Proxmark/proxmark3
1
1
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-02-24 07:34:40 +08:00
Code Issues Projects Releases Packages Wiki Activity

add lf PAC/Stanley tag read (#354)

Browse source 
lf pac read - read from antenna and demod
lf pac demod - demodulate from graphbuffer
fix typo in securakey
This commit is contained in:
marshmellow42 2017-07-14 08:04:46 -04:00 committed by pwpiwi
parent 7906cb41ff
commit 69f42a0593
5 changed files with 129 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -11,9 +11,11 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
### Fixed ### Fixed
### Added ### Added
- Added PAC/Stanley detection to lf search (marshmellow)
- Added lf pac demod and lf pac read - extracts the raw blocks from a PAC/Stanley tag (marshmellow)
- Added hf mf c* commands compatibity for 4k and gen1b backdoor (Fl0-0) - Added hf mf c* commands compatibity for 4k and gen1b backdoor (Fl0-0)
- Added backdoor detection for gen1b magic s70/4k tag (Fl0-0) - Added backdoor detection for gen1b magic s70/4k tag (Fl0-0)
- Added data fsktonrz, a fsk cleaning/demodulating routine for weak fsk signal. Note: follow this up with a `data rawdemod nr` to finish demoding your signal. - Added data fsktonrz, a fsk cleaning/demodulating routine for weak fsk signal. Note: follow this up with a `data rawdemod nr` to finish demoding your signal. (marshmellow)
- Added lf em 410xbrute, LF EM410x reader bruteforce attack by simulating UIDs from a file (Fl0-0) - Added lf em 410xbrute, LF EM410x reader bruteforce attack by simulating UIDs from a file (Fl0-0)
## [3.0.1][2017-06-08] ## [3.0.1][2017-06-08]

8
client/cmdlf.c
View file

@ -45,6 +45,7 @@
#include "cmdlfjablotron.h" //for jablotron menu #include "cmdlfjablotron.h" //for jablotron menu
#include "cmdlfnoralsy.h"// for noralsy menu #include "cmdlfnoralsy.h"// for noralsy menu
#include "cmdlfsecurakey.h"//for securakey menu #include "cmdlfsecurakey.h"//for securakey menu
#include "cmdlfpac.h" // for pac menu
bool g_lf_threshold_set = false; bool g_lf_threshold_set = false;
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
@ -1055,6 +1056,12 @@ int CmdLFfind(const char *Cmd)
return CheckChipType(cmdp); return CheckChipType(cmdp);
} }
ans=CmdPacDemod("");
if (ans>0) {
PrintAndLog("\nValid PAC/Stanley ID Found!");
return CheckChipType(cmdp);
}
PrintAndLog("\nNo Known Tags Found!\n"); PrintAndLog("\nNo Known Tags Found!\n");
if (testRaw=='u' || testRaw=='U') { if (testRaw=='u' || testRaw=='U') {
//ans=CheckChipType(cmdp); //ans=CheckChipType(cmdp);
@ -1105,6 +1112,7 @@ static command_t CommandTable[] =
{"jablotron", CmdLFJablotron, 1, "{ Jablotron RFIDs... }"}, {"jablotron", CmdLFJablotron, 1, "{ Jablotron RFIDs... }"},
{"nexwatch", CmdLFNexWatch, 1, "{ NexWatch RFIDs... }"}, {"nexwatch", CmdLFNexWatch, 1, "{ NexWatch RFIDs... }"},
{"noralsy", CmdLFNoralsy, 1, "{ Noralsy RFIDs... }"}, {"noralsy", CmdLFNoralsy, 1, "{ Noralsy RFIDs... }"},
{"pac", CmdLFPac, 1, "{ PAC/Stanley RFIDs... }"},
{"paradox", CmdLFParadox, 1, "{ Paradox RFIDs... }"}, {"paradox", CmdLFParadox, 1, "{ Paradox RFIDs... }"},
{"presco", CmdLFPresco, 1, "{ Presco RFIDs... }"}, {"presco", CmdLFPresco, 1, "{ Presco RFIDs... }"},
{"pcf7931", CmdLFPCF7931, 1, "{ PCF7931 CHIPs... }"}, {"pcf7931", CmdLFPCF7931, 1, "{ PCF7931 CHIPs... }"},

