diff --git a/CHANGELOG.md b/CHANGELOG.md index ce186a2b0..6791e748a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Added lf em functions: 4x50_info, 4x50_write, 4x50_write_password (@tharexde) + - Fix em4x50 demodulation error (@tharexde) - Fix `hf mfdes` authentification issues, DES working (@bkerler) - Add Android cross-compilation to client cmake (@dxl, @doegox) - Fix `emv scan` - now saves in current folder and uses unique names (@iceman1001) diff --git a/README.md b/README.md index 1a1a06699..e77062fff 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ |[Notes on external flash](/doc/ext_flash_notes.md)|[Notes on loclass](/doc/loclass_notes.md)|[Notes on Coverity Scan Config & Run](/doc/md/Development/Coverity-Scan-Config-%26-Run.md)| |[Notes on file formats used with Proxmark3](/doc/extensions_notes.md)|[Notes on MFU binary format](/doc/mfu_binary_format_notes.md)|[Notes on FPGA & ARM](/doc/fpga_arm_notes.md)| |[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode)|| -|[Notes on Color usage](/doc/colors_notes.md)|| +|[Notes on Color usage](/doc/colors_notes.md)|[Makefile vs CMake](/doc/md/Development/Makefile-vs-CMake.md)| ## Build for non-RDV4 Proxmark3 platforms diff --git a/appveyor.yml b/appveyor.yml index a97a65276..240724d80 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,5 +1,5 @@ version: 3.0.1.{build} -image: Visual Studio 2017 +image: Visual Studio 2019 clone_folder: C:\ProxSpace\pm3 init: - ps: >- @@ -7,7 +7,6 @@ init: #Get-ChildItem Env: - $releasename="" $env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8) @@ -23,11 +22,12 @@ init: Add-AppveyorMessage -Message "[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)" -Category Information -Details "repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename" - # iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) clone_script: - ps: >- Write-Host "Removing ProxSpace..." -NoNewLine + + $CloneTime=[System.Environment]::TickCount cd \ @@ -152,24 +152,15 @@ clone_script: ExecUpdate "update2" "C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start /dev/null" "terminate?MSYS2" + Add-AppveyorMessage -Message "ProxSpace download and update took $(([System.Environment]::TickCount-$CloneTime) / 1000) sec" -Category Information + Write-Host "Update " -NoNewLine Write-Host "[ OK ]" -ForegroundColor Green install: -- ps: >- - function Exec-External { - param( - [Parameter(Position=0,Mandatory=1)][scriptblock] $command - ) - & $command - if ($LASTEXITCODE -ne 0) { - throw ("Command returned non-zero error-code ${LASTEXITCODE}: $command") - } - } build_script: - ps: >- - "C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;$env:Path" - + $env:Path="C:\ProxSpace\msys2\usr\bin;C:\ProxSpace\msys2\mingw32\bin;C:\ProxSpace\gcc-arm-none-eabi\bin;c:\Python38;c:\Python38\Scripts;$env:Path" $env:MINGW_HOME="C:\ProxSpace\msys2\mingw32" @@ -185,9 +176,13 @@ build_script: cd C:\ProxSpace\pm3 + Write-Host "---------- make ----------" -ForegroundColor Yellow + + $TestTime=[System.Environment]::TickCount + #make - bash -c -i 'pwd;make clean;make V=1' + bash -c -i 'echo $PATH;pwd;make clean;make V=1' #some checks @@ -198,206 +193,75 @@ build_script: } - if(!(Test-Path C:\ProxSpace\pm3\armsrc\obj\fullimage.elf)){ + cd c:\ProxSpace\pm3 - throw "ARM file fullimage.elf not exists." + bash -c -i 'make check' + $testspass = ($LASTEXITCODE -eq 0) + + $global:TestsPassed=$testspass + + if ($testspass) { + Add-AppveyorTest -Name "make Tests" -Framework NUnit -Filename "make check" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)" + Write-Host "make Tests [ OK ]" -ForegroundColor Green + } else { + Add-AppveyorTest -Name "make Tests" -Framework NUnit -Filename "make check" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" + Write-Host "make Tests [ ERROR ]" -ForegroundColor Red + throw "Tests error." } + + Write-Host "---------- btaddon ----------" -ForegroundColor Yellow + + $TestTime=[System.Environment]::TickCount - if(!(Test-Path C:\ProxSpace\pm3\client\resources\hardnested_tables\*.bin.bz2)){ - - throw "Files in client\resources\hardnested_tables is not exists." - - } - - - #install - - Write-Host "Installing..." -NoNewLine -ForegroundColor Yellow - - New-Item -ItemType Directory -Force -Path C:\ProxSpace\pm3\Release\bin - - bash -c -i 'make install DESTDIR=Release PREFIX=' - - # dll files - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\libgcc_s_dw2-1.dll C:\ProxSpace\pm3\Release\bin - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\libstdc++-6.dll C:\ProxSpace\pm3\Release\bin - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\libwinpthread-1.dll C:\ProxSpace\pm3\Release\bin - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\Qt5Core.dll C:\ProxSpace\pm3\Release\bin - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\Qt5Gui.dll C:\ProxSpace\pm3\Release\bin - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\Qt5Widgets.dll C:\ProxSpace\pm3\Release\bin - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\libreadline*.dll C:\ProxSpace\pm3\Release\bin - - Copy-Item C:\ProxSpace\msys2\mingw32\bin\libtermcap-0.dll C:\ProxSpace\pm3\Release\bin - - Write-Host "[ OK ]" -ForegroundColor Green - - - #archive and push - - $releasename="" - - if ($env:appveyor_repo_tag -match "true"){ - - $releasename=$env:APPVEYOR_REPO_TAG_NAME + "/" - - } - - $releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + "]" - - - Write-Host "Archive and publish release files ($releasename)..." -NoNewLine -ForegroundColor Yellow - - cd C:\ProxSpace - - 7z a release.zip C:\ProxSpace\pm3\Release - - Push-AppveyorArtifact release.zip -DeploymentName "$releasename" - - Write-Host "[ OK ]" -ForegroundColor Green - - - Write-Host "Builded..." -ForegroundColor Yellow -test_script: -- ps: >- - $env:Path = "C:\ProxSpace\msys\bin;$env:Path" + bash -c -i 'pwd;make clean;make PLATFORM_EXTRAS=BTADDON' cd c:\ProxSpace\pm3 + bash -c -i 'make check' - $global:TestsPassed=$true + $testspass = ($LASTEXITCODE -eq 0) - - Function ExecTest($Name, $File, $Cmd, $CheckResult) { + $global:TestsPassed=(($global:TestsPassed) -and ($testspass)) - #--- begin Job - - $Job = Start-Job -ScriptBlock { - [bool]$res=$false - $TestTime=[System.Environment]::TickCount - $env:Path = "C:\ProxSpace\msys\bin;$env:Path" - Set-Location $using:PWD - - $sb=[scriptblock]::Create("$using:Cmd") - #execute scriptblock - Write-host "Test [$using:Name] job: $using:Cmd" - $Cond=&$sb - - if ($Cond -eq $null){ - } ElseIf($using:CheckResult -ne $null) { - [String]$searchstr="" - if ($Cond -is [Object]){ - ForEach($line in $Cond){ - Write-host $line -ForegroundColor Gray - $searchstr += $line - } - }else{ - Write-host "$Cond" -ForegroundColor Gray - $searchstr = $Cond - } - If($searchstr -like "*$using:CheckResult*") { - $res=$true - } - $Cond="*$using:CheckResult*" - } Else { - If (!($Cond -is [bool] -or $Cond -is [byte] -or $Cond -is [int16] -or $Cond -is [int32] -or $Cond -is [int64] -or $Cond -is [float])){ - if ($Cond -is "String" -and $Cond -like "*passed*"){ - $res= $true - } - if ($Cond -is "String" -and $Cond -like "*true*"){ - $res= $true - } - ForEach($line in $Cond){ - if ($line -like "*passed*"){ - $res = $true - $Cond = $line - break - } - } - } Else { - $res=$Cond - } - } - - If ($res) { - Write-host "Result[$using:Name]: $Cond" -ForegroundColor Green - Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)" - }Else { - Write-host "Result[$using:Name]: $Cond" -ForegroundColor Red - Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" -ErrorMessage "command:$using:Cmd`nresult:$Cond" - } - return $res + if ($testspass) { + Add-AppveyorTest -Name "BTaddon Tests" -Framework NUnit -Filename "make check" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)" + Write-Host "BTaddon Tests [ OK ]" -ForegroundColor Green + } else { + Add-AppveyorTest -Name "BTaddon Tests" -Framework NUnit -Filename "make check" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" + Write-Host "BTaddon Tests [ ERROR ]" -ForegroundColor Red } + + Write-Host "---------- make clean ----------" -ForegroundColor Yellow + + bash -c -i 'make clean' + + Write-Host "---------- cmake ----------" -ForegroundColor Yellow + + $TestTime=[System.Environment]::TickCount - #--- end Job + cmd.exe /c 'C:\ProxSpace\msys2\msys2_shell.cmd -mingw32 -defterm -no-start -c "mkdir -p client/build; cd client/build; cmake -G""MSYS Makefiles"" ..; make VERBOSE=1;"' + + Write-Host "---------- cmake tests ----------" -ForegroundColor Yellow - [bool]$res=$false - # Wait 180 sec timeout for Job - if(Wait-Job $Job -Timeout 180){ - $Results = $Job | Receive-Job - if($Results -like "true"){ - $res=$true - } - } else { - Write-host "Test [$Name] timeout" -ForegroundColor Red - Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration 60000 -ErrorMessage "timeout" - } - Remove-Job -Force $Job + cd c:\ProxSpace\pm3 - if(!$res){ - Write-host "--------------------- tests fail" -ForegroundColor Red - $global:TestsPassed=$false - } + bash -c -i './tools/pm3_tests.sh --clientbin client/build/proxmark3.exe client' + + $testspass = ($LASTEXITCODE -eq 0) + + $global:TestsPassed=(($global:TestsPassed) -and ($testspass)) + + if ($testspass) { + Add-AppveyorTest -Name "cmake Tests" -Framework NUnit -Filename "make client/check" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)" + Write-Host "cmake Tests [ OK ]" -ForegroundColor Green + } else { + Add-AppveyorTest -Name "cmake Tests" -Framework NUnit -Filename "make client/check" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" + Write-Host "cmake Tests [ ERROR ]" -ForegroundColor Red } - - - Write-Host "Running tests..." -ForegroundColor Yellow - - - #file test - - ExecTest "proxmark3 exists" "proxmark3.exe" {Test-Path C:\ProxSpace\pm3\Release\bin\proxmark3.exe} - - ExecTest "arm bootrom exists" "bootrom.elf" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\firmware\bootrom.elf} - - ExecTest "arm image exists" "fullimage.elf" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\firmware\fullimage.elf} - - ExecTest "arm recovery image exists" "proxmark3_recovery.bin" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\firmware\proxmark3_recovery.bin} - - ExecTest "hardnested tables exists" "hardnested" {Test-Path C:\ProxSpace\pm3\Release\share\proxmark3\resources\hardnested_tables\*.bz2} - - ExecTest "release exists" "release.zip" {Test-Path C:\ProxSpace\release.zip} - - - #proxmark logic tests - - ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;./proxmark3 -h 2>&1 | grep -q wait && echo passed || echo failed'} - - ExecTest "proxmark help text ISO7816" "proxmark3 -t" {bash -lc 'cd ~/client;./proxmark3 -t 2>&1 | grep -q ISO7816 && echo passed || echo failed'} - - ExecTest "proxmark help text hardnested" "proxmark3 -t" {bash -lc 'cd ~/client;./proxmark3 -t 2>&1 | grep -q hardnested && echo passed || echo failed'} - - - ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;./proxmark3 -c 'hf mf'"} "at_enc" - - #proxmark crypto tests - - # Long tests: - # ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;./proxmark3 -c 'hf mf hardnested t 1 000000000000'"} "found:" - # ExecTest "hf mf iclass" "hf mf iclass" {bash -lc "cd ~/client;./proxmark3 -c 'hf iclass loclass t l'"} "verified ok" - # ExecTest "emv test" "emv test" {bash -lc "cd ~/client;./proxmark3 -c 'emv test -i -l'"} "Test?s? ? OK" - # Short tests: - ExecTest "hf mf iclass" "hf mf iclass" {bash -lc "cd ~/client;./proxmark3 -c 'hf iclass loclass t'"} "OK!" - ExecTest "emv test" "emv test" {bash -lc "cd ~/client;./proxmark3 -c 'emv test -i'"} "Test?s? ? OK" - - + +test_script: +- ps: >- if ($global:TestsPassed) { Write-Host "Tests [ OK ]" -ForegroundColor Green } else { @@ -409,4 +273,4 @@ on_success: on_failure: - ps: Write-Host "Build error." -ForegroundColor Red on_finish: -- ps: # $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) +- ps: # $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) diff --git a/armsrc/BigBuf.c b/armsrc/BigBuf.c index 6d272f571..f41801a26 100644 --- a/armsrc/BigBuf.c +++ b/armsrc/BigBuf.c @@ -19,7 +19,7 @@ extern uint8_t _stack_start, __bss_end__; // BigBuf is the large multi-purpose buffer, typically used to hold A/D samples or traces. // Also used to hold various smaller buffers and the Mifare Emulator Memory. // We know that bss is aligned to 4 bytes. -static uint8_t* BigBuf = &__bss_end__; +static uint8_t *BigBuf = &__bss_end__; /* BigBuf memory layout: Pointer to highest available memory: BigBuf_hi diff --git a/armsrc/Makefile b/armsrc/Makefile index f4eb19963..1bbbf2ba7 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -63,6 +63,12 @@ else SRC_HITAG = endif +ifneq (,$(findstring WITH_EM4x50,$(APP_CFLAGS))) + SRC_EM4x50 = em4x50.c +else + SRC_EM4x50 = +endif + ifneq (,$(findstring WITH_LCD,$(APP_CFLAGS))) SRC_LCD = fonts.c LCD.c else @@ -99,6 +105,7 @@ THUMBSRC = start.c \ $(SRC_SMARTCARD) \ $(SRC_FPC) \ $(SRC_HITAG) \ + $(SRC_EM4x50) \ $(SRC_SPIFFS) \ $(SRC_ISO14443a) \ $(SRC_ISO14443b) \ diff --git a/armsrc/Standalone/lf_em4100rswb.c b/armsrc/Standalone/lf_em4100rswb.c index ac470ce29..14bab8357 100644 --- a/armsrc/Standalone/lf_em4100rswb.c +++ b/armsrc/Standalone/lf_em4100rswb.c @@ -39,7 +39,6 @@ #include "proxmark3_arm.h" #include "appmain.h" #include "fpgaloader.h" -#include "lfops.h" #include "util.h" #include "dbprint.h" #include "ticks.h" @@ -48,6 +47,7 @@ #include "spiffs.h" #include "inttypes.h" #include "parity.h" +#include "lfops.h" #ifdef WITH_FLASH #include "flashmem.h" @@ -205,7 +205,7 @@ static void PrintFcAndCardNum(uint64_t lowData) { Dbprintf("[=] READ TAG ID: %"PRIx64" - FC: %u - Card: %u", lowData, fc, cardnum); } -static int ButeEMTag(uint64_t originalCard, int slot) { +static int BruteEMTag(uint64_t originalCard, int slot) { int speed_count = 4; int direction = 1; @@ -256,7 +256,7 @@ static int ExecuteMode(int mode, int slot) { //default first mode is simulate case LF_RWSB_MODE_READ: Dbprintf("[=] >> Read mode started <<"); - CmdEM410xdemod(1, &high[slot], &low[slot], 0); + lf_em410x_watch(1, &high[slot], &low[slot]); LED_Update(mode, slot); Dbprintf("[=] >> Tag found. Saving. <<"); FlashLEDs(100, 5); @@ -272,11 +272,11 @@ static int ExecuteMode(int mode, int slot) { return LF_RWSB_UNKNOWN_RESULT; case LF_RWSB_MODE_WRITE: Dbprintf("[!!] >> Write mode started <<"); - WriteEM410x(LF_RWSB_T55XX_TYPE, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff)); + copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(low[slot] >> 32), (uint32_t)(low[slot] & 0xffffffff)); return LF_RWSB_UNKNOWN_RESULT; case LF_RWSB_MODE_BRUTE: Dbprintf("[=] >> Bruteforce mode started <<"); - return ButeEMTag(low[slot], slot); + return BruteEMTag(low[slot], slot); } return LF_RWSB_UNKNOWN_RESULT; } diff --git a/armsrc/Standalone/lf_em4100rwc.c b/armsrc/Standalone/lf_em4100rwc.c index f69820513..c54e54fa2 100644 --- a/armsrc/Standalone/lf_em4100rwc.c +++ b/armsrc/Standalone/lf_em4100rwc.c @@ -48,7 +48,7 @@ void ModInfo(void) { DbpString(" LF EM4100 read/write/clone mode"); } -static uint64_t ReversQuads(uint64_t bits) { +static uint64_t rev_quads(uint64_t bits) { uint64_t result = 0; for (int i = 0; i < 16; i++) { result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i); @@ -56,35 +56,41 @@ static uint64_t ReversQuads(uint64_t bits) { return result >> 24; } -static void FillBuff(uint8_t bit) { +static void fillbuff(uint8_t bit) { memset(bba + buflen, bit, CLOCK / 2); buflen += (CLOCK / 2); memset(bba + buflen, bit ^ 1, CLOCK / 2); buflen += (CLOCK / 2); } -static void ConstructEM410xEmulBuf(uint64_t id) { +static void construct_EM410x_emul(uint64_t id) { - int i, j, binary[4], parity[4]; + int binary[4] = {0}; + int parity[4] = {0}; buflen = 0; - for (i = 0; i < 9; i++) - FillBuff(1); - parity[0] = parity[1] = parity[2] = parity[3] = 0; - for (i = 0; i < 10; i++) { - for (j = 3; j >= 0; j--, id /= 2) + + for (uint8_t i = 0; i < 9; i++) + fillbuff(1); + + for (uint8_t i = 0; i < 10; i++) { + for (uint8_t j = 3; j > 0; j--, id /= 2) binary[j] = id % 2; - for (j = 0; j < 4; j++) - FillBuff(binary[j]); - FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]); - for (j = 0; j < 4; j++) + + for (uint8_t j = 0; j < 4; j++) + fillbuff(binary[j]); + + fillbuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]); + for (uint8_t j = 0; j < 4; j++) parity[j] ^= binary[j]; } - for (j = 0; j < 4; j++) - FillBuff(parity[j]); - FillBuff(0); + + for (uint8_t j = 0; j < 4; j++) + fillbuff(parity[j]); + + fillbuff(0); } -static void LED_Slot(int i) { +static void led_slot(int i) { LEDsoff(); if (slots_count > 4) { LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4 @@ -93,8 +99,8 @@ static void LED_Slot(int i) { } } -static void FlashLEDs(uint32_t speed, uint8_t times) { - for (int i = 0; i < times * 2; i++) { +static void flash_leds(uint32_t speed, uint8_t times) { + for (uint16_t i = 0; i < times * 2; i++) { LED_A_INV(); LED_B_INV(); LED_C_INV(); @@ -132,24 +138,28 @@ void RunMod(void) { uint8_t state = 0; slots_count = ARRAYLEN(low); bba = BigBuf_get_addr(); - LED_Slot(selected); + led_slot(selected); for (;;) { + WDT_HIT(); + if (data_available()) break; + int button_pressed = BUTTON_HELD(1000); SpinDelay(300); + switch (state) { case 0: // Select mode if (button_pressed == BUTTON_HOLD) { // Long press - switch to simulate mode SpinUp(100); - LED_Slot(selected); + led_slot(selected); state = 2; } else if (button_pressed == BUTTON_SINGLE_CLICK) { // Click - switch to next slot selected = (selected + 1) % slots_count; - LED_Slot(selected); + led_slot(selected); } break; case 1: @@ -157,12 +167,12 @@ void RunMod(void) { if (button_pressed == BUTTON_HOLD) { // Long press - switch to read mode SpinUp(100); - LED_Slot(selected); + led_slot(selected); state = 3; } else if (button_pressed == BUTTON_SINGLE_CLICK) { // Click - exit to select mode - CmdEM410xdemod(1, &high[selected], &low[selected], 0); - FlashLEDs(100, 5); + lf_em410x_watch(1, &high[selected], &low[selected]); + flash_leds(100, 5); #ifdef WITH_FLASH SaveIDtoFlash(selected, low[selected]); #endif @@ -174,15 +184,17 @@ void RunMod(void) { if (button_pressed == BUTTON_HOLD) { // Long press - switch to read mode SpinDown(100); - LED_Slot(selected); + led_slot(selected); state = 1; } else if (button_pressed == BUTTON_SINGLE_CLICK) { // Click - start simulating. Click again to exit from simulate mode - LED_Slot(selected); - ConstructEM410xEmulBuf(ReversQuads(low[selected])); - FlashLEDs(100, 5); + led_slot(selected); + + construct_EM410x_emul(rev_quads(low[selected])); + flash_leds(100, 5); + SimulateTagLowFrequency(buflen, 0, 1); - LED_Slot(selected); + led_slot(selected); state = 0; // Switch to select mode } break; @@ -191,12 +203,12 @@ void RunMod(void) { if (button_pressed == BUTTON_HOLD) { // Long press - switch to select mode SpinDown(100); - LED_Slot(selected); + led_slot(selected); state = 0; } else if (button_pressed == BUTTON_SINGLE_CLICK) { // Click - write ID to tag - WriteEM410x(0, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff)); - LED_Slot(selected); + copy_em410x_to_t55xx(0, CLOCK, (uint32_t)(low[selected] >> 32), (uint32_t)(low[selected] & 0xffffffff)); + led_slot(selected); state = 0; // Switch to select mode } break; diff --git a/armsrc/Standalone/lf_hidbrute.c b/armsrc/Standalone/lf_hidbrute.c index 8c4412ebe..f0d8cae86 100644 --- a/armsrc/Standalone/lf_hidbrute.c +++ b/armsrc/Standalone/lf_hidbrute.c @@ -75,7 +75,7 @@ void RunMod(void) { // record DbpString("[=] starting recording"); - CmdHIDdemodFSK(1, &high[selected], &low[selected], 0); + lf_hid_watch(1, &high[selected], &low[selected]); Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]); LEDsoff(); diff --git a/armsrc/Standalone/lf_icehid.c b/armsrc/Standalone/lf_icehid.c index 7ac91d126..d125b0c03 100644 --- a/armsrc/Standalone/lf_icehid.c +++ b/armsrc/Standalone/lf_icehid.c @@ -231,7 +231,8 @@ static uint32_t IceHIDDemod(void) { uint32_t hi2 = 0, hi = 0, lo = 0; // large enough to catch 2 sequences of largest format - size_t size = 50 * 128 * 2; // 12800 bytes +// size_t size = 50 * 128 * 2; // 12800 bytes + size_t size = MIN(12800, BigBuf_max_traceLen()); //uint8_t *dest = BigBuf_malloc(size); uint8_t *dest = BigBuf_get_addr(); @@ -350,30 +351,32 @@ void RunMod(void) { uint32_t res; - // since we steal 12800 from bigbuffer, no need to sample it. - DoAcquisition_config(false, 28000); + // since we steal 12800 from bigbuffer, no need to sample it. + size_t size = MIN(28000, BigBuf_max_traceLen()); + DoAcquisition_config(false, size); res = IceHIDDemod(); if (res == PM3_SUCCESS) { LED_A_OFF(); continue; } - DoAcquisition_config(false, 28000); + DoAcquisition_config(false, size); res = IceAWIDdemod(); if (res == PM3_SUCCESS) { LED_A_OFF(); continue; } - DoAcquisition_config(false, 20000); - res = IceEM410xdemod(); + DoAcquisition_config(false, size); + res = IceIOdemod(); if (res == PM3_SUCCESS) { LED_A_OFF(); continue; } - DoAcquisition_config(false, 28000); - res = IceIOdemod(); + size = MIN(20000, BigBuf_max_traceLen()); + DoAcquisition_config(false, size); + res = IceEM410xdemod(); if (res == PM3_SUCCESS) { LED_A_OFF(); continue; diff --git a/armsrc/Standalone/lf_proxbrute.c b/armsrc/Standalone/lf_proxbrute.c index b4caf2e3f..67ef436ce 100644 --- a/armsrc/Standalone/lf_proxbrute.c +++ b/armsrc/Standalone/lf_proxbrute.c @@ -56,9 +56,8 @@ void RunMod(void) { DbpString("[=] starting recording"); - - // findone, high, low, no ledcontrol (A) - CmdHIDdemodFSK(1, &high, &low, 0); + // findone, high, low + lf_hid_watch(1, &high, &low); Dbprintf("[=] recorded | %x%08x", high, low); diff --git a/armsrc/Standalone/lf_samyrun.c b/armsrc/Standalone/lf_samyrun.c index 971304918..9646dede3 100644 --- a/armsrc/Standalone/lf_samyrun.c +++ b/armsrc/Standalone/lf_samyrun.c @@ -77,7 +77,7 @@ void RunMod(void) { // findone, high, low, no ledcontrol (A) uint32_t hi = 0, lo = 0; - CmdHIDdemodFSK(1, &hi, &lo, 0); + lf_hid_watch(1, &hi, &lo); high[selected] = hi; low[selected] = lo; diff --git a/armsrc/appmain.c b/armsrc/appmain.c index afa822c7f..ad02eae2f 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -29,6 +29,7 @@ #include "felica.h" #include "hitag2.h" #include "hitagS.h" +#include "em4x50.h" #include "iclass.h" #include "legicrfsim.h" #include "epa.h" @@ -242,6 +243,16 @@ static uint32_t MeasureAntennaTuningLfData(void) { return (MAX_ADC_LF_VOLTAGE * (SumAdc(ADC_CHAN_LF, 32) >> 1)) >> 14; } +void print_stack_usage(void) { + // pointer arithmetic is times 4. (two shifts to the left) + for (uint32_t *p = &_stack_start; ; ++p) { + if (*p != 0xdeadbeef) { + Dbprintf(" Max stack usage.........