proxmark3/include/protocols.h
iceman1001 0ff41fa652 style
2023-10-12 14:53:26 +02:00

924 lines
38 KiB
C

//-----------------------------------------------------------------------------
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// See LICENSE.txt for the text of the license.
//-----------------------------------------------------------------------------
#ifndef PROTOCOLS_H
#define PROTOCOLS_H
#include "common.h"
//The following data is taken from http://www.proxmark.org/forum/viewtopic.php?pid=13501#p13501
/*
ISO14443A (usually NFC tags)
26 (7bits) = REQA
30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes)
A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK])
52 (7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA)
93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
95 20 = Anticollision of cascade level2
95 70 = Select of cascade level2
50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card)
E0 = RATS
D0 = PPS
Mifare
60 = Authenticate with KeyA
61 = Authenticate with KeyB
40 (7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) - answer: 0A)
C0 = Decrement
C1 = Increment
C2 = Restore
B0 = Transfer
Ultralight C
A0 = Compatibility Write (to accommodate MIFARE commands)
1A = Step1 Authenticate
AF = Step2 Authenticate
NTAG i2c 2K
C2 = SECTOR_SELECT
ISO14443B
05 = REQB
1D = ATTRIB
50 = HALT
BA = PING (reader -> tag)
AB = PONG (tag -> reader)
SRIX4K (tag does not respond to 05)
06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID)
0B = Get UID
08 yy = Read Block (yy = block number)
09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
0C = Reset to Inventory
0F = Completion
0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
ISO15693
MANDATORY COMMANDS (all ISO15693 tags must support those)
01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
02 = Stay Quiet
OPTIONAL COMMANDS (not all tags support them)
20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
22 = Lock Block
23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
24 = Write Multiple Blocks
25 = Select
26 = Reset to Ready
27 = Write AFI
28 = Lock AFI
29 = Write DSFID
2A = Lock DSFID
2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)
EM Microelectronic CUSTOM COMMANDS
A5 = Active EAS (followed by 1byte IC Manufacturer code+1byte EAS type)
A7 = Write EAS ID (followed by 1byte IC Manufacturer code+2bytes EAS value)
B8 = Get Protection Status for a specific block (followed by 1byte IC Manufacturer code+1byte block number+1byte of how many blocks after the previous is needed the info)
E4 = Login (followed by 1byte IC Manufacturer code+4bytes password)
NXP/Philips CUSTOM COMMANDS
A0 = Inventory Read
A1 = Fast Inventory Read
A2 = Set EAS
A3 = Reset EAS
A4 = Lock EAS
A5 = EAS Alarm
A6 = Password Protect EAS
A7 = Write EAS ID
A8 = Read EPC
B0 = Inventory Page Read
B1 = Fast Inventory Page Read
B2 = Get Random Number
B3 = Set Password
B4 = Write Password
B5 = Lock Password
B6 = Bit Password Protection
B7 = Lock Page Protection Condition
B8 = Get Multiple Block Protection Status
B9 = Destroy SLI
BA = Enable Privacy
BB = 64bit Password Protection
40 = Long Range CMD (Standard ISO/TR7003:1990)
ISO 7816-4 Basic interindustry commands. For command APDU's.
B0 = READ BINARY
D0 = WRITE BINARY
D6 = UPDATE BINARY
0E = ERASE BINARY
B2 = READ RECORDS
D2 = WRITE RECORDS
E2 = APPEND RECORD
DC = UPDATE RECORD
CA = GET DATA
DA = PUT DATA
A4 = SELECT FILE
20 = VERIFY
88 = INTERNAL AUTHENTICATION
82 = EXTERNAL AUTHENTICATION
B4 = GET CHALLENGE
70 = MANAGE CHANNEL
For response APDU's
90 00 = OK
6x xx = ERROR
*/
// these cmds are adjusted to ISO15693 and Manchester encoding requests.
// for instance ICLASS_CMD_SELECT 0x81 tells if ISO14443b/BPSK coding/106 kbits/s
// for instance ICLASS_CMD_SELECT 0x41 tells if ISO14443b/BPSK coding/423 kbits/s
//
#define ICLASS_CMD_HALT 0x0
