diff --git a/.gitignore b/.gitignore index 349ef5efb..1b352bcfe 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ .profile *.log *.eml +*.html *.o *.a *.d diff --git a/.travis.yml b/.travis.yml index 1cb60f8e9..5aee2a918 100644 --- a/.travis.yml +++ b/.travis.yml @@ -41,6 +41,16 @@ addons: - qt5 - RfidResearchGroup/proxmark3/arm-none-eabi-gcc taps: RfidResearchGroup/proxmark3 +# update trick to fix https://travis-ci.community/t/macos-build-fails-because-of-homebrew-bundle-unknown-command/7296/14 + update: true + +before_install: + # bug? + # homebrew update replaced python2.7 by python3.7 but + # python3 link failed while python@2 still present, so let's do it again: + if [ "$TRAVIS_OS_NAME" == "osx" ]; then + brew link --overwrite python; + fi install: if ! arm-none-eabi-gcc -v; then diff --git a/CHANGELOG.md b/CHANGELOG.md index f4eeee148..6192b8068 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,32 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ## [unreleased][unreleased] - Added keri MS decode/encode and update 'lf keri clone' to support MS fc/cid cloning. (@mwalker33) + - Fix 'hf mfdes enum' - now actually manages to enumerate files under all AID's. :smiley: (@iceman1001) + - Fix 'hf mfdes info' - now detects DESFire light and work properly Wrapped commands :+1: (@iceman1001) + - :smiling_imp: support (@doegox) + - Additional colour changes as recommended by @iceman (@dunderhay) + - Change type colour for `hf 14a` card types (@dunderhay) + - Add colour to `hf mfdes` command (@dunderhay) + - Add 'HINTS' command. Will turn off / on hint messages. Default mode is OFF. (@iceman1001) + - Add colour to `hf 14a` and `hf mfu` commands (@dunderhay) + - Add colour to `lf hid` commands (@dunderhay) + - Change `script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type` - The hf_bruteforce card script now requires Mifare type (mfc or mfu) (@dunderhay) + - Updated `hf_bruteforce.lua` script - added support for brute forcing Mifare Ultralight EV1 cards (@dunderhay) + - Added `hf mf personlize` - personalize the UID of a Mifare Classic EV1 card (@pwpiwi) + - Change - hint texts added to all lf clone commands (@iceman1001) + - Change `lf keri demod` - adjusted the internal id. (@mwalker33) + - Added seamless integration with cryptohelper (@iceman1001) + - Change `lf hid brute` - new params for direction (UP/DOWN); textual and main loop actually exit. (@capnkrunchy and @iceman1001) + - Fix `lf hid brute` - made it work again (@capnkrunchy) + - Fix standalone mode HF_MATTYRUN - correct logic when all keys found in printing. partial fix (@iceman1001) + - Change static nonce detection got tighter (@iceman1001) + - Improved termux notes (@msoose) + - Fix `hf mf autopwn` - works on debian 10 *nix. Bad exit commands in hardnested (@iceman1001) + - Fix `hf mf hardnested` - bad mutex strategies (@msoose) + - Change `lf hitag` - now obeys `lf config` (@iceman1001) + - Ported all python 2 scripts to python 3 (@doegox and @sigwinch28) + - Removed undefined exit behaviour from `analyzesize` tool: it now exits with code 2 when called with wrong args (@sigwinch28) + - Replaced shebangs in scripts with more portable versions which use `/usr/bin/env` (@sigwinch28) - Added `hf lto restore` - restore LTO cartridge memory from dump file [.bin|.eml] (@Kevin-Nakamoto) - Added `LF_ICEHID` standalone mode which searches for lf HID credentials and store to RDV4 flashmem (@iceman1001) - Added `HF_14ASNIFF` standalone mode with storing trace to RDV4 flashmem (@micolous) @@ -22,7 +48,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `commands.md` - document with all proxmark client commands. Generated with XX_internal_command_dump_markdown_XX. (@iceman1001) - Change `lf pac clone` - new option `c ` to allow cloning PAC/Stanley tag from card ID (@danshuk) - Change `lf pac read` - decoded PAC/Stanley card ID (@danshuk) - - Change mifare classic keytable output refactored and uses colors (@iceman1001) + - Change mifare classic keytable output refactored and uses colors (@iceman1001) - Fix `hf mf nested` - now writes the correct blockno (@iceman1001) - Change `lf t55xx dump` - now supports saving to JSON (@iceman1001) - Change `hf mf chk | fchk` faster authentication by lower timeout limit. (@pwpiwi) @@ -418,6 +444,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `hf mf mad` and `hf mfp mad` MAD decode, check and print commands (@merlokk) - Added `script run luxeodump` (@0xdrrb) - Fix `lf hitag reader 02` - print all bytes (@bosb) + - Fix hitag S simulation (still not working), write, add example HITAG S 256 (@bosb) ### Fixed @@ -592,8 +619,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Updated the Reveng 1.31 sourcecode to 1.40 from Reveng project homepage (@iceman1001) - Added possibility to write direct to a Legic Prime Tag (MIM256/1024) without using values from the `BigBuffer` -> `hf legic writeRaw ` (@icsom) - Added possibility to decrease DCF values at address 0x05 & 0x06 on a Legic Prime Tag - DCF-value will be pulled from the BigBuffer (address 0x05 & 0x06) so you have to - load the data into the BigBuffer before with `hf legic load ` & then + DCF-value will be pulled from the BigBuffer (address 0x05 & 0x06) so you have to + load the data into the BigBuffer before with `hf legic load ` & then write the DCF-Values (both at once) with `hf legic write 0x05 0x02` (@icsom) - Added script `legic.lua` for display and edit Data of Legic-Prime Tags (@icsom) - Added the experimental HITAG_S support (@spenneb) diff --git a/README.md b/README.md index 96a8d2693..e48802b81 100644 --- a/README.md +++ b/README.md @@ -11,10 +11,10 @@ | FAQ's & Updates | Installation | Use of the Proxmark | | ------------------- |:-------------------:| -------------------:| -|[What has changed?](#what-has-changed) | [Setup and build for Linux](/doc/md/Installation_Instructions/Linux-Installation-Instructions.md) | [Compilation Instructions](/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md)| -|[Development](#development) | [Important notes on ModemManager for Linux users](/doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md) | [Validating proxmark client functionality](/doc/md/Use_of_Proxmark/1_Validation.md) | -|[Why didn't you base it on official Proxmark3 Master?](#why-didnt-you-base-it-on-official-proxmark3-master)| [Homebrew (Mac OS X) & Upgrading HomeBrew Tap Formula](/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md) | [First Use and Verification](/doc/md/Use_of_Proxmark/2_Configuration-and-Verification.md)| -|[Proxmark3 GUI](#proxmark3-gui)|[Setup and build for Windows](/doc/md/Installation_Instructions/Windows-Installation-Instructions.md)|[Commands & Features](/doc/md/Use_of_Proxmark/3_Commands-and-Features.md)| +|[What has changed?](#what-has-changed) | **[Setup and build for Linux](/doc/md/Installation_Instructions/Linux-Installation-Instructions.md)** | [Compilation Instructions](/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md)| +|[Development](#development) | **[Important notes on ModemManager for Linux users](/doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md)** | [Validating proxmark client functionality](/doc/md/Use_of_Proxmark/1_Validation.md) | +|[Why didn't you base it on official Proxmark3 Master?](#why-didnt-you-base-it-on-official-proxmark3-master)| **[Homebrew (Mac OS X) & Upgrading HomeBrew Tap Formula](/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md)** | [First Use and Verification](/doc/md/Use_of_Proxmark/2_Configuration-and-Verification.md)| +|[Proxmark3 GUI](#proxmark3-gui)|**[Setup and build for Windows](/doc/md/Installation_Instructions/Windows-Installation-Instructions.md)**|[Commands & Features](/doc/md/Use_of_Proxmark/3_Commands-and-Features.md)| |[Issues](#issues)|[Blue shark manual](/doc/bt_manual_v10.md) |[Advanced compilation parameters](/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md)| |[Notes on UART](/doc/uart_notes.md)|[Maintainers](/doc/md/Development/Maintainers.md)|[Command Cheat sheet](/doc/cheatsheet.md)| |[Notes on frame format](/doc/new_frame_format.md)||[More cheat sheets](https://github.com/RfidResearchGroup/proxmark3/wiki/More-cheat-sheets)| diff --git a/appveyor.yml b/appveyor.yml index b2ab84fb4..230bb44bf 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -24,7 +24,7 @@ init: Add-AppveyorMessage -Message "[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)" -Category Information -Details "repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename" - iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) + # iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) clone_script: - ps: >- Write-Host "Removing ProxSpace..." -NoNewLine @@ -409,4 +409,4 @@ on_success: on_failure: - ps: Write-Host "Build error." -ForegroundColor Red on_finish: -- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) +- ps: # $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) diff --git a/armsrc/Standalone/Makefile.hal b/armsrc/Standalone/Makefile.hal index 2dec4cfde..5c2352aaf 100644 --- a/armsrc/Standalone/Makefile.hal +++ b/armsrc/Standalone/Makefile.hal @@ -41,9 +41,15 @@ define KNOWN_STANDALONE_DEFINITIONS | LF_ICEHID | LF HID collector to flashmem | | (RDV4 only) | | +----------------------------------------------------------+ +| LF_EM4100EMUL | Simulate predefined em4100 tags only | +| | | ++----------------------------------------------------------+ +| LF_EM4100RWC | Read/simulate em4100 tags & clone it | +| | to T555x tags | ++----------------------------------------------------------+ endef -STANDALONE_MODES := LF_SAMYRUN LF_ICERUN LF_PROXBRUTE LF_HIDBRUTE LF_ICEHID +STANDALONE_MODES := LF_SAMYRUN LF_ICERUN LF_PROXBRUTE LF_HIDBRUTE LF_ICEHID LF_EM4100EMUL LF_EM4100RWC STANDALONE_MODES += HF_YOUNG HF_MATTYRUN HF_COLIN HF_BOG HF_14ASNIFF STANDALONE_MODES_REQ_SMARTCARD := STANDALONE_MODES_REQ_FLASH := HF_COLIN HF_BOG HF_14ASNIFF LF_ICEHID diff --git a/armsrc/Standalone/Makefile.inc b/armsrc/Standalone/Makefile.inc index d4de0411e..e5a3304a8 100644 --- a/armsrc/Standalone/Makefile.inc +++ b/armsrc/Standalone/Makefile.inc @@ -40,4 +40,12 @@ endif # WITH_STANDALONE_LF_ICEHID ifneq (,$(findstring WITH_STANDALONE_LF_ICEHID,$(APP_CFLAGS))) SRC_STANDALONE = lf_icehid.c +endif +# WITH_STANDALONE_LF_EM4100EMUL +ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMUL,$(APP_CFLAGS))) + SRC_STANDALONE = lf_em4100emul.c +endif +# WITH_STANDALONE_LF_EM4100RWC +ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RWC,$(APP_CFLAGS))) + SRC_STANDALONE = lf_em4100rwc.c endif \ No newline at end of file diff --git a/armsrc/Standalone/hf_14asniff.c b/armsrc/Standalone/hf_14asniff.c index d8bf6ab82..706a41b8b 100644 --- a/armsrc/Standalone/hf_14asniff.c +++ b/armsrc/Standalone/hf_14asniff.c @@ -45,7 +45,7 @@ * This module emits debug strings during normal operation -- so try it out in * the lab connected to PM3 client before taking it into the field. * - * To delete the trace data from flash: + * To delete the trace data from flash: * * Caveats / notes: * - Trace buffer will be cleared on starting stand-alone mode. Data in flash @@ -97,7 +97,7 @@ void RunMod() { if (trace_len > 0) { Dbprintf("[!] Trace length (bytes) = %u", trace_len); - uint8_t* trace_buffer = BigBuf_get_addr(); + uint8_t *trace_buffer = BigBuf_get_addr(); if (!exists_in_spiffs(HF_14ASNIFF_LOGFILE)) { rdv40_spiffs_write( HF_14ASNIFF_LOGFILE, trace_buffer, trace_len, RDV40_SPIFFS_SAFETY_SAFE); @@ -117,7 +117,7 @@ void RunMod() { SpinErr(LED_A, 200, 5); SpinDelay(100); - + LEDsoff(); SpinDelay(300); DownloadTraceInstructions(); diff --git a/armsrc/Standalone/hf_mattyrun.c b/armsrc/Standalone/hf_mattyrun.c index 3e53fffe9..60619e657 100644 --- a/armsrc/Standalone/hf_mattyrun.c +++ b/armsrc/Standalone/hf_mattyrun.c @@ -323,7 +323,7 @@ void RunMod() { Dbprintf("\tCurrent sector:%3d, block:%3d, key type: %c, key count: %i ", sec, block, type ? 'B' : 'A', mfKeysCnt); int key = saMifareChkKeys(block, type, true, size, &keyBlock[0], &key64); if (key == -1) { - LED(LED_RED, 50); //red + LED(LED_RED, 50); Dbprintf("\t✕ Key not found for this sector!"); allKeysFound = false; // break; @@ -348,21 +348,24 @@ void RunMod() { TODO: - Get UID from tag and set accordingly in emulator memory and call mifaresim with right flags (iceman) */ - if (!allKeysFound && keyFound) { - Dbprintf("\t✕ There's currently no nested attack in MattyRun, sorry!"); - LED_C_ON(); //red - LED_A_ON(); //yellow - // no room to run nested attack on device (iceman) - // Do nested attack, set allKeysFound = true; - // allKeysFound = true; + if (allKeysFound) { + Dbprintf("\t✓ All keys found"); } else { - Dbprintf("\t✕ There's nothing I can do without at least a one valid key, sorry!"); - LED_C_ON(); //red + if (keyFound) { + Dbprintf("\t✕ There's currently no nested attack in MattyRun, sorry!"); + LED_C_ON(); //red + LED_A_ON(); //yellow + // no room to run nested attack on device (iceman) + // Do nested attack, set allKeysFound = true; + // allKeysFound = true; + } else { + Dbprintf("\t✕ There's nothing I can do without at least a one valid key, sorry!"); + LED_C_ON(); //red + } } - /* - If enabled, transfers found keys to memory and loads target content in emulator memory. Then it simulates to be the tag it has basically cloned. - */ + // If enabled, transfers found keys to memory and loads target content in emulator memory. Then it simulates to be the tag it has basically cloned. + if ((transferToEml) && (allKeysFound)) { emlClearMem(); diff --git a/armsrc/Standalone/lf_em4100emul.c b/armsrc/Standalone/lf_em4100emul.c new file mode 100644 index 000000000..f3939f923 --- /dev/null +++ b/armsrc/Standalone/lf_em4100emul.c @@ -0,0 +1,98 @@ +//----------------------------------------------------------------------------- +// Artyom Gnatyuk, 2020 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// LF emul - Very simple mode. Simulate only predefined in low[] IDs +// Short click - select next slot and start simulation +//----------------------------------------------------------------------------- +#include "standalone.h" +#include "proxmark3_arm.h" +#include "appmain.h" +#include "fpgaloader.h" +#include "lfops.h" +#include "util.h" +#include "dbprint.h" +#include "ticks.h" +#include "string.h" +#include "BigBuf.h" + +#define MAX_IND 16 // 4 LEDs - 2^4 combinations +#define CLOCK 64 //for 125kHz + +// low & high - array for storage IDs. Its length must be equal. +// Predefined IDs must be stored in low[]. +// In high[] must be nulls +uint64_t low[] = {0x565A1140BE, 0x365A398149, 0x5555555555, 0xFFFFFFFFFF}; +uint32_t high[] = {0, 0, 0, 0}; +uint8_t *bba, slots_count; +int buflen; + +void ModInfo(void) { + DbpString(" LF EM4100 simulator standalone mode"); +} + +uint64_t ReversQuads(uint64_t bits) { + uint64_t result = 0; + for (int i = 0; i < 16; i++) { + result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i); + } + return result >> 24; +} + +void FillBuff(uint8_t bit) { + memset(bba + buflen, bit, CLOCK / 2); + buflen += (CLOCK / 2); + memset(bba + buflen, bit ^ 1, CLOCK / 2); + buflen += (CLOCK / 2); +} + +void ConstructEM410xEmulBuf(uint64_t id) { + + int i, j, binary[4], parity[4]; + buflen = 0; + for (i = 0; i < 9; i++) + FillBuff(1); + parity[0] = parity[1] = parity[2] = parity[3] = 0; + for (i = 0; i < 10; i++) { + for (j = 3; j >= 0; j--, id /= 2) + binary[j] = id % 2; + for (j = 0; j < 4; j++) + FillBuff(binary[j]); + FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]); + for (j = 0; j < 4; j++) + parity[j] ^= binary[j]; + } + for (j = 0; j < 4; j++) + FillBuff(parity[j]); + FillBuff(0); +} + +void LED_Slot(int i) { + LEDsoff(); + if (slots_count > 4) { + LED(i % MAX_IND, 0); //binary indication for slots_count > 4 + } else { + LED(1 << i, 0); //simple indication for slots_count <=4 + } +} + +void RunMod() { + StandAloneMode(); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + int selected = 0; //selected slot after start + slots_count = sizeof(low) / sizeof(low[0]); + bba = BigBuf_get_addr(); + for (;;) { + WDT_HIT(); + if (data_available()) break; + SpinDelay(100); + SpinUp(100); + LED_Slot(selected); + ConstructEM410xEmulBuf(ReversQuads(low[selected])); + SimulateTagLowFrequency(buflen, 0, true); + selected = (selected + 1) % slots_count; + } +} diff --git a/armsrc/Standalone/lf_em4100rwc.c b/armsrc/Standalone/lf_em4100rwc.c new file mode 100644 index 000000000..a2414a6fa --- /dev/null +++ b/armsrc/Standalone/lf_em4100rwc.c @@ -0,0 +1,202 @@ +//----------------------------------------------------------------------------- +// Artyom Gnatyuk, 2020 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// LF rwc - This mode can simulate ID from selected slot, read ID to +// selected slot, write from selected slot to T5555 tag and store +// readed ID to flash (only RDV4). Also you can set predefined IDs +// in any slot. +// To recall stored ID from flash execute: +// mem spifss dump o emdump p +// or: +// mem spifss dump o emdump f emdump +// then from shell: +// hexdump emdump -e '5/1 "%02X" /0 "\n"' +//----------------------------------------------------------------------------- +#include "standalone.h" +#include "proxmark3_arm.h" +#include "appmain.h" +#include "fpgaloader.h" +#include "lfops.h" +#include "util.h" +#include "dbprint.h" +#include "ticks.h" +#include "string.h" +#include "BigBuf.h" +#include "spiffs.h" + +#ifdef WITH_FLASH +#include "flashmem.h" +#endif + +#define MAX_IND 16 // 4 LEDs - 2^4 combinations +#define CLOCK 64 //for 125kHz + +// low & high - array for storage IDs. Its length must be equal. +// Predefined IDs must be stored in low[]. +// In high[] must be nulls +uint64_t low[] = {0x565AF781C7, 0x540053E4E2, 0x1234567890, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; +uint32_t high[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; +uint8_t *bba, slots_count; +int buflen; + +void ModInfo(void) { + DbpString(" LF EM4100 read/write/clone mode"); +} + +uint64_t ReversQuads(uint64_t bits) { + uint64_t result = 0; + for (int i = 0; i < 16; i++) { + result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i); + } + return result >> 24; +} + +void FillBuff(uint8_t bit) { + memset(bba + buflen, bit, CLOCK / 2); + buflen += (CLOCK / 2); + memset(bba + buflen, bit ^ 1, CLOCK / 2); + buflen += (CLOCK / 2); +} + +void ConstructEM410xEmulBuf(uint64_t id) { + + int i, j, binary[4], parity[4]; + buflen = 0; + for (i = 0; i < 9; i++) + FillBuff(1); + parity[0] = parity[1] = parity[2] = parity[3] = 0; + for (i = 0; i < 10; i++) { + for (j = 3; j >= 0; j--, id /= 2) + binary[j] = id % 2; + for (j = 0; j < 4; j++) + FillBuff(binary[j]); + FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]); + for (j = 0; j < 4; j++) + parity[j] ^= binary[j]; + } + for (j = 0; j < 4; j++) + FillBuff(parity[j]); + FillBuff(0); +} + +void LED_Slot(int i) { + LEDsoff(); + if (slots_count > 4) { + LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4 + } else { + LED(1 << i, 0); //simple indication for slots_count <=4 + } +} + +void FlashLEDs(uint32_t speed, uint8_t times) { + for (int i = 0; i < times * 2; i++) { + LED_A_INV(); + LED_B_INV(); + LED_C_INV(); + LED_D_INV(); + SpinDelay(speed); + } +} + +#ifdef WITH_FLASH +void SaveIDtoFlash(int addr, uint64_t id) { + uint8_t bt[5]; + char *filename = "emdump"; + rdv40_spiffs_mount(); + for (int i = 0; i < 5; i++) { + bt[4 - i] = (uint8_t)(id >> 8 * i & 0xff); + } + if (exists_in_spiffs(filename) == false) { + rdv40_spiffs_write(filename, &bt[0], 5, RDV40_SPIFFS_SAFETY_NORMAL); + } else { + rdv40_spiffs_append(filename, &bt[0], 5, RDV40_SPIFFS_SAFETY_NORMAL); + } +} +#endif + +void RunMod() { + StandAloneMode(); + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + int selected = 0; + //state 0 - select slot + // 1 - read tag to selected slot, + // 2 - simulate tag from selected slot + // 3 - write to T5555 tag + uint8_t state = 0; + slots_count = sizeof(low) / sizeof(low[0]); + bba = BigBuf_get_addr(); + LED_Slot(selected); + for (;;) { + WDT_HIT(); + if (data_available()) break; + int button_pressed = BUTTON_HELD(1000); + SpinDelay(300); + switch (state) { + case 0: + // Select mode + if (button_pressed == 1) { + // Long press - switch to simulate mode + SpinUp(100); + LED_Slot(selected); + state = 2; + } else if (button_pressed < 0) { + // Click - switch to next slot + selected = (selected + 1) % slots_count; + LED_Slot(selected); + } + break; + case 1: + // Read mode. + if (button_pressed > 0) { + // Long press - switch to read mode + SpinUp(100); + LED_Slot(selected); + state = 3; + } else if (button_pressed < 0) { + // Click - exit to select mode + CmdEM410xdemod(1, &high[selected], &low[selected], 0); + FlashLEDs(100, 5); +#ifdef WITH_FLASH + SaveIDtoFlash(selected, low[selected]); +#endif + state = 0; + } + break; + case 2: + // Simulate mode + if (button_pressed > 0) { + // Long press - switch to read mode + SpinDown(100); + LED_Slot(selected); + state = 1; + } else if (button_pressed < 0) { + // Click - start simulating. Click again to exit from simulate mode + LED_Slot(selected); + ConstructEM410xEmulBuf(ReversQuads(low[selected])); + FlashLEDs(100, 5); + SimulateTagLowFrequency(buflen, 0, 1); + LED_Slot(selected); + state = 0; // Switch to select mode + } + break; + case 3: + // Write tag mode + if (button_pressed > 0) { + // Long press - switch to select mode + SpinDown(100); + LED_Slot(selected); + state = 0; + } else if (button_pressed < 0) { + // Click - write ID to tag + WriteEM410x(0, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff)); + LED_Slot(selected); + state = 0; // Switch to select mode + } + break; + } + } +} diff --git a/armsrc/Standalone/lf_icehid.c b/armsrc/Standalone/lf_icehid.c index 77f04024e..34d4439a0 100644 --- a/armsrc/Standalone/lf_icehid.c +++ b/armsrc/Standalone/lf_icehid.c @@ -7,6 +7,7 @@ //----------------------------------------------------------------------------- // main code for HID collector aka IceHID by Iceman //----------------------------------------------------------------------------- +#include #include "standalone.h" // standalone definitions #include "proxmark3_arm.h" #include "appmain.h" @@ -63,7 +64,7 @@ void DownloadLogInstructions() { bool log_exists; -void append(uint8_t* entry, size_t entry_len) { +void append(uint8_t *entry, size_t entry_len) { LED_B_ON(); if (log_exists == false) { @@ -105,23 +106,23 @@ uint32_t IceEM410xdemod() { memset(entry, 0, sizeof(entry)); if (size == 128) { - sprintf((char *)entry, "EM XL TAG ID: %06lx%08lx%08lx - (%05ld_%03ld_%08ld)\n", - hi, - (uint32_t)(lo >> 32), - (uint32_t)lo, - (uint32_t)(lo & 0xFFFF), - (uint32_t)((lo >> 16LL) & 0xFF), - (uint32_t)(lo & 0xFFFFFF)); + sprintf((char *)entry, "EM XL TAG ID: %06"PRIx32"%08"PRIx32"%08"PRIx32" - (%05"PRIu32"_%03"PRIu32"_%08"PRIu32")\n", + hi, + (uint32_t)(lo >> 32), + (uint32_t)lo, + (uint32_t)(lo & 0xFFFF), + (uint32_t)((lo >> 16LL) & 0xFF), + (uint32_t)(lo & 0xFFFFFF)); } else { - sprintf((char *)entry, "EM TAG ID: %02lx%08lx - (%05ld_%03ld_%08ld)\n", - (uint32_t)(lo >> 32), - (uint32_t)lo, - (uint32_t)(lo & 0xFFFF), - (uint32_t)((lo >> 16LL) & 0xFF), - (uint32_t)(lo & 0xFFFFFF)); + sprintf((char *)entry, "EM TAG ID: %02"PRIx32"%08"PRIx32" - (%05"PRIu32"_%03"PRIu32"_%08"PRIu32")\n", + (uint32_t)(lo >> 32), + (uint32_t)lo, + (uint32_t)(lo & 0xFFFF), + (uint32_t)((lo >> 16LL) & 0xFF), + (uint32_t)(lo & 0xFFFFFF)); } - append(entry, strlen((char*)entry)); + append(entry, strlen((char *)entry)); Dbprintf("%s", entry); BigBuf_free(); return PM3_SUCCESS; @@ -160,20 +161,20 @@ uint32_t IceAWIDdemod() { uint8_t fac = bytebits_to_byte(dest + 9, 8); uint32_t cardnum = bytebits_to_byte(dest + 17, 16); uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen); - sprintf((char *)entry, "AWID bit len: %d, FC: %d, Card: %ld - Wiegand: %lx, Raw: %08lx%08lx%08lx\n", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo); + sprintf((char *)entry, "AWID bit len: %d, FC: %d, Card: %"PRIu32" - Wiegand: %"PRIx32", Raw: %08"PRIx32"%08"PRIx32"%08"PRIx32"\n", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo); } else { uint32_t cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16); if (fmtLen > 32) { uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen - 32); uint32_t code2 = bytebits_to_byte(dest + 8 + (fmtLen - 32), 32); - sprintf((char *)entry, "AWID bit len: %d -unk bit len - Card: %ld - Wiegand: %lx%08lx, Raw: %08lx%08lx%08lx\n", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); + sprintf((char *)entry, "AWID bit len: %d -unk bit len - Card: %"PRIu32" - Wiegand: %"PRIx32"%08"PRIx32", Raw: %08"PRIx32"%08"PRIx32"%08"PRIx32"\n", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); } else { uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen); - sprintf((char *)entry, "AWID bit len: %d -unk bit len - Card: %ld - Wiegand: %lx, Raw: %08lx%08lx%08lx\n", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); + sprintf((char *)entry, "AWID bit len: %d -unk bit len - Card: %"PRIu32" - Wiegand: %"PRIx32", Raw: %08"PRIx32"%08"PRIx32"%08"PRIx32"\n", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); } } - append(entry, strlen((char*)entry)); + append(entry, strlen((char *)entry)); Dbprintf("%s", entry); BigBuf_free(); return PM3_SUCCESS; @@ -209,15 +210,15 @@ uint32_t IceIOdemod() { uint8_t entry[64]; memset(entry, 0, sizeof(entry)); - sprintf((char *)entry, "IO Prox XSF(%02d)%02x:%05d (%08lx%08lx)\n" - , version - , facilitycode - , number - , hi - , lo - ); + sprintf((char *)entry, "IO Prox XSF(%02u)%02x:%05u (%08"PRIx32"%08"PRIx32")\n" + , version + , facilitycode + , number + , hi + , lo + ); - append(entry, strlen((char*)entry)); + append(entry, strlen((char *)entry)); Dbprintf("%s", entry); BigBuf_free(); return PM3_SUCCESS; @@ -249,14 +250,14 @@ uint32_t IceHIDDemod() { // go over previously decoded manchester data and decode into usable tag ID if (hi2 != 0) { //extra large HID tags 88/192 bits - sprintf((char *)entry, "HID large: %lx%08lx%08lx (%ld)\n", - hi2, - hi, - lo, - (lo >> 1) & 0xFFFF - ); + sprintf((char *)entry, "HID large: %"PRIx32"%08"PRIx32"%08"PRIx32" (%"PRIu32")\n", + hi2, + hi, + lo, + (lo >> 1) & 0xFFFF + ); - append(entry, strlen((char*)entry)); + append(entry, strlen((char *)entry)); } else { //standard HID tags 44/96 bits uint8_t bitlen = 0; @@ -296,16 +297,16 @@ uint32_t IceHIDDemod() { fac = ((hi & 0xF) << 12) | (lo >> 20); } - sprintf((char *)entry, "HID: %lx%08lx (%ld) Format: %d bit FC: %ld Card: %ld\n", - hi, - lo, - (lo >> 1) & 0xFFFF, - bitlen, - fac, - cardnum - ); + sprintf((char *)entry, "HID: %"PRIx32"%08"PRIx32" (%"PRIu32") Format: %d bit FC: %"PRIu32" Card: %"PRIu32"\n", + hi, + lo, + (lo >> 1) & 0xFFFF, + bitlen, + fac, + cardnum + ); - append(entry, strlen((char*)entry)); + append(entry, strlen((char *)entry)); } Dbprintf("%s", entry); @@ -349,7 +350,7 @@ void RunMod() { uint32_t res; - // since we steal 12800 from bigbuffer, no need to sample it. + // since we steal 12800 from bigbuffer, no need to sample it. DoAcquisition_config(false, 28000); res = IceHIDDemod(); if (res == PM3_SUCCESS) { diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 15d939a35..5bec32364 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -42,6 +42,7 @@ #include "Standalone/standalone.h" #include "util.h" #include "ticks.h" +#include "commonutil.h" #ifdef WITH_LCD #include "LCD.h" @@ -548,7 +549,7 @@ void ListenReaderField(uint8_t limit) { // iceman, useless, since we are measuring readerfield, not our field. My tests shows a max of 20v from a reader. hf_av = hf_max = AvgAdc(ADC_CHAN_HF_RDV40); #else - hf_av = hf_max = AvgAdc(ADC_CHAN_HF); + hf_av = hf_max = AvgAdc(ADC_CHAN_HF); #endif Dbprintf("HF 13.56MHz Baseline: %dmV", (MAX_ADC_HF_VOLTAGE * hf_av) >> 10); hf_baseline = hf_av; @@ -721,12 +722,20 @@ static void PacketReceived(PacketCommandNG *packet) { setT55xxConfig(packet->oldarg[0], (t55xx_configurations_t *) packet->data.asBytes); break; } - case CMD_LF_SAMPLING_GET_CONFIG: { + case CMD_LF_SAMPLING_PRINT_CONFIG: { printConfig(); break; } + case CMD_LF_SAMPLING_GET_CONFIG: { + sample_config *config = getSamplingConfig(); + reply_ng(CMD_LF_SAMPLING_GET_CONFIG, PM3_SUCCESS, (uint8_t *)config, sizeof(sample_config)); + break; + } case CMD_LF_SAMPLING_SET_CONFIG: { - setSamplingConfig((sample_config *) packet->data.asBytes); + sample_config c; + memcpy(&c, packet->data.asBytes, sizeof(sample_config)); + setSamplingConfig(&c); +// setSamplingConfig((sample_config *) packet->data.asBytes); break; } case CMD_LF_ACQ_RAW_ADC: { @@ -1239,6 +1248,17 @@ static void PacketReceived(PacketCommandNG *packet) { // SniffMifare(packet->oldarg[0]); // break; // } + case CMD_HF_MIFARE_PERSONALIZE_UID: { + struct p { + uint8_t keytype; + uint8_t pers_option; + uint8_t key[6]; + } PACKED; + struct p *payload = (struct p *) packet->data.asBytes; + uint64_t authkey = bytes_to_num(payload->key, 6); + MifarePersonalizeUID(payload->keytype, payload->pers_option, authkey); + break; + } case CMD_HF_MIFARE_SETMOD: { MifareSetMod(packet->data.asBytes); break; diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index 8a0d4934a..7e4c7ca14 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -20,6 +20,8 @@ // Anon, 2019 // Doegox, 2020 +#define DBG if (DBGLEVEL >= DBG_EXTENDED) + #include "hitag2.h" #include "hitag2_crypto.h" #include "string.h" @@ -92,7 +94,7 @@ uint8_t nonce[4]; bool key_no; static uint64_t cipher_state; -size_t blocknr; +int16_t blocknr; size_t flipped_bit = 0; uint32_t byte_value = 0; @@ -305,6 +307,9 @@ static void hitag2_handle_reader_command(uint8_t *rx, const size_t rxlen, uint8_ break; } + // LogTrace(rx, nbytes(rxlen), 0, 0, NULL, false); + // LogTrace(tx, nbytes(txlen), 0, 0, NULL, true); + if (tag.crypto_active) { hitag2_cipher_transcrypt(&(tag.cs), tx, *txlen / 8, *txlen % 8); } @@ -337,12 +342,12 @@ static uint32_t hitag_reader_send_bit(int bit) { lf_wait_periods(HITAG_T_1 - HITAG_T_LOW); // wait for 26-32 times the carrier period wait += HITAG_T_1 - HITAG_T_LOW; } - /*lf_wait_periods(10);*/ + LED_A_OFF(); return wait; } -// reader/writer +// reader / writer commands static uint32_t hitag_reader_send_frame(const uint8_t *frame, size_t frame_len) { uint32_t wait = 0; @@ -403,7 +408,7 @@ void fix_ac_decoding(uint8_t *input, size_t len) { */ -// looks at number of received bits. +// looks at number of received bits. // 0 = collision? // 32 = good response bool hitag_plain(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *txlen, bool hitag_s) { @@ -539,7 +544,7 @@ bool hitag1_authenticate(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *t // will receive 32-bit configuration page } else if (bSelecting) { // Initiate auth - tx[0] = 0xa0 | key_no >> 4; // WRCPAGE + tx[0] = 0xa0 | (key_no); // WRCPAGE tx[1] = blocknr << 4; crc = hitag_crc(tx, 12); tx[1] |= crc >> 4; @@ -577,14 +582,15 @@ bool hitag1_authenticate(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t *t Dbhexdump(4, logdata_1, false); bSuccessful = true; return false; - - // read next page of card until done - tx[0] = 0xe0 | blocknr >> 4; // RDCPAGE - tx[1] = blocknr << 4; - crc = hitag_crc(tx, 12); - tx[1] |= crc >> 4; - tx[2] = crc << 4; - *txlen = 20; + /* + // read next page of card until done + tx[0] = 0xe0 | blocknr >> 4; // RDCPAGE + tx[1] = blocknr << 4; + crc = hitag_crc(tx, 12); + tx[1] |= crc >> 4; + tx[2] = crc << 4; + *txlen = 20; + */ } } break; @@ -953,17 +959,18 @@ static bool hitag2_read_uid(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t memcpy(tag.sectors[blocknr], rx, 4); blocknr++; - Dbhexdump(4, rx, false); + DBG Dbhexdump(4, rx, false); } if (blocknr > 0) { + DBG DbpString("Read successful!"); bSuccessful = true; - return false; + return true; } } break; // Unexpected response default: { - Dbprintf("Unknown frame length: %d", rxlen); + DBG Dbprintf("Unknown frame length: %d", rxlen); return false; } break; @@ -1017,7 +1024,7 @@ void SniffHitag2(void) { // Receive frame, watch for at most T0*EOF periods - lf_reset_counter(); +// lf_reset_counter(); // Wait "infinite" for reader modulation periods = lf_detect_gap(20000); @@ -1071,8 +1078,6 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) { DbpString("Starting Hitag2 simulation"); - LED_D_ON(); - // hitag2 state machine? hitag2_init(); @@ -1086,7 +1091,7 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) { uint32_t block = 0; for (size_t i = 0; i < 12; i++) { - // num2bytes? + // num2bytes? for (size_t j = 0; j < 4; j++) { block <<= 8; block |= tag.sectors[i][j]; @@ -1094,31 +1099,36 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) { Dbprintf("| %d | %08x |", i, block); } - uint8_t tag_modulation; + uint8_t reader_modulation; size_t max_nrzs = 8 * HITAG_FRAME_LEN + 5; uint8_t nrz_samples[max_nrzs]; size_t nrzs = 0, periods = 0; // uint32_t command_start = 0, command_duration = 0; + // int16_t checked = 0; - int16_t checked = 0; +// SIMULATE while (!BUTTON_PRESS()) { -loop1: + LED_D_ON(); + +// lf_reset_counter(); LED_A_OFF(); WDT_HIT(); - // only every 1000th times, in order to save time when collecting samples. - if (checked == 100) { - if (data_available()) { - checked = -1; - break; - } else { - checked = 0; - } - } - ++checked; + /* + // only every 1000th times, in order to save time when collecting samples. + if (checked == 100) { + if (data_available()) { + checked = -1; + break; + } else { + checked = 0; + } + } + ++checked; + */ rxlen = 0; @@ -1126,10 +1136,10 @@ loop1: bool waiting_for_first_edge = true; // Did we detected any modulaiton at all - bool detected_tag_modulation = false; + bool detected_modulation = false; // Use the current modulation state as starting point - tag_modulation = lf_get_tag_modulation(); + reader_modulation = lf_get_reader_modulation(); // Receive frame, watch for at most max_nrzs periods // Reset the number of NRZ samples and use edge detection to detect them @@ -1141,7 +1151,7 @@ loop1: // Just break out of loop after an initial time-out (tag is probably not available) // The function lf_count_edge_periods() returns 0 when a time-out occurs if (periods == 0) { - goto loop1; //break; + break; } LED_A_ON(); @@ -1159,32 +1169,36 @@ loop1: periods = 16; // We have received more than 0 periods, so we have detected a tag response - detected_tag_modulation = true; + detected_modulation = true; } // Evaluate the number of periods before the next edge if (periods > 24 && periods <= 64) { // Detected two sequential equal bits and a modulation switch // NRZ modulation: (11 => --|) or (11 __|) - nrz_samples[nrzs++] = tag_modulation; - nrz_samples[nrzs++] = tag_modulation; + nrz_samples[nrzs++] = reader_modulation; + nrz_samples[nrzs++] = reader_modulation; // Invert tag modulation state - tag_modulation ^= 1; + reader_modulation ^= 1; } else if (periods > 0 && periods <= 24) { // Detected one bit and a modulation switch // NRZ modulation: (1 => -|) or (0 _|) - nrz_samples[nrzs++] = tag_modulation; - tag_modulation ^= 1; + nrz_samples[nrzs++] = reader_modulation; + reader_modulation ^= 1; } else { - tag_modulation ^= 1; + reader_modulation ^= 1; // The function lf_count_edge_periods() returns > 64 periods, this is not a valid number periods Dbprintf("Detected unexpected period count: %d", periods); break; } } + LED_D_OFF(); + // If there is no response, just repeat the loop - if (!detected_tag_modulation) continue; + if (!detected_modulation) continue; + + LED_A_OFF(); // Make sure we always have an even number of samples. This fixes the problem // of ending the manchester decoding with a zero. See the example below where @@ -1194,7 +1208,7 @@ loop1: // The last modulation change of a zero is not detected, but we should take // the half period in account, otherwise the demodulator will fail. if ((nrzs % 2) != 0) { - nrz_samples[nrzs++] = tag_modulation; + nrz_samples[nrzs++] = reader_modulation; } LED_B_ON(); @@ -1206,8 +1220,8 @@ loop1: if (nrzs < 5) { Dbprintf("Detected unexpected number of manchester decoded samples [%d]", nrzs); continue; - } else { - for (size_t i = 0; i < 5; i++){ + } else { + for (size_t i = 0; i < 5; i++) { if (nrz_samples[i] != 1) { Dbprintf("Detected incorrect header, the bit [%d] is zero instead of one", i); } @@ -1215,7 +1229,7 @@ loop1: } // Pack the response into a byte array - for (size_t i = 5; i < 37; i++){ + for (size_t i = 5; i < 37; i++) { uint8_t bit = nrz_samples[i]; rx[rxlen / 8] |= bit << (7 - (rxlen % 8)); rxlen++; @@ -1233,8 +1247,8 @@ loop1: // not that since the clock counts since the rising edge, but T_Wait1 is // with respect to the falling edge, we need to wait actually (T_Wait1 - T_Low) // periods. The gap time T_Low varies (4..10). All timer values are in - // terms of T0 units - lf_wait_periods(200); + // terms of T0 units (HITAG_T_WAIT_1_MIN - HITAG_T_LOW ) + lf_wait_periods(HITAG_T_WAIT_1_MIN); // Send and store the tag answer (if there is any) if (txlen) { @@ -1266,19 +1280,19 @@ loop1: void ReaderHitag(hitag_function htf, hitag_data *htd) { - uint32_t command_start = 0; - uint32_t command_duration = 0; - uint32_t response_start = 0; - uint32_t response_duration = 0; + uint32_t command_start = 0, command_duration = 0; + uint32_t response_start = 0, response_duration = 0; + uint8_t rx[HITAG_FRAME_LEN]; size_t rxlen = 0; uint8_t txbuf[HITAG_FRAME_LEN]; uint8_t *tx = txbuf; size_t txlen = 0; - int t_wait_1; + + int t_wait_1 = 204; int t_wait_1_guard = 8; - int t_wait_2; - size_t tag_size; + int t_wait_2 = 128; + size_t tag_size = 48; bool bStop = false; // Raw demodulation/decoding by sampling edge periods @@ -1292,19 +1306,17 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { set_tracing(true); clear_trace(); - DbpString("Starting Hitag reader family"); - // Check configuration switch (htf) { case RHT1F_PLAIN: { - Dbprintf("Read public blocks in plain mode"); + DBG Dbprintf("Read public blocks in plain mode"); // this part will be unreadable memset(tag.sectors + 2, 0x0, 30); blocknr = 0; break; } case RHT1F_AUTHENTICATE: { - Dbprintf("Read all blocks in authed mode"); + DBG Dbprintf("Read all blocks in authed mode"); memcpy(nonce, htd->ht1auth.nonce, 4); memcpy(key, htd->ht1auth.key, 4); memcpy(logdata_0, htd->ht1auth.logdata_0, 4); @@ -1314,19 +1326,19 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { memset(logdata_1, 0x00, 4); byte_value = 0; key_no = htd->ht1auth.key_no; - Dbprintf("Authenticating using key #%d:", key_no); - Dbhexdump(4, key, false); - DbpString("Nonce:"); - Dbhexdump(4, nonce, false); - DbpString("Logdata_0:"); - Dbhexdump(4, logdata_0, false); - DbpString("Logdata_1:"); - Dbhexdump(4, logdata_1, false); + DBG Dbprintf("Authenticating using key #%d:", key_no); + DBG Dbhexdump(4, key, false); + DBG DbpString("Nonce:"); + DBG Dbhexdump(4, nonce, false); + DBG DbpString("Logdata_0:"); + DBG Dbhexdump(4, logdata_0, false); + DBG DbpString("Logdata_1:"); + DBG Dbhexdump(4, logdata_1, false); blocknr = 0; break; } case RHT2F_PASSWORD: { - Dbprintf("List identifier in password mode"); + DBG Dbprintf("List identifier in password mode"); if (memcmp(htd->pwd.password, "\x00\x00\x00\x00", 4) == 0) memcpy(password, tag.sectors[1], sizeof(password)); else @@ -1338,19 +1350,19 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { break; } case RHT2F_AUTHENTICATE: { - DbpString("Authenticating using nr,ar pair:"); + DBG DbpString("Authenticating using nr,ar pair:"); memcpy(NrAr, htd->auth.NrAr, 8); - Dbhexdump(8, NrAr, false); + DBG Dbhexdump(8, NrAr, false); bCrypto = false; bAuthenticating = false; break; } case RHT2F_CRYPTO: { - DbpString("Authenticating using key:"); + DBG DbpString("Authenticating using key:"); memcpy(key, htd->crypto.key, 6); //HACK; 4 or 6?? I read both in the code. - Dbhexdump(6, key, false); - DbpString("Nonce:"); - Dbhexdump(4, nonce, false); + DBG Dbhexdump(6, key, false); + DBG DbpString("Nonce:"); + DBG Dbhexdump(4, nonce, false); memcpy(nonce, htd->crypto.data, 4); blocknr = 0; bCrypto = false; @@ -1358,7 +1370,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { break; } case RHT2F_TEST_AUTH_ATTEMPTS: { - Dbprintf("Testing %d authentication attempts", (auth_table_len / 8)); + DBG Dbprintf("Testing %d authentication attempts", (auth_table_len / 8)); auth_table_pos = 0; memcpy(NrAr, auth_table, 8); bCrypto = false; @@ -1371,7 +1383,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { break; } default: { - Dbprintf("Error, unknown function: %d", htf); + DBG Dbprintf("Error, unknown function: %d", htf); set_tracing(false); return; } @@ -1382,9 +1394,6 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { // hitag2 state machine? hitag2_init(); - // init as reader - lf_init(true, false); - uint8_t attempt_count = 0; // Tag specific configuration settings (sof, timings, etc.) @@ -1392,41 +1401,40 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { // hitagS settings t_wait_1 = 204; t_wait_2 = 128; - /*tag_size = 256;*/ flipped_bit = 0; tag_size = 8; - DbpString("Configured for hitagS reader"); + DBG DbpString("Configured for hitagS reader"); } else if (htf < 20) { // hitag1 settings t_wait_1 = 204; t_wait_2 = 128; tag_size = 256; flipped_bit = 0; - DbpString("Configured for hitag1 reader"); + DBG DbpString("Configured for hitag1 reader"); } else if (htf < 30) { // hitag2 settings t_wait_1 = HITAG_T_WAIT_1_MIN; t_wait_2 = HITAG_T_WAIT_2_MIN; tag_size = 48; - DbpString("Configured for hitag2 reader"); - } else { - Dbprintf("Error, unknown hitag reader type: %d", htf); - return; + DBG DbpString("Configured for hitag2 reader"); } + // init as reader + lf_init(true, false); + uint8_t tag_modulation; size_t max_nrzs = (8 * HITAG_FRAME_LEN + 5) * 2; // up to 2 nrzs per bit uint8_t nrz_samples[max_nrzs]; size_t nrzs = 0; int16_t checked = 0; - while (!bStop) { + while (!bStop && !BUTTON_PRESS()) { WDT_HIT(); // only every 1000th times, in order to save time when collecting samples. if (checked == 1000) { - if (BUTTON_PRESS() || data_available()) { + if (data_available()) { checked = -1; break; } else { @@ -1471,7 +1479,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { break; } default: { - Dbprintf("Error, unknown function: %d", htf); + DBG Dbprintf("Error, unknown function: %d", htf); goto out; } } @@ -1531,7 +1539,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { } else { // The function lf_count_edge_periods() returns 0 when a time-out occurs if (periods == 0) { - //Dbprintf("Detected timeout after [%d] nrz samples", nrzs); + DBG Dbprintf("Detected timeout after [%d] nrz samples", nrzs); break; } } @@ -1552,7 +1560,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { tag_modulation ^= 1; } else { // The function lf_count_edge_periods() returns > 64 periods, this is not a valid number periods - //Dbprintf("Detected unexpected period count: %d", periods); + DBG Dbprintf("Detected unexpected period count: %d", periods); break; } } @@ -1591,13 +1599,13 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { // Verify if the header consists of five consecutive ones if (nrzs < 5) { - Dbprintf("Detected unexpected number of manchester decoded samples [%d]", nrzs); + DBG Dbprintf("Detected unexpected number of manchester decoded samples [%d]", nrzs); break; } else { size_t i; for (i = 0; i < 5; i++) { if (nrz_samples[i] != 1) { - Dbprintf("Detected incorrect header, the bit [%d] is zero instead of one, abort", i); + DBG Dbprintf("Detected incorrect header, the bit [%d] is zero instead of one, abort", i); break; } } @@ -1608,7 +1616,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { for (size_t i = 5; i < nrzs; i++) { uint8_t bit = nrz_samples[i]; if (bit > 1) { // When Manchester detects impossible symbol it writes "7" - Dbprintf("Error in Manchester decoding, abort"); + DBG Dbprintf("Error in Manchester decoding, abort"); break; } rx[rxlen / 8] |= bit << (7 - (rxlen % 8)); @@ -1648,16 +1656,18 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { uint32_t command_start = 0; uint32_t command_duration = 0; uint32_t response_start = 0; - uint32_t response_duration = 0; + uint32_t response_duration = 0; uint8_t rx[HITAG_FRAME_LEN]; size_t rxlen = 0; uint8_t txbuf[HITAG_FRAME_LEN]; uint8_t *tx = txbuf; size_t txlen = 0; - int t_wait_1; + + int t_wait_1 = 204; int t_wait_1_guard = 8; - int t_wait_2; - size_t tag_size; + int t_wait_2 = 128; + size_t tag_size = 48; + bool bStop = false; // Raw demodulation/decoding by sampling edge periods @@ -1671,8 +1681,7 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { set_tracing(true); clear_trace(); - DbpString("Starting Hitag writer family"); - + // Check configuration switch (htf) { case WHT2F_CRYPTO: { @@ -1710,7 +1719,7 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { // init as reader lf_init(true, false); - + // Tag specific configuration settings (sof, timings, etc.) if (htf < 10) { // hitagS settings @@ -1721,21 +1730,18 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { tag_size = 8; DbpString("Configured for hitagS writer"); } else if (htf < 20) { - // hitag1 settings + // hitag1 settings t_wait_1 = 204; t_wait_2 = 128; tag_size = 256; flipped_bit = 0; DbpString("Configured for hitag1 writer"); } else if (htf < 30) { - // hitag2 settings + // hitag2 settings t_wait_1 = HITAG_T_WAIT_1_MIN; t_wait_2 = HITAG_T_WAIT_2_MIN; tag_size = 48; DbpString("Configured for hitag2 writer"); - } else { - Dbprintf("Error, unknown hitag writer type: %d", htf); - return; } uint8_t tag_modulation; @@ -1744,11 +1750,11 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { size_t nrzs = 0; int16_t checked = 0; - while (!bStop) { + while (!bStop && !BUTTON_PRESS()) { // only every 1000th times, in order to save time when collecting samples. if (checked == 1000) { - if (BUTTON_PRESS() || data_available()) { + if (data_available()) { checked = -1; break; } else { @@ -1776,7 +1782,7 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { } } - // Wait for t_wait_2 carrier periods after the last tag bit before transmitting, + // Wait for t_wait_2 carrier periods after the last tag bit before transmitting, lf_wait_periods(t_wait_2); command_start += t_wait_2; diff --git a/armsrc/hitag2crack.c b/armsrc/hitag2crack.c index c6b61b019..d66f740bc 100644 --- a/armsrc/hitag2crack.c +++ b/armsrc/hitag2crack.c @@ -38,70 +38,60 @@ bool hitag2_crack(uint8_t *response, uint8_t *nrarhex) { uint8_t temp[20]; int i; uint8_t *spaceptr = NULL; - + // get uid as hexstring - if(!hitag2_get_uid(uidhex)) - { + if (!hitag2_get_uid(uidhex)) { UserMessage("Cannot get UID\r\n"); return false; } // convert uid hexstring to binarray hextobinarray(uid, uidhex); - + // convert nR and aR hexstrings to binarray spaceptr = strchr(nrarhex, ' '); - if (!spaceptr) - { + if (!spaceptr) { UserMessage("Please supply a valid nR aR pair\r\n"); return false; } *spaceptr = 0x00; - - if (hextobinarray(nrar, nrarhex) != 32) - { + + if (hextobinarray(nrar, nrarhex) != 32) { UserMessage("nR is not 32 bits long\r\n"); return false; } - - if (hextobinarray(nrar + 32, spaceptr + 1) != 32) - { + + if (hextobinarray(nrar + 32, spaceptr + 1) != 32) { UserMessage("aR is not 32 bits long\r\n"); return false; } // find a valid encrypted command - if (!hitag2crack_find_valid_e_cmd(e_firstcmd, nrar)) - { + if (!hitag2crack_find_valid_e_cmd(e_firstcmd, nrar)) { UserMessage("Cannot find a valid encrypted command\r\n"); return false; } - + // find the 'read page 0' command and recover key stream - if (!hitag2crack_find_e_page0_cmd(keybits, e_firstcmd, nrar, uid)) - { + if (!hitag2crack_find_e_page0_cmd(keybits, e_firstcmd, nrar, uid)) { UserMessage("Cannot find encrypted 'read page0' command\r\n"); return false; } - + // empty the response string response[0] = 0x00; - + // read all pages using key stream - for (i=0; i<8; i++) - { - if (hitag2crack_read_page(pagehex, i, nrar, keybits)) - { + for (i = 0; i < 8; i++) { + if (hitag2crack_read_page(pagehex, i, nrar, keybits)) { sprintf(temp, "%1d: %s\r\n", i, pagehex); - } - else - { + } else { sprintf(temp, "%1d:\r\n", i); } // add page string to response strcat(response, temp); } - + return true; } @@ -113,16 +103,16 @@ bool hitag2_crack(uint8_t *response, uint8_t *nrarhex) { bool hitag2crack_find_valid_e_cmd(uint8_t e_cmd[], uint8_t nrar[]) { uint8_t guess[10]; uint8_t responsestr[9]; - + // UserMessage("Finding valid encrypted command:"); // we're going to hold bits 5, 7, 8 and 9 and brute force the rest // e.g. x x x x x 0 x 0 0 0 - for (uint8_t a=0; a<2; a++) { - for (uint8_t b=0; b<2; b++) { - for (uint8_t c=0; c<2; c++) { - for (uint8_t d=0; d<2; d++) { - for (uint8_t e=0; e<2; e++) { - for (uint8_t g=0; g<2; g++) { + for (uint8_t a = 0; a < 2; a++) { + for (uint8_t b = 0; b < 2; b++) { + for (uint8_t c = 0; c < 2; c++) { + for (uint8_t d = 0; d < 2; d++) { + for (uint8_t e = 0; e < 2; e++) { + for (uint8_t g = 0; g < 2; g++) { // build binarray guess[0] = a; guess[1] = b; @@ -175,65 +165,50 @@ bool hitag2crack_find_e_page0_cmd(uint8_t keybits[], uint8_t e_firstcmd[], uint8 UserMessage("Finding 'read page 0' command:"); // we're going to brute the missing 4 bits of the valid encrypted command - for (a=0; a<2; a++) - { - for (b=0; b<2; b++) - { - for (c=0; c<2; c++) - { - for (d=0; d<2; d++) - { + for (a = 0; a < 2; a++) { + for (b = 0; b < 2; b++) { + for (c = 0; c < 2; c++) { + for (d = 0; d < 2; d++) { // create our guess by bit flipping the pattern of bits // representing the inverted bit and the 3 page bits // in both the non-inverted and inverted parts of the // encrypted command. memcpy(guess, e_firstcmd, 10); - if (a) - { + if (a) { guess[5] = !guess[5]; guess[0] = !guess[0]; } - if (b) - { + if (b) { guess[7] = !guess[7]; guess[2] = !guess[2]; } - if (c) - { + if (c) { guess[8] = !guess[8]; guess[3] = !guess[3]; } - if (d) - { + if (d) { guess[9] = !guess[9]; guess[4] = !guess[4]; } - + // try the guess - if (hitag2crack_send_e_cmd(responsestr, nrar, guess, 10)) - { + if (hitag2crack_send_e_cmd(responsestr, nrar, guess, 10)) { // check if it was valid - if (strcmp(responsestr, ERROR_RESPONSE) != 0) - { + if (strcmp(responsestr, ERROR_RESPONSE) != 0) { // convert response to binarray hextobinarray(e_uid, responsestr); // test if the guess was 'read page 0' command - if (hitag2crack_test_e_p0cmd(keybits, nrar, guess, uid, e_uid)) - { - + if (hitag2crack_test_e_p0cmd(keybits, nrar, guess, uid, e_uid)) { + return true; } - } - else - { + } else { #ifdef RFIDLER_DEBUG UserMessage("hitag2crack_find_e_page0_cmd:\r\n hitag2crack_send_e_cmd returned ERROR_RESPONSE\r\n"); #endif } - } - else - { - #ifdef RFIDLER_DEBUG + } else { +#ifdef RFIDLER_DEBUG UserMessage("hitag2crack_find_e_page0_cmd:\r\n hitag2crack_send_e_cmd failed\r\n"); #endif } @@ -262,56 +237,51 @@ bool hitag2crack_test_e_p0cmd(uint8_t *keybits, uint8_t *nrar, uint8_t *e_cmd, u uint8_t e_ext_cmd[40]; uint8_t responsestr[9]; int i; - + // copy encrypted cmd to cipherbits memcpy(cipherbits, e_cmd, 10); - + // copy encrypted uid to cipherbits memcpy(cipherbits + 10, e_uid, 32); - + // copy cmd to plainbits binstringtobinarray(plainbits, READP0CMD); - + // copy uid to plainbits memcpy(plainbits + 10, uid, 32); // xor the plainbits with the cipherbits to get keybits hitag2crack_xor(keybits, plainbits, cipherbits, 42); - + // create extended cmd -> 4 * READP0CMD = 40 bits - for (i=0; i<4; i++) - { + for (i = 0; i < 4; i++) { binstringtobinarray(ext_cmd + (i * 10), READP0CMD); } - + // xor extended cmd with keybits hitag2crack_xor(e_ext_cmd, ext_cmd, keybits, 40); - + // send extended encrypted cmd - if (hitag2crack_send_e_cmd(responsestr, nrar, e_ext_cmd, 40)) - { + if (hitag2crack_send_e_cmd(responsestr, nrar, e_ext_cmd, 40)) { // test if it was valid - if (strcmp(responsestr, ERROR_RESPONSE) != 0) - { + if (strcmp(responsestr, ERROR_RESPONSE) != 0) { return true; } - } - else - { + } else { #ifdef RFIDLER_DEBUG UserMessage("hitag2crack_test_e_p0cmd:\r\n hitag2crack_send_e_cmd failed\r\n"); #endif } - + return false; - + } // hitag2crack_xor XORs the source with the pad to produce the target. // source, target and pad are binarrays of length len. void hitag2crack_xor(uint8_t *target, uint8_t *source, uint8_t *pad, unsigned int len) { - for (int i=0; i 7)) - { + + if (pagenum > 7) { UserMessage("hitag2crack_read_page:\r\n invalid pagenum\r\n"); return false; } - + // create cmd binstringtobinarray(cmd, READP0CMD); - if (pagenum & 0x1) - { + if (pagenum & 0x1) { cmd[9] = !cmd[9]; cmd[4] = !cmd[4]; } - if (pagenum & 0x2) - { + if (pagenum & 0x2) { cmd[8] = !cmd[8]; cmd[3] = !cmd[3]; } - if (pagenum & 0x4) - { + if (pagenum & 0x4) { cmd[7] = !cmd[7]; cmd[2] = !cmd[2]; } - + // encrypt command hitag2crack_xor(e_cmd, cmd, keybits, 10); - + // send encrypted command - if (hitag2crack_send_e_cmd(e_responsestr, nrar, e_cmd, 10)) - { + if (hitag2crack_send_e_cmd(e_responsestr, nrar, e_cmd, 10)) { // check if it is valid - if (strcmp(e_responsestr, ERROR_RESPONSE) != 0) - { + if (strcmp(e_responsestr, ERROR_RESPONSE) != 0) { // convert to binarray hextobinarray(e_response, e_responsestr); // decrypt response @@ -370,17 +334,13 @@ bool hitag2crack_read_page(uint8_t *responsestr, uint8_t pagenum, uint8_t *nrar, // convert to hexstring binarraytohex(responsestr, response, 32); return true; - } - else - { + } else { UserMessage("hitag2crack_read_page:\r\n hitag2crack_send_e_cmd returned ERROR_RESPONSE\r\n"); } - } - else - { + } else { UserMessage("hitag2crack_read_page:\r\n hitag2crack_send_e_cmd failed\r\n"); } - + return false; } @@ -391,14 +351,13 @@ bool hitag2crack_read_page(uint8_t *responsestr, uint8_t pagenum, uint8_t *nrar, // cmd is the binarray of the encrypted command to send; // len is the length of the encrypted command. bool hitag2crack_send_e_cmd(uint8_t *responsestr, uint8_t *nrar, uint8_t *cmd, int len) { - uint8_t tmp[37]; +// uint8_t tmp[37]; uint8_t uid[9]; uint8_t e_page3str[9]; int ret = 0; // get the UID - if(!hitag2_get_uid(uid)) - { + if (!hitag2_get_uid(uid)) { UserMessage("hitag2crack_send_e_cmd:\r\n cannot get UID\r\n"); return false; } @@ -407,22 +366,19 @@ bool hitag2crack_send_e_cmd(uint8_t *responsestr, uint8_t *nrar, uint8_t *cmd, i CryptoActive = false; // get the UID again - if(!hitag2_get_uid(uid)) - { + if (!hitag2_get_uid(uid)) { UserMessage("hitag2crack_send_e_cmd:\r\n cannot get UID (2nd time)\r\n"); return false; } - + // send nrar and receive (useless) encrypted page 3 value - if (!hitag2crack_tx_rx(e_page3str, nrar, 64, RWD_STATE_WAKING, false)) - { + if (!hitag2crack_tx_rx(e_page3str, nrar, 64, RWD_STATE_WAKING, false)) { UserMessage("hitag2crack_send_e_cmd:\r\n tx/rx nrar failed\r\n"); return false; } - + // send encrypted command - if (!hitag2crack_tx_rx(responsestr, cmd, len, RWD_STATE_WAKING, false)) - { + if (!hitag2crack_tx_rx(responsestr, cmd, len, RWD_STATE_WAKING, false)) { #ifdef RFIDLER_DEBUG UserMessage("hitag2crack_send_e_cmd:\r\n tx/rx cmd failed\r\n"); #endif @@ -442,34 +398,29 @@ bool hitag2crack_tx_rx(uint8_t *responsestr, uint8_t *msg, int len, int state, b int ret = 0; // START_AUTH kills active crypto session - CryptoActive= false; - - if(!rwd_send(msg, len, reset, BLOCK, state, RFIDlerConfig.FrameClock, 0, RFIDlerConfig.RWD_Wait_Switch_RX_TX, RFIDlerConfig.RWD_Zero_Period, RFIDlerConfig.RWD_One_Period, RFIDlerConfig.RWD_Gap_Period, RFIDlerConfig.RWD_Wait_Switch_TX_RX)) - { + CryptoActive = false; + + if (!rwd_send(msg, len, reset, BLOCK, state, RFIDlerConfig.FrameClock, 0, RFIDlerConfig.RWD_Wait_Switch_RX_TX, RFIDlerConfig.RWD_Zero_Period, RFIDlerConfig.RWD_One_Period, RFIDlerConfig.RWD_Gap_Period, RFIDlerConfig.RWD_Wait_Switch_TX_RX)) { UserMessage("hitag2crack_tx_rx: rwd_send failed\r\n"); return false; } - + // skip 1/2 bit to synchronise manchester HW_Skip_Bits = 1; ret = read_ask_data(RFIDlerConfig.FrameClock, RFIDlerConfig.DataRate, tmp, 37, RFIDlerConfig.Sync, RFIDlerConfig.SyncBits, RFIDlerConfig.Timeout, ONESHOT_READ, BINARY); // check if response was a valid length (5 sync bits + 32 bits response) - if (ret == 37) - { + if (ret == 37) { // check sync bits - if (memcmp(tmp, Hitag2Sync, 5) != 0) - { + if (memcmp(tmp, Hitag2Sync, 5) != 0) { UserMessage("hitag2crack_tx_rx: no sync\r\n"); return false; } - + // convert response to hexstring binarraytohex(responsestr, tmp + 5, 32); return true; - } - else - { + } else { #ifdef RFIDLER_DEBUG UserMessage("hitag2crack_tx_rx: wrong rx len\r\n"); #endif @@ -485,58 +436,53 @@ bool hitag2crack_rng_init(uint8_t *response, uint8_t *input) { uint32_t initvector; uint8_t *spaceptr; uint8_t *dataptr; - + // extract vals from input dataptr = input; spaceptr = strchr(dataptr, ' '); - if (!spaceptr) - { + if (!spaceptr) { UserMessage("/r/nformat is 'sharedkey UID nR' in hex\r\n"); return false; } - + *spaceptr = 0x00; - - if (strlen(dataptr) != 12) - { + + if (strlen(dataptr) != 12) { UserMessage("/r/nsharedkey should be 48 bits long (12 hexchars)\r\n"); return false; } sharedkey = rev64(hexreversetoulonglong(dataptr)); - - dataptr = spaceptr+1; + + dataptr = spaceptr + 1; spaceptr = strchr(dataptr, ' '); - if (!spaceptr) - { + if (!spaceptr) { UserMessage("/r/nno UID\r\n"); return false; } - + *spaceptr = 0x00; - if (strlen(dataptr) != 8) - { + if (strlen(dataptr) != 8) { UserMessage("/r/nUID should be 32 bits long (8 hexchars)\r\n"); return false; } - + serialnum = rev32(hexreversetoulong(dataptr)); - - dataptr = spaceptr+1; - - if (strlen(dataptr) != 8) - { + + dataptr = spaceptr + 1; + + if (strlen(dataptr) != 8) { UserMessage("/r/nnR should be 32 bits long (8 hexchars)\r\n"); return false; } - + initvector = rev32(hexreversetoulong(dataptr)); - + // start up crypto engine hitag2_init(&Hitag_Crypto_State, sharedkey, serialnum, initvector); - + strcpy(response, "Success\r\n"); - + return true; } @@ -545,21 +491,20 @@ bool hitag2crack_decrypt_hex(uint8_t *response, uint8_t *hex) { uint8_t binhex[9]; uint8_t binstr[33]; uint32_t binulong; - - if (strlen(hex) != 8) - { + + if (strlen(hex) != 8) { UserMessage("/r/nhex must be 32bits (8 hex chars)\r\n"); return false; } - + binulong = hextoulong(hex); - + ulongtobinarray(bin, hitag2_crypt(binulong, 32), 32); binarraytobinstring(binstr, bin, 32); binarraytohex(binhex, bin, 32); // UserMessage("ar = %s\r\n", binstr); // UserMessage("arhex = %s\r\n", binhex); - + strcpy(response, binhex); return true; } @@ -570,17 +515,16 @@ bool hitag2crack_decrypt_bin(uint8_t *response, uint8_t *e_binstr) { uint8_t binstr[33]; uint32_t binulong; int len; - + len = strlen(e_binstr); - if (len > 32) - { + if (len > 32) { UserMessage("\r\nbinary string must be <= 32 bits\r\n"); return false; } - + binstringtobinarray(e_bin, e_binstr); binulong = binarraytoulong(e_bin, len); - + ulongtobinarray(bin, hitag2_crypt(binulong, len), len); binarraytobinstring(binstr, bin, len); strcpy(response, binstr); @@ -595,7 +539,7 @@ bool hitag2crack_encrypt_hex(uint8_t *response, uint8_t *hex) { bool hitag2crack_encrypt_bin(uint8_t *response, uint8_t *e_binstr) { return hitag2crack_decrypt_bin(response, e_binstr); } - + // hitag2_keystream uses the first crack algorithm described in the paper, // Gone In 360 Seconds by Verdult, Garcia and Balasch, to retrieve 2048 bits // of keystream. @@ -607,113 +551,101 @@ bool hitag2_keystream(uint8_t *response, uint8_t *nrarhex) { uint8_t uid[32]; uint8_t nrar[64]; uint8_t e_firstcmd[10]; - uint8_t e_page0cmd[10]; +// uint8_t e_page0cmd[10]; // uint8_t keybits[2080]; uint8_t *keybits = DataBuff; uint8_t keybitshex[67]; int kslen; int ksoffset; - uint8_t pagehex[9]; - uint8_t temp[20]; +// uint8_t pagehex[9]; +// uint8_t temp[20]; int i; uint8_t *spaceptr = NULL; -/* - keybits = malloc(2080); - if (!keybits) { - UserMessage("cannot malloc keybits\r\n"); - return false; - } -*/ - + /* + keybits = malloc(2080); + if (!keybits) { + UserMessage("cannot malloc keybits\r\n"); + return false; + } + */ + // get uid as hexstring - if(!hitag2_get_uid(uidhex)) - { + if (!hitag2_get_uid(uidhex)) { UserMessage("Cannot get UID\r\n"); return false; } // convert uid hexstring to binarray hextobinarray(uid, uidhex); - + // convert nR and aR hexstrings to binarray spaceptr = strchr(nrarhex, ' '); - if (!spaceptr) - { + if (!spaceptr) { UserMessage("Please supply a valid nR aR pair\r\n"); return false; } *spaceptr = 0x00; - - if (hextobinarray(nrar, nrarhex) != 32) - { + + if (hextobinarray(nrar, nrarhex) != 32) { UserMessage("nR is not 32 bits long\r\n"); return false; } - - if (hextobinarray(nrar + 32, spaceptr + 1) != 32) - { + + if (hextobinarray(nrar + 32, spaceptr + 1) != 32) { UserMessage("aR is not 32 bits long\r\n"); return false; } // find a valid encrypted command - if (!hitag2crack_find_valid_e_cmd(e_firstcmd, nrar)) - { + if (!hitag2crack_find_valid_e_cmd(e_firstcmd, nrar)) { UserMessage("Cannot find a valid encrypted command\r\n"); return false; } - + // find the 'read page 0' command and recover key stream - if (!hitag2crack_find_e_page0_cmd(keybits, e_firstcmd, nrar, uid)) - { + if (!hitag2crack_find_e_page0_cmd(keybits, e_firstcmd, nrar, uid)) { UserMessage("Cannot find encrypted 'read page0' command\r\n"); return false; } - + // using the 40 bits of keystream in keybits, sending commands with ever // increasing lengths to acquire 2048 bits of key stream. kslen = 40; - - while (kslen < 2048) - { + + while (kslen < 2048) { ksoffset = 0; - if (!hitag2crack_send_auth(nrar)) - { + if (!hitag2crack_send_auth(nrar)) { UserMessage("hitag2crack_send_auth failed\r\n"); return false; } // while we have at least 52 bits of keystream, consume it with // extended read page 0 commands. 