nfc-tools / libfreefare Goto Github PK

Reported by [email protected], Jun 7, 2012
Mifare Classic uses two types of diversification, old and new. The new type is 
very very similar to DESFire diversification, actually it is 100% the same, but 
the for DESFire the final key is taken from the last 16 bytes, for the classic 
it is first 6 bytes of the last 16 bytes. Will there be a fn that simply 
returns Classic type keys?
----
Comment 1 by project member [email protected], Jun 7, 2012
Thanks for reporting issue.

Could you provide a patch for this feature ?

If not, we will try to take care at this issue ASAP.
----
Comment 2 by [email protected], Jun 8, 2012
No, unfortunately not due to the time constraints. Perhaps sometime in the fall 
i might get the time, for now i can only provide specifications for 
diversification.
----
Comment 3 by project member [email protected], Jun 8, 2012
Yes, feel free to let us some references to implement it.
Thanks
----
Comment 4 by [email protected], Jun 8, 2012
Please find the file attached
----
    Spec.pdf 
3.5 MB   Download
----
Comment 6 by project member [email protected], Jun 8, 2012
Thanks for attachement.

As we are quite busy with libnfc and ifdnfc right, I don't think we will 
improve libfreefare next days.
ASAP may be not enough for some users, so if any volunteer want to take this 
issue, feel free to attach patches.
----
Comment 7 by olifozzy, Aug 13, 2012
I have been trying to understand the algorithm but I am having some trouble 
understanding key diversification.

If I understand correctly we need to know the master key and the 3des key to 
compute diversified keys for a card ?

Signature should be something like : 

- GetKey(masterKey, 3desKey, uid, blockNumber);


I have some tags that looks like mifare classic but the KeyA from the first 
sector is always the same , the other keys are diversified.
Do you know if the first sector behave differently of maybe my set of tags 
doesn't use that diversification algorithm...
----
Comment 8 by [email protected], Aug 13, 2012 via email
what 3des key? No 3des key is needed. Take a look at the first post and take a 
look at DESFire diversification implementation in the project. You have to have 
master key and diversification input (which is card UID and sector number) from 
the output of desfire diversification take the first 6 bytes of last 16 
bytes(because classic keys are smaller).

Marko
----
Comment 9 by olifozzy, Aug 13, 2012
I was talking about the first part of the document (old 2ktdes based key 
diversification).

Anyway I also looked at the second part of the document and the way it is done 
for desfire in libfreefare. 
According to the document there is some padding so that diversification input 
is always 32 bytes but in libfreefare, in cmac method it use key block size 
that is only 16 bytes.
I've made some slight modification to make it work as in the document.

It still doesn't explain why i have always the same key for all my tags but 
only for the first block (sector 0x03). Maybe they used a custom key 
diversification :/
----
Comment 10 by [email protected], Aug 13, 2012 via email
could be custom diversification.

sorry, i cannot help you with older diversification.

Marko

What steps will reproduce the problem?
1. Compile libfreefare against libnfc-1.7.0-rc7
2. Run mifare-classic-read-ndef

What is the expected output? What do you see instead?
Expected output : Some data
What I see : Segfault

What version of the product are you using? On what operating system?
libfreefare-0.3.4 from distributed tarball
Debian 7.0

Please provide any additional information below.
Segfault is easy to track :
mifare-classic-read-ndef.c:108:     nfc_init(NULL);
In nfc.c:183 :

  void
  nfc_init(nfc_context **context)
  {
    *context = nfc_context_new();
    if (!*context) {
      perror("malloc");
      return;
    }
    if (!nfc_drivers)
      nfc_drivers_init();
  } 

Clearly here, sending NULL to nfc_init will result in trying to write a new 
context at adresse 0, in the first line.

I think previous libnfc versions were compatible with sending them NULL, albeit 
I didn't checked.

http://code.google.com/r/dheidler-libfreefare/source/detail?r=cc36619f132e973a3c
c82a6cedc6a03146d24f7d

1. Authenticate with Master key...
Set app key as default key...
Create application...
Select application...
Authenticate with old app key...
Change APP Key settings...
Change App master Key DES to AES...
mifare_desfire_change_key: INTEGRITY_ERROR

Reported by vishnuocv, Aug 16, 2012
What steps will reproduce the problem?
1. cross compiled for ARM ./configure CC=arm-none-linux-gnueabi-gcc-4.1.2 
--host=arm-none-linux
2.
3.

What is the expected output? What do you see instead?

Mifare-desfire-info should show the tag information...
 it is not showing anything


What version of the product are you using? On what operating system?
linux, latest one (libfreefare-0.3.4)

Please provide any additional information below.

Libnfc things are working fine. but mifare-DESFire is not

I compiled for PC and it is working Fine. I am able to read the tag information 
also

what could be the reason
----
Comment 1 by harishakumara.k, Aug 29, 2012
I also face the same issue. mifare-desfire- functions do not work in arm, but 
mifare-classic examples are working fine.
At the same time, linux compilation is working fine for both the cards. 

Is it because of endianness problem in libfreefare for desfire card?

