[proxmark3-svn] / client / cmdhflist.c

//-----------------------------------------------------------------------------
// Copyright (C) Merlok - 2017
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Command: hf mf list. It shows data from arm buffer.
//-----------------------------------------------------------------------------

#include "cmdhflist.h"

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <stdbool.h>
#include "util.h"
#include "data.h"
#include "ui.h"
#include "iso14443crc.h"
#include "parity.h"
#include "protocols.h"


enum MifareAuthSeq {
	masNone,
	masNt,
	masNrAr,
	masAt,
	masFirstData,
	masData,
	masDataNested,
	masError,
};
static enum MifareAuthSeq MifareAuthState;
static TAuthData AuthData;

void ClearAuthData() {
	AuthData.uid = 0;
	AuthData.nt = 0;
	AuthData.first_auth = false;
}

/**
 * @brief iso14443A_CRC_check Checks CRC in command or response
 * @param isResponse
 * @param data
 * @param len
 * @return  0 : CRC-command, CRC not ok
 *          1 : CRC-command, CRC ok
 *          2 : Not crc-command
 */
uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
{
	uint8_t b1,b2;

	if(len <= 2) return 2;

	if(isResponse & (len < 6)) return 2;
	
	ComputeCrc14443(CRC_14443_A, data, len-2, &b1, &b2);
	if (b1 != data[len-2] || b2 != data[len-1]) {
		return 0;
	} else {
		return 1;
	}
}

uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
{
	switch(MifareAuthState) {
		case masNone:
		case masFirstData:
		case masData:
		case masDataNested:
		case masError:
			return iso14443A_CRC_check(isResponse, data, len);
		default:
			return 2;
	}
}

void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
	switch(cmd[0])
	{
	case ISO14443A_CMD_WUPA:        
		snprintf(exp,size,"WUPA"); 
		MifareAuthState = masNone;
		break;
	case ISO14443A_CMD_ANTICOLL_OR_SELECT:{
		// 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
		// 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
		if(cmd[1] == 0x70)
		{
			snprintf(exp,size,"SELECT_UID"); break;
		}else
		{
			snprintf(exp,size,"ANTICOLL"); break;
		}
	}
	case ISO14443A_CMD_ANTICOLL_OR_SELECT_2:{
		//95 20 = Anticollision of cascade level2
		//95 70 = Select of cascade level2
		if(cmd[2] == 0x70)
		{
			snprintf(exp,size,"SELECT_UID-2"); break;
		}else
		{
			snprintf(exp,size,"ANTICOLL-2"); break;
		}
	}
	case ISO14443A_CMD_REQA:		
		snprintf(exp,size,"REQA"); 
		MifareAuthState = masNone;
		break;
	case ISO14443A_CMD_READBLOCK:	snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
	case ISO14443A_CMD_WRITEBLOCK:	snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
	case ISO14443A_CMD_HALT:		
		snprintf(exp,size,"HALT"); 
		MifareAuthState = masNone;
		break;
	case ISO14443A_CMD_RATS:		snprintf(exp,size,"RATS"); break;
	case MIFARE_CMD_INC:			snprintf(exp,size,"INC(%d)",cmd[1]); break;
	case MIFARE_CMD_DEC:			snprintf(exp,size,"DEC(%d)",cmd[1]); break;
	case MIFARE_CMD_RESTORE:		snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
	case MIFARE_CMD_TRANSFER:		snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
	case MIFARE_AUTH_KEYA:
		if ( cmdsize > 3) {
			snprintf(exp,size,"AUTH-A(%d)",cmd[1]); 
			MifareAuthState = masNt;
		} else {
			//	case MIFARE_ULEV1_VERSION :  both 0x60.
			snprintf(exp,size,"EV1 VERSION");
		}
		break;
	case MIFARE_AUTH_KEYB:
		MifareAuthState = masNt;
		snprintf(exp,size,"AUTH-B(%d)",cmd[1]); 
		break;
	case MIFARE_MAGICWUPC1:			snprintf(exp,size,"MAGIC WUPC1"); break;
	case MIFARE_MAGICWUPC2:			snprintf(exp,size,"MAGIC WUPC2"); break;
	case MIFARE_MAGICWIPEC:			snprintf(exp,size,"MAGIC WIPEC"); break;
	case MIFARE_ULC_AUTH_1:		snprintf(exp,size,"AUTH "); break;
	case MIFARE_ULC_AUTH_2:		snprintf(exp,size,"AUTH_ANSW"); break;
	case MIFARE_ULEV1_AUTH:
		if ( cmdsize == 7 )
			snprintf(exp,size,"PWD-AUTH KEY: 0x%02x%02x%02x%02x", cmd[1], cmd[2], cmd[3], cmd[4] );
		else
			snprintf(exp,size,"PWD-AUTH");
		break;
	case MIFARE_ULEV1_FASTREAD:{
		if ( cmdsize >=3 && cmd[2] <= 0xE6)
			snprintf(exp,size,"READ RANGE (%d-%d)",cmd[1],cmd[2]); 
		else
			snprintf(exp,size,"?");
		break;
	}
	case MIFARE_ULC_WRITE:{
		if ( cmd[1] < 0x21 )
			snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); 
		else
			snprintf(exp,size,"?");
		break;
	}
	case MIFARE_ULEV1_READ_CNT:{
		if ( cmd[1] < 5 )
			snprintf(exp,size,"READ CNT(%d)",cmd[1]);
		else
			snprintf(exp,size,"?");
		break;
	}
	case MIFARE_ULEV1_INCR_CNT:{
		if ( cmd[1] < 5 )
			snprintf(exp,size,"INCR(%d)",cmd[1]);
		else
			snprintf(exp,size,"?");
		break;
	}
	case MIFARE_ULEV1_READSIG:		snprintf(exp,size,"READ_SIG"); break;
	case MIFARE_ULEV1_CHECKTEAR:	snprintf(exp,size,"CHK_TEARING(%d)",cmd[1]); break;
	case MIFARE_ULEV1_VCSL:		snprintf(exp,size,"VCSL"); break;
	default:						snprintf(exp,size,"?"); break;
	}
	return;
}

