#include #include #include #include #include "nfcommander.h" #include "config.h" #include "libyhy.h" static int reader_fd = -1; int init(){ char reader_version[100]; char* port = config_get("nfc", "device"); if(!port){ printf("Please configure nfc.device to the reader serial port\n"); return 1; } //TODO set cloexec, nonblock printf("Opening YHY reader on %s\n", port); reader_fd = yhy_open(port); if(reader_fd < 0){ printf("Failed to open reader connection at %s\n", port); return 1; } if(yhy_sync_read_version(reader_fd, reader_version, sizeof(reader_version)) > 0){ printf("Connected YHY reader reports firmware: %s\n", reader_version); } core_manage_fd(reader_fd, 1, system_reader); return 0; } int handle(int fd){ if(fd == reader_fd){ printf("Unhandled data on YHY fd\n"); } return 0; } uint8_t read_ntag(nfc_tag_info_t* tag){ uint8_t data[16] = ""; size_t bytes = 0, n = 0; //read 16 bytes starting at block 2 //[0-3] UID, lock bytes //[4-7] CC //[8-11] Signature //[12-15] Data block offsets & lengths bytes = yhy_sync_read(reader_fd, 2, data, sizeof(data)); if(bytes != 16){ //read failed, probably not a usable tag return FLAG_TAG_LOCKED; } //check for NTAG signature CC bytes if(data[4] != 0xE1 || data[5] != 0x10 || data[7]){ return FLAG_TAG_LOCKED; } switch(data[6]){ case 0x12: //NTAG213 tag->bytes_available = 144; break; case 0x3E: //NTAG215 tag->bytes_available = 496; break; case 0x6D: //NTAG216 tag->bytes_available = 872; break; default: //unknown return FLAG_TAG_LOCKED; } //TODO check lock bits //check nfcommander signature if(data[8] != 0xCB || data[9] != 'N' || data[10] != 'F' || data[11] != 'C'){ return FLAG_TAG_UNPROGRAMMED; } //sanity check length data if(data[12] < 6 || !data[13]){ return FLAG_TAG_UNPROGRAMMED; } //read data tag->static_length = data[13] * tag->granularity; tag->static_data = calloc(tag->static_length, sizeof(uint8_t)); if(!tag->static_data){ printf("Failed to allocate memory\n"); return FLAG_TAG_LOCKED; } do{ //each read fetches 4 blocks, but due to a probable firmware bug we cant read blocks 0 or 10 //so we overwrite 2 bytes per pass and skip the read for 10. uint8_t block = data[12] + n * 2; if(block != 10){ bytes = yhy_sync_read(reader_fd, block, tag->static_data + n * 2 * 4, tag->static_length - (n * 2 * 4)); } if(bytes <= 0){ return FLAG_TAG_LOCKED; } n++; } while(n <= data[13] / 2); //read dynamic data if present tag->dynamic_max = tag->bytes_available - 8 /*4 byte magic, 4 byte length*/ - tag->static_length; tag->dynamic_length = data[15] * tag->granularity; if(tag->dynamic_length){ tag->dynamic_data = calloc(tag->dynamic_length, sizeof(uint8_t)); if(!tag->dynamic_data){ printf("Failed to allocate memory\n"); return FLAG_TAG_LOCKED; } do{ uint8_t block = data[14] + n * 2; if(block != 10){ bytes = yhy_sync_read(reader_fd, block, tag->dynamic_data + n * 2 * 4, tag->dynamic_length - (n * 2 * 4)); } if(bytes <= 0){ return FLAG_TAG_LOCKED; } n++; } while(n <= data[15] / 2); } return FLAG_TAG_DATA_VALID; } void write_ntag(nfc_tag_info_t* tag, uint8_t flags){ size_t n = 0; size_t static_offset = 6; size_t static_blocks = (tag->static_length / tag->granularity) + ((tag->static_length % tag->granularity) ? 1 : 0); size_t dynamic_offset = static_offset + static_blocks; size_t dynamic_blocks = (tag->dynamic_length / tag->granularity) + ((tag->dynamic_length % tag->granularity) ? 1 : 0); uint8_t data[16] = { 0 }; if(!static_blocks){ printf("Invalid tag data requested for write (static length is %ld), aborting\n", tag->static_length); return; } //write directory data[0] = static_offset; data[1] = static_blocks; data[2] = dynamic_offset; data[3] = dynamic_blocks; yhy_sync_write(reader_fd, 5, data); if(flags & TAG_WRITE_FULL){ //write signature data[0] = 0xCB; data[1] = 'N'; data[2] = 'F'; data[3] = 'C'; yhy_sync_write(reader_fd, 4, data); for(n = 0; n < static_blocks; n++){ memset(data, 0, sizeof(data)); memcpy(data, tag->static_data + n * tag->granularity, MIN(tag->static_length - n * tag->granularity, 4)); yhy_sync_write(reader_fd, static_offset + n, data); } } //write dynamic data for(n = 0; n < dynamic_blocks; n++){ memset(data, 0, sizeof(data)); memcpy(data, tag->dynamic_data + n * tag->granularity, MIN(tag->dynamic_length - n * tag->granularity, 4)); yhy_sync_write(reader_fd, dynamic_offset + n, data); } } uint8_t read_mifare(nfc_tag_info_t* tag){ //TODO return FLAG_TAG_LOCKED; } void write_mifare(nfc_tag_info_t* tag, uint8_t flags){ //TODO } int scan(){ nfc_tag_info_t card = { 0 }; uint16_t atqa = 0; uint8_t sak = 0; uint8_t flags = 0; for(yhy_sync_request(reader_fd, 1, &atqa); atqa; yhy_sync_request(reader_fd, 0, &atqa)){ sak = 0; //ATQA should normally not be used as an indicator for UID length //However, the YHY UL_SELECT command does not seem to work after CL1 anticollision for some reason //extended length UIDs if(atqa & 0x00C0){ card.uid_length = yhy_sync_ulselect(reader_fd, card.uid, sizeof(card.uid)); //since we dont get either the CL2 SAK or any other method of identifying the particular type of PICC, just guess whether it's an NTAG card.type = tag_unknown; if(atqa == 0x0044){ card.type = tag_ntag; card.granularity = 4; } else{ printf("PICC Parameters: ATQA %04X\n", atqa); } } else{ card.uid_length = yhy_sync_anticoll(reader_fd, card.uid, sizeof(card.uid)); yhy_sync_select(reader_fd, card.uid, card.uid_length, &sak); card.type = tag_unknown; if(atqa == 0x0004 && sak == 0x08){ card.type = tag_mifare1; card.bytes_available = 752; card.granularity = 16; } else{ printf("PICC Parameters: ATQA %04X SAK %02X\n", atqa, sak); } } flags = TAG_WRITE_FULL; switch(reader_tag_present(0, &card)){ case TAG_READ_REQUESTED: //read card data if(card.type == tag_ntag){ flags = read_ntag(&card); } else if(card.type == tag_mifare1){ flags = read_mifare(&card); } reader_tag_present(flags, &card); break; case TAG_WRITE_DYNAMIC: flags = TAG_WRITE_DYNAMIC; //fall through case TAG_WRITE_FULL: //write card data if(card.type == tag_ntag){ write_ntag(&card, flags); } else if(card.type == tag_mifare1){ write_mifare(&card, flags); } break; } yhy_sync_hlta(reader_fd); } return 0; } static void __attribute__((destructor)) cleanup(){ core_manage_fd(reader_fd, 0, system_reader); close(reader_fd); reader_fd = -1; }