[proxmark3-svn] / client / cmdlfhitag.c

//-----------------------------------------------------------------------------
// Copyright (C) 2012 Roel Verdult
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency Hitag support
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "data.h"
#include "proxusb.h"
#include "proxmark3.h"
#include "ui.h"
#include "cmdparser.h"
#include "common.h"
#include "util.h"
#include "hitag2.h"
#include "sleep.h"
#include "cmdmain.h"

static int CmdHelp(const char *Cmd);

int CmdLFHitagList(const char *Cmd)
{
  uint8_t got[3000];
  GetFromBigBuf(got,sizeof(got),0);
  WaitForResponse(CMD_ACK,NULL);

  char filename[256];
  FILE* pf = NULL;

  if (param_getstr(Cmd,0,filename)) {
    if (strlen(filename) > 0) {
      if ((pf = fopen(filename,"w")) == NULL) {
        PrintAndLog("Error: Could not open file [%s]",filename);
        return 1;
      }
    }
  }

  PrintAndLog("recorded activity:");
  PrintAndLog(" ETU     :rssi: who bytes");
  PrintAndLog("---------+----+----+-----------");

  int i = 0;
  int prev = -1;

  for (;;) {
    if(i >= 1900) {
      break;
    }

    bool isResponse;
    int timestamp = *((uint32_t *)(got+i));
    if (timestamp & 0x80000000) {
      timestamp &= 0x7fffffff;
      isResponse = 1;
    } else {
      isResponse = 0;
    }

    int metric = 0;
    int parityBits = *((uint32_t *)(got+i+4));
    // 4 bytes of additional information...
    // maximum of 32 additional parity bit information
    //
    // TODO:
    // at each quarter bit period we can send power level (16 levels)
    // or each half bit period in 256 levels.

    int len = got[i+8];

    if (len > 100) {
      break;
    }
    if (i + len >= 1900) {
      break;
    }

    uint8_t *frame = (got+i+9);

    // Break and stick with current result if buffer was not completely full
    if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }

    char line[1000] = "";
    int j;
    for (j = 0; j < len; j++) {
      int oddparity = 0x01;
      int k;

      for (k=0;k<8;k++) {
        oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
      }

      //if((parityBits >> (len - j - 1)) & 0x01) {
      if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
        sprintf(line+(j*4), "%02x!  ", frame[j]);
      }
      else {
        sprintf(line+(j*4), "%02x   ", frame[j]);
      }
    }

    char metricString[100];
    if (isResponse) {
      sprintf(metricString, "%3d", metric);
    } else {
      strcpy(metricString, "   ");
    }

    PrintAndLog(" +%7d: %s: %s %s",
      (prev < 0 ? 0 : (timestamp - prev)),
      metricString,
      (isResponse ? "TAG" : "   "),
      line);


   if (pf) {
      fprintf(pf," +%7d: %s: %s %s %s",
					(prev < 0 ? 0 : (timestamp - prev)),
					metricString,
					(isResponse ? "TAG" : "   "),
					line,
					"\n");
    }
	
    prev = timestamp;
    i += (len + 9);
  }
  
  if (pf) {
	  PrintAndLog("Recorded activity succesfully written to file: %s", filename);
    fclose(pf);
  }
	
  return 0;
}

int CmdLFHitagSnoop(const char *Cmd) {
  UsbCommand c = {CMD_SNOOP_HITAG};
  SendCommand(&c);
  return 0;
}

int CmdLFHitagSim(const char *Cmd) {
  UsbCommand c = {CMD_SIMULATE_HITAG};
	char filename[256] = { 0x00 };
	FILE* pf;
	bool tag_mem_supplied;

	param_getstr(Cmd,0,filename);
	
	if (strlen(filename) > 0) {
		if ((pf = fopen(filename,"rb+")) == NULL) {
			PrintAndLog("Error: Could not open file [%s]",filename);
			return 1;
		}
		tag_mem_supplied = true;
		fread(c.d.asBytes,48,1,pf);
		fclose(pf);
	} else {
		tag_mem_supplied = false;
	}
	
	// Does the tag comes with memory
	c.arg[0] = (uint32_t)tag_mem_supplied;

  SendCommand(&c);
  return 0;
}

int CmdLFHitagReader(const char *Cmd) {
//  UsbCommand c = {CMD_READER_HITAG};
	
//	param_get32ex(Cmd,1,0,16);
	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	hitag_data* htd = (hitag_data*)c.d.asBytes;
	hitag_function htf = param_get32ex(Cmd,0,0,10);
	
	switch (htf) {
		case RHT2F_PASSWORD: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
		} break;
		case RHT2F_AUTHENTICATE: {
			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case RHT2F_CRYPTO: {
			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
//			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
		} break;
		case RHT2F_TEST_AUTH_ATTEMPTS: {
			// No additional parameters needed
		} break;
		default: {
			PrintAndLog("Error: unkown reader function %d",htf);
			PrintAndLog("Hitag reader functions",htf);
			PrintAndLog(" HitagS (0*)",htf);
			PrintAndLog(" Hitag1 (1*)",htf);
			PrintAndLog(" Hitag2 (2*)",htf);
			PrintAndLog("  21 <password> (password mode)",htf);
			PrintAndLog("  22 <nr> <ar> (authentication)",htf);
			PrintAndLog("  23 <key> (authentication) key is in format: ISK high + ISK low",htf);
			PrintAndLog("  25 (test recorded authentications)",htf);
			return 1;
		} break;
	}

	// Copy the hitag2 function into the first argument
	c.arg[0] = htf;

  SendCommand(&c);
  return 0;
}

static command_t CommandTableHitag[] = 
{
  {"help",    CmdHelp,           1, "This help"},
  {"list",    CmdLFHitagList,    1, "List Hitag trace history"},
  {"reader",  CmdLFHitagReader,  1, "Act like a Hitag Reader"},
  {"sim",     CmdLFHitagSim,     1, "Simulate Hitag transponder"},
  {"snoop",   CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
		{NULL, NULL, 0, NULL}
};

int CmdLFHitag(const char *Cmd)
{
  CmdsParse(CommandTableHitag, Cmd);
  return 0;
}

