X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/2a7861ef0a3039e7fae2833c309f93a65b2aec31..f1a983a330c983e2858c5b97012c949b243a4db1:/client/cmdhf14a.c

diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index bab3591e..94c3ad2c 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -29,7 +29,7 @@
 #include "mifarehost.h"
 
 static int CmdHelp(const char *Cmd);
-static void waitCmd(uint8_t iLen);
+static int waitCmd(uint8_t iLen);
 
 // structure and database for uid -> tagtype lookups 
 typedef struct { 
@@ -405,22 +405,8 @@ int CmdHF14AReader(const char *Cmd)
 
 	
 	// try to see if card responses to "chinese magic backdoor" commands.
-	c.cmd = CMD_MIFARE_CIDENT;
-	c.arg[0] = 0;
-	c.arg[1] = 0;
-	c.arg[2] = 0;	
-	SendCommand(&c);
-	WaitForResponse(CMD_ACK,&resp);
-	uint8_t isOK  = resp.arg[0] & 0xff;
-	PrintAndLog("Answers to chinese magic backdoor commands: %s", (isOK ? "YES" : "NO") );
+	mfCIdentify();
 	
-	// disconnect
-	c.cmd = CMD_READER_ISO_14443a;
-	c.arg[0] = 0;
-	c.arg[1] = 0;
-	c.arg[2] = 0;
-	SendCommand(&c);
-
 	return select_status;
 }
 
@@ -437,7 +423,7 @@ int CmdHF14ACUIDs(const char *Cmd)
 	// repeat n times
 	for (int i = 0; i < n; i++) {
 		// execute anticollision procedure
-		UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};
+		UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_RATS, 0, 0}};
 		SendCommand(&c);
     
 		UsbCommand resp;
@@ -568,6 +554,138 @@ int CmdHF14ASnoop(const char *Cmd) {
 	return 0;
 }
 
+int CmdHF14AAPDU(const char *cmd) {
+	uint8_t data[USB_CMD_DATA_SIZE];
+	uint16_t datalen = 0;
+	uint8_t cmdc = 0;
+	char buf[5] = {0};
+	int i = 0;
+	uint32_t temp;
+	bool activateField = false;
+	bool leaveSignalON = false;
+	bool decodeTLV = false;
+	
+	if (strlen(cmd)<2) {
+		PrintAndLog("Usage: hf 14a apdu [-s] [-k] [-t] <APDU (hex)>");
+		PrintAndLog("       -s    activate field and select card");
+		PrintAndLog("       -k    leave the signal field ON after receive response");
+		PrintAndLog("       -t    executes TLV decoder if it possible");
+		return 0;
+	}
+
+	// strip
+	while (*cmd==' ' || *cmd=='\t') cmd++;
+
+	while (cmd[i]!='\0') {
+		if (cmd[i]==' ' || cmd[i]=='\t') { i++; continue; }
+		if (cmd[i]=='-') {
+			switch (cmd[i + 1]) {
+				case 's':
+				case 'S':
+					activateField = true;
+					break;
+				case 'k':
+				case 'K':
+					leaveSignalON = true;
+					break;
+				case 't':
+				case 'T':
+					decodeTLV = true;
+					break;
+				default:
+					PrintAndLog("Invalid option");
+					return 1;
+			}
+			i += 2;
+			continue;
+		}
+		if ((cmd[i] >= '0' && cmd[i] <= '9') ||
+		    (cmd[i] >= 'a' && cmd[i] <= 'f') ||
+		    (cmd[i] >= 'A' && cmd[i] <= 'F') ) {
+			buf[strlen(buf) + 1] = 0x00;
+			buf[strlen(buf)] = cmd[i];
+			i++;
+
+			if (strlen(buf) >= 2) {
+				sscanf(buf, "%x", &temp);
+				data[datalen] = (uint8_t)(temp & 0xff);
+				*buf = 0;
+				if (datalen > sizeof(data) - 2) {
+					PrintAndLog("Buffer is full...");
+					break;
+				} else {
+					datalen++;
+				}
+			}
+			continue;
+		}
+		PrintAndLog("Invalid char on input");
+		return 1;
+	}
+	if (*buf) {
+		PrintAndLog("Hex must have even number of digits. Detected %d symbols.", datalen * 2 + strlen(buf));
+		return 1;
+	}		
+	
+	PrintAndLog("--%s %s %s >>>> %s", activateField ? "sel": "", leaveSignalON ? "keep": "", decodeTLV ? "TLV": "", sprint_hex(data, datalen));
+
+	if (activateField)
+		cmdc |= ISO14A_CONNECT;
+	if (leaveSignalON)
+		cmdc |= ISO14A_NO_DISCONNECT;
+	
+	// "Command APDU" length should be 5+255+1, but javacard's APDU buffer might be smaller - 133 bytes
+	// https://stackoverflow.com/questions/32994936/safe-max-java-card-apdu-data-command-and-respond-size
+	// here length USB_CMD_DATA_SIZE=512
+	// timeout timeout14a * 1.06 / 100, true, size, &keyBlock[6 * c], e_sector); // timeout is (ms * 106)/10 or us*0.0106
+	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_APDU | ISO14A_SET_TIMEOUT | cmdc, (datalen & 0xFFFF), 1000 * 1000 * 1.06 / 100}}; 
+
+//	uint8_t first, second;
+//	ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
+//	data[datalen++] = first;
+//	data[datalen++] = second;
+
+	memcpy(c.d.asBytes, data, datalen);
+
+	SendCommand(&c);
+	
+    uint8_t *recv;
+    char *hexout;
+    UsbCommand resp;
+
+	if (activateField) {
+		if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) 
+			return 2;
+		if (resp.arg[0] != 1)
+			return 2;
+	}
+
+    if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+        recv = resp.d.asBytes;
+        uint8_t iLen = resp.arg[0];
+        if(!iLen)
+            return 2;
+        hexout = (char *)malloc(iLen * 3 + 1);
+        if (hexout != NULL) {
+            for (int i = 0; i < iLen; i++) { // data in hex
+                sprintf(&hexout[i * 3], "%02X ", recv[i]);
+            }
+            PrintAndLog("<<<< %s", hexout);
+			
+			// here TLV decoder...
+			
+            free(hexout);
+        } else {
+            PrintAndLog("malloc failed...");
+			return 2;
+        }
+    } else {
+        PrintAndLog("Reply timeout.");
+		return 3;
+    }
+	
+	return 0;
+}
 
