github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

code clean up, added some comments to hitag

Browse source
This commit is contained in:
iceman1001 2016-01-03 17:17:44 +01:00
commit 09181a5462
2 changed files with 107 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

108
armsrc/hitag2.c
View file

@ -24,14 +24,11 @@
#include "BigBuf.h" #include "BigBuf.h"
static bool bQuiet; static bool bQuiet;
static bool bCrypto; static bool bCrypto;
static bool bAuthenticating; static bool bAuthenticating;
static bool bPwd; static bool bPwd;
static bool bSuccessful; static bool bSuccessful;
struct hitag2_tag { struct hitag2_tag {
uint32_t uid; uint32_t uid;
enum { enum {
@ -144,6 +141,16 @@ static u64 _hitag2_round (u64 *state)
return _f20 (x); return _f20 (x);
} }
// "MIKRON" = O N M I K R
// Key = 4F 4E 4D 49 4B 52 - Secret 48-bit key
// Serial = 49 43 57 69 - Serial number of the tag, transmitted in clear
// Random = 65 6E 45 72 - Random IV, transmitted in clear
//~28~DC~80~31 = D7 23 7F CE - Authenticator value = inverted first 4 bytes of the keystream
// The code below must print out "D7 23 7F CE 8C D0 37 A9 57 49 C1 E6 48 00 8A B6".
// The inverse of the first 4 bytes is sent to the tag to authenticate.
// The rest is encrypted by XORing it with the subsequent keystream.
static u32 _hitag2_byte (u64 * x) static u32 _hitag2_byte (u64 * x)
{ {
u32 i, c; u32 i, c;
@ -152,16 +159,13 @@ static u32 _hitag2_byte (u64 * x)
return c; return c;
} }
static int hitag2_reset(void) static int hitag2_reset(void) {
{
tag.state = TAG_STATE_RESET; tag.state = TAG_STATE_RESET;
tag.crypto_active = 0; tag.crypto_active = 0;
return 0; return 0;
} }
static int hitag2_init(void) static int hitag2_init(void) {
{
// memcpy(&tag, &resetdata, sizeof(tag));
hitag2_reset(); hitag2_reset();
return 0; return 0;
} }
@ -223,16 +227,16 @@ static int hitag2_cipher_transcrypt(uint64_t* cs, byte_t *data, unsigned int byt
#define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */ #define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */
#define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */ #define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */
#define HITAG_T_TAG_ONE_HALF_PERIOD 10 #define HITAG_T_TAG_ONE_HALF_PERIOD 10
#define HITAG_T_TAG_TWO_HALF_PERIOD 25 #define HITAG_T_TAG_TWO_HALF_PERIOD 25
#define HITAG_T_TAG_THREE_HALF_PERIOD 41 #define HITAG_T_TAG_THREE_HALF_PERIOD 41
#define HITAG_T_TAG_FOUR_HALF_PERIOD 57 #define HITAG_T_TAG_FOUR_HALF_PERIOD 57
#define HITAG_T_TAG_HALF_PERIOD 16 #define HITAG_T_TAG_HALF_PERIOD 16
#define HITAG_T_TAG_FULL_PERIOD 32 #define HITAG_T_TAG_FULL_PERIOD 32
#define HITAG_T_TAG_CAPTURE_ONE_HALF 13 #define HITAG_T_TAG_CAPTURE_ONE_HALF 13
#define HITAG_T_TAG_CAPTURE_TWO_HALF 25 #define HITAG_T_TAG_CAPTURE_TWO_HALF 25
#define HITAG_T_TAG_CAPTURE_THREE_HALF 41 #define HITAG_T_TAG_CAPTURE_THREE_HALF 41
#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57 #define HITAG_T_TAG_CAPTURE_FOUR_HALF 57
@ -424,11 +428,10 @@ static void hitag_reader_send_bit(int bit) {
if(bit == 0) { if(bit == 0) {
// Zero bit: |_-| // Zero bit: |_-|
while(AT91C_BASE_TC0->TC_CV < T0*22); while(AT91C_BASE_TC0->TC_CV < T0*22);
// SpinDelayUs(16*8);
} else { } else {
