[proxmark3-svn] / client / cmdlfhitag.c

//-----------------------------------------------------------------------------
// Copyright (C) 2012 Roel Verdult
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency Hitag support
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "data.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
#include "common.h"
#include "util.h"
#include "hitag2.h"
#include "hitagS.h"
#include "sleep.h"
#include "cmdmain.h"

static int CmdHelp(const char *Cmd);

size_t nbytes(size_t nbits) {
	return (nbits/8)+((nbits%8)>0);
}

int CmdLFHitagList(const char *Cmd) {
 	uint8_t *got = malloc(USB_CMD_DATA_SIZE);

	// Query for the actual size of the trace
	UsbCommand response;
	GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0);
	WaitForResponse(CMD_ACK, &response);
	uint16_t traceLen = response.arg[2];
	if (traceLen > USB_CMD_DATA_SIZE) {
		uint8_t *p = realloc(got, traceLen);
		if (p == NULL) {
			PrintAndLog("Cannot allocate memory for trace");
			free(got);
			return 2;
		}
		got = p;
		GetFromBigBuf(got, traceLen, 0);
		WaitForResponse(CMD_ACK,NULL);
	}
	
	PrintAndLog("recorded activity (TraceLen = %d bytes):");
	PrintAndLog(" ETU     :nbits: who bytes");
	PrintAndLog("---------+-----+----+-----------");

	int i = 0;
	int prev = -1;
	int len = strlen(Cmd);

	char filename[FILE_PATH_SIZE]  = { 0x00 };
	FILE* f = NULL;
  	
	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);
   
	if (strlen(filename) > 0) {
		f = fopen(filename,"wb");
		if (!f) {
			PrintAndLog("Error: Could not open file [%s]",filename);
			return 1;
		}
	}

	for (;;) {
  
		if(i >= traceLen) { break; }

		bool isResponse;
		int timestamp = *((uint32_t *)(got+i));
		if (timestamp & 0x80000000) {
			timestamp &= 0x7fffffff;
			isResponse = 1;
		} else {
			isResponse = 0;
		}

		int parityBits = *((uint32_t *)(got+i+4));
		// 4 bytes of additional information...
		// maximum of 32 additional parity bit information
		//
		// TODO:
		// at each quarter bit period we can send power level (16 levels)
		// or each half bit period in 256 levels.

		int bits = got[i+8];
		int len = nbytes(got[i+8]);

		if (len > 100) {
		  break;
		}
		if (i + len > traceLen) { break;}

		uint8_t *frame = (got+i+9);

		// Break and stick with current result if buffer was not completely full
		if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }

		char line[1000] = "";
		int j;
		for (j = 0; j < len; j++) {
		  int oddparity = 0x01;
		  int k;

		  for (k=0;k<8;k++) {
			oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
		  }

		  //if((parityBits >> (len - j - 1)) & 0x01) {
		  if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
			sprintf(line+(j*4), "%02x!  ", frame[j]);
		  }
		  else {
			sprintf(line+(j*4), "%02x   ", frame[j]);
		  }
		}

		PrintAndLog(" +%7d:  %3d: %s %s",
			(prev < 0 ? 0 : (timestamp - prev)),
			bits,
			(isResponse ? "TAG" : "   "),
			line);

		if (f) {
			fprintf(f," +%7d:  %3d: %s %s\n",
				(prev < 0 ? 0 : (timestamp - prev)),
				bits,
				(isResponse ? "TAG" : "   "),
				line);
		}
		
		prev = timestamp;
		i += (len + 9);
	}
  
	if (f) {
		fclose(f);
		PrintAndLog("Recorded activity succesfully written to file: %s", filename);
	}

	free(got);
	return 0;
}

int CmdLFHitagSnoop(const char *Cmd) {
	UsbCommand c = {CMD_SNOOP_HITAG};
	clearCommandBuffer();
	SendCommand(&c);
	return 0;
}

int CmdLFHitagSim(const char *Cmd) {
    
	UsbCommand c = {CMD_SIMULATE_HITAG};
	char filename[FILE_PATH_SIZE] = { 0x00 };
	FILE* f;
	bool tag_mem_supplied;
	
	int len = strlen(Cmd);
	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);

	if (strlen(filename) > 0) {
		f = fopen(filename,"rb+");
		if (!f) {
			PrintAndLog("Error: Could not open file [%s]",filename);
			return 1;
		}
		tag_mem_supplied = true;
		size_t bytes_read = fread(c.d.asBytes, 48, 1, f);
		if ( bytes_read == 0) {
			PrintAndLog("Error: File reading error");
			fclose(f);
			return 1;
		}
		fclose(f);
	} else {
		tag_mem_supplied = false;
	}

