[proxmark3-svn] / client / cmdlfhitag.c

//-----------------------------------------------------------------------------
// Copyright (C) 2012 Roel Verdult
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency Hitag support
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
#include "common.h"
#include "util.h"
#include "parity.h"
#include "hitag2.h"
#include "hitagS.h"
#include "cmdmain.h"

static int CmdHelp(const char *Cmd);

size_t nbytes(size_t nbits) {
	return (nbits/8)+((nbits%8)>0);
}

int CmdLFHitagList(const char *Cmd)
{
 	uint8_t *got = malloc(USB_CMD_DATA_SIZE);

	// Query for the actual size of the trace
	UsbCommand response;
	GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0, &response, -1, false);
	uint16_t traceLen = response.arg[2];
	if (traceLen > USB_CMD_DATA_SIZE) {
		uint8_t *p = realloc(got, traceLen);
		if (p == NULL) {
			PrintAndLog("Cannot allocate memory for trace");
			free(got);
			return 2;
		}
		got = p;
		GetFromBigBuf(got, traceLen, 0, NULL, -1, false);
	}
	
	PrintAndLog("recorded activity (TraceLen = %d bytes):");
	PrintAndLog(" ETU     :nbits: who bytes");
	PrintAndLog("---------+-----+----+-----------");

	int i = 0;
	int prev = -1;
	int len = strlen(Cmd);

	char filename[FILE_PATH_SIZE]  = { 0x00 };
	FILE* pf = NULL;
  	
	if (len > FILE_PATH_SIZE) 
		len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);
   
	if (strlen(filename) > 0) {
		if ((pf = fopen(filename,"wb")) == NULL) {
			PrintAndLog("Error: Could not open file [%s]",filename);
			return 1;
		}
	}

	for (;;) {
  
		if(i > traceLen) { break; }

		bool isResponse;
		int timestamp = *((uint32_t *)(got+i));
		if (timestamp & 0x80000000) {
			timestamp &= 0x7fffffff;
			isResponse = 1;
		} else {
			isResponse = 0;
		}

		int parityBits = *((uint32_t *)(got+i+4));
		// 4 bytes of additional information...
		// maximum of 32 additional parity bit information
		//
		// TODO:
		// at each quarter bit period we can send power level (16 levels)
		// or each half bit period in 256 levels.

		int bits = got[i+8];
		int len = nbytes(got[i+8]);

		if (len > 100) {
		  break;
		}
		if (i + len > traceLen) { break;}

		uint8_t *frame = (got+i+9);

		// Break and stick with current result if buffer was not completely full
		if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }

		char line[1000] = "";
		int j;
		for (j = 0; j < len; j++) {

		  //if((parityBits >> (len - j - 1)) & 0x01) {
		  if (isResponse && (oddparity8(frame[j]) != ((parityBits >> (len - j - 1)) & 0x01))) {
			sprintf(line+(j*4), "%02x!  ", frame[j]);
		  }
		  else {
			sprintf(line+(j*4), "%02x   ", frame[j]);
		  }
		}

		PrintAndLog(" +%7d:  %3d: %s %s",
			(prev < 0 ? 0 : (timestamp - prev)),
			bits,
			(isResponse ? "TAG" : "   "),
			line);

		if (pf) {
			fprintf(pf," +%7d:  %3d: %s %s\n",
				(prev < 0 ? 0 : (timestamp - prev)),
				bits,
				(isResponse ? "TAG" : "   "),
				line);
		}
		
		prev = timestamp;
		i += (len + 9);
	}
  
	if (pf) {
		fclose(pf);
		PrintAndLog("Recorded activity succesfully written to file: %s", filename);
	}

	free(got);
	return 0;
}

int CmdLFHitagSnoop(const char *Cmd) {
  UsbCommand c = {CMD_SNOOP_HITAG};
  SendCommand(&c);
  return 0;
}

int CmdLFHitagSim(const char *Cmd) {
    
  UsbCommand c = {CMD_SIMULATE_HITAG};
	char filename[FILE_PATH_SIZE] = { 0x00 };
	FILE* pf;
	bool tag_mem_supplied;
	int len = strlen(Cmd);
	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);
	
	if (strlen(filename) > 0) {
		if ((pf = fopen(filename,"rb+")) == NULL) {
			PrintAndLog("Error: Could not open file [%s]",filename);
			return 1;
		}
		tag_mem_supplied = true;
		if (fread(c.d.asBytes,48,1,pf) == 0) {
      PrintAndLog("Error: File reading error");
      fclose(pf);
			return 1;
    }
		fclose(pf);
	} else {
		tag_mem_supplied = false;
	}
	