52 = 10 (min command len) + // 32 (response) + 10 (min command len we'll send) - while ((kslen - ksoffset) >= 52) - { + while ((kslen - ksoffset) >= 52) { // consume the keystream, updating ksoffset as we go - if (!hitag2crack_consume_keystream(keybits, kslen, &ksoffset, nrar)) - { + if (!hitag2crack_consume_keystream(keybits, kslen, &ksoffset, nrar)) { UserMessage("hitag2crack_consume_keystream failed\r\n"); return false; } } // send an extended command to retrieve more keystream, updating kslen // as we go - if (!hitag2crack_extend_keystream(keybits, &kslen, ksoffset, nrar, uid)) - { + if (!hitag2crack_extend_keystream(keybits, &kslen, ksoffset, nrar, uid)) { UserMessage("hitag2crack_extend_keystream failed\r\n"); return false; } UserMessage("Recovered %d bits of keystream\r\n", kslen); } - - for (i=0; i<2048; i+=256) - { + + for (i = 0; i < 2048; i += 256) { binarraytohex(keybitshex, keybits + i, 256); UserMessage("%s\r\n", keybitshex); } response[0] = 0x00; - + return true; } @@ -724,8 +656,7 @@ bool hitag2crack_send_auth(uint8_t *nrar) { uint8_t e_page3str[9]; // get the UID - if(!hitag2_get_uid(uid)) - { + if (!hitag2_get_uid(uid)) { UserMessage("hitag2crack_send_auth:\r\n cannot get UID\r\n"); return false; } @@ -734,15 +665,13 @@ bool hitag2crack_send_auth(uint8_t *nrar) { CryptoActive = false; // get the UID again - if(!hitag2_get_uid(uid)) - { + if (!hitag2_get_uid(uid)) { UserMessage("hitag2crack_send_auth:\r\n cannot get UID (2nd time)\r\n"); return false; } - + // send nrar and receive (useless) encrypted page 3 value - if (!hitag2crack_tx_rx(e_page3str, nrar, 64, RWD_STATE_WAKING, false)) - { + if (!hitag2crack_tx_rx(e_page3str, nrar, 64, RWD_STATE_WAKING, false)) { UserMessage("hitag2crack_send_auth:\r\n tx/rx nrar failed\r\n"); return false; } @@ -767,46 +696,41 @@ bool hitag2crack_consume_keystream(uint8_t *keybits, int kslen, int *ksoffset, u // 42 = 32 bit response + 10 bit command reserved for next command. conlen // cannot be longer than 510 bits to fit into the small RWD buffer. conlen = kslen - *ksoffset - 42; - if (conlen < 10) - { + if (conlen < 10) { UserMessage("hitag2crack_consume_keystream:\r\n conlen < 10\r\n"); return false; } - + // sanitise conlen - if (conlen > 510) - { + if (conlen > 510) { conlen = 510; } - + // calculate how many repeated commands to send in this extended command. numcmds = conlen / 10; - + // build extended command - for (i=0; i= DBG_EXTENDED) + Dbprintf("hitag_send_frame: (%i) %02X %02X %02X %02X", frame_len, frame[0], frame[1], frame[2], frame[3]); + // The beginning of the frame is hidden in some high level; pause until our bits will have an effect + AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + HIGH(GPIO_SSC_DOUT); + switch (m) { + case AC4K: + case MC8K: + while (AT91C_BASE_TC0->TC_CV < T0 * 40) {}; //FADV + break; + case AC2K: + case MC4K: + while (AT91C_BASE_TC0->TC_CV < T0 * 20) {}; //STD + ADV + break; + } + // SOF - send start of frame for (size_t i = 0; i < sof_bits; i++) { hitag_send_bit(1); @@ -299,6 +333,25 @@ static int check_select(uint8_t *rx, uint32_t uid) { return 0; } +void hitagS_set_frame_modulation() { + switch (tag.mode) { + case HT_STANDARD: + sof_bits = 1; + m = MC4K; + break; + case HT_ADVANCED: + sof_bits = 6; + m = MC4K; + break; + case HT_FAST_ADVANCED: + sof_bits = 6; + m = MC8K; + break; + default: + break; + } +} + /* * handles all commands from a reader */ @@ -318,20 +371,28 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, switch (rxlen) { case 5: { //UID request with a selected response protocol mode + if (DBGLEVEL >= DBG_EXTENDED) + Dbprintf("UID request: length: %i first byte: %02x", rxlen, rx[0]); tag.pstate = HT_READY; tag.tstate = HT_NO_OP; if ((rx[0] & 0xf0) == 0x30) { + if (DBGLEVEL >= DBG_EXTENDED) + Dbprintf("HT_STANDARD"); tag.mode = HT_STANDARD; sof_bits = 1; m = AC2K; } if ((rx[0] & 0xf0) == 0xc0) { tag.mode = HT_ADVANCED; + if (DBGLEVEL >= DBG_EXTENDED) + Dbprintf("HT_ADVANCED"); sof_bits = 3; m = AC2K; } if ((rx[0] & 0xf0) == 0xd0) { + if (DBGLEVEL >= DBG_EXTENDED) + Dbprintf("HT_FAST_ADVANCED"); tag.mode = HT_FAST_ADVANCED; sof_bits = 3; m = AC4K; @@ -344,29 +405,18 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, break; case 45: { //select command from reader received + if (DBGLEVEL >= DBG_EXTENDED) + DbpString("SELECT"); if (check_select(rx, tag.uid) == 1) { + if (DBGLEVEL >= DBG_EXTENDED) + DbpString("SELECT match"); //if the right tag was selected *txlen = 32; - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } + hitagS_set_frame_modulation(); //send configuration for (int i = 0; i < 4; i++) - tx[i] = (tag.pages[0][1] >> (i * 8)) & 0xff; + tx[i] = tag.pages[1][i]; tx[3] = 0xff; if (tag.mode != HT_STANDARD) { *txlen = 40; @@ -390,22 +440,7 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, Dbprintf(",{0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X}", rx[0], rx[1], rx[2], rx[3], rx[4], rx[5], rx[6], rx[7]); - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } + hitagS_set_frame_modulation(); for (int i = 0; i < 4; i++) _hitag2_byte(&state); @@ -438,7 +473,10 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, } */ } + break; case 40: + if (DBGLEVEL >= DBG_EXTENDED) + Dbprintf("WRITE"); //data received to be written if (tag.tstate == HT_WRITING_PAGE_DATA) { tag.tstate = HT_NO_OP; @@ -448,44 +486,14 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, *txlen = 2; tx[0] = 0x40; page_to_be_written = 0; - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } + hitagS_set_frame_modulation(); } else if (tag.tstate == HT_WRITING_BLOCK_DATA) { tag.pages[page_to_be_written / 4][page_to_be_written % 4] = (rx[0] << 24) + (rx[1] << 16) + (rx[2] << 8) + rx[3]; //send ack *txlen = 2; tx[0] = 0x40; - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } + hitagS_set_frame_modulation(); page_to_be_written++; block_data_left--; if (block_data_left == 0) { @@ -500,29 +508,14 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, //send page data uint8_t page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16); *txlen = 32; - tx[0] = (tag.pages[page / 4][page % 4]) & 0xff; - tx[1] = (tag.pages[page / 4][page % 4] >> 8) & 0xff; - tx[2] = (tag.pages[page / 4][page % 4] >> 16) & 0xff; - tx[3] = (tag.pages[page / 4][page % 4] >> 24) & 0xff; + tx[0] = tag.pages[page][0]; + tx[1] = tag.pages[page][1]; + tx[2] = tag.pages[page][2]; + tx[3] = tag.pages[page][3]; if (tag.LKP && page == 1) tx[3] = 0xff; - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } + hitagS_set_frame_modulation(); if (tag.mode != HT_STANDARD) { //add crc8 @@ -543,29 +536,13 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, *txlen = 32 * 4; //send page,...,page+3 data for (int i = 0; i < 4; i++) { - tx[0 + i * 4] = (tag.pages[page / 4][page % 4]) & 0xff; - tx[1 + i * 4] = (tag.pages[page / 4][page % 4] >> 8) & 0xff; - tx[2 + i * 4] = (tag.pages[page / 4][page % 4] >> 16) & 0xff; - tx[3 + i * 4] = (tag.pages[page / 4][page % 4] >> 24) & 0xff; - page++; + tx[0 + i * 4] = tag.pages[page + 0 + i * 4][0]; + tx[1 + i * 4] = tag.pages[page + 1 + i * 4][1]; + tx[2 + i * 4] = tag.pages[page + 2 + i * 4][2]; + tx[3 + i * 4] = tag.pages[page + 3 + i * 4][3]; } - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } + hitagS_set_frame_modulation(); if (tag.mode != HT_STANDARD) { //add crc8 @@ -576,29 +553,12 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, tx[16] = crc; } - if ((page - 4) % 4 != 0 || (tag.LKP && (page - 4) == 0)) { + if ((page) % 4 != 0 || (tag.LKP && (page) == 0)) { sof_bits = 0; *txlen = 0; } } else if ((rx[0] & 0xf0) == 0x80) { //write page uint8_t page = ((rx[0] & 0x0f) * 16) + ((rx[1] & 0xf0) / 16); - - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } if ((tag.LCON && page == 1) || (tag.LKP && (page == 2 || page == 3))) { //deny @@ -613,22 +573,7 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, } else if ((rx[0] & 0xf0) == 0x90) { //write block uint8_t page = ((rx[0] & 0x0f) * 6) + ((rx[1] & 0xf0) / 16); - switch (tag.mode) { - case HT_STANDARD: - sof_bits = 1; - m = MC4K; - break; - case HT_ADVANCED: - sof_bits = 6; - m = MC4K; - break; - case HT_FAST_ADVANCED: - sof_bits = 6; - m = MC8K; - break; - default: - break; - } + hitagS_set_frame_modulation(); if (page % 4 != 0 || page == 0) { //deny *txlen = 0; @@ -644,7 +589,8 @@ static void hitagS_handle_reader_command(uint8_t *rx, const size_t rxlen, } break; default: - + if (DBGLEVEL >= DBG_EXTENDED) + Dbprintf("unknown rxlen: (%i) %02X %02X %02X %02X ...", rxlen, rx[0], rx[1], rx[2], rx[3]); break; } } @@ -722,7 +668,7 @@ static int hitagS_handle_tag_auth(hitag_function htf, uint64_t key, uint64_t NrA | (uid[30] << 1) | uid[31]; - if (DEBUG) + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("UID: %02X %02X %02X %02X", uid1, uid2, uid3, uid4); tag.uid = (uid4 << 24 | uid3 << 16 | uid2 << 8 | uid1); @@ -816,7 +762,7 @@ static int hitagS_handle_tag_auth(hitag_function htf, uint64_t key, uint64_t NrA tag.LCK1 = response_bit[26]; tag.LCK0 = response_bit[27]; - if (DEBUG) + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("conf0: %02X conf1: %02X conf2: %02X", conf_pages[0], conf_pages[1], conf_pages[2]); if (tag.auth == 1) { @@ -839,7 +785,7 @@ static int hitagS_handle_tag_auth(hitag_function htf, uint64_t key, uint64_t NrA tx[5] = auth_ks[1]; tx[6] = auth_ks[2]; tx[7] = auth_ks[3]; - if (DEBUG) + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("%02X %02X %02X %02X %02X %02X %02X %02X", tx[0], tx[1], tx[2], tx[3], tx[4], tx[5], tx[6], tx[7]); } else if (htf == 01 || htf == 03) { //RHTS_CHALLENGE //WHTS_CHALLENGE @@ -864,7 +810,7 @@ static int hitagS_handle_tag_auth(hitag_function htf, uint64_t key, uint64_t NrA calc_crc(&crc, ((rx[1] & 0x0f) * 16 + ((rx[2] & 0xf0) / 16)), 8); calc_crc(&crc, ((rx[2] & 0x0f) * 16 + ((rx[3] & 0xf0) / 16)), 8); calc_crc(&crc, ((rx[3] & 0x0f) * 16 + ((rx[4] & 0xf0) / 16)), 8); - if (DEBUG) { + if (DBGLEVEL >= DBG_EXTENDED) { Dbprintf("UID:::%X", tag.uid); Dbprintf("RND:::%X", rnd); } @@ -884,7 +830,7 @@ static int hitagS_handle_tag_auth(hitag_function htf, uint64_t key, uint64_t NrA pwdl1 = ((rx[3] & 0x0f) * 16 + ((rx[4] & 0xf0) / 16)) ^ _hitag2_byte(&state); } - if (DEBUG) + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("pwdh0 %02X pwdl0 %02X pwdl1 %02X", pwdh0, pwdl0, pwdl1); //Dbprintf("%X %02X", rnd, ((rx[4] & 0x0f) * 16) + ((rx[5] & 0xf0) / 16)); @@ -930,28 +876,30 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) { tag.pstate = HT_READY; tag.tstate = HT_NO_OP; - for (i = 0; i < 16; i++) - for (j = 0; j < 4; j++) - tag.pages[i][j] = 0x0; - // read tag data into memory if (tag_mem_supplied) { + for (i = 0; i < 16; i++) + for (j = 0; j < 4; j++) + tag.pages[i][j] = 0x0; + DbpString("Loading hitagS memory..."); memcpy((uint8_t *)tag.pages, data, 4 * 64); + } else { + // use the last read tag } - tag.uid = (uint32_t)tag.pages[0]; - tag.key = (intptr_t)tag.pages[3]; + tag.uid = (tag.pages[0][3] << 24 | tag.pages[0][2] << 16 | tag.pages[0][1] << 8 | tag.pages[0][0]); + tag.key = (tag.pages[3][3] << 24 | tag.pages[3][2] << 16 | tag.pages[3][1] << 8 | tag.pages[3][0]); tag.key <<= 16; - tag.key += ((tag.pages[2][0]) << 8) + tag.pages[2][1]; - tag.pwdl0 = tag.pages[2][3]; - tag.pwdl1 = tag.pages[2][2]; - tag.pwdh0 = tag.pages[1][0]; + tag.key += ((tag.pages[2][3]) << 8) + tag.pages[2][2]; + tag.pwdl0 = tag.pages[2][0]; + tag.pwdl1 = tag.pages[2][1]; + tag.pwdh0 = tag.pages[1][3]; //con0 tag.max_page = 64; - if ((tag.pages[1][3] & 0x2) == 0 && (tag.pages[1][3] & 0x1) == 1) + if ((tag.pages[1][0] & 0x2) == 0 && (tag.pages[1][0] & 0x1) == 1) tag.max_page = 8; - if ((tag.pages[1][3] & 0x2) == 0 && (tag.pages[1][3] & 0x1) == 0) + if ((tag.pages[1][0] & 0x2) == 0 && (tag.pages[1][0] & 0x1) == 0) tag.max_page = 0; if (DBGLEVEL >= DBG_EXTENDED) for (i = 0; i < tag.max_page; i++) @@ -962,41 +910,42 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) { tag.pages[i][0] & 0xff); //con1 tag.auth = 0; - if ((tag.pages[1][2] & 0x80) == 0x80) + if ((tag.pages[1][1] & 0x80) == 0x80) tag.auth = 1; tag.LCON = 0; - if ((tag.pages[1][2] & 0x2) == 0x02) + if ((tag.pages[1][1] & 0x2) == 0x02) tag.LCON = 1; tag.LKP = 0; - if ((tag.pages[1][2] & 0x1) == 0x01) + if ((tag.pages[1][1] & 0x1) == 0x01) tag.LKP = 1; //con2 //0=read write 1=read only tag.LCK7 = 0; - if ((tag.pages[1][1] & 0x80) == 0x80) + if ((tag.pages[1][2] & 0x80) == 0x80) tag.LCK7 = 1; tag.LCK6 = 0; - if ((tag.pages[1][1] & 0x40) == 0x040) + if ((tag.pages[1][2] & 0x40) == 0x040) tag.LCK6 = 1; tag.LCK5 = 0; - if ((tag.pages[1][1] & 0x20) == 0x20) + if ((tag.pages[1][2] & 0x20) == 0x20) tag.LCK5 = 1; tag.LCK4 = 0; - if ((tag.pages[1][1] & 0x10) == 0x10) + if ((tag.pages[1][2] & 0x10) == 0x10) tag.LCK4 = 1; tag.LCK3 = 0; - if ((tag.pages[1][1] & 0x8) == 0x08) + if ((tag.pages[1][2] & 0x8) == 0x08) tag.LCK3 = 1; tag.LCK2 = 0; - if ((tag.pages[1][1] & 0x4) == 0x04) + if ((tag.pages[1][2] & 0x4) == 0x04) tag.LCK2 = 1; tag.LCK1 = 0; - if ((tag.pages[1][1] & 0x2) == 0x02) + if ((tag.pages[1][2] & 0x2) == 0x02) tag.LCK1 = 1; tag.LCK0 = 0; - if ((tag.pages[1][1] & 0x1) == 0x01) + if ((tag.pages[1][2] & 0x1) == 0x01) tag.LCK0 = 1; + // Set up simulator mode, frequency divisor which will drive the FPGA // and analog mux selection. FpgaDownloadAndGo(FPGA_BITSTREAM_LF); @@ -1028,7 +977,7 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) { // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, // external trigger rising edge, load RA on rising edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK - | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; + | AT91C_TC_ETRGEDG_RISING | AT91C_TC_ABETRG | AT91C_TC_LDRA_RISING; // Enable and reset counter AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; @@ -1100,12 +1049,13 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) { LogTrace(tx, nbytes(txlen), 0, 0, NULL, false); } + // Enable and reset external trigger in timer for capturing future frames + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; + // Reset the received frame and response timing info memset(rx, 0x00, sizeof(rx)); response = 0; - // Enable and reset external trigger in timer for capturing future frames - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; LED_B_OFF(); } // Reset the frame length @@ -1114,22 +1064,92 @@ void SimulateHitagSTag(bool tag_mem_supplied, uint8_t *data) { overflow += (AT91C_BASE_TC1->TC_CV / T0); // Reset the timer to restart while-loop that receives frames AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; + } - LEDsoff(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); set_tracing(false); - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; - + lf_finalize(); // release allocated memory from BigBuff. BigBuf_free(); - StartTicks(); - DbpString("Sim Stopped"); } +void hitagS_receive_frame(uint8_t *rx, size_t *rxlen, int *response) { + + // Reset values for receiving frames + memset(rx, 0x00, HITAG_FRAME_LEN * sizeof(uint8_t)); + *rxlen = 0; + int lastbit = 1; + bool bSkip = true; + int tag_sof = 1; + *response = 0; + uint32_t errorCount = 0; + + // Receive frame, watch for at most T0*EOF periods + while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX) { + // Check if falling edge in tag modulation is detected + if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { + // Retrieve the new timing values + int ra = (AT91C_BASE_TC1->TC_RA / T0); + + // Reset timer every frame, we have to capture the last edge for timing + AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + + LED_B_ON(); + + // Capture tag frame (manchester decoding using only falling edges) + if (ra >= HITAG_T_EOF) { + if (*rxlen != 0) { + //DbpString("wierd1?"); + } + // Capture the T0 periods that have passed since last communication or field drop (reset) + // We always recieve a 'one' first, which has the falling edge after a half period |-_| + *response = ra - HITAG_T_TAG_HALF_PERIOD; + } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { + // Manchester coding example |-_|_-|-_| (101) + rx[(*rxlen) / 8] |= 0 << (7 - ((*rxlen) % 8)); + (*rxlen)++; + rx[(*rxlen) / 8] |= 1 << (7 - ((*rxlen) % 8)); + (*rxlen)++; + } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { + // Manchester coding example |_-|...|_-|-_| (0...01) + rx[(*rxlen) / 8] |= 0 << (7 - ((*rxlen) % 8)); + (*rxlen)++; + // We have to skip this half period at start and add the 'one' the second time + if (!bSkip) { + rx[(*rxlen) / 8] |= 1 << (7 - ((*rxlen) % 8)); + (*rxlen)++; + } + lastbit = !lastbit; + bSkip = !bSkip; + } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { + // Manchester coding example |_-|_-| (00) or |-_|-_| (11) + if (tag_sof) { + // Ignore bits that are transmitted during SOF + tag_sof--; + } else { + // bit is same as last bit + rx[(*rxlen) / 8] |= lastbit << (7 - ((*rxlen) % 8)); + (*rxlen)++; + } + } else { + // Ignore wierd value, is to small to mean anything + errorCount++; + } + } + + // if we saw over 100 wierd values break it probably isn't hitag... + if (errorCount > 100) break; + + // We can break this loop if we received the last bit from a frame + if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { + if ((*rxlen) > 0) + break; + } + } +} + /* * Authenticates to the Tag with the given key or challenge. * If the key was given the password will be decrypted. @@ -1149,7 +1169,6 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) { uint8_t *tx = txbuf; size_t txlen = 0; int lastbit = 1; - int reset_sof = 1; int t_wait = HITAG_T_WAIT_MAX; bool bStop = false; int pageNum = 0; @@ -1164,6 +1183,9 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) { uint64_t NrAr = 0; uint8_t key_[6]; + tag.pstate = HT_READY; + tag.tstate = HT_NO_OP; + switch (htf) { case RHTSF_CHALLENGE: { DbpString("Authenticating using nr,ar pair:"); @@ -1238,10 +1260,8 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) { // synchronized startup procedure while (AT91C_BASE_TC0->TC_CV > 0); // wait until TC0 returned to zero - // Reset the received frame, frame count and timing info t_wait = 200; - while (!bStop && !BUTTON_PRESS() && !data_available()) { WDT_HIT(); @@ -1381,85 +1401,12 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) { LogTrace(tx, nbytes(txlen), HITAG_T_WAIT_2, 0, NULL, true); } - // Reset values for receiving frames - memset(rx, 0x00, sizeof(rx)); - rxlen = 0; - lastbit = 1; - bool bSkip = true; - int tag_sof = reset_sof; - response = 0; - - // Receive frame, watch for at most T0*EOF periods - while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX) { - // Check if falling edge in tag modulation is detected - if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values - int ra = (AT91C_BASE_TC1->TC_RA / T0); - - // Reset timer every frame, we have to capture the last edge for timing - AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - - LED_B_ON(); - - // Capture tag frame (manchester decoding using only falling edges) - if (ra >= HITAG_T_EOF) { - if (rxlen != 0) { - //DbpString("wierd1?"); - } - // Capture the T0 periods that have passed since last communication or field drop (reset) - // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra - HITAG_T_TAG_HALF_PERIOD; - } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { - // Manchester coding example |-_|_-|-_| (101) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { - // Manchester coding example |_-|...|_-|-_| (0...01) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - // We have to skip this half period at start and add the 'one' the second time - if (!bSkip) { - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } - lastbit = !lastbit; - bSkip = !bSkip; - } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { - // Manchester coding example |_-|_-| (00) or |-_|-_| (11) - if (tag_sof) { - // Ignore bits that are transmitted during SOF - tag_sof--; - } else { - // bit is same as last bit - rx[rxlen / 8] |= lastbit << (7 - (rxlen % 8)); - rxlen++; - } - } else { - // Ignore wierd value, is to small to mean anything - } - } - - // We can break this loop if we received the last bit from a frame - if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { - if (rxlen > 0) - break; - } - } + hitagS_receive_frame(rx, &rxlen, &response); } end = false; - - LEDsoff(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); set_tracing(false); - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - - StartTicks(); - + lf_finalize(); reply_old(CMD_ACK, bSuccessful, 0, 0, 0, 0); } @@ -1479,7 +1426,6 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) { uint8_t *tx = txbuf; size_t txlen = 0; int lastbit; - int reset_sof; int t_wait = HITAG_T_WAIT_MAX; bool bStop; unsigned char crc; @@ -1555,6 +1501,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) { AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // Capture mode, defaul timer source = MCK/2 (TIMER_CLOCK1), TIOA is external trigger, + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; // external trigger rising edge, load RA on falling edge of TIOA. AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK | AT91C_TC_ETRGEDG_FALLING @@ -1570,7 +1517,6 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) { // Reset the received frame, frame count and timing info lastbit = 1; bStop = false; - reset_sof = 1; t_wait = 200; while (!bStop && !BUTTON_PRESS() && !data_available()) { @@ -1670,87 +1616,13 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) { LogTrace(tx, nbytes(txlen), HITAG_T_WAIT_2, 0, NULL, true); } - // Reset values for receiving frames - memset(rx, 0x00, sizeof(rx)); - rxlen = 0; - lastbit = 1; - bool bSkip = true; - int tag_sof = reset_sof; - response = 0; - uint32_t errorCount = 0; + hitagS_receive_frame(rx, &rxlen, &response); - // Receive frame, watch for at most T0*EOF periods - while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX) { - // Check if falling edge in tag modulation is detected - if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values - int ra = (AT91C_BASE_TC1->TC_RA / T0); - - // Reset timer every frame, we have to capture the last edge for timing - AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - - LED_B_ON(); - - // Capture tag frame (manchester decoding using only falling edges) - if (ra >= HITAG_T_EOF) { - if (rxlen != 0) { - //DbpString("wierd1?"); - } - // Capture the T0 periods that have passed since last communication or field drop (reset) - // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra - HITAG_T_TAG_HALF_PERIOD; - } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { - // Manchester coding example |-_|_-|-_| (101) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { - // Manchester coding example |_-|...|_-|-_| (0...01) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - // We have to skip this half period at start and add the 'one' the second time - if (!bSkip) { - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } - lastbit = !lastbit; - bSkip = !bSkip; - } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { - // Manchester coding example |_-|_-| (00) or |-_|-_| (11) - if (tag_sof) { - // Ignore bits that are transmitted during SOF - tag_sof--; - } else { - // bit is same as last bit - rx[rxlen / 8] |= lastbit << (7 - (rxlen % 8)); - rxlen++; - } - } else { - // Ignore wierd value, is to small to mean anything - errorCount++; - } - } - - // if we saw over 100 wierd values break it probably isn't hitag... - if (errorCount > 100) break; - - // We can break this loop if we received the last bit from a frame - if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { - if (rxlen > 0) - break; - } - } } end = false; - LEDsoff(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); set_tracing(false); - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; - - StartTicks(); + lf_finalize(); reply_old(CMD_ACK, bSuccessful, 0, 0, 0, 0); } @@ -1773,7 +1645,7 @@ void check_challenges(bool file_given, uint8_t *data) { size_t rxlen = 0; uint8_t txbuf[HITAG_FRAME_LEN]; int t_wait = HITAG_T_WAIT_MAX; - int lastbit, reset_sof, STATE = 0;; + int lastbit, STATE = 0;; bool bStop; int response_bit[200]; unsigned char mask = 1; @@ -1834,7 +1706,6 @@ void check_challenges(bool file_given, uint8_t *data) { // Reset the received frame, frame count and timing info lastbit = 1; bStop = false; - reset_sof = 1; t_wait = 200; if (file_given) { @@ -1952,11 +1823,11 @@ void check_challenges(bool file_given, uint8_t *data) { u1++; } else if (STATE == 2 && rxlen >= 44) { - Dbprintf("Challenge success: %02X%02X%02X%02X %02X%02X%02X%02X", - unlocker[u1 - 1][0], unlocker[u1 - 1][1], - unlocker[u1 - 1][2], unlocker[u1 - 1][3], - unlocker[u1 - 1][4], unlocker[u1 - 1][5], - unlocker[u1 - 1][6], unlocker[u1 - 1][7]); + Dbprintf("Challenge success: %02X%02X%02X%02X %02X%02X%02X%02X", + unlocker[u1 - 1][0], unlocker[u1 - 1][1], + unlocker[u1 - 1][2], unlocker[u1 - 1][3], + unlocker[u1 - 1][4], unlocker[u1 - 1][5], + unlocker[u1 - 1][6], unlocker[u1 - 1][7]); STATE = 0; } @@ -1984,85 +1855,10 @@ void check_challenges(bool file_given, uint8_t *data) { LogTrace(tx, nbytes(txlen), HITAG_T_WAIT_2, 0, NULL, true); } - // Reset values for receiving frames - memset(rx, 0x00, sizeof(rx)); - rxlen = 0; - lastbit = 1; - bool bSkip = true; - int tag_sof = reset_sof; - response = 0; - - // Receive frame, watch for at most T0*EOF periods - while (AT91C_BASE_TC1->TC_CV < T0 * HITAG_T_WAIT_MAX) { - // Check if falling edge in tag modulation is detected - if (AT91C_BASE_TC1->TC_SR & AT91C_TC_LDRAS) { - // Retrieve the new timing values - int ra = (AT91C_BASE_TC1->TC_RA / T0); - - // Reset timer every frame, we have to capture the last edge for timing - AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; - - LED_B_ON(); - - // Capture tag frame (manchester decoding using only falling edges) - if (ra >= HITAG_T_EOF) { - if (rxlen != 0) { - //DbpString("wierd1?"); - } - // Capture the T0 periods that have passed since last communication or field drop (reset) - // We always recieve a 'one' first, which has the falling edge after a half period |-_| - response = ra - HITAG_T_TAG_HALF_PERIOD; - } else if (ra >= HITAG_T_TAG_CAPTURE_FOUR_HALF) { - // Manchester coding example |-_|_-|-_| (101) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } else if (ra >= HITAG_T_TAG_CAPTURE_THREE_HALF) { - // Manchester coding example |_-|...|_-|-_| (0...01) - rx[rxlen / 8] |= 0 << (7 - (rxlen % 8)); - rxlen++; - // We have to skip this half period at start and add the 'one' the second time - if (!bSkip) { - rx[rxlen / 8] |= 1 << (7 - (rxlen % 8)); - rxlen++; - } - lastbit = !lastbit; - bSkip = !bSkip; - } else if (ra >= HITAG_T_TAG_CAPTURE_TWO_HALF) { - // Manchester coding example |_-|_-| (00) or |-_|-_| (11) - if (tag_sof) { - // Ignore bits that are transmitted during SOF - tag_sof--; - } else { - // bit is same as last bit - rx[rxlen / 8] |= lastbit << (7 - (rxlen % 8)); - rxlen++; - } - } else { - // Ignore wierd value, is to small to mean anything - } - } - - // We can break this loop if we received the last bit from a frame - if (AT91C_BASE_TC1->TC_CV > T0 * HITAG_T_EOF) { - if (rxlen > 0) - break; - } - } + hitagS_receive_frame(rx, &rxlen, &response); } - LEDsoff(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); set_tracing(false); - - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; - - StartTicks(); - + lf_finalize(); reply_old(CMD_ACK, bSuccessful, 0, 0, 0, 0); } - - - diff --git a/armsrc/i2c.c b/armsrc/i2c.c index 2cd3c6f3e..3d1f050c3 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -709,7 +709,7 @@ void SmartCardAtr(void) { set_tracing(true); I2C_Reset_EnterMainProgram(); bool isOK = GetATR(&card); - reply_old(CMD_ACK, isOK, sizeof(smart_card_atr_t), 0, &card, sizeof(smart_card_atr_t)); + reply_mix(CMD_ACK, isOK, sizeof(smart_card_atr_t), 0, &card, sizeof(smart_card_atr_t)); set_tracing(false); LEDsoff(); } @@ -760,7 +760,7 @@ void SmartCardRaw(uint64_t arg0, uint64_t arg1, uint8_t *data) { } } OUT: - reply_old(CMD_ACK, len, 0, 0, resp, len); + reply_mix(CMD_ACK, len, 0, 0, resp, len); BigBuf_free(); set_tracing(false); LEDsoff(); diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index abfe07f10..23b3a2239 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1817,15 +1817,15 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *par) { ++check; // test if the field exists -#if defined RDV4 +#if defined RDV4 if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF_RDV40)) { - + analogCnt++; - + analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF_RDV40]; - + AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; - + if (analogCnt >= 32) { if ((MAX_ADC_HF_VOLTAGE_RDV40 * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) { @@ -1847,13 +1847,13 @@ int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *par) { } #else if (AT91C_BASE_ADC->ADC_SR & ADC_END_OF_CONVERSION(ADC_CHAN_HF)) { - + analogCnt++; - + analogAVG += AT91C_BASE_ADC->ADC_CDR[ADC_CHAN_HF]; - + AT91C_BASE_ADC->ADC_CR = AT91C_ADC_START; - + if (analogCnt >= 32) { if ((MAX_ADC_HF_VOLTAGE * (analogAVG / analogCnt) >> 10) < MF_MINFIELDV) { diff --git a/armsrc/lfadc.c b/armsrc/lfadc.c index 04f293e1d..32d1e73b6 100644 --- a/armsrc/lfadc.c +++ b/armsrc/lfadc.c @@ -10,6 +10,7 @@ #include "lfsampling.h" #include "fpgaloader.h" #include "ticks.h" +#include "dbprint.h" // Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK) // TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz @@ -46,18 +47,34 @@ bool lf_test_periods(size_t expected, size_t count) { // Low frequency (LF) adc passthrough functionality ////////////////////////////////////////////////////////////////////////////// uint8_t previous_adc_val = 0; +uint8_t adc_avg = 0; + +void lf_sample_mean(void) { + uint8_t periods = 0; + uint32_t adc_sum = 0; + while (periods < 32) { + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + adc_sum += AT91C_BASE_SSC->SSC_RHR; + periods++; + } + } + // division by 32 + adc_avg = adc_sum >> 5; + + if (DBGLEVEL >= DBG_EXTENDED) + Dbprintf("LF ADC average %u", adc_avg); +} size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) { size_t periods = 0; volatile uint8_t adc_val; - //uint8_t avg_peak = 140, avg_through = 96; - // 140 - 127 - 114 - uint8_t avg_peak = 140, avg_through = 106; - int16_t checked = 0; + uint8_t avg_peak = adc_avg + 3, avg_through = adc_avg - 3; +// int16_t checked = 0; while (!BUTTON_PRESS()) { // only every 100th times, in order to save time when collecting samples. +/* if (checked == 1000) { if (data_available()) { break; @@ -66,7 +83,7 @@ size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) { } } ++checked; - +*/ WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { @@ -98,8 +115,8 @@ size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) { } } } - previous_adc_val = adc_val; + if (periods >= max) return 0; } } @@ -116,23 +133,26 @@ size_t lf_detect_gap(size_t max) { } void lf_reset_counter() { + // TODO: find out the correct reset settings for tag and reader mode - if (reader_mode) { +// if (reader_mode) { // Reset values for reader mode rising_edge = false; previous_adc_val = 0xFF; - } else { + +// } else { // Reset values for tag/transponder mode - rising_edge = false; - previous_adc_val = 0xFF; - } +// rising_edge = false; +// previous_adc_val = 0xFF; +// } } bool lf_get_tag_modulation() { return (rising_edge == false); } + bool lf_get_reader_modulation() { - return rising_edge; + return rising_edge; } void lf_wait_periods(size_t periods) { @@ -147,7 +167,11 @@ void lf_init(bool reader, bool simulate) { FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz + sample_config *sc = getSamplingConfig(); + sc->decimation = 1; + sc->averaging = 0; + + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc->divisor); if (reader) { FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); } else { @@ -168,8 +192,8 @@ void lf_init(bool reader, bool simulate) { // When in reader mode, give the field a bit of time to settle. // 313T0 = 313 * 8us = 2504us = 2.5ms Hitag2 tags needs to be fully powered. if (reader) { - // 50 ms - SpinDelay(50); + // 10 ms + SpinDelay(10); } // Steal this pin from the SSP (SPI communication channel with fpga) and use it to control the modulation @@ -195,14 +219,12 @@ void lf_init(bool reader, bool simulate) { AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // Prepare data trace - uint32_t bufsize = 20000; + uint32_t bufsize = 10000; // use malloc if (logging) initSampleBufferEx(&bufsize, true); - sample_config *sc = getSamplingConfig(); - sc->decimation = 1; - sc->averaging = 0; + lf_sample_mean(); } void lf_finalize() { @@ -218,20 +240,16 @@ void lf_finalize() { LEDsoff(); - sample_config *sc = getSamplingConfig(); - sc->decimation = 1; - sc->averaging = 0; - StartTicks(); } size_t lf_detect_field_drop(size_t max) { size_t periods = 0; - volatile uint8_t adc_val; - int16_t checked = 0; +// int16_t checked = 0; while (!BUTTON_PRESS()) { +/* // only every 1000th times, in order to save time when collecting samples. if (checked == 1000) { if (data_available()) { @@ -242,12 +260,13 @@ size_t lf_detect_field_drop(size_t max) { } } ++checked; +*/ WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { periods++; - adc_val = AT91C_BASE_SSC->SSC_RHR; + volatile uint8_t adc_val = AT91C_BASE_SSC->SSC_RHR; if (logging) logSampleSimple(adc_val); @@ -275,7 +294,7 @@ static void lf_manchester_send_bit(uint8_t bit) { lf_modulation(bit != 0); lf_wait_periods(16); lf_modulation(bit == 0); - lf_wait_periods(16); + lf_wait_periods(32); } // simulation diff --git a/armsrc/lfadc.h b/armsrc/lfadc.h index 8c33aa778..09e5762c6 100644 --- a/armsrc/lfadc.h +++ b/armsrc/lfadc.h @@ -17,6 +17,7 @@ extern bool logging; +void lf_sample_mean(void); bool lf_test_periods(size_t expected, size_t count); size_t lf_count_edge_periods(size_t max); size_t lf_detect_gap(size_t max); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index b7b928ff2..904d37c61 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1291,7 +1291,7 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) cardnum = (lo >> 1) & 0x7FFFF; fac = ((hi & 0xF) << 12) | (lo >> 20); } - Dbprintf("TAG ID: " _YELLOW_("%x%08x (%d)") "- Format Len: " _YELLOW_("%d") "bit - FC: " _YELLOW_("%d") "- Card: "_YELLOW_("%d"), + Dbprintf("TAG ID: " _GREEN_("%x%08x (%d)") "- Format Len: " _GREEN_("%d") "bit - FC: " _GREEN_("%d") "- Card: "_GREEN_("%d"), hi, lo, (lo >> 1) & 0xFFFF, @@ -2399,13 +2399,13 @@ void SendForward(uint8_t fwd_bit_count) { TurnReadLF_off(EM_START_GAP); TurnReadLFOn(18 * 8); - // now start writting with bitbanging the antenna. + // now start writting with bitbanging the antenna. (each bit should be 32*8 total length) while (fwd_bit_sz-- > 0) { //prepare next bit modulation if (((*fwd_write_ptr++) & 1) == 1) { WaitUS(32 * 8); } else { TurnReadLF_off(23 * 8); - TurnReadLFOn(18 * 8); + TurnReadLFOn(32-23 * 8); } } } diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index c492a4eda..3769e3565 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -81,7 +81,7 @@ void setSamplingConfig(sample_config *sc) { printConfig(); } -sample_config *getSamplingConfig() { +sample_config *getSamplingConfig(void) { return &config; } @@ -117,8 +117,8 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) { if (use_malloc) { - if (sample_size == NULL || *sample_size == 0 ) { - *sample_size = BigBuf_max_traceLen(); + if (sample_size == NULL || *sample_size == 0) { + *sample_size = BigBuf_max_traceLen(); data.buffer = BigBuf_get_addr(); } else { *sample_size = MIN(*sample_size, BigBuf_max_traceLen()); @@ -127,7 +127,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) { } } else { - if (sample_size == NULL || *sample_size == 0 ) { + if (sample_size == NULL || *sample_size == 0) { *sample_size = BigBuf_max_traceLen(); } data.buffer = BigBuf_get_addr(); @@ -221,7 +221,7 @@ void LFSetupFPGAForADC(int divisor, bool reader_field) { SetAdcMuxFor(GPIO_MUXSEL_LOPKD); // 50ms for the resonant antenna to settle. if (reader_field) - SpinDelay(50); + SpinDelay(50); // Now set up the SSC to get the ADC samples that are now streaming at us. FpgaSetupSsc(); @@ -253,11 +253,11 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in uint32_t cancel_counter = 0; int16_t checked = 0; - while (true) { + while (!BUTTON_PRESS()) { // only every 1000th times, in order to save time when collecting samples. if (checked == 1000) { - if (BUTTON_PRESS() || data_available()) { + if (data_available()) { checked = -1; break; } else { diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 9e9c721bd..0136ed6c9 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1805,6 +1805,63 @@ void MifareChkKeys_file(uint8_t *fn) { #endif } +//----------------------------------------------------------------------------- +// MIFARE Personalize UID. Only for Mifare Classic EV1 7Byte UID +//----------------------------------------------------------------------------- +void MifarePersonalizeUID(uint8_t keyType, uint8_t perso_option, uint64_t key) { + + uint16_t isOK = PM3_EUNDEF; + uint8_t uid[10]; + uint32_t cuid; + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs; + pcs = &mpcs; + + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + clear_trace(); + set_tracing(true); + + LED_A_ON(); + + while (true) { + if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Can't select card"); + break; + } + + uint8_t block_number = 0; + if (mifare_classic_auth(pcs, cuid, block_number, keyType, key, AUTH_FIRST)) { + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Auth error"); + break; + } + + uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE]; + uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE]; + int len = mifare_sendcmd_short(pcs, true, MIFARE_EV1_PERSONAL_UID, perso_option, receivedAnswer, receivedAnswerPar, NULL); + if (len != 1 || receivedAnswer[0] != CARD_ACK) { + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Cmd Error: %02x", receivedAnswer[0]); + break;; + } + + if (mifare_classic_halt(pcs, cuid)) { + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Halt error"); + break; + } + isOK = PM3_SUCCESS; + break; + } + + crypto1_deinit(pcs); + + LED_B_ON(); + reply_ng(CMD_HF_MIFARE_PERSONALIZE_UID, isOK, NULL, 0); + LED_B_OFF(); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} + + //----------------------------------------------------------------------------- // Work with emulator memory // @@ -2229,7 +2286,7 @@ void MifareHasStaticNonce() { nt = bytes_to_num(rec, 4); -// CHK_TIMEOUT(); + CHK_TIMEOUT(); } OUT: @@ -2276,23 +2333,23 @@ void MifareSetMod(uint8_t *datain) { while (true) { if (!iso14443a_select_card(uid, NULL, &cuid, true, 0, true)) { - if (DBGLEVEL >= 1) Dbprintf("Can't select card"); + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Can't select card"); break; } if (mifare_classic_auth(pcs, cuid, 0, 0, ui64Key, AUTH_FIRST)) { - if (DBGLEVEL >= 1) Dbprintf("Auth error"); + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Auth error"); break; } int respLen; if (((respLen = mifare_sendcmd_short(pcs, CRYPT_ALL, 0x43, mod, receivedAnswer, receivedAnswerPar, NULL)) != 1) || (receivedAnswer[0] != 0x0a)) { - if (DBGLEVEL >= 1) Dbprintf("SetMod error; response[0]: %hhX, len: %d", receivedAnswer[0], respLen); + if (DBGLEVEL >= DBG_ERROR) Dbprintf("SetMod error; response[0]: %hhX, len: %d", receivedAnswer[0], respLen); break; } if (mifare_classic_halt(pcs, cuid)) { - if (DBGLEVEL >= 1) Dbprintf("Halt error"); + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Halt error"); break; } @@ -2304,7 +2361,6 @@ void MifareSetMod(uint8_t *datain) { LED_B_ON(); reply_ng(CMD_HF_MIFARE_SETMOD, isOK, NULL, 0); - LED_B_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); diff --git a/armsrc/mifarecmd.h b/armsrc/mifarecmd.h index 1f5ee63a4..91adba3b1 100644 --- a/armsrc/mifarecmd.h +++ b/armsrc/mifarecmd.h @@ -45,6 +45,8 @@ void MifareCIdent(); // is "magic chinese" card? void MifareHasStaticNonce(); // Has the tag a static nonce? void MifareSetMod(uint8_t *datain); +void MifarePersonalizeUID(uint8_t keyType, uint8_t perso_option, uint64_t key); + void MifareUSetPwd(uint8_t arg0, uint8_t *datain); void OnSuccessMagic(); void OnErrorMagic(uint8_t reason); diff --git a/armsrc/mifaredesfire.c b/armsrc/mifaredesfire.c index c13311051..06a3f3f8c 100644 --- a/armsrc/mifaredesfire.c +++ b/armsrc/mifaredesfire.c @@ -14,6 +14,8 @@ #include "crc16.h" #include "mbedtls/aes.h" #include "commonutil.h" +#include "util.h" +#include "mifare.h" #define MAX_APPLICATION_COUNT 28 #define MAX_FILE_COUNT 16 @@ -31,8 +33,11 @@ static uint8_t deselect_cmd[] = {0xc2, 0xe0, 0xb4}; /* PCB CID CMD PAYLOAD */ //static uint8_t __res[MAX_FRAME_SIZE]; + bool InitDesfireCard() { + pcb_blocknum = 0; + iso14a_card_select_t card; iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); @@ -46,28 +51,14 @@ bool InitDesfireCard() { return true; } -// ARG0 flag enums -enum { - NONE = 0x00, - INIT = 0x01, - DISCONNECT = 0x02, - CLEARTRACE = 0x04, - BAR = 0x08, -} CmdOptions ; - void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain) { - /* ARG0 contains flags. - 0x01 = init card. - 0x02 = Disconnect - 0x03 - */ uint8_t flags = arg0; size_t datalen = arg1; uint8_t resp[RECEIVE_SIZE]; memset(resp, 0, sizeof(resp)); - if (DBGLEVEL >= 4) { + if (DBGLEVEL >= DBG_EXTENDED) { Dbprintf(" flags : %02X", flags); Dbprintf(" len : %02X", datalen); print_result(" RX : ", datain, datalen); @@ -77,35 +68,42 @@ void MifareSendCommand(uint8_t arg0, uint8_t arg1, uint8_t *datain) { clear_trace(); if (flags & INIT) { - if (!InitDesfireCard()) + if (!InitDesfireCard()) { return; + } } int len = DesfireAPDU(datain, datalen, resp); - if (DBGLEVEL >= 4) - print_result("ERR <--: ", resp, len); + if (DBGLEVEL >= DBG_EXTENDED) + print_result("RESP <--: ", resp, len); if (!len) { OnError(2); return; } - // reset the pcb_blocknum, - pcb_blocknum = 0; - if (flags & DISCONNECT) OnSuccess(); - reply_old(CMD_ACK, 1, len, 0, resp, len); + reply_mix(CMD_ACK, 1, len, 0, resp, len); } void MifareDesfireGetInformation() { + LEDsoff(); + int len = 0; iso14a_card_select_t card; uint8_t resp[PM3_CMD_DATA_SIZE] = {0x00}; - uint8_t dataout[PM3_CMD_DATA_SIZE] = {0x00}; + struct p { + uint8_t isOK; + uint8_t uid[7]; + uint8_t versionHW[7]; + uint8_t versionSW[7]; + uint8_t details[14]; + } PACKED payload; + /* 1 = PCB 1 2 = cid 2 @@ -122,61 +120,65 @@ void MifareDesfireGetInformation() { // card select - information if (!iso14443a_select_card(NULL, &card, NULL, true, 0, false)) { if (DBGLEVEL >= DBG_ERROR) DbpString("Can't select card"); - OnError(1); + payload.isOK = 1; // 2 == can not select + reply_ng(CMD_HF_DESFIRE_INFO, PM3_ESOFT, (uint8_t *)&payload, sizeof(payload)); + switch_off(); return; } if (card.uidlen != 7) { if (DBGLEVEL >= DBG_ERROR) Dbprintf("Wrong UID size. Expected 7byte got %d", card.uidlen); - OnError(2); + payload.isOK = 2; // 2 == WRONG UID + reply_ng(CMD_HF_DESFIRE_INFO, PM3_ESOFT, (uint8_t *)&payload, sizeof(payload)); + switch_off(); return; } - - memcpy(dataout, card.uid, 7); + // add uid. + memcpy(payload.uid, card.uid, sizeof(card.uid)); LED_A_ON(); - LED_B_OFF(); - LED_C_OFF(); - - uint8_t cmd[] = {GET_VERSION}; + uint8_t cmd[] = {GET_VERSION, 0x00, 0x00, 0x00}; size_t cmd_len = sizeof(cmd); len = DesfireAPDU(cmd, cmd_len, resp); if (!len) { print_result("ERROR <--: ", resp, len); - OnError(3); + payload.isOK = 3; // 3 == DOESNT ANSWER TO GET_VERSION + reply_ng(CMD_HF_DESFIRE_INFO, PM3_ESOFT, (uint8_t *)&payload, sizeof(payload)); + switch_off(); return; } - LED_A_OFF(); - LED_B_ON(); - memcpy(dataout + 7, resp + 3, 7); + memcpy(payload.versionHW, resp + 1, sizeof(payload.versionHW)); // ADDITION_FRAME 1 cmd[0] = ADDITIONAL_FRAME; len = DesfireAPDU(cmd, cmd_len, resp); if (!len) { print_result("ERROR <--: ", resp, len); - OnError(3); + payload.isOK = 3; // 3 == DOESNT ANSWER TO GET_VERSION + reply_ng(CMD_HF_DESFIRE_INFO, PM3_ESOFT, (uint8_t *)&payload, sizeof(payload)); + switch_off(); return; } - - LED_B_OFF(); - LED_C_ON(); - memcpy(dataout + 7 + 7, resp + 3, 7); + memcpy(payload.versionSW, resp + 1, sizeof(payload.versionSW)); // ADDITION_FRAME 2 len = DesfireAPDU(cmd, cmd_len, resp); if (!len) { print_result("ERROR <--: ", resp, len); - OnError(3); + payload.isOK = 3; // 3 == DOESNT ANSWER TO GET_VERSION + reply_ng(CMD_HF_DESFIRE_INFO, PM3_ESOFT, (uint8_t *)&payload, sizeof(payload)); + switch_off(); return; } - memcpy(dataout + 7 + 7 + 7, resp + 3, 14); - - reply_old(CMD_ACK, 1, 0, 0, dataout, sizeof(dataout)); + memcpy(payload.details, resp + 1, sizeof(payload.details)); + LED_B_ON(); + reply_ng(CMD_HF_DESFIRE_INFO, PM3_SUCCESS, (uint8_t *)&payload, sizeof(payload)); + LED_B_OFF(); + // reset the pcb_blocknum, pcb_blocknum = 0; OnSuccess(); @@ -467,7 +469,7 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) // dekryptera tagnonce. if (mbedtls_aes_setkey_dec(&ctx, key->data, 128) != 0) { - if (DBGLEVEL >= 4) { + if (DBGLEVEL >= DBG_EXTENDED) { DbpString("mbedtls_aes_setkey_dec failed"); } OnError(7); @@ -480,7 +482,7 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) memcpy(both + 16, decRndB, 16); uint8_t encBoth[32] = {0x00}; if (mbedtls_aes_setkey_enc(&ctx, key->data, 128) != 0) { - if (DBGLEVEL >= 4) { + if (DBGLEVEL >= DBG_EXTENDED) { DbpString("mbedtls_aes_setkey_enc failed"); } OnError(7); @@ -517,7 +519,7 @@ void MifareDES_Auth1(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain) } OnSuccess(); - reply_old(CMD_ACK, 1, len, 0, resp, len); + reply_mix(CMD_ACK, 1, len, 0, resp, len); } // 3 different ISO ways to send data to a DESFIRE (direct, capsuled, capsuled ISO) @@ -534,23 +536,23 @@ int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout) { wrappedLen = CreateAPDU(cmd, cmd_len, wCmd); - if (DBGLEVEL >= 4) + if (DBGLEVEL >= DBG_EXTENDED) print_result("WCMD <--: ", wCmd, wrappedLen); ReaderTransmit(wCmd, wrappedLen, NULL); len = ReaderReceive(resp, par); if (!len) { - if (DBGLEVEL >= 4) Dbprintf("fukked"); + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("fukked"); return false; //DATA LINK ERROR } // if we received an I- or R(ACK)-Block with a block number equal to the // current block number, toggle the current block number - else if (len >= 4 // PCB+CID+CRC = 4 bytes + if (len >= 4 // PCB+CID+CRC = 4 bytes && ((resp[0] & 0xC0) == 0 // I-Block || (resp[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0 && (resp[0] & 0x01) == pcb_blocknum) { // equal block numbers - pcb_blocknum ^= 1; //toggle next block + pcb_blocknum ^= 1; //toggle next block } memcpy(dataout, resp, len); @@ -565,15 +567,22 @@ size_t CreateAPDU(uint8_t *datain, size_t len, uint8_t *dataout) { uint8_t cmd[cmdlen]; memset(cmd, 0, cmdlen); - cmd[0] = 0x0A; // 0x0A = send cid, 0x02 = no cid. + cmd[0] = 0x02; // 0x0A = send cid, 0x02 = no cid. cmd[0] |= pcb_blocknum; // OR the block number into the PCB - cmd[1] = 0x00; // CID: 0x00 //TODO: allow multiple selected cards + + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("pcb_blocknum %d == %d ", pcb_blocknum, cmd[0] ); + + cmd[1] = 0x90; // CID: 0x00 //TODO: allow multiple selected cards memcpy(cmd + 2, datain, len); AddCrc14A(cmd, len + 2); - + +/* +hf 14a apdu -sk 90 60 00 00 00 +hf 14a apdu -k 90 AF 00 00 00 +hf 14a apdu 90AF000000 +*/ memcpy(dataout, cmd, cmdlen); - return cmdlen; } diff --git a/armsrc/mifaresim.c b/armsrc/mifaresim.c index 0dcbe404a..0fbfecb85 100644 --- a/armsrc/mifaresim.c +++ b/armsrc/mifaresim.c @@ -537,13 +537,13 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1 // find reader field if (cardSTATE == MFEMUL_NOFIELD) { - + #if defined RDV4 vHf = (MAX_ADC_HF_VOLTAGE_RDV40 * AvgAdc(ADC_CHAN_HF_RDV40)) >> 10; #else vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10; #endif - + if (vHf > MF_MINFIELDV) { cardSTATE_TO_IDLE(); LED_A_ON(); diff --git a/armsrc/util.h b/armsrc/util.h index 9748152ef..052ae266c 100644 --- a/armsrc/util.h +++ b/armsrc/util.h @@ -13,6 +13,11 @@ #include "common.h" +// PRIx64 definition missing with gcc-arm-none-eabi v8? +#ifndef PRIx64 + #define PRIx64 "llx" +#endif + // Basic macros #ifndef SHORT_COIL diff --git a/client/Makefile b/client/Makefile index 6e2ebd001..a09a033d9 100644 --- a/client/Makefile +++ b/client/Makefile @@ -250,7 +250,8 @@ CMDSRCS = crapto1/crapto1.c \ bucketsort.c \ flash.c \ wiegand_formats.c \ - wiegand_formatutils.c + wiegand_formatutils.c \ + cardhelper.c cpu_arch = $(shell uname -m) ifneq ($(findstring 86, $(cpu_arch)), ) diff --git a/client/cmddata.c b/client/cmddata.c index 613ce11e5..14f8ac259 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -1662,16 +1662,15 @@ int CmdTuneSamples(const char *Cmd) { #define LF_MARGINAL_V 10000 #define HF_UNUSABLE_V 3000 #define HF_MARGINAL_V 5000 -#define ANTENNA_ERROR 1.03 // current algo has 3% error margin. +#define ANTENNA_ERROR 1.00 // current algo has 3% error margin. // hide demod plot line DemodBufferLen = 0; setClockGrid(0, 0); RepaintGraphWindow(); - int timeout = 0; - PrintAndLogEx(INFO, "\nMeasuring antenna characteristics, please wait..."); + PrintAndLogEx(INFO, "Measuring antenna characteristics, please wait..."); clearCommandBuffer(); SendCommandNG(CMD_MEASURE_ANTENNA_TUNING, NULL, 0); @@ -1691,7 +1690,7 @@ int CmdTuneSamples(const char *Cmd) { return PM3_ESOFT; } - PrintAndLogEx(NORMAL, "\n"); + PrintAndLogEx(NORMAL, ""); // in mVolt struct p { uint32_t v_lf134; diff --git a/client/cmdflashmemspiffs.c b/client/cmdflashmemspiffs.c index bdc51dc5d..fa8cdbf16 100644 --- a/client/cmdflashmemspiffs.c +++ b/client/cmdflashmemspiffs.c @@ -315,7 +315,7 @@ static int CmdFlashMemSpiFFSDump(const char *Cmd) { } int flashmem_spiffs_load(uint8_t *destfn, uint8_t *data, size_t datalen) { - + int ret_val = PM3_SUCCESS; // We want to mount before multiple operation so the lazy writes/append will not @@ -349,7 +349,7 @@ int flashmem_spiffs_load(uint8_t *destfn, uint8_t *data, size_t datalen) { bytes_sent += bytes_in_packet; PacketResponseNG resp; - + uint8_t retry = 3; while (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); @@ -377,7 +377,7 @@ out: // We want to unmount after these to set things back to normal but more than this // unmouting ensure that SPIFFS CACHES are all flushed so our file is actually written on memory SendCommandNG(CMD_SPIFFS_UNMOUNT, NULL, 0); - + return ret_val; } @@ -400,8 +400,8 @@ static int CmdFlashMemSpiFFSLoad(const char *Cmd) { cmdp += 2; break; case 'o': - param_getstr(Cmd, cmdp + 1, (char*)destfilename, 32); - if (strlen((char*)destfilename) == 0) { + param_getstr(Cmd, cmdp + 1, (char *)destfilename, 32); + if (strlen((char *)destfilename) == 0) { PrintAndLogEx(FAILED, "Destination Filename missing or invalid"); errors = true; } @@ -429,12 +429,12 @@ static int CmdFlashMemSpiFFSLoad(const char *Cmd) { } res = flashmem_spiffs_load(destfilename, data, datalen); - + free(data); - - if ( res == PM3_SUCCESS ) + + if (res == PM3_SUCCESS) PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%zu") "bytes to file "_GREEN_("%s"), datalen, destfilename); - + return res; } diff --git a/client/cmdhf.c b/client/cmdhf.c index e90f2ea28..418cc8b90 100644 --- a/client/cmdhf.c +++ b/client/cmdhf.c @@ -178,39 +178,47 @@ int CmdHFTune(const char *Cmd) { if (cmdp == 'h') return usage_hf_tune(); int iter = param_get32ex(Cmd, 0, 0, 10); + PrintAndLogEx(INFO, "Measuring HF antenna, click " _GREEN_("pm3 button") "or press " _GREEN_("Enter") "to exit"); PacketResponseNG resp; - PrintAndLogEx(SUCCESS, "Measuring HF antenna," _YELLOW_("click button") " or press" _YELLOW_("Enter") "to exit"); clearCommandBuffer(); + uint8_t mode[] = {1}; SendCommandNG(CMD_MEASURE_ANTENNA_TUNING_HF, mode, sizeof(mode)); if (!WaitForResponseTimeout(CMD_MEASURE_ANTENNA_TUNING_HF, &resp, 1000)) { PrintAndLogEx(WARNING, "Timeout while waiting for Proxmark HF initialization, aborting"); return PM3_ETIMEOUT; } + mode[0] = 2; // loop forever (till button pressed) if iter = 0 (default) for (uint8_t i = 0; iter == 0 || i < iter; i++) { - if (kbd_enter_pressed()) { // abort by keyboard press + if (kbd_enter_pressed()) { break; } + SendCommandNG(CMD_MEASURE_ANTENNA_TUNING_HF, mode, sizeof(mode)); if (!WaitForResponseTimeout(CMD_MEASURE_ANTENNA_TUNING_HF, &resp, 1000)) { + PrintAndLogEx(NORMAL, ""); PrintAndLogEx(WARNING, "Timeout while waiting for Proxmark HF measure, aborting"); return PM3_ETIMEOUT; } - if ((resp.status == PM3_EOPABORTED) || (resp.length != sizeof(uint16_t))) + + if ((resp.status == PM3_EOPABORTED) || (resp.length != sizeof(uint16_t))) { break; + } + uint16_t volt = resp.data.asDwords[0] & 0xFFFF; - PrintAndLogEx(INPLACE, "%u mV / %5u V", volt, (uint16_t)(volt / 1000)); + PrintAndLogEx(INPLACE, "%u mV / %2u V", volt, (uint16_t)(volt / 1000)); } mode[0] = 3; + SendCommandNG(CMD_MEASURE_ANTENNA_TUNING_HF, mode, sizeof(mode)); if (!WaitForResponseTimeout(CMD_MEASURE_ANTENNA_TUNING_HF, &resp, 1000)) { PrintAndLogEx(WARNING, "Timeout while waiting for Proxmark HF shutdown, aborting"); return PM3_ETIMEOUT; } PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "Done."); + PrintAndLogEx(INFO, "Done."); return PM3_SUCCESS; } diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index c611caa1f..13a5a9213 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -189,9 +189,9 @@ static int usage_hf_14a_sim(void) { PrintAndLogEx(NORMAL, " e : (Optional) Fill simulator keys from found keys"); PrintAndLogEx(NORMAL, " v : (Optional) Verbose"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf 14a sim t 1 u 11223344 x"); - PrintAndLogEx(NORMAL, " hf 14a sim t 1 u 11223344"); - PrintAndLogEx(NORMAL, " hf 14a sim t 1 u 11223344556677"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344 x")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344556677")); // PrintAndLogEx(NORMAL, " hf 14a sim t 1 u 11223445566778899AA\n"); return 0; } @@ -202,7 +202,7 @@ static int usage_hf_14a_sniff(void) { PrintAndLogEx(NORMAL, "c - triggered by first data from card"); PrintAndLogEx(NORMAL, "r - triggered by first 7-bit request from reader (REQ,WUP,...)"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf 14a sniff c r"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sniff c r")); return 0; } static int usage_hf_14a_raw(void) { @@ -230,7 +230,6 @@ static int usage_hf_14a_reader(void) { static int CmdHF14AList(const char *Cmd) { (void)Cmd; // Cmd is not used so far - //PrintAndLogEx(NORMAL, "Deprecated command, use 'hf list 14a' instead"); CmdTraceList("14a"); return 0; } @@ -261,7 +260,7 @@ int Hf14443_4aGetCardData(iso14a_card_select_t *card) { return 1; } - PrintAndLogEx(SUCCESS, " UID: %s", sprint_hex(card->uid, card->uidlen)); + PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(card->uid, card->uidlen)); PrintAndLogEx(SUCCESS, "ATQA: %02x %02x", card->atqa[1], card->atqa[0]); PrintAndLogEx(SUCCESS, " SAK: %02x [%" PRIu64 "]", card->sak, resp.oldarg[0]); if (card->ats_len < 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes @@ -335,17 +334,17 @@ static int CmdHF14AReader(const char *Cmd) { if (select_status == 3) { PrintAndLogEx(INFO, "Card doesn't support standard iso14443-3 anticollision"); - PrintAndLogEx(SUCCESS, "ATQA : %02x %02x", card.atqa[1], card.atqa[0]); + PrintAndLogEx(SUCCESS, "ATQA: %02x %02x", card.atqa[1], card.atqa[0]); DropField(); return 1; } - PrintAndLogEx(SUCCESS, " UID : %s", sprint_hex(card.uid, card.uidlen)); - PrintAndLogEx(SUCCESS, "ATQA : %02x %02x", card.atqa[1], card.atqa[0]); - PrintAndLogEx(SUCCESS, " SAK : %02x [%" PRIu64 "]", card.sak, resp.oldarg[0]); + PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen)); + PrintAndLogEx(SUCCESS, "ATQA: " _GREEN_("%02x %02x"), card.atqa[1], card.atqa[0]); + PrintAndLogEx(SUCCESS, " SAK: " _GREEN_("%02x [%" PRIu64 "]"), card.sak, resp.oldarg[0]); if (card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes - PrintAndLogEx(SUCCESS, " ATS : %s", sprint_hex(card.ats, card.ats_len)); + PrintAndLogEx(SUCCESS, " ATS: " _GREEN_("%s"), sprint_hex(card.ats, card.ats_len)); } if (!disconnectAfter) { @@ -354,14 +353,14 @@ static int CmdHF14AReader(const char *Cmd) { } if (disconnectAfter) { - if (!silent) PrintAndLogEx(SUCCESS, "field dropped."); + if (!silent) PrintAndLogEx(INFO, "field dropped."); } return 0; } static int CmdHF14AInfo(const char *Cmd) { - bool verbose = false; + bool verbose = true; bool do_nack_test = false; bool do_aid_search = false; @@ -467,7 +466,7 @@ int CmdHF14ASim(const char *Cmd) { break; } if (!errors) { - PrintAndLogEx(SUCCESS, "Emulating ISO/IEC 14443 type A tag with %d byte UID (%s)", uidlen, sprint_hex(uid, uidlen)); + PrintAndLogEx(SUCCESS, "Emulating " _YELLOW_("ISO/IEC 14443 type A tag")"with " _GREEN_("%d byte UID (%s)"), uidlen, sprint_hex(uid, uidlen)); useUIDfromEML = false; } cmdp += 2; @@ -485,7 +484,7 @@ int CmdHF14ASim(const char *Cmd) { cmdp++; break; default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + PrintAndLogEx(WARNING, "Unknown parameter " _RED_("'%c'"), param_getchar(Cmd, cmdp)); errors = true; break; } @@ -511,7 +510,7 @@ int CmdHF14ASim(const char *Cmd) { SendCommandNG(CMD_HF_ISO14443A_SIMULATE, (uint8_t *)&payload, sizeof(payload)); PacketResponseNG resp; - PrintAndLogEx(SUCCESS, "press pm3-button to abort simulation"); + PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); bool keypress = kbd_enter_pressed(); while (!keypress) { @@ -1276,16 +1275,24 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { if (select_status == 3) { PrintAndLogEx(INFO, "Card doesn't support standard iso14443-3 anticollision"); - PrintAndLogEx(SUCCESS, "ATQA : %02x %02x", card.atqa[1], card.atqa[0]); + PrintAndLogEx(SUCCESS, "ATQA: %02x %02x", card.atqa[1], card.atqa[0]); DropField(); return select_status; } - PrintAndLogEx(SUCCESS, " UID : %s", sprint_hex(card.uid, card.uidlen)); - PrintAndLogEx(SUCCESS, "ATQA : %02x %02x", card.atqa[1], card.atqa[0]); - PrintAndLogEx(SUCCESS, " SAK : %02x [%" PRIu64 "]", card.sak, resp.oldarg[0]); + if (verbose) { + PrintAndLogEx(SUCCESS, "-- ISO14443-a Information -----------------------------------"); + PrintAndLogEx(SUCCESS, "-------------------------------------------------------------"); + } + PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen)); + PrintAndLogEx(SUCCESS, "ATQA: " _GREEN_("%02x %02x"), card.atqa[1], card.atqa[0]); + PrintAndLogEx(SUCCESS, " SAK: " _GREEN_("%02x [%" PRIu64 "]"), card.sak, resp.oldarg[0]); bool isMifareClassic = true; + bool isMifareDesfire = false; + bool isMifarePlus = false; + bool isMifareUltralight = false; + switch (card.sak) { case 0x00: isMifareClassic = false; @@ -1294,10 +1301,12 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { DropField(); uint32_t tagT = GetHF14AMfU_Type(); - if (tagT != UL_ERROR) + if (tagT != UL_ERROR) { ul_print_type(tagT, 0); - else + isMifareUltralight = true; + } else { PrintAndLogEx(SUCCESS, "TYPE: Possible AZTEK (iso14443a compliant)"); + } // reconnect for further tests clearCommandBuffer(); @@ -1314,49 +1323,55 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } break; case 0x01: - PrintAndLogEx(SUCCESS, "TYPE : NXP TNP3xxx Activision Game Appliance"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP TNP3xxx Activision Game Appliance")); break; case 0x04: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE (various !DESFire !DESFire EV1)"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE (various !DESFire !DESFire EV1)")); isMifareClassic = false; + isMifareDesfire = true; break; case 0x08: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1")); break; case 0x09: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE Mini 0.3k"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Mini 0.3k")); break; case 0x0A: - PrintAndLogEx(SUCCESS, "TYPE : FM11RF005SH (Shanghai Metro)"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("FM11RF005SH (Shanghai Metro)")); break; case 0x10: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE Plus 2k SL2"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Plus 2k SL2")); + isMifarePlus = true; break; case 0x11: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE Plus 4k SL2"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Plus 4k SL2")); + isMifarePlus = true; break; case 0x18: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE Classic 4k | Plus 4k SL1 | 4k Ev1"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Classic 4k | Plus 4k SL1 | 4k Ev1")); break; case 0x20: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41")); isMifareClassic = false; + isMifareDesfire = true; + isMifarePlus = true; break; case 0x24: - PrintAndLogEx(SUCCESS, "TYPE : NXP MIFARE DESFire | DESFire EV1"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE DESFire | DESFire EV1")); isMifareClassic = false; + isMifareDesfire = true; break; case 0x28: - PrintAndLogEx(SUCCESS, "TYPE : JCOP31 or JCOP41 v2.3.1"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("JCOP31 or JCOP41 v2.3.1")); break; case 0x38: - PrintAndLogEx(SUCCESS, "TYPE : Nokia 6212 or 6131 MIFARE CLASSIC 4K"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("Nokia 6212 or 6131 MIFARE CLASSIC 4K")); break; case 0x88: - PrintAndLogEx(SUCCESS, "TYPE : Infineon MIFARE CLASSIC 1K"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("Infineon MIFARE CLASSIC 1K")); break; case 0x98: - PrintAndLogEx(SUCCESS, "TYPE : Gemplus MPCOS"); + PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("Gemplus MPCOS")); break; default: ; @@ -1364,7 +1379,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { // Double & triple sized UID, can be mapped to a manufacturer. if (card.uidlen > 4) { - PrintAndLogEx(SUCCESS, "MANUFACTURER : %s", getTagInfo(card.uid[0])); + PrintAndLogEx(SUCCESS, "MANUFACTURER: " _YELLOW_("%s"), getTagInfo(card.uid[0])); } // try to request ATS even if tag claims not to support it @@ -1385,7 +1400,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { if (select_status == 2) { PrintAndLogEx(INFO, "SAK incorrectly claims that card doesn't support RATS"); } - PrintAndLogEx(SUCCESS, " ATS : %s", sprint_hex(card.ats, card.ats_len)); + PrintAndLogEx(SUCCESS, " ATS: %s", sprint_hex(card.ats, card.ats_len)); PrintAndLogEx(SUCCESS, " - TL : length is %d bytes", card.ats[0]); if (card.ats[0] != card.ats_len - 2) { PrintAndLogEx(SUCCESS, "ATS may be corrupted. Length of ATS (%d bytes incl. 2 Bytes CRC) doesn't match TL", card.ats_len); @@ -1461,9 +1476,15 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { switch (card.ats[pos + 2] & 0xf0) { case 0x10: PrintAndLogEx(SUCCESS, " 1x -> MIFARE DESFire"); + isMifareDesfire = true; + isMifareClassic = false; + isMifarePlus = false; break; case 0x20: PrintAndLogEx(SUCCESS, " 2x -> MIFARE Plus"); + isMifarePlus = true; + isMifareDesfire = false; + isMifareClassic = false; break; } switch (card.ats[pos + 2] & 0x0f) { @@ -1590,22 +1611,32 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { if (isMifareClassic) { int res = detect_classic_prng(); if (res == 1) - PrintAndLogEx(SUCCESS, "Prng detection: " _GREEN_("WEAK")); + PrintAndLogEx(SUCCESS, "Prng detection: " _GREEN_("weak")); else if (res == 0) - PrintAndLogEx(SUCCESS, "Prng detection: " _YELLOW_("HARD")); + PrintAndLogEx(SUCCESS, "Prng detection: " _YELLOW_("hard")); else - PrintAndLogEx(FAILED, "prng detection: " _RED_("Fail")); + PrintAndLogEx(FAILED, "prng detection: " _RED_("fail")); if (do_nack_test) - detect_classic_nackbug(!verbose); + detect_classic_nackbug(false); res = detect_classic_static_nonce(); if (res == 1) - PrintAndLogEx(SUCCESS, "Static nonce detected"); + PrintAndLogEx(SUCCESS, "Static nonce: " _YELLOW_("yes") ); if (res == 2 && verbose) - PrintAndLogEx(SUCCESS, "Static nonce detection failed"); + PrintAndLogEx(SUCCESS, "Static nonce: " _RED_("fail")); } + if (isMifareUltralight) { + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfu info`")); + } + if (isMifarePlus) { + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfp info`")); + } + if (isMifareDesfire) { + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfdes info`")); + } + + return select_status; } - diff --git a/client/cmdhf14b.c b/client/cmdhf14b.c index c57055e4b..859df4a23 100644 --- a/client/cmdhf14b.c +++ b/client/cmdhf14b.c @@ -1142,4 +1142,3 @@ int readHF14B(bool verbose) { if (verbose) PrintAndLogEx(FAILED, "no 14443-B tag found"); return 0; } - diff --git a/client/cmdhf15.c b/client/cmdhf15.c index 9a5665a31..9b0b8dbf1 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -399,7 +399,7 @@ static int usage_15_restore(void) { {"-2", "use slower '1 out of 256' mode"}, {"-o", "set OPTION Flag (needed for TI)"}, {"r ", "numbers of retries on error, default is 3"}, - {"u ", "load hf-15-dump-.bin"}, + {"u ", "load hf-15--dump.bin"}, {"f ", "load "}, {"b ", "block size, default is 4"} }; @@ -1214,8 +1214,9 @@ static int CmdHF15Dump(const char *Cmd) { PrintAndLogEx(NORMAL, "\n"); size_t datalen = blocknum * 4; + saveFile(filename, ".bin", data, datalen); saveFileEML(filename, data, datalen, 4); - saveFile(filename, ".bin", data, datalen); + saveFileJSON(filename, jsf15, data, datalen); return PM3_SUCCESS; } @@ -1603,7 +1604,7 @@ static int CmdHF15Restore(const char *Cmd) { case 'u': param_getstr(Cmd, cmdp + 1, buff, FILE_PATH_SIZE); cmdp++; - snprintf(filename, sizeof(filename), "hf-15-dump-%s-bin", buff); + snprintf(filename, sizeof(filename), "hf-15-%s-dump.bin", buff); break; case 'h': return usage_15_restore(); @@ -1622,6 +1623,7 @@ static int CmdHF15Restore(const char *Cmd) { } if ((f = fopen(filename, "rb")) == NULL) { + PrintAndLogEx(WARNING, "Could not find file %s", filename); return PM3_EFILE; } diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index 567600d15..1dccaef5c 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -1,8 +1,8 @@ //----------------------------------------------------------------------------- -//----------------------------------------------------------------------------- // Copyright (C) 2010 iZsh , Hagen Fritsch // Copyright (C) 2011 Gerhard de Koning Gans // Copyright (C) 2014 Midnitesnake & Andy Davies & Martin Holst Swende +// Copyright (C) 2020 Iceman // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -12,14 +12,11 @@ //----------------------------------------------------------------------------- #include "cmdhficlass.h" - #include - #include "cmdparser.h" // command_t #include "commonutil.h" // ARRAYLEN #include "cmdtrace.h" #include "util_posix.h" - #include "comms.h" #include "mbedtls/des.h" #include "loclass/cipherutils.h" @@ -28,12 +25,14 @@ #include "loclass/elite_crack.h" #include "fileutils.h" #include "protocols.h" +#include "cardhelper.h" #include "wiegand_formats.h" #include "wiegand_formatutils.h" #define NUM_CSNS 9 #define ICLASS_KEYS_MAX 8 #define ICLASS_AUTH_RETRY 10 +#define ICLASS_DECRYPTION_BIN "iclass_decryptionkey.bin" static int CmdHelp(const char *Cmd); @@ -290,16 +289,6 @@ static int usage_hf_iclass_permutekey(void) { return PM3_SUCCESS; } -/* -static int xorbits_8(uint8_t val) { - uint8_t res = val ^ (val >> 1); //1st pass - res = res ^ (res >> 1); // 2nd pass - res = res ^ (res >> 2); // 3rd pass - res = res ^ (res >> 4); // 4th pass - return res & 1; -} -*/ - // iclass / picopass chip config structures and shared routines typedef struct { uint8_t app_limit; //[8] @@ -311,7 +300,6 @@ typedef struct { uint8_t fuses; //[15] } picopass_conf_block; - typedef struct { uint8_t csn[8]; picopass_conf_block conf; @@ -321,6 +309,13 @@ typedef struct { uint8_t app_issuer_area[8]; } picopass_hdr; +typedef enum { + None = 0, + DES, + RFU, + TRIPLEDES +} BLOCK79ENCRYPTION; + static uint8_t isset(uint8_t val, uint8_t mask) { return (val & mask); } @@ -429,18 +424,18 @@ static void mem_app_config(const picopass_hdr *hdr) { PrintAndLogEx(NORMAL, " Credit - Kc"); } } + static void print_picopass_info(const picopass_hdr *hdr) { fuse_config(hdr); mem_app_config(hdr); } + static void printIclassDumpInfo(uint8_t *iclass_dump) { print_picopass_info((picopass_hdr *) iclass_dump); } - static int CmdHFiClassList(const char *Cmd) { (void)Cmd; // Cmd is not used so far - //PrintAndLogEx(NORMAL, "Deprecated command, use 'hf list iclass' instead"); CmdTraceList("iclass"); return PM3_SUCCESS; } @@ -475,24 +470,9 @@ static int CmdHFiClassSim(const char *Cmd) { return usage_hf_iclass_sim(); } - /* - // pre-defined 8 CSN by Holiman - uint8_t csns[8*NUM_CSNS] = { - 0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x13, 0x94, 0x7E, 0x76, 0xFF, 0x12, 0xE0, - 0x2A, 0x99, 0xAC, 0x79, 0xEC, 0xFF, 0x12, 0xE0, - 0x17, 0x12, 0x01, 0xFD, 0xF7, 0xFF, 0x12, 0xE0, - 0xCD, 0x56, 0x01, 0x7C, 0x6F, 0xFF, 0x12, 0xE0, - 0x4B, 0x5E, 0x0B, 0x72, 0xEF, 0xFF, 0x12, 0xE0, - 0x00, 0x73, 0xD8, 0x75, 0x58, 0xFF, 0x12, 0xE0, - 0x0C, 0x90, 0x32, 0xF3, 0x5D, 0xFF, 0x12, 0xE0 - }; - */ - /* - pre-defined 9 CSN by iceman - only one csn depend on several others. - six depends only on the first csn, (0,1, 0x45) - */ + // remember to change the define NUM_CSNS to match. + + // pre-defined 9 CSN by iceman uint8_t csns[8 * NUM_CSNS] = { 0x01, 0x0A, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0, 0x0C, 0x06, 0x0C, 0xFE, 0xF7, 0xFF, 0x12, 0xE0, @@ -505,27 +485,6 @@ static int CmdHFiClassSim(const char *Cmd) { 0xD2, 0x5A, 0x82, 0xF8, 0xF7, 0xFF, 0x12, 0xE0 //0x04, 0x08, 0x9F, 0x78, 0x6E, 0xFF, 0x12, 0xE0 }; - /* - // pre-defined 15 CSN by Carl55 - // remember to change the define NUM_CSNS to match. - uint8_t csns[8*NUM_CSNS] = { - 0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x09, 0x0D, 0x05, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x0A, 0x0C, 0x06, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x0F, 0x0B, 0x03, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x08, 0x0A, 0x0C, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x0D, 0x09, 0x09, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x0E, 0x08, 0x0A, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x03, 0x07, 0x17, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x3C, 0x06, 0xE0, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x01, 0x05, 0x1D, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x02, 0x04, 0x1E, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x07, 0x03, 0x1B, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x00, 0x02, 0x24, 0xF7, 0xFF, 0x12, 0xE0, - 0x00, 0x05, 0x01, 0x21, 0xF7, 0xFF, 0x12, 0xE0 - }; - */ /* DUMPFILE FORMAT: * @@ -801,8 +760,6 @@ static int CmdHFiClassELoad(const char *Cmd) { return PM3_SUCCESS; } -#define ICLASS_DECRYPTION_BIN "iclass_decryptionkey.bin" - static int CmdHFiClassDecrypt(const char *Cmd) { bool errors = false; @@ -812,6 +769,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) { uint8_t cmdp = 0; uint8_t enc_data[8] = {0}; + uint8_t dec_data[8] = {0}; size_t keylen = 0; uint8_t key[32] = {0}; @@ -827,7 +785,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) { return usage_hf_iclass_decrypt(); case 'd': if (param_gethex(Cmd, cmdp + 1, enc_data, 16)) { - PrintAndLogEx(ERR, "data must be 16 HEX symbols"); + PrintAndLogEx(ERR, "Data must be 16 HEX symbols"); errors = true; break; } @@ -836,7 +794,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) { break; case 'f': if (param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)) == 0) { - PrintAndLogEx(WARNING, "no filename found after f"); + PrintAndLogEx(WARNING, "No filename found after f"); errors = true; break; } @@ -865,11 +823,14 @@ static int CmdHFiClassDecrypt(const char *Cmd) { if (errors || cmdp < 1) return usage_hf_iclass_decrypt(); - if (have_key == false) { - int res = loadFile_safe(ICLASS_DECRYPTION_BIN, "", (void **)&keyptr, &keylen); - if (res != PM3_SUCCESS) - return PM3_EINVARG; + bool use_sc = IsCryptoHelperPresent(); + if (have_key == false && use_sc == false) { + int res = loadFile_safe(ICLASS_DECRYPTION_BIN, "", (void **)&keyptr, &keylen); + if (res != PM3_SUCCESS) { + PrintAndLogEx(INFO, "Couldn't find any decryption methods"); + return PM3_EINVARG; + } memcpy(key, keyptr, sizeof(key)); free(keyptr); } @@ -878,10 +839,13 @@ static int CmdHFiClassDecrypt(const char *Cmd) { mbedtls_des3_context ctx; mbedtls_des3_set2key_dec(&ctx, key); - uint8_t dec_data[8] = {0}; - if (have_data) { - mbedtls_des3_crypt_ecb(&ctx, enc_data, dec_data); + + if (use_sc) { + Decrypt(enc_data, dec_data); + } else { + mbedtls_des3_crypt_ecb(&ctx, enc_data, dec_data); + } PrintAndLogEx(SUCCESS, "Data: %s", sprint_hex(dec_data, sizeof(dec_data))); } @@ -898,38 +862,87 @@ static int CmdHFiClassDecrypt(const char *Cmd) { uint8_t empty[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; - for (uint16_t blocknum = 0; blocknum < applimit; ++blocknum) { + BLOCK79ENCRYPTION aa1_encryption = (decrypted[(6 * 8) + 7] & 0x03); + + uint32_t limit = MIN(applimit, decryptedlen / 8); + + if (decryptedlen / 8 != applimit) { + PrintAndLogEx(WARNING, "Actual file len " _YELLOW_("%u") "vs HID app-limit len " _YELLOW_("%u"), decryptedlen, applimit * 8); + PrintAndLogEx(INFO, "Setting limit to " _GREEN_("%u"), limit * 8); + } + uint8_t numblocks4userid = GetNumberBlocksForUserId(decrypted + (6 * 8)); + + for (uint16_t blocknum = 0; blocknum < limit; ++blocknum) { uint8_t idx = blocknum * 8; memcpy(enc_data, decrypted + idx, 8); - // block 7 or higher, and not empty 0xFF - if (blocknum > 6 && memcmp(enc_data, empty, 8) != 0) { - mbedtls_des3_crypt_ecb(&ctx, enc_data, decrypted + idx); + if (aa1_encryption == RFU || aa1_encryption == None) + continue; + + // Decrypted block 7,8,9 if configured. + if (blocknum > 6 && blocknum <= 6 + numblocks4userid && memcmp(enc_data, empty, 8) != 0) { + if (use_sc) { + Decrypt(enc_data, decrypted + idx); + } else { + mbedtls_des3_crypt_ecb(&ctx, enc_data, decrypted + idx); + } } } //Use the first block (CSN) for filename - char *fptr = calloc(42, sizeof(uint8_t)); + char *fptr = calloc(50, sizeof(uint8_t)); + if (!fptr) { + PrintAndLogEx(WARNING, "Failed to allocate memory"); + free(decrypted); + return PM3_EMALLOC; + } strcat(fptr, "hf-iclass-"); - FillFileNameByUID(fptr, hdr->csn, "-data-decrypted", sizeof(hdr->csn)); + FillFileNameByUID(fptr, hdr->csn, "-dump-decrypted", sizeof(hdr->csn)); saveFile(fptr, ".bin", decrypted, decryptedlen); saveFileEML(fptr, decrypted, decryptedlen, 8); saveFileJSON(fptr, jsfIclass, decrypted, decryptedlen); + PrintAndLogEx(INFO, "Following output skips CSN / block0"); printIclassDumpContents(decrypted, 1, (decryptedlen / 8), decryptedlen); - - uint32_t top = 0, mid, bot; - mid = bytes_to_num(decrypted + (8*7), 4); - bot = bytes_to_num(decrypted + (8*7) + 4, 4); - PrintAndLogEx(INFO, ""); - PrintAndLogEx(INFO, "block 7 - Wiegand decode"); - wiegand_message_t packed = initialize_message_object(top, mid, bot); - HIDTryUnpack(&packed, true); - PrintAndLogEx(INFO, "-----------------------------------------------------------------"); - + // decode block 6 + if (memcmp(decrypted + (8 * 6), empty, 8) != 0) { + if (use_sc) { + DecodeBlock6(decrypted + (8 * 6)); + } + } + + // decode block 7-8-9 + if (memcmp(decrypted + (8 * 7), empty, 8) != 0) { + + //todo: remove preamble/sentinal + + uint32_t top = 0, mid, bot; + mid = bytes_to_num(decrypted + (8 * 7), 4); + bot = bytes_to_num(decrypted + (8 * 7) + 4, 4); + + PrintAndLogEx(INFO, "Block 7 binary"); + + char hexstr[8 + 1] = {0}; + hex_to_buffer((uint8_t *)hexstr, decrypted + (8 * 7), 8, sizeof(hexstr) - 1, 0, 0, true); + + char binstr[8 * 8 + 1] = {0}; + hextobinstring(binstr, hexstr); + uint8_t i = 0; + while (i < strlen(binstr) && binstr[i++] == '0'); + + PrintAndLogEx(SUCCESS, "%s", binstr + i); + + PrintAndLogEx(INFO, "Wiegand decode"); + wiegand_message_t packed = initialize_message_object(top, mid, bot); + HIDTryUnpack(&packed, true); + PrintAndLogEx(INFO, "-----------------------------------------------------------------"); + } else { + PrintAndLogEx(INFO, "No credential found."); + } + free(decrypted); free(fptr); } @@ -984,7 +997,9 @@ static int CmdHFiClassEncryptBlk(const char *Cmd) { if (errors || cmdp < 1) return usage_hf_iclass_encrypt(); - if (have_key == false) { + bool use_sc = IsCryptoHelperPresent(); + + if (have_key == false && use_sc == false) { size_t keylen = 0; int res = loadFile_safe(ICLASS_DECRYPTION_BIN, "", (void **)&keyptr, &keylen); if (res != PM3_SUCCESS) @@ -994,8 +1009,11 @@ static int CmdHFiClassEncryptBlk(const char *Cmd) { free(keyptr); } - iClassEncryptBlkData(blk_data, key); - + if (use_sc) { + Encrypt(blk_data, blk_data); + } else { + iClassEncryptBlkData(blk_data, key); + } printvar("encrypted block", blk_data, 8); return PM3_SUCCESS; } @@ -1244,7 +1262,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) { if (kbd_enter_pressed()) { PrintAndLogEx(WARNING, "\n[!] aborted via keyboard!