[proxmark3-svn] / client / cmdhftopaz.c

//-----------------------------------------------------------------------------
// Copyright (C) 2015 Piwi
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// High frequency Topaz (NFC Type 1) commands
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "cmdmain.h"
#include "cmdparser.h"
#include "cmdhftopaz.h"
#include "cmdhf14a.h"
#include "ui.h"
#include "mifare.h"
#include "proxmark3.h"
#include "iso14443crc.h"
#include "protocols.h"


static void topaz_switch_on_field(void)
{
	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_SELECT | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE, 0, 0}};
	SendCommand(&c);
}


static void topaz_switch_off_field(void)
{
	UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
	SendCommand(&c);
}


static int topaz_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response)
{
	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE, len, 0}};
	memcpy(c.d.asBytes, cmd, len);
	SendCommand(&c);

	UsbCommand resp;
	WaitForResponse(CMD_ACK, &resp);

	if (resp.arg[0] > 0) {
		memcpy(response, resp.d.asBytes, resp.arg[0]);
	}
	
	return resp.arg[0];
}


static int topaz_send_cmd(uint8_t *cmd, uint8_t len, uint8_t *response)
{
	if (len > 1) {
        uint8_t first, second;
		ComputeCrc14443(CRC_14443_B, cmd, len-2, &first, &second);
        cmd[len-2] = first;
        cmd[len-1] = second;
	}

	return topaz_send_cmd_raw(cmd, len, response);
}


static int topaz_select(uint8_t *atqa, uint8_t *rid_response)
{
	// ToDo: implement anticollision

	uint8_t wupa_cmd[] = {TOPAZ_WUPA};
	uint8_t rid_cmd[] = {TOPAZ_RID, 0, 0, 0, 0, 0, 0, 0, 0};

	topaz_switch_on_field();

	if (!topaz_send_cmd(wupa_cmd, sizeof(wupa_cmd), atqa)) {
		topaz_switch_off_field();
		return -1;		// WUPA failed
	}

	if (!topaz_send_cmd(rid_cmd, sizeof(rid_cmd), rid_response)) {
		topaz_switch_off_field();
		return -2;		// RID failed
	}
	
	return 0;		// OK
}


static int topaz_rall(uint8_t *uid, uint8_t *rall_response)
{
	uint8_t rall_cmd[] = {TOPAZ_RALL, 0, 0, 0, 0, 0, 0, 0, 0};

	memcpy(&rall_cmd[3], uid, 4);
	if (!topaz_send_cmd(rall_cmd, sizeof(rall_cmd), rall_response)) {
		topaz_switch_off_field();
		return -1;		// RALL failed
	}
	
	return 0;
}


static bool topaz_block_is_locked(uint8_t blockno, uint8_t *lockbits)
{
	if(lockbits[blockno/8] >> (blockno % 8) & 0x01) {
		return true;
	} else {
		return false;
	}
}


static int topaz_print_CC(uint8_t *data)
{
	if(data[0] != 0xe1) {
		return -1;		// no NDEF message
	}

	PrintAndLog("Capability Container: %02x %02x %02x %02x", data[0], data[1], data[2], data[3]);
	PrintAndLog("  %02x: NDEF Magic Number", data[0]); 
	PrintAndLog("  %02x: version %d.%d supported by tag", data[1], (data[1] & 0xF0) >> 4, data[1] & 0x0f);
	PrintAndLog("  %02x: Physical Memory Size of this tag: %d bytes", data[2], (data[2] + 1) * 8);
	PrintAndLog("  %02x: %s / %s", data[3], 
				(data[3] & 0xF0) ? "(RFU)" : "Read access granted without any security", 
				(data[3] & 0x0F)==0 ? "Write access granted without any security" : (data[3] & 0x0F)==0x0F ? "No write access granted at all" : "(RFU)");
	return 0;				
}


static void get_TLV(uint8_t **TLV_ptr, uint8_t *tag, uint16_t *length, uint8_t **value)
{
	*length = 0;
	*value = NULL;

