search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix coverity CID 344485, 344482, 344481
[RRG-proxmark3.git] / include / pm3_cmd.h
blobed96c84674e98b01924d04300c90d7040797d0c9
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, Mar 2006
3 // Edits by Gerhard de Koning Gans, Sep 2007
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // Definitions for all the types of commands that may be sent over USB; our
10 // own protocol.
11 //-----------------------------------------------------------------------------
12
13 #ifndef __PM3_CMD_H
14 #define __PM3_CMD_H
15
16 #include "common.h"
17
18 // Use it e.g. when using slow links such as BT
19 #define USART_SLOW_LINK
20
21 #define PM3_CMD_DATA_SIZE 512
22 #define PM3_CMD_DATA_SIZE_MIX ( PM3_CMD_DATA_SIZE - 3 * sizeof(uint64_t) )
23
24 typedef struct {
25 uint64_t cmd;
26 uint64_t arg[3];
27 union {
28 uint8_t asBytes[PM3_CMD_DATA_SIZE];
29 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
30 } d;
31 } PACKED PacketCommandOLD;
32
33 typedef struct {
34 uint32_t magic;
35 uint16_t length : 15; // length of the variable part, 0 if none.
36 bool ng : 1;
37 uint16_t cmd;
38 } PACKED PacketCommandNGPreamble;
39
40 #define COMMANDNG_PREAMBLE_MAGIC 0x61334d50 // PM3a
41 #define COMMANDNG_POSTAMBLE_MAGIC 0x3361 // a3
42
43 typedef struct {
44 uint16_t crc;
45 } PACKED PacketCommandNGPostamble;
46
47 // For internal usage
48 typedef struct {
49 uint16_t cmd;
50 uint16_t length;
51 uint32_t magic; // NG
52 uint16_t crc; // NG
53 uint64_t oldarg[3]; // OLD
54 union {
55 uint8_t asBytes[PM3_CMD_DATA_SIZE];
56 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
57 } data;
58 bool ng; // does it store NG data or OLD data?
59 } PacketCommandNG;
60
61 // For reception and CRC check
62 typedef struct {
63 PacketCommandNGPreamble pre;
64 uint8_t data[PM3_CMD_DATA_SIZE];
65 PacketCommandNGPostamble foopost; // Probably not at that offset!
66 } PACKED PacketCommandNGRaw;
67
68 typedef struct {
69 uint64_t cmd;
70 uint64_t arg[3];
71 union {
72 uint8_t asBytes[PM3_CMD_DATA_SIZE];
73 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
74 } d;
75 } PACKED PacketResponseOLD;
76
77 typedef struct {
78 uint32_t magic;
79 uint16_t length : 15; // length of the variable part, 0 if none.
80 bool ng : 1;
81 int16_t status;
82 uint16_t cmd;
83 } PACKED PacketResponseNGPreamble;
84
85 #define RESPONSENG_PREAMBLE_MAGIC 0x62334d50 // PM3b
86 #define RESPONSENG_POSTAMBLE_MAGIC 0x3362 // b3
87
88 typedef struct {
89 uint16_t crc;
90 } PACKED PacketResponseNGPostamble;
91
92 // For internal usage
93 typedef struct {
94 uint16_t cmd;
95 uint16_t length;
96 uint32_t magic; // NG
97 int16_t status; // NG
98 uint16_t crc; // NG
99 uint64_t oldarg[3]; // OLD
100 union {
101 uint8_t asBytes[PM3_CMD_DATA_SIZE];
102 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
103 } data;
104 bool ng; // does it store NG data or OLD data?
105 } PacketResponseNG;
106
107 // For reception and CRC check
108 typedef struct {
109 PacketResponseNGPreamble pre;
110 uint8_t data[PM3_CMD_DATA_SIZE];
111 PacketResponseNGPostamble foopost; // Probably not at that offset!
112 } PACKED PacketResponseNGRaw;
113
114 // A struct used to send sample-configs over USB
115 typedef struct {
116 int8_t decimation;
117 int8_t bits_per_sample;
118 int8_t averaging;
119 int16_t divisor;
120 int16_t trigger_threshold;
121 int32_t samples_to_skip;
122 bool verbose;
123 } PACKED sample_config;
124
125 // A struct used to send hf14a-configs over USB
126 typedef struct {
127 int8_t forceanticol; // 0:auto 1:force executing anticol 2:force skipping anticol
128 int8_t forcebcc; // 0:expect valid BCC 1:force using computed BCC 2:force using card BCC
129 int8_t forcecl2; // 0:auto 1:force executing CL2 2:force skipping CL2
130 int8_t forcecl3; // 0:auto 1:force executing CL3 2:force skipping CL3
131 int8_t forcerats; // 0:auto 1:force executing RATS 2:force skipping RATS
132 } PACKED hf14a_config;
133
134 // Tracelog Header struct
135 typedef struct {
136 uint32_t timestamp;
137 uint16_t duration;
138 uint16_t data_len : 15;
139 bool isResponse : 1;
140 uint8_t frame[];
141 // data_len bytes of data
142 // ceil(data_len/8) bytes of parity
143 } PACKED tracelog_hdr_t;
144
145 #define TRACELOG_HDR_LEN sizeof(tracelog_hdr_t)
146 #define TRACELOG_PARITY_LEN(x) (((x)->data_len - 1) / 8 + 1)
147
148 // T55XX - Extended to support 1 of 4 timing
149 typedef struct {
150 uint16_t start_gap;
151 uint16_t write_gap;
152 uint16_t write_0;
153 uint16_t write_1;
154 uint16_t read_gap;
155 uint16_t write_2;
156 uint16_t write_3;
157 } t55xx_config_t;
158
159 // T55XX - This setup will allow for the 4 downlink modes "m" as well as other items if needed.
