search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #2654 from Antiklesys/master
[RRG-proxmark3.git] / client / src / cmdhftopaz.c
blobdba9d65c42ed4f7fe1b6fe38dbf2d7824ecf56ca
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // High frequency Topaz (NFC Type 1) commands
17 //-----------------------------------------------------------------------------
18 #include "cmdhftopaz.h"
19
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <ctype.h>
24 #include <inttypes.h>
25 #include "cliparser.h"
26 #include "cmdparser.h" // command_t
27 #include "comms.h"
28 #include "cmdtrace.h"
29 #include "cmdhf14a.h"
30 #include "ui.h"
31 #include "crc16.h"
32 #include "protocols.h"
33 #include "nfc/ndef.h"
34 #include "fileutils.h" // saveFile
35
36
37 #ifndef AddCrc14B
38 # define AddCrc14B(data, len) compute_crc(CRC_14443_B, (data), (len), (data)+(len), (data)+(len)+1)
39 #endif
40
41 static topaz_tag_t topaz_tag;
42
43 static void topaz_switch_on_field(void) {
44 SendCommandMIX(CMD_HF_ISO14443A_READER, ISO14A_CONNECT | ISO14A_NO_SELECT | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE | ISO14A_NO_RATS, 0, 0, NULL, 0);
45 }
46
47 static void topaz_switch_off_field(void) {
48 SetISODEPState(ISODEP_INACTIVE);
49 SendCommandMIX(CMD_HF_ISO14443A_READER, 0, 0, 0, NULL, 0);
50 }
51
52 // send a raw topaz command, returns the length of the response (0 in case of error)
53 static int topaz_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response, uint16_t *response_len, bool verbose) {
54 SendCommandMIX(CMD_HF_ISO14443A_READER, ISO14A_RAW | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE | ISO14A_NO_RATS, len, 0, cmd, len);
55 PacketResponseNG resp;
56 if (WaitForResponseTimeout(CMD_ACK, &resp, 1500) == false) {
57 if (verbose) PrintAndLogEx(WARNING, "timeout while waiting for reply.");
58 return PM3_ETIMEOUT;
59 }
60
61 if (resp.oldarg[0] == *response_len) {
62 *response_len = resp.oldarg[0];
63
64 PrintAndLogEx(DEBUG, "%s", sprint_hex(resp.data.asBytes, *response_len));
65 if (*response_len > 0) {
66 memcpy(response, resp.data.asBytes, *response_len);
67 }
68 } else {
69 if (verbose) PrintAndLogEx(WARNING, "Wrong response length (%d != %" PRIu64 ")", *response_len, resp.oldarg[0]);
70 return PM3_ESOFT;
71 }
72 return PM3_SUCCESS;
73 }
74
75 // calculate CRC bytes and send topaz command, returns the length of the response (0 in case of error)
76 static int topaz_send_cmd(uint8_t *cmd, uint8_t len, uint8_t *response, uint16_t *response_len, bool verbose) {
77 if (len > 1) {
78 AddCrc14B(cmd, len - 2);
79 }
80
81 return topaz_send_cmd_raw(cmd, len, response, response_len, verbose);
82 }
83
84 // select a topaz tag. Send WUPA and RID.
85 static int topaz_select(uint8_t *atqa, uint8_t atqa_len, uint8_t *rid_response, uint8_t rid_len, bool verbose) {
86 // ToDo: implement anticollision
87
88 uint16_t resp_len;
89 uint8_t wupa_cmd[] = {TOPAZ_WUPA};
90 uint8_t rid_cmd[] = {TOPAZ_RID, 0, 0, 0, 0, 0, 0, 0, 0};
91
92 topaz_switch_on_field();
93
94 resp_len = atqa_len;
95 int status = topaz_send_cmd(wupa_cmd, sizeof(wupa_cmd), atqa, &resp_len, verbose);
96 if (status == PM3_ETIMEOUT || status == PM3_ESOFT) {
97 topaz_switch_off_field();
98 return PM3_ESOFT; // WUPA failed
99 }
100
101 resp_len = rid_len;
102 status = topaz_send_cmd(rid_cmd, sizeof(rid_cmd), rid_response, &resp_len, verbose);
103 if (status == PM3_ETIMEOUT || status == PM3_ESOFT) {
104 topaz_switch_off_field();
105 return PM3_EWRONGANSWER; // RID failed
106 }
107
108 return PM3_SUCCESS;
109 }
110
111 // read all of the static memory of a selected Topaz tag.
112 static int topaz_rall(uint8_t *uid, uint8_t *response) {
113
114 uint16_t resp_len = 124;
115 uint8_t rall_cmd[] = {TOPAZ_RALL, 0, 0, 0, 0, 0, 0, 0, 0};
116 memcpy(&rall_cmd[3], uid, 4);
117
118 if (topaz_send_cmd(rall_cmd, sizeof(rall_cmd), response, &resp_len, true) == PM3_ETIMEOUT) {
119 topaz_switch_off_field();
120 return PM3_ESOFT; // RALL failed
121 }
122
123 return PM3_SUCCESS;
124 }
125
126 // read a block (8 Bytes) of a selected Topaz tag.
127 static int topaz_read_block(uint8_t blockno, uint8_t *block_data) {
128 uint8_t atqa[2] = {0};
129 uint8_t rid_response[8] = {0};
130 int res = topaz_select(atqa, sizeof(atqa), rid_response, sizeof(rid_response), true);
131 if (res != PM3_SUCCESS) {
132 return res;
133 }
134
135 if (atqa[1] != 0x0c && atqa[0] != 0x00) {
136 return res;
137 }
138
139 uint8_t *uid_echo = &rid_response[2];
140 uint8_t rall_response[124] = {0};
141
142 res = topaz_rall(uid_echo, rall_response);
143 if (res == PM3_ESOFT) {
144 return res;
145 }
146
147 uint8_t read8_cmd[] = {TOPAZ_READ8, blockno, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
148 memcpy(&read8_cmd[10], uid_echo, 4);
149
150 uint16_t resp_len = 11;
151 uint8_t response[11] = {0};
152
153 if (topaz_send_cmd(read8_cmd, sizeof(read8_cmd), response, &resp_len, true) == PM3_ETIMEOUT) {
154 topaz_switch_off_field();
155 return PM3_ESOFT; // READ8 failed
156 }
157 memcpy(block_data, &response[1], 8);
158 return PM3_SUCCESS;
159 }
160
161 // read a segment (16 blocks = 128 Bytes) of a selected Topaz tag. Works only for tags with dynamic memory.
