return FALSE;\r
}\r
\r
-static void GetSamplesFor14443Demod(BOOL weTx, int n)\r
+static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet)\r
{\r
int max = 0;\r
BOOL gotFrame = FALSE;\r
}\r
}\r
PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE;\r
- DbpIntegers(max, gotFrame, -1);\r
+ if (!quiet) DbpIntegers(max, gotFrame, Demod.len);\r
}\r
\r
//-----------------------------------------------------------------------------\r
\r
//-----------------------------------------------------------------------------\r
// Read an ISO 14443 tag. We send it some set of commands, and record the\r
-// responses.\r
+// responses.
+// The command name is misleading, it actually decodes the reponse in HEX
+// into the output buffer (read the result using hexsamples, not hisamples)\r
//-----------------------------------------------------------------------------\r
void AcquireRawAdcSamplesIso14443(DWORD parameter)\r
{\r
-// BYTE cmd1[] = { 0x05, 0x00, 0x00, 0x71, 0xff };\r
BYTE cmd1[] = { 0x05, 0x00, 0x08, 0x39, 0x73 };\r
\r
// Make sure that we start from off, since the tags are stateful;\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
LED_A_ON();\r
- GetSamplesFor14443Demod(TRUE, 2000);\r
+ GetSamplesFor14443Demod(TRUE, 2000, FALSE);\r
LED_A_OFF();\r
}\r
+
+//-----------------------------------------------------------------------------\r
+// Read a SRI512 ISO 14443 tag.\r
+//
+// SRI512 tags are just simple memory tags, here we're looking at making a dump
+// of the contents of the memory. No anticollision algorithm is done, we assume
+// we have a single tag in the field.
+//
+// I tried to be systematic and check every answer of the tag, every CRC, etc...\r
+//-----------------------------------------------------------------------------\r
+void ReadSRI512Iso14443(DWORD parameter)\r
+{\r
+ BYTE i = 0x00;
+\r
+ // Make sure that we start from off, since the tags are stateful;\r
+ // confusing things will happen if we don't reset them between reads.\r
+ LED_D_OFF();\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ SpinDelay(200);\r
+\r
+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
+ FpgaSetupSsc();\r
+\r
+ // Now give it time to spin up.\r
+ FpgaWriteConfWord(\r
+ FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
+ SpinDelay(200);\r
+
+ // First command: wake up the tag using the INITIATE command\r
+ BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b};\r
+ CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
+ TransmitFor14443();\r
+ LED_A_ON();\r
+ GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
+ LED_A_OFF();\r
+
+ if (Demod.len == 0) {
+ DbpString("No response from tag");
+ return;
+ } else {
+ DbpString("Randomly generated UID from tag (+ 2 byte CRC):");
+ DbpIntegers(Demod.output[0], Demod.output[1],Demod.output[2]);
+ }
+ // There is a response, SELECT the uid
+ DbpString("Now SELECT tag:");
+ cmd1[0] = 0x0E; // 0x0E is SELECT
+ cmd1[1] = Demod.output[0];
+ ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
+ CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
+ TransmitFor14443();\r
+ LED_A_ON();\r
+ GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
+ LED_A_OFF();\r
+ if (Demod.len != 3) {
+ DbpString("Expected 3 bytes from tag, got:");
+ DbpIntegers(Demod.len,0x0,0x0);
+ return;
+ }
+ // Check the CRC of the answer:
+ ComputeCrc14443(CRC_14443_B, Demod.output, 1 , &cmd1[2], &cmd1[3]);\r
+ if(cmd1[2] != Demod.output[1] || cmd1[3] != Demod.output[2]) {\r
+ DbpString("CRC Error reading select response.");
+ return;
+ }
+ // Check response from the tag: should be the same UID as the command we just sent:
+ if (cmd1[1] != Demod.output[0]) {
+ DbpString("Bad response to SELECT from Tag, aborting:");
+ DbpIntegers(cmd1[1],Demod.output[0],0x0);
+ return;
+ }
+ // Tag is now selected,
+ // loop to read all 16 blocks, address from 0 to 15
+ DbpString("Tag memory dump, block 0 to 15");
+ cmd1[0] = 0x08;
+ i = 0x00;
+ for (;;) {
+ if (i == 0x10) {
+ DbpString("System area block (0xff):");
+ i = 0xff;
+ }
+ cmd1[1] = i;
+ ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
+ CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
+ TransmitFor14443();\r
+ LED_A_ON();\r
+ GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
+ LED_A_OFF();
+ if (Demod.len != 6) { // Check if we got an answer from the tag
+ DbpString("Expected 6 bytes from tag, got less...");
+ return;
+ }
+ // The check the CRC of the answer (use cmd1 as temporary variable):
+ ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]);\r
+ if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) {\r
+ DbpString("CRC Error reading block! - Below: expected, got, 0x0: ");
+ DbpIntegers( (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5],0);
+ // Do not return;, let's go on... (we should retry, maybe ?)
+ }
+ // Now print out the memory location:
+ DbpString("Address , Contents, CRC");
+ DbpIntegers(i, (Demod.output[0]<<24) + (Demod.output[1]<<16) + (Demod.output[2]<<8) + Demod.output[3], (Demod.output[4]<<8)+Demod.output[5]);
+ if (i == 0xff) {
+ break;
+ }
+ i++;
+ }
+}\r
+
\r
//=============================================================================\r
// Finally, the `sniffer' combines elements from both the reader and\r
c.ext1 = atoi(str);\r
SendCommand(&c, FALSE);\r
}\r
+
+
+/* New command to read the contents of a SRI512 tag
+ * SRI512 tags are ISO14443-B modulated memory tags,
+ * this command just dumps the contents of the memory/
+ */
+static void CmdSri512read(char *str)
+{
+ UsbCommand c;\r
+ c.cmd = CMD_READ_SRI512_TAG;\r
+ c.ext1 = atoi(str);\r
+ SendCommand(&c, FALSE);
+}
\r
// ## New command\r
static void CmdHi14areader(char *str)\r
}\r
-\r
typedef void HandlerFunction(char *cmdline);\r
\r
static struct {\r
- char *name;\r
- HandlerFunction *handler;\r
- char *docString;\r
+ char *name;\r
+ HandlerFunction *handler;\r
+ int offline; // 1 if the command can be used when in offline mode\r
+ char *docString;
} CommandTable[] = {\r
- "tune", CmdTune, "measure antenna tuning",\r
- "tiread", CmdTiread, "read a TI-type 134 kHz tag",\r
- "tibits", CmdTibits, "get raw bits for TI-type LF tag",\r
- "tidemod", CmdTidemod, "demod raw bits for TI-type LF tag",\r
- "vchdemod", CmdVchdemod, "demod samples for VeriChip",\r
- "plot", CmdPlot, "show graph window",\r
- "hide", CmdHide, "hide graph window",\r
- "losim", CmdLosim, "simulate LF tag",\r
- "loread", CmdLoread, "read (125/134 kHz) LF ID-only tag",\r
- "losamples", CmdLosamples, "get raw samples for LF tag",\r
- "hisamples", CmdHisamples, "get raw samples for HF tag",\r
- "hisampless", CmdHisampless, "get signed raw samples, HF tag",\r
- "hisamplest", CmdHi14readt, "get samples HF, for testing",\r
- "higet", CmdHi14read_sim, "get samples HF, 'analog'",\r
- "bitsamples", CmdBitsamples, "get raw samples as bitstring",\r
- "hexsamples", CmdHexsamples, "dump big buffer as hex bytes",\r
- "hi15read", CmdHi15read, "read HF tag (ISO 15693)",\r
- "hi15reader", CmdHi15reader, "act like an ISO15693 reader", // new command greg\r
- "hi15sim", CmdHi15tag, "fake an ISO15693 tag", // new command greg\r
- "hi14read", CmdHi14read, "read HF tag (ISO 14443)",\r
- "hi14areader", CmdHi14areader, "act like an ISO14443 Type A reader", // ## New reader command\r
- "hi15demod", CmdHi15demod, "demod ISO15693 from tag",\r
- "hi14bdemod", CmdHi14bdemod, "demod ISO14443 Type B from tag",\r
- "autocorr", CmdAutoCorr, "autocorrelation over window",\r
- "norm", CmdNorm, "normalize max/min to +/-500",\r
- "dec", CmdDec, "decimate",\r
- "hpf", CmdHpf, "remove DC offset from trace",\r
- "zerocrossings", CmdZerocrossings, "count time between zero-crossings",\r
- "ltrim", CmdLtrim, "trim from left of trace",\r
- "scale", CmdScale, "set cursor display scale",\r
- "flexdemod", CmdFlexdemod, "demod samples for FlexPass",\r
- "indalademod", CmdIndalademod, "demod samples for Indala",\r
- "save", CmdSave, "save trace (from graph window)",\r
- "load", CmdLoad, "load trace (to graph window",\r
- "hisimlisten", CmdHisimlisten, "get HF samples as fake tag",\r
- "hi14sim", CmdHi14sim, "fake ISO 14443 tag",\r
- "hi14asim", CmdHi14asim, "fake ISO 14443a tag", // ## Simulate 14443a tag\r
- "hi14snoop", CmdHi14snoop, "eavesdrop ISO 14443",\r
- "hi14asnoop", CmdHi14asnoop, "eavesdrop ISO 14443 Type A", // ## New snoop command\r
- "hi14list", CmdHi14list, "list ISO 14443 history",\r
- "hi14alist", CmdHi14alist, "list ISO 14443a history", // ## New list command\r
- "hiddemod", CmdHiddemod, "HID Prox Card II (not optimal)",\r
- "hidfskdemod", CmdHIDdemodFSK, "HID FSK demodulator",\r
- "askdemod", Cmdaskdemod, "Attempt to demodulate simple ASK tags",
- "hidsimtag", CmdHIDsimTAG, "HID tag simulator",
- "mandemod", Cmdmanchesterdemod, "Try a Manchester demodulation on a binary stream",
- "fpgaoff", CmdFPGAOff, "set FPGA off", // ## FPGA Control\r
- "lcdreset", CmdLcdReset, "Hardware reset LCD",\r
- "lcd", CmdLcd, "Send command/data to LCD",\r
- "test", CmdTest, "Placeholder command for testing new code",\r
- "setlfdivisor", CmdSetDivisor, "Drive LF antenna at 12Mhz/(divisor+1)",\r
- "sweeplf", CmdSweepLF, "Sweep through LF freq range and store results in buffer",\r
- "quit", CmdQuit, "quit program"\r
+ "tune", CmdTune,0, "measure antenna tuning",\r
+ "tiread", CmdTiread,0, "read a TI-type 134 kHz tag",\r
+ "tibits", CmdTibits,0, "get raw bits for TI-type LF tag",\r
+ "tidemod", CmdTidemod,0, "demod raw bits for TI-type LF tag",\r
+ "vchdemod", CmdVchdemod,0, "demod samples for VeriChip",\r
+ "plot", CmdPlot,1, "show graph window",\r
+ "hide", CmdHide,1, "hide graph window",\r
+ "losim", CmdLosim,0, "simulate LF tag",\r
+ "loread", CmdLoread,0, "read (125/134 kHz) LF ID-only tag",\r
+ "losamples", CmdLosamples,0, "get raw samples for LF tag",\r
+ "hisamples", CmdHisamples,0, "get raw samples for HF tag",\r
+ "hisampless", CmdHisampless,0, "get signed raw samples, HF tag",\r
+ "hisamplest", CmdHi14readt,0, "get samples HF, for testing",\r
+ "higet", CmdHi14read_sim,0, "get samples HF, 'analog'",\r
+ "bitsamples", CmdBitsamples,0, "get raw samples as bitstring",\r
+ "hexsamples", CmdHexsamples,0, "dump big buffer as hex bytes",\r
+ "hi15read", CmdHi15read,0, "read HF tag (ISO 15693)",\r
+ "hi15reader", CmdHi15reader,0, "act like an ISO15693 reader", // new command greg\r
+ "hi15sim", CmdHi15tag,0, "fake an ISO15693 tag", // new command greg\r
+ "hi14read", CmdHi14read,0, "read HF tag (ISO 14443)",\r
+ "sri512read", CmdSri512read,0, "Read contents of a SRI512 tag",\r
+ "hi14areader", CmdHi14areader,0, "act like an ISO14443 Type A reader", // ## New reader command\r
+ "hi15demod", CmdHi15demod,1, "demod ISO15693 from tag",\r
+ "hi14bdemod", CmdHi14bdemod,1, "demod ISO14443 Type B from tag",\r
+ "autocorr", CmdAutoCorr,1, "autocorrelation over window",\r
+ "norm", CmdNorm,1, "normalize max/min to +/-500",\r
+ "dec", CmdDec,1, "decimate",\r
+ "hpf", CmdHpf,1, "remove DC offset from trace",\r
+ "zerocrossings", CmdZerocrossings,1, "count time between zero-crossings",\r
+ "ltrim", CmdLtrim,1, "trim from left of trace",\r
+ "scale", CmdScale,1, "set cursor display scale",\r
+ "flexdemod", CmdFlexdemod,1, "demod samples for FlexPass",\r
+ "save", CmdSave,1, "save trace (from graph window)",\r
+ "load", CmdLoad,1, "load trace (to graph window",\r
+ "hisimlisten", CmdHisimlisten,0, "get HF samples as fake tag",\r
+ "hi14sim", CmdHi14sim,0, "fake ISO 14443 tag",\r
+ "hi14asim", CmdHi14asim,0, "fake ISO 14443a tag", // ## Simulate 14443a tag\r
+ "hi14snoop", CmdHi14snoop,0, "eavesdrop ISO 14443",\r
+ "hi14asnoop", CmdHi14asnoop,0, "eavesdrop ISO 14443 Type A", // ## New snoop command\r
+ "hi14list", CmdHi14list,0, "list ISO 14443 history",\r
+ "hi14alist", CmdHi14alist,0, "list ISO 14443a history", // ## New list command\r
+ "hiddemod", CmdHiddemod,1, "HID Prox Card II (not optimal)",\r
+ "hidfskdemod", CmdHIDdemodFSK,0, "HID FSK demodulator",\r
+ "askdemod", Cmdaskdemod,1, "Attempt to demodulate simple ASK tags",\r
+ "hidsimtag", CmdHIDsimTAG,0, "HID tag simulator",\r
+ "mandemod", Cmdmanchesterdemod,1, "Try a Manchester demodulation on a binary stream",\r
+ "fpgaoff", CmdFPGAOff,0, "set FPGA off", // ## FPGA Control\r
+ "lcdreset", CmdLcdReset,0, "Hardware reset LCD",\r
+ "lcd", CmdLcd,0, "Send command/data to LCD",\r
+ "setlfdivisor", CmdSetDivisor,0, "Drive LF antenna at 12Mhz/(divisor+1)",\r
+ "sweeplf", CmdSweepLF,0, "Sweep through LF freq range and store results in buffer",\r
+ "quit", CmdQuit,0, "quit program"\r
};\r
\r
+\r
//-----------------------------------------------------------------------------\r
// Entry point into our code: called whenever the user types a command and\r
// then presses Enter, which the full command line that they typed.\r
projects / proxmark3-svn / commitdiff