void annotateMifare(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize, bool isResponse) {
	// get UID
	if (MifareAuthState == masNone) {
		if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && cmd[1] == 0x70) {
			ClearAuthData();
			AuthData.uid = bytes_to_num(&cmd[2], 4);
		}
		if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && cmd[1] == 0x70) {
			ClearAuthData();
			AuthData.uid = bytes_to_num(&cmd[2], 4);
		}
	}
	
	switch(MifareAuthState) {
		case masNt:
			if (cmdsize == 4 && isResponse) {
				snprintf(exp,size,"AUTH: nt %s", (AuthData.first_auth) ? "" : "(enc)");
				MifareAuthState = masNrAr;
				if (AuthData.first_auth)
					AuthData.nt = bytes_to_num(cmd, cmdsize);
				else
					AuthData.nt_enc = bytes_to_num(cmd, cmdsize);
				return;
			} else {
				MifareAuthState = masError;
			}
			break;
		case masNrAr:
			if (cmdsize == 8 && !isResponse) {
				snprintf(exp,size,"AUTH: nr ar (enc)");
				MifareAuthState = masAt;
				AuthData.nr_enc = bytes_to_num(cmd, cmdsize);
				AuthData.ar_enc = bytes_to_num(&cmd[3], cmdsize);
				return;
			} else {
				MifareAuthState = masError;
			}
			break;
		case masAt:
			if (cmdsize == 4 && isResponse) {
				snprintf(exp,size,"AUTH: at (enc)");
				MifareAuthState = masFirstData;
				AuthData.at_enc = bytes_to_num(cmd, cmdsize);
				return;
			} else {
				MifareAuthState = masError;
			}
			break;
		default:
			break;
	}
	
	if (!isResponse)
		annotateIso14443a(exp, size, cmd, cmdsize);
	
