[proxmark3-svn] / client / cmdlfhitag.c

//-----------------------------------------------------------------------------
// Copyright (C) 2012 Roel Verdult
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency Hitag support
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "data.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
#include "common.h"
#include "util.h"
#include "hitag2.h"
#include "sleep.h"
#include "cmdmain.h"

static int CmdHelp(const char *Cmd);

size_t nbytes(size_t nbits) {
	return (nbits/8)+((nbits%8)>0);
}

int CmdLFHitagList(const char *Cmd)
{
  uint8_t got[TRACE_BUFFER_SIZE];
  GetFromBigBuf(got,sizeof(got),0);
  WaitForResponse(CMD_ACK,NULL);

  PrintAndLog("recorded activity:");
  PrintAndLog(" ETU     :nbits: who bytes");
  PrintAndLog("---------+-----+----+-----------");

  int i = 0;
  int prev = -1;
  int len = strlen(Cmd);

  char filename[FILE_PATH_SIZE]  = { 0x00 };
  FILE* pf = NULL;
  	
  if (len > FILE_PATH_SIZE) 
     len = FILE_PATH_SIZE;
  memcpy(filename, Cmd, len);
   
  if (strlen(filename) > 0) {
	if ((pf = fopen(filename,"wb")) == NULL) {
		PrintAndLog("Error: Could not open file [%s]",filename);
		return 1;
	}
  }

  for (;;) {
  
    if(i >= TRACE_BUFFER_SIZE) { break; }

    bool isResponse;
    int timestamp = *((uint32_t *)(got+i));
    if (timestamp & 0x80000000) {
      timestamp &= 0x7fffffff;
      isResponse = 1;
    } else {
      isResponse = 0;
    }

    int parityBits = *((uint32_t *)(got+i+4));
    // 4 bytes of additional information...
    // maximum of 32 additional parity bit information
    //
    // TODO:
    // at each quarter bit period we can send power level (16 levels)
    // or each half bit period in 256 levels.

    int bits = got[i+8];
    int len = nbytes(got[i+8]);

    if (len > 100) {
      break;
    }
    if (i + len >= TRACE_BUFFER_SIZE) { break;}

    uint8_t *frame = (got+i+9);

    // Break and stick with current result if buffer was not completely full
    if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }

    char line[1000] = "";
    int j;
    for (j = 0; j < len; j++) {
      int oddparity = 0x01;
      int k;

      for (k=0;k<8;k++) {
        oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
      }

      //if((parityBits >> (len - j - 1)) & 0x01) {
      if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
        sprintf(line+(j*4), "%02x!  ", frame[j]);
      }
      else {
        sprintf(line+(j*4), "%02x   ", frame[j]);
      }
    }

    PrintAndLog(" +%7d:  %3d: %s %s",
      (prev < 0 ? 0 : (timestamp - prev)),
      bits,
      (isResponse ? "TAG" : "   "),
      line);


   if (pf) {
      fprintf(pf," +%7d:  %3d: %s %s\n",
					(prev < 0 ? 0 : (timestamp - prev)),
					bits,
					(isResponse ? "TAG" : "   "),
					line);
    }
	
    prev = timestamp;
    i += (len + 9);
  }
  
  if (pf) {
    fclose(pf);
	PrintAndLog("Recorded activity succesfully written to file: %s", filename);
  }

  return 0;
}

int CmdLFHitagSnoop(const char *Cmd) {
  UsbCommand c = {CMD_SNOOP_HITAG};
  SendCommand(&c);
  return 0;
}

int CmdLFHitagSim(const char *Cmd) {
    
  UsbCommand c = {CMD_SIMULATE_HITAG};
	char filename[FILE_PATH_SIZE] = { 0x00 };
	FILE* pf;
	bool tag_mem_supplied;
	int len = strlen(Cmd);
	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);
	
	if (strlen(filename) > 0) {
		if ((pf = fopen(filename,"rb+")) == NULL) {
			PrintAndLog("Error: Could not open file [%s]",filename);
			return 1;
		}
		tag_mem_supplied = true;
		if (fread(c.d.asBytes,48,1,pf) == 0) {
      PrintAndLog("Error: File reading error");
      fclose(pf);
			return 1;
    }
		fclose(pf);
	} else {
		tag_mem_supplied = false;
	}
	
