]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdhf14b.c
projects / proxmark3-svn / blob
? search:


acbd0c2c160cb00e108d446453200dc182168cf6
[proxmark3-svn] / client / cmdhf14b.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // High frequency ISO14443B commands
9 //-----------------------------------------------------------------------------
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <stdbool.h>
14 #include <string.h>
15 #include <stdint.h>
16 #include "iso14443crc.h"
17 #include "proxmark3.h"
18 #include "data.h"
19 #include "graph.h"
20 #include "util.h"
21 #include "ui.h"
22 #include "cmdparser.h"
23 #include "cmdhf14b.h"
24 #include "cmdmain.h"
25 #include "cmdhf14a.h"
26
27 static int CmdHelp(const char *Cmd);
28
29 int CmdHF14BList(const char *Cmd)
30 {
31 PrintAndLog("Deprecated command, use 'hf list 14b' instead");
32
33 return 0;
34 }
35
36 int CmdHF14BSim(const char *Cmd)
37 {
38 UsbCommand c={CMD_SIMULATE_TAG_ISO_14443B};
39 clearCommandBuffer();
40 SendCommand(&c);
41 return 0;
42 }
43
44 int CmdHF14BSnoop(const char *Cmd)
45 {
46 UsbCommand c = {CMD_SNOOP_ISO_14443B};
47 clearCommandBuffer();
48 SendCommand(&c);
49 return 0;
50 }
51
52 /* New command to read the contents of a SRI512 tag
53 * SRI512 tags are ISO14443-B modulated memory tags,
54 * this command just dumps the contents of the memory
55 */
56 int CmdSri512Read(const char *Cmd)
57 {
58 UsbCommand c = {CMD_READ_SRI512_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
59 clearCommandBuffer();
60 SendCommand(&c);
61 return 0;
62 }
63
64 /* New command to read the contents of a SRIX4K tag
65 * SRIX4K tags are ISO14443-B modulated memory tags,
66 * this command just dumps the contents of the memory/
67 */
68 int CmdSrix4kRead(const char *Cmd)
69 {
70 UsbCommand c = {CMD_READ_SRIX4K_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
71 clearCommandBuffer();
72 SendCommand(&c);
73 return 0;
74 }
75
76 int rawClose(void){
77 UsbCommand resp;
78 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}};
79 clearCommandBuffer();
80 SendCommand(&c);
81 if (!WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
82 return 0;
83 }
84 return 0;
85 }
86
87 int HF14BCmdRaw(bool reply, bool *crc, bool power, uint8_t *data, uint8_t *datalen, bool verbose){
88 UsbCommand resp;
89 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}}; // len,recv,power
90 if(*crc)
91 {
92 uint8_t first, second;
93 ComputeCrc14443(CRC_14443_B, data, *datalen, &first, &second);
94 data[*datalen] = first;
95 data[*datalen + 1] = second;
96 *datalen += 2;
97 }
98
99 c.arg[0] = *datalen;
100 c.arg[1] = reply;
101 c.arg[2] = power;
102 memcpy(c.d.asBytes,data,*datalen);
103 clearCommandBuffer();
104 SendCommand(&c);
105
106 if (!reply) return 1;
107
108 if (!WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
109 if (verbose) PrintAndLog("timeout while waiting for reply.");
110 return 0;
111 }
112 *datalen = resp.arg[0];
113 if (verbose) PrintAndLog("received %u octets", *datalen);
114 if(*datalen<2) return 0;
115
116 memcpy(data, resp.d.asBytes, *datalen);
117 if (verbose) PrintAndLog("%s", sprint_hex(data, *datalen));
118