#define ICLASS_CMD_SELECT 0x1
#define ICLASS_CMD_ACTALL 0xA
#define ICLASS_CMD_DETECT 0xF
#define ICLASS_CMD_PAGESEL 0x4
#define ICLASS_CMD_CHECK 0x5
#define ICLASS_CMD_READ4 0x6
#define ICLASS_CMD_UPDATE 0x7
#define ICLASS_CMD_READCHECK 0x8
#define ICLASS_CMD_READ_OR_IDENTIFY 0xC
#define ICLASS_CMD_ACT 0xE
#define ICLASS_CREDIT(x) (((x) & 0x10) == 0x10)
#define ICLASS_DEBIT(x) (((x) & 0x80) == 0x80)
#define ECP_HEADER 0x6A
// 7bit Apple Magsafe wake up command
#define MAGSAFE_CMD_WUPA_1 0x7A
#define MAGSAFE_CMD_WUPA_2 0x7B
#define MAGSAFE_CMD_WUPA_3 0x7C
#define MAGSAFE_CMD_WUPA_4 0x7D
#define ISO14443A_CMD_REQA 0x26
#define ISO14443A_CMD_READBLOCK 0x30
#define ISO14443A_CMD_WUPA 0x52
#define ISO14443A_CMD_OPTS 0x35
#define ISO14443A_CMD_ANTICOLL_OR_SELECT 0x93
#define ISO14443A_CMD_ANTICOLL_OR_SELECT_2 0x95
#define ISO14443A_CMD_ANTICOLL_OR_SELECT_3 0x97
#define ISO14443A_CMD_WRITEBLOCK 0xA0
#define ISO14443A_CMD_HALT 0x50
#define ISO14443A_CMD_RATS 0xE0
#define ISO14443A_CMD_PPS 0xD0
#define ISO14443A_CMD_NXP_DESELECT 0xC2
#define ISO14443A_CMD_WTX 0xF2
#define MIFARE_SELECT_CT 0x88
#define MIFARE_AUTH_KEYA 0x60
#define MIFARE_AUTH_KEYB 0x61
#define MIFARE_MAGICWUPC1 0x40
#define MIFARE_MAGICWUPC2 0x43
#define MIFARE_MAGICWIPEC 0x41
#define MIFARE_CMD_DEC 0xC0
#define MIFARE_CMD_INC 0xC1
#define MIFARE_CMD_RESTORE 0xC2
#define MIFARE_CMD_TRANSFER 0xB0
#define MIFARE_MAGIC_GDM_AUTH_KEY 0x80
#define MIFARE_MAGIC_GDM_READBLOCK 0x38
#define MIFARE_MAGIC_GDM_WRITEBLOCK 0xA8
#define MIFARE_MAGIC_GDM_READ_CFG 0xE0
#define MIFARE_MAGIC_GDM_WRITE_CFG 0xE1
#define MIFARE_EV1_PERSONAL_UID 0x40
#define MIFARE_EV1_SETMOD 0x43
#define MIFARE_EV1_UIDF0 0x00
#define MIFARE_EV1_UIDF1 0x40
#define MIFARE_EV1_UIDF2 0x20
#define MIFARE_EV1_UIDF3 0x60
#define MIFARE_ULC_WRITE 0xA2
#define MIFARE_ULC_COMP_WRITE 0xA0
#define MIFARE_ULC_AUTH_1 0x1A
#define MIFARE_ULC_AUTH_2 0xAF
#define MIFARE_ULEV1_AUTH 0x1B
#define MIFARE_ULEV1_VERSION 0x60
#define MIFARE_ULEV1_FASTREAD 0x3A
#define MIFARE_ULEV1_READ_CNT 0x39
#define MIFARE_ULEV1_INCR_CNT 0xA5
#define MIFARE_ULEV1_READSIG 0x3C
#define MIFARE_ULEV1_CHECKTEAR 0x3E
#define MIFARE_ULEV1_VCSL 0x4B
// New Mifare UL Nano commands. Ref:: (https://www.nxp.com/docs/en/data-sheet/MF0UN_H_00.pdf)
#define MIFARE_ULNANO_WRITESIG 0xA9
#define MIFARE_ULNANO_LOCKSIG 0xAC
// NTAG i2k 2K uses sector 0, and sector 1 to have access to
// block 0x00-0xFF.
#define NTAG_I2C_SELECT_SECTOR 0xC2
#define NTAG_I2C_FASTWRITE 0xA6
//NTAG 213TT (tamper) command
#define NTAGTT_CMD_READ_TT 0xA4
// mifare 4bit card answers
#define CARD_ACK 0x0A // 1010 - ACK
#define CARD_NACK_IV 0x00 // 0000 - NACK, invalid argument (invalid page address)
#define CARD_NACK_PA 0x01 // 0001 - NACK, parity / crc error
#define CARD_NACK_NA 0x04 // 0100 - NACK, not allowed (command not allowed)
#define CARD_NACK_TR 0x05 // 0101 - NACK, transmission error
#define CARD_NACK_EE 0x07 // 0111 - NACK, EEPROM write error
// Magic Generation 1, parameter "work flags"
// bit 0 - need get UID
// bit 1 - send wupC (wakeup chinese)
// bit 2 - send HALT cmd after sequence
// bit 3 - turn on FPGA
// bit 4 - turn off FPGA
// bit 5 - set datain instead of issuing USB reply (called via ARM for StandAloneMode14a)
#define MAGIC_UID 0x01
#define MAGIC_WUPC 0x02
#define MAGIC_HALT 0x04
#define MAGIC_INIT 0x08
#define MAGIC_OFF 0x10
#define MAGIC_DATAIN 0x20
#define MAGIC_WIPE 0x40
#define MAGIC_SINGLE (MAGIC_WUPC | MAGIC_HALT | MAGIC_INIT | MAGIC_OFF) //0x1E
// by CMD_HF_MIFARE_CIDENT
#define MAGIC_GEN_1A 1
#define MAGIC_GEN_1B 2
#define MAGIC_GEN_2 4
#define MAGIC_GEN_UNFUSED 5
#define MAGIC_SUPER_GEN1 6
#define MAGIC_SUPER_GEN2 7
#define MAGIC_NTAG21X 8
#define MAGIC_GEN_3 9
#define MAGIC_GEN_4GTU 10
#define MAGIC_GEN_4GDM 11
#define MAGIC_QL88 12
// Commands for configuration of Gen4 GTU cards.