%d / %d bytes", (&_stack_end - p) << 2, (&_stack_end - &_stack_start) << 2); + break; + } + } +} + void ReadMem(int addr) { const uint8_t *data = ((uint8_t *)addr); @@ -361,12 +372,9 @@ static void SendStatus(void) { #endif printConnSpeed(); DbpString(_CYAN_("Various")); - for (uint32_t *p = &_stack_start; ; ++p) { - if (*p != 0xdeadbeef) { - Dbprintf(" Max stack usage so far..%d", (&_stack_end - p)*4); - break; - } - } + + print_stack_usage(); + Dbprintf(" DBGLEVEL................%d", DBGLEVEL); Dbprintf(" ToSendMax...............%d", ToSendMax); Dbprintf(" ToSendBit...............%d", ToSendBit); @@ -447,6 +455,11 @@ static void SendCapabilities(void) { #else capabilities.compiled_with_hitag = false; #endif +#ifdef WITH_EM4x50 + capabilities.compiled_with_em4x50 = true; +#else + capabilities.compiled_with_em4x50 = false; +#endif #ifdef WITH_HFSNIFF capabilities.compiled_with_hfsniff = true; #else @@ -777,9 +790,10 @@ static void PacketReceived(PacketCommandNG *packet) { reply_mix(CMD_ACK, bits, 0, 0, 0, 0); break; } - case CMD_LF_HID_DEMOD: { + case CMD_LF_HID_WATCH: { uint32_t high, low; - CmdHIDdemodFSK(0, &high, &low, 1); + int res = lf_hid_watch(0, &high, &low); + reply_ng(CMD_LF_HID_WATCH, res, NULL, 0); break; } case CMD_LF_HID_SIMULATE: { @@ -811,19 +825,29 @@ static void PacketReceived(PacketCommandNG *packet) { CopyHIDtoT55x7(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes[0]); break; } - case CMD_LF_IO_DEMOD: { + case CMD_LF_IO_WATCH: { uint32_t high, low; - CmdIOdemodFSK(0, &high, &low, 1); + int res = lf_io_watch(0, &high, &low); + reply_ng(CMD_LF_IO_WATCH, res, NULL, 0); break; } - case CMD_LF_EM410X_DEMOD: { + case CMD_LF_EM410X_WATCH: { uint32_t high; uint64_t low; - CmdEM410xdemod(packet->oldarg[0], &high, &low, 1); + int res = lf_em410x_watch(0, &high, &low); + reply_ng(CMD_LF_EM410X_WATCH, res, NULL, 0); break; } case CMD_LF_EM410X_WRITE: { - WriteEM410x(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2]); + struct p { + uint8_t card; + uint8_t clock; + uint32_t high; + uint32_t low; + } PACKED; + struct p *payload = (struct p *)packet->data.asBytes; + int res = copy_em410x_to_t55xx(payload->card, payload->clock, payload->high, payload->low); + reply_ng(CMD_LF_EM410X_WRITE, res, NULL, 0); break; } case CMD_LF_TI_READ: { @@ -925,10 +949,10 @@ static void PacketReceived(PacketCommandNG *packet) { EM4xWriteWord(payload->address, payload->data, payload->password, payload->usepwd); break; } - case CMD_LF_AWID_DEMOD: { + case CMD_LF_AWID_WATCH: { uint32_t high, low; - // Set realtime AWID demodulation - CmdAWIDdemodFSK(0, &high, &low, 1); + int res = lf_awid_watch(0, &high, &low); + reply_ng(CMD_LF_AWID_WATCH, res, NULL, 0); break; } case CMD_LF_VIKING_CLONE: { @@ -982,6 +1006,21 @@ static void PacketReceived(PacketCommandNG *packet) { } #endif +#ifdef WITH_EM4x50 + case CMD_LF_EM4X50_INFO: { + em4x50_info((em4x50_data_t *)packet->data.asBytes); + break; + } + case CMD_LF_EM4X50_WRITE: { + em4x50_write((em4x50_data_t *)packet->data.asBytes); + break; + } + case CMD_LF_EM4X50_WRITE_PASSWORD: { + em4x50_write_password((em4x50_data_t *)packet->data.asBytes); + break; + } +#endif + #ifdef WITH_ISO15693 case CMD_HF_ISO15693_ACQ_RAW_ADC: { AcquireRawAdcSamplesIso15693(); @@ -1409,7 +1448,20 @@ static void PacketReceived(PacketCommandNG *packet) { #ifdef WITH_HFSNIFF case CMD_HF_SNIFF: { - HfSniff(packet->oldarg[0], packet->oldarg[1]); + struct p { + uint32_t samplesToSkip; + uint32_t triggersToSkip; + } PACKED; + struct p *payload = (struct p *)packet->data.asBytes; + + uint16_t len = 0; + int res = HfSniff(payload->samplesToSkip, payload->triggersToSkip, &len); + + struct { + uint16_t len; + } PACKED retval; + retval.len = len; + reply_ng(CMD_HF_SNIFF, res, (uint8_t *)&retval, sizeof(retval)); break; } #endif @@ -2065,10 +2117,10 @@ void __attribute__((noreturn)) AppMain(void) { SpinDelay(100); BigBuf_initialize(); - for (uint32_t * p = &_stack_start; p < (uint32_t *)((uintptr_t)&_stack_end - 0x200); ++p) { + for (uint32_t *p = &_stack_start; p < (uint32_t *)((uintptr_t)&_stack_end - 0x200); ++p) { *p = 0xdeadbeef; } - + if (common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) { /* Initialize common area */ memset(&common_area, 0, sizeof(common_area)); @@ -2135,7 +2187,9 @@ void __attribute__((noreturn)) AppMain(void) { WDT_HIT(); if (_stack_start != 0xdeadbeef) { - Dbprintf("Stack overflow detected! Please increase stack size."); + Dbprintf("Stack overflow detected! Please increase stack size, currently %d bytes", (&_stack_end - &_stack_start) << 2); + Dbprintf("Unplug your device now."); + while (1); } // Check if there is a packet available diff --git a/armsrc/appmain.h b/armsrc/appmain.h index 6a650f163..594723983 100644 --- a/armsrc/appmain.h +++ b/armsrc/appmain.h @@ -39,5 +39,6 @@ void ToSendReset(void); void ListenReaderField(uint8_t limit); void StandAloneMode(void); void printStandAloneModes(void); +void print_stack_usage(void); #endif diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c new file mode 100644 index 000000000..b9295e9ed --- /dev/null +++ b/armsrc/em4x50.c @@ -0,0 +1,911 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2020 tharexde +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency EM4x50 commands +//----------------------------------------------------------------------------- + +#include "fpgaloader.h" +#include "ticks.h" +#include "dbprint.h" +#include "lfadc.h" +#include "commonutil.h" +#include "em4x50.h" + +// 4 data bytes +// + byte with row parities +// + column parity byte +// + byte with stop bit + +static em4x50_tag_t tag = { + .sectors = { + [0] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // password + [1] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // protection word + [2] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // control word + [3] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [4] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [5] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [7] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [9] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [10] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [11] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [12] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [13] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [14] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [15] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [17] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [18] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [19] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [20] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [21] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [22] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [23] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [24] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [25] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [26] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [27] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [28] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [29] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [30] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [31] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // user + [32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // device serial number + [33] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // device identification + }, +}; + +// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK) +// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz +// EM4x50 units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier) +// T0 = TIMER_CLOCK1 / 125000 = 192 + +#ifndef T0 +#define T0 192 +#endif + +#define EM4X50_T_TAG_QUARTER_PERIOD 16 +#define EM4X50_T_TAG_HALF_PERIOD 32 +#define EM4X50_T_TAG_THREE_QUARTER_PERIOD 48 +#define EM4X50_T_TAG_FULL_PERIOD 64 +#define EM4X50_T_WAITING_FOR_LIW 500 +#define EM4X50_T_TAG_TPP 64 +#define EM4X50_T_TAG_TWA 64 + +#define EM4X50_TAG_TOLERANCE 8 +#define EM4X50_TAG_WORD 45 + +#define EM4X50_BIT_0 0 +#define EM4X50_BIT_1 1 +#define EM4X50_BIT_OTHER 2 + +#define EM4X50_COMMAND_LOGIN 0x01 +#define EM4X50_COMMAND_RESET 0x80 +#define EM4X50_COMMAND_WRITE 0x12 +#define EM4X50_COMMAND_WRITE_PASSWORD 0x11 +#define EM4X50_COMMAND_SELECTIVE_READ 0x0A + +#define FPGA_TIMER_0 0 + +int gHigh = 0; +int gLow = 0; + +// auxiliary functions + +static void init_tag(void) { + + // initialize global tag structure + + for (int i = 0; i < 34; i++) + for (int j = 0; j < 7; j++) + tag.sectors[i][j] = 0x00; +} + +static uint8_t bits2byte(uint8_t *bits, int length) { + + // converts separate bits into a single "byte" + + uint8_t byte = 0; + + for (int i = 0; i < length; i++) { + + byte |= bits[i]; + + if (i != length-1) + byte <<= 1; + } + + return byte; +} + +static void msb2lsb_word(uint8_t *word) { + + // reorders given according to EM4x50 datasheet (msb -> lsb) + + uint8_t buff[4]; + + buff[0] = reflect8(word[3]); + buff[1] = reflect8(word[2]); + buff[2] = reflect8(word[1]); + buff[3] = reflect8(word[0]); + + word[0] = buff[0]; + word[1] = buff[1]; + word[2] = buff[2]; + word[3] = buff[3]; +} + +static void save_word(int pos, uint8_t bits[EM4X50_TAG_WORD]) { + + // split "raw" word into data, row and column parity bits and stop bit and + // save them in global tag structure + + uint8_t row_parity[4]; + uint8_t col_parity[8]; + + // data and row parities + for (int i = 0; i < 4; i++) { + tag.sectors[pos][i] = bits2byte(&bits[9*i],8); + row_parity[i] = bits[9*i+8]; + } + + tag.sectors[pos][4] = bits2byte(row_parity,4); + + // column parities + for (int i = 0; i < 8; i++) + col_parity[i] = bits[36+i]; + + tag.sectors[pos][5] = bits2byte(col_parity,8); + + // stop bit + tag.sectors[pos][6] = bits[44]; +} + +static void wait_timer(int timer, uint32_t period) { + + // do nothing for using timer + + if (timer == FPGA_TIMER_0) { + + AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + while (AT91C_BASE_TC0->TC_CV < period); + + } else { + + AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; + while (AT91C_BASE_TC1->TC_CV < period); + + } +} + +static void em4x50_setup_read(void) { + + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD); + + // 50ms for the resonant antenna to settle. + SpinDelay(50); + // Now set up the SSC to get the ADC samples that are now streaming at us. + FpgaSetupSsc(); + // start a 1.5ticks is 1us + StartTicks(); + + FpgaSendCommand(FPGA_CMD_SET_DIVISOR, LF_DIVISOR_125); + + // Connect the A/D to the peak-detected low-frequency path. + SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + + // Steal this pin from the SSP (SPI communication channel with fpga) and + // use it to control the modulation + AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; + AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; + + // Disable modulation at default, which means enable the field + LOW(GPIO_SSC_DOUT); + + // Enable Peripheral Clock for + // TIMER_CLOCK0, used to measure exact timing before answering + // TIMER_CLOCK1, used to capture edges of the tag frames + AT91C_BASE_PMC->PMC_PCER |= (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1); + AT91C_BASE_PIOA->PIO_BSR = GPIO_SSC_FRAME; + + // Disable timer during configuration + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; + + // TC0: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; + + // TC1: Capture mode, default timer source = MCK/2 (TIMER_CLOCK1), no triggers + AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK; + + // Enable and reset counters + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; + + // synchronized startup procedure + while (AT91C_BASE_TC0->TC_CV > 0) {}; // wait until TC1 returned to zero + + // Watchdog hit + WDT_HIT(); +} + +// functions for "reader" use case + +static void get_signalproperties(void) { + + // calculate signal properties (mean amplitudes) from measured data: + // 32 amplitudes (maximum values) -> mean amplitude value -> gHigh -> gLow + + int no_periods = 32, pct = 75, noise = 140; + uint8_t sample = 0, sample_ref = 127; + uint8_t sample_max_mean = 0; + uint8_t sample_max[no_periods]; + uint32_t sample_max_sum = 0; + + // wait until signal/noise > 1 + while (AT91C_BASE_SSC->SSC_RHR < noise); + + // calculate mean maximum value of 32 periods, each period has a length of + // 3 single "full periods" to eliminate the influence of a listen window + for (int i = 0; i < no_periods; i++) { + + AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + while (AT91C_BASE_TC0->TC_CV < T0 * 3 * EM4X50_T_TAG_FULL_PERIOD) { + + sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + + if (sample > sample_max[i]) + sample_max[i] = sample; + + } + + sample_max_sum += sample_max[i]; + } + + sample_max_mean = sample_max_sum / no_periods; + + // set global envelope variables + gHigh = sample_ref + pct * (sample_max_mean - sample_ref) / 100; + gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100; + +} + +static int get_next_bit(void) { + + // returns bit value (or EM4X50_BIT_OTHER -> no bit pattern) by evaluating + // a single sample within a bit period (given there is no LIW, ACK or NAK) + // This function is not used for decoding, it is only used for identifying + // a listen window (return value = EM4X50_BIT_OTHER) in functions + // "find_double_listen_window" and "check_ack" + + uint8_t sample; + + // get sample at 3/4 of bit period + wait_timer(0, T0 * EM4X50_T_TAG_THREE_QUARTER_PERIOD); + sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + + // wait until end of bit period + wait_timer(0, T0 * EM4X50_T_TAG_QUARTER_PERIOD); + + // decide wether "0" or "1" + if (sample > gHigh) + return EM4X50_BIT_0; + else if (sample < gLow) + return EM4X50_BIT_1; + + return EM4X50_BIT_OTHER; +} + +static uint32_t get_pulse_length(void) { + + // iterates pulse length (low -> high -> low) + + uint8_t sample = 0; + + sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + + while (sample > gLow) + sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + + AT91C_BASE_TC1->TC_CCR = AT91C_TC_SWTRG; + + while (sample < gHigh) + sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + + while (sample > gLow) + sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; + + return (uint32_t)AT91C_BASE_TC1->TC_CV; +} + +static bool check_pulse_length(uint32_t pl, int length) { + + // check if pulse length corresponds to given length + + if ((pl >= T0 * (length - EM4X50_TAG_TOLERANCE)) & + (pl <= T0 * (length + EM4X50_TAG_TOLERANCE))) + return true; + else + return false; +} + +static void em4x50_send_bit(int bit) { + + // send single bit according to EM4x50 application note and datasheet + + // reset clock for the next bit + AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + + if (bit == 0) { + + // disable modulation (drop the field) for 7 cycles of carrier + // period (Opt64) + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * 7); + + // enable modulation (activates the field) for remaining first + // half of bit period + HIGH(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_HALF_PERIOD); + + // disable modulation for second half of bit period + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_FULL_PERIOD); + + } else { + + // bit = "1" means disable modulation for full bit period + LOW(GPIO_SSC_DOUT); + while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_TAG_FULL_PERIOD); + } +} + +static void em4x50_send_byte(uint8_t byte) { + + // send byte (without parity) + + for (int i = 0; i < 8; i++) + em4x50_send_bit((byte >> (7-i)) & 1); + +} + +static void em4x50_send_byte_with_parity(uint8_t byte) { + + // send byte followed by its (equal) parity bit + + int parity = 0, bit = 0; + + for (int i = 0; i < 8; i++) { + bit = (byte >> (7-i)) & 1; + em4x50_send_bit(bit); + parity ^= bit; + } + + em4x50_send_bit(parity); +} + +static void em4x50_send_word(const uint8_t bytes[4]) { + + // send 32 bit word with parity bits according to EM4x50 datasheet + + for (int i = 0; i < 4; i++) + em4x50_send_byte_with_parity(bytes[i]); + + // send column parities + em4x50_send_byte(bytes[0] ^ bytes[1] ^ bytes[2] ^ bytes[3]); + + // send final stop bit (always "0") + em4x50_send_bit(0); +} + +static bool find_double_listen_window(bool bcommand) { + + // find two successive listen windows that indicate the beginning of + // data transmission + + AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + while (AT91C_BASE_TC0->TC_CV < T0 * EM4X50_T_WAITING_FOR_LIW) { + + // identification of listen window is done via evaluation of + // pulse lengths + if (check_pulse_length(get_pulse_length(), 3 * EM4X50_T_TAG_FULL_PERIOD)) { + + if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) { + + // first listen window found + + if (bcommand) { + + // data transmission from card has to be stopped, because + // a commamd shall be issued + + // unfortunately the posititon in listen window (where + // command request has to be sent) has gone, so if a + // second window follows - sync on this to issue a command + + // skip the next bit... + wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_FULL_PERIOD); + + // ...and check if the following bit does make sense + // (if not it is the correct position within the second + // listen window) + if (get_next_bit() == EM4X50_BIT_OTHER) { + + // send RM for request mode + em4x50_send_bit(0); + em4x50_send_bit(0); + + return true; + } + + } + + if (check_pulse_length(get_pulse_length(), 3 * EM4X50_T_TAG_FULL_PERIOD)) { + + // return although second listen window consists of one + // more bit period but this period is necessary for + // evaluating further pulse lengths + return true; + } + } + } + } + + return false; +} + +static bool request_receive_mode(void) { + + // To issue a command we have to find a listen window first. + // Because identification and sychronization at the same time is not + // possible when using pulse lengths a double listen window is used. + + bool bcommand = true; + + return find_double_listen_window(bcommand); +} + +static bool check_ack(bool bliw) { + + // returns true if signal structue corresponds to ACK, anything else is + // counted as NAK (-> false) + // Only relevant for pasword writing function: + // If is true then within the single listen window right after the + // ack signal a RM request has to be sent. + + AT91C_BASE_TC0->TC_CCR = AT91C_TC_SWTRG; + while (AT91C_BASE_TC0->TC_CV < T0 * 4 * EM4X50_T_TAG_FULL_PERIOD) { + + if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) { + + // The received signal is either ACK or NAK. + + if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) { + + // Now the signal must be ACK. + + if (!bliw) { + + return true; + + } else { + + // send RM request after ack signal + + // wait for 2 bits (remaining "bit" of ACK signal + first + // "bit" of listen window) + wait_timer(FPGA_TIMER_0, T0 * 2 * EM4X50_T_TAG_FULL_PERIOD); + + // check for listen window (if first bit cannot be inerpreted + // as a valid bit it must belong to a listen window) + if (get_next_bit() == EM4X50_BIT_OTHER) { + + // send RM for request mode + em4x50_send_bit(0); + em4x50_send_bit(0); + + return true; + } + } + } + } + } + + return false; +} + +static int get_word_from_bitstream(uint8_t bits[EM4X50_TAG_WORD]) { + + // decodes one word by evaluating pulse lengths and previous bit; + // word must have 45 bits in total: + // 32 data bits + 4 row parity bits + 8 column parity bits + 1 stop bit + + bool bbitchange = false; + int i = 0; + uint32_t pl = 0; + + // initial bit value depends on last pulse length of listen window + pl = get_pulse_length(); + if (check_pulse_length(pl, 3 * EM4X50_T_TAG_HALF_PERIOD)) { + + // pulse length = 1.5 + bits[0] = 1; + + } else if (check_pulse_length(pl, 2 * EM4X50_T_TAG_FULL_PERIOD)) { + + // pulse length = 2 + bits[0] = 0; + bbitchange = true; + + } else { + + // pulse length = 2.5 + bits[0] = 0; + bits[1] = 1; + i++; + } + + // identify remaining bits based on pulse lengths + // between two listen windows only pulse lengths of 1, 1.5 and 2 are possible + while (true) { + + i++; + pl = get_pulse_length(); + + if (check_pulse_length(pl, EM4X50_T_TAG_FULL_PERIOD)) { + + // pulse length = 1 -> keep former bit value + bits[i] = bits[i-1]; + + } else if (check_pulse_length(pl, 3 * EM4X50_T_TAG_HALF_PERIOD)) { + + // pulse length = 1.5 -> decision on bit change + + if (bbitchange) { + + // if number of pulse lengths with 1.5 periods is even -> add bit + bits[i] = (bits[i-1] == 1) ? 1 : 0; + + // pulse length of 1.5 changes bit value + bits[i+1] = (bits[i] == 1) ? 0 : 1; + i++; + + // next time add only one bit + bbitchange = false; + + } else { + + bits[i] = (bits[i-1] == 1) ? 0 : 1; + + // next time two bits have to be added + bbitchange = true; + } + + } else if (check_pulse_length(pl, 2 * EM4X50_T_TAG_FULL_PERIOD)) { + + // pulse length of 2 means: adding 2 bits "01" + bits[i] = 0; + bits[i+1] = 1; + i++; + + } else if (check_pulse_length(pl, 3 * EM4X50_T_TAG_FULL_PERIOD)) { + + // pulse length of 3 indicates listen window -> clear last + // bit (= 0) and return + return --i; + + } + } +} + +// login function + +static bool login(uint8_t password[4]) { + + // simple login to EM4x50, + // used in operations that require authentication + + if (request_receive_mode ()) { + + // send login command + em4x50_send_byte_with_parity(EM4X50_COMMAND_LOGIN); + + // send password + em4x50_send_word(password); + + // check if ACK is returned + if (check_ack(false)) + return true; + + } else { + if (DBGLEVEL >= DBG_ERROR) + Dbprintf("error in command request"); + } + + return false; +} + +// reset function + +static bool reset(void) { + + // resets EM4x50 tag (used by write function) + + if (request_receive_mode ()) { + + // send login command + em4x50_send_byte_with_parity(EM4X50_COMMAND_RESET); + + if (check_ack(false)) + return true; + + } else { + if (DBGLEVEL >= DBG_ERROR) + Dbprintf("error in command request"); + } + + return false; +} + +// read functions + +static bool standard_read(int *now) { + + // reads data that tag transmits when exposed to reader field + // (standard read mode); number of read words is saved in + + int fwr = *now; + uint8_t bits[EM4X50_TAG_WORD] = {0}; + + // start with the identification of two succsessive listening windows + if (find_double_listen_window(false)) { + + // read and save words until following double listen window is detected + while (get_word_from_bitstream(bits) == EM4X50_TAG_WORD) + save_word((*now)++, bits); + + // number of detected words + *now -= fwr; + + return true; + + } else { + if (DBGLEVEL >= DBG_ERROR) + Dbprintf("didn't find a listen window"); + } + + return false; +} + +static bool selective_read(uint8_t addresses[4]) { + + // reads from "first word read" (fwr = addresses[3]) to "last word read" + // (lwr = addresses[2]) + // result is verified by "standard read mode" + + int fwr = addresses[3]; // first word read + int lwr = addresses[2]; // last word read + int now = fwr; // number of words + + if (request_receive_mode()) { + + // send selective read command + em4x50_send_byte_with_parity(EM4X50_COMMAND_SELECTIVE_READ); + + // send address data + em4x50_send_word(addresses); + + // look for ACK sequence + if (check_ack(false)) + + // save and verify via standard read mode (compare number of words) + if (standard_read(&now)) + if (now == (lwr - fwr + 1)) + return true; + + } else { + if (DBGLEVEL >= DBG_ERROR) + Dbprintf("error in command request"); + } + + return false; +} + +void em4x50_info(em4x50_data_t *etd) { + + // collects as much information as possible via selective read mode + // if no password is given -> try with standard password "0x00000000" + // otherwise continue without login + + bool bsuccess = false, blogin = false; + uint8_t status = 0; + uint8_t addresses[] = {0x00, 0x00, 0x21, 0x00}; // fwr = 0, lwr = 33 + uint8_t password[] = {0x00, 0x00, 0x00, 0x00}; // default password + + init_tag(); + em4x50_setup_read(); + + // set gHigh and gLow + get_signalproperties(); + + if (etd->pwd_given) { + + // try to login with given password + blogin = login(etd->password); + + } else { + + // if no password is given, try to login with "0x00000000" + blogin = login(password); + + } + + bsuccess = selective_read(addresses); + + status = (bsuccess << 1) + blogin; + + lf_finalize(); + reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238); +} + +// write functions + +static bool write(uint8_t word[4], uint8_t address) { + + // writes to specified
