]> git.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlfhitag.c
projects / proxmark3-svn / blob
? search:


0fd8801b8e83010068e818e096361dafcdb4f58d
[proxmark3-svn] / client / cmdlfhitag.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2012 Roel Verdult
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Low frequency Hitag support
9 //-----------------------------------------------------------------------------
10
11 #include "cmdlfhitag.h"
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include "comms.h"
17 #include "ui.h"
18 #include "cmdparser.h"
19 #include "common.h"
20 #include "util.h"
21 #include "parity.h"
22 #include "hitag2.h"
23 #include "hitagS.h"
24 #include "cmdmain.h"
25
26 static int CmdHelp(const char *Cmd);
27
28 size_t nbytes(size_t nbits) {
29 return (nbits/8)+((nbits%8)>0);
30 }
31
32 int CmdLFHitagList(const char *Cmd)
33 {
34 uint8_t *got = malloc(USB_CMD_DATA_SIZE);
35
36 // Query for the actual size of the trace
37 UsbCommand response;
38 GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0, &response, -1, false);
39 uint16_t traceLen = response.arg[2];
40 if (traceLen > USB_CMD_DATA_SIZE) {
41 uint8_t *p = realloc(got, traceLen);
42 if (p == NULL) {
43 PrintAndLog("Cannot allocate memory for trace");
44 free(got);
45 return 2;
46 }
47 got = p;
48 GetFromBigBuf(got, traceLen, 0, NULL, -1, false);
49 }
50
51 PrintAndLog("recorded activity (TraceLen = %d bytes):");
52 PrintAndLog(" ETU :nbits: who bytes");
53 PrintAndLog("---------+-----+----+-----------");
54
55 int i = 0;
56 int prev = -1;
57 int len = strlen(Cmd);
58
59 char filename[FILE_PATH_SIZE] = { 0x00 };
60 FILE* pf = NULL;
61
62 if (len > FILE_PATH_SIZE)
63 len = FILE_PATH_SIZE;
64 memcpy(filename, Cmd, len);
65
66 if (strlen(filename) > 0) {
67 if ((pf = fopen(filename,"wb")) == NULL) {
68 PrintAndLog("Error: Could not open file [%s]",filename);
69 return 1;
70 }
71 }
72
73 for (;;) {
74
75 if(i > traceLen) { break; }
76
77 bool isResponse;
78 int timestamp = *((uint32_t *)(got+i));
79 if (timestamp & 0x80000000) {
80 timestamp &= 0x7fffffff;
81 isResponse = 1;
82 } else {
83 isResponse = 0;
84 }
85
86 int parityBits = *((uint32_t *)(got+i+4));
87 // 4 bytes of additional information...
88 // maximum of 32 additional parity bit information
89 //
90 // TODO:
91 // at each quarter bit period we can send power level (16 levels)
92 // or each half bit period in 256 levels.
93
94 int bits = got[i+8];
95 int len = nbytes(got[i+8]);
96
97 if (len > 100) {
98 break;
99 }
100 if (i + len > traceLen) { break;}
101
102 uint8_t *frame = (got+i+9);
103
104 // Break and stick with current result if buffer was not completely full
105 if (frame[0] == 0x44 && frame[1] == 0x44 && frame[3] == 0x44) { break; }
106
107 char line[1000] = "";
108 int j;
109 for (j = 0; j < len; j++) {
110
111 //if((parityBits >> (len - j - 1)) & 0x01) {
112 if (isResponse && (oddparity8(frame[j]) != ((parityBits >> (len - j - 1)) & 0x01))) {
113 sprintf(line+(j*4), "%02x! ", frame[j]);
114 }
115 else {
116 sprintf(line+(j*4), "%02x ", frame[j]);
117 }
118 }
119
120 PrintAndLog(" +%7d: %3d: %s %s",
121 (prev < 0 ? 0 : (timestamp - prev)),
122 bits,
123 (isResponse ? "TAG" : " "),
124 line);
125
126 if (pf) {
127 fprintf(pf," +%7d: %3d: %s %s\n",
128 (prev < 0 ? 0 : (timestamp - prev)),
129 bits,
130 (isResponse ? "TAG" : " "),
131 line);
132 }
133
134 prev = timestamp;
135 i += (len + 9);
136 }
137
138 if (pf) {
139 fclose(pf);
140 PrintAndLog("Recorded activity succesfully written to file: %s", filename);
141 }
142
143 free(got);
144 return 0;
145 }
146
147 int CmdLFHitagSnoop(const char *Cmd) {
148 UsbCommand c = {CMD_SNOOP_HITAG};
149 SendCommand(&c);
150 return 0;
151 }
152
153 int CmdLFHitagSim(const char *Cmd) {
154
