ADD: added a manufacturer list for hf 14a reader, only viable when UID is double or triple size. Thanks to Asper for the list.
ADD: Some changes from Holimans commits.
CHG: some more code clean up.
#include "string.h"
#include <stdarg.h>
-
#include "legicrf.h"
#include "../include/hitag2.h"
// different initial value (CRC_ICLASS)
#include "../common/iso14443crc.h"
#include "../common/iso15693tools.h"
-#include "iso15693tools.h"
+//#include "iso15693tools.h"
static int timeout = 4096;
ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);
// Receive the SAK
- if (!ReaderReceive(resp, resp_par)){
- return 0;
- }
-
-
+ if (!ReaderReceive(resp, resp_par)) return 0;
sak = resp[0];
// Test if more parts of the uid are coming
#include "string.h"
#include "../common/iso15693tools.h"
#include "../common/cmd.h"
-#include "crapto1.h"
-#include "mifareutil.h"
+
#define arraylen(x) (sizeof(x)/sizeof((x)[0]))
// every other is Q. We just want power, so abs(I) + abs(Q) is
// close to what we want.
if (getNext) {
+ int8_t r;
+
+ if(b < 0) {
+ r = -b;
+ } else {
+ r = b;
+ }
+ if(prev < 0) {
+ r -= prev;
+ } else {
+ r += prev;
+ }
- dest[c++] = abs(b) + abs(prev);
+ dest[c++] = (uint8_t)r;
if(c >= 20000) {
break;
LDLIBS = -L/mingw/lib -L/opt/local/lib -L/usr/local/lib ../liblua/liblua.a -lm -lreadline -lpthread -lcrypto -lgdi32
LDFLAGS = $(COMMON_FLAGS)
-CFLAGS = -std=c99 -I. -I../include -I../common -I/mingw/include -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4 $(ICE_FLAGS)
+CFLAGS = -std=c99 -I. -I../include -I../common -I/mingw/include -I/opt/local/include -I../liblua -Wall $(COMMON_FLAGS) -g -O4
LUAPLATFORM = generic
ifneq (,$(findstring MINGW,$(platform)))
static int CmdHelp(const char *Cmd);
static void waitCmd(uint8_t iLen);
-int CmdHF14AList(const char *Cmd)
-{
- bool ShowWaitCycles = false;
- char param = param_getchar(Cmd, 0);
-
- if (param == 'h' || (param != 0 && param != 'f')) {
- PrintAndLog("List data in trace buffer.");
- PrintAndLog("Usage: hf 14a list [f]");
- PrintAndLog("f - show frame delay times as well");
- PrintAndLog("sample: hf 14a list f");
- return 0;
- }
-
- ShowWaitCycles = (param == 'f');
-
-// for the time being. Need better Bigbuf handling.
-#define TRACE_SIZE 3000
-
- uint8_t trace[TRACE_SIZE];
- GetFromBigBuf(trace, TRACE_SIZE, 0);
- WaitForResponse(CMD_ACK,NULL);
-
- PrintAndLog("Recorded Activity");
- PrintAndLog("");
- PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer");
- PrintAndLog("All times are in carrier periods (1/13.56Mhz)");
- PrintAndLog("");
- PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC ");
- PrintAndLog("-----------|-----------|-----|-----------------------------------------------------------------------");
-
- uint16_t tracepos = 0;
- uint16_t duration;
- uint16_t data_len;
- uint16_t parity_len;
- bool isResponse;
- uint32_t timestamp;
- uint32_t first_timestamp;
- uint32_t EndOfTransmissionTimestamp;
-
- for (;;) {
-
- if(tracepos >= TRACE_SIZE) break;
-
- timestamp = *((uint32_t *)(trace + tracepos));
-