	// Does the tag comes with memory
	c.arg[0] = (uint32_t)tag_mem_supplied;
	clearCommandBuffer();
	SendCommand(&c);
	return 0;
}

int CmdLFHitagReader(const char *Cmd) {
	
	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	hitag_data* htd = (hitag_data*)c.d.asBytes;
	hitag_function htf = param_get32ex(Cmd,0,0,10);
	
	switch (htf) {
		case 01: { //RHTSF_CHALLENGE
			c = (UsbCommand){ CMD_READ_HITAG_S };
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case 02: { //RHTSF_KEY
			c = (UsbCommand){ CMD_READ_HITAG_S };
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
		} break;
		case RHT2F_PASSWORD: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
		} break;
		case RHT2F_AUTHENTICATE: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case RHT2F_CRYPTO: {
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
		} break;
		case RHT2F_TEST_AUTH_ATTEMPTS: {
			// No additional parameters needed
		} break;
		default: {
			PrintAndLog("Error: unkown reader function %d",htf);
			PrintAndLog("Hitag reader functions");
			PrintAndLog(" HitagS (0*)");
			PrintAndLog("  01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
			PrintAndLog("  02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
			PrintAndLog(" Hitag1 (1*)");
			PrintAndLog(" Hitag2 (2*)");
			PrintAndLog("  21 <password> (password mode)");
			PrintAndLog("  22 <nr> <ar> (authentication)");
			PrintAndLog("  23 <key> (authentication) key is in format: ISK high + ISK low");
			PrintAndLog("  25 (test recorded authentications)");
			return 1;
		} break;
	}

	// Copy the hitag2 function into the first argument
	c.arg[0] = htf;
	clearCommandBuffer();
	SendCommand(&c);
	UsbCommand resp;
	WaitForResponse(CMD_ACK,&resp);

	// Check the return status, stored in the first argument
	if (resp.arg[0] == false) return 1;

	uint32_t id = bytes_to_num(resp.d.asBytes,4);

	char filename[FILE_PATH_SIZE];
	FILE* f = NULL;
	sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
	f = fopen(filename,"wb");
	if (!f) {
		PrintAndLog("Error: Could not open file [%s]",filename);
		return 1;
	}

	// Write the 48 tag memory bytes to file and finalize
	fwrite(resp.d.asBytes, 1, 48, f);
	fclose(f);
	PrintAndLog("Succesfully saved tag memory to [%s]",filename);
	return 0;
}

int CmdLFHitagSimS(const char *Cmd) {
	UsbCommand c = { CMD_SIMULATE_HITAG_S };
	char filename[FILE_PATH_SIZE] = { 0x00 };
	FILE* f;
	bool tag_mem_supplied;
	int len = strlen(Cmd);
	if (len > FILE_PATH_SIZE)
		len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);

	if (strlen(filename) > 0) {
		f = fopen(filename, "rb+");
		if (!f) {
			PrintAndLog("Error: Could not open file [%s]", filename);
			return 1;
		}
		tag_mem_supplied = true;
		size_t bytes_read = fread(c.d.asBytes, 4*64, 1, f);
		if ( bytes_read == 0) {
			PrintAndLog("Error: File reading error");
			fclose(f);
			return 1;
		}
		fclose(f);
	} else {
		tag_mem_supplied = false;
	}

	// Does the tag comes with memory
	c.arg[0] = (uint32_t) tag_mem_supplied;
	clearCommandBuffer();
	SendCommand(&c);
	return 0;
}

int CmdLFHitagCheckChallenges(const char *Cmd) {
	UsbCommand c = { CMD_TEST_HITAGS_TRACES };
	char filename[FILE_PATH_SIZE] = { 0x00 };
	FILE* f;
	bool file_given;
	int len = strlen(Cmd);
	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);
	
	if (strlen(filename) > 0) {
		f = fopen(filename,"rb+");
		if( !f ) {
			PrintAndLog("Error: Could not open file [%s]", filename);
			return 1;
		}
		file_given = true;
		size_t bytes_read = fread(c.d.asBytes, 8*60, 1, f);
		if ( bytes_read == 0) {
			PrintAndLog("Error: File reading error");
			fclose(f);
			return 1;
        }
		fclose(f);
	} else {
		file_given = false;
	}
	
