mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-01-08 17:18:10 +08:00
139 lines
3.9 KiB
C
139 lines
3.9 KiB
C
//-----------------------------------------------------------------------------
|
|
// Samy Kamkar, 2012
|
|
// Christian Herrmann, 2017
|
|
//
|
|
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
|
// at your option, any later version. See the LICENSE.txt file for the text of
|
|
// the license.
|
|
//-----------------------------------------------------------------------------
|
|
// main code for LF aka SamyRun by Samy Kamkar
|
|
//-----------------------------------------------------------------------------
|
|
#include "standalone.h" // standalone definitions
|
|
#include "proxmark3_arm.h"
|
|
#include "appmain.h"
|
|
#include "fpgaloader.h"
|
|
#include "lfops.h"
|
|
#include "util.h"
|
|
#include "dbprint.h"
|
|
#include "ticks.h"
|
|
|
|
#define OPTS 2
|
|
|
|
void ModInfo(void) {
|
|
DbpString(" LF HID26 standalone - aka SamyRun (Samy Kamkar)");
|
|
}
|
|
|
|
// samy's sniff and repeat routine for LF
|
|
|
|
// LEDS.
|
|
// A , B == which bank (recording)
|
|
// FLASHING A, B = clone bank
|
|
// C = playing bank A
|
|
// D = playing bank B
|
|
|
|
void RunMod(void) {
|
|
StandAloneMode();
|
|
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
|
|
Dbprintf(">> LF HID Read/Clone/Sim a.k.a SamyRun Started <<");
|
|
|
|
uint32_t high[OPTS], low[OPTS];
|
|
int selected = 0;
|
|
|
|
#define STATE_READ 0
|
|
#define STATE_SIM 1
|
|
#define STATE_CLONE 2
|
|
|
|
uint8_t state = STATE_READ;
|
|
|
|
for (;;) {
|
|
|
|
WDT_HIT();
|
|
|
|
// exit from SamyRun, send a usbcommand.
|
|
if (data_available()) break;
|
|
|
|
// Was our button held down or pressed?
|
|
int button_pressed = BUTTON_HELD(280);
|
|
if (button_pressed != BUTTON_HOLD)
|
|
continue;
|
|
|
|
if (state == STATE_READ) {
|
|
|
|
if (selected == 0) {
|
|
LED_A_ON();
|
|
LED_B_OFF();
|
|
} else {
|
|
LED_B_ON();
|
|
LED_A_OFF();
|
|
}
|
|
|
|
LED_C_OFF();
|
|
LED_D_OFF();
|
|
|
|
WAIT_BUTTON_RELEASED();
|
|
|
|
// record
|
|
DbpString("[=] start recording");
|
|
|
|
// findone, high, low, no ledcontrol (A)
|
|
uint32_t hi = 0, lo = 0;
|
|
lf_hid_watch(1, &hi, &lo);
|
|
high[selected] = hi;
|
|
low[selected] = lo;
|
|
|
|
Dbprintf("[=] recorded %x | %x%08x", selected, high[selected], low[selected]);
|
|
|
|
// got nothing. blink and loop.
|
|
if (hi == 0 && lo == 0) {
|
|
SpinErr((selected == 0) ? LED_A : LED_B, 100, 12);
|
|
DbpString("[=] only got zeros, retry recording after click");
|
|
continue;
|
|
}
|
|
|
|
SpinErr((selected == 0) ? LED_A : LED_B, 250, 2);
|
|
state = STATE_SIM;
|
|
continue;
|
|
|
|
} else if (state == STATE_SIM) {
|
|
|
|
LED_C_ON(); // Simulate
|
|
LED_D_OFF();
|
|
WAIT_BUTTON_RELEASED();
|
|
|
|
Dbprintf("[=] simulating %x | %x%08x", selected, high[selected], low[selected]);
|
|
|
|
// high, low, no led control(A) no time limit
|
|
CmdHIDsimTAGEx(0, high[selected], low[selected], 0, false, -1);
|
|
|
|
DbpString("[=] simulating done");
|
|
|
|
uint8_t leds = ((selected == 0) ? LED_A : LED_B) | LED_C;
|
|
SpinErr(leds, 250, 2);
|
|
state = STATE_CLONE;
|
|
continue;
|
|
|
|
} else if (state == STATE_CLONE) {
|
|
|
|
LED_C_OFF();
|
|
LED_D_ON(); // clone
|
|
WAIT_BUTTON_RELEASED();
|
|
|
|
Dbprintf("[=] cloning %x | %x%08x", selected, high[selected], low[selected]);
|
|
|
|
// high2, high, low, no longFMT
|
|
CopyHIDtoT55x7(0, high[selected], low[selected], 0);
|
|
|
|
DbpString("[=] cloned done");
|
|
|
|
state = STATE_READ;
|
|
uint8_t leds = ((selected == 0) ? LED_A : LED_B) | LED_D;
|
|
SpinErr(leds, 250, 2);
|
|
selected = (selected + 1) % OPTS;
|
|
LEDsoff();
|
|
}
|
|
}
|
|
|
|
SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5);
|
|
DbpString("[=] You can take shell back :) ...");
|
|
LEDsoff();
|
|
}
|