/* * (C) 2005 by Harald Welte * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include "pegoda.h" const char * rfid_hexdump(const void *data, unsigned int len) { static char string[1024]; unsigned char *d = (unsigned char *) data; unsigned int i, left; string[0] = '\0'; left = sizeof(string); for (i = 0; len--; i += 3) { if (i >= sizeof(string) -4) break; snprintf(string+i, 4, " %02x", *d++); } return string; } struct pegoda_handle { struct usb_dev_handle *handle; unsigned char seq; unsigned char snr[4]; }; struct usb_device *find_device(u_int16_t vendor, u_int16_t device) { struct usb_bus *bus; for (bus = usb_get_busses(); bus; bus = bus->next) { struct usb_device *dev; for (dev = bus->devices; dev; dev = dev->next) { if (dev->descriptor.idVendor == vendor && dev->descriptor.idProduct == device) { return dev; } } } return NULL; } int pegoda_transcieve(struct pegoda_handle *ph, u_int8_t cmd, unsigned char *tx, unsigned int tx_len, unsigned char *rx, unsigned int *rx_len) { unsigned char txbuf[256]; unsigned char rxbuf[256]; int rc; unsigned int len_expected; struct pegoda_cmd_hdr *hdr = (struct pegoda_cmd_hdr *)txbuf; hdr->seq = ++(ph->seq); hdr->cmd = cmd; hdr->len = htons(tx_len); memcpy(txbuf + sizeof(*hdr), tx, tx_len); printf("tx [%u]: %s\n", tx_len+sizeof(*hdr), rfid_hexdump(txbuf, tx_len + sizeof(*hdr))); rc = usb_bulk_write(ph->handle, 0x02, (char *)txbuf, tx_len + sizeof(*hdr), 0); if (rc < 0) return rc; rc = usb_bulk_read(ph->handle, 0x81, (char *)rxbuf, sizeof(rxbuf), 0); if (rc <= 0) return rc; if (rc != 2) { fprintf(stderr, "unexpected: received %u bytes as length?\n"); return -EIO; } printf("len [%u]: %s\n", rc, rfid_hexdump(rxbuf, rc)); len_expected = rxbuf[0]; if (len_expected > sizeof(rxbuf)) return -EIO; rc = usb_bulk_read(ph->handle, 0x81, (char *)rxbuf, len_expected, 0); if (rc <= 0) return rc; printf("rx [%u]: %s\n", rc, rfid_hexdump(rxbuf, rc)); memcpy(rx, rxbuf+1, rc-1); *rx_len = rc - 1; return 0; } struct pegoda_handle *pegoda_open(void) { struct usb_device *pegoda; unsigned char rbuf[16]; unsigned int rlen = sizeof(rbuf); struct pegoda_handle *ph; usb_init(); usb_find_busses(); usb_find_devices(); pegoda = find_device(USB_VENDOR_PHILIPS, USB_DEVICE_PEGODA); if (!pegoda) return NULL; ph = malloc(sizeof(*ph)); if (!ph) return NULL; memset(ph, 0, sizeof(*ph)); printf("found pegoda, %u configurations\n", pegoda->descriptor.bNumConfigurations); printf("config 2 [nr %u] has %u interfaces\n", pegoda->config[1].bConfigurationValue, pegoda->config[1].bNumInterfaces); printf("config 2 interface 0 has %u altsettings\n", pegoda->config[1].interface[0].num_altsetting); ph->handle = usb_open(pegoda); if (!ph->handle) goto out_free; if (usb_set_configuration(ph->handle, 2)) goto out_free; printf("configuration 2 successfully set\n"); if (usb_claim_interface(ph->handle, 0)) goto out_free; printf("interface 0 claimed\n"); if (usb_set_altinterface(ph->handle, 1)) goto out_free; printf("alt setting 1 selected\n"); pegoda_transcieve(ph, PEGODA_CMD_PCD_CONFIG, NULL, 0, rbuf, &rlen); return ph; out_free: free(ph); return NULL; } /* Transform crypto1 key from generic 6byte into rc632 specific 12byte */ static int mifare_transform_key(const u_int8_t *key6, u_int8_t *key12) { int i; u_int8_t ln; u_int8_t hn; for (i = 0; i < 6; i++) { ln = key6[i] & 0x0f; hn = key6[i] >> 4; key12[i * 2 + 1] = (~ln << 4) | ln; key12[i * 2] = (~hn << 4) | hn; } return 0; } static int pegoda_auth_e2(struct pegoda_handle *ph, u_int8_t keynr, u_int8_t sector) { unsigned char buf[3]; unsigned char rbuf[16]; unsigned int rlen = sizeof(rbuf); buf[0] = 0x60; buf[1] = keynr; /* key number */ buf[2] = sector; /* sector */ rlen = sizeof(rbuf); pegoda_transcieve(ph, PEGODA_CMD_PICC_AUTH, buf, 3, rbuf, &rlen); /* FIXME: check response */ return 0; } static int pegoda_auth_key(struct pegoda_handle *ph, u_int8_t sector, const unsigned char *key6) { unsigned char buf[1+4+12+1]; unsigned char rbuf[16]; unsigned int rlen = sizeof(rbuf); buf[0] = 0x60; memcpy(buf+1, ph->snr, 4); mifare_transform_key(key6, buf+5); buf[17] = sector; pegoda_transcieve(ph, PEGODA_CMD_PICC_AUTH_KEY, buf, 18, rbuf, &rlen); /* FIXME: check response */ return 0; } static int pegoda_read16(struct pegoda_handle *ph, u_int8_t page, unsigned char *rx) { unsigned int rlen = 24; return pegoda_transcieve(ph, PEGODA_CMD_PICC_READ, &page, 1, rx, &rlen); } int main(int argc, char **argv) { unsigned char buf[256]; unsigned char rbuf[256]; unsigned int rlen = sizeof(rbuf); struct pegoda_handle *ph; ph = pegoda_open(); if (!ph) exit(1); /* LED off */ buf[0] = 0x00; rlen = sizeof(rbuf); pegoda_transcieve(ph, PEGODA_CMD_SWITCH_LED, buf, 1, rbuf, &rlen); /* anticollision */ buf[0] = 0x26; rlen = sizeof(rbuf); pegoda_transcieve(ph, PEGODA_CMD_PICC_COMMON_REQUEST, buf, 1, rbuf, &rlen); buf[0] = 0x93; memset(buf+1, 0, 5); rlen = sizeof(rbuf); pegoda_transcieve(ph, PEGODA_CMD_PICC_CASC_ANTICOLL, buf, 6, rbuf, &rlen); memcpy(ph->snr, rbuf+3, 4); buf[0] = 0x93; memcpy(buf+1, ph->snr, 4); rlen = sizeof(rbuf); pegoda_transcieve(ph, PEGODA_CMD_PICC_CASC_SELECT, buf, 5, rbuf, &rlen); pegoda_auth_key(ph, 0, "\xff\xff\xff\xff\xff\xff"); pegoda_read16(ph, 0, rbuf); exit(0); }