1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>, Hagen Fritsch
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // High frequency ISO14443A commands
9 //-----------------------------------------------------------------------------
15 #include "iso14443crc.h"
19 #include "cmdparser.h"
24 static int CmdHelp(const char *Cmd
);
26 int CmdHF14AList(const char *Cmd
)
29 GetFromBigBuf(got
, sizeof(got
));
31 PrintAndLog("recorded activity:");
32 PrintAndLog(" ETU :rssi: who bytes");
33 PrintAndLog("---------+----+----+-----------");
44 int timestamp
= *((uint32_t *)(got
+i
));
45 if (timestamp
& 0x80000000) {
46 timestamp
&= 0x7fffffff;
53 int parityBits
= *((uint32_t *)(got
+i
+4));
54 // 4 bytes of additional information...
55 // maximum of 32 additional parity bit information
58 // at each quarter bit period we can send power level (16 levels)
59 // or each half bit period in 256 levels.
67 if (i
+ len
>= 1900) {
71 uint8_t *frame
= (got
+i
+9);
73 // Break and stick with current result if buffer was not completely full
74 if (frame
[0] == 0x44 && frame
[1] == 0x44 && frame
[3] == 0x44) { break; }
78 for (j
= 0; j
< len
; j
++) {
83 oddparity
^= (((frame
[j
] & 0xFF) >> k
) & 0x01);
86 //if((parityBits >> (len - j - 1)) & 0x01) {
87 if (isResponse
&& (oddparity
!= ((parityBits
>> (len
- j
- 1)) & 0x01))) {
88 sprintf(line
+(j
*4), "%02x! ", frame
[j
]);
91 sprintf(line
+(j
*4), "%02x ", frame
[j
]);
99 for (j
= 0; j
< (len
- 1); j
++) {
100 // gives problems... search for the reason..
101 /*if(frame[j] == 0xAA) {
104 crc = "[1] Two drops close after each other";
107 crc = "[2] Potential SOC with a drop in second half of bitperiod";
110 crc = "[3] Segment Z after segment X is not possible";
113 crc = "[4] Parity bit of a fully received byte was wrong";
116 crc = "[?] Unknown error";
123 if (strlen(crc
)==0) {
124 ComputeCrc14443(CRC_14443_A
, frame
, len
-2, &b1
, &b2
);
125 if (b1
!= frame
[len
-2] || b2
!= frame
[len
-1]) {
126 crc
= (isResponse
& (len
< 6)) ? "" : " !crc";
135 char metricString
[100];
137 sprintf(metricString
, "%3d", metric
);
139 strcpy(metricString
, " ");
142 PrintAndLog(" +%7d: %s: %s %s %s",
143 (prev
< 0 ? 0 : (timestamp
- prev
)),
145 (isResponse
? "TAG" : " "), line
, crc
);
153 void iso14a_set_timeout(uint32_t timeout
) {
154 UsbCommand c
= {CMD_READER_ISO_14443a
, {ISO14A_SET_TIMEOUT
, 0, timeout
}};
158 int CmdHF14AMifare(const char *Cmd
)
160 UsbCommand c
= {CMD_READER_MIFARE
, {strtol(Cmd
, NULL
, 0), 0, 0}};
165 int CmdHF14AMfWrBl(const char *Cmd
)
170 uint8_t key
[6] = {0, 0, 0, 0, 0, 0};
171 uint8_t bldata
[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
173 const char *cmdp
= Cmd
;
174 const char *cmdpe
= Cmd
;
177 PrintAndLog("Usage: hf 14 mfwrbl <block number> <key A/B> <key (12 hex symbols)> <block data (32 hex symbols)>");
178 PrintAndLog(" sample: hf 14a mfwrbl 0 A FFFFFFFFFFFF 000102030405060708090A0B0C0D0E0F");