160 // Given the one struct we can then read/write to flash/client in one go.
161 typedef struct {
162 t55xx_config_t m[4]; // mode
163 } t55xx_configurations_t;
164
165
166 // Capabilities struct to keep track of what functions was compiled in the device firmware
167 typedef struct {
168 uint8_t version;
169 uint32_t baudrate;
170 uint32_t bigbuf_size;
171 bool via_fpc : 1;
172 bool via_usb : 1;
173 // rdv4
174 bool compiled_with_flash : 1;
175 bool compiled_with_smartcard : 1;
176 bool compiled_with_fpc_usart : 1;
177 bool compiled_with_fpc_usart_dev : 1;
178 bool compiled_with_fpc_usart_host : 1;
179 // lf
180 bool compiled_with_lf : 1;
181 bool compiled_with_hitag : 1;
182 bool compiled_with_em4x50 : 1;
183 bool compiled_with_em4x70 : 1;
184 // hf
185 bool compiled_with_hfsniff : 1;
186 bool compiled_with_hfplot : 1;
187 bool compiled_with_iso14443a : 1;
188 bool compiled_with_iso14443b : 1;
189 bool compiled_with_iso15693 : 1;
190 bool compiled_with_felica : 1;
191 bool compiled_with_legicrf : 1;
192 bool compiled_with_iclass : 1;
193 bool compiled_with_nfcbarcode : 1;
194 // misc
195 bool compiled_with_lcd : 1;
196
197 // rdv4
198 bool hw_available_flash : 1;
199 bool hw_available_smartcard : 1;
200 } PACKED capabilities_t;
201 #define CAPABILITIES_VERSION 5
202 extern capabilities_t pm3_capabilities;
203
204 // For CMD_LF_T55XX_WRITEBL
205 typedef struct {
206 uint32_t data;
207 uint32_t pwd;
208 uint8_t blockno;
209 uint8_t flags;
210 } PACKED t55xx_write_block_t;
211
212 typedef struct {
213 uint8_t data[128];
214 uint8_t bitlen;
215 uint32_t time;
216 } PACKED t55xx_test_block_t;
217
218 // For CMD_LF_HID_SIMULATE (FSK)
219 typedef struct {
220 uint32_t hi2;
221 uint32_t hi;
222 uint32_t lo;
223 uint8_t longFMT;
224 bool Q5;
225 bool EM;
226 } PACKED lf_hidsim_t;
227
228 // For CMD_LF_FSK_SIMULATE (FSK)
229 typedef struct {
230 uint8_t fchigh;
231 uint8_t fclow;
232 uint8_t separator;
233 uint8_t clock;
234 uint8_t data[];
235 } PACKED lf_fsksim_t;
236
237 // For CMD_LF_ASK_SIMULATE (ASK)
238 typedef struct {
239 uint8_t encoding;
240 uint8_t invert;
241 uint8_t separator;
242 uint8_t clock;
243 uint8_t data[];
244 } PACKED lf_asksim_t;
245
246 // For CMD_LF_PSK_SIMULATE (PSK)
247 typedef struct {
248 uint8_t carrier;
249 uint8_t invert;
250 uint8_t clock;
251 uint8_t data[];
252 } PACKED lf_psksim_t;
253
254 // For CMD_LF_NRZ_SIMULATE (NRZ)
255 typedef struct {
256 uint8_t invert;
257 uint8_t separator;
258 uint8_t clock;
259 uint8_t data[];
260 } PACKED lf_nrzsim_t;
261
262 typedef struct {
263 uint8_t blockno;
264 uint8_t keytype;
265 uint8_t key[6];
266 } PACKED mf_readblock_t;
267
268 typedef struct {
269 uint8_t sectorcnt;
270 uint8_t keytype;
271 } PACKED mfc_eload_t;
272
273 typedef struct {
274 uint8_t status;
275 uint8_t CSN[8];
276 uint8_t CONFIG[8];
277 uint8_t CC[8];
278 uint8_t AIA[8];
279 } PACKED iclass_reader_t;
280
281 typedef struct {
282 const char *desc;
283 const char *value;
284 } PACKED ecdsa_publickey_t;
285
286
287 // iCLASS auth request data structure
288 // used with read block, dump, write block
289 typedef struct {
290 uint8_t key[8];
291 bool use_raw;
292 bool use_elite;
293 bool use_credit_key;
294 bool use_replay;
295 bool send_reply;
296 bool do_auth;
297 uint8_t blockno;
298 } PACKED iclass_auth_req_t;
299
300 // iCLASS read block response data structure
301 typedef struct {
