#include "cmdhficlass.h"
#include "cmdhfmf.h"
#include "cmdhfmfu.h"
+#include "protocols.h"
static int CmdHelp(const char *Cmd);
return 0;
}
-//The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501
-/*
-ISO14443A (usually NFC tags)
- 26 (7bits) = REQA
- 30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes)
- A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK])
- 52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA)
- 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
- 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
- 95 20 = Anticollision of cascade level2
- 95 70 = Select of cascade level2
- 50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card)
-Mifare
- 60 = Authenticate with KeyA
- 61 = Authenticate with KeyB
- 40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A)
- C0 = Decrement
- C1 = Increment
- C2 = Restore
- B0 = Transfer
-Ultralight C
- A0 = Compatibility Write (to accomodate MIFARE commands)
- 1A = Step1 Authenticate
- AF = Step2 Authenticate
-
-
-ISO14443B
- 05 = REQB
- 1D = ATTRIB
- 50 = HALT
-SRIX4K (tag does not respond to 05)
- 06 00 = INITIATE
- 0E xx = SELECT ID (xx = Chip-ID)
- 0B = Get UID
- 08 yy = Read Block (yy = block number)
- 09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
- 0C = Reset to Inventory
- 0F = Completion
- 0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
-
-
-ISO15693
- MANDATORY COMMANDS (all ISO15693 tags must support those)
- 01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
- 02 = Stay Quiet
- OPTIONAL COMMANDS (not all tags support them)
- 20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
- 21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
- 22 = Lock Block
- 23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
- 25 = Select
- 26 = Reset to Ready
- 27 = Write AFI
- 28 = Lock AFI
- 29 = Write DSFID
- 2A = Lock DSFID
- 2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
- 2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)
-
-EM Microelectronic CUSTOM COMMANDS
- A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type)
- A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value)
- B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info)
- E4 = Login (followed by 1byte IC Manufacturer code+4bytes password)
-NXP/Philips CUSTOM COMMANDS
- A0 = Inventory Read
- A1 = Fast Inventory Read
- A2 = Set EAS
- A3 = Reset EAS
- A4 = Lock EAS
- A5 = EAS Alarm
- A6 = Password Protect EAS
- A7 = Write EAS ID
- A8 = Read EPC
- B0 = Inventory Page Read
- B1 = Fast Inventory Page Read
- B2 = Get Random Number
- B3 = Set Password
- B4 = Write Password
- B5 = Lock Password
- B6 = Bit Password Protection
- B7 = Lock Page Protection Condition
- B8 = Get Multiple Block Protection Status
- B9 = Destroy SLI
- BA = Enable Privacy
- BB = 64bit Password Protection
- 40 = Long Range CMD (Standard ISO/TR7003:1990)
- */
-
-#define ICLASS_CMD_ACTALL 0x0A
-#define ICLASS_CMD_READ_OR_IDENTIFY 0x0C
-#define ICLASS_CMD_SELECT 0x81
-#define ICLASS_CMD_PAGESEL 0x84
-#define ICLASS_CMD_READCHECK_KD 0x88
-#define ICLASS_CMD_READCHECK_KC 0x18
-#define ICLASS_CMD_CHECK 0x05
-#define ICLASS_CMD_DETECT 0x0F
-#define ICLASS_CMD_HALT 0x00
-#define ICLASS_CMD_UPDATE 0x87
-#define ICLASS_CMD_ACT 0x8E
-#define ICLASS_CMD_READ4 0x06
-
-
-#define ISO14443A_CMD_REQA 0x26
-#define ISO14443A_CMD_READBLOCK 0x30
-#define ISO14443A_CMD_WUPA 0x52
-#define ISO14443A_CMD_ANTICOLL_OR_SELECT 0x93
-#define ISO14443A_CMD_ANTICOLL_OR_SELECT_2 0x95
-#define ISO14443A_CMD_WRITEBLOCK 0xA0 // or 0xA2 ?
