From 1b6566cd5c0afc30cbfd7e2d341b71ef74e0ab48 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 22 Nov 2019 13:55:09 +0200 Subject: [PATCH] Added support for some ISO15693 custom NXP commands --- client/cmdhf15.c | 80 +++++++++++++++++++++++++----------------- client/cmdhflist.c | 72 +++++++++++++++++++++++++++++++++++++ common/iso15693tools.h | 54 ++++++++++++++++++++-------- include/protocols.h | 50 +++++++++++++++++++------- 4 files changed, 195 insertions(+), 61 deletions(-) diff --git a/client/cmdhf15.c b/client/cmdhf15.c index f6c298f63..883364607 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -85,10 +85,11 @@ const productName uidmapping[] = { //I-Code SLI-S [IC id = 02] //I-Code SLI-L [IC id = 03] //I-Code SLIX [IC id = 01 + bit36 set to 1 (starting from bit0 - different from normal SLI)] + //I-Code SLIX2 [IC id = 01 + bit35 set to 1 + bit36 set to 0] //I-Code SLIX-S [IC id = 02 + bit36 set to 1] //I-Code SLIX-L [IC id = 03 + bit36 set to 1] { 0xE004000000000000LL, 16, "NXP Semiconductors Germany (Philips)" }, - { 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)" }, + { 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX) ICS2602(SLIX2)" }, { 0xE004020000000000LL, 24, "NXP(Philips); IC SL2 ICS53/ICS54(SLI-S) ICS5302/ICS5402(SLIX-S)" }, { 0xE004030000000000LL, 24, "NXP(Philips); IC SL2 ICS50/ICS51(SLI-L) ICS5002/ICS5102(SLIX-L)" }, @@ -237,7 +238,7 @@ static int getUID(uint8_t *buf) { } } // retry - return 0; + return PM3_SUCCESS; } // get a product description based on the UID @@ -297,12 +298,12 @@ static int CmdHF15Help(const char *Cmd); static int usage_15_demod(void) { PrintAndLogEx(NORMAL, "Tries to demodulate / decode ISO15693, from downloaded samples.\n" "Gather samples with 'hf 15 read' / 'hf 15 record'"); - return 0; + return PM3_SUCCESS; } static int usage_15_samples(void) { PrintAndLogEx(NORMAL, "Acquire samples as Reader (enables carrier, send inquiry\n" "and download it to graphbuffer. Try 'hf 15 demod' to try to demodulate/decode signal"); - return 0; + return PM3_SUCCESS; } static int usage_15_info(void) { PrintAndLogEx(NORMAL, "Uses the optional command 'get_systeminfo' 0x2B to try and extract information\n" @@ -318,11 +319,11 @@ static int usage_15_info(void) { "\t * scan for tag\n" "Examples:\n" "\thf 15 info u"); - return 0; + return PM3_SUCCESS; } static int usage_15_record(void) { - PrintAndLogEx(NORMAL, "Record activity without enableing carrier"); - return 0; + PrintAndLogEx(NORMAL, "Record activity without enabling carrier"); + return PM3_SUCCESS; } static int usage_15_reader(void) { PrintAndLogEx(NORMAL, "This command identifies a ISO 15693 tag\n" @@ -333,23 +334,25 @@ static int usage_15_reader(void) { "\n" "Example:\n" "\thf 15 reader"); - return 0; + return PM3_SUCCESS; } static int usage_15_sim(void) { PrintAndLogEx(NORMAL, "Usage: hf 15 sim \n" "\n" "Example:\n" "\thf 15 sim E016240000000000"); - return 0; + return PM3_SUCCESS; } static int usage_15_findafi(void) { - PrintAndLogEx(NORMAL, "'hf 15 finafi' This command needs a helptext. Feel free to add one!"); - return 0; + PrintAndLogEx(NORMAL, "This command attempts to brute force AFI of an ISO15693 tag\n" + "\n" + "Usage: hf 15 findafi"); + return PM3_SUCCESS; } static