302 bool isOK;
303 uint8_t div_key[8];
304 uint8_t mac[4];
305 uint8_t data[8];
306 } PACKED iclass_readblock_resp_t;
307
308 // iCLASS dump data structure
309 typedef struct {
310 iclass_auth_req_t req;
311 uint8_t start_block;
312 uint8_t end_block;
313 } PACKED iclass_dump_req_t;
314
315 // iCLASS write block request data structure
316 typedef struct {
317 iclass_auth_req_t req;
318 uint8_t data[8];
319 } PACKED iclass_writeblock_req_t;
320
321 // iCLASS dump data structure
322 typedef struct {
323 uint8_t blockno;
324 uint8_t data[8];
325 } PACKED iclass_restore_item_t;
326
327 typedef struct {
328 iclass_auth_req_t req;
329 uint8_t item_cnt;
330 iclass_restore_item_t blocks[];
331 } PACKED iclass_restore_req_t;
332
333 typedef struct iclass_premac {
334 uint8_t mac[4];
335 } PACKED iclass_premac_t;
336
337 typedef struct {
338 bool use_credit_key;
339 uint8_t count;
340 iclass_premac_t items[];
341 } PACKED iclass_chk_t;
342
343
344 // iclass / picopass chip config structures and shared routines
345 typedef struct {
346 uint8_t app_limit; //[8]
347 uint8_t otp[2]; //[9-10]
348 uint8_t block_writelock;//[11]
349 uint8_t chip_config; //[12]
350 uint8_t mem_config; //[13]
351 uint8_t eas; //[14]
352 uint8_t fuses; //[15]
353 } PACKED picopass_conf_block_t;
354
355 // iCLASS secure mode memory mapping
356 typedef struct {
357 uint8_t csn[8];
358 picopass_conf_block_t conf;
359 uint8_t epurse[8];
360 uint8_t key_d[8];
361 uint8_t key_c[8];
362 uint8_t app_issuer_area[8];
363 } PACKED picopass_hdr_t;
364
365 // iCLASS non-secure mode memory mapping
366 typedef struct {
367 uint8_t csn[8];
368 picopass_conf_block_t conf;
369 uint8_t app_issuer_area[8];
370 } PACKED picopass_ns_hdr_t;
371
372
373 typedef struct {
374 uint16_t delay_us;
375 bool on;
376 bool off;
377 } PACKED tearoff_params_t;
378
379 // when writing to SPIFFS
380 typedef struct {
381 bool append : 1;
382 uint16_t bytes_in_packet : 15;
383 uint8_t fnlen;
384 uint8_t fn[32];
385 uint8_t data[];
386 } PACKED flashmem_write_t;
387
388 // when CMD_FLASHMEM_WRITE old flashmem commands
389 typedef struct {
390 uint32_t startidx;
391 uint16_t len;
392 uint8_t data[PM3_CMD_DATA_SIZE - sizeof(uint32_t) - sizeof(uint16_t)];
393 } PACKED flashmem_old_write_t;
394
395
396 //-----------------------------------------------------------------------------
397 // ISO 7618 Smart Card
398 //-----------------------------------------------------------------------------
399 typedef struct {
400 uint8_t atr_len;
401 uint8_t atr[50];
402 } PACKED smart_card_atr_t;
403
404 typedef enum SMARTCARD_COMMAND {
405 SC_CONNECT = (1 << 0),
406 SC_NO_DISCONNECT = (1 << 1),
407 SC_RAW = (1 << 2),
408 SC_SELECT = (1 << 3),
409 SC_RAW_T0 = (1 << 4),
410 SC_CLEARLOG = (1 << 5),
411 SC_LOG = (1 << 6),
412 } smartcard_command_t;
413
414 typedef struct {
415 uint8_t flags;
416 uint16_t len;
417 uint8_t data[];
418 } PACKED smart_card_raw_t;
419
420
421 // For the bootloader
422 #define CMD_DEVICE_INFO 0x0000
423 //#define CMD_SETUP_WRITE 0x0001
424 #define CMD_FINISH_WRITE 0x0003
425 #define CMD_HARDWARE_RESET 0x0004
426 #define CMD_START_FLASH 0x0005
427 #define CMD_CHIP_INFO 0x0006
428 #define CMD_BL_VERSION 0x0007
429 #define CMD_NACK 0x00fe
430 #define CMD_ACK 0x00ff
431
432 // For general mucking around
433 #define CMD_DEBUG_PRINT_STRING 0x0100
434 #define CMD_DEBUG_PRINT_INTEGERS 0x0101
