#include "util.h"
#include "cmdparser.h"
#include "iso15693tools.h"
+#include "protocols.h"
#include "cmdmain.h"
-#define FrameSOF Iso15693FrameSOF
-#define Logic0 Iso15693Logic0
-#define Logic1 Iso15693Logic1
-#define FrameEOF Iso15693FrameEOF
-
#define Crc(data,datalen) Iso15693Crc(data,datalen)
#define AddCrc(data,datalen) Iso15693AddCrc(data,datalen)
#define sprintUID(target,uid) Iso15693sprintUID(target,uid)
+// SOF defined as
+// 1) Unmodulated time of 56.64us
+// 2) 24 pulses of 423.75khz
+// 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz)
+
+static const int Iso15693FrameSOF[] = {
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ -1, -1, -1, -1,
+ -1, -1, -1, -1,
+ 1, 1, 1, 1,
+ 1, 1, 1, 1
+};
+static const int Iso15693Logic0[] = {
+ 1, 1, 1, 1,
+ 1, 1, 1, 1,
+ -1, -1, -1, -1,
+ -1, -1, -1, -1
+};
+static const int Iso15693Logic1[] = {
+ -1, -1, -1, -1,
+ -1, -1, -1, -1,
+ 1, 1, 1, 1,
+ 1, 1, 1, 1
+};
+
+// EOF defined as
+// 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us)
+// 2) 24 pulses of 423.75khz
+// 3) Unmodulated time of 56.64us
+
+static const int Iso15693FrameEOF[] = {
+ 1, 1, 1, 1,
+ 1, 1, 1, 1,
+ -1, -1, -1, -1,
+ -1, -1, -1, -1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
+};
+
// structure and database for uid -> tagtype lookups
typedef struct {
uint64_t uid;
for (int retry=0;retry<3; retry++) { // don't give up the at the first try
- req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
- ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
- req[1]=ISO15_CMD_INVENTORY;
- req[2]=0; // mask length
- reqlen=AddCrc(req,3);
- c.arg[0]=reqlen;
+ req[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1;
+ req[1] = ISO15693_INVENTORY;
+ req[2] = 0; // mask length
+ reqlen = AddCrc(req,3);
+ c.arg[0] = reqlen;
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
recv = resp.d.asBytes;
- if (resp.arg[0]>=12 && ISO15_CRC_CHECK==Crc(recv,12)) {
+ if (resp.arg[0]>=12 && ISO15693_CRC_CHECK==Crc(recv,12)) {
memcpy(buf,&recv[2],8);
return 1;
}
// First, correlate for SOF
for (i = 0; i < 200; i++) {
int corr = 0;
- for (j = 0; j < arraylen(FrameSOF); j += skip) {
- corr += FrameSOF[j] * GraphBuffer[i + (j / skip)];
+ for (j = 0; j < arraylen(Iso15693FrameSOF); j += skip) {
+ corr += Iso15693FrameSOF[j] * GraphBuffer[i + (j / skip)];
}
if (corr > max) {
max = corr;
}
}
PrintAndLog("SOF at %d, correlation %d", maxPos,
- max / (arraylen(FrameSOF) / skip));
+ max / (arraylen(Iso15693FrameSOF) / skip));
- i = maxPos + arraylen(FrameSOF) / skip;
+ i = maxPos + arraylen(Iso15693FrameSOF) / skip;
int k = 0;
uint8_t outBuf[20];
memset(outBuf, 0, sizeof(outBuf));
uint8_t mask = 0x01;
for (;;) {
int corr0 = 0, corr00 = 0, corr01 = 0, corr1 = 0, corrEOF = 0;
- for(j = 0; j < arraylen(Logic0); j += skip) {
- corr0 += Logic0[j]*GraphBuffer[i+(j/skip)];
+ for(j = 0; j < arraylen(Iso15693Logic0); j += skip) {
+ corr0 += Iso15693Logic0[j]*GraphBuffer[i+(j/skip)];
}
corr01 = corr00 = corr0;
- for(j = 0; j < arraylen(Logic0); j += skip) {
- corr00 += Logic0[j]*GraphBuffer[i+arraylen(Logic0)/skip+(j/skip)];
- corr01 += Logic1[j]*GraphBuffer[i+arraylen(Logic0)/skip+(j/skip)];
+ for(j = 0; j < arraylen(Iso15693Logic0); j += skip) {
+ corr00 += Iso15693Logic0[j]*GraphBuffer[i+arraylen(Iso15693Logic0)/skip+(j/skip)];
+ corr01 += Iso15693Logic1[j]*GraphBuffer[i+arraylen(Iso15693Logic0)/skip+(j/skip)];
}
- for(j = 0; j < arraylen(Logic1); j += skip) {
- corr1 += Logic1[j]*GraphBuffer[i+(j/skip)];
+ for(j = 0; j < arraylen(Iso15693Logic1); j += skip) {
+ corr1 += Iso15693Logic1[j]*GraphBuffer[i+(j/skip)];
}
- for(j = 0; j < arraylen(FrameEOF); j += skip) {
- corrEOF += FrameEOF[j]*GraphBuffer[i+(j/skip)];
+ for(j = 0; j < arraylen(Iso15693FrameEOF); j += skip) {
+ corrEOF += Iso15693FrameEOF[j]*GraphBuffer[i+(j/skip)];
}
// Even things out by the length of the target waveform.
