include/hitag.h

   1 //-----------------------------------------------------------------------------
   2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
   3 //
   4 // This program is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // This program is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // See LICENSE.txt for the text of the license.
  15 //-----------------------------------------------------------------------------
  16 // Hitag 2, Hitag S
  17 //-----------------------------------------------------------------------------
  18
  19
  20 #ifndef HITAG_H__
  21 #define HITAG_H__
  22
  23 #include "common.h"
  24
  25 #define HITAG_NRAR_SIZE         8
  26 #define HITAG_CRYPTOKEY_SIZE    6
  27 #define HITAG_PASSWORD_SIZE     4
  28 #define HITAG_UID_SIZE          4
  29 #define HITAG_BLOCK_SIZE        4
  30
  31 #define HITAG2_MAX_BLOCKS       8
  32 #define HITAG2_MAX_BYTE_SIZE    (HITAG2_MAX_BLOCKS * HITAG_BLOCK_SIZE)
  33
  34 #define HITAGS_PAGE_SIZE        HITAG_BLOCK_SIZE
  35 #define HITAGS_BLOCK_PAGES      4
  36 #define HITAGS_BLOCK_SIZE       (HITAGS_BLOCK_PAGES * HITAGS_MAX_PAGES)
  37 #define HITAGS_MAX_PAGES        64
  38 #define HITAGS_MAX_BYTE_SIZE    (HITAGS_MAX_PAGES * HITAGS_PAGE_SIZE)
  39 #define HITAGS_UID_PADR         0
  40 #define HITAGS_CONFIG_PADR      1
  41
  42 // need to see which limits these cards has
  43 #define HITAG1_MAX_BYTE_SIZE    64
  44 #define HITAGU_MAX_BYTE_SIZE    64
  45 #define HITAG_MAX_BYTE_SIZE    (64 * HITAG_BLOCK_SIZE)
  46
  47 #define HITAG2_CONFIG_BLOCK     3
  48
  49 typedef enum {
  50     HTSF_PLAIN,
  51     HTSF_82xx,
  52     HTSF_CHALLENGE,
  53     HTSF_KEY,
  54     HTS_LAST_CMD              = HTSF_KEY,
  55
  56     HT1F_PLAIN,
  57     HT1F_AUTHENTICATE,
  58     HT1_LAST_CMD              = HT1F_AUTHENTICATE,
  59
  60     HT2F_PASSWORD,
  61     HT2F_AUTHENTICATE,
  62     HT2F_CRYPTO,
  63     HT2F_TEST_AUTH_ATTEMPTS,
  64     HT2F_UID_ONLY,
  65     HT2_LAST_CMD              = HT2F_UID_ONLY,
  66 } PACKED hitag_function;
  67
  68 //---------------------------------------------------------
  69 // Hitag S
  70 //---------------------------------------------------------
  71 // protocol-state
  72 typedef enum PROTO_STATE {
  73     HT_READY = 0,
  74     HT_INIT,
  75     HT_AUTHENTICATE,
  76     HT_SELECTED,
  77     HT_QUIET,
  78     HT_TTF,
  79     HT_FAIL
  80 } PSTATE;
  81
  82 typedef enum TAG_STATE {
  83     HT_NO_OP = 0,
  84     HT_READING_PAGE,
  85     HT_WRITING_PAGE_ACK,
  86     HT_WRITING_PAGE_DATA,
  87     HT_WRITING_BLOCK_DATA
  88 } TSATE;
  89
  90 typedef struct {
  91     // con0
  92     uint8_t MEMT : 2;
  93     bool    RES0 : 1;  // for 82xx. Enable somekind extended TTF mode in conjunction with TTFM
  94     bool    RES1 : 1;
  95     bool    RES2 : 1;
  96     bool    RES3 : 1;  // for 82xx. Enable TTF FSK mode  0=RF/10 1=RF/8
  97     bool    RES4 : 1;
  98     bool    RES5 : 1;
  99
 100     // con1
 101     bool    LKP : 1;    // 0 = page2/3 read write 1 =page2/3 read only in Plain mode and no access in authenticate mode
 102     bool    LCON : 1;   // 0 = con1/2 read write  1 =con1 read only and con2 OTP
 103     uint8_t TTFM : 2;   // the number of pages that are sent to the RWD
 104     uint8_t TTFDR : 2;  // data rate in TTF Mode
 105     bool    TTFC : 1;   // Transponder Talks first coding. 0 = Manchester 1 = Biphase
 106     bool    auth : 1;   // 0 = Plain 1 = Auth
 107     // con2
 108     // 0 = read write 1 = read only
 109     bool LCK0 : 1;  // page48-63
 110     bool LCK1 : 1;  // page32-47
 111     bool LCK2 : 1;  // page24-31
 112     bool LCK3 : 1;  // page16-23
 113     bool LCK4 : 1;  // page12-15
 114     bool LCK5 : 1;  // page8-11
 115     bool LCK6 : 1;  // page6/7
 116     bool LCK7 : 1;  // page4/5
 117     // reserved/pwdh0
 118     uint8_t pwdh0;
 119 } PACKED hitags_config_t;
 120
 121 struct hitagS_tag {
 122     PSTATE   pstate;  // protocol-state
 123     TSATE    tstate;    // tag-state
 124
 125     int      max_page;
 126
 127     union {
 128         uint8_t pages[64][4];
 129         struct {
 130             // page 0
 131             uint32_t uid_le;
 132
 133             hitags_config_t config;
 134
 135             // page 2
 136             uint8_t  pwdl0;
 137             uint8_t  pwdl1;
 138             uint64_t key : 48;    // fixme: unaligned access
 139
 140             // page 4
 141         } s;
 142     } data;
 143
 144 } PACKED;
 145
 146 typedef struct {
 147     hitag_function cmd;
 148     uint8_t page;
 149     uint8_t page_count;
 150     uint8_t data[HITAGS_PAGE_SIZE];
 151     uint8_t NrAr[HITAG_NRAR_SIZE];
 152     // unaligned access to key as uint64_t will abort.
 153     // todo: Why does the compiler without -munaligned-access generate unaligned-access code in the first place?
 154     uint8_t key[HITAG_CRYPTOKEY_SIZE] __attribute__((aligned(4)));
 155     uint8_t pwd[HITAG_PASSWORD_SIZE];
 156
 157     // Hitag 1 section.
 158     // will reuse pwd or key field.
 159     uint8_t key_no;
 160     uint8_t logdata_0[4];
 161     uint8_t logdata_1[4];
 162     uint8_t nonce[4];
 163
 164     //Hitag s section
 165     uint8_t mode;
 166 } PACKED lf_hitag_data_t;
 167
 168 typedef struct {
 169     int status;
 170     uint8_t data[256];
 171 } PACKED lf_hitag_crack_response_t;
 172
 173 typedef struct {
 174     union {
 175         uint8_t asBytes[HITAGS_PAGE_SIZE];
 176         hitags_config_t s;
 177     } config_page;
 178     int8_t  pages_reason[HITAGS_MAX_PAGES];
 179     uint8_t pages[HITAGS_MAX_PAGES][HITAGS_PAGE_SIZE];
 180 } PACKED lf_hts_read_response_t;
 181 #endif