dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/Proxmark/proxmark3

Browse Source 
Conflicts:
	client/cmddata.c
	client/cmddata.h
This commit is contained in:
iceman1001
2015-03-10 09:18:35 +01:00
parent 652c39c63b 58e93ff593
commit 12d708fec1
16 changed files with 911 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
armsrc/appmain.c
View File

@@ -661,6 +661,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_HID_SIM_TAG:
CmdHIDsimTAG(c->arg[0], c->arg[1], 1);
break;
case CMD_FSK_SIM_TAG:
CmdFSKsimTAG(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
case CMD_ASK_SIM_TAG:
CmdASKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
case CMD_PSK_SIM_TAG:
CmdPSKsimTag(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
case CMD_HID_CLONE_TAG:
CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;

3
armsrc/apps.h
View File

@@ -122,6 +122,9 @@ void SimulateTagLowFrequency( uint16_t period, uint32_t gap, uint8_t ledcontrol)
//void SimulateTagLowFrequencyA(int period, int gap);
void CmdHIDsimTAG(int hi, int lo, int ledcontrol);
void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream);
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream);
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream);
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol);
void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol);
void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol);

19
armsrc/iso14443a.c
View File

@@ -2301,8 +2301,6 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
}
if(cardSTATE == MFEMUL_NOFIELD) continue;
//Now, get data
res = EmGetCmd(receivedCmd, &len, receivedCmd_par);
if (res == 2) { //Field is off!
cardSTATE = MFEMUL_NOFIELD;
@@ -2373,7 +2371,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
uint32_t nr = bytes_to_num(&receivedCmd[4], 4);
//Collect AR/NR
if(ar_nr_collected < 2){
if(ar_nr_collected < 2 && cardAUTHSC == 2){
if(ar_nr_responses[2] != ar)
{// Avoid duplicates... probably not necessary, ar should vary.
ar_nr_responses[ar_nr_collected*4] = cuid;
@@ -2381,6 +2379,11 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
ar_nr_responses[ar_nr_collected*4+2] = ar;
ar_nr_responses[ar_nr_collected*4+3] = nr;
ar_nr_collected++;
}
// Interactive mode flag, means we need to send ACK
if(flags & FLAG_INTERACTIVE && ar_nr_collected == 2)
{
finished = true;
}
}
@@ -2528,7 +2531,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
mf_crypto1_encrypt(pcs, response, 18, response_par);
EmSendCmdPar(response, 18, response_par);
numReads++;
if(exitAfterNReads > 0 && numReads == exitAfterNReads) {
if(exitAfterNReads > 0 && numReads >= exitAfterNReads) {
Dbprintf("%d reads done, exiting", numReads);
finished = true;
}
@@ -2648,12 +2651,12 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
if(flags & FLAG_INTERACTIVE)// Interactive mode flag, means we need to send ACK
{
//May just aswell send the collected ar_nr in the response aswell
cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,0,0,&ar_nr_responses,ar_nr_collected*4*4);
cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,1,0,&ar_nr_responses,ar_nr_collected*4*4);
}
if(flags & FLAG_NR_AR_ATTACK)
if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1 )
{
if(ar_nr_collected > 1) {
if(ar_nr_collected > 1 ) {
Dbprintf("Collected two pairs of AR/NR which can be used to extract keys from reader:");
Dbprintf("../tools/mfkey/mfkey32 %08x %08x %08x %08x %08x %08x",
ar_nr_responses[0], // UID
@@ -2665,7 +2668,7 @@ void Mifare1ksim(uint8_t flags, uint8_t exitAfterNReads, uint8_t arg2, uint8_t *
);
} else {
Dbprintf("Failed to obtain two AR/NR pairs!");
if(ar_nr_collected >0) {
if(ar_nr_collected > 0 ) {
Dbprintf("Only got these: UID=%08x, nonce=%08x, AR1=%08x, NR1=%08x",
ar_nr_responses[0], // UID
ar_nr_responses[1], //NT

