From 3221fb32a1a137c193af9bd1a3628b53b3c8fedb Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 10 Sep 2020 11:44:32 +0200 Subject: [PATCH] fixes for 36b format --- client/src/cmdlfguard.c | 58 ++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/client/src/cmdlfguard.c b/client/src/cmdlfguard.c index 12d39ac71..6bb566c0d 100644 --- a/client/src/cmdlfguard.c +++ b/client/src/cmdlfguard.c @@ -93,32 +93,35 @@ static int CmdGuardDemod(const char *Cmd) { return PM3_ESOFT; } - //got a good demod of 96 bits - uint8_t ByteStream[8] = {0x00}; + // got a good demod of 96 bits + + uint8_t plain[8] = {0x00}; uint8_t xorKey = 0; size_t startIdx = preambleIndex + 6; //start after 6 bit preamble - uint8_t bits_no_spacer[90]; - //so as to not mess with raw DemodBuffer copy to a new sample array + + // not mess with raw DemodBuffer copy to a new sample array memcpy(bits_no_spacer, DemodBuffer + startIdx, 90); + // remove the 18 (90/5=18) parity bits (down to 72 bits (96-6-18=72)) size_t len = removeParity(bits_no_spacer, 0, 5, 3, 90); //source, startloc, paritylen, ptype, length_to_run if (len != 72) { PrintAndLogEx(DEBUG, "DEBUG: Error - gProxII spacer removal did not produce 72 bits: %zu, start: %zu", len, startIdx); return PM3_ESOFT; } + // get key and then get all 8 bytes of payload decoded xorKey = (uint8_t)bytebits_to_byteLSBF(bits_no_spacer, 8); for (size_t idx = 0; idx < 8; idx++) { - ByteStream[idx] = ((uint8_t)bytebits_to_byteLSBF(bits_no_spacer + 8 + (idx * 8), 8)) ^ xorKey; - PrintAndLogEx(DEBUG, "DEBUG: gProxII byte %zu after xor: %02x", idx, ByteStream[idx]); + plain[idx] = ((uint8_t)bytebits_to_byteLSBF(bits_no_spacer + 8 + (idx * 8), 8)) ^ xorKey; + PrintAndLogEx(DEBUG, "DEBUG: gProxII byte %zu after xor: %02x", idx, plain[idx]); } setDemodBuff(DemodBuffer, 96, preambleIndex); setClockGrid(g_DemodClock, g_DemodStartIdx + (preambleIndex * g_DemodClock)); - //ByteStream contains 8 Bytes (64 bits) of decrypted raw tag data - uint8_t fmtLen = ByteStream[0] >> 2; + //plain contains 8 Bytes (64 bits) of decrypted raw tag data + uint8_t fmtLen = plain[0] >> 2; uint32_t FC = 0; uint32_t Card = 0; //get raw 96 bits to print @@ -128,12 +131,12 @@ static int CmdGuardDemod(const char *Cmd) { bool unknown = false; switch (fmtLen) { case 36: - FC = ((ByteStream[3] & 0x7F) << 7) | (ByteStream[4] >> 1); - Card = ((ByteStream[4] & 1) << 19) | (ByteStream[5] << 11) | (ByteStream[6] << 3) | (ByteStream[7] >> 5); + FC = ((plain[3] & 0x7F) << 7) | (plain[4] >> 1); + Card = ((plain[4] & 1) << 19) | (plain[5] << 11) | (plain[6] << 3) | ((plain[7] & 0xE0) >> 5); break; case 26: - FC = ((ByteStream[3] & 0x7F) << 1) | (ByteStream[4] >> 7); - Card = ((ByteStream[4] & 0x7F) << 9) | (ByteStream[5] << 1) | (ByteStream[6] >> 7); + FC = ((plain[3] & 0x7F) << 1) | (plain[4] >> 7); + Card = ((plain[4] & 0x7F) << 9) | (plain[5] << 1) | (plain[6] >> 7); break; default : unknown = true; @@ -309,14 +312,12 @@ int getGuardBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *guardBits) { break; } case 36: { - // FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1); - // Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5); rawbytes[1] = (36 << 2); - // Get 26 wiegand from FacilityCode, CardNumber - uint8_t wiegand[34]; + // Get wiegand from FacilityCode 14bits, CardNumber 20bits + uint8_t wiegand[36]; memset(wiegand, 0x00, sizeof(wiegand)); - num_to_bytebits(fc, 8, wiegand); - num_to_bytebits(cn, 26, wiegand + 8); + num_to_bytebits(fc, 14, wiegand); + num_to_bytebits(cn, 20, wiegand + 14); // add wiegand parity bits (dest, source, len) wiegand_add_parity(pre, wiegand, 34); @@ -351,28 +352,27 @@ int getGuardBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *guardBits) { rawbytes[3] = 0; // add wiegand to rawbytes - for (i = 0; i < 4; ++i) + for (i = 0; i < 5; ++i) rawbytes[i + 4] = bytebits_to_byte(pre + (i * 8), 8); - PrintAndLogEx(DEBUG, " WIE | %s\n", sprint_hex(rawbytes, sizeof(rawbytes))); - - + PrintAndLogEx(DEBUG, " WIE | %s", sprint_hex(rawbytes, sizeof(rawbytes))); + // XOR (only works on wiegand stuff) - for (i = 1; i < 12; ++i) + for (i = 1; i < sizeof(rawbytes); ++i) rawbytes[i] ^= xorKey ; - PrintAndLogEx(DEBUG, " XOR | %s \n", sprint_hex(rawbytes, sizeof(rawbytes))); + PrintAndLogEx(DEBUG, " XOR | %s", sprint_hex(rawbytes, sizeof(rawbytes))); // convert rawbytes to bits in pre - for (i = 0; i < 12; ++i) + for (i = 0; i < sizeof(rawbytes); ++i) num_to_bytebitsLSBF(rawbytes[i], 8, pre + (i * 8)); - PrintAndLogEx(DEBUG, "\n Raw | %s \n", sprint_hex(rawbytes, sizeof(rawbytes))); - PrintAndLogEx(DEBUG, " Raw | %s\n", sprint_bin(pre, 64)); + PrintAndLogEx(DEBUG, " Raw | %s", sprint_hex(rawbytes, sizeof(rawbytes))); + PrintAndLogEx(DEBUG, " Raw | %s", sprint_bin(pre, 96)); // add spacer bit 0 every 4 bits, starting with index 0, - // 12 bytes, 24 nibbles. 24+1 extra bites. 3bytes. ie 9bytes | 1byte xorkey, 8bytes rawdata (64bits, should be enough for a 40bit wiegand) - addParity(pre, guardBits + 6, 64, 5, 3); + // 12 bytes, 24 nibbles. 24+1 extra bites. 3bytes. ie 9bytes | 1byte xorkey, 8bytes rawdata (72bits, should be enough for a 40bit wiegand) + addParity(pre, guardBits + 6, 72, 5, 3); // preamble guardBits[0] = 1;