[proxmark3-svn] / client / cmdhficlass.c

//-----------------------------------------------------------------------------
// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>, Hagen Fritsch
// Copyright (C) 2011 Gerhard de Koning Gans
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// High frequency iClass commands
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
#include "data.h"
//#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
#include "cmdhficlass.h"
#include "common.h"
#include "util.h"
#include "cmdmain.h"

static int CmdHelp(const char *Cmd);

int xorbits_8(uint8_t val)
{
	uint8_t res = val ^ (val >> 1); //1st pass
	res = res ^ (res >> 1); 		// 2nd pass
	res = res ^ (res >> 2); 		// 3rd pass
	res = res ^ (res >> 4); 			// 4th pass
	return res & 1;
}

int CmdHFiClassList(const char *Cmd)
{

	bool ShowWaitCycles = false;
	char param = param_getchar(Cmd, 0);

	if (param != 0) {
		PrintAndLog("List data in trace buffer.");
		PrintAndLog("Usage:  hf iclass list");
		PrintAndLog("h - help");
		PrintAndLog("sample: hf iclass list");
		return 0;
	}

	uint8_t got[1920];
	GetFromBigBuf(got,sizeof(got),0);
	WaitForResponse(CMD_ACK,NULL);

	PrintAndLog("Recorded Activity");
	PrintAndLog("");
	PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer");
	PrintAndLog("All times are in carrier periods (1/13.56Mhz)");
	PrintAndLog("");
	PrintAndLog("     Start |       End | Src | Data");
	PrintAndLog("-----------|-----------|-----|--------");

	int i;
	uint32_t first_timestamp = 0;
	uint32_t timestamp;
	bool tagToReader;
	uint32_t parityBits;
	uint8_t len;
	uint8_t *frame;
	uint32_t EndOfTransmissionTimestamp = 0;

	uint8_t empty[4] = {0x44,0x44,0x44,0x44};

	for( i=0; i < 1900;)
	{
		//First 32 bits contain
		// isResponse (1 bit)
		// timestamp (remaining)
		//Then paritybits
		//Then length
		timestamp = *((uint32_t *)(got+i));
		parityBits = *((uint32_t *)(got+i+4));
		len = got[i+8];
		frame = (got+i+9);
		uint32_t next_timestamp = (*((uint32_t *)(got+i+9))) & 0x7fffffff;

		tagToReader = timestamp & 0x80000000;
		timestamp &= 0x7fffffff;

		if(i==0) {
			first_timestamp = timestamp;
		}

		// Break and stick with current result if buffer
		// was not completely full
		if(memcmp(frame,empty,sizeof(empty))) break;

		char line[1000] = "";

		if(len)//We have some data to display
		{
			int j,oddparity;

			for(j = 0; j < len ; j++)
			{
				oddparity = 0x01 ^ xorbits_8(frame[j] & 0xFF);

				if (tagToReader && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
					sprintf(line+(j*4), "%02x!  ", frame[j]);
				} else {
					sprintf(line+(j*4), "%02x   ", frame[j]);
				}
			}
		}else
		{
			if (ShowWaitCycles) {
				sprintf(line, "fdt (Frame Delay Time): %d", (next_timestamp - timestamp));
			}
		}

		char *crc = "";

		if(len > 2)
		{
			uint8_t b1, b2;
			if(!tagToReader && len == 4) {
				// Rough guess that this is a command from the reader
				// For iClass the command byte is not part of the CRC
					ComputeCrc14443(CRC_ICLASS, &frame[1], len-3, &b1, &b2);
			}
			else {
				  // For other data.. CRC might not be applicable (UPDATE commands etc.)
				ComputeCrc14443(CRC_ICLASS, frame, len-2, &b1, &b2);
			}

			if (b1 != frame[len-2] || b2 != frame[len-1]) {
				crc = (tagToReader & (len < 8)) ? "" : " !crc";
			}
		}

		i += (len + 9);
		EndOfTransmissionTimestamp = (*((uint32_t *)(got+i))) & 0x7fffffff;

		// Not implemented for iclass on the ARM-side
		//if (!ShowWaitCycles) i += 9;

		PrintAndLog(" %9d | %9d | %s | %s %s",
			(timestamp - first_timestamp),
			(EndOfTransmissionTimestamp - first_timestamp),
			(len?(tagToReader ? "Tag" : "Rdr"):"   "),
			line, crc);
	}
	return 0;
}

int CmdHFiClassListOld(const char *Cmd)
{
  uint8_t got[1920];
  GetFromBigBuf(got,sizeof(got),0);