- // Break and stick with current result if buffer was not completely full
- if (timestamp == 0x44444444) break;
- if(tracepos == 0) {
- first_timestamp = timestamp;
- }
-
- tracepos += 4;
- duration = *((uint16_t *)(trace + tracepos));
- tracepos += 2;
- data_len = *((uint16_t *)(trace + tracepos));
- tracepos += 2;
-
- isResponse = false;
- if (data_len & 0x8000) {
- data_len &= 0x7fff;
- isResponse = true;
- }
-
- parity_len = (data_len-1)/8 + 1;
-
- if (tracepos + data_len + parity_len >= TRACE_SIZE) break;
+// structure and database for uid -> tagtype lookups
+typedef struct {
+ uint8_t uid;
+ char* desc;
+} manufactureName;
+
+const manufactureName manufactureMapping[] = {
+ // ID, "Vendor Country"
+ { 0x01, "Motorola UK" },
+ { 0x02, "ST Microelectronics SA France" },
+ { 0x03, "Hitachi, Ltd Japan" },
+ { 0x04, "NXP Semiconductors Germany" },
+ { 0x05, "Infineon Technologies AG Germany" },
+ { 0x06, "Cylink USA" },
+ { 0x07, "Texas Instrument France" },
+ { 0x08, "Fujitsu Limited Japan" },
+ { 0x09, "Matsushita Electronics Corporation, Semiconductor Company Japan" },
+ { 0x0A, "NEC Japan" },
+ { 0x0B, "Oki Electric Industry Co. Ltd Japan" },
+ { 0x0C, "Toshiba Corp. Japan" },
+ { 0x0D, "Mitsubishi Electric Corp. Japan" },
+ { 0x0E, "Samsung Electronics Co. Ltd Korea" },
+ { 0x0F, "Hynix / Hyundai, Korea" },
+ { 0x10, "LG-Semiconductors Co. Ltd Korea" },
+ { 0x11, "Emosyn-EM Microelectronics USA" },
+ { 0x12, "INSIDE Technology France" },
+ { 0x13, "ORGA Kartensysteme GmbH Germany" },
+ { 0x14, "SHARP Corporation Japan" },
+ { 0x15, "ATMEL France" },
+ { 0x16, "EM Microelectronic-Marin SA Switzerland" },
+ { 0x17, "KSW Microtec GmbH Germany" },
+ { 0x18, "ZMD AG Germany" },
+ { 0x19, "XICOR, Inc. USA" },
+ { 0x1A, "Sony Corporation Japan Identifier Company Country" },
+ { 0x1B, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" },
+ { 0x1C, "Emosyn USA" },
+ { 0x1D, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" },
+ { 0x1E, "Magellan Technology Pty Limited Australia" },
+ { 0x1F, "Melexis NV BO Switzerland" },
+ { 0x20, "Renesas Technology Corp. Japan" },
+ { 0x21, "TAGSYS France" },
+ { 0x22, "Transcore USA" },
+ { 0x23, "Shanghai belling corp., ltd. China" },
+ { 0x24, "Masktech Germany Gmbh Germany" },
+ { 0x25, "Innovision Research and Technology Plc UK" },
+ { 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" },
+ { 0x27, "Cypak AB Sweden" },
+ { 0x28, "Ricoh Japan" },
+ { 0x29, "ASK France" },
+ { 0x2A, "Unicore Microsystems, LLC Russian Federation" },
+ { 0x2B, "Dallas Semiconductor/Maxim USA" },
+ { 0x2C, "Impinj, Inc. USA" },
+ { 0x2D, "RightPlug Alliance USA" },
+ { 0x2E, "Broadcom Corporation USA" },
+ { 0x2F, "MStar Semiconductor, Inc Taiwan, ROC" },
+ { 0x30, "BeeDar Technology Inc. USA" },
+ { 0x31, "RFIDsec Denmark" },
+ { 0x32, "Schweizer Electronic AG Germany" },
+ { 0x33, "AMIC Technology Corp Taiwan" },
+ { 0x34, "Mikron JSC Russia" },
+ { 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" },
+ { 0x36, "IDS Microchip AG Switzerland" },
+ { 0x37, "Kovio USA" },
