X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/e8da77409040fddae64adc6cce1799bb388db121..fdcd43eb159b98ea8732ea4479ec1f7e38334f57:/client/cmdhf15.c?ds=inline

diff --git a/client/cmdhf15.c b/client/cmdhf15.c
index d3d97681..cc61d289 100644
--- a/client/cmdhf15.c
+++ b/client/cmdhf15.c
@@ -1,6 +1,7 @@
 //-----------------------------------------------------------------------------
 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
-// Modified 2010 by <adrian -at- atrox.at>
+// Modified 2010-2012 by <adrian -at- atrox.at>
+// Modified 2012 by <vsza at vsza.hu>
 //
 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
 // at your option, any later version. See the LICENSE.txt file for the text of
@@ -25,7 +26,8 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
-#include "proxusb.h"
+//#include "proxusb.h"
+#include "proxmark3.h"
 #include "data.h"
 #include "graph.h"
 #include "ui.h"
@@ -43,8 +45,6 @@
 #define AddCrc(data,datalen)  Iso15693AddCrc(data,datalen)
 #define sprintUID(target,uid)	Iso15693sprintUID(target,uid)
 
-static int CmdHelp(const char *Cmd);
-
 // structure and database for uid -> tagtype lookups 
 typedef struct { 
 	uint64_t uid;
@@ -54,6 +54,7 @@ typedef struct {
 
 
 const productName uidmapping[] = {
+	// UID, #significant Bits, "Vendor(+Product)"
 	{ 0xE001000000000000LL, 16, "Motorola" },
 	{ 0xE002000000000000LL, 16, "ST Microelectronics" },
 	{ 0xE003000000000000LL, 16, "Hitachi" },
@@ -65,6 +66,7 @@ const productName uidmapping[] = {
 	{ 0xE007000000000000LL, 16, "Texas Instrument; " },
 	{ 0xE007000000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit" },
 	{ 0xE007100000000000LL, 20, "Texas Instrument; Tag-it HF-I Plus Chip; 64x32bit" },
+	{ 0xE007800000000000LL, 23, "Texas Instrument; Tag-it HF-I Plus (RF-HDT-DVBB tag or Third Party Products)" },
 	{ 0xE007C00000000000LL, 23, "Texas Instrument; Tag-it HF-I Standard; 8x32bit" },
 	{ 0xE007C40000000000LL, 23, "Texas Instrument; Tag-it HF-I Pro; 8x23bit; password" },	
 	{ 0xE008000000000000LL, 16, "Fujitsu" },
@@ -78,8 +80,10 @@ const productName uidmapping[] = {
 	{ 0xE010000000000000LL, 16, "LG-Semiconductors" },
 	{ 0xE012000000000000LL, 16, "HID Corporation" },
 	{ 0xE016000000000000LL, 16, "EM-Marin SA (Skidata)" },
-	{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); no memory" },
+	{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" },
+	{ 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" },
 	{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" },
+	{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },
 	{ 0,0,"no tag-info available" } // must be the last entry
 };
 
@@ -89,7 +93,7 @@ const productName uidmapping[] = {
 // returns 1 if suceeded
 int getUID(uint8_t *buf) 
 {
-	UsbCommand *r;	
+	UsbCommand resp;
 	uint8_t *recv;
 	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
 	uint8_t *req=c.d.asBytes;
@@ -106,11 +110,9 @@ int getUID(uint8_t *buf)
 	
 		SendCommand(&c);
 		
-		r=WaitForResponseTimeout(CMD_ACK,1000);
-		
-		if (r!=NULL) {
-			recv = r->d.asBytes;
-			if (r->arg[0]>=12 && ISO15_CRC_CHECK==Crc(recv,12)) {
+		if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+			recv = resp.d.asBytes;
+			if (resp.arg[0]>=12 && ISO15_CRC_CHECK==Crc(recv,12)) {
 			   memcpy(buf,&recv[2],8);
 			   return 1;
 			} 
@@ -287,7 +289,7 @@ int CmdHF15Afi(const char *Cmd)
 
 // Reads all memory pages
 int CmdHF15DumpMem(const char*Cmd) {
-	UsbCommand *r;	
+	UsbCommand resp;
 	uint8_t uid[8];	
 	uint8_t *recv=NULL;
 	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
@@ -316,20 +318,18 @@ int CmdHF15DumpMem(const char*Cmd) {
 	
