X-Git-Url: https://hackdaworld.org/gitweb/?p=rfid%2Flibrfid.git;a=blobdiff_plain;f=gemtag%2Fgemtag.c;h=48dc427f47d7fd46da21be1c96a540505584c091;hp=19ccc637842862ce855b339cf5b2e0155c6a01f4;hb=d72a365a0f044de71ae7c13dd7782895f531a944;hpb=698a0e4b024bf89b9862fdebfbd673f0bdc6a118

diff --git a/gemtag/gemtag.c b/gemtag/gemtag.c
index 19ccc63..48dc427 100644
--- a/gemtag/gemtag.c
+++ b/gemtag/gemtag.c
@@ -24,11 +24,22 @@
 #include <usb.h>
 #include "gemtag.h"
 
+int asciidump(unsigned char *data,int len) {
+	int i;
+
+	for(i=0;i<len;i++)
+		if((data[i]>0x19)&&(data[i]<0x7f)) printf("%c",data[i]);
+		else printf("_");
+	//printf("\n");
+
+	return 0;
+}
+
 int hexdump(unsigned char *data,int len) {
 	int i;
 
 	for(i=0;i<len;i++) printf("%02x ",data[i]);
-	printf("\n");
+	//printf("\n");
 
 	return 0;
 }
@@ -75,17 +86,16 @@ u_int16_t gemtag_calc_crc(unsigned char *data,u_int16_t len) {
 	return crc;
 }
 
-int gemtag_transcieve(struct gemtag_handle *gh,unsigned char cmd,
-                         unsigned char *tx,unsigned int tx_len,
-                         unsigned char *rx,unsigned int *rx_len) {
+int gemtag_transceive(struct gemtag_handle *gh,unsigned char cmd,
+                      unsigned char *tx,unsigned int tx_len,
+                      unsigned char *rx,unsigned int *rx_len) {
 
 	unsigned char txbuf[256];
 	unsigned char rxbuf[256];
 	struct gemtag_cmd_hdr *txhdr;
 	struct gemtag_cmd_hdr *rxhdr;
-	unsigned char buf[32];
 	u_int16_t crc,*crcptr;
-	int ret,size;
+	int i,ret,size,rest;
 
 	txhdr=(struct gemtag_cmd_hdr *)txbuf;
 	rxhdr=(struct gemtag_cmd_hdr *)rxbuf;
@@ -93,22 +103,25 @@ int gemtag_transcieve(struct gemtag_handle *gh,unsigned char cmd,
 	txhdr->start=0xa5;
 	txhdr->seq=++(gh->seq);
 	txhdr->cmd=cmd;
- 	txhdr->len=(tx_len>>8)|(tx_len<<8);
+ 	txhdr->len=tx_len;
 	size=sizeof(struct gemtag_cmd_hdr);
 	memcpy(txbuf+size,tx,tx_len);
 	size+=tx_len;
 
 	/* crc check */
-	if(gh->capabilities&GEMTAG_CAP_CRC) {
+	if(gh->caps&GEMTAG_CAP_CRC) {
 		crcptr=(u_int16_t *)(txbuf+size);
 		crc=gemtag_calc_crc(txbuf,size);
-		*crcptr=(crc>>8)|(crc<<8);
+		//*crcptr=(crc>>8)|(crc<<8);
+		*crcptr=crc;
 		size+=2;
 	}
 
 	/* usb write */
-	printf("(%02d) -> ",size);
-	hexdump(txbuf,size);
+	if(gh->caps&GEMTAG_CAP_VERB_TRANSMIT) {
+		printf("(%02d) -> ",size);
+		hexdump(txbuf,size);
+	}
 	ret=usb_interrupt_write(gh->handle,0x02,txbuf,size,0);
 	if(ret<=0) {
 		perror("usb interrupt write");
@@ -116,36 +129,51 @@ int gemtag_transcieve(struct gemtag_handle *gh,unsigned char cmd,
 	}
 
