Raw 14a in commandline, patch by jonor, see http://proxmark.org/forum/viewtopic.php?id=1751 for more info

armsrc/iso14443a.c

@@ -88,25 +88,25 @@ void iso14a_set_timeout(uint32_t timeout) {
 //-----------------------------------------------------------------------------
 byte_t oddparity (const byte_t bt)
 {
-  return OddByteParity[bt];
+	return OddByteParity[bt];
 }
 
 uint32_t GetParity(const uint8_t * pbtCmd, int iLen)
 {
-  int i;
+	int i;
-  uint32_t dwPar = 0;
+	uint32_t dwPar = 0;
 
-  // Generate the encrypted data
+	// Generate the encrypted data
-  for (i = 0; i < iLen; i++) {
+	for (i = 0; i < iLen; i++) {
-    // Save the encrypted parity bit
+		// Save the encrypted parity bit
-    dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
+		dwPar |= ((OddByteParity[pbtCmd[i]]) << i);
-  }
+	}
-  return dwPar;
+	return dwPar;
 }
 
 void AppendCrc14443a(uint8_t* data, int len)
 {
-  ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
+	ComputeCrc14443(CRC_14443_A,data,len,data+len,data+len+1);
 }
 
 // The function LogTrace() is also used by the iClass implementation in iClass.c
@@ -584,7 +584,7 @@ void RAMFUNC SnoopIso14443a(uint8_t param) {
 	
 	LEDsoff();
 	// init trace buffer
-    iso14a_clear_trace();
+	iso14a_clear_trace();
 
 	// We won't start recording the frames that we acquire until we trigger;
 	// a good trigger condition to get started is probably when we see a
@@ -782,7 +782,7 @@ static void CodeStrangeAnswerAsTag()
 {
 	int i;
 
-    ToSendReset();
+	ToSendReset();
 
 	// Correction bit, might be removed when not needed
 	ToSendStuffBit(0);
@@ -806,7 +806,7 @@ static void CodeStrangeAnswerAsTag()
 	// 1
 	ToSend[++ToSendMax] = SEC_D;
 
-    // Send stopbit
+	// Send stopbit
 	ToSend[++ToSendMax] = SEC_F;
 
 	// Flush the buffer in FPGA!!
@@ -814,15 +814,15 @@ static void CodeStrangeAnswerAsTag()
 		ToSend[++ToSendMax] = SEC_F;
 	}
 
-    // Convert from last byte pos to length
+	// Convert from last byte pos to length
-    ToSendMax++;
+	ToSendMax++;
 }
 
 static void Code4bitAnswerAsTag(uint8_t cmd)
 {
 	int i;
 
-    ToSendReset();
+	ToSendReset();
 
 	// Correction bit, might be removed when not needed
 	ToSendStuffBit(0);
@@ -855,8 +855,8 @@ static void Code4bitAnswerAsTag(uint8_t cmd)
 		ToSend[++ToSendMax] = SEC_F;
 	}
 
-    // Convert from last byte pos to length
+	// Convert from last byte pos to length
-    ToSendMax++;
+	ToSendMax++;
 }
 
 //-----------------------------------------------------------------------------
@@ -914,9 +914,9 @@ int EmSendCmdPar(uint8_t *resp, int respLen, uint32_t par);
 //-----------------------------------------------------------------------------
 void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 {
-  // Enable and clear the trace
+	// Enable and clear the trace
 	tracing = TRUE;
-  iso14a_clear_trace();
+	iso14a_clear_trace();
 
 	// This function contains the tag emulation
 	uint8_t sak;
@@ -996,7 +996,7 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 	uint8_t *resp = NULL;
 	int respLen;
 
-  // Longest possible response will be 16 bytes + 2 CRC = 18 bytes
+	// Longest possible response will be 16 bytes + 2 CRC = 18 bytes
 	// This will need
 	//    144        data bits (18 * 8)
 	//     18        parity bits
@@ -1109,9 +1109,9 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 			break;
 		}
     
-    if (tracing) {
+		if (tracing) {
 			LogTrace(receivedCmd,len, 0, Uart.parityBits, TRUE);
-    }
+		}
     
