05ddb52c |
1 | //----------------------------------------------------------------------------- |
2 | // Copyright (C) 2015 Piwi |
3 | // |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
5 | // at your option, any later version. See the LICENSE.txt file for the text of |
6 | // the license. |
7 | //----------------------------------------------------------------------------- |
8 | // High frequency Topaz (NFC Type 1) commands |
9 | //----------------------------------------------------------------------------- |
10 | |
11 | #include <stdio.h> |
12 | #include <stdlib.h> |
13 | #include <string.h> |
14 | #include <unistd.h> |
15 | #include "cmdmain.h" |
16 | #include "cmdparser.h" |
17 | #include "cmdhftopaz.h" |
18 | #include "cmdhf14a.h" |
19 | #include "ui.h" |
48ece4a7 |
20 | #include "mifare.h" |
21 | #include "proxmark3.h" |
22 | #include "iso14443crc.h" |
23 | #include "protocols.h" |
24 | |
7624e8b2 |
25 | #define TOPAZ_STATIC_MEMORY (0x0f * 8) // 15 blocks with 8 Bytes each |
6e6f1099 |
26 | |
7624e8b2 |
27 | // a struct to describe a memory area which contains lock bits and the corresponding lockable memory area |
6e6f1099 |
28 | typedef struct dynamic_lock_area { |
29 | struct dynamic_lock_area *next; |
7624e8b2 |
30 | uint16_t byte_offset; // the address of the lock bits |
6e6f1099 |
31 | uint16_t size_in_bits; |
7624e8b2 |
32 | uint16_t first_locked_byte; // the address of the lockable area |
6e6f1099 |
33 | uint16_t bytes_locked_per_bit; |
34 | } dynamic_lock_area_t; |
35 | |
48ece4a7 |
36 | |
c5847ae8 |
37 | static struct { |
38 | uint8_t HR01[2]; |
39 | uint8_t uid[7]; |
7624e8b2 |
40 | uint16_t size; |
41 | uint8_t data_blocks[TOPAZ_STATIC_MEMORY/8][8]; // this memory is always there |
42 | uint8_t *dynamic_memory; // this memory can be there |
43 | dynamic_lock_area_t *dynamic_lock_areas; // lock area descriptors |
c5847ae8 |
44 | } topaz_tag; |
48ece4a7 |
45 | |
de15fc5f |
46 | |
48ece4a7 |
47 | static void topaz_switch_on_field(void) |
48 | { |
49 | UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_SELECT | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE, 0, 0}}; |
50 | SendCommand(&c); |
48ece4a7 |
51 | } |
52 | |
53 | |
54 | static void topaz_switch_off_field(void) |
55 | { |
56 | UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}}; |
57 | SendCommand(&c); |
48ece4a7 |
58 | } |
59 | |
60 | |
7624e8b2 |
61 | // send a raw topaz command, returns the length of the response (0 in case of error) |
de15fc5f |
62 | static int topaz_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response) |
48ece4a7 |
63 | { |
64 | UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE, len, 0}}; |
65 | memcpy(c.d.asBytes, cmd, len); |
66 | SendCommand(&c); |
67 | |
68 | UsbCommand resp; |
69 | WaitForResponse(CMD_ACK, &resp); |
70 | |
de15fc5f |
71 | if (resp.arg[0] > 0) { |
72 | memcpy(response, resp.d.asBytes, resp.arg[0]); |
73 | } |
74 | |
75 | return resp.arg[0]; |
48ece4a7 |
76 | } |
77 | |
78 | |
7624e8b2 |
79 | // calculate CRC bytes and send topaz command, returns the length of the response (0 in case of error) |
