mirror of
https://github.com/Proxmark/proxmark3.git
synced 2024-09-21 23:36:51 +08:00
Merge pull request #7 from marshmellow42/hitag2_tests
attempt hitag2 uid read for lf search
This commit is contained in:
commit
fc249a8e13
|
@ -697,6 +697,42 @@ static bool hitag2_test_auth_attempts(byte_t* rx, const size_t rxlen, byte_t* tx
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool hitag2_read_uid(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* txlen) {
|
||||||
|
// Reset the transmission frame length
|
||||||
|
*txlen = 0;
|
||||||
|
|
||||||
|
// Try to find out which command was send by selecting on length (in bits)
|
||||||
|
switch (rxlen) {
|
||||||
|
// No answer, try to resurrect
|
||||||
|
case 0: {
|
||||||
|
// Just starting or if there is no answer
|
||||||
|
*txlen = 5;
|
||||||
|
memcpy(tx,"\xc0",nbytes(*txlen));
|
||||||
|
} break;
|
||||||
|
// Received UID
|
||||||
|
case 32: {
|
||||||
|
// Check if we received answer tag (at)
|
||||||
|
if (bAuthenticating) {
|
||||||
|
bAuthenticating = false;
|
||||||
|
} else {
|
||||||
|
// Store the received block
|
||||||
|
memcpy(tag.sectors[blocknr],rx,4);
|
||||||
|
blocknr++;
|
||||||
|
}
|
||||||
|
if (blocknr > 0) {
|
||||||
|
//DbpString("Read successful!");
|
||||||
|
bSuccessful = true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} break;
|
||||||
|
// Unexpected response
|
||||||
|
default: {
|
||||||
|
Dbprintf("Uknown frame length: %d",rxlen);
|
||||||
|
return false;
|
||||||
|
} break;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
void SnoopHitag(uint32_t type) {
|
void SnoopHitag(uint32_t type) {
|
||||||
int frame_count;
|
int frame_count;
|
||||||
|
@ -1123,19 +1159,18 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
|
||||||
set_tracing(TRUE);
|
set_tracing(TRUE);
|
||||||
clear_trace();
|
clear_trace();
|
||||||
|
|
||||||
DbpString("Starting Hitag reader family");
|
//DbpString("Starting Hitag reader family");
|
||||||
|
|
||||||
// Check configuration
|
// Check configuration
|
||||||
switch(htf) {
|
switch(htf) {
|
||||||
case RHT2F_PASSWORD: {
|
case RHT2F_PASSWORD: {
|
||||||
Dbprintf("List identifier in password mode");
|
Dbprintf("List identifier in password mode");
|
||||||
memcpy(password,htd->pwd.password,4);
|
memcpy(password,htd->pwd.password,4);
|
||||||
blocknr = 0;
|
blocknr = 0;
|
||||||
bQuitTraceFull = false;
|
bQuitTraceFull = false;
|
||||||
bQuiet = false;
|
bQuiet = false;
|
||||||
bPwd = false;
|
bPwd = false;
|
||||||
} break;
|
} break;
|
||||||
|
|
||||||
case RHT2F_AUTHENTICATE: {
|
case RHT2F_AUTHENTICATE: {
|
||||||
DbpString("Authenticating using nr,ar pair:");
|
DbpString("Authenticating using nr,ar pair:");
|
||||||
memcpy(NrAr,htd->auth.NrAr,8);
|
memcpy(NrAr,htd->auth.NrAr,8);
|
||||||
|
@ -1145,7 +1180,6 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
|
||||||
bAuthenticating = false;
|
bAuthenticating = false;
|
||||||
bQuitTraceFull = true;
|
bQuitTraceFull = true;
|
||||||
} break;
|
} break;
|
||||||
|
|
||||||
case RHT2F_CRYPTO: {
|
case RHT2F_CRYPTO: {
|
||||||
DbpString("Authenticating using key:");
|
DbpString("Authenticating using key:");
|
||||||
memcpy(key,htd->crypto.key,6); //HACK; 4 or 6?? I read both in the code.
|
memcpy(key,htd->crypto.key,6); //HACK; 4 or 6?? I read both in the code.
