//-----------------------------------------------------------------------------
byte_t oddparity (const byte_t bt)
{
- return OddByteParity[bt];
+ return OddByteParity[bt];
}
uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
{
- int i;
- uint32_t dwPar = 0;
+ int i;
+ uint32_t dwPar = 0;
- // Generate the encrypted data
- for (i = 0; i < iLen; i++) {
- // Save the encrypted parity bit
- dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
- }
- return dwPar;
+ // Generate the encrypted data
+ for (i = 0; i < iLen; i++) {
+ // Save the encrypted parity bit
+ dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+ }
+ return dwPar;
}
void AppendCrc14443a(uint8_t* data, int len)
{
- ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
+ ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
}
// The function LogTrace() is also used by the iClass implementation in iClass.c
LEDsoff();
// init trace buffer
- iso14a_clear_trace();
+ iso14a_clear_trace();
// We won't start recording the frames that we acquire until we trigger;
// a good trigger condition to get started is probably when we see a
{
int i;
- ToSendReset();
+ ToSendReset();
// Correction bit, might be removed when not needed
ToSendStuffBit(0);
// 1
ToSend[++ToSendMax] = SEC_D;
- // Send stopbit
+ // Send stopbit
ToSend[++ToSendMax] = SEC_F;
// Flush the buffer in FPGA!!
ToSend[++ToSendMax] = SEC_F;
}
- // Convert from last byte pos to length
- ToSendMax++;
+ // Convert from last byte pos to length
+ ToSendMax++;
}
static void Code4bitAnswerAsTag(uint8_t cmd)
{
int i;
- ToSendReset();
+ ToSendReset();
// Correction bit, might be removed when not needed
ToSendStuffBit(0);
ToSend[++ToSendMax] = SEC_F;
}
- // Convert from last byte pos to length
- ToSendMax++;
+ // Convert from last byte pos to length
+ ToSendMax++;
}
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
{
- // Enable and clear the trace
+ // Enable and clear the trace
tracing = TRUE;
- iso14a_clear_trace();
+ iso14a_clear_trace();
// This function contains the tag emulation
uint8_t sak;
uint8_t *resp = NULL;
int respLen;
- // Longest possible response will be 16 bytes + 2 CRC = 18 bytes
+ // Longest possible response will be 16 bytes + 2 CRC = 18 bytes
// This will need
// 144 data bits (18 * 8)
// 18 parity bits
break;
}
- if (tracing) {
+ if (tracing) {
LogTrace(receivedCmd,len, 0, Uart.parityBits, TRUE);
- }
+ }
// doob - added loads of debug strings so we can see what the reader is saying to us during the sim as hi14alist is not populated
// Okay, look at the command now.
// resp = resp4; respLen = resp4Len; order = 4; // Do nothing
// respdata = &nack;
// respsize = sizeof(nack); // 4-bit answer
- EmSendCmdEx(data+(4*receivedCmd[0]),16,false);
+ EmSendCmdEx(data+(4*receivedCmd[0]),16,false);
Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]);
- // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
- respLen = 0;
+ // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
+ respLen = 0;
} else if(receivedCmd[0] == 0x50) { // Received a HALT
// DbpString("Reader requested we HALT!:");
// Do not respond
p_hi14a_card->uidlen = 0;
memset(p_hi14a_card->uid,0,10);
}
-
+
// clear uid
if (uid_ptr) {
memset(uid_ptr,0,10);
// SELECT_ALL
ReaderTransmit(sel_all,sizeof(sel_all), NULL);
if (!ReaderReceive(resp)) return 0;
-
+
// First backup the current uid
memcpy(uid_resp,resp,4);
uid_resp_len = 4;
// Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
-
- // calculate crypto UID. Always use last 4 Bytes.
- if(cuid_ptr) {
- *cuid_ptr = bytes_to_num(uid_resp, 4);
+
+ // calculate crypto UID. Always use last 4 Bytes.
