Hay1tsme
/
bananatools
3
3
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

bpreader: reader clears init cheks now

This commit is contained in:
Hay1tsme 2023-07-21 23:44:59 -04:00
parent 69d7b74d95
commit e20eca9137
2 changed files with 236 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

367
board/bpreader.c
View File

@ -16,6 +16,8 @@
const uint8_t BPREADER_CMD_GO_NEXT[6] = { 0x00, 0x00, 0xFF, 0x00, 0xFF, 0x00 }; const uint8_t BPREADER_CMD_GO_NEXT[6] = { 0x00, 0x00, 0xFF, 0x00, 0xFF, 0x00 };
static bool flg = true;
static bool flg_second_pass = false;
static HRESULT bp_handle_irp(struct irp *irp); static HRESULT bp_handle_irp(struct irp *irp);
static HRESULT bp_handle_irp_locked(struct irp *irp); static HRESULT bp_handle_irp_locked(struct irp *irp);
static HRESULT crack_bpreader_request(); static HRESULT crack_bpreader_request();
@ -30,6 +32,10 @@ static HRESULT bpreader_generic_cmd(uint32_t resp_code);
static HRESULT bpreader_poll_card_cmd(); static HRESULT bpreader_poll_card_cmd();
static HRESULT bpreader_init_cmd(); static HRESULT bpreader_init_cmd();
static HRESULT bpreader_set_output_cmd(); static HRESULT bpreader_set_output_cmd();
static HRESULT bpreader_unk_08_cmd();
static HRESULT bpreader_unk_06_cmd();
static HRESULT bpreader_unk_0c_cmd();
static HRESULT bpreader_unk_54_cmd();
static struct bpreader_config *config; static struct bpreader_config *config;
static struct uart bp_uart; static struct uart bp_uart;
@ -110,138 +116,139 @@ static HRESULT bp_handle_irp_locked(struct irp *irp)
} }
else if (irp->op == IRP_OP_READ) { else if (irp->op == IRP_OP_READ) {
if (!read_ct) { if (flg) {
//dump_iobuf(&bp_uart.written); if (!read_ct || flg_second_pass) {
hr = crack_bpreader_request(); hr = crack_bpreader_request();
if (!FAILED(hr)) {
bp_uart.written.pos = 0;
return hr;
} }
} } else {
switch (bp_uart.written.bytes[3]) { switch (bp_uart.written.bytes[3]) {
case 0x02: case 0x02:
if (!read_ct) { if (!read_ct) {
dprintf("Reader: Unknown 0x02\n"); dprintf("Reader: Unknown 0x02\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x05, uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x05,
0xFB, 0xD5, 0x0D, 0x00, 0x06, 0x00, 0x18, 0x00 }; 0xFB, 0xD5, 0x0D, 0x00, 0x06, 0x00, 0x18, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
} }
bp_uart.written.pos = 0;
break;
case 0x03:
if (!read_ct) {
dprintf("Reader: Unknown 0x03\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02,
0xFE, 0xD5, 0x19, 0x12, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
bp_uart.written.pos = 0;
break;
bp_uart.written.pos = 0; case 0x04:
break; if (!read_ct && bp_uart.written.bytes[6] == 0x0E && last_cmd == 0x04) {
dprintf("Reader: Unknown second 0x04\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02,
0xFE, 0xD5, 0x0F, 0x1C, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
else if (!read_ct) {
dprintf("Reader: Unknown 0x04\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02,
0xFE, 0xD5, 0x33, 0xF8, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
bp_uart.written.pos = 0;
break;
case 0x06:
if (!read_ct) {
dprintf("Reader: Unknown 0x06\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02,
0xFE, 0xD5, 0x33, 0xF8, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
bp_uart.written.pos = 0;
break;
case 0x05:
if (!read_ct) {
dprintf("Reader: Unknown 0x05\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x03,
0xFD, 0xD5, 0x09, 0x00, 0x22, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
bp_uart.written.pos = 0;
break;
case 0x03: case 0x0E:
if (!read_ct) { if (!read_ct) {
dprintf("Reader: Unknown 0x03\n"); dprintf("Reader: Unknown 0x0E\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, uint8_t buff[] = { 0x00, 0x00, 0xff, 0x02,
0xFE, 0xD5, 0x19, 0x12, 0x00 }; 0xfe, 0xd5, 0x33, 0xf8, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
