github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

add: Hitag S plain write

Browse source
This commit is contained in:
douniwan5788 2024-08-22 02:16:10 +08:00
commit 1efa52d704
3 changed files with 45 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

48
armsrc/hitagS.c
View file

@ -1271,7 +1271,7 @@ static int selectHitagS(const lf_hitag_data_t *packet, uint8_t *tx, size_t sizeo
//select uid //select uid
txlen = 0; txlen = 0;
cmd = 0x00; cmd = 0x00; // 00000 SELECT UID
txlen = concatbits(tx, txlen, &cmd, 8 - 5, 5); txlen = concatbits(tx, txlen, &cmd, 8 - 5, 5);
txlen = concatbits(tx, txlen, rx, 0, 32); txlen = concatbits(tx, txlen, rx, 0, 32);
uint8_t crc = CRC8Hitag1Bits(tx, txlen); uint8_t crc = CRC8Hitag1Bits(tx, txlen);
@ -1450,7 +1450,7 @@ void ReadHitagS(const lf_hitag_data_t *payload, bool ledcontrol) {
//send read request //send read request
size_t txlen = 0; size_t txlen = 0;
uint8_t cmd = 0x0c; uint8_t cmd = 0x0c; // 1100 READ PAGE
txlen = concatbits(tx, txlen, &cmd, 8 - 4, 4); txlen = concatbits(tx, txlen, &cmd, 8 - 4, 4);
uint8_t addr = pageNum; uint8_t addr = pageNum;
txlen = concatbits(tx, txlen, &addr, 0, 8); txlen = concatbits(tx, txlen, &addr, 0, 8);
@ -1555,7 +1555,7 @@ void WritePageHitagS(const lf_hitag_data_t *payload, bool ledcontrol) {
//send write page request //send write page request
txlen = 0; txlen = 0;
uint8_t cmd = 0x08; uint8_t cmd = 0x08; // 1000 WRITE PAGE
txlen = concatbits(tx, txlen, &cmd, 8 - 4, 4); txlen = concatbits(tx, txlen, &cmd, 8 - 4, 4);
uint8_t addr = payload->page; uint8_t addr = payload->page;
@ -1566,41 +1566,37 @@ void WritePageHitagS(const lf_hitag_data_t *payload, bool ledcontrol) {
sendReceiveHitagS(tx, txlen, rx, ARRAYLEN(rx), &rxlen, HITAG_T_WAIT_SC, ledcontrol, false); sendReceiveHitagS(tx, txlen, rx, ARRAYLEN(rx), &rxlen, HITAG_T_WAIT_SC, ledcontrol, false);
if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x1)) { if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x01)) {
Dbprintf("no write access on page " _YELLOW_("%d"), payload->page); Dbprintf("no write access on page " _YELLOW_("%d"), payload->page);
res = PM3_ESOFT; res = PM3_ESOFT;
goto write_end; goto write_end;
} }
//ACK received to write the page. send data // //ACK received to write the page. send data
uint8_t data[4] = {0, 0, 0, 0}; // uint8_t data[4] = {0, 0, 0, 0};
switch (payload->cmd) { // switch (payload->cmd) {
case WHTSF_CHALLENGE: // case WHTSF_PLAIN:
data[0] = payload->data[3]; // case WHTSF_CHALLENGE:
data[1] = payload->data[2]; // case WHTSF_KEY:
data[2] = payload->data[1]; // data[0] = payload->data[3];
data[3] = payload->data[0]; // data[1] = payload->data[2];
break; // data[2] = payload->data[1];
case WHTSF_KEY: // data[3] = payload->data[0];
data[0] = payload->data[3]; // break;
data[1] = payload->data[2]; // default: {
data[2] = payload->data[1]; // res = PM3_EINVARG;
data[3] = payload->data[0]; // goto write_end;
break; // }
default: { // }
res = PM3_EINVARG;
goto write_end;
}
}
txlen = 0; txlen = 0;
txlen = concatbits(tx, txlen, data, 0, 32); txlen = concatbits(tx, txlen, payload->data, 0, 32);
crc = CRC8Hitag1Bits(tx, txlen); crc = CRC8Hitag1Bits(tx, txlen);
txlen = concatbits(tx, txlen, &crc, 0, 8); txlen = concatbits(tx, txlen, &crc, 0, 8);
sendReceiveHitagS(tx, txlen, rx, ARRAYLEN(rx), &rxlen, HITAG_T_WAIT_SC, ledcontrol, false); sendReceiveHitagS(tx, txlen, rx, ARRAYLEN(rx), &rxlen, HITAG_T_WAIT_SC, ledcontrol, false);
if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x1)) { if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x01)) {
res = PM3_ESOFT; // write failed res = PM3_ESOFT; // write failed
} else { } else {
res = PM3_SUCCESS; res = PM3_SUCCESS;

9
client/src/cmdlfhitag.c
View file

@ -1293,7 +1293,14 @@ static int CmdLFHitagWriter(const char *Cmd) {
lf_hitag_data_t packet; lf_hitag_data_t packet;
memset(&packet, 0, sizeof(packet)); memset(&packet, 0, sizeof(packet));
if (use_hts && use_nrar) { if (use_hts && use_plain) {
packet.cmd = WHTSF_PLAIN;
packet.page = page;
memcpy(packet.data, data, sizeof(data));
PrintAndLogEx(INFO, "Write to " _YELLOW_("Hitag S") " in Plain mode");
} else if (use_hts && use_nrar) {
packet.cmd = WHTSF_CHALLENGE; packet.cmd = WHTSF_CHALLENGE;
memcpy(packet.NrAr, nrar, sizeof(packet.NrAr)); memcpy(packet.NrAr, nrar, sizeof(packet.NrAr));
memcpy(packet.data, data, sizeof(data)); memcpy(packet.data, data, sizeof(data));

26
include/hitag.h
View file

@ -23,21 +23,25 @@
#include "common.h" #include "common.h"
typedef enum { typedef enum {
RHTSF_CHALLENGE = 01, RHTSF_PLAIN = 01,
RHTSF_KEY = 02, WHTSF_PLAIN,
WHTSF_CHALLENGE = 03, RHTSF_CHALLENGE,
WHTSF_KEY = 04, WHTSF_CHALLENGE,
RHTSF_KEY,
WHTSF_KEY,
HTS_LAST_CMD = WHTSF_KEY, HTS_LAST_CMD = WHTSF_KEY,
RHT1F_PLAIN = 11, RHT1F_PLAIN = 11,
RHT1F_AUTHENTICATE = 12, RHT1F_AUTHENTICATE,
HT1_LAST_CMD = RHT1F_AUTHENTICATE, HT1_LAST_CMD = RHT1F_AUTHENTICATE,
RHT2F_PASSWORD = 21, RHT2F_PASSWORD = 21,
RHT2F_AUTHENTICATE = 22, RHT2F_AUTHENTICATE,
RHT2F_CRYPTO = 23, RHT2F_CRYPTO,
WHT2F_CRYPTO = 24, WHT2F_CRYPTO,
RHT2F_TEST_AUTH_ATTEMPTS = 25, RHT2F_TEST_AUTH_ATTEMPTS,
RHT2F_UID_ONLY = 26, RHT2F_UID_ONLY,
WHT2F_PASSWORD = 27, WHT2F_PASSWORD,
HT2_LAST_CMD = WHT2F_PASSWORD, HT2_LAST_CMD = WHT2F_PASSWORD,
} PACKED hitag_function; } PACKED hitag_function;