de15fc5f |
80 | static int topaz_send_cmd(uint8_t *cmd, uint8_t len, uint8_t *response) |
48ece4a7 |
81 | { |
82 | if (len > 1) { |
83 | uint8_t first, second; |
de15fc5f |
84 | ComputeCrc14443(CRC_14443_B, cmd, len-2, &first, &second); |
85 | cmd[len-2] = first; |
86 | cmd[len-1] = second; |
48ece4a7 |
87 | } |
88 | |
de15fc5f |
89 | return topaz_send_cmd_raw(cmd, len, response); |
48ece4a7 |
90 | } |
91 | |
92 | |
7624e8b2 |
93 | // select a topaz tag. Send WUPA and RID. |
de15fc5f |
94 | static int topaz_select(uint8_t *atqa, uint8_t *rid_response) |
48ece4a7 |
95 | { |
96 | // ToDo: implement anticollision |
de15fc5f |
97 | |
48ece4a7 |
98 | uint8_t wupa_cmd[] = {TOPAZ_WUPA}; |
de15fc5f |
99 | uint8_t rid_cmd[] = {TOPAZ_RID, 0, 0, 0, 0, 0, 0, 0, 0}; |
100 | |
48ece4a7 |
101 | topaz_switch_on_field(); |
de15fc5f |
102 | |
103 | if (!topaz_send_cmd(wupa_cmd, sizeof(wupa_cmd), atqa)) { |
104 | topaz_switch_off_field(); |
105 | return -1; // WUPA failed |
106 | } |
107 | |
108 | if (!topaz_send_cmd(rid_cmd, sizeof(rid_cmd), rid_response)) { |
109 | topaz_switch_off_field(); |
110 | return -2; // RID failed |
111 | } |
112 | |
113 | return 0; // OK |
114 | } |
115 | |
116 | |
7624e8b2 |
117 | // read all of the static memory of a selected Topaz tag. |
c5847ae8 |
118 | static int topaz_rall(uint8_t *uid, uint8_t *response) |
de15fc5f |
119 | { |
120 | uint8_t rall_cmd[] = {TOPAZ_RALL, 0, 0, 0, 0, 0, 0, 0, 0}; |
121 | |
122 | memcpy(&rall_cmd[3], uid, 4); |
c5847ae8 |
123 | if (!topaz_send_cmd(rall_cmd, sizeof(rall_cmd), response)) { |
de15fc5f |
124 | topaz_switch_off_field(); |
125 | return -1; // RALL failed |
126 | } |
127 | |
128 | return 0; |
48ece4a7 |
129 | } |
130 | |
05ddb52c |
131 | |
7624e8b2 |
132 | // read a block (8 Bytes) of a selected Topaz tag. |
133 | static int topaz_read_block(uint8_t *uid, uint8_t blockno, uint8_t *block_data) |
134 | { |
135 | uint8_t read8_cmd[] = {TOPAZ_READ8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
136 | uint8_t read8_response[11]; |
137 | |
138 | read8_cmd[1] = blockno; |
139 | memcpy(&read8_cmd[10], uid, 4); |
140 | if (!topaz_send_cmd(read8_cmd, sizeof(read8_cmd), read8_response)) { |
141 | topaz_switch_off_field(); |
142 | return -1; // READ8 failed |
143 | } |
144 | |
145 | memcpy(block_data, &read8_response[1], 8); |
146 | |
147 | return 0; |
148 | } |
149 | |
150 | |
151 | // read a segment (16 blocks = 128 Bytes) of a selected Topaz tag. Works only for tags with dynamic memory. |
152 | static int topaz_read_segment(uint8_t *uid, uint8_t segno, uint8_t *segment_data) |
153 | { |
154 | uint8_t rseg_cmd[] = {TOPAZ_RSEG, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
155 | uint8_t rseg_response[131]; |
156 | |
157 | rseg_cmd[1] = segno << 4; |
158 | memcpy(&rseg_cmd[10], uid, 4); |
159 | if (!topaz_send_cmd(rseg_cmd, sizeof(rseg_cmd), rseg_response)) { |
160 | topaz_switch_off_field(); |
161 | return -1; // RSEG failed |
162 | } |
163 | |
164 | memcpy(segment_data, &rseg_response[1], 128); |
165 | |
166 | return 0; |
167 | } |
168 | |
169 | |