  PrintAndLog("recorded activity:");
  PrintAndLog(" ETU     :rssi: who bytes");
  PrintAndLog("---------+----+----+-----------");

  int i = 0;
  int prev = -1;

  for (;;) {
    if(i >= 1900) {
      break;
    }

    bool isResponse;
    int timestamp = *((uint32_t *)(got+i));
    if (timestamp & 0x80000000) {
      timestamp &= 0x7fffffff;
      isResponse = 1;
    } else {
      isResponse = 0;
    }


    int metric = 0;

    int parityBits = *((uint32_t *)(got+i+4));
    // 4 bytes of additional information...
    // maximum of 32 additional parity bit information
    //
    // TODO:
    // at each quarter bit period we can send power level (16 levels)
    // or each half bit period in 256 levels.


    int len = got[i+8];

    if (len > 100) {
      break;
    }
    if (i + len >= 1900) {
      break;
    }

    uint8_t *frame = (got+i+9);

    // Break and stick with current result if buffer was not completely full
    if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }

    char line[1000] = "";
    int j;
    for (j = 0; j < len; j++) {
      int oddparity = 0x01;
      int k;

      for (k=0;k<8;k++) {
        oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
      }

      //if((parityBits >> (len - j - 1)) & 0x01) {
      if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
        sprintf(line+(j*4), "%02x!  ", frame[j]);
      }
      else {
        sprintf(line+(j*4), "%02x   ", frame[j]);
      }
    }

    char *crc;
    crc = "";
    if (len > 2) {
      uint8_t b1, b2;
      for (j = 0; j < (len - 1); j++) {
        // gives problems... search for the reason..
        /*if(frame[j] == 0xAA) {
          switch(frame[j+1]) {
            case 0x01:
              crc = "[1] Two drops close after each other";
            break;
            case 0x02:
              crc = "[2] Potential SOC with a drop in second half of bitperiod";
              break;
            case 0x03:
              crc = "[3] Segment Z after segment X is not possible";
              break;
            case 0x04:
              crc = "[4] Parity bit of a fully received byte was wrong";
              break;
            default:
              crc = "[?] Unknown error";
              break;
          }
          break;
        }*/
      }

      if (strlen(crc)==0) {
	if(!isResponse && len == 4) {
		// Rough guess that this is a command from the reader
		// For iClass the command byte is not part of the CRC
	        ComputeCrc14443(CRC_ICLASS, &frame[1], len-3, &b1, &b2);
	}
	else {
		// For other data.. CRC might not be applicable (UPDATE commands etc.)
	        ComputeCrc14443(CRC_ICLASS, frame, len-2, &b1, &b2);
	}
	//printf("%1x %1x",(unsigned)b1,(unsigned)b2);
        if (b1 != frame[len-2] || b2 != frame[len-1]) {
          crc = (isResponse & (len < 8)) ? "" : " !crc";
        } else {
          crc = "";
        }
      }
    } else {
      crc = ""; // SHORT
    }

    char metricString[100];
    if (isResponse) {
      sprintf(metricString, "%3d", metric);
    } else {
      strcpy(metricString, "   ");
    }

    PrintAndLog(" +%7d: %s: %s %s %s",
      (prev < 0 ? 0 : (timestamp - prev)),
      metricString,
      (isResponse ? "TAG" : "   "), line, crc);

    prev = timestamp;
    i += (len + 9);
  }
  return 0;
}

/*void iso14a_set_timeout(uint32_t timeout) {
	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_SET_TIMEOUT, 0, timeout}};
	SendCommand(&c);
}*/

int CmdHFiClassSnoop(const char *Cmd)
{
  UsbCommand c = {CMD_SNOOP_ICLASS};
  SendCommand(&c);
  return 0;
}

int CmdHFiClassSim(const char *Cmd)
{
  uint8_t simType = 0;
  uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};

  if (strlen(Cmd)<1) {
	PrintAndLog("Usage:  hf iclass sim [0 <CSN>] | x");
	PrintAndLog("        options");
	PrintAndLog("                0 <CSN> simulate the given CSN");
	PrintAndLog("                1       simulate default CSN");
	PrintAndLog("                2       iterate CSNs, gather MACs");
	PrintAndLog("        sample: hf iclass sim 0 031FEC8AF7FF12E0");
	PrintAndLog("        sample: hf iclass sim 2");
	return 0;
  }	

  simType = param_get8(Cmd, 0);

  if(simType == 0)
  {
	  if (param_gethex(Cmd, 1, CSN, 16)) {
		  PrintAndLog("A CSN should consist of 16 HEX symbols");
		  return 1;
	  }
	  PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));

