search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #2593 from Akury83/master
[RRG-proxmark3.git] / include / pm3_cmd.h
blob1213e7d4df478c3f97920c567d32df74f3bb5040
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // Definitions for all the types of commands that may be sent over USB; our
17 // own protocol.
18 //-----------------------------------------------------------------------------
19
20 #ifndef __PM3_CMD_H
21 #define __PM3_CMD_H
22
23 #include "common.h"
24
25 // Use it e.g. when using slow links such as BT
26 #define USART_SLOW_LINK
27
28 #define PM3_CMD_DATA_SIZE 512
29 #define PM3_CMD_DATA_SIZE_MIX ( PM3_CMD_DATA_SIZE - 3 * sizeof(uint64_t) )
30
31 typedef struct {
32 uint64_t cmd;
33 uint64_t arg[3];
34 union {
35 uint8_t asBytes[PM3_CMD_DATA_SIZE];
36 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
37 } d;
38 } PACKED PacketCommandOLD;
39
40 typedef struct {
41 uint32_t magic;
42 uint16_t length : 15; // length of the variable part, 0 if none.
43 bool ng : 1;
44 uint16_t cmd;
45 } PACKED PacketCommandNGPreamble;
46
47 #define COMMANDNG_PREAMBLE_MAGIC 0x61334d50 // PM3a
48 #define COMMANDNG_POSTAMBLE_MAGIC 0x3361 // a3
49
50 typedef struct {
51 uint16_t crc;
52 } PACKED PacketCommandNGPostamble;
53
54 // For internal usage
55 typedef struct {
56 uint16_t cmd;
57 uint16_t length;
58 uint32_t magic; // NG
59 uint16_t crc; // NG
60 uint64_t oldarg[3]; // OLD
61 union {
62 uint8_t asBytes[PM3_CMD_DATA_SIZE];
63 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
64 } data;
65 bool ng; // does it store NG data or OLD data?
66 } PacketCommandNG;
67
68 // For reception and CRC check
69 typedef struct {
70 PacketCommandNGPreamble pre;
71 uint8_t data[PM3_CMD_DATA_SIZE];
72 PacketCommandNGPostamble foopost; // Probably not at that offset!
73 } PACKED PacketCommandNGRaw;
74
75 typedef struct {
76 uint64_t cmd;
77 uint64_t arg[3];
78 union {
79 uint8_t asBytes[PM3_CMD_DATA_SIZE];
80 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
81 } d;
82 } PACKED PacketResponseOLD;
83
84 typedef struct {
85 uint32_t magic;
86 uint16_t length : 15; // length of the variable part, 0 if none.
87 bool ng : 1;
88 int8_t status;
89 int8_t reason;
90 uint16_t cmd;
91 } PACKED PacketResponseNGPreamble;
92
93 #define RESPONSENG_PREAMBLE_MAGIC 0x62334d50 // PM3b
94 #define RESPONSENG_POSTAMBLE_MAGIC 0x3362 // b3
95
96 typedef struct {
97 uint16_t crc;
98 } PACKED PacketResponseNGPostamble;
99
100 // For internal usage
101 typedef struct {
102 uint16_t cmd;
103 uint16_t length;
104 uint32_t magic; // NG
105 int8_t status; // NG
106 int8_t reason; // NG
107 uint16_t crc; // NG
108 uint64_t oldarg[3]; // OLD
109 union {
110 uint8_t asBytes[PM3_CMD_DATA_SIZE];
111 uint32_t asDwords[PM3_CMD_DATA_SIZE / 4];
112 } data;
113 bool ng; // does it store NG data or OLD data?
114 } PacketResponseNG;
115
116 // For reception and CRC check
117 typedef struct {
118 PacketResponseNGPreamble pre;
119 uint8_t data[PM3_CMD_DATA_SIZE];
120 PacketResponseNGPostamble foopost; // Probably not at that offset!
121 } PACKED PacketResponseNGRaw;
122
123 // A struct used to send sample-configs over USB
124 typedef struct {
125 int8_t decimation;
126 int8_t bits_per_sample;
127 int8_t averaging;
128 int16_t divisor;
129 int16_t trigger_threshold;
130 int32_t samples_to_skip;
131 bool verbose;
132 } PACKED sample_config;
133
134 // A struct used to send hf14a-configs over USB
135 typedef struct {
136 int8_t forceanticol; // 0:auto 1:force executing anticol 2:force skipping anticol
137 int8_t forcebcc; // 0:expect valid BCC 1:force using computed BCC 2:force using card BCC
138 int8_t forcecl2; // 0:auto 1:force executing CL2 2:force skipping CL2
139 int8_t forcecl3; // 0:auto 1:force executing CL3 2:force skipping CL3
140 int8_t forcerats; // 0:auto 1:force executing RATS 2:force skipping RATS
141 } PACKED hf14a_config;
142
143 // Tracelog Header struct
144 typedef struct {
145 uint32_t timestamp;
146 uint16_t duration;
147 uint16_t data_len : 15;
148 bool isResponse : 1;
149 uint8_t frame[];
150 // data_len bytes of data
151 // ceil(data_len/8) bytes of parity
152 } PACKED tracelog_hdr_t;
153
154 #define TRACELOG_HDR_LEN sizeof(tracelog_hdr_t)
155 #define TRACELOG_PARITY_LEN(x) (((x)->data_len - 1) / 8 + 1)
156
157 // T55XX - Extended to support 1 of 4 timing
158 typedef struct {
159 uint16_t start_gap;
160 uint16_t write_gap;
161 uint16_t write_0;
162 uint16_t write_1;
163 uint16_t read_gap;
164 uint16_t write_2;
165 uint16_t write_3;
166 } t55xx_config_t;
167
168 // T55XX - This setup will allow for the 4 downlink modes "m" as well as other items if needed.
169 // Given the one struct we can then read/write to flash/client in one go.