DEBUG_XFER (data_in, data_in_length, "===> ");

Reported by emanuele.bertoldi, Apr 11, 2011
Currently, there are equivalent examples for MIFARE classic and desfire.

It would be great to add an example for MIFARE ultralight too.

What steps will reproduce the problem?
1. Create an application with AES encryption on DESFIRE EV1 4k card and 
authenticate afterwords.
2. Create a file with AES encryption inside the application.
3. Write data into this file by using mifare_desfire_create_std_data_file().

Expected output of the method mifare_desfire-create_std_data_file is simply the 
amount of data written to the card. Instead the corresponding function " 
returns -1. I also tried mifare_desfire_create_std_data_file_ex with parameter 
cs set to MDCM_ENCYPHERED, which had the same effect.
I'm using libfreefare 1.3.4 and libnfc 1.7.0 under Windows 7 64 Bit, both 
compiled using MINGW64. The executables and libraries are 32 Bit versions. The 
error occurs with libusb as well as using the PC/SC interface. As reader I'm 
using several ACR122U-A9. Devices with firmware 2.13 are affected by the 
described issue, while devices with firmware 2.10 are working properly (file is 
written without any problems). I will invest more time in further 
investigations. Does somebody have this problem too? I could also provide a 
code snippet if needed.
If I write a file without encryption (MDCM_PLAIN), it also works with firmware 
2.13. So it seems to depend on the communcation settings.

Bye, Eike

Hi, can you please take a look at my commit

https://code.google.com/r/maximchick-1k-emulated/source/detail?r=9ee3687280fdb37
fedb3d5e2bac54c414acbbb09

It adds support for SmartMX based card emulation like eSE/dual interface 
cards/UICC based cards and so on.

I tested it on ACR-122U-A9

There is a bug when reading data larger than a desfire frame.
It happens e.g. with mifare-desfire-read-ndef
----
$ mifare-desfire-read-ndef -o foo
Found Mifare DESFire with UID 04376069fe1e80. Read NDEF [yN] y
Max NDEF size: 3808 bytes
NDEF size: 410 bytes
error   libnfc.chip.pn53x   Buffer size is too short: 60o available(s), 61o needed
lt-mifare-desfire-read-ndef: Read data failed
----
Desfire "max Le" is =59
freefare_internal.h:
#define MAX_FRAME_SIZE 60
which is I guess error_code + data of a pure desfire frame.

But in reality "read" is a desfire command encapsulated in ISO so ending with 2 
SW.
So max=61, not 60

Now the problem is where to do the change as cleanly as possible.
I don't want to mess up things somewhere else by just changing MAX_FRAME_SIZE
E.g. there is dependencies: FRAME_PAYLOAD_SIZE = MAX_FRAME_SIZE - 5

So I thought changing it only in DESFIRE_TRANSCEIVE2 macro.
From where comes the value in the macro giving the recv buffer size??

nfc_initiator_transceive_bytes (tag->device, __msg, __len, __res,
__##res##_size, 0)

=> where is defined __res_size? and wht not just sizeof(__res)?

Moreover __res is defined internally with MAX_FRAME_SIZE(+1) while 
__##res##_size linked to res argument rather than locale var __res?

Very dirty hack solving the issue, just to show the direction...

diff --git a/libfreefare/libfreefare/mifare_desfire.c
b/libfreefare/libfreefare/mifare_desfire.c
index cb812ea..c00eb23 100644
--- a/libfreefare/libfreefare/mifare_desfire.c
+++ b/libfreefare/libfreefare/mifare_desfire.c
@@ -157,7 +157,8 @@ static ssize_t       read_data (MifareTag tag,
uint8_t command, uint8_t file_no, off_
     do { \
        static uint8_t __msg[MAX_FRAME_SIZE] = { 0x90, 0x00, 0x00, 0x00,
0x00, /* ..., */ 0x00 }; \
        /*                                       CLA   INS   P1    P2   
Lc    PAYLOAD    LE*/ \
-       static uint8_t __res[MAX_FRAME_SIZE]; \
+       /* Max res size is one byte longer when using ISO encapsulation
(2 SW instead of one) */ \
+       static uint8_t __res[MAX_FRAME_SIZE+1]; \
        size_t __len = 5; \
        errno = 0; \
        if (!msg) return errno = EINVAL, -1; \
@@ -173,7 +174,7 @@ static ssize_t       read_data (MifareTag tag,
uint8_t command, uint8_t file_no, off_
        MIFARE_DESFIRE (tag)->last_pcd_error = OPERATION_OK; \
        DEBUG_XFER (__msg, __len, "===> "); \
        int _res; \
-       if ((_res = nfc_initiator_transceive_bytes (tag->device, __msg,
__len, __res, __##res##_size, 0)) < 0) { \
+       if ((_res = nfc_initiator_transceive_bytes (tag->device, __msg,
__len, __res, __##res##_size+1, 0)) < 0) { \
            return errno = EIO, -1; \
        } \
        __##res##_n = _res; \

