]> git.zerfleddert.de Git - proxmark3-svn/blame - client/lualibs/hf_reader.lua
Experimenting with hacking iclass
[proxmark3-svn] / client / lualibs / hf_reader.lua
CommitLineData
e26df842 1--[[
5198f2e2 2THIS IS WORK IN PROGREESS, very much not finished.
3
4This library utilises other libraries under the hood, but can be used as a generic reader for 13.56MHz tags.
5]]
6
7local reader14443A = require('read14a')
e26df842 8local cmds = require('commands')
9local TIMEOUT = 1000
5198f2e2 10
11local function sendToDevice(command, ignoreresponse)
12 core.clearCommandBuffer()
13 local err = core.SendCommand(command:getBytes())
14 if err then
15 print(err)
16 return nil, err
17 end
18 if ignoreresponse then return nil,nil end
5198f2e2 19 local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
20 return response,nil
21end
22
23-------------------------------------------------------
24-- This will be moved to a separate 14443B library
25-------------------------------------------------------
26
27local function read14443B()
28 return nil, "Not implemented"
29end
30local reader14443B = {
31 read = read14443B
32}
33
34
35-------------------------------------------------------
36-- This will be moved to a separate 1593 library
37-------------------------------------------------------
38
39local function errorString15693(number)
e26df842 40 local errors = {}
41 errors[0x01] = "The command is not supported"
42 errors[0x02] = "The command is not recognised"
43 errors[0x03] = "The option is not supported."
44 errors[0x0f] = "Unknown error."
45 errors[0x10] = "The specified block is not available (doesn’t exist)."
46 errors[0x11] = "The specified block is already -locked and thus cannot be locked again"
47 errors[0x12] = "The specified block is locked and its content cannot be changed."
48 errors[0x13] = "The specified block was not successfully programmed."
49 errors[0x14] = "The specified block was not successfully locked."
50
5198f2e2 51 return errors[number] or "Reserved for Future Use or Custom command error."
52end
53-------------------------------------------------------
54-- This will be moved to a separate 1593 library
55-------------------------------------------------------
56
57local function parse15693(data)
58 -- From common/iso15693tools.h :
59 --[[
60 #define ISO15_CRC_CHECK ((uint16_t)(~0xF0B8 & 0xFFFF)) // use this for checking of a correct crc
61 --]]
62 -- But that is very strange. Basically what is says is:
63 -- define ISO15_CRC_CHECK 0F47
64 -- So we can just use that directly...
65 -- The following code is based on cmdhf15.c around line 666 (NoTB!) and onwards
66 if core.iso15693_crc(data, string.len(data)) ~= 0xF47 then
67 return nil, "CRC failed"
e26df842 68 elseif data[1] % 2 == 1 then
5198f2e2 69 -- Above is a poor-mans bit check:
70 -- recv[0] & ISO15_RES_ERROR //(0x01)
71 local err = "Tag returned error %i: %s"
72 err = string.format(err, data[1],errorString15693(data[1]))
73 return nil, err
74 end
75 -- Finally, let the parsing begin...
76 -- the UID is just the data in reverse... almost:
77 -- 0FC481FF70000104E001001B0301
78 -- 8877665544332211
79 -- UID = E004010070FF81C4
80 -- 1122334455667788
81 -- So, cut out the relevant part and reverse it
82 local uid = data:sub(2,9):reverse()
83 local uidStr = bin.unpack("H8", uid)
84
85 local _,manufacturer_code = bin.unpack("s",uid:sub(2,2))
86 local _,tag_size = bin.unpack(">I",data:sub(12,13))
87 local _,micref_modelcode = bin.unpack("s",data:sub(14,14))
88
89 return {
90 uid = uidStr,
91 manufacturer_code = manufacturer_code,
92 tag_size = tag_size,
93 micref_modelcode = micref_modelcode,
94 }
95end
96-------------------------------------------------------
97-- This will be moved to a separate 1593 library
98-------------------------------------------------------
99
100local function read15693()
e26df842 101 --[[
5198f2e2 102
103 We start by trying this command:
104
105 proxmark3> hf 15 cmd sysinfo -2 u
106 0F C4 81 FF 70 00 01 04 E0 01 00 1B 03 01
107 UID = E004010070FF81C4
108 Philips; IC SL2 ICS20
109 DSFID supported, set to 01
110 AFI supported, set to 000
111 Tag provides info on memory layout (vendor dependent)
112 4 (or 3) bytes/page x 28 pages
113 IC reference given: 01
114
115 This command is not always present in ISO15693 tags (it is an optional standard command) but if it is present usually the tags contain all the "colored" info above.
116
117 If the above command doesn't give an answer (see example below):
118
119 proxmark3> hf 15 cmd sysinfo -2 u
120 timeout: no
121
122 we must send the MANDATORY (present in ALL iso15693 tags) command (the example below is sent to a tag different from the above one):
123
124 proxmark3> hf 15 cmd inquiry
125 UID=E007C1A257394244
126 Tag Info: Texas Instrument; Tag-it HF-I Standard; 8x32bit
127 proxmark3>
128
129 From which we obtain less information than the above one.
e26df842 130 --]]
5198f2e2 131
132 local command, result, info, err, data
133 local data = "02"
134 local datalen = string.len(data) / 2
135 local speed = 1
136 local recv = 1
137 command = Command:new{cmd = cmds.CMD_ISO_15693_COMMAND,
138 arg1 = datalen,arg2 = speed,arg3 =recv, data=data}
139 -- These are defined in common/iso15693tools.h
140
141 -- #define ISO15_REQ_SUBCARRIER_SINGLE 0x00 // Tag should respond using one subcarrier (ASK)
142 -- #define ISO15_REQ_DATARATE_HIGH 0x02 // Tag should respond using high data rate
143 -- #define ISO15_REQ_NONINVENTORY 0x00
144
145 local result,err = sendToDevice(command)
146
147 if not result then
148 print(err)
149 return nil, "15693 sysinfo: no answer"
150 end
151
152 local count,cmd,recvLen,arg1,arg2 = bin.unpack('LLLL',result)
153 data = string.sub(result,recvlen)
154 info, err = parse15693(data)
155
156 if err then
157 return nil, err
158 end
159
160 return info
161end
162
5198f2e2 163local reader15693 = {
164 read = read15693
165}
166
167
168---
169-- This method library can be set waits or a 13.56 MHz tag, and when one is found, returns info about
170-- what tag it is.
171--
172-- @return if successfull: an table containing card info
173-- @return if unsuccessfull : nil, error
174local function waitForTag()
175 print("Waiting for card... press any key to quit")
e26df842 176 local readers = {reader14443A, reader14443B, reader15693}
177 local i = 0;
5198f2e2 178 while not core.ukbhit() do
e26df842 179 i = (i % 3) +1
180 r = readers[i]
181 print("Reading with ",i)
182 res, err = r.read()
183 if res then return res end
184 print(err)
5198f2e2 185 -- err means that there was no response from card
186 end
187 return nil, "Aborted by user"
e26df842 188end
189
190return {
191 waitForTag = waitForTag,
192}
Impressum, Datenschutz