+ { 0x38, "HMT Microelectronic Ltd Switzerland Identifier Company Country" },
+ { 0x39, "Silicon Craft Technology Thailand" },
+ { 0x3A, "Advanced Film Device Inc. Japan" },
+ { 0x3B, "Nitecrest Ltd UK" },
+ { 0x3C, "Verayo Inc. USA" },
+ { 0x3D, "HID Global USA" },
+ { 0x3E, "Productivity Engineering Gmbh Germany" },
+ { 0x3F, "Austriamicrosystems AG (reserved) Austria" },
+ { 0x40, "Gemalto SA France" },
+ { 0x41, "Renesas Electronics Corporation Japan" },
+ { 0x42, "3Alogics Inc Korea" },
+ { 0x43, "Top TroniQ Asia Limited Hong Kong" },
+ { 0x44, "Gentag Inc (USA) USA" },
+ { 0x00, "no tag-info available" } // must be the last entry
+};
- uint8_t *frame = trace + tracepos;
- tracepos += data_len;
- uint8_t *parityBytes = trace + tracepos;
- tracepos += parity_len;
-
- char line[16][110];
- for (int j = 0; j < data_len; j++) {
- int oddparity = 0x01;
- int k;
- for (k=0;k<8;k++) {
- oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
- }
+// get a product description based on the UID
+// uid[8] tag uid
+// returns description of the best match
+static char* getTagInfo(uint8_t uid) {
- uint8_t parityBits = parityBytes[j>>3];
- if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) {
- sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]);
- } else {
- sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]);
- }
- }
-
- char crc[5] = {0x00};
- if (data_len > 2) {
- uint8_t b1, b2;
- ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2);
- if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) {
- sprintf(crc, (isResponse & (data_len < 6)) ? "" : "!crc");
+ int i, best = -1;
+ int len = sizeof(manufactureMapping) / sizeof(manufactureName);
+
+ for ( i = 0; i < len; ++i ) {
+ if ( uid == manufactureMapping[i].uid) {
+ if (best == -1) {
+ best = i;
}
- }
-
- EndOfTransmissionTimestamp = timestamp + duration;
- int num_lines = (data_len - 1)/16 + 1;
-
- for (int j = 0; j < num_lines; j++) {
- if (j == 0) {
- PrintAndLog(" %9d | %9d | %s | %-64s| %s",
- (timestamp - first_timestamp),
- (EndOfTransmissionTimestamp - first_timestamp),
- (isResponse ? "Tag" : "Rdr"),
- line[j],
- (j == num_lines-1)?crc:""
- );
- } else {
- PrintAndLog(" | | | %-64s| %s",
- line[j],
- (j == num_lines-1)?crc:"");
- }
- }
+ }
+ }
+
+ if (best>=0) return manufactureMapping[best].desc;
- bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000;
-
- if (ShowWaitCycles && !isResponse && next_isResponse) {
- uint32_t next_timestamp = *((uint32_t *)(trace + tracepos));
- if (next_timestamp != 0x44444444) {
- PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d",
- (EndOfTransmissionTimestamp - first_timestamp),
- (next_timestamp - first_timestamp),
- " ",
- (next_timestamp - EndOfTransmissionTimestamp));
- }
- }
- }
+ return manufactureMapping[i].desc;
+}
+
+int CmdHF14AList(const char *Cmd)
+{
+ PrintAndLog("Deprecated command, use 'hf list 14a' instead");
return 0;
}
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
+
+ // Double & triple sized UID, can be mapped to a manufacturer.
