2 * (C) 2006 by Frank Zirkelbach <hackbard@hackdaworld.org>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2
6 * as published by the Free Software Foundation
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 int asciidump(unsigned char *data,int len) {
31 if((data[i]>0x19)&&(data[i]<0x7f)) printf("%c",data[i]);
38 int hexdump(unsigned char *data,int len) {
41 for(i=0;i<len;i++) printf("%02x ",data[i]);
47 struct usb_device *find_device(unsigned short vendor,unsigned short device) {
50 struct usb_device *dev;
56 if(dev->descriptor.idVendor==vendor &&
57 dev->descriptor.idProduct==device)
66 u_int16_t gemtag_calc_crc(unsigned char *data,u_int16_t len) {
68 u_int16_t crc_polynom;
81 crc=(crc>>1)^crc_polynom;
89 int gemtag_transceive(struct gemtag_handle *gh,unsigned char cmd,
90 unsigned char *tx,unsigned int tx_len,
91 unsigned char *rx,unsigned int *rx_len) {
93 unsigned char txbuf[256];
94 unsigned char rxbuf[256];
95 struct gemtag_cmd_hdr *txhdr;
96 struct gemtag_cmd_hdr *rxhdr;
97 u_int16_t crc,*crcptr;
100 txhdr=(struct gemtag_cmd_hdr *)txbuf;
101 rxhdr=(struct gemtag_cmd_hdr *)rxbuf;
104 txhdr->seq=++(gh->seq);
107 size=sizeof(struct gemtag_cmd_hdr);
108 memcpy(txbuf+size,tx,tx_len);
112 if(gh->caps&GEMTAG_CAP_CRC) {
113 crcptr=(u_int16_t *)(txbuf+size);
114 crc=gemtag_calc_crc(txbuf,size);
115 //*crcptr=(crc>>8)|(crc<<8);
121 if(gh->caps&GEMTAG_CAP_VERB_TRANSMIT) {
122 printf("(%02d) -> ",size);
125 ret=usb_interrupt_write(gh->handle,0x02,txbuf,size,0);
127 perror("usb interrupt write");
132 ret=usb_interrupt_read(gh->handle,0x81,rxbuf,32,0);
134 perror("usb interrupt read");
138 if(gh->caps&GEMTAG_CAP_VERB_TRANSMIT)
139 return -SHORT_ANSWER;
142 *rx_len=rxbuf[3]|(rxbuf[4]<<8);
143 size=*rx_len+sizeof(struct gemtag_cmd_hdr);
144 if(gh->caps&GEMTAG_CAP_CRC) size+=2;
149 ret=usb_interrupt_read(gh->handle,0x81,rxbuf+i*32,32,0);
151 perror("usb interrupt read (missing bytes)");
158 if(gh->caps&GEMTAG_CAP_VERB_TRANSMIT) {
159 printf("(%02d) <- ",size);
164 if(gh->caps&GEMTAG_CAP_CRC) {
166 crcptr=(u_int16_t *)(rxbuf+size);
167 crc=gemtag_calc_crc(rxbuf,size);
168 if(((crc>>8)!=rxbuf[size+1])||((crc&0xff)!=rxbuf[size]))
172 /* check sequence number */
173 if(rxhdr->seq!=txhdr->seq) return -SEQ_MISMATCH;
175 /* check return code */
176 if(rxbuf[2]) return -CMD_FAILED;
178 memcpy(rx,rxbuf+sizeof(struct gemtag_cmd_hdr),*rx_len);
183 struct gemtag_handle *gemtag_open(void) {
184 struct usb_device *gemtag;
186 struct gemtag_handle *gh;
193 gemtag=find_device(USB_VENDOR_GEMTAG,USB_DEVICE_X501);
194 if(!gemtag) return NULL;
196 gh=malloc(sizeof(struct gemtag_handle));
199 memset(gh,0,sizeof(struct gemtag_handle));
201 gh->handle=usb_open(gemtag);
206 memset(info,0,sizeof(info));
207 usb_get_string_simple(gh->handle,i,info,sizeof(info));
210 printf("opened successfully\n");
212 if(usb_set_configuration(gh->handle,1)) {
213 perror("set config");
216 printf("set configuration 1, ");
218 if(usb_claim_interface(gh->handle,0)) {
219 perror("claim interface");
222 printf("claimed interface 0\n");
225 if(usb_set_altinterface(gh->handle,0))
226 perror("set alt interface");
227 printf("activated alt setting 0\n");
237 int gemtag_close(struct gemtag_handle *gh) {
239 if(gh->handle) usb_close(gh->handle);
245 int gemtag_transform_mifare_key(struct gemtag_handle *gh,
246 unsigned char *key6,unsigned char *key12) {
250 gemtag_transceive(gh,GEMTAG_CMD_HOST_CODE_KEY,key6,6,key12,&len);
255 int gemtag_auth_mifare_key(struct gemtag_handle *gh,
256 unsigned char *key6,int sector) {
258 unsigned char key12[12];
259 unsigned char buf[32];
260 unsigned int len,ret;
262 gemtag_transform_mifare_key(gh,key6,key12);
264 buf[0]=0x60; /* auth mode */
265 memcpy(buf+1,gh->serial,4); /* sreial */
266 memcpy(buf+5,key12,12); /* transformed key */
267 buf[17]=sector; /* sector */
268 ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_AUTH_KEY,buf,18,
270 if(ret) return -AUTH_FAILED;
275 int gemtag_read16(struct gemtag_handle *gh,int sector,
276 unsigned char *data) {
278 unsigned char buf[32];
282 ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_READ,
284 if(ret) return -READ_FAILED;
289 int gemtag_pick_picc(struct gemtag_handle *gh) {
291 unsigned char buf[16];
295 buf[0]=GEMTAG_PICC_REQIDL;
296 ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_REQUEST,buf,1,buf,&len);
297 if(ret) return -NO_PICC;
299 buf[0]=GEMTAG_PICC_STD_SELECT_CODE;
301 ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_CASC_ANTICOLL,buf,6,buf,&len);
302 if(ret) return -NO_PICC;
303 memcpy(gh->serial,buf,4);
305 buf[0]=GEMTAG_PICC_STD_SELECT_CODE;
306 memcpy(buf+1,gh->serial,4);
307 ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_CASC_SELECT,buf,5,buf,&len);
308 if(ret) return -PICC_SELECT_ERROR;
313 int main(int argc, char **argv) {
315 struct gemtag_handle *gh;
316 unsigned char buf[256];
317 unsigned char key6[6];
322 gh->caps|=GEMTAG_CAP_CRC;
323 //gh->caps|=GEMTAG_CAP_VERB_TRANSMIT;
327 gemtag_transceive(gh,GEMTAG_CMD_GET_FW_VERSION,
329 asciidump(buf,buflen);
333 if(gemtag_pick_picc(gh)) {
334 printf("no card found!\n");
339 printf("\nreading sectors ... (serial: %02x %02x %02x %02x)\n\n",
340 gh->serial[3],gh->serial[2],gh->serial[1],gh->serial[0]);
342 gemtag_auth_mifare_key(gh,key6,i);
343 if(!gemtag_read16(gh,i,buf)) {
344 printf("%02x: ",i++);