]> git.zerfleddert.de Git - proxmark3-svn/blame - client/cmdhf14b.c
Added mifarePlus.lua script for communication with Mifare Plus. (#593)
[proxmark3-svn] / client / cmdhf14b.c
CommitLineData
a553f267 1//-----------------------------------------------------------------------------
2// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// High frequency ISO14443B commands
9//-----------------------------------------------------------------------------
10
7fe9b0b7 11#include <stdio.h>
12#include <stdlib.h>
13#include <stdbool.h>
14#include <string.h>
15#include <stdint.h>
16#include "iso14443crc.h"
902cb3c0 17#include "proxmark3.h"
7fe9b0b7 18#include "graph.h"
3fe4ff4f 19#include "util.h"
7fe9b0b7 20#include "ui.h"
21#include "cmdparser.h"
22#include "cmdhf14b.h"
7cf3ef20 23#include "cmdmain.h"
ff4fdb32 24#include "cmdhf14a.h"
7fe9b0b7 25
26static int CmdHelp(const char *Cmd);
27
7fe9b0b7 28int CmdHF14BList(const char *Cmd)
29{
388c92bd 30 PrintAndLog("Deprecated command, use 'hf list 14b' instead");
7fe9b0b7 31
388c92bd 32 return 0;
7fe9b0b7 33}
7fe9b0b7 34
132a0217 35int CmdHF14BSim(const char *Cmd)
7fe9b0b7 36{
132a0217 37 UsbCommand c={CMD_SIMULATE_TAG_ISO_14443B};
ff4fdb32 38 clearCommandBuffer();
7fe9b0b7 39 SendCommand(&c);
40 return 0;
41}
42
43int CmdHF14BSnoop(const char *Cmd)
44{
132a0217 45 UsbCommand c = {CMD_SNOOP_ISO_14443B};
ff4fdb32 46 clearCommandBuffer();
7fe9b0b7 47 SendCommand(&c);
48 return 0;
49}
50
51/* New command to read the contents of a SRI512 tag
52 * SRI512 tags are ISO14443-B modulated memory tags,
53 * this command just dumps the contents of the memory
54 */
55int CmdSri512Read(const char *Cmd)
56{
57 UsbCommand c = {CMD_READ_SRI512_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
ff4fdb32 58 clearCommandBuffer();
7fe9b0b7 59 SendCommand(&c);
60 return 0;
61}
62
63/* New command to read the contents of a SRIX4K tag
64 * SRIX4K tags are ISO14443-B modulated memory tags,
65 * this command just dumps the contents of the memory/
66 */
67int CmdSrix4kRead(const char *Cmd)
68{
69 UsbCommand c = {CMD_READ_SRIX4K_TAG, {strtol(Cmd, NULL, 0), 0, 0}};
ff4fdb32 70 clearCommandBuffer();
7fe9b0b7 71 SendCommand(&c);
72 return 0;
73}
74
ff4fdb32 75int rawClose(void){
76 UsbCommand resp;
77 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}};
78 clearCommandBuffer();
79 SendCommand(&c);
80 if (!WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
81 return 0;
82 }
83 return 0;
84}
85
86int HF14BCmdRaw(bool reply, bool *crc, bool power, uint8_t *data, uint8_t *datalen, bool verbose){
87 UsbCommand resp;
88 UsbCommand c = {CMD_ISO_14443B_COMMAND, {0, 0, 0}}; // len,recv,power
89 if(*crc)
90 {
91 uint8_t first, second;
92 ComputeCrc14443(CRC_14443_B, data, *datalen, &first, &second);
93 data[*datalen] = first;
94 data[*datalen + 1] = second;
95 *datalen += 2;
96 }
97
98 c.arg[0] = *datalen;
99 c.arg[1] = reply;
100 c.arg[2] = power;
101 memcpy(c.d.asBytes,data,*datalen);
102 clearCommandBuffer();
103 SendCommand(&c);
104
105 if (!reply) return 1;
106
107 if (!WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
108 if (verbose) PrintAndLog("timeout while waiting for reply.");
109 return 0;
110 }
111 *datalen = resp.arg[0];