162 static int topaz_read_segment(uint8_t segno, uint8_t *segment_data) {
163
164 uint8_t atqa[2] = {0};
165 uint8_t rid_response[8] = {0};
166 int res = topaz_select(atqa, sizeof(atqa), rid_response, sizeof(rid_response), true);
167 if (res != PM3_SUCCESS) {
168 return res;
169 }
170
171 if (atqa[1] != 0x0c && atqa[0] != 0x00) {
172 return res;
173 }
174
175 uint8_t *uid_echo = &rid_response[2];
176 uint8_t rall_response[124] = {0};
177
178 res = topaz_rall(uid_echo, rall_response);
179 if (res == PM3_ESOFT) {
180 return res;
181 }
182
183 uint16_t resp_len = 131;
184 uint8_t rseg_cmd[] = {TOPAZ_RSEG, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
185 uint8_t rseg_response[131];
186
187 rseg_cmd[1] = segno << 4;
188 memcpy(&rseg_cmd[10], uid_echo, 4);
189
190 if (topaz_send_cmd(rseg_cmd, sizeof(rseg_cmd), rseg_response, &resp_len, true) == PM3_ETIMEOUT) {
191 topaz_switch_off_field();
192 return PM3_ESOFT; // RSEG failed
193 }
194 memcpy(segment_data, &rseg_response[1], 128);
195 return PM3_SUCCESS;
196 }
197
198 // write a block (8 Bytes) of a selected Topaz tag.
199 static int topaz_write_erase8_block(uint8_t blockno, uint8_t *block_data) {
200
201 uint8_t atqa[2] = {0};
202 uint8_t rid_response[8] = {0};
203 int res = topaz_select(atqa, sizeof(atqa), rid_response, sizeof(rid_response), true);
204 if (res != PM3_SUCCESS) {
205 return res;
206 }
207
208 if (atqa[1] != 0x0c && atqa[0] != 0x00) {
209 return res;
210 }
211
212 uint8_t *uid_echo = &rid_response[2];
213 uint8_t rall_response[124] = {0};
214
215 res = topaz_rall(uid_echo, rall_response);
216 if (res == PM3_ESOFT) {
217 return res;
218 }
219
220 uint8_t wr8_cmd[] = {TOPAZ_WRITE_E8, blockno, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
221 memcpy(wr8_cmd + 10, uid_echo, 4);
222 memcpy(wr8_cmd + 2, block_data, 8);
223
224 uint16_t resp_len = 11;
225 uint8_t response[11] = {0};
226
227 //
228
229 if (topaz_send_cmd(wr8_cmd, sizeof(wr8_cmd), response, &resp_len, true) == PM3_ETIMEOUT) {
230 topaz_switch_off_field();
231 return PM3_ESOFT; // WriteErase 8bytes failed
232 }
233
234 if (resp_len != 11) {
235 return PM3_EFAILED;
236 }
237
238 if (blockno != response[0]) {
239 return PM3_EFAILED;
240 }
241
242 if (memcmp(block_data, response + 1, 8) == 0) {
243 return PM3_SUCCESS;
244 }
245 return PM3_ESOFT;
246 }
247
248 // write a block (8 Bytes) of a selected Topaz tag.
249 static int topaz_write_nonerase8_block(uint8_t blockno, uint8_t *block_data) {
250
251 uint8_t atqa[2] = {0};
252 uint8_t rid_response[8] = {0};
253 int res = topaz_select(atqa, sizeof(atqa), rid_response, sizeof(rid_response), true);
254 if (res != PM3_SUCCESS) {
255 return res;
256 }
257
258 if (atqa[1] != 0x0c && atqa[0] != 0x00) {
259 return res;
260 }
261
262 uint8_t *uid_echo = &rid_response[2];
263 uint8_t rall_response[124] = {0};
264
265 res = topaz_rall(uid_echo, rall_response);
266 if (res == PM3_ESOFT) {
267 return res;
268 }
269
270 // ADD
271 // 7 6 5 4 3 2 1 0
272 // b b b --- Byte 0 - 7
273 // B B B B --------- BLOCK
274 // r ----------------- 0
275 //
276
277 uint8_t wr8_cmd[] = {TOPAZ_WRITE_NE8, blockno, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
278 memcpy(wr8_cmd + 10, uid_echo, 4);
279 memcpy(wr8_cmd + 2, block_data, 8);
280
281 uint16_t resp_len = 11;
282 uint8_t response[11] = {0};
283
284 //
285 if (topaz_send_cmd(wr8_cmd, sizeof(wr8_cmd), response, &resp_len, true) == PM3_ETIMEOUT) {
286 topaz_switch_off_field();
287 return PM3_ESOFT;
288 }
289
290 if (resp_len != 11) {
291 return PM3_EFAILED;
292 }
293
294 if (blockno != response[0]) {
295 return PM3_EFAILED;
296 }
297
298 if (memcmp(block_data, response + 1, 8) == 0) {
299 return PM3_SUCCESS;
300 }
301 return PM3_ESOFT;
302 }
303
304 // search for the lock area descriptor for the lockable area including byteno
305 static dynamic_lock_area_t *get_dynamic_lock_area(uint16_t byteno) {
306 dynamic_lock_area_t *lock_area;
307 lock_area = topaz_tag.dynamic_lock_areas;
308
309 while (lock_area != NULL) {
310 if (byteno < lock_area->first_locked_byte) {
311 lock_area = lock_area->next;
312 } else {
313 return lock_area;
314 }
315 }
316 return NULL;
317 }
318
319 // check if a memory byte is locked.