100
client/cmdlfpac.c Normal file
View file

@ -0,0 +1,100 @@
//-----------------------------------------------------------------------------
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency Stanley/PAC tag commands
// NRZ, RF/32, 128 bits long (unknown cs)
//-----------------------------------------------------------------------------
#include "cmdlfpac.h"
#include <string.h>
#include <inttypes.h>
#include "proxmark3.h"
#include "ui.h"
#include "util.h"
#include "graph.h"
#include "cmdparser.h"
#include "cmddata.h"
#include "cmdmain.h"
#include "cmdlf.h"
#include "lfdemod.h" // preamble test
static int CmdHelp(const char *Cmd);
// by marshmellow
// find PAC preamble in already demoded data
int PacFind(uint8_t *dest, size_t *size) {
if (*size < 128) return -1; //make sure buffer has data
size_t startIdx = 0;
uint8_t preamble[] = {1,1,1,1,1,1,1,1,0,0,1,0,0,0,0,0,0,1,0};
if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx))
return -2; //preamble not found
if (*size != 128) return -3; //wrong demoded size
//return start position
return (int)startIdx;
}
//see NRZDemod for what args are accepted
int CmdPacDemod(const char *Cmd) {
//NRZ
if (!NRZrawDemod(Cmd, false)) {
if (g_debugMode) PrintAndLog("DEBUG: Error - PAC: NRZ Demod failed");
return 0;
}
size_t size = DemodBufferLen;
int ans = PacFind(DemodBuffer, &size);
if (ans < 0) {
if (g_debugMode) {
if (ans == -1)
PrintAndLog("DEBUG: Error - PAC: too few bits found");
else if (ans == -2)
PrintAndLog("DEBUG: Error - PAC: preamble not found");
else if (ans == -3)
PrintAndLog("DEBUG: Error - PAC: Size not correct: %d", size);
else
PrintAndLog("DEBUG: Error - PAC: ans: %d", ans);
}
return 0;
}
setDemodBuf(DemodBuffer, 128, ans);
setClockGrid(g_DemodClock, g_DemodStartIdx + (ans*g_DemodClock));
//got a good demod
uint32_t raw1 = bytebits_to_byte(DemodBuffer , 32);
uint32_t raw2 = bytebits_to_byte(DemodBuffer+32, 32);
uint32_t raw3 = bytebits_to_byte(DemodBuffer+64, 32);
uint32_t raw4 = bytebits_to_byte(DemodBuffer+96, 32);
// preamble then appears to have marker bits of "10" CS?
// 11111111001000000 10 01001100 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 10001100 10 100000001
// unknown checksum 9 bits at the end
PrintAndLog("PAC/Stanley Tag Found -- Raw: %08X%08X%08X%08X", raw1 ,raw2, raw3, raw4);
PrintAndLog("\nHow the Raw ID is translated by the reader is unknown");
return 1;
}
int CmdPacRead(const char *Cmd) {
lf_read(true, 4096*2 + 20);
return CmdPacDemod(Cmd);
}
static command_t CommandTable[] = {
{"help", CmdHelp, 1, "This help"},
{"demod", CmdPacDemod,1, "Attempt to read and extract tag data from the GraphBuffer"},
{"read", CmdPacRead, 0, "Attempt to read and extract tag data from the antenna"},
{NULL, NULL, 0, NULL}
};
int CmdLFPac(const char *Cmd) {
clearCommandBuffer();
CmdsParse(CommandTable, Cmd);
return 0;
}
int CmdHelp(const char *Cmd) {
CmdsHelp(CommandTable);
return 0;
}

17
client/cmdlfpac.h Normal file
View file

@ -0,0 +1,17 @@
//-----------------------------------------------------------------------------
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency Securakey tag commands
//-----------------------------------------------------------------------------
#ifndef CMDLFPAC_H__
#define CMDLFPAC_H__
extern int CmdLFPac(const char *Cmd);
extern int CmdPacRead(const char *Cmd);
extern int CmdPacDemod(const char *Cmd);
#endif

2
client/cmdlfsecurakey.c
View file

@ -44,7 +44,7 @@ int CmdSecurakeyDemod(const char *Cmd) {
//ASK / Manchester //ASK / Manchester
bool st = false; bool st = false;
if (!ASKDemod_ext("40 0 0", false, false, 1, &st)) { if (!ASKDemod_ext("40 0 0", false, false, 1, &st)) {
if (g_debugMode) PrintAndLog("DEBUG: Error - Noralsy: ASK/Manchester Demod failed"); if (g_debugMode) PrintAndLog("DEBUG: Error - Securakey: ASK/Manchester Demod failed");
return 0; return 0;
} }
if (st) return 0; if (st) return 0;