112 if (verbose) PrintAndLog("received %u octets", *datalen);
113 if(*datalen<2) return 0;
114
115 memcpy(data, resp.d.asBytes, *datalen);
116 if (verbose) PrintAndLog("%s", sprint_hex(data, *datalen));
117
118 uint8_t first, second;
119 ComputeCrc14443(CRC_14443_B, data, *datalen-2, &first, &second);
120 if(data[*datalen-2] == first && data[*datalen-1] == second) {
121 if (verbose) PrintAndLog("CRC OK");
122 *crc = true;
123 } else {
124 if (verbose) PrintAndLog("CRC failed");
125 *crc = false;
126 }
127 return 1;
128}
129
130int CmdHF14BCmdRaw (const char *Cmd) {
131 bool reply = true;
132 bool crc = false;
133 bool power = false;
b8edab0f 134 bool select = false;
7ce6e2c0 135 bool SRx = false;
ff4fdb32 136 char buf[5] = "";
137 uint8_t data[100] = {0x00};
138 uint8_t datalen = 0;
139 unsigned int temp;
140 int i = 0;
141 if (strlen(Cmd)<3) {
7ce6e2c0 142 PrintAndLog("Usage: hf 14b raw [-r] [-c] [-p] [-s || -ss] <0A 0B 0C ... hex>");
ff4fdb32 143 PrintAndLog(" -r do not read response");
144 PrintAndLog(" -c calculate and append CRC");
145 PrintAndLog(" -p leave the field on after receive");
b8edab0f 146 PrintAndLog(" -s active signal field ON with select");
7ce6e2c0 147 PrintAndLog(" -ss active signal field ON with select for SRx ST Microelectronics tags");
b8edab0f 148 return 0;
ff4fdb32 149 }
150
151 // strip
152 while (*Cmd==' ' || *Cmd=='\t') Cmd++;
153
154 while (Cmd[i]!='\0') {
155 if (Cmd[i]==' ' || Cmd[i]=='\t') { i++; continue; }
156 if (Cmd[i]=='-') {
157 switch (Cmd[i+1]) {
158 case 'r':
159 case 'R':
160 reply = false;
161 break;
162 case 'c':
163 case 'C':
164 crc = true;
165 break;
166 case 'p':
167 case 'P':
168 power = true;
169 break;
b8edab0f 170 case 's':
171 case 'S':
172 select = true;
7ce6e2c0 173 if (Cmd[i+2]=='s' || Cmd[i+2]=='S') {
174 SRx = true;
175 i++;
176 }
b8edab0f 177 break;
ff4fdb32 178 default:
179 PrintAndLog("Invalid option");
180 return 0;
181 }
182 i+=2;
183 continue;
184 }
185 if ((Cmd[i]>='0' && Cmd[i]<='9') ||
186 (Cmd[i]>='a' && Cmd[i]<='f') ||
187 (Cmd[i]>='A' && Cmd[i]<='F') ) {
188 buf[strlen(buf)+1]=0;
189 buf[strlen(buf)]=Cmd[i];
190 i++;
191
192 if (strlen(buf)>=2) {
193 sscanf(buf,"%x",&temp);
194 data[datalen++]=(uint8_t)(temp & 0xff);
195 *buf=0;
196 }
197 continue;
198 }
199 PrintAndLog("Invalid char on input");
7ce6e2c0 200 return 0;
ff4fdb32 201 }
202 if (datalen == 0)
203 {
204 PrintAndLog("Missing data input");
205 return 0;
206 }
207
1c7d367e 208 if (select){ //auto select 14b tag
b8edab0f 209 uint8_t cmd2[16];
b8edab0f 210 bool crc2 = true;
7ce6e2c0 211 uint8_t cmdLen;
b8edab0f 212
7ce6e2c0 213 if (SRx) {
214 // REQ SRx
215 cmdLen = 2;
216 cmd2[0] = 0x06;
217 cmd2[1] = 0x00;
218 } else {
219 cmdLen = 3;
220 // REQB
221 cmd2[0] = 0x05;
222 cmd2[1] = 0x00;
223 cmd2[2] = 0x08;
224 }
b8edab0f 225
7ce6e2c0 226 if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose();
b8edab0f 227
7ce6e2c0 228 if ( SRx && (cmdLen != 3 || !crc2) ) return rawClose();
229 else if (cmd2[0] != 0x50 || cmdLen != 14 || !crc2) return rawClose();
230
231 uint8_t chipID = 0;
232 if (SRx) {
233 // select
234 chipID = cmd2[0];
235 cmd2[0] = 0x0E;
236 cmd2[1] = chipID;
237 cmdLen = 2;
238 } else {
239 // attrib
240 cmd2[0] = 0x1D;
241 // UID from cmd2[1 - 4]
