RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-21 07:46:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7 from RfidResearchGroup/master

Browse source 
Update
This commit is contained in:
Bjoern Kerler 2020-06-24 07:06:02 +02:00 committed by GitHub
parent 70933c359d b545109800
commit f74b87c9ea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
63 changed files with 2811 additions and 806 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased]
- Added lf em functions: 4x50_info, 4x50_write, 4x50_write_password (@tharexde)
- Fix em4x50 demodulation error (@tharexde)
- Fix `hf mfdes` authentification issues, DES working (@bkerler)
- Add Android cross-compilation to client cmake (@dxl, @doegox)
- Fix `emv scan` - now saves in current folder and uses unique names (@iceman1001)

2
README.md
View file

@ -33,7 +33,7 @@
|[Notes on external flash](/doc/ext_flash_notes.md)|[Notes on loclass](/doc/loclass_notes.md)|[Notes on Coverity Scan Config & Run](/doc/md/Development/Coverity-Scan-Config-%26-Run.md)|
|[Notes on file formats used with Proxmark3](/doc/extensions_notes.md)|[Notes on MFU binary format](/doc/mfu_binary_format_notes.md)|[Notes on FPGA & ARM](/doc/fpga_arm_notes.md)|
|[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode)||
|[Notes on Color usage](/doc/colors_notes.md)||
|[Notes on Color usage](/doc/colors_notes.md)|[Makefile vs CMake](/doc/md/Development/Makefile-vs-CMake.md)|
## Build for non-RDV4 Proxmark3 platforms

268
appveyor.yml
View file

@ -1,5 +1,5 @@
version: 3.0.1.{build}
image: Visual Studio 2017
image: Visual Studio 2019
clone_folder: C:\ProxSpace\pm3
init:
- ps: >-
@ -7,7 +7,6 @@ init:
#Get-ChildItem Env:
$releasename=""
$env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)
@ -23,11 +22,12 @@ init:
Add-AppveyorMessage -Message "[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)" -Category Information -Details "repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename"
# iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
clone_script:
- ps: >-
Write-Host "Removing ProxSpace..." -NoNewLine
$CloneTime=[System.Environment]::TickCount
cd \
@ -152,24 +152,15 @@ clone_script:
ExecUpdate "update2" "C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start /dev/null" "terminate?MSYS2"
Add-AppveyorMessage -Message "ProxSpace download and update took $(([System.Environment]::TickCount-$CloneTime) / 1000) sec" -Category Information
Write-Host "Update " -NoNewLine
Write-Host "[ OK ]" -ForegroundColor Green
install:
- ps: >-
function Exec-External {
param(
[Parameter(Position=0,Mandatory=1)][scriptblock] $command
)
& $command
if ($LASTEXITCODE -ne 0) {
throw ("Command returned non-zero error-code ${LASTEXITCODE}: $command")
}
}
build_script:
- ps: >-
"C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;$env:Path"
$env:Path="C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;c:\Python38;c:\Python38\Scripts;$env:Path"
$env:MINGW_HOME="C:\ProxSpace\msys2\mingw32"
@ -185,9 +176,13 @@ build_script:
cd C:\ProxSpace\pm3
Write-Host "---------- make ----------" -ForegroundColor Yellow
$TestTime=[System.Environment]::TickCount
#make
bash -c -i 'pwd;make clean;make V=1'
bash -c -i 'echo $PATH;pwd;make clean;make V=1'
#some checks
@ -198,206 +193,75 @@ build_script:
}
if(!(Test-Path C:\ProxSpace\pm3\armsrc\obj\fullimage.elf)){
cd c:\ProxSpace\pm3
throw "ARM file fullimage.elf not exists."
bash -c -i 'make check'
$testspass = ($LASTEXITCODE -eq 0)
$global:TestsPassed=$testspass
if ($testspass) {
Add-AppveyorTest -Name "make Tests" -Framework NUnit -Filename "make check" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)"
Write-Host "make Tests [ OK ]" -ForegroundColor Green
} else {
Add-AppveyorTest -Name "make Tests" -Framework NUnit -Filename "make check" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)"
Write-Host "make Tests [ ERROR ]" -ForegroundColor Red
throw "Tests error."
}
Write-Host "---------- btaddon ----------" -ForegroundColor Yellow
$TestTime=[System.Environment]::TickCount
if(!(Test-Path C:\ProxSpace\pm3\client\resources\hardnested_tables\*.bin.bz2)){
throw "Files in client\resources\hardnested_tables is not exists."
}
#install
Write-Host "Installing..." -NoNewLine -ForegroundColor Yellow
New-Item -ItemType Directory -Force -Path C:\ProxSpace\pm3\Release\bin
bash -c -i 'make install DESTDIR=Release PREFIX='
# dll files
Copy-Item C:\ProxSpace\msys2\mingw32\bin\libgcc_s_dw2-1.dll C:\ProxSpace\pm3\Release\bin
Copy-Item C:\ProxSpace\msys2\mingw32\bin\libstdc++-6.dll C:\ProxSpace\pm3\Release\bin
Copy-Item C:\ProxSpace\msys2\mingw32\bin\libwinpthread-1.dll C:\ProxSpace\pm3\Release\bin
Copy-Item C:\ProxSpace\msys2\mingw32\bin\Qt5Core.dll C:\ProxSpace\pm3\Release\bin
Copy-Item C:\ProxSpace\msys2\mingw32\bin\Qt5Gui.dll C:\ProxSpace\pm3\Release\bin
Copy-Item C:\ProxSpace\msys2\mingw32\bin\Qt5Widgets.dll C:\ProxSpace\pm3\Release\bin
Copy-Item C:\ProxSpace\msys2\mingw32\bin\libreadline*.dll C:\ProxSpace\pm3\Release\bin
Copy-Item C:\ProxSpace\msys2\mingw32\bin\libtermcap-0.dll C:\ProxSpace\pm3\Release\bin
Write-Host "[ OK ]" -ForegroundColor Green
#archive and push
$releasename=""
if ($env:appveyor_repo_tag -match "true"){
$releasename=$env:APPVEYOR_REPO_TAG_NAME + "/"
}
$releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + "]"
Write-Host "Archive and publish release files ($releasename)..." -NoNewLine -ForegroundColor Yellow
cd C:\ProxSpace
7z a release.zip C:\ProxSpace\pm3\Release
Push-AppveyorArtifact release.zip -DeploymentName "$releasename"
Write-Host "[ OK ]" -ForegroundColor Green
Write-Host "Builded..." -ForegroundColor Yellow
test_script:
- ps: >-
$env:Path = "C:\ProxSpace\msys\bin;$env:Path"
bash -c -i 'pwd;make clean;make PLATFORM_EXTRAS=BTADDON'
cd c:\ProxSpace\pm3
bash -c -i 'make check'
$global:TestsPassed=$true
$testspass = ($LASTEXITCODE -eq 0)
Function ExecTest($Name, $File, $Cmd, $CheckResult) {
$global:TestsPassed=(($global:TestsPassed) -and ($testspass))
#--- begin Job
$Job = Start-Job -ScriptBlock {
[bool]$res=$false
$TestTime=[System.Environment]::TickCount
$env:Path = "C:\ProxSpace\msys\bin;$env:Path"
Set-Location $using:PWD
$sb=[scriptblock]::Create("$using:Cmd")
#execute scriptblock
Write-host "Test [$using:Name] job: $using:Cmd"
$Cond=&$sb
if ($Cond -eq $null){
} ElseIf($using:CheckResult -ne $null) {
[String]$searchstr=""
if ($Cond -is [Object]){
ForEach($line in $Cond){
Write-host $line -ForegroundColor Gray
$searchstr += $line
}
}else{
Write-host "$Cond" -ForegroundColor Gray
$searchstr = $Cond
}
If($searchstr -like "*$using:CheckResult*") {
$res=$true
}
$Cond="*$using:CheckResult*"
} Else {
If (!($Cond -is [bool] -or $Cond -is [byte] -or $Cond -is [int16] -or $Cond -is [int32] -or $Cond -is [int64] -or $Cond -is [float])){
if ($Cond -is "String" -and $Cond -like "*passed*"){
$res= $true
}
if ($Cond -is "String" -and $Cond -like "*true*"){
$res= $true
}
ForEach($line in $Cond){
if ($line -like "*passed*"){
$res = $true
$Cond = $line
break
}
}
} Else {
$res=$Cond
}
}
If ($res) {
Write-host "Result[$using:Name]: $Cond" -ForegroundColor Green
Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)"
}Else {
Write-host "Result[$using:Name]: $Cond" -ForegroundColor Red
Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" -ErrorMessage "command:$using:Cmd`nresult:$Cond"
}
return $res
if ($testspass) {
Add-AppveyorTest -Name "BTaddon Tests" -Framework NUnit -Filename "make check" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)"
Write-Host "BTaddon Tests [ OK ]" -ForegroundColor Green
} else {
Add-AppveyorTest -Name "BTaddon Tests" -Framework NUnit -Filename "make check" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)"
Write-Host "BTaddon Tests [ ERROR ]" -ForegroundColor Red
}
Write-Host "---------- make clean ----------" -ForegroundColor Yellow
bash -c -i 'make clean'
Write-Host "---------- cmake ----------" -ForegroundColor Yellow
$TestTime=[System.Environment]::TickCount
#--- end Job
cmd.exe /c 'C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start -c "mkdir -p client/build; cd client/build; cmake -G""MSYS Makefiles"" ..; make VERBOSE=1;"'
Write-Host "---------- cmake tests ----------" -ForegroundColor Yellow
[bool]$res=$false
# Wait 180 sec timeout for Job
if(Wait-Job $Job -Timeout 180){
$Results = $Job | Receive-Job
if($Results -like "true"){
$res=$true
}
} else {
Write-host "Test [$Name] timeout" -ForegroundColor Red
Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration 60000 -ErrorMessage "timeout"
}
Remove-Job -Force $Job
cd c:\ProxSpace\pm3
if(!$res){
Write-host "--------------------- tests fail" -ForegroundColor Red
$global:TestsPassed=$false
}
bash -c -i './tools/pm3_tests.sh --clientbin client/build/proxmark3.exe client'
$testspass = ($LASTEXITCODE -eq 0)
$global:TestsPassed=(($global:TestsPassed) -and ($testspass))
if ($testspass) {
Add-AppveyorTest -Name "cmake Tests" -Framework NUnit -Filename "make client/check" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)"
Write-Host "cmake Tests [ OK ]" -ForegroundColor Green
} else {
Add-AppveyorTest -Name "cmake Tests" -Framework NUnit -Filename "make client/check" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)"
Write-Host "cmake Tests [ ERROR ]" -ForegroundColor Red
}
Write-Host "Running tests..." -ForegroundColor Yellow
#file test
ExecTest "proxmark3 exists" "proxmark3.exe" {Test-Path C:\ProxSpace\pm3\Release\bin\proxmark3.exe}
ExecTest "arm bootrom exists" "bootrom.elf" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\firmware\bootrom.elf}
ExecTest "arm image exists" "fullimage.elf" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\firmware\fullimage.elf}
ExecTest "arm recovery image exists" "proxmark3_recovery.bin" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\firmware\proxmark3_recovery.bin}
ExecTest "hardnested tables exists" "hardnested" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\resources\hardnested_tables\*.bz2}
ExecTest "release exists" "release.zip" {Test-Path C:\ProxSpace\release.zip}
#proxmark logic tests
ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;./proxmark3 -h 2>&1 | grep -q wait && echo passed || echo failed'}
ExecTest "proxmark help text ISO7816" "proxmark3 -t" {bash -lc 'cd ~/client;./proxmark3 -t 2>&1 | grep -q ISO7816 && echo passed || echo failed'}
ExecTest "proxmark help text hardnested" "proxmark3 -t" {bash -lc 'cd ~/client;./proxmark3 -t 2>&1 | grep -q hardnested && echo passed || echo failed'}
ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;./proxmark3 -c 'hf mf'"} "at_enc"
#proxmark crypto tests
# Long tests:
# ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;./proxmark3 -c 'hf mf hardnested t 1 000000000000'"} "found:"
# ExecTest "hf mf iclass" "hf mf iclass" {bash -lc "cd ~/client;./proxmark3 -c 'hf iclass loclass t l'"} "verified ok"
# ExecTest "emv test" "emv test" {bash -lc "cd ~/client;./proxmark3 -c 'emv test -i -l'"} "Test?s? ? OK"
# Short tests:
ExecTest "hf mf iclass" "hf mf iclass" {bash -lc "cd ~/client;./proxmark3 -c 'hf iclass loclass t'"} "OK!"
ExecTest "emv test" "emv test" {bash -lc "cd ~/client;./proxmark3 -c 'emv test -i'"} "Test?s? ? OK"
test_script:
- ps: >-
if ($global:TestsPassed) {
Write-Host "Tests [ OK ]" -ForegroundColor Green
} else {
@ -409,4 +273,4 @@ on_success:
on_failure:
- ps: Write-Host "Build error." -ForegroundColor Red
on_finish:
- ps: # $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
- ps: # $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))

2
armsrc/BigBuf.c
View file

@ -19,7 +19,7 @@ extern uint8_t _stack_start, __bss_end__;
// BigBuf is the large multi-purpose buffer, typically used to hold A/D samples or traces.
// Also used to hold various smaller buffers and the Mifare Emulator Memory.
// We know that bss is aligned to 4 bytes.
static uint8_t* BigBuf = &__bss_end__;
static uint8_t *BigBuf = &__bss_end__;
/* BigBuf memory layout:
Pointer to highest available memory: BigBuf_hi

7
armsrc/Makefile
View file

@ -63,6 +63,12 @@ else
SRC_HITAG =
endif
ifneq (,$(findstring WITH_EM4x50,$(APP_CFLAGS)))
SRC_EM4x50 = em4x50.c
else
SRC_EM4x50 =
endif
ifneq (,$(findstring WITH_LCD,$(APP_CFLAGS)))
SRC_LCD = fonts.c LCD.c
else
@ -99,6 +105,7 @@ THUMBSRC = start.c \
$(SRC_SMARTCARD) \
$(SRC_FPC) \
$(SRC_HITAG) \
$(SRC_EM4x50) \
$(SRC_SPIFFS) \
$(SRC_ISO14443a) \
$(SRC_ISO14443b) \

10
armsrc/Standalone/lf_em4100rswb.c
View file

@ -39,7 +39,6 @@
#include "proxmark3_arm.h"
#include "appmain.h"
#include "fpgaloader.h"
#include "lfops.h"
#include "util.h"
#include "dbprint.h"
#include "ticks.h"
@ -48,6 +47,7 @@
#include "spiffs.h"
#include "inttypes.h"
#include "parity.h"
#include "lfops.h"
#ifdef WITH_FLASH
#include "flashmem.h"
@ -205,7 +205,7 @@ static void PrintFcAndCardNum(uint64_t lowData) {
Dbprintf("[=] READ TAG ID: %"PRIx64" - FC: %u - Card: %u", lowData, fc, cardnum);
}
static int ButeEMTag(uint64_t originalCard, int slot) {
static int BruteEMTag(uint64_t originalCard, int slot) {
int speed_count = 4;
int direction = 1;
@ -256,7 +256,7 @@ static int ExecuteMode(int mode, int slot) {
//default first mode is simulate
case LF_RWSB_MODE_READ:
Dbprintf("[=] >> Read mode started <<");
CmdEM410xdemod(1, &high[slot], &low[slot], 0);
lf_em410x_watch(1, &high[slot], &low[slot]);
LED_Update(mode, slot);
Dbprintf("[=] >> Tag found. Saving. <<");
FlashLEDs(100, 5);
@ -272,11 +272,11 @@ static int ExecuteMode(int mode, int slot) {
return LF_RWSB_UNKNOWN_RESULT;
case LF_RWSB_MODE_WRITE:
Dbprintf("[!!] >> Write mode started <<");
WriteEM410x(LF_RWSB_T55XX_TYPE, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff));
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff));
return LF_RWSB_UNKNOWN_RESULT;
case LF_RWSB_MODE_BRUTE:
Dbprintf("[=] >> Bruteforce mode started <<");
return ButeEMTag(low[slot], slot);
return BruteEMTag(low[slot], slot);
}
return LF_RWSB_UNKNOWN_RESULT;
}

78
armsrc/Standalone/lf_em4100rwc.c
View file

@ -48,7 +48,7 @@ void ModInfo(void) {
DbpString(" LF EM4100 read/write/clone mode");
}
static uint64_t ReversQuads(uint64_t bits) {
static uint64_t rev_quads(uint64_t bits) {
uint64_t result = 0;
for (int i = 0; i < 16; i++) {
result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i);
@ -56,35 +56,41 @@ static uint64_t ReversQuads(uint64_t bits) {
return result >> 24;
}
static void FillBuff(uint8_t bit) {
static void fillbuff(uint8_t bit) {
memset(bba + buflen, bit, CLOCK / 2);
buflen += (CLOCK / 2);
memset(bba + buflen, bit ^ 1, CLOCK / 2);
buflen += (CLOCK / 2);
}
static void ConstructEM410xEmulBuf(uint64_t id) {
static void construct_EM410x_emul(uint64_t id) {
int i, j, binary[4], parity[4];
int binary[4] = {0};
int parity[4] = {0};
buflen = 0;
for (i = 0; i < 9; i++)
FillBuff(1);
parity[0] = parity[1] = parity[2] = parity[3] = 0;
for (i = 0; i < 10; i++) {
for (j = 3; j >= 0; j--, id /= 2)
for (uint8_t i = 0; i < 9; i++)
fillbuff(1);
for (uint8_t i = 0; i < 10; i++) {
for (uint8_t j = 3; j > 0; j--, id /= 2)
binary[j] = id % 2;
for (j = 0; j < 4; j++)
FillBuff(binary[j]);
FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
for (j = 0; j < 4; j++)
for (uint8_t j = 0; j < 4; j++)
fillbuff(binary[j]);
fillbuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
for (uint8_t j = 0; j < 4; j++)
parity[j] ^= binary[j];
}
for (j = 0; j < 4; j++)
FillBuff(parity[j]);
FillBuff(0);
for (uint8_t j = 0; j < 4; j++)
fillbuff(parity[j]);
fillbuff(0);
}
static void LED_Slot(int i) {
static void led_slot(int i) {
LEDsoff();
if (slots_count > 4) {
LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4
@ -93,8 +99,8 @@ static void LED_Slot(int i) {
}
}
static void FlashLEDs(uint32_t speed, uint8_t times) {
for (int i = 0; i < times * 2; i++) {
static void flash_leds(uint32_t speed, uint8_t times) {
for (uint16_t i = 0; i < times * 2; i++) {
LED_A_INV();
LED_B_INV();
LED_C_INV();
@ -132,24 +138,28 @@ void RunMod(void) {
uint8_t state = 0;
slots_count = ARRAYLEN(low);
bba = BigBuf_get_addr();
LED_Slot(selected);
led_slot(selected);
for (;;) {
WDT_HIT();
if (data_available()) break;
int button_pressed = BUTTON_HELD(1000);
SpinDelay(300);
switch (state) {
case 0:
// Select mode
if (button_pressed == BUTTON_HOLD) {
// Long press - switch to simulate mode
SpinUp(100);
LED_Slot(selected);
led_slot(selected);
state = 2;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - switch to next slot
selected = (selected + 1) % slots_count;
LED_Slot(selected);
led_slot(selected);
}
break;
case 1:
@ -157,12 +167,12 @@ void RunMod(void) {
if (button_pressed == BUTTON_HOLD) {
// Long press - switch to read mode
SpinUp(100);
LED_Slot(selected);
led_slot(selected);
state = 3;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - exit to select mode
CmdEM410xdemod(1, &high[selected], &low[selected], 0);
FlashLEDs(100, 5);
lf_em410x_watch(1, &high[selected], &low[selected]);
flash_leds(100, 5);
#ifdef WITH_FLASH
SaveIDtoFlash(selected, low[selected]);
#endif
@ -174,15 +184,17 @@ void RunMod(void) {
if (button_pressed == BUTTON_HOLD) {
// Long press - switch to read mode
SpinDown(100);
LED_Slot(selected);
led_slot(selected);
state = 1;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - start simulating. Click again to exit from simulate mode
LED_Slot(selected);
ConstructEM410xEmulBuf(ReversQuads(low[selected]));
FlashLEDs(100, 5);
led_slot(selected);
construct_EM410x_emul(rev_quads(low[selected]));
flash_leds(100, 5);
SimulateTagLowFrequency(buflen, 0, 1);
LED_Slot(selected);
led_slot(selected);
state = 0; // Switch to select mode
}
break;
@ -191,12 +203,12 @@ void RunMod(void) {
if (button_pressed == BUTTON_HOLD) {
// Long press - switch to select mode
SpinDown(100);
LED_Slot(selected);
led_slot(selected);
state = 0;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - write ID to tag
WriteEM410x(0, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff));
LED_Slot(selected);
copy_em410x_to_t55xx(0, CLOCK, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff));
led_slot(selected);
state = 0; // Switch to select mode
}
break;

2
armsrc/Standalone/lf_hidbrute.c
View file

@ -75,7 +75,7 @@ void RunMod(void) {
// record
DbpString("[=] starting recording");
CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
lf_hid_watch(1, &high[selected], &low[selected]);
Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]);
LEDsoff();

19
armsrc/Standalone/lf_icehid.c
View file

@ -231,7 +231,8 @@ static uint32_t IceHIDDemod(void) {
uint32_t hi2 = 0, hi = 0, lo = 0;
// large enough to catch 2 sequences of largest format
size_t size = 50 * 128 * 2; // 12800 bytes
// size_t size = 50 * 128 * 2; // 12800 bytes
size_t size = MIN(12800, BigBuf_max_traceLen());
//uint8_t *dest = BigBuf_malloc(size);
uint8_t *dest = BigBuf_get_addr();
@ -350,30 +351,32 @@ void RunMod(void) {
uint32_t res;
// since we steal 12800 from bigbuffer, no need to sample it.
DoAcquisition_config(false, 28000);
// since we steal 12800 from bigbuffer, no need to sample it.
size_t size = MIN(28000, BigBuf_max_traceLen());
DoAcquisition_config(false, size);
res = IceHIDDemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, 28000);
DoAcquisition_config(false, size);
res = IceAWIDdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, 20000);
res = IceEM410xdemod();
DoAcquisition_config(false, size);
res = IceIOdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;
}
DoAcquisition_config(false, 28000);
res = IceIOdemod();
size = MIN(20000, BigBuf_max_traceLen());
DoAcquisition_config(false, size);
res = IceEM410xdemod();
if (res == PM3_SUCCESS) {
LED_A_OFF();
continue;

5
armsrc/Standalone/lf_proxbrute.c
View file

@ -56,9 +56,8 @@ void RunMod(void) {
DbpString("[=] starting recording");
// findone, high, low, no ledcontrol (A)
CmdHIDdemodFSK(1, &high, &low, 0);
// findone, high, low
lf_hid_watch(1, &high, &low);
Dbprintf("[=] recorded | %x%08x", high, low);

2
armsrc/Standalone/lf_samyrun.c
View file

@ -77,7 +77,7 @@ void RunMod(void) {
// findone, high, low, no ledcontrol (A)
uint32_t hi = 0, lo = 0;
CmdHIDdemodFSK(1, &hi, &lo, 0);
lf_hid_watch(1, &hi, &lo);
high[selected] = hi;
low[selected] = lo;