213
armsrc/lfops.c
View File

@@ -392,11 +392,12 @@ void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol)
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK;
#define SHORT_COIL() LOW(GPIO_SSC_DOUT)
#define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
#define SHORT_COIL() LOW(GPIO_SSC_DOUT)
#define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
i = 0;
for(;;) {
//wait until SSC_CLK goes HIGH
while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
if(BUTTON_PRESS()) {
DbpString("Stopped");
@@ -404,7 +405,6 @@ void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol)
}
WDT_HIT();
}
if (ledcontrol)
LED_D_ON();
@@ -415,17 +415,18 @@ void SimulateTagLowFrequency(uint16_t period, uint32_t gap, uint8_t ledcontrol)
if (ledcontrol)
LED_D_OFF();
//wait until SSC_CLK goes LOW
while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
if(BUTTON_PRESS()) {
DbpString("Stopped");
return;
}
WDT_HIT();
}
}
i++;
if(i == period) {
i = 0;
if (gap) {
SHORT_COIL();
@@ -440,8 +441,9 @@ void SimulateTagLowFrequencyBidir(int divisor, int t0)
{
}
// compose fc/8 fc/10 waveform
static void fc(int c, int *n) {
// compose fc/8 fc/10 waveform (FSK2)
static void fc(int c, int *n)
{
uint8_t *dest = BigBuf_get_addr();
int idx;
@@ -449,20 +451,21 @@ static void fc(int c, int *n) {
if(c==0) {
dest[((*n)++)]=1;
dest[((*n)++)]=1;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
dest[((*n)++)]=1;
dest[((*n)++)]=1;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
}
// an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples
// an fc/8 encoded bit is a bit pattern of 11110000 x6 = 48 samples
if(c==8) {
for (idx=0; idx<6; idx++) {
dest[((*n)++)]=1;
dest[((*n)++)]=1;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
dest[((*n)++)]=1;
dest[((*n)++)]=1;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
@@ -470,14 +473,14 @@ static void fc(int c, int *n) {
}
}
// an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples
// an fc/10 encoded bit is a bit pattern of 1111100000 x5 = 50 samples
if(c==10) {
for (idx=0; idx<5; idx++) {
dest[((*n)++)]=1;
dest[((*n)++)]=1;
dest[((*n)++)]=1;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
dest[((*n)++)]=1;
dest[((*n)++)]=1;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
dest[((*n)++)]=0;
@@ -486,6 +489,36 @@ static void fc(int c, int *n) {
}
}
}
// compose fc/X fc/Y waveform (FSKx)
static void fcAll(uint8_t fc, int *n, uint8_t clock, uint16_t *modCnt)
{
uint8_t *dest = BigBuf_get_addr();
uint8_t halfFC = fc/2;
uint8_t wavesPerClock = clock/fc;
uint8_t mod = clock % fc; //modifier
uint8_t modAdj = fc/mod; //how often to apply modifier
bool modAdjOk = !(fc % mod); //if (fc % mod==0) modAdjOk=TRUE;
// loop through clock - step field clock
for (uint8_t idx=0; idx < wavesPerClock; idx++){
// put 1/2 FC length 1's and 1/2 0's per field clock wave (to create the wave)
memset(dest+(*n), 0, fc-halfFC); //in case of odd number use extra here
memset(dest+(*n)+(fc-halfFC), 1, halfFC);
*n += fc;
}
if (mod>0) (*modCnt)++;
if ((mod>0) && modAdjOk){ //fsk2
if ((*modCnt % modAdj) == 0){ //if 4th 8 length wave in a rf/50 add extra 8 length wave
memset(dest+(*n), 0, fc-halfFC);
memset(dest+(*n)+(fc-halfFC), 1, halfFC);
*n += fc;
}
}
if (mod>0 && !modAdjOk){ //fsk1
memset(dest+(*n), 0, mod-(mod/2));
memset(dest+(*n)+(mod-(mod/2)), 1, mod/2);
*n += mod;
}
}
// prepare a waveform pattern in the buffer based on the ID given then
// simulate a HID tag until the button is pressed
@@ -503,7 +536,7 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
*/
if (hi>0xFFF) {
DbpString("Tags can only have 44 bits.");
DbpString("Tags can only have 44 bits. - USE lf simfsk for larger tags");
return;
}
fc(0,&n);
@@ -543,6 +576,150 @@ void CmdHIDsimTAG(int hi, int lo, int ledcontrol)
LED_A_OFF();
}
// prepare a waveform pattern in the buffer based on the ID given then
// simulate a FSK tag until the button is pressed
// arg1 contains fcHigh and fcLow, arg2 contains invert and clock
void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