242 cmd2[5] = 0x00;
243 cmd2[6] = 0x08;
244 cmd2[7] = 0x01;
245 cmd2[8] = 0x00;
246 cmdLen = 9;
247 }
1c7d367e 248
b8edab0f 249 if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose();
250
f3b83bee 251 if (cmdLen != 3 || !crc2) return rawClose();
7ce6e2c0 252 if (SRx && cmd2[0] != chipID) return rawClose();
b8edab0f 253 }
ff4fdb32 254 return HF14BCmdRaw(reply, &crc, power, data, &datalen, true);
7cf3ef20 255}
256
b29d55f2 257// print full atqb info
ff4fdb32 258static void print_atqb_resp(uint8_t *data){
f3b83bee 259 //PrintAndLog (" UID: %s", sprint_hex(data+1,4));
ff4fdb32 260 PrintAndLog (" App Data: %s", sprint_hex(data+5,4));
261 PrintAndLog (" Protocol: %s", sprint_hex(data+9,3));
262 uint8_t BitRate = data[9];
263 if (!BitRate)
264 PrintAndLog (" Bit Rate: 106 kbit/s only PICC <-> PCD");
265 if (BitRate & 0x10)
266 PrintAndLog (" Bit Rate: 212 kbit/s PICC -> PCD supported");
267 if (BitRate & 0x20)
268 PrintAndLog (" Bit Rate: 424 kbit/s PICC -> PCD supported");
269 if (BitRate & 0x40)
270 PrintAndLog (" Bit Rate: 847 kbit/s PICC -> PCD supported");
271 if (BitRate & 0x01)
272 PrintAndLog (" Bit Rate: 212 kbit/s PICC <- PCD supported");
273 if (BitRate & 0x02)
274 PrintAndLog (" Bit Rate: 424 kbit/s PICC <- PCD supported");
275 if (BitRate & 0x04)
276 PrintAndLog (" Bit Rate: 847 kbit/s PICC <- PCD supported");
277 if (BitRate & 0x80)
278 PrintAndLog (" Same bit rate <-> required");
279
280 uint16_t maxFrame = data[10]>>4;
281 if (maxFrame < 5)
282 maxFrame = 8*maxFrame + 16;
283 else if (maxFrame == 5)
284 maxFrame = 64;
285 else if (maxFrame == 6)
286 maxFrame = 96;
287 else if (maxFrame == 7)
288 maxFrame = 128;
289 else if (maxFrame == 8)
290 maxFrame = 256;
291 else
292 maxFrame = 257;
293
f3b83bee 294 PrintAndLog ("Max Frame Size: %u%s",maxFrame, (maxFrame == 257) ? "+ RFU" : "");
ff4fdb32 295
296 uint8_t protocolT = data[10] & 0xF;
297 PrintAndLog (" Protocol Type: Protocol is %scompliant with ISO/IEC 14443-4",(protocolT) ? "" : "not " );
f3b83bee 298 PrintAndLog ("Frame Wait Int: %u", data[11]>>4);
ff4fdb32 299 PrintAndLog (" App Data Code: Application is %s",(data[11]&4) ? "Standard" : "Proprietary");
300 PrintAndLog (" Frame Options: NAD is %ssupported",(data[11]&2) ? "" : "not ");
301 PrintAndLog (" Frame Options: CID is %ssupported",(data[11]&1) ? "" : "not ");
f3b83bee 302 PrintAndLog ("Max Buf Length: %u (MBLI) %s",data[14]>>4, (data[14] & 0xF0) ? "" : "not supported");
ff4fdb32 303
304 return;
305}
306
b29d55f2 307// get SRx chip model (from UID) // from ST Microelectronics
ff4fdb32 308char *get_ST_Chip_Model(uint8_t data){
309 static char model[20];
310 char *retStr = model;
311 memset(model,0, sizeof(model));
312
313 switch (data) {
314 case 0x0: sprintf(retStr, "SRIX4K (Special)"); break;
315 case 0x2: sprintf(retStr, "SR176"); break;
316 case 0x3: sprintf(retStr, "SRIX4K"); break;
317 case 0x4: sprintf(retStr, "SRIX512"); break;
318 case 0x6: sprintf(retStr, "SRI512"); break;
319 case 0x7: sprintf(retStr, "SRI4K"); break;
320 case 0xC: sprintf(retStr, "SRT512"); break;
321 default : sprintf(retStr, "Unknown"); break;
322 }
323 return retStr;
324}
325
cc34cc7b 326int print_ST_Lock_info(uint8_t model){
327 //assume connection open and tag selected...