181 PrintAndLog("l: %s", Cmd
);
184 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
185 blockNo
= strtol(cmdp
, NULL
, 0) & 0xff;
188 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
189 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
190 if (*cmdp
!= 'A' && *cmdp
!= 'a') {
195 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
196 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
198 // next value here:cmdpe
200 while (*cmdpe
!=' ' && *cmdpe
!='\t') cmdpe
++;
201 while (*cmdpe
==' ' || *cmdpe
=='\t') cmdpe
++;
203 if ((int)cmdpe
- (int)cmdp
!= 13) {
204 PrintAndLog("Length of key must be 12 hex symbols");
208 for(i
= 0; i
< 6; i
++) {
209 sscanf((char[]){cmdp
[0],cmdp
[1],0},"%X",&temp
);
210 key
[i
] = temp
& 0xff;
216 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
217 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
219 if (strlen(cmdp
) != 32) {
220 PrintAndLog("Length of block data must be 32 hex symbols");
224 for(i
= 0; i
< 16; i
++) {
225 sscanf((char[]){cmdp
[0],cmdp
[1],0},"%X",&temp
);
226 bldata
[i
] = temp
& 0xff;
230 PrintAndLog(" block no:%02x key type:%02x key:%s", blockNo
, keyType
, sprint_hex(key
, 6));
231 PrintAndLog(" data: %s", sprint_hex(bldata
, 16));
233 UsbCommand c
= {CMD_MIFARE_WRITEBL
, {blockNo
, keyType
, 0}};
234 memcpy(c
.d
.asBytes
, key
, 6);
235 memcpy(c
.d
.asBytes
+ 10, bldata
, 16);
237 UsbCommand
* resp
= WaitForResponseTimeout(CMD_ACK
, 1500);
240 uint8_t isOK
= resp
->arg
[0] & 0xff;
242 PrintAndLog("isOk:%02x", isOK
);
244 PrintAndLog("Command execute timeout");
250 int CmdHF14AMfRdBl(const char *Cmd
)
255 uint8_t key
[6] = {0, 0, 0, 0, 0, 0};
257 const char *cmdp
= Cmd
;
261 PrintAndLog("Usage: hf 14 mfrdbl <block number> <key A/B> <key (12 hex symbols)>");
262 PrintAndLog(" sample: hf 14a mfrdbl 0 A FFFFFFFFFFFF ");
267 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
268 blockNo
= strtol(cmdp
, NULL
, 0) & 0xff;
271 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
272 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
273 if (*cmdp
!= 'A' && *cmdp
!= 'a') {
278 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
279 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
281 if (strlen(cmdp
) != 12) {
282 PrintAndLog("Length of key must be 12 hex symbols");
286 for(i
= 0; i
< 6; i
++) {
287 sscanf((char[]){cmdp
[0],cmdp
[1],0},"%X",&temp
);
288 key
[i
] = temp
& 0xff;
292 PrintAndLog(" block no:%02x key type:%02x key:%s ", blockNo
, keyType
, sprint_hex(key
, 6));
294 UsbCommand c
= {CMD_MIFARE_READBL
, {blockNo
, keyType
, 0}};
295 memcpy(c
.d
.asBytes
, key
, 6);
297 UsbCommand
* resp
= WaitForResponseTimeout(CMD_ACK
, 1500);
300 uint8_t isOK
= resp
->arg
[0] & 0xff;
301 uint8_t * data
= resp
->d
.asBytes
;
303 PrintAndLog("isOk:%02x data:%s", isOK
, sprint_hex(data
, 16));
305 PrintAndLog("Command execute timeout");
