X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/e9f85d9e004281853585dd6fa1e52df97137ebd1..2ec645e9d71667875e9b8ab8b951fb3c686ff04d:/client/cmdhf14a.c?ds=inline diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index b404d449..21c97fa2 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -1,5 +1,6 @@ //----------------------------------------------------------------------------- // 2011, Merlok +// 2014, Peter Fillmore // Copyright (C) 2010 iZsh , Hagen Fritsch // // This code is licensed to you under the terms of the GNU GPL, version 2 or, @@ -107,6 +108,7 @@ const manufactureName manufactureMapping[] = { { 0x42, "3Alogics Inc Korea" }, { 0x43, "Top TroniQ Asia Limited Hong Kong" }, { 0x44, "Gentag Inc. USA" }, + { 0x56, "Sensible Object. UK" }, { 0x00, "no tag-info available" } // must be the last entry }; @@ -130,23 +132,27 @@ char* getTagInfo(uint8_t uid) { int usage_hf_14a_sim(void) { // PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n"); PrintAndLog("\n Emulating ISO/IEC 14443 type A tag with 4,7 byte UID\n"); - PrintAndLog("Usage: hf 14a sim t u x"); - PrintAndLog(" Options : "); - PrintAndLog(" h : this help"); - PrintAndLog(" t : 1 = MIFARE Classic"); + PrintAndLog("usage: hf 14a sim [h] t u [x] [e] [v]"); + PrintAndLog("options: "); + PrintAndLog(" h : This help"); + PrintAndLog(" t : 1 = MIFARE Classic 1k"); PrintAndLog(" 2 = MIFARE Ultralight"); PrintAndLog(" 3 = MIFARE Desfire"); PrintAndLog(" 4 = ISO/IEC 14443-4"); PrintAndLog(" 5 = MIFARE Tnp3xxx"); PrintAndLog(" 6 = MIFARE Mini"); PrintAndLog(" 7 = AMIIBO (NTAG 215), pack 0x8080"); + PrintAndLog(" 8 = MIFARE Classic 4k"); // PrintAndLog(" u : 4, 7 or 10 byte UID"); PrintAndLog(" u : 4, 7 byte UID"); - PrintAndLog(" x : (Optional) performs the 'reader attack', nr/ar attack against a legitimate reader"); - PrintAndLog("\n sample : hf 14a sim t 1 u 11223344 x"); - PrintAndLog(" : hf 14a sim t 1 u 11223344"); - PrintAndLog(" : hf 14a sim t 1 u 11223344556677"); -// PrintAndLog(" : hf 14a sim t 1 u 11223445566778899AA\n"); + PrintAndLog(" x : (Optional) Performs the 'reader attack', nr/ar attack against a reader"); + PrintAndLog(" e : (Optional) Fill simulator keys from found keys"); + PrintAndLog(" v : (Optional) Verbose"); + PrintAndLog("samples:"); + PrintAndLog(" hf 14a sim t 1 u 11223344 x"); + PrintAndLog(" hf 14a sim t 1 u 11223344"); + PrintAndLog(" hf 14a sim t 1 u 11223344556677"); +// PrintAndLog(" hf 14a sim t 1 u 11223445566778899AA\n"); return 0; } int usage_hf_14a_sniff(void){ @@ -215,16 +221,17 @@ int CmdHF14AReader(const char *Cmd) { ul_switch_off_field(); uint32_t tagT = GetHF14AMfU_Type(); - ul_print_type(tagT, 0); + if (tagT != UL_ERROR) + ul_print_type(tagT, 0); + else + PrintAndLog("TYPE: Possible AZTEK (iso14443a compliant)"); // reconnect for further tests c.arg[0] = ISO14A_CONNECT | ISO14A_NO_DISCONNECT; c.arg[1] = 0; c.arg[2] = 0; - clearCommandBuffer(); SendCommand(&c); - UsbCommand resp; WaitForResponse(CMD_ACK, &resp); @@ -383,7 +390,7 @@ int CmdHF14AReader(const