]>
cvs.zerfleddert.de Git - proxmark3-svn/blob - common/protocols.h 
   7  //The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501    9  ISO14443A (usually NFC tags)   11          30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes)   12          A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK])   13          52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA)   14          93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)   15          93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)   16          95 20 = Anticollision of cascade level2   17          95 70 = Select of cascade level2   18          50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card)   20          60 = Authenticate with KeyA   21          61 = Authenticate with KeyB   22          40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A)   28          A0 = Compatibility Write (to accomodate MIFARE commands)   29          1A = Step1 Authenticate   30          AF = Step2 Authenticate   37  SRIX4K (tag does not respond to 05)   39          0E xx = SELECT ID (xx = Chip-ID)   41          08 yy = Read Block (yy = block number)   42          09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)   43          0C = Reset to Inventory   45          0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)   49          MANDATORY COMMANDS (all ISO15693 tags must support those)   50                  01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)   52          OPTIONAL COMMANDS (not all tags support them)   53                  20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)   54                  21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)   56                  23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)   63                  2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)   64                  2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)   66  EM Microelectronic CUSTOM COMMANDS   67          A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type)   68          A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value)   69          B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info)   70          E4 = Login (followed by 1byte IC Manufacturer code+4bytes password)   71  NXP/Philips CUSTOM COMMANDS   73          A1 = Fast Inventory Read   78          A6 = Password Protect EAS   81          B0 = Inventory Page Read   82          B1 = Fast Inventory Page Read   83          B2 = Get Random Number   87          B6 = Bit Password Protection   88          B7 = Lock Page Protection Condition   89          B8 = Get Multiple Block Protection Status   92          BB = 64bit Password Protection   93          40 = Long Range CMD (Standard ISO/TR7003:1990)   96  #define ICLASS_CMD_ACTALL           0x0A   97  #define ICLASS_CMD_READ_OR_IDENTIFY 0x0C   98  #define ICLASS_CMD_SELECT           0x81   99  #define ICLASS_CMD_PAGESEL          0x84  100  #define ICLASS_CMD_READCHECK_KD     0x88  101  #define ICLASS_CMD_READCHECK_KC     0x18  102  #define ICLASS_CMD_CHECK_KC         0x95  103  #define ICLASS_CMD_CHECK_KD         0x05  104  #define ICLASS_CMD_DETECT           0x0F  105  #define ICLASS_CMD_HALT             0x00  106  #define ICLASS_CMD_UPDATE           0x87  107  #define ICLASS_CMD_ACT              0x8E  108  #define ICLASS_CMD_READ4            0x06  111  #define ISO14443A_CMD_REQA       0x26  112  #define ISO14443A_CMD_WUPA       0x52  113  #define ISO14443A_CMD_ANTICOLL_OR_SELECT     0x93  114  #define