]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhf14a.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
added dissector for ISO 14443-A ATS response
[proxmark3-svn] / client / cmdhf14a.c
1 //-----------------------------------------------------------------------------
2 // 2011, Merlok
3 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>, Hagen Fritsch
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // High frequency ISO14443A commands
10 //-----------------------------------------------------------------------------
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <unistd.h>
16 #include "util.h"
17 #include "iso14443crc.h"
18 #include "data.h"
19 #include "proxusb.h"
20 #include "ui.h"
21 #include "cmdparser.h"
22 #include "cmdhf14a.h"
23 #include "common.h"
24 #include "cmdmain.h"
25
26 static int CmdHelp(const char *Cmd);
27
28 int CmdHF14AList(const char *Cmd)
29 {
30 uint8_t got[1920];
31 GetFromBigBuf(got, sizeof(got));
32
33 PrintAndLog("recorded activity:");
34 PrintAndLog(" ETU :rssi: who bytes");
35 PrintAndLog("---------+----+----+-----------");
36
37 int i = 0;
38 int prev = -1;
39
40 for (;;) {
41 if(i >= 1900) {
42 break;
43 }
44
45 bool isResponse;
46 int timestamp = *((uint32_t *)(got+i));
47 if (timestamp & 0x80000000) {
48 timestamp &= 0x7fffffff;
49 isResponse = 1;
50 } else {
51 isResponse = 0;
52 }
53
54 int metric = 0;
55 int parityBits = *((uint32_t *)(got+i+4));
56 // 4 bytes of additional information...
57 // maximum of 32 additional parity bit information
58 //
59 // TODO:
60 // at each quarter bit period we can send power level (16 levels)
61 // or each half bit period in 256 levels.
62
63
64 int len = got[i+8];
65
66 if (len > 100) {
67 break;
68 }
69 if (i + len >= 1900) {
70 break;
71 }
72
73 uint8_t *frame = (got+i+9);
74
75 // Break and stick with current result if buffer was not completely full
76 if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
77
78 char line[1000] = "";
79 int j;
80 for (j = 0; j < len; j++) {
81 int oddparity = 0x01;
82 int k;
83
84 for (k=0;k<8;k++) {
85 oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
86 }
87
88 //if((parityBits >> (len - j - 1)) & 0x01) {
89 if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
90 sprintf(line+(j*4), "%02x! ", frame[j]);
91 }
92 else {
93 sprintf(line+(j*4), "%02x ", frame[j]);
94 }
95 }
96
97 char *crc;
98 crc = "";
99 if (len > 2) {
100 uint8_t b1, b2;
101 for (j = 0; j < (len - 1); j++) {
102 // gives problems... search for the reason..
103 /*if(frame[j] == 0xAA) {
104 switch(frame[j+1]) {
105 case 0x01:
106 crc = "[1] Two drops close after each other";
107 break;
108 case 0x02:
109 crc = "[2] Potential SOC with a drop in second half of bitperiod";
110 break;
111 case 0x03:
112 crc = "[3] Segment Z after segment X is not possible";
113 break;
114 case 0x04:
115 crc = "[4] Parity bit of a fully received byte was wrong";
116 break;
117 default:
118 crc = "[?] Unknown error";
119 break;
120 }
121 break;
122 }*/
123 }
124
125 if (strlen(crc)==0) {
126 ComputeCrc14443(CRC_14443_A, frame, len-2, &b1, &b2);
127 if (b1 != frame[len-2] || b2 != frame[len-1]) {
128 crc = (isResponse & (len < 6)) ? "" : " !crc";
129 } else {
130 crc = "";
131 }
132 }
133 } else {
134 crc = ""; // SHORT
135 }
136
137 char metricString[100];
138 if (isResponse) {