\n"); DropField(); - return 0; + return PM3_EOPABORTED; } if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) @@ -1336,14 +1354,14 @@ static int CmdHFiClassReader_Dump(const char *Cmd) { // print the dump PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "------+--+-------------------------+"); - PrintAndLogEx(NORMAL, "CSN |00| %s|", sprint_hex(tag_data, 8)); + PrintAndLogEx(INFO, "------+--+-------------------------+"); + PrintAndLogEx(INFO, "CSN |00| %s|", sprint_hex(tag_data, 8)); printIclassDumpContents(tag_data, 1, (gotBytes / 8), gotBytes); if (filename[0] == 0) { //Use the first block (CSN) for filename strcat(filename, "hf-iclass-"); - FillFileNameByUID(filename, tag_data, "-data", 8); + FillFileNameByUID(filename, tag_data, "-dump", 8); } // save the dump to .bin file @@ -1750,6 +1768,13 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, } PrintAndLogEx(SUCCESS, "block %02X: %s\n", blockno, sprint_hex(result->blockdata, sizeof(result->blockdata))); + + if (blockno == 6) { + if (IsCryptoHelperPresent()) { + DecodeBlock6(result->blockdata); + } + } + return PM3_SUCCESS; } diff --git a/client/cmdhflto.c b/client/cmdhflto.c index 7057fab36..c5b73c0c6 100644 --- a/client/cmdhflto.c +++ b/client/cmdhflto.c @@ -218,15 +218,15 @@ static int lto_rdbl(uint8_t blk, uint8_t *block_responce, uint8_t *block_cnt_res uint16_t resp_len = 18; uint8_t rdbl_cmd[] = {0x30, blk}; - uint8_t rdbl_cnt_cmd[] ={0x80}; + uint8_t rdbl_cnt_cmd[] = {0x80}; int status = lto_send_cmd_raw(rdbl_cmd, sizeof(rdbl_cmd), block_responce, &resp_len, true, false, verbose); - if (status == PM3_ETIMEOUT || status == PM3_ESOFT ) { + if (status == PM3_ETIMEOUT || status == PM3_ESOFT) { return PM3_EWRONGANSVER; // READ BLOCK failed } status = lto_send_cmd_raw(rdbl_cnt_cmd, sizeof(rdbl_cnt_cmd), block_cnt_responce, &resp_len, false, false, verbose); - if (status == PM3_ETIMEOUT || status == PM3_ESOFT ) { + if (status == PM3_ETIMEOUT || status == PM3_ESOFT) { return PM3_EWRONGANSVER; // READ BLOCK CONTINUE failed } @@ -252,7 +252,7 @@ int rdblLTO(uint8_t st_blk, uint8_t end_blk, bool verbose) { uint8_t block_data_d16_d31[18]; uint8_t block_data[32]; - for(uint8_t i = st_blk; i < end_blk + 1; i++) { + for (uint8_t i = st_blk; i < end_blk + 1; i++) { ret_val = lto_rdbl(i, block_data_d00_d15, block_data_d16_d31, verbose); @@ -286,8 +286,8 @@ static int CmdHfLTOReadBlock(const char *Cmd) { case 'h': return usage_lto_rdbl(); case 's': - st_blk = param_get8(Cmd, cmdp+1); - if ( end_blk < st_blk ) { + st_blk = param_get8(Cmd, cmdp + 1); + if (end_blk < st_blk) { errors = true; break; } @@ -295,10 +295,11 @@ static int CmdHfLTOReadBlock(const char *Cmd) { break; case 'e': - end_blk = param_get8(Cmd, cmdp+1); - if ( end_blk < st_blk ) { + end_blk = param_get8(Cmd, cmdp + 1); + if (end_blk < st_blk) { errors = true; - break; } + break; + } cmdp += 2; break; @@ -328,7 +329,7 @@ static int lto_wrbl(uint8_t blk, uint8_t *data, bool verbose) { for (int i = 0; i < 16; i++) { wrbl_d00_d15[i] = data[i]; - wrbl_d16_d31[i] = data[i+16]; + wrbl_d16_d31[i] = data[i + 16]; } int status = lto_send_cmd_raw(wrbl_cmd, sizeof(wrbl_cmd), resp, &resp_len, true, false, verbose); @@ -390,15 +391,15 @@ static int CmdHfLTOWriteBlock(const char *Cmd) { case 'h': return usage_lto_wrbl(); case 'b': - blk = param_get8(Cmd, cmdp+1); + blk = param_get8(Cmd, cmdp + 1); b_opt_selected = true; cmdp += 2; break; case 'd': - if (param_gethex(Cmd, cmdp+1, blkData, 64)) { + if (param_gethex(Cmd, cmdp + 1, blkData, 64)) { PrintAndLogEx(WARNING, "block data must include 64 HEX symbols"); errors = true; - break; + break; } d_opt_selected = true; cmdp += 2; @@ -409,7 +410,7 @@ static int CmdHfLTOWriteBlock(const char *Cmd) { break; } } - + //Validations if (errors) { usage_lto_wrbl(); @@ -440,7 +441,7 @@ int dumpLTO(uint8_t *dump, bool verbose) { uint8_t block_data_d00_d15[18]; uint8_t block_data_d16_d31[18]; - for(uint8_t i = 0; i < 255; i++) { + for (uint8_t i = 0; i < 255; i++) { ret_val = lto_rdbl(i, block_data_d00_d15, block_data_d16_d31, verbose); @@ -504,10 +505,10 @@ static int CmdHfLTODump(const char *Cmd) { int ret_val = dumpLTO(dump, true); if (ret_val != PM3_SUCCESS) { free(dump); - return ret_val; + return ret_val; } - // save to file + // save to file if (filename[0] == '\0') { memcpy(serial_number, sprint_hex_inrow(dump, sizeof(serial_number)), sizeof(serial_number)); char tmp_name[17] = "hf_lto_"; @@ -523,7 +524,7 @@ static int CmdHfLTODump(const char *Cmd) { return PM3_SUCCESS; } -int restoreLTO(uint8_t *dump_data, bool verbose) { +int restoreLTO(uint8_t *dump, bool verbose) { clearCommandBuffer(); lto_switch_on_field(); @@ -538,19 +539,19 @@ int restoreLTO(uint8_t *dump_data, bool verbose) { return ret_val; } - uint8_t blkData[32] = {0}; + uint8_t blkData[32] = {0}; //Block address 0 and 1 are read-only - for(uint8_t blk = 2; blk < 255; blk++) { + for (uint8_t blk = 2; blk < 255; blk++) { for (int i = 0; i < 32; i++) { - blkData[i] = dump_data[i + blk * 32]; + blkData[i] = dump[i + blk * 32]; } ret_val = lto_wrbl(blk, blkData, verbose); if (ret_val == PM3_SUCCESS) { - PrintAndLogEx(SUCCESS, "BLK %03d: " _YELLOW_("write success"), blk); + PrintAndLogEx(SUCCESS, "Block %03d - " _YELLOW_("write success"), blk); } else { lto_switch_off_field(); return ret_val; @@ -566,7 +567,7 @@ static int CmdHfLTRestore(const char *Cmd) { uint8_t cmdp = 0; bool errors = false; int is_data_loaded = PM3_ESOFT; - + char filename[FILE_PATH_SIZE] = {0}; char extension[FILE_PATH_SIZE] = {0}; @@ -623,7 +624,7 @@ static int CmdHfLTRestore(const char *Cmd) { } else { return PM3_EFILE; } - + } static command_t CommandTable[] = { diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index c8ee0013c..89519b282 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -300,15 +300,15 @@ static int usage_hf14_restore(void) { PrintAndLogEx(NORMAL, "Usage: hf mf restore [card memory] u k f "); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " [card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K"); - PrintAndLogEx(NORMAL, " u : uid, try to restore from hf-mf--key.bin and hf-mf--data.bin"); + PrintAndLogEx(NORMAL, " u : uid, try to restore from hf-mf--key.bin and hf-mf--dump.bin"); PrintAndLogEx(NORMAL, " k : key filename, specific the full filename of key file"); PrintAndLogEx(NORMAL, " f : data filename, specific the full filename of data file"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mf restore -- read the UID from tag first, then restore from hf-mf--key.bin and and hf-mf--data.bin"); - PrintAndLogEx(NORMAL, " hf mf restore 1 u 12345678 -- restore from hf-mf-12345678-key.bin and hf-mf-12345678-data.bin"); - PrintAndLogEx(NORMAL, " hf mf restore 1 u 12345678 k dumpkey.bin -- restore from dumpkey.bin and hf-mf-12345678-data.bin"); - PrintAndLogEx(NORMAL, " hf mf restore 4 -- read the UID from tag with 4K memory first, then restore from hf-mf--key.bin and and hf-mf--data.bin"); + PrintAndLogEx(NORMAL, " hf mf restore -- read the UID from tag first, then restore from hf-mf--key.bin and and hf-mf--dump.bin"); + PrintAndLogEx(NORMAL, " hf mf restore 1 u 12345678 -- restore from hf-mf-12345678-key.bin and hf-mf-12345678-dump.bin"); + PrintAndLogEx(NORMAL, " hf mf restore 1 u 12345678 k dumpkey.bin -- restore from dumpkey.bin and hf-mf-12345678-dump.bin"); + PrintAndLogEx(NORMAL, " hf mf restore 4 -- read the UID from tag with 4K memory first, then restore from hf-mf--key.bin and and hf-mf--dump.bin"); return PM3_SUCCESS; } static int usage_hf14_decryptbytes(void) { @@ -1064,7 +1064,7 @@ static int CmdHF14AMfDump(const char *Cmd) { PrintAndLogEx(SUCCESS, "\nSucceeded in dumping all blocks"); if (strlen(dataFilename) < 1) { - fptr = GenerateFilename("hf-mf-", "-data"); + fptr = GenerateFilename("hf-mf-", "-dump"); if (fptr == NULL) return PM3_ESOFT; @@ -1103,7 +1103,7 @@ static int CmdHF14AMfRestore(const char *Cmd) { if (keyFilename[0] == 0x00) snprintf(keyFilename, FILE_PATH_SIZE, "hf-mf-%s-key.bin", szTemp); if (dataFilename[0] == 0x00) - snprintf(dataFilename, FILE_PATH_SIZE, "hf-mf-%s-data.bin", szTemp); + snprintf(dataFilename, FILE_PATH_SIZE, "hf-mf-%s-dump.bin", szTemp); cmdp += 2; break; case 'k': @@ -1161,7 +1161,7 @@ static int CmdHF14AMfRestore(const char *Cmd) { fclose(fkeys); if (dataFilename[0] == 0x00) { - fptr = GenerateFilename("hf-mf-", "-data.bin"); + fptr = GenerateFilename("hf-mf-", "-dump.bin"); if (fptr == NULL) return 1; @@ -1279,7 +1279,7 @@ static int CmdHF14AMfNested(const char *Cmd) { } // check if tag doesn't have static nonce - if (detect_classic_static_nonce() != 0) { + if (detect_classic_static_nonce() == 1) { PrintAndLogEx(WARNING, "Static nonce detected. Quitting..."); PrintAndLogEx(INFO, "\t Try use " _YELLOW_("`hf mf staticnested`")); return PM3_EOPABORTED; @@ -1839,7 +1839,7 @@ static int CmdHF14AMfNestedHard(const char *Cmd) { if (!know_target_key && nonce_file_read == false) { // check if tag doesn't have static nonce - if (detect_classic_static_nonce() != 0) { + if (detect_classic_static_nonce() == 1) { PrintAndLogEx(WARNING, "Static nonce detected. Quitting..."); PrintAndLogEx(INFO, "\t Try use `" _YELLOW_("hf mf staticnested") "`"); return PM3_EOPABORTED; @@ -2507,7 +2507,7 @@ all_found: return PM3_ETIMEOUT; } - fnameptr = GenerateFilename("hf-mf-", "-data"); + fnameptr = GenerateFilename("hf-mf-", "-dump"); if (fnameptr == NULL) { free(dump); free(e_sector); @@ -3129,7 +3129,7 @@ out: } sector_t *k_sector = NULL; -uint8_t k_sectorsCount = 16; +uint8_t k_sectorsCount = 40; void showSectorTable() { if (k_sector != NULL) { @@ -3217,18 +3217,22 @@ static int CmdHF14AMfSim(const char *Cmd) { case 0: flags |= FLAG_MF_MINI; sprintf(csize, "MINI"); + k_sectorsCount = MIFARE_MINI_MAXSECTOR; break; case 1: flags |= FLAG_MF_1K; sprintf(csize, "1K"); + k_sectorsCount = MIFARE_1K_MAXSECTOR; break; case 2: flags |= FLAG_MF_2K; sprintf(csize, "2K with RATS"); + k_sectorsCount = MIFARE_2K_MAXSECTOR; break; case 4: flags |= FLAG_MF_4K; sprintf(csize, "4K"); + k_sectorsCount = MIFARE_4K_MAXSECTOR; break; default: PrintAndLogEx(WARNING, "Unknown parameter for option t"); @@ -3342,6 +3346,8 @@ static int CmdHF14AMfSim(const char *Cmd) { } showSectorTable(); } + + k_sectorsCount = MIFARE_4K_MAXSECTOR; return PM3_SUCCESS; } /* @@ -4798,6 +4804,95 @@ static int CmdHFMFNDEF(const char *Cmd) { return PM3_SUCCESS; } +int CmdHFMFPersonalize(const char *cmd) { + + CLIParserInit("hf mf personalize", + "Personalize the UID of a Mifare Classic EV1 card. This is only possible if it is a 7Byte UID card and if it is not already personalized.", + "Usage:\n\thf mf personalize UIDF0 -> double size UID according to ISO/IEC14443-3\n" + "\thf mf personalize UIDF1 -> double size UID according to ISO/IEC14443-3, optional usage of selection process shortcut\n" + "\thf mf personalize UIDF2 -> single size random ID according to ISO/IEC14443-3\n" + "\thf mf personalize UIDF3 -> single size NUID according to ISO/IEC14443-3\n" + "\thf mf personalize -t B -k B0B1B2B3B4B5 UIDF3 -> use key B = 0xB0B1B2B3B4B5 instead of default key A\n"); + + void *argtable[] = { + arg_param_begin, + arg_str0("tT", "keytype", "", "key type (A or B) to authenticate sector 0 (default: A)"), + arg_str0("kK", "key", "", "key to authenticate sector 0 (default: FFFFFFFFFFFF)"), + arg_str1(NULL, NULL, "", "Personalization Option"), + arg_param_end + }; + CLIExecWithReturn(cmd, argtable, true); + + char keytypestr[2] = "a"; + uint8_t keytype = 0x00; + int keytypestr_len; + int res = CLIParamStrToBuf(arg_get_str(1), (uint8_t *)keytypestr, 1, &keytypestr_len); + str_lower(keytypestr); + + if (res || (keytypestr[0] != 'a' && keytypestr[0] != 'b')) { + PrintAndLogEx(ERR, "ERROR: not a valid key type. Key type must be A or B"); + CLIParserFree(); + return PM3_EINVARG; + } + if (keytypestr[0] == 'b') { + keytype = 0x01; + } + + uint8_t key[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + int key_len; + res = CLIParamHexToBuf(arg_get_str(2), key, 6, &key_len); + if (res || (!res && key_len > 0 && key_len != 6)) { + PrintAndLogEx(ERR, "ERROR: not a valid key. Key must be 12 hex digits"); + CLIParserFree(); + return PM3_EINVARG; + } + + char pers_optionstr[6]; + int opt_len; + uint8_t pers_option; + res = CLIParamStrToBuf(arg_get_str(3), (uint8_t *)pers_optionstr, 5, &opt_len); + str_lower(pers_optionstr); + + if (res || (!res && opt_len > 0 && opt_len != 5) + || (strncmp(pers_optionstr, "uidf0", 5) && strncmp(pers_optionstr, "uidf1", 5) && strncmp(pers_optionstr, "uidf2", 5) && strncmp(pers_optionstr, "uidf3", 5))) { + PrintAndLogEx(ERR, "ERROR: invalid personalization option. Must be one of UIDF0, UIDF1, UIDF2, or UIDF3"); + CLIParserFree(); + return PM3_EINVARG; + } + if (!strncmp(pers_optionstr, "uidf0", 5)) { + pers_option = MIFARE_EV1_UIDF0; + } else if (!strncmp(pers_optionstr, "uidf1", 5)) { + pers_option = MIFARE_EV1_UIDF1; + } else if (!strncmp(pers_optionstr, "uidf2", 5)) { + pers_option = MIFARE_EV1_UIDF2; + } else { + pers_option = MIFARE_EV1_UIDF3; + } + + CLIParserFree(); + + clearCommandBuffer(); + + struct { + uint8_t keytype; + uint8_t pers_option; + uint8_t key[6]; + } PACKED payload; + payload.keytype = keytype; + payload.pers_option = pers_option; + + memcpy(payload.key, key, 6); + + SendCommandNG(CMD_HF_MIFARE_PERSONALIZE_UID, (uint8_t *)&payload, sizeof(payload)); + + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_HF_MIFARE_PERSONALIZE_UID, &resp, 2500)) return PM3_ETIMEOUT; + + PrintAndLogEx(SUCCESS, "Personalization %s", resp.status == PM3_SUCCESS ? "SUCCEEDED" : "FAILED"); + + return PM3_SUCCESS; +} + static int CmdHF14AMfList(const char *Cmd) { (void)Cmd; // Cmd is not used so far return CmdTraceList("mf"); @@ -4845,7 +4940,7 @@ static command_t CommandTable[] = { {"-----------", CmdHelp, IfPm3Iso14443a, ""}, {"mad", CmdHF14AMfMAD, IfPm3Iso14443a, "Checks and prints MAD"}, {"ndef", CmdHFMFNDEF, IfPm3Iso14443a, "Prints NDEF records from card"}, - + {"personalize", CmdHFMFPersonalize, IfPm3Iso14443a, "Personalize UID (Mifare Classic EV1 only)"}, {"ice", CmdHF14AMfice, IfPm3Iso14443a, "collect MIFARE Classic nonces to file"}, {NULL, NULL, NULL, NULL} }; diff --git a/client/cmdhfmfdes.c b/client/cmdhfmfdes.c index 9c35a195d..5ab35a12d 100644 --- a/client/cmdhfmfdes.c +++ b/client/cmdhfmfdes.c @@ -17,6 +17,9 @@ #include "ui.h" #include "cmdhf14a.h" #include "mbedtls/des.h" +#include "crypto/libpcrypto.h" +#include "protocols.h" +#include "mifare.h" // desfire raw command options uint8_t key_zero_data[16] = { 0x00 }; uint8_t key_ones_data[16] = { 0x01 }; @@ -25,19 +28,339 @@ uint8_t key_picc_data[16] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x static int CmdHelp(const char *Cmd); +//ICEMAN: Turn on field method? +//none +static int test_desfire_authenticate() { + uint8_t c[] = {AUTHENTICATE, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x0A, KEY 0 + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { + DropField(); + return PM3_ETIMEOUT; + } + if (resp.length == 13) + return PM3_SUCCESS; + return PM3_ESOFT; +} +// none +static int test_desfire_authenticate_iso() { + uint8_t c[] = {AUTHENTICATE_ISO, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x1A, KEY 0 + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { + DropField(); + return PM3_ETIMEOUT; + } + if (resp.length >= 13) + return PM3_SUCCESS; + return PM3_ESOFT; +} +//none +static int test_desfire_authenticate_aes() { + uint8_t c[] = {AUTHENTICATE_AES, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0xAA, KEY 0 + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { + DropField(); + return PM3_ETIMEOUT; + } + if (resp.length >= 13) + return PM3_SUCCESS; + return PM3_ESOFT; +} + +// --- FREE MEM +static int desfire_print_freemem(uint32_t free_mem) { + PrintAndLogEx(SUCCESS, " Available free memory on card : " _GREEN_("%d bytes"), free_mem); + return PM3_SUCCESS; +} + +// init / disconnect +static int get_desfire_freemem(uint32_t *free_mem) { + uint8_t c[] = {GET_FREE_MEMORY, 0x00, 0x00, 0x00}; // 0x6E + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, (INIT | DISCONNECT), sizeof(c), 0, c, sizeof(c)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + return PM3_ETIMEOUT; + } + + if (resp.length == 8) { + *free_mem = le24toh(resp.data.asBytes + 1); + return PM3_SUCCESS; + } + + *free_mem = 0; + return PM3_ESOFT; +} + + +// --- GET SIGNATURE +static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t signature_len) { + #define PUBLIC_DESFIRE_ECDA_KEYLEN 57 + + // ref: MIFARE Desfire Originality Signature Validation + uint8_t nxp_desfire_keys[1][PUBLIC_DESFIRE_ECDA_KEYLEN] = { + // DESFire Light + { + 0x04, 0x0E, 0x98, 0xE1, 0x17, 0xAA, 0xA3, 0x64, + 0x57, 0xF4, 0x31, 0x73, 0xDC, 0x92, 0x0A, 0x87, + 0x57, 0x26, 0x7F, 0x44, 0xCE, 0x4E, 0xC5, 0xAD, + 0xD3, 0xC5, 0x40, 0x75, 0x57, 0x1A, 0xEB, 0xBF, + 0x7B, 0x94, 0x2A, 0x97, 0x74, 0xA1, 0xD9, 0x4A, + 0xD0, 0x25, 0x72, 0x42, 0x7E, 0x5A, 0xE0, 0xA2, + 0xDD, 0x36, 0x59, 0x1B, 0x1F, 0xB3, 0x4F, 0xCF, 0x3D + } + // DESFire Ev2 + + }; + + uint8_t public_key = 0; + int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, nxp_desfire_keys[public_key], uid, 7, signature, signature_len, false); + bool is_valid = (res == 0); + + PrintAndLogEx(INFO, " Tag Signature"); + PrintAndLogEx(INFO, " IC signature public key name : NXP DESFire Light"); + PrintAndLogEx(INFO, " IC signature public key value : %s", sprint_hex(nxp_desfire_keys[public_key], 16)); + PrintAndLogEx(INFO, " : %s", sprint_hex(nxp_desfire_keys[public_key] + 16, 16)); + PrintAndLogEx(INFO, " : %s", sprint_hex(nxp_desfire_keys[public_key] + 32, 16)); + PrintAndLogEx(INFO, " : %s", sprint_hex(nxp_desfire_keys[public_key] + 48, PUBLIC_DESFIRE_ECDA_KEYLEN - 48)); + PrintAndLogEx(INFO, " Elliptic curve parameters : NID_secp224r1"); + PrintAndLogEx(INFO, " TAG IC Signature : %s", sprint_hex(signature, 16)); + PrintAndLogEx(INFO, " : %s", sprint_hex(signature + 16, 16)); + PrintAndLogEx(INFO, " : %s", sprint_hex(signature + 32, 16)); + PrintAndLogEx(INFO, " : %s", sprint_hex(signature + 48, signature_len - 48)); + PrintAndLogEx( (is_valid) ? SUCCESS : WARNING, " Signature verified %s", (is_valid) ? _GREEN_("successful") : _RED_("failed")); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + return PM3_SUCCESS; +} + +// init / disconnect +static int get_desfire_signature(uint8_t *signature, size_t *signature_len) { + uint8_t c[] = {MFDES_READSIG, 0x00, 0x00, 0x01, 0x00, 0x00}; // 0x3C + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, (INIT | DISCONNECT), sizeof(c), 0, c, sizeof(c)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) + return PM3_ETIMEOUT; + + if (resp.length == 61) { + memcpy(signature, resp.data.asBytes + 1, 56); + *signature_len = 56; + return PM3_SUCCESS; + } else { + *signature_len = 0; + return PM3_ESOFT; + } +} + + +// --- KEY SETTING +static int desfire_print_keysetting(uint8_t key_settings, uint8_t num_keys) { + + PrintAndLogEx(SUCCESS, " AID Key settings : %02x", key_settings); + PrintAndLogEx(SUCCESS, " Max number of keys in AID : %d", num_keys); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + PrintAndLogEx(SUCCESS, " Changekey Access rights"); + + // Access rights. + uint8_t rights = (key_settings >> 4 & 0x0F); + switch (rights) { + case 0x0: + PrintAndLogEx(SUCCESS, " -- AMK authentication is necessary to change any key (default)"); + break; + case 0xE: + PrintAndLogEx(SUCCESS, " -- Authentication with the key to be changed (same KeyNo) is necessary to change a key"); + break; + case 0xF: + PrintAndLogEx(SUCCESS, " -- All keys (except AMK,see Bit0) within this application are frozen"); + break; + default: + PrintAndLogEx(SUCCESS, " -- Authentication with the specified key is necessary to change any key.\nA change key and a PICC master key (CMK) can only be changed after authentication with the master key.\nFor keys other then the master or change key, an authentication with the same key is needed."); + break; + } + + PrintAndLogEx(SUCCESS, " [0x08] Configuration changeable : %s", (key_settings & (1 << 3)) ? _GREEN_("YES") : "NO"); + PrintAndLogEx(SUCCESS, " [0x04] AMK required for create/delete : %s", (key_settings & (1 << 2)) ? "NO" : "YES"); + PrintAndLogEx(SUCCESS, " [0x02] Directory list access with AMK : %s", (key_settings & (1 << 1)) ? "NO" : "YES"); + PrintAndLogEx(SUCCESS, " [0x01] AMK is changeable : %s", (key_settings & (1 << 0)) ? _GREEN_("YES") : "NO"); + return PM3_SUCCESS; +} + +// none +static int get_desfire_keysettings(uint8_t *key_settings, uint8_t *num_keys) { + PacketResponseNG resp; + uint8_t c[] = {MFDES_GET_KEY_SETTINGS, 0x00, 0x00, 0x00}; // 0x45 + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c)); + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLogEx(WARNING, _RED_(" Timed-out")); + return PM3_ETIMEOUT; + } + + uint8_t isOK = resp.oldarg[0] & 0xFF; + if (isOK == false) { + return PM3_ESOFT; + } + + if (resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0xae) { + PrintAndLogEx(WARNING, _RED_(" authentication error")); + return PM3_ESOFT; + } +// PrintAndLogEx(INFO, "ICE: KEYSETTING resp :: %s", sprint_hex(resp.data.asBytes, resp.length)); + *key_settings = resp.data.asBytes[1]; + *num_keys = resp.data.asBytes[2]; + return PM3_SUCCESS; +} + +// --- KEY VERSION +static int desfire_print_keyversion(uint8_t key_idx, uint8_t key_version) { + PrintAndLogEx(SUCCESS, " Key [%u] Version : %d (0x%02x)", key_idx, key_version, key_version); + return PM3_SUCCESS; +} + +// none +static int get_desfire_keyversion(uint8_t curr_key, uint8_t *num_versions) { + PacketResponseNG resp; + uint8_t c[] = {MFDES_GET_KEY_VERSION, 0x00, 0x00, 0x01, curr_key, 0x00}; // 0x64 + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c)); + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLogEx(WARNING, _RED_(" Timed-out")); + return PM3_ETIMEOUT; + } + + uint8_t isOK = resp.oldarg[0] & 0xFF; + if (isOK == false) { + return PM3_ESOFT; + } + + if ( resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0x40) { + return PM3_ESOFT; + } + + *num_versions = resp.data.asBytes[1]; + return PM3_SUCCESS; +} + + +// init +static int get_desfire_select_application(uint8_t *aid) { + if (aid == NULL) return PM3_ESOFT; + + uint8_t c[] = {SELECT_APPLICATION, 0x00, 0x00, 0x03, aid[0], aid[1], aid[2], 0x00}; // 0x5a + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT, sizeof(c), 0, c, sizeof(c)); + + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) { + PrintAndLogEx(WARNING, _RED_(" timed-out")); + return PM3_ETIMEOUT; + } + + uint8_t isOK = resp.oldarg[0] & 0xff; + if (!isOK) { + PrintAndLogEx(WARNING, " Can't select AID: " _RED_("%s"), sprint_hex(aid, 3)); + return PM3_ESOFT; + } + + if (resp.data.asBytes[1] == 0x91 && resp.data.asBytes[2] == 0x00) { + return PM3_SUCCESS; + } + + return PM3_ESOFT; +} + + +// init / disconnect +static int get_desfire_appids(uint8_t *dest, uint8_t *app_ids_len) { + + uint8_t c[] = {GET_APPLICATION_IDS, 0x00, 0x00, 0x00}; //0x6a + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | CLEARTRACE | DISCONNECT , sizeof(c), 0, c, sizeof(c)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + return PM3_ETIMEOUT; + } + + uint8_t isOK = resp.oldarg[0] & 0xff; + if (!isOK) { + PrintAndLogEx(WARNING, _RED_("Command unsuccessful")); + return PM3_ESOFT; + } + + *app_ids_len = resp.length - 5; + + // resp.length - 2crc, 2status, 1pcb... + memcpy(dest, resp.data.asBytes + 1, *app_ids_len); + + if (resp.data.asBytes[resp.length - 3] == MFDES_ADDITIONAL_FRAME) { + + c[0] = MFDES_ADDITIONAL_FRAME; //0xAF + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c)); + + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + return PM3_ETIMEOUT; + } + + isOK = resp.oldarg[0] & 0xff; + if (!isOK) { + PrintAndLogEx(WARNING, _RED_("Command unsuccessful")); + return PM3_ESOFT; + } + + memcpy(dest + *app_ids_len, resp.data.asBytes + 1, resp.length - 5); + + *app_ids_len += (resp.length - 5); + } + return PM3_SUCCESS; +} + + +// none +static int get_desfire_fileids(uint8_t *dest, uint8_t *file_ids_len) { + uint8_t c[] = {MFDES_GET_FILE_IDS, 0x00, 0x00, 0x00}; // 0x6f + SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(c), 0, c, sizeof(c)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + PrintAndLogEx(WARNING, _RED_(" Timed-out")); + return PM3_ETIMEOUT; + } + + uint8_t isOK = resp.oldarg[0] & 0xff; + if (!isOK) { + PrintAndLogEx(WARNING, _RED_("Command unsuccessful")); + return PM3_ESOFT; + } + + if (resp.data.asBytes[resp.length - 4] == 0x91 && resp.data.asBytes[resp.length - 3] == 0x00) { + *file_ids_len = resp.length - 5; + memcpy(dest, resp.data.asBytes + 1, *file_ids_len); + return PM3_SUCCESS; + } + + return PM3_ESOFT; +} + static int CmdHF14ADesInfo(const char *Cmd) { (void)Cmd; // Cmd is not used so far SendCommandNG(CMD_HF_DESFIRE_INFO, NULL, 0); PacketResponseNG resp; - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + if (!WaitForResponseTimeout(CMD_HF_DESFIRE_INFO, &resp, 1500)) { PrintAndLogEx(WARNING, "Command execute timeout"); + DropField(); return PM3_ETIMEOUT; } - uint8_t isOK = resp.oldarg[0] & 0xff; - if (!isOK) { - switch (resp.oldarg[1]) { + + struct p { + uint8_t isOK; + uint8_t uid[7]; + uint8_t versionHW[7]; + uint8_t versionSW[7]; + uint8_t details[14]; + } PACKED; + + struct p *package = (struct p *) resp.data.asBytes; + + if (resp.status != PM3_SUCCESS) { + + switch (package->isOK) { case 1: PrintAndLogEx(WARNING, "Can't select card"); break; @@ -46,49 +369,77 @@ static int CmdHF14ADesInfo(const char *Cmd) { break; case 3: default: - PrintAndLogEx(WARNING, "Command unsuccessful"); + PrintAndLogEx(WARNING, _RED_("Command unsuccessful")); break; } return PM3_ESOFT; } + PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "-- Desfire Information --------------------------------------"); - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); - PrintAndLogEx(NORMAL, " UID : %s", sprint_hex(resp.data.asBytes, 7)); - PrintAndLogEx(NORMAL, " Batch number : %s", sprint_hex(resp.data.asBytes + 28, 5)); - PrintAndLogEx(NORMAL, " Production date : week %02x, 20%02x", resp.data.asBytes[33], resp.data.asBytes[34]); - PrintAndLogEx(NORMAL, " -----------------------------------------------------------"); - PrintAndLogEx(NORMAL, " Hardware Information"); - PrintAndLogEx(NORMAL, " Vendor Id : %s", getTagInfo(resp.data.asBytes[7])); - PrintAndLogEx(NORMAL, " Type : 0x%02X", resp.data.asBytes[8]); - PrintAndLogEx(NORMAL, " Subtype : 0x%02X", resp.data.asBytes[9]); - PrintAndLogEx(NORMAL, " Version : %s", getVersionStr(resp.data.asBytes[10], resp.data.asBytes[11])); - PrintAndLogEx(NORMAL, " Storage size : %s", getCardSizeStr(resp.data.asBytes[12])); - PrintAndLogEx(NORMAL, " Protocol : %s", getProtocolStr(resp.data.asBytes[13])); - PrintAndLogEx(NORMAL, " -----------------------------------------------------------"); - PrintAndLogEx(NORMAL, " Software Information"); - PrintAndLogEx(NORMAL, " Vendor Id : %s", getTagInfo(resp.data.asBytes[14])); - PrintAndLogEx(NORMAL, " Type : 0x%02X", resp.data.asBytes[15]); - PrintAndLogEx(NORMAL, " Subtype : 0x%02X", resp.data.asBytes[16]); - PrintAndLogEx(NORMAL, " Version : %d.%d", resp.data.asBytes[17], resp.data.asBytes[18]); - PrintAndLogEx(NORMAL, " storage size : %s", getCardSizeStr(resp.data.asBytes[19])); - PrintAndLogEx(NORMAL, " Protocol : %s", getProtocolStr(resp.data.asBytes[20])); - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, "-- Mifare DESFire Tag Information ---------------------------"); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + PrintAndLogEx(SUCCESS, " UID : " _GREEN_("%s"), sprint_hex(package->uid, sizeof(package->uid))); + PrintAndLogEx(SUCCESS, " Batch number : " _GREEN_("%s"), sprint_hex(package->details + 7, 5)); + PrintAndLogEx(SUCCESS, " Production date : week " _GREEN_("%02x") "/ " _GREEN_("20%02x"), package->details[12], package->details[13]); + PrintAndLogEx(INFO, " -----------------------------------------------------------"); + PrintAndLogEx(INFO, " Hardware Information"); + PrintAndLogEx(SUCCESS, " Vendor Id : " _YELLOW_("%s"), getTagInfo(package->versionHW[0])); + PrintAndLogEx(SUCCESS, " Type : " _YELLOW_("0x%02X"), package->versionHW[1]); + PrintAndLogEx(SUCCESS, " Subtype : " _YELLOW_("0x%02X"), package->versionHW[2]); + PrintAndLogEx(SUCCESS, " Version : %s", getVersionStr(package->versionHW[3], package->versionHW[4])); + PrintAndLogEx(SUCCESS, " Storage size : %s", getCardSizeStr(package->versionHW[5])); + PrintAndLogEx(SUCCESS, " Protocol : %s", getProtocolStr(package->versionHW[6])); + PrintAndLogEx(INFO, " -----------------------------------------------------------"); + PrintAndLogEx(INFO, " Software Information"); + PrintAndLogEx(SUCCESS, " Vendor Id : " _YELLOW_("%s"), getTagInfo(package->versionSW[0])); + PrintAndLogEx(SUCCESS, " Type : " _YELLOW_("0x%02X"), package->versionSW[1]); + PrintAndLogEx(SUCCESS, " Subtype : " _YELLOW_("0x%02X"), package->versionSW[2]); + PrintAndLogEx(SUCCESS, " Version : " _YELLOW_("%d.%d"), package->versionSW[3], package->versionSW[4]); + PrintAndLogEx(SUCCESS, " storage size : %s", getCardSizeStr(package->versionSW[5])); + PrintAndLogEx(SUCCESS, " Protocol : %s", getProtocolStr(package->versionSW[6])); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + + PrintAndLogEx(INFO, "Card capabilities"); + uint8_t major = package->versionSW[3]; + uint8_t minor = package->versionSW[4]; + if (major == 0 && minor == 4) + PrintAndLogEx(INFO, "\t0.4 - DESFire MF3ICD40, No support for APDU (only native commands)"); + if (major == 0 && minor == 5) + PrintAndLogEx(INFO, "\t0.5 - DESFire MF3ICD40, Support for wrapping commands inside ISO 7816 style APDUs"); + if (major == 0 && minor == 6) + PrintAndLogEx(INFO, "\t0.6 - DESFire MF3ICD40, Add ISO/IEC 7816 command set compatibility"); + if (major == 1 && minor == 3) + PrintAndLogEx(INFO, "\t1.3 - DESFire Ev1, Support extended APDU commands"); + if (major == 1 && minor == 4) + PrintAndLogEx(INFO, "\t1.4 - DESFire Ev1, N/A information about this version. report to iceman!"); + if (major == 2 && minor == 0) + PrintAndLogEx(INFO, "\t2.0 - DESFire Ev2, Originality check, proximity check"); + + if (major == 0 && minor == 2) + PrintAndLogEx(INFO, "\t0.2 - DESFire Light, Originality check, "); + + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + + // Signature originality check + uint8_t signature[56] = {0}; + size_t signature_len = 0; + + if (get_desfire_signature(signature, &signature_len) == PM3_SUCCESS) + desfire_print_signature(package->uid, signature, signature_len); // Master Key settings - getKeySettings(NULL); + uint8_t master_aid[3] = {0x00, 0x00, 0x00}; + getKeySettings(master_aid); // Free memory on card - uint8_t data[1] = {GET_FREE_MEMORY}; - SendCommandOLD(CMD_HF_DESFIRE_COMMAND, (INIT | DISCONNECT), 0x01, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) - return PM3_ETIMEOUT; - - uint8_t tmp[3]; - memcpy(tmp, resp.data.asBytes + 3, 3); - - PrintAndLogEx(NORMAL, " Available free memory on card : %d bytes", le24toh(tmp)); - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, " Free memory"); + uint32_t free_mem = 0; + if (get_desfire_freemem(&free_mem) == PM3_SUCCESS) { + desfire_print_freemem(free_mem); + } else { + PrintAndLogEx(SUCCESS, " Card doesn't support 'free mem' cmd"); + } + PrintAndLogEx(INFO, "-------------------------------------------------------------"); /* Card Master key (CMK) 0x00 AID = 00 00 00 (card level) @@ -105,6 +456,7 @@ static int CmdHF14ADesInfo(const char *Cmd) { */ + DropField(); return PM3_SUCCESS; } @@ -116,7 +468,7 @@ static int CmdHF14ADesInfo(const char *Cmd) { */ char *getCardSizeStr(uint8_t fsize) { - static char buf[30] = {0x00}; + static char buf[40] = {0x00}; char *retStr = buf; uint16_t usize = 1 << ((fsize >> 1) + 1); @@ -124,37 +476,39 @@ char *getCardSizeStr(uint8_t fsize) { // is LSB set? if (fsize & 1) - sprintf(retStr, "0x%02X (%d - %d bytes)", fsize, usize, lsize); + sprintf(retStr, "0x%02X ( " _YELLOW_("%d - %d bytes") ")", fsize, usize, lsize); else - sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize); + sprintf(retStr, "0x%02X ( " _YELLOW_("%d bytes") ")", fsize, lsize); return buf; } char *getProtocolStr(uint8_t id) { - static char buf[30] = {0x00}; + static char buf[40] = {0x00}; char *retStr = buf; if (id == 0x05) - sprintf(retStr, "0x%02X (ISO 14443-3, 14443-4)", id); + sprintf(retStr, "0x%02X ( " _YELLOW_("ISO 14443-3, 14443-4") ")", id); else - sprintf(retStr, "0x%02X (Unknown)", id); + sprintf(retStr, "0x%02X ( " _YELLOW_("Unknown") ")", id); return buf; } char *getVersionStr(uint8_t major, uint8_t minor) { - static char buf[30] = {0x00}; + static char buf[40] = {0x00}; char *retStr = buf; if (major == 0x00) - sprintf(retStr, "%d.%d (Desfire MF3ICD40)", major, minor); + sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire MF3ICD40") ")", major, minor); else if (major == 0x01 && minor == 0x00) - sprintf(retStr, "%d.%d (Desfire EV1)", major, minor); + sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire EV1") ")", major, minor); else if (major == 0x12 && minor == 0x00) - sprintf(retStr, "%d.%d (Desfire EV2)", major, minor); + sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire EV2") ")", major, minor); + else if (major == 0x30 && minor == 0x00) + sprintf(retStr, "%x.%x ( " _YELLOW_("DESFire Light") ")", major, minor); else - sprintf(retStr, "%d.%d (Unknown)", major, minor); + sprintf(retStr, "%x.%x ( " _YELLOW_("Unknown") ")", major, minor); return buf; } @@ -162,279 +516,201 @@ void getKeySettings(uint8_t *aid) { char messStr[512] = {0x00}; const char *str = messStr; - uint8_t isOK = 0; - PacketResponseNG resp; - //memset(messStr, 0x00, 512); + if (memcmp(aid, "\x00\x00\x00", 3) == 0) { + + // CARD MASTER KEY + PrintAndLogEx(INFO, " CMK - PICC, Card Master Key settings"); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); - if (aid == NULL) { - PrintAndLogEx(NORMAL, " CMK - PICC, Card Master Key settings "); - PrintAndLogEx(NORMAL, ""); - { - uint8_t data[1] = {GET_KEY_SETTINGS}; // 0x45 - SendCommandOLD(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); - } - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;} - isOK = resp.oldarg[0] & 0xff; - if (!isOK) { - PrintAndLogEx(WARNING, " Can't select master application"); + if (get_desfire_select_application(aid) != PM3_SUCCESS) { + PrintAndLogEx(WARNING, _RED_(" Can't select AID")); + DropField(); return; } - str = (resp.data.asBytes[3] & (1 << 3)) ? "YES" : "NO"; - PrintAndLogEx(NORMAL, " [0x08] Configuration changeable : %s", str); - str = (resp.data.asBytes[3] & (1 << 2)) ? "NO" : "YES"; - PrintAndLogEx(NORMAL, " [0x04] CMK required for create/delete : %s", str); - str = (resp.data.asBytes[3] & (1 << 1)) ? "NO" : "YES"; - PrintAndLogEx(NORMAL, " [0x02] Directory list access with CMK : %s", str); - str = (resp.data.asBytes[3] & (1 << 0)) ? "YES" : "NO"; - PrintAndLogEx(NORMAL, " [0x01] CMK is changeable : %s", str); + // KEY Settings - AMK + uint8_t num_keys = 0; + uint8_t key_setting = 0; + if (get_desfire_keysettings(&key_setting, &num_keys) == PM3_SUCCESS) { + // number of Master keys (0x01) + PrintAndLogEx(SUCCESS, " Number of Masterkeys : " _YELLOW_("%u"), (num_keys & 0x3F) ); - { - uint8_t data[2] = {GET_KEY_VERSION, 0}; // 0x64 - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); + PrintAndLogEx(SUCCESS, " [0x08] Configuration changeable : %s", (key_setting & (1 << 3)) ? _GREEN_("YES") : "NO"); + PrintAndLogEx(SUCCESS, " [0x04] CMK required for create/delete : %s", (key_setting & (1 << 2)) ? _GREEN_("YES") : "NO"); + PrintAndLogEx(SUCCESS, " [0x02] Directory list access with CMK : %s", (key_setting & (1 << 1)) ? _GREEN_("YES") : "NO"); + PrintAndLogEx(SUCCESS, " [0x01] CMK is changeable : %s", (key_setting & (1 << 0)) ? _GREEN_("YES") : "NO"); + } else { + PrintAndLogEx(WARNING, _RED_(" Can't read Application Master key settings")); } - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { return; } - isOK = resp.oldarg[0] & 0xff; - if (!isOK) { - PrintAndLogEx(WARNING, " Can't read key-version"); - return; - } - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, " Max number of keys : %d", resp.data.asBytes[4]); - PrintAndLogEx(NORMAL, " Master key Version : %d (0x%02x)", resp.data.asBytes[3], resp.data.asBytes[3]); - PrintAndLogEx(NORMAL, " ----------------------------------------------------------"); - { - uint8_t data[2] = {AUTHENTICATE, 0}; // 0x0A, KEY 0 - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); + memset(messStr, 0x00, sizeof(messStr)); + str = " Operation of PICC master key : " _YELLOW_("%s"); + + // 2 MSB denotes + switch (num_keys >> 6) { + case 0: + PrintAndLogEx(SUCCESS, str, "(3)DES"); + break; + case 1: + PrintAndLogEx(SUCCESS, str, "3K3DES"); + break; + case 2: + PrintAndLogEx(SUCCESS, str, "AES"); + break; + default: + break; } - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;} - isOK = resp.data.asBytes[2] & 0xff; - PrintAndLogEx(NORMAL, " [0x0A] Authenticate : %s", (isOK == 0xAE) ? "NO" : "YES"); - - { - uint8_t data[2] = {AUTHENTICATE_ISO, 0}; // 0x1A, KEY 0 - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); + uint8_t cmk_num_versions = 0; + if (get_desfire_keyversion(0, &cmk_num_versions) == PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, " PICC Master key Version : " _YELLOW_("%d (0x%02x)"), cmk_num_versions, cmk_num_versions); + PrintAndLogEx(INFO, " ----------------------------------------------------------"); } - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;} - isOK = resp.data.asBytes[2] & 0xff; - PrintAndLogEx(NORMAL, " [0x1A] Authenticate ISO : %s", (isOK == 0xAE) ? "NO" : "YES"); + // Authentication tests + int res = test_desfire_authenticate(); + if (res == PM3_ETIMEOUT) return; + PrintAndLogEx(SUCCESS, " [0x0A] Authenticate : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO"); - { - uint8_t data[2] = {AUTHENTICATE_AES, 0}; // 0xAA, KEY 0 - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); - } + res = test_desfire_authenticate_iso(); + if (res == PM3_ETIMEOUT) return; + PrintAndLogEx(SUCCESS, " [0x1A] Authenticate ISO : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO"); - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {return;} - isOK = resp.data.asBytes[2] & 0xff; - PrintAndLogEx(NORMAL, " [0xAA] Authenticate AES : %s", (isOK == 0xAE) ? "NO" : "YES"); - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, " ----------------------------------------------------------"); + res = test_desfire_authenticate_aes(); + if (res == PM3_ETIMEOUT) return; + PrintAndLogEx(SUCCESS, " [0xAA] Authenticate AES : %s", (res == PM3_SUCCESS) ? _YELLOW_("YES") : "NO"); + + PrintAndLogEx(INFO, "-------------------------------------------------------------"); } else { - PrintAndLogEx(NORMAL, " AMK - Application Master Key settings"); + + // AID - APPLICATION MASTER KEYS + PrintAndLogEx(SUCCESS, " AMK - Application Master Key settings"); + PrintAndLogEx(INFO, " ----------------------------------------------------------"); - // SELECT AID - { - uint8_t data[4] = {SELECT_APPLICATION}; // 0x5a - memcpy(data + 1, aid, 3); - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | CLEARTRACE, sizeof(data), 0, data, sizeof(data)); - } - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { - PrintAndLogEx(WARNING, " Timed-out"); - return; - } - isOK = resp.oldarg[0] & 0xff; - if (!isOK) { - PrintAndLogEx(WARNING, " Can't select AID: %s", sprint_hex(aid, 3)); + if (get_desfire_select_application(aid) != PM3_SUCCESS) { + PrintAndLogEx(WARNING, _RED_(" Can't select AID")); + DropField(); return; } - // KEY SETTINGS - { - uint8_t data[1] = {GET_KEY_SETTINGS}; // 0x45 - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(data), 0, data, sizeof(data)); - } - - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { - return; - } - isOK = resp.oldarg[0] & 0xff; - if (!isOK) { - PrintAndLogEx(WARNING, " Can't read Application Master key settings"); + // KEY Settings - AMK + uint8_t num_keys = 0; + uint8_t key_setting = 0; + if (get_desfire_keysettings(&key_setting, &num_keys) == PM3_SUCCESS) { + desfire_print_keysetting(key_setting, num_keys); } else { - // Access rights. - uint8_t rights = (resp.data.asBytes[3] >> 4 & 0xff); - switch (rights) { - case 0x00: - str = "AMK authentication is necessary to change any key (default)"; - break; - case 0x0e: - str = "Authentication with the key to be changed (same KeyNo) is necessary to change a key"; - break; - case 0x0f: - str = "All keys (except AMK,see Bit0) within this application are frozen"; - break; - default: - str = "Authentication with the specified key is necessary to change any key. A change key and a PICC master key (CMK) can only be changed after authentication with the master key. For keys other then the master or change key, an authentication with the same key is needed."; - break; - } - PrintAndLogEx(NORMAL, "Changekey Access rights"); - PrintAndLogEx(NORMAL, "-- %s", str); - PrintAndLogEx(NORMAL, ""); - // same as CMK - str = (resp.data.asBytes[3] & (1 << 3)) ? "YES" : "NO"; - PrintAndLogEx(NORMAL, " 0x08 Configuration changeable : %s", str); - str = (resp.data.asBytes[3] & (1 << 2)) ? "NO" : "YES"; - PrintAndLogEx(NORMAL, " 0x04 AMK required for create/delete : %s", str); - str = (resp.data.asBytes[3] & (1 << 1)) ? "NO" : "YES"; - PrintAndLogEx(NORMAL, " 0x02 Directory list access with AMK : %s", str); - str = (resp.data.asBytes[3] & (1 << 0)) ? "YES" : "NO"; - PrintAndLogEx(NORMAL, " 0x01 AMK is changeable : %s", str); + PrintAndLogEx(WARNING, _RED_(" Can't read Application Master key settings")); } // KEY VERSION - AMK - { - uint8_t data[2] = {GET_KEY_VERSION, 0}; // 0x64 - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(data), 0, data, sizeof(data)); - } - - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { - PrintAndLogEx(WARNING, " Timed-out"); - return; - } - - int numOfKeys; - - isOK = resp.oldarg[0] & 0xff; - if (isOK == false) { - PrintAndLogEx(WARNING, " Can't read Application Master key version. Trying all keys"); - //numOfKeys = MAX_NUM_KEYS; + uint8_t num_version = 0; + if (get_desfire_keyversion(0, &num_version) == PM3_SUCCESS) { + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, " Application keys"); + desfire_print_keyversion(0, num_version); } else { - numOfKeys = resp.data.asBytes[4]; - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, " Max number of keys : %d", numOfKeys); - PrintAndLogEx(NORMAL, " Application Master key Version : %d (0x%02x)", resp.data.asBytes[3], resp.data.asBytes[3]); - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); + PrintAndLogEx(WARNING, " Can't read AID master key version. Trying all keys"); } - // LOOP over numOfKeys that we got before. // From 0x01 to numOfKeys. We already got 0x00. (AMK) - // TODO (iceman) - /* - for (int i = 0x01; i <= 0x0f; ++i) { + num_keys &= 0x3F; + if (num_keys > 1) { + for (uint8_t i = 0x01; i < num_keys; ++i) { + if (get_desfire_keyversion(i, &num_version) == PM3_SUCCESS) { + desfire_print_keyversion(i, num_version); + } else { + PrintAndLogEx(WARNING, " Can't read key %d (0x%02x) version", i, i); } - */ + } + } + PrintAndLogEx(INFO, "-------------------------------------------------------------"); } + + DropField(); } static int CmdHF14ADesEnumApplications(const char *Cmd) { (void)Cmd; // Cmd is not used so far - uint8_t isOK = 0x00; +// uint8_t isOK = 0x00; uint8_t aid[3]; - { - uint8_t data[1] = {GET_APPLICATION_IDS}; //0x6a - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT | DISCONNECT, sizeof(data), 0, data, sizeof(data)); - } - PacketResponseNG resp; - - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { - return PM3_ETIMEOUT; - } - - isOK = resp.oldarg[0] & 0xff; - if (!isOK) { - PrintAndLogEx(NORMAL, "Command unsuccessful"); + uint8_t app_ids[78] = {0}; + uint8_t app_ids_len = 0; + + uint8_t file_ids[33] = {0}; + uint8_t file_ids_len = 0; + + if (get_desfire_appids(app_ids, &app_ids_len) != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Can't get list of applications on tag"); return PM3_ESOFT; } + PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "-- Desfire Enumerate Applications ---------------------------"); - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, "-- Mifare DESFire Enumerate applications --------------------"); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + PrintAndLogEx(SUCCESS, " Tag report " _GREEN_("%d") "application%c", app_ids_len / 3, (app_ids_len == 3) ? ' ' : 's'); + + for (int i = 0; i < app_ids_len; i += 3) { - PacketResponseNG respAid; - PacketResponseNG respFiles; + aid[0] = app_ids[i]; + aid[1] = app_ids[i + 1]; + aid[2] = app_ids[i + 2]; + + PrintAndLogEx(SUCCESS, " AID %d : " _GREEN_("%02X %02X %02X"), i, app_ids[i], app_ids[i+1], app_ids[i+2]); - uint8_t num = 0; - int max = resp.oldarg[1] - 3 - 2; - - for (int i = 3; i <= max; i += 3) { - PrintAndLogEx(NORMAL, " Aid %d : %02X %02X %02X ", num, resp.data.asBytes[i], resp.data.asBytes[i + 1], resp.data.asBytes[i + 2]); - num++; - - aid[0] = resp.data.asBytes[i]; - aid[1] = resp.data.asBytes[i + 1]; - aid[2] = resp.data.asBytes[i + 2]; getKeySettings(aid); - // Select Application - { - uint8_t data[4] = {SELECT_APPLICATION}; // 0x5a - memcpy(data + 1, &resp.data.asBytes[i], 3); - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, INIT, sizeof(data), 0, data, sizeof(data)); - } - - if (!WaitForResponseTimeout(CMD_ACK, &respAid, 1500)) { - PrintAndLogEx(WARNING, " Timed-out"); - continue; - } - isOK = respAid.data.asBytes[2] & 0xff; - if (isOK != 0x00) { - PrintAndLogEx(WARNING, " Can't select AID: %s", sprint_hex(resp.data.asBytes + i, 3)); - continue; - } - // Get File IDs - { - uint8_t data[1] = {GET_FILE_IDS}; // 0x6f - SendCommandMIX(CMD_HF_DESFIRE_COMMAND, NONE, sizeof(data), 0, data, sizeof(data)); - } - - if (!WaitForResponseTimeout(CMD_ACK, &respFiles, 1500)) { - PrintAndLogEx(WARNING, " Timed-out"); - continue; - } else { - isOK = respFiles.data.asBytes[2] & 0xff; - if (!isOK) { - PrintAndLogEx(WARNING, " Can't get file ids "); - } else { - int respfileLen = resp.oldarg[1] - 3 - 2; - for (int j = 0; j < respfileLen; ++j) { - PrintAndLogEx(NORMAL, " Fileid %d :", resp.data.asBytes[j + 3]); - } + if (get_desfire_fileids(file_ids, &file_ids_len) == PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, " Tag report " _GREEN_("%d") "file%c", file_ids_len, (file_ids_len == 1) ? ' ' : 's'); + for (int i = 0; i < file_ids_len; ++i) { + PrintAndLogEx(SUCCESS, " Fileid %d (0x%02x)", file_ids[i], file_ids[i]); } } +/* // Get ISO File IDs { - uint8_t data[1] = {GET_ISOFILE_IDS}; // 0x61 + uint8_t data[] = {GET_ISOFILE_IDS, 0x00, 0x00, 0x00}; // 0x61 SendCommandMIX(CMD_HF_DESFIRE_COMMAND, DISCONNECT, sizeof(data), 0, data, sizeof(data)); } if (!WaitForResponseTimeout(CMD_ACK, &respFiles, 1500)) { - PrintAndLogEx(WARNING, " Timed-out"); + PrintAndLogEx(WARNING, _RED_(" Timed-out")); continue; } else { isOK = respFiles.data.asBytes[2] & 0xff; if (!isOK) { - PrintAndLogEx(WARNING, " Can't get ISO file ids "); + PrintAndLogEx(WARNING, _RED_(" Can't get ISO file ids")); } else { int respfileLen = resp.oldarg[1] - 3 - 2; for (int j = 0; j < respfileLen; ++j) { - PrintAndLogEx(NORMAL, " ISO Fileid %d :", resp.data.asBytes[j + 3]); + PrintAndLogEx(SUCCESS, " ISO Fileid %d :", resp.data.asBytes[j + 3]); } } } + */ } - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + DropField(); return PM3_SUCCESS; } +/* + uint8_t cmd[3 + 16] = {0xa8, 0x90, 0x90, 0x00}; + int res = ExchangeRAW14a(cmd, sizeof(cmd), false, false, data, sizeof(data), &datalen, false); -// MIAFRE DesFire Authentication + if (!res && datalen > 1 && data[0] == 0x09) { + SLmode = 0; + } + +*/ + + + +// MIAFRE DESFire Authentication // #define BUFSIZE 256 static int CmdHF14ADesAuth(const char *Cmd) { @@ -457,8 +733,8 @@ static int CmdHF14ADesAuth(const char *Cmd) { PrintAndLogEx(NORMAL, " 1 = DES 2 = 3DES 3 = 3K3DES 4 = AES"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfdes auth 1 1 0 11223344"); - PrintAndLogEx(NORMAL, " hf mfdes auth 3 4 0 404142434445464748494a4b4c4d4e4f"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfdes auth 1 1 0 11223344")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfdes auth 3 4 0 404142434445464748494a4b4c4d4e4f")); return PM3_SUCCESS; } uint8_t cmdAuthMode = param_get8(Cmd, 0); @@ -531,18 +807,17 @@ static int CmdHF14ADesAuth(const char *Cmd) { if (isOK) { uint8_t *session_key = resp.data.asBytes; - PrintAndLogEx(NORMAL, " Key :%s", sprint_hex(key, keylength)); - PrintAndLogEx(NORMAL, " SESSION :%s", sprint_hex(session_key, keylength)); - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); + PrintAndLogEx(SUCCESS, " Key : " _GREEN_("%s"), sprint_hex(key, keylength)); + PrintAndLogEx(SUCCESS, " SESSION : " _GREEN_("%s"), sprint_hex(session_key, keylength)); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); //PrintAndLogEx(NORMAL, " Expected :B5 21 9E E8 1A A7 49 9D 21 96 68 7E 13 97 38 56"); } else { - PrintAndLogEx(NORMAL, "Client command failed."); + PrintAndLogEx(WARNING, _RED_("Client command failed.")); } - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); return PM3_SUCCESS; } - static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"}, @@ -564,4 +839,3 @@ int CmdHFMFDes(const char *Cmd) { clearCommandBuffer(); return CmdsParse(CommandTable, Cmd); } - diff --git a/client/cmdhfmfdes.h b/client/cmdhfmfdes.h index 3a19f6d83..5c4dcb5e2 100644 --- a/client/cmdhfmfdes.h +++ b/client/cmdhfmfdes.h @@ -19,16 +19,6 @@ char *getProtocolStr(uint8_t id); char *getVersionStr(uint8_t major, uint8_t minor); void getKeySettings(uint8_t *aid); -// Command options for Desfire behavior. -enum { - NONE = 0x00, - INIT = 0x01, - DISCONNECT = 0x02, - CLEARTRACE = 0x04, - BAR = 0x08, -} CmdOptions ; - - #define CREATE_APPLICATION 0xca #define DELETE_APPLICATION 0xda #define GET_APPLICATION_IDS 0x6a diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c index d83c60047..9f6c458ae 100644 --- a/client/cmdhfmfhard.c +++ b/client/cmdhfmfhard.c @@ -1390,7 +1390,6 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ char progress_text[80]; FILE *fnonces = NULL; PacketResponseNG resp; - num_acquired_nonces = 0; clearCommandBuffer(); @@ -1402,24 +1401,35 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ flags |= field_off ? 0x0004 : 0; clearCommandBuffer(); - SendCommandMIX(CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, flags, key, 6); - if (field_off) break; + if (field_off) { + SendCommandNG(CMD_FPGA_MAJOR_MODE_OFF, NULL, 0); + break; + } else { + SendCommandMIX(CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, flags, key, 6); + } if (initialize) { + if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) { - uint8_t nullkey[6] = {0}; - //strange second call (iceman) clearCommandBuffer(); - SendCommandMIX(CMD_HF_MIFARE_ACQ_ENCRYPTED_NONCES, blockNo + keyType * 0x100, trgBlockNo + trgKeyType * 0x100, 4, nullkey, sizeof(nullkey)); + SendCommandNG(CMD_FPGA_MAJOR_MODE_OFF, NULL, 0); return 1; } - if (resp.oldarg[0]) return resp.oldarg[0]; // error during nested_hard + + // error during nested_hard + if (resp.oldarg[0]) { + clearCommandBuffer(); + SendCommandNG(CMD_FPGA_MAJOR_MODE_OFF, NULL, 0); + return resp.oldarg[0]; + } cuid = resp.oldarg[1]; if (nonce_file_write && fnonces == NULL) { if ((fnonces = fopen(filename, "wb")) == NULL) { PrintAndLogEx(WARNING, "Could not create file %s", filename); + clearCommandBuffer(); + SendCommandNG(CMD_FPGA_MAJOR_MODE_OFF, NULL, 0); return 3; } snprintf(progress_text, 80, "Writing acquired nonces to binary file %s", filename); @@ -1486,17 +1496,24 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ } if (!initialize) { + if (!WaitForResponseTimeout(CMD_ACK, &resp, 3000)) { if (nonce_file_write) { fclose(fnonces); } + clearCommandBuffer(); + SendCommandNG(CMD_FPGA_MAJOR_MODE_OFF, NULL, 0); return 1; } + + // error during nested_hard if (resp.oldarg[0]) { if (nonce_file_write) { fclose(fnonces); } - return resp.oldarg[0]; // error during nested_hard + clearCommandBuffer(); + SendCommandNG(CMD_FPGA_MAJOR_MODE_OFF, NULL, 0); + return resp.oldarg[0]; } } @@ -1513,11 +1530,6 @@ static int acquire_nonces(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_ fclose(fnonces); } - // PrintAndLogEx(NORMAL, "Sampled a total of %d nonces in %d seconds (%0.0f nonces/minute)", - // total_num_nonces, - // time(NULL)-time1, - // (float)total_num_nonces*60.0/(time(NULL)-time1)); - return 0; } @@ -1681,11 +1693,12 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even for (uint8_t remaining_bits = 0; remaining_bits <= (~mask & 0xff); remaining_bits++) { if (remaining_bits_match(num_common, bytes_diff, state, (state & mask) | remaining_bits, odd_even)) { -#ifdef DEBUG_KEY_ELIMINATION - if (bitflips_match(byte2, (state & mask) | remaining_bits, odd_even, true)) { -#else - if (bitflips_match(byte2, (state & mask) | remaining_bits, odd_even)) { -#endif +# ifdef DEBUG_KEY_ELIMINATION + if (bitflips_match(byte2, (state & mask) | remaining_bits, odd_even, true)) +# else + if (bitflips_match(byte2, (state & mask) | remaining_bits, odd_even)) +# endif + { found_match = true; break; } @@ -1694,7 +1707,7 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even if (!found_match) { -#ifdef DEBUG_KEY_ELIMINATION +# ifdef DEBUG_KEY_ELIMINATION if (known_target_key != -1 && state == test_state[odd_even]) { PrintAndLogEx(NORMAL, "all_bitflips_match() 1st Byte: %s test state (0x%06x): Eliminated. Bytes = %02x, %02x, Common Bits = %d\n", odd_even == ODD_STATE ? "odd" : "even", @@ -1706,7 +1719,7 @@ static bool all_bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_even sprintf(failstr, "Other 1st Byte %s, all_bitflips_match(), no match", odd_even ? "odd" : "even"); } } -#endif +# endif return false; } } @@ -1851,7 +1864,6 @@ static bool TestIfKeyExists(uint64_t key) { num_keys_tested += count; hardnested_print_progress(num_acquired_nonces, "(Test: Key NOT found)", 0.0, 0); - crypto1_destroy(pcs); return false; } @@ -2019,13 +2031,13 @@ __attribute__((force_align_arg_pointer)) static void generate_candidates(uint8_t sum_a0_idx, uint8_t sum_a8_idx) { - init_statelist_cache(); - init_book_of_work(); - // create mutexes for accessing the statelist cache and our "book of work" pthread_mutex_init(&statelist_cache_mutex, NULL); pthread_mutex_init(&book_of_work_mutex, NULL); + init_statelist_cache(); + init_book_of_work(); + // create and run worker threads pthread_t thread_id[NUM_REDUCTION_WORKING_THREADS]; @@ -2042,9 +2054,6 @@ static void generate_candidates(uint8_t sum_a0_idx, uint8_t sum_a8_idx) { pthread_join(thread_id[i], NULL); } - // clean up mutex - pthread_mutex_destroy(&statelist_cache_mutex); - maximum_states = 0; for (statelist_t *sl = candidates; sl != NULL; sl = sl->next) { maximum_states += (uint64_t)sl->len[ODD_STATE] * sl->len[EVEN_STATE]; diff --git a/client/cmdhfmfp.c b/client/cmdhfmfp.c index 9c7b9cb3c..2a1533344 100644 --- a/client/cmdhfmfp.c +++ b/client/cmdhfmfp.c @@ -39,6 +39,10 @@ static int CmdHFMFPInfo(const char *Cmd) { if (Cmd && strlen(Cmd) > 0) PrintAndLogEx(WARNING, "command don't have any parameters.