ISO14443A_CMD_ANTICOLL_OR_SELECT_2   0x95  115  #define ISO14443A_CMD_ANTICOLL_OR_SELECT_3   0x97  116  #define ISO14443A_CMD_HALT       0x50  117  #define ISO14443A_CMD_RATS       0xE0  119  #define MIFARE_CMD_READBLOCK     0x30  120  #define MIFARE_CMD_WRITEBLOCK    0xA0  121  #define MIFARE_AUTH_KEYA         0x60  122  #define MIFARE_AUTH_KEYB         0x61  123  #define MIFARE_MAGICWUPC1        0x40  124  #define MIFARE_MAGICWUPC2        0x43  125  #define MIFARE_MAGICWIPEC        0x41  126  #define MIFARE_CMD_INC           0xC0  127  #define MIFARE_CMD_DEC           0xC1  128  #define MIFARE_CMD_RESTORE       0xC2  129  #define MIFARE_CMD_TRANSFER      0xB0  131  #define MIFARE_EV1_PERSONAL_UID  0x40  132  #define MIFARE_EV1_UIDF0         0x00  133  #define MIFARE_EV1_UIDF1         0x40  134  #define MIFARE_EV1_UIDF2         0x20  135  #define MIFARE_EV1_UIDF3         0x60  136  #define MIFARE_EV1_SETMODE       0x43  138  #define MIFARE_ULC_WRITE         0xA2  139  #define MIFARE_ULC_COMP_WRITE    MIFARE_CMD_WRITEBLOCK  140  #define MIFARE_ULC_AUTH_1        0x1A  141  #define MIFARE_ULC_AUTH_2        0xAF  143  #define MIFARE_ULEV1_AUTH        0x1B  144  #define MIFARE_ULEV1_VERSION     0x60  145  #define MIFARE_ULEV1_FASTREAD    0x3A  146  #define MIFARE_ULEV1_WRITE       0xA2  147  #define MIFARE_ULEV1_COMP_WRITE  MIFARE_CMD_WRITEBLOCK  148  #define MIFARE_ULEV1_READ_CNT    0x39  149  #define MIFARE_ULEV1_INCR_CNT    0xA5  150  #define MIFARE_ULEV1_READSIG     0x3C  151  #define MIFARE_ULEV1_CHECKTEAR   0x3E  152  #define MIFARE_ULEV1_VCSL        0x4B  154  // mifare 4bit card answers  155  #define CARD_ACK                 0x0A   // 1010 - ACK  156  #define CARD_NACK_NA             0x04   // 0100 - NACK, not allowed (command not allowed)  157  #define CARD_NACK_TR             0x05   // 0101 - NACK, transmission error  162  0E xx = SELECT ID (xx = Chip-ID)  164  08 yy = Read Block (yy = block number)  165  09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)  166  0C = Reset to Inventory  168  0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)  171  #define ISO14443B_REQB         0x05  172  #define ISO14443B_ATTRIB       0x1D  173  #define ISO14443B_HALT         0x50  174  #define ISO14443B_INITIATE     0x06  175  #define ISO14443B_SELECT       0x0E  176  #define ISO14443B_GET_UID      0x0B  177  #define ISO14443B_READ_BLK     0x08  178  #define ISO14443B_WRITE_BLK    0x09  179  #define ISO14443B_RESET        0x0C  180  #define ISO14443B_COMPLETION   0x0F  181  #define ISO14443B_AUTHENTICATE 0x0A  184  #define ISO15693_INVENTORY                   0x01  185  #define ISO15693_STAYQUIET                   0x02  186  #define ISO15693_READBLOCK                   0x20  187  #define ISO15693_WRITEBLOCK                  0x21  188  #define ISO15693_LOCKBLOCK                   0x22  189  #define ISO15693_READ_MULTI_BLOCK            0x23  190  #define ISO15693_SELECT                      0x25  191  #define ISO15693_RESET_TO_READY              0x26  192  #define ISO15693_WRITE_AFI                   0x27  193  #define ISO15693_LOCK_AFI                    0x28  194  #define ISO15693_WRITE_DSFID                 0x29  195  #define ISO15693_LOCK_DSFID                  0x2A  196  #define ISO15693_GET_SYSTEM_INFO             0x2B  197  #define ISO15693_READ_MULTI_SECSTATUS        0x2C  199  // ISO15693 REQUEST FLAGS  200  #define ISO15693_REQ_SUBCARRIER_TWO          (1<<0)  201  #define ISO15693_REQ_DATARATE_HIGH           (1<<1)  202  #define ISO15693_REQ_INVENTORY               (1<<2)  203  #define