What steps will reproduce the problem?
Fresh Arch Linux on RPI SD Card as root

wget https://libfreefare.googlecode.com/files/libfreefare-0.4.0.tar.bz2
wget https://libnfc.googlecode.com/files/libnfc-1.7.0.tar.bz2
tar xvjf libnfc-1.7.0.tar.bz2
tar xvjf libfreefare-0.4.0.tar.bz2

cd libnfc-1.7.0
./configure --prefix=/usr
make
make install
cd ..

cd libfreefare-0.4.0
./configure --prefix=/usr


What is the expected output? What do you see instead?
I see: libnfc >= 1.7.0 is mandatory
but libnfc is correctly installed!
I expect to see successful ./configure 

What version of the product are you using? On what operating system?
Raspberry Pi version B 512MB RAM, Arch Linux
Linux alarmpi 3.12.23-1-ARCH #1 PREEMPT Fri Jun 27 01:32:04 MDT 2014 armv6l 
GNU/Linux

Please provide any additional information below.
The error is caused by PKG_CHECK_MODULES macro in configure.ac which returns 
invalid output. 
PKG_CHECK_MODULES returns correct output when pkg-config is installed.
i.e. pacman -S pkg-config

This is really annoying error, it took me a few hours to figure out what's 
wrong.

diff --git a/examples/felica-read-ndef.c b/examples/felica-read-ndef.c
index 55483d7..60a9593 100644
--- a/examples/felica-read-ndef.c
+++ b/examples/felica-read-ndef.c
@@ -30,9 +30,14 @@
 #  include <endian.h>
 #endif

+#if defined(HAVE_COREFOUNDATION_COREFOUNDATION_H)
+#  include <CoreFoundation/CoreFoundation.h>
+#endif
+
 #include <nfc/nfc.h>

 #include <freefare.h>
+#include "../libfreefare/freefare_internal.h"

 #define NDEF_BUFFER_SIZE 512

diff --git a/libfreefare/freefare_internal.h b/libfreefare/freefare_internal.h
index b792ced..f7f8568 100644
--- a/libfreefare/freefare_internal.h
+++ b/libfreefare/freefare_internal.h
@@ -49,14 +49,14 @@
 #  define be16toh(x) betoh16(x)
 #endif

-#if !defined(le32toh) && defined(CFSwapInt32LittleToHost)
+#if !defined(le32toh) && defined(HAVE_COREFOUNDATION_COREFOUNDATION_H)
 #  define be32toh(x) CFSwapInt32BigToHost(x)
 #  define htobe32(x) CFSwapInt32HostToBig(x)
 #  define le32toh(x) CFSwapInt32LittleToHost(x)
 #  define htole32(x) CFSwapInt32HostToLittle(x)
 #endif

-#if !defined(le16toh) && defined(CFSwapInt16LittleToHost)
+#if !defined(le16toh) && defined(HAVE_COREFOUNDATION_COREFOUNDATION_H)
 #  define be16toh(x) CFSwapInt16BigToHost(x)
 #  define htobe16(x) CFSwapInt16HostToBig(x)
 #  define le16toh(x) CFSwapInt16LittleToHost(x)

dyld: lazy symbol binding failed: Symbol not found: _le16toh
  Referenced from: /usr/local/opt/libfreefare/lib/libfreefare.0.dylib
  Expected in: flat namespace

dyld: Symbol not found: _le16toh
  Referenced from: /usr/local/opt/libfreefare/lib/libfreefare.0.dylib
  Expected in: flat namespace

Reported by project member [email protected], Sep 30, 2012
If you are authenticated on a sector but the requested MIFARE cmd (read, write) 
is not permitted by current access bytes, libfreefare should return "permission 
denied" error.

http://www.libnfc.org/community/topic/760/scl3711-mfclassic-dump-problem-chip-er
ror-invalid-received-frame/

The function mifare_desfire_get_file_ids() has a parameter uint8_t *files[]. 
The type describes an array of pointers to uint8_t. This is probably not the 
type that was meant to be used, as the argument clearly should be a pointer to 
an array of uint8_t, denoted as uint8_t (*files)[].

I suggest to change the type of files in the signature of 
mifare_desfire_get_file_ids() to uint8_t (*files)[]. As the array decays to a 
pointer in a function declaration, these two types should not make any 
difference in a regard to the calling convention.

A similar issue exists in mifare_desfire_get_iso_file_ids() where the parameter 
uint16_t *files[] should probably be type uint16_t (*files)[].

Set of default keys  has been provided in mifare-classic-format.c and 
mifare-classic-write-ndef.c such as 
 MifareClassicKey default_keys_int[] = {
    { 0xff,0xff,0xff,0xff,0xff,0xff },
    { 0xd3,0xf7,0xd3,0xf7,0xd3,0xf7 },
....
I have 1k mifare classic tag,
instead of using that default set of keys, can i able to use keys dynamically 
that is user defined key while formatting and writing. Using the -k option. Is 
there any patch?

And after writing data's to the tag default access bit is changed. how can i 
set it to default access bit.

