github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 18:48:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: hitag S code sytle & cleanup

Browse source
This commit is contained in:
douniwan5788 2024-09-15 12:42:03 +08:00
commit 662b194e56
4 changed files with 26 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

46
armsrc/hitagS.c
View file

@ -289,7 +289,7 @@ static void hitag_reader_send_bit(int bit, bool ledcontrol) {
if (ledcontrol) LED_A_ON();
// Reset clock for the next bit
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
while (AT91C_BASE_TC0->TC_CV > 0);
while (AT91C_BASE_TC0->TC_CV != 0);
// Binary puls length modulation (BPLM) is used to encode the data stream
// This means that a transmission of a one takes longer than that of a zero
@ -334,7 +334,7 @@ static void hitag_reader_send_frame(const uint8_t *frame, size_t frame_len, bool
}
// send EOF
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
while (AT91C_BASE_TC0->TC_CV > 0);
while (AT91C_BASE_TC0->TC_CV != 0);
HIGH(GPIO_SSC_DOUT);
// Wait for 4-10 times the carrier period
@ -362,14 +362,10 @@ static void hts_init_clock(void) {
// TC1: Capture mode, clock source = MCK/32 (TIMER_CLOCK3), TIOA is external trigger,
// external trigger falling edge, set RA on falling edge of TIOA.
AT91C_BASE_TC1->TC_CMR =
AT91C_TC_CLKS_TIMER_DIV3_CLOCK |
AT91C_TC_ETRGEDG_FALLING | // external trigger on falling edge
AT91C_TC_ABETRG | // TIOA is used as an external trigger.
AT91C_TC_LDRA_FALLING | // load RA on on falling edge
AT91C_TC_ACPA_CLEAR | // RA comperator clears TIOA (carry bit)
AT91C_TC_ASWTRG_SET; // SWTriger sets TIOA (carry bit)
AT91C_BASE_TC1->TC_RA = 1; // clear carry bit on next clock cycle
AT91C_TC_CLKS_TIMER_DIV3_CLOCK | // MCK/32 (TIMER_CLOCK3)
AT91C_TC_ETRGEDG_FALLING | // external trigger on falling edge
AT91C_TC_ABETRG | // TIOA is used as an external trigger
AT91C_TC_LDRA_FALLING; // load RA on on falling edge
// Enable and reset counters
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
@ -377,7 +373,7 @@ static void hts_init_clock(void) {
// synchronized startup procedure
// In theory, with MCK/32, we shouldn't be waiting longer than 32 instruction statements, right?
while (AT91C_BASE_TC0->TC_CV > 0) {}; // wait until TC0 returned to zero
while (AT91C_BASE_TC0->TC_CV != 0) {}; // wait until TC0 returned to zero
}
@ -440,13 +436,9 @@ static void hts_set_frame_modulation(void) {
*/
static void hts_handle_reader_command(uint8_t *rx, const size_t rxlen,
uint8_t *tx, size_t *txlen) {
uint8_t rx_air[HITAG_FRAME_LEN];
uint64_t state;
unsigned char crc;
// Copy the (original) received frame how it is send over the air
memcpy(rx_air, rx, nbytes(rxlen));
// Reset the transmission frame length
*txlen = 0;
@ -612,7 +604,7 @@ static void hts_handle_reader_command(uint8_t *rx, const size_t rxlen,
//write page, write block, read page or read block command received
if ((rx[0] & 0xf0) == HITAGS_READ_PAGE) { //read page
//send page data
uint8_t page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16);
