dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/Proxmark/proxmark3

Browse Source 
Conflicts:
	armsrc/lfops.c
	client/cmddata.c
	client/cmdlf.c
	client/cmdlft55xx.c
	client/cmdlft55xx.h
	client/scripts/test_t55x7_bi.lua
This commit is contained in:
iceman1001
2015-03-24 11:45:31 +01:00
parent 754a35e72b 90a8b82fb4
commit 0ec548dc21
30 changed files with 1261 additions and 806 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
client/Makefile
View File

@@ -94,6 +94,8 @@ CMDSRCS = nonce2key/crapto1.c\
cmdhficlass.c \
cmdhfmf.c \
cmdhfmfu.c \
cmdhfmfdes.c \
cmdhftopaz.c \
cmdhw.c \
cmdlf.c \
cmdlfio.c \

416
client/cmddata.c
View File

@@ -35,10 +35,10 @@ void setDemodBuf(uint8_t *buff, size_t size, size_t startIdx)
{
if (buff == NULL)
return;
if ( size >= MAX_DEMOD_BUF_LEN)
size = MAX_DEMOD_BUF_LEN;
size_t i = 0;
for (; i < size; i++){
DemodBuffer[i]=buff[startIdx++];
@@ -283,87 +283,103 @@ void printEM410x(uint32_t hi, uint64_t id)
PrintAndLog("EM TAG ID : %06x%016llx", hi, id);
} else{
//output 40 bit em id
PrintAndLog("EM TAG ID : %010llx", id);
PrintAndLog("Unique TAG ID: %010llx", id2lo);
PrintAndLog("");
PrintAndLog("Possible de-scramble patterns");
PrintAndLog("HoneyWell IdentKey");
PrintAndLog("DEZ 8 : %08lld",id & 0xFFFFFF);
PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFFFF);
PrintAndLog("DEZ 5.5 : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF));
PrintAndLog("DEZ 3.5A : %03lld.%05lld",(id>>32ll),(id & 0xFFFF));
PrintAndLog("DEZ 3.5B : %03lld.%05lld",(id & 0xFF000000) >> 24,(id & 0xFFFF));
PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF));
PrintAndLog("DEZ 14/IK2 : %014lld",id);
PrintAndLog("DEZ 15/IK3 : %015lld",id2lo);
PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld",
(id2lo & 0xf000000000) >> 36,
(id2lo & 0x0f00000000) >> 32,
(id2lo & 0x00f0000000) >> 28,
(id2lo & 0x000f000000) >> 24,
(id2lo & 0x0000f00000) >> 20,
(id2lo & 0x00000f0000) >> 16,
(id2lo & 0x000000f000) >> 12,
(id2lo & 0x0000000f00) >> 8,
(id2lo & 0x00000000f0) >> 4,
(id2lo & 0x000000000f)
);
PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("");
uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00;
PrintAndLog("Pattern Paxton : %lld (hex %08llX)", paxton, paxton);
PrintAndLog("EM TAG ID : %010llx", id);
PrintAndLog("Unique TAG ID: %010llx", id2lo);
PrintAndLog("");
PrintAndLog("Possible de-scramble patterns");
PrintAndLog("HoneyWell IdentKey");
PrintAndLog("DEZ 8 : %08lld",id & 0xFFFFFF);
PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFFFF);
PrintAndLog("DEZ 5.5 : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF));
PrintAndLog("DEZ 3.5A : %03lld.%05lld",(id>>32ll),(id & 0xFFFF));
PrintAndLog("DEZ 3.5B : %03lld.%05lld",(id & 0xFF000000) >> 24,(id & 0xFFFF));
PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF));
PrintAndLog("DEZ 14/IK2 : %014lld",id);
PrintAndLog("DEZ 15/IK3 : %015lld",id2lo);
PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld",
(id2lo & 0xf000000000) >> 36,
(id2lo & 0x0f00000000) >> 32,
(id2lo & 0x00f0000000) >> 28,
(id2lo & 0x000f000000) >> 24,
(id2lo & 0x0000f00000) >> 20,
(id2lo & 0x00000f0000) >> 16,
(id2lo & 0x000000f000) >> 12,
(id2lo & 0x0000000f00) >> 8,
(id2lo & 0x00000000f0) >> 4,
(id2lo & 0x000000000f)
);
uint32_t p1id = (id & 0xFFFFFF);
uint8_t arr[32] = {0x00};
int i =0;
int j = 23;
for (; i < 24; ++i, --j ){
arr[i] = (p1id >> i) & 1;
}
PrintAndLog("");
uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00;
PrintAndLog("Pattern Paxton : %0d", paxton);
uint32_t p1 = 0;
uint32_t p1id = (id & 0xFFFFFF);
uint8_t arr[32] = {0x00};
int i =0;
int j = 23;
for (; i < 24; ++i, --j ){
arr[i] = (p1id >> i) & 1;
}
p1 |= arr[23] << 21;
p1 |= arr[22] << 23;
p1 |= arr[21] << 20;
p1 |= arr[20] << 22;
p1 |= arr[19] << 18;
p1 |= arr[18] << 16;
p1 |= arr[17] << 19;
p1 |= arr[16] << 17;
p1 |= arr[15] << 13;
p1 |= arr[14] << 15;
p1 |= arr[13] << 12;
p1 |= arr[12] << 14;
uint32_t p1 = 0;
p1 |= arr[11] << 6;
p1 |= arr[10] << 2;
p1 |= arr[9] << 7;
p1 |= arr[8] << 1;
p1 |= arr[7] << 0;
p1 |= arr[6] << 8;
p1 |= arr[5] << 11;
p1 |= arr[4] << 3;
p1 |= arr[3] << 10;
p1 |= arr[2] << 4;
p1 |= arr[1] << 5;
p1 |= arr[0] << 9;
PrintAndLog("Pattern 1 : %d (hex %X)", p1, p1);
p1 |= arr[23] << 21;
p1 |= arr[22] << 23;
p1 |= arr[21] << 20;
p1 |= arr[20] << 22;
p1 |= arr[19] << 18;
p1 |= arr[18] << 16;
p1 |= arr[17] << 19;
p1 |= arr[16] << 17;
p1 |= arr[15] << 13;
p1 |= arr[14] << 15;
p1 |= arr[13] << 12;
p1 |= arr[12] << 14;
uint16_t sebury1 = id & 0xFFFF;
uint8_t sebury2 = (id >> 16) & 0x7F;
uint32_t sebury3 = id & 0x7FFFFF;
PrintAndLog("Pattern Sebury : %010d %03d %d (hex: %X %X %X)", sebury3, sebury2, sebury1, sebury3, sebury2, sebury1);
}
p1 |= arr[11] << 6;
p1 |= arr[10] << 2;
p1 |= arr[9] << 7;
p1 |= arr[8] << 1;
p1 |= arr[7] << 0;
p1 |= arr[6] << 8;
p1 |= arr[5] << 11;
p1 |= arr[4] << 3;
p1 |= arr[3] << 10;
p1 |= arr[2] << 4;
p1 |= arr[1] << 5;
p1 |= arr[0] << 9;
PrintAndLog("Pattern 1 : 0x%X - %d", p1, p1);
uint16_t sebury1 = id & 0xFFFF;
uint8_t sebury2 = (id >> 16) & 0x7F;
uint32_t sebury3 = id & 0x7FFFFF;
PrintAndLog("Pattern Sebury : %d %d %d (hex: %X %X %X)", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3);
}
}
return;
}
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo)
{
int ans = ASKmanDemod(Cmd, FALSE, FALSE);
if (!ans) return 0;
size_t idx=0;
if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, hi, lo)){
if (g_debugMode){
PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen);
printDemodBuff();
}
return 1;
}
return 0;
}
//by marshmellow
//takes 3 arguments - clock, invert and maxErr as integers
//attempts to demodulate ask while decoding manchester
@@ -384,17 +400,9 @@ int CmdAskEM410xDemod(const char *Cmd)
PrintAndLog(" : data askem410xdemod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
return 0;
}
int ans = ASKmanDemod(Cmd, FALSE, FALSE);
if (!ans) return 0;
uint64_t lo =0;
uint32_t hi =0;
size_t idx=0;
if (Em410xDecode(DemodBuffer,(size_t *) &DemodBufferLen, &idx, &hi, &lo)){
if (g_debugMode){
PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, DemodBufferLen);
printDemodBuff();
}
uint32_t hi;
uint64_t lo;
if (AskEm410xDemod(Cmd, &hi, &lo)) {
PrintAndLog("EM410x pattern found: ");
printEM410x(hi, lo);
return 1;
@@ -550,6 +558,7 @@ int CmdBiphaseDecodeRaw(const char *Cmd)
PrintAndLog("Usage: data biphaserawdecode [offset] [invert] [maxErr]");
PrintAndLog(" Converts 10 or 01 to 1 and 11 or 00 to 0");
PrintAndLog(" --must have binary sequence in demodbuffer (run data askrawdemod first)");
PrintAndLog(" --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester");
PrintAndLog("");
PrintAndLog(" [offset <0|1>], set to 0 not to adjust start position or to 1 to adjust decode start position");
PrintAndLog(" [invert <0|1>], set to 1 to invert output");
@@ -712,6 +721,8 @@ int Cmdaskbiphdemod(const char *Cmd)
PrintAndLog(" NOTE: <amplify> can be entered as first, second or last argument");
PrintAndLog(" NOTE: any other arg must have previous args set to work");
PrintAndLog("");
PrintAndLog(" NOTE: --invert for Conditional Dephase Encoding (CDP) AKA Differential Manchester");
PrintAndLog("");
PrintAndLog(" sample: data rawdemod ab = demod an ask/biph tag from GraphBuffer");
PrintAndLog(" : data rawdemod ab a = demod an ask/biph tag from GraphBuffer, amplified");
PrintAndLog(" : data rawdemod ab 1 32 = demod an ask/biph tag from GraphBuffer using an offset of 1 and a clock of RF/32");
@@ -741,7 +752,7 @@ int CmdG_Prox_II_Demod(const char *Cmd)
if (ans < 0){
if (g_debugMode) PrintAndLog("Error gProxII_Demod");
return 0;
}
}
//got a good demod
uint32_t ByteStream[65] = {0x00};
uint8_t xorKey=0;
@@ -846,7 +857,7 @@ int AutoCorrelate(int window, bool SaveGrph, bool verbose)
} else if (sum > maxSum){
maxSum=sum;
lastMax = i;
}
}
}
if (Correlation==0){
//try again with wider margin
@@ -862,8 +873,8 @@ int AutoCorrelate(int window, bool SaveGrph, bool verbose)
if (verbose && Correlation > 0) PrintAndLog("Possible Correlation: %d samples",Correlation);
if (SaveGrph){
GraphTraceLen = GraphTraceLen - window;
memcpy(GraphBuffer, CorrelBuffer, GraphTraceLen * sizeof (int));
GraphTraceLen = GraphTraceLen - window;
memcpy(GraphBuffer, CorrelBuffer, GraphTraceLen * sizeof (int));
RepaintGraphWindow();
}
return Correlation;
@@ -1171,7 +1182,7 @@ int FSKrawDemod(const char *Cmd, bool verbose)
if(size > (8*32)+2) size = (8*32)+2; //only output a max of 8 blocks of 32 bits most tags will have full bit stream inside that sample size
if (verbose) {
PrintAndLog("FSK decoded bitstream:");
printBitStream(BitStream,size);
printBitStream(BitStream,size);
}
return 1;
@@ -1266,7 +1277,6 @@ int CmdFSKdemodHID(const char *Cmd)
if(fmtLen==34){
cardnum = (lo>>1)&0xFFFF;
fc= ((hi&1)<<15)|(lo>>17);
// this could also be QUADRAKEY. Uses 34bit HID.
}
if(fmtLen==35){
cardnum = (lo>>1)&0xFFFFF;
@@ -1413,21 +1423,19 @@ int CmdFSKdemodIO(const char *Cmd)
uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4
uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ;
uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9
uint8_t crc = bytebits_to_byte(BitStream+idx+54,8);
uint16_t calccrc = 0;
for (uint8_t i=1; i<6; ++i){
calccrc += bytebits_to_byte(BitStream+idx+9*i,8);
PrintAndLog("%d", calccrc);
calccrc += bytebits_to_byte(BitStream+idx+9*i,8);
//PrintAndLog("%d", calccrc);
}
calccrc &= 0xff;
calccrc = 0xff - calccrc;
char *crcStr = (crc == calccrc) ? "ok": "!crc";
char *crcStr = (crc == calccrc) ? "crc ok": "!crc";
PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
setDemodBuf(BitStream,64,idx);
if (g_debugMode){
PrintAndLog("DEBUG: idx: %d, Len: %d, Printing demod buffer:",idx,64);
@@ -1947,25 +1955,22 @@ int NRZrawDemod(const char *Cmd, bool verbose)
int errCnt=0;
errCnt = nrzRawDemod(BitStream, &BitLen, &clk, &invert, maxErr);
if (errCnt > maxErr){
if (g_debugMode==1 && verbose) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
if (g_debugMode) PrintAndLog("Too many errors found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
return 0;
}
if (errCnt<0|| BitLen<16){ //throw away static - allow 1 and -1 (in case of threshold command first)
if (g_debugMode==1 && verbose) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
if (g_debugMode) PrintAndLog("no data found, clk: %d, invert: %d, numbits: %d, errCnt: %d",clk,invert,BitLen,errCnt);
return 0;
}
if (verbose)
PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
if (verbose || g_debugMode) PrintAndLog("Tried NRZ Demod using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
//prime demod buffer for output
setDemodBuf(BitStream,BitLen,0);
if (errCnt>0 && verbose){
PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
}
if (verbose) {
PrintAndLog("NRZ demoded bitstream:");
// Now output the bitstream to the scrollback by line of 16 bits
printDemodBuff();
if (errCnt>0 && (verbose || g_debugMode)) PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
if (verbose || g_debugMode) {
PrintAndLog("NRZ demoded bitstream:");
// Now output the bitstream to the scrollback by line of 16 bits
printDemodBuff();
}
return 1;
}
@@ -2066,7 +2071,7 @@ int CmdRawDemod(const char *Cmd)