int usage_15_dump(void) { PrintAndLogEx(NORMAL, "This command dumps the contents of a ISO-15693 tag and save it to file\n" "\n" - "Usage: hf 15 dump [h] \n" + "Usage: hf 15 dump [h] \n" "Options:\n" "\th this help\n" "\tf filename, if no UID will be used as filename\n" @@ -357,7 +360,7 @@ static int usage_15_dump(void) { "Example:\n" "\thf 15 dump f\n" "\thf 15 dump f mydump"); - return 0; + return PM3_SUCCESS; } static int usage_15_restore(void) { const char *options[][2] = { @@ -371,7 +374,7 @@ static int usage_15_restore(void) { }; PrintAndLogEx(NORMAL, "Usage: hf 15 restore [-2] [-o] [h] [r ] [u ] [f ] [b ]"); PrintAndLogOptions(options, 7, 3); - return 0; + return PM3_SUCCESS; } static int usage_15_raw(void) { const char *options[][2] = { @@ -382,7 +385,7 @@ static int usage_15_raw(void) { }; PrintAndLogEx(NORMAL, "Usage: hf 15 raw [-r] [-2] [-c] <0A 0B 0C ... hex>\n"); PrintAndLogOptions(options, 4, 3); - return 0; + return PM3_SUCCESS; } static int usage_15_read(void) { PrintAndLogEx(NORMAL, "Usage: hf 15 read [options] \n" @@ -393,7 +396,7 @@ static int usage_15_read(void) { "\t u unaddressed mode\n" "\t * scan for tag\n" "\tpage#: page number 0-255"); - return 0; + return PM3_SUCCESS; } static int usage_15_write(void) { PrintAndLogEx(NORMAL, "Usage: hf 15 write [options] \n" @@ -406,7 +409,7 @@ static int usage_15_write(void) { "\t * scan for tag\n" "\tpage#: page number 0-255\n" "\thexdata: data to be written eg AA BB CC DD"); - return 0; + return PM3_SUCCESS; } static int usage_15_readmulti(void) { PrintAndLogEx(NORMAL, "Usage: hf 15 readmulti [options] \n" @@ -418,7 +421,7 @@ static int usage_15_readmulti(void) { "\t * scan for tag\n" "\tstart#: page number to start 0-255\n" "\tcount#: number of pages"); - return 0; + return PM3_SUCCESS; } static int usage_15_csetuid(void) { PrintAndLogEx(NORMAL, "Set UID for magic Chinese card (only works with such cards)\n" @@ -429,7 +432,7 @@ static int usage_15_csetuid(void) { "\n" "Example:\n" "\thf 15 csetuid E011223344556677"); - return 0; + return PM3_SUCCESS; } /** @@ -686,7 +689,7 @@ static int CmdHF15Info(const char *Cmd) { return 0; } -// Record Activity without enabeling carrier +// Record Activity without enabling carrier //helptext static int CmdHF15Record(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); @@ -724,8 +727,8 @@ static int CmdHF15Sim(const char *Cmd) { return 0; } -// finds the AFI (Application Family Idendifier) of a card, by trying all values -// (There is no standard way of reading the AFI, allthough some tags support this) +// finds the AFI (Application Family Identifier) of a card, by trying all values +// (There is no standard way of reading the AFI, although some tags support this) // helptext static int CmdHF15Afi(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); @@ -856,16 +859,26 @@ static int CmdHF15Dump(const char *Cmd) { size_t datalen = blocknum * 4; saveFileEML(filename, data, datalen, 4); saveFile(filename, ".bin", data, datalen); - return 0; + return PM3_SUCCESS; } static int CmdHF15List(const char *Cmd) { (void)Cmd; // Cmd is not used so far //PrintAndLogEx(WARNING, "Deprecated command, use 'hf list 15' instead"); CmdTraceList("15"); - return 0; + return PM3_SUCCESS; } +/* +// Record