github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 10:37:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

ADD: Added the HitagS from @spenneb ref:https://events.ccc.de/congress/2015/Fahrplan/events/7166.html

Browse source 
PM3 Master PR: https://github.com/Proxmark/proxmark3/pull/167

Adjusted the ENUM names to fit in my fork.  We need a better namestandard for it.
This commit is contained in:
iceman1001 2016-03-04 19:06:47 +01:00
commit 0db11b71ef
12 changed files with 2409 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/Makefile
View file

@ -15,7 +15,7 @@ APP_CFLAGS = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO144
#-DWITH_LCD
#SRC_LCD = fonts.c LCD.c
SRC_LF = lfops.c hitag2.c lfsampling.c pcf7931.c lfdemod.c protocols.c
SRC_LF = lfops.c hitag2.c hitagS.c lfsampling.c pcf7931.c lfdemod.c protocols.c
SRC_ISO15693 = iso15693.c iso15693tools.c
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443b.c

15
armsrc/appmain.c
View file

@ -22,7 +22,8 @@
#include <stdarg.h>
#include "legicrf.h"
#include <hitag2.h>
#include "hitag2.h"
#include "hitagS.h"
#include "lfsampling.h"
#include "BigBuf.h"
#include "mifareutil.h"
@ -996,6 +997,18 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_READER_HITAG: // Reader for Hitag tags, args = type and function
ReaderHitag((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
break;
case CMD_SIMULATE_HITAG_S:// Simulate Hitag s tag, args = memory content
SimulateHitagSTag((bool)c->arg[0],(byte_t*)c->d.asBytes);
break;
case CMD_TEST_HITAGS_TRACES:// Tests every challenge within the given file
check_challenges((bool)c->arg[0],(byte_t*)c->d.asBytes);
break;
case CMD_READ_HITAG_S://Reader for only Hitag S tags, args = key or challenge
ReadHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes);
break;
case CMD_WR_HITAG_S://writer for Hitag tags args=data to write,page and key or challenge
WritePageHitagS((hitag_function)c->arg[0],(hitag_data*)c->d.asBytes,c->arg[2]);
break;
#endif
#ifdef WITH_ISO15693

8
armsrc/apps.h
View file

@ -23,6 +23,7 @@
#include "fpgaloader.h"
#include "usb_cdc.h"
#include "hitag2.h"
#include "hitagS.h"
#include "mifare.h"
#include "pcf7931.h"
//#include "des.h"
@ -206,6 +207,13 @@ void SnoopHitag(uint32_t type);
void SimulateHitagTag(bool tag_mem_supplied, byte_t* data);
void ReaderHitag(hitag_function htf, hitag_data* htd);
//hitagS.h
void SimulateHitagSTag(bool tag_mem_supplied, byte_t* data);
void ReadHitagS(hitag_function htf, hitag_data* htd);
void WritePageHitagS(hitag_function htf, hitag_data* htd,int page);
void check_challenges(bool file_given, byte_t* data);
// cmd.h
bool cmd_receive(UsbCommand* cmd);
bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len);

2
armsrc/hitag2.c
View file

@ -1149,7 +1149,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
case RHT2F_CRYPTO: {
DbpString("Authenticating using key:");
memcpy(key,htd->crypto.key,4); //HACK; 4 or 6?? I read both in the code.
memcpy(key,htd->crypto.key,6); //HACK; 4 or 6?? I read both in the code.
Dbhexdump(6,key,false);
blocknr = 0;
bQuiet = false;