435 #define CMD_DEBUG_PRINT_BYTES 0x0102
436 #define CMD_LCD_RESET 0x0103
437 #define CMD_LCD 0x0104
438 #define CMD_BUFF_CLEAR 0x0105
439 #define CMD_READ_MEM 0x0106
440 #define CMD_VERSION 0x0107
441 #define CMD_STATUS 0x0108
442 #define CMD_PING 0x0109
443 #define CMD_DOWNLOAD_EML_BIGBUF 0x0110
444 #define CMD_DOWNLOADED_EML_BIGBUF 0x0111
445 #define CMD_CAPABILITIES 0x0112
446 #define CMD_QUIT_SESSION 0x0113
447 #define CMD_SET_DBGMODE 0x0114
448 #define CMD_STANDALONE 0x0115
449 #define CMD_WTX 0x0116
450 #define CMD_TIA 0x0117
451 #define CMD_BREAK_LOOP 0x0118
452 #define CMD_SET_TEAROFF 0x0119
453
454 // RDV40, Flash memory operations
455 #define CMD_FLASHMEM_WRITE 0x0121
456 #define CMD_FLASHMEM_WIPE 0x0122
457 #define CMD_FLASHMEM_DOWNLOAD 0x0123
458 #define CMD_FLASHMEM_DOWNLOADED 0x0124
459 #define CMD_FLASHMEM_INFO 0x0125
460 #define CMD_FLASHMEM_SET_SPIBAUDRATE 0x0126
461
462 // RDV40, High level flashmem SPIFFS Manipulation
463 // ALL function will have a lazy or Safe version
464 // that will be handled as argument of safety level [0..2] respectiveley normal / lazy / safe
465 // However as how design is, MOUNT and UNMOUNT only need/have lazy as safest level so a safe level will still execute a lazy version
466 // see spiffs.c for more about the normal/lazy/safety information)
467 #define CMD_SPIFFS_MOUNT 0x0130
468 #define CMD_SPIFFS_UNMOUNT 0x0131
469 #define CMD_SPIFFS_WRITE 0x0132
470
471 // We take +0x1000 when having a variant of similar function (todo : make it an argument!)
472 #define CMD_SPIFFS_APPEND 0x1132
473
474 #define CMD_SPIFFS_READ 0x0133
475 //We use no open/close instruction, as they are handled internally.
476 #define CMD_SPIFFS_REMOVE 0x0134
477 #define CMD_SPIFFS_RM CMD_SPIFFS_REMOVE
478 #define CMD_SPIFFS_RENAME 0x0135
479 #define CMD_SPIFFS_MV CMD_SPIFFS_RENAME
480 #define CMD_SPIFFS_COPY 0x0136
481 #define CMD_SPIFFS_CP CMD_SPIFFS_COPY
482 #define CMD_SPIFFS_STAT 0x0137
483 #define CMD_SPIFFS_FSTAT 0x0138
484 #define CMD_SPIFFS_INFO 0x0139
485 #define CMD_SPIFFS_FORMAT CMD_FLASHMEM_WIPE
486
487 #define CMD_SPIFFS_WIPE 0x013A
488
489 // This take a +0x2000 as they are high level helper and special functions
490 // As the others, they may have safety level argument if it makkes sense
491 #define CMD_SPIFFS_PRINT_TREE 0x2130
492 #define CMD_SPIFFS_GET_TREE 0x2131
493 #define CMD_SPIFFS_TEST 0x2132
494 #define CMD_SPIFFS_PRINT_FSINFO 0x2133
495 #define CMD_SPIFFS_DOWNLOAD 0x2134
496 #define CMD_SPIFFS_DOWNLOADED 0x2135
497 #define CMD_SPIFFS_CHECK 0x3000
498 // more ?
499
500
501 // RDV40, Smart card operations
502 #define CMD_SMART_RAW 0x0140
503 #define CMD_SMART_UPGRADE 0x0141
504 #define CMD_SMART_UPLOAD 0x0142
505 #define CMD_SMART_ATR 0x0143
506 #define CMD_SMART_SETBAUD 0x0144
507 #define CMD_SMART_SETCLOCK 0x0145
508
509 // RDV40, FPC USART
510 #define CMD_USART_RX 0x0160
511 #define CMD_USART_TX 0x0161
512 #define CMD_USART_TXRX 0x0162
513 #define CMD_USART_CONFIG 0x0163
514
515 // For low-frequency tags
516 #define CMD_LF_TI_READ 0x0202
517 #define CMD_LF_TI_WRITE 0x0203
518 #define CMD_LF_ACQ_RAW_ADC 0x0205
519 #define CMD_LF_MOD_THEN_ACQ_RAW_ADC 0x0206
520 #define CMD_DOWNLOAD_BIGBUF 0x0207
521 #define CMD_DOWNLOADED_BIGBUF 0x0208
522 #define CMD_LF_UPLOAD_SIM_SAMPLES 0x0209
523 #define CMD_LF_SIMULATE 0x020A
524 #define CMD_LF_HID_WATCH 0x020B
525 #define CMD_LF_HID_SIMULATE 0x020C
