flipperdevices / flipperzero-firmware

Flipper Zero firmware source code
https://flipperzero.one
GNU General Public License v3.0
12.79k stars 2.72k forks source link

Slix-L unlocking support is gone on firmware after NFC refactoring #3328

Closed d4g closed 6 months ago

d4g commented 10 months ago

Describe the bug.

As mentioned, the Slix-L unlocking support from #2316 is gone. It probably needs to be refactored or reimplemented @g3gg0 . After watching your talk at 37c3 I found out that the merged pull request mentioned now is gone again.

Reproduction

  1. Try to find the Slix-L unlocking function in NFC Menu
  2. Don't find it ;)

Target

No response

Logs

No response

Anything else?

No response

gornekich commented 10 months ago

Working on it

bluenazgul commented 9 months ago

Anyone Progress? This is an Feature for me that keeps me away from updating tona newer Release as the october 2023 FW iam running atm

gornekich commented 9 months ago

Sorry for delay. Should be ready on next week.

nortakales commented 9 months ago

I stumbled across this issue after getting my Flipper Zero a few weeks ago, and trying to read/emulate my kid's Tonies figures. I'm hoping once this issue is resolved it will be working in the next firmware release. I didn't try the earlier release that had this feature as I didn't have my Flipper back then. If it does work I'll get a repo started with scanned Tonies figures, and hopefully others can contribute too for the benefit of all our kids.

kurazli commented 9 months ago

I stumbled across this issue after getting my Flipper Zero a few weeks ago, and trying to read/emulate my kid's Tonies figures. I'm hoping once this issue is resolved it will be working in the next firmware release. I didn't try the earlier release that had this feature as I didn't have my Flipper back then. If it does work I'll get a repo started with scanned Tonies figures, and hopefully others can contribute too for the benefit of all our kids.

you can just use an older firmware version, like unleashed 65, until it will be back in a newer version.

gornekich commented 9 months ago

Could you please test the PR #3425 and let me know if you have any problems with unlocking SLIX-L

nortakales commented 9 months ago

I was able to unlock and read some Tonies figures, and emulate them to the box successfully!

nortakales commented 9 months ago

Just encountered a crash that required a hard reboot while reading one of the figures. Let me see if I can reproduce...

nortakales commented 9 months ago

Could not reproduce the crash after reading 9 figures that I have. 🤷‍♂️

I am not very familiar with how these figures or SLIX-L work, but it seems like in order for the Tonies box to work with the Flipper's emulation, you need to place the figure back on the box again (after unlocking/reading with the Flipper) and only then will the Flipper's emulation work. Would be interesting to share some of these .nfc files and see if they work for anyone who doesn't own the corresponding figure. I'll put them in a git repo shortly.

Edit: I turned the box off and back on again, and the Flipper Zero's emulation does NOT work until the authentic figure was placed on the box at least once while it was on.

nortakales commented 9 months ago

The files for the 9 figures I have are here: https://github.com/nortakales/flipper-zero-tonies

They all emulate correctly on my box after placing the authentic figure on the box at least once while it is on. Yet to see if a real figure is necessary at first, or if these files will work for anyone. Once the box is off and on again the Flipper's emulation doesn't work until the corresponding figure is placed on the box first.

bluenazgul commented 9 months ago

Edit: I turned the box off and back on again, and the Flipper Zero's emulation does NOT work until the authentic figure was placed on the box at least once while it was on.

That sounds that the emulation isnt working as it should, the emulation should work like an authentic figure - thats how it worked before the NFC Refactoring

nortakales commented 9 months ago

That sounds that the emulation isnt working as it should, the emulation should work like an authentic figure - thats how it worked before the NFC Refactoring

I just gave firmware 93.0 a try, and you are right, it works right away (no need to put a figure on the box first). Seems like there is still a regression here.

