RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-13 02:34:48 +08:00
Code Issues Projects Releases Packages Wiki Activity

code clean up, added some comments to hitag

Browse source
This commit is contained in:
iceman1001 2016-01-03 17:17:44 +01:00
parent a531720ae6
commit 09181a5462
2 changed files with 107 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
armsrc/hitag2.c
View file

@ -24,14 +24,11 @@
#include "BigBuf.h"
static bool bQuiet;
static bool bCrypto;
static bool bAuthenticating;
static bool bPwd;
static bool bSuccessful;
struct hitag2_tag {
uint32_t uid;
enum {
@ -144,6 +141,16 @@ static u64 _hitag2_round (u64 *state)
return _f20 (x);
}
// "MIKRON" = O N M I K R
// Key = 4F 4E 4D 49 4B 52 - Secret 48-bit key
// Serial = 49 43 57 69 - Serial number of the tag, transmitted in clear
// Random = 65 6E 45 72 - Random IV, transmitted in clear
//~28~DC~80~31 = D7 23 7F CE - Authenticator value = inverted first 4 bytes of the keystream
// The code below must print out "D7 23 7F CE 8C D0 37 A9 57 49 C1 E6 48 00 8A B6".
// The inverse of the first 4 bytes is sent to the tag to authenticate.
// The rest is encrypted by XORing it with the subsequent keystream.
static u32 _hitag2_byte (u64 * x)
{
u32 i, c;
@ -152,16 +159,13 @@ static u32 _hitag2_byte (u64 * x)
return c;
}
static int hitag2_reset(void)
{
static int hitag2_reset(void) {
tag.state = TAG_STATE_RESET;
tag.crypto_active = 0;
return 0;
}
static int hitag2_init(void)
{
// memcpy(&tag, &resetdata, sizeof(tag));
static int hitag2_init(void) {
hitag2_reset();
return 0;
}
@ -223,16 +227,16 @@ static int hitag2_cipher_transcrypt(uint64_t* cs, byte_t *data, unsigned int byt
#define HITAG_T_WAIT_2 90 /* T_wresp should be 199..206 */
#define HITAG_T_WAIT_MAX 300 /* bit more than HITAG_T_WAIT_1 + HITAG_T_WAIT_2 */
#define HITAG_T_TAG_ONE_HALF_PERIOD 10
#define HITAG_T_TAG_TWO_HALF_PERIOD 25
#define HITAG_T_TAG_THREE_HALF_PERIOD 41
#define HITAG_T_TAG_FOUR_HALF_PERIOD 57
#define HITAG_T_TAG_ONE_HALF_PERIOD 10
#define HITAG_T_TAG_TWO_HALF_PERIOD 25
#define HITAG_T_TAG_THREE_HALF_PERIOD 41
#define HITAG_T_TAG_FOUR_HALF_PERIOD 57
#define HITAG_T_TAG_HALF_PERIOD 16
#define HITAG_T_TAG_FULL_PERIOD 32
#define HITAG_T_TAG_HALF_PERIOD 16
#define HITAG_T_TAG_FULL_PERIOD 32
#define HITAG_T_TAG_CAPTURE_ONE_HALF 13
#define HITAG_T_TAG_CAPTURE_TWO_HALF 25
#define HITAG_T_TAG_CAPTURE_ONE_HALF 13
#define HITAG_T_TAG_CAPTURE_TWO_HALF 25
#define HITAG_T_TAG_CAPTURE_THREE_HALF 41
#define HITAG_T_TAG_CAPTURE_FOUR_HALF 57
@ -424,11 +428,10 @@ static void hitag_reader_send_bit(int bit) {
if(bit == 0) {
// Zero bit: |_-|
while(AT91C_BASE_TC0->TC_CV < T0*22);
// SpinDelayUs(16*8);
} else {
// One bit: |_--|
