From e85fabf01512ad678883786991a1ed59ab94de8d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 20 Jan 2020 11:37:10 +0100 Subject: [PATCH] chg: 'lf hitag list' - improved hitag annotation --- client/cmdlfhitag.c | 47 ++++++++++++++++++++++++++++++++++++++++++--- client/cmdlfhitag.h | 4 +++- client/cmdtrace.c | 28 +++++++++++++++++++++------ include/protocols.h | 19 ++++++++++++------ 4 files changed, 82 insertions(+), 16 deletions(-) diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 3ebbe47a6..f0a8037dc 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -18,6 +18,7 @@ #include "commonutil.h" #include "hitag.h" #include "fileutils.h" // savefile +#include "protocols.h" // defines static int CmdHelp(const char *Cmd); @@ -85,9 +86,9 @@ static int usage_hitag_reader(void) { PrintAndLogEx(NORMAL, " Hitag1 (1*)"); PrintAndLogEx(NORMAL, " Not implemented"); PrintAndLogEx(NORMAL, " Hitag2 (2*)"); - PrintAndLogEx(NORMAL, " 21 Read all pages, password mode. Default: 4D494B52 (\"MIKR\")"); + PrintAndLogEx(NORMAL, " 21 Read all pages, password mode. Default: " _YELLOW_("4D494B52") "(\"MIKR\")"); PrintAndLogEx(NORMAL, " 22 Read all pages, challenge mode"); - PrintAndLogEx(NORMAL, " 23 Read all pages, crypto mode. Key format: ISK high + ISK low. Default: 4F4E4D494B52 (\"ONMIKR\")"); + PrintAndLogEx(NORMAL, " 23 Read all pages, crypto mode. Key format: ISK high + ISK low. Default: " _YELLOW_("4F4E4D494B52") "(\"ONMIKR\")"); PrintAndLogEx(NORMAL, " 25 Test recorded authentications"); PrintAndLogEx(NORMAL, " 26 Just read UID"); return PM3_SUCCESS; @@ -124,7 +125,7 @@ static int usage_hitag_checkchallenges(void) { static int CmdLFHitagList(const char *Cmd) { (void)Cmd; // Cmd is not used so far - CmdTraceList("hitag"); + CmdTraceList("hitag2"); return PM3_SUCCESS; /* @@ -698,6 +699,46 @@ static int CmdLFHitagDump(const char *Cmd) { } */ +// Annotate HITAG protocol +void annotateHitag1(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { +} + +void annotateHitag2(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { + + uint8_t cmdbits = (cmd[0] & 0xC0) >> 6; + + if (cmdsize == 1) { + if (cmdbits == HITAG2_START_AUTH) { + snprintf(exp, size, "START AUTH"); + return; + } + if (cmdbits == HITAG2_HALT) { + snprintf(exp, size, "HALT"); + return; + } + } + + if (cmdsize == 2) { + if (cmdbits == HITAG2_START_AUTH) { + // C 1 C 0 + // 1100 0 00 1 1100 000 + uint8_t page = (cmd[0] & 0x38) >> 3; + uint8_t inv_page = ((cmd[0] & 0x1) << 2) | ((cmd[1] & 0xC0) >> 6); + snprintf(exp, size, "READ page(%x) %x", page, inv_page); + return; + } + if (cmdbits == HITAG2_WRITE_PAGE) { + uint8_t page = (cmd[0] & 0x38) >> 3; + uint8_t inv_page = ((cmd[0] & 0x1) << 2) | ((cmd[1] & 0xC0) >> 6); + snprintf(exp, size, "WRITE page(%x) %x", page, inv_page); + return; + } + } +} + +void annotateHitagS(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { +} + static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help" }, {"list", CmdLFHitagList, IfPm3Hitag, "List Hitag trace history" }, diff --git a/client/cmdlfhitag.h b/client/cmdlfhitag.h index c95c0e334..98b9968e0 100644 --- a/client/cmdlfhitag.h +++ b/client/cmdlfhitag.h @@ -16,5 +16,7 @@ int CmdLFHitag(const char *Cmd); int readHitagUid(void); - +void annotateHitag1(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize); +void annotateHitag2(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize); +void annotateHitagS(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize); #endif diff --git a/client/cmdtrace.c b/client/cmdtrace.c index a13a82809..0e2093d98 100644 --- a/client/cmdtrace.c +++ b/client/cmdtrace.c @@ -17,6 +17,7 @@ #include "cmdhflist.h" // annotations #include "comms.h" // for sending cmds to device. GetFromBigBuf #include "fileutils.h" // for saveFile +#include "cmdlfhitag.h" // annotate hitag static int CmdHelp(const char *Cmd); @@ -281,7 +282,9 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr crcStatus = iso15693_CRC_check(frame, data_len); break; case ISO_7816_4: - case PROTO_HITAG: + case PROTO_HITAG1: + case PROTO_HITAG2: + case PROTO_HITAGS: default: break; } @@ -301,7 +304,9 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr && protocol != ISO_15693 && protocol != ICLASS && protocol != ISO_7816_4 - && protocol != PROTO_HITAG + && protocol != PROTO_HITAG1 + && protocol != PROTO_HITAG2 + && protocol != PROTO_HITAGS && protocol != THINFILM && protocol != FELICA && protocol != LTO @@ -385,6 +390,15 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr case LTO: annotateLTO(explanation, sizeof(explanation), frame, data_len); break; + case PROTO_HITAG1: + annotateHitag1(explanation, sizeof(explanation), frame, data_len); + break; + case PROTO_HITAG2: + annotateHitag2(explanation, sizeof(explanation), frame, data_len); + break; + case PROTO_HITAGS: + annotateHitagS(explanation, sizeof(explanation), frame, data_len); + break; default: break; } @@ -593,7 +607,9 @@ int CmdTraceList(const char *Cmd) { else if (strcmp(type, "15") == 0) protocol = ISO_15693; else if (strcmp(type, "felica") == 0) protocol = FELICA; else if (strcmp(type, "mf") == 0) protocol = PROTO_MIFARE; - else if (strcmp(type, "hitag") == 0) protocol = PROTO_HITAG; + else if (strcmp(type, "hitag1") == 0) protocol = PROTO_HITAG1; + else if (strcmp(type, "hitag2") == 0) protocol = PROTO_HITAG2; + else if (strcmp(type, "hitags") == 0) protocol = PROTO_HITAGS; else if (strcmp(type, "thinfilm") == 0) protocol = THINFILM; else if (strcmp(type, "lto") == 0) protocol = LTO; else if (strcmp(type, "raw") == 0) protocol = -1; //No crc, no annotations @@ -673,11 +689,11 @@ int CmdTraceList(const char *Cmd) { PrintAndLogEx(NORMAL, "ISO15693 - Timings are not as accurate"); if (protocol == ISO_7816_4) PrintAndLogEx(NORMAL, "ISO7816-4 / Smartcard - Timings N/A yet"); - if (protocol == PROTO_HITAG) - PrintAndLogEx(NORMAL, "Hitag2 / HitagS - Timings in ETU (8us)"); + if (protocol == PROTO_HITAG1 || protocol == PROTO_HITAG2 || protocol == PROTO_HITAGS) + PrintAndLogEx(NORMAL, "Hitag1 / Hitag2 / HitagS - Timings in ETU (8us)"); if (protocol == FELICA) PrintAndLogEx(NORMAL, "ISO18092 / FeliCa - Timings are not as accurate"); - + PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, " Start | End | Src | Data (! denotes parity error) | CRC | Annotation"); PrintAndLogEx(NORMAL, "------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------"); diff --git a/include/protocols.h b/include/protocols.h index 47e022c28..222e16ab8 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -305,9 +305,11 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define ISO_15693 7 #define FELICA 8 #define PROTO_MIFARE 9 -#define PROTO_HITAG 10 +#define PROTO_HITAG1 10 #define THINFILM 11 #define LTO 12 +#define PROTO_HITAG2 13 +#define PROTO_HITAGS 14 //-- Picopass fuses #define FUSE_FPERS 0x80 @@ -588,12 +590,17 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define HITAG1_HALT 0x70 // left 4 bits only, followed by 8 bits (dummy) page and 8 bits CRC // HITAG2 commands -#define HITAG2_START_AUTH 0xC0 // left 5 bits only -#define HITAG2_READ_PAGE 0xC0 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits -#define HITAG2_READ_PAGE_INVERTED 0x44 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits -#define HITAG2_WRITE_PAGE 0x82 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits -#define HITAG2_HALT 0x00 // left 5 bits only +#define HITAG2_START_AUTH 0x3 // left 5 bits only +#define HITAG2_READ_PAGE 0x3 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits +#define HITAG2_READ_PAGE_INVERTED 0x1 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits +#define HITAG2_WRITE_PAGE 0x2 // page number in bits 5 to 3, page number +#define HITAG2_HALT 0x0 // left 5 bits only + +// HITAG S commands +#define HITAGS_QUIET 0x70 +//inverted in bit 0 and following 2 bits +#define HITAGS_WRITE_BLOCK 0x90 // LTO-CM commands #define LTO_REQ_STANDARD 0x45