+ + if (request_receive_mode()) { + + // send write command + em4x50_send_byte_with_parity(EM4X50_COMMAND_WRITE); + + // send address data + em4x50_send_byte_with_parity(address); + + // send data + em4x50_send_word(word); + + // wait for T0 * EM4X50_T_TAG_TWA (write access time) + wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA); + + // look for ACK sequence + if (check_ack(false)) { + + // now EM4x50 needs T0 * EM4X50_T_TAG_TWEE (EEPROM write time) + // for saving data and should return with ACK + if (check_ack(false)) + return true; + + } + + } else { + if (DBGLEVEL >= DBG_ERROR) + Dbprintf("error in command request"); + } + + return false; +} + +static bool write_password(uint8_t password[4], uint8_t new_password[4]) { + + // changes password from to + + if (request_receive_mode()) { + + // send write password command + em4x50_send_byte_with_parity(EM4X50_COMMAND_WRITE_PASSWORD); + + // send address data + em4x50_send_word(password); + + // wait for T0 * EM4x50_T_TAG_TPP (processing pause time) + wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TPP); + + // look for ACK sequence and send rm request + // during following listen window + if (check_ack(true)) { + + // send new password + em4x50_send_word(new_password); + + // wait for T0 * EM4X50_T_TAG_TWA (write access time) + wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA); + + if (check_ack(false)) + if (check_ack(false)) + return true; + + } + + } else { + if (DBGLEVEL >= DBG_ERROR) + Dbprintf("error in command request"); + } + + return false; +} + +void em4x50_write(em4x50_data_t *etd) { + + // write operation process for EM4x50 tag, + // single word is written to given address, verified by selective read operation + + bool bsuccess = false, blogin = false; + uint8_t status = 0; + uint8_t word[4] = {0x00, 0x00, 0x00, 0x00}; + uint8_t addresses[4] = {0x00, 0x00, 0x00, 0x00}; + + init_tag(); + em4x50_setup_read(); + + // set gHigh and gLow + get_signalproperties(); + + // reorder word according to datasheet + msb2lsb_word(etd->word); + + // if password is given try to login first + if (etd->pwd_given) + blogin = login(etd->password); + + // write word to given address + if (write(etd->word, etd->address)) { + + // to verify result reset EM4x50 + if (reset()) { + + // if password is given login + if (etd->pwd_given) + blogin &= login(etd->password); + + // perform a selective read + addresses[2] = addresses[3] = etd->address; + if (selective_read(addresses)) { + + // compare with given word + word[0] = tag.sectors[etd->address][0]; + word[1] = tag.sectors[etd->address][1]; + word[2] = tag.sectors[etd->address][2]; + word[3] = tag.sectors[etd->address][3]; + msb2lsb_word(word); + + bsuccess = true; + for (int i = 0; i < 4; i++) + bsuccess &= (word[i] == etd->word[i]) ? true : false; + + } + } + } + + status = (bsuccess << 1) + blogin; + + lf_finalize(); + reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238); +} + +void em4x50_write_password(em4x50_data_t *etd) { + + // sinmple change of password + + bool bsuccess = false; + + init_tag(); + em4x50_setup_read(); + + // set gHigh and gLow + get_signalproperties(); + + // login and change password + if (login(etd->password)) { + bsuccess = write_password(etd->password, etd->new_password); + } + + lf_finalize(); + reply_ng(CMD_ACK, bsuccess, 0, 0); +} diff --git a/armsrc/em4x50.h b/armsrc/em4x50.h new file mode 100644 index 000000000..746ca4811 --- /dev/null +++ b/armsrc/em4x50.h @@ -0,0 +1,24 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2020 tharexde +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency EM4x50 commands +//----------------------------------------------------------------------------- + +#ifndef EM4X50_H +#define EM4X50_H + +#include "../include/em4x50.h" + +typedef struct { + uint8_t sectors[34][7]; +} em4x50_tag_t; + +void em4x50_info(em4x50_data_t *etd); +void em4x50_write(em4x50_data_t *etd); +void em4x50_write_password(em4x50_data_t *etd); + +#endif /* EM4X50_H */ diff --git a/armsrc/hfsnoop.c b/armsrc/hfsnoop.c index 770280b9b..177a1f99e 100644 --- a/armsrc/hfsnoop.c +++ b/armsrc/hfsnoop.c @@ -18,29 +18,21 @@ #include "appmain.h" #include "cmd.h" -static void RAMFUNC optimizedSniff(void) { - int n = BigBuf_max_traceLen() / sizeof(uint16_t); // take all memory - - uint16_t *dest = (uint16_t *)BigBuf_get_addr(); - uint16_t *destend = dest + n - 1; - - // Reading data loop - while (dest <= destend) { +static void RAMFUNC optimizedSniff(uint16_t *dest, uint16_t dsize) { + while (dsize > 0) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { *dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR); dest++; + dsize -= sizeof(dsize); } } - //setting tracelen - important! it was set by buffer overflow before - set_tracelen(BigBuf_max_traceLen()); } -void HfSniff(int samplesToSkip, int triggersToSkip) { +int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len) { BigBuf_free(); - BigBuf_Clear(); + BigBuf_Clear_ext(false); - Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip); - int trigger_cnt = 0; + Dbprintf("Skipping first %d sample pairs, Skipping %d triggers", samplesToSkip, triggersToSkip); LED_D_ON(); @@ -57,37 +49,68 @@ void HfSniff(int samplesToSkip, int triggersToSkip) { FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNOOP); SpinDelay(100); - uint16_t r = 0; - while (!BUTTON_PRESS() && !data_available()) { + *len = (BigBuf_max_traceLen() & 0xFFFE); + uint8_t *mem = BigBuf_malloc(*len); + + uint32_t trigger_cnt = 0; + uint16_t r = 0, interval = 0; + + bool pressed = false; + while (pressed == false) { WDT_HIT(); + // cancel w usb command. + if (interval == 2000) { + if (data_available()) + break; + + interval = 0; + } else { + interval++; + } + + // check if trigger is reached if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { r = (uint16_t)AT91C_BASE_SSC->SSC_RHR; - r = MAX(r & 0xff, r >> 8); - if (r >= 180) { // 0xB4 ?? - if (++trigger_cnt > triggersToSkip) + + r = MAX(r & 0xFF, r >> 8); + + // 180 (0xB4) arbitary value to see if a strong RF field is near. + if (r > 180) { + + if (++trigger_cnt > triggersToSkip) { break; + } } } + + pressed = BUTTON_PRESS(); } - if (!BUTTON_PRESS()) { - int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0 - while (waitcount != 0) { + if (pressed == false) { - if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) - waitcount--; + // skip samples loop + while (samplesToSkip != 0) { + + if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + samplesToSkip--; + } + } + + optimizedSniff((uint16_t*)mem, *len); + + if (DBGLEVEL >= DBG_INFO) { + Dbprintf("Trigger kicked in (%d >= 180)", r); + Dbprintf("Collected %u samples", *len); } - optimizedSniff(); - Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r); } //Resetting Frame mode (First set in fpgaloader.c) AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); - - DbpString("HF Sniffing end"); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LED_D_OFF(); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + BigBuf_free(); + return (pressed) ? PM3_EOPABORTED : PM3_SUCCESS; } void HfPlotDownload(void) { diff --git a/armsrc/hfsnoop.h b/armsrc/hfsnoop.h index 049536940..8ed263fa5 100644 --- a/armsrc/hfsnoop.h +++ b/armsrc/hfsnoop.h @@ -12,6 +12,8 @@ #ifndef __HFSNOOP_H #define __HFSNOOP_H -void HfSniff(int, int); +#include "proxmark3_arm.h" + +int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len); void HfPlotDownload(void); #endif diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index cf1aa46c1..79b09395f 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -36,7 +36,7 @@ #include "lfsampling.h" #include "lfdemod.h" #include "commonutil.h" - +#include "appmain.h" #define test_bit(data, i) (*(data + (i/8)) >> (7-(i % 8))) & 1 #define set_bit(data, i) *(data + (i/8)) |= (1 << (7-(i % 8))) @@ -1002,15 +1002,20 @@ void SniffHitag2(void) { size_t periods = 0; uint8_t periods_bytes[4]; - int16_t checked = 0; + // int16_t checked = 0; /*bool waiting_for_first_edge = true;*/ LED_C_ON(); + uint32_t signal_size = 10000; while (!BUTTON_PRESS()) { + // use malloc + initSampleBufferEx(&signal_size, false); + WDT_HIT(); +/* // only every 1000th times, in order to save time when collecting samples. if (checked == 1000) { if (data_available()) { @@ -1021,13 +1026,14 @@ void SniffHitag2(void) { } } ++checked; + */ // Receive frame, watch for at most T0*EOF periods // lf_reset_counter(); // Wait "infinite" for reader modulation - periods = lf_detect_gap(20000); + periods = lf_detect_gap(10000); // Test if we detected the first reader modulation edge if (periods != 0) { @@ -1042,7 +1048,6 @@ void SniffHitag2(void) { num_to_bytes(periods, 4, periods_bytes); LogTrace(periods_bytes, 4, 0, 0, NULL, true); } - } lf_finalize(); @@ -1064,7 +1069,7 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) { int response = 0; uint8_t rx[HITAG_FRAME_LEN] = {0}; size_t rxlen = 0; - uint8_t tx[HITAG_FRAME_LEN]; + uint8_t tx[HITAG_FRAME_LEN] = {0}; size_t txlen = 0; auth_table_len = 0; @@ -1108,8 +1113,11 @@ void SimulateHitag2(bool tag_mem_supplied, uint8_t *data) { // int16_t checked = 0; // SIMULATE + uint32_t signal_size = 10000; + while (BUTTON_PRESS() == false) { - while (!BUTTON_PRESS()) { + // use malloc + initSampleBufferEx(&signal_size, true); LED_D_ON(); @@ -1283,9 +1291,9 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { uint32_t command_start = 0, command_duration = 0; uint32_t response_start = 0, response_duration = 0; - uint8_t rx[HITAG_FRAME_LEN]; + uint8_t rx[HITAG_FRAME_LEN] = {0}; size_t rxlen = 0; - uint8_t txbuf[HITAG_FRAME_LEN]; + uint8_t txbuf[HITAG_FRAME_LEN] = {0}; uint8_t *tx = txbuf; size_t txlen = 0; @@ -1430,12 +1438,17 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { size_t nrzs = 0; int16_t checked = 0; - while (!bStop && !BUTTON_PRESS()) { + uint32_t signal_size = 10000; + + while (bStop == false && BUTTON_PRESS() == false) { + + // use malloc + initSampleBufferEx(&signal_size, true); WDT_HIT(); // only every 1000th times, in order to save time when collecting samples. - if (checked == 1000) { + if (checked == 4000) { if (data_available()) { checked = -1; break; @@ -1615,13 +1628,13 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { } // Pack the response into a byte array - for (size_t i = 5; i < nrzs; i++) { + for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) { uint8_t bit = nrz_samples[i]; if (bit > 1) { // When Manchester detects impossible symbol it writes "7" DBG Dbprintf("Error in Manchester decoding, abort"); break; } - rx[rxlen / 8] |= bit << (7 - (rxlen % 8)); + rx[rxlen >> 3] |= bit << (7 - (rxlen % 8)); rxlen++; } @@ -1756,10 +1769,14 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { size_t nrzs = 0; int16_t checked = 0; - while (!bStop && !BUTTON_PRESS()) { + uint32_t signal_size = 10000; + while (bStop == false && BUTTON_PRESS() == false) { - // only every 1000th times, in order to save time when collecting samples. - if (checked == 1000) { + // use malloc + initSampleBufferEx(&signal_size, true); + + // only every 4000th times, in order to save time when collecting samples. + if (checked == 4000) { if (data_available()) { checked = -1; break; @@ -1920,12 +1937,13 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { } // Pack the response into a byte array - for (size_t i = 5; i < nrzs; i++) { + for (size_t i = 5; i < nrzs && rxlen < (sizeof(rx) << 3); i++) { uint8_t bit = nrz_samples[i]; if (bit > 1) { // When Manchester detects impossible symbol it writes "7" break; } - rx[rxlen / 8] |= bit << (7 - (rxlen % 8)); + // >> 3 instead of div by 8 + rx[rxlen >> 3] |= bit << (7 - (rxlen % 8)); rxlen++; } diff --git a/armsrc/i2c.c b/armsrc/i2c.c index 82b4fdb10..23ae07f10 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -47,7 +47,7 @@ static void __attribute__((optimize("O0"))) I2CSpinDelayClk(uint16_t delay) { #define I2C_DELAY_2CLK I2CSpinDelayClk(2) #define I2C_DELAY_XCLK(x) I2CSpinDelayClk((x)) -#define I2C_DELAY_100us I2CSpinDelayClk( 100 / 3) +#define I2C_DELAY_100us I2CSpinDelayClk( 100 / 3) #define I2C_DELAY_600us I2CSpinDelayClk( 600 / 3) #define I2C_DELAY_10ms I2CSpinDelayClk( 10 * 1000 / 3 ) #define I2C_DELAY_30ms I2CSpinDelayClk( 30 * 1000 / 3 ) @@ -440,7 +440,7 @@ int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d // extra wait 500us (514us measured) // 200us (xx measured) -// WaitUS(600); +// WaitUS(600); I2C_DELAY_600us; bool bBreak = true; diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index a657dff35..3b7b096a4 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -889,7 +889,7 @@ bool prepare_tag_modulation(tag_response_info_t *response_info, size_t max_buffe // Make sure we do not exceed the free buffer space if (ToSendMax > max_buffer_size) { - Dbprintf("Out of memory, when modulating bits for tag answer:"); + Dbprintf("ToSend buffer, Out-of-bound, when modulating bits for tag answer:"); Dbhexdump(response_info->response_n, response_info->response, false); return false; } @@ -980,14 +980,26 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i // some first pages of UL/NTAG dump is special data mfu_dump_t *mfu_header = (mfu_dump_t *) BigBuf_get_EM_addr(); *pages = MAX(mfu_header->pages, 19); + // counters and tearing flags - for (int i = 0; i < 3; i++) { + // for old dumps with all zero headers, we need to set default values. + for (uint8_t i = 0; i < 3; i++) { + counters[i] = le24toh(mfu_header->counter_tearing[i]); - tearings[i] = mfu_header->counter_tearing[i][3]; + + if (mfu_header->counter_tearing[i][3] != 0x00) { + tearings[i] = mfu_header->counter_tearing[i][3]; + } } + // GET_VERSION - memcpy(rVERSION, mfu_header->version, 8); + if (memcmp(mfu_header->version, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) == 0) { + memcpy(rVERSION, "\x00\x04\x04\x02\x01\x00\x11\x03", 8); + } else { + memcpy(rVERSION, mfu_header->version, 8); + } AddCrc14A(rVERSION, sizeof(rVERSION) - 2); + // READ_SIG memcpy(rSIGN, mfu_header->signature, 32); AddCrc14A(rSIGN, sizeof(rSIGN) - 2); @@ -2015,13 +2027,6 @@ int EmSendPrecompiledCmd(tag_response_info_t *p_response) { LastTimeProxToAirStart * 16 + DELAY_ARM2AIR_AS_TAG, (LastTimeProxToAirStart + p_response->ProxToAirDuration) * 16 + DELAY_ARM2AIR_AS_TAG, par); - - if (DBGLEVEL >= DBG_EXTENDED) { - Dbprintf("response_info->response %02X", p_response->response); - Dbprintf("response_info->response_n %02X", p_response->response_n); - Dbprintf("response_info->par %02X", &(p_response->par)); - } - return ret; } diff --git a/armsrc/lfadc.c b/armsrc/lfadc.c index cec945b20..8c453bdc9 100644 --- a/armsrc/lfadc.c +++ b/armsrc/lfadc.c @@ -11,6 +11,7 @@ #include "fpgaloader.h" #include "ticks.h" #include "dbprint.h" +#include "appmain.h" // Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK) // TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz @@ -72,27 +73,11 @@ void lf_sample_mean(void) { static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) { size_t periods = 0; - volatile uint8_t adc_val; uint8_t avg_peak = adc_avg + 3, avg_through = adc_avg - 3; -// int16_t checked = 0; - - while (!BUTTON_PRESS()) { - - // only every 100th times, in order to save time when collecting samples. - /* - if (checked == 1000) { - if (data_available()) { - break; - } else { - checked = 0; - } - } - ++checked; - */ - WDT_HIT(); + while (BUTTON_PRESS() == false) { if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - adc_val = AT91C_BASE_SSC->SSC_RHR; + volatile uint8_t adc_val = AT91C_BASE_SSC->SSC_RHR; periods++; if (g_logging) logSampleSimple(adc_val); @@ -105,6 +90,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) { if (adc_val == 0) { return periods; } + } else { // Trigger on a modulation swap by observing an edge change if (rising_edge) { @@ -125,6 +111,7 @@ static size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) { if (periods >= max) return 0; } } + if (g_logging) logSampleSimple(0xFF); return 0; } @@ -161,6 +148,7 @@ bool lf_get_reader_modulation(void) { } void lf_wait_periods(size_t periods) { + // wait detect gap lf_count_edge_periods_ex(periods, true, false); } @@ -250,23 +238,22 @@ void lf_finalize(void) { } size_t lf_detect_field_drop(size_t max) { +/* size_t periods = 0; // int16_t checked = 0; - while (!BUTTON_PRESS()) { + while (BUTTON_PRESS() == false) { - /* - // only every 1000th times, in order to save time when collecting samples. - if (checked == 1000) { - if (data_available()) { - checked = -1; - break; - } else { - checked = 0; - } - } - ++checked; - */ + // // only every 1000th times, in order to save time when collecting samples. + // if (checked == 4000) { + // if (data_available()) { + // checked = -1; + // break; + // } else { + // checked = 0; + // } + // } + // ++checked; WDT_HIT(); @@ -284,6 +271,7 @@ size_t lf_detect_field_drop(size_t max) { if (periods == max) return 0; } } +*/ return 0; } diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 03c6c5164..7e907da09 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -171,7 +171,7 @@ t55xx_configurations_t T55xx_Timing = { #define T55XX_LONGLEADINGREFERENCE 4 // Value to tell Write Bit to send long reference // ATA55xx shared presets & routines -static uint32_t GetT55xxClockBit(uint32_t clock) { +static uint32_t GetT55xxClockBit(uint8_t clock) { switch (clock) { case 128: return T55x7_BITRATE_RF_128; @@ -1224,32 +1224,52 @@ void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, } // loop to get raw HID waveform then FSK demodulate the TAG ID from it -void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) { - uint8_t *dest = BigBuf_get_addr(); +int lf_hid_watch(int findone, uint32_t *high, uint32_t *low) { + size_t size; uint32_t hi2 = 0, hi = 0, lo = 0; int dummyIdx = 0; // Configure to go in 125kHz listen mode LFSetupFPGAForADC(LF_DIVISOR_125, true); + uint8_t *dest = BigBuf_get_addr(); + BigBuf_Clear_keep_EM(); + clear_trace(); + set_tracing(false); + //clear read buffer BigBuf_Clear_keep_EM(); - while (!BUTTON_PRESS() && !data_available()) { + int res = PM3_SUCCESS; + uint16_t interval = 0; + while (BUTTON_PRESS() == false) { WDT_HIT(); - if (ledcontrol) LED_A_ON(); + + // cancel w usb command. + if (interval == 4000) { + if (data_available()) { + res = PM3_EOPABORTED; + break; + } + interval = 0; + } else { + interval++; + } DoAcquisition_default(-1, false); + // FSK demodulator - size = 50 * 128 * 2; //big enough to catch 2 sequences of largest format + // 50 * 128 * 2 - big enough to catch 2 sequences of largest format + size = MIN(12800, BigBuf_max_traceLen()); + int idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx); if (idx < 0) continue; if (idx > 0 && lo > 0 && (size == 96 || size == 192)) { // go over previously decoded manchester data and decode into usable tag ID if (hi2 != 0) { //extra large HID tags 88/192 bits - Dbprintf("TAG ID: %x%08x%08x (%d)", + Dbprintf("TAG ID: " _GREEN_("%x%08x%08x") " (%d)", hi2, hi, lo, @@ -1311,25 +1331,40 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) hi2 = hi = lo = idx = 0; } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - DbpString("HID fsk demod stopped"); - if (ledcontrol) LED_A_OFF(); + BigBuf_free(); + LEDsoff(); + return res; } // loop to get raw HID waveform then FSK demodulate the TAG ID from it -void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) { +int lf_awid_watch(int findone, uint32_t *high, uint32_t *low) { - uint8_t *dest = BigBuf_get_addr(); size_t size; int dummyIdx = 0; + uint8_t *dest = BigBuf_get_addr(); BigBuf_Clear_keep_EM(); + clear_trace(); + set_tracing(false); LFSetupFPGAForADC(LF_DIVISOR_125, true); - while (!BUTTON_PRESS() && !data_available()) { + int res = PM3_SUCCESS; + uint16_t interval = 0; + while (BUTTON_PRESS() == false) { WDT_HIT(); - if (ledcontrol) LED_A_ON(); + + // cancel w usb command. + if (interval == 4000) { + if (data_available()) { + res = PM3_EOPABORTED; + break; + } + interval = 0; + } else { + interval++; + } DoAcquisition_default(-1, false); // FSK demodulator @@ -1380,20 +1415,19 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) uint32_t fac = bytebits_to_byte(dest + 9, 8); uint32_t cardnum = bytebits_to_byte(dest + 17, 16); uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen); - Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo); + Dbprintf("AWID Found - Bit length: " _GREEN_("%d") ", FC: " _GREEN_("%d") ", Card: " _GREEN_("%d") " - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo); } else { uint32_t cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16); if (fmtLen > 32) { uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen - 32); uint32_t code2 = bytebits_to_byte(dest + 8 + (fmtLen - 32), 32); - Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); + Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); } else { uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen); - Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); + Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); } } if (findone) { - if (ledcontrol) LED_A_OFF(); *high = rawHi; *low = rawLo; break; @@ -1401,26 +1435,40 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - DbpString("AWID fsk