]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/cmdlfhitag.c
FIX: @marshmellow's fix for "lf viking clone", wrong mask was applied.
[proxmark3-svn] / client / cmdlfhitag.c
CommitLineData
db09cb3a 1//-----------------------------------------------------------------------------
2// Copyright (C) 2012 Roel Verdult
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Low frequency Hitag support
9//-----------------------------------------------------------------------------
10
11#include <stdio.h>
12#include <stdlib.h>
13#include <string.h>
14#include "data.h"
902cb3c0 15#include "proxmark3.h"
db09cb3a 16#include "ui.h"
17#include "cmdparser.h"
18#include "common.h"
19#include "util.h"
20#include "hitag2.h"
902cb3c0 21#include "sleep.h"
22#include "cmdmain.h"
db09cb3a 23
24static int CmdHelp(const char *Cmd);
25
47e18126 26size_t nbytes(size_t nbits) {
27 return (nbits/8)+((nbits%8)>0);
28}
29
db09cb3a 30int CmdLFHitagList(const char *Cmd)
31{
f71f4deb 32 uint8_t *got = malloc(USB_CMD_DATA_SIZE);
33
34 // Query for the actual size of the trace
35 UsbCommand response;
36 GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0);
37 WaitForResponse(CMD_ACK, &response);
38 uint16_t traceLen = response.arg[2];
39 if (traceLen > USB_CMD_DATA_SIZE) {
40 uint8_t *p = realloc(got, traceLen);
41 if (p == NULL) {
42 PrintAndLog("Cannot allocate memory for trace");
43 free(got);
44 return 2;
45 }
46 got = p;
47 GetFromBigBuf(got, traceLen, 0);
48 WaitForResponse(CMD_ACK,NULL);
49 }
50
51 PrintAndLog("recorded activity (TraceLen = %d bytes):");
52 PrintAndLog(" ETU :nbits: who bytes");
53 PrintAndLog("---------+-----+----+-----------");
db09cb3a 54
f71f4deb 55 int i = 0;
56 int prev = -1;
57 int len = strlen(Cmd);
b915fda3 58
f71f4deb 59 char filename[FILE_PATH_SIZE] = { 0x00 };
60 FILE* pf = NULL;
b915fda3 61
09181a54 62 if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
f71f4deb 63 memcpy(filename, Cmd, len);
b915fda3 64
f71f4deb 65 if (strlen(filename) > 0) {
66 if ((pf = fopen(filename,"wb")) == NULL) {
67 PrintAndLog("Error: Could not open file [%s]",filename);
68 return 1;
69 }
b915fda3 70 }
db09cb3a 71
f71f4deb 72 for (;;) {
b915fda3 73
ab7bb494 74 if(i >= traceLen) { break; }
f71f4deb 75
76 bool isResponse;
77 int timestamp = *((uint32_t *)(got+i));
78 if (timestamp & 0x80000000) {
79 timestamp &= 0x7fffffff;
80 isResponse = 1;
81 } else {
82 isResponse = 0;
83 }
84
85 int parityBits = *((uint32_t *)(got+i+4));
86 // 4 bytes of additional information...
87 // maximum of 32 additional parity bit information
88 //
89 // TODO:
90 // at each quarter bit period we can send power level (16 levels)
91 // or each half bit period in 256 levels.
92
93 int bits = got[i+8];
94 int len = nbytes(got[i+8]);
95
96 if (len > 100) {
97 break;
98 }
99 if (i + len > traceLen) { break;}
100
101 uint8_t *frame = (got+i+9);
102
103 // Break and stick with current result if buffer was not completely full
104 if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
105
106 char line[1000] = "";
107 int j;
108 for (j = 0; j < len; j++) {
109 int oddparity = 0x01;
110 int k;
111
112 for (k=0;k<8;k++) {
113 oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
114 }
115
116 //if((parityBits >> (len - j - 1)) & 0x01) {
117 if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
118 sprintf(line+(j*4), "%02x! ", frame[j]);
119 }
120 else {
121 sprintf(line+(j*4), "%02x ", frame[j]);
122 }
123 }
124
125 PrintAndLog(" +%7d: %3d: %s %s",
126 (prev < 0 ? 0 : (timestamp - prev)),
127 bits,
128 (isResponse ? "TAG" : " "),
129 line);
130
131 if (pf) {
132 fprintf(pf," +%7d: %3d: %s %s\n",
133 (prev < 0 ? 0 : (timestamp - prev)),
134 bits,
135 (isResponse ? "TAG" : " "),
136 line);
137 }
138
139 prev = timestamp;
140 i += (len + 9);
141 }
2d495a81 142
f71f4deb 143 if (pf) {
144 fclose(pf);
145 PrintAndLog("Recorded activity succesfully written to file: %s", filename);
146 }
97d582a6 147
f71f4deb 148 free(got);
