libnfc  1.7.1
nfc-emulate-uid.c
Go to the documentation of this file.
1 /*-
2  * Free/Libre Near Field Communication (NFC) library
3  *
4  * Libnfc historical contributors:
5  * Copyright (C) 2009 Roel Verdult
6  * Copyright (C) 2009-2013 Romuald Conty
7  * Copyright (C) 2010-2012 Romain Tartière
8  * Copyright (C) 2010-2013 Philippe Teuwen
9  * Copyright (C) 2012-2013 Ludovic Rousseau
10  * See AUTHORS file for a more comprehensive list of contributors.
11  * Additional contributors of this file:
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions are met:
15  * 1) Redistributions of source code must retain the above copyright notice,
16  * this list of conditions and the following disclaimer.
17  * 2 )Redistributions in binary form must reproduce the above copyright
18  * notice, this list of conditions and the following disclaimer in the
19  * documentation and/or other materials provided with the distribution.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
22  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31  * POSSIBILITY OF SUCH DAMAGE.
32  *
33  * Note that this license only applies on the examples, NFC library itself is under LGPL
34  *
35  */
36 
48 #ifdef HAVE_CONFIG_H
49 # include "config.h"
50 #endif // HAVE_CONFIG_H
51 
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <stddef.h>
55 #include <stdint.h>
56 #include <string.h>
57 #include <signal.h>
58 
59 #include <nfc/nfc.h>
60 
61 #include "utils/nfc-utils.h"
62 
63 #define MAX_FRAME_LEN 264
64 
65 static uint8_t abtRecv[MAX_FRAME_LEN];
66 static int szRecvBits;
67 static nfc_device *pnd;
68 static nfc_context *context;
69 
70 // ISO14443A Anti-Collision response
71 uint8_t abtAtqa[2] = { 0x04, 0x00 };
72 uint8_t abtUidBcc[5] = { 0xDE, 0xAD, 0xBE, 0xEF, 0x22 };
73 uint8_t abtSak[9] = { 0x08, 0xb6, 0xdd };
74 
75 static void
76 intr_hdlr(int sig)
77 {
78  (void) sig;
79  if (pnd != NULL) {
80  printf("\nAborting current command...\n");
81  nfc_abort_command(pnd);
82  }
83 }
84 
85 static void
86 print_usage(char *argv[])
87 {
88  printf("Usage: %s [OPTIONS] [UID]\n", argv[0]);
89  printf("Options:\n");
90  printf("\t-h\tHelp. Print this message.\n");
91  printf("\t-q\tQuiet mode. Silent output: received and sent frames will not be shown (improves timing).\n");
92  printf("\n");
93  printf("\t[UID]\tUID to emulate, specified as 8 HEX digits (default is DEADBEEF).\n");
94 }
95 
96 int
97 main(int argc, char *argv[])
98 {
99  uint8_t *pbtTx = NULL;
100  size_t szTxBits;
101  bool quiet_output = false;
102 
103  int arg,
104  i;
105 
106  // Get commandline options
107  for (arg = 1; arg < argc; arg++) {
108  if (0 == strcmp(argv[arg], "-h")) {
109  print_usage(argv);
110  exit(EXIT_SUCCESS);
111  } else if (0 == strcmp(argv[arg], "-q")) {
112  printf("Quiet mode.\n");
113  quiet_output = true;
114  } else if ((arg == argc - 1) && (strlen(argv[arg]) == 8)) { // See if UID was specified as HEX string
115  uint8_t abtTmp[3] = { 0x00, 0x00, 0x00 };
116  printf("[+] Using UID: %s\n", argv[arg]);
117  abtUidBcc[4] = 0x00;
118  for (i = 0; i < 4; ++i) {
119  memcpy(abtTmp, argv[arg] + i * 2, 2);
120  abtUidBcc[i] = (uint8_t) strtol((char *) abtTmp, NULL, 16);
121  abtUidBcc[4] ^= abtUidBcc[i];
122  }
123  } else {
124  ERR("%s is not supported option.", argv[arg]);
125  print_usage(argv);
126  exit(EXIT_FAILURE);
127  }
128  }
129 
130 #ifdef WIN32
131  signal(SIGINT, (void (__cdecl *)(int)) intr_hdlr);
132 #else
133  signal(SIGINT, intr_hdlr);
134 #endif
135 
136  nfc_init(&context);
137  if (context == NULL) {
138  ERR("Unable to init libnfc (malloc)");
139  exit(EXIT_FAILURE);
140  }
141 
142  // Try to open the NFC device
143  pnd = nfc_open(context, NULL);
144 
145  if (pnd == NULL) {
146  ERR("Unable to open NFC device");
147  nfc_exit(context);
148  exit(EXIT_FAILURE);
149  }
150 
151  printf("\n");
152  printf("NFC device: %s opened\n", nfc_device_get_name(pnd));
153  printf("[+] Try to break out the auto-emulation, this requires a second NFC device!\n");
154  printf("[+] To do this, please send any command after the anti-collision\n");
155  printf("[+] For example, send a RATS command or use the \"nfc-anticol\" or \"nfc-list\" tool.\n");
156 
157  // Note: We have to build a "fake" nfc_target in order to do exactly the same that was done before the new nfc_target_init() was introduced.