526 #define CMD_LF_SET_DIVISOR 0x020D
527 #define CMD_LF_SIMULATE_BIDIR 0x020E
528 #define CMD_SET_ADC_MUX 0x020F
529 #define CMD_LF_HID_CLONE 0x0210
530 #define CMD_LF_EM410X_WRITE 0x0211
531 #define CMD_LF_T55XX_READBL 0x0214
532 #define CMD_LF_T55XX_WRITEBL 0x0215
533 #define CMD_LF_T55XX_RESET_READ 0x0216
534 #define CMD_LF_PCF7931_READ 0x0217
535 #define CMD_LF_PCF7931_WRITE 0x0223
536 #define CMD_LF_EM4X_LOGIN 0x0229
537 #define CMD_LF_EM4X_READWORD 0x0218
538 #define CMD_LF_EM4X_WRITEWORD 0x0219
539 #define CMD_LF_EM4X_PROTECTWORD 0x021B
540 #define CMD_LF_EM4X_BF 0x022A
541 #define CMD_LF_IO_WATCH 0x021A
542 #define CMD_LF_EM410X_WATCH 0x021C
543 #define CMD_LF_EM4X50_INFO 0x0240
544 #define CMD_LF_EM4X50_WRITE 0x0241
545 #define CMD_LF_EM4X50_WRITEPWD 0x0242
546 #define CMD_LF_EM4X50_READ 0x0243
547 #define CMD_LF_EM4X50_BRUTE 0x0245
548 #define CMD_LF_EM4X50_LOGIN 0x0246
549 #define CMD_LF_EM4X50_SIM 0x0250
550 #define CMD_LF_EM4X50_READER 0x0251
551 #define CMD_LF_EM4X50_ESET 0x0252
552 #define CMD_LF_EM4X50_CHK 0x0253
553 #define CMD_LF_EM4X70_INFO 0x0260
554 #define CMD_LF_EM4X70_WRITE 0x0261
555 #define CMD_LF_EM4X70_UNLOCK 0x0262
556 #define CMD_LF_EM4X70_AUTH 0x0263
557 #define CMD_LF_EM4X70_WRITEPIN 0x0264
558 #define CMD_LF_EM4X70_WRITEKEY 0x0265
559 // Sampling configuration for LF reader/sniffer
560 #define CMD_LF_SAMPLING_SET_CONFIG 0x021D
561 #define CMD_LF_FSK_SIMULATE 0x021E
562 #define CMD_LF_ASK_SIMULATE 0x021F
563 #define CMD_LF_PSK_SIMULATE 0x0220
564 #define CMD_LF_NRZ_SIMULATE 0x0232
565 #define CMD_LF_AWID_WATCH 0x0221
566 #define CMD_LF_VIKING_CLONE 0x0222
567 #define CMD_LF_T55XX_WAKEUP 0x0224
568 #define CMD_LF_COTAG_READ 0x0225
569 #define CMD_LF_T55XX_SET_CONFIG 0x0226
570 #define CMD_LF_SAMPLING_PRINT_CONFIG 0x0227
571 #define CMD_LF_SAMPLING_GET_CONFIG 0x0228
572
573 #define CMD_LF_T55XX_CHK_PWDS 0x0230
574 #define CMD_LF_T55XX_DANGERRAW 0x0231
575
576 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
577
578 // For the 13.56 MHz tags
579 #define CMD_HF_ISO15693_ACQ_RAW_ADC 0x0300
580 #define CMD_HF_SRI_READ 0x0303
581 #define CMD_HF_ISO14443B_COMMAND 0x0305
582 #define CMD_HF_ISO15693_READER 0x0310
583 #define CMD_HF_ISO15693_SIMULATE 0x0311
584 #define CMD_HF_ISO15693_SNIFF 0x0312
585 #define CMD_HF_ISO15693_COMMAND 0x0313
586 #define CMD_HF_ISO15693_FINDAFI 0x0315
587 #define CMD_HF_ISO15693_CSETUID 0x0316
588 #define CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY 0x0317
589
590 #define CMD_LF_SNIFF_RAW_ADC 0x0360
591
592 // For Hitag2 transponders
593 #define CMD_LF_HITAG_SNIFF 0x0370
594 #define CMD_LF_HITAG_SIMULATE 0x0371
595 #define CMD_LF_HITAG_READER 0x0372
596
597 // For HitagS
598 #define CMD_LF_HITAGS_TEST_TRACES 0x0367
599 #define CMD_LF_HITAGS_SIMULATE 0x0368
600 #define CMD_LF_HITAGS_READ 0x0373
601 #define CMD_LF_HITAGS_WRITE 0x0375
602
603 #define CMD_LF_HITAG_ELOAD 0x0376
604
605 #define CMD_HF_ISO14443A_ANTIFUZZ 0x0380
606 #define CMD_HF_ISO14443B_SIMULATE 0x0381
607 #define CMD_HF_ISO14443B_SNIFF 0x0382
608
609 #define CMD_HF_ISO14443A_SNIFF 0x0383
610 #define CMD_HF_ISO14443A_SIMULATE 0x0384
611
612 #define CMD_HF_ISO14443A_READER 0x0385
613
614 #define CMD_HF_LEGIC_SIMULATE 0x0387
615 #define CMD_HF_LEGIC_READER 0x0388
616 #define CMD_HF_LEGIC_WRITER 0x0389
617
618 #define CMD_HF_EPA_COLLECT_NONCE 0x038A
619 #define CMD_HF_EPA_REPLAY 0x038B