	// Does the tag comes with memory
	c.arg[0] = (uint32_t)tag_mem_supplied;

  SendCommand(&c);
  return 0;
}

int CmdLFHitagReader(const char *Cmd) {
	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	hitag_data* htd = (hitag_data*)c.d.asBytes;
	hitag_function htf = param_get32ex(Cmd,0,0,10);
	
	switch (htf) {
		case 01: { //RHTSF_CHALLENGE
			c = (UsbCommand){ CMD_READ_HITAG_S };
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case 02: { //RHTSF_KEY
			c = (UsbCommand){ CMD_READ_HITAG_S };
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
		} break;
		case RHT2F_PASSWORD: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
		} break;
		case RHT2F_AUTHENTICATE: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case RHT2F_CRYPTO: {
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
			//			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case RHT2F_TEST_AUTH_ATTEMPTS: {
			// No additional parameters needed
		} break;
		case RHT2F_UID_ONLY: {
			// No additional parameters needed
		} break;
		default: {
			PrintAndLog("\nError: unkown reader function %d",htf);
			PrintAndLog("");
			PrintAndLog("Usage: hitag reader <Reader Function #>");
			PrintAndLog("Reader Functions:");
			PrintAndLog(" HitagS (0*)");
			PrintAndLog("  01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
			PrintAndLog("  02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
			PrintAndLog(" Hitag1 (1*)");
			PrintAndLog(" Hitag2 (2*)");
			PrintAndLog("  21 <password> (password mode)");
			PrintAndLog("  22 <nr> <ar> (authentication)");
			PrintAndLog("  23 <key> (authentication) key is in format: ISK high + ISK low");
			PrintAndLog("  25 (test recorded authentications)");
			PrintAndLog("  26 just read UID");
			return 1;
		} break;
	}

	// Copy the hitag2 function into the first argument
	c.arg[0] = htf;

	// Send the command to the proxmark
	clearCommandBuffer();
	SendCommand(&c);

	UsbCommand resp;
	WaitForResponse(CMD_ACK,&resp);

	// Check the return status, stored in the first argument
	if (resp.arg[0] == false) return 1;
	
	uint32_t id = bytes_to_num(resp.d.asBytes,4);
		
	if (htf == RHT2F_UID_ONLY){
		PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
	} else {
		char filename[256];
		FILE* pf = NULL;

		sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
		if ((pf = fopen(filename,"wb")) == NULL) {
		  PrintAndLog("Error: Could not open file [%s]",filename);
		  return 1;
		}

		// Write the 48 tag memory bytes to file and finalize
		fwrite(resp.d.asBytes,1,48,pf);
		fclose(pf);

		PrintAndLog("Succesfully saved tag memory to [%s]",filename);
	}


	return 0;
}


int CmdLFHitagSimS(const char *Cmd) {
	UsbCommand c = { CMD_SIMULATE_HITAG_S };
	char filename[FILE_PATH_SIZE] = { 0x00 };
	FILE* pf;
	bool tag_mem_supplied;
	int len = strlen(Cmd);
	if (len > FILE_PATH_SIZE)
		len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);

	if (strlen(filename) > 0) {
		if ((pf = fopen(filename, "rb+")) == NULL) {
			PrintAndLog("Error: Could not open file [%s]", filename);
			return 1;
		}
		tag_mem_supplied = true;
		if (fread(c.d.asBytes, 4*64, 1, pf) == 0) {
			PrintAndLog("Error: File reading error");
			fclose(pf);
			return 1;
		}
		fclose(pf);
	} else {
		tag_mem_supplied = false;
	}

	// Does the tag comes with memory
	c.arg[0] = (uint32_t) tag_mem_supplied;

	SendCommand(&c);
	return 0;
}

int CmdLFHitagCheckChallenges(const char *Cmd) {
	UsbCommand c = { CMD_TEST_HITAGS_TRACES };
	char filename[FILE_PATH_SIZE] = { 0x00 };
	FILE* pf;
	bool file_given;
	int len = strlen(Cmd);
	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	memcpy(filename, Cmd, len);
	
	if (strlen(filename) > 0) {
		if ((pf = fopen(filename,"rb+")) == NULL) {
			PrintAndLog("Error: Could not open file [%s]",filename);
			return 1;
		}
		file_given = true;
		if (fread(c.d.asBytes,8*60,1,pf) == 0) {
      PrintAndLog("Error: File reading error");
      fclose(pf);
			return 1;
        }
		fclose(pf);
	} else {
		file_given = false;
	}
	
