ADD: well, starting with a luascript for reading calypso tags, made me remake the 14b raw command on client and device side. Sorry @marshmellow42 , but this one broke your "hf 14b info" implementation. I fixed the "hf 14b read" and the hf search. So not to bad, but still a bit broken. The 14b raw device side is now very similar to 14a raw. Which is good. There is a Standard 14b 0x050008 detection and STmicroelectronic 0x0600 detection on deviceside. This removes a lot of code client side.

I also made the SRi read functions better by combining them. The demodulation / uart code should be the same as last summers changes. The device side code can now be even smaller.
2016-03-20 19:33:07 +01:00
parent 790e8eae09
commit 6fc68747f6
17 changed files with 937 additions and 876 deletions
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@@ -734,7 +734,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
 	datalen = (datalen > USB_CMD_DATA_SIZE) ? USB_CMD_DATA_SIZE : datalen;
 		
    c.arg[1] = (datalen & 0xFFFF) | (uint32_t)(numbits << 16);
-    memcpy(c.d.asBytes,data,datalen);
+    memcpy(c.d.asBytes, data, datalen);

 	clearCommandBuffer();
    SendCommand(&c);
@@ -749,26 +749,15 @@ int CmdHF14ACmdRaw(const char *cmd) {
 }

 static void waitCmd(uint8_t iSelect) {
-    uint8_t *recv;
    UsbCommand resp;
-    char *hexout;
+    uint16_t len = 0;

-    if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
-        recv = resp.d.asBytes;
-        uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
-        PrintAndLog("received %i octets",iLen);
-        if(!iLen)
+    if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {        
+        len = iSelect ? (resp.arg[1] & 0xffff) : (resp.arg[0]  & 0xffff);
+        PrintAndLog("received %i octets", len);
+        if(!len)
            return;
-        hexout = (char *)malloc(iLen * 3 + 1);
-        if (hexout != NULL) {
-            for (int i = 0; i < iLen; i++) { // data in hex
-                sprintf(&hexout[i * 3], "%02X ", recv[i]);
-            }
-            PrintAndLog("%s", hexout);
-            free(hexout);
-        } else {
-            PrintAndLog("malloc failed your client has low memory?");
-        }
+		PrintAndLog("%s", sprint_hex(resp.d.asBytes, len) );
    } else {
        PrintAndLog("timeout while waiting for reply.");
    }
--- a/client/cmdhf14b.c
+++ b/client/cmdhf14b.c
--- a/client/cmdhf14b.h
+++ b/client/cmdhf14b.h
@@ -11,14 +11,46 @@
 #ifndef CMDHF14B_H__
 #define CMDHF14B_H__

+#include "iso14443crc.h"
+#include "proxmark3.h"
+#include "data.h"
+#include "graph.h"
+#include "util.h"
+#include "ui.h"
+#include "cmdparser.h"
+#include "cmdmain.h"
+#include "cmdhf14a.h"
+#include "tea.h"
+#include "cmdhf.h"
+#include "prng.h"
+#include "sha1.h"
+#include "mifare.h"		// structs/enum for ISO14B
+#include "protocols.h"	// definitions of ISO14B protocol
+
+
+int usage_hf_14b_info(void);
+int usage_hf_14b_reader(void);
+int usage_hf_14b_raw(void);
+int usage_hf_14b_snoop(void);
+int usage_hf_14b_sim(void);
+int usage_hf_14b_read_srx(void);
+int usage_hf_14b_write_srx(void);
+
 int CmdHF14B(const char *Cmd);
 int CmdHF14BList(const char *Cmd);
 int CmdHF14BInfo(const char *Cmd);
 int CmdHF14BSim(const char *Cmd);
 int CmdHF14BSnoop(const char *Cmd);
-int CmdSri512Read(const char *Cmd);
-int CmdSrix4kRead(const char *Cmd);
 int CmdHF14BWrite( const char *cmd);
-int HF14BInfo(bool verbose);
+int CmdHF14BReader(const char *Cmd);

+bool HF14BInfo(bool verbose);
+bool HF14BReader(bool verbose);
+int CmdHF14BCmdRaw (const char *Cmd);
+
+// SRi  ST Microelectronics read/write 
+int CmdHF14BReadSri(const char *Cmd);
+int CmdHF14BWriteSri(const char *Cmd);
+
+bool waitCmd(bool verbose);
 #endif
--- a/client/hid-flasher/usb_cmd.h
+++ b/client/hid-flasher/usb_cmd.h
@@ -101,8 +101,7 @@ typedef struct {