}
Commit	Line	Data
4f131b53	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) Merlok - 2017
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Command: hf mf list. It shows data from arm buffer.
	9	//-----------------------------------------------------------------------------
	10
	11	#include "cmdhflist.h"
	12
	13	#include <stdlib.h>
	14	#include <stdio.h>
	15	#include <string.h>
6612a5a2	16	#include <stdint.h>
	17	#include <stdbool.h>
	18	#include "util.h"
	19	#include "data.h"
	20	#include "ui.h"
	21	#include "iso14443crc.h"
	22	#include "parity.h"
	23	#include "protocols.h"
4f131b53	24
4f131b53	25
6612a5a2	26	enum MifareAuthSeq {
	27	masNone,
	28	masNt,
	29	masNrAr,
	30	masAt,
aadc6bf1	31	masFirstData,
6612a5a2	32	masData,
	33	masDataNested,
	34	masError,
	35	};
	36	static enum MifareAuthSeq MifareAuthState;
aadc6bf1 OM	37	static TAuthData AuthData;
	38
	39	void ClearAuthData() {
	40	AuthData.uid = 0;
	41	AuthData.nt = 0;
	42	AuthData.first_auth = false;
	43	}
6612a5a2	44
	45	/**
	46	* @brief iso14443A_CRC_check Checks CRC in command or response
	47	* @param isResponse
	48	* @param data
	49	* @param len
	50	* @return 0 : CRC-command, CRC not ok
	51	* 1 : CRC-command, CRC ok
	52	* 2 : Not crc-command
	53	*/
	54	uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
	55	{
	56	uint8_t b1,b2;
	57
	58	if(len <= 2) return 2;
	59
	60	if(isResponse & (len < 6)) return 2;
	61
	62	ComputeCrc14443(CRC_14443_A, data, len-2, &b1, &b2);
	63	if (b1 != data[len-2] \|\| b2 != data[len-1]) {
	64	return 0;
	65	} else {
	66	return 1;
	67	}
	68	}
	69
	70	uint8_t mifare_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
	71	{
	72	switch(MifareAuthState) {
	73	case masNone:
aadc6bf1	74	case masFirstData:
6612a5a2	75	case masData:
	76	case masDataNested:
	77	case masError:
	78	return iso14443A_CRC_check(isResponse, data, len);
	79	default:
	80	return 2;
	81	}
6612a5a2	82	}
	83
	84	void annotateIso14443a(char exp, size_t size, uint8_t cmd, uint8_t cmdsize)
	85	{
	86	switch(cmd[0])
	87	{
a31f7f89 OM	88	case ISO14443A_CMD_WUPA:
	89	snprintf(exp,size,"WUPA");
	90	MifareAuthState = masNone;
	91	break;
6612a5a2	92	case ISO14443A_CMD_ANTICOLL_OR_SELECT:{
	93	// 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
	94	// 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
	95	if(cmd[1] == 0x70)
	96	{
	97	snprintf(exp,size,"SELECT_UID"); break;
	98	}else
	99	{
	100	snprintf(exp,size,"ANTICOLL"); break;
	101	}
	102	}
	103	case ISO14443A_CMD_ANTICOLL_OR_SELECT_2:{
	104	//95 20 = Anticollision of cascade level2
	105	//95 70 = Select of cascade level2
	106	if(cmd[2] == 0x70)
	107	{
	108	snprintf(exp,size,"SELECT_UID-2"); break;
	109	}else
	110	{
	111	snprintf(exp,size,"ANTICOLL-2"); break;
	112	}
	113	}
a31f7f89 OM	114	case ISO14443A_CMD_REQA:
	115	snprintf(exp,size,"REQA");
	116	MifareAuthState = masNone;
	117	break;
6612a5a2	118	case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
	119	case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
	120	case ISO14443A_CMD_HALT:
	121	snprintf(exp,size,"HALT");
	122	MifareAuthState = masNone;
	123	break;
	124	case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break;
	125	case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break;
	126	case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break;
	127	case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
	128	case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
	129	case MIFARE_AUTH_KEYA:
	130	if ( cmdsize > 3) {
	131	snprintf(exp,size,"AUTH-A(%d)",cmd[1]);
	132	MifareAuthState = masNt;