155 UsbCommand c = {CMD_SIMULATE_HITAG};
156 char filename[FILE_PATH_SIZE] = { 0x00 };
157 FILE* pf;
158 bool tag_mem_supplied;
159 int len = strlen(Cmd);
160 if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
161 memcpy(filename, Cmd, len);
162
163 if (strlen(filename) > 0) {
164 if ((pf = fopen(filename,"rb+")) == NULL) {
165 PrintAndLog("Error: Could not open file [%s]",filename);
166 return 1;
167 }
168 tag_mem_supplied = true;
169 if (fread(c.d.asBytes,48,1,pf) == 0) {
170 PrintAndLog("Error: File reading error");
171 fclose(pf);
172 return 1;
173 }
174 fclose(pf);
175 } else {
176 tag_mem_supplied = false;
177 }
178
179 // Does the tag comes with memory
180 c.arg[0] = (uint32_t)tag_mem_supplied;
181
182 SendCommand(&c);
183 return 0;
184 }
185
186 int CmdLFHitagReader(const char *Cmd) {
187 UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
188 hitag_data* htd = (hitag_data*)c.d.asBytes;
189 hitag_function htf = param_get32ex(Cmd,0,0,10);
190
191 switch (htf) {
192 case 01: { //RHTSF_CHALLENGE
193 c = (UsbCommand){ CMD_READ_HITAG_S };
194 num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
195 num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
196 } break;
197 case 02: { //RHTSF_KEY
198 c = (UsbCommand){ CMD_READ_HITAG_S };
199 num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
200 } break;
201 case RHT2F_PASSWORD: {
202 num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
203 } break;
204 case RHT2F_AUTHENTICATE: {
205 num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
206 num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
207 } break;
208 case RHT2F_CRYPTO: {
209 num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
210 // num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
211 } break;
212 case RHT2F_TEST_AUTH_ATTEMPTS: {
213 // No additional parameters needed
214 } break;
215 case RHT2F_UID_ONLY: {
216 // No additional parameters needed
217 } break;
218 default: {
219 PrintAndLog("\nError: unkown reader function %d",htf);
220 PrintAndLog("");
221 PrintAndLog("Usage: hitag reader <Reader Function #>");
222 PrintAndLog("Reader Functions:");
223 PrintAndLog(" HitagS (0*)");
224 PrintAndLog(" 01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
225 PrintAndLog(" 02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
226 PrintAndLog(" Hitag1 (1*)");
227 PrintAndLog(" Hitag2 (2*)");
228 PrintAndLog(" 21 <password> (password mode)");
229 PrintAndLog(" 22 <nr> <ar> (authentication)");
230 PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
231 PrintAndLog(" 25 (test recorded authentications)");
232 PrintAndLog(" 26 just read UID");
233 return 1;
234 } break;
235 }
236
237 // Copy the hitag2 function into the first argument
238 c.arg[0] = htf;
239
240 // Send the command to the proxmark
241 clearCommandBuffer();
242 SendCommand(&c);
243
244 UsbCommand resp;
245 WaitForResponse(CMD_ACK,&resp);
246
247 // Check the return status, stored in the first argument
248 if (resp.arg[0] == false) return 1;
249
250 uint32_t id = bytes_to_num(resp.d.asBytes,4);
251
252 if (htf == RHT2F_UID_ONLY){
253 PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
254 } else {
255 char filename[256];
256 FILE* pf = NULL;
257
258 sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
259 if ((pf = fopen(filename,"wb")) == NULL) {
260 PrintAndLog("Error: Could not open file [%s]",filename);
261 return 1;
262 }
263
264 // Write the 48 tag memory bytes to file and finalize
265 fwrite(resp.d.asBytes,1,48,pf);
266 fclose(pf);
267
268 PrintAndLog("Succesfully saved tag memory to [%s]",filename);
269 }
270
271
272 return 0;
273 }
274
275
276 int CmdLFHitagSimS(const char *Cmd) {
277 UsbCommand c = { CMD_SIMULATE_HITAG_S };
278 char filename[FILE_PATH_SIZE] = { 0x00 };
279 FILE* pf;