2151
armsrc/hitagS.c Normal file
View file

File diff suppressed because it is too large Load diff

129
client/cmdlfhitag.c
View file

@ -18,6 +18,7 @@
#include "common.h"
#include "util.h"
#include "hitag2.h"
#include "hitagS.h"
#include "sleep.h"
#include "cmdmain.h"
@ -200,6 +201,15 @@ int CmdLFHitagReader(const char *Cmd) {
hitag_function htf = param_get32ex(Cmd,0,0,10);
switch (htf) {
case 01: { //RHTSF_CHALLENGE
c = (UsbCommand){ CMD_READ_HITAG_S };
num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
} break;
case 02: { //RHTSF_KEY
c = (UsbCommand){ CMD_READ_HITAG_S };
num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
} break;
case RHT2F_PASSWORD: {
num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
} break;
@ -217,6 +227,8 @@ int CmdLFHitagReader(const char *Cmd) {
PrintAndLog("Error: unkown reader function %d",htf);
PrintAndLog("Hitag reader functions");
PrintAndLog(" HitagS (0*)");
PrintAndLog(" 01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
PrintAndLog(" 02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
PrintAndLog(" Hitag1 (1*)");
PrintAndLog(" Hitag2 (2*)");
PrintAndLog(" 21 <password> (password mode)");
@ -258,13 +270,126 @@ int CmdLFHitagReader(const char *Cmd) {
return 0;
}
static command_t CommandTable[] = {
int CmdLFHitagSimS(const char *Cmd) {
UsbCommand c = { CMD_SIMULATE_HITAG_S };
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf;
bool tag_mem_supplied;
int len = strlen(Cmd);
if (len > FILE_PATH_SIZE)
len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
if (strlen(filename) > 0) {
if ((pf = fopen(filename, "rb+")) == NULL) {
PrintAndLog("Error: Could not open file [%s]", filename);
return 1;
}
tag_mem_supplied = true;
if (fread(c.d.asBytes, 4*64, 1, pf) == 0) {
PrintAndLog("Error: File reading error");
fclose(pf);
return 1;
}
fclose(pf);
} else {
tag_mem_supplied = false;
}
// Does the tag comes with memory
c.arg[0] = (uint32_t) tag_mem_supplied;
SendCommand(&c);
return 0;
}
int CmdLFHitagCheckChallenges(const char *Cmd) {
UsbCommand c = { CMD_TEST_HITAGS_TRACES };
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf;
bool file_given;
int len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
if (strlen(filename) > 0) {
if ((pf = fopen(filename,"rb+")) == NULL) {
PrintAndLog("Error: Could not open file [%s]",filename);
return 1;
}
file_given = true;
if (fread(c.d.asBytes,8*60,1,pf) == 0) {
PrintAndLog("Error: File reading error");
fclose(pf);
return 1;
}
fclose(pf);
} else {
file_given = false;
}
//file with all the challenges to try
c.arg[0] = (uint32_t)file_given;
SendCommand(&c);
return 0;
}
int CmdLFHitagWP(const char *Cmd) {
UsbCommand c = { CMD_WR_HITAG_S };
hitag_data* htd = (hitag_data*)c.d.asBytes;
hitag_function htf = param_get32ex(Cmd,0,0,10);
switch (htf) {
case 03: { //WHTSF_CHALLENGE
num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
} break;
case 04: { //WHTSF_KEY
num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
} break;
default: {
PrintAndLog("Error: unkown writer function %d",htf);
PrintAndLog("Hitag writer functions");
PrintAndLog(" HitagS (0*)");
PrintAndLog(" 03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
PrintAndLog(" 04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
PrintAndLog(" Hitag1 (1*)");
PrintAndLog(" Hitag2 (2*)");
return 1;
} break;
}
// Copy the hitag function into the first argument
c.arg[0] = htf;
// Send the command to the proxmark
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
// Check the return status, stored in the first argument
if (resp.arg[0] == false) return 1;
return 0;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
{NULL, NULL, 0, NULL}
{"writer", CmdLFHitagWP, 1, "Act like a Hitag Writer" },
{"simS", CmdLFHitagSimS, 1, "<hitagS.hts> Simulate HitagS transponder" },
{"checkChallenges", CmdLFHitagCheckChallenges, 1, "<challenges.cc> test all challenges" }, {
NULL,NULL, 0, NULL }
};
int CmdLFHitag(const char *Cmd) {

7
client/hid-flasher/usb_cmd.h
View file

@ -115,6 +115,13 @@ typedef struct {
#define CMD_SIMULATE_HITAG 0x0371
#define CMD_READER_HITAG 0x0372
// For HitagS
#define CMD_SIMULATE_HITAG_S 0x0368
#define CMD_TEST_HITAGS_TRACES 0x0367
#define CMD_READ_HITAG_S 0x0373
#define CMD_WR_HITAG_S 0x0375
#define CMD_EMU_HITAG_S 0x0376
#define CMD_SIMULATE_TAG_ISO_14443B 0x0381
#define CMD_SNOOP_ISO_14443B 0x0382
#define CMD_SNOOP_ISO_14443a 0x0383

7
client/lualibs/commands.lua
View file

@ -81,6 +81,13 @@ local _commands = {
CMD_SIMULATE_HITAG = 0x0371,
CMD_READER_HITAG = 0x0372,
--// For HitagS
CMD_TEST_HITAGS_TRACES = 0x0367,
CMD_SIMULATE_HITAG_S = 0x0368,
CMD_READ_HITAG_S = 0x0373,
CMD_WR_HITAG_S = 0x0375,
CMD_EMU_HITAG_S = 0x0376,
CMD_SIMULATE_TAG_ISO_14443B = 0x0381,
CMD_SNOOP_ISO_14443B = 0x0382,
CMD_SNOOP_ISO_14443a = 0x0383,

