libnfc  1.7.0-rc7
nfc-emulate-uid.c
Go to the documentation of this file.
1 /*-
2  * Free/Libre Near Field Communication (NFC) library
3  *
4  * Libnfc historical contributors:
5  * Copyright (C) 2009 Roel Verdult
6  * Copyright (C) 2009-2013 Romuald Conty
7  * Copyright (C) 2010-2012 Romain Tartière
8  * Copyright (C) 2010-2013 Philippe Teuwen
9  * Copyright (C) 2012-2013 Ludovic Rousseau
10  * Additional contributors of this file:
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions are met:
14  * 1) Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  * 2 )Redistributions in binary form must reproduce the above copyright
17  * notice, this list of conditions and the following disclaimer in the
18  * documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
24  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  * POSSIBILITY OF SUCH DAMAGE.
31  *
32  * Note that this license only applies on the examples, NFC library itself is under LGPL
33  *
34  */
35 
47 #ifdef HAVE_CONFIG_H
48 # include "config.h"
49 #endif // HAVE_CONFIG_H
50 
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <stddef.h>
54 #include <stdint.h>
55 #include <string.h>
56 #include <signal.h>
57 
58 #include <nfc/nfc.h>
59 
60 #include "utils/nfc-utils.h"
61 
62 #define MAX_FRAME_LEN 264
63 
64 static uint8_t abtRecv[MAX_FRAME_LEN];
65 static int szRecvBits;
66 static nfc_device *pnd;
67 static nfc_context *context;
68 
69 // ISO14443A Anti-Collision response
70 uint8_t abtAtqa[2] = { 0x04, 0x00 };
71 uint8_t abtUidBcc[5] = { 0xDE, 0xAD, 0xBE, 0xEF, 0x22 };
72 uint8_t abtSak[9] = { 0x08, 0xb6, 0xdd };
73 
74 static void
75 intr_hdlr(int sig)
76 {
77  (void) sig;
78  if (pnd != NULL) {
79  printf("\nAborting current command...\n");
80  nfc_abort_command(pnd);
81  }
82 }
83 
84 static void
85 print_usage(char *argv[])
86 {
87  printf("Usage: %s [OPTIONS] [UID]\n", argv[0]);
88  printf("Options:\n");
89  printf("\t-h\tHelp. Print this message.\n");
90  printf("\t-q\tQuiet mode. Silent output: received and sent frames will not be shown (improves timing).\n");
91  printf("\n");
92  printf("\t[UID]\tUID to emulate, specified as 8 HEX digits (default is DEADBEEF).\n");
93 }
94 
95 int
96 main(int argc, char *argv[])
97 {
98  uint8_t *pbtTx = NULL;
99  size_t szTxBits;
100  bool quiet_output = false;
101 
102  int arg,
103  i;
104 
105  // Get commandline options
106  for (arg = 1; arg < argc; arg++) {
107  if (0 == strcmp(argv[arg], "-h")) {
108  print_usage(argv);
109  exit(EXIT_SUCCESS);
110  } else if (0 == strcmp(argv[arg], "-q")) {
111  printf("Quiet mode.\n");
112  quiet_output = true;
113  } else if ((arg == argc - 1) && (strlen(argv[arg]) == 8)) { // See if UID was specified as HEX string
114  uint8_t abtTmp[3] = { 0x00, 0x00, 0x00 };
115  printf("[+] Using UID: %s\n", argv[arg]);
116  abtUidBcc[4] = 0x00;
117  for (i = 0; i < 4; ++i) {
118  memcpy(abtTmp, argv[arg] + i * 2, 2);
119  abtUidBcc[i] = (uint8_t) strtol((char *) abtTmp, NULL, 16);
120  abtUidBcc[4] ^= abtUidBcc[i];
121  }
122  } else {
123  ERR("%s is not supported option.", argv[arg]);
124  print_usage(argv);
125  exit(EXIT_FAILURE);
126  }
127  }
128 
129 #ifdef WIN32
130  signal(SIGINT, (void (__cdecl *)(int)) intr_hdlr);
131 #else
132  signal(SIGINT, intr_hdlr);
133 #endif
134 
135  nfc_init(&context);
136  if (context == NULL) {
137  ERR("Unable to init libnfc (malloc)");
138  exit(EXIT_FAILURE);
139  }
140 
141  // Try to open the NFC device
142  pnd = nfc_open(context, NULL);
143 
144  if (pnd == NULL) {
145  ERR("Unable to open NFC device");
146  nfc_exit(context);
147  exit(EXIT_FAILURE);
148  }
149 
150  printf("\n");
151  printf("NFC device: %s opened\n", nfc_device_get_name(pnd));
152  printf("[+] Try to break out the auto-emulation, this requires a second NFC device!\n");
153  printf("[+] To do this, please send any command after the anti-collision\n");
154  printf("[+] For example, send a RATS command or use the \"nfc-anticol\" or \"nfc-list\" tool.\n");
155 
156  // Note: We have to build a "fake" nfc_target in order to do exactly the same that was done before the new nfc_target_init() was introduced.
