1 /* librfid-tool - a small command-line tool for librfid testing
3 * (C) 2005-2008 by Harald Welte <laforge@gnumonks.org>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2
7 * as published by the Free Software Foundation
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
32 #include <librfid/rfid.h>
33 #include <librfid/rfid_scan.h>
34 #include <librfid/rfid_reader.h>
35 #include <librfid/rfid_layer2.h>
36 #include <librfid/rfid_protocol.h>
38 #include <librfid/rfid_layer2_iso14443a.h>
39 #include <librfid/rfid_layer2_iso15693.h>
41 #include <librfid/rfid_protocol_mifare_classic.h>
42 #include <librfid/rfid_protocol_mifare_ul.h>
43 #include <librfid/rfid_protocol_tagit.h>
44 #include <librfid/rfid_protocol_icode.h>
45 #include <librfid/rfid_protocol_tcl.h>
47 #include "librfid-tool.h"
50 static int select_mf(void)
52 unsigned char cmd[] = { 0x00, 0xa4, 0x00, 0x00, 0x02, 0x3f, 0x00, 0x00 };
53 unsigned char ret[256];
54 unsigned int rlen = sizeof(ret);
58 rv = rfid_protocol_transceive(ph, cmd, sizeof(cmd), ret, &rlen, 0, 0);
62 printf("%d: [%s]\n", rlen, hexdump(ret, rlen));
68 static int iso7816_get_challenge(unsigned char len)
70 unsigned char cmd[] = { 0x00, 0x84, 0x00, 0x00, 0x08 };
71 unsigned char ret[256];
72 unsigned int rlen = sizeof(ret);
78 rv = rfid_protocol_transceive(ph, cmd, sizeof(cmd), ret, &rlen, 0, 0);
82 printf("%d: [%s]\n", rlen, hexdump(ret, rlen));
88 iso7816_select_application(void)
90 unsigned char cmd[] = { 0x00, 0xa4, 0x04, 0x0c, 0x07,
91 0xa0, 0x00, 0x00, 0x02, 0x47, 0x10, 0x01 };
92 unsigned char resp[7];
93 unsigned int rlen = sizeof(resp);
97 rv = rfid_protocol_transceive(ph, cmd, sizeof(cmd), resp, &rlen, 0, 0);
101 /* FIXME: parse response */
102 printf("%s\n", hexdump(resp, rlen));
108 iso7816_select_ef(u_int16_t fid)
110 unsigned char cmd[7] = { 0x00, 0xa4, 0x02, 0x0c, 0x02, 0x00, 0x00 };
111 unsigned char resp[7];
112 unsigned int rlen = sizeof(resp);
116 cmd[5] = (fid >> 8) & 0xff;
119 rv = rfid_protocol_transceive(ph, cmd, sizeof(cmd), resp, &rlen, 0, 0);
123 /* FIXME: parse response */
124 printf("%s\n", hexdump(resp, rlen));
130 iso7816_read_binary(unsigned char *buf, unsigned int *len)
132 unsigned char cmd[] = { 0x00, 0xb0, 0x00, 0x00, 0x00 };
133 unsigned char resp[256];
134 unsigned int rlen = sizeof(resp);
138 rv = rfid_protocol_transceive(ph, cmd, sizeof(cmd), resp, &rlen, 0, 0);
142 printf("%s\n", hexdump(resp, rlen));
144 /* FIXME: parse response, determine whether we need additional reads */
146 /* FIXME: copy 'len' number of response bytes to 'buf' */
150 /* wrapper function around SELECT EF and READ BINARY */
152 iso7816_read_ef(u_int16_t fid, unsigned char *buf, unsigned int *len)
156 rv = iso7816_select_ef(fid);
160 return iso7816_read_binary(buf, len);
163 /* mifare ultralight helpers */
165 mifare_ulight_write(struct rfid_protocol_handle *ph)
167 unsigned char buf[4] = { 0xa1, 0xa2, 0xa3, 0xa4 };
169 return rfid_protocol_write(ph, 10, buf, 4);
173 mifare_ulight_blank(struct rfid_protocol_handle *ph)
175 unsigned char buf[4] = { 0x00, 0x00, 0x00, 0x00 };
178 for (i = 4; i <= MIFARE_UL_PAGE_MAX; i++) {
179 ret = rfid_protocol_write(ph, i, buf, 4);
187 mifare_ulight_read(struct rfid_protocol_handle *ph)
189 unsigned char buf[20];
190 unsigned int len = sizeof(buf);