119 uint8_t first, second;
120 ComputeCrc14443(CRC_14443_B, data, *datalen-2, &first, &second);
121 if(data[*datalen-2] == first && data[*datalen-1] == second) {
122 if (verbose) PrintAndLog("CRC OK");
123 *crc = true;
124 } else {
125 if (verbose) PrintAndLog("CRC failed");
126 *crc = false;
127 }
128 return 1;
129 }
130
131 int CmdHF14BCmdRaw (const char *Cmd) {
132 bool reply = true;
133 bool crc = false;
134 bool power = false;
135 char buf[5] = "";
136 uint8_t data[100] = {0x00};
137 uint8_t datalen = 0;
138 unsigned int temp;
139 int i = 0;
140 if (strlen(Cmd)<3) {
141 PrintAndLog("Usage: hf 14b raw [-r] [-c] [-p] <0A 0B 0C ... hex>");
142 PrintAndLog(" -r do not read response");
143 PrintAndLog(" -c calculate and append CRC");
144 PrintAndLog(" -p leave the field on after receive");
145 return 0;
146 }
147
148 // strip
149 while (*Cmd==' ' || *Cmd=='\t') Cmd++;
150
151 while (Cmd[i]!='\0') {
152 if (Cmd[i]==' ' || Cmd[i]=='\t') { i++; continue; }
153 if (Cmd[i]=='-') {
154 switch (Cmd[i+1]) {
155 case 'r':
156 case 'R':
157 reply = false;
158 break;
159 case 'c':
160 case 'C':
161 crc = true;
162 break;
163 case 'p':
164 case 'P':
165 power = true;
166 break;
167 default:
168 PrintAndLog("Invalid option");
169 return 0;
170 }
171 i+=2;
172 continue;
173 }
174 if ((Cmd[i]>='0' && Cmd[i]<='9') ||
175 (Cmd[i]>='a' && Cmd[i]<='f') ||
176 (Cmd[i]>='A' && Cmd[i]<='F') ) {
177 buf[strlen(buf)+1]=0;
178 buf[strlen(buf)]=Cmd[i];
179 i++;
180
181 if (strlen(buf)>=2) {
182 sscanf(buf,"%x",&temp);
183 data[datalen++]=(uint8_t)(temp & 0xff);
184 *buf=0;
185 }
186 continue;
187 }
188 PrintAndLog("Invalid char on input");
189 return 1;
190 }
191 if (datalen == 0)
192 {
193 PrintAndLog("Missing data input");
194 return 0;
195 }
196
197 return HF14BCmdRaw(reply, &crc, power, data, &datalen, true);
198 }
199
200 // print full atqb info
201 static void print_atqb_resp(uint8_t *data){
202 PrintAndLog (" UID: %s", sprint_hex(data+1,4));
203 PrintAndLog (" App Data: %s", sprint_hex(data+5,4));
204 PrintAndLog (" Protocol: %s", sprint_hex(data+9,3));
205 uint8_t BitRate = data[9];
206 if (!BitRate)
207 PrintAndLog (" Bit Rate: 106 kbit/s only PICC <-> PCD");
208 if (BitRate & 0x10)
209 PrintAndLog (" Bit Rate: 212 kbit/s PICC -> PCD supported");
210 if (BitRate & 0x20)
211 PrintAndLog (" Bit Rate: 424 kbit/s PICC -> PCD supported");
212 if (BitRate & 0x40)
213 PrintAndLog (" Bit Rate: 847 kbit/s PICC -> PCD supported");
214 if (BitRate & 0x01)
215 PrintAndLog (" Bit Rate: 212 kbit/s PICC <- PCD supported");
216 if (BitRate & 0x02)
217 PrintAndLog (" Bit Rate: 424 kbit/s PICC <- PCD supported");
218 if (BitRate & 0x04)
219 PrintAndLog (" Bit Rate: 847 kbit/s PICC <- PCD supported");
220 if (BitRate & 0x80)
221 PrintAndLog (" Same bit rate <-> required");
222
223 uint16_t maxFrame = data[10]>>4;
224 if (maxFrame < 5)
225 maxFrame = 8*maxFrame + 16;
226 else if (maxFrame == 5)
227 maxFrame = 64;
228 else if (maxFrame == 6)
229 maxFrame = 96;
230 else if (maxFrame == 7)
231 maxFrame = 128;
232 else if (maxFrame == 8)
233 maxFrame = 256;
234 else
235 maxFrame = 257;
236
