'lf hitag writer': add Hitag2 password auth

* (PRs 233, 303, 304 by @ViRb3 on https://github.com/RfidResearchGroup/proxmark3) * replace byte_t by uint8_t * note that Hitag1 commands are not yet available * whitespace fixes
2025-08-21 22:03:19 -07:00 · 2019-08-06 13:00:35 +02:00 · 2019-08-06 13:00:35 +02:00 · 56e92b77da
commit 56e92b77da
parent 5a446cb212
4 changed files with 732 additions and 700 deletions
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@ -16,7 +16,6 @@
 #include <stddef.h>
 #include "common.h"
 #include "usb_cmd.h"
-#include "hitag2.h"
 #include "hitagS.h"
 #include "mifare.h"
 #include "../common/crc32.h"
--- a/armsrc/hitag2.c
+++ b/armsrc/hitag2.c
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@ -30,7 +30,7 @@ size_t nbytes(size_t nbits) {

 int CmdLFHitagList(const char *Cmd)
 {
- 	uint8_t *got = malloc(USB_CMD_DATA_SIZE);
+	uint8_t *got = malloc(USB_CMD_DATA_SIZE);
 	// Query for the actual size of the trace
 	UsbCommand response;
 	GetFromBigBuf(got, USB_CMD_DATA_SIZE, 0, &response, -1, false);
@ -248,7 +248,7 @@ int CmdLFHitagReader(const char *Cmd) {
 		} break;
 		case RHT2F_CRYPTO: {
 			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
-			//			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
+			//          num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
 		} break;
 		case RHT2F_TEST_AUTH_ATTEMPTS: {
 			// No additional parameters needed
@ -261,19 +261,20 @@ int CmdLFHitagReader(const char *Cmd) {
 			PrintAndLog("");
 			PrintAndLog("Usage: hitag reader <Reader Function #>");
 			PrintAndLog("Reader Functions:");
-			PrintAndLog(" HitagS (0*)");
-			PrintAndLog("  01 <nr> <ar> (Challenge) <firstPage> <tagmode> read all pages from a Hitag S tag");
-			PrintAndLog("  02 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all pages from a Hitag S tag");
-			PrintAndLog("  03 <nr> <ar> (Challenge) <firstPage> <tagmode> read all blocks from a Hitag S tag");
-			PrintAndLog("  04 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all blocks from a Hitag S tag");
-			PrintAndLog("  Valid tagmodes are 0=STANDARD, 1=ADVANCED, 2=FAST_ADVANCED (default is ADVANCED)");
-			PrintAndLog(" Hitag1 (1*)");
-			PrintAndLog(" Hitag2 (2*)");
-			PrintAndLog("  21 <password> (password mode)");
-			PrintAndLog("  22 <nr> <ar> (authentication)");
-			PrintAndLog("  23 <key> (authentication) key is in format: ISK high + ISK low");
-			PrintAndLog("  25 (test recorded authentications)");
-			PrintAndLog("  26 just read UID");
+			PrintAndLog("  HitagS (0*):");
+			PrintAndLog("    01 <nr> <ar> (Challenge) <firstPage> <tagmode> read all pages from a Hitag S tag");
+			PrintAndLog("    02 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all pages from a Hitag S tag");
+			PrintAndLog("    03 <nr> <ar> (Challenge) <firstPage> <tagmode> read all blocks from a Hitag S tag");
+			PrintAndLog("    04 <key> (set to 0 if no authentication is needed) <firstPage> <tagmode> read all blocks from a Hitag S tag");
+			PrintAndLog("    Valid tagmodes are 0=STANDARD, 1=ADVANCED, 2=FAST_ADVANCED (default is ADVANCED)");
+			PrintAndLog("  Hitag1 (1*):");
+			PrintAndLog("    (not yet implemented)");
+			PrintAndLog("  Hitag2 (2*):");
+			PrintAndLog("    21 <password> (password mode)");
+			PrintAndLog("    22 <nr> <ar> (authentication)");
+			PrintAndLog("    23 <key> (authentication) key is in format: ISK high + ISK low");
+			PrintAndLog("    25 (test recorded authentications)");
+			PrintAndLog("    26 just read UID");
 			return 1;
 		} break;
 	}
@ -369,7 +370,7 @@ int CmdLFHitagCheckChallenges(const char *Cmd) {
 			PrintAndLog("Error: File reading error");
 			fclose(pf);
 			return 1;
-        }
+		}
 		fclose(pf);
 	} else {
 		file_given = false;
@ -389,28 +390,33 @@ int CmdLFHitagWP(const char *Cmd) {
 	hitag_data* htd = (hitag_data*)c.d.asBytes;
 	hitag_function htf = param_get32ex(Cmd,0,0,10);
 	switch (htf) {
-		case 03: { //WHTSF_CHALLENGE
+		case WHTSF_CHALLENGE: {
 			num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
 			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
 			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
 		} break;
-		case 04:
-		case 24:
-		{ //WHTSF_KEY
+		case WHTSF_KEY:
+		case WHT2F_CRYPTO: {
 			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
 			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
 			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
-
+		} break;
+		case WHT2F_PASSWORD: {
+			num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 4, htd->pwd.password);
+			c.arg[2] = param_get32ex(Cmd, 2, 0, 10);
+			num_to_bytes(param_get32ex(Cmd, 3, 0, 16), 4, htd->crypto.data);
 		} break;
 		default: {
 			PrintAndLog("Error: unkown writer function %d",htf);
 			PrintAndLog("Hitag writer functions");
-			PrintAndLog(" HitagS (0*)");
-			PrintAndLog("  03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
-			PrintAndLog("  04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
-			PrintAndLog(" Hitag1 (1*)");
-			PrintAndLog(" Hitag2 (2*)");
-			PrintAndLog("  24 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog("  HitagS (0*):");
+			PrintAndLog("    03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog("    04 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog("  Hitag1 (1*)");
+			PrintAndLog("    (not yet implemented)");
+			PrintAndLog("  Hitag2 (2*):");
+			PrintAndLog("    24 <key> (set to 0 if no authentication is needed) <page> <byte0...byte3> write page on a Hitag S tag");
+			PrintAndLog("    27 <password> <page> <byte0...byte3> write page on a Hitag2 tag");
 			return 1;
 		} break;
 	}
@ -431,14 +437,14 @@ int CmdLFHitagWP(const char *Cmd) {