194 for (i = 0; i <= MIFARE_UL_PAGE_MAX; i++) {
195 ret = rfid_protocol_read(ph, i, buf, &len);
199 printf("Page 0x%x: %s\n", i, hexdump(buf, 4));
204 /* mifare classic helpers */
206 mifare_classic_read_sector(struct rfid_protocol_handle *ph, int sector)
208 unsigned char buf[20];
209 unsigned int len = sizeof(buf);
211 int block, blocks_per_sector, first_block;
213 printf("Reading sector %u\n", sector);
215 first_block = mfcl_sector2block(sector);
216 blocks_per_sector = mfcl_sector_blocks(sector);
218 if (first_block < 0 || blocks_per_sector < 0)
221 for (block = first_block; block < first_block + blocks_per_sector;
223 printf("Reading block %u: ", block);
224 ret = rfid_protocol_read(ph, block, buf, &len);
225 if (ret == -ETIMEDOUT)
226 fprintf(stderr, "TIMEOUT\n");
228 printf("Error %d reading\n", ret);
232 printf("Page 0x%x: %s\n", block, hexdump(buf, len));
238 mifare_classic_dump(struct rfid_protocol_handle *ph)
241 unsigned int size_len = sizeof(size);
242 int sector, num_sectors;
244 if (rfid_protocol_getopt(ph, RFID_OPT_PROTO_SIZE,
245 &size, &size_len) == 0) {
246 printf("Size: %u bytes\n", size);
248 printf("Size: unknown ?!?\n");
266 for (sector = 0; sector < num_sectors; sector++) {
269 printf("Authenticating sector %u: ", sector);
272 rc = mfcl_set_key(ph, MIFARE_CL_KEYA_DEFAULT_INFINEON);
274 printf("key format error\n");
278 rc = mfcl_auth(ph, RFID_CMD_MIFARE_AUTH1A,
279 mfcl_sector2block(sector));
281 printf("mifare auth error\n");
284 printf("mifare auth succeeded!\n");
286 mifare_classic_read_sector(ph, sector);
290 static char *proto_names[] = {
291 [RFID_PROTOCOL_TCL] = "tcl",
292 [RFID_PROTOCOL_MIFARE_UL] = "mifare-ultralight",
293 [RFID_PROTOCOL_MIFARE_CLASSIC] = "mifare-classic",
294 [RFID_PROTOCOL_ICODE_SLI] = "icode",
295 [RFID_PROTOCOL_TAGIT] = "tagit",
298 static int proto_by_name(const char *name)
302 for (i = 0; i < ARRAY_SIZE(proto_names); i++) {
303 if (proto_names[i] == NULL)
305 if (!strcasecmp(name, proto_names[i]))
311 static char *l2_names[] = {
312 [RFID_LAYER2_ISO14443A] = "iso14443a",
313 [RFID_LAYER2_ISO14443B] = "iso14443b",
314 [RFID_LAYER2_ISO15693] = "iso15693",
315 [RFID_LAYER2_ICODE1] = "icode1",
318 static int l2_by_name(const char *name)
322 for (i = 0; i < ARRAY_SIZE(l2_names); i++) {
323 if (l2_names[i] == NULL)
325 if (!strcasecmp(name, l2_names[i]))
331 static int do_scan(int first)
335 unsigned int size_len = sizeof(size);
337 unsigned int data_len;
341 unsigned int optlen = sizeof(opt);
345 rfid_reader_setopt(rh, RFID_OPT_RDR_RF_KILL, &opt, optlen);
351 rfid_reader_setopt(rh, RFID_OPT_RDR_RF_KILL, &opt, optlen);
353 printf("scanning for RFID token...\n");
354 rc = rfid_scan(rh, &l2h, &ph);
356 unsigned char uid_buf[16];
357 unsigned int uid_len = sizeof(uid_buf);
358 rfid_layer2_getopt(l2h, RFID_OPT_LAYER2_UID, &uid_buf,
360 printf("Layer 2 success (%s): %s\n", rfid_layer2_name(l2h),
361 hexdump(uid_buf, uid_len));
364 printf("Protocol success (%s)\n", rfid_protocol_name(ph));
366 if (rfid_protocol_getopt(ph, RFID_OPT_PROTO_SIZE,
367 &size, &size_len) == 0)
368 printf("Size: %u bytes\n", size);
369 size_len = sizeof(size);
371 if (rfid_protocol_getopt(ph, RFID_OPT_P_TCL_ATS_LEN,
372 &size, &size_len) == 0) {
374 data = malloc(data_len);
