/* A reverse-engineered implementation of the EasyCard data format */ /* (C) 2010 by Harald Welte * All Rights Reserved * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "easycard.h" struct { int fd; unsigned long size; mifare_tag *mft; } global; #define ABP_C1 0x04 #define ABP_C2 0x02 #define ABP_C3 0x01 struct acc_bits_parsed { uint8_t block[4]; }; static void dump_acc_bits(const struct acc_bits_parsed *abp) { uint8_t block; for (block = 0; block < 4; block++) { printf("\tBlock %u: %x (%u %u %u)\n", block, abp->block[block], abp->block[block] & ABP_C1 ? 1 : 0, abp->block[block] & ABP_C2 ? 1 : 0, abp->block[block] & ABP_C3 ? 1 : 0); } } static void parse_acc_bits(struct acc_bits_parsed *abp, uint8_t *acc_bits) { uint8_t c1, c2, c3; uint8_t block; memset(abp, 0, sizeof(*abp)); c1 = acc_bits[1] >> 4; c2 = acc_bits[2] & 0xf; c3 = acc_bits[2] >> 4; printf("C1 = %x, C2 = %x, C3 = %x\n", c1, c2, c3); for (block = 0; block < 4; block++) { uint8_t testbit = 1 << block; if (c1 & testbit) abp->block[block] |= ABP_C1; if (c2 & testbit) abp->block[block] |= ABP_C2; if (c3 & testbit) abp->block[block] |= ABP_C3; } } struct easy_block2sec0 { uint8_t unknown[6]; uint8_t timestamp[3]; uint8_t unknown2[7]; } __attribute__ ((packed)); /* storage of a transaction log record on the transponder itself */ struct easy_log_rec { uint8_t trans_id; uint8_t unknown; uint8_t timestamp[3]; /* seconds since January 1st 1970 / 256 */ uint8_t trans_type; uint16_t amount; /* transaction amount / value */ uint16_t remaining; /* remaining value on card _after_ trans */ uint8_t unknown2; uint8_t station_code; /* MRT station code */ uint16_t reader_code; /* unique code of RFID reader */ uint8_t unknown3[2]; } __attribute__ ((packed)); static time_t easy_timestamp2time(const uint8_t *easy_ts) { return (easy_ts[2] << 16 | easy_ts[1] << 8 | easy_ts[0]) << 8; } static char tsbuf[64]; char *easy_asc_timestamp(const uint8_t *timestamp) { time_t t_time = easy_timestamp2time(timestamp); struct tm *t_tm = gmtime(&t_time); memset(tsbuf, 0, sizeof(tsbuf)); snprintf(tsbuf, sizeof(tsbuf), "%4u-%02u-%02u %02u:%02u", t_tm->tm_year+1900, t_tm->tm_mon+1, t_tm->tm_mday, t_tm->tm_hour, t_tm->tm_min); return tsbuf; } static void dump_easy_log(const struct easy_log_rec *elr) { printf("%s | %02x | %10s | Paid %4u NTD | %4u NTD remaining\n", easy_asc_timestamp(elr->timestamp), elr->trans_id, get_value_string(easy_tt_names, elr->trans_type), elr->amount, elr->remaining); switch (elr->trans_type) { case EASY_TT_MRT_ENTER: case EASY_TT_MRT_REENTER: case EASY_TT_MRT_EXIT: printf("\tMRT Station %s\n", get_value_string(taipei_mrt_stn_id, elr->station_code)); break; } } static void dump_mfcl(mifare_tag *mft) { unsigned int sect; mifare_block_manufacturer *manuf = &mft->amb[0].mbm; printf("UID %x, ATQA %x\n", ntohl(*((uint32_t *) manuf->abtUID)), ntohs(*((uint16_t *) manuf->abtATQA))); for (sect = 0; sect < 16; sect++) { unsigned int block_base = sect * 4; uint8_t *access_bits = mft->amb[block_base+3].mbt.abtAccessBits; struct acc_bits_parsed abp; printf("Sector %02u (base: 0x%02x) Access bits: 0x%08x\n", sect, sect*4*16, ntohl(*((uint32_t *) access_bits))); parse_acc_bits(&abp, access_bits); dump_acc_bits(&abp); } } static void dump_easycard(mifare_tag *mft) { unsigned int sect; mifare_block_manufacturer *manuf = &mft->amb[0].mbm; struct easy_block2sec0 *b2s0 = mft->amb[4].mbd.abtData; uint32_t uid = ntohl(*((uint32_t *) manuf->abtUID)); /* dump the header */ printf("EasyCard UID 0x%08x (%u)\n", uid, uid); printf("Date of manufacture: %s\n", easy_asc_timestamp(b2s0->timestamp)); /* dump the transaction log */ for (sect = 3; sect <=4; sect++) { unsigned int block_base = sect * 4; uint8_t *access_bits = mft->amb[block_base+3].mbt.abtAccessBits; unsigned int i; for (i = 0; i < 3; i++) { void *data = mft->amb[block_base+i].mbd.abtData; /* first block of sector 3 is not a log record */ if (sect == 3 && i == 0) continue; dump_easy_log(data); } } } int main(int argc, char **argv) { struct stat st; global.fd = open(argv[1], O_RDONLY); if (global.fd < 0) { perror("open"); exit(1); } if (fstat(global.fd, &st) < 0) { perror("stat"); exit(1); } global.size = st.st_size; global.mft = mmap(NULL, global.size, PROT_READ, MAP_SHARED, global.fd, 0); if (!global.mft) { perror("mmap"); exit(1); } //dump_mfcl(global.mft); dump_easycard(global.mft); munmap(global.mft, global.size); close(global.fd); exit(0); }