94
armsrc/appmain.c
View file

@ -29,6 +29,7 @@
#include "felica.h"
#include "hitag2.h"
#include "hitagS.h"
#include "em4x50.h"
#include "iclass.h"
#include "legicrfsim.h"
#include "epa.h"
@ -242,6 +243,16 @@ static uint32_t MeasureAntennaTuningLfData(void) {
return (MAX_ADC_LF_VOLTAGE * (SumAdc(ADC_CHAN_LF, 32) >> 1)) >> 14;
}
void print_stack_usage(void) {
// pointer arithmetic is times 4. (two shifts to the left)
for (uint32_t *p = &_stack_start; ; ++p) {
if (*p != 0xdeadbeef) {
Dbprintf(" Max stack usage.........%d / %d bytes", (&_stack_end - p) << 2, (&_stack_end - &_stack_start) << 2);
break;
}
}
}
void ReadMem(int addr) {
const uint8_t *data = ((uint8_t *)addr);
@ -361,12 +372,9 @@ static void SendStatus(void) {
#endif
printConnSpeed();
DbpString(_CYAN_("Various"));
for (uint32_t *p = &_stack_start; ; ++p) {
if (*p != 0xdeadbeef) {
Dbprintf(" Max stack usage so far..%d", (&_stack_end - p)*4);
break;
}
}
print_stack_usage();
Dbprintf(" DBGLEVEL................%d", DBGLEVEL);
Dbprintf(" ToSendMax...............%d", ToSendMax);
Dbprintf(" ToSendBit...............%d", ToSendBit);
@ -447,6 +455,11 @@ static void SendCapabilities(void) {
#else
capabilities.compiled_with_hitag = false;
#endif
#ifdef WITH_EM4x50
capabilities.compiled_with_em4x50 = true;
#else
capabilities.compiled_with_em4x50 = false;
#endif
#ifdef WITH_HFSNIFF
capabilities.compiled_with_hfsniff = true;
#else
@ -777,9 +790,10 @@ static void PacketReceived(PacketCommandNG *packet) {
reply_mix(CMD_ACK, bits, 0, 0, 0, 0);
break;
}
case CMD_LF_HID_DEMOD: {
case CMD_LF_HID_WATCH: {
uint32_t high, low;
CmdHIDdemodFSK(0, &high, &low, 1);
int res = lf_hid_watch(0, &high, &low);
reply_ng(CMD_LF_HID_WATCH, res, NULL, 0);
break;
}
case CMD_LF_HID_SIMULATE: {
@ -811,19 +825,29 @@ static void PacketReceived(PacketCommandNG *packet) {
CopyHIDtoT55x7(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes[0]);
break;
}
case CMD_LF_IO_DEMOD: {
case CMD_LF_IO_WATCH: {
uint32_t high, low;
CmdIOdemodFSK(0, &high, &low, 1);
int res = lf_io_watch(0, &high, &low);
reply_ng(CMD_LF_IO_WATCH, res, NULL, 0);
break;
}
case CMD_LF_EM410X_DEMOD: {
case CMD_LF_EM410X_WATCH: {
uint32_t high;
uint64_t low;
CmdEM410xdemod(packet->oldarg[0], &high, &low, 1);
int res = lf_em410x_watch(0, &high, &low);
reply_ng(CMD_LF_EM410X_WATCH, res, NULL, 0);
break;
}
case CMD_LF_EM410X_WRITE: {
WriteEM410x(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2]);
struct p {
uint8_t card;
uint8_t clock;
uint32_t high;
uint32_t low;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
int res = copy_em410x_to_t55xx(payload->card, payload->clock, payload->high, payload->low);
reply_ng(CMD_LF_EM410X_WRITE, res, NULL, 0);
break;
}
case CMD_LF_TI_READ: {
@ -925,10 +949,10 @@ static void PacketReceived(PacketCommandNG *packet) {
EM4xWriteWord(payload->address, payload->data, payload->password, payload->usepwd);
break;
}
case CMD_LF_AWID_DEMOD: {
case CMD_LF_AWID_WATCH: {
uint32_t high, low;
// Set realtime AWID demodulation
CmdAWIDdemodFSK(0, &high, &low, 1);
int res = lf_awid_watch(0, &high, &low);
reply_ng(CMD_LF_AWID_WATCH, res, NULL, 0);
break;
}
case CMD_LF_VIKING_CLONE: {
@ -982,6 +1006,21 @@ static void PacketReceived(PacketCommandNG *packet) {
}
#endif
#ifdef WITH_EM4x50
case CMD_LF_EM4X50_INFO: {
em4x50_info((em4x50_data_t *)packet->data.asBytes);
break;
}
case CMD_LF_EM4X50_WRITE: {
em4x50_write((em4x50_data_t *)packet->data.asBytes);
break;
}
case CMD_LF_EM4X50_WRITE_PASSWORD: {
em4x50_write_password((em4x50_data_t *)packet->data.asBytes);
break;
}
#endif
#ifdef WITH_ISO15693
case CMD_HF_ISO15693_ACQ_RAW_ADC: {
AcquireRawAdcSamplesIso15693();
@ -1409,7 +1448,20 @@ static void PacketReceived(PacketCommandNG *packet) {
#ifdef WITH_HFSNIFF
case CMD_HF_SNIFF: {
HfSniff(packet->oldarg[0], packet->oldarg[1]);
struct p {
uint32_t samplesToSkip;
uint32_t triggersToSkip;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
uint16_t len = 0;
int res = HfSniff(payload->samplesToSkip, payload->triggersToSkip, &len);
struct {
uint16_t len;
} PACKED retval;
retval.len = len;
reply_ng(CMD_HF_SNIFF, res, (uint8_t *)&retval, sizeof(retval));
break;
}
#endif
@ -2065,10 +2117,10 @@ void __attribute__((noreturn)) AppMain(void) {
SpinDelay(100);
BigBuf_initialize();
for (uint32_t * p = &_stack_start; p < (uint32_t *)((uintptr_t)&_stack_end - 0x200); ++p) {
for (uint32_t *p = &_stack_start; p < (uint32_t *)((uintptr_t)&_stack_end - 0x200); ++p) {
*p = 0xdeadbeef;
}
if (common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) {
/* Initialize common area */
memset(&common_area, 0, sizeof(common_area));
@ -2135,7 +2187,9 @@ void __attribute__((noreturn)) AppMain(void) {
WDT_HIT();
if (_stack_start != 0xdeadbeef) {
Dbprintf("Stack overflow detected! Please increase stack size.");
Dbprintf("Stack overflow detected! Please increase stack size, currently %d bytes", (&_stack_end - &_stack_start) << 2);
Dbprintf("Unplug your device now.");
while (1);
}
// Check if there is a packet available

1
armsrc/appmain.h
View file

@ -39,5 +39,6 @@ void ToSendReset(void);
void ListenReaderField(uint8_t limit);
void StandAloneMode(void);
void printStandAloneModes(void);
void print_stack_usage(void);
#endif

911
armsrc/em4x50.c Normal file
View file

@ -0,0 +1,911 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 tharexde
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency EM4x50 commands
//-----------------------------------------------------------------------------
#include "fpgaloader.h"
#include "ticks.h"
#include "dbprint.h"
#include "lfadc.h"
#include "commonutil.h"
#include "em4x50.h"
// 4 data bytes
// + byte with row parities
// + column parity byte
// + byte with stop bit
static em4x50_tag_t tag = {
.sectors = {
[0] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // password
[1] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // protection word
[2] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // control word
[3] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[4] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[5] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[7] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[9] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[10] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[11] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[12] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[13] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[14] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[15] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[17] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[18] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[19] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[20] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[21] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[22] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[23] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[24] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[25] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[26] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[27] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[28] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[29] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[30] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[31] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user
[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // device serial number
[33] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // device identification
},
};
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
// EM4x50 units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier)
// T0 = TIMER_CLOCK1 / 125000 = 192
#ifndef T0
#define T0 192
#endif
#define EM4X50_T_TAG_QUARTER_PERIOD 16
#define EM4X50_T_TAG_HALF_PERIOD 32
#define EM4X50_T_TAG_THREE_QUARTER_PERIOD 48
#define EM4X50_T_TAG_FULL_PERIOD 64
#define EM4X50_T_WAITING_FOR_LIW 500
#define EM4X50_T_TAG_TPP 64
#define EM4X50_T_TAG_TWA 64
#define EM4X50_TAG_TOLERANCE 8
#define EM4X50_TAG_WORD 45
#define EM4X50_BIT_0 0
#define EM4X50_BIT_1 1
#define EM4X50_BIT_OTHER 2
#define EM4X50_COMMAND_LOGIN 0x01
#define EM4X50_COMMAND_RESET 0x80
#define EM4X50_COMMAND_WRITE 0x12
#define EM4X50_COMMAND_WRITE_PASSWORD 0x11
#define EM4X50_COMMAND_SELECTIVE_READ 0x0A
#define FPGA_TIMER_0 0
int gHigh = 0;
int gLow = 0;
// auxiliary functions
static void init_tag(void) {
// initialize global tag structure
for (int i = 0; i < 34; i++)
for (int j = 0; j < 7; j++)
tag.sectors[i][j] = 0x00;
}
static uint8_t bits2byte(uint8_t *bits, int length) {
// converts <length> separate bits into a single "byte"
uint8_t byte = 0;
for (int i = 0; i < length; i++) {
byte |= bits[i];
if (i != length-1)
byte <<= 1;
}
return byte;
}
static void msb2lsb_word(uint8_t *word) {
// reorders given <word> according to EM4x50 datasheet (msb -> lsb)
uint8_t buff[4];
buff[0] = reflect8(word[3]);
buff[1] = reflect8(word[2]);
buff[2] = reflect8(word[1]);
buff[3] = reflect8(word[0]);
word[0] = buff[0];
word[1] = buff[1];
word[2] = buff[2];
word[3] = buff[3];
}
static void save_word(int pos, uint8_t bits[EM4X50_TAG_WORD]) {
// split "raw" word into data, row and column parity bits and stop bit and
// save them in global tag structure
uint8_t row_parity[4];
uint8_t col_parity[8];
// data and row parities
for (int i = 0; i < 4; i++) {
tag.sectors[pos][i] = bits2byte(&bits[9*i],8);
row_parity[i] = bits[9*i+8];
}
tag.sectors[pos][4] = bits2byte(row_parity,4);
// column parities
for (int i = 0; i < 8; i++)
col_parity[i] = bits[36+i];
tag.sectors[pos][5] = bits2byte(col_parity,8);
// stop bit
tag.sectors[pos][6] = bits[44];
}
static void wait_timer(int timer, uint32_t period) {
// do nothing for <period> using timer <timer>
if (timer == FPGA_TIMER_0) {
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
while (AT91C_BASE_TC0->TC_CV < period);
} else {
AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG;
while (AT91C_BASE_TC1->TC_CV < period);
}
}
static void em4x50_setup_read(void) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
// 50ms for the resonant antenna to settle.
SpinDelay(50);
// Now set up the SSC to get the ADC samples that are now streaming at us.
FpgaSetupSsc();
// start a 1.5ticks is 1us
StartTicks();
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, LF_DIVISOR_125);
// Connect the A/D to the peak-detected low-frequency path.
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// Steal this pin from the SSP (SPI communication channel with fpga) and
// use it to control the modulation
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
// Disable modulation at default, which means enable the field
LOW(GPIO_SSC_DOUT);
// Enable Peripheral Clock for
// TIMER_CLOCK0, used to measure exact timing before answering
// TIMER_CLOCK1, used to capture edges of the tag frames
AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1);
AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME;
// Disable timer during configuration
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS;
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS;
// TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers
AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK;
// TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers
AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK;
// Enable and reset counters
AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
// synchronized startup procedure
while (AT91C_BASE_TC0->TC_CV > 0) {}; // wait until TC1 returned to zero
// Watchdog hit
WDT_HIT();
}
// functions for "reader" use case
static void get_signalproperties(void) {
// calculate signal properties (mean amplitudes) from measured data:
// 32 amplitudes (maximum values) -> mean amplitude value -> gHigh -> gLow
int no_periods = 32, pct = 75, noise = 140;
uint8_t sample = 0, sample_ref = 127;
uint8_t sample_max_mean = 0;
uint8_t sample_max[no_periods];
uint32_t sample_max_sum = 0;
// wait until signal/noise > 1
while (AT91C_BASE_SSC->SSC_RHR < noise);
// calculate mean maximum value of 32 periods, each period has a length of
// 3 single "full periods" to eliminate the influence of a listen window
for (int i = 0; i < no_periods; i++) {
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
while (AT91C_BASE_TC0->TC_CV < T0 * 3 * EM4X50_T_TAG_FULL_PERIOD) {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
if (sample > sample_max[i])
sample_max[i] = sample;
}
sample_max_sum += sample_max[i];
}
sample_max_mean = sample_max_sum / no_periods;
// set global envelope variables
gHigh = sample_ref + pct * (sample_max_mean - sample_ref) / 100;
gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100;
}
static int get_next_bit(void) {
// returns bit value (or EM4X50_BIT_OTHER -> no bit pattern) by evaluating
// a single sample within a bit period (given there is no LIW, ACK or NAK)
// This function is not used for decoding, it is only used for identifying
// a listen window (return value = EM4X50_BIT_OTHER) in functions
// "find_double_listen_window" and "check_ack"
uint8_t sample;
// get sample at 3/4 of bit period
wait_timer(0, T0 * EM4X50_T_TAG_THREE_QUARTER_PERIOD);
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
// wait until end of bit period
wait_timer(0, T0 * EM4X50_T_TAG_QUARTER_PERIOD);
// decide wether "0" or "1"
if (sample > gHigh)
return EM4X50_BIT_0;
else if (sample < gLow)
return EM4X50_BIT_1;
return EM4X50_BIT_OTHER;
}
static uint32_t get_pulse_length(void) {
// iterates pulse length (low -> high -> low)
uint8_t sample = 0;
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
while (sample > gLow)
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG;
while (sample < gHigh)
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
while (sample > gLow)
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
return (uint32_t)AT91C_BASE_TC1->TC_CV;
}
static bool check_pulse_length(uint32_t pl, int length) {
// check if pulse length <pl> corresponds to given length <length>
if ((pl >= T0 * (length - EM4X50_TAG_TOLERANCE)) &
(pl <= T0 * (length + EM4X50_TAG_TOLERANCE)))
return true;
else
return false;
}
static void em4x50_send_bit(int bit) {
// send single bit according to EM4x50 application note and datasheet
// reset clock for the next bit
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
if (bit == 0) {
// disable modulation (drop the field) for 7 cycles of carrier
// period (Opt64)
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * 7);
// enable modulation (activates the field) for remaining first
// half of bit period
HIGH(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_HALF_PERIOD);
// disable modulation for second half of bit period
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_FULL_PERIOD);
} else {
// bit = "1" means disable modulation for full bit period
LOW(GPIO_SSC_DOUT);
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_FULL_PERIOD);
}
}
static void em4x50_send_byte(uint8_t byte) {
// send byte (without parity)
for (int i = 0; i < 8; i++)
em4x50_send_bit((byte >> (7-i)) & 1);
}
static void em4x50_send_byte_with_parity(uint8_t byte) {
// send byte followed by its (equal) parity bit
int parity = 0, bit = 0;
for (int i = 0; i < 8; i++) {
bit = (byte >> (7-i)) & 1;
em4x50_send_bit(bit);
parity ^= bit;
}
em4x50_send_bit(parity);
}
static void em4x50_send_word(const uint8_t bytes[4]) {
// send 32 bit word with parity bits according to EM4x50 datasheet
for (int i = 0; i < 4; i++)
em4x50_send_byte_with_parity(bytes[i]);
// send column parities
em4x50_send_byte(bytes[0] ^ bytes[1] ^ bytes[2] ^ bytes[3]);
// send final stop bit (always "0")
em4x50_send_bit(0);
}
static bool find_double_listen_window(bool bcommand) {
// find two successive listen windows that indicate the beginning of
// data transmission
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_WAITING_FOR_LIW) {
// identification of listen window is done via evaluation of
// pulse lengths
if (check_pulse_length(get_pulse_length(), 3 * EM4X50_T_TAG_FULL_PERIOD)) {
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
// first listen window found
if (bcommand) {
// data transmission from card has to be stopped, because
// a commamd shall be issued
// unfortunately the posititon in listen window (where
// command request has to be sent) has gone, so if a
// second window follows - sync on this to issue a command
// skip the next bit...
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_FULL_PERIOD);
// ...and check if the following bit does make sense
// (if not it is the correct position within the second
// listen window)
if (get_next_bit() == EM4X50_BIT_OTHER) {
// send RM for request mode
em4x50_send_bit(0);
em4x50_send_bit(0);
return true;
}
}
if (check_pulse_length(get_pulse_length(), 3 * EM4X50_T_TAG_FULL_PERIOD)) {
// return although second listen window consists of one
// more bit period but this period is necessary for
// evaluating further pulse lengths
return true;
}
}
}
}
return false;
}
static bool request_receive_mode(void) {
// To issue a command we have to find a listen window first.
// Because identification and sychronization at the same time is not
// possible when using pulse lengths a double listen window is used.
bool bcommand = true;
return find_double_listen_window(bcommand);
}
static bool check_ack(bool bliw) {
// returns true if signal structue corresponds to ACK, anything else is
// counted as NAK (-> false)
// Only relevant for pasword writing function:
// If <bliw> is true then within the single listen window right after the
// ack signal a RM request has to be sent.
AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG;
while (AT91C_BASE_TC0->TC_CV < T0 * 4 * EM4X50_T_TAG_FULL_PERIOD) {
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
// The received signal is either ACK or NAK.
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
// Now the signal must be ACK.
if (!bliw) {
return true;
} else {
// send RM request after ack signal
// wait for 2 bits (remaining "bit" of ACK signal + first
// "bit" of listen window)
wait_timer(FPGA_TIMER_0, T0 * 2 * EM4X50_T_TAG_FULL_PERIOD);
// check for listen window (if first bit cannot be inerpreted
// as a valid bit it must belong to a listen window)
if (get_next_bit() == EM4X50_BIT_OTHER) {
// send RM for request mode
em4x50_send_bit(0);
em4x50_send_bit(0);
return true;
}
}
}
}
}
return false;
}
static int get_word_from_bitstream(uint8_t bits[EM4X50_TAG_WORD]) {
// decodes one word by evaluating pulse lengths and previous bit;
// word must have 45 bits in total:
// 32 data bits + 4 row parity bits + 8 column parity bits + 1 stop bit
bool bbitchange = false;
int i = 0;
uint32_t pl = 0;
// initial bit value depends on last pulse length of listen window
pl = get_pulse_length();
if (check_pulse_length(pl, 3 * EM4X50_T_TAG_HALF_PERIOD)) {
// pulse length = 1.5
bits[0] = 1;
} else if (check_pulse_length(pl, 2 * EM4X50_T_TAG_FULL_PERIOD)) {
// pulse length = 2
bits[0] = 0;
bbitchange = true;
} else {
// pulse length = 2.5
bits[0] = 0;
bits[1] = 1;
i++;
}
// identify remaining bits based on pulse lengths
// between two listen windows only pulse lengths of 1, 1.5 and 2 are possible
while (true) {
i++;
pl = get_pulse_length();
if (check_pulse_length(pl, EM4X50_T_TAG_FULL_PERIOD)) {
// pulse length = 1 -> keep former bit value
bits[i] = bits[i-1];
} else if (check_pulse_length(pl, 3 * EM4X50_T_TAG_HALF_PERIOD)) {
// pulse length = 1.5 -> decision on bit change
if (bbitchange) {
// if number of pulse lengths with 1.5 periods is even -> add bit
bits[i] = (bits[i-1] == 1) ? 1 : 0;
// pulse length of 1.5 changes bit value
bits[i+1] = (bits[i] == 1) ? 0 : 1;
i++;
// next time add only one bit
bbitchange = false;
} else {
bits[i] = (bits[i-1] == 1) ? 0 : 1;
// next time two bits have to be added
bbitchange = true;
}
} else if (check_pulse_length(pl, 2 * EM4X50_T_TAG_FULL_PERIOD)) {
// pulse length of 2 means: adding 2 bits "01"
bits[i] = 0;
bits[i+1] = 1;
i++;
} else if (check_pulse_length(pl, 3 * EM4X50_T_TAG_FULL_PERIOD)) {
// pulse length of 3 indicates listen window -> clear last
// bit (= 0) and return
return --i;
}
}
}
// login function
static bool login(uint8_t password[4]) {
// simple login to EM4x50,
// used in operations that require authentication
if (request_receive_mode ()) {
// send login command
em4x50_send_byte_with_parity(EM4X50_COMMAND_LOGIN);
// send password
em4x50_send_word(password);
// check if ACK is returned
if (check_ack(false))
return true;
} else {
if (DBGLEVEL >= DBG_ERROR)
Dbprintf("error in command request");
}
return false;
}
// reset function
static bool reset(void) {
// resets EM4x50 tag (used by write function)
if (request_receive_mode ()) {
// send login command
em4x50_send_byte_with_parity(EM4X50_COMMAND_RESET);
if (check_ack(false))
return true;
} else {
if (DBGLEVEL >= DBG_ERROR)
Dbprintf("error in command request");
}
return false;
}
// read functions
static bool standard_read(int *now) {
// reads data that tag transmits when exposed to reader field
// (standard read mode); number of read words is saved in <now>
int fwr = *now;
uint8_t bits[EM4X50_TAG_WORD] = {0};
// start with the identification of two succsessive listening windows
if (find_double_listen_window(false)) {
// read and save words until following double listen window is detected
while (get_word_from_bitstream(bits) == EM4X50_TAG_WORD)
save_word((*now)++, bits);
// number of detected words
*now -= fwr;
return true;
} else {
if (DBGLEVEL >= DBG_ERROR)
Dbprintf("didn't find a listen window");
}
return false;
}
static bool selective_read(uint8_t addresses[4]) {
// reads from "first word read" (fwr = addresses[3]) to "last word read"
// (lwr = addresses[2])
// result is verified by "standard read mode"
int fwr = addresses[3]; // first word read
int lwr = addresses[2]; // last word read
int now = fwr; // number of words
if (request_receive_mode()) {
// send selective read command
em4x50_send_byte_with_parity(EM4X50_COMMAND_SELECTIVE_READ);
// send address data
em4x50_send_word(addresses);
// look for ACK sequence
if (check_ack(false))
// save and verify via standard read mode (compare number of words)
if (standard_read(&now))
if (now == (lwr - fwr + 1))
return true;
} else {
if (DBGLEVEL >= DBG_ERROR)
Dbprintf("error in command request");
}
return false;
}
void em4x50_info(em4x50_data_t *etd) {
// collects as much information as possible via selective read mode
// if no password is given -> try with standard password "0x00000000"
// otherwise continue without login
bool bsuccess = false, blogin = false;
uint8_t status = 0;
uint8_t addresses[] = {0x00, 0x00, 0x21, 0x00}; // fwr = 0, lwr = 33
uint8_t password[] = {0x00, 0x00, 0x00, 0x00}; // default password
init_tag();
em4x50_setup_read();
// set gHigh and gLow
get_signalproperties();
if (etd->pwd_given) {
// try to login with given password
blogin = login(etd->password);
} else {
// if no password is given, try to login with "0x00000000"
blogin = login(password);
}
bsuccess = selective_read(addresses);
status = (bsuccess << 1) + blogin;
lf_finalize();
reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238);
}
// write functions
static bool write(uint8_t word[4], uint8_t address) {
// writes <word> to specified <address>
if (request_receive_mode()) {
// send write command
em4x50_send_byte_with_parity(EM4X50_COMMAND_WRITE);
// send address data
em4x50_send_byte_with_parity(address);
// send data
em4x50_send_word(word);
// wait for T0 * EM4X50_T_TAG_TWA (write access time)
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA);
// look for ACK sequence
if (check_ack(false)) {
// now EM4x50 needs T0 * EM4X50_T_TAG_TWEE (EEPROM write time)
// for saving data and should return with ACK
if (check_ack(false))
return true;
}
} else {
if (DBGLEVEL >= DBG_ERROR)
Dbprintf("error in command request");
}
return false;
}
static bool write_password(uint8_t password[4], uint8_t new_password[4]) {
// changes password from <password> to <new_password>
if (request_receive_mode()) {
// send write password command
em4x50_send_byte_with_parity(EM4X50_COMMAND_WRITE_PASSWORD);
// send address data
em4x50_send_word(password);
// wait for T0 * EM4x50_T_TAG_TPP (processing pause time)
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TPP);
// look for ACK sequence and send rm request
// during following listen window
if (check_ack(true)) {
// send new password
em4x50_send_word(new_password);
// wait for T0 * EM4X50_T_TAG_TWA (write access time)
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA);
if (check_ack(false))
if (check_ack(false))
return true;
}
} else {
if (DBGLEVEL >= DBG_ERROR)
Dbprintf("error in command request");
}
return false;
}
void em4x50_write(em4x50_data_t *etd) {
// write operation process for EM4x50 tag,
// single word is written to given address, verified by selective read operation
bool bsuccess = false, blogin = false;
uint8_t status = 0;
uint8_t word[4] = {0x00, 0x00, 0x00, 0x00};
uint8_t addresses[4] = {0x00, 0x00, 0x00, 0x00};
init_tag();
em4x50_setup_read();
// set gHigh and gLow
get_signalproperties();
// reorder word according to datasheet
msb2lsb_word(etd->word);
// if password is given try to login first
if (etd->pwd_given)
blogin = login(etd->password);
// write word to given address
if (write(etd->word, etd->address)) {
// to verify result reset EM4x50
if (reset()) {
// if password is given login
if (etd->pwd_given)
blogin &= login(etd->password);
// perform a selective read
addresses[2] = addresses[3] = etd->address;
if (selective_read(addresses)) {
// compare with given word
word[0] = tag.sectors[etd->address][0];
word[1] = tag.sectors[etd->address][1];
word[2] = tag.sectors[etd->address][2];
word[3] = tag.sectors[etd->address][3];
msb2lsb_word(word);
bsuccess = true;
for (int i = 0; i < 4; i++)
bsuccess &= (word[i] == etd->word[i]) ? true : false;
}
}
}
status = (bsuccess << 1) + blogin;
lf_finalize();
reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238);
}
void em4x50_write_password(em4x50_data_t *etd) {
// sinmple change of password
bool bsuccess = false;
init_tag();
em4x50_setup_read();
// set gHigh and gLow
get_signalproperties();
// login and change password
if (login(etd->password)) {
bsuccess = write_password(etd->password, etd->new_password);
}
lf_finalize();
reply_ng(CMD_ACK, bsuccess, 0, 0);
}