\n"); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "-- Mifare Plus Tag Information ------------------------------"); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + // info about 14a part infoHF14A(false, false, false); @@ -54,61 +58,107 @@ static int CmdHFMFPInfo(const char *Cmd) { uint64_t select_status = resp.oldarg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision if (select_status == 1 || select_status == 2) { - PrintAndLogEx(NORMAL, "----------------------------------------------"); - PrintAndLogEx(NORMAL, "Mifare Plus info:"); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, " Fingerprint"); + // MIFARE Type Identification Procedure // https://www.nxp.com/docs/en/application-note/AN10833.pdf uint16_t ATQA = card.atqa[0] + (card.atqa[1] << 8); - if (ATQA == 0x0004) PrintAndLogEx(INFO, "ATQA: Mifare Plus 2k 4bUID"); - if (ATQA == 0x0002) PrintAndLogEx(INFO, "ATQA: Mifare Plus 4k 4bUID"); - if (ATQA == 0x0044) PrintAndLogEx(INFO, "ATQA: Mifare Plus 2k 7bUID"); - if (ATQA == 0x0042) PrintAndLogEx(INFO, "ATQA: Mifare Plus 4k 7bUID"); + + bool isPlus = false; + + if (ATQA == 0x0004) { + PrintAndLogEx(INFO, " ATQA - " _GREEN_("Mifare Plus 2K") " (4b UID)"); + isPlus = true; + } + if (ATQA == 0x0002) { + PrintAndLogEx(INFO, " ATQA - " _GREEN_("Mifare Plus 4K") " (4b UID)"); + isPlus = true; + } + if (ATQA == 0x0044) { + PrintAndLogEx(INFO, " ATQA - " _GREEN_("Mifare Plus 2K") " (7b UID)"); + isPlus = true; + } + if (ATQA == 0x0042) { + PrintAndLogEx(INFO, " ATQA - " _GREEN_("Mifare Plus 4K") " (7b UID)"); + isPlus = true; + } uint8_t SLmode = 0xff; - if (card.sak == 0x08) { - PrintAndLogEx(INFO, "SAK: Mifare Plus 2k 7bUID"); - if (select_status == 2) SLmode = 1; + if (isPlus) { + if (card.sak == 0x08) { + PrintAndLogEx(INFO, " SAK - " _GREEN_("Mifare Plus 2K 7b UID")); + if (select_status == 2) SLmode = 1; + } + if (card.sak == 0x18) { + PrintAndLogEx(INFO, " SAK - " _GREEN_("Mifare Plus 4K 7b UID")); + if (select_status == 2) SLmode = 1; + } + if (card.sak == 0x10) { + PrintAndLogEx(INFO, " SAK - " _GREEN_("Mifare Plus 2K")); + if (select_status == 2) SLmode = 2; + } + if (card.sak == 0x11) { + PrintAndLogEx(INFO, " SAK - " _GREEN_("Mifare Plus 4K")); + if (select_status == 2) SLmode = 2; + } } - if (card.sak == 0x18) { - PrintAndLogEx(INFO, "SAK: Mifare Plus 4k 7bUID"); - if (select_status == 2) SLmode = 1; - } - if (card.sak == 0x10) { - PrintAndLogEx(INFO, "SAK: Mifare Plus 2k"); - if (select_status == 2) SLmode = 2; - } - if (card.sak == 0x11) { - PrintAndLogEx(INFO, "SAK: Mifare Plus 4k"); - if (select_status == 2) SLmode = 2; - } - if (card.sak == 0x20) { - PrintAndLogEx(INFO, "SAK: Mifare Plus SL0/SL3 or Mifare desfire"); - if (card.ats_len > 0) { - SLmode = 3; + if (card.sak == 0x20) { + PrintAndLogEx(INFO, " SAK - " _GREEN_("Mifare Plus SL0/SL3") "or " _GREEN_("Mifare DESFire")); + + if (card.ats_len > 0) { + + SLmode = 3; // check SL0 uint8_t data[250] = {0}; int datalen = 0; // https://github.com/Proxmark/proxmark3/blob/master/client/luascripts/mifarePlus.lua#L161 uint8_t cmd[3 + 16] = {0xa8, 0x90, 0x90, 0x00}; int res = ExchangeRAW14a(cmd, sizeof(cmd), false, false, data, sizeof(data), &datalen, false); + + if (memcmp(data, "\x67\x00", 2) == 0) { + PrintAndLogEx(INFO, "\tMost likely a Mifare DESFire tag"); + PrintAndLogEx(HINT, "Hint: Try " _YELLOW_("`hf mfdes info`")); + DropField(); + return PM3_SUCCESS; + } + if (!res && datalen > 1 && data[0] == 0x09) { SLmode = 0; } } } - if (SLmode != 0xff) - PrintAndLogEx(INFO, "Mifare Plus SL mode: SL%d", SLmode); +// How do we detect SL0 / SL1 / SL2 / SL3 modes?!? + PrintAndLogEx(INFO, "Security Level (SL)"); + switch(SLmode) { + case 0: + PrintAndLogEx(INFO, "SL 0: initial delivery configuration, used for card personalization"); + break; + case 1: + PrintAndLogEx(INFO, "SL 1: backwards functional compatibility mode (with MIFARE Classic 1K / 4K) with an optional AES authentication"); + break; + case 2: + PrintAndLogEx(INFO, "SL 2: 3-Pass Authentication based on AES followed by MIFARE CRYPTO1 authentication, communication secured by MIFARE CRYPTO1"); + break; + case 3: + PrintAndLogEx(INFO, "SL 3: 3-Pass authentication based on AES, data manipulation commands secured by AES encryption and an AES based MACing method."); + break; + default: + break; + } + + if (SLmode != 0xFF) + PrintAndLogEx(SUCCESS, "\tMifare Plus SL mode: " _YELLOW_("SL%d"), SLmode); else - PrintAndLogEx(WARNING, "Mifare Plus SL mode: unknown("); + PrintAndLogEx(WARNING, "\tMifare Plus SL mode: " _YELLOW_("unknown")); } else { - PrintAndLogEx(INFO, "Mifare Plus info not available."); + PrintAndLogEx(INFO, "\tMifare Plus info not available."); } DropField(); - return PM3_SUCCESS; } diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index 5387cc855..c1cd5d31a 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -53,48 +53,51 @@ static int usage_hf_mfu_info(void) { PrintAndLogEx(NORMAL, " l : (optional) swap entered key's endianness"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu info"); - PrintAndLogEx(NORMAL, " hf mfu info k 00112233445566778899AABBCCDDEEFF"); - PrintAndLogEx(NORMAL, " hf mfu info k AABBCCDD"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu info")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu info k 00112233445566778899AABBCCDDEEFF")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu info k AABBCCDD")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } static int usage_hf_mfu_dump(void) { PrintAndLogEx(NORMAL, "Reads all pages from Ultralight, Ultralight-C, Ultralight EV1"); PrintAndLogEx(NORMAL, "NTAG 203, NTAG 210, NTAG 212, NTAG 213, NTAG 215, NTAG 216"); - PrintAndLogEx(NORMAL, "and saves binary dump into the file `filename.bin` or `cardUID.bin`"); + PrintAndLogEx(NORMAL, "and saves binary dump into the file " _YELLOW_("`filename.bin`") "or " _YELLOW_("`cardUID.bin`") ); PrintAndLogEx(NORMAL, "It autodetects card type.\n"); PrintAndLogEx(NORMAL, "Usage: hf mfu dump k l f p q <#pages>"); PrintAndLogEx(NORMAL, " Options :"); PrintAndLogEx(NORMAL, " k : (optional) key for authentication [UL-C 16bytes, EV1/NTAG 4bytes]"); PrintAndLogEx(NORMAL, " l : (optional) swap entered key's endianness"); - PrintAndLogEx(NORMAL, " f : filename w/o .bin to save the dump as"); - PrintAndLogEx(NORMAL, " p : starting Page number to manually set a page to start the dump at"); + PrintAndLogEx(NORMAL, " f : " _YELLOW_("filename w/o .bin") "to save the dump as"); + PrintAndLogEx(NORMAL, " p : starting Page number to manually set a page to start the dump at"); PrintAndLogEx(NORMAL, " q : number of Pages to manually set how many pages to dump"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu dump"); - PrintAndLogEx(NORMAL, " hf mfu dump n myfile"); - PrintAndLogEx(NORMAL, " hf mfu dump k 00112233445566778899AABBCCDDEEFF"); - PrintAndLogEx(NORMAL, " hf mfu dump k AABBCCDD\n"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu dump")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu dump f myfile")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu dump k 00112233445566778899AABBCCDDEEFF")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu dump k AABBCCDD")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } static int usage_hf_mfu_restore(void) { PrintAndLogEx(NORMAL, "Restore dumpfile onto card."); - PrintAndLogEx(NORMAL, "Usage: hf mfu restore [h] [l] [s] k n "); + PrintAndLogEx(NORMAL, "Usage: hf mfu restore [h] [l] [s] k n "); PrintAndLogEx(NORMAL, " Options :"); PrintAndLogEx(NORMAL, " k : (optional) key for authentication [UL-C 16bytes, EV1/NTAG 4bytes]"); PrintAndLogEx(NORMAL, " l : (optional) swap entered key's endianness"); - PrintAndLogEx(NORMAL, " s : (optional) enable special write UID -MAGIC TAG ONLY-"); - PrintAndLogEx(NORMAL, " e : (optional) enable special write version/signature -MAGIC NTAG 21* ONLY-"); - PrintAndLogEx(NORMAL, " r : (optional) use the password found in dumpfile to configure tag. requires 'e' parameter to work"); - PrintAndLogEx(NORMAL, " f : filename w/o .bin to restore"); + PrintAndLogEx(NORMAL, " s : (optional) enable special write UID " _BLUE_("-MAGIC TAG ONLY-") ); + PrintAndLogEx(NORMAL, " e : (optional) enable special write version/signature " _BLUE_("-MAGIC NTAG 21* ONLY-") ); + PrintAndLogEx(NORMAL, " r : (optional) use the password found in dumpfile to configure tag. requires " _YELLOW_("'e'") "parameter to work"); + PrintAndLogEx(NORMAL, " f : " _YELLOW_("filename w .bin") "to restore"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu restore s f myfile"); - PrintAndLogEx(NORMAL, " hf mfu restore k AABBCCDD s f myfile\n"); - PrintAndLogEx(NORMAL, " hf mfu restore k AABBCCDD s e r f myfile\n"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu restore s f myfile")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu restore k AABBCCDD s f myfile")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu restore k AABBCCDD s e r f myfile")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -107,9 +110,10 @@ static int usage_hf_mfu_rdbl(void) { PrintAndLogEx(NORMAL, " l : (optional) swap entered key's endianness"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu rdbl b 0"); - PrintAndLogEx(NORMAL, " hf mfu rdbl b 0 k 00112233445566778899AABBCCDDEEFF"); - PrintAndLogEx(NORMAL, " hf mfu rdbl b 0 k AABBCCDD\n"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu rdbl b 0")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu rdbl b 0 k 00112233445566778899AABBCCDDEEFF")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu rdbl b 0 k AABBCCDD")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -123,14 +127,15 @@ static int usage_hf_mfu_wrbl(void) { PrintAndLogEx(NORMAL, " l : (optional) swap entered key's endianness"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu wrbl b 0 d 01234567"); - PrintAndLogEx(NORMAL, " hf mfu wrbl b 0 d 01234567 k AABBCCDD\n"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu wrbl b 0 d 01234567")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu wrbl b 0 d 01234567 k AABBCCDD")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } static int usage_hf_mfu_eload(void) { - PrintAndLogEx(NORMAL, "It loads emul dump from the file `filename.eml`"); - PrintAndLogEx(NORMAL, "Hint: See script dumptoemul-mfu.lua to convert the .bin to the eml"); + PrintAndLogEx(NORMAL, "It loads emul dump from the file " _YELLOW_("`filename.eml`") ); + PrintAndLogEx(NORMAL, "Hint: See " _YELLOW_("`script run dumptoemul-mfu`") "to convert the .bin to the eml"); PrintAndLogEx(NORMAL, "Usage: hf mfu eload u [numblocks]"); PrintAndLogEx(NORMAL, " Options:"); PrintAndLogEx(NORMAL, " h : this help"); @@ -138,8 +143,10 @@ static int usage_hf_mfu_eload(void) { PrintAndLogEx(NORMAL, " [filename] : without `.eml` (required)"); PrintAndLogEx(NORMAL, " numblocks : number of blocks to load from eml file (optional)"); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, " sample: hf mfu eload u filename"); - PrintAndLogEx(NORMAL, " hf mfu eload u filename 57"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu eload u filename")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu eload u filename 57")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -153,8 +160,9 @@ static int usage_hf_mfu_sim(void) { PrintAndLogEx(NORMAL, " u : 4 or 7 byte UID (optional)"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu sim t 7"); - PrintAndLogEx(NORMAL, " hf mfu sim t 7 u 1122344556677\n"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu sim t 7")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu sim t 7 u 1122344556677")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -168,17 +176,19 @@ static int usage_hf_mfu_ucauth(void) { PrintAndLogEx(NORMAL, " 5 : all 0xff key"); PrintAndLogEx(NORMAL, " 6 : 0x00-0xFF key"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu cauth k"); - PrintAndLogEx(NORMAL, " hf mfu cauth k 3"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu cauth k")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu cauth k 3")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } static int usage_hf_mfu_ucsetpwd(void) { + PrintAndLogEx(NORMAL, "Set 3DES password on Mifare Ultralight-C tag."); PrintAndLogEx(NORMAL, "Usage: hf mfu setpwd "); PrintAndLogEx(NORMAL, " [password] - (32 hex symbols)"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu setpwd 000102030405060708090a0b0c0d0e0f"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu setpwd 000102030405060708090a0b0c0d0e0f")); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -186,10 +196,11 @@ static int usage_hf_mfu_ucsetpwd(void) { static int usage_hf_mfu_ucsetuid(void) { PrintAndLogEx(NORMAL, "Usage: hf mfu setuid "); PrintAndLogEx(NORMAL, " [uid] - (14 hex symbols)"); - PrintAndLogEx(NORMAL, "\nThis only works for Magic Ultralight tags."); + PrintAndLogEx(NORMAL, "\n"); + PrintAndLogEx(NORMAL, "This only works for " _BLUE_("Magic Ultralight") "tags."); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu setuid 11223344556677"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu setuid 11223344556677")); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -201,8 +212,8 @@ static int usage_hf_mfu_gendiverse(void) { PrintAndLogEx(NORMAL, " r : read uid from tag"); PrintAndLogEx(NORMAL, " : 4 byte UID (optional)"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu gen r"); - PrintAndLogEx(NORMAL, " hf mfu gen 11223344"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu gen r")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu gen 11223344")); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -215,20 +226,21 @@ static int usage_hf_mfu_pwdgen(void) { PrintAndLogEx(NORMAL, " r : read uid from tag"); PrintAndLogEx(NORMAL, " : 7 byte UID (optional)"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu pwdgen r"); - PrintAndLogEx(NORMAL, " hf mfu pwdgen 11223344556677"); - PrintAndLogEx(NORMAL, " hf mfu pwdgen t"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu pwdgen r")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu pwdgen 11223344556677")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu pwdgen t")); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } static int usage_hf_mfu_otp_tearoff(void) { - PrintAndLogEx(NORMAL, "Tear-off test against OTP block on MFU tags - More help sooner or later\n"); + PrintAndLogEx(NORMAL, "Tear-off test against OTP block on MFU tags."); PrintAndLogEx(NORMAL, "Usage: hf mfu otptear [h]"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h : this help"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf mfu otptear"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf mfu otptear")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -284,26 +296,6 @@ uint8_t UL_MEMORY_ARRAY[ARRAYLEN(UL_TYPES_ARRAY)] = { MAX_ULEV1a_BLOCKS, MAX_NTAG_213, MAX_NTAG_216, MAX_UL_NANO_40, MAX_NTAG_I2C_1K }; -static int ul_ev1_pwdgen_selftest() { - - uint8_t uid1[] = {0x04, 0x11, 0x12, 0x11, 0x12, 0x11, 0x10}; - uint32_t pwd1 = ul_ev1_pwdgenA(uid1); - PrintAndLogEx(NORMAL, "UID | %s | %08X | %s", sprint_hex(uid1, 7), pwd1, (pwd1 == 0x8432EB17) ? "OK" : "->8432EB17<-"); - - uint8_t uid2[] = {0x04, 0x1f, 0x98, 0xea, 0x1e, 0x3e, 0x81}; - uint32_t pwd2 = ul_ev1_pwdgenB(uid2); - PrintAndLogEx(NORMAL, "UID | %s | %08X | %s", sprint_hex(uid2, 7), pwd2, (pwd2 == 0x5fd37eca) ? "OK" : "->5fd37eca<--"); - - uint8_t uid3[] = {0x04, 0x62, 0xB6, 0x8A, 0xB4, 0x42, 0x80}; - uint32_t pwd3 = ul_ev1_pwdgenC(uid3); - PrintAndLogEx(NORMAL, "UID | %s | %08X | %s", sprint_hex(uid3, 7), pwd3, (pwd3 == 0x5a349515) ? "OK" : "->5a349515<--"); - - uint8_t uid4[] = {0x04, 0xC5, 0xDF, 0x4A, 0x6D, 0x51, 0x80}; - uint32_t pwd4 = ul_ev1_pwdgenD(uid4); - PrintAndLogEx(NORMAL, "UID | %s | %08X | %s", sprint_hex(uid4, 7), pwd4, (pwd4 == 0x72B1EC61) ? "OK" : "->72B1EC61<--"); - return PM3_SUCCESS; -} - //------------------------------------ // get version nxp product type static char *getProductTypeStr(uint8_t id) { @@ -527,43 +519,43 @@ static int ul_print_default(uint8_t *data) { uid[5] = data[6]; uid[6] = data[7]; - PrintAndLogEx(NORMAL, " UID : %s ", sprint_hex(uid, 7)); - PrintAndLogEx(NORMAL, " UID[0] : %02X, %s", uid[0], getTagInfo(uid[0])); + PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(uid, 7)); + PrintAndLogEx(SUCCESS, " UID[0]: %02X, %s", uid[0], getTagInfo(uid[0])); if (uid[0] == 0x05 && ((uid[1] & 0xf0) >> 4) == 2) { // is infineon and 66RxxP uint8_t chip = (data[8] & 0xC7); // 11000111 mask, bit 3,4,5 RFU switch (chip) { case 0xC2: - PrintAndLogEx(NORMAL, " IC type : SLE 66R04P 770 Bytes"); + PrintAndLogEx(SUCCESS, " IC type: SLE 66R04P 770 Bytes"); break; //77 pages case 0xC4: - PrintAndLogEx(NORMAL, " IC type : SLE 66R16P 2560 Bytes"); + PrintAndLogEx(SUCCESS, " IC type: SLE 66R16P 2560 Bytes"); break; //256 pages case 0xC6: - PrintAndLogEx(NORMAL, " IC type : SLE 66R32P 5120 Bytes"); + PrintAndLogEx(SUCCESS, " IC type: SLE 66R32P 5120 Bytes"); break; //512 pages /2 sectors } } // CT (cascade tag byte) 0x88 xor SN0 xor SN1 xor SN2 int crc0 = 0x88 ^ uid[0] ^ uid[1] ^ uid[2]; if (data[3] == crc0) - PrintAndLogEx(NORMAL, " BCC0 : %02X, Ok", data[3]); + PrintAndLogEx(SUCCESS, " BCC0: %02X ( " _GREEN_("ok") ")", data[3]); else - PrintAndLogEx(NORMAL, " BCC0 : %02X, crc should be %02X", data[3], crc0); + PrintAndLogEx(NORMAL, " BCC0: %02X, crc should be %02X", data[3], crc0); int crc1 = uid[3] ^ uid[4] ^ uid[5] ^ uid[6]; if (data[8] == crc1) - PrintAndLogEx(NORMAL, " BCC1 : %02X, Ok", data[8]); + PrintAndLogEx(SUCCESS, " BCC1: %02X ( " _GREEN_("ok") ")", data[8]); else - PrintAndLogEx(NORMAL, " BCC1 : %02X, crc should be %02X", data[8], crc1); + PrintAndLogEx(NORMAL, " BCC1: %02X, crc should be %02X", data[8], crc1); - PrintAndLogEx(NORMAL, " Internal : %02X, %sdefault", data[9], (data[9] == 0x48) ? "" : "not "); + PrintAndLogEx(SUCCESS, " Internal: %02X ( %s)", data[9], (data[9] == 0x48) ? _GREEN_("default") : _RED_("not default") ); - PrintAndLogEx(NORMAL, " Lock : %s - %s", + PrintAndLogEx(SUCCESS, " Lock: %s - %s", sprint_hex(data + 10, 2), sprint_bin(data + 10, 2) ); - PrintAndLogEx(NORMAL, "OneTimePad : %s - %s\n", + PrintAndLogEx(SUCCESS, "OneTimePad : %s - %s\n", sprint_hex(data + 12, 4), sprint_bin(data + 12, 4) ); @@ -648,10 +640,10 @@ static int ndef_print_CC(uint8_t *data) { PrintAndLogEx(NORMAL, " Additional feature information"); PrintAndLogEx(NORMAL, " %02X", data[3]); PrintAndLogEx(NORMAL, " 00000000"); - PrintAndLogEx(NORMAL, " xxx - %02X : RFU (%s)", msb3, (msb3 == 0) ? _GREEN_("OK") : _RED_("Fail")); + PrintAndLogEx(NORMAL, " xxx - %02X : RFU ( %s)", msb3, (msb3 == 0) ? _GREEN_("ok") : _RED_("fail")); PrintAndLogEx(NORMAL, " x - %02X : %s special frame", sf, (sf) ? "support" : "don\'t support"); PrintAndLogEx(NORMAL, " x - %02X : %s lock block", lb, (lb) ? "support" : "don\'t support"); - PrintAndLogEx(NORMAL, " xx - %02X : RFU (%s)", mlrule, (mlrule == 0) ? _GREEN_("OK") : _RED_("Fail")); + PrintAndLogEx(NORMAL, " xx - %02X : RFU ( %s)", mlrule, (mlrule == 0) ? _GREEN_("ok") : _RED_("fail")); PrintAndLogEx(NORMAL, " x - %02X : IC %s multiple block reads", mbread, (mbread) ? "support" : "don\'t support"); return PM3_SUCCESS; } @@ -667,57 +659,57 @@ int ul_print_type(uint32_t tagtype, uint8_t spaces) { char *spacer = spc + (10 - spaces); if (tagtype & UL) - PrintAndLogEx(NORMAL, "%sTYPE : MIFARE Ultralight (MF0ICU1) %s", spacer, (tagtype & MAGIC) ? "" : ""); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIFARE Ultralight (MF0ICU1) %s"), spacer, (tagtype & MAGIC) ? "" : ""); else if (tagtype & UL_C) - PrintAndLogEx(NORMAL, "%sTYPE : MIFARE Ultralight C (MF0ULC) %s", spacer, (tagtype & MAGIC) ? "" : ""); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIFARE Ultralight C (MF0ULC) %s"), spacer, (tagtype & MAGIC) ? "" : ""); else if (tagtype & UL_NANO_40) - PrintAndLogEx(NORMAL, "%sTYPE : MIFARE Ultralight Nano 40bytes (MF0UNH00)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIFARE Ultralight Nano 40bytes (MF0UNH00)"), spacer); else if (tagtype & UL_EV1_48) - PrintAndLogEx(NORMAL, "%sTYPE : MIFARE Ultralight EV1 48bytes (MF0UL1101)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIFARE Ultralight EV1 48bytes (MF0UL1101)"), spacer); else if (tagtype & UL_EV1_128) - PrintAndLogEx(NORMAL, "%sTYPE : MIFARE Ultralight EV1 128bytes (MF0UL2101)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("MIFARE Ultralight EV1 128bytes (MF0UL2101)"), spacer); else if (tagtype & UL_EV1) - PrintAndLogEx(NORMAL, "%sTYPE : MIFARE Ultralight EV1 UNKNOWN", spacer); + PrintAndLogEx(NORMAL, "%sTYPE: " _YELLOW_("MIFARE Ultralight EV1 UNKNOWN"), spacer); else if (tagtype & NTAG) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG UNKNOWN", spacer); + PrintAndLogEx(NORMAL, "%sTYPE: " _YELLOW_("NTAG UNKNOWN"), spacer); else if (tagtype & NTAG_203) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 203 144bytes (NT2H0301F0DT)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 203 144bytes (NT2H0301F0DT)"), spacer); else if (tagtype & NTAG_210) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 210 48bytes (NT2L1011G0DU)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 210 48bytes (NT2L1011G0DU)"), spacer); else if (tagtype & NTAG_212) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 212 128bytes (NT2L1211G0DU)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 212 128bytes (NT2L1211G0DU)"), spacer); else if (tagtype & NTAG_213) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 213 144bytes (NT2H1311G0DU)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 213 144bytes (NT2H1311G0DU)"), spacer); else if (tagtype & NTAG_213_F) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 213F 144bytes (NT2H1311F0DTL)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 213F 144bytes (NT2H1311F0DTL)"), spacer); else if (tagtype & NTAG_215) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 215 504bytes (NT2H1511G0DU)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 215 504bytes (NT2H1511G0DU)"), spacer); else if (tagtype & NTAG_216) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 216 888bytes (NT2H1611G0DU)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 216 888bytes (NT2H1611G0DU)"), spacer); else if (tagtype & NTAG_216_F) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG 216F 888bytes (NT2H1611F0DTL)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG 216F 888bytes (NT2H1611F0DTL)"), spacer); else if (tagtype & NTAG_I2C_1K) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG I2C 888bytes (NT3H1101FHK)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG I2C 888bytes (NT3H1101FHK)"), spacer); else if (tagtype & NTAG_I2C_2K) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG I2C 1904bytes (NT3H1201FHK)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG I2C 1904bytes (NT3H1201FHK)"), spacer); else if (tagtype & NTAG_I2C_1K_PLUS) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG I2C plus 888bytes (NT3H2111FHK)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG I2C plus 888bytes (NT3H2111FHK)"), spacer); else if (tagtype & NTAG_I2C_2K_PLUS) - PrintAndLogEx(NORMAL, "%sTYPE : NTAG I2C plus 1912bytes (NT3H2211FHK)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("NTAG I2C plus 1912bytes (NT3H2211FHK)"), spacer); else if (tagtype & MY_D) - PrintAndLogEx(NORMAL, "%sTYPE : INFINEON my-d\x99 (SLE 66RxxS)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("INFINEON my-d\x99 (SLE 66RxxS)"), spacer); else if (tagtype & MY_D_NFC) - PrintAndLogEx(NORMAL, "%sTYPE : INFINEON my-d\x99 NFC (SLE 66RxxP)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("INFINEON my-d\x99 NFC (SLE 66RxxP)"), spacer); else if (tagtype & MY_D_MOVE) - PrintAndLogEx(NORMAL, "%sTYPE : INFINEON my-d\x99 move (SLE 66R01P)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("INFINEON my-d\x99 move (SLE 66R01P)"), spacer); else if (tagtype & MY_D_MOVE_NFC) - PrintAndLogEx(NORMAL, "%sTYPE : INFINEON my-d\x99 move NFC (SLE 66R01P)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("INFINEON my-d\x99 move NFC (SLE 66R01P)"), spacer); else if (tagtype & MY_D_MOVE_LEAN) - PrintAndLogEx(NORMAL, "%sTYPE : INFINEON my-d\x99 move lean (SLE 66R01L)", spacer); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("INFINEON my-d\x99 move lean (SLE 66R01L)"), spacer); else if (tagtype & FUDAN_UL) - PrintAndLogEx(NORMAL, "%sTYPE : FUDAN Ultralight Compatible (or other compatible) %s", spacer, (tagtype & MAGIC) ? "" : ""); + PrintAndLogEx(SUCCESS, "%sTYPE: " _YELLOW_("FUDAN Ultralight Compatible (or other compatible) %s"), spacer, (tagtype & MAGIC) ? "" : ""); else - PrintAndLogEx(NORMAL, "%sTYPE : Unknown %06x", spacer, tagtype); + PrintAndLogEx(NORMAL, "%sTYPE: " _YELLOW_("Unknown %06x"), spacer, tagtype); return PM3_SUCCESS; } @@ -845,7 +837,7 @@ static int ulev1_print_configuration(uint32_t tagtype, uint8_t *data, uint8_t st if (authlim == 0) PrintAndLogEx(NORMAL, " - Unlimited password attempts"); else - PrintAndLogEx(NORMAL, " - Max number of password attempts is %d", authlim); + PrintAndLogEx(NORMAL, " - Max number of password attempts is " _YELLOW_("%d"), authlim); PrintAndLogEx(NORMAL, " - NFC counter %s", (nfc_cnf_en) ? "enabled" : "disabled"); PrintAndLogEx(NORMAL, " - NFC counter %s", (nfc_cnf_prot_pwd) ? "not protected" : "password protection enabled"); @@ -883,25 +875,25 @@ static int ulev1_print_signature(TagTypeUL_t tagtype, uint8_t *uid, uint8_t *sig int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, public_keys[public_key], uid, 7, signature, signature_len, false); bool is_valid = (res == 0); - PrintAndLogEx(NORMAL, "\n--- Tag Signature"); - PrintAndLogEx(NORMAL, "IC signature public key name : NXP NTAG21x (2013)"); - PrintAndLogEx(NORMAL, "IC signature public key value : %s", sprint_hex(public_keys[public_key], PUBLIC_ECDA_KEYLEN)); - PrintAndLogEx(NORMAL, " Elliptic curve parameters : NID_secp128r1"); - PrintAndLogEx(NORMAL, " TAG IC Signature : %s", sprint_hex(signature, signature_len)); - PrintAndLogEx(NORMAL, "Signature verified %s", (is_valid) ? _GREEN_("successful") : _RED_("failed")); + PrintAndLogEx(INFO, "\n--- Tag Signature"); + PrintAndLogEx(INFO, "IC signature public key name : NXP NTAG21x (2013)"); + PrintAndLogEx(INFO, "IC signature public key value : %s", sprint_hex(public_keys[public_key], PUBLIC_ECDA_KEYLEN)); + PrintAndLogEx(INFO, " Elliptic curve parameters : NID_secp128r1"); + PrintAndLogEx(INFO, " TAG IC Signature : %s", sprint_hex(signature, signature_len)); + PrintAndLogEx(SUCCESS, "Signature verified %s", (is_valid) ? _GREEN_("successful") : _RED_("failed")); return PM3_SUCCESS; } static int ulev1_print_version(uint8_t *data) { PrintAndLogEx(NORMAL, "\n--- Tag Version"); - PrintAndLogEx(NORMAL, " Raw bytes : %s", sprint_hex(data, 8)); - PrintAndLogEx(NORMAL, " Vendor ID : %02X, %s", data[1], getTagInfo(data[1])); - PrintAndLogEx(NORMAL, " Product type : %s", getProductTypeStr(data[2])); - PrintAndLogEx(NORMAL, " Product subtype : %02X, %s", data[3], (data[3] == 1) ? "17 pF" : "50pF"); - PrintAndLogEx(NORMAL, " Major version : %02X", data[4]); - PrintAndLogEx(NORMAL, " Minor version : %02X", data[5]); - PrintAndLogEx(NORMAL, " Size : %s", getUlev1CardSizeStr(data[6])); - PrintAndLogEx(NORMAL, " Protocol type : %02X %s", data[7], (data[7] == 0x3) ? "(ISO14443-3 Compliant)" : ""); + PrintAndLogEx(NORMAL, " Raw bytes: %s", sprint_hex(data, 8)); + PrintAndLogEx(NORMAL, " Vendor ID: %02X, %s", data[1], getTagInfo(data[1])); + PrintAndLogEx(NORMAL, " Product type: %s", getProductTypeStr(data[2])); + PrintAndLogEx(NORMAL, " Product subtype: %02X, %s", data[3], (data[3] == 1) ? "17 pF" : "50pF"); + PrintAndLogEx(NORMAL, " Major version: %02X", data[4]); + PrintAndLogEx(NORMAL, " Minor version: %02X", data[5]); + PrintAndLogEx(NORMAL, " Size: %s", getUlev1CardSizeStr(data[6])); + PrintAndLogEx(NORMAL, " Protocol type: %02X %s", data[7], (data[7] == 0x3) ? "(ISO14443-3 Compliant)" : ""); return PM3_SUCCESS; } @@ -1110,7 +1102,7 @@ static int CmdHF14AMfUInfo(const char *Cmd) { cmdp++; break; default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + PrintAndLogEx(WARNING, "Unknown parameter: " _RED_("'%c'"), param_getchar(Cmd, cmdp)); errors = true; break; } @@ -1271,12 +1263,13 @@ static int CmdHF14AMfUInfo(const char *Cmd) { // 1-7 = limit. No automatic tries then. // hasAuthKey, if we was called with key, skip test. if (!authlim && !hasAuthKey) { - PrintAndLogEx(NORMAL, "\n--- Known EV1/NTAG passwords."); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(SUCCESS, _GREEN_("--- Known EV1/NTAG passwords ---")); // test pwd gen A num_to_bytes(ul_ev1_pwdgenA(card.uid), 4, key); len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found a default password:" _GREEN_("%s") " || Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + PrintAndLogEx(SUCCESS, "Found a default password: " _GREEN_("%s") "|| Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); goto out; } @@ -1286,7 +1279,7 @@ static int CmdHF14AMfUInfo(const char *Cmd) { num_to_bytes(ul_ev1_pwdgenB(card.uid), 4, key); len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found a default password:" _GREEN_("%s") " || Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + PrintAndLogEx(SUCCESS, "Found a default password: " _GREEN_("%s") "|| Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); goto out; } @@ -1296,7 +1289,7 @@ static int CmdHF14AMfUInfo(const char *Cmd) { num_to_bytes(ul_ev1_pwdgenC(card.uid), 4, key); len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found a default password:" _GREEN_("%s") " || Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + PrintAndLogEx(SUCCESS, "Found a default password: " _GREEN_("%s") "|| Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); goto out; } @@ -1316,13 +1309,13 @@ static int CmdHF14AMfUInfo(const char *Cmd) { key = default_pwd_pack[i]; len = ulev1_requestAuthentication(key, pack, sizeof(pack)); if (len > -1) { - PrintAndLogEx(SUCCESS, "Found a default password:" _GREEN_("%s") " || Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); + PrintAndLogEx(SUCCESS, "Found a default password: " _GREEN_("%s") "|| Pack: %02X %02X", sprint_hex(key, 4), pack[0], pack[1]); break; } else { if (ul_auth_select(&card, tagtype, hasAuthKey, authkeyptr, pack, sizeof(pack)) == PM3_ESOFT) return PM3_ESOFT; } } - if (len < 1) PrintAndLogEx(WARNING, "password not known"); + if (len < 1) PrintAndLogEx(WARNING, _YELLOW_("password not known")); } } out: @@ -1395,7 +1388,7 @@ static int CmdHF14AMfUWrBl(const char *Cmd) { cmdp += 2; break; default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + PrintAndLogEx(WARNING, "Unknown parameter: " _RED_("'%c'"), param_getchar(Cmd, cmdp)); errors = true; break; } @@ -1509,7 +1502,7 @@ static int CmdHF14AMfURdBl(const char *Cmd) { cmdp++; break; default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + PrintAndLogEx(WARNING, "Unknown parameter: " _RED_("'%c'"), param_getchar(Cmd, cmdp)); errors = true; break; } @@ -1779,7 +1772,7 @@ static int CmdHF14AMfUDump(const char *Cmd) { manualPages = true; break; default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + PrintAndLogEx(WARNING, "Unknown parameter: " _RED_("'%c'"), param_getchar(Cmd, cmdp)); errors = true; break; } @@ -2020,7 +2013,7 @@ static int CmdHF14AMfURestore(const char *Cmd) { read_key = true; break; default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + PrintAndLogEx(WARNING, "Unknown parameter: " _RED_("'%c'"), param_getchar(Cmd, cmdp)); errors = true; break; } @@ -2565,7 +2558,7 @@ static int CmdHF14AMfUPwdGen(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); if (strlen(Cmd) == 0 || cmdp == 'h') return usage_hf_mfu_pwdgen(); - if (cmdp == 't') return ul_ev1_pwdgen_selftest(); + if (cmdp == 't') return generator_selftest(); if (cmdp == 'r') { // read uid from tag @@ -2671,4 +2664,3 @@ int CmdHFMFUltra(const char *Cmd) { clearCommandBuffer(); return CmdsParse(CommandTable, Cmd); } - diff --git a/client/cmdlf.c b/client/cmdlf.c index 617d87c0e..18b055b8c 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -253,34 +253,41 @@ static int CmdLFTune(const char *Cmd) { //Validations if (errors) return usage_lf_tune(); - PrintAndLogEx(SUCCESS, "Measuring LF antenna at %.2f kHz, click button or press Enter to exit", LF_DIV2FREQ(divisor)); + PrintAndLogEx(INFO, "Measuring LF antenna at " _YELLOW_("%.2f") "kHz, click " _GREEN_("pm3 button") "or press " _GREEN_("Enter") "to exit", LF_DIV2FREQ(divisor)); uint8_t params[] = {1, 0}; params[1] = divisor; PacketResponseNG resp; - clearCommandBuffer(); + SendCommandNG(CMD_MEASURE_ANTENNA_TUNING_LF, params, sizeof(params)); if (!WaitForResponseTimeout(CMD_MEASURE_ANTENNA_TUNING_LF, &resp, 1000)) { PrintAndLogEx(WARNING, "Timeout while waiting for Proxmark LF initialization, aborting"); return PM3_ETIMEOUT; } + params[0] = 2; // loop forever (till button pressed) if iter = 0 (default) for (uint8_t i = 0; iter == 0 || i < iter; i++) { - if (kbd_enter_pressed()) { // abort by keyboard press + if (kbd_enter_pressed()) { break; } + SendCommandNG(CMD_MEASURE_ANTENNA_TUNING_LF, params, sizeof(params)); if (!WaitForResponseTimeout(CMD_MEASURE_ANTENNA_TUNING_LF, &resp, 1000)) { + PrintAndLogEx(NORMAL, ""); PrintAndLogEx(WARNING, "Timeout while waiting for Proxmark LF measure, aborting"); return PM3_ETIMEOUT; } - if ((resp.status == PM3_EOPABORTED) || (resp.length != sizeof(uint32_t))) + + if ((resp.status == PM3_EOPABORTED) || (resp.length != sizeof(uint32_t))) { break; + } + uint32_t volt = resp.data.asDwords[0]; - PrintAndLogEx(INPLACE, "%u mV / %5u V", volt, (uint32_t)(volt / 1000)); + PrintAndLogEx(INPLACE, "%u mV / %3u V", volt, (uint32_t)(volt / 1000)); } + params[0] = 3; SendCommandNG(CMD_MEASURE_ANTENNA_TUNING_LF, params, sizeof(params)); if (!WaitForResponseTimeout(CMD_MEASURE_ANTENNA_TUNING_LF, &resp, 1000)) { @@ -288,11 +295,10 @@ static int CmdLFTune(const char *Cmd) { return PM3_ETIMEOUT; } PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "Done."); + PrintAndLogEx(INFO, "Done."); return PM3_SUCCESS; } - /* send a LF command before reading */ int CmdLFCommandRead(const char *Cmd) { @@ -451,6 +457,24 @@ int CmdFlexdemod(const char *Cmd) { return PM3_SUCCESS; } +int lf_getconfig(sample_config *config) { + if (!session.pm3_present) return PM3_ENOTTY; + + if (config == NULL) + return PM3_EINVARG; + + clearCommandBuffer(); + + SendCommandNG(CMD_LF_SAMPLING_GET_CONFIG, NULL, 0); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_LF_SAMPLING_GET_CONFIG, &resp, 2000)) { + PrintAndLogEx(WARNING, "command execution time out"); + return PM3_ETIMEOUT; + } + memcpy(config, resp.data.asBytes, sizeof(sample_config)); + return PM3_SUCCESS; +} + int lf_config(sample_config *config) { if (!session.pm3_present) return PM3_ENOTTY; @@ -458,7 +482,7 @@ int lf_config(sample_config *config) { if (config != NULL) SendCommandNG(CMD_LF_SAMPLING_SET_CONFIG, (uint8_t *)config, sizeof(sample_config)); else - SendCommandNG(CMD_LF_SAMPLING_GET_CONFIG, NULL, 0); + SendCommandNG(CMD_LF_SAMPLING_PRINT_CONFIG, NULL, 0); return PM3_SUCCESS; } @@ -1165,7 +1189,7 @@ static bool CheckChipType(bool getDeviceData) { uint32_t word = 0; if (EM4x05IsBlock0(&word)) { PrintAndLogEx(SUCCESS, "Chipset detection: " _GREEN_("EM4x05/EM4x69")); - PrintAndLogEx(INFO, "Hint: try " _YELLOW_("`lf em 4x05`") "commands"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 4x05`") "commands"); retval = true; goto out; } @@ -1173,7 +1197,7 @@ static bool CheckChipType(bool getDeviceData) { //check for t55xx chip... if (tryDetectP1(true)) { PrintAndLogEx(SUCCESS, "Chipset detection: " _GREEN_("T55xx")); - PrintAndLogEx(INFO, "Hint: try " _YELLOW_("`lf t55xx`") "commands"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf t55xx`") "commands"); retval = true; } @@ -1327,16 +1351,16 @@ static command_t CommandTable[] = { {"fdx", CmdLFFdx, AlwaysAvailable, "{ FDX-B RFIDs... }"}, {"gallagher", CmdLFGallagher, AlwaysAvailable, "{ GALLAGHER RFIDs... }"}, {"gproxii", CmdLFGuard, AlwaysAvailable, "{ Guardall Prox II RFIDs... }"}, - {"hid", CmdLFHID, AlwaysAvailable, "{ HID RFIDs... }"}, + {"hid", CmdLFHID, AlwaysAvailable, "{ HID Prox RFIDs... }"}, {"hitag", CmdLFHitag, AlwaysAvailable, "{ Hitag CHIPs... }"}, {"indala", CmdLFINDALA, AlwaysAvailable, "{ Indala RFIDs... }"}, {"io", CmdLFIO, AlwaysAvailable, "{ ioProx RFIDs... }"}, {"jablotron", CmdLFJablotron, AlwaysAvailable, "{ Jablotron RFIDs... }"}, {"keri", CmdLFKeri, AlwaysAvailable, "{ KERI RFIDs... }"}, + {"motorola", CmdLFMotorola, AlwaysAvailable, "{ Motorola RFIDs... }"}, {"nedap", CmdLFNedap, AlwaysAvailable, "{ Nedap RFIDs... }"}, {"nexwatch", CmdLFNEXWATCH, AlwaysAvailable, "{ NexWatch RFIDs... }"}, {"noralsy", CmdLFNoralsy, AlwaysAvailable, "{ Noralsy RFIDs... }"}, - {"motorola", CmdLFMotorola, AlwaysAvailable, "{ Motorola RFIDs... }"}, {"pac", CmdLFPac, AlwaysAvailable, "{ PAC/Stanley RFIDs... }"}, {"paradox", CmdLFParadox, AlwaysAvailable, "{ Paradox RFIDs... }"}, {"pcf7931", CmdLFPCF7931, AlwaysAvailable, "{ PCF7931 CHIPs... }"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index 7393405ba..bb0628609 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -34,5 +34,6 @@ int CmdLFfind(const char *Cmd); int lf_read(bool verbose, uint32_t samples); int lf_config(sample_config *config); +int lf_getconfig(sample_config *config); #endif diff --git a/client/cmdlfawid.c b/client/cmdlfawid.c index 38c3675d1..468941022 100644 --- a/client/cmdlfawid.c +++ b/client/cmdlfawid.c @@ -422,7 +422,10 @@ static int CmdAWIDClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone AWID %u to T55x7 with FC: %u, CN: %u", fmtlen, fc, cn); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf awid read`") "to verify"); + return res; } static int CmdAWIDBrute(const char *Cmd) { diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index a8d7e06e3..841f26652 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -700,6 +700,8 @@ static int CmdEM410xWrite(const char *Cmd) { } SendCommandMIX(CMD_LF_EM410X_WRITE, card, (uint32_t)(id >> 32), (uint32_t)id, NULL, 0); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 410x_read`") "to verify"); return PM3_SUCCESS; } @@ -1037,6 +1039,9 @@ static int CmdEM4x50Write(const char *Cmd) { uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 'h') return usage_lf_em4x50_write(); PrintAndLogEx(NORMAL, "no implemented yet"); +// +// PrintAndLogEx(SUCCESS, "Done"); +// PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 4x50_read`") "to verify"); return PM3_SUCCESS; } @@ -1344,7 +1349,7 @@ static int CmdEM4x05Dump(const char *Cmd) { // saveFileEML will add .eml extension to filename // saveFile (binary) passes in the .bin extension. if (strcmp(preferredName, "") == 0) // Set default filename, if not set by user - sprintf(preferredName, "lf-4x05-%08X-data", BSWAP_32(data[1])); + sprintf(preferredName, "lf-4x05-%08X-dump", BSWAP_32(data[1])); saveFileEML(preferredName, (uint8_t *)data, 16 * sizeof(uint32_t), sizeof(uint32_t)); saveFile(preferredName, ".bin", data, sizeof(data)); @@ -1434,9 +1439,10 @@ static int CmdEM4x05Write(const char *Cmd) { uint32_t dummy = 0; int status = demodEM4x05resp(&dummy); if (status == PM3_SUCCESS) - PrintAndLogEx(NORMAL, "Write " _GREEN_("Verified")); - else - PrintAndLogEx(NORMAL, "Write could " _RED_("not") "be verified"); + PrintAndLogEx(SUCCESS, "Success writing to tag"); + + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 4x05_read`") "to verify"); return status; } static int CmdEM4x05Wipe(const char *Cmd) { diff --git a/client/cmdlffdx.c b/client/cmdlffdx.c index 2f3f81d1d..58f427a3d 100644 --- a/client/cmdlffdx.c +++ b/client/cmdlffdx.c @@ -301,7 +301,10 @@ static int CmdFdxClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone FDX-B to T55x7 with animal ID: %04u-%"PRIu64, countryid, animalid); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf fdx read`") "to verify"); + return res; } static int CmdFdxSim(const char *Cmd) { diff --git a/client/cmdlfgallagher.c b/client/cmdlfgallagher.c index ef28f1326..97a7e0e09 100644 --- a/client/cmdlfgallagher.c +++ b/client/cmdlfgallagher.c @@ -178,7 +178,10 @@ static int CmdGallagherClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Gallagher to T55x7 with raw hex"); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf gallagher read`") "to verify"); + return res; } static int CmdGallagherSim(const char *Cmd) { diff --git a/client/cmdlfguard.c b/client/cmdlfguard.c index 8597f4759..a1dbf0587 100644 --- a/client/cmdlfguard.c +++ b/client/cmdlfguard.c @@ -187,7 +187,10 @@ static int CmdGuardClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Guardall to T55x7 with Facility Code: %u, Card Number: %u", facilitycode, cardnumber); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf gprox read`") "to verify"); + return res; } static int CmdGuardSim(const char *Cmd) { diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c index 201dcef84..53af57ab7 100644 --- a/client/cmdlfhid.c +++ b/client/cmdlfhid.c @@ -50,7 +50,7 @@ static int usage_lf_hid_watch(void) { PrintAndLogEx(NORMAL, "Usage: lf hid watch"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf hid watch"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf hid watch")); return PM3_SUCCESS; } static int usage_lf_hid_sim(void) { @@ -62,11 +62,11 @@ static int usage_lf_hid_sim(void) { PrintAndLogEx(NORMAL, " h - This help"); PrintAndLogEx(NORMAL, " ID - HID id"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf hid sim 2006ec0c86"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf hid sim 2006ec0c86")); return PM3_SUCCESS; } static int usage_lf_hid_clone(void) { - PrintAndLogEx(NORMAL, "Clone HID to T55x7. Tag must be on antenna. "); + PrintAndLogEx(NORMAL, "Clone HID to T55x7. " _BLUE_("Tag must be on antenna!")); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Usage: lf hid clone [h] [l] ID"); PrintAndLogEx(NORMAL, "Options:"); @@ -74,8 +74,8 @@ static int usage_lf_hid_clone(void) { PrintAndLogEx(NORMAL, " l - 84bit ID"); PrintAndLogEx(NORMAL, " ID - HID id"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf hid clone 2006ec0c86"); - PrintAndLogEx(NORMAL, " lf hid clone l 2006ec0c86"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf hid clone 2006ec0c86")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf hid clone l 2006ec0c86")); return PM3_SUCCESS; } static int usage_lf_hid_brute(void) { @@ -83,21 +83,23 @@ static int usage_lf_hid_brute(void) { PrintAndLogEx(NORMAL, "This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step"); PrintAndLogEx(NORMAL, "if cardnumber is not given, it starts with 1 and goes up to 65535"); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "Usage: lf hid brute [h] [v] w [ (decimal)>] {...}"); + PrintAndLogEx(NORMAL, "Usage: lf hid brute [h] [v] w [ (decimal)>] [up|down] {...}"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h : This help"); - PrintAndLogEx(NORMAL, " w : see `wiegand list` for available formats"); + PrintAndLogEx(NORMAL, " w : see " _YELLOW_("`wiegand list`") "for available formats"); PrintAndLogEx(NORMAL, " f : facility code"); PrintAndLogEx(NORMAL, " c : card number to start with"); PrintAndLogEx(NORMAL, " i : issue level"); PrintAndLogEx(NORMAL, " o : OEM code"); PrintAndLogEx(NORMAL, " d : delay betweens attempts in ms. Default 1000ms"); PrintAndLogEx(NORMAL, " v : verbose logging, show all tries"); + PrintAndLogEx(NORMAL, " up : direction to increment card number. (default is both directions)"); + PrintAndLogEx(NORMAL, " down : direction to decrement card number. (default is both directions)"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf hid brute w H10301 f 224"); - PrintAndLogEx(NORMAL, " lf hid brute w H10301 f 21 d 2000"); - PrintAndLogEx(NORMAL, " lf hid brute v w H10301 f 21 c 200 d 2000"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf hid brute w H10301 f 224")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf hid brute w H10301 f 21 d 2000")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf hid brute v w H10301 f 21 c 200 d 2000")); return PM3_SUCCESS; } @@ -160,7 +162,7 @@ static int CmdHIDDemod(const char *Cmd) { uint8_t bits[GraphTraceLen]; size_t size = getFromGraphBuf(bits); if (size == 0) { - PrintAndLogEx(DEBUG, "DEBUG: Error - HID not enough samples"); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID not enough samples")); return PM3_ESOFT; } //get binary from fsk wave @@ -169,17 +171,17 @@ static int CmdHIDDemod(const char *Cmd) { if (idx < 0) { if (idx == -1) - PrintAndLogEx(DEBUG, "DEBUG: Error - HID not enough samples"); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID not enough samples")); else if (idx == -2) - PrintAndLogEx(DEBUG, "DEBUG: Error - HID just noise detected"); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID just noise detected")); else if (idx == -3) - PrintAndLogEx(DEBUG, "DEBUG: Error - HID problem during FSK demod"); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID problem during FSK demod")); else if (idx == -4) - PrintAndLogEx(DEBUG, "DEBUG: Error - HID preamble not found"); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID preamble not found")); else if (idx == -5) - PrintAndLogEx(DEBUG, "DEBUG: Error - HID error in Manchester data, size %zu", size); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID error in Manchester data, size %zu"), size); else - PrintAndLogEx(DEBUG, "DEBUG: Error - HID error demoding fsk %d", idx); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID error demoding fsk %d"), idx); return PM3_ESOFT; } @@ -188,12 +190,12 @@ static int CmdHIDDemod(const char *Cmd) { setClockGrid(50, waveIdx + (idx * 50)); if (hi2 == 0 && hi == 0 && lo == 0) { - PrintAndLogEx(DEBUG, "DEBUG: Error - HID no values found"); + PrintAndLogEx(DEBUG, "DEBUG: Error - " _RED_("HID no values found")); return PM3_ESOFT; } if (hi2 != 0) { //extra large HID tags - PrintAndLogEx(SUCCESS, "HID Prox TAG ID: %x%08x%08x (%u)", hi2, hi, lo, (lo >> 1) & 0xFFFF); + PrintAndLogEx(SUCCESS, "HID Prox TAG ID: " _GREEN_("%x%08x%08x (%u)"), hi2, hi, lo, (lo >> 1) & 0xFFFF); } else { //standard HID tags <38 bits uint8_t fmtLen = 0; uint32_t cc = 0; @@ -239,14 +241,14 @@ static int CmdHIDDemod(const char *Cmd) { fc = ((hi & 0xF) << 12) | (lo >> 20); } if (fmtLen == 32 && (lo & 0x40000000)) { //if 32 bit and Kastle bit set - PrintAndLogEx(SUCCESS, "HID Prox TAG (Kastle format) ID: %x%08x (%u) - Format Len: 32bit - CC: %u - FC: %u - Card: %u", hi, lo, (lo >> 1) & 0xFFFF, cc, fc, cardnum); + PrintAndLogEx(SUCCESS, "HID Prox TAG (Kastle format) ID: " _GREEN_("%x%08x (%u)")"- Format Len: 32bit - CC: %u - FC: %u - Card: %u", hi, lo, (lo >> 1) & 0xFFFF, cc, fc, cardnum); } else { - PrintAndLogEx(SUCCESS, "HID Prox TAG ID: %x%08x (%u) - Format Len: %ubit - OEM: %03u - FC: %u - Card: %u", + PrintAndLogEx(SUCCESS, "HID Prox TAG ID: " _GREEN_("%x%08x (%u)")"- Format Len: " _GREEN_("%u bit")"- OEM: %03u - FC: " _GREEN_("%u")"- Card: " _GREEN_("%u"), hi, lo, cardnum, fmtLen, oem, fc, cardnum); } } - PrintAndLogEx(DEBUG, "DEBUG: HID idx: %d, Len: %zu, Printing Demod Buffer:", idx, size); + PrintAndLogEx(DEBUG, "DEBUG: HID idx: %d, Len: %zu, Printing Demod Buffer: ", idx, size); if (g_debugMode) printDemodBuff(); @@ -266,6 +268,8 @@ static int CmdHIDWatch(const char *Cmd) { if (ctmp == 'h') return usage_lf_hid_watch(); clearCommandBuffer(); SendCommandNG(CMD_LF_HID_DEMOD, NULL, 0); + PrintAndLogEx(SUCCESS, "Watching for new HID cards - place tag on antenna"); + PrintAndLogEx(INFO, "Press pm3-button to stop reading new cards"); return PM3_SUCCESS; } @@ -286,18 +290,18 @@ static int CmdHIDSim(const char *Cmd) { lo = (lo << 4) | (n & 0xf); } - PrintAndLogEx(INFO, "Simulating HID tag with long ID %x%08x%08x", hi2, hi, lo); + PrintAndLogEx(INFO, "Simulating HID tag with long ID: " _GREEN_("%x%08x%08x"), hi2, hi, lo); payload.longFMT = 1; } else { while (sscanf(&Cmd[i++], "%1x", &n) == 1) { hi = (hi << 4) | (lo >> 28); lo = (lo << 4) | (n & 0xf); } - PrintAndLogEx(SUCCESS, "Simulating HID tag with ID %x%08x", hi, lo); + PrintAndLogEx(SUCCESS, "Simulating HID tag with ID: " _GREEN_("%x%08x"), hi, lo); hi2 = 0; } - PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation"); + PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); payload.hi2 = hi2; payload.hi = hi; @@ -329,7 +333,7 @@ static int CmdHIDClone(const char *Cmd) { lo = (lo << 4) | (n & 0xf); } - PrintAndLogEx(INFO, "Preparing to clone HID tag with long ID %x%08x%08x", hi2, hi, lo); + PrintAndLogEx(INFO, "Preparing to clone HID tag with long ID: " _GREEN_("%x%08x%08x"), hi2, hi, lo); longid[0] = 1; } else { @@ -337,13 +341,14 @@ static int CmdHIDClone(const char *Cmd) { hi = (hi << 4) | (lo >> 28); lo = (lo << 4) | (n & 0xf); } - PrintAndLogEx(INFO, "Preparing to clone HID tag with ID %x%08x", hi, lo); + PrintAndLogEx(INFO, "Preparing to clone HID tag with ID: " _GREEN_("%x%08x"), hi, lo); hi2 = 0; } clearCommandBuffer(); SendCommandMIX(CMD_LF_HID_CLONE, hi2, hi, lo, longid, sizeof(longid)); - PrintAndLogEx(INFO, "Clone command sent. Try "_YELLOW_("'lf hid read'") " to verify"); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf hid read`") "to verify"); return PM3_SUCCESS; } @@ -365,14 +370,31 @@ static int CmdHIDClone(const char *Cmd) { static int CmdHIDBrute(const char *Cmd) { bool errors = false, verbose = false; - uint32_t delay = 1000; + uint32_t delay = 1000; uint8_t cmdp = 0; int format_idx = -1; + int direction = 0; char format[16] = {0}; - wiegand_card_t data; - memset(&data, 0, sizeof(wiegand_card_t)); + + wiegand_card_t cn_hi, cn_low; + memset(&cn_hi, 0, sizeof(wiegand_card_t)); while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + + char s[10] = {0}; + if (param_getstr(Cmd, cmdp, s, sizeof(s)) > 0) { + if (strlen(s) > 1) { + str_lower((char *)s); + if (str_startswith(s, "up")) { + direction = 1; + } else if (str_startswith(s, "do")) { + direction = 2; + } + cmdp++; + continue; + } + } + switch (tolower(param_getchar(Cmd, cmdp))) { case 'h': return usage_lf_hid_brute(); @@ -380,13 +402,13 @@ static int CmdHIDBrute(const char *Cmd) { param_getstr(Cmd, cmdp + 1, format, sizeof(format)); format_idx = HIDFindCardFormat(format); if (format_idx == -1) { - PrintAndLogEx(WARNING, "Unknown format: %s", format); + PrintAndLogEx(WARNING, "Unknown format: " _YELLOW_("%s"), format); errors = true; } cmdp += 2; break; case 'c': - data.CardNumber = param_get32ex(Cmd, cmdp + 1, 0, 10); + cn_hi.CardNumber = param_get32ex(Cmd, cmdp + 1, 0, 10); cmdp += 2; break; case 'd': @@ -395,15 +417,15 @@ static int CmdHIDBrute(const char *Cmd) { cmdp += 2; break; case 'f': - data.FacilityCode = param_get32ex(Cmd, cmdp + 1, 0, 10); + cn_hi.FacilityCode = param_get32ex(Cmd, cmdp + 1, 0, 10); cmdp += 2; break; case 'i': - data.IssueLevel = param_get32ex(Cmd, cmdp + 1, 0, 10); + cn_hi.IssueLevel = param_get32ex(Cmd, cmdp + 1, 0, 10); cmdp += 2; break; case 'o': - data.OEM = param_get32ex(Cmd, cmdp + 1, 0, 10); + cn_hi.OEM = param_get32ex(Cmd, cmdp + 1, 0, 10); cmdp += 2; break; case 'v': @@ -411,18 +433,51 @@ static int CmdHIDBrute(const char *Cmd) { cmdp++; break; default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + PrintAndLogEx(WARNING, "Unknown parameter: " _YELLOW_("'%c'"), param_getchar(Cmd, cmdp)); errors = true; break; } } + + if (format_idx == -1) { + PrintAndLogEx(ERR, "You must select a wiegand format. See " _YELLOW_("`wiegand list`") "for available formats\n"); + errors = true; + } + if (errors) return usage_lf_hid_brute(); + if (verbose) { + PrintAndLogEx(INFO, "Wiegand format#.. %i", format_idx); + PrintAndLogEx(INFO, "OEM#............. %u", cn_hi.OEM); + PrintAndLogEx(INFO, "ISSUE#........... %u", cn_hi.IssueLevel); + PrintAndLogEx(INFO, "Facility#........ %u", cn_hi.FacilityCode); + PrintAndLogEx(INFO, "Card#............ %" PRIu64, cn_hi.CardNumber); + switch (direction) { + case 0: + PrintAndLogEx(INFO, "Brute-forcing direction: " _YELLOW_("BOTH")); + break; + case 1: + PrintAndLogEx(INFO, "Brute-forcing direction: " _YELLOW_("UP")); + break; + case 2: + PrintAndLogEx(INFO, "Brute-forcing direction: " _YELLOW_("DOWN")); + break; + default: + break; + } + } PrintAndLogEx(INFO, "Brute-forcing HID reader"); - PrintAndLogEx(INFO, "Press pm3-button to abort simulation or run another command"); + PrintAndLogEx(INFO, "Press pm3-button to abort simulation or press `enter` to exit"); + + // copy values to low. + cn_low = cn_hi; // main loop - for (;;) { + // iceman: could add options for bruteforcing OEM, ISSUE or FC aswell.. + bool exitloop = false; + bool fin_hi, fin_low; + fin_hi = fin_low = false; + do { if (!session.pm3_present) { PrintAndLogEx(WARNING, "Device offline\n"); @@ -434,18 +489,45 @@ static int CmdHIDBrute(const char *Cmd) { return sendPing(); } - // Do one up - if (data.CardNumber < 0xFFFF) { - data.CardNumber++; - if (sendTry(format_idx, &data, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT; + // do one up + if (direction != 2) { + if (cn_hi.CardNumber < 0xFFFF) { + cn_hi.CardNumber++; + if (sendTry(format_idx, &cn_hi, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT; + } else { + fin_hi = true; + } } - // Do one down (if cardnumber is given) - if (data.CardNumber > 1) { - data.CardNumber--; - if (sendTry(format_idx, &data, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT; + // do one down + if (direction != 1) { + if (cn_low.CardNumber > 0) { + cn_low.CardNumber--; + if (sendTry(format_idx, &cn_low, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT; + } else { + fin_low = true; + } } - } + + switch (direction) { + case 0: + if (fin_hi && fin_low) { + exitloop = true; + } + break; + case 1: + exitloop = fin_hi; + break; + case 2: + exitloop = fin_low; + break; + default: + break; + } + + } while (exitloop == false); + + PrintAndLogEx(INFO, "Brute forcing finished"); return PM3_SUCCESS; } diff --git a/client/cmdlfindala.c b/client/cmdlfindala.c index 9aa98524c..e5651a3ad 100644 --- a/client/cmdlfindala.c +++ b/client/cmdlfindala.c @@ -28,6 +28,8 @@ #include "protocols.h" // t55 defines #include "cmdlft55xx.h" // verifywrite +#define INDALA_ARR_LEN 64 + static int CmdHelp(const char *Cmd); //large 224 bit indala formats (different preamble too...) @@ -140,7 +142,7 @@ static void decodeHeden2L(uint8_t *bits) { if (bits[offset + 7]) cardnumber += 16384; if (bits[offset + 23]) cardnumber += 32768; - PrintAndLogEx(SUCCESS, "\tHeden-2L | %u", cardnumber); + PrintAndLogEx(SUCCESS, "\tHeden-2L | " _YELLOW_("%u"), cardnumber); } // Indala 26 bit decode @@ -192,7 +194,7 @@ static int CmdIndalaDemod(const char *Cmd) { if (DemodBufferLen == 64) { PrintAndLogEx( SUCCESS - , "Indala Found - bitlength %zu, Raw %x%08x" + , "Indala Found - bitlength %zu, Raw " _YELLOW_("%x%08x") , DemodBufferLen , uid1 , uid2 @@ -244,14 +246,18 @@ static int CmdIndalaDemod(const char *Cmd) { checksum |= DemodBuffer[63] << 0; // b1 PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(SUCCESS, "Fmt 26 bit FC " _YELLOW_("%u") ", CN " _YELLOW_("%u") ", checksum " _YELLOW_("%1d%1d") + , fc + , csn + , checksum >> 1 & 0x01 + , checksum & 0x01 + ); + PrintAndLogEx(SUCCESS, "Possible de-scramble patterns"); PrintAndLogEx(SUCCESS, "\tPrinted | __%04d__ [0x%X]", p1, p1); PrintAndLogEx(SUCCESS, "\tInternal ID | %" PRIu64, foo); decodeHeden2L(DemodBuffer); - PrintAndLogEx(SUCCESS, "Fmt 26 bit FC %u , CSN %u , checksum %1d%1d", fc, csn, checksum >> 1 & 0x01, checksum & 0x01); - - } else { uint32_t uid3 = bytebits_to_byte(DemodBuffer + 64, 32); uint32_t uid4 = bytebits_to_byte(DemodBuffer + 96, 32); @@ -499,6 +505,7 @@ static int CmdIndalaSim(const char *Cmd) { uint8_t hexuid[100]; int len = 0; param_gethex_ex(Cmd, 0, hexuid, &len); + if (len > 28) return usage_lf_indala_sim(); @@ -542,49 +549,62 @@ static int CmdIndalaSim(const char *Cmd) { static int CmdIndalaClone(const char *Cmd) { - bool is_long_uid = false, got_cn = false; + bool is_long_uid = false, got_cn = false, got_26 = false; bool is_t5555 = false; int32_t cardnumber; uint32_t blocks[8] = {0}; uint8_t max = 0; uint8_t data[7 * 4]; int datalen = 0; + uint8_t fc = 0; + uint16_t cn = 0; CLIParserInit("lf indala clone", "clone INDALA tag to T55x7 (or to q5/T5555)", "Examples:\n" - "\tlf indala clone -c 888\n" + "\tlf indala clone --heden 888\n" + "\tlf indala clone --fc 123 --cn 1337\n" "\tlf indala clone -r a0000000a0002021\n" "\tlf indala clone -l -r 80000001b23523a6c2e31eba3cbee4afb3c6ad1fcf649393928c14e5"); void *argtable[] = { arg_param_begin, - arg_lit0("lL", "long", "optional - long UID 224 bits"), - arg_int0("cC", "cn", "", "Cardnumber for Heden 2L format"), - arg_strx0("rR", "raw", "", "raw bytes"), - arg_lit0("qQ", "Q5", "optional - specify write to Q5 (t5555 instead of t55x7)"), + arg_lit0("lL", "long", "optional - long UID 224 bits"), + arg_int0("cC", "heden", "", "Cardnumber for Heden 2L format"), + arg_strx0("rR", "raw", "", "raw bytes"), + arg_lit0("qQ", "Q5", "optional - specify write to Q5 (t5555 instead of t55x7)"), + arg_int0("", "fc", "", "Facility Code (26 bit format)"), + arg_int0("", "cn", "", "Cardnumber (26 bit format)"), arg_param_end }; CLIExecWithReturn(Cmd, argtable, false); is_long_uid = arg_get_lit(1); - if (is_long_uid == false) { - cardnumber = arg_get_int_def(2, -1); - got_cn = (cardnumber != -1); - } - if (got_cn == false) { - CLIGetHexWithReturn(3, data, &datalen); - } + // raw param + CLIGetHexWithReturn(3, data, &datalen); is_t5555 = arg_get_lit(4); + if (is_long_uid == false) { + + // Heden param + cardnumber = arg_get_int_def(2, -1); + got_cn = (cardnumber != -1); + + // 26b FC/CN param + fc = arg_get_int_def(5, 0); + cn = arg_get_int_def(6, 0); + got_26 = (fc != 0 && cn != 0); + } + CLIParserFree(); if (is_long_uid) { // 224 BIT UID // config for Indala (RF/32;PSK2 with RF/2;Maxblock=7) - PrintAndLogEx(INFO, "Preparing to clone Indala 224bit tag with RawID %s", sprint_hex(data, datalen)); + PrintAndLogEx(INFO, "Preparing to clone Indala 224bit tag"); + PrintAndLogEx(INFO, "RawID %s", sprint_hex(data, datalen)); if (is_t5555) blocks[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_PSK2 | (7 << T5555_MAXBLOCK_SHIFT); @@ -602,12 +622,41 @@ static int CmdIndalaClone(const char *Cmd) { } else { // 64 BIT UID if (got_cn) { + PrintAndLogEx(INFO, "Using Indala HEDEN cardnumber %u", cardnumber); encodeHeden2L(data, cardnumber); datalen = 8; + } else if (got_26) { + + PrintAndLogEx(INFO, "Using Indala 26b FC %u CN %u", fc, cn); + + // Used with the 26bit FC/CSN + uint8_t *bits = calloc(INDALA_ARR_LEN, sizeof(uint8_t)); + if (bits == NULL) { + PrintAndLogEx(WARNING, "Failed to allocate memory"); + return PM3_EMALLOC; + } + + if (getIndalaBits(fc, cn, bits) != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Error with tag bitstream generation."); + return PM3_ESOFT; + } + + data[0] = bytebits_to_byte(bits, 8); + data[1] = bytebits_to_byte(bits + 8, 8); + data[2] = bytebits_to_byte(bits + 16, 8); + data[3] = bytebits_to_byte(bits + 24, 8); + data[4] = bytebits_to_byte(bits + 32, 8); + data[5] = bytebits_to_byte(bits + 40, 8); + data[6] = bytebits_to_byte(bits + 48, 8); + data[7] = bytebits_to_byte(bits + 56, 8); + datalen = 8; + + free(bits); } // config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2) - PrintAndLogEx(INFO, "Preparing to clone Indala 64bit tag with RawID %s", sprint_hex(data, datalen)); + PrintAndLogEx(INFO, "Preparing to clone Indala 64bit tag"); + PrintAndLogEx(INFO, "RawID %s", sprint_hex(data, datalen)); if (is_t5555) blocks[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_PSK1 | (2 << T5555_MAXBLOCK_SHIFT); @@ -620,7 +669,10 @@ static int CmdIndalaClone(const char *Cmd) { } print_blocks(blocks, max); - return clone_t55xx_tag(blocks, max); + int res = clone_t55xx_tag(blocks, max); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf indala read`") "to verify"); + return res; } static command_t CommandTable[] = { @@ -644,6 +696,71 @@ int CmdLFINDALA(const char *Cmd) { return CmdsParse(CommandTable, Cmd); } +int getIndalaBits(uint8_t fc, uint16_t cn, uint8_t *bits) { + // preamble + // is there a preamble? + bits[0] = 1; + bits[2] = 1; + bits[32] = 1; + + // add fc + bits[57] = ((fc >> 7) & 1); // b8 + bits[49] = ((fc >> 6) & 1); // b7 + bits[44] = ((fc >> 5) & 1); // b6 + bits[47] = ((fc >> 4) & 1); // b5 + bits[48] = ((fc >> 3) & 1); // b4 + bits[53] = ((fc >> 2) & 1); // b3 + bits[39] = ((fc >> 1) & 1); // b2 + bits[58] = (fc & 1); // b1 + + // add cn + bits[42] = ((cn >> 15) & 1); // b16 + bits[45] = ((cn >> 14) & 1); // b15 - c + bits[43] = ((cn >> 13) & 1); // b14 + bits[40] = ((cn >> 12) & 1); // b13 - c + bits[52] = ((cn >> 11) & 1); // b12 + bits[36] = ((cn >> 10) & 1); // b11 + bits[35] = ((cn >> 9) & 1); // b10 - c + bits[51] = ((cn >> 8) & 1); // b9 - c + bits[46] = ((cn >> 7) & 1); // b8 + bits[33] = ((cn >> 6) & 1); // b7 - c + bits[37] = ((cn >> 5) & 1); // b6 - c + bits[54] = ((cn >> 4) & 1); // b5 + bits[56] = ((cn >> 3) & 1); // b4 + bits[59] = ((cn >> 2) & 1); // b3 - c + bits[50] = ((cn >> 1) & 1); // b2 + bits[41] = (cn & 1); // b1 - c + + // checksum + uint8_t chk = 0; + //sum(y2, y4, y7, y8, y10, y11, y14, y16 + chk += ((cn >> 14) & 1); //y2 == 75 - 30 = 45 + chk += ((cn >> 12) & 1); //y4 == 70 - 30 = 40 + chk += ((cn >> 9) & 1); //y7 == 65 - 30 = 35 + chk += ((cn >> 8) & 1); //y8 == 81 - 30 = 51 + chk += ((cn >> 6) & 1); //y10 == 63 - 30 = 33 + chk += ((cn >> 5) & 1); //y11 == 67 - 30 = 37 + chk += ((cn >> 2) & 1); //y14 == 89 - 30 = 59 + chk += (cn & 1); //y16 == 71 - 30 = 41 + + if ((chk & 1) == 0) { + bits[62] = 0; + bits[63] = 1; + } else { + bits[62] = 1; + bits[63] = 0; + } + + // add parity + bits[34] = 1; // p1 64 - 30 = 34 + bits[38] = 1; // p2 68 - 30 = 38 + + // 92 = 62 + // 93 = 63 + + return PM3_SUCCESS; +} + // redesigned by marshmellow adjusted from existing decode functions // indala id decoding int detectIndala(uint8_t *dest, size_t *size, uint8_t *invert) { diff --git a/client/cmdlfindala.h b/client/cmdlfindala.h index 830017117..65ed29e61 100644 --- a/client/cmdlfindala.h +++ b/client/cmdlfindala.h @@ -19,5 +19,6 @@ int detectIndala26(uint8_t *bitStream, size_t *size, uint8_t *invert); int detectIndala64(uint8_t *bitStream, size_t *size, uint8_t *invert); int detectIndala224(uint8_t *bitStream, size_t *size, uint8_t *invert); int demodIndala(void); +int getIndalaBits(uint8_t fc, uint16_t cn, uint8_t *bits); #endif diff --git a/client/cmdlfio.c b/client/cmdlfio.c index 1a25fca17..28c653ab4 100644 --- a/client/cmdlfio.c +++ b/client/cmdlfio.c @@ -275,7 +275,10 @@ static int CmdIOProxClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone IOProx to T55x7 with Version: %u FC: %u, CN: %u", version, fc, cn); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf io read`") "to verify"); + return res; } static command_t CommandTable[] = { diff --git a/client/cmdlfkeri.c b/client/cmdlfkeri.c index ced67ad86..1299d767a 100644 --- a/client/cmdlfkeri.c +++ b/client/cmdlfkeri.c @@ -128,7 +128,7 @@ static int CmdKeriMSScramble (KeriMSScramble_t Action, uint32_t *FC, uint32_t *I *CardID = *CardID | Parity; // Bit 31 was fixed but not in check/parity bits - *CardID |= (1 << 31); + *CardID |= (uint32_t)(1 << 31); PrintAndLogEx(SUCCESS, "Scrambled MS : FC %d - CN %d to RAW : E0000000%08X",*FC,*ID,*CardID); } @@ -304,7 +304,10 @@ static int CmdKeriClone(const char *Cmd) { print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf keri read`") "to verify"); + return res; } static int CmdKeriSim(const char *Cmd) { diff --git a/client/cmdlfmotorola.c b/client/cmdlfmotorola.c index 9f0ee1f41..66427a49a 100644 --- a/client/cmdlfmotorola.c +++ b/client/cmdlfmotorola.c @@ -177,7 +177,10 @@ static int CmdMotorolaClone(const char *Cmd) { blocks[2] = bytes_to_num(data + 4, 4); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf motorola read`") "to verify"); + return res; } static int CmdMotorolaSim(const char *Cmd) { diff --git a/client/cmdlfnedap.c b/client/cmdlfnedap.c index c3d6d1ace..5ac4e07fa 100644 --- a/client/cmdlfnedap.c +++ b/client/cmdlfnedap.c @@ -475,6 +475,8 @@ static int CmdLFNedapClone(const char *Cmd) { } else { PrintAndLogEx(NORMAL, ""); } + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf nedap read`") "to verify"); return res; } diff --git a/client/cmdlfnexwatch.c b/client/cmdlfnexwatch.c index 68be0e0bc..5e3801118 100644 --- a/client/cmdlfnexwatch.c +++ b/client/cmdlfnexwatch.c @@ -158,8 +158,10 @@ static int CmdNexWatchClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone NexWatch to T55x7 with raw hex"); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); - + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf nexwatch read`") "to verify"); + return res; } static int CmdNexWatchSim(const char *Cmd) { diff --git a/client/cmdlfnoralsy.c b/client/cmdlfnoralsy.c index d7728a3d9..dc8fb4df0 100644 --- a/client/cmdlfnoralsy.c +++ b/client/cmdlfnoralsy.c @@ -169,7 +169,10 @@ static int CmdNoralsyClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Noralsy to T55x7 with CardId: %u", id); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf noralsy read`") "to verify"); + return res; } static int CmdNoralsySim(const char *Cmd) { diff --git a/client/cmdlfpac.c b/client/cmdlfpac.c index 24c549a4b..c633ccc1a 100644 --- a/client/cmdlfpac.c +++ b/client/cmdlfpac.c @@ -239,7 +239,10 @@ static int CmdPacClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone PAC/Stanley tag to T55x7 with raw hex"); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf pac read`") "to verify"); + return res; } static int CmdPacSim(const char *Cmd) { diff --git a/client/cmdlfparadox.c b/client/cmdlfparadox.c index 29e247b59..8422f0f6f 100644 --- a/client/cmdlfparadox.c +++ b/client/cmdlfparadox.c @@ -36,7 +36,7 @@ static int usage_lf_paradox_clone(void) { PrintAndLogEx(NORMAL, " b : raw hex data. 12 bytes max"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf paradox clone 0f55555695596a6a9999a59a"); + PrintAndLogEx(NORMAL, " lf paradox clone b 0f55555695596a6a9999a59a"); return PM3_SUCCESS; } @@ -169,7 +169,10 @@ static int CmdParadoxClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Paradox to T55x7 with raw hex"); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf paradox read`") "to verify"); + return res; } static int CmdParadoxSim(const char *Cmd) { diff --git a/client/cmdlfpcf7931.c b/client/cmdlfpcf7931.c index e4a14a47e..c37fc9470 100644 --- a/client/cmdlfpcf7931.c +++ b/client/cmdlfpcf7931.c @@ -11,6 +11,7 @@ #include "cmdlfpcf7931.h" #include +#include #include "cmdparser.h" // command_t #include "comms.h" @@ -36,7 +37,7 @@ int pcf7931_resetConfig() { configPcf.InitDelay = PCF7931_DEFAULT_INITDELAY; configPcf.OffsetWidth = PCF7931_DEFAULT_OFFSET_WIDTH; configPcf.OffsetPosition = PCF7931_DEFAULT_OFFSET_POSITION; - return 0; + return PM3_SUCCESS; } int pcf7931_printConfig() { @@ -44,7 +45,7 @@ int pcf7931_printConfig() { PrintAndLogEx(NORMAL, "Tag initialization delay : %d us", configPcf.InitDelay); PrintAndLogEx(NORMAL, "Offset low pulses width : %d us", configPcf.OffsetWidth); PrintAndLogEx(NORMAL, "Offset low pulses position : %d us", configPcf.OffsetPosition); - return 0; + return PM3_SUCCESS; } static int usage_pcf7931_read() { @@ -54,7 +55,7 @@ static int usage_pcf7931_read() { PrintAndLogEx(NORMAL, " h This help"); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf pcf7931 read"); - return 0; + return PM3_SUCCESS; } static int usage_pcf7931_write() { @@ -67,7 +68,7 @@ static int usage_pcf7931_write() { PrintAndLogEx(NORMAL, " data one byte of data (hex)"); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf pcf7931 write 2 1 FF"); - return 0; + return PM3_SUCCESS; } static int usage_pcf7931_config() { @@ -87,30 +88,30 @@ static int usage_pcf7931_config() { PrintAndLogEx(NORMAL, " lf pcf7931 config r"); PrintAndLogEx(NORMAL, " lf pcf7931 config 11223344556677 20000"); PrintAndLogEx(NORMAL, " lf pcf7931 config 11223344556677 17500 -10 30"); - return 0; + return PM3_SUCCESS; } static int CmdLFPCF7931Read(const char *Cmd) { - uint8_t ctmp = param_getchar(Cmd, 0); - if (ctmp == 'H' || ctmp == 'h') return usage_pcf7931_read(); + uint8_t ctmp = tolower(param_getchar(Cmd, 0)); + if (ctmp == 'h') return usage_pcf7931_read(); PacketResponseNG resp; clearCommandBuffer(); SendCommandNG(CMD_LF_PCF7931_READ, NULL, 0); if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { PrintAndLogEx(WARNING, "command execution time out"); - return 1; + return PM3_ETIMEOUT; } - return 0; + return PM3_SUCCESS; } static int CmdLFPCF7931Config(const char *Cmd) { - uint8_t ctmp = param_getchar(Cmd, 0); + uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 0) return pcf7931_printConfig(); - if (ctmp == 'H' || ctmp == 'h') return usage_pcf7931_config(); - if (ctmp == 'R' || ctmp == 'r') return pcf7931_resetConfig(); + if (ctmp == 'h') return usage_pcf7931_config(); + if (ctmp == 'r') return pcf7931_resetConfig(); if (param_gethex(Cmd, 0, configPcf.Pwd, 14)) return usage_pcf7931_config(); @@ -119,13 +120,13 @@ static int CmdLFPCF7931Config(const char *Cmd) { configPcf.OffsetPosition = (int)(param_get32ex(Cmd, 3, 0, 10) & 0xFFFF); pcf7931_printConfig(); - return 0; + return PM3_SUCCESS; } static int CmdLFPCF7931Write(const char *Cmd) { - uint8_t ctmp = param_getchar(Cmd, 0); - if (strlen(Cmd) < 1 || ctmp == 'h' || ctmp == 'H') return usage_pcf7931_write(); + uint8_t ctmp = tolower(param_getchar(Cmd, 0)); + if (strlen(Cmd) < 1 || ctmp == 'h') return usage_pcf7931_write(); uint8_t block = 0, bytepos = 0, data = 0; @@ -136,9 +137,9 @@ static int CmdLFPCF7931Write(const char *Cmd) { data = param_get8ex(Cmd, 2, 0, 16); - PrintAndLogEx(NORMAL, "Writing block: %d", block); - PrintAndLogEx(NORMAL, " pos: %d", bytepos); - PrintAndLogEx(NORMAL, " data: 0x%02X", data); + PrintAndLogEx(INFO, "Writing block: %d", block); + PrintAndLogEx(INFO, " pos: %d", bytepos); + PrintAndLogEx(INFO, " data: 0x%02X", data); uint32_t buf[10]; // TODO sparse struct, 7 *bytes* then words at offset 4*7! memcpy(buf, configPcf.Pwd, sizeof(configPcf.Pwd)); @@ -147,9 +148,11 @@ static int CmdLFPCF7931Write(const char *Cmd) { buf[9] = configPcf.InitDelay; clearCommandBuffer(); - SendCommandOLD(CMD_LF_PCF7931_WRITE, block, bytepos, data, buf, sizeof(buf)); - //no ack? - return 0; + SendCommandMIX(CMD_LF_PCF7931_WRITE, block, bytepos, data, buf, sizeof(buf)); + + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf pcf7931 read`") "to verify"); + return PM3_SUCCESS; } static command_t CommandTable[] = { @@ -163,7 +166,7 @@ static command_t CommandTable[] = { static int CmdHelp(const char *Cmd) { (void)Cmd; // Cmd is not used so far CmdsHelp(CommandTable); - return 0; + return PM3_SUCCESS; } int CmdLFPCF7931(const char *Cmd) { diff --git a/client/cmdlfpresco.c b/client/cmdlfpresco.c index a0619d794..fe4f3dd1c 100644 --- a/client/cmdlfpresco.c +++ b/client/cmdlfpresco.c @@ -136,7 +136,10 @@ static int CmdPrescoClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Presco to T55x7 with SiteCode: %u, UserCode: %u, FullCode: %08x", sitecode, usercode, fullcode); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf presco read`") "to verify"); + return res; } // takes base 12 ID converts to hex diff --git a/client/cmdlfpyramid.c b/client/cmdlfpyramid.c index 5737c87b9..91b2fb25e 100644 --- a/client/cmdlfpyramid.c +++ b/client/cmdlfpyramid.c @@ -250,7 +250,10 @@ static int CmdPyramidClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Farpointe/Pyramid to T55x7 with Facility Code: %u, Card Number: %u", facilitycode, cardnumber); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf pyramid read`") "to verify"); + return res; } static int CmdPyramidSim(const char *Cmd) { diff --git a/client/cmdlfsecurakey.c b/client/cmdlfsecurakey.c index ef4b5be8e..643ab980d 100644 --- a/client/cmdlfsecurakey.c +++ b/client/cmdlfsecurakey.c @@ -168,7 +168,10 @@ static int CmdSecurakeyClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Securakey to T55x7 with raw hex"); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf securakey read`") "to verify"); + return res; } static int CmdSecurakeySim(const char *Cmd) { diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index f25626d94..fafb5d2da 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -202,7 +202,7 @@ static int usage_t55xx_restore() { PrintAndLogEx(NORMAL, _YELLOW_(" Assumes lf t55 detect has been run first!")); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf t55xx restore f lf-t55xx-00148040-data.bin"); + PrintAndLogEx(NORMAL, " lf t55xx restore f lf-t55xx-00148040-dump.bin"); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -1028,7 +1028,6 @@ void T55xx_Print_DownlinkMode(uint8_t downlink_mode) { PrintAndLogEx(NORMAL, msg); } - static int CmdT55xxDetect(const char *Cmd) { bool errors = false; @@ -2316,7 +2315,7 @@ static int CmdT55xxDump(const char *Cmd) { else break; } - strcat(preferredName, "-data"); + strcat(preferredName, "-dump"); } // Swap endian so the files match the txt display diff --git a/client/cmdlfti.c b/client/cmdlfti.c index cf01abb73..7aa04ca28 100644 --- a/client/cmdlfti.c +++ b/client/cmdlfti.c @@ -296,6 +296,8 @@ static int CmdTIWrite(const char *Cmd) { } clearCommandBuffer(); SendCommandMIX(CMD_LF_TI_WRITE, arg0, arg1, arg2, NULL, 0); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf ti read`") "to verify"); return PM3_SUCCESS; } diff --git a/client/cmdlfverichip.c b/client/cmdlfverichip.c index fb2e4e777..a8cd68195 100644 --- a/client/cmdlfverichip.c +++ b/client/cmdlfverichip.c @@ -121,7 +121,10 @@ static int CmdVerichipClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Verichip to T55x7 with raw hex"); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf verichip read`") "to verify"); + return res; } static int CmdVerichipSim(const char *Cmd) { diff --git a/client/cmdlfviking.c b/client/cmdlfviking.c index 69d8aee65..e30234e5a 100644 --- a/client/cmdlfviking.c +++ b/client/cmdlfviking.c @@ -117,6 +117,8 @@ static int CmdVikingClone(const char *Cmd) { PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation."); return PM3_ETIMEOUT; } + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf viking read`") "to verify"); return resp.status; } diff --git a/client/cmdlfvisa2000.c b/client/cmdlfvisa2000.c index 551a1efbb..7293b5efc 100644 --- a/client/cmdlfvisa2000.c +++ b/client/cmdlfvisa2000.c @@ -184,7 +184,10 @@ static int CmdVisa2kClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Visa2000 to T55x7 with CardId: %"PRIu64, id); print_blocks(blocks, ARRAYLEN(blocks)); - return clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf visa2000 read`") "to verify"); + return res; } static int CmdVisa2kSim(const char *Cmd) { diff --git a/client/cmdmain.c b/client/cmdmain.c index c2364d8f1..8d4b1c8b7 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -36,9 +36,23 @@ #include "cmdwiegand.h" // wiegand commands #include "ui.h" #include "util_posix.h" +#include "commonutil.h" // ARRAYLEN static int CmdHelp(const char *Cmd); +static int usage_hints(void) { + PrintAndLogEx(NORMAL, "Turn on/off hints"); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: hints [h] <0|1>"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h This help"); + PrintAndLogEx(NORMAL, " <0|1> off or on"); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " hints 1"); + return PM3_SUCCESS; +} + static int usage_msleep(void) { PrintAndLogEx(NORMAL, "Sleep for given amount of milliseconds"); PrintAndLogEx(NORMAL, ""); @@ -78,6 +92,70 @@ static void AppendDate(char *s, size_t slen, char *fmt) { strftime(s, slen, fmt, ct); } +static int lf_search_plus(const char *Cmd) { + + sample_config oldconfig; + memset(&oldconfig, 0, sizeof(sample_config)); + + int retval = lf_getconfig(&oldconfig); + + if (retval != PM3_SUCCESS) { + PrintAndLogEx(ERR, "failed to get current device config"); + return retval; + } + + // Divisor : frequency(khz) + // 95 88 47 31 23 + // 125.00 134.83 250.00 375.00 500.00 + + int16_t default_divisor[] = {95, 88, 47, 31, 23}; + + /* + default LF config is set to: + decimation = 1 + bits_per_sample = 8 + averaging = YES + divisor = 95 (125kHz) + trigger_threshold = 0 + samples_to_skip = 0 + verbose = YES + */ + sample_config config = { + .decimation = 1, + .bits_per_sample = 8, + .averaging = 1, + .trigger_threshold = 0, + .samples_to_skip = 0, + .verbose = false + }; + + // Iteration defaults + for (int i = 0; i < ARRAYLEN(default_divisor); ++i) { + + if (kbd_enter_pressed()) { + PrintAndLogEx(INFO, "Keyboard pressed. Done."); + break; + } + // Try to change config! + uint32_t d; + d = config.divisor = default_divisor[i]; + PrintAndLogEx(INFO, "--> trying ( " _GREEN_("%d.%02d kHz")")", 12000 / (d + 1), ((1200000 + (d + 1) / 2) / (d + 1)) - ((12000 / (d + 1)) * 100)); + + retval = lf_config(&config); + if (retval != PM3_SUCCESS) + break; + + // The config for pm3 is changed, we can trying search! + retval = CmdLFfind(Cmd); + if (retval == PM3_SUCCESS) + break; + + } + + lf_config(&oldconfig); + return retval; +} + static int CmdAuto(const char *Cmd) { char ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 'h') return usage_auto(); @@ -90,8 +168,12 @@ static int CmdAuto(const char *Cmd) { if (ret == PM3_SUCCESS) return ret; + ret = lf_search_plus(""); + if (ret == PM3_SUCCESS) + return ret; + PrintAndLogEx(INFO, "Failed both LF / HF SEARCH,"); - PrintAndLogEx(INFO, "Trying 'lf read' and save a trace for you..."); + PrintAndLogEx(INFO, "Trying " _YELLOW_("`lf read`") "and save a trace for you"); CmdPlot(""); lf_read(false, 40000); @@ -109,6 +191,33 @@ int CmdRem(const char *Cmd) { return PM3_SUCCESS; } +static int CmdHints(const char *Cmd) { + uint32_t ms = 0; + char ctmp = tolower(param_getchar(Cmd, 0)); + if (ctmp == 'h') return usage_hints(); + + if (strlen(Cmd) > 1){ + str_lower((char *)Cmd); + if (str_startswith(Cmd, "of")) { + session.show_hints = false; + } else { + session.show_hints = true; + } + } else if (strlen(Cmd) == 1) { + if (param_getchar(Cmd, 0) != 0x00) { + ms = param_get32ex(Cmd, 0, 0, 10); + if (ms == 0) { + session.show_hints = false; + } else { + session.show_hints = true; + } + } + } + + PrintAndLogEx(INFO, "Hints are %s", (session.show_hints) ? "ON" : "OFF"); + return PM3_SUCCESS; +} + static int CmdMsleep(const char *Cmd) { uint32_t ms = 0; char ctmp = tolower(param_getchar(Cmd, 0)); @@ -149,6 +258,7 @@ static command_t CommandTable[] = { {"usart", CmdUsart, IfPm3FpcUsartFromUsb, "{ USART commands... }"}, {"wiegand", CmdWiegand, AlwaysAvailable, "{ Wiegand format manipulation... }"}, {"", CmdHelp, AlwaysAvailable, ""}, + {"hints", CmdHints, AlwaysAvailable, "Turn hints on / off"}, {"msleep", CmdMsleep, AlwaysAvailable, "Add a pause in milliseconds"}, {"rem", CmdRem, AlwaysAvailable, "Add a text line in log file"}, {"quit", CmdQuit, AlwaysAvailable, ""}, diff --git a/client/cmdscript.c b/client/cmdscript.c index 322fd6adb..4f4a372d8 100644 --- a/client/cmdscript.c +++ b/client/cmdscript.c @@ -59,11 +59,13 @@ static int CmdScriptRun(const char *Cmd) { if ((!str_endswith(preferredName, ".cmd")) && (searchFile(&script_path, LUA_SCRIPTS_SUBDIR, preferredName, ".lua", true) == PM3_SUCCESS)) { int error; if (luascriptfile_idx == MAX_NESTED_LUASCRIPT) { - PrintAndLogEx(ERR, "Too many nested scripts, skipping %s\n", script_path); + PrintAndLogEx(ERR, "too many nested scripts, skipping %s\n", script_path); free(script_path); return PM3_EMALLOC; } - PrintAndLogEx(SUCCESS, "Executing Lua script: %s, args '%s'\n", script_path, arguments); + PrintAndLogEx(SUCCESS, "executing lua " _YELLOW_("%s"), script_path); + PrintAndLogEx(SUCCESS, "args " _YELLOW_("'%s'"), arguments); + luascriptfile_idx++; // create new Lua state @@ -94,7 +96,7 @@ static int CmdScriptRun(const char *Cmd) { if (error) { // if non-0, then an error // the top of the stack should be the error string if (!lua_isstring(lua_state, lua_gettop(lua_state))) - PrintAndLogEx(FAILED, "Error - but no error (?!)"); + PrintAndLogEx(FAILED, "error - but no error (?!)"); // get the top of the stack as the error and pop it off const char *str = lua_tostring(lua_state, lua_gettop(lua_state)); @@ -106,17 +108,22 @@ static int CmdScriptRun(const char *Cmd) { // close the Lua state lua_close(lua_state); luascriptfile_idx--; - PrintAndLogEx(SUCCESS, "\nFinished %s\n", preferredName); + PrintAndLogEx(SUCCESS, "\nfinished " _YELLOW_("%s"), preferredName); return PM3_SUCCESS; } + if ((!str_endswith(preferredName, ".lua")) && (searchFile(&script_path, CMD_SCRIPTS_SUBDIR, preferredName, ".cmd", true) == PM3_SUCCESS)) { - PrintAndLogEx(SUCCESS, "Executing Cmd script: %s, args '%s'\n", script_path, arguments); + + PrintAndLogEx(SUCCESS, "executing Cmd " _YELLOW_("%s"), script_path); + PrintAndLogEx(SUCCESS, "args " _YELLOW_("'%s'"), arguments); + int ret = push_cmdscriptfile(script_path, true); if (ret != PM3_SUCCESS) PrintAndLogEx(ERR, "could not open " _YELLOW_("%s") "...", script_path); free(script_path); return ret; } + // file not found, let's search again to display the error messages int ret = PM3_EUNDEF; if (!str_endswith(preferredName, ".cmd")) ret = searchFile(&script_path, LUA_SCRIPTS_SUBDIR, preferredName, ".lua", false); @@ -141,7 +148,7 @@ static command_t CommandTable[] = { static int CmdHelp(const char *Cmd) { (void)Cmd; // Cmd is not used so far PrintAndLogEx(NORMAL, "This is a feature to run Lua-scripts. You can place Lua-scripts within the luascripts/-folder. "); - return 0; + return PM3_SUCCESS; } /** diff --git a/client/cmdsmartcard.c b/client/cmdsmartcard.c index 6422fe605..ba48fae96 100644 --- a/client/cmdsmartcard.c +++ b/client/cmdsmartcard.c @@ -216,23 +216,23 @@ static int PrintATR(uint8_t *atr, size_t atrlen) { bool protocol_T15_present = false; if (T0 & 0x10) { - PrintAndLogEx(NORMAL, "\t- TA1 (Maximum clock frequency, proposed bit duration) [ 0x%02x ]", atr[2 + T1len]); + PrintAndLogEx(INFO, "\t- TA1 (Maximum clock frequency, proposed bit duration) [ 0x%02x ]", atr[2 + T1len]); T1len++; } if (T0 & 0x20) { - PrintAndLogEx(NORMAL, "\t- TB1 (Deprecated: VPP requirements) [ 0x%02x ]", atr[2 + T1len]); + PrintAndLogEx(INFO, "\t- TB1 (Deprecated: VPP requirements) [ 0x%02x ]", atr[2 + T1len]); T1len++; } if (T0 & 0x40) { - PrintAndLogEx(NORMAL, "\t- TC1 (Extra delay between bytes required by card) [ 0x%02x ]", atr[2 + T1len]); + PrintAndLogEx(INFO, "\t- TC1 (Extra delay between bytes required by card) [ 0x%02x ]", atr[2 + T1len]); T1len++; } if (T0 & 0x80) { uint8_t TD1 = atr[2 + T1len]; - PrintAndLogEx(NORMAL, "\t- TD1 (First offered transmission protocol, presence of TA2..TD2) [ 0x%02x ] Protocol T%d", TD1, TD1 & 0x0f); + PrintAndLogEx(INFO, "\t- TD1 (First offered transmission protocol, presence of TA2..TD2) [ 0x%02x ] Protocol T%d", TD1, TD1 & 0x0f); protocol_T0_present = false; if ((TD1 & 0x0f) == 0) { protocol_T0_present = true; @@ -244,20 +244,20 @@ static int PrintATR(uint8_t *atr, size_t atrlen) { T1len++; if (TD1 & 0x10) { - PrintAndLogEx(NORMAL, "\t- TA2 (Specific protocol and parameters to be used after the ATR) [ 0x%02x ]", atr[2 + T1len + TD1len]); + PrintAndLogEx(INFO, "\t- TA2 (Specific protocol and parameters to be used after the ATR) [ 0x%02x ]", atr[2 + T1len + TD1len]); TD1len++; } if (TD1 & 0x20) { - PrintAndLogEx(NORMAL, "\t- TB2 (Deprecated: VPP precise voltage requirement) [ 0x%02x ]", atr[2 + T1len + TD1len]); + PrintAndLogEx(INFO, "\t- TB2 (Deprecated: VPP precise voltage requirement) [ 0x%02x ]", atr[2 + T1len + TD1len]); TD1len++; } if (TD1 & 0x40) { - PrintAndLogEx(NORMAL, "\t- TC2 (Maximum waiting time for protocol T=0) [ 0x%02x ]", atr[2 + T1len + TD1len]); + PrintAndLogEx(INFO, "\t- TC2 (Maximum waiting time for protocol T=0) [ 0x%02x ]", atr[2 + T1len + TD1len]); TD1len++; } if (TD1 & 0x80) { uint8_t TDi = atr[2 + T1len + TD1len]; - PrintAndLogEx(NORMAL, "\t- TD2 (A supported protocol or more global parameters, presence of TA3..TD3) [ 0x%02x ] Protocol T%d", TDi, TDi & 0x0f); + PrintAndLogEx(INFO, "\t- TD2 (A supported protocol or more global parameters, presence of TA3..TD3) [ 0x%02x ] Protocol T%d", TDi, TDi & 0x0f); if ((TDi & 0x0f) == 0) { protocol_T0_present = true; } @@ -271,20 +271,20 @@ static int PrintATR(uint8_t *atr, size_t atrlen) { while (nextCycle) { nextCycle = false; if (TDi & 0x10) { - PrintAndLogEx(NORMAL, "\t- TA%d: 0x%02x", vi, atr[2 + T1len + TD1len + TDilen]); + PrintAndLogEx(INFO, "\t- TA%d: 0x%02x", vi, atr[2 + T1len + TD1len + TDilen]); TDilen++; } if (TDi & 0x20) { - PrintAndLogEx(NORMAL, "\t- TB%d: 0x%02x", vi, atr[2 + T1len + TD1len + TDilen]); + PrintAndLogEx(INFO, "\t- TB%d: 0x%02x", vi, atr[2 + T1len + TD1len + TDilen]); TDilen++; } if (TDi & 0x40) { - PrintAndLogEx(NORMAL, "\t- TC%d: 0x%02x", vi, atr[2 + T1len + TD1len + TDilen]); + PrintAndLogEx(INFO, "\t- TC%d: 0x%02x", vi, atr[2 + T1len + TD1len + TDilen]); TDilen++; } if (TDi & 0x80) { TDi = atr[2 + T1len + TD1len + TDilen]; - PrintAndLogEx(NORMAL, "\t- TD%d [ 0x%02x ] Protocol T%d", vi, TDi, TDi & 0x0f); + PrintAndLogEx(INFO, "\t- TD%d [ 0x%02x ] Protocol T%d", vi, TDi, TDi & 0x0f); TDilen++; nextCycle = true; @@ -314,7 +314,7 @@ static int PrintATR(uint8_t *atr, size_t atrlen) { PrintAndLogEx(WARNING, "Invalid ATR length. len: %zu, T1len: %d, TD1len: %d, TDilen: %d, K: %d", atrlen, T1len, TD1len, TDilen, K); if (K > 0) - PrintAndLogEx(INFO, "\nHistorical bytes | len 0x%02d | format %02x", K, atr[2 + T1len + TD1len + TDilen]); + PrintAndLogEx(INFO, "Historical bytes | len 0x%02d | format %02x", K, atr[2 + T1len + TD1len + TDilen]); if (K > 1) { PrintAndLogEx(INFO, "\tHistorical bytes"); @@ -361,7 +361,9 @@ static int smart_responseEx(uint8_t *data, bool silent) { if (needGetData) { int len = data[datalen - 1]; + if (!silent) PrintAndLogEx(INFO, "Requesting 0x%02X bytes response", len); + uint8_t getstatus[] = {0x00, ISO7816_GET_RESPONSE, 0x00, 0x00, len}; clearCommandBuffer(); SendCommandOLD(CMD_SMART_RAW, SC_RAW, sizeof(getstatus), 0, getstatus, sizeof(getstatus)); @@ -740,10 +742,9 @@ static int CmdSmartInfo(const char *Cmd) { PrintAndLogEx(INFO, "--- Smartcard Information ---------"); PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "ISO7618-3 ATR : %s", sprint_hex(card.atr, card.atr_len)); - PrintAndLogEx(INFO, "\nhttp://smartcard-atr.apdu.fr/parse?ATR=%s", sprint_hex_inrow(card.atr, card.atr_len)); + PrintAndLogEx(INFO, "http://smartcard-atr.apdu.fr/parse?ATR=%s", sprint_hex_inrow(card.atr, card.atr_len)); // print ATR - PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "ATR"); PrintATR(card.atr, card.atr_len); @@ -756,14 +757,14 @@ static int CmdSmartInfo(const char *Cmd) { if (GetATRTA1(card.atr, card.atr_len) == 0x11) PrintAndLogEx(INFO, "Using default values..."); - PrintAndLogEx(NORMAL, "\t- Di %d", Di); - PrintAndLogEx(NORMAL, "\t- Fi %d", Fi); - PrintAndLogEx(NORMAL, "\t- F %.1f MHz", F); + PrintAndLogEx(INFO, "\t- Di %d", Di); + PrintAndLogEx(INFO, "\t- Fi %d", Fi); + PrintAndLogEx(INFO, "\t- F %.1f MHz", F); if (Di && Fi) { - PrintAndLogEx(NORMAL, "\t- Cycles/ETU %d", Fi / Di); - PrintAndLogEx(NORMAL, "\t- %.1f bits/sec at 4 MHz", (float)4000000 / (Fi / Di)); - PrintAndLogEx(NORMAL, "\t- %.1f bits/sec at Fmax (%.1fMHz)", (F * 1000000) / (Fi / Di), F); + PrintAndLogEx(INFO, "\t- Cycles/ETU %d", Fi / Di); + PrintAndLogEx(INFO, "\t- %.1f bits/sec at 4 MHz", (float)4000000 / (Fi / Di)); + PrintAndLogEx(INFO, "\t- %.1f bits/sec at Fmax (%.1fMHz)", (F * 1000000) / (Fi / Di), F); } else { PrintAndLogEx(WARNING, "\t- Di or Fi is RFU."); }; @@ -1156,11 +1157,12 @@ int CmdSmartcard(const char *Cmd) { return CmdsParse(CommandTable, Cmd); } -int ExchangeAPDUSC(uint8_t *datain, int datainlen, bool activateCard, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { +int ExchangeAPDUSC(bool silent, uint8_t *datain, int datainlen, bool activateCard, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen) { + *dataoutlen = 0; if (activateCard) - smart_select(false, NULL); + smart_select(true, NULL); PrintAndLogEx(DEBUG, "APDU SC"); @@ -1168,10 +1170,11 @@ int ExchangeAPDUSC(uint8_t *datain, int datainlen, bool activateCard, bool leave if (activateCard) { flags |= SC_SELECT | SC_CONNECT; } + clearCommandBuffer(); SendCommandOLD(CMD_SMART_RAW, flags, datainlen, 0, datain, datainlen); - int len = smart_responseEx(dataout, true); + int len = smart_responseEx(dataout, silent); if (len < 0) { return 1; @@ -1189,7 +1192,7 @@ int ExchangeAPDUSC(uint8_t *datain, int datainlen, bool activateCard, bool leave // something fishy: we have only 5 bytes but we put datainlen in arg1? SendCommandOLD(CMD_SMART_RAW, SC_RAW_T0, datainlen, 0, data, sizeof(data)); - len = smart_responseEx(dataout, true); + len = smart_responseEx(dataout, silent); } *dataoutlen = len; @@ -1204,6 +1207,7 @@ bool smart_select(bool silent, smart_card_atr_t *atr) { SendCommandNG(CMD_SMART_ATR, NULL, 0); PacketResponseNG resp; if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { + if (!silent) PrintAndLogEx(WARNING, "smart card select failed"); return false; } diff --git a/client/cmdsmartcard.h b/client/cmdsmartcard.h index 74c305a0d..798ea4678 100644 --- a/client/cmdsmartcard.h +++ b/client/cmdsmartcard.h @@ -17,6 +17,6 @@ int CmdSmartcard(const char *Cmd); bool smart_select(bool silent, smart_card_atr_t *atr); -int ExchangeAPDUSC(uint8_t *datain, int datainlen, bool activateCard, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen); +int ExchangeAPDUSC(bool silent, uint8_t *datain, int datainlen, bool activateCard, bool leaveSignalON, uint8_t *dataout, int maxdataoutlen, int *dataoutlen); #endif diff --git a/client/comms.c b/client/comms.c index 7a9086873..a551e59e3 100644 --- a/client/comms.c +++ b/client/comms.c @@ -671,7 +671,13 @@ void CloseProxmark(void) { // Clean up our state sp = NULL; +#ifdef __BIONIC__ + if (communication_thread != 0) { + memset(&communication_thread, 0, sizeof(pthread_t)); + } +#else memset(&communication_thread, 0, sizeof(pthread_t)); +#endif session.pm3_present = false; } diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index 0d838d435..b3dfbd128 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -1076,10 +1076,35 @@ f0f0172066b2 f3864fcca693 f3f0172066b2 fc9839273862 - +# # various hotel keys 34D3C568B348 91FF18E63887 4D8B8B95FDEE 354A787087F1 4a306e62e9b6 +B9C874AE63D0 +# +# Data from offical repo +f00dfeedd0d0 +0bb31dc123e5 +7578bf2c66a9 +cd212889c3ed +6936c035ae1b +c6c866aa421e +590bd659cdd2 +aa734d2f40e0 +09800ff94aaf +5a12f83326e7 +c554ef6a6015 +0d8ca561bdf3 +b8937130b6ba +d7744a1a0c44 +82908b57ef4f +fe04ecfe5577 +# comfort inn hotel +4d57414c5648 +4d48414c5648 +# +# unknown hotel key +6d9b485a4845 diff --git a/client/emojis.h b/client/emojis.h new file mode 100644 index 000000000..2e5a75c62 --- /dev/null +++ b/client/emojis.h @@ -0,0 +1,1861 @@ +#ifndef EMOJIS_H__ +#define EMOJIS_H__ + +typedef struct emoji_s { + const char *alias; + const char *emoji; +} emoji_t; +// emoji_t array are expected to be NULL terminated + +static emoji_t EmojiTable[] = { + {":grinning:", "\xf0\x9f\x98\x80"}, // 😀 + {":smiley:", "\xf0\x9f\x98\x83"}, // 😃 + {":smile:", "\xf0\x9f\x98\x84"}, // 😄 + {":grin:", "\xf0\x9f\x98\x81"}, // 😁 + {":laughing:", "\xf0\x9f\x98\x86"}, // 😆 + {":satisfied:", "\xf0\x9f\x98\x86"}, // 😆 + {":sweat_smile:", "\xf0\x9f\x98\x85"}, // 😅 + {":rofl:", "\xf0\x9f\xa4\xa3"}, // 🤣 + {":joy:", "\xf0\x9f\x98\x82"}, // 😂 + {":slightly_smiling_face:", "\xf0\x9f\x99\x82"}, // 🙂 + {":upside_down_face:", "\xf0\x9f\x99\x83"}, // 🙃 + {":wink:", "\xf0\x9f\x98\x89"}, // 😉 + {":blush:", "\xf0\x9f\x98\x8a"}, // 😊 + {":innocent:", "\xf0\x9f\x98\x87"}, // 😇 + {":smiling_face_with_three_hearts:", "\xf0\x9f\xa5\xb0"}, // 🥰 + {":heart_eyes:", "\xf0\x9f\x98\x8d"}, // 😍 + {":star_struck:", "\xf0\x9f\xa4\xa9"}, // 🤩 + {":kissing_heart:", "\xf0\x9f\x98\x98"}, // 😘 + {":kissing:", "\xf0\x9f\x98\x97"}, // 😗 + {":relaxed:", "\xe2\x98\xba\xef\xb8\x8f"}, // ☺️ + {":kissing_closed_eyes:", "\xf0\x9f\x98\x9a"}, // 😚 + {":kissing_smiling_eyes:", "\xf0\x9f\x98\x99"}, // 😙 + {":smiling_face_with_tear:", "\xf0\x9f\xa5\xb2"}, // 🥲 + {":yum:", "\xf0\x9f\x98\x8b"}, // 😋 + {":stuck_out_tongue:", "\xf0\x9f\x98\x9b"}, // 😛 + {":stuck_out_tongue_winking_eye:", "\xf0\x9f\x98\x9c"}, // 😜 + {":zany_face:", "\xf0\x9f\xa4\xaa"}, // 🤪 + {":stuck_out_tongue_closed_eyes:", "\xf0\x9f\x98\x9d"}, // 😝 + {":money_mouth_face:", "\xf0\x9f\xa4\x91"}, // 🤑 + {":hugs:", "\xf0\x9f\xa4\x97"}, // 🤗 + {":hand_over_mouth:", "\xf0\x9f\xa4\xad"}, // 🤭 + {":shushing_face:", "\xf0\x9f\xa4\xab"}, // 🤫 + {":thinking:", "\xf0\x9f\xa4\x94"}, // 🤔 + {":zipper_mouth_face:", "\xf0\x9f\xa4\x90"}, // 🤐 + {":raised_eyebrow:", "\xf0\x9f\xa4\xa8"}, // 🤨 + {":neutral_face:", "\xf0\x9f\x98\x90"}, // 😐 + {":expressionless:", "\xf0\x9f\x98\x91"}, // 😑 + {":no_mouth:", "\xf0\x9f\x98\xb6"}, // 😶 + {":smirk:", "\xf0\x9f\x98\x8f"}, // 😏 + {":unamused:", "\xf0\x9f\x98\x92"}, // 😒 + {":roll_eyes:", "\xf0\x9f\x99\x84"}, // 🙄 + {":grimacing:", "\xf0\x9f\x98\xac"}, // 😬 + {":lying_face:", "\xf0\x9f\xa4\xa5"}, // 🤥 + {":relieved:", "\xf0\x9f\x98\x8c"}, // 😌 + {":pensive:", "\xf0\x9f\x98\x94"}, // 😔 + {":sleepy:", "\xf0\x9f\x98\xaa"}, // 😪 + {":drooling_face:", "\xf0\x9f\xa4\xa4"}, // 🤤 + {":sleeping:", "\xf0\x9f\x98\xb4"}, // 😴 + {":mask:", "\xf0\x9f\x98\xb7"}, // 😷 + {":face_with_thermometer:", "\xf0\x9f\xa4\x92"}, // 🤒 + {":face_with_head_bandage:", "\xf0\x9f\xa4\x95"}, // 🤕 + {":nauseated_face:", "\xf0\x9f\xa4\xa2"}, // 🤢 + {":vomiting_face:", "\xf0\x9f\xa4\xae"}, // 🤮 + {":sneezing_face:", "\xf0\x9f\xa4\xa7"}, // 🤧 + {":hot_face:", "\xf0\x9f\xa5\xb5"}, // 🥵 + {":cold_face:", "\xf0\x9f\xa5\xb6"}, // 🥶 + {":woozy_face:", "\xf0\x9f\xa5\xb4"}, // 🥴 + {":dizzy_face:", "\xf0\x9f\x98\xb5"}, // 😵 + {":exploding_head:", "\xf0\x9f\xa4\xaf"}, // 🤯 + {":cowboy_hat_face:", "\xf0\x9f\xa4\xa0"}, // 🤠 + {":partying_face:", "\xf0\x9f\xa5\xb3"}, // 🥳 + {":disguised_face:", "\xf0\x9f\xa5\xb8"}, // 🥸 + {":sunglasses:", "\xf0\x9f\x98\x8e"}, // 😎 + {":nerd_face:", "\xf0\x9f\xa4\x93"}, // 🤓 + {":monocle_face:", "\xf0\x9f\xa7\x90"}, // 🧐 + {":confused:", "\xf0\x9f\x98\x95"}, // 😕 + {":worried:", "\xf0\x9f\x98\x9f"}, // 😟 + {":slightly_frowning_face:", "\xf0\x9f\x99\x81"}, // 🙁 + {":frowning_face:", "\xe2\x98\xb9\xef\xb8\x8f"}, // ☹️ + {":open_mouth:", "\xf0\x9f\x98\xae"}, // 😮 + {":hushed:", "\xf0\x9f\x98\xaf"}, // 😯 + {":astonished:", "\xf0\x9f\x98\xb2"}, // 😲 + {":flushed:", "\xf0\x9f\x98\xb3"}, // 😳 + {":pleading_face:", "\xf0\x9f\xa5\xba"}, // 🥺 + {":frowning:", "\xf0\x9f\x98\xa6"}, // 😦 + {":anguished:", "\xf0\x9f\x98\xa7"}, // 😧 + {":fearful:", "\xf0\x9f\x98\xa8"}, // 😨 + {":cold_sweat:", "\xf0\x9f\x98\xb0"}, // 😰 + {":disappointed_relieved:", "\xf0\x9f\x98\xa5"}, // 😥 + {":cry:", "\xf0\x9f\x98\xa2"}, // 😢 + {":sob:", "\xf0\x9f\x98\xad"}, // 😭 + {":scream:", "\xf0\x9f\x98\xb1"}, // 😱 + {":confounded:", "\xf0\x9f\x98\x96"}, // 😖 + {":persevere:", "\xf0\x9f\x98\xa3"}, // 😣 + {":disappointed:", "\xf0\x9f\x98\x9e"}, // 😞 + {":sweat:", "\xf0\x9f\x98\x93"}, // 😓 + {":weary:", "\xf0\x9f\x98\xa9"}, // 😩 + {":tired_face:", "\xf0\x9f\x98\xab"}, // 😫 + {":yawning_face:", "\xf0\x9f\xa5\xb1"}, // 🥱 + {":triumph:", "\xf0\x9f\x98\xa4"}, // 😤 + {":rage:", "\xf0\x9f\x98\xa1"}, // 😡 + {":pout:", "\xf0\x9f\x98\xa1"}, // 😡 + {":angry:", "\xf0\x9f\x98\xa0"}, // 😠 + {":cursing_face:", "\xf0\x9f\xa4\xac"}, // 🤬 + {":smiling_imp:", "\xf0\x9f\x98\x88"}, // 😈 + {":imp:", "\xf0\x9f\x91\xbf"}, // 👿 + {":skull:", "\xf0\x9f\x92\x80"}, // 💀 + {":skull_and_crossbones:", "\xe2\x98\xa0\xef\xb8\x8f"}, // ☠️ + {":hankey:", "\xf0\x9f\x92\xa9"}, // 💩 + {":poop:", "\xf0\x9f\x92\xa9"}, // 💩 + {":shit:", "\xf0\x9f\x92\xa9"}, // 💩 + {":clown_face:", "\xf0\x9f\xa4\xa1"}, // 🤡 + {":japanese_ogre:", "\xf0\x9f\x91\xb9"}, // 👹 + {":japanese_goblin:", "\xf0\x9f\x91\xba"}, // 👺 + {":ghost:", "\xf0\x9f\x91\xbb"}, // 👻 + {":alien:", "\xf0\x9f\x91\xbd"}, // 👽 + {":space_invader:", "\xf0\x9f\x91\xbe"}, // 👾 + {":robot:", "\xf0\x9f\xa4\x96"}, // 🤖 + {":smiley_cat:", "\xf0\x9f\x98\xba"}, // 😺 + {":smile_cat:", "\xf0\x9f\x98\xb8"}, // 😸 + {":joy_cat:", "\xf0\x9f\x98\xb9"}, // 😹 + {":heart_eyes_cat:", "\xf0\x9f\x98\xbb"}, // 😻 + {":smirk_cat:", "\xf0\x9f\x98\xbc"}, // 😼 + {":kissing_cat:", "\xf0\x9f\x98\xbd"}, // 😽 + {":scream_cat:", "\xf0\x9f\x99\x80"}, // 🙀 + {":crying_cat_face:", "\xf0\x9f\x98\xbf"}, // 😿 + {":pouting_cat:", "\xf0\x9f\x98\xbe"}, // 😾 + {":see_no_evil:", "\xf0\x9f\x99\x88"}, // 🙈 + {":hear_no_evil:", "\xf0\x9f\x99\x89"}, // 🙉 + {":speak_no_evil:", "\xf0\x9f\x99\x8a"}, // 🙊 + {":kiss:", "\xf0\x9f\x92\x8b"}, // 💋 + {":love_letter:", "\xf0\x9f\x92\x8c"}, // 💌 + {":cupid:", "\xf0\x9f\x92\x98"}, // 💘 + {":gift_heart:", "\xf0\x9f\x92\x9d"}, // 💝 + {":sparkling_heart:", "\xf0\x9f\x92\x96"}, // 💖 + {":heartpulse:", "\xf0\x9f\x92\x97"}, // 💗 + {":heartbeat:", "\xf0\x9f\x92\x93"}, // 💓 + {":revolving_hearts:", "\xf0\x9f\x92\x9e"}, // 💞 + {":two_hearts:", "\xf0\x9f\x92\x95"}, // 💕 + {":heart_decoration:", "\xf0\x9f\x92\x9f"}, // 💟 + {":heavy_heart_exclamation:", "\xe2\x9d\xa3\xef\xb8\x8f"}, // ❣️ + {":broken_heart:", "\xf0\x9f\x92\x94"}, // 💔 + {":heart:", "\xe2\x9d\xa4\xef\xb8\x8f"}, // ❤️ + {":orange_heart:", "\xf0\x9f\xa7\xa1"}, // 🧡 + {":yellow_heart:", "\xf0\x9f\x92\x9b"}, // 💛 + {":green_heart:", "\xf0\x9f\x92\x9a"}, // 💚 + {":blue_heart:", "\xf0\x9f\x92\x99"}, // 💙 + {":purple_heart:", "\xf0\x9f\x92\x9c"}, // 💜 + {":brown_heart:", "\xf0\x9f\xa4\x8e"}, // 🤎 + {":black_heart:", "\xf0\x9f\x96\xa4"}, // 🖤 + {":white_heart:", "\xf0\x9f\xa4\x8d"}, // 🤍 + {":100:", "\xf0\x9f\x92\xaf"}, // 💯 + {":anger:", "\xf0\x9f\x92\xa2"}, // 💢 + {":boom:", "\xf0\x9f\x92\xa5"}, // 💥 + {":collision:", "\xf0\x9f\x92\xa5"}, // 💥 + {":dizzy:", "\xf0\x9f\x92\xab"}, // 💫 + {":sweat_drops:", "\xf0\x9f\x92\xa6"}, // 💦 + {":dash:", "\xf0\x9f\x92\xa8"}, // 💨 + {":hole:", "\xf0\x9f\x95\xb3\xef\xb8\x8f"}, // 🕳️ + {":bomb:", "\xf0\x9f\x92\xa3"}, // 💣 + {":speech_balloon:", "\xf0\x9f\x92\xac"}, // 💬 + {":eye_speech_bubble:", "\xf0\x9f\x91\x81\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x97\xa8\xef\xb8\x8f"}, // 👁️‍🗨️ + {":left_speech_bubble:", "\xf0\x9f\x97\xa8\xef\xb8\x8f"}, // 🗨️ + {":right_anger_bubble:", "\xf0\x9f\x97\xaf\xef\xb8\x8f"}, // 🗯️ + {":thought_balloon:", "\xf0\x9f\x92\xad"}, // 💭 + {":zzz:", "\xf0\x9f\x92\xa4"}, // 💤 + {":wave:", "\xf0\x9f\x91\x8b"}, // 👋 + {":raised_back_of_hand:", "\xf0\x9f\xa4\x9a"}, // 🤚 + {":raised_hand_with_fingers_splayed:", "\xf0\x9f\x96\x90\xef\xb8\x8f"}, // 🖐️ + {":hand:", "\xe2\x9c\x8b"}, // ✋ + {":raised_hand:", "\xe2\x9c\x8b"}, // ✋ + {":vulcan_salute:", "\xf0\x9f\x96\x96"}, // 🖖 + {":ok_hand:", "\xf0\x9f\x91\x8c"}, // 👌 + {":pinched_fingers:", "\xf0\x9f\xa4\x8c"}, // 🤌 + {":pinching_hand:", "\xf0\x9f\xa4\x8f"}, // 🤏 + {":v:", "\xe2\x9c\x8c\xef\xb8\x8f"}, // ✌️ + {":crossed_fingers:", "\xf0\x9f\xa4\x9e"}, // 🤞 + {":love_you_gesture:", "\xf0\x9f\xa4\x9f"}, // 🤟 + {":metal:", "\xf0\x9f\xa4\x98"}, // 🤘 + {":call_me_hand:", "\xf0\x9f\xa4\x99"}, // 🤙 + {":point_left:", "\xf0\x9f\x91\x88"}, // 👈 + {":point_right:", "\xf0\x9f\x91\x89"}, // 👉 + {":point_up_2:", "\xf0\x9f\x91\x86"}, // 👆 + {":middle_finger:", "\xf0\x9f\x96\x95"}, // 🖕 + {":fu:", "\xf0\x9f\x96\x95"}, // 🖕 + {":point_down:", "\xf0\x9f\x91\x87"}, // 👇 + {":point_up:", "\xe2\x98\x9d\xef\xb8\x8f"}, // ☝️ + {":+1:", "\xf0\x9f\x91\x8d"}, // 👍 + {":thumbsup:", "\xf0\x9f\x91\x8d"}, // 👍 + {":-1:", "\xf0\x9f\x91\x8e"}, // 👎 + {":thumbsdown:", "\xf0\x9f\x91\x8e"}, // 👎 + {":fist_raised:", "\xe2\x9c\x8a"}, // ✊ + {":fist:", "\xe2\x9c\x8a"}, // ✊ + {":fist_oncoming:", "\xf0\x9f\x91\x8a"}, // 👊 + {":facepunch:", "\xf0\x9f\x91\x8a"}, // 👊 + {":punch:", "\xf0\x9f\x91\x8a"}, // 👊 + {":fist_left:", "\xf0\x9f\xa4\x9b"}, // 🤛 + {":fist_right:", "\xf0\x9f\xa4\x9c"}, // 🤜 + {":clap:", "\xf0\x9f\x91\x8f"}, // 👏 + {":raised_hands:", "\xf0\x9f\x99\x8c"}, // 🙌 + {":open_hands:", "\xf0\x9f\x91\x90"}, // 👐 + {":palms_up_together:", "\xf0\x9f\xa4\xb2"}, // 🤲 + {":handshake:", "\xf0\x9f\xa4\x9d"}, // 🤝 + {":pray:", "\xf0\x9f\x99\x8f"}, // 🙏 + {":writing_hand:", "\xe2\x9c\x8d\xef\xb8\x8f"}, // ✍️ + {":nail_care:", "\xf0\x9f\x92\x85"}, // 💅 + {":selfie:", "\xf0\x9f\xa4\xb3"}, // 🤳 + {":muscle:", "\xf0\x9f\x92\xaa"}, // 💪 + {":mechanical_arm:", "\xf0\x9f\xa6\xbe"}, // 🦾 + {":mechanical_leg:", "\xf0\x9f\xa6\xbf"}, // 🦿 + {":leg:", "\xf0\x9f\xa6\xb5"}, // 🦵 + {":foot:", "\xf0\x9f\xa6\xb6"}, // 🦶 + {":ear:", "\xf0\x9f\x91\x82"}, // 👂 + {":ear_with_hearing_aid:", "\xf0\x9f\xa6\xbb"}, // 🦻 + {":nose:", "\xf0\x9f\x91\x83"}, // 👃 + {":brain:", "\xf0\x9f\xa7\xa0"}, // 🧠 + {":anatomical_heart:", "\xf0\x9f\xab\x80"}, // 🫀 + {":lungs:", "\xf0\x9f\xab\x81"}, // 🫁 + {":tooth:", "\xf0\x9f\xa6\xb7"}, // 🦷 + {":bone:", "\xf0\x9f\xa6\xb4"}, // 🦴 + {":eyes:", "\xf0\x9f\x91\x80"}, // 👀 + {":eye:", "\xf0\x9f\x91\x81\xef\xb8\x8f"}, // 👁️ + {":tongue:", "\xf0\x9f\x91\x85"}, // 👅 + {":lips:", "\xf0\x9f\x91\x84"}, // 👄 + {":baby:", "\xf0\x9f\x91\xb6"}, // 👶 + {":child:", "\xf0\x9f\xa7\x92"}, // 🧒 + {":boy:", "\xf0\x9f\x91\xa6"}, // 👦 + {":girl:", "\xf0\x9f\x91\xa7"}, // 👧 + {":adult:", "\xf0\x9f\xa7\x91"}, // 🧑 + {":blond_haired_person:", "\xf0\x9f\x91\xb1"}, // 👱 + {":man:", "\xf0\x9f\x91\xa8"}, // 👨 + {":bearded_person:", "\xf0\x9f\xa7\x94"}, // 🧔 + {":red_haired_man:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\xa6\xb0"}, // 👨‍🦰 + {":curly_haired_man:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\xa6\xb1"}, // 👨‍🦱 + {":white_haired_man:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\xa6\xb3"}, // 👨‍🦳 + {":bald_man:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\xa6\xb2"}, // 👨‍🦲 + {":woman:", "\xf0\x9f\x91\xa9"}, // 👩 + {":red_haired_woman:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\xa6\xb0"}, // 👩‍🦰 + {":person_red_hair:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa6\xb0"}, // 🧑‍🦰 + {":curly_haired_woman:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\xa6\xb1"}, // 👩‍🦱 + {":person_curly_hair:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa6\xb1"}, // 🧑‍🦱 + {":white_haired_woman:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\xa6\xb3"}, // 👩‍🦳 + {":person_white_hair:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa6\xb3"}, // 🧑‍🦳 + {":bald_woman:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\xa6\xb2"}, // 👩‍🦲 + {":person_bald:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa6\xb2"}, // 🧑‍🦲 + {":blond_haired_woman:", "\xf0\x9f\x91\xb1\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👱‍♀️ + {":blonde_woman:", "\xf0\x9f\x91\xb1\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👱‍♀️ + {":blond_haired_man:", "\xf0\x9f\x91\xb1\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 👱‍♂️ + {":older_adult:", "\xf0\x9f\xa7\x93"}, // 🧓 + {":older_man:", "\xf0\x9f\x91\xb4"}, // 👴 + {":older_woman:", "\xf0\x9f\x91\xb5"}, // 👵 + {":frowning_person:", "\xf0\x9f\x99\x8d"}, // 🙍 + {":frowning_man:", "\xf0\x9f\x99\x8d\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🙍‍♂️ + {":frowning_woman:", "\xf0\x9f\x99\x8d\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🙍‍♀️ + {":pouting_face:", "\xf0\x9f\x99\x8e"}, // 🙎 + {":pouting_man:", "\xf0\x9f\x99\x8e\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🙎‍♂️ + {":pouting_woman:", "\xf0\x9f\x99\x8e\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🙎‍♀️ + {":no_good:", "\xf0\x9f\x99\x85"}, // 🙅 + {":no_good_man:", "\xf0\x9f\x99\x85\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🙅‍♂️ + {":ng_man:", "\xf0\x9f\x99\x85\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🙅‍♂️ + {":no_good_woman:", "\xf0\x9f\x99\x85\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🙅‍♀️ + {":ng_woman:", "\xf0\x9f\x99\x85\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🙅‍♀️ + {":ok_person:", "\xf0\x9f\x99\x86"}, // 🙆 + {":ok_man:", "\xf0\x9f\x99\x86\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🙆‍♂️ + {":ok_woman:", "\xf0\x9f\x99\x86\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🙆‍♀️ + {":tipping_hand_person:", "\xf0\x9f\x92\x81"}, // 💁 + {":information_desk_person:", "\xf0\x9f\x92\x81"}, // 💁 + {":tipping_hand_man:", "\xf0\x9f\x92\x81\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 💁‍♂️ + {":sassy_man:", "\xf0\x9f\x92\x81\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 💁‍♂️ + {":tipping_hand_woman:", "\xf0\x9f\x92\x81\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 💁‍♀️ + {":sassy_woman:", "\xf0\x9f\x92\x81\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 💁‍♀️ + {":raising_hand:", "\xf0\x9f\x99\x8b"}, // 🙋 + {":raising_hand_man:", "\xf0\x9f\x99\x8b\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🙋‍♂️ + {":raising_hand_woman:", "\xf0\x9f\x99\x8b\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🙋‍♀️ + {":deaf_person:", "\xf0\x9f\xa7\x8f"}, // 🧏 + {":deaf_man:", "\xf0\x9f\xa7\x8f\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧏‍♂️ + {":deaf_woman:", "\xf0\x9f\xa7\x8f\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧏‍♀️ + {":bow:", "\xf0\x9f\x99\x87"}, // 🙇 + {":bowing_man:", "\xf0\x9f\x99\x87\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🙇‍♂️ + {":bowing_woman:", "\xf0\x9f\x99\x87\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🙇‍♀️ + {":facepalm:", "\xf0\x9f\xa4\xa6"}, // 🤦 + {":man_facepalming:", "\xf0\x9f\xa4\xa6\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤦‍♂️ + {":woman_facepalming:", "\xf0\x9f\xa4\xa6\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤦‍♀️ + {":shrug:", "\xf0\x9f\xa4\xb7"}, // 🤷 + {":man_shrugging:", "\xf0\x9f\xa4\xb7\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤷‍♂️ + {":woman_shrugging:", "\xf0\x9f\xa4\xb7\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤷‍♀️ + {":health_worker:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xe2\x9a\x95\xef\xb8\x8f"}, // 🧑‍⚕️ + {":man_health_worker:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xe2\x9a\x95\xef\xb8\x8f"}, // 👨‍⚕️ + {":woman_health_worker:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xe2\x9a\x95\xef\xb8\x8f"}, // 👩‍⚕️ + {":student:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8e\x93"}, // 🧑‍🎓 + {":man_student:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8e\x93"}, // 👨‍🎓 + {":woman_student:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8e\x93"}, // 👩‍🎓 + {":teacher:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8f\xab"}, // 🧑‍🏫 + {":man_teacher:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8f\xab"}, // 👨‍🏫 + {":woman_teacher:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8f\xab"}, // 👩‍🏫 + {":judge:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xe2\x9a\x96\xef\xb8\x8f"}, // 🧑‍⚖️ + {":man_judge:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xe2\x9a\x96\xef\xb8\x8f"}, // 👨‍⚖️ + {":woman_judge:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xe2\x9a\x96\xef\xb8\x8f"}, // 👩‍⚖️ + {":farmer:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8c\xbe"}, // 🧑‍🌾 + {":man_farmer:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8c\xbe"}, // 👨‍🌾 + {":woman_farmer:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8c\xbe"}, // 👩‍🌾 + {":cook:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8d\xb3"}, // 🧑‍🍳 + {":man_cook:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8d\xb3"}, // 👨‍🍳 + {":woman_cook:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8d\xb3"}, // 👩‍🍳 + {":mechanic:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x94\xa7"}, // 🧑‍🔧 + {":man_mechanic:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x94\xa7"}, // 👨‍🔧 + {":woman_mechanic:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x94\xa7"}, // 👩‍🔧 + {":factory_worker:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8f\xad"}, // 🧑‍🏭 + {":man_factory_worker:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8f\xad"}, // 👨‍🏭 + {":woman_factory_worker:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8f\xad"}, // 👩‍🏭 + {":office_worker:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x92\xbc"}, // 🧑‍💼 + {":man_office_worker:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x92\xbc"}, // 👨‍💼 + {":woman_office_worker:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x92\xbc"}, // 👩‍💼 + {":scientist:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x94\xac"}, // 🧑‍🔬 + {":man_scientist:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x94\xac"}, // 👨‍🔬 + {":woman_scientist:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x94\xac"}, // 👩‍🔬 + {":technologist:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x92\xbb"}, // 🧑‍💻 + {":man_technologist:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x92\xbb"}, // 👨‍💻 + {":woman_technologist:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x92\xbb"}, // 👩‍💻 + {":singer:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8e\xa4"}, // 🧑‍🎤 + {":man_singer:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8e\xa4"}, // 👨‍🎤 + {":woman_singer:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8e\xa4"}, // 👩‍🎤 + {":artist:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8e\xa8"}, // 🧑‍🎨 + {":man_artist:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8e\xa8"}, // 👨‍🎨 + {":woman_artist:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8e\xa8"}, // 👩‍🎨 + {":pilot:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xe2\x9c\x88\xef\xb8\x8f"}, // 🧑‍✈️ + {":man_pilot:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xe2\x9c\x88\xef\xb8\x8f"}, // 👨‍✈️ + {":woman_pilot:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xe2\x9c\x88\xef\xb8\x8f"}, // 👩‍✈️ + {":astronaut:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x9a\x80"}, // 🧑‍🚀 + {":man_astronaut:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x9a\x80"}, // 👨‍🚀 + {":woman_astronaut:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x9a\x80"}, // 👩‍🚀 + {":firefighter:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x9a\x92"}, // 🧑‍🚒 + {":man_firefighter:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x9a\x92"}, // 👨‍🚒 + {":woman_firefighter:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x9a\x92"}, // 👩‍🚒 + {":police_officer:", "\xf0\x9f\x91\xae"}, // 👮 + {":cop:", "\xf0\x9f\x91\xae"}, // 👮 + {":policeman:", "\xf0\x9f\x91\xae\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 👮‍♂️ + {":policewoman:", "\xf0\x9f\x91\xae\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👮‍♀️ + {":detective:", "\xf0\x9f\x95\xb5\xef\xb8\x8f"}, // 🕵️ + {":male_detective:", "\xf0\x9f\x95\xb5\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🕵️‍♂️ + {":female_detective:", "\xf0\x9f\x95\xb5\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🕵️‍♀️ + {":guard:", "\xf0\x9f\x92\x82"}, // 💂 + {":guardsman:", "\xf0\x9f\x92\x82\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 💂‍♂️ + {":guardswoman:", "\xf0\x9f\x92\x82\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 💂‍♀️ + {":ninja:", "\xf0\x9f\xa5\xb7"}, // 🥷 + {":construction_worker:", "\xf0\x9f\x91\xb7"}, // 👷 + {":construction_worker_man:", "\xf0\x9f\x91\xb7\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 👷‍♂️ + {":construction_worker_woman:", "\xf0\x9f\x91\xb7\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👷‍♀️ + {":prince:", "\xf0\x9f\xa4\xb4"}, // 🤴 + {":princess:", "\xf0\x9f\x91\xb8"}, // 👸 + {":person_with_turban:", "\xf0\x9f\x91\xb3"}, // 👳 + {":man_with_turban:", "\xf0\x9f\x91\xb3\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 👳‍♂️ + {":woman_with_turban:", "\xf0\x9f\x91\xb3\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👳‍♀️ + {":man_with_gua_pi_mao:", "\xf0\x9f\x91\xb2"}, // 👲 + {":woman_with_headscarf:", "\xf0\x9f\xa7\x95"}, // 🧕 + {":person_in_tuxedo:", "\xf0\x9f\xa4\xb5"}, // 🤵 + {":man_in_tuxedo:", "\xf0\x9f\xa4\xb5\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤵‍♂️ + {":woman_in_tuxedo:", "\xf0\x9f\xa4\xb5\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤵‍♀️ + {":person_with_veil:", "\xf0\x9f\x91\xb0"}, // 👰 + {":man_with_veil:", "\xf0\x9f\x91\xb0\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 👰‍♂️ + {":woman_with_veil:", "\xf0\x9f\x91\xb0\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👰‍♀️ + {":bride_with_veil:", "\xf0\x9f\x91\xb0\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👰‍♀️ + {":pregnant_woman:", "\xf0\x9f\xa4\xb0"}, // 🤰 + {":breast_feeding:", "\xf0\x9f\xa4\xb1"}, // 🤱 + {":woman_feeding_baby:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x8d\xbc"}, // 👩‍🍼 + {":man_feeding_baby:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x8d\xbc"}, // 👨‍🍼 + {":person_feeding_baby:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8d\xbc"}, // 🧑‍🍼 + {":angel:", "\xf0\x9f\x91\xbc"}, // 👼 + {":santa:", "\xf0\x9f\x8e\x85"}, // 🎅 + {":mrs_claus:", "\xf0\x9f\xa4\xb6"}, // 🤶 + {":mx_claus:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\x8e\x84"}, // 🧑‍🎄 + {":superhero:", "\xf0\x9f\xa6\xb8"}, // 🦸 + {":superhero_man:", "\xf0\x9f\xa6\xb8\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🦸‍♂️ + {":superhero_woman:", "\xf0\x9f\xa6\xb8\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🦸‍♀️ + {":supervillain:", "\xf0\x9f\xa6\xb9"}, // 🦹 + {":supervillain_man:", "\xf0\x9f\xa6\xb9\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🦹‍♂️ + {":supervillain_woman:", "\xf0\x9f\xa6\xb9\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🦹‍♀️ + {":mage:", "\xf0\x9f\xa7\x99"}, // 🧙 + {":mage_man:", "\xf0\x9f\xa7\x99\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧙‍♂️ + {":mage_woman:", "\xf0\x9f\xa7\x99\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧙‍♀️ + {":fairy:", "\xf0\x9f\xa7\x9a"}, // 🧚 + {":fairy_man:", "\xf0\x9f\xa7\x9a\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧚‍♂️ + {":fairy_woman:", "\xf0\x9f\xa7\x9a\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧚‍♀️ + {":vampire:", "\xf0\x9f\xa7\x9b"}, // 🧛 + {":vampire_man:", "\xf0\x9f\xa7\x9b\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧛‍♂️ + {":vampire_woman:", "\xf0\x9f\xa7\x9b\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧛‍♀️ + {":merperson:", "\xf0\x9f\xa7\x9c"}, // 🧜 + {":merman:", "\xf0\x9f\xa7\x9c\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧜‍♂️ + {":mermaid:", "\xf0\x9f\xa7\x9c\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧜‍♀️ + {":elf:", "\xf0\x9f\xa7\x9d"}, // 🧝 + {":elf_man:", "\xf0\x9f\xa7\x9d\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧝‍♂️ + {":elf_woman:", "\xf0\x9f\xa7\x9d\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧝‍♀️ + {":genie:", "\xf0\x9f\xa7\x9e"}, // 🧞 + {":genie_man:", "\xf0\x9f\xa7\x9e\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧞‍♂️ + {":genie_woman:", "\xf0\x9f\xa7\x9e\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧞‍♀️ + {":zombie:", "\xf0\x9f\xa7\x9f"}, // 🧟 + {":zombie_man:", "\xf0\x9f\xa7\x9f\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧟‍♂️ + {":zombie_woman:", "\xf0\x9f\xa7\x9f\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧟‍♀️ + {":massage:", "\xf0\x9f\x92\x86"}, // 💆 + {":massage_man:", "\xf0\x9f\x92\x86\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 💆‍♂️ + {":massage_woman:", "\xf0\x9f\x92\x86\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 💆‍♀️ + {":haircut:", "\xf0\x9f\x92\x87"}, // 💇 + {":haircut_man:", "\xf0\x9f\x92\x87\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 💇‍♂️ + {":haircut_woman:", "\xf0\x9f\x92\x87\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 💇‍♀️ + {":walking:", "\xf0\x9f\x9a\xb6"}, // 🚶 + {":walking_man:", "\xf0\x9f\x9a\xb6\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🚶‍♂️ + {":walking_woman:", "\xf0\x9f\x9a\xb6\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🚶‍♀️ + {":standing_person:", "\xf0\x9f\xa7\x8d"}, // 🧍 + {":standing_man:", "\xf0\x9f\xa7\x8d\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧍‍♂️ + {":standing_woman:", "\xf0\x9f\xa7\x8d\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧍‍♀️ + {":kneeling_person:", "\xf0\x9f\xa7\x8e"}, // 🧎 + {":kneeling_man:", "\xf0\x9f\xa7\x8e\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧎‍♂️ + {":kneeling_woman:", "\xf0\x9f\xa7\x8e\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧎‍♀️ + {":person_with_probing_cane:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa6\xaf"}, // 🧑‍🦯 + {":man_with_probing_cane:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\xa6\xaf"}, // 👨‍🦯 + {":woman_with_probing_cane:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\xa6\xaf"}, // 👩‍🦯 + {":person_in_motorized_wheelchair:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa6\xbc"}, // 🧑‍🦼 + {":man_in_motorized_wheelchair:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\xa6\xbc"}, // 👨‍🦼 + {":woman_in_motorized_wheelchair:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\xa6\xbc"}, // 👩‍🦼 + {":person_in_manual_wheelchair:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa6\xbd"}, // 🧑‍🦽 + {":man_in_manual_wheelchair:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\xa6\xbd"}, // 👨‍🦽 + {":woman_in_manual_wheelchair:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\xa6\xbd"}, // 👩‍🦽 + {":runner:", "\xf0\x9f\x8f\x83"}, // 🏃 + {":running:", "\xf0\x9f\x8f\x83"}, // 🏃 + {":running_man:", "\xf0\x9f\x8f\x83\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🏃‍♂️ + {":running_woman:", "\xf0\x9f\x8f\x83\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🏃‍♀️ + {":woman_dancing:", "\xf0\x9f\x92\x83"}, // 💃 + {":dancer:", "\xf0\x9f\x92\x83"}, // 💃 + {":man_dancing:", "\xf0\x9f\x95\xba"}, // 🕺 + {":business_suit_levitating:", "\xf0\x9f\x95\xb4\xef\xb8\x8f"}, // 🕴️ + {":dancers:", "\xf0\x9f\x91\xaf"}, // 👯 + {":dancing_men:", "\xf0\x9f\x91\xaf\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 👯‍♂️ + {":dancing_women:", "\xf0\x9f\x91\xaf\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 👯‍♀️ + {":sauna_person:", "\xf0\x9f\xa7\x96"}, // 🧖 + {":sauna_man:", "\xf0\x9f\xa7\x96\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧖‍♂️ + {":sauna_woman:", "\xf0\x9f\xa7\x96\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧖‍♀️ + {":climbing:", "\xf0\x9f\xa7\x97"}, // 🧗 + {":climbing_man:", "\xf0\x9f\xa7\x97\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧗‍♂️ + {":climbing_woman:", "\xf0\x9f\xa7\x97\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧗‍♀️ + {":person_fencing:", "\xf0\x9f\xa4\xba"}, // 🤺 + {":horse_racing:", "\xf0\x9f\x8f\x87"}, // 🏇 + {":skier:", "\xe2\x9b\xb7\xef\xb8\x8f"}, // ⛷️ + {":snowboarder:", "\xf0\x9f\x8f\x82"}, // 🏂 + {":golfing:", "\xf0\x9f\x8f\x8c\xef\xb8\x8f"}, // 🏌️ + {":golfing_man:", "\xf0\x9f\x8f\x8c\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🏌️‍♂️ + {":golfing_woman:", "\xf0\x9f\x8f\x8c\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🏌️‍♀️ + {":surfer:", "\xf0\x9f\x8f\x84"}, // 🏄 + {":surfing_man:", "\xf0\x9f\x8f\x84\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🏄‍♂️ + {":surfing_woman:", "\xf0\x9f\x8f\x84\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🏄‍♀️ + {":rowboat:", "\xf0\x9f\x9a\xa3"}, // 🚣 + {":rowing_man:", "\xf0\x9f\x9a\xa3\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🚣‍♂️ + {":rowing_woman:", "\xf0\x9f\x9a\xa3\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🚣‍♀️ + {":swimmer:", "\xf0\x9f\x8f\x8a"}, // 🏊 + {":swimming_man:", "\xf0\x9f\x8f\x8a\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🏊‍♂️ + {":swimming_woman:", "\xf0\x9f\x8f\x8a\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🏊‍♀️ + {":bouncing_ball_person:", "\xe2\x9b\xb9\xef\xb8\x8f"}, // ⛹️ + {":bouncing_ball_man:", "\xe2\x9b\xb9\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // ⛹️‍♂️ + {":basketball_man:", "\xe2\x9b\xb9\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // ⛹️‍♂️ + {":bouncing_ball_woman:", "\xe2\x9b\xb9\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // ⛹️‍♀️ + {":basketball_woman:", "\xe2\x9b\xb9\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // ⛹️‍♀️ + {":weight_lifting:", "\xf0\x9f\x8f\x8b\xef\xb8\x8f"}, // 🏋️ + {":weight_lifting_man:", "\xf0\x9f\x8f\x8b\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🏋️‍♂️ + {":weight_lifting_woman:", "\xf0\x9f\x8f\x8b\xef\xb8\x8f\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🏋️‍♀️ + {":bicyclist:", "\xf0\x9f\x9a\xb4"}, // 🚴 + {":biking_man:", "\xf0\x9f\x9a\xb4\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🚴‍♂️ + {":biking_woman:", "\xf0\x9f\x9a\xb4\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🚴‍♀️ + {":mountain_bicyclist:", "\xf0\x9f\x9a\xb5"}, // 🚵 + {":mountain_biking_man:", "\xf0\x9f\x9a\xb5\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🚵‍♂️ + {":mountain_biking_woman:", "\xf0\x9f\x9a\xb5\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🚵‍♀️ + {":cartwheeling:", "\xf0\x9f\xa4\xb8"}, // 🤸 + {":man_cartwheeling:", "\xf0\x9f\xa4\xb8\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤸‍♂️ + {":woman_cartwheeling:", "\xf0\x9f\xa4\xb8\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤸‍♀️ + {":wrestling:", "\xf0\x9f\xa4\xbc"}, // 🤼 + {":men_wrestling:", "\xf0\x9f\xa4\xbc\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤼‍♂️ + {":women_wrestling:", "\xf0\x9f\xa4\xbc\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤼‍♀️ + {":water_polo:", "\xf0\x9f\xa4\xbd"}, // 🤽 + {":man_playing_water_polo:", "\xf0\x9f\xa4\xbd\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤽‍♂️ + {":woman_playing_water_polo:", "\xf0\x9f\xa4\xbd\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤽‍♀️ + {":handball_person:", "\xf0\x9f\xa4\xbe"}, // 🤾 + {":man_playing_handball:", "\xf0\x9f\xa4\xbe\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤾‍♂️ + {":woman_playing_handball:", "\xf0\x9f\xa4\xbe\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤾‍♀️ + {":juggling_person:", "\xf0\x9f\xa4\xb9"}, // 🤹 + {":man_juggling:", "\xf0\x9f\xa4\xb9\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🤹‍♂️ + {":woman_juggling:", "\xf0\x9f\xa4\xb9\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🤹‍♀️ + {":lotus_position:", "\xf0\x9f\xa7\x98"}, // 🧘 + {":lotus_position_man:", "\xf0\x9f\xa7\x98\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f"}, // 🧘‍♂️ + {":lotus_position_woman:", "\xf0\x9f\xa7\x98\xe2\x80\x8d\xe2\x99\x80\xef\xb8\x8f"}, // 🧘‍♀️ + {":bath:", "\xf0\x9f\x9b\x80"}, // 🛀 + {":sleeping_bed:", "\xf0\x9f\x9b\x8c"}, // 🛌 + {":people_holding_hands:", "\xf0\x9f\xa7\x91\xe2\x80\x8d\xf0\x9f\xa4\x9d\xe2\x80\x8d\xf0\x9f\xa7\x91"}, // 🧑‍🤝‍🧑 + {":two_women_holding_hands:", "\xf0\x9f\x91\xad"}, // 👭 + {":couple:", "\xf0\x9f\x91\xab"}, // 👫 + {":two_men_holding_hands:", "\xf0\x9f\x91\xac"}, // 👬 + {":couplekiss:", "\xf0\x9f\x92\x8f"}, // 💏 + {":couplekiss_man_woman:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xe2\x9d\xa4\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x92\x8b\xe2\x80\x8d\xf0\x9f\x91\xa8"}, // 👩‍❤️‍💋‍👨 + {":couplekiss_man_man:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xe2\x9d\xa4\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x92\x8b\xe2\x80\x8d\xf0\x9f\x91\xa8"}, // 👨‍❤️‍💋‍👨 + {":couplekiss_woman_woman:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xe2\x9d\xa4\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x92\x8b\xe2\x80\x8d\xf0\x9f\x91\xa9"}, // 👩‍❤️‍💋‍👩 + {":couple_with_heart:", "\xf0\x9f\x92\x91"}, // 💑 + {":couple_with_heart_woman_man:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xe2\x9d\xa4\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x91\xa8"}, // 👩‍❤️‍👨 + {":couple_with_heart_man_man:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xe2\x9d\xa4\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x91\xa8"}, // 👨‍❤️‍👨 + {":couple_with_heart_woman_woman:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xe2\x9d\xa4\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x91\xa9"}, // 👩‍❤️‍👩 + {":family:", "\xf0\x9f\x91\xaa"}, // 👪 + {":family_man_woman_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👩‍👦 + {":family_man_woman_girl:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👨‍👩‍👧 + {":family_man_woman_girl_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👩‍👧‍👦 + {":family_man_woman_boy_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa6\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👩‍👦‍👦 + {":family_man_woman_girl_girl:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👨‍👩‍👧‍👧 + {":family_man_man_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👨‍👦 + {":family_man_man_girl:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👨‍👨‍👧 + {":family_man_man_girl_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👨‍👧‍👦 + {":family_man_man_boy_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa6\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👨‍👦‍👦 + {":family_man_man_girl_girl:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👨‍👨‍👧‍👧 + {":family_woman_woman_boy:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👩‍👩‍👦 + {":family_woman_woman_girl:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👩‍👩‍👧 + {":family_woman_woman_girl_boy:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👩‍👩‍👧‍👦 + {":family_woman_woman_boy_boy:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa6\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👩‍👩‍👦‍👦 + {":family_woman_woman_girl_girl:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👩‍👩‍👧‍👧 + {":family_man_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👦 + {":family_man_boy_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa6\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👦‍👦 + {":family_man_girl:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👨‍👧 + {":family_man_girl_boy:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👨‍👧‍👦 + {":family_man_girl_girl:", "\xf0\x9f\x91\xa8\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👨‍👧‍👧 + {":family_woman_boy:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👩‍👦 + {":family_woman_boy_boy:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa6\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👩‍👦‍👦 + {":family_woman_girl:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👩‍👧 + {":family_woman_girl_boy:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa6"}, // 👩‍👧‍👦 + {":family_woman_girl_girl:", "\xf0\x9f\x91\xa9\xe2\x80\x8d\xf0\x9f\x91\xa7\xe2\x80\x8d\xf0\x9f\x91\xa7"}, // 👩‍👧‍👧 + {":speaking_head:", "\xf0\x9f\x97\xa3\xef\xb8\x8f"}, // 🗣️ + {":bust_in_silhouette:", "\xf0\x9f\x91\xa4"}, // 👤 + {":busts_in_silhouette:", "\xf0\x9f\x91\xa5"}, // 👥 + {":people_hugging:", "\xf0\x9f\xab\x82"}, // 🫂 + {":footprints:", "\xf0\x9f\x91\xa3"}, // 👣 + {":monkey_face:", "\xf0\x9f\x90\xb5"}, // 🐵 + {":monkey:", "\xf0\x9f\x90\x92"}, // 🐒 + {":gorilla:", "\xf0\x9f\xa6\x8d"}, // 🦍 + {":orangutan:", "\xf0\x9f\xa6\xa7"}, // 🦧 + {":dog:", "\xf0\x9f\x90\xb6"}, // 🐶 + {":dog2:", "\xf0\x9f\x90\x95"}, // 🐕 + {":guide_dog:", "\xf0\x9f\xa6\xae"}, // 🦮 + {":service_dog:", "\xf0\x9f\x90\x95\xe2\x80\x8d\xf0\x9f\xa6\xba"}, // 🐕‍🦺 + {":poodle:", "\xf0\x9f\x90\xa9"}, // 🐩 + {":wolf:", "\xf0\x9f\x90\xba"}, // 🐺 + {":fox_face:", "\xf0\x9f\xa6\x8a"}, // 🦊 + {":raccoon:", "\xf0\x9f\xa6\x9d"}, // 🦝 + {":cat:", "\xf0\x9f\x90\xb1"}, // 🐱 + {":cat2:", "\xf0\x9f\x90\x88"}, // 🐈 + {":black_cat:", "\xf0\x9f\x90\x88\xe2\x80\x8d\xe2\xac\x9b"}, // 🐈‍⬛ + {":lion:", "\xf0\x9f\xa6\x81"}, // 🦁 + {":tiger:", "\xf0\x9f\x90\xaf"}, // 🐯 + {":tiger2:", "\xf0\x9f\x90\x85"}, // 🐅 + {":leopard:", "\xf0\x9f\x90\x86"}, // 🐆 + {":horse:", "\xf0\x9f\x90\xb4"}, // 🐴 + {":racehorse:", "\xf0\x9f\x90\x8e"}, // 🐎 + {":unicorn:", "\xf0\x9f\xa6\x84"}, // 🦄 + {":zebra:", "\xf0\x9f\xa6\x93"}, // 🦓 + {":deer:", "\xf0\x9f\xa6\x8c"}, // 🦌 + {":bison:", "\xf0\x9f\xa6\xac"}, // 🦬 + {":cow:", "\xf0\x9f\x90\xae"}, // 🐮 + {":ox:", "\xf0\x9f\x90\x82"}, // 🐂 + {":water_buffalo:", "\xf0\x9f\x90\x83"}, // 🐃 + {":cow2:", "\xf0\x9f\x90\x84"}, // 🐄 + {":pig:", "\xf0\x9f\x90\xb7"}, // 🐷 + {":pig2:", "\xf0\x9f\x90\x96"}, // 🐖 + {":boar:", "\xf0\x9f\x90\x97"}, // 🐗 + {":pig_nose:", "\xf0\x9f\x90\xbd"}, // 🐽 + {":ram:", "\xf0\x9f\x90\x8f"}, // 🐏 + {":sheep:", "\xf0\x9f\x90\x91"}, // 🐑 + {":goat:", "\xf0\x9f\x90\x90"}, // 🐐 + {":dromedary_camel:", "\xf0\x9f\x90\xaa"}, // 🐪 + {":camel:", "\xf0\x9f\x90\xab"}, // 🐫 + {":llama:", "\xf0\x9f\xa6\x99"}, // 🦙 + {":giraffe:", "\xf0\x9f\xa6\x92"}, // 🦒 + {":elephant:", "\xf0\x9f\x90\x98"}, // 🐘 + {":mammoth:", "\xf0\x9f\xa6\xa3"}, // 🦣 + {":rhinoceros:", "\xf0\x9f\xa6\x8f"}, // 🦏 + {":hippopotamus:", "\xf0\x9f\xa6\x9b"}, // 🦛 + {":mouse:", "\xf0\x9f\x90\xad"}, // 🐭 + {":mouse2:", "\xf0\x9f\x90\x81"}, // 🐁 + {":rat:", "\xf0\x9f\x90\x80"}, // 🐀 + {":hamster:", "\xf0\x9f\x90\xb9"}, // 🐹 + {":rabbit:", "\xf0\x9f\x90\xb0"}, // 🐰 + {":rabbit2:", "\xf0\x9f\x90\x87"}, // 🐇 + {":chipmunk:", "\xf0\x9f\x90\xbf\xef\xb8\x8f"}, // 🐿️ + {":beaver:", "\xf0\x9f\xa6\xab"}, // 🦫 + {":hedgehog:", "\xf0\x9f\xa6\x94"}, // 🦔 + {":bat:", "\xf0\x9f\xa6\x87"}, // 🦇 + {":bear:", "\xf0\x9f\x90\xbb"}, // 🐻 + {":polar_bear:", "\xf0\x9f\x90\xbb\xe2\x80\x8d\xe2\x9d\x84\xef\xb8\x8f"}, // 🐻‍❄️ + {":koala:", "\xf0\x9f\x90\xa8"}, // 🐨 + {":panda_face:", "\xf0\x9f\x90\xbc"}, // 🐼 + {":sloth:", "\xf0\x9f\xa6\xa5"}, // 🦥 + {":otter:", "\xf0\x9f\xa6\xa6"}, // 🦦 + {":skunk:", "\xf0\x9f\xa6\xa8"}, // 🦨 + {":kangaroo:", "\xf0\x9f\xa6\x98"}, // 🦘 + {":badger:", "\xf0\x9f\xa6\xa1"}, // 🦡 + {":feet:", "\xf0\x9f\x90\xbe"}, // 🐾 + {":paw_prints:", "\xf0\x9f\x90\xbe"}, // 🐾 + {":turkey:", "\xf0\x9f\xa6\x83"}, // 🦃 + {":chicken:", "\xf0\x9f\x90\x94"}, // 🐔 + {":rooster:", "\xf0\x9f\x90\x93"}, // 🐓 + {":hatching_chick:", "\xf0\x9f\x90\xa3"}, // 🐣 + {":baby_chick:", "\xf0\x9f\x90\xa4"}, // 🐤 + {":hatched_chick:", "\xf0\x9f\x90\xa5"}, // 🐥 + {":bird:", "\xf0\x9f\x90\xa6"}, // 🐦 + {":penguin:", "\xf0\x9f\x90\xa7"}, // 🐧 + {":dove:", "\xf0\x9f\x95\x8a\xef\xb8\x8f"}, // 🕊️ + {":eagle:", "\xf0\x9f\xa6\x85"}, // 🦅 + {":duck:", "\xf0\x9f\xa6\x86"}, // 🦆 + {":swan:", "\xf0\x9f\xa6\xa2"}, // 🦢 + {":owl:", "\xf0\x9f\xa6\x89"}, // 🦉 + {":dodo:", "\xf0\x9f\xa6\xa4"}, // 🦤 + {":feather:", "\xf0\x9f\xaa\xb6"}, // 🪶 + {":flamingo:", "\xf0\x9f\xa6\xa9"}, // 🦩 + {":peacock:", "\xf0\x9f\xa6\x9a"}, // 🦚 + {":parrot:", "\xf0\x9f\xa6\x9c"}, // 🦜 + {":frog:", "\xf0\x9f\x90\xb8"}, // 🐸 + {":crocodile:", "\xf0\x9f\x90\x8a"}, // 🐊 + {":turtle:", "\xf0\x9f\x90\xa2"}, // 🐢 + {":lizard:", "\xf0\x9f\xa6\x8e"}, // 🦎 + {":snake:", "\xf0\x9f\x90\x8d"}, // 🐍 + {":dragon_face:", "\xf0\x9f\x90\xb2"}, // 🐲 + {":dragon:", "\xf0\x9f\x90\x89"}, // 🐉 + {":sauropod:", "\xf0\x9f\xa6\x95"}, // 🦕 + {":t-rex:", "\xf0\x9f\xa6\x96"}, // 🦖 + {":whale:", "\xf0\x9f\x90\xb3"}, // 🐳 + {":whale2:", "\xf0\x9f\x90\x8b"}, // 🐋 + {":dolphin:", "\xf0\x9f\x90\xac"}, // 🐬 + {":flipper:", "\xf0\x9f\x90\xac"}, // 🐬 + {":seal:", "\xf0\x9f\xa6\xad"}, // 🦭 + {":fish:", "\xf0\x9f\x90\x9f"}, // 🐟 + {":tropical_fish:", "\xf0\x9f\x90\xa0"}, // 🐠 + {":blowfish:", "\xf0\x9f\x90\xa1"}, // 🐡 + {":shark:", "\xf0\x9f\xa6\x88"}, // 🦈 + {":octopus:", "\xf0\x9f\x90\x99"}, // 🐙 + {":shell:", "\xf0\x9f\x90\x9a"}, // 🐚 + {":snail:", "\xf0\x9f\x90\x8c"}, // 🐌 + {":butterfly:", "\xf0\x9f\xa6\x8b"}, // 🦋 + {":bug:", "\xf0\x9f\x90\x9b"}, // 🐛 + {":ant:", "\xf0\x9f\x90\x9c"}, // 🐜 + {":bee:", "\xf0\x9f\x90\x9d"}, // 🐝 + {":honeybee:", "\xf0\x9f\x90\x9d"}, // 🐝 + {":beetle:", "\xf0\x9f\xaa\xb2"}, // 🪲 + {":lady_beetle:", "\xf0\x9f\x90\x9e"}, // 🐞 + {":cricket:", "\xf0\x9f\xa6\x97"}, // 🦗 + {":cockroach:", "\xf0\x9f\xaa\xb3"}, // 🪳 + {":spider:", "\xf0\x9f\x95\xb7\xef\xb8\x8f"}, // 🕷️ + {":spider_web:", "\xf0\x9f\x95\xb8\xef\xb8\x8f"}, // 🕸️ + {":scorpion:", "\xf0\x9f\xa6\x82"}, // 🦂 + {":mosquito:", "\xf0\x9f\xa6\x9f"}, // 🦟 + {":fly:", "\xf0\x9f\xaa\xb0"}, // 🪰 + {":worm:", "\xf0\x9f\xaa\xb1"}, // 🪱 + {":microbe:", "\xf0\x9f\xa6\xa0"}, // 🦠 + {":bouquet:", "\xf0\x9f\x92\x90"}, // 💐 + {":cherry_blossom:", "\xf0\x9f\x8c\xb8"}, // 🌸 + {":white_flower:", "\xf0\x9f\x92\xae"}, // 💮 + {":rosette:", "\xf0\x9f\x8f\xb5\xef\xb8\x8f"}, // 🏵️ + {":rose:", "\xf0\x9f\x8c\xb9"}, // 🌹 + {":wilted_flower:", "\xf0\x9f\xa5\x80"}, // 🥀 + {":hibiscus:", "\xf0\x9f\x8c\xba"}, // 🌺 + {":sunflower:", "\xf0\x9f\x8c\xbb"}, // 🌻 + {":blossom:", "\xf0\x9f\x8c\xbc"}, // 🌼 + {":tulip:", "\xf0\x9f\x8c\xb7"}, // 🌷 + {":seedling:", "\xf0\x9f\x8c\xb1"}, // 🌱 + {":potted_plant:", "\xf0\x9f\xaa\xb4"}, // 🪴 + {":evergreen_tree:", "\xf0\x9f\x8c\xb2"}, // 🌲 + {":deciduous_tree:", "\xf0\x9f\x8c\xb3"}, // 🌳 + {":palm_tree:", "\xf0\x9f\x8c\xb4"}, // 🌴 + {":cactus:", "\xf0\x9f\x8c\xb5"}, // 🌵 + {":ear_of_rice:", "\xf0\x9f\x8c\xbe"}, // 🌾 + {":herb:", "\xf0\x9f\x8c\xbf"}, // 🌿 + {":shamrock:", "\xe2\x98\x98\xef\xb8\x8f"}, // ☘️ + {":four_leaf_clover:", "\xf0\x9f\x8d\x80"}, // 🍀 + {":maple_leaf:", "\xf0\x9f\x8d\x81"}, // 🍁 + {":fallen_leaf:", "\xf0\x9f\x8d\x82"}, // 🍂 + {":leaves:", "\xf0\x9f\x8d\x83"}, // 🍃 + {":grapes:", "\xf0\x9f\x8d\x87"}, // 🍇 + {":melon:", "\xf0\x9f\x8d\x88"}, // 🍈 + {":watermelon:", "\xf0\x9f\x8d\x89"}, // 🍉 + {":tangerine:", "\xf0\x9f\x8d\x8a"}, // 