	//file with all the challenges to try
	c.arg[0] = (uint32_t)file_given;

  SendCommand(&c);
  return 0;
}


int CmdLFHitagWP(const char *Cmd) {
	UsbCommand c = { CMD_WR_HITAG_S };
	hitag_data* htd = (hitag_data*)c.d.asBytes;
	hitag_function htf = param_get32ex(Cmd,0,0,10);
	switch (htf) {
		case 03: { //WHTSF_CHALLENGE
			num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
		} break;
		case 04:
		case 24:
		{ //WHTSF_KEY
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);

		} break;
		default: {
			PrintAndLog("Error: unkown writer function %d",htf);
			PrintAndLog("Hitag writer functions");
			PrintAndLog(" HitagS (0*)");
			PrintAndLog("  03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
			PrintAndLog("  04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
			PrintAndLog(" Hitag1 (1*)");
			PrintAndLog(" Hitag2 (2*)");
			PrintAndLog("  24 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
			return 1;
		} break;
	}
	// Copy the hitag function into the first argument
	c.arg[0] = htf;

  // Send the command to the proxmark
  SendCommand(&c);
  
  UsbCommand resp;
  WaitForResponse(CMD_ACK,&resp);
  
  // Check the return status, stored in the first argument
  if (resp.arg[0] == false) return 1;
  return 0;
}


static command_t CommandTable[] = 
{
  {"help",    		CmdHelp,           1, "This help"},
  {"list",    		CmdLFHitagList,    1, "<outfile> List Hitag trace history"},
  {"reader",  		CmdLFHitagReader,  1, "Act like a Hitag Reader"},
  {"sim",     		CmdLFHitagSim,     1, "<infile> Simulate Hitag transponder"},
  {"snoop",   		CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
  {"writer",   		CmdLFHitagWP,      1, "Act like a Hitag Writer" },
  {"simS",   		CmdLFHitagSimS,    1, "<hitagS.hts> Simulate HitagS transponder" }, 
  {"checkChallenges",	CmdLFHitagCheckChallenges,   1, "<challenges.cc> test all challenges" }, {
				NULL,NULL, 0, NULL }
};

