34 #include "target-subr.h"
50 struct card_atqa const_ca[] = {
52 0x0044, 0xffff,
"MIFARE Ultralight",
56 0x0044, 0xffff,
"MIFARE Ultralight C",
60 0x0004, 0xff0f,
"MIFARE Mini 0.3K",
64 0x0004, 0xff0f,
"MIFARE Classic 1K",
68 0x0002, 0xff0f,
"MIFARE Classic 4K",
72 0x0004, 0xffff,
"MIFARE Plus (4 Byte UID or 4 Byte RID)",
73 {4, 5, 6, 7, 8, 9, -1}
76 0x0002, 0xffff,
"MIFARE Plus (4 Byte UID or 4 Byte RID)",
77 {4, 5, 6, 7, 8, 9, -1}
80 0x0044, 0xffff,
"MIFARE Plus (7 Byte UID)",
81 {4, 5, 6, 7, 8, 9, -1}
84 0x0042, 0xffff,
"MIFARE Plus (7 Byte UID)",
85 {4, 5, 6, 7, 8, 9, -1}
88 0x0344, 0xffff,
"MIFARE DESFire",
92 0x0044, 0xffff,
"P3SR008",
96 0x0004, 0xf0ff,
"SmartMX with MIFARE 1K emulation",
100 0x0002, 0xf0ff,
"SmartMX with MIFARE 4K emulation",
104 0x0048, 0xf0ff,
"SmartMX with 7 Byte UID",
109 struct card_sak const_cs[] = {
114 {0x08, 0xff,
" 2K, Security level 1" },
115 {0x18, 0xff,
" 4K, Security level 1" },
116 {0x10, 0xff,
" 2K, Security level 2" },
117 {0x11, 0xff,
" 4K, Security level 2" },
118 {0x20, 0xff,
" 2K, Security level 3" },
119 {0x20, 0xff,
" 4K, Security level 3" },
120 {0x20, 0xff,
" 4K" },
121 {0x20, 0xff,
" EV1 2K/4K/8K" },
126 snprint_hex(
char *dst,
size_t size,
const uint8_t *pbtData,
const size_t szBytes)
130 for (szPos = 0; szPos < szBytes; szPos++) {
131 res += snprintf(dst + res, size - res,
"%02x ", pbtData[szPos]);
133 res += snprintf(dst + res, size - res,
"\n");
137 #define SAK_UID_NOT_COMPLETE 0x04
138 #define SAK_ISO14443_4_COMPLIANT 0x20
139 #define SAK_ISO18092_COMPLIANT 0x40
142 snprint_nfc_iso14443a_info(
char *dst,
size_t size,
const nfc_iso14443a_info *pnai,
bool verbose)
145 off += snprintf(dst + off, size - off,
" ATQA (SENS_RES): ");
146 off += snprint_hex(dst + off, size - off, pnai->abtAtqa, 2);
148 off += snprintf(dst + off, size - off,
"* UID size: ");
149 switch ((pnai->abtAtqa[1] & 0xc0) >> 6) {
151 off += snprintf(dst + off, size - off,
"single\n");
154 off += snprintf(dst + off, size - off,
"double\n");
157 off += snprintf(dst + off, size - off,
"triple\n");
160 off += snprintf(dst + off, size - off,
"RFU\n");
163 off += snprintf(dst + off, size - off,
"* bit frame anticollision ");
164 switch (pnai->abtAtqa[1] & 0x1f) {
170 off += snprintf(dst + off, size - off,
"supported\n");
173 off += snprintf(dst + off, size - off,
"not supported\n");
177 off += snprintf(dst + off, size - off,
" UID (NFCID%c): ", (pnai->abtUid[0] == 0x08 ?