🍊 + {":orange:", "\xf0\x9f\x8d\x8a"}, // 🍊 + {":mandarin:", "\xf0\x9f\x8d\x8a"}, // 🍊 + {":lemon:", "\xf0\x9f\x8d\x8b"}, // 🍋 + {":banana:", "\xf0\x9f\x8d\x8c"}, // 🍌 + {":pineapple:", "\xf0\x9f\x8d\x8d"}, // 🍍 + {":mango:", "\xf0\x9f\xa5\xad"}, // 🥭 + {":apple:", "\xf0\x9f\x8d\x8e"}, // 🍎 + {":green_apple:", "\xf0\x9f\x8d\x8f"}, // 🍏 + {":pear:", "\xf0\x9f\x8d\x90"}, // 🍐 + {":peach:", "\xf0\x9f\x8d\x91"}, // 🍑 + {":cherries:", "\xf0\x9f\x8d\x92"}, // 🍒 + {":strawberry:", "\xf0\x9f\x8d\x93"}, // 🍓 + {":blueberries:", "\xf0\x9f\xab\x90"}, // 🫐 + {":kiwi_fruit:", "\xf0\x9f\xa5\x9d"}, // 🥝 + {":tomato:", "\xf0\x9f\x8d\x85"}, // 🍅 + {":olive:", "\xf0\x9f\xab\x92"}, // 🫒 + {":coconut:", "\xf0\x9f\xa5\xa5"}, // 🥥 + {":avocado:", "\xf0\x9f\xa5\x91"}, // 🥑 + {":eggplant:", "\xf0\x9f\x8d\x86"}, // 🍆 + {":potato:", "\xf0\x9f\xa5\x94"}, // 🥔 + {":carrot:", "\xf0\x9f\xa5\x95"}, // 🥕 + {":corn:", "\xf0\x9f\x8c\xbd"}, // 🌽 + {":hot_pepper:", "\xf0\x9f\x8c\xb6\xef\xb8\x8f"}, // 🌶️ + {":bell_pepper:", "\xf0\x9f\xab\x91"}, // 🫑 + {":cucumber:", "\xf0\x9f\xa5\x92"}, // 🥒 + {":leafy_green:", "\xf0\x9f\xa5\xac"}, // 🥬 + {":broccoli:", "\xf0\x9f\xa5\xa6"}, // 🥦 + {":garlic:", "\xf0\x9f\xa7\x84"}, // 🧄 + {":onion:", "\xf0\x9f\xa7\x85"}, // 🧅 + {":mushroom:", "\xf0\x9f\x8d\x84"}, // 🍄 + {":peanuts:", "\xf0\x9f\xa5\x9c"}, // 🥜 + {":chestnut:", "\xf0\x9f\x8c\xb0"}, // 🌰 + {":bread:", "\xf0\x9f\x8d\x9e"}, // 🍞 + {":croissant:", "\xf0\x9f\xa5\x90"}, // 🥐 + {":baguette_bread:", "\xf0\x9f\xa5\x96"}, // 🥖 + {":flatbread:", "\xf0\x9f\xab\x93"}, // 🫓 + {":pretzel:", "\xf0\x9f\xa5\xa8"}, // 🥨 + {":bagel:", "\xf0\x9f\xa5\xaf"}, // 🥯 + {":pancakes:", "\xf0\x9f\xa5\x9e"}, // 🥞 + {":waffle:", "\xf0\x9f\xa7\x87"}, // 🧇 + {":cheese:", "\xf0\x9f\xa7\x80"}, // 🧀 + {":meat_on_bone:", "\xf0\x9f\x8d\x96"}, // 🍖 + {":poultry_leg:", "\xf0\x9f\x8d\x97"}, // 🍗 + {":cut_of_meat:", "\xf0\x9f\xa5\xa9"}, // 🥩 + {":bacon:", "\xf0\x9f\xa5\x93"}, // 🥓 + {":hamburger:", "\xf0\x9f\x8d\x94"}, // 🍔 + {":fries:", "\xf0\x9f\x8d\x9f"}, // 🍟 + {":pizza:", "\xf0\x9f\x8d\x95"}, // 🍕 + {":hotdog:", "\xf0\x9f\x8c\xad"}, // 🌭 + {":sandwich:", "\xf0\x9f\xa5\xaa"}, // 🥪 + {":taco:", "\xf0\x9f\x8c\xae"}, // 🌮 + {":burrito:", "\xf0\x9f\x8c\xaf"}, // 🌯 + {":tamale:", "\xf0\x9f\xab\x94"}, // 🫔 + {":stuffed_flatbread:", "\xf0\x9f\xa5\x99"}, // 🥙 + {":falafel:", "\xf0\x9f\xa7\x86"}, // 🧆 + {":egg:", "\xf0\x9f\xa5\x9a"}, // 🥚 + {":fried_egg:", "\xf0\x9f\x8d\xb3"}, // 🍳 + {":shallow_pan_of_food:", "\xf0\x9f\xa5\x98"}, // 🥘 + {":stew:", "\xf0\x9f\x8d\xb2"}, // 🍲 + {":fondue:", "\xf0\x9f\xab\x95"}, // 🫕 + {":bowl_with_spoon:", "\xf0\x9f\xa5\xa3"}, // 🥣 + {":green_salad:", "\xf0\x9f\xa5\x97"}, // 🥗 + {":popcorn:", "\xf0\x9f\x8d\xbf"}, // 🍿 + {":butter:", "\xf0\x9f\xa7\x88"}, // 🧈 + {":salt:", "\xf0\x9f\xa7\x82"}, // 🧂 + {":canned_food:", "\xf0\x9f\xa5\xab"}, // 🥫 + {":bento:", "\xf0\x9f\x8d\xb1"}, // 🍱 + {":rice_cracker:", "\xf0\x9f\x8d\x98"}, // 🍘 + {":rice_ball:", "\xf0\x9f\x8d\x99"}, // 🍙 + {":rice:", "\xf0\x9f\x8d\x9a"}, // 🍚 + {":curry:", "\xf0\x9f\x8d\x9b"}, // 🍛 + {":ramen:", "\xf0\x9f\x8d\x9c"}, // 🍜 + {":spaghetti:", "\xf0\x9f\x8d\x9d"}, // 🍝 + {":sweet_potato:", "\xf0\x9f\x8d\xa0"}, // 🍠 + {":oden:", "\xf0\x9f\x8d\xa2"}, // 🍢 + {":sushi:", "\xf0\x9f\x8d\xa3"}, // 🍣 + {":fried_shrimp:", "\xf0\x9f\x8d\xa4"}, // 🍤 + {":fish_cake:", "\xf0\x9f\x8d\xa5"}, // 🍥 + {":moon_cake:", "\xf0\x9f\xa5\xae"}, // 🥮 + {":dango:", "\xf0\x9f\x8d\xa1"}, // 🍡 + {":dumpling:", "\xf0\x9f\xa5\x9f"}, // 🥟 + {":fortune_cookie:", "\xf0\x9f\xa5\xa0"}, // 🥠 + {":takeout_box:", "\xf0\x9f\xa5\xa1"}, // 🥡 + {":crab:", "\xf0\x9f\xa6\x80"}, // 🦀 + {":lobster:", "\xf0\x9f\xa6\x9e"}, // 🦞 + {":shrimp:", "\xf0\x9f\xa6\x90"}, // 🦐 + {":squid:", "\xf0\x9f\xa6\x91"}, // 🦑 + {":oyster:", "\xf0\x9f\xa6\xaa"}, // 🦪 + {":icecream:", "\xf0\x9f\x8d\xa6"}, // 🍦 + {":shaved_ice:", "\xf0\x9f\x8d\xa7"}, // 🍧 + {":ice_cream:", "\xf0\x9f\x8d\xa8"}, // 🍨 + {":doughnut:", "\xf0\x9f\x8d\xa9"}, // 🍩 + {":cookie:", "\xf0\x9f\x8d\xaa"}, // 🍪 + {":birthday:", "\xf0\x9f\x8e\x82"}, // 🎂 + {":cake:", "\xf0\x9f\x8d\xb0"}, // 🍰 + {":cupcake:", "\xf0\x9f\xa7\x81"}, // 🧁 + {":pie:", "\xf0\x9f\xa5\xa7"}, // 🥧 + {":chocolate_bar:", "\xf0\x9f\x8d\xab"}, // 🍫 + {":candy:", "\xf0\x9f\x8d\xac"}, // 🍬 + {":lollipop:", "\xf0\x9f\x8d\xad"}, // 🍭 + {":custard:", "\xf0\x9f\x8d\xae"}, // 🍮 + {":honey_pot:", "\xf0\x9f\x8d\xaf"}, // 🍯 + {":baby_bottle:", "\xf0\x9f\x8d\xbc"}, // 🍼 + {":milk_glass:", "\xf0\x9f\xa5\x9b"}, // 🥛 + {":coffee:", "\xe2\x98\x95"}, // ☕ + {":teapot:", "\xf0\x9f\xab\x96"}, // 🫖 + {":tea:", "\xf0\x9f\x8d\xb5"}, // 🍵 + {":sake:", "\xf0\x9f\x8d\xb6"}, // 🍶 + {":champagne:", "\xf0\x9f\x8d\xbe"}, // 🍾 + {":wine_glass:", "\xf0\x9f\x8d\xb7"}, // 🍷 + {":cocktail:", "\xf0\x9f\x8d\xb8"}, // 🍸 + {":tropical_drink:", "\xf0\x9f\x8d\xb9"}, // 🍹 + {":beer:", "\xf0\x9f\x8d\xba"}, // 🍺 + {":beers:", "\xf0\x9f\x8d\xbb"}, // 🍻 + {":clinking_glasses:", "\xf0\x9f\xa5\x82"}, // 🥂 + {":tumbler_glass:", "\xf0\x9f\xa5\x83"}, // 🥃 + {":cup_with_straw:", "\xf0\x9f\xa5\xa4"}, // 🥤 + {":bubble_tea:", "\xf0\x9f\xa7\x8b"}, // 🧋 + {":beverage_box:", "\xf0\x9f\xa7\x83"}, // 🧃 + {":mate:", "\xf0\x9f\xa7\x89"}, // 🧉 + {":ice_cube:", "\xf0\x9f\xa7\x8a"}, // 🧊 + {":chopsticks:", "\xf0\x9f\xa5\xa2"}, // 🥢 + {":plate_with_cutlery:", "\xf0\x9f\x8d\xbd\xef\xb8\x8f"}, // 🍽️ + {":fork_and_knife:", "\xf0\x9f\x8d\xb4"}, // 🍴 + {":spoon:", "\xf0\x9f\xa5\x84"}, // 🥄 + {":hocho:", "\xf0\x9f\x94\xaa"}, // 🔪 + {":knife:", "\xf0\x9f\x94\xaa"}, // 🔪 + {":amphora:", "\xf0\x9f\x8f\xba"}, // 🏺 + {":earth_africa:", "\xf0\x9f\x8c\x8d"}, // 🌍 + {":earth_americas:", "\xf0\x9f\x8c\x8e"}, // 🌎 + {":earth_asia:", "\xf0\x9f\x8c\x8f"}, // 🌏 + {":globe_with_meridians:", "\xf0\x9f\x8c\x90"}, // 🌐 + {":world_map:", "\xf0\x9f\x97\xba\xef\xb8\x8f"}, // 🗺️ + {":japan:", "\xf0\x9f\x97\xbe"}, // 🗾 + {":compass:", "\xf0\x9f\xa7\xad"}, // 🧭 + {":mountain_snow:", "\xf0\x9f\x8f\x94\xef\xb8\x8f"}, // 🏔️ + {":mountain:", "\xe2\x9b\xb0\xef\xb8\x8f"}, // ⛰️ + {":volcano:", "\xf0\x9f\x8c\x8b"}, // 🌋 + {":mount_fuji:", "\xf0\x9f\x97\xbb"}, // 🗻 + {":camping:", "\xf0\x9f\x8f\x95\xef\xb8\x8f"}, // 🏕️ + {":beach_umbrella:", "\xf0\x9f\x8f\x96\xef\xb8\x8f"}, // 🏖️ + {":desert:", "\xf0\x9f\x8f\x9c\xef\xb8\x8f"}, // 🏜️ + {":desert_island:", "\xf0\x9f\x8f\x9d\xef\xb8\x8f"}, // 🏝️ + {":national_park:", "\xf0\x9f\x8f\x9e\xef\xb8\x8f"}, // 🏞️ + {":stadium:", "\xf0\x9f\x8f\x9f\xef\xb8\x8f"}, // 🏟️ + {":classical_building:", "\xf0\x9f\x8f\x9b\xef\xb8\x8f"}, // 🏛️ + {":building_construction:", "\xf0\x9f\x8f\x97\xef\xb8\x8f"}, // 🏗️ + {":bricks:", "\xf0\x9f\xa7\xb1"}, // 🧱 + {":rock:", "\xf0\x9f\xaa\xa8"}, // 🪨 + {":wood:", "\xf0\x9f\xaa\xb5"}, // 🪵 + {":hut:", "\xf0\x9f\x9b\x96"}, // 🛖 + {":houses:", "\xf0\x9f\x8f\x98\xef\xb8\x8f"}, // 🏘️ + {":derelict_house:", "\xf0\x9f\x8f\x9a\xef\xb8\x8f"}, // 🏚️ + {":house:", "\xf0\x9f\x8f\xa0"}, // 🏠 + {":house_with_garden:", "\xf0\x9f\x8f\xa1"}, // 🏡 + {":office:", "\xf0\x9f\x8f\xa2"}, // 🏢 + {":post_office:", "\xf0\x9f\x8f\xa3"}, // 🏣 + {":european_post_office:", "\xf0\x9f\x8f\xa4"}, // 🏤 + {":hospital:", "\xf0\x9f\x8f\xa5"}, // 🏥 + {":bank:", "\xf0\x9f\x8f\xa6"}, // 🏦 + {":hotel:", "\xf0\x9f\x8f\xa8"}, // 🏨 + {":love_hotel:", "\xf0\x9f\x8f\xa9"}, // 🏩 + {":convenience_store:", "\xf0\x9f\x8f\xaa"}, // 🏪 + {":school:", "\xf0\x9f\x8f\xab"}, // 🏫 + {":department_store:", "\xf0\x9f\x8f\xac"}, // 🏬 + {":factory:", "\xf0\x9f\x8f\xad"}, // 🏭 + {":japanese_castle:", "\xf0\x9f\x8f\xaf"}, // 🏯 + {":european_castle:", "\xf0\x9f\x8f\xb0"}, // 🏰 + {":wedding:", "\xf0\x9f\x92\x92"}, // 💒 + {":tokyo_tower:", "\xf0\x9f\x97\xbc"}, // 🗼 + {":statue_of_liberty:", "\xf0\x9f\x97\xbd"}, // 🗽 + {":church:", "\xe2\x9b\xaa"}, // ⛪ + {":mosque:", "\xf0\x9f\x95\x8c"}, // 🕌 + {":hindu_temple:", "\xf0\x9f\x9b\x95"}, // 🛕 + {":synagogue:", "\xf0\x9f\x95\x8d"}, // 🕍 + {":shinto_shrine:", "\xe2\x9b\xa9\xef\xb8\x8f"}, // ⛩️ + {":kaaba:", "\xf0\x9f\x95\x8b"}, // 🕋 + {":fountain:", "\xe2\x9b\xb2"}, // ⛲ + {":tent:", "\xe2\x9b\xba"}, // ⛺ + {":foggy:", "\xf0\x9f\x8c\x81"}, // 🌁 + {":night_with_stars:", "\xf0\x9f\x8c\x83"}, // 🌃 + {":cityscape:", "\xf0\x9f\x8f\x99\xef\xb8\x8f"}, // 🏙️ + {":sunrise_over_mountains:", "\xf0\x9f\x8c\x84"}, // 🌄 + {":sunrise:", "\xf0\x9f\x8c\x85"}, // 🌅 + {":city_sunset:", "\xf0\x9f\x8c\x86"}, // 🌆 + {":city_sunrise:", "\xf0\x9f\x8c\x87"}, // 🌇 + {":bridge_at_night:", "\xf0\x9f\x8c\x89"}, // 🌉 + {":hotsprings:", "\xe2\x99\xa8\xef\xb8\x8f"}, // ♨️ + {":carousel_horse:", "\xf0\x9f\x8e\xa0"}, // 🎠 + {":ferris_wheel:", "\xf0\x9f\x8e\xa1"}, // 🎡 + {":roller_coaster:", "\xf0\x9f\x8e\xa2"}, // 🎢 + {":barber:", "\xf0\x9f\x92\x88"}, // 💈 + {":circus_tent:", "\xf0\x9f\x8e\xaa"}, // 🎪 + {":steam_locomotive:", "\xf0\x9f\x9a\x82"}, // 🚂 + {":railway_car:", "\xf0\x9f\x9a\x83"}, // 🚃 + {":bullettrain_side:", "\xf0\x9f\x9a\x84"}, // 🚄 + {":bullettrain_front:", "\xf0\x9f\x9a\x85"}, // 🚅 + {":train2:", "\xf0\x9f\x9a\x86"}, // 🚆 + {":metro:", "\xf0\x9f\x9a\x87"}, // 🚇 + {":light_rail:", "\xf0\x9f\x9a\x88"}, // 🚈 + {":station:", "\xf0\x9f\x9a\x89"}, // 🚉 + {":tram:", "\xf0\x9f\x9a\x8a"}, // 🚊 + {":monorail:", "\xf0\x9f\x9a\x9d"}, // 🚝 + {":mountain_railway:", "\xf0\x9f\x9a\x9e"}, // 🚞 + {":train:", "\xf0\x9f\x9a\x8b"}, // 🚋 + {":bus:", "\xf0\x9f\x9a\x8c"}, // 🚌 + {":oncoming_bus:", "\xf0\x9f\x9a\x8d"}, // 🚍 + {":trolleybus:", "\xf0\x9f\x9a\x8e"}, // 🚎 + {":minibus:", "\xf0\x9f\x9a\x90"}, // 🚐 + {":ambulance:", "\xf0\x9f\x9a\x91"}, // 🚑 + {":fire_engine:", "\xf0\x9f\x9a\x92"}, // 🚒 + {":police_car:", "\xf0\x9f\x9a\x93"}, // 🚓 + {":oncoming_police_car:", "\xf0\x9f\x9a\x94"}, // 🚔 + {":taxi:", "\xf0\x9f\x9a\x95"}, // 🚕 + {":oncoming_taxi:", "\xf0\x9f\x9a\x96"}, // 🚖 + {":car:", "\xf0\x9f\x9a\x97"}, // 🚗 + {":red_car:", "\xf0\x9f\x9a\x97"}, // 🚗 + {":oncoming_automobile:", "\xf0\x9f\x9a\x98"}, // 🚘 + {":blue_car:", "\xf0\x9f\x9a\x99"}, // 🚙 + {":pickup_truck:", "\xf0\x9f\x9b\xbb"}, // 🛻 + {":truck:", "\xf0\x9f\x9a\x9a"}, // 🚚 + {":articulated_lorry:", "\xf0\x9f\x9a\x9b"}, // 🚛 + {":tractor:", "\xf0\x9f\x9a\x9c"}, // 🚜 + {":racing_car:", "\xf0\x9f\x8f\x8e\xef\xb8\x8f"}, // 🏎️ + {":motorcycle:", "\xf0\x9f\x8f\x8d\xef\xb8\x8f"}, // 🏍️ + {":motor_scooter:", "\xf0\x9f\x9b\xb5"}, // 🛵 + {":manual_wheelchair:", "\xf0\x9f\xa6\xbd"}, // 🦽 + {":motorized_wheelchair:", "\xf0\x9f\xa6\xbc"}, // 🦼 + {":auto_rickshaw:", "\xf0\x9f\x9b\xba"}, // 🛺 + {":bike:", "\xf0\x9f\x9a\xb2"}, // 🚲 + {":kick_scooter:", "\xf0\x9f\x9b\xb4"}, // 🛴 + {":skateboard:", "\xf0\x9f\x9b\xb9"}, // 🛹 + {":roller_skate:", "\xf0\x9f\x9b\xbc"}, // 🛼 + {":busstop:", "\xf0\x9f\x9a\x8f"}, // 🚏 + {":motorway:", "\xf0\x9f\x9b\xa3\xef\xb8\x8f"}, // 🛣️ + {":railway_track:", "\xf0\x9f\x9b\xa4\xef\xb8\x8f"}, // 🛤️ + {":oil_drum:", "\xf0\x9f\x9b\xa2\xef\xb8\x8f"}, // 🛢️ + {":fuelpump:", "\xe2\x9b\xbd"}, // ⛽ + {":rotating_light:", "\xf0\x9f\x9a\xa8"}, // 🚨 + {":traffic_light:", "\xf0\x9f\x9a\xa5"}, // 🚥 + {":vertical_traffic_light:", "\xf0\x9f\x9a\xa6"}, // 🚦 + {":stop_sign:", "\xf0\x9f\x9b\x91"}, // 🛑 + {":construction:", "\xf0\x9f\x9a\xa7"}, // 🚧 + {":anchor:", "\xe2\x9a\x93"}, // ⚓ + {":boat:", "\xe2\x9b\xb5"}, // ⛵ + {":sailboat:", "\xe2\x9b\xb5"}, // ⛵ + {":canoe:", "\xf0\x9f\x9b\xb6"}, // 🛶 + {":speedboat:", "\xf0\x9f\x9a\xa4"}, // 🚤 + {":passenger_ship:", "\xf0\x9f\x9b\xb3\xef\xb8\x8f"}, // 🛳️ + {":ferry:", "\xe2\x9b\xb4\xef\xb8\x8f"}, // ⛴️ + {":motor_boat:", "\xf0\x9f\x9b\xa5\xef\xb8\x8f"}, // 🛥️ + {":ship:", "\xf0\x9f\x9a\xa2"}, // 🚢 + {":airplane:", "\xe2\x9c\x88\xef\xb8\x8f"}, // ✈️ + {":small_airplane:", "\xf0\x9f\x9b\xa9\xef\xb8\x8f"}, // 🛩️ + {":flight_departure:", "\xf0\x9f\x9b\xab"}, // 🛫 + {":flight_arrival:", "\xf0\x9f\x9b\xac"}, // 🛬 + {":parachute:", "\xf0\x9f\xaa\x82"}, // 🪂 + {":seat:", "\xf0\x9f\x92\xba"}, // 💺 + {":helicopter:", "\xf0\x9f\x9a\x81"}, // 🚁 + {":suspension_railway:", "\xf0\x9f\x9a\x9f"}, // 🚟 + {":mountain_cableway:", "\xf0\x9f\x9a\xa0"}, // 🚠 + {":aerial_tramway:", "\xf0\x9f\x9a\xa1"}, // 🚡 + {":artificial_satellite:", "\xf0\x9f\x9b\xb0\xef\xb8\x8f"}, // 🛰️ + {":rocket:", "\xf0\x9f\x9a\x80"}, // 🚀 + {":flying_saucer:", "\xf0\x9f\x9b\xb8"}, // 🛸 + {":bellhop_bell:", "\xf0\x9f\x9b\x8e\xef\xb8\x8f"}, // 🛎️ + {":luggage:", "\xf0\x9f\xa7\xb3"}, // 🧳 + {":hourglass:", "\xe2\x8c\x9b"}, // ⌛ + {":hourglass_flowing_sand:", "\xe2\x8f\xb3"}, // ⏳ + {":watch:", "\xe2\x8c\x9a"}, // ⌚ + {":alarm_clock:", "\xe2\x8f\xb0"}, // ⏰ + {":stopwatch:", "\xe2\x8f\xb1\xef\xb8\x8f"}, // ⏱️ + {":timer_clock:", "\xe2\x8f\xb2\xef\xb8\x8f"}, // ⏲️ + {":mantelpiece_clock:", "\xf0\x9f\x95\xb0\xef\xb8\x8f"}, // 🕰️ + {":clock12:", "\xf0\x9f\x95\x9b"}, // 🕛 + {":clock1230:", "\xf0\x9f\x95\xa7"}, // 🕧 + {":clock1:", "\xf0\x9f\x95\x90"}, // 🕐 + {":clock130:", "\xf0\x9f\x95\x9c"}, // 🕜 + {":clock2:", "\xf0\x9f\x95\x91"}, // 🕑 + {":clock230:", "\xf0\x9f\x95\x9d"}, // 🕝 + {":clock3:", "\xf0\x9f\x95\x92"}, // 🕒 + {":clock330:", "\xf0\x9f\x95\x9e"}, // 🕞 + {":clock4:", "\xf0\x9f\x95\x93"}, // 🕓 + {":clock430:", "\xf0\x9f\x95\x9f"}, // 🕟 + {":clock5:", "\xf0\x9f\x95\x94"}, // 🕔 + {":clock530:", "\xf0\x9f\x95\xa0"}, // 🕠 + {":clock6:", "\xf0\x9f\x95\x95"}, // 🕕 + {":clock630:", "\xf0\x9f\x95\xa1"}, // 🕡 + {":clock7:", "\xf0\x9f\x95\x96"}, // 🕖 + {":clock730:", "\xf0\x9f\x95\xa2"}, // 🕢 + {":clock8:", "\xf0\x9f\x95\x97"}, // 🕗 + {":clock830:", "\xf0\x9f\x95\xa3"}, // 🕣 + {":clock9:", "\xf0\x9f\x95\x98"}, // 🕘 + {":clock930:", "\xf0\x9f\x95\xa4"}, // 🕤 + {":clock10:", "\xf0\x9f\x95\x99"}, // 🕙 + {":clock1030:", "\xf0\x9f\x95\xa5"}, // 🕥 + {":clock11:", "\xf0\x9f\x95\x9a"}, // 🕚 + {":clock1130:", "\xf0\x9f\x95\xa6"}, // 🕦 + {":new_moon:", "\xf0\x9f\x8c\x91"}, // 🌑 + {":waxing_crescent_moon:", "\xf0\x9f\x8c\x92"}, // 🌒 + {":first_quarter_moon:", "\xf0\x9f\x8c\x93"}, // 🌓 + {":moon:", "\xf0\x9f\x8c\x94"}, // 🌔 + {":waxing_gibbous_moon:", "\xf0\x9f\x8c\x94"}, // 🌔 + {":full_moon:", "\xf0\x9f\x8c\x95"}, // 🌕 + {":waning_gibbous_moon:", "\xf0\x9f\x8c\x96"}, // 🌖 + {":last_quarter_moon:", "\xf0\x9f\x8c\x97"}, // 🌗 + {":waning_crescent_moon:", "\xf0\x9f\x8c\x98"}, // 🌘 + {":crescent_moon:", "\xf0\x9f\x8c\x99"}, // 🌙 + {":new_moon_with_face:", "\xf0\x9f\x8c\x9a"}, // 🌚 + {":first_quarter_moon_with_face:", "\xf0\x9f\x8c\x9b"}, // 🌛 + {":last_quarter_moon_with_face:", "\xf0\x9f\x8c\x9c"}, // 🌜 + {":thermometer:", "\xf0\x9f\x8c\xa1\xef\xb8\x8f"}, // 🌡️ + {":sunny:", "\xe2\x98\x80\xef\xb8\x8f"}, // ☀️ + {":full_moon_with_face:", "\xf0\x9f\x8c\x9d"}, // 🌝 + {":sun_with_face:", "\xf0\x9f\x8c\x9e"}, // 🌞 + {":ringed_planet:", "\xf0\x9f\xaa\x90"}, // 🪐 + {":star:", "\xe2\xad\x90"}, // ⭐ + {":star2:", "\xf0\x9f\x8c\x9f"}, // 🌟 + {":stars:", "\xf0\x9f\x8c\xa0"}, // 🌠 + {":milky_way:", "\xf0\x9f\x8c\x8c"}, // 🌌 + {":cloud:", "\xe2\x98\x81\xef\xb8\x8f"}, // ☁️ + {":partly_sunny:", "\xe2\x9b\x85"}, // ⛅ + {":cloud_with_lightning_and_rain:", "\xe2\x9b\x88\xef\xb8\x8f"}, // ⛈️ + {":sun_behind_small_cloud:", "\xf0\x9f\x8c\xa4\xef\xb8\x8f"}, // 🌤️ + {":sun_behind_large_cloud:", "\xf0\x9f\x8c\xa5\xef\xb8\x8f"}, // 🌥️ + {":sun_behind_rain_cloud:", "\xf0\x9f\x8c\xa6\xef\xb8\x8f"}, // 🌦️ + {":cloud_with_rain:", "\xf0\x9f\x8c\xa7\xef\xb8\x8f"}, // 🌧️ + {":cloud_with_snow:", "\xf0\x9f\x8c\xa8\xef\xb8\x8f"}, // 🌨️ + {":cloud_with_lightning:", "\xf0\x9f\x8c\xa9\xef\xb8\x8f"}, // 🌩️ + {":tornado:", "\xf0\x9f\x8c\xaa\xef\xb8\x8f"}, // 🌪️ + {":fog:", "\xf0\x9f\x8c\xab\xef\xb8\x8f"}, // 🌫️ + {":wind_face:", "\xf0\x9f\x8c\xac\xef\xb8\x8f"}, // 🌬️ + {":cyclone:", "\xf0\x9f\x8c\x80"}, // 🌀 + {":rainbow:", "\xf0\x9f\x8c\x88"}, // 🌈 + {":closed_umbrella:", "\xf0\x9f\x8c\x82"}, // 🌂 + {":open_umbrella:", "\xe2\x98\x82\xef\xb8\x8f"}, // ☂️ + {":umbrella:", "\xe2\x98\x94"}, // ☔ + {":parasol_on_ground:", "\xe2\x9b\xb1\xef\xb8\x8f"}, // ⛱️ + {":zap:", "\xe2\x9a\xa1"}, // ⚡ + {":snowflake:", "\xe2\x9d\x84\xef\xb8\x8f"}, // ❄️ + {":snowman_with_snow:", "\xe2\x98\x83\xef\xb8\x8f"}, // ☃️ + {":snowman:", "\xe2\x9b\x84"}, // ⛄ + {":comet:", "\xe2\x98\x84\xef\xb8\x8f"}, // ☄️ + {":fire:", "\xf0\x9f\x94\xa5"}, // 🔥 + {":droplet:", "\xf0\x9f\x92\xa7"}, // 💧 + {":ocean:", "\xf0\x9f\x8c\x8a"}, // 🌊 + {":jack_o_lantern:", "\xf0\x9f\x8e\x83"}, // 🎃 + {":christmas_tree:", "\xf0\x9f\x8e\x84"}, // 🎄 + {":fireworks:", "\xf0\x9f\x8e\x86"}, // 🎆 + {":sparkler:", "\xf0\x9f\x8e\x87"}, // 🎇 + {":firecracker:", "\xf0\x9f\xa7\xa8"}, // 🧨 + {":sparkles:", "\xe2\x9c\xa8"}, // ✨ + {":balloon:", "\xf0\x9f\x8e\x88"}, // 🎈 + {":tada:", "\xf0\x9f\x8e\x89"}, // 🎉 + {":confetti_ball:", "\xf0\x9f\x8e\x8a"}, // 🎊 + {":tanabata_tree:", "\xf0\x9f\x8e\x8b"}, // 🎋 + {":bamboo:", "\xf0\x9f\x8e\x8d"}, // 🎍 + {":dolls:", "\xf0\x9f\x8e\x8e"}, // 🎎 + {":flags:", "\xf0\x9f\x8e\x8f"}, // 🎏 + {":wind_chime:", "\xf0\x9f\x8e\x90"}, // 🎐 + {":rice_scene:", "\xf0\x9f\x8e\x91"}, // 🎑 + {":red_envelope:", "\xf0\x9f\xa7\xa7"}, // 🧧 + {":ribbon:", "\xf0\x9f\x8e\x80"}, // 🎀 + {":gift:", "\xf0\x9f\x8e\x81"}, // 🎁 + {":reminder_ribbon:", "\xf0\x9f\x8e\x97\xef\xb8\x8f"}, // 🎗️ + {":tickets:", "\xf0\x9f\x8e\x9f\xef\xb8\x8f"}, // 🎟️ + {":ticket:", "\xf0\x9f\x8e\xab"}, // 🎫 + {":medal_military:", "\xf0\x9f\x8e\x96\xef\xb8\x8f"}, // 🎖️ + {":trophy:", "\xf0\x9f\x8f\x86"}, // 🏆 + {":medal_sports:", "\xf0\x9f\x8f\x85"}, // 🏅 + {":1st_place_medal:", "\xf0\x9f\xa5\x87"}, // 🥇 + {":2nd_place_medal:", "\xf0\x9f\xa5\x88"}, // 🥈 + {":3rd_place_medal:", "\xf0\x9f\xa5\x89"}, // 🥉 + {":soccer:", "\xe2\x9a\xbd"}, // ⚽ + {":baseball:", "\xe2\x9a\xbe"}, // ⚾ + {":softball:", "\xf0\x9f\xa5\x8e"}, // 🥎 + {":basketball:", "\xf0\x9f\x8f\x80"}, // 🏀 + {":volleyball:", "\xf0\x9f\x8f\x90"}, // 🏐 + {":football:", "\xf0\x9f\x8f\x88"}, // 🏈 + {":rugby_football:", "\xf0\x9f\x8f\x89"}, // 🏉 + {":tennis:", "\xf0\x9f\x8e\xbe"}, // 🎾 + {":flying_disc:", "\xf0\x9f\xa5\x8f"}, // 🥏 + {":bowling:", "\xf0\x9f\x8e\xb3"}, // 🎳 + {":cricket_game:", "\xf0\x9f\x8f\x8f"}, // 🏏 + {":field_hockey:", "\xf0\x9f\x8f\x91"}, // 🏑 + {":ice_hockey:", "\xf0\x9f\x8f\x92"}, // 🏒 + {":lacrosse:", "\xf0\x9f\xa5\x8d"}, // 🥍 + {":ping_pong:", "\xf0\x9f\x8f\x93"}, // 🏓 + {":badminton:", "\xf0\x9f\x8f\xb8"}, // 🏸 + {":boxing_glove:", "\xf0\x9f\xa5\x8a"}, // 🥊 + {":martial_arts_uniform:", "\xf0\x9f\xa5\x8b"}, // 🥋 + {":goal_net:", "\xf0\x9f\xa5\x85"}, // 🥅 + {":golf:", "\xe2\x9b\xb3"}, // ⛳ + {":ice_skate:", "\xe2\x9b\xb8\xef\xb8\x8f"}, // ⛸️ + {":fishing_pole_and_fish:", "\xf0\x9f\x8e\xa3"}, // 🎣 + {":diving_mask:", "\xf0\x9f\xa4\xbf"}, // 🤿 + {":running_shirt_with_sash:", "\xf0\x9f\x8e\xbd"}, // 🎽 + {":ski:", "\xf0\x9f\x8e\xbf"}, // 🎿 + {":sled:", "\xf0\x9f\x9b\xb7"}, // 🛷 + {":curling_stone:", "\xf0\x9f\xa5\x8c"}, // 🥌 + {":dart:", "\xf0\x9f\x8e\xaf"}, // 🎯 + {":yo_yo:", "\xf0\x9f\xaa\x80"}, // 🪀 + {":kite:", "\xf0\x9f\xaa\x81"}, // 🪁 + {":8ball:", "\xf0\x9f\x8e\xb1"}, // 🎱 + {":crystal_ball:", "\xf0\x9f\x94\xae"}, // 🔮 + {":magic_wand:", "\xf0\x9f\xaa\x84"}, // 🪄 + {":nazar_amulet:", "\xf0\x9f\xa7\xbf"}, // 🧿 + {":video_game:", "\xf0\x9f\x8e\xae"}, // 🎮 + {":joystick:", "\xf0\x9f\x95\xb9\xef\xb8\x8f"}, // 🕹️ + {":slot_machine:", "\xf0\x9f\x8e\xb0"}, // 🎰 + {":game_die:", "\xf0\x9f\x8e\xb2"}, // 🎲 + {":jigsaw:", "\xf0\x9f\xa7\xa9"}, // 🧩 + {":teddy_bear:", "\xf0\x9f\xa7\xb8"}, // 🧸 + {":pi_ata:", "\xf0\x9f\xaa\x85"}, // 🪅 + {":nesting_dolls:", "\xf0\x9f\xaa\x86"}, // 🪆 + {":spades:", "\xe2\x99\xa0\xef\xb8\x8f"}, // ♠️ + {":hearts:", "\xe2\x99\xa5\xef\xb8\x8f"}, // ♥️ + {":diamonds:", "\xe2\x99\xa6\xef\xb8\x8f"}, // ♦️ + {":clubs:", "\xe2\x99\xa3\xef\xb8\x8f"}, // ♣️ + {":chess_pawn:", "\xe2\x99\x9f\xef\xb8\x8f"}, // ♟️ + {":black_joker:", "\xf0\x9f\x83\x8f"}, // 🃏 + {":mahjong:", "\xf0\x9f\x80\x84"}, // 🀄 + {":flower_playing_cards:", "\xf0\x9f\x8e\xb4"}, // 🎴 + {":performing_arts:", "\xf0\x9f\x8e\xad"}, // 🎭 + {":framed_picture:", "\xf0\x9f\x96\xbc\xef\xb8\x8f"}, // 🖼️ + {":art:", "\xf0\x9f\x8e\xa8"}, // 🎨 + {":thread:", "\xf0\x9f\xa7\xb5"}, // 🧵 + {":sewing_needle:", "\xf0\x9f\xaa\xa1"}, // 🪡 + {":yarn:", "\xf0\x9f\xa7\xb6"}, // 🧶 + {":knot:", "\xf0\x9f\xaa\xa2"}, // 🪢 + {":eyeglasses:", "\xf0\x9f\x91\x93"}, // 👓 + {":dark_sunglasses:", "\xf0\x9f\x95\xb6\xef\xb8\x8f"}, // 🕶️ + {":goggles:", "\xf0\x9f\xa5\xbd"}, // 🥽 + {":lab_coat:", "\xf0\x9f\xa5\xbc"}, // 🥼 + {":safety_vest:", "\xf0\x9f\xa6\xba"}, // 🦺 + {":necktie:", "\xf0\x9f\x91\x94"}, // 👔 + {":shirt:", "\xf0\x9f\x91\x95"}, // 👕 + {":tshirt:", "\xf0\x9f\x91\x95"}, // 👕 + {":jeans:", "\xf0\x9f\x91\x96"}, // 👖 + {":scarf:", "\xf0\x9f\xa7\xa3"}, // 🧣 + {":gloves:", "\xf0\x9f\xa7\xa4"}, // 🧤 + {":coat:", "\xf0\x9f\xa7\xa5"}, // 🧥 + {":socks:", "\xf0\x9f\xa7\xa6"}, // 🧦 + {":dress:", "\xf0\x9f\x91\x97"}, // 👗 + {":kimono:", "\xf0\x9f\x91\x98"}, // 👘 + {":sari:", "\xf0\x9f\xa5\xbb"}, // 🥻 + {":one_piece_swimsuit:", "\xf0\x9f\xa9\xb1"}, // 🩱 + {":swim_brief:", "\xf0\x9f\xa9\xb2"}, // 🩲 + {":shorts:", "\xf0\x9f\xa9\xb3"}, // 🩳 + {":bikini:", "\xf0\x9f\x91\x99"}, // 👙 + {":womans_clothes:", "\xf0\x9f\x91\x9a"}, // 👚 + {":purse:", "\xf0\x9f\x91\x9b"}, // 👛 + {":handbag:", "\xf0\x9f\x91\x9c"}, // 👜 + {":pouch:", "\xf0\x9f\x91\x9d"}, // 👝 + {":shopping:", "\xf0\x9f\x9b\x8d\xef\xb8\x8f"}, // 🛍️ + {":school_satchel:", "\xf0\x9f\x8e\x92"}, // 🎒 + {":thong_sandal:", "\xf0\x9f\xa9\xb4"}, // 🩴 + {":mans_shoe:", "\xf0\x9f\x91\x9e"}, // 👞 + {":shoe:", "\xf0\x9f\x91\x9e"}, // 👞 + {":athletic_shoe:", "\xf0\x9f\x91\x9f"}, // 👟 + {":hiking_boot:", "\xf0\x9f\xa5\xbe"}, // 🥾 + {":flat_shoe:", "\xf0\x9f\xa5\xbf"}, // 🥿 + {":high_heel:", "\xf0\x9f\x91\xa0"}, // 👠 + {":sandal:", "\xf0\x9f\x91\xa1"}, // 👡 + {":ballet_shoes:", "\xf0\x9f\xa9\xb0"}, // 🩰 + {":boot:", "\xf0\x9f\x91\xa2"}, // 👢 + {":crown:", "\xf0\x9f\x91\x91"}, // 👑 + {":womans_hat:", "\xf0\x9f\x91\x92"}, // 👒 + {":tophat:", "\xf0\x9f\x8e\xa9"}, // 🎩 + {":mortar_board:", "\xf0\x9f\x8e\x93"}, // 🎓 + {":billed_cap:", "\xf0\x9f\xa7\xa2"}, // 🧢 + {":military_helmet:", "\xf0\x9f\xaa\x96"}, // 🪖 + {":rescue_worker_helmet:", "\xe2\x9b\x91\xef\xb8\x8f"}, // ⛑️ + {":prayer_beads:", "\xf0\x9f\x93\xbf"}, // 📿 + {":lipstick:", "\xf0\x9f\x92\x84"}, // 💄 + {":ring:", "\xf0\x9f\x92\x8d"}, // 💍 + {":gem:", "\xf0\x9f\x92\x8e"}, // 💎 + {":mute:", "\xf0\x9f\x94\x87"}, // 🔇 + {":speaker:", "\xf0\x9f\x94\x88"}, // 🔈 + {":sound:", "\xf0\x9f\x94\x89"}, // 🔉 + {":loud_sound:", "\xf0\x9f\x94\x8a"}, // 🔊 + {":loudspeaker:", "\xf0\x9f\x93\xa2"}, // 📢 + {":mega:", "\xf0\x9f\x93\xa3"}, // 📣 + {":postal_horn:", "\xf0\x9f\x93\xaf"}, // 📯 + {":bell:", "\xf0\x9f\x94\x94"}, // 🔔 + {":no_bell:", "\xf0\x9f\x94\x95"}, // 🔕 + {":musical_score:", "\xf0\x9f\x8e\xbc"}, // 🎼 + {":musical_note:", "\xf0\x9f\x8e\xb5"}, // 🎵 + {":notes:", "\xf0\x9f\x8e\xb6"}, // 🎶 + {":studio_microphone:", "\xf0\x9f\x8e\x99\xef\xb8\x8f"}, // 🎙️ + {":level_slider:", "\xf0\x9f\x8e\x9a\xef\xb8\x8f"}, // 🎚️ + {":control_knobs:", "\xf0\x9f\x8e\x9b\xef\xb8\x8f"}, // 🎛️ + {":microphone:", "\xf0\x9f\x8e\xa4"}, // 🎤 + {":headphones:", "\xf0\x9f\x8e\xa7"}, // 🎧 + {":radio:", "\xf0\x9f\x93\xbb"}, // 📻 + {":saxophone:", "\xf0\x9f\x8e\xb7"}, // 🎷 + {":accordion:", "\xf0\x9f\xaa\x97"}, // 🪗 + {":guitar:", "\xf0\x9f\x8e\xb8"}, // 🎸 + {":musical_keyboard:", "\xf0\x9f\x8e\xb9"}, // 🎹 + {":trumpet:", "\xf0\x9f\x8e\xba"}, // 🎺 + {":violin:", "\xf0\x9f\x8e\xbb"}, // 🎻 + {":banjo:", "\xf0\x9f\xaa\x95"}, // 🪕 + {":drum:", "\xf0\x9f\xa5\x81"}, // 🥁 + {":long_drum:", "\xf0\x9f\xaa\x98"}, // 🪘 + {":iphone:", "\xf0\x9f\x93\xb1"}, // 📱 + {":calling:", "\xf0\x9f\x93\xb2"}, // 📲 + {":phone:", "\xe2\x98\x8e\xef\xb8\x8f"}, // ☎️ + {":telephone:", "\xe2\x98\x8e\xef\xb8\x8f"}, // ☎️ + {":telephone_receiver:", "\xf0\x9f\x93\x9e"}, // 📞 + {":pager:", "\xf0\x9f\x93\x9f"}, // 📟 + {":fax:", "\xf0\x9f\x93\xa0"}, // 📠 + {":battery:", "\xf0\x9f\x94\x8b"}, // 🔋 + {":electric_plug:", "\xf0\x9f\x94\x8c"}, // 🔌 + {":computer:", "\xf0\x9f\x92\xbb"}, // 💻 + {":desktop_computer:", "\xf0\x9f\x96\xa5\xef\xb8\x8f"}, // 🖥️ + {":printer:", "\xf0\x9f\x96\xa8\xef\xb8\x8f"}, // 🖨️ + {":keyboard:", "\xe2\x8c\xa8\xef\xb8\x8f"}, // ⌨️ + {":computer_mouse:", "\xf0\x9f\x96\xb1\xef\xb8\x8f"}, // 🖱️ + {":trackball:", "\xf0\x9f\x96\xb2\xef\xb8\x8f"}, // 🖲️ + {":minidisc:", "\xf0\x9f\x92\xbd"}, // 💽 + {":floppy_disk:", "\xf0\x9f\x92\xbe"}, // 💾 + {":cd:", "\xf0\x9f\x92\xbf"}, // 💿 + {":dvd:", "\xf0\x9f\x93\x80"}, // 📀 + {":abacus:", "\xf0\x9f\xa7\xae"}, // 🧮 + {":movie_camera:", "\xf0\x9f\x8e\xa5"}, // 🎥 + {":film_strip:", "\xf0\x9f\x8e\x9e\xef\xb8\x8f"}, // 🎞️ + {":film_projector:", "\xf0\x9f\x93\xbd\xef\xb8\x8f"}, // 📽️ + {":clapper:", "\xf0\x9f\x8e\xac"}, // 🎬 + {":tv:", "\xf0\x9f\x93\xba"}, // 📺 + {":camera:", "\xf0\x9f\x93\xb7"}, // 📷 + {":camera_flash:", "\xf0\x9f\x93\xb8"}, // 📸 + {":video_camera:", "\xf0\x9f\x93\xb9"}, // 📹 + {":vhs:", "\xf0\x9f\x93\xbc"}, // 📼 + {":mag:", "\xf0\x9f\x94\x8d"}, // 🔍 + {":mag_right:", "\xf0\x9f\x94\x8e"}, // 🔎 + {":candle:", "\xf0\x9f\x95\xaf\xef\xb8\x8f"}, // 🕯️ + {":bulb:", "\xf0\x9f\x92\xa1"}, // 💡 + {":flashlight:", "\xf0\x9f\x94\xa6"}, // 🔦 + {":izakaya_lantern:", "\xf0\x9f\x8f\xae"}, // 🏮 + {":lantern:", "\xf0\x9f\x8f\xae"}, // 🏮 + {":diya_lamp:", "\xf0\x9f\xaa\x94"}, // 🪔 + {":notebook_with_decorative_cover:", "\xf0\x9f\x93\x94"}, // 📔 + {":closed_book:", "\xf0\x9f\x93\x95"}, // 📕 + {":book:", "\xf0\x9f\x93\x96"}, // 📖 + {":open_book:", "\xf0\x9f\x93\x96"}, // 📖 + {":green_book:", "\xf0\x9f\x93\x97"}, // 📗 + {":blue_book:", "\xf0\x9f\x93\x98"}, // 📘 + {":orange_book:", "\xf0\x9f\x93\x99"}, // 📙 + {":books:", "\xf0\x9f\x93\x9a"}, // 📚 + {":notebook:", "\xf0\x9f\x93\x93"}, // 📓 + {":ledger:", "\xf0\x9f\x93\x92"}, // 📒 + {":page_with_curl:", "\xf0\x9f\x93\x83"}, // 📃 + {":scroll:", "\xf0\x9f\x93\x9c"}, // 📜 + {":page_facing_up:", "\xf0\x9f\x93\x84"}, // 📄 + {":newspaper:", "\xf0\x9f\x93\xb0"}, // 📰 + {":newspaper_roll:", "\xf0\x9f\x97\x9e\xef\xb8\x8f"}, // 🗞️ + {":bookmark_tabs:", "\xf0\x9f\x93\x91"}, // 📑 + {":bookmark:", "\xf0\x9f\x94\x96"}, // 🔖 + {":label:", "\xf0\x9f\x8f\xb7\xef\xb8\x8f"}, // 🏷️ + {":moneybag:", "\xf0\x9f\x92\xb0"}, // 💰 + {":coin:", "\xf0\x9f\xaa\x99"}, // 🪙 + {":yen:", "\xf0\x9f\x92\xb4"}, // 💴 + {":dollar:", "\xf0\x9f\x92\xb5"}, // 💵 + {":euro:", "\xf0\x9f\x92\xb6"}, // 💶 + {":pound:", "\xf0\x9f\x92\xb7"}, // 💷 + {":money_with_wings:", "\xf0\x9f\x92\xb8"}, // 💸 + {":credit_card:", "\xf0\x9f\x92\xb3"}, // 💳 + {":receipt:", "\xf0\x9f\xa7\xbe"}, // 🧾 + {":chart:", "\xf0\x9f\x92\xb9"}, // 💹 + {":email:", "\xe2\x9c\x89\xef\xb8\x8f"}, // ✉️ + {":envelope:", "\xe2\x9c\x89\xef\xb8\x8f"}, // ✉️ + {":e-mail:", "\xf0\x9f\x93\xa7"}, // 📧 + {":incoming_envelope:", "\xf0\x9f\x93\xa8"}, // 📨 + {":envelope_with_arrow:", "\xf0\x9f\x93\xa9"}, // 📩 + {":outbox_tray:", "\xf0\x9f\x93\xa4"}, // 📤 + {":inbox_tray:", "\xf0\x9f\x93\xa5"}, // 📥 + {":package:", "\xf0\x9f\x93\xa6"}, // 📦 + {":mailbox:", "\xf0\x9f\x93\xab"}, // 📫 + {":mailbox_closed:", "\xf0\x9f\x93\xaa"}, // 📪 + {":mailbox_with_mail:", "\xf0\x9f\x93\xac"}, // 📬 + {":mailbox_with_no_mail:", "\xf0\x9f\x93\xad"}, // 📭 + {":postbox:", "\xf0\x9f\x93\xae"}, // 📮 + {":ballot_box:", "\xf0\x9f\x97\xb3\xef\xb8\x8f"}, // 🗳️ + {":pencil2:", "\xe2\x9c\x8f\xef\xb8\x8f"}, // ✏️ + {":black_nib:", "\xe2\x9c\x92\xef\xb8\x8f"}, // ✒️ + {":fountain_pen:", "\xf0\x9f\x96\x8b\xef\xb8\x8f"}, // 🖋️ + {":pen:", "\xf0\x9f\x96\x8a\xef\xb8\x8f"}, // 🖊️ + {":paintbrush:", "\xf0\x9f\x96\x8c\xef\xb8\x8f"}, // 🖌️ + {":crayon:", "\xf0\x9f\x96\x8d\xef\xb8\x8f"}, // 🖍️ + {":memo:", "\xf0\x9f\x93\x9d"}, // 📝 + {":pencil:", "\xf0\x9f\x93\x9d"}, // 📝 + {":briefcase:", "\xf0\x9f\x92\xbc"}, // 💼 + {":file_folder:", "\xf0\x9f\x93\x81"}, // 📁 + {":open_file_folder:", "\xf0\x9f\x93\x82"}, // 📂 + {":card_index_dividers:", "\xf0\x9f\x97\x82\xef\xb8\x8f"}, // 🗂️ + {":date:", "\xf0\x9f\x93\x85"}, // 📅 + {":calendar:", "\xf0\x9f\x93\x86"}, // 📆 + {":spiral_notepad:", "\xf0\x9f\x97\x92\xef\xb8\x8f"}, // 🗒️ + {":spiral_calendar:", "\xf0\x9f\x97\x93\xef\xb8\x8f"}, // 🗓️ + {":card_index:", "\xf0\x9f\x93\x87"}, // 📇 + {":chart_with_upwards_trend:", "\xf0\x9f\x93\x88"}, // 📈 + {":chart_with_downwards_trend:", "\xf0\x9f\x93\x89"}, // 📉 + {":bar_chart:", "\xf0\x9f\x93\x8a"}, // 📊 + {":clipboard:", "\xf0\x9f\x93\x8b"}, // 📋 + {":pushpin:", "\xf0\x9f\x93\x8c"}, // 📌 + {":round_pushpin:", "\xf0\x9f\x93\x8d"}, // 📍 + {":paperclip:", "\xf0\x9f\x93\x8e"}, // 📎 + {":paperclips:", "\xf0\x9f\x96\x87\xef\xb8\x8f"}, // 🖇️ + {":straight_ruler:", "\xf0\x9f\x93\x8f"}, // 📏 + {":triangular_ruler:", "\xf0\x9f\x93\x90"}, // 📐 + {":scissors:", "\xe2\x9c\x82\xef\xb8\x8f"}, // ✂️ + {":card_file_box:", "\xf0\x9f\x97\x83\xef\xb8\x8f"}, // 🗃️ + {":file_cabinet:", "\xf0\x9f\x97\x84\xef\xb8\x8f"}, // 🗄️ + {":wastebasket:", "\xf0\x9f\x97\x91\xef\xb8\x8f"}, // 🗑️ + {":lock:", "\xf0\x9f\x94\x92"}, // 🔒 + {":unlock:", "\xf0\x9f\x94\x93"}, // 🔓 + {":lock_with_ink_pen:", "\xf0\x9f\x94\x8f"}, // 🔏 + {":closed_lock_with_key:", "\xf0\x9f\x94\x90"}, // 🔐 + {":key:", "\xf0\x9f\x94\x91"}, // 🔑 + {":old_key:", "\xf0\x9f\x97\x9d\xef\xb8\x8f"}, // 🗝️ + {":hammer:", "\xf0\x9f\x94\xa8"}, // 🔨 + {":axe:", "\xf0\x9f\xaa\x93"}, // 🪓 + {":pick:", "\xe2\x9b\x8f\xef\xb8\x8f"}, // ⛏️ + {":hammer_and_pick:", "\xe2\x9a\x92\xef\xb8\x8f"}, // ⚒️ + {":hammer_and_wrench:", "\xf0\x9f\x9b\xa0\xef\xb8\x8f"}, // 🛠️ + {":dagger:", "\xf0\x9f\x97\xa1\xef\xb8\x8f"}, // 🗡️ + {":crossed_swords:", "\xe2\x9a\x94\xef\xb8\x8f"}, // ⚔️ + {":gun:", "\xf0\x9f\x94\xab"}, // 🔫 + {":boomerang:", "\xf0\x9f\xaa\x83"}, // 🪃 + {":bow_and_arrow:", "\xf0\x9f\x8f\xb9"}, // 🏹 + {":shield:", "\xf0\x9f\x9b\xa1\xef\xb8\x8f"}, // 🛡️ + {":carpentry_saw:", "\xf0\x9f\xaa\x9a"}, // 🪚 + {":wrench:", "\xf0\x9f\x94\xa7"}, // 🔧 + {":screwdriver:", "\xf0\x9f\xaa\x9b"}, // 🪛 + {":nut_and_bolt:", "\xf0\x9f\x94\xa9"}, // 🔩 + {":gear:", "\xe2\x9a\x99\xef\xb8\x8f"}, // ⚙️ + {":clamp:", "\xf0\x9f\x97\x9c\xef\xb8\x8f"}, // 🗜️ + {":balance_scale:", "\xe2\x9a\x96\xef\xb8\x8f"}, // ⚖️ + {":probing_cane:", "\xf0\x9f\xa6\xaf"}, // 🦯 + {":link:", "\xf0\x9f\x94\x97"}, // 🔗 + {":chains:", "\xe2\x9b\x93\xef\xb8\x8f"}, // ⛓️ + {":hook:", "\xf0\x9f\xaa\x9d"}, // 🪝 + {":toolbox:", "\xf0\x9f\xa7\xb0"}, // 🧰 + {":magnet:", "\xf0\x9f\xa7\xb2"}, // 🧲 + {":ladder:", "\xf0\x9f\xaa\x9c"}, // 🪜 + {":alembic:", "\xe2\x9a\x97\xef\xb8\x8f"}, // ⚗️ + {":test_tube:", "\xf0\x9f\xa7\xaa"}, // 🧪 + {":petri_dish:", "\xf0\x9f\xa7\xab"}, // 🧫 + {":dna:", "\xf0\x9f\xa7\xac"}, // 🧬 + {":microscope:", "\xf0\x9f\x94\xac"}, // 🔬 + {":telescope:", "\xf0\x9f\x94\xad"}, // 🔭 + {":satellite:", "\xf0\x9f\x93\xa1"}, // 📡 + {":syringe:", "\xf0\x9f\x92\x89"}, // 💉 + {":drop_of_blood:", "\xf0\x9f\xa9\xb8"}, // 🩸 + {":pill:", "\xf0\x9f\x92\x8a"}, // 💊 + {":adhesive_bandage:", "\xf0\x9f\xa9\xb9"}, // 🩹 + {":stethoscope:", "\xf0\x9f\xa9\xba"}, // 🩺 + {":door:", "\xf0\x9f\x9a\xaa"}, // 🚪 + {":elevator:", "\xf0\x9f\x9b\x97"}, // 🛗 + {":mirror:", "\xf0\x9f\xaa\x9e"}, // 🪞 + {":window:", "\xf0\x9f\xaa\x9f"}, // 🪟 + {":bed:", "\xf0\x9f\x9b\x8f\xef\xb8\x8f"}, // 🛏️ + {":couch_and_lamp:", "\xf0\x9f\x9b\x8b\xef\xb8\x8f"}, // 🛋️ + {":chair:", "\xf0\x9f\xaa\x91"}, // 🪑 + {":toilet:", "\xf0\x9f\x9a\xbd"}, // 🚽 + {":plunger:", "\xf0\x9f\xaa\xa0"}, // 🪠 + {":shower:", "\xf0\x9f\x9a\xbf"}, // 🚿 + {":bathtub:", "\xf0\x9f\x9b\x81"}, // 🛁 + {":mouse_trap:", "\xf0\x9f\xaa\xa4"}, // 🪤 + {":razor:", "\xf0\x9f\xaa\x92"}, // 🪒 + {":lotion_bottle:", "\xf0\x9f\xa7\xb4"}, // 🧴 + {":safety_pin:", "\xf0\x9f\xa7\xb7"}, // 🧷 + {":broom:", "\xf0\x9f\xa7\xb9"}, // 🧹 + {":basket:", "\xf0\x9f\xa7\xba"}, // 🧺 + {":roll_of_paper:", "\xf0\x9f\xa7\xbb"}, // 🧻 + {":bucket:", "\xf0\x9f\xaa\xa3"}, // 🪣 + {":soap:", "\xf0\x9f\xa7\xbc"}, // 🧼 + {":toothbrush:", "\xf0\x9f\xaa\xa5"}, // 🪥 + {":sponge:", "\xf0\x9f\xa7\xbd"}, // 🧽 + {":fire_extinguisher:", "\xf0\x9f\xa7\xaf"}, // 🧯 + {":shopping_cart:", "\xf0\x9f\x9b\x92"}, // 🛒 + {":smoking:", "\xf0\x9f\x9a\xac"}, // 🚬 + {":coffin:", "\xe2\x9a\xb0\xef\xb8\x8f"}, // ⚰️ + {":headstone:", "\xf0\x9f\xaa\xa6"}, // 🪦 + {":funeral_urn:", "\xe2\x9a\xb1\xef\xb8\x8f"}, // ⚱️ + {":moyai:", "\xf0\x9f\x97\xbf"}, // 🗿 + {":placard:", "\xf0\x9f\xaa\xa7"}, // 🪧 + {":atm:", "\xf0\x9f\x8f\xa7"}, // 🏧 + {":put_litter_in_its_place:", "\xf0\x9f\x9a\xae"}, // 🚮 + {":potable_water:", "\xf0\x9f\x9a\xb0"}, // 🚰 + {":wheelchair:", "\xe2\x99\xbf"}, // ♿ + {":mens:", "\xf0\x9f\x9a\xb9"}, // 🚹 + {":womens:", "\xf0\x9f\x9a\xba"}, // 🚺 + {":restroom:", "\xf0\x9f\x9a\xbb"}, // 🚻 + {":baby_symbol:", "\xf0\x9f\x9a\xbc"}, // 🚼 + {":wc:", "\xf0\x9f\x9a\xbe"}, // 🚾 + {":passport_control:", "\xf0\x9f\x9b\x82"}, // 🛂 + {":customs:", "\xf0\x9f\x9b\x83"}, // 🛃 + {":baggage_claim:", "\xf0\x9f\x9b\x84"}, // 🛄 + {":left_luggage:", "\xf0\x9f\x9b\x85"}, // 🛅 + {":warning:", "\xe2\x9a\xa0\xef\xb8\x8f"}, // ⚠️ + {":children_crossing:", "\xf0\x9f\x9a\xb8"}, // 🚸 + {":no_entry:", "\xe2\x9b\x94"}, // ⛔ + {":no_entry_sign:", "\xf0\x9f\x9a\xab"}, // 🚫 + {":no_bicycles:", "\xf0\x9f\x9a\xb3"}, // 🚳 + {":no_smoking:", "\xf0\x9f\x9a\xad"}, // 🚭 + {":do_not_litter:", "\xf0\x9f\x9a\xaf"}, // 🚯 + {":non-potable_water:", "\xf0\x9f\x9a\xb1"}, // 🚱 + {":no_pedestrians:", "\xf0\x9f\x9a\xb7"}, // 🚷 + {":no_mobile_phones:", "\xf0\x9f\x93\xb5"}, // 📵 + {":underage:", "\xf0\x9f\x94\x9e"}, // 🔞 + {":radioactive:", "\xe2\x98\xa2\xef\xb8\x8f"}, // ☢️ + {":biohazard:", "\xe2\x98\xa3\xef\xb8\x8f"}, // ☣️ + {":arrow_up:", "\xe2\xac\x86\xef\xb8\x8f"}, // ⬆️ + {":arrow_upper_right:", "\xe2\x86\x97\xef\xb8\x8f"}, // ↗️ + {":arrow_right:", "\xe2\x9e\xa1\xef\xb8\x8f"}, // ➡️ + {":arrow_lower_right:", "\xe2\x86\x98\xef\xb8\x8f"}, // ↘️ + {":arrow_down:", "\xe2\xac\x87\xef\xb8\x8f"}, // ⬇️ + {":arrow_lower_left:", "\xe2\x86\x99\xef\xb8\x8f"}, // ↙️ + {":arrow_left:", "\xe2\xac\x85\xef\xb8\x8f"}, // ⬅️ + {":arrow_upper_left:", "\xe2\x86\x96\xef\xb8\x8f"}, // ↖️ + {":arrow_up_down:", "\xe2\x86\x95\xef\xb8\x8f"}, // ↕️ + {":left_right_arrow:", "\xe2\x86\x94\xef\xb8\x8f"}, // ↔️ + {":leftwards_arrow_with_hook:", "\xe2\x86\xa9\xef\xb8\x8f"}, // ↩️ + {":arrow_right_hook:", "\xe2\x86\xaa\xef\xb8\x8f"}, // ↪️ + {":arrow_heading_up:", "\xe2\xa4\xb4\xef\xb8\x8f"}, // ⤴️ + {":arrow_heading_down:", "\xe2\xa4\xb5\xef\xb8\x8f"}, // ⤵️ + {":arrows_clockwise:", "\xf0\x9f\x94\x83"}, // 🔃 + {":arrows_counterclockwise:", "\xf0\x9f\x94\x84"}, // 🔄 + {":back:", "\xf0\x9f\x94\x99"}, // 🔙 + {":end:", "\xf0\x9f\x94\x9a"}, // 🔚 + {":on:", "\xf0\x9f\x94\x9b"}, // 🔛 + {":soon:", "\xf0\x9f\x94\x9c"}, // 🔜 + {":top:", "\xf0\x9f\x94\x9d"}, // 🔝 + {":place_of_worship:", "\xf0\x9f\x9b\x90"}, // 🛐 + {":atom_symbol:", "\xe2\x9a\x9b\xef\xb8\x8f"}, // ⚛️ + {":om:", "\xf0\x9f\x95\x89\xef\xb8\x8f"}, // 🕉️ + {":star_of_david:", "\xe2\x9c\xa1\xef\xb8\x8f"}, // ✡️ + {":wheel_of_dharma:", "\xe2\x98\xb8\xef\xb8\x8f"}, // ☸️ + {":yin_yang:", "\xe2\x98\xaf\xef\xb8\x8f"}, // ☯️ + {":latin_cross:", "\xe2\x9c\x9d\xef\xb8\x8f"}, // ✝️ + {":orthodox_cross:", "\xe2\x98\xa6\xef\xb8\x8f"}, // ☦️ + {":star_and_crescent:", "\xe2\x98\xaa\xef\xb8\x8f"}, // ☪️ + {":peace_symbol:", "\xe2\x98\xae\xef\xb8\x8f"}, // ☮️ + {":menorah:", "\xf0\x9f\x95\x8e"}, // 🕎 + {":six_pointed_star:", "\xf0\x9f\x94\xaf"}, // 🔯 + {":aries:", "\xe2\x99\x88"}, // ♈ + {":taurus:", "\xe2\x99\x89"}, // ♉ + {":gemini:", "\xe2\x99\x8a"}, // ♊ + {":cancer:", "\xe2\x99\x8b"}, // ♋ + {":leo:", "\xe2\x99\x8c"}, // ♌ + {":virgo:", "\xe2\x99\x8d"}, // ♍ + {":libra:", "\xe2\x99\x8e"}, // ♎ + {":scorpius:", "\xe2\x99\x8f"}, // ♏ + {":sagittarius:", "\xe2\x99\x90"}, // ♐ + {":capricorn:", "\xe2\x99\x91"}, // ♑ + {":aquarius:", "\xe2\x99\x92"}, // ♒ + {":pisces:", "\xe2\x99\x93"}, // ♓ + {":ophiuchus:", "\xe2\x9b\x8e"}, // ⛎ + {":twisted_rightwards_arrows:", "\xf0\x9f\x94\x80"}, // 🔀 + {":repeat:", "\xf0\x9f\x94\x81"}, // 🔁 + {":repeat_one:", "\xf0\x9f\x94\x82"}, // 🔂 + {":arrow_forward:", "\xe2\x96\xb6\xef\xb8\x8f"}, // ▶️ + {":fast_forward:", "\xe2\x8f\xa9"}, // ⏩ + {":next_track_button:", "\xe2\x8f\xad\xef\xb8\x8f"}, // ⏭️ + {":play_or_pause_button:", "\xe2\x8f\xaf\xef\xb8\x8f"}, // ⏯️ + {":arrow_backward:", "\xe2\x97\x80\xef\xb8\x8f"}, // ◀️ + {":rewind:", "\xe2\x8f\xaa"}, // ⏪ + {":previous_track_button:", "\xe2\x8f\xae\xef\xb8\x8f"}, // ⏮️ + {":arrow_up_small:", "\xf0\x9f\x94\xbc"}, // 🔼 + {":arrow_double_up:", "\xe2\x8f\xab"}, // ⏫ + {":arrow_down_small:", "\xf0\x9f\x94\xbd"}, // 🔽 + {":arrow_double_down:", "\xe2\x8f\xac"}, // ⏬ + {":pause_button:", "\xe2\x8f\xb8\xef\xb8\x8f"}, // ⏸️ + {":stop_button:", "\xe2\x8f\xb9\xef\xb8\x8f"}, // ⏹️ + {":record_button:", "\xe2\x8f\xba\xef\xb8\x8f"}, // ⏺️ + {":eject_button:", "\xe2\x8f\x8f\xef\xb8\x8f"}, // ⏏️ + {":cinema:", "\xf0\x9f\x8e\xa6"}, // 🎦 + {":low_brightness:", "\xf0\x9f\x94\x85"}, // 🔅 + {":high_brightness:", "\xf0\x9f\x94\x86"}, // 🔆 + {":signal_strength:", "\xf0\x9f\x93\xb6"}, // 📶 + {":vibration_mode:", "\xf0\x9f\x93\xb3"}, // 📳 + {":mobile_phone_off:", "\xf0\x9f\x93\xb4"}, // 📴 + {":female_sign:", "\xe2\x99\x80\xef\xb8\x8f"}, // ♀️ + {":male_sign:", "\xe2\x99\x82\xef\xb8\x8f"}, // ♂️ + {":transgender_symbol:", "\xe2\x9a\xa7\xef\xb8\x8f"}, // ⚧️ + {":heavy_multiplication_x:", "\xe2\x9c\x96\xef\xb8\x8f"}, // ✖️ + {":heavy_plus_sign:", "\xe2\x9e\x95"}, // ➕ + {":heavy_minus_sign:", "\xe2\x9e\x96"}, // ➖ + {":heavy_division_sign:", "\xe2\x9e\x97"}, // ➗ + {":infinity:", "\xe2\x99\xbe\xef\xb8\x8f"}, // ♾️ + {":bangbang:", "\xe2\x80\xbc\xef\xb8\x8f"}, // ‼️ + {":interrobang:", "\xe2\x81\x89\xef\xb8\x8f"}, // ⁉️ + {":question:", "\xe2\x9d\x93"}, // ❓ + {":grey_question:", "\xe2\x9d\x94"}, // ❔ + {":grey_exclamation:", "\xe2\x9d\x95"}, // ❕ + {":exclamation:", "\xe2\x9d\x97"}, // ❗ + {":heavy_exclamation_mark:", "\xe2\x9d\x97"}, // ❗ + {":wavy_dash:", "\xe3\x80\xb0\xef\xb8\x8f"}, // 〰️ + {":currency_exchange:", "\xf0\x9f\x92\xb1"}, // 💱 + {":heavy_dollar_sign:", "\xf0\x9f\x92\xb2"}, // 💲 + {":medical_symbol:", "\xe2\x9a\x95\xef\xb8\x8f"}, // ⚕️ + {":recycle:", "\xe2\x99\xbb\xef\xb8\x8f"}, // ♻️ + {":fleur_de_lis:", "\xe2\x9a\x9c\xef\xb8\x8f"}, // ⚜️ + {":trident:", "\xf0\x9f\x94\xb1"}, // 🔱 + {":name_badge:", "\xf0\x9f\x93\x9b"}, // 📛 + {":beginner:", "\xf0\x9f\x94\xb0"}, // 🔰 + {":o:", "\xe2\xad\x95"}, // ⭕ + {":white_check_mark:", "\xe2\x9c\x85"}, // ✅ + {":ballot_box_with_check:", "\xe2\x98\x91\xef\xb8\x8f"}, // ☑️ + {":heavy_check_mark:", "\xe2\x9c\x94\xef\xb8\x8f"}, // ✔️ + {":x:", "\xe2\x9d\x8c"}, // ❌ + {":negative_squared_cross_mark:", "\xe2\x9d\x8e"}, // ❎ + {":curly_loop:", "\xe2\x9e\xb0"}, // ➰ + {":loop:", "\xe2\x9e\xbf"}, // ➿ + {":part_alternation_mark:", "\xe3\x80\xbd\xef\xb8\x8f"}, // 〽️ + {":eight_spoked_asterisk:", "\xe2\x9c\xb3\xef\xb8\x8f"}, // ✳️ + {":eight_pointed_black_star:", "\xe2\x9c\xb4\xef\xb8\x8f"}, // ✴️ + {":sparkle:", "\xe2\x9d\x87\xef\xb8\x8f"}, // ❇️ + {":copyright:", "\xc2\xa9\xef\xb8\x8f"}, // ©️ + {":registered:", "\xc2\xae\xef\xb8\x8f"}, // ®️ + {":tm:", "\xe2\x84\xa2\xef\xb8\x8f"}, // ™️ + {":hash:", "\x23\xef\xb8\x8f\xe2\x83\xa3"}, // #️⃣ + {":asterisk:", "\x2a\xef\xb8\x8f\xe2\x83\xa3"}, // *️⃣ + {":zero:", "\x30\xef\xb8\x8f\xe2\x83\xa3"}, // 0️⃣ + {":one:", "\x31\xef\xb8\x8f\xe2\x83\xa3"}, // 1️⃣ + {":two:", "\x32\xef\xb8\x8f\xe2\x83\xa3"}, // 2️⃣ + {":three:", "\x33\xef\xb8\x8f\xe2\x83\xa3"}, // 3️⃣ + {":four:", "\x34\xef\xb8\x8f\xe2\x83\xa3"}, // 4️⃣ + {":five:", "\x35\xef\xb8\x8f\xe2\x83\xa3"}, // 5️⃣ + {":six:", "\x36\xef\xb8\x8f\xe2\x83\xa3"}, // 6️⃣ + {":seven:", "\x37\xef\xb8\x8f\xe2\x83\xa3"}, // 7️⃣ + {":eight:", "\x38\xef\xb8\x8f\xe2\x83\xa3"}, // 8️⃣ + {":nine:", "\x39\xef\xb8\x8f\xe2\x83\xa3"}, // 9️⃣ + {":keycap_ten:", "\xf0\x9f\x94\x9f"}, // 🔟 + {":capital_abcd:", "\xf0\x9f\x94\xa0"}, // 🔠 + {":abcd:", "\xf0\x9f\x94\xa1"}, // 🔡 + {":1234:", "\xf0\x9f\x94\xa2"}, // 🔢 + {":symbols:", "\xf0\x9f\x94\xa3"}, // 🔣 + {":abc:", "\xf0\x9f\x94\xa4"}, // 🔤 + {":a:", "\xf0\x9f\x85\xb0\xef\xb8\x8f"}, // 🅰️ + {":ab:", "\xf0\x9f\x86\x8e"}, // 🆎 + {":b:", "\xf0\x9f\x85\xb1\xef\xb8\x8f"}, // 🅱️ + {":cl:", "\xf0\x9f\x86\x91"}, // 🆑 + {":cool:", "\xf0\x9f\x86\x92"}, // 🆒 + {":free:", "\xf0\x9f\x86\x93"}, // 🆓 + {":information_source:", "\xe2\x84\xb9\xef\xb8\x8f"}, // ℹ️ + {":id:", "\xf0\x9f\x86\x94"}, // 🆔 + {":m:", "\xe2\x93\x82\xef\xb8\x8f"}, // Ⓜ️ + {":new:", "\xf0\x9f\x86\x95"}, // 🆕 + {":ng:", "\xf0\x9f\x86\x96"}, // 🆖 + {":o2:", "\xf0\x9f\x85\xbe\xef\xb8\x8f"}, // 🅾️ + {":ok:", "\xf0\x9f\x86\x97"}, // 🆗 + {":parking:", "\xf0\x9f\x85\xbf\xef\xb8\x8f"}, // 🅿️ + {":sos:", "\xf0\x9f\x86\x98"}, // 🆘 + {":up:", "\xf0\x9f\x86\x99"}, // 🆙 + {":vs:", "\xf0\x9f\x86\x9a"}, // 🆚 + {":koko:", "\xf0\x9f\x88\x81"}, // 🈁 + {":sa:", "\xf0\x9f\x88\x82\xef\xb8\x8f"}, // 🈂️ + {":u6708:", "\xf0\x9f\x88\xb7\xef\xb8\x8f"}, // 🈷️ + {":u6709:", "\xf0\x9f\x88\xb6"}, // 🈶 + {":u6307:", "\xf0\x9f\x88\xaf"}, // 🈯 + {":ideograph_advantage:", "\xf0\x9f\x89\x90"}, // 🉐 + {":u5272:", "\xf0\x9f\x88\xb9"}, // 🈹 + {":u7121:", "\xf0\x9f\x88\x9a"}, // 🈚 + {":u7981:", "\xf0\x9f\x88\xb2"}, // 🈲 + {":accept:", "\xf0\x9f\x89\x91"}, // 🉑 + {":u7533:", "\xf0\x9f\x88\xb8"}, // 🈸 + {":u5408:", "\xf0\x9f\x88\xb4"}, // 🈴 + {":u7a7a:", "\xf0\x9f\x88\xb3"}, // 🈳 + {":congratulations:", "\xe3\x8a\x97\xef\xb8\x8f"}, // ㊗️ + {":secret:", "\xe3\x8a\x99\xef\xb8\x8f"}, // ㊙️ + {":u55b6:", "\xf0\x9f\x88\xba"}, // 🈺 + {":u6e80:", "\xf0\x9f\x88\xb5"}, // 🈵 + {":red_circle:", "\xf0\x9f\x94\xb4"}, // 🔴 + {":orange_circle:", "\xf0\x9f\x9f\xa0"}, // 🟠 + {":yellow_circle:", "\xf0\x9f\x9f\xa1"}, // 🟡 + {":green_circle:", "\xf0\x9f\x9f\xa2"}, // 🟢 + {":large_blue_circle:", "\xf0\x9f\x94\xb5"}, // 🔵 + {":purple_circle:", "\xf0\x9f\x9f\xa3"}, // 🟣 + {":brown_circle:", "\xf0\x9f\x9f\xa4"}, // 🟤 + {":black_circle:", "\xe2\x9a\xab"}, // ⚫ + {":white_circle:", "\xe2\x9a\xaa"}, // ⚪ + {":red_square:", "\xf0\x9f\x9f\xa5"}, // 🟥 + {":orange_square:", "\xf0\x9f\x9f\xa7"}, // 🟧 + {":yellow_square:", "\xf0\x9f\x9f\xa8"}, // 🟨 + {":green_square:", "\xf0\x9f\x9f\xa9"}, // 🟩 + {":blue_square:", "\xf0\x9f\x9f\xa6"}, // 🟦 + {":purple_square:", "\xf0\x9f\x9f\xaa"}, // 🟪 + {":brown_square:", "\xf0\x9f\x9f\xab"}, // 🟫 + {":black_large_square:", "\xe2\xac\x9b"}, // ⬛ + {":white_large_square:", "\xe2\xac\x9c"}, // ⬜ + {":black_medium_square:", "\xe2\x97\xbc\xef\xb8\x8f"}, // ◼️ + {":white_medium_square:", "\xe2\x97\xbb\xef\xb8\x8f"}, // ◻️ + {":black_medium_small_square:", "\xe2\x97\xbe"}, // ◾ + {":white_medium_small_square:", "\xe2\x97\xbd"}, // ◽ + {":black_small_square:", "\xe2\x96\xaa\xef\xb8\x8f"}, // ▪️ + {":white_small_square:", "\xe2\x96\xab\xef\xb8\x8f"}, // ▫️ + {":large_orange_diamond:", "\xf0\x9f\x94\xb6"}, // 🔶 + {":large_blue_diamond:", "\xf0\x9f\x94\xb7"}, // 🔷 + {":small_orange_diamond:", "\xf0\x9f\x94\xb8"}, // 🔸 + {":small_blue_diamond:", "\xf0\x9f\x94\xb9"}, // 🔹 + {":small_red_triangle:", "\xf0\x9f\x94\xba"}, // 🔺 + {":small_red_triangle_down:", "\xf0\x9f\x94\xbb"}, // 🔻 + {":diamond_shape_with_a_dot_inside:", "\xf0\x9f\x92\xa0"}, // 💠 + {":radio_button:", "\xf0\x9f\x94\x98"}, // 🔘 + {":white_square_button:", "\xf0\x9f\x94\xb3"}, // 🔳 + {":black_square_button:", "\xf0\x9f\x94\xb2"}, // 🔲 + {":checkered_flag:", "\xf0\x9f\x8f\x81"}, // 🏁 + {":triangular_flag_on_post:", "\xf0\x9f\x9a\xa9"}, // 🚩 + {":crossed_flags:", "\xf0\x9f\x8e\x8c"}, // 🎌 + {":black_flag:", "\xf0\x9f\x8f\xb4"}, // 🏴 + {":white_flag:", "\xf0\x9f\x8f\xb3\xef\xb8\x8f"}, // 🏳️ + {":rainbow_flag:", "\xf0\x9f\x8f\xb3\xef\xb8\x8f\xe2\x80\x8d\xf0\x9f\x8c\x88"}, // 🏳️‍🌈 + {":transgender_flag:", "\xf0\x9f\x8f\xb3\xef\xb8\x8f\xe2\x80\x8d\xe2\x9a\xa7\xef\xb8\x8f"}, // 🏳️‍⚧️ + {":pirate_flag:", "\xf0\x9f\x8f\xb4\xe2\x80\x8d\xe2\x98\xa0\xef\xb8\x8f"}, // 🏴‍☠️ + {":ascension_island:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xa8"}, // 🇦🇨 + {":andorra:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xa9"}, // 🇦🇩 + {":united_arab_emirates:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xaa"}, // 🇦🇪 + {":afghanistan:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xab"}, // 🇦🇫 + {":antigua_barbuda:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xac"}, // 🇦🇬 + {":anguilla:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xae"}, // 🇦🇮 + {":albania:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xb1"}, // 🇦🇱 + {":armenia:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xb2"}, // 🇦🇲 + {":angola:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xb4"}, // 🇦🇴 + {":antarctica:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xb6"}, // 🇦🇶 + {":argentina:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xb7"}, // 🇦🇷 + {":american_samoa:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xb8"}, // 🇦🇸 + {":austria:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xb9"}, // 🇦🇹 + {":australia:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xba"}, // 🇦🇺 + {":aruba:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xbc"}, // 🇦🇼 + {":aland_islands:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xbd"}, // 🇦🇽 + {":azerbaijan:", "\xf0\x9f\x87\xa6\xf0\x9f\x87\xbf"}, // 🇦🇿 + {":bosnia_herzegovina:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xa6"}, // 🇧🇦 + {":barbados:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xa7"}, // 🇧🇧 + {":bangladesh:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xa9"}, // 🇧🇩 + {":belgium:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xaa"}, // 🇧🇪 + {":burkina_faso:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xab"}, // 🇧🇫 + {":bulgaria:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xac"}, // 🇧🇬 + {":bahrain:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xad"}, // 🇧🇭 + {":burundi:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xae"}, // 🇧🇮 + {":benin:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xaf"}, // 🇧🇯 + {":st_barthelemy:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb1"}, // 🇧🇱 + {":bermuda:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb2"}, // 🇧🇲 + {":brunei:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb3"}, // 🇧🇳 + {":bolivia:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb4"}, // 🇧🇴 + {":caribbean_netherlands:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb6"}, // 🇧🇶 + {":brazil:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb7"}, // 🇧🇷 + {":bahamas:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb8"}, // 🇧🇸 + {":bhutan:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xb9"}, // 🇧🇹 + {":bouvet_island:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xbb"}, // 🇧🇻 + {":botswana:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xbc"}, // 🇧🇼 + {":belarus:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xbe"}, // 🇧🇾 + {":belize:", "\xf0\x9f\x87\xa7\xf0\x9f\x87\xbf"}, // 🇧🇿 + {":canada:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xa6"}, // 🇨🇦 + {":cocos_islands:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xa8"}, // 🇨🇨 + {":congo_kinshasa:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xa9"}, // 🇨🇩 + {":central_african_republic:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xab"}, // 🇨🇫 + {":congo_brazzaville:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xac"}, // 🇨🇬 + {":switzerland:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xad"}, // 🇨🇭 + {":cote_divoire:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xae"}, // 🇨🇮 + {":cook_islands:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xb0"}, // 🇨🇰 + {":chile:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xb1"}, // 🇨🇱 + {":cameroon:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xb2"}, // 🇨🇲 + {":cn:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xb3"}, // 🇨🇳 + {":colombia:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xb4"}, // 🇨🇴 + {":clipperton_island:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xb5"}, // 🇨🇵 + {":costa_rica:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xb7"}, // 🇨🇷 + {":cuba:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xba"}, // 🇨🇺 + {":cape_verde:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xbb"}, // 🇨🇻 + {":curacao:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xbc"}, // 🇨🇼 + {":christmas_island:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xbd"}, // 🇨🇽 + {":cyprus:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xbe"}, // 🇨🇾 + {":czech_republic:", "\xf0\x9f\x87\xa8\xf0\x9f\x87\xbf"}, // 🇨🇿 + {":de:", "\xf0\x9f\x87\xa9\xf0\x9f\x87\xaa"}, // 🇩🇪 + {":diego_garcia:", "\xf0\x9f\x87\xa9\xf0\x9f\x87\xac"}, // 🇩🇬 + {":djibouti:", "\xf0\x9f\x87\xa9\xf0\x9f\x87\xaf"}, // 🇩🇯 + {":denmark:", "\xf0\x9f\x87\xa9\xf0\x9f\x87\xb0"}, // 🇩🇰 + {":dominica:", "\xf0\x9f\x87\xa9\xf0\x9f\x87\xb2"}, // 🇩🇲 + {":dominican_republic:", "\xf0\x9f\x87\xa9\xf0\x9f\x87\xb4"}, // 🇩🇴 + {":algeria:", "\xf0\x9f\x87\xa9\xf0\x9f\x87\xbf"}, // 🇩🇿 + {":ceuta_melilla:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xa6"}, // 🇪🇦 + {":ecuador:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xa8"}, // 🇪🇨 + {":estonia:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xaa"}, // 🇪🇪 + {":egypt:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xac"}, // 🇪🇬 + {":western_sahara:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xad"}, // 🇪🇭 + {":eritrea:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xb7"}, // 🇪🇷 + {":es:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xb8"}, // 🇪🇸 + {":ethiopia:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xb9"}, // 🇪🇹 + {":eu:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xba"}, // 🇪🇺 + {":european_union:", "\xf0\x9f\x87\xaa\xf0\x9f\x87\xba"}, // 🇪🇺 + {":finland:", "\xf0\x9f\x87\xab\xf0\x9f\x87\xae"}, // 🇫🇮 + {":fiji:", "\xf0\x9f\x87\xab\xf0\x9f\x87\xaf"}, // 🇫🇯 + {":falkland_islands:", "\xf0\x9f\x87\xab\xf0\x9f\x87\xb0"}, // 🇫🇰 + {":micronesia:", "\xf0\x9f\x87\xab\xf0\x9f\x87\xb2"}, // 🇫🇲 + {":faroe_islands:", "\xf0\x9f\x87\xab\xf0\x9f\x87\xb4"}, // 🇫🇴 + {":fr:", "\xf0\x9f\x87\xab\xf0\x9f\x87\xb7"}, // 🇫🇷 + {":gabon:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xa6"}, // 🇬🇦 + {":gb:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xa7"}, // 🇬🇧 + {":uk:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xa7"}, // 🇬🇧 + {":grenada:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xa9"}, // 🇬🇩 + {":georgia:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xaa"}, // 🇬🇪 + {":french_guiana:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xab"}, // 🇬🇫 + {":guernsey:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xac"}, // 🇬🇬 + {":ghana:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xad"}, // 🇬🇭 + {":gibraltar:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xae"}, // 🇬🇮 + {":greenland:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb1"}, // 🇬🇱 + {":gambia:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb2"}, // 🇬🇲 + {":guinea:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb3"}, // 🇬🇳 + {":guadeloupe:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb5"}, // 🇬🇵 + {":equatorial_guinea:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb6"}, // 🇬🇶 + {":greece:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb7"}, // 🇬🇷 + {":south_georgia_south_sandwich_islands:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb8"}, // 🇬🇸 + {":guatemala:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xb9"}, // 🇬🇹 + {":guam:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xba"}, // 🇬🇺 + {":guinea_bissau:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xbc"}, // 🇬🇼 + {":guyana:", "\xf0\x9f\x87\xac\xf0\x9f\x87\xbe"}, // 🇬🇾 + {":hong_kong:", "\xf0\x9f\x87\xad\xf0\x9f\x87\xb0"}, // 🇭🇰 + {":heard_mcdonald_islands:", "\xf0\x9f\x87\xad\xf0\x9f\x87\xb2"}, // 🇭🇲 + {":honduras:", "\xf0\x9f\x87\xad\xf0\x9f\x87\xb3"}, // 🇭🇳 + {":croatia:", "\xf0\x9f\x87\xad\xf0\x9f\x87\xb7"}, // 🇭🇷 + {":haiti:", "\xf0\x9f\x87\xad\xf0\x9f\x87\xb9"}, // 🇭🇹 + {":hungary:", "\xf0\x9f\x87\xad\xf0\x9f\x87\xba"}, // 🇭🇺 + {":canary_islands:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xa8"}, // 🇮🇨 + {":indonesia:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xa9"}, // 🇮🇩 + {":ireland:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xaa"}, // 🇮🇪 + {":israel:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb1"}, // 🇮🇱 + {":isle_of_man:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb2"}, // 🇮🇲 + {":india:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb3"}, // 🇮🇳 + {":british_indian_ocean_territory:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb4"}, // 🇮🇴 + {":iraq:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb6"}, // 🇮🇶 + {":iran:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb7"}, // 🇮🇷 + {":iceland:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb8"}, // 🇮🇸 + {":it:", "\xf0\x9f\x87\xae\xf0\x9f\x87\xb9"}, // 🇮🇹 + {":jersey:", "\xf0\x9f\x87\xaf\xf0\x9f\x87\xaa"}, // 🇯🇪 + {":jamaica:", "\xf0\x9f\x87\xaf\xf0\x9f\x87\xb2"}, // 🇯🇲 + {":jordan:", "\xf0\x9f\x87\xaf\xf0\x9f\x87\xb4"}, // 🇯🇴 + {":jp:", "\xf0\x9f\x87\xaf\xf0\x9f\x87\xb5"}, // 🇯🇵 + {":kenya:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xaa"}, // 🇰🇪 + {":kyrgyzstan:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xac"}, // 🇰🇬 + {":cambodia:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xad"}, // 🇰🇭 + {":kiribati:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xae"}, // 🇰🇮 + {":comoros:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xb2"}, // 🇰🇲 + {":st_kitts_nevis:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xb3"}, // 🇰🇳 + {":north_korea:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xb5"}, // 🇰🇵 + {":kr:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xb7"}, // 🇰🇷 + {":kuwait:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xbc"}, // 🇰🇼 + {":cayman_islands:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xbe"}, // 🇰🇾 + {":kazakhstan:", "\xf0\x9f\x87\xb0\xf0\x9f\x87\xbf"}, // 🇰🇿 + {":laos:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xa6"}, // 🇱🇦 + {":lebanon:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xa7"}, // 🇱🇧 + {":st_lucia:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xa8"}, // 🇱🇨 + {":liechtenstein:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xae"}, // 🇱🇮 + {":sri_lanka:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xb0"}, // 🇱🇰 + {":liberia:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xb7"}, // 🇱🇷 + {":lesotho:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xb8"}, // 🇱🇸 + {":lithuania:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xb9"}, // 🇱🇹 + {":luxembourg:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xba"}, // 🇱🇺 + {":latvia:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xbb"}, // 🇱🇻 + {":libya:", "\xf0\x9f\x87\xb1\xf0\x9f\x87\xbe"}, // 🇱🇾 + {":morocco:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xa6"}, // 🇲🇦 + {":monaco:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xa8"}, // 🇲🇨 + {":moldova:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xa9"}, // 🇲🇩 + {":montenegro:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xaa"}, // 🇲🇪 + {":st_martin:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xab"}, // 🇲🇫 + {":madagascar:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xac"}, // 🇲🇬 + {":marshall_islands:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xad"}, // 🇲🇭 + {":macedonia:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb0"}, // 🇲🇰 + {":mali:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb1"}, // 🇲🇱 + {":myanmar:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb2"}, // 🇲🇲 + {":mongolia:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb3"}, // 🇲🇳 + {":macau:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb4"}, // 🇲🇴 + {":northern_mariana_islands:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb5"}, // 🇲🇵 + {":martinique:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb6"}, // 🇲🇶 + {":mauritania:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb7"}, // 🇲🇷 + {":montserrat:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb8"}, // 🇲🇸 + {":malta:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xb9"}, // 🇲🇹 + {":mauritius:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xba"}, // 🇲🇺 + {":maldives:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xbb"}, // 🇲🇻 + {":malawi:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xbc"}, // 🇲🇼 + {":mexico:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xbd"}, // 🇲🇽 + {":malaysia:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xbe"}, // 🇲🇾 + {":mozambique:", "\xf0\x9f\x87\xb2\xf0\x9f\x87\xbf"}, // 🇲🇿 + {":namibia:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xa6"}, // 🇳🇦 + {":new_caledonia:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xa8"}, // 🇳🇨 + {":niger:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xaa"}, // 🇳🇪 + {":norfolk_island:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xab"}, // 🇳🇫 + {":nigeria:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xac"}, // 🇳🇬 + {":nicaragua:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xae"}, // 🇳🇮 + {":netherlands:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xb1"}, // 🇳🇱 + {":norway:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xb4"}, // 🇳🇴 + {":nepal:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xb5"}, // 🇳🇵 + {":nauru:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xb7"}, // 🇳🇷 + {":niue:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xba"}, // 🇳🇺 + {":new_zealand:", "\xf0\x9f\x87\xb3\xf0\x9f\x87\xbf"}, // 🇳🇿 + {":oman:", "\xf0\x9f\x87\xb4\xf0\x9f\x87\xb2"}, // 🇴🇲 + {":panama:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xa6"}, // 🇵🇦 + {":peru:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xaa"}, // 🇵🇪 + {":french_polynesia:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xab"}, // 🇵🇫 + {":papua_new_guinea:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xac"}, // 🇵🇬 + {":philippines:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xad"}, // 🇵🇭 + {":pakistan:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xb0"}, // 🇵🇰 + {":poland:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xb1"}, // 🇵🇱 + {":st_pierre_miquelon:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xb2"}, // 🇵🇲 + {":pitcairn_islands:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xb3"}, // 🇵🇳 + {":puerto_rico:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xb7"}, // 🇵🇷 + {":palestinian_territories:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xb8"}, // 🇵🇸 + {":portugal:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xb9"}, // 🇵🇹 + {":palau:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xbc"}, // 🇵🇼 + {":paraguay:", "\xf0\x9f\x87\xb5\xf0\x9f\x87\xbe"}, // 🇵🇾 + {":qatar:", "\xf0\x9f\x87\xb6\xf0\x9f\x87\xa6"}, // 🇶🇦 + {":reunion:", "\xf0\x9f\x87\xb7\xf0\x9f\x87\xaa"}, // 🇷🇪 + {":romania:", "\xf0\x9f\x87\xb7\xf0\x9f\x87\xb4"}, // 🇷🇴 + {":serbia:", "\xf0\x9f\x87\xb7\xf0\x9f\x87\xb8"}, // 🇷🇸 + {":ru:", "\xf0\x9f\x87\xb7\xf0\x9f\x87\xba"}, // 🇷🇺 + {":rwanda:", "\xf0\x9f\x87\xb7\xf0\x9f\x87\xbc"}, // 🇷🇼 + {":saudi_arabia:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xa6"}, // 🇸🇦 + {":solomon_islands:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xa7"}, // 🇸🇧 + {":seychelles:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xa8"}, // 🇸🇨 + {":sudan:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xa9"}, // 🇸🇩 + {":sweden:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xaa"}, // 🇸🇪 + {":singapore:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xac"}, // 🇸🇬 + {":st_helena:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xad"}, // 🇸🇭 + {":slovenia:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xae"}, // 🇸🇮 + {":svalbard_jan_mayen:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xaf"}, // 🇸🇯 + {":slovakia:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb0"}, // 🇸🇰 + {":sierra_leone:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb1"}, // 🇸🇱 + {":san_marino:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb2"}, // 🇸🇲 + {":senegal:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb3"}, // 🇸🇳 + {":somalia:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb4"}, // 🇸🇴 + {":suriname:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb7"}, // 🇸🇷 + {":south_sudan:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb8"}, // 🇸🇸 + {":sao_tome_principe:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xb9"}, // 🇸🇹 + {":el_salvador:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xbb"}, // 🇸🇻 + {":sint_maarten:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xbd"}, // 🇸🇽 + {":syria:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xbe"}, // 🇸🇾 + {":swaziland:", "\xf0\x9f\x87\xb8\xf0\x9f\x87\xbf"}, // 🇸🇿 + {":tristan_da_cunha:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xa6"}, // 🇹🇦 + {":turks_caicos_islands:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xa8"}, // 🇹🇨 + {":chad:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xa9"}, // 🇹🇩 + {":french_southern_territories:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xab"}, // 🇹🇫 + {":togo:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xac"}, // 🇹🇬 + {":thailand:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xad"}, // 🇹🇭 + {":tajikistan:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xaf"}, // 🇹🇯 + {":tokelau:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xb0"}, // 🇹🇰 + {":timor_leste:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xb1"}, // 🇹🇱 + {":turkmenistan:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xb2"}, // 🇹🇲 + {":tunisia:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xb3"}, // 🇹🇳 + {":tonga:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xb4"}, // 🇹🇴 + {":tr:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xb7"}, // 🇹🇷 + {":trinidad_tobago:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xb9"}, // 🇹🇹 + {":tuvalu:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xbb"}, // 🇹🇻 + {":taiwan:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xbc"}, // 🇹🇼 + {":tanzania:", "\xf0\x9f\x87\xb9\xf0\x9f\x87\xbf"}, // 🇹🇿 + {":ukraine:", "\xf0\x9f\x87\xba\xf0\x9f\x87\xa6"}, // 🇺🇦 + {":uganda:", "\xf0\x9f\x87\xba\xf0\x9f\x87\xac"}, // 🇺🇬 + {":us_outlying_islands:", "\xf0\x9f\x87\xba\xf0\x9f\x87\xb2"}, // 🇺🇲 + {":united_nations:", "\xf0\x9f\x87\xba\xf0\x9f\x87\xb3"}, // 🇺🇳 + {":us:", "\xf0\x9f\x87\xba\xf0\x9f\x87\xb8"}, // 🇺🇸 + {":uruguay:", "\xf0\x9f\x87\xba\xf0\x9f\x87\xbe"}, // 🇺🇾 + {":uzbekistan:", "\xf0\x9f\x87\xba\xf0\x9f\x87\xbf"}, // 🇺🇿 + {":vatican_city:", "\xf0\x9f\x87\xbb\xf0\x9f\x87\xa6"}, // 🇻🇦 + {":st_vincent_grenadines:", "\xf0\x9f\x87\xbb\xf0\x9f\x87\xa8"}, // 🇻🇨 + {":venezuela:", "\xf0\x9f\x87\xbb\xf0\x9f\x87\xaa"}, // 🇻🇪 + {":british_virgin_islands:", "\xf0\x9f\x87\xbb\xf0\x9f\x87\xac"}, // 🇻🇬 + {":us_virgin_islands:", "\xf0\x9f\x87\xbb\xf0\x9f\x87\xae"}, // 🇻🇮 + {":vietnam:", "\xf0\x9f\x87\xbb\xf0\x9f\x87\xb3"}, // 🇻🇳 + {":vanuatu:", "\xf0\x9f\x87\xbb\xf0\x9f\x87\xba"}, // 🇻🇺 + {":wallis_futuna:", "\xf0\x9f\x87\xbc\xf0\x9f\x87\xab"}, // 🇼🇫 + {":samoa:", "\xf0\x9f\x87\xbc\xf0\x9f\x87\xb8"}, // 🇼🇸 + {":kosovo:", "\xf0\x9f\x87\xbd\xf0\x9f\x87\xb0"}, // 🇽🇰 + {":yemen:", "\xf0\x9f\x87\xbe\xf0\x9f\x87\xaa"}, // 🇾🇪 + {":mayotte:", "\xf0\x9f\x87\xbe\xf0\x9f\x87\xb9"}, // 🇾🇹 + {":south_africa:", "\xf0\x9f\x87\xbf\xf0\x9f\x87\xa6"}, // 🇿🇦 + {":zambia:", "\xf0\x9f\x87\xbf\xf0\x9f\x87\xb2"}, // 🇿🇲 + {":zimbabwe:", "\xf0\x9f\x87\xbf\xf0\x9f\x87\xbc"}, // 🇿🇼 + {":england:", "\xf0\x9f\x8f\xb4\xf3\xa0\x81\xa7\xf3\xa0\x81\xa2\xf3\xa0\x81\xa5\xf3\xa0\x81\xae\xf3\xa0\x81\xa7\xf3\xa0\x81\xbf"}, // 🏴󠁧󠁢󠁥󠁮󠁧󠁿 + {":scotland:", "\xf0\x9f\x8f\xb4\xf3\xa0\x81\xa7\xf3\xa0\x81\xa2\xf3\xa0\x81\xb3\xf3\xa0\x81\xa3\xf3\xa0\x81\xb4\xf3\xa0\x81\xbf"}, // 🏴󠁧󠁢󠁳󠁣󠁴󠁿 + {":wales:", "\xf0\x9f\x8f\xb4\xf3\xa0\x81\xa7\xf3\xa0\x81\xa2\xf3\xa0\x81\xb7\xf3\xa0\x81\xac\xf3\xa0\x81\xb3\xf3\xa0\x81\xbf"}, // 🏴󠁧󠁢󠁷󠁬󠁳󠁿 + {NULL, NULL} +}; +#endif diff --git a/client/emojis_alt.h b/client/emojis_alt.h new file mode 100644 index 000000000..9d11f73b9 --- /dev/null +++ b/client/emojis_alt.h @@ -0,0 +1,15 @@ +#ifndef EMOJIS_ALT_H__ +#define EMOJIS_ALT_H__ + +typedef struct emoji_alt_s { + const char *alias; + const char *alttext; +} emoji_alt_t; +// emoji_alt_t array are expected to be NULL terminated + +static emoji_alt_t EmojiAltTable[] = { + {":wink:", ";)"}, + {NULL, NULL} +}; + +#endif diff --git a/client/emojis_scrap_github.py b/client/emojis_scrap_github.py new file mode 100755 index 000000000..4c102e644 --- /dev/null +++ b/client/emojis_scrap_github.py @@ -0,0 +1,38 @@ +#!