X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/97d582a69235c88c8f30a88193769dbddb74e9b1..a015ef37330ddd44c9a2d820e1def6545d4dea8d:/client/cmdlfhitag.c

diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c
index 32d38aeb..84fb5458 100644
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@@ -8,18 +8,19 @@
 // Low frequency Hitag support
 //-----------------------------------------------------------------------------
 
+#include "cmdlfhitag.h"
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "data.h"
-//#include "proxusb.h"
-#include "proxmark3.h"
+#include "comms.h"
 #include "ui.h"
 #include "cmdparser.h"
 #include "common.h"
 #include "util.h"
+#include "parity.h"
 #include "hitag2.h"
-#include "sleep.h"
+#include "hitagS.h"
 #include "cmdmain.h"
 
 static int CmdHelp(const char *Cmd);
@@ -30,94 +31,142 @@ size_t nbytes(size_t nbits) {
 
 int CmdLFHitagList(const char *Cmd)
 {
-  uint8_t got[3000];
-  GetFromBigBuf(got,sizeof(got),0);
-  WaitForResponse(CMD_ACK,NULL);
-
-  PrintAndLog("recorded activity:");
-  PrintAndLog(" ETU     :nbits: who bytes");
-  PrintAndLog("---------+-----+----+-----------");
-
-  int i = 0;
-  int prev = -1;
-
-  for (;;) {
-    if(i >= 1900) {
-      break;
-    }
-
-    bool isResponse;
-    int timestamp = *((uint32_t *)(got+i));
-    if (timestamp & 0x80000000) {
-      timestamp &= 0x7fffffff;
-      isResponse = 1;
-    } else {
-      isResponse = 0;
-    }
-
-    int parityBits = *((uint32_t *)(got+i+4));
-    // 4 bytes of additional information...
-    // maximum of 32 additional parity bit information
-    //
-    // TODO:
-    // at each quarter bit period we can send power level (16 levels)
-    // or each half bit period in 256 levels.
-
-    int bits = got[i+8];
-    int len = nbytes(got[i+8]);
-
-    if (len > 100) {
-      break;
-    }
-    if (i + len >= 1900) {
-      break;
-    }
-
-    uint8_t *frame = (got+i+9);
-
-    // Break and stick with current result if buffer was not completely full
-    if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
-
-    char line[1000] = "";
-    int j;
-    for (j = 0; j < len; j++) {
-      int oddparity = 0x01;
-      int k;
-
-      for (k=0;k<8;k++) {
-        oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
-      }
-
-      //if((parityBits >> (len - j - 1)) & 0x01) {
-      if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
-        sprintf(line+(j*4), "%02x!  ", frame[j]);
-      }
-      else {
-        sprintf(line+(j*4), "%02x   ", frame[j]);
-      }
-    }
-
-    PrintAndLog(" +%7d:  %3d: %s %s",
-      (prev < 0 ? 0 : (timestamp - prev)),
-      bits,
-      (isResponse ? "TAG" : "   "),
-      line);
-
-
-//   if (pf) {
-//      fprintf(pf," +%7d:  %3d: %s %s\n",
-//					(prev < 0 ? 0 : (timestamp - prev)),
-//					bits,
-//					(isResponse ? "TAG" : "   "),
-//					line);
-//    }
+ 	uint8_t *got = malloc(USB_CMD_DATA_SIZE);
+	// Query for the actual size of the trace
+	UsbCommand response;
+	GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0, &response, -1, false);
+	uint16_t traceLen = response.arg[2];
+	if (traceLen > USB_CMD_DATA_SIZE) {
+		uint8_t *p = realloc(got, traceLen);
+		if (p == NULL) {
+			PrintAndLog("Cannot allocate memory for trace");
+			free(got);
+			return 2;
+		}
+		got = p;
+		GetFromBigBuf(got, traceLen, 0, NULL, -1, false);
+	}
 	