  }
  if(simType > 2)
  {
	  PrintAndLog("Undefined simptype %d", simType);
	  return 1;
  }
  uint8_t numberOfCSNs=0;

  UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,numberOfCSNs}};
  memcpy(c.d.asBytes, CSN, 8);

  if(simType == 2)
  {
	  c.arg[1] = 10;//10 CSNs
	  uint8_t csns[] ={
			  /* Order    Simulated CSN                               HASH1           Recovered key bytes */
			  /*   1   */ 0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0,// 0101000045014545 00,01 45
			  /*   2   */  0x03,0x0B,0x0E,0xFE,0xF7,0xFF,0x12,0xE0,// 0202000045014545 02
			  /*   3   */  0x04,0x0D,0x0D,0xFD,0xF7,0xFF,0x12,0xE0,// 0303000045014545 03
			  /*   4   */  0x04,0x0F,0x0F,0xF7,0xF7,0xFF,0x12,0xE0,// 0901000045014545 09
			  /*   5   */  0x01,0x13,0x10,0xF4,0xF7,0xFF,0x12,0xE0,// 0C00000045014545 0C
			  /*   6   */  0x02,0x14,0x10,0xF2,0xF7,0xFF,0x12,0xE0,// 0E00000045014545 0E
			  /*   7   */  0x05,0x17,0x10,0xEC,0xF7,0xFF,0x12,0xE0,// 1400000045014545 14
			  /*   8   */  0x00,0x6B,0x6F,0xDF,0xF7,0xFF,0x12,0xE0,// 2121000045014545 21
			  /*   9   */  0x03,0x6B,0x6E,0xDE,0xF7,0xFF,0x12,0xE0,// 2222000045014545 22
			  /*   10  */  0x04,0x6D,0x6D,0xDD,0xF7,0xFF,0x12,0xE0,// 2323000045014545 23
			  /*   11  */  0x00,0x4F,0x4B,0x43,0xF7,0xFF,0x12,0xE0,// 3D45000045014545 3D
			  /*   12  */  0x00,0x4B,0x4F,0x3F,0xF7,0xFF,0x12,0xE0,// 4141000045014545 41
			  /*   13  */  0x03,0x4B,0x4E,0x3E,0xF7,0xFF,0x12,0xE0,// 4242000045014545 42
			  /*   14  */  0x04,0x4D,0x4D,0x3D,0xF7,0xFF,0x12,0xE0,// 4343000045014545 43
			  /*   15  */  0x04,0x37,0x37,0x7F,0xF7,0xFF,0x12,0xE0,// 0159000045014545 59
			  /*   16  */  0x00,0x2B,0x2F,0x9F,0xF7,0xFF,0x12,0xE0,// 6161000045014545 61
			  /*   17  */  0x03,0x2B,0x2E,0x9E,0xF7,0xFF,0x12,0xE0,// 6262000045014545 62
			  /*   18  */  0x04,0x2D,0x2D,0x9D,0xF7,0xFF,0x12,0xE0,// 6363000045014545 63
			  /*   19  */  0x00,0x27,0x23,0xBB,0xF7,0xFF,0x12,0xE0,// 456D000045014545 6D
			  /*   20  */  0x02,0x52,0xAA,0x80,0xF7,0xFF,0x12,0xE0,// 0066000045014545 66
			  /*   21  */  0x00,0x5C,0xA6,0x80,0xF7,0xFF,0x12,0xE0,// 006A000045014545 6A
			  /*   22  */  0x01,0x5F,0xA4,0x80,0xF7,0xFF,0x12,0xE0,// 006C000045014545 6C
			  /*   23  */  0x06,0x5E,0xA2,0x80,0xF7,0xFF,0x12,0xE0,// 006E000045014545 6E
			  /*   24  */  0x02,0x0E,0x0E,0xFC,0xF7,0xFF,0x12,0xE0,// 0402000045014545 04
			  /*   25  */  0x05,0x0D,0x0E,0xFA,0xF7,0xFF,0x12,0xE0,// 0602000045014545 06
			  /*   26  */  0x06,0x0F,0x0D,0xF9,0xF7,0xFF,0x12,0xE0,// 0703000045014545 07
			  /*   27  */  0x00,0x01,0x05,0x1D,0xF7,0xFF,0x12,0xE0,// 630B000045014545 0B
			  /*   28  */  0x02,0x07,0x01,0x1D,0xF7,0xFF,0x12,0xE0,// 630F000045014545 0F
			  /*   29  */  0x04,0x7F,0x7F,0xA7,0xF7,0xFF,0x12,0xE0,// 5911000045014545 11
			  /*   30  */  0x04,0x60,0x6E,0xE8,0xF7,0xFF,0x12,0xE0,// 1822000045014545 18
			};
	  memcpy(c.d.asBytes, csns, sizeof(c.d.asBytes));

