#include "BigBuf.h"
static bool bQuiet;
-
static bool bCrypto;
static bool bAuthenticating;
static bool bPwd;
static bool bSuccessful;
-
-
struct hitag2_tag {
uint32_t uid;
enum {
return _f20 (x);
}
+// "MIKRON" = O N M I K R
+// Key = 4F 4E 4D 49 4B 52 - Secret 48-bit key
+// Serial = 49 43 57 69 - Serial number of the tag, transmitted in clear
+// Random = 65 6E 45 72 - Random IV, transmitted in clear
+//~28~DC~80~31 = D7 23 7F CE - Authenticator value = inverted first 4 bytes of the keystream
+
+// The code below must print out "D7 23 7F CE 8C D0 37 A9 57 49 C1 E6 48 00 8A B6".
+// The inverse of the first 4 bytes is sent to the tag to authenticate.
+// The rest is encrypted by XORing it with the subsequent keystream.
+
static u32 _hitag2_byte (u64 * x)
{
u32 i, c;
return c;
}
-static int hitag2_reset(void)
-{
+static int hitag2_reset(void) {
tag.state = TAG_STATE_RESET;
tag.crypto_active = 0;
return 0;
}
-static int hitag2_init(void)
-{
-// memcpy(&tag, &resetdata, sizeof(tag));
+static int hitag2_init(void) {
hitag2_reset();
return 0;
}
#define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */
#define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */
-#define HITAG_T_TAG_ONE_HALF_PERIOD 10
-#define HITAG_T_TAG_TWO_HALF_PERIOD 25
-#define HITAG_T_TAG_THREE_HALF_PERIOD 41
-#define HITAG_T_TAG_FOUR_HALF_PERIOD 57
+#define HITAG_T_TAG_ONE_HALF_PERIOD 10
+#define HITAG_T_TAG_TWO_HALF_PERIOD 25
+#define HITAG_T_TAG_THREE_HALF_PERIOD 41
+#define HITAG_T_TAG_FOUR_HALF_PERIOD 57
-#define HITAG_T_TAG_HALF_PERIOD 16
-#define HITAG_T_TAG_FULL_PERIOD 32
+#define HITAG_T_TAG_HALF_PERIOD 16
+#define HITAG_T_TAG_FULL_PERIOD 32
-#define HITAG_T_TAG_CAPTURE_ONE_HALF 13
-#define HITAG_T_TAG_CAPTURE_TWO_HALF 25
+#define HITAG_T_TAG_CAPTURE_ONE_HALF 13
+#define HITAG_T_TAG_CAPTURE_TWO_HALF 25
#define HITAG_T_TAG_CAPTURE_THREE_HALF 41
#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57
if(bit == 0) {
// Zero bit: |_-|
while(AT91C_BASE_TC0->TC_CV < T0*22);
- // SpinDelayUs(16*8);
+
} else {
// One bit: |_--|
while(AT91C_BASE_TC0->TC_CV < T0*28);
- // SpinDelayUs(22*8);
}
LED_A_OFF();
}
*txlen = 32;
memcpy(tx,password,4);
bPwd = true;
- memcpy(tag.sectors[blocknr],rx,4);
- blocknr++;
+ memcpy(tag.sectors[blocknr],rx,4);
+ blocknr++;
} else {
- if(blocknr == 1){
- //store password in block1, the TAG answers with Block3, but we need the password in memory
- memcpy(tag.sectors[blocknr],tx,4);
- }else{
- memcpy(tag.sectors[blocknr],rx,4);
- }
-
- blocknr++;
- if (blocknr > 7) {
- DbpString("Read succesful!");
- bSuccessful = true;
- return false;
- }
- *txlen = 10;
- tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
- tx[1] = ((blocknr^7) << 6);
+ if(blocknr == 1){
+ //store password in block1, the TAG answers with Block3, but we need the password in memory
+ memcpy(tag.sectors[blocknr],tx,4);
+ } else {
+ memcpy(tag.sectors[blocknr],rx,4);
+ }
+
+ blocknr++;
+ if (blocknr > 7) {
+ DbpString("Read succesful!");
+ bSuccessful = true;
+ return false;
+ }
+ *txlen = 10;
+ tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
+ tx[1] = ((blocknr^7) << 6);
}
} break;
bCrypto = false;
}
} else {
- *txlen = 5;
- memcpy(tx,"\xc0",nbytes(*txlen));
- }
+ *txlen = 5;
+ memcpy(tx,"\xc0",nbytes(*txlen));
+ }
} break;
// Received UID, crypto tag answer
hitag2_cipher_transcrypt(&cipher_state,tx+4,4,0);
*txlen = 64;
bCrypto = true;
- bAuthenticating = true;
+ bAuthenticating = true;
} else {
// Check if we received answer tag (at)
if (bAuthenticating) {
- bAuthenticating = false;
+ bAuthenticating = false;
} else {
- // Store the received block
- memcpy(tag.sectors[blocknr],rx,4);
- blocknr++;
+ // Store the received block
+ memcpy(tag.sectors[blocknr],rx,4);
+ blocknr++;
}
if (blocknr > 7) {
- DbpString("Read succesful!");
- bSuccessful = true;
- return false;
+ DbpString("Read succesful!");
+ bSuccessful = true;
+ return false;
}
*txlen = 10;
tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
}
- if(bCrypto) {
- // We have to return now to avoid double encryption
- if (!bAuthenticating) {
- hitag2_cipher_transcrypt(&cipher_state,tx,*txlen/8,*txlen%8);
- }
+ if(bCrypto) {
+ // We have to return now to avoid double encryption
+ if (!bAuthenticating) {