-#define ISO14443A_CMD_HALT 0x50
-#define ISO14443A_CMD_RATS 0xE0
-
-#define MIFARE_AUTH_KEYA 0x60
-#define MIFARE_AUTH_KEYB 0x61
-#define MIFARE_MAGICMODE 0x40
-#define MIFARE_CMD_INC 0xC0
-#define MIFARE_CMD_DEC 0xC1
-#define MIFARE_CMD_RESTORE 0xC2
-#define MIFARE_CMD_TRANSFER 0xB0
-
-#define MIFARE_ULC_WRITE 0xA0
-#define MIFARE_ULC_AUTH_1 0x1A
-#define MIFARE_ULC_AUTH_2 0xAF
-
-#define ISO14443B_REQB 0x05
-#define ISO14443B_ATTRIB 0x1D
-#define ISO14443B_HALT 0x50
-
-//First byte is 26
-#define ISO15693_INVENTORY 0x01
-#define ISO15693_STAYQUIET 0x02
-//First byte is 02
-#define ISO15693_READBLOCK 0x20
-#define ISO15693_WRITEBLOCK 0x21
-#define ISO15693_LOCKBLOCK 0x22
-#define ISO15693_READ_MULTI_BLOCK 0x23
-#define ISO15693_SELECT 0x25
-#define ISO15693_RESET_TO_READY 0x26
-#define ISO15693_WRITE_AFI 0x27
-#define ISO15693_LOCK_AFI 0x28
-#define ISO15693_WRITE_DSFID 0x29
-#define ISO15693_LOCK_DSFID 0x2A
-#define ISO15693_GET_SYSTEM_INFO 0x2B
-#define ISO15693_READ_MULTI_SECSTATUS 0x2C
-
-
-#define ISO_14443A 0
-#define ICLASS 1
-#define ISO_14443B 2
-
void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
snprintf(exp,size,"ANTICOLL-2"); break;
}
}
- case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break;
- case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
- case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
- case ISO14443A_CMD_HALT: snprintf(exp,size,"HALT"); break;
- case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break;
- case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break;
- case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break;
- case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
- case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
- case MIFARE_AUTH_KEYA: snprintf(exp,size,"AUTH-A(%d)",cmd[1]); break;
- case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B(%d)",cmd[1]); break;
- case MIFARE_MAGICMODE: snprintf(exp,size,"MAGIC"); break;
- default: snprintf(exp,size,"?"); break;
+ case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break;
+ case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
+ case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
+ case ISO14443A_CMD_HALT: snprintf(exp,size,"HALT"); break;
+ case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break;
+ case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break;
+ case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break;
+ case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
+ case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
+ case MIFARE_AUTH_KEYA:{
+ if ( cmdsize > 3)
+ snprintf(exp,size,"AUTH-A(%d)",cmd[1]);
+ else
+ // case MIFARE_ULEV1_VERSION : both 0x60.