 		SendCommand(&c);
 		
-		r=WaitForResponseTimeout(CMD_ACK,1000);
-		
-		if (r!=NULL) {
-			recv = r->d.asBytes;
-			if (ISO15_CRC_CHECK==Crc(recv,r->arg[0])) {
+		if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+			recv = resp.d.asBytes;
+			if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
 				if (!(recv[0] & ISO15_RES_ERROR)) {
 					retry=0;
 					*output=0; // reset outputstring
 					sprintf(output, "Block %2i   ",blocknum);
-					for ( int i=1; i<r->arg[0]-2; i++) { // data in hex
-						sprintf(output+strlen(output),"%02hX ",recv[i]);					
+					for ( int i=1; i<resp.arg[0]-2; i++) { // data in hex
+						sprintf(output+strlen(output),"%02X ",recv[i]);
 					}					
 					strcat(output,"   "); 
-					for ( int i=1; i<r->arg[0]-2; i++) { // data in cleaned ascii
+					for ( int i=1; i<resp.arg[0]-2; i++) { // data in cleaned ascii
 						sprintf(output+strlen(output),"%c",(recv[i]>31 && recv[i]<127)?recv[i]:'.');					
 					}					
 					PrintAndLog("%s",output);	
@@ -341,14 +341,14 @@ int CmdHF15DumpMem(const char*Cmd) {
 				}
 			} // else PrintAndLog("crc");
 		} // else PrintAndLog("r null");
-		
 	} // retry
-	if (r && r->arg[0]<3) 
-		PrintAndLog("Lost Connection");
-	else if (r && ISO15_CRC_CHECK!=Crc(r->d.asBytes,r->arg[0]))
-		PrintAndLog("CRC Failed");
-	else 
-		PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); 
+  // TODO: need fix
+//	if (resp.arg[0]<3)
+//		PrintAndLog("Lost Connection");
+//	else if (ISO15_CRC_CHECK!=Crc(resp.d.asBytes,resp.arg[0]))
+//		PrintAndLog("CRC Failed");
+//	else 
+//		PrintAndLog("Tag returned Error %i: %s",recv[1],TagErrorStr(recv[1])); 
 	return 0;
 }
 
@@ -387,7 +387,7 @@ int CmdHF15Help(const char *Cmd)
 
 int CmdHF15CmdInquiry(const char *Cmd) 
 {
-	UsbCommand *r;	
+	UsbCommand resp;
 	uint8_t *recv;
 	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
 	uint8_t *req=c.d.asBytes;
@@ -402,15 +402,13 @@ int CmdHF15CmdInquiry(const char *Cmd)
 
 	SendCommand(&c);
 	
-	r=WaitForResponseTimeout(CMD_ACK,1000);
-	
-	if (r!=NULL) {
-		if (r->arg[0]>=12) {
-		   recv = r->d.asBytes;
+	if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+		if (resp.arg[0]>=12) {
+		   recv = resp.d.asBytes;
 		   PrintAndLog("UID=%s",sprintUID(NULL,&recv[2]));
 		   PrintAndLog("Tag Info: %s",getTagInfo(&recv[2]));	
 		} else {
-			PrintAndLog("Response to short, just %i bytes. No tag?\n",r->arg[0]);		
+			PrintAndLog("Response to short, just %i bytes. No tag?\n",resp.arg[0]);
 		}
 	} else {
 		PrintAndLog("timeout.");
@@ -435,7 +433,7 @@ int CmdHF15CmdDebug( const char *cmd) {
 
 
 int CmdHF15CmdRaw (const char *cmd) {
-	UsbCommand *r;	
+	UsbCommand resp;
 	uint8_t *recv;
 	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
 	int reply=1;
@@ -445,6 +443,7 @@ int CmdHF15CmdRaw (const char *cmd) {
 	int i=0;
 	uint8_t data[100];
 	unsigned int datalen=0, temp;
+	char *hexout;
 
 	
 	if (strlen(cmd)<3) {
@@ -509,12 +508,17 @@ int CmdHF15CmdRaw (const char *cmd) {
 	SendCommand(&c);
 	
 	if (reply) {
-		r=WaitForResponseTimeout(CMD_ACK,1000);
-	
-		if (r!=NULL) {
-			recv = r->d.asBytes;
-			PrintAndLog("received %i octets",r->arg[0]);
-			// TODO: output
+		if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+			recv = resp.d.asBytes;
+			PrintAndLog("received %i octets",resp.arg[0]);
+			hexout = (char *)malloc(resp.arg[0] * 3 + 1);
+			if (hexout != NULL) {
+				for (int i = 0; i < resp.arg[0]; i++) { // data in hex
+					sprintf(&hexout[i * 3], "%02X ", recv[i]);
+				}
+				PrintAndLog("%s", hexout);
+				free(hexout);
+			}
 		} else {
 			PrintAndLog("timeout while waiting for reply.");
 		}
@@ -524,6 +528,11 @@ int CmdHF15CmdRaw (const char *cmd) {
 }
 