char *Cmd) { // try to see if card responses to "chinese magic backdoor" commands. - uint8_t isOK = 0; + uint8_t isGeneration = 0; clearCommandBuffer(); c.cmd = CMD_MIFARE_CIDENT; c.arg[0] = 0; @@ -391,13 +398,17 @@ int CmdHF14AReader(const char *Cmd) { c.arg[2] = 0; SendCommand(&c); if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) - isOK = resp.arg[0] & 0xff; - - PrintAndLog("Answers to magic commands (GEN1): %s", (isOK ? "YES" : "NO") ); + isGeneration = resp.arg[0] & 0xff; + switch( isGeneration ){ + case 1: PrintAndLog("Answers to magic commands (GEN 1a): YES"); break; + case 2: PrintAndLog("Answers to magic commands (GEN 1b): YES"); break; + //case 4: PrintAndLog("Answers to magic commands (GEN 2): YES"); break; + default: PrintAndLog("Answers to magic commands: NO"); break; + } + // disconnect SendCommand(&cDisconnect); - return select_status; } @@ -439,7 +450,6 @@ int CmdHF14ACUIDs(const char *Cmd) { // ## simulate iso14443a tag // ## greg - added ability to specify tag UID int CmdHF14ASim(const char *Cmd) { - #define ATTACK_KEY_COUNT 8 bool errors = FALSE; uint8_t flags = 0; uint8_t tagtype = 1; @@ -447,7 +457,10 @@ int CmdHF14ASim(const char *Cmd) { uint8_t uid[10] = {0,0,0,0,0,0,0,0,0,0}; int uidlen = 0; bool useUIDfromEML = TRUE; - + bool setEmulatorMem = FALSE; + bool verbose = FALSE; + nonces_t data[1]; + while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'h': @@ -458,7 +471,7 @@ int CmdHF14ASim(const char *Cmd) { // Retrieve the tag type tagtype = param_get8ex(Cmd, cmdp+1, 0, 10); if (tagtype == 0) - errors = true; + errors = TRUE; cmdp += 2; break; case 'u': @@ -477,14 +490,24 @@ int CmdHF14ASim(const char *Cmd) { } cmdp += 2; break; + case 'v': + case 'V': + verbose = TRUE; + cmdp++; + break; case 'x': case 'X': flags |= FLAG_NR_AR_ATTACK; cmdp++; break; + case 'e': + case 'E': + setEmulatorMem = TRUE; + cmdp++; + break; default: PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = true; + errors = TRUE; break; } if(errors) break; @@ -496,25 +519,23 @@ int CmdHF14ASim(const char *Cmd) { if ( useUIDfromEML ) flags |= FLAG_UID_IN_EMUL; - PrintAndLog("Press pm3-button to abort simulation"); - UsbCommand c = {CMD_SIMULATE_TAG_ISO_14443a,{ tagtype, flags, 0 }}; memcpy(c.d.asBytes, uid, uidlen>>1); clearCommandBuffer(); SendCommand(&c); - - nonces_t data[ATTACK_KEY_COUNT*2]; UsbCommand resp; - + + PrintAndLog("Press pm3-button to abort simulation"); + while( !ukbhit() ){ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500) ) continue; - if ( !(flags & FLAG_NR_AR_ATTACK) ) break; if ( (resp.arg[0] & 0xffff) != CMD_SIMULATE_MIFARE_CARD ) break; - memcpy( data, resp.d.asBytes, sizeof(data) ); - readerAttack(data, TRUE); + memcpy(data, resp.d.asBytes, sizeof(data) ); + readerAttack(data[0], setEmulatorMem, verbose); } + showSectorTable(); return 0; } @@ -685,7 +706,8 @@ int CmdHF14ACmdRaw(const char *cmd) { return 0; } -static void waitCmd(uint8_t iSelect) { +static void waitCmd(uint8_t iSelect) +{ UsbCommand resp; uint16_t len = 0;