c3ebcce4 328 uint8_t data[16] = {0x00};
cc34cc7b 329 uint8_t datalen = 2;
330 bool crc = true;
331 uint8_t resplen;
332 uint8_t blk1;
333 data[0] = 0x08;
334
335 if (model == 0x2) { //SR176 has special command:
336 data[1] = 0xf;
337 resplen = 4;
338 } else {
339 data[1] = 0xff;
340 resplen = 6;
341 }
342
343 //std read cmd
344 if (HF14BCmdRaw(true, &crc, true, data, &datalen, false)==0) return rawClose();
345
346 if (datalen != resplen || !crc) return rawClose();
347
348 PrintAndLog("Chip Write Protection Bits:");
349 // now interpret the data
350 switch (model){
351 case 0x0: //fall through (SRIX4K special)
352 case 0x3: //fall through (SRIx4K)
353 case 0x7: // (SRI4K)
354 //only need data[3]
355 blk1 = 9;
8e00825a 356 PrintAndLog(" raw: %s",printBits(1,data+3));
c3ebcce4 357 PrintAndLog(" 07/08:%slocked", (data[3] & 1) ? " not " : " " );
cc34cc7b 358 for (uint8_t i = 1; i<8; i++){
c3ebcce4 359 PrintAndLog(" %02u:%slocked", blk1, (data[3] & (1 << i)) ? " not " : " " );
cc34cc7b 360 blk1++;
361 }
362 break;
363 case 0x4: //fall through (SRIX512)
364 case 0x6: //fall through (SRI512)
365 case 0xC: // (SRT512)
366 //need data[2] and data[3]
367 blk1 = 0;
8e00825a 368 PrintAndLog(" raw: %s",printBits(2,data+2));
cc34cc7b 369 for (uint8_t b=2; b<4; b++){
370 for (uint8_t i=0; i<8; i++){
c3ebcce4 371 PrintAndLog(" %02u:%slocked", blk1, (data[b] & (1 << i)) ? " not " : " " );
cc34cc7b 372 blk1++;
373 }
374 }
375 break;
376 case 0x2: // (SR176)
377 //need data[2]
378 blk1 = 0;
8e00825a 379 PrintAndLog(" raw: %s",printBits(1,data+2));
cc34cc7b 380 for (uint8_t i = 0; i<8; i++){
c3ebcce4 381 PrintAndLog(" %02u/%02u:%slocked", blk1, blk1+1, (data[2] & (1 << i)) ? " " : " not " );
cc34cc7b 382 blk1+=2;
383 }
384 break;
385 default:
386 return rawClose();
387 }
388 return 1;
389}
390
b29d55f2 391// print UID info from SRx chips (ST Microelectronics)
392static void print_st_general_info(uint8_t *data){
ff4fdb32 393 //uid = first 8 bytes in data
cc34cc7b 394 PrintAndLog(" UID: %s", sprint_hex(SwapEndian64(data,8,8),8));
395 PrintAndLog(" MFG: %02X, %s", data[6], getTagInfo(data[6]));
396 PrintAndLog(" Chip: %02X, %s", data[5]>>2, get_ST_Chip_Model(data[5]>>2));
ff4fdb32 397 return;
398}
399
b29d55f2 400// 14b get and print UID only (general info)
401int HF14BStdReader(uint8_t *data, uint8_t *datalen){
ff4fdb32 402 //05 00 00 = find one tag in field
b8edab0f 403 //1d xx xx xx xx 00 08 01 00 = attrib xx=UID (resp 10 [f9 e0])
404 //a3 = ? (resp 03 [e2 c2])
405 //02 = ? (resp 02 [6a d3])
ff4fdb32 406 // 022b (resp 02 67 00 [29 5b])
407 // 0200a40400 (resp 02 67 00 [29 5b])
408 // 0200a4040c07a0000002480300 (resp 02 67 00 [29 5b])
409 // 0200a4040c07a0000002480200 (resp 02 67 00 [29 5b])
410 // 0200a4040006a0000000010100 (resp 02 6a 82 [4b 4c])
411 // 0200a4040c09d27600002545500200 (resp 02 67 00 [29 5b])