  }

  SendCommand(&c);

  /*UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);
  if (resp != NULL) {
	uint8_t                isOK  = resp->arg[0] & 0xff;
	PrintAndLog("isOk:%02x", isOK);
  } else {
	PrintAndLog("Command execute timeout");
  }*/

  return 0;
}

int CmdHFiClassReader(const char *Cmd)
{
  uint8_t readerType = 0;

  if (strlen(Cmd)<1) {
	PrintAndLog("Usage:  hf iclass reader    <reader type>");
	PrintAndLog("        sample: hf iclass reader 0");
	return 0;
  }	

  readerType = param_get8(Cmd, 0);
  PrintAndLog("--readertype:%02x", readerType);

  UsbCommand c = {CMD_READER_ICLASS, {readerType}};
  //memcpy(c.d.asBytes, CSN, 8);
  SendCommand(&c);

  /*UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 1500);
  if (resp != NULL) {
	uint8_t                isOK  = resp->arg[0] & 0xff;
	PrintAndLog("isOk:%02x", isOK);
  } else {
	PrintAndLog("Command execute timeout");
  }*/

  return 0;
}

static command_t CommandTable[] = 
{
  {"help",    CmdHelp,        1, "This help"},
  {"list",    CmdHFiClassList,   0, "List iClass history"},
  {"snoop",   CmdHFiClassSnoop,  0, "Eavesdrop iClass communication"},
  {"sim",     CmdHFiClassSim,    0, "Simulate iClass tag"},
  {"reader",  CmdHFiClassReader, 0, "Read an iClass tag"},
  {NULL, NULL, 0, NULL}
};

