github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-21 05:43:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix 'hf 15 csetuid'

Browse source 
* check for error codes, prevent client crash
* some include file refactoring
* some whitespace fixes
This commit is contained in:
pwpiwi 2019-12-02 19:30:09 +01:00
commit c617e3a329
3 changed files with 159 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

23
armsrc/iso15693.c
View file

@ -1581,17 +1581,15 @@ void ReaderIso15693(uint32_t parameter) {
answerLen = GetIso15693AnswerFromTag(answer, sizeof(answer), DELAY_ISO15693_VCD_TO_VICC_READER * 2, &eof_time) ;
start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
if (answerLen >=12) // we should do a better check than this
{
if (answerLen >= 12) { // we should do a better check than this
TagUID[0] = answer[2];
TagUID[1] = answer[3];
TagUID[2] = answer[4];
TagUID[3] = answer[5];
TagUID[4] = answer[6];
TagUID[5] = answer[7];
TagUID[6] = answer[8]; // IC Manufacturer code
TagUID[7] = answer[9]; // always E0
TagUID[6] = answer[8];
TagUID[7] = answer[9]; // IC Manufacturer code always E0
}
Dbprintf("%d octets read from IDENTIFY request:", answerLen);
@ -1604,15 +1602,6 @@ void ReaderIso15693(uint32_t parameter) {
TagUID[7],TagUID[6],TagUID[5],TagUID[4],
TagUID[3],TagUID[2],TagUID[1],TagUID[0]);
// Dbprintf("%d octets read from SELECT request:", answerLen2);
// DbdecodeIso15693Answer(answerLen2,answer2);
// Dbhexdump(answerLen2,answer2,true);
// Dbprintf("%d octets read from XXX request:", answerLen3);
// DbdecodeIso15693Answer(answerLen3,answer3);
// Dbhexdump(answerLen3,answer3,true);
// read all pages
if (answerLen >= 12 && DEBUG) {
for (int i = 0; i < 32; i++) { // sanity check, assume max 32 pages
@ -1629,7 +1618,7 @@ void ReaderIso15693(uint32_t parameter) {
}
}
// for the time being, switch field off to protect rdv4.0
// for the time being, switch field off to protect RDV4
// note: this prevents using hf 15 cmd with s option - which isn't implemented yet anyway
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
@ -1808,13 +1797,13 @@ void SetTag15693Uid(uint8_t *uid) {
cmd[i][7] = crc & 0xff;
cmd[i][8] = crc >> 8;
recvlen = SendDataTag(cmd[i], sizeof(cmd[i]), true, 1, recvbuf, sizeof(recvbuf), 0, &eof_time);
if (DEBUG) {
Dbprintf("SEND:");
Dbhexdump(sizeof(cmd[i]), cmd[i], false);
}
recvlen = SendDataTag(cmd[i], sizeof(cmd[i]), true, 1, recvbuf, sizeof(recvbuf), 0, &eof_time);
if (DEBUG) {
Dbprintf("RECV:");
if (recvlen > 0) {