Implemented on noprompt branch of my fork

https://code.google.com/r/doncoleman-libfreefare/source/detail?r=070f1a71669778d
11b788183e55230bd7ac07ff3&name=noprompt

Is there a way to issue a github style pull request?

With ultralightC we could be in situations where read() is called without prior 
authentication and AUTH0 < MIFARE_ULTRALIGHT_C_PAGE_COUNT_READ + 1

Several situations may occur:
Let's put auth0 = value of AUTH0 at 0x2A

read(x) with x <= auth0 - 4:
  read done properly

read(x) with auth0 - 4 < x < auth0
  read result is wrapped
  bug in libfreefare: cached pages are not wrapped
  e.g. auth0=3, read(0) returns page0|page1|page2|page0 
  and libfreefare caches wrongly page4 with page0 content

read(x) with x >= auth0
  read fails properly

The difficulty to handle those cases, especially the early wrapping, is that 
0x2A cannot be read in such situations and must be deduced by trial & error.
E.g. by trying to access the latest cached page, we can see if we get an error 
or not and if cache is valid or not.
And probably we need to keep track of two other state values in the cache to 
avoid this extra check whenever it's possible:
* latest known valid page
* if we reach 0x2A we can remember its actual value
* if we're authenticated we don't need to check page validity

My proposal:
* use another temp buffer to hold read data
* reduce tag cache buffer to actual max size (today it's hacked =+3 to cope 
with wrapped read of last page)
* if (UL or (ULC and AUTHENTICATED)), copy data to cache with proper wrapping 
if required
* if (ULC and not AUTHENTICATED), copy one single page in cache and ignore rest 
of data

It's less efficient when reading without being authenticated but it keeps the 
code much clearer.
What do you think?

*** mifare_desfire_get_version ***
===> 0000   90 60 00 00 00                                   |.`...           |
<=== 0000   04 01 01 01 00 18 05 91 af                       |.........       |
*** mifare_desfire_get_version ***
===> 0000   90 af 00 00 00                                   |.....           |
<=== 0000   04 01 01 01 04 18 05 91 af                       |.........       |
*** mifare_desfire_get_version ***
===> 0000   90 af 00 00 00                                   |.....           |
<=== 0000   04 5c 22 1a 12 4e 80 b9 0c 16 4d 40 34 16 91 00  |.\"..N....M@4...|
Found Mifare DESFire with UID 045c221a124e80. 
*** mifare_desfire_change_key ***
===> 0000   90 c4 00 00 14 80 00 10 23 33 44 55 66 76 ff ff  |........#3DUfv..|
===> 0010   fe fe ff fe ff ff 00 ad 98 00                    |..........      |
<=== 0000   91 7e                                            |.~              |
mifare_desfire_set_default_key: LENGTH_ERROR

*** mifare_desfire_get_version ***
===> 0000   90 60 00 00 00                                   |.`...           |
<=== 0000   04 01 01 01 00 18 05 91 af                       |.........       |
*** mifare_desfire_get_version ***
===> 0000   90 af 00 00 00                                   |.....           |
<=== 0000   04 01 01 01 04 18 05 91 af                       |.........       |
*** mifare_desfire_get_version ***
===> 0000   90 af 00 00 00                                   |.....           |
<=== 0000   04 5c 22 1a 12 4e 80 b9 0c 16 4d 40 34 16 91 00  |.\"..N....M@4...|
Found Mifare DESFire with UID 045c221a124e80. 
*** mifare_desfire_set_default_key ***
===> 0000   90 5c 00 00 1a 01 00 10 23 33 44 55 66 76 ff ff  |.\......#3DUfv..|
===> 0010   fe fe ff fe ff ff 00 00 00 00 00 00 00 00 34 00  |..............4.|
<=== 0000   91 7e                                            |.~              |
mifare_desfire_set_default_key: LENGTH_ERROR

Hi, when I call mifare_classic_authenticate for Classic 1k (sak 0x88) 
everything is fine. But when I do same for Dual interface card i'm getting 
"-1" error code and error:

"error  libnfc.chip.pn53x   Buffer size is too short: 1 available(s), 2 needed"

What can be wrong?

I'm using libnfc 1.7.0 with ACR-122U-A9

[...]
debug   libnfc.chip.pn53x   InDataExchange
debug   libnfc.chip.pn53x   No timeout
debug   libnfc.bus.uart TX: 00 00 ff 0a f6 d4 40 01 90 aa 00 00 01 00 00 b0 00 
debug   libnfc.bus.uart RX: 00 00 ff 00 ff 00 
debug   libnfc.chip.pn53x   PN53x ACKed
debug   libnfc.bus.uart RX: 00 00 ff 15 eb 
debug   libnfc.bus.uart RX: d5 41 
debug   libnfc.bus.uart RX: 00 8d b1 f0 47 07 5d 45 23 80 6a 42 13 90 43 11 80 91 
af 
debug   libnfc.bus.uart RX: c6 00 
debug   libnfc.chip.pn53x   InDataExchange
debug   libnfc.chip.pn53x   No timeout
debug   libnfc.bus.uart TX: 00 00 ff 29 d7 d4 40 01 90 af 00 00 20 6a c1 fd 0c 47 
9b ea a3 0e e8 b3 cd 0e 8c 0d 46 a0 27 48 01 ce 60 9c 4e f0 85 4a 47 9e c1 ea 
6f 00 a0 00 
debug   libnfc.bus.uart RX: 00 00 00 00 00 00 
error   libnfc.chip.pn53x   Unexpected PN53x reply!
debug   libnfc.chip.pn53x   InDataExchange
debug   libnfc.chip.pn53x   No timeout
[...]