 		// doob - added loads of debug strings so we can see what the reader is saying to us during the sim as hi14alist is not populated
 		// Okay, look at the command now.
@@ -1144,10 +1144,10 @@ void SimulateIso14443aTag(int tagType, int uid_1st, int uid_2nd, byte_t* data)
 //			resp = resp4; respLen = resp4Len; order = 4; // Do nothing
 //			respdata = &nack;
 //			respsize = sizeof(nack); // 4-bit answer
-      EmSendCmdEx(data+(4*receivedCmd[0]),16,false);
+			EmSendCmdEx(data+(4*receivedCmd[0]),16,false);
 			Dbprintf("Read request from reader: %x %x",receivedCmd[0],receivedCmd[1]);
-      // We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
+			// We already responded, do not send anything with the EmSendCmd14443aRaw() that is called below
-      respLen = 0;
+			respLen = 0;
 		} else if(receivedCmd[0] == 0x50) {	// Received a HALT
 //			DbpString("Reader requested we HALT!:");
 			// Do not respond
@@ -1668,13 +1668,13 @@ int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, u
     uid_resp_len = 4;
     //    Dbprintf("uid: %02x %02x %02x %02x",uid_resp[0],uid_resp[1],uid_resp[2],uid_resp[3]);
 
-	// calculate crypto UID. Always use last 4 Bytes.
+        // calculate crypto UID. Always use last 4 Bytes.
-	if(cuid_ptr) {
+    if(cuid_ptr) {
-		*cuid_ptr = bytes_to_num(uid_resp, 4);
+        *cuid_ptr = bytes_to_num(uid_resp, 4);
     }
 
     // Construct SELECT UID command
-		memcpy(sel_uid+2,resp,5);
+    memcpy(sel_uid+2,resp,5);
     AppendCrc14443a(sel_uid,7);
     ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);
 
@@ -1781,10 +1781,13 @@ void ReaderIso14443a(UsbCommand * c)
 	iso14a_command_t param = c->arg[0];
 	uint8_t * cmd = c->d.asBytes;
 	size_t len = c->arg[1];
+	size_t lenbits = c->arg[2];
 	uint32_t arg0 = 0;
 	byte_t buf[USB_CMD_DATA_SIZE];
   
-	iso14a_clear_trace();
+	if(param & ISO14A_CONNECT) {
+		iso14a_clear_trace();
+	}
 	iso14a_set_tracing(true);
 
 	if(param & ISO14A_REQUEST_TRIGGER) {
@@ -1793,8 +1796,11 @@ void ReaderIso14443a(UsbCommand * c)
 
 	if(param & ISO14A_CONNECT) {
 		iso14443a_setup();
-		arg0 = iso14443a_select_card(NULL, (iso14a_card_select_t*)buf, NULL);
+		if(!(param & ISO14A_NO_SELECT)) {
-		cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(iso14a_card_select_t));
+			iso14a_card_select_t *card = (iso14a_card_select_t*)buf;
+			arg0 = iso14443a_select_card(NULL,card,NULL);
+			cmd_send(CMD_ACK,arg0,card->uidlen,0,buf,sizeof(iso14a_card_select_t));
+		}
 	}
 
 	if(param & ISO14A_SET_TIMEOUT) {
@@ -1815,7 +1821,11 @@ void ReaderIso14443a(UsbCommand * c)
 			AppendCrc14443a(cmd,len);
 			len += 2;
 		}
-		ReaderTransmit(cmd,len, NULL);
+		if(lenbits>0) {
+			ReaderTransmitBitsPar(cmd,lenbits,GetParity(cmd,lenbits/8), NULL);
+		} else {
+			ReaderTransmit(cmd,len, NULL);
+		}
 		arg0 = ReaderReceive(buf);
 		cmd_send(CMD_ACK,arg0,0,0,buf,sizeof(buf));
 	}

client/cmdhf14a.c

@@ -26,6 +26,7 @@
 #include "mifare.h"
 
 static int CmdHelp(const char *Cmd);
+static void waitCmd(uint8_t iLen);
 
 int CmdHF14AList(const char *Cmd)
 {
@@ -469,6 +470,146 @@ int CmdHF14ASnoop(const char *Cmd) {
   return 0;
 }
 
