Read() failed: "));

  139. 			Serial.println(MFRC522Debug::GetStatusCodeName(status));

  140. 			Serial.println(F("Are you sure your KEY A for sector 0 is 0xFFFFFFFFFFFF?"));

  141. 		}

  142. 		return false;

  143. 	}

  144. 	

  145. 	// Write new UID to the data we just read, and calculate BCC byte

  146. 	byte bcc = 0;

  147. 	for (uint8_t i = 0; i < uidSize; i++) {

  148. 		block0_buffer[i] = newUid[i];

  149. 		bcc ^= newUid[i];

  150. 	}

  151. 	

  152. 	// Write BCC byte to buffer

  153. 	block0_buffer[uidSize] = bcc;

  154. 	

  155. 	// Stop encrypted traffic so we can send raw bytes

  156. 	_device->PCD_StopCrypto1();

  157. 	

  158. 	// Activate UID backdoor

  159. 	if (!MIFARE_OpenUidBackdoor(logErrors)) {

  160. 		if (logErrors) {

  161. 			Serial.println(F("Activating the UID backdoor failed."));

  162. 		}

  163. 		return false;

  164. 	}

  165. 	

  166. 	// Write modified block 0 back to card

  167. 	status = _device->MIFARE_Write((byte) 0, block0_buffer, (byte) 16);

  168. 	if (status != MFRC522::STATUS_OK) {

  169. 		if (logErrors) {

  170. 			Serial.print(F("MIFARE_Write() failed: "));

  171. 			Serial.println(MFRC522Debug::GetStatusCodeName(status));

  172. 		}

  173. 		return false;

  174. 	}

  175. 	

  176. 	// Wake the card up again

  177. 	byte atqa_answer[2];

  178. 	byte atqa_size = 2;

  179. 	_device->PICC_WakeupA(atqa_answer, &atqa_size);

  180. 	

  181. 	return true;

  182. }

  183. 

  184. /**

  185.  * Resets entire sector 0 to zeroes, so the card can be read again by readers.

  186.  */

  187. bool MFRC522Hack::MIFARE_UnbrickUidSector(const bool logErrors) const {

  188. 	MIFARE_OpenUidBackdoor(logErrors);

  189. 	

  190. 	byte block0_buffer[] = {0x01, 0x02, 0x03, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

  191. 							0x00};

  192. 	

  193. 	// Write modified block 0 back to card

  194. 	MFRC522::StatusCode status = _device->MIFARE_Write((byte) 0, block0_buffer, (byte) 16);

  195. 	if (status != MFRC522::STATUS_OK) {

  196. 		if (logErrors) {

  197. 			Serial.print(F("MIFARE_Write() failed: "));

  198. 			Serial.println(MFRC522Debug::GetStatusCodeName(status));

  199. 		}

  200. 		return false;

  201. 	}

  202. 	return true;

  203. }