int CmdHFiClass(const char *Cmd)
{
  CmdsParse(CommandTable, Cmd);
  return 0;
}

int CmdHelp(const char *Cmd)
{
  CmdsHelp(CommandTable);
  return 0;
}
Commit	Line	Data
cee5a30d	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>, Hagen Fritsch
	3	// Copyright (C) 2011 Gerhard de Koning Gans
	4	//
	5	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	6	// at your option, any later version. See the LICENSE.txt file for the text of
	7	// the license.
	8	//-----------------------------------------------------------------------------
	9	// High frequency iClass commands
	10	//-----------------------------------------------------------------------------
	11
	12	#include <stdio.h>
	13	#include <stdlib.h>
	14	#include <string.h>
	15	#include "iso14443crc.h" // Can also be used for iClass, using 0xE012 as CRC-type
	16	#include "data.h"
28fdb04f	17	//#include "proxusb.h"
902cb3c0	18	#include "proxmark3.h"
cee5a30d	19	#include "ui.h"
	20	#include "cmdparser.h"
	21	#include "cmdhficlass.h"
	22	#include "common.h"
14006804	23	#include "util.h"
17cba269	24	#include "cmdmain.h"
cee5a30d	25
	26	static int CmdHelp(const char *Cmd);
	27
17cba269 MHS	28	int xorbits_8(uint8_t val)
	29	{
	30	uint8_t res = val ^ (val >> 1); //1st pass
	31	res = res ^ (res >> 1); // 2nd pass
	32	res = res ^ (res >> 2); // 3rd pass
	33	res = res ^ (res >> 4); // 4th pass
	34	return res & 1;
	35	}
	36
cee5a30d	37	int CmdHFiClassList(const char *Cmd)
17cba269 MHS	38	{
	39
	40	bool ShowWaitCycles = false;
	41	char param = param_getchar(Cmd, 0);
	42
	43	if (param != 0) {
	44	PrintAndLog("List data in trace buffer.");
	45	PrintAndLog("Usage: hf iclass list");
	46	PrintAndLog("h - help");
	47	PrintAndLog("sample: hf iclass list");
	48	return 0;
	49	}
	50
	51	uint8_t got[1920];
	52	GetFromBigBuf(got,sizeof(got),0);
	53	WaitForResponse(CMD_ACK,NULL);
	54
	55	PrintAndLog("Recorded Activity");
	56	PrintAndLog("");
	57	PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer");
	58	PrintAndLog("All times are in carrier periods (1/13.56Mhz)");
	59	PrintAndLog("");
	60	PrintAndLog(" Start \| End \| Src \| Data");
	61	PrintAndLog("-----------\|-----------\|-----\|--------");
	62
	63	int i;
	64	uint32_t first_timestamp = 0;
	65	uint32_t timestamp;
	66	bool tagToReader;
	67	uint32_t parityBits;
	68	uint8_t len;
	69	uint8_t *frame;
	70	uint32_t EndOfTransmissionTimestamp = 0;
	71
	72	uint8_t empty[4] = {0x44,0x44,0x44,0x44};
	73
	74	for( i=0; i < 1900;)
	75	{
	76	//First 32 bits contain
	77	// isResponse (1 bit)
	78	// timestamp (remaining)
	79	//Then paritybits
	80	//Then length
	81	timestamp = ((uint32_t )(got+i));
	82	parityBits = ((uint32_t )(got+i+4));
	83	len = got[i+8];
	84	frame = (got+i+9);
	85	uint32_t next_timestamp = (((uint32_t )(got+i+9))) & 0x7fffffff;
	86
	87	tagToReader = timestamp & 0x80000000;
	88	timestamp &= 0x7fffffff;
	89
	90	if(i==0) {
	91	first_timestamp = timestamp;
	92	}
	93
	94	// Break and stick with current result if buffer
	95	// was not completely full
	96	if(memcmp(frame,empty,sizeof(empty))) break;
	97
	98	char line[1000] = "";
	99
	100	if(len)//We have some data to display
	101	{
102	int j,oddparity;
103
104	for(j = 0; j < len ; j++)
105	{
106	oddparity = 0x01 ^ xorbits_8(frame[j] & 0xFF);
107
108	if (tagToReader && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
109	sprintf(line+(j*4), "%02x! ", frame[j]);
110	} else {