170 typedef struct {
171 t55xx_config_t m[4]; // mode
172 } t55xx_configurations_t;
173
174
175 // Capabilities struct to keep track of what functions was compiled in the device firmware
176 typedef struct {
177 uint8_t version;
178 uint32_t baudrate;
179 uint32_t bigbuf_size;
180 bool via_fpc : 1;
181 bool via_usb : 1;
182 // rdv4
183 bool compiled_with_flash : 1;
184 bool compiled_with_smartcard : 1;
185 bool compiled_with_fpc_usart : 1;
186 bool compiled_with_fpc_usart_dev : 1;
187 bool compiled_with_fpc_usart_host : 1;
188 // lf
189 bool compiled_with_lf : 1;
190 bool compiled_with_hitag : 1;
191 bool compiled_with_em4x50 : 1;
192 bool compiled_with_em4x70 : 1;
193 bool compiled_with_zx8211 : 1;
194 // hf
195 bool compiled_with_hfsniff : 1;
196 bool compiled_with_hfplot : 1;
197 bool compiled_with_iso14443a : 1;
198 bool compiled_with_iso14443b : 1;
199 bool compiled_with_iso15693 : 1;
200 bool compiled_with_felica : 1;
201 bool compiled_with_legicrf : 1;
202 bool compiled_with_iclass : 1;
203 bool compiled_with_nfcbarcode : 1;
204 // misc
205 bool compiled_with_lcd : 1;
206
207 // rdv4
208 bool hw_available_flash : 1;
209 bool hw_available_smartcard : 1;
210 bool is_rdv4 : 1;
211 } PACKED capabilities_t;
212 #define CAPABILITIES_VERSION 6
213 extern capabilities_t g_pm3_capabilities;
214
215 // For CMD_LF_T55XX_WRITEBL
216 typedef struct {
217 uint32_t data;
218 uint32_t pwd;
219 uint8_t blockno;
220 uint8_t flags;
221 } PACKED t55xx_write_block_t;
222
223 typedef struct {
224 uint8_t data[128];
225 uint8_t bitlen;
226 uint32_t time;
227 } PACKED t55xx_test_block_t;
228
229 // For CMD_LF_HID_SIMULATE (FSK)
230 typedef struct {
231 uint32_t hi2;
232 uint32_t hi;
233 uint32_t lo;
234 uint8_t longFMT;
235 bool Q5;
236 bool EM;
237 } PACKED lf_hidsim_t;
238
239 // For CMD_LF_FSK_SIMULATE (FSK)
240 typedef struct {
241 uint8_t fchigh;
242 uint8_t fclow;
243 uint8_t separator;
244 uint8_t clock;
245 uint8_t data[];
246 } PACKED lf_fsksim_t;
247
248 // For CMD_LF_ASK_SIMULATE (ASK)
249 typedef struct {
250 uint8_t encoding;
251 uint8_t invert;
252 uint8_t separator;
253 uint8_t clock;
254 uint8_t data[];
255 } PACKED lf_asksim_t;
256
257 // For CMD_LF_PSK_SIMULATE (PSK)
258 typedef struct {
259 uint8_t carrier;
260 uint8_t invert;
261 uint8_t clock;
262 uint8_t data[];
263 } PACKED lf_psksim_t;
264
265 // For CMD_LF_NRZ_SIMULATE (NRZ)
266 typedef struct {
267 uint8_t invert;
268 uint8_t separator;
269 uint8_t clock;
270 uint8_t data[];
271 } PACKED lf_nrzsim_t;
272
273 typedef struct {
274 uint8_t type;
275 uint16_t len;
276 uint8_t data[];
277 } PACKED lf_hitag_t;
278
279 // For CMD_LF_SNIFF_RAW_ADC and CMD_LF_ACQ_RAW_ADC
280 #define LF_SAMPLES_BITS 30
281 #define MAX_LF_SAMPLES ((((uint32_t)1u) << LF_SAMPLES_BITS) - 1)
282
283 typedef struct {
284 // 64KB SRAM -> 524288 bits(max sample num) < 2^30
285 uint32_t samples :
286 LF_SAMPLES_BITS;
287 bool realtime : 1;
288 bool verbose : 1;
289 } PACKED lf_sample_payload_t;
290
291 typedef struct {
292 uint8_t blockno;
293 uint8_t keytype;
294 uint8_t key[6];
295 } PACKED mf_readblock_t;
296
297 typedef enum {
298 MF_WAKE_NONE,
299 MF_WAKE_WUPA, // 52(7) + anticoll
300 MF_WAKE_REQA, // 26(7) + anticoll
301 MF_WAKE_GEN1A, // 40(7)/43
302 MF_WAKE_GEN1B, // 40(7)
303 MF_WAKE_GDM_ALT, // 20(7)/23
304 } PACKED MifareWakeupType;
305
306 typedef struct {
307 MifareWakeupType wakeup;
308 uint8_t auth_cmd;
309 uint8_t key[6];
310 uint8_t read_cmd;
311 uint8_t block_no;
312 } PACKED mf_readblock_ex_t;
313
314 typedef struct {
315 MifareWakeupType wakeup;
316 uint8_t auth_cmd;
317 uint8_t key[6];
318 uint8_t write_cmd;
319 uint8_t block_no;
320 uint8_t block_data[16];
321 } PACKED mf_writeblock_ex_t;
322
323 typedef struct {
324 uint8_t sectorcnt;
325 uint8_t keytype;
326 uint8_t key[6];