-    prev = timestamp;
-    i += (len + 9);
-  }
+	PrintAndLog("recorded activity (TraceLen = %d bytes):");
+	PrintAndLog(" ETU     :nbits: who bytes");
+	PrintAndLog("---------+-----+----+-----------");
+
+	int j;
+	int i = 0;
+	int prev = -1;
+	int len = strlen(Cmd);
+
+	char filename[FILE_PATH_SIZE]  = { 0x00 };
+	FILE* pf = NULL;
+  	
+	if (len > FILE_PATH_SIZE) 
+		len = FILE_PATH_SIZE;
+	memcpy(filename, Cmd, len);
+   
+	if (strlen(filename) > 0) {
+		if ((pf = fopen(filename,"wb")) == NULL) {
+			PrintAndLog("Error: Could not open file [%s]",filename);
+			free(got);
+			return 1;
+		}
+	}
+
+	for (;;) {
   
+		if(i > traceLen) { break; }
+
+		bool isResponse;
+		int timestamp = *((uint32_t *)(got+i));
+		if (timestamp & 0x80000000) {
+			timestamp &= 0x7fffffff;
+			isResponse = 1;
+		} else {
+			isResponse = 0;
+		}
 
-  return 0;
+		int parityBits = *((uint32_t *)(got+i+4));
+		// 4 bytes of additional information...
+		// maximum of 32 additional parity bit information
+		//
+		// TODO:
+		// at each quarter bit period we can send power level (16 levels)
+		// or each half bit period in 256 levels.
+
+		int bits = got[i+8];
+		int len = nbytes(bits);
+
+		if (len > 100) {
+		  break;
+		}
+		if (i + len > traceLen) { break;}
+
+		uint8_t *frame = (got+i+9);
+/*
+		int fillupBits = 8 - (bits % 8);
+		byte_t framefilled[bits+fillupBits];
+		byte_t* ff = framefilled;
+		
+		int response_bit[200] = {0};
+		int z = 0;
+		for (int y = 0; y < len; y++) {
+			for (j = 0; j < 8; j++) {
+				response_bit[z] = 0;
+				if ((frame[y] & ((mask << 7) >> j)) != 0)
+					response_bit[z] = 1;
+				z++;
+			}
+		}
+		z = 0;
+		for (int y = 0; y < len; y++) {
+			ff[y] = (response_bit[z] << 7) | (response_bit[z + 1] << 6)
+					| (response_bit[z + 2] << 5) | (response_bit[z + 3] << 4)
+					| (response_bit[z + 4] << 3) | (response_bit[z + 5] << 2)
+					| (response_bit[z + 6] << 1) | response_bit[z + 7];
+			z += 8;
+		}
+*/
+
+
+
+
+		// Break and stick with current result if buffer was not completely full
+		if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
+
+		char line[1000] = "";
+		for (j = 0; j < len; j++) {
+		  //if((parityBits >> (len - j - 1)) & 0x01) {
+		  if (isResponse && (oddparity8(frame[j]) != ((parityBits >> (len - j - 1)) & 0x01))) {
+			sprintf(line+(j*4), "%02x!  ", frame[j]);
+		  } else {
+			sprintf(line+(j*4), "%02x   ", frame[j]);
+		  }
+		}
+
+		PrintAndLog(" +%7d:  %3d: %s %s",
+			(prev < 0 ? 0 : (timestamp - prev)),
+			bits,
+			(isResponse ? "TAG" : "   "),
+			line);
+
+		if (pf) {
+			fprintf(pf," +%7d:  %3d: %s %s\n",
+				(prev < 0 ? 0 : (timestamp - prev)),
+				bits,
+				(isResponse ? "TAG" : "   "),
+				line);
+		}
+		
+		prev = timestamp;
+		i += (len + 9);
+	}
+  
+	if (pf) {
+		fclose(pf);
+		PrintAndLog("Recorded activity succesfully written to file: %s", filename);
+	}
+
+	free(got);
+	return 0;
 }
 
 int CmdLFHitagSnoop(const char *Cmd) {
@@ -127,12 +176,14 @@ int CmdLFHitagSnoop(const char *Cmd) {
 }
 