412 // 0200a404000cd2760001354b414e4d30310000 (resp 02 6a 82 [4b 4c])
413 // 0200a404000ca000000063504b43532d313500 (resp 02 6a 82 [4b 4c])
414 // 0200a4040010a000000018300301000000000000000000 (resp 02 6a 82 [4b 4c])
415 //03 = ? (resp 03 [e3 c2])
416 //c2 = ? (resp c2 [66 15])
417 //b2 = ? (resp a3 [e9 67])
f3b83bee 418 //a2 = ? (resp 02 [6a d3])
ff4fdb32 419 bool crc = true;
420 *datalen = 3;
421 //std read cmd
422 data[0] = 0x05;
423 data[1] = 0x00;
14660057 424 data[2] = 0x08;
ff4fdb32 425
f3b83bee 426 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose();
ff4fdb32 427
f3b83bee 428 if (data[0] != 0x50 || *datalen != 14 || !crc) return rawClose();
ff4fdb32 429
430 PrintAndLog ("\n14443-3b tag found:");
b29d55f2 431 PrintAndLog (" UID: %s", sprint_hex(data+1,4));
ff4fdb32 432
f3b83bee 433 uint8_t cmd2[16];
434 uint8_t cmdLen = 3;
435 bool crc2 = true;
436
437 cmd2[0] = 0x1D;
438 // UID from data[1 - 4]
439 cmd2[1] = data[1];
440 cmd2[2] = data[2];
441 cmd2[3] = data[3];
442 cmd2[4] = data[4];
443 cmd2[5] = 0x00;
444 cmd2[6] = 0x08;
445 cmd2[7] = 0x01;
446 cmd2[8] = 0x00;
447 cmdLen = 9;
448
449 // attrib
450 if (HF14BCmdRaw(true, &crc2, true, cmd2, &cmdLen, false)==0) return rawClose();
451
452 if (cmdLen != 3 || !crc2) return rawClose();
453 // add attrib responce to data
454 data[14] = cmd2[0];
455 rawClose();
ff4fdb32 456 return 1;
457}
458
8a258b58 459// 14b get and print Full Info (as much as we know)
460int HF14BStdInfo(uint8_t *data, uint8_t *datalen){
461 if (!HF14BStdReader(data,datalen)) return 0;
b29d55f2 462
8a258b58 463 //add more info here
464 print_atqb_resp(data);
b29d55f2 465
f3b83bee 466
b29d55f2 467 return 1;
468}
469
470// SRx get and print general info about SRx chip from UID
cc34cc7b 471int HF14B_ST_Reader(uint8_t *data, uint8_t *datalen, bool closeCon){
ff4fdb32 472 bool crc = true;
473 *datalen = 2;
474 //wake cmd
475 data[0] = 0x06;
476 data[1] = 0x00;
477
478 //leave power on
479 // verbose on for now for testing - turn off when functional
480 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose();
481
482 if (*datalen != 3 || !crc) return rawClose();
483
484 uint8_t chipID = data[0];
485 // select
486 data[0] = 0x0E;
487 data[1] = chipID;
488 *datalen = 2;
489
490 //leave power on
ff4fdb32 491 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose();
492
493 if (*datalen != 3 || !crc || data[0] != chipID) return rawClose();
494
495 // get uid
496 data[0] = 0x0B;
497 *datalen = 1;
498
cc34cc7b 499 //leave power on
500 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)==0) return rawClose();
c3ebcce4 501
502 if (*datalen != 10 || !crc) return rawClose();
503
cc34cc7b 504 //power off ?
505 if (closeCon) rawClose();
506
ff4fdb32 507 PrintAndLog("\n14443-3b ST tag found:");
b29d55f2 508 print_st_general_info(data);
ff4fdb32 509 return 1;
510}
511
8a258b58 512// SRx get and print full info (needs more info...)