int CmdLFHitag(const char *Cmd)
{
  CmdsParse(CommandTable, Cmd);
  return 0;
}

int CmdHelp(const char *Cmd)
{
  CmdsHelp(CommandTable);
  return 0;
}
Commit	Line	Data
db09cb3a	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2012 Roel Verdult
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Low frequency Hitag support
	9	//-----------------------------------------------------------------------------
	10
	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
902cb3c0	14	#include "proxmark3.h"
db09cb3a	15	#include "ui.h"
	16	#include "cmdparser.h"
	17	#include "common.h"
	18	#include "util.h"
1f065e1d	19	#include "parity.h"
db09cb3a	20	#include "hitag2.h"
4e12287d	21	#include "hitagS.h"
902cb3c0	22	#include "cmdmain.h"
db09cb3a	23
	24	static int CmdHelp(const char *Cmd);
	25
47e18126	26	size_t nbytes(size_t nbits) {
	27	return (nbits/8)+((nbits%8)>0);
	28	}
	29
db09cb3a	30	int CmdLFHitagList(const char *Cmd)
db09cb3a	31	{
f71f4deb	32	uint8_t *got = malloc(USB_CMD_DATA_SIZE);
	33
	34	// Query for the actual size of the trace
	35	UsbCommand response;
babca445	36	GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0, &response, -1, false);
f71f4deb	37	uint16_t traceLen = response.arg[2];
	38	if (traceLen > USB_CMD_DATA_SIZE) {
	39	uint8_t *p = realloc(got, traceLen);
	40	if (p == NULL) {
	41	PrintAndLog("Cannot allocate memory for trace");
	42	free(got);
	43	return 2;
	44	}
	45	got = p;
babca445	46	GetFromBigBuf(got, traceLen, 0, NULL, -1, false);
f71f4deb	47	}
	48
	49	PrintAndLog("recorded activity (TraceLen = %d bytes):");
	50	PrintAndLog(" ETU :nbits: who bytes");
	51	PrintAndLog("---------+-----+----+-----------");
db09cb3a	52
f71f4deb	53	int i = 0;
	54	int prev = -1;
	55	int len = strlen(Cmd);
b915fda3	56
f71f4deb	57	char filename[FILE_PATH_SIZE] = { 0x00 };
f71f4deb	58	FILE* pf = NULL;
b915fda3	59
f71f4deb	60	if (len > FILE_PATH_SIZE)
	61	len = FILE_PATH_SIZE;
	62	memcpy(filename, Cmd, len);
b915fda3	63
f71f4deb	64	if (strlen(filename) > 0) {
	65	if ((pf = fopen(filename,"wb")) == NULL) {
	66	PrintAndLog("Error: Could not open file [%s]",filename);
	67	return 1;
	68	}
b915fda3	69	}
db09cb3a	70
f71f4deb	71	for (;;) {
b915fda3	72
f71f4deb	73	if(i > traceLen) { break; }
	74
	75	bool isResponse;
	76	int timestamp = ((uint32_t )(got+i));
	77	if (timestamp & 0x80000000) {
	78	timestamp &= 0x7fffffff;
	79	isResponse = 1;
	80	} else {
	81	isResponse = 0;
	82	}
	83
	84	int parityBits = ((uint32_t )(got+i+4));
	85	// 4 bytes of additional information...
	86	// maximum of 32 additional parity bit information
	87	//
	88	// TODO:
	89	// at each quarter bit period we can send power level (16 levels)
	90	// or each half bit period in 256 levels.
	91
	92	int bits = got[i+8];
	93	int len = nbytes(got[i+8]);
	94
	95	if (len > 100) {
	96	break;
	97	}
	98	if (i + len > traceLen) { break;}
	99
	100	uint8_t *frame = (got+i+9);
	101
	102	// Break and stick with current result if buffer was not completely full
	103	if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
	104
	105	char line[1000] = "";
	106	int j;
	107	for (j = 0; j < len; j++) {
f71f4deb	108
f71f4deb	109	//if((parityBits >> (len - j - 1)) & 0x01) {
1f065e1d	110	if (isResponse && (oddparity8(frame[j]) != ((parityBits >> (len - j - 1)) & 0x01))) {
f71f4deb	111	sprintf(line+(j*4), "%02x! ", frame[j]);
	112	}
	113	else {
	114	sprintf(line+(j*4), "%02x ", frame[j]);
	115	}
	116	}
	117
	118	PrintAndLog(" +%7d: %3d: %s %s",
	119	(prev < 0 ? 0 : (timestamp - prev)),
	120	bits,
	121	(isResponse ? "TAG" : " "),
	122	line);
	123
	124	if (pf) {
	125	fprintf(pf," +%7d: %3d: %s %s\n",
	126	(prev < 0 ? 0 : (timestamp - prev)),
	127	bits,
	128	(isResponse ? "TAG" : " "),
	129	line);
	130	}
	131
	132	prev = timestamp;
	133	i += (len + 9);
	134	}
2d495a81	135
f71f4deb	136	if (pf) {
	137	fclose(pf);
	138	PrintAndLog("Recorded activity succesfully written to file: %s", filename);
	139	}
97d582a6	140
f71f4deb	141	free(got);
f71f4deb	142	return 0;
db09cb3a	143	}
	144
	145	int CmdLFHitagSnoop(const char *Cmd) {
	146	UsbCommand c = {CMD_SNOOP_HITAG};
	147	SendCommand(&c);
	148	return 0;
	149	}