while(AT91C_BASE_TC0->TC_CV < T0*28);
// SpinDelayUs(22*8);
}
LED_A_OFF();
}
@ -475,26 +478,26 @@ static bool hitag2_password(byte_t* rx, const size_t rxlen, byte_t* tx, size_t*
*txlen = 32;
memcpy(tx,password,4);
bPwd = true;
memcpy(tag.sectors[blocknr],rx,4);
blocknr++;
memcpy(tag.sectors[blocknr],rx,4);
blocknr++;
} else {
if(blocknr == 1){
//store password in block1, the TAG answers with Block3, but we need the password in memory
memcpy(tag.sectors[blocknr],tx,4);
}else{
memcpy(tag.sectors[blocknr],rx,4);
}
blocknr++;
if (blocknr > 7) {
DbpString("Read succesful!");
bSuccessful = true;
return false;
}
*txlen = 10;
tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
tx[1] = ((blocknr^7) << 6);
if(blocknr == 1){
//store password in block1, the TAG answers with Block3, but we need the password in memory
memcpy(tag.sectors[blocknr],tx,4);
} else {
memcpy(tag.sectors[blocknr],rx,4);
}
blocknr++;
if (blocknr > 7) {
DbpString("Read succesful!");
bSuccessful = true;
return false;
}
*txlen = 10;
tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
tx[1] = ((blocknr^7) << 6);
}
} break;
@ -544,9 +547,9 @@ static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* tx
bCrypto = false;
}
} else {
*txlen = 5;
memcpy(tx,"\xc0",nbytes(*txlen));
}
*txlen = 5;
memcpy(tx,"\xc0",nbytes(*txlen));
}
} break;
// Received UID, crypto tag answer
@ -560,20 +563,20 @@ static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* tx
hitag2_cipher_transcrypt(&cipher_state,tx+4,4,0);
*txlen = 64;
bCrypto = true;
bAuthenticating = true;
bAuthenticating = true;
} else {
// Check if we received answer tag (at)
if (bAuthenticating) {
bAuthenticating = false;
bAuthenticating = false;
} else {
// Store the received block
memcpy(tag.sectors[blocknr],rx,4);
blocknr++;
// Store the received block
memcpy(tag.sectors[blocknr],rx,4);
blocknr++;
}
if (blocknr > 7) {
DbpString("Read succesful!");
bSuccessful = true;
return false;
DbpString("Read succesful!");
bSuccessful = true;
return false;
}
*txlen = 10;
tx[0] = 0xc0 | (blocknr << 3) | ((blocknr^7) >> 2);
@ -589,11 +592,11 @@ static bool hitag2_crypto(byte_t* rx, const size_t rxlen, byte_t* tx, size_t* tx
}
if(bCrypto) {
// We have to return now to avoid double encryption
if (!bAuthenticating) {
hitag2_cipher_transcrypt(&cipher_state,tx,*txlen/8,*txlen%8);
}
if(bCrypto) {
// We have to return now to avoid double encryption
if (!bAuthenticating) {
hitag2_cipher_transcrypt(&cipher_state, tx, *txlen/8, *txlen%8);
}
}
return true;
@ -625,8 +628,7 @@ static bool hitag2_authenticate(byte_t* rx, const size_t rxlen, byte_t* tx, size
bCrypto = true;
} else {
DbpString("Authentication succesful!");
// We are done... for now
return false;
return true;
}
} break;