 	/* usb read */
-	ret=usb_interrupt_read(gh->handle,0x81,buf,32,0);
+	ret=usb_interrupt_read(gh->handle,0x81,rxbuf,32,0);
 	if(ret<=0) {
 		perror("usb interrupt read");
 		return ret;
 	}
-	memcpy(rxbuf,buf,ret);
-	printf("(%02d) <- ",ret);
-	hexdump(rxbuf,ret);
+	if(ret<5) {
+		if(gh->caps&GEMTAG_CAP_VERB_TRANSMIT)
+			return -SHORT_ANSWER;
+	}
+
+	*rx_len=rxbuf[3]|(rxbuf[4]<<8);
+	size=*rx_len+sizeof(struct gemtag_cmd_hdr); 
+	if(gh->caps&GEMTAG_CAP_CRC) size+=2;
+
+	i=1;
+	rest=size-ret;
+	while(rest>=0) {
+		ret=usb_interrupt_read(gh->handle,0x81,rxbuf+i*32,32,0);
+		if(ret<=0) {
+			perror("usb interrupt read (missing bytes)");
+			return ret;
+		}
+		i++;
+		rest-=ret;
+	}
 
-	*rx_len=buf[3]|(buf[4]<<8);
-	printf("debug: length according to header -> %d 0x%04x\n",
-	       *rx_len,*rx_len);
-	size=*rx_len+5;
+	if(gh->caps&GEMTAG_CAP_VERB_TRANSMIT) {
+		printf("(%02d) <- ",size);
+		hexdump(rxbuf,size);
+	}
 
 	/* crc check */
-	if(gh->capabilities&GEMTAG_CAP_CRC) {
-		size=ret-2;
+	if(gh->caps&GEMTAG_CAP_CRC) {
+		size-=2;
 		crcptr=(u_int16_t *)(rxbuf+size);
 		crc=gemtag_calc_crc(rxbuf,size);
-		if(((crc>>8)!=rxbuf[size+1])||((crc&0xff)!=rxbuf[size])) {
-			printf("bad crc! (%04x)\n",crc);
-			//return -BAD_CRC;
-		}
+		if(((crc>>8)!=rxbuf[size+1])||((crc&0xff)!=rxbuf[size]))
+			return -BAD_CRC;
 	}
 
 	/* check sequence number */	
-	if(rxhdr->seq!=txhdr->seq) {
-		puts("transmitted/recieved sequence number do not match");
-		//return -SEQ_MISMATCH;
-	}
+	if(rxhdr->seq!=txhdr->seq) return -SEQ_MISMATCH;
+
+	/* check return code */
+	if(rxbuf[2]) return -CMD_FAILED;
 
 	memcpy(rx,rxbuf+sizeof(struct gemtag_cmd_hdr),*rx_len);
 
@@ -154,13 +182,10 @@ int gemtag_transcieve(struct gemtag_handle *gh,unsigned char cmd,
 
 struct gemtag_handle *gemtag_open(void) {
 	struct usb_device *gemtag;
-	unsigned char rbuf[256];
-	unsigned int i,rlen;
+	unsigned int i;
 	struct gemtag_handle *gh;
 	char info[64];
 
-	rlen=sizeof(rbuf);
-
 	usb_init();
 	usb_find_busses();
 	usb_find_devices();
@@ -194,18 +219,13 @@ struct gemtag_handle *gemtag_open(void) {
 		perror("claim interface");
 		goto out_free;
 	}
-	printf("claimed interface 0, ");
+	printf("claimed interface 0\n");
 
+	/*
 	if(usb_set_altinterface(gh->handle,0))
 		perror("set alt interface");
 	printf("activated alt setting 0\n");
-
-	gh->capabilities|=GEMTAG_CAP_CRC;
-
-	gemtag_transcieve(gh,GEMTAG_CMD_GET_FW_VERSION,
-	                  NULL,0,rbuf,&rlen);
-	gemtag_transcieve(gh,GEMTAG_CMD_GET_SERIAL_NUMBER,
-	                  NULL,0,rbuf,&rlen);
+	*/
 
 	return gh;
 