|
||||||
|
@ -1156,7 +1190,6 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
|
||||||
bAuthenticating = false;
|
bAuthenticating = false;
|
||||||
bQuitTraceFull = true;
|
bQuitTraceFull = true;
|
||||||
} break;
|
} break;
|
||||||
|
|
||||||
case RHT2F_TEST_AUTH_ATTEMPTS: {
|
case RHT2F_TEST_AUTH_ATTEMPTS: {
|
||||||
Dbprintf("Testing %d authentication attempts",(auth_table_len/8));
|
Dbprintf("Testing %d authentication attempts",(auth_table_len/8));
|
||||||
auth_table_pos = 0;
|
auth_table_pos = 0;
|
||||||
|
@ -1165,7 +1198,12 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
|
||||||
bQuiet = false;
|
bQuiet = false;
|
||||||
bCrypto = false;
|
bCrypto = false;
|
||||||
} break;
|
} break;
|
||||||
|
case RHT2F_UID_ONLY: {
|
||||||
|
blocknr = 0;
|
||||||
|
bQuiet = false;
|
||||||
|
bCrypto = false;
|
||||||
|
bAuthenticating = false;
|
||||||
|
} break;
|
||||||
default: {
|
default: {
|
||||||
Dbprintf("Error, unknown function: %d",htf);
|
Dbprintf("Error, unknown function: %d",htf);
|
||||||
return;
|
return;
|
||||||
|
@ -1222,22 +1260,22 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
|
||||||
// hitagS settings
|
// hitagS settings
|
||||||
reset_sof = 1;
|
reset_sof = 1;
|
||||||
t_wait = 200;
|
t_wait = 200;
|
||||||
DbpString("Configured for hitagS reader");
|
//DbpString("Configured for hitagS reader");
|
||||||
} else if (htf < 20) {
|
} else if (htf < 20) {
|
||||||
// hitag1 settings
|
// hitag1 settings
|
||||||
reset_sof = 1;
|
reset_sof = 1;
|
||||||
t_wait = 200;
|
t_wait = 200;
|
||||||
DbpString("Configured for hitag1 reader");
|
//DbpString("Configured for hitag1 reader");
|
||||||
} else if (htf < 30) {
|
} else if (htf < 30) {
|
||||||
// hitag2 settings
|
// hitag2 settings
|
||||||
reset_sof = 4;
|
reset_sof = 4;
|
||||||
t_wait = HITAG_T_WAIT_2;
|
t_wait = HITAG_T_WAIT_2;
|
||||||
DbpString("Configured for hitag2 reader");
|
//DbpString("Configured for hitag2 reader");
|
||||||
} else {
|
} else {
|
||||||
Dbprintf("Error, unknown hitag reader type: %d",htf);
|
Dbprintf("Error, unknown hitag reader type: %d",htf);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
uint8_t attempt_count=0;
|
||||||
while(!bStop && !BUTTON_PRESS()) {
|
while(!bStop && !BUTTON_PRESS()) {
|
||||||
// Watchdog hit
|
// Watchdog hit
|
||||||
WDT_HIT();
|
WDT_HIT();
|
||||||
|
@ -1272,6 +1310,11 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
|
||||||
case RHT2F_TEST_AUTH_ATTEMPTS: {
|
case RHT2F_TEST_AUTH_ATTEMPTS: {
|
||||||
bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen);
|
bStop = !hitag2_test_auth_attempts(rx,rxlen,tx,&txlen);
|
||||||
} break;
|
} break;
|
||||||
|
case RHT2F_UID_ONLY: {
|
||||||
|
bStop = !hitag2_read_uid(rx, rxlen, tx, &txlen);
|
||||||
|
attempt_count++; //attempt 3 times to get uid then quit
|
||||||
|
if (!bStop && attempt_count == 3) bStop = true;
|
||||||
|
} break;
|
||||||
default: {
|
default: {
|
||||||
Dbprintf("Error, unknown function: %d",htf);
|
Dbprintf("Error, unknown function: %d",htf);
|
||||||
return;
|
return;
|
||||||
|
@ -1381,7 +1424,7 @@ void ReaderHitag(hitag_function htf, hitag_data* htd) {
|
||||||
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
|
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
|
||||||
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
|
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
|
||||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||||
Dbprintf("frame received: %d",frame_count);
|
//Dbprintf("frame received: %d",frame_count);
|
||||||
DbpString("All done");
|
//DbpString("All done");
|
||||||
cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48);
