cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlfhitag.c

   1 //-----------------------------------------------------------------------------
   2 // Copyright (C) 2012 Roel Verdult
   3 //
   4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
   5 // at your option, any later version. See the LICENSE.txt file for the text of
   6 // the license.
   7 //-----------------------------------------------------------------------------
   8 // Low frequency Hitag support
   9 //-----------------------------------------------------------------------------
  10
  11 #include <stdio.h>
  12 #include <stdlib.h>
  13 #include <string.h>
  14 #include "data.h"
  15 #include "proxmark3.h"
  16 #include "ui.h"
  17 #include "cmdparser.h"
  18 #include "common.h"
  19 #include "util.h"
  20 #include "hitag2.h"
  21 #include "sleep.h"
  22 #include "cmdmain.h"
  23
  24 static int CmdHelp(const char *Cmd);
  25
  26 size_t nbytes(size_t nbits) {
  27         return (nbits/8)+((nbits%8)>0);
  28 }
  29
  30 int CmdLFHitagList(const char *Cmd)
  31 {
  32   uint8_t got[3000];
  33   GetFromBigBuf(got,sizeof(got),0);
  34   WaitForResponse(CMD_ACK,NULL);
  35
  36   PrintAndLog("recorded activity:");
  37   PrintAndLog(" ETU     :nbits: who bytes");
  38   PrintAndLog("---------+-----+----+-----------");
  39
  40   int i = 0;
  41   int prev = -1;
  42
  43   for (;;) {
  44     if(i >= 1900) {
  45       break;
  46     }
  47
  48     bool isResponse;
  49     int timestamp = *((uint32_t *)(got+i));
  50     if (timestamp & 0x80000000) {
  51       timestamp &= 0x7fffffff;
  52       isResponse = 1;
  53     } else {
  54       isResponse = 0;
  55     }
  56
  57     int parityBits = *((uint32_t *)(got+i+4));
  58     // 4 bytes of additional information...
  59     // maximum of 32 additional parity bit information
  60     //
  61     // TODO:
  62     // at each quarter bit period we can send power level (16 levels)
  63     // or each half bit period in 256 levels.
  64
  65     int bits = got[i+8];
  66     int len = nbytes(got[i+8]);
  67
  68     if (len > 100) {
  69       break;
  70     }
  71     if (i + len >= 1900) {
  72       break;
  73     }
  74
  75     uint8_t *frame = (got+i+9);
  76
  77     // Break and stick with current result if buffer was not completely full
  78     if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
  79
  80     char line[1000] = "";
  81     int j;
  82     for (j = 0; j < len; j++) {
  83       int oddparity = 0x01;
  84       int k;
  85
  86       for (k=0;k<8;k++) {
  87         oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
  88       }
  89
  90       //if((parityBits >> (len - j - 1)) & 0x01) {
  91       if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
  92         sprintf(line+(j*4), "%02x!  ", frame[j]);
  93       }
  94       else {
  95         sprintf(line+(j*4), "%02x   ", frame[j]);
  96       }
  97     }
  98
  99     PrintAndLog(" +%7d:  %3d: %s %s",
 100       (prev < 0 ? 0 : (timestamp - prev)),
 101       bits,
 102       (isResponse ? "TAG" : "   "),
 103       line);
 104
 105
 106 //   if (pf) {
 107 //      fprintf(pf," +%7d:  %3d: %s %s\n",
 108 //                                      (prev < 0 ? 0 : (timestamp - prev)),
 109 //                                      bits,
 110 //                                      (isResponse ? "TAG" : "   "),
 111 //                                      line);
 112 //    }
 113
 114     prev = timestamp;
 115     i += (len + 9);
 116   }
 117
 118
 119   return 0;
 120 }
 121
 122 int CmdLFHitagSnoop(const char *Cmd) {
 123   UsbCommand c = {CMD_SNOOP_HITAG};
 124   SendCommand(&c);
 125   return 0;
 126 }
 127
 128 int CmdLFHitagSim(const char *Cmd) {
 129   UsbCommand c = {CMD_SIMULATE_HITAG};
 130         char filename[256] = { 0x00 };
 131         FILE* pf;
 132         bool tag_mem_supplied;
 133
 134         param_getstr(Cmd,0,filename);
 135
 136         if (strlen(filename) > 0) {
 137                 if ((pf = fopen(filename,"rb+")) == NULL) {
 138                         PrintAndLog("Error: Could not open file [%s]",filename);