157  nfc_target nt = {
158  .nm = {
159  .nmt = NMT_ISO14443A,
160  .nbr = NBR_UNDEFINED,
161  },
162  .nti = {
163  .nai = {
164  .abtAtqa = { 0x04, 0x00 },
165  .abtUid = { 0x08, 0xad, 0xbe, 0xef },
166  .btSak = 0x20,
167  .szUidLen = 4,
168  .szAtsLen = 0,
169  },
170  },
171  };
172  if ((szRecvBits = nfc_target_init(pnd, &nt, abtRecv, sizeof(abtRecv), 0)) < 0) {
173  nfc_perror(pnd, "nfc_target_init");
174  ERR("Could not come out of auto-emulation, no command was received");
175  nfc_close(pnd);
176  nfc_exit(context);
177  exit(EXIT_FAILURE);
178  }
179  printf("[+] Received initiator command: ");
180  print_hex_bits(abtRecv, (size_t) szRecvBits);
181  printf("[+] Configuring communication\n");
182  if ((nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, false) < 0) || (nfc_device_set_property_bool(pnd, NP_HANDLE_PARITY, true) < 0)) {
183  nfc_perror(pnd, "nfc_device_set_property_bool");
184  nfc_close(pnd);
185  nfc_exit(context);
186  exit(EXIT_FAILURE);
187  }
188  printf("[+] Done, the emulated tag is initialized with UID: %02X%02X%02X%02X\n\n", abtUidBcc[0], abtUidBcc[1],
189  abtUidBcc[2], abtUidBcc[3]);
190 
191  while (true) {
192  // Test if we received a frame
193  if ((szRecvBits = nfc_target_receive_bits(pnd, abtRecv, sizeof(abtRecv), 0)) > 0) {
194  // Prepare the command to send back for the anti-collision request
195  switch (szRecvBits) {
196  case 7: // Request or Wakeup
197  pbtTx = abtAtqa;
198  szTxBits = 16;
199  // New anti-collsion session started
200  if (!quiet_output)
201  printf("\n");
202  break;
203 
204  case 16: // Select All
205  pbtTx = abtUidBcc;
206  szTxBits = 40;
207  break;
208 
209  case 72: // Select Tag
210  pbtTx = abtSak;
211  szTxBits = 24;
212  break;
213 
214  default: // unknown length?
215  szTxBits = 0;
216  break;
217  }
218 
219  if (!quiet_output) {
220  printf("R: ");
221  print_hex_bits(abtRecv, (size_t) szRecvBits);
222  }
223  // Test if we know how to respond
224  if (szTxBits) {
225  // Send and print the command to the screen
226  if (nfc_target_send_bits(pnd, pbtTx, szTxBits, NULL) < 0) {
227  nfc_perror(pnd, "nfc_target_send_bits");
228  nfc_close(pnd);
229  nfc_exit(context);
230  exit(EXIT_FAILURE);
231  }
232  if (!quiet_output) {
233  printf("T: ");
234  print_hex_bits(pbtTx, szTxBits);
235  }
236  }
237  }
238  }
239  nfc_close(pnd);
240  nfc_exit(context);
241  exit(EXIT_SUCCESS);
242 }