]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhf14b.c
projects / proxmark3-svn / blob
? search:


7e4cbd009787452bf77f1f4a5e70c536f2634d32
[proxmark3-svn] / client / cmdhf14b.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // High frequency ISO14443B commands
9 //-----------------------------------------------------------------------------
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <stdbool.h>
14 #include <string.h>
15 #include <stdint.h>
16 #include "iso14443crc.h"
17 #include "proxmark3.h"
18 #include "data.h"
19 #include "graph.h"
20 #include "util.h"
21 #include "ui.h"
22 #include "cmdparser.h"
23 #include "cmdhf14b.h"
24 #include "cmdmain.h"
25
26
27 static int CmdHelp(const char *Cmd);
28
29 int CmdHF14BDemod(const char *Cmd)
30 {
31 int i, j, iold;
32 int isum, qsum;
33 int outOfWeakAt;
34 bool negateI, negateQ;
35
36 uint8_t data[256];
37 int dataLen = 0;
38
39 // As received, the samples are pairs, correlations against I and Q
40 // square waves. So estimate angle of initial carrier (or just
41 // quadrant, actually), and then do the demod.
42
43 // First, estimate where the tag starts modulating.
44 for (i = 0; i < GraphTraceLen; i += 2) {
45 if (abs(GraphBuffer[i]) + abs(GraphBuffer[i + 1]) > 40) {
46 break;
47 }
48 }
49 if (i >= GraphTraceLen) {
50 PrintAndLog("too weak to sync");
51 return 0;
52 }
53 PrintAndLog("out of weak at %d", i);
54 outOfWeakAt = i;
55
56 // Now, estimate the phase in the initial modulation of the tag
57 isum = 0;
58 qsum = 0;
59 for (; i < (outOfWeakAt + 16); i += 2) {
60 isum += GraphBuffer[i + 0];
61 qsum += GraphBuffer[i + 1];
62 }
63 negateI = (isum < 0);
64 negateQ = (qsum < 0);
65
66 // Turn the correlation pairs into soft decisions on the bit.
67 j = 0;
68 for (i = 0; i < GraphTraceLen / 2; i++) {
69 int si = GraphBuffer[j];
70 int sq = GraphBuffer[j + 1];
71 if (negateI) si = -si;
72 if (negateQ) sq = -sq;
73 GraphBuffer[i] = si + sq;
74 j += 2;
75 }
76 GraphTraceLen = i;
77
78 i = outOfWeakAt / 2;
79 while (GraphBuffer[i] > 0 && i < GraphTraceLen)
80 i++;
81 if (i >= GraphTraceLen) goto demodError;
82
83 iold = i;
84 while (GraphBuffer[i] < 0 && i < GraphTraceLen)
85 i++;
86 if (i >= GraphTraceLen) goto demodError;
87 if ((i - iold) > 23) goto demodError;
88
89 PrintAndLog("make it to demod loop");
90
91 for (;;) {
92 iold = i;
93 while (GraphBuffer[i] >= 0 && i < GraphTraceLen)
94 i++;
95 if (i >= GraphTraceLen) goto demodError;
96 if ((i - iold) > 6) goto demodError;
97
98 uint16_t shiftReg = 0;
99 if (i + 20 >= GraphTraceLen) goto demodError;
100
101 for (j = 0; j < 10; j++) {
102 int soft = GraphBuffer[i] + GraphBuffer[i + 1];
103
104 if (abs(soft) < (abs(isum) + abs(qsum)) / 20) {
105 PrintAndLog("weak bit");
106 }
107
108 shiftReg >>= 1;
109 if(GraphBuffer[i] + GraphBuffer[i+1] >= 0) {
110 shiftReg |= 0x200;
111 }
112
113 i+= 2;
114 }
115
116 if ((shiftReg & 0x200) && !(shiftReg & 0x001))
117 {
118 // valid data byte, start and stop bits okay
119 PrintAndLog(" %02x", (shiftReg >> 1) & 0xff);
120 data[dataLen++] = (shiftReg >> 1) & 0xff;
121 if (dataLen >= sizeof(data)) {
122 return 0;
123 }
124 } else if (shiftReg == 0x000) {
125 // this is EOF
126 break;
127 } else {
128 goto demodError;
129 }
130 }
131
132 uint8_t first, second;
133 ComputeCrc14443(CRC_14443_B, data, dataLen-2, &first, &second);
134 PrintAndLog("CRC: %02x %02x (%s)\n", first, second,
135 (first == data[dataLen-2] && second == data[dataLen-1]) ?