24
armsrc/em4x50.h Normal file
View file

@ -0,0 +1,24 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 tharexde
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency EM4x50 commands
//-----------------------------------------------------------------------------
#ifndef EM4X50_H
#define EM4X50_H
#include "../include/em4x50.h"
typedef struct {
uint8_t sectors[34][7];
} em4x50_tag_t;
void em4x50_info(em4x50_data_t *etd);
void em4x50_write(em4x50_data_t *etd);
void em4x50_write_password(em4x50_data_t *etd);
#endif /* EM4X50_H */

81
armsrc/hfsnoop.c
View file

@ -18,29 +18,21 @@
#include "appmain.h"
#include "cmd.h"
static void RAMFUNC optimizedSniff(void) {
int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory
uint16_t *dest = (uint16_t *)BigBuf_get_addr();
uint16_t *destend = dest + n - 1;
// Reading data loop
while (dest <= destend) {
static void RAMFUNC optimizedSniff(uint16_t *dest, uint16_t dsize) {
while (dsize > 0) {
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
*dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
dest++;
dsize -= sizeof(dsize);
}
}
//setting tracelen - important! it was set by buffer overflow before
set_tracelen(BigBuf_max_traceLen());
}
void HfSniff(int samplesToSkip, int triggersToSkip) {
int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len) {
BigBuf_free();
BigBuf_Clear();
BigBuf_Clear_ext(false);
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
int trigger_cnt = 0;
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers", samplesToSkip, triggersToSkip);
LED_D_ON();
@ -57,37 +49,68 @@ void HfSniff(int samplesToSkip, int triggersToSkip) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP);
SpinDelay(100);
uint16_t r = 0;
while (!BUTTON_PRESS() && !data_available()) {
*len = (BigBuf_max_traceLen() & 0xFFFE);
uint8_t *mem = BigBuf_malloc(*len);
uint32_t trigger_cnt = 0;
uint16_t r = 0, interval = 0;
bool pressed = false;
while (pressed == false) {
WDT_HIT();
// cancel w usb command.
if (interval == 2000) {
if (data_available())
break;
interval = 0;
} else {
interval++;
}
// check if trigger is reached
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
r = MAX(r & 0xff, r >> 8);
if (r >= 180) { // 0xB4 ??
if (++trigger_cnt > triggersToSkip)
r = MAX(r & 0xFF, r >> 8);
// 180 (0xB4) arbitary value to see if a strong RF field is near.
if (r > 180) {
if (++trigger_cnt > triggersToSkip) {
break;
}
}
}
pressed = BUTTON_PRESS();
}
if (!BUTTON_PRESS()) {
int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
while (waitcount != 0) {
if (pressed == false) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY))
waitcount--;
// skip samples loop
while (samplesToSkip != 0) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
samplesToSkip--;
}
}
optimizedSniff((uint16_t*)mem, *len);
if (DBGLEVEL >= DBG_INFO) {
Dbprintf("Trigger kicked in (%d >= 180)", r);
Dbprintf("Collected %u samples", *len);
}
optimizedSniff();
Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r);
}
//Resetting Frame mode (First set in fpgaloader.c)
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
DbpString("HF Sniffing end");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free();
return (pressed) ? PM3_EOPABORTED : PM3_SUCCESS;
}
void HfPlotDownload(void) {

4
armsrc/hfsnoop.h
View file

@ -12,6 +12,8 @@
#ifndef __HFSNOOP_H
#define __HFSNOOP_H
void HfSniff(int, int);
#include "proxmark3_arm.h"
int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len);
void HfPlotDownload(void);
#endif

52
armsrc/hitag2.c
View file

@ -36,7 +36,7 @@
#include "lfsampling.h"
#include "lfdemod.h"
#include "commonutil.h"
#include "appmain.h"
#define test_bit(data, i) (*(data + (i/8)) >> (7-(i % 8))) & 1
#define set_bit(data, i) *(data + (i/8)) |= (1 << (7-(i % 8)))
@ -1002,15 +1002,20 @@ void SniffHitag2(void) {
size_t periods = 0;
uint8_t periods_bytes[4];
int16_t checked = 0;
// int16_t checked = 0;
/*bool waiting_for_first_edge = true;*/
LED_C_ON();
uint32_t signal_size = 10000;
while (!BUTTON_PRESS()) {
// use malloc
initSampleBufferEx(&signal_size, false);
WDT_HIT();
/*
// only every 1000th times, in order to save time when collecting samples.
if (checked == 1000) {
if (data_available()) {
@ -1021,13 +1026,14 @@ void SniffHitag2(void) {
}
}
++checked;
*/
// Receive frame, watch for at most T0*EOF periods
// lf_reset_counter();
// Wait "infinite" for reader modulation
periods = lf_detect_gap(20000);
periods = lf_detect_gap(10000);
// Test if we detected the first reader modulation edge
if (periods != 0) {
@ -1042,7 +1048,6 @@ void SniffHitag2(void) {
num_to_bytes(periods, 4, periods_bytes);
LogTrace(periods_bytes, 4, 0, 0, NULL, true);
}
}
lf_finalize();
@ -1064,7 +1069,7 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) {
int response = 0;
uint8_t rx[HITAG_FRAME_LEN] = {0};
size_t rxlen = 0;
uint8_t tx[HITAG_FRAME_LEN];
uint8_t tx[HITAG_FRAME_LEN] = {0};
size_t txlen = 0;
auth_table_len = 0;
@ -1108,8 +1113,11 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) {
// int16_t checked = 0;
// SIMULATE
uint32_t signal_size = 10000;
while (BUTTON_PRESS() == false) {
while (!BUTTON_PRESS()) {
// use malloc
initSampleBufferEx(&signal_size, true);
LED_D_ON();
@ -1283,9 +1291,9 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
uint32_t command_start = 0, command_duration = 0;
uint32_t response_start = 0, response_duration = 0;
uint8_t rx[HITAG_FRAME_LEN];
uint8_t rx[HITAG_FRAME_LEN] = {0};
size_t rxlen = 0;
uint8_t txbuf[HITAG_FRAME_LEN];
uint8_t txbuf[HITAG_FRAME_LEN] = {0};
uint8_t *tx = txbuf;
size_t txlen = 0;
@ -1430,12 +1438,17 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
size_t nrzs = 0;
int16_t checked = 0;
while (!bStop && !BUTTON_PRESS()) {
uint32_t signal_size = 10000;
while (bStop == false && BUTTON_PRESS() == false) {
// use malloc
initSampleBufferEx(&signal_size, true);
WDT_HIT();
// only every 1000th times, in order to save time when collecting samples.
if (checked == 1000) {
if (checked == 4000) {
if (data_available()) {
checked = -1;
break;
@ -1615,13 +1628,13 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) {
}
// Pack the response into a byte array
for (size_t i = 5; i < nrzs; i++) {
for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
uint8_t bit = nrz_samples[i];
if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
DBG Dbprintf("Error in Manchester decoding, abort");
break;
}
rx[rxlen / 8] |= bit << (7 - (rxlen % 8));
rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
rxlen++;
}
@ -1756,10 +1769,14 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
size_t nrzs = 0;
int16_t checked = 0;
while (!bStop && !BUTTON_PRESS()) {
uint32_t signal_size = 10000;
while (bStop == false && BUTTON_PRESS() == false) {
// only every 1000th times, in order to save time when collecting samples.
if (checked == 1000) {
// use malloc
initSampleBufferEx(&signal_size, true);
// only every 4000th times, in order to save time when collecting samples.
if (checked == 4000) {
if (data_available()) {
checked = -1;
break;
@ -1920,12 +1937,13 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) {
}
// Pack the response into a byte array
for (size_t i = 5; i < nrzs; i++) {
for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) {
uint8_t bit = nrz_samples[i];
if (bit > 1) { // When Manchester detects impossible symbol it writes "7"
break;
}
rx[rxlen / 8] |= bit << (7 - (rxlen % 8));
// >> 3 instead of div by 8
rx[rxlen >> 3] |= bit << (7 - (rxlen % 8));
rxlen++;
}

4
armsrc/i2c.c
View file

@ -47,7 +47,7 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) {
#define I2C_DELAY_2CLK I2CSpinDelayClk(2)
#define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x))
#define I2C_DELAY_100us I2CSpinDelayClk( 100 / 3)
#define I2C_DELAY_100us I2CSpinDelayClk( 100 / 3)
#define I2C_DELAY_600us I2CSpinDelayClk( 600 / 3)
#define I2C_DELAY_10ms I2CSpinDelayClk( 10 * 1000 / 3 )
#define I2C_DELAY_30ms I2CSpinDelayClk( 30 * 1000 / 3 )
@ -440,7 +440,7 @@ int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
// extra wait 500us (514us measured)
// 200us (xx measured)
// WaitUS(600);
// WaitUS(600);
I2C_DELAY_600us;
bool bBreak = true;

27
armsrc/iso14443a.c
View file

@ -889,7 +889,7 @@ bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffe
// Make sure we do not exceed the free buffer space
if (ToSendMax > max_buffer_size) {
Dbprintf("Out of memory, when modulating bits for tag answer:");
Dbprintf("ToSend buffer, Out-of-bound, when modulating bits for tag answer:");
Dbhexdump(response_info->response_n, response_info->response, false);
return false;
}
@ -980,14 +980,26 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i
// some first pages of UL/NTAG dump is special data
mfu_dump_t *mfu_header = (mfu_dump_t *) BigBuf_get_EM_addr();
*pages = MAX(mfu_header->pages, 19);
// counters and tearing flags
for (int i = 0; i < 3; i++) {
// for old dumps with all zero headers, we need to set default values.
for (uint8_t i = 0; i < 3; i++) {
counters[i] = le24toh(mfu_header->counter_tearing[i]);
tearings[i] = mfu_header->counter_tearing[i][3];
if (mfu_header->counter_tearing[i][3] != 0x00) {
tearings[i] = mfu_header->counter_tearing[i][3];
}
}
// GET_VERSION
memcpy(rVERSION, mfu_header->version, 8);
if (memcmp(mfu_header->version, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) == 0) {
memcpy(rVERSION, "\x00\x04\x04\x02\x01\x00\x11\x03", 8);
} else {
memcpy(rVERSION, mfu_header->version, 8);
}
AddCrc14A(rVERSION, sizeof(rVERSION) - 2);
// READ_SIG
memcpy(rSIGN, mfu_header->signature, 32);
AddCrc14A(rSIGN, sizeof(rSIGN) - 2);
@ -2015,13 +2027,6 @@ int EmSendPrecompiledCmd(tag_response_info_t *p_response) {
LastTimeProxToAirStart * 16 + DELAY_ARM2AIR_AS_TAG,
(LastTimeProxToAirStart + p_response->ProxToAirDuration) * 16 + DELAY_ARM2AIR_AS_TAG,
par);
if (DBGLEVEL >= DBG_EXTENDED) {
Dbprintf("response_info->response %02X", p_response->response);
Dbprintf("response_info->response_n %02X", p_response->response_n);
Dbprintf("response_info->par %02X", &(p_response->par));
}
return ret;
}

50
armsrc/lfadc.c
View file

@ -11,6 +11,7 @@
#include "fpgaloader.h"
#include "ticks.h"
#include "dbprint.h"
#include "appmain.h"
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
@ -72,27 +73,11 @@ void lf_sample_mean(void) {
static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
size_t periods = 0;
volatile uint8_t adc_val;
uint8_t avg_peak = adc_avg + 3, avg_through = adc_avg - 3;
// int16_t checked = 0;
while (!BUTTON_PRESS()) {
// only every 100th times, in order to save time when collecting samples.
/*
if (checked == 1000) {
if (data_available()) {
break;
} else {
checked = 0;
}
}
++checked;
*/
WDT_HIT();
while (BUTTON_PRESS() == false) {
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
adc_val = AT91C_BASE_SSC->SSC_RHR;
volatile uint8_t adc_val = AT91C_BASE_SSC->SSC_RHR;
periods++;
if (g_logging) logSampleSimple(adc_val);
@ -105,6 +90,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
if (adc_val == 0) {
return periods;
}
} else {
// Trigger on a modulation swap by observing an edge change
if (rising_edge) {
@ -125,6 +111,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
if (periods >= max) return 0;
}
}
if (g_logging) logSampleSimple(0xFF);
return 0;
}
@ -161,6 +148,7 @@ bool lf_get_reader_modulation(void) {
}
void lf_wait_periods(size_t periods) {
// wait detect gap
lf_count_edge_periods_ex(periods, true, false);
}
@ -250,23 +238,22 @@ void lf_finalize(void) {
}
size_t lf_detect_field_drop(size_t max) {
/*
size_t periods = 0;
// int16_t checked = 0;
while (!BUTTON_PRESS()) {
while (BUTTON_PRESS() == false) {
/*
// only every 1000th times, in order to save time when collecting samples.
if (checked == 1000) {
if (data_available()) {
checked = -1;
break;
} else {
checked = 0;
}
}
++checked;
*/
// // only every 1000th times, in order to save time when collecting samples.
// if (checked == 4000) {
// if (data_available()) {
// checked = -1;
// break;
// } else {
// checked = 0;
// }
// }
// ++checked;
WDT_HIT();
@ -284,6 +271,7 @@ size_t lf_detect_field_drop(size_t max) {
if (periods == max) return 0;
}
}
*/
return 0;
}

199
armsrc/lfops.c
View file

@ -171,7 +171,7 @@ t55xx_configurations_t T55xx_Timing = {
#define T55XX_LONGLEADINGREFERENCE 4 // Value to tell Write Bit to send long reference
// ATA55xx shared presets & routines
static uint32_t GetT55xxClockBit(uint32_t clock) {
static uint32_t GetT55xxClockBit(uint8_t clock) {
switch (clock) {
case 128:
return T55x7_BITRATE_RF_128;
@ -1224,32 +1224,52 @@ void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size,
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low) {
size_t size;
uint32_t hi2 = 0, hi = 0, lo = 0;
int dummyIdx = 0;
// Configure to go in 125kHz listen mode
LFSetupFPGAForADC(LF_DIVISOR_125, true);
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
//clear read buffer
BigBuf_Clear_keep_EM();
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
// FSK demodulator
size = 50 * 128 * 2; //big enough to catch 2 sequences of largest format
// 50 * 128 * 2 - big enough to catch 2 sequences of largest format
size = MIN(12800, BigBuf_max_traceLen());
int idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
if (idx < 0) continue;
if (idx > 0 && lo > 0 && (size == 96 || size == 192)) {
// go over previously decoded manchester data and decode into usable tag ID
if (hi2 != 0) { //extra large HID tags 88/192 bits
Dbprintf("TAG ID: %x%08x%08x (%d)",
Dbprintf("TAG ID: " _GREEN_("%x%08x%08x") " (%d)",
hi2,
hi,
lo,
@ -1311,25 +1331,40 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
hi2 = hi = lo = idx = 0;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("HID fsk demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low) {
uint8_t *dest = BigBuf_get_addr();
size_t size;
int dummyIdx = 0;
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
// FSK demodulator
@ -1380,20 +1415,19 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
uint32_t fac = bytebits_to_byte(dest + 9, 8);
uint32_t cardnum = bytebits_to_byte(dest + 17, 16);
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen);
Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo);
Dbprintf("AWID Found - Bit length: " _GREEN_("%d") ", FC: " _GREEN_("%d") ", Card: " _GREEN_("%d") " - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo);
} else {
uint32_t cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16);
if (fmtLen > 32) {
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen - 32);
uint32_t code2 = bytebits_to_byte(dest + 8 + (fmtLen - 32), 32);
Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo);
Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo);
} else {
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen);
Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo);
Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo);
}
}
if (findone) {
if (ledcontrol) LED_A_OFF();
*high = rawHi;
*low = rawLo;
break;
@ -1401,26 +1435,40 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("AWID fsk demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
size_t size, idx = 0;
int clk = 0, invert = 0, maxErr = 20;
uint32_t hi = 0;
uint64_t lo = 0;
uint8_t *dest = BigBuf_get_addr();
clear_trace();
set_tracing(false);
BigBuf_Clear_keep_EM();
LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
@ -1428,14 +1476,14 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
//askdemod and manchester decode
int errCnt = askdemod(dest, &size, &clk, &invert, maxErr, 0, 1);
WDT_HIT();
if (errCnt > 50) continue;
WDT_HIT();
errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo);
if (errCnt == 1) {
if (size == 128) {
Dbprintf("EM XL TAG ID: %06x%08x%08x - (%05d_%03d_%08d)",
Dbprintf("EM XL TAG ID: " _GREEN_("%06x%08x%08x") " - ( %05d_%03d_%08d )",
hi,
(uint32_t)(lo >> 32),
(uint32_t)lo,
@ -1443,7 +1491,7 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
(uint32_t)((lo >> 16LL) & 0xFF),
(uint32_t)(lo & 0xFFFFFF));
} else {
Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",
Dbprintf("EM TAG ID: " _GREEN_("%02x%08x") " - ( %05d_%03d_%08d )",
(uint32_t)(lo >> 32),
(uint32_t)lo,
(uint32_t)(lo & 0xFFFF),
@ -1452,7 +1500,6 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
}
if (findone) {
if (ledcontrol) LED_A_OFF();
*high = hi;
*low = lo;
break;
@ -1463,33 +1510,46 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("EM man/ask demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
int dummyIdx = 0;
uint32_t code = 0, code2 = 0;
uint8_t version = 0, facilitycode = 0, crc = 0;
uint16_t number = 0, calccrc = 0;
size_t size = BigBuf_max_traceLen();
uint8_t version = 0, facilitycode = 0;
uint16_t number = 0;
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
// Configure to go in 125kHz listen mode
LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
size = MIN(12000, BigBuf_max_traceLen());
size_t size = MIN(12000, BigBuf_max_traceLen());
//fskdemod and get start index
int idx = detectIOProx(dest, &size, &dummyIdx);
@ -1529,18 +1589,9 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
facilitycode = bytebits_to_byte(dest + idx + 18, 8);
number = (bytebits_to_byte(dest + idx + 36, 8) << 8) | (bytebits_to_byte(dest + idx + 45, 8)); //36,9
crc = bytebits_to_byte(dest + idx + 54, 8);
for (uint8_t i = 1; i < 6; ++i)
calccrc += bytebits_to_byte(dest + idx + 9 * i, 8);
calccrc &= 0xff;
calccrc = 0xff - calccrc;
Dbprintf("IO Prox " _GREEN_("XSF(%02d)%02x:%05d") " (%08x%08x) (%s)", version, facilitycode, number, code, code2);
const char *crcStr = (crc == calccrc) ? "ok" : "!crc";
Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]", version, facilitycode, number, code, code2, crc, crcStr);
// if we're only looking for one tag
if (findone) {
if (ledcontrol) LED_A_OFF();
*high = code;
*low = code2;
break;
@ -1548,12 +1599,11 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) {
code = code2 = 0;
version = facilitycode = 0;
number = 0;
calccrc = 0;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("IOProx fsk demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
/*------------------------------
@ -2006,12 +2056,12 @@ void T55xx_ChkPwds(uint8_t flags) {
DbpString("[+] T55XX Check pwds using flashmemory starting");
uint8_t ret = 0;
// First get baseline and setup LF mode.
// tends to mess up BigBuf
uint8_t *buf = BigBuf_get_addr();
uint32_t b1, baseline = 0;
uint8_t downlink_mode = (flags >> 3) & 0x03;
uint8_t *buf = BigBuf_get_addr();
uint8_t ret = 0;
uint8_t downlink_mode = (flags >> 3) & 0x03;
uint32_t b1, baseline = 0;
// collect baseline for failed attempt
uint8_t x = 32;
@ -2190,17 +2240,26 @@ void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) {
reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0);
}
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo) {
// Define 9bit header for EM410x tags
#define EM410X_HEADER 0x1FF
#define EM410X_ID_LENGTH 40
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
uint32_t clockbits = 0;
if (card == 1) { //t55x7
clockbits = GetT55xxClockBit(clock);
if (clockbits == 0) {
Dbprintf("Invalid clock rate: %d", clock);
return PM3_EINVARG;
}
}
int i;
uint64_t id = EM410X_HEADER;
uint64_t rev_id = 0; // reversed ID
int c_parity[4]; // column parity
int r_parity = 0; // row parity
uint32_t clock = 0;
// Reverse ID bits given as parameter (for simpler operations)
for (i = 0; i < EM410X_ID_LENGTH; ++i) {
@ -2250,33 +2309,29 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
// Add stop bit
id <<= 1;
Dbprintf("Started writing %s tag ...", card ? "T55x7" : "T5555");
LED_D_ON();
// Write EM410x ID
uint32_t data[] = {0, (uint32_t)(id >> 32), (uint32_t)(id & 0xFFFFFFFF)};
clock = (card & 0xFF00) >> 8;
// default to 64
clock = (clock == 0) ? 64 : clock;
Dbprintf("Clock rate: %d", clock);
if (card & 0xFF) { //t55x7
clock = GetT55xxClockBit(clock);
if (clock == 0) {
Dbprintf("Invalid clock rate: %d", clock);
return;
}
data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else { //t5555 (Q5)
if (card == 1) { // T55x7
data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else { // T5555 (Q5)
data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
}
WriteT55xx(data, 0, 3);
LED_D_OFF();
LEDsoff();
Dbprintf("Tag %s written with 0x%08x%08x\n",
card ? "T55x7" : "T5555",
(uint32_t)(id >> 32),
(uint32_t)id);
return PM3_SUCCESS;
}
//-----------------------------------

