Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to hts #2529

Merged
merged 2 commits into from
Sep 22, 2024
Merged

Move to hts #2529

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0614251
refactor: move `lf hitag sim --hts` to `lf hitag hts`
douniwan5788 Sep 20, 2024
eb3cd2a
refactor: move `lf hitag read/write --hts` to `lf hitag hts rdbl/wrbl`
douniwan5788 Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
137 changes: 25 additions & 112 deletions client/src/cmdlfhitag.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -906,17 +906,13 @@ static int CmdLFHitagRd(const char *Cmd) {

CLIParserContext *ctx;
CLIParserInit(&ctx, "lf hitag read",
"Read Hitag memory. It support Hitag S and Hitag 2\n\n"
"Read Hitag memory. It support Hitag 2\n\n"
" Password mode:\n"
" - default key 4D494B52 (MIKR)\n\n"
" Crypto mode: \n"
" - key format ISK high + ISK low\n"
" - default key 4F4E4D494B52 (ONMIKR)\n"
,
" lf hitag read --hts -> Hitag S, plain mode\n"
" lf hitag read --hts --nrar 0102030411223344 -> Hitag S, challenge mode\n"
" lf hitag read --hts --crypto -> Hitag S, crypto mode, def key\n"
" lf hitag read --hts -k 4F4E4D494B52 -> Hitag S, crypto mode\n\n"
" lf hitag read --ht2 --pwd -> Hitag 2, pwd mode, def key\n"
" lf hitag read --ht2 -k 4D494B52 -> Hitag 2, pwd mode\n"
" lf hitag read --ht2 --nrar 0102030411223344 -> Hitag 2, challenge mode\n"
Expand All @@ -926,7 +922,6 @@ static int CmdLFHitagRd(const char *Cmd) {

void *argtable[] = {
arg_param_begin,
arg_lit0("s", "hts", "Hitag S"),
arg_lit0("2", "ht2", "Hitag 2"),
arg_lit0(NULL, "pwd", "password mode"),
arg_str0(NULL, "nrar", "<hex>", "nonce / answer writer, 8 hex bytes"),
Expand All @@ -939,25 +934,24 @@ static int CmdLFHitagRd(const char *Cmd) {
CLIExecWithReturn(ctx, Cmd, argtable, false);

bool use_ht1 = false; // not yet implemented
bool use_hts = arg_get_lit(ctx, 1);
bool use_ht2 = arg_get_lit(ctx, 2);
bool use_ht2 = arg_get_lit(ctx, 1);
bool use_htm = false; // not yet implemented

bool use_plain = false;
bool use_pwd = arg_get_lit(ctx, 3);
bool use_pwd = arg_get_lit(ctx, 2);
uint8_t nrar[8];
int nalen = 0;
int res = CLIParamHexToBuf(arg_get_str(ctx, 4), nrar, sizeof(nrar), &nalen);
int res = CLIParamHexToBuf(arg_get_str(ctx, 3), nrar, sizeof(nrar), &nalen);
if (res != 0) {
CLIParserFree(ctx);
return PM3_EINVARG;
}
bool use_nrar = nalen > 0;
bool use_crypto = arg_get_lit(ctx, 5);
bool use_crypto = arg_get_lit(ctx, 4);

uint8_t key[6];
int keylen = 0;
res = CLIParamHexToBuf(arg_get_str(ctx, 6), key, sizeof(key), &keylen);
res = CLIParamHexToBuf(arg_get_str(ctx, 5), key, sizeof(key), &keylen);
if (res != 0) {
CLIParserFree(ctx);
return PM3_EINVARG;
Expand All @@ -967,11 +961,11 @@ static int CmdLFHitagRd(const char *Cmd) {
CLIParserFree(ctx);

// sanity checks
if ((use_ht1 + use_ht2 + use_hts + use_htm) > 1) {
if ((use_ht1 + use_ht2 + use_htm) > 1) {
PrintAndLogEx(ERR, "error, specify only one Hitag type");
return PM3_EINVARG;
}
if ((use_ht1 + use_ht2 + use_hts + use_htm) == 0) {
if ((use_ht1 + use_ht2 + use_htm) == 0) {
PrintAndLogEx(ERR, "error, specify one Hitag type");
return PM3_EINVARG;
}
Expand Down Expand Up @@ -1008,16 +1002,7 @@ static int CmdLFHitagRd(const char *Cmd) {
PrintAndLogEx(WARNING, "Specify only one authentication mode");
return PM3_EINVARG;
} else if (foo == 0) {
if (use_hts) {
use_plain = true;
} else {
PrintAndLogEx(WARNING, "Specify one authentication mode");
return PM3_EINVARG;
}
}

if (use_hts && use_pwd) { // not sure for the other types...
PrintAndLogEx(WARNING, "Chosen Hitag type does not have Password mode");
PrintAndLogEx(WARNING, "Specify one authentication mode");
return PM3_EINVARG;
}