	// Does the tag comes with memory
	c.arg[0] = (uint32_t)tag_mem_supplied;

  SendCommand(&c);
  return 0;
}

int CmdLFHitagReader(const char *Cmd) {
//  UsbCommand c = {CMD_READER_HITAG};
	
//	param_get32ex(Cmd,1,0,16);
	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	hitag_data* htd = (hitag_data*)c.d.asBytes;
	hitag_function htf = param_get32ex(Cmd,0,0,10);
	
	switch (htf) {
		case RHT2F_PASSWORD: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
		} break;
		case RHT2F_AUTHENTICATE: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case RHT2F_CRYPTO: {
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
//			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case RHT2F_TEST_AUTH_ATTEMPTS: {
			// No additional parameters needed
		} break;
		default: {
			PrintAndLog("Error: unkown reader function %d",htf);
			PrintAndLog("Hitag reader functions");
			PrintAndLog(" HitagS (0*)");
			PrintAndLog(" Hitag1 (1*)");
			PrintAndLog(" Hitag2 (2*)");
			PrintAndLog("  21 <password> (password mode)");
			PrintAndLog("  22 <nr> <ar> (authentication)");
			PrintAndLog("  23 <key> (authentication) key is in format: ISK high + ISK low");
			PrintAndLog("  25 (test recorded authentications)");
			return 1;
		} break;
	}

	// Copy the hitag2 function into the first argument
	c.arg[0] = htf;

  // Send the command to the proxmark
  SendCommand(&c);
  
  UsbCommand resp;
  WaitForResponse(CMD_ACK,&resp);
  
  // Check the return status, stored in the first argument
  if (resp.arg[0] == false) return 1;
    
  uint32_t id = bytes_to_num(resp.d.asBytes,4);
  char filename[256];
  FILE* pf = NULL;

  sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
  if ((pf = fopen(filename,"wb")) == NULL) {
    PrintAndLog("Error: Could not open file [%s]",filename);
    return 1;
  }
  
  // Write the 48 tag memory bytes to file and finalize
  fwrite(resp.d.asBytes,1,48,pf);
  fclose(pf);

  PrintAndLog("Succesfully saved tag memory to [%s]",filename);
  
  return 0;
}

static command_t CommandTable[] = 
{
  {"help",    CmdHelp,           1, "This help"},
  {"list",    CmdLFHitagList,    1, "<outfile> List Hitag trace history"},
  {"reader",  CmdLFHitagReader,  1, "Act like a Hitag Reader"},
  {"sim",     CmdLFHitagSim,     1, "<infile> Simulate Hitag transponder"},
  {"snoop",   CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
		{NULL, NULL, 0, NULL}
};