	*tag = **TLV_ptr;
	*TLV_ptr += 1;
	switch (*tag) {
		case 0x00:			// NULL TLV.
		case 0xFE:			// Terminator TLV.
			break;
		case 0x01:			// Lock Control TLV
		case 0x02:			// Reserved Memory TLV
		case 0x03:			// NDEF message TLV
		case 0xFD:			// proprietary TLV
			*length = **TLV_ptr;
			*TLV_ptr += 1;
			if (*length == 0xff) {
				*length = **TLV_ptr << 8;
				*TLV_ptr += 1;
				*length |= **TLV_ptr;
				*TLV_ptr += 1;
			}
			*value = *TLV_ptr;
			*TLV_ptr += *length;
			break;
		default:			// RFU
			break;
	}
}


static bool topaz_print_lock_control_TLVs(uint8_t *memory)
{
	uint8_t *TLV_ptr = memory;
	uint8_t tag = 0;
	uint16_t length;
	uint8_t *value;
	bool lock_TLV_present = false;
	
	while(*TLV_ptr != 0x03 && *TLV_ptr != 0xFD && *TLV_ptr != 0xFE) {	
		// all Lock Control TLVs shall be present before the NDEF message TLV, the proprietary TLV (and the Terminator TLV)
		get_TLV(&TLV_ptr, &tag, &length, &value);
		if (tag == 0x01) {			// the Lock Control TLV
			uint8_t pages_addr = value[0] >> 4;
			uint8_t byte_offset = value[0] & 0x0f;
			uint8_t size_in_bits = value[1] ? value[1] : 256;
			uint8_t bytes_per_page = 1 << (value[2] & 0x0f);
			uint8_t bytes_locked_per_bit = 1 << (value[2] >> 4);
			PrintAndLog("Lock Area of %d bits at byte offset 0x%02x. Each Lock Bit locks %d bytes.", 
						size_in_bits,
						pages_addr * bytes_per_page + byte_offset,
						bytes_locked_per_bit);
			lock_TLV_present = true;
		}
	}
	
	if (!lock_TLV_present) {
		PrintAndLog("(No Lock Control TLV present)");
		return -1;
	} else {
		return 0;
	}
}


static int topaz_print_reserved_memory_control_TLVs(uint8_t *memory)
{
	uint8_t *TLV_ptr = memory;
	uint8_t tag = 0;
	uint16_t length;
	uint8_t *value;
	bool reserved_memory_control_TLV_present = false;
	
	while(*TLV_ptr != 0x03 && *TLV_ptr != 0xFD && *TLV_ptr != 0xFE) {	
		// all Reserved Memory Control TLVs shall be present before the NDEF message TLV, the proprietary TLV (and the Terminator TLV)
		get_TLV(&TLV_ptr, &tag, &length, &value);
		if (tag == 0x02) {			// the Reserved Memory Control TLV
			uint8_t pages_addr = value[0] >> 4;
			uint8_t byte_offset = value[0] & 0x0f;
			uint8_t size_in_bytes = value[1] ? value[1] : 256;
			uint8_t bytes_per_page = 1 << (value[2] & 0x0f);
			PrintAndLog("Reserved Memory of %d bytes at byte offset 0x%02x.", 
						size_in_bytes,
						pages_addr * bytes_per_page + byte_offset);
			reserved_memory_control_TLV_present = true;
		}
	}
	
	if (!reserved_memory_control_TLV_present) {
		PrintAndLog("(No Reserved Memory Control TLV present)");
		return -1;
	} else {
		return 0;
	}
}


static void topaz_print_lifecycle_state(uint8_t *data)
{

}


static void topaz_print_NDEF(uint8_t *data)
{

}

	
int CmdHFTopazReader(const char *Cmd)
{
	int status;
	uint8_t atqa[2];
	uint8_t rid_response[8];
	uint8_t *uid_echo = &rid_response[2];
	union {
		uint8_t raw_content[124];
		struct {
			uint8_t HR[2];
			uint8_t data_block[15][8];
			uint8_t CRC[2];
		} static_memory;
	} rall_response;
	uint8_t *static_lock_bytes = rall_response.static_memory.data_block[0x0e];
	
	status = topaz_select(atqa, rid_response);
	
	if (status == -1) {
		PrintAndLog("Error: couldn't receive ATQA");
		return -1;
	}

