ZaparooProject
diff --git a/‎cmd/readtag/main.go‎
Lines changed: 306 additions & 4 deletions b/‎cmd/readtag/main.go‎
Lines changed: 306 additions & 4 deletions
@@ -40,22 +40,50 @@ import (
 	"github.com/ZaparooProject/go-pn532/transport/uart"
 )
 
+// mustPrint prints to stdout, panicking on error (for test output only)
+func mustPrint(args ...any) {
+	_, err := fmt.Print(args...)
+	if err != nil {
+		panic(err)
+	}
+}
+
+// mustPrintf prints formatted output to stdout, panicking on error (for test output only)
+func mustPrintf(format string, args ...any) {
+	_, err := fmt.Printf(format, args...)
+	if err != nil {
+		panic(err)
+	}
+}
+
+// mustPrintln prints with newline to stdout, panicking on error (for test output only)
+func mustPrintln(args ...any) {
+	_, err := fmt.Println(args...)
+	if err != nil {
+		panic(err)
+	}
+}
+
 type config struct {
 	devicePath *string
 	timeout    *time.Duration
 	writeText  *string
 	debug      *bool
 	validate   *bool
+	testRobust *bool
+	testTiming *bool
 }
 
 func parseFlags() *config {
 	cfg := &config{
 		devicePath: flag.String("device", "",
 			"Serial device path (e.g., /dev/ttyUSB0 or COM3). Leave empty for auto-detection."),
-		timeout:   flag.Duration("timeout", 30*time.Second, "Timeout for tag detection (default: 30s)"),
-		writeText: flag.String("write", "", "Text to write to the tag (if not specified, will only read)"),
-		debug:     flag.Bool("debug", false, "Enable debug output"),
-		validate:  flag.Bool("validate", true, "Enable read/write validation (default: true)"),
+		timeout:    flag.Duration("timeout", 30*time.Second, "Timeout for tag detection (default: 30s)"),
+		writeText:  flag.String("write", "", "Text to write to the tag (if not specified, will only read)"),
+		debug:      flag.Bool("debug", false, "Enable debug output"),
+		validate:   flag.Bool("validate", true, "Enable read/write validation (default: true)"),
+		testRobust: flag.Bool("test-robust", false, "Test robust authentication features for Chinese clone cards"),
+		testTiming: flag.Bool("test-timing", false, "Test timing variance analysis"),
 	}
 	flag.Parse()
 	return cfg
@@ -192,6 +220,271 @@ func writeTextIfRequested(tag pn532.Tag, writeText string) error {
 	return nil
 }
 