170 | // search for the lock area descriptor for the lockable area including byteno |
6e6f1099 |
171 | static dynamic_lock_area_t *get_dynamic_lock_area(uint16_t byteno) |
172 | { |
173 | dynamic_lock_area_t *lock_area; |
174 | |
175 | lock_area = topaz_tag.dynamic_lock_areas; |
176 | |
177 | while (lock_area != NULL) { |
178 | if (byteno < lock_area->first_locked_byte) { |
179 | lock_area = lock_area->next; |
180 | } else { |
181 | return lock_area; |
182 | } |
183 | } |
184 | |
185 | return NULL; |
186 | } |
187 | |
188 | |
7624e8b2 |
189 | // check if a memory byte is locked. |
6e6f1099 |
190 | static bool topaz_byte_is_locked(uint16_t byteno) |
de15fc5f |
191 | { |
6e6f1099 |
192 | uint8_t *lockbits; |
193 | uint16_t locked_bytes_per_bit; |
194 | dynamic_lock_area_t *lock_area; |
195 | |
196 | if (byteno < TOPAZ_STATIC_MEMORY) { |
197 | lockbits = &topaz_tag.data_blocks[0x0e][0]; |
198 | locked_bytes_per_bit = 8; |
199 | } else { |
200 | lock_area = get_dynamic_lock_area(byteno); |
201 | if (lock_area == NULL) { |
202 | return false; |
7624e8b2 |
203 | } else { |
204 | lockbits = &topaz_tag.dynamic_memory[lock_area->byte_offset - TOPAZ_STATIC_MEMORY]; |
205 | locked_bytes_per_bit = lock_area->bytes_locked_per_bit; |
206 | byteno = byteno - lock_area->first_locked_byte; |
6e6f1099 |
207 | } |
6e6f1099 |
208 | } |
209 | |
210 | uint16_t blockno = byteno / locked_bytes_per_bit; |
7624e8b2 |
211 | if(lockbits[blockno/8] & (0x01 << (blockno % 8))) { |
de15fc5f |
212 | return true; |
213 | } else { |
214 | return false; |
215 | } |
216 | } |
217 | |
218 | |
7624e8b2 |
219 | // read and print the Capability Container |
de15fc5f |
220 | static int topaz_print_CC(uint8_t *data) |
221 | { |
222 | if(data[0] != 0xe1) { |
7624e8b2 |
223 | topaz_tag.size = TOPAZ_STATIC_MEMORY; |
de15fc5f |
224 | return -1; // no NDEF message |
225 | } |
226 | |
227 | PrintAndLog("Capability Container: %02x %02x %02x %02x", data[0], data[1], data[2], data[3]); |
228 | PrintAndLog(" %02x: NDEF Magic Number", data[0]); |
229 | PrintAndLog(" %02x: version %d.%d supported by tag", data[1], (data[1] & 0xF0) >> 4, data[1] & 0x0f); |
6e6f1099 |
230 | uint16_t memsize = (data[2] + 1) * 8; |
7624e8b2 |
231 | topaz_tag.size = memsize; |
6e6f1099 |
232 | topaz_tag.dynamic_memory = malloc(memsize - TOPAZ_STATIC_MEMORY); |
233 | PrintAndLog(" %02x: Physical Memory Size of this tag: %d bytes", data[2], memsize); |
de15fc5f |
234 | PrintAndLog(" %02x: %s / %s", data[3], |
235 | (data[3] & 0xF0) ? "(RFU)" : "Read access granted without any security", |
236 | (data[3] & 0x0F)==0 ? "Write access granted without any security" : (data[3] & 0x0F)==0x0F ? "No write access granted at all" : "(RFU)"); |
237 | return 0; |
238 | } |
239 | |
240 | |
7624e8b2 |
241 | // return type, length and value of a TLV, starting at memory position *TLV_ptr |
242 | static void get_TLV(uint8_t **TLV_ptr, uint8_t *TLV_type, uint16_t *TLV_length, uint8_t **TLV_value) |
de15fc5f |
243 | { |
7624e8b2 |
244 | *TLV_length = 0; |
245 | *TLV_value = NULL; |
de15fc5f |
246 | |
7624e8b2 |
247 | *TLV_type = **TLV_ptr; |
de15fc5f |
