// for the time being. Need better Bigbuf handling.
#define TRACE_SIZE 3000
+//The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501
+/*
+ISO14443A (usually NFC tags)
+ 26 (7bits) = REQA
+ 30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes)
+ A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK])
+ 52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA)
+ 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
+ 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
+ 95 20 = Anticollision of cascade level2
+ 95 70 = Select of cascade level2
+ 50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card)
+Mifare
+ 60 = Authenticate with KeyA
+ 61 = Authenticate with KeyB
+ 40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A)
+ C0 = Decrement
+ C1 = Increment
+ C2 = Restore
+ B0 = Transfer
+Ultralight C
+ A0 = Compatibility Write (to accomodate MIFARE commands)
+ 1A = Step1 Authenticate
+ AF = Step2 Authenticate
+
+
+ISO14443B
+ 05 = REQB
+ 1D = ATTRIB
+ 50 = HALT
+SRIX4K (tag does not respond to 05)
+ 06 00 = INITIATE
+ 0E xx = SELECT ID (xx = Chip-ID)
+ 0B = Get UID
+ 08 yy = Read Block (yy = block number)
+ 09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
+ 0C = Reset to Inventory
+ 0F = Completion
+ 0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
+
+
+ISO15693
+ MANDATORY COMMANDS (all ISO15693 tags must support those)
+ 01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
+ 02 = Stay Quiet
+ OPTIONAL COMMANDS (not all tags support them)
+ 20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
+ 21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
+ 22 = Lock Block
+ 23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
+ 25 = Select
+ 26 = Reset to Ready
+ 27 = Write AFI
+ 28 = Lock AFI
+ 29 = Write DSFID
+ 2A = Lock DSFID
+ 2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
+ 2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)
+
+EM Microelectronic CUSTOM COMMANDS
+ A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type)
+ A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value)
+ B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info)
+ E4 = Login (followed by 1byte IC Manufacturer code+4bytes password)
+NXP/Philips CUSTOM COMMANDS
+ A0 = Inventory Read
+ A1 = Fast Inventory Read
+ A2 = Set EAS
+ A3 = Reset EAS
+ A4 = Lock EAS
+ A5 = EAS Alarm
+ A6 = Password Protect EAS
+ A7 = Write EAS ID
+ A8 = Read EPC
+ B0 = Inventory Page Read
+ B1 = Fast Inventory Page Read
+ B2 = Get Random Number
+ B3 = Set Password
+ B4 = Write Password
+ B5 = Lock Password
+ B6 = Bit Password Protection
+ B7 = Lock Page Protection Condition
+ B8 = Get Multiple Block Protection Status
+ B9 = Destroy SLI
+ BA = Enable Privacy
+ BB = 64bit Password Protection
+ 40 = Long Range CMD (Standard ISO/TR7003:1990)
+ */
+
#define ICLASS_CMD_ACTALL 0x0A
-#define ICLASS_CMD_IDENTIFY 0x0C
-#define ICLASS_CMD_READ 0x0C
+#define ICLASS_CMD_READ_OR_IDENTIFY 0x0C
#define ICLASS_CMD_SELECT 0x81
#define ICLASS_CMD_PAGESEL 0x84
#define ICLASS_CMD_READCHECK 0x88
#define ICLASS_CMD_SOF 0x0F
#define ICLASS_CMD_HALT 0x00
-#define iso14443_CMD_WUPA 0x52
-#define iso14443_CMD_SELECT 0x93
-#define iso14443_CMD_SELECT_2 0x95
-#define iso14443_CMD_SELECT_3 0x97
-#define iso14443_CMD_REQ 0x26
-#define iso14443_CMD_READBLOCK 0x30
-#define iso14443_CMD_WRITEBLOCK 0xA0
-#define iso14443_CMD_WRITE 0xA2
-#define iso14443_CMD_INC 0xC0
-#define iso14443_CMD_DEC 0xC1
-#define iso14443_CMD_RESTORE 0xC2
-#define iso14443_CMD_TRANSFER 0xB0
-#define iso14443_CMD_HALT 0x50
-#define iso14443_CMD_RATS 0xE0
-
-#define iso14443_CMD_AUTH_KEYA 0x60
-#define iso14443_CMD_AUTH_KEYB 0x61
-
-#define iso14443_CMD_AUTH_STEP1 0x1A
-#define iso14443_CMD_AUTH_STEP2 0xAA
-#define iso14443_CMD_AUTH_RESPONSE 0xAF
-
-#define CHINESE_BACKDOOR_INIT 0x40
-#define CHINESE_BACKDOOR_STEP2 0x43
+#define ISO14443_CMD_REQA 0x26
+#define ISO14443_CMD_READBLOCK 0x30
+#define ISO14443_CMD_WUPA 0x52
+#define ISO14443_CMD_ANTICOLL_OR_SELECT 0x93
+#define ISO14443_CMD_ANTICOLL_OR_SELECT_2 0x95
+#define ISO14443_CMD_WRITEBLOCK 0xA0 // or 0xA2 ?
