ADD: Added the HitagS from @spenneb ref:https://events.ccc.de/congress/2015/Fahrplan/events/7166.html

PM3 Master PR: https://github.com/Proxmark/proxmark3/pull/167 Adjusted the ENUM names to fit in my fork. We need a better namestandard for it.
2025-08-21 05:43:48 -07:00 · 2016-03-04 19:06:47 +01:00 · 2016-03-04 19:06:47 +01:00 · 0db11b71ef
commit 0db11b71ef
parent 7f0cb92e0d
12 changed files with 2409 additions and 9 deletions
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@ -18,6 +18,7 @@
 #include "common.h"
 #include "util.h"
 #include "hitag2.h"
+#include "hitagS.h"
 #include "sleep.h"
 #include "cmdmain.h"

@ -200,6 +201,15 @@ int CmdLFHitagReader(const char *Cmd) {
 	hitag_function htf = param_get32ex(Cmd,0,0,10);
 	
 	switch (htf) {
+		case 01: { //RHTSF_CHALLENGE
+			c = (UsbCommand){ CMD_READ_HITAG_S };
+			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
+			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
+		} break;
+		case 02: { //RHTSF_KEY
+			c = (UsbCommand){ CMD_READ_HITAG_S };
+			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+		} break;
 		case RHT2F_PASSWORD: {
 			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
 		} break;
@ -217,6 +227,8 @@ int CmdLFHitagReader(const char *Cmd) {
 			PrintAndLog("Error: unkown reader function %d",htf);
 			PrintAndLog("Hitag reader functions");
 			PrintAndLog(" HitagS (0*)");
+			PrintAndLog("  01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
+			PrintAndLog("  02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
 			PrintAndLog(" Hitag1 (1*)");
 			PrintAndLog(" Hitag2 (2*)");
 			PrintAndLog("  21 <password> (password mode)");
@ -258,13 +270,126 @@ int CmdLFHitagReader(const char *Cmd) {
 	return 0;
 }

-static command_t CommandTable[] = {
+
+int CmdLFHitagSimS(const char *Cmd) {
+	UsbCommand c = { CMD_SIMULATE_HITAG_S };
+	char filename[FILE_PATH_SIZE] = { 0x00 };
+	FILE* pf;
+	bool tag_mem_supplied;
+	int len = strlen(Cmd);
+	if (len > FILE_PATH_SIZE)
+		len = FILE_PATH_SIZE;
+	memcpy(filename, Cmd, len);
+
+	if (strlen(filename) > 0) {
+		if ((pf = fopen(filename, "rb+")) == NULL) {
+			PrintAndLog("Error: Could not open file [%s]", filename);
+			return 1;
+		}
+		tag_mem_supplied = true;
+		if (fread(c.d.asBytes, 4*64, 1, pf) == 0) {
+			PrintAndLog("Error: File reading error");
+			fclose(pf);
+			return 1;
+		}
+		fclose(pf);
+	} else {
+		tag_mem_supplied = false;
+	}
+
+	// Does the tag comes with memory
+	c.arg[0] = (uint32_t) tag_mem_supplied;
+
+	SendCommand(&c);
+	return 0;
+}
+
+int CmdLFHitagCheckChallenges(const char *Cmd) {
+	UsbCommand c = { CMD_TEST_HITAGS_TRACES };
+	char filename[FILE_PATH_SIZE] = { 0x00 };
+	FILE* pf;
+	bool file_given;
+	int len = strlen(Cmd);
+	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+	memcpy(filename, Cmd, len);
+	
+	if (strlen(filename) > 0) {
+		if ((pf = fopen(filename,"rb+")) == NULL) {
+			PrintAndLog("Error: Could not open file [%s]",filename);
+			return 1;
+		}
+		file_given = true;
+		if (fread(c.d.asBytes,8*60,1,pf) == 0) {
+      PrintAndLog("Error: File reading error");
+      fclose(pf);
+			return 1;
+        }
+		fclose(pf);
+	} else {
+		file_given = false;
+	}
+	
+	//file with all the challenges to try
+	c.arg[0] = (uint32_t)file_given;
+
+  SendCommand(&c);
+  return 0;
+}
+
+
+int CmdLFHitagWP(const char *Cmd) {
+	UsbCommand c = { CMD_WR_HITAG_S };
+	hitag_data* htd = (hitag_data*)c.d.asBytes;
+	hitag_function htf = param_get32ex(Cmd,0,0,10);
+	switch (htf) {
+		case 03: { //WHTSF_CHALLENGE
+			num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
+			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
+			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
+		} break;
+		case 04: { //WHTSF_KEY
+			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
+			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
+
+		} break;
+		default: {
+			PrintAndLog("Error: unkown writer function %d",htf);
+			PrintAndLog("Hitag writer functions");
+			PrintAndLog(" HitagS (0*)");
+			PrintAndLog("  03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog("  04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog(" Hitag1 (1*)");
+			PrintAndLog(" Hitag2 (2*)");
+			return 1;
+		} break;
+	}
+	// Copy the hitag function into the first argument
+	c.arg[0] = htf;
+
+  // Send the command to the proxmark
+  SendCommand(&c);
+  
+  UsbCommand resp;
+  WaitForResponse(CMD_ACK,&resp);
+  
+  // Check the return status, stored in the first argument
+  if (resp.arg[0] == false) return 1;
+  return 0;
+}
+
+
+static command_t CommandTable[] = 
+{
 	{"help",    CmdHelp,           1, "This help"},
 	{"list",    CmdLFHitagList,    1, "<outfile> List Hitag trace history"},
 	{"reader",  CmdLFHitagReader,  1, "Act like a Hitag Reader"},
 	{"sim",     CmdLFHitagSim,     1, "<infile> Simulate Hitag transponder"},
 	{"snoop",   CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
-	{NULL, NULL, 0, NULL}
+  {"writer",   		CmdLFHitagWP,      1, "Act like a Hitag Writer" },
+  {"simS",   		CmdLFHitagSimS,    1, "<hitagS.hts> Simulate HitagS transponder" }, 
+  {"checkChallenges",	CmdLFHitagCheckChallenges,   1, "<challenges.cc> test all challenges" }, {
+				NULL,NULL, 0, NULL }
 };

 int CmdLFHitag(const char *Cmd) {