320 static bool topaz_byte_is_locked(uint16_t byteno) {
321 uint8_t *lockbits;
322 uint16_t locked_bytes_per_bit;
323 dynamic_lock_area_t *lock_area;
324
325 if (byteno < TOPAZ_STATIC_MEMORY) {
326 lockbits = &topaz_tag.data_blocks[0x0e][0];
327 locked_bytes_per_bit = 8;
328 } else {
329 lock_area = get_dynamic_lock_area(byteno);
330 if (lock_area == NULL) {
331 return false;
332 } else {
333
334 if ((lock_area->byte_offset - TOPAZ_STATIC_MEMORY) < 0) {
335 return false;
336 }
337
338 lockbits = &topaz_tag.dynamic_memory[lock_area->byte_offset - TOPAZ_STATIC_MEMORY];
339 locked_bytes_per_bit = lock_area->bytes_locked_per_bit;
340 byteno = byteno - lock_area->first_locked_byte;
341 }
342 }
343
344 uint16_t blockno = byteno / locked_bytes_per_bit;
345 if (lockbits[blockno / 8] & (0x01 << (blockno % 8))) {
346 return true;
347 } else {
348 return false;
349 }
350 }
351
352 static int topaz_set_cc_dynamic(const uint8_t *data) {
353
354 if (data[0] != 0xE1) {
355 topaz_tag.size = TOPAZ_STATIC_MEMORY;
356 PrintAndLogEx(WARNING, "No Type 1 NDEF capability container found");
357 return PM3_ESOFT; // no NDEF message
358 }
359
360 // setting of dynamic memory and allocation of such memory.
361 uint16_t memsize = (data[2] + 1) * 8;
362 topaz_tag.size = memsize;
363 topaz_tag.dynamic_memory = calloc(memsize - TOPAZ_STATIC_MEMORY, sizeof(uint8_t));
364 if (topaz_tag.dynamic_memory == NULL) {
365 return PM3_EMALLOC;
366 }
367 return PM3_SUCCESS;
368 }
369
370 // read and print the Capability Container
371 static int topaz_print_CC(uint8_t *data) {
372
373 if (data[0] != 0xE1) {
374 topaz_tag.size = TOPAZ_STATIC_MEMORY;
375 PrintAndLogEx(WARNING, "No Type 1 NDEF capability container found");
376 return PM3_ESOFT; // no NDEF message
377 }
378
379
380 //NFC Forum Type 1,2,3,4
381 //
382 // 4 has 1.1 (11)
383
384 // b7, b6 major version
385 // b5, b4 minor version
386 // b3, b2 read
387 // 00 always, 01 rfu, 10 proprietary, 11 rfu
388 // b1, b0 write
389 // 00 always, 01 rfo, 10 proprietary, 11 never
390
391 // vs
392
393 // NFC Forum Type 2 docs, where
394 // b7654 = major version
395 // b3219 = minor version
396
397 // CC write / read access
398 // (data[3] & 0xF0) ? "(RFU)" : "Read access granted without any security",
399 // (data[3] & 0x0F) == 0 ? "Write access granted without any security" : (data[3] & 0x0F) == 0x0F ? "No write access granted at all" : "(RFU)");
400 uint8_t cc_major = (data[1] & 0xF0) >> 4;
401 uint8_t cc_minor = (data[1] & 0x00);
402
403 uint8_t cc_write = data[3] & 0x0F;
404 uint8_t cc_read = (data[3] & 0xF0) >> 4;
405
406 const char *wStr;
407 switch (cc_write) {
408 case 0:
409 wStr = "Write access granted without any security";
410 break;
411 case 0xF:
412 wStr = "No write access";
413 break;
414 default:
415 wStr = "RFU";
416 break;
417 }
418 const char *rStr;
419 switch (cc_read) {
420 case 0:
421 rStr = "Read access granted without any security";
422 break;
423 default:
424 rStr = "RFU";
425 break;
426 }
427
428 PrintAndLogEx(SUCCESS, "Capability Container: %s", sprint_hex(data, 4));
429 PrintAndLogEx(SUCCESS, " %02X: NDEF Magic Number", data[0]);
430
431 // PrintAndLogEx(SUCCESS, " %02X : version %d.%d supported by tag", data[1], (data[1] & 0xF0) >> 4, data[1] & 0x0F);
432 PrintAndLogEx(SUCCESS, " %02X: version %d.%d supported by tag", data[1], cc_major, cc_minor);
433 PrintAndLogEx(SUCCESS, " : %s / %s", rStr, wStr);
434
435 PrintAndLogEx(SUCCESS, " %02X: Physical Memory Size: %d bytes", data[2], (data[2] + 1) * 8);
436 if (data[2] == 0x0E)
437 PrintAndLogEx(SUCCESS, " %02X: NDEF Memory Size: %d bytes", data[2], 120);
438 else if (data[2] == 0x1F)
439 PrintAndLogEx(SUCCESS, " %02X: NDEF Memory Size: %d bytes", data[2], 256);
440 else if (data[2] == 0xFF)
441 PrintAndLogEx(SUCCESS, " %02X: NDEF Memory Size: %d bytes", data[2], 2048);
442
443 uint8_t msb3 = (data[3] & 0xE0) >> 5;
444 uint8_t sf = (data[3] & 0x10) >> 4;
445 uint8_t lb = (data[3] & 0x08) >> 3;
446 uint8_t mlrule = (data[3] & 0x06) >> 1;
447 uint8_t mbread = (data[3] & 0x01);
448
449 PrintAndLogEx(SUCCESS, " %02X: Additional feature information", data[3]);
450 PrintAndLogEx(SUCCESS, " ^^");
451 PrintAndLogEx(SUCCESS, " %s", sprint_bin(&data[3], 1));
452 PrintAndLogEx(SUCCESS, " xxx..... - %02X: RFU ( %s )", msb3, (msb3 == 0) ? _GREEN_("ok") : _RED_("fail"));
453 PrintAndLogEx(SUCCESS, " ...x.... - %02X: %s special frame", sf, (sf) ? "support" : "don\'t support");
454 PrintAndLogEx(SUCCESS, " ....x... - %02X: %s lock block", lb, (lb) ? "support" : "don\'t support");
455 PrintAndLogEx(SUCCESS, " .....xx. - %02X: RFU ( %s )", mlrule, (mlrule == 0) ? _GREEN_("ok") : _RED_("fail"));
456 PrintAndLogEx(SUCCESS, " .......x - %02X: IC %s multiple block reads", mbread, (mbread) ? "support" : "don\'t support");
457 PrintAndLogEx(SUCCESS, "");
458
459 return PM3_SUCCESS;
460 }
461
462 static void topaz_print_hdr(uint8_t blockno) {
463 PrintAndLogEx(NORMAL, "");
464 PrintAndLogEx(INFO, " # | block " _GREEN_("0x%02X") " | ascii", blockno);
465 PrintAndLogEx(INFO, "----+-------------------------+---------");
466 }
467
468 // return type, length and value of a TLV, starting at memory position *TLV_ptr
469 static void get_TLV(uint8_t **TLV_ptr, uint8_t *TLV_type, uint16_t *TLV_length, uint8_t **TLV_value) {
470 *TLV_length = 0;
471 *TLV_value = NULL;
472
473 *TLV_type = **TLV_ptr;
474 *TLV_ptr += 1;
475 switch (*TLV_type) {
476 case 0x00: // NULL TLV.