237 PrintAndLog ("Max Frame Size: %d%s",maxFrame, (maxFrame == 257) ? "+ RFU" : "");
238
239 uint8_t protocolT = data[10] & 0xF;
240 PrintAndLog (" Protocol Type: Protocol is %scompliant with ISO/IEC 14443-4",(protocolT) ? "" : "not " );
241 PrintAndLog ("Frame Wait Int: %d", data[11]>>4);
242 PrintAndLog (" App Data Code: Application is %s",(data[11]&4) ? "Standard" : "Proprietary");
243 PrintAndLog (" Frame Options: NAD is %ssupported",(data[11]&2) ? "" : "not ");
244 PrintAndLog (" Frame Options: CID is %ssupported",(data[11]&1) ? "" : "not ");
245
246 return;
247 }
248
249 // get SRx chip model (from UID) // from ST Microelectronics
250 char *get_ST_Chip_Model(uint8_t data){
251 static char model[20];
252 char *retStr = model;
253 memset(model,0, sizeof(model));
254
255 switch (data) {
256 case 0x0: sprintf(retStr, "SRIX4K (Special)"); break;
257 case 0x2: sprintf(retStr, "SR176"); break;
258 case 0x3: sprintf(retStr, "SRIX4K"); break;
259 case 0x4: sprintf(retStr, "SRIX512"); break;
260 case 0x6: sprintf(retStr, "SRI512"); break;
261 case 0x7: sprintf(retStr, "SRI4K"); break;
262 case 0xC: sprintf(retStr, "SRT512"); break;
263 default : sprintf(retStr, "Unknown"); break;
264 }
265 return retStr;
266 }
267
268 // print UID info from SRx chips (ST Microelectronics)
269 static void print_st_general_info(uint8_t *data){
270 //uid = first 8 bytes in data
271 PrintAndLog(" UID: %s", sprint_hex(SwapEndian64(data,8,8),8));
272 PrintAndLog(" MFG: %02X, %s", data[6], getTagInfo(data[6]));
273 PrintAndLog("Chip: %02X, %s", data[5]>>2, get_ST_Chip_Model(data[5]>>2));
274 return;
275 }
276
277 // 14b get and print Full Info (as much as we know)
278 int HF14BStdInfo(uint8_t *data, uint8_t *datalen){
279 if (!HF14BStdReader(data,datalen)) return 0;
280
281 //add more info here
282 print_atqb_resp(data);
283
284 return 1;
285 }
286
287 // 14b get and print UID only (general info)
288 int HF14BStdReader(uint8_t *data, uint8_t *datalen){
289 //05 00 00 = find one tag in field
290 //1d xx xx xx xx 20 00 08 01 00 = attrib xx=crc
291 //a3 = ? (resp 03 e2 c2)
292 //02 = ? (resp 02 6a d3)
293 // 022b (resp 02 67 00 [29 5b])
294 // 0200a40400 (resp 02 67 00 [29 5b])
295 // 0200a4040c07a0000002480300 (resp 02 67 00 [29 5b])
296 // 0200a4040c07a0000002480200 (resp 02 67 00 [29 5b])
297 // 0200a4040006a0000000010100 (resp 02 6a 82 [4b 4c])
298 // 0200a4040c09d27600002545500200 (resp 02 67 00 [29 5b])
299 // 0200a404000cd2760001354b414e4d30310000 (resp 02 6a 82 [4b 4c])
300 // 0200a404000ca000000063504b43532d313500 (resp 02 6a 82 [4b 4c])
301 // 0200a4040010a000000018300301000000000000000000 (resp 02 6a 82 [4b 4c])
302 //03 = ? (resp 03 [e3 c2])
303 //c2 = ? (resp c2 [66 15])
304 //b2 = ? (resp a3 [e9 67])
305 bool crc = true;
306 *datalen = 3;
307 //std read cmd
308 data[0] = 0x05;
309 data[1] = 0x00;
310 data[2] = 0x08;
311
312 if (HF14BCmdRaw(true, &crc, false, data, datalen, false)==0) return 0;
313
314 if (data[0] != 0x50 || *datalen != 14 || !crc) return 0;
315
316 PrintAndLog ("\n14443-3b tag found:");
317 PrintAndLog (" UID: %s", sprint_hex(data+1,4));
318
319 return 1;
320 }
321
322 // SRx get and print full info (needs more info...)