'3' :
'1'));
178 off += snprint_hex(dst + off, size - off, pnai->abtUid, pnai->szUidLen);
180 if (pnai->abtUid[0] == 0x08) {
181 off += snprintf(dst + off, size - off,
"* Random UID\n");
184 off += snprintf(dst + off, size - off,
" SAK (SEL_RES): ");
185 off += snprint_hex(dst + off, size - off, &pnai->btSak, 1);
187 if (pnai->btSak & SAK_UID_NOT_COMPLETE) {
188 off += snprintf(dst + off, size - off,
"* Warning! Cascade bit set: UID not complete\n");
190 if (pnai->btSak & SAK_ISO14443_4_COMPLIANT) {
191 off += snprintf(dst + off, size - off,
"* Compliant with ISO/IEC 14443-4\n");
193 off += snprintf(dst + off, size - off,
"* Not compliant with ISO/IEC 14443-4\n");
195 if (pnai->btSak & SAK_ISO18092_COMPLIANT) {
196 off += snprintf(dst + off, size - off,
"* Compliant with ISO/IEC 18092\n");
198 off += snprintf(dst + off, size - off,
"* Not compliant with ISO/IEC 18092\n");
201 if (pnai->szAtsLen) {
202 off += snprintf(dst + off, size - off,
" ATS: ");
203 off += snprint_hex(dst + off, size - off, pnai->abtAts, pnai->szAtsLen);
205 if (pnai->szAtsLen && verbose) {
207 const int iMaxFrameSizes[] = { 16, 24, 32, 40, 48, 64, 96, 128, 256 };
208 off += snprintf(dst + off, size - off,
"* Max Frame Size accepted by PICC: %d bytes\n", iMaxFrameSizes[pnai->abtAts[0] & 0x0F]);
211 if (pnai->abtAts[0] & 0x10) {
212 uint8_t TA = pnai->abtAts[offset];
214 off += snprintf(dst + off, size - off,
"* Bit Rate Capability:\n");
216 off += snprintf(dst + off, size - off,
" * PICC supports only 106 kbits/s in both directions\n");
219 off += snprintf(dst + off, size - off,
" * Same bitrate in both directions mandatory\n");
222 off += snprintf(dst + off, size - off,
" * PICC to PCD, DS=2, bitrate 212 kbits/s supported\n");
225 off += snprintf(dst + off, size - off,
" * PICC to PCD, DS=4, bitrate 424 kbits/s supported\n");
228 off += snprintf(dst + off, size - off,
" * PICC to PCD, DS=8, bitrate 847 kbits/s supported\n");
231 off += snprintf(dst + off, size - off,
" * PCD to PICC, DR=2, bitrate 212 kbits/s supported\n");
234 off += snprintf(dst + off, size - off,
" * PCD to PICC, DR=4, bitrate 424 kbits/s supported\n");
237 off += snprintf(dst + off, size - off,
" * PCD to PICC, DR=8, bitrate 847 kbits/s supported\n");
240 off += snprintf(dst + off, size - off,
" * ERROR unknown value\n");
243 if (pnai->abtAts[0] & 0x20) {
244 uint8_t TB = pnai->abtAts[offset];
246 off += snprintf(dst + off, size - off,
"* Frame Waiting Time: %.4g ms\n", 256.0 * 16.0 * (1 << ((TB & 0xf0) >> 4)) / 13560.0);
247 if ((TB & 0x0f) == 0) {
248 off += snprintf(dst + off, size - off,
"* No Start-up Frame Guard Time required\n");
250 off += snprintf(dst + off, size - off,
"* Start-up Frame Guard Time: %.4g ms\n", 256.0 * 16.0 * (1 << (TB & 0x0f)) / 13560.0);
253 if (pnai->abtAts[0] & 0x40) {
254 uint8_t TC = pnai->abtAts[offset];
257 off += snprintf(dst + off, size - off,
"* Node Address supported\n");
259 off += snprintf(dst + off, size - off,
"* Node Address not supported\n");
262 off += snprintf(dst + off, size - off,
"* Card IDentifier supported\n");
264 off += snprintf(dst + off, size - off,
"* Card IDentifier not supported\n");
267 if (pnai->szAtsLen > offset) {