I got a :

 autoreconf: running: /usr/bin/autoconf
 configure.ac:46: error: possibly undefined macro: AC_MSG_ERROR
       If this token and others are legitimate, please use m4_pattern_allow.
       See the Autoconf documentation.
 autoreconf: /usr/bin/autoconf failed with exit status: 1

What steps will reproduce the problem?
1. git clone
2. autoreconf -vis
3. read error message on your screen

What version of the product are you using? On what operating system?

Version ea496c4 on Debian 7.0.

When making checks:

make  check-TESTS
make[2]: Entering directory `.../nfc-tools/git-svn/libfreefare/test'
OOOOOOO/usr/bin/cutter: symbol lookup error: ./.libs/test_mad.so: undefined 
symbol: nxp_crc
FAIL: run-test.sh

This is because nxp_crc() is defined as static in libfreefare/mad.c
Same for sector_0x00_crc8() and sector_0x10_crc8()

Issue is solved by removing the keyword "static" in front of those three 
functions but I'm not sure it's the right thing to expose those internal 
functions.
If they are meant to be internal, why test_mad is calling them?

+++++++++++++++ ENTER read_data command 189 file_no 7 offset 0 lenght 60 cs 1
############### ENTER padded_data_length: nbytes 8 block_size 16 nbytes % block_size)
############### IF branch : (nbytes / block_size) 0
############### IF branch : ((nbytes / block_size) + 1) 1
############### ((nbytes / block_size) + 1) * block_size 16
=============== ENTER enciphered_data_length
=============== nbytes 60, crc_length 4, block_size 16
############### ENTER padded_data_length: nbytes 64 block_size 16 nbytes % block_size)
############### ELSE: nbytes 64
=============== padded_data_length 64
=============== EXIT enciphered_data_length
+++++++++++++++ enciphered_data_length (tag, length, 0) = 64 rember the + 1 later
+++++++++++++++ bytes_received before memcpy = 0
+++++++++++++++ bytes_received after memcpy = 48
+++++++++++++++ bytes_received before memcpy = 48
+++++++++++++++ bytes_received after memcpy = 68
+++++++++++++++ bytes_received after transfer 68 remvember the ++ later on
+++++++++++++++ sr = 69
############### ENTER padded_data_length: nbytes 61 block_size 16 nbytes % block_size)
############### IF branch : (nbytes / block_size) 3
############### IF branch : ((nbytes / block_size) + 1) 4
############### ((nbytes / block_size) + 1) * block_size 64
*** Error in `/test': malloc(): memory corruption: 0x00e2e238 ***

enciphered_data_length (padded_data_length (nbytes + crc_length +1, block_size)

enciphered_data_length (padded_data_length (nbytes + crc_length, block_size))

mifare_cryto_preprocess_data (tag, cmd, &__cmd_n, 8, cs | CMAC_COMMAND)

mifare_cryto_preprocess_data (tag, cmd, &__cmd_n, 8, MDCM_PLAIN | CMAC_COMMAND)

Currently, mifare_ultralightc_authenticate() returns -1 and does not touch 
errno when authentication fails. This is very strange and probably errorneous 
behavior and makes it difficult to do proper error handling.

I suggest to change libfreefare to set errno to EACCES (access denied) if 
authentication fails. Attached is a patch that implements this change.

when I run auroreconf -vis on RasPi, I get the following output:
autoreconf -vis
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal -I m4
autoreconf: configure.ac: tracing
autoreconf: configure.ac: not using Libtool
autoreconf: running: /usr/bin/autoconf
autoreconf: running: /usr/bin/autoheader
autoreconf: running: automake --add-missing --no-force
configure.ac:8: installing `./ar-lib'
configure.ac:13: installing `./install-sh'
configure.ac:13: installing `./missing'
contrib/libutil/Makefile.am:5: Libtool library used but `LIBTOOL' is undefined
contrib/libutil/Makefile.am:5:   The usual way to define `LIBTOOL' is to add 
`LT_INIT'
contrib/libutil/Makefile.am:5:   to `configure.ac' and run `aclocal' and 
`autoconf' again.
contrib/libutil/Makefile.am:5:   If `LT_INIT' is in `configure.ac', make sure
contrib/libutil/Makefile.am:5:   its definition is in aclocal's search path.
contrib/libutil/Makefile.am: installing `./depcomp'
libfreefare/Makefile.am:6: Libtool library used but `LIBTOOL' is undefined
libfreefare/Makefile.am:6:   The usual way to define `LIBTOOL' is to add 
`LT_INIT'
libfreefare/Makefile.am:6:   to `configure.ac' and run `aclocal' and `autoconf' 
again.
libfreefare/Makefile.am:6:   If `LT_INIT' is in `configure.ac', make sure
libfreefare/Makefile.am:6:   its definition is in aclocal's search path.
test/Makefile.am:33: Libtool library used but `LIBTOOL' is undefined
test/Makefile.am:33:   The usual way to define `LIBTOOL' is to add `LT_INIT'
test/Makefile.am:33:   to `configure.ac' and run `aclocal' and `autoconf' again.
test/Makefile.am:33:   If `LT_INIT' is in `configure.ac', make sure
test/Makefile.am:33:   its definition is in aclocal's search path.
test/common/Makefile.am:14: Libtool library used but `LIBTOOL' is undefined
test/common/Makefile.am:14:   The usual way to define `LIBTOOL' is to add 
`LT_INIT'
test/common/Makefile.am:14:   to `configure.ac' and run `aclocal' and 
`autoconf' again.
test/common/Makefile.am:14:   If `LT_INIT' is in `configure.ac', make sure
test/common/Makefile.am:14:   its definition is in aclocal's search path.
Makefile.am: installing `./INSTALL'
autoreconf: automake failed with exit status: 1