 
+/**
+ * parses common HF 15 CMD parameters and prepares some data structures
+ * Parameters:
+ *  **cmd   	command line
+ */
 int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdlen) {
 	int temp;
 	uint8_t *req=c->d.asBytes, uid[8];
@@ -533,7 +542,7 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle
 	while (**cmd==' ' || **cmd=='\t') (*cmd)++;
 	
 	if (strstr(*cmd,"-2")==*cmd) {
-	 	c->arg[1]=0; // quse 1of256
+	 	c->arg[1]=0; // use 1of256
 	 	(*cmd)+=2;
 	}
 
@@ -570,6 +579,7 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle
 			reqlen+=iso15cmdlen;		   
 		   break;
 		case '*':
+			// we scan for the UID ourself
 			req[reqlen++]|= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | 
 		       ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
 		   memcpy(&req[reqlen],&iso15cmd[0],iso15cmdlen);
@@ -611,10 +621,179 @@ int prepareHF15Cmd(char **cmd, UsbCommand *c, uint8_t iso15cmd[], int iso15cmdle
 	return 1;
 }
 
+/**
+ * Commandline handling: HF15 CMD SYSINFO
+ * get system information from tag/VICC
+ */
+int CmdHF15CmdSysinfo(const char *Cmd) {
+	UsbCommand resp;
+	uint8_t *recv;
+	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
+	uint8_t *req=c.d.asBytes;
+	int reqlen=0;
+	char cmdbuf[100];
+	char *cmd=cmdbuf;
+	char output[2048]="";
+	int i;
+	
+	strncpy(cmd,Cmd,99);
+
+	// usage:
+	if (strlen(cmd)<1) {
+		PrintAndLog("Usage:  hf 15 cmd sysinfo    [options] <uid|s|u|*>");
+		PrintAndLog("           options:");
+		PrintAndLog("               -2        use slower '1 out of 256' mode");
+		PrintAndLog("           uid (either): ");
+		PrintAndLog("               <8B hex>  full UID eg E011223344556677");
+		PrintAndLog("               s         selected tag");
+		PrintAndLog("               u         unaddressed mode");
+		PrintAndLog("               *         scan for tag");
+		PrintAndLog("           start#:       page number to start 0-255");  
+		PrintAndLog("           count#:       number of pages");  
+		return 0;
+	}	
+	
+	prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_SYSINFO},1);	
+	reqlen=c.arg[0];
+	
+	reqlen=AddCrc(req,reqlen);
+	c.arg[0]=reqlen;
+
+	SendCommand(&c);
+
+	if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
+		recv = resp.d.asBytes;
+		if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
+			if (!(recv[0] & ISO15_RES_ERROR)) {
+				*output=0; // reset outputstring
+				for ( i=1; i<resp.arg[0]-2; i++) {
+					sprintf(output+strlen(output),"%02X ",recv[i]);
+				}					
+				strcat(output,"\n\r");
+				strcat(output,"UID = ");
+				strcat(output,sprintUID(NULL,recv+2));
+				strcat(output,"\n\r");
+				strcat(output,getTagInfo(recv+2)); //ABC
+				strcat(output,"\n\r");
+				i=10;
+				if (recv[1] & 0x01) 
+					sprintf(output+strlen(output),"DSFID supported, set to %02X\n\r",recv[i++]);
+				else 
+					strcat(output,"DSFID not supported\n\r");
+				if (recv[1] & 0x02) 
+					sprintf(output+strlen(output),"AFI supported, set to %03X\n\r",recv[i++]);
+				else 
+					strcat(output,"AFI not supported\n\r");
+				if (recv[1] & 0x04) {
+					strcat(output,"Tag provides info on memory layout (vendor dependent)\n\r");
+					sprintf(output+strlen(output)," %i (or %i) bytes/page x %i pages \n\r",
+							(recv[i+1]&0x1F)+1, (recv[i+1]&0x1F), recv[i]+1);
+					i+=2;
+				} else 
+					strcat(output,"Tag does not provide information on memory layout\n\r");
+				if (recv[1] & 0x08) sprintf(output+strlen(output),"IC reference given: %02X\n\r",recv[i++]);
+					else strcat(output,"IC reference not given\n\r");
 