477 case 0xFE: // Terminator TLV.
478 break;
479 case 0x01: // Lock Control TLV
480 case 0x02: // Reserved Memory TLV
481 case 0x03: // NDEF message TLV
482 case 0xFD: // proprietary TLV
483 *TLV_length = **TLV_ptr;
484 *TLV_ptr += 1;
485 if (*TLV_length == 0xff) {
486 *TLV_length = **TLV_ptr << 8;
487 *TLV_ptr += 1;
488 *TLV_length |= **TLV_ptr;
489 *TLV_ptr += 1;
490 }
491 *TLV_value = *TLV_ptr;
492 *TLV_ptr += *TLV_length;
493 break;
494 default: // RFU
495 break;
496 }
497 }
498
499 // lock area TLVs contain no information on the start of the respective lockable area. Lockable areas
500 // do not include the lock bits and reserved memory. We therefore need to adjust the start of the
501 // respective lockable areas accordingly
502 static void adjust_lock_areas(uint16_t block_start, uint16_t block_size) {
503 dynamic_lock_area_t *lock_area = topaz_tag.dynamic_lock_areas;
504 while (lock_area != NULL) {
505 if (lock_area->first_locked_byte <= block_start) {
506 lock_area->first_locked_byte += block_size;
507 }
508 lock_area = lock_area->next;
509 }
510 }
511
512 // read and print the lock area and reserved memory TLVs
513 static void topaz_print_control_TLVs(uint8_t *memory) {
514 uint8_t *TLV_ptr = memory;
515 uint8_t TLV_type = 0;
516 uint16_t TLV_length;
517 uint8_t *TLV_value;
518 bool lock_TLV_present = false;
519 bool reserved_memory_control_TLV_present = false;
520 uint16_t next_lockable_byte = 0x0f * 8; // first byte after static memory area
521
522 while (*TLV_ptr != 0x03 && *TLV_ptr != 0xFD && *TLV_ptr != 0xFE) {
523
524 // all Lock Control TLVs shall be present before the NDEF message TLV, the proprietary TLV (and the Terminator TLV)
525 get_TLV(&TLV_ptr, &TLV_type, &TLV_length, &TLV_value);
526
527 if (TLV_type == 0x01) { // a Lock Control TLV
528 uint8_t pages_addr = TLV_value[0] >> 4;
529 uint8_t byte_offset = TLV_value[0] & 0x0f;
530 uint16_t size_in_bits = TLV_value[1] ? TLV_value[1] : 256;
531 uint16_t size_in_bytes = (size_in_bits + 7) / 8;
532 uint16_t bytes_per_page = 1 << (TLV_value[2] & 0x0f);
533 uint16_t bytes_locked_per_bit = 1 << (TLV_value[2] >> 4);
534 uint16_t area_start = pages_addr * bytes_per_page + byte_offset;
535
536 PrintAndLogEx(SUCCESS, "Lock Area of " _YELLOW_("%d") " bits at byte offset " _YELLOW_("0x%04x"), size_in_bits, area_start);
537 PrintAndLogEx(SUCCESS, "Each lock bit locks " _YELLOW_("%d") " bytes", bytes_locked_per_bit);
538
539 lock_TLV_present = true;
540 dynamic_lock_area_t *old = topaz_tag.dynamic_lock_areas;
541 dynamic_lock_area_t *new;
542
543 if (old == NULL) {
544 new = topaz_tag.dynamic_lock_areas = (dynamic_lock_area_t *) calloc(sizeof(dynamic_lock_area_t), sizeof(uint8_t));
545 } else {
546 while (old->next != NULL) {
547 old = old->next;
548 }
549 new = old->next = (dynamic_lock_area_t *) calloc(sizeof(dynamic_lock_area_t), sizeof(uint8_t));
550 }
551 new->next = NULL;
552
553 if (area_start <= next_lockable_byte) {
554 // lock areas are not lockable
555 next_lockable_byte += size_in_bytes;
556 }
557
558 new->first_locked_byte = next_lockable_byte;
559 new->byte_offset = area_start;
560 new->size_in_bits = size_in_bits;
561 new->bytes_locked_per_bit = bytes_locked_per_bit;
562 next_lockable_byte += size_in_bits * bytes_locked_per_bit;
563 }
564
565 if (TLV_type == 0x02) { // a Reserved Memory Control TLV
566 uint8_t pages_addr = TLV_value[0] >> 4;
567 uint8_t byte_offset = TLV_value[0] & 0x0f;
568 uint16_t size_in_bytes = TLV_value[1] ? TLV_value[1] : 256;
569 uint8_t bytes_per_page = 1 << (TLV_value[2] & 0x0f);
570 uint16_t area_start = pages_addr * bytes_per_page + byte_offset;
571
572 PrintAndLogEx(SUCCESS, "Reserved Memory... " _GREEN_("%d") " bytes at byte offset " _YELLOW_("0x%02x"),
573 size_in_bytes,
574 area_start);
575
576 reserved_memory_control_TLV_present = true;
577
578 // reserved memory areas are not lockable
579 adjust_lock_areas(area_start, size_in_bytes);
580 if (area_start <= next_lockable_byte) {
581 next_lockable_byte += size_in_bytes;
582 }
583 }
584 }
585
586 if (lock_TLV_present == false) {
587 PrintAndLogEx(SUCCESS, "(No Lock Control TLV present)");
588 }
589
590 if (reserved_memory_control_TLV_present == false) {
591 PrintAndLogEx(SUCCESS, "(No Reserved Memory Control TLV present)");
592 }
593 }
594
595 // read all of the dynamic memory
596 static int topaz_read_dynamic_data(void) {
597 // first read the remaining block of segment 0
598 if (topaz_read_block(0x0F, &topaz_tag.dynamic_memory[0]) == PM3_ESOFT) {
599 PrintAndLogEx(ERR, "Error while reading dynamic memory block " _YELLOW_("%02x") ". Aborting...", 0x0F);
