X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/31b6e9af2beb26d7e78ab5f085f79fbb350e8f90..81cd0474cb4dc85fcc78f70ad238cb684851f75f:/client/cmdhf15.c?ds=sidebyside diff --git a/client/cmdhf15.c b/client/cmdhf15.c index 4fce726d..a13ac4d0 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -1,6 +1,7 @@ //----------------------------------------------------------------------------- // Copyright (C) 2010 iZsh -// Modified 2010 by +// Modified 2010-2012 by +// Modified 2012 by // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -54,24 +55,42 @@ typedef struct { const productName uidmapping[] = { + // UID, #significant Bits, "Vendor(+Product)" + { 0xE001000000000000LL, 16, "Motorola" }, + { 0xE002000000000000LL, 16, "ST Microelectronics" }, + { 0xE003000000000000LL, 16, "Hitachi" }, + { 0xE004000000000000LL, 16, "Philips" }, + { 0xE004010000000000LL, 24, "Philips; IC SL2 ICS20" }, + { 0xE005000000000000LL, 16, "Infineon" }, + { 0xE005400000000000LL, 24, "Infineon; 56x32bit" }, + { 0xE006000000000000LL, 16, "Cylinc" }, { 0xE007000000000000LL, 16, "Texas Instrument; " }, { 0xE007000000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit" }, { 0xE007100000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Chip; 64x32bit" }, + { 0xE007800000000000LL, 23, "Texas Instrument; Tag-it HF-I Plus (RF-HDT-DVBB tag or Third Party Products)" }, { 0xE007C00000000000LL, 23, "Texas Instrument; Tag-it HF-I Standard; 8x32bit" }, { 0xE007C40000000000LL, 23, "Texas Instrument; Tag-it HF-I Pro; 8x23bit; password" }, - { 0xE005000000000000LL, 16, "Infineon" }, - { 0xE005400000000000LL, 24, "Infineon; 56x32bit" }, - { 0xE004000000000000LL, 16, "Philips" }, - { 0xE002000000000000LL, 16, "STMicroelectronics" }, + { 0xE008000000000000LL, 16, "Fujitsu" }, + { 0xE009000000000000LL, 16, "Matsushita" }, + { 0xE00A000000000000LL, 16, "NEC" }, + { 0xE00B000000000000LL, 16, "Oki Electric" }, + { 0xE00C000000000000LL, 16, "Toshiba" }, + { 0xE00D000000000000LL, 16, "Mitsubishi" }, + { 0xE00E000000000000LL, 16, "Samsung" }, + { 0xE00F000000000000LL, 16, "Hyundai" }, + { 0xE010000000000000LL, 16, "LG-Semiconductors" }, + { 0xE012000000000000LL, 16, "HID Corporation" }, { 0xE016000000000000LL, 16, "EM-Marin SA (Skidata)" }, - { 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); no memory" }, + { 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" }, + { 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" }, { 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" }, + { 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" }, { 0,0,"no tag-info available" } // must be the last entry }; -// fast method to just read the UID of an tag (collission detection not supported) -// *buf shouls be large enough to fit the 64bit uid +// fast method to just read the UID of a tag (collission detection not supported) +// *buf should be large enough to fit the 64bit uid // returns 1 if suceeded int getUID(uint8_t *buf) { @@ -134,10 +153,20 @@ static char* getTagInfo(uint8_t *uid) { } -// will return a clear-text message to an errorcode +// return a clear-text message to an errorcode static char* TagErrorStr(uint8_t error) { - // TODO - return NULL; + switch (error) { + case 0x01: return "The command is not supported"; + case 0x02: return "The command is not recognised"; + case 0x03: return "The option is not supported."; + case 0x0f: return "Unknown error."; + case 0x10: return "The specified block is not available (doesn’t exist)."; + case 0x11: return "The specified block is already -locked and thus cannot be locked again"; + case 0x12: return "The specified block is locked and its content cannot be changed."; + case 0x13: return "The specified block was not successfully programmed."; + case 0x14: return "The specified block was not successfully locked."; + default: return "Reserved for Future Use or Custom command error."; + } } @@ -312,7 +341,7 @@ int CmdHF15DumpMem(const char*Cmd) { blocknum++; // PrintAndLog("bn=%i",blocknum); } else { - PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); + PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); return 0; } } // else PrintAndLog("crc"); @@ -324,7 +353,7 @@ int CmdHF15DumpMem(const char*Cmd) { else if (r && ISO15_CRC_CHECK!