]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/cmdhf14b.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
'hf 14b' formatting
[proxmark3-svn] / client / cmdhf14b.c
CommitLineData
a553f267 1//-----------------------------------------------------------------------------
2// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// High frequency ISO14443B commands
9//-----------------------------------------------------------------------------
10
ad939de5 11#include "cmdhf14b.h"
12
7fe9b0b7 13#include <stdio.h>
14#include <stdlib.h>
15#include <stdbool.h>
16#include <string.h>
17#include <stdint.h>
a334de73 18#include <ctype.h>
7fe9b0b7 19#include "iso14443crc.h"
ad939de5 20#include "comms.h"
7fe9b0b7 21#include "graph.h"
3fe4ff4f 22#include "util.h"
7fe9b0b7 23#include "ui.h"
24#include "cmdparser.h"
7cf3ef20 25#include "cmdmain.h"
1338d245 26#include "taginfo.h"
27
7fe9b0b7 28
a334de73 29int CmdHF14BList(const char *Cmd) {
388c92bd
MHS		 30 PrintAndLog("Deprecated command, use 'hf list 14b' instead");
31 return 0;
7fe9b0b7 32}
7fe9b0b7 33
a334de73 34
35int CmdHF14BSim(const char *Cmd) {
132a0217 36 UsbCommand c={CMD_SIMULATE_TAG_ISO_14443B};
ff4fdb32 37 clearCommandBuffer();
7fe9b0b7 38 SendCommand(&c);
39 return 0;
40}
41
a334de73 42
43int CmdHF14BSnoop(const char *Cmd) {
132a0217 44 UsbCommand c = {CMD_SNOOP_ISO_14443B};
ff4fdb32 45 clearCommandBuffer();
7fe9b0b7 46 SendCommand(&c);
47 return 0;
48}
49
a334de73 50
7fe9b0b7 51/* New command to read the contents of a SRI512 tag
52 * SRI512 tags are ISO14443-B modulated memory tags,
53 * this command just dumps the contents of the memory
54 */
a334de73 55int CmdSri512Read(const char *Cmd) {
7fe9b0b7 56 UsbCommand c = {CMD_READ_SRI512_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
ff4fdb32 57 clearCommandBuffer();
7fe9b0b7 58 SendCommand(&c);
59 return 0;
60}
61
a334de73 62
7fe9b0b7 63/* New command to read the contents of a SRIX4K tag
64 * SRIX4K tags are ISO14443-B modulated memory tags,
65 * this command just dumps the contents of the memory/
66 */
a334de73 67int CmdSrix4kRead(const char *Cmd) {
7fe9b0b7 68 UsbCommand c = {CMD_READ_SRIX4K_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
ff4fdb32 69 clearCommandBuffer();
7fe9b0b7 70 SendCommand(&c);
71 return 0;
72}
73
a334de73 74
75static bool switch_off_field_14b(void) {
ff4fdb32 76 UsbCommand resp;
77 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}};
78 clearCommandBuffer();
79 SendCommand(&c);
a334de73 80 if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
81 return false;
ff4fdb32 82 }
a334de73 83 return false;
ff4fdb32 84}
85
a334de73 86
87int HF14BCmdRaw(bool reply, bool *crc, bool power, uint8_t *data, uint8_t *datalen, bool verbose) {
ff4fdb32 88 UsbCommand resp;
89 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}}; // len,recv,power
a334de73 90 if (*crc) {
ff4fdb32 91 uint8_t first, second;
92 ComputeCrc14443(CRC_14443_B, data, *datalen, &first, &second);
93 data[*datalen] = first;
94 data[*datalen + 1] = second;
95 *datalen += 2;