	//file with all the challenges to try
	c.arg[0] = (uint32_t)file_given;
	clearCommandBuffer();
	SendCommand(&c);
	return 0;
}

int CmdLFHitagWP(const char *Cmd) {
	UsbCommand c = { CMD_WR_HITAG_S };
	hitag_data* htd = (hitag_data*)c.d.asBytes;
	hitag_function htf = param_get32ex(Cmd,0,0,10);
	switch (htf) {
		case 03: { //WHTSF_CHALLENGE
			num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
		} break;
		case 04: { //WHTSF_KEY
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);

		} break;
		default: {
			PrintAndLog("Error: unkown writer function %d",htf);
			PrintAndLog("Hitag writer functions");
			PrintAndLog(" HitagS (0*)");
			PrintAndLog("  03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
			PrintAndLog("  04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
			PrintAndLog(" Hitag1 (1*)");
			PrintAndLog(" Hitag2 (2*)");
			return 1;
		} break;
	}
	// Copy the hitag function into the first argument
	c.arg[0] = htf;

	clearCommandBuffer();
	SendCommand(&c);
	UsbCommand resp;
	WaitForResponse(CMD_ACK,&resp);

	// Check the return status, stored in the first argument
	if (resp.arg[0] == false) return 1;
	return 0;
}

static command_t CommandTable[] = 
{
	{"help",    CmdHelp,           1, "This help"},
	{"list",    CmdLFHitagList,    1, "<outfile> List Hitag trace history"},
	{"reader",  CmdLFHitagReader,  1, "Act like a Hitag Reader"},
	{"sim",     CmdLFHitagSim,     1, "<infile> Simulate Hitag transponder"},
	{"snoop",   CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
  {"writer",   		CmdLFHitagWP,      1, "Act like a Hitag Writer" },
  {"simS",   		CmdLFHitagSimS,    1, "<hitagS.hts> Simulate HitagS transponder" }, 
  {"checkChallenges",	CmdLFHitagCheckChallenges,   1, "<challenges.cc> test all challenges" }, {
				NULL,NULL, 0, NULL }
};

int CmdLFHitag(const char *Cmd) {
	clearCommandBuffer();
	CmdsParse(CommandTable, Cmd);
	return 0;
}