int CmdLFHitag(const char *Cmd)
{
  CmdsParse(CommandTable, Cmd);
  return 0;
}

int CmdHelp(const char *Cmd)
{
  CmdsHelp(CommandTable);
  return 0;
}
Commit	Line	Data
db09cb3a	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2012 Roel Verdult
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Low frequency Hitag support
	9	//-----------------------------------------------------------------------------
	10
	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
	14	#include "data.h"
902cb3c0	15	#include "proxmark3.h"
db09cb3a	16	#include "ui.h"
	17	#include "cmdparser.h"
	18	#include "common.h"
	19	#include "util.h"
	20	#include "hitag2.h"
902cb3c0	21	#include "sleep.h"
902cb3c0	22	#include "cmdmain.h"
db09cb3a	23
	24	static int CmdHelp(const char *Cmd);
	25
47e18126	26	size_t nbytes(size_t nbits) {
	27	return (nbits/8)+((nbits%8)>0);
	28	}
	29
db09cb3a	30	int CmdLFHitagList(const char *Cmd)
db09cb3a	31	{
b915fda3	32	uint8_t got[TRACE_BUFFER_SIZE];
db09cb3a	33	GetFromBigBuf(got,sizeof(got),0);
902cb3c0	34	WaitForResponse(CMD_ACK,NULL);
902cb3c0	35
db09cb3a	36	PrintAndLog("recorded activity:");
47e18126	37	PrintAndLog(" ETU :nbits: who bytes");
47e18126	38	PrintAndLog("---------+-----+----+-----------");
db09cb3a	39
	40	int i = 0;
	41	int prev = -1;
b915fda3	42	int len = strlen(Cmd);
	43
	44	char filename[FILE_PATH_SIZE] = { 0x00 };
	45	FILE* pf = NULL;
	46
	47	if (len > FILE_PATH_SIZE)
	48	len = FILE_PATH_SIZE;
	49	memcpy(filename, Cmd, len);
	50
	51	if (strlen(filename) > 0) {
	52	if ((pf = fopen(filename,"wb")) == NULL) {
	53	PrintAndLog("Error: Could not open file [%s]",filename);
	54	return 1;
	55	}
	56	}
db09cb3a	57
db09cb3a	58	for (;;) {
b915fda3	59
b915fda3	60	if(i >= TRACE_BUFFER_SIZE) { break; }
db09cb3a	61
	62	bool isResponse;
	63	int timestamp = ((uint32_t )(got+i));
	64	if (timestamp & 0x80000000) {
	65	timestamp &= 0x7fffffff;
	66	isResponse = 1;
	67	} else {
	68	isResponse = 0;
	69	}
	70
db09cb3a	71	int parityBits = ((uint32_t )(got+i+4));
	72	// 4 bytes of additional information...
	73	// maximum of 32 additional parity bit information
	74	//
	75	// TODO:
	76	// at each quarter bit period we can send power level (16 levels)
	77	// or each half bit period in 256 levels.
	78
47e18126	79	int bits = got[i+8];
47e18126	80	int len = nbytes(got[i+8]);
db09cb3a	81
	82	if (len > 100) {
	83	break;
	84	}
b915fda3	85	if (i + len >= TRACE_BUFFER_SIZE) { break;}
db09cb3a	86
	87	uint8_t *frame = (got+i+9);
	88
	89	// Break and stick with current result if buffer was not completely full
	90	if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
	91
	92	char line[1000] = "";
	93	int j;
	94	for (j = 0; j < len; j++) {
	95	int oddparity = 0x01;
	96	int k;
	97
	98	for (k=0;k<8;k++) {
	99	oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
	100	}
	101
	102	//if((parityBits >> (len - j - 1)) & 0x01) {
	103	if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
	104	sprintf(line+(j*4), "%02x! ", frame[j]);
	105	}
	106	else {
	107	sprintf(line+(j*4), "%02x ", frame[j]);
	108	}
	109	}
	110
47e18126	111	PrintAndLog(" +%7d: %3d: %s %s",
db09cb3a	112	(prev < 0 ? 0 : (timestamp - prev)),
47e18126	113	bits,
db09cb3a	114	(isResponse ? "TAG" : " "),
	115	line);
	116
2d495a81	117
b915fda3	118	if (pf) {
	119	fprintf(pf," +%7d: %3d: %s %s\n",
	120	(prev < 0 ? 0 : (timestamp - prev)),
	121	bits,
	122	(isResponse ? "TAG" : " "),
	123	line);
	124	}
2d495a81	125
db09cb3a	126	prev = timestamp;
	127	i += (len + 9);
	128	}
2d495a81	129
b915fda3	130	if (pf) {
	131	fclose(pf);
	132	PrintAndLog("Recorded activity succesfully written to file: %s", filename);
	133	}
97d582a6	134
2d495a81	135	return 0;
db09cb3a	136	}
	137
	138	int CmdLFHitagSnoop(const char *Cmd) {
	139	UsbCommand c = {CMD_SNOOP_HITAG};
	140	SendCommand(&c);
	141	return 0;
	142	}
	143
