Standalone mode: Adding Legic Prime read/sim run

This commit adds a standalone mode for Legic Prime.
It reads and simulates a Legic tag.
Tested with MIM1024 tags.
MIM256 and MIM512 should work to. We just read the data and for simulating
we pretend to be a MIM1024 card.

Co-authored-by: Stefanie Hofmann <>

armsrc/Standalone/Makefile.hal

@@ -50,7 +50,7 @@ define KNOWN_STANDALONE_DEFINITIONS
 endef
 
 STANDALONE_MODES := LF_SAMYRUN LF_ICERUN LF_PROXBRUTE LF_HIDBRUTE LF_ICEHID LF_EM4100EMUL LF_EM4100RWC
-STANDALONE_MODES += HF_YOUNG HF_MATTYRUN HF_COLIN HF_BOG HF_14ASNIFF
+STANDALONE_MODES += HF_YOUNG HF_MATTYRUN HF_COLIN HF_BOG HF_14ASNIFF HF_LEGIC
 STANDALONE_MODES_REQ_SMARTCARD :=
 STANDALONE_MODES_REQ_FLASH := HF_COLIN HF_BOG HF_14ASNIFF LF_ICEHID
 ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),)

armsrc/Standalone/Makefile.inc

@@ -48,4 +48,8 @@ endif
 # WITH_STANDALONE_LF_EM4100RWC
 ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RWC,$(APP_CFLAGS)))
     SRC_STANDALONE = lf_em4100rwc.c
-endif
+endif
+# WITH_STANDALONE_HF_LEGIC
+ifneq (,$(findstring WITH_STANDALONE_HF_LEGIC,$(APP_CFLAGS)))
+   SRC_STANDALONE = hf_legic.c
+endif

armsrc/Standalone/hf_legic.c

@@ -0,0 +1,81 @@
+//-----------------------------------------------------------------------------
+// Stefanie Hofmann, 2020
+// Uli Heilmeier, 2020
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// main code for Legic Prime read/sim
+//-----------------------------------------------------------------------------
+#include "standalone.h"
+#include "proxmark3_arm.h"
+#include "appmain.h"
+#include "fpgaloader.h"
+#include "util.h"
+#include "dbprint.h"
+#include "ticks.h"
+
+#include "legicrf.h"
+#include "legicrfsim.h"
+
+void ModInfo(void) {
+  DbpString("  HF Legic Prime standalone  ");
+}
+
+// Searching for Legic card until found and read.
+// Simulating recorded Legic Prime card.
+// C = Searching
+// A, B, C = Reading
+// A, D = Simulating
+
+void RunMod(){
+  StandAloneMode();
+  FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+  Dbprintf(">>  HF Legic Prime Read/Simulate Started  <<");
+
+  int read_success;
+  for(;;){
+    WDT_HIT();
+
+    //exit from hf_legic,  send usbcommand
+    if(data_available()) break;
+
+    //Was our button held down or pressed?
+    int button_pressed = BUTTON_HELD(280);
+    if(button_pressed != BUTTON_HOLD) continue;
+
+    LED_A_OFF();
+    LED_B_OFF();
+    LED_C_ON();
+    LED_D_OFF();
+
+    WAIT_BUTTON_RELEASED();
+
+    //record
+    DbpString("[=] start recording");
+
+    //search for legic card until reading successfull or button pressed
+    do{
+      LED_C_ON();
+      SpinDelay(1000);
+      // We don't care if we read a MIM256, MIM512 or MIM1024
+      // we just read 1024 bytes
+      LegicRfReader(0, 1024, 0x55);
+      read_success = check_success();
+      }while(read_success == 0 && !BUTTON_PRESS());
+
+    //simulate if read successfully
+    if(read_success == 1){
+      LED_A_OFF();
+      LED_B_OFF();
+      LED_C_OFF();
+      LED_D_ON();
+      // The read data is migrated to a MIM1024 card
+      LegicRfSimulate(2);
+    }else{
+      LEDsoff();
+      WAIT_BUTTON_RELEASED();
+    }
+  }
+}

armsrc/legicrf.c

@@ -28,6 +28,7 @@
 static uint8_t *legic_mem;      /* card memory, used for read, write */
 static legic_card_select_t card;/* metadata of currently selected card */
 static crc_t legic_crc;
+int read_success = 0;
 
 //-----------------------------------------------------------------------------
 // Frame timing and pseudorandom number generator
@@ -444,6 +445,7 @@ OUT:
 void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv) {
     // configure ARM and FPGA
     init_reader(false);
+    read_success = 0;
 
     // establish shared secret and detect card type
     uint8_t card_type = setup_phase(iv);
@@ -467,6 +469,7 @@ void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv) {
     }
 
     // OK
+    read_success = 1;
     reply_old(CMD_ACK, 1, len, 0, legic_mem, len);
 
 OUT:
@@ -512,3 +515,5 @@ OUT:
     switch_off();
     StopTicks();
 }
+
+int check_success(void){return read_success;}

armsrc/legicrf.h

@@ -17,5 +17,5 @@
 void LegicRfInfo(void);
 void LegicRfReader(uint16_t offset, uint16_t len, uint8_t iv);
 void LegicRfWriter(uint16_t offset, uint16_t len, uint8_t iv, uint8_t *data);
-
+int check_success(void);
 #endif /* __LEGICRF_H */