 int CmdLFHitagSim(const char *Cmd) {
+    
   UsbCommand c = {CMD_SIMULATE_HITAG};
-	char filename[256] = { 0x00 };
+	char filename[FILE_PATH_SIZE] = { 0x00 };
 	FILE* pf;
 	bool tag_mem_supplied;
-
-	param_getstr(Cmd,0,filename);
+	int len = strlen(Cmd);
+	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+	memcpy(filename, Cmd, len);
 	
 	if (strlen(filename) > 0) {
 		if ((pf = fopen(filename,"rb+")) == NULL) {
@@ -140,11 +191,11 @@ int CmdLFHitagSim(const char *Cmd) {
 			return 1;
 		}
 		tag_mem_supplied = true;
-		if (fread(c.d.asBytes,48,1,pf) == 0) {
-      PrintAndLog("Error: File reading error");
-      fclose(pf);
+		if (fread(c.d.asBytes,1,48,pf) != 48) {
+			PrintAndLog("Error: File reading error");
+			fclose(pf);
 			return 1;
-    }
+		}
 		fclose(pf);
 	} else {
 		tag_mem_supplied = false;
@@ -158,14 +209,37 @@ int CmdLFHitagSim(const char *Cmd) {
 }
 
 int CmdLFHitagReader(const char *Cmd) {
-//  UsbCommand c = {CMD_READER_HITAG};
-	
-//	param_get32ex(Cmd,1,0,16);
 	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
 	hitag_data* htd = (hitag_data*)c.d.asBytes;
 	hitag_function htf = param_get32ex(Cmd,0,0,10);
 	
 	switch (htf) {
+		case 01: { //RHTSF_CHALLENGE
+			c = (UsbCommand){ CMD_READ_HITAG_S };
+			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
+			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
+			c.arg[1] = param_get64ex(Cmd,3,0,0); //firstpage
+			c.arg[2] = param_get64ex(Cmd,4,0,0); //tag mode
+		} break;
+		case 02: { //RHTSF_KEY
+			c = (UsbCommand){ CMD_READ_HITAG_S };
+			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+			c.arg[1] = param_get64ex(Cmd,2,0,0); //firstpage
+			c.arg[2] = param_get64ex(Cmd,3,0,0); //tag mode
+		} break;
+		case 03: { //RHTSF_CHALLENGE BLOCK
+			c = (UsbCommand){ CMD_READ_HITAG_S_BLK };
+			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
+			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
+			c.arg[1] = param_get64ex(Cmd,3,0,0); //firstpage
+			c.arg[2] = param_get64ex(Cmd,4,0,0); //tag mode
+		} break;
+		case 04: { //RHTSF_KEY BLOCK
+			c = (UsbCommand){ CMD_READ_HITAG_S_BLK };
+			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+			c.arg[1] = param_get64ex(Cmd,2,0,0); //firstpage
+			c.arg[2] = param_get64ex(Cmd,3,0,0); //tag mode
+		} break;
 		case RHT2F_PASSWORD: {
 			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
 		} break;
@@ -175,21 +249,32 @@ int CmdLFHitagReader(const char *Cmd) {
 		} break;
 		case RHT2F_CRYPTO: {
 			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
-//			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
+			//			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
 		} break;
 		case RHT2F_TEST_AUTH_ATTEMPTS: {
 			// No additional parameters needed
 		} break;
+		case RHT2F_UID_ONLY: {
+			// No additional parameters needed
+		} break;
 		default: {
-			PrintAndLog("Error: unkown reader function %d",htf);
-			PrintAndLog("Hitag reader functions");
+			PrintAndLog("\nError: unkown reader function %d",htf);
+			PrintAndLog("");
+			PrintAndLog("Usage: hitag reader <Reader Function #>");
+			PrintAndLog("Reader Functions:");
 			PrintAndLog(" HitagS (0*)");
+			PrintAndLog("  01 <nr> <ar> (Challenge) <firstPage> <tagmode> read all pages from a Hitag S tag");
+			PrintAndLog("  02 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all pages from a Hitag S tag");
+			PrintAndLog("  03 <nr> <ar> (Challenge) <firstPage> <tagmode> read all blocks from a Hitag S tag");
+			PrintAndLog("  04 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all blocks from a Hitag S tag");
+			PrintAndLog("  Valid tagmodes are 0=STANDARD, 1=ADVANCED, 2=FAST_ADVANCED (default is ADVANCED)");
 			PrintAndLog(" Hitag1 (1*)");
 			PrintAndLog(" Hitag2 (2*)");
 			PrintAndLog("  21 <password> (password mode)");
 			PrintAndLog("  22 <nr> <ar> (authentication)");
 			PrintAndLog("  23 <key> (authentication) key is in format: ISK high + ISK low");
 			PrintAndLog("  25 (test recorded authentications)");
+			PrintAndLog("  26 just read UID");
 			return 1;
 		} break;
 	}
@@ -197,6 +282,142 @@ int CmdLFHitagReader(const char *Cmd) {
 	// Copy the hitag2 function into the first argument
 	c.arg[0] = htf;
 