96 }
a334de73 97
ff4fdb32 98 c.arg[0] = *datalen;
99 c.arg[1] = reply;
100 c.arg[2] = power;
a334de73 101 memcpy(c.d.asBytes,data, *datalen);
ff4fdb32 102 clearCommandBuffer();
103 SendCommand(&c);
ff4fdb32 104
a334de73 105 if (!reply) return 1;
106
107 if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
ff4fdb32 108 if (verbose) PrintAndLog("timeout while waiting for reply.");
109 return 0;
110 }
111 *datalen = resp.arg[0];
112 if (verbose) PrintAndLog("received %u octets", *datalen);
a334de73 113 if (*datalen < 2) return 0;
ff4fdb32 114
115 memcpy(data, resp.d.asBytes, *datalen);
116 if (verbose) PrintAndLog("%s", sprint_hex(data, *datalen));
117
118 uint8_t first, second;
119 ComputeCrc14443(CRC_14443_B, data, *datalen-2, &first, &second);
a334de73 120 if (data[*datalen-2] == first && data[*datalen-1] == second) {
ff4fdb32 121 if (verbose) PrintAndLog("CRC OK");
122 *crc = true;
123 } else {
124 if (verbose) PrintAndLog("CRC failed");
125 *crc = false;
126 }
127 return 1;
128}
129
a334de73 130
131static int CmdHF14BCmdRaw (const char *Cmd) {
ff4fdb32 132 bool reply = true;
133 bool crc = false;
134 bool power = false;
b8edab0f 135 bool select = false;
7ce6e2c0 136 bool SRx = false;
ff4fdb32 137 char buf[5] = "";
138 uint8_t data[100] = {0x00};
139 uint8_t datalen = 0;
140 unsigned int temp;
141 int i = 0;
a334de73 142 if (strlen(Cmd) < 3) {
7ce6e2c0 143 PrintAndLog("Usage: hf 14b raw [-r] [-c] [-p] [-s || -ss] <0A 0B 0C ... hex>");
ff4fdb32 144 PrintAndLog(" -r do not read response");
145 PrintAndLog(" -c calculate and append CRC");
146 PrintAndLog(" -p leave the field on after receive");
b8edab0f 147 PrintAndLog(" -s active signal field ON with select");
7ce6e2c0 148 PrintAndLog(" -ss active signal field ON with select for SRx ST Microelectronics tags");
b8edab0f 149 return 0;
ff4fdb32 150 }
151
152 // strip
a334de73 153 while (*Cmd == ' ' || *Cmd == '\t') Cmd++;
154
155 while (Cmd[i] != '\0') {
156 if (Cmd[i] == ' ' || Cmd[i] == '\t') { i++; continue; }
157 if (Cmd[i] == '-') {
ff4fdb32 158 switch (Cmd[i+1]) {
a334de73 159 case 'r':
160 case 'R':
ff4fdb32 161 reply = false;
162 break;
163 case 'c':
a334de73 164 case 'C':
ff4fdb32 165 crc = true;
166 break;
a334de73 167 case 'p':
168 case 'P':
ff4fdb32 169 power = true;
170 break;
b8edab0f 171 case 's':
172 case 'S':
173 select = true;
a334de73 174 if (Cmd[i+2] == 's' || Cmd[i+2] == 'S') {
7ce6e2c0 175 SRx = true;
176 i++;
177 }
b8edab0f 178 break;
ff4fdb32 179 default:
180 PrintAndLog("Invalid option");
181 return 0;
182 }
a334de73 183 i += 2;
ff4fdb32 184 continue;
185 }
a334de73 186 if ((Cmd[i] >= '0' && Cmd[i] <= '9') ||
187 (Cmd[i] >= 'a' && Cmd[i] <= 'f') ||
188 (Cmd[i] >= 'A' && Cmd[i] <= 'F') ) {
189 buf[strlen(buf)+1] = 0;
190 buf[strlen(buf)] = Cmd[i];
ff4fdb32 191 i++;
a334de73 192
193 if (strlen(buf) >= 2) {
194 sscanf(buf, "%x", &temp);
195 data[datalen++] = (uint8_t)(temp & 0xff);
196 *buf = 0;
ff4fdb32 197 }
198 continue;
199 }
200 PrintAndLog("Invalid char on input");
7ce6e2c0 201 return 0;