	PrintAndLog("ATQA : %02x %02x", atqa[1], atqa[0]);
	if (atqa[1] != 0x0c && atqa[0] != 0x00) {
		PrintAndLog("Tag doesn't support the Topaz protocol.");
		topaz_switch_off_field();
		return -1;
	}
	
	if (status == -2) {
		PrintAndLog("Error: tag didn't answer to RID");
		topaz_switch_off_field();
		return -1;
	}

	// ToDo: CRC check
	PrintAndLog("HR0  : %02x (%sa Topaz tag (%scapable of carrying a NDEF message), %s memory map)", rid_response[0], 
						(rid_response[0] & 0xF0) == 0x10 ? "" : "not ",
						(rid_response[0] & 0xF0) == 0x10 ? "" : "not ",
						(rid_response[0] & 0x0F) == 0x10 ? "static" : "dynamic");
	PrintAndLog("HR1  : %02x", rid_response[1]);
	
	status = topaz_rall(uid_echo, rall_response.raw_content);

	if(status == -1) {
		PrintAndLog("Error: tag didn't answer to RALL");
		topaz_switch_off_field();
		return -1;
	}

	PrintAndLog("UID  : %02x %02x %02x %02x %02x %02x %02x", 
			rall_response.static_memory.data_block[0][6], 
			rall_response.static_memory.data_block[0][5], 
			rall_response.static_memory.data_block[0][4], 
			rall_response.static_memory.data_block[0][3], 
			rall_response.static_memory.data_block[0][2], 
			rall_response.static_memory.data_block[0][1], 
			rall_response.static_memory.data_block[0][0]);
	PrintAndLog("       UID[6] (Manufacturer Byte) = %02x, Manufacturer: %s", 
			rall_response.static_memory.data_block[0][6], 
			getTagInfo(rall_response.static_memory.data_block[0][6]));
	
	PrintAndLog("");
	PrintAndLog("Static Data blocks 00 to 0c:");
	PrintAndLog("block# | offset | Data                    | Locked?");
	char line[80];
	for (uint16_t i = 0; i <= 0x0c; i++) {
		for (uint16_t j = 0; j < 8; j++) {
			sprintf(&line[3*j], "%02x ", rall_response.static_memory.data_block[i][j] /*rall_response[2 + 8*i + j]*/);
		}
		PrintAndLog("  0x%02x |  0x%02x  | %s|   %-3s", i, i*8, line, topaz_block_is_locked(i, static_lock_bytes) ? "yes" : "no");
	}
	
	PrintAndLog("");
	PrintAndLog("Static Reserved block 0d:");
	for (uint16_t j = 0; j < 8; j++) {
		sprintf(&line[3*j], "%02x ", rall_response.static_memory.data_block[0x0d][j]);
	}
	PrintAndLog("  0x%02x |  0x%02x  | %s|   %-3s", 0x0d, 0x0d*8, line, "n/a");
	
	PrintAndLog("");
	PrintAndLog("Static Lockbits / OTP block 0e:");
	for (uint16_t j = 0; j < 8; j++) {
		sprintf(&line[3*j], "%02x ", static_lock_bytes[j]);
	}
	PrintAndLog("  0x%02x |  0x%02x  | %s|   %-3s", 0x0e, 0x0e*8, line, "n/a");

	PrintAndLog("");

	status = topaz_print_CC(&rall_response.static_memory.data_block[1][0]);
	
	if (status == -1) {
		PrintAndLog("No NDEF message present");
		topaz_switch_off_field();
		return 0;
	}

	PrintAndLog("");
	bool lock_TLV_present = topaz_print_lock_control_TLVs(&rall_response.static_memory.data_block[1][4]);

	PrintAndLog("");
	bool reserved_mem_present = topaz_print_reserved_memory_control_TLVs(&rall_response.static_memory.data_block[1][4]);

	topaz_print_lifecycle_state(&rall_response.static_memory.data_block[1][0]);

	topaz_print_NDEF(&rall_response.static_memory.data_block[1][0]);
	
	topaz_switch_off_field();
	return 0;
}


int CmdHFTopazSim(const char *Cmd)
{
	PrintAndLog("not yet implemented");
	return 0;
}


int CmdHFTopazCmdRaw(const char *Cmd)
{
	PrintAndLog("not yet implemented");
	return 0;
}


static int CmdHelp(const char *Cmd);


static command_t CommandTable[] = 
{
	{"help",	CmdHelp,			1, "This help"},
	{"reader",	CmdHFTopazReader,	0, "Act like a Topaz reader"},
	{"sim",		CmdHFTopazSim,		0, "<UID> -- Simulate Topaz tag"},
	{"snoop",	CmdHF14ASnoop,		0, "Eavesdrop a Topaz reader-tag communication"},
	{"raw",		CmdHFTopazCmdRaw,	0, "Send raw hex data to tag"},
	{NULL,		NULL,				0, NULL}
};


int CmdHFTopaz(const char *Cmd) {
	// flush
	WaitForResponseTimeout(CMD_ACK,NULL,100);