{
int ledcontrol=1;
int n=0, i=0;
uint8_t fcHigh = arg1 >> 8;
uint8_t fcLow = arg1 & 0xFF;
uint16_t modCnt = 0;
uint8_t clk = arg2 & 0xFF;
uint8_t invert = (arg2 >> 8) & 1;
for (i=0; i<size; i++){
if (BitStream[i] == invert){
fcAll(fcLow, &n, clk, &modCnt);
} else {
fcAll(fcHigh, &n, clk, &modCnt);
}
}
Dbprintf("Simulating with fcHigh: %d, fcLow: %d, clk: %d, invert: %d, n: %d",fcHigh, fcLow, clk, invert, n);
/*Dbprintf("DEBUG: First 32:");
uint8_t *dest = BigBuf_get_addr();
i=0;
Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
i+=16;
Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
*/
if (ledcontrol)
LED_A_ON();
SimulateTagLowFrequency(n, 0, ledcontrol);
if (ledcontrol)
LED_A_OFF();
}
// compose ask waveform for one bit(ASK)
static void askSimBit(uint8_t c, int *n, uint8_t clock, uint8_t manchester)
{
uint8_t *dest = BigBuf_get_addr();
uint8_t halfClk = clock/2;
// c = current bit 1 or 0
if (manchester){
memset(dest+(*n), c, halfClk);
memset(dest+(*n) + halfClk, c^1, halfClk);
} else {
memset(dest+(*n), c, clock);
}
*n += clock;
}
// args clock, ask/man or askraw, invert, transmission separator
void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
{
int ledcontrol = 1;
int n=0, i=0;
uint8_t clk = (arg1 >> 8) & 0xFF;
uint8_t manchester = arg1 & 1;
uint8_t separator = arg2 & 1;
uint8_t invert = (arg2 >> 8) & 1;
for (i=0; i<size; i++){
askSimBit(BitStream[i]^invert, &n, clk, manchester);
}
if (manchester==0 && BitStream[0]==BitStream[size-1]){ //run a second set inverted (for biphase phase)
for (i=0; i<size; i++){
askSimBit(BitStream[i]^invert^1, &n, clk, manchester);
}
}
if (separator==1) Dbprintf("sorry but separator option not yet available");
Dbprintf("Simulating with clk: %d, invert: %d, manchester: %d, separator: %d, n: %d",clk, invert, manchester, separator, n);
//DEBUG
//Dbprintf("First 32:");
//uint8_t *dest = BigBuf_get_addr();
//i=0;
//Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
//i+=16;
//Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
if (ledcontrol)
LED_A_ON();
SimulateTagLowFrequency(n, 0, ledcontrol);
if (ledcontrol)
LED_A_OFF();
}
//carrier can be 2,4 or 8
static void pskSimBit(uint8_t waveLen, int *n, uint8_t clk, uint8_t *curPhase, bool phaseChg)
{
uint8_t *dest = BigBuf_get_addr();
uint8_t halfWave = waveLen/2;
//uint8_t idx;
int i = 0;
if (phaseChg){
// write phase change
memset(dest+(*n), *curPhase^1, halfWave);
memset(dest+(*n) + halfWave, *curPhase, halfWave);
*n += waveLen;
*curPhase ^= 1;
i += waveLen;
}
//write each normal clock wave for the clock duration
for (; i < clk; i+=waveLen){
memset(dest+(*n), *curPhase, halfWave);
memset(dest+(*n) + halfWave, *curPhase^1, halfWave);
*n += waveLen;
}
}
// args clock, carrier, invert,
void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
{
int ledcontrol=1;
int n=0, i=0;
uint8_t clk = arg1 >> 8;
uint8_t carrier = arg1 & 0xFF;
uint8_t invert = arg2 & 0xFF;
uint8_t curPhase = 0;
for (i=0; i<size; i++){
if (BitStream[i] == curPhase){
pskSimBit(carrier, &n, clk, &curPhase, FALSE);
} else {
pskSimBit(carrier, &n, clk, &curPhase, TRUE);
}
}
Dbprintf("Simulating with Carrier: %d, clk: %d, invert: %d, n: %d",carrier, clk, invert, n);
//Dbprintf("DEBUG: First 32:");
//uint8_t *dest = BigBuf_get_addr();
//i=0;
//Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
//i+=16;
//Dbprintf("%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d", dest[i],dest[i+1],dest[i+2],dest[i+3],dest[i+4],dest[i+5],dest[i+6],dest[i+7],dest[i+8],dest[i+9],dest[i+10],dest[i+11],dest[i+12],dest[i+13],dest[i+14],dest[i+15]);
if (ledcontrol)
LED_A_ON();
SimulateTagLowFrequency(n, 0, ledcontrol);
if (ledcontrol)
LED_A_OFF();
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
{
@@ -1528,7 +1705,7 @@ void ReadPCF7931() {
tries++;
if (BUTTON_PRESS()) return;
} while (num_blocks != max_blocks);
end:
end:
Dbprintf("-----------------------------------------");
Dbprintf("Memory content:");
Dbprintf("-----------------------------------------");