From 0db2d1c92abefb1faa06d822d382cd5783a64163 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 30 Jan 2024 11:02:10 +0100 Subject: [PATCH] added lf hitag eview command and unified some command description across the client --- CHANGELOG.md | 1 + client/src/cmdhf15.c | 4 +- client/src/cmdhfcryptorf.c | 4 +- client/src/cmdhficlass.c | 2 +- client/src/cmdhflegic.c | 4 +- client/src/cmdhfmf.c | 4 +- client/src/cmdhfmfu.c | 4 +- client/src/cmdlfem4x50.c | 4 +- client/src/cmdlfhitag.c | 466 ++++++++++++++++++++----------------- client/src/cmdlfhitag.h | 3 +- client/src/emv/cmdemv.c | 10 +- 11 files changed, 276 insertions(+), 230 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 69807b05c..b4423127f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Added `lf hitag eview` - now supports viewing of emulator memory (@iceman1001) - Added `lf hitag view` - now supports viewing of dump files (@iceman1001) - Changed `lf hitag dump --ns` - now support nosave flag (@iceman1001) - Added `hf xerox rdbl` - read block of a Fuji/Xerox tag (@iceman1001) diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index 6ce35266a..e20673eb7 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -3439,8 +3439,8 @@ static command_t CommandTable[] = { {"wrbl", CmdHF15Write, IfPm3Iso15693, "Write a block"}, {"-----------", CmdHF15Help, IfPm3Iso15693, "--------------------- " _CYAN_("simulation") " ----------------------"}, {"sim", CmdHF15Sim, IfPm3Iso15693, "Fake an ISO-15693 tag"}, - {"eload", CmdHF15ELoad, IfPm3Iso15693, "Load image file into emulator to be used by 'sim' command"}, - {"esave", CmdHF15ESave, IfPm3Iso15693, "Save emulator memory into image file"}, + {"eload", CmdHF15ELoad, IfPm3Iso15693, "Upload file into emulator memory"}, + {"esave", CmdHF15ESave, IfPm3Iso15693, "Save emulator memory to file"}, {"eview", CmdHF15EView, IfPm3Iso15693, "View emulator memory"}, {"-----------", CmdHF15Help, IfPm3Iso15693, "------------------------ " _CYAN_("SLIX") " -------------------------"}, {"slixwritepwd", CmdHF15SlixWritePassword, IfPm3Iso15693, "Writes a password on a SLIX ISO-15693 tag"}, diff --git a/client/src/cmdhfcryptorf.c b/client/src/cmdhfcryptorf.c index f35d18fbd..909c5f110 100644 --- a/client/src/cmdhfcryptorf.c +++ b/client/src/cmdhfcryptorf.c @@ -535,8 +535,8 @@ static command_t CommandTable[] = { {"reader", CmdHFCryptoRFReader, IfPm3Iso14443b, "Act as a CryptoRF reader to identify a tag"}, {"sim", CmdHFCryptoRFSim, IfPm3Iso14443b, "Fake CryptoRF tag"}, {"sniff", CmdHFCryptoRFSniff, IfPm3Iso14443b, "Eavesdrop CryptoRF"}, - {"eload", CmdHFCryptoRFELoad, AlwaysAvailable, "Load binary dump to emulator memory"}, - {"esave", CmdHFCryptoRFESave, AlwaysAvailable, "Save emulator memory to binary file"}, + {"eload", CmdHFCryptoRFELoad, AlwaysAvailable, "Upload file into emulator memory"}, + {"esave", CmdHFCryptoRFESave, AlwaysAvailable, "Save emulator memory to file"}, {NULL, NULL, NULL, NULL} }; diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index ff1c48d45..10fdcdfd6 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -4648,7 +4648,7 @@ static command_t CommandTable[] = { {"lookup", CmdHFiClassLookUp, AlwaysAvailable, "Uses authentication trace to check for key in dictionary file"}, {"-----------", CmdHelp, IfPm3Iclass, "-------------------- " _CYAN_("simulation") " -------------------"}, {"sim", CmdHFiClassSim, IfPm3Iclass, "Simulate iCLASS tag"}, - {"eload", CmdHFiClassELoad, IfPm3Iclass, "Load Picopass / iCLASS dump file into emulator memory"}, + {"eload", CmdHFiClassELoad, IfPm3Iclass, "Upload file into emulator memory"}, {"esave", CmdHFiClassESave, IfPm3Iclass, "Save emulator memory to file"}, {"esetblk", CmdHFiClassESetBlk, IfPm3Iclass, "Set emulator memory block data"}, {"eview", CmdHFiClassEView, IfPm3Iclass, "View emulator memory"}, diff --git a/client/src/cmdhflegic.c b/client/src/cmdhflegic.c index df690537c..0df73a2c1 100644 --- a/client/src/cmdhflegic.c +++ b/client/src/cmdhflegic.c @@ -1449,8 +1449,8 @@ static command_t CommandTable[] = { {"wrbl", CmdLegicWrbl, IfPm3Legicrf, "Write data to a LEGIC Prime tag"}, {"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("simulation") " ---------------------"}, {"sim", CmdLegicSim, IfPm3Legicrf, "Start tag simulator"}, - {"eload", CmdLegicELoad, IfPm3Legicrf, "Load binary dump to emulator memory"}, - {"esave", CmdLegicESave, IfPm3Legicrf, "Save emulator memory to binary file"}, + {"eload", CmdLegicELoad, IfPm3Legicrf, "Upload file into emulator memory"}, + {"esave", CmdLegicESave, IfPm3Legicrf, "Save emulator memory to file"}, {"eview", CmdLegicEView, IfPm3Legicrf, "View emulator memory"}, {"einfo", CmdLegicEInfo, IfPm3Legicrf, "Display deobfuscated and decoded emulator memory"}, {"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("utils") " ---------------------"}, diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index bcff011db..3891033bc 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -9446,8 +9446,8 @@ static command_t CommandTable[] = { {"egetblk", CmdHF14AMfEGetBlk, IfPm3Iso14443a, "Get emulator memory block"}, {"egetsc", CmdHF14AMfEGetSc, IfPm3Iso14443a, "Get emulator memory sector"}, {"ekeyprn", CmdHF14AMfEKeyPrn, IfPm3Iso14443a, "Print keys from emulator memory"}, - {"eload", CmdHF14AMfELoad, IfPm3Iso14443a, "Load from file emul dump"}, - {"esave", CmdHF14AMfESave, IfPm3Iso14443a, "Save to file emul dump"}, + {"eload", CmdHF14AMfELoad, IfPm3Iso14443a, "Upload file into emulator memory"}, + {"esave", CmdHF14AMfESave, IfPm3Iso14443a, "Save emulator memory to file"}, {"esetblk", CmdHF14AMfESet, IfPm3Iso14443a, "Set emulator memory block"}, {"eview", CmdHF14AMfEView, IfPm3Iso14443a, "View emulator memory"}, {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("magic gen1") " -----------------------"}, diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index dba707330..b668a1080 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -4978,8 +4978,8 @@ static command_t CommandTable[] = { {"wrbl", CmdHF14AMfUWrBl, IfPm3Iso14443a, "Write block"}, {"tamper", CmdHF14MfUTamper, IfPm3Iso14443a, "Configure the tamper feature on an NTAG 