139 sprintf(metricString, "%3d", metric);
140 } else {
141 strcpy(metricString, " ");
142 }
143
144 PrintAndLog(" +%7d: %s: %s %s %s",
145 (prev < 0 ? 0 : (timestamp - prev)),
146 metricString,
147 (isResponse ? "TAG" : " "), line, crc);
148
149 prev = timestamp;
150 i += (len + 9);
151 }
152 return 0;
153 }
154
155 void iso14a_set_timeout(uint32_t timeout) {
156 UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_SET_TIMEOUT, 0, timeout}};
157 SendCommand(&c);
158 }
159
160 int CmdHF14AReader(const char *Cmd)
161 {
162 UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};
163 SendCommand(&c);
164 UsbCommand * resp = WaitForResponse(CMD_ACK);
165 uint8_t * uid = resp->d.asBytes;
166 iso14a_card_select_t * card = (iso14a_card_select_t *)(uid + 12);
167
168 if(resp->arg[0] == 0) {
169 PrintAndLog("iso14443a card select failed");
170 return 0;
171 }
172
173 PrintAndLog("ATQA : %02x %02x", card->atqa[0], card->atqa[1]);
174 PrintAndLog(" UID : %s", sprint_hex(uid, 12));
175 PrintAndLog(" SAK : %02x [%d]", card->sak, resp->arg[0]);
176
177 switch (card->sak) {
178 case 0x00: PrintAndLog(" SAK : NXP MIFARE Ultralight | Ultralight C"); break;
179 case 0x04: PrintAndLog(" SAK : NXP MIFARE (various !DESFire !DESFire EV1)"); break;
180
181 case 0x08: PrintAndLog(" SAK : NXP MIFARE CLASSIC 1k | Plus 2k"); break;
182 case 0x09: PrintAndLog(" SAK : NXP MIFARE Mini 0.3k"); break;
183 case 0x10: PrintAndLog(" SAK : NXP MIFARE Plus 2k"); break;
184 case 0x11: PrintAndLog(" SAK : NXP MIFARE Plus 4k"); break;
185 case 0x18: PrintAndLog(" SAK : NXP MIFARE Classic 4k | Plus 4k"); break;
186 case 0x20: PrintAndLog(" SAK : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k | JCOP 31/41"); break;
187 case 0x24: PrintAndLog(" SAK : NXP MIFARE DESFire | DESFire EV1"); break;
188 case 0x28: PrintAndLog(" SAK : JCOP31 or JCOP41 v2.3.1"); break;
189 case 0x38: PrintAndLog(" SAK : Nokia 6212 or 6131 MIFARE CLASSIC 4K"); break;
190 case 0x88: PrintAndLog(" SAK : Infineon MIFARE CLASSIC 1K"); break;
191 case 0x98: PrintAndLog(" SAK : Gemplus MPCOS"); break;
192 default: ;
193 }
194 if(resp->arg[0] == 1) {
195 bool ta1 = 0, tb1 = 0, tc1 = 0;
196 int pos;
197
198 PrintAndLog(" ATS : %s", sprint_hex(card->ats, card->ats_len));
199 if (card->ats_len > 0) {
200 PrintAndLog(" - TL : length is %d bytes", card->ats[0]);
201 }
202 if (card->ats_len > 1) {
203 ta1 = (card->ats[1] & 0x10) == 0x10;
204 tb1 = (card->ats[1] & 0x20) == 0x20;
205 tc1 = (card->ats[1] & 0x40) == 0x40;
206 PrintAndLog(" - T0 : TA1 is%s present, TB1 is%s present, "
207 "TC1 is%s present, FSCI is %d",
208 (ta1 ? "" : " NOT"), (tb1 ? "" : " NOT"), (tc1 ? "" : " NOT"),
209 (card->ats[1] & 0x0f));
210 }
211 pos = 2;
212 if (ta1 && card->ats_len > pos) {
213 char dr[16], ds[16];
214 dr[0] = ds[0] = '\0';
215 if (card->ats[pos] & 0x10) strcat(ds, "2, ");
216 if (card->ats[pos] & 0x20) strcat(ds, "4, ");
217 if (card->ats[pos] & 0x40) strcat(ds, "8, ");
218 if (card->ats[pos] & 0x01) strcat(dr, "2, ");
219 if (card->ats[pos] & 0x02) strcat(dr, "4, ");
220 if (card->ats[pos] & 0x04) strcat(dr, "8, ");
221 if (strlen(ds) != 0) ds[strlen(ds) - 2] = '\0';
222 if (strlen(dr) != 0) dr[strlen(dr) - 2] = '\0';
223 PrintAndLog(" - TA1 : different divisors are%s supported, "
224 "DR: [%s], DS: [%s]",
225 (card->ats[pos] & 0x80 ? " NOT" : ""), dr, ds);
226 pos++;
227 }