+ if ( card.uidlen > 4 ) {
+ PrintAndLog("MANUFACTURER : %s", getTagInfo(card.uid[0]));
+ }
switch (card.sak) {
case 0x00: PrintAndLog("TYPE : NXP MIFARE Ultralight | Ultralight C"); break;
case 0x98: PrintAndLog("TYPE : Gemplus MPCOS"); break;
default: ;
}
-
// try to request ATS even if tag claims not to support it
if (select_status == 2) {
int CmdHF14ASim(const char *Cmd);
int CmdHF14ASnoop(const char *Cmd);
+static char* getTagInfo(uint8_t uid);
#endif
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
- PrintAndLog("");
+ PrintAndLog(" [1 = SRIX4K]");
+ PrintAndLog(" [2 = SRIX4K]");
+ PrintAndLog(" [BLOCK number depends on which tag, special block == 255]");
PrintAndLog(" sample: hf 14b write 1 127 11223344");
- PrintAndLog(" sample: hf 14b write 1 255 11223344");
- PrintAndLog(" sample: hf 14b write 2 15 11223344");
- PrintAndLog(" sample: hf 14b write 2 255 11223344");
+ PrintAndLog(" : hf 14b write 1 255 11223344");
+ PrintAndLog(" : hf 14b write 2 15 11223344");
+ PrintAndLog(" : hf 14b write 2 255 11223344");
return 0;
}
const productName uidmapping[] = {
+
// UID, #significant Bits, "Vendor(+Product)"
- { 0xE001000000000000LL, 16, "Motorola" },
- { 0xE002000000000000LL, 16, "ST Microelectronics" },
- { 0xE003000000000000LL, 16, "Hitachi" },
- { 0xE004000000000000LL, 16, "NXP(Philips)" },
+ { 0xE001000000000000LL, 16, "Motorola UK" },
+
+ // E0 02 xx
+ // 02 = ST Microelectronics
+ // XX = IC id (Chip ID Family)
+ { 0xE002000000000000LL, 16, "ST Microelectronics SA France" },
+ { 0xE002050000000000LL, 24, "ST Microelectronics; LRI64 [IC id = 05]"},
+ { 0xE002080000000000LL, 24, "ST Microelectronics; LRI2K [IC id = 08]"},
+ { 0xE0020A0000000000LL, 24, "ST Microelectronics; LRIS2K [IC id = 10]"},
+ { 0xE002440000000000LL, 24, "ST Microelectronics; LRIS64K [IC id = 68]"},
+
+ { 0xE003000000000000LL, 16, "Hitachi, Ltd Japan" },
+
+ // E0 04 xx
+ // 04 = Manufacturer code (Philips/NXP)
+ // XX = IC id (Chip ID Family)
+ //I-Code SLI SL2 ICS20 [IC id = 01]
+ //I-Code SLI-S [IC id = 02]
+ //I-Code SLI-L [IC id = 03]
+ //I-Code SLIX [IC id = 01 + bit36 set to 1 (starting from bit0 - different from normal SLI)]
+ //I-Code SLIX-S [IC id = 02 + bit36 set to 1]
+ //I-Code SLIX-L [IC id = 03 + bit36 set to 1]
+ { 0xE004000000000000LL, 16, "NXP Semiconductors Germany (Philips)" },
{ 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" },
{ 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" },
{ 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" },
- { 0xE005000000000000LL, 16, "Infineon" },
- { 0xE005400000000000LL, 24, "Infineon; 56x32bit" },
- { 0xE006000000000000LL, 16, "Cylinc" },
- { 0xE007000000000000LL, 16, "Texas Instrument; " },
+
+ // E0 05 XX .. .. ..
+ // 05 = Manufacturer code (Infineon)
+ // XX = IC id (Chip ID Family)
+ { 0xE005000000000000LL, 16, "Infineon Technologies AG Germany" },
+ { 0xE005A10000000000LL, 24, "Infineon; SRF55V01P [IC id = 161] plain mode 1kBit"},
+ { 0xE005A80000000000LL, 24, "Infineon; SRF55V01P [IC id = 168] pilot series 1kBit"},
+ { 0xE005400000000000LL, 24, "Infineon; SRF55V02P [IC id = 64] plain mode 2kBit"},
+ { 0xE005000000000000LL, 24, "Infineon; SRF55V10P [IC id = 00] plain mode 10KBit"},
+ { 0xE005500000000000LL, 24, "Infineon; SRF55V02S [IC id = 80] secure mode 2kBit"},
+ { 0xE005100000000000LL, 24, "Infineon; SRF55V10S [IC id = 16] secure mode 10KBit"},
