libnfc  1.8.0
nfc-emulate-uid.c
Go to the documentation of this file.
1 /*-
2  * Free/Libre Near Field Communication (NFC) library
3  *
4  * Libnfc historical contributors:
5  * Copyright (C) 2009 Roel Verdult
6  * Copyright (C) 2009-2013 Romuald Conty
7  * Copyright (C) 2010-2012 Romain Tartière
8  * Copyright (C) 2010-2013 Philippe Teuwen
9  * Copyright (C) 2012-2013 Ludovic Rousseau
10  * See AUTHORS file for a more comprehensive list of contributors.
11  * Additional contributors of this file:
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions are met:
15  * 1) Redistributions of source code must retain the above copyright notice,
16  * this list of conditions and the following disclaimer.
17  * 2 )Redistributions in binary form must reproduce the above copyright
18  * notice, this list of conditions and the following disclaimer in the
19  * documentation and/or other materials provided with the distribution.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
22  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31  * POSSIBILITY OF SUCH DAMAGE.
32  *
33  * Note that this license only applies on the examples, NFC library itself is under LGPL
34  *
35  */
36 
48 #ifdef HAVE_CONFIG_H
49 # include "config.h"
50 #endif // HAVE_CONFIG_H
51 
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <stddef.h>
55 #include <stdint.h>
56 #include <string.h>
57 #include <signal.h>
58 
59 #include <nfc/nfc.h>
60 
61 #include "utils/nfc-utils.h"
62 
63 #define MAX_FRAME_LEN 264
64 
65 static uint8_t abtRecv[MAX_FRAME_LEN];
66 static int szRecvBits;
67 static nfc_device *pnd;
68 static nfc_context *context;
69 
70 // ISO14443A Anti-Collision response
71 uint8_t abtAtqa[2] = { 0x04, 0x00 };
72 uint8_t abtUidBcc[5] = { 0xDE, 0xAD, 0xBE, 0xEF, 0x22 };
73 uint8_t abtSak[9] = { 0x08, 0xb6, 0xdd };
74 
75 static void
76 intr_hdlr(int sig)
77 {
78  (void) sig;
79  if (pnd != NULL) {
80  printf("\nAborting current command...\n");
81  nfc_abort_command(pnd);
82  nfc_close(pnd);
83  }
84  nfc_exit(context);
85  exit(EXIT_SUCCESS);
86 }
87 
88 static void
89 print_usage(char *argv[])
90 {
91  printf("Usage: %s [OPTIONS] [UID]\n", argv[0]);
92  printf("Options:\n");
93  printf("\t-h\tHelp. Print this message.\n");
94  printf("\t-q\tQuiet mode. Silent output: received and sent frames will not be shown (improves timing).\n");
95  printf("\n");
96  printf("\t[UID]\tUID to emulate, specified as 8 HEX digits (default is DEADBEEF).\n");
97 }
98 
99 int
100 main(int argc, char *argv[])
101 {
102  uint8_t *pbtTx = NULL;
103  size_t szTxBits;
104  bool quiet_output = false;
105 
106  int arg,
107  i;
108 
109  // Get commandline options
110  for (arg = 1; arg < argc; arg++) {
111  if (0 == strcmp(argv[arg], "-h")) {
112  print_usage(argv);
113  exit(EXIT_SUCCESS);
114  } else if (0 == strcmp(argv[arg], "-q")) {
115  printf("Quiet mode.\n");
116  quiet_output = true;
117  } else if ((arg == argc - 1) && (strlen(argv[arg]) == 8)) { // See if UID was specified as HEX string
118  uint8_t abtTmp[3] = { 0x00, 0x00, 0x00 };
119  printf("[+] Using UID: %s\n", argv[arg]);
120  abtUidBcc[4] = 0x00;
121  for (i = 0; i < 4; ++i) {
122  memcpy(abtTmp, argv[arg] + i * 2, 2);
123  abtUidBcc[i] = (uint8_t) strtol((char *) abtTmp, NULL, 16);
124  abtUidBcc[4] ^= abtUidBcc[i];
125  }
126  } else {
127  ERR("%s is not supported option.", argv[arg]);
128  print_usage(argv);
129  exit(EXIT_FAILURE);
130  }
131  }
132 
133 #ifdef WIN32
134  signal(SIGINT, (void (__cdecl *)(int)) intr_hdlr);
135 #else
136  signal(SIGINT, intr_hdlr);
137 #endif
138 
139  nfc_init(&context);
140  if (context == NULL) {
141  ERR("Unable to init libnfc (malloc)");
142  exit(EXIT_FAILURE);
143  }
144 
145  // Try to open the NFC device
146  pnd = nfc_open(context, NULL);
147 
148  if (pnd == NULL) {
149  ERR("Unable to open NFC device");
150  nfc_exit(context);
151  exit(EXIT_FAILURE);
152  }
153 
154  printf("\n");
155  printf("NFC device: %s opened\n", nfc_device_get_name(pnd));
156  printf("[+] Try to break out the auto-emulation, this requires a second NFC device!\n");
157  printf("[+] To do this, please send any command after the anti-collision\n");
158  printf("[+] For example, send a RATS command or use the \"nfc-anticol\" or \"nfc-list\" tool.\n");
159 
160  // Note: We have to build a "fake" nfc_target in order to do exactly the same that was done before the new nfc_target_init() was introduced.
