Added lf hitag htu support for Hitag µ/8265

include/hitag.h

@@ -13,7 +13,7 @@
 //
 // See LICENSE.txt for the text of the license.
 //-----------------------------------------------------------------------------
-// Hitag 2, Hitag S
+// Hitag 2, Hitag S, Hitag µ
 //-----------------------------------------------------------------------------
 
 
@@ -39,6 +39,26 @@
 #define HITAGS_UID_PADR         0
 #define HITAGS_CONFIG_PADR      1
 
+// Add Hitag µ specific definitions
+#define HITAGU_UID_SIZE         6
+#define HITAGU_BLOCK_SIZE       HITAG_BLOCK_SIZE
+#define HITAGU_MAX_BLOCKS       0x100
+#define HITAGU_MAX_BYTE_SIZE    (HITAGU_MAX_BLOCKS * HITAGU_BLOCK_SIZE)
+#define HITAGU_CONFIG_PADR      0xFF
+#define HITAGU_PASSWORD_PADR    0xFE
+
+// Hitag μ IC Revision (ICR) values
+#define HITAGU_ICR_STANDARD      0x10  // Standard Hitag μ
+#define HITAGU_ICR_ADVANCED      0x20  // Hitag μ advanced
+#define HITAGU_ICR_ADVANCED_PLUS 0x30  // Hitag μ advanced+
+#define HITAGU_ICR_8265          0x80  // 8265
+
+// Hitag μ memory sizes based on ICR
+#define HITAGU_MAX_PAGE_STANDARD      0x04  // 4 blocks (0x00-0x03) for standard Hitag μ
+#define HITAGU_MAX_PAGE_ADVANCED      0x10  // 16 blocks (0x00-0x0F) for Hitag μ advanced
+#define HITAGU_MAX_PAGE_ADVANCED_PLUS 0x37  // 56 blocks (0x00-0x36) for Hitag μ advanced+
+#define HITAGU_MAX_PAGE_8265          0x0F  // 15 blocks (0x00-0x0E) for 8265
+
 // need to see which limits these cards has
 #define HITAG1_MAX_BYTE_SIZE    64
 #define HITAG_MAX_BYTE_SIZE     (64 * HITAG_BLOCK_SIZE)
@@ -58,18 +78,24 @@ typedef enum {
     HTSF_82xx,
     HTSF_CHALLENGE,
     HTSF_KEY,
-    HTS_LAST_CMD              = HTSF_KEY,
+    HTS_LAST_CMD = HTSF_KEY,
 
     HT1F_PLAIN,
     HT1F_AUTHENTICATE,
-    HT1_LAST_CMD              = HT1F_AUTHENTICATE,
+    HT1_LAST_CMD = HT1F_AUTHENTICATE,
 
     HT2F_PASSWORD,
     HT2F_AUTHENTICATE,
     HT2F_CRYPTO,
     HT2F_TEST_AUTH_ATTEMPTS,
     HT2F_UID_ONLY,
-    HT2_LAST_CMD              = HT2F_UID_ONLY,
+    HT2_LAST_CMD = HT2F_UID_ONLY,
+
+    // Add Hitag µ commands
+    HTUF_PLAIN,
+    HTUF_82xx,
+    HTUF_PASSWORD,
+    HTU_LAST_CMD = HTUF_PASSWORD,
 } PACKED hitag_function;
 
 //---------------------------------------------------------
@@ -150,6 +176,57 @@ struct hitagS_tag {
 
 } PACKED;
 
+// Configuration byte 0 bit definitions
+#define HITAGU_BYTE0_DATARATE_MASK 0x03  // Bits 0-1: data rate
+#define HITAGU_BYTE0_DATARATE_2K 0x00    // 00 = 2kbit/s
+#define HITAGU_BYTE0_DATARATE_4K 0x01    // 01 = 4kbit/s
+#define HITAGU_BYTE0_DATARATE_8K 0x02    // 10 = 8kbit/s
+#define HITAGU_BYTE0_ENCODING_MASK       0x04   // Bit 2: encoding
+#define HITAGU_BYTE0_ENCODING_MANCHESTER 0x00   // 0 = Manchester
+#define HITAGU_BYTE0_ENCODING_BIPHASE    0x01 // 1 = Biphase
+
+// Hitag µ configuration structure
+typedef struct {
+    // byte0
+    uint8_t datarate: 2;
+    uint8_t encoding: 1;
+    uint8_t pwdW0_127: 1;
+    uint8_t pwdW128_511: 1;
+    uint8_t pwdW512_max: 1;
+    uint8_t pwdRW512_max: 1;
+} PACKED hitagu_config_t;
+
+typedef struct {
+    // byte0
+    uint8_t datarate : 2;  // 00 = 2kbit/s, 01 = 4kbit/s, 10 = 8kbit/s, 11 = 2kbit/s
+    uint8_t datarate_override : 1;  // 0 = datarate, 1 = 2kbit/s
+    uint8_t encoding : 1; // 0 = Manchester, 1 = Biphase
+
+    uint8_t reserved : 1;
+    uint8_t ttf_mode : 2;  // 00/10/11 = "Block 0, Block 1, Block 2, Block 3", 01 = "Block 0, Block 1"
+    uint8_t ttf : 1;
+} PACKED hitagu82xx_config_t;
+
+// Hitag µ tag structure
+struct hitagU_tag {
+    PSTATE   pstate;  // protocol-state
+    TSATE    tstate;  // tag-state
+
+    int      max_page;
+    uint8_t  uid[HITAGU_UID_SIZE];
+    union {
+        uint8_t asBytes[HITAGU_BLOCK_SIZE];
+        hitagu_config_t s;
+        hitagu82xx_config_t s82xx;
+    } config;
+    uint8_t  password[HITAG_PASSWORD_SIZE];
+    uint8_t icr;  // IC Revision value - determines memory size
+
+    union {
+        uint8_t pages[HITAGU_MAX_BLOCKS][HITAGU_BLOCK_SIZE];
+    } data;
+} PACKED;
+
 typedef struct {
     hitag_function cmd;
     uint8_t page;
@@ -170,6 +247,9 @@ typedef struct {
 