ff4fdb32 202 }
a334de73 203 if (datalen == 0) {
ff4fdb32 204 PrintAndLog("Missing data input");
205 return 0;
206 }
207
a334de73 208 if (select) { //auto select 14b tag
209 uint8_t cmd2[16];
b8edab0f 210 bool crc2 = true;
7ce6e2c0 211 uint8_t cmdLen;
b8edab0f 212
7ce6e2c0 213 if (SRx) {
214 // REQ SRx
215 cmdLen = 2;
216 cmd2[0] = 0x06;
217 cmd2[1] = 0x00;
218 } else {
219 cmdLen = 3;
220 // REQB
221 cmd2[0] = 0x05;
222 cmd2[1] = 0x00;
223 cmd2[2] = 0x08;
224 }
b8edab0f 225
a334de73 226 if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false) == 0) return switch_off_field_14b();
227
228 if (SRx && (cmdLen != 3 || !crc2) ) return switch_off_field_14b();
229 else if (cmd2[0] != 0x50 || cmdLen != 14 || !crc2) return switch_off_field_14b();
b8edab0f 230
7ce6e2c0 231 uint8_t chipID = 0;
232 if (SRx) {
233 // select
234 chipID = cmd2[0];
235 cmd2[0] = 0x0E;
236 cmd2[1] = chipID;
237 cmdLen = 2;
238 } else {
239 // attrib
a334de73 240 cmd2[0] = 0x1D;
7ce6e2c0 241 // UID from cmd2[1 - 4]
242 cmd2[5] = 0x00;
243 cmd2[6] = 0x08;
244 cmd2[7] = 0x01;
245 cmd2[8] = 0x00;
246 cmdLen = 9;
247 }
1c7d367e 248
a334de73 249 if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false) == 0) return switch_off_field_14b();
b8edab0f 250
a334de73 251 if (cmdLen != 3 || !crc2) return switch_off_field_14b();
252 if (SRx && cmd2[0] != chipID) return switch_off_field_14b();
b8edab0f 253 }
ff4fdb32 254 return HF14BCmdRaw(reply, &crc, power, data, &datalen, true);
7cf3ef20 255}
256
a334de73 257
b29d55f2 258// print full atqb info
a334de73 259static void print_atqb_resp(uint8_t *data) {
f3b83bee 260 //PrintAndLog (" UID: %s", sprint_hex(data+1,4));
a334de73 261 PrintAndLog(" App Data: %s", sprint_hex(data+5,4));
262 PrintAndLog(" Protocol: %s", sprint_hex(data+9,3));
ff4fdb32 263 uint8_t BitRate = data[9];
a334de73 264 if (!BitRate)
ff4fdb32 265 PrintAndLog (" Bit Rate: 106 kbit/s only PICC <-> PCD");
266 if (BitRate & 0x10)
267 PrintAndLog (" Bit Rate: 212 kbit/s PICC -> PCD supported");
268 if (BitRate & 0x20)
a334de73 269 PrintAndLog (" Bit Rate: 424 kbit/s PICC -> PCD supported");
ff4fdb32 270 if (BitRate & 0x40)
a334de73 271 PrintAndLog (" Bit Rate: 847 kbit/s PICC -> PCD supported");
ff4fdb32 272 if (BitRate & 0x01)
273 PrintAndLog (" Bit Rate: 212 kbit/s PICC <- PCD supported");
274 if (BitRate & 0x02)
a334de73 275 PrintAndLog (" Bit Rate: 424 kbit/s PICC <- PCD supported");
ff4fdb32 276 if (BitRate & 0x04)
a334de73 277 PrintAndLog (" Bit Rate: 847 kbit/s PICC <- PCD supported");
278 if (BitRate & 0x80)
ff4fdb32 279 PrintAndLog (" Same bit rate <-> required");
280
a334de73 281 uint16_t maxFrame = data[10] >> 4;
282 if (maxFrame < 5)
ff4fdb32 283 maxFrame = 8*maxFrame + 16;
284 else if (maxFrame == 5)
285 maxFrame = 64;
286 else if (maxFrame == 6)
287 maxFrame = 96;
288 else if (maxFrame == 7)
289 maxFrame = 128;
290 else if (maxFrame == 8)
291 maxFrame = 256;
292 else
293 maxFrame = 257;
294
a334de73 295 PrintAndLog ("Max Frame Size: %u%s", maxFrame, (maxFrame == 257) ? "+ RFU" : "");