327 } PACKED mfc_eload_t;
328
329 typedef struct {
330 uint8_t status;
331 uint8_t CSN[8];
332 uint8_t CONFIG[8];
333 uint8_t CC[8];
334 uint8_t AIA[8];
335 } PACKED iclass_reader_t;
336
337 typedef struct {
338 const char *desc;
339 const char *value;
340 } PACKED ecdsa_publickey_t;
341
342
343 typedef struct {
344 uint16_t delay_us;
345 bool on;
346 bool off;
347 } PACKED tearoff_params_t;
348
349 // when writing to SPIFFS
350 typedef struct {
351 bool append : 1;
352 uint16_t bytes_in_packet : 15;
353 uint8_t fnlen;
354 uint8_t fn[32];
355 uint8_t data[];
356 } PACKED flashmem_write_t;
357
358 // when CMD_FLASHMEM_WRITE old flashmem commands
359 typedef struct {
360 uint32_t startidx;
361 uint16_t len;
362 uint8_t data[PM3_CMD_DATA_SIZE - sizeof(uint32_t) - sizeof(uint16_t)];
363 } PACKED flashmem_old_write_t;
364
365
366 //-----------------------------------------------------------------------------
367 // ISO 7618 Smart Card
368 //-----------------------------------------------------------------------------
369 typedef struct {
370 uint8_t atr_len;
371 uint8_t atr[50];
372 } PACKED smart_card_atr_t;
373
374 typedef enum SMARTCARD_COMMAND {
375 SC_CONNECT = (1 << 0),
376 SC_NO_DISCONNECT = (1 << 1),
377 SC_RAW = (1 << 2),
378 SC_SELECT = (1 << 3),
379 SC_RAW_T0 = (1 << 4),
380 SC_CLEARLOG = (1 << 5),
381 SC_LOG = (1 << 6),
382 SC_WAIT = (1 << 7),
383 } smartcard_command_t;
384
385 typedef struct {
386 uint8_t flags;
387 uint32_t wait_delay;
388 uint16_t len;
389 uint8_t data[];
390 } PACKED smart_card_raw_t;
391
392
393 // For the bootloader
394 #define CMD_DEVICE_INFO 0x0000
395 //#define CMD_SETUP_WRITE 0x0001
396 #define CMD_FINISH_WRITE 0x0003
397 #define CMD_HARDWARE_RESET 0x0004
398 #define CMD_START_FLASH 0x0005
399 #define CMD_CHIP_INFO 0x0006
400 #define CMD_BL_VERSION 0x0007
401 #define CMD_NACK 0x00fe
402 #define CMD_ACK 0x00ff
403
404 // For general mucking around
405 #define CMD_DEBUG_PRINT_STRING 0x0100
406 #define CMD_DEBUG_PRINT_INTEGERS 0x0101
407 #define CMD_DEBUG_PRINT_BYTES 0x0102
408 #define CMD_LCD_RESET 0x0103
409 #define CMD_LCD 0x0104
410 #define CMD_BUFF_CLEAR 0x0105
411 #define CMD_READ_MEM 0x0106 // legacy
412 #define CMD_READ_MEM_DOWNLOAD 0x010A
413 #define CMD_READ_MEM_DOWNLOADED 0x010B
414 #define CMD_VERSION 0x0107
415 #define CMD_STATUS 0x0108
416 #define CMD_PING 0x0109
417 #define CMD_DOWNLOAD_EML_BIGBUF 0x0110
418 #define CMD_DOWNLOADED_EML_BIGBUF 0x0111
419 #define CMD_CAPABILITIES 0x0112
420 #define CMD_QUIT_SESSION 0x0113
421 #define CMD_SET_DBGMODE 0x0114
422 #define CMD_STANDALONE 0x0115
423 #define CMD_WTX 0x0116
424 #define CMD_TIA 0x0117
425 #define CMD_BREAK_LOOP 0x0118
426 #define CMD_SET_TEAROFF 0x0119
427 #define CMD_GET_DBGMODE 0x0120
428
429 // RDV40, Flash memory operations
430 #define CMD_FLASHMEM_WRITE 0x0121
431 #define CMD_FLASHMEM_WIPE 0x0122
432 #define CMD_FLASHMEM_DOWNLOAD 0x0123
433 #define CMD_FLASHMEM_DOWNLOADED 0x0124
434 #define CMD_FLASHMEM_INFO 0x0125
435 #define CMD_FLASHMEM_SET_SPIBAUDRATE 0x0126
436
437 // RDV40, High level flashmem SPIFFS Manipulation
438 // ALL function will have a lazy or Safe version
439 // that will be handled as argument of safety level [0..2] respectiveley normal / lazy / safe
440 // However as how design is, MOUNT and UNMOUNT only need/have lazy as safest level so a safe level will still execute a lazy version
441 // see spiffs.c for more about the normal/lazy/safety information)
442 #define CMD_SPIFFS_MOUNT 0x0130
443 #define CMD_SPIFFS_UNMOUNT 0x0131
444 #define CMD_SPIFFS_WRITE 0x0132
445
446 // We take +0x1000 when having a variant of similar function (todo : make it an argument!)
447 #define CMD_SPIFFS_APPEND 0x1132
448
449 #define CMD_SPIFFS_READ 0x0133
450 //We use no open/close instruction, as they are handled internally.