demod stopped"); - if (ledcontrol) LED_A_OFF(); + BigBuf_free(); + LEDsoff(); + return res; } -void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) { - uint8_t *dest = BigBuf_get_addr(); +int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) { size_t size, idx = 0; int clk = 0, invert = 0, maxErr = 20; uint32_t hi = 0; uint64_t lo = 0; + uint8_t *dest = BigBuf_get_addr(); + clear_trace(); + set_tracing(false); BigBuf_Clear_keep_EM(); LFSetupFPGAForADC(LF_DIVISOR_125, true); - while (!BUTTON_PRESS() && !data_available()) { - + int res = PM3_SUCCESS; + uint16_t interval = 0; + while (BUTTON_PRESS() == false) { WDT_HIT(); - if (ledcontrol) LED_A_ON(); + + // cancel w usb command. + if (interval == 4000) { + if (data_available()) { + res = PM3_EOPABORTED; + break; + } + interval = 0; + } else { + interval++; + } DoAcquisition_default(-1, false); @@ -1428,14 +1476,14 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) //askdemod and manchester decode int errCnt = askdemod(dest, &size, &clk, &invert, maxErr, 0, 1); - WDT_HIT(); - if (errCnt > 50) continue; + WDT_HIT(); + errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo); if (errCnt == 1) { if (size == 128) { - Dbprintf("EM XL TAG ID: %06x%08x%08x - (%05d_%03d_%08d)", + Dbprintf("EM XL TAG ID: " _GREEN_("%06x%08x%08x") " - ( %05d_%03d_%08d )", hi, (uint32_t)(lo >> 32), (uint32_t)lo, @@ -1443,7 +1491,7 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) (uint32_t)((lo >> 16LL) & 0xFF), (uint32_t)(lo & 0xFFFFFF)); } else { - Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)", + Dbprintf("EM TAG ID: " _GREEN_("%02x%08x") " - ( %05d_%03d_%08d )", (uint32_t)(lo >> 32), (uint32_t)lo, (uint32_t)(lo & 0xFFFF), @@ -1452,7 +1500,6 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) } if (findone) { - if (ledcontrol) LED_A_OFF(); *high = hi; *low = lo; break; @@ -1463,33 +1510,46 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - DbpString("EM man/ask demod stopped"); - if (ledcontrol) LED_A_OFF(); + BigBuf_free(); + LEDsoff(); + return res; } -void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) { - - uint8_t *dest = BigBuf_get_addr(); +int lf_io_watch(int findone, uint32_t *high, uint32_t *low) { int dummyIdx = 0; uint32_t code = 0, code2 = 0; - uint8_t version = 0, facilitycode = 0, crc = 0; - uint16_t number = 0, calccrc = 0; - - size_t size = BigBuf_max_traceLen(); + uint8_t version = 0, facilitycode = 0; + uint16_t number = 0; + uint8_t *dest = BigBuf_get_addr(); BigBuf_Clear_keep_EM(); + clear_trace(); + set_tracing(false); // Configure to go in 125kHz listen mode LFSetupFPGAForADC(LF_DIVISOR_125, true); - while (!BUTTON_PRESS() && !data_available()) { + int res = PM3_SUCCESS; + uint16_t interval = 0; + while (BUTTON_PRESS() == false) { + WDT_HIT(); - if (ledcontrol) LED_A_ON(); + + // cancel w usb command. + if (interval == 4000) { + if (data_available()) { + res = PM3_EOPABORTED; + break; + } + interval = 0; + } else { + interval++; + } DoAcquisition_default(-1, false); - size = MIN(12000, BigBuf_max_traceLen()); + size_t size = MIN(12000, BigBuf_max_traceLen()); //fskdemod and get start index int idx = detectIOProx(dest, &size, &dummyIdx); @@ -1529,18 +1589,9 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) { facilitycode = bytebits_to_byte(dest + idx + 18, 8); number = (bytebits_to_byte(dest + idx + 36, 8) << 8) | (bytebits_to_byte(dest + idx + 45, 8)); //36,9 - crc = bytebits_to_byte(dest + idx + 54, 8); - for (uint8_t i = 1; i < 6; ++i) - calccrc += bytebits_to_byte(dest + idx + 9 * i, 8); - calccrc &= 0xff; - calccrc = 0xff - calccrc; + Dbprintf("IO Prox " _GREEN_("XSF(%02d)%02x:%05d") " (%08x%08x) (%s)", version, facilitycode, number, code, code2); - const char *crcStr = (crc == calccrc) ? "ok" : "!crc"; - - Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]", version, facilitycode, number, code, code2, crc, crcStr); - // if we're only looking for one tag if (findone) { - if (ledcontrol) LED_A_OFF(); *high = code; *low = code2; break; @@ -1548,12 +1599,11 @@ void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) { code = code2 = 0; version = facilitycode = 0; number = 0; - calccrc = 0; } - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - DbpString("IOProx fsk demod stopped"); - if (ledcontrol) LED_A_OFF(); + BigBuf_free(); + LEDsoff(); + return res; } /*------------------------------ @@ -2006,12 +2056,12 @@ void T55xx_ChkPwds(uint8_t flags) { DbpString("[+] T55XX Check pwds using flashmemory starting"); - uint8_t ret = 0; // First get baseline and setup LF mode. // tends to mess up BigBuf - uint8_t *buf = BigBuf_get_addr(); - uint32_t b1, baseline = 0; - uint8_t downlink_mode = (flags >> 3) & 0x03; + uint8_t *buf = BigBuf_get_addr(); + uint8_t ret = 0; + uint8_t downlink_mode = (flags >> 3) & 0x03; + uint32_t b1, baseline = 0; // collect baseline for failed attempt uint8_t x = 32; @@ -2190,17 +2240,26 @@ void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) { reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0); } +int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo) { + // Define 9bit header for EM410x tags #define EM410X_HEADER 0x1FF #define EM410X_ID_LENGTH 40 -void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) { + uint32_t clockbits = 0; + if (card == 1) { //t55x7 + clockbits = GetT55xxClockBit(clock); + if (clockbits == 0) { + Dbprintf("Invalid clock rate: %d", clock); + return PM3_EINVARG; + } + } + int i; uint64_t id = EM410X_HEADER; uint64_t rev_id = 0; // reversed ID int c_parity[4]; // column parity int r_parity = 0; // row parity - uint32_t clock = 0; // Reverse ID bits given as parameter (for simpler operations) for (i = 0; i < EM410X_ID_LENGTH; ++i) { @@ -2250,33 +2309,29 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) { // Add stop bit id <<= 1; - Dbprintf("Started writing %s tag ...", card ? "T55x7" : "T5555"); LED_D_ON(); // Write EM410x ID uint32_t data[] = {0, (uint32_t)(id >> 32), (uint32_t)(id & 0xFFFFFFFF)}; - clock = (card & 0xFF00) >> 8; + // default to 64 clock = (clock == 0) ? 64 : clock; Dbprintf("Clock rate: %d", clock); - if (card & 0xFF) { //t55x7 - clock = GetT55xxClockBit(clock); - if (clock == 0) { - Dbprintf("Invalid clock rate: %d", clock); - return; - } - data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT); - } else { //t5555 (Q5) + + if (card == 1) { // T55x7 + data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT); + } else { // T5555 (Q5) data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT); } WriteT55xx(data, 0, 3); - LED_D_OFF(); + LEDsoff(); Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7" : "T5555", (uint32_t)(id >> 32), (uint32_t)id); + return PM3_SUCCESS; } //----------------------------------- diff --git a/armsrc/lfops.h b/armsrc/lfops.h index eb31e54a6..2d76bef48 100644 --- a/armsrc/lfops.h +++ b/armsrc/lfops.h @@ -35,13 +35,17 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c void CmdPSKsimTAG(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); -void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); -void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26 -void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol); -void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); +int lf_hid_watch(int findone, uint32_t *high, uint32_t *low); +int lf_awid_watch(int findone, uint32_t *high, uint32_t *low); // Realtime demodulation mode for AWID26 +int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low); +int lf_io_watch(int findone, uint32_t *high, uint32_t *low); + void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567 + void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5); -void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo); + +int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo); + void T55xxResetRead(uint8_t flags); //id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags); void T55xxWriteBlock(uint8_t *data); diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index f74101573..f77084b3d 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -16,6 +16,7 @@ #include "util.h" #include "lfdemod.h" #include "string.h" // memset +#include "appmain.h" // print stack /* Default LF config is set to: @@ -29,6 +30,12 @@ Default LF config is set to: */ static sample_config config = { 1, 8, 1, LF_DIVISOR_125, 0, 0, 1} ; +// Holds bit packed struct of samples. +static BitstreamOut data = {0, 0, 0}; + +// internal struct to keep track of samples gathered +static sampling_t samples = {0, 0, 0, 0}; + void printConfig(void) { uint32_t d = config.divisor; DbpString(_CYAN_("LF Sampling config")); @@ -38,6 +45,18 @@ void printConfig(void) { Dbprintf(" [a] averaging...........%s", (config.averaging) ? "Yes" : "No"); Dbprintf(" [t] trigger threshold...%d", config.trigger_threshold); Dbprintf(" [s] samples to skip.....%d ", config.samples_to_skip); + + DbpString(_CYAN_("LF Sampling Stack")); + print_stack_usage(); +} + +void printSamples(void) { + DbpString(_CYAN_("LF Sampling memory")); + Dbprintf(" decimation counter.....%d ", samples.dec_counter); + Dbprintf(" sum.....%u ", samples.sum); + Dbprintf(" counter.....%u ", samples.counter); + Dbprintf(" total saved.....%u ", samples.total_saved); + print_stack_usage(); } /** @@ -99,12 +118,6 @@ static void pushBit(BitstreamOut *stream, uint8_t bit) { stream->numbits++; } -// Holds bit packed struct of samples. -static BitstreamOut data = {0, 0, 0}; - -// internal struct to keep track of samples gathered -static sampling_t samples = {0, 0, 0, 0}; - void initSampleBuffer(uint32_t *sample_size) { initSampleBufferEx(sample_size, false); } @@ -116,9 +129,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) { } BigBuf_free(); - // We can't erase the buffer now, it would drastically delay the acquisition - if (use_malloc) { if (*sample_size == 0) { @@ -132,6 +143,8 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) { } else { if (*sample_size == 0) { *sample_size = BigBuf_max_traceLen(); + } else { + *sample_size = MIN(*sample_size, BigBuf_max_traceLen()); } data.buffer = BigBuf_get_addr(); } @@ -139,7 +152,7 @@ void initSampleBufferEx(uint32_t *sample_size, bool use_malloc) { // samples.dec_counter = 0; samples.sum = 0; - samples.counter = 0; + samples.counter = *sample_size; samples.total_saved = 0; } @@ -155,13 +168,13 @@ void logSample(uint8_t sample, uint8_t decimation, uint8_t bits_per_sample, bool if (!data.buffer) return; - if (bits_per_sample == 0) bits_per_sample = 1; + // keep track of total gather samples regardless how many was discarded. + if (samples.counter-- == 0) return; + + if (bits_per_sample == 0) bits_per_sample = 1; if (bits_per_sample > 8) bits_per_sample = 8; if (decimation == 0) decimation = 1; - // keep track of total gather samples regardless how many was discarded. - samples.counter++; - if (avg) { samples.sum += sample; } @@ -222,6 +235,7 @@ void LFSetupFPGAForADC(int divisor, bool reader_field) { // Connect the A/D to the peak-detected low-frequency path. SetAdcMuxFor(GPIO_MUXSEL_LOPKD); + // 50ms for the resonant antenna to settle. if (reader_field) SpinDelay(50); @@ -253,14 +267,19 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in initSampleBuffer(&sample_size); + if (DBGLEVEL >= DBG_DEBUG) { + Dbprintf("lf sampling - after init"); + printSamples(); + } + uint32_t cancel_counter = 0; int16_t checked = 0; - while (!BUTTON_PRESS()) { + while (BUTTON_PRESS() == false) { // only every 1000th times, in order to save time when collecting samples. // interruptible only when logging not yet triggered - if ((checked == 1000) && (trigger_threshold > 0)) { + if ((checked == 4000) && (trigger_threshold > 0)) { if (data_available()) { checked = -1; break; @@ -273,7 +292,6 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in WDT_HIT(); if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { -// AT91C_BASE_SSC->SSC_THR = 0x43; LED_D_ON(); } @@ -305,7 +323,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint8_t bits_per_sample, bool avg, in if (samples.total_saved >= sample_size) break; } } - + if (checked == -1 && verbose) { Dbprintf("lf sampling aborted"); } @@ -396,10 +414,19 @@ void doT55x7Acquisition(size_t sample_size) { bool lowFound = false; uint16_t checker = 0; + + if (DBGLEVEL >= DBG_DEBUG) { + Dbprintf("doT55x7Acquisition - after init"); + print_stack_usage(); + } while (skipCnt < 1000 && (i < bufsize)) { - if (checker == 1000) { - if (BUTTON_PRESS() || data_available()) + + if (BUTTON_PRESS()) + break; + + if (checker == 4000) { + if (data_available()) break; else checker = 0; @@ -461,21 +488,24 @@ void doT55x7Acquisition(size_t sample_size) { void doCotagAcquisition(size_t sample_size) { uint8_t *dest = BigBuf_get_addr(); - uint16_t bufsize = BigBuf_max_traceLen(); - - if (bufsize > sample_size) - bufsize = sample_size; + uint16_t bufsize = MIN(sample_size, BigBuf_max_traceLen()); dest[0] = 0; uint8_t firsthigh = 0, firstlow = 0; - uint16_t i = 0; - uint16_t noise_counter = 0; - - uint16_t checker = 0; + uint16_t i = 0, noise_counter = 0, checker = 0; + + if (DBGLEVEL >= DBG_DEBUG) { + Dbprintf("doCotagAcquisition - after init"); + print_stack_usage(); + } while ((i < bufsize) && (noise_counter < (COTAG_T1 << 1))) { - if (checker == 1000) { - if (BUTTON_PRESS() || data_available()) + + if (BUTTON_PRESS()) + break; + + if (checker == 4000) { + if (data_available()) break; else checker = 0; @@ -529,21 +559,26 @@ void doCotagAcquisition(size_t sample_size) { uint32_t doCotagAcquisitionManchester(void) { uint8_t *dest = BigBuf_get_addr(); - uint16_t bufsize = BigBuf_max_traceLen(); - - if (bufsize > COTAG_BITS) - bufsize = COTAG_BITS; + uint16_t bufsize = MIN(COTAG_BITS, BigBuf_max_traceLen()); dest[0] = 0; uint8_t firsthigh = 0, firstlow = 0; - uint16_t sample_counter = 0, period = 0; uint8_t curr = 0, prev = 0; - uint16_t noise_counter = 0; - uint16_t checker = 0; - + uint16_t sample_counter = 0, period = 0; + uint16_t noise_counter = 0, checker = 0; + + if (DBGLEVEL >= DBG_DEBUG) { + Dbprintf("doCotagAcquisitionManchester - after init"); + print_stack_usage(); + } + while ((sample_counter < bufsize) && (noise_counter < (COTAG_T1 << 1))) { - if (checker == 1000) { - if (BUTTON_PRESS() || data_available()) + + if (BUTTON_PRESS()) + break; + + if (checker == 4000) { + if ( data_available()) break; else checker = 0; diff --git a/armsrc/lfsampling.h b/armsrc/lfsampling.h index 44910316d..9b8c4c6b1 100644 --- a/armsrc/lfsampling.h +++ b/armsrc/lfsampling.h @@ -100,5 +100,6 @@ void setSamplingConfig(sample_config *sc); sample_config *getSamplingConfig(void); void printConfig(void); +void printSamples(void); #endif // __LFSAMPLING_H diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 0de34d58f..565bfba14 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -1,3 +1,9 @@ +# Usage: +# mkdir build +# cd build +# cmake .. (see below for options) +# make (VERBOSE=1 if needed) +# # MINGW: # On ProxSpace 3.4: # cmake -G"MSYS Makefiles" .. @@ -5,7 +11,7 @@ # pacman -S mingw-w64-x86_64-cmake # /mingw64/bin/cmake -G"MSYS Makefiles" .. # -# Android cross-compilation: +# Android cross-compilation: (ANDROID_ABI=arm64-v8a for a 64b version) # cmake \ # -DCMAKE_TOOLCHAIN_FILE=/build/cmake/android.toolchain.cmake \ # -DANDROID_ABI=armeabi-v7a \ @@ -20,6 +26,8 @@ if(CMAKE_VERSION VERSION_LESS "3.7.0") set(CMAKE_INCLUDE_CURRENT_DIR ON) endif() +find_package(PkgConfig) + if (NOT SKIPQT EQUAL 1) if(APPLE AND EXISTS /usr/local/opt/qt5) # Homebrew installs Qt5 (up to at least 5.11.0) in @@ -46,7 +54,6 @@ if (NOT SKIPQT EQUAL 1) endforeach() endif (NOT SKIPQT EQUAL 1) -find_package(PkgConfig) if (NOT SKIPBT EQUAL 1) pkg_search_module(BLUEZ QUIET bluez) endif (NOT SKIPBT EQUAL 1) @@ -56,25 +63,30 @@ if (NOT SKIPPYTHON EQUAL 1) pkg_search_module(PYTHON3EMBED QUIET python3-embed) endif (NOT SKIPPYTHON EQUAL 1) -# If build on android cross, we need to init source and build. -if (ANDROID) - set(CFLAGS_EXTERNAL_LIB CFLAGS=--target=${CMAKE_C_COMPILER_TARGET}) +# If cross-compiled, we need to init source and build. +if (CMAKE_TOOLCHAIN_FILE) + set(CFLAGS_EXTERNAL_LIB "CFLAGS=--target=${CMAKE_C_COMPILER_TARGET} -w") + set(EMBED_READLINE ON) + set(EMBED_BZIP2 ON) +endif (CMAKE_TOOLCHAIN_FILE) + +if (EMBED_READLINE OR EMBED_BZIP2) include(ExternalProject) -endif (ANDROID) +endif (EMBED_READLINE OR EMBED_BZIP2) if (NOT SKIPREADLINE EQUAL 1) if (APPLE) find_path(READLINE_INCLUDE_DIRS readline/readline.h /usr/local/opt/readline/include /opt/local/include /opt/include /usr/local/include /usr/include NO_DEFAULT_PATH) find_library(READLINE_LIBRARIES readline /usr/local/opt/readline/lib /opt/local/lib /opt/lib /usr/local/lib /usr/lib NO_DEFAULT_PATH) endif (APPLE) - if (ANDROID) + if (EMBED_READLINE) ExternalProject_Add(ncurses URL http://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.0.tar.gz PREFIX deps/ncurses DOWNLOAD_DIR ${CMAKE_CURRENT_SOURCE_DIR}/deps/ncurses - CONFIGURE_COMMAND ./configure CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} --host=arm + CONFIGURE_COMMAND ./configure CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} --host=arm --disable-database --with-fallbacks=ansi-generic,ansi-mini,color_xterm,dtterm,dumb,Eterm,Eterm-256color,Eterm-88color,eterm-color,gnome,gnome-256color,guru,hurd,iTerm.app,konsole,konsole-16color,konsole-256color,konsole-base,konsole-linux,konsole-solaris,konsole-vt100,kterm,kterm-color,linux,linux-16color,linux-basic,mac,mlterm,mlterm-256color,mrxvt,mrxvt-256color,mterm,mterm-ansi,mvterm,nsterm,nsterm-16color,nsterm-256color,pty,putty,putty-256color,putty-vt100,rxvt,rxvt-16color,rxvt-256color,rxvt-88color,rxvt-basic,rxvt-color,screen,screen-16color,screen-256color,simpleterm,st-16color,st-256color,st52,st52-color,stv52,tt,tt52,unknown,vt100,vt102,vte,vte-256color,xterm,xterm-16color,xterm-256color,xterm-88color,xterm-basic,xterm-bold,xterm-color,xterm-utf8,xterm-vt220,xterm-vt52,xterm1,xtermc,xtermm --enable-termcap --without-ada --without-debug --without-dlsym --without-gpm --without-develop --without-tests --without-cxx-binding --with-termlib BUILD_IN_SOURCE ON - BUILD_COMMAND make -j2 libs + BUILD_COMMAND make libs INSTALL_COMMAND "" LOG_DOWNLOAD ON ) @@ -86,23 +98,36 @@ if (NOT SKIPREADLINE EQUAL 1) DOWNLOAD_DIR ${CMAKE_CURRENT_SOURCE_DIR}/deps/readline CONFIGURE_COMMAND ./configure CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} --host=arm --enable-static BUILD_IN_SOURCE ON - BUILD_COMMAND make -j2 + BUILD_COMMAND make INSTALL_COMMAND "" LOG_DOWNLOAD ON ) ExternalProject_Add_StepTargets(readline configure build install) set(READLINE_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/) - set(READLINE_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/readline/libreadline.a ${CMAKE_CURRENT_BINARY_DIR}/deps/ncurses/src/ncurses/lib/libncurses.a) - else (ANDROID) + set(READLINE_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/readline/src/readline/libreadline.a ${CMAKE_CURRENT_BINARY_DIR}/deps/ncurses/src/ncurses/lib/libtinfo.a) + else (EMBED_READLINE) find_path(READLINE_INCLUDE_DIRS readline/readline.h) find_library(READLINE_LIBRARIES readline) - endif (ANDROID) + endif (EMBED_READLINE) if (READLINE_INCLUDE_DIRS AND READLINE_LIBRARIES) set(READLINE_FOUND ON) endif (READLINE_INCLUDE_DIRS AND READLINE_LIBRARIES) endif (NOT SKIPREADLINE EQUAL 1) -if(ANDROID) +if (NOT SKIPJANSSONSYSTEM EQUAL 1) + pkg_check_modules(PC_JANSSON QUIET jansson) + find_path(JANSSON_INCLUDE_DIRS + NAMES jansson.h + HINTS ${PC_JANSSON_INCLUDEDIR} ${PC_JANSSON_INCLUDE_DIRS}) + find_library(JANSSON_LIBRARIES + NAMES jansson libjansson + HINTS ${PC_JANSSON_LIBDIR} ${PC_JANSSON_LIBRARY_DIRS}) + if (JANSSON_INCLUDE_DIRS AND JANSSON_LIBRARIES) + set(JANSSON_FOUND ON) + endif (JANSSON_INCLUDE_DIRS AND JANSSON_LIBRARIES) +endif (NOT SKIPJANSSONSYSTEM EQUAL 1) + +if(EMBED_BZIP2) set(BZIP2_BUILD_DIR ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2) ExternalProject_Add(bzip2 GIT_REPOSITORY https://android.googlesource.com/platform/external/bzip2 @@ -118,12 +143,18 @@ if(ANDROID) ExternalProject_Add_StepTargets(bzip2 configure build install) set(BZIP2_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2) set(BZIP2_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2/libbz2.a) -else() - set(BZIP2_LIBRARIES bz2) -endif(ANDROID) -if (BZIP2_LIBRARIES) set(BZIP2_FOUND ON) -endif (BZIP2_LIBRARIES) +else(EMBED_BZIP2) + find_package (BZip2 REQUIRED) +endif(EMBED_BZIP2) + +if (NOT SKIPWHEREAMISYSTEM EQUAL 1) + find_path(WHEREAMI_INCLUDE_DIRS whereami.h) + find_library(WHEREAMI_LIBRARIES whereami) + if (WHEREAMI_INCLUDE_DIRS AND WHEREAMI_LIBRARIES) + set(WHEREAMI_FOUND ON) + endif (WHEREAMI_INCLUDE_DIRS AND WHEREAMI_LIBRARIES) +endif (NOT SKIPWHEREAMISYSTEM EQUAL 1) add_subdirectory(${PM3_ROOT}/client/deps deps) @@ -214,6 +245,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/cmdlfawid.c ${PM3_ROOT}/client/src/cmdlfcotag.c ${PM3_ROOT}/client/src/cmdlfem4x.c + ${PM3_ROOT}/client/src/cmdlfem4x50.c ${PM3_ROOT}/client/src/cmdlffdx.c ${PM3_ROOT}/client/src/cmdlfgallagher.c ${PM3_ROOT}/client/src/cmdlfguard.c @@ -308,6 +340,11 @@ if (NOT SKIPBT EQUAL 1) endif (BLUEZ_FOUND) endif(NOT SKIPBT EQUAL 1) +if (JANSSON_FOUND) + set(ADDITIONAL_DIRS ${JANSSON_INCLUDE_DIRS} ${ADDITIONAL_DIRS}) + set(ADDITIONAL_LNK ${JANSSON_LIBRARIES} ${ADDITIONAL_LNK}) +endif (JANSSON_FOUND) + if (NOT SKIPPYTHON EQUAL 1) if (PYTHON3EMBED_FOUND) add_definitions(-DHAVE_PYTHON) @@ -329,13 +366,17 @@ if (NOT SKIPREADLINE EQUAL 1) set(ADDITIONAL_LNK ${READLINE_LIBRARIES} ${ADDITIONAL_LNK}) endif (READLINE_FOUND) endif(NOT SKIPREADLINE EQUAL 1) + if (BZIP2_FOUND) set(ADDITIONAL_DIRS ${BZIP2_INCLUDE_DIRS} ${ADDITIONAL_DIRS}) set(ADDITIONAL_LNK ${BZIP2_LIBRARIES} ${ADDITIONAL_LNK}) -else (BZIP2_FOUND) - message(FATAL_ERROR "Bzip2 not found") endif (BZIP2_FOUND) +if (WHEREAMI_FOUND) + set(ADDITIONAL_DIRS ${WHEREAMI_INCLUDE_DIRS} ${ADDITIONAL_DIRS}) + set(ADDITIONAL_LNK ${WHEREAMI_LIBRARIES} ${ADDITIONAL_LNK}) +endif (WHEREAMI_FOUND) + message("===================================================================") if (SKIPQT EQUAL 1) message("GUI support: skipped") @@ -357,6 +398,22 @@ else (SKIPBT EQUAL 1) endif (BLUEZ_FOUND) endif(SKIPBT EQUAL 1) +if (EMBED_BZIP2) + message("Bzip2 library: embedded") +else (EMBED_BZIP2) + message("Bzip2 library: system library found") +endif (EMBED_BZIP2) + +if (SKIPJANSSONSYSTEM EQUAL 1) + message("Jansson library: local library forced") +else (SKIPJANSSONSYSTEM EQUAL 1) + if (JANSSON_FOUND) + message("Jansson library: system library found") + else (JANSSON_FOUND) + message("Jansson library: system library not found, using local library") + endif (JANSSON_FOUND) +endif (SKIPJANSSONSYSTEM EQUAL 1) + if (SKIPPYTHON EQUAL 1) message("Python3 library: skipped") else (SKIPPYTHON EQUAL 