+ { 0xE0051E0000000000LL, 23, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"},
+ { 0xE005200000000000LL, 21, "Infineon; SLE66r01P [IC id = 3x = My-d Move or My-d move NFC]"},
+
+ { 0xE006000000000000LL, 16, "Cylink USA" },
+
+
+ // E0 07 xx
+ // 07 = Texas Instruments
+ // XX = from bit 41 to bit 43 = product configuration - from bit 44 to bit 47 IC id (Chip ID Family)
+ //Tag IT RFIDType-I Plus, 2kBit, TI Inlay
+ //Tag-it HF-I Plus Inlay [IC id = 00] -> b'0000 000 2kBit
+ //Tag-it HF-I Plus Chip [IC id = 64] -> b'1000 000 2kBit
+ //Tag-it HF-I Standard Chip / Inlays [IC id = 96] -> b'1100 000 256Bit
+ //Tag-it HF-I Pro Chip / Inlays [IC id = 98] -> b'1100 010 256Bit, Password protection
+ { 0xE007000000000000LL, 16, "Texas Instrument France" },
{ 0xE007000000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit" },
{ 0xE007100000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Chip; 64x32bit" },
{ 0xE007800000000000LL, 23, "Texas Instrument; Tag-it HF-I Plus (RF-HDT-DVBB tag or Third Party Products)" },
{ 0xE007C00000000000LL, 23, "Texas Instrument; Tag-it HF-I Standard; 8x32bit" },
{ 0xE007C40000000000LL, 23, "Texas Instrument; Tag-it HF-I Pro; 8x23bit; password" },
- { 0xE008000000000000LL, 16, "Fujitsu" },
- { 0xE009000000000000LL, 16, "Matsushita" },
- { 0xE00A000000000000LL, 16, "NEC" },
- { 0xE00B000000000000LL, 16, "Oki Electric" },
- { 0xE00C000000000000LL, 16, "Toshiba" },
- { 0xE00D000000000000LL, 16, "Mitsubishi" },
- { 0xE00E000000000000LL, 16, "Samsung" },
- { 0xE00F000000000000LL, 16, "Hyundai" },
- { 0xE010000000000000LL, 16, "LG-Semiconductors" },
+
+ { 0xE008000000000000LL, 16, "Fujitsu Limited Japan" },
+ { 0xE009000000000000LL, 16, "Matsushita Electronics Corporation, Semiconductor Company Japan" },
+ { 0xE00A000000000000LL, 16, "NEC Japan" },
+ { 0xE00B000000000000LL, 16, "Oki Electric Industry Co. Ltd Japan" },
+ { 0xE00C000000000000LL, 16, "Toshiba Corp. Japan" },
+ { 0xE00D000000000000LL, 16, "Mitsubishi Electric Corp. Japan" },
+ { 0xE00E000000000000LL, 16, "Samsung Electronics Co. Ltd Korea" },
+ { 0xE00F000000000000LL, 16, "Hynix / Hyundai, Korea" },
+ { 0xE010000000000000LL, 16, "LG-Semiconductors Co. Ltd Korea" },
+ { 0xE011000000000000LL, 16, "Emosyn-EM Microelectronics USA" },
+
{ 0xE012000000000000LL, 16, "HID Corporation" },
- { 0xE016000000000000LL, 16, "EM-Marin SA (Skidata)" },
+ { 0xE012000000000000LL, 16, "INSIDE Technology France" },
+ { 0xE013000000000000LL, 16, "ORGA Kartensysteme GmbH Germany" },
+ { 0xE014000000000000LL, 16, "SHARP Corporation Japan" },
+ { 0xE015000000000000LL, 16, "ATMEL France" },
+
+ { 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)" },
{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" },
{ 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" },
{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" },
{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },
+
+ { 0xE017000000000000LL, 16, "KSW Microtec GmbH Germany" },
+ { 0xE018000000000000LL, 16, "ZMD AG Germany" },
+ { 0xE019000000000000LL, 16, "XICOR, Inc. USA" },
+ { 0xE01A000000000000LL, 16, "Sony Corporation Japan Identifier Company Country" },
+ { 0xE01B000000000000LL, 16, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" },
+ { 0xE01C000000000000LL, 16, "Emosyn USA" },
+ { 0xE01D000000000000LL, 16, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" },