=Crc(r->d.asBytes,r->arg[0])) PrintAndLog("CRC Failed"); else - PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); + PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); return 0; } @@ -421,6 +450,7 @@ int CmdHF15CmdRaw (const char *cmd) { int i=0; uint8_t data[100]; unsigned int datalen=0, temp; + char *hexout; if (strlen(cmd)<3) { @@ -490,7 +520,14 @@ int CmdHF15CmdRaw (const char *cmd) { if (r!=NULL) { recv = r->d.asBytes; PrintAndLog("received %i octets",r->arg[0]); - // TODO: output + hexout = (char *)malloc(r->arg[0] * 3 + 1); + if (hexout != NULL) { + for (int i = 0; i < r->arg[0]; i++) { // data in hex + sprintf(&hexout[i * 3], "%02hX ", recv[i]); + } + PrintAndLog("%s", hexout); + free(hexout); + } } else { PrintAndLog("timeout while waiting for reply."); } @@ -500,6 +537,11 @@ int CmdHF15CmdRaw (const char *cmd) { } +/** + * parses common HF 15 CMD parameters and prepares some data structures + * Parameters: + * **cmd command line + */ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) { int temp; uint8_t *req=c->d.asBytes, uid[8]; @@ -509,7 +551,7 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle while (**cmd==' ' || **cmd=='\t') (*cmd)++; if (strstr(*cmd,"-2")==*cmd) { - c->arg[1]=0; // quse 1of256 + c->arg[1]=0; // use 1of256 (*cmd)+=2; } @@ -546,6 +588,7 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle reqlen+=iso15cmdlen; break; case '*': + // we scan for the UID ourself req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen); @@ -587,8 +630,181 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle return 1; } +/** + * Commandline handling: HF15 CMD SYSINFO + * get system information from tag/VICC + */ +int CmdHF15CmdSysinfo(const char *Cmd) { + UsbCommand *r; + uint8_t *recv; + UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv? + uint8_t *req=c.d.asBytes; + int reqlen=0; + char cmdbuf[100]; + char *cmd=cmdbuf; + char output[2048]=""; + int i; + + strncpy(cmd,Cmd,99); + + // usage: + if (strlen(cmd)<1) { + PrintAndLog("Usage: hf 15 cmd sysinfo [options] "); + PrintAndLog(" options:"); + PrintAndLog(" -2 use slower '1 out of 256' mode"); + PrintAndLog(" uid (either): "); + PrintAndLog(" <8B hex> full UID eg E011223344556677"); + PrintAndLog(" s selected tag"); + PrintAndLog(" u unaddressed mode"); + PrintAndLog(" * scan for tag"); + PrintAndLog(" start#: page number to start 0-255"); + PrintAndLog(" count#: number of pages"); + return 0; + } + + prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_SYSINFO},1); + reqlen=c.arg[0]; + + reqlen=AddCrc(req,reqlen); + c.arg[0]=reqlen; + + SendCommand(&c); + + r=WaitForResponseTimeout(CMD_ACK,1000); + + if (r!=NULL && r->arg[0]>2) { + recv = r->d.asBytes; + if (ISO15_CRC_CHECK==Crc(recv,r->arg[0])) { + if (!(recv[0] & ISO15_RES_ERROR)) { + *output=0; // reset outputstring + for ( i=1; iarg[0]-2; i++) { + sprintf(output+strlen(output),"%02hX ",recv[i]); + } + strcat(output,"\n\r"); + strcat(output,"UID = "); + strcat(output,sprintUID(NULL,recv+2)); + strcat(output,"\n\r"); + strcat(output,getTagInfo(recv+2)); //ABC + strcat(output,"\n\r"); + i=10; + if (recv[1] & 0x01) + sprintf(output+strlen(output),"DSFID supported, set to %02hX\n\r",recv[i++]); + else + strcat(output,"DSFID not supported\n\r"); + if (recv[1] & 0x02) + sprintf(output+strlen(output),"AFI supported, set to %03hX\n\r",recv[i++]); + else + strcat(output,"AFI not supported\n\r"); + if (recv[1] & 0x04) { + strcat(output,"Tag provides info on memory layout (vendor dependent)\n\r"); + sprintf(output+strlen(output)," %i (or %i) bytes/page x %i pages \n\r", + (recv[i+1]&0x1F)+1, (recv[i+1]&0x1F), recv[i]+1); + i+=2; + } else + strcat(output,"Tag does not provide information on memory layout\n\r"); + if (recv[1] & 0x08) sprintf(output+strlen(output),"IC reference given: %02hX\n\r",recv[i++]); + else strcat(output,"IC reference not given\n\r"); + + + PrintAndLog("%s",output); + } else { + PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); + } + } else { + PrintAndLog("CRC failed"); + } + } else { + PrintAndLog("timeout: no answer"); + } + + return 0; +} + +/** + * Commandline handling: HF15 CMD READMULTI + * Read multiple blocks at once (not all tags support this) + */ +int CmdHF15CmdReadmulti(const char *Cmd) { + UsbCommand *r; + uint8_t *recv; + UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv? + uint8_t *req=c.d.asBytes; + int reqlen=0, pagenum,pagecount; + char cmdbuf[100]; + char *cmd=cmdbuf; + char output[2048]=""; + + strncpy(cmd,Cmd,99); + + // usage: + if (strlen(cmd)<3) { + PrintAndLog("Usage: hf 15 cmd readmulti [options] "); + PrintAndLog(" options:"); + PrintAndLog(" -2 use slower '1 out of 256' mode"); + PrintAndLog(" uid (either): "); + PrintAndLog(" <8B hex> full UID eg E011223344556677"); + PrintAndLog(" s selected tag"); + PrintAndLog(" u unaddressed mode"); + PrintAndLog(" * scan for tag"); + PrintAndLog(" start#: page number to start 0-255"); + PrintAndLog(" count#: number of pages"); + return 0; + } + + prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_READMULTI},1); + reqlen=c.arg[0]; + + pagenum=strtol(cmd,NULL,0); + + // skip to next space + while (*cmd!=' ' && *cmd!='\t') cmd++; + // skip over the space + while (*cmd==' ' || *cmd=='\t') cmd++; + pagecount=strtol(cmd,NULL,0); + if (pagecount>0) pagecount--; // 0 means 1 page, 1 means 2 pages, ... + + req[reqlen++]=(uint8_t)pagenum; + req[reqlen++]=(uint8_t)pagecount; + + reqlen=AddCrc(req,reqlen); + + c.arg[0]=reqlen; + + SendCommand(&c); + r=WaitForResponseTimeout(CMD_ACK,1000); + + if (r!=NULL && r->arg[0]>2) { + recv = r->d.asBytes; + if (ISO15_CRC_CHECK==Crc(recv,r->arg[0])) { + if (!(recv[0] & ISO15_RES_ERROR)) { + *output=0; // reset outputstring + for ( int i=1; iarg[0]-2; i++) { + sprintf(output+strlen(output),"%02hX ",recv[i]); + } + strcat(output," "); + for ( int i=1; iarg[0]-2; i++) { + sprintf(output+strlen(output),"%c",recv[i]>31 && recv[i]<127?recv[i]:'.'); + } + PrintAndLog("%s",output); + } else { + PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); + } + } else { + PrintAndLog("CRC failed"); + } + } else { + PrintAndLog("no answer"); + } + + return 0; +} + +/** + * Commandline handling: HF15 CMD READ + * Reads a single Block + */ int CmdHF15CmdRead(const char *Cmd) { UsbCommand *r; uint8_t *recv; @@ -603,7 +819,7 @@ int CmdHF15CmdRead(const char *Cmd) { // usage: if (strlen(cmd)<3) { - PrintAndLog("Usage: hf 15 cmd read [options] "); + PrintAndLog("Usage: hf 15 cmd read [options] "); PrintAndLog(" options:"); PrintAndLog(" -2 use slower '1 out of 256' mode"); PrintAndLog(" uid (either): "); @@ -644,12 +860,12 @@ int CmdHF15CmdRead(const char *Cmd) { sprintf(output+strlen(output),"%02hX ",recv[i]); } strcat(output," "); - for ( int i=2; iarg[0]-2; i++) { - sprintf(output+strlen(output),"%c",recv[i]>31 || recv[i]<127?recv[i]:'.'); + for ( int i=1; iarg[0]-2; i++) { + sprintf(output+strlen(output),"%c",recv[i]>31 && recv[i]<127?recv[i]:'.'); } PrintAndLog("%s",output); } else { - PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); + PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); } } else { PrintAndLog("CRC failed"); @@ -662,6 +878,10 @@ int CmdHF15CmdRead(const char *Cmd) { } +/** + * Commandline handling: HF15 CMD WRITE + * Writes a single Block - might run into timeout, even when successful + */ int CmdHF15CmdWrite(const char *Cmd) { UsbCommand *r; uint8_t *recv; @@ -676,7 +896,7 @@ int CmdHF15CmdWrite(const char *Cmd) { // usage: if (strlen(cmd)<3) { - PrintAndLog("Usage: hf 15 cmd write [options] "); + PrintAndLog("Usage: hf 15 cmd write [options] "); PrintAndLog(" options:"); PrintAndLog(" -2 use slower '1 out of 256' mode"); PrintAndLog(" -o set OPTION Flag (needed for TI)"); @@ -731,13 +951,13 @@ int CmdHF15CmdWrite(const char *Cmd) { if (!(recv[0] & ISO15_RES_ERROR)) { PrintAndLog("OK"); } else { - PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); + PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); } } else { PrintAndLog("CRC failed"); } } else { - PrintAndLog("no answer"); + PrintAndLog("timeout: no answer - data may be written anyway"); } return 0; @@ -754,9 +974,8 @@ static command_t CommandTable15Cmd[] = */ {"read", CmdHF15CmdRead, 0, "Read a block"}, {"write", CmdHF15CmdWrite, 0, "Write a block"}, -/* {"readmulti",CmdHF15CmdReadmulti, 0, "Reads multiple Blocks"}, -*/ + {"sysinfo",CmdHF15CmdSysinfo, 0, "Get Card Information"}, {"raw", CmdHF15CmdRaw, 0, "Send raw hex data to tag"}, {"debug", CmdHF15CmdDebug, 0, "Turn debugging on/off"}, {NULL, NULL, 0, NULL}