Expand All @@ -1030,20 +1015,7 @@ static int CmdLFHitagRd(const char *Cmd) {
memset(&packet, 0, sizeof(packet));

int pm3cmd;
if (use_hts) {
// plain mode?
pm3cmd = CMD_LF_HITAGS_READ;
} else if (use_hts && use_nrar) {
pm3cmd = CMD_LF_HITAGS_READ;
packet.cmd = RHTSF_CHALLENGE;
memcpy(packet.NrAr, nrar, sizeof(packet.NrAr));

} else if (use_hts && use_crypto) {
pm3cmd = CMD_LF_HITAGS_READ;
packet.cmd = RHTSF_KEY;
memcpy(packet.key, key, sizeof(packet.key));

} else if (use_ht2 && use_pwd) {
if (use_ht2 && use_pwd) {
pm3cmd = CMD_LF_HITAG_READER;
packet.cmd = RHT2F_PASSWORD;
memcpy(packet.pwd, key, sizeof(packet.pwd));
Expand Down Expand Up @@ -1171,17 +1143,13 @@ static int CmdLFHitag2CheckChallenges(const char *Cmd) {
static int CmdLFHitagWriter(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "lf hitag wrbl",
"Write a page in Hitag memory. It support HitagS and Hitag 2\n"
"Write a page in Hitag memory. It support Hitag 2\n"
" Password mode:\n"
" - default key 4D494B52 (MIKR)\n\n"
" Crypto mode: \n"
" - key format ISK high + ISK low\n"
" - default key 4F4E4D494B52 (ONMIKR)\n"
,
" lf hitag wrbl --hts -p 6 -d 01020304 -> HitagS, plain mode\n"
" lf hitag wrbl --hts -p 6 -d 01020304 --nrar 0102030411223344 -> HitagS, challenge mode\n"
" lf hitag wrbl --hts -p 6 -d 01020304 --crypto -> HitagS, crypto mode, def key\n"
" lf hitag wrbl --hts -p 6 -d 01020304 -k 4F4E4D494B52 -> HitagS, crypto mode\n\n"
" lf hitag wrbl --ht2 -p 6 -d 01020304 --pwd -> Hitag 2, pwd mode, def key\n"
" lf hitag wrbl --ht2 -p 6 -d 01020304 -k 4D494B52 -> Hitag 2, pwd mode\n"
" lf hitag wrbl --ht2 -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag 2, challenge mode\n"
Expand All @@ -1191,7 +1159,6 @@ static int CmdLFHitagWriter(const char *Cmd) {

void *argtable[] = {
arg_param_begin,
arg_lit0("s", "hts", "Hitag S"),
arg_lit0("2", "ht2", "Hitag 2"),
arg_lit0(NULL, "pwd", "password mode"),
arg_str0(NULL, "nrar", "<hex>", "nonce / answer writer, 8 hex bytes"),
Expand All @@ -1204,35 +1171,34 @@ static int CmdLFHitagWriter(const char *Cmd) {
CLIExecWithReturn(ctx, Cmd, argtable, false);

bool use_ht1 = false; // not yet implemented
bool use_hts = arg_get_lit(ctx, 1);
bool use_ht2 = arg_get_lit(ctx, 2);
bool use_ht2 = arg_get_lit(ctx, 1);
bool use_htm = false; // not yet implemented

bool use_plain = false;
bool use_pwd = arg_get_lit(ctx, 3);
bool use_pwd = arg_get_lit(ctx, 2);
uint8_t nrar[8];
int nalen = 0;
int res = CLIParamHexToBuf(arg_get_str(ctx, 4), nrar, sizeof(nrar), &nalen);
int res = CLIParamHexToBuf(arg_get_str(ctx, 3), nrar, sizeof(nrar), &nalen);
if (res != 0) {
CLIParserFree(ctx);
return PM3_EINVARG;
}
bool use_nrar = nalen > 0;
bool use_crypto = arg_get_lit(ctx, 5);
bool use_crypto = arg_get_lit(ctx, 4);

uint8_t key[6];
int keylen = 0;
res = CLIParamHexToBuf(arg_get_str(ctx, 6), key, sizeof(key), &keylen);
res = CLIParamHexToBuf(arg_get_str(ctx, 5), key, sizeof(key), &keylen);
if (res != 0) {
CLIParserFree(ctx);
return PM3_EINVARG;
}