// see https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md
#define GEN_4GTU_CMD 0xCF // Prefix for all commands, followed by pasword (4b)
#define GEN_4GTU_SHADOW 0x32 // Configure GTU shadow mode
#define GEN_4GTU_ATS 0x34 // Configure ATS
#define GEN_4GTU_ATQA 0x35 // Configure ATQA/SAK (swap ATQA bytes)
#define GEN_4GTU_UIDLEN 0x68 // Configure UID length
#define GEN_4GTU_ULEN 0x69 // (De)Activate Ultralight mode
#define GEN_4GTU_ULMODE 0x6A // Select Ultralight mode
#define GEN_4GTU_GETCNF 0xC6 // Dump configuration
#define GEN_4GTU_TEST 0xCC // Factory test, returns 6666
#define GEN_4GTU_WRITE 0xCD // Backdoor write 16b block
#define GEN_4GTU_READ 0xCE // Backdoor read 16b block
#define GEN_4GTU_SETCNF 0xF0 // Configure all params in one cmd
#define GEN_4GTU_FUSCNF 0xF1 // Configure all params in one cmd and fuse the configuration permanently
#define GEN_4GTU_CHPWD 0xFE // change password
/**
06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID)
0B = Get UID
08 yy = Read Block (yy = block number)
09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
0C = Reset to Inventory
0F = Completion
0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)
**/
#define ISO14443B_REQB 0x05
#define ISO14443B_ATTRIB 0x1D
#define ISO14443B_HALT 0x50
#define ISO14443B_INITIATE 0x06
#define ISO14443B_SELECT 0x0E
#define ISO14443B_GET_UID 0x0B
#define ISO14443B_READ_BLK 0x08
#define ISO14443B_WRITE_BLK 0x09
#define ISO14443B_RESET 0x0C
#define ISO14443B_COMPLETION 0x0F
#define ISO14443B_AUTHENTICATE 0x0A
#define ISO14443B_PING 0xBA
#define ISO14443B_PONG 0xAB
// ASK C-ticket
#define ASK_REQT 0x10
#define ASK_IDENTIFY 0x0F
#define ASK_SELECT 0x9F
#define ASK_MULTREAD (0x1 << 4) // High nibble
#define ASK_UPDATE (0x3 << 4) // High nibble
#define ASK_WRITE (0x5 << 4) // High nibble
#define ASK_READ (0x6 << 4) // High nibble
#define ASK_DESACTIVATE 0xF0
// defined crypto RF commands
// only interpreting channel 1 communication
#define CRYPTORF_SET_USER_ZONE 0x11
#define CRYPTORF_READ_USER_ZONE 0x12
#define CRYPTORF_WRITE_USER_ZONE 0x13
#define CRYPTORF_WRITE_SYSTEM_ZONE 0x14
#define CRYPTORF_READ_SYSTEM_ZONE 0x16
#define CRYPTORF_VERIFY_CRYPTO 0x18
#define CRYPTORF_SEND_CHECKSUM 0x19
#define CRYPTORF_DESELECT 0x1A
#define CRYPTORF_IDLE 0x1B
#define CRYPTORF_CHECK_PASSWORD 0x1C
// defined Crypto RF errors
#define CRYPTORF_ERR_ACCESS_DENIED_ZONE 0x99
#define CRYPTORF_ERR_PARAM_INVALID 0xA1
#define CRYPTORF_ERR_ADDRES_INVALID 0xA2
#define CRYPTORF_ERR_LENGTH_INVALID 0xA3
#define CRYPTORF_ERR_AUTH_ENC_REQ 0xA9
#define CRYPTORF_ERR_ACCESS_DENIED_WLOCK 0xB9
#define CRYPTORF_ERR_BYTE_ACCESS_DENIED_NOT_ALLOWED 0xBA
#define CRYPTORF_ERR_ACCESS_DENIED_NOT_ALLOWED 0xBA
#define CRYPTORF_ERR_BYTE_ACCESS_DENIED_PASSWD_REQ 0xBC
#define CRYPTORF_ERR_CHECKSUM_FAIL2 0xC8
#define CRYPTORF_ERR_CHECKSUM_FAIL 0xC9
#define CRYPTORF_ERR_PASSWD_REQ 0xD9
#define CRYPTORF_ERR_FUSE_ACCESS_DENIED 0xDF
#define CRYPTORF_ERR_MODIFY_FORBIDDEN 0xE9
#define CRYPTORF_ERR_ACCESS_DENIED_FUSE_ORDR 0xE9
#define CRYPTORF_ERR_MEMORY_WRITE_DATA_M 0xED
#define CRYPTORF_ERR_MEMORY_ACCESS 0xEE
#define CRYPTORF_ERR_MEMORY_ACCESS_SEC 0xF9
//First byte is 26
#define ISO15693_INVENTORY 0x01
#define ISO15693_STAYQUIET 0x02
//First byte is 02
#define ISO15693_READBLOCK 0x20
#define ISO15693_WRITEBLOCK 0x21
#define ISO15693_LOCKBLOCK 0x22
#define ISO15693_READ_MULTI_BLOCK 0x23
#define ISO15693_WRITE_MULTI_BLOCK 0x24
#define ISO15693_SELECT 0x25
#define ISO15693_RESET_TO_READY 0x26
#define ISO15693_WRITE_AFI 0x27
#define ISO15693_LOCK_AFI 0x28
#define ISO15693_WRITE_DSFID 0x29
#define ISO15693_LOCK_DSFID 0x2A
#define ISO15693_GET_SYSTEM_INFO 0x2B
#define ISO15693_READ_MULTI_SECSTATUS 0x2C
// NXP/Philips custom commands
#define ISO15693_INVENTORY_READ 0xA0
#define ISO15693_FAST_INVENTORY_READ 0xA1
#define ISO15693_SET_EAS 0xA2
#define ISO15693_RESET_EAS 0xA3
