From 2ee9ea0ef3f568aef2e09676ee216a636aa990ae Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 12 Oct 2020 12:27:00 +0200 Subject: [PATCH] Add Destron --- client/CMakeLists.txt | 1 + client/Makefile | 1 + client/android/CMakeLists.txt | 1 + client/src/cmdlf.c | 3 + client/src/cmdlfdestron.c | 189 ++++++++++++++++++++++++++++++++++ client/src/cmdlfdestron.h | 19 ++++ client/src/cmdlft55xx.c | 2 +- tools/pm3_tests.sh | 1 + 8 files changed, 216 insertions(+), 1 deletion(-) create mode 100644 client/src/cmdlfdestron.c create mode 100644 client/src/cmdlfdestron.h diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index c371ecb29..e7262ba33 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -246,6 +246,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/cmdlf.c ${PM3_ROOT}/client/src/cmdlfawid.c ${PM3_ROOT}/client/src/cmdlfcotag.c + ${PM3_ROOT}/client/src/cmdlfdestron.c ${PM3_ROOT}/client/src/cmdlfem4x.c ${PM3_ROOT}/client/src/cmdlfem4x50.c ${PM3_ROOT}/client/src/cmdlffdxb.c diff --git a/client/Makefile b/client/Makefile index 9fa8565e6..27702a9d6 100644 --- a/client/Makefile +++ b/client/Makefile @@ -441,6 +441,7 @@ SRCS = aidsearch.c \ cmdlf.c \ cmdlfawid.c \ cmdlfcotag.c \ + cmdlfdestron.c \ cmdlfem4x.c \ cmdlfem4x50.c \ cmdlffdxb.c \ diff --git a/client/android/CMakeLists.txt b/client/android/CMakeLists.txt index 3ab423c3c..b3f432c6c 100644 --- a/client/android/CMakeLists.txt +++ b/client/android/CMakeLists.txt @@ -125,6 +125,7 @@ add_library(pm3rrg_rdv4 SHARED ${PM3_ROOT}/client/src/cmdlf.c ${PM3_ROOT}/client/src/cmdlfawid.c ${PM3_ROOT}/client/src/cmdlfcotag.c + ${PM3_ROOT}/client/src/cmdlfdestron.c ${PM3_ROOT}/client/src/cmdlfem4x.c ${PM3_ROOT}/client/src/cmdlfem4x50.c ${PM3_ROOT}/client/src/cmdlffdxb.c diff --git a/client/src/cmdlf.c b/client/src/cmdlf.c index e42fd777c..d278d4c9c 100644 --- a/client/src/cmdlf.c +++ b/client/src/cmdlf.c @@ -36,6 +36,7 @@ #include "cmdlfidteck.h" // for idteck menu #include "cmdlfio.h" // for ioprox menu #include "cmdlfcotag.h" // for COTAG meny +#include "cmdlfdestron.h" // for FDX-A FECAVA Destron menu #include "cmdlffdxb.h" // for FDX-B menu #include "cmdlfgallagher.h" // for GALLAGHER menu #include "cmdlfguard.h" // for gproxii menu @@ -1447,6 +1448,7 @@ int CmdLFfind(const char *Cmd) { } if (demodVisa2k(true) == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") " found!"); goto out;} + if (demodDestron(true) == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("FDX-A FECAVA Destron ID") " found!"); goto out;} // to do before HID if (demodHID(true) == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("HID Prox ID") " found!"); goto out;} if (demodAWID(true) == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("AWID ID") " found!"); goto out;} if (demodIOProx(true) == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("IO Prox ID") " found!"); goto out;} @@ -1526,6 +1528,7 @@ static command_t CommandTable[] = { {"-----------", CmdHelp, AlwaysAvailable, "-------------- " _CYAN_("Direct") " --------------"}, {"awid", CmdLFAWID, AlwaysAvailable, "{ AWID RFIDs... }"}, {"cotag", CmdLFCOTAG, AlwaysAvailable, "{ COTAG CHIPs... }"}, + {"destron", CmdLFDestron, AlwaysAvailable, "{ FDX-A Destron RFIDs... }"}, {"em", CmdLFEM4X, AlwaysAvailable, "{ EM4X CHIPs & RFIDs... }"}, {"fdxb", CmdLFFdxB, AlwaysAvailable, "{ FDX-B RFIDs... }"}, {"gallagher", CmdLFGallagher, AlwaysAvailable, "{ GALLAGHER RFIDs... }"}, diff --git a/client/src/cmdlfdestron.c b/client/src/cmdlfdestron.c new file mode 100644 index 000000000..148557a80 --- /dev/null +++ b/client/src/cmdlfdestron.c @@ -0,0 +1,189 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency FDX-A FECAVA Destron tag commands +//----------------------------------------------------------------------------- +#include "cmdlfdestron.h" + +#include //tolower +#include // memcpy +#include "commonutil.h" // ARRAYLEN +#include "common.h" +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "lfdemod.h" // preamble test +#include "protocols.h" // t55xx defines +#include "cmdlft55xx.h" // clone.. +#include "cmdlf.h" // cmdlfconfig +#include "cliparser.h" // cli parse input +#include "parity.h" + +#define DESTRON_FRAME_SIZE 96 +#define DESTRON_PREAMBLE_SIZE 16 + +static int CmdHelp(const char *Cmd); + +int demodDestron(bool verbose) { + (void) verbose; // unused so far + //PSK1 + if (FSKrawDemod(0, 0, 0, 0, false) != PM3_SUCCESS) { + PrintAndLogEx(DEBUG, "DEBUG: Error - Destron: FSK Demod failed"); + return PM3_ESOFT; + } + size_t size = DemodBufferLen; + int ans = detectDestron(DemodBuffer, &size); + if (ans < 0) { + if (ans == -1) + PrintAndLogEx(DEBUG, "DEBUG: Error - Destron: too few bits found"); + else if (ans == -2) + PrintAndLogEx(DEBUG, "DEBUG: Error - Destron: preamble not found"); + else if (ans == -3) + PrintAndLogEx(DEBUG, "DEBUG: Error - Destron: Size not correct: %zu", size); + else + PrintAndLogEx(DEBUG, "DEBUG: Error - Destron: ans: %d", ans); + + return PM3_ESOFT; + } + setDemodBuff(DemodBuffer, DESTRON_FRAME_SIZE, ans); + setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock)); + + uint8_t bits[DESTRON_FRAME_SIZE - DESTRON_PREAMBLE_SIZE] = {0}; + size_t bitlen = DESTRON_FRAME_SIZE - DESTRON_PREAMBLE_SIZE; + memcpy(bits, DemodBuffer + 16, DESTRON_FRAME_SIZE - DESTRON_PREAMBLE_SIZE); + + uint8_t alignPos = 0; + uint16_t errCnt = manrawdecode(bits, &bitlen, 0, &alignPos); + if (errCnt > 0) { + PrintAndLogEx(DEBUG, "DEBUG: Error - Destron: Manchester decoding errors: %d", ans); + return PM3_ESOFT; + } + + uint8_t data[5] = {0}; + uint8_t parity_err = 0; + for (int i=0; i < sizeof(data); i++) { + data[i] = bytebits_to_byte(bits + i * 8, 8); + parity_err += oddparity8(data[i]); + data[i] &= 0x7F; + } + if (errCnt > 0) { + PrintAndLogEx(DEBUG, "DEBUG: Error - Destron: parity errors: %d", parity_err); + return PM3_ESOFT; + } + PrintAndLogEx(SUCCESS, "FDX-A FECAVA Destron: " _GREEN_("%02X%02X%02X%02X%02X"), data[0], data[1], data[2], data[3], data[4]); + return PM3_SUCCESS; +} + +static int CmdDestronDemod(const char *Cmd) { + (void)Cmd; + return demodDestron(true); +} + +static int CmdDestronRead(const char *Cmd) { + lf_read(false, 16000); + return demodDestron(true); +} + +static int CmdDestronClone(const char *Cmd) { + + uint32_t blocks[4] = {0}; + uint8_t data[8]; + int datalen = 0; + + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf destron clone", + "Enables cloning of Destron card with specified uid onto T55x7", + "lf destron clone 1A2B3C4D5E" + ); + + void *argtable[] = { + arg_param_begin, + arg_strx1(NULL, NULL, "", NULL), + arg_param_end + }; + + //TODO add selection of chip for Q5 or T55x7 + CLIExecWithReturn(ctx, Cmd, argtable, false); + CLIGetHexWithReturn(ctx, 1, data, &datalen); + CLIParserFree(ctx); + + uint8_t data_ex[12 + 24] = {0}; // ManchesterEncode need extra room + for (int i=0; i < datalen; i++) { + data_ex[i + 1] = data [i] | (oddparity8(data[i]) << 7); + } + for (int i=0; i < 3; i++) { + blocks[i+1] = manchesterEncode2Bytes((data_ex[i*2]<<8)+data_ex[i*2+1]); + } + // inject preamble + blocks[1] = (blocks[1] & 0xFFFF) | 0xAAE20000; + + PrintAndLogEx(INFO, "Preparing to clone Destron tag with ID: %s", sprint_hex(data, datalen)); + blocks[0] = T55x7_BITRATE_RF_50 | T55x7_MODULATION_FSK2 | 3 << T55x7_MAXBLOCK_SHIFT; + + print_blocks(blocks, ARRAYLEN(blocks)); + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf Destron read`") " to verify"); + return res; +} + +static int CmdDestronSim(const char *Cmd) { + + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + +static command_t CommandTable[] = { + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"demod", CmdDestronDemod, AlwaysAvailable, "Demodulate an Destron tag from the GraphBuffer"}, + {"read", CmdDestronRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, + {"clone", CmdDestronClone, IfPm3Lf, "Clone Destron tag to T55x7"}, + {"sim", CmdDestronSim, IfPm3Lf, "Simulate Destron tag"}, + {NULL, NULL, NULL, NULL} +}; + +static int CmdHelp(const char *Cmd) { + (void)Cmd; // Cmd is not used so far + CmdsHelp(CommandTable); + return PM3_SUCCESS; +} + +int CmdLFDestron(const char *Cmd) { + clearCommandBuffer(); + return CmdsParse(CommandTable, Cmd); +} + +// find Destron preamble in already demoded data +int detectDestron(uint8_t *dest, size_t *size) { + + //make sure buffer has data + if (*size < 64) + return -1; + + size_t found_size = *size; + size_t start_idx = 0; + + uint8_t preamble[DESTRON_PREAMBLE_SIZE] = {1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0}; + + // preamble not found + if (!preambleSearch(dest, preamble, sizeof(preamble), &found_size, &start_idx)) { + return -2; + } + PrintAndLogEx(DEBUG, "DEBUG: detectDestron FSK found preamble"); + + *size = found_size; + // wrong demoded size + if (*size != 96) + return -3; + + return (int)start_idx; +} + +int readDestronUid(void) { + return (CmdDestronRead("") == PM3_SUCCESS); +} diff --git a/client/src/cmdlfdestron.h b/client/src/cmdlfdestron.h new file mode 100644 index 000000000..fb2b62f4a --- /dev/null +++ b/client/src/cmdlfdestron.h @@ -0,0 +1,19 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency FDX-A FECAVA Destron tag commands +//----------------------------------------------------------------------------- +#ifndef CMDLFDESTRON_H__ +#define CMDLFDESTRON_H__ + +#include "common.h" + +int CmdLFDestron(const char *Cmd); +int detectDestron(uint8_t *bits, size_t *size); +int demodDestron(bool verbose); +int readDestronUid(void); +#endif + diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 919debf4c..7c8f39b3b 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -378,7 +378,7 @@ static int usage_t55xx_dangerraw(void) { static int usage_t55xx_clonehelp(void) { PrintAndLogEx(NORMAL, "For cloning specific techs on T55xx tags, see commands available in corresponding LF sub-menus, e.g.:"); PrintAndLogEx(NORMAL, _GREEN_("lf awid clone")); -// todo: rename to clone + PrintAndLogEx(NORMAL, _GREEN_("lf destron clone")); PrintAndLogEx(NORMAL, _GREEN_("lf em 410x_clone")); // todo: implement restore // PrintAndLogEx(NORMAL, _GREEN_("lf em 4x05_write")); diff --git a/tools/pm3_tests.sh b/tools/pm3_tests.sh index e411e667f..4a1293cf8 100755 --- a/tools/pm3_tests.sh +++ b/tools/pm3_tests.sh @@ -341,6 +341,7 @@ while true; do if ! CheckExecute "lf AWID test" "$CLIENTBIN -c 'data load -f traces/lf_AWID-15-259.pm3;lf search 1'" "AWID ID found"; then break; fi if ! CheckExecute "lf EM410x test" "$CLIENTBIN -c 'data load -f traces/lf_EM4102-1.pm3;lf search 1'" "EM410x ID found"; then break; fi if ! CheckExecute "lf EM4x05 test" "$CLIENTBIN -c 'data load -f traces/lf_EM4x05.pm3;lf search 1'" "FDX-B ID found"; then break; fi + if ! CheckExecute "lf FDX-A FECAVA test" "$CLIENTBIN -c 'data load -f traces/lf_EM4305_fdxa_destron.pm3;lf search 1'" "FDX-A FECAVA Destron ID found"; then break; fi if ! CheckExecute "lf FDX-B test" "$CLIENTBIN -c 'data load -f traces/lf_HomeAgain1600.pm3;lf search 1'" "FDX-B ID found"; then break; fi if ! CheckExecute "lf FDX/BioThermo test" "$CLIENTBIN -c 'data load -f traces/lf_FDXB_Bio-Thermo.pm3; lf fdxb demod'" "95.2 F / 35.1 C"; then break; fi if ! CheckExecute "lf GPROXII test" "$CLIENTBIN -c 'data load -f traces/lf_GProx_36_30_14489.pm3; lf search 1'" "Guardall G-Prox II ID found"; then break; fi