248 | *TLV_ptr += 1; |
7624e8b2 |
249 | switch (*TLV_type) { |
de15fc5f |
250 | case 0x00: // NULL TLV. |
251 | case 0xFE: // Terminator TLV. |
252 | break; |
253 | case 0x01: // Lock Control TLV |
254 | case 0x02: // Reserved Memory TLV |
255 | case 0x03: // NDEF message TLV |
256 | case 0xFD: // proprietary TLV |
7624e8b2 |
257 | *TLV_length = **TLV_ptr; |
de15fc5f |
258 | *TLV_ptr += 1; |
7624e8b2 |
259 | if (*TLV_length == 0xff) { |
260 | *TLV_length = **TLV_ptr << 8; |
de15fc5f |
261 | *TLV_ptr += 1; |
7624e8b2 |
262 | *TLV_length |= **TLV_ptr; |
de15fc5f |
263 | *TLV_ptr += 1; |
264 | } |
7624e8b2 |
265 | *TLV_value = *TLV_ptr; |
266 | *TLV_ptr += *TLV_length; |
de15fc5f |
267 | break; |
268 | default: // RFU |
269 | break; |
270 | } |
271 | } |
272 | |
273 | |
7624e8b2 |
274 | // lock area TLVs contain no information on the start of the respective lockable area. Lockable areas |
275 | // do not include the lock bits and reserved memory. We therefore need to adjust the start of the |
276 | // respective lockable areas accordingly |
277 | static void adjust_lock_areas(uint16_t block_start, uint16_t block_size) |
278 | { |
279 | dynamic_lock_area_t *lock_area = topaz_tag.dynamic_lock_areas; |
280 | while (lock_area != NULL) { |
281 | if (lock_area->first_locked_byte <= block_start) { |
282 | lock_area->first_locked_byte += block_size; |
283 | } |
284 | lock_area = lock_area->next; |
285 | } |
286 | } |
287 | |
288 | |
289 | // read and print the lock area and reserved memory TLVs |
290 | static void topaz_print_control_TLVs(uint8_t *memory) |
de15fc5f |
291 | { |
292 | uint8_t *TLV_ptr = memory; |
7624e8b2 |
293 | uint8_t TLV_type = 0; |
294 | uint16_t TLV_length; |
295 | uint8_t *TLV_value; |
de15fc5f |
296 | bool lock_TLV_present = false; |
7624e8b2 |
297 | bool reserved_memory_control_TLV_present = false; |
298 | uint16_t next_lockable_byte = 0x0f * 8; // first byte after static memory area |
de15fc5f |
299 | |
300 | while(*TLV_ptr != 0x03 && *TLV_ptr != 0xFD && *TLV_ptr != 0xFE) { |
301 | // all Lock Control TLVs shall be present before the NDEF message TLV, the proprietary TLV (and the Terminator TLV) |
7624e8b2 |
302 | get_TLV(&TLV_ptr, &TLV_type, &TLV_length, &TLV_value); |
303 | if (TLV_type == 0x01) { // a Lock Control TLV |
304 | uint8_t pages_addr = TLV_value[0] >> 4; |
305 | uint8_t byte_offset = TLV_value[0] & 0x0f; |
306 | uint16_t size_in_bits = TLV_value[1] ? TLV_value[1] : 256; |
307 | uint16_t size_in_bytes = (size_in_bits + 7)/8; |
308 | uint16_t bytes_per_page = 1 << (TLV_value[2] & 0x0f); |
309 | uint16_t bytes_locked_per_bit = 1 << (TLV_value[2] >> 4); |
310 | uint16_t area_start = pages_addr * bytes_per_page + byte_offset; |
6e6f1099 |
311 | PrintAndLog("Lock Area of %d bits at byte offset 0x%04x. Each Lock Bit locks %d bytes.", |
de15fc5f |
312 | size_in_bits, |
7624e8b2 |
313 | area_start, |
de15fc5f |
314 | bytes_locked_per_bit); |
315 | lock_TLV_present = true; |
6e6f1099 |
316 | dynamic_lock_area_t *old = topaz_tag.dynamic_lock_areas; |
317 | dynamic_lock_area_t *new = topaz_tag.dynamic_lock_areas; |