int page = arg_get_int_def(ctx, 7, 0);
int page = arg_get_int_def(ctx, 6, 0);

uint8_t data[4];
int dlen = 0;
res = CLIParamHexToBuf(arg_get_str(ctx, 8), data, sizeof(data), &dlen);
res = CLIParamHexToBuf(arg_get_str(ctx, 7), data, sizeof(data), &dlen);
if (res != 0) {
CLIParserFree(ctx);
return PM3_EINVARG;
Expand All @@ -1241,11 +1207,11 @@ static int CmdLFHitagWriter(const char *Cmd) {
CLIParserFree(ctx);

// sanity checks
if ((use_ht1 + use_ht2 + use_hts + use_htm) > 1) {
if ((use_ht1 + use_ht2 + use_htm) > 1) {
PrintAndLogEx(ERR, "error, specify only one Hitag type");
return PM3_EINVARG;
}
if ((use_ht1 + use_ht2 + use_hts + use_htm) == 0) {
if ((use_ht1 + use_ht2 + use_htm) == 0) {
PrintAndLogEx(ERR, "error, specify one Hitag type");
return PM3_EINVARG;
}
Expand Down Expand Up @@ -1287,16 +1253,7 @@ static int CmdLFHitagWriter(const char *Cmd) {
PrintAndLogEx(WARNING, "Specify only one authentication mode");
return PM3_EINVARG;
} else if (foo == 0) {
if (use_hts) {
use_plain = true;
} else {
PrintAndLogEx(WARNING, "Specify one authentication mode");
return PM3_EINVARG;
}
}

if (use_hts && use_pwd) { // not sure for the other types...
PrintAndLogEx(WARNING, "Chosen Hitag type does not have Password mode");
PrintAndLogEx(WARNING, "Specify one authentication mode");
return PM3_EINVARG;
}

Expand All @@ -1308,28 +1265,7 @@ static int CmdLFHitagWriter(const char *Cmd) {
lf_hitag_data_t packet;
memset(&packet, 0, sizeof(packet));

if (use_hts && use_plain) {
packet.cmd = WHTSF_PLAIN;
packet.page = page;
memcpy(packet.data, data, sizeof(data));

PrintAndLogEx(INFO, "Write to " _YELLOW_("Hitag S") " in Plain mode");

} else if (use_hts && use_nrar) {
packet.cmd = WHTSF_CHALLENGE;
memcpy(packet.NrAr, nrar, sizeof(packet.NrAr));
memcpy(packet.data, data, sizeof(data));
// iceman: No page in Hitag S ?
PrintAndLogEx(INFO, "Authenticating to " _YELLOW_("Hitag S") " in Challenge mode");

} else if (use_hts && use_crypto) {
packet.cmd = WHTSF_KEY;
memcpy(packet.key, key, sizeof(packet.key));
memcpy(packet.data, data, sizeof(data));
// iceman: No page in Hitag S ?
PrintAndLogEx(INFO, "Authenticating to " _YELLOW_("Hitag S") " in Crypto mode");

} else if (use_ht2 && use_pwd) {
if (use_ht2 && use_pwd) {
packet.cmd = WHT2F_PASSWORD;
packet.page = page;
memcpy(packet.pwd, key, sizeof(packet.pwd));
Expand Down Expand Up @@ -1368,24 +1304,6 @@ static int CmdLFHitagWriter(const char *Cmd) {
return resp.status;
}

} else {

SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet));
PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 4000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return PM3_ETIMEOUT;
}

if (resp.status == PM3_ETEAROFF) {
PrintAndLogEx(INFO, "Writing tear off triggered");
return PM3_SUCCESS;
}

if (resp.status != PM3_SUCCESS) {
PrintAndLogEx(FAILED, "Write ( " _RED_("fail") " )");
return resp.status;
}
}

