X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/f71f4deb8f8f1e932c81f3e62e6ab67012e07b33..edc9ce00b320b867d5eaab1ad6e4473128ab295e:/client/cmdhf.c diff --git a/client/cmdhf.c b/client/cmdhf.c index 1dae1d9b..b1e67005 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -23,6 +23,7 @@ #include "cmdhficlass.h" #include "cmdhfmf.h" #include "cmdhfmfu.h" +#include "protocols.h" static int CmdHelp(const char *Cmd); @@ -33,156 +34,6 @@ int CmdHFTune(const char *Cmd) return 0; } -//The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501 -/* -ISO14443A (usually NFC tags) - 26 (7bits) = REQA - 30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes) - A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK]) - 52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA) - 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) - 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK) - 95 20 = Anticollision of cascade level2 - 95 70 = Select of cascade level2 - 50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card) -Mifare - 60 = Authenticate with KeyA - 61 = Authenticate with KeyB - 40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A) - C0 = Decrement - C1 = Increment - C2 = Restore - B0 = Transfer -Ultralight C - A0 = Compatibility Write (to accomodate MIFARE commands) - 1A = Step1 Authenticate - AF = Step2 Authenticate - - -ISO14443B - 05 = REQB - 1D = ATTRIB - 50 = HALT -SRIX4K (tag does not respond to 05) - 06 00 = INITIATE - 0E xx = SELECT ID (xx = Chip-ID) - 0B = Get UID - 08 yy = Read Block (yy = block number) - 09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written) - 0C = Reset to Inventory - 0F = Completion - 0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate) - - -ISO15693 - MANDATORY COMMANDS (all ISO15693 tags must support those) - 01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes) - 02 = Stay Quiet - OPTIONAL COMMANDS (not all tags support them) - 20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes) - 21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes) - 22 = Lock Block - 23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC) - 25 = Select - 26 = Reset to Ready - 27 = Write AFI - 28 = Lock AFI - 29 = Write DSFID - 2A = Lock DSFID - 2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes) - 2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC) - -EM Microelectronic CUSTOM COMMANDS - A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type) - A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value) - B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info) - E4 = Login (followed by 1byte IC Manufacturer code+4bytes password) -NXP/Philips CUSTOM COMMANDS - A0 = Inventory Read - A1 = Fast Inventory Read - A2 = Set EAS - A3 = Reset EAS - A4 = Lock EAS - A5 = EAS Alarm - A6 = Password Protect EAS - A7 = Write EAS ID - A8 = Read EPC - B0 = Inventory Page Read - B1 = Fast Inventory Page Read - B2 = Get Random Number - B3 = Set Password - B4 = Write Password - B5 = Lock Password - B6 = Bit Password Protection - B7 = Lock Page Protection Condition - B8 = Get Multiple Block Protection Status - B9 = Destroy SLI - BA = Enable Privacy - BB = 64bit Password Protection - 40 = Long Range CMD (Standard ISO/TR7003:1990) - */ - -#define ICLASS_CMD_ACTALL 0x0A -#define ICLASS_CMD_READ_OR_IDENTIFY 0x0C -#define ICLASS_CMD_SELECT 0x81 -#define ICLASS_CMD_PAGESEL 0x84 -#define ICLASS_CMD_READCHECK_KD 0x88 -#define ICLASS_CMD_READCHECK_KC 0x18 -#define ICLASS_CMD_CHECK 0x05 -#define ICLASS_CMD_DETECT 0x0F -#define ICLASS_CMD_HALT 0x00 -#define ICLASS_CMD_UPDATE 0x87 -#define ICLASS_CMD_ACT 0x8E -#define ICLASS_CMD_READ4 0x06 - - -#define ISO14443A_CMD_REQA 0x26 -#define ISO14443A_CMD_READBLOCK 0x30 -#define ISO14443A_CMD_WUPA 0x52 -#define ISO14443A_CMD_ANTICOLL_OR_SELECT 0x93 -#define ISO14443A_CMD_ANTICOLL_OR_SELECT_2 0x95 -#define ISO14443A_CMD_WRITEBLOCK 0xA0 // or 0xA2 ? -#define ISO14443A_CMD_HALT 0x50 -#define ISO14443A_CMD_RATS 0xE0 - -#define MIFARE_AUTH_KEYA 0x60 -#define MIFARE_AUTH_KEYB 0x61 -#define MIFARE_MAGICMODE 0x40 -#define MIFARE_CMD_INC 0xC0 -#define MIFARE_CMD_DEC 0xC1 -#define MIFARE_CMD_RESTORE 0xC2 -#define MIFARE_CMD_TRANSFER 0xB0 - -#define MIFARE_ULC_WRITE 0xA0 -#define MIFARE_ULC_AUTH_1 0x1A -#define MIFARE_ULC_AUTH_2 0xAF - -#define ISO14443B_REQB 0x05 -#define ISO14443B_ATTRIB 0x1D -#define ISO14443B_HALT 0x50 - -//First byte is 26 -#define ISO15693_INVENTORY 0x01 -#define ISO15693_STAYQUIET 0x02 -//First byte is 02 -#define ISO15693_READBLOCK 0x20 -#define ISO15693_WRITEBLOCK 0x21 -#define ISO15693_LOCKBLOCK 0x22 -#define ISO15693_READ_MULTI_BLOCK 0x23 -#define ISO15693_SELECT 0x25 -#define ISO15693_RESET_TO_READY 0x26 -#define ISO15693_WRITE_AFI 0x27 -#define ISO15693_LOCK_AFI 0x28 -#define ISO15693_WRITE_DSFID 0x29 -#define ISO15693_LOCK_DSFID 0x2A -#define ISO15693_GET_SYSTEM_INFO 0x2B -#define ISO15693_READ_MULTI_SECSTATUS 0x2C - - -#define ISO_14443A 0 -#define ICLASS 1 -#define ISO_14443B 2 - void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { @@ -211,19 +62,67 @@ void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) snprintf(exp,size,"ANTICOLL-2"); break; } } - case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break; - case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; - case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; - case ISO14443A_CMD_HALT: snprintf(exp,size,"HALT"); break; - case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break; - case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; - case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; - case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; - case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; - case MIFARE_AUTH_KEYA: snprintf(exp,size,"AUTH-A(%d)",cmd[1]); break; - case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B(%d)",cmd[1]); break; - case MIFARE_MAGICMODE: snprintf(exp,size,"MAGIC"); break; - default: snprintf(exp,size,"?"); break; + case ISO14443A_CMD_REQA: snprintf(exp,size,"REQA"); break; + case ISO14443A_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; + case ISO14443A_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; + case ISO14443A_CMD_HALT: snprintf(exp,size,"HALT"); break; + case ISO14443A_CMD_RATS: snprintf(exp,size,"RATS"); break; + case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; + case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; + case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; + case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; + case MIFARE_AUTH_KEYA:{ + if ( cmdsize > 3) + snprintf(exp,size,"AUTH-A(%d)",cmd[1]); + else + // case MIFARE_ULEV1_VERSION : both 0x60. + snprintf(exp,size,"EV1 VERSION"); + break; + } + case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B(%d)",cmd[1]); break; + case MIFARE_MAGICWUPC1: snprintf(exp,size,"MAGIC WUPC1"); break; + case MIFARE_MAGICWUPC2: snprintf(exp,size,"MAGIC WUPC2"); break; + case MIFARE_MAGICWIPEC: snprintf(exp,size,"MAGIC WIPEC"); break; + case MIFARE_ULC_AUTH_1: snprintf(exp,size,"AUTH "); break; + case MIFARE_ULC_AUTH_2: snprintf(exp,size,"AUTH_ANSW"); break; + case MIFARE_ULEV1_AUTH: + if ( cmdsize == 7 ) + snprintf(exp,size,"PWD-AUTH KEY: 0x%02x%02x%02x%02x", cmd[1], cmd[2], cmd[3], cmd[4] ); + else + snprintf(exp,size,"PWD-AUTH"); + break; + case MIFARE_ULEV1_FASTREAD:{ + if ( cmdsize >=3 && cmd[2] <= 0xE6) + snprintf(exp,size,"READ RANGE (%d-%d)",cmd[1],cmd[2]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULC_WRITE:{ + if ( cmd[1] < 0x21 ) + snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULEV1_READ_CNT:{ + if ( cmd[1] < 5 ) + snprintf(exp,size,"READ CNT(%d)",cmd[1]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULEV1_INCR_CNT:{ + if ( cmd[1] < 5 ) + snprintf(exp,size,"INCR(%d)",cmd[1]); + else + snprintf(exp,size,"?"); + break; + } + case MIFARE_ULEV1_READSIG: snprintf(exp,size,"READ_SIG"); break; + case MIFARE_ULEV1_CHECKTEAR: snprintf(exp,size,"CHK_TEARING(%d)",cmd[1]); break; + case MIFARE_ULEV1_VCSL: snprintf(exp,size,"VCSL"); break; + default: snprintf(exp,size,"?"); break; } return; } @@ -287,13 +186,33 @@ void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) } } } + +/** +06 00 = INITIATE +0E xx = SELECT ID (xx = Chip-ID) +0B = Get UID +08 yy = Read Block (yy = block number) +09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written) +0C = Reset to Inventory +0F = Completion +0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate) +**/ + void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { switch(cmd[0]){ case ISO14443B_REQB : snprintf(exp,size,"REQB");break; case ISO14443B_ATTRIB : snprintf(exp,size,"ATTRIB");break; case ISO14443B_HALT : snprintf(exp,size,"HALT");break; - default: snprintf(exp,size ,"?");break; + case ISO14443B_INITIATE : snprintf(exp,size,"INITIATE");break; + case ISO14443B_SELECT : snprintf(exp,size,"SELECT(%d)",cmd[1]);break; + case ISO14443B_GET_UID : snprintf(exp,size,"GET UID");break; + case ISO14443B_READ_BLK : snprintf(exp,size,"READ_BLK(%d)", cmd[1]);break; + case ISO14443B_WRITE_BLK : snprintf(exp,size,"WRITE_BLK(%d)",cmd[1]);break; + case ISO14443B_RESET : snprintf(exp,size,"RESET");break; + case ISO14443B_COMPLETION : snprintf(exp,size,"COMPLETION");break; + case ISO14443B_AUTHENTICATE : snprintf(exp,size,"AUTHENTICATE");break; + default : snprintf(exp,size ,"?");break; } } @@ -412,31 +331,12 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui if (tracepos + data_len + parity_len > traceLen) { return traceLen; } - uint8_t *frame = trace + tracepos; tracepos += data_len; uint8_t *parityBytes = trace + tracepos; tracepos += parity_len; - //--- Draw the data column - char line[16][110]; - for (int j = 0; j < data_len; j++) { - int oddparity = 0x01; - int k; - - for (k=0 ; k<8 ; k++) { - oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01); - } - - uint8_t parityBits = parityBytes[j>>3]; - - if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) { - sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]); - } else { - sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]); - } - } - //--- Draw the CRC column + //Check the CRC status uint8_t crcStatus = 2; if (data_len > 2) { @@ -464,6 +364,43 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui //0 CRC-command, CRC not ok //1 CRC-command, CRC ok //2 Not crc-command + + //--- Draw the data column + //char line[16][110]; + char line[16][110]; + + for (int j = 0; j < data_len && j/16 < 16; j++) { + + int oddparity = 0x01; + int k; + + for (k=0 ; k<8 ; k++) { + oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01); + } + uint8_t parityBits = parityBytes[j>>3]; + if (protocol != ISO_14443B && (isResponse || protocol == ISO_14443A) && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) { + snprintf(line[j/16]+(( j % 16) * 4),110, "%02x! ", frame[j]); + + } else { + snprintf(line[j/16]+(( j % 16) * 4),110, "%02x ", frame[j]); + } + + } + if(crcStatus == 1) + {//CRC-command + char *pos1 = line[(data_len-2)/16]+(((data_len-2) % 16) * 4)-1; + (*pos1) = '['; + char *pos2 = line[(data_len)/16]+(((data_len) % 16) * 4)-2; + (*pos2) = ']'; + } + if(data_len == 0) + { + if(data_len == 0){ + sprintf(line[0],""); + } + } + //--- Draw the CRC column + char *crc = (crcStatus == 0 ? "!crc" : (crcStatus == 1 ? " ok " : " ")); EndOfTransmissionTimestamp = timestamp + duration; @@ -478,8 +415,8 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui annotateIso14443b(explanation,sizeof(explanation),frame,data_len); } - int num_lines = (data_len - 1)/16 + 1; - for (int j = 0; j < num_lines; j++) { + int num_lines = MIN((data_len - 1)/16 + 1, 16); + for (int j = 0; j < num_lines ; j++) { if (j == 0) { PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s", (timestamp - first_timestamp), @@ -554,12 +491,13 @@ int CmdHFList(const char *Cmd) if (errors) { PrintAndLog("List protocol data in trace buffer."); - PrintAndLog("Usage: hf list [14a|14b|iclass] [f]"); + PrintAndLog("Usage: hf list [f]"); + PrintAndLog(" f - show frame delay times as well"); + PrintAndLog("Supported values:"); + PrintAndLog(" raw - just show raw data without annotations"); PrintAndLog(" 14a - interpret data as iso14443a communications"); PrintAndLog(" 14b - interpret data as iso14443b communications"); PrintAndLog(" iclass - interpret data as iclass communications"); - PrintAndLog(" raw - just show raw data"); - PrintAndLog(" f - show frame delay times as well"); PrintAndLog(""); PrintAndLog("example: hf list 14a f"); PrintAndLog("example: hf list iclass"); @@ -611,6 +549,40 @@ int CmdHFList(const char *Cmd) return 0; } +int CmdHFSearch(const char *Cmd){ + int ans = 0; + PrintAndLog(""); + ans = CmdHF14AReader("s"); + if (ans > 0) { + PrintAndLog("\nValid ISO14443A Tag Found - Quiting Search\n"); + return ans; + } + ans = HFiClassReader("", false, false); + if (ans) { + PrintAndLog("\nValid iClass Tag (or PicoPass Tag) Found - Quiting Search\n"); + return ans; + } + ans = HF14BInfo(false); + if (ans) { + PrintAndLog("\nValid ISO14443B Tag Found - Quiting Search\n"); + return ans; + } + ans = HF15Reader("", false); + if (ans) { + PrintAndLog("\nValid ISO15693 Tag Found - Quiting Search\n"); + return ans; + } + PrintAndLog("\nno known/supported 13.56 MHz tags found\n"); + return 0; +} + +int CmdHFSnoop(const char *Cmd) +{ + char * pEnd; + UsbCommand c = {CMD_HF_SNIFFER, {strtol(Cmd, &pEnd,0),strtol(pEnd, &pEnd,0),0}}; + SendCommand(&c); + return 0; +} static command_t CommandTable[] = { @@ -621,11 +593,13 @@ static command_t CommandTable[] = {"epa", CmdHFEPA, 1, "{ German Identification Card... }"}, {"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"}, {"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"}, - {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, - {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"}, + {"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"}, + {"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"}, {"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"}, - {"list", CmdHFList, 1, "List protocol data in trace buffer"}, - {NULL, NULL, 0, NULL} + {"list", CmdHFList, 1, "List protocol data in trace buffer"}, + {"search", CmdHFSearch, 1, "Search for known HF tags [preliminary]"}, + {"snoop", CmdHFSnoop, 0, " Generic HF Snoop"}, + {NULL, NULL, 0, NULL} }; int CmdHF(const char *Cmd)