318 | if (old == NULL) { |
319 | new = topaz_tag.dynamic_lock_areas = (dynamic_lock_area_t *)malloc(sizeof(dynamic_lock_area_t)); |
320 | } else { |
321 | while(old->next != NULL) { |
322 | old = old->next; |
323 | } |
324 | new = old->next = (dynamic_lock_area_t *)malloc(sizeof(dynamic_lock_area_t)); |
325 | } |
326 | new->next = NULL; |
7624e8b2 |
327 | if (area_start <= next_lockable_byte) { |
328 | // lock areas are not lockable |
329 | next_lockable_byte += size_in_bytes; |
330 | } |
331 | new->first_locked_byte = next_lockable_byte; |
332 | new->byte_offset = area_start; |
6e6f1099 |
333 | new->size_in_bits = size_in_bits; |
334 | new->bytes_locked_per_bit = bytes_locked_per_bit; |
7624e8b2 |
335 | next_lockable_byte += size_in_bits * bytes_locked_per_bit; |
336 | } |
337 | if (TLV_type == 0x02) { // a Reserved Memory Control TLV |
338 | uint8_t pages_addr = TLV_value[0] >> 4; |
339 | uint8_t byte_offset = TLV_value[0] & 0x0f; |
340 | uint8_t size_in_bytes = TLV_value[1] ? TLV_value[1] : 256; |
341 | uint8_t bytes_per_page = 1 << (TLV_value[2] & 0x0f); |
342 | uint16_t area_start = pages_addr * bytes_per_page + byte_offset; |
343 | PrintAndLog("Reserved Memory of %d bytes at byte offset 0x%02x.", |
344 | size_in_bytes, |
345 | area_start); |
346 | reserved_memory_control_TLV_present = true; |
347 | adjust_lock_areas(area_start, size_in_bytes); // reserved memory areas are not lockable |
348 | if (area_start <= next_lockable_byte) { |
349 | next_lockable_byte += size_in_bytes; |
350 | } |
de15fc5f |
351 | } |
352 | } |
353 | |
354 | if (!lock_TLV_present) { |
355 | PrintAndLog("(No Lock Control TLV present)"); |
de15fc5f |
356 | } |
7624e8b2 |
357 | |
358 | if (!reserved_memory_control_TLV_present) { |
359 | PrintAndLog("(No Reserved Memory Control TLV present)"); |
360 | } |
de15fc5f |
361 | } |
362 | |
363 | |
7624e8b2 |
364 | // read all of the dynamic memory |
365 | static int topaz_read_dynamic_data(void) |
de15fc5f |
366 | { |
7624e8b2 |
367 | // first read the remaining block of segment 0 |
368 | if(topaz_read_block(topaz_tag.uid, 0x0f, &topaz_tag.dynamic_memory[0]) == -1) { |
369 | PrintAndLog("Error while reading dynamic memory block %02x. Aborting...", 0x0f); |
370 | return -1; |
371 | } |
de15fc5f |
372 | |
7624e8b2 |
373 | // read the remaining segments |
374 | uint8_t max_segment = topaz_tag.size / 128 - 1; |
375 | for(uint8_t segment = 1; segment <= max_segment; segment++) { |
376 | if(topaz_read_segment(topaz_tag.uid, segment, &topaz_tag.dynamic_memory[(segment-1)*128+8]) == -1) { |
377 | PrintAndLog("Error while reading dynamic memory block %02x. Aborting...", 0x0f); |
378 | return -1; |
de15fc5f |
379 | } |
380 | } |
381 | |
7624e8b2 |
382 | return 0; |
383 | } |
384 | |
385 | |
386 | // read and print the dynamic memory |
387 | static void topaz_print_dynamic_data(void) |
388 | { |
389 | if (topaz_tag.size > TOPAZ_STATIC_MEMORY) { |
390 | PrintAndLog("Dynamic Data blocks:"); |
391 | if (topaz_read_dynamic_data() == 0) { |
392 | PrintAndLog("block# | offset | Data | Locked(y/n)"); |
393 | char line[80]; |
