From e20eca9137a8b50409d57aaafb996fd44371759d Mon Sep 17 00:00:00 2001 From: Kevin Trocolli Date: Fri, 21 Jul 2023 23:44:59 -0400 Subject: [PATCH] bpreader: reader clears init cheks now --- board/bpreader.c | 367 ++++++++++++++++++++++++++++++----------------- board/bpreader.h | 2 + 2 files changed, 236 insertions(+), 133 deletions(-) diff --git a/board/bpreader.c b/board/bpreader.c index cfe24c9..f47b843 100644 --- a/board/bpreader.c +++ b/board/bpreader.c @@ -16,6 +16,8 @@ const uint8_t BPREADER_CMD_GO_NEXT[6] = { 0x00, 0x00, 0xFF, 0x00, 0xFF, 0x00 }; +static bool flg = true; +static bool flg_second_pass = false; static HRESULT bp_handle_irp(struct irp *irp); static HRESULT bp_handle_irp_locked(struct irp *irp); static HRESULT crack_bpreader_request(); @@ -30,6 +32,10 @@ static HRESULT bpreader_generic_cmd(uint32_t resp_code); static HRESULT bpreader_poll_card_cmd(); static HRESULT bpreader_init_cmd(); static HRESULT bpreader_set_output_cmd(); +static HRESULT bpreader_unk_08_cmd(); +static HRESULT bpreader_unk_06_cmd(); +static HRESULT bpreader_unk_0c_cmd(); +static HRESULT bpreader_unk_54_cmd(); static struct bpreader_config *config; static struct uart bp_uart; @@ -110,138 +116,139 @@ static HRESULT bp_handle_irp_locked(struct irp *irp) } else if (irp->op == IRP_OP_READ) { - if (!read_ct) { - //dump_iobuf(&bp_uart.written); - hr = crack_bpreader_request(); - if (!FAILED(hr)) { - bp_uart.written.pos = 0; - return hr; + if (flg) { + if (!read_ct || flg_second_pass) { + hr = crack_bpreader_request(); } - } - switch (bp_uart.written.bytes[3]) { - case 0x02: - if (!read_ct) { - dprintf("Reader: Unknown 0x02\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x05, - 0xFB, 0xD5, 0x0D, 0x00, 0x06, 0x00, 0x18, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } + } else { + switch (bp_uart.written.bytes[3]) { + case 0x02: + if (!read_ct) { + dprintf("Reader: Unknown 0x02\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x05, + 0xFB, 0xD5, 0x0D, 0x00, 0x06, 0x00, 0x18, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + + bp_uart.written.pos = 0; + break; + + case 0x03: + if (!read_ct) { + dprintf("Reader: Unknown 0x03\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, + 0xFE, 0xD5, 0x19, 0x12, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; - bp_uart.written.pos = 0; - break; + case 0x04: + if (!read_ct && bp_uart.written.bytes[6] == 0x0E && last_cmd == 0x04) { + dprintf("Reader: Unknown second 0x04\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, + 0xFE, 0xD5, 0x0F, 0x1C, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + else if (!read_ct) { + dprintf("Reader: Unknown 0x04\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, + 0xFE, 0xD5, 0x33, 0xF8, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; + + case 0x06: + if (!read_ct) { + dprintf("Reader: Unknown 0x06\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, + 0xFE, 0xD5, 0x33, 0xF8, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; + + case 0x05: + if (!read_ct) { + dprintf("Reader: Unknown 0x05\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x03, + 0xFD, 0xD5, 0x09, 0x00, 0x22, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; - case 0x03: - if (!read_ct) { - dprintf("Reader: Unknown 0x03\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, - 0xFE, 0xD5, 0x19, 0x12, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; - - case 0x04: - if (!read_ct && bp_uart.written.bytes[6] == 0x0E && last_cmd == 0x04) { - dprintf("Reader: Unknown second 0x04\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, - 0xFE, 0xD5, 0x0F, 0x1C, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - else if (!read_ct) { - dprintf("Reader: Unknown 0x04\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, - 0xFE, 0xD5, 0x33, 0xF8, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; - - case 0x06: - if (!read_ct) { - dprintf("Reader: Unknown 0x06\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, - 0xFE, 0xD5, 0x33, 0xF8, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; - - case 0x05: - if (!read_ct) { - dprintf("Reader: Unknown 0x05\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x03, - 0xFD, 0xD5, 0x09, 0x00, 0x22, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; + case 0x0E: + if (!read_ct) { + dprintf("Reader: Unknown 0x0E\n"); + uint8_t buff[] = { 0x00, 0x00, 0xff, 0x02, + 0xfe, 0xd5, 0x33, 0xf8, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; + + case 0x12: + if (!read_ct) { + dprintf("Reader: Unknown 0x12\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0a, + 0xf6, 0xd5, 0x07, 