} }
bp_uart.written.pos = 0; bp_uart.written.pos = 0;
break; break;
case 0x04: case 0x12:
if (!read_ct && bp_uart.written.bytes[6] == 0x0E && last_cmd == 0x04) { if (!read_ct) {
dprintf("Reader: Unknown second 0x04\n"); dprintf("Reader: Unknown 0x12\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0a,
0xFE, 0xD5, 0x0F, 0x1C, 0x00 }; 0xf6, 0xd5, 0x07, 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1, 0xaa, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
} }
else if (!read_ct) { bp_uart.written.pos = 0;
dprintf("Reader: Unknown 0x04\n"); break;
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02,
0xFE, 0xD5, 0x33, 0xF8, 0x00 }; case 0x14:
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); if (!read_ct) {
} dprintf("Reader: Unknown 0x14\n");
bp_uart.written.pos = 0; uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x20, 0xE0, 0xD5, 0xA1,
break; 0x00, 0x1D, 0x07, // Unknown
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm
case 0x06: 0x00, 0x00, 0x01, // Unknown
if (!read_ct) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm
dprintf("Reader: Unknown 0x06\n"); 0x00, 0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Unknown
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x02, 0x00, 0x00 };
0xFE, 0xD5, 0x33, 0xF8, 0x00 }; hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); }
} bp_uart.written.pos = 0;
bp_uart.written.pos = 0; break;
break;
case 0x18:
case 0x05: if (!read_ct) {
if (!read_ct) { dprintf("Reader: Unknown 0x18\n");
dprintf("Reader: Unknown 0x05\n"); uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0D,
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x03, 0xF3, 0xD5, 0x07, 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26,
0xFD, 0xD5, 0x09, 0x00, 0x22, 0x00 }; 0x6A, 0x87, 0xC9, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
} }
bp_uart.written.pos = 0; bp_uart.written.pos = 0;
break; break;
case 0x0E: default:
if (!read_ct) { dprintf("Reader: Unknown Command %02X\n", last_cmd);
dprintf("Reader: Unknown 0x0E\n"); dump_iobuf(&bp_uart.written);
uint8_t buff[] = { 0x00, 0x00, 0xff, 0x02, break;
0xfe, 0xd5, 0x33, 0xf8, 0x00 }; }
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff)); }
}
bp_uart.written.pos = 0;
break;
case 0x12:
if (!read_ct) {
dprintf("Reader: Unknown 0x12\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0a,
0xf6, 0xd5, 0x07, 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1, 0xaa, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
bp_uart.written.pos = 0;
break;
case 0x14:
if (!read_ct) {
dprintf("Reader: Unknown 0x14\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x20, 0xE0, 0xD5, 0xA1,
0x00, 0x1D, 0x07, // Unknown
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm
0x00, 0x00, 0x01, // Unknown
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // IDm
0x00, 0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // Unknown
0x00, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
bp_uart.written.pos = 0;
break;
case 0x18:
if (!read_ct) {
dprintf("Reader: Unknown 0x18\n");
uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x0D,
0xF3, 0xD5, 0x07, 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26,
0x6A, 0x87, 0xC9, 0x00 };
hr = iobuf_write(&bp_uart.readable, buff, sizeof(buff));
}
bp_uart.written.pos = 0;
break;
default:
dprintf("Reader: Unknown Command %02X\n", last_cmd);
dump_iobuf(&bp_uart.written);
break;
}
read_ct++; read_ct++;
} }
if (FAILED(hr)) { if (FAILED(hr)) {
dprintf("Reader: HR failed %lX", hr); dprintf("Reader: HR failed %lX\n", hr);
} }
#if 0 #if 0
if (irp->op == IRP_OP_READ) { if (irp->op == IRP_OP_READ) {
dprintf("READ:\n"); dprintf("READABLE:\n");
dump_iobuf(&bp_uart.readable); dump_iobuf(&bp_uart.readable);
} }
#endif #endif
