]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhf14b.c
projects / proxmark3-svn / blob
? search:


21a4e1799eec516c84d094067e9f4bf1c15db2f6
[proxmark3-svn] / client / cmdhf14b.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // High frequency ISO14443B commands
9 //-----------------------------------------------------------------------------
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <stdbool.h>
14 #include <string.h>
15 #include <stdint.h>
16 #include "iso14443crc.h"
17 #include "proxmark3.h"
18 #include "data.h"
19 #include "graph.h"
20 #include "util.h"
21 #include "ui.h"
22 #include "cmdparser.h"
23 #include "cmdhf14b.h"
24 #include "cmdmain.h"
25
26 static int CmdHelp(const char *Cmd);
27
28 int CmdHF14BDemod(const char *Cmd)
29 {
30 int i, j, iold;
31 int isum, qsum;
32 int outOfWeakAt;
33 bool negateI, negateQ;
34
35 uint8_t data[256];
36 int dataLen = 0;
37
38 // As received, the samples are pairs, correlations against I and Q
39 // square waves. So estimate angle of initial carrier (or just
40 // quadrant, actually), and then do the demod.
41
42 // First, estimate where the tag starts modulating.
43 for (i = 0; i < GraphTraceLen; i += 2) {
44 if (abs(GraphBuffer[i]) + abs(GraphBuffer[i + 1]) > 40) {
45 break;
46 }
47 }
48 if (i >= GraphTraceLen) {
49 PrintAndLog("too weak to sync");
50 return 0;
51 }
52 PrintAndLog("out of weak at %d", i);
53 outOfWeakAt = i;
54
55 // Now, estimate the phase in the initial modulation of the tag
56 isum = 0;
57 qsum = 0;
58 for (; i < (outOfWeakAt + 16); i += 2) {
59 isum += GraphBuffer[i + 0];
60 qsum += GraphBuffer[i + 1];
61 }
62 negateI = (isum < 0);
63 negateQ = (qsum < 0);
64
65 // Turn the correlation pairs into soft decisions on the bit.
66 j = 0;
67 for (i = 0; i < GraphTraceLen / 2; i++) {
68 int si = GraphBuffer[j];
69 int sq = GraphBuffer[j + 1];
70 if (negateI) si = -si;
71 if (negateQ) sq = -sq;
72 GraphBuffer[i] = si + sq;
73 j += 2;
74 }
75 GraphTraceLen = i;
76
77 i = outOfWeakAt / 2;
78 while (GraphBuffer[i] > 0 && i < GraphTraceLen)
79 i++;
80 if (i >= GraphTraceLen) goto demodError;
81
82 iold = i;
83 while (GraphBuffer[i] < 0 && i < GraphTraceLen)
84 i++;
85 if (i >= GraphTraceLen) goto demodError;
86 if ((i - iold) > 23) goto demodError;
87
88 PrintAndLog("make it to demod loop");
89
90 for (;;) {
91 iold = i;
92 while (GraphBuffer[i] >= 0 && i < GraphTraceLen)
93 i++;
94 if (i >= GraphTraceLen) goto demodError;
95 if ((i - iold) > 6) goto demodError;
96
97 uint16_t shiftReg = 0;
98 if (i + 20 >= GraphTraceLen) goto demodError;
99
100 for (j = 0; j < 10; j++) {
101 int soft = GraphBuffer[i] + GraphBuffer[i + 1];
102
103 if (abs(soft) < (abs(isum) + abs(qsum)) / 20) {
104 PrintAndLog("weak bit");
105 }
106
107 shiftReg >>= 1;
108 if(GraphBuffer[i] + GraphBuffer[i+1] >= 0) {
109 shiftReg |= 0x200;
110 }
111
112 i+= 2;
113 }
114
115 if ((shiftReg & 0x200) && !(shiftReg & 0x001))
116 {
117 // valid data byte, start and stop bits okay
118 PrintAndLog(" %02x", (shiftReg >> 1) & 0xff);
119 data[dataLen++] = (shiftReg >> 1) & 0xff;
120 if (dataLen >= sizeof(data)) {
121 return 0;
122 }
123 } else if (shiftReg == 0x000) {
124 // this is EOF
125 break;
126 } else {
127 goto demodError;
128 }
129 }
130
131 uint8_t first, second;
132 ComputeCrc14443(CRC_14443_B, data, dataLen-2, &first, &second);
133 PrintAndLog("CRC: %02x %02x (%s)\n", first, second,
134 (first == data[dataLen-2] && second == data[dataLen-1]) ?
