X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/6e3d8d671ac59e308c2ec83136890dc1af2edc65..1338d245c2ff5930a059d3d1fdea93a535fe6e61:/client/cmdhf14a.c

diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c
index 2d76f109..2bf84d22 100644
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -31,108 +31,53 @@
 #include "cliparser/cliparser.h"
 #include "emv/apduinfo.h"
 #include "emv/emvcore.h"
+#include "taginfo.h"
 
 static int CmdHelp(const char *Cmd);
 static int waitCmd(uint8_t iLen);
 
-// structure and database for uid -> tagtype lookups 
-typedef struct { 
-	uint8_t uid;
-	char* desc;
-} manufactureName; 
-
-static const manufactureName manufactureMapping[] = {
-	// ID,  "Vendor Country"
-	{ 0x01, "Motorola UK" },
-	{ 0x02, "ST Microelectronics SA France" },
-	{ 0x03, "Hitachi, Ltd Japan" }, 
-	{ 0x04, "NXP Semiconductors Germany" }, 
-	{ 0x05, "Infineon Technologies AG Germany" }, 
-	{ 0x06, "Cylink USA" }, 
-	{ 0x07, "Texas Instrument France" },
-	{ 0x08, "Fujitsu Limited Japan" }, 
-	{ 0x09, "Matsushita Electronics Corporation, Semiconductor Company Japan" }, 
-	{ 0x0A, "NEC Japan" }, 
-	{ 0x0B, "Oki Electric Industry Co. Ltd Japan" },
-	{ 0x0C, "Toshiba Corp. Japan" },
-	{ 0x0D, "Mitsubishi Electric Corp. Japan" },
-	{ 0x0E, "Samsung Electronics Co. Ltd Korea" },
-	{ 0x0F, "Hynix / Hyundai, Korea" },
-	{ 0x10, "LG-Semiconductors Co. Ltd Korea" },
-	{ 0x11, "Emosyn-EM Microelectronics USA" },
-	{ 0x12, "INSIDE Technology France" },
-	{ 0x13, "ORGA Kartensysteme GmbH Germany" },
-	{ 0x14, "SHARP Corporation Japan" },
-	{ 0x15, "ATMEL France" },
-	{ 0x16, "EM Microelectronic-Marin SA Switzerland" },
-	{ 0x17, "KSW Microtec GmbH Germany" },
-	{ 0x18, "ZMD AG Germany" },
-	{ 0x19, "XICOR, Inc. USA" },
-	{ 0x1A, "Sony Corporation Japan Identifier Company Country" },
-	{ 0x1B, "Malaysia Microelectronic Solutions Sdn. Bhd Malaysia" },
-	{ 0x1C, "Emosyn USA" },
-	{ 0x1D, "Shanghai Fudan Microelectronics Co. Ltd. P.R. China" },
-	{ 0x1E, "Magellan Technology Pty Limited Australia" },
-	{ 0x1F, "Melexis NV BO Switzerland" },
-	{ 0x20, "Renesas Technology Corp. Japan" },
-	{ 0x21, "TAGSYS France" },
-	{ 0x22, "Transcore USA" },
-	{ 0x23, "Shanghai belling corp., ltd. China" },
-	{ 0x24, "Masktech Germany Gmbh Germany" },
-	{ 0x25, "Innovision Research and Technology Plc UK" },
-	{ 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" },
-	{ 0x27, "Cypak AB Sweden" },
-	{ 0x28, "Ricoh Japan" },
-	{ 0x29, "ASK France" },
-	{ 0x2A, "Unicore Microsystems, LLC Russian Federation" },
-	{ 0x2B, "Dallas Semiconductor/Maxim USA" },
-	{ 0x2C, "Impinj, Inc. USA" },
-	{ 0x2D, "RightPlug Alliance USA" },
-	{ 0x2E, "Broadcom Corporation USA" },
-	{ 0x2F, "MStar Semiconductor, Inc Taiwan, ROC" },
-	{ 0x30, "BeeDar Technology Inc. USA" },
-	{ 0x31, "RFIDsec Denmark" },
-	{ 0x32, "Schweizer Electronic AG Germany" },
-	{ 0x33, "AMIC Technology Corp Taiwan" }, 
-	{ 0x34, "Mikron JSC Russia" },
-	{ 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" },
-	{ 0x36, "IDS Microchip AG Switzerland" },
-	{ 0x37, "Kovio USA" },
-	{ 0x38, "HMT Microelectronic Ltd Switzerland Identifier Company Country" },
-	{ 0x39, "Silicon Craft Technology Thailand" },
-	{ 0x3A, "Advanced Film Device Inc. Japan" },
-	{ 0x3B, "Nitecrest Ltd UK" },
-	{ 0x3C, "Verayo Inc. USA" },
-	{ 0x3D, "HID Global USA" },
-	{ 0x3E, "Productivity Engineering Gmbh Germany" },
-	{ 0x3F, "Austriamicrosystems AG (reserved) Austria" }, 
-	{ 0x40, "Gemalto SA France" },
-	{ 0x41, "Renesas Electronics Corporation Japan" },
-	{ 0x42, "3Alogics Inc Korea" },
-	{ 0x43, "Top TroniQ Asia Limited Hong Kong" },
-	{ 0x44, "Gentag Inc (USA) USA" },
-	{ 0x00, "no tag-info available" } // must be the last entry
-};
+int CmdHF14AList(const char *Cmd)
+{
+	PrintAndLog("Deprecated command, use 'hf list 14a' instead");
+	return 0;
+}
 
