1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2012 Roel Verdult
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
7 //-----------------------------------------------------------------------------
8 // Low frequency Hitag support
9 //-----------------------------------------------------------------------------
15 #include "proxmark3.h"
17 #include "cmdparser.h"
24 static int CmdHelp(const char *Cmd
);
26 size_t nbytes(size_t nbits
) {
27 return (nbits
/8)+((nbits
%8)>0);
30 int CmdLFHitagList(const char *Cmd
)
32 uint8_t got
[TRACE_BUFFER_SIZE
];
33 GetFromBigBuf(got
,sizeof(got
),0);
34 WaitForResponse(CMD_ACK
,NULL
);
36 PrintAndLog("recorded activity:");
37 PrintAndLog(" ETU :nbits: who bytes");
38 PrintAndLog("---------+-----+----+-----------");
42 int len
= strlen(Cmd
);
44 char filename
[FILE_PATH_SIZE
] = { 0x00 };
47 if (len
> FILE_PATH_SIZE
)
49 memcpy(filename
, Cmd
, len
);
51 if (strlen(filename
) > 0) {
52 if ((pf
= fopen(filename
,"wb")) == NULL
) {
53 PrintAndLog("Error: Could not open file [%s]",filename
);
60 if(i
>= TRACE_BUFFER_SIZE
) { break; }
63 int timestamp
= *((uint32_t *)(got
+i
));
64 if (timestamp
& 0x80000000) {
65 timestamp
&= 0x7fffffff;
71 int parityBits
= *((uint32_t *)(got
+i
+4));
72 // 4 bytes of additional information...
73 // maximum of 32 additional parity bit information
76 // at each quarter bit period we can send power level (16 levels)
77 // or each half bit period in 256 levels.
80 int len
= nbytes(got
[i
+8]);
85 if (i
+ len
>= TRACE_BUFFER_SIZE
) { break;}
87 uint8_t *frame
= (got
+i
+9);
89 // Break and stick with current result if buffer was not completely full
90 if (frame
[0] == 0x44 && frame
[1] == 0x44 && frame
[3] == 0x44) { break; }
94 for (j
= 0; j
< len
; j
++) {
99 oddparity
^= (((frame
[j
] & 0xFF) >> k
) & 0x01);
102 //if((parityBits >> (len - j - 1)) & 0x01) {
103 if (isResponse
&& (oddparity
!= ((parityBits
>> (len
- j
- 1)) & 0x01))) {
104 sprintf(line
+(j
*4), "%02x! ", frame
[j
]);
107 sprintf(line
+(j
*4), "%02x ", frame
[j
]);
111 PrintAndLog(" +%7d: %3d: %s %s",
112 (prev
< 0 ? 0 : (timestamp
- prev
)),
114 (isResponse
? "TAG" : " "),
119 fprintf(pf
," +%7d: %3d: %s %s\n",
120 (prev
< 0 ? 0 : (timestamp
- prev
)),
122 (isResponse
? "TAG" : " "),
132 PrintAndLog("Recorded activity succesfully written to file: %s", filename
);
138 int CmdLFHitagSnoop(const char *Cmd
) {
139 UsbCommand c
= {CMD_SNOOP_HITAG
};
144 int CmdLFHitagSim(const char *Cmd
) {
146 UsbCommand c
= {CMD_SIMULATE_HITAG
};
147 char filename
[FILE_PATH_SIZE
] = { 0x00 };
149 bool tag_mem_supplied
;
150 int len
= strlen(Cmd
);
151 if (len
> FILE_PATH_SIZE
) len
= FILE_PATH_SIZE
;
152 memcpy(filename
, Cmd
, len
);
154 if (strlen(filename
) > 0) {
155 if ((pf
= fopen(filename
,"rb+")) == NULL
) {
156 PrintAndLog("Error: Could not open file [%s]",filename
);
159 tag_mem_supplied
= true;
160 if (fread(c
.d
.asBytes
,48,1,pf
) == 0) {
161 PrintAndLog("Error: File reading error");
167 tag_mem_supplied
= false;
170 // Does the tag comes with memory
171 c
.arg
[0] = (uint32_t)tag_mem_supplied
;
177 int CmdLFHitagReader(const char *Cmd
) {
178 // UsbCommand c = {CMD_READER_HITAG};
180 // param_get32ex(Cmd,1,0,16);
181 UsbCommand c
= {CMD_READER_HITAG
};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
182 hitag_data
* htd
= (hitag_data
*)c
.d
.asBytes
;
183 hitag_function htf
= param_get32ex(Cmd
,0,0,10);
186 case RHT2F_PASSWORD
: {
187 num_to_bytes(param_get32ex(Cmd
,1,0,16),4,htd
->pwd
.password
);
189 case RHT2F_AUTHENTICATE
: {
190 num_to_bytes(param_get32ex(Cmd
,1,0,16),4,htd
->auth
.NrAr
);
191 num_to_bytes(param_get32ex(Cmd
,2,0,16),4,htd
->auth
.NrAr
+4);
194 num_to_bytes(param_get64ex(Cmd
,1,0,16),6,htd
->crypto
.key
);
195 // num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
197 case RHT2F_TEST_AUTH_ATTEMPTS
: {
198 // No additional parameters needed
201 PrintAndLog("Error: unkown reader function %d",htf
);
202 PrintAndLog("Hitag reader functions");
203 PrintAndLog(" HitagS (0*)");
204 PrintAndLog(" Hitag1 (1*)");
205 PrintAndLog(" Hitag2 (2*)");
206 PrintAndLog(" 21 <password> (password mode)");
207 PrintAndLog(" 22 <nr> <ar> (authentication)");
208 PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
209 PrintAndLog(" 25 (test recorded authentications)");
214 // Copy the hitag2 function into the first argument
217 // Send the command to the proxmark
221 WaitForResponse(CMD_ACK
,&resp
);
223 // Check the return status, stored in the first argument
224 if (resp
.arg
[0] == false) return 1;
226 uint32_t id
= bytes_to_num(resp
.d
.asBytes
,4);
230 sprintf(filename
,"%08x_%04x.ht2",id
,(rand() & 0xffff));
231 if ((pf
= fopen(filename
,"wb")) == NULL
) {
232 PrintAndLog("Error: Could not open file [%s]",filename
);
236 // Write the 48 tag memory bytes to file and finalize
237 fwrite(resp
.d
.asBytes
,1,48,pf
);
240 PrintAndLog("Succesfully saved tag memory to [%s]",filename
);
245 static command_t CommandTable
[] =
247 {"help", CmdHelp
, 1, "This help"},
248 {"list", CmdLFHitagList
, 1, "<outfile> List Hitag trace history"},
249 {"reader", CmdLFHitagReader
, 1, "Act like a Hitag Reader"},
250 {"sim", CmdLFHitagSim
, 1, "<infile> Simulate Hitag transponder"},
251 {"snoop", CmdLFHitagSnoop
, 1, "Eavesdrop Hitag communication"},
252 {NULL
, NULL
, 0, NULL
}
255 int CmdLFHitag(const char *Cmd
)
257 CmdsParse(CommandTable
, Cmd
);
261 int CmdHelp(const char *Cmd
)
263 CmdsHelp(CommandTable
);