I uploaded a couple files generated from firmware 0.93 here, you can compare to files generated by this PR if it helps debug at all.

gornekich commented 8 months ago

@nortakales @bluenazgul made some emulation fixes in #3425 . Please, retest emulation with the fixes and let me know if it works.

nortakales commented 8 months ago

Works like a charm now. Turned the box on for the first time this morning and the Flipper worked right away.

bluenazgul commented 8 months ago

confimed, SLIX-L is working again with Tonies like it was before the NFC refactoring

nortakales commented 8 months ago

@bluenazgul if you have some Tonies I haven't uploaded yet, send a PR! https://github.com/nortakales/flipper-zero-tonies

CybGITHB commented 8 months ago

All Tonies files are working @nortakales ! @bluenazgul Can you upload some german nfc tonies ?

bluenazgul commented 8 months ago

i just tried latest dev build and reading/unlocking is working, but emulation did not work

Edit: Tried to edit the NFC Files to Change the Privacy PW and Privacy Mode Bit still No Change

CybGITHB commented 8 months ago

@bluenazgul use https://github.com/RogueMaster/flipperzero-firmware-wPlugins/releases/tag/RM0208-2318-0.97.2-f563329 firmware

See: https://www.g3gg0.de/rf/flipper-zero-for-toniebox-figurines/ and use Unlock Slix-L !

bluenazgul commented 8 months ago

@bluenazgul use https://github.com/RogueMaster/flipperzero-firmware-wPlugins/releases/tag/RM0208-2318-0.97.2-f563329 firmware

See: https://www.g3gg0.de/rf/flipper-zero-for-toniebox-figurines/ and use Unlock Slix-L !

emulation with this RM FW is also not working, even with old NFC files and new NFC Files

bofax commented 8 months ago

Some Tonies can not be read - Biene Maja (Flip) works, Benjamin Blümchen is not readable.

bluenazgul commented 8 months ago

Some Tonies can not be read - Biene Maja (Flip) works, Benjamin Blümchen is not readable.

Reading "Benjamin" is a Bit Tricky but working, only have Problems with emulation, also all old Files are Not working with emulation

CybGITHB commented 8 months ago

@bluenazgul can you upload .nfc to try ? I habe tried 5 tonies and all are working no problem reading and emulating!

CybGITHB commented 8 months ago

@bluenazgul what error do you get when trying to read ?

jbouecke commented 8 months ago

Same for me. Reading seems to work very well, but emulation seems to do nothing to the box.

Am Sa., 10. Feb. 2024 um 12:17 Uhr schrieb Andre Schlüter < @.***>:

Some Tonies can not be read - Biene Maja (Flip) works, Benjamin Blümchen is not readable.

Reading "Benjamin" is a Bit Tricky but working, only have Problems with emulation, also all old Files are Not working with emulation

— Reply to this email directly, view it on GitHub https://github.com/flipperdevices/flipperzero-firmware/issues/3328#issuecomment-1936977484, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAP7L6L6L6NHIPXWGK4R5BDYS5JMXAVCNFSM6AAAAABBGQVFYCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZWHE3TONBYGQ . You are receiving this because you are subscribed to this thread.Message ID: @.*** com>

bofax commented 8 months ago

@bluenazgul can you upload .nfc to try ? I habe tried 5 tonies and all are working no problem reading and emulating!

Try this: `Filetype: Flipper NFC device Version: 4

Device type can be ISO14443-3A, ISO14443-3B, ISO14443-4A, ISO14443-4B, ISO15693-3, FeliCa, NTAG/Ultralight, Mifare Classic, Mifare DESFire, SLIX, ST25TB, EMV

Device type: SLIX

UID is common for all formats

UID: E0 04 03 50 16 EA B6 29

ISO15693-3 specific data

Data Storage Format Identifier

DSFID: 00

Application Family Identifier

AFI: 00

IC Reference - Vendor specific meaning

IC Reference: 03

Lock Bits

Lock DSFID: false Lock AFI: false

Number of memory blocks, valid range = 1..256

Block Count: 8

Size of a single memory block, valid range = 01...20 (hex)

Block Size: 04 Data Content: CE 51 03 52 C1 30 B6 2A FD E1 BA 21 35 2E B4 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Block Security Status: 01 = locked, 00 = not locked