	// parse
	CmdsParse(CommandTable, Cmd);
	return 0;
}

static int CmdHelp(const char *Cmd)
{
	CmdsHelp(CommandTable);
	return 0;
}
Commit	Line	Data
05ddb52c	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2015 Piwi
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// High frequency Topaz (NFC Type 1) commands
	9	//-----------------------------------------------------------------------------
	10
	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
	14	#include <unistd.h>
	15	#include "cmdmain.h"
	16	#include "cmdparser.h"
	17	#include "cmdhftopaz.h"
	18	#include "cmdhf14a.h"
	19	#include "ui.h"
48ece4a7	20	#include "mifare.h"
	21	#include "proxmark3.h"
	22	#include "iso14443crc.h"
	23	#include "protocols.h"
	24
	25
	26
de15fc5f	27
48ece4a7	28	static void topaz_switch_on_field(void)
	29	{
	30	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT \| ISO14A_NO_SELECT \| ISO14A_NO_DISCONNECT \| ISO14A_TOPAZMODE, 0, 0}};
	31	SendCommand(&c);
48ece4a7	32	}
	33
	34
	35	static void topaz_switch_off_field(void)
	36	{
	37	UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
	38	SendCommand(&c);
48ece4a7	39	}
	40
	41
de15fc5f	42	static int topaz_send_cmd_raw(uint8_t cmd, uint8_t len, uint8_t response)
48ece4a7	43	{
	44	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW \| ISO14A_NO_DISCONNECT \| ISO14A_TOPAZMODE, len, 0}};
	45	memcpy(c.d.asBytes, cmd, len);
	46	SendCommand(&c);
	47
	48	UsbCommand resp;
	49	WaitForResponse(CMD_ACK, &resp);
	50
de15fc5f	51	if (resp.arg[0] > 0) {
	52	memcpy(response, resp.d.asBytes, resp.arg[0]);
	53	}
	54
	55	return resp.arg[0];
48ece4a7	56	}
	57
	58
de15fc5f	59	static int topaz_send_cmd(uint8_t cmd, uint8_t len, uint8_t response)
48ece4a7	60	{
	61	if (len > 1) {
	62	uint8_t first, second;
de15fc5f	63	ComputeCrc14443(CRC_14443_B, cmd, len-2, &first, &second);
	64	cmd[len-2] = first;
	65	cmd[len-1] = second;
48ece4a7	66	}
48ece4a7	67
de15fc5f	68	return topaz_send_cmd_raw(cmd, len, response);
48ece4a7	69	}
	70
	71
de15fc5f	72	static int topaz_select(uint8_t atqa, uint8_t rid_response)
48ece4a7	73	{
48ece4a7	74	// ToDo: implement anticollision
de15fc5f	75
48ece4a7	76	uint8_t wupa_cmd[] = {TOPAZ_WUPA};
de15fc5f	77	uint8_t rid_cmd[] = {TOPAZ_RID, 0, 0, 0, 0, 0, 0, 0, 0};
de15fc5f	78
48ece4a7	79	topaz_switch_on_field();
de15fc5f	80
	81	if (!topaz_send_cmd(wupa_cmd, sizeof(wupa_cmd), atqa)) {
	82	topaz_switch_off_field();
	83	return -1; // WUPA failed
	84	}
	85
	86	if (!topaz_send_cmd(rid_cmd, sizeof(rid_cmd), rid_response)) {
	87	topaz_switch_off_field();
	88	return -2; // RID failed
	89	}
	90
	91	return 0; // OK
	92	}
	93
	94
	95	static int topaz_rall(uint8_t uid, uint8_t rall_response)
	96	{
	97	uint8_t rall_cmd[] = {TOPAZ_RALL, 0, 0, 0, 0, 0, 0, 0, 0};
	98
	99	memcpy(&rall_cmd[3], uid, 4);
	100	if (!topaz_send_cmd(rall_cmd, sizeof(rall_cmd), rall_response)) {
	101	topaz_switch_off_field();
	102	return -1; // RALL failed
	103	}
	104
	105	return 0;
48ece4a7	106	}
48ece4a7	107
05ddb52c	108