 139                         return 1;
 140                 }
 141                 tag_mem_supplied = true;
 142                 if (fread(c.d.asBytes,48,1,pf) == 0) {
 143       PrintAndLog("Error: File reading error");
 144       fclose(pf);
 145                         return 1;
 146     }
 147                 fclose(pf);
 148         } else {
 149                 tag_mem_supplied = false;
 150         }
 151
 152         // Does the tag comes with memory
 153         c.arg[0] = (uint32_t)tag_mem_supplied;
 154
 155   SendCommand(&c);
 156   return 0;
 157 }
 158
 159 int CmdLFHitagReader(const char *Cmd) {
 160 //  UsbCommand c = {CMD_READER_HITAG};
 161
 162 //      param_get32ex(Cmd,1,0,16);
 163         UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
 164         hitag_data* htd = (hitag_data*)c.d.asBytes;
 165         hitag_function htf = param_get32ex(Cmd,0,0,10);
 166
 167         switch (htf) {
 168                 case RHT2F_PASSWORD: {
 169                         num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
 170                 } break;
 171                 case RHT2F_AUTHENTICATE: {
 172                         num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
 173                         num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
 174                 } break;
 175                 case RHT2F_CRYPTO: {
 176                         num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
 177 //                      num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
 178                 } break;
 179                 case RHT2F_TEST_AUTH_ATTEMPTS: {
 180                         // No additional parameters needed
 181                 } break;
 182                 default: {
 183                         PrintAndLog("Error: unkown reader function %d",htf);
 184                         PrintAndLog("Hitag reader functions");
 185                         PrintAndLog(" HitagS (0*)");
 186                         PrintAndLog(" Hitag1 (1*)");
 187                         PrintAndLog(" Hitag2 (2*)");
 188                         PrintAndLog("  21 <password> (password mode)");
 189                         PrintAndLog("  22 <nr> <ar> (authentication)");
 190                         PrintAndLog("  23 <key> (authentication) key is in format: ISK high + ISK low");
 191                         PrintAndLog("  25 (test recorded authentications)");
 192                         return 1;
 193                 } break;
 194         }
 195
 196         // Copy the hitag2 function into the first argument
 197         c.arg[0] = htf;
 198
 199   // Send the command to the proxmark
 200   SendCommand(&c);
 201
 202   UsbCommand resp;
 203   WaitForResponse(CMD_ACK,&resp);
 204
 205   // Check the return status, stored in the first argument
 206   if (resp.arg[0] == false) return 1;
 207
 208   uint32_t id = bytes_to_num(resp.d.asBytes,4);
 209   char filename[256];
 210   FILE* pf = NULL;
 211
 212   sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
 213   if ((pf = fopen(filename,"wb")) == NULL) {
 214     PrintAndLog("Error: Could not open file [%s]",filename);
 215     return 1;
 216   }
 217
 218   // Write the 48 tag memory bytes to file and finalize
 219   fwrite(resp.d.asBytes,1,48,pf);
 220   fclose(pf);
 221
 222   PrintAndLog("Succesfully saved tag memory to [%s]",filename);
 223
 224   return 0;
 225 }
 226
 227 static command_t CommandTable[] =
 228 {
 229   {"help",    CmdHelp,           1, "This help"},
 230   {"list",    CmdLFHitagList,    1, "List Hitag trace history"},
 231   {"reader",  CmdLFHitagReader,  1, "Act like a Hitag Reader"},
 232   {"sim",     CmdLFHitagSim,     1, "Simulate Hitag transponder"},
 233   {"snoop",   CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
 234                 {NULL, NULL, 0, NULL}
 235 };
 236
 237 int CmdLFHitag(const char *Cmd)
 238 {
 239   CmdsParse(CommandTable, Cmd);
 240   return 0;
 241 }
 242
 243 int CmdHelp(const char *Cmd)
 244 {
 245   CmdsHelp(CommandTable);
 246   return 0;
 247 }