	144	int CmdLFHitagSim(const char *Cmd) {
b915fda3	145
db09cb3a	146	UsbCommand c = {CMD_SIMULATE_HITAG};
b915fda3	147	char filename[FILE_PATH_SIZE] = { 0x00 };
db09cb3a	148	FILE* pf;
db09cb3a	149	bool tag_mem_supplied;
b915fda3	150	int len = strlen(Cmd);
	151	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	152	memcpy(filename, Cmd, len);
db09cb3a	153
	154	if (strlen(filename) > 0) {
	155	if ((pf = fopen(filename,"rb+")) == NULL) {
	156	PrintAndLog("Error: Could not open file [%s]",filename);
	157	return 1;
	158	}
	159	tag_mem_supplied = true;
759c16b3	160	if (fread(c.d.asBytes,48,1,pf) == 0) {
759c16b3	161	PrintAndLog("Error: File reading error");
90e278d3	162	fclose(pf);
759c16b3	163	return 1;
759c16b3	164	}
db09cb3a	165	fclose(pf);
	166	} else {
	167	tag_mem_supplied = false;
	168	}
	169
	170	// Does the tag comes with memory
	171	c.arg[0] = (uint32_t)tag_mem_supplied;
	172
	173	SendCommand(&c);
	174	return 0;
	175	}
	176
	177	int CmdLFHitagReader(const char *Cmd) {
	178	// UsbCommand c = {CMD_READER_HITAG};
	179
	180	// param_get32ex(Cmd,1,0,16);
	181	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	182	hitag_data* htd = (hitag_data*)c.d.asBytes;
	183	hitag_function htf = param_get32ex(Cmd,0,0,10);
	184
	185	switch (htf) {
	186	case RHT2F_PASSWORD: {
	187	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
	188	} break;
	189	case RHT2F_AUTHENTICATE: {
	190	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
	191	num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	192	} break;
bde10a50	193	case RHT2F_CRYPTO: {
	194	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
	195	// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	196	} break;
db09cb3a	197	case RHT2F_TEST_AUTH_ATTEMPTS: {
	198	// No additional parameters needed
	199	} break;
	200	default: {
	201	PrintAndLog("Error: unkown reader function %d",htf);
ab4da50d	202	PrintAndLog("Hitag reader functions");
	203	PrintAndLog(" HitagS (0*)");
	204	PrintAndLog(" Hitag1 (1*)");
	205	PrintAndLog(" Hitag2 (2*)");
	206	PrintAndLog(" 21 <password> (password mode)");
	207	PrintAndLog(" 22 <nr> <ar> (authentication)");
	208	PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
	209	PrintAndLog(" 25 (test recorded authentications)");
db09cb3a	210	return 1;
	211	} break;
	212	}
	213
	214	// Copy the hitag2 function into the first argument
	215	c.arg[0] = htf;
	216
ab4da50d	217	// Send the command to the proxmark
db09cb3a	218	SendCommand(&c);
ab4da50d	219
	220	UsbCommand resp;
	221	WaitForResponse(CMD_ACK,&resp);
	222
	223	// Check the return status, stored in the first argument
	224	if (resp.arg[0] == false) return 1;
	225
	226	uint32_t id = bytes_to_num(resp.d.asBytes,4);
	227	char filename[256];
	228	FILE* pf = NULL;
	229
	230	sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
	231	if ((pf = fopen(filename,"wb")) == NULL) {
	232	PrintAndLog("Error: Could not open file [%s]",filename);
	233	return 1;
	234	}
	235
	236	// Write the 48 tag memory bytes to file and finalize
	237	fwrite(resp.d.asBytes,1,48,pf);
	238	fclose(pf);
	239
	240	PrintAndLog("Succesfully saved tag memory to [%s]",filename);
	241
db09cb3a	242	return 0;
	243	}
	244
3fe4ff4f	245	static command_t CommandTable[] =
db09cb3a	246	{
db09cb3a	247	{"help", CmdHelp, 1, "This help"},
b915fda3	248	{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
db09cb3a	249	{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
b915fda3	250	{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
db09cb3a	251	{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
	252	{NULL, NULL, 0, NULL}
	253	};
	254
	255	int CmdLFHitag(const char *Cmd)
	256	{
3fe4ff4f	257	CmdsParse(CommandTable, Cmd);
db09cb3a	258	return 0;
	259	}
	260
	261	int CmdHelp(const char *Cmd)
	262	{
3fe4ff4f	263	CmdsHelp(CommandTable);
db09cb3a	264	return 0;
db09cb3a	265	}