280 bool tag_mem_supplied;
281 int len = strlen(Cmd);
282 if (len > FILE_PATH_SIZE)
283 len = FILE_PATH_SIZE;
284 memcpy(filename, Cmd, len);
285
286 if (strlen(filename) > 0) {
287 if ((pf = fopen(filename, "rb+")) == NULL) {
288 PrintAndLog("Error: Could not open file [%s]", filename);
289 return 1;
290 }
291 tag_mem_supplied = true;
292 if (fread(c.d.asBytes, 4*64, 1, pf) == 0) {
293 PrintAndLog("Error: File reading error");
294 fclose(pf);
295 return 1;
296 }
297 fclose(pf);
298 } else {
299 tag_mem_supplied = false;
300 }
301
302 // Does the tag comes with memory
303 c.arg[0] = (uint32_t) tag_mem_supplied;
304
305 SendCommand(&c);
306 return 0;
307 }
308
309 int CmdLFHitagCheckChallenges(const char *Cmd) {
310 UsbCommand c = { CMD_TEST_HITAGS_TRACES };
311 char filename[FILE_PATH_SIZE] = { 0x00 };
312 FILE* pf;
313 bool file_given;
314 int len = strlen(Cmd);
315 if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
316 memcpy(filename, Cmd, len);
317
318 if (strlen(filename) > 0) {
319 if ((pf = fopen(filename,"rb+")) == NULL) {
320 PrintAndLog("Error: Could not open file [%s]",filename);
321 return 1;
322 }
323 file_given = true;
324 if (fread(c.d.asBytes,8*60,1,pf) == 0) {
325 PrintAndLog("Error: File reading error");
326 fclose(pf);
327 return 1;
328 }
329 fclose(pf);
330 } else {
331 file_given = false;
332 }
333
334 //file with all the challenges to try
335 c.arg[0] = (uint32_t)file_given;
336
337 SendCommand(&c);
338 return 0;
339 }
340
341
342 int CmdLFHitagWP(const char *Cmd) {
343 UsbCommand c = { CMD_WR_HITAG_S };
344 hitag_data* htd = (hitag_data*)c.d.asBytes;
345 hitag_function htf = param_get32ex(Cmd,0,0,10);
346 switch (htf) {
347 case 03: { //WHTSF_CHALLENGE
348 num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
349 c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
350 num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
351 } break;
352 case 04:
353 case 24:
354 { //WHTSF_KEY
355 num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
356 c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
357 num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
358
359 } break;
360 default: {
361 PrintAndLog("Error: unkown writer function %d",htf);
362 PrintAndLog("Hitag writer functions");
363 PrintAndLog(" HitagS (0*)");
364 PrintAndLog(" 03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
365 PrintAndLog(" 04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
366 PrintAndLog(" Hitag1 (1*)");
367 PrintAndLog(" Hitag2 (2*)");
368 PrintAndLog(" 24 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
369 return 1;
370 } break;
371 }
372 // Copy the hitag function into the first argument
373 c.arg[0] = htf;
374
375 // Send the command to the proxmark
376 SendCommand(&c);
377
378 UsbCommand resp;
379 WaitForResponse(CMD_ACK,&resp);
380
381 // Check the return status, stored in the first argument
382 if (resp.arg[0] == false) return 1;
383 return 0;
384 }
385
386
387 static command_t CommandTable[] =
388 {
389 {"help", CmdHelp, 1, "This help"},
390 {"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
391 {"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
392 {"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
393 {"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
394 {"writer", CmdLFHitagWP, 1, "Act like a Hitag Writer" },
395 {"simS", CmdLFHitagSimS, 1, "<hitagS.hts> Simulate HitagS transponder" },
396 {"checkChallenges", CmdLFHitagCheckChallenges, 1, "<challenges.cc> test all challenges" }, {
397 NULL,NULL, 0, NULL }
398 };
399
400 int CmdLFHitag(const char *Cmd)
401 {
402 CmdsParse(CommandTable, Cmd);
403 return 0;
404 }
405
406 int CmdHelp(const char *Cmd)
407 {
408 CmdsHelp(CommandTable);
409 return 0;
410 }
Proxmark3 GIT tracking
Impressum, Datenschutz