+ { 0xE01E000000000000LL, 16, "Magellan Technology Pty Limited Australia" },
+ { 0xE01F000000000000LL, 16, "Melexis NV BO Switzerland" },
+ { 0xE020000000000000LL, 16, "Renesas Technology Corp. Japan" },
+ { 0xE021000000000000LL, 16, "TAGSYS France" },
+ { 0xE022000000000000LL, 16, "Transcore USA" },
+ { 0xE023000000000000LL, 16, "Shanghai belling corp., ltd. China" },
+ { 0xE024000000000000LL, 16, "Masktech Germany Gmbh Germany" },
+ { 0xE025000000000000LL, 16, "Innovision Research and Technology Plc UK" },
+ { 0xE026000000000000LL, 16, "Hitachi ULSI Systems Co., Ltd. Japan" },
+ { 0xE027000000000000LL, 16, "Cypak AB Sweden" },
+ { 0xE028000000000000LL, 16, "Ricoh Japan" },
+ { 0xE029000000000000LL, 16, "ASK France" },
+ { 0xE02A000000000000LL, 16, "Unicore Microsystems, LLC Russian Federation" },
+ { 0xE02B000000000000LL, 16, "Dallas Semiconductor/Maxim USA" },
+ { 0xE02C000000000000LL, 16, "Impinj, Inc. USA" },
+ { 0xE02D000000000000LL, 16, "RightPlug Alliance USA" },
+ { 0xE02E000000000000LL, 16, "Broadcom Corporation USA" },
+ { 0xE02F000000000000LL, 16, "MStar Semiconductor, Inc Taiwan, ROC" },
+ { 0xE030000000000000LL, 16, "BeeDar Technology Inc. USA" },
+ { 0xE031000000000000LL, 16, " RFIDsec Denmark" },
+ { 0xE032000000000000LL, 16, " Schweizer Electronic AG Germany" },
+ { 0xE033000000000000LL, 16, " AMIC Technology Corp Taiwan" },
+ { 0xE034000000000000LL, 16, "Mikron JSC Russia" },
+ { 0xE035000000000000LL, 16, "Fraunhofer Institute for Photonic Microsystems Germany" },
+ { 0xE036000000000000LL, 16, "IDS Microchip AG Switzerland" },
+ { 0xE037000000000000LL, 16, "Kovio USA" },
+ { 0xE038000000000000LL, 16, "HMT Microelectronic Ltd Switzerland Identifier Company Country" },
+ { 0xE039000000000000LL, 16, "Silicon Craft Technology Thailand" },
+ { 0xE03A000000000000LL, 16, "Advanced Film Device Inc. Japan" },
+ { 0xE03B000000000000LL, 16, "Nitecrest Ltd UK" },
+ { 0xE03C000000000000LL, 16, "Verayo Inc. USA" },
+ { 0xE03D000000000000LL, 16, "HID Global USA" },
+ { 0xE03E000000000000LL, 16, "Productivity Engineering Gmbh Germany" },
+ { 0xE03F000000000000LL, 16, "Austriamicrosystems AG (reserved) Austria" },
+ { 0xE040000000000000LL, 16, "Gemalto SA France" },
+ { 0xE041000000000000LL, 16, "Renesas Electronics Corporation Japan" },
+ { 0xE042000000000000LL, 16, "3Alogics Inc Korea" },
+ { 0xE043000000000000LL, 16, "Top TroniQ Asia Limited Hong Kong" },
+ { 0xE044000000000000LL, 16, "Gentag Inc (USA) USA" },
{ 0,0,"no tag-info available" } // must be the last entry
};
if (best==-1) {
best=i;
} else {
- if (uidmapping[i].mask>uidmapping[best].mask) {
+ if (uidmapping[i].mask > uidmapping[best].mask) {
best=i;
}
}
}
return 0;
}
+int CmdHFiClass_loclass(const char *Cmd)
+{
+ char opt = param_getchar(Cmd, 0);
+
+ if (strlen(Cmd)<1 || opt == 'h') {
+ PrintAndLog("Usage: hf iclass loclass [options]");
+ PrintAndLog("Options:");
+ PrintAndLog("h Show this help");
+ PrintAndLog("t Perform self-test");
+ PrintAndLog("f <filename> Bruteforce iclass dumpfile");
+ PrintAndLog(" An iclass dumpfile is assumed to consist of an arbitrary number of");
+ PrintAndLog(" malicious CSNs, and their protocol responses");
+ PrintAndLog(" The the binary format of the file is expected to be as follows: ");
+ PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
+ PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