513int HF14B_ST_Info(uint8_t *data, uint8_t *datalen){
cc34cc7b 514 if (!HF14B_ST_Reader(data, datalen, false)) return 0;
8a258b58 515
516 //add locking bit information here.
cc34cc7b 517 if (print_ST_Lock_info(data[5]>>2))
518 rawClose();
8a258b58 519
520 return 1;
521}
522
ff4fdb32 523// test for other 14b type tags (mimic another reader - don't have tags to identify)
b29d55f2 524int HF14B_Other_Reader(uint8_t *data, uint8_t *datalen){
ff4fdb32 525 bool crc = true;
526 *datalen = 4;
527 //std read cmd
528 data[0] = 0x00;
529 data[1] = 0x0b;
530 data[2] = 0x3f;
531 data[3] = 0x80;
532
b29d55f2 533 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) {
ff4fdb32 534 if (*datalen > 2 || !crc) {
535 PrintAndLog ("\n14443-3b tag found:");
536 PrintAndLog ("Unknown tag type answered to a 0x000b3f80 command ans:");
537 PrintAndLog ("%s",sprint_hex(data,*datalen));
cc34cc7b 538 rawClose();
ff4fdb32 539 return 1;
540 }
541 }
542
543 crc = false;
544 *datalen = 1;
545 data[0] = 0x0a;
546
b29d55f2 547 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) {
ff4fdb32 548 if (*datalen > 0) {
549 PrintAndLog ("\n14443-3b tag found:");
550 PrintAndLog ("Unknown tag type answered to a 0x0A command ans:");
551 PrintAndLog ("%s",sprint_hex(data,*datalen));
cc34cc7b 552 rawClose();
ff4fdb32 553 return 1;
554 }
555 }
556
557 crc = false;
558 *datalen = 1;
559 data[0] = 0x0c;
560
b29d55f2 561 if (HF14BCmdRaw(true, &crc, true, data, datalen, false)!=0) {
ff4fdb32 562 if (*datalen > 0) {
563 PrintAndLog ("\n14443-3b tag found:");
564 PrintAndLog ("Unknown tag type answered to a 0x0C command ans:");
565 PrintAndLog ("%s",sprint_hex(data,*datalen));
cc34cc7b 566 rawClose();
ff4fdb32 567 return 1;
568 }
569 }
b29d55f2 570 rawClose();
ff4fdb32 571 return 0;
ff4fdb32 572}
573
b29d55f2 574// get and print all info known about any known 14b tag
ff4fdb32 575int HF14BInfo(bool verbose){
576 uint8_t data[100];
577 uint8_t datalen = 5;
578
579 // try std 14b (atqb)
580 if (HF14BStdInfo(data, &datalen)) return 1;
581
582 // try st 14b
583 if (HF14B_ST_Info(data, &datalen)) return 1;
584
585 // try unknown 14b read commands (to be identified later)
586 // could be read of calypso, CEPAS, moneo, or pico pass.
b29d55f2 587 if (HF14B_Other_Reader(data, &datalen)) return 1;
ff4fdb32 588
589 if (verbose) PrintAndLog("no 14443B tag found");
590 return 0;
591}
592
b29d55f2 593// menu command to get and print all info known about any known 14b tag
ff4fdb32 594int CmdHF14Binfo(const char *Cmd){
595 return HF14BInfo(true);
596}
3fe4ff4f 597
b29d55f2 598// get and print general info about all known 14b chips
599int HF14BReader(bool verbose){
600 uint8_t data[100];
601 uint8_t datalen = 5;
602
603 // try std 14b (atqb)
604 if (HF14BStdReader(data, &datalen)) return 1;
605
606 // try st 14b
cc34cc7b 607 if (HF14B_ST_Reader(data, &datalen, true)) return 1;
b29d55f2 608
609 // try unknown 14b read commands (to be identified later)
610 // could be read of calypso, CEPAS, moneo, or pico pass.
611 if (HF14B_Other_Reader(data, &datalen)) return 1;
612
613 if (verbose) PrintAndLog("no 14443B tag found");
614 return 0;
615}
616
617// menu command to get and print general info about all known 14b chips
618int CmdHF14BReader(const char *Cmd){
619 return HF14BReader(true);
620}
621
ff4fdb32 622int CmdSriWrite( const char *Cmd){
3fe4ff4f 623/*
624 * For SRIX4K blocks 00 - 7F
625 * hf 14b raw -c -p 09 $srix4kwblock $srix4kwdata
626 *
627 * For SR512 blocks 00 - 0F
628 * hf 14b raw -c -p 09 $sr512wblock $sr512wdata
629 *
630 * Special block FF = otp_lock_reg block.