/usr/bin/env python3 + +# Mostly derived from https://github.com/mrowa44/emojify Copyright (c) 2015 Justyna Rachowicz + +from urllib.request import urlopen +import json + + +EMOJI_JSON_URL = 'https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json' + +def print_emoji(emoji_json): + for alias in emoji_json['aliases']: + print(' {{":{0}:", "{1}"}}, // {2}'.format(alias, + +''.join('\\x{:02x}'.format(b) for b in emoji_json['emoji'].encode('utf8')), + +emoji_json['emoji'])) + +print( +"""#ifndef EMOJIS_H__ +#define EMOJIS_H__ + +typedef struct emoji_s { + const char *alias; + const char *emoji; +} emoji_t; +// emoji_t array are expected to be NULL terminated + +static emoji_t EmojiTable[] = {""") + +with urlopen(EMOJI_JSON_URL) as conn: + emojis_json = json.loads(conn.read().decode('utf-8')) + for emoji_json in emojis_json: + print_emoji(emoji_json) + +print(""" {NULL, NULL} +}; +#endif""") diff --git a/client/emv/emvcore.c b/client/emv/emvcore.c index 5bf330fe4..fe5ff3a31 100644 --- a/client/emv/emvcore.c +++ b/client/emv/emvcore.c @@ -305,7 +305,7 @@ static int EMVExchangeEx(EMVCommandChannel channel, bool ActivateField, bool Lea break; case ECC_CONTACT: if (IfPm3Smartcard()) - res = ExchangeAPDUSC(data, datalen, ActivateField, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen); + res = ExchangeAPDUSC(true, data, datalen, ActivateField, LeaveFieldON, Result, (int)MaxResultLen, (int *)ResultLen); else res = 1; if (res) { diff --git a/client/fileutils.c b/client/fileutils.c index d9e6e4445..3343ebc05 100644 --- a/client/fileutils.c +++ b/client/fileutils.c @@ -70,7 +70,7 @@ struct wave_info_t { char tag[4]; uint32_t size; } PACKED audio_data; -} PACKED wave_info; +} PACKED; /** * @brief checks if a file exists @@ -233,6 +233,7 @@ out: int saveFileJSON(const char *preferredName, JSONFileType ftype, uint8_t *data, size_t datalen) { if (data == NULL) return PM3_EINVARG; + char *fileName = newfilenamemcopy(preferredName, ".json"); if (fileName == NULL) return PM3_EMALLOC; @@ -368,10 +369,34 @@ int saveFileJSON(const char *preferredName, JSONFileType ftype, uint8_t *data, s } break; } - case jsf14b: - case jsf15: - case jsfLegic: - case jsfT5555: + case jsf14b: { + JsonSaveStr(root, "FileType", "14b"); + JsonSaveBufAsHexCompact(root, "raw", data, datalen); + break; + } + case jsf15: { + JsonSaveStr(root, "FileType", "15693"); + JsonSaveBufAsHexCompact(root, "raw", data, datalen); + break; + } + case jsfLegic: { + JsonSaveStr(root, "FileType", "legic"); + JsonSaveBufAsHexCompact(root, "raw", data, datalen); + break; + } + case jsfT5555: { + JsonSaveStr(root, "FileType", "t5555"); + uint8_t conf[4] = {0}; + memcpy(conf, data, 4); + JsonSaveBufAsHexCompact(root, "$.Card.ConfigBlock", conf, sizeof(conf)); + + for (size_t i = 0; i < (datalen / 4); i++) { + char path[PATH_MAX_LENGTH] = {0}; + sprintf(path, "$.blocks.%zu", i); + JsonSaveBufAsHexCompact(root, path, data + (i * 4), 4); + } + break; + } case jsfMfPlusKeys: JsonSaveStr(root, "FileType", "mfp"); JsonSaveBufAsHexCompact(root, "$.Card.UID", &data[0], 7); diff --git a/client/flash.c b/client/flash.c index 698e39187..ad3d8fd93 100644 --- a/client/flash.c +++ b/client/flash.c @@ -529,7 +529,7 @@ const char ice[] = " !!: :!! !!: !!: !!: !!: !!! !!: !!!\n : :: :: : : :: ::: : : : : : :: : \n" _RED_(" . .. .. . . .. ... . . . . . .. . ") "\n...................................................................\n" -; + ; // Write a file's segments to Flash int flash_write(flash_file_t *ctx) { @@ -566,8 +566,8 @@ int flash_write(flash_file_t *ctx) { baddr += block_size; length -= block_size; block++; - if ( len < strlen(ice) ) { - if (filter_ansi && !isalpha(ice[len]) ) { + if (len < strlen(ice)) { + if (filter_ansi && !isalpha(ice[len])) { len++; } else { fprintf(stdout, "%c", ice[len++]); diff --git a/client/gen_pm3mfsim_script.sh b/client/gen_pm3mfsim_script.sh index 86f368673..73c7a4dd4 100644 --- a/client/gen_pm3mfsim_script.sh +++ b/client/gen_pm3mfsim_script.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Andrei Costin , 2011 # gen_pm3mfsim_script.sh diff --git a/client/loclass/cipherutils.c b/client/loclass/cipherutils.c index 5f16b68fd..09f4bccd7 100644 --- a/client/loclass/cipherutils.c +++ b/client/loclass/cipherutils.c @@ -160,12 +160,12 @@ void printarr(const char *name, uint8_t *arr, int len) { cx += snprintf(output + cx, outsize - cx, "0x%02x,", *(arr + i)); //5 bytes per byte } snprintf(output + cx, outsize - cx, "};"); - PrintAndLogEx(NORMAL, output); + PrintAndLogEx(INFO, output); free(output); } void printvar(const char *name, uint8_t *arr, int len) { - PrintAndLogEx(NORMAL, "%s = " _YELLOW_("%s"), name, sprint_hex(arr, len)); + PrintAndLogEx(INFO, "%s = " _YELLOW_("%s"), name, sprint_hex(arr, len)); } void printarr_human_readable(const char *title, uint8_t *arr, int len) { @@ -175,13 +175,13 @@ void printarr_human_readable(const char *title, uint8_t *arr, int len) { int cx = 0, i; size_t outsize = 100 + strlen(title) + len * 4; char *output = calloc(outsize, sizeof(char)); - PrintAndLogEx(NORMAL, "\n %s", title); + PrintAndLogEx(INFO, "%s", title); for (i = 0; i < len; i++) { if (i % 16 == 0) cx += snprintf(output + cx, outsize - cx, "\n%02x| ", i); cx += snprintf(output + cx, outsize - cx, "%02x ", *(arr + i)); } - PrintAndLogEx(NORMAL, output); + PrintAndLogEx(INFO, output); free(output); } diff --git a/client/loclass/ikeys.c b/client/loclass/ikeys.c index 339ea91f7..9d9926547 100644 --- a/client/loclass/ikeys.c +++ b/client/loclass/ikeys.c @@ -199,7 +199,6 @@ static uint64_t check(uint64_t z) { ck2 &= 0x00000000FFFFFF000000; return ck1 | ck2 >> 24; - } static void permute(BitstreamIn *p_in, uint64_t z, int l, int r, BitstreamOut *out) { @@ -219,6 +218,7 @@ static void permute(BitstreamIn *p_in, uint64_t z, int l, int r, BitstreamOut *o permute(p_in, z, l, r + 1, out); } } + static void printbegin() { if (debug_print < 2) return; diff --git a/client/luascripts/hf-writer.lua b/client/luascripts/hf-writer.lua new file mode 100644 index 000000000..c1812902d --- /dev/null +++ b/client/luascripts/hf-writer.lua @@ -0,0 +1,231 @@ +local utils = require('utils') +local getopt = require('getopt') +local read14a = require('read14a') + +--[[ +---Suggestions of improvement: +--- Add support another types of dumps: BIN, JSON +--- Maybe it will be not only as `mfc_gen3_writer`, like a universal dump manager. +--- Add undependence from the operation system. At the moment code not working in Linux. +--- Add more chinesse backdoors RAW commands for UID changing (find RAW for the 4 byte familiar chinese card, from native it soft: http://bit.ly/39VIDsU) +--- Hide system messages when you writing a dumps, replace it to some of like [#####----------] 40% + +-- iceman notes: +-- doesn't take consideration filepaths for dump files. +-- doesn't allow A keys for authenticating when writing +-- doesn't verify that card is magic gen3. +-- doesn't take several versions of same dump ( -1, -2, -3 ) styles. +--]] + +copyright = '' +author = 'Winds' +version = 'v1.0.0' +desc = [[ + The script gives you a easy way to write your *.eml dumps onto normal MFC and magic Gen3 cards. + + Works with both 4 and 7 bytes NXP MIFARE Classic 1K cards. + The script also has the possibility to change UID and permanent lock uid on magic Gen3 cards. + + It supports the following functionality. + + 1. Write it to the same of current card UID. + 2. Write it to magic Gen3 card. + 3. Change uid to match dump on magic Gen3 card. + 4. Permanent lock UID on magic Gen3 card. + 5. Erase all data at the card and set the FF FF FF FF FF FF keys, and Access Conditions to 78778800. + + Script works in a wizard styled way. +]] +example = [[ + 1. script run mfc_gen3_writer +]] +usage = [[ + Select your *.eml dump from list to write to the card. +]] + +-- Some globals +local DEBUG = false -- the debug flag + +------------------------------- +-- Some utilities +------------------------------- + +--- +-- A debug printout-function +local function dbg(args) + if not DEBUG then return end + if type(args) == 'table' then + local i = 1 + while args[i] do + dbg(args[i]) + i = i+1 + end + else + print('###', args) + end +end +--- +-- This is only meant to be used when errors occur +local function oops(err) + print('ERROR:', err) + core.clearCommandBuffer() + return nil, err +end +--- +-- Usage help +local function help() + print(copyright) + print(author) + print(version) + print(desc) + print('Example usage') + print(example) + print(usage) +end +--- +-- GetUID +local function GetUID() + return read14a.read(true, true).uid +end +--- +-- +local function dropfield() + read14a.disconnect() + core.clearCommandBuffer() +end +--- +-- Wait for tag (MFC) +local function wait() + read14a.waitFor14443a() +end +--- +-- +local function main(args) + + -- Arguments for the script + for o, a in getopt.getopt(args, 'hd') do + if o == 'h' then return help() end + if o == 'd' then DEBUG = true end + end + + local files = {} -- Array for eml files + local b_keys = {} -- Array for B keys + local eml = {} -- Array for data in block 32 + local num_dumps = 0 -- num of found eml dump files + + local tab = string.rep('-', 64) + -- + wait() + print(tab) + + local length = 25 + local e = 16 + -- Detect 7 byte card + if string.len(GetUID()) == 14 then + length = 31 + e = 22 + end + dropfield() + + ---List all EML files in /client + local dumpEML = "find '.' -iname '*dump.eml' -type f" + local p = assert(io.popen(dumpEML)) + for _ in p:lines() do + + -- The length of eml file + if string.len(_) == length then + num_dumps = num_dumps + 1 + -- cut UID from eml file + files[num_dumps] = string.sub(_, 9, e) + print(' '..num_dumps..' | '..files[num_dumps]) + end + end + p.close() + + if num_dumps == 0 then return oops("Didn't find any dump files") end + + print(tab) + print(' Your card has UID '..GetUID()) + print('') + print(' Select which dump to write (1 until '..num_dumps..')') + print(tab) + io.write(' --> ') + + local no = tonumber(io.read()) + print(tab) + print(' You have been selected card dump ' .. no .. ', with UID : '..files[no]) + + --- Load eml file + local dumpfile = assert(io.open('./hf-mf-' .. files[no] .. '-dump.eml', 'r')) + for _ in dumpfile:lines() do table.insert(eml, _); end + dumpfile.close() + + --- Extract B key from EML file + local b = 0 + for i = 1, #eml do + if (i % 4 == 0) then + repeat + b = b + 1 + -- Cut key from block + b_keys[b] = string.sub(eml[i], (#eml[i] - 11), #eml[i]) + until b % 4 == 0 + end + end + print(tab) + dbg(b_keys) + dbg(eml) + + --- Change UID on certain version of magic Gen3 card. + if (utils.confirm(' Change UID ?') == true) then + wait() + --core.console('hf 14a raw -s -c -t 2000 90f0cccc10'..tostring(eml[1])) + print('hf 14a raw -s -c -t 2000 90f0cccc10'..tostring(eml[1])) + print(tab) + print(' The new card UID : ' .. GetUID()) + end + print(tab) + + --- Lock UID + if (utils.confirm(' Permanent lock UID ? (card can never change uid again) ') == true) then + wait() + core.console('hf 14a raw -s -c -t 2000 90fd111100') + end + print(tab) + + --- Writing blocks + local default_key = 'FFFFFFFFFFFF' + local default_key_blk = 'FFFFFFFFFFFF78778800FFFFFFFFFFFF' + local empty = string.rep('0', 32) + local cmd_wrbl = 'hf mf wrbl %d B %s %s' + + if (utils.confirm(' Are you using a empty card with default key?') == true) then + wait() + for i = 1, #eml do + core.console(string.format(cmd_wrbl, (i-1), default_key, eml[i])) + end + else + print(tab) + if (utils.confirm(' Delete ALL data and write all keys to 0x'..default_key..' ?') == true) then + wait() + for i = 1, #eml do + if (i % 4 == 0) then + core.console(string.format(cmd_wrbl, (i-1), b_keys[i], default_key_blk)) + else + core.console(string.format(cmd_wrbl, (i-1), b_keys[i], empty)) + end + end + else + print(tab) + print('Writing to card') + wait() + for i = 1, #eml do + core.console(string.format(cmd_wrbl, (i-1), b_keys[i], eml[i])) + end + end + end + dropfield() + print(tab) + print('Done') +end + +main(args) diff --git a/client/luascripts/hf_bruteforce.lua b/client/luascripts/hf_bruteforce.lua index a3a6636b8..485d72809 100644 --- a/client/luascripts/hf_bruteforce.lua +++ b/client/luascripts/hf_bruteforce.lua @@ -1,27 +1,34 @@ --- Run me like this: proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua +-- Run me like this (connected via USB): ./pm3 -l hf_bruteforce.lua +-- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua local getopt = require('getopt') copyright = '' -author = 'Keld Norman' -version = 'v1.0.0' -desc = [[ - -]] -example = [[ - -- (the above example would bruteforce card number, starting at 1, ending at 10, and waiting 1 second between each card) - - script run hf_bruteforce -s 1 -e 10 -t 1000 -]] +author = 'Daniel Underhay (updated), Keld Norman(original)' +version = 'v2.0.0' usage = [[ -script run hf_bruteforce -s start_id -e end_id -t timeout -d direction +pm3 --> script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type Arguments: -h this help -s 0-0xFFFFFFFF start id -e 0-0xFFFFFFFF end id - -t 0-99999, pause timeout (ms) between cards (use the word 'pause' to wait for user input) + -t 0-99999, pause timeout (ms) between cards (use the word 'pause' to wait for user input) + -x mfc, mfu mifare type: mfc for Mifare Classic (default) or mfu for Mifare Ultralight EV1 + + +Example: + +pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc + +Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346. + + +pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu + +Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679. + ]] @@ -60,41 +67,49 @@ local function help() print(usage) end --- --- Exit message -local function exitMsg(msg) +--- Print user message +local function msg(msg) print( string.rep('--',20) ) + print('') print(msg) + print('') print( string.rep('--',20) ) - print() end --- -- Start local function main(args) - print( string.rep('--',20) ) - print( string.rep('--',20) ) - print() local timeout = 0 local start_id = 0 - local end_id = 0xFFFFFFFF + local end_id = 0xFFFFFFFFFFFFFF + local mftype = 'mfc' - for o, a in getopt.getopt(args, 'e:s:t:h') do + for o, a in getopt.getopt(args, 'e:s:t:x:h') do if o == 's' then start_id = a end if o == 'e' then end_id = a end if o == 't' then timeout = a end + if o == 'x' then mftype = a end if o == 'h' then return print(usage) end end -- template - local command = 'hf 14a sim t 1 u %08X' + local command = '' - print(' Bruteforcing MFC card numbers from 00000000 to FFFFFFFF using delay: '..timeout) - print('') - print( string.rep('--',20) ) + if mftype == 'mfc' then + command = 'hf 14a sim t 1 u %014x' + msg('Bruteforcing Mifare Classic card numbers') + elseif mftype == 'mfu' then + command = 'hf 14a sim t 2 u %014x' + msg('Bruteforcing Mifare Ultralight card numbers') + else + return print(usage) + end + + if command == '' then return print(usage) end for n = start_id, end_id do local c = string.format( command, n ) - print(' Running: "'..c..'"') + print('Running: "'..c..'"') core.console(c) core.console('msleep '..timeout); core.console('hw ping') @@ -102,4 +117,3 @@ local function main(args) end main(args) - diff --git a/client/luascripts/mifare_autopwn.lua b/client/luascripts/mifare_autopwn.lua index 624cea419..bc7582760 100644 --- a/client/luascripts/mifare_autopwn.lua +++ b/client/luascripts/mifare_autopwn.lua @@ -115,7 +115,7 @@ local function dump_tag(uid, numsectors) if utils.confirm('Do you wish to create a memory dump of tag?') then - local dumpfile = 'hf-mf-'..uid..'-data' + local dumpfile = 'hf-mf-'..uid..'-dump' local dmp = ('hf mf dump %s f %s'):format(typ, dumpfile) core.console(dmp) diff --git a/client/mifare/mifarehost.c b/client/mifare/mifarehost.c index 31085a629..9d1293b5b 100644 --- a/client/mifare/mifarehost.c +++ b/client/mifare/mifarehost.c @@ -152,7 +152,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) { if (*key != UINT64_C(-1)) { break; } else { - PrintAndLogEx(FAILED, "all candidate keys failed. Restarting darkside attack"); + PrintAndLogEx(FAILED, "all key candidates failed. Restarting darkside attack"); free(last_keylist); last_keylist = keylist; first_run = true; @@ -345,7 +345,7 @@ int mfKeyBrute(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint64_t *resultk // copy candidatekeys to test key block memcpy(keyBlock, candidates + i, KEYBLOCK_SIZE); - // check a block of generated candidate keys. + // check a block of generated key candidates. if (mfCheckKeys(blockNo, keyType, true, KEYS_IN_BLOCK, keyBlock, &key64) == PM3_SUCCESS) { *resultkey = key64; found = true; @@ -510,7 +510,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint32_t keycnt = statelists[0].len; if (keycnt == 0) goto out; - PrintAndLogEx(SUCCESS, "Found " _YELLOW_("%u") "candidate keys", keycnt); + PrintAndLogEx(SUCCESS, "Found " _YELLOW_("%u") "key candidates", keycnt); memset(resultKey, 0, 6); uint64_t key64 = -1; @@ -544,11 +544,10 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, return -5; } - uint64_t t2 = msclock(); - float bruteforce_per_second = (float)KEYS_IN_BLOCK / (float)(t2 - start_time) * 1000.0; - - if ( i + 1 % 10 == 0) - PrintAndLogEx(INFO, " %6d/%u keys | %5.1f keys/sec | worst case %6.1f seconds remaining", i, keycnt , bruteforce_per_second, (keycnt-i) / bruteforce_per_second); +// if (i + 1 % 10 == 0) { + float bruteforce_per_second = (float)(i + max_keys) / ((msclock() - start_time) / 1000.0); + PrintAndLogEx(INFO, "%6d/%u keys | %5.1f keys/sec | worst case %6.1f seconds remaining", i, keycnt, bruteforce_per_second, (keycnt - i) / bruteforce_per_second); +// } } @@ -645,7 +644,7 @@ int mfStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBl uint32_t keycnt = statelists[0].len; if (keycnt == 0) goto out; - PrintAndLogEx(SUCCESS, "Found " _YELLOW_("%u") "candidate keys", keycnt); + PrintAndLogEx(SUCCESS, "Found " _YELLOW_("%u") "key candidates", keycnt); memset(resultKey, 0, 6); uint64_t key64 = -1; @@ -654,7 +653,7 @@ int mfStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBl uint32_t maxkeysinblock = IfPm3Flash() ? 1000 : KEYS_IN_BLOCK; uint32_t max_keys_chunk = keycnt > maxkeysinblock ? maxkeysinblock : keycnt; - uint8_t *mem = calloc( (maxkeysinblock * 6) + 5, sizeof(uint8_t)); + uint8_t *mem = calloc((maxkeysinblock * 6) + 5, sizeof(uint8_t)); if (mem == NULL) { free(statelists[0].head.slhead); return PM3_EMALLOC; @@ -668,7 +667,7 @@ int mfStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBl mem[4] = (max_keys_chunk & 0xFF); uint8_t destfn[32]; - strncpy((char*)destfn, "static_nested_000.bin", sizeof(destfn) - 1); + strncpy((char *)destfn, "static_nested_000.bin", sizeof(destfn) - 1); uint64_t start_time = msclock(); for (uint32_t i = 0; i < keycnt; i += max_keys_chunk) { @@ -676,6 +675,7 @@ int mfStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBl //flush queue while (kbd_enter_pressed()) { SendCommandNG(CMD_BREAK_LOOP, NULL, 0); + free(mem); return PM3_EOPABORTED; } @@ -689,12 +689,13 @@ int mfStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBl num_to_bytes(key64, 6, p_keyblock + j * 6); } - // check a block of generated candidate keys. + // check a block of generated key candidates. if (IfPm3Flash()) { - // upload to flash. - res = flashmem_spiffs_load(destfn, mem, 5 + (chunk * 6) ); + // upload to flash. + res = flashmem_spiffs_load(destfn, mem, 5 + (chunk * 6)); if (res != PM3_SUCCESS) { PrintAndLogEx(WARNING, "SPIFFS upload failed"); + free(mem); return res; } @@ -704,25 +705,26 @@ int mfStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBl } if (res == PM3_SUCCESS) { - p_keyblock = NULL; - free(statelists[0].head.slhead); - free(mem); + p_keyblock = NULL; + free(statelists[0].head.slhead); + free(mem); - num_to_bytes(key64, 6, resultKey); + num_to_bytes(key64, 6, resultKey); - PrintAndLogEx(SUCCESS, "target block:%3u key type: %c -- found valid key [ " _YELLOW_("%s") "]", + PrintAndLogEx(SUCCESS, "target block:%3u key type: %c -- found valid key [ " _YELLOW_("%s") "]", package->block, package->keytype ? 'B' : 'A', sprint_hex_inrow(resultKey, 6) ); return PM3_SUCCESS; } else if (res == PM3_ETIMEOUT || res == PM3_EOPABORTED) { + free(mem); return res; } // if (i%10 == 0) { - float bruteforce_per_second = (float)i + max_keys_chunk / (float)(msclock() - start_time) * 1000.0; - PrintAndLogEx(INFO, "Chunk %6u/%u keys | %5.1f keys/sec | worst case %6.1f seconds remaining", i, keycnt, bruteforce_per_second, (keycnt-i) / bruteforce_per_second); + float bruteforce_per_second = (float)(i + max_keys_chunk) / ((msclock() - start_time) / 1000.0); + PrintAndLogEx(INFO, "%6u/%u keys | %5.1f keys/sec | worst case %6.1f seconds remaining", i, keycnt, bruteforce_per_second, (keycnt - i) / bruteforce_per_second); // } } @@ -1314,6 +1316,8 @@ int detect_classic_nackbug(bool verbose) { SendCommandNG(CMD_HF_MIFARE_NACK_DETECT, NULL, 0); PacketResponseNG resp; + PrintAndLogEx(INFO, "Checking for NACK bug"); + if (verbose) PrintAndLogEx(SUCCESS, "press pm3-button on the Proxmark3 device to abort both Proxmark3 and client.\n"); @@ -1356,16 +1360,16 @@ int detect_classic_nackbug(bool verbose) { return PM3_SUCCESS; } case 2 : - PrintAndLogEx(SUCCESS, _GREEN_("always leak NACK detected")); + PrintAndLogEx(SUCCESS, "NACK test: " _GREEN_("always leak NACK")); return PM3_SUCCESS; case 1 : - PrintAndLogEx(SUCCESS, _GREEN_("NACK bug detected")); + PrintAndLogEx(SUCCESS, "NACK test: " _GREEN_("detected")); return PM3_SUCCESS; case 0 : - PrintAndLogEx(SUCCESS, "No NACK bug detected"); + PrintAndLogEx(SUCCESS, "NACK test: " _GREEN_("no bug")); return PM3_SUCCESS; default : - PrintAndLogEx(ERR, "errorcode from device [%i]", ok); + PrintAndLogEx(ERR, "errorcode from device " _RED_("[%i]"), ok); return PM3_EUNDEF; } break; diff --git a/client/proxgui.h b/client/proxgui.h index 8e0868b12..c9cd0096d 100644 --- a/client/proxgui.h +++ b/client/proxgui.h @@ -56,7 +56,6 @@ extern size_t g_DemodStartIdx; extern bool showDemod; extern uint8_t g_debugMode; - #ifndef FILE_PATH_SIZE #define FILE_PATH_SIZE 1000 #endif diff --git a/client/proxguiqt.cpp b/client/proxguiqt.cpp index a481f31d2..dc67953e6 100644 --- a/client/proxguiqt.cpp +++ b/client/proxguiqt.cpp @@ -199,7 +199,7 @@ ProxWidget::ProxWidget(QWidget *parent, ProxGuiQT *master) : QWidget(parent) { setLayout(layout); // plot window title - QString pt = QString("[*]Plot [ %1 ]").arg((char*)gui_serial_port_name); + QString pt = QString("[*]Plot [ %1 ]").arg((char *)gui_serial_port_name); setWindowTitle(pt); // shows plot window on the screen. @@ -210,7 +210,7 @@ ProxWidget::ProxWidget(QWidget *parent, ProxGuiQT *master) : QWidget(parent) { controlWidget->resize(size().width(), 200); // Olverlays / slider window title - QString ct = QString("[*]Slider [ %1 ]").arg((char*)gui_serial_port_name); + QString ct = QString("[*]Slider [ %1 ]").arg((char *)gui_serial_port_name); controlWidget->setWindowTitle(ct); controlWidget->show(); diff --git a/client/proxmark3.c b/client/proxmark3.c index d582bafc0..5a6ae23a9 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -36,14 +36,14 @@ static void showBanner(void) { PrintAndLogEx(NORMAL, " " _BLUE_("██████╗ ███╗ ███╗ ████╗ ")); PrintAndLogEx(NORMAL, " " _BLUE_("██╔══██╗████╗ ████║ ══█║")); PrintAndLogEx(NORMAL, " " _BLUE_("██████╔╝██╔████╔██║ ████╔╝")); - PrintAndLogEx(NORMAL, " " _BLUE_("██╔═══╝ ██║╚██╔╝██║ ══█║") " iceman@icesql.net"); + PrintAndLogEx(NORMAL, " " _BLUE_("██╔═══╝ ██║╚██╔╝██║ ══█║") " :snowflake: iceman@icesql.net :coffee:"); PrintAndLogEx(NORMAL, " " _BLUE_("██║ ██║ ╚═╝ ██║ ████╔╝") " https://github.com/rfidresearchgroup/proxmark3/"); PrintAndLogEx(NORMAL, " " _BLUE_("╚═╝ ╚═╝ ╚═╝ ╚═══╝ ") "pre-release v4.0"); #else PrintAndLogEx(NORMAL, " ======. ===. ===. ====."); PrintAndLogEx(NORMAL, " ==...==.====. ====. ..=."); PrintAndLogEx(NORMAL, " ======..==.====.==. ====.."); - PrintAndLogEx(NORMAL, " ==..... ==..==..==. ..=. iceman@icesql.net"); + PrintAndLogEx(NORMAL, " ==..... ==..==..==. ..=. iceman@icesql.net :coffee:"); PrintAndLogEx(NORMAL, " ==. ==. ... ==. ====.. https://github.com/rfidresearchgroup/proxmark3/"); PrintAndLogEx(NORMAL, " ... ... ... ..... pre-release v4.0"); #endif @@ -58,10 +58,14 @@ static void showBanner(void) { static int check_comm(void) { // If communications thread goes down. Device disconnected then this should hook up PM3 again. if (IsCommunicationThreadDead() && session.pm3_present) { - rl_set_prompt(PROXPROMPT_OFFLINE); + if (session.supports_colors) + rl_set_prompt(PROXPROMPT_OFFLINE_COLOR); + else + rl_set_prompt(PROXPROMPT_OFFLINE); + rl_forced_update_display(); CloseProxmark(); - PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") "mode. Use \"hw connect\" to reconnect\n"); + PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") "mode. Use "_YELLOW_("\"hw connect\"") "to reconnect\n"); } return 0; } @@ -150,7 +154,7 @@ main_loop(char *script_cmds_file, char *script_cmd, bool stayInCommandLoop) { // loops every time enter is pressed... while (1) { bool printprompt = false; - const char *prompt = PROXPROMPT_CON; + const char *prompt = (session.supports_colors) ? PROXPROMPT_CON_COLOR : PROXPROMPT_CON; check_script: // If there is a script file @@ -214,11 +218,11 @@ check_script: rl_event_hook = check_comm; if (session.pm3_present) { if (conn.send_via_fpc_usart == false) - prompt = PROXPROMPT_USB; + prompt = (session.supports_colors) ? PROXPROMPT_USB_COLOR : PROXPROMPT_USB; else - prompt = PROXPROMPT_FPC; + prompt = (session.supports_colors) ? PROXPROMPT_FPC_COLOR : PROXPROMPT_FPC; } else { - prompt = PROXPROMPT_OFFLINE; + prompt = (session.supports_colors) ? PROXPROMPT_OFFLINE_COLOR : PROXPROMPT_OFFLINE; } cmd = readline(prompt); fflush(NULL); @@ -756,6 +760,7 @@ int main(int argc, char *argv[]) { } session.supports_colors = DetectWindowsAnsiSupport(); + session.emoji_mode = ALTTEXT; session.stdinOnTTY = isatty(STDIN_FILENO); session.stdoutOnTTY = isatty(STDOUT_FILENO); @@ -766,8 +771,10 @@ int main(int argc, char *argv[]) { // For info, grep --color=auto is doing sth like this, plus test getenv("TERM") != "dumb": // struct stat tmp_stat; // if ((fstat (STDOUT_FILENO, &tmp_stat) == 0) && (S_ISCHR (tmp_stat.st_mode)) && isatty(STDIN_FILENO)) - if (session.stdinOnTTY && session.stdoutOnTTY) + if (session.stdinOnTTY && session.stdoutOnTTY) { session.supports_colors = true; + session.emoji_mode = EMOJI; + } #endif // Let's take a baudrate ok for real UART, USB-CDC & BT don't use that info anyway if (speed == 0) diff --git a/client/proxmark3.h b/client/proxmark3.h index d3e3629ec..107e64859 100644 --- a/client/proxmark3.h +++ b/client/proxmark3.h @@ -15,9 +15,17 @@ #include "common.h" #define PROXPROMPT_CON "[con] pm3 --> " +#define PROXPROMPT_CON_COLOR "[\001\033[1;32m\002con\001\033[0m\002] pm3 --> " + #define PROXPROMPT_USB "[usb] pm3 --> " +#define PROXPROMPT_USB_COLOR "[\001\033[1;32m\002usb\001\033[0m\002] pm3 --> " + #define PROXPROMPT_FPC "[fpc] pm3 --> " +#define PROXPROMPT_FPC_COLOR "[\001\033[1;32m\002fpc\001\033[0m\002] pm3 --> " + #define PROXPROMPT_OFFLINE "[offline] pm3 --> " +#define PROXPROMPT_OFFLINE_COLOR "[\001\033[1;31m\002offline\001\033[0m\002] pm3 --> " + #define PROXHISTORY "history.txt" #define PROXLOG "log_%Y%m%d.txt" #define MAX_NESTED_CMDSCRIPT 10 diff --git a/client/ui.c b/client/ui.c index 215bd66bc..df62b9bff 100644 --- a/client/ui.c +++ b/client/ui.c @@ -31,6 +31,8 @@ # include // _mkdir #endif #include +#include "emojis.h" +#include "emojis_alt.h" session_arg_t session; double CursorScaleFactor = 1; @@ -127,39 +129,61 @@ void PrintAndLogEx(logLevel_t level, const char *fmt, ...) { // skip debug messages if client debugging is turned off i.e. 'DATA SETDEBUG 0' if (g_debugMode == 0 && level == DEBUG) return; + + // skip HINT messages if client has hints turned off i.e. 'HINT 0' + if (session.show_hints == false && level == HINT) + return; - char prefix[20] = {0}; + char prefix[40] = {0}; char buffer[MAX_PRINT_BUFFER] = {0}; - char buffer2[MAX_PRINT_BUFFER + 20] = {0}; + char buffer2[MAX_PRINT_BUFFER + sizeof(prefix)] = {0}; char *token = NULL; char *tmp_ptr = NULL; FILE *stream = stdout; const char *spinner[] = {_YELLOW_("[\\]"), _YELLOW_("[|]"), _YELLOW_("[/]"), _YELLOW_("[-]")}; + const char *spinner_emoji[] = {" :clock1: ", " :clock2: ", " :clock3: ", " :clock4: ", " :clock5: ", " :clock6: ", + " :clock7: ", " :clock8: ", " :clock9: ", " :clock10: ", " :clock11: ", " :clock12: "}; switch (level) { case ERR: - strncpy(prefix, _RED_("[!!]"), sizeof(prefix) - 1); + if (session.emoji_mode == EMOJI) + strncpy(prefix, _RED_("[!!]") " :rotating_light: ", sizeof(prefix) - 1); + else + strncpy(prefix, _RED_("[!!]"), sizeof(prefix) - 1); stream = stderr; break; case FAILED: - strncpy(prefix, _RED_("[-]"), sizeof(prefix) - 1); + if (session.emoji_mode == EMOJI) + strncpy(prefix, _RED_("[-]") " :no_entry: ", sizeof(prefix) - 1); + else + strncpy(prefix, _RED_("[-]"), sizeof(prefix) - 1); break; case DEBUG: strncpy(prefix, _BLUE_("[#]"), sizeof(prefix) - 1); - break; + case HINT: case SUCCESS: strncpy(prefix, _GREEN_("[+]"), sizeof(prefix) - 1); break; case WARNING: - strncpy(prefix, _CYAN_("[!]"), sizeof(prefix) - 1); + if (session.emoji_mode == EMOJI) + strncpy(prefix, _CYAN_("[!]") " :warning: ", sizeof(prefix) - 1); + else + strncpy(prefix, _CYAN_("[!]"), sizeof(prefix) - 1); break; case INFO: strncpy(prefix, _YELLOW_("[=]"), sizeof(prefix) - 1); break; case INPLACE: - strncpy(prefix, spinner[PrintAndLogEx_spinidx], sizeof(prefix) - 1); - PrintAndLogEx_spinidx++; - if (PrintAndLogEx_spinidx == ARRAYLEN(spinner)) - PrintAndLogEx_spinidx = 0; + if (session.emoji_mode == EMOJI) { + strncpy(prefix, spinner_emoji[PrintAndLogEx_spinidx], sizeof(prefix) - 1); + PrintAndLogEx_spinidx++; + if (PrintAndLogEx_spinidx >= ARRAYLEN(spinner_emoji)) + PrintAndLogEx_spinidx = 0; + } else { + strncpy(prefix, spinner[PrintAndLogEx_spinidx], sizeof(prefix) - 1); + PrintAndLogEx_spinidx++; + if (PrintAndLogEx_spinidx >= ARRAYLEN(spinner)) + PrintAndLogEx_spinidx = 0; + } break; case NORMAL: // no prefixes for normal @@ -202,9 +226,11 @@ void PrintAndLogEx(logLevel_t level, const char *fmt, ...) { } else { snprintf(buffer2, sizeof(buffer2), "%s%s", prefix, buffer); if (level == INPLACE) { - char buffer3[MAX_PRINT_BUFFER + 20] = {0}; + char buffer3[sizeof(buffer2)] = {0}; + char buffer4[sizeof(buffer2)] = {0}; memcpy_filter_ansi(buffer3, buffer2, sizeof(buffer2), !session.supports_colors); - fprintf(stream, "\r%s", buffer3); + memcpy_filter_emoji(buffer4, buffer3, sizeof(buffer3), session.emoji_mode); + fprintf(stream, "\r%s", buffer4); fflush(stream); } else { fPrintAndLog(stream, "%s", buffer2); @@ -220,6 +246,7 @@ static void fPrintAndLog(FILE *stream, const char *fmt, ...) { static int logging = 1; char buffer[MAX_PRINT_BUFFER] = {0}; char buffer2[MAX_PRINT_BUFFER] = {0}; + char buffer3[MAX_PRINT_BUFFER] = {0}; // lock this section to avoid interlacing prints from different threads pthread_mutex_lock(&print_lock); @@ -276,7 +303,8 @@ static void fPrintAndLog(FILE *stream, const char *fmt, ...) { bool filter_ansi = !session.supports_colors; memcpy_filter_ansi(buffer2, buffer, sizeof(buffer), filter_ansi); if (g_printAndLog & PRINTANDLOG_PRINT) { - fprintf(stream, "%s", buffer2); + memcpy_filter_emoji(buffer3, buffer2, sizeof(buffer2), session.emoji_mode); + fprintf(stream, "%s", buffer3); fprintf(stream, " "); // cleaning prompt fprintf(stream, "\n"); } @@ -293,10 +321,11 @@ static void fPrintAndLog(FILE *stream, const char *fmt, ...) { #endif if ((g_printAndLog & PRINTANDLOG_LOG) && logging && logfile) { + memcpy_filter_emoji(buffer3, buffer2, sizeof(buffer2), ALTTEXT); if (filter_ansi) { // already done - fprintf(logfile, "%s\n", buffer2); + fprintf(logfile, "%s\n", buffer3); } else { - memcpy_filter_ansi(buffer, buffer2, sizeof(buffer2), true); + memcpy_filter_ansi(buffer, buffer3, sizeof(buffer3), true); fprintf(logfile, "%s\n", buffer); } fflush(logfile); @@ -351,6 +380,102 @@ void memcpy_filter_ansi(void *dest, const void *src, size_t n, bool filter) { } } +static bool emojify_token(const char *token, uint8_t token_length, const char **emojified_token, uint8_t *emojified_token_length, emojiMode_t mode) { + int i = 0; + while (EmojiTable[i].alias && EmojiTable[i].emoji) { + if ((strlen(EmojiTable[i].alias) == token_length) && (0 == memcmp(EmojiTable[i].alias, token, token_length))) { + switch (mode) { + case EMOJI: { + *emojified_token = EmojiTable[i].emoji; + *emojified_token_length = strlen(EmojiTable[i].emoji); + break; + } + case ALTTEXT: { + int j = 0; + *emojified_token_length = 0; + while (EmojiAltTable[j].alias && EmojiAltTable[i].alttext) { + if ((strlen(EmojiAltTable[j].alias) == token_length) && (0 == memcmp(EmojiAltTable[j].alias, token, token_length))) { + *emojified_token = EmojiAltTable[j].alttext; + *emojified_token_length = strlen(EmojiAltTable[j].alttext); + break; + } + ++j; + } + break; + } + default: {// ERASE + *emojified_token_length = 0; + break; + } + } + return true; + } + ++i; + } + return false; +} + +static bool token_charset(uint8_t c) { + if ((c >= '0') && (c <= '9')) return true; + if ((c >= 'a') && (c <= 'z')) return true; + if ((c >= 'A') && (c <= 'Z')) return true; + if ((c == '_') || (c == '+') || (c == '-')) return true; + return false; +} + +void memcpy_filter_emoji(void *dest, const void *src, size_t n, emojiMode_t mode) { + if (mode == ALIAS) { + memcpy(dest, src, n); + } else { + // tokenize emoji + const char *emojified_token = NULL; + uint8_t emojified_token_length = 0; + char *current_token = NULL; + uint8_t current_token_length=0; + char current_char; + char *rdest = (char *)dest; + char *rsrc = (char *)src; + uint16_t si = 0; + for (uint16_t i = 0; i < n; i++) { + current_char = rsrc[i]; + + if (current_token_length == 0) { + // starting a new token. + if (current_char == ':') { + current_token = rsrc + i; + current_token_length = 1; + } else { // not starting a new token. + rdest[si++] = current_char; + } + } else { + // finishing the current token. + if (current_char == ':') { + // nothing changed? we still need the ending ':' as it might serve for an upcoming emoji + if (! emojify_token(current_token, current_token_length + 1, &emojified_token, &emojified_token_length, mode)) { + memcpy(rdest + si, current_token, current_token_length); + si += current_token_length; + current_token = rsrc + i; + current_token_length = 1; + } else { + memcpy(rdest + si, emojified_token, emojified_token_length); + si += emojified_token_length; + current_token_length = 0; + } + } else if (token_charset(current_char)) { // continuing the current token. + current_token_length++; + } else { // dropping the current token. + current_token_length++; + memcpy(rdest + si, current_token, current_token_length); + si += current_token_length; + current_token_length = 0; + } + } + } + memcpy(rdest + si, current_token, current_token_length); + si += current_token_length; + } +} + void iceIIR_Butterworth(int *data, const size_t len) { int *output = (int *) calloc(sizeof(int) * len, sizeof(uint8_t)); diff --git a/client/ui.h b/client/ui.h index 7e00ab52b..5bb814b81 100644 --- a/client/ui.h +++ b/client/ui.h @@ -17,12 +17,17 @@ #define _USE_MATH_DEFINES +typedef enum logLevel {NORMAL, SUCCESS, INFO, FAILED, WARNING, ERR, DEBUG, INPLACE, HINT} logLevel_t; +typedef enum emojiMode {ALIAS, EMOJI, ALTTEXT, ERASE} emojiMode_t; + typedef struct { bool stdinOnTTY; bool stdoutOnTTY; bool supports_colors; + emojiMode_t emoji_mode; bool pm3_present; bool help_dump_mode; + bool show_hints; } session_arg_t; extern session_arg_t session; @@ -31,7 +36,6 @@ extern session_arg_t session; #define M_PI 3.14159265358979323846264338327 #endif #define MAX_PRINT_BUFFER 2048 -typedef enum logLevel {NORMAL, SUCCESS, INFO, FAILED, WARNING, ERR, DEBUG, INPLACE} logLevel_t; void ShowGui(void); void HideGraphWindow(void); @@ -41,6 +45,7 @@ void PrintAndLogOptions(const char *str[][2], size_t size, size_t space); void PrintAndLogEx(logLevel_t level, const char *fmt, ...); void SetFlushAfterWrite(bool value); void memcpy_filter_ansi(void *dest, const void *src, size_t n, bool filter); +void memcpy_filter_emoji(void *dest, const void *src, size_t n, emojiMode_t mode); extern double CursorScaleFactor; extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault, GridOffset; diff --git a/client/util.h b/client/util.h index 21db9198f..fb31e6013 100644 --- a/client/util.h +++ b/client/util.h @@ -23,6 +23,7 @@ uint8_t g_debugMode; uint8_t g_printAndLog; + #define PRINTANDLOG_PRINT 1 #define PRINTANDLOG_LOG 2 @@ -85,7 +86,7 @@ uint8_t GetParity(uint8_t *bits, uint8_t type, int length); void wiegand_add_parity(uint8_t *target, uint8_t *source, uint8_t length); void wiegand_add_parity_swapped(uint8_t *target, uint8_t *source, uint8_t length); -void xor(unsigned char *dst, unsigned char *src, size_t len); +//void xor(unsigned char *dst, unsigned char *src, size_t len); int32_t le24toh(uint8_t data[3]); uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bits); diff --git a/common/cardhelper.c b/common/cardhelper.c new file mode 100644 index 000000000..df3aff5be --- /dev/null +++ b/common/cardhelper.c @@ -0,0 +1,94 @@ +//----------------------------------------------------------------------------- +// Iceman, February 2020 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Support functions for smart card +//----------------------------------------------------------------------------- +#include "cardhelper.h" +#include +#include +#include "cmdparser.h" +#include "cmdsmartcard.h" +#include "ui.h" +#include "util.h" + +#define CARD_INS_DECRYPT 0x01 +#define CARD_INS_ENCRYPT 0x02 +#define CARD_INS_DECODE 0x06 +#define CARD_INS_NUMBLOCKS 0x07 +static uint8_t cmd[] = {0x96, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + +// look for CryptoHelper +bool IsCryptoHelperPresent(void) { + + if (IfPm3Smartcard()) { + int resp_len = 0; + uint8_t version[] = {0x96, 0x69, 0x00, 0x00, 0x00}; + uint8_t resp[20] = {0}; + ExchangeAPDUSC(true, version, sizeof(version), true, true, resp, sizeof(resp), &resp_len); + + if (strstr("CryptoHelper", (char *)resp) == 0) { + PrintAndLogEx(INFO, "Found smart card helper"); + return true; + } else { + return false; + } + } else { + return false; + } +} + +static bool executeCrypto(uint8_t ins, uint8_t *src, uint8_t *dest) { + int resp_len = 0; + uint8_t dec[11] = {0}; + + cmd[1] = ins; + memcpy(cmd + 5, src, 8); + + ExchangeAPDUSC(true, cmd, sizeof(cmd), false, true, dec, sizeof(dec), &resp_len); + + if (resp_len == 10) { + memcpy(dest, dec, 8); + return true; + } + return false; +} + +bool Decrypt(uint8_t *src, uint8_t *dest) { + return executeCrypto(CARD_INS_DECRYPT, src, dest); +} + +bool Encrypt(uint8_t *src, uint8_t *dest) { + return executeCrypto(CARD_INS_ENCRYPT, src, dest); +} + +// Call with block6 +void DecodeBlock6(uint8_t *src) { + int resp_len = 0; + uint8_t resp[254] = {0}; + + uint8_t c[] = {0x96, CARD_INS_DECODE, 0x00, 0x00, 0x09, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + memcpy(c + 6, src, 8); + + // first part + ExchangeAPDUSC(true, c, sizeof(c), false, true, resp, sizeof(resp), &resp_len); + PrintAndLogEx(SUCCESS, "%.*s", resp_len - 11, resp + 9); + + // second part + c[5] = 0x02; + ExchangeAPDUSC(true, c, sizeof(c), false, true, resp, sizeof(resp), &resp_len); + PrintAndLogEx(SUCCESS, "%.*s", resp_len - 11, resp + 9); +} + +// Call with block6 +uint8_t GetNumberBlocksForUserId(uint8_t *src) { + int resp_len = 0; + uint8_t resp[254] = {0}; + uint8_t c[] = {0x96, CARD_INS_NUMBLOCKS, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + memcpy(c + 5, src, 8); + ExchangeAPDUSC(true, c, sizeof(c), false, true, resp, sizeof(resp), &resp_len); + return resp[8]; +} \ No newline at end of file diff --git a/common/cardhelper.h b/common/cardhelper.h new file mode 100644 index 000000000..fcdd73cfe --- /dev/null +++ b/common/cardhelper.h @@ -0,0 +1,22 @@ +//----------------------------------------------------------------------------- +// Iceman, February 2020 +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Utility functions used in many places, not specific to any piece of code. +//----------------------------------------------------------------------------- + +#ifndef __CARDHELPER_H +#define __CARDHELPER_H + +#include +#include "common.h" + +bool IsCryptoHelperPresent(void); +bool Encrypt(uint8_t *src, uint8_t *dest); +bool Decrypt(uint8_t *src, uint8_t *dest); +void DecodeBlock6(uint8_t *src); +uint8_t GetNumberBlocksForUserId(uint8_t *src); +#endif diff --git a/common/generator.c b/common/generator.c index 6dbac2feb..fa1fd7cd3 100644 --- a/common/generator.c +++ b/common/generator.c @@ -34,7 +34,7 @@ // XYZ 3D printing // Vinglock //------------------------------------ -static void transform_D(uint8_t *ru) { +void transform_D(uint8_t* ru) { const uint32_t c_D[] = { 0x6D835AFC, 0x7D15CD97, 0x0942B409, 0x32F9C923, 0xA811FB02, 0x64F121E8, @@ -44,32 +44,32 @@ static void transform_D(uint8_t *ru) { 0x5728B869, 0x30726D5A }; - //Transform - uint8_t i; - uint8_t p = 0; - uint32_t v1 = ((ru[3] << 24) | (ru[2] << 16) | (ru[1] << 8) | ru[0]) + c_D[p++]; - uint32_t v2 = ((ru[7] << 24) | (ru[6] << 16) | (ru[5] << 8) | ru[4]) + c_D[p++]; + //Transform + uint8_t i; + uint8_t p = 0; + uint32_t v1 = ((ru[3] << 24) | (ru[2] << 16) | (ru[1] << 8) | ru[0]) + c_D[p++]; + uint32_t v2 = ((ru[7] << 24) | (ru[6] << 16) | (ru[5] << 8) | ru[4]) + c_D[p++]; + for (i = 0; i < 12; i += 2) + { + uint32_t tempA = v1 ^ v2; + uint32_t t1 = PM3_ROTL(tempA, v2 & 0x1F) + c_D[p++]; + uint32_t tempB = v2 ^ t1; + uint32_t t2 = PM3_ROTL(tempB, t1 & 0x1F) + c_D[p++]; + tempA = t1 ^ t2; + v1 = PM3_ROTL(tempA, t2 & 0x1F) + c_D[p++]; + tempB = t2 ^ v1; + v2 = PM3_ROTL(tempB, v1 & 0x1F) + c_D[p++]; + } - for (i = 0; i < 12; i += 2) { - uint32_t xor1 = v1 ^ v2; - uint32_t t1 = ROTL(xor1, v2 & 0x1F) + c_D[p++]; - uint32_t xor2 = v2 ^ t1; - uint32_t t2 = ROTL(xor2, t1 & 0x1F) + c_D[p++]; - uint32_t xor3 = t1 ^ t2; - uint32_t xor4 = t2 ^ v1; - v1 = ROTL(xor3, t2 & 0x1F) + c_D[p++]; - v2 = ROTL(xor4, v1 & 0x1F) + c_D[p++]; - } - - //Re-use ru - ru[0] = v1 & 0xFF; - ru[1] = (v1 >> 8) & 0xFF; - ru[2] = (v1 >> 16) & 0xFF; - ru[3] = (v1 >> 24) & 0xFF; - ru[4] = v2 & 0xFF; - ru[5] = (v2 >> 8) & 0xFF; - ru[6] = (v2 >> 16) & 0xFF; - ru[7] = (v2 >> 24) & 0xFF; + //Re-use ru + ru[0] = v1 & 0xFF; + ru[1] = (v1 >> 8) & 0xFF; + ru[2] = (v1 >> 16) & 0xFF; + ru[3] = (v1 >> 24) & 0xFF; + ru[4] = v2 & 0xFF; + ru[5] = (v2 >> 8) & 0xFF; + ru[6] = (v2 >> 16) & 0xFF; + ru[7] = (v2 >> 24) & 0xFF; } // Transport system (IT) pwd generation algo nickname A. @@ -130,17 +130,23 @@ uint32_t ul_ev1_pwdgenC(uint8_t *uid) { // XYZ 3d printing pwd generation algo nickname D. uint32_t ul_ev1_pwdgenD(uint8_t *uid) { + uint8_t i; - uint8_t r = (uid[1] + uid[3] + uid[5]) & 7; // rotation offset - uint8_t ru[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; // rotated UID + // rotation offset + uint8_t r = (uid[1] + uid[3] + uid[5]) & 7; + + // rotated UID + uint8_t ru[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; for (i = 0; i < 7; i++) ru[(i + r) & 7] = uid[i]; transform_D(ru); - // calc key + // offset + r = (ru[0] + ru[2] + ru[4] + ru[6]) & 3; + + // calc key uint32_t pwd = 0; - r = (ru[0] + ru[2] + ru[4] + ru[6]) & 3; // offset for (i = 0; i < 4; i++) pwd = ru[i + r] + (pwd << 8); @@ -412,43 +418,56 @@ int mfc_algo_sky_all(uint8_t *uid, uint8_t *keys) { //------------------------------------ int generator_selftest() { - PrintAndLogEx(SUCCESS, "Generators selftest"); - PrintAndLogEx(SUCCESS, "-------------------"); +#define NUM_OF_TEST 5 - bool success; + PrintAndLogEx(INFO, "PWD / KEY generator selftest"); + PrintAndLogEx(INFO, "----------------------------"); + + bool success = false; + uint8_t testresult = 0; uint8_t uid1[] = {0x04, 0x11, 0x12, 0x11, 0x12, 0x11, 0x10}; uint32_t pwd1 = ul_ev1_pwdgenA(uid1); success = (pwd1 == 0x8432EB17); - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X | %s", sprint_hex(uid1, 7), pwd1, success ? "OK" : "->8432EB17<-"); + if (success) + testresult++; + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid1, 7), pwd1, success ? "OK" : "->8432EB17<-"); uint8_t uid2[] = {0x04, 0x1f, 0x98, 0xea, 0x1e, 0x3e, 0x81}; uint32_t pwd2 = ul_ev1_pwdgenB(uid2); success = (pwd2 == 0x5fd37eca); - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X | %s", sprint_hex(uid2, 7), pwd2, success ? "OK" : "->5fd37eca<--"); + if (success) + testresult++; + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid2, 7), pwd2, success ? "OK" : "->5fd37eca<--"); uint8_t uid3[] = {0x04, 0x62, 0xB6, 0x8A, 0xB4, 0x42, 0x80}; uint32_t pwd3 = ul_ev1_pwdgenC(uid3); success = (pwd3 == 0x5a349515); - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X | %s", sprint_hex(uid3, 7), pwd3, success ? "OK" : "->5a349515<--"); + if (success) + testresult++; + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid3, 7), pwd3, success ? "OK" : "->5a349515<--"); uint8_t uid4[] = {0x04, 0xC5, 0xDF, 0x4A, 0x6D, 0x51, 0x80}; uint32_t pwd4 = ul_ev1_pwdgenD(uid4); success = (pwd4 == 0x72B1EC61); - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X | %s", sprint_hex(uid4, 7), pwd4, success ? "OK" : "->72B1EC61<--"); + if (success) + testresult++; + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %08X - %s", sprint_hex(uid4, 7), pwd4, success ? "OK" : "->72B1EC61<--"); // uint8_t uid5[] = {0x11, 0x22, 0x33, 0x44}; // uint64_t key1 = mfc_algo_a(uid5); // success = (key1 == 0xD1E2AA68E39A); -// PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %"PRIx64" | %s", sprint_hex(uid5, 4), key1, success ? "OK" : "->D1E2AA68E39A<--"); +// PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %"PRIx64" - %s", sprint_hex(uid5, 4), key1, success ? "OK" : "->D1E2AA68E39A<--"); uint8_t uid6[] = {0x74, 0x57, 0xCA, 0xA9}; uint64_t key6 = 0; mfc_algo_sky_one(uid6, 15, 0, &key6); success = (key6 == 0x82c7e64bc565); - PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %"PRIx64" | %s", sprint_hex(uid6, 4), key6, success ? "OK" : "->82C7E64BC565<--"); + if (success) + testresult++; + PrintAndLogEx(success ? SUCCESS : WARNING, "UID | %s | %"PRIx64" - %s", sprint_hex(uid6, 4), key6, success ? "OK" : "->82C7E64BC565<--"); - PrintAndLogEx(SUCCESS, "-------------------"); + PrintAndLogEx(SUCCESS, "------------------- Selftest %s", (testresult == NUM_OF_TEST) ? "OK" : "fail"); return PM3_SUCCESS; } diff --git a/common/lfdemod.c b/common/lfdemod.c index 4dcd46172..bc753f45d 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -206,7 +206,7 @@ void getHiLo(int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo) { *low = signalprop.low; } - // prnt("getHiLo fuzzed: High %d | Low %d", *high, *low); + // prnt("getHiLo fuzzed: High %d | Low %d", *high, *low); } // by marshmellow diff --git a/covbuild.sh b/covbuild.sh index 1899cb8b3..2e18e677f 100755 --- a/covbuild.sh +++ b/covbuild.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e . .coverity.conf || exit 1 diff --git a/covconfig.sh b/covconfig.sh index 24815f200..b762ac6f1 100755 --- a/covconfig.sh +++ b/covconfig.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e . .coverity.conf || exit 1 diff --git a/covsubmit.sh b/covsubmit.sh index e39240954..61ca853f1 100755 --- a/covsubmit.sh +++ b/covsubmit.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e . .coverity.conf || exit 1 diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index 3fc446ec8..a3e0a220c 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -277,6 +277,29 @@ pm3 --> hf mf dump pm3 --> hf mf restore 1 u 4A6CE843 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-data.bin ``` +Read Mifare Ultralight EV1 +``` +pm3 --> hf mfu info +``` + +Clone Mifare Ultralight EV1 Sequence +``` +pm3 --> hf mfu dump k FFFFFFFF +pm3 --> script run dumptoemul-mfu -i hf-mfu-XXXX-dump.bin -o hf-mfu-XXXX-dump.eml +pm3 --> hf mfu eload u hf-mfu-XXXX-dump.eml +pm3 --> hf mfu sim t 7 u hf-mfu-XXXX-dump.eml +``` + +Bruteforce Mifare Classic card numbers from 11223344 to 11223346 +``` +pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc +``` + +Bruteforce Mifare Ultralight EV1 card numbers from 11223344556677 to 11223344556679 +``` +pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu +``` + ## Wiegand manipulation ^[Top](#top) diff --git a/doc/md/Installation_Instructions/Linux-Installation-Instructions.md b/doc/md/Installation_Instructions/Linux-Installation-Instructions.md index 30d4fbf54..b381eb7d9 100644 --- a/doc/md/Installation_Instructions/Linux-Installation-Instructions.md +++ b/doc/md/Installation_Instructions/Linux-Installation-Instructions.md @@ -51,7 +51,7 @@ If you don't need the graphical components of the Proxmark3 client (such as in ` ## On openSUSE ```sh -sudo zypper install git patterns-devel-base-devel_basis gcc-c++ readline-devel cross-arm-none-gcc9 cross-arm-none-newlib-devel +sudo zypper install git patterns-devel-base-devel_basis gcc-c++ readline-devel cross-arm-none-gcc9 cross-arm-none-newlib-devel libqt5-qtbase-devel ``` If you don't need the graphical components of the Proxmark3 client (such as in `hw tune`), you can skip the installation of `libqt5-qtbase-devel`. diff --git a/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md b/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md index 76f5ee6f3..6ce8b5990 100644 --- a/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md +++ b/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md @@ -33,7 +33,7 @@ brew upgrade --fetch-HEAD proxmark3 ## Flash the BOOTROM & FULLIMAGE -With your Proxmark3 unplugged from your machine, press and hold the button on your Proxmark3 as you plug it into a USB port. You can release the button, two of the four LEDs should stay on. You're un bootloader mode, ready for the next step. In case the two LEDs don't stay on when you're releasing the button, you've an old bootloader, start over and keep the button pressed during the whole flashing procedure. +With your Proxmark3 unplugged from your machine, press and hold the button on your Proxmark3 as you plug it into a USB port. You can release the button, two of the four LEDs should stay on. You're in bootloader mode, ready for the next step. In case the two LEDs don't stay on when you're releasing the button, you've an old bootloader, start over and keep the button pressed during the whole flashing procedure. In principle, the helper script `pm3-flash-all` should auto-detect your port, so you can just try: diff --git a/doc/md/Installation_Instructions/Troubleshooting.md b/doc/md/Installation_Instructions/Troubleshooting.md index ab893d177..e727180bf 100644 --- a/doc/md/Installation_Instructions/Troubleshooting.md +++ b/doc/md/Installation_Instructions/Troubleshooting.md @@ -18,6 +18,7 @@ Always use the latest repository commits from *master* branch. There are always * [File not found](#file-not-found) * [Pixmap / pixbuf warnings](#pixmap--pixbuf-warnings) * [Usb cable](#usb-cable) + * [WSL 2 explorer.exe . doesnt work](WSL-2) ## `pm3` or `pm3-flash*` doesn't see my Proxmark @@ -164,3 +165,11 @@ If you get warnings related to pixmap or pixbuf such as *Pixbuf theme: Cannot lo It's needed to have a good USB cable to connect Proxmark3 to USB. If you have stability problems (Proxmark3 resets, firmware hangs, especially firmware hangs just after start, etc.) - check your cable with a USB tester (or try to change it). It needs to have a resistance smaller or equal to 0.3 Ohm. + +## WSL 2 +When ```explorer.exe .``` doesn't work. +Trying to access the dump files created in WSL, you will need to run ```explorer.exe .``` but sometimes this doesn't work. +[As seen here](https://github.com/microsoft/WSL/issues/4027) they suggest checking the following registry value for *P9NP* + +[](www.icedev.se/proxmark3/rdv40/wsl2_p9np.png) + diff --git a/doc/termux_notes.md b/doc/termux_notes.md index d86ec7f08..6b3eb132c 100644 --- a/doc/termux_notes.md +++ b/doc/termux_notes.md @@ -27,17 +27,38 @@ ref : https://github.com/Proxmark/proxmark3/wiki/android - [LineageOS (Android 8.1)](https://download.lineageos.org/) - [LineageOS kernel](https://download.lineageos.org/) - [Magisk 19.3](https://github.com/topjohnwu/Magisk/) + +- Xiaomi Mi Mix 2S (arm64, USB-C) + - [LineageOS (Android 9.0)](https://download.lineageos.org/) + - [Magisk 20.3](https://github.com/topjohnwu/Magisk/) + +- OnePlus 5T (arm64, USB-C) + - [LineageOS (Android 9.0)](https://download.lineageos.org/) + - [Franko Kernel](https://franco-lnx.net/) + - [Magisk 20.3](https://github.com/topjohnwu/Magisk/) + +- Samsung Galaxy Tab S2 (arm64, MicroUSB) + - [LineageOS (Android 9.0)](https://download.lineageos.org/) + - [LineageOS kernel](https://download.lineageos.org/) + - [Magisk 20.3](https://github.com/topjohnwu/Magisk/) + + ## Setup ### Setting up Termux -1. Install [Termux](https://play.google.com/store/apps/details?id=com.termux) and start it -2. Run the following commands: +Install [Termux](https://play.google.com/store/apps/details?id=com.termux) and start it +### Install Proxmark3 package +Run the following commands: +``` +pkg install proxmark3 tsu +``` +### Optional: Building Proxmark3 client from source ``` pkg install make clang clang++ readline libc++ git tsu git clone https://github.com/RfidResearchGroup/proxmark3.git +cd proxmark +make clean && make client ``` -### Building Proxmark3 client -1. `make clean && make client` ### USB_ACM You need the `USB_ACM` driver enabled and working to communicate with the Proxmark3. To see if it's working, run `tsudo ls /dev/tty*` and it should list `/dev/ttyACM0` (or similar). If you see this, congratulations, skip this step! diff --git a/fpga/fpga_lf.bit b/fpga/fpga_lf.bit index dd64db8a7..ba6b4322e 100644 Binary files a/fpga/fpga_lf.bit and b/fpga/fpga_lf.bit differ diff --git a/fpga/tests/plot_edgedetect.py b/fpga/tests/plot_edgedetect.py index 3249de6c2..63925bd99 100755 --- a/fpga/tests/plot_edgedetect.py +++ b/fpga/tests/plot_edgedetect.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 #----------------------------------------------------------------------------- # Copyright (C) 2014 iZsh # @@ -6,12 +6,22 @@ # at your option, any later version. See the LICENSE.txt file for the text of # the license. #----------------------------------------------------------------------------- -import numpy -import matplotlib.pyplot as plt + import sys +try: + import numpy +except ModuleNotFoundError: + print("Please install numpy module first.") + sys.exit(1) + +try: + import matplotlib.pyplot as plt +except ModuleNotFoundError: + print("Please install matplotlib module first.") + sys.exit(1) if len(sys.argv) != 2: - print "Usage: %s " % sys.argv[0] + print("Usage: %s " % sys.argv[0]) sys.exit(1) BASENAME = sys.argv[1] @@ -21,29 +31,15 @@ nx = numpy.fromfile(BASENAME + ".time") def plot_time(dat1): plt.plot(nx, dat1) -sig = open(BASENAME + ".filtered").read() -sig = map(lambda x: ord(x), sig) - -min_vals = open(BASENAME + ".min").read() -min_vals = map(lambda x: ord(x), min_vals) - -max_vals = open(BASENAME + ".max").read() -max_vals = map(lambda x: ord(x), max_vals) - -states = open(BASENAME + ".state").read() -states = map(lambda x: ord(x) * 10 + 65, states) - -toggles = open(BASENAME+ ".toggle").read() -toggles = map(lambda x: ord(x) * 10 + 80, toggles) - -high = open(BASENAME + ".high").read() -high = map(lambda x: ord(x), high) -highz = open(BASENAME + ".highz").read() -highz = map(lambda x: ord(x), highz) -lowz = open(BASENAME + ".lowz").read() -lowz = map(lambda x: ord(x), lowz) -low = open(BASENAME + ".low").read() -low = map(lambda x: ord(x), low) +sig = bytearray(open(BASENAME + ".filtered", 'rb').read()) +min_vals = bytearray(open(BASENAME + ".min", 'rb').read()) +max_vals = bytearray(open(BASENAME + ".max", 'rb').read()) +states = bytearray(open(BASENAME + ".state", 'rb').read()) +toggles = bytearray(open(BASENAME+ ".toggle", 'rb').read()) +high = bytearray(open(BASENAME + ".high", 'rb').read()) +highz = bytearray(open(BASENAME + ".highz", 'rb').read()) +lowz = bytearray(open(BASENAME + ".lowz", 'rb').read()) +low = bytearray(open(BASENAME + ".low", 'rb').read()) plot_time(sig) plot_time(min_vals) diff --git a/include/common.h b/include/common.h index 653000409..e7d6bba90 100644 --- a/include/common.h +++ b/include/common.h @@ -64,8 +64,8 @@ extern int DBGLEVEL; # define ROTR(x,n) (((uintmax_t)(x) >> (n)) | ((uintmax_t)(x) << ((sizeof(x) * 8) - (n)))) #endif -#ifndef ROTL -# define ROTL(x,n) (((uintmax_t)(x) << (n)) | ((uintmax_t)(x) >> ((sizeof(x) * 8) - (n)))) +#ifndef PM3_ROTL +# define PM3_ROTL(x,n) (((uintmax_t)(x) << (n)) | ((uintmax_t)(x) >> ((sizeof(x) * 8) - (n)))) #endif // endian change for 64bit diff --git a/include/mifare.h b/include/mifare.h index 63b14c117..b8df9a2ec 100644 --- a/include/mifare.h +++ b/include/mifare.h @@ -70,6 +70,16 @@ typedef struct { uint32_t ProxToAirDuration; uint8_t par; // enough for precalculated parity of 8 Byte responses } PACKED tag_response_info_t; + +// DESFIRE_RAW flag enums +typedef enum DESFIRE_COMMAND { + NONE = 0x00, + INIT = 0x01, + DISCONNECT = 0x02, + CLEARTRACE = 0x04, + BAR = 0x10, +} desfire_command_t; + //----------------------------------------------------------------------------- // ISO 14443B //----------------------------------------------------------------------------- diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index 32b2ba35c..8cffa892a 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -392,7 +392,8 @@ typedef struct { #define CMD_LF_T55XX_WAKEUP 0x0224 #define CMD_LF_COTAG_READ 0x0225 #define CMD_LF_T55XX_SET_CONFIG 0x0226 -#define CMD_LF_SAMPLING_GET_CONFIG 0x0227 +#define CMD_LF_SAMPLING_PRINT_CONFIG 0x0227 +#define CMD_LF_SAMPLING_GET_CONFIG 0x0228 #define CMD_LF_T55XX_CHK_PWDS 0x0230 #define CMD_LF_T55XX_DANGERRAW 0x0231 @@ -504,6 +505,8 @@ typedef struct { #define CMD_HF_MIFARE_SNIFF 0x0630 #define CMD_HF_MIFARE_MFKEY 0x0631 +#define CMD_HF_MIFARE_PERSONALIZE_UID 0x0632 + //ultralightC #define CMD_HF_MIFAREUC_AUTH 0x0724 //0x0725 and 0x0726 no longer used diff --git a/include/protocols.h b/include/protocols.h index e1d898d53..89038a789 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -163,6 +163,10 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define MIFARE_EV1_PERSONAL_UID 0x40 #define MIFARE_EV1_SETMODE 0x43 +#define MIFARE_EV1_UIDF0 0x00 +#define MIFARE_EV1_UIDF1 0x40 +#define MIFARE_EV1_UIDF2 0x20 +#define MIFARE_EV1_UIDF3 0x60 #define MIFARE_ULC_WRITE 0xA2 #define MIFARE_ULC_COMP_WRITE 0xA0 @@ -308,7 +312,7 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define PROTO_HITAG1 10 #define THINFILM 11 #define LTO 12 -#define PROTO_HITAG2 13 +#define PROTO_HITAG2 13 #define PROTO_HITAGS 14 //-- Picopass fuses @@ -381,6 +385,8 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define MFDES_CHANGE_KEY 0xc4 #define MFDES_GET_KEY_VERSION 0x64 #define MFDES_AUTHENTICATION_FRAME 0xAF +#define MFDES_ADDITIONAL_FRAME 0xAF +#define MFDES_READSIG 0x3C // LEGIC Commands #define LEGIC_MIM_22 0x0D @@ -595,7 +601,7 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define HITAG2_READ_PAGE 0x3 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits #define HITAG2_READ_PAGE_INVERTED 0x1 // page number in bits 5 to 3, page number inverted in bit 0 and following 2 bits -#define HITAG2_WRITE_PAGE 0x2 // page number in bits 5 to 3, page number +#define HITAG2_WRITE_PAGE 0x2 // page number in bits 5 to 3, page number // HITAG S commands diff --git a/pm3 b/pm3 index d40fb0a91..e702e277f 100755 --- a/pm3 +++ b/pm3 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Usage: run option -h to get help diff --git a/pm3-flash b/pm3-flash index e5cd5479d..c5e920c24 100755 --- a/pm3-flash +++ b/pm3-flash @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash PM3PATH=$(dirname "$0") . "$PM3PATH/pm3" diff --git a/pm3-flash-all b/pm3-flash-all index e5cd5479d..c5e920c24 100755 --- a/pm3-flash-all +++ b/pm3-flash-all @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash PM3PATH=$(dirname "$0") . "$PM3PATH/pm3" diff --git a/pm3-flash-bootrom b/pm3-flash-bootrom index e5cd5479d..c5e920c24 100755 --- a/pm3-flash-bootrom +++ b/pm3-flash-bootrom @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash PM3PATH=$(dirname "$0") . "$PM3PATH/pm3" diff --git a/pm3-flash-fullimage b/pm3-flash-fullimage index e5cd5479d..c5e920c24 100755 --- a/pm3-flash-fullimage +++ b/pm3-flash-fullimage @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash PM3PATH=$(dirname "$0") . "$PM3PATH/pm3" diff --git a/pm3test.sh b/pm3test.sh index de9134ba1..11b459ab4 100755 --- a/pm3test.sh +++ b/pm3test.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash PM3PATH=$(dirname "$0") cd "$PM3PATH" || exit 1 @@ -95,7 +95,8 @@ while true; do printf "\n${C_BLUE}Testing data manipulation:${C_NC}\n" if ! CheckExecute "reveng test" "./client/proxmark3 -c 'reveng -w 8 -s 01020304e3 010204039d'" "CRC-8/SMBUS"; then break; fi - + if ! CheckExecute "mfu pwdgen test" "./client/proxmark3 -c 'hf mfu pwdgen t'" "Selftest OK"; then break; fi + printf "\n${C_BLUE}Testing LF:${C_NC}\n" if ! CheckExecute "lf em4x05 test" "./client/proxmark3 -c 'data load traces/em4x05.pm3;lf search'" "FDX-B ID found"; then break; fi @@ -116,6 +117,11 @@ while true; do if ! CheckExecute "mfkey64 test" "tools/mfkey/mfkey64 9c599b32 82a4166c a1e458ce 6eea41e0 5cadf439" "Found Key: \[ffffffffffff\]"; then break; fi if ! CheckExecute "mfkey64 long trace test" "tools/mfkey/./mfkey64 14579f69 ce844261 f8049ccb 0525c84f 9431cc40 7093df99 9972428ce2e8523f456b99c831e769dced09 8ca6827b ab797fd369e8b93a86776b40dae3ef686efd c3c381ba 49e2c9def4868d1777670e584c27230286f4 fbdcd7c1 4abd964b07d3563aa066ed0a2eac7f6312bf 9f9149ea" "Found Key: \[091e639cb715\]"; then break; fi if ! CheckExecute "nonce2key test" "tools/nonce2key/nonce2key e9cadd9c a8bf4a12 a020a8285858b090 050f010607060e07 5693be6c00000000" "key recovered: fc00018778f7"; then break; fi + if ! CheckExecute "xorcheck test" "tools/xorcheck.py 04 00 80 64 ba" "final LRC XOR byte value: 5A"; then break; fi + if ! CheckExecute "findbits test" "tools/findbits.py 73 0110010101110011" "Match at bit 9: 011001010"; then break; fi + if ! CheckExecute "findbits_test test" "tools/findbits_test.py 2>&1" "OK"; then break; fi + if ! CheckExecute "pm3_eml_mfd test" "tools/pm3_eml_mfd_test.py 2>&1" "OK"; then break; fi + printf "\n${C_GREEN}Tests [OK]${C_NC}\n\n" exit 0 done diff --git a/tools/analyzesize.py b/tools/analyzesize.py index 889222c01..4d02f86ef 100755 --- a/tools/analyzesize.py +++ b/tools/analyzesize.py @@ -1,4 +1,4 @@ -#! /usr/bin/python3 +#! /usr/bin/env python3 import json import subprocess @@ -17,7 +17,7 @@ except FileNotFoundError: if len(sys.argv) < 3: print("Usage: analyzesize.py ") - exit(-1) + exit(2) action, name = sys.argv[1:3] currentdata = subprocess.run(["arm-none-eabi-size","armsrc/obj/fullimage.stage1.elf"], stdout=subprocess.PIPE).stdout currentdata = currentdata.split(b"\n")[1].strip() diff --git a/tools/btaddon/hc06_console_AT.py b/tools/btaddon/hc06_console_AT.py index 6520aa9aa..4b0d7fd96 100755 --- a/tools/btaddon/hc06_console_AT.py +++ b/tools/btaddon/hc06_console_AT.py @@ -2,7 +2,11 @@ import sys import time -import serial +try: + import serial +except ModuleNotFoundError: + print("Please install pyserial module first.") + sys.exit(1) if len(sys.argv) < 2: print('Usage: %s ' % sys.argv[0]) diff --git a/tools/btaddon/hc06_factory.py b/tools/btaddon/hc06_factory.py index f6d0f25b2..093f25322 100755 --- a/tools/btaddon/hc06_factory.py +++ b/tools/btaddon/hc06_factory.py @@ -1,7 +1,13 @@ #!/usr/bin/env python3 import time -import serial +import sys + +try: + import serial +except ModuleNotFoundError: + print("Please install pyserial module first.") + sys.exit(1) name = b'PM3_RDV4.0' pin = b'1234' diff --git a/tools/findbits.py b/tools/findbits.py index fb088d739..809465a2e 100755 --- a/tools/findbits.py +++ b/tools/findbits.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 # findbits.py - find Binary, Octal, Decimal or Hex number in bitstream # @@ -31,10 +31,9 @@ def invert(data): def search(target,data): location = data.find(target) if location >= 0: - print '*** Match at bit %d:' % location, - print '%s<%s>%s' % (data[:location],target,data[location+len(target):]) + print('*** Match at bit {:d}: {}<{}>{}'.format(location, data[:location],target,data[location+len(target):])) else: - print 'Not found' + print('Not found') # convert integer to binary string def binstring(number): @@ -49,32 +48,32 @@ def domatch(binary,number): reversed= stringreverse(number) inverted= invert(binary) - print ' Forward: (%s)' % number, + print(' Forward: (%s) ' % number, end = '') search(binary,number) - print ' Reverse: (%s)' % reversed, + print(' Reverse: (%s) ' % reversed, end = '') search(binary,reversed) - print ' Inverse: (%s)' % inverted - print ' Forward: (%s)' % number, + print(' Inverse: (%s) ' % inverted) + print(' Forward: (%s) ' % number, end = '') search(inverted,number) - print ' Reverse: (%s)' % reversed, + print(' Reverse: (%s) ' % reversed, end = '') search(inverted,reversed) def main(): if(len(sys.argv) < 3): - print - print '\t'+sys.argv[0] + ' - Search bitstream for a known number' - print - print 'Usage: ' + sys.argv[0] + ' ' - print - print '\tNUMBER will be converted to it\'s BINARY equivalent for all valid' - print '\tinstances of BINARY, OCTAL, DECIMAL and HEX, and the bitstream' - print '\tand it\'s inverse will be searched for a pattern match. Note that' - print '\tNUMBER must be specified in BINARY to match leading zeros.' - print - print 'Example:' - print - print '\tfindbits.py 73 0110010101110011' - print + print(""" +\t{0} - Search bitstream for a known number + +Usage: {0} + +\tNUMBER will be converted to it\'s BINARY equivalent for all valid +\tinstances of BINARY, OCTAL, DECIMAL and HEX, and the bitstream +\tand it\'s inverse will be searched for a pattern match. Note that +\tNUMBER must be specified in BINARY to match leading zeros. + +Example: + +\t{0} 73 0110010101110011 +""".format(sys.argv[0])) os._exit(True) bases= { @@ -84,11 +83,10 @@ def main(): 16:'HEX', } - for base, base_name in sorted(bases.iteritems()): + for base, base_name in sorted(bases.items()): try: number= int(sys.argv[1],base) - print - print 'Trying', base_name + print('\nTrying ' + base_name) # do BINARY as specified to preserve leading zeros if base == 2: domatch(sys.argv[1],sys.argv[2]) diff --git a/tools/findbits_test.py b/tools/findbits_test.py old mode 100644 new mode 100755 index db8dda8fa..403dae413 --- a/tools/findbits_test.py +++ b/tools/findbits_test.py @@ -1,6 +1,5 @@ -#!