+int CmdHF14ACmdRaw(const char *cmd) {
+    UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
+    uint8_t reply=1;
+    uint8_t crc=0;
+    uint8_t power=0;
+    uint8_t active=0;
+    uint8_t active_select=0;
+    uint16_t numbits=0;
+    char buf[5]="";
+    int i=0;
+    uint8_t data[100];
+    unsigned int datalen=0, temp;
+
+    if (strlen(cmd)<2) {
+        PrintAndLog("Usage: hf 14a raw [-r] [-c] [-p] [-f] [-b] <number of bits> <0A 0B 0C ... hex>");
+        PrintAndLog("       -r    do not read response");
+        PrintAndLog("       -c    calculate and append CRC");
+        PrintAndLog("       -p    leave the signal field ON after receive");
+        PrintAndLog("       -a    active signal field ON without select");
+        PrintAndLog("       -s    active signal field ON with select");
+        PrintAndLog("       -b    number of bits to send. Useful for send partial byte");
+        return 0;
+    }
+
+    // strip
+    while (*cmd==' ' || *cmd=='\t') cmd++;
+
+    while (cmd[i]!='\0') {
+        if (cmd[i]==' ' || cmd[i]=='\t') { i++; continue; }
+        if (cmd[i]=='-') {
+            switch (cmd[i+1]) {
+                case 'r': 
+                    reply=0;
+                    break;
+                case 'c':
+                    crc=1;
+                    break;
+                case 'p':
+                    power=1;
+                    break;
+                case 'a':
+                    active=1;
+                    break;
+                case 's':
+                    active_select=1;
+                    break;
+                case 'b': 
+                    sscanf(cmd+i+2,"%d",&temp);
+                    numbits = temp & 0xFFFF;
+                    i+=3;
+                    while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
+                    i-=2;
+                    break;
+                default:
+                    PrintAndLog("Invalid option");
+                    return 0;
+            }
+            i+=2;
+            continue;
+        }
+        if ((cmd[i]>='0' && cmd[i]<='9') ||
+            (cmd[i]>='a' && cmd[i]<='f') ||
+            (cmd[i]>='A' && cmd[i]<='F') ) {
+            buf[strlen(buf)+1]=0;
+            buf[strlen(buf)]=cmd[i];
+            i++;
+
+            if (strlen(buf)>=2) {
+                sscanf(buf,"%x",&temp);
+                data[datalen]=(uint8_t)(temp & 0xff);
+                datalen++;
+                *buf=0;
+            }
+            continue;
+        }
+        PrintAndLog("Invalid char on input");
+        return 0;
+    }
+    if(crc && datalen>0)
+    {
+        uint8_t first, second;
+        ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
+        data[datalen++] = first;
+        data[datalen++] = second;
+    }
+
+    if(active || active_select)
+    {
+        c.arg[0] |= ISO14A_CONNECT;
+        if(active)
+            c.arg[0] |= ISO14A_NO_SELECT;
+    }
+    if(power)
+        c.arg[0] |= ISO14A_NO_DISCONNECT;
+    if(datalen>0)
+        c.arg[0] |= ISO14A_RAW;
+
+    c.arg[1] = datalen;
+    c.arg[2] = numbits;
+    memcpy(c.d.asBytes,data,datalen);
+
+    SendCommand(&c);
+
+    if (reply) {
+        if(active_select)
+            waitCmd(1);
+        if(datalen>0)
+            waitCmd(0);
+    } // if reply
+    return 0;
+}
+
+static void waitCmd(uint8_t iSelect)
+{
+    uint8_t *recv;
+    UsbCommand resp;
+    char *hexout;
+
+    if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+        recv = resp.d.asBytes;
+        uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
+        PrintAndLog("received %i octets",iLen);
+        if(!iLen)
+            return;
+        hexout = (char *)malloc(iLen * 3 + 1);
+        if (hexout != NULL) {
+            uint8_t first, second;
+            for (int i = 0; i < iLen; i++) { // data in hex
+                sprintf(&hexout[i * 3], "%02hX ", recv[i]);
+            }
+            PrintAndLog("%s", hexout);
+            free(hexout);
+        } else {
+            PrintAndLog("malloc failed your client has low memory?");
+        }
+    } else {
+        PrintAndLog("timeout while waiting for reply.");
+    }
+}
+
 static command_t CommandTable[] = 
 {
   {"help",   CmdHelp,              1, "This help"},
@@ -477,6 +618,7 @@ static command_t CommandTable[] =
   {"cuids",  CmdHF14ACUIDs,        0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
   {"sim",    CmdHF14ASim,          0, "<UID> -- Fake ISO 14443a tag"},
   {"snoop",  CmdHF14ASnoop,        0, "Eavesdrop ISO 14443 Type A"},
+  {"raw",    CmdHF14ACmdRaw,       0, "Send raw hex data to tag"},
   {NULL, NULL, 0, NULL}
 };
 

include/mifare.h

@@ -32,7 +32,8 @@ typedef enum ISO14A_COMMAND {
 	ISO14A_RAW = 8,
 	ISO14A_REQUEST_TRIGGER = 0x10,
 	ISO14A_APPEND_CRC = 0x20,
-	ISO14A_SET_TIMEOUT = 0x40
+	ISO14A_SET_TIMEOUT = 0x40,
+	ISO14A_NO_SELECT = 0x80
 } iso14a_command_t;
 
 #endif // _MIFARE_H_