#define ISO15693_LOCK_EAS 0xA4
#define ISO15693_EAS_ALARM 0xA5
#define ISO15693_PASSWORD_PROTECT_EAS 0xA6
#define ISO15693_WRITE_EAS_ID 0xA7
#define ISO15693_READ_EPC 0xA8
#define ISO15693_GET_NXP_SYSTEM_INFO 0xAB
#define ISO15693_INVENTORY_PAGE_READ 0xB0
#define ISO15693_FAST_INVENTORY_PAGE_READ 0xB1
#define ISO15693_GET_RANDOM_NUMBER 0xB2
#define ISO15693_SET_PASSWORD 0xB3
#define ISO15693_WRITE_PASSWORD 0xB4
#define ISO15693_LOCK_PASSWORD 0xB5
#define ISO15693_PROTECT_PAGE 0xB6
#define ISO15693_LOCK_PAGE_PROTECTION 0xB7
#define ISO15693_GET_MULTI_BLOCK_PROTECTION 0xB8
#define ISO15693_DESTROY 0xB9
#define ISO15693_ENABLE_PRIVACY 0xBA
#define ISO15693_64BIT_PASSWORD_PROTECTION 0xBB
#define ISO15693_STAYQUIET_PERSISTENT 0xBC
#define ISO15693_READ_SIGNATURE 0xBD
// Topaz command set:
#define TOPAZ_REQA 0x26 // Request
#define TOPAZ_WUPA 0x52 // WakeUp
#define TOPAZ_RID 0x78 // Read ID
#define TOPAZ_RALL 0x00 // Read All (all bytes)
#define TOPAZ_READ 0x01 // Read (a single byte)
#define TOPAZ_WRITE_E 0x53 // Write-with-erase (a single byte)
#define TOPAZ_WRITE_NE 0x1a // Write-no-erase (a single byte)
// additional commands for Dynamic Memory Model
#define TOPAZ_RSEG 0x10 // Read segment
#define TOPAZ_READ8 0x02 // Read (eight bytes)
#define TOPAZ_WRITE_E8 0x54 // Write-with-erase (eight bytes)
#define TOPAZ_WRITE_NE8 0x1B // Write-no-erase (eight bytes)
// Definitions of which protocol annotations there are available
#define ISO_14443A 0
#define ICLASS 1
#define ISO_14443B 2
#define TOPAZ 3
#define ISO_7816_4 4
#define MFDES 5
#define LEGIC 6
#define ISO_15693 7
#define FELICA 8
#define PROTO_MIFARE 9
#define PROTO_HITAG1 10
#define THINFILM 11
#define LTO 12
#define PROTO_HITAG2 13
#define PROTO_HITAGS 14
#define PROTO_CRYPTORF 15
#define SEOS 16
#define PROTO_MFPLUS 17
// Picopass fuses
#define FUSE_FPERS 0x80
#define FUSE_CODING1 0x40
#define FUSE_CODING0 0x20
#define FUSE_CRYPT1 0x10
#define FUSE_CRYPT0 0x08
#define FUSE_FPROD1 0x04
#define FUSE_FPROD0 0x02
#define FUSE_RA 0x01
// Picopass Pagemode fuses
#define PICOPASS_SECURE_PAGEMODE_AUTH_DISABLED 0x00
#define PICOPASS_NON_SECURE_PAGEMODE 0x01
#define PICOPASS_SECURE_PAGEMODE_KEYS_LOCKED 0x02
#define PICOPASS_SECURE_PAGEMODE_KEYS_MODIFIABLE 0x03
// ISO 7816-4 Basic interindustry commands. For command APDU's.
#define ISO7816_READ_BINARY 0xB0
#define ISO7816_WRITE_BINARY 0xD0
#define ISO7816_UPDATE_BINARY 0xD6
#define ISO7816_ERASE_BINARY 0x0E
#define ISO7816_READ_RECORDS 0xB2
#define ISO7816_WRITE_RECORDS 0xD2
#define ISO7816_APPEND_RECORD 0xE2
#define ISO7816_UPDATE_RECORD 0xDC
#define ISO7816_GET_DATA 0xCA
#define ISO7816_PUT_DATA 0xDA
#define ISO7816_SELECT_FILE 0xA4
#define ISO7816_VERIFY 0x20
#define ISO7816_INTERNAL_AUTHENTICATION 0x88
#define ISO7816_EXTERNAL_AUTHENTICATION 0x82
#define ISO7816_GET_CHALLENGE 0x84
#define ISO7816_MANAGE_CHANNEL 0x70
#define ISO7816_GET_RESPONSE 0xC0
// ISO7816-4 For response APDU's
#define ISO7816_OK 0x9000
// 6x xx = APDU ERROR CODES
// 61 xx
#define ISO7816_BYTES_REMAINING_00 0x6100 // Response bytes remaining
// 62 xx
#define ISO7816_WARNING_STATE_UNCHANGED 0x6200 // Warning, card state unchanged
#define ISO7816_DATA_CORRUPT 0x6281 // Returned data may be corrupted
#define ISO7816_FILE_EOF 0x6282 // The end of the file has been reached before the end of reading
#define ISO7816_INVALID_DF 0x6283 // Invalid DF
#define ISO7816_INVALID_FILE 0x6284 // Selected file is not valid
#define ISO7816_FILE_TERMINATED 0x6285 // File is terminated
// 63 xx
#define ISO7816_AUTH_FAILED 0x6300 // Authentification failed
#define ISO7816_FILE_FILLED 0x6381 // File filled up by the last write
// 65 xx
#define ISO7816_MEMORY_FULL 0x6501 // Memory failure
#define ISO7816_WRITE_MEMORY_ERR 0x6581 // Write problem / Memory failure / Unknown mode
// 67 xx
#define ISO7816_WRONG_LENGTH 0x6700 // Wrong length
// 68 xx