	133	} else {
	134	// case MIFARE_ULEV1_VERSION : both 0x60.
	135	snprintf(exp,size,"EV1 VERSION");
	136	}
	137	break;
	138	case MIFARE_AUTH_KEYB:
	139	MifareAuthState = masNt;
	140	snprintf(exp,size,"AUTH-B(%d)",cmd[1]);
	141	break;
	142	case MIFARE_MAGICWUPC1: snprintf(exp,size,"MAGIC WUPC1"); break;
	143	case MIFARE_MAGICWUPC2: snprintf(exp,size,"MAGIC WUPC2"); break;
	144	case MIFARE_MAGICWIPEC: snprintf(exp,size,"MAGIC WIPEC"); break;
	145	case MIFARE_ULC_AUTH_1: snprintf(exp,size,"AUTH "); break;
	146	case MIFARE_ULC_AUTH_2: snprintf(exp,size,"AUTH_ANSW"); break;
	147	case MIFARE_ULEV1_AUTH:
	148	if ( cmdsize == 7 )
	149	snprintf(exp,size,"PWD-AUTH KEY: 0x%02x%02x%02x%02x", cmd[1], cmd[2], cmd[3], cmd[4] );
	150	else
	151	snprintf(exp,size,"PWD-AUTH");
	152	break;
	153	case MIFARE_ULEV1_FASTREAD:{
	154	if ( cmdsize >=3 && cmd[2] <= 0xE6)
	155	snprintf(exp,size,"READ RANGE (%d-%d)",cmd[1],cmd[2]);
	156	else
	157	snprintf(exp,size,"?");
	158	break;
	159	}
	160	case MIFARE_ULC_WRITE:{
	161	if ( cmd[1] < 0x21 )
	162	snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]);
	163	else
	164	snprintf(exp,size,"?");
	165	break;
	166	}
	167	case MIFARE_ULEV1_READ_CNT:{
	168	if ( cmd[1] < 5 )
	169	snprintf(exp,size,"READ CNT(%d)",cmd[1]);
	170	else
	171	snprintf(exp,size,"?");
	172	break;
	173	}
	174	case MIFARE_ULEV1_INCR_CNT:{
	175	if ( cmd[1] < 5 )
	176	snprintf(exp,size,"INCR(%d)",cmd[1]);
	177	else
	178	snprintf(exp,size,"?");
	179	break;
	180	}
	181	case MIFARE_ULEV1_READSIG: snprintf(exp,size,"READ_SIG"); break;
182	case MIFARE_ULEV1_CHECKTEAR: snprintf(exp,size,"CHK_TEARING(%d)",cmd[1]); break;
183	case MIFARE_ULEV1_VCSL: snprintf(exp,size,"VCSL"); break;
184	default: snprintf(exp,size,"?"); break;
185	}
186	return;
187	}
188
189	void annotateMifare(char exp, size_t size, uint8_t cmd, uint8_t cmdsize, bool isResponse) {
aadc6bf1 OM	190	// get UID
	191	if (MifareAuthState == masNone) {
	192	if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && cmd[1] == 0x70) {
	193	ClearAuthData();
	194	AuthData.uid = bytes_to_num(&cmd[2], 4);
	195	}
	196	if (cmdsize == 7 && cmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && cmd[1] == 0x70) {
	197	ClearAuthData();
	198	AuthData.uid = bytes_to_num(&cmd[2], 4);
	199	}
	200	}
	201
6612a5a2	202	switch(MifareAuthState) {
6612a5a2	203	case masNt:
fb30f5a1	204	if (cmdsize == 4 && isResponse) {
aadc6bf1	205	snprintf(exp,size,"AUTH: nt %s", (AuthData.first_auth) ? "" : "(enc)");
6612a5a2	206	MifareAuthState = masNrAr;
aadc6bf1 OM	207	if (AuthData.first_auth)
	208	AuthData.nt = bytes_to_num(cmd, cmdsize);
	209	else
	210	AuthData.nt_enc = bytes_to_num(cmd, cmdsize);
6612a5a2	211	return;
	212	} else {
	213	MifareAuthState = masError;
6612a5a2	214	}
	215	break;
	216	case masNrAr:
fb30f5a1	217	if (cmdsize == 8 && !isResponse) {
6c30a244	218	snprintf(exp,size,"AUTH: nr ar (enc)");
6612a5a2	219	MifareAuthState = masAt;
aadc6bf1 OM	220	AuthData.nr_enc = bytes_to_num(cmd, cmdsize);
aadc6bf1 OM	221	AuthData.ar_enc = bytes_to_num(&cmd[3], cmdsize);
6612a5a2	222	return;
	223	} else {
	224	MifareAuthState = masError;
	225	}
	226	break;
	227	case masAt:
fb30f5a1	228	if (cmdsize == 4 && isResponse) {
6c30a244	229	snprintf(exp,size,"AUTH: at (enc)");
aadc6bf1 OM	230	MifareAuthState = masFirstData;
aadc6bf1 OM	231	AuthData.at_enc = bytes_to_num(cmd, cmdsize);
6612a5a2	232	return;
	233	} else {
	234	MifareAuthState = masError;
	235	}
	236	break;
	237	default:
	238	break;
	239	}
	240
	241	if (!isResponse)
	242	annotateIso14443a(exp, size, cmd, cmdsize);
	243
	244	}