+func testChineseCloneUnlock(mifareTag *pn532.MIFARETag) {
+	mustPrint("\n=== Testing Chinese Clone Unlock Sequences ===\n")
+
+	// Test Gen1 unlock commands directly
+	unlockCommands := []struct {
+		name string
+		desc string
+		cmd  byte
+	}{
+		{"Gen1 7-bit", "Chinese Gen1 clone unlock (7-bit UID)", 0x40},
+		{"Gen1 8-bit", "Chinese Gen1 clone unlock (4-byte UID)", 0x43},
+	}
+
+	foundUnlock := false
+
+	for _, unlock := range unlockCommands {
+		mustPrintf("Trying %s (0x%02X): ", unlock.name, unlock.cmd)
+
+		// Access the device directly to test unlock commands
+		device := mifareTag.GetDevice() // We'll need to add this method
+		if device == nil {
+			mustPrintln("FAILED - cannot access device")
+			continue
+		}
+
+		// Try the unlock command
+		start := time.Now()
+		_, err := device.SendDataExchange([]byte{unlock.cmd})
+		duration := time.Since(start)
+
+		if err == nil {
+			mustPrintf("SUCCESS (%.2fms) - %s\n", float64(duration.Nanoseconds())/1000000, unlock.desc)
+			foundUnlock = true
+
+			// If unlock successful, try to read manufacturer block directly
+			mustPrintln("  Attempting direct block 0 read (no authentication needed)...")
+			if data, readErr := mifareTag.ReadBlockDirect(0); readErr == nil {
+				mustPrintf("  Block 0 (UID): %02X %02X %02X %02X %02X %02X %02X %02X...\n",
+					data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7])
+				mustPrintln("  → This is a Gen1 Chinese clone with backdoor access!")
+			} else {
+				mustPrintf("  Block 0 read failed: %v\n", readErr)
+			}
+		} else {
+			mustPrintf("FAILED (%.2fms) - %v\n", float64(duration.Nanoseconds())/1000000, err)
+		}
+	}
+
+	if !foundUnlock {
+		mustPrintln("\nNo Chinese clone unlock sequences successful.")
+		mustPrintln("This may be a Gen2/CUID/FUID clone or genuine card.")
+
+		// Test FM11RF08S universal backdoor key
+		mustPrint("\nTesting FM11RF08S universal backdoor key: ")
+		backdoorKey := []byte{0xA3, 0x96, 0xEF, 0xA4, 0xE2, 0x4F}
+
+		start := time.Now()
+		err := mifareTag.AuthenticateRobust(1, pn532.MIFAREKeyA, backdoorKey)
+		duration := time.Since(start)
+
+		if err == nil {
+			mustPrintf("SUCCESS (%.2fms)\n", float64(duration.Nanoseconds())/1000000)
+			mustPrintln("→ This is likely an FM11RF08S clone with universal backdoor!")
+		} else {
+			mustPrintf("FAILED (%.2fms) - %v\n", float64(duration.Nanoseconds())/1000000, err)
+			mustPrintln("→ Backdoor key authentication failed")
+		}
+	}
+}
+
+// tryKeyOnSector attempts to authenticate with a given key and sector
+func tryKeyOnSector(
+	mifareTag *pn532.MIFARETag,
+	sector uint8,
+	key []byte,
+	keyType byte,
+	keyName string,
+) (success bool, duration time.Duration) {
+	mustPrintf("  Trying Key %s [%02X %02X %02X %02X %02X %02X]: ",
+		keyName, key[0], key[1], key[2], key[3], key[4], key[5])
+
+	start := time.Now()
+	err := mifareTag.AuthenticateRobust(sector, keyType, key)
+	duration = time.Since(start)
+
+	if err == nil {
+		mustPrintf("SUCCESS (%.2fms)\n", float64(duration.Nanoseconds())/1000000)
+		testSectorRead(mifareTag, sector)
+		return true, duration
+	}
+
+	mustPrintf("FAILED (%.2fms) - %v\n", float64(duration.Nanoseconds())/1000000, err)
+	analysis := mifareTag.AnalyzeLastError(err)
+	mustPrintf("    Error analysis: %s\n", analysis)
+	return false, duration
+}
+
+// testSectorRead attempts to read a block from the authenticated sector
+func testSectorRead(mifareTag *pn532.MIFARETag, sector uint8) {
+	block := sector * 4 // First block of sector
+	if data, readErr := mifareTag.ReadBlock(block); readErr == nil {
+		mustPrintf("    Block %d read: %02X %02X %02X ... (16 bytes)\n",
+			block, data[0], data[1], data[2])
+	} else {
+		mustPrintf("    Block %d read failed: %v\n", block, readErr)
+		analysis := mifareTag.AnalyzeLastError(readErr)
+		mustPrintf("    Error analysis: %s\n", analysis)
+	}
+}
+
+// testSectorAuthentication tests all keys for a given sector
+func testSectorAuthentication(
+	mifareTag *pn532.MIFARETag,
+	sector uint8,
+	testKeys [][]byte,
+) (success bool, authCount int) {
+	mustPrintf("\nTesting sector %d:\n", sector)
+
+	for _, key := range testKeys {
+		for _, keyType := range []byte{pn532.MIFAREKeyA, pn532.MIFAREKeyB} {
+			keyName := "A"
+			if keyType == pn532.MIFAREKeyB {
+				keyName = "B"
+			}
+
+			if keySuccess, _ := tryKeyOnSector(mifareTag, sector, key, keyType, keyName); keySuccess {
+				return true, 1
+			}
+			authCount++
+		}