451 #define CMD_SPIFFS_REMOVE 0x0134
452 #define CMD_SPIFFS_RM CMD_SPIFFS_REMOVE
453 #define CMD_SPIFFS_RENAME 0x0135
454 #define CMD_SPIFFS_MV CMD_SPIFFS_RENAME
455 #define CMD_SPIFFS_COPY 0x0136
456 #define CMD_SPIFFS_CP CMD_SPIFFS_COPY
457 #define CMD_SPIFFS_STAT 0x0137
458 #define CMD_SPIFFS_FSTAT 0x0138
459 #define CMD_SPIFFS_INFO 0x0139
460 #define CMD_SPIFFS_FORMAT CMD_FLASHMEM_WIPE
461
462 #define CMD_SPIFFS_WIPE 0x013A
463
464 #define CMD_SET_FPGAMODE 0x013F
465
466 // This take a +0x2000 as they are high level helper and special functions
467 // As the others, they may have safety level argument if it makes sense
468 #define CMD_SPIFFS_PRINT_TREE 0x2130
469 #define CMD_SPIFFS_GET_TREE 0x2131
470 #define CMD_SPIFFS_TEST 0x2132
471 #define CMD_SPIFFS_PRINT_FSINFO 0x2133
472 #define CMD_SPIFFS_DOWNLOAD 0x2134
473 #define CMD_SPIFFS_DOWNLOADED 0x2135
474 #define CMD_SPIFFS_ELOAD 0x2136
475 #define CMD_SPIFFS_CHECK 0x3000
476
477 // RDV40, Smart card operations
478 #define CMD_SMART_RAW 0x0140
479 #define CMD_SMART_UPGRADE 0x0141
480 #define CMD_SMART_UPLOAD 0x0142
481 #define CMD_SMART_ATR 0x0143
482 #define CMD_SMART_SETBAUD 0x0144
483 #define CMD_SMART_SETCLOCK 0x0145
484
485 // RDV40, FPC USART
486 #define CMD_USART_RX 0x0160
487 #define CMD_USART_TX 0x0161
488 #define CMD_USART_TXRX 0x0162
489 #define CMD_USART_CONFIG 0x0163
490
491 // For low-frequency tags
492 #define CMD_LF_TI_READ 0x0202
493 #define CMD_LF_TI_WRITE 0x0203
494 #define CMD_LF_ACQ_RAW_ADC 0x0205
495 #define CMD_LF_MOD_THEN_ACQ_RAW_ADC 0x0206
496 #define CMD_DOWNLOAD_BIGBUF 0x0207
497 #define CMD_DOWNLOADED_BIGBUF 0x0208
498 #define CMD_LF_UPLOAD_SIM_SAMPLES 0x0209
499 #define CMD_LF_SIMULATE 0x020A
500 #define CMD_LF_HID_WATCH 0x020B
501 #define CMD_LF_HID_SIMULATE 0x020C
502 #define CMD_LF_SET_DIVISOR 0x020D
503 #define CMD_LF_SIMULATE_BIDIR 0x020E
504 #define CMD_SET_ADC_MUX 0x020F
505 #define CMD_LF_HID_CLONE 0x0210
506 #define CMD_LF_EM410X_CLONE 0x0211
507 #define CMD_LF_T55XX_READBL 0x0214
508 #define CMD_LF_T55XX_WRITEBL 0x0215
509 #define CMD_LF_T55XX_RESET_READ 0x0216
510 #define CMD_LF_PCF7931_READ 0x0217
511 #define CMD_LF_PCF7931_WRITE 0x0223
512 #define CMD_LF_EM4X_LOGIN 0x0229
513 #define CMD_LF_EM4X_READWORD 0x0218
514 #define CMD_LF_EM4X_WRITEWORD 0x0219
515 #define CMD_LF_EM4X_PROTECTWORD 0x021B
516 #define CMD_LF_EM4X_BF 0x022A
517 #define CMD_LF_IO_WATCH 0x021A
518 #define CMD_LF_EM410X_WATCH 0x021C
519 #define CMD_LF_EM4X50_INFO 0x0240
520 #define CMD_LF_EM4X50_WRITE 0x0241
521 #define CMD_LF_EM4X50_WRITEPWD 0x0242
522 #define CMD_LF_EM4X50_READ 0x0243
523 #define CMD_LF_EM4X50_BRUTE 0x0245
524 #define CMD_LF_EM4X50_LOGIN 0x0246
525 #define CMD_LF_EM4X50_SIM 0x0250
526 #define CMD_LF_EM4X50_READER 0x0251
527 #define CMD_LF_EM4X50_ESET 0x0252
528 #define CMD_LF_EM4X50_CHK 0x0253
529 #define CMD_LF_EM4X70_INFO 0x0260
530 #define CMD_LF_EM4X70_WRITE 0x0261
531 #define CMD_LF_EM4X70_UNLOCK 0x0262
532 #define CMD_LF_EM4X70_AUTH 0x0263
533 #define CMD_LF_EM4X70_SETPIN 0x0264
534 #define CMD_LF_EM4X70_SETKEY 0x0265
535 #define CMD_LF_EM4X70_BRUTE 0x0266
536 // Sampling configuration for LF reader/sniffer
537 #define CMD_LF_SAMPLING_SET_CONFIG 0x021D
538 #define CMD_LF_FSK_SIMULATE 0x021E
539 #define CMD_LF_ASK_SIMULATE 0x021F
540 #define CMD_LF_PSK_SIMULATE 0x0220
541 #define CMD_LF_NRZ_SIMULATE 0x0232
542 #define CMD_LF_AWID_WATCH 0x0221
543 #define CMD_LF_VIKING_CLONE 0x0222
544 #define CMD_LF_T55XX_WAKEUP 0x0224
545 #define CMD_LF_COTAG_READ 0x0225
546 #define CMD_LF_T55XX_SET_CONFIG 0x0226
547 #define CMD_LF_SAMPLING_PRINT_CONFIG 0x0227
548 #define CMD_LF_SAMPLING_GET_CONFIG 0x0228
549
550 #define CMD_LF_T55XX_CHK_PWDS 0x0230
551 #define CMD_LF_T55XX_DANGERRAW 0x0231
552
553
554 // ZX8211
555 #define CMD_LF_ZX_READ 0x0270
556 #define CMD_LF_ZX_WRITE 0x0271