311 int CmdHF14AMfRdSc(const char *Cmd
)
314 uint8_t sectorNo
= 0;
316 uint8_t key
[6] = {0, 0, 0, 0, 0, 0};
318 const char *cmdp
= Cmd
;
322 PrintAndLog("Usage: hf 14 mfrdsc <sector number> <key A/B> <key (12 hex symbols)>");
323 PrintAndLog(" sample: hf 14a mfrdsc 0 A FFFFFFFFFFFF ");
328 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
329 sectorNo
= strtol(cmdp
, NULL
, 0) & 0xff;
332 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
333 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
334 if (*cmdp
!= 'A' && *cmdp
!= 'a') {
339 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
340 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
342 if (strlen(cmdp
) != 12) {
343 PrintAndLog("Length of key must be 12 hex symbols");
347 for(i
= 0; i
< 6; i
++) {
348 sscanf((char[]){cmdp
[0],cmdp
[1],0},"%X",&temp
);
349 key
[i
] = temp
& 0xff;
353 PrintAndLog(" sector no:%02x key type:%02x key:%s ", sectorNo
, keyType
, sprint_hex(key
, 6));
355 UsbCommand c
= {CMD_MIFARE_READSC
, {sectorNo
, keyType
, 0}};
356 memcpy(c
.d
.asBytes
, key
, 6);
358 UsbCommand
* resp
= WaitForResponseTimeout(CMD_ACK
, 1500);
362 uint8_t isOK
= resp
->arg
[0] & 0xff;
363 uint8_t * data
= resp
->d
.asBytes
;
365 PrintAndLog("isOk:%02x", isOK
);
366 for (i
= 0; i
< 2; i
++) {
367 PrintAndLog("data:%s", sprint_hex(data
+ i
* 16, 16));
370 PrintAndLog("Command1 execute timeout");
374 resp
= WaitForResponseTimeout(CMD_ACK
, 500);
378 uint8_t * data
= resp
->d
.asBytes
;
380 for (i
= 0; i
< 2; i
++) {
381 PrintAndLog("data:%s", sprint_hex(data
+ i
* 16, 16));
384 PrintAndLog("Command2 execute timeout");
390 int CmdHF14AMfNested(const char *Cmd
)
393 uint8_t sectorNo
= 0;
395 uint8_t key
[6] = {0, 0, 0, 0, 0, 0};
397 const char *cmdp
= Cmd
;
401 PrintAndLog("Usage: hf 14a nested <sector number> <key A/B> <key (12 hex symbols)>");
402 PrintAndLog(" sample: hf 14a nested 0 A FFFFFFFFFFFF ");
407 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
408 sectorNo
= strtol(cmdp
, NULL
, 0) & 0xff;
411 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
412 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
413 if (*cmdp
!= 'A' && *cmdp
!= 'a') {
418 while (*cmdp
!=' ' && *cmdp
!='\t') cmdp
++;
419 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
421 if (strlen(cmdp
) != 12) {
422 PrintAndLog("Length of key must be 12 hex symbols");
426 for(i
= 0; i
< 6; i
++) {
427 sscanf((char[]){cmdp
[0],cmdp
[1],0},"%X",&temp
);
428 key
[i
] = temp
& 0xff;
432 PrintAndLog(" sector no:%02x key type:%02x key:%s ", sectorNo
, keyType
, sprint_hex(key
, 6));
434 UsbCommand c
= {CMD_MIFARE_NESTED
, {sectorNo
, keyType
, 0}};
435 memcpy(c
.d
.asBytes
, key
, 6);
437 UsbCommand
* resp
= WaitForResponseTimeout(CMD_ACK
, 1500);
441 uint8_t isOK
= resp
->arg
[0] & 0xff;
442 uint8_t * data
= resp
->d
.asBytes
;
444 PrintAndLog("isOk:%02x", isOK
);
445 for (i
= 0; i
< 2; i
++) {