Activity without enabling carrier +static int CmdHF15Sniff(const char *Cmd) +{ + clearCommandBuffer(); + SendCommandNG(CMD_HF_ISO15693_SNIFF, NULL, 0); + return PM3_SUCCESS; +} +*/ + static int CmdHF15Raw(const char *Cmd) { char cmdp = param_getchar(Cmd, 0); @@ -939,7 +952,7 @@ static int CmdHF15Raw(const char *Cmd) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); } } - return 0; + return PM3_SUCCESS; } /** @@ -1020,7 +1033,7 @@ static int CmdHF15Readmulti(const char *Cmd) { currblock++; } - return 0; + return PM3_SUCCESS; } /** @@ -1092,7 +1105,7 @@ static int CmdHF15Read(const char *Cmd) { PrintAndLogEx(NORMAL, "------------+---+------"); PrintAndLogEx(NORMAL, "%s| %d | %s", sprint_hex(recv + 2, status - 4), recv[1], sprint_ascii(recv + 2, status - 4)); PrintAndLogEx(NORMAL, ""); - return 0; + return PM3_SUCCESS; } /** @@ -1170,7 +1183,7 @@ static int CmdHF15Write(const char *Cmd) { } PrintAndLogEx(NORMAL, "OK"); - return 0; + return PM3_SUCCESS; } static int CmdHF15Restore(const char *Cmd) { @@ -1257,7 +1270,7 @@ static int CmdHF15Restore(const char *Cmd) { if (bytes_read == 0) { PrintAndLogEx(SUCCESS, "File reading done `%s`", filename); fclose(f); - return 0; + return PM3_SUCCESS; } else if (bytes_read != blocksize) { PrintAndLogEx(ERR, "File reading error (%s), %zu bytes read instead of %zu bytes.", filename, bytes_read, blocksize); fclose(f); @@ -1290,7 +1303,7 @@ static int CmdHF15Restore(const char *Cmd) { } fclose(f); PrintAndLogEx(INFO, "Finish restore"); - return 0; + return PM3_SUCCESS; } /** @@ -1396,7 +1409,8 @@ static command_t CommandTable[] = { {"dump", CmdHF15Dump, IfPm3Iso15693, "Read all memory pages of an ISO15693 tag, save to file"}, {"findafi", CmdHF15Afi, IfPm3Iso15693, "Brute force AFI of an ISO15693 tag"}, {"info", CmdHF15Info, IfPm3Iso15693, "Tag information"}, - {"list", CmdHF15List, AlwaysAvailable, "List ISO15693 history"}, +// {"sniff", CmdHF15Sniff, IfPm3Iso15693, "Sniff ISO15693 traffic"}, + {"list", CmdHF15List, AlwaysAvailable, "List ISO15693 history"}, {"raw", CmdHF15Raw, IfPm3Iso15693, "Send raw hex data to tag"}, {"reader", CmdHF15Reader, IfPm3Iso15693, "Act like an ISO15693 reader"}, {"record", CmdHF15Record, IfPm3Iso15693, "Record Samples (ISO15693)"}, @@ -1406,14 +1420,14 @@ static command_t CommandTable[] = { {"read", CmdHF15Read, IfPm3Iso15693, "Read a block"}, {"write", CmdHF15Write, IfPm3Iso15693, "Write a block"}, {"readmulti", CmdHF15Readmulti, IfPm3Iso15693, "Reads multiple Blocks"}, - {"csetuid", CmdHF15CSetUID, IfPm3Iso15693, "Set UID for magic Chinese card"}, + {"csetuid", CmdHF15CSetUID, IfPm3Iso15693, "Set UID for magic Chinese card"}, {NULL, NULL, NULL, NULL} }; static int CmdHF15Help(const char *Cmd) { (void)Cmd; // Cmd is not used so far CmdsHelp(CommandTable); - return 0; + return PM3_SUCCESS; } int CmdHF15(const char *Cmd) { diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 71ae81926..9f1d9ce23 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -428,6 +428,78 @@ void annotateIso15693(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { case ISO15693_READ_MULTI_SECSTATUS: snprintf(exp, size, "READ_MULTI_SECSTATUS"); return; + case ISO15693_INVENTORY_READ: + snprintf(exp, size, "INVENTORY_READ"); + return; + case