2 * (C) 2005 by Harald Welte <laforge@gnumonks.org>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2
6 * as published by the Free Software Foundation
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 hexdump(const void *data, unsigned int len)
31 static char string[1024];
32 unsigned char *d = (unsigned char *) data;
36 left = sizeof(string);
37 for (i = 0; len--; i += 3) {
38 if (i >= sizeof(string) -4)
40 snprintf(string+i, 4, " %02x", *d++);
45 struct pegoda_handle {
46 struct usb_dev_handle *handle;
52 struct usb_device *find_device(u_int16_t vendor, u_int16_t device)
56 for (bus = usb_get_busses(); bus; bus = bus->next) {
57 struct usb_device *dev;
58 for (dev = bus->devices; dev; dev = dev->next) {
59 if (dev->descriptor.idVendor == vendor &&
60 dev->descriptor.idProduct == device) {
68 int pegoda_transcieve(struct pegoda_handle *ph,
69 u_int8_t cmd, unsigned char *tx, unsigned int tx_len,
70 unsigned char *rx, unsigned int *rx_len)
72 unsigned char txbuf[256];
73 unsigned char rxbuf[256];
75 unsigned int len_expected;
76 struct pegoda_cmd_hdr *hdr = (struct pegoda_cmd_hdr *)txbuf;
77 struct pegoda_cmd_hdr *rxhdr = (struct pegoda_cmd_hdr *)rxbuf;
79 hdr->seq = ++(ph->seq);
81 hdr->len = htons(tx_len);
82 memcpy(txbuf + sizeof(*hdr), tx, tx_len);
84 printf("tx [%u]: %s\n", tx_len+sizeof(*hdr),
85 hexdump(txbuf, tx_len + sizeof(*hdr)));
86 rc = usb_bulk_write(ph->handle, 0x02, (char *)txbuf,
87 tx_len + sizeof(*hdr), 0);
91 rc = usb_bulk_read(ph->handle, 0x81, (char *)rxbuf, sizeof(rxbuf), 0);
96 fprintf(stderr, "unexpected: received %u bytes as length?\n");
99 printf("len [%u]: %s\n", rc, hexdump(rxbuf, rc));
101 len_expected = rxbuf[0];
103 if (len_expected > sizeof(rxbuf))
106 rc = usb_bulk_read(ph->handle, 0x81, (char *)rxbuf, len_expected, 0);
109 printf("rx [%u]: %s\n", rc, hexdump(rxbuf, rc));
114 if (rxhdr->seq != hdr->seq)
117 *rx_len = ntohs(rxhdr->len);
119 memcpy(rx, rxbuf+sizeof(*rxhdr), rc-sizeof(*rxhdr));
124 struct pegoda_handle *pegoda_open(void)
126 struct usb_device *pegoda;
127 unsigned char rbuf[16];
128 unsigned int rlen = sizeof(rbuf);
129 struct pegoda_handle *ph;
135 pegoda = find_device(USB_VENDOR_PHILIPS, USB_DEVICE_PEGODA);
140 ph = malloc(sizeof(*ph));
143 memset(ph, 0, sizeof(*ph));
145 printf("found pegoda, %u configurations\n",
146 pegoda->descriptor.bNumConfigurations);
148 printf("config 2 [nr %u] has %u interfaces\n",
149 pegoda->config[1].bConfigurationValue,
150 pegoda->config[1].bNumInterfaces);
152 printf("config 2 interface 0 has %u altsettings\n",
153 pegoda->config[1].interface[0].num_altsetting);
155 ph->handle = usb_open(pegoda);
159 if (usb_set_configuration(ph->handle, 2))
162 printf("configuration 2 successfully set\n");
164 if (usb_claim_interface(ph->handle, 0))
167 printf("interface 0 claimed\n");
169 if (usb_set_altinterface(ph->handle, 1))
172 printf("alt setting 1 selected\n");
174 pegoda_transcieve(ph, PEGODA_CMD_PCD_CONFIG, NULL, 0, rbuf, &rlen);
182 /* Transform crypto1 key from generic 6byte into rc632 specific 12byte */
184 mifare_transform_key(const u_int8_t *key6, u_int8_t *key12)
190 for (i = 0; i < 6; i++) {
193 key12[i * 2 + 1] = (~ln << 4) | ln;
194 key12[i * 2] = (~hn << 4) | hn;
199 static int pegoda_auth_e2(struct pegoda_handle *ph,
200 u_int8_t keynr, u_int8_t sector)
202 unsigned char buf[3];
203 unsigned char rbuf[16];
204 unsigned int rlen = sizeof(rbuf);
207 buf[1] = keynr; /* key number */
208 buf[2] = sector; /* sector */
210 pegoda_transcieve(ph, PEGODA_CMD_PICC_AUTH, buf, 3, rbuf, &rlen);
212 /* FIXME: check response */
217 static int pegoda_auth_key(struct pegoda_handle *ph,
218 u_int8_t sector, const unsigned char *key6)
220 unsigned char buf[1+4+12+1];
221 unsigned char rbuf[16];
222 unsigned int rlen = sizeof(rbuf);
225 memcpy(buf+1, ph->snr, 4);
226 mifare_transform_key(key6, buf+5);
229 pegoda_transcieve(ph, PEGODA_CMD_PICC_AUTH_KEY, buf, 18, rbuf, &rlen);
231 /* FIXME: check response */
236 static int pegoda_read16(struct pegoda_handle *ph,
237 u_int8_t page, unsigned char *rx)
240 unsigned int rlen = 16;
242 rc = pegoda_transcieve(ph, PEGODA_CMD_PICC_READ,
243 &page, 1, rx, &rlen);
250 int main(int argc, char **argv)
252 unsigned char buf[256];
253 unsigned char rbuf[256];
254 unsigned int rlen = sizeof(rbuf);
255 struct pegoda_handle *ph;
264 pegoda_transcieve(ph, PEGODA_CMD_SWITCH_LED, buf, 1, rbuf, &rlen);
270 pegoda_transcieve(ph, PEGODA_CMD_PICC_COMMON_REQUEST,
271 buf, 1, rbuf, &rlen);
276 pegoda_transcieve(ph, PEGODA_CMD_PICC_CASC_ANTICOLL,
277 buf, 6, rbuf, &rlen);
279 memcpy(ph->snr, rbuf, 4);
282 memcpy(buf+1, ph->snr, 4);
284 pegoda_transcieve(ph, PEGODA_CMD_PICC_CASC_SELECT,
285 buf, 5, rbuf, &rlen);
287 pegoda_auth_key(ph, 0, "\xff\xff\xff\xff\xff\xff");
288 pegoda_read16(ph, 0, rbuf);
289 printf("read16 = %s\n", hexdump(rbuf, 16));