de15fc5f	109	static bool topaz_block_is_locked(uint8_t blockno, uint8_t *lockbits)
	110	{
	111	if(lockbits[blockno/8] >> (blockno % 8) & 0x01) {
	112	return true;
	113	} else {
	114	return false;
	115	}
	116	}
	117
	118
	119	static int topaz_print_CC(uint8_t *data)
	120	{
	121	if(data[0] != 0xe1) {
	122	return -1; // no NDEF message
	123	}
	124
	125	PrintAndLog("Capability Container: %02x %02x %02x %02x", data[0], data[1], data[2], data[3]);
	126	PrintAndLog(" %02x: NDEF Magic Number", data[0]);
	127	PrintAndLog(" %02x: version %d.%d supported by tag", data[1], (data[1] & 0xF0) >> 4, data[1] & 0x0f);
	128	PrintAndLog(" %02x: Physical Memory Size of this tag: %d bytes", data[2], (data[2] + 1) * 8);
	129	PrintAndLog(" %02x: %s / %s", data[3],
	130	(data[3] & 0xF0) ? "(RFU)" : "Read access granted without any security",
	131	(data[3] & 0x0F)==0 ? "Write access granted without any security" : (data[3] & 0x0F)==0x0F ? "No write access granted at all" : "(RFU)");
	132	return 0;
	133	}
	134
	135
	136	static void get_TLV(uint8_t *TLV_ptr, uint8_t tag, uint16_t length, uint8_t *value)
	137	{
	138	*length = 0;
	139	*value = NULL;
	140
	141	tag = *TLV_ptr;
	142	*TLV_ptr += 1;
	143	switch (*tag) {
	144	case 0x00: // NULL TLV.
	145	case 0xFE: // Terminator TLV.
	146	break;
	147	case 0x01: // Lock Control TLV
	148	case 0x02: // Reserved Memory TLV
	149	case 0x03: // NDEF message TLV
	150	case 0xFD: // proprietary TLV
	151	length = *TLV_ptr;
	152	*TLV_ptr += 1;
	153	if (*length == 0xff) {
	154	length = *TLV_ptr << 8;
	155	*TLV_ptr += 1;
	156	length \|= *TLV_ptr;
	157	*TLV_ptr += 1;
	158	}
	159	value = TLV_ptr;
	160	TLV_ptr += length;
	161	break;
	162	default: // RFU
	163	break;
	164	}
	165	}
	166
	167
	168	static bool topaz_print_lock_control_TLVs(uint8_t *memory)
	169	{
	170	uint8_t *TLV_ptr = memory;
	171	uint8_t tag = 0;
	172	uint16_t length;
173	uint8_t *value;
174	bool lock_TLV_present = false;
175
176	while(TLV_ptr != 0x03 && TLV_ptr != 0xFD && *TLV_ptr != 0xFE) {
177	// all Lock Control TLVs shall be present before the NDEF message TLV, the proprietary TLV (and the Terminator TLV)
178	get_TLV(&TLV_ptr, &tag, &length, &value);
179	if (tag == 0x01) { // the Lock Control TLV
180	uint8_t pages_addr = value[0] >> 4;
181	uint8_t byte_offset = value[0] & 0x0f;
182	uint8_t size_in_bits = value[1] ? value[1] : 256;
183	uint8_t bytes_per_page = 1 << (value[2] & 0x0f);
184	uint8_t bytes_locked_per_bit = 1 << (value[2] >> 4);
185	PrintAndLog("Lock Area of %d bits at byte offset 0x%02x. Each Lock Bit locks %d bytes.",
186	size_in_bits,
187	pages_addr * bytes_per_page + byte_offset,
188	bytes_locked_per_bit);
189	lock_TLV_present = true;
190	}
191	}
192
193	if (!lock_TLV_present) {
194	PrintAndLog("(No Lock Control TLV present)");
195	return -1;
196	} else {
197	return 0;
198	}
199	}
200
201
202	static int topaz_print_reserved_memory_control_TLVs(uint8_t *memory)
203	{
204	uint8_t *TLV_ptr = memory;
205	uint8_t tag = 0;
206	uint16_t length;
207	uint8_t *value;