#define ISO7816_LOGICAL_CHANNEL_NOT_SUPPORTED 0x6881 // Card does not support the operation on the specified logical channel
#define ISO7816_SECURE_MESSAGING_NOT_SUPPORTED 0x6882 // Card does not support secure messaging
#define ISO7816_LAST_COMMAND_EXPECTED 0x6883 // Last command in chain expected
#define ISO7816_COMMAND_CHAINING_NOT_SUPPORTED 0x6884 // Command chaining not supported
// 69 xx
#define ISO7816_TRANSACTION_FAIL 0x6900 // No successful transaction executed during session
#define ISO7816_SELECT_FILE_ERR 0x6981 // Cannot select indicated file, command not compatible with file organization
#define ISO7816_SECURITY_STATUS_NOT_SATISFIED 0x6982 // Security condition not satisfied
#define ISO7816_FILE_INVALID 0x6983 // File invalid
#define ISO7816_DATA_INVALID 0x6984 // Data invalid
#define ISO7816_CONDITIONS_NOT_SATISFIED 0x6985 // Conditions of use not satisfied
#define ISO7816_COMMAND_NOT_ALLOWED 0x6986 // Command not allowed (no current EF)
#define ISO7816_SM_DATA_MISSING 0x6987 // Expected SM data objects missing
#define ISO7816_SM_DATA_INCORRECT 0x6988 // SM data objects incorrect
#define ISO7816_APPLET_SELECT_FAILED 0x6999 // Applet selection failed
// 6A xx
#define ISO7816_INVALID_P1P2 0x6A00 // Bytes P1 and/or P2 are invalid
#define ISO7816_WRONG_DATA 0x6A80 // Wrong data
#define ISO7816_FUNC_NOT_SUPPORTED 0x6A81 // Function not supported
#define ISO7816_FILE_NOT_FOUND 0x6A82 // File not found
#define ISO7816_RECORD_NOT_FOUND 0x6A83 // Record not found
#define ISO7816_FILE_FULL 0x6A84 // Not enough memory space in the file
#define ISO7816_LC_TLV_CONFLICT 0x6A85 // LC / TLV conlict
#define ISO7816_INCORRECT_P1P2 0x6A86 // Incorrect parameters (P1,P2)
#define ISO7816_FILE_EXISTS 0x6A89 // File exists
#define ISO7816_NOT_IMPLEMENTED 0x6AFF //
// 6x 00
#define ISO7816_WRONG_P1P2 0x6B00 // Incorrect parameters (P1,P2)
#define ISO7816_CORRECT_LENGTH_00 0x6C00 // Correct Expected Length (Le)
#define ISO7816_INS_NOT_SUPPORTED 0x6D00 // INS value not supported
#define ISO7816_CLA_NOT_SUPPORTED 0x6E00 // CLA value not supported
#define ISO7816_UNKNOWN 0x6F00 // No precise diagnosis
// MIFARE DESFire command set:
#define MFDES_AUTHENTICATE 0x0A // AUTHENTICATE_NATIVE
#define MFDES_AUTHENTICATE_ISO 0x1A // AUTHENTICATE_STANDARD
#define MFDES_AUTHENTICATE_AES 0xAA
// Leakage Resilient Primitive (LRP)
#define MFDES_AUTHENTICATE_EV2F 0x71 // LRP, AuthenticateLRPFirst
#define MFDES_AUTHENTICATE_EV2NF 0x77 // LRP, AuthenticateLRPNonFirst
#define MFDES_CREDIT 0x0C
#define MFDES_LIMITED_CREDIT 0x1C
#define MFDES_WRITE_RECORD 0x3B
#define MFDES_READSIG 0x3C
#define MFDES_WRITE_DATA 0x3D
#define MFDES_GET_KEY_SETTINGS 0x45
#define MFDES_GET_UID 0x51
#define MFDES_CHANGE_KEY_SETTINGS 0x54
#define MFDES_ROLL_KEY_SETTINGS 0x55
#define MFDES_INIT_KEY_SETTINGS 0x56
#define MFDES_FINALIZE_KEY_SETTINGS 0x57
#define MFDES_SELECT_APPLICATION 0x5A
#define MFDES_CHANGE_CONFIGURATION 0x5C
#define MFDES_CHANGE_FILE_SETTINGS 0x5F
#define MFDES_GET_VERSION 0x60
#define MFDES_GET_ISOFILE_IDS 0x61
#define MFDES_GET_KEY_VERSION 0x64
#define MFDES_GET_DELEGATE_INFO 0x69
#define MFDES_GET_APPLICATION_IDS 0x6A
#define MFDES_GET_VALUE 0x6C
#define MFDES_GET_FREE_MEMORY 0x6E
#define MFDES_GET_DF_NAMES 0x6D
#define MFDES_GET_FILE_IDS 0x6F
#define MFDES_WRITE_RECORD2 0x8B
#define MFDES_WRITE_DATA2 0x8D
#define MFDES_ABORT_TRANSACTION 0xA7
#define MFDES_READ_RECORDS2 0xAB
#define MFDES_READ_DATA2 0xAD
#define MFDES_ADDITIONAL_FRAME 0xAF
#define MFDES_UPDATE_RECORD2 0xBA
#define MFDES_READ_RECORDS 0xBB
#define MFDES_READ_DATA 0xBD
#define MFDES_CREATE_CYCLIC_RECORD_FILE 0xC0
#define MFDES_CREATE_LINEAR_RECORD_FILE 0xC1
#define MFDES_CHANGE_KEY 0xC4
#define MFDES_CHANGE_KEY_EV2 0xC6
#define MFDES_COMMIT_TRANSACTION 0xC7
#define MFDES_COMMIT_READER_ID 0xC8
#define MFDES_CREATE_DELEGATE_APP 0xC9
#define MFDES_CREATE_APPLICATION 0xCA