446 PrintAndLog("data:%s", sprint_hex(data
+ i
* 16, 16));
449 PrintAndLog("Command execute timeout");
455 int CmdHF14AMf1kSim(const char *Cmd
)
458 uint8_t uid
[4] = {0, 0, 0, 0};
460 const char *cmdp
= Cmd
;
464 PrintAndLog("Usage: hf 14a mfsim <uid (8 hex symbols)>");
465 PrintAndLog(" sample: hf 14a mfsim 0a0a0a0a ");
470 while (*cmdp
==' ' || *cmdp
=='\t') cmdp
++;
472 if (strlen(cmdp
) != 8) {
473 PrintAndLog("Length of UID must be 8 hex symbols");
477 for(i
= 0; i
< 4; i
++) {
478 sscanf((char[]){cmdp
[0],cmdp
[1],0},"%X",&temp
);
479 uid
[i
] = temp
& 0xff;
483 PrintAndLog(" uid:%s ", sprint_hex(uid
, 4));
485 UsbCommand c
= {CMD_SIMULATE_MIFARE_CARD
, {0, 0, 0}};
486 memcpy(c
.d
.asBytes
, uid
, 6);
493 int CmdHF14AReader(const char *Cmd
)
495 UsbCommand c
= {CMD_READER_ISO_14443a
, {ISO14A_CONNECT
, 0, 0}};
497 UsbCommand
* resp
= WaitForResponse(CMD_ACK
);
498 uint8_t * uid
= resp
->d
.asBytes
;
499 iso14a_card_select_t
* card
= uid
+ 12;
501 if(resp
->arg
[0] == 0) {
502 PrintAndLog("iso14443a card select failed");
506 PrintAndLog("ATQA : %02x %02x", card
->atqa
[0], card
->atqa
[1]);
507 PrintAndLog(" UID : %s", sprint_hex(uid
, 12));
508 PrintAndLog(" SAK : %02x [%d]", card
->sak
, resp
->arg
[0]);
509 if(resp
->arg
[0] == 1)
510 PrintAndLog(" ATS : %s", sprint_hex(card
->ats
, card
->ats_len
));
512 PrintAndLog("proprietary non-iso14443a card found, RATS not supported");
517 // ## simulate iso14443a tag
518 // ## greg - added ability to specify tag UID
519 int CmdHF14ASim(const char *Cmd
)
522 unsigned int hi
= 0, lo
= 0;
524 while (sscanf(&Cmd
[i
++], "%1x", &n
) == 1) {
525 hi
= (hi
<< 4) | (lo
>> 28);
526 lo
= (lo
<< 4) | (n
& 0xf);
529 // c.arg should be set to *Cmd or convert *Cmd to the correct format for a uid
530 UsbCommand c
= {CMD_SIMULATE_TAG_ISO_14443a
, {hi
, lo
, 0}};
531 PrintAndLog("Emulating 14443A TAG with UID %x%16x", hi
, lo
);
536 int CmdHF14ASnoop(const char *Cmd
)
538 UsbCommand c
= {CMD_SNOOP_ISO_14443a
};
543 static command_t CommandTable
[] =
545 {"help", CmdHelp
, 1, "This help"},
546 {"list", CmdHF14AList
, 0, "List ISO 14443a history"},
547 {"mifare", CmdHF14AMifare
, 0, "Read out sector 0 parity error messages"},
548 {"mfrdbl", CmdHF14AMfRdBl
, 0, "Read MIFARE classic block"},
549 {"mfrdsc", CmdHF14AMfRdSc
, 0, "Read MIFARE classic sector"},
550 {"mfwrbl", CmdHF14AMfWrBl
, 0, "Write MIFARE classic block"},
551 {"nested", CmdHF14AMfNested
, 0, "Test nested authentication"},
552 {"mfsim", CmdHF14AMf1kSim
, 0, "Simulate MIFARE 1k card - NOT WORKING!!!"},
553 {"reader", CmdHF14AReader
, 0, "Act like an ISO14443 Type A reader"},
554 {"sim", CmdHF14ASim
, 0, "<UID> -- Fake ISO 14443a tag"},
555 {"snoop", CmdHF14ASnoop
, 0, "Eavesdrop ISO 14443 Type A"},
556 {NULL
, NULL
, 0, NULL
}
559 int CmdHF14A(const char *Cmd
)
561 CmdsParse(CommandTable
, Cmd
);
565 int CmdHelp(const char *Cmd
)
567 CmdsHelp(CommandTable
);