ISO15693_REQ_PROTOCOL_EXT            (1<<3)  // RFU  204  #define ISO15693_REQ_OPTION                  (1<<6)  // Command specific option selector  205  // when REQ_INVENTORY is not set  206  #define ISO15693_REQ_SELECT                  (1<<4)  // only selected cards response  207  #define ISO15693_REQ_ADDRESS                 (1<<5)  // this req contains an address  208  // when REQ_INVENTORY is set  209  #define ISO15693_REQINV_AFI                  (1<<4)  // AFI Field is present  210  #define ISO15693_REQINV_SLOT1                (1<<5)  // 1 Slot     (16 slots if not set)  212  // ISO15693 RESPONSE FLAGS  213  #define ISO15693_RES_ERROR                   (1<<0)  214  #define ISO15693_RES_EXT                     (1<<3)  // Protocol Extention         216  // ISO15693 RESPONSE ERROR CODES  217  #define ISO15693_NOERROR                     0x00  218  #define ISO15693_ERROR_CMD_NOT_SUP           0x01  // Command not supported  219  #define ISO15693_ERROR_CMD_NOT_REC           0x02  // Command not recognized (eg. parameter error)  220  #define ISO15693_ERROR_CMD_OPTION            0x03  // Command option not supported  221  #define ISO15693_ERROR_GENERIC               0x0F  // No additional Info about this error  222  #define ISO15693_ERROR_BLOCK_UNAVAILABLE     0x10  223  #define ISO15693_ERROR_BLOCK_LOCKED_ALREADY  0x11  // cannot lock again  224  #define ISO15693_ERROR_BLOCK_LOCKED          0x12  // cannot be changed  225  #define ISO15693_ERROR_BLOCK_WRITE           0x13  // Writing was unsuccessful  226  #define ISO15693_ERROR_BLOCL_WRITELOCK       0x14  // Locking was unsuccessful  229  // Topaz command set:  230  #define TOPAZ_REQA                                              0x26     // Request  231  #define TOPAZ_WUPA                                              0x52     // WakeUp  232  #define TOPAZ_RID                                               0x78     // Read ID  233  #define TOPAZ_RALL                                              0x00     // Read All (all bytes)  234  #define TOPAZ_READ                                              0x01     // Read (a single byte)  235  #define TOPAZ_WRITE_E                                   0x53     // Write-with-erase (a single byte)  236  #define TOPAZ_WRITE_NE                                  0x1a     // Write-no-erase (a single byte)  237  // additional commands for Dynamic Memory Model  238  #define TOPAZ_RSEG                                              0x10     // Read segment  239  #define TOPAZ_READ8                                             0x02     // Read (eight bytes)  240  #define TOPAZ_WRITE_E8                                  0x54     // Write-with-erase (eight bytes)  241  #define TOPAZ_WRITE_NE8                                 0x1B     // Write-no-erase (eight bytes)  244  #define HITAG1_SET_CCNEW                0xC2     // left 5 bits only  245  #define HITAG1_READ_ID                  0x00     // not a real command, consists of 5 bits length, <length> bits partial SN, 8 bits CRC  246  #define HITAG1_SELECT                   0x00     // left 5 bits only, followed by 32 bits SN and 8 bits CRC  247  #define HITAG1_WRPPAGE                  0x80     // left 4 bits only, followed by 8 bits page and 8 bits CRC  248  #define HITAG1_WRPBLK                   0x90     // left 4 bits only, followed by 8 bits block and 8 bits CRC  249  #define HITAG1_WRCPAGE                  0xA0     // left 4 bits only, followed by 8 bits page or key information and 8 bits CRC  250  #define HITAG1_WRCBLK                   0xB0     // left 4 bits