]> git.zerfleddert.de Git - proxmark3-svn/blame - client/cmdlfhitag.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Applied Holiman's fixes for iclass.c and CSNs
[proxmark3-svn] / client / cmdlfhitag.c
CommitLineData
db09cb3a 1//-----------------------------------------------------------------------------
2// Copyright (C) 2012 Roel Verdult
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Low frequency Hitag support
9//-----------------------------------------------------------------------------
10
11#include <stdio.h>
12#include <stdlib.h>
13#include <string.h>
14#include "data.h"
902cb3c0 15#include "proxmark3.h"
db09cb3a 16#include "ui.h"
17#include "cmdparser.h"
f38a1528 18#include "../include/common.h"
db09cb3a 19#include "util.h"
f38a1528 20#include "../include/hitag2.h"
902cb3c0 21#include "sleep.h"
22#include "cmdmain.h"
db09cb3a 23
24static int CmdHelp(const char *Cmd);
25
47e18126 26size_t nbytes(size_t nbits) {
27 return (nbits/8)+((nbits%8)>0);
28}
29
db09cb3a 30int CmdLFHitagList(const char *Cmd)
31{
95e63594 32 uint8_t got[TRACE_BUFFER_SIZE];
db09cb3a 33 GetFromBigBuf(got,sizeof(got),0);
902cb3c0 34 WaitForResponse(CMD_ACK,NULL);
35
db09cb3a 36 PrintAndLog("recorded activity:");
47e18126 37 PrintAndLog(" ETU :nbits: who bytes");
38 PrintAndLog("---------+-----+----+-----------");
db09cb3a 39
40 int i = 0;
41 int prev = -1;
a501c82b 42 int len = strlen(Cmd);
db09cb3a 43
a501c82b 44 char filename[FILE_PATH_SIZE] = { 0x00 };
ab4da50d 45 FILE* pf = NULL;
a501c82b 46
47 if (len > FILE_PATH_SIZE)
48 len = FILE_PATH_SIZE;
49 memcpy(filename, Cmd, len);
50
51 if (strlen(filename) > 0) {
52 if ((pf = fopen(filename,"wb")) == NULL) {
53 PrintAndLog("Error: Could not open file [%s]",filename);
54 return 1;
55 }
56 }
ab4da50d 57
db09cb3a 58 for (;;) {
95e63594 59
60 if(i >= TRACE_BUFFER_SIZE) { break; }
db09cb3a 61
62 bool isResponse;
63 int timestamp = *((uint32_t *)(got+i));
64 if (timestamp & 0x80000000) {
65 timestamp &= 0x7fffffff;
66 isResponse = 1;
67 } else {
68 isResponse = 0;
69 }
70
db09cb3a 71 int parityBits = *((uint32_t *)(got+i+4));
72 // 4 bytes of additional information...
73 // maximum of 32 additional parity bit information
74 //
75 // TODO:
76 // at each quarter bit period we can send power level (16 levels)
77 // or each half bit period in 256 levels.
78
47e18126 79 int bits = got[i+8];
80 int len = nbytes(got[i+8]);
db09cb3a 81
82 if (len > 100) {
83 break;
84 }
95e63594 85 if (i + len >= TRACE_BUFFER_SIZE) { break;}
db09cb3a 86
87 uint8_t *frame = (got+i+9);
88
89 // Break and stick with current result if buffer was not completely full
90 if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
91
92 char line[1000] = "";
93 int j;
94 for (j = 0; j < len; j++) {
95 int oddparity = 0x01;
96 int k;
97
98 for (k=0;k<8;k++) {
99 oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
100 }
101
102 //if((parityBits >> (len - j - 1)) & 0x01) {
103 if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
104 sprintf(line+(j*4), "%02x! ", frame[j]);
105 }
106 else {
107 sprintf(line+(j*4), "%02x ", frame[j]);
108 }
109 }
110
47e18126 111 PrintAndLog(" +%7d: %3d: %s %s",
db09cb3a 112 (prev < 0 ? 0 : (timestamp - prev)),
47e18126 113 bits,
db09cb3a 114 (isResponse ? "TAG" : " "),
115 line);
116
2d495a81 117
902cb3c0 118 if (pf) {
47e18126 119 fprintf(pf," +%7d: %3d: %s %s\n",
2d495a81 120 (prev < 0 ? 0 : (timestamp - prev)),
47e18126 121 bits,
2d495a81 122 (isResponse ? "TAG" : " "),
47e18126 123 line);
2d495a81 124 }
125
db09cb3a 126 prev = timestamp;
127 i += (len + 9);
128 }
2d495a81 129
902cb3c0 130 if (pf) {
2d495a81 131 fclose(pf);
a501c82b 132 PrintAndLog("Recorded activity succesfully written to file: %s", filename);
2d495a81 133 }
134
135 return 0;
db09cb3a 136}
137
138int CmdLFHitagSnoop(const char *Cmd) {