+#define ISO14443_CMD_HALT 0x50
+#define ISO14443_CMD_RATS 0xE0
+
+#define MIFARE_AUTH_KEYA 0x60
+#define MIFARE_AUTH_KEYB 0x61
+#define MIFARE_MAGICMODE 0x40
+#define MIFARE_CMD_INC 0xC0
+#define MIFARE_CMD_DEC 0xC1
+#define MIFARE_CMD_RESTORE 0xC2
+#define MIFARE_CMD_TRANSFER 0xB0
+
+#define MIFARE_ULC_WRITE 0xA0
+#define MIFARE_ULC_AUTH_1 0x1A
+#define MIFARE_ULC_AUTH_2 0xAF
+
+#define ISO14443B_REQB 0x05
+#define ISO14443B_ATTRIB 0x1D
+#define ISO14443B_HALT 0x50
+
+//First byte is 26
+#define ISO15693_INVENTORY 0x01
+#define ISO15693_STAYQUIET 0x02
+//First byte is 02
+#define ISO15693_READBLOCK 0x20
+#define ISO15693_WRITEBLOCK 0x21
+#define ISO15693_LOCKBLOCK 0x22
+#define ISO15693_READ_MULTI_BLOCK 0x23
+#define ISO15693_SELECT 0x25
+#define ISO15693_RESET_TO_READY 0x26
+#define ISO15693_WRITE_AFI 0x27
+#define ISO15693_LOCK_AFI 0x28
+#define ISO15693_WRITE_DSFID 0x29
+#define ISO15693_LOCK_DSFID 0x2A
+#define ISO15693_GET_SYSTEM_INFO 0x2B
+#define ISO15693_READ_MULTI_SECSTATUS 0x2C
+
+
+
void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
switch(cmd[0])
{
- case iso14443_CMD_WUPA: snprintf(exp,size,"WUPA"); break;
- case iso14443_CMD_SELECT:{
- if(cmdsize > 2)
+ case ISO14443_CMD_WUPA: snprintf(exp,size,"WUPA"); break;
+ case ISO14443_CMD_ANTICOLL_OR_SELECT:{
+ // 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
+ // 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
+ if(cmd[2] == 0x70)
{
snprintf(exp,size,"SELECT_UID"); break;
}else
{
- snprintf(exp,size,"SELECT_ALL"); break;
+ snprintf(exp,size,"ANTICOLL"); break;
+ }
+ }
+ case ISO14443_CMD_ANTICOLL_OR_SELECT_2:{
+ //95 20 = Anticollision of cascade level2
+ //95 70 = Select of cascade level2
+ if(cmd[2] == 0x70)
+ {
+ snprintf(exp,size,"SELECT_UID-2"); break;
+ }else
+ {
+ snprintf(exp,size,"ANTICOLL-2"); break;
}
}
- case iso14443_CMD_SELECT_2: snprintf(exp,size,"SELECT_2"); break;
- case iso14443_CMD_REQ: snprintf(exp,size,"REW"); break;
- case iso14443_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
- case iso14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
- case iso14443_CMD_WRITE: snprintf(exp,size,"WRITE"); break;
- case iso14443_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break;
- case iso14443_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break;
- case iso14443_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
- case iso14443_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
- case iso14443_CMD_HALT: snprintf(exp,size,"HALT"); break;
- case iso14443_CMD_RATS: snprintf(exp,size,"RATS"); break;
-
- case iso14443_CMD_AUTH_KEYA: snprintf(exp,size,"AUTH KEY A"); break;
- case iso14443_CMD_AUTH_KEYB: snprintf(exp,size,"AUTH KEY B"); break;
- case iso14443_CMD_AUTH_STEP1: snprintf(exp,size,"AUTH REQ NONCE"); break;
- case iso14443_CMD_AUTH_STEP2: snprintf(exp,size,"AUTH STEP 2"); break;
- case iso14443_CMD_AUTH_RESPONSE: snprintf(exp,size,"AUTH RESPONSE"); break;
-
- case CHINESE_BACKDOOR_INIT: snprintf(exp,size,"BACKDOOR INIT");break;
- case CHINESE_BACKDOOR_STEP2: snprintf(exp,size,"BACKDOOR STEP2");break;
+ case ISO14443_CMD_REQA: snprintf(exp,size,"REQA"); break;
+ case ISO14443_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break;
+ case ISO14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break;
+ case ISO14443_CMD_HALT: snprintf(exp,size,"HALT"); break;
+ case ISO14443_CMD_RATS: snprintf(exp,size,"RATS"); break;
+ case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break;
+ case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break;
+ case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break;
+ case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break;
+ case MIFARE_AUTH_KEYA: snprintf(exp,size,"AUTH-A"); break;
+ case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B"); break;
+ case MIFARE_MAGICMODE: snprintf(exp,size,"MAGIC"); break;
default: snprintf(exp,size,"?"); break;
}
return;
void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
- if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ)
- {
- snprintf(exp,size,"READ(%d)",cmd[1]);
- return;
- }
-
switch(cmd[0])
{
case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break;
- case ICLASS_CMD_IDENTIFY: snprintf(exp,size,"IDENTIFY"); break;
+ case ICLASS_CMD_READ_OR_IDENTIFY:{
+ if(cmdsize > 1){
+ snprintf(exp,size,"READ(%d)",cmd[1]);
+ }else{
+ snprintf(exp,size,"IDENTIFY");
+ }
+ break;
+ }
case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break;
case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break;
case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break;
return;
}
+void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
+{
+
+ if(cmd[0] == 0x26)
+ {
+ switch(cmd[1]){
+ case ISO15693_INVENTORY :snprintf(exp, size, "INVENTORY");break;
+ case ISO15693_STAYQUIET :snprintf(exp, size, "STAY_QUIET");break;
+ default: snprintf(exp,size,"?"); break;
+
+ }
+ }else if(cmd[0] == 0x02)
+ {
+ switch(cmd[1])
+ {
+ case ISO15693_READBLOCK :snprintf(exp, size, "READBLOCK");break;
+ case ISO15693_WRITEBLOCK :snprintf(exp, size, "WRITEBLOCK");break;
+ case ISO15693_LOCKBLOCK :snprintf(exp, size, "LOCKBLOCK");break;
+ case ISO15693_READ_MULTI_BLOCK :snprintf(exp, size, "READ_MULTI_BLOCK");break;
+ case ISO15693_SELECT :snprintf(exp, size, "SELECT");break;
+ case ISO15693_RESET_TO_READY :snprintf(exp, size, "RESET_TO_READY");break;
+ case ISO15693_WRITE_AFI :snprintf(exp, size, "WRITE_AFI");break;
+ case ISO15693_LOCK_AFI :snprintf(exp, size, "LOCK_AFI");break;
+ case ISO15693_WRITE_DSFID :snprintf(exp, size, "WRITE_DSFID");break;
+ case ISO15693_LOCK_DSFID :snprintf(exp, size, "LOCK_DSFID");break;
+ case ISO15693_GET_SYSTEM_INFO :snprintf(exp, size, "GET_SYSTEM_INFO");break;
+ case ISO15693_READ_MULTI_SECSTATUS :snprintf(exp, size, "READ_MULTI_SECSTATUS");break;
+ default: snprintf(exp,size,"?"); break;
+ }
+ }
+}
uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool showWaitCycles)
{
return res & 1;
}
-#define ICLASS_CMD_ACTALL 0x0A
-#define ICLASS_CMD_IDENTIFY 0x0C
-#define ICLASS_CMD_READ 0x0C
-
-#define ICLASS_CMD_SELECT 0x81
-#define ICLASS_CMD_PAGESEL 0x84
-#define ICLASS_CMD_READCHECK 0x88
-#define ICLASS_CMD_CHECK 0x05
-#define ICLASS_CMD_SOF 0x0F
-#define ICLASS_CMD_HALT 0x00
-
-
-void explain(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
-{
-
- if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ)
- {
- snprintf(exp,size,"READ(%d)",cmd[1]);
- return;
- }
-
- switch(cmd[0])
- {
- case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break;
- case ICLASS_CMD_IDENTIFY: snprintf(exp,size,"IDENTIFY"); break;
- case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break;
- case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break;
- case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break;
- case ICLASS_CMD_CHECK: snprintf(exp,size,"CHECK"); break;
- case ICLASS_CMD_SOF: snprintf(exp,size,"SOF"); break;
- case ICLASS_CMD_HALT: snprintf(exp,size,"HALT"); break;
- default: snprintf(exp,size,"?"); break;
- }
- return;
-}
-
int CmdHFiClassList(const char *Cmd)
{
PrintAndLog("Deprecated command, use 'hf list iclass' instead");
uint8_t key_sel[8] = {0};
uint8_t key_sel_p[8] = { 0 };
- //HACK -- Below is for testing without access to a tag
- uint8_t fake_dummy_test = false;
- if(fake_dummy_test)
- {
- uint8_t xdata[16] = {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0, //CSN from http://www.proxmark.org/forum/viewtopic.php?pid=11230#p11230
- 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; // Just a random CC. Would be good to add a real testcase here
- memcpy(resp.d.asBytes,xdata, 16);
- resp.arg[0] = 2;
- }
-
- //End hack
-
-
UsbCommand c = {CMD_READER_ICLASS, {0}};
c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE| FLAG_ICLASS_READER_GET_CC;
- if(!fake_dummy_test)
SendCommand(&c);
- if (fake_dummy_test || WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
+ if (!WaitForResponseTimeout(CMD_ACK,&resp,4500))
+ {
+ PrintAndLog("Command execute timeout");
+ return 0;
+ }
+
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes;
{
PrintAndLog("CSN: %s",sprint_hex(CSN,8));
}
- if(isOK > 1)
- {
+ if(isOK <= 1){
+ PrintAndLog("Failed to obtain CC! Aborting");
+ return 0;
+ }
+ //Status 2 or higher
+
if(elite)
{
//Get the key index (hash1)
permutekey_rev(key_sel,key_sel_p);
used_key = key_sel_p;
}else{
- //Perhaps this should also be permuted to std format?
- // Something like the code below? I have no std system
- // to test this with /Martin
-
- //uint8_t key_sel_p[8] = { 0 };
- //permutekey_rev(KEY,key_sel_p);
- //used_key = key_sel_p;
-
used_key = KEY;
-
}
PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:");
doMAC(CCNR,12,div_key, MAC);
printvar("MAC", MAC, 4);
+ uint8_t iclass_data[32000] = {0};
+ uint8_t iclass_datalen = 0;
+ uint8_t iclass_blocksFailed = 0;//Set to 1 if dump was incomplete
+
UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
memcpy(d.d.asBytes, MAC, 4);
- if(!fake_dummy_test) SendCommand(&d);
+ clearCommandBuffer();
+ SendCommand(&d);
+ PrintAndLog("Waiting for device to dump data. Press button on device and key on keyboard to abort...");
+ while (true) {
+ printf(".");
+ if (ukbhit()) {
+ getchar();
+ printf("\naborted via keyboard!\n");
+ break;
+ }
+ if(WaitForResponseTimeout(CMD_ACK,&resp,4500))
+ {
+ uint64_t dataLength = resp.arg[0];
+ iclass_blocksFailed |= resp.arg[1];
+
+ if(dataLength > 0)
+ {
+ memcpy(iclass_data, resp.d.asBytes,dataLength);
+ iclass_datalen += dataLength;
+ }else
+ {//Last transfer, datalength 0 means the dump is finished
+ PrintAndLog("Dumped %d bytes of data from tag. ", iclass_datalen);
+ if(iclass_blocksFailed)
+ {
+ PrintAndLog("OBS! Some blocks failed to be dumped correctly!");
+ }
+ if(iclass_datalen > 0)
+ {
+ char filename[100] = {0};
+ //create a preferred filename
+ snprintf(filename, 100,"iclass_tagdump-%02x%02x%02x%02x%02x%02x%02x%02x",
+ CSN[0],CSN[1],CSN[2],CSN[3],
+ CSN[4],CSN[5],CSN[6],CSN[7]);
+ saveFile(filename,"bin",iclass_data, iclass_datalen );
+
+ }
+ //Aaaand we're finished
+ return 0;
+ }
+ }
+ }
- }else{
- PrintAndLog("Failed to obtain CC! Aborting");
- }
- } else {
- PrintAndLog("Command execute timeout");
- }
return 0;
}
projects / proxmark3-svn / commitdiff