This is the major changes made to the HITAG2 commands. Its heavly based on RFIDLers implementation and its been converted to work with Proxmark3. Special thanks to @kevsecurity for his amazing implementations of the Gone in 360 Seconds paper by Roel, Flavio & Balasch. Thanks to @adamlaurie for his RFIDler project. It wouldnt been doable without it.

2025-08-19 21:03:48 -07:00 · 2024-04-22 16:20:24 +02:00 · 2024-04-22 16:20:24 +02:00 · c8849af5e0
commit c8849af5e0
parent fc2a3dd2c5
20 changed files with 2703 additions and 708 deletions
--- a/include/hitag.h
+++ b/include/hitag.h
@ -39,37 +39,28 @@ typedef enum {
    RHT2F_UID_ONLY            = 26,
    WHT2F_PASSWORD            = 27,
    HT2_LAST_CMD              = WHT2F_PASSWORD,
-} hitag_function;
-
-typedef struct {
-    uint8_t password[4];
-} PACKED rht2d_password;
+} PACKED hitag_function;

 typedef struct {
+    hitag_function cmd;
+    int16_t page;
+    uint8_t data[4];
    uint8_t NrAr[8];
-    uint8_t data[4];
-} PACKED rht2d_authenticate;
-
-typedef struct {
    uint8_t key[6];
-    uint8_t data[4];
-} PACKED rht2d_crypto;
+    uint8_t pwd[4];

-typedef struct {
+    // Hitag 1 section.
+    // will reuse pwd or key field.
    uint8_t key_no;
    uint8_t logdata_0[4];
    uint8_t logdata_1[4];
    uint8_t nonce[4];
-    uint8_t key[4];
-} PACKED rht1d_authenticate;
-
-typedef union {
-    rht2d_password     pwd;
-    rht1d_authenticate ht1auth;
-    rht2d_authenticate auth;
-    rht2d_crypto       crypto;
-} hitag_data;
+} PACKED lf_hitag_data_t;

+typedef struct {
+    int status;
+    uint8_t data[48];
+} PACKED lf_hitag_crack_response_t;

 //---------------------------------------------------------
 // Hitag S