ff4fdb32 296
297 uint8_t protocolT = data[10] & 0xF;
298 PrintAndLog (" Protocol Type: Protocol is %scompliant with ISO/IEC 14443-4",(protocolT) ? "" : "not " );
f3b83bee 299 PrintAndLog ("Frame Wait Int: %u", data[11]>>4);
ff4fdb32 300 PrintAndLog (" App Data Code: Application is %s",(data[11]&4) ? "Standard" : "Proprietary");
301 PrintAndLog (" Frame Options: NAD is %ssupported",(data[11]&2) ? "" : "not ");
302 PrintAndLog (" Frame Options: CID is %ssupported",(data[11]&1) ? "" : "not ");
f3b83bee 303 PrintAndLog ("Max Buf Length: %u (MBLI) %s",data[14]>>4, (data[14] & 0xF0) ? "" : "not supported");
a334de73 304
ff4fdb32 305 return;
306}
307
ff4fdb32 308
a334de73 309int print_ST_Lock_info(uint8_t model) {
cc34cc7b 310 //assume connection open and tag selected...
c3ebcce4 311 uint8_t data[16] = {0x00};
cc34cc7b 312 uint8_t datalen = 2;
313 bool crc = true;
314 uint8_t resplen;
a334de73 315 uint8_t blk1;
cc34cc7b 316 data[0] = 0x08;
317
a334de73 318 if (model == 0x02) { //SR176 has special command:
319 data[1] = 0x0f;
320 resplen = 4;
cc34cc7b 321 } else {
322 data[1] = 0xff;
323 resplen = 6;
324 }
325
326 //std read cmd
a334de73 327 if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) == 0) return switch_off_field_14b();
cc34cc7b 328
a334de73 329 if (datalen != resplen || !crc) return switch_off_field_14b();
cc34cc7b 330
331 PrintAndLog("Chip Write Protection Bits:");
332 // now interpret the data
333 switch (model){
334 case 0x0: //fall through (SRIX4K special)
335 case 0x3: //fall through (SRIx4K)
336 case 0x7: // (SRI4K)
337 //only need data[3]
338 blk1 = 9;
8e00825a 339 PrintAndLog(" raw: %s",printBits(1,data+3));
c3ebcce4 340 PrintAndLog(" 07/08:%slocked", (data[3] & 1) ? " not " : " " );
a334de73 341 for (uint8_t i = 1; i < 8; i++){
c3ebcce4 342 PrintAndLog(" %02u:%slocked", blk1, (data[3] & (1 << i)) ? " not " : " " );
cc34cc7b 343 blk1++;
344 }
345 break;
346 case 0x4: //fall through (SRIX512)
347 case 0x6: //fall through (SRI512)
348 case 0xC: // (SRT512)
349 //need data[2] and data[3]
350 blk1 = 0;
a334de73 351 PrintAndLog(" raw: %s", printBits(2,data+2));
352 for (uint8_t b = 2; b < 4; b++) {
353 for (uint8_t i = 0; i < 8; i++) {
c3ebcce4 354 PrintAndLog(" %02u:%slocked", blk1, (data[b] & (1 << i)) ? " not " : " " );
cc34cc7b 355 blk1++;
356 }
357 }
358 break;
359 case 0x2: // (SR176)
360 //need data[2]
361 blk1 = 0;
a334de73 362 PrintAndLog(" raw: %s",printBits(1, data+2));
363 for (uint8_t i = 0; i < 8; i++){
c3ebcce4 364 PrintAndLog(" %02u/%02u:%slocked", blk1, blk1+1, (data[2] & (1 << i)) ? " " : " not " );
a334de73 365 blk1 += 2;
cc34cc7b 366 }
367 break;
368 default:
a334de73 369 return switch_off_field_14b();
cc34cc7b 370 }
371 return 1;
372}
373
a334de73 374
b29d55f2 375// print UID info from SRx chips (ST Microelectronics)
a334de73 376static void print_st_general_info(uint8_t *data) {
ff4fdb32 377 //uid = first 8 bytes in data
a334de73 378 PrintAndLog(" UID: %s", sprint_hex(SwapEndian64(data, 8, 8), 8));
1338d245 379 PrintAndLog(" MFG: %02X, %s", data[6], getManufacturerName(data[6]));