int CmdHelp(const char *Cmd) {
	CmdsHelp(CommandTable);
	return 0;
}
Commit	Line	Data
db09cb3a	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2012 Roel Verdult
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Low frequency Hitag support
	9	//-----------------------------------------------------------------------------
	10
	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
	14	#include "data.h"
902cb3c0	15	#include "proxmark3.h"
db09cb3a	16	#include "ui.h"
	17	#include "cmdparser.h"
	18	#include "common.h"
	19	#include "util.h"
	20	#include "hitag2.h"
0db11b71	21	#include "hitagS.h"
902cb3c0	22	#include "sleep.h"
902cb3c0	23	#include "cmdmain.h"
db09cb3a	24
	25	static int CmdHelp(const char *Cmd);
	26
47e18126	27	size_t nbytes(size_t nbits) {
	28	return (nbits/8)+((nbits%8)>0);
	29	}
	30
cd777a05	31	int CmdLFHitagList(const char *Cmd) {
f71f4deb	32	uint8_t *got = malloc(USB_CMD_DATA_SIZE);
	33
	34	// Query for the actual size of the trace
	35	UsbCommand response;
	36	GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0);
	37	WaitForResponse(CMD_ACK, &response);
	38	uint16_t traceLen = response.arg[2];
	39	if (traceLen > USB_CMD_DATA_SIZE) {
	40	uint8_t *p = realloc(got, traceLen);
	41	if (p == NULL) {
	42	PrintAndLog("Cannot allocate memory for trace");
	43	free(got);
	44	return 2;
	45	}
	46	got = p;
	47	GetFromBigBuf(got, traceLen, 0);
	48	WaitForResponse(CMD_ACK,NULL);
	49	}
	50
	51	PrintAndLog("recorded activity (TraceLen = %d bytes):");
	52	PrintAndLog(" ETU :nbits: who bytes");
	53	PrintAndLog("---------+-----+----+-----------");
db09cb3a	54
f71f4deb	55	int i = 0;
	56	int prev = -1;
	57	int len = strlen(Cmd);
b915fda3	58
f71f4deb	59	char filename[FILE_PATH_SIZE] = { 0x00 };
cd777a05	60	FILE* f = NULL;
b915fda3	61
09181a54	62	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
f71f4deb	63	memcpy(filename, Cmd, len);
b915fda3	64
f71f4deb	65	if (strlen(filename) > 0) {
cd777a05	66	f = fopen(filename,"wb");
cd777a05	67	if (!f) {
f71f4deb	68	PrintAndLog("Error: Could not open file [%s]",filename);
	69	return 1;
	70	}
b915fda3	71	}
db09cb3a	72
f71f4deb	73	for (;;) {
b915fda3	74
ab7bb494	75	if(i >= traceLen) { break; }
f71f4deb	76
	77	bool isResponse;
	78	int timestamp = ((uint32_t )(got+i));
	79	if (timestamp & 0x80000000) {
	80	timestamp &= 0x7fffffff;
	81	isResponse = 1;
	82	} else {
	83	isResponse = 0;
	84	}
	85
	86	int parityBits = ((uint32_t )(got+i+4));
	87	// 4 bytes of additional information...
	88	// maximum of 32 additional parity bit information
	89	//
	90	// TODO:
	91	// at each quarter bit period we can send power level (16 levels)
	92	// or each half bit period in 256 levels.
	93
	94	int bits = got[i+8];
	95	int len = nbytes(got[i+8]);
	96
	97	if (len > 100) {
	98	break;
	99	}
	100	if (i + len > traceLen) { break;}
	101
	102	uint8_t *frame = (got+i+9);
	103
	104	// Break and stick with current result if buffer was not completely full
	105	if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
	106
	107	char line[1000] = "";
	108	int j;
	109	for (j = 0; j < len; j++) {
	110	int oddparity = 0x01;
	111	int k;
	112
	113	for (k=0;k<8;k++) {
	114	oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
	115	}
	116
	117	//if((parityBits >> (len - j - 1)) & 0x01) {
	118	if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
	119	sprintf(line+(j*4), "%02x! ", frame[j]);
	120	}
	121	else {
	122	sprintf(line+(j*4), "%02x ", frame[j]);
	123	}
	124	}
	125
	126	PrintAndLog(" +%7d: %3d: %s %s",
	127	(prev < 0 ? 0 : (timestamp - prev)),
	128	bits,
	129	(isResponse ? "TAG" : " "),
	130	line);
	131
cd777a05	132	if (f) {
cd777a05	133	fprintf(f," +%7d: %3d: %s %s\n",
f71f4deb	134	(prev < 0 ? 0 : (timestamp - prev)),
	135	bits,
	136	(isResponse ? "TAG" : " "),
	137	line);
	138	}
	139
	140	prev = timestamp;
	141	i += (len + 9);
	142	}
2d495a81	143
cd777a05	144	if (f) {
cd777a05	145	fclose(f);
f71f4deb	146	PrintAndLog("Recorded activity succesfully written to file: %s", filename);
f71f4deb	147	}
97d582a6	148
f71f4deb	149	free(got);
f71f4deb	150	return 0;
db09cb3a	151	}
	152
	153	int CmdLFHitagSnoop(const char *Cmd) {
09181a54	154	UsbCommand c = {CMD_SNOOP_HITAG};
