9 #define USB_VENDOR_PHILIPS 0x0742
10 #define USB_DEVICE_PEGODA 0xff01
12 /* header of a pegoda usb command packet */
13 struct pegoda_cmd_hdr {
20 PEGODA_CMD_WRITE_RC = 0x01,
21 PEGODA_CMD_READ_RC = 0x02,
22 PEGODA_CMD_EXCHANGE_BYTESTREAM = 0x03,
23 PEGODA_CMD_WRITE_MULTIPLE = 0x04,
24 PEGODA_CMD_READ_MULTIPLE = 0x05,
26 PEGODA_CMD_PCD_CONFIG = 0x10,
27 PEGODA_CMD_PICC_REQUEST = 0x11,
28 PEGODA_CMD_PICC_ANTICOLL = 0x12,
29 PEGODA_CMD_PICC_SELECT = 0x13,
30 PEGODA_CMD_PICC_AUTH = 0x14,
31 PEGODA_CMD_PICC_AUTH_E2 = 0x15,
32 PEGODA_CMD_LOAD_KEY_E2 = 0x17,
33 PEGODA_CMD_PICC_AUTH_KEY = 0x18,
34 PEGODA_CMD_PICC_READ = 0x19,
35 PEGODA_CMD_PICC_WRITE = 0x1a,
36 PEGODA_CMD_PICC_VALUE = 0x1b,
37 PEGODA_CMD_PICC_VALUE_DEBIT = 0x1c,
38 PEGODA_CMD_PICC_HALT = 0x1d,
39 PEGODA_CMD_PICC_WRITE4 = 0x1e,
40 PEGODA_CMD_PICC_COMMON_WRITE = 0x1f,
42 PEGODA_CMD_PCD_RF_RESET = 0x21,
43 PEGODA_CMD_PCD_RESET = 0x21,
44 PEGODA_CMD_PCD_GET_SNR = 0x22,
45 PEGODA_CMD_PCD_READ_E2 = 0x23,
46 PEGODA_CMD_PCD_SET_TMO = 0x27,
47 PEGODA_CMD_PICC_COMMON_READ = 0x28,
48 PEGODA_CMD_ACTIVE_ANTENNA_MASTER = 0x2a,
49 PEGODA_CMD_ACTIVE_ANTENNA_SLAVE = 0x2b,
51 PEGODA_CMD_PICC_COMMON_REQUEST = 0x40,
52 PEGODA_CMD_PICC_CASC_ANTICOLL = 0x41,
53 PEGODA_CMD_PICC_CASC_SELECT = 0x42,
54 PEGODA_CMD_PICC_ACTIVATE_IDLE = 0x43,
55 PEGODA_CMD_ACTIVATE_WAKEUP = 0x44,
57 PEGODA_CMD_PICC_ACTIVATE_WAKEUP = 0x44,
58 PEGODA_CMD_PCD_SET_DEFAULT_ATTRIB = 0x45,
59 PEGODA_CMD_PCD_SET_ATTRIB = 0x46,
60 PEGODA_CMD_PCD_GET_ATTRIB = 0x47,
61 PEGODA_CMD_PICC_EXCHANGE_BLOCK = 0x48,
62 PEGODA_CMD_PICC_ACTIVATE_IDLE_LOOP = 0x49,
63 PEGODA_CMD_PICC_ACTTIVATION = 0x4a,
66 PEGODA_CMD_GET_FW_VERSION = 0x63,
67 PEGODA_CMD_GET_RIC_VERSION = 0x64,
68 PEGODA_CMD_ENABLE_DEBUG_PINS = 0x65,
72 rfid_hexdump(const void *data, unsigned int len)
74 static char string[1024];
75 unsigned char *d = (unsigned char *) data;
79 left = sizeof(string);
80 for (i = 0; len--; i += 3) {
81 if (i >= sizeof(string) -4)
83 snprintf(string+i, 4, " %02x", *d++);
89 struct usb_device *find_device(u_int16_t vendor, u_int16_t device)
93 for (bus = usb_get_busses(); bus; bus = bus->next) {
94 struct usb_device *dev;
95 for (dev = bus->devices; dev; dev = dev->next) {
96 printf("vend 0x%x dev 0x%x\n",
97 dev->descriptor.idVendor, dev->descriptor.idProduct);
98 if (dev->descriptor.idVendor == vendor &&
99 dev->descriptor.idProduct == device) {
107 static unsigned char seq = 0x00;
108 static struct usb_dev_handle *pegoda_handle;
110 int pegoda_transcieve(u_int8_t cmd, unsigned char *tx, unsigned int tx_len,
111 unsigned char *rx, unsigned int *rx_len)
113 unsigned char txbuf[256];
114 unsigned char rxbuf[256];
116 unsigned int len_expected;
117 struct pegoda_cmd_hdr *hdr = txbuf;
121 hdr->len = htons(tx_len);