394 | for (uint16_t blockno = 0x0f; blockno < topaz_tag.size/8; blockno++) { |
395 | uint8_t *block_data = &topaz_tag.dynamic_memory[(blockno-0x0f)*8]; |
396 | char lockbits[9]; |
397 | for (uint16_t j = 0; j < 8; j++) { |
398 | sprintf(&line[3*j], "%02x ", block_data[j]); |
399 | lockbits[j] = topaz_byte_is_locked(blockno*8+j) ? 'y' : 'n'; |
400 | } |
401 | lockbits[8] = '\0'; |
402 | PrintAndLog(" 0x%02x | 0x%04x | %s| %-3s", blockno, blockno*8, line, lockbits); |
403 | } |
404 | } |
de15fc5f |
405 | } |
406 | } |
407 | |
408 | |
409 | static void topaz_print_lifecycle_state(uint8_t *data) |
410 | { |
7624e8b2 |
411 | // to be done |
de15fc5f |
412 | } |
413 | |
414 | |
415 | static void topaz_print_NDEF(uint8_t *data) |
416 | { |
7624e8b2 |
417 | // to be done. |
de15fc5f |
418 | } |
419 | |
7624e8b2 |
420 | |
421 | // read a Topaz tag and print some usefull information |
05ddb52c |
422 | int CmdHFTopazReader(const char *Cmd) |
423 | { |
de15fc5f |
424 | int status; |
425 | uint8_t atqa[2]; |
426 | uint8_t rid_response[8]; |
427 | uint8_t *uid_echo = &rid_response[2]; |
c5847ae8 |
428 | uint8_t rall_response[124]; |
de15fc5f |
429 | |
430 | status = topaz_select(atqa, rid_response); |
431 | |
432 | if (status == -1) { |
433 | PrintAndLog("Error: couldn't receive ATQA"); |
434 | return -1; |
435 | } |
436 | |
437 | PrintAndLog("ATQA : %02x %02x", atqa[1], atqa[0]); |
438 | if (atqa[1] != 0x0c && atqa[0] != 0x00) { |
439 | PrintAndLog("Tag doesn't support the Topaz protocol."); |
440 | topaz_switch_off_field(); |
441 | return -1; |
442 | } |
443 | |
444 | if (status == -2) { |
445 | PrintAndLog("Error: tag didn't answer to RID"); |
446 | topaz_switch_off_field(); |
447 | return -1; |
448 | } |
449 | |
c5847ae8 |
450 | topaz_tag.HR01[0] = rid_response[0]; |
451 | topaz_tag.HR01[1] = rid_response[1]; |
452 | |
de15fc5f |
453 | // ToDo: CRC check |
454 | PrintAndLog("HR0 : %02x (%sa Topaz tag (%scapable of carrying a NDEF message), %s memory map)", rid_response[0], |
455 | (rid_response[0] & 0xF0) == 0x10 ? "" : "not ", |
456 | (rid_response[0] & 0xF0) == 0x10 ? "" : "not ", |
457 | (rid_response[0] & 0x0F) == 0x10 ? "static" : "dynamic"); |
458 | PrintAndLog("HR1 : %02x", rid_response[1]); |
459 | |
c5847ae8 |
460 | status = topaz_rall(uid_echo, rall_response); |
de15fc5f |
461 | |
462 | if(status == -1) { |
463 | PrintAndLog("Error: tag didn't answer to RALL"); |
464 | topaz_switch_off_field(); |
465 | return -1; |
466 | } |
467 | |
c5847ae8 |
468 | memcpy(topaz_tag.uid, rall_response+2, 7); |
de15fc5f |
469 | PrintAndLog("UID : %02x %02x %02x %02x %02x %02x %02x", |
c5847ae8 |
470 | topaz_tag.uid[6], |
471 | topaz_tag.uid[5], |
472 | topaz_tag.uid[4], |
473 | topaz_tag.uid[3], |
474 | topaz_tag.uid[2], |
475 | topaz_tag.uid[1], |
476 | topaz_tag.uid[0]); |
de15fc5f |
477 | PrintAndLog(" UID[6] (Manufacturer Byte) = %02x, Manufacturer: %s", |
c5847ae8 |
478 | topaz_tag.uid[6], |
479 | getTagInfo(topaz_tag.uid[6])); |
480 | |
7624e8b2 |
481 | memcpy(topaz_tag.data_blocks, rall_response+2, 0x0f*8); |
de15fc5f |
482 | PrintAndLog(""); |