600 return PM3_ESOFT;
601 }
602
603 // read the remaining segments
604 uint8_t max = topaz_tag.size / 128 - 1;
605 for (uint8_t segment = 1; segment <= max; segment++) {
606 if (topaz_read_segment(segment, &topaz_tag.dynamic_memory[(segment - 1) * 128 + 8]) == PM3_ESOFT) {
607 PrintAndLogEx(ERR, "Error while reading dynamic memory block " _YELLOW_("%02x") ". Aborting...", segment);
608 return PM3_ESOFT;
609 }
610 }
611 return PM3_SUCCESS;
612 }
613
614 // read and print the dynamic memory
615 static void topaz_print_dynamic_data(void) {
616
617 if (topaz_tag.size <= TOPAZ_STATIC_MEMORY) {
618 return;
619 }
620
621 PrintAndLogEx(SUCCESS, "Dynamic Data blocks:");
622
623 if (topaz_read_dynamic_data() == PM3_SUCCESS) {
624
625 PrintAndLogEx(SUCCESS, "block# | Data |lck");
626 PrintAndLogEx(SUCCESS, "-------+-------------------------+-------------");
627
628 char line[80];
629 for (uint16_t blockno = 0x0F; blockno < topaz_tag.size / 8; blockno++) {
630
631 uint8_t *block_data = &topaz_tag.dynamic_memory[(blockno - 0x0F) * 8];
632 char lockbits[9];
633 for (uint16_t j = 0; j < 8; j++) {
634 int offset = 3 * j;
635 snprintf(line + offset, sizeof(line) - offset, "%02x ", block_data[j]);
636 lockbits[j] = topaz_byte_is_locked(blockno * 8 + j) ? 'y' : 'n';
637 }
638 lockbits[8] = '\0';
639
640 PrintAndLogEx(SUCCESS, " 0x%02x | %s| %-3s", blockno, line, lockbits);
641 }
642 }
643 }
644
645 static void topaz_print_lifecycle_state(uint8_t *data) {
646 // to be done
647 }
648
649 static void printTopazDumpContents(topaz_tag_t *dump) {
650
651 // uses a global var for all
652 PrintAndLogEx(NORMAL, "");
653 PrintAndLogEx(SUCCESS, "Static data blocks :");
654 PrintAndLogEx(SUCCESS, "block# | data |lck| info");
655 PrintAndLogEx(SUCCESS, "------------+-------------------------+---+------------");
656
657 const char *block_info;
658 const char *topaz_ks[] = { "uid", "user", "rfu", "lock / otp" };
659
660 for (uint8_t i = 0; i <= 0x0C; i++) {
661
662 if (i == 0)
663 block_info = topaz_ks[i];
664 else
665 block_info = topaz_ks[1];
666
667 const char *lockstr = (topaz_byte_is_locked(i * 8)) ? _RED_("x") : " ";
668
669 PrintAndLogEx(SUCCESS, " %3u / 0x%02x | %s| %s | %s",
670 i,
671 i,
672 sprint_hex(&dump->data_blocks[i][0], 8),
673 lockstr,
674 block_info
675 );
676 }
677
678 PrintAndLogEx(SUCCESS, " %3u / 0x%02x | %s| | %s", 0x0D, 0x0D, sprint_hex(&dump->data_blocks[0x0D][0], 8), topaz_ks[2]);
679 PrintAndLogEx(SUCCESS, " %3u / 0x%02x | %s| | %s", 0x0E, 0x0E, sprint_hex(&dump->data_blocks[0x0E][0], 8), topaz_ks[3]);
680 PrintAndLogEx(SUCCESS, "------------+-------------------------+---+------------");
681 PrintAndLogEx(NORMAL, "");
682 }
683
684 static int CmdHFTopazReader(const char *Cmd) {
685 CLIParserContext *ctx;
686 CLIParserInit(&ctx, "hf topaz reader",
687 "Read UID from Topaz tags",
688 "hf topaz reader\n"
689 "hf topaz reader -@ -> Continuous mode\n"
690 );
691
692 void *argtable[] = {
693 arg_param_begin,
694 arg_lit0("v", "verbose", "verbose output"),
695 arg_lit0("@", NULL, "optional - continuous reader mode"),
696 arg_param_end
697 };
698 CLIExecWithReturn(ctx, Cmd, argtable, true);
699
700 bool verbose = arg_get_lit(ctx, 1);
701 bool cm = arg_get_lit(ctx, 2);
702 CLIParserFree(ctx);
703
704 if (cm) {
705 PrintAndLogEx(INFO, "Press " _GREEN_("<Enter>") " to exit");
706 }
707
708 int res = readTopazUid(cm, verbose);
709
710 topaz_switch_off_field();
711 return res;
712 }
713
714 // read a Topaz tag and print some useful information
715 int CmdHFTopazInfo(const char *Cmd) {
716 CLIParserContext *ctx;
717 CLIParserInit(&ctx, "hf topaz info",
718 "Get info from Topaz tags",
719 "hf topaz info\n"
720 "hf topaz info -f myfilename -> save raw NDEF to file\n"
721 );
722
723 void *argtable[] = {
724 arg_param_begin,
725 arg_str0("f", "file", "<fn>", "save raw NDEF to file"),
726 arg_lit0("v", "verbose", "verbose output"),
727 arg_param_end
728 };
729 CLIExecWithReturn(ctx, Cmd, argtable, true);
730
731 int fnlen = 0;
732 char filename[FILE_PATH_SIZE] = {0};
733 CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
734 bool verbose = arg_get_lit(ctx, 2);
735
736 CLIParserFree(ctx);
737
738 PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
739
740 int status = readTopazUid(false, verbose);
741 if (status != PM3_SUCCESS) {
742 return status;
743 }
744
745 PrintAndLogEx(SUCCESS, "MANUFACTURER: " _YELLOW_("%s"), getTagInfo(topaz_tag.uid[6]));
746
747 // ToDo: CRC check
748 PrintAndLogEx(SUCCESS, " HR: " _GREEN_("%02X %02X"), topaz_tag.HR01[0], topaz_tag.HR01[1]);