620
621 #define CMD_HF_LEGIC_INFO 0x03BC
622 #define CMD_HF_LEGIC_ESET 0x03BD
623
624 // iCLASS / Picopass
625 #define CMD_HF_ICLASS_READCHECK 0x038F
626 #define CMD_HF_ICLASS_DUMP 0x0391
627 #define CMD_HF_ICLASS_SNIFF 0x0392
628 #define CMD_HF_ICLASS_SIMULATE 0x0393
629 #define CMD_HF_ICLASS_READER 0x0394
630 #define CMD_HF_ICLASS_READBL 0x0396
631 #define CMD_HF_ICLASS_WRITEBL 0x0397
632 #define CMD_HF_ICLASS_EML_MEMSET 0x0398
633 #define CMD_HF_ICLASS_CHKKEYS 0x039A
634 #define CMD_HF_ICLASS_RESTORE 0x039B
635
636 // For ISO1092 / FeliCa
637 #define CMD_HF_FELICA_SIMULATE 0x03A0
638 #define CMD_HF_FELICA_SNIFF 0x03A1
639 #define CMD_HF_FELICA_COMMAND 0x03A2
640 //temp
641 #define CMD_HF_FELICALITE_DUMP 0x03AA
642 #define CMD_HF_FELICALITE_SIMULATE 0x03AB
643
644 // For 14a config
645 #define CMD_HF_ISO14443A_PRINT_CONFIG 0x03B0
646 #define CMD_HF_ISO14443A_GET_CONFIG 0x03B1
647 #define CMD_HF_ISO14443A_SET_CONFIG 0x03B2
648
649 // For measurements of the antenna tuning
650 #define CMD_MEASURE_ANTENNA_TUNING 0x0400
651 #define CMD_MEASURE_ANTENNA_TUNING_HF 0x0401
652 #define CMD_MEASURE_ANTENNA_TUNING_LF 0x0402
653 #define CMD_LISTEN_READER_FIELD 0x0420
654 #define CMD_HF_DROPFIELD 0x0430
655
656 // For direct FPGA control
657 #define CMD_FPGA_MAJOR_MODE_OFF 0x0500
658
659 // For mifare commands
660 #define CMD_HF_MIFARE_EML_MEMCLR 0x0601
661 #define CMD_HF_MIFARE_EML_MEMSET 0x0602
662 #define CMD_HF_MIFARE_EML_MEMGET 0x0603
663 #define CMD_HF_MIFARE_EML_LOAD 0x0604
664
665 // magic chinese card commands
666 #define CMD_HF_MIFARE_CSETBL 0x0605
667 #define CMD_HF_MIFARE_CGETBL 0x0606
668 #define CMD_HF_MIFARE_CIDENT 0x0607
669
670 #define CMD_HF_MIFARE_SIMULATE 0x0610
671
672 #define CMD_HF_MIFARE_READER 0x0611
673 #define CMD_HF_MIFARE_NESTED 0x0612
674 #define CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES 0x0613
675 #define CMD_HF_MIFARE_ACQ_NONCES 0x0614
676 #define CMD_HF_MIFARE_STATIC_NESTED 0x0615
677
678 #define CMD_HF_MIFARE_READBL 0x0620
679 #define CMD_HF_MIFAREU_READBL 0x0720
680 #define CMD_HF_MIFARE_READSC 0x0621
681 #define CMD_HF_MIFAREU_READCARD 0x0721
682 #define CMD_HF_MIFARE_WRITEBL 0x0622
683 #define CMD_HF_MIFAREU_WRITEBL 0x0722
684 #define CMD_HF_MIFAREU_WRITEBL_COMPAT 0x0723
685
686 #define CMD_HF_MIFARE_CHKKEYS 0x0623
687 #define CMD_HF_MIFARE_SETMOD 0x0624
688 #define CMD_HF_MIFARE_CHKKEYS_FAST 0x0625
689 #define CMD_HF_MIFARE_CHKKEYS_FILE 0x0626
690
691 #define CMD_HF_MIFARE_SNIFF 0x0630
692 #define CMD_HF_MIFARE_MFKEY 0x0631
693 #define CMD_HF_MIFARE_PERSONALIZE_UID 0x0632
694
695 //ultralightC
696 #define CMD_HF_MIFAREUC_AUTH 0x0724
697 //0x0725 and 0x0726 no longer used
698 #define CMD_HF_MIFAREUC_SETPWD 0x0727
699
700 // mifare desfire
701 #define CMD_HF_DESFIRE_READBL 0x0728
702 #define CMD_HF_DESFIRE_WRITEBL 0x0729
703 #define CMD_HF_DESFIRE_AUTH1 0x072a
704 #define CMD_HF_DESFIRE_AUTH2 0x072b
705 #define CMD_HF_DESFIRE_READER 0x072c
706 #define CMD_HF_DESFIRE_INFO 0x072d
707 #define CMD_HF_DESFIRE_COMMAND 0x072e
708
709 #define CMD_HF_MIFARE_NACK_DETECT 0x0730
710 #define CMD_HF_MIFARE_STATIC_NONCE 0x0731
711
712 // MFU OTP TearOff
713 #define CMD_HF_MFU_OTP_TEAROFF 0x0740
714 // MFU_Ev1 Counter TearOff
715 #define CMD_HF_MFU_COUNTER_TEAROFF 0x0741
716
717
718 #define CMD_HF_SNIFF 0x0800
719 #define CMD_HF_PLOT 0x0801
720
721 // Fpga plot download