557
558 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
559
560 // For the 13.56 MHz tags
561 #define CMD_HF_ISO15693_ACQ_RAW_ADC 0x0300
562 #define CMD_HF_ACQ_RAW_ADC 0x0301
563 #define CMD_HF_SRI_READ 0x0303
564 #define CMD_HF_ISO14443B_COMMAND 0x0305
565 #define CMD_HF_ISO15693_READER 0x0310
566 #define CMD_HF_ISO15693_SIMULATE 0x0311
567 #define CMD_HF_ISO15693_SNIFF 0x0312
568 #define CMD_HF_ISO15693_COMMAND 0x0313
569 #define CMD_HF_ISO15693_FINDAFI 0x0315
570 #define CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY 0x0867
571 #define CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY 0x0317
572 #define CMD_HF_ISO15693_SLIX_DISABLE_EAS 0x0318
573 #define CMD_HF_ISO15693_SLIX_ENABLE_EAS 0x0862
574 #define CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI 0x0863
575 #define CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS 0x0864
576 #define CMD_HF_ISO15693_SLIX_WRITE_PWD 0x0865
577 #define CMD_HF_ISO15693_WRITE_AFI 0x0866
578 #define CMD_HF_TEXKOM_SIMULATE 0x0320
579 #define CMD_HF_ISO15693_EML_CLEAR 0x0330
580 #define CMD_HF_ISO15693_EML_SETMEM 0x0331
581 #define CMD_HF_ISO15693_EML_GETMEM 0x0332
582
583 #define CMD_HF_ISO15693_CSETUID 0x0316
584 #define CMD_HF_ISO15693_CSETUID_V2 0x0333
585
586 #define CMD_LF_SNIFF_RAW_ADC 0x0360
587
588 // For Hitag 2 transponders
589 #define CMD_LF_HITAG_SNIFF 0x0370
590 #define CMD_LF_HITAG_SIMULATE 0x0371
591 #define CMD_LF_HITAG_READER 0x0372
592 #define CMD_LF_HITAG2_WRITE 0x0377
593 #define CMD_LF_HITAG2_CRACK 0x0378
594 #define CMD_LF_HITAG2_CRACK_2 0x0379
595
596 // For Hitag S
597 #define CMD_LF_HITAGS_TEST_TRACES 0x0367
598 #define CMD_LF_HITAGS_SIMULATE 0x0368
599 #define CMD_LF_HITAGS_READ 0x0373
600 #define CMD_LF_HITAGS_WRITE 0x0375
601 #define CMD_LF_HITAGS_UID 0x037A
602
603 #define CMD_LF_HITAG_ELOAD 0x0376
604
605 #define CMD_HF_ISO14443A_ANTIFUZZ 0x0380
606 #define CMD_HF_ISO14443B_SIMULATE 0x0381
607 #define CMD_HF_ISO14443B_SNIFF 0x0382
608
609 #define CMD_HF_ISO14443A_SNIFF 0x0383
610 #define CMD_HF_ISO14443A_SIMULATE 0x0384
611 #define CMD_HF_ISO14443A_SIM_AID 0x1420
612
613 #define CMD_HF_ISO14443A_READER 0x0385
614
615 #define CMD_HF_LEGIC_SIMULATE 0x0387
616 #define CMD_HF_LEGIC_READER 0x0388
617 #define CMD_HF_LEGIC_WRITER 0x0389
618
619 #define CMD_HF_EPA_COLLECT_NONCE 0x038A
620 #define CMD_HF_EPA_REPLAY 0x038B
621 #define CMD_HF_EPA_PACE_SIMULATE 0x038C
622
623 #define CMD_HF_LEGIC_INFO 0x03BC
624 #define CMD_HF_LEGIC_ESET 0x03BD
625
626 // iCLASS / Picopass
627 #define CMD_HF_ICLASS_READCHECK 0x038F
628 #define CMD_HF_ICLASS_DUMP 0x0391
629 #define CMD_HF_ICLASS_SNIFF 0x0392
630 #define CMD_HF_ICLASS_SIMULATE 0x0393
631 #define CMD_HF_ICLASS_READER 0x0394
632 #define CMD_HF_ICLASS_READBL 0x0396
633 #define CMD_HF_ICLASS_WRITEBL 0x0397
634 #define CMD_HF_ICLASS_EML_MEMSET 0x0398
635 #define CMD_HF_ICLASS_CHKKEYS 0x039A
636 #define CMD_HF_ICLASS_RESTORE 0x039B
637 #define CMD_HF_ICLASS_CREDIT_EPURSE 0x039C
638 #define CMD_HF_ICLASS_RECOVER 0x039D
639
640
641 // For ISO1092 / FeliCa
642 #define CMD_HF_FELICA_SIMULATE 0x03A0
643 #define CMD_HF_FELICA_SNIFF 0x03A1
644 #define CMD_HF_FELICA_COMMAND 0x03A2
645 //temp
646 #define CMD_HF_FELICALITE_DUMP 0x03AA
647 #define CMD_HF_FELICALITE_SIMULATE 0x03AB
648
649 // For 14a config
650 #define CMD_HF_ISO14443A_PRINT_CONFIG 0x03B0
651 #define CMD_HF_ISO14443A_GET_CONFIG 0x03B1
652 #define CMD_HF_ISO14443A_SET_CONFIG 0x03B2
653
654 #define CMD_HF_ISO14443A_SET_THRESHOLDS 0x03B8
655
656 // For measurements of the antenna tuning
657 #define CMD_MEASURE_ANTENNA_TUNING 0x0400
658 #define CMD_MEASURE_ANTENNA_TUNING_HF 0x0401
659 #define CMD_MEASURE_ANTENNA_TUNING_LF 0x0402
660 #define CMD_LISTEN_READER_FIELD 0x0420
661 #define CMD_HF_DROPFIELD 0x0430
662
663 // For direct FPGA control
664 #define CMD_FPGA_MAJOR_MODE_OFF 0x0500