	155	clearCommandBuffer();
	156	SendCommand(&c);
	157	return 0;
db09cb3a	158	}
	159
	160	int CmdLFHitagSim(const char *Cmd) {
b915fda3	161
09181a54	162	UsbCommand c = {CMD_SIMULATE_HITAG};
b915fda3	163	char filename[FILE_PATH_SIZE] = { 0x00 };
cd777a05	164	FILE* f;
db09cb3a	165	bool tag_mem_supplied;
09181a54	166
b915fda3	167	int len = strlen(Cmd);
	168	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	169	memcpy(filename, Cmd, len);
09181a54	170
db09cb3a	171	if (strlen(filename) > 0) {
cd777a05	172	f = fopen(filename,"rb+");
cd777a05	173	if (!f) {
db09cb3a	174	PrintAndLog("Error: Could not open file [%s]",filename);
	175	return 1;
	176	}
	177	tag_mem_supplied = true;
cd777a05	178	size_t bytes_read = fread(c.d.asBytes, 48, 1, f);
841d7af0	179	if ( bytes_read == 0) {
09181a54	180	PrintAndLog("Error: File reading error");
cd777a05	181	fclose(f);
759c16b3	182	return 1;
09181a54	183	}
cd777a05	184	fclose(f);
db09cb3a	185	} else {
	186	tag_mem_supplied = false;
	187	}
09181a54	188
db09cb3a	189	// Does the tag comes with memory
db09cb3a	190	c.arg[0] = (uint32_t)tag_mem_supplied;
09181a54	191	clearCommandBuffer();
	192	SendCommand(&c);
	193	return 0;
db09cb3a	194	}
	195
	196	int CmdLFHitagReader(const char *Cmd) {
db09cb3a	197
db09cb3a	198	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	199	hitag_data* htd = (hitag_data*)c.d.asBytes;
	200	hitag_function htf = param_get32ex(Cmd,0,0,10);
	201
	202	switch (htf) {
0db11b71	203	case 01: { //RHTSF_CHALLENGE
	204	c = (UsbCommand){ CMD_READ_HITAG_S };
	205	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
	206	num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	207	} break;
	208	case 02: { //RHTSF_KEY
	209	c = (UsbCommand){ CMD_READ_HITAG_S };
	210	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
	211	} break;
db09cb3a	212	case RHT2F_PASSWORD: {
	213	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
	214	} break;
	215	case RHT2F_AUTHENTICATE: {
	216	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
	217	num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	218	} break;
bde10a50	219	case RHT2F_CRYPTO: {
bde10a50	220	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
bde10a50	221	} break;
db09cb3a	222	case RHT2F_TEST_AUTH_ATTEMPTS: {
	223	// No additional parameters needed
	224	} break;
	225	default: {
	226	PrintAndLog("Error: unkown reader function %d",htf);
ab4da50d	227	PrintAndLog("Hitag reader functions");
ab4da50d	228	PrintAndLog(" HitagS (0*)");
0db11b71	229	PrintAndLog(" 01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
0db11b71	230	PrintAndLog(" 02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
ab4da50d	231	PrintAndLog(" Hitag1 (1*)");
	232	PrintAndLog(" Hitag2 (2*)");
	233	PrintAndLog(" 21 <password> (password mode)");
	234	PrintAndLog(" 22 <nr> <ar> (authentication)");
	235	PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
	236	PrintAndLog(" 25 (test recorded authentications)");
db09cb3a	237	return 1;
	238	} break;
	239	}
	240
	241	// Copy the hitag2 function into the first argument
	242	c.arg[0] = htf;
09181a54	243	clearCommandBuffer();
09181a54	244	SendCommand(&c);
09181a54	245	UsbCommand resp;
	246	WaitForResponse(CMD_ACK,&resp);
	247
	248	// Check the return status, stored in the first argument
	249	if (resp.arg[0] == false) return 1;
	250
	251	uint32_t id = bytes_to_num(resp.d.asBytes,4);
09181a54	252
cd777a05	253	char filename[FILE_PATH_SIZE];
cd777a05	254	FILE* f = NULL;
09181a54	255	sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
cd777a05	256	f = fopen(filename,"wb");
cd777a05	257	if (!f) {
09181a54	258	PrintAndLog("Error: Could not open file [%s]",filename);
	259	return 1;
	260	}
	261
	262	// Write the 48 tag memory bytes to file and finalize
cd777a05	263	fwrite(resp.d.asBytes, 1, 48, f);
cd777a05	264	fclose(f);
09181a54	265	PrintAndLog("Succesfully saved tag memory to [%s]",filename);
09181a54	266	return 0;
db09cb3a	267	}
db09cb3a	268
0db11b71	269	int CmdLFHitagSimS(const char *Cmd) {
	270	UsbCommand c = { CMD_SIMULATE_HITAG_S };
	271	char filename[FILE_PATH_SIZE] = { 0x00 };
cd777a05	272	FILE* f;
0db11b71	273	bool tag_mem_supplied;
	274	int len = strlen(Cmd);