PrintAndLog(" <help> as 'h', prints the help for the specific modulation");
PrintAndLog(" <options> see specific modulation help for optional parameters");
PrintAndLog("");
PrintAndLog(" sample: data rawdemod fs h = print help for ask/raw demod");
PrintAndLog(" sample: data rawdemod fs h = print help specific to fsk demod");
PrintAndLog(" : data rawdemod fs = demod GraphBuffer using: fsk - autodetect");
PrintAndLog(" : data rawdemod ab = demod GraphBuffer using: ask/biphase - autodetect");
PrintAndLog(" : data rawdemod am = demod GraphBuffer using: ask/manchester - autodetect");
@@ -2195,57 +2200,64 @@ uint8_t getByte(uint8_t bits_per_sample, BitstreamOut* b)
return val;
}
int getSamples(const char *Cmd, bool silent)
{
//If we get all but the last byte in bigbuf,
// we don't have to worry about remaining trash
// in the last byte in case the bits-per-sample
// does not line up on byte boundaries
uint8_t got[BIGBUF_SIZE-1] = { 0 };
int n = strtol(Cmd, NULL, 0);
if (n == 0)
n = sizeof(got);
if (n > sizeof(got))
n = sizeof(got);
PrintAndLog("Reading %d bytes from device memory\n", n);
GetFromBigBuf(got,n,0);
PrintAndLog("Data fetched");
UsbCommand response;
WaitForResponse(CMD_ACK, &response);
uint8_t bits_per_sample = 8;
//Old devices without this feature would send 0 at arg[0]
if(response.arg[0] > 0)
{
sample_config *sc = (sample_config *) response.d.asBytes;
PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample
, sc->decimation);
bits_per_sample = sc->bits_per_sample;
}
if(bits_per_sample < 8)
{
PrintAndLog("Unpacking...");
BitstreamOut bout = { got, bits_per_sample * n, 0};
int j =0;
for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) {
uint8_t sample = getByte(bits_per_sample, &bout);
GraphBuffer[j] = ((int) sample )- 128;
}
GraphTraceLen = j;
PrintAndLog("Unpacked %d samples" , j );
}else
{
for (int j = 0; j < n; j++) {
GraphBuffer[j] = ((int)got[j]) - 128;
}
GraphTraceLen = n;
}
RepaintGraphWindow();
return 0;
}
int CmdSamples(const char *Cmd)
{
//If we get all but the last byte in bigbuf,
// we don't have to worry about remaining trash
// in the last byte in case the bits-per-sample
// does not line up on byte boundaries
uint8_t got[BIGBUF_SIZE-1] = { 0 };
int n = strtol(Cmd, NULL, 0);
if (n == 0)
n = sizeof(got);
if (n > sizeof(got))
n = sizeof(got);
PrintAndLog("Reading %d bytes from device memory\n", n);
GetFromBigBuf(got,n,0);
PrintAndLog("Data fetched");
UsbCommand response;
WaitForResponse(CMD_ACK, &response);
uint8_t bits_per_sample = 8;
//Old devices without this feature would send 0 at arg[0]
if(response.arg[0] > 0)
{
sample_config *sc = (sample_config *) response.d.asBytes;
PrintAndLog("Samples @ %d bits/smpl, decimation 1:%d ", sc->bits_per_sample
, sc->decimation);
bits_per_sample = sc->bits_per_sample;
}
if(bits_per_sample < 8)
{
PrintAndLog("Unpacking...");
BitstreamOut bout = { got, bits_per_sample * n, 0};
int j =0;
for (j = 0; j * bits_per_sample < n * 8 && j < sizeof(GraphBuffer); j++) {
uint8_t sample = getByte(bits_per_sample, &bout);
GraphBuffer[j] = ((int) sample )- 128;
}
GraphTraceLen = j;
PrintAndLog("Unpacked %d samples" , j );
}else
{
for (int j = 0; j < n; j++) {
GraphBuffer[j] = ((int)got[j]) - 128;
}
GraphTraceLen = n;
}
RepaintGraphWindow();
return 0;
return getSamples(Cmd, false);
}
int CmdTuneSamples(const char *Cmd)
@@ -2741,60 +2753,52 @@ int CmdZerocrossings(const char *Cmd)
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"amp", CmdAmp, 1, "Amplify peaks"},
{"help", CmdHelp, 1, "This help"},
{"amp", CmdAmp, 1, "Amplify peaks"},
//{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
{"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"},
{"askem410xdemod",CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"},
{"askgproxiidemod",CmdG_Prox_II_Demod,1, "Demodulate a G Prox II tag from GraphBuffer"},
//{"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)"},
//{"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0|1>] -- Attempt to demodulate ASK tags and output bin (args optional)"},
{"autocorr", CmdAutoCorr, 1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"},
{"askedgedetect", CmdAskEdgeDetect, 1, "[threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave (default = 25)"},
{"askem410xdemod", CmdAskEM410xDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Demodulate an EM410x tag from GraphBuffer (args optional)"},
{"askgproxiidemod", CmdG_Prox_II_Demod, 1, "Demodulate a G Prox II tag from GraphBuffer"},
{"autocorr", CmdAutoCorr, 1, "[window length] [g] -- Autocorrelation over window - g to save back to GraphBuffer (overwrite)"},
{"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] [invert<0|1>] Biphase decode bin stream in DemodBuffer (offset = 0|1 bits to shift the decode start)"},
{"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"},
{"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"},
//{"bitstream", CmdBitstream, 1, "[clock rate] -- Convert waveform into a bitstream"},
{"buffclear", CmdBuffClear, 1, "Clear sample buffer and graph window"},
{"dec", CmdDec, 1, "Decimate samples"},
{"detectclock", CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"},
{"buffclear", CmdBuffClear, 1, "Clear sample buffer and graph window"},
{"dec", CmdDec, 1, "Decimate samples"},
{"detectclock", CmdDetectClockRate, 1, "[modulation] Detect clock rate of wave in GraphBuffer (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)"},
//{"fskdemod", CmdFSKdemod, 1, "Demodulate graph window as a HID FSK"},
{"fskawiddemod", CmdFSKdemodAWID, 1, "Demodulate an AWID FSK tag from GraphBuffer"},
{"fskawiddemod", CmdFSKdemodAWID, 1, "Demodulate an AWID FSK tag from GraphBuffer"},
//{"fskfcdetect", CmdFSKfcDetect, 1, "Try to detect the Field Clock of an FSK wave"},
{"fskhiddemod", CmdFSKdemodHID, 1, "Demodulate a HID FSK tag from GraphBuffer"},
{"fskiodemod", CmdFSKdemodIO, 1, "Demodulate an IO Prox FSK tag from GraphBuffer"},
{"fskpyramiddemod",CmdFSKdemodPyramid,1, "Demodulate a Pyramid FSK tag from GraphBuffer"},
{"fskparadoxdemod",CmdFSKdemodParadox,1, "Demodulate a Paradox FSK tag from GraphBuffer"},
//{"fskrawdemod", CmdFSKrawdemod, 1, "[clock rate] [invert] [rchigh] [rclow] Demodulate graph window from FSK to bin (clock = 50)(invert = 1|0)(rchigh = 10)(rclow=8)"},
{"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"},
{"grid", CmdGrid, 1, "<x> <y> -- overlay grid on graph window, use zero value to turn off either"},
{"hexsamples", CmdHexsamples, 0, "<bytes> [<offset>] -- Dump big buffer as hex bytes"},
{"hide", CmdHide, 1, "Hide graph window"},
{"hpf", CmdHpf, 1, "Remove DC offset from trace"},
{"load", CmdLoad, 1, "<filename> -- Load trace (to graph window"},
{"ltrim", CmdLtrim, 1, "<samples> -- Trim samples from left of trace"},
{"rtrim", CmdRtrim, 1, "<location to end trace> -- Trim samples from right of trace"},
{"fskhiddemod", CmdFSKdemodHID, 1, "Demodulate a HID FSK tag from GraphBuffer"},
{"fskiodemod", CmdFSKdemodIO, 1, "Demodulate an IO Prox FSK tag from GraphBuffer"},
{"fskpyramiddemod", CmdFSKdemodPyramid, 1, "Demodulate a Pyramid FSK tag from GraphBuffer"},
{"fskparadoxdemod", CmdFSKdemodParadox, 1, "Demodulate a Paradox FSK tag from GraphBuffer"},
{"getbitstream", CmdGetBitStream, 1, "Convert GraphBuffer's >=1 values to 1 and <1 to 0"},
{"grid", CmdGrid, 1, "<x> <y> -- overlay grid on graph window, use zero value to turn off either"},
{"hexsamples", CmdHexsamples, 0, "<bytes> [<offset>] -- Dump big buffer as hex bytes"},
{"hide", CmdHide, 1, "Hide graph window"},
{"hpf", CmdHpf, 1, "Remove DC offset from trace"},
{"load", CmdLoad, 1, "<filename> -- Load trace (to graph window"},
{"ltrim", CmdLtrim, 1, "<samples> -- Trim samples from left of trace"},
{"rtrim", CmdRtrim, 1, "<location to end trace> -- Trim samples from right of trace"},
//{"mandemod", CmdManchesterDemod, 1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)"},
{"manrawdecode", Cmdmandecoderaw, 1, "Manchester decode binary stream in DemodBuffer"},
{"manmod", CmdManchesterMod, 1, "[clock rate] -- Manchester modulate a binary stream"},
{"norm", CmdNorm, 1, "Normalize max/min to +/-128"},
//{"nrzdetectclock",CmdDetectNRZClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"},
//{"nrzrawdemod", CmdNRZrawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate nrz tags and output binary (args optional)"},
{"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"},
//{"pskdetectclock",CmdDetectPSKClockRate, 1, "Detect ASK, PSK, or NRZ clock rate"},
{"printdemodbuffer",CmdPrintDemodBuff,1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"},
{"pskindalademod",CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
//{"psk1rawdemod", CmdPSK1rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk1 tags and output binary (args optional)"},
//{"psk2rawdemod", CmdPSK2rawDemod, 1, "[clock] [invert<0|1>] [maxErr] -- Attempt to demodulate psk2 tags and output binary (args optional)"},
{"rawdemod", CmdRawDemod, 1, "[modulation] ... <options> -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"},
{"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"},
{"save", CmdSave, 1, "<filename> -- Save trace (from graph window)"},
{"scale", CmdScale, 1, "<int> -- Set cursor display scale"},
{"setdebugmode", CmdSetDebugMode, 1, "<0|1> -- Turn on or off Debugging Mode for demods"},
{"shiftgraphzero",CmdGraphShiftZero, 1, "<shift> -- Shift 0 for Graphed wave + or - shift value"},
{"manrawdecode", Cmdmandecoderaw, 1, "Manchester decode binary stream in DemodBuffer"},
{"manmod", CmdManchesterMod, 1, "[clock rate] -- Manchester modulate a binary stream"},
{"norm", CmdNorm, 1, "Normalize max/min to +/-128"},
{"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"},
{"printdemodbuffer",CmdPrintDemodBuff, 1, "[x] -- print the data in the DemodBuffer - 'x' for hex output"},
{"pskindalademod", CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
{"rawdemod", CmdRawDemod, 1, "[modulation] ... <options> -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"},
{"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"},
{"save", CmdSave, 1, "<filename> -- Save trace (from graph window)"},
{"scale", CmdScale, 1, "<int> -- Set cursor display scale"},
{"setdebugmode", CmdSetDebugMode, 1, "<0|1> -- Turn on or off Debugging Mode for demods"},
{"shiftgraphzero", CmdGraphShiftZero, 1, "<shift> -- Shift 0 for Graphed wave + or - shift value"},
//{"threshold", CmdThreshold, 1, "<threshold> -- Maximize/minimize every value in the graph window depending on threshold"},
{"dirthreshold", CmdDirectionalThreshold, 1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
{"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"},
{"undec", CmdUndec, 1, "Un-decimate samples by 2"},
{"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"},
{"dirthreshold", CmdDirectionalThreshold, 1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
{"tune", CmdTuneSamples, 0, "Get hw tune samples for graph window"},
{"undec", CmdUndec, 1, "Un-decimate samples by 2"},
{"zerocrossings", CmdZerocrossings, 1, "Count time between zero-crossings"},
{NULL, NULL, 0, NULL}
};