268 off += snprintf(dst + off, size - off,
"* Historical bytes Tk: ");
269 off += snprint_hex(dst + off, size - off, pnai->abtAts + offset, (pnai->szAtsLen - offset));
270 uint8_t CIB = pnai->abtAts[offset];
272 if (CIB != 0x00 && CIB != 0x10 && (CIB & 0xf0) != 0x80) {
273 off += snprintf(dst + off, size - off,
" * Proprietary format\n");
275 off += snprintf(dst + off, size - off,
" * Tag byte: Mifare or virtual cards of various types\n");
276 uint8_t L = pnai->abtAts[offset];
278 if (L != (pnai->szAtsLen - offset)) {
279 off += snprintf(dst + off, size - off,
" * Warning: Type Identification Coding length (%i)", L);
280 off += snprintf(dst + off, size - off,
" not matching Tk length (%" PRIdPTR
")\n", (pnai->szAtsLen - offset));
282 if ((pnai->szAtsLen - offset - 2) > 0) {
283 uint8_t CTC = pnai->abtAts[offset];
285 off += snprintf(dst + off, size - off,
" * Chip Type: ");
286 switch (CTC & 0xf0) {
288 off += snprintf(dst + off, size - off,
"(Multiple) Virtual Cards\n");
291 off += snprintf(dst + off, size - off,
"Mifare DESFire\n");
294 off += snprintf(dst + off, size - off,
"Mifare Plus\n");
297 off += snprintf(dst + off, size - off,
"RFU\n");
300 off += snprintf(dst + off, size - off,
" * Memory size: ");
301 switch (CTC & 0x0f) {
303 off += snprintf(dst + off, size - off,
"<1 kbyte\n");
306 off += snprintf(dst + off, size - off,
"1 kbyte\n");
309 off += snprintf(dst + off, size - off,
"2 kbyte\n");
312 off += snprintf(dst + off, size - off,
"4 kbyte\n");
315 off += snprintf(dst + off, size - off,
"8 kbyte\n");
318 off += snprintf(dst + off, size - off,
"Unspecified\n");
321 off += snprintf(dst + off, size - off,
"RFU\n");
325 if ((pnai->szAtsLen - offset) > 0) {
326 uint8_t CVC = pnai->abtAts[offset];
328 off += snprintf(dst + off, size - off,
" * Chip Status: ");
329 switch (CVC & 0xf0) {
331 off += snprintf(dst + off, size - off,
"Engineering sample\n");
334 off += snprintf(dst + off, size - off,
"Released\n");
337 off += snprintf(dst + off, size - off,
"RFU\n");
340 off += snprintf(dst + off, size - off,
" * Chip Generation: ");
341 switch (CVC & 0x0f) {
343 off += snprintf(dst + off, size - off,
"Generation 1\n");
346 off += snprintf(dst + off, size - off,
"Generation 2\n");
349 off += snprintf(dst + off, size - off,
"Generation 3\n");
352 off += snprintf(dst + off, size - off,
"Unspecified\n");
355 off += snprintf(dst + off, size - off,
"RFU\n");
359 if ((pnai->szAtsLen - offset) > 0) {
360 uint8_t VCS = pnai->abtAts[offset];
362 off += snprintf(dst + off, size - off,
" * Specifics (Virtual Card Selection):\n");
363 if ((VCS & 0x09) == 0x00) {
364 off += snprintf(dst + off, size - off,
" * Only VCSL supported\n");
365 }
else if ((VCS & 0x09) == 0x01) {
366 off += snprintf(dst + off, size - off,
" * VCS, VCSL and SVC supported\n");
368 if ((VCS & 0x0e) == 0x00) {
369 off += snprintf(dst + off, size - off,
" * SL1, SL2(?), SL3 supported\n");
370 }
else if ((VCS & 0x0e) == 0x02) {
371 off += snprintf(dst + off, size - off,
" * SL3 only card\n");
372 }
else if ((VCS & 0x0f) == 0x0e) {
373 off += snprintf(dst + off, size - off,
" * No VCS command supported\n");
374 }
else if ((VCS & 0x0f) == 0x0f) {