diff --git a/cmake/modules/FindLIBNFC.cmake b/cmake/modules/FindLIBNFC.cmake
index f2b1b75..0c5d6ac 100644
--- a/cmake/modules/FindLIBNFC.cmake
+++ b/cmake/modules/FindLIBNFC.cmake
@@ -9,7 +9,7 @@ message("libnfc install dir: " ${LIBNFC_INSTALL_DIR})
 find_path(LIBNFC_INCLUDE_DIRS NAMES nfc/nfc.h PATHS ${LIBNFC_INSTALL_DIR}/include)
 message("libnfc include dir found:  " ${LIBNFC_INCLUDE_DIRS})
 
-find_library(LIBNFC_LIBRARIES libnfc PATHS ${LIBNFC_INSTALL_DIR}/lib)
+find_library(LIBNFC_LIBRARIES nfc PATHS ${LIBNFC_INSTALL_DIR}/lib)

nfc_initiator_poll_target(..., candidate)
tag = freefare_tag_new(candidate)
mifare_classic_connect(tag)
mifare_classic_authenticate(tag)
mifare_classic_read(tag)

nfc_initiator_poll_target(..., candidate)
tag = freefare_tag_new(candidate)
mifare_desfire_connect(tag)    // hangs here

if (nfc_initiator_select_passive_target (tag->device, modulation, tag->info.nti.nai.abtUid, tag->info.nti.nai.szUidLen, &pnti) >= 0) {

printf("Attempting desfire_connect..\n");
FreefareTag tag = freefare_tag_new(pnd, nt);
if (!tag) {
    printf("freefare_tag_new failed");
}
res = mifare_desfire_connect(tag);
printf("Desfire_connect done.\n");

nfc_initiator_poll_target(...)     // ignore result
tags = freefare_get_tags (device);
mifare_desfire_connect (tags[0]);
mifare_desfire_select_application
mifare_desfire_authenticate
mifare_desfire_read_data

Am cross compiling libfreefare for arm architecture and took source from
git clone https://code.google.com/p/libfreefare/

while executing autoreconf -vis getting some warning, see 
http://pastebin.com/FNQpYdFv

while configuring http://pastebin.com/wSn4xQY1

while compiling am getting errors, see http://pastebin.com/A220HGBC

Is there patch to fix this? 
how to fix this?

Reported by [https://code.google.com/u/114415527994645740894/ kev.y.wang], Jan 
1, 2012

*What steps will reproduce the problem?*
1. inside libfreefare-0.3.2 dir, run ./configure --prefix=/usr
2. make


*What is the expected output? What do you see instead?*
The expected output should not have the warnings that I see:

Smooth-Lightning:libfreefare-0.3.2 kevin$ make
make  all-recursive
Making all in contrib
Making all in libutil
make[3]: Nothing to be done for `all'.
make[3]: Nothing to be done for `all-am'.
Making all in libfreefare
  CC     freefare.lo
  CC     mifare_classic.lo
mifare_classic.c: In function ‘mifare_classic_init_value’:
mifare_classic.c:326: warning: implicit declaration of function ‘htole32’
mifare_classic.c: In function ‘mifare_classic_read_value’:
mifare_classic.c:364: warning: implicit declaration of function ‘le32toh’
  CC     mifare_ultralight.lo
mifare_ultralight.c: In function ‘mifare_ultralightc_authenticate’:
mifare_ultralight.c:265: warning: ‘DES_random_key’ is deprecated (declared 
at /usr/include/openssl/des.h:218)
  CC     mifare_desfire.lo
mifare_desfire.c: In function ‘authenticate’:
mifare_desfire.c:355: warning: ‘RAND_bytes’ is deprecated (declared at 
/usr/include/openssl/rand.h:104)
mifare_desfire.c: In function ‘mifare_desfire_get_df_names’:
mifare_desfire.c:826: warning: implicit declaration of function ‘le16toh’
mifare_desfire.c: In function ‘mifare_desfire_get_file_settings’:
mifare_desfire.c:1249: warning: implicit declaration of function ‘le32toh’
  CC     mifare_desfire_aid.lo
...