4
client/cmddata.h
View File

@@ -64,12 +64,16 @@ int CmdThreshold(const char *Cmd);
int CmdDirectionalThreshold(const char *Cmd);
int CmdZerocrossings(const char *Cmd);
int CmdIndalaDecode(const char *Cmd);
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo);
int ASKbiphaseDemod(const char *Cmd, bool verbose);
int ASKmanDemod(const char *Cmd, bool verbose, bool emSearch);
int ASKrawDemod(const char *Cmd, bool verbose);
int FSKrawDemod(const char *Cmd, bool verbose);
int PSKDemod(const char *Cmd, bool verbose);
int NRZrawDemod(const char *Cmd, bool verbose);
void printEM410x(uint32_t hi, uint64_t id);
int getSamples(const char *Cmd, bool silent);
#define MAX_DEMOD_BUF_LEN (1024*128)
extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN];

239
client/cmdhf.c
View File

@@ -23,6 +23,8 @@
#include "cmdhficlass.h"
#include "cmdhfmf.h"
#include "cmdhfmfu.h"
#include "cmdhfmfdes.h"
#include "cmdhftopaz.h"
#include "protocols.h"
static int CmdHelp(const char *Cmd);
@@ -141,6 +143,26 @@ void annotateIso15693(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
}
}
void annotateTopaz(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
{
switch(cmd[0]) {
case TOPAZ_REQA :snprintf(exp, size, "REQA");break;
case TOPAZ_WUPA :snprintf(exp, size, "WUPA");break;
case TOPAZ_RID :snprintf(exp, size, "RID");break;
case TOPAZ_RALL :snprintf(exp, size, "RALL");break;
case TOPAZ_READ :snprintf(exp, size, "READ");break;
case TOPAZ_WRITE_E :snprintf(exp, size, "WRITE-E");break;
case TOPAZ_WRITE_NE :snprintf(exp, size, "WRITE-NE");break;
case TOPAZ_RSEG :snprintf(exp, size, "RSEG");break;
case TOPAZ_READ8 :snprintf(exp, size, "READ8");break;
case TOPAZ_WRITE_E8 :snprintf(exp, size, "WRITE-E8");break;
case TOPAZ_WRITE_NE8 :snprintf(exp, size, "WRITE-NE8");break;
default: snprintf(exp,size,"?"); break;
}
}
/**
06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID)
@@ -172,7 +194,34 @@ void annotateIso14443b(char *exp, size_t size, uint8_t* cmd, uint8_t cmdsize)
}
/**
* @brief iso14443B_CRC_Ok Checks CRC in command or response
* @brief iso14443A_CRC_check Checks CRC in command or response
* @param isResponse
* @param data
* @param len
* @return 0 : CRC-command, CRC not ok
* 1 : CRC-command, CRC ok
* 2 : Not crc-command
*/
uint8_t iso14443A_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
{
uint8_t b1,b2;
if(len <= 2) return 2;
if(isResponse & (len < 6)) return 2;
ComputeCrc14443(CRC_14443_A, data, len-2, &b1, &b2);
if (b1 != data[len-2] || b2 != data[len-1]) {
return 0;
} else {
return 1;
}
}
/**
* @brief iso14443B_CRC_check Checks CRC in command or response
* @param isResponse
* @param data
* @param len
@@ -190,8 +239,9 @@ uint8_t iso14443B_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
ComputeCrc14443(CRC_14443_B, data, len-2, &b1, &b2);
if(b1 != data[len-2] || b2 != data[len-1]) {
return 0;
}
} else {
return 1;
}
}
/**
@@ -255,11 +305,66 @@ uint8_t iclass_CRC_check(bool isResponse, uint8_t* data, uint8_t len)
}
}
uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, uint8_t protocol, bool showWaitCycles)
bool is_last_record(uint16_t tracepos, uint8_t *trace, uint16_t traceLen)
{
return(tracepos + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t) >= traceLen);
}
bool next_record_is_response(uint16_t tracepos, uint8_t *trace)
{
uint16_t next_records_datalen = *((uint16_t *)(trace + tracepos + sizeof(uint32_t) + sizeof(uint16_t)));
return(next_records_datalen & 0x8000);
}
bool merge_topaz_reader_frames(uint32_t timestamp, uint32_t *duration, uint16_t *tracepos, uint16_t traceLen, uint8_t *trace, uint8_t *frame, uint8_t *topaz_reader_command, uint16_t *data_len)
{
#define MAX_TOPAZ_READER_CMD_LEN 16
uint32_t last_timestamp = timestamp + *duration;
if ((*data_len != 1) || (frame[0] == TOPAZ_WUPA) || (frame[0] == TOPAZ_REQA)) return false;
memcpy(topaz_reader_command, frame, *data_len);
while (!is_last_record(*tracepos, trace, traceLen) && !next_record_is_response(*tracepos, trace)) {
uint32_t next_timestamp = *((uint32_t *)(trace + *tracepos));
*tracepos += sizeof(uint32_t);
uint16_t next_duration = *((uint16_t *)(trace + *tracepos));
*tracepos += sizeof(uint16_t);
uint16_t next_data_len = *((uint16_t *)(trace + *tracepos)) & 0x7FFF;
*tracepos += sizeof(uint16_t);
uint8_t *next_frame = (trace + *tracepos);
*tracepos += next_data_len;
if ((next_data_len == 1) && (*data_len + next_data_len <= MAX_TOPAZ_READER_CMD_LEN)) {
memcpy(topaz_reader_command + *data_len, next_frame, next_data_len);
*data_len += next_data_len;
last_timestamp = next_timestamp + next_duration;
} else {
// rewind and exit
*tracepos = *tracepos - next_data_len - sizeof(uint16_t) - sizeof(uint16_t) - sizeof(uint32_t);
break;
}
uint16_t next_parity_len = (next_data_len-1)/8 + 1;
*tracepos += next_parity_len;
}
*duration = last_timestamp - timestamp;
return true;
}
uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, uint8_t protocol, bool showWaitCycles, bool markCRCBytes)
{
bool isResponse;
uint16_t duration, data_len, parity_len;
uint16_t data_len, parity_len;
uint32_t duration;
uint8_t topaz_reader_command[9];
uint32_t timestamp, first_timestamp, EndOfTransmissionTimestamp;
char explanation[30] = {0};
@@ -290,29 +395,31 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
uint8_t *parityBytes = trace + tracepos;
tracepos += parity_len;
if (protocol == TOPAZ && !isResponse) {
// topaz reader commands come in 1 or 9 separate frames with 7 or 8 Bits each.
// merge them:
if (merge_topaz_reader_frames(timestamp, &duration, &tracepos, traceLen, trace, frame, topaz_reader_command, &data_len)) {
frame = topaz_reader_command;
}
}
//Check the CRC status
uint8_t crcStatus = 2;
if (data_len > 2) {
uint8_t b1, b2;
if(protocol == ICLASS)
{
switch (protocol) {
case ICLASS:
crcStatus = iclass_CRC_check(isResponse, frame, data_len);
}else if (protocol == ISO_14443B)
{
break;
case ISO_14443B:
case TOPAZ:
crcStatus = iso14443B_CRC_check(isResponse, frame, data_len);
}
else if (protocol == ISO_14443A){//Iso 14443a
ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2);
if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) {
if(!(isResponse & (data_len < 6)))
{
crcStatus = 0;
}
}
break;
case ISO_14443A:
crcStatus = iso14443A_CRC_check(isResponse, frame, data_len);
break;
default:
break;
}
}
//0 CRC-command, CRC not ok
@@ -334,19 +441,22 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
uint8_t parityBits = parityBytes[j>>3];
if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) {
snprintf(line[j/16]+(( j % 16) * 4),110, "%02x! ", frame[j]);
} else {
snprintf(line[j/16]+(( j % 16) * 4),110, "%02x ", frame[j]);
}
}
if(crcStatus == 1)
if (markCRCBytes) {
if(crcStatus == 0 || crcStatus == 1)
{//CRC-command
char *pos1 = line[(data_len-2)/16]+(((data_len-2) % 16) * 4)-1;
char *pos1 = line[(data_len-2)/16]+(((data_len-2) % 16) * 4);
(*pos1) = '[';
char *pos2 = line[(data_len)/16]+(((data_len) % 16) * 4)-2;
(*pos2) = ']';
char *pos2 = line[(data_len)/16]+(((data_len) % 16) * 4);
sprintf(pos2, "%c", ']');
}
}
if(data_len == 0)
{
if(data_len == 0){
@@ -361,18 +471,19 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
if(!isResponse)
{
if(protocol == ICLASS)
annotateIclass(explanation,sizeof(explanation),frame,data_len);
else if (protocol == ISO_14443A)
annotateIso14443a(explanation,sizeof(explanation),frame,data_len);
else if(protocol == ISO_14443B)
annotateIso14443b(explanation,sizeof(explanation),frame,data_len);
switch(protocol) {
case ICLASS: annotateIclass(explanation,sizeof(explanation),frame,data_len); break;
case ISO_14443A: annotateIso14443a(explanation,sizeof(explanation),frame,data_len); break;
case ISO_14443B: annotateIso14443b(explanation,sizeof(explanation),frame,data_len); break;
case TOPAZ: annotateTopaz(explanation,sizeof(explanation),frame,data_len); break;
default: break;
}
}
int num_lines = MIN((data_len - 1)/16 + 1, 16);
for (int j = 0; j < num_lines ; j++) {
if (j == 0) {
PrintAndLog(" %9d | %9d | %s | %-64s| %s| %s",
PrintAndLog(" %10d | %10d | %s |%-64s | %s| %s",
(timestamp - first_timestamp),
(EndOfTransmissionTimestamp - first_timestamp),
(isResponse ? "Tag" : "Rdr"),
@@ -387,20 +498,16 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
}
}
if (tracepos + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t) > traceLen) return traceLen;
if (is_last_record(tracepos, trace, traceLen)) return traceLen;
bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000;
if (showWaitCycles && !isResponse && next_isResponse) {
if (showWaitCycles && !isResponse && next_record_is_response(tracepos, trace)) {
uint32_t next_timestamp = *((uint32_t *)(trace + tracepos));
if (next_timestamp != 0x44444444) {
PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d",
(EndOfTransmissionTimestamp - first_timestamp),
(next_timestamp - first_timestamp),
" ",
(next_timestamp - EndOfTransmissionTimestamp));
}
}
return tracepos;
}
@@ -409,34 +516,35 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui
int CmdHFList(const char *Cmd)
{
bool showWaitCycles = false;
bool markCRCBytes = false;
char type[40] = {0};
int tlen = param_getstr(Cmd,0,type);
char param = param_getchar(Cmd, 1);
char param1 = param_getchar(Cmd, 1);
char param2 = param_getchar(Cmd, 2);
bool errors = false;
uint8_t protocol = 0;
//Validate params
if(tlen == 0)
{
if(tlen == 0) {
errors = true;
}
if(param == 'h' || (param !=0 && param != 'f'))
{
if(param1 == 'h'
|| (param1 != 0 && param1 != 'f' && param1 != 'c')
|| (param2 != 0 && param2 != 'f' && param2 != 'c')) {
errors = true;
}
if(!errors)
{
if(strcmp(type, "iclass") == 0)
{
if(!errors) {
if(strcmp(type, "iclass") == 0) {
protocol = ICLASS;
}else if(strcmp(type, "14a") == 0)
{
} else if(strcmp(type, "14a") == 0) {
protocol = ISO_14443A;
}
else if(strcmp(type, "14b") == 0)
{
} else if(strcmp(type, "14b") == 0) {
protocol = ISO_14443B;
}else if(strcmp(type,"raw")== 0)
{
} else if(strcmp(type,"topaz")== 0) {
protocol = TOPAZ;
} else if(strcmp(type,"raw")== 0) {
protocol = -1;//No crc, no annotations
}else{
errors = true;
@@ -445,13 +553,15 @@ int CmdHFList(const char *Cmd)
if (errors) {
PrintAndLog("List protocol data in trace buffer.");
PrintAndLog("Usage: hf list <protocol> [f]");
PrintAndLog("Usage: hf list <protocol> [f][c]");
PrintAndLog(" f - show frame delay times as well");
PrintAndLog(" c - mark CRC bytes");
PrintAndLog("Supported <protocol> values:");
PrintAndLog(" raw - just show raw data without annotations");
PrintAndLog(" 14a - interpret data as iso14443a communications");
PrintAndLog(" 14b - interpret data as iso14443b communications");
PrintAndLog(" iclass - interpret data as iclass communications");
PrintAndLog(" topaz - interpret data as topaz communications");
PrintAndLog("");
PrintAndLog("example: hf list 14a f");
PrintAndLog("example: hf list iclass");
@@ -459,10 +569,13 @@ int CmdHFList(const char *Cmd)
}
if (param == 'f') {
if (param1 == 'f' || param2 == 'f') {
showWaitCycles = true;
}
if (param1 == 'c' || param2 == 'c') {
markCRCBytes = true;
}
uint8_t *trace;
uint16_t tracepos = 0;
@@ -496,7 +609,7 @@ int CmdHFList(const char *Cmd)
while(tracepos < traceLen)
{
tracepos = printTraceLine(tracepos, traceLen, trace, protocol, showWaitCycles);
tracepos = printTraceLine(tracepos, traceLen, trace, protocol, showWaitCycles, markCRCBytes);
}
free(trace);
@@ -514,9 +627,11 @@ static command_t CommandTable[] =
{"legic", CmdHFLegic, 0, "{ LEGIC RFIDs... }"},
{"iclass", CmdHFiClass, 1, "{ ICLASS RFIDs... }"},
{"mf", CmdHFMF, 1, "{ MIFARE RFIDs... }"},
{"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"},
{"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"},
{"list", CmdHFList, 1, "List protocol data in trace buffer"},
{"mfu", CmdHFMFUltra, 1, "{ MIFARE Ultralight RFIDs... }"},
{"mfdes", CmdHFMFDes, 1, "{ MIFARE Desfire RFIDs... }"},
{"topaz", CmdHFTopaz, 1, "{ TOPAZ (NFC Type 1) RFIDs... }"},
{"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"},
{"list", CmdHFList, 1, "List protocol data in trace buffer"},
{NULL, NULL, 0, NULL}
};

