search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hf mf sim: remove mention of non-existing option
[RRG-proxmark3.git] / include / hitag.h
blob334ab773dea7e2e9e95f4f2357bdac985ba7b553
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // Hitag 2, Hitag S
17 //-----------------------------------------------------------------------------
18
19
20 #ifndef HITAG_H__
21 #define HITAG_H__
22
23 #include "common.h"
24
25 #define HITAG_NRAR_SIZE 8
26 #define HITAG_CRYPTOKEY_SIZE 6
27 #define HITAG_PASSWORD_SIZE 4
28 #define HITAG_UID_SIZE 4
29 #define HITAG_BLOCK_SIZE 4
30
31 #define HITAG2_MAX_BLOCKS 8
32 #define HITAG2_MAX_BYTE_SIZE (HITAG2_MAX_BLOCKS * HITAG_BLOCK_SIZE)
33
34 #define HITAGS_PAGE_SIZE HITAG_BLOCK_SIZE
35 #define HITAGS_BLOCK_PAGES 4
36 #define HITAGS_BLOCK_SIZE (HITAGS_BLOCK_PAGES * HITAGS_MAX_PAGES)
37 #define HITAGS_MAX_PAGES 64
38 #define HITAGS_MAX_BYTE_SIZE (HITAGS_MAX_PAGES * HITAGS_PAGE_SIZE)
39 #define HITAGS_UID_PADR 0
40 #define HITAGS_CONFIG_PADR 1
41
42 // need to see which limits these cards has
43 #define HITAG1_MAX_BYTE_SIZE 64
44 #define HITAGU_MAX_BYTE_SIZE 64
45 #define HITAG_MAX_BYTE_SIZE (64 * HITAG_BLOCK_SIZE)
46
47 #define HITAG2_CONFIG_BLOCK 3
48
49 typedef enum {
50 HTSF_PLAIN,
51 HTSF_82xx,
52 HTSF_CHALLENGE,
53 HTSF_KEY,
54 HTS_LAST_CMD = HTSF_KEY,
55
56 HT1F_PLAIN,
57 HT1F_AUTHENTICATE,
58 HT1_LAST_CMD = HT1F_AUTHENTICATE,
59
60 HT2F_PASSWORD,
61 HT2F_AUTHENTICATE,
62 HT2F_CRYPTO,
63 HT2F_TEST_AUTH_ATTEMPTS,
64 HT2F_UID_ONLY,
65 HT2_LAST_CMD = HT2F_UID_ONLY,
66 } PACKED hitag_function;
67
68 typedef struct {
69 hitag_function cmd;
70 uint8_t page;
71 uint8_t page_count;
72 uint8_t data[HITAGS_PAGE_SIZE];
73 uint8_t NrAr[HITAG_NRAR_SIZE];
74 // unaligned access to key as uint64_t will abort.
75 // todo: Why does the compiler without -munaligned-access generate unaligned-access code in the first place?
76 uint8_t key[HITAG_CRYPTOKEY_SIZE] __attribute__((aligned(4)));
77 uint8_t pwd[HITAG_PASSWORD_SIZE];
78
79 // Hitag 1 section.
80 // will reuse pwd or key field.
81 uint8_t key_no;
82 uint8_t logdata_0[4];
83 uint8_t logdata_1[4];
84 uint8_t nonce[4];
85 } PACKED lf_hitag_data_t;
86
87 typedef struct {
88 int status;
89 uint8_t data[256];
90 } PACKED lf_hitag_crack_response_t;
91
92 //---------------------------------------------------------
93 // Hitag S
94 //---------------------------------------------------------
95 // protocol-state
96 typedef enum PROTO_STATE {
97 HT_READY = 0,
98 HT_INIT,
99 HT_AUTHENTICATE,
100 HT_SELECTED,
101 HT_QUIET,
102 HT_TTF,
103 HT_FAIL
104 } PSTATE;
105
106 typedef enum TAG_STATE {
107 HT_NO_OP = 0,
108 HT_READING_PAGE,
109 HT_WRITING_PAGE_ACK,
110 HT_WRITING_PAGE_DATA,
111 HT_WRITING_BLOCK_DATA
112 } TSATE;
113
114 //number of start-of-frame bits
115 typedef enum SOF_TYPE {
116 HT_STANDARD = 0,
117 HT_ADVANCED,
118 HT_FAST_ADVANCED,
119 HT_ONE,
120 HT_NO_BITS
121 } stype;
122
123 typedef struct {
124 // con0
125 uint8_t MEMT : 2;
126 bool RES0 : 1; // for 82xx. Enable somekind extended TTF mode in conjunction with TTFM
127 bool RES1 : 1;
128 bool RES2 : 1;
129 bool RES3 : 1; // for 82xx. Enable TTF FSK mode 0=RF/10 1=RF/8
130 bool RES4 : 1;
131 bool RES5 : 1;
132
133 // con1
134 bool LKP : 1; // 0 = page2/3 read write 1 =page2/3 read only in Plain mode and no access in authenticate mode
135 bool LCON : 1; // 0 = con1/2 read write 1 =con1 read only and con2 OTP
136 uint8_t TTFM : 2; // the number of pages that are sent to the RWD
137 uint8_t TTFDR : 2; // data rate in TTF Mode
138 bool TTFC : 1; // Transponder Talks first coding. 0 = Manchester 1 = Biphase
139 bool auth : 1; // 0 = Plain 1 = Auth
140 // con2
141 // 0 = read write 1 = read only
142 bool LCK0 : 1; // page48-63
143 bool LCK1 : 1; // page32-47
144 bool LCK2 : 1; // page24-31
145 bool LCK3 : 1; // page16-23
146 bool LCK4 : 1; // page12-15
147 bool LCK5 : 1; // page8-11
148 bool LCK6 : 1; // page6/7
149 bool LCK7 : 1; // page4/5
150 // reserved/pwdh0
151 uint8_t pwdh0;
152 } PACKED hitags_config_t;
153
154 struct hitagS_tag {
155 PSTATE pstate; // protocol-state
156 TSATE tstate; // tag-state
157
158 int max_page;
159 stype mode;
160
161 union {
162 uint8_t pages[64][4];
163 struct {
164 // page 0
165 uint32_t uid_le;
166
167 hitags_config_t config;
168
169 // page 2
170 uint8_t pwdl0;
171 uint8_t pwdl1;
172 uint64_t key : 48; // fixme: unaligned access
173
174 // page 4
175 } s;
176 } data;
177
178 } PACKED;
179
180 typedef struct {
181 union {
182 uint8_t asBytes[HITAGS_PAGE_SIZE];
183 hitags_config_t s;
184 } config_page;
185 int8_t pages_reason[HITAGS_MAX_PAGES];
186 uint8_t pages[HITAGS_MAX_PAGES][HITAGS_PAGE_SIZE];
187 } PACKED lf_hts_read_response_t;
188 #endif
Proxmark3 - the RFID research Swiss army knife. Iceman firmware