Basically, some of the endian macros defined in freefare_internal.h are not 
working. The compilation succeeds, but when trying to run some of the examples 
(like mifare-classic-write-ndef), I get the following:

dyld: lazy symbol binding failed: Symbol not found: _htole32
  Referenced from: /Users/kevin/dev/libfreefare-0.3.2/libfreefare/.libs/libfreefare.0.dylib
  Expected in: flat namespace

dyld: Symbol not found: _htole32
  Referenced from: /Users/kevin/dev/libfreefare-0.3.2/libfreefare/.libs/libfreefare.0.dylib
  Expected in: flat namespace

Which makes sense, since during compilation, those were never defined.

*What version of the product are you using? On what operating system?*
OS: Mac OS X 10.7.
Version: libfreefare-0.3.2

Looking at it some more, would #ifdef macros in freefare_internal.h that use 
<libkern/OSByteOrder.h> work?

----
Comment 2 by project member ludovic.rousseau, May 19, 2012
Maybe the solution is to use _standard_ C functions like:

NAME
     htonl, htons, ntohl, ntohs -- convert values between host and network
     byte order

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <arpa/inet.h>

     uint32_t
     htonl(uint32_t hostlong);

     uint16_t
     htons(uint16_t hostshort);

     uint32_t
     ntohl(uint32_t netlong);

     uint16_t
     ntohs(uint16_t netshort);

I'm using libfreefare for multiple projects in order to isolate myself from a 
DESfire implementation (I'm under an NXP NDA). Currently it's entirely bound to 
libnfc, which is a pity since libnfc only handles a very small fraction of all 
available RFID readers. Most of them come with an PC/SC IFD handler, even for 
Linux!

The DESfire functions specifically would be a great match for T=CL handling 
through PC/SC, but part 3 section 3.2.2.1 of the specification 
(http://www.pcscworkgroup.com/specifications/specdownload.php) also details 
operations on storage cards like Mifare Classic which are implemented by at 
least some devices (all Omnikey devices do this in the IFD handler, some other, 
I think SCM, do it in the reader firmware).

Implementing libfreefare support for PC/SC would greatly increase the 
usefulness and range of supported devices.

What steps will reproduce the problem?
1. Attempt to read page 0x2b
2. mifare_ultralight_read will return -1

Reading other pages seem to be fine.

What is the expected output? What do you see instead?
The expected output is a proper read of page 0x2b. Instead, 0x2b cannot be read.

What version of the product are you using? On what operating system?
Latest libfreefare from git compiled with Ubuntu 12.04 and libnfc-1.7.0-rc7.

Please provide any additional information below.

Using Smartcard Commander in Windows, I am able to read the tag with no 
problems, including page 0x2b.

Most functions in mifare_classic.c contain a little prelude to check the input 
data for sanity:

    ASSERT_ACTIVE (tag);
    ASSERT_MIFARE_CLASSIC (tag);

Some other functions don't do this. I found that at least the following 
functions don't check the state of tag:

    mifare_classic_get_trailer_block_permission
    mifare_classic_get_data_block_permission
    mifare_classic_format_sector

Perhaps I am in err about this, but if the libfreefare really does not perform 
any checks here, this might be a bug. Perhaps the problem also affects other 
tag types.

I'm using libfreefare for multiple DESfire projects (as of yet: 
https://github.com/henryk/libopenkey and 
https://github.com/henryk/desfire-tools). One issue that's come up multiple 
times is handling a "card removed" error.

From the PC/SC environment I'm used to having the framework handle that: Once a 
card connection is lost, all further attempts to submit commands will 
immediately return with an error. libfreefare doesn't do that. Calling for 
example mifare_desfire_select_application() on a card that's been removed will 
actually try to transmit the command (as seen in DEBUG_XFER output) and return 
after a timeout.

libnfc provides nfc_device_get_last_error() which will return NFC_ERFTRANS in 
this case, but it can't be accessed properly from libfreefare. I've discovered 
that MifareTag can be cast to nfc_device** and then dereferenced to call libnfc 
functions (see 
https://github.com/henryk/desfire-tools/blob/64dbb9d51c3feecd1aa99da8556273ebc7c
7db84/src/mifare-desfire-analyze.c#L45) and am using this as a workaround, but 
that's hardly proper methodology.

Could libfreefare either:
a) Provide a defined way to access the nfc_device pointer and call libnfc 
functions (even just defining the above cast as proper and promising to always 
keep the structure to allow it would suffice for this)
b) Track permanent errors and not carry out any timeout-inducing actions 
afterwards. Or at least give a defined feedback to the caller that he may not 
attempt any further action on the tag. (Currently you could do something like 
"if mifare_desfire_select_application() fails but both 
mifare_desfire_last_picc_error() and mifare_desfire_last_pcd_error() return 0 
then maybe the tag is gone" but that's only a heuristic and not easily 
universally used.)

