2 * (C) 2005 by Harald Welte <laforge@gnumonks.org>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2
6 * as published by the Free Software Foundation
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 rfid_hexdump(const void *data, unsigned int len)
31 static char string[1024];
32 unsigned char *d = (unsigned char *) data;
36 left = sizeof(string);
37 for (i = 0; len--; i += 3) {
38 if (i >= sizeof(string) -4)
40 snprintf(string+i, 4, " %02x", *d++);
46 struct usb_device *find_device(u_int16_t vendor, u_int16_t device)
50 for (bus = usb_get_busses(); bus; bus = bus->next) {
51 struct usb_device *dev;
52 for (dev = bus->devices; dev; dev = dev->next) {
53 printf("vend 0x%x dev 0x%x\n",
54 dev->descriptor.idVendor, dev->descriptor.idProduct);
55 if (dev->descriptor.idVendor == vendor &&
56 dev->descriptor.idProduct == device) {
64 static unsigned char seq = 0x00;
65 static struct usb_dev_handle *pegoda_handle;
67 int pegoda_transcieve(u_int8_t cmd, unsigned char *tx, unsigned int tx_len,
68 unsigned char *rx, unsigned int *rx_len)
70 unsigned char txbuf[256];
71 unsigned char rxbuf[256];
73 unsigned int len_expected;
74 struct pegoda_cmd_hdr *hdr = txbuf;
78 hdr->len = htons(tx_len);
79 memcpy(txbuf + sizeof(*hdr), tx, tx_len);
81 printf("tx [%u]: %s\n", tx_len+sizeof(*hdr), rfid_hexdump(txbuf, tx_len + sizeof(*hdr)));
82 rc = usb_bulk_write(pegoda_handle, 0x02, (char *)txbuf,
83 tx_len + sizeof(*hdr), 0);
87 rc = usb_bulk_read(pegoda_handle, 0x81, (char *)rxbuf, sizeof(rxbuf), 0);
92 fprintf(stderr, "unexpected: received %u bytes as length?\n");
95 printf("len [%u]: %s\n", rc, rfid_hexdump(rxbuf, rc));
97 len_expected = rxbuf[0];
99 if (len_expected > sizeof(rxbuf))
102 rc = usb_bulk_read(pegoda_handle, 0x81, (char *)rxbuf, len_expected, 0);
105 printf("rx [%u]: %s\n", rc, rfid_hexdump(rxbuf, rc));
107 memcpy(rx, rxbuf+1, rc-1);
113 /* Transform crypto1 key from generic 6byte into rc632 specific 12byte */
115 rc632_mifare_transform_key(const u_int8_t *key6, u_int8_t *key12)
121 for (i = 0; i < 6; i++) {
124 key12[i * 2 + 1] = (~ln << 4) | ln;
125 key12[i * 2] = (~hn << 4) | hn;
131 int main(int argc, char **argv)
133 struct usb_device *pegoda;
134 unsigned char buf[256];
135 unsigned char rbuf[256];
136 unsigned int rlen = sizeof(rbuf);
137 unsigned char snr[4];
143 pegoda = find_device(USB_VENDOR_PHILIPS, USB_DEVICE_PEGODA);
148 printf("found pegoda, %u configurations\n",
149 pegoda->descriptor.bNumConfigurations);
151 printf("config 2 [nr %u] has %u interfaces\n",
152 pegoda->config[1].bConfigurationValue,
153 pegoda->config[1].bNumInterfaces);
155 printf("config 2 interface 0 has %u altsettings\n",
156 pegoda->config[1].interface[0].num_altsetting);
158 pegoda_handle = usb_open(pegoda);
162 if (usb_set_configuration(pegoda_handle, 2))
165 printf("configuration 2 successfully set\n");
167 if (usb_claim_interface(pegoda_handle, 0))
170 printf("interface 0 claimed\n");
172 if (usb_set_altinterface(pegoda_handle, 1))
175 printf("alt setting 1 selected\n");
177 pegoda_transcieve(PEGODA_CMD_PCD_CONFIG, NULL, 0, rbuf, &rlen);
181 pegoda_transcieve(PEGODA_CMD_PICC_COMMON_REQUEST, buf, 1, rbuf, &rlen);
186 pegoda_transcieve(PEGODA_CMD_PICC_CASC_ANTICOLL, buf, 6, rbuf, &rlen);
188 memcpy(snr, rbuf+3, 4);
191 memcpy(buf+1, snr, 4);
193 pegoda_transcieve(PEGODA_CMD_PICC_CASC_SELECT, buf, 5, rbuf, &rlen);
197 buf[1] = 0x00; /* key number */
198 buf[2] = 0x00; /* sector */
200 pegoda_transcieve(PEGODA_CMD_PICC_AUTH, buf, 3, rbuf, &rlen);
202 memcpy(buf+1, snr, 4);
204 u_int8_t key6[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
205 //u_int8_t key6[6] = { 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6 };
208 rc632_mifare_transform_key(key6, key12);
210 memcpy(buf+5, key12, 12);
211 buf[17] = 0x00; /* sector */
213 pegoda_transcieve(PEGODA_CMD_PICC_AUTH_KEY, buf, 18, rbuf, &rlen);
216 buf[0] = 0x00; /* sector */
217 pegoda_transcieve(PEGODA_CMD_PICC_READ, buf, 1, rbuf, &rlen);