14
armsrc/lfops.h
View file

@ -35,13 +35,17 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c
void CmdPSKsimTAG(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol);
void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
int lf_hid_watch(int findone, uint32_t *high, uint32_t *low);
int lf_awid_watch(int findone, uint32_t *high, uint32_t *low); // Realtime demodulation mode for AWID26
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low);
int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5);
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo);
void T55xxResetRead(uint8_t flags);
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxWriteBlock(uint8_t *data);

113
armsrc/lfsampling.c
View file

@ -16,6 +16,7 @@
#include "util.h"
#include "lfdemod.h"
#include "string.h" // memset
#include "appmain.h" // print stack
/*
Default LF config is set to:
@ -29,6 +30,12 @@ Default LF config is set to:
*/
static sample_config config = { 1, 8, 1, LF_DIVISOR_125, 0, 0, 1} ;
// Holds bit packed struct of samples.
static BitstreamOut data = {0, 0, 0};
// internal struct to keep track of samples gathered
static sampling_t samples = {0, 0, 0, 0};
void printConfig(void) {
uint32_t d = config.divisor;
DbpString(_CYAN_("LF Sampling config"));
@ -38,6 +45,18 @@ void printConfig(void) {
Dbprintf(" [a] averaging...........%s", (config.averaging) ? "Yes" : "No");
Dbprintf(" [t] trigger threshold...%d", config.trigger_threshold);
Dbprintf(" [s] samples to skip.....%d ", config.samples_to_skip);
DbpString(_CYAN_("LF Sampling Stack"));
print_stack_usage();
}
void printSamples(void) {
DbpString(_CYAN_("LF Sampling memory"));
Dbprintf(" decimation counter.....%d ", samples.dec_counter);
Dbprintf(" sum.....%u ", samples.sum);
Dbprintf(" counter.....%u ", samples.counter);
Dbprintf(" total saved.....%u ", samples.total_saved);
print_stack_usage();
}
/**
@ -99,12 +118,6 @@ static void pushBit(BitstreamOut *stream, uint8_t bit) {
stream->numbits++;
}
// Holds bit packed struct of samples.
static BitstreamOut data = {0, 0, 0};
// internal struct to keep track of samples gathered
static sampling_t samples = {0, 0, 0, 0};
void initSampleBuffer(uint32_t *sample_size) {
initSampleBufferEx(sample_size, false);
}
@ -116,9 +129,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
}
BigBuf_free();
// We can't erase the buffer now, it would drastically delay the acquisition
if (use_malloc) {
if (*sample_size == 0) {
@ -132,6 +143,8 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
} else {
if (*sample_size == 0) {
*sample_size = BigBuf_max_traceLen();
} else {
*sample_size = MIN(*sample_size, BigBuf_max_traceLen());
}
data.buffer = BigBuf_get_addr();
}
@ -139,7 +152,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) {
//
samples.dec_counter = 0;
samples.sum = 0;
samples.counter = 0;
samples.counter = *sample_size;
samples.total_saved = 0;
}
@ -155,13 +168,13 @@ void logSample(uint8_t sample, uint8_t decimation, uint8_t bits_per_sample, bool
if (!data.buffer) return;
if (bits_per_sample == 0) bits_per_sample = 1;
// keep track of total gather samples regardless how many was discarded.
if (samples.counter-- == 0) return;
if (bits_per_sample == 0) bits_per_sample = 1;
if (bits_per_sample > 8) bits_per_sample = 8;
if (decimation == 0) decimation = 1;
// keep track of total gather samples regardless how many was discarded.
samples.counter++;
if (avg) {
samples.sum += sample;
}
@ -222,6 +235,7 @@ void LFSetupFPGAForADC(int divisor, bool reader_field) {
// Connect the A/D to the peak-detected low-frequency path.
SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
// 50ms for the resonant antenna to settle.
if (reader_field)
SpinDelay(50);
@ -253,14 +267,19 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
initSampleBuffer(&sample_size);
if (DBGLEVEL >= DBG_DEBUG) {
Dbprintf("lf sampling - after init");
printSamples();
}
uint32_t cancel_counter = 0;
int16_t checked = 0;
while (!BUTTON_PRESS()) {
while (BUTTON_PRESS() == false) {
// only every 1000th times, in order to save time when collecting samples.
// interruptible only when logging not yet triggered
if ((checked == 1000) && (trigger_threshold > 0)) {
if ((checked == 4000) && (trigger_threshold > 0)) {
if (data_available()) {
checked = -1;
break;
@ -273,7 +292,6 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
WDT_HIT();
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
// AT91C_BASE_SSC->SSC_THR = 0x43;
LED_D_ON();
}
@ -305,7 +323,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in
if (samples.total_saved >= sample_size) break;
}
}
if (checked == -1 && verbose) {
Dbprintf("lf sampling aborted");
}
@ -396,10 +414,19 @@ void doT55x7Acquisition(size_t sample_size) {
bool lowFound = false;
uint16_t checker = 0;
if (DBGLEVEL >= DBG_DEBUG) {
Dbprintf("doT55x7Acquisition - after init");
print_stack_usage();
}
while (skipCnt < 1000 && (i < bufsize)) {
if (checker == 1000) {
if (BUTTON_PRESS() || data_available())
if (BUTTON_PRESS())
break;
if (checker == 4000) {
if (data_available())
break;
else
checker = 0;
@ -461,21 +488,24 @@ void doT55x7Acquisition(size_t sample_size) {
void doCotagAcquisition(size_t sample_size) {
uint8_t *dest = BigBuf_get_addr();
uint16_t bufsize = BigBuf_max_traceLen();
if (bufsize > sample_size)
bufsize = sample_size;
uint16_t bufsize = MIN(sample_size, BigBuf_max_traceLen());
dest[0] = 0;
uint8_t firsthigh = 0, firstlow = 0;
uint16_t i = 0;
uint16_t noise_counter = 0;
uint16_t checker = 0;
uint16_t i = 0, noise_counter = 0, checker = 0;
if (DBGLEVEL >= DBG_DEBUG) {
Dbprintf("doCotagAcquisition - after init");
print_stack_usage();
}
while ((i < bufsize) && (noise_counter < (COTAG_T1 << 1))) {
if (checker == 1000) {
if (BUTTON_PRESS() || data_available())
if (BUTTON_PRESS())
break;
if (checker == 4000) {
if (data_available())
break;
else
checker = 0;
@ -529,21 +559,26 @@ void doCotagAcquisition(size_t sample_size) {
uint32_t doCotagAcquisitionManchester(void) {
uint8_t *dest = BigBuf_get_addr();
uint16_t bufsize = BigBuf_max_traceLen();
if (bufsize > COTAG_BITS)
bufsize = COTAG_BITS;
uint16_t bufsize = MIN(COTAG_BITS, BigBuf_max_traceLen());
dest[0] = 0;
uint8_t firsthigh = 0, firstlow = 0;
uint16_t sample_counter = 0, period = 0;
uint8_t curr = 0, prev = 0;
uint16_t noise_counter = 0;
uint16_t checker = 0;
uint16_t sample_counter = 0, period = 0;
uint16_t noise_counter = 0, checker = 0;
if (DBGLEVEL >= DBG_DEBUG) {
Dbprintf("doCotagAcquisitionManchester - after init");
print_stack_usage();
}
while ((sample_counter < bufsize) && (noise_counter < (COTAG_T1 << 1))) {
if (checker == 1000) {
if (BUTTON_PRESS() || data_available())
if (BUTTON_PRESS())
break;
if (checker == 4000) {
if ( data_available())
break;
else
checker = 0;

1
armsrc/lfsampling.h
View file

@ -100,5 +100,6 @@ void setSamplingConfig(sample_config *sc);
sample_config *getSamplingConfig(void);
void printConfig(void);
void printSamples(void);
#endif // __LFSAMPLING_H

134
client/CMakeLists.txt
View file

@ -1,3 +1,9 @@
# Usage:
# mkdir build
# cd build
# cmake .. (see below for options)
# make (VERBOSE=1 if needed)
#
# MINGW:
# On ProxSpace 3.4:
# cmake -G"MSYS Makefiles" ..
@ -5,7 +11,7 @@
# pacman -S mingw-w64-x86_64-cmake
# /mingw64/bin/cmake -G"MSYS Makefiles" ..
#
# Android cross-compilation:
# Android cross-compilation: (ANDROID_ABI=arm64-v8a for a 64b version)
# cmake \
# -DCMAKE_TOOLCHAIN_FILE=<path-to-your-android-ndk>/build/cmake/android.toolchain.cmake \
# -DANDROID_ABI=armeabi-v7a \
@ -20,6 +26,8 @@ if(CMAKE_VERSION VERSION_LESS "3.7.0")
set(CMAKE_INCLUDE_CURRENT_DIR ON)
endif()
find_package(PkgConfig)
if (NOT SKIPQT EQUAL 1)
if(APPLE AND EXISTS /usr/local/opt/qt5)
# Homebrew installs Qt5 (up to at least 5.11.0) in
@ -46,7 +54,6 @@ if (NOT SKIPQT EQUAL 1)
endforeach()
endif (NOT SKIPQT EQUAL 1)
find_package(PkgConfig)
if (NOT SKIPBT EQUAL 1)
pkg_search_module(BLUEZ QUIET bluez)
endif (NOT SKIPBT EQUAL 1)
@ -56,25 +63,30 @@ if (NOT SKIPPYTHON EQUAL 1)
pkg_search_module(PYTHON3EMBED QUIET python3-embed)
endif (NOT SKIPPYTHON EQUAL 1)
# If build on android cross, we need to init source and build.
if (ANDROID)
set(CFLAGS_EXTERNAL_LIB CFLAGS=--target=${CMAKE_C_COMPILER_TARGET})
# If cross-compiled, we need to init source and build.
if (CMAKE_TOOLCHAIN_FILE)
set(CFLAGS_EXTERNAL_LIB "CFLAGS=--target=${CMAKE_C_COMPILER_TARGET} -w")
set(EMBED_READLINE ON)
set(EMBED_BZIP2 ON)
endif (CMAKE_TOOLCHAIN_FILE)
if (EMBED_READLINE OR EMBED_BZIP2)
include(ExternalProject)
endif (ANDROID)
endif (EMBED_READLINE OR EMBED_BZIP2)
if (NOT SKIPREADLINE EQUAL 1)
if (APPLE)
find_path(READLINE_INCLUDE_DIRS readline/readline.h /usr/local/opt/readline/include /opt/local/include /opt/include /usr/local/include /usr/include NO_DEFAULT_PATH)
find_library(READLINE_LIBRARIES readline /usr/local/opt/readline/lib /opt/local/lib /opt/lib /usr/local/lib /usr/lib NO_DEFAULT_PATH)
endif (APPLE)
if (ANDROID)
if (EMBED_READLINE)
ExternalProject_Add(ncurses
URL http://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.0.tar.gz
PREFIX deps/ncurses
DOWNLOAD_DIR ${CMAKE_CURRENT_SOURCE_DIR}/deps/ncurses
CONFIGURE_COMMAND ./configure CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} --host=arm
CONFIGURE_COMMAND ./configure CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} --host=arm --disable-database --with-fallbacks=ansi-generic,ansi-mini,color_xterm,dtterm,dumb,Eterm,Eterm-256color,Eterm-88color,eterm-color,gnome,gnome-256color,guru,hurd,iTerm.app,konsole,konsole-16color,konsole-256color,konsole-base,konsole-linux,konsole-solaris,konsole-vt100,kterm,kterm-color,linux,linux-16color,linux-basic,mac,mlterm,mlterm-256color,mrxvt,mrxvt-256color,mterm,mterm-ansi,mvterm,nsterm,nsterm-16color,nsterm-256color,pty,putty,putty-256color,putty-vt100,rxvt,rxvt-16color,rxvt-256color,rxvt-88color,rxvt-basic,rxvt-color,screen,screen-16color,screen-256color,simpleterm,st-16color,st-256color,st52,st52-color,stv52,tt,tt52,unknown,vt100,vt102,vte,vte-256color,xterm,xterm-16color,xterm-256color,xterm-88color,xterm-basic,xterm-bold,xterm-color,xterm-utf8,xterm-vt220,xterm-vt52,xterm1,xtermc,xtermm --enable-termcap --without-ada --without-debug --without-dlsym --without-gpm --without-develop --without-tests --without-cxx-binding --with-termlib
BUILD_IN_SOURCE ON
BUILD_COMMAND make -j2 libs
BUILD_COMMAND make libs
INSTALL_COMMAND ""
LOG_DOWNLOAD ON
)
@ -86,23 +98,36 @@ if (NOT SKIPREADLINE EQUAL 1)
DOWNLOAD_DIR ${CMAKE_CURRENT_SOURCE_DIR}/deps/readline
CONFIGURE_COMMAND ./configure CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} --host=arm --enable-static
BUILD_IN_SOURCE ON
BUILD_COMMAND make -j2
BUILD_COMMAND make
INSTALL_COMMAND ""
LOG_DOWNLOAD ON
)
ExternalProject_Add_StepTargets(readline configure build install)
set(READLINE_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/)
set(READLINE_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/readline/libreadline.a ${CMAKE_CURRENT_BINARY_DIR}/deps/ncurses/src/ncurses/lib/libncurses.a)
else (ANDROID)
set(READLINE_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/readline/libreadline.a ${CMAKE_CURRENT_BINARY_DIR}/deps/ncurses/src/ncurses/lib/libtinfo.a)
else (EMBED_READLINE)
find_path(READLINE_INCLUDE_DIRS readline/readline.h)
find_library(READLINE_LIBRARIES readline)
endif (ANDROID)
endif (EMBED_READLINE)
if (READLINE_INCLUDE_DIRS AND READLINE_LIBRARIES)
set(READLINE_FOUND ON)
endif (READLINE_INCLUDE_DIRS AND READLINE_LIBRARIES)
endif (NOT SKIPREADLINE EQUAL 1)
if(ANDROID)
if (NOT SKIPJANSSONSYSTEM EQUAL 1)
pkg_check_modules(PC_JANSSON QUIET jansson)
find_path(JANSSON_INCLUDE_DIRS
NAMES jansson.h
HINTS ${PC_JANSSON_INCLUDEDIR} ${PC_JANSSON_INCLUDE_DIRS})
find_library(JANSSON_LIBRARIES
NAMES jansson libjansson
HINTS ${PC_JANSSON_LIBDIR} ${PC_JANSSON_LIBRARY_DIRS})
if (JANSSON_INCLUDE_DIRS AND JANSSON_LIBRARIES)
set(JANSSON_FOUND ON)
endif (JANSSON_INCLUDE_DIRS AND JANSSON_LIBRARIES)
endif (NOT SKIPJANSSONSYSTEM EQUAL 1)
if(EMBED_BZIP2)
set(BZIP2_BUILD_DIR ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2)
ExternalProject_Add(bzip2
GIT_REPOSITORY https://android.googlesource.com/platform/external/bzip2
@ -118,12 +143,18 @@ if(ANDROID)
ExternalProject_Add_StepTargets(bzip2 configure build install)
set(BZIP2_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2)
set(BZIP2_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2/libbz2.a)
else()
set(BZIP2_LIBRARIES bz2)
endif(ANDROID)
if (BZIP2_LIBRARIES)
set(BZIP2_FOUND ON)
endif (BZIP2_LIBRARIES)
else(EMBED_BZIP2)
find_package (BZip2 REQUIRED)
endif(EMBED_BZIP2)
if (NOT SKIPWHEREAMISYSTEM EQUAL 1)
find_path(WHEREAMI_INCLUDE_DIRS whereami.h)
find_library(WHEREAMI_LIBRARIES whereami)
if (WHEREAMI_INCLUDE_DIRS AND WHEREAMI_LIBRARIES)
set(WHEREAMI_FOUND ON)
endif (WHEREAMI_INCLUDE_DIRS AND WHEREAMI_LIBRARIES)
endif (NOT SKIPWHEREAMISYSTEM EQUAL 1)
add_subdirectory(${PM3_ROOT}/client/deps deps)
@ -214,6 +245,7 @@ set (TARGET_SOURCES
${PM3_ROOT}/client/src/cmdlfawid.c
${PM3_ROOT}/client/src/cmdlfcotag.c
${PM3_ROOT}/client/src/cmdlfem4x.c
${PM3_ROOT}/client/src/cmdlfem4x50.c
${PM3_ROOT}/client/src/cmdlffdx.c
${PM3_ROOT}/client/src/cmdlfgallagher.c
${PM3_ROOT}/client/src/cmdlfguard.c
@ -308,6 +340,11 @@ if (NOT SKIPBT EQUAL 1)
endif (BLUEZ_FOUND)
endif(NOT SKIPBT EQUAL 1)
if (JANSSON_FOUND)
set(ADDITIONAL_DIRS ${JANSSON_INCLUDE_DIRS} ${ADDITIONAL_DIRS})
set(ADDITIONAL_LNK ${JANSSON_LIBRARIES} ${ADDITIONAL_LNK})
endif (JANSSON_FOUND)
if (NOT SKIPPYTHON EQUAL 1)
if (PYTHON3EMBED_FOUND)
add_definitions(-DHAVE_PYTHON)
@ -329,13 +366,17 @@ if (NOT SKIPREADLINE EQUAL 1)
set(ADDITIONAL_LNK ${READLINE_LIBRARIES} ${ADDITIONAL_LNK})
endif (READLINE_FOUND)
endif(NOT SKIPREADLINE EQUAL 1)
if (BZIP2_FOUND)
set(ADDITIONAL_DIRS ${BZIP2_INCLUDE_DIRS} ${ADDITIONAL_DIRS})
set(ADDITIONAL_LNK ${BZIP2_LIBRARIES} ${ADDITIONAL_LNK})
else (BZIP2_FOUND)
message(FATAL_ERROR "Bzip2 not found")
endif (BZIP2_FOUND)
if (WHEREAMI_FOUND)
set(ADDITIONAL_DIRS ${WHEREAMI_INCLUDE_DIRS} ${ADDITIONAL_DIRS})
set(ADDITIONAL_LNK ${WHEREAMI_LIBRARIES} ${ADDITIONAL_LNK})
endif (WHEREAMI_FOUND)
message("===================================================================")
if (SKIPQT EQUAL 1)
message("GUI support: skipped")
@ -357,6 +398,22 @@ else (SKIPBT EQUAL 1)
endif (BLUEZ_FOUND)
endif(SKIPBT EQUAL 1)
if (EMBED_BZIP2)
message("Bzip2 library: embedded")
else (EMBED_BZIP2)
message("Bzip2 library: system library found")
endif (EMBED_BZIP2)
if (SKIPJANSSONSYSTEM EQUAL 1)
message("Jansson library: local library forced")
else (SKIPJANSSONSYSTEM EQUAL 1)
if (JANSSON_FOUND)
message("Jansson library: system library found")
else (JANSSON_FOUND)
message("Jansson library: system library not found, using local library")
endif (JANSSON_FOUND)
endif (SKIPJANSSONSYSTEM EQUAL 1)
if (SKIPPYTHON EQUAL 1)
message("Python3 library: skipped")
else (SKIPPYTHON EQUAL 1)
@ -373,11 +430,25 @@ if (SKIPREADLINE EQUAL 1)
message("Readline library: skipped")
else (SKIPREADLINE EQUAL 1)
if (READLINE_FOUND)
message("Readline library: enabled")
if (EMBED_READLINE)
message("Readline library: embedded")
else (EMBED_READLINE)
message("Readline library: system library found")
endif (EMBED_READLINE)
else (READLINE_FOUND)
message("Readline library: Readline not found, disabled")
endif (READLINE_FOUND)
endif(SKIPREADLINE EQUAL 1)
if (SKIPWHEREAMISYSTEM EQUAL 1)
message("Whereami library: local library forced")
else (SKIPWHEREAMISYSTEM EQUAL 1)
if (WHEREAMI_FOUND)
message("Whereami library: system library found")
else (WHEREAMI_FOUND)
message("Whereami library: system library not found, using local library")
endif (WHEREAMI_FOUND)
endif (SKIPWHEREAMISYSTEM EQUAL 1)
message("===================================================================")
add_executable(proxmark3
@ -387,12 +458,14 @@ add_executable(proxmark3
)
target_compile_options(proxmark3 PUBLIC -Wall -Werror -O3)
if (ANDROID)
if (EMBED_READLINE)
if (NOT SKIPREADLINE EQUAL 1)
add_dependencies(proxmark3 ncurses readline)
endif (NOT SKIPREADLINE EQUAL 1)
endif (EMBED_READLINE)
if (EMBED_BZIP2)
add_dependencies(proxmark3 bzip2)
endif (ANDROID)
endif (EMBED_BZIP2)
if (MINGW)
# Mingw uses by default Microsoft printf, we want the GNU printf (e.g. for %z)
@ -421,25 +494,30 @@ endif (NOT APPLE)
find_library(pm3rrg_rdv4_cliparser REQUIRED)
find_library(pm3rrg_rdv4_jansson REQUIRED)
find_library(pm3rrg_rdv4_tinycbor REQUIRED)
find_library(pm3rrg_rdv4_lua REQUIRED)
find_library(pm3rrg_rdv4_mbedtls REQUIRED)
find_library(pm3rrg_rdv4_reveng REQUIRED)
find_library(pm3rrg_rdv4_hardnested REQUIRED)
find_library(pm3rrg_rdv4_whereami REQUIRED)
if (NOT JANSSON_FOUND)
find_library(pm3rrg_rdv4_jansson REQUIRED)
set(ADDITIONAL_LNK pm3rrg_rdv4_jansson ${ADDITIONAL_LNK})
endif (NOT JANSSON_FOUND)
if (NOT WHEREAMI_FOUND)
find_library(pm3rrg_rdv4_whereami REQUIRED)
set(ADDITIONAL_LNK pm3rrg_rdv4_whereami ${ADDITIONAL_LNK})
endif (NOT WHEREAMI_FOUND)
target_link_libraries(proxmark3 PRIVATE
m
pm3rrg_rdv4_mbedtls
pm3rrg_rdv4_cliparser
pm3rrg_rdv4_jansson
pm3rrg_rdv4_lua
pm3rrg_rdv4_tinycbor
pm3rrg_rdv4_amiibo
pm3rrg_rdv4_reveng
pm3rrg_rdv4_hardnested
pm3rrg_rdv4_whereami
${ADDITIONAL_LNK})
if (NOT SKIPPTHREAD EQUAL 1)

1
client/Makefile
View file

@ -439,6 +439,7 @@ SRCS = aidsearch.c \
cmdlfawid.c \
cmdlfcotag.c \
cmdlfem4x.c \
cmdlfem4x50.c \
cmdlffdx.c \
cmdlfguard.c \
cmdlfgallagher.c \