722 #define CMD_FPGAMEM_DOWNLOAD 0x0802
723 #define CMD_FPGAMEM_DOWNLOADED 0x0803
724
725 // For ThinFilm Kovio
726 #define CMD_HF_THINFILM_READ 0x0810
727 #define CMD_HF_THINFILM_SIMULATE 0x0811
728
729 //For Atmel CryptoRF
730 #define CMD_HF_CRYPTORF_SIM 0x0820
731
732 // Gen 3 magic cards
733 #define CMD_HF_MIFARE_GEN3UID 0x0850
734 #define CMD_HF_MIFARE_GEN3BLK 0x0851
735 #define CMD_HF_MIFARE_GEN3FREEZ 0x0852
736
737 #define CMD_UNKNOWN 0xFFFF
738
739 //Mifare simulation flags
740 #define FLAG_INTERACTIVE 0x01
741 #define FLAG_4B_UID_IN_DATA 0x02
742 #define FLAG_7B_UID_IN_DATA 0x04
743 #define FLAG_10B_UID_IN_DATA 0x08
744 #define FLAG_UID_IN_EMUL 0x10
745 #define FLAG_NR_AR_ATTACK 0x20
746 #define FLAG_MF_MINI 0x80
747 #define FLAG_MF_1K 0x100
748 #define FLAG_MF_2K 0x200
749 #define FLAG_MF_4K 0x400
750 #define FLAG_FORCED_ATQA 0x800
751 #define FLAG_FORCED_SAK 0x1000
752 #define FLAG_CVE21_0430 0x2000
753
754
755 // iCLASS reader flags
756 #define FLAG_ICLASS_READER_INIT 0x01
757 #define FLAG_ICLASS_READER_CLEARTRACE 0x02
758 #define FLAG_ICLASS_READER_ONLY_ONCE 0x04
759 #define FLAG_ICLASS_READER_CREDITKEY 0x08
760 #define FLAG_ICLASS_READER_AIA 0x10
761
762 // iCLASS reader status flags
763 #define FLAG_ICLASS_CSN 0x01
764 #define FLAG_ICLASS_CC 0x02
765 #define FLAG_ICLASS_CONF 0x04
766 #define FLAG_ICLASS_AIA 0x08
767
768 // iCLASS simulation modes
769 #define ICLASS_SIM_MODE_CSN 0
770 #define ICLASS_SIM_MODE_CSN_DEFAULT 1
771 #define ICLASS_SIM_MODE_READER_ATTACK 2
772 #define ICLASS_SIM_MODE_FULL 3
773 #define ICLASS_SIM_MODE_READER_ATTACK_KEYROLL 4
774 #define ICLASS_SIM_MODE_EXIT_AFTER_MAC 5 // note: device internal only
775 #define ICLASS_SIM_MODE_CONFIG_CARD 6
776
777 #define MODE_SIM_CSN 0
778 #define MODE_EXIT_AFTER_MAC 1
779 #define MODE_FULLSIM 2
780
781 // Static Nonce detection
782 #define NONCE_FAIL 0x01
783 #define NONCE_NORMAL 0x02
784 #define NONCE_STATIC 0x03
785
786 // Dbprintf flags
787 #define FLAG_RAWPRINT 0x00
788 #define FLAG_LOG 0x01
789 #define FLAG_NEWLINE 0x02
790 #define FLAG_INPLACE 0x04
791 #define FLAG_ANSI 0x08
792
793 // Error codes Usages:
794
795 // Success, transfer nonces pm3: Sending nonces back to client
796 #define PM3_SNONCES 1
797 // Success (no error)
798 #define PM3_SUCCESS 0
799
800 // Undefined error
801 #define PM3_EUNDEF -1
802 // Invalid argument(s) client: user input parsing
803 #define PM3_EINVARG -2
804 // Operation not supported by device client/pm3: probably only on pm3 once client becomes universal
805 #define PM3_EDEVNOTSUPP -3
806 // Operation timed out client: no response in time from pm3
807 #define PM3_ETIMEOUT -4
808 // Operation aborted (by user) client/pm3: kbd/button pressed
809 #define PM3_EOPABORTED -5
810 // Not (yet) implemented client/pm3: TBD place holder
811 #define PM3_ENOTIMPL -6
812 // Error while RF transmission client/pm3: fail between pm3 & card
813 #define PM3_ERFTRANS -7
814 // Input / output error pm3: error in client frame reception
815 #define PM3_EIO -8
816 // Buffer overflow client/pm3: specified buffer too large for the operation
817 #define PM3_EOVFLOW -9
818 // Software error client/pm3: e.g. error in parsing some data
819 #define PM3_ESOFT -10
820 // Flash error client/pm3: error in RDV4 Flash operation
821 #define PM3_EFLASH -11
822 // Memory allocation error client: error in memory allocation (maybe also for pm3 BigBuff?)