// One bit: |_--| // One bit: |_--|
while(AT91C_BASE_TC0->TC_CV < T0*28); while(AT91C_BASE_TC0->TC_CV < T0*28);
// SpinDelayUs(22*8);
} }
LED_A_OFF(); LED_A_OFF();
} }
@ -475,26 +478,26 @@ static bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t*
*txlen = 32; *txlen = 32;
memcpy(tx,password,4); memcpy(tx,password,4);
bPwd = true; bPwd = true;
memcpy(tag.sectors[blocknr],rx,4); memcpy(tag.sectors[blocknr],rx,4);
blocknr++; blocknr++;
} else { } else {
if(blocknr == 1){ if(blocknr == 1){
//store password in block1, the TAG answers with Block3, but we need the password in memory //store password in block1, the TAG answers with Block3, but we need the password in memory
memcpy(tag.sectors[blocknr],tx,4); memcpy(tag.sectors[blocknr],tx,4);
}else{ } else {
memcpy(tag.sectors[blocknr],rx,4); memcpy(tag.sectors[blocknr],rx,4);
} }
blocknr++; blocknr++;
if (blocknr > 7) { if (blocknr > 7) {
DbpString("Read succesful!"); DbpString("Read succesful!");
bSuccessful = true; bSuccessful = true;
return false; return false;
} }
*txlen = 10; *txlen = 10;
tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2); tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
tx[1] = ((blocknr^7) << 6); tx[1] = ((blocknr^7) << 6);
} }
} break; } break;
@ -544,9 +547,9 @@ static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* tx
bCrypto = false; bCrypto = false;
} }
} else { } else {
*txlen = 5; *txlen = 5;
memcpy(tx,"\xc0",nbytes(*txlen)); memcpy(tx,"\xc0",nbytes(*txlen));
} }
} break; } break;
// Received UID, crypto tag answer // Received UID, crypto tag answer
@ -560,20 +563,20 @@ static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* tx
hitag2_cipher_transcrypt(&cipher_state,tx+4,4,0); hitag2_cipher_transcrypt(&cipher_state,tx+4,4,0);
*txlen = 64; *txlen = 64;
bCrypto = true; bCrypto = true;
bAuthenticating = true; bAuthenticating = true;
} else { } else {
// Check if we received answer tag (at) // Check if we received answer tag (at)
if (bAuthenticating) { if (bAuthenticating) {
bAuthenticating = false; bAuthenticating = false;
} else { } else {
// Store the received block // Store the received block
memcpy(tag.sectors[blocknr],rx,4); memcpy(tag.sectors[blocknr],rx,4);
blocknr++; blocknr++;
} }
if (blocknr > 7) { if (blocknr > 7) {
DbpString("Read succesful!"); DbpString("Read succesful!");
bSuccessful = true; bSuccessful = true;
return false; return false;
} }
*txlen = 10; *txlen = 10;
tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2); tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
@ -589,11 +592,11 @@ static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* tx
} }
if(bCrypto) { if(bCrypto) {
// We have to return now to avoid double encryption // We have to return now to avoid double encryption
if (!bAuthenticating) { if (!bAuthenticating) {
hitag2_cipher_transcrypt(&cipher_state,tx,*txlen/8,*txlen%8); hitag2_cipher_transcrypt(&cipher_state, tx, *txlen/8, *txlen%8);
} }
} }
return true; return true;
@ -625,8 +628,7 @@ static bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size
bCrypto = true; bCrypto = true;
} else { } else {
DbpString("Authentication succesful!"); DbpString("Authentication succesful!");
// We are done... for now return true;
return false;
} }
} break; } break;

