From 4df54240c1350a946b86983eb6785af03046b5bd Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Wed, 7 Jan 2015 21:14:32 +0100 Subject: [PATCH] Added some more protocol support to the list annotation. Based on http://www.proxmark.org/forum/viewtopic.php?pid=13541#p13541 --- client/cmdhf.c | 238 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 201 insertions(+), 37 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 550f8e86..2da4c2d9 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -34,9 +34,97 @@ int CmdHFTune(const char *Cmd) // for the time being. Need better Bigbuf handling. #define TRACE_SIZE 3000 +//The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501 +/* +ISO14443A (usually NFC tags) + 26 (7bits) = REQA + 30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes) + A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK]) + 52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA) + 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) + 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK) + 95 20 = Anticollision of cascade level2 + 95 70 = Select of cascade level2 + 50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card) +Mifare + 60 = Authenticate with KeyA + 61 = Authenticate with KeyB + 40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A) + C0 = Decrement + C1 = Increment + C2 = Restore + B0 = Transfer +Ultralight C + A0 = Compatibility Write (to accomodate MIFARE commands) + 1A = Step1 Authenticate + AF = Step2 Authenticate + + +ISO14443B + 05 = REQB + 1D = ATTRIB + 50 = HALT +SRIX4K (tag does not respond to 05) + 06 00 = INITIATE + 0E xx = SELECT ID (xx = Chip-ID) + 0B = Get UID + 08 yy = Read Block (yy = block number) + 09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written) + 0C = Reset to Inventory + 0F = Completion + 0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate) + + +ISO15693 + MANDATORY COMMANDS (all ISO15693 tags must support those) + 01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes) + 02 = Stay Quiet + OPTIONAL COMMANDS (not all tags support them) + 20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes) + 21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes) + 22 = Lock Block + 23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC) + 25 = Select + 26 = Reset to Ready + 27 = Write AFI + 28 = Lock AFI + 29 = Write DSFID + 2A = Lock DSFID + 2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes) + 2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC) + +EM Microelectronic CUSTOM COMMANDS + A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type) + A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value) + B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info) + E4 = Login (followed by 1byte IC Manufacturer code+4bytes password) +NXP/Philips CUSTOM COMMANDS + A0 = Inventory Read + A1 = Fast Inventory Read + A2 = Set EAS + A3 = Reset EAS + A4 = Lock EAS + A5 = EAS Alarm + A6 = Password Protect EAS + A7 = Write EAS ID + A8 = Read EPC + B0 = Inventory Page Read + B1 = Fast Inventory Page Read + B2 = Get Random Number + B3 = Set Password + B4 = Write Password + B5 = Lock Password + B6 = Bit Password Protection + B7 = Lock Page Protection Condition + B8 = Get Multiple Block Protection Status + B9 = Destroy SLI + BA = Enable Privacy + BB = 64bit