213TT"}, {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("simulation") " -----------------------"}, - {"eload", CmdHF14AMfUeLoad, IfPm3Iso14443a, "Load Ultralight dump file into emulator memory"}, - {"esave", CmdHF14AMfuESave, IfPm3Iso14443a, "Save Ultralight dump file from emulator memory"}, + {"eload", CmdHF14AMfUeLoad, IfPm3Iso14443a, "Upload file into emulator memory"}, + {"esave", CmdHF14AMfuESave, IfPm3Iso14443a, "Save emulator memory to file"}, {"eview", CmdHF14AMfuEView, IfPm3Iso14443a, "View emulator memory"}, {"sim", CmdHF14AMfUSim, IfPm3Iso14443a, "Simulate MIFARE Ultralight from emulator memory"}, {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("magic") " ----------------------------"}, diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index 17209ec65..2a897a90c 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -1293,9 +1293,9 @@ static command_t CommandTable[] = { {"wrpwd", CmdEM4x50WritePwd, IfPm3EM4x50, "Change EM4x50 password"}, {"wipe", CmdEM4x50Wipe, IfPm3EM4x50, "Wipe EM4x50 tag"}, {"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("simulation") " ---------------------"}, - {"eload", CmdEM4x50ELoad, IfPm3EM4x50, "Upload EM4x50 dump to emulator memory"}, + {"eload", CmdEM4x50ELoad, IfPm3EM4x50, "Upload file into emulator memory"}, {"esave", CmdEM4x50ESave, IfPm3EM4x50, "Save emulator memory to file"}, - {"eview", CmdEM4x50EView, IfPm3EM4x50, "View EM4x50 content in emulator memory"}, + {"eview", CmdEM4x50EView, IfPm3EM4x50, "View emulator memory"}, {"sim", CmdEM4x50Sim, IfPm3EM4x50, "Simulate EM4x50 tag"}, {NULL, NULL, NULL, NULL} }; diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index c93886014..39c850b2b 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -54,6 +54,14 @@ static const char *getHitagTypeStr(uint32_t uid) { } } +uint8_t hitag1_CRC_check(uint8_t *d, uint32_t nbit) { + if (nbit < 9) { + return 2; + } + return (CRC8Hitag1Bits(d, nbit) == 0); +} + + /* static size_t nbytes(size_t nbits) { return (nbits / 8) + ((nbits % 8) > 0); @@ -62,8 +70,6 @@ static size_t nbytes(size_t nbits) { static int CmdLFHitagList(const char *Cmd) { return CmdTraceListAlias(Cmd, "lf hitag", "hitag2"); - - /* uint8_t *got = calloc(PM3_CMD_DATA_SIZE, sizeof(uint8_t)); if (!got) { @@ -193,145 +199,6 @@ static int CmdLFHitagList(const char *Cmd) { */ } -static int CmdLFHitagSniff(const char *Cmd) { - CLIParserContext *ctx; - CLIParserInit(&ctx, "lf hitag sniff", - "Sniff traffic between Hitag reader and tag.\n" - "Use " _YELLOW_("`lf hitag list`")" to view collected data.", - "lf hitag sniff" - ); - - void *argtable[] = { - arg_param_begin, - arg_param_end - }; - CLIExecWithReturn(ctx, Cmd, argtable, true); - CLIParserFree(ctx); - - clearCommandBuffer(); - SendCommandNG(CMD_LF_HITAG_SNIFF, NULL, 0); - PrintAndLogEx(HINT, "HINT: Try " _YELLOW_("`lf hitag list`")" to view collected data"); - return PM3_SUCCESS; -} - - -// eload , to be implemented -static int CmdLFHitagEload(const char *Cmd) { - CLIParserContext *ctx; - CLIParserInit(&ctx, "lf hitag eload", - "Loads hitag tag dump into emulator memory on device", - "lf hitag eload -2 -f