+	}
+
+	mustPrintf("  No working keys found for sector %d\n", sector)
+	return false, authCount
+}
+
+func testRobustAuthentication(tag pn532.Tag) {
+	mifareTag, ok := tag.(*pn532.MIFARETag)
+	if !ok {
+		mustPrintln("Tag is not a MIFARE tag, skipping robust authentication test")
+		return
+	}
+
+	mustPrint("\n=== Testing Robust Authentication ===\n")
+
+	testChineseCloneUnlock(mifareTag)
+
+	testKeys := [][]byte{
+		{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, // Default transport key
+		{0xD3, 0xF7, 0xD3, 0xF7, 0xD3, 0xF7}, // NDEF key
+		{0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, // All zeros
+		{0xA3, 0x96, 0xEF, 0xA4, 0xE2, 0x4F}, // FM11RF08S universal backdoor key
+	}
+
+	successfulAuths := 0
+	totalAttempts := 0
+
+	for sector := uint8(1); sector < 4; sector++ {
+		success, attempts := testSectorAuthentication(mifareTag, sector, testKeys)
+		if success {
+			successfulAuths++
+		}
+		totalAttempts += attempts
+	}
+
+	mustPrint("\nAuthentication Summary:\n")
+	mustPrintf("  Successful: %d/%d (%.1f%%)\n",
+		successfulAuths, totalAttempts, float64(successfulAuths*100)/float64(totalAttempts))
+
+	variance := mifareTag.GetTimingVariance()
+	mustPrintf("  Timing variance: %.2fms\n", float64(variance.Nanoseconds())/1000000)
+
+	if mifareTag.IsTimingUnstable() {
+		mustPrintln("  WARNING: High timing variance detected - possible hardware issues")
+	} else {
+		mustPrintln("  Timing appears stable")
+	}
+}
+
+// performTimingAttempts runs authentication attempts and collects timing data
+func performTimingAttempts(
+	mifareTag *pn532.MIFARETag,
+	sector uint8,
+	key []byte,
+	attempts int,
+) (timings []time.Duration, successCount int) {
+	timings = make([]time.Duration, 0, attempts)
+	successCount = 0
+
+	for i := 0; i < attempts; i++ {
+		start := time.Now()
+		err := mifareTag.AuthenticateRobust(sector, pn532.MIFAREKeyA, key)
+		duration := time.Since(start)
+		timings = append(timings, duration)
+
+		if err == nil {
+			successCount++
+			mustPrintf("  Attempt %2d: SUCCESS (%.2fms)\n", i+1, float64(duration.Nanoseconds())/1000000)
+		} else {
+			mustPrintf("  Attempt %2d: FAILED  (%.2fms) - %v\n", i+1, float64(duration.Nanoseconds())/1000000, err)
+		}
+
+		time.Sleep(100 * time.Millisecond)
+	}
+
+	return timings, successCount
+}
+
+// calculateTimingStats computes and displays timing statistics
+func calculateTimingStats(timings []time.Duration, successCount, attempts int) {
+	if len(timings) == 0 {
+		return
+	}
+
+	var minTime, maxTime, total time.Duration = timings[0], timings[0], 0
+	for _, timing := range timings {
+		if timing < minTime {
+			minTime = timing
+		}
+		if timing > maxTime {
+			maxTime = timing
+		}
+		total += timing
+	}
+
+	avg := total / time.Duration(len(timings))
+	variance := maxTime - minTime
+
+	mustPrint("\nTiming Statistics:\n")
+	mustPrintf("  Success rate: %d/%d (%.1f%%)\n",
+		successCount, attempts, float64(successCount*100)/float64(attempts))
+	mustPrintf("  Min time: %.2fms\n", float64(minTime.Nanoseconds())/1000000)
+	mustPrintf("  Max time: %.2fms\n", float64(maxTime.Nanoseconds())/1000000)
+	mustPrintf("  Avg time: %.2fms\n", float64(avg.Nanoseconds())/1000000)
+	mustPrintf("  Variance: %.2fms\n", float64(variance.Nanoseconds())/1000000)
+
+	switch {
+	case variance > 1000*time.Millisecond:
+		mustPrintln("  WARNING: High variance (>1000ms) indicates possible hardware issues")
+	case variance > 500*time.Millisecond:
+		mustPrintln("  CAUTION: Moderate variance detected")
+	default:
+		mustPrintln("  Timing appears stable")
+	}
+}
+
+func testTimingAnalysis(tag pn532.Tag) {
+	mifareTag, ok := tag.(*pn532.MIFARETag)
+	if !ok {
+		mustPrintln("Tag is not a MIFARE tag, skipping timing analysis test")
+		return
+	}
+
+	mustPrint("\n=== Testing Timing Analysis ===\n")
+
+	key := []byte{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
+	sector := uint8(1)
+	attempts := 10
+
+	mustPrintf("Performing %d authentication attempts to sector %d...\n", attempts, sector)
+
+	timings, successCount := performTimingAttempts(mifareTag, sector, key, attempts)
+	calculateTimingStats(timings, successCount, attempts)
+}
+
 func main() {
 	cfg := parseFlags()
 
@@ -215,5 +508,14 @@ func main() {
 		return
 	}
 
+	// Run tests if requested
+	if *cfg.testRobust {
+		testRobustAuthentication(tag)
+	}
+
+	if *cfg.testTiming {
+		testTimingAnalysis(tag)
+	}
+
 	_, _ = fmt.Print(tag.DebugInfo())
 }