#define MFDES_CREATE_BACKUP_DATA_FILE 0xCB
#define MFDES_CREATE_VALUE_FILE 0xCC
#define MFDES_CREATE_STD_DATA_FILE 0xCD
#define MFDES_CREATE_TRANS_MAC_FILE 0xCE
#define MFDES_DELETE_APPLICATION 0xDA
#define MFDES_UPDATE_RECORD 0xDB
#define MFDES_DEBIT 0xDC
#define MFDES_DELETE_FILE 0xDF
#define MFDES_CLEAR_RECORD_FILE 0xEB
#define MFDES_NOTIFY_TRANSACTION_SUCCESS 0xEE // New command. Used by Apple-ECP-compliant DESFire readers to signify successful transaction
#define MFDES_PREPARE_PC 0xF0
#define MFDES_PROXIMITY_CHECK 0xF2
#define MFDES_GET_FILE_SETTINGS 0xF5
#define MFDES_FORMAT_PICC 0xFC
#define MFDES_VERIFY_PC 0xFD
#define MFDES_NATIVE_ISO7816_WRAP_CLA 0x90
// MIFARE DESFire status & error codes:
#define MFDES_S_OPERATION_OK 0x00
#define MFDES_S_NO_CHANGES 0x0C
#define MFDES_S_SIGNATURE 0x90
#define MFDES_S_ADDITIONAL_FRAME 0xAF
#define MFDES_E_OUT_OF_EEPROM 0x0E
#define MFDES_E_ILLEGAL_COMMAND_CODE 0x1C
#define MFDES_E_INTEGRITY_ERROR 0x1E
#define MFDES_E_NO_SUCH_KEY 0x40
#define MFDES_E_LENGTH 0x7E
#define MFDES_E_PERMISSION_DENIED 0x9D
#define MFDES_E_PARAMETER_ERROR 0x9E
#define MFDES_E_APPLICATION_NOT_FOUND 0xA0
#define MFDES_E_APPL_INTEGRITY 0xA1
#define MFDES_E_AUTHENTICATION_ERROR 0xAE
#define MFDES_E_BOUNDARY 0xBE
#define MFDES_E_PICC_INTEGRITY 0xC1
#define MFDES_E_COMMAND_ABORTED 0xCA
#define MFDES_E_PICC_DISABLED 0xCD
#define MFDES_E_COUNT 0xCE
#define MFDES_E_DUPLICATE 0xDE
#define MFDES_E_EEPROM 0xEE
#define MFDES_E_FILE_NOT_FOUND 0xF0
#define MFDES_E_FILE_INTEGRITY 0xF1
// MIFARE PLus EV2 Command set
// source: https://www.nxp.com/docs/en/data-sheet/MF1P(H)x2.pdf in Look-Up Tables
#define MFP_READ_SIG 0x3C // same as DESFIRE
#define MFP_WRITEPERSO 0xA8
#define MFP_COMMITPERSO 0xAA
#define MFP_AUTHENTICATEFIRST 0x70
#define MFP_AUTHENTICATEFIRST_VARIANT 0x73
#define MFP_AUTHENTICATENONFIRST 0x76
#define MFP_AUTHENTICATECONTINUE 0x72
#define MFP_AUTHENTICATESECTORSWITCH 0x7A
#define MFP_RESETAUTH 0x78
#define MFP_VCSUPPORTLASTISOL3 0x4B
#define MFP_ISOSELECT 0xA4
#define MFP_GETVERSION 0x60 // same as DESFIRE
#define MFP_ADDITIONALFRAME 0xAF
#define MFP_SETCONFIGSL1 0x44
#define MFP_MF_PERSONALIZEUIDUSAGE 0x40
// read commands
#define MFP_READENCRYPTEDNOMAC_MACED 0X30
#define MFP_READENCRYPTEDMAC_MACED 0x31
#define MFP_READPLAINNOMAC_MACED 0x32
#define MFP_READPLAINMAC_MACED 0x33
#define MFP_READENCRYPTEDNOMAC_UNMACED 0x34
#define MFP_READENCRYPTEDMAC_UNMACED 0X35
#define MFP_READPLAINNOMAC_UNMACED 0x36
#define MFP_READPLAINMAC_UNMACED 0x37
// write commands
#define MFP_WRITEENCRYPTEDNOMAC 0xA0
#define MFP_WRITEENCRYPTEDMAC 0xA1
#define MFP_WRITEPLAINNOMAC 0xA2
#define MFP_WRITEPLAINMAC 0xA3
// value commands
#define MFP_INCREMENTNOMAC 0xB0
#define MFP_INCREMENTMAC 0xB1
#define MFP_DECREMENTNOMAC 0xB2
#define MFP_DECREMENTMAC 0xB3
#define MFP_TRANSFERNOMAC 0xB4
#define MFP_TRANSFERMAC 0xB5
#define MFP_INCREMENTTRANSFERNOMAC 0xB6
#define MFP_INCREMENTTRANSFERMAC 0xB7
#define MFP_DECREMENTTRANSFERNOMAC 0xB8
#define MFP_DECREMENTTRANSFERMAC 0xB9
#define MFP_RESTORENOMAC 0xC2
#define MFP_RESTOREMAC 0xC3
// LEGIC Commands
#define LEGIC_MIM_22 0x0D
#define LEGIC_MIM_256 0x1D
#define LEGIC_MIM_1024 0x3D
#define LEGIC_ACK_22 0x19
#define LEGIC_ACK_256 0x39
#define LEGIC_READ 0x01
#define LEGIC_WRITE 0x00
/* T55x7 configuration register definitions */
#define T55x7_POR_DELAY 0x00000001
#define T55x7_ST_TERMINATOR 0x00000008
#define T55x7_PWD 0x00000010
#define T55x7_MAXBLOCK_SHIFT 5
#define T55x7_AOR 0x00000200
#define T55x7_PSKCF_RF_2 0
#define T55x7_PSKCF_RF_4 0x00000400
#define T55x7_PSKCF_RF_8 0x00000800
#define T55x7_MODULATION_DIRECT 0
#define T55x7_MODULATION_PSK1 0x00001000
#define T55x7_MODULATION_PSK2 0x00002000
#define T55x7_MODULATION_PSK3 0x00003000
#define T55x7_MODULATION_FSK1 0x00004000
#define T55x7_MODULATION_FSK2 0x00005000
#define T55x7_MODULATION_FSK1a 0x00006000