823 #define PM3_EMALLOC -12
824 // File error client: error related to file access on host
825 #define PM3_EFILE -13
826 // Generic TTY error
827 #define PM3_ENOTTY -14
828 // Initialization error pm3: error related to trying to initialize the pm3 / fpga for different operations
829 #define PM3_EINIT -15
830 // Expected a different answer error client/pm3: error when expecting one answer and got another one
831 #define PM3_EWRONGANSWER -16
832 // Memory out-of-bounds error client/pm3: error when a read/write is outside the expected array
833 #define PM3_EOUTOFBOUND -17
834 // exchange with card error client/pm3: error when cant get answer from card or got an incorrect answer
835 #define PM3_ECARDEXCHANGE -18
836
837 // Failed to create APDU,
838 #define PM3_EAPDU_ENCODEFAIL -19
839 // APDU responded with a failure code
840 #define PM3_EAPDU_FAIL -20
841
842 // execute pm3 cmd failed client/pm3: when one of our pm3 cmd tries and fails. opposite from PM3_SUCCESS
843 #define PM3_EFAILED -21
844 // partial success client/pm3: when trying to dump a tag and fails on some blocks. Partial dump.
845 #define PM3_EPARTIAL -22
846 // tearoff occured client/pm3: when a tearoff hook was called and a tearoff actually happened
847 #define PM3_ETEAROFF -23
848
849 // Got bad CRC client/pm3: error in transfer of data, crc mismatch.
850 #define PM3_ECRC -24
851
852 // No data pm3: no data available, no host frame available (not really an error)
853 #define PM3_ENODATA -98
854 // Quit program client: reserved, order to quit the program
855 #define PM3_EFATAL -99
856
857 // LF
858 #define LF_FREQ2DIV(f) ((int)(((12000.0 + (f)/2.0)/(f))-1))
859 #define LF_DIVISOR_125 LF_FREQ2DIV(125)
860 #define LF_DIVISOR_134 LF_FREQ2DIV(134.2)
861 #define LF_DIV2FREQ(d) (12000.0/((d)+1))
862 #define LF_CMDREAD_MAX_EXTRA_SYMBOLS 4
863
864 // Receiving from USART need more than 30ms as we used on USB
865 // else we get errors about partial packet reception
866 // FTDI 9600 hw status -> we need 20ms
867 // FTDI 115200 hw status -> we need 50ms
868 // FTDI 460800 hw status -> we need 30ms
869 // BT 115200 hf mf fchk --1k -f file.dic -> we need 140ms
870 // all zero's configure: no timeout for read/write used.
871 // took settings from libnfc/buses/uart.c
872
873 // uart_windows.c & uart_posix.c
874 # define UART_FPC_CLIENT_RX_TIMEOUT_MS 200
875 # define UART_USB_CLIENT_RX_TIMEOUT_MS 20
876 # define UART_TCP_CLIENT_RX_TIMEOUT_MS 500
877
878
879 // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions:
880 /* Whether a bootloader that understands the common_area is present */
881 #define DEVICE_INFO_FLAG_BOOTROM_PRESENT (1<<0)
882
883 /* Whether a osimage that understands the common_area is present */
884 #define DEVICE_INFO_FLAG_OSIMAGE_PRESENT (1<<1)
885
886 /* Set if the bootloader is currently executing */
887 #define DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM (1<<2)
888
889 /* Set if the OS is currently executing */
890 #define DEVICE_INFO_FLAG_CURRENT_MODE_OS (1<<3)
891
892 /* Set if this device understands the extend start flash command */
893 #define DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH (1<<4)
894
895 /* Set if this device understands the chip info command */
896 #define DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO (1<<5)
897
898 /* Set if this device understands the version command */
899 #define DEVICE_INFO_FLAG_UNDERSTANDS_VERSION (1<<6)
900
901 #define BL_VERSION_MAJOR(version) ((uint32_t)(version) >> 22)
902 #define BL_VERSION_MINOR(version) (((uint32_t)(version) >> 12) & 0x3ff)
903 #define BL_VERSION_PATCH(version) ((uint32_t)(version) & 0xfff)
904 #define BL_MAKE_VERSION(major, minor, patch) (((major) << 22) | ((minor) << 12) | (patch))
905 // Some boundaries to distinguish valid versions from corrupted info
906 #define BL_VERSION_FIRST_MAJOR 1
907 #define BL_VERSION_LAST_MAJOR 99
908 #define BL_VERSION_INVALID 0
909 // Different versions here. Each version should increase the numbers
910 #define BL_VERSION_1_0_0 BL_MAKE_VERSION(1, 0, 0)
911
912
913 /* CMD_START_FLASH may have three arguments: start of area to flash,
914 end of area to flash, optional magic.
915 The bootrom will not allow to overwrite itself unless this magic
916 is given as third parameter */
917
918 #define START_FLASH_MAGIC 0x54494f44 // 'DOIT'
919
920 #endif
Proxmark3 - the RFID research Swiss army knife. Iceman firmware