	150
	151	int CmdLFHitagSim(const char *Cmd) {
b915fda3	152
db09cb3a	153	UsbCommand c = {CMD_SIMULATE_HITAG};
b915fda3	154	char filename[FILE_PATH_SIZE] = { 0x00 };
db09cb3a	155	FILE* pf;
db09cb3a	156	bool tag_mem_supplied;
b915fda3	157	int len = strlen(Cmd);
	158	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	159	memcpy(filename, Cmd, len);
db09cb3a	160
	161	if (strlen(filename) > 0) {
	162	if ((pf = fopen(filename,"rb+")) == NULL) {
	163	PrintAndLog("Error: Could not open file [%s]",filename);
	164	return 1;
	165	}
	166	tag_mem_supplied = true;
759c16b3	167	if (fread(c.d.asBytes,48,1,pf) == 0) {
759c16b3	168	PrintAndLog("Error: File reading error");
90e278d3	169	fclose(pf);
759c16b3	170	return 1;
759c16b3	171	}
db09cb3a	172	fclose(pf);
	173	} else {
	174	tag_mem_supplied = false;
	175	}
	176
	177	// Does the tag comes with memory
	178	c.arg[0] = (uint32_t)tag_mem_supplied;
	179
	180	SendCommand(&c);
	181	return 0;
	182	}
	183
	184	int CmdLFHitagReader(const char *Cmd) {
db09cb3a	185	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	186	hitag_data* htd = (hitag_data*)c.d.asBytes;
	187	hitag_function htf = param_get32ex(Cmd,0,0,10);
	188
	189	switch (htf) {
4e12287d RS	190	case 01: { //RHTSF_CHALLENGE
	191	c = (UsbCommand){ CMD_READ_HITAG_S };
	192	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
	193	num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	194	} break;
	195	case 02: { //RHTSF_KEY
	196	c = (UsbCommand){ CMD_READ_HITAG_S };
	197	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
	198	} break;
db09cb3a	199	case RHT2F_PASSWORD: {
	200	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
	201	} break;
	202	case RHT2F_AUTHENTICATE: {
	203	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
	204	num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	205	} break;
bde10a50	206	case RHT2F_CRYPTO: {
bde10a50	207	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
f86d6b55	208	// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
bde10a50	209	} break;
db09cb3a	210	case RHT2F_TEST_AUTH_ATTEMPTS: {
	211	// No additional parameters needed
	212	} break;
f86d6b55	213	case RHT2F_UID_ONLY: {
	214	// No additional parameters needed
	215	} break;
db09cb3a	216	default: {
f86d6b55	217	PrintAndLog("\nError: unkown reader function %d",htf);
	218	PrintAndLog("");
	219	PrintAndLog("Usage: hitag reader <Reader Function #>");
	220	PrintAndLog("Reader Functions:");
ab4da50d	221	PrintAndLog(" HitagS (0*)");
4e12287d RS	222	PrintAndLog(" 01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
4e12287d RS	223	PrintAndLog(" 02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
ab4da50d	224	PrintAndLog(" Hitag1 (1*)");
	225	PrintAndLog(" Hitag2 (2*)");
	226	PrintAndLog(" 21 <password> (password mode)");
	227	PrintAndLog(" 22 <nr> <ar> (authentication)");
	228	PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
	229	PrintAndLog(" 25 (test recorded authentications)");
f86d6b55	230	PrintAndLog(" 26 just read UID");
db09cb3a	231	return 1;
	232	} break;
	233	}
	234
	235	// Copy the hitag2 function into the first argument
	236	c.arg[0] = htf;
	237
f86d6b55	238	// Send the command to the proxmark
217cfb6b	239	clearCommandBuffer();
f86d6b55	240	SendCommand(&c);
ab4da50d	241
f86d6b55	242	UsbCommand resp;
	243	WaitForResponse(CMD_ACK,&resp);
	244
	245	// Check the return status, stored in the first argument
	246	if (resp.arg[0] == false) return 1;
	247
	248	uint32_t id = bytes_to_num(resp.d.asBytes,4);
	249
	250	if (htf == RHT2F_UID_ONLY){
	251	PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
	252	} else {
	253	char filename[256];
	254	FILE* pf = NULL;
	255
	256	sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
	257	if ((pf = fopen(filename,"wb")) == NULL) {
	258	PrintAndLog("Error: Could not open file [%s]",filename);
	259	return 1;
	260	}
	261
	262	// Write the 48 tag memory bytes to file and finalize
	263	fwrite(resp.d.asBytes,1,48,pf);
	264	fclose(pf);
	265
	266	PrintAndLog("Succesfully saved tag memory to [%s]",filename);
	267	}
	268
	269
	270	return 0;
db09cb3a	271	}
db09cb3a	272
4e12287d RS	273