corr00 *= 2;
PrintAndLog("EOF at %d", i);
break;
} else if (corr1 > corr0) {
- i += arraylen(Logic1) / skip;
+ i += arraylen(Iso15693Logic1) / skip;
outBuf[k] |= mask;
} else {
- i += arraylen(Logic0) / skip;
+ i += arraylen(Iso15693Logic0) / skip;
}
mask <<= 1;
if (mask == 0) {
k++;
mask = 0x01;
}
- if ((i + (int)arraylen(FrameEOF)) >= GraphTraceLen) {
+ if ((i + (int)arraylen(Iso15693FrameEOF)) >= GraphTraceLen) {
PrintAndLog("ran off end!");
break;
}
}
// Record Activity without enabling carrier
-// TODO: currently it DOES enable the carrier
-int CmdHF15Record(const char *Cmd)
+int CmdHF15Snoop(const char *Cmd)
{
- UsbCommand c = {CMD_RECORD_RAW_ADC_SAMPLES_ISO_15693};
+ UsbCommand c = {CMD_SNOOP_ISO_15693};
SendCommand(&c);
return 0;
}
PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
+ PrintAndLog("Press the button to stop simulation");
UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
memcpy(c.d.asBytes,uid,8);
for (int retry=0; retry<5; retry++) {
- req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
- ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
- req[1]=ISO15_CMD_READ;
+ req[0]= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS;
+ req[1] = ISO15693_READBLOCK;
memcpy(&req[2],uid,8);
- req[10]=blocknum;
- reqlen=AddCrc(req,11);
- c.arg[0]=reqlen;
+ req[10] = blocknum;
+ reqlen = AddCrc(req,11);
+ c.arg[0] = reqlen;
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
recv = resp.d.asBytes;
- if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
- if (!(recv[0] & ISO15_RES_ERROR)) {
+ if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
+ if (!(recv[0] & ISO15693_RES_ERROR)) {
retry=0;
*output=0; // reset outputstring
sprintf(output, "Block %02x ",blocknum);
// TODO: need fix
// if (resp.arg[0]<3)
// PrintAndLog("Lost Connection");
-// else if (ISO15_CRC_CHECK!=Crc(resp.d.asBytes,resp.arg[0]))
+// else if (ISO15693_CRC_CHECK!=Crc(resp.d.asBytes,resp.arg[0]))
// PrintAndLog("CRC Failed");
// else
// PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1]));
{"help", CmdHF15Help, 1, "This help"},
{"demod", CmdHF15Demod, 1, "Demodulate ISO15693 from tag"},
{"read", CmdHF15Read, 0, "Read HF tag (ISO 15693)"},
- {"record", CmdHF15Record, 0, "Record Samples (ISO 15693)"}, // atrox
+ {"snoop", CmdHF15Snoop, 0, "Eavesdrop ISO 15693 communications"},
{"reader", CmdHF15Reader, 0, "Act like an ISO15693 reader"},
{"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"},
{"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"},
uint8_t *req=c.d.asBytes;
int reqlen=0;
- req[0]= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
- ISO15_REQ_INVENTORY | ISO15_REQINV_SLOT1;
- req[1]=ISO15_CMD_INVENTORY;
- req[2]=0; // mask length
+ req[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1;
+ req[1] = ISO15693_INVENTORY;
+ req[2] = 0; // mask length
reqlen=AddCrc(req,3);
- c.arg[0]=reqlen;
+ c.arg[0] = reqlen;
SendCommand(&c);
while (**cmd==' ' || **cmd=='\t') (*cmd)++;
if (strstr(*cmd,"-o")==*cmd) {
- req[reqlen]=ISO15_REQ_OPTION;
+ req[reqlen]=ISO15693_REQ_OPTION;
(*cmd)+=2;
}
case 's':
case 'S':
// you must have selected the tag earlier
- req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
- ISO15_REQ_NONINVENTORY | ISO15_REQ_SELECT;
- memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
- reqlen+=iso15cmdlen;
+ req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_SELECT;
+ memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
+ reqlen += iso15cmdlen;
break;
case 'u':
case 'U':
// unaddressed mode may not be supported by all vendors