|
cmd_send(CMD_ACK,bSuccessful,0,0,(byte_t*)tag.sectors,48);
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,7 +38,7 @@ static int CmdHelp(const char *Cmd);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
int usage_lf_cmdread()
|
int usage_lf_cmdread(void)
|
||||||
{
|
{
|
||||||
PrintAndLog("Usage: lf cmdread d <delay period> z <zero period> o <one period> c <cmdbytes> [H] ");
|
PrintAndLog("Usage: lf cmdread d <delay period> z <zero period> o <one period> c <cmdbytes> [H] ");
|
||||||
PrintAndLog("Options: ");
|
PrintAndLog("Options: ");
|
||||||
|
@ -430,7 +430,7 @@ int CmdIndalaClone(const char *Cmd)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int usage_lf_read()
|
int usage_lf_read(void)
|
||||||
{
|
{
|
||||||
PrintAndLog("Usage: lf read");
|
PrintAndLog("Usage: lf read");
|
||||||
PrintAndLog("Options: ");
|
PrintAndLog("Options: ");
|
||||||
|
@ -440,7 +440,7 @@ int usage_lf_read()
|
||||||
PrintAndLog("Use 'lf config' to set parameters.");
|
PrintAndLog("Use 'lf config' to set parameters.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
int usage_lf_snoop()
|
int usage_lf_snoop(void)
|
||||||
{
|
{
|
||||||
PrintAndLog("Usage: lf snoop");
|
PrintAndLog("Usage: lf snoop");
|
||||||
PrintAndLog("Options: ");
|
PrintAndLog("Options: ");
|
||||||
|
@ -450,7 +450,7 @@ int usage_lf_snoop()
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int usage_lf_config()
|
int usage_lf_config(void)
|
||||||
{
|
{
|
||||||
PrintAndLog("Usage: lf config [H|<divisor>] [b <bps>] [d <decim>] [a 0|1]");
|
PrintAndLog("Usage: lf config [H|<divisor>] [b <bps>] [d <decim>] [a 0|1]");
|
||||||
PrintAndLog("Options: ");
|
PrintAndLog("Options: ");
|
||||||
|
@ -685,7 +685,7 @@ int usage_lf_simpsk(void)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// by marshmellow - sim ask data given clock, fcHigh, fcLow, invert
|
// by marshmellow - sim fsk data given clock, fcHigh, fcLow, invert
|
||||||
// - allow pull data from DemodBuffer
|
// - allow pull data from DemodBuffer
|
||||||
int CmdLFfskSim(const char *Cmd)
|
int CmdLFfskSim(const char *Cmd)
|
||||||
{
|
{
|
||||||
|
@ -1180,6 +1180,11 @@ int CmdLFfind(const char *Cmd)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ans=CmdLFHitagReader("26");
|
||||||
|
if (ans==0) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
PrintAndLog("\nNo Known Tags Found!\n");
|
PrintAndLog("\nNo Known Tags Found!\n");
|
||||||
if (testRaw=='u' || testRaw=='U'){
|
if (testRaw=='u' || testRaw=='U'){
|
||||||
//test unknown tag formats (raw mode)
|
//test unknown tag formats (raw mode)
|
||||||
|
|
|
@ -214,14 +214,19 @@ int CmdLFHitagReader(const char *Cmd) {
|
||||||
} break;
|
} break;
|
||||||
case RHT2F_CRYPTO: {
|
case RHT2F_CRYPTO: {
|
||||||
num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
|
num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
|
||||||
// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
|
// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
|
||||||
} break;
|
} break;
|
||||||
case RHT2F_TEST_AUTH_ATTEMPTS: {
|
case RHT2F_TEST_AUTH_ATTEMPTS: {
|
||||||
// No additional parameters needed
|
// No additional parameters needed
|
||||||
} break;
|
} break;
|
||||||
|
case RHT2F_UID_ONLY: {
|
||||||
|
// No additional parameters needed
|
||||||
|
} break;
|
||||||
default: {
|
default: {
|
||||||
PrintAndLog("Error: unkown reader function %d",htf);
|
PrintAndLog("\nError: unkown reader function %d",htf);
|
||||||
PrintAndLog("Hitag reader functions");
|
PrintAndLog("");
|
||||||
|
PrintAndLog("Usage: hitag reader <Reader Function #>");
|
||||||
|