1
client/deps/hardnested.cmake
View file

@ -107,6 +107,7 @@ add_library(pm3rrg_rdv4_hardnested STATIC
hardnested/hardnested_bruteforce.c
$<TARGET_OBJECTS:pm3rrg_rdv4_hardnested_nosimd>
${SIMD_TARGETS})
target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -Werror -O3)
set_property(TARGET pm3rrg_rdv4_hardnested PROPERTY POSITION_INDEPENDENT_CODE ON)
target_include_directories(pm3rrg_rdv4_hardnested PRIVATE
../../common

39
client/src/cmddata.c
View file

@ -1593,6 +1593,16 @@ static uint8_t getByte(uint8_t bits_per_sample, BitstreamOut *b) {
}
int getSamples(uint32_t n, bool verbose) {
return getSamplesEx(0, n, verbose);
}
int getSamplesEx(uint32_t start, uint32_t end, bool verbose) {
if (end < start) {
PrintAndLogEx(WARNING, "error, end (%u) is smaller than start (%u)", end, start);
return PM3_EINVARG;
}
//If we get all but the last byte in bigbuf,
// we don't have to worry about remaining trash
// in the last byte in case the bits-per-sample
@ -1600,13 +1610,16 @@ int getSamples(uint32_t n, bool verbose) {
uint8_t got[pm3_capabilities.bigbuf_size - 1];
memset(got, 0x00, sizeof(got));
if (n == 0 || n > pm3_capabilities.bigbuf_size - 1)
uint32_t n = end - start;
if (n <= 0 || n > pm3_capabilities.bigbuf_size - 1)
n = pm3_capabilities.bigbuf_size - 1;
if (verbose) PrintAndLogEx(INFO, "Reading " _YELLOW_("%u") " bytes from device memory", n);
if (verbose)
PrintAndLogEx(INFO, "Reading " _YELLOW_("%u") " bytes from device memory", n);
PacketResponseNG response;
if (!GetFromDevice(BIG_BUF, got, n, 0, NULL, 0, &response, 10000, true)) {
if (!GetFromDevice(BIG_BUF, got, n, start, NULL, 0, &response, 10000, true)) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return PM3_ETIMEOUT;
}
@ -2297,25 +2310,35 @@ static int CmdDataNDEF(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "data ndef",
"Prints NFC Data Exchange Format (NDEF)",
"Usage:\n\tdata ndef -d 9101085402656e48656c6c6f5101085402656e576f726c64\n");
"Decode and print NFC Data Exchange Format (NDEF)",
"Samples:\n"
_YELLOW_("\tdata ndef -d 9101085402656e48656c6c6f5101085402656e576f726c64\n")
_YELLOW_("\tdata ndef -d 0103d020240203e02c040300fe\n")
);
void *argtable[] = {
arg_param_begin,
arg_strx0("dD", "data", "<hex>", "NDEF data to decode"),
arg_lit0("vV", "verbose", "verbose mode"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIExecWithReturn(ctx, Cmd, argtable, false);
int datalen = 0;
uint8_t data[MAX_NDEF_LEN] = {0};
CLIGetHexWithReturn(ctx, 1, data, &datalen);
bool verbose = arg_get_lit(ctx, 2);
CLIParserFree(ctx);
if (datalen == 0)
return PM3_EINVARG;
PrintAndLogEx(INFO, "Parsed NDEF Records");
return NDEFRecordsDecodeAndPrint(data, datalen);
int res = NDEFDecodeAndPrint(data, datalen, verbose);
if (res != PM3_SUCCESS) {
PrintAndLogEx(INFO, "Trying to parse NDEF records w/o NDEF header");
res = NDEFRecordsDecodeAndPrint(data, datalen);
}
return res;
}
static command_t CommandTable[] = {

3
client/src/cmddata.h
View file

@ -72,7 +72,10 @@ void setDemodBuff(uint8_t *buff, size_t size, size_t start_idx);
bool getDemodBuff(uint8_t *buff, size_t *size);
void save_restoreDB(uint8_t saveOpt);// option '1' to save DemodBuffer any other to restore
int AutoCorrelate(const int *in, int *out, size_t len, size_t window, bool SaveGrph, bool verbose);
int getSamples(uint32_t n, bool verbose);
int getSamplesEx(uint32_t start, uint32_t end, bool verbose);
void setClockGrid(uint32_t clk, int offset);
int directionalThreshold(const int *in, int *out, size_t len, int8_t up, int8_t down);
int AskEdgeDetect(const int *in, int *out, int len, int threshold);

73
client/src/cmdhf.c
View file

@ -46,7 +46,8 @@ static int CmdHelp(const char *Cmd);
static int usage_hf_search(void) {
PrintAndLogEx(NORMAL, "Usage: hf search");
PrintAndLogEx(NORMAL, "Will try to find a HF read out of the unknown tag. Stops when found.");
PrintAndLogEx(NORMAL, "Will try to find a HF read out of the unknown tag.");
PrintAndLogEx(NORMAL, "Continues to search for all different HF protocols");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - This help");
PrintAndLogEx(NORMAL, "");
@ -64,18 +65,21 @@ static int usage_hf_sniff(void) {
PrintAndLogEx(NORMAL, " <skip triggers> - skip number of triggers");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " hf sniff");
PrintAndLogEx(NORMAL, " hf sniff 1000 0");
PrintAndLogEx(NORMAL, _YELLOW_(" hf sniff"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf sniff 1000 0"));
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
static int usage_hf_tune(void) {
PrintAndLogEx(NORMAL, "Continuously measure HF antenna tuning.");
PrintAndLogEx(NORMAL, "Press button or Enter to interrupt.");
PrintAndLogEx(NORMAL, "Press button or `enter` to interrupt.");
PrintAndLogEx(NORMAL, "Usage: hf tune [h] [<iter>]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - This help");
PrintAndLogEx(NORMAL, " <iter> - number of iterations (default: 0=infinite)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" hf tune 1"));
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
@ -195,7 +199,7 @@ int CmdHFSearch(const char *Cmd) {
int CmdHFTune(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_hf_tune();
int iter = param_get32ex(Cmd, 0, 0, 10);
int iter = param_get32ex(Cmd, 0, 0, 10);
PrintAndLogEx(INFO, "Measuring HF antenna, click " _GREEN_("pm3 button") " or press " _GREEN_("Enter") " to exit");
PacketResponseNG resp;
@ -241,15 +245,68 @@ int CmdHFTune(const char *Cmd) {
return PM3_SUCCESS;
}
// Collects pars of u8,
// uses 16bit transfers from FPGA for speed
// Takes all available bigbuff memory
// data sample to download? Not sure what we can do with the data.
int CmdHFSniff(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_hf_sniff();
int skippairs = param_get32ex(Cmd, 0, 0, 10);
int skiptriggers = param_get32ex(Cmd, 1, 0, 10);
struct {
uint32_t samplesToSkip;
uint32_t triggersToSkip;
} PACKED params;
params.samplesToSkip = param_get32ex(Cmd, 0, 0, 10);
params.triggersToSkip = param_get32ex(Cmd, 1, 0, 10);
clearCommandBuffer();
SendCommandMIX(CMD_HF_SNIFF, skippairs, skiptriggers, 0, NULL, 0);
SendCommandNG(CMD_HF_SNIFF, (uint8_t *)&params, sizeof(params));
for (;;) {
if (kbd_enter_pressed()) {
SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
PrintAndLogEx(INFO, "User aborted");
break;
}
PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_HF_SNIFF, &resp, 1000)) {
if (resp.status == PM3_EOPABORTED) {
PrintAndLogEx(INFO, "Button pressed, user aborted");
break;
}
if (resp.status == PM3_SUCCESS) {
struct r {
uint16_t len;
} PACKED;
struct r *retval = (struct r *)resp.data.asBytes;
PrintAndLogEx(INFO, "HF sniff (%u samples)", retval->len);
PrintAndLogEx(HINT, "Use `" _YELLOW_("data hpf") "` to remove offset");
PrintAndLogEx(HINT, "Use `" _YELLOW_("data plot") "` to view");
PrintAndLogEx(HINT, "Use `" _YELLOW_("data save") "` to save");
// download bigbuf_malloc:d.
// it reserve memory from the higher end.
// At the moment, sniff takes all free memory in bigbuff. If this changes,
// we can't start from beginning idx 0 but from that hi-to-start-of-allocated.
uint32_t start = pm3_capabilities.bigbuf_size - retval->len;
int res = getSamplesEx(start, start, false);
if (res != PM3_SUCCESS) {
PrintAndLogEx(WARNING, "failed to download samples to client");
return res;
}
break;
}
}
}
PrintAndLogEx(INFO, "Done.");
return PM3_SUCCESS;
}

22
client/src/cmdhfmf.c
View file

@ -3560,19 +3560,7 @@ int CmdHF14AMfELoad(const char *Cmd) {
}
mfu_dump_t *mfu_dump = (mfu_dump_t *)data;
PrintAndLogEx(INFO, _CYAN_("MFU dump file information"));
PrintAndLogEx(INFO, " version %s", sprint_hex(mfu_dump->version, sizeof(mfu_dump->version)));
PrintAndLogEx(INFO, " tb 0 %s", sprint_hex(mfu_dump->tbo, sizeof(mfu_dump->tbo)));
PrintAndLogEx(INFO, " tb 1 %s", sprint_hex(mfu_dump->tbo1, sizeof(mfu_dump->tbo1)));
for (uint8_t m = 0; m < 3; m++) {
PrintAndLogEx(INFO, " counter %d %s - tearing 0x%02x", m + 1, sprint_hex(mfu_dump->counter_tearing[m], 3), mfu_dump->counter_tearing[m][3]);
}
PrintAndLogEx(INFO, " signature %s", sprint_hex(mfu_dump->signature, sizeof(mfu_dump->signature)));
PrintAndLogEx(INFO, " data %s... (only first 8 bytes showing)", sprint_hex(mfu_dump->data, 8));
PrintAndLogEx(INFO, " max data page %d, data len %d bytes", mfu_dump->pages, (mfu_dump->pages + 1) * 4);
PrintAndLogEx(INFO, " file header size %d", MFU_DUMP_PREFIX_LENGTH);
PrintAndLogEx(INFO, "----------------------------------------------");
printMFUdumpEx(mfu_dump, mfu_dump->pages + 1, 0);
// update expected blocks to match converted data.
if (numBlocks != datalen / 4) {
@ -4557,7 +4545,7 @@ static int CmdHF14AMfMAD(const char *Cmd) {
// copy default NDEF key
uint8_t akey[6] = {0};
memcpy(akey, g_mifare_ndef_key, 6);
// user specified key
if (keylen == 6) {
memcpy(akey, key, 6);
@ -4596,7 +4584,7 @@ static int CmdHF14AMfMAD(const char *Cmd) {
for (int i = 0; i < madlen; i++) {
if (aaid == mad[i]) {
uint8_t vsector[16 * 4] = {0};
if (mfReadSector(i + 1, keyB ? MF_KEY_B : MF_KEY_A, akey, vsector)) {
PrintAndLogEx(NORMAL, "");
@ -4623,7 +4611,7 @@ static int CmdHF14AMfMAD(const char *Cmd) {
for (int i = 0; i < 4; i ++)
PrintAndLogEx(INFO, "[%d] %s", i, sprint_hex(&sector0[i * 16], 16));
}
return PM3_SUCCESS;
}
@ -4681,7 +4669,7 @@ static int CmdHFMFNDEF(const char *Cmd) {
PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mf ndef -k `") " with your custom key");
return PM3_ESOFT;
}
bool haveMAD2 = false;
int res = MADCheck(sector0, NULL, verbose, &haveMAD2);
if (res != PM3_SUCCESS) {

6
client/src/cmdhfmfp.c
View file

@ -1400,7 +1400,7 @@ static int CmdHFMFPMAD(const char *Cmd) {
for (int i = 0; i < madlen; i++) {
if (aaid == mad[i]) {
uint8_t vsector[16 * 4] = {0};
if (mfReadSector(i + 1, keyB ? MF_KEY_B : MF_KEY_A, akey, vsector)) {
PrintAndLogEx(NORMAL, "");
@ -1472,7 +1472,7 @@ static int CmdHFMFPNDEF(const char *Cmd) {
if (verbose)
PrintAndLogEx(INFO, "reading MAD v1 sector");
if (mfpReadSector(MF_MAD1_SECTOR, MF_KEY_A, (uint8_t *)g_mifarep_mad_key, sector0, verbose)) {
PrintAndLogEx(ERR, "error, read sector 0. card don't have MAD or don't have MAD on default keys");
PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mfp ndef -k `") " with your custom key");
@ -1487,7 +1487,7 @@ static int CmdHFMFPNDEF(const char *Cmd) {
}
if (haveMAD2) {
if (verbose)
PrintAndLogEx(INFO, "reading MAD v2 sector");

40
client/src/cmdhfmfu.c
View file

@ -1694,26 +1694,24 @@ static int CmdHF14AMfURdBl(const char *Cmd) {
return 0;
}
void printMFUdump(mfu_dump_t *card) {
printMFUdumpEx(card, 255, 0);
}
void printMFUdumpEx(mfu_dump_t *card, uint16_t pages, uint8_t startpage) {
PrintAndLogEx(NORMAL, "\n*special* data\n");
PrintAndLogEx(NORMAL, "\nDataType | Data | Ascii");
PrintAndLogEx(NORMAL, "----------+-------------------------+---------");
PrintAndLogEx(NORMAL, "Version | %s| %s", sprint_hex(card->version, sizeof(card->version)), sprint_ascii(card->version, sizeof(card->version)));
PrintAndLogEx(NORMAL, "TBD | %-24s| %s", sprint_hex(card->tbo, sizeof(card->tbo)), sprint_ascii(card->tbo, sizeof(card->tbo)));
PrintAndLogEx(NORMAL, "TBD | %-24s| %s", sprint_hex(card->tbo1, sizeof(card->tbo1)), sprint_ascii(card->tbo1, sizeof(card->tbo1)));
PrintAndLogEx(NORMAL, "Signature1| %s| %s", sprint_hex(card->signature, 16), sprint_ascii(card->signature, 16));
PrintAndLogEx(NORMAL, "Signature2| %s| %s", sprint_hex(card->signature + 16, 16), sprint_ascii(card->signature + 16, 16));
PrintAndLogEx(INFO, _CYAN_("MFU dump file information"));
PrintAndLogEx(INFO, "-------------------------------------------------------------");
PrintAndLogEx(INFO, " Version | " _YELLOW_("%s"), sprint_hex(card->version, sizeof(card->version)));
PrintAndLogEx(INFO, " TBD 0 | %s", sprint_hex(card->tbo, sizeof(card->tbo)));
PrintAndLogEx(INFO, " TBD 1 | %s", sprint_hex(card->tbo1, sizeof(card->tbo1)));
PrintAndLogEx(INFO, " Signature | %s", sprint_hex(card->signature, sizeof(card->signature)));
for (uint8_t i = 0; i < 3; i ++) {
PrintAndLogEx(NORMAL, "Counter%d | %-24s| %s", i, sprint_hex(card->counter_tearing[i], 3), sprint_ascii(card->counter_tearing[i], 3));
PrintAndLogEx(NORMAL, "Tearing%d | %-24s| %s", i, sprint_hex(card->counter_tearing[i] + 3, 1), sprint_ascii(card->counter_tearing[i] + 3, 1));
PrintAndLogEx(INFO, " Counter %d | %s", i, sprint_hex(card->counter_tearing[i], 3));
PrintAndLogEx(INFO, " Tearing %d | %s", i, sprint_hex(card->counter_tearing[i] + 3, 1));
}
PrintAndLogEx(NORMAL, "-------------------------------------------------------------");
PrintAndLogEx(NORMAL, "\nBlock# | Data |lck| Ascii");
PrintAndLogEx(NORMAL, "---------+-------------+---+------");
PrintAndLogEx(INFO, "Max data page | " _YELLOW_("%d") " (" _YELLOW_("%d") " bytes)", card->pages - 1, card->pages * 4);
PrintAndLogEx(INFO, " Header size | %d", MFU_DUMP_PREFIX_LENGTH);
PrintAndLogEx(INFO, "-------------------------------------------------------------");
PrintAndLogEx(INFO, "block# | data |lck| ascii");
PrintAndLogEx(INFO, "---------+-------------+---+------");
uint8_t j = 0;
bool lckbit = false;
@ -1739,12 +1737,12 @@ void printMFUdumpEx(mfu_dump_t *card, uint16_t pages, uint8_t startpage) {
for (j = 0; j < 16; j++) {
bit_dyn[j] = lockbytes_dyn[j / 8] & (1 << (7 - j % 8));
}
PrintAndLogEx(NORMAL, "DYNAMIC LOCK: %s\n", sprint_hex(lockbytes_dyn, 3));
PrintAndLogEx(INFO, "DYNAMIC LOCK: %s", sprint_hex(lockbytes_dyn, 3));
}
for (uint8_t i = 0; i < pages; ++i) {
if (i < 3) {
PrintAndLogEx(NORMAL, "%3d/0x%02X | %s| | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), sprint_ascii(data + i * 4, 4));
PrintAndLogEx(INFO, "%3d/0x%02X | %s| | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), sprint_ascii(data + i * 4, 4));
continue;
}
switch (i) {
@ -1838,9 +1836,9 @@ void printMFUdumpEx(mfu_dump_t *card, uint16_t pages, uint8_t startpage) {
default:
break;
}
PrintAndLogEx(NORMAL, "%3d/0x%02X | %s| %d | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), lckbit, sprint_ascii(data + i * 4, 4));
PrintAndLogEx(INFO, "%3d/0x%02X | %s| %s | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), (lckbit) ? _RED_("1") : "0", sprint_ascii(data + i * 4, 4));
}
PrintAndLogEx(NORMAL, "---------------------------------");
PrintAndLogEx(INFO, "---------------------------------");
}
//

30
client/src/cmdlfawid.c
View file

@ -38,7 +38,7 @@ static int usage_lf_awid_watch(void) {
PrintAndLogEx(NORMAL, "Usage: lf awid watch");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid watch");
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid watch"));
return PM3_SUCCESS;
}
@ -54,8 +54,8 @@ static int usage_lf_awid_sim(void) {
PrintAndLogEx(NORMAL, " <card number> : 16|32-bit value card number");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid sim 26 224 1337");
PrintAndLogEx(NORMAL, " lf awid sim 50 2001 13371337");
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid sim 26 224 1337"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid sim 50 2001 13371337"));
return PM3_SUCCESS;
}
@ -72,8 +72,8 @@ static int usage_lf_awid_clone(void) {
PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid clone 26 224 1337");
PrintAndLogEx(NORMAL, " lf awid clone 50 2001 13371337");
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid clone 26 224 1337"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid clone 50 2001 13371337"));
return PM3_SUCCESS;
}
@ -92,9 +92,9 @@ static int usage_lf_awid_brute(void) {
PrintAndLogEx(NORMAL, " v : verbose logging, show all tries");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid brute a 26 f 224");
PrintAndLogEx(NORMAL, " lf awid brute a 50 f 2001 d 2000");
PrintAndLogEx(NORMAL, " lf awid brute v a 50 f 2001 c 200 d 2000");
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute a 26 f 224"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute a 50 f 2001 d 2000"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute v a 50 f 2001 c 200 d 2000"));
return PM3_SUCCESS;
}
@ -180,11 +180,17 @@ static void verify_values(uint8_t *fmtlen, uint32_t *fc, uint32_t *cn) {
// this read loops on device side.
// uses the demod in lfops.c
static int CmdAWIDWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_awid_watch();
uint8_t c = tolower(param_getchar(Cmd, 0));
if (c == 'h') return usage_lf_awid_watch();
PrintAndLogEx(SUCCESS, "Watching for AWID cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer();
SendCommandNG(CMD_LF_AWID_DEMOD, NULL, 0);
return PM3_SUCCESS;
SendCommandNG(CMD_LF_AWID_WATCH, NULL, 0);
PacketResponseNG resp;
WaitForResponse(CMD_LF_AWID_WATCH, &resp);
PrintAndLogEx(INFO, "Done");
return resp.status;
}
//by marshmellow