749 PrintAndLogEx(SUCCESS, " ^^");
750
751 PrintAndLogEx(SUCCESS, " %s", sprint_bin(topaz_tag.HR01, 1));
752 PrintAndLogEx(SUCCESS, " ...x.... - %s / %s",
753 (topaz_tag.HR01[0] & 0xF0) == 0x10 ? _GREEN_("TOPAZ tag") : "",
754 (topaz_tag.HR01[0] & 0xF0) == 0x10 ? _GREEN_("Type 1 NDEF") : ""
755 );
756 PrintAndLogEx(SUCCESS, " .......x - %s memory map", ((topaz_tag.HR01[0] & 0x0F) == 0x01) ? "Static" : "Dynamic");
757 PrintAndLogEx(SUCCESS, "");
758 PrintAndLogEx(SUCCESS, " Lock bytes... %02X%02X",
759 topaz_tag.data_blocks[0x0e][0],
760 topaz_tag.data_blocks[0x0e][1]
761 );
762
763 PrintAndLogEx(SUCCESS, " OTP.......... %s", sprint_hex(&topaz_tag.data_blocks[0x0e][2], 6));
764 PrintAndLogEx(NORMAL, "");
765
766 PrintAndLogEx(INFO, "--- " _CYAN_("NDEF configuration") " ---------------------------");
767 status = topaz_print_CC(&topaz_tag.data_blocks[1][0]);
768 if (status == PM3_ESOFT) {
769 PrintAndLogEx(SUCCESS, "No NDEF message data present");
770 topaz_switch_off_field();
771 return PM3_SUCCESS;
772 }
773
774 PrintAndLogEx(NORMAL, "");
775 topaz_print_control_TLVs(&topaz_tag.data_blocks[1][4]);
776
777 PrintAndLogEx(NORMAL, "");
778 topaz_switch_off_field();
779 return PM3_SUCCESS;
780 }
781
782 static int CmdHFTopazSim(const char *Cmd) {
783 CLIParserContext *ctx;
784 CLIParserInit(&ctx, "hf topaz sim",
785 "Simulate a Topaz tag",
786 "hf topaz sim -> Not yet implemented");
787
788 void *argtable[] = {
789 arg_param_begin,
790 arg_param_end
791 };
792 CLIExecWithReturn(ctx, Cmd, argtable, true);
793 CLIParserFree(ctx);
794 PrintAndLogEx(INFO, "not yet implemented");
795 return PM3_SUCCESS;
796 }
797
798 static int CmdHFTopazRaw(const char *Cmd) {
799 CLIParserContext *ctx;
800 CLIParserInit(&ctx, "hf topaz raw",
801 "Send raw hex data to Topaz tags",
802 "hf topaz raw");
803
804 void *argtable[] = {
805 arg_param_begin,
806 arg_param_end
807 };
808 CLIExecWithReturn(ctx, Cmd, argtable, true);
809 CLIParserFree(ctx);
810 PrintAndLogEx(INFO, "not yet implemented. Use `hf 14 raw --topaz` meanwhile");
811 return PM3_SUCCESS;
812 }
813
814 static int CmdHFTopazList(const char *Cmd) {
815 return CmdTraceListAlias(Cmd, "hf topaz", "topaz -c");
816 }
817
818 static int CmdHFTopazSniff(const char *Cmd) {
819 CLIParserContext *ctx;
820 CLIParserInit(&ctx, "hf topaz sniff",
821 "Sniff Topaz reader-tag communication",
822 "hf topaz sniff");
823
824 void *argtable[] = {
825 arg_param_begin,
826 arg_param_end
827 };
828 CLIExecWithReturn(ctx, Cmd, argtable, true);
829 CLIParserFree(ctx);
830
831 uint8_t param = 0;
832
833 PrintAndLogEx(INFO, "Press " _GREEN_("pm3 button") " to abort sniffing");
834
835 SendCommandNG(CMD_HF_ISO14443A_SNIFF, (uint8_t *)&param, sizeof(uint8_t));
836
837 PacketResponseNG resp;
838 WaitForResponse(CMD_HF_ISO14443A_SNIFF, &resp);
839 PrintAndLogEx(INFO, "Done!");
840 PrintAndLogEx(HINT, "Try `" _YELLOW_("hf topaz list")"` to view captured tracelog");
841 PrintAndLogEx(HINT, "Try `" _YELLOW_("trace save -h") "` to save tracelog for later analysing");
842 return PM3_SUCCESS;
843 }
844
845 static int CmdHFTopazDump(const char *Cmd) {
846
847 CLIParserContext *ctx;
848 CLIParserInit(&ctx, "hf topaz dump",
849 "Dump TOPAZ tag to file (bin/json)\n"
850 "If no <name> given, UID will be used as filename",
851 "hf topaz dump\n");
852
853 void *argtable[] = {
854 arg_param_begin,
855 arg_str0("f", "file", "<fn>", "Specify a filename for dump file"),
856 arg_lit0(NULL, "ns", "no save to file"),
857 arg_param_end
858 };
859 CLIExecWithReturn(ctx, Cmd, argtable, true);
860
861 int fnlen = 0;
862 char filename[FILE_PATH_SIZE] = {0};
863 CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
864 bool nosave = arg_get_lit(ctx, 2);
865
866 CLIParserFree(ctx);
867
868 int status = readTopazUid(false, false);
869 if (status != PM3_SUCCESS) {
870 return status;
871 }
872 printTopazDumpContents(&topaz_tag);
873
874 bool set_dynamic = false;
875 if (topaz_set_cc_dynamic(&topaz_tag.data_blocks[1][0]) == PM3_SUCCESS) {
876 set_dynamic = true;
877
878 topaz_print_dynamic_data();
879
880 topaz_print_lifecycle_state(&topaz_tag.data_blocks[1][0]);
881
882 NDEFDecodeAndPrint(&topaz_tag.data_blocks[1][4],
883 (topaz_tag.HR01[0] == 1) ? (12 * 8) : 476
884 , true
885 );
886 }
887
888 topaz_switch_off_field();
889
890 // Skip saving card data to file
891 if (nosave) {
892 PrintAndLogEx(INFO, "Called with no save option");
893 if (set_dynamic) {
894 free(topaz_tag.dynamic_memory);
895 }
896 return PM3_SUCCESS;
897 }
898
899
900 // user supplied filename?