bp_uart.written.pos = 0; // consume the written buffer if (!flg_second_pass) {
bp_uart.written.pos = 0; // consume the written buffer
}
return hr; return hr;
} }
@ -254,41 +261,39 @@ static HRESULT crack_bpreader_request() {
assert(header.padding1_00 == 0); assert(header.padding1_00 == 0);
assert(header.padding2_ff == 0xFF); assert(header.padding2_ff == 0xFF);
assert(header.d_identifier == 0xD4); assert(header.d_identifier == 0xD4);
last_cmd = header.cmd;
switch(header.cmd) { switch(header.cmd) {
case 0x06: case 0x06:
dprintf("Reader: Cmd 0x06\n"); dprintf("Reader: Cmd 0x06\n");
break; return bpreader_unk_06_cmd();
case 0x08: case 0x08:
dprintf("Reader: Cmd 0x08\n"); dprintf("Reader: Cmd 0x08\n");
break; return bpreader_unk_08_cmd();
case 0x12: case 0x12:
dprintf("Reader: Cmd 0x12\n"); dprintf("Reader: Cmd 0x12\n");
break; return bpreader_generic_cmd(0x13);
case 0x18: case 0x18:
dprintf("Reader: Initialize\n"); dprintf("Reader: Initialize\n");
// return bpreader_init_cmd(); FIXME return bpreader_init_cmd();
break;
case 0x0C: case 0x0C:
dprintf("Reader: Cmd 0x0C\n"); dprintf("Reader: Cmd 0x0C\n");
break; return bpreader_unk_0c_cmd();
case 0x0E: case 0x0E:
dprintf("Reader: Set Output\n"); dprintf("Reader: Set Output\n");
return bpreader_generic_cmd(0x0F); return bpreader_generic_cmd(0x0F);
break;
case 0x32: case 0x32:
dprintf("Reader: Cmd 0x32\n"); dprintf("Reader: Cmd 0x32\n");
//return bpreader_generic_cmd(0x33); return bpreader_generic_cmd(0x33);
break;
case 0x40: case 0x40:
dprintf("Reader: Read Banapass\n"); // 01 30 00 -> Chip ID; 01 30 01 -> Thing after chip ID; 01 30 02 -> Access Code 01 60 30 -> send key a dprintf("Reader: Read Banapass\n"); // 01 30 00 -> Chip ID; 01 30 01 -> Thing after chip ID; 01 30 02 -> Access Code; 01 60 30 -> send key a
break; break;
case 0x4A: case 0x4A:
@ -298,11 +303,20 @@ static HRESULT crack_bpreader_request() {
case 0xA0: case 0xA0:
dprintf("Reader: Read Felica\n"); dprintf("Reader: Read Felica\n");
break; break;
case 0x52:
dprintf("Reader: Cmd 0x52\n");
break;
case 0x54:
dprintf("Reader: Cmd 0x54\n");
return bpreader_unk_54_cmd();
default: default:
dprintf("Reader: Unknown command 0x%02x\n", header.cmd); dprintf("Reader: Unknown command 0x%02x\n", header.cmd);
} }
dump_iobuf(&bp_uart.written);
return (HRESULT)-1; return (HRESULT)-1;
} }
@ -327,7 +341,9 @@ static size_t build_bpreader_response(
memcpy_s(response, resp_size, resp_header, sizeof(*resp_header)); // Copy header memcpy_s(response, resp_size, resp_header, sizeof(*resp_header)); // Copy header
if (len_data > 0) { if (len_data > 0) {
memcpy_s(&response[7], resp_size - 7, data, len_data); // copy data if there's any for (int i = 0; i < len_data; i++) {
response[7+i] = data[i];
} // copy data if there's any
} }
for (int i = 0; i < full_resp_len; i++) { for (int i = 0; i < full_resp_len; i++) {
@ -369,7 +385,6 @@ static HRESULT bpreader_init_cmd()
if (resp_len > 0) { if (resp_len > 0) {
HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len);
dump_iobuf(&bp_uart.readable);
return hr; return hr;
} else { } else {
@ -389,7 +404,6 @@ static HRESULT bpreader_set_output_cmd()
if (resp_len > 0) { if (resp_len > 0) {
HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len);
dump_iobuf(&bp_uart.readable);
return hr; return hr;
} else { } else {
@ -401,7 +415,7 @@ static HRESULT bpreader_set_output_cmd()
static HRESULT bpreader_poll_card_cmd() static HRESULT bpreader_poll_card_cmd()
{ {
struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x03, 0xFD, 0xD5, 0x4B }; struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x03, 0xFD, 0xD5, 0x4B };
struct bpreader_poll_banapass_data data = { 0x00 }; struct bpreader_poll_banapass_data data = { 0x00 };
uint8_t buff[32] = { 0x00 }; uint8_t buff[32] = { 0x00 };
int data_len = 1; int data_len = 1;