380 PrintAndLog(" Chip: %02X, %s", data[5], getChipInfo(data[6], data[5]));
ff4fdb32 381 return;
382}
383
a334de73 384
b29d55f2 385// 14b get and print UID only (general info)
a334de73 386int HF14BStdReader(uint8_t *data, uint8_t *datalen) {
ff4fdb32 387 //05 00 00 = find one tag in field
b8edab0f 388 //1d xx xx xx xx 00 08 01 00 = attrib xx=UID (resp 10 [f9 e0])
389 //a3 = ? (resp 03 [e2 c2])
390 //02 = ? (resp 02 [6a d3])
ff4fdb32 391 // 022b (resp 02 67 00 [29 5b])
392 // 0200a40400 (resp 02 67 00 [29 5b])
393 // 0200a4040c07a0000002480300 (resp 02 67 00 [29 5b])
394 // 0200a4040c07a0000002480200 (resp 02 67 00 [29 5b])
395 // 0200a4040006a0000000010100 (resp 02 6a 82 [4b 4c])
396 // 0200a4040c09d27600002545500200 (resp 02 67 00 [29 5b])
397 // 0200a404000cd2760001354b414e4d30310000 (resp 02 6a 82 [4b 4c])
398 // 0200a404000ca000000063504b43532d313500 (resp 02 6a 82 [4b 4c])
399 // 0200a4040010a000000018300301000000000000000000 (resp 02 6a 82 [4b 4c])
400 //03 = ? (resp 03 [e3 c2])
401 //c2 = ? (resp c2 [66 15])
402 //b2 = ? (resp a3 [e9 67])
f3b83bee 403 //a2 = ? (resp 02 [6a d3])
ff4fdb32 404 bool crc = true;
405 *datalen = 3;
406 //std read cmd
407 data[0] = 0x05;
408 data[1] = 0x00;
14660057 409 data[2] = 0x08;
ff4fdb32 410
a334de73 411 if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b();
ff4fdb32 412
a334de73 413 if (data[0] != 0x50 || *datalen != 14 || !crc) return switch_off_field_14b();
ff4fdb32 414
415 PrintAndLog ("\n14443-3b tag found:");
a334de73 416 PrintAndLog (" UID: %s", sprint_hex(data+1, 4));
ff4fdb32 417
a334de73 418 uint8_t cmd2[16];
f3b83bee 419 uint8_t cmdLen = 3;
420 bool crc2 = true;
421
a334de73 422 cmd2[0] = 0x1D;
f3b83bee 423 // UID from data[1 - 4]
424 cmd2[1] = data[1];
425 cmd2[2] = data[2];
426 cmd2[3] = data[3];
427 cmd2[4] = data[4];
428 cmd2[5] = 0x00;
429 cmd2[6] = 0x08;
430 cmd2[7] = 0x01;
431 cmd2[8] = 0x00;
432 cmdLen = 9;
433
434 // attrib
a334de73 435 if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false) == 0) return switch_off_field_14b();
f3b83bee 436
a334de73 437 if (cmdLen != 3 || !crc2) return switch_off_field_14b();
f3b83bee 438 // add attrib responce to data
439 data[14] = cmd2[0];
a334de73 440 switch_off_field_14b();
ff4fdb32 441 return 1;
442}
443
a334de73 444
8a258b58 445// 14b get and print Full Info (as much as we know)
a334de73 446static bool HF14B_Std_Info(uint8_t *data, uint8_t *datalen) {
447 if (!HF14BStdReader(data, datalen)) return false;
b29d55f2 448
8a258b58 449 //add more info here
450 print_atqb_resp(data);
b29d55f2 451
a334de73 452 return true;
b29d55f2 453}
454
a334de73 455
b29d55f2 456// SRx get and print general info about SRx chip from UID
a334de73 457static bool HF14B_ST_Reader(uint8_t *data, uint8_t *datalen, bool closeCon){
ff4fdb32 458 bool crc = true;
459 *datalen = 2;
460 //wake cmd
461 data[0] = 0x06;
462 data[1] = 0x00;
463
464 //leave power on
465 // verbose on for now for testing - turn off when functional