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1, 0xaa, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; + + case 0x14: + if (!read_ct) { + dprintf("Reader: Unknown 0x14\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x20, 0xE0, 0xD5, 0xA1, + 0x00, 0x1D, 0x07, // Unknown + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm + 0x00, 0x00, 0x01, // Unknown + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm + 0x00, 0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Unknown + 0x00, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; + + case 0x18: + if (!read_ct) { + dprintf("Reader: Unknown 0x18\n"); + uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0D, + 0xF3, 0xD5, 0x07, 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26, + 0x6A, 0x87, 0xC9, 0x00 }; + hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); + } + bp_uart.written.pos = 0; + break; - case 0x0E: - if (!read_ct) { - dprintf("Reader: Unknown 0x0E\n"); - uint8_t buff[] = { 0x00, 0x00, 0xff, 0x02, - 0xfe, 0xd5, 0x33, 0xf8, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; - - case 0x12: - if (!read_ct) { - dprintf("Reader: Unknown 0x12\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0a, - 0xf6, 0xd5, 0x07, 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1, 0xaa, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; - - case 0x14: - if (!read_ct) { - dprintf("Reader: Unknown 0x14\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x20, 0xE0, 0xD5, 0xA1, - 0x00, 0x1D, 0x07, // Unknown - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm - 0x00, 0x00, 0x01, // Unknown - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm - 0x00, 0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Unknown - 0x00, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; - - case 0x18: - if (!read_ct) { - dprintf("Reader: Unknown 0x18\n"); - uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0D, - 0xF3, 0xD5, 0x07, 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26, - 0x6A, 0x87, 0xC9, 0x00 }; - hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); - } - bp_uart.written.pos = 0; - break; - - default: - dprintf("Reader: Unknown Command %02X\n", last_cmd); - dump_iobuf(&bp_uart.written); - break; - } + default: + dprintf("Reader: Unknown Command %02X\n", last_cmd); + dump_iobuf(&bp_uart.written); + break; + } + } read_ct++; } if (FAILED(hr)) { - dprintf("Reader: HR failed %lX", hr); + dprintf("Reader: HR failed %lX\n", hr); } #if 0 if (irp->op == IRP_OP_READ) { - dprintf("READ:\n"); + dprintf("READABLE:\n"); dump_iobuf(&bp_uart.readable); } #endif - bp_uart.written.pos = 0; // consume the written buffer + if (!flg_second_pass) { + bp_uart.written.pos = 0; // consume the written buffer + } + return hr; } @@ -254,41 +261,39 @@ static HRESULT crack_bpreader_request() { assert(header.padding1_00 == 0); assert(header.padding2_ff == 0xFF); assert(header.d_identifier == 0xD4); - + last_cmd = header.cmd; + switch(header.cmd) { case 0x06: dprintf("Reader: Cmd 0x06\n"); - break; + return bpreader_unk_06_cmd(); case 0x08: dprintf("Reader: Cmd 0x08\n"); - break; + return bpreader_unk_08_cmd(); case 0x12: dprintf("Reader: Cmd 0x12\n"); - break; + return bpreader_generic_cmd(0x13); case 0x18: dprintf("Reader: Initialize\n"); - // return bpreader_init_cmd(); FIXME - break; + return bpreader_init_cmd(); case 0x0C: dprintf("Reader: Cmd 0x0C\n"); - break; + return bpreader_unk_0c_cmd(); case 0x0E: dprintf("Reader: Set Output\n"); return bpreader_generic_cmd(0x0F); - break; case 0x32: dprintf("Reader: Cmd 0x32\n"); - //return bpreader_generic_cmd(0x33); - break; + return bpreader_generic_cmd(0x33); case 0x40: - dprintf("Reader: Read Banapass\n"); // 01 30 00 -> Chip ID; 01 30 01 -> Thing after chip ID; 01 30 02 -> Access Code 01 60 30 -> send key a + dprintf("Reader: Read Banapass\n"); // 01 30 00 -> Chip ID; 01 30 01 -> Thing after chip ID; 01 30 02 -> Access Code; 01 60 30 -> send key a break; case 0x4A: @@ -298,11 +303,20 @@ static HRESULT crack_bpreader_request() { case 0xA0: dprintf("Reader: Read Felica\n"); break; + + case 0x52: + dprintf("Reader: Cmd 0x52\n"); + break; + + case 0x54: + dprintf("Reader: Cmd 0x54\n"); + return bpreader_unk_54_cmd(); default: dprintf("Reader: Unknown command 0x%02x\n", header.cmd); } + dump_iobuf(&bp_uart.written); return (HRESULT)-1; } @@ -327,7 +341,9 @@ static size_t build_bpreader_response( memcpy_s(response, resp_size, resp_header, sizeof(*resp_header)); // Copy header if (len_data > 0) { - memcpy_s(&response[7], resp_size - 7, data, len_data); // copy data if