lf-hitag-11223344-dump.bin\n"); - - void *argtable[] = { - arg_param_begin, - arg_str1("f", "file", "", "Specify dump filename"), - arg_lit0("1", "ht1", "Card type Hitag 1"), - arg_lit0("2", "ht2", "Card type Hitag 2"), - arg_lit0("s", "hts", "Card type Hitag S"), - arg_lit0("m", "htm", "Card type Hitag \xce\xbc"), // μ - arg_param_end - }; - CLIExecWithReturn(ctx, Cmd, argtable, false); - - int fnlen = 0; - char filename[FILE_PATH_SIZE] = {0}; - CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); - - bool use_ht1 = arg_get_lit(ctx, 2); - bool use_ht2 = arg_get_lit(ctx, 3); - bool use_hts = arg_get_lit(ctx, 4); - bool use_htm = arg_get_lit(ctx, 5); - CLIParserFree(ctx); - - if ((use_ht1 + use_ht2 + use_hts + use_htm) > 1) { - PrintAndLogEx(ERR, "error, specify only one Hitag type"); - return PM3_EINVARG; - } - if ((use_ht1 + use_ht2 + use_hts + use_htm) == 0) { - PrintAndLogEx(ERR, "error, specify one Hitag type"); - return PM3_EINVARG; - } - - // read dump file - uint8_t *dump = NULL; - size_t bytes_read = (4 * 64); - int res = pm3_load_dump(filename, (void **)&dump, &bytes_read, (4 * 64)); - if (res != PM3_SUCCESS) { - return res; - } - - // check dump len.. - if (bytes_read == 48 || bytes_read == 4 * 64) { - - lf_hitag_t *payload = calloc(1, sizeof(lf_hitag_t) + bytes_read); - - if (use_ht1) - payload->type = 1; - if (use_ht2) - payload->type = 2; - if (use_hts) - payload->type = 3; - if (use_htm) - payload->type = 4; - - payload->len = bytes_read; - memcpy(payload->data, dump, bytes_read); - - clearCommandBuffer(); - SendCommandNG(CMD_LF_HITAG_ELOAD, (uint8_t *)payload, 3 + bytes_read); - free(payload); - } else { - PrintAndLogEx(ERR, "error, wrong dump file size. got %zu", bytes_read); - } - - free(dump); - return PM3_SUCCESS; -} - -static int CmdLFHitagSim(const char *Cmd) { - CLIParserContext *ctx; - CLIParserInit(&ctx, "lf hitag sim", - "Simulate Hitag transponder\n" - "You need to `lf hitag eload` first", - "lf hitag sim -2" - ); - - void *argtable[] = { - arg_param_begin, - arg_lit0("1", "ht1", "simulate Hitag 1"), - arg_lit0("2", "ht2", "simulate Hitag 2"), - arg_lit0("s", "hts", "simulate Hitag S"), - arg_param_end - }; - CLIExecWithReturn(ctx, Cmd, argtable, true); - - bool use_ht1 = arg_get_lit(ctx, 1); - bool use_ht2 = arg_get_lit(ctx, 2); - bool use_hts = arg_get_lit(ctx, 3); - bool use_htm = false; // not implemented yet - CLIParserFree(ctx); - - if ((use_ht1 + use_ht2 + use_hts + use_htm) > 1) { - PrintAndLogEx(ERR, "error, specify only one Hitag type"); - return PM3_EINVARG; - } - if ((use_ht1 + use_ht2 + use_hts + use_htm) == 0) { - PrintAndLogEx(ERR, "error, specify one Hitag type"); - return PM3_EINVARG; - } - - uint16_t cmd = CMD_LF_HITAG_SIMULATE; -// if (use_ht1) -// cmd = CMD_LF_HITAG1_SIMULATE; - - if (use_hts) - cmd = CMD_LF_HITAGS_SIMULATE; - - clearCommandBuffer(); - SendCommandMIX(cmd, 0, 0, 0, NULL, 0); - return PM3_SUCCESS; -} - static void print_hitag2_paxton(const uint8_t *data) { uint64_t bytes = 0; @@ -504,6 +371,63 @@ static void print_hitag2_blocks(uint8_t *d, uint16_t