a334de73 466 if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b();
ff4fdb32 467
a334de73 468 if (*datalen != 3 || !crc) return switch_off_field_14b();
ff4fdb32 469
470 uint8_t chipID = data[0];
471 // select
472 data[0] = 0x0E;
473 data[1] = chipID;
474 *datalen = 2;
475
476 //leave power on
a334de73 477 if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b();
ff4fdb32 478
a334de73 479 if (*datalen != 3 || !crc || data[0] != chipID) return switch_off_field_14b();
ff4fdb32 480
481 // get uid
482 data[0] = 0x0B;
483 *datalen = 1;
484
cc34cc7b 485 //leave power on
a334de73 486 if (HF14BCmdRaw(true, &crc, true, data, datalen, false) == 0) return switch_off_field_14b();
c3ebcce4 487
a334de73 488 if (*datalen != 10 || !crc) return switch_off_field_14b();
c3ebcce4 489
cc34cc7b 490 //power off ?
a334de73 491 if (closeCon) switch_off_field_14b();
cc34cc7b 492
ff4fdb32 493 PrintAndLog("\n14443-3b ST tag found:");
b29d55f2 494 print_st_general_info(data);
ff4fdb32 495 return 1;
496}
497
a334de73 498
8a258b58 499// SRx get and print full info (needs more info...)
a334de73 500static bool HF14B_ST_Info(bool verbose) {
501 uint8_t data[100];
502 uint8_t datalen;
503
504 if (!HF14B_ST_Reader(data, &datalen, false)) return false;
505
8a258b58 506 //add locking bit information here.
a334de73 507 if (print_ST_Lock_info(data[5] >> 2))
508 switch_off_field_14b();
8a258b58 509
a334de73 510 return true;
8a258b58 511}
512
a334de73 513
ff4fdb32 514// test for other 14b type tags (mimic another reader - don't have tags to identify)
a334de73 515static bool HF14B_Other_Reader(bool verbose) {
516 uint8_t data[4];
517 uint8_t datalen;
518
ff4fdb32 519 bool crc = true;
a334de73 520 datalen = 4;
ff4fdb32 521 //std read cmd
522 data[0] = 0x00;
523 data[1] = 0x0b;
524 data[2] = 0x3f;
525 data[3] = 0x80;
526
a334de73 527 if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) != 0) {
528 if (datalen > 2 || !crc) {
ff4fdb32 529 PrintAndLog ("\n14443-3b tag found:");
530 PrintAndLog ("Unknown tag type answered to a 0x000b3f80 command ans:");
a334de73 531 PrintAndLog ("%s", sprint_hex(data, datalen));
532 switch_off_field_14b();
533 return true;
ff4fdb32 534 }
535 }
536
537 crc = false;
a334de73 538 datalen = 1;
ff4fdb32 539 data[0] = 0x0a;
540
a334de73 541 if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) != 0) {
542 if (datalen > 0) {
ff4fdb32 543 PrintAndLog ("\n14443-3b tag found:");
544 PrintAndLog ("Unknown tag type answered to a 0x0A command ans:");
a334de73 545 PrintAndLog ("%s", sprint_hex(data, datalen));
546 switch_off_field_14b();
547 return true;
ff4fdb32 548 }
549 }
a334de73 550
ff4fdb32 551 crc = false;
a334de73 552 datalen = 1;
ff4fdb32 553 data[0] = 0x0c;
554
a334de73 555 if (HF14BCmdRaw(true, &crc, true, data, &datalen, false) != 0) {
556 if (datalen > 0) {
ff4fdb32 557 PrintAndLog ("\n14443-3b tag found:");
558 PrintAndLog ("Unknown tag type answered to a 0x0C command ans:");
a334de73 559 PrintAndLog ("%s", sprint_hex(data, datalen));
560 switch_off_field_14b();
561 return true;
ff4fdb32 562 }
563 }