there's any + for (int i = 0; i < len_data; i++) { + response[7+i] = data[i]; + } // copy data if there's any } for (int i = 0; i < full_resp_len; i++) { @@ -369,7 +385,6 @@ static HRESULT bpreader_init_cmd() if (resp_len > 0) { HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); - dump_iobuf(&bp_uart.readable); return hr; } else { @@ -389,7 +404,6 @@ static HRESULT bpreader_set_output_cmd() if (resp_len > 0) { HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); - dump_iobuf(&bp_uart.readable); return hr; } else { @@ -401,7 +415,7 @@ static HRESULT bpreader_set_output_cmd() static HRESULT bpreader_poll_card_cmd() { struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x03, 0xFD, 0xD5, 0x4B }; - struct bpreader_poll_banapass_data data = { 0x00 }; + struct bpreader_poll_banapass_data data = { 0x00 }; uint8_t buff[32] = { 0x00 }; int data_len = 1; size_t resp_len = 0; @@ -423,11 +437,98 @@ static HRESULT bpreader_poll_card_cmd() if (resp_len > 0) { HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); - dump_iobuf(&bp_uart.readable); return hr; } else { dprintf("Reader: No data to return in bpreader_poll_card_cmd!\n"); return E_FAIL; } -} \ No newline at end of file +} + +static HRESULT bpreader_unk_08_cmd() +{ + struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x03, 0xFD, 0xD5, 0x09 }; + uint8_t buff[10] = { 0x00 }; + uint8_t bfr_data[1] = { 0x00 }; + size_t resp_len = 0; + + resp_len = build_bpreader_response(bfr_data, sizeof(bfr_data), &header, buff, sizeof(buff)); + + if (resp_len > 0) { + HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); + return hr; + + } else { + dprintf("Reader: No data to return in bpreader_set_output_cmd!\n"); + return E_FAIL; + } +} + +static HRESULT bpreader_unk_54_cmd() +{ + struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x03, 0xFD, 0xD5, 0x55 }; + uint8_t buff[10] = { 0x00 }; + uint8_t bfr_data[1] = { 0x00 }; + size_t resp_len = 0; + + resp_len = build_bpreader_response(bfr_data, sizeof(bfr_data), &header, buff, sizeof(buff)); + + if (resp_len > 0) { + HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); + return hr; + + } else { + dprintf("Reader: No data to return in bpreader_set_output_cmd!\n"); + return E_FAIL; + } +} + +static HRESULT bpreader_unk_06_cmd() +{ + //uint8_t hdr[] = { 0x00, 0x00, 0xFF, 0x0a, 0xf6, 0xd5, 0x07 } + //uint8_t data[] = { 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1, 0xaa, 0x00 }; + struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x0a, 0xF6, 0xD5, 0x07 }; + uint8_t buff_a[17] = { 0x00 }; + uint8_t buff_b[20] = { 0x00 }; + uint8_t bfr_data_a[8] = { 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1 }; + uint8_t bfr_data_b[11] = { 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26, 0x6A, 0x87 }; + size_t resp_len = 0; + uint8_t sample = bp_uart.written.bytes[8]; + + switch (sample) { + case 0x1c: resp_len = build_bpreader_response(bfr_data_a, sizeof(bfr_data_a), &header, buff_a, sizeof(buff_a)); break; + default: resp_len = build_bpreader_response(bfr_data_b, sizeof(bfr_data_b), &header, buff_b, sizeof(buff_b)); break; + } + + if (resp_len > 0) { + switch (sample) { + case 0x1c: return iobuf_write(&bp_uart.readable, buff_a, sizeof(buff_a)); + default: return iobuf_write(&bp_uart.readable, buff_b, sizeof(buff_b)); + } + + } else { + dprintf("Reader: No data to return in bpreader_set_output_cmd!\n"); + return E_FAIL; + } +} + +static HRESULT bpreader_unk_0c_cmd() +{ + //uint8_t hdr[] = uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x05, 0xFB, 0xD5, 0x0D }; + //uint8_t data[] = { 0x00, 0x06, 0x00, 0x18, 0x00 }; + struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x0a, 0xF6, 0xD5, 0x0D }; + uint8_t buff[12] = { 0x00 }; + uint8_t bfr_data[3] = { 0x00, 0x06, 0x00 }; + size_t resp_len = 0; + + resp_len = build_bpreader_response(bfr_data, sizeof(bfr_data), &header, buff, sizeof(buff)); + + if (resp_len > 0) { + HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); + return hr; + + } else { + dprintf("Reader: No data to return in bpreader_set_output_cmd!\n"); + return E_FAIL; + } +} diff --git a/board/bpreader.h b/board/bpreader.h index a2f36ff..a5db1cd 100644 --- a/board/bpreader.h +++ b/board/bpreader.h @@ -48,6 +48,7 @@ Commands | 0x18 | 0x0D | Unknown | 0x07, 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26, 0x6A, 0x87 | */ +#pragma pack(push, 1) struct bpreader_cmd_header { uint8_t padding0_00; uint8_t padding1_00; @@ -80,3 +81,4 @@ struct bpreader_poll_felica_data { uint8_t pmm[8]; uint8_t system_code[2]; }; +#pragma pack(pop) \ No newline at end of file