libnfc  1.8.0
nfc-emulate-tag.c
Go to the documentation of this file.
1 /*-
2  * Free/Libre Near Field Communication (NFC) library
3  *
4  * Libnfc historical contributors:
5  * Copyright (C) 2009 Roel Verdult
6  * Copyright (C) 2009-2013 Romuald Conty
7  * Copyright (C) 2010-2012 Romain Tartière
8  * Copyright (C) 2010-2013 Philippe Teuwen
9  * Copyright (C) 2012-2013 Ludovic Rousseau
10  * See AUTHORS file for a more comprehensive list of contributors.
11  * Additional contributors of this file:
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions are met:
15  * 1) Redistributions of source code must retain the above copyright notice,
16  * this list of conditions and the following disclaimer.
17  * 2 )Redistributions in binary form must reproduce the above copyright
18  * notice, this list of conditions and the following disclaimer in the
19  * documentation and/or other materials provided with the distribution.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
22  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31  * POSSIBILITY OF SUCH DAMAGE.
32  *
33  * Note that this license only applies on the examples, NFC library itself is under LGPL
34  *
35  */
36 
42 // Note that depending on the device (initiator) you'll use against, this
43 // emulator it might work or not. Some readers are very strict on responses
44 // timings, e.g. a Nokia NFC and will drop communication too soon for us.
45 
46 #ifdef HAVE_CONFIG_H
47 # include "config.h"
48 #endif // HAVE_CONFIG_H
49 
50 #include <stdio.h>
51 #include <stdlib.h>
52 #include <stddef.h>
53 #include <stdint.h>
54 #include <string.h>
55 #include <signal.h>
56 
57 #include <nfc/nfc.h>
58 
59 #include "utils/nfc-utils.h"
60 
61 #define MAX_FRAME_LEN (264)
62 #define SAK_ISO14443_4_COMPLIANT 0x20
63 
64 static uint8_t abtRx[MAX_FRAME_LEN];
65 static int szRx;
66 static nfc_context *context;
67 static nfc_device *pnd;
68 static bool quiet_output = false;
69 static bool init_mfc_auth = false;
70 
71 static void
72 intr_hdlr(int sig)
73 {
74  (void) sig;
75  printf("\nQuitting...\n");
76  if (pnd != NULL) {
77  nfc_abort_command(pnd);
78  }
79  nfc_close(pnd);
80  nfc_exit(context);
81  exit(EXIT_FAILURE);
82 }
83 
84 static bool
85 target_io(nfc_target *pnt, const uint8_t *pbtInput, const size_t szInput, uint8_t *pbtOutput, size_t *pszOutput)
86 {
87  bool loop = true;
88  *pszOutput = 0;
89 
90  // Show transmitted command
91  if (!quiet_output) {
92  printf(" In: ");
93  print_hex(pbtInput, szInput);
94  }
95  if (szInput) {
96  switch (pbtInput[0]) {
97  case 0x30: // Mifare read
98  // block address is in pbtInput[1]
99  *pszOutput = 15;
100  strcpy((char *)pbtOutput, "You read block ");
101  pbtOutput[15] = pbtInput[1];
102  break;
103  case 0x50: // HLTA (ISO14443-3)
104  if (!quiet_output) {
105  printf("Initiator HLTA me. Bye!\n");
106  }
107  loop = false;
108  break;
109  case 0x60: // Mifare authA
110  case 0x61: // Mifare authB
111  // Let's give back a very random nonce...