 // For the 13.56 MHz tags
 #define CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693                             0x0300
-#define CMD_READ_SRI512_TAG                                               0x0303
-#define CMD_READ_SRIX4K_TAG                                               0x0304
+#define CMD_READ_SRI_TAG                                               	  0x0303
 #define CMD_ISO_14443B_COMMAND                                            0x0305
 #define CMD_READER_ISO_15693                                              0x0310
 #define CMD_SIMTAG_ISO_15693                                              0x0311
--- a/client/lualibs/commands.lua
+++ b/client/lualibs/commands.lua
@@ -67,8 +67,7 @@ local _commands = {

 	--// For the 13.56 MHz tags
 	CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693 =                              0x0300,
-	CMD_READ_SRI512_TAG =                                                0x0303,
-	CMD_READ_SRIX4K_TAG =                                                0x0304,
+	CMD_READ_SRI_TAG =                                                   0x0303,
 	CMD_ISO_14443B_COMMAND =											 0x0305,
 	CMD_READER_ISO_15693 =                                               0x0310,
 	CMD_SIMTAG_ISO_15693 =                                               0x0311,
@@ -238,6 +237,6 @@ function Command:getBytes()
 	local data  = self.data
 	local cmd = self.cmd 
 	local arg1, arg2, arg3 = self.arg1, self.arg2, self.arg3
-	return bin.pack("LLLLH",cmd, arg1, arg2, arg3, data);
+	return bin.pack("LLLLH", cmd, arg1, arg2, arg3, data);
 end
 return _commands
--- a/client/lualibs/read14b.lua
+++ b/client/lualibs/read14b.lua
@@ -1,4 +1,3 @@
-
 --[[
 	This is a library to read 14443b tags. It can be used something like this

@@ -14,45 +13,57 @@
 -- Loads the commands-library
 local cmds = require('commands')
 local utils = require('utils')
-local TIMEOUT = 10000 -- Shouldn't take longer than 2 seconds
+local TIMEOUT = 4000
+local ISO14B_COMMAND = {
+	ISO14B_CONNECT = 1,
+	ISO14B_DISCONNECT = 2,
+	ISO14B_APDU = 4,
+	ISO14B_RAW = 8,
+	ISO14B_REQUEST_TRIGGER = 0x10,
+	ISO14B_APPEND_CRC = 0x20,
+	ISO14B_SELECT_STD = 0x40,
+	ISO14B_SELECT_SR = 0x80,
+}

-local function parse1443b_reqb(data)
+local function parse1443b(data)
 	--[[
-	--]]
-	local pcb = data:sub(1,2)
-	local uid = data:sub(3,10)
-	local pps = data:sub(11,18)
-	local ats = data:sub(19,24)
-	local crc = data:sub(25,29)
-	return { pcb = pcb, uid = uid, pps = pps, ats = ats, crc = crc, cid = '' }
-end
+	
+	Based on this struct : 
+	
+	typedef struct {
+		byte_t uid[10];
+		byte_t uidlen;
+		byte_t atqb[7];
+		byte_t chipid;
+		byte_t cid;
+	} __attribute__((__packed__)) iso14b_card_select_t;

-local function parse1443b_attrib(data)
-	--[[
 	--]]
-	local attrib = data:sub(1,2)
-	local crc = data:sub(3,7)
-	return { attrib = attrib, crc = crc }
+	
+	local count, uid, uidlen, atqb, chipid, cid = bin.unpack('H10CH7CC',data)
+	uid = uid:sub(1,2*uidlen)
+	return { uid = uid, uidlen = uidlen, atqb = atqb, chipid = chipid, cid = cid }
 end