103
client/cmdlfhitag.c
View file

@ -59,8 +59,7 @@ int CmdLFHitagList(const char *Cmd)
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf = NULL;
if (len > FILE_PATH_SIZE)
len = FILE_PATH_SIZE;
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
if (strlen(filename) > 0) {
@ -151,21 +150,23 @@ int CmdLFHitagList(const char *Cmd)
}
int CmdLFHitagSnoop(const char *Cmd) {
UsbCommand c = {CMD_SNOOP_HITAG};
SendCommand(&c);
return 0;
UsbCommand c = {CMD_SNOOP_HITAG};
clearCommandBuffer();
SendCommand(&c);
return 0;
}
int CmdLFHitagSim(const char *Cmd) {
UsbCommand c = {CMD_SIMULATE_HITAG};
UsbCommand c = {CMD_SIMULATE_HITAG};
char filename[FILE_PATH_SIZE] = { 0x00 };
FILE* pf;
bool tag_mem_supplied;
int len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len);
if (strlen(filename) > 0) {
if ((pf = fopen(filename,"rb+")) == NULL) {
PrintAndLog("Error: Could not open file [%s]",filename);
@ -173,26 +174,26 @@ int CmdLFHitagSim(const char *Cmd) {
}
tag_mem_supplied = true;
if (fread(c.d.asBytes,48,1,pf) == 0) {
PrintAndLog("Error: File reading error");
fclose(pf);
PrintAndLog("Error: File reading error");
fclose(pf);
return 1;
}
}
fclose(pf);
} else {
tag_mem_supplied = false;
}
// Does the tag comes with memory
c.arg[0] = (uint32_t)tag_mem_supplied;
SendCommand(&c);
return 0;
clearCommandBuffer();
SendCommand(&c);
return 0;
}
int CmdLFHitagReader(const char *Cmd) {
// UsbCommand c = {CMD_READER_HITAG};
// param_get32ex(Cmd,1,0,16);
UsbCommand c = {CMD_READER_HITAG};//, {param_get32ex(Cmd,0,0,10),param_get32ex(Cmd,1,0,16),param_get32ex(Cmd,2,0,16),param_get32ex(Cmd,3,0,16)}};
hitag_data* htd = (hitag_data*)c.d.asBytes;
hitag_function htf = param_get32ex(Cmd,0,0,10);
@ -207,7 +208,6 @@ int CmdLFHitagReader(const char *Cmd) {
} break;
case RHT2F_CRYPTO: {
num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
// num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
} break;
case RHT2F_TEST_AUTH_ATTEMPTS: {
// No additional parameters needed
@ -229,52 +229,51 @@ int CmdLFHitagReader(const char *Cmd) {
// Copy the hitag2 function into the first argument
c.arg[0] = htf;
// Send the command to the proxmark
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
// Check the return status, stored in the first argument
if (resp.arg[0] == false) return 1;
uint32_t id = bytes_to_num(resp.d.asBytes,4);
char filename[256];
FILE* pf = NULL;
clearCommandBuffer();
// Send the command to the proxmark
SendCommand(&c);
sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
if ((pf = fopen(filename,"wb")) == NULL) {
PrintAndLog("Error: Could not open file [%s]",filename);
return 1;
}
// Write the 48 tag memory bytes to file and finalize
fwrite(resp.d.asBytes,1,48,pf);
fclose(pf);
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
PrintAndLog("Succesfully saved tag memory to [%s]",filename);
return 0;
// Check the return status, stored in the first argument
if (resp.arg[0] == false) return 1;
uint32_t id = bytes_to_num(resp.d.asBytes,4);
char filename[FILE_PATH_SIZE];
FILE* pf = NULL;
sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
if ((pf = fopen(filename,"wb")) == NULL) {
PrintAndLog("Error: Could not open file [%s]",filename);
return 1;
}
// Write the 48 tag memory bytes to file and finalize
fwrite(resp.d.asBytes,1,48,pf);
fclose(pf);
PrintAndLog("Succesfully saved tag memory to [%s]",filename);
return 0;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
{NULL, NULL, 0, NULL}
static command_t CommandTable[] = {
{"help", CmdHelp, 1, "This help"},
{"list", CmdLFHitagList, 1, "<outfile> List Hitag trace history"},
{"reader", CmdLFHitagReader, 1, "Act like a Hitag Reader"},
{"sim", CmdLFHitagSim, 1, "<infile> Simulate Hitag transponder"},
{"snoop", CmdLFHitagSnoop, 1, "Eavesdrop Hitag communication"},
{NULL, NULL, 0, NULL}
};
int CmdLFHitag(const char *Cmd)
{
CmdsParse(CommandTable, Cmd);
return 0;
CmdsParse(CommandTable, Cmd);
return 0;
}
int CmdHelp(const char *Cmd)
{
CmdsHelp(CommandTable);
return 0;
CmdsHelp(CommandTable);
return 0;
}