208	bool reserved_memory_control_TLV_present = false;
209
210	while(TLV_ptr != 0x03 && TLV_ptr != 0xFD && *TLV_ptr != 0xFE) {
211	// all Reserved Memory Control TLVs shall be present before the NDEF message TLV, the proprietary TLV (and the Terminator TLV)
212	get_TLV(&TLV_ptr, &tag, &length, &value);
213	if (tag == 0x02) { // the Reserved Memory Control TLV
214	uint8_t pages_addr = value[0] >> 4;
215	uint8_t byte_offset = value[0] & 0x0f;
216	uint8_t size_in_bytes = value[1] ? value[1] : 256;
217	uint8_t bytes_per_page = 1 << (value[2] & 0x0f);
218	PrintAndLog("Reserved Memory of %d bytes at byte offset 0x%02x.",
219	size_in_bytes,
220	pages_addr * bytes_per_page + byte_offset);
221	reserved_memory_control_TLV_present = true;
222	}
223	}
224
225	if (!reserved_memory_control_TLV_present) {
226	PrintAndLog("(No Reserved Memory Control TLV present)");
227	return -1;
228	} else {
229	return 0;
230	}
231	}
232
233
234	static void topaz_print_lifecycle_state(uint8_t *data)
235	{
236
237	}
238
239
240	static void topaz_print_NDEF(uint8_t *data)
241	{
242
243	}
244
245
05ddb52c	246	int CmdHFTopazReader(const char *Cmd)
05ddb52c	247	{
de15fc5f	248	int status;
	249	uint8_t atqa[2];
	250	uint8_t rid_response[8];
	251	uint8_t *uid_echo = &rid_response[2];
	252	union {
	253	uint8_t raw_content[124];
	254	struct {
	255	uint8_t HR[2];
	256	uint8_t data_block[15][8];
	257	uint8_t CRC[2];
	258	} static_memory;
	259	} rall_response;
	260	uint8_t *static_lock_bytes = rall_response.static_memory.data_block[0x0e];
	261
	262	status = topaz_select(atqa, rid_response);
	263
	264	if (status == -1) {
	265	PrintAndLog("Error: couldn't receive ATQA");
	266	return -1;
	267	}
	268
	269	PrintAndLog("ATQA : %02x %02x", atqa[1], atqa[0]);
	270	if (atqa[1] != 0x0c && atqa[0] != 0x00) {
	271	PrintAndLog("Tag doesn't support the Topaz protocol.");
	272	topaz_switch_off_field();
	273	return -1;
	274	}
	275
	276	if (status == -2) {
	277	PrintAndLog("Error: tag didn't answer to RID");
	278	topaz_switch_off_field();
	279	return -1;
	280	}
	281
	282	// ToDo: CRC check
	283	PrintAndLog("HR0 : %02x (%sa Topaz tag (%scapable of carrying a NDEF message), %s memory map)", rid_response[0],
	284	(rid_response[0] & 0xF0) == 0x10 ? "" : "not ",
	285	(rid_response[0] & 0xF0) == 0x10 ? "" : "not ",
	286	(rid_response[0] & 0x0F) == 0x10 ? "static" : "dynamic");
	287	PrintAndLog("HR1 : %02x", rid_response[1]);
	288
	289	status = topaz_rall(uid_echo, rall_response.raw_content);
	290
	291	if(status == -1) {
	292	PrintAndLog("Error: tag didn't answer to RALL");
	293	topaz_switch_off_field();
	294	return -1;
	295	}
	296
	297	PrintAndLog("UID : %02x %02x %02x %02x %02x %02x %02x",
	298	rall_response.static_memory.data_block[0][6],
	299	rall_response.static_memory.data_block[0][5],
	300	rall_response.static_memory.data_block[0][4],
	301	rall_response.static_memory.data_block[0][3],
	302	rall_response.static_memory.data_block[0][2],
	303	rall_response.static_memory.data_block[0][1],
