include/mifare.h

   1 //-----------------------------------------------------------------------------
   2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
   3 //
   4 // This program is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // This program is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // See LICENSE.txt for the text of the license.
  15 //-----------------------------------------------------------------------------
  16 // MIFARE type prototyping
  17 //-----------------------------------------------------------------------------
  18
  19 #ifndef _MIFARE_H_
  20 #define _MIFARE_H_
  21
  22 #include "common.h"
  23
  24 #define MF_KEY_A 0
  25 #define MF_KEY_B 1
  26
  27 #define MF_MAD1_SECTOR 0x00
  28 #define MF_MAD2_SECTOR 0x10
  29
  30 //-----------------------------------------------------------------------------
  31 // Common types, used by client and ARM
  32 //-----------------------------------------------------------------------------
  33 // New Ultralight/NTAG dump file format
  34 // Length must be aligned to 4 bytes (UL/NTAG page)
  35 #define MFU_DUMP_PREFIX_LENGTH 56
  36
  37 typedef struct {
  38     uint8_t version[8];
  39     uint8_t tbo[2];
  40     uint8_t tbo1[1];
  41     uint8_t pages;                  // max page number in dump
  42     uint8_t signature[32];
  43     uint8_t counter_tearing[3][4];  // 3 bytes counter, 1 byte tearing flag
  44     uint8_t data[1024];
  45 } PACKED mfu_dump_t;
  46
  47 //-----------------------------------------------------------------------------
  48 // ISO 14443A
  49 //-----------------------------------------------------------------------------
  50 typedef struct {
  51     uint8_t uid[10];
  52     uint8_t uidlen;
  53     uint8_t atqa[2];
  54     uint8_t sak;
  55     uint8_t ats_len;
  56     uint8_t ats[256];
  57 } PACKED iso14a_card_select_t;
  58
  59 typedef struct {
  60     uint8_t uid[10];
  61     uint8_t uidlen;
  62     uint8_t atqa[2];
  63     uint8_t sak;
  64     uint8_t ats_len;
  65     uint8_t ats[256];
  66     uint8_t signature[32];
  67 } PACKED iso14a_card_select_ev1_t;
  68
  69 typedef struct {
  70     iso14a_card_select_t card_info;
  71     uint16_t dumplen;
  72     uint8_t *dump;
  73 } iso14a_mf_extdump_t;
  74
  75 typedef struct {
  76     union {
  77         iso14a_card_select_t mfc;
  78         iso14a_card_select_ev1_t ev1;
  79     } card;
  80     uint16_t dumplen;
  81     uint8_t *dump;
  82 } iso14a_mf_dump_ev1_t;
  83
  84
  85 typedef enum ISO14A_COMMAND {
  86     ISO14A_CONNECT = (1 << 0),
  87     ISO14A_NO_DISCONNECT = (1 << 1),
  88     ISO14A_APDU = (1 << 2),
  89     ISO14A_RAW = (1 << 3),
  90     ISO14A_REQUEST_TRIGGER = (1 << 4),
  91     ISO14A_APPEND_CRC = (1 << 5),
  92     ISO14A_SET_TIMEOUT = (1 << 6),
  93     ISO14A_NO_SELECT = (1 << 7),
  94     ISO14A_TOPAZMODE = (1 << 8),
  95     ISO14A_NO_RATS = (1 << 9),
  96     ISO14A_SEND_CHAINING = (1 << 10),
  97     ISO14A_USE_ECP = (1 << 11),
  98     ISO14A_USE_MAGSAFE = (1 << 12),
  99     ISO14A_USE_CUSTOM_POLLING = (1 << 13)
 100 } iso14a_command_t;
 101
 102 // Defines a frame that will be used in a polling sequence
 103 // ECP Frames are up to (7 + 16) bytes long, 24 bytes should cover future and other cases
 104 typedef struct {
 105     uint8_t frame[24];
 106     uint8_t frame_length;
 107     uint8_t last_byte_bits;
 108     uint16_t extra_delay;
 109 } PACKED iso14a_polling_frame_t;
 110
 111 // Defines polling sequence configuration
 112 // 6 would be enough for 4 magsafe, 1 wupa, 1 ecp,
 113 typedef struct {
 114     iso14a_polling_frame_t frames[6];
 115     uint8_t frame_count;
 116     uint16_t extra_timeout;
 117 } PACKED iso14a_polling_parameters_t;
 118
 119 typedef struct {
 120     uint8_t *response;
 121     uint8_t *modulation;
 122     uint16_t response_n;
 123     uint16_t modulation_n;
 124     uint32_t ProxToAirDuration;
 125     uint8_t  par; // enough for precalculated parity of 8 Byte responses
 126 } PACKED tag_response_info_t;
 127
 128 // DESFIRE_RAW flag enums
 129 typedef enum DESFIRE_COMMAND {
 130     NONE         = 0x00,
 131     INIT         = 0x01,
 132     DISCONNECT   = 0x02,
 133     CLEARTRACE   = 0x04,
 134     BAR          = 0x10,
 135 } desfire_command_t;
 136
 137 typedef enum {
 138     MFDES_AUTH_DES = 1,
 139     MFDES_AUTH_ISO = 2,
 140     MFDES_AUTH_AES = 3,
 141     MFDES_AUTH_PICC = 4
 142 } mifare_des_authmode_t;
 143
 144 typedef enum {
 145     MFDES_ALGO_DES = 1,
 146     MFDES_ALGO_3DES = 2,
 147     MFDES_ALGO_3K3DES = 3,
 148     MFDES_ALGO_AES = 4
 149 } mifare_des_authalgo_t;
 150
 151 typedef enum {
 152     MFDES_KDF_ALGO_NONE = 0,
 153     MFDES_KDF_ALGO_AN10922 = 1,
 154     MFDES_KDF_ALGO_GALLAGHER = 2,
 155 } mifare_des_kdf_algo_t;
 156
 157 //-----------------------------------------------------------------------------
 158 // "hf 14a sim -x", "hf mf sim -x" attacks
 159 //-----------------------------------------------------------------------------
 160 typedef struct {
 161     uint32_t cuid;
 162     uint32_t nonce;
 163     uint32_t ar;
 164     uint32_t nr;
 165     uint32_t at;
 166     uint32_t nonce2;
 167     uint32_t ar2;
 168     uint32_t nr2;
 169     uint8_t  sector;
 170     uint8_t  keytype;
 171     enum {
 172         EMPTY,
 173         FIRST,
 174         SECOND,
 175     } state;
 176 } PACKED nonces_t;
 177
 178 #endif // _MIFARE_H_