size_t resp_len = 0; size_t resp_len = 0;
@ -423,11 +437,98 @@ static HRESULT bpreader_poll_card_cmd()
if (resp_len > 0) { if (resp_len > 0) {
HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len); HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len);
dump_iobuf(&bp_uart.readable);
return hr; return hr;
} else { } else {
dprintf("Reader: No data to return in bpreader_poll_card_cmd!\n"); dprintf("Reader: No data to return in bpreader_poll_card_cmd!\n");
return E_FAIL; return E_FAIL;
} }
} }
static HRESULT bpreader_unk_08_cmd()
{
struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x03, 0xFD, 0xD5, 0x09 };
uint8_t buff[10] = { 0x00 };
uint8_t bfr_data[1] = { 0x00 };
size_t resp_len = 0;
resp_len = build_bpreader_response(bfr_data, sizeof(bfr_data), &header, buff, sizeof(buff));
if (resp_len > 0) {
HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len);
return hr;
} else {
dprintf("Reader: No data to return in bpreader_set_output_cmd!\n");
return E_FAIL;
}
}
static HRESULT bpreader_unk_54_cmd()
{
struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x03, 0xFD, 0xD5, 0x55 };
uint8_t buff[10] = { 0x00 };
uint8_t bfr_data[1] = { 0x00 };
size_t resp_len = 0;
resp_len = build_bpreader_response(bfr_data, sizeof(bfr_data), &header, buff, sizeof(buff));
if (resp_len > 0) {
HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len);
return hr;
} else {
dprintf("Reader: No data to return in bpreader_set_output_cmd!\n");
return E_FAIL;
}
}
static HRESULT bpreader_unk_06_cmd()
{
//uint8_t hdr[] = { 0x00, 0x00, 0xFF, 0x0a, 0xf6, 0xd5, 0x07 }
//uint8_t data[] = { 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1, 0xaa, 0x00 };
struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x0a, 0xF6, 0xD5, 0x07 };
uint8_t buff_a[17] = { 0x00 };
uint8_t buff_b[20] = { 0x00 };
uint8_t bfr_data_a[8] = { 0xff, 0x3f, 0x0e, 0xf1, 0xff, 0x3f, 0x0e, 0xf1 };
uint8_t bfr_data_b[11] = { 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26, 0x6A, 0x87 };
size_t resp_len = 0;
uint8_t sample = bp_uart.written.bytes[8];
switch (sample) {
case 0x1c: resp_len = build_bpreader_response(bfr_data_a, sizeof(bfr_data_a), &header, buff_a, sizeof(buff_a)); break;
default: resp_len = build_bpreader_response(bfr_data_b, sizeof(bfr_data_b), &header, buff_b, sizeof(buff_b)); break;
}
if (resp_len > 0) {
switch (sample) {
case 0x1c: return iobuf_write(&bp_uart.readable, buff_a, sizeof(buff_a));
default: return iobuf_write(&bp_uart.readable, buff_b, sizeof(buff_b));
}
} else {
dprintf("Reader: No data to return in bpreader_set_output_cmd!\n");
return E_FAIL;
}
}
static HRESULT bpreader_unk_0c_cmd()
{
//uint8_t hdr[] = uint8_t buff[] = { 0x00, 0x00, 0xFF, 0x05, 0xFB, 0xD5, 0x0D };
//uint8_t data[] = { 0x00, 0x06, 0x00, 0x18, 0x00 };
struct bpreader_cmd_header header = { 0x00, 0x00, 0xFF, 0x0a, 0xF6, 0xD5, 0x0D };
uint8_t buff[12] = { 0x00 };
uint8_t bfr_data[3] = { 0x00, 0x06, 0x00 };
size_t resp_len = 0;
resp_len = build_bpreader_response(bfr_data, sizeof(bfr_data), &header, buff, sizeof(buff));
if (resp_len > 0) {
HRESULT hr = iobuf_write(&bp_uart.readable, buff, resp_len);
return hr;
} else {
dprintf("Reader: No data to return in bpreader_set_output_cmd!\n");
return E_FAIL;
}
}

2
board/bpreader.h
View File

@ -48,6 +48,7 @@ Commands
| 0x18 | 0x0D | Unknown | 0x07, 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26, 0x6A, 0x87 | | 0x18 | 0x0D | Unknown | 0x07, 0xDC, 0xF4, 0x3F, 0x11, 0x4D, 0x85, 0x61, 0xF1, 0x26, 0x6A, 0x87 |
*/ */
#pragma pack(push, 1)
struct bpreader_cmd_header { struct bpreader_cmd_header {
uint8_t padding0_00; uint8_t padding0_00;
uint8_t padding1_00; uint8_t padding1_00;
@ -80,3 +81,4 @@ struct bpreader_poll_felica_data {
uint8_t pmm[8]; uint8_t pmm[8];
uint8_t system_code[2]; uint8_t system_code[2];
}; };
#pragma pack(pop)