+	// Send the command to the proxmark
+	clearCommandBuffer();
+	SendCommand(&c);
+
+	UsbCommand resp;
+	WaitForResponse(CMD_ACK,&resp);
+
+	// Check the return status, stored in the first argument
+	if (resp.arg[0] == false) return 1;
+	
+	uint32_t id = bytes_to_num(resp.d.asBytes,4);
+		
+	if (htf == RHT2F_UID_ONLY){
+		PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
+	} else {
+		char filename[256];
+		FILE* pf = NULL;
+
+		sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
+		if ((pf = fopen(filename,"wb")) == NULL) {
+		  PrintAndLog("Error: Could not open file [%s]",filename);
+		  return 1;
+		}
+
+		// Write the 48 tag memory bytes to file and finalize
+		fwrite(resp.d.asBytes,1,48,pf);
+		fclose(pf);
+
+		PrintAndLog("Succesfully saved tag memory to [%s]",filename);
+	}
+
+
+	return 0;
+}
+
+
+int CmdLFHitagSimS(const char *Cmd) {
+	UsbCommand c = { CMD_SIMULATE_HITAG_S };
+	char filename[FILE_PATH_SIZE] = { 0x00 };
+	FILE* pf;
+	bool tag_mem_supplied;
+	int len = strlen(Cmd);
+	if (len > FILE_PATH_SIZE)
+		len = FILE_PATH_SIZE;
+	memcpy(filename, Cmd, len);
+
+	if (strlen(filename) > 0) {
+		if ((pf = fopen(filename, "rb+")) == NULL) {
+			PrintAndLog("Error: Could not open file [%s]", filename);
+			return 1;
+		}
+		tag_mem_supplied = true;
+		if (fread(c.d.asBytes, 1, 4*64, pf) != 4*64) {
+			PrintAndLog("Error: File reading error");
+			fclose(pf);
+			return 1;
+		}
+		fclose(pf);
+	} else {
+		tag_mem_supplied = false;
+	}
+
+	// Does the tag comes with memory
+	c.arg[0] = (uint32_t) tag_mem_supplied;
+
+	SendCommand(&c);
+	return 0;
+}
+
+int CmdLFHitagCheckChallenges(const char *Cmd) {
+	UsbCommand c = { CMD_TEST_HITAGS_TRACES };
+	char filename[FILE_PATH_SIZE] = { 0x00 };
+	FILE* pf;
+	bool file_given;
+	int len = strlen(Cmd);
+	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+	memcpy(filename, Cmd, len);
+	
+	if (strlen(filename) > 0) {
+		if ((pf = fopen(filename,"rb+")) == NULL) {
+			PrintAndLog("Error: Could not open file [%s]",filename);
+			return 1;
+		}
+		file_given = true;
+		if (fread(c.d.asBytes,1,8*60,pf) != 8*60) {
+			PrintAndLog("Error: File reading error");
+			fclose(pf);
+			return 1;
+        }
+		fclose(pf);
+	} else {
+		file_given = false;
+	}
+	
+	//file with all the challenges to try
+	c.arg[0] = (uint32_t)file_given;
+	c.arg[1] = param_get64ex(Cmd,2,0,0); //get mode
+
+  SendCommand(&c);
+  return 0;
+}
+
+
+int CmdLFHitagWP(const char *Cmd) {
+	UsbCommand c = { CMD_WR_HITAG_S };
+	hitag_data* htd = (hitag_data*)c.d.asBytes;
+	hitag_function htf = param_get32ex(Cmd,0,0,10);
+	switch (htf) {
+		case 03: { //WHTSF_CHALLENGE
+			num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
+			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
+			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
+		} break;
+		case 04:
+		case 24:
+		{ //WHTSF_KEY
+			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
+			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
+
+		} break;
+		default: {
+			PrintAndLog("Error: unkown writer function %d",htf);
+			PrintAndLog("Hitag writer functions");
+			PrintAndLog(" HitagS (0*)");
+			PrintAndLog("  03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog("  04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog(" Hitag1 (1*)");
+			PrintAndLog(" Hitag2 (2*)");
+			PrintAndLog("  24 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
+			return 1;
+		} break;
+	}
+	// Copy the hitag function into the first argument
+	c.arg[0] = htf;
+
   // Send the command to the proxmark
   SendCommand(&c);
   
