From 69bb285524b77cb1cad40ed400db6dae8a9d926c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 17 Jan 2020 13:44:41 +0100 Subject: [PATCH] fix: 'hf lto info' - now correctly selects and prints LTO-CM uid. --- client/cmdhf.c | 7 ++++--- client/cmdhficlass.c | 3 ++- client/cmdhflist.c | 8 ++++---- client/cmdhflto.c | 47 ++++++++++++++++++++++++-------------------- include/protocols.h | 1 - 5 files changed, 36 insertions(+), 30 deletions(-) diff --git a/client/cmdhf.c b/client/cmdhf.c index 52ad853fa..d0fbbffb2 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -272,15 +272,16 @@ static command_t CommandTable[] = { {"15", CmdHF15, AlwaysAvailable, "{ ISO15693 RFIDs... }"}, {"epa", CmdHFEPA, AlwaysAvailable, "{ German Identification Card... }"}, {"felica", CmdHFFelica, AlwaysAvailable, "{ ISO18092 / Felica RFIDs... }"}, - {"legic", CmdHFLegic, AlwaysAvailable, "{ LEGIC RFIDs... }"}, + {"fido", CmdHFFido, AlwaysAvailable, "{ FIDO and FIDO2 authenticators... }"}, {"iclass", CmdHFiClass, AlwaysAvailable, "{ ICLASS RFIDs... }"}, + {"legic", CmdHFLegic, AlwaysAvailable, "{ LEGIC RFIDs... }"}, + {"lto", CmdHFLTO, AlwaysAvailable, "{ LTO Cartridge Memory RFIDs... }"}, {"mf", CmdHFMF, AlwaysAvailable, "{ MIFARE RFIDs... }"}, {"mfp", CmdHFMFP, AlwaysAvailable, "{ MIFARE Plus RFIDs... }"}, {"mfu", CmdHFMFUltra, AlwaysAvailable, "{ MIFARE Ultralight RFIDs... }"}, {"mfdes", CmdHFMFDes, AlwaysAvailable, "{ MIFARE Desfire RFIDs... }"}, - {"topaz", CmdHFTopaz, AlwaysAvailable, "{ TOPAZ (NFC Type 1) RFIDs... }"}, - {"fido", CmdHFFido, AlwaysAvailable, "{ FIDO and FIDO2 authenticators... }"}, {"thinfilm", CmdHFThinfilm, AlwaysAvailable, "{ Thinfilm RFIDs... }"}, + {"topaz", CmdHFTopaz, AlwaysAvailable, "{ TOPAZ (NFC Type 1) RFIDs... }"}, {"list", CmdTraceList, AlwaysAvailable, "List protocol data in trace buffer"}, {"plot", CmdHFPlot, IfPm3Hfplot, "Plot signal"}, {"tune", CmdHFTune, IfPm3Present, "Continuously measure HF antenna tuning"}, diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index ae1109717..616f5e2e2 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -2805,6 +2805,7 @@ int readIclass(bool loop, bool verbose) { FLAG_ICLASS_READER_CONF | FLAG_ICLASS_READER_ONLY_ONCE | FLAG_ICLASS_READER_ONE_TRY; + uint32_t res = PM3_ETIMEOUT; // loop in client not device - else on windows have a communication error while (!kbd_enter_pressed()) { @@ -2876,6 +2877,6 @@ int readIclass(bool loop, bool verbose) { if (!loop) break; } DropField(); - return PM3_SUCCESS; + return res; } diff --git a/client/cmdhflist.c b/client/cmdhflist.c index c9d0f2bb7..2fde8492c 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -1101,10 +1101,10 @@ void annotateLTO(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { snprintf(exp, size, "REQ Standard"); break; case LTO_SELECT: - snprintf(exp, size, "SELECT"); - break; - case LTO_SELECT_1: - snprintf(exp, size, "SELECT_1"); + if (cmd[1] == 0x70) + snprintf(exp, size, "SELECT_UID-2"); + else if (cmd[1] == 0x20) + snprintf(exp, size, "SELECT"); break; case LTO_REQ_ALL: snprintf(exp, size, "REQ All"); diff --git a/client/cmdhflto.c b/client/cmdhflto.c index 8a1e914aa..e60fc4781 100644 --- a/client/cmdhflto.c +++ b/client/cmdhflto.c @@ -42,9 +42,17 @@ static void lto_switch_on_field(void) { } // send a raw LTO-CM command, returns the length of the response (0 in case of error) -static int lto_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response, uint16_t *response_len, bool verbose) { +static int lto_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response, uint16_t *response_len, bool addcrc, bool verbose) { + + uint64_t arg0 = ISO14A_RAW | ISO14A_NO_DISCONNECT | ISO14A_NO_RATS; + uint32_t arg1 = (len == 1) ? (7 << 16) : 0; + arg1 |= len; + + if (addcrc) { + arg0 |= ISO14A_APPEND_CRC; + } - SendCommandOLD(CMD_HF_ISO14443A_READER, ISO14A_RAW | ISO14A_NO_DISCONNECT | ISO14A_NO_RATS, len, 0, cmd, len); + SendCommandOLD(CMD_HF_ISO14443A_READER, arg0, arg1, 0, cmd, len); PacketResponseNG resp; if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { @@ -55,7 +63,6 @@ static int lto_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response, uint16 if (resp.oldarg[0] == *response_len) { *response_len = resp.oldarg[0]; - PrintAndLogEx(INFO, "%s", sprint_hex(resp.data.asBytes, *response_len)); if (*response_len > 0) { memcpy(response, resp.data.asBytes, *response_len); } @@ -66,7 +73,6 @@ static int lto_send_cmd_raw(uint8_t *cmd, uint8_t len, uint8_t *response, uint16 return PM3_SUCCESS; } - // select a LTO-CM tag. Send WUPA and RID. static int lto_select(uint8_t *id_response, uint8_t id_len, bool verbose) { // Todo: implement anticollision @@ -75,26 +81,27 @@ static int lto_select(uint8_t *id_response, uint8_t id_len, bool verbose) { uint16_t resp_len; uint8_t wupa_cmd[] = {LTO_REQ_STANDARD}; uint8_t select_cmd[] = {LTO_SELECT, 0x20}; - uint8_t select_1_cmd[] = {LTO_SELECT_1, 0x70, 0, 0, 0, 0, 0}; + uint8_t select_1_cmd[] = {LTO_SELECT, 0x70, 0, 0, 0, 0, 0}; lto_switch_on_field(); resp_len = 2; - int status = lto_send_cmd_raw(wupa_cmd, sizeof(wupa_cmd), resp, &resp_len, verbose); + int status = lto_send_cmd_raw(wupa_cmd, sizeof(wupa_cmd), resp, &resp_len, false, verbose); if (status == PM3_ETIMEOUT || status == PM3_ESOFT) { lto_switch_off_field(); return PM3_ESOFT; // WUPA failed } resp_len = id_len; - status = lto_send_cmd_raw(select_cmd, sizeof(select_cmd), id_response, &resp_len, verbose); + status = lto_send_cmd_raw(select_cmd, sizeof(select_cmd), id_response, &resp_len, false, verbose); if (status == PM3_ETIMEOUT || status == PM3_ESOFT) { lto_switch_off_field(); return PM3_EWRONGANSVER; // SELECT failed } + memcpy(select_1_cmd + 2, id_response, sizeof(select_1_cmd) - 2); resp_len = 1; - status = lto_send_cmd_raw(select_1_cmd, sizeof(select_1_cmd), resp, &resp_len, verbose); + status = lto_send_cmd_raw(select_1_cmd, sizeof(select_1_cmd), resp, &resp_len, true, verbose); if (status == PM3_ETIMEOUT || status == PM3_ESOFT || resp[0] != 0x0A) { lto_switch_off_field(); return PM3_EWRONGANSVER; // SELECT failed @@ -104,7 +111,6 @@ static int lto_select(uint8_t *id_response, uint8_t id_len, bool verbose) { return PM3_SUCCESS; } - static int CmdHfLTOInfo(const char *Cmd) { uint8_t cmdp = 0; @@ -134,19 +140,18 @@ int infoLTO(bool verbose) { clearCommandBuffer(); uint8_t serial_number[5]; - uint8_t serial_len = 0; - - int ret_val = lto_select(serial_number, serial_len, verbose); - + uint8_t serial_len = sizeof(serial_number); + int ret_val = lto_select(serial_number, serial_len, verbose); lto_switch_off_field(); - /* - - -- "hf 14a raw -a -p -b 7 45" - -- "hf 14a raw -c -p 9320" - -- "hf 14a raw -c -p 9370%s", serial_number - -- "disconnect" - - + + if (ret_val == PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, "\nUID: %s", sprint_hex(serial_number, sizeof(serial_number))); + + // todo: add printing of all configuration + } + + /* read block: + SendCommandNG(CMD_HF_THINFILM_READ, NULL, 0); PacketResponseNG resp; if (!WaitForResponseTimeout(CMD_HF_THINFILM_READ, &resp, 1500)) { diff --git a/include/protocols.h b/include/protocols.h index 857cb2a4a..47e022c28 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -602,7 +602,6 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define LTO_READBLOCK 0x30 #define LTO_READBLOCK_CONT 0x80 #define LTO_SELECT 0x93 -#define LTO_SELECT_1 0x97 #define LTO_WRITEWORD 0xB0 // write 2 bytes (word) #define LTO_WRITEBLOCK 0xA0 #define LTO_HALT 0x50