58
client/cmdhf14a.c
View File

@@ -140,7 +140,7 @@ int CmdHF14AReader(const char *Cmd)
iso14a_card_select_t card;
memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
if(select_status == 0) {
PrintAndLog("iso14443a card select failed");
@@ -152,6 +152,18 @@ int CmdHF14AReader(const char *Cmd)
return 0;
}
if(select_status == 3) {
PrintAndLog("Card doesn't support standard iso14443-3 anticollision");
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
// disconnect
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
return 0;
}
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
@@ -497,16 +509,18 @@ int CmdHF14ASnoop(const char *Cmd) {
return 0;
}
int CmdHF14ACmdRaw(const char *cmd) {
UsbCommand c = {CMD_READER_ISO_14443a, {0, 0, 0}};
uint8_t reply=1;
uint8_t crc=0;
uint8_t power=0;
uint8_t active=0;
uint8_t active_select=0;
bool reply=1;
bool crc = FALSE;
bool power = FALSE;
bool active = FALSE;
bool active_select = FALSE;
uint16_t numbits=0;
bool bTimeout = FALSE;
uint32_t timeout=0;
uint8_t bTimeout=0;
bool topazmode = FALSE;
char buf[5]="";
int i=0;
uint8_t data[USB_CMD_DATA_SIZE];
@@ -522,9 +536,11 @@ int CmdHF14ACmdRaw(const char *cmd) {
PrintAndLog(" -s active signal field ON with select");
PrintAndLog(" -b number of bits to send. Useful for send partial byte");
PrintAndLog(" -t timeout in ms");
PrintAndLog(" -T use Topaz protocol to send command");
return 0;
}
// strip
while (*cmd==' ' || *cmd=='\t') cmd++;
@@ -533,19 +549,19 @@ int CmdHF14ACmdRaw(const char *cmd) {
if (cmd[i]=='-') {
switch (cmd[i+1]) {
case 'r':
reply=0;
reply = FALSE;
break;
case 'c':
crc=1;
crc = TRUE;
break;
case 'p':
power=1;
power = TRUE;
break;
case 'a':
active=1;
active = TRUE;
break;
case 's':
active_select=1;
active_select = TRUE;
break;
case 'b':
sscanf(cmd+i+2,"%d",&temp);
@@ -555,13 +571,16 @@ int CmdHF14ACmdRaw(const char *cmd) {
i-=2;
break;
case 't':
bTimeout=1;
bTimeout = TRUE;
sscanf(cmd+i+2,"%d",&temp);
timeout = temp;
i+=3;
while(cmd[i]!=' ' && cmd[i]!='\0') { i++; }
i-=2;
break;
case 'T':
topazmode = TRUE;
break;
default:
PrintAndLog("Invalid option");
return 0;
@@ -591,10 +610,15 @@ int CmdHF14ACmdRaw(const char *cmd) {
PrintAndLog("Invalid char on input");
return 0;
}
if(crc && datalen>0 && datalen<sizeof(data)-2)
{
uint8_t first, second;
if (topazmode) {
ComputeCrc14443(CRC_14443_B, data, datalen, &first, &second);
} else {
ComputeCrc14443(CRC_14443_A, data, datalen, &first, &second);
}
data[datalen++] = first;
data[datalen++] = second;
}
@@ -607,7 +631,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
}
if(bTimeout){
#define MAX_TIMEOUT 40542464 // (2^32-1) * (8*16) / 13560000Hz * 1000ms/s =
#define MAX_TIMEOUT 40542464 // = (2^32-1) * (8*16) / 13560000Hz * 1000ms/s
c.arg[0] |= ISO14A_SET_TIMEOUT;
if(timeout > MAX_TIMEOUT) {
timeout = MAX_TIMEOUT;
@@ -615,11 +639,16 @@ int CmdHF14ACmdRaw(const char *cmd) {
}
c.arg[2] = 13560000 / 1000 / (8*16) * timeout; // timeout in ETUs (time to transfer 1 bit, approx. 9.4 us)
}
if(power)
c.arg[0] |= ISO14A_NO_DISCONNECT;
if(datalen>0)
c.arg[0] |= ISO14A_RAW;
if(topazmode)
c.arg[0] |= ISO14A_TOPAZMODE;
// Max buffer is USB_CMD_DATA_SIZE
c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen);
@@ -635,6 +664,7 @@ int CmdHF14ACmdRaw(const char *cmd) {
return 0;
}
static void waitCmd(uint8_t iSelect)
{
uint8_t *recv;

7
client/cmdhfmfdes.c
View File

@@ -12,7 +12,8 @@
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <openssl/des.h>
//#include <openssl/des.h>
#include "loclass/des.h"
#include "cmdmain.h"
#include "proxmark3.h"
#include "../include/common.h"
@@ -236,7 +237,7 @@ char * GetCardSizeStr( uint8_t fsize ){
uint16_t lsize = 1 << (fsize >>1);
// is LSB set?
if ( fsize & (1 << 0 ) )
if ( fsize & 1 )
sprintf(retStr, "0x%02X (%d - %d bytes)",fsize, usize, lsize);
else
sprintf(retStr, "0x%02X (%d bytes)", fsize, lsize);
@@ -251,7 +252,7 @@ char * GetProtocolStr(uint8_t id){
if ( id == 0x05)
sprintf(retStr,"0x%02X (ISO 14443-3, 14443-4)", id);
else
sprintf(retStr,"0x%02X", id);
sprintf(retStr,"0x%02X (Unknown)", id);
return buf;
}

24
client/cmdhfmfu.c
View File

@@ -7,7 +7,6 @@
//-----------------------------------------------------------------------------
// High frequency MIFARE ULTRALIGHT (C) commands
//-----------------------------------------------------------------------------
//#include <openssl/des.h>
#include "loclass/des.h"
#include "cmdhfmfu.h"
#include "cmdhfmf.h"
@@ -391,7 +390,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
//Change key to user defined one
if (cmdp == 'k' || cmdp == 'K'){
keyNo = param_get8(Cmd, 1);
if(keyNo >= 4) errors = true;
if(keyNo > 4) errors = true;
}
if (cmdp == 'h' || cmdp == 'H') {
@@ -430,7 +429,6 @@ int CmdHF14AMfucAuth(const char *Cmd){
uint8_t * data= resp.d.asBytes;
if (isOK){
PrintAndLog("enc(RndB):%s", sprint_hex(data+1, 8));
memcpy(enc_random_b,data+1,8);
} else {
PrintAndLog("Auth failed");
@@ -440,10 +438,7 @@ int CmdHF14AMfucAuth(const char *Cmd){
PrintAndLog("Command execute timeout");
return 1;
}
uint8_t iv[8] = { 0 };
// Do we need random ? Right now we use all ones, is that random enough ?
// DES_random_key(&RndA);
PrintAndLog(" RndA :%s",sprint_hex(random_a, 8));
PrintAndLog(" e_RndB:%s",sprint_hex(enc_random_b, 8));
@@ -490,6 +485,23 @@ int CmdHF14AMfucAuth(const char *Cmd){
if (isOK){
PrintAndLog("enc(RndA'):%s", sprint_hex(data2+1, 8));
uint8_t foo[8] = { 0 };
uint8_t bar[8] = { 0 };
memcpy(foo, data2+1, 8);
des3_set2key_enc(&ctx, key);
des3_crypt_cbc(&ctx // des3_context *ctx
, DES_DECRYPT // int mode
, 8 // size_t length
, enc_random_b // unsigned char iv[8]
, foo // const unsigned char *input
, bar // unsigned char *output
);
PrintAndLog("BAR:%s",sprint_hex(bar, 8));
} else {
return 2;
}

5
client/cmdhfmfu.h
View File

@@ -1,6 +1,9 @@
#include "cmdhfmf.h"
#include "cmdhf14a.h"
#ifndef CMDHFMFU_H__
#define CMDHFMFU_H__
//standard ultralight
int CmdHF14AMfUWrBl(const char *Cmd);
int CmdHF14AMfURdBl(const char *Cmd);
@@ -14,6 +17,6 @@ int CmdHF14AMfucAuth(const char *Cmd);
int CmdHF14AMfUDump(const char *Cmd);
void rol (uint8_t *data, const size_t len);
int CmdHFMFUltra(const char *Cmd);
int CmdHF14AMfUInfo(const char *Cmd);
#endif