323 int HF14B_ST_Info(uint8_t *data, uint8_t *datalen){
324 if (!HF14B_ST_Reader(data, datalen)) return 0;
325
326 //add locking bit information here.
327
328
329 return 1;
330 }
331
332 // SRx get and print general info about SRx chip from UID
333 int HF14B_ST_Reader(uint8_t *data, uint8_t *datalen){
334 bool crc = true;
335 *datalen = 2;
336 //wake cmd
337 data[0] = 0x06;
338 data[1] = 0x00;
339
340 //leave power on
341 // verbose on for now for testing - turn off when functional
342 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose();
343
344 if (*datalen != 3 || !crc) return rawClose();
345
346 uint8_t chipID = data[0];
347 // select
348 data[0] = 0x0E;
349 data[1] = chipID;
350 *datalen = 2;
351
352 //leave power on
353 // verbose on for now for testing - turn off when functional
354 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose();
355
356 if (*datalen != 3 || !crc || data[0] != chipID) return rawClose();
357
358 // get uid
359 data[0] = 0x0B;
360 *datalen = 1;
361
362 //power off
363 // verbose on for now for testing - turn off when functional
364 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return 0;
365 rawClose();
366 if (*datalen != 10 || !crc) return 0;
367
368 PrintAndLog("\n14443-3b ST tag found:");
369 print_st_general_info(data);
370 return 1;
371 }
372
373 // test for other 14b type tags (mimic another reader - don't have tags to identify)
374 int HF14B_Other_Reader(uint8_t *data, uint8_t *datalen){
375 bool crc = true;
376 *datalen = 4;
377 //std read cmd
378 data[0] = 0x00;
379 data[1] = 0x0b;
380 data[2] = 0x3f;
381 data[3] = 0x80;
382
383 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) {
384 if (*datalen > 2 || !crc) {
385 PrintAndLog ("\n14443-3b tag found:");
386 PrintAndLog ("Unknown tag type answered to a 0x000b3f80 command ans:");
387 PrintAndLog ("%s",sprint_hex(data,*datalen));
388 return 1;
389 }
390 }
391
392 crc = false;
393 *datalen = 1;
394 data[0] = 0x0a;
395
396 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) {
397 if (*datalen > 0) {
398 PrintAndLog ("\n14443-3b tag found:");
399 PrintAndLog ("Unknown tag type answered to a 0x0A command ans:");
400 PrintAndLog ("%s",sprint_hex(data,*datalen));
401 return 1;
402 }
403 }
404
405 crc = false;
406 *datalen = 1;
407 data[0] = 0x0c;
408
409 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) {
410 if (*datalen > 0) {
411 PrintAndLog ("\n14443-3b tag found:");
412 PrintAndLog ("Unknown tag type answered to a 0x0C command ans:");
413 PrintAndLog ("%s",sprint_hex(data,*datalen));
414 return 1;
415 }
416 }
417 rawClose();
418 return 0;
419 }
420
421 // get and print all info known about any known 14b tag
422 int HF14BInfo(bool verbose){
423 uint8_t data[100];
424 uint8_t datalen = 5;
425
426 // try std 14b (atqb)
427 if (HF14BStdInfo(data, &datalen)) return 1;
428
429 // try st 14b
430 if (HF14B_ST_Info(data, &datalen)) return 1;
431
432 // try unknown 14b read commands (to be identified later)
433 // could be read of calypso, CEPAS, moneo, or pico pass.
434 if (HF14B_Other_Reader(data, &datalen)) return 1;
435
436 if (verbose) PrintAndLog("no 14443B tag found");
437 return 0;
438 }
439
440 // menu command to get and print all info known about any known 14b tag
441 int CmdHF14Binfo(const char *Cmd){
442 return HF14BInfo(true);
443 }
444
445 // get and print general info about all known 14b chips
446 int HF14BReader(bool verbose){
447 uint8_t data[100];
448 uint8_t datalen = 5;
449
450 // try std 14b (atqb)
451 if (HF14BStdReader(data, &datalen)) return 1;
452
453 // try st 14b
454 if (HF14B_ST_Reader(data, &datalen)) return 1;
455
456 // try unknown 14b read commands (to be identified later)
457 // could be read of calypso, CEPAS, moneo, or pico pass.