111	sprintf(line+(j*4), "%02x ", frame[j]);
112	}
113	}
114	}else
115	{
116	if (ShowWaitCycles) {
117	sprintf(line, "fdt (Frame Delay Time): %d", (next_timestamp - timestamp));
118	}
119	}
120
121	char *crc = "";
122
123	if(len > 2)
124	{
125	uint8_t b1, b2;
126	if(!tagToReader && len == 4) {
127	// Rough guess that this is a command from the reader
128	// For iClass the command byte is not part of the CRC
129	ComputeCrc14443(CRC_ICLASS, &frame[1], len-3, &b1, &b2);
130	}
131	else {
132	// For other data.. CRC might not be applicable (UPDATE commands etc.)
133	ComputeCrc14443(CRC_ICLASS, frame, len-2, &b1, &b2);
134	}
135
136	if (b1 != frame[len-2] \|\| b2 != frame[len-1]) {
137	crc = (tagToReader & (len < 8)) ? "" : " !crc";
138	}
139	}
140
141	i += (len + 9);
142	EndOfTransmissionTimestamp = (((uint32_t )(got+i))) & 0x7fffffff;
143
144	// Not implemented for iclass on the ARM-side
145	//if (!ShowWaitCycles) i += 9;
146
147	PrintAndLog(" %9d \| %9d \| %s \| %s %s",
148	(timestamp - first_timestamp),
149	(EndOfTransmissionTimestamp - first_timestamp),
150	(len?(tagToReader ? "Tag" : "Rdr"):" "),
151	line, crc);
152	}
153	return 0;
154	}
155
156	int CmdHFiClassListOld(const char *Cmd)
cee5a30d	157	{
cee5a30d	158	uint8_t got[1920];
db09cb3a	159	GetFromBigBuf(got,sizeof(got),0);
cee5a30d	160
	161	PrintAndLog("recorded activity:");
	162	PrintAndLog(" ETU :rssi: who bytes");
	163	PrintAndLog("---------+----+----+-----------");
	164
	165	int i = 0;
	166	int prev = -1;
	167
	168	for (;;) {
	169	if(i >= 1900) {
	170	break;
	171	}
	172
	173	bool isResponse;
	174	int timestamp = ((uint32_t )(got+i));
	175	if (timestamp & 0x80000000) {
	176	timestamp &= 0x7fffffff;
	177	isResponse = 1;
	178	} else {
	179	isResponse = 0;
	180	}
	181
17cba269	182
cee5a30d	183	int metric = 0;
17cba269	184
cee5a30d	185	int parityBits = ((uint32_t )(got+i+4));
	186	// 4 bytes of additional information...
	187	// maximum of 32 additional parity bit information
	188	//
	189	// TODO:
	190	// at each quarter bit period we can send power level (16 levels)
	191	// or each half bit period in 256 levels.
	192
	193
	194	int len = got[i+8];
	195
	196	if (len > 100) {
	197	break;
	198	}
	199	if (i + len >= 1900) {
	200	break;
	201	}
	202
	203	uint8_t *frame = (got+i+9);
	204
	205	// Break and stick with current result if buffer was not completely full
	206	if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
	207
	208	char line[1000] = "";
	209	int j;
	210	for (j = 0; j < len; j++) {
	211	int oddparity = 0x01;
	212	int k;
	213
	214	for (k=0;k<8;k++) {
	215	oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
	216	}
	217
	218	//if((parityBits >> (len - j - 1)) & 0x01) {
	219	if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
	220	sprintf(line+(j*4), "%02x! ", frame[j]);
	221	}
	222	else {
	223	sprintf(line+(j*4), "%02x ", frame[j]);
	224	}
	225	}
	226
	227	char *crc;
	228	crc = "";
	229	if (len > 2) {
	230	uint8_t b1, b2;
	231	for (j = 0; j < (len - 1); j++) {
	232	// gives problems... search for the reason..
	233	/*if(frame[j] == 0xAA) {
	234	switch(frame[j+1]) {
	235	case 0x01:
	236	crc = "[1] Two drops close after each other";
	237	break;
	238	case 0x02:
	239	crc = "[2] Potential SOC with a drop in second half of bitperiod";
	240	break;
	241	case 0x03:
	242	crc = "[3] Segment Z after segment X is not possible";
	243	break;
	244	case 0x04:
	245	crc = "[4] Parity bit of a fully received byte was wrong";