112  *pszOutput = 2;
113  pbtOutput[0] = 0x12;
114  pbtOutput[1] = 0x34;
115  // Next commands will be without CRC
116  init_mfc_auth = true;
117  break;
118  case 0xe0: // RATS (ISO14443-4)
119  // Send ATS
120  *pszOutput = pnt->nti.nai.szAtsLen + 1;
121  pbtOutput[0] = pnt->nti.nai.szAtsLen + 1; // ISO14443-4 says that ATS contains ATS_Length as first byte
122  if (pnt->nti.nai.szAtsLen) {
123  memcpy(pbtOutput + 1, pnt->nti.nai.abtAts, pnt->nti.nai.szAtsLen);
124  }
125  break;
126  case 0xc2: // S-block DESELECT
127  if (!quiet_output) {
128  printf("Initiator DESELECT me. Bye!\n");
129  }
130  loop = false;
131  break;
132  default: // Unknown
133  if (!quiet_output) {
134  printf("Unknown frame, emulated target abort.\n");
135  }
136  loop = false;
137  }
138  }
139  // Show transmitted command
140  if ((!quiet_output) && *pszOutput) {
141  printf(" Out: ");
142  print_hex(pbtOutput, *pszOutput);
143  }
144  return loop;
145 }
146 
147 static bool
148 nfc_target_emulate_tag(nfc_device *dev, nfc_target *pnt)
149 {
150  size_t szTx;
151  uint8_t abtTx[MAX_FRAME_LEN];
152  bool loop = true;
153 
154  if ((szRx = nfc_target_init(dev, pnt, abtRx, sizeof(abtRx), 0)) < 0) {
155  nfc_perror(dev, "nfc_target_init");
156  return false;
157  }
158 
159  while (loop) {
160  loop = target_io(pnt, abtRx, (size_t) szRx, abtTx, &szTx);
161  if (szTx) {
162  if (nfc_target_send_bytes(dev, abtTx, szTx, 0) < 0) {
163  nfc_perror(dev, "nfc_target_send_bytes");
164  return false;
165  }
166  }
167  if (loop) {
168  if (init_mfc_auth) {
169  if (nfc_device_set_property_bool(dev, NP_HANDLE_CRC, false) < 0) {
170  nfc_perror(pnd, "nfc_target_emulate_tag");
171  nfc_close(pnd);
172  nfc_exit(context);
173  exit(EXIT_FAILURE);
174  }
175  init_mfc_auth = false;
176  }
177  if ((szRx = nfc_target_receive_bytes(dev, abtRx, sizeof(abtRx), 0)) < 0) {
178  nfc_perror(dev, "nfc_target_receive_bytes");
179  return false;
180  }
181  }
182  }
183  return true;
184 }
185 
186 int
187 main(int argc, char *argv[])
188 {
189  (void) argc;
190  const char *acLibnfcVersion;
191 
192 #ifdef WIN32
193  signal(SIGINT, (void (__cdecl *)(int)) intr_hdlr);
194 #else
195  signal(SIGINT, intr_hdlr);
196 #endif
197 
198  nfc_init(&context);
199  if (context == NULL) {
200  ERR("Unable to init libnfc (malloc)");
201  exit(EXIT_FAILURE);
202  }
203 
204  // Display libnfc version
205  acLibnfcVersion = nfc_version();
206  printf("%s uses libnfc %s\n", argv[0], acLibnfcVersion);
207 
208  // Try to open the NFC reader
209  pnd = nfc_open(context, NULL);
210 
211  if (pnd == NULL) {
212  ERR("Unable to open NFC device");
213  nfc_exit(context);
214  exit(EXIT_FAILURE);
215  }
216 
217  printf("NFC device: %s opened\n", nfc_device_get_name(pnd));
218 
219  // Notes for ISO14443-A emulated tags:
220  // * Only short UIDs are supported
221  // If your UID is longer it will be truncated
222  // Therefore e.g. an UltraLight can only have short UID, which is
223  // typically badly handled by readers who still try to send their "0x95"
224  // * First byte of UID will be masked by 0x08 by the PN53x firmware
225  // as security countermeasure against real UID emulation
226 
227  // Example of a Mifare Classic Mini
228  // Note that crypto1 is not implemented in this example
229  nfc_target nt = {
230  .nm = {
231  .nmt = NMT_ISO14443A,
232  .nbr = NBR_UNDEFINED,
233  },
234  .nti = {
235  .nai = {
236  .abtAtqa = { 0x00, 0x04 },
237  .abtUid = { 0x08, 0xab, 0xcd, 0xef },
238  .btSak = 0x09,
239  .szUidLen = 4,
240  .szAtsLen = 0,
241  },
242  },
243  };
244  /*