186
client/src/cmdlfem4x.c
View file

@ -9,6 +9,7 @@
//-----------------------------------------------------------------------------
#include "cmdlfem4x.h"
#include "cmdlfem4x50.h"
#include <stdio.h>
#include <string.h>
@ -44,13 +45,24 @@ static int usage_lf_em410x_demod(void) {
PrintAndLogEx(NORMAL, " maxerror - set maximum allowed errors, default = 100.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_demod = demod an EM410x Tag ID from GraphBuffer");
PrintAndLogEx(NORMAL, " lf em 410x_demod 32 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32");
PrintAndLogEx(NORMAL, " lf em 410x_demod 32 1 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32 and inverting data");
PrintAndLogEx(NORMAL, " lf em 410x_demod 1 = demod an EM410x Tag ID from GraphBuffer while inverting data");
PrintAndLogEx(NORMAL, " lf em 410x_demod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod") " = demod an EM410x Tag ID from GraphBuffer");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 32") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 32 1") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32 and inverting data");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 1") " = demod an EM410x Tag ID from GraphBuffer while inverting data");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 64 1 0") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
return PM3_SUCCESS;
}
static int usage_lf_em410x_watch(void) {
PrintAndLogEx(NORMAL, "Enables IOProx compatible reader mode printing details of scanned tags.");
PrintAndLogEx(NORMAL, "By default, values are printed and logged until the button is pressed or another USB command is issued.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 410x_watch");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_watch"));
return PM3_SUCCESS;
}
static int usage_lf_em410x_write(void) {
PrintAndLogEx(NORMAL, "Writes EM410x ID to a T55x7 / T5555 (Q5) tag");
PrintAndLogEx(NORMAL, "");
@ -61,7 +73,7 @@ static int usage_lf_em410x_write(void) {
PrintAndLogEx(NORMAL, " <card> - 0|1 T5555 (Q5) / T55x7");
PrintAndLogEx(NORMAL, " <clock> - 16|32|40|64, optional, set R/F clock rate, defaults to 64");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_write 0F0368568B 1 = write ID to t55x7 card");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_write 0F0368568B 1") " = write ID to t55x7 card");
return PM3_SUCCESS;
}
static int usage_lf_em410x_ws(void) {
@ -71,7 +83,7 @@ static int usage_lf_em410x_ws(void) {
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_spoof");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_spoof"));
return PM3_SUCCESS;
}
static int usage_lf_em410x_sim(void) {
@ -83,8 +95,8 @@ static int usage_lf_em410x_sim(void) {
PrintAndLogEx(NORMAL, " uid - uid (10 HEX symbols)");
PrintAndLogEx(NORMAL, " clock - clock (32|64) (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B");
PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B 32");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_sim 0F0368568B"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_sim 0F0368568B 32"));
return PM3_SUCCESS;
}
static int usage_lf_em410x_brute(void) {
@ -97,10 +109,10 @@ static int usage_lf_em410x_brute(void) {
PrintAndLogEx(NORMAL, " d (2000) - pause delay in milliseconds between UIDs simulation, default 1000 ms (optional)");
PrintAndLogEx(NORMAL, " c (32) - clock (32|64), default 64 (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt c 32");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000 c 32");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt c 32"));
PrintAndLogEx(NORMAL, _YELLOW_( " lf em 410x_brute ids.txt d 3000"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt d 3000 c 32"));
return PM3_SUCCESS;
}
@ -138,20 +150,6 @@ static int usage_lf_em4x50_read(void) {
PrintAndLogEx(NORMAL, " lf em 4x50_read 1 11223344");
return PM3_SUCCESS;
}
static int usage_lf_em4x50_write(void) {
PrintAndLogEx(NORMAL, "Write EM 4x50/4x69. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] <address> <data> <pwd>");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " address - memory address to write to. (0-15)");
PrintAndLogEx(NORMAL, " data - data to write (hex)");
PrintAndLogEx(NORMAL, " pwd - password (hex) (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de");
PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de 11223344");
return PM3_SUCCESS;
}
//////////////// 4205 / 4305 commands
static int usage_lf_em4x05_dump(void) {
@ -439,16 +437,23 @@ int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose) {
return PM3_ESOFT;
return AskEm410xDecode(verbose, hi, lo);
}
/*
// this read loops on device side.
// uses the demod in lfops.c
static int CmdEM410xRead_device(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
uint8_t findone = (cmdp == '1') ? 1 : 0;
SendCommandMIX(CMD_LF_EM410X_DEMOD, findone, 0, 0, NULL, 0);
return PM3_SUCCESS;
static int CmdEM410xWatch(const char *Cmd) {
uint8_t c = tolower(param_getchar(Cmd, 0));
if (c == 'h') return usage_lf_em410x_watch();
PrintAndLogEx(SUCCESS, "Watching for EM410x cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer();
SendCommandNG(CMD_LF_EM410X_WATCH, NULL, 0);
PacketResponseNG resp;
WaitForResponse(CMD_LF_EM410X_WATCH, &resp);
PrintAndLogEx(INFO, "Done");
return resp.status;
}
*/
//by marshmellow
//takes 3 arguments - clock, invert and maxErr as integers
//attempts to demodulate ask while decoding manchester
@ -608,30 +613,6 @@ static int CmdEM410xBrute(const char *Cmd) {
return PM3_SUCCESS;
}
/* Function is equivalent of lf read + data samples + em410xread
* looped until an EM410x tag is detected
*
* Why is CmdSamples("16000")?
* TBD: Auto-grow sample size based on detected sample rate. IE: If the
* rate gets lower, then grow the number of samples
* Changed by martin, 4000 x 4 = 16000,
* see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
*
* EDIT -- capture enough to get 2 complete preambles at the slowest data rate known to be used (rf/64) (64*64*2+9 = 8201) marshmellow
*/
static int CmdEM410xWatch(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
do {
if (kbd_enter_pressed()) {
PrintAndLogEx(WARNING, "\naborted via keyboard!\n");
break;
}
lf_read(false, 12288);
} while (CmdEM410xRead("") != PM3_SUCCESS);
return PM3_SUCCESS;
}
//currently only supports manchester modulations
static int CmdEM410xWatchnSpoof(const char *Cmd) {
@ -649,29 +630,26 @@ static int CmdEM410xWrite(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 0x00 || cmdp == 'h') return usage_lf_em410x_write();
uint64_t id = 0xFFFFFFFFFFFFFFFF; // invalid id value
int card = 0xFF; // invalid card value
uint32_t clock1 = 0; // invalid clock value
sscanf(Cmd, "%" SCNx64 " %d %d", &id, &card, &clock1);
uint64_t id = param_get64ex(Cmd, 0, -1, 16);
uint8_t card = param_get8ex(Cmd, 1, 0xFF, 10);
uint8_t clock1 = param_get8ex(Cmd, 2, 0, 10);
// Check ID
if (id == 0xFFFFFFFFFFFFFFFF) {
PrintAndLogEx(ERR, "Error! ID is required.\n");
PrintAndLogEx(ERR, "error, ID is required\n");
usage_lf_em410x_write();
return PM3_EINVARG;
}
if (id >= 0x10000000000) {
PrintAndLogEx(ERR, "Error! Given EM410x ID is longer than 40 bits.\n");
PrintAndLogEx(ERR, "error, given EM410x ID is longer than 40 bits\n");
usage_lf_em410x_write();
return PM3_EINVARG;
}
// Check Card
if (card == 0xFF) {
PrintAndLogEx(ERR, "Error! Card type required.\n");
return PM3_EINVARG;
}
if (card < 0) {
PrintAndLogEx(ERR, "Error! Bad card type selected.\n");
if (card > 1) {
PrintAndLogEx(FAILED, "error, bad card type selected\n");
usage_lf_em410x_write();
return PM3_EINVARG;
}
@ -681,29 +659,51 @@ static int CmdEM410xWrite(const char *Cmd) {
// Allowed clock rates: 16, 32, 40 and 64
if ((clock1 != 16) && (clock1 != 32) && (clock1 != 64) && (clock1 != 40)) {
PrintAndLogEx(ERR, "Error! Clock rate" _YELLOW_("%d")" not valid. Supported clock rates are 16, 32, 40 and 64.\n", clock1);
PrintAndLogEx(ERR, "error, clock rate" _RED_("%d")" not valid");
PrintAndLogEx(INFO, "supported clock rates: " _YELLOW_("16, 32, 40, 60") "\n", clock1);
usage_lf_em410x_write();
return PM3_EINVARG;
}
if (card == 1) {
PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 " (clock rate: %d)", "T55x7", id, clock1);
PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 " (clock rate: %d)", _GREEN_("T55x7"), id, clock1);
// NOTE: We really should pass the clock in as a separate argument, but to
// provide for backwards-compatibility for older firmware, and to avoid
// having to add another argument to CMD_LF_EM410X_WRITE, we just store
// the clock rate in bits 8-15 of the card value
card = (card & 0xFF) | ((clock1 << 8) & 0xFF00);
} else if (card == 0) {
PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 "(clock rate: %d)", "T5555", id, clock1);
card = (card & 0xFF) | ((clock1 << 8) & 0xFF00);
} else {
PrintAndLogEx(FAILED, "Error! Bad card type selected.\n");
return PM3_ESOFT;
PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 "(clock rate: %d)", _GREEN_("T5555"), id, clock1);
}
struct {
uint8_t card;
uint8_t clock;
uint32_t high;
uint32_t low;
} PACKED params;
SendCommandMIX(CMD_LF_EM410X_WRITE, card, (uint32_t)(id >> 32), (uint32_t)id, NULL, 0);
PrintAndLogEx(SUCCESS, "Done");
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 410x_read`") " to verify");
return PM3_SUCCESS;
params.card = card;
params.clock = clock1;
params.high = (uint32_t)(id >> 32);
params.low = (uint32_t)id;
clearCommandBuffer();
SendCommandNG(CMD_LF_EM410X_WRITE, (uint8_t *)&params, sizeof(params));
PacketResponseNG resp;
WaitForResponse(CMD_LF_EM410X_WRITE, &resp);
switch(resp.status) {
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "Done");
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 410x_read`") " to verify");
break;
}
default: {
PrintAndLogEx(WARNING, "Something went wrong");
break;
}
}
return resp.status;
}
//**************** Start of EM4x50 Code ************************
@ -1014,7 +1014,7 @@ int EM4x50Read(const char *Cmd, bool verbose) {
PrintAndLogEx(INFO, "%03d | %08x", block, Code[block]);
}
PrintAndLogEx(INFO, "----+--------------");
PrintAndLogEx( (AllPTest) ? SUCCESS : WARNING, "Parities checks | %s", (AllPTest) ? _GREEN_("Passed") : _RED_("Fail"));
PrintAndLogEx((AllPTest) ? SUCCESS : WARNING, "Parities checks | %s", (AllPTest) ? _GREEN_("Passed") : _RED_("Fail"));
if (AllPTest == false) {
PrintAndLogEx(HINT, "Try cleaning the read samples with " _YELLOW_("'data askedge'"));
@ -1035,19 +1035,10 @@ static int CmdEM4x50Demod(const char *Cmd) {
static int CmdEM4x50Read(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_read();
lf_read(false, 24000);
return EM4x50Read(Cmd, true);
}
static int CmdEM4x50Write(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_write();
PrintAndLogEx(NORMAL, "no implemented yet");
//
// PrintAndLogEx(SUCCESS, "Done");
// PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 4x50_read`") " to verify");
return PM3_SUCCESS;
}
static int CmdEM4x50Dump(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_dump();
@ -1745,6 +1736,7 @@ static int CmdEM4x05Info(const char *Cmd) {
static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("EM 410x") " -----------------------"},
//{"410x_demod", CmdEMdemodASK, IfPm3Lf, "Extract ID from EM410x tag on antenna)"},
{"410x_demod", CmdEM410xDemod, AlwaysAvailable, "demodulate a EM410x tag from the GraphBuffer"},
{"410x_read", CmdEM410xRead, IfPm3Lf, "attempt to read and extract tag data"},
@ -1753,18 +1745,20 @@ static command_t CommandTable[] = {
{"410x_watch", CmdEM410xWatch, IfPm3Lf, "watches for EM410x 125/134 kHz tags (option 'h' for 134)"},
{"410x_spoof", CmdEM410xWatchnSpoof, IfPm3Lf, "watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)" },
{"410x_write", CmdEM410xWrite, IfPm3Lf, "write EM410x UID to T5555(Q5) or T55x7 tag"},
{"----------", CmdHelp, AlwaysAvailable, "-------------------- " _CYAN_("EM 4x05 / 4x69") " -------------------"},
{"4x05_demod", CmdEM4x05Demod, AlwaysAvailable, "demodulate a EM4x05/EM4x69 tag from the GraphBuffer"},
{"4x05_dump", CmdEM4x05Dump, IfPm3Lf, "dump EM4x05/EM4x69 tag"},
{"4x05_wipe", CmdEM4x05Wipe, IfPm3Lf, "wipe EM4x05/EM4x69 tag"},
{"4x05_info", CmdEM4x05Info, IfPm3Lf, "tag information EM4x05/EM4x69"},
{"4x05_read", CmdEM4x05Read, IfPm3Lf, "read word data from EM4x05/EM4x69"},
{"4x05_write", CmdEM4x05Write, IfPm3Lf, "write word data to EM4x05/EM4x69"},
{"----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("EM 4x50") " -----------------------"},
{"4x50_demod", CmdEM4x50Demod, AlwaysAvailable, "demodulate a EM4x50 tag from the GraphBuffer"},
{"4x50_dump", CmdEM4x50Dump, IfPm3Lf, "dump EM4x50 tag"},
{"4x50_read", CmdEM4x50Read, IfPm3Lf, "read word data from EM4x50"},
{"4x50_info", CmdEM4x50Info, IfPm3Lf, "read complete data from EM4x50"},
{"4x50_write", CmdEM4x50Write, IfPm3Lf, "write word data to EM4x50"},
{"4x50_write_password", CmdEM4x50WritePassword, IfPm3Lf, "change passwword of EM4x50 tag"},
{NULL, NULL, NULL, NULL}
};

663
client/src/cmdlfem4x50.c Normal file
View file

@ -0,0 +1,663 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 tharexde
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency EM4x50 commands
//-----------------------------------------------------------------------------
#include "cmdlfem4x50.h"
#include <ctype.h>
#include "fileutils.h"
#include "comms.h"
#include "commonutil.h"
#include "em4x50.h"
#define EM4X50_NO_WORDS 34
// special words
#define EM4X50_DEVICE_PASSWORD 0
#define EM4X50_PROTECTION 1
#define EM4X50_CONTROL 2
#define EM4X50_DEVICE_SERIAL 32
#define EM4X50_DEVICE_ID 33
// control word (word = 4 bytes)
#define FIRST_WORD_READ 0 // first byte
#define LAST_WORD_READ 1 // second byte
#define CONFIG_BLOCK 2 // third byte
#define PASSWORD_CHECK 0x80 // first bit in third byte
#define READ_AFTER_WRITE 0x40 // second bit in third byte
// protection word
#define FIRST_WORD_READ_PROTECTED 0 // first byte
#define LAST_WORD_READ_PROTECTED 1 // second byte
#define FIRST_WORD_WRITE_INHIBITED 2 // third byte
#define LAST_WORD_WRITE_INHIBITED 3 // fourth byte
// misc
#define STATUS_SUCCESS 0x2
#define STATUS_LOGIN 0x1
#define NO_CHARS_MAX 400
int usage_lf_em4x50_info(void) {
PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_info [h] [v] [p <pwd>]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " v - verbose output");
PrintAndLogEx(NORMAL, " p <pwd> - password (hex) (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_info");
PrintAndLogEx(NORMAL, " lf em 4x50_info p fa225de1\n");
PrintAndLogEx(NORMAL, " lf em 4x50_info v p fa225de1\n");
return PM3_SUCCESS;
}
int usage_lf_em4x50_write(void) {
PrintAndLogEx(NORMAL, "Write EM4x50 word. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] a <address> w <data>");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " a <addr> - memory address to write to (dec)");
PrintAndLogEx(NORMAL, " w <word> - word to write (hex)");
PrintAndLogEx(NORMAL, " p <pwd> - password (hex) (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_write a 3 w deadc0de");
return PM3_SUCCESS;
}
int usage_lf_em4x50_write_password(void) {
PrintAndLogEx(NORMAL, "Write EM4x50 password. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write_password [h] p <pwd> n <pwd>");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " p <pwd> - password (hex)");
PrintAndLogEx(NORMAL, " n <pwd> - new password (hex)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_write_password p 11223344 n 01020304");
return PM3_SUCCESS;
}
static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) {
// restructure received result in "em4x50_word_t" structure and check all
// parities including stop bit; result of each check is stored in structure
int p = 0, c[8] = {0, 0, 0, 0, 0, 0, 0, 0};
for (int i = fwr; i <= lwr; i++) {
words[i].stopparity = true;
words[i].parity = true;
for (int j = 0; j < 8; j++)
c[j] = 0;
for (int j = 0; j < 4; j++) {
words[i].byte[j] = byte[i*7+j];
words[i].row_parity[j] = (byte[i*7+4] >> (3-j)) & 1;
// collect parities
p = 0;
for (int k = 0; k < 8; k++) {
// row parity
p ^= (words[i].byte[j] >> k) & 1;
// column parity
c[k] ^= (words[i].byte[j] >> (7-k)) & 1;
}
// check row parities
words[i].rparity[j] = (words[i].row_parity[j] == p) ? true : false;
if (!words[i].rparity[j])
words[i].parity = false;
}
// check column parities
words[i].col_parity = byte[i*7+5] ;
for (int j = 0; j < 8; j++) {
words[i].cparity[j] = (((words[i].col_parity >> (7-j)) & 1) == c[j]) ? true : false;
if (!words[i].cparity[j])
words[i].parity = false;
}
// check stop bit
words[i].stopbit = byte[i*7+6] & 1;
if (words[i].stopbit == 1)
words[i].stopparity = false;
}
}
static void print_bit_table(const em4x50_word_t word) {
// generate output in table form for each word including parities, stop
// bit, result of parity checks and hex notation of each row in msb/lsb
// notation
// individual parity errors will be highlighted in red
int bit = 0;
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
// print binary data
for (int j = 0; j < 4; j++) {
strcat(string, " ");
// lsb notation
for (int k = 0; k < 8; k++) {
sprintf(pstring, "%i", (word.byte[j] >> (7-k)) & 1);
strcat(string, pstring);
}
strcat(string, " | ");
// binary row parities + hex bytes of word
sprintf(pstring, (word.rparity[j]) ? "%i" : _RED_("%i"), word.row_parity[j]);
strcat(string, pstring);
if (j == 0)
sprintf(pstring, " msb: 0x%02x lsb: 0x%02x", word.byte[j], reflect8(word.byte[j]));
else
sprintf(pstring, " 0x%02x 0x%02x", word.byte[j], reflect8(word.byte[j]));
strcat(string, pstring);
PrintAndLogEx(NORMAL,string);
string[0] = '\0';
}
strcat(string, " ------------ --------------------\n ");
// binary column parities
for (int k = 0; k < 8; k++) {
bit = (word.col_parity >> (7-k)) & 1;
// if column parity is false -> highlight bit in red
sprintf(pstring, (word.cparity[k]) ? "%i" : _RED_("%i"), bit);
strcat(string, pstring);
}
// binary stop bit
strcat(string, " | ");
sprintf(pstring, (word.stopparity) ? "%i" : _RED_("%i"), word.stopbit);
strcat(pstring, " parities ");
strcat(string, pstring);
// parities passed/failed
sprintf(pstring, (word.parity) ? _GREEN_("ok") : _RED_("failed"));
strcat(string, pstring);
PrintAndLogEx(NORMAL,string);
string[0] = '\0';
}
static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
// print available information for given word from fwr to lwr, i.e.
// bit table + summary lines with hex notation of word (msb + lsb)
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
for (int i = fwr; i <= lwr; i++) {
// blank line before each bit table
PrintAndLogEx(NORMAL, "");
// print bit table
print_bit_table(words[i]);
// final result
sprintf(pstring, "\n word[%i] msb: " _GREEN_("0x"), i);
strcat(string, pstring);
for (int j = 0; j < 4; j++) {
sprintf(pstring, _GREEN_("%02x"), words[i].byte[j]);
strcat(string, pstring);
}
sprintf(pstring, "\n word[%i] lsb: 0x", i);
strcat(string, pstring);
for (int j = 0; j < 4; j++) {
sprintf(pstring, "%02x", reflect8(words[i].byte[3-j]));
strcat(string, pstring);
}
PrintAndLogEx(NORMAL,string);
string[0] = '\0';
}
}
static void print_info_result(PacketResponseNG *resp, const em4x50_data_t *etd, bool bverbose) {
// display all information of info result in structured format
uint8_t *data = resp->data.asBytes;
em4x50_word_t words[EM4X50_NO_WORDS];
char pstring[NO_CHARS_MAX] = {0}, string[NO_CHARS_MAX] = {0};
bool bpwd_given = etd->pwd_given;
bool bsuccess = resp->status & STATUS_SUCCESS;
bool blogin = resp->status & STATUS_LOGIN;
prepare_result(data, 0, EM4X50_NO_WORDS - 1, words);
bool bpwc = words[EM4X50_CONTROL].byte[CONFIG_BLOCK] & PASSWORD_CHECK;
bool braw = words[EM4X50_CONTROL].byte[CONFIG_BLOCK] & READ_AFTER_WRITE;
int fwr = reflect8(words[EM4X50_CONTROL].byte[FIRST_WORD_READ]);
int lwr = reflect8(words[EM4X50_CONTROL].byte[LAST_WORD_READ]);
int fwrp = reflect8(words[EM4X50_PROTECTION].byte[FIRST_WORD_READ_PROTECTED]);
int lwrp = reflect8(words[EM4X50_PROTECTION].byte[LAST_WORD_READ_PROTECTED]);
int fwwi = reflect8(words[EM4X50_PROTECTION].byte[FIRST_WORD_WRITE_INHIBITED]);
int lwwi = reflect8(words[EM4X50_PROTECTION].byte[LAST_WORD_WRITE_INHIBITED]);
// data section
PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 data:"));
if (bverbose) {
// detailed data section
print_result(words, 0, EM4X50_NO_WORDS - 1);
} else {
// condensed data section
for (int i = 0; i < EM4X50_NO_WORDS; i++) {
sprintf(pstring, " word[%2i]: ", i);
strcat(string, pstring);
for (int j = 0; j < 4; j++) {
sprintf(pstring, "%02x", words[i].byte[j]);
strcat(string, pstring);
}
switch(i) {
case EM4X50_DEVICE_PASSWORD:
sprintf(pstring, _YELLOW_(" password, write only"));
break;
case EM4X50_PROTECTION:
sprintf(pstring, _YELLOW_(" protection word, write inhibited"));
break;
case EM4X50_CONTROL:
sprintf(pstring, _YELLOW_(" control word, write inhibited"));
break;
case EM4X50_DEVICE_SERIAL:
sprintf(pstring, _YELLOW_(" device serial number, read only"));
break;
case EM4X50_DEVICE_ID:
sprintf(pstring, _YELLOW_(" device identification, read only"));
break;
default:
sprintf(pstring, " user data");
break;
}
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
}
}
// configuration section
PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 configuration"));
PrintAndLogEx(NORMAL," control: | protection:");
sprintf(pstring, " first word read: %3i |", fwr);
strcat(string, pstring);
sprintf(pstring, " first word read protected: %3i", fwrp);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
sprintf(pstring, " last word read: %3i |", lwr);
strcat(string, pstring);
sprintf(pstring, " last word read protected: %3i", lwrp);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
sprintf(pstring, " password check: %3s |", (bpwc) ? "on" : "off");
strcat(string, pstring);
sprintf(pstring, " first word write inhibited: %3i", fwwi);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
sprintf(pstring, " read after write: %3s |", (braw) ? "on" : "off");
strcat(string, pstring);
sprintf(pstring, " last word write inhibited: %3i", lwwi);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
PrintAndLogEx(NORMAL, "\n zero values may indicate read protection!");
// status line
sprintf(pstring, " reading ");
strcat(string, pstring);
if (!bsuccess) {
sprintf(pstring, _RED_("failed"));
strcat(string, pstring);
} else {
sprintf(pstring, _GREEN_("ok "));
strcat(string, pstring);
if (blogin) {
if (bpwd_given) {
sprintf(pstring, "(login with password 0x%02x%02x%02x%02x)",
etd->password[0], etd->password[1],
etd->password[2], etd->password[3]);
strcat(string, pstring);
} else {
sprintf(pstring, "(login with default password 0x00000000)");
strcat(string, pstring);
}
} else {
if (bpwd_given) {
sprintf(pstring, "(login failed)");
strcat(string, pstring);
} else {
sprintf(pstring, "(no login)");
strcat(string, pstring);
}
}
}
PrintAndLogEx(NORMAL,"%s\n", string);
}
int CmdEM4x50Info(const char *Cmd) {
// envoke reading of a EM4x50 tag which has to be on the antenna because
// decoding is done by the device (not on client side)
bool errors = false, verbose = false, success = false;
uint8_t cmdp = 0;
em4x50_data_t etd;
PacketResponseNG resp;
// init
etd.pwd_given = false;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_lf_em4x50_info();
case 'p':
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
return PM3_EINVARG;
}
etd.pwd_given = true;
cmdp += 2;
break;
case 'v':
verbose = true;
cmdp += 1;
break;
default:
PrintAndLogEx(WARNING, " Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
// validation
if (errors)
return usage_lf_em4x50_info();
// call info command
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_INFO, (uint8_t *)&etd, sizeof(etd));
// get result
if (!WaitForResponse(CMD_ACK, &resp)) {
PrintAndLogEx(WARNING, " timeout while waiting for reply.");
return PM3_ETIMEOUT;
}
// print result
print_info_result(&resp, &etd, verbose);
success = resp.status & STATUS_SUCCESS;
return (success) ? PM3_SUCCESS : PM3_ESOFT;
}
static void print_write_result(PacketResponseNG *resp, const em4x50_data_t *etd) {
// display result of writing operation in structured format
bool pwd_given = etd->pwd_given;
bool success = resp->status & STATUS_SUCCESS;
bool login = resp->status & STATUS_LOGIN;
uint8_t *data = resp->data.asBytes;
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
em4x50_word_t word;
if (!success) {
sprintf(pstring, "\n writing " _RED_("failed"));
strcat(string, pstring);
} else {
prepare_result(data, etd->address, etd->address, &word);
print_result(&word, etd->address, etd->address);
sprintf(pstring, "\n writing " _GREEN_("ok "));
strcat(string, pstring);
if (pwd_given) {
if (login) {
sprintf(pstring, "(login with password 0x%02x%02x%02x%02x)",
etd->password[0], etd->password[1],
etd->password[2], etd->password[3]);
strcat(string, pstring);
} else {
sprintf(pstring, "(login failed)");
strcat(string, pstring);
}
} else {
sprintf(pstring, "(no login)");
strcat(string, pstring);
}
}
PrintAndLogEx(NORMAL,"%s\n", string);
}
int CmdEM4x50Write(const char *Cmd) {
// envoke writing a single word (32 bit) to a EM4x50 tag
bool errors = false, bword = false, baddr = false, success = false;
uint8_t cmdp = 0;
em4x50_data_t etd;
PacketResponseNG resp;
// init
etd.pwd_given = false;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_lf_em4x50_write();
case 'p':
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
return PM3_EINVARG;
}
etd.pwd_given = true;
cmdp += 2;
break;
case 'w':
if (param_gethex(Cmd, cmdp + 1, etd.word, 8)) {
PrintAndLogEx(FAILED, "\n word has to be 8 hex symbols\n");
return PM3_EINVARG;
}
bword = true;
cmdp += 2;
break;
case 'a':
param_getdec(Cmd, cmdp + 1, &etd.address);
// validation
if (etd.address < 1 || etd.address > 31) {
PrintAndLogEx(FAILED, "\n error, address has to be in range [1-31]\n");
return PM3_EINVARG;
}
baddr = true;
cmdp += 2;
break;
default:
PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors || !bword || !baddr)
return usage_lf_em4x50_write();
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_WRITE, (uint8_t *)&etd, sizeof(etd));
if (!WaitForResponse(CMD_ACK, &resp)) {
PrintAndLogEx(WARNING, "\n timeout while waiting for reply.\n");
return PM3_ETIMEOUT;
}
// get, prepare and print response
print_write_result(&resp, &etd);
success = resp.status & STATUS_SUCCESS;
return (success) ? PM3_SUCCESS : PM3_ESOFT;
}
static void print_write_password_result(PacketResponseNG *resp, const em4x50_data_t *etd) {
// display result of password changing operation
bool success = resp->status;
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
if (!success) {
sprintf(pstring, "\n writing new password " _RED_("failed"));
strcat(string, pstring);
} else {
sprintf(pstring, "\n writing new password " _GREEN_("ok"));
strcat(string, pstring);
}
PrintAndLogEx(NORMAL,"%s\n", string);
}
int CmdEM4x50WritePassword(const char *Cmd) {
// envokes changing the password of EM4x50 tag
bool errors = false, bpwd = false, bnpwd = false;
uint8_t cmdp = 0;
em4x50_data_t etd;
PacketResponseNG resp;
// init
etd.pwd_given = false;
etd.newpwd_given = false;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_lf_em4x50_write_password();
case 'p':
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
return PM3_EINVARG;
}
bpwd = true;
etd.pwd_given = true;
cmdp += 2;
break;
case 'n':
if (param_gethex(Cmd, cmdp + 1, etd.new_password, 8)) {
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
return PM3_EINVARG;
}
bnpwd = true;
etd.newpwd_given = true;
cmdp += 2;
break;
default:
PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors || !bpwd || !bnpwd)
return usage_lf_em4x50_write_password();
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_WRITE_PASSWORD, (uint8_t *)&etd, sizeof(etd));
if (!WaitForResponse(CMD_ACK, &resp)) {
PrintAndLogEx(WARNING, "\n timeout while waiting for reply.\n");
return PM3_ETIMEOUT;
}
// get, prepare and print response
print_write_password_result(&resp, &etd);
return ((bool)resp.status) ? PM3_SUCCESS : PM3_ESOFT;
}