+ if(cuid_ptr) {
+ *cuid_ptr = bytes_to_num(uid_resp, 4);
}
// Construct SELECT UID command
- memcpy(sel_uid+2,resp,5);
+ memcpy(sel_uid+2,resp,5);
AppendCrc14443a(sel_uid,7);
ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);
memcpy(uid_resp, uid_resp + 1, 3);
uid_resp_len = 3;
}
-
+
if(uid_ptr) {
memcpy(uid_ptr + (cascade_level*3), uid_resp, uid_resp_len);
}
-
+
if(p_hi14a_card) {
memcpy(p_hi14a_card->uid + (cascade_level*3), uid_resp, uid_resp_len);
p_hi14a_card->uidlen += uid_resp_len;
memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
p_hi14a_card->ats_len = len;
}
-
+
// reset the PCB block number
iso14_pcb_blocknum = 0;
return 1;
iso14a_command_t param = c->arg[0];
uint8_t * cmd = c->d.asBytes;
size_t len = c->arg[1];
+ size_t lenbits = c->arg[2];
uint32_t arg0 = 0;
byte_t buf[USB_CMD_DATA_SIZE];
- iso14a_clear_trace();
+ if(param & ISO14A_CONNECT) {
+ iso14a_clear_trace();
+ }
iso14a_set_tracing(true);
if(param & ISO14A_REQUEST_TRIGGER) {
if(param & ISO14A_CONNECT) {
iso14443a_setup();
- arg0 = iso14443a_select_card(NULL, (iso14a_card_select_t*)buf, NULL);
- cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(iso14a_card_select_t));
+ if(!(param & ISO14A_NO_SELECT)) {
+ iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
+ arg0 = iso14443a_select_card(NULL,card,NULL);
+ cmd_send(CMD_ACK,arg0,card->uidlen,0,buf,sizeof(iso14a_card_select_t));
+ }
}
if(param & ISO14A_SET_TIMEOUT) {
AppendCrc14443a(cmd,len);
len += 2;
}
- ReaderTransmit(cmd,len, NULL);
+ if(lenbits>0) {
+ ReaderTransmitBitsPar(cmd,lenbits,GetParity(cmd,lenbits/8), NULL);
+ } else {
+ ReaderTransmit(cmd,len, NULL);
+ }
arg0 = ReaderReceive(buf);
cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
}
#include "mifare.h"
static int CmdHelp(const char *Cmd);
+static void waitCmd(uint8_t iLen);
int CmdHF14AList(const char *Cmd)
{
return 0;
}
+int CmdHF14ACmdRaw(const char *cmd) {
+ UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
+ uint8_t reply=1;
+ uint8_t crc=0;
+ uint8_t power=0;
+ uint8_t active=0;
+ uint8_t active_select=0;
+ uint16_t numbits=0;
+ char buf[5]="";
+ int i=0;
+ uint8_t data[100];
+ unsigned int datalen=0, temp;
+
+ if (strlen(cmd)<2) {
+ PrintAndLog("Usage: hf 14a raw [-r] [-c] [-p] [-f] [-b] <number of bits> <0A 0B 0C ... hex>");
+ PrintAndLog(" -r do not read response");
+ PrintAndLog(" -c calculate and append CRC");
+ PrintAndLog(" -p leave the signal field ON after receive");
+ PrintAndLog(" -a active signal field ON without select");
+ PrintAndLog(" -s active signal field ON with select");
+ PrintAndLog(" -b number of bits to send. Useful for send partial byte");
+ return 0;
+ }
+
+ // strip
+ while (*cmd==' ' || *cmd=='\t') cmd++;
+
+ while (cmd[i]!='\0') {
+ if (cmd[i]==' ' || cmd[i]=='\t') { i++; continue; }
+ if (cmd[i]=='-') {
+ switch (cmd[i+1]) {
+ case 'r':
+ reply=0;
+ break;
+ case 'c':
+ crc=1;
+ break;
+ case 'p':
+ power=1;
+ break;
+ case 'a':
+ active=1;
+ break;
+ case 's':
+ active_select=1;
+ break;
+ case 'b':
+ sscanf(cmd+i+2,"%d",&temp);
+ numbits = temp & 0xFFFF;
+ i+=3;
+ while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
+ i-=2;
+ break;
+ default:
+ PrintAndLog("Invalid option");
+ return 0;
+ }
+ i+=2;
+ continue;
+ }
+ if ((cmd[i]>='0' && cmd[i]<='9') ||
+ (cmd[i]>='a' && cmd[i]<='f') ||
+ (cmd[i]>='A' && cmd[i]<='F') ) {
+ buf[strlen(buf)+1]=0;
+ buf[strlen(buf)]=cmd[i];
+ i++;
+
+ if (strlen(buf)>=2) {
+ sscanf(buf,"%x",&temp);
+ data[datalen]=(uint8_t)(temp & 0xff);
+ datalen++;
+ *buf=0;
+ }
+ continue;
+ }
+ PrintAndLog("Invalid char on input");
+ return 0;
+ }
+ if(crc && datalen>0)
+ {
+ uint8_t first, second;
+ ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
+ data[datalen++] = first;
+ data[datalen++] = second;
+ }
+
+ if(active || active_select)
+ {
+ c.arg[0] |= ISO14A_CONNECT;
+ if(active)
+ c.arg[0] |= ISO14A_NO_SELECT;
+ }
+ if(power)
+ c.arg[0] |= ISO14A_NO_DISCONNECT;
+ if(datalen>0)
+ c.arg[0] |= ISO14A_RAW;
+
+ c.arg[1] = datalen;
+ c.arg[2] = numbits;
+ memcpy(c.d.asBytes,data,datalen);
+
+ SendCommand(&c);
+
+ if (reply) {
+ if(active_select)
+ waitCmd(1);
+ if(datalen>0)
+ waitCmd(0);
+ } // if reply
+ return 0;
+}
+
+static void waitCmd(uint8_t iSelect)
+{
+ uint8_t *recv;
+ UsbCommand resp;
+ char *hexout;
+
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+ recv = resp.d.asBytes;
+ uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
+ PrintAndLog("received %i octets",iLen);
+ if(!iLen)
+ return;
+ hexout = (char *)malloc(iLen * 3 + 1);
+ if (hexout != NULL) {
+ uint8_t first, second;
+ for (int i = 0; i < iLen; i++) { // data in hex
+ sprintf(&hexout[i * 3], "%02hX ", recv[i]);
+ }
+ PrintAndLog("%s", hexout);
+ free(hexout);
+ } else {
+ PrintAndLog("malloc failed your client has low memory?");
+ }
+ } else {
+ PrintAndLog("timeout while waiting for reply.");
+ }
+}
+
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"cuids", CmdHF14ACUIDs, 0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
{"sim", CmdHF14ASim, 0, "<UID> -- Fake ISO 14443a tag"},
{"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"},
+ {"raw", CmdHF14ACmdRaw, 0, "Send raw hex data to tag"},
{NULL, NULL, 0, NULL}
};
projects / proxmark3-svn / commitdiff