27
client/cmdlf.c
View File

@@ -362,6 +362,7 @@ int usage_lf_read()
PrintAndLog("Usage: lf read");
PrintAndLog("Options: ");
PrintAndLog(" h This help");
PrintAndLog(" s silent run no printout");
PrintAndLog("This function takes no arguments. ");
PrintAndLog("Use 'lf config' to set parameters.");
return 0;
@@ -481,13 +482,15 @@ int CmdLFSetConfig(const char *Cmd)
int CmdLFRead(const char *Cmd)
{
uint8_t cmdp =0;
if(param_getchar(Cmd, cmdp) == 'h')
uint8_t cmdp = 0;
bool arg1 = false;
if (param_getchar(Cmd, cmdp) == 'h')
{
return usage_lf_read();
}
if (param_getchar(Cmd, cmdp) == 's') arg1 = true; //suppress print
//And ship it to device
UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K, {arg1,0,0}};
SendCommand(&c);
//WaitForResponse(CMD_ACK,NULL);
if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
@@ -1041,57 +1044,61 @@ int CmdLFfind(const char *Cmd)
return 0;
}
if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag");
PrintAndLog("False Positives ARE possible\n");
PrintAndLog("\nChecking for known tags:\n");
ans=CmdFSKdemodIO("");
if (ans>0) {
PrintAndLog("\nValid IO Prox ID Found!");
return 1;
}
ans=CmdFSKdemodPyramid("");
if (ans>0) {
PrintAndLog("\nValid Pyramid ID Found!");
return 1;
}
ans=CmdFSKdemodParadox("");
if (ans>0) {
PrintAndLog("\nValid Paradox ID Found!");
return 1;
}
ans=CmdFSKdemodAWID("");
if (ans>0) {
PrintAndLog("\nValid AWID ID Found!");
return 1;
}
ans=CmdFSKdemodHID("");
if (ans>0) {
PrintAndLog("\nValid HID Prox ID Found!");
return 1;
}
//add psk and indala
ans=CmdIndalaDecode("");
if (ans>0) {
PrintAndLog("\nValid Indala ID Found!");
return 1;
}
ans=CmdAskEM410xDemod("");
if (ans>0) {
PrintAndLog("\nValid EM410x ID Found!");
return 1;
}
ans=CmdG_Prox_II_Demod("");
if (ans>0) {
PrintAndLog("\nValid G Prox II ID Found!");
return 1;
}
PrintAndLog("\nNo Known Tags Found!\n");
if (testRaw=='u' || testRaw=='U'){
//test unknown tag formats (raw mode)
@@ -1170,7 +1177,7 @@ static command_t CommandTable[] =
{"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"},
{"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
{"indalaclone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
{"read", CmdLFRead, 0, "Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
{"read", CmdLFRead, 0, "['s' silent] Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
{"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) - 'u' to search for unknown tags"},
{"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
{"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [manchester/raw <'m'|'r'>] [msg separator 's'] [d <hexdata>] -- Simulate LF ASK tag from demodbuffer or input"},

184
client/cmdlfem4x.c
View File

@@ -43,163 +43,24 @@ int CmdEMdemodASK(const char *Cmd)
*/
int CmdEM410xRead(const char *Cmd)
{
int i, j, clock, header, rows, bit, hithigh, hitlow, first, bit2idx, high, low;
int parity[4];
char id[11] = {0x00};
char id2[11] = {0x00};
int retested = 0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN];
high = low = 0;
uint32_t hi=0;
uint64_t lo=0;
/* Detect high and lows and clock */
for (i = 0; i < GraphTraceLen; i++)
{
if (GraphBuffer[i] > high)
high = GraphBuffer[i];
else if (GraphBuffer[i] < low)
low = GraphBuffer[i];
}
/* get clock */
clock = GetAskClock(Cmd, false, false);
/* parity for our 4 columns */
parity[0] = parity[1] = parity[2] = parity[3] = 0;
header = rows = 0;
// manchester demodulate
bit = bit2idx = 0;
for (i = 0; i < (int)(GraphTraceLen / clock); i++)
{
hithigh = 0;
hitlow = 0;
first = 1;
/* Find out if we hit both high and low peaks */
for (j = 0; j < clock; j++)
{
if (GraphBuffer[(i * clock) + j] >= high)
hithigh = 1;
else if (GraphBuffer[(i * clock) + j] <= low)
hitlow = 1;
/* it doesn't count if it's the first part of our read
because it's really just trailing from the last sequence */
if (first && (hithigh || hitlow))
hithigh = hitlow = 0;
else
first = 0;
if (hithigh && hitlow)
break;
}
/* If we didn't hit both high and low peaks, we had a bit transition */
if (!hithigh || !hitlow)
bit ^= 1;
BitStream[bit2idx++] = bit;
}
retest:
/* We go till 5 before the graph ends because we'll get that far below */
for (i = 1; i < bit2idx - 5; i++)
{
/* Step 2: We have our header but need our tag ID */
if (header == 9 && rows < 10)
{
/* Confirm parity is correct */
if ((BitStream[i] ^ BitStream[i+1] ^ BitStream[i+2] ^ BitStream[i+3]) == BitStream[i+4])
{
/* Read another byte! */
sprintf(id+rows, "%x", (8 * BitStream[i]) + (4 * BitStream[i+1]) + (2 * BitStream[i+2]) + (1 * BitStream[i+3]));
sprintf(id2+rows, "%x", (8 * BitStream[i+3]) + (4 * BitStream[i+2]) + (2 * BitStream[i+1]) + (1 * BitStream[i]));
rows++;
/* Keep parity info */
parity[0] ^= BitStream[i];
parity[1] ^= BitStream[i+1];
parity[2] ^= BitStream[i+2];
parity[3] ^= BitStream[i+3];
/* Move 4 bits ahead */
i += 4;
}
/* Damn, something wrong! reset */
else
{
PrintAndLog("Thought we had a valid tag but failed at word %d (i=%d)", rows + 1, i);
/* Start back rows * 5 + 9 header bits, -1 to not start at same place */
i -= 9 + (5 * rows) - 5;
rows = header = 0;
}
}
/* Step 3: Got our 40 bits! confirm column parity */
else if (rows == 10)
{
/* We need to make sure our 4 bits of parity are correct and we have a stop bit */
if (BitStream[i] == parity[0] && BitStream[i+1] == parity[1] &&
BitStream[i+2] == parity[2] && BitStream[i+3] == parity[3] &&
BitStream[i+4] == 0)
{
/* Sweet! */
PrintAndLog("EM410x Tag ID: %s", id);
PrintAndLog("Unique Tag ID: %s", id2);
global_em410xId = id;
/* Stop any loops */
return 1;
}
/* Crap! Incorrect parity or no stop bit, start all over */
else
{
rows = header = 0;
/* Go back 59 bits (9 header bits + 10 rows at 4+1 parity) */
i -= 59;
}
}
/* Step 1: get our header */
else if (header < 9)
{
/* Need 9 consecutive 1's */
if (BitStream[i] == 1)
header++;
/* We don't have a header, not enough consecutive 1 bits */
else
header = 0;
}
}
/* if we've already retested after flipping bits, return */
if (retested++){
PrintAndLog("Failed to decode");
if(!AskEm410xDemod("", &hi, &lo)) return 0;
PrintAndLog("EM410x pattern found: ");
printEM410x(hi, lo);
if (hi){
PrintAndLog ("EM410x XL pattern found");
return 0;
}
/* if this didn't work, try flipping bits */
for (i = 0; i < bit2idx; i++)
BitStream[i] ^= 1;
goto retest;
}
char id[12] = {0x00};
sprintf(id, "%010llx",lo);
global_em410xId = id;
return 1;
}
/* emulate an EM410X tag
* Format:
* 1111 1111 1 <-- standard non-repeatable header
* XXXX [row parity bit] <-- 10 rows of 5 bits for our 40 bit tag ID
* ....
* CCCC <-- each bit here is parity for the 10 bits above in corresponding column
* 0 <-- stop bit, end of tag
*/
// emulate an EM410X tag
int CmdEM410xSim(const char *Cmd)
{
int i, n, j, binary[4], parity[4];
@@ -282,28 +143,25 @@ int CmdEM410xSim(const char *Cmd)
*/
int CmdEM410xWatch(const char *Cmd)
{
char cmdp = param_getchar(Cmd, 0);
int read_h = (cmdp == 'h');
do {
if (ukbhit()) {
printf("\naborted via keyboard!\n");
break;
}
CmdLFRead(read_h ? "h" : "");
CmdSamples("6000");
} while (
!CmdEM410xRead("")
);
CmdLFRead("s");
getSamples("8192",true); //capture enough to get 2 full messages
} while (!CmdEM410xRead(""));
return 0;
}
int CmdEM410xWatchnSpoof(const char *Cmd)
{
CmdEM410xWatch(Cmd);
PrintAndLog("# Replaying : %s",global_em410xId);
CmdEM410xSim(global_em410xId);
return 0;
PrintAndLog("# Replaying captured ID: %s",global_em410xId);
CmdLFaskSim("");
return 0;
}
/* Read the transmitted data of an EM4x50 tag