     // Hitag S section
     uint8_t mode;
+
+    // Hitag µ section
+    uint8_t uid[HITAGU_UID_SIZE];
 } PACKED lf_hitag_data_t;
 
 typedef struct {
@@ -185,4 +265,18 @@ typedef struct {
     int8_t  pages_reason[HITAGS_MAX_PAGES];
     uint8_t pages[HITAGS_MAX_PAGES][HITAGS_PAGE_SIZE];
 } PACKED lf_hts_read_response_t;
+
+// Hitag µ read response structure
+typedef struct {
+    union {
+        uint8_t asBytes[HITAGU_BLOCK_SIZE];
+        hitagu_config_t s;
+        hitagu82xx_config_t s82xx;
+    } config_page;
+    uint8_t uid[HITAGU_UID_SIZE];
+    uint8_t icr;                                  // IC Revision value for memory size detection
+    int8_t  pages_reason[HITAGU_MAX_PAGE_ADVANCED_PLUS];
+    uint8_t pages[HITAGU_MAX_PAGE_ADVANCED_PLUS][HITAGU_BLOCK_SIZE];
+} PACKED lf_htu_read_response_t;
+
 #endif

include/pm3_cmd.h

@@ -282,7 +282,7 @@ typedef struct {
 
 typedef struct {
     // 64KB SRAM -> 524288 bits(max sample num) < 2^30
-uint32_t samples  :
+    uint32_t samples  :
     LF_SAMPLES_BITS;
     bool     realtime : 1;
     bool     verbose  : 1;
@@ -602,6 +602,12 @@ typedef struct {
 #define CMD_LF_HITAGS_WRITE                                               0x0375
 #define CMD_LF_HITAGS_UID                                                 0x037A
 
+// For Hitag µ
+#define CMD_LF_HITAGU_READ                                                0x037B
+#define CMD_LF_HITAGU_WRITE                                               0x037C
+#define CMD_LF_HITAGU_SIMULATE                                            0x037D
+#define CMD_LF_HITAGU_UID                                                 0x037E
+
 #define CMD_LF_HITAG_ELOAD                                                0x0376
 
 #define CMD_HF_ISO14443A_ANTIFUZZ                                         0x0380

include/protocols.h

@@ -455,12 +455,14 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 #define LTO             12
 #define PROTO_HITAG2    13
 #define PROTO_HITAGS    14
-#define PROTO_CRYPTORF  15
-#define SEOS            16
-#define PROTO_MFPLUS    17
-#define PROTO_TEXKOM    18
-#define PROTO_XEROX     19
-#define PROTO_FMCOS20   20
+#define PROTO_HITAGU    15
+#define PROTO_CRYPTORF  16
+#define SEOS            17
+#define PROTO_MFPLUS    18
+#define PROTO_TEXKOM    19
+#define PROTO_XEROX     20
+#define PROTO_FMCOS20   21
+#define COUNT_OF_PROTOCOLS 22
 
 // Picopass fuses
 #define FUSE_FPERS   0x80
@@ -948,6 +950,25 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 #define HITAGS_WRITE_BLOCK              0x90    // 1001 WRITE BLOCK
 #define HITAGS_QUIET                    0x70    // 0111 QUIET
 
+// Hitag μ flags
+#define HITAGU_FLAG_PEXT                0x01    // 0b00001 - Protocol EXTension flag
+#define HITAGU_FLAG_INV                 0x02    // 0b00010 - INVentory flag
+#define HITAGU_FLAG_CRCT                0x04    // 0b00100 - CRC Transponder flag
+#define HITAGU_FLAG_SEL                 0x08    // 0b01000 - SELect flag (when INV=0)
+#define HITAGU_FLAG_ADR                 0x10    // 0b10000 - ADdRess flag (when INV=0)
+#define HITAGU_FLAG_RFU                 0x08    // 0b01000 - Reserved For Use flag (when INV=1, always 0)
+#define HITAGU_FLAG_NOS                 0x10    // 0b10000 - Number Of Slots flag (when INV=1)
+
+// Hitag μ commands (6-bit)
+#define HITAGU_CMD_LOGIN                   0x28    // 0b101000 - Login command
+#define HITAGU_CMD_INVENTORY               0x00    // 0b000000 - Inventory command
+#define HITAGU_CMD_READ_MULTIPLE_BLOCK     0x12    // 0b010010 - Read multiple block command
+#define HITAGU_CMD_WRITE_SINGLE_BLOCK      0x14    // 0b010100 - Write single block command
+#define HITAGU_CMD_SELECT                  0x18    // 0b011000 - Select command
+#define HITAGU_CMD_SYSINFO                 0x17    // 0b010111 - Get system information command
+#define HITAGU_CMD_READ_UID                0x02    // 0b000010 - Read UID command
+#define HITAGU_CMD_STAY_QUIET              0x01    // 0b000001 - Stay quiet command
+
 // LTO-CM commands
 #define LTO_REQ_STANDARD                0x45
 #define LTO_REQ_ALL                     0x4A