376 if (rfid_protocol_getopt(ph, RFID_OPT_P_TCL_ATS,
377 data, &data_len) == 0) {
378 printf("Got ATS of %u bytes: %s\n", size,
379 hexdump(data, data_len));
388 static void do_endless_scan()
396 printf("==> doing %s scan\n", first ? "first" : "successive");
399 printf("closing proto\n");
400 rfid_protocol_close(ph);
403 printf("closing layer2\n");
404 rfid_layer2_close(l2h);
411 static void do_regdump(void)
413 u_int8_t buffer[0xff];
416 printf("dumping rc632 regs...\n");
418 rc632_register_dump(rh->ah, buffer);
421 for (i=0; i<=0x0f; i++)
422 printf(" 0x_%01X",i);
423 printf("\n-----------------------------------------------------------------------------------\n");
425 for (i=0; i <= 0x3f; i++) {
427 printf("0x%01X_:",i/0x10);
428 printf(" 0x%02X", buffer[i]);
429 if ((i% 0x10) == 0x0f)
433 /* print regdump as c-style array*/
434 printf("u_int8_t rc632_regs[] = {");
435 for (i = 0; i <= 0x3f; i++) {
436 if (((i+1) % 0x08) == 1) {
438 printf("//%2d..%2d",i-8,i-1);
441 printf(" 0x%02X, ",buffer[i]);
443 printf("//%2d..%2d\n\t 0 };\n",i-8,i-1);
447 static void do_enum(int layer2)
451 //unsigned int size_len = sizeof(size);
452 unsigned char uid_buf[16];
453 unsigned int uid_len;
455 printf("scanning for RFID token on layer %s...\n", l2_names[layer2]);
457 if (rh->reader->l2_supported & (1 << layer2)) {
458 l2h = rfid_layer2_init(rh, layer2);
459 rc = rfid_layer2_open(l2h);
461 printf("error during layer2_open\n");
467 uid_len = sizeof(uid_buf);
468 rfid_layer2_getopt(l2h, RFID_OPT_LAYER2_UID, &uid_buf, &uid_len);
469 printf("Layer 2 success (%s)[%d]: %s\n", rfid_layer2_name(l2h), uid_len, hexdump(uid_buf, uid_len));
473 ph = rfid_protocol_scan(l2h);
475 printf("Protocol success (%s)\n", rfid_protocol_name(ph));
477 if (rfid_protocol_getopt(ph, RFID_OPT_PROTO_SIZE,
478 &size, &size_len) == 0)
479 printf("Size: %u bytes\n", size);
481 printf("##############\n");
485 rfid_layer2_close(l2h);
487 rc = rfid_layer2_open(l2h);
491 #define OPTION_OFFSET 256
493 static struct option original_opts[] = {
494 { "help", 0, 0, 'h' },
495 { "layer2", 1, 0, 'l' },
496 { "protocol", 1, 0, 'p' },
497 { "scan", 0, 0, 's' },
498 { "scan-loop", 0, 0, 'S' },
499 { "dump", 0, 0, 'd' },
500 { "enum", 0, 0, 'e' },
504 /* module / option merging code */
505 static struct option *opts = original_opts;
506 static unsigned int global_option_offset = 0;
508 static char *program_name;
509 static char *program_version = LIBRFID_TOOL_VERSION;
511 static void free_opts(int reset_offset)
513 if (opts != original_opts) {
515 opts = original_opts;
517 global_option_offset = 0;
521 static struct option *
522 merge_options(struct option *oldopts, const struct option *newopts,
523 unsigned int *option_offset)
525 unsigned int num_old, num_new, i;
526 struct option *merge;
528 for (num_old = 0; oldopts[num_old].name; num_old++);
529 for (num_new = 0; oldopts[num_new].name; num_new++);
531 global_option_offset += OPTION_OFFSET;
532 *option_offset = global_option_offset;
534 merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
535 memcpy(merge, oldopts, num_old * sizeof(struct option));
536 free_opts(0); /* Release previous options merged if any */
537 for (i = 0; i < num_new; i++) {
538 merge[num_old + i] = newopts[i];
539 merge[num_old + i].val += *option_offset;
