libnfc  1.7.0-rc7
nfc-anticol.c
Go to the documentation of this file.
1 /*-
2  * Free/Libre Near Field Communication (NFC) library
3  *
4  * Libnfc historical contributors:
5  * Copyright (C) 2009 Roel Verdult
6  * Copyright (C) 2009-2013 Romuald Conty
7  * Copyright (C) 2010-2012 Romain Tartière
8  * Copyright (C) 2010-2013 Philippe Teuwen
9  * Copyright (C) 2012-2013 Ludovic Rousseau
10  * Additional contributors of this file:
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions are met:
14  * 1) Redistributions of source code must retain the above copyright notice,
15  * this list of conditions and the following disclaimer.
16  * 2 )Redistributions in binary form must reproduce the above copyright
17  * notice, this list of conditions and the following disclaimer in the
18  * documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
24  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  * POSSIBILITY OF SUCH DAMAGE.
31  *
32  * Note that this license only applies on the examples, NFC library itself is under LGPL
33  *
34  */
35 
41 #ifdef HAVE_CONFIG_H
42 # include "config.h"
43 #endif // HAVE_CONFIG_H
44 
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <stddef.h>
48 #include <stdint.h>
49 #include <stdbool.h>
50 #include <string.h>
51 
52 #include <nfc/nfc.h>
53 
54 #include "utils/nfc-utils.h"
55 
56 #define SAK_FLAG_ATS_SUPPORTED 0x20
57 
58 #define MAX_FRAME_LEN 264
59 
60 static uint8_t abtRx[MAX_FRAME_LEN];
61 static int szRxBits;
62 static size_t szRx = sizeof(abtRx);
63 static uint8_t abtRawUid[12];
64 static uint8_t abtAtqa[2];
65 static uint8_t abtSak;
66 static uint8_t abtAts[MAX_FRAME_LEN];
67 static uint8_t szAts = 0;
68 static size_t szCL = 1;//Always start with Cascade Level 1 (CL1)
69 static nfc_device *pnd;
70 
71 bool quiet_output = false;
72 bool force_rats = false;
73 bool timed = false;
74 bool iso_ats_supported = false;
75 
76 // ISO14443A Anti-Collision Commands
77 uint8_t abtReqa[1] = { 0x26 };
78 uint8_t abtSelectAll[2] = { 0x93, 0x20 };
79 uint8_t abtSelectTag[9] = { 0x93, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
80 uint8_t abtRats[4] = { 0xe0, 0x50, 0x00, 0x00 };
81 uint8_t abtHalt[4] = { 0x50, 0x00, 0x00, 0x00 };
82 #define CASCADE_BIT 0x04
83 
84 static bool
85 transmit_bits(const uint8_t *pbtTx, const size_t szTxBits)
86 {
87  uint32_t cycles = 0;
88  // Show transmitted command
89  if (!quiet_output) {
90  printf("Sent bits: ");
91  print_hex_bits(pbtTx, szTxBits);
92  }
93  // Transmit the bit frame command, we don't use the arbitrary parity feature
94  if (timed) {
95  if ((szRxBits = nfc_initiator_transceive_bits_timed(pnd, pbtTx, szTxBits, NULL, abtRx, sizeof(abtRx), NULL, &cycles)) < 0)
96  return false;
97  if ((!quiet_output) && (szRxBits > 0)) {
98  printf("Response after %u cycles\n", cycles);
99  }
100  } else {
101  if ((szRxBits = nfc_initiator_transceive_bits(pnd, pbtTx, szTxBits, NULL, abtRx, sizeof(abtRx), NULL)) < 0)
102  return false;
103  }
104  // Show received answer
105  if (!quiet_output) {
106  printf("Received bits: ");
107  print_hex_bits(abtRx, szRxBits);
108  }
109  // Succesful transfer
110  return true;
111 }
112 
113 
114 static bool
115 transmit_bytes(const uint8_t *pbtTx, const size_t szTx)
116 {
117  uint32_t cycles = 0;
118  // Show transmitted command
119  if (!quiet_output) {
120  printf("Sent bits: ");
121  print_hex(pbtTx, szTx);
122  }
123  int res;
124  // Transmit the command bytes