22
client/src/cmdlfem4x50.h Normal file
View file

@ -0,0 +1,22 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 tharexde
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency EM4x50 commands
//-----------------------------------------------------------------------------
#ifndef CMDLFEM4X50_H__
#define CMDLFEM4X50_H__
int usage_lf_em4x50_info(void);
int usage_lf_em4x50_write(void);
int usage_lf_em4x50_write_password(void);
int CmdEM4x50Info(const char *Cmd);
int CmdEM4x50Write(const char *Cmd);
int CmdEM4x50WritePassword(const char *Cmd);
#endif

16
client/src/cmdlfhid.c
View file

@ -264,13 +264,17 @@ static int CmdHIDRead(const char *Cmd) {
// this read loops on device side.
// uses the demod in lfops.c
static int CmdHIDWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_hid_watch();
uint8_t c = tolower(param_getchar(Cmd, 0));
if (c == 'h') return usage_lf_hid_watch();
PrintAndLogEx(SUCCESS, "Watching for HID Prox cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer();
SendCommandNG(CMD_LF_HID_DEMOD, NULL, 0);
PrintAndLogEx(SUCCESS, "Watching for new HID cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading new cards");
return PM3_SUCCESS;
SendCommandNG(CMD_LF_HID_WATCH, NULL, 0);
PacketResponseNG resp;
WaitForResponse(CMD_LF_HID_WATCH, &resp);
PrintAndLogEx(INFO, "Done");
return resp.status;
}
static int CmdHIDSim(const char *Cmd) {

2
client/src/cmdlfhitag.c
View file

@ -584,7 +584,7 @@ static int CmdLFHitagReader(const char *Cmd) {
clearCommandBuffer();
SendCommandMIX(cmd, htf, 0, 0, &htd, sizeof(htd));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 4000)) {
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return PM3_ETIMEOUT;
}

20
client/src/cmdlfio.c
View file

@ -36,7 +36,7 @@ static int usage_lf_io_watch(void) {
PrintAndLogEx(NORMAL, "Usage: lf io watch");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf io watch");
PrintAndLogEx(NORMAL, _YELLOW_(" lf io watch"));
return PM3_SUCCESS;
}
@ -52,7 +52,7 @@ static int usage_lf_io_sim(void) {
PrintAndLogEx(NORMAL, " <card number> : 16bit value card number (decimal)");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf io sim 26 101 1337");
PrintAndLogEx(NORMAL, _YELLOW_(" lf io sim 26 101 1337"));
return PM3_SUCCESS;
}
@ -69,18 +69,24 @@ static int usage_lf_io_clone(void) {
PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf io clone 26 101 1337");
PrintAndLogEx(NORMAL, _YELLOW_(" lf io clone 26 101 1337"));
return PM3_SUCCESS;
}
// this read loops on device side.
// uses the demod in lfops.c
static int CmdIOProxWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_io_watch();
uint8_t c = tolower(param_getchar(Cmd, 0));
if (c == 'h') return usage_lf_io_watch();
PrintAndLogEx(SUCCESS, "Watching for IO Prox cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer();
SendCommandNG(CMD_LF_IO_DEMOD, NULL, 0);
return PM3_SUCCESS;
SendCommandNG(CMD_LF_IO_WATCH, NULL, 0);
PacketResponseNG resp;
WaitForResponse(CMD_LF_IO_WATCH, &resp);
PrintAndLogEx(INFO, "Done");
return resp.status;
}
//by marshmellow

16
client/src/cmdlfpyramid.c
View file

@ -1,5 +1,7 @@
//-----------------------------------------------------------------------------
//
// by marshmellow
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
@ -62,11 +64,14 @@ static int usage_lf_pyramid_sim(void) {
return PM3_SUCCESS;
}
//by marshmellow
//Pyramid Prox demod - FSK RF/50 with preamble of 0000000000000001 (always a 128 bit data stream)
//print full Farpointe Data/Pyramid Prox ID and some bit format details if found
static int CmdPyramidDemod(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
return demodPyramid();
}
//Pyramid Prox demod - FSK RF/50 with preamble of 0000000000000001 (always a 128 bit data stream)
//print full Farpointe Data/Pyramid Prox ID and some bit format details if found
int demodPyramid(void) {
//raw fsk demod no manchester decoding no start bit finding just get binary from wave
uint8_t bits[MAX_GRAPH_TRACE_LEN] = {0};
size_t size = getFromGraphBuf(bits);
@ -350,11 +355,6 @@ int getPyramidBits(uint32_t fc, uint32_t cn, uint8_t *pyramidBits) {
return PM3_SUCCESS;
}
int demodPyramid(void) {
return CmdPyramidDemod("");
}
// by marshmellow
// FSK Demod then try to locate a Farpointe Data (pyramid) ID
int detectPyramid(uint8_t *dest, size_t *size, int *waveStartIdx) {
//make sure buffer has data

12
client/src/cmdlfsecurakey.c
View file

@ -34,13 +34,17 @@ static int usage_lf_securakey_clone(void) {
PrintAndLogEx(NORMAL, " b <raw hex> : raw hex data. 12 bytes max");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf securakey clone 7FCB400001ADEA5344300000");
PrintAndLogEx(NORMAL, _YELLOW_(" lf securakey clone b 7FCB400001ADEA5344300000"));
return PM3_SUCCESS;
}
//see ASKDemod for what args are accepted
static int CmdSecurakeyDemod(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
return demodSecurakey();
}
//see ASKDemod for what args are accepted
int demodSecurakey(void) {
//ASK / Manchester
bool st = false;
@ -212,7 +216,3 @@ int detectSecurakey(uint8_t *dest, size_t *size) {
return (int)startIdx;
}
int demodSecurakey(void) {
return CmdSecurakeyDemod("");
}

17
client/src/cmdlfvisa2000.c
View file

@ -41,7 +41,7 @@ static int usage_lf_visa2k_clone(void) {
PrintAndLogEx(NORMAL, " <Q5> : specify write to Q5 (t5555 instead of t55x7)");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf visa2000 clone 112233");
PrintAndLogEx(NORMAL, _YELLOW_(" lf visa2000 clone 112233"));
return PM3_SUCCESS;
}
@ -55,7 +55,7 @@ static int usage_lf_visa2k_sim(void) {
PrintAndLogEx(NORMAL, " <card ID> : Visa2k card ID");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf visa2000 sim 112233");
PrintAndLogEx(NORMAL, _YELLOW_(" lf visa2000 sim 112233"));
return PM3_SUCCESS;
}
@ -86,6 +86,10 @@ static uint8_t visa_parity(uint32_t id) {
return par;
}
static int CmdVisa2kDemod(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
return demodVisa2k();
}
/**
*
* 56495332 00096ebd 00000077 > tag id 618173
@ -98,9 +102,7 @@ static uint8_t visa_parity(uint32_t id) {
*
**/
//see ASKDemod for what args are accepted
static int CmdVisa2kDemod(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
int demodVisa2k(void) {
save_restoreGB(GRAPH_SAVE);
//CmdAskEdgeDetect("");
@ -153,7 +155,7 @@ static int CmdVisa2kDemod(const char *Cmd) {
save_restoreGB(GRAPH_RESTORE);
return PM3_ESOFT;
}
PrintAndLogEx(SUCCESS, "Visa2000 Tag Found: Card ID %u, Raw: %08X%08X%08X", raw2, raw1, raw2, raw3);
PrintAndLogEx(SUCCESS, "Visa2000 Tag Found: Card ID " _GREEN_("%u") " Raw: %08X%08X%08X", raw2, raw1, raw2, raw3);
return PM3_SUCCESS;
}
@ -260,7 +262,4 @@ int detectVisa2k(uint8_t *dest, size_t *size) {
return (int)startIdx;
}
int demodVisa2k(void) {
return CmdVisa2kDemod("");
}

13
client/src/cmdmain.c
View file

@ -248,8 +248,9 @@ static int CmdPref(const char *Cmd) {
}
static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help. Use '<command> help' for details of a particular command."},
{"auto", CmdAuto, IfPm3Present, "Automated detection process for unknown tags"},
{"--------",CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("sub") " -----------------------"},
{"analyse", CmdAnalyse, AlwaysAvailable, "{ Analyse utils... }"},
{"data", CmdData, AlwaysAvailable, "{ Plot window / data buffer manipulation... }"},
{"emv", CmdEMV, AlwaysAvailable, "{ EMV ISO-14443 / ISO-7816... }"},
@ -258,15 +259,17 @@ static command_t CommandTable[] = {
{"lf", CmdLF, AlwaysAvailable, "{ Low frequency commands... }"},
{"mem", CmdFlashMem, IfPm3Flash, "{ Flash Memory manipulation... }"},
{"reveng", CmdRev, AlwaysAvailable, "{ CRC calculations from RevEng software }"},
{"sc", CmdSmartcard, AlwaysAvailable, "{ Smart card ISO-7816 commands... }"},
{"smart", CmdSmartcard, AlwaysAvailable, "{ Smart card ISO-7816 commands... }"},
{"script", CmdScript, AlwaysAvailable, "{ Scripting commands }"},
{"trace", CmdTrace, AlwaysAvailable, "{ Trace manipulation... }"},
{"usart", CmdUsart, IfPm3FpcUsartFromUsb, "{ USART commands... }"},
{"wiegand", CmdWiegand, AlwaysAvailable, "{ Wiegand format manipulation... }"},
{"", CmdHelp, AlwaysAvailable, ""},
{"--------",CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("sub") " -----------------------"},
{"auto", CmdAuto, IfPm3Present, "Automated detection process for unknown tags"},
{"help", CmdHelp, AlwaysAvailable, "This help. Use " _YELLOW_("'<command> help'") " for details of a particular command."},
{"hints", CmdHints, AlwaysAvailable, "Turn hints on / off"},
{"pref", CmdPref, AlwaysAvailable, "Edit preferences"},
{"msleep", CmdMsleep, AlwaysAvailable, "Add a pause in milliseconds"},
{"pref", CmdPref, AlwaysAvailable, "Edit preferences"},
{"rem", CmdRem, AlwaysAvailable, "Add a text line in log file"},
{"quit", CmdQuit, AlwaysAvailable, ""},
{"exit", CmdQuit, AlwaysAvailable, "Exit program"},

5
client/src/cmdscript.c
View file

@ -36,8 +36,7 @@
// Partly ripped from PyRun_SimpleFileExFlags
// but does not terminate client on sys.exit
// and print exit code only if != 0
static int Pm3PyRun_SimpleFileNoExit(FILE *fp, const char *filename)
{
static int Pm3PyRun_SimpleFileNoExit(FILE *fp, const char *filename) {
PyObject *m, *d, *v;
int set_file_name = 0, ret = -1;
m = PyImport_AddModule("__main__");
@ -86,7 +85,7 @@ static int Pm3PyRun_SimpleFileNoExit(FILE *fp, const char *filename)
}
Py_DECREF(v);
ret = 0;
done:
done:
if (set_file_name && PyDict_DelItemString(d, "__file__"))
PyErr_Clear();
Py_XDECREF(m);

17
client/src/cmdtrace.c
View file

@ -53,22 +53,23 @@ static int usage_trace_list(void) {
PrintAndLogEx(NORMAL, " lto - interpret data as LTO-CM communications");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " trace list 14a f");
PrintAndLogEx(NORMAL, " trace list iclass");
PrintAndLogEx(NORMAL, _YELLOW_(" trace list 14a f"));
PrintAndLogEx(NORMAL, _YELLOW_(" trace list iclass"));
PrintAndLogEx(NORMAL, _YELLOW_(" trace list 14a 1"));
return PM3_SUCCESS;
}
static int usage_trace_load(void) {
PrintAndLogEx(NORMAL, "Load protocol data from file to trace buffer.");
PrintAndLogEx(NORMAL, "Load protocol data from binary file to trace buffer");
PrintAndLogEx(NORMAL, "Usage: trace load <filename>");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " trace load mytracefile.bin");
PrintAndLogEx(NORMAL, _YELLOW_(" trace load mytracefile.trace"));
return PM3_SUCCESS;
}
static int usage_trace_save(void) {
PrintAndLogEx(NORMAL, "Save protocol data from trace buffer to file.");
PrintAndLogEx(NORMAL, "Save protocol data from trace buffer to binary file");
PrintAndLogEx(NORMAL, "Usage: trace save <filename>");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " trace save mytracefile.bin");
PrintAndLogEx(NORMAL, _YELLOW_(" trace save mytracefile.trace"));
return PM3_SUCCESS;
}
@ -198,7 +199,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr
if (tracepos + TRACELOG_HDR_LEN + data_len + TRACELOG_PARITY_LEN(hdr) > traceLen) {
return traceLen;
}
uint8_t *frame = hdr->frame;
uint8_t *parityBytes = hdr->frame + data_len;
@ -494,7 +495,7 @@ static int CmdTraceLoad(const char *Cmd) {
g_traceLen = (long)len;
PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = " _YELLOW_("%lu") " bytes) loaded from " _YELLOW_("%s"), g_traceLen, filename);
PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = " _YELLOW_("%lu") " bytes)", g_traceLen);
return PM3_SUCCESS;
}

2
client/src/comms.c
View file

@ -349,7 +349,7 @@ __attribute__((force_align_arg_pointer))
// main thread will kill and restart this thread.
if (commfailed) {
if (conn.last_command != CMD_HARDWARE_RESET) {
PrintAndLogEx(WARNING, "Communicating with Proxmark3 device " _RED_("failed"));
PrintAndLogEx(WARNING, "\nCommunicating with Proxmark3 device " _RED_("failed"));
}
__atomic_test_and_set(&comm_thread_dead, __ATOMIC_SEQ_CST);
break;

8
client/src/emv/cmdemv.c
View file

@ -1455,7 +1455,7 @@ static int CmdEMVScan(const char *Cmd) {
// current path + file name
if (MergeJSON) {
root = json_load_file( (char*)filename, 0, &error);
root = json_load_file((char *)filename, 0, &error);
if (!root) {
PrintAndLogEx(ERR, "Json error on line %d: %s", error.line, error.text);
return PM3_EFILE;
@ -1750,15 +1750,15 @@ static int CmdEMVScan(const char *Cmd) {
if (MergeJSON == false) {
// create unique new name
char *fname = newfilenamemcopy((char*)filename, ".json");
char *fname = newfilenamemcopy((char *)filename, ".json");
if (fname == NULL) {
return PM3_EMALLOC;
}
strcpy((char*)filename, fname);
strcpy((char *)filename, fname);
free(fname);
}
res = json_dump_file(root, (char*)filename, JSON_INDENT(2));
res = json_dump_file(root, (char *)filename, JSON_INDENT(2));
if (res) {
PrintAndLogEx(ERR, "Can't save the file: %s", filename);
return PM3_EFILE;

20
client/src/emv/emv_pk.c
View file

@ -504,19 +504,19 @@ struct emv_pk *emv_pk_get_ca_pk(const unsigned char *rid, unsigned char idx) {
bool isok = emv_pk_verify(pk);
PrintAndLogEx(INFO, "Verifying CA PK for %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx %zu bits. ( %s )",
pk->rid[0],
pk->rid[1],
pk->rid[2],
pk->rid[3],
pk->rid[4],
pk->index,
pk->mlen * 8,
(isok) ? _GREEN_("ok") : _RED_("failed")
);
pk->rid[0],
pk->rid[1],
pk->rid[2],
pk->rid[3],
pk->rid[4],
pk->index,
pk->mlen * 8,
(isok) ? _GREEN_("ok") : _RED_("failed")
);
if (isok) {
return pk;
}
}
emv_pk_free(pk);
return NULL;

15
client/src/fileutils.c
View file

@ -1369,6 +1369,17 @@ static int convert_plain_mfu_dump(uint8_t **dump, size_t *dumplen, bool verbose)
}
static int convert_old_mfu_dump(uint8_t **dump, size_t *dumplen, bool verbose) {
/* For reference
typedef struct {
uint8_t version[8];
uint8_t tbo[2];
uint8_t tearing[3];
uint8_t pack[2];
uint8_t tbo1[1];
uint8_t signature[32];
uint8_t data[1024];
} PACKED old_mfu_dump_t;
*/
// convert old format
old_mfu_dump_t *old_mfu_dump = (old_mfu_dump_t *)*dump;
@ -1392,9 +1403,11 @@ static int convert_old_mfu_dump(uint8_t **dump, size_t *dumplen, bool verbose) {
}
memcpy(mfu_dump->data, old_mfu_dump->data, sizeof(mfu_dump->data));
mfu_dump->pages = old_data_len / 4 - 1;
// Add PACK to last block of memory.
memcpy(mfu_dump->data + (mfu_dump->pages * 4 + MFU_DUMP_PREFIX_LENGTH), old_mfu_dump->pack, 2);
if (verbose) {
PrintAndLogEx(SUCCESS, "old mfu dump format was converted to " _GREEN_("%d") " blocks", mfu_dump->pages + 1);
}

2
client/src/mifare/desfire_crypto.c
View file

@ -882,7 +882,7 @@ void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *i
}
void desfire_crc32(const uint8_t *data, const size_t len, uint8_t *crc) {
crc32_ex(data,len,crc);
crc32_ex(data, len, crc);
}
void desfire_crc32_append(uint8_t *data, const size_t len) {

10
client/src/mifare/mad.c
View file

@ -173,7 +173,7 @@ int MADCheck(uint8_t *sector0, uint8_t *sector10, bool verbose, bool *haveMAD2)
if (sector0 == NULL)
return PM3_EINVARG;
uint8_t GPB = sector0[3 * 16 + 9];
uint8_t GPB = sector0[3 * 16 + 9];
if (verbose)
PrintAndLogEx(SUCCESS, "%14s " _GREEN_("0x%02x"), "GPB", GPB);
@ -304,7 +304,7 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMA
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "---------------- " _CYAN_("Listing") " ----------------");
PrintAndLogEx(INFO, " 00 MAD v1");
uint32_t prev_aid = 0xFFFFFFFF;
for (int i = 1; i < 16; i++) {
@ -326,10 +326,10 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMA
int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) {
open_mad_file(&mad_known_aids, verbose);
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "------------ " _CYAN_("MAD v2 details") " -------------");
int res = madCRCCheck(sector, true, 2);
if (verbose) {
if (res == PM3_SUCCESS)
@ -347,7 +347,7 @@ int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) {
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "---------------- " _CYAN_("Listing") " ----------------");
PrintAndLogEx(INFO, " 16 MAD v2");
uint32_t prev_aid = 0xFFFFFFFF;