ISO15693_FAST_INVENTORY_READ: + snprintf(exp, size, "FAST_INVENTORY_READ"); + return; + case ISO15693_SET_EAS: + snprintf(exp, size, "SET_EAS"); + return; + case ISO15693_RESET_EAS: + snprintf(exp, size, "RESET_EAS"); + return; + case ISO15693_LOCK_EAS: + snprintf(exp, size, "LOCK_EAS"); + return; + case ISO15693_EAS_ALARM: + snprintf(exp, size, "EAS_ALARM"); + return; + case ISO15693_PASSWORD_PROTECT_EAS: + snprintf(exp, size, "PASSWORD_PROTECT_EAS"); + return; + case ISO15693_WRITE_EAS_ID: + snprintf(exp, size, "WRITE_EAS_ID"); + return; + case ISO15693_READ_EPC: + snprintf(exp, size, "READ_EPC"); + return; + case ISO15693_GET_NXP_SYSTEM_INFO: + snprintf(exp, size, "GET_NXP_SYSTEM_INFO"); + return; + case ISO15693_INVENTORY_PAGE_READ: + snprintf(exp, size, "INVENTORY_PAGE_READ"); + return; + case ISO15693_FAST_INVENTORY_PAGE_READ: + snprintf(exp, size, "FAST_INVENTORY_PAGE_READ"); + return; + case ISO15693_GET_RANDOM_NUMBER: + snprintf(exp, size, "GET_RANDOM_NUMBER"); + return; + case ISO15693_SET_PASSWORD: + snprintf(exp, size, "SET_PASSWORD"); + return; + case ISO15693_WRITE_PASSWORD: + snprintf(exp, size, "WRITE_PASSWORD"); + return; + case ISO15693_LOCK_PASSWORD: + snprintf(exp, size, "LOCK_PASSWORD"); + return; + case ISO15693_PROTECT_PAGE: + snprintf(exp, size, "PROTECT_PAGE"); + return; + case ISO15693_LOCK_PAGE_PROTECTION: + snprintf(exp, size, "LOCK_PAGE_PROTECTION"); + return; + case ISO15693_GET_MULTI_BLOCK_PROTECTION: + snprintf(exp, size, "GET_MULTI_BLOCK_PROTECTION"); + return; + case ISO15693_DESTROY: + snprintf(exp, size, "DESTROY"); + return; + case ISO15693_ENABLE_PRIVACY: + snprintf(exp, size, "ENABLE_PRIVACY"); + return; + case ISO15693_64BIT_PASSWORD_PROTECTION: + snprintf(exp, size, "64BIT_PASSWORD_PROTECTION"); + return; + case ISO15693_STAYQUIET_PERSISTENT: + snprintf(exp, size, "STAYQUIET_PERSISTENT"); + return; + case ISO15693_READ_SIGNATURE: + snprintf(exp, size, "READ_SIGNATURE"); + return; default: break; } diff --git a/common/iso15693tools.h b/common/iso15693tools.h index 42b2152cc..62ad85499 100644 --- a/common/iso15693tools.h +++ b/common/iso15693tools.h @@ -51,21 +51,45 @@ #define ISO15_ERROR_BLOCL_WRITELOCK 0x14 // Locking was unsuccessful // COMMAND CODES -#define ISO15_CMD_INVENTORY 0x01 -#define ISO15_CMD_STAYQUIET 0x02 -#define ISO15_CMD_READ 0x20 -#define ISO15_CMD_WRITE 0x21 -#define ISO15_CMD_LOCK 0x22 -#define ISO15_CMD_READMULTI 0x23 -#define ISO15_CMD_WRITEMULTI 0x24 -#define ISO15_CMD_SELECT 0x25 -#define ISO15_CMD_RESET 0x26 -#define ISO15_CMD_WRITEAFI 0x27 -#define ISO15_CMD_LOCKAFI 0x28 -#define ISO15_CMD_WRITEDSFID 0x29 -#define ISO15_CMD_LOCKDSFID 0x2A -#define ISO15_CMD_SYSINFO 0x2B -#define ISO15_CMD_SECSTATUS 0x2C +#define ISO15_CMD_INVENTORY 0x01 +#define ISO15_CMD_STAYQUIET 0x02 +#define ISO15_CMD_READ 0x20 +#define ISO15_CMD_WRITE 0x21 +#define ISO15_CMD_LOCK 0x22 +#define ISO15_CMD_READMULTI 0x23 +#define ISO15_CMD_WRITEMULTI 0x24 +#define ISO15_CMD_SELECT 0x25 +#define ISO15_CMD_RESET 0x26 +#define ISO15_CMD_WRITEAFI 0x27 +#define ISO15_CMD_LOCKAFI 0x28 +#define ISO15_CMD_WRITEDSFID 0x29 +#define ISO15_CMD_LOCKDSFID 0x2A +#define ISO15_CMD_SYSINFO 0x2B +#define ISO15_CMD_SECSTATUS 0x2C +#define