-
 --- Sends a USBpacket to the device
 -- @param command - the usb packet to send
-- @param readresponse - if set to true, we read the device answer packet 
+-- @param ignoreresponse - if set to true, we don't read the device answer packet 
 -- 		which is usually recipe for fail. If not sent, the host will wait 2s for a 
 -- 		response of type CMD_ACK
 -- @return 	packet,nil if successfull
 --			nil, errormessage if unsuccessfull
-local function sendToDevice(cmd, readresponse)
-	core.clearCommandBuffer()
+local function sendToDevice(cmd, ignoreresponse)
+	--core.clearCommandBuffer()
+	local bytes = cmd:getBytes()
+	local count,c,arg0,arg1,arg2 = bin.unpack('LLLL',bytes)
 	local err = core.SendCommand(cmd:getBytes())
 	if err then
-		print(err)
+		print('ERROR',err)
 		return nil, err
 	end
-	if readresponse == 0 then return '',nil end
+	if ignoreresponse then return nil,nil end
+	
 	local response = core.WaitForResponseTimeout(cmds.CMD_ACK, TIMEOUT)
-	if response == nil then return nil, nil	end
 	return response,nil
 end
 --- Picks out and displays the data read from a tag
@@ -63,133 +74,63 @@ end
 -- @param usbpacket the data received from the device
 local function showData(usbpacket)
 	local response = Command.parse(usbpacket)
-	local len = tonumber(response.arg1) * 2
+	local len = response.arg2 * 2
 	local data = string.sub(response.data, 0, len);
 	print("<< ",data)
 end

---
-- Sends a usbpackage ,  "hf 14b raw" and the 14bCrc is added to the rawdata before sending
-local function sendRaw(rawdata, readresponse, addcrc)
-	-- add crc first
-	local rawdata_crc = rawdata
-	if ( addcrc == 1) then 
-		rawdata_crc = utils.Crc14b(rawdata)	
-	end
-	print(">> ", rawdata_crc)
-	
-	local command = Command:new{cmd = cmds.CMD_ISO_14443B_COMMAND, 
-								arg1 = #rawdata_crc/2, 	-- LEN of data, which is half the length of the ASCII-string rawdata
-								arg2 = readresponse, 	-- read response
-								arg3 = 1,  				-- leave power on
-								data = rawdata_crc}		-- raw data bytes 
-	return sendToDevice(command, readresponse) 
-end

 -- This function does a connect and retrieves some info
 -- @return if successfull: an table containing card info
 -- @return if unsuccessfull : nil, error
+local function read14443b(disconnect)

-- void SendRawCommand14443B(uint32_t datalen, uint32_t recv, uint8_t powerfield, uint8_t data[])
-local function select1443b()
+	local command, result, info, err, data

-	local result, infoReqb, infoAttrib, infoPong, err, resp, len, data
-	local goodReqbResponse = false
-	--REQB
-	local p = 20
-	while p > 0 do
-		-- 05 00 08
-		-- 05
-		--   command (REQB/WUPB)
-		-- 00
-		--   AFI application family identifier  ( 00 == all sorts)
-		-- 08  (ie WUPB)
-		--   bit 0-1-2   | N slots  ( 0 = 1, 1 = 2, 2 = 4, 3 = 8, 4 == 16)
-		--   bit 3 		 | (1== WUPB, 0 == REQB)  
-		--   bit 4-5-6-7 | AFI application family identifier
-		local result, err = sendRaw('050008', 1, 1)
-		if result then
-			resp = Command.parse( result )
-			len = tonumber(resp.arg1) * 2
-			local data = string.sub(resp.data, 0, len)
-			if ( resp.arg1 == 14 ) then
-				--print ('DATA ::', data)
-				infoReqb, err = parse1443b_reqb(data)
-				--print(infoReqb.pcb, infoReqb.uid, infoReqb.pps, infoReqb.ats, infoReqb.crc)
-				goodReqbResponse = true
-				break -- break while loop. REQB got a good response
-			end
-		end
-		
-		-- send some strange 0A/0C
-		-- if ( p < 3) then
-			-- sendRaw('0A', 0, 0)
-			-- sendRaw('0C', 0, 0)
-		-- end
-		
-		p = p - 1
-		print('retrying')
-	end
-
-	if goodReqbResponse == false then 
-		err = "No response from card"
-		print(err) 
-		return nil, err	
-	end
-	--SLOT MARKER
-	-- result, err = sendRaw('05', 1, 1)
-	-- if result then
-		-- showData(result)
-		-- resp = Command.parse( result )
-		-- if arg1 == 0 then 
-			-- return nil, "iso14443b card - SLOT MARKER failed"
-		-- end
-		-- len = tonumber(resp.arg1) * 2
-		-- data = string.sub(resp.data, 0, len)
-		-- infoAttrib, err = parse1443b_attrib(data)
-		-- print( infoAttrib.attrib, infoAttrib.crc)		
-	-- else
-		-- err ="No response from card"
-		-- print(err) 
-		-- return nil, err
-	-- end
+	local flags = ISO14B_COMMAND.ISO14B_CONNECT + 
+				  ISO14B_COMMAND.ISO14B_SELECT_STD
 	