	246	break;
	247	default:
	248	crc = "[?] Unknown error";
249	break;
250	}
251	break;
252	}*/
253	}
254
255	if (strlen(crc)==0) {
256	if(!isResponse && len == 4) {
257	// Rough guess that this is a command from the reader
258	// For iClass the command byte is not part of the CRC
259	ComputeCrc14443(CRC_ICLASS, &frame[1], len-3, &b1, &b2);
260	}
261	else {
262	// For other data.. CRC might not be applicable (UPDATE commands etc.)
263	ComputeCrc14443(CRC_ICLASS, frame, len-2, &b1, &b2);
264	}
265	//printf("%1x %1x",(unsigned)b1,(unsigned)b2);
266	if (b1 != frame[len-2] \|\| b2 != frame[len-1]) {
267	crc = (isResponse & (len < 8)) ? "" : " !crc";
268	} else {
269	crc = "";
270	}
271	}
272	} else {
273	crc = ""; // SHORT
274	}
275
276	char metricString[100];
277	if (isResponse) {
278	sprintf(metricString, "%3d", metric);
279	} else {
280	strcpy(metricString, " ");
281	}
282
283	PrintAndLog(" +%7d: %s: %s %s %s",
284	(prev < 0 ? 0 : (timestamp - prev)),
285	metricString,
286	(isResponse ? "TAG" : " "), line, crc);
287
288	prev = timestamp;
289	i += (len + 9);
290	}
291	return 0;
292	}
293
294	/*void iso14a_set_timeout(uint32_t timeout) {
295	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_SET_TIMEOUT, 0, timeout}};
296	SendCommand(&c);
297	}*/
298
299	int CmdHFiClassSnoop(const char *Cmd)
300	{
301	UsbCommand c = {CMD_SNOOP_ICLASS};
302	SendCommand(&c);
303	return 0;
304	}
305
1e262141	306	int CmdHFiClassSim(const char *Cmd)
	307	{
	308	uint8_t simType = 0;
	309	uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
	310
17cba269 MHS	311	if (strlen(Cmd)<1) {
	312	PrintAndLog("Usage: hf iclass sim [0 <CSN>] \| x");
	313	PrintAndLog(" options");
	314	PrintAndLog(" 0 <CSN> simulate the given CSN");
	315	PrintAndLog(" 1 simulate default CSN");
	316	PrintAndLog(" 2 iterate CSNs, gather MACs");
1e262141	317	PrintAndLog(" sample: hf iclass sim 0 031FEC8AF7FF12E0");
17cba269	318	PrintAndLog(" sample: hf iclass sim 2");
1e262141	319	return 0;
	320	}
	321
	322	simType = param_get8(Cmd, 0);
17cba269 MHS	323
	324	if(simType == 0)
	325	{
	326	if (param_gethex(Cmd, 1, CSN, 16)) {
	327	PrintAndLog("A CSN should consist of 16 HEX symbols");
	328	return 1;
	329	}
	330	PrintAndLog("--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));
	331
	332	}
	333	if(simType > 2)
	334	{
	335	PrintAndLog("Undefined simptype %d", simType);
	336	return 1;
1e262141	337	}
17cba269	338	uint8_t numberOfCSNs=0;
1e262141	339
17cba269	340	UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,numberOfCSNs}};
1e262141	341	memcpy(c.d.asBytes, CSN, 8);
17cba269 MHS	342
	343	if(simType == 2)
	344	{
	345	c.arg[1] = 10;//10 CSNs
	346	uint8_t csns[] ={
	347	/* Order Simulated CSN HASH1 Recovered key bytes */
	348	/* 1 */ 0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0,// 0101000045014545 00,01 45
	349	/* 2 */ 0x03,0x0B,0x0E,0xFE,0xF7,0xFF,0x12,0xE0,// 0202000045014545 02
	350	/* 3 */ 0x04,0x0D,0x0D,0xFD,0xF7,0xFF,0x12,0xE0,// 0303000045014545 03
	351	/* 4 */ 0x04,0x0F,0x0F,0xF7,0xF7,0xFF,0x12,0xE0,// 0901000045014545 09
	352	/* 5 */ 0x01,0x13,0x10,0xF4,0xF7,0xFF,0x12,0xE0,// 0C00000045014545 0C
	353	/* 6 */ 0x02,0x14,0x10,0xF2,0xF7,0xFF,0x12,0xE0,// 0E00000045014545 0E
	354	/* 7 */ 0x05,0x17,0x10,0xEC,0xF7,0xFF,0x12,0xE0,// 1400000045014545 14
	355	/* 8 */ 0x00,0x6B,0x6F,0xDF,0xF7,0xFF,0x12,0xE0,// 2121000045014545 21