only, followed by 8 bits block and 8 bits CRC  251  #define HITAG1_RDPPAGE                  0xC0     // left 4 bits only, followed by 8 bits page and 8 bits CRC  252  #define HITAG1_RDPBLK                   0xD0     // left 4 bits only, followed by 8 bits block and 8 bits CRC  253  #define HITAG1_RDCPAGE                  0xE0     // left 4 bits only, followed by 8 bits page and 8 bits CRC  254  #define HITAG1_RDCBLK                   0xF0     // left 4 bits only, followed by 8 bits block and 8 bits CRC  255  #define HITAG1_HALT                     0x70     // left 4 bits only, followed by 8 bits (dummy) page and 8 bits CRC  258  #define HITAG2_START_AUTH               0xC0     // left 5 bits only  259  #define HITAG2_READ_PAGE                0xC0     // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits  260  #define HITAG2_READ_PAGE_INVERTED       0x44     // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits  261  #define HITAG2_WRITE_PAGE               0x82     // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits  262  #define HITAG2_HALT                     0x00     // left 5 bits only  268  #define PROTO_MIFARE  4  271  #define ISO_14443_4   7  275  #define FUSE_FPERS   0x80  276  #define FUSE_CODING1 0x40  277  #define FUSE_CODING0 0x20  278  #define FUSE_CRYPT1  0x10  279  #define FUSE_CRYPT0  0x08  280  #define FUSE_FPROD1  0x04  281  #define FUSE_FPROD0  0x02  284  // ISO 7816-4 Basic interindustry commands. For command APDU's.  285  #define ISO7816_ERASE_BINARY             0x0E  286  #define ISO7816_VERIFY                   0x20  287  #define ISO7816_MANAGE_CHANNEL           0x70  288  #define ISO7816_EXTERNAL_AUTHENTICATE    0x82  289  #define ISO7816_GET_CHALLENGE            0x84  290  #define ISO7816_INTERNAL_AUTHENTICATE    0x88  291  #define ISO7816_SELECT_FILE              0xA4  292  #define ISO7816_GET_PROCESSING_OPTIONS   0xA8  293  #define ISO7816_READ_BINARY              0xB0  294  #define ISO7816_READ_RECORDS             0xB2  295  #define ISO7816_GET_RESPONSE             0xC0  296  #define ISO7816_ENVELOPE                 0xC2  297  #define ISO7816_GET_DATA                 0xCA  298  #define ISO7816_WRITE_BINARY             0xD0  299  #define ISO7816_WRITE_RECORD             0xD2  300  #define ISO7816_UPDATE_BINARY            0xD6  301  #define ISO7816_PUT_DATA                 0xDA  302  #define ISO7816_UPDATE_DATA              0xDC  303  #define ISO7816_APPEND_RECORD            0xE2  304  // ISO7816-4    For response APDU's  305  #define ISO7816_OK                       0x9000  307  #define ISO7816_MAX_FRAME_SIZE           261  310  /* T55x7 configuration register definitions */  311  #define T55x7_POR_DELAY             0x00000001  312  #define T55x7_ST_TERMINATOR         0x00000008  313  #define T55x7_PWD                   0x00000010  314  #define T55x7_MAXBLOCK_SHIFT        5  315  #define T55x7_AOR                   0x00000200  316  #define T55x7_PSKCF_RF_2            0  317  #define T55x7_PSKCF_RF_4            0x00000400  318  #define T55x7_PSKCF_RF_8            0x00000800  319  #define T55x7_MODULATION_DIRECT     0  320  #define T55x7_MODULATION_PSK1       0x00001000  321  #define T55x7_MODULATION_PSK2       0x00002000  322  #define T55x7_MODULATION_PSK3       0x00003000  323  #define T55x7_MODULATION_FSK1       0x00004000  324  #define T55x7_MODULATION_FSK2       0x00005000  325  #define T55x7_MODULATION_FSK1a      0x00006000  326  #define T55x7_MODULATION_FSK2a      0x00007000  327  #define T55x7_MODULATION_MANCHESTER 0x00008000  328  #define