-	--ATTRIB
-	local cid = '00'
-	result, err = sendRaw('1D'..infoReqb.uid..'000801'..cid, 1, 1)
+	if disconnect then
+		print('DISCONNECT')
+		flags = flags + ISO14B_COMMAND.ISO14B_DISCONNECT
+	end
+
+	command = Command:new{cmd = cmds.CMD_ISO_14443B_COMMAND, arg1 = flags}
+	local result,err = sendToDevice(command, false) 
 	if result then
-		showData(result)
-		resp = Command.parse( result )
-		if resp.arg1 == 0 then 
-			return nil, "iso14443b card - ATTRIB failed"
+		local count,cmd,arg0,arg1,arg2 = bin.unpack('LLLL',result)
+		if arg0 == 0 then 
+			data = string.sub(result, count)
+			info, err = parse1443b(data)
+		else
+			err = "iso14443b card select failed"
 		end
-		len = tonumber(resp.arg1) * 2
-		data = string.sub(resp.data, 0, len)
-		infoAttrib, err = parse1443b_attrib(data)
-		infoReqb.cid = infoAttrib.attrib:sub(2,2)
 	else
-		err ="No response from card"
+		err = "No response from card"
+	end
+
+	if err then 
 		print(err) 
 		return nil, err
 	end
-	
-	--PING / PONG - Custom Anticollison for Navigo.
-	local ping = ('BA00')
-	result, err = sendRaw(ping, 1, 1)
-	if result then
-		resp = Command.parse( result )
-		if arg1 == 0 then 
-			return nil, "iso14443b card - PING/PONG failed"
-		end		
-		showData(result)
-	else
-		err = "No response from card"
-		print(err) 
-		return nil, err
-	end
-
-	return infoReqb
+	return info
 end
+--PING / PONG - Custom Anticollison for Navigo.
+-- AA / BB ?!?
+-- local ping = ('BA00')
+-- result, err = sendRaw(ping, 1, 1)
+-- if result then
+	-- resp = Command.parse( result )
+	-- if arg1 == 0 then 
+		-- return nil, "iso14443b card - PING/PONG failed"
+	-- end		
+	-- showData(result)
+-- else
+	-- err = "No response from card"
+	-- print(err) 
+	-- return nil, err
+-- end
+

 ---
 -- Waits for a mifare card to be placed within the vicinity of the reader. 
@@ -198,42 +139,20 @@ end
 local function waitFor14443b()
 	print("Waiting for card... press any key to quit")
 	while not core.ukbhit() do
-		res, err = select1443b()
+		res, err = read14443b(false)
 		if res then return res end
-		if res == nil then return nil, err end
 		-- err means that there was no response from card
 	end
 	return nil, "Aborted by user"
 end

-local function disconnect(uid)
-
-	local halt = ('50'..uid) -- 50 UID0 UID1 UID2 UID3 CRC1 CRC2
-	result, err = sendRaw(halt, 1, 1)
-	if result then
-		resp = Command.parse( result )
-		showData(result)  -- expected answer is 00 CRC1 CRC2
-	else
-		err = "No response from card"
-		print(err) 
-		return nil, err
-	end
-
-	-- shutdown raw command / pm3 device.
-	local command = Command:new{ cmd = cmds.CMD_ISO_14443B_COMMAND, arg1 = 0, arg2 = 0, arg3 = 0 }
-	-- We can ignore the response here, no ACK is returned for this command
-	-- Check /armsrc/iso14443b.c, SendRawCommand14443B() for details
-	return sendToDevice(command, 0) 
-end
-
 local library = {
-	select1443b = select1443b,
-	select 	= select1443b,
+	parse1443b  = parse1443b,
+	read1443b 	= read14443b,
 	waitFor14443b = waitFor14443b,
 	sendToDevice = sendToDevice,
-	disconnect = disconnect,
-	sendRaw = sendRaw,
 	showData = showData,
+	ISO14B_COMMAND = ISO14B_COMMAND,
 }

 return library