@@ -213,13 +233,125 @@ out_free:
 	free(gh);
 	return NULL;
 }
+
+int gemtag_close(struct gemtag_handle *gh) {
+
+	if(gh->handle) usb_close(gh->handle);
+	if(gh) free(gh);
+
+	return 0;
+}
+
+int gemtag_transform_mifare_key(struct gemtag_handle *gh,
+                         unsigned char *key6,unsigned char *key12) {
+
+	unsigned int len;
+
+	gemtag_transceive(gh,GEMTAG_CMD_HOST_CODE_KEY,key6,6,key12,&len);
+
+	return 0;
+}
+
+int gemtag_auth_mifare_key(struct gemtag_handle *gh,
+                    unsigned char *key6,int sector) {
+
+	unsigned char key12[12];	
+	unsigned char buf[32];
+	unsigned int len,ret;
+
+	gemtag_transform_mifare_key(gh,key6,key12);
+	                     
+	buf[0]=0x60; /* auth mode */
+	memcpy(buf+1,gh->serial,4);	/* sreial */
+	memcpy(buf+5,key12,12); 	/* transformed key */
+	buf[17]=sector; 		/* sector */
+	ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_AUTH_KEY,buf,18,
+	                      buf,&len);
+	if(ret) return -AUTH_FAILED;
+
+	return 0;
+}
+
+int gemtag_read16(struct gemtag_handle *gh,int sector,
+                  unsigned char *data) {
+
+	unsigned char buf[32];
+	int len,ret;
+
+	buf[0]=sector;
+	ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_READ,
+	                      buf,1,data,&len);
+	if(ret) return -READ_FAILED;
+
+	return 0;
+}
+
+int gemtag_pick_picc(struct gemtag_handle *gh) {
+
+	unsigned char buf[16];
+	unsigned int len;
+	int ret;
+
+	buf[0]=GEMTAG_PICC_REQIDL;
+	ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_REQUEST,buf,1,buf,&len);
+	if(ret) return -NO_PICC;
+
+	buf[0]=GEMTAG_PICC_STD_SELECT_CODE;
+	memset(buf+1,0,5);
+	ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_CASC_ANTICOLL,buf,6,buf,&len);
+	if(ret) return -NO_PICC;
+	memcpy(gh->serial,buf,4);
+
+	buf[0]=GEMTAG_PICC_STD_SELECT_CODE;
+	memcpy(buf+1,gh->serial,4);
+	ret=gemtag_transceive(gh,GEMTAG_CMD_PICC_CASC_SELECT,buf,5,buf,&len);
+	if(ret) return -PICC_SELECT_ERROR;
+
+	return 0;
+}
 	
 int main(int argc, char **argv) {
 
 	struct gemtag_handle *gh;
+	unsigned char buf[256];
+	unsigned char key6[6];
+	int i;
 
 	gh=gemtag_open();
 
-	return 1;
+	gh->caps|=GEMTAG_CAP_CRC;
+	//gh->caps|=GEMTAG_CAP_VERB_TRANSMIT;
+
+	/*
+	printf("Device:\n");
+	gemtag_transceive(gh,GEMTAG_CMD_GET_FW_VERSION,
+			  NULL,0,buf,&buflen);
+	asciidump(buf,buflen);
+	printf("\n");
+	*/
+
+	if(gemtag_pick_picc(gh)) {
+		printf("no card found!\n");
+		return -NO_PICC;
+	}
+
+	memset(key6,0xff,6);
+	printf("\nreading sectors ... (serial: %02x %02x %02x %02x)\n\n",
+	       gh->serial[3],gh->serial[2],gh->serial[1],gh->serial[0]);
+	for(i=0;i<256;i++) {
+		gemtag_auth_mifare_key(gh,key6,i);
+		if(!gemtag_read16(gh,i,buf)) {
+			printf("%02x: ",i++);
+			hexdump(buf,16);
+			printf(" | ");
+			asciidump(buf,16);
+			printf("\n");
+		}
+		else return 0;
+	}
+
+	gemtag_close(gh);
+
+	return 0;
 }