 static command_t CommandTable[] =
 {
-  {"help",    		CmdHelp,           1, "This help"},
-  {"list",    		CmdLFHitagList,    1, "<outfile> List Hitag trace history"},
-  {"reader",  		CmdLFHitagReader,  1, "Act like a Hitag Reader"},
-  {"sim",     		CmdLFHitagSim,     1, "<infile> Simulate Hitag transponder"},
-  {"snoop",   		CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
-  {"writer",   		CmdLFHitagWP,      1, "Act like a Hitag Writer" },
-  {"simS",   		CmdLFHitagSimS,    1, "<hitagS.hts> Simulate HitagS transponder" }, 
-  {"checkChallenges",	CmdLFHitagCheckChallenges,   1, "<challenges.cc> <tagmode> test all challenges" }, {
+  {"help",          CmdHelp,           1, "This help"},
+  {"list",          CmdLFHitagList,    1, "<outfile> List Hitag trace history"},
+  {"reader",        CmdLFHitagReader,  1, "Act like a Hitag Reader"},
+  {"sim",           CmdLFHitagSim,     1, "<infile> Simulate Hitag transponder"},
+  {"snoop",         CmdLFHitagSnoop,   1, "Eavesdrop Hitag communication"},
+  {"writer",        CmdLFHitagWP,      1, "Act like a Hitag Writer" },
+  {"simS",          CmdLFHitagSimS,    1, "<hitagS.hts> Simulate HitagS transponder" },
+  {"checkChallenges",   CmdLFHitagCheckChallenges,   1, "<challenges.cc> <tagmode> test all challenges" }, {
 				NULL,NULL, 0, NULL }
 };

--- a/include/hitag.h
+++ b/include/hitag.h
@ -31,6 +31,7 @@ typedef enum {
 	WHT2F_CRYPTO              = 24,
 	RHT2F_TEST_AUTH_ATTEMPTS  = 25,
 	RHT2F_UID_ONLY            = 26,
+    WHT2F_PASSWORD            = 27,
 } hitag_function;

 typedef struct {