901 if (fnlen < 1) {
902 PrintAndLogEx(INFO, "Using UID as filename");
903 strcat(filename, "hf-topaz-");
904 FillFileNameByUID(filename, topaz_tag.uid, "-dump", sizeof(topaz_tag.uid));
905 }
906
907 if (topaz_tag.size)
908 pm3_save_dump(filename, (uint8_t *)&topaz_tag, sizeof(topaz_tag_t) + topaz_tag.size, jsfTopaz);
909 else
910 pm3_save_dump(filename, (uint8_t *)&topaz_tag, sizeof(topaz_tag_t), jsfTopaz);
911
912 if (set_dynamic) {
913 free(topaz_tag.dynamic_memory);
914 }
915
916 return PM3_SUCCESS;
917 }
918
919 static int CmdHFTopazView(const char *Cmd) {
920 CLIParserContext *ctx;
921 CLIParserInit(&ctx, "hf topaz view",
922 "Print a Topaz tag dump file (bin/eml/json)",
923 "hf topaz view -f hf-topaz-04010203-dump.bin");
924
925 void *argtable[] = {
926 arg_param_begin,
927 arg_str1("f", "file", "<fn>", "Specify a filename for dump file"),
928 arg_param_end
929 };
930 CLIExecWithReturn(ctx, Cmd, argtable, false);
931 int fnlen = 0;
932 char filename[FILE_PATH_SIZE];
933 CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
934 CLIParserFree(ctx);
935
936 // read dump file
937 topaz_tag_t *dump = NULL;
938 size_t bytes_read = TOPAZ_MAX_SIZE;
939 int res = pm3_load_dump(filename, (void **)&dump, &bytes_read, sizeof(topaz_tag_t) + TOPAZ_MAX_SIZE);
940 if (res != PM3_SUCCESS) {
941 return res;
942 }
943 if (bytes_read < sizeof(topaz_tag_t)) {
944 free(dump);
945 return PM3_EFAILED;
946 }
947 printTopazDumpContents(dump);
948
949 if (topaz_set_cc_dynamic(&topaz_tag.data_blocks[1][0]) == PM3_SUCCESS) {
950
951 topaz_print_dynamic_data();
952
953 topaz_print_lifecycle_state(&topaz_tag.data_blocks[1][0]);
954
955 NDEFDecodeAndPrint(&topaz_tag.data_blocks[1][4],
956 (topaz_tag.HR01[0] == 1) ? (12 * 8) : 476
957 , true
958 );
959
960 PrintAndLogEx(INFO, "%s", sprint_hex(&topaz_tag.data_blocks[1][4], (12 * 8)));
961
962 free(topaz_tag.dynamic_memory);
963 }
964
965 free(dump);
966 return PM3_SUCCESS;
967 }
968
969 // Read single block
970 static int CmdHFTopazRdBl(const char *Cmd) {
971
972 CLIParserContext *ctx;
973 CLIParserInit(&ctx, "hf topaz rdbl",
974 "Read Topaz block",
975 "hf topaz rdbl --blk 7\n"
976 );
977
978 void *argtable[] = {
979 arg_param_begin,
980 arg_int1(NULL, "blk", "<dec>", "Block number"),
981 arg_param_end
982 };
983 CLIExecWithReturn(ctx, Cmd, argtable, false);
984 int blockno = arg_get_int_def(ctx, 1, -1);
985 CLIParserFree(ctx);
986
987 if (blockno < 0) {
988 PrintAndLogEx(WARNING, "Wrong block number");
989 return PM3_EINVARG;
990 }
991
992 // send read block
993 uint8_t data[8] = {0};
994 int res = topaz_read_block(blockno, data);
995 if (res == PM3_SUCCESS) {
996
997 topaz_print_hdr(blockno);
998
999 PrintAndLogEx(INFO, " %2d | %s", blockno, sprint_hex_ascii(data, sizeof(data)));
1000 PrintAndLogEx(NORMAL, "");
1001 }
1002
1003 topaz_switch_off_field();
1004 return res;
1005 }
1006
1007 // Write single block
1008 static int CmdHFTopazWrBl(const char *Cmd) {
1009
1010 CLIParserContext *ctx;
1011 CLIParserInit(&ctx, "hf topaz wrbl",
1012 "Write Topaz block with 8 hex bytes of data",
1013 "hf topaz wrbl --blk 7 -d 1122334455667788\n"
1014 );
1015
1016 void *argtable[] = {
1017 arg_param_begin,
1018 arg_int1(NULL, "blk", "<dec>", "Block number"),
1019 arg_str1("d", "data", "<hex>", "Block data (8 hex bytes)"),
1020 arg_param_end
1021 };
1022 CLIExecWithReturn(ctx, Cmd, argtable, false);
1023
1024 int blockno = arg_get_int_def(ctx, 1, -1);
1025
1026 int dlen = 0;
1027 uint8_t data[8] = {0x00};
1028 CLIGetHexWithReturn(ctx, 2, data, &dlen);
1029
1030 CLIParserFree(ctx);
1031
1032 if (blockno < 0) {
1033 PrintAndLogEx(WARNING, "Wrong block number");
1034 return PM3_EINVARG;
1035 }
1036
1037 if (dlen != 8) {
1038 PrintAndLogEx(WARNING, "Wrong data length. Expect 8, got %d", dlen);
1039 return PM3_EINVARG;
1040 }
1041
1042 PrintAndLogEx(INFO, "Block: %0d (0x%02X) [ %s]", blockno, blockno, sprint_hex(data, dlen));
1043
1044 int res;
1045 if (blockno != 13 && blockno != 14) {
1046 // send write/erase block
1047 res = topaz_write_erase8_block(blockno, data);
1048 } else {
1049 // send write/non erase block