Password Protection + 40 = Long Range CMD (Standard ISO/TR7003:1990) + */ + #define ICLASS_CMD_ACTALL 0x0A -#define ICLASS_CMD_IDENTIFY 0x0C -#define ICLASS_CMD_READ 0x0C +#define ICLASS_CMD_READ_OR_IDENTIFY 0x0C #define ICLASS_CMD_SELECT 0x81 #define ICLASS_CMD_PAGESEL 0x84 #define ICLASS_CMD_READCHECK 0x88 @@ -44,62 +132,108 @@ int CmdHFTune(const char *Cmd) #define ICLASS_CMD_SOF 0x0F #define ICLASS_CMD_HALT 0x00 -#define iso14443_CMD_WUPA 0x52 -#define iso14443_CMD_SELECT 0x93 -#define iso14443_CMD_SELECT_2 0x95 -#define iso14443_CMD_REQ 0x26 -#define iso14443_CMD_READBLOCK 0x30 -#define iso14443_CMD_WRITEBLOCK 0xA0 -#define iso14443_CMD_INC 0xC0 -#define iso14443_CMD_DEC 0xC1 -#define iso14443_CMD_RESTORE 0xC2 -#define iso14443_CMD_TRANSFER 0xB0 -#define iso14443_CMD_HALT 0x50 -#define iso14443_CMD_RATS 0xE0 +#define ISO14443_CMD_REQA 0x26 +#define ISO14443_CMD_READBLOCK 0x30 +#define ISO14443_CMD_WUPA 0x52 +#define ISO14443_CMD_ANTICOLL_OR_SELECT 0x93 +#define ISO14443_CMD_ANTICOLL_OR_SELECT_2 0x95 +#define ISO14443_CMD_WRITEBLOCK 0xA0 // or 0xA2 ? +#define ISO14443_CMD_HALT 0x50 +#define ISO14443_CMD_RATS 0xE0 + +#define MIFARE_AUTH_KEYA 0x60 +#define MIFARE_AUTH_KEYB 0x61 +#define MIFARE_MAGICMODE 0x40 +#define MIFARE_CMD_INC 0xC0 +#define MIFARE_CMD_DEC 0xC1 +#define MIFARE_CMD_RESTORE 0xC2 +#define MIFARE_CMD_TRANSFER 0xB0 + +#define MIFARE_ULC_WRITE 0xA0 +#define MIFARE_ULC_AUTH_1 0x1A +#define MIFARE_ULC_AUTH_2 0xAF + +#define ISO14443B_REQB 0x05 +#define ISO14443B_ATTRIB 0x1D +#define ISO14443B_HALT 0x50 + +//First byte is 26 +#define ISO15693_INVENTORY 0x01 +#define ISO15693_STAYQUIET 0x02 +//First byte is 02 +#define ISO15693_READBLOCK 0x20 +#define ISO15693_WRITEBLOCK 0x21 +#define ISO15693_LOCKBLOCK 0x22 +#define ISO15693_READ_MULTI_BLOCK 0x23 +#define ISO15693_SELECT 0x25 +#define ISO15693_RESET_TO_READY 0x26 +#define ISO15693_WRITE_AFI 0x27 +#define ISO15693_LOCK_AFI 0x28 +#define ISO15693_WRITE_DSFID 0x29 +#define ISO15693_LOCK_DSFID 0x2A +#define ISO15693_GET_SYSTEM_INFO 0x2B +#define ISO15693_READ_MULTI_SECSTATUS 0x2C + + void annotateIso14443a(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { switch(cmd[0]) { - case iso14443_CMD_WUPA: snprintf(exp,size,"WUPA"); break; - case iso14443_CMD_SELECT:{ - if(cmdsize > 2) + case ISO14443_CMD_WUPA: snprintf(exp,size,"WUPA"); break; + case ISO14443_CMD_ANTICOLL_OR_SELECT:{ + // 93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor) + // 93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK) + if(cmd[2] == 0x70) { snprintf(exp,size,"SELECT_UID"); break; }else { - snprintf(exp,size,"SELECT_ALL"); break; + snprintf(exp,size,"ANTICOLL"); break; + } + } + case ISO14443_CMD_ANTICOLL_OR_SELECT_2:{ + //95 20 = Anticollision of cascade level2 + //95 70 = Select of cascade level2 + if(cmd[2] == 0x70) + { + snprintf(exp,size,"SELECT_UID-2"); break; + }else + { + snprintf(exp,size,"ANTICOLL-2"); break; } } - case iso14443_CMD_SELECT_2: snprintf(exp,size,"SELECT_2"); break; - case iso14443_CMD_REQ: snprintf(exp,size,"REW"); break; - case iso14443_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; - case iso14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; - case iso14443_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; - case iso14443_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; - case