n) { PrintAndLogEx(INFO, "-----------------------------------------------"); } +// Annotate HITAG protocol +void annotateHitag1(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response) { +} + +void annotateHitag2(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response) { + + // iceman: live decrypt of trace? + if (is_response) { + + + uint8_t cmdbits = (cmd[0] & 0xC0) >> 6; + + if (cmdsize == 1) { + if (cmdbits == HITAG2_START_AUTH) { + snprintf(exp, size, "START AUTH"); + return; + } + if (cmdbits == HITAG2_HALT) { + snprintf(exp, size, "HALT"); + return; + } + } + + if (cmdsize == 3) { + if (cmdbits == HITAG2_START_AUTH) { + // C 1 C 0 + // 1100 0 00 1 1100 000 + uint8_t page = (cmd[0] & 0x38) >> 3; + uint8_t inv_page = ((cmd[0] & 0x1) << 2) | ((cmd[1] & 0xC0) >> 6); + snprintf(exp, size, "READ page(%x) %x", page, inv_page); + return; + } + if (cmdbits == HITAG2_WRITE_PAGE) { + uint8_t page = (cmd[0] & 0x38) >> 3; + uint8_t inv_page = ((cmd[0] & 0x1) << 2) | ((cmd[1] & 0xC0) >> 6); + snprintf(exp, size, "WRITE page(%x) %x", page, inv_page); + return; + } + } + + if (cmdsize == 9) { + snprintf(exp, size, "Nr Ar Is response"); + return; + } + } else { + + if (cmdsize == 9) { + snprintf(exp, size, "Nr Ar"); + return; + } + } + +} + +void annotateHitagS(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response) { +} + static bool getHitag2Uid(uint32_t *uid) { hitag_data htd; memset(&htd, 0, sizeof(htd)); @@ -1195,7 +1119,7 @@ static int CmdLFHitagView(const char *Cmd) { if (verbose) { // block3, 1 byte - uint8_t config = dump[HITAG_BLOCK_SIZE * 3]; + uint8_t config = dump[HITAG2_CONFIG_OFFSET]; uint32_t uid = bytes_to_num(dump, HITAG_UID_SIZE); print_hitag2_configuration(uid, config); print_hitag2_paxton(dump); @@ -1205,79 +1129,205 @@ static int CmdLFHitagView(const char *Cmd) { return PM3_SUCCESS; } -// Annotate HITAG protocol -void annotateHitag1(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response) { -} +static int CmdLFHitagEload(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag eload", + "Loads hitag tag dump into emulator memory on device", + "lf hitag eload -2 -f lf-hitag-11223344-dump.bin\n" + ); + void *argtable[] = { + arg_param_begin, + arg_str1("f", "file", "", "Specify dump filename"), + arg_lit0("1", "ht1", "Card type Hitag 1"), + arg_lit0("2", "ht2", "Card type Hitag 2"), + arg_lit0("s", "hts", "Card type Hitag S"), + arg_lit0("m", "htm", "Card type Hitag \xce\xbc"), // μ + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); -void annotateHitag2(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response) { + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); - // iceman: live decrypt of trace? - if (is_response) { + bool use_ht1 = arg_get_lit(ctx, 2); + bool use_ht2 = arg_get_lit(ctx, 3); + bool use_hts = arg_get_lit(ctx, 4); + bool use_htm = arg_get_lit(ctx, 5); + CLIParserFree(ctx); - - uint8_t cmdbits = (cmd[0] & 0xC0) >> 6; - - if (cmdsize == 1) { - if (cmdbits == HITAG2_START_AUTH) { - snprintf(exp, size, "START AUTH"); - return; - } - if (cmdbits == HITAG2_HALT) { - snprintf(exp, size, "HALT"); - return; - } - } - - if (cmdsize == 3) { - if (cmdbits == HITAG2_START_AUTH) { - // C 1 C 0 - // 1100 0 00 1 1100 000 - uint8_t page = (cmd[0] & 0x38) >> 3; - uint8_t inv_page = ((cmd[0] & 0x1) << 2) | ((cmd[1] & 0xC0) >> 6); - snprintf(exp, size, "READ page(%x) %x", page, inv_page); - return; - } - if (cmdbits == HITAG2_WRITE_PAGE) { - uint8_t page = (cmd[0] & 0x38) >> 3; - uint8_t inv_page = ((cmd[0] & 0x1) << 2) | ((cmd[1] & 0xC0) >> 6); - snprintf(exp, size, "WRITE page(%x) %x", page, inv_page); - return; - } - } - - if (cmdsize == 9) { - snprintf(exp, size, "Nr Ar Is response"); - return; - } - } else { - - if (cmdsize == 9) { - snprintf(exp, size, "Nr Ar"); - return; - } + if ((use_ht1 + use_ht2 + use_hts + use_htm) > 1) { + PrintAndLogEx(ERR, "error, specify only one Hitag type"); + return PM3_EINVARG; + } + if ((use_ht1 + use_ht2 + use_hts + use_htm) == 0) { + PrintAndLogEx(ERR, "error, specify one Hitag type"); + return PM3_EINVARG; } + // read dump file + uint8_t *dump = NULL; + size_t bytes_read = (4 * 64); + int res = pm3_load_dump(filename, (void **)&dump, &bytes_read, (4 * 64)); + if (res != PM3_SUCCESS) { + return res; + } + + // check dump len.. + if (bytes_read == HITAG2_MAX_BYTE_SIZE || bytes_read == 4 * 64) { + + lf_hitag_t *payload = calloc(1, sizeof(lf_hitag_t) + bytes_read); + + if (use_ht1) + payload->type = 1; + if (use_ht2) + payload->type = 2; + if (use_hts) + payload->type = 3; + if (use_htm) + payload->type = 4; + + payload->len = bytes_read; + memcpy(payload->data, dump, bytes_read); + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAG_ELOAD, (uint8_t *)payload, 3 + bytes_read); + free(payload); + } else { + PrintAndLogEx(ERR, "error, wrong dump file size. got %zu", bytes_read); + } + + free(dump); + return PM3_SUCCESS; } -void annotateHitagS(char *exp, size_t size, const uint8_t *cmd, uint8_t cmdsize, bool is_response) { +static int CmdLFHitagEview(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag eview", + "It displays emulator memory", + "lf hitag eview\n" + ); + void *argtable[] = { + arg_param_begin, + arg_lit0("v", "verbose", "Verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + bool verbose = arg_get_lit(ctx, 1); + CLIParserFree(ctx); + + int bytes = HITAG2_MAX_BYTE_SIZE; + + // reserve memory + uint8_t *dump = calloc(bytes, sizeof(uint8_t)); + if (dump == NULL) { + PrintAndLogEx(WARNING, "Fail, cannot allocate memory"); + return PM3_EMALLOC; + } + + PrintAndLogEx(INFO, "Downloading " _YELLOW_("%u") " bytes from emulator memory...", bytes); + if (GetFromDevice(BIG_BUF_EML, dump, bytes, 0, NULL, 0, NULL, 2500, false) == false) { + PrintAndLogEx(WARNING, "Fail, transfer from device time-out"); + free(dump); + return PM3_ETIMEOUT; + } + + if (verbose) { + // block3, 1 byte + uint8_t config = dump[HITAG2_CONFIG_OFFSET]; + uint32_t uid = bytes_to_num(dump, HITAG_UID_SIZE); + print_hitag2_configuration(uid, config); + print_hitag2_paxton(dump); + } + print_hitag2_blocks(dump, HITAG2_MAX_BYTE_SIZE); + free(dump); + return PM3_SUCCESS; } +static int CmdLFHitagSim(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag sim", + "Simulate Hitag transponder\n" + "You need to `lf hitag eload` first", + "lf hitag sim -2" + ); + + void *argtable[] = { + arg_param_begin, + arg_lit0("1", "ht1", "simulate Hitag 1"), + arg_lit0("2", "ht2", "simulate Hitag 2"), + arg_lit0("s", "hts", "simulate Hitag S"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + bool use_ht1 = arg_get_lit(ctx, 1); + bool use_ht2 = arg_get_lit(ctx, 2); + bool use_hts = arg_get_lit(ctx, 3); + bool use_htm = false; // not implemented yet + CLIParserFree(ctx); + + if ((use_ht1 + use_ht2 + use_hts + use_htm) > 1) { + PrintAndLogEx(ERR, "error, specify only one Hitag type"); + return PM3_EINVARG; + } + if ((use_ht1 + use_ht2 + use_hts + use_htm) == 0) { + PrintAndLogEx(ERR, "error, specify one Hitag type"); + return PM3_EINVARG; + } + + uint16_t cmd = CMD_LF_HITAG_SIMULATE; +// if (use_ht1) +// cmd = CMD_LF_HITAG1_SIMULATE; + + if (use_hts) + cmd = CMD_LF_HITAGS_SIMULATE; + + clearCommandBuffer(); + SendCommandMIX(cmd, 0, 0, 0, NULL, 0); + return PM3_SUCCESS; +} + +static int CmdLFHitagSniff(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag sniff", + "Sniff traffic between Hitag reader and tag.\n" + "Use " _YELLOW_("`lf hitag list`")" to view collected data.", + "lf hitag sniff" + ); + + void *argtable[] = { + arg_param_begin, + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + CLIParserFree(ctx); + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAG_SNIFF, NULL, 0); + PrintAndLogEx(HINT, "HINT: Try " _YELLOW_("`lf hitag list`")" to view collected data"); + return PM3_SUCCESS; +} + + static command_t CommandTable[] = { - {"-----------", CmdHelp, IfPm3Hitag, "------------------------ " _CYAN_("General") " ------------------------"}, - {"help", CmdHelp, AlwaysAvailable, "This help"}, - {"list", CmdLFHitagList, AlwaysAvailable, "List Hitag trace history"}, - {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("operations") " -----------------------"}, - {"info", CmdLFHitagInfo, IfPm3Hitag, "Hitag 2 tag information"}, - {"dump", CmdLFHitag2Dump, IfPm3Hitag, "Dump Hitag 2 tag"}, - {"read", CmdLFHitagReader, IfPm3Hitag, "Read Hitag memory"}, - {"view", CmdLFHitagView, AlwaysAvailable, "Display content from tag dump file"}, - {"wrbl", CmdLFHitagWriter, IfPm3Hitag, "Write a block (page) in Hitag memory"}, - {"sniff", CmdLFHitagSniff, IfPm3Hitag, "Eavesdrop Hitag communication"}, - {"cc", CmdLFHitagSCheckChallenges, IfPm3Hitag, "Hitag S: test all provided challenges"}, - {"ta", CmdLFHitag2CheckChallenges, IfPm3Hitag, "Hitag 2: test all recorded authentications"}, - {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("simulation") " -----------------------"}, - {"eload", CmdLFHitagEload, IfPm3Hitag, "Load Hitag dump file into emulator memory"}, - {"sim", CmdLFHitagSim, IfPm3Hitag, "Simulate Hitag transponder"}, + {"-----------", CmdHelp, IfPm3Hitag, "------------------------ " _CYAN_("General") " ------------------------"}, + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"list", CmdLFHitagList, AlwaysAvailable, "List Hitag trace