From 1efa52d70415ee2bed5bc6591b1521b167f1ec8b Mon Sep 17 00:00:00 2001 From: douniwan5788 Date: Thu, 22 Aug 2024 02:16:10 +0800 Subject: [PATCH] add: Hitag S plain write --- armsrc/hitagS.c | 48 +++++++++++++++++++---------------------- client/src/cmdlfhitag.c | 9 +++++++- include/hitag.h | 26 ++++++++++++---------- 3 files changed, 45 insertions(+), 38 deletions(-) diff --git a/armsrc/hitagS.c b/armsrc/hitagS.c index d48ed55f1..b950deee7 100644 --- a/armsrc/hitagS.c +++ b/armsrc/hitagS.c @@ -1271,7 +1271,7 @@ static int selectHitagS(const lf_hitag_data_t *packet, uint8_t *tx, size_t sizeo //select uid txlen = 0; - cmd = 0x00; + cmd = 0x00; // 00000 SELECT UID txlen = concatbits(tx, txlen, &cmd, 8 - 5, 5); txlen = concatbits(tx, txlen, rx, 0, 32); uint8_t crc = CRC8Hitag1Bits(tx, txlen); @@ -1450,7 +1450,7 @@ void ReadHitagS(const lf_hitag_data_t *payload, bool ledcontrol) { //send read request size_t txlen = 0; - uint8_t cmd = 0x0c; + uint8_t cmd = 0x0c; // 1100 READ PAGE txlen = concatbits(tx, txlen, &cmd, 8 - 4, 4); uint8_t addr = pageNum; txlen = concatbits(tx, txlen, &addr, 0, 8); @@ -1555,7 +1555,7 @@ void WritePageHitagS(const lf_hitag_data_t *payload, bool ledcontrol) { //send write page request txlen = 0; - uint8_t cmd = 0x08; + uint8_t cmd = 0x08; // 1000 WRITE PAGE txlen = concatbits(tx, txlen, &cmd, 8 - 4, 4); uint8_t addr = payload->page; @@ -1566,41 +1566,37 @@ void WritePageHitagS(const lf_hitag_data_t *payload, bool ledcontrol) { sendReceiveHitagS(tx, txlen, rx, ARRAYLEN(rx), &rxlen, HITAG_T_WAIT_SC, ledcontrol, false); - if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x1)) { + if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x01)) { Dbprintf("no write access on page " _YELLOW_("%d"), payload->page); res = PM3_ESOFT; goto write_end; } - //ACK received to write the page. send data - uint8_t data[4] = {0, 0, 0, 0}; - switch (payload->cmd) { - case WHTSF_CHALLENGE: - data[0] = payload->data[3]; - data[1] = payload->data[2]; - data[2] = payload->data[1]; - data[3] = payload->data[0]; - break; - case WHTSF_KEY: - data[0] = payload->data[3]; - data[1] = payload->data[2]; - data[2] = payload->data[1]; - data[3] = payload->data[0]; - break; - default: { - res = PM3_EINVARG; - goto write_end; - } - } + // //ACK received to write the page. send data + // uint8_t data[4] = {0, 0, 0, 0}; + // switch (payload->cmd) { + // case WHTSF_PLAIN: + // case WHTSF_CHALLENGE: + // case WHTSF_KEY: + // data[0] = payload->data[3]; + // data[1] = payload->data[2]; + // data[2] = payload->data[1]; + // data[3] = payload->data[0]; + // break; + // default: { + // res = PM3_EINVARG; + // goto write_end; + // } + // } txlen = 0; - txlen = concatbits(tx, txlen, data, 0, 32); + txlen = concatbits(tx, txlen, payload->data, 0, 32); crc = CRC8Hitag1Bits(tx, txlen); txlen = concatbits(tx, txlen, &crc, 0, 8); sendReceiveHitagS(tx, txlen, rx, ARRAYLEN(rx), &rxlen, HITAG_T_WAIT_SC, ledcontrol, false); - if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x1)) { + if ((rxlen != 2) || (rx[0] >> (8 - 2) != 0x01)) { res = PM3_ESOFT; // write failed } else { res = PM3_SUCCESS; diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index 8d27d1362..0b670dea4 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -1293,7 +1293,14 @@ static int CmdLFHitagWriter(const char *Cmd) { lf_hitag_data_t packet; memset(&packet, 0, sizeof(packet)); - if (use_hts && use_nrar) { + if (use_hts && use_plain) { + packet.cmd = WHTSF_PLAIN; + packet.page = page; + memcpy(packet.data, data, sizeof(data)); + + PrintAndLogEx(INFO, "Write to " _YELLOW_("Hitag S") " in Plain mode"); + + } else if (use_hts && use_nrar) { packet.cmd = WHTSF_CHALLENGE; memcpy(packet.NrAr, nrar, sizeof(packet.NrAr)); memcpy(packet.data, data, sizeof(data)); diff --git a/include/hitag.h b/include/hitag.h index 0f70d43fa..331b12178 100644 --- a/include/hitag.h +++ b/include/hitag.h @@ -23,21 +23,25 @@ #include "common.h" typedef enum { - RHTSF_CHALLENGE = 01, - RHTSF_KEY = 02, - WHTSF_CHALLENGE = 03, - WHTSF_KEY = 04, + RHTSF_PLAIN = 01, + WHTSF_PLAIN, + RHTSF_CHALLENGE, + WHTSF_CHALLENGE, + RHTSF_KEY, + WHTSF_KEY, HTS_LAST_CMD = WHTSF_KEY, + RHT1F_PLAIN = 11, - RHT1F_AUTHENTICATE = 12, + RHT1F_AUTHENTICATE, HT1_LAST_CMD = RHT1F_AUTHENTICATE, + RHT2F_PASSWORD = 21, - RHT2F_AUTHENTICATE = 22, - RHT2F_CRYPTO = 23, - WHT2F_CRYPTO = 24, - RHT2F_TEST_AUTH_ATTEMPTS = 25, - RHT2F_UID_ONLY = 26, - WHT2F_PASSWORD = 27, + RHT2F_AUTHENTICATE, + RHT2F_CRYPTO, + WHT2F_CRYPTO, + RHT2F_TEST_AUTH_ATTEMPTS, + RHT2F_UID_ONLY, + WHT2F_PASSWORD, HT2_LAST_CMD = WHT2F_PASSWORD, } PACKED hitag_function;