228 if (tb1 && card->ats_len > pos) {
229 PrintAndLog(" - TB1 : SFGI = %d, FWI = %d",
230 (card->ats[pos] & 0x08),
231 (card->ats[pos] & 0x80) >> 4);
232 pos++;
233 }
234 if (tc1 && card->ats_len > pos) {
235 PrintAndLog(" - TC1 : NAD is%s supported, CID is%s supported",
236 (card->ats[pos] & 0x01) ? "" : " NOT",
237 (card->ats[pos] & 0x02) ? "" : " NOT");
238 pos++;
239 }
240 if (card->ats_len > pos) {
241 char *tip = "";
242 if (card->ats_len - pos > 7) {
243 if (memcmp(card->ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) {
244 tip = "-> MIFARE Plus X 2K or 4K";
245 } else if (memcmp(card->ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) {
246 tip = "-> MIFARE Plus S 2K or 4K";
247 }
248 }
249 PrintAndLog(" - HB : %s%s", sprint_hex(card->ats + pos, card->ats_len - pos - 2), tip);
250 if (card->ats[pos] == 0xC1) {
251 PrintAndLog(" c1 -> Mifare or (multiple) virtual cards of various type");
252 PrintAndLog(" %02x -> Length is %d bytes",
253 card->ats[pos + 1], card->ats[pos + 1]);
254 switch (card->ats[pos + 2] & 0xf0) {
255 case 0x10:
256 PrintAndLog(" 1x -> MIFARE DESFire");
257 break;
258 case 0x20:
259 PrintAndLog(" 2x -> MIFARE Plus");
260 break;
261 }
262 switch (card->ats[pos + 2] & 0x0f) {
263 case 0x00:
264 PrintAndLog(" x0 -> <1 kByte");
265 break;
266 case 0x01:
267 PrintAndLog(" x0 -> 1 kByte");
268 break;
269 case 0x02:
270 PrintAndLog(" x0 -> 2 kByte");
271 break;
272 case 0x03:
273 PrintAndLog(" x0 -> 4 kByte");
274 break;
275 case 0x04:
276 PrintAndLog(" x0 -> 8 kByte");
277 break;
278 }
279 switch (card->ats[pos + 3] & 0xf0) {
280 case 0x00:
281 PrintAndLog(" 0x -> Engineering sample");
282 break;
283 case 0x20:
284 PrintAndLog(" 2x -> Released");
285 break;
286 }
287 switch (card->ats[pos + 3] & 0x0f) {
288 case 0x00:
289 PrintAndLog(" x0 -> Generation 1");
290 break;
291 case 0x01:
292 PrintAndLog(" x1 -> Generation 2");
293 break;
294 case 0x02:
295 PrintAndLog(" x2 -> Generation 3");
296 break;
297 }
298 switch (card->ats[pos + 4] & 0x0f) {
299 case 0x00:
300 PrintAndLog(" x0 -> Only VCSL supported");
301 break;
302 case 0x01:
303 PrintAndLog(" x1 -> VCS, VCSL, and SVC supported");
304 break;
305 case 0x0E:
306 PrintAndLog(" xE -> no VCS command supported");
307 break;
308 }
309 }
310 }
311 }
312 else
313 PrintAndLog("proprietary non-iso14443a card found, RATS not supported");
314
315 return resp->arg[0];
316 }
317
318 // ## simulate iso14443a tag
319 // ## greg - added ability to specify tag UID
320 int CmdHF14ASim(const char *Cmd)
321 {
322 UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{0,0,0}};
323
324 // Retrieve the tag type
325 uint8_t tagtype = param_get8ex(Cmd,0,0,10);
326
327 // When no argument was given, just print help message
328 if (tagtype == 0) {
329 PrintAndLog("");
330 PrintAndLog(" Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID");
331 PrintAndLog("");
332 PrintAndLog(" syntax: hf 14a sim <type> <uid>");
333 PrintAndLog(" types: 1 = MIFARE Classic");
334 PrintAndLog(" 2 = MIFARE Ultralight");
335 PrintAndLog(" 3 = MIFARE DESFIRE");
336 PrintAndLog(" 4 = ISO/IEC 14443-4");
337 PrintAndLog("");
338 return 1;
339 }
340
341 // Store the tag type
342 c.arg[0] = tagtype;
343
344 // Retrieve the full 4 or 7 byte long uid
345 uint64_t long_uid = param_get64ex(Cmd,1,0,16);
346
347 // Are we handling the (optional) second part uid?