297
client/cmdhf15.c
View file

@ -90,34 +90,32 @@ static const int Iso15693FrameEOF[] = {
// fast method to just read the UID of a tag (collission detection not supported)
// *buf should be large enough to fit the 64bit uid
// returns 1 if suceeded
int getUID(uint8_t *buf)
{
// returns true if suceeded
static bool getUID(uint8_t *buf) {
UsbCommand resp;
uint8_t *recv;
UsbCommand c = {CMD_ISO_15693_COMMAND, {0, 1, 1}}; // len,speed,recv?
uint8_t *req=c.d.asBytes;
uint8_t *req = c.d.asBytes;
int reqlen=0;
for (int retry=0;retry<3; retry++) { // don't give up the at the first try
for (int retry = 0;retry < 3; retry++) { // don't give up the at the first try
req[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1;
req[1] = ISO15693_INVENTORY;
req[2] = 0; // mask length
reqlen = AddCrc(req,3);
reqlen = AddCrc(req, 3);
c.arg[0] = reqlen;
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
recv = resp.d.asBytes;
if (resp.arg[0]>=12 && ISO15693_CRC_CHECK==Crc(recv,12)) {
memcpy(buf,&recv[2],8);
return 1;
if (resp.arg[0] >= 12 && ISO15693_CRC_CHECK == Crc(recv, 12)) {
memcpy(buf, &recv[2], 8);
return true;
}
}
} // retry
return 0;
return false;
}
@ -369,39 +367,6 @@ int CmdHF15DumpMem(const char*Cmd) {
}
// "HF 15" interface
static command_t CommandTable15[] =
{
{"help", CmdHF15Help, 1, "This help"},
{"demod", CmdHF15Demod, 1, "Demodulate ISO15693 from tag"},
{"read", CmdHF15Read, 0, "Read HF tag (ISO 15693)"},
{"snoop", CmdHF15Snoop, 0, "Eavesdrop ISO 15693 communications"},
{"reader", CmdHF15Reader, 0, "Act like an ISO15693 reader"},
{"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"},
{"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"},
{"findafi", CmdHF15Afi, 0, "Brute force AFI of an ISO15693 tag"},
{"dumpmemory", CmdHF15DumpMem, 0, "Read all memory pages of an ISO15693 tag"},
{"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"},
{NULL, NULL, 0, NULL}
};
int CmdHF15(const char *Cmd)
{
CmdsParse(CommandTable15, Cmd);
return 0;
}
int CmdHF15Help(const char *Cmd)
{
CmdsHelp(CommandTable15);
return 0;
}
// "HF 15 Cmd" Interface
// Allows direct communication with the tag on command level
int CmdHF15CmdInquiry(const char *Cmd)
{
UsbCommand resp;
@ -964,120 +929,160 @@ int CmdHF15CmdWrite(const char *Cmd) {
return 0;
}
int CmdHF15CSetUID(const char *Cmd)
{
uint8_t uid[8] = {0x00};
uint8_t oldUid[8], newUid[8] = {0x00};
uint8_t needHelp = 0;
char cmdp = 1;
if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 16)) {
PrintAndLog("UID must include 16 HEX symbols");
return 1;
}
if (uid[0] != 0xe0) {
PrintAndLog("UID must begin with the byte 'E0'");
return 1;
}
while(param_getchar(Cmd, cmdp) != 0x00)
{
switch(param_getchar(Cmd, cmdp))
{
case 'h':
case 'H':
needHelp = 1;
break;
default:
PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp));
needHelp = 1;
break;
}
cmdp++;
}
if (strlen(Cmd) < 1 || needHelp) {
PrintAndLog("");
PrintAndLog("Usage: hf 15 csetuid <UID 16 hex symbols>");
PrintAndLog("sample: hf 15 csetuid E004013344556677");
PrintAndLog("Set UID for magic Chinese card (only works with such cards)");
return 0;
}
PrintAndLog("");
PrintAndLog("new UID | %s", sprint_hex(uid, 8));
PrintAndLog("Using backdoor Magic tag function");
if (!getUID(oldUid)) {
PrintAndLog("Can't get old UID.");
return 1;
}
UsbCommand resp;
uint8_t *recv;
char *hexout;
UsbCommand c = {CMD_CSETUID_ISO_15693, {0, 0, 0}};
memcpy(c.d.asBytes, uid, 8);
int CmdHF15CSetUID(const char *Cmd) {
uint8_t uid[8] = {0x00};
uint8_t oldUid[8], newUid[8] = {0x00};
SendCommand(&c);
for (int i=0; i<4; i++) {
if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
recv = resp.d.asBytes;
PrintAndLog("received %i octets",resp.arg[0]);
hexout = (char *)malloc(resp.arg[0] * 3 + 1);
if (hexout != NULL) {
for (int i = 0; i < resp.arg[0]; i++) { // data in hex
sprintf(&hexout[i * 3], "%02X ", recv[i]);
}
PrintAndLog("%s", hexout);
free(hexout);
}
} else {
PrintAndLog("timeout while waiting for reply.");
}
}
if (!getUID(newUid)) {
PrintAndLog("Can't get new UID.");
return 1;
}
PrintAndLog("");
PrintAndLog("old UID : %02X %02X %02X %02X %02X %02X %02X %02X", oldUid[7], oldUid[6], oldUid[5], oldUid[4], oldUid[3], oldUid[2], oldUid[1], oldUid[0]);
PrintAndLog("new UID : %02X %02X %02X %02X %02X %02X %02X %02X", newUid[7], newUid[6], newUid[5], newUid[4], newUid[3], newUid[2], newUid[1], newUid[0]);
return 0;
uint8_t needHelp = 0;
char cmdp = 1;
if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 16)) {
PrintAndLog("UID must include 16 HEX symbols");
return 1;
}
if (uid[0] != 0xe0) {
PrintAndLog("UID must begin with the byte 'E0'");
return 1;
}
while (param_getchar(Cmd, cmdp) != 0x00) {
switch (param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
needHelp = 1;
break;
default:
PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp));
needHelp = 1;
break;
}
cmdp++;
}
if (strlen(Cmd) < 1 || needHelp) {
PrintAndLog("");
PrintAndLog("Usage: hf 15 csetuid <UID 16 hex symbols>");
PrintAndLog("sample: hf 15 csetuid E004013344556677");
PrintAndLog("Set UID for magic Chinese card (only works with such cards)");
return 0;
}
PrintAndLog("");
PrintAndLog("new UID | %s", sprint_hex(uid, 8));
PrintAndLog("Using backdoor Magic tag function");
if (!getUID(oldUid)) {
PrintAndLog("Can't get old UID.");
return 1;
}
UsbCommand resp;
uint8_t *recv;
char *hexout;
UsbCommand c = {CMD_CSETUID_ISO_15693, {0, 0, 0}};
memcpy(c.d.asBytes, uid, 8);
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
recv = resp.d.asBytes;
int recv_len = resp.arg[0];
if (recv_len == 0) {
PrintAndLog("received SOF only. Maybe Picopass/iCLASS?");
} else if (recv_len > 0) {
PrintAndLog("received %i octets", recv_len);
hexout = (char *)malloc(resp.arg[0] * 3 + 1);
if (hexout != NULL) {
for (int i = 0; i < resp.arg[0]; i++) { // data in hex
sprintf(&hexout[i * 3], "%02X ", recv[i]);
}
PrintAndLog("%s", hexout);
free(hexout);
}
} else if (recv_len == -1) {
PrintAndLog("card didn't respond");
} else if (recv_len == -2) {
PrintAndLog("receive buffer overflow");
}
} else {
PrintAndLog("timeout while waiting for reply.");
}
if (!getUID(newUid)) {
PrintAndLog("Can't get new UID.");
return 1;
}
PrintAndLog("");
PrintAndLog("old UID : %02X %02X %02X %02X %02X %02X %02X %02X", oldUid[7], oldUid[6], oldUid[5], oldUid[4], oldUid[3], oldUid[2], oldUid[1], oldUid[0]);
PrintAndLog("new UID : %02X %02X %02X %02X %02X %02X %02X %02X", newUid[7], newUid[6], newUid[5], newUid[4], newUid[3], newUid[2], newUid[1], newUid[0]);
return 0;
}
static command_t CommandTable15Cmd[] =
{
{"help", CmdHF15CmdHelp, 1, "This Help"},
{"inquiry", CmdHF15CmdInquiry, 0, "Search for tags in range"},
// "HF 15 Cmd" Interface
// Allows direct communication with the tag on command level
static int CmdHF15CmdHelp(const char*Cmd);
static command_t CommandTable15Cmd[] = {
{"help", CmdHF15CmdHelp, 1, "This Help"},
{"inquiry", CmdHF15CmdInquiry, 0, "Search for tags in range"},
/*
{"select", CmdHF15CmdSelect, 0, "Select an tag with a specific UID for further commands"},
{"select", CmdHF15CmdSelect, 0, "Select an tag with a specific UID for further commands"},
*/
{"read", CmdHF15CmdRead, 0, "Read a block"},
{"write", CmdHF15CmdWrite, 0, "Write a block"},
{"readmulti",CmdHF15CmdReadmulti, 0, "Reads multiple Blocks"},
{"sysinfo",CmdHF15CmdSysinfo, 0, "Get Card Information"},
{"raw", CmdHF15CmdRaw, 0, "Send raw hex data to tag"},
{"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"},
{"debug", CmdHF15CmdDebug, 0, "Turn debugging on/off"},
{NULL, NULL, 0, NULL}
{"read", CmdHF15CmdRead, 0, "Read a block"},
{"write", CmdHF15CmdWrite, 0, "Write a block"},
{"readmulti", CmdHF15CmdReadmulti, 0, "Reads multiple Blocks"},
{"sysinfo", CmdHF15CmdSysinfo, 0, "Get Card Information"},
{"raw", CmdHF15CmdRaw, 0, "Send raw hex data to tag"},
{"debug", CmdHF15CmdDebug, 0, "Turn debugging on/off"},
{NULL, NULL, 0, NULL}
};
int CmdHF15Cmd(const char *Cmd)
{
int CmdHF15Cmd(const char *Cmd) {
CmdsParse(CommandTable15Cmd, Cmd);
return 0;
}
int CmdHF15CmdHelp(const char *Cmd)
{
static int CmdHF15CmdHelp(const char *Cmd) {
CmdsHelp(CommandTable15Cmd);
return 0;
}
// "HF 15" interface
static int CmdHF15Help(const char*Cmd);
static command_t CommandTable15[] = {
{"help", CmdHF15Help, 1, "This help"},
{"demod", CmdHF15Demod, 1, "Demodulate ISO15693 from tag"},
{"read", CmdHF15Read, 0, "Read HF tag (ISO 15693)"},
{"snoop", CmdHF15Snoop, 0, "Eavesdrop ISO 15693 communications"},
{"reader", CmdHF15Reader, 0, "Act like an ISO15693 reader"},
{"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"},
{"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"},
{"findafi", CmdHF15Afi, 0, "Brute force AFI of an ISO15693 tag"},
{"dumpmemory", CmdHF15DumpMem, 0, "Read all memory pages of an ISO15693 tag"},
{"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"},
{NULL, NULL, 0, NULL}
};
int CmdHF15(const char *Cmd) {
CmdsParse(CommandTable15, Cmd);
return 0;
}
static int CmdHF15Help(const char *Cmd) {
CmdsHelp(CommandTable15);
return 0;
}

14
client/cmdhf15.h
View file

@ -13,17 +13,7 @@
#include <stdbool.h>
int CmdHF15(const char *Cmd);
int CmdHF15Demod(const char *Cmd);
int CmdHF15Read(const char *Cmd);
int HF15Reader(const char *Cmd, bool verbose);
int CmdHF15Reader(const char *Cmd);
int CmdHF15Sim(const char *Cmd);
int CmdHF15Record(const char *Cmd);
int CmdHF15Cmd(const char*Cmd);
int CmdHF15CSetUID(const char *Cmd);
int CmdHF15CmdHelp(const char*Cmd);
int CmdHF15Help(const char*Cmd);
extern int CmdHF15(const char *Cmd);
extern int HF15Reader(const char *Cmd, bool verbose);
#endif