PrintAndLog("Reader Functions:");
|
||||||
PrintAndLog(" HitagS (0*)");
|
PrintAndLog(" HitagS (0*)");
|
||||||
PrintAndLog(" 01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
|
PrintAndLog(" 01 <nr> <ar> (Challenge) read all pages from a Hitag S tag");
|
||||||
PrintAndLog(" 02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
|
PrintAndLog(" 02 <key> (set to 0 if no authentication is needed) read all pages from a Hitag S tag");
|
||||||
|
@ -231,6 +236,7 @@ int CmdLFHitagReader(const char *Cmd) {
|
||||||
PrintAndLog(" 22 <nr> <ar> (authentication)");
|
PrintAndLog(" 22 <nr> <ar> (authentication)");
|
||||||
PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
|
PrintAndLog(" 23 <key> (authentication) key is in format: ISK high + ISK low");
|
||||||
PrintAndLog(" 25 (test recorded authentications)");
|
PrintAndLog(" 25 (test recorded authentications)");
|
||||||
|
PrintAndLog(" 26 just read UID");
|
||||||
return 1;
|
return 1;
|
||||||
} break;
|
} break;
|
||||||
}
|
}
|
||||||
|
@ -238,32 +244,38 @@ int CmdLFHitagReader(const char *Cmd) {
|
||||||
// Copy the hitag2 function into the first argument
|
// Copy the hitag2 function into the first argument
|
||||||
c.arg[0] = htf;
|
c.arg[0] = htf;
|
||||||
|
|
||||||
// Send the command to the proxmark
|
// Send the command to the proxmark
|
||||||
SendCommand(&c);
|
SendCommand(&c);
|
||||||
|
|
||||||
UsbCommand resp;
|
UsbCommand resp;
|
||||||
WaitForResponse(CMD_ACK,&resp);
|
WaitForResponse(CMD_ACK,&resp);
|
||||||
|
|
||||||
// Check the return status, stored in the first argument
|
// Check the return status, stored in the first argument
|
||||||
if (resp.arg[0] == false) return 1;
|
if (resp.arg[0] == false) return 1;
|
||||||
|
|
||||||
uint32_t id = bytes_to_num(resp.d.asBytes,4);
|
uint32_t id = bytes_to_num(resp.d.asBytes,4);
|
||||||
char filename[256];
|
|
||||||
FILE* pf = NULL;
|
|
||||||
|
|
||||||
sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
|
if (htf == RHT2F_UID_ONLY){
|
||||||
if ((pf = fopen(filename,"wb")) == NULL) {
|
PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
|
||||||
PrintAndLog("Error: Could not open file [%s]",filename);
|
} else {
|
||||||
return 1;
|
char filename[256];
|
||||||
}
|
FILE* pf = NULL;
|
||||||
|
|
||||||
// Write the 48 tag memory bytes to file and finalize
|
sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
|
||||||
fwrite(resp.d.asBytes,1,48,pf);
|
if ((pf = fopen(filename,"wb")) == NULL) {
|
||||||
fclose(pf);
|
PrintAndLog("Error: Could not open file [%s]",filename);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
PrintAndLog("Succesfully saved tag memory to [%s]",filename);
|
// Write the 48 tag memory bytes to file and finalize
|
||||||
|
fwrite(resp.d.asBytes,1,48,pf);
|
||||||
|
fclose(pf);
|
||||||
|
|
||||||
return 0;
|
PrintAndLog("Succesfully saved tag memory to [%s]",filename);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -14,14 +14,15 @@
|
||||||
#define _HITAG2_H_
|
#define _HITAG2_H_
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
RHTSF_CHALLENGE = 01,
|
RHTSF_CHALLENGE = 01,
|
||||||
RHTSF_KEY = 02,
|
RHTSF_KEY = 02,
|
||||||
WHTSF_CHALLENGE = 03,
|
WHTSF_CHALLENGE = 03,
|
||||||
WHTSF_KEY = 04,
|
WHTSF_KEY = 04,
|
||||||
RHT2F_PASSWORD = 21,
|
RHT2F_PASSWORD = 21,
|
||||||
RHT2F_AUTHENTICATE = 22,
|
RHT2F_AUTHENTICATE = 22,
|
||||||
RHT2F_CRYPTO = 23,
|
RHT2F_CRYPTO = 23,
|
||||||
RHT2F_TEST_AUTH_ATTEMPTS = 25,
|
RHT2F_TEST_AUTH_ATTEMPTS = 25,
|
||||||
|
RHT2F_UID_ONLY = 26
|
||||||
} hitag_function;
|
} hitag_function;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
|
|
Loading…
Reference in a new issue