65
client/src/mifare/ndef.c
View file

@ -418,7 +418,7 @@ int NDEFRecordsDecodeAndPrint(uint8_t *ndefRecord, size_t ndefRecordLen) {
}
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, "Record " _YELLOW_("%zu"), counter);
PrintAndLogEx(SUCCESS, _CYAN_("Record") " " _YELLOW_("%zu"), counter);
PrintAndLogEx(INFO, "-----------------------------------------------------");
ndefRecordDecodeAndPrint(&ndefRecord[len], NDEFHeader.RecLen);
@ -436,7 +436,7 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) {
size_t indx = 0;
PrintAndLogEx(INFO, "");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "--- " _CYAN_("NDEF parsing") " ----------------");
while (indx < ndefLen) {
@ -445,7 +445,7 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) {
case 0x00: {
indx++;
uint16_t len = ndefTLVGetLength(&ndef[indx], &indx);
PrintAndLogEx(SUCCESS, "-- NDEF NULL block.");
PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF NULL block") " ---");
if (len)
PrintAndLogEx(WARNING, "NDEF NULL block size must be 0, got %d bytes", len);
indx += len;
@ -454,20 +454,21 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) {
case 0x01: {
indx++;
uint16_t len = ndefTLVGetLength(&ndef[indx], &indx);
PrintAndLogEx(INFO, "-- NDEF Lock Control.");
PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF Lock Control") " ---");
if (len != 3) {
PrintAndLogEx(WARNING, "NDEF Lock Control block size must be 3 instead of %d.", len);
} else {
uint8_t PagesAddr = (ndef[indx] >> 4) & 0x0f;
uint8_t ByteOffset = ndef[indx] & 0x0f;
uint8_t pages_addr = (ndef[indx] >> 4) & 0x0f;
uint8_t byte_offset = ndef[indx] & 0x0f;
uint8_t Size = ndef[indx + 1];
uint8_t BytesLockedPerLockBit = (ndef[indx + 2] >> 4) & 0x0f;
uint8_t BytesPerPage = ndef[indx + 2] & 0x0f;
PrintAndLogEx(SUCCESS, "PagesAddr. number of pages: %d", PagesAddr);
PrintAndLogEx(SUCCESS, "ByteOffset. number of bytes: %d", ByteOffset);
PrintAndLogEx(SUCCESS, "Size. size in bits of the lock area: %d. bytes approx: %d", Size, Size / 8);
PrintAndLogEx(SUCCESS, "BytesPerPage. number of bytes per page: %d", BytesPerPage);
PrintAndLogEx(SUCCESS, "BytesLockedPerLockBit. number of bytes that each dynamic lock bit is able to lock: %d", BytesLockedPerLockBit);
uint8_t bytes_per_page = ndef[indx + 2] & 0x0f;
PrintAndLogEx(SUCCESS, " Pages addr (number of pages) : %d", pages_addr);
PrintAndLogEx(SUCCESS, "Byte offset (number of bytes) : %d", byte_offset);
PrintAndLogEx(SUCCESS, "Size in bits of the lock area : %d. bytes approx: %d", Size, Size / 8);
PrintAndLogEx(SUCCESS, " Number of bytes / page : %d", bytes_per_page);
PrintAndLogEx(SUCCESS, "Bytes Locked Per LockBit.");
PrintAndLogEx(SUCCESS, " number of bytes that each dynamic lock bit is able to lock: %d", BytesLockedPerLockBit);
}
indx += len;
break;
@ -475,18 +476,18 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) {
case 0x02: {
indx++;
uint16_t len = ndefTLVGetLength(&ndef[indx], &indx);
PrintAndLogEx(INFO, "-- NDEF Memory Control.");
PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF Memory Control") " ---");
if (len != 3) {
PrintAndLogEx(WARNING, "NDEF Memory Control block size must be 3 instead of %d.", len);
} else {
uint8_t PagesAddr = (ndef[indx] >> 4) & 0x0f;
uint8_t ByteOffset = ndef[indx] & 0x0f;
uint8_t pages_addr = (ndef[indx] >> 4) & 0x0f;
uint8_t byte_offset = ndef[indx] & 0x0f;
uint8_t Size = ndef[indx + 1];
uint8_t BytesPerPage = ndef[indx + 2] & 0x0f;
PrintAndLogEx(SUCCESS, "PagesAddr. number of pages: %d", PagesAddr);
PrintAndLogEx(SUCCESS, "ByteOffset. number of bytes: %d", ByteOffset);
PrintAndLogEx(SUCCESS, "Size. size in bits of the reserved area: %d. bytes approx: %d", Size, Size / 8);
PrintAndLogEx(SUCCESS, "BytesPerPage. number of bytes per page: %d", BytesPerPage);
uint8_t bytes_per_page = ndef[indx + 2] & 0x0f;
PrintAndLogEx(SUCCESS, " Pages addr (number of pages) : %d", pages_addr);
PrintAndLogEx(SUCCESS, "Byte offset (number of bytes) : %d", byte_offset);
PrintAndLogEx(SUCCESS, "Size in bits of the reserved area : %d. bytes approx: %d", Size, Size / 8);
PrintAndLogEx(SUCCESS, " Number of bytes / page : %d", bytes_per_page);
}
indx += len;
break;
@ -494,28 +495,36 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) {
case 0x03: {
indx++;
uint16_t len = ndefTLVGetLength(&ndef[indx], &indx);
PrintAndLogEx(SUCCESS, "Found NDEF message (%d bytes)", len);
int res = NDEFRecordsDecodeAndPrint(&ndef[indx], len);
if (res != PM3_SUCCESS)
return res;
PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF Message") " ---");
if (len == 0) {
PrintAndLogEx(SUCCESS, "Found NDEF message w zero length");
} else {
PrintAndLogEx(SUCCESS, "Found NDEF message (%d bytes)", len);
int res = NDEFRecordsDecodeAndPrint(&ndef[indx], len);
if (res != PM3_SUCCESS)
return res;
}
indx += len;
break;
}
case 0xfd: {
indx++;
uint16_t len = ndefTLVGetLength(&ndef[indx], &indx);
PrintAndLogEx(SUCCESS, "-- NDEF proprietary info. Skipped %d bytes.", len);
PrintAndLogEx(SUCCESS, "--- " _CYAN_("Proprietary info") " ---");
PrintAndLogEx(SUCCESS, " Can't decode, skipping %d bytes", len);
indx += len;
break;
}
case 0xfe: {
PrintAndLogEx(SUCCESS, "-- NDEF Terminator. Done.");
PrintAndLogEx(SUCCESS, "NDEF Terminator detected");
return PM3_SUCCESS;
}
default: {
PrintAndLogEx(ERR, "unknown tag 0x%02x", ndef[indx]);
if (verbose)
PrintAndLogEx(ERR, "unknown tag 0x%02x", ndef[indx]);
return PM3_ESOFT;
}
}

13
client/src/proxmark3.c
View file

@ -117,23 +117,23 @@ static void prompt_compose(char *buf, size_t buflen, const char *promptctx, cons
snprintf(buf, buflen - 1, PROXPROMPT_COMPOSE, promptdev, promptctx);
}
#ifdef HAVE_READLINE
static int check_comm(void) {
// If communications thread goes down. Device disconnected then this should hook up PM3 again.
if (IsCommunicationThreadDead() && session.pm3_present) {
PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") " mode. Use "_YELLOW_("\"hw connect\"") " to reconnect\n");
prompt_dev = PROXPROMPT_DEV_OFFLINE;
#ifdef HAVE_READLINE
char prompt[PROXPROMPT_MAX_SIZE] = {0};
prompt_compose(prompt, sizeof(prompt), prompt_ctx, prompt_dev);
char prompt_filtered[PROXPROMPT_MAX_SIZE] = {0};
memcpy_filter_ansi(prompt_filtered, prompt, sizeof(prompt_filtered), !session.supports_colors);
rl_set_prompt(prompt_filtered);
rl_forced_update_display();
#endif
CloseProxmark();
PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") " mode. Use "_YELLOW_("\"hw connect\"") " to reconnect\n");
}
return 0;
}
#endif
// first slot is always NULL, indicating absence of script when idx=0
static FILE *cmdscriptfile[MAX_NESTED_CMDSCRIPT + 1] = {0};
@ -293,13 +293,17 @@ check_script:
printprompt = true;
} else {
#ifdef HAVE_READLINE
rl_event_hook = check_comm;
#else
check_comm();
#endif
prompt_ctx = PROXPROMPT_CTX_INTERACTIVE;
char prompt[PROXPROMPT_MAX_SIZE] = {0};
prompt_compose(prompt, sizeof(prompt), prompt_ctx, prompt_dev);
char prompt_filtered[PROXPROMPT_MAX_SIZE] = {0};
memcpy_filter_ansi(prompt_filtered, prompt, sizeof(prompt_filtered), !session.supports_colors);
#ifdef HAVE_READLINE
rl_event_hook = check_comm;
cmd = readline(prompt_filtered);
#else
printf("%s", prompt_filtered);
@ -477,7 +481,6 @@ static void set_my_user_directory(void) {
free(cwd_buffer);
return;
}
PrintAndLogEx(NORMAL, "Len... %d", pathLen);
}
if (!error) {

4
client/src/ui.c
View file

@ -22,10 +22,6 @@
#include <stdarg.h>
#include <stdlib.h>
#ifdef HAVE_READLINE
#include <readline/readline.h>
#endif
#include <complex.h>
#include "util.h"
#include "proxmark3.h" // PROXLOG

5
common/lfdemod.c
View file

@ -1537,6 +1537,11 @@ static uint16_t cleanAskRawDemod(uint8_t *bits, size_t *size, int clk, int inver
getNextHigh(bits, *size, high, &pos);
// getNextLow(bits, *size, low, &pos);
// do not skip first transition
if ((pos > cl_2 - cl_4 - 1) && (pos <= clk + cl_4 + 1)) {
bits[bitCnt++] = invert ^ 1;
}
// sample counts, like clock = 32.. it tries to find 32/4 = 8, 32/2 = 16
for (size_t i = pos; i < *size; i++) {
if (bits[i] >= high && waveHigh) {

3
common_arm/Makefile.hal
View file

@ -81,7 +81,8 @@ endif
# common LF support
PLATFORM_DEFS += \
-DWITH_LF \
-DWITH_HITAG
-DWITH_HITAG \
-DWITH_EM4x50
# common HF support
PLATFORM_DEFS += \

2
common_arm/ldscript.common
View file

@ -9,7 +9,7 @@ ms of the GNU GPL, version 2 or,
-----------------------------------------------------------------------------
*/
stacksize = DEFINED(stacksize) ? stacksize : 5K;
stacksize = DEFINED(stacksize) ? stacksize : 8488;
commonareasize = 0x20;
/* AT91SAM7S256 has 256k Flash and 64k RAM */

86
doc/md/Development/Makefile-vs-CMake.md Normal file
View file

@ -0,0 +1,86 @@
# Makefile vs CMake
## Client
The client can be compiled both with the historical Makefile and with a newer CMakeLists.txt.
At the moment both are maintained because they don't perfectly overlap yet.
* *in_common*: src in /common
* *in_deps*: src in /client/deps
* *opt*: optional dependency
* *pc*: use pkg-config
* *sys*: system library
| Feature | Makefile | CMake | Remarks |
|-----|---|---|---|
| verbose | V=1 | VERBOSE=1 | |
| warnings management | yes (1) | **no** | (1) cf Makefile.defs |
| compilation | in place | in build dir | |
| user `CFLAGS`/`LDFLAGS` | envvars honored (1) | envvars honored (2) | (1) also `LDLIBS` and `INCLUDES_CLIENT` for more tuning (2) only at first cmake call |
| Mingw gnu printf | `_ISOC99_SOURCE` | `_ISOC99_SOURCE` | and in cbor.h: `__attribute__((format (__MINGW_PRINTF_FORMAT, 2, 3)))`|
| C++ | c++11 | gnu++14 | |
| dep amiibo | in_deps | in_deps | |
| dep atomic | sys, for RPiZ | sys, for RPiZ | `-Wl,--as-needed -latomic -Wl,--no-as-needed` unless OSX |
| atomic detection | **none** | **none** | |
| dep bluez | opt, sys | opt, sys | |
| bluez detection | pc | pkg_search_module | |
| `SKIPBT` | yes | yes | |
| dep bzip2 | sys | sys | |
| bzip2 detection | **none** | find_package, Cross:gitclone | |
| dep cliparser | in_deps | in_deps | |
| dep hardnested | in_deps | in_deps | |
| hardn arch autodetect | `uname -m` =? 86 or amd64; `$(CC) -E -mavx512f`? +AVX512` | `CMAKE_SYSTEM_PROCESSOR` =? x86 or x86_64 or i686 or AMD64 (1) | (1) currently it always includes AVX512 on Intel arch |
| `cpu_arch` | yes | **no/auto?** | e.g. `cpu_arch=generic` for cross-compilation
| dep jansson | sys / in_deps | sys / in_deps | |
| jansson detection | pc | pc/find* | |
| `SKIPJANSSONSYSTEM` | yes | yes | |
| dep lua | sys / in_deps(1) | **in_deps only**(2) | (1) manual def of `LUAPLATFORM` for mingw/macosx/linux (2) manual, different?, for Android too |
| lua detection | pc | **none** | |
| `SKIPLUASYSTEM` | yes | **no** | |
| lualibs/pm3_cmd.lua | yes | add_custom_command **but unused** | |
| lualibs/mfc_default_keys.lua | yes | add_custom_command **but unused** | |
| dep lz4 | | | (in_common) not yet used, future. See `get_lz4.sh` for upstream fetch & patch |
| dep libm | sys | sys | |
| libm detection | **none** | **none** (1) | (1) cf https://cmake.org/pipermail/cmake/2019-March/069168.html ? |
| dep mbedtls | in_common | in_common | no sys lib: missing support for CMAC in def conf (btw no .pc available) |
| dep python3 | opt, sys, <3.8 & 3.8 | opt, sys, <3.8 & 3.8 | |
| python3 detection | pc | pkg_search_module | |
| `SKIPPYTHON` | yes | yes | |
| dep pthread | sys | sys | |
| pthread detection | **none** | **none** (1) | (1) cf https://stackoverflow.com/questions/1620918/cmake-and-libpthread ? |
| `SKIPPTHREAD` | yes | yes | e.g. for termux |
| dep Qt | opt, sys, Qt5 & Qt4 | opt, sys, Qt5 | |
| Qt detection | pc(qt5)/pc(qt4)/`QTDIR`(1) (2) | find_package(qt5) (3) | (1) if `QTDIR`: hardcode path (2) OSX: pkg-config hook for Brew (3) OSX: add search path|
| `SKIPQT` | yes | yes | |
| dep readline | sys | sys | |
| readline detection | **none** (1) | find*(2), Cross:getzip | (1) OSX: hardcoded path (2) additional paths for OSX |
| `SKIPREADLINE` | yes | yes | CLI not fully functional without Readline |
| dep reveng | in_deps | in_deps | |
| `SKIPREVENGTEST` | yes(1) | **no**(2) | (1) e.g. if cross-compilation (2) tests aren't compiled/ran with cmake |
| dep tinycbor | in_deps | in_deps | |
| dep whereami | sys / in_deps | sys / in_deps | |
| whereami detection | **search /usr/include/whereami.h** | find* | no .pc available |
| `SKIPWHEREAMISYSTEM` | yes | yes | |
| version | mkversion | mkversion | |
| install | yes (1) | **no** | (1) supports `DESTDIR`, `PREFIX`, `UDEV_PREFIX`. Installs resources as well, `INSTALL*RELPATH` |
| deb | no | partial? | |
| tarbin | yes, unused? | no | |
| Android cross- | **no** | yes | |
| SWIG Lua+Python embedded | **no** | *ongoing* | cf libpm3_experiments branch |
| libpm3 with SWIG Lua+Python| **no** | *ongoing* | cf libpm3_experiments branch |
## Tools
`makefile` only at the moment
`SKIPGPU`
## ARM
`makefile` only at the moment
`PLATFORM`, `PLATFORM_EXTRAS`, `DESTDIR`, `PREFIX`, `FWTAG`
## Global
`makefile` only at the moment

37
include/em4x50.h Normal file
View file

@ -0,0 +1,37 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 tharexde
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency EM4x50 structs
//-----------------------------------------------------------------------------
#ifndef EM4X50_H__
#define EM4X50_H__
typedef struct {
bool fwr_given;
bool lwr_given;
bool pwd_given;
bool newpwd_given;
uint8_t password[4];
uint8_t new_password[4];
uint8_t addresses[4];
uint8_t address;
uint8_t word[4];
} em4x50_data_t;
typedef struct {
uint8_t byte[4];
uint8_t row_parity[4];
uint8_t col_parity;
uint8_t stopbit;
bool rparity[4];
bool cparity[8];
bool stopparity;
bool parity;
} em4x50_word_t;
#endif /* EM4X50_H__ */

12
include/pm3_cmd.h
View file

@ -187,6 +187,7 @@ typedef struct {
// lf
bool compiled_with_lf : 1;
bool compiled_with_hitag : 1;
bool compiled_with_em4x50 : 1;
// hf
bool compiled_with_hfsniff : 1;
bool compiled_with_hfplot : 1;
@ -385,7 +386,7 @@ typedef struct {
#define CMD_DOWNLOADED_BIGBUF 0x0208
#define CMD_LF_UPLOAD_SIM_SAMPLES 0x0209
#define CMD_LF_SIMULATE 0x020A
#define CMD_LF_HID_DEMOD 0x020B
#define CMD_LF_HID_WATCH 0x020B
#define CMD_LF_HID_SIMULATE 0x020C
#define CMD_LF_SET_DIVISOR 0x020D
#define CMD_LF_SIMULATE_BIDIR 0x020E
@ -399,15 +400,18 @@ typedef struct {
#define CMD_LF_PCF7931_WRITE 0x0223
#define CMD_LF_EM4X_READWORD 0x0218
#define CMD_LF_EM4X_WRITEWORD 0x0219
#define CMD_LF_IO_DEMOD 0x021A
#define CMD_LF_EM410X_DEMOD 0x021C
#define CMD_LF_IO_WATCH 0x021A
#define CMD_LF_EM410X_WATCH 0x021C
#define CMD_LF_EM4X50_INFO 0x0240
#define CMD_LF_EM4X50_WRITE 0x0241
#define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242
// Sampling configuration for LF reader/sniffer
#define CMD_LF_SAMPLING_SET_CONFIG 0x021D
#define CMD_LF_FSK_SIMULATE 0x021E
#define CMD_LF_ASK_SIMULATE 0x021F
#define CMD_LF_PSK_SIMULATE 0x0220
#define CMD_LF_NRZ_SIMULATE 0x0232
#define CMD_LF_AWID_DEMOD 0x0221
#define CMD_LF_AWID_WATCH 0x0221
#define CMD_LF_VIKING_CLONE 0x0222
#define CMD_LF_T55XX_WAKEUP 0x0224
#define CMD_LF_COTAG_READ 0x0225

23
tools/hitag2crack/crack5/ht2crack5.c
View file

@ -330,7 +330,6 @@ static void *find_state(void *thread_d) {
const bitslice_value_t filter4 = f_c_bs(filter4_0, filter4_1, filter4_2, filter4_3, filter4_4);
bitslice_t results4;
results4.value = results3.value & (filter4 ^ keystream[4].value);
if (results4.bytes64[0] == 0
&& results4.bytes64[1] == 0
&& results4.bytes64[2] == 0
@ -339,7 +338,9 @@ static void *find_state(void *thread_d) {
continue;
}
state[-2 + 56].value = lfsr_bs(8);
const bitslice_value_t filter5_3 = f_b_bs(state[-2 + 33].value, state[-2 + 34].value, state[-2 + 36].value, state[-2 + 38].value);
const bitslice_value_t filter10_4 = f_a_bs(state[-2 + 44].value, state[-2 + 53].value, state[-2 + 54].value, state[-2 + 56].value);
const bitslice_value_t filter12_2 = f_b_bs(state[-2 + 29].value, state[-2 + 33].value, state[-2 + 35].value, state[-2 + 38].value);
for (uint8_t i5 = 0; i5 < (1 << bits[5]); i5++) {
@ -358,8 +359,9 @@ static void *find_state(void *thread_d) {
continue;
}
state[-2 + 57].value = lfsr_bs(9);
const bitslice_value_t filter6_3 = f_b_bs(state[-2 + 34].value, state[-2 + 35].value, state[-2 + 37].value, state[-2 + 39].value);
const bitslice_value_t filter11_4 = f_a_bs(state[-2 + 45].value, state[-2 + 54].value, state[-2 + 55].value, state[-2 + 57].value);
for (uint8_t i6 = 0; i6 < (1 << bits[6]); i6++) {
state[-2 + 40].value = ((bool)(i6 & 0x1)) ? bs_ones.value : bs_zeroes.value;
// 0xffe7ffffffff
@ -376,8 +378,9 @@ static void *find_state(void *thread_d) {
continue;
}
state[-2 + 58].value = lfsr_bs(10);
const bitslice_value_t filter7_3 = f_b_bs(state[-2 + 35].value, state[-2 + 36].value, state[-2 + 38].value, state[-2 + 40].value);
const bitslice_value_t filter12_4 = f_a_bs(state[-2 + 46].value, state[-2 + 55].value, state[-2 + 56].value, state[-2 + 58].value);
for (uint8_t i7 = 0; i7 < (1 << bits[7]); i7++) {
state[-2 + 41].value = ((bool)(i7 & 0x1)) ? bs_ones.value : bs_zeroes.value;
// 0xfff7ffffffff
@ -393,16 +396,14 @@ static void *find_state(void *thread_d) {
continue;
}
state[-2 + 59].value = lfsr_bs(11);
const bitslice_value_t filter8_3 = f_b_bs(state[-2 + 36].value, state[-2 + 37].value, state[-2 + 39].value, state[-2 + 41].value);
const bitslice_value_t filter10_3 = f_b_bs(state[-2 + 38].value, state[-2 + 39].value, state[-2 + 41].value, state[-2 + 43].value);
const bitslice_value_t filter12_3 = f_b_bs(state[-2 + 40].value, state[-2 + 41].value, state[-2 + 43].value, state[-2 + 45].value);
for (uint8_t i8 = 0; i8 < (1 << bits[8]); i8++) {
state[-2 + 42].value = ((bool)(i8 & 0x1)) ? bs_ones.value : bs_zeroes.value;
// 0xffffffffffff
const bitslice_value_t filter8_4 = f_a_bs(state[-2 + 42].value, state[-2 + 51].value, state[-2 + 52].value, state[-2 + 54].value);
const bitslice_value_t filter9_3 = f_b_bs(state[-2 + 37].value, state[-2 + 38].value, state[-2 + 40].value, state[-2 + 42].value);
const bitslice_value_t filter11_3 = f_b_bs(state[-2 + 39].value, state[-2 + 40].value, state[-2 + 42].value, state[-2 + 44].value);
const bitslice_value_t filter8 = f_c_bs(filter8_0, filter8_1, filter8_2, filter8_3, filter8_4);
bitslice_t results8;
results8.value = results7.value & (filter8 ^ keystream[8].value);
@ -415,6 +416,7 @@ static void *find_state(void *thread_d) {
continue;
}
const bitslice_value_t filter9_3 = f_b_bs(state[-2 + 37].value, state[-2 + 38].value, state[-2 + 40].value, state[-2 + 42].value);
const bitslice_value_t filter9 = f_c_bs(filter9_0, filter9_1, filter9_2, filter9_3, filter9_4);
results8.value &= (filter9 ^ keystream[9].value);
@ -425,8 +427,7 @@ static void *find_state(void *thread_d) {
) {
continue;
}
state[-2 + 56].value = lfsr_bs(8);
const bitslice_value_t filter10_4 = f_a_bs(state[-2 + 44].value, state[-2 + 53].value, state[-2 + 54].value, state[-2 + 56].value);
const bitslice_value_t filter10 = f_c_bs(filter10_0, filter10_1, filter10_2, filter10_3, filter10_4);
results8.value &= (filter10 ^ keystream[10].value);
@ -438,8 +439,7 @@ static void *find_state(void *thread_d) {
continue;
}
state[-2 + 57].value = lfsr_bs(9);
const bitslice_value_t filter11_4 = f_a_bs(state[-2 + 45].value, state[-2 + 54].value, state[-2 + 55].value, state[-2 + 57].value);
const bitslice_value_t filter11_3 = f_b_bs(state[-2 + 39].value, state[-2 + 40].value, state[-2 + 42].value, state[-2 + 44].value);
const bitslice_value_t filter11 = f_c_bs(filter11_0, filter11_1, filter11_2, filter11_3, filter11_4);
results8.value &= (filter11 ^ keystream[11].value);
@ -451,8 +451,6 @@ static void *find_state(void *thread_d) {
continue;
}
state[-2 + 58].value = lfsr_bs(10);
const bitslice_value_t filter12_4 = f_a_bs(state[-2 + 46].value, state[-2 + 55].value, state[-2 + 56].value, state[-2 + 58].value);
const bitslice_value_t filter12 = f_c_bs(filter12_0, filter12_1, filter12_2, filter12_3, filter12_4);
results8.value &= (filter12 ^ keystream[12].value);
@ -464,7 +462,6 @@ static void *find_state(void *thread_d) {
continue;
}
state[-2 + 59].value = lfsr_bs(11);
const bitslice_value_t filter13_0 = f_a_bs(state[-2 + 15].value, state[-2 + 16].value, state[-2 + 18].value, state[-2 + 19].value);
const bitslice_value_t filter13_1 = f_b_bs(state[-2 + 21].value, state[-2 + 25].value, state[-2 + 27].value, state[-2 + 28].value);
const bitslice_value_t filter13_2 = f_b_bs(state[-2 + 30].value, state[-2 + 34].value, state[-2 + 36].value, state[-2 + 39].value);