T55x7_MODULATION_BIPHASE    0x00010000  329  #define T55x7_MODULATION_DIPHASE    0x00018000  330  #define T55x7_X_MODE                0x00020000  331  #define T55x7_BITRATE_RF_8          0  332  #define T55x7_BITRATE_RF_16         0x00040000  333  #define T55x7_BITRATE_RF_32         0x00080000  334  #define T55x7_BITRATE_RF_40         0x000C0000  335  #define T55x7_BITRATE_RF_50         0x00100000  336  #define T55x7_BITRATE_RF_64         0x00140000  337  #define T55x7_BITRATE_RF_100        0x00180000  338  #define T55x7_BITRATE_RF_128        0x001C0000  340  /* T5555 (Q5) configuration register definitions */  341  #define T5555_ST_TERMINATOR         0x00000001  342  #define T5555_MAXBLOCK_SHIFT        0x00000001  343  #define T5555_MODULATION_MANCHESTER 0  344  #define T5555_MODULATION_PSK1       0x00000010  345  #define T5555_MODULATION_PSK2       0x00000020  346  #define T5555_MODULATION_PSK3       0x00000030  347  #define T5555_MODULATION_FSK1       0x00000040  348  #define T5555_MODULATION_FSK2       0x00000050  349  #define T5555_MODULATION_BIPHASE    0x00000060  350  #define T5555_MODULATION_DIRECT     0x00000070  351  #define T5555_INVERT_OUTPUT         0x00000080  352  #define T5555_PSK_RF_2              0  353  #define T5555_PSK_RF_4              0x00000100  354  #define T5555_PSK_RF_8              0x00000200  355  #define T5555_USE_PWD               0x00000400  356  #define T5555_USE_AOR               0x00000800  357  #define T5555_SET_BITRATE(x)        (((x-2)/2)<<12)  358  #define T5555_GET_BITRATE(x)        ((((x >> 12) & 0x3F)*2)+2)  359  #define T5555_BITRATE_SHIFT         12  //(RF=2n+2)   ie 64=2*0x1F+2   or n = (RF-2)/2  360  #define T5555_FAST_WRITE            0x00004000  361  #define T5555_PAGE_SELECT           0x00008000  363  #define T55XX_WRITE_TIMEOUT 1500  365  uint32_t  GetT55xxClockBit ( uint32_t  clock
);  367  // em4x05 & em4x69 chip configuration register definitions  368  #define EM4x05_GET_BITRATE(x)         (((x & 0x3F)*2)+2)  369  #define EM4x05_SET_BITRATE(x)         ((x-2)/2)  370  #define EM4x05_MODULATION_NRZ         0x00000000  371  #define EM4x05_MODULATION_MANCHESTER  0x00000040  372  #define EM4x05_MODULATION_BIPHASE     0x00000080  373  #define EM4x05_MODULATION_MILLER      0x000000C0  //not supported by all 4x05/4x69 chips  374  #define EM4x05_MODULATION_PSK1        0x00000100  //not supported by all 4x05/4x69 chips  375  #define EM4x05_MODULATION_PSK2        0x00000140  //not supported by all 4x05/4x69 chips  376  #define EM4x05_MODULATION_PSK3        0x00000180  //not supported by all 4x05/4x69 chips  377  #define EM4x05_MODULATION_FSK1        0x00000200  //not supported by all 4x05/4x69 chips  378  #define EM4x05_MODULATION_FSK2        0x00000240  //not supported by all 4x05/4x69 chips  379  #define EM4x05_PSK_RF_2               0  380  #define EM4x05_PSK_RF_4               0x00000400  381  #define EM4x05_PSK_RF_8               0x00000800  382  #define EM4x05_MAXBLOCK_SHIFT         14  383  #define EM4x05_FIRST_USER_BLOCK       5  384  #define EM4x05_SET_NUM_BLOCKS(x)      ((x+5-1)<<14)  //# of blocks sent during default read mode  385  #define EM4x05_GET_NUM_BLOCKS(x)      (((x>>14) & 0xF)-5+1)  386  #define EM4x05_READ_LOGIN_REQ         1<<18  387  #define EM4x05_READ_HK_LOGIN_REQ      1<<19  388  #define EM4x05_WRITE_LOGIN_REQ        1<<20  389  #define EM4x05_WRITE_HK_LOGIN_REQ     1<<21  390  #define EM4x05_READ_AFTER_WRITE       1<<22  391  #define EM4x05_DISABLE_ALLOWED        1<<23  392  #define EM4x05_READER_TALK_FIRST      1<<24