@@ -205,44 +426,31 @@ int CmdLFHitagReader(const char *Cmd) {
   
   // Check the return status, stored in the first argument
   if (resp.arg[0] == false) return 1;
-    
-  uint32_t id = bytes_to_num(resp.d.asBytes,4);
-  char filename[256];
-  FILE* pf = NULL;
-
-  sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
-  if ((pf = fopen(filename,"wb")) == NULL) {
-    PrintAndLog("Error: Could not open file [%s]",filename);
-    return 1;
-  }
-  
-  // Write the 48 tag memory bytes to file and finalize
-  fwrite(resp.d.asBytes,1,48,pf);
-  fclose(pf);
-
-  PrintAndLog("Succesfully saved tag memory to [%s]",filename);
-  
   return 0;
 }
 
-static command_t CommandTableHitag[] = 
+
+static command_t CommandTable[] = 
 {
-  {"help",    CmdHelp,           1, "This help"},
-  {"list",    CmdLFHitagList,    1, "List Hitag trace history"},
-  {"reader",  CmdLFHitagReader,  1, "Act like a Hitag Reader"},
-  {"sim",     CmdLFHitagSim,     1, "Simulate Hitag transponder"},
-  {"snoop",   CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
-		{NULL, NULL, 0, NULL}
+  {"help",    		CmdHelp,           1, "This help"},
+  {"list",    		CmdLFHitagList,    1, "<outfile> List Hitag trace history"},
+  {"reader",  		CmdLFHitagReader,  1, "Act like a Hitag Reader"},
+  {"sim",     		CmdLFHitagSim,     1, "<infile> Simulate Hitag transponder"},
+  {"snoop",   		CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
+  {"writer",   		CmdLFHitagWP,      1, "Act like a Hitag Writer" },
+  {"simS",   		CmdLFHitagSimS,    1, "<hitagS.hts> Simulate HitagS transponder" }, 
+  {"checkChallenges",	CmdLFHitagCheckChallenges,   1, "<challenges.cc> <tagmode> test all challenges" }, {
+				NULL,NULL, 0, NULL }
 };
 
 int CmdLFHitag(const char *Cmd)
 {
-  CmdsParse(CommandTableHitag, Cmd);
+  CmdsParse(CommandTable, Cmd);
   return 0;
 }
 
 int CmdHelp(const char *Cmd)
 {
-  CmdsHelp(CommandTableHitag);
+  CmdsHelp(CommandTable);
   return 0;
 }