	304	rall_response.static_memory.data_block[0][0]);
	305	PrintAndLog(" UID[6] (Manufacturer Byte) = %02x, Manufacturer: %s",
	306	rall_response.static_memory.data_block[0][6],
	307	getTagInfo(rall_response.static_memory.data_block[0][6]));
	308
	309	PrintAndLog("");
	310	PrintAndLog("Static Data blocks 00 to 0c:");
	311	PrintAndLog("block# \| offset \| Data \| Locked?");
312	char line[80];
313	for (uint16_t i = 0; i <= 0x0c; i++) {
314	for (uint16_t j = 0; j < 8; j++) {
315	sprintf(&line[3j], "%02x ", rall_response.static_memory.data_block[i][j] /rall_response[2 + 8i + j]/);
316	}
317	PrintAndLog(" 0x%02x \| 0x%02x \| %s\| %-3s", i, i*8, line, topaz_block_is_locked(i, static_lock_bytes) ? "yes" : "no");
318	}
319
320	PrintAndLog("");
321	PrintAndLog("Static Reserved block 0d:");
322	for (uint16_t j = 0; j < 8; j++) {
323	sprintf(&line[3*j], "%02x ", rall_response.static_memory.data_block[0x0d][j]);
324	}
325	PrintAndLog(" 0x%02x \| 0x%02x \| %s\| %-3s", 0x0d, 0x0d*8, line, "n/a");
326
327	PrintAndLog("");
328	PrintAndLog("Static Lockbits / OTP block 0e:");
329	for (uint16_t j = 0; j < 8; j++) {
330	sprintf(&line[3*j], "%02x ", static_lock_bytes[j]);
331	}
332	PrintAndLog(" 0x%02x \| 0x%02x \| %s\| %-3s", 0x0e, 0x0e*8, line, "n/a");
333
334	PrintAndLog("");
335
336	status = topaz_print_CC(&rall_response.static_memory.data_block[1][0]);
337
338	if (status == -1) {
339	PrintAndLog("No NDEF message present");
340	topaz_switch_off_field();
341	return 0;
342	}
343
344	PrintAndLog("");
345	bool lock_TLV_present = topaz_print_lock_control_TLVs(&rall_response.static_memory.data_block[1][4]);
346
347	PrintAndLog("");
348	bool reserved_mem_present = topaz_print_reserved_memory_control_TLVs(&rall_response.static_memory.data_block[1][4]);
349
350	topaz_print_lifecycle_state(&rall_response.static_memory.data_block[1][0]);
351
352	topaz_print_NDEF(&rall_response.static_memory.data_block[1][0]);
353
354	topaz_switch_off_field();
05ddb52c	355	return 0;
	356	}
	357
	358
	359	int CmdHFTopazSim(const char *Cmd)
	360	{
	361	PrintAndLog("not yet implemented");
	362	return 0;
	363	}
	364
	365
	366	int CmdHFTopazCmdRaw(const char *Cmd)
	367	{
	368	PrintAndLog("not yet implemented");
	369	return 0;
	370	}
	371
	372
	373	static int CmdHelp(const char *Cmd);
	374
	375
	376	static command_t CommandTable[] =
	377	{
	378	{"help", CmdHelp, 1, "This help"},
	379	{"reader", CmdHFTopazReader, 0, "Act like a Topaz reader"},
	380	{"sim", CmdHFTopazSim, 0, "<UID> -- Simulate Topaz tag"},
	381	{"snoop", CmdHF14ASnoop, 0, "Eavesdrop a Topaz reader-tag communication"},
	382	{"raw", CmdHFTopazCmdRaw, 0, "Send raw hex data to tag"},
	383	{NULL, NULL, 0, NULL}
	384	};
	385
	386
	387	int CmdHFTopaz(const char *Cmd) {
	388	// flush
	389	WaitForResponseTimeout(CMD_ACK,NULL,100);
	390
	391	// parse
	392	CmdsParse(CommandTable, Cmd);
	393	return 0;
	394	}
	395
	396	static int CmdHelp(const char *Cmd)
	397	{
	398	CmdsHelp(CommandTable);
	399	return 0;
	400	}
	401
	402