	274	int CmdLFHitagSimS(const char *Cmd) {
	275	UsbCommand c = { CMD_SIMULATE_HITAG_S };
	276	char filename[FILE_PATH_SIZE] = { 0x00 };
	277	FILE* pf;
	278	bool tag_mem_supplied;
	279	int len = strlen(Cmd);
	280	if (len > FILE_PATH_SIZE)
	281	len = FILE_PATH_SIZE;
	282	memcpy(filename, Cmd, len);
	283
	284	if (strlen(filename) > 0) {
	285	if ((pf = fopen(filename, "rb+")) == NULL) {
	286	PrintAndLog("Error: Could not open file [%s]", filename);
	287	return 1;
	288	}
	289	tag_mem_supplied = true;
	290	if (fread(c.d.asBytes, 4*64, 1, pf) == 0) {
	291	PrintAndLog("Error: File reading error");
	292	fclose(pf);
	293	return 1;
	294	}
	295	fclose(pf);
	296	} else {
	297	tag_mem_supplied = false;
	298	}
	299
	300	// Does the tag comes with memory
	301	c.arg[0] = (uint32_t) tag_mem_supplied;
	302
	303	SendCommand(&c);
	304	return 0;
	305	}
	306
	307	int CmdLFHitagCheckChallenges(const char *Cmd) {
	308	UsbCommand c = { CMD_TEST_HITAGS_TRACES };
	309	char filename[FILE_PATH_SIZE] = { 0x00 };
	310	FILE* pf;
	311	bool file_given;
	312	int len = strlen(Cmd);
	313	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
	314	memcpy(filename, Cmd, len);
	315
	316	if (strlen(filename) > 0) {
	317	if ((pf = fopen(filename,"rb+")) == NULL) {
	318	PrintAndLog("Error: Could not open file [%s]",filename);
	319	return 1;
	320	}
	321	file_given = true;
	322	if (fread(c.d.asBytes,8*60,1,pf) == 0) {
	323	PrintAndLog("Error: File reading error");
	324	fclose(pf);
	325	return 1;
	326	}
	327	fclose(pf);
	328	} else {
	329	file_given = false;
	330	}
	331
	332	//file with all the challenges to try
	333	c.arg[0] = (uint32_t)file_given;
	334
	335	SendCommand(&c);
	336	return 0;
337	}
338
339
340	int CmdLFHitagWP(const char *Cmd) {
341	UsbCommand c = { CMD_WR_HITAG_S };
342	hitag_data* htd = (hitag_data*)c.d.asBytes;
343	hitag_function htf = param_get32ex(Cmd,0,0,10);
344	switch (htf) {
345	case 03: { //WHTSF_CHALLENGE
346	num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
347	c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
348	num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
349	} break;
52244230 HJ	350	case 04:
	351	case 24:
	352	{ //WHTSF_KEY
4e12287d RS	353	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
	354	c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
	355	num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
	356
	357	} break;
	358	default: {
	359	PrintAndLog("Error: unkown writer function %d",htf);
	360	PrintAndLog("Hitag writer functions");
	361	PrintAndLog(" HitagS (0*)");
	362	PrintAndLog(" 03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
	363	PrintAndLog(" 04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
	364	PrintAndLog(" Hitag1 (1*)");
	365	PrintAndLog(" Hitag2 (2*)");
52244230	366	PrintAndLog(" 24 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
4e12287d RS	367	return 1;
	368	} break;
	369	}
	370	// Copy the hitag function into the first argument
	371	c.arg[0] = htf;
	372
	373	// Send the command to the proxmark
	374	SendCommand(&c);
	375
	376	UsbCommand resp;
	377	WaitForResponse(CMD_ACK,&resp);
	378
	379	// Check the return status, stored in the first argument
	380	if (resp.arg[0] == false) return 1;
	381	return 0;
	382	}
	383
	384
3fe4ff4f	385	static command_t CommandTable[] =
db09cb3a	386	{
4e12287d RS	387	{"help", CmdHelp, 1, "This help"},
	388	{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
	389	{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
	390	{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
	391	{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
	392	{"writer", CmdLFHitagWP, 1, "Act like a Hitag Writer" },
	393	{"simS", CmdLFHitagSimS, 1, "<hitagS.hts> Simulate HitagS transponder" },
	394	{"checkChallenges", CmdLFHitagCheckChallenges, 1, "<challenges.cc> test all challenges" }, {
	395	NULL,NULL, 0, NULL }
db09cb3a	396	};
	397
	398	int CmdLFHitag(const char *Cmd)
	399	{
3fe4ff4f	400	CmdsParse(CommandTable, Cmd);
db09cb3a	401	return 0;
	402	}
	403
	404	int CmdHelp(const char *Cmd)
	405	{
3fe4ff4f	406	CmdsHelp(CommandTable);
db09cb3a	407	return 0;
db09cb3a	408	}