Actually it would be best if both happen. The point where I initially 
discovered the cast is for 
https://github.com/henryk/desfire-tools/blob/64dbb9d51c3feecd1aa99da8556273ebc7c
7db84/src/mifare-desfire-analyze.c#L296 where I want to find out if an AES or 
DES authentication is directly answered with an authentication error (meaning 
that the authentication mode is not supported) or an additional frame status 
(meaning that the authentication mode is supported). 
mifare_desfire_authenticate() handles these internally and 
mifare_desfire_last_picc_error() doesn't distinguish between "authentication 
mode not supported" and "key wrong". So I still need the ability to issue raw 
libnfc commands, or maybe a status flag that I can interrogate that shows 
whether the authentication failed after the first or second command.

What steps will reproduce the problem?
1. Use the function mifare_desfire_debit/credit
2.
3.

What is the expected output? What do you see instead?
the value of the value file gets changed when i get a 0 as return from the 
function

What version of the product are you using? On what operating system?
version 0.4.0 of libfreefare on OS X 10.10 and Ubuntu 14.04.
Using an ACR122U and a DESFire EV1 4k card

Please provide any additional information below.
All other functions seem to work as expected. 

Bugs in the libfreefare that affect this project.

mifare_ultralight.c

 * function mifare_ultralightc_authenticate does not set errno on encryption
   failure. This could make finding what kind of error happened a little bit
   more difficult. Anyway, cgo clears errno before any C call so this should not
   affect us in most circumstances. (Reported as issue #20, fixed)

mifare_desfire_key.c

* Objects of type MifareDESFireKey are opaque and allocated by the libfreefare.
  This makes it more difficult than it could be to wrap the library. These
  objects are not tied to any ressources and should therefore be treatable like
  any other "disposable" object. But because Go cannot track their allocation,
  the user of the Go wrapper has to manually keep track of MifareDESFireKeys.
  This is a huge inconvenience which could be entirely avoided by adding a
  callback to the libfreefare that allows a user to provide its own allocation
  function. (Reported as issue #21)

mifare_classic.c

* Some functions that assume a MifareTag is a Mifare Classic Tag don't check if
  that assumption holds. The wrapper has to perform extra checks to avoid memory
  corruption from invalid input data. (Reported as issue #23)

mifare_application.c

* The function mifare_application_free does not check for the possibility that
  mifare_application_find returned a NULL pointer. The libfreefare crashes when
  you try to delete a nonexisting application or when malloc returned NULL in
  mifare_application_find (Reported as issue #24 with patch). A similar issue
  exists with mifare_application_write. Even though the function checks the
  return valueo of mifare_application_find, it does not check if the NULL result
  came from malloc-failure and unconditionally returns EBADF instead of ENOMEM.
  (Reported as additional patch to issue #23)

mifare_desfire.c

* The function mifare_desfire_get_file_ids() has an argument files of type
  uint8_t *files[] (array of pointers to uint8_t). This should probably have
  been uint8_t (*files)[] (pointer to array of uint8_t). The same issue appears
  in mifare_desfire_get_iso_file_ids(): parameter uint16_t *files[] should have
  type uint16_t (*files)[]. (filed as issue #26)

* The function mifare_desfire_read_data() writes more than length bytes into the
  data buffer. This is undocumented and I was unable to deduct how long the
  buffer is supposed to be. (filed as issue #28)

freefare.c

* The function freefare_get_tag_uid() does not check the return value of
  malloc, potentially causing crashes or memory corruption. (filed as issue #25,
  fixed)

What steps will reproduce the problem?
1. brew install libnfc
2. brew install libfreefare (or compile from source)
3. format and write a tag

mifare-classic-read-ndef and mifare-classic-format work OK, 
but mifare-classic-write-ndef fails with Symbol not found: _htole32 

What is the expected output? What do you see instead?

$ ./examples/mifare-classic-write-ndef -y -i hello.dmp 
NDEF file is 19 bytes long.
Found Mifare Classic 1k with UID fa4360e6. 
dyld: lazy symbol binding failed: Symbol not found: _htole32
  Referenced from: /Users/don/Downloads/libfreefare-0.4.0/libfreefare/.libs/libfreefare.0.dylib
  Expected in: flat namespace

dyld: Symbol not found: _htole32
  Referenced from: /Users/don/Downloads/libfreefare-0.4.0/libfreefare/.libs/libfreefare.0.dylib
  Expected in: flat namespace

Trace/BPT trap: 5

What version of the product are you using? On what operating system?

libnfc 1.7.0
libfreefare 0.4.0 
OS X 10.9.4

Please provide any additional information below.

I get the same results from brew or compiling from source

for compiling, brew install automake and libtool

In the source for mifare_application_free(), a call to 
mifare_application_find() is done. This call could return NULL if malloc() 
fails, but mifare_application_free() doesn't check for this condition.

I suggest applying the attached patch.

It should better do so.

At the same time, it would perhaps make sense to rewrite the function to be a 
little bit more efficient than calling snprintf() in a loop.