1) @@ -373,11 +430,25 @@ if (SKIPREADLINE EQUAL 1) message("Readline library: skipped") else (SKIPREADLINE EQUAL 1) if (READLINE_FOUND) - message("Readline library: enabled") + if (EMBED_READLINE) + message("Readline library: embedded") + else (EMBED_READLINE) + message("Readline library: system library found") + endif (EMBED_READLINE) else (READLINE_FOUND) message("Readline library: Readline not found, disabled") endif (READLINE_FOUND) endif(SKIPREADLINE EQUAL 1) + +if (SKIPWHEREAMISYSTEM EQUAL 1) + message("Whereami library: local library forced") +else (SKIPWHEREAMISYSTEM EQUAL 1) + if (WHEREAMI_FOUND) + message("Whereami library: system library found") + else (WHEREAMI_FOUND) + message("Whereami library: system library not found, using local library") + endif (WHEREAMI_FOUND) +endif (SKIPWHEREAMISYSTEM EQUAL 1) message("===================================================================") add_executable(proxmark3 @@ -387,12 +458,14 @@ add_executable(proxmark3 ) target_compile_options(proxmark3 PUBLIC -Wall -Werror -O3) -if (ANDROID) +if (EMBED_READLINE) if (NOT SKIPREADLINE EQUAL 1) add_dependencies(proxmark3 ncurses readline) endif (NOT SKIPREADLINE EQUAL 1) +endif (EMBED_READLINE) +if (EMBED_BZIP2) add_dependencies(proxmark3 bzip2) -endif (ANDROID) +endif (EMBED_BZIP2) if (MINGW) # Mingw uses by default Microsoft printf, we want the GNU printf (e.g. for %z) @@ -421,25 +494,30 @@ endif (NOT APPLE) find_library(pm3rrg_rdv4_cliparser REQUIRED) -find_library(pm3rrg_rdv4_jansson REQUIRED) find_library(pm3rrg_rdv4_tinycbor REQUIRED) find_library(pm3rrg_rdv4_lua REQUIRED) find_library(pm3rrg_rdv4_mbedtls REQUIRED) find_library(pm3rrg_rdv4_reveng REQUIRED) find_library(pm3rrg_rdv4_hardnested REQUIRED) -find_library(pm3rrg_rdv4_whereami REQUIRED) + +if (NOT JANSSON_FOUND) + find_library(pm3rrg_rdv4_jansson REQUIRED) + set(ADDITIONAL_LNK pm3rrg_rdv4_jansson ${ADDITIONAL_LNK}) +endif (NOT JANSSON_FOUND) +if (NOT WHEREAMI_FOUND) + find_library(pm3rrg_rdv4_whereami REQUIRED) + set(ADDITIONAL_LNK pm3rrg_rdv4_whereami ${ADDITIONAL_LNK}) +endif (NOT WHEREAMI_FOUND) target_link_libraries(proxmark3 PRIVATE m pm3rrg_rdv4_mbedtls pm3rrg_rdv4_cliparser - pm3rrg_rdv4_jansson pm3rrg_rdv4_lua pm3rrg_rdv4_tinycbor pm3rrg_rdv4_amiibo pm3rrg_rdv4_reveng pm3rrg_rdv4_hardnested - pm3rrg_rdv4_whereami ${ADDITIONAL_LNK}) if (NOT SKIPPTHREAD EQUAL 1) diff --git a/client/Makefile b/client/Makefile index 3bd059318..a4e8b193d 100644 --- a/client/Makefile +++ b/client/Makefile @@ -439,6 +439,7 @@ SRCS = aidsearch.c \ cmdlfawid.c \ cmdlfcotag.c \ cmdlfem4x.c \ + cmdlfem4x50.c \ cmdlffdx.c \ cmdlfguard.c \ cmdlfgallagher.c \ diff --git a/client/deps/hardnested.cmake b/client/deps/hardnested.cmake index 9efff1445..6ec4f0297 100644 --- a/client/deps/hardnested.cmake +++ b/client/deps/hardnested.cmake @@ -107,6 +107,7 @@ add_library(pm3rrg_rdv4_hardnested STATIC hardnested/hardnested_bruteforce.c $ ${SIMD_TARGETS}) +target_compile_options(pm3rrg_rdv4_hardnested PRIVATE -Wall -Werror -O3) set_property(TARGET pm3rrg_rdv4_hardnested PROPERTY POSITION_INDEPENDENT_CODE ON) target_include_directories(pm3rrg_rdv4_hardnested PRIVATE ../../common diff --git a/client/src/cmddata.c b/client/src/cmddata.c index 007c32c8a..b1f43244b 100644 --- a/client/src/cmddata.c +++ b/client/src/cmddata.c @@ -1593,6 +1593,16 @@ static uint8_t getByte(uint8_t bits_per_sample, BitstreamOut *b) { } int getSamples(uint32_t n, bool verbose) { + return getSamplesEx(0, n, verbose); +} + +int getSamplesEx(uint32_t start, uint32_t end, bool verbose) { + + if (end < start) { + PrintAndLogEx(WARNING, "error, end (%u) is smaller than start (%u)", end, start); + return PM3_EINVARG; + } + //If we get all but the last byte in bigbuf, // we don't have to worry about remaining trash // in the last byte in case the bits-per-sample @@ -1600,13 +1610,16 @@ int getSamples(uint32_t n, bool verbose) { uint8_t got[pm3_capabilities.bigbuf_size - 1]; memset(got, 0x00, sizeof(got)); - if (n == 0 || n > pm3_capabilities.bigbuf_size - 1) + uint32_t n = end - start; + + if (n <= 0 || n > pm3_capabilities.bigbuf_size - 1) n = pm3_capabilities.bigbuf_size - 1; - if (verbose) PrintAndLogEx(INFO, "Reading " _YELLOW_("%u") " bytes from device memory", n); + if (verbose) + PrintAndLogEx(INFO, "Reading " _YELLOW_("%u") " bytes from device memory", n); PacketResponseNG response; - if (!GetFromDevice(BIG_BUF, got, n, 0, NULL, 0, &response, 10000, true)) { + if (!GetFromDevice(BIG_BUF, got, n, start, NULL, 0, &response, 10000, true)) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); return PM3_ETIMEOUT; } @@ -2297,25 +2310,35 @@ static int CmdDataNDEF(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "data ndef", - "Prints NFC Data Exchange Format (NDEF)", - "Usage:\n\tdata ndef -d 9101085402656e48656c6c6f5101085402656e576f726c64\n"); + "Decode and print NFC Data Exchange Format (NDEF)", + "Samples:\n" + _YELLOW_("\tdata ndef -d 9101085402656e48656c6c6f5101085402656e576f726c64\n") + _YELLOW_("\tdata ndef -d 0103d020240203e02c040300fe\n") + ); void *argtable[] = { arg_param_begin, arg_strx0("dD", "data", "", "NDEF data to decode"), + arg_lit0("vV", "verbose", "verbose mode"), arg_param_end }; - CLIExecWithReturn(ctx, Cmd, argtable, true); + CLIExecWithReturn(ctx, Cmd, argtable, false); int datalen = 0; uint8_t data[MAX_NDEF_LEN] = {0}; CLIGetHexWithReturn(ctx, 1, data, &datalen); + bool verbose = arg_get_lit(ctx, 2); + CLIParserFree(ctx); if (datalen == 0) return PM3_EINVARG; - PrintAndLogEx(INFO, "Parsed NDEF Records"); - return NDEFRecordsDecodeAndPrint(data, datalen); + int res = NDEFDecodeAndPrint(data, datalen, verbose); + if (res != PM3_SUCCESS) { + PrintAndLogEx(INFO, "Trying to parse NDEF records w/o NDEF header"); + res = NDEFRecordsDecodeAndPrint(data, datalen); + } + return res; } static command_t CommandTable[] = { diff --git a/client/src/cmddata.h b/client/src/cmddata.h index abef8fde8..acda950a5 100644 --- a/client/src/cmddata.h +++ b/client/src/cmddata.h @@ -72,7 +72,10 @@ void setDemodBuff(uint8_t *buff, size_t size, size_t start_idx); bool getDemodBuff(uint8_t *buff, size_t *size); void save_restoreDB(uint8_t saveOpt);// option '1' to save DemodBuffer any other to restore int AutoCorrelate(const int *in, int *out, size_t len, size_t window, bool SaveGrph, bool verbose); + int getSamples(uint32_t n, bool verbose); +int getSamplesEx(uint32_t start, uint32_t end, bool verbose); + void setClockGrid(uint32_t clk, int offset); int directionalThreshold(const int *in, int *out, size_t len, int8_t up, int8_t down); int AskEdgeDetect(const int *in, int *out, int len, int threshold); diff --git a/client/src/cmdhf.c b/client/src/cmdhf.c index 6b11a30da..26723ca6a 100644 --- a/client/src/cmdhf.c +++ b/client/src/cmdhf.c @@ -46,7 +46,8 @@ static int CmdHelp(const char *Cmd); static int usage_hf_search(void) { PrintAndLogEx(NORMAL, "Usage: hf search"); - PrintAndLogEx(NORMAL, "Will try to find a HF read out of the unknown tag. Stops when found."); + PrintAndLogEx(NORMAL, "Will try to find a HF read out of the unknown tag."); + PrintAndLogEx(NORMAL, "Continues to search for all different HF protocols"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - This help"); PrintAndLogEx(NORMAL, ""); @@ -64,18 +65,21 @@ static int usage_hf_sniff(void) { PrintAndLogEx(NORMAL, " - skip number of triggers"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " hf sniff"); - PrintAndLogEx(NORMAL, " hf sniff 1000 0"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf sniff")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf sniff 1000 0")); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } static int usage_hf_tune(void) { PrintAndLogEx(NORMAL, "Continuously measure HF antenna tuning."); - PrintAndLogEx(NORMAL, "Press button or Enter to interrupt."); + PrintAndLogEx(NORMAL, "Press button or `enter` to interrupt."); PrintAndLogEx(NORMAL, "Usage: hf tune [h] []"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - This help"); PrintAndLogEx(NORMAL, " - number of iterations (default: 0=infinite)"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf tune 1")); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -195,7 +199,7 @@ int CmdHFSearch(const char *Cmd) { int CmdHFTune(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); if (cmdp == 'h') return usage_hf_tune(); - int iter = param_get32ex(Cmd, 0, 0, 10); + int iter = param_get32ex(Cmd, 0, 0, 10); PrintAndLogEx(INFO, "Measuring HF antenna, click " _GREEN_("pm3 button") " or press " _GREEN_("Enter") " to exit"); PacketResponseNG resp; @@ -241,15 +245,68 @@ int CmdHFTune(const char *Cmd) { return PM3_SUCCESS; } +// Collects pars of u8, +// uses 16bit transfers from FPGA for speed +// Takes all available bigbuff memory +// data sample to download? Not sure what we can do with the data. int CmdHFSniff(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); if (cmdp == 'h') return usage_hf_sniff(); - int skippairs = param_get32ex(Cmd, 0, 0, 10); - int skiptriggers = param_get32ex(Cmd, 1, 0, 10); + struct { + uint32_t samplesToSkip; + uint32_t triggersToSkip; + } PACKED params; + + params.samplesToSkip = param_get32ex(Cmd, 0, 0, 10); + params.triggersToSkip = param_get32ex(Cmd, 1, 0, 10); clearCommandBuffer(); - SendCommandMIX(CMD_HF_SNIFF, skippairs, skiptriggers, 0, NULL, 0); + SendCommandNG(CMD_HF_SNIFF, (uint8_t *)¶ms, sizeof(params)); + + for (;;) { + + if (kbd_enter_pressed()) { + SendCommandNG(CMD_BREAK_LOOP, NULL, 0); + PrintAndLogEx(INFO, "User aborted"); + break; + } + + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_HF_SNIFF, &resp, 1000)) { + + if (resp.status == PM3_EOPABORTED) { + PrintAndLogEx(INFO, "Button pressed, user aborted"); + break; + } + if (resp.status == PM3_SUCCESS) { + + struct r { + uint16_t len; + } PACKED; + struct r *retval = (struct r *)resp.data.asBytes; + + PrintAndLogEx(INFO, "HF sniff (%u samples)", retval->len); + + PrintAndLogEx(HINT, "Use `" _YELLOW_("data hpf") "` to remove offset"); + PrintAndLogEx(HINT, "Use `" _YELLOW_("data plot") "` to view"); + PrintAndLogEx(HINT, "Use `" _YELLOW_("data save") "` to save"); + + // download bigbuf_malloc:d. + // it reserve memory from the higher end. + // At the moment, sniff takes all free memory in bigbuff. If this changes, + // we can't start from beginning idx 0 but from that hi-to-start-of-allocated. + uint32_t start = pm3_capabilities.bigbuf_size - retval->len; + int res = getSamplesEx(start, start, false); + if (res != PM3_SUCCESS) { + PrintAndLogEx(WARNING, "failed to download samples to client"); + return res; + } + break; + } + } + } + PrintAndLogEx(INFO, "Done."); return PM3_SUCCESS; } diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index 1050992f0..eb9670b70 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -3560,19 +3560,7 @@ int CmdHF14AMfELoad(const char *Cmd) { } mfu_dump_t *mfu_dump = (mfu_dump_t *)data; - - PrintAndLogEx(INFO, _CYAN_("MFU dump file information")); - PrintAndLogEx(INFO, " version %s", sprint_hex(mfu_dump->version, sizeof(mfu_dump->version))); - PrintAndLogEx(INFO, " tb 0 %s", sprint_hex(mfu_dump->tbo, sizeof(mfu_dump->tbo))); - PrintAndLogEx(INFO, " tb 1 %s", sprint_hex(mfu_dump->tbo1, sizeof(mfu_dump->tbo1))); - for (uint8_t m = 0; m < 3; m++) { - PrintAndLogEx(INFO, " counter %d %s - tearing 0x%02x", m + 1, sprint_hex(mfu_dump->counter_tearing[m], 3), mfu_dump->counter_tearing[m][3]); - } - PrintAndLogEx(INFO, " signature %s", sprint_hex(mfu_dump->signature, sizeof(mfu_dump->signature))); - PrintAndLogEx(INFO, " data %s... (only first 8 bytes showing)", sprint_hex(mfu_dump->data, 8)); - PrintAndLogEx(INFO, " max data page %d, data len %d bytes", mfu_dump->pages, (mfu_dump->pages + 1) * 4); - PrintAndLogEx(INFO, " file header size %d", MFU_DUMP_PREFIX_LENGTH); - PrintAndLogEx(INFO, "----------------------------------------------"); + printMFUdumpEx(mfu_dump, mfu_dump->pages + 1, 0); // update expected blocks to match converted data. if (numBlocks != datalen / 4) { @@ -4557,7 +4545,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { // copy default NDEF key uint8_t akey[6] = {0}; memcpy(akey, g_mifare_ndef_key, 6); - + // user specified key if (keylen == 6) { memcpy(akey, key, 6); @@ -4596,7 +4584,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { for (int i = 0; i < madlen; i++) { if (aaid == mad[i]) { - + uint8_t vsector[16 * 4] = {0}; if (mfReadSector(i + 1, keyB ? MF_KEY_B : MF_KEY_A, akey, vsector)) { PrintAndLogEx(NORMAL, ""); @@ -4623,7 +4611,7 @@ static int CmdHF14AMfMAD(const char *Cmd) { for (int i = 0; i < 4; i ++) PrintAndLogEx(INFO, "[%d] %s", i, sprint_hex(§or0[i * 16], 16)); } - + return PM3_SUCCESS; } @@ -4681,7 +4669,7 @@ static int CmdHFMFNDEF(const char *Cmd) { PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mf ndef -k `") " with your custom key"); return PM3_ESOFT; } - + bool haveMAD2 = false; int res = MADCheck(sector0, NULL, verbose, &haveMAD2); if (res != PM3_SUCCESS) { diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index 7fc0f0bf7..a3c9d195c 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -1400,7 +1400,7 @@ static int CmdHFMFPMAD(const char *Cmd) { for (int i = 0; i < madlen; i++) { if (aaid == mad[i]) { - + uint8_t vsector[16 * 4] = {0}; if (mfReadSector(i + 1, keyB ? MF_KEY_B : MF_KEY_A, akey, vsector)) { PrintAndLogEx(NORMAL, ""); @@ -1472,7 +1472,7 @@ static int CmdHFMFPNDEF(const char *Cmd) { if (verbose) PrintAndLogEx(INFO, "reading MAD v1 sector"); - + if (mfpReadSector(MF_MAD1_SECTOR, MF_KEY_A, (uint8_t *)g_mifarep_mad_key, sector0, verbose)) { PrintAndLogEx(ERR, "error, read sector 0. card don't have MAD or don't have MAD on default keys"); PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mfp ndef -k `") " with your custom key"); @@ -1487,7 +1487,7 @@ static int CmdHFMFPNDEF(const char *Cmd) { } if (haveMAD2) { - + if (verbose) PrintAndLogEx(INFO, "reading MAD v2 sector"); diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 2a361cbb7..a93caf510 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -1694,26 +1694,24 @@ static int CmdHF14AMfURdBl(const char *Cmd) { return 0; } -void printMFUdump(mfu_dump_t *card) { - printMFUdumpEx(card, 255, 0); -} - void printMFUdumpEx(mfu_dump_t *card, uint16_t pages, uint8_t startpage) { - PrintAndLogEx(NORMAL, "\n*special* data\n"); - PrintAndLogEx(NORMAL, "\nDataType | Data | Ascii"); - PrintAndLogEx(NORMAL, "----------+-------------------------+---------"); - PrintAndLogEx(NORMAL, "Version | %s| %s", sprint_hex(card->version, sizeof(card->version)), sprint_ascii(card->version, sizeof(card->version))); - PrintAndLogEx(NORMAL, "TBD | %-24s| %s", sprint_hex(card->tbo, sizeof(card->tbo)), sprint_ascii(card->tbo, sizeof(card->tbo))); - PrintAndLogEx(NORMAL, "TBD | %-24s| %s", sprint_hex(card->tbo1, sizeof(card->tbo1)), sprint_ascii(card->tbo1, sizeof(card->tbo1))); - PrintAndLogEx(NORMAL, "Signature1| %s| %s", sprint_hex(card->signature, 16), sprint_ascii(card->signature, 16)); - PrintAndLogEx(NORMAL, "Signature2| %s| %s", sprint_hex(card->signature + 16, 16), sprint_ascii(card->signature + 16, 16)); + + PrintAndLogEx(INFO, _CYAN_("MFU dump file information")); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, " Version | " _YELLOW_("%s"), sprint_hex(card->version, sizeof(card->version))); + PrintAndLogEx(INFO, " TBD 0 | %s", sprint_hex(card->tbo, sizeof(card->tbo))); + PrintAndLogEx(INFO, " TBD 1 | %s", sprint_hex(card->tbo1, sizeof(card->tbo1))); + PrintAndLogEx(INFO, " Signature | %s", sprint_hex(card->signature, sizeof(card->signature))); for (uint8_t i = 0; i < 3; i ++) { - PrintAndLogEx(NORMAL, "Counter%d | %-24s| %s", i, sprint_hex(card->counter_tearing[i], 3), sprint_ascii(card->counter_tearing[i], 3)); - PrintAndLogEx(NORMAL, "Tearing%d | %-24s| %s", i, sprint_hex(card->counter_tearing[i] + 3, 1), sprint_ascii(card->counter_tearing[i] + 3, 1)); + PrintAndLogEx(INFO, " Counter %d | %s", i, sprint_hex(card->counter_tearing[i], 3)); + PrintAndLogEx(INFO, " Tearing %d | %s", i, sprint_hex(card->counter_tearing[i] + 3, 1)); } - PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); - PrintAndLogEx(NORMAL, "\nBlock# | Data |lck| Ascii"); - PrintAndLogEx(NORMAL, "---------+-------------+---+------"); + + PrintAndLogEx(INFO, "Max data page | " _YELLOW_("%d") " (" _YELLOW_("%d") " bytes)", card->pages - 1, card->pages * 4); + PrintAndLogEx(INFO, " Header size | %d", MFU_DUMP_PREFIX_LENGTH); + PrintAndLogEx(INFO, "-------------------------------------------------------------"); + PrintAndLogEx(INFO, "block# | data |lck| ascii"); + PrintAndLogEx(INFO, "---------+-------------+---+------"); uint8_t j = 0; bool lckbit = false; @@ -1739,12 +1737,12 @@ void printMFUdumpEx(mfu_dump_t *card, uint16_t pages, uint8_t startpage) { for (j = 0; j < 16; j++) { bit_dyn[j] = lockbytes_dyn[j / 8] & (1 << (7 - j % 8)); } - PrintAndLogEx(NORMAL, "DYNAMIC LOCK: %s\n", sprint_hex(lockbytes_dyn, 3)); + PrintAndLogEx(INFO, "DYNAMIC LOCK: %s", sprint_hex(lockbytes_dyn, 3)); } for (uint8_t i = 0; i < pages; ++i) { if (i < 3) { - PrintAndLogEx(NORMAL, "%3d/0x%02X | %s| | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), sprint_ascii(data + i * 4, 4)); + PrintAndLogEx(INFO, "%3d/0x%02X | %s| | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), sprint_ascii(data + i * 4, 4)); continue; } switch (i) { @@ -1838,9 +1836,9 @@ void printMFUdumpEx(mfu_dump_t *card, uint16_t pages, uint8_t startpage) { default: break; } - PrintAndLogEx(NORMAL, "%3d/0x%02X | %s| %d | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), lckbit, sprint_ascii(data + i * 4, 4)); + PrintAndLogEx(INFO, "%3d/0x%02X | %s| %s | %s", i + startpage, i + startpage, sprint_hex(data + i * 4, 4), (lckbit) ? _RED_("1") : "0", sprint_ascii(data + i * 4, 4)); } - PrintAndLogEx(NORMAL, "---------------------------------"); + PrintAndLogEx(INFO, "---------------------------------"); } // diff --git a/client/src/cmdlfawid.c b/client/src/cmdlfawid.c index 36658bbdf..c42c719f0 100644 --- a/client/src/cmdlfawid.c +++ b/client/src/cmdlfawid.c @@ -38,7 +38,7 @@ static int usage_lf_awid_watch(void) { PrintAndLogEx(NORMAL, "Usage: lf awid watch"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf awid watch"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid watch")); return PM3_SUCCESS; } @@ -54,8 +54,8 @@ static int usage_lf_awid_sim(void) { PrintAndLogEx(NORMAL, " : 16|32-bit value card number"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf awid sim 26 224 1337"); - PrintAndLogEx(NORMAL, " lf awid sim 50 2001 13371337"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid sim 26 224 1337")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid sim 50 2001 13371337")); return PM3_SUCCESS; } @@ -72,8 +72,8 @@ static int usage_lf_awid_clone(void) { PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf awid clone 26 224 1337"); - PrintAndLogEx(NORMAL, " lf awid clone 50 2001 13371337"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid clone 26 224 1337")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid clone 50 2001 13371337")); return PM3_SUCCESS; } @@ -92,9 +92,9 @@ static int usage_lf_awid_brute(void) { PrintAndLogEx(NORMAL, " v : verbose logging, show all tries"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf awid brute a 26 f 224"); - PrintAndLogEx(NORMAL, " lf awid brute a 50 f 2001 d 2000"); - PrintAndLogEx(NORMAL, " lf awid brute v a 50 f 2001 c 200 d 2000"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute a 26 f 224")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute a 50 f 2001 d 2000")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute v a 50 f 2001 c 200 d 2000")); return PM3_SUCCESS; } @@ -180,11 +180,17 @@ static void verify_values(uint8_t *fmtlen, uint32_t *fc, uint32_t *cn) { // this read loops on device side. // uses the demod in lfops.c static int CmdAWIDWatch(const char *Cmd) { - uint8_t ctmp = tolower(param_getchar(Cmd, 0)); - if (ctmp == 'h') return usage_lf_awid_watch(); + uint8_t c = tolower(param_getchar(Cmd, 0)); + if (c == 'h') return usage_lf_awid_watch(); + + PrintAndLogEx(SUCCESS, "Watching for AWID cards - place tag on antenna"); + PrintAndLogEx(INFO, "Press pm3-button to stop reading cards"); clearCommandBuffer(); - SendCommandNG(CMD_LF_AWID_DEMOD, NULL, 0); - return PM3_SUCCESS; + SendCommandNG(CMD_LF_AWID_WATCH, NULL, 0); + PacketResponseNG resp; + WaitForResponse(CMD_LF_AWID_WATCH, &resp); + PrintAndLogEx(INFO, "Done"); + return resp.status; } //by marshmellow diff --git a/client/src/cmdlfem4x.c b/client/src/cmdlfem4x.c index ebb3fe2e4..a94882cb6 100644 --- a/client/src/cmdlfem4x.c +++ b/client/src/cmdlfem4x.c @@ -9,6 +9,7 @@ //----------------------------------------------------------------------------- #include "cmdlfem4x.h" +#include "cmdlfem4x50.h" #include #include @@ -44,13 +45,24 @@ static int usage_lf_em410x_demod(void) { PrintAndLogEx(NORMAL, " maxerror - set maximum allowed errors, default = 100."); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf em 410x_demod = demod an EM410x Tag ID from GraphBuffer"); - PrintAndLogEx(NORMAL, " lf em 410x_demod 32 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32"); - PrintAndLogEx(NORMAL, " lf em 410x_demod 32 1 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32 and inverting data"); - PrintAndLogEx(NORMAL, " lf em 410x_demod 1 = demod an EM410x Tag ID from GraphBuffer while inverting data"); - PrintAndLogEx(NORMAL, " lf em 410x_demod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod") " = demod an EM410x Tag ID from GraphBuffer"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 32") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 32 1") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32 and inverting data"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 1") " = demod an EM410x Tag ID from GraphBuffer while inverting data"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 64 1 0") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors"); return PM3_SUCCESS; } +static int usage_lf_em410x_watch(void) { + PrintAndLogEx(NORMAL, "Enables IOProx compatible reader mode printing details of scanned tags."); + PrintAndLogEx(NORMAL, "By default, values are printed and logged until the button is pressed or another USB command is issued."); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf em 410x_watch"); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_watch")); + return PM3_SUCCESS; +} + static int usage_lf_em410x_write(void) { PrintAndLogEx(NORMAL, "Writes EM410x ID to a T55x7 / T5555 (Q5) tag"); PrintAndLogEx(NORMAL, ""); @@ -61,7 +73,7 @@ static int usage_lf_em410x_write(void) { PrintAndLogEx(NORMAL, " - 0|1 T5555 (Q5) / T55x7"); PrintAndLogEx(NORMAL, " - 16|32|40|64, optional, set R/F clock rate, defaults to 64"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf em 410x_write 0F0368568B 1 = write ID to t55x7 card"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_write 0F0368568B 1") " = write ID to t55x7 card"); return PM3_SUCCESS; } static int usage_lf_em410x_ws(void) { @@ -71,7 +83,7 @@ static int usage_lf_em410x_ws(void) { PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf em 410x_spoof"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_spoof")); return PM3_SUCCESS; } static int usage_lf_em410x_sim(void) { @@ -83,8 +95,8 @@ static int usage_lf_em410x_sim(void) { PrintAndLogEx(NORMAL, " uid - uid (10 HEX symbols)"); PrintAndLogEx(NORMAL, " clock - clock (32|64) (optional)"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B"); - PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B 32"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_sim 0F0368568B")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_sim 0F0368568B 32")); return PM3_SUCCESS; } static int usage_lf_em410x_brute(void) { @@ -97,10 +109,10 @@ static int usage_lf_em410x_brute(void) { PrintAndLogEx(NORMAL, " d (2000) - pause delay in milliseconds between UIDs simulation, default 1000 ms (optional)"); PrintAndLogEx(NORMAL, " c (32) - clock (32|64), default 64 (optional)"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt"); - PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt c 32"); - PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000"); - PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000 c 32"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt c 32")); + PrintAndLogEx(NORMAL, _YELLOW_( " lf em 410x_brute ids.txt d 3000")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt d 3000 c 32")); return PM3_SUCCESS; } @@ -138,20 +150,6 @@ static int usage_lf_em4x50_read(void) { PrintAndLogEx(NORMAL, " lf em 4x50_read 1 11223344"); return PM3_SUCCESS; } -static int usage_lf_em4x50_write(void) { - PrintAndLogEx(NORMAL, "Write EM 4x50/4x69. Tag must be on antenna. "); - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h]
"); - PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " h - this help"); - PrintAndLogEx(NORMAL, " address - memory address to write to. (0-15)"); - PrintAndLogEx(NORMAL, " data - data to write (hex)"); - PrintAndLogEx(NORMAL, " pwd - password (hex) (optional)"); - PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de"); - PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de 11223344"); - return PM3_SUCCESS; -} //////////////// 4205 / 4305 commands static int usage_lf_em4x05_dump(void) { @@ -439,16 +437,23 @@ int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose) { return PM3_ESOFT; return AskEm410xDecode(verbose, hi, lo); } -/* + // this read loops on device side. // uses the demod in lfops.c -static int CmdEM410xRead_device(const char *Cmd) { - char cmdp = tolower(param_getchar(Cmd, 0)); - uint8_t findone = (cmdp == '1') ? 1 : 0; - SendCommandMIX(CMD_LF_EM410X_DEMOD, findone, 0, 0, NULL, 0); - return PM3_SUCCESS; +static int CmdEM410xWatch(const char *Cmd) { + uint8_t c = tolower(param_getchar(Cmd, 0)); + if (c == 'h') return usage_lf_em410x_watch(); + + PrintAndLogEx(SUCCESS, "Watching for EM410x cards - place tag on antenna"); + PrintAndLogEx(INFO, "Press pm3-button to stop reading cards"); + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM410X_WATCH, NULL, 0); + PacketResponseNG resp; + WaitForResponse(CMD_LF_EM410X_WATCH, &resp); + PrintAndLogEx(INFO, "Done"); + return resp.status; } -*/ + //by marshmellow //takes 3 arguments - clock, invert and maxErr as integers //attempts to demodulate ask while decoding manchester @@ -608,30 +613,6 @@ static int CmdEM410xBrute(const char *Cmd) { return PM3_SUCCESS; } -/* Function is equivalent of lf read + data samples + em410xread - * looped until an EM410x tag is detected - * - * Why is CmdSamples("16000")? - * TBD: Auto-grow sample size based on detected sample rate. IE: If the - * rate gets lower, then grow the number of samples - * Changed by martin, 4000 x 4 = 16000, - * see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235 - * - * EDIT -- capture enough to get 2 complete preambles at the slowest data rate known to be used (rf/64) (64*64*2+9 = 8201) marshmellow -*/ -static int CmdEM410xWatch(const char *Cmd) { - (void)Cmd; // Cmd is not used so far - do { - if (kbd_enter_pressed()) { - PrintAndLogEx(WARNING, "\naborted via keyboard!\n"); - break; - } - lf_read(false, 12288); - - } while (CmdEM410xRead("") != PM3_SUCCESS); - return PM3_SUCCESS; -} - //currently only supports manchester modulations static int CmdEM410xWatchnSpoof(const char *Cmd) { @@ -649,29 +630,26 @@ static int CmdEM410xWrite(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); if (cmdp == 0x00 || cmdp == 'h') return usage_lf_em410x_write(); - uint64_t id = 0xFFFFFFFFFFFFFFFF; // invalid id value - int card = 0xFF; // invalid card value - uint32_t clock1 = 0; // invalid clock value - - sscanf(Cmd, "%" SCNx64 " %d %d", &id, &card, &clock1); + uint64_t id = param_get64ex(Cmd, 0, -1, 16); + uint8_t card = param_get8ex(Cmd, 1, 0xFF, 10); + uint8_t clock1 = param_get8ex(Cmd, 2, 0, 10); // Check ID if (id == 0xFFFFFFFFFFFFFFFF) { - PrintAndLogEx(ERR, "Error! ID is required.\n"); + PrintAndLogEx(ERR, "error, ID is required\n"); + usage_lf_em410x_write(); return PM3_EINVARG; } if (id >= 0x10000000000) { - PrintAndLogEx(ERR, "Error! Given EM410x ID is longer than 40 bits.\n"); + PrintAndLogEx(ERR, "error, given EM410x ID is longer than 40 bits\n"); + usage_lf_em410x_write(); return PM3_EINVARG; } // Check Card - if (card == 0xFF) { - PrintAndLogEx(ERR, "Error! Card type required.\n"); - return PM3_EINVARG; - } - if (card < 0) { - PrintAndLogEx(ERR, "Error! Bad card type selected.\n"); + if (card > 1) { + PrintAndLogEx(FAILED, "error, bad card type selected\n"); + usage_lf_em410x_write(); return PM3_EINVARG; } @@ -681,29 +659,51 @@ static int CmdEM410xWrite(const char *Cmd) { // Allowed clock rates: 16, 32, 40 and 64 if ((clock1 != 16) && (clock1 != 32) && (clock1 != 64) && (clock1 != 40)) { - PrintAndLogEx(ERR, "Error! Clock rate" _YELLOW_("%d")" not valid. Supported clock rates are 16, 32, 40 and 64.\n", clock1); + PrintAndLogEx(ERR, "error, clock rate" _RED_("%d")" not valid"); + PrintAndLogEx(INFO, "supported clock rates: " _YELLOW_("16, 32, 40, 60") "\n", clock1); + usage_lf_em410x_write(); return PM3_EINVARG; } if (card == 1) { - PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 " (clock rate: %d)", "T55x7", id, clock1); + PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 " (clock rate: %d)", _GREEN_("T55x7"), id, clock1); // NOTE: We really should pass the clock in as a separate argument, but to // provide for backwards-compatibility for older firmware, and to avoid // having to add another argument to CMD_LF_EM410X_WRITE, we just store // the clock rate in bits 8-15 of the card value - card = (card & 0xFF) | ((clock1 << 8) & 0xFF00); } else if (card == 0) { - PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 "(clock rate: %d)", "T5555", id, clock1); - card = (card & 0xFF) | ((clock1 << 8) & 0xFF00); - } else { - PrintAndLogEx(FAILED, "Error! Bad card type selected.\n"); - return PM3_ESOFT; + PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 "(clock rate: %d)", _GREEN_("T5555"), id, clock1); } + + struct { + uint8_t card; + uint8_t clock; + uint32_t high; + uint32_t low; + } PACKED params; - SendCommandMIX(CMD_LF_EM410X_WRITE, card, (uint32_t)(id >> 32), (uint32_t)id, NULL, 0); - PrintAndLogEx(SUCCESS, "Done"); - PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 410x_read`") " to verify"); - return PM3_SUCCESS; + params.card = card; + params.clock = clock1; + params.high = (uint32_t)(id >> 32); + params.low = (uint32_t)id; + + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM410X_WRITE, (uint8_t *)¶ms, sizeof(params)); + + PacketResponseNG resp; + WaitForResponse(CMD_LF_EM410X_WRITE, &resp); + switch(resp.status) { + case PM3_SUCCESS: { + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 410x_read`") " to verify"); + break; + } + default: { + PrintAndLogEx(WARNING, "Something went wrong"); + break; + } + } + return resp.status; } //**************** Start of EM4x50 Code ************************ @@ -1014,7 +1014,7 @@ int EM4x50Read(const char *Cmd, bool verbose) { PrintAndLogEx(INFO, "%03d | %08x", block, Code[block]); } PrintAndLogEx(INFO, "----+--------------"); - PrintAndLogEx( (AllPTest) ? SUCCESS : WARNING, "Parities checks | %s", (AllPTest) ? _GREEN_("Passed") : _RED_("Fail")); + PrintAndLogEx((AllPTest) ? SUCCESS : WARNING, "Parities checks | %s", (AllPTest) ? _GREEN_("Passed") : _RED_("Fail")); if (AllPTest == false) { PrintAndLogEx(HINT, "Try cleaning the read samples with " _YELLOW_("'data askedge'")); @@ -1035,19 +1035,10 @@ static int CmdEM4x50Demod(const char *Cmd) { static int CmdEM4x50Read(const char *Cmd) { uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 'h') return usage_lf_em4x50_read(); + lf_read(false, 24000); return EM4x50Read(Cmd, true); } -static int CmdEM4x50Write(const char *Cmd) { - uint8_t ctmp = tolower(param_getchar(Cmd, 0)); - if (ctmp == 'h') return usage_lf_em4x50_write(); - PrintAndLogEx(NORMAL, "no implemented yet"); -// -// PrintAndLogEx(SUCCESS, "Done"); -// PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 4x50_read`") " to verify"); - return PM3_SUCCESS; -} - static int CmdEM4x50Dump(const char *Cmd) { uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 'h') return usage_lf_em4x50_dump(); @@ -1745,6 +1736,7 @@ static int CmdEM4x05Info(const char *Cmd) { static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("EM 410x") " -----------------------"}, //{"410x_demod", CmdEMdemodASK, IfPm3Lf, "Extract ID from EM410x tag on antenna)"}, {"410x_demod", CmdEM410xDemod, AlwaysAvailable, "demodulate a EM410x tag from the GraphBuffer"}, {"410x_read", CmdEM410xRead, IfPm3Lf, "attempt to read and extract tag data"}, @@ -1753,18 +1745,20 @@ static command_t CommandTable[] = { {"410x_watch", CmdEM410xWatch, IfPm3Lf, "watches for EM410x 125/134 kHz tags (option 'h' for 134)"}, {"410x_spoof", CmdEM410xWatchnSpoof, IfPm3Lf, "watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)" }, {"410x_write", CmdEM410xWrite, IfPm3Lf, "write EM410x UID to T5555(Q5) or T55x7 tag"}, - + {"----------", CmdHelp, AlwaysAvailable, "-------------------- " _CYAN_("EM 4x05 / 4x69") " -------------------"}, {"4x05_demod", CmdEM4x05Demod, AlwaysAvailable, "demodulate a EM4x05/EM4x69 tag from the GraphBuffer"}, {"4x05_dump", CmdEM4x05Dump, IfPm3Lf, "dump EM4x05/EM4x69 tag"}, {"4x05_wipe", CmdEM4x05Wipe, IfPm3Lf, "wipe EM4x05/EM4x69 tag"}, {"4x05_info", CmdEM4x05Info, IfPm3Lf, "tag information EM4x05/EM4x69"}, {"4x05_read", CmdEM4x05Read, IfPm3Lf, "read word data from EM4x05/EM4x69"}, {"4x05_write", CmdEM4x05Write, IfPm3Lf, "write word data to EM4x05/EM4x69"}, - + {"----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("EM 4x50") " -----------------------"}, {"4x50_demod", CmdEM4x50Demod, AlwaysAvailable, "demodulate a EM4x50 tag from the GraphBuffer"}, {"4x50_dump", CmdEM4x50Dump, IfPm3Lf, "dump EM4x50 tag"}, {"4x50_read", CmdEM4x50Read, IfPm3Lf, "read word data from EM4x50"}, + {"4x50_info", CmdEM4x50Info, IfPm3Lf, "read complete data from EM4x50"}, {"4x50_write", CmdEM4x50Write, IfPm3Lf, "write word data to EM4x50"}, + {"4x50_write_password", CmdEM4x50WritePassword, IfPm3Lf, "change passwword of EM4x50 tag"}, {NULL, NULL, NULL, NULL} }; diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c new file mode 100644 index 000000000..1f4420c5b --- /dev/null +++ b/client/src/cmdlfem4x50.c @@ -0,0 +1,663 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2020 tharexde +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency EM4x50 commands +//----------------------------------------------------------------------------- + +#include "cmdlfem4x50.h" +#include +#include "fileutils.h" +#include "comms.h" +#include "commonutil.h" +#include "em4x50.h" + +#define EM4X50_NO_WORDS 34 + +// special words +#define EM4X50_DEVICE_PASSWORD 0 +#define EM4X50_PROTECTION 1 +#define EM4X50_CONTROL 2 +#define EM4X50_DEVICE_SERIAL 32 +#define EM4X50_DEVICE_ID 33 + +// control word (word = 4 bytes) +#define FIRST_WORD_READ 0 // first byte +#define LAST_WORD_READ 1 // second byte +#define CONFIG_BLOCK 2 // third byte +#define PASSWORD_CHECK 0x80 // first bit in third byte +#define READ_AFTER_WRITE 0x40 // second bit in third byte + +// protection word +#define FIRST_WORD_READ_PROTECTED 0 // first byte +#define LAST_WORD_READ_PROTECTED 1 // second byte +#define FIRST_WORD_WRITE_INHIBITED 2 // third byte +#define LAST_WORD_WRITE_INHIBITED 3 // fourth byte + +// misc +#define STATUS_SUCCESS 0x2 +#define STATUS_LOGIN 0x1 +#define NO_CHARS_MAX 400 + +int usage_lf_em4x50_info(void) { + PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna."); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_info [h] [v] [p ]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, " v - verbose output"); + PrintAndLogEx(NORMAL, " p - password (hex) (optional)"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " lf em 4x50_info"); + PrintAndLogEx(NORMAL, " lf em 4x50_info p fa225de1\n"); + PrintAndLogEx(NORMAL, " lf em 4x50_info v p fa225de1\n"); + return PM3_SUCCESS; +} +int usage_lf_em4x50_write(void) { + PrintAndLogEx(NORMAL, "Write EM4x50 word. Tag must be on antenna. "); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] a
w "); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, " a - memory address to write to (dec)"); + PrintAndLogEx(NORMAL, " w - word to write (hex)"); + PrintAndLogEx(NORMAL, " p - password (hex) (optional)"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " lf em 4x50_write a 3 w deadc0de"); + return PM3_SUCCESS; +} +int usage_lf_em4x50_write_password(void) { + PrintAndLogEx(NORMAL, "Write EM4x50 password. Tag must be on antenna. "); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write_password [h] p n "); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, " p - password (hex)"); + PrintAndLogEx(NORMAL, " n - new password (hex)"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " lf em 4x50_write_password p 11223344 n 01020304"); + return PM3_SUCCESS; +} + +static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) { + + // restructure received result in "em4x50_word_t" structure and check all + // parities including stop bit; result of each check is stored in structure + + int p = 0, c[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + + for (int i = fwr; i <= lwr; i++) { + + words[i].stopparity = true; + words[i].parity = true; + + for (int j = 0; j < 8; j++) + c[j] = 0; + + for (int j = 0; j < 4; j++) { + words[i].byte[j] = byte[i*7+j]; + words[i].row_parity[j] = (byte[i*7+4] >> (3-j)) & 1; + + // collect parities + p = 0; + + for (int k = 0; k < 8; k++) { + + // row parity + p ^= (words[i].byte[j] >> k) & 1; + + // column parity + c[k] ^= (words[i].byte[j] >> (7-k)) & 1; + } + + // check row parities + words[i].rparity[j] = (words[i].row_parity[j] == p) ? true : false; + + if (!words[i].rparity[j]) + words[i].parity = false; + } + + // check column parities + words[i].col_parity = byte[i*7+5] ; + + for (int j = 0; j < 8; j++) { + words[i].cparity[j] = (((words[i].col_parity >> (7-j)) & 1) == c[j]) ? true : false; + + if (!words[i].cparity[j]) + words[i].parity = false; + } + + // check stop bit + words[i].stopbit = byte[i*7+6] & 1; + + if (words[i].stopbit == 1) + words[i].stopparity = false; + + } +} + +static void print_bit_table(const em4x50_word_t word) { + + // generate output in table form for each word including parities, stop + // bit, result of parity checks and hex notation of each row in msb/lsb + // notation + // individual parity errors will be highlighted in red + + int bit = 0; + char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0}; + + // print binary data + for (int j = 0; j < 4; j++) { + + strcat(string, " "); + + // lsb notation + for (int k = 0; k < 8; k++) { + sprintf(pstring, "%i", (word.byte[j] >> (7-k)) & 1); + strcat(string, pstring); + } + + strcat(string, " | "); + + // binary row parities + hex bytes of word + sprintf(pstring, (word.rparity[j]) ? "%i" : _RED_("%i"), word.row_parity[j]); + strcat(string, pstring); + + if (j == 0) + sprintf(pstring, " msb: 0x%02x lsb: 0x%02x", word.byte[j], reflect8(word.byte[j])); + else + sprintf(pstring, " 0x%02x 0x%02x", word.byte[j], reflect8(word.byte[j])); + + strcat(string, pstring); + PrintAndLogEx(NORMAL,string); + + string[0] = '\0'; + } + + strcat(string, " ------------ --------------------\n "); + + // binary column parities + for (int k = 0; k < 8; k++) { + + bit = (word.col_parity >> (7-k)) & 1; + + // if column parity is false -> highlight bit in red + sprintf(pstring, (word.cparity[k]) ? "%i" : _RED_("%i"), bit); + strcat(string, pstring); + } + + // binary stop bit + strcat(string, " | "); + sprintf(pstring, (word.stopparity) ? "%i" : _RED_("%i"), word.stopbit); + strcat(pstring, " parities "); + strcat(string, pstring); + + // parities passed/failed + sprintf(pstring, (word.parity) ? _GREEN_("ok") : _RED_("failed")); + strcat(string, pstring); + + PrintAndLogEx(NORMAL,string); + + string[0] = '\0'; +} + +static void print_result(const em4x50_word_t *words, int fwr, int lwr) { + + // print available information for given word from fwr to lwr, i.e. + // bit table + summary lines with hex notation of word (msb + lsb) + + char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0}; + + for (int i = fwr; i <= lwr; i++) { + + // blank line before each bit table + PrintAndLogEx(NORMAL, ""); + + // print bit table + print_bit_table(words[i]); + + // final result + sprintf(pstring, "\n word[%i] msb: " _GREEN_("0x"), i); + strcat(string, pstring); + + for (int j = 0; j < 4; j++) { + sprintf(pstring, _GREEN_("%02x"), words[i].byte[j]); + strcat(string, pstring); + } + + sprintf(pstring, "\n word[%i] lsb: 0x", i); + strcat(string, pstring); + + for (int j = 0; j < 4; j++) { + sprintf(pstring, "%02x", reflect8(words[i].byte[3-j])); + strcat(string, pstring); + } + + PrintAndLogEx(NORMAL,string); + + string[0] = '\0'; + } +} + +static void print_info_result(PacketResponseNG *resp, const em4x50_data_t *etd, bool bverbose) { + + // display all information of info result in structured format + + uint8_t *data = resp->data.asBytes; + em4x50_word_t words[EM4X50_NO_WORDS]; + char pstring[NO_CHARS_MAX] = {0}, string[NO_CHARS_MAX] = {0}; + + bool bpwd_given = etd->pwd_given; + bool bsuccess = resp->status & STATUS_SUCCESS; + bool blogin = resp->status & STATUS_LOGIN; + + prepare_result(data, 0, EM4X50_NO_WORDS - 1, words); + + bool bpwc = words[EM4X50_CONTROL].byte[CONFIG_BLOCK] & PASSWORD_CHECK; + bool braw = words[EM4X50_CONTROL].byte[CONFIG_BLOCK] & READ_AFTER_WRITE; + int fwr = reflect8(words[EM4X50_CONTROL].byte[FIRST_WORD_READ]); + int lwr = reflect8(words[EM4X50_CONTROL].byte[LAST_WORD_READ]); + int fwrp = reflect8(words[EM4X50_PROTECTION].byte[FIRST_WORD_READ_PROTECTED]); + int lwrp = reflect8(words[EM4X50_PROTECTION].byte[LAST_WORD_READ_PROTECTED]); + int fwwi = reflect8(words[EM4X50_PROTECTION].byte[FIRST_WORD_WRITE_INHIBITED]); + int lwwi = reflect8(words[EM4X50_PROTECTION].byte[LAST_WORD_WRITE_INHIBITED]); + + // data section + PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 data:")); + + if (bverbose) { + + // detailed data section + print_result(words, 0, EM4X50_NO_WORDS - 1); + + } else { + + // condensed data section + for (int i = 0; i < EM4X50_NO_WORDS; i++) { + + sprintf(pstring, " word[%2i]: ", i); + strcat(string, pstring); + + for (int j = 0; j < 4; j++) { + sprintf(pstring, "%02x", words[i].byte[j]); + strcat(string, pstring); + } + + switch(i) { + case EM4X50_DEVICE_PASSWORD: + sprintf(pstring, _YELLOW_(" password, write only")); + break; + case EM4X50_PROTECTION: + sprintf(pstring, _YELLOW_(" protection word, write inhibited")); + break; + case EM4X50_CONTROL: + sprintf(pstring, _YELLOW_(" control word, write inhibited")); + break; + case EM4X50_DEVICE_SERIAL: + sprintf(pstring, _YELLOW_(" device serial number, read only")); + break; + case EM4X50_DEVICE_ID: + sprintf(pstring, _YELLOW_(" device identification, read only")); + break; + default: + sprintf(pstring, " user data"); + break; + } + + strcat(string, pstring); + PrintAndLogEx(NORMAL,"%s", string); + string[0] = '\0'; + } + } + + // configuration section + PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 configuration")); + PrintAndLogEx(NORMAL," control: | protection:"); + + sprintf(pstring, " first word read: %3i |", fwr); + strcat(string, pstring); + sprintf(pstring, " first word read protected: %3i", fwrp); + strcat(string, pstring); + PrintAndLogEx(NORMAL,"%s", string); + string[0] = '\0'; + + sprintf(pstring, " last word read: %3i |", lwr); + strcat(string, pstring); + sprintf(pstring, " last word read protected: %3i", lwrp); + strcat(string, pstring); + PrintAndLogEx(NORMAL,"%s", string); + string[0] = '\0'; + + sprintf(pstring, " password check: %3s |", (bpwc) ? "on" : "off"); + strcat(string, pstring); + sprintf(pstring, " first word write inhibited: %3i", fwwi); + strcat(string, pstring); + PrintAndLogEx(NORMAL,"%s", string); + string[0] = '\0'; + + sprintf(pstring, " read after write: %3s |", (braw) ? "on" : "off"); + strcat(string, pstring); + sprintf(pstring, " last word write inhibited: %3i", lwwi); + strcat(string, pstring); + PrintAndLogEx(NORMAL,"%s", string); + string[0] = '\0'; + + PrintAndLogEx(NORMAL, "\n zero values may indicate read protection!"); + + // status line + sprintf(pstring, " reading "); + strcat(string, pstring); + + if (!bsuccess) { + + sprintf(pstring, _RED_("failed")); + strcat(string, pstring); + + } else { + + sprintf(pstring, _GREEN_("ok ")); + strcat(string, pstring); + + if (blogin) { + + if (bpwd_given) { + + sprintf(pstring, "(login with password 0x%02x%02x%02x%02x)", + etd->password[0], etd->password[1], + etd->password[2], etd->password[3]); + strcat(string, pstring); + + } else { + + sprintf(pstring, "(login with default password 0x00000000)"); + strcat(string, pstring); + + } + + } else { + + if (bpwd_given) { + + sprintf(pstring, "(login failed)"); + strcat(string, pstring); + + } else { + + sprintf(pstring, "(no login)"); + strcat(string, pstring); + + } + } + + } + + PrintAndLogEx(NORMAL,"%s\n", string); +} + +int CmdEM4x50Info(const char *Cmd) { + + // envoke reading of a EM4x50 tag which has to be on the antenna because + // decoding is done by the device (not on client side) + + bool errors = false, verbose = false, success = false; + uint8_t cmdp = 0; + em4x50_data_t etd; + PacketResponseNG resp; + + // init + etd.pwd_given = false; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch (tolower(param_getchar(Cmd, cmdp))) { + + case 'h': + return usage_lf_em4x50_info(); + + case 'p': + if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) { + PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + etd.pwd_given = true; + cmdp += 2; + break; + + case 'v': + verbose = true; + cmdp += 1; + break; + + default: + PrintAndLogEx(WARNING, " Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + // validation + if (errors) + return usage_lf_em4x50_info(); + + // call info command + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM4X50_INFO, (uint8_t *)&etd, sizeof(etd)); + + + // get result + if (!WaitForResponse(CMD_ACK, &resp)) { + PrintAndLogEx(WARNING, " timeout while waiting for reply."); + return PM3_ETIMEOUT; + } + + // print result + print_info_result(&resp, &etd, verbose); + + success = resp.status & STATUS_SUCCESS; + return (success) ? PM3_SUCCESS : PM3_ESOFT; +} + +static void print_write_result(PacketResponseNG *resp, const em4x50_data_t *etd) { + + // display result of writing operation in structured format + + bool pwd_given = etd->pwd_given; + bool success = resp->status & STATUS_SUCCESS; + bool login = resp->status & STATUS_LOGIN; + uint8_t *data = resp->data.asBytes; + char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0}; + em4x50_word_t word; + + if (!success) { + + sprintf(pstring, "\n writing " _RED_("failed")); + strcat(string, pstring); + + } else { + + prepare_result(data, etd->address, etd->address, &word); + print_result(&word, etd->address, etd->address); + + sprintf(pstring, "\n writing " _GREEN_("ok ")); + strcat(string, pstring); + + if (pwd_given) { + + if (login) { + sprintf(pstring, "(login with password 0x%02x%02x%02x%02x)", + etd->password[0], etd->password[1], + etd->password[2], etd->password[3]); + strcat(string, pstring); + } else { + sprintf(pstring, "(login failed)"); + strcat(string, pstring); + } + + } else { + sprintf(pstring, "(no login)"); + strcat(string, pstring); + } + } + + PrintAndLogEx(NORMAL,"%s\n", string); +} + +int CmdEM4x50Write(const char *Cmd) { + + // envoke writing a single word (32 bit) to a EM4x50 tag + + bool errors = false, bword = false, baddr = false, success = false; + uint8_t cmdp = 0; + em4x50_data_t etd; + PacketResponseNG resp; + + // init + etd.pwd_given = false; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_em4x50_write(); + + case 'p': + if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) { + PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + etd.pwd_given = true; + cmdp += 2; + break; + + case 'w': + if (param_gethex(Cmd, cmdp + 1, etd.word, 8)) { + PrintAndLogEx(FAILED, "\n word has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + bword = true; + cmdp += 2; + break; + + case 'a': + param_getdec(Cmd, cmdp + 1, &etd.address); + + // validation + if (etd.address < 1 || etd.address > 31) { + PrintAndLogEx(FAILED, "\n error, address has to be in range [1-31]\n"); + return PM3_EINVARG; + } + baddr = true; + cmdp += 2; + break; + + default: + PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (errors || !bword || !baddr) + return usage_lf_em4x50_write(); + + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM4X50_WRITE, (uint8_t *)&etd, sizeof(etd)); + + + if (!WaitForResponse(CMD_ACK, &resp)) { + PrintAndLogEx(WARNING, "\n timeout while waiting for reply.