3
common/desfire.h
View file

@ -3,7 +3,6 @@
#include <string.h>
#include <stdarg.h>
#include "aes.h"
#define MAX_CRYPTO_BLOCK_SIZE 16
@ -110,8 +109,6 @@ enum DESFIRE_FILE_TYPES {
MDFT_CYCLIC_RECORD_FILE_WITH_BACKUP = 0x04
};
enum DESFIRE_STATUS {
OPERATION_OK = 0x00,
NO_CHANGES = 0x0c,

10
include/hitag2.h
View file

@ -7,11 +7,17 @@
//-----------------------------------------------------------------------------
// Hitag2 type prototyping
//-----------------------------------------------------------------------------
// HitagS added
//-----------------------------------------------------------------------------
#ifndef _HITAG2_H_
#define _HITAG2_H_
typedef enum {
RHTSF_CHALLENGE = 01,
RHTSF_KEY = 02,
WHTSF_CHALLENGE = 03,
WHTSF_KEY = 04,
RHT2F_PASSWORD = 21,
RHT2F_AUTHENTICATE = 22,
RHT2F_CRYPTO = 23,
@ -24,10 +30,12 @@ typedef struct {
typedef struct {
byte_t NrAr[8];
byte_t data[4];
} PACKED rht2d_authenticate;
typedef struct {
byte_t key[4];
byte_t key[6];
byte_t data[4];
} PACKED rht2d_crypto;
typedef union {

76
include/hitagS.h Normal file
View file

@ -0,0 +1,76 @@
//-----------------------------------------------------------------------------
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// HitagS emulation (preliminary test version)
//
// (c) 2016 Oguzhan Cicek, Hendrik Schwartke, Ralf Spenneberg
// <info@os-s.de>
//-----------------------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <hitag2.h>
#ifndef _HITAGS_H_
#define _HITAGS_H_
//protocol-state
typedef enum PROTO_STATE {
HT_READY=0,
HT_INIT,
HT_AUTHENTICATE,
HT_SELECTED,
HT_QUIET,
HT_TTF,
HT_FAIL} PSTATE;
//tag-state
typedef enum TAG_STATE {
HT_NO_OP=0,
HT_READING_PAGE,
HT_WRITING_PAGE_ACK,
HT_WRITING_PAGE_DATA,
HT_WRITING_BLOCK_DATA} TSATE;
//number of start-of-frame bits
typedef enum SOF_TYPE {
HT_STANDARD=0,
HT_ADVANCED,
HT_FAST_ADVANCED,
HT_ONE,
HT_NO_BITS} stype;
struct hitagS_tag {
PSTATE pstate; //protocol-state
TSATE tstate; //tag-state
uint32_t uid;
uint32_t pages[16][4];
uint64_t key;
byte_t pwdl0, pwdl1, pwdh0;
//con0
int max_page;
stype mode;
//con1
bool auth; //0=Plain 1=Auth
bool TTFC; //Transponder Talks first coding. 0=Manchester 1=Biphase
int TTFDR; //data rate in TTF Mode
int TTFM; //the number of pages that are sent to the RWD
bool LCON; //0=con1/2 read write 1=con1 read only and con2 OTP
bool LKP; //0=page2/3 read write 1=page2/3 read only in Plain mode and no access in authenticate mode
//con2
//0=read write 1=read only
bool LCK7; //page4/5
bool LCK6; //page6/7
bool LCK5; //page8-11
bool LCK4; //page12-15
bool LCK3; //page16-23
bool LCK2; //page24-31
bool LCK1; //page32-47
bool LCK0; //page48-63
} ;
#endif

8
include/usb_cmd.h
View file

@ -123,6 +123,14 @@ typedef struct{
#define CMD_SIMULATE_HITAG 0x0371
#define CMD_READER_HITAG 0x0372
// For HitagS
#define CMD_TEST_HITAGS_TRACES 0x0367
#define CMD_SIMULATE_HITAG_S 0x0368
#define CMD_READ_HITAG_S 0x0373
#define CMD_WR_HITAG_S 0x0375
#define CMD_EMU_HITAG_S 0x0376
#define CMD_SIMULATE_TAG_ISO_14443B 0x0381
#define CMD_SNOOP_ISO_14443B 0x0382
#define CMD_SNOOP_ISO_14443a 0x0383