375 off += snprintf(dst + off, size - off,
" * Unspecified\n");
377 off += snprintf(dst + off, size - off,
" * RFU\n");
383 off += snprintf(dst + off, size - off,
" * Tk after 0x00 consist of optional consecutive COMPACT-TLV data objects\n");
384 off += snprintf(dst + off, size - off,
" followed by a mandatory status indicator (the last three bytes, not in TLV)\n");
385 off += snprintf(dst + off, size - off,
" See ISO/IEC 7816-4 8.1.1.3 for more info\n");
388 off += snprintf(dst + off, size - off,
" * DIR data reference: %02x\n", pnai->abtAts[offset]);
391 if (pnai->szAtsLen == offset) {
392 off += snprintf(dst + off, size - off,
" * No COMPACT-TLV objects found, no status found\n");
394 off += snprintf(dst + off, size - off,
" * Tk after 0x80 consist of optional consecutive COMPACT-TLV data objects;\n");
395 off += snprintf(dst + off, size - off,
" the last data object may carry a status indicator of one, two or three bytes.\n");
396 off += snprintf(dst + off, size - off,
" See ISO/IEC 7816-4 8.1.1.3 for more info\n");
403 off += snprintf(dst + off, size - off,
"\nFingerprinting based on MIFARE type Identification Procedure:\n");
407 bool found_possible_match =
false;
409 atqa = (((uint16_t)pnai->abtAtqa[0] & 0xff) << 8);
410 atqa += (((uint16_t)pnai->abtAtqa[1] & 0xff));
411 sak = ((uint8_t)pnai->btSak & 0xff);
413 for (i = 0; i <
sizeof(const_ca) /
sizeof(const_ca[0]); i++) {
414 if ((atqa & const_ca[i].mask) == const_ca[i].atqa) {
415 for (j = 0; (j <
sizeof(const_ca[i].saklist) /
sizeof(const_ca[i].saklist[0])) && (const_ca[i].saklist[j] >= 0); j++) {
416 int sakindex = const_ca[i].saklist[j];
417 if ((sak & const_cs[sakindex].mask) == const_cs[sakindex].sak) {
418 off += snprintf(dst + off, size - off,
"* %s%s\n", const_ca[i].type, const_cs[sakindex].type);
419 found_possible_match =
true;
427 off += snprintf(dst + off, size - off,
"Other possible matches based on ATQA & SAK values:\n");
428 uint32_t atqasak = 0;
429 atqasak += (((uint32_t)pnai->abtAtqa[0] & 0xff) << 16);
430 atqasak += (((uint32_t)pnai->abtAtqa[1] & 0xff) << 8);
431 atqasak += ((uint32_t)pnai->btSak & 0xff);
434 off += snprintf(dst + off, size - off,
"* Mifare Classic 1K Infineon\n");
435 found_possible_match =
true;
438 off += snprintf(dst + off, size - off,
"* Gemplus MPCOS\n");
439 found_possible_match =
true;
442 off += snprintf(dst + off, size - off,
"* JCOP31\n");
443 found_possible_match =
true;
446 off += snprintf(dst + off, size - off,
"* JCOP31 v2.4.1\n");
447 off += snprintf(dst + off, size - off,
"* JCOP31 v2.2\n");
448 found_possible_match =
true;
451 off += snprintf(dst + off, size - off,
"* JCOP31 v2.3.1\n");
452 found_possible_match =
true;
455 off += snprintf(dst + off, size - off,
"* Fudan FM1208SH01\n");
456 found_possible_match =
true;
459 off += snprintf(dst + off, size - off,
"* Fudan FM1208\n");
460 found_possible_match =
true;
463 off += snprintf(dst + off, size - off,
"* MFC 4K emulated by Nokia 6212 Classic\n");
464 found_possible_match =
true;
467 off += snprintf(dst + off, size - off,
"* MFC 4K emulated by Nokia 6131 NFC\n");
468 found_possible_match =
true;
471 if (! found_possible_match) {