397
client/cmdlft55xx.c
View File

@@ -33,11 +33,12 @@ t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offse
int usage_t55xx_config(){
PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>]");
PrintAndLog("Options:");
PrintAndLog(" h This help");
PrintAndLog(" d <FSK|ASK|PSK1|PSK2|PSK3|NRZ|BI> Set demodulation");
PrintAndLog(" i [1] Inverse data signal, defaults to normal");
PrintAndLog(" o [offset] Set offset where data should start decode in bitstream");
PrintAndLog("Options: ");
PrintAndLog(" h This help");
PrintAndLog(" b <8|16|32|40|50|64|100|128> Set bitrate");
PrintAndLog(" d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NZ|BI|BIa> Set demodulation FSK / ASK / PSK / NZ / Biphase / Biphase A");
PrintAndLog(" i [1] Invert data signal, defaults to normal");
PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx config d FSK - FSK demodulation");
@@ -100,8 +101,7 @@ int usage_t55xx_dump(){
return 0;
}
int usage_t55xx_detect(){
PrintAndLog("Usage: lf t55xx detect [1]");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog("Usage: lf t55xx detect");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx detect");
@@ -119,7 +119,8 @@ int CmdT55xxSetConfig(const char *Cmd) {
uint8_t cmdp = 0;
char modulation[5] = {0x00};
char tmp = 0x00;
uint8_t bitRate = 0;
uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};
while(param_getchar(Cmd, cmdp) != 0x00 && !errors)
{
tmp = param_getchar(Cmd, cmdp);
@@ -128,12 +129,34 @@ int CmdT55xxSetConfig(const char *Cmd) {
case 'h':
case 'H':
return usage_t55xx_config();
case 'b':
errors |= param_getdec(Cmd, cmdp+1, &bitRate);
if ( !errors){
uint8_t i = 0;
for (; i < 9; i++){
if (rates[i]==bitRate) {
config.bitrate = i;
break;
}
}
if (i==9) errors = TRUE;
}
cmdp+=2;
break;
case 'd':
param_getstr(Cmd, cmdp+1, modulation);
cmdp += 2;
if ( strcmp(modulation, "FSK" ) == 0)
config.modulation = DEMOD_FSK;
else if ( strcmp(modulation, "FSK1" ) == 0)
config.modulation = DEMOD_FSK1;
else if ( strcmp(modulation, "FSK1a" ) == 0)
config.modulation = DEMOD_FSK1a;
else if ( strcmp(modulation, "FSK2" ) == 0)
config.modulation = DEMOD_FSK2;
else if ( strcmp(modulation, "FSK2a" ) == 0)
config.modulation = DEMOD_FSK2a;
else if ( strcmp(modulation, "ASK" ) == 0)
config.modulation = DEMOD_ASK;
else if ( strcmp(modulation, "NRZ" ) == 0)
@@ -143,7 +166,9 @@ int CmdT55xxSetConfig(const char *Cmd) {
else if ( strcmp(modulation, "PSK2" ) == 0)
config.modulation = DEMOD_PSK2;
else if ( strcmp(modulation, "PSK3" ) == 0)
config.modulation = DEMOD_PSK3;
config.modulation = DEMOD_PSK3;
else if ( strcmp(modulation, "BIa" ) == 0)
config.modulation = DEMOD_BIa;
else if ( strcmp(modulation, "BI" ) == 0)
config.modulation = DEMOD_BI;
else {
@@ -156,10 +181,10 @@ int CmdT55xxSetConfig(const char *Cmd) {
cmdp+=2;
break;
case 'o':
errors |= param_getdec(Cmd, cmdp+1,&offset);
errors |= param_getdec(Cmd, cmdp+1, &offset);
if ( !errors )
config.offset = offset;
cmdp += 2;
cmdp+=2;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
@@ -176,9 +201,9 @@ int CmdT55xxSetConfig(const char *Cmd) {
//Validations
if (errors)
return usage_t55xx_config();
config.block0 = 0;
printConfiguration( config );
config.block0 = 0;
printConfiguration ( config );
return 0;
}
@@ -220,94 +245,148 @@ int CmdT55xxReadBlock(const char *Cmd) {
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
setGraphBuf(got, 12000);
DecodeT55xxBlock();
printT55xxBlock("");
DemodBufferLen=0;
if (!DecodeT55xxBlock()) return 3;
char blk[10]={0};
sprintf(blk,"%d", block);
printT55xxBlock(blk);
return 0;
}
void DecodeT55xxBlock(){
bool DecodeT55xxBlock(){
char buf[8] = {0x00};
char *cmdStr = buf;
int ans = 0;
uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
DemodBufferLen = 0x00;
switch( config.modulation ){
case DEMOD_FSK:
sprintf(cmdStr,"0 %d", config.inverted );
FSKrawDemod(cmdStr, FALSE);
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d %d", bitRate[config.bitrate], config.inverted );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK1:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 1 8 5", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK1a:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 0 8 5", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK2:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 0 10 8", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK2a:
//CmdLtrim("26");
sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
sprintf(cmdStr,"%d 1 10 8", bitRate[config.bitrate] );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_ASK:
sprintf(cmdStr,"0 %d 1", config.inverted );
ASKmanDemod(cmdStr, FALSE, FALSE);
sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
ans = ASKmanDemod(cmdStr, FALSE, FALSE);
break;
case DEMOD_PSK1:
sprintf(cmdStr,"0 %d 1", config.inverted );
PSKDemod(cmdStr, FALSE);
sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
ans = PSKDemod(cmdStr, FALSE);
break;
case DEMOD_PSK2:
sprintf(cmdStr,"0 %d 1", config.inverted );
PSKDemod(cmdStr, FALSE);
sprintf(cmdStr,"%d 1", bitRate[config.bitrate] );
ans = PSKDemod(cmdStr, FALSE);
psk1TOpsk2(DemodBuffer, DemodBufferLen);
break;
case DEMOD_PSK3:
sprintf(cmdStr,"0 %d 1", config.inverted );
PSKDemod(cmdStr, FALSE);
sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
ans = PSKDemod(cmdStr, FALSE);
psk1TOpsk2(DemodBuffer, DemodBufferLen);
break;
case DEMOD_NRZ:
sprintf(cmdStr,"0 %d 1", config.inverted );
NRZrawDemod(cmdStr, FALSE);
sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
ans = NRZrawDemod(cmdStr, FALSE);
break;
case DEMOD_BI:
sprintf(cmdStr,"0 0 %d 1", config.inverted );
ASKbiphaseDemod(cmdStr, FALSE);
sprintf(cmdStr,"0 %d 0 1", bitRate[config.bitrate] );
ans = ASKbiphaseDemod(cmdStr, FALSE);
break;
case DEMOD_BIa:
sprintf(cmdStr,"0 %d 1 1", bitRate[config.bitrate] );
ans = ASKbiphaseDemod(cmdStr, FALSE);
break;
default:
return;
return FALSE;
}
return (bool) ans;
}
int CmdT55xxDetect(const char *Cmd){
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
return usage_t55xx_detect();
if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK );
if ( !tryDetectModulation() )
PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");
return 0;
}
// detect configuration?
bool tryDetectModulation(){
char cmdStr[8] = {0};
uint8_t hits = 0;
t55xx_conf_block_t tests[15];
if (GetFskClock("", FALSE, FALSE)){
uint8_t fc1 = 0, fc2 = 0, clk=0;
fskClocks(&fc1, &fc2, &clk, FALSE);
sprintf(cmdStr,"%d", clk/2);
CmdLtrim(cmdStr);
if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset)){
tests[hits].modulation = DEMOD_FSK;
if (fc1==8 && fc2 == 5)
tests[hits].modulation = DEMOD_FSK1a;
else if (fc1==10 && fc2 == 8)
tests[hits].modulation = DEMOD_FSK2;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_FSK;
if (fc1==8 && fc2 == 5)
tests[hits].modulation = DEMOD_FSK1;
else if (fc1==10 && fc2 == 8)
tests[hits].modulation = DEMOD_FSK2a;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
} else {
}
} else {
if ( ASKmanDemod("0 0 1", FALSE, FALSE) && test(DEMOD_ASK, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_ASK;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
@@ -335,14 +414,14 @@ bool tryDetectModulation(){
if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_PSK1;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
if ( PSKDemod("0 1 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) {
tests[hits].modulation = DEMOD_PSK1;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
@@ -352,20 +431,10 @@ bool tryDetectModulation(){
if (test(DEMOD_PSK2, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK2;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
}
// PSK2 - needs a call to psk1TOpsk2.
if ( PSKDemod("0 1 1", FALSE)) {
psk1TOpsk2(DemodBuffer, DemodBufferLen);
if (test(DEMOD_PSK2, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK2;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
}
} // inverse waves does not affect this demod
// PSK3 - needs a call to psk1TOpsk2.
if ( PSKDemod("0 0 1", FALSE)) {
@@ -373,43 +442,29 @@ bool tryDetectModulation(){
if (test(DEMOD_PSK3, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK3;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
}
// PSK3 - needs a call to psk1TOpsk2.
if ( PSKDemod("0 1 1", FALSE)) {
psk1TOpsk2(DemodBuffer, DemodBufferLen);
if (test(DEMOD_PSK3, &tests[hits].offset)){
tests[hits].modulation = DEMOD_PSK3;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
}
} // inverse waves does not affect this demod
if ( ASKbiphaseDemod("0 0 0 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) {