122 memcpy(txbuf + sizeof(*hdr), tx, tx_len);
124 printf("tx [%u]: %s\n", tx_len+sizeof(*hdr), rfid_hexdump(txbuf, tx_len + sizeof(*hdr)));
125 rc = usb_bulk_write(pegoda_handle, 0x02, (char *)txbuf,
126 tx_len + sizeof(*hdr), 0);
130 rc = usb_bulk_read(pegoda_handle, 0x81, (char *)rxbuf, sizeof(rxbuf), 0);
135 fprintf(stderr, "unexpected: received %u bytes as length?\n");
138 printf("len [%u]: %s\n", rc, rfid_hexdump(rxbuf, rc));
140 len_expected = rxbuf[0];
142 if (len_expected > sizeof(rxbuf))
145 rc = usb_bulk_read(pegoda_handle, 0x81, (char *)rxbuf, len_expected, 0);
148 printf("rx [%u]: %s\n", rc, rfid_hexdump(rxbuf, rc));
150 memcpy(rx, rxbuf+1, rc-1);
156 /* Transform crypto1 key from generic 6byte into rc632 specific 12byte */
158 rc632_mifare_transform_key(const u_int8_t *key6, u_int8_t *key12)
164 for (i = 0; i < 6; i++) {
167 key12[i * 2 + 1] = (~ln << 4) | ln;
168 key12[i * 2] = (~hn << 4) | hn;
174 int main(int argc, char **argv)
176 struct usb_device *pegoda;
177 unsigned char buf[256];
178 unsigned char rbuf[256];
179 unsigned int rlen = sizeof(rbuf);
180 unsigned char snr[4];
186 pegoda = find_device(USB_VENDOR_PHILIPS, USB_DEVICE_PEGODA);
191 printf("found pegoda, %u configurations\n",
192 pegoda->descriptor.bNumConfigurations);
194 printf("config 2 [nr %u] has %u interfaces\n",
195 pegoda->config[1].bConfigurationValue,
196 pegoda->config[1].bNumInterfaces);
198 printf("config 2 interface 0 has %u altsettings\n",
199 pegoda->config[1].interface[0].num_altsetting);
201 pegoda_handle = usb_open(pegoda);
205 if (usb_set_configuration(pegoda_handle, 2))
208 printf("configuration 2 successfully set\n");
210 if (usb_claim_interface(pegoda_handle, 0))
213 printf("interface 0 claimed\n");
215 if (usb_set_altinterface(pegoda_handle, 1))
218 printf("alt setting 1 selected\n");
220 pegoda_transcieve(PEGODA_CMD_PCD_CONFIG, NULL, 0, rbuf, &rlen);
224 pegoda_transcieve(PEGODA_CMD_PICC_COMMON_REQUEST, buf, 1, rbuf, &rlen);
229 pegoda_transcieve(PEGODA_CMD_PICC_CASC_ANTICOLL, buf, 6, rbuf, &rlen);
231 memcpy(snr, rbuf+3, 4);
234 memcpy(buf+1, snr, 4);
236 pegoda_transcieve(PEGODA_CMD_PICC_CASC_SELECT, buf, 5, rbuf, &rlen);
240 buf[1] = 0x00; /* key number */
241 buf[2] = 0x00; /* sector */
243 pegoda_transcieve(PEGODA_CMD_PICC_AUTH, buf, 3, rbuf, &rlen);
245 memcpy(buf+1, snr, 4);
247 u_int8_t key6[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
248 //u_int8_t key6[6] = { 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6 };
251 rc632_mifare_transform_key(key6, key12);
253 memcpy(buf+5, key12, 12);
254 buf[17] = 0x00; /* sector */
256 pegoda_transcieve(PEGODA_CMD_PICC_AUTH_KEY, buf, 18, rbuf, &rlen);
259 buf[0] = 0x00; /* sector */
260 pegoda_transcieve(PEGODA_CMD_PICC_READ, buf, 1, rbuf, &rlen);