136 "ok" : "****FAIL****");
137
138 RepaintGraphWindow();
139 return 0;
140
141 demodError:
142 PrintAndLog("demod error");
143 RepaintGraphWindow();
144 return 0;
145 }
146
147 int CmdHF14BList(const char *Cmd)
148 {
149 uint8_t got[960];
150 GetFromBigBuf(got,sizeof(got),0);
151 WaitForResponse(CMD_ACK,NULL);
152
153 PrintAndLog("recorded activity:");
154 PrintAndLog(" time :rssi: who bytes");
155 PrintAndLog("---------+----+----+-----------");
156
157 int i = 0;
158 int prev = -1;
159
160 for(;;) {
161 if(i >= 900) {
162 break;
163 }
164
165 bool isResponse;
166 int timestamp = *((uint32_t *)(got+i));
167 if(timestamp & 0x80000000) {
168 timestamp &= 0x7fffffff;
169 isResponse = 1;
170 } else {
171 isResponse = 0;
172 }
173 int metric = *((uint32_t *)(got+i+4));
174
175 int len = got[i+8];
176
177 if(len > 100) {
178 break;
179 }
180 if(i + len >= 900) {
181 break;
182 }
183
184 uint8_t *frame = (got+i+9);
185
186 // Break and stick with current result if buffer was not completely full
187 if (frame[0] == 0x44 && frame[1] == 0x44 && frame[2] == 0x44 && frame[3] == 0x44) break;
188
189 char line[1000] = "";
190 int j;
191 for(j = 0; j < len; j++) {
192 sprintf(line+(j*3), "%02x ", frame[j]);
193 }
194
195 char *crc;
196 if(len > 2) {
197 uint8_t b1, b2;
198 ComputeCrc14443(CRC_14443_B, frame, len-2, &b1, &b2);
199 if(b1 != frame[len-2] || b2 != frame[len-1]) {
200 crc = "**FAIL CRC**";
201 } else {
202 crc = "";
203 }
204 } else {
205 crc = "(SHORT)";
206 }
207
208 char metricString[100];
209 if(isResponse) {
210 sprintf(metricString, "%3d", metric);
211 } else {
212 strcpy(metricString, " ");
213 }
214
215 PrintAndLog(" +%7d: %s: %s %s %s",
216 (prev < 0 ? 0 : timestamp - prev),
217 metricString,
218 (isResponse ? "TAG" : " "), line, crc);
219
220 prev = timestamp;
221 i += (len + 9);
222 }
223 return 0;
224 }
225
226 int CmdHF14BRead(const char *Cmd)
227 {
228 UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443, {strtol(Cmd, NULL, 0), 0, 0}};
229 SendCommand(&c);
230 return 0;
231 }
232
233 int CmdHF14Sim(const char *Cmd)
234 {
235 UsbCommand c={CMD_SIMULATE_TAG_ISO_14443};
236 SendCommand(&c);
237 return 0;
238 }
239
240 int CmdHFSimlisten(const char *Cmd)
241 {
242 UsbCommand c = {CMD_SIMULATE_TAG_HF_LISTEN};
243 SendCommand(&c);
244 return 0;
245 }
246
247 int CmdHF14BSnoop(const char *Cmd)
248 {
249 UsbCommand c = {CMD_SNOOP_ISO_14443};
250 SendCommand(&c);
251 return 0;
252 }
253
254 /* New command to read the contents of a SRI512 tag
255 * SRI512 tags are ISO14443-B modulated memory tags,
256 * this command just dumps the contents of the memory
257 */
258 int CmdSri512Read(const char *Cmd)
259 {
260 UsbCommand c = {CMD_READ_SRI512_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
261 SendCommand(&c);
262 return 0;
263 }
264
265 /* New command to read the contents of a SRIX4K tag
266 * SRIX4K tags are ISO14443-B modulated memory tags,
267 * this command just dumps the contents of the memory/
268 */
269 int CmdSrix4kRead(const char *Cmd)
270 {
271 UsbCommand c = {CMD_READ_SRIX4K_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
272 SendCommand(&c);
273 return 0;
274 }
275
276 int CmdHF14BCmdRaw (const char *cmd) {
277 UsbCommand resp;
278 uint8_t *recv;
279 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}}; // len,recv?