\n"); + return PM3_ETIMEOUT; + } + + // get, prepare and print response + print_write_result(&resp, &etd); + + success = resp.status & STATUS_SUCCESS; + return (success) ? PM3_SUCCESS : PM3_ESOFT; +} + +static void print_write_password_result(PacketResponseNG *resp, const em4x50_data_t *etd) { + + // display result of password changing operation + + bool success = resp->status; + char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0}; + + if (!success) { + + sprintf(pstring, "\n writing new password " _RED_("failed")); + strcat(string, pstring); + + } else { + + sprintf(pstring, "\n writing new password " _GREEN_("ok")); + strcat(string, pstring); + } + + PrintAndLogEx(NORMAL,"%s\n", string); +} + +int CmdEM4x50WritePassword(const char *Cmd) { + + // envokes changing the password of EM4x50 tag + + bool errors = false, bpwd = false, bnpwd = false; + uint8_t cmdp = 0; + em4x50_data_t etd; + PacketResponseNG resp; + + // init + etd.pwd_given = false; + etd.newpwd_given = false; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_em4x50_write_password(); + + case 'p': + if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) { + PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + bpwd = true; + etd.pwd_given = true; + cmdp += 2; + break; + + case 'n': + if (param_gethex(Cmd, cmdp + 1, etd.new_password, 8)) { + PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + bnpwd = true; + etd.newpwd_given = true; + cmdp += 2; + break; + + default: + PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (errors || !bpwd || !bnpwd) + return usage_lf_em4x50_write_password(); + + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM4X50_WRITE_PASSWORD, (uint8_t *)&etd, sizeof(etd)); + + if (!WaitForResponse(CMD_ACK, &resp)) { + PrintAndLogEx(WARNING, "\n timeout while waiting for reply.\n"); + return PM3_ETIMEOUT; + } + + // get, prepare and print response + print_write_password_result(&resp, &etd); + + return ((bool)resp.status) ? PM3_SUCCESS : PM3_ESOFT; +} diff --git a/client/src/cmdlfem4x50.h b/client/src/cmdlfem4x50.h new file mode 100644 index 000000000..732d05d5b --- /dev/null +++ b/client/src/cmdlfem4x50.h @@ -0,0 +1,22 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2020 tharexde +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency EM4x50 commands +//----------------------------------------------------------------------------- + +#ifndef CMDLFEM4X50_H__ +#define CMDLFEM4X50_H__ + +int usage_lf_em4x50_info(void); +int usage_lf_em4x50_write(void); +int usage_lf_em4x50_write_password(void); + +int CmdEM4x50Info(const char *Cmd); +int CmdEM4x50Write(const char *Cmd); +int CmdEM4x50WritePassword(const char *Cmd); + +#endif diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 5c88c881b..83a97c41d 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -264,13 +264,17 @@ static int CmdHIDRead(const char *Cmd) { // this read loops on device side. // uses the demod in lfops.c static int CmdHIDWatch(const char *Cmd) { - uint8_t ctmp = tolower(param_getchar(Cmd, 0)); - if (ctmp == 'h') return usage_lf_hid_watch(); + uint8_t c = tolower(param_getchar(Cmd, 0)); + if (c == 'h') return usage_lf_hid_watch(); + + PrintAndLogEx(SUCCESS, "Watching for HID Prox cards - place tag on antenna"); + PrintAndLogEx(INFO, "Press pm3-button to stop reading cards"); clearCommandBuffer(); - SendCommandNG(CMD_LF_HID_DEMOD, NULL, 0); - PrintAndLogEx(SUCCESS, "Watching for new HID cards - place tag on antenna"); - PrintAndLogEx(INFO, "Press pm3-button to stop reading new cards"); - return PM3_SUCCESS; + SendCommandNG(CMD_LF_HID_WATCH, NULL, 0); + PacketResponseNG resp; + WaitForResponse(CMD_LF_HID_WATCH, &resp); + PrintAndLogEx(INFO, "Done"); + return resp.status; } static int CmdHIDSim(const char *Cmd) { diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index b05405465..bce0e83a6 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -584,7 +584,7 @@ static int CmdLFHitagReader(const char *Cmd) { clearCommandBuffer(); SendCommandMIX(cmd, htf, 0, 0, &htd, sizeof(htd)); PacketResponseNG resp; - if (!WaitForResponseTimeout(CMD_ACK, &resp, 4000)) { + if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); return PM3_ETIMEOUT; } diff --git a/client/src/cmdlfio.c b/client/src/cmdlfio.c index e93a7cde3..92f914059 100644 --- a/client/src/cmdlfio.c +++ b/client/src/cmdlfio.c @@ -36,7 +36,7 @@ static int usage_lf_io_watch(void) { PrintAndLogEx(NORMAL, "Usage: lf io watch"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf io watch"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf io watch")); return PM3_SUCCESS; } @@ -52,7 +52,7 @@ static int usage_lf_io_sim(void) { PrintAndLogEx(NORMAL, " : 16bit value card number (decimal)"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf io sim 26 101 1337"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf io sim 26 101 1337")); return PM3_SUCCESS; } @@ -69,18 +69,24 @@ static int usage_lf_io_clone(void) { PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf io clone 26 101 1337"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf io clone 26 101 1337")); return PM3_SUCCESS; } // this read loops on device side. // uses the demod in lfops.c static int CmdIOProxWatch(const char *Cmd) { - uint8_t ctmp = tolower(param_getchar(Cmd, 0)); - if (ctmp == 'h') return usage_lf_io_watch(); + uint8_t c = tolower(param_getchar(Cmd, 0)); + if (c == 'h') return usage_lf_io_watch(); + + PrintAndLogEx(SUCCESS, "Watching for IO Prox cards - place tag on antenna"); + PrintAndLogEx(INFO, "Press pm3-button to stop reading cards"); clearCommandBuffer(); - SendCommandNG(CMD_LF_IO_DEMOD, NULL, 0); - return PM3_SUCCESS; + SendCommandNG(CMD_LF_IO_WATCH, NULL, 0); + PacketResponseNG resp; + WaitForResponse(CMD_LF_IO_WATCH, &resp); + PrintAndLogEx(INFO, "Done"); + return resp.status; } //by marshmellow diff --git a/client/src/cmdlfpyramid.c b/client/src/cmdlfpyramid.c index ed2895ecb..03a9a751c 100644 --- a/client/src/cmdlfpyramid.c +++ b/client/src/cmdlfpyramid.c @@ -1,5 +1,7 @@ //----------------------------------------------------------------------------- // +// by marshmellow +// // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of // the license. @@ -62,11 +64,14 @@ static int usage_lf_pyramid_sim(void) { return PM3_SUCCESS; } -//by marshmellow -//Pyramid Prox demod - FSK RF/50 with preamble of 0000000000000001 (always a 128 bit data stream) -//print full Farpointe Data/Pyramid Prox ID and some bit format details if found static int CmdPyramidDemod(const char *Cmd) { (void)Cmd; // Cmd is not used so far + return demodPyramid(); +} + +//Pyramid Prox demod - FSK RF/50 with preamble of 0000000000000001 (always a 128 bit data stream) +//print full Farpointe Data/Pyramid Prox ID and some bit format details if found +int demodPyramid(void) { //raw fsk demod no manchester decoding no start bit finding just get binary from wave uint8_t bits[MAX_GRAPH_TRACE_LEN] = {0}; size_t size = getFromGraphBuf(bits); @@ -350,11 +355,6 @@ int getPyramidBits(uint32_t fc, uint32_t cn, uint8_t *pyramidBits) { return PM3_SUCCESS; } -int demodPyramid(void) { - return CmdPyramidDemod(""); -} - -// by marshmellow // FSK Demod then try to locate a Farpointe Data (pyramid) ID int detectPyramid(uint8_t *dest, size_t *size, int *waveStartIdx) { //make sure buffer has data diff --git a/client/src/cmdlfsecurakey.c b/client/src/cmdlfsecurakey.c index 108e9125c..4b01afe2d 100644 --- a/client/src/cmdlfsecurakey.c +++ b/client/src/cmdlfsecurakey.c @@ -34,13 +34,17 @@ static int usage_lf_securakey_clone(void) { PrintAndLogEx(NORMAL, " b : raw hex data. 12 bytes max"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf securakey clone 7FCB400001ADEA5344300000"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf securakey clone b 7FCB400001ADEA5344300000")); return PM3_SUCCESS; } -//see ASKDemod for what args are accepted static int CmdSecurakeyDemod(const char *Cmd) { (void)Cmd; // Cmd is not used so far + return demodSecurakey(); +} + +//see ASKDemod for what args are accepted +int demodSecurakey(void) { //ASK / Manchester bool st = false; @@ -212,7 +216,3 @@ int detectSecurakey(uint8_t *dest, size_t *size) { return (int)startIdx; } -int demodSecurakey(void) { - return CmdSecurakeyDemod(""); -} - diff --git a/client/src/cmdlfvisa2000.c b/client/src/cmdlfvisa2000.c index a90e5ddce..91ad70490 100644 --- a/client/src/cmdlfvisa2000.c +++ b/client/src/cmdlfvisa2000.c @@ -41,7 +41,7 @@ static int usage_lf_visa2k_clone(void) { PrintAndLogEx(NORMAL, " : specify write to Q5 (t5555 instead of t55x7)"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf visa2000 clone 112233"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf visa2000 clone 112233")); return PM3_SUCCESS; } @@ -55,7 +55,7 @@ static int usage_lf_visa2k_sim(void) { PrintAndLogEx(NORMAL, " : Visa2k card ID"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " lf visa2000 sim 112233"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf visa2000 sim 112233")); return PM3_SUCCESS; } @@ -86,6 +86,10 @@ static uint8_t visa_parity(uint32_t id) { return par; } +static int CmdVisa2kDemod(const char *Cmd) { + (void)Cmd; // Cmd is not used so far + return demodVisa2k(); +} /** * * 56495332 00096ebd 00000077 —> tag id 618173 @@ -98,9 +102,7 @@ static uint8_t visa_parity(uint32_t id) { * **/ //see ASKDemod for what args are accepted -static int CmdVisa2kDemod(const char *Cmd) { - (void)Cmd; // Cmd is not used so far - +int demodVisa2k(void) { save_restoreGB(GRAPH_SAVE); //CmdAskEdgeDetect(""); @@ -153,7 +155,7 @@ static int CmdVisa2kDemod(const char *Cmd) { save_restoreGB(GRAPH_RESTORE); return PM3_ESOFT; } - PrintAndLogEx(SUCCESS, "Visa2000 Tag Found: Card ID %u, Raw: %08X%08X%08X", raw2, raw1, raw2, raw3); + PrintAndLogEx(SUCCESS, "Visa2000 Tag Found: Card ID " _GREEN_("%u") " Raw: %08X%08X%08X", raw2, raw1, raw2, raw3); return PM3_SUCCESS; } @@ -260,7 +262,4 @@ int detectVisa2k(uint8_t *dest, size_t *size) { return (int)startIdx; } -int demodVisa2k(void) { - return CmdVisa2kDemod(""); -} diff --git a/client/src/cmdmain.c b/client/src/cmdmain.c index 2664ed3a1..0ca9826d8 100644 --- a/client/src/cmdmain.c +++ b/client/src/cmdmain.c @@ -248,8 +248,9 @@ static int CmdPref(const char *Cmd) { } static command_t CommandTable[] = { - {"help", CmdHelp, AlwaysAvailable, "This help. Use ' help' for details of a particular command."}, - {"auto", CmdAuto, IfPm3Present, "Automated detection process for unknown tags"}, + + {"--------",CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("sub") " -----------------------"}, + {"analyse", CmdAnalyse, AlwaysAvailable, "{ Analyse utils... }"}, {"data", CmdData, AlwaysAvailable, "{ Plot window / data buffer manipulation... }"}, {"emv", CmdEMV, AlwaysAvailable, "{ EMV ISO-14443 / ISO-7816... }"}, @@ -258,15 +259,17 @@ static command_t CommandTable[] = { {"lf", CmdLF, AlwaysAvailable, "{ Low frequency commands... }"}, {"mem", CmdFlashMem, IfPm3Flash, "{ Flash Memory manipulation... }"}, {"reveng", CmdRev, AlwaysAvailable, "{ CRC calculations from RevEng software }"}, - {"sc", CmdSmartcard, AlwaysAvailable, "{ Smart card ISO-7816 commands... }"}, + {"smart", CmdSmartcard, AlwaysAvailable, "{ Smart card ISO-7816 commands... }"}, {"script", CmdScript, AlwaysAvailable, "{ Scripting commands }"}, {"trace", CmdTrace, AlwaysAvailable, "{ Trace manipulation... }"}, {"usart", CmdUsart, IfPm3FpcUsartFromUsb, "{ USART commands... }"}, {"wiegand", CmdWiegand, AlwaysAvailable, "{ Wiegand format manipulation... }"}, - {"", CmdHelp, AlwaysAvailable, ""}, + {"--------",CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("sub") " -----------------------"}, + {"auto", CmdAuto, IfPm3Present, "Automated detection process for unknown tags"}, + {"help", CmdHelp, AlwaysAvailable, "This help. Use " _YELLOW_("' help'") " for details of a particular command."}, {"hints", CmdHints, AlwaysAvailable, "Turn hints on / off"}, - {"pref", CmdPref, AlwaysAvailable, "Edit preferences"}, {"msleep", CmdMsleep, AlwaysAvailable, "Add a pause in milliseconds"}, + {"pref", CmdPref, AlwaysAvailable, "Edit preferences"}, {"rem", CmdRem, AlwaysAvailable, "Add a text line in log file"}, {"quit", CmdQuit, AlwaysAvailable, ""}, {"exit", CmdQuit, AlwaysAvailable, "Exit program"}, diff --git a/client/src/cmdscript.c b/client/src/cmdscript.c index 4fb87cc27..89301e1f4 100644 --- a/client/src/cmdscript.c +++ b/client/src/cmdscript.c @@ -36,8 +36,7 @@ // Partly ripped from PyRun_SimpleFileExFlags // but does not terminate client on sys.exit // and print exit code only if != 0 -static int Pm3PyRun_SimpleFileNoExit(FILE *fp, const char *filename) -{ +static int Pm3PyRun_SimpleFileNoExit(FILE *fp, const char *filename) { PyObject *m, *d, *v; int set_file_name = 0, ret = -1; m = PyImport_AddModule("__main__"); @@ -86,7 +85,7 @@ static int Pm3PyRun_SimpleFileNoExit(FILE *fp, const char *filename) } Py_DECREF(v); ret = 0; - done: +done: if (set_file_name && PyDict_DelItemString(d, "__file__")) PyErr_Clear(); Py_XDECREF(m); diff --git a/client/src/cmdtrace.c b/client/src/cmdtrace.c index 04b71d677..1b172bfb3 100644 --- a/client/src/cmdtrace.c +++ b/client/src/cmdtrace.c @@ -53,22 +53,23 @@ static int usage_trace_list(void) { PrintAndLogEx(NORMAL, " lto - interpret data as LTO-CM communications"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " trace list 14a f"); - PrintAndLogEx(NORMAL, " trace list iclass"); + PrintAndLogEx(NORMAL, _YELLOW_(" trace list 14a f")); + PrintAndLogEx(NORMAL, _YELLOW_(" trace list iclass")); + PrintAndLogEx(NORMAL, _YELLOW_(" trace list 14a 1")); return PM3_SUCCESS; } static int usage_trace_load(void) { - PrintAndLogEx(NORMAL, "Load protocol data from file to trace buffer."); + PrintAndLogEx(NORMAL, "Load protocol data from binary file to trace buffer"); PrintAndLogEx(NORMAL, "Usage: trace load "); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " trace load mytracefile.bin"); + PrintAndLogEx(NORMAL, _YELLOW_(" trace load mytracefile.trace")); return PM3_SUCCESS; } static int usage_trace_save(void) { - PrintAndLogEx(NORMAL, "Save protocol data from trace buffer to file."); + PrintAndLogEx(NORMAL, "Save protocol data from trace buffer to binary file"); PrintAndLogEx(NORMAL, "Usage: trace save "); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, " trace save mytracefile.bin"); + PrintAndLogEx(NORMAL, _YELLOW_(" trace save mytracefile.trace")); return PM3_SUCCESS; } @@ -198,7 +199,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr if (tracepos + TRACELOG_HDR_LEN + data_len + TRACELOG_PARITY_LEN(hdr) > traceLen) { return traceLen; } - + uint8_t *frame = hdr->frame; uint8_t *parityBytes = hdr->frame + data_len; @@ -494,7 +495,7 @@ static int CmdTraceLoad(const char *Cmd) { g_traceLen = (long)len; - PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = " _YELLOW_("%lu") " bytes) loaded from " _YELLOW_("%s"), g_traceLen, filename); + PrintAndLogEx(SUCCESS, "Recorded Activity (TraceLen = " _YELLOW_("%lu") " bytes)", g_traceLen); return PM3_SUCCESS; } diff --git a/client/src/comms.c b/client/src/comms.c index df4c404df..5976cfcc1 100644 --- a/client/src/comms.c +++ b/client/src/comms.c @@ -349,7 +349,7 @@ __attribute__((force_align_arg_pointer)) // main thread will kill and restart this thread. if (commfailed) { if (conn.last_command != CMD_HARDWARE_RESET) { - PrintAndLogEx(WARNING, "Communicating with Proxmark3 device " _RED_("failed")); + PrintAndLogEx(WARNING, "\nCommunicating with Proxmark3 device " _RED_("failed")); } __atomic_test_and_set(&comm_thread_dead, __ATOMIC_SEQ_CST); break; diff --git a/client/src/emv/cmdemv.c b/client/src/emv/cmdemv.c index 2f754ffc4..57f898425 100644 --- a/client/src/emv/cmdemv.c +++ b/client/src/emv/cmdemv.c @@ -1455,7 +1455,7 @@ static int CmdEMVScan(const char *Cmd) { // current path + file name if (MergeJSON) { - root = json_load_file( (char*)filename, 0, &error); + root = json_load_file((char *)filename, 0, &error); if (!root) { PrintAndLogEx(ERR, "Json error on line %d: %s", error.line, error.text); return PM3_EFILE; @@ -1750,15 +1750,15 @@ static int CmdEMVScan(const char *Cmd) { if (MergeJSON == false) { // create unique new name - char *fname = newfilenamemcopy((char*)filename, ".json"); + char *fname = newfilenamemcopy((char *)filename, ".json"); if (fname == NULL) { return PM3_EMALLOC; } - strcpy((char*)filename, fname); + strcpy((char *)filename, fname); free(fname); } - res = json_dump_file(root, (char*)filename, JSON_INDENT(2)); + res = json_dump_file(root, (char *)filename, JSON_INDENT(2)); if (res) { PrintAndLogEx(ERR, "Can't save the file: %s", filename); return PM3_EFILE; diff --git a/client/src/emv/emv_pk.c b/client/src/emv/emv_pk.c index ee354e24d..1a783ef12 100644 --- a/client/src/emv/emv_pk.c +++ b/client/src/emv/emv_pk.c @@ -504,19 +504,19 @@ struct emv_pk *emv_pk_get_ca_pk(const unsigned char *rid, unsigned char idx) { bool isok = emv_pk_verify(pk); PrintAndLogEx(INFO, "Verifying CA PK for %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx %zu bits. ( %s )", - pk->rid[0], - pk->rid[1], - pk->rid[2], - pk->rid[3], - pk->rid[4], - pk->index, - pk->mlen * 8, - (isok) ? _GREEN_("ok") : _RED_("failed") - ); + pk->rid[0], + pk->rid[1], + pk->rid[2], + pk->rid[3], + pk->rid[4], + pk->index, + pk->mlen * 8, + (isok) ? _GREEN_("ok") : _RED_("failed") + ); if (isok) { return pk; - } + } emv_pk_free(pk); return NULL; diff --git a/client/src/fileutils.c b/client/src/fileutils.c index 3e2f252cb..e222e54da 100644 --- a/client/src/fileutils.c +++ b/client/src/fileutils.c @@ -1369,6 +1369,17 @@ static int convert_plain_mfu_dump(uint8_t **dump, size_t *dumplen, bool verbose) } static int convert_old_mfu_dump(uint8_t **dump, size_t *dumplen, bool verbose) { + /* For reference + typedef struct { + uint8_t version[8]; + uint8_t tbo[2]; + uint8_t tearing[3]; + uint8_t pack[2]; + uint8_t tbo1[1]; + uint8_t signature[32]; + uint8_t data[1024]; + } PACKED old_mfu_dump_t; + */ // convert old format old_mfu_dump_t *old_mfu_dump = (old_mfu_dump_t *)*dump; @@ -1392,9 +1403,11 @@ static int convert_old_mfu_dump(uint8_t **dump, size_t *dumplen, bool verbose) { } memcpy(mfu_dump->data, old_mfu_dump->data, sizeof(mfu_dump->data)); - mfu_dump->pages = old_data_len / 4 - 1; + // Add PACK to last block of memory. + memcpy(mfu_dump->data + (mfu_dump->pages * 4 + MFU_DUMP_PREFIX_LENGTH), old_mfu_dump->pack, 2); + if (verbose) { PrintAndLogEx(SUCCESS, "old mfu dump format was converted to " _GREEN_("%d") " blocks", mfu_dump->pages + 1); } diff --git a/client/src/mifare/desfire_crypto.c b/client/src/mifare/desfire_crypto.c index 0ec6bd70d..7260f4731 100644 --- a/client/src/mifare/desfire_crypto.c +++ b/client/src/mifare/desfire_crypto.c @@ -882,7 +882,7 @@ void mifare_cypher_blocks_chained(desfiretag_t tag, desfirekey_t key, uint8_t *i } void desfire_crc32(const uint8_t *data, const size_t len, uint8_t *crc) { - crc32_ex(data,len,crc); + crc32_ex(data, len, crc); } void desfire_crc32_append(uint8_t *data, const size_t len) { diff --git a/client/src/mifare/mad.c b/client/src/mifare/mad.c index 9a8e20353..badc4b813 100644 --- a/client/src/mifare/mad.c +++ b/client/src/mifare/mad.c @@ -173,7 +173,7 @@ int MADCheck(uint8_t *sector0, uint8_t *sector10, bool verbose, bool *haveMAD2) if (sector0 == NULL) return PM3_EINVARG; - uint8_t GPB = sector0[3 * 16 + 9]; + uint8_t GPB = sector0[3 * 16 + 9]; if (verbose) PrintAndLogEx(SUCCESS, "%14s " _GREEN_("0x%02x"), "GPB", GPB); @@ -304,7 +304,7 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMA PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "---------------- " _CYAN_("Listing") " ----------------"); - + PrintAndLogEx(INFO, " 00 MAD v1"); uint32_t prev_aid = 0xFFFFFFFF; for (int i = 1; i < 16; i++) { @@ -326,10 +326,10 @@ int MAD1DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose, bool *haveMA int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) { open_mad_file(&mad_known_aids, verbose); - + PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "------------ " _CYAN_("MAD v2 details") " -------------"); - + int res = madCRCCheck(sector, true, 2); if (verbose) { if (res == PM3_SUCCESS) @@ -347,7 +347,7 @@ int MAD2DecodeAndPrint(uint8_t *sector, bool swapmad, bool verbose) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "---------------- " _CYAN_("Listing") " ----------------"); - + PrintAndLogEx(INFO, " 16 MAD v2"); uint32_t prev_aid = 0xFFFFFFFF; diff --git a/client/src/mifare/ndef.c b/client/src/mifare/ndef.c index 2aab01634..9e480cde4 100644 --- a/client/src/mifare/ndef.c +++ b/client/src/mifare/ndef.c @@ -418,7 +418,7 @@ int NDEFRecordsDecodeAndPrint(uint8_t *ndefRecord, size_t ndefRecordLen) { } PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "Record " _YELLOW_("%zu"), counter); + PrintAndLogEx(SUCCESS, _CYAN_("Record") " " _YELLOW_("%zu"), counter); PrintAndLogEx(INFO, "-----------------------------------------------------"); ndefRecordDecodeAndPrint(&ndefRecord[len], NDEFHeader.RecLen); @@ -436,7 +436,7 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) { size_t indx = 0; - PrintAndLogEx(INFO, ""); + PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("NDEF parsing") " ----------------"); while (indx < ndefLen) { @@ -445,7 +445,7 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) { case 0x00: { indx++; uint16_t len = ndefTLVGetLength(&ndef[indx], &indx); - PrintAndLogEx(SUCCESS, "-- NDEF NULL block."); + PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF NULL block") " ---"); if (len) PrintAndLogEx(WARNING, "NDEF NULL block size must be 0, got %d bytes", len); indx += len; @@ -454,20 +454,21 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) { case 0x01: { indx++; uint16_t len = ndefTLVGetLength(&ndef[indx], &indx); - PrintAndLogEx(INFO, "-- NDEF Lock Control."); + PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF Lock Control") " ---"); if (len != 3) { PrintAndLogEx(WARNING, "NDEF Lock Control block size must be 3 instead of %d.", len); } else { - uint8_t PagesAddr = (ndef[indx] >> 4) & 0x0f; - uint8_t ByteOffset = ndef[indx] & 0x0f; + uint8_t pages_addr = (ndef[indx] >> 4) & 0x0f; + uint8_t byte_offset = ndef[indx] & 0x0f; uint8_t Size = ndef[indx + 1]; uint8_t BytesLockedPerLockBit = (ndef[indx + 2] >> 4) & 0x0f; - uint8_t BytesPerPage = ndef[indx + 2] & 0x0f; - PrintAndLogEx(SUCCESS, "PagesAddr. number of pages: %d", PagesAddr); - PrintAndLogEx(SUCCESS, "ByteOffset. number of bytes: %d", ByteOffset); - PrintAndLogEx(SUCCESS, "Size. size in bits of the lock area: %d. bytes approx: %d", Size, Size / 8); - PrintAndLogEx(SUCCESS, "BytesPerPage. number of bytes per page: %d", BytesPerPage); - PrintAndLogEx(SUCCESS, "BytesLockedPerLockBit. number of bytes that each dynamic lock bit is able to lock: %d", BytesLockedPerLockBit); + uint8_t bytes_per_page = ndef[indx + 2] & 0x0f; + PrintAndLogEx(SUCCESS, " Pages addr (number of pages) : %d", pages_addr); + PrintAndLogEx(SUCCESS, "Byte offset (number of bytes) : %d", byte_offset); + PrintAndLogEx(SUCCESS, "Size in bits of the lock area : %d. bytes approx: %d", Size, Size / 8); + PrintAndLogEx(SUCCESS, " Number of bytes / page : %d", bytes_per_page); + PrintAndLogEx(SUCCESS, "Bytes Locked Per LockBit."); + PrintAndLogEx(SUCCESS, " number of bytes that each dynamic lock bit is able to lock: %d", BytesLockedPerLockBit); } indx += len; break; @@ -475,18 +476,18 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) { case 0x02: { indx++; uint16_t len = ndefTLVGetLength(&ndef[indx], &indx); - PrintAndLogEx(INFO, "-- NDEF Memory Control."); + PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF Memory Control") " ---"); if (len != 3) { PrintAndLogEx(WARNING, "NDEF Memory Control block size must be 3 instead of %d.", len); } else { - uint8_t PagesAddr = (ndef[indx] >> 4) & 0x0f; - uint8_t ByteOffset = ndef[indx] & 0x0f; + uint8_t pages_addr = (ndef[indx] >> 4) & 0x0f; + uint8_t byte_offset = ndef[indx] & 0x0f; uint8_t Size = ndef[indx + 1]; - uint8_t BytesPerPage = ndef[indx + 2] & 0x0f; - PrintAndLogEx(SUCCESS, "PagesAddr. number of pages: %d", PagesAddr); - PrintAndLogEx(SUCCESS, "ByteOffset. number of bytes: %d", ByteOffset); - PrintAndLogEx(SUCCESS, "Size. size in bits of the reserved area: %d. bytes approx: %d", Size, Size / 8); - PrintAndLogEx(SUCCESS, "BytesPerPage. number of bytes per page: %d", BytesPerPage); + uint8_t bytes_per_page = ndef[indx + 2] & 0x0f; + PrintAndLogEx(SUCCESS, " Pages addr (number of pages) : %d", pages_addr); + PrintAndLogEx(SUCCESS, "Byte offset (number of bytes) : %d", byte_offset); + PrintAndLogEx(SUCCESS, "Size in bits of the reserved area : %d. bytes approx: %d", Size, Size / 8); + PrintAndLogEx(SUCCESS, " Number of bytes / page : %d", bytes_per_page); } indx += len; break; @@ -494,28 +495,36 @@ int NDEFDecodeAndPrint(uint8_t *ndef, size_t ndefLen, bool verbose) { case 0x03: { indx++; uint16_t len = ndefTLVGetLength(&ndef[indx], &indx); - PrintAndLogEx(SUCCESS, "Found NDEF message (%d bytes)", len); - - int res = NDEFRecordsDecodeAndPrint(&ndef[indx], len); - if (res != PM3_SUCCESS) - return res; + PrintAndLogEx(SUCCESS, "--- " _CYAN_("NDEF Message") " ---"); + if (len == 0) { + PrintAndLogEx(SUCCESS, "Found NDEF message w zero length"); + } else { + PrintAndLogEx(SUCCESS, "Found NDEF message (%d bytes)", len); + int res = NDEFRecordsDecodeAndPrint(&ndef[indx], len); + if (res != PM3_SUCCESS) + return res; + } + indx += len; break; } case 0xfd: { indx++; uint16_t len = ndefTLVGetLength(&ndef[indx], &indx); - PrintAndLogEx(SUCCESS, "-- NDEF proprietary info. Skipped %d bytes.", len); + PrintAndLogEx(SUCCESS, "--- " _CYAN_("Proprietary info") " ---"); + PrintAndLogEx(SUCCESS, " Can't decode, skipping %d bytes", len); indx += len; break; } case 0xfe: { - PrintAndLogEx(SUCCESS, "-- NDEF Terminator. Done."); + PrintAndLogEx(SUCCESS, "NDEF Terminator detected"); return PM3_SUCCESS; } default: { - PrintAndLogEx(ERR, "unknown tag 0x%02x", ndef[indx]); + if (verbose) + PrintAndLogEx(ERR, "unknown tag 0x%02x", ndef[indx]); + return PM3_ESOFT; } } diff --git a/client/src/proxmark3.c b/client/src/proxmark3.c index e13c79591..d820e297d 100644 --- a/client/src/proxmark3.c +++ b/client/src/proxmark3.c @@ -117,23 +117,23 @@ static void prompt_compose(char *buf, size_t buflen, const char *promptctx, cons snprintf(buf, buflen - 1, PROXPROMPT_COMPOSE, promptdev, promptctx); } -#ifdef HAVE_READLINE static int check_comm(void) { // If communications thread goes down. Device disconnected then this should hook up PM3 again. if (IsCommunicationThreadDead() && session.pm3_present) { + PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") " mode. Use "_YELLOW_("\"hw connect\"") " to reconnect\n"); prompt_dev = PROXPROMPT_DEV_OFFLINE; +#ifdef HAVE_READLINE char prompt[PROXPROMPT_MAX_SIZE] = {0}; prompt_compose(prompt, sizeof(prompt), prompt_ctx, prompt_dev); char prompt_filtered[PROXPROMPT_MAX_SIZE] = {0}; memcpy_filter_ansi(prompt_filtered, prompt, sizeof(prompt_filtered), !session.supports_colors); rl_set_prompt(prompt_filtered); rl_forced_update_display(); +#endif CloseProxmark(); - PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") " mode. Use "_YELLOW_("\"hw connect\"") " to reconnect\n"); } return 0; } -#endif // first slot is always NULL, indicating absence of script when idx=0 static FILE *cmdscriptfile[MAX_NESTED_CMDSCRIPT + 1] = {0}; @@ -293,13 +293,17 @@ check_script: printprompt = true; } else { +#ifdef HAVE_READLINE + rl_event_hook = check_comm; +#else + check_comm(); +#endif prompt_ctx = PROXPROMPT_CTX_INTERACTIVE; char prompt[PROXPROMPT_MAX_SIZE] = {0}; prompt_compose(prompt, sizeof(prompt), prompt_ctx, prompt_dev); char prompt_filtered[PROXPROMPT_MAX_SIZE] = {0}; memcpy_filter_ansi(prompt_filtered, prompt, sizeof(prompt_filtered), !session.supports_colors); #ifdef HAVE_READLINE - rl_event_hook = check_comm; cmd = readline(prompt_filtered); #else printf("%s", prompt_filtered); @@ -477,7 +481,6 @@ static void set_my_user_directory(void) { free(cwd_buffer); return; } - PrintAndLogEx(NORMAL, "Len... %d", pathLen); } if (!error) { diff --git a/client/src/ui.c b/client/src/ui.c index 04e002950..e84d4203c 100644 --- a/client/src/ui.c +++ b/client/src/ui.c @@ -22,10 +22,6 @@ #include #include -#ifdef HAVE_READLINE -#include -#endif - #include #include "util.h" #include "proxmark3.h" // PROXLOG diff --git a/common/lfdemod.c b/common/lfdemod.c index ee6d6afe0..e952ed59c 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -1537,6 +1537,11 @@ static uint16_t cleanAskRawDemod(uint8_t *bits, size_t *size, int clk, int inver getNextHigh(bits, *size, high, &pos); // getNextLow(bits, *size, low, &pos); + // do not skip first transition + if ((pos > cl_2 - cl_4 - 1) && (pos <= clk + cl_4 + 1)) { + bits[bitCnt++] = invert ^ 1; + } + // sample counts, like clock = 32.. it tries to find 32/4 = 8, 32/2 = 16 for (size_t i = pos; i < *size; i++) { if (bits[i] >= high && waveHigh) { diff --git a/common_arm/Makefile.hal b/common_arm/Makefile.hal index 455672e5f..0ae8b2d19 100644 --- a/common_arm/Makefile.hal +++ b/common_arm/Makefile.hal @@ -81,7 +81,8 @@ endif # common LF support PLATFORM_DEFS += \ -DWITH_LF \ - -DWITH_HITAG + -DWITH_HITAG \ + -DWITH_EM4x50 # common HF support PLATFORM_DEFS += \ diff --git a/common_arm/ldscript.common b/common_arm/ldscript.common index 9e53d8436..610e5c0b4 100644 --- a/common_arm/ldscript.common +++ b/common_arm/ldscript.common @@ -9,7 +9,7 @@ ms of the GNU GPL, version 2 or, ----------------------------------------------------------------------------- */ -stacksize = DEFINED(stacksize) ? stacksize : 5K; +stacksize = DEFINED(stacksize) ? stacksize : 8488; commonareasize = 0x20; /* AT91SAM7S256 has 256k Flash and 64k RAM */ diff --git a/doc/md/Development/Makefile-vs-CMake.md b/doc/md/Development/Makefile-vs-CMake.md new file mode 100644 index 000000000..649b9beaa --- /dev/null +++ b/doc/md/Development/Makefile-vs-CMake.md @@ -0,0 +1,86 @@ +# Makefile vs CMake + +## Client + +The client can be compiled both with the historical Makefile and with a newer CMakeLists.txt. +At the moment both are maintained because they don't perfectly overlap yet. + +* *in_common*: src in /common +* *in_deps*: src in /client/deps +* *opt*: optional dependency +* *pc*: use pkg-config +* *sys*: system library + +| Feature | Makefile | CMake | Remarks | +|-----|---|---|---| +| verbose | V=1 | VERBOSE=1 | | +| warnings management | yes (1) | **no** | (1) cf Makefile.defs | +| compilation | in place | in build dir | | +| user `CFLAGS`/`LDFLAGS` | envvars honored (1) | envvars honored (2) | (1) also `LDLIBS` and `INCLUDES_CLIENT` for more tuning (2) only at first cmake call | +| Mingw gnu printf | `_ISOC99_SOURCE` | `_ISOC99_SOURCE` | and in cbor.h: `__attribute__((format (__MINGW_PRINTF_FORMAT, 2, 3)))`| +| C++ | c++11 | gnu++14 | | +| dep amiibo | in_deps | in_deps | | +| dep atomic | sys, for RPiZ | sys, for RPiZ | `-Wl,--as-needed -latomic -Wl,--no-as-needed` unless OSX | +| atomic detection | **none** | **none** | | +| dep bluez | opt, sys | opt, sys | | +| bluez detection | pc | pkg_search_module | | +| `SKIPBT` | yes | yes | | +| dep bzip2 | sys | sys | | +| bzip2 detection | **none** | find_package, Cross:gitclone | | +| dep cliparser | in_deps | in_deps | | +| dep hardnested | in_deps | in_deps | | +| hardn arch autodetect | `uname -m` =? 86 or amd64; `$(CC) -E -mavx512f`? +AVX512` | `CMAKE_SYSTEM_PROCESSOR` =? x86 or x86_64 or i686 or AMD64 (1) | (1) currently it always includes AVX512 on Intel arch | +| `cpu_arch` | yes | **no/auto?** | e.g. `cpu_arch=generic` for cross-compilation +| dep jansson | sys / in_deps | sys / in_deps | | +| jansson detection | pc | pc/find* | | +| `SKIPJANSSONSYSTEM` | yes | yes | | +| dep lua | sys / in_deps(1) | **in_deps only**(2) | (1) manual def of `LUAPLATFORM` for mingw/macosx/linux (2) manual, different?, for Android too | +| lua detection | pc | **none** | | +| `SKIPLUASYSTEM` | yes | **no** | | +| lualibs/pm3_cmd.lua | yes | add_custom_command **but unused** | | +| lualibs/mfc_default_keys.lua | yes | add_custom_command **but unused** | | +| dep lz4 | | | (in_common) not yet used, future. See `get_lz4.sh` for upstream fetch & patch | +| dep libm | sys | sys | | +| libm detection | **none** | **none** (1) | (1) cf https://cmake.org/pipermail/cmake/2019-March/069168.html ? | +| dep mbedtls | in_common | in_common | no sys lib: missing support for CMAC in def conf (btw no .pc available) | +| dep python3 | opt, sys, <3.8 & 3.8 | opt, sys, <3.8 & 3.8 | | +| python3 detection | pc | pkg_search_module | | +| `SKIPPYTHON` | yes | yes | | +| dep pthread | sys | sys | | +| pthread detection | **none** | **none** (1) | (1) cf https://stackoverflow.com/questions/1620918/cmake-and-libpthread ? | +| `SKIPPTHREAD` | yes | yes | e.g. for termux | +| dep Qt | opt, sys, Qt5 & Qt4 | opt, sys, Qt5 | | +| Qt detection | pc(qt5)/pc(qt4)/`QTDIR`(1) (2) | find_package(qt5) (3) | (1) if `QTDIR`: hardcode path (2) OSX: pkg-config hook for Brew (3) OSX: add search path| +| `SKIPQT` | yes | yes | | +| dep readline | sys | sys | | +| readline detection | **none** (1) | find*(2), Cross:getzip | (1) OSX: hardcoded path (2) additional paths for OSX | +| `SKIPREADLINE` | yes | yes | CLI not fully functional without Readline | +| dep reveng | in_deps | in_deps | | +| `SKIPREVENGTEST` | yes(1) | **no**(2) | (1) e.g. if cross-compilation (2) tests aren't compiled/ran with cmake | +| dep tinycbor | in_deps | in_deps | | +| dep whereami | sys / in_deps | sys / in_deps | | +| whereami detection | **search /usr/include/whereami.h** | find* | no .pc available | +| `SKIPWHEREAMISYSTEM` | yes | yes | | +| version | mkversion | mkversion | | +| install | yes (1) | **no** | (1) supports `DESTDIR`, `PREFIX`, `UDEV_PREFIX`. Installs resources as well, `INSTALL*RELPATH` | +| deb | no | partial? | | +| tarbin | yes, unused? | no | | +| Android cross- | **no** | yes | | +| SWIG Lua+Python embedded | **no** | *ongoing* | cf libpm3_experiments branch | +| libpm3 with SWIG Lua+Python| **no** | *ongoing* | cf libpm3_experiments branch | + +## Tools + +`makefile` only at the moment + +`SKIPGPU` + +## ARM + +`makefile` only at the moment + +`PLATFORM`, `PLATFORM_EXTRAS`, `DESTDIR`, `PREFIX`, `FWTAG` + +## Global + +`makefile` only at the moment diff --git a/include/em4x50.h b/include/em4x50.h new file mode 100644 index 000000000..11b2509b7 --- /dev/null +++ b/include/em4x50.h @@ -0,0 +1,37 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2020 tharexde +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency EM4x50 structs +//----------------------------------------------------------------------------- + +#ifndef EM4X50_H__ +#define EM4X50_H__ + +typedef struct { + bool fwr_given; + bool lwr_given; + bool pwd_given; + bool newpwd_given; + uint8_t password[4]; + uint8_t new_password[4]; + uint8_t addresses[4]; + uint8_t address; + uint8_t word[4]; +} em4x50_data_t; + +typedef struct { + uint8_t byte[4]; + uint8_t row_parity[4]; + uint8_t col_parity; + uint8_t stopbit; + bool rparity[4]; + bool cparity[8]; + bool stopparity; + bool parity; +} em4x50_word_t; + +#endif /* EM4X50_H__ */ diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index 3cafb9df1..125db9a7f 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -187,6 +187,7 @@ typedef struct { // lf bool compiled_with_lf : 1; bool compiled_with_hitag : 1; + bool compiled_with_em4x50 : 1; // hf bool compiled_with_hfsniff : 1; bool compiled_with_hfplot : 1; @@ -385,7 +386,7 @@ typedef struct { #define CMD_DOWNLOADED_BIGBUF 0x0208 #define CMD_LF_UPLOAD_SIM_SAMPLES 0x0209 #define CMD_LF_SIMULATE 0x020A -#define CMD_LF_HID_DEMOD 0x020B +#define CMD_LF_HID_WATCH 0x020B #define CMD_LF_HID_SIMULATE 0x020C #define CMD_LF_SET_DIVISOR 0x020D #define CMD_LF_SIMULATE_BIDIR 0x020E @@ -399,15 +400,18 @@ typedef struct { #define CMD_LF_PCF7931_WRITE 0x0223 #define CMD_LF_EM4X_READWORD 0x0218 #define CMD_LF_EM4X_WRITEWORD 0x0219 -#define CMD_LF_IO_DEMOD 0x021A -#define CMD_LF_EM410X_DEMOD 0x021C +#define CMD_LF_IO_WATCH 0x021A +#define CMD_LF_EM410X_WATCH 0x021C +#define CMD_LF_EM4X50_INFO 0x0240 +#define CMD_LF_EM4X50_WRITE 0x0241 +#define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242 // Sampling configuration for LF reader/sniffer #define CMD_LF_SAMPLING_SET_CONFIG 0x021D #define CMD_LF_FSK_SIMULATE 0x021E #define CMD_LF_ASK_SIMULATE 0x021F #define CMD_LF_PSK_SIMULATE 0x0220 #define CMD_LF_NRZ_SIMULATE 0x0232 -#define CMD_LF_AWID_DEMOD 0x0221 +#define CMD_LF_AWID_WATCH 0x0221 #define CMD_LF_VIKING_CLONE 0x0222 #define CMD_LF_T55XX_WAKEUP 0x0224 #define CMD_LF_COTAG_READ 0x0225 diff --git a/tools/hitag2crack/crack5/ht2crack5.c b/tools/hitag2crack/crack5/ht2crack5.c index a92afc854..196f16420 100644 --- a/tools/hitag2crack/crack5/ht2crack5.c +++ b/tools/hitag2crack/crack5/ht2crack5.c @@ -330,7 +330,6 @@ static void *find_state(void *thread_d) { const bitslice_value_t filter4 = f_c_bs(filter4_0, filter4_1, filter4_2, filter4_3, filter4_4); bitslice_t results4; results4.value = results3.value & (filter4 ^ keystream[4].value); - if (results4.bytes64[0] == 0 && results4.bytes64[1] == 0 && results4.bytes64[2] == 0 @@ -339,7 +338,9 @@ static void *find_state(void *thread_d) { continue; } + state[-2 + 56].value = lfsr_bs(8); const bitslice_value_t filter5_3 = f_b_bs(state[-2 + 33].value, state[-2 + 34].value, state[-2 + 36].value, state[-2 + 38].value); + const bitslice_value_t filter10_4 = f_a_bs(state[-2 + 44].value, state[-2 + 53].value, state[-2 + 54].value, state[-2 + 56].value); const bitslice_value_t filter12_2 = f_b_bs(state[-2 + 29].value, state[-2 + 33].value, state[-2 + 35].value, state[-2 + 38].value); for (uint8_t i5 = 0; i5 < (1 << bits[5]); i5++) { @@ -358,8 +359,9 @@ static void *find_state(void *thread_d) { continue; } + state[-2 + 57].value = lfsr_bs(9); const bitslice_value_t filter6_3 = f_b_bs(state[-2 + 34].value, state[-2 + 35].value, state[-2 + 37].value, state[-2 + 39].value); - + const bitslice_value_t filter11_4 = f_a_bs(state[-2 + 45].value, state[-2 + 54].value, state[-2 + 55].value, state[-2 + 57].value); for (uint8_t i6 = 0; i6 < (1 << bits[6]); i6++) { state[-2 + 40].value = ((bool)(i6 & 0x1)) ? bs_ones.value : bs_zeroes.value; // 0xffe7ffffffff @@ -376,8 +378,9 @@ static void *find_state(void *thread_d) { continue; } + state[-2 + 58].value = lfsr_bs(10); const bitslice_value_t filter7_3 = f_b_bs(state[-2 + 35].value, state[-2 + 36].value, state[-2 + 38].value, state[-2 + 40].value); - + const bitslice_value_t filter12_4 = f_a_bs(state[-2 + 46].value, state[-2 + 55].value, state[-2 + 56].value, state[-2 + 58].value); for (uint8_t i7 = 0; i7 < (1 << bits[7]); i7++) { state[-2 + 41].value = ((bool)(i7 & 0x1)) ? bs_ones.value : bs_zeroes.value; // 0xfff7ffffffff @@ -393,16 +396,14 @@ static void *find_state(void *thread_d) { continue; } + state[-2 + 59].value = lfsr_bs(11); const bitslice_value_t filter8_3 = f_b_bs(state[-2 + 36].value, state[-2 + 37].value, state[-2 + 39].value, state[-2 + 41].value); const bitslice_value_t filter10_3 = f_b_bs(state[-2 + 38].value, state[-2 + 39].value, state[-2 + 41].value, state[-2 + 43].value); const bitslice_value_t filter12_3 = f_b_bs(state[-2 + 40].value, state[-2 + 41].value, state[-2 + 43].value, state[-2 + 45].value); - for (uint8_t i8 = 0; i8 < (1 << bits[8]); i8++) { state[-2 + 42].value = ((bool)(i8 & 0x1)) ? bs_ones.value : bs_zeroes.value; // 0xffffffffffff const bitslice_value_t filter8_4 = f_a_bs(state[-2 + 42].value, state[-2 + 51].value, state[-2 + 52].value, state[-2 + 54].value); - const bitslice_value_t filter9_3 = f_b_bs(state[-2 + 37].value, state[-2 + 38].value, state[-2 + 40].value, state[-2 + 42].value); - const bitslice_value_t filter11_3 = f_b_bs(state[-2 + 39].value, state[-2 + 40].value, state[-2 + 42].value, state[-2 + 44].value); const bitslice_value_t filter8 = f_c_bs(filter8_0, filter8_1, filter8_2, filter8_3, filter8_4); bitslice_t results8; results8.value = results7.value & (filter8 ^ keystream[8].value); @@ -415,6 +416,7 @@ static void *find_state(void *thread_d) { continue; } + const bitslice_value_t filter9_3 = f_b_bs(state[-2 + 37].value, state[-2 + 38].value, state[-2 + 40].value, state[-2 + 42].value); const bitslice_value_t filter9 = f_c_bs(filter9_0, filter9_1, filter9_2, filter9_3, filter9_4); results8.value &= (filter9 ^ keystream[9].value); @@ -425,8 +427,7 @@ static void *find_state(void *thread_d) { ) { continue; } - state[-2 + 56].value = lfsr_bs(8); - const bitslice_value_t filter10_4 = f_a_bs(state[-2 + 44].value, state[-2 + 53].value, state[-2 + 54].value, state[-2 + 56].value); + const bitslice_value_t filter10 = f_c_bs(filter10_0, filter10_1, filter10_2, filter10_3, filter10_4); results8.value &= (filter10 ^ keystream[10].value); @@ -438,8 +439,7 @@ static void *find_state(void *thread_d) { continue; } - state[-2 + 57].value = lfsr_bs(9); - const bitslice_value_t filter11_4 = f_a_bs(state[-2 + 45].value, state[-2 + 54].value, state[-2 + 55].value, state[-2 + 57].value); + const bitslice_value_t filter11_3 = f_b_bs(state[-2 + 39].value, state[-2 + 40].value, state[-2 + 42].value, state[-2 + 44].value); const bitslice_value_t filter11 = f_c_bs(filter11_0, filter11_1, filter11_2, filter11_3, filter11_4); results8.value &= (filter11 ^ keystream[11].value); @@ -451,8 +451,6 @@ static void *find_state(void *thread_d) { continue; } - state[-2 + 58].value = lfsr_bs(10); - const bitslice_value_t filter12_4 = f_a_bs(state[-2 + 46].value, state[-2 + 55].value, state[-2 + 56].value, state[-2 + 58].value); const bitslice_value_t filter12 = f_c_bs(filter12_0, filter12_1, filter12_2, filter12_3, filter12_4); results8.value &= (filter12 ^ keystream[12].value); @@ -464,7 +462,6 @@ static void *find_state(void *thread_d) { continue; } - state[-2 + 59].value = lfsr_bs(11); const bitslice_value_t filter13_0 = f_a_bs(state[-2 + 15].value, state[-2 + 16].value, state[-2 + 18].value, state[-2 + 19].value); const bitslice_value_t filter13_1 = f_b_bs(state[-2 + 21].value, state[-2 + 25].value, state[-2 + 27].value, state[-2 + 28].value); const bitslice_value_t filter13_2 = f_b_bs(state[-2 + 30].value, state[-2 + 34].value, state[-2 + 36].value, state[-2 + 39].value);