161  nfc_target nt = {
162  .nm = {
163  .nmt = NMT_ISO14443A,
164  .nbr = NBR_UNDEFINED,
165  },
166  .nti = {
167  .nai = {
168  .abtAtqa = { 0x04, 0x00 },
169  .abtUid = { 0x08, 0xad, 0xbe, 0xef },
170  .btSak = 0x20,
171  .szUidLen = 4,
172  .szAtsLen = 0,
173  },
174  },
175  };
176  if ((szRecvBits = nfc_target_init(pnd, &nt, abtRecv, sizeof(abtRecv), 0)) < 0) {
177  nfc_perror(pnd, "nfc_target_init");
178  ERR("Could not come out of auto-emulation, no command was received");
179  nfc_close(pnd);
180  nfc_exit(context);
181  exit(EXIT_FAILURE);
182  }
183  printf("[+] Received initiator command: ");
184  print_hex_bits(abtRecv, (size_t) szRecvBits);
185  printf("[+] Configuring communication\n");
186  if ((nfc_device_set_property_bool(pnd, NP_HANDLE_CRC, false) < 0) || (nfc_device_set_property_bool(pnd, NP_HANDLE_PARITY, true) < 0)) {
187  nfc_perror(pnd, "nfc_device_set_property_bool");
188  nfc_close(pnd);
189  nfc_exit(context);
190  exit(EXIT_FAILURE);
191  }
192  printf("[+] Done, the emulated tag is initialized with UID: %02X%02X%02X%02X\n\n", abtUidBcc[0], abtUidBcc[1],
193  abtUidBcc[2], abtUidBcc[3]);
194 
195  while (true) {
196  // Test if we received a frame
197  if ((szRecvBits = nfc_target_receive_bits(pnd, abtRecv, sizeof(abtRecv), 0)) > 0) {
198  // Prepare the command to send back for the anti-collision request
199  switch (szRecvBits) {
200  case 7: // Request or Wakeup
201  pbtTx = abtAtqa;
202  szTxBits = 16;
203  // New anti-collsion session started
204  if (!quiet_output)
205  printf("\n");
206  break;
207 
208  case 16: // Select All
209  pbtTx = abtUidBcc;
210  szTxBits = 40;
211  break;
212 
213  case 72: // Select Tag
214  pbtTx = abtSak;
215  szTxBits = 24;
216  break;
217 
218  default: // unknown length?
219  szTxBits = 0;
220  break;
221  }
222 
223  if (!quiet_output) {
224  printf("R: ");
225  print_hex_bits(abtRecv, (size_t) szRecvBits);
226  }
227  // Test if we know how to respond
228  if (szTxBits) {
229  // Send and print the command to the screen
230  if (nfc_target_send_bits(pnd, pbtTx, szTxBits, NULL) < 0) {
231  nfc_perror(pnd, "nfc_target_send_bits");
232  nfc_close(pnd);
233  nfc_exit(context);
234  exit(EXIT_FAILURE);
235  }
236  if (!quiet_output) {
237  printf("T: ");
238  print_hex_bits(pbtTx, szTxBits);
239  }
240  }
241  }
242  }
243 }
const char * nfc_device_get_name(nfc_device *pnd)
Returns the device name.
Definition: nfc.c:1209
void nfc_close(nfc_device *pnd)
Close from a NFC device.
Definition: nfc.c:339
nfc_device * nfc_open(nfc_context *context, const nfc_connstring connstring)
Open a NFC device.
Definition: nfc.c:277
int nfc_abort_command(nfc_device *pnd)
Abort current running command.
Definition: nfc.c:1036
void nfc_perror(const nfc_device *pnd, const char *pcString)
Display the last error occured on a nfc_device.
Definition: nfc.c:1183
void nfc_exit(nfc_context *context)
Deinitialize libnfc. Should be called after closing all open devices and before your application term...
Definition: nfc.c:248
void nfc_init(nfc_context **context)
Initialize libnfc. This function must be called before calling any other libnfc function.
Definition: nfc.c:231
int nfc_device_set_property_bool(nfc_device *pnd, const nfc_property property, const bool bEnable)
Set a device's boolean-property value.
Definition: nfc.c:466
int nfc_target_send_bits(nfc_device *pnd, const uint8_t *pbtTx, const size_t szTxBits, const uint8_t *pbtTxPar)
Send raw bit-frames.
Definition: nfc.c:1094
int nfc_target_init(nfc_device *pnd, nfc_target *pnt, uint8_t *pbtRx, const size_t szRx, int timeout)
Initialize NFC device as an emulated tag.
Definition: nfc.c:978
int nfc_target_receive_bits(nfc_device *pnd, uint8_t *pbtRx, const size_t szRx, uint8_t *pbtRxPar)
Receive bit-frames.
Definition: nfc.c:1116
@ NP_HANDLE_CRC
Definition: nfc-types.h:94
@ NP_HANDLE_PARITY
Definition: nfc-types.h:102
Provide some examples shared functions like print, parity calculation, options parsing.
#define ERR(...)
Print a error message.
Definition: nfc-utils.h:85
libnfc interface
NFC library context Struct which contains internal options, references, pointers, etc....
Definition: nfc-internal.h:175
NFC device information.
Definition: nfc-internal.h:190
NFC target structure.
Definition: nfc-types.h:351