Security Status:

SLIX specific data

Passwords are optional. If a password is omitted, a default value will be used

Password Privacy: 7F FD 6E 5B Password Destroy: FF FF FF FF Password EAS: 00 00 00 00 Privacy Mode: false

SLIX Lock Bits

Lock EAS: false `

nortakales commented 8 months ago

Emulation was working perfectly on the gornek/3676_slix_fixes branch, but is not working once merged into dev

bluenazgul commented 8 months ago

Emulation was working perfectly on the gornek/3676_slix_fixes branch, but is not working once merged into dev

Good to know, so there are some Code conficts - got IT working sporadic in RM, but found another Feature Change, Emulation only Runs for 5min, Wish me an Option inside the NFC File to Change it from "normal" (5min) to "Long" (use as long as needed)

CybGITHB commented 8 months ago

Has anyone tried the roquemaster fw for flipper ? It seems to work just fine

nortakales commented 8 months ago

@CybGITHB this is the repo for the stock firmware. They had this feature working fine last week on a branch, there just seems to be an issue with the merge.

CybGITHB commented 8 months ago

@nortakales Do you have more .nfc files to upload? It seems you only have the english versions.

nortakales commented 8 months ago

@CybGITHB I don't. I live in the states and only have access to English Tonies. If anyone else has access to other languages or Tonies I haven't uploaded yet they can send a PR.

nortakales commented 8 months ago

@gornekich I pulled down dev, built it, flashed it, and gave reading/emulating a try after you merged https://github.com/flipperdevices/flipperzero-firmware/pull/3444

At first I thought emulating was not working well, but then I started emulating my existing files (instead of reading new ones) and all my existing known-good files emulate perfectly. I think there may be a problem with reading now. Some files end up with Password Privacy: FF FF FF FF and no Data Content. Other files end up with some Data Content missing like this: Data Content: 40 2E 79 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (all those trailing 0s should not be 0).

Other files ended up with Security Status: empty, but otherwise have the necessary data, so those files can easily be modified to have Security Status: 00 00 00 00 00 00 00 00 and will then work.

I am not sure how much of it to attribute to the Tonies figures being kind of thick, and I have the silicon case on my Flipper. Maybe that is enough to make reading these a bit difficult, and there is no issue with the code?

Please let me know if I can do anything else to help out.

gornekich commented 8 months ago

@nortakales thanks for testing. When slix is already unlocked, flipper doesn't try to reveal privacy password, which leads to incorrect emulation of privacy password related commands. I will think how to fix that

bluenazgul commented 8 months ago

Maybe it could be possible to add an lock Feature for the "TommyBox" function too and save the unlocked tags with Status locked and the PW that was used to unlock them

nortakales commented 8 months ago

I tried reading the same figure today 10 times (5 without silicone case, 5 with). I guess the silicone case really has nothing to do with the issue. All 10 reads had all of the Data Content and Security Status as expected this time. The first read had the correct Password Privacy but all 9 reads after that had Password Privacy: FF FF FF FF. Maybe I will play around with it some more later to see if I notice anything else. I'm not sure why my reads yesterday were coming out so bad.

gornekich commented 7 months ago

3504 should fix the remaining issue. If the card is already unlocked, flipper tries to find privacy password after reading slix data.

Fabunator commented 7 months ago

I have a bunch of old NFC Tonie files read with Version 0.93.1 with Device type ISO15693. All these files are not compatible with the new version 0.99.1. Here it should be Device type SLIX and some other extra stuff.

deathduck666 commented 7 months ago

I have a bunch of old NFC Tonie files read with Version 0.93.1 with Device type ISO15693. All these files are not compatible with the new version 0.99.1. Here it should be Device type SLIX and some other extra stuff.

If you have the UID and Data Bytes, you can easily copy them into a current Version4 file. You can find many of them in nortakales/flipper-zero-tonies. Just take one existing file, make a local copy and overwrite UID and Data Bytes. If this works, feel free to add them to the rep.