541 memset(merge + num_old + num_new, 0, sizeof(struct option));
546 struct rfidtool_module *find_module(const char *name)
551 void register_module(struct rfidtool_module *me)
553 struct rfidtool_module *old;
555 if (strcmp(me->version, program_version) != 0) {
556 fprintf(stderr, "%s: target `%s' v%s (I'm v%s).\n",
557 program_name, me->name, me->version, program_version);
561 old = find_module(me->name);
563 fprintf(stderr, "%s: target `%s' already registered.\n",
564 program_name, me->name);
569 static void help(void)
571 printf( " -s --scan scan until first RFID tag is found\n"
572 " -S --scan-loop endless scanning loop\n"
573 " -p --protocol {tcl,mifare-ultralight,mifare-classic,tagit}\n"
574 " -l --layer2 {iso14443a,iso14443b,iso15693}\n"
575 " -d --dump dump rc632 registers\n"
576 " -e --enum enumerate all tag's in field (iso14443a)\n"
580 int main(int argc, char **argv)
584 int i, len, protocol = -1, layer2 = -1;
587 program_name = argv[0];
588 #else /*__MINGW32__*/
589 program_name = basename(argv[0]);
590 #endif/*__MINGW32__*/
592 printf("%s - (C) 2005-2008 by Harald Welte\n"
593 "This program is Free Software and has "
594 "ABSOLUTELY NO WARRANTY\n\n", program_name);
596 printf("initializing librfid\n");
600 int c, option_index = 0;
601 c = getopt_long(argc, argv, "hp:l:sSde", opts, &option_index);
607 if (reader_init() < 0)
609 layer2 = RFID_LAYER2_ISO14443A;
614 if (reader_init() < 0)
619 if (reader_init() < 0)
625 if (reader_init() < 0)
631 protocol = proto_by_name(optarg);
633 fprintf(stderr, "unknown protocol `%s'\n",
639 layer2 = l2_by_name(optarg);
641 fprintf(stderr, "unknown layer2 `%s'\n",
654 case RFID_PROTOCOL_MIFARE_UL:
655 case RFID_PROTOCOL_MIFARE_CLASSIC:
656 layer2 = RFID_LAYER2_ISO14443A;
659 fprintf(stderr, "you have to specify --protocol\n");
664 fprintf(stderr, "you have to specify --layer2\n");
668 if (reader_init() < 0)
672 if (l2_init(layer2) < 0) {
673 rfid_reader_close(rh);
677 if (l3_init(protocol) < 0) {
678 rfid_reader_close(rh);
684 case RFID_PROTOCOL_TCL:
685 printf("Protocol T=CL\n");
686 /* we've established T=CL at this point */
687 printf("selecting Master File\n");
690 printf("error selecting MF\n");
694 printf("Getting random challenge, length 255\n");
695 rc = iso7816_get_challenge(0xff);
697 printf("error getting random challenge\n");
701 printf("selecting Passport application\n");
702 rc = iso7816_select_application();
704 printf("error selecting passport application\n");
708 printf("selecting EF 0x1e\n");
709 rc = iso7816_select_ef(0x011e);
711 printf("error selecting EF 0x1e\n");
715 printf("selecting EF 0x01\n");
716 rc = iso7816_select_ef(0x0101);
718 printf("error selecting EF 0x01\n");
723 printf("reading EF1\n");
725 printf("reading ef\n");
726 rc = iso7816_read_binary(buf, &len);
728 printf("error reading EF\n");
733 for (i = 0; i < 4; i++)
734 iso7816_get_challenge(0xff);
737 case RFID_PROTOCOL_MIFARE_UL:
738 printf("Protocol Mifare Ultralight\n");
739 mifare_ulight_read(ph);
741 mifare_ulight_blank(ph);
742 mifare_ulight_write(ph);
743 mifare_ulight_read(ph);
746 case RFID_PROTOCOL_MIFARE_CLASSIC:
747 printf("Protocol Mifare Classic\n");
748 mifare_classic_dump(ph);
751 printf("unknown protocol %u\n", protocol);
756 rfid_reader_close(rh);