-// get a product description based on the UID
-//		uid[8] 	tag uid
-// returns description of the best match	
-char* getTagInfo(uint8_t uid) {
+int Hf14443_4aGetCardData(iso14a_card_select_t * card) {
+	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT, 0, 0}};
+	SendCommand(&c);
 
-	int i;
-	int len = sizeof(manufactureMapping) / sizeof(manufactureName);
+	UsbCommand resp;
+	WaitForResponse(CMD_ACK,&resp);
 	
-	for ( i = 0; i < len; ++i ) 
-		if ( uid == manufactureMapping[i].uid) 
-			return manufactureMapping[i].desc;
+	memcpy(card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
 
-	//No match, return default
-	return manufactureMapping[len-1].desc; 
-}
+	uint64_t select_status = resp.arg[0];		// 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
+	
+	if(select_status == 0) {
+		PrintAndLog("E->iso14443a card select failed");
+		return 1;
+	}
 
-int CmdHF14AList(const char *Cmd)
-{
-	PrintAndLog("Deprecated command, use 'hf list 14a' instead");
+	if(select_status == 2) {
+		PrintAndLog("E->Card doesn't support iso14443-4 mode");
+		return 1;
+	}
+
+	if(select_status == 3) {
+		PrintAndLog("E->Card doesn't support standard iso14443-3 anticollision");
+		PrintAndLog("\tATQA : %02x %02x", card->atqa[1], card->atqa[0]);
+		return 1;
+	}
+
+	PrintAndLog(" UID: %s", sprint_hex(card->uid, card->uidlen));
+	PrintAndLog("ATQA: %02x %02x", card->atqa[1], card->atqa[0]);
+	PrintAndLog(" SAK: %02x [%" PRIu64 "]", card->sak, resp.arg[0]);
+	if(card->ats_len < 3) {			// a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
+		PrintAndLog("E-> Error ATS length(%d) : %s", card->ats_len, sprint_hex(card->ats, card->ats_len));
+		return 1;
+	}
+	PrintAndLog(" ATS: %s", sprint_hex(card->ats, card->ats_len));
+	
 	return 0;
 }
 
@@ -324,7 +269,7 @@ int CmdHF14AInfo(const char *Cmd)
 	// Double & triple sized UID, can be mapped to a manufacturer.
 	// HACK: does this apply for Ultralight cards?
 	if ( card.uidlen > 4 ) {
-		PrintAndLog("MANUFACTURER : %s", getTagInfo(card.uid[0]));
+		PrintAndLog("MANUFACTURER : %s", getManufacturerName(card.uid[0]));
 	}
 
 	// try to request ATS even if tag claims not to support it
@@ -648,20 +593,119 @@ void DropField() {
 	SendCommand(&c);
 }
 