 
+				PrintAndLog("%s",output);	
+			} else {
+				PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); 
+			}		   
+		} else {
+			PrintAndLog("CRC failed");
+		}
+	} else {
+		PrintAndLog("timeout: no answer");
+	}
+	
+	return 0;
+}
+
+/**
+ * Commandline handling: HF15 CMD READMULTI
+ * Read multiple blocks at once (not all tags support this)
+ */
+int CmdHF15CmdReadmulti(const char *Cmd) {
+	UsbCommand resp;
+	uint8_t *recv;
+	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
+	uint8_t *req=c.d.asBytes;
+	int reqlen=0, pagenum,pagecount;
+	char cmdbuf[100];
+	char *cmd=cmdbuf;
+	char output[2048]="";
+	
+	strncpy(cmd,Cmd,99);
+
+	// usage:
+	if (strlen(cmd)<3) {
+		PrintAndLog("Usage:  hf 15 cmd readmulti  [options] <uid|s|u|*> <start#> <count#>");
+		PrintAndLog("           options:");
+		PrintAndLog("               -2        use slower '1 out of 256' mode");
+		PrintAndLog("           uid (either): ");
+		PrintAndLog("               <8B hex>  full UID eg E011223344556677");
+		PrintAndLog("               s         selected tag");
+		PrintAndLog("               u         unaddressed mode");
+		PrintAndLog("               *         scan for tag");
+		PrintAndLog("           start#:       page number to start 0-255");  
+		PrintAndLog("           count#:       number of pages");  
+		return 0;
+	}	
+	
+	prepareHF15Cmd(&cmd, &c,(uint8_t[]){ISO15_CMD_READMULTI},1);	
+	reqlen=c.arg[0];
+
+	pagenum=strtol(cmd,NULL,0);
+
+	// skip to next space		
+	while (*cmd!=' ' && *cmd!='\t') cmd++;
+	// skip over the space
+	while (*cmd==' ' || *cmd=='\t') cmd++;
+
+	pagecount=strtol(cmd,NULL,0);
+	if (pagecount>0) pagecount--; // 0 means 1 page, 1 means 2 pages, ...	
+	
+	req[reqlen++]=(uint8_t)pagenum;
+	req[reqlen++]=(uint8_t)pagecount;
+	
+	reqlen=AddCrc(req,reqlen);
+	
+	c.arg[0]=reqlen;
+
+	SendCommand(&c);
+
+	if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
+		recv = resp.d.asBytes;
+		if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
+			if (!(recv[0] & ISO15_RES_ERROR)) {
+				*output=0; // reset outputstring
+				for ( int i=1; i<resp.arg[0]-2; i++) {
+					sprintf(output+strlen(output),"%02X ",recv[i]);
+				}					
+				strcat(output,"   ");
+				for ( int i=1; i<resp.arg[0]-2; i++) {
+					sprintf(output+strlen(output),"%c",recv[i]>31 && recv[i]<127?recv[i]:'.');					
+				}					
+				PrintAndLog("%s",output);	
+			} else {
+				PrintAndLog("Tag returned Error %i: %s",recv[0],TagErrorStr(recv[0])); 
+			}		   
+		} else {
+			PrintAndLog("CRC failed");
+		}
+	} else {
+		PrintAndLog("no answer");
+	}
+	
+	return 0;
+}
+
+/**
+ * Commandline handling: HF15 CMD READ
+ * Reads a single Block
+ */
 int CmdHF15CmdRead(const char *Cmd) {
-	UsbCommand *r;	
+	UsbCommand resp;
 	uint8_t *recv;
 	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
 	uint8_t *req=c.d.asBytes;
@@ -627,7 +806,7 @@ int CmdHF15CmdRead(const char *Cmd) {
 
