/* A reverse-engineered implementation of the EasyCard data format */ /* (C) 2010 by Harald Welte * All Rights Reserved * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * */ /* System includes */ #include #include #include #include #include #include #include #include #include #include #include /* libnfc includes */ #include #include #include "mifare_classic.h" /* Easycard specific includes */ #include "easycard.h" #define VERSION "0.01" #define COPYRIGHT \ "EasyTool "VERSION"\n" \ "(C) 2010 by Harald Welte \n" \ "This is FREE SOFTWARE with ABSOLUTELY NO VARRANTY\n\n" \ "Use of this software is only authorized for RESEARCH PURPOSE!\n\n" struct { int fd; unsigned long size; mifare_tag *mft; } global; /* Sector 0 of Block 2 seems to contain manufacturing timestamp */ struct easy_block2sec0 { uint8_t unknown[6]; uint8_t timestamp[3]; uint8_t unknown2[7]; } __attribute__ ((packed)); /* storage of a transaction log record on the transponder itself */ struct easy_log_rec { uint8_t trans_id; uint8_t unknown; uint8_t timestamp[3]; /* seconds since January 1st 1970 / 256 */ uint8_t trans_type; uint16_t amount; /* transaction amount / value */ uint16_t remaining; /* remaining value on card _after_ trans */ uint8_t unknown2; uint8_t station_code; /* MRT station code */ uint16_t reader_code; /* unique code of RFID reader */ uint8_t unknown3[2]; } __attribute__ ((packed)); /* Mifare classic VALUE BLOCK */ struct mfcl_value_block { uint32_t value; /* value in NTD */ uint32_t value_inv; /* bit-inverted copy of value in NTD */ uint32_t value_backup; /* backup copy of value in NTD */ uint8_t addr[4]; } __attribute__ ((packed)); static time_t easy_timestamp2time(const uint8_t *easy_ts) { return (easy_ts[2] << 16 | easy_ts[1] << 8 | easy_ts[0]) << 8; } static char tsbuf[64]; char *easy_asc_timestamp(const uint8_t *timestamp) { time_t t_time = easy_timestamp2time(timestamp); struct tm *t_tm = gmtime(&t_time); memset(tsbuf, 0, sizeof(tsbuf)); snprintf(tsbuf, sizeof(tsbuf), "%4u-%02u-%02u %02u:%02u", t_tm->tm_year+1900, t_tm->tm_mon+1, t_tm->tm_mday, t_tm->tm_hour, t_tm->tm_min); return tsbuf; } static void dump_easy_log(const struct easy_log_rec *elr) { printf("%s | %02x | %10s | Paid %4u NTD | %4u NTD remaining\n", easy_asc_timestamp(elr->timestamp), elr->trans_id, get_value_string(easy_tt_names, elr->trans_type), elr->amount, elr->remaining); switch (elr->trans_type) { case EASY_TT_MRT_ENTER: case EASY_TT_MRT_REENTER: case EASY_TT_MRT_EXIT: printf("\tMRT Station %s\n", get_value_string(taipei_mrt_stn_id, elr->station_code)); break; } } static void dump_acc_bits(const struct acc_bits_parsed *abp) { uint8_t block; for (block = 0; block < 4; block++) { printf("\tBlock %u: %x (%u %u %u)\n", block, abp->block[block], abp->block[block] & ABP_C1 ? 1 : 0, abp->block[block] & ABP_C2 ? 1 : 0, abp->block[block] & ABP_C3 ? 1 : 0); } } static void dump_mfcl(mifare_tag *mft) { unsigned int sect; mifare_block_manufacturer *manuf = &mft->amb[0].mbm; printf("UID %x, ATQA %x\n", ntohl(*((uint32_t *) manuf->abtUID)), ntohs(*((uint16_t *) manuf->abtATQA))); for (sect = 0; sect < 16; sect++) { unsigned int block_base = sect * 4; uint8_t *access_bits = mft->amb[block_base+3].mbt.abtAccessBits; struct acc_bits_parsed abp; printf("Sector %02u (base: 0x%02x) Access bits: 0x%08x\n", sect, sect*4*16, ntohl(*((uint32_t *) access_bits))); mfcl_parse_acc_bits(&abp, access_bits); dump_acc_bits(&abp); } } static void dump_easycard(mifare_tag *mft) { unsigned int sect; mifare_block_manufacturer *manuf = &mft->amb[0].mbm; struct mfcl_value_block *val = (struct mfcl_value_block *) mft->amb[8].mbd.abtData; struct easy_block2sec0 *b2s0 = (struct easy_block2sec0 *) mft->amb[4].mbd.abtData; uint32_t uid = *((uint32_t *) manuf->abtUID); /* dump the header */ printf("EasyCard UID 0x%08x (%u)\n", ntohl(uid), uid); printf("Date of manufacture: %s\n", easy_asc_timestamp(b2s0->timestamp)); printf("Current Balance: %5u NTD\n", val->value); printf("\nTransaction Log:\n"); /* dump the transaction log */ for (sect = 3; sect < 6; sect++) { unsigned int block_base = sect * 4; unsigned int i; for (i = 0; i < 3; i++) { void *data = mft->amb[block_base+i].mbd.abtData; /* first block of sector 3 is not a log record */ if (sect == 3 && i == 0) continue; dump_easy_log(data); } } } static void print_help(void) { } int main(int argc, char **argv) { struct stat st; printf(COPYRIGHT); if (argc < 2) { fprintf(stderr, "ERROR: You must specify the file name of " "a mifare dump file (.mfd)\n"); print_help(); exit(2); } global.fd = open(argv[1], O_RDONLY); if (global.fd < 0) { perror("Error opening the MFD file"); exit(1); } if (fstat(global.fd, &st) < 0) { perror("Error stat()ing the MFD file"); exit(1); } global.size = st.st_size; global.mft = mmap(NULL, global.size, PROT_READ, MAP_SHARED, global.fd, 0); if (!global.mft) { perror("Error mmap()ing the MFD file"); exit(1); } //dump_mfcl(global.mft); dump_easycard(global.mft); munmap(global.mft, global.size); close(global.fd); exit(0); }