uint8_t page = ((rx[0] & 0x0f) << 4) + ((rx[1] & 0xf0) >> 4);
*txlen = 32;
tx[0] = tag.pages[page][0];
tx[1] = tag.pages[page][1];
@ -643,7 +635,7 @@ static void hts_handle_reader_command(uint8_t *rx, const size_t rxlen,
} else if ((rx[0] & 0xf0) == HITAGS_READ_BLOCK) { //read block
uint8_t page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16);
uint8_t page = ((rx[0] & 0x0f) << 4) + ((rx[1] & 0xf0) >> 4);
*txlen = 32 * 4;
//send page,...,page+3 data
@ -673,7 +665,7 @@ static void hts_handle_reader_command(uint8_t *rx, const size_t rxlen,
} else if ((rx[0] & 0xf0) == HITAGS_WRITE_PAGE) { //write page
uint8_t page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16);
uint8_t page = ((rx[0] & 0x0f) << 4) + ((rx[1] & 0xf0) >> 4);
if ((tag.LCON && page == 1)
|| (tag.LKP && (page == 2 || page == 3))) {
@ -689,7 +681,7 @@ static void hts_handle_reader_command(uint8_t *rx, const size_t rxlen,
} else if ((rx[0] & 0xf0) == HITAGS_WRITE_BLOCK) { //write block
uint8_t page = ((rx[0] & 0x0f) * 6) + ((rx[1] & 0xf0) / 16);
uint8_t page = ((rx[0] & 0x0f) << 4) + ((rx[1] & 0xf0) >> 4);
hts_set_frame_modulation();
if (page % 4 != 0 || page == 0) {
@ -723,8 +715,7 @@ void hts_simulate(bool tag_mem_supplied, const uint8_t *data, bool ledcontrol) {
int response = 0, overflow = 0;
uint8_t rx[HITAG_FRAME_LEN];
size_t rxlen = 0;
uint8_t txbuf[HITAG_FRAME_LEN];
uint8_t *tx = txbuf;
uint8_t tx[HITAG_FRAME_LEN];
size_t txlen = 0;
// Reset the received frame, frame count and timing info
@ -746,13 +737,6 @@ void hts_simulate(bool tag_mem_supplied, const uint8_t *data, bool ledcontrol) {
// read tag data into memory
if (tag_mem_supplied) {
for (int i = 0; i < 16; i++) {
for (int j = 0; j < 4; j++) {
tag.pages[i][j] = 0x0;
}
}
DbpString("Loading hitag S memory...");
memcpy((uint8_t *)tag.pages, data, 4 * 64);
} else {
@ -888,7 +872,7 @@ void hts_simulate(bool tag_mem_supplied, const uint8_t *data, bool ledcontrol) {
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
// synchronized startup procedure
while (AT91C_BASE_TC0->TC_CV > 0); // wait until TC0 returned to zero
while (AT91C_BASE_TC0->TC_CV != 0); // wait until TC0 returned to zero
while ((BUTTON_PRESS() == false) && (data_available() == false)) {
@ -997,7 +981,7 @@ static void hts_receive_frame(uint8_t *rx, size_t sizeofrx, size_t *rxlen, uint3
// Dbprintf("TC0_CV:%i TC1_CV:%i TC1_RA:%i", AT91C_BASE_TC0->TC_CV, AT91C_BASE_TC1->TC_CV ,AT91C_BASE_TC1->TC_RA);
// Receive frame, watch for at most T0*HITAG_T_PROG_MAX periods
// Receive tag frame, watch for at most T0*HITAG_T_PROG_MAX periods
while (AT91C_BASE_TC0->TC_CV < (T0 * HITAG_T_PROG_MAX)) {
// Check if falling edge in tag modulation is detected
@ -1129,7 +1113,7 @@ static void hts_send_receive(const uint8_t *tx, size_t txlen, uint8_t *rx, size_
if (ac_seq) {
// Tag Response is AC encoded
// We used UID Request Advanced, meaning AC SEQ header is 111.
// We used UID Request Advanced, meaning AC SEQ SOF is 111.
for (int i = 7; i < rxlen; i += 2) {
rx[k / 8] |= response_bit[i] << (7 - (k % 8));