149 return 0;
db09cb3a 150}
151
152int CmdLFHitagSnoop(const char *Cmd) {
09181a54 153 UsbCommand c = {CMD_SNOOP_HITAG};
154 clearCommandBuffer();
155 SendCommand(&c);
156 return 0;
db09cb3a 157}
158
159int CmdLFHitagSim(const char *Cmd) {
b915fda3 160
09181a54 161 UsbCommand c = {CMD_SIMULATE_HITAG};
b915fda3 162 char filename[FILE_PATH_SIZE] = { 0x00 };
db09cb3a 163 FILE* pf;
164 bool tag_mem_supplied;
09181a54 165
b915fda3 166 int len = strlen(Cmd);
167 if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
168 memcpy(filename, Cmd, len);
09181a54 169
db09cb3a 170 if (strlen(filename) > 0) {
171 if ((pf = fopen(filename,"rb+")) == NULL) {
172 PrintAndLog("Error: Could not open file [%s]",filename);
173 return 1;
174 }
175 tag_mem_supplied = true;
841d7af0 176 size_t bytes_read = fread(c.d.asBytes, 48, 1, pf);
177 if ( bytes_read == 0) {
09181a54 178 PrintAndLog("Error: File reading error");
179 fclose(pf);
759c16b3 180 return 1;
09181a54 181 }
db09cb3a 182 fclose(pf);
183 } else {
184 tag_mem_supplied = false;
185 }
09181a54 186
db09cb3a 187 // Does the tag comes with memory
188 c.arg[0] = (uint32_t)tag_mem_supplied;
189
09181a54 190 clearCommandBuffer();
191 SendCommand(&c);
192 return 0;
db09cb3a 193}
194
195int CmdLFHitagReader(const char *Cmd) {
db09cb3a 196
09181a54 197
db09cb3a 198 UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
199 hitag_data* htd = (hitag_data*)c.d.asBytes;
200 hitag_function htf = param_get32ex(Cmd,0,0,10);
201
202 switch (htf) {
203 case RHT2F_PASSWORD: {
204 num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
205 } break;
206 case RHT2F_AUTHENTICATE: {
207 num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
208 num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
209 } break;
bde10a50 210 case RHT2F_CRYPTO: {
211 num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
bde10a50 212 } break;
db09cb3a 213 case RHT2F_TEST_AUTH_ATTEMPTS: {
214 // No additional parameters needed
215 } break;
216 default: {
217 PrintAndLog("Error: unkown reader function %d",htf);
ab4da50d 218 PrintAndLog("Hitag reader functions");
219 PrintAndLog(" HitagS (0*)");
220 PrintAndLog(" Hitag1 (1*)");
221 PrintAndLog(" Hitag2 (2*)");
222 PrintAndLog(" 21 <password> (password mode)");
223 PrintAndLog(" 22 <nr> <ar> (authentication)");
224 PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
225 PrintAndLog(" 25 (test recorded authentications)");
db09cb3a 226 return 1;
227 } break;
228 }
229
230 // Copy the hitag2 function into the first argument
231 c.arg[0] = htf;
232
09181a54 233 clearCommandBuffer();
234 // Send the command to the proxmark
235 SendCommand(&c);
ab4da50d 236
09181a54 237 UsbCommand resp;
238 WaitForResponse(CMD_ACK,&resp);
239
240 // Check the return status, stored in the first argument
241 if (resp.arg[0] == false) return 1;
242
243 uint32_t id = bytes_to_num(resp.d.asBytes,4);
244 char filename[FILE_PATH_SIZE];
245 FILE* pf = NULL;
246
247 sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
248 if ((pf = fopen(filename,"wb")) == NULL) {
249 PrintAndLog("Error: Could not open file [%s]",filename);
250 return 1;
251 }
252
253 // Write the 48 tag memory bytes to file and finalize
254 fwrite(resp.d.asBytes,1,48,pf);
255 fclose(pf);
256
257 PrintAndLog("Succesfully saved tag memory to [%s]",filename);
258 return 0;
db09cb3a 259}
260
09181a54 261static command_t CommandTable[] = {
262 {"help", CmdHelp, 1, "This help"},
263 {"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
264 {"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
265 {"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
266 {"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
267 {NULL, NULL, 0, NULL}
db09cb3a 268};
269
270int CmdLFHitag(const char *Cmd)
271{
09181a54 272 CmdsParse(CommandTable, Cmd);
273 return 0;
db09cb3a 274}
275
276int CmdHelp(const char *Cmd)
277{
09181a54 278 CmdsHelp(CommandTable);
279 return 0;
db09cb3a 280}
Impressum, Datenschutz