+ snprintf(exp,size,"EV1 VERSION");
+ break;
+ }
+ case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B(%d)",cmd[1]); break;
+ case MIFARE_MAGICWUPC1: snprintf(exp,size,"MAGIC WUPC1"); break;
+ case MIFARE_MAGICWUPC2: snprintf(exp,size,"MAGIC WUPC2"); break;
+ case MIFARE_MAGICWIPEC: snprintf(exp,size,"MAGIC WIPEC"); break;
+ case MIFARE_ULC_AUTH_1: snprintf(exp,size,"AUTH "); break;
+ case MIFARE_ULC_AUTH_2: snprintf(exp,size,"AUTH_ANSW"); break;
+ case MIFARE_ULEV1_AUTH:
+ if ( cmdsize == 7 )
+ snprintf(exp,size,"PWD-AUTH KEY: 0x%02x%02x%02x%02x", cmd[1], cmd[2], cmd[3], cmd[4] );
+ else
+ snprintf(exp,size,"PWD-AUTH");
+ break;
+ case MIFARE_ULEV1_FASTREAD:{
+ if ( cmdsize >=3 && cmd[2] <= 0xE6)
+ snprintf(exp,size,"READ RANGE (%d-%d)",cmd[1],cmd[2]);
+ else
+ snprintf(exp,size,"?");
+ break;
+ }
+ case MIFARE_ULC_WRITE:{
+ if ( cmd[1] < 0x21 )
+ snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]);
+ else
+ snprintf(exp,size,"?");
+ break;
+ }
+ case MIFARE_ULEV1_READ_CNT:{
+ if ( cmd[1] < 5 )
+ snprintf(exp,size,"READ CNT(%d)",cmd[1]);
+ else
+ snprintf(exp,size,"?");
+ break;
+ }
+ case MIFARE_ULEV1_INCR_CNT:{
+ if ( cmd[1] < 5 )
+ snprintf(exp,size,"INCR(%d)",cmd[1]);
+ else
+ snprintf(exp,size,"?");
+ break;
+ }
+ case MIFARE_ULEV1_READSIG: snprintf(exp,size,"READ_SIG"); break;
+ case MIFARE_ULEV1_CHECKTEAR: snprintf(exp,size,"CHK_TEARING(%d)",cmd[1]); break;
+ case MIFARE_ULEV1_VCSL: snprintf(exp,size,"VCSL"); break;
+ default: snprintf(exp,size,"?"); break;
}
return;
}
}
}
}
+
+/**
+06 00 = INITIATE
+0E xx = SELECT ID (xx = Chip-ID)
+0B = Get UID
+08 yy = Read Block (yy = block number)
+09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
+0C = Reset to Inventory
+0F = Completion
+0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
+**/
+
void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
switch(cmd[0]){
case ISO14443B_REQB : snprintf(exp,size,"REQB");break;
case ISO14443B_ATTRIB : snprintf(exp,size,"ATTRIB");break;
case ISO14443B_HALT : snprintf(exp,size,"HALT");break;
- default: snprintf(exp,size ,"?");break;
+ case ISO14443B_INITIATE : snprintf(exp,size,"INITIATE");break;
+ case ISO14443B_SELECT : snprintf(exp,size,"SELECT(%d)",cmd[1]);break;
+ case ISO14443B_GET_UID : snprintf(exp,size,"GET UID");break;
+ case ISO14443B_READ_BLK : snprintf(exp,size,"READ_BLK(%d)", cmd[1]);break;
+ case ISO14443B_WRITE_BLK : snprintf(exp,size,"WRITE_BLK(%d)",cmd[1]);break;
+ case ISO14443B_RESET : snprintf(exp,size,"RESET");break;
+ case ISO14443B_COMPLETION : snprintf(exp,size,"COMPLETION");break;
+ case ISO14443B_AUTHENTICATE : snprintf(exp,size,"AUTHENTICATE");break;
+ default : snprintf(exp,size ,"?");break;
}
}
if (tracepos + data_len + parity_len > traceLen) {
return traceLen;
}
-
uint8_t *frame = trace + tracepos;
tracepos += data_len;
uint8_t *parityBytes = trace + tracepos;
tracepos += parity_len;
- //--- Draw the data column
- char line[16][110];
- for (int j = 0; j < data_len; j++) {
- int oddparity = 0x01;
- int k;
-
- for (k=0 ; k<8 ; k++) {
- oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
- }
-
- uint8_t parityBits = parityBytes[j>>3];
-
- if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) {
- sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]);
- } else {
- sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]);
- }
- }