472 snprintf(dst + off, size - off,
"* Unknown card, sorry\n");
478 snprint_nfc_felica_info(
char *dst,
size_t size,
const nfc_felica_info *pnfi,
bool verbose)
482 off += snprintf(dst + off, size - off,
" ID (NFCID2): ");
483 off += snprint_hex(dst + off, size - off, pnfi->abtId, 8);
484 off += snprintf(dst + off, size - off,
" Parameter (PAD): ");
485 off += snprint_hex(dst + off, size - off, pnfi->abtPad, 8);
486 off += snprintf(dst + off, size - off,
" System Code (SC): ");
487 snprint_hex(dst + off, size - off, pnfi->abtSysCode, 2);
491 snprint_nfc_jewel_info(
char *dst,
size_t size,
const nfc_jewel_info *pnji,
bool verbose)
495 off += snprintf(dst + off, size - off,
" ATQA (SENS_RES): ");
496 off += snprint_hex(dst + off, size - off, pnji->btSensRes, 2);
497 off += snprintf(dst + off, size - off,
" 4-LSB JEWELID: ");
498 snprint_hex(dst + off, size - off, pnji->btId, 4);
501 #define PI_ISO14443_4_SUPPORTED 0x01
502 #define PI_NAD_SUPPORTED 0x01
503 #define PI_CID_SUPPORTED 0x02
505 snprint_nfc_iso14443b_info(
char *dst,
size_t size,
const nfc_iso14443b_info *pnbi,
bool verbose)
508 off += snprintf(dst + off, size - off,
" PUPI: ");
509 off += snprint_hex(dst + off, size - off, pnbi->
abtPupi, 4);
510 off += snprintf(dst + off, size - off,
" Application Data: ");
512 off += snprintf(dst + off, size - off,
" Protocol Info: ");
515 off += snprintf(dst + off, size - off,
"* Bit Rate Capability:\n");
517 off += snprintf(dst + off, size - off,
" * PICC supports only 106 kbits/s in both directions\n");
520 off += snprintf(dst + off, size - off,
" * Same bitrate in both directions mandatory\n");
523 off += snprintf(dst + off, size - off,
" * PICC to PCD, 1etu=64/fc, bitrate 212 kbits/s supported\n");
526 off += snprintf(dst + off, size - off,
" * PICC to PCD, 1etu=32/fc, bitrate 424 kbits/s supported\n");
529 off += snprintf(dst + off, size - off,
" * PICC to PCD, 1etu=16/fc, bitrate 847 kbits/s supported\n");
532 off += snprintf(dst + off, size - off,
" * PCD to PICC, 1etu=64/fc, bitrate 212 kbits/s supported\n");
535 off += snprintf(dst + off, size - off,
" * PCD to PICC, 1etu=32/fc, bitrate 424 kbits/s supported\n");
538 off += snprintf(dst + off, size - off,
" * PCD to PICC, 1etu=16/fc, bitrate 847 kbits/s supported\n");
541 off += snprintf(dst + off, size - off,
" * ERROR unknown value\n");
544 const int iMaxFrameSizes[] = { 16, 24, 32, 40, 48, 64, 96, 128, 256 };
545 off += snprintf(dst + off, size - off,
"* Maximum frame sizes: %d bytes\n", iMaxFrameSizes[((pnbi->
abtProtocolInfo[1] & 0xf0) >> 4)]);
550 off += snprintf(dst + off, size - off,
"* Protocol types supported: ISO/IEC 14443-4\n");
552 off += snprintf(dst + off, size - off,
"* Frame Waiting Time: %.4g ms\n", 256.0 * 16.0 * (1 << ((pnbi->
abtProtocolInfo[2] & 0xf0) >> 4)) / 13560.0);
553 if ((pnbi->
abtProtocolInfo[2] & (PI_NAD_SUPPORTED | PI_CID_SUPPORTED)) != 0) {
554 off += snprintf(dst + off, size - off,
"* Frame options supported: ");
555 if ((pnbi->
abtProtocolInfo[2] & PI_NAD_SUPPORTED) != 0) off += snprintf(dst + off, size - off,
"NAD ");
556 if ((pnbi->
abtProtocolInfo[2] & PI_CID_SUPPORTED) != 0) off += snprintf(dst + off, size - off,