245  // Example of a FeliCa
246  nfc_target nt = {
247  .nm = {
248  .nmt = NMT_FELICA,
249  .nbr = NBR_UNDEFINED,
250  },
251  .nti = {
252  .nfi = {
253  .abtId = { 0x01, 0xFE, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xFF },
254  .abtPad = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xFF },
255  .abtSysCode = { 0xFF, 0xFF },
256  },
257  },
258  };
259  */
260  /*
261  // Example of a ISO14443-4 (DESfire)
262  nfc_target nt = {
263  .nm = {
264  .nmt = NMT_ISO14443A,
265  .nbr = NBR_UNDEFINED,
266  },
267  .nti = {
268  .nai = {
269  .abtAtqa = { 0x03, 0x44 },
270  .abtUid = { 0x08, 0xab, 0xcd, 0xef },
271  .btSak = 0x20,
272  .szUidLen = 4,
273  .abtAts = { 0x75, 0x77, 0x81, 0x02, 0x80 },
274  .szAtsLen = 5,
275  },
276  },
277  };
278  */
279 
280  printf("%s will emulate this ISO14443-A tag:\n", argv[0]);
281  print_nfc_target(&nt, true);
282 
283  // Switch off NP_EASY_FRAMING if target is not ISO14443-4
284  if (nfc_device_set_property_bool(pnd, NP_EASY_FRAMING, (nt.nti.nai.btSak & SAK_ISO14443_4_COMPLIANT)) < 0) {
285  nfc_perror(pnd, "nfc_target_emulate_tag");
286  nfc_close(pnd);
287  nfc_exit(context);
288  exit(EXIT_FAILURE);
289  }
290  printf("NFC device (configured as target) is now emulating the tag, please touch it with a second NFC device (initiator)\n");
291  if (!nfc_target_emulate_tag(pnd, &nt)) {
292  nfc_perror(pnd, "nfc_target_emulate_tag");
293  nfc_close(pnd);
294  nfc_exit(context);
295  exit(EXIT_FAILURE);
296  }
297 
298  nfc_close(pnd);
299  nfc_exit(context);
300  exit(EXIT_SUCCESS);
301 }
302 
const char * nfc_device_get_name(nfc_device *pnd)
Returns the device name.
Definition: nfc.c:1209
void nfc_close(nfc_device *pnd)
Close from a NFC device.
Definition: nfc.c:339
nfc_device * nfc_open(nfc_context *context, const nfc_connstring connstring)
Open a NFC device.
Definition: nfc.c:277
int nfc_abort_command(nfc_device *pnd)
Abort current running command.
Definition: nfc.c:1036
void nfc_perror(const nfc_device *pnd, const char *pcString)
Display the last error occured on a nfc_device.
Definition: nfc.c:1183
void nfc_exit(nfc_context *context)
Deinitialize libnfc. Should be called after closing all open devices and before your application term...
Definition: nfc.c:248
void nfc_init(nfc_context **context)
Initialize libnfc. This function must be called before calling any other libnfc function.
Definition: nfc.c:231
const char * nfc_version(void)
Returns the library version.
Definition: nfc.c:1319
int nfc_device_set_property_bool(nfc_device *pnd, const nfc_property property, const bool bEnable)
Set a device's boolean-property value.
Definition: nfc.c:466
int nfc_target_send_bytes(nfc_device *pnd, const uint8_t *pbtTx, const size_t szTx, int timeout)
Send bytes and APDU frames.
Definition: nfc.c:1057
int nfc_target_init(nfc_device *pnd, nfc_target *pnt, uint8_t *pbtRx, const size_t szRx, int timeout)
Initialize NFC device as an emulated tag.
Definition: nfc.c:978
int nfc_target_receive_bytes(nfc_device *pnd, uint8_t *pbtRx, const size_t szRx, int timeout)
Receive bytes and APDU frames.
Definition: nfc.c:1077
@ NP_HANDLE_CRC
Definition: nfc-types.h:94
@ NP_EASY_FRAMING
Definition: nfc-types.h:136
Provide some examples shared functions like print, parity calculation, options parsing.
#define ERR(...)
Print a error message.
Definition: nfc-utils.h:85
libnfc interface
NFC library context Struct which contains internal options, references, pointers, etc....
Definition: nfc-internal.h:175
NFC device information.
Definition: nfc-internal.h:190
NFC target structure.
Definition: nfc-types.h:351