1 /* mifare-tool - a small command-line tool for librfid mifare testing
3 * (C) 2006 by Harald Welte <laforge@gnumonks.org>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2
7 * as published by the Free Software Foundation
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
32 #include <librfid/rfid.h>
33 #include <librfid/rfid_scan.h>
34 #include <librfid/rfid_reader.h>
35 #include <librfid/rfid_layer2.h>
36 #include <librfid/rfid_protocol.h>
38 #include <librfid/rfid_protocol_mifare_classic.h>
39 #include <librfid/rfid_protocol_mifare_ul.h>
41 #include <librfid/rfid_access_mifare_classic.h>
43 #include "librfid-tool.h"
45 static char *program_name;
47 static void help(void)
49 printf( " -h --help Print this help message\n"
50 " -r --read Read a mifare sector\n"
51 " -l --loop-read Loop reading a mifare sector\n"
52 " -s --smartx Read sectors 0-3 (with -k key) and 4-7 with this key\n"
53 " -w --write Write a mifare sector\n"
54 " -k --key Specify mifare access key (in hex tuples)\n"
55 " -b --brute-force n Brute Force read sector n\n");
58 static struct option mifare_opts[] = {
60 { "read", 1, 0, 'r' },
61 { "smartx", 1, 0, 's' },
62 { "loop-read", 1, 0, 'l' },
63 { "write", 1 ,0, 'w' },
64 { "help", 0, 0, 'h' },
65 { "brute-force", 1, 0, 'b' },
69 static int mifare_cl_auth(unsigned char *key, int page)
73 rc = mfcl_set_key(ph, key);
75 fprintf(stderr, "key format error\n");
78 rc = mfcl_auth(ph, RFID_CMD_MIFARE_AUTH1A, page);
80 fprintf(stderr, "mifare auth error\n");
83 printf("mifare auth succeeded!\n");
88 static void mifare_l3(void)
93 while (l2_init(RFID_LAYER2_ISO14443A) < 0) ;
95 printf("ISO14443-3A anticollision succeeded\n");
98 while (l3_init(RFID_PROTOCOL_MIFARE_CLASSIC) < 0 && retry++ < 10) ;
100 printf("Mifare card available\n");
103 int main(int argc, char **argv)
105 int len, rc, c, option_index = 0;
106 unsigned int page,uid,uid_len;
107 char key[MIFARE_CL_KEY_LEN];
108 char key2[MIFARE_CL_KEY_LEN];
109 char buf[MIFARE_CL_PAGE_SIZE];
112 program_name = argv[0];
114 program_name = basename(argv[0]);
115 #endif/*__MINGW32__*/
117 memcpy(key, MIFARE_CL_KEYA_DEFAULT_INFINEON, MIFARE_CL_KEY_LEN);
119 printf("%s - (C) 2006 by Harald Welte\n"
120 "This program is Free Software and has "
121 "ABSOLUTELY NO WARRANTY\n\n", program_name);
123 printf("initializing librfid\n");
126 if (reader_init() < 0) {
127 fprintf(stderr, "error opening reader\n");
132 c = getopt_long(argc, argv, "k:r:s:l:w:b:h", mifare_opts,
141 printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN));
142 len = MIFARE_CL_PAGE_SIZE;
144 for (i = 0; i <= 0xff; i++) {
145 key[MIFARE_CL_KEY_LEN-1]=i;
146 if (mifare_cl_auth(key, page) >= 0)
147 printf("KEY: %s\n",hexdump(key, MIFARE_CL_KEY_LEN));
152 hexread(key, optarg, strlen(optarg));
153 printf("key: %s\n", hexdump(key, MIFARE_CL_KEY_LEN));
157 printf("read(key='%s',page=%u):",
158 hexdump(key, MIFARE_CL_KEY_LEN), page);
159 len = MIFARE_CL_PAGE_SIZE;
161 if (mifare_cl_auth(key, page) < 0)
166 if(rfid_layer2_getopt(l2h,RFID_OPT_LAYER2_UID,&uid,&uid_len)>=0)
167 printf("UID=%08X (len=%u)\n",uid,uid_len);
169 len=MIFARE_CL_PAGE_SIZE;
170 rc = rfid_protocol_read(ph, page, buf, &len);
173 fprintf(stderr, "error during read\n");
176 printf("len=%u data=%s\n", len, hexdump(buf, len));
178 if (page & 0x3 == 0x3) {
179 struct mfcl_access_sect s;
180 struct mfcl_access_exp_sect es;
182 u_int8_t recreated[4];
183 mfcl_parse_access(&s, buf+6);
184 printf("access b0:%u b1:%u b2:%u b3:%u\n",
185 s.block[0], s.block[1],
186 s.block[2], s.block[3]);
187 mfcl_access_to_exp(&es, &s);
188 for (b = 0; b < 3; b++)
189 printf("%u: %s\n", b, mfcl_access_exp_stringify(&es.block[b]));
190 printf("3: %s\n", mfcl_access_exp_acc_stringify(&es.acc));
192 mfcl_compile_access(recreated, &s);
193 printf("recreated; %s\n", hexdump(recreated,4));
198 hexread(key2, optarg, strlen(optarg));
199 printf("key2: %s\n", hexdump(key2, MIFARE_CL_KEY_LEN));
200 len = MIFARE_CL_PAGE_SIZE;
202 for(page = 0; page < 8; page++) {
203 if (mifare_cl_auth( page < 4 ? key : key2, page) < 0)
209 if(rfid_layer2_getopt(l2h,RFID_OPT_LAYER2_UID,&uid,&uid_len)>=0)
210 printf("UID=%08X (len=%u)\n",uid,uid_len);
213 len=MIFARE_CL_PAGE_SIZE;
214 rc = rfid_protocol_read(ph, page, buf, &len);
217 fprintf(stderr, "error during read\n");
220 printf("page=%d len=%u data=%s\n", page, len, hexdump(buf, len));
225 printf("read_loop(key='%s',page=%u):\n",
226 hexdump(key, MIFARE_CL_KEY_LEN), page);
229 if (mifare_cl_auth(key, page) < 0)
234 if(rfid_layer2_getopt(l2h,RFID_OPT_LAYER2_UID,&uid,&uid_len)>=0)
235 printf("UID=%08X (len=%u)\n",uid,uid_len);
237 len=MIFARE_CL_PAGE_SIZE;
238 rc = rfid_protocol_read(ph, page, buf, &len);
241 fprintf(stderr, "error during read\n");
244 printf("%s\n", hexdump(buf, len));
249 len = strlen(argv[optind]);
250 len = hexread(buf, argv[optind], len);
251 printf("write(key='%s',page=%u):",
252 hexdump(key, MIFARE_CL_KEY_LEN), page);
253 printf(" '%s'(%u):", hexdump(buf, len), len);
255 if (mifare_cl_auth(key, page) < 0)
257 rc = rfid_protocol_write(ph, page, buf, len);
260 fprintf(stderr, "error during write\n");
272 rfid_protocol_close(ph);
273 rfid_protocol_fini(ph);
275 rfid_layer2_close(l2h);
276 rfid_layer2_fini(l2h);
278 rfid_reader_close(rh);