125  if (timed) {
126  if ((res = nfc_initiator_transceive_bytes_timed(pnd, pbtTx, szTx, abtRx, sizeof(abtRx), &cycles)) < 0)
127  return false;
128  if ((!quiet_output) && (res > 0)) {
129  printf("Response after %u cycles\n", cycles);
130  }
131  } else {
132  if ((res = nfc_initiator_transceive_bytes(pnd, pbtTx, szTx, abtRx, sizeof(abtRx), 0)) < 0)
133  return false;
134  }
135  szRx = res;
136  // Show received answer
137  if (!quiet_output) {
138  printf("Received bits: ");
139  print_hex(abtRx, szRx);
140  }
141  // Succesful transfer
142  return true;
143 }
144 
145 static void
146 print_usage(char *argv[])
147 {
148  printf("Usage: %s [OPTIONS]\n", argv[0]);
149  printf("Options:\n");
150  printf("\t-h\tHelp. Print this message.\n");
151  printf("\t-q\tQuiet mode. Suppress output of READER and EMULATOR data (improves timing).\n");
152  printf("\t-f\tForce RATS.\n");
153  printf("\t-t\tMeasure response time (in cycles).\n");
154 }
155 
156 int
157 main(int argc, char *argv[])
158 {
159  int arg;
160 
161  // Get commandline options
162  for (arg = 1; arg < argc; arg++) {
163  if (0 == strcmp(argv[arg], "-h")) {
164  print_usage(argv);
165  exit(EXIT_SUCCESS);
166  } else if (0 == strcmp(argv[arg], "-q")) {
167  quiet_output = true;
168  } else if (0 == strcmp(argv[arg], "-f")) {
169  force_rats = true;
170  } else if (0 == strcmp(argv[arg], "-t")) {
171  timed = true;
172  } else {
173  ERR("%s is not supported option.", argv[arg]);
174  print_usage(argv);
175  exit(EXIT_FAILURE);
176  }
177  }
178 
179  nfc_context *context;
180  nfc_init(&context);
181  if (context == NULL) {
182  ERR("Unable to init libnfc (malloc)");
183  exit(EXIT_FAILURE);
184  }
185 
186  // Try to open the NFC reader
187  pnd = nfc_open(context, NULL);
188 
189  if (pnd == NULL) {
190  ERR("Error opening NFC reader");
191  nfc_exit(context);
192  exit(EXIT_FAILURE);
193  }
194 
195  // Initialise NFC device as "initiator"
196  if (nfc_initiator_init(pnd) < 0) {
197  nfc_perror(pnd, "nfc_initiator_init");
198  nfc_close(pnd);
199  nfc_exit(context);
200  exit(EXIT_FAILURE);
201  }
202 
203  // Configure the CRC
204  if (nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, false) < 0) {
205  nfc_perror(pnd, "nfc_device_set_property_bool");
206  nfc_close(pnd);
207  nfc_exit(context);
208  exit(EXIT_FAILURE);
209  }
210  // Use raw send/receive methods
211  if (nfc_device_set_property_bool(pnd, NP_EASY_FRAMING, false) < 0) {
212  nfc_perror(pnd, "nfc_device_set_property_bool");
213  nfc_close(pnd);
214  nfc_exit(context);
215  exit(EXIT_FAILURE);
216  }
217  // Disable 14443-4 autoswitching
218  if (nfc_device_set_property_bool(pnd, NP_AUTO_ISO14443_4, false) < 0) {
219  nfc_perror(pnd, "nfc_device_set_property_bool");
220  nfc_close(pnd);
221  nfc_exit(context);
222  exit(EXIT_FAILURE);
223  }
224 
225  printf("NFC reader: %s opened\n\n", nfc_device_get_name(pnd));
226 
227  // Send the 7 bits request command specified in ISO 14443A (0x26)
228  if (!transmit_bits(abtReqa, 7)) {
229  printf("Error: No tag available\n");
230  nfc_close(pnd);
231  nfc_exit(context);
232  exit(EXIT_FAILURE);
233  }
234  memcpy(abtAtqa, abtRx, 2);
235 
236  // Anti-collision
237  transmit_bytes(abtSelectAll, 2);
238 
239  // Check answer
240  if ((abtRx[0] ^ abtRx[1] ^ abtRx[2] ^ abtRx[3] ^ abtRx[4]) != 0) {
241  printf("WARNING: BCC check failed!\n");
242  }
243 
244  // Save the UID CL1
245  memcpy(abtRawUid, abtRx, 4);