91
client/cmdlfhitag.c
View file

@ -59,8 +59,7 @@ int CmdLFHitagList(const char *Cmd)
char filename[FILE_PATH_SIZE] = { 0x00 }; char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf = NULL; FILE* pf = NULL;
if (len > FILE_PATH_SIZE) if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len); memcpy(filename, Cmd, len);
if (strlen(filename) > 0) { if (strlen(filename) > 0) {
@ -151,17 +150,19 @@ int CmdLFHitagList(const char *Cmd)
} }
int CmdLFHitagSnoop(const char *Cmd) { int CmdLFHitagSnoop(const char *Cmd) {
UsbCommand c = {CMD_SNOOP_HITAG}; UsbCommand c = {CMD_SNOOP_HITAG};
SendCommand(&c); clearCommandBuffer();
return 0; SendCommand(&c);
return 0;
} }
int CmdLFHitagSim(const char *Cmd) { int CmdLFHitagSim(const char *Cmd) {
UsbCommand c = {CMD_SIMULATE_HITAG}; UsbCommand c = {CMD_SIMULATE_HITAG};
char filename[FILE_PATH_SIZE] = { 0x00 }; char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf; FILE* pf;
bool tag_mem_supplied; bool tag_mem_supplied;
int len = strlen(Cmd); int len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len); memcpy(filename, Cmd, len);
@ -173,10 +174,10 @@ int CmdLFHitagSim(const char *Cmd) {
} }
tag_mem_supplied = true; tag_mem_supplied = true;
if (fread(c.d.asBytes,48,1,pf) == 0) { if (fread(c.d.asBytes,48,1,pf) == 0) {
PrintAndLog("Error: File reading error"); PrintAndLog("Error: File reading error");
fclose(pf); fclose(pf);
return 1; return 1;
} }
fclose(pf); fclose(pf);
} else { } else {
tag_mem_supplied = false; tag_mem_supplied = false;
@ -185,14 +186,14 @@ int CmdLFHitagSim(const char *Cmd) {
// Does the tag comes with memory // Does the tag comes with memory
c.arg[0] = (uint32_t)tag_mem_supplied; c.arg[0] = (uint32_t)tag_mem_supplied;
SendCommand(&c); clearCommandBuffer();
return 0; SendCommand(&c);
return 0;
} }
int CmdLFHitagReader(const char *Cmd) { int CmdLFHitagReader(const char *Cmd) {
// UsbCommand c = {CMD_READER_HITAG};
// param_get32ex(Cmd,1,0,16);
UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}}; UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
hitag_data* htd = (hitag_data*)c.d.asBytes; hitag_data* htd = (hitag_data*)c.d.asBytes;
hitag_function htf = param_get32ex(Cmd,0,0,10); hitag_function htf = param_get32ex(Cmd,0,0,10);
@ -207,7 +208,6 @@ int CmdLFHitagReader(const char *Cmd) {
} break; } break;
case RHT2F_CRYPTO: { case RHT2F_CRYPTO: {
num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key); num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
} break; } break;
case RHT2F_TEST_AUTH_ATTEMPTS: { case RHT2F_TEST_AUTH_ATTEMPTS: {
// No additional parameters needed // No additional parameters needed
@ -229,52 +229,51 @@ int CmdLFHitagReader(const char *Cmd) {
// Copy the hitag2 function into the first argument // Copy the hitag2 function into the first argument
c.arg[0] = htf; c.arg[0] = htf;
// Send the command to the proxmark clearCommandBuffer();
SendCommand(&c); // Send the command to the proxmark
SendCommand(&c);
UsbCommand resp; UsbCommand resp;
WaitForResponse(CMD_ACK,&resp); WaitForResponse(CMD_ACK,&resp);
// Check the return status, stored in the first argument // Check the return status, stored in the first argument
if (resp.arg[0] == false) return 1; if (resp.arg[0] == false) return 1;
uint32_t id = bytes_to_num(resp.d.asBytes,4); uint32_t id = bytes_to_num(resp.d.asBytes,4);
char filename[256]; char filename[FILE_PATH_SIZE];
FILE* pf = NULL; FILE* pf = NULL;
sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff)); sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
if ((pf = fopen(filename,"wb")) == NULL) { if ((pf = fopen(filename,"wb")) == NULL) {
PrintAndLog("Error: Could not open file [%s]",filename); PrintAndLog("Error: Could not open file [%s]",filename);
return 1; return 1;
} }
// Write the 48 tag memory bytes to file and finalize // Write the 48 tag memory bytes to file and finalize
fwrite(resp.d.asBytes,1,48,pf); fwrite(resp.d.asBytes,1,48,pf);
fclose(pf); fclose(pf);
PrintAndLog("Succesfully saved tag memory to [%s]",filename); PrintAndLog("Succesfully saved tag memory to [%s]",filename);
return 0;
return 0;
} }
static command_t CommandTable[] = static command_t CommandTable[] = {
{ {"help", CmdHelp, 1, "This help"},
{"help", CmdHelp, 1, "This help"}, {"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"}, {"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"}, {"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"}, {"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"}, {NULL, NULL, 0, NULL}
{NULL, NULL, 0, NULL}
}; };
int CmdLFHitag(const char *Cmd) int CmdLFHitag(const char *Cmd)
{ {
CmdsParse(CommandTable, Cmd); CmdsParse(CommandTable, Cmd);
return 0; return 0;
} }
int CmdHelp(const char *Cmd) int CmdHelp(const char *Cmd)
{ {
CmdsHelp(CommandTable); CmdsHelp(CommandTable);
return 0; return 0;
} }