iso14443_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; - case iso14443_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; - case iso14443_CMD_HALT: snprintf(exp,size,"HALT"); break; - case iso14443_CMD_RATS: snprintf(exp,size,"RATS"); break; - default: snprintf(exp,size,"?"); break; + case ISO14443_CMD_REQA: snprintf(exp,size,"REQA"); break; + case ISO14443_CMD_READBLOCK: snprintf(exp,size,"READBLOCK(%d)",cmd[1]); break; + case ISO14443_CMD_WRITEBLOCK: snprintf(exp,size,"WRITEBLOCK(%d)",cmd[1]); break; + case ISO14443_CMD_HALT: snprintf(exp,size,"HALT"); break; + case ISO14443_CMD_RATS: snprintf(exp,size,"RATS"); break; + case MIFARE_CMD_INC: snprintf(exp,size,"INC(%d)",cmd[1]); break; + case MIFARE_CMD_DEC: snprintf(exp,size,"DEC(%d)",cmd[1]); break; + case MIFARE_CMD_RESTORE: snprintf(exp,size,"RESTORE(%d)",cmd[1]); break; + case MIFARE_CMD_TRANSFER: snprintf(exp,size,"TRANSFER(%d)",cmd[1]); break; + case MIFARE_AUTH_KEYA: snprintf(exp,size,"AUTH-A"); break; + case MIFARE_AUTH_KEYB: snprintf(exp,size,"AUTH-B"); break; + case MIFARE_MAGICMODE: snprintf(exp,size,"MAGIC"); break; + default: snprintf(exp,size,"?"); break; } return; } void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) { - - if(cmdsize > 1 && cmd[0] == ICLASS_CMD_READ) - { - snprintf(exp,size,"READ(%d)",cmd[1]); - return; - } - switch(cmd[0]) { case ICLASS_CMD_ACTALL: snprintf(exp,size,"ACTALL"); break; - case ICLASS_CMD_IDENTIFY: snprintf(exp,size,"IDENTIFY"); break; + case ICLASS_CMD_READ_OR_IDENTIFY:{ + if(cmdsize > 1){ + snprintf(exp,size,"READ(%d)",cmd[1]); + }else{ + snprintf(exp,size,"IDENTIFY"); + } + break; + } case ICLASS_CMD_SELECT: snprintf(exp,size,"SELECT"); break; case ICLASS_CMD_PAGESEL: snprintf(exp,size,"PAGESEL"); break; case ICLASS_CMD_READCHECK: snprintf(exp,size,"READCHECK"); break; @@ -111,7 +245,37 @@ void annotateIclass(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) return; } +void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize) +{ + + if(cmd[0] == 0x26) + { + switch(cmd[1]){ + case ISO15693_INVENTORY :snprintf(exp, size, "INVENTORY");break; + case ISO15693_STAYQUIET :snprintf(exp, size, "STAY_QUIET");break; + default: snprintf(exp,size,"?"); break; + } + }else if(cmd[0] == 0x02) + { + switch(cmd[1]) + { + case ISO15693_READBLOCK :snprintf(exp, size, "READBLOCK");break; + case ISO15693_WRITEBLOCK :snprintf(exp, size, "WRITEBLOCK");break; + case ISO15693_LOCKBLOCK :snprintf(exp, size, "LOCKBLOCK");break; + case ISO15693_READ_MULTI_BLOCK :snprintf(exp, size, "READ_MULTI_BLOCK");break; + case ISO15693_SELECT :snprintf(exp, size, "SELECT");break; + case ISO15693_RESET_TO_READY :snprintf(exp, size, "RESET_TO_READY");break; + case ISO15693_WRITE_AFI :snprintf(exp, size, "WRITE_AFI");break; + case ISO15693_LOCK_AFI :snprintf(exp, size, "LOCK_AFI");break; + case ISO15693_WRITE_DSFID :snprintf(exp, size, "WRITE_DSFID");break; + case ISO15693_LOCK_DSFID :snprintf(exp, size, "LOCK_DSFID");break; + case ISO15693_GET_SYSTEM_INFO :snprintf(exp, size, "GET_SYSTEM_INFO");break; + case ISO15693_READ_MULTI_SECSTATUS :snprintf(exp, size, "READ_MULTI_SECSTATUS");break; + default: snprintf(exp,size,"?"); break; + } + } +} uint16_t printTraceLine(uint16_t tracepos, uint8_t* trace, bool iclass, bool showWaitCycles) { -- 2.39.5