483 | PrintAndLog("Static Data blocks 00 to 0c:"); |
6e6f1099 |
484 | PrintAndLog("block# | offset | Data | Locked(y/n)"); |
de15fc5f |
485 | char line[80]; |
486 | for (uint16_t i = 0; i <= 0x0c; i++) { |
7624e8b2 |
487 | char lockbits[9]; |
de15fc5f |
488 | for (uint16_t j = 0; j < 8; j++) { |
c5847ae8 |
489 | sprintf(&line[3*j], "%02x ", topaz_tag.data_blocks[i][j] /*rall_response[2 + 8*i + j]*/); |
7624e8b2 |
490 | lockbits[j] = topaz_byte_is_locked(i*8+j) ? 'y' : 'n'; |
de15fc5f |
491 | } |
7624e8b2 |
492 | lockbits[8] = '\0'; |
493 | PrintAndLog(" 0x%02x | 0x%04x | %s| %-3s", i, i*8, line, lockbits); |
de15fc5f |
494 | } |
495 | |
496 | PrintAndLog(""); |
497 | PrintAndLog("Static Reserved block 0d:"); |
498 | for (uint16_t j = 0; j < 8; j++) { |
c5847ae8 |
499 | sprintf(&line[3*j], "%02x ", topaz_tag.data_blocks[0x0d][j]); |
de15fc5f |
500 | } |
6e6f1099 |
501 | PrintAndLog(" 0x%02x | 0x%04x | %s| %-3s", 0x0d, 0x0d*8, line, "n/a"); |
de15fc5f |
502 | |
503 | PrintAndLog(""); |
c5847ae8 |
504 | PrintAndLog("Static Lockbits and OTP Bytes:"); |
de15fc5f |
505 | for (uint16_t j = 0; j < 8; j++) { |
c5847ae8 |
506 | sprintf(&line[3*j], "%02x ", topaz_tag.data_blocks[0x0e][j]); |
de15fc5f |
507 | } |
6e6f1099 |
508 | PrintAndLog(" 0x%02x | 0x%04x | %s| %-3s", 0x0e, 0x0e*8, line, "n/a"); |
de15fc5f |
509 | |
510 | PrintAndLog(""); |
511 | |
c5847ae8 |
512 | status = topaz_print_CC(&topaz_tag.data_blocks[1][0]); |
de15fc5f |
513 | |
514 | if (status == -1) { |
7624e8b2 |
515 | PrintAndLog("No NDEF message data present"); |
de15fc5f |
516 | topaz_switch_off_field(); |
517 | return 0; |
518 | } |
519 | |
520 | PrintAndLog(""); |
7624e8b2 |
521 | topaz_print_control_TLVs(&topaz_tag.data_blocks[1][4]); |
de15fc5f |
522 | |
523 | PrintAndLog(""); |
7624e8b2 |
524 | topaz_print_dynamic_data(); |
525 | |
c5847ae8 |
526 | topaz_print_lifecycle_state(&topaz_tag.data_blocks[1][0]); |
de15fc5f |
527 | |
c5847ae8 |
528 | topaz_print_NDEF(&topaz_tag.data_blocks[1][0]); |
de15fc5f |
529 | |
530 | topaz_switch_off_field(); |
05ddb52c |
531 | return 0; |
532 | } |
533 | |
534 | |
05ddb52c |
535 | int CmdHFTopazCmdRaw(const char *Cmd) |
536 | { |
7624e8b2 |
537 | PrintAndLog("not yet implemented. Use hf 14 raw with option -T."); |
05ddb52c |
538 | return 0; |
539 | } |
540 | |
541 | |
542 | static int CmdHelp(const char *Cmd); |
543 | |
544 | |
545 | static command_t CommandTable[] = |
546 | { |
547 | {"help", CmdHelp, 1, "This help"}, |
548 | {"reader", CmdHFTopazReader, 0, "Act like a Topaz reader"}, |
05ddb52c |
549 | {"snoop", CmdHF14ASnoop, 0, "Eavesdrop a Topaz reader-tag communication"}, |
550 | {"raw", CmdHFTopazCmdRaw, 0, "Send raw hex data to tag"}, |
551 | {NULL, NULL, 0, NULL} |
552 | }; |
553 | |
554 | |
555 | int CmdHFTopaz(const char *Cmd) { |
556 | // flush |
557 | WaitForResponseTimeout(CMD_ACK,NULL,100); |
558 | |
559 | // parse |
560 | CmdsParse(CommandTable, Cmd); |
561 | return 0; |
562 | } |
563 | |
7624e8b2 |
564 | |
05ddb52c |
565 | static int CmdHelp(const char *Cmd) |
566 | { |
567 | CmdsHelp(CommandTable); |
568 | return 0; |
569 | } |
570 | |
571 | |