280 uint8_t reply=1;
281 uint8_t crc=0;
282 uint8_t power=0;
283 char buf[5]="";
284 int i=0;
285 uint8_t data[100];
286 unsigned int datalen=0, temp;
287 char *hexout;
288
289 if (strlen(cmd)<3) {
290 PrintAndLog("Usage: hf 14b raw [-r] [-c] [-p] <0A 0B 0C ... hex>");
291 PrintAndLog(" -r do not read response");
292 PrintAndLog(" -c calculate and append CRC");
293 PrintAndLog(" -p leave the field on after receive");
294 return 0;
295 }
296
297 // strip
298 while (*cmd==' ' || *cmd=='\t') cmd++;
299
300 while (cmd[i]!='\0') {
301 if (cmd[i]==' ' || cmd[i]=='\t') { i++; continue; }
302 if (cmd[i]=='-') {
303 switch (cmd[i+1]) {
304 case 'r':
305 case 'R':
306 reply=0;
307 break;
308 case 'c':
309 case 'C':
310 crc=1;
311 break;
312 case 'p':
313 case 'P':
314 power=1;
315 break;
316 default:
317 PrintAndLog("Invalid option");
318 return 0;
319 }
320 i+=2;
321 continue;
322 }
323 if ((cmd[i]>='0' && cmd[i]<='9') ||
324 (cmd[i]>='a' && cmd[i]<='f') ||
325 (cmd[i]>='A' && cmd[i]<='F') ) {
326 buf[strlen(buf)+1]=0;
327 buf[strlen(buf)]=cmd[i];
328 i++;
329
330 if (strlen(buf)>=2) {
331 sscanf(buf,"%x",&temp);
332 data[datalen]=(uint8_t)(temp & 0xff);
333 datalen++;
334 *buf=0;
335 }
336 continue;
337 }
338 PrintAndLog("Invalid char on input");
339 return 0;
340 }
341 if (datalen == 0)
342 {
343 PrintAndLog("Missing data input");
344 return 0;
345 }
346 if(crc)
347 {
348 uint8_t first, second;
349 ComputeCrc14443(CRC_14443_B, data, datalen, &first, &second);
350 data[datalen++] = first;
351 data[datalen++] = second;
352 }
353
354 c.arg[0] = datalen;
355 c.arg[1] = reply;
356 c.arg[2] = power;
357 memcpy(c.d.asBytes,data,datalen);
358
359 SendCommand(&c);
360
361 if (reply) {
362 if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
363 recv = resp.d.asBytes;
364 PrintAndLog("received %i octets",resp.arg[0]);
365 if(!resp.arg[0])
366 return 0;
367 hexout = (char *)malloc(resp.arg[0] * 3 + 1);
368 if (hexout != NULL) {
369 uint8_t first, second;
370 for (int i = 0; i < resp.arg[0]; i++) { // data in hex
371 sprintf(&hexout[i * 3], "%02X ", recv[i]);
372 }
373 PrintAndLog("%s", hexout);
374 free(hexout);
375 ComputeCrc14443(CRC_14443_B, recv, resp.arg[0]-2, &first, &second);
376 if(recv[resp.arg[0]-2]==first && recv[resp.arg[0]-1]==second) {
377 PrintAndLog("CRC OK");
378 } else {
379 PrintAndLog("CRC failed");
380 }
381 } else {
382 PrintAndLog("malloc failed your client has low memory?");
383 }
384 } else {
385 PrintAndLog("timeout while waiting for reply.");
386 }
387 } // if reply
388 return 0;
389 }
390
391 int CmdHF14BWrite( const char *Cmd){
392
393 /*
394 * For SRIX4K blocks 00 - 7F
395 * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
396 *
397 * For SR512 blocks 00 - 0F
398 * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
399 *
400 * Special block FF = otp_lock_reg block.