#define T55x7_MODULATION_FSK2a 0x00007000
#define T55x7_MODULATION_MANCHESTER 0x00008000
#define T55x7_MODULATION_BIPHASE 0x00010000
#define T55x7_MODULATION_DIPHASE 0x00018000
#define T55x7_X_MODE 0x00020000
#define T55x7_BITRATE_RF_8 0
#define T55x7_BITRATE_RF_16 0x00040000
#define T55x7_BITRATE_RF_32 0x00080000
#define T55x7_BITRATE_RF_40 0x000C0000
#define T55x7_BITRATE_RF_50 0x00100000
#define T55x7_BITRATE_RF_64 0x00140000
#define T55x7_BITRATE_RF_100 0x00180000
#define T55x7_BITRATE_RF_128 0x001C0000
#define T55x7_TESTMODE_DISABLED 0x60000000
/* T5555 (Q5) configuration register definitions */
#define T5555_ST_TERMINATOR 0x00000001
#define T5555_MAXBLOCK_SHIFT 0x00000001
#define T5555_MODULATION_MANCHESTER 0
#define T5555_MODULATION_PSK1 0x00000010
#define T5555_MODULATION_PSK2 0x00000020
#define T5555_MODULATION_PSK3 0x00000030
#define T5555_MODULATION_FSK1 0x00000040
#define T5555_MODULATION_FSK2 0x00000050
#define T5555_MODULATION_BIPHASE 0x00000060
#define T5555_MODULATION_DIRECT 0x00000070
#define T5555_INVERT_OUTPUT 0x00000080
#define T5555_PSK_RF_2 0
#define T5555_PSK_RF_4 0x00000100
#define T5555_PSK_RF_8 0x00000200
#define T5555_USE_PWD 0x00000400
#define T5555_USE_AOR 0x00000800
#define T5555_SET_BITRATE(x) (((x-2)/2)<<12)
#define T5555_GET_BITRATE(x) ((((x >> 12) & 0x3F)*2)+2)
#define T5555_BITRATE_SHIFT 12 //(RF=2n+2) ie 64=2*0x1F+2 or n = (RF-2)/2
#define T5555_FAST_WRITE 0x00004000
#define T5555_PAGE_SELECT 0x00008000
#define T5555_FIXED 0x60000000
#define T55XX_WRITE_TIMEOUT 1500
// em4x05 & em4x69 chip configuration register definitions
#define EM4x05_GET_BITRATE(x) ((((x) & 0x3F) * 2) + 2)
// Note: only data rates 8, 16, 32, 40(*) and 64 are supported. (*) only with EM4305 330pF
#define EM4x05_SET_BITRATE(x) (((x) - 2) / 2)
#define EM4x05_MODULATION_NRZ 0x00000000
#define EM4x05_MODULATION_MANCHESTER 0x00000040
#define EM4x05_MODULATION_BIPHASE 0x00000080
#define EM4x05_MODULATION_MILLER 0x000000C0 //not supported by all 4x05/4x69 chips
#define EM4x05_MODULATION_PSK1 0x00000100 //not supported by all 4x05/4x69 chips
#define EM4x05_MODULATION_PSK2 0x00000140 //not supported by all 4x05/4x69 chips
#define EM4x05_MODULATION_PSK3 0x00000180 //not supported by all 4x05/4x69 chips
#define EM4x05_MODULATION_FSK1 0x00000200 //not supported by all 4x05/4x69 chips
#define EM4x05_MODULATION_FSK2 0x00000240 //not supported by all 4x05/4x69 chips
#define EM4x05_PSK_RF_2 0
#define EM4x05_PSK_RF_4 0x00000400
#define EM4x05_PSK_RF_8 0x00000800
#define EM4x05_MAXBLOCK_SHIFT 14
#define EM4x05_FIRST_USER_BLOCK 5
#define EM4x05_SET_NUM_BLOCKS(x) (( (x) + 4) << 14) //# of blocks sent during default read mode
#define EM4x05_GET_NUM_BLOCKS(x) ((( (x) >> 14) & 0xF) - 4)
#define EM4x05_READ_LOGIN_REQ (1 << 18)
#define EM4x05_READ_HK_LOGIN_REQ (1 << 19)
#define EM4x05_WRITE_LOGIN_REQ (1 << 20)
#define EM4x05_WRITE_HK_LOGIN_REQ (1 << 21)
#define EM4x05_READ_AFTER_WRITE (1 << 22)
#define EM4x05_DISABLE_ALLOWED (1 << 23)
#define EM4x05_READER_TALK_FIRST (1 << 24)
#define EM4x05_INVERT (1 << 25)
#define EM4x05_PIGEON (1 << 26)
// FeliCa protocol
#define FELICA_POLL_REQ 0x00
#define FELICA_POLL_ACK 0x01
#define FELICA_REQSRV_REQ 0x02
#define FELICA_REQSRV_ACK 0x03
#define FELICA_REQRESP_REQ 0x04
#define FELICA_REQRESP_ACK 0x05
#define FELICA_RDBLK_REQ 0x06
#define FELICA_RDBLK_ACK 0x07
#define FELICA_WRTBLK_REQ 0x08
#define FELICA_WRTBLK_ACK 0x09
#define FELICA_SRCHSYSCODE_REQ 0x0a
#define FELICA_SRCHSYSCODE_ACK 0x0b
#define FELICA_REQSYSCODE_REQ 0x0c
#define FELICA_REQSYSCODE_ACK 0x0d
#define FELICA_AUTH1_REQ 0x10
#define FELICA_AUTH1_ACK 0x11
#define FELICA_AUTH2_REQ 0x12
#define FELICA_AUTH2_ACK 0x13
#define FELICA_RDSEC_REQ 0x14
#define FELICA_RDSEC_ACK 0x15
#define FELICA_WRTSEC_REQ 0x16
#define FELICA_WRTSEC_ACK 0x17
#define FELICA_REQSRV2_REQ 0x32
#define FELICA_REQSRV2_ACK 0x33
#define FELICA_GETSTATUS_REQ 0x38