-int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
+int ExchangeRAW14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
+	static bool responseNum = false;
 	uint16_t cmdc = 0;
+	*dataoutlen = 0;
 	
 	if (activateField) {
-		cmdc |= ISO14A_CONNECT | ISO14A_CLEAR_TRACE;
+		responseNum = false;
+		UsbCommand resp;
+
+		// Anticollision + SELECT card
+		UsbCommand ca = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT | ISO14A_CLEAR_TRACE, 0, 0}};
+		SendCommand(&ca);
+		if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+			PrintAndLog("14aRAW ERROR: Proxmark connection timeout.");
+			return 1;
+		}
+
+		// check result
+		if (resp.arg[0] == 0) {
+			PrintAndLog("14aRAW ERROR: No card in field.");
+			return 1;
+		}
+
+		if (resp.arg[0] != 1 && resp.arg[0] != 2) {
+			PrintAndLog("14aRAW ERROR: card not in iso14443-4. res=%d.", resp.arg[0]);
+			return 1;
+		}
+
+		if (resp.arg[0] == 2) {		// 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
+			// get ATS 
+			UsbCommand cr = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT, 2, 0}}; 
+			uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
+			memcpy(cr.d.asBytes, rats, 2);
+			SendCommand(&cr);
+			if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+				PrintAndLog("14aRAW ERROR: Proxmark connection timeout.");
+				return 1;
+			}
+			
+			if (resp.arg[0] <= 0) { // ats_len
+				PrintAndLog("14aRAW ERROR: Can't get ATS.");
+				return 1;
+			}
+		}
 	}
+	
 	if (leaveSignalON)
 		cmdc |= ISO14A_NO_DISCONNECT;
 
+	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_APPEND_CRC | cmdc, (datainlen & 0xFFFF) + 2, 0}}; 
+	uint8_t header[] = {0x0a | responseNum, 0x00};
+	responseNum ^= 1;
+	memcpy(c.d.asBytes, header, 2);
+	memcpy(&c.d.asBytes[2], datain, datainlen);
+	SendCommand(&c);
+	
+    uint8_t *recv;
+    UsbCommand resp;
+
+    if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
+        recv = resp.d.asBytes;
+        int iLen = resp.arg[0];
+		
+        if(!iLen) {
+			PrintAndLog("14aRAW ERROR: No card response.");
+            return 1;
+		}
+		
+		*dataoutlen = iLen - 2;
+		if (*dataoutlen < 0)
+			*dataoutlen = 0;
+		
+		if (maxdataoutlen && *dataoutlen > maxdataoutlen) {
+			PrintAndLog("14aRAW ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen);
+			return 2;
+		}
+		
+		if (recv[0] != header[0]) {
+			PrintAndLog("14aRAW ERROR: iso14443-4 framing error. Card send %2x must be %2x", dataout[0], header[0]);
+			return 2;
+		}
+		
+		memcpy(dataout, &recv[2], *dataoutlen);
+		
+		// CRC Check
+		if (iLen == -1) {
+			PrintAndLog("14aRAW ERROR: ISO 14443A CRC error.");
+			return 3;
+		}
+
+
+    } else {
+        PrintAndLog("14aRAW ERROR: Reply timeout.");
+		return 4;
+    }
+	
+	return 0;
+}
+
+int CmdExchangeAPDU(uint8_t *datain, int datainlen, bool activateField, uint8_t *dataout, int maxdataoutlen, int *dataoutlen, bool *chaining) {
+	uint16_t cmdc = 0;
+
+	*chaining = false;
+	
+	if (activateField) {
+		cmdc |= ISO14A_CONNECT | ISO14A_CLEAR_TRACE;
+	}
+
 	// "Command APDU" length should be 5+255+1, but javacard's APDU buffer might be smaller - 133 bytes
 	// https://stackoverflow.com/questions/32994936/safe-max-java-card-apdu-data-command-and-respond-size
 	// here length USB_CMD_DATA_SIZE=512
 	// timeout must be authomatically set by "get ATS"
-	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_APDU | cmdc, (datainlen & 0xFFFF), 0}}; 
+	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_APDU | ISO14A_NO_DISCONNECT | cmdc, (datainlen & 0xFFFF), 0}}; 
 	memcpy(c.d.asBytes, datain, datainlen);
 	SendCommand(&c);
 	