139 UsbCommand c = {CMD_SNOOP_HITAG};
140 SendCommand(&c);
141 return 0;
142}
143
144int CmdLFHitagSim(const char *Cmd) {
463ca973 145
146 UsbCommand c = {CMD_SIMULATE_HITAG};
147 char filename[FILE_PATH_SIZE] = { 0x00 };
db09cb3a 148 FILE* pf;
149 bool tag_mem_supplied;
a501c82b 150 int len = strlen(Cmd);
463ca973 151 if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
152 memcpy(filename, Cmd, len);
153
db09cb3a 154 if (strlen(filename) > 0) {
155 if ((pf = fopen(filename,"rb+")) == NULL) {
156 PrintAndLog("Error: Could not open file [%s]",filename);
157 return 1;
158 }
159 tag_mem_supplied = true;
759c16b3 160 if (fread(c.d.asBytes,48,1,pf) == 0) {
a501c82b 161 PrintAndLog("Error: File reading error");
759c16b3 162 return 1;
463ca973 163 }
db09cb3a 164 fclose(pf);
165 } else {
166 tag_mem_supplied = false;
167 }
168
169 // Does the tag comes with memory
170 c.arg[0] = (uint32_t)tag_mem_supplied;
171
172 SendCommand(&c);
173 return 0;
174}
175
176int CmdLFHitagReader(const char *Cmd) {
177// UsbCommand c = {CMD_READER_HITAG};
178
179// param_get32ex(Cmd,1,0,16);
180 UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
181 hitag_data* htd = (hitag_data*)c.d.asBytes;
182 hitag_function htf = param_get32ex(Cmd,0,0,10);
183
184 switch (htf) {
185 case RHT2F_PASSWORD: {
186 num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
187 } break;
188 case RHT2F_AUTHENTICATE: {
189 num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
190 num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
191 } break;
bde10a50 192 case RHT2F_CRYPTO: {
193 num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
194// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
195 } break;
db09cb3a 196 case RHT2F_TEST_AUTH_ATTEMPTS: {
197 // No additional parameters needed
198 } break;
199 default: {
200 PrintAndLog("Error: unkown reader function %d",htf);
ab4da50d 201 PrintAndLog("Hitag reader functions");
202 PrintAndLog(" HitagS (0*)");
203 PrintAndLog(" Hitag1 (1*)");
204 PrintAndLog(" Hitag2 (2*)");
205 PrintAndLog(" 21 <password> (password mode)");
206 PrintAndLog(" 22 <nr> <ar> (authentication)");
207 PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
208 PrintAndLog(" 25 (test recorded authentications)");
db09cb3a 209 return 1;
210 } break;
211 }
212
213 // Copy the hitag2 function into the first argument
214 c.arg[0] = htf;
215
ab4da50d 216 // Send the command to the proxmark
db09cb3a 217 SendCommand(&c);
ab4da50d 218
219 UsbCommand resp;
220 WaitForResponse(CMD_ACK,&resp);
221
222 // Check the return status, stored in the first argument
223 if (resp.arg[0] == false) return 1;
224
225 uint32_t id = bytes_to_num(resp.d.asBytes,4);
226 char filename[256];
227 FILE* pf = NULL;
228
229 sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
230 if ((pf = fopen(filename,"wb")) == NULL) {
231 PrintAndLog("Error: Could not open file [%s]",filename);
232 return 1;
233 }
234
235 // Write the 48 tag memory bytes to file and finalize
236 fwrite(resp.d.asBytes,1,48,pf);
237 fclose(pf);
238
239 PrintAndLog("Succesfully saved tag memory to [%s]",filename);
240
db09cb3a 241 return 0;
242}
243
081151ea 244static command_t CommandTable[] =
db09cb3a 245{
246 {"help", CmdHelp, 1, "This help"},
a501c82b 247 {"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
db09cb3a 248 {"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
a501c82b 249 {"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
db09cb3a 250 {"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
a501c82b 251 {NULL, NULL, 0, NULL}
db09cb3a 252};
253
254int CmdLFHitag(const char *Cmd)
255{
081151ea 256 CmdsParse(CommandTable, Cmd);
db09cb3a 257 return 0;
258}
259
260int CmdHelp(const char *Cmd)
261{
081151ea 262 CmdsHelp(CommandTable);
db09cb3a 263 return 0;
264}
Proxmark3 GIT tracking
Impressum, Datenschutz