+ hitag2_cipher_transcrypt(&cipher_state, tx, *txlen/8, *txlen%8);
+ }
}
return true;
bCrypto = true;
} else {
DbpString("Authentication succesful!");
- // We are done... for now
- return false;
+ return true;
}
} break;
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf = NULL;
- if (len > FILE_PATH_SIZE)
- len = FILE_PATH_SIZE;
+ if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
if (strlen(filename) > 0) {
}
int CmdLFHitagSnoop(const char *Cmd) {
- UsbCommand c = {CMD_SNOOP_HITAG};
- SendCommand(&c);
- return 0;
+ UsbCommand c = {CMD_SNOOP_HITAG};
+ clearCommandBuffer();
+ SendCommand(&c);
+ return 0;
}
int CmdLFHitagSim(const char *Cmd) {
- UsbCommand c = {CMD_SIMULATE_HITAG};
+ UsbCommand c = {CMD_SIMULATE_HITAG};
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf;
bool tag_mem_supplied;
+
int len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
-
+
if (strlen(filename) > 0) {
if ((pf = fopen(filename,"rb+")) == NULL) {
PrintAndLog("Error: Could not open file [%s]",filename);
}
tag_mem_supplied = true;
if (fread(c.d.asBytes,48,1,pf) == 0) {
- PrintAndLog("Error: File reading error");
- fclose(pf);
+ PrintAndLog("Error: File reading error");
+ fclose(pf);
return 1;
- }
+ }
fclose(pf);
} else {
tag_mem_supplied = false;
}
-
+
// Does the tag comes with memory
c.arg[0] = (uint32_t)tag_mem_supplied;
- SendCommand(&c);
- return 0;
+ clearCommandBuffer();
+ SendCommand(&c);
+ return 0;
}
int CmdLFHitagReader(const char *Cmd) {
-// UsbCommand c = {CMD_READER_HITAG};
-// param_get32ex(Cmd,1,0,16);
+
UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
hitag_data* htd = (hitag_data*)c.d.asBytes;
hitag_function htf = param_get32ex(Cmd,0,0,10);
} break;
case RHT2F_CRYPTO: {
num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
-// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
} break;
case RHT2F_TEST_AUTH_ATTEMPTS: {
// No additional parameters needed
// Copy the hitag2 function into the first argument
c.arg[0] = htf;
- // Send the command to the proxmark
- SendCommand(&c);
-
- UsbCommand resp;
- WaitForResponse(CMD_ACK,&resp);
-
- // Check the return status, stored in the first argument
- if (resp.arg[0] == false) return 1;
-
- uint32_t id = bytes_to_num(resp.d.asBytes,4);
- char filename[256];
- FILE* pf = NULL;
-
- sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
- if ((pf = fopen(filename,"wb")) == NULL) {
- PrintAndLog("Error: Could not open file [%s]",filename);
- return 1;
- }
-
- // Write the 48 tag memory bytes to file and finalize
- fwrite(resp.d.asBytes,1,48,pf);
- fclose(pf);
+ clearCommandBuffer();
+ // Send the command to the proxmark
+ SendCommand(&c);
- PrintAndLog("Succesfully saved tag memory to [%s]",filename);
-
- return 0;
+ UsbCommand resp;
+ WaitForResponse(CMD_ACK,&resp);
+
+ // Check the return status, stored in the first argument
+ if (resp.arg[0] == false) return 1;
+
+ uint32_t id = bytes_to_num(resp.d.asBytes,4);
+ char filename[FILE_PATH_SIZE];
+ FILE* pf = NULL;
+
+ sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
+ if ((pf = fopen(filename,"wb")) == NULL) {
+ PrintAndLog("Error: Could not open file [%s]",filename);
+ return 1;
+ }
+
+ // Write the 48 tag memory bytes to file and finalize
+ fwrite(resp.d.asBytes,1,48,pf);
+ fclose(pf);
+
+ PrintAndLog("Succesfully saved tag memory to [%s]",filename);
+ return 0;
}
-static command_t CommandTable[] =
-{
- {"help", CmdHelp, 1, "This help"},
- {"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
- {"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
- {"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
- {"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
- {NULL, NULL, 0, NULL}
+static command_t CommandTable[] = {
+ {"help", CmdHelp, 1, "This help"},
+ {"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
+ {"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
+ {"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
+ {"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
+ {NULL, NULL, 0, NULL}
};
int CmdLFHitag(const char *Cmd)
{
- CmdsParse(CommandTable, Cmd);
- return 0;
+ CmdsParse(CommandTable, Cmd);
+ return 0;
}
int CmdHelp(const char *Cmd)
{
- CmdsHelp(CommandTable);
- return 0;
+ CmdsHelp(CommandTable);
+ return 0;
}