int CmdHelp(const char *Cmd)
{
  CmdsHelp(CommandTableHitag);
  return 0;
}
Commit	Line	Data
db09cb3a	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2012 Roel Verdult
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Low frequency Hitag support
	9	//-----------------------------------------------------------------------------
	10
	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <string.h>
	14	#include "data.h"
	15	#include "proxusb.h"
902cb3c0	16	#include "proxmark3.h"
db09cb3a	17	#include "ui.h"
	18	#include "cmdparser.h"
	19	#include "common.h"
	20	#include "util.h"
	21	#include "hitag2.h"
902cb3c0	22	#include "sleep.h"
902cb3c0	23	#include "cmdmain.h"
db09cb3a	24
	25	static int CmdHelp(const char *Cmd);
	26
	27	int CmdLFHitagList(const char *Cmd)
	28	{
	29	uint8_t got[3000];
	30	GetFromBigBuf(got,sizeof(got),0);
902cb3c0	31	WaitForResponse(CMD_ACK,NULL);
902cb3c0	32
2d495a81	33	char filename[256];
902cb3c0	34	FILE* pf = NULL;
2d495a81	35
902cb3c0	36	if (param_getstr(Cmd,0,filename)) {
902cb3c0	37	if (strlen(filename) > 0) {
2d495a81	38	if ((pf = fopen(filename,"w")) == NULL) {
902cb3c0	39	PrintAndLog("Error: Could not open file [%s]",filename);
	40	return 1;
	41	}
	42	}
2d495a81	43	}
db09cb3a	44
	45	PrintAndLog("recorded activity:");
	46	PrintAndLog(" ETU :rssi: who bytes");
	47	PrintAndLog("---------+----+----+-----------");
	48
	49	int i = 0;
	50	int prev = -1;
	51
	52	for (;;) {
	53	if(i >= 1900) {
	54	break;
	55	}
	56
	57	bool isResponse;
	58	int timestamp = ((uint32_t )(got+i));
	59	if (timestamp & 0x80000000) {
	60	timestamp &= 0x7fffffff;
	61	isResponse = 1;
	62	} else {
	63	isResponse = 0;
	64	}
	65
	66	int metric = 0;
	67	int parityBits = ((uint32_t )(got+i+4));
	68	// 4 bytes of additional information...
	69	// maximum of 32 additional parity bit information
	70	//
	71	// TODO:
	72	// at each quarter bit period we can send power level (16 levels)
	73	// or each half bit period in 256 levels.
	74
	75	int len = got[i+8];
	76
	77	if (len > 100) {
	78	break;
	79	}
	80	if (i + len >= 1900) {
	81	break;
	82	}
	83
	84	uint8_t *frame = (got+i+9);
	85
	86	// Break and stick with current result if buffer was not completely full
	87	if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
	88
	89	char line[1000] = "";
	90	int j;
	91	for (j = 0; j < len; j++) {
	92	int oddparity = 0x01;
	93	int k;
	94
	95	for (k=0;k<8;k++) {
	96	oddparity ^= (((frame[j] & 0xFF) >> k) & 0x01);
	97	}
	98
	99	//if((parityBits >> (len - j - 1)) & 0x01) {
	100	if (isResponse && (oddparity != ((parityBits >> (len - j - 1)) & 0x01))) {
	101	sprintf(line+(j*4), "%02x! ", frame[j]);
	102	}
	103	else {
	104	sprintf(line+(j*4), "%02x ", frame[j]);
	105	}
	106	}
	107
108	char metricString[100];
109	if (isResponse) {
110	sprintf(metricString, "%3d", metric);
111	} else {
112	strcpy(metricString, " ");
113	}
114
115	PrintAndLog(" +%7d: %s: %s %s",
116	(prev < 0 ? 0 : (timestamp - prev)),
117	metricString,
118	(isResponse ? "TAG" : " "),
119	line);
120
2d495a81	121
902cb3c0	122	if (pf) {
2d495a81	123	fprintf(pf," +%7d: %s: %s %s %s",
	124	(prev < 0 ? 0 : (timestamp - prev)),
	125	metricString,
	126	(isResponse ? "TAG" : " "),
	127	line,
	128	"\n");
	129	}
	130
db09cb3a	131	prev = timestamp;
	132	i += (len + 9);
	133	}
2d495a81	134
902cb3c0	135	if (pf) {
2d495a81	136	PrintAndLog("Recorded activity succesfully written to file: %s", filename);
	137	fclose(pf);
	138	}
	139
	140	return 0;
db09cb3a	141	}
	142
	143	int CmdLFHitagSnoop(const char *Cmd) {
	144	UsbCommand c = {CMD_SNOOP_HITAG};
	145	SendCommand(&c);
	146	return 0;
	147	}
	148
	149	int CmdLFHitagSim(const char *Cmd) {
	150	UsbCommand c = {CMD_SIMULATE_HITAG};
bde10a50	151	char filename[256] = { 0x00 };
db09cb3a	152	FILE* pf;
	153	bool tag_mem_supplied;
	154
	155	param_getstr(Cmd,0,filename);
	156
	157	if (strlen(filename) > 0) {
	158	if ((pf = fopen(filename,"rb+")) == NULL) {
	159	PrintAndLog("Error: Could not open file [%s]",filename);
	160	return 1;
	161	}
	162	tag_mem_supplied = true;
	163	fread(c.d.asBytes,48,1,pf);
	164	fclose(pf);
	165	} else {
	166	tag_mem_supplied = false;
	167	}
	168
	169	// Does the tag comes with memory
	170	c.arg[0] = (uint32_t)tag_mem_supplied;
	171
	172	SendCommand(&c);
	173	return 0;
	174	}
	175
	176	int CmdLFHitagReader(const char *Cmd) {
	177	// UsbCommand c = {CMD_READER_HITAG};
	178
	179	// param_get32ex(Cmd,1,0,16);
	180	UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
	181	hitag_data* htd = (hitag_data*)c.d.asBytes;
	182	hitag_function htf = param_get32ex(Cmd,0,0,10);
	183
	184	switch (htf) {
	185	case RHT2F_PASSWORD: {
	186	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
	187	} break;
	188	case RHT2F_AUTHENTICATE: {
	189	num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
	190	num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	191	} break;
bde10a50	192	case RHT2F_CRYPTO: {
	193	num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
	194	// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
	195	} break;
db09cb3a	196	case RHT2F_TEST_AUTH_ATTEMPTS: {
	197	// No additional parameters needed
	198	} break;
	199	default: {
	200	PrintAndLog("Error: unkown reader function %d",htf);
	201	PrintAndLog("Hitag reader functions",htf);
	202	PrintAndLog(" HitagS (0*)",htf);
	203	PrintAndLog(" Hitag1 (1*)",htf);
	204	PrintAndLog(" Hitag2 (2*)",htf);
	205	PrintAndLog(" 21 <password> (password mode)",htf);
	206	PrintAndLog(" 22 <nr> <ar> (authentication)",htf);
219a334d	207	PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low",htf);
db09cb3a	208	PrintAndLog(" 25 (test recorded authentications)",htf);
	209	return 1;
	210	} break;
	211	}
	212
	213	// Copy the hitag2 function into the first argument
	214	c.arg[0] = htf;
	215
	216	SendCommand(&c);
	217	return 0;
	218	}
	219
	220	static command_t CommandTableHitag[] =
	221	{
	222	{"help", CmdHelp, 1, "This help"},
	223	{"list", CmdLFHitagList, 1, "List Hitag trace history"},
	224	{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
	225	{"sim", CmdLFHitagSim, 1, "Simulate Hitag transponder"},
	226	{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
	227	{NULL, NULL, 0, NULL}
	228	};
	229
	230	int CmdLFHitag(const char *Cmd)
	231	{
	232	CmdsParse(CommandTableHitag, Cmd);
	233	return 0;
	234	}
	235
	236	int CmdHelp(const char *Cmd)
	237	{
	238	CmdsHelp(CommandTableHitag);
	239	return 0;
	240	}