]> git.zerfleddert.de Git - proxmark3-svn/blame - common/protocols.h
refactoring hf topaz reader
[proxmark3-svn] / common / protocols.h
CommitLineData
b67f7ec3
MHS
1#ifndef PROTOCOLS_H
2#define PROTOCOLS_H
3
4//The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501
5/*
6ISO14443A (usually NFC tags)
7 26 (7bits) = REQA
8 30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes)
9 A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK])
10 52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA)
11 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
12 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
13 95 20 = Anticollision of cascade level2
14 95 70 = Select of cascade level2
15 50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card)
16Mifare
17 60 = Authenticate with KeyA
18 61 = Authenticate with KeyB
19 40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A)
20 C0 = Decrement
21 C1 = Increment
22 C2 = Restore
23 B0 = Transfer
24Ultralight C
25 A0 = Compatibility Write (to accomodate MIFARE commands)
26 1A = Step1 Authenticate
27 AF = Step2 Authenticate
28
29
30ISO14443B
31 05 = REQB
32 1D = ATTRIB
33 50 = HALT
34SRIX4K (tag does not respond to 05)
35 06 00 = INITIATE
36 0E xx = SELECT ID (xx = Chip-ID)
37 0B = Get UID
38 08 yy = Read Block (yy = block number)
39 09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
40 0C = Reset to Inventory
41 0F = Completion
42 0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
43
44
45ISO15693
46 MANDATORY COMMANDS (all ISO15693 tags must support those)
47 01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
48 02 = Stay Quiet
49 OPTIONAL COMMANDS (not all tags support them)
50 20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
51 21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
52 22 = Lock Block
53 23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
54 25 = Select
55 26 = Reset to Ready
56 27 = Write AFI
57 28 = Lock AFI
58 29 = Write DSFID
59 2A = Lock DSFID
60 2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
61 2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)
62
63EM Microelectronic CUSTOM COMMANDS
64 A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type)
65 A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value)
66 B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info)
67 E4 = Login (followed by 1byte IC Manufacturer code+4bytes password)
68NXP/Philips CUSTOM COMMANDS
69 A0 = Inventory Read
70 A1 = Fast Inventory Read
71 A2 = Set EAS
72 A3 = Reset EAS
73 A4 = Lock EAS
74 A5 = EAS Alarm
75 A6 = Password Protect EAS
76 A7 = Write EAS ID
77 A8 = Read EPC
78 B0 = Inventory Page Read
79 B1 = Fast Inventory Page Read
80 B2 = Get Random Number
81 B3 = Set Password
82 B4 = Write Password
83 B5 = Lock Password
84 B6 = Bit Password Protection
85 B7 = Lock Page Protection Condition
86 B8 = Get Multiple Block Protection Status
87 B9 = Destroy SLI
88 BA = Enable Privacy
89 BB = 64bit Password Protection
90 40 = Long Range CMD (Standard ISO/TR7003:1990)
91 */
92
93#define ICLASS_CMD_ACTALL 0x0A
94#define ICLASS_CMD_READ_OR_IDENTIFY 0x0C
95#define ICLASS_CMD_SELECT 0x81
96#define ICLASS_CMD_PAGESEL 0x84
97#define ICLASS_CMD_READCHECK_KD 0x88
98#define ICLASS_CMD_READCHECK_KC 0x18
99#define ICLASS_CMD_CHECK 0x05
100#define ICLASS_CMD_DETECT 0x0F
101#define ICLASS_CMD_HALT 0x00
102#define ICLASS_CMD_UPDATE 0x87
103#define ICLASS_CMD_ACT 0x8E
104#define ICLASS_CMD_READ4 0x06
105
106
107#define ISO14443A_CMD_REQA 0x26
108#define ISO14443A_CMD_READBLOCK 0x30
109#define ISO14443A_CMD_WUPA 0x52
110#define ISO14443A_CMD_ANTICOLL_OR_SELECT 0x93
111#define ISO14443A_CMD_ANTICOLL_OR_SELECT_2 0x95
112#define ISO14443A_CMD_WRITEBLOCK 0xA0 // or 0xA2 ?