401 * Data len 4 bytes-
402 */
403 char cmdp = param_getchar(Cmd, 0);
404 uint8_t blockno = -1;
405 uint8_t data[4] = {0x00};
406 bool isSrix4k = true;
407 char str[20];
408
409 if (cmdp == 'h' || cmdp == 'H') {
410 PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
411 PrintAndLog("");
412 PrintAndLog(" sample: hf 14b write 1 127 11223344");
413 PrintAndLog(" sample: hf 14b write 1 255 11223344");
414 PrintAndLog(" sample: hf 14b write 2 15 11223344");
415 PrintAndLog(" sample: hf 14b write 2 255 11223344");
416 return 0;
417 }
418
419 if ( param_getchar(Cmd, 0) == '2' )
420 isSrix4k = false;
421
422 blockno = param_get8(Cmd, 1);
423
424 if ( isSrix4k ){
425 if ( blockno > 0x7f && blockno != 0xff ){
426 PrintAndLog("Block number out of range");
427 return 0;
428 }
429 } else {
430 if ( blockno > 0x0f && blockno != 0xff ){
431 PrintAndLog("Block number out of range");
432 return 0;
433 }
434 }
435
436 if (param_gethex(Cmd, 2, data, 8)) {
437 PrintAndLog("Data must include 8 HEX symbols");
438 return 0;
439 }
440
441 if ( blockno == 0xff)
442 PrintAndLog("Writing to special block %02X [ %s]", blockno, sprint_hex(data,4) );
443 else
444 PrintAndLog("Writing to block %02X [ %s]", blockno, sprint_hex(data,4) );
445
446 sprintf(str, "-c -p 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
447 CmdHF14BCmdRaw(str);
448 return 0;
449 }
450
451 static command_t CommandTable[] =
452 {
453 {"help", CmdHelp, 1, "This help"},
454 {"demod", CmdHF14BDemod, 1, "Demodulate ISO14443 Type B from tag"},
455 {"list", CmdHF14BList, 0, "List ISO 14443 history"},
456 {"read", CmdHF14BRead, 0, "Read HF tag (ISO 14443)"},
457 {"sim", CmdHF14Sim, 0, "Fake ISO 14443 tag"},
458 {"simlisten", CmdHFSimlisten, 0, "Get HF samples as fake tag"},
459 {"snoop", CmdHF14BSnoop, 0, "Eavesdrop ISO 14443"},
460 {"sri512read", CmdSri512Read, 0, "Read contents of a SRI512 tag"},
461 {"srix4kread", CmdSrix4kRead, 0, "Read contents of a SRIX4K tag"},
462 {"raw", CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
463 {"write", CmdHF14BWrite, 0, "Write data to a SRI512 | SRIX4K tag"},
464 {NULL, NULL, 0, NULL}
465 };
466
467 int CmdHF14B(const char *Cmd)
468 {
469 CmdsParse(CommandTable, Cmd);
470 return 0;
471 }
472
473 int CmdHelp(const char *Cmd)
474 {
475 CmdsHelp(CommandTable);
476 return 0;
477 }
Proxmark3 GIT tracking
Impressum, Datenschutz