]>
Commit | Line | Data |
---|---|---|
b67f7ec3 MHS |
1 | #ifndef PROTOCOLS_H |
2 | #define PROTOCOLS_H | |
3 | ||
4 | //The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501 | |
5 | /* | |
6 | ISO14443A (usually NFC tags) | |
7 | 26 (7bits) = REQA | |
8 | 30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes) | |
9 | A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK]) | |
10 | 52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA) | |
11 | 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) | |
12 | 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK) | |
13 | 95 20 = Anticollision of cascade level2 | |
14 | 95 70 = Select of cascade level2 | |
15 | 50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card) | |
16 | Mifare | |
17 | 60 = Authenticate with KeyA | |
18 | 61 = Authenticate with KeyB | |
19 | 40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A) | |
20 | C0 = Decrement | |
21 | C1 = Increment | |
22 | C2 = Restore | |
23 | B0 = Transfer | |
24 | Ultralight C | |
25 | A0 = Compatibility Write (to accomodate MIFARE commands) | |
26 | 1A = Step1 Authenticate | |
27 | AF = Step2 Authenticate | |
28 | ||
29 | ||
30 | ISO14443B | |
31 | 05 = REQB | |
32 | 1D = ATTRIB | |
33 | 50 = HALT | |
34 | SRIX4K (tag does not respond to 05) | |
35 | 06 00 = INITIATE | |
36 | 0E xx = SELECT ID (xx = Chip-ID) | |
37 | 0B = Get UID | |
38 | 08 yy = Read Block (yy = block number) | |
39 | 09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written) | |
40 | 0C = Reset to Inventory | |
41 | 0F = Completion | |
42 | 0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate) | |
43 | ||
44 | ||
45 | ISO15693 | |
46 | MANDATORY COMMANDS (all ISO15693 tags must support those) | |
47 | 01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes) | |
48 | 02 = Stay Quiet | |
49 | OPTIONAL COMMANDS (not all tags support them) | |
50 | 20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes) | |
51 | 21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes) | |
52 | 22 = Lock Block | |
53 | 23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC) | |
54 | 25 = Select | |
55 | 26 = Reset to Ready | |
56 | 27 = Write AFI | |
57 | 28 = Lock AFI | |
58 | 29 = Write DSFID | |
59 | 2A = Lock DSFID | |
60 | 2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes) | |
61 | 2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC) | |
62 | ||
63 | EM Microelectronic CUSTOM COMMANDS | |
64 | A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type) | |
65 | A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value) | |
66 | B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info) | |
67 | E4 = Login (followed by 1byte IC Manufacturer code+4bytes password) | |
68 | NXP/Philips CUSTOM COMMANDS | |
69 | A0 = Inventory Read | |
70 | A1 = Fast Inventory Read | |
71 | A2 = Set EAS | |
72 | A3 = Reset EAS | |
73 | A4 = Lock EAS | |
74 | A5 = EAS Alarm | |
75 | A6 = Password Protect EAS | |
76 | A7 = Write EAS ID | |
77 | A8 = Read EPC | |
78 | B0 = Inventory Page Read | |
79 | B1 = Fast Inventory Page Read | |
80 | B2 = Get Random Number | |
81 | B3 = Set Password | |
82 | B4 = Write Password | |
83 | B5 = Lock Password | |
84 | B6 = Bit Password Protection | |
85 | B7 = Lock Page Protection Condition | |
86 | B8 = Get Multiple Block Protection Status | |
87 | B9 = Destroy SLI | |
88 | BA = Enable Privacy | |
89 | BB = 64bit Password Protection | |
90 | 40 = Long Range CMD (Standard ISO/TR7003:1990) | |
91 | */ | |
92 | ||
93 | #define ICLASS_CMD_ACTALL 0x0A | |
94 | #define ICLASS_CMD_READ_OR_IDENTIFY 0x0C | |
95 | #define ICLASS_CMD_SELECT 0x81 | |
96 | #define ICLASS_CMD_PAGESEL 0x84 | |
97 | #define ICLASS_CMD_READCHECK_KD 0x88 | |
98 | #define ICLASS_CMD_READCHECK_KC 0x18 | |
99 | #define ICLASS_CMD_CHECK 0x05 | |
100 | #define ICLASS_CMD_DETECT 0x0F | |
101 | #define ICLASS_CMD_HALT 0x00 | |
102 | #define ICLASS_CMD_UPDATE 0x87 | |
103 | #define ICLASS_CMD_ACT 0x8E | |
104 | #define ICLASS_CMD_READ4 0x06 | |
105 | ||
106 | ||
107 | #define ISO14443A_CMD_REQA 0x26 | |
108 | #define ISO14443A_CMD_READBLOCK 0x30 | |
109 | #define ISO14443A_CMD_WUPA 0x52 | |
110 | #define ISO14443A_CMD_ANTICOLL_OR_SELECT 0x93 | |
111 | #define ISO14443A_CMD_ANTICOLL_OR_SELECT_2 0x95 | |
112 | #define ISO14443A_CMD_WRITEBLOCK 0xA0 // or 0xA2 ? | |
113 | #define ISO14443A_CMD_HALT 0x50 | |
114 | #define ISO14443A_CMD_RATS 0xE0 | |
115 | ||
116 | #define MIFARE_AUTH_KEYA 0x60 | |
117 | #define MIFARE_AUTH_KEYB 0x61 | |
16a95d76 | 118 | #define MIFARE_MAGICWUPC1 0x40 |
119 | #define MIFARE_MAGICWUPC2 0x43 | |
120 | #define MIFARE_MAGICWIPEC 0x41 | |
b67f7ec3 MHS |
121 | #define MIFARE_CMD_INC 0xC0 |
122 | #define MIFARE_CMD_DEC 0xC1 | |
123 | #define MIFARE_CMD_RESTORE 0xC2 | |
124 | #define MIFARE_CMD_TRANSFER 0xB0 | |
125 | ||
126 | #define MIFARE_ULC_WRITE 0xA0 | |
127 | #define MIFARE_ULC_AUTH_1 0x1A | |
128 | #define MIFARE_ULC_AUTH_2 0xAF | |
129 | ||
130 | /** | |
131 | 06 00 = INITIATE | |
132 | 0E xx = SELECT ID (xx = Chip-ID) | |
133 | 0B = Get UID | |
134 | 08 yy = Read Block (yy = block number) | |
135 | 09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written) | |
136 | 0C = Reset to Inventory | |
137 | 0F = Completion | |
138 | 0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate) | |
139 | **/ | |
140 | ||
141 | #define ISO14443B_REQB 0x05 | |
142 | #define ISO14443B_ATTRIB 0x1D | |
143 | #define ISO14443B_HALT 0x50 | |
144 | #define ISO14443B_INITIATE 0x06 | |
145 | #define ISO14443B_SELECT 0x0E | |
146 | #define ISO14443B_GET_UID 0x0B | |
147 | #define ISO14443B_READ_BLK 0x08 | |
148 | #define ISO14443B_WRITE_BLK 0x09 | |
149 | #define ISO14443B_RESET 0x0C | |
150 | #define ISO14443B_COMPLETION 0x0F | |
151 | #define ISO14443B_AUTHENTICATE 0x0A | |
152 | ||
153 | //First byte is 26 | |
154 | #define ISO15693_INVENTORY 0x01 | |
155 | #define ISO15693_STAYQUIET 0x02 | |
156 | //First byte is 02 | |
157 | #define ISO15693_READBLOCK 0x20 | |
158 | #define ISO15693_WRITEBLOCK 0x21 | |
159 | #define ISO15693_LOCKBLOCK 0x22 | |
160 | #define ISO15693_READ_MULTI_BLOCK 0x23 | |
161 | #define ISO15693_SELECT 0x25 | |
162 | #define ISO15693_RESET_TO_READY 0x26 | |
163 | #define ISO15693_WRITE_AFI 0x27 | |
164 | #define ISO15693_LOCK_AFI 0x28 | |
165 | #define ISO15693_WRITE_DSFID 0x29 | |
166 | #define ISO15693_LOCK_DSFID 0x2A | |
167 | #define ISO15693_GET_SYSTEM_INFO 0x2B | |
168 | #define ISO15693_READ_MULTI_SECSTATUS 0x2C | |
169 | ||
170 | ||
ee1eadee | 171 | // Topaz command set: |
172 | #define TOPAZ_REQA 0x26 // Request | |
173 | #define TOPAZ_WUPA 0x52 // WakeUp | |
174 | #define TOPAZ_RID 0x78 // Read ID | |
175 | #define TOPAZ_RALL 0x00 // Read All (all bytes) | |
176 | #define TOPAZ_READ 0x01 // Read (a single byte) | |
177 | #define TOPAZ_WRITE_E 0x53 // Write-with-erase (a single byte) | |
178 | #define TOPAZ_WRITE_NE 0x1a // Write-no-erase (a single byte) | |
48ece4a7 | 179 | // additional commands for Dynamic Memory Model |
180 | #define TOPAZ_RSEG 0x10 // Read segment | |
181 | #define TOPAZ_READ8 0x02 // Read (eight bytes) | |
182 | #define TOPAZ_WRITE_E8 0x54 // Write-with-erase (eight bytes) | |
183 | #define TOPAZ_WRITE_NE8 0x1B // Write-no-erase (eight bytes) | |
ee1eadee | 184 | |
185 | ||
186 | #define ISO_14443A 0 | |
187 | #define ICLASS 1 | |
188 | #define ISO_14443B 2 | |
189 | #define TOPAZ 3 | |
b67f7ec3 | 190 | |
1defcf60 MHS |
191 | //-- Picopass fuses |
192 | #define FUSE_FPERS 0x80 | |
193 | #define FUSE_CODING1 0x40 | |
194 | #define FUSE_CODING0 0x20 | |
195 | #define FUSE_CRYPT1 0x10 | |
196 | #define FUSE_CRYPT0 0x08 | |
197 | #define FUSE_FPROD1 0x04 | |
198 | #define FUSE_FPROD0 0x02 | |
199 | #define FUSE_RA 0x01 | |
200 | ||
201 | ||
202 | void printIclassDumpInfo(uint8_t* iclass_dump); | |
b67f7ec3 MHS |
203 | |
204 | #endif // PROTOCOLS_H |