1050 res = topaz_write_nonerase8_block(blockno, data);
1051 }
1052
1053 if (res == PM3_SUCCESS) {
1054 PrintAndLogEx(SUCCESS, "Write ( " _GREEN_("ok") " )");
1055 PrintAndLogEx(HINT, "try `" _YELLOW_("hf topaz rdbl --blk %u") "` to verify", blockno);
1056
1057 } else {
1058 PrintAndLogEx(WARNING, "Write ( " _RED_("fail") " )");
1059 }
1060 PrintAndLogEx(NORMAL, "");
1061
1062 topaz_switch_off_field();
1063 return res;
1064 }
1065
1066 static int CmdHelp(const char *Cmd);
1067
1068 static command_t CommandTable[] = {
1069 {"help", CmdHelp, AlwaysAvailable, "This help"},
1070 {"list", CmdHFTopazList, AlwaysAvailable, "List Topaz history"},
1071 {"-----------", CmdHelp, IfPm3Iso14443a, "------------------- " _CYAN_("operations") " ---------------------"},
1072 {"dump", CmdHFTopazDump, IfPm3Iso14443a, "Dump TOPAZ family tag to file"},
1073 {"info", CmdHFTopazInfo, IfPm3Iso14443a, "Tag information"},
1074 {"raw", CmdHFTopazRaw, IfPm3Iso14443a, "Send raw hex data to tag"},
1075 {"rdbl", CmdHFTopazRdBl, IfPm3Iso14443a, "Read block"},
1076 {"reader", CmdHFTopazReader, IfPm3Iso14443a, "Act like a Topaz reader"},
1077 {"sim", CmdHFTopazSim, IfPm3Iso14443a, "Simulate Topaz tag"},
1078 {"sniff", CmdHFTopazSniff, IfPm3Iso14443a, "Sniff Topaz reader-tag communication"},
1079 {"view", CmdHFTopazView, AlwaysAvailable, "Display content from tag dump file"},
1080 {"wrbl", CmdHFTopazWrBl, IfPm3Iso14443a, "Write block"},
1081 {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("ndef") " -----------------------"},
1082 // {"ndefformat", CmdHFTopazNDEFFormat, IfPm3Iso14443a, "Format Topaz Tag as NFC Tag"},
1083 // {"ndefread", CmdHFTopazNDEFRead, IfPm3Iso14443a, "Read and print NDEF records from card"},
1084 // {"ndefwrite", CmdHFTopazNDEFWrite, IfPm3Iso14443a, "Write NDEF records to card"},
1085
1086 {NULL, NULL, 0, NULL}
1087 };
1088
1089 static int CmdHelp(const char *Cmd) {
1090 (void)Cmd; // Cmd is not used so far
1091 CmdsHelp(CommandTable);
1092 return PM3_SUCCESS;
1093 }
1094
1095 int CmdHFTopaz(const char *Cmd) {
1096 clearCommandBuffer();
1097 return CmdsParse(CommandTable, Cmd);
1098 }
1099
1100 int readTopazUid(bool loop, bool verbose) {
1101
1102 int res = PM3_SUCCESS;
1103
1104 do {
1105 uint8_t atqa[2] = {0};
1106 uint8_t rid_response[8] = {0};
1107 uint8_t *uid_echo = &rid_response[2];
1108 uint8_t rall_response[124] = {0};
1109
1110 int status = topaz_select(atqa, sizeof(atqa), rid_response, sizeof(rid_response), verbose);
1111 if (status == PM3_ESOFT) {
1112 if (verbose) PrintAndLogEx(ERR, "Error: couldn't receive ATQA");
1113
1114 if (loop) {
1115 continue;
1116 }
1117
1118 res = status;
1119 break;
1120 }
1121
1122 if (atqa[1] != 0x0c && atqa[0] != 0x00) {
1123 if (verbose) PrintAndLogEx(ERR, "Tag doesn't support the Topaz protocol.");
1124
1125 if (loop) {
1126 continue;
1127 }
1128
1129 res = PM3_ESOFT;
1130 break;
1131 }
1132
1133 if (status == PM3_EWRONGANSWER) {
1134 if (verbose) PrintAndLogEx(ERR, "Error: tag didn't answer to RID");
1135
1136 if (loop) {
1137 continue;
1138 }
1139 res = status;
1140 break;
1141 }
1142
1143 status = topaz_rall(uid_echo, rall_response);
1144 if (status == PM3_ESOFT) {
1145 PrintAndLogEx(ERR, "Error: tag didn't answer to RALL");
1146
1147 if (loop) {
1148 continue;
1149 }
1150
1151 res = status;
1152 break;
1153 }
1154
1155 memcpy(topaz_tag.uid, rall_response + 2, 7);
1156 memcpy(topaz_tag.data_blocks, rall_response + 2, 0x0F * 8);
1157
1158 // printing
1159 PrintAndLogEx(NORMAL, "");
1160 PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%02X %02X %02X %02X %02X %02X %02X"),
1161 topaz_tag.uid[6],
1162 topaz_tag.uid[5],
1163 topaz_tag.uid[4],
1164 topaz_tag.uid[3],
1165 topaz_tag.uid[2],
1166 topaz_tag.uid[1],
1167 topaz_tag.uid[0]);
1168
1169 PrintAndLogEx(SUCCESS, "ATQA: " _GREEN_("%02X %02X"), atqa[1], atqa[0]);
1170
1171 topaz_tag.HR01[0] = rid_response[0];
1172 topaz_tag.HR01[1] = rid_response[1];
1173
1174 } while (loop && kbd_enter_pressed() == false);
1175
1176 topaz_switch_off_field();
1177 return res;
1178 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware