#include <stdio.h>
#include <stdlib.h>
+#include <inttypes.h>
#include <string.h>
#include <unistd.h>
#include "util.h"
PrintAndLog(" x0 -> <1 kByte");
break;
case 0x01:
- PrintAndLog(" x0 -> 1 kByte");
+ PrintAndLog(" x1 -> 1 kByte");
break;
case 0x02:
- PrintAndLog(" x0 -> 2 kByte");
+ PrintAndLog(" x2 -> 2 kByte");
break;
case 0x03:
- PrintAndLog(" x0 -> 4 kByte");
+ PrintAndLog(" x3 -> 4 kByte");
break;
case 0x04:
- PrintAndLog(" x0 -> 8 kByte");
+ PrintAndLog(" x4 -> 8 kByte");
break;
}
switch (card.ats[pos + 3] & 0xf0) {
return 1;
}
-int usage_hf_14a_sim(void) {
- PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID\n");
- PrintAndLog("Usage: hf 14a sim t <type> u <uid> x");
- PrintAndLog(" Options : ");
- PrintAndLog(" h : this help");
- PrintAndLog(" t : 1 = MIFARE Classic");
- PrintAndLog(" 2 = MIFARE Ultralight");
- PrintAndLog(" 3 = MIFARE Desfire");
- PrintAndLog(" 4 = ISO/IEC 14443-4");
- PrintAndLog(" 5 = MIFARE Tnp3xxx");
- PrintAndLog(" 6 = MIFARE Mini");
- PrintAndLog(" 7 = NTAG 215 from emu mem");
- PrintAndLog(" u : 4 or 7 byte UID");
- PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader");
- PrintAndLog("\n sample : hf 14a sim t 1 u 1122344");
- PrintAndLog(" : hf 14a sim t 1 u 1122344 x\n");
- return 0;
-}
// ## simulate iso14443a tag
// ## greg - added ability to specify tag UID
int CmdHF14ASim(const char *Cmd)
{
- bool errors = FALSE;
- uint8_t flags = 0;
- uint8_t tagtype = 1;
- uint64_t uid = 0;
- uint8_t cmdp = 0;
-
- while(param_getchar(Cmd, cmdp) != 0x00)
- {
- switch(param_getchar(Cmd, cmdp))
- {
- case 'h':
- case 'H':
- return usage_hf_14a_sim();
- case 't':
- case 'T':
- // Retrieve the tag type
- tagtype = param_get8ex(Cmd, cmdp+1, 0, 10);
- if (tagtype == 0)
- errors = true;
- cmdp += 2;
- break;
- case 'u':
- case 'U':
- // Retrieve the full 4 or 7 byte long uid
- uid = param_get64ex(Cmd, cmdp+1, 0, 16);
- if (uid == 0 )
- errors = TRUE;
-
- if (uid > 0xffffffff) {
- PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014"llx")",uid);
- flags |= FLAG_7B_UID_IN_DATA;
- } else {
- PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",uid);
- flags |= FLAG_4B_UID_IN_DATA;
- }
- cmdp += 2;
- break;
- case 'x':
- case 'X':
- flags |= FLAG_NR_AR_ATTACK;
- cmdp++;
- break;
- default:
- PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
- errors = true;
- break;
- }
- if(errors) break;
+ UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{0,0,0}};
+
+ // Retrieve the tag type
+ uint8_t tagtype = param_get8ex(Cmd,0,0,10);
+
+ // When no argument was given, just print help message
+ if (tagtype == 0) {
+ PrintAndLog("");
+ PrintAndLog(" Emulating ISO/IEC 14443 type A tag with 4 or 7 byte UID");
+ PrintAndLog("");
+ PrintAndLog(" syntax: hf 14a sim <type> <uid>");
+ PrintAndLog(" types: 1 = MIFARE Classic");
+ PrintAndLog(" 2 = MIFARE Ultralight");
+ PrintAndLog(" 3 = MIFARE Desfire");
+ PrintAndLog(" 4 = ISO/IEC 14443-4");
+ PrintAndLog(" 5 = MIFARE Tnp3xxx");
+ PrintAndLog("");
+ return 1;
}
+
+ // Store the tag type
+ c.arg[0] = tagtype;
+
+ // Retrieve the full 4 or 7 byte long uid
+ uint64_t long_uid = param_get64ex(Cmd,1,0,16);
+
+ // Are we handling the (optional) second part uid?
+ if (long_uid > 0xffffffff) {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with 7 byte UID (%014" PRIx64 ")",long_uid);
+ // Store the second part
+ c.arg[2] = (long_uid & 0xffffffff);
+ long_uid >>= 32;
+ // Store the first part, ignore the first byte, it is replaced by cascade byte (0x88)
+ c.arg[1] = (long_uid & 0xffffff);
+ } else {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with 4 byte UID (%08x)",long_uid);
+ // Only store the first part
+ c.arg[1] = long_uid & 0xffffffff;
+ }
+/*
+ // At lease save the mandatory first part of the UID
+ c.arg[0] = long_uid & 0xffffffff;
- //Validations
- if (errors) return usage_hf_14a_sim();
-
- PrintAndLog("Press pm3-button to abort simulation");
-
- UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }};
-
- num_to_bytes(uid, 7, c.d.asBytes);
- clearCommandBuffer();
- SendCommand(&c);
-
- //uint8_t data[40];
- //uint8_t key[6];
- UsbCommand resp;
- while(!ukbhit()){
- if ( WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
- if ( (resp.arg[0] & 0xffff) == CMD_SIMULATE_MIFARE_CARD ){
- // attempt to get key:
- // TODO:
-
- //memset(data, 0x00, sizeof(data));
- //memset(key, 0x00, sizeof(key));
- //int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];
- //memcpy(data, resp.d.asBytes, len);
- //tryMfk32(uid, data, key);
- //tryMfk32_moebius(uid, data, key);
- //tryMfk64(uid, data, key);
- //PrintAndLog("--");
- }
- }
+ if (c.arg[1] == 0) {
+ PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
}
- return 0;
+
+ switch (c.arg[0]) {
+ case 1: {
+ PrintAndLog("Emulating ISO/IEC 14443-3 type A tag with 4 byte UID");
+ UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
+ } break;
+ case 2: {
+ PrintAndLog("Emulating ISO/IEC 14443-4 type A tag with 7 byte UID");
+ } break;
+ default: {
+ PrintAndLog("Error: unkown tag type (%d)",c.arg[0]);
+ PrintAndLog("syntax: hf 14a sim <uid>",c.arg[0]);
+ PrintAndLog(" type1: 4 ",c.arg[0]);
+
+ return 1;
+ } break;
+ }
+*/
+/*
+ unsigned int hi = 0, lo = 0;
+ int n = 0, i = 0;
+ while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
+ hi= (hi << 4) | (lo >> 28);
+ lo= (lo << 4) | (n & 0xf);
+ }
+*/
+// UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16)};
+// PrintAndLog("Emulating ISO/IEC 14443 type A tag with UID %01d %08x %08x",c.arg[0],c.arg[1],c.arg[2]);
+ SendCommand(&c);
+ return 0;
}
int CmdHF14ASnoop(const char *Cmd) {
int CmdHF14ACmdRaw(const char *cmd) {
UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
bool reply=1;
- bool crc = FALSE;
- bool power = FALSE;
- bool active = FALSE;
- bool active_select = FALSE;
+ bool crc = false;
+ bool power = false;
+ bool active = false;
+ bool active_select = false;
uint16_t numbits = 0;
- bool bTimeout = FALSE;
+ bool bTimeout = false;
uint32_t timeout = 0;
- bool topazmode = FALSE;
+ bool topazmode = false;
char buf[5]="";
int i = 0;
uint8_t data[USB_CMD_DATA_SIZE];
if (cmd[i]=='-') {
switch (cmd[i+1]) {
case 'r':
- reply = FALSE;
+ reply = false;
break;
case 'c':
- crc = TRUE;
+ crc = true;
break;
case 'p':
- power = TRUE;
+ power = true;
break;
case 'a':
- active = TRUE;
+ active = true;
break;
case 's':
- active_select = TRUE;
+ active_select = true;
break;
case 'b':
sscanf(cmd+i+2,"%d",&temp);
i-=2;
break;
case 't':
- bTimeout = TRUE;
+ bTimeout = true;
sscanf(cmd+i+2,"%d",&temp);
timeout = temp;
i+=3;
i-=2;
break;
case 'T':
- topazmode = TRUE;
+ topazmode = true;
break;
default:
PrintAndLog("Invalid option");
c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us)
}
- if(power)
+ if(power) {
c.arg[0] |= ISO14A_NO_DISCONNECT;
+ }
- if(datalen > 0)
+ if(datalen > 0) {
c.arg[0] |= ISO14A_RAW;
+ }
- if(topazmode)
+ if(topazmode) {
c.arg[0] |= ISO14A_TOPAZMODE;
+ }
- // Max buffer is USB_CMD_DATA_SIZE
- datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
- c.arg[1] = (datalen & 0xFFFF) | ( (uint32_t)(numbits) << 16);
+ // Max buffer is USB_CMD_DATA_SIZE
+ c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen);
SendCommand(&c);