a334de73 564 switch_off_field_14b();
565 return false;
ff4fdb32 566}
567
a334de73 568
b29d55f2 569// get and print all info known about any known 14b tag
a334de73 570static int usage_hf_14b_info(void) {
571 PrintAndLogEx(NORMAL, "Usage: hf 14b info [h] [s]");
572 PrintAndLogEx(NORMAL, "Options:");
573 PrintAndLogEx(NORMAL, " h this help");
574 PrintAndLogEx(NORMAL, " s silently");
575 PrintAndLogEx(NORMAL, "Example:");
576 PrintAndLogEx(NORMAL, " hf 14b info");
577 return 0;
578}
579
580int infoHF14B(bool verbose) {
ff4fdb32 581 uint8_t data[100];
a334de73 582 uint8_t datalen;
583
ff4fdb32 584 // try std 14b (atqb)
a334de73 585 if (HF14B_Std_Info(data, &datalen)) return 1;
ff4fdb32 586
587 // try st 14b
a334de73 588 if (HF14B_ST_Info(verbose)) return 1;
ff4fdb32 589
590 // try unknown 14b read commands (to be identified later)
591 // could be read of calypso, CEPAS, moneo, or pico pass.
a334de73 592 if (HF14B_Other_Reader(verbose)) return 1;
ff4fdb32 593
594 if (verbose) PrintAndLog("no 14443B tag found");
595 return 0;
596}
597
a334de73 598
b29d55f2 599// menu command to get and print all info known about any known 14b tag
a334de73 600static int CmdHF14Binfo(const char *Cmd){
601 char cmdp = tolower(param_getchar(Cmd, 0));
602 if (cmdp == 'h') return usage_hf_14b_info();
603
604 bool verbose = !(cmdp == 's');
605 return infoHF14B(verbose);
ff4fdb32 606}
3fe4ff4f 607
a334de73 608
b29d55f2 609// get and print general info about all known 14b chips
a334de73 610int readHF14B(bool verbose){
b29d55f2 611 uint8_t data[100];
612 uint8_t datalen = 5;
a334de73 613
b29d55f2 614 // try std 14b (atqb)
615 if (HF14BStdReader(data, &datalen)) return 1;
616
617 // try st 14b
cc34cc7b 618 if (HF14B_ST_Reader(data, &datalen, true)) return 1;
b29d55f2 619
620 // try unknown 14b read commands (to be identified later)
621 // could be read of calypso, CEPAS, moneo, or pico pass.
a334de73 622 if (HF14B_Other_Reader(verbose)) return 1;
b29d55f2 623
624 if (verbose) PrintAndLog("no 14443B tag found");
625 return 0;
626}
627
a334de73 628
b29d55f2 629// menu command to get and print general info about all known 14b chips
a334de73 630static int usage_hf_14b_reader(void) {
631 PrintAndLogEx(NORMAL, "Usage: hf 14b reader [h] [s]");
632 PrintAndLogEx(NORMAL, "Options:");
633 PrintAndLogEx(NORMAL, " h this help");
634 PrintAndLogEx(NORMAL, " s silently");
635 PrintAndLogEx(NORMAL, "Example:");
636 PrintAndLogEx(NORMAL, " hf 14b reader");
637 return 0;
b29d55f2 638}
639
a334de73 640
641static int CmdHF14BReader(const char *Cmd) {
642 char cmdp = tolower(param_getchar(Cmd, 0));
643 if (cmdp == 'h') return usage_hf_14b_reader();
644
645 bool verbose = !(cmdp == 's');
646 return readHF14B(verbose);
647}
648
649
650int CmdSriWrite(const char *Cmd) {
3fe4ff4f 651/*
652 * For SRIX4K blocks 00 - 7F
653 * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
654 *
655 * For SR512 blocks 00 - 0F
656 * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
a334de73 657 *
3fe4ff4f 658 * Special block FF = otp_lock_reg block.