113#define ISO14443A_CMD_HALT 0x50
114#define ISO14443A_CMD_RATS 0xE0
115
116#define MIFARE_AUTH_KEYA 0x60
117#define MIFARE_AUTH_KEYB 0x61
16a95d76 118#define MIFARE_MAGICWUPC1 0x40
119#define MIFARE_MAGICWUPC2 0x43
120#define MIFARE_MAGICWIPEC 0x41
b67f7ec3
MHS
121#define MIFARE_CMD_INC 0xC0
122#define MIFARE_CMD_DEC 0xC1
123#define MIFARE_CMD_RESTORE 0xC2
124#define MIFARE_CMD_TRANSFER 0xB0
125
126#define MIFARE_ULC_WRITE 0xA0
127#define MIFARE_ULC_AUTH_1 0x1A
128#define MIFARE_ULC_AUTH_2 0xAF
129
130/**
13106 00 = INITIATE
1320E xx = SELECT ID (xx = Chip-ID)
1330B = Get UID
13408 yy = Read Block (yy = block number)
13509 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
1360C = Reset to Inventory
1370F = Completion
1380A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
139**/
140
141#define ISO14443B_REQB 0x05
142#define ISO14443B_ATTRIB 0x1D
143#define ISO14443B_HALT 0x50
144#define ISO14443B_INITIATE 0x06
145#define ISO14443B_SELECT 0x0E
146#define ISO14443B_GET_UID 0x0B
147#define ISO14443B_READ_BLK 0x08
148#define ISO14443B_WRITE_BLK 0x09
149#define ISO14443B_RESET 0x0C
150#define ISO14443B_COMPLETION 0x0F
151#define ISO14443B_AUTHENTICATE 0x0A
152
153//First byte is 26
154#define ISO15693_INVENTORY 0x01
155#define ISO15693_STAYQUIET 0x02
156//First byte is 02
157#define ISO15693_READBLOCK 0x20
158#define ISO15693_WRITEBLOCK 0x21
159#define ISO15693_LOCKBLOCK 0x22
160#define ISO15693_READ_MULTI_BLOCK 0x23
161#define ISO15693_SELECT 0x25
162#define ISO15693_RESET_TO_READY 0x26
163#define ISO15693_WRITE_AFI 0x27
164#define ISO15693_LOCK_AFI 0x28
165#define ISO15693_WRITE_DSFID 0x29
166#define ISO15693_LOCK_DSFID 0x2A
167#define ISO15693_GET_SYSTEM_INFO 0x2B
168#define ISO15693_READ_MULTI_SECSTATUS 0x2C
169
170
ee1eadee 171// Topaz command set:
172#define TOPAZ_REQA 0x26 // Request
173#define TOPAZ_WUPA 0x52 // WakeUp
174#define TOPAZ_RID 0x78 // Read ID
175#define TOPAZ_RALL 0x00 // Read All (all bytes)
176#define TOPAZ_READ 0x01 // Read (a single byte)
177#define TOPAZ_WRITE_E 0x53 // Write-with-erase (a single byte)
178#define TOPAZ_WRITE_NE 0x1a // Write-no-erase (a single byte)
48ece4a7 179// additional commands for Dynamic Memory Model
180#define TOPAZ_RSEG 0x10 // Read segment
181#define TOPAZ_READ8 0x02 // Read (eight bytes)
182#define TOPAZ_WRITE_E8 0x54 // Write-with-erase (eight bytes)
183#define TOPAZ_WRITE_NE8 0x1B // Write-no-erase (eight bytes)
ee1eadee 184
185
186#define ISO_14443A 0
187#define ICLASS 1
188#define ISO_14443B 2
189#define TOPAZ 3
b67f7ec3 190
1defcf60
MHS
191//-- Picopass fuses
192#define FUSE_FPERS 0x80
193#define FUSE_CODING1 0x40
194#define FUSE_CODING0 0x20
195#define FUSE_CRYPT1 0x10
196#define FUSE_CRYPT0 0x08
197#define FUSE_FPROD1 0x04
198#define FUSE_FPROD0 0x02
199#define FUSE_RA 0x01
200
201
202void printIclassDumpInfo(uint8_t* iclass_dump);
b67f7ec3
MHS
203
204#endif // PROTOCOLS_H
Impressum, Datenschutz