tests[hits].modulation = DEMOD_BI;
tests[hits].inverted = FALSE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
if ( ASKbiphaseDemod("0 0 1 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) {
tests[hits].modulation = DEMOD_BI;
if ( ASKbiphaseDemod("0 0 1 1", FALSE) && test(DEMOD_BIa, &tests[hits].offset) ) {
tests[hits].modulation = DEMOD_BIa;
tests[hits].inverted = TRUE;
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
++hits;
}
}
if ( hits == 1) {
config.modulation = tests[0].modulation;
config.inverted = tests[0].inverted;
config.offset = tests[0].offset;
DecodeT55xxBlock();
if (DemodBufferLen > config.offset + 32)
config.block0 = PackBits(config.offset, 32, DemodBuffer);
config.block0 = tests[0].block0;
printConfiguration( config );
return TRUE;
}
@@ -430,22 +485,112 @@ bool testModulation(uint8_t mode, uint8_t modread){
if (modread > 3 && modread < 8) return TRUE;
break;
case DEMOD_ASK:
if (modread == 8) return TRUE;
if (modread == DEMOD_ASK) return TRUE;
break;
case DEMOD_PSK1:
if (modread == 1) return TRUE;
if (modread == DEMOD_PSK1) return TRUE;
break;
case DEMOD_PSK2:
if (modread == 2) return TRUE;
if (modread == DEMOD_PSK2) return TRUE;
break;
case DEMOD_PSK3:
if (modread == 3) return TRUE;
if (modread == DEMOD_PSK3) return TRUE;
break;
case DEMOD_NRZ:
if (!modread) return TRUE;
if (modread == DEMOD_NRZ) return TRUE;
break;
case DEMOD_BI:
if (modread == 16) return TRUE;
if (modread == DEMOD_BI) return TRUE;
break;
case DEMOD_BIa:
if (modread == DEMOD_BIa) return TRUE;
break;
default:
return FALSE;
}
return FALSE;
}
bool testBitRate(uint8_t readRate, uint8_t mod){
uint8_t expected[8] = {8, 16, 32, 40, 50, 64, 100, 128};
uint8_t detRate = 0;
switch( mod ){
case DEMOD_FSK:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK1:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK1a:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK2:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_FSK2a:
detRate = GetFskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_ASK:
detRate = GetAskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_PSK1:
detRate = GetPskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_PSK2:
detRate = GetPskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_PSK3:
detRate = GetPskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_NRZ:
detRate = GetNrzClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
case DEMOD_BI:
detRate = GetAskClock("",FALSE, FALSE);
if (expected[readRate] == detRate) {
config.bitrate = readRate;
return TRUE;
}
break;
default:
return FALSE;
@@ -456,21 +601,19 @@ bool testModulation(uint8_t mode, uint8_t modread){
bool test(uint8_t mode, uint8_t *offset){
if ( !DemodBufferLen) return FALSE;
uint8_t si = 0;
for (uint8_t idx = 0; idx < 64; ++idx){
for (uint8_t idx = 0; idx < 64; idx++){
si = idx;
if ( PackBits(si, 32, DemodBuffer) == 0x00 ) continue;
uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key
uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode
// 2nibble must be zeroed.
// moved test to here, since this gets most faults first.
if ( resv > 0x00) continue;
uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3+3; //new
//uint8_t bitRate = PackBits(si, 3, DemodBuffer); si += 3; //new could check bit rate
uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3; //new
uint8_t bitRate = PackBits(si, 3, DemodBuffer); si += 3; //new could check bit rate
uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode
uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; //new
//uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //new could check psk cr
@@ -483,33 +626,33 @@ bool test(uint8_t mode, uint8_t *offset){
if (!extMode){
if (nml01 || nml02 || xtRate) continue;
}
//test modulation
if (!testModulation(mode, modread)) continue;
*offset = idx;
if (!testBitRate(bitRate, mode)) continue;
return TRUE;
}
return FALSE;
}
void printT55xxBlock(const char *demodStr){
uint8_t i = config.offset;
uint8_t endpos = 32 + i;
uint8_t endpos = 32 + i;
uint32_t blockData = 0;
uint8_t bits[64] = {0x00};
if ( !DemodBufferLen) return;
if ( endpos > DemodBufferLen){
PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32);
return;
}
for (; i < endpos; ++i)
bits[i - config.offset] = DemodBuffer[i];
for (; i < endpos; ++i)
bits[i - config.offset]=DemodBuffer[i];
blockData = PackBits(0, 32, bits);
PrintAndLog("0x%08X %s [%s]", blockData, sprint_bin(bits,32), demodStr);
}
@@ -527,11 +670,7 @@ int special(const char *Cmd) {
bits[i]=DemodBuffer[j+i];
blockData = PackBits(0, 32, bits);
//char indicate[4] = {0x00};
// if ( (blockData >> 24) == 0xE0 )
// sprintf(indicate,"<--");
//PrintAndLog("[%02d] 0x%08X %s %s",j , blockData, sprint_bin(bits,32), indicate);
PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32));
}
return 0;
@@ -539,6 +678,7 @@ int special(const char *Cmd) {
void printConfiguration( t55xx_conf_block_t b){
PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );
PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );
PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );
PrintAndLog("Offset : %d", b.offset);
PrintAndLog("Block0 : 0x%08X", b.block0);
@@ -572,7 +712,7 @@ int CmdT55xxWriteBlock(const char *Cmd)
UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};
c.d.asBytes[0] = 0x0;
PrintAndLog("Writing to block: %d data: 0x%08X", block, data);
PrintAndLog("Writing to block: %d data : 0x%08X", block, data);
//Password mode
if (res == 3) {
@@ -594,9 +734,9 @@ int CmdT55xxReadTrace(const char *Cmd)
if (strlen(Cmd)==0)
AquireData( TRACE_BLOCK );
DecodeT55xxBlock();
if (!DecodeT55xxBlock()) return 1;
if (!DemodBufferLen) return 1;
if ( !DemodBufferLen) return 1;
RepaintGraphWindow();
uint8_t repeat = 0;
@@ -635,8 +775,8 @@ int CmdT55xxReadTrace(const char *Cmd)
PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );
PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
PrintAndLog("-------------------------------------------------------------");
if ( acl != 0xE0 )
if ( acl != 0xE0 )
PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
/*
TRACE - BLOCK O
@@ -666,16 +806,16 @@ int CmdT55xxInfo(const char *Cmd){
*/
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
return usage_t55xx_info();
if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK );
DecodeT55xxBlock();
if (!DecodeT55xxBlock()) return 1;
if ( !DemodBufferLen) return 1;
if (!DemodBufferLen) return 1;
uint8_t si = config.offset;
uint32_t bl0 = PackBits(si, 32, DemodBuffer);
@@ -715,6 +855,7 @@ int CmdT55xxInfo(const char *Cmd){
PrintAndLog(" Raw Data - Page 0");
PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) );
PrintAndLog("-------------------------------------------------------------");
return 0;
}
@@ -819,7 +960,7 @@ char * GetBitRateStr(uint32_t id){
}
char * GetSaferStr(uint32_t id){
static char buf[40];
static char buf[40];
char *retStr = buf;
sprintf(retStr,"%d",id);
@@ -833,7 +974,7 @@ char * GetSaferStr(uint32_t id){
return buf;
}
char * GetModulationStr( uint32_t id){
static char buf[40];
static char buf[40];
char *retStr = buf;
switch (id){
@@ -867,6 +1008,9 @@ char * GetModulationStr( uint32_t id){
case 16:
sprintf(retStr,"%d - Biphase",id);
break;
case 0x18:
sprintf(retStr,"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);
break;
case 17:
sprintf(retStr,"%d - Reserved",id);
break;
@@ -889,13 +1033,25 @@ char * GetModelStrFromCID(uint32_t cid){
char * GetSelectedModulationStr( uint8_t id){
static char buf[16];
static char buf[16];
char *retStr = buf;
switch (id){
case DEMOD_FSK:
sprintf(retStr,"FSK");
break;
case DEMOD_FSK1:
sprintf(retStr,"FSK1");
break;
case DEMOD_FSK1a:
sprintf(retStr,"FSK1a");
break;
case DEMOD_FSK2:
sprintf(retStr,"FSK2");
break;
case DEMOD_FSK2a:
sprintf(retStr,"FSK2a");
break;
case DEMOD_ASK:
sprintf(retStr,"ASK");
break;
@@ -910,10 +1066,13 @@ char * GetSelectedModulationStr( uint8_t id){
break;
case DEMOD_PSK3:
sprintf(retStr,"PSK3");
break;
break;
case DEMOD_BI:
sprintf(retStr,"BIPHASE");
break;
case DEMOD_BIa:
sprintf(retStr,"BIPHASEa - (CDP)");
break;
default:
sprintf(retStr,"(Unknown)");
break;
@@ -928,17 +1087,17 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
if (len > 32) return 0;
uint32_t tmp = 0;
uint32_t tmp = 0;
for (; j >= 0; --j, ++i)
tmp |= bits[i] << j;
return tmp;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset)"},
{"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
{"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},
{"read", CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},
{"write", CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},