246 
247  //Prepare and send CL1 Select-Command
248  memcpy(abtSelectTag + 2, abtRx, 5);
249  iso14443a_crc_append(abtSelectTag, 7);
250  transmit_bytes(abtSelectTag, 9);
251  abtSak = abtRx[0];
252 
253  // Test if we are dealing with a CL2
254  if (abtSak & CASCADE_BIT) {
255  szCL = 2;//or more
256  // Check answer
257  if (abtRawUid[0] != 0x88) {
258  printf("WARNING: Cascade bit set but CT != 0x88!\n");
259  }
260  }
261 
262  if (szCL == 2) {
263  // We have to do the anti-collision for cascade level 2
264 
265  // Prepare CL2 commands
266  abtSelectAll[0] = 0x95;
267 
268  // Anti-collision
269  transmit_bytes(abtSelectAll, 2);
270 
271  // Check answer
272  if ((abtRx[0] ^ abtRx[1] ^ abtRx[2] ^ abtRx[3] ^ abtRx[4]) != 0) {
273  printf("WARNING: BCC check failed!\n");
274  }
275 
276  // Save UID CL2
277  memcpy(abtRawUid + 4, abtRx, 4);
278 
279  // Selection
280  abtSelectTag[0] = 0x95;
281  memcpy(abtSelectTag + 2, abtRx, 5);
282  iso14443a_crc_append(abtSelectTag, 7);
283  transmit_bytes(abtSelectTag, 9);
284  abtSak = abtRx[0];
285 
286  // Test if we are dealing with a CL3
287  if (abtSak & CASCADE_BIT) {
288  szCL = 3;
289  // Check answer
290  if (abtRawUid[0] != 0x88) {
291  printf("WARNING: Cascade bit set but CT != 0x88!\n");
292  }
293  }
294 
295  if (szCL == 3) {
296  // We have to do the anti-collision for cascade level 3
297 
298  // Prepare and send CL3 AC-Command
299  abtSelectAll[0] = 0x97;
300  transmit_bytes(abtSelectAll, 2);
301 
302  // Check answer
303  if ((abtRx[0] ^ abtRx[1] ^ abtRx[2] ^ abtRx[3] ^ abtRx[4]) != 0) {
304  printf("WARNING: BCC check failed!\n");
305  }
306 
307  // Save UID CL3
308  memcpy(abtRawUid + 8, abtRx, 4);
309 
310  // Prepare and send final Select-Command
311  abtSelectTag[0] = 0x97;
312  memcpy(abtSelectTag + 2, abtRx, 5);
313  iso14443a_crc_append(abtSelectTag, 7);
314  transmit_bytes(abtSelectTag, 9);
315  abtSak = abtRx[0];
316  }
317  }
318 
319  // Request ATS, this only applies to tags that support ISO 14443A-4
320  if (abtRx[0] & SAK_FLAG_ATS_SUPPORTED) {
321  iso_ats_supported = true;
322  }
323  if ((abtRx[0] & SAK_FLAG_ATS_SUPPORTED) || force_rats) {
324  iso14443a_crc_append(abtRats, 2);
325  if (transmit_bytes(abtRats, 4)) {
326  memcpy(abtAts, abtRx, szRx);
327  szAts = szRx;
328  }
329  }
330 
331  // Done, halt the tag now
332  iso14443a_crc_append(abtHalt, 2);
333  transmit_bytes(abtHalt, 4);
334 
335  printf("\nFound tag with\n UID: ");
336  switch (szCL) {
337  case 1:
338  printf("%02x%02x%02x%02x", abtRawUid[0], abtRawUid[1], abtRawUid[2], abtRawUid[3]);
339  break;
340  case 2:
341  printf("%02x%02x%02x", abtRawUid[1], abtRawUid[2], abtRawUid[3]);
342  printf("%02x%02x%02x%02x", abtRawUid[4], abtRawUid[5], abtRawUid[6], abtRawUid[7]);
343  break;
344  case 3:
345  printf("%02x%02x%02x", abtRawUid[1], abtRawUid[2], abtRawUid[3]);
346  printf("%02x%02x%02x", abtRawUid[5], abtRawUid[6], abtRawUid[7]);
347  printf("%02x%02x%02x%02x", abtRawUid[8], abtRawUid[9], abtRawUid[10], abtRawUid[11]);
348  break;
349  }
350  printf("\n");
351  printf("ATQA: %02x%02x\n SAK: %02x\n", abtAtqa[1], abtAtqa[0], abtSak);
352  if (szAts > 1) { // if = 1, it's not actual ATS but error code
353  if (force_rats && ! iso_ats_supported) {
354  printf(" RATS forced\n");
355  }
356  printf(" ATS: ");
357  print_hex(abtAts, szAts);
358  }
359 
360  nfc_close(pnd);
361  nfc_exit(context);
362  exit(EXIT_SUCCESS);
363 }