665
666 // For mifare commands
667 #define CMD_HF_MIFARE_EML_MEMCLR 0x0601
668 #define CMD_HF_MIFARE_EML_MEMSET 0x0602
669 #define CMD_HF_MIFARE_EML_MEMGET 0x0603
670 #define CMD_HF_MIFARE_EML_LOAD 0x0604
671
672 // magic chinese card commands
673 #define CMD_HF_MIFARE_CSETBL 0x0605
674 #define CMD_HF_MIFARE_CGETBL 0x0606
675 #define CMD_HF_MIFARE_CIDENT 0x0607
676
677 #define CMD_HF_MIFARE_SIMULATE 0x0610
678
679 #define CMD_HF_MIFARE_READER 0x0611
680 #define CMD_HF_MIFARE_NESTED 0x0612
681 #define CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES 0x0613
682 #define CMD_HF_MIFARE_ACQ_NONCES 0x0614
683 #define CMD_HF_MIFARE_STATIC_NESTED 0x0615
684 #define CMD_HF_MIFARE_STATIC_ENC 0x0616
685 #define CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES 0x0617
686
687 #define CMD_HF_MIFARE_READBL 0x0620
688 #define CMD_HF_MIFARE_READBL_EX 0x0628
689 #define CMD_HF_MIFAREU_READBL 0x0720
690 #define CMD_HF_MIFARE_READSC 0x0621
691 #define CMD_HF_MIFAREU_READCARD 0x0721
692 #define CMD_HF_MIFARE_WRITEBL 0x0622
693 #define CMD_HF_MIFARE_WRITEBL_EX 0x0629
694 #define CMD_HF_MIFARE_VALUE 0x0627
695 #define CMD_HF_MIFAREU_WRITEBL 0x0722
696 #define CMD_HF_MIFAREU_WRITEBL_COMPAT 0x0723
697
698 #define CMD_HF_MIFARE_CHKKEYS 0x0623
699 #define CMD_HF_MIFARE_SETMOD 0x0624
700 #define CMD_HF_MIFARE_CHKKEYS_FAST 0x0625
701 #define CMD_HF_MIFARE_CHKKEYS_FILE 0x0626
702
703 #define CMD_HF_MIFARE_SNIFF 0x0630
704 #define CMD_HF_MIFARE_MFKEY 0x0631
705 #define CMD_HF_MIFARE_PERSONALIZE_UID 0x0632
706
707 // ultralight-C
708 #define CMD_HF_MIFAREUC_AUTH 0x0724
709 // Ultralight AES
710 #define CMD_HF_MIFAREULAES_AUTH 0x0725
711 // 0x0726 no longer used
712 #define CMD_HF_MIFAREUC_SETPWD 0x0727
713
714 // mifare desfire
715 #define CMD_HF_DESFIRE_READBL 0x0728
716 #define CMD_HF_DESFIRE_WRITEBL 0x0729
717 #define CMD_HF_DESFIRE_AUTH1 0x072a
718 #define CMD_HF_DESFIRE_AUTH2 0x072b
719 #define CMD_HF_DESFIRE_READER 0x072c
720 #define CMD_HF_DESFIRE_INFO 0x072d
721 #define CMD_HF_DESFIRE_COMMAND 0x072e
722
723 #define CMD_HF_MIFARE_NACK_DETECT 0x0730
724 #define CMD_HF_MIFARE_STATIC_NONCE 0x0731
725 #define CMD_HF_MIFARE_STATIC_ENCRYPTED_NONCE 0x0732
726
727 // MFU OTP TearOff
728 #define CMD_HF_MFU_OTP_TEAROFF 0x0740
729 // MFU_Ev1 Counter TearOff
730 #define CMD_HF_MFU_COUNTER_TEAROFF 0x0741
731
732
733
734 #define CMD_HF_SNIFF 0x0800
735 #define CMD_HF_PLOT 0x0801
736
737 // Fpga plot download
738 #define CMD_FPGAMEM_DOWNLOAD 0x0802
739 #define CMD_FPGAMEM_DOWNLOADED 0x0803
740
741 // For ThinFilm Kovio
742 #define CMD_HF_THINFILM_READ 0x0810
743 #define CMD_HF_THINFILM_SIMULATE 0x0811
744
745 //For Atmel CryptoRF
746 #define CMD_HF_CRYPTORF_SIM 0x0820
747
748 // Gen 3 magic cards
749 #define CMD_HF_MIFARE_GEN3UID 0x0850
750 #define CMD_HF_MIFARE_GEN3BLK 0x0851
751 #define CMD_HF_MIFARE_GEN3FREEZ 0x0852
752
753 // Gen 4 GTU magic cards
754 #define CMD_HF_MIFARE_G4_RDBL 0x0860
755 #define CMD_HF_MIFARE_G4_WRBL 0x0861
756
757 // Gen 4 GDM magic cards
758 #define CMD_HF_MIFARE_G4_GDM_RDBL 0x0870
759 #define CMD_HF_MIFARE_G4_GDM_WRBL 0x0871
760
761 // HID SAM
762 #define CMD_HF_SAM_PICOPASS 0x0900
763 #define CMD_HF_SAM_SEOS 0x0901
764 #define CMD_HF_SAM_MFC 0x0902
765
766 #define CMD_UNKNOWN 0xFFFF
767
768 //Mifare simulation flags
769 // In interactive mode, we are expected to finish the operation with an ACK
770 #define FLAG_INTERACTIVE 0x0001
771 #define FLAG_ATQA_IN_DATA 0x0002
772 #define FLAG_SAK_IN_DATA 0x0004
773 #define FLAG_RATS_IN_DATA 0x0008
774
775 // internal constants, use the function macros instead
776 #define FLAG_MASK_UID 0x0030
777 #define FLAG_UID_IN_EMUL 0x0000
778 #define FLAG_4B_UID_IN_DATA 0x0010
779 #define FLAG_7B_UID_IN_DATA 0x0020
780 #define FLAG_10B_UID_IN_DATA 0x0030
781 // if there is a UID in the data-section to be used:
782 // note: if UIDLEN is wrong, we default to FLAG_UID_IN_EMUL
783 #define FLAG_SET_UID_IN_DATA(flags, len) {\
784 flags = (flags & (~FLAG_MASK_UID))|\
785 (len == 4 ? FLAG_4B_UID_IN_DATA : \
786 (len == 7 ? FLAG_7B_UID_IN_DATA : \
787 (len == 10 ? FLAG_10B_UID_IN_DATA : \
788 FLAG_UID_IN_EMUL)));\
789 }
790 // else we tell to take UID from block 0:
791 #define FLAG_SET_UID_IN_EMUL(flags) {flags = (flags & (~FLAG_MASK_UID))|FLAG_UID_IN_EMUL;}
792 #define IS_FLAG_UID_IN_DATA(flags, len) (\
793 (flags & FLAG_MASK_UID) == \
794 (len == 4 ? FLAG_4B_UID_IN_DATA : \
795 (len == 7 ? FLAG_7B_UID_IN_DATA : \
796 (len == 10 ? FLAG_10B_UID_IN_DATA : \
797 FLAG_UID_IN_EMUL)))\
798 )
799 #define IS_FLAG_UID_IN_EMUL(flags) ((flags & FLAG_MASK_UID) == FLAG_UID_IN_EMUL)
800
801 // internal constants, use the function macros instead
802 #define MIFARE_4K_MAX_BYTES 4096
803 #define MIFARE_2K_MAX_BYTES 2048
804 #define MIFARE_1K_MAX_BYTES 1024
805 #define MIFARE_MINI_MAX_BYTES 320
806 #define FLAG_MASK_MF_SIZE 0x00C0
807 #define FLAG_MF_MINI 0x0000
808 #define FLAG_MF_1K 0x0040
809 #define FLAG_MF_2K 0x0080
810 #define FLAG_MF_4K 0x00C0
811 #define FLAG_SET_MF_SIZE(flags, size) {\
812 flags = (flags & (~FLAG_MASK_MF_SIZE))|\
813 (size == MIFARE_MINI_MAX_BYTES ? FLAG_MF_MINI : \
814 (size == MIFARE_1K_MAX_BYTES ? FLAG_MF_1K : \
815 (size == MIFARE_2K_MAX_BYTES ? FLAG_MF_2K : \
816 (size == MIFARE_4K_MAX_BYTES ? FLAG_MF_4K : \
817 0))));\
818 }
819 // else we tell to take UID from block 0:
820 #define IS_FLAG_MF_SIZE(flags, size) (\
821 (flags & FLAG_MASK_MF_SIZE) == \
822 (size == MIFARE_MINI_MAX_BYTES ? FLAG_MF_MINI : \
823 (size == MIFARE_1K_MAX_BYTES ? FLAG_MF_1K : \
824 (size == MIFARE_2K_MAX_BYTES ? FLAG_MF_2K : \
825 (size == MIFARE_4K_MAX_BYTES ? FLAG_MF_4K : \
826 0))))\
827 )
828
829 #define FLAG_MF_USE_READ_KEYB 0x0100
830 #define FLAG_CVE21_0430 0x0200
831 // collect NR_AR responses for bruteforcing later
832 #define FLAG_NR_AR_ATTACK 0x0400
833 // support nested authentication attack
834 #define FLAG_NESTED_AUTH_ATTACK 0x0800
835
836
837 #define MODE_SIM_CSN 0
838 #define MODE_EXIT_AFTER_MAC 1
839 #define MODE_FULLSIM 2
840
841 // Static Nonce detection
842 #define NONCE_FAIL 0x01
843 #define NONCE_NORMAL 0x02
844 #define NONCE_STATIC 0x03
845 #define NONCE_STATIC_ENC 0x04
846
847 // Dbprintf flags
848 #define FLAG_RAWPRINT 0x00
849 #define FLAG_LOG 0x01
850 #define FLAG_NEWLINE 0x02
851 #define FLAG_INPLACE 0x04
852 #define FLAG_ANSI 0x08
853
854 // Error codes Usages:
855 // NOTE: Positive values should be reserved for commands in case they need to return multiple statuses and error codes simultaneously.
856 // Success (no error)
857 #define PM3_SUCCESS 0
858
859 // Undefined error
860 #define PM3_EUNDEF -1
861 // Invalid argument(s) client: user input parsing
862 #define PM3_EINVARG -2
863 // Operation not supported by device client/pm3: probably only on pm3 once client becomes universal
864 #define PM3_EDEVNOTSUPP -3
865 // Operation timed out client: no response in time from pm3
866 #define PM3_ETIMEOUT -4
867 // Operation aborted (by user) client/pm3: kbd/button pressed
868 #define PM3_EOPABORTED -5
869 // Not (yet) implemented client/pm3: TBD place holder
870 #define PM3_ENOTIMPL -6
871 // Error while RF transmission client/pm3: fail between pm3 & card
872 #define PM3_ERFTRANS -7
873 // Input / output error pm3: error in client frame reception
874 #define PM3_EIO -8
875 // Buffer overflow client/pm3: specified buffer too large for the operation
876 #define PM3_EOVFLOW -9
877 // Software error client/pm3: e.g. error in parsing some data
878 #define PM3_ESOFT -10
879 // Flash error client/pm3: error in RDV4 Flash operation
880 #define PM3_EFLASH -11
881 // Memory allocation error client: error in memory allocation (maybe also for pm3 BigBuff?)