22
client/cmdlft55xx.h
View File

@@ -16,13 +16,28 @@ typedef struct {
DEMOD_PSK1 = 0x01,
DEMOD_PSK2 = 0x02,
DEMOD_PSK3 = 0x03,
DEMOD_FSK = 0x04,
DEMOD_FSK1 = 0x04,
DEMOD_FSK1a = 0x05,
DEMOD_FSK2 = 0x06,
DEMOD_FSK2a = 0x07,
DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs)
DEMOD_ASK = 0x08,
DEMOD_BI = 0x16,
DEMOD_BI = 0x10,
DEMOD_BIa = 0x18,
} modulation;
bool inverted;
uint8_t offset;
uint32_t block0;
enum {
RF_8 = 0x00,
RF_16 = 0x01,
RF_32 = 0x02,
RF_40 = 0x03,
RF_50 = 0x04,
RF_64 = 0x05,
RF_100 = 0x06,
RF_128 = 0x07,
} bitrate;
} t55xx_conf_block_t;
int CmdLFT55XX(const char *Cmd);
@@ -42,9 +57,10 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bitstream);
void printT55xxBlock(const char *demodStr);
void printConfiguration( t55xx_conf_block_t b);
void DecodeT55xxBlock();
bool DecodeT55xxBlock();
bool tryDetectModulation();
bool test(uint8_t mode, uint8_t *offset);
int special(const char *Cmd);
int AquireData( uint8_t block );
#endif

2
client/scripts/test_t55x7_bi.lua
View File

@@ -129,4 +129,4 @@ local function main(args)
test()
print( string.rep('--',20) )
end
main(args)
main(args)

2
client/scripts/test_t55x7_psk.lua
View File

@@ -168,4 +168,4 @@ main(args)
-- XXXXX0XX = PSK RF/2
-- XXXXX4XX = PSK RF/4
-- XXXXX8XX = PSK RF/8
-- XXXXX8XX = PSK RF/8