"CID ");
557 snprintf(dst + off, size - off,
"\n");
563 snprint_nfc_iso14443bi_info(
char *dst,
size_t size,
const nfc_iso14443bi_info *pnii,
bool verbose)
566 off += snprintf(dst + off, size - off,
" DIV: ");
567 off += snprint_hex(dst + off, size - off, pnii->
abtDIV, 4);
569 int version = (pnii->
btVerLog & 0x1e) >> 1;
570 off += snprintf(dst + off, size - off,
" Software Version: ");
572 off += snprintf(dst + off, size - off,
"Undefined\n");
574 off += snprintf(dst + off, size - off,
"%i\n", version);
578 off += snprintf(dst + off, size - off,
" Wait Enable: yes");
582 off += snprintf(dst + off, size - off,
" ATS: ");
583 snprint_hex(dst + off, size - off, pnii->abtAtr, pnii->
szAtrLen);
588 snprint_nfc_iso14443b2sr_info(
char *dst,
size_t size,
const nfc_iso14443b2sr_info *pnsi,
bool verbose)
592 off += snprintf(dst + off, size - off,
" UID: ");
593 snprint_hex(dst + off, size - off, pnsi->abtUID, 8);
597 snprint_nfc_iso14443b2ct_info(
char *dst,
size_t size,
const nfc_iso14443b2ct_info *pnci,
bool verbose)
602 uid = (pnci->abtUID[3] << 24) + (pnci->abtUID[2] << 16) + (pnci->abtUID[1] << 8) + pnci->abtUID[0];
603 off += snprintf(dst + off, size - off,
" UID: ");
604 off += snprint_hex(dst + off, size - off, pnci->abtUID,
sizeof(pnci->abtUID));
605 off += snprintf(dst + off, size - off,
" UID (decimal): %010u\n", uid);
606 off += snprintf(dst + off, size - off,
" Product Code: %02X\n", pnci->btProdCode);
607 snprintf(dst + off, size - off,
" Fab Code: %02X\n", pnci->btFabCode);
611 snprint_nfc_dep_info(
char *dst,
size_t size,
const nfc_dep_info *pndi,
bool verbose)
615 off += snprintf(dst + off, size - off,
" NFCID3: ");
616 off += snprint_hex(dst + off, size - off, pndi->
abtNFCID3, 10);
617 off += snprintf(dst + off, size - off,
" BS: %02x\n", pndi->
btBS);
618 off += snprintf(dst + off, size - off,
" BR: %02x\n", pndi->
btBR);
619 off += snprintf(dst + off, size - off,
" TO: %02x\n", pndi->
btTO);
620 off += snprintf(dst + off, size - off,
" PP: %02x\n", pndi->
btPP);
622 off += snprintf(dst + off, size - off,
"General Bytes: ");
623 snprint_hex(dst + off, size - off, pndi->
abtGB, pndi->szGB);
628 snprint_nfc_target(
char *dst,
size_t size,
const nfc_target *pnt,
bool verbose)
632 off += snprintf(dst + off, size - off,
"%s (%s%s) target:\n",
str_nfc_modulation_type(pnt->nm.nmt),
str_nfc_baud_rate(pnt->nm.nbr), (pnt->nm.nmt != NMT_DEP) ?
"" : (pnt->nti.ndi.
ndm == NDM_ACTIVE) ?
"active mode" :
"passive mode");
633 switch (pnt->nm.nmt) {
635 snprint_nfc_iso14443a_info(dst + off, size - off, &pnt->nti.nai, verbose);
638 snprint_nfc_jewel_info(dst + off, size - off, &pnt->nti.nji, verbose);
641 snprint_nfc_felica_info(dst + off, size - off, &pnt->nti.nfi, verbose);
644 snprint_nfc_iso14443b_info(dst + off, size - off, &pnt->nti.nbi, verbose);
647 snprint_nfc_iso14443bi_info(dst + off, size - off, &pnt->nti.nii, verbose);
649 case NMT_ISO14443B2SR:
650 snprint_nfc_iso14443b2sr_info(dst + off, size - off, &pnt->nti.nsi, verbose);
652 case NMT_ISO14443B2CT:
653 snprint_nfc_iso14443b2ct_info(dst + off, size - off, &pnt->nti.nci, verbose);
656 snprint_nfc_dep_info(dst + off, size - off, &pnt->nti.ndi, verbose);