hitag1/S trace: add crc check

Example: [usb] pm3 --> trace load -f traces/lf_HitagS256_dump.trace [+] loaded 272 bytes from binary file traces/lf_HitagS256_dump.trace [+] Recorded Activity (TraceLen = 272 bytes) [?] try `trace list -1 -t ...` to view trace. Remember the `-1` param [usb] pm3 --> trace list -t hitags -c [=] downloading tracelog data from device [+] Recorded activity (trace len = 272 bytes) [=] start = start of start frame end = end of frame. src = source of transfer [=] Hitag1 / Hitag2 / HitagS - Timings in ETU (8us) Start | End | Src | Data (! denotes parity error) | CRC | Annotation ------------+------------+-----+-------------------------------------------------------------------------+-----+-------------------- 0 | 0 | Rdr |18(5) | | 117 | 117 | Tag |21 a5 b4 [73] | !crc| 0 | 0 | Rdr |00(5) 21 a5 b4 73 [8c] | ok | 117 | 117 | Tag |c9 00 00 aa [75] | ok | 0 | 0 | Rdr |0c(4) 00 [ab] | ok | 117 | 117 | Tag |21 a5 b4 73 [53] | ok | 0 | 0 | Rdr |0c(4) 01 [b6] | ok | 117 | 117 | Tag |c9 00 00 aa [75] | ok | 0 | 0 | Rdr |0c(4) 02 [91] | ok | 117 | 117 | Tag |48 54 4f 4e [2c] | ok | 0 | 0 | Rdr |0c(4) 03 [8c] | ok | 117 | 117 | Tag |4d 49 4b 52 [1e] | ok | 0 | 0 | Rdr |0c(4) 04 [df] | ok | 117 | 117 | Tag |00 00 00 00 [a6] | ok | 0 | 0 | Rdr |0c(4) 05 [c2] | ok | 117 | 117 | Tag |00 00 00 00 [a6] | ok | 0 | 0 | Rdr |0c(4) 06 [e5] | ok | 118 | 118 | Tag |00 00 00 00 [a6] | ok | 0 | 0 | Rdr |0c(4) 07 [f8] | ok | 118 | 118 | Tag |57 5f 4f 4b [88] | ok | 0 | 0 | Rdr |0c(4) 08 [43] | ok |
2025-08-14 10:37:23 -07:00 · 2021-12-30 01:40:13 +01:00 · 2021-12-30 01:40:13 +01:00 · 85def31a8d
commit 85def31a8d
parent 8a85702662
5 changed files with 35 additions and 6 deletions
--- a/client/src/cmdlfhitag.c
+++ b/client/src/cmdlfhitag.c
@ -17,6 +17,7 @@
 #include "fileutils.h"   // savefile
 #include "protocols.h"   // defines
 #include "cliparser.h"
+#include "crc.h"

 static int CmdHelp(const char *Cmd);

@ -970,3 +971,8 @@ int CmdLFHitag(const char *Cmd) {
 int readHitagUid(void) {
    return (CmdLFHitagReader("--26") == PM3_SUCCESS);
 }
+
+uint8_t hitag1_CRC_check(uint8_t *d, uint32_t nbit){
+    if (nbit < 9) return 2;
+    return (CRC8Hitag1Bits(d, nbit) == 0);
+}
--- a/client/src/cmdlfhitag.h
+++ b/client/src/cmdlfhitag.h
@ -19,4 +19,5 @@ int readHitagUid(void);
 void annotateHitag1(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool is_response);
 void annotateHitag2(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool is_response);
 void annotateHitagS(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool is_response);
+uint8_t hitag1_CRC_check(uint8_t *d, uint32_t nbit);
 #endif
--- a/client/src/cmdtrace.c
+++ b/client/src/cmdtrace.c
@ -216,10 +216,11 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr
            case ISO_15693:
                crcStatus = iso15693_CRC_check(frame, data_len);
                break;
-            case PROTO_CRYPTORF:
            case PROTO_HITAG1:
-            case PROTO_HITAG2:
            case PROTO_HITAGS:
+                crcStatus = hitag1_CRC_check(frame, (data_len * 8) - ((8 - parityBytes[0]) % 8));
+            case PROTO_CRYPTORF:
+            case PROTO_HITAG2:
            default:
                break;
        }
@ -292,10 +293,8 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr
    if (markCRCBytes) {
        //CRC-command
        if (((protocol == PROTO_HITAG1) || (protocol == PROTO_HITAGS)) && (data_len > 1)) {
-            // notes hitag S:
-            // pm3 is using UID REQUEST Adv -> SOF is 111(AC) then 111111(MC)
-            // for unknown reason, recorded SOF in trace is 1111 instead of 111111 (or should be even skipped)
-            // CRC on tag response is SOF excluded
+            // Note that UID REQUEST response has no CRC, but we don't know
+            // if the response we see is a UID
            char *pos1 = line[(data_len - 1) / 18] + (((data_len - 1) % 18) * 4) + offset - 1;
            (*pos1) = '[';
            char *pos2 = line[(data_len) / 18] + (((data_len) % 18) * 4) + offset - 2;
--- a/common/crc.c
+++ b/common/crc.c
@ -147,3 +147,25 @@ uint32_t CRC8Hitag1(uint8_t *buff, size_t size) {
    }
    return crc_finish(&crc);
 }
+
+uint32_t CRC8Hitag1Bits(uint8_t *buff, size_t bitsize) {
+    crc_t crc;
+    uint8_t data = 0;
+    uint8_t n = 0;
+    crc_init_ref(&crc, 8, 0x1d, 0xff, 0, false, false);
+    uint8_t i;
+    for (i = 0; i < bitsize; i++) {
+        data <<= 1;
+        data += (buff[i/8] >> (7 - (i % 8))) & 1;
+        n += 1;
+        if (n == 8) {
+            crc_update2(&crc, data, n);
+            n = 0;
+            data = 0;
+        }
+    }
+    if (n > 0) {
+        crc_update2(&crc, data, n);
+    }
+    return crc_finish(&crc);
+}
--- a/common/crc.h
+++ b/common/crc.h
@ -78,5 +78,6 @@ uint32_t CRC8Cardx(uint8_t *buff, size_t size);

 // Calculate CRC-8/Hitag1, ZX8211 checksum
 uint32_t CRC8Hitag1(uint8_t *buff, size_t size);
+uint32_t CRC8Hitag1Bits(uint8_t *buff, size_t bitsize);

 #endif /* __CRC_H */