158  nfc_target nt = {
159  .nm = {
160  .nmt = NMT_ISO14443A,
161  .nbr = NBR_UNDEFINED,
162  },
163  .nti = {
164  .nai = {
165  .abtAtqa = { 0x04, 0x00 },
166  .abtUid = { 0x08, 0xad, 0xbe, 0xef },
167  .btSak = 0x20,
168  .szUidLen = 4,
169  .szAtsLen = 0,
170  },
171  },
172  };
173  if ((szRecvBits = nfc_target_init(pnd, &nt, abtRecv, sizeof(abtRecv), 0)) < 0) {
174  nfc_perror(pnd, "nfc_target_init");
175  ERR("Could not come out of auto-emulation, no command was received");
176  nfc_close(pnd);
177  nfc_exit(context);
178  exit(EXIT_FAILURE);
179  }
180  printf("[+] Received initiator command: ");
181  print_hex_bits(abtRecv, (size_t) szRecvBits);
182  printf("[+] Configuring communication\n");
183  if ((nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, false) < 0) || (nfc_device_set_property_bool(pnd, NP_HANDLE_PARITY, true) < 0)) {
184  nfc_perror(pnd, "nfc_device_set_property_bool");
185  nfc_close(pnd);
186  nfc_exit(context);
187  exit(EXIT_FAILURE);
188  }
189  printf("[+] Done, the emulated tag is initialized with UID: %02X%02X%02X%02X\n\n", abtUidBcc[0], abtUidBcc[1],
190  abtUidBcc[2], abtUidBcc[3]);
191 
192  while (true) {
193  // Test if we received a frame
194  if ((szRecvBits = nfc_target_receive_bits(pnd, abtRecv, sizeof(abtRecv), 0)) > 0) {
195  // Prepare the command to send back for the anti-collision request
196  switch (szRecvBits) {
197  case 7: // Request or Wakeup
198  pbtTx = abtAtqa;
199  szTxBits = 16;
200  // New anti-collsion session started
201  if (!quiet_output)
202  printf("\n");
203  break;
204 
205  case 16: // Select All
206  pbtTx = abtUidBcc;
207  szTxBits = 40;
208  break;
209 
210  case 72: // Select Tag
211  pbtTx = abtSak;
212  szTxBits = 24;
213  break;
214 
215  default: // unknown length?
216  szTxBits = 0;
217  break;
218  }
219 
220  if (!quiet_output) {
221  printf("R: ");
222  print_hex_bits(abtRecv, (size_t) szRecvBits);
223  }
224  // Test if we know how to respond
225  if (szTxBits) {
226  // Send and print the command to the screen
227  if (nfc_target_send_bits(pnd, pbtTx, szTxBits, NULL) < 0) {
228  nfc_perror(pnd, "nfc_target_send_bits");
229  nfc_close(pnd);
230  nfc_exit(context);
231  exit(EXIT_FAILURE);
232  }
233  if (!quiet_output) {
234  printf("T: ");
235  print_hex_bits(pbtTx, szTxBits);
236  }
237  }
238  }
239  }
240  nfc_close(pnd);
241  nfc_exit(context);
242  exit(EXIT_SUCCESS);
243 }
nfc_init
void nfc_init(nfc_context **context)
Initialize libnfc. This function must be called before calling any other libnfc function.
Definition: nfc.c:192
nfc_context
NFC library context Struct which contains internal options, references, pointers, etc....
Definition: nfc-internal.h:175
nfc_device
NFC device information.
Definition: nfc-internal.h:190
nfc_target_init
int nfc_target_init(nfc_device *pnd, nfc_target *pnt, uint8_t *pbtRx, const size_t szRx, int timeout)
Initialize NFC device as an emulated tag.
Definition: nfc.c:933
NP_HANDLE_CRC
@ NP_HANDLE_CRC
Definition: nfc-types.h:93
nfc_exit
void nfc_exit(nfc_context *context)
Deinitialize libnfc. Should be called after closing all open devices and before your application term...
Definition: nfc.c:209
nfc_target
NFC target structure.
Definition: nfc-types.h:328
nfc_target_receive_bits
int nfc_target_receive_bits(nfc_device *pnd, uint8_t *pbtRx, const size_t szRx, uint8_t *pbtRxPar)
Receive bit-frames.
Definition: nfc.c:1071
nfc_device_get_name
const char * nfc_device_get_name(nfc_device *pnd)
Returns the device name.
Definition: nfc.c:1164
nfc_open
nfc_device * nfc_open(nfc_context *context, const nfc_connstring connstring)
Open a NFC device.
Definition: nfc.c:238
nfc_perror
void nfc_perror(const nfc_device *pnd, const char *pcString)
Display the last error occured on a nfc_device.
Definition: nfc.c:1138
ERR
#define ERR(...)
Print a error message.
Definition: nfc-utils.h:85
nfc_target_send_bits
int nfc_target_send_bits(nfc_device *pnd, const uint8_t *pbtTx, const size_t szTxBits, const uint8_t *pbtTxPar)
Send raw bit-frames.
Definition: nfc.c:1049
nfc_abort_command
int nfc_abort_command(nfc_device *pnd)
Abort current running command.
Definition: nfc.c:991
nfc_close
void nfc_close(nfc_device *pnd)
Close from a NFC device.
Definition: nfc.c:300
nfc-utils.h
Provide some examples shared functions like print, parity calculation, options parsing.
NP_HANDLE_PARITY
@ NP_HANDLE_PARITY
Definition: nfc-types.h:101
nfc_device_set_property_bool
int nfc_device_set_property_bool(nfc_device *pnd, const nfc_property property, const bool bEnable)
Set a device's boolean-property value.
Definition: nfc.c:426
nfc.h
libnfc interface