From b299a31ad791346b6510e1b20a8cfd7e1f9a4acc Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 14 Jan 2020 19:44:29 +0100 Subject: [PATCH] Added: 'lf nextwatch sim' - use rawhex to simulate --- CHANGELOG.md | 1 + client/cmdlfnexwatch.c | 96 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 85 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10e90cc71..06d3005be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Added `lf nexwatch sim` - use raw hex to simulate (@iceman1001) - Fix `lf indala read` - long id 224bits preamble identification less strict (@iceman1001) - Added `hf mf staticnested` - useful when targeting the strange cards with a static nonce. (@iceman100) Thanks to @xtigmh @uzlonewolf for their solutions. - Added `hf plot` (@pwpiwi) diff --git a/client/cmdlfnexwatch.c b/client/cmdlfnexwatch.c index 58ec81852..69f429ab6 100644 --- a/client/cmdlfnexwatch.c +++ b/client/cmdlfnexwatch.c @@ -10,17 +10,19 @@ #include "cmdlfnexwatch.h" #include // PRIu +#include #include // tolower +#include // free, alloc #include "commonutil.h" // ARRAYLEN -#include "cmdparser.h" // command_t +#include "cmdparser.h" // command_t #include "comms.h" #include "ui.h" -#include "cmddata.h" // preamblesearch +#include "cmddata.h" // preamblesearch #include "cmdlf.h" #include "lfdemod.h" -#include "protocols.h" // t55xx defines -#include "cmdlft55xx.h" // clone.. +#include "protocols.h" // t55xx defines +#include "cmdlft55xx.h" // clone.. static int CmdHelp(const char *Cmd); @@ -29,16 +31,30 @@ static int usage_lf_nexwatch_clone(void) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Usage: lf nexwatch clone [h] [b ]"); PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " h : this help"); - PrintAndLogEx(NORMAL, " b : raw hex data. 12 bytes max"); + PrintAndLogEx(NORMAL, " h : this help"); + PrintAndLogEx(NORMAL, " r : raw hex data. 16 bytes max"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf nexwatch clone b 5600000000213C9F8F150C0000000000"); + PrintAndLogEx(NORMAL, " lf nexwatch clone r 5600000000213C9F8F150C0000000000"); + return PM3_SUCCESS; +} + +static int usage_lf_nexwatch_sim(void) { + PrintAndLogEx(NORMAL, "Enables simulation of Nexwatch card"); + PrintAndLogEx(NORMAL, "Simulation runs until the button is pressed or another USB command is issued."); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf nexwatch sim [h] "); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h : this help"); + PrintAndLogEx(NORMAL, " r : raw hex data. 16 bytes max"); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " lf nexwatch sim r 5600000000213C9F8F150C0000000000"); return PM3_SUCCESS; } static int CmdNexWatchDemod(const char *Cmd) { - (void)Cmd; // Cmd is not used so far + (void)Cmd; if (PSKDemod("", false) != PM3_SUCCESS) { PrintAndLogEx(DEBUG, "DEBUG: Error - NexWatch can't demod signal"); @@ -88,14 +104,17 @@ static int CmdNexWatchDemod(const char *Cmd) { DemodBuffer[i] ^= 1; } + // bits to hex CmdPrintDemodBuff("x"); + //PrintAndLogEx(INFO, "Raw: %s", sprint_hex_inrow(DemodBuffer, DemodBufferLen)); + return PM3_SUCCESS; } //by marshmellow //see ASKDemod for what args are accepted static int CmdNexWatchRead(const char *Cmd) { - lf_read(false, 10000); + lf_read(false, 20000); return CmdNexWatchDemod(Cmd); } @@ -111,7 +130,7 @@ static int CmdNexWatchClone(const char *Cmd) { switch (tolower(param_getchar(Cmd, cmdp))) { case 'h': return usage_lf_nexwatch_clone(); - case 'b': { + case 'r': { // skip first block, 4*4 = 16 bytes left uint8_t rawhex[16] = {0}; int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); @@ -144,11 +163,64 @@ static int CmdNexWatchClone(const char *Cmd) { } static int CmdNexWatchSim(const char *Cmd) { - PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + + uint8_t cmdp = 0; + bool errors = false; + int rawlen = 0; + uint8_t rawhex[16] = {0}; + uint32_t rawblocks[4]; + uint8_t bs[128]; + memset(bs, 0, sizeof(bs)); + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_nexwatch_clone(); + case 'r': { + int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &rawlen); + if (res != 0) + errors = true; + + cmdp += 2; + break; + } + default: + PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (errors || cmdp == 0) return usage_lf_nexwatch_sim(); + + // hex to bits. + for (size_t i = 0; i < ARRAYLEN(rawblocks); i++) { + rawblocks[i] = bytes_to_num(rawhex + (i * sizeof(uint32_t)), sizeof(uint32_t)); + num_to_bytebits(rawblocks[i], sizeof(uint32_t) * 8, bs + (i * sizeof(uint32_t) * 8)); + } + + PrintAndLogEx(SUCCESS, "Simulating NexWatch - raw: %s", sprint_hex_inrow(rawhex, rawlen)); + + lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + sizeof(bs)); + payload->carrier = 2; + payload->invert = 0; + payload->clock = 32; + memcpy(payload->data, bs, sizeof(bs)); + + clearCommandBuffer(); + SendCommandNG(CMD_LF_PSK_SIMULATE, (uint8_t *)payload, sizeof(lf_psksim_t) + sizeof(bs)); + free(payload); + + PacketResponseNG resp; + WaitForResponse(CMD_LF_PSK_SIMULATE, &resp); + + PrintAndLogEx(INFO, "Done"); + if (resp.status != PM3_EOPABORTED) + return resp.status; + return PM3_SUCCESS; } - static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"demod", CmdNexWatchDemod, AlwaysAvailable, "Demodulate a NexWatch tag (nexkey, quadrakey) from the GraphBuffer"},