/usr/bin/python +#!/usr/bin/env python3 -from itertools import imap import unittest, sys, findbits class TestFindBits(unittest.TestCase): @@ -46,7 +45,7 @@ class TestFindBits(unittest.TestCase): def commutative_test(self, operation, cases): self.unary_operation_test(operation, cases) - self.unary_operation_test(operation, imap(reversed, cases)) + self.unary_operation_test(operation, map(reversed, cases)) def unary_operation_test(self, operation, cases): for case_in, case_out in cases: diff --git a/tools/fpga_compress/Makefile b/tools/fpga_compress/Makefile index 47f3c278c..5452f9083 100644 --- a/tools/fpga_compress/Makefile +++ b/tools/fpga_compress/Makefile @@ -22,4 +22,4 @@ $(OBJDIR)/libz.a: tarbin: $(BINS) $(info [=] TAR ../proxmark3-$(platform)-bin.tar) - $(Q)$(TAR) $(TARFLAGS) ../../proxmark3-$(platform)-bin.tar $(BINS:%=fpga_compress/%) $(WINBINS:%=fpga_compress/%) \ No newline at end of file + $(Q)$(TAR) $(TARFLAGS) ../../proxmark3-$(platform)-bin.tar $(BINS:%=fpga_compress/%) $(WINBINS:%=fpga_compress/%) diff --git a/tools/hitag2crack/crack2/HardwareProfile.h b/tools/hitag2crack/crack2/HardwareProfile.h index a2f804be6..bce139042 100644 --- a/tools/hitag2crack/crack2/HardwareProfile.h +++ b/tools/hitag2crack/crack2/HardwareProfile.h @@ -142,11 +142,11 @@ typedef int rtccDate; #ifndef __PIC32MX__ - #define __PIC32MX__ +#define __PIC32MX__ #endif - + #define GetSystemClock() (80000000ul) -#define GetPeripheralClock() (GetSystemClock()) +#define GetPeripheralClock() (GetSystemClock()) #define GetInstructionClock() (GetSystemClock()) //#define USE_SELF_POWER_SENSE_IO @@ -322,7 +322,7 @@ typedef int rtccDate; // spi for SD card #define SD_CARD_DET LATFbits.LATF0 #define SD_CARD_WE LATFbits.LATF1 // write enable - unused for microsd but allocated anyway as library checks it - // (held LOW by default - cut solder bridge to GND to free pin if required) +// (held LOW by default - cut solder bridge to GND to free pin if required) #define SPI_SD SPI_CHANNEL1 #define SPI_SD_BUFF SPI1BUF #define SPI_SD_STAT SPI1STATbits diff --git a/tools/hitag2crack/crack2/hitagcrypto.c b/tools/hitag2crack/crack2/hitagcrypto.c index 2334f8288..3c4f84bc6 100644 --- a/tools/hitag2crack/crack2/hitagcrypto.c +++ b/tools/hitag2crack/crack2/hitagcrypto.c @@ -228,19 +228,17 @@ static uint32_t hitag2_crypt(uint64_t x); #define pickbits1_2_1(S, A, B, C) ( ((S >> A) & 1) | ((S >> (B - 1)) & 6) | \ ((S >> (C - 3)) & 8) ) - -static uint32_t hitag2_crypt(uint64_t s) -{ +static uint32_t hitag2_crypt(uint64_t x) { const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 uint32_t bitindex; - bitindex = (ht2_function4a >> pickbits2_2 (s, 1, 4)) & 1; - bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2 (s, 7, 11, 13)) & 0x02; - bitindex |= ((ht2_function4b << 2) >> pickbits1x4 (s, 16, 20, 22, 25)) & 0x04; - bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1 (s, 27, 30, 32)) & 0x08; - bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(s, 33, 42, 45)) & 0x10; + bitindex = (ht2_function4a >> pickbits2_2(x, 1, 4)) & 1; + bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2(x, 7, 11, 13)) & 0x02; + bitindex |= ((ht2_function4b << 2) >> pickbits1x4(x, 16, 20, 22, 25)) & 0x04; + bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1(x, 27, 30, 32)) & 0x08; + bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(x, 33, 42, 45)) & 0x10; DEBUG_PRINTF("hitag2_crypt bitindex = %02x\n", bitindex); return (ht2_function5c >> bitindex) & 1; @@ -253,13 +251,12 @@ static uint32_t hitag2_crypt(uint64_t s) * uint32_t serialnum - 32 bit tag serial number * uint32_t initvector - 32 bit random IV from reader, part of tag authentication */ -void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector) -{ +void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector) { // init state, from serial number and lowest 16 bits of shared key uint64_t state = ((sharedkey & 0xFFFF) << 32) | serialnum; // mix the initialisation vector and highest 32 bits of the shared key - initvector ^= (uint32_t) (sharedkey >> 16); + initvector ^= (uint32_t)(sharedkey >> 16); // move 16 bits from (IV xor Shared Key) to top of uint64_t state // these will be XORed in turn with output of the crypto function @@ -320,9 +317,9 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui // optimise with one 64-bit intermediate uint64_t temp = state ^ (state >> 1); pstate->lfsr = state ^ (state >> 6) ^ (state >> 16) - ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) - ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) - ^ (temp >> 42) ^ (temp >> 46); + ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) + ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) + ^ (temp >> 42) ^ (temp >> 46); } } @@ -338,8 +335,7 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui * Hitag_State* pstate - in/out, internal cipher state after initialisation * uint32_t steps - number of bits requested, (capped at 32) */ -uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps) -{ +uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps) { uint64_t state = pstate->shiftreg; uint32_t result = 0; uint64_t lfsr = pstate->lfsr; @@ -448,7 +444,7 @@ unsigned hitag2_verifytest() const uint64_t key = rev64 (0x524B494D4E4FUL); const uint32_t serial = rev32 (0x69574349); const uint32_t initvec = rev32 (0x72456E65); - + uint32_t i; Hitag_State state; @@ -471,11 +467,10 @@ unsigned hitag2_verifytest() #ifdef UNIT_TEST -int main(int argc, char* argv[]) -{ +int main(int argc, char *argv[]) { unsigned pass = hitag2_verifytest(); - printf ("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL"); + printf("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL"); if (pass) { hitag2_benchtest(10000); diff --git a/tools/hitag2crack/crack2/hitagcrypto.h b/tools/hitag2crack/crack2/hitagcrypto.h index d5aa9104c..46d447370 100644 --- a/tools/hitag2crack/crack2/hitagcrypto.h +++ b/tools/hitag2crack/crack2/hitagcrypto.h @@ -159,9 +159,9 @@ typedef struct { uint64_t lfsr; // fast lfsr, used to make software faster } Hitag_State; -void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector); +void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector); -uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps); +uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps); unsigned int hitag2_benchtest_gen32(); unsigned int hitag2_benchtest(uint32_t count); diff --git a/tools/hitag2crack/crack2/ht2crack2buildtable.c b/tools/hitag2crack/crack2/ht2crack2buildtable.c index 402c5b245..0aca200ef 100644 --- a/tools/hitag2crack/crack2/ht2crack2buildtable.c +++ b/tools/hitag2crack/crack2/ht2crack2buildtable.c @@ -18,7 +18,7 @@ // // If sorting fails with a 'bus error' then that is likely because your disk I/O can't keep up with // the read/write demands of the multi-threaded sorting. In this case, reduce the number of sorting -// threads. This will most likely only be a problem with network disks; SATA should be okay; +// threads. This will most likely only be a problem with network disks; SATA should be okay; // USB2/3 should keep up. // // These MUST be a power of 2 for the maths to work - you have been warned! @@ -53,8 +53,7 @@ uint64_t d2[48]; int nsteps2; // create table entry -void create_table(struct table *t, int d1, int d2) -{ +void create_table(struct table *t, int d1, int d2) { if (!t) { printf("create_table: t is NULL\n"); exit(1); @@ -83,8 +82,7 @@ void create_table(struct table *t, int d1, int d2) // create all table entries -void create_tables(struct table *t) -{ +void create_tables(struct table *t) { int i, j; if (!t) { @@ -92,8 +90,8 @@ void create_tables(struct table *t) exit(1); } - for (i=0; i<0x100; i++) { - for (j=0; j<0x100; j++) { + for (i = 0; i < 0x100; i++) { + for (j = 0; j < 0x100; j++) { create_table(t + ((i * 0x100) + j), i, j); } } @@ -101,8 +99,7 @@ void create_tables(struct table *t) // free the table memory -void free_tables(struct table *t) -{ +void free_tables(struct table *t) { int i; struct table *ttmp; @@ -111,7 +108,7 @@ void free_tables(struct table *t) exit(1); } - for (i=0; i<0x10000; i++) { + for (i = 0; i < 0x10000; i++) { ttmp = t + i; free(ttmp->data); } @@ -120,8 +117,7 @@ void free_tables(struct table *t) // write (partial) table to file -void writetable(struct table *t1) -{ +void writetable(struct table *t1) { int fd; if (debug) printf("writetable %s\n", t1->path); @@ -146,18 +142,17 @@ void writetable(struct table *t1) // store value in table -void store(unsigned char *data) -{ - unsigned char d1, d2; +void store(unsigned char *data) { + unsigned char d_1, d_2; int offset; struct table *t1; // use the first two bytes as an index - d1 = data[0]; - d2 = data[1]; - offset = (d1 * 0x100) + d2; + d_1 = data[0]; + d_2 = data[1]; + offset = (d_1 * 0x100) + d_2; - if (debug) printf("store, d1=%02X, d2=%02X, offset = %d\n", d1, d2, offset); + if (debug) printf("store, d1=%02X, d2=%02X, offset = %d\n", d_1, d_2, offset); // get pointer to table entry t1 = t + offset; @@ -171,7 +166,7 @@ void store(unsigned char *data) if (debug) printf("store, offset = %d, got lock\n", offset); // store the entry - memcpy(t1->ptr, data+2, 10); + memcpy(t1->ptr, data + 2, 10); if (debug) printf("store, offset = %d, copied data\n", offset); @@ -199,14 +194,13 @@ void store(unsigned char *data) } // writes the ks (keystream) and s (state) -void write_ks_s(uint32_t ks1, uint32_t ks2, uint64_t shiftreg) -{ +void write_ks_s(uint32_t ks1, uint32_t ks2, uint64_t shiftreg) { unsigned char buf[16]; // create buffer writebuf(buf, ks1, 3); - writebuf(buf+3, ks2, 3); - writebuf(buf+6, shiftreg, 6); + writebuf(buf + 3, ks2, 3); + writebuf(buf + 6, shiftreg, 6); // store buffer store(buf); @@ -215,8 +209,7 @@ void write_ks_s(uint32_t ks1, uint32_t ks2, uint64_t shiftreg) // builds the di table for jumping -void builddi(int steps, int table) -{ +void builddi(int steps, int table) { uint64_t statemask; int i; Hitag_State mystate; @@ -237,7 +230,7 @@ void builddi(int steps, int table) } // build di states - for (i=0; i<48; i++) { + for (i = 0; i < 48; i++) { mystate.shiftreg = statemask; buildlfsr(&mystate); hitag2_nstep(&mystate, steps); @@ -248,8 +241,7 @@ void builddi(int steps, int table) } // jump function - quickly jumps a load of steps -void jumpnsteps(Hitag_State *hstate, int table) -{ +void jumpnsteps(Hitag_State *hstate, int table) { uint64_t output = 0; uint64_t bitmask; int i; @@ -271,7 +263,7 @@ void jumpnsteps(Hitag_State *hstate, int table) // if si is 1, di.si = di; if si is 0, di.si = 0 bitmask = 1; - for (i=0; i<48; i++) { + for (i = 0; i < 48; i++) { if (hstate->shiftreg & bitmask) { output = output ^ thisd[i]; } @@ -281,12 +273,11 @@ void jumpnsteps(Hitag_State *hstate, int table) hstate->shiftreg = output; buildlfsr(hstate); -} +} // thread to build a part of the table -void *buildtable(void *d) -{ +void *buildtable(void *d) { Hitag_State hstate; Hitag_State hstate2; unsigned long i; @@ -301,7 +292,7 @@ void *buildtable(void *d) buildlfsr(&hstate); /* jump to offset using jump table 2 (2048) */ - for (i=0; iptr > t1->data) { writetable(t1); @@ -531,7 +518,7 @@ int main(int argc, char *argv[]) // start the threads - for (i=0; ilen); i++) { + for (i = 0; (i < filestat.st_size) && (j < r->len); i++) { if ((data[i] != 0x0a) && (data[i] != 0x0d) && (data[i] != 0x20)) { if (!nibble) { r->data[j] = hex2bin(data[i]) << 4; @@ -93,8 +91,7 @@ int loadrngdata(struct rngdata *r, char *file) return 1; } -int makecand(unsigned char *c, struct rngdata *r, int bitoffset) -{ +int makecand(unsigned char *c, struct rngdata *r, int bitoffset) { int bytenum; int bitnum; int i; @@ -107,7 +104,7 @@ int makecand(unsigned char *c, struct rngdata *r, int bitoffset) bytenum = bitoffset / 8; bitnum = bitoffset % 8; - for (i=0; i<6; i++) { + for (i = 0; i < 6; i++) { if (!bitnum) { c[i] = r->data[bytenum + i]; } else { @@ -120,8 +117,7 @@ int makecand(unsigned char *c, struct rngdata *r, int bitoffset) // test the candidate against the next or previous rng data -int testcand(unsigned char *f, unsigned char *rt, int fwd) -{ +int testcand(unsigned char *f, unsigned char *rt, int fwd) { Hitag_State hstate; int i; uint32_t ks1; @@ -130,8 +126,8 @@ int testcand(unsigned char *f, unsigned char *rt, int fwd) // build the prng state at the candidate hstate.shiftreg = 0; - for (i=0; i<6; i++) { - hstate.shiftreg = (hstate.shiftreg << 8) | f[i+4]; + for (i = 0; i < 6; i++) { + hstate.shiftreg = (hstate.shiftreg << 8) | f[i + 4]; } buildlfsr(&hstate); @@ -149,7 +145,7 @@ int testcand(unsigned char *f, unsigned char *rt, int fwd) ks2 = hitag2_nstep(&hstate, 24); writebuf(buf, ks1, 3); - writebuf(buf+3, ks2, 3); + writebuf(buf + 3, ks2, 3); // compare them if (!memcmp(buf, rt, 6)) { @@ -159,8 +155,7 @@ int testcand(unsigned char *f, unsigned char *rt, int fwd) } } -int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, unsigned char *s) -{ +int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, unsigned char *s) { int fd; struct stat filestat; char file[64]; @@ -193,7 +188,7 @@ int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, u exit(1); } - memcpy(item, c+2, 4); + memcpy(item, c + 2, 4); found = (unsigned char *)bsearch(item, data, filestat.st_size / DATASIZE, DATASIZE, datacmp); @@ -209,13 +204,13 @@ int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, u while (((found - data) <= (filestat.st_size - DATASIZE)) && (!memcmp(found, item, 4))) { if (testcand(found, rt, fwd)) { memcpy(m, c, 2); - memcpy(m+2, found, 4); - memcpy(s, found+4, 6); + memcpy(m + 2, found, 4); + memcpy(s, found + 4, 6); munmap(data, filestat.st_size); close(fd); return 1; - } + } found = found + DATASIZE; } @@ -228,8 +223,7 @@ int searchcand(unsigned char *c, unsigned char *rt, int fwd, unsigned char *m, u } -int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstate, int *bitoffset) -{ +int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstate, int *bitoffset) { int i; int bitlen; unsigned char cand[6]; @@ -243,7 +237,7 @@ int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstat bitlen = r->len * 8; - for (i=0; i<=bitlen - 48; i++) { + for (i = 0; i <= bitlen - 48; i++) { // print progress if ((i % 100) == 0) { printf("searching on bit %d\n", i); @@ -283,8 +277,7 @@ int findmatch(struct rngdata *r, unsigned char *outmatch, unsigned char *outstat -void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset) -{ +void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset) { int i; if (!s) { @@ -294,7 +287,7 @@ void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset) // build prng at recovered offset hstate->shiftreg = 0; - for (i=0; i<6; i++) { + for (i = 0; i < 6; i++) { hstate->shiftreg = (hstate->shiftreg << 8) | s[i]; } @@ -313,8 +306,7 @@ void rollbackrng(Hitag_State *hstate, unsigned char *s, int offset) } -uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr) -{ +uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr) { uint64_t key; uint64_t keyupper; uint32_t uid; @@ -333,7 +325,7 @@ uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr) uidtmp = uid; // rollback and extract bits b - for (i=0; i<32; i++) { + for (i = 0; i < 32; i++) { hstate->shiftreg = ((hstate->shiftreg) << 1) | ((uidtmp >> 31) & 0x1); uidtmp = uidtmp << 1; b = (b << 1) | fnf(hstate->shiftreg); @@ -364,8 +356,7 @@ uint64_t recoverkey(Hitag_State *hstate, char *uidstr, char *nRstr) } -int main(int argc, char *argv[]) -{ +int main(int argc, char *argv[]) { Hitag_State hstate; struct rngdata rng; int bitoffset = 0; @@ -420,7 +411,7 @@ int main(int argc, char *argv[]) printf("\n"); printf("KEY:\t\t"); - for (i=0; i<6; i++) { + for (i = 0; i < 6; i++) { printf("%02X", (int)(key & 0xff)); key = key >> 8; } diff --git a/tools/hitag2crack/crack2/ht2crack2utils.c b/tools/hitag2crack/crack2/ht2crack2utils.c index 2152f8ef3..75d4c27a9 100644 --- a/tools/hitag2crack/crack2/ht2crack2utils.c +++ b/tools/hitag2crack/crack2/ht2crack2utils.c @@ -1,13 +1,11 @@ #include "ht2crack2utils.h" // writes a value into a buffer as a series of bytes -void writebuf(unsigned char *buf, uint64_t val, unsigned int len) -{ +void writebuf(unsigned char *buf, uint64_t val, unsigned int len) { int i; char c; - for (i=len-1; i>=0; i--) - { + for (i = len - 1; i >= 0; i--) { c = val & 0xff; buf[i] = c; val = val >> 8; @@ -17,18 +15,17 @@ void writebuf(unsigned char *buf, uint64_t val, unsigned int len) /* simple hexdump for testing purposes */ -void shexdump(unsigned char *data, int data_len) -{ +void shexdump(unsigned char *data, int data_len) { int i; if (!data || (data_len <= 0)) { printf("shexdump: invalid parameters\n"); return; } - + printf("Hexdump from %p:\n", data); - for (i=0; i> 7); x = x << 1; } @@ -60,14 +56,13 @@ void printbin(unsigned char *c) } -void printbin2(uint64_t val, unsigned int size) -{ +void printbin2(uint64_t val, unsigned int size) { int i; uint64_t mask = 1; mask = mask << (size - 1); - for (i=0; ishiftreg, 48); printf("\n"); @@ -89,8 +83,7 @@ void printstate(Hitag_State *hstate) // convert hex char to binary -unsigned char hex2bin(unsigned char c) -{ +unsigned char hex2bin(unsigned char c) { if ((c >= '0') && (c <= '9')) { return (c - '0'); } else if ((c >= 'a') && (c <= 'f')) { @@ -103,8 +96,7 @@ unsigned char hex2bin(unsigned char c) } // return a single bit from a value -int bitn(uint64_t x, int bit) -{ +int bitn(uint64_t x, int bit) { uint64_t bitmask = 1; bitmask = bitmask << bit; @@ -118,20 +110,18 @@ int bitn(uint64_t x, int bit) // the sub-function R that rollback depends upon -int fnR(uint64_t x) -{ +int fnR(uint64_t x) { // renumbered bits because my state is 0-47, not 1-48 return (bitn(x, 1) ^ bitn(x, 2) ^ bitn(x, 5) ^ bitn(x, 6) ^ bitn(x, 7) ^ - bitn(x, 15) ^ bitn(x, 21) ^ bitn(x, 22) ^ bitn(x, 25) ^ bitn(x, 29) ^ bitn(x, 40) ^ - bitn(x, 41) ^ bitn(x, 42) ^ bitn(x, 45) ^ bitn(x, 46) ^ bitn(x, 47)); + bitn(x, 15) ^ bitn(x, 21) ^ bitn(x, 22) ^ bitn(x, 25) ^ bitn(x, 29) ^ bitn(x, 40) ^ + bitn(x, 41) ^ bitn(x, 42) ^ bitn(x, 45) ^ bitn(x, 46) ^ bitn(x, 47)); } // the rollback function that lets us go backwards in time -void rollback(Hitag_State *hstate, unsigned int steps) -{ +void rollback(Hitag_State *hstate, unsigned int steps) { int i; - for (i=0; ishiftreg = ((hstate->shiftreg << 1) & 0xffffffffffff) | fnR(hstate->shiftreg); } @@ -139,24 +129,20 @@ void rollback(Hitag_State *hstate, unsigned int steps) // the three filter sub-functions that feed fnf -int fa(unsigned int i) -{ +int fa(unsigned int i) { return bitn(0x2C79, i); } -int fb(unsigned int i) -{ +int fb(unsigned int i) { return bitn(0x6671, i); } -int fc(unsigned int i) -{ +int fc(unsigned int i) { return bitn(0x7907287B, i); } // the filter function that generates a bit of output from the prng state -int fnf(uint64_t s) -{ +int fnf(uint64_t s) { unsigned int x1, x2, x3, x4, x5, x6; x1 = (bitn(s, 2) << 0) | (bitn(s, 3) << 1) | (bitn(s, 5) << 2) | (bitn(s, 6) << 3); @@ -171,16 +157,15 @@ int fnf(uint64_t s) } // builds the lfsr for the prng (quick calcs for hitag2_nstep()) -void buildlfsr(Hitag_State *hstate) -{ +void buildlfsr(Hitag_State *hstate) { uint64_t state = hstate->shiftreg; uint64_t temp; temp = state ^ (state >> 1); hstate->lfsr = state ^ (state >> 6) ^ (state >> 16) - ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) - ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) - ^ (temp >> 42) ^ (temp >> 46); + ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) + ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) + ^ (temp >> 42) ^ (temp >> 46); } diff --git a/tools/hitag2crack/crack2/rfidler.h b/tools/hitag2crack/crack2/rfidler.h index c8ce90396..933547e6b 100644 --- a/tools/hitag2crack/crack2/rfidler.h +++ b/tools/hitag2crack/crack2/rfidler.h @@ -336,7 +336,7 @@ extern rtccDate RTC_date; // date structure #define TAG_TYPE_AWID_26 17 #define TAG_TYPE_EM4X05 18 #define TAG_TYPE_TAMAGOTCHI 19 -#define TAG_TYPE_HDX 20 // same underlying data as FDX-B, but different modulation & telegram +#define TAG_TYPE_HDX 20 // same underlying data as FDX-B, but different modulation & telegram // various diff --git a/tools/hitag2crack/crack2/runtest.sh b/tools/hitag2crack/crack2/runtest.sh index bcc08727c..2d9256d94 100755 --- a/tools/hitag2crack/crack2/runtest.sh +++ b/tools/hitag2crack/crack2/runtest.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash if [ "$1" == "" ]; then echo "runtest.sh testfile" diff --git a/tools/hitag2crack/crack2/util.h b/tools/hitag2crack/crack2/util.h index c0d4c156a..c20fdf3c2 100644 --- a/tools/hitag2crack/crack2/util.h +++ b/tools/hitag2crack/crack2/util.h @@ -182,7 +182,7 @@ unsigned char getbit(unsigned char byte, unsigned char bit); void bytestohex(unsigned char *target, unsigned char *source, unsigned int length); unsigned int manchester_encode(unsigned char *target, unsigned char *source, unsigned int length); unsigned int manchester_decode(unsigned char *target, unsigned char *source, unsigned int length); -char * strip_newline(char *buff); +char *strip_newline(char *buff); BOOL command_ack(BOOL data); BOOL command_nack(BYTE *reason); BOOL command_unknown(void); diff --git a/tools/hitag2crack/crack2/utilpart.c b/tools/hitag2crack/crack2/utilpart.c index 210853ec1..c46148491 100644 --- a/tools/hitag2crack/crack2/utilpart.c +++ b/tools/hitag2crack/crack2/utilpart.c @@ -142,19 +142,17 @@ rtccTime RTC_time; // time structure rtccDate RTC_date; // date structure // convert byte-reversed 8 digit hex to unsigned long -unsigned long hexreversetoulong(BYTE *hex) -{ - unsigned long ret= 0L; +unsigned long hexreversetoulong(BYTE *hex) { + unsigned long ret = 0L; unsigned int x; BYTE i; - if(strlen(hex) != 8) + if (strlen(hex) != 8) return 0L; - for(i= 0 ; i < 4 ; ++i) - { - if(sscanf(hex, "%2X", &x) != 1) - return 0L; + for (i = 0 ; i < 4 ; ++i) { + if (sscanf(hex, "%2X", &x) != 1) + return 0L; ret += ((unsigned long) x) << i * 8; hex += 2; } @@ -162,18 +160,17 @@ unsigned long hexreversetoulong(BYTE *hex) } // convert byte-reversed 12 digit hex to unsigned long -unsigned long long hexreversetoulonglong(BYTE *hex) -{ - unsigned long long ret= 0LL; +unsigned long long hexreversetoulonglong(BYTE *hex) { + unsigned long long ret = 0LL; BYTE tmp[9]; - - // this may seem an odd way to do it, but weird compiler issues were + + // this may seem an odd way to do it, but weird compiler issues were // breaking direct conversion! - - tmp[8]= '\0'; + + tmp[8] = '\0'; memset(tmp + 4, '0', 4); memcpy(tmp, hex + 8, 4); - ret= hexreversetoulong(tmp); + ret = hexreversetoulong(tmp); ret <<= 32; memcpy(tmp, hex, 8); ret += hexreversetoulong(tmp); diff --git a/tools/hitag2crack/crack3/HardwareProfile.h b/tools/hitag2crack/crack3/HardwareProfile.h index a2f804be6..bce139042 100644 --- a/tools/hitag2crack/crack3/HardwareProfile.h +++ b/tools/hitag2crack/crack3/HardwareProfile.h @@ -142,11 +142,11 @@ typedef int rtccDate; #ifndef __PIC32MX__ - #define __PIC32MX__ +#define __PIC32MX__ #endif - + #define GetSystemClock() (80000000ul) -#define GetPeripheralClock() (GetSystemClock()) +#define GetPeripheralClock() (GetSystemClock()) #define GetInstructionClock() (GetSystemClock()) //#define USE_SELF_POWER_SENSE_IO @@ -322,7 +322,7 @@ typedef int rtccDate; // spi for SD card #define SD_CARD_DET LATFbits.LATF0 #define SD_CARD_WE LATFbits.LATF1 // write enable - unused for microsd but allocated anyway as library checks it - // (held LOW by default - cut solder bridge to GND to free pin if required) +// (held LOW by default - cut solder bridge to GND to free pin if required) #define SPI_SD SPI_CHANNEL1 #define SPI_SD_BUFF SPI1BUF #define SPI_SD_STAT SPI1STATbits diff --git a/tools/hitag2crack/crack3/hitagcrypto.c b/tools/hitag2crack/crack3/hitagcrypto.c index 422efbe92..21662b43e 100644 --- a/tools/hitag2crack/crack3/hitagcrypto.c +++ b/tools/hitag2crack/crack3/hitagcrypto.c @@ -229,18 +229,17 @@ static uint32_t hitag2_crypt(uint64_t x); ((S >> (C - 3)) & 8) ) -static uint32_t hitag2_crypt(uint64_t s) -{ +static uint32_t hitag2_crypt(uint64_t x) { const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 uint32_t bitindex; - bitindex = (ht2_function4a >> pickbits2_2 (s, 1, 4)) & 1; - bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2 (s, 7, 11, 13)) & 0x02; - bitindex |= ((ht2_function4b << 2) >> pickbits1x4 (s, 16, 20, 22, 25)) & 0x04; - bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1 (s, 27, 30, 32)) & 0x08; - bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(s, 33, 42, 45)) & 0x10; + bitindex = (ht2_function4a >> pickbits2_2(x, 1, 4)) & 1; + bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2(x, 7, 11, 13)) & 0x02; + bitindex |= ((ht2_function4b << 2) >> pickbits1x4(x, 16, 20, 22, 25)) & 0x04; + bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1(x, 27, 30, 32)) & 0x08; + bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(x, 33, 42, 45)) & 0x10; DEBUG_PRINTF("hitag2_crypt bitindex = %02x\n", bitindex); return (ht2_function5c >> bitindex) & 1; @@ -253,13 +252,12 @@ static uint32_t hitag2_crypt(uint64_t s) * uint32_t serialnum - 32 bit tag serial number * uint32_t initvector - 32 bit random IV from reader, part of tag authentication */ -void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector) -{ +void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector) { // init state, from serial number and lowest 16 bits of shared key uint64_t state = ((sharedkey & 0xFFFF) << 32) | serialnum; // mix the initialisation vector and highest 32 bits of the shared key - initvector ^= (uint32_t) (sharedkey >> 16); + initvector ^= (uint32_t)(sharedkey >> 16); // move 16 bits from (IV xor Shared Key) to top of uint64_t state // these will be XORed in turn with output of the crypto function @@ -320,9 +318,9 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui // optimise with one 64-bit intermediate uint64_t temp = state ^ (state >> 1); pstate->lfsr = state ^ (state >> 6) ^ (state >> 16) - ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) - ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) - ^ (temp >> 42) ^ (temp >> 46); + ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) + ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) + ^ (temp >> 42) ^ (temp >> 46); } } @@ -338,8 +336,7 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui * Hitag_State* pstate - in/out, internal cipher state after initialisation * uint32_t steps - number of bits requested, (capped at 32) */ -uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps) -{ +uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps) { uint64_t state = pstate->shiftreg; uint32_t result = 0; uint64_t lfsr = pstate->lfsr; @@ -446,7 +443,7 @@ unsigned hitag2_verifytest() const uint64_t key = rev64 (0x524B494D4E4FUL); const uint32_t serial = rev32 (0x69574349); const uint32_t initvec = rev32 (0x72456E65); - + uint32_t i; Hitag_State state; @@ -469,11 +466,10 @@ unsigned hitag2_verifytest() #ifdef UNIT_TEST -int main(int argc, char* argv[]) -{ +int main(int argc, char *argv[]) { unsigned pass = hitag2_verifytest(); - printf ("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL"); + printf("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL"); if (pass) { hitag2_benchtest(10000); diff --git a/tools/hitag2crack/crack3/hitagcrypto.h b/tools/hitag2crack/crack3/hitagcrypto.h index d5aa9104c..46d447370 100644 --- a/tools/hitag2crack/crack3/hitagcrypto.h +++ b/tools/hitag2crack/crack3/hitagcrypto.h @@ -159,9 +159,9 @@ typedef struct { uint64_t lfsr; // fast lfsr, used to make software faster } Hitag_State; -void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector); +void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector); -uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps); +uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps); unsigned int hitag2_benchtest_gen32(); unsigned int hitag2_benchtest(uint32_t count); diff --git a/tools/hitag2crack/crack3/ht2crack3.c b/tools/hitag2crack/crack3/ht2crack3.c index 190f8197d..da35bbd14 100644 --- a/tools/hitag2crack/crack3/ht2crack3.c +++ b/tools/hitag2crack/crack3/ht2crack3.c @@ -1,6 +1,7 @@ #include #include #include +#include #include "HardwareProfile.h" #include "rfidler.h" @@ -34,11 +35,10 @@ struct threaddata { uint64_t klowerrange; }; -void printbin(uint64_t val) -{ +void printbin(uint64_t val) { int i; - for (i=0; i<64; i++) { + for (i = 0; i < 64; i++) { if (val & 0x8000000000000000) { printf("1"); } else { @@ -48,8 +48,7 @@ void printbin(uint64_t val) } } -void printstate(Hitag_State *hstate) -{ +void printstate(Hitag_State *hstate) { printf("shiftreg =\t"); printbin(hstate->shiftreg); printf("\n"); @@ -70,17 +69,16 @@ void printstate(Hitag_State *hstate) ((S >> (C - 3)) & 8) ) -static uint32_t hitag2_crypt(uint64_t s) -{ +static uint32_t hitag2_crypt(uint64_t s) { const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 uint32_t bitindex; - bitindex = (ht2_function4a >> pickbits2_2 (s, 1, 4)) & 1; - bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2 (s, 7, 11, 13)) & 0x02; - bitindex |= ((ht2_function4b << 2) >> pickbits1x4 (s, 16, 20, 22, 25)) & 0x04; - bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1 (s, 27, 30, 32)) & 0x08; + bitindex = (ht2_function4a >> pickbits2_2(s, 1, 4)) & 1; + bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2(s, 7, 11, 13)) & 0x02; + bitindex |= ((ht2_function4b << 2) >> pickbits1x4(s, 16, 20, 22, 25)) & 0x04; + bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1(s, 27, 30, 32)) & 0x08; bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(s, 33, 42, 45)) & 0x10; return (ht2_function5c >> bitindex) & 1; @@ -89,17 +87,16 @@ static uint32_t hitag2_crypt(uint64_t s) // this function is a modification of the filter function f, based heavily // on the hitag2_crypt function in Rfidler -int fnP(uint64_t klowery) -{ +int fnP(uint64_t klowery) { const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 const uint32_t ht2_function4p = 0xAE83; // 1010 1110 1000 0011 uint32_t i; - i = (ht2_function4a >> pickbits2_2 (klowery, 2, 5)) & 1; - i |= ((ht2_function4b << 1) >> pickbits1_1_2 (klowery, 8, 12, 14)) & 0x02; - i |= ((ht2_function4b << 2) >> pickbits1x4 (klowery, 17, 21, 23, 26)) & 0x04; - i |= ((ht2_function4b << 3) >> pickbits2_1_1 (klowery, 28, 31, 33)) & 0x08; + i = (ht2_function4a >> pickbits2_2(klowery, 2, 5)) & 1; + i |= ((ht2_function4b << 1) >> pickbits1_1_2(klowery, 8, 12, 14)) & 0x02; + i |= ((ht2_function4b << 2) >> pickbits1x4(klowery, 17, 21, 23, 26)) & 0x04; + i |= ((ht2_function4b << 3) >> pickbits2_1_1(klowery, 28, 31, 33)) & 0x08; // modified to use reference implementation approach // orig fc table is 0x7907287B = 0111 1001 0000 0111 0010 1000 0111 1011 @@ -109,8 +106,7 @@ int fnP(uint64_t klowery) } // comparison function for sorting/searching Tklower entries -int Tk_cmp(const void *v1, const void *v2) -{ +int Tk_cmp(const void *v1, const void *v2) { const struct Tklower *Tk1 = (struct Tklower *)v1; const struct Tklower *Tk2 = (struct Tklower *)v2; @@ -148,8 +144,7 @@ int is_kmiddle_badguess(uint64_t z, struct Tklower *Tk, int max, int aR0) { } // function to test if a partial key is valid -int testkey(uint64_t *out, uint64_t uid, uint64_t pkey, uint64_t nR, uint64_t aR) -{ +int testkey(uint64_t *out, uint64_t uid, uint64_t pkey, uint64_t nR, uint64_t aR) { uint64_t kupper; uint64_t key; Hitag_State hstate; @@ -162,7 +157,7 @@ int testkey(uint64_t *out, uint64_t uid, uint64_t pkey, uint64_t nR, uint64_t aR normaR = ((revaR >> 24) | ((revaR >> 8) & 0xff00) | ((revaR << 8) & 0xff0000) | (revaR << 24)); // search for remaining 14 bits - for (kupper=0; kupper < 0x3fff; kupper++) { + for (kupper = 0; kupper < 0x3fff; kupper++) { key = (kupper << 34) | pkey; hitag2_init(&hstate, key, uid, nR); b = hitag2_nstep(&hstate, 32); @@ -170,7 +165,7 @@ int testkey(uint64_t *out, uint64_t uid, uint64_t pkey, uint64_t nR, uint64_t aR *out = key; return 1; } - } + } return 0; } @@ -205,8 +200,7 @@ int testkey(uint64_t *out, uint64_t uid, uint64_t pkey, uint64_t nR, uint64_t aR // effectively work out candidates for the lower 34 bits of the key. -void *crack(void *d) -{ +void *crack(void *d) { struct threaddata *data = (struct threaddata *)d; uint64_t uid; struct nRaR *TnRaR; @@ -249,11 +243,11 @@ void *crack(void *d) } // find keys - for (klower=data->klowerstart; klower < (data->klowerstart + data->klowerrange); klower++) { - printf("trying klower = 0x%05lx\n", klower); + for (klower = data->klowerstart; klower < (data->klowerstart + data->klowerrange); klower++) { + printf("trying klower = 0x%05"PRIx64"\n", klower); // build table count = 0; - for (y=0; y<0x40000; y++) { + for (y = 0; y < 0x40000; y++) { // create klowery klowery = (y << 16) | klower; // check for cases where right most bit of fc doesn't matter @@ -268,9 +262,9 @@ void *crack(void *d) // insert y into shiftreg and extract keystream, reversed order b = 0; ytmp = y; - for (j=0; j<2; j++) { + for (j = 0; j < 2; j++) { hstate.shiftreg = hstate.shiftreg | ((ytmp & 0xffff) << 48); - for (i=0; i<16; i++) { + for (i = 0; i < 16; i++) { hstate.shiftreg = hstate.shiftreg >> 1; bit = hitag2_crypt(hstate.shiftreg); b = (b >> 1) | (bit << 31); @@ -295,11 +289,11 @@ void *crack(void *d) qsort(Tk, count, sizeof(struct Tklower), Tk_cmp); // look for matches - for (kmiddle=0; kmiddle<0x40000; kmiddle++) { + for (kmiddle = 0; kmiddle < 0x40000; kmiddle++) { // loop over nRaR pairs badguess = 0; found = 0; - for (i=0; (i> 40) & 0xff) | ((revkey >> 24) & 0xff00) | ((revkey >> 8) & 0xff0000) | ((revkey << 8) & 0xff000000) | ((revkey << 24) & 0xff00000000) | ((revkey << 40) & 0xff0000000000); @@ -331,8 +325,7 @@ void *crack(void *d) return NULL; } -int main(int argc, char *argv[]) -{ +int main(int argc, char *argv[]) { FILE *fp; int i; pthread_t threads[NUM_THREADS]; @@ -389,20 +382,20 @@ int main(int argc, char *argv[]) while (getline(&buf, &lenbuf, fp) > 0) { buft1 = strchr(buf, ' '); if (!buft1) { - printf("invalid file input on line %d\n", numnrar + 1); + printf("invalid file input on line %u\n", numnrar + 1); exit(1); } *buft1 = 0x00; buft1++; buft2 = strchr(buft1, '\n'); if (!buft2) { - printf("no CR on line %d\n", numnrar + 1); + printf("no CR on line %u\n", numnrar + 1); exit(1); } *buft2 = 0x00; if (!strncmp(buf, "0x", 2)) { - TnRaR[numnrar].nR = rev32(hexreversetoulong(buf+2)); - TnRaR[numnrar].aR = rev32(hexreversetoulong(buft1+2)); + TnRaR[numnrar].nR = rev32(hexreversetoulong(buf + 2)); + TnRaR[numnrar].aR = rev32(hexreversetoulong(buft1 + 2)); } else { TnRaR[numnrar].nR = rev32(hexreversetoulong(buf)); TnRaR[numnrar].aR = rev32(hexreversetoulong(buft1)); @@ -414,7 +407,7 @@ int main(int argc, char *argv[]) fclose(fp); fp = NULL; - printf("Loaded %d NrAr pairs\n", numnrar); + printf("Loaded %u NrAr pairs\n", numnrar); // create table of thread data tdata = (struct threaddata *)malloc(sizeof(struct threaddata) * NUM_THREADS); @@ -423,7 +416,7 @@ int main(int argc, char *argv[]) exit(1); } - for (i=0; i> (C - 3)) & 8) ) -static uint32_t hitag2_crypt(uint64_t s) -{ +static uint32_t hitag2_crypt(uint64_t x) { const uint32_t ht2_function4a = 0x2C79; // 0010 1100 0111 1001 const uint32_t ht2_function4b = 0x6671; // 0110 0110 0111 0001 const uint32_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 0111 1011 uint32_t bitindex; - bitindex = (ht2_function4a >> pickbits2_2 (s, 1, 4)) & 1; - bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2 (s, 7, 11, 13)) & 0x02; - bitindex |= ((ht2_function4b << 2) >> pickbits1x4 (s, 16, 20, 22, 25)) & 0x04; - bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1 (s, 27, 30, 32)) & 0x08; - bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(s, 33, 42, 45)) & 0x10; + bitindex = (ht2_function4a >> pickbits2_2(x, 1, 4)) & 1; + bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2(x, 7, 11, 13)) & 0x02; + bitindex |= ((ht2_function4b << 2) >> pickbits1x4(x, 16, 20, 22, 25)) & 0x04; + bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1(x, 27, 30, 32)) & 0x08; + bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(x, 33, 42, 45)) & 0x10; DEBUG_PRINTF("hitag2_crypt bitindex = %02x\n", bitindex); return (ht2_function5c >> bitindex) & 1; @@ -253,13 +252,12 @@ static uint32_t hitag2_crypt(uint64_t s) * uint32_t serialnum - 32 bit tag serial number * uint32_t initvector - 32 bit random IV from reader, part of tag authentication */ -void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector) -{ +void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector) { // init state, from serial number and lowest 16 bits of shared key uint64_t state = ((sharedkey & 0xFFFF) << 32) | serialnum; // mix the initialisation vector and highest 32 bits of the shared key - initvector ^= (uint32_t) (sharedkey >> 16); + initvector ^= (uint32_t)(sharedkey >> 16); // move 16 bits from (IV xor Shared Key) to top of uint64_t state // these will be XORed in turn with output of the crypto function @@ -320,9 +318,9 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui // optimise with one 64-bit intermediate uint64_t temp = state ^ (state >> 1); pstate->lfsr = state ^ (state >> 6) ^ (state >> 16) - ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) - ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) - ^ (temp >> 42) ^ (temp >> 46); + ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) + ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) + ^ (temp >> 42) ^ (temp >> 46); } } @@ -338,8 +336,7 @@ void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, ui * Hitag_State* pstate - in/out, internal cipher state after initialisation * uint32_t steps - number of bits requested, (capped at 32) */ -uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps) -{ +uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps) { uint64_t state = pstate->shiftreg; uint32_t result = 0; uint64_t lfsr = pstate->lfsr; @@ -446,7 +443,7 @@ unsigned hitag2_verifytest() const uint64_t key = rev64 (0x524B494D4E4FUL); const uint32_t serial = rev32 (0x69574349); const uint32_t initvec = rev32 (0x72456E65); - + uint32_t i; Hitag_State state; @@ -469,11 +466,10 @@ unsigned hitag2_verifytest() #ifdef UNIT_TEST -int main(int argc, char* argv[]) -{ +int main(int argc, char *argv[]) { unsigned pass = hitag2_verifytest(); - printf ("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL"); + printf("Crypto Verify test = %s\n\n", pass ? "PASS" : "FAIL"); if (pass) { hitag2_benchtest(10000); diff --git a/tools/hitag2crack/crack4/hitagcrypto.h b/tools/hitag2crack/crack4/hitagcrypto.h index d5aa9104c..46d447370 100644 --- a/tools/hitag2crack/crack4/hitagcrypto.h +++ b/tools/hitag2crack/crack4/hitagcrypto.h @@ -159,9 +159,9 @@ typedef struct { uint64_t lfsr; // fast lfsr, used to make software faster } Hitag_State; -void hitag2_init(Hitag_State* pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector); +void hitag2_init(Hitag_State *pstate, uint64_t sharedkey, uint32_t serialnum, uint32_t initvector); -uint32_t hitag2_nstep(Hitag_State* pstate, uint32_t steps); +uint32_t hitag2_nstep(Hitag_State *pstate, uint32_t steps); unsigned int hitag2_benchtest_gen32(); unsigned int hitag2_benchtest(uint32_t count); diff --git a/tools/hitag2crack/crack4/ht2crack2utils.c b/tools/hitag2crack/crack4/ht2crack2utils.c index 2152f8ef3..75d4c27a9 100644 --- a/tools/hitag2crack/crack4/ht2crack2utils.c +++ b/tools/hitag2crack/crack4/ht2crack2utils.c @@ -1,13 +1,11 @@ #include "ht2crack2utils.h" // writes a value into a buffer as a series of bytes -void writebuf(unsigned char *buf, uint64_t val, unsigned int len) -{ +void writebuf(unsigned char *buf, uint64_t val, unsigned int len) { int i; char c; - for (i=len-1; i>=0; i--) - { + for (i = len - 1; i >= 0; i--) { c = val & 0xff; buf[i] = c; val = val >> 8; @@ -17,18 +15,17 @@ void writebuf(unsigned char *buf, uint64_t val, unsigned int len) /* simple hexdump for testing purposes */ -void shexdump(unsigned char *data, int data_len) -{ +void shexdump(unsigned char *data, int data_len) { int i; if (!data || (data_len <= 0)) { printf("shexdump: invalid parameters\n"); return; } - + printf("Hexdump from %p:\n", data); - for (i=0; i> 7); x = x << 1; } @@ -60,14 +56,13 @@ void printbin(unsigned char *c) } -void printbin2(uint64_t val, unsigned int size) -{ +void printbin2(uint64_t val, unsigned int size) { int i; uint64_t mask = 1; mask = mask << (size - 1); - for (i=0; ishiftreg, 48); printf("\n"); @@ -89,8 +83,7 @@ void printstate(Hitag_State *hstate) // convert hex char to binary -unsigned char hex2bin(unsigned char c) -{ +unsigned char hex2bin(unsigned char c) { if ((c >= '0') && (c <= '9')) { return (c - '0'); } else if ((c >= 'a') && (c <= 'f')) { @@ -103,8 +96,7 @@ unsigned char hex2bin(unsigned char c) } // return a single bit from a value -int bitn(uint64_t x, int bit) -{ +int bitn(uint64_t x, int bit) { uint64_t bitmask = 1; bitmask = bitmask << bit; @@ -118,20 +110,18 @@ int bitn(uint64_t x, int bit) // the sub-function R that rollback depends upon -int fnR(uint64_t x) -{ +int fnR(uint64_t x) { // renumbered bits because my state is 0-47, not 1-48 return (bitn(x, 1) ^ bitn(x, 2) ^ bitn(x, 5) ^ bitn(x, 6) ^ bitn(x, 7) ^ - bitn(x, 15) ^ bitn(x, 21) ^ bitn(x, 22) ^ bitn(x, 25) ^ bitn(x, 29) ^ bitn(x, 40) ^ - bitn(x, 41) ^ bitn(x, 42) ^ bitn(x, 45) ^ bitn(x, 46) ^ bitn(x, 47)); + bitn(x, 15) ^ bitn(x, 21) ^ bitn(x, 22) ^ bitn(x, 25) ^ bitn(x, 29) ^ bitn(x, 40) ^ + bitn(x, 41) ^ bitn(x, 42) ^ bitn(x, 45) ^ bitn(x, 46) ^ bitn(x, 47)); } // the rollback function that lets us go backwards in time -void rollback(Hitag_State *hstate, unsigned int steps) -{ +void rollback(Hitag_State *hstate, unsigned int steps) { int i; - for (i=0; ishiftreg = ((hstate->shiftreg << 1) & 0xffffffffffff) | fnR(hstate->shiftreg); } @@ -139,24 +129,20 @@ void rollback(Hitag_State *hstate, unsigned int steps) // the three filter sub-functions that feed fnf -int fa(unsigned int i) -{ +int fa(unsigned int i) { return bitn(0x2C79, i); } -int fb(unsigned int i) -{ +int fb(unsigned int i) { return bitn(0x6671, i); } -int fc(unsigned int i) -{ +int fc(unsigned int i) { return bitn(0x7907287B, i); } // the filter function that generates a bit of output from the prng state -int fnf(uint64_t s) -{ +int fnf(uint64_t s) { unsigned int x1, x2, x3, x4, x5, x6; x1 = (bitn(s, 2) << 0) | (bitn(s, 3) << 1) | (bitn(s, 5) << 2) | (bitn(s, 6) << 3); @@ -171,16 +157,15 @@ int fnf(uint64_t s) } // builds the lfsr for the prng (quick calcs for hitag2_nstep()) -void buildlfsr(Hitag_State *hstate) -{ +void buildlfsr(Hitag_State *hstate) { uint64_t state = hstate->shiftreg; uint64_t temp; temp = state ^ (state >> 1); hstate->lfsr = state ^ (state >> 6) ^ (state >> 16) - ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) - ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) - ^ (temp >> 42) ^ (temp >> 46); + ^ (state >> 26) ^ (state >> 30) ^ (state >> 41) + ^ (temp >> 2) ^ (temp >> 7) ^ (temp >> 22) + ^ (temp >> 42) ^ (temp >> 46); } diff --git a/tools/hitag2crack/crack4/ht2crack4.c b/tools/hitag2crack/crack4/ht2crack4.c index da439692f..54e23d550 100644 --- a/tools/hitag2crack/crack4/ht2crack4.c +++ b/tools/hitag2crack/crack4/ht2crack4.c @@ -93,8 +93,7 @@ uint64_t uid; int maxtablesize = 800000; uint64_t supplied_testkey = 0; -void usage() -{ +void usage() { printf("ht2crack4 - K Sheldrake, based on the work of Garcia et al\n\n"); printf("Cracks a HiTag2 key using a small number (4 to 16) of encrypted\n"); printf("nonce and challenge response pairs, using a fast correlation\n"); @@ -130,46 +129,44 @@ const uint64_t ht2_function5c = 0x7907287B; // 0111 1001 0000 0111 0010 1000 011 * a known least-sig pattern. first index is num bits in known part, second is the * bit pattern of the known part. */ double pfna[][8] = { -{0.50000, 0.50000, }, -{0.50000, 0.50000, 0.50000, 0.50000, }, -{0.50000, 0.00000, 0.50000, 1.00000, 0.50000, 1.00000, 0.50000, 0.00000, }, + {0.50000, 0.50000, }, + {0.50000, 0.50000, 0.50000, 0.50000, }, + {0.50000, 0.00000, 0.50000, 1.00000, 0.50000, 1.00000, 0.50000, 0.00000, }, }; double pfnb[][8] = { -{0.62500, 0.37500, }, -{0.50000, 0.75000, 0.75000, 0.00000, }, -{0.50000, 0.50000, 0.50000, 0.00000, 0.50000, 1.00000, 1.00000, 0.00000, }, + {0.62500, 0.37500, }, + {0.50000, 0.75000, 0.75000, 0.00000, }, + {0.50000, 0.50000, 0.50000, 0.00000, 0.50000, 1.00000, 1.00000, 0.00000, }, }; double pfnc[][16] = { -{0.50000, 0.50000, }, -{0.62500, 0.62500, 0.37500, 0.37500, }, -{0.75000, 0.50000, 0.25000, 0.75000, 0.50000, 0.75000, 0.50000, 0.00000, }, -{1.00000, 1.00000, 0.50000, 0.50000, 0.50000, 0.50000, 0.50000, 0.00000, 0.50000, 0.00000, 0.00000, 1.00000, 0.50000, 1.00000, 0.50000, 0.00000, }, + {0.50000, 0.50000, }, + {0.62500, 0.62500, 0.37500, 0.37500, }, + {0.75000, 0.50000, 0.25000, 0.75000, 0.50000, 0.75000, 0.50000, 0.00000, }, + {1.00000, 1.00000, 0.50000, 0.50000, 0.50000, 0.50000, 0.50000, 0.00000, 0.50000, 0.00000, 0.00000, 1.00000, 0.50000, 1.00000, 0.50000, 0.00000, }, }; /* hitag2_crypt works on the post-shifted form of the lfsr; this is the ref in rfidler code */ -static uint32_t hitag2_crypt(uint64_t s) -{ +static uint32_t hitag2_crypt(uint64_t s) { uint32_t bitindex; - bitindex = (ht2_function4a >> pickbits2_2 (s, 1, 4)) & 1; - bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2 (s, 7, 11, 13)) & 0x02; - bitindex |= ((ht2_function4b << 2) >> pickbits1x4 (s, 16, 20, 22, 25)) & 0x04; - bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1 (s, 27, 30, 32)) & 0x08; + bitindex = (ht2_function4a >> pickbits2_2(s, 1, 4)) & 1; + bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2(s, 7, 11, 13)) & 0x02; + bitindex |= ((ht2_function4b << 2) >> pickbits1x4(s, 16, 20, 22, 25)) & 0x04; + bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1(s, 27, 30, 32)) & 0x08; bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(s, 33, 42, 45)) & 0x10; return (ht2_function5c >> bitindex) & 1; } /* ht2crypt works on the pre-shifted form of the lfsr; this is the ref in the paper */ -uint64_t ht2crypt(uint64_t s) -{ +uint64_t ht2crypt(uint64_t s) { uint64_t bitindex; - bitindex = (ht2_function4a >> pickbits2_2 (s, 2, 5)) & 1; - bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2 (s, 8, 12, 14)) & 0x02; - bitindex |= ((ht2_function4b << 2) >> pickbits1x4 (s, 17, 21, 23, 26)) & 0x04; - bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1 (s, 28, 31, 33)) & 0x08; + bitindex = (ht2_function4a >> pickbits2_2(s, 2, 5)) & 1; + bitindex |= ((ht2_function4b << 1) >> pickbits1_1_2(s, 8, 12, 14)) & 0x02; + bitindex |= ((ht2_function4b << 2) >> pickbits1x4(s, 17, 21, 23, 26)) & 0x04; + bitindex |= ((ht2_function4b << 3) >> pickbits2_1_1(s, 28, 31, 33)) & 0x08; bitindex |= ((ht2_function4a << 4) >> pickbits1_2_1(s, 34, 43, 46)) & 0x10; return (ht2_function5c >> bitindex) & 1; @@ -177,11 +174,10 @@ uint64_t ht2crypt(uint64_t s) /* fnL is the feedback function for the reference code */ -uint64_t fnL(uint64_t x) -{ +uint64_t fnL(uint64_t x) { return (bitn(x, 0) ^ bitn(x, 2) ^ bitn(x, 3) ^ bitn(x, 6) ^ bitn(x, 7) ^ bitn(x, 8) ^ - bitn(x, 16) ^ bitn(x, 22) ^ bitn(x, 23) ^ bitn(x, 26) ^ bitn(x, 30) ^ bitn(x, 41) ^ - bitn(x, 42) ^ bitn(x, 43) ^ bitn(x, 46) ^ bitn(x, 47)); + bitn(x, 16) ^ bitn(x, 22) ^ bitn(x, 23) ^ bitn(x, 26) ^ bitn(x, 30) ^ bitn(x, 41) ^ + bitn(x, 42) ^ bitn(x, 43) ^ bitn(x, 46) ^ bitn(x, 47)); } @@ -189,18 +185,18 @@ uint64_t fnL(uint64_t x) * the number of relevant bits. * e.g. if there are 16 confirmed bits in a state, then packed_size[16] = 8 relevant bits. * this is for pre-shifted lfsr */ -unsigned int packed_size[] = { 0, 0, 0, 1, 2, 2, 3, 4, 4, 5, 5, 5, 5, 6, 6, 7, 8, +unsigned int packed_size[] = { 0, 0, 0, 1, 2, 2, 3, 4, 4, 5, 5, 5, 5, 6, 6, 7, 8, 8, 9, 9, 9, 9, 10, 10, 11, 11, 11, 12, 12, 13, 14, 14, 15, - 15, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 18, 19, 19, 20, 20 }; + 15, 16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 18, 19, 19, 20, 20 + }; /* f20 is the same as hitag2_crypt except it works on the packed version * of the state where all 20 relevant bits are squashed together */ -uint64_t f20(uint64_t y) -{ +uint64_t f20(uint64_t y) { uint64_t bitindex; - bitindex = (ht2_function4a >> (y & 0xf)) & 1; + bitindex = (ht2_function4a >> (y & 0xf)) & 1; bitindex |= ((ht2_function4b << 1) >> ((y >> 4) & 0xf)) & 0x02; bitindex |= ((ht2_function4b << 2) >> ((y >> 8) & 0xf)) & 0x04; bitindex |= ((ht2_function4b << 3) >> ((y >> 12) & 0xf)) & 0x08; @@ -211,14 +207,13 @@ uint64_t f20(uint64_t y) /* packstate packs the relevant bits from LFSR state into 20 bits for pre-shifted lfsr */ -uint64_t packstate(uint64_t s) -{ +uint64_t packstate(uint64_t s) { uint64_t packed; - packed = pickbits2_2 (s, 2, 5); - packed |= (pickbits1_1_2 (s, 8, 12, 14) << 4); - packed |= (pickbits1x4 (s, 17, 21, 23, 26) << 8); - packed |= (pickbits2_1_1 (s, 28, 31, 33) << 12); + packed = pickbits2_2(s, 2, 5); + packed |= (pickbits1_1_2(s, 8, 12, 14) << 4); + packed |= (pickbits1x4(s, 17, 21, 23, 26) << 8); + packed |= (pickbits2_1_1(s, 28, 31, 33) << 12); packed |= (pickbits1_2_1(s, 34, 43, 46) << 16); return packed; @@ -226,8 +221,7 @@ uint64_t packstate(uint64_t s) /* create_guess_table mallocs the tables */ -void create_guess_table() -{ +void create_guess_table() { guesses = (struct guess *)malloc(sizeof(struct guess) * maxtablesize); if (!guesses) { printf("cannot malloc guess table\n"); @@ -238,8 +232,7 @@ void create_guess_table() /* init the guess table by reading in the encrypted nR,aR values and * setting the first 2^16 key guesses */ -void init_guess_table(char *filename, char *uidstr) -{ +void init_guess_table(char *filename, char *uidstr) { unsigned int i, j; FILE *fp; char *buf = NULL; @@ -277,20 +270,20 @@ void init_guess_table(char *filename, char *uidstr) while ((getline(&buf, &lenbuf, fp) > 0) && (num_nRaR < MAX_NONCES)) { buft1 = strchr(buf, ' '); if (!buft1) { - printf("invalid file input on line %d\n", num_nRaR + 1); + printf("invalid file input on line %u\n", num_nRaR + 1); exit(1); } *buft1 = 0x00; buft1++; buft2 = strchr(buft1, '\n'); if (!buft2) { - printf("no CR on line %d\n", num_nRaR + 1); + printf("no CR on line %u\n", num_nRaR + 1); exit(1); } *buft2 = 0x00; if (!strncmp(buf, "0x", 2)) { - nonces[num_nRaR].enc_nR = rev32(hexreversetoulong(buf+2)); - nonces[num_nRaR].ks = rev32(hexreversetoulong(buft1+2)) ^ 0xffffffff; + nonces[num_nRaR].enc_nR = rev32(hexreversetoulong(buf + 2)); + nonces[num_nRaR].ks = rev32(hexreversetoulong(buft1 + 2)) ^ 0xffffffff; } else { nonces[num_nRaR].enc_nR = rev32(hexreversetoulong(buf)); nonces[num_nRaR].ks = rev32(hexreversetoulong(buft1)) ^ 0xffffffff; @@ -301,14 +294,14 @@ void init_guess_table(char *filename, char *uidstr) fclose(fp); fp = NULL; - fprintf(stderr, "Loaded %d nRaR pairs\n", num_nRaR); + fprintf(stderr, "Loaded %u nRaR pairs\n", num_nRaR); - // set key and copy in enc_nR and ks values + // set key and copy in enc_nR and ks values // set score to -1.0 to distinguish them from 0 scores - for (i=0; i<65536; i++) { + for (i = 0; i < 65536; i++) { guesses[i].key = i; guesses[i].score = -1.0; - for (j=0; j> (packed & 0xf)) & 1; + fncinput = (ht2_function4a >> (packed & 0xf)) & 1; fncinput |= ((ht2_function4b << 1) >> ((packed >> 4) & 0xf)) & 0x02; fncinput |= ((ht2_function4b << 2) >> ((packed >> 8) & 0xf)) & 0x04; fncinput |= ((ht2_function4b << 3) >> ((packed >> 12) & 0xf)) & 0x08; @@ -404,8 +396,7 @@ double bit_score(uint64_t s, uint64_t size, uint64_t b) * bit_scores together until no bits remain. bit_scores are * multiplied by the number of relevant bits in the scored state * to give weight to more complete states. */ -double score(uint64_t s, unsigned int size, uint64_t ks, unsigned int kssize) -{ +double score(uint64_t s, unsigned int size, uint64_t ks, unsigned int kssize) { double sc, sc2; if ((size == 1) || (kssize == 1)) { @@ -436,8 +427,7 @@ double score(uint64_t s, unsigned int size, uint64_t ks, unsigned int kssize) /* score_traces runs score for each encrypted nonce */ -void score_traces(struct guess *g, unsigned int size) -{ +void score_traces(struct guess *g, unsigned int size) { uint64_t lfsr; unsigned int i; double sc; @@ -448,13 +438,13 @@ void score_traces(struct guess *g, unsigned int size) return; } - for (i=0; i> (size - 16)) | ((g->key << (48 - size)) ^ - ((nonces[i].enc_nR ^ g->b0to31[i]) << (64 - size))); + ((nonces[i].enc_nR ^ g->b0to31[i]) << (64 - size))); g->b0to31[i] = g->b0to31[i] | (ht2crypt(lfsr) << (size - 16)); // create lfsr - lower 16 bits are lower 16 bits of key @@ -491,12 +481,11 @@ void score_all_traces(unsigned int size) */ /* score_some_traces runs score_traces for every key guess in a section of the table */ -void *score_some_traces(void *data) -{ +void *score_some_traces(void *data) { unsigned int i; struct thread_data *tdata = (struct thread_data *)data; - for (i=tdata->start; iend; i++) { + for (i = tdata->start; i < tdata->end; i++) { score_traces(&(guesses[i]), tdata->size); } @@ -505,8 +494,7 @@ void *score_some_traces(void *data) /* score_all_traces runs score_traces for every key guess in the table */ -void score_all_traces(unsigned int size) -{ +void score_all_traces(unsigned int size) { pthread_t threads[NUM_THREADS]; void *status; struct thread_data tdata[NUM_THREADS]; @@ -516,9 +504,9 @@ void score_all_traces(unsigned int size) chunk_size = num_guesses / NUM_THREADS; // create thread data - for (i=0; i> 40) & 0xff) | ((revkey >> 24) & 0xff00) | ((revkey >> 8) & 0xff0000) | ((revkey << 8) & 0xff000000) | ((revkey << 24) & 0xff00000000) | ((revkey << 40) & 0xff0000000000); - fprintf(stderr, " guess=%012" PRIx64 ", num_guesses = %d, top score=%1.10f, min score=%1.10f\n", foundkey, num_guesses, guesses[0].score, guesses[num_guesses - 1].score); + fprintf(stderr, " guess=%012" PRIx64 ", num_guesses = %u, top score=%1.10f, min score=%1.10f\n", foundkey, num_guesses, guesses[0].score, guesses[num_guesses - 1].score); } } /* test function to make sure I know how the LFSR works */ -void testkey(uint64_t key) -{ +void testkey(uint64_t key) { uint64_t i; uint64_t b0to31 = 0; uint64_t ks = 0; @@ -663,7 +645,7 @@ void testkey(uint64_t key) printf("after init with key, uid, nR:\n"); printstate(&hstate); b0to31 = 0; - for (i=0; i<32; i++) { + for (i = 0; i < 32; i++) { b0to31 = (b0to31 >> 1) | (hitag2_nstep(&hstate, 1) << 31); } printf("ks = 0x%08" PRIx64 ", enc_aR = 0x%08" PRIx64 ", aR = 0x%08" PRIx64 "\n", b0to31, nonces[0].ks ^ 0xffffffff, nonces[0].ks ^ 0xffffffff ^ b0to31); @@ -679,7 +661,7 @@ void testkey(uint64_t key) // xor upper part of key with encrypted nonce nRxorkey = nonces[0].enc_nR ^ (key >> 16); // insert keyupper xor encrypted nonce xor ks - for (i=0; i<32; i++) { + for (i = 0; i < 32; i++) { // store ks - when done, the first ks bit will be bit 0 and the last will be bit 31 b0to31 = (b0to31 >> 1) | (ht2crypt(lfsr) << 31); // insert new bit @@ -693,7 +675,7 @@ void testkey(uint64_t key) printf("\n"); // iterate lfsr with fnL, extracting ks - for (i=0; i<32; i++) { + for (i = 0; i < 32; i++) { // store ks - when done, the first ks bit will be bit 0 and the last will be bit 31 ks = (ks >> 1) | (ht2crypt(lfsr) << 31); // insert new bit @@ -710,38 +692,37 @@ void testkey(uint64_t key) /* test function to generate test data */ -void gen_bitstreams_testks(struct guess *g, uint64_t key) -{ - unsigned int i, j; - uint64_t nRxorkey, lfsr, ks; +void gen_bitstreams_testks(struct guess *g, uint64_t key) { + unsigned int i, j; + uint64_t nRxorkey, lfsr, ks; - for (j=0; jb0to31[j] = 0; - // xor upper part of key with encrypted nonce - nRxorkey = nonces[j].enc_nR ^ (key >> 16); - // insert keyupper xor encrypted nonce xor ks - for (i=0; i<32; i++) { - // store ks - when done, the first ks bit will be bit 0 and the last will be bit 31 - g->b0to31[j] = (g->b0to31[j] >> 1) | (ht2crypt(lfsr) << 31); - // insert new bit - lfsr = lfsr | ((((nRxorkey >> i) & 0x1) ^ ((g->b0to31[j] >> 31) & 0x1)) << 48); - // shift lfsr - lfsr = lfsr >> 1; - } + // build initial lfsr + lfsr = uid | ((key & 0xffff) << 32); + g->b0to31[j] = 0; + // xor upper part of key with encrypted nonce + nRxorkey = nonces[j].enc_nR ^ (key >> 16); + // insert keyupper xor encrypted nonce xor ks + for (i = 0; i < 32; i++) { + // store ks - when done, the first ks bit will be bit 0 and the last will be bit 31 + g->b0to31[j] = (g->b0to31[j] >> 1) | (ht2crypt(lfsr) << 31); + // insert new bit + lfsr = lfsr | ((((nRxorkey >> i) & 0x1) ^ ((g->b0to31[j] >> 31) & 0x1)) << 48); + // shift lfsr + lfsr = lfsr >> 1; + } ks = 0; - // iterate lfsr with fnL, extracting ks - for (i=0; i<32; i++) { - // store ks - when done, the first ks bit will be bit 0 and the last will be bit 31 - ks = (ks >> 1) | (ht2crypt(lfsr) << 31); - // insert new bit - lfsr = lfsr | (fnL(lfsr) << 48); - // shift lfsr - lfsr = lfsr >> 1; - } + // iterate lfsr with fnL, extracting ks + for (i = 0; i < 32; i++) { + // store ks - when done, the first ks bit will be bit 0 and the last will be bit 31 + ks = (ks >> 1) | (ht2crypt(lfsr) << 31); + // insert new bit + lfsr = lfsr | (fnL(lfsr) << 48); + // shift lfsr + lfsr = lfsr >> 1; + } printf("orig ks = 0x%08" PRIx64 ", gen ks = 0x%08" PRIx64 ", b0to31 = 0x%08" PRIx64 "\n", nonces[j].ks, ks, g->b0to31[j]); if (nonces[j].ks != ks) { @@ -752,20 +733,19 @@ void gen_bitstreams_testks(struct guess *g, uint64_t key) /* test function */ -void test() -{ +void test() { uint64_t lfsr; uint64_t packed; uint64_t i; - for (i=0; i<1000; i++) { + for (i = 0; i < 1000; i++) { lfsr = ((uint64_t)rand() << 32) | rand(); packed = packstate(lfsr); if (hitag2_crypt(lfsr) != f20(packed)) { - printf(" * * * FAIL: %3" PRIu64 ": 0x%012" PRIx64 " = %d, 0x%012" PRIx64 " = 0x%05" PRIx64 "\n", i, lfsr, hitag2_crypt(lfsr), packed, f20(packed)); + printf(" * * * FAIL: %3" PRIu64 ": 0x%012" PRIx64 " = %u, 0x%012" PRIx64 " = 0x%05" PRIx64 "\n", i, lfsr, hitag2_crypt(lfsr), packed, f20(packed)); } } @@ -774,15 +754,14 @@ void test() /* check_key tests the potential key against an encrypted nonce, ks pair */ -int check_key(uint64_t key, uint64_t enc_nR, uint64_t ks) -{ +int check_key(uint64_t key, uint64_t enc_nR, uint64_t ks) { Hitag_State hstate; uint64_t bits; int i; hitag2_init(&hstate, key, uid, enc_nR); bits = 0; - for (i=0; i<32; i++) { + for (i = 0; i < 32; i++) { bits = (bits >> 1) | (hitag2_nstep(&hstate, 1) << 31); } if (ks == bits) { @@ -794,8 +773,7 @@ int check_key(uint64_t key, uint64_t enc_nR, uint64_t ks) /* start up */ -int main(int argc, char *argv[]) -{ +int main(int argc, char *argv[]) { unsigned int i; uint64_t revkey; uint64_t foundkey; @@ -808,7 +786,7 @@ int main(int argc, char *argv[]) // exit(0); while ((c = getopt(argc, argv, "u:n:N:t:T:h")) != -1) { - switch(c) { + switch (c) { case 'u': uidstr = optarg; break; @@ -843,12 +821,12 @@ int main(int argc, char *argv[]) if ((tot_nRaR > 0) && (tot_nRaR <= num_nRaR)) { num_nRaR = tot_nRaR; } - fprintf(stderr, "Using %d nRaR pairs\n", num_nRaR); + fprintf(stderr, "Using %u nRaR pairs\n", num_nRaR); crack(); // test all key guesses and stop if one works - for (i=0; i, 2011 # pm3_eml2lower.sh diff --git a/tools/pm3_eml2mfd.py b/tools/pm3_eml2mfd.py index 86c6df301..0a12f4788 100755 --- a/tools/pm3_eml2mfd.py +++ b/tools/pm3_eml2mfd.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 ''' # Andrei Costin , 2011 @@ -6,20 +6,20 @@ # Converts PM3 Mifare Classic emulator EML text file to MFD binary dump file ''' -from __future__ import with_statement + import sys import binascii def main(argv): argc = len(argv) if argc < 3: - print 'Usage:', argv[0], 'input.eml output.mfd' + print('Usage:', argv[0], 'input.eml output.mfd') sys.exit(1) - with file(argv[1], "r") as file_inp, file(argv[2], "wb") as file_out: + with open(argv[1], "r") as file_inp, open(argv[2], "wb") as file_out: for line in file_inp: line = line.rstrip('\n').rstrip('\r') - print line + print(line) data = binascii.unhexlify(line) file_out.write(data) diff --git a/tools/pm3_eml2upper.sh b/tools/pm3_eml2upper.sh index 73b8646b7..bac3237cc 100755 --- a/tools/pm3_eml2upper.sh +++ b/tools/pm3_eml2upper.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Andrei Costin , 2011 # pm3_eml2upper.sh diff --git a/tools/pm3_eml_mfd_test.py b/tools/pm3_eml_mfd_test.py index 171bad843..c08f0f9a1 100755 --- a/tools/pm3_eml_mfd_test.py +++ b/tools/pm3_eml_mfd_test.py @@ -1,9 +1,9 @@ -#!/usr/bin/python +#!/usr/bin/env python3 + -from __future__ import with_statement from tempfile import mkdtemp from shutil import rmtree -from itertools import imap + from string import hexdigits import unittest, os import pm3_eml2mfd, pm3_mfd2eml @@ -24,18 +24,18 @@ class TestEmlMfd(unittest.TestCase): def test_mfd2eml(self): self.three_argument_test(pm3_mfd2eml.main, - imap(reversed, self.EML2MFD_TESTCASES), c14n=hex_c14n) + map(reversed, self.EML2MFD_TESTCASES), c14n=hex_c14n) def three_argument_test(self, operation, cases, c14n=str): for case_input, case_output in cases: try: inp_name = os.path.join(self.tmpdir, 'input') out_name = os.path.join(self.tmpdir, 'output') - with file(inp_name, 'wb') as in_file: + with open(inp_name, 'w') as in_file: in_file.write(case_input) operation(['', inp_name, out_name]) - with file(out_name, 'rb') as out_file: - self.assertEquals(c14n(case_output), c14n(out_file.read())) + with open(out_name, 'r') as out_file: + self.assertEqual(c14n(case_output), c14n(out_file.read())) finally: for file_name in inp_name, out_name: if os.path.exists(file_name): diff --git a/tools/pm3_mfd2eml.py b/tools/pm3_mfd2eml.py index 44d60e7d6..52d858df0 100755 --- a/tools/pm3_mfd2eml.py +++ b/tools/pm3_mfd2eml.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 ''' # Andrei Costin , 2011 @@ -6,24 +6,23 @@ # Converts PM3 Mifare Classic MFD binary dump file to emulator EML text file ''' -from __future__ import with_statement + import sys -import binascii READ_BLOCKSIZE = 16 def main(argv): argc = len(argv) if argc < 3: - print 'Usage:', argv[0], 'input.mfd output.eml' + print('Usage:', argv[0], 'input.mfd output.eml') sys.exit(1) - with file(argv[1], "rb") as file_inp, file(argv[2], "w") as file_out: + with open(argv[1], "rb") as file_inp, open(argv[2], "w") as file_out: while True: byte_s = file_inp.read(READ_BLOCKSIZE) if not byte_s: break - hex_char_repr = binascii.hexlify(byte_s) + hex_char_repr = byte_s.hex() file_out.write(hex_char_repr) file_out.write("\n") diff --git a/tools/pm3_mfdread.py b/tools/pm3_mfdread.py index 4172f1812..7e92ea19a 100755 --- a/tools/pm3_mfdread.py +++ b/tools/pm3_mfdread.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # -*- coding: utf-8 -*- # mfdread.py - Mifare dumps parser in human readable format @@ -18,8 +18,11 @@ import copy import sys from collections import defaultdict -from bitstring import BitArray - +try: + from bitstring import BitArray +except ModuleNotFoundError: + print("Please install bitstring module first.") + sys.exit(1) class Options: FORCE_1K = False @@ -28,7 +31,7 @@ class Options: if len(sys.argv) == 1: sys.exit(''' ------------------ -Usage: mfdread.py ./dump.mfd +Usage: pm3_mfdread.py ./dump.mfd Mifare dumps reader. ''') diff --git a/tools/rfidtest.pl b/tools/rfidtest.pl index 304f59454..861f2a20a 100644 --- a/tools/rfidtest.pl +++ b/tools/rfidtest.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # -samy kamkar, rfid@samy.pl use strict; diff --git a/tools/xorcheck.py b/tools/xorcheck.py index 091998a31..205e41ccb 100755 --- a/tools/xorcheck.py +++ b/tools/xorcheck.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 # xorcheck.py - find xor values for 8-bit LRC # @@ -24,22 +24,21 @@ import sys import os if(len(sys.argv) < 3): - print - print '\t'+sys.argv[0] + ' - Generate final byte for XOR LRC' - print - print 'Usage: ' + sys.argv[0] + ' ... ' - print - print '\tSpecifying the bytes of a UID with a known LRC will find the last byte value' - print '\tneeded to generate that LRC with a rolling XOR. All bytes should be specified in HEX.' - print - print 'Example:' - print - print '\txorcheck.py 04 00 80 64 ba' - print - print 'Should produce the output:' - print - print '\tTarget (BA) requires final LRC XOR byte value: 5A' - print + print(""" +\t{0} - Generate final byte for XOR LRC + +Usage: {0} ... + +\tSpecifying the bytes of a UID with a known LRC will find the last byte value +\tneeded to generate that LRC with a rolling XOR. All bytes should be specified in HEX. + +Example: + +\t{0} 04 00 80 64 ba + +Should produce the output: + +\tTarget (BA) requires final LRC XOR byte value: 5A\n""".format(sys.argv[0])) os._exit(True) target= int(sys.argv[len(sys.argv) - 1],16) @@ -47,6 +46,4 @@ target= int(sys.argv[len(sys.argv) - 1],16) lrc= 0x00 for i in range(len(sys.argv) - 1): lrc ^= int(sys.argv[i + 1],16) -print -print 'Target (%02X) requires final LRC XOR byte value: %02X' % (target,lrc) -print +print('\nTarget (%02X) requires final LRC XOR byte value: %02X\n' % (target,lrc))