 int CmdHF14ACmdRaw(const char *cmd) {
 	UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
@@ -576,6 +694,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
 	bool power = false;
 	bool active = false;
 	bool active_select = false;
+	bool no_rats = false;
 	uint16_t numbits = 0;
 	bool bTimeout = false;
 	uint32_t timeout = 0;
@@ -596,6 +715,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
 		PrintAndLog("       -b    number of bits to send. Useful for send partial byte");
 		PrintAndLog("       -t    timeout in ms");
 		PrintAndLog("       -T    use Topaz protocol to send command");
+		PrintAndLog("       -3    ISO14443-3 select only (skip RATS)");
 		return 0;
 	}
 
@@ -640,6 +760,9 @@ int CmdHF14ACmdRaw(const char *cmd) {
 				case 'T':
 					topazmode = true;
 					break;
+				case '3':
+					no_rats = true;
+					break;
 				default:
 					PrintAndLog("Invalid option");
 					return 0;
@@ -713,6 +836,10 @@ int CmdHF14ACmdRaw(const char *cmd) {
 		c.arg[0] |= ISO14A_TOPAZMODE;
 	}
 
+	if(no_rats) {
+		c.arg[0] |= ISO14A_NO_RATS;
+	}
+
 	// Max buffer is USB_CMD_DATA_SIZE (512)
 	c.arg[1] = (datalen & 0xFFFF) | ((uint32_t)numbits << 16);
 	memcpy(c.d.asBytes,data,datalen);
@@ -720,17 +847,17 @@ int CmdHF14ACmdRaw(const char *cmd) {
 	SendCommand(&c);
 
 	if (reply) {
-		if(active_select)
-			waitCmd(1);
-		if(datalen>0)
+		int res = 0;
+		if (active_select)
+			res = waitCmd(1);
+		if (!res && datalen > 0)
 			waitCmd(0);
 	} // if reply
 	return 0;
 }
 
 
-static void waitCmd(uint8_t iSelect)
-{
+static int waitCmd(uint8_t iSelect) {
     uint8_t *recv;
     UsbCommand resp;
     char *hexout;
@@ -740,7 +867,7 @@ static void waitCmd(uint8_t iSelect)
         uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
         PrintAndLog("received %i octets", iLen);
         if(!iLen)
-            return;
+            return 1;
         hexout = (char *)malloc(iLen * 3 + 1);
         if (hexout != NULL) {
             for (int i = 0; i < iLen; i++) { // data in hex
@@ -750,10 +877,13 @@ static void waitCmd(uint8_t iSelect)
             free(hexout);
         } else {
             PrintAndLog("malloc failed your client has low memory?");
+			return 2;
         }
     } else {
         PrintAndLog("timeout while waiting for reply.");
+		return 3;
     }
+	return 0;
 }
 
 static command_t CommandTable[] = 
@@ -764,6 +894,7 @@ static command_t CommandTable[] =
   {"cuids",  CmdHF14ACUIDs,        0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
   {"sim",    CmdHF14ASim,          0, "<UID> -- Simulate ISO 14443a tag"},
   {"snoop",  CmdHF14ASnoop,        0, "Eavesdrop ISO 14443 Type A"},
+  {"apdu",   CmdHF14AAPDU,         0, "Send ISO 1443-4 APDU to tag"},
   {"raw",    CmdHF14ACmdRaw,       0, "Send raw hex data to tag"},
   {NULL, NULL, 0, NULL}
 };