135 "ok" : "****FAIL****");
136
137 RepaintGraphWindow();
138 return 0;
139
140 demodError:
141 PrintAndLog("demod error");
142 RepaintGraphWindow();
143 return 0;
144 }
145
146 int CmdHF14BList(const char *Cmd)
147 {
148 PrintAndLog("Deprecated command, use 'hf list 14b' instead");
149
150 return 0;
151 }
152 int CmdHF14BRead(const char *Cmd)
153 {
154 UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443, {strtol(Cmd, NULL, 0), 0, 0}};
155 SendCommand(&c);
156 return 0;
157 }
158
159 int CmdHF14Sim(const char *Cmd)
160 {
161 UsbCommand c={CMD_SIMULATE_TAG_ISO_14443};
162 SendCommand(&c);
163 return 0;
164 }
165
166 int CmdHFSimlisten(const char *Cmd)
167 {
168 UsbCommand c = {CMD_SIMULATE_TAG_HF_LISTEN};
169 SendCommand(&c);
170 return 0;
171 }
172
173 int CmdHF14BSnoop(const char *Cmd)
174 {
175 UsbCommand c = {CMD_SNOOP_ISO_14443};
176 SendCommand(&c);
177 return 0;
178 }
179
180 /* New command to read the contents of a SRI512 tag
181 * SRI512 tags are ISO14443-B modulated memory tags,
182 * this command just dumps the contents of the memory
183 */
184 int CmdSri512Read(const char *Cmd)
185 {
186 UsbCommand c = {CMD_READ_SRI512_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
187 SendCommand(&c);
188 return 0;
189 }
190
191 /* New command to read the contents of a SRIX4K tag
192 * SRIX4K tags are ISO14443-B modulated memory tags,
193 * this command just dumps the contents of the memory/
194 */
195 int CmdSrix4kRead(const char *Cmd)
196 {
197 UsbCommand c = {CMD_READ_SRIX4K_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
198 SendCommand(&c);
199 return 0;
200 }
201
202 int CmdHF14BCmdRaw (const char *cmd) {
203 UsbCommand resp;
204 uint8_t *recv;
205 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}}; // len,recv?
206 uint8_t reply=1;
207 uint8_t crc=0;
208 uint8_t power=0;
209 char buf[5]="";
210 int i=0;
211 uint8_t data[100] = {0x00};
212 unsigned int datalen=0, temp;
213 char *hexout;
214
215 if (strlen(cmd)<3) {
216 PrintAndLog("Usage: hf 14b raw [-r] [-c] [-p] <0A 0B 0C ... hex>");
217 PrintAndLog(" -r do not read response");
218 PrintAndLog(" -c calculate and append CRC");
219 PrintAndLog(" -p leave the field on after receive");
220 return 0;
221 }
222
223 // strip
224 while (*cmd==' ' || *cmd=='\t') cmd++;
225
226 while (cmd[i]!='\0') {
227 if (cmd[i]==' ' || cmd[i]=='\t') { i++; continue; }
228 if (cmd[i]=='-') {
229 switch (cmd[i+1]) {
230 case 'r':
231 case 'R':
232 reply=0;
233 break;
234 case 'c':
235 case 'C':
236 crc=1;
237 break;
238 case 'p':
239 case 'P':
240 power=1;
241 break;
242 default:
243 PrintAndLog("Invalid option");
244 return 0;
245 }
246 i+=2;
247 continue;
248 }
249 if ((cmd[i]>='0' && cmd[i]<='9') ||
250 (cmd[i]>='a' && cmd[i]<='f') ||
251 (cmd[i]>='A' && cmd[i]<='F') ) {
252 buf[strlen(buf)+1]=0;
253 buf[strlen(buf)]=cmd[i];
254 i++;
255
256 if (strlen(buf)>=2) {
257 sscanf(buf,"%x",&temp);
258 data[datalen]=(uint8_t)(temp & 0xff);
259 datalen++;
260 *buf=0;
261 }
262 continue;
263 }
264 PrintAndLog("Invalid char on input");
265 return 1;
266 }
267 if (datalen == 0)
268 {
269 PrintAndLog("Missing data input");
270 return 0;
271 }
272 if(crc)
273 {
274 uint8_t first, second;
275 ComputeCrc14443(CRC_14443_B, data, datalen, &first, &second);
276 data[datalen++] = first;
277 data[datalen++] = second;
278 }
279
280 c.arg[0] = datalen;
281 c.arg[1] = reply;
282 c.arg[2] = power;
283 memcpy(c.d.asBytes,data,datalen);
284
285 SendCommand(&c);
286
287 if (reply) {
288 if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
289 recv = resp.d.asBytes;
290 PrintAndLog("received %i octets",resp.arg[0]);
291 if(resp.arg[0] == 0)
292 return 0;
293 hexout = (char *)malloc(resp.arg[0] * 3 + 1);
294 if (hexout != NULL) {
295 uint8_t first, second;
296 for (int i = 0; i < resp.arg[0]; i++) { // data in hex
297 sprintf(&hexout[i * 3], "%02X ", recv[i]);
298 }
299 PrintAndLog("%s", hexout);
300 free(hexout);
301 if (resp.arg[0] > 2) {
302 ComputeCrc14443(CRC_14443_B, recv, resp.arg[0]-2, &first, &second);
303 if(recv[resp.arg[0]-2]==first && recv[resp.arg[0]-1]==second) {
304 PrintAndLog("CRC OK");
305 } else {
306 PrintAndLog("CRC failed");
307 }
308 }
309 } else {
310 PrintAndLog("malloc failed your client has low memory?");
311 }
312 } else {
313 PrintAndLog("timeout while waiting for reply.");
314 }
315 } // if reply
316 return 0;
317 }
318
319 int CmdHF14BWrite( const char *Cmd){
320
321 /*
322 * For SRIX4K blocks 00 - 7F
323 * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
324 *
325 * For SR512 blocks 00 - 0F
326 * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
327 *
328 * Special block FF = otp_lock_reg block.