- //--- Draw the CRC column
+ //Check the CRC status
uint8_t crcStatus = 2;
if (data_len > 2) {
//0 CRC-command, CRC not ok
//1 CRC-command, CRC ok
//2 Not crc-command
+
+ //--- Draw the data column
+ //char line[16][110];
+ char line[16][110];
+
+ for (int j = 0; j < data_len && j/16 < 16; j++) {
+
+ int oddparity = 0x01;
+ int k;
+
+ for (k=0 ; k<8 ; k++) {
+ oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
+ }
+ uint8_t parityBits = parityBytes[j>>3];
+ if (protocol != ISO_14443B && (isResponse || protocol == ISO_14443A) && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) {
+ snprintf(line[j/16]+(( j % 16) * 4),110, "%02x! ", frame[j]);
+
+ } else {
+ snprintf(line[j/16]+(( j % 16) * 4),110, "%02x ", frame[j]);
+ }
+
+ }
+ if(crcStatus == 1)
+ {//CRC-command
+ char *pos1 = line[(data_len-2)/16]+(((data_len-2) % 16) * 4)-1;
+ (*pos1) = '[';
+ char *pos2 = line[(data_len)/16]+(((data_len) % 16) * 4)-2;
+ (*pos2) = ']';
+ }
+ if(data_len == 0)
+ {
+ if(data_len == 0){
+ sprintf(line[0],"<empty trace - possible error>");
+ }
+ }
+ //--- Draw the CRC column
+
char *crc = (crcStatus == 0 ? "!crc" : (crcStatus == 1 ? " ok " : " "));
EndOfTransmissionTimestamp = timestamp + duration;
annotateIso14443b(explanation,sizeof(explanation),frame,data_len);
}
- int num_lines = (data_len - 1)/16 + 1;
- for (int j = 0; j < num_lines; j++) {
+ int num_lines = MIN((data_len - 1)/16 + 1, 16);
+ for (int j = 0; j < num_lines ; j++) {
if (j == 0) {
PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s",
(timestamp - first_timestamp),
return 0;
}
+int CmdHFSearch(const char *Cmd){
+ int ans = 0;
+ PrintAndLog("");
+ ans = CmdHF14AReader("s");
+ if (ans > 0) {
+ PrintAndLog("\nValid ISO14443A Tag Found - Quiting Search\n");
+ return ans;
+ }
+ ans = HFiClassReader("", false, false);
+ if (ans) {
+ PrintAndLog("\nValid iClass Tag (or PicoPass Tag) Found - Quiting Search\n");
+ return ans;
+ }
+ ans = HF14BInfo(false);
+ if (ans) {
+ PrintAndLog("\nValid ISO14443B Tag Found - Quiting Search\n");
+ return ans;
+ }
+ ans = HF15Reader("", false);
+ if (ans) {
+ PrintAndLog("\nValid ISO15693 Tag Found - Quiting Search\n");
+ return ans;
+ }
+ PrintAndLog("\nno known/supported 13.56 MHz tags found\n");
+ return 0;
+}
+
+int CmdHFSnoop(const char *Cmd)
+{
+ char * pEnd;
+ UsbCommand c = {CMD_HF_SNIFFER, {strtol(Cmd, &pEnd,0),strtol(pEnd, &pEnd,0),0}};
+ SendCommand(&c);
+ return 0;
+}
static command_t CommandTable[] =
{
{"epa", CmdHFEPA, 1, "{ German Identification Card... }"},
{"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"},
{"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"},
- {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"},
- {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"},
+ {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"},
+ {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"},
{"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"},
- {"list", CmdHFList, 1, "List protocol data in trace buffer"},
- {NULL, NULL, 0, NULL}
+ {"list", CmdHFList, 1, "List protocol data in trace buffer"},
+ {"search", CmdHFSearch, 1, "Search for known HF tags [preliminary]"},
+ {"snoop", CmdHFSnoop, 0, "<samples to skip (10000)> <triggers to skip (1)> Generic HF Snoop"},
+ {NULL, NULL, 0, NULL}
};
int CmdHF(const char *Cmd)
projects / proxmark3-svn / blobdiff