882 #define PM3_EMALLOC -12
883 // File error client: error related to file access on host
884 #define PM3_EFILE -13
885 // Generic TTY error
886 #define PM3_ENOTTY -14
887 // Initialization error pm3: error related to trying to initialize the pm3 / fpga for different operations
888 #define PM3_EINIT -15
889 // Expected a different answer error client/pm3: error when expecting one answer and got another one
890 #define PM3_EWRONGANSWER -16
891 // Memory out-of-bounds error client/pm3: error when a read/write is outside the expected array
892 #define PM3_EOUTOFBOUND -17
893 // exchange with card error client/pm3: error when cant get answer from card or got an incorrect answer
894 #define PM3_ECARDEXCHANGE -18
895
896 // Failed to create APDU,
897 #define PM3_EAPDU_ENCODEFAIL -19
898 // APDU responded with a failure code
899 #define PM3_EAPDU_FAIL -20
900
901 // execute pm3 cmd failed client/pm3: when one of our pm3 cmd tries and fails. opposite from PM3_SUCCESS
902 #define PM3_EFAILED -21
903 // partial success client/pm3: when trying to dump a tag and fails on some blocks. Partial dump.
904 #define PM3_EPARTIAL -22
905 // tearoff occurred client/pm3: when a tearoff hook was called and a tearoff actually happened
906 #define PM3_ETEAROFF -23
907
908 // Got bad CRC client/pm3: error in transfer of data, crc mismatch.
909 #define PM3_ECRC -24
910
911 // STATIC Nonce detect pm3: when collecting nonces for hardnested
912 #define PM3_ESTATIC_NONCE -25
913
914 // No PACS data pm3: when using HID SAM to retried PACS data
915 #define PM3_ENOPACS -26
916
917 // Got wrong length error pm3: when received wrong length of data
918 #define PM3_ELENGTH -27
919
920 // No key available client/pm3: no cryptographic key available.
921 #define PM3_ENOKEY -28
922
923 // No data client/pm3: no data available, no host frame available (not really an error)
924 #define PM3_ENODATA -98
925 // Quit program client: reserved, order to quit the program
926 #define PM3_EFATAL -99
927 // Regular quit
928 #define PM3_SQUIT -100
929
930 // reserved for future protocol change
931 #define PM3_RESERVED -128
932
933 #define PM3_REASON_UNKNOWN -1
934
935 // LF
936 #define LF_FREQ2DIV(f) ((int)(((12000.0 + (f)/2.0)/(f))-1))
937 #define LF_DIVISOR_125 LF_FREQ2DIV(125)
938 #define LF_DIVISOR_134 LF_FREQ2DIV(134.2)
939 #define LF_DIV2FREQ(d) (12000.0/((d)+1))
940 #define LF_CMDREAD_MAX_EXTRA_SYMBOLS 4
941
942 // Receiving from USART need more than 30ms as we used on USB
943 // else we get errors about partial packet reception
944 // FTDI 9600 hw status -> we need 20ms
945 // FTDI 115200 hw status -> we need 50ms
946 // FTDI 460800 hw status -> we need 30ms
947 // BT 115200 hf mf fchk --1k -f file.dic -> we need 140ms
948 // all zero's configure: no timeout for read/write used.
949 // took settings from libnfc/buses/uart.c
950
951 // uart_win32.c & uart_posix.c
952 # define UART_FPC_CLIENT_RX_TIMEOUT_MS 200
953 # define UART_USB_CLIENT_RX_TIMEOUT_MS 20
954 # define UART_NET_CLIENT_RX_TIMEOUT_MS 500
955 # define UART_TCP_LOCAL_CLIENT_RX_TIMEOUT_MS 40
956 # define UART_UDP_LOCAL_CLIENT_RX_TIMEOUT_MS 20
957
958
959 // CMD_DEVICE_INFO response packet has flags in arg[0], flag definitions:
960 /* Whether a bootloader that understands the g_common_area is present */
961 #define DEVICE_INFO_FLAG_BOOTROM_PRESENT (1<<0)
962
963 /* Whether a osimage that understands the g_common_area is present */
964 #define DEVICE_INFO_FLAG_OSIMAGE_PRESENT (1<<1)
965
966 /* Set if the bootloader is currently executing */
967 #define DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM (1<<2)
968
969 /* Set if the OS is currently executing */
970 #define DEVICE_INFO_FLAG_CURRENT_MODE_OS (1<<3)
971
972 /* Set if this device understands the extend start flash command */
973 #define DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH (1<<4)
974
975 /* Set if this device understands the chip info command */
976 #define DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO (1<<5)
977
978 /* Set if this device understands the version command */
979 #define DEVICE_INFO_FLAG_UNDERSTANDS_VERSION (1<<6)
980
981 /* Set if this device understands the read memory command */
982 #define DEVICE_INFO_FLAG_UNDERSTANDS_READ_MEM (1<<7)
983
984 #define BL_VERSION_MAJOR(version) ((uint32_t)(version) >> 22)
985 #define BL_VERSION_MINOR(version) (((uint32_t)(version) >> 12) & 0x3ff)
986 #define BL_VERSION_PATCH(version) ((uint32_t)(version) & 0xfff)
987 #define BL_MAKE_VERSION(major, minor, patch) (((major) << 22) | ((minor) << 12) | (patch))
988 // Some boundaries to distinguish valid versions from corrupted info
989 #define BL_VERSION_FIRST_MAJOR 1
990 #define BL_VERSION_LAST_MAJOR 99
991 #define BL_VERSION_INVALID 0
992 // Different versions here. Each version should increase the numbers
993 #define BL_VERSION_1_0_0 BL_MAKE_VERSION(1, 0, 0)
994
995 /* CMD_READ_MEM_DOWNLOAD flags */
996 #define READ_MEM_DOWNLOAD_FLAG_RAW (1<<0)
997
998 /* CMD_START_FLASH may have three arguments: start of area to flash,
999 end of area to flash, optional magic.
1000 The bootrom will not allow to overwrite itself unless this magic
1001 is given as third parameter */
1002
1003 #define START_FLASH_MAGIC 0x54494f44 // 'DOIT'
1004
1005 #endif
Proxmark3 - the RFID research Swiss army knife. Iceman firmware