PrintAndLogEx(SUCCESS, "Write ( " _GREEN_("ok") " )");
Expand Down Expand Up @@ -1827,22 +1745,20 @@ static int CmdLFHitagSim(const char *Cmd) {
arg_param_begin,
arg_lit0("1", "ht1", "simulate Hitag 1"),
arg_lit0("2", "ht2", "simulate Hitag 2"),
arg_lit0("s", "hts", "simulate Hitag S"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);

bool use_ht1 = arg_get_lit(ctx, 1);
bool use_ht2 = arg_get_lit(ctx, 2);
bool use_hts = arg_get_lit(ctx, 3);
bool use_htm = false; // not implemented yet
CLIParserFree(ctx);

if ((use_ht1 + use_ht2 + use_hts + use_htm) > 1) {
if ((use_ht1 + use_ht2 + use_htm) > 1) {
PrintAndLogEx(ERR, "error, specify only one Hitag type");
return PM3_EINVARG;
}
if ((use_ht1 + use_ht2 + use_hts + use_htm) == 0) {
if ((use_ht1 + use_ht2 + use_htm) == 0) {
PrintAndLogEx(ERR, "error, specify one Hitag type");
return PM3_EINVARG;
}
Expand All @@ -1851,9 +1767,6 @@ static int CmdLFHitagSim(const char *Cmd) {
// if (use_ht1)
// cmd = CMD_LF_HITAG1_SIMULATE;

if (use_hts)
cmd = CMD_LF_HITAGS_SIMULATE;

clearCommandBuffer();
SendCommandMIX(cmd, 0, 0, 0, NULL, 0);
return PM3_SUCCESS;
Expand Down Expand Up @@ -2526,7 +2439,7 @@ int ht2_read_paxton(void) {
static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"list", CmdLFHitagList, AlwaysAvailable, "List Hitag trace history"},
{"hts", CmdLFHitagS, AlwaysAvailable, "{ Hitag S/8211 operations }"},
{"hts", CmdLFHitagS, AlwaysAvailable, "{ Hitag S/8211 operations }"},
{"-----------", CmdHelp, IfPm3Hitag, "------------------------ " _CYAN_("General") " ------------------------"},
{"info", CmdLFHitagInfo, IfPm3Hitag, "Hitag 2 tag information"},
{"reader", CmdLFHitagReader, IfPm3Hitag, "Act like a Hitag 2 reader"},
Expand Down
26 changes: 26 additions & 0 deletions client/src/cmdlfhitaghts.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,7 @@ static int CmdLFHitagSWrite(const char *Cmd) {
return PM3_EINVARG;
} else if (auth_methods == 0) {
use_plain = true;
PrintAndLogEx(INFO, "Write to " _YELLOW_("Hitag S") " in Plain mode");
}

lf_hitag_data_t packet;
Expand All @@ -351,6 +352,7 @@ static int CmdLFHitagSWrite(const char *Cmd) {
if (use_nrar) {
packet.cmd = WHTSF_CHALLENGE;
memcpy(packet.NrAr, nrar, sizeof(packet.NrAr));
PrintAndLogEx(INFO, "Authenticating to " _YELLOW_("Hitag S") " in Challenge mode");
}

if (use_82xx) {
Expand All @@ -361,6 +363,7 @@ static int CmdLFHitagSWrite(const char *Cmd) {
if (use_crypto) {
packet.cmd = WHTSF_KEY;
memcpy(packet.key, key, sizeof(packet.key));
PrintAndLogEx(INFO, "Authenticating to " _YELLOW_("Hitag S") " in Crypto mode");
}

clearCommandBuffer();
Expand Down Expand Up @@ -418,6 +421,28 @@ static int CmdLFHitagSReader(const char *Cmd) {
return PM3_SUCCESS;
}

static int CmdLFHitagSSim(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "lf hitag hts sim",
"Simulate Hitag S transponder\n"
"You need to `lf hitag hts eload` first",
"lf hitag hts sim\n"
"lf hitag hts sim --82xx");

void *argtable[] = {
arg_param_begin,
arg_lit0("8", "82xx", "simulate 8268/8310"),
arg_param_end};
CLIExecWithReturn(ctx, Cmd, argtable, true);

// bool use_82xx = arg_get_lit(ctx, 1); // not implemented yet
CLIParserFree(ctx);

clearCommandBuffer();
SendCommandNG(CMD_LF_HITAGS_SIMULATE, NULL, 0);
return PM3_SUCCESS;
}

static int CmdLFHitagSList(const char *Cmd) {
return CmdTraceListAlias(Cmd, "lf hitag hts", "hitags");
}
Expand Down Expand Up @@ -470,6 +495,7 @@ static command_t CommandTable[] = {
{"reader", CmdLFHitagSReader, IfPm3Hitag, "Act like a Hitag S reader"},
{"rdbl", CmdLFHitagSRead, IfPm3Hitag, "Read Hitag S memory"},
{"wrbl", CmdLFHitagSWrite, IfPm3Hitag, "Write Hitag S page"},
{"sim", CmdLFHitagSSim, IfPm3Hitag, "Simulate Hitag transponder"},
{NULL, NULL, 0, NULL}
};

Expand Down
Loading