history"}, + {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("operations") " -----------------------"}, + {"info", CmdLFHitagInfo, IfPm3Hitag, "Hitag 2 tag information"}, + {"dump", CmdLFHitag2Dump, IfPm3Hitag, "Dump Hitag 2 tag"}, + {"read", CmdLFHitagReader, IfPm3Hitag, "Read Hitag memory"}, + {"view", CmdLFHitagView, AlwaysAvailable, "Display content from tag dump file"}, + {"wrbl", CmdLFHitagWriter, IfPm3Hitag, "Write a block (page) in Hitag memory"}, + {"sniff", CmdLFHitagSniff, IfPm3Hitag, "Eavesdrop Hitag communication"}, + {"cc", CmdLFHitagSCheckChallenges, IfPm3Hitag, "Hitag S: test all provided challenges"}, + {"ta", CmdLFHitag2CheckChallenges, IfPm3Hitag, "Hitag 2: test all recorded authentications"}, + {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("simulation") " -----------------------"}, + {"eload", CmdLFHitagEload, IfPm3Hitag, "Upload file into emulator memory"}, +// {"esave", CmdLFHitagESave, IfPm3Hitag, "Save emulator memory to file"}, + {"eview", CmdLFHitagEview, IfPm3Hitag, "View emulator memory"}, + {"sim", CmdLFHitagSim, IfPm3Hitag, "Simulate Hitag transponder"}, { NULL, NULL, 0, NULL } }; @@ -1296,9 +1346,3 @@ int readHitagUid(void) { return (CmdLFHitagReader("--ht2") == PM3_SUCCESS); } -uint8_t hitag1_CRC_check(uint8_t *d, uint32_t nbit) { - if (nbit < 9) { - return 2; - } - return (CRC8Hitag1Bits(d, nbit) == 0); -} diff --git a/client/src/cmdlfhitag.h b/client/src/cmdlfhitag.h index 3605bce40..0115a55c3 100644 --- a/client/src/cmdlfhitag.h +++ b/client/src/cmdlfhitag.h @@ -26,11 +26,12 @@ #define HITAG_PASSWORD_SIZE 4 #define HITAG_UID_SIZE 4 #define HITAG_BLOCK_SIZE 4 -#define HITAG2_MAX_BYTE_SIZE 48 +#define HITAG2_MAX_BYTE_SIZE (12 * HITAG_BLOCK_SIZE) // need to see which limits these cards has #define HITAG1_MAX_BYTE_SIZE 64 #define HITAGS_MAX_BYTE_SIZE 64 #define HITAGU_MAX_BYTE_SIZE 64 +#define HITAG_MAX_BYTE_SIZE (64 * HITAG_BLOCK_SIZE) #define HITAG2_CONFIG_BLOCK 3 #define HITAG2_CONFIG_OFFSET (HITAG_BLOCK_SIZE * HITAG2_CONFIG_BLOCK) diff --git a/client/src/emv/cmdemv.c b/client/src/emv/cmdemv.c index fdfe568e4..37d94f54b 100644 --- a/client/src/emv/cmdemv.c +++ b/client/src/emv/cmdemv.c @@ -2915,11 +2915,11 @@ static command_t CommandTable[] = { {"select", CmdEMVSelect, IfPm3Iso14443, "Select applet"}, /* {"-----------", CmdHelp, IfPm3Iso14443a, "---------------------- " _CYAN_("simulation") " ---------------------"}, - {"getrng", CmdEMVGetrng, IfPm3Iso14443, "get random number from terminal"}, - {"eload", CmdEmvELoad, IfPm3Iso14443, "load EMV tag into device"}, - {"dump", CmdEmvDump, IfPm3Iso14443, "dump EMV tag values"}, - {"sim", CmdEmvSim, IfPm3Iso14443, "simulate EMV tag"}, - {"clone", CmdEmvClone, IfPm3Iso14443, "clone an EMV tag"}, + {"getrng", CmdEMVGetrng, IfPm3Iso14443, "Get random number from terminal"}, + {"eload", CmdEmvELoad, IfPm3Iso14443, "Load EMV tag into device"}, + {"dump", CmdEmvDump, IfPm3Iso14443, "Dump EMV tag values"}, + {"sim", CmdEmvSim, IfPm3Iso14443, "Simulate EMV tag"}, + {"clone", CmdEmvClone, IfPm3Iso14443, "Cone an EMV tag"}, */ {NULL, NULL, NULL, NULL} };