git.zerfleddert.de Git - proxmark3-svn/blob - client/lualibs/hf_reader.lua

   1 --[[
   2 THIS IS WORK IN PROGREESS, very much not finished.
   3
   4 This library utilises other libraries under the hood, but can be used as a generic reader for 13.56MHz tags.
   5 ]]
   6
   7 local reader14443A = require('read14a')
   8 local reader14443B = require('read14b')
   9 local cmds = require('commands')
  10 local TIMEOUT = 2000
  11
  12 local function sendToDevice(command, ignoreresponse)
  13         core.clearCommandBuffer()
  14         local err = core.SendCommand(command:getBytes())
  15         if err then
  16                 print(err)
  17                 return nil, err
  18         end
  19         if ignoreresponse then return nil,nil end
  20         local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
  21         return response,nil
  22 end
  23
  24 -------------------------------------------------------
  25 -- This will be moved to a separate 14443B library
  26 -------------------------------------------------------
  27
  28 local reader14443B = {
  29         read = reader14443B.read14443b()
  30 }
  31 -------------------------------------------------------
  32 -- This will be moved to a separate 1593 library
  33 -------------------------------------------------------
  34
  35 local function errorString15693(number)
  36         local errors = {}
  37         errors[0x01] =  "The command is not supported"
  38         errors[0x02] =  "The command is not recognised"
  39         errors[0x03] =  "The option is not supported."
  40         errors[0x0f] =  "Unknown error."
  41         errors[0x10] =  "The specified block is not available (doesn’t exist)."
  42         errors[0x11] =  "The specified block is already -locked and thus cannot be locked again"
  43         errors[0x12] =  "The specified block is locked and its content cannot be changed."
  44         errors[0x13] =  "The specified block was not successfully programmed."
  45         errors[0x14] =  "The specified block was not successfully locked."
  46
  47         return errors[number] or "Reserved for Future Use or Custom command error."
  48 end
  49 -------------------------------------------------------
  50 -- This will be moved to a separate 1593 library
  51 -------------------------------------------------------
  52
  53 local function parse15693(data)
  54         -- From common/iso15693tools.h :
  55         --[[
  56         #define ISO15_CRC_CHECK  ((uint16_t)(~0xF0B8 & 0xFFFF))         // use this for checking of a correct crc
  57         --]]
  58         -- But that is very strange. Basically what is says is:
  59         -- define ISO15_CRC_CHECK 0F47
  60         -- So we can just use that directly...
  61         -- The following code is based on cmdhf15.c around line 666 (NoTB!) and onwards
  62         if core.iso15693_crc(data, string.len(data)) ~= 0xF47 then
  63                 return nil, "CRC failed"
  64         elseif data[1] % 2 == 1 then
  65                 -- Above is a poor-mans bit check:
  66                 -- recv[0] & ISO15_RES_ERROR //(0x01)
  67                 local err = "Tag returned error %i: %s"
  68                 err = string.format(err, data[1],errorString15693(data[1]))
  69                 return nil, err
  70         end
  71         -- Finally, let the parsing begin...
  72         -- the UID is just the data in reverse... almost:
  73         --      0FC481FF70000104E001001B0301
  74         --         8877665544332211
  75         --  UID = E004010070FF81C4
  76         --        1122334455667788
  77         -- So, cut out the relevant part and reverse it
  78         local uid = data:sub(2,9):reverse()
  79         local uidStr = bin.unpack("H8", uid)
  80
  81         local _,manufacturer_code = bin.unpack("s",uid:sub(2,2))
  82         local _,tag_size = bin.unpack(">I",data:sub(12,13))
  83         local _,micref_modelcode = bin.unpack("s",data:sub(14,14))
  84
  85         return {
  86                 uid = uidStr,
  87                 manufacturer_code = manufacturer_code,
  88                 tag_size = tag_size,
  89                 micref_modelcode = micref_modelcode,
  90         }
  91 end
  92 -------------------------------------------------------
  93 -- This will be moved to a separate 1593 library
  94 -------------------------------------------------------
  95
  96 local function read15693()
  97         --[[
  98
  99         We start by trying this command:
 100
 101                 proxmark3> hf 15 cmd sysinfo -2 u
 102                 0F C4 81 FF 70 00 01 04 E0 01 00 1B 03 01
 103                 UID = E004010070FF81C4
 104                 Philips; IC SL2 ICS20
 105                 DSFID supported, set to 01
 106                 AFI supported, set to 000
 107                 Tag provides info on memory layout (vendor dependent)
 108                  4 (or 3) bytes/page x 28 pages
 109                 IC reference given: 01
 110
 111         This command is not always present in ISO15693 tags (it is an optional standard command) but if it is present usually the tags contain all the "colored" info above.
 112
 113         If the above command doesn't give an answer (see example below):
 114
 115                 proxmark3> hf 15 cmd sysinfo -2 u
 116                 timeout: no
 117
 118         we must send the MANDATORY (present in ALL iso15693 tags) command (the example below is sent to a tag different from the above one):
 119
 120                 proxmark3> hf 15 cmd inquiry
 121                 UID=E007C1A257394244
 122                 Tag Info: Texas Instrument; Tag-it HF-I Standard; 8x32bit
 123                 proxmark3>
 124
 125         From which we obtain less information than the above one.
 126         --]]
 127
 128         local command, result, info, err, data
 129         local data = "02"
 130         local datalen = string.len(data) / 2
 131         local speed = 1
 132         local recv = 1
 133         command = Command:new{cmd = cmds.CMD_ISO_15693_COMMAND,
 134                                                                 arg1 = datalen,arg2 = speed,arg3 =recv, data=data}
 135         -- These are defined in common/iso15693tools.h
 136
 137         -- #define ISO15_REQ_SUBCARRIER_SINGLE  0x00    // Tag should respond using one subcarrier (ASK)
 138         -- #define ISO15_REQ_DATARATE_HIGH              0x02    // Tag should respond using high data rate
 139         -- #define ISO15_REQ_NONINVENTORY               0x00
 140
 141         local result,err = sendToDevice(command)
 142
 143         if not result then
 144                 print(err)
 145                 return nil, "15693 sysinfo: no answer"
 146         end
 147
 148         local count,cmd,recvlen,arg1,arg2 = bin.unpack('LLLL',result)
 149         data = string.sub(result,recvlen)
 150         info, err = parse15693(data)
 151
 152         if err then
 153                 return nil, err
 154         end
 155
 156         return info
 157 end
 158
 159 local reader15693 = {
 160         read = read15693
 161 }
 162
 163
 164 ---
 165 -- This method library can be set waits or a 13.56 MHz tag, and when one is found, returns info about
 166 -- what tag it is.
 167 --
 168 -- @return if successfull: an table containing card info
 169 -- @return if unsuccessfull : nil, error
 170 local function waitForTag()
 171         print("Waiting for card... press any key to quit")
 172         local readers = {reader14443A, reader14443B, reader15693}
 173         local i = 0;
 174         while not core.ukbhit() do
 175                 i = (i % 3) +1
 176                 r = readers[i]
 177                 print("Reading with ",i)
 178                 res, err = r.read()
 179                 if res then return res end
 180                 print(err)
 181                         -- err means that there was no response from card
 182         end
 183         return nil, "Aborted by user"
 184 end
 185
 186 return {
 187         waitForTag = waitForTag,
 188 }