#define FELICA_GETSTATUS_ACK 0x39
#define FELICA_OSVER_REQ 0x3c
#define FELICA_OSVER_ACK 0x3d
#define FELICA_RESET_MODE_REQ 0x3e
#define FELICA_RESET_MODE_ACK 0x3f
#define FELICA_AUTH1V2_REQ 0x40
#define FELICA_AUTH1V2_ACK 0x41
#define FELICA_AUTH2V2_REQ 0x42
#define FELICA_AUTH2V2_ACK 0x43
#define FELICA_RDSECV2_REQ 0x44
#define FELICA_RDSECV2_ACK 0x45
#define FELICA_WRTSECV2_REQ 0x46
#define FELICA_WRTSECV2_ACK 0x47
#define FELICA_UPDATE_RNDID_REQ 0x4C
#define FELICA_UPDATE_RNDID_ACK 0x4D
// FeliCa SYSTEM list
#define SYSTEMCODE_ANY 0xffff // ANY
#define SYSTEMCODE_FELICA_LITE 0x88b4 // FeliCa Lite
#define SYSTEMCODE_COMMON 0xfe00 // Common
#define SYSTEMCODE_EDY 0xfe00 // Edy
#define SYSTEMCODE_CYBERNE 0x0003 // Cyberne
#define SYSTEMCODE_SUICA 0x0003 // Suica
#define SYSTEMCODE_PASMO 0x0003 // Pasmo
//FeliCa Service list Suica/pasmo (little endian)
#define SERVICE_SUICA_INOUT 0x108f // SUICA/PASMO
#define SERVICE_SUICA_HISTORY 0x090f // SUICA/PASMO
#define SERVICE_FELICA_LITE_READONLY 0x0b00 // FeliCa Lite RO
#define SERVICE_FELICA_LITE_READWRITE 0x0900 // FeliCa Lite RW
// Calypso protocol
#define CALYPSO_GET_RESPONSE 0xC0
#define CALYPSO_SELECT 0xA4
#define CALYPSO_INVALIDATE 0x04
#define CALYPSO_REHABILITATE 0x44
#define CALYPSO_APPEND_RECORD 0xE2
#define CALYPSO_DECREASE 0x30
#define CALYPSO_INCREASE 0x32
#define CALYPSO_READ_BINARY 0xB0
#define CALYPSO_READ_RECORD 0xB2
#define CALYPSO_UPDATE_BINARY 0xD6
#define CALYPSO_UPDATE_RECORD 0xDC
#define CALYPSO_WRITE_RECORD 0xD2
#define CALYPSO_OPEN_SESSION 0x8A
#define CALYPSO_CLOSE_SESSION 0x8E
#define CALYPSO_GET_CHALLENGE 0x84
#define CALYPSO_CHANGE_PIN 0xD8
#define CALYPSO_VERIFY_PIN 0x20
#define CALYPSO_SV_GET 0x7C
#define CALYPSO_SV_DEBIT 0xBA
#define CALYPSO_SV_RELOAD 0xB8
#define CALYPSO_SV_UN_DEBIT 0xBC
#define CALYPSO_SAM_SV_DEBIT 0x54
#define CALYPSO_SAM_SV_RELOAD 0x56
// HITAG1 commands
#define HITAG1_SET_CCNEW 0xC2 // left 5 bits only
#define HITAG1_READ_ID 0x00 // not a real command, consists of 5 bits length, <length> bits partial SN, 8 bits CRC
#define HITAG1_SELECT 0x00 // left 5 bits only, followed by 32 bits SN and 8 bits CRC
#define HITAG1_WRPPAGE 0x80 // left 4 bits only, followed by 8 bits page and 8 bits CRC
#define HITAG1_WRPBLK 0x90 // left 4 bits only, followed by 8 bits block and 8 bits CRC
#define HITAG1_WRCPAGE 0xA0 // left 4 bits only, followed by 8 bits page or key information and 8 bits CRC
#define HITAG1_WRCBLK 0xB0 // left 4 bits only, followed by 8 bits block and 8 bits CRC
#define HITAG1_RDPPAGE 0xC0 // left 4 bits only, followed by 8 bits page and 8 bits CRC
#define HITAG1_RDPBLK 0xD0 // left 4 bits only, followed by 8 bits block and 8 bits CRC
#define HITAG1_RDCPAGE 0xE0 // left 4 bits only, followed by 8 bits page and 8 bits CRC
#define HITAG1_RDCBLK 0xF0 // left 4 bits only, followed by 8 bits block and 8 bits CRC
#define HITAG1_HALT 0x70 // left 4 bits only, followed by 8 bits (dummy) page and 8 bits CRC
// HITAG2 commands
#define HITAG2_START_AUTH 0x3 // left 5 bits only
#define HITAG2_HALT 0x0 // left 5 bits only
#define HITAG2_READ_PAGE 0x3 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits
#define HITAG2_READ_PAGE_INVERTED 0x1 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits
#define HITAG2_WRITE_PAGE 0x2 // page number in bits 5 to 3, page number
// HITAG S commands
#define HITAGS_QUIET 0x70
//inverted in bit 0 and following 2 bits
#define HITAGS_WRITE_BLOCK 0x90
// LTO-CM commands
#define LTO_REQ_STANDARD 0x45
#define LTO_REQ_ALL 0x4A
#define LTO_READWORD 0x40 // read 2 bytes (word)
#define LTO_READBLOCK 0x30
#define LTO_READBLOCK_CONT 0x80
#define LTO_SELECT 0x93
#define LTO_WRITEWORD 0xB0 // write 2 bytes (word)
#define LTO_WRITEBLOCK 0xA0
#define LTO_HALT 0x50
#define LTO_TEST_CMD_1 0x0E
#define LTO_TEST_CMD_2 0x6C
// 0x0A = ACK
// 0x05 = NACK
#endif
// PROTOCOLS_H