2
client/src/cmdlfem410x.c
View file

@ -785,7 +785,7 @@ static int CmdEM410xClone(const char *Cmd) {
}
packet.cmd = WHTSF_82xx;
memcpy(packet.pwd, (uint8_t[]) {0xBB, 0xDD, 0x33, 0x99}, 4);
memcpy(packet.pwd, "\xBB\xDD\x33\x99", 4);
SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet));
if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 4000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");

16
client/src/cmdlfhitaghts.c
View file

@ -102,7 +102,7 @@ static int CmdLFHitagSRead(const char *Cmd) {
" 8268/8310 password mode: \n"
" - default password BBDD3399\n",
" lf hitag hts rdbl -> Hitag S/8211, plain mode\n"
" lf hitag hts rdbl --8 -k BBDD3399 -> 8268/8310, password mode\n"
" lf hitag hts rdbl --82xx -k BBDD3399 -> 8268/8310, password mode\n"
" lf hitag hts rdbl --nrar 0102030411223344 -> Hitag S, challenge mode\n"
" lf hitag hts rdbl --crypto -> Hitag S, crypto mode, def key\n"
" lf hitag hts rdbl -k 4F4E4D494B52 -> Hitag S, crypto mode\n\n"
@ -187,8 +187,6 @@ static int CmdLFHitagSRead(const char *Cmd) {
lf_hitag_data_t packet;
memset(&packet, 0, sizeof(packet));
int pm3cmd = CMD_LF_HITAGS_READ;
if (use_nrar) {
packet.cmd = RHTSF_CHALLENGE;
memcpy(packet.NrAr, nrar, sizeof(packet.NrAr));
@ -205,10 +203,10 @@ static int CmdLFHitagSRead(const char *Cmd) {
}
clearCommandBuffer();
SendCommandNG(pm3cmd, (uint8_t *) &packet, sizeof(packet));
SendCommandNG(CMD_LF_HITAGS_READ, (uint8_t *) &packet, sizeof(packet));
PacketResponseNG resp;
if (WaitForResponseTimeout(pm3cmd, &resp, 2000) == false) {
if (WaitForResponseTimeout(CMD_LF_HITAGS_READ, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
return PM3_ETIMEOUT;
@ -226,7 +224,7 @@ static int CmdLFHitagSRead(const char *Cmd) {
uint8_t *data = resp.data.asBytes;
hitags_config_t config = hitags_config_unpack(data + HITAGS_PAGE_SIZE);
hitags_config_t config = hitags_config_unpack(&data[HITAGS_PAGE_SIZE * HITAGS_CONFIG_PADR]);
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
@ -254,7 +252,7 @@ static int CmdLFHitagSWrite(const char *Cmd) {
" 8268/8310 password mode: \n"
" - default password BBDD3399\n",
" lf hitag hts wrbl -p 6 -d 01020304 -> Hitag S/8211, plain mode\n"
" lf hitag hts wrbl -p 6 -d 01020304 --8 -k BBDD3399 -> 8268/8310, password mode\n"
" lf hitag hts wrbl -p 6 -d 01020304 --82xx -k BBDD3399 -> 8268/8310, password mode\n"
" lf hitag hts wrbl -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag S, challenge mode\n"
" lf hitag hts wrbl -p 6 -d 01020304 --crypto -> Hitag S, crypto mode, default key\n"
" lf hitag hts wrbl -p 6 -d 01020304 -k 4F4E4D494B52 -> Hitag S, crypto mode\n\n"
@ -263,7 +261,7 @@ static int CmdLFHitagSWrite(const char *Cmd) {
void *argtable[] = {
arg_param_begin,
arg_str0(NULL, "nrar", "<hex>", "nonce / answer writer, 8 hex bytes"),
arg_lit0(NULL, "8", "8268/8310 mode"),
arg_lit0("8", "82xx", "8268/8310 mode"),
arg_lit0(NULL, "crypto", "crypto mode"),
arg_str0("k", "key", "<hex>", "pwd or key, 4 or 6 hex bytes"),
arg_int1("p", "page", "<dec>", "page address to write to"),
@ -327,7 +325,7 @@ static int CmdLFHitagSWrite(const char *Cmd) {
use_crypto = true;
}
if ((key_len == 0) && use_82xx) {
memcpy(key, (uint8_t[]) {0xBB, 0xDD, 0x33, 0x99}, 4);
memcpy(key, "\xBB\xDD\x33\x99", 4);
key_len = 4;
}
if ((key_len == 0) && use_crypto) {

4
include/hitag.h
View file

@ -27,6 +27,7 @@
#define HITAG_PASSWORD_SIZE 4
#define HITAG_UID_SIZE 4
#define HITAG_BLOCK_SIZE 4
#define HITAG2_MAX_BLOCKS 8
#define HITAG2_MAX_BYTE_SIZE (HITAG2_MAX_BLOCKS * HITAG_BLOCK_SIZE)
@ -34,9 +35,10 @@
#define HITAGS_CRYPTOKEY_SIZE 6
#define HITAGS_UID_SIZE 4
#define HITAGS_PAGE_SIZE 4
#define HITAGS_BLOCK_SIZE 4
#define HITAGS_BLOCK_SIZE 16
#define HITAGS_MAX_PAGES 64
#define HITAGS_MAX_BYTE_SIZE (HITAGS_MAX_PAGES * HITAGS_PAGE_SIZE)
#define HITAGS_CONFIG_PADR 1
// need to see which limits these cards has
#define HITAG1_MAX_BYTE_SIZE 64