659 * Data len 4 bytes-
660 */
a334de73 661 char cmdp = param_getchar(Cmd, 0);
3fe4ff4f 662 uint8_t blockno = -1;
663 uint8_t data[4] = {0x00};
664 bool isSrix4k = true;
a334de73 665 char str[20];
3fe4ff4f 666
b5be31f9 667 if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') {
3fe4ff4f 668 PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
b5be31f9 669 PrintAndLog(" [1 = SRIX4K]");
670 PrintAndLog(" [2 = SRI512]");
671 PrintAndLog(" [BLOCK number depends on tag, special block == FF]");
672 PrintAndLog(" sample: hf 14b write 1 7F 11223344");
673 PrintAndLog(" : hf 14b write 1 FF 11223344");
674 PrintAndLog(" : hf 14b write 2 15 11223344");
675 PrintAndLog(" : hf 14b write 2 FF 11223344");
3fe4ff4f 676 return 0;
677 }
678
b5be31f9 679 if ( cmdp == '2' )
3fe4ff4f 680 isSrix4k = false;
a334de73 681
b5be31f9 682 //blockno = param_get8(Cmd, 1);
a334de73 683
684 if (param_gethex(Cmd,1, &blockno, 2) ) {
b5be31f9 685 PrintAndLog("Block number must include 2 HEX symbols");
686 return 0;
687 }
a334de73 688
689 if (isSrix4k) {
690 if (blockno > 0x7f && blockno != 0xff){
3fe4ff4f 691 PrintAndLog("Block number out of range");
692 return 0;
a334de73 693 }
3fe4ff4f 694 } else {
a334de73 695 if (blockno > 0x0f && blockno != 0xff){
3fe4ff4f 696 PrintAndLog("Block number out of range");
697 return 0;
a334de73 698 }
3fe4ff4f 699 }
a334de73 700
3fe4ff4f 701 if (param_gethex(Cmd, 2, data, 8)) {
702 PrintAndLog("Data must include 8 HEX symbols");
703 return 0;
704 }
a334de73 705
706 if (blockno == 0xff)
707 PrintAndLog("[%s] Write special block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data, 4));
3fe4ff4f 708 else
a334de73 709 PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data, 4));
710
fe5b3a44 711 sprintf(str, "-c 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
b5be31f9 712
3fe4ff4f 713 CmdHF14BCmdRaw(str);
714 return 0;
715}
716
a334de73 717
718static int CmdHelp(const char *Cmd);
719
720static command_t CommandTable[] =
7fe9b0b7 721{
722 {"help", CmdHelp, 1, "This help"},
b29d55f2 723 {"info", CmdHF14Binfo, 0, "Find and print details about a 14443B tag"},
724 {"list", CmdHF14BList, 0, "[Deprecated] List ISO 14443B history"},
725 {"reader", CmdHF14BReader, 0, "Act as a 14443B reader to identify a tag"},
132a0217 726 {"sim", CmdHF14BSim, 0, "Fake ISO 14443B tag"},
727 {"snoop", CmdHF14BSnoop, 0, "Eavesdrop ISO 14443B"},
7cf3ef20 728 {"sri512read", CmdSri512Read, 0, "Read contents of a SRI512 tag"},
729 {"srix4kread", CmdSrix4kRead, 0, "Read contents of a SRIX4K tag"},
ff4fdb32 730 {"sriwrite", CmdSriWrite, 0, "Write data to a SRI512 | SRIX4K tag"},
7cf3ef20 731 {"raw", CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
7fe9b0b7 732 {NULL, NULL, 0, NULL}
733};
734
735int CmdHF14B(const char *Cmd)
736{
737 CmdsParse(CommandTable, Cmd);
738 return 0;
739}
740
741int CmdHelp(const char *Cmd)
742{
743 CmdsHelp(CommandTable);
744 return 0;
745}
Proxmark3 GIT tracking
Impressum, Datenschutz