ISO15_CMD_INVENTORYREAD 0xA0 +#define ISO15_CMD_FASTINVENTORYREAD 0xA1 +#define ISO15_CMD_SETEAS 0xA2 +#define ISO15_CMD_RESETEAS 0xA3 +#define ISO15_CMD_LOCKEAS 0xA4 +#define ISO15_CMD_EASALARM 0xA5 +#define ISO15_CMD_PASSWORDPROTECTEAS 0xA6 +#define ISO15_CMD_WRITEEASID 0xA7 +#define ISO15_CMD_READEPC 0xA8 +#define ISO15_CMD_GETNXPSYSTEMINFO 0xAB +#define ISO15_CMD_INVENTORYPAGEREAD 0xB0 +#define ISO15_CMD_FASTINVENTORYPAGEREAD 0xB1 +#define ISO15_CMD_GETRANDOMNUMBER 0xB2 +#define ISO15_CMD_SETPASSWORD 0xB3 +#define ISO15_CMD_WRITEPASSWORD 0xB4 +#define ISO15_CMD_LOCKPASSWORD 0xB5 +#define ISO15_CMD_PROTECTPAGE 0xB6 +#define ISO15_CMD_LOCKPAGEPROTECTION 0xB7 +#define ISO15_CMD_GETMULTIBLOCKPROTECTION 0xB8 +#define ISO15_CMD_DESTROY 0xB9 +#define ISO15_CMD_ENABLEPRIVACY 0xBA +#define ISO15_CMD_64BITPASSWORDPROTECTION 0xBB +#define ISO15_CMD_STAYQUIETPERSISTENT 0xBC +#define ISO15_CMD_READSIGNATURE 0xBD //----------------------------------------------------------------------------- // Map a sequence of octets (~layer 2 command) into the set of bits to feed diff --git a/include/protocols.h b/include/protocols.h index 2547f01de..8018ae62e 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -239,19 +239,43 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define ISO15693_INVENTORY 0x01 #define ISO15693_STAYQUIET 0x02 //First byte is 02 -#define ISO15693_READBLOCK 0x20 -#define ISO15693_WRITEBLOCK 0x21 -#define ISO15693_LOCKBLOCK 0x22 -#define ISO15693_READ_MULTI_BLOCK 0x23 -#define ISO15693_SELECT 0x25 -#define ISO15693_RESET_TO_READY 0x26 -#define ISO15693_WRITE_AFI 0x27 -#define ISO15693_LOCK_AFI 0x28 -#define ISO15693_WRITE_DSFID 0x29 -#define ISO15693_LOCK_DSFID 0x2A -#define ISO15693_GET_SYSTEM_INFO 0x2B -#define ISO15693_READ_MULTI_SECSTATUS 0x2C - +#define ISO15693_READBLOCK 0x20 +#define ISO15693_WRITEBLOCK 0x21 +#define ISO15693_LOCKBLOCK 0x22 +#define ISO15693_READ_MULTI_BLOCK 0x23 +#define ISO15693_SELECT 0x25 +#define ISO15693_RESET_TO_READY 0x26 +#define ISO15693_WRITE_AFI 0x27 +#define ISO15693_LOCK_AFI 0x28 +#define ISO15693_WRITE_DSFID 0x29 +#define ISO15693_LOCK_DSFID 0x2A +#define ISO15693_GET_SYSTEM_INFO 0x2B +#define ISO15693_READ_MULTI_SECSTATUS 0x2C +// NXP/Philips custom commands +#define ISO15693_INVENTORY_READ 0xA0 +#define ISO15693_FAST_INVENTORY_READ 0xA1 +#define ISO15693_SET_EAS 0xA2 +#define ISO15693_RESET_EAS 0xA3 +#define ISO15693_LOCK_EAS 0xA4 +#define ISO15693_EAS_ALARM 0xA5 +#define ISO15693_PASSWORD_PROTECT_EAS 0xA6 +#define ISO15693_WRITE_EAS_ID 0xA7 +#define ISO15693_READ_EPC 0xA8 +#define ISO15693_GET_NXP_SYSTEM_INFO 0xAB +#define ISO15693_INVENTORY_PAGE_READ 0xB0 +#define ISO15693_FAST_INVENTORY_PAGE_READ 0xB1 +#define ISO15693_GET_RANDOM_NUMBER 0xB2 +#define ISO15693_SET_PASSWORD 0xB3 +#define ISO15693_WRITE_PASSWORD 0xB4 +#define ISO15693_LOCK_PASSWORD 0xB5 +#define ISO15693_PROTECT_PAGE 0xB6 +#define ISO15693_LOCK_PAGE_PROTECTION 0xB7 +#define ISO15693_GET_MULTI_BLOCK_PROTECTION 0xB8 +#define ISO15693_DESTROY 0xB9 +#define ISO15693_ENABLE_PRIVACY 0xBA +#define ISO15693_64BIT_PASSWORD_PROTECTION 0xBB +#define ISO15693_STAYQUIET_PERSISTENT 0xBC +#define ISO15693_READ_SIGNATURE 0xBD // Topaz command set: #define TOPAZ_REQA 0x26 // Request