	356	/* 9 */ 0x03,0x6B,0x6E,0xDE,0xF7,0xFF,0x12,0xE0,// 2222000045014545 22
	357	/* 10 */ 0x04,0x6D,0x6D,0xDD,0xF7,0xFF,0x12,0xE0,// 2323000045014545 23
	358	/* 11 */ 0x00,0x4F,0x4B,0x43,0xF7,0xFF,0x12,0xE0,// 3D45000045014545 3D
	359	/* 12 */ 0x00,0x4B,0x4F,0x3F,0xF7,0xFF,0x12,0xE0,// 4141000045014545 41
	360	/* 13 */ 0x03,0x4B,0x4E,0x3E,0xF7,0xFF,0x12,0xE0,// 4242000045014545 42
	361	/* 14 */ 0x04,0x4D,0x4D,0x3D,0xF7,0xFF,0x12,0xE0,// 4343000045014545 43
	362	/* 15 */ 0x04,0x37,0x37,0x7F,0xF7,0xFF,0x12,0xE0,// 0159000045014545 59
	363	/* 16 */ 0x00,0x2B,0x2F,0x9F,0xF7,0xFF,0x12,0xE0,// 6161000045014545 61
	364	/* 17 */ 0x03,0x2B,0x2E,0x9E,0xF7,0xFF,0x12,0xE0,// 6262000045014545 62
	365	/* 18 */ 0x04,0x2D,0x2D,0x9D,0xF7,0xFF,0x12,0xE0,// 6363000045014545 63
	366	/* 19 */ 0x00,0x27,0x23,0xBB,0xF7,0xFF,0x12,0xE0,// 456D000045014545 6D
	367	/* 20 */ 0x02,0x52,0xAA,0x80,0xF7,0xFF,0x12,0xE0,// 0066000045014545 66
	368	/* 21 */ 0x00,0x5C,0xA6,0x80,0xF7,0xFF,0x12,0xE0,// 006A000045014545 6A
	369	/* 22 */ 0x01,0x5F,0xA4,0x80,0xF7,0xFF,0x12,0xE0,// 006C000045014545 6C
	370	/* 23 */ 0x06,0x5E,0xA2,0x80,0xF7,0xFF,0x12,0xE0,// 006E000045014545 6E
	371	/* 24 */ 0x02,0x0E,0x0E,0xFC,0xF7,0xFF,0x12,0xE0,// 0402000045014545 04
	372	/* 25 */ 0x05,0x0D,0x0E,0xFA,0xF7,0xFF,0x12,0xE0,// 0602000045014545 06
	373	/* 26 */ 0x06,0x0F,0x0D,0xF9,0xF7,0xFF,0x12,0xE0,// 0703000045014545 07
	374	/* 27 */ 0x00,0x01,0x05,0x1D,0xF7,0xFF,0x12,0xE0,// 630B000045014545 0B
	375	/* 28 */ 0x02,0x07,0x01,0x1D,0xF7,0xFF,0x12,0xE0,// 630F000045014545 0F
	376	/* 29 */ 0x04,0x7F,0x7F,0xA7,0xF7,0xFF,0x12,0xE0,// 5911000045014545 11
	377	/* 30 */ 0x04,0x60,0x6E,0xE8,0xF7,0xFF,0x12,0xE0,// 1822000045014545 18
	378	};
	379	memcpy(c.d.asBytes, csns, sizeof(c.d.asBytes));
	380
	381	}
	382
1e262141	383	SendCommand(&c);
	384
	385	/UsbCommand resp = WaitForResponseTimeout(CMD_ACK, 1500);
	386	if (resp != NULL) {
	387	uint8_t isOK = resp->arg[0] & 0xff;
	388	PrintAndLog("isOk:%02x", isOK);
	389	} else {
	390	PrintAndLog("Command execute timeout");
	391	}*/
	392
	393	return 0;
	394	}
	395
	396	int CmdHFiClassReader(const char *Cmd)
	397	{
	398	uint8_t readerType = 0;
	399
	400	if (strlen(Cmd)<1) {
	401	PrintAndLog("Usage: hf iclass reader <reader type>");
	402	PrintAndLog(" sample: hf iclass reader 0");
	403	return 0;
	404	}
	405
	406	readerType = param_get8(Cmd, 0);
	407	PrintAndLog("--readertype:%02x", readerType);
	408
	409	UsbCommand c = {CMD_READER_ICLASS, {readerType}};
	410	//memcpy(c.d.asBytes, CSN, 8);
	411	SendCommand(&c);
	412
	413	/UsbCommand resp = WaitForResponseTimeout(CMD_ACK, 1500);
	414	if (resp != NULL) {
	415	uint8_t isOK = resp->arg[0] & 0xff;
	416	PrintAndLog("isOk:%02x", isOK);
	417	} else {
	418	PrintAndLog("Command execute timeout");
	419	}*/
	420
	421	return 0;
	422	}
	423
cee5a30d	424	static command_t CommandTable[] =
	425	{
	426	{"help", CmdHelp, 1, "This help"},
	427	{"list", CmdHFiClassList, 0, "List iClass history"},
	428	{"snoop", CmdHFiClassSnoop, 0, "Eavesdrop iClass communication"},
1e262141	429	{"sim", CmdHFiClassSim, 0, "Simulate iClass tag"},
1e262141	430	{"reader", CmdHFiClassReader, 0, "Read an iClass tag"},
cee5a30d	431	{NULL, NULL, 0, NULL}
	432	};
	433
	434	int CmdHFiClass(const char *Cmd)
	435	{
	436	CmdsParse(CommandTable, Cmd);
	437	return 0;
	438	}
	439
	440	int CmdHelp(const char *Cmd)
	441	{
	442	CmdsHelp(CommandTable);
	443	return 0;
	444	}