329 * Data len 4 bytes-
330 */
331 char cmdp = param_getchar(Cmd, 0);
332 uint8_t blockno = -1;
333 uint8_t data[4] = {0x00};
334 bool isSrix4k = true;
335 char str[20];
336
337 if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') {
338 PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
339 PrintAndLog(" [1 = SRIX4K]");
340 PrintAndLog(" [2 = SRI512]");
341 PrintAndLog(" [BLOCK number depends on tag, special block == FF]");
342 PrintAndLog(" sample: hf 14b write 1 7F 11223344");
343 PrintAndLog(" : hf 14b write 1 FF 11223344");
344 PrintAndLog(" : hf 14b write 2 15 11223344");
345 PrintAndLog(" : hf 14b write 2 FF 11223344");
346 return 0;
347 }
348
349 if ( cmdp == '2' )
350 isSrix4k = false;
351
352 //blockno = param_get8(Cmd, 1);
353
354 if ( param_gethex(Cmd,1, &blockno, 2) ) {
355 PrintAndLog("Block number must include 2 HEX symbols");
356 return 0;
357 }
358
359 if ( isSrix4k ){
360 if ( blockno > 0x7f && blockno != 0xff ){
361 PrintAndLog("Block number out of range");
362 return 0;
363 }
364 } else {
365 if ( blockno > 0x0f && blockno != 0xff ){
366 PrintAndLog("Block number out of range");
367 return 0;
368 }
369 }
370
371 if (param_gethex(Cmd, 2, data, 8)) {
372 PrintAndLog("Data must include 8 HEX symbols");
373 return 0;
374 }
375
376 if ( blockno == 0xff)
377 PrintAndLog("[%s] Write special block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512" , blockno, sprint_hex(data,4) );
378 else
379 PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data,4) );
380
381 sprintf(str, "-c 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
382
383 CmdHF14BCmdRaw(str);
384 return 0;
385 }
386
387 static command_t CommandTable[] =
388 {
389 {"help", CmdHelp, 1, "This help"},
390 {"demod", CmdHF14BDemod, 1, "Demodulate ISO14443 Type B from tag"},
391 {"list", CmdHF14BList, 0, "[Deprecated] List ISO 14443b history"},
392 {"read", CmdHF14BRead, 0, "Read HF tag (ISO 14443)"},
393 {"sim", CmdHF14Sim, 0, "Fake ISO 14443 tag"},
394 {"simlisten", CmdHFSimlisten, 0, "Get HF samples as fake tag"},
395 {"snoop", CmdHF14BSnoop, 0, "Eavesdrop ISO 14443"},
396 {"sri512read", CmdSri512Read, 0, "Read contents of a SRI512 tag"},
397 {"srix4kread", CmdSrix4kRead, 0, "Read contents of a SRIX4K tag"},
398 {"raw", CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
399 {"write", CmdHF14BWrite, 0, "Write data to a SRI512 | SRIX4K tag"},
400 {NULL, NULL, 0, NULL}
401 };
402
403 int CmdHF14B(const char *Cmd)
404 {
405 CmdsParse(CommandTable, Cmd);
406 return 0;
407 }
408
409 int CmdHelp(const char *Cmd)
410 {
411 CmdsHelp(CommandTable);
412 return 0;
413 }
Proxmark3 GIT tracking
Impressum, Datenschutz