631 * Data len 4 bytes-
632 */
633 char cmdp = param_getchar(Cmd, 0);
634 uint8_t blockno = -1;
635 uint8_t data[4] = {0x00};
636 bool isSrix4k = true;
637 char str[20];
638
b5be31f9 639 if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') {
3fe4ff4f 640 PrintAndLog("Usage: hf 14b write <1|2> <BLOCK> <DATA>");
b5be31f9 641 PrintAndLog(" [1 = SRIX4K]");
642 PrintAndLog(" [2 = SRI512]");
643 PrintAndLog(" [BLOCK number depends on tag, special block == FF]");
644 PrintAndLog(" sample: hf 14b write 1 7F 11223344");
645 PrintAndLog(" : hf 14b write 1 FF 11223344");
646 PrintAndLog(" : hf 14b write 2 15 11223344");
647 PrintAndLog(" : hf 14b write 2 FF 11223344");
3fe4ff4f 648 return 0;
649 }
650
b5be31f9 651 if ( cmdp == '2' )
3fe4ff4f 652 isSrix4k = false;
653
b5be31f9 654 //blockno = param_get8(Cmd, 1);
655
656 if ( param_gethex(Cmd,1, &blockno, 2) ) {
657 PrintAndLog("Block number must include 2 HEX symbols");
658 return 0;
659 }
3fe4ff4f 660
661 if ( isSrix4k ){
662 if ( blockno > 0x7f && blockno != 0xff ){
663 PrintAndLog("Block number out of range");
664 return 0;
665 }
666 } else {
667 if ( blockno > 0x0f && blockno != 0xff ){
668 PrintAndLog("Block number out of range");
669 return 0;
670 }
671 }
672
673 if (param_gethex(Cmd, 2, data, 8)) {
674 PrintAndLog("Data must include 8 HEX symbols");
675 return 0;
676 }
677
678 if ( blockno == 0xff)
b5be31f9 679 PrintAndLog("[%s] Write special block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512" , blockno, sprint_hex(data,4) );
3fe4ff4f 680 else
b5be31f9 681 PrintAndLog("[%s] Write block %02X [ %s ]", (isSrix4k)?"SRIX4K":"SRI512", blockno, sprint_hex(data,4) );
3fe4ff4f 682
fe5b3a44 683 sprintf(str, "-c 09 %02x %02x%02x%02x%02x", blockno, data[0], data[1], data[2], data[3]);
b5be31f9 684
3fe4ff4f 685 CmdHF14BCmdRaw(str);
686 return 0;
687}
688
7fe9b0b7 689static command_t CommandTable[] =
690{
691 {"help", CmdHelp, 1, "This help"},
b29d55f2 692 {"info", CmdHF14Binfo, 0, "Find and print details about a 14443B tag"},
693 {"list", CmdHF14BList, 0, "[Deprecated] List ISO 14443B history"},
694 {"reader", CmdHF14BReader, 0, "Act as a 14443B reader to identify a tag"},
132a0217 695 {"sim", CmdHF14BSim, 0, "Fake ISO 14443B tag"},
696 {"snoop", CmdHF14BSnoop, 0, "Eavesdrop ISO 14443B"},
7cf3ef20 697 {"sri512read", CmdSri512Read, 0, "Read contents of a SRI512 tag"},
698 {"srix4kread", CmdSrix4kRead, 0, "Read contents of a SRIX4K tag"},
ff4fdb32 699 {"sriwrite", CmdSriWrite, 0, "Write data to a SRI512 | SRIX4K tag"},
7cf3ef20 700 {"raw", CmdHF14BCmdRaw, 0, "Send raw hex data to tag"},
7fe9b0b7 701 {NULL, NULL, 0, NULL}
702};
703
704int CmdHF14B(const char *Cmd)
705{
706 CmdsParse(CommandTable, Cmd);
707 return 0;
708}
709
710int CmdHelp(const char *Cmd)
711{
712 CmdsHelp(CommandTable);
713 return 0;
714}
Impressum, Datenschutz