348 if (long_uid > 0xffffffff) {
349 PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014llx)",long_uid);
350 // Store the second part
351 c.arg[2] = (long_uid & 0xffffffff);
352 long_uid >>= 32;
353 // Store the first part, ignore the first byte, it is replaced by cascade byte (0x88)
354 c.arg[1] = (long_uid & 0xffffff);
355 } else {
356 PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",long_uid);
357 // Only store the first part
358 c.arg[1] = long_uid & 0xffffffff;
359 }
360 /*
361 // At lease save the mandatory first part of the UID
362 c.arg[0] = long_uid & 0xffffffff;
363
364
365 // At lease save the mandatory first part of the UID
366 c.arg[0] = long_uid & 0xffffffff;
367
368 if (c.arg[1] == 0) {
369 PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
370 }
371
372 switch (c.arg[0]) {
373 case 1: {
374 PrintAndLog("Emulating ISO/IEC 14443-3 type A tag with 4 byte UID");
375 UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
376 } break;
377 case 2: {
378 PrintAndLog("Emulating ISO/IEC 14443-4 type A tag with 7 byte UID");
379 } break;
380 default: {
381 PrintAndLog("Error: unkown tag type (%d)",c.arg[0]);
382 PrintAndLog("syntax: hf 14a sim <uid>",c.arg[0]);
383 PrintAndLog(" type1: 4 ",c.arg[0]);
384
385 return 1;
386 } break;
387 }
388 */
389 /*
390 unsigned int hi = 0, lo = 0;
391 int n = 0, i = 0;
392 while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
393 hi= (hi << 4) | (lo >> 28);
394 lo= (lo << 4) | (n & 0xf);
395 }
396 */
397 // UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
398 // PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
399 SendCommand(&c);
400 return 0;
401 }
402
403 int CmdHF14ASnoop(const char *Cmd) {
404 int param = 0;
405
406 if (param_getchar(Cmd, 0) == 'h') {
407 PrintAndLog("It get data from the field and saves it into command buffer.");
408 PrintAndLog("Buffer accessible from command hf 14a list.");
409 PrintAndLog("Usage: hf 14a snoop [c][r]");
410 PrintAndLog("c - triggered by first data from card");
411 PrintAndLog("r - triggered by first 7-bit request from reader (REQ,WUP,...)");
412 PrintAndLog("sample: hf 14a snoop c r");
413 return 0;
414 }
415
416 for (int i = 0; i < 2; i++) {
417 char ctmp = param_getchar(Cmd, i);
418 if (ctmp == 'c' || ctmp == 'C') param |= 0x01;
419 if (ctmp == 'r' || ctmp == 'R') param |= 0x02;
420 }
421
422 UsbCommand c = {CMD_SNOOP_ISO_14443a, {param, 0, 0}};
423 SendCommand(&c);
424 return 0;
425 }
426
427 static command_t CommandTable[] =
428 {
429 {"help", CmdHelp, 1, "This help"},
430 {"list", CmdHF14AList, 0, "List ISO 14443a history"},
431 {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"},
432 {"sim", CmdHF14ASim, 0, "<UID> -- Fake ISO 14443a tag"},
433 {"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"},
434 {NULL, NULL, 0, NULL}
435 };
436
437 int CmdHF14A(const char *Cmd)
438 {
439 // flush
440 while (WaitForResponseTimeout(CMD_ACK, 500) != NULL) ;
441
442 // parse
443 CmdsParse(CommandTable, Cmd);
444 return 0;
445 }
446
447 int CmdHelp(const char *Cmd)
448 {
449 CmdsHelp(CommandTable);
450 return 0;
451 }
Proxmark3 GIT tracking
Impressum, Datenschutz