 	// usage:
 	if (strlen(cmd)<3) {
-		PrintAndLog("Usage:  hf 15 cmd read    [options] <uid|s|*> <page#>");
+		PrintAndLog("Usage:  hf 15 cmd read    [options] <uid|s|u|*> <page#>");
 		PrintAndLog("           options:");
 		PrintAndLog("               -2        use slower '1 out of 256' mode");
 		PrintAndLog("           uid (either): ");
@@ -656,19 +835,17 @@ int CmdHF15CmdRead(const char *Cmd) {
 
 	SendCommand(&c);
 
-	r=WaitForResponseTimeout(CMD_ACK,1000);
-	
-	if (r!=NULL && r->arg[0]>2) {
-		recv = r->d.asBytes;
-		if (ISO15_CRC_CHECK==Crc(recv,r->arg[0])) {
+	if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && resp.arg[0]>2) {
+		recv = resp.d.asBytes;
+		if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
 			if (!(recv[0] & ISO15_RES_ERROR)) {
 				*output=0; // reset outputstring
 				//sprintf(output, "Block %2i   ",blocknum);
-				for ( int i=1; i<r->arg[0]-2; i++) {
-					sprintf(output+strlen(output),"%02hX ",recv[i]);					
+				for ( int i=1; i<resp.arg[0]-2; i++) {
+					sprintf(output+strlen(output),"%02X ",recv[i]);
 				}					
 				strcat(output,"   ");
-				for ( int i=2; i<r->arg[0]-2; i++) {
+				for ( int i=1; i<resp.arg[0]-2; i++) {
 					sprintf(output+strlen(output),"%c",recv[i]>31 && recv[i]<127?recv[i]:'.');					
 				}					
 				PrintAndLog("%s",output);	
@@ -686,8 +863,12 @@ int CmdHF15CmdRead(const char *Cmd) {
 }
 
 
+/**
+ * Commandline handling: HF15 CMD WRITE
+ * Writes a single Block - might run into timeout, even when successful
+ */
 int CmdHF15CmdWrite(const char *Cmd) {
-	UsbCommand *r;	
+	UsbCommand resp;
 	uint8_t *recv;
 	UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
 	uint8_t *req=c.d.asBytes;
@@ -700,7 +881,7 @@ int CmdHF15CmdWrite(const char *Cmd) {
 
 	// usage:
 	if (strlen(cmd)<3) {
-		PrintAndLog("Usage:  hf 15 cmd write    [options] <uid|s|*> <page#> <hexdata>");
+		PrintAndLog("Usage:  hf 15 cmd write    [options] <uid|s|u|*> <page#> <hexdata>");
 		PrintAndLog("           options:");
 		PrintAndLog("               -2        use slower '1 out of 256' mode");
 		PrintAndLog("               -o        set OPTION Flag (needed for TI)");
@@ -747,11 +928,9 @@ int CmdHF15CmdWrite(const char *Cmd) {
 
 	SendCommand(&c);
 
-	r=WaitForResponseTimeout(CMD_ACK,2000);
-	
-	if (r!=NULL && r->arg[0]>2) {
-		recv = r->d.asBytes;
-		if (ISO15_CRC_CHECK==Crc(recv,r->arg[0])) {
+	if (WaitForResponseTimeout(CMD_ACK,&resp,2000) && resp.arg[0]>2) {
+		recv = resp.d.asBytes;
+		if (ISO15_CRC_CHECK==Crc(recv,resp.arg[0])) {
 			if (!(recv[0] & ISO15_RES_ERROR)) {					
 				PrintAndLog("OK");	
 			} else {
@@ -761,7 +940,7 @@ int CmdHF15CmdWrite(const char *Cmd) {
 			PrintAndLog("CRC failed");
 		}
 	} else {
-		PrintAndLog("no answer");
+		PrintAndLog("timeout: no answer - data may be written anyway");
 	}
 	
 	return 0;
@@ -778,9 +957,8 @@ static command_t CommandTable15Cmd[] =
  */
 	{"read",    CmdHF15CmdRead,    0, "Read a block"},	
 	{"write",   CmdHF15CmdWrite,    0, "Write a block"},	
-/*
 	{"readmulti",CmdHF15CmdReadmulti,    0, "Reads multiple Blocks"},
-*/	
+	{"sysinfo",CmdHF15CmdSysinfo,    0, "Get Card Information"},
 	{"raw",		 CmdHF15CmdRaw,		0,	"Send raw hex data to tag"}, 
 	{"debug",    CmdHF15CmdDebug,    0, "Turn debugging on/off"},
 	{NULL, NULL, 0, NULL}