458 if (HF14B_Other_Reader(data, &datalen)) return 1;
459
460 if (verbose) PrintAndLog("no 14443B tag found");
461 return 0;
462 }
463
464 // menu command to get and print general info about all known 14b chips
465 int CmdHF14BReader(const char *Cmd){
466 return HF14BReader(true);
467 }
468
469 int CmdSriWrite( const char *Cmd){
470 /*
471 * For SRIX4K blocks 00 - 7F
472 * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
473 *
474 * For SR512 blocks 00 - 0F
475 * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
476 *
477 * Special block FF = otp_lock_reg block.
478 * Data len 4 bytes-
479 */
480 char cmdp = param_getchar(Cmd, 0);
481 uint8_t blockno = -1;
482 uint8_t data[4] = {0x00};
483 bool isSrix4k = true;
484 char str[20];
485
486 if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') {
487 PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
488 PrintAndLog(" [1 = SRIX4K]");
489 PrintAndLog(" [2 = SRI512]");
490 PrintAndLog(" [BLOCK number depends on tag, special block == FF]");
491 PrintAndLog(" sample: hf 14b write 1 7F 11223344");
492 PrintAndLog(" : hf 14b write 1 FF 11223344");
493 PrintAndLog(" : hf 14b write 2 15 11223344");
494 PrintAndLog(" : hf 14b write 2 FF 11223344");
495 return 0;
496 }
497
498 if ( cmdp == '2' )
499 isSrix4k = false;
500
501 //blockno = param_get8(Cmd, 1);
502
503 if ( param_gethex(Cmd,1, &blockno, 2) ) {
504 PrintAndLog("Block number must include 2 HEX symbols");
505 return 0;
506 }
507
508 if ( isSrix4k ){
509 if ( blockno > 0x7f && blockno != 0xff ){
510 PrintAndLog("Block number out of range");
511 return 0;
512 }
513 } else {
514 if ( blockno > 0x0f && blockno != 0xff ){
515 PrintAndLog("Block number out of range");
516 return 0;
517 }
518 }
519
520 if (param_gethex(Cmd, 2, data, 8)) {
521 PrintAndLog("Data must include 8 HEX symbols");
522 return 0;
523 }
524
525 if ( blockno == 0xff)
526 PrintAndLog("[%s] Write special block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512" , blockno, sprint_hex(data,4) );
527 else
528 PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data,4) );
529
530 sprintf(str, "-c 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
531
532 CmdHF14BCmdRaw(str);
533 return 0;
534 }
535
536 static command_t CommandTable[] =
537 {
538 {"help", CmdHelp, 1, "This help"},
539 {"info", CmdHF14Binfo, 0, "Find and print details about a 14443B tag"},
540 {"list", CmdHF14BList, 0, "[Deprecated] List ISO 14443B history"},
541 {"reader", CmdHF14BReader, 0, "Act as a 14443B reader to identify a tag"},
542 {"sim", CmdHF14BSim, 0, "Fake ISO 14443B tag"},
543 {"snoop", CmdHF14BSnoop, 0, "Eavesdrop ISO 14443B"},
544 {"sri512read", CmdSri512Read, 0, "Read contents of a SRI512 tag"},
545 {"srix4kread", CmdSrix4kRead, 0, "Read contents of a SRIX4K tag"},
546 {"sriwrite", CmdSriWrite, 0, "Write data to a SRI512 | SRIX4K tag"},
547 {"raw", CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
548 {NULL, NULL, 0, NULL}
549 };
550
551 int CmdHF14B(const char *Cmd)
552 {
553 CmdsParse(CommandTable, Cmd);
554 return 0;
555 }
556
557 int CmdHelp(const char *Cmd)
558 {
559 CmdsHelp(CommandTable);
560 return 0;
561 }
Proxmark3 GIT tracking
Impressum, Datenschutz