+ PrintAndLog(" <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>");
+ PrintAndLog(" ... totalling N*24 bytes");
+ return 0;
+ }
+ char fileName[255] = {0};
+ if(opt == 'f')
+ {
+ if(param_getstr(Cmd, 1, fileName) > 0)
+ {
+ return bruteforceFileNoKeys(fileName);
+ }else
+ {
+ PrintAndLog("You must specify a filename");
+ }
+ }
+ else if(opt == 't')
+ {
+ int errors = testCipherUtils();
+ errors += testMAC();
+ errors += doKeyTests(0);
+ errors += testElite();
+ if(errors)
+ {
+ prnlog("OBS! There were errors!!!");
+ }
+ return errors;
+ }
+ return 0;
+}
static command_t CommandTable[] =
{
{"replay", CmdHFiClassReader_Replay, 0, "Read an iClass tag via Reply Attack"},
{"dump", CmdHFiClassReader_Dump, 0, "Authenticate and Dump iClass tag"},
{"write", CmdHFiClass_iso14443A_write, 0, "Authenticate and Write iClass block"},
+ {"loclass", CmdHFiClass_loclass, 1, "Use loclass to perform bruteforce of reader attack dump"},
{NULL, NULL, 0, NULL}
};
{
char cmdp = param_getchar(Cmd, 0);
int read_h = (cmdp == 'h');
- do
- {
+ do {
if (ukbhit()) {
printf("\naborted via keyboard!\n");
break;
CmdLFRead(read_h ? "h" : "");
CmdSamples("6000");
-
} while (
!CmdEM410xRead("")
);
{"hf", CmdHF, 1, "{ High Frequency commands... }"},
{"hw", CmdHW, 1, "{ Hardware commands... }"},
{"lf", CmdLF, 1, "{ Low Frequency commands... }"},
- {"script", CmdScript, 1,"{ Scripting commands }"},
+ {"script", CmdScript, 1, "{ Scripting commands }"},
{"quit", CmdQuit, 1, "Exit program"},
{"exit", CmdQuit, 1, "Exit program"},
{NULL, NULL, 0, NULL}
// Wait until the command is received
for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
- while(getCommand(response)) {
+ while (getCommand(response)) {
if(response->cmd == cmd){
return true;
}
fseek(f, 0, SEEK_SET);
uint8_t *dump = malloc(fsize);
- size_t bytes_read = fread(dump, fsize, 1, f);
+ size_t bytes_read = fread(dump, 1, fsize, f);
fclose(f);
if (bytes_read < fsize)
**** The 64-bit HS Custom Key Value = 5B7C62C491C11B39 ****
**/
uint16_t keytable[128] = {0};
- //save some time...
- startvalue = 0x7B0000;
+
+ //Test a few variants
+ if(fileExists("iclass_dump.bin"))
+ {
errors |= bruteforceFile("iclass_dump.bin",keytable);
+ }else if(fileExists("loclass/iclass_dump.bin")){
+ errors |= bruteforceFile("loclass/iclass_dump.bin",keytable);
+ }else if(fileExists("client/loclass/iclass_dump.bin")){
+ errors |= bruteforceFile("client/loclass/iclass_dump.bin",keytable);
+ }else{
+ prnlog("Error: The file iclass_dump.bin was not found!");
+ }
}
return errors;
}
int fileExists(const char *filename) {
#ifdef _WIN32
- struct _stat fileStat;
- int result = _stat(filename, &fileStat);
+ struct _stat st;
+ int result = _stat(filename, &st);
#else
- struct stat fileStat;
- int result = stat(filename, &fileStat);
+ struct stat st;
+ int result = stat(filename, &st);
#endif
return result == 0;
}
*/
void prnlog(char *fmt, ...)
{
-
+ char buffer[2048] = {0};
va_list args;
va_start(args,fmt);
- PrintAndLog(fmt, args);
- //vprintf(fmt,args);
+ vsprintf (buffer,fmt, args);
va_end(args);
- //printf("\n");
+ PrintAndLog(buffer);
+
}
* @param fmt
*/
void prnlog(char *fmt, ...);
+int fileExists(const char *filename);
#endif // FILEUTILS_H
#include <unistd.h>
#include <readline/readline.h>
#include <readline/history.h>
-//#include "proxusb.h"
+
#include "proxmark3.h"
#include "proxgui.h"
#include "cmdmain.h"
projects / proxmark3-svn / commitdiff