	275	if (len > FILE_PATH_SIZE)
	276	len = FILE_PATH_SIZE;
	277	memcpy(filename, Cmd, len);
	278
	279	if (strlen(filename) > 0) {
cd777a05	280	f = fopen(filename, "rb+");
cd777a05	281	if (!f) {
0db11b71	282	PrintAndLog("Error: Could not open file [%s]", filename);
	283	return 1;
	284	}
	285	tag_mem_supplied = true;
cd777a05	286	size_t bytes_read = fread(c.d.asBytes, 4*64, 1, f);
cd777a05	287	if ( bytes_read == 0) {
0db11b71	288	PrintAndLog("Error: File reading error");
cd777a05	289	fclose(f);
0db11b71	290	return 1;
0db11b71	291	}
cd777a05	292	fclose(f);
0db11b71	293	} else {
	294	tag_mem_supplied = false;
	295	}
	296
	297	// Does the tag comes with memory
	298	c.arg[0] = (uint32_t) tag_mem_supplied;
cd777a05	299	clearCommandBuffer();
0db11b71	300	SendCommand(&c);
	301	return 0;
	302	}
	303
	304	int CmdLFHitagCheckChallenges(const char *Cmd) {
	305	UsbCommand c = { CMD_TEST_HITAGS_TRACES };
	306	char filename[FILE_PATH_SIZE] = { 0x00 };
cd777a05	307	FILE* f;
0db11b71	308	bool file_given;
	309	int len = strlen(Cmd);
	310	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	311	memcpy(filename, Cmd, len);
	312
	313	if (strlen(filename) > 0) {
cd777a05	314	f = fopen(filename,"rb+");
	315	if( !f ) {
	316	PrintAndLog("Error: Could not open file [%s]", filename);
0db11b71	317	return 1;
	318	}
	319	file_given = true;
cd777a05	320	size_t bytes_read = fread(c.d.asBytes, 8*60, 1, f);
	321	if ( bytes_read == 0) {
	322	PrintAndLog("Error: File reading error");
	323	fclose(f);
0db11b71	324	return 1;
0db11b71	325	}
cd777a05	326	fclose(f);
0db11b71	327	} else {
	328	file_given = false;
	329	}
	330
	331	//file with all the challenges to try
	332	c.arg[0] = (uint32_t)file_given;
cd777a05	333	clearCommandBuffer();
	334	SendCommand(&c);
	335	return 0;
0db11b71	336	}
0db11b71	337
0db11b71	338	int CmdLFHitagWP(const char *Cmd) {
	339	UsbCommand c = { CMD_WR_HITAG_S };
	340	hitag_data* htd = (hitag_data*)c.d.asBytes;
	341	hitag_function htf = param_get32ex(Cmd,0,0,10);
	342	switch (htf) {
	343	case 03: { //WHTSF_CHALLENGE
	344	num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
	345	c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
	346	num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
	347	} break;
	348	case 04: { //WHTSF_KEY
	349	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
	350	c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
	351	num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
	352
	353	} break;
	354	default: {
	355	PrintAndLog("Error: unkown writer function %d",htf);
	356	PrintAndLog("Hitag writer functions");
	357	PrintAndLog(" HitagS (0*)");
	358	PrintAndLog(" 03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
	359	PrintAndLog(" 04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
	360	PrintAndLog(" Hitag1 (1*)");
	361	PrintAndLog(" Hitag2 (2*)");
	362	return 1;
	363	} break;
	364	}
	365	// Copy the hitag function into the first argument
	366	c.arg[0] = htf;
	367
cd777a05	368	clearCommandBuffer();
	369	SendCommand(&c);
	370	UsbCommand resp;
	371	WaitForResponse(CMD_ACK,&resp);
0db11b71	372
cd777a05	373	// Check the return status, stored in the first argument
	374	if (resp.arg[0] == false) return 1;
	375	return 0;
	376	}
0db11b71	377
	378	static command_t CommandTable[] =
	379	{
09181a54	380	{"help", CmdHelp, 1, "This help"},
	381	{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
	382	{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
	383	{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
	384	{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
0db11b71	385	{"writer", CmdLFHitagWP, 1, "Act like a Hitag Writer" },
	386	{"simS", CmdLFHitagSimS, 1, "<hitagS.hts> Simulate HitagS transponder" },
	387	{"checkChallenges", CmdLFHitagCheckChallenges, 1, "<challenges.cc> test all challenges" }, {
	388	NULL,NULL, 0, NULL }
db09cb3a	389	};
db09cb3a	390
4c36581b	391	int CmdLFHitag(const char *Cmd) {
4c36581b	392	clearCommandBuffer();
09181a54	393	CmdsParse(CommandTable, Cmd);
09181a54	394	return 0;
db09cb3a	395	}
db09cb3a	396
4c36581b	397	int CmdHelp(const char *Cmd) {
09181a54	398	CmdsHelp(CommandTable);
09181a54	399	return 0;
db09cb3a	400	}