@@ -675,6 +719,7 @@ int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool lea
 		}
 		if (resp.arg[0] != 1) {
 			PrintAndLog("APDU ERROR: Proxmark error %d.", resp.arg[0]);
+			DropField();
 			return 1;
 		}
 	}
@@ -682,45 +727,76 @@ int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool lea
     if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
         recv = resp.d.asBytes;
         int iLen = resp.arg[0];
+		uint8_t res = resp.arg[1];
 		
-		*dataoutlen = iLen - 2;
-		if (*dataoutlen < 0)
-			*dataoutlen = 0;
+		int dlen = iLen - 2;
+		if (dlen < 0)
+			dlen = 0;
+		*dataoutlen += dlen;
 		
 		if (maxdataoutlen && *dataoutlen > maxdataoutlen) {
 			PrintAndLog("APDU ERROR: Buffer too small(%d). Needs %d bytes", *dataoutlen, maxdataoutlen);
 			return 2;
 		}
 		
-		memcpy(dataout, recv, *dataoutlen);
-		
         if(!iLen) {
 			PrintAndLog("APDU ERROR: No APDU response.");
             return 1;
 		}
 
+		// check apdu length
+		if (iLen < 4 && iLen >= 0) {
+			PrintAndLog("APDU ERROR: Small APDU response. Len=%d", iLen);
+			return 2;
+		}
+		
 		// check block TODO
 		if (iLen == -2) {
 			PrintAndLog("APDU ERROR: Block type mismatch.");
 			return 2;
 		}
+
+		memcpy(dataout, recv, dlen);
+		
+		// chaining
+		if ((res & 0x10) != 0) {
+			*chaining = true;
+		}
 		
 		// CRC Check
 		if (iLen == -1) {
 			PrintAndLog("APDU ERROR: ISO 14443A CRC error.");
 			return 3;
 		}
-
-		// check apdu length
-		if (iLen < 4) {
-			PrintAndLog("APDU ERROR: Small APDU response. Len=%d", iLen);
-			return 2;
-		}
-		
     } else {
         PrintAndLog("APDU ERROR: Reply timeout.");
 		return 4;
     }
+
+	return 0;
+}
+
+
+int ExchangeAPDU14a(uint8_t *datain, int datainlen, bool activateField, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) {
+	*dataoutlen = 0;
+	bool chaining = false;
+	
+	int res = CmdExchangeAPDU(datain, datainlen, activateField, dataout, maxdataoutlen, dataoutlen, &chaining);
+
+	while (chaining) {
+		// I-block with chaining
+		res = CmdExchangeAPDU(NULL, 0, false, &dataout[*dataoutlen], maxdataoutlen, dataoutlen, &chaining);
+		
+		if (res) {
+			if (!leaveSignalON)
+				DropField();
+			
+			return 100;
+		}
+	}	
+	
+	if (!leaveSignalON)
+		DropField();
 	
 	return 0;
 }
@@ -742,7 +818,7 @@ int CmdHF14AAPDU(const char *cmd) {
 		arg_lit0("sS",  "select",  "activate field and select card"),
 		arg_lit0("kK",  "keep",    "leave the signal field ON after receive response"),
 		arg_lit0("tT",  "tlv",     "executes TLV decoder if it possible"),
-		arg_str1(NULL,  NULL,      "<APDU (hex)>", NULL),
+		arg_strx1(NULL, NULL,      "<APDU (hex)>", NULL),
 		arg_param_end
 	};
 	CLIExecWithReturn(cmd, argtable, false);
@@ -751,7 +827,7 @@ int CmdHF14AAPDU(const char *cmd) {
 	leaveSignalON = arg_get_lit(2);
 	decodeTLV = arg_get_lit(3);
 	// len = data + PCB(1b) + CRC(2b)
-	CLIGetStrBLessWithReturn(4, data, &datalen, 1 + 2);
+	CLIGetHexBLessWithReturn(4, data, &datalen, 1 + 2);
 
 
 	CLIParserFree();
@@ -807,7 +883,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
 		arg_int0("t",   "timeout", NULL, "timeout in ms"),
 		arg_lit0("T",   "topaz",   "use Topaz protocol to send command"),
 		arg_lit0("3",   NULL,      "ISO14443-3 select only (skip RATS)"),
-		arg_str1(NULL,  NULL,      "<data (hex)>", NULL),
+		arg_strx1(NULL, NULL,      "<data (hex)>", NULL),
 		arg_param_end
 	};
 	// defaults