- req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
- ISO15_REQ_NONINVENTORY;
- memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
- reqlen+=iso15cmdlen;
+ req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH;
+ memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
+ reqlen += iso15cmdlen;
break;
case '*':
// we scan for the UID ourself
- req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
- ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
- memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
+ req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS;
+ memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen+=iso15cmdlen;
- if (!getUID(uid)) {
- PrintAndLog("No Tag found");
- return 0;
- }
- memcpy(req+reqlen,uid,8);
- PrintAndLog("Detected UID %s",sprintUID(NULL,uid));
- reqlen+=8;
+ if (!getUID(uid)) {
+ PrintAndLog("No Tag found");
+ return 0;
+ }
+ memcpy(req+reqlen,uid,8);
+ PrintAndLog("Detected UID %s",sprintUID(NULL,uid));
+ reqlen+=8;
break;
default:
- req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH |
- ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
+ req[reqlen++] |= ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_ADDRESS;
memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
reqlen+=iso15cmdlen;
return 0;
}
- prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_SYSINFO},1);
+ prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_GET_SYSTEM_INFO},1);
reqlen=c.arg[0];
reqlen=AddCrc(req,reqlen);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
- if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
- if (!(recv[0] & ISO15_RES_ERROR)) {
+ if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
+ if (!(recv[0] & ISO15693_RES_ERROR)) {
*output=0; // reset outputstring
for ( i=1; i<resp.arg[0]-2; i++) {
sprintf(output+strlen(output),"%02X ",recv[i]);
return 0;
}
- prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_READMULTI},1);
+ prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_READ_MULTI_BLOCK},1);
reqlen=c.arg[0];
pagenum=strtol(cmd,NULL,0);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
- if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
- if (!(recv[0] & ISO15_RES_ERROR)) {
+ if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
+ if (!(recv[0] & ISO15693_RES_ERROR)) {
*output=0; // reset outputstring
for ( int i=1; i<resp.arg[0]-2; i++) {
sprintf(output+strlen(output),"%02X ",recv[i]);
return 0;
}
- prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_READ},1);
+ prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_READBLOCK},1);
reqlen=c.arg[0];
pagenum=strtol(cmd,NULL,0);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
- if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
- if (!(recv[0] & ISO15_RES_ERROR)) {
+ if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
+ if (!(recv[0] & ISO15693_RES_ERROR)) {
*output=0; // reset outputstring
//sprintf(output, "Block %2i ",blocknum);
for ( int i=1; i<resp.arg[0]-2; i++) {
return 0;
}
- prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_WRITE},1);
+ prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15693_WRITEBLOCK},1);
reqlen=c.arg[0];
// *cmd -> page num ; *cmd2 -> data
if (WaitForResponseTimeout(CMD_ACK,&resp,2000) && resp.arg[0]>2) {
recv = resp.d.asBytes;
- if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
- if (!(recv[0] & ISO15_RES_ERROR)) {
+ if (ISO15693_CRC_CHECK==Crc(recv,resp.arg[0])) {
+ if (!(recv[0] & ISO15693_RES_ERROR)) {
PrintAndLog("OK");
} else {
PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1]));