1 //-----------------------------------------------------------------------------
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
6 //-----------------------------------------------------------------------------
7 // Low frequency visa 200 tag commands
9 //-----------------------------------------------------------------------------
11 #include "cmdlfvisa2000.h"
14 #include "proxmark3.h"
18 #include "cmddata.h" // for ASKDemod_ext, g_debugMode, DemodBuffer ...
19 #include "cmdmain.h" // for clearCommandBuffer and WaitForResponseTimeout
21 #include "protocols.h" // for T55xx config register definitions
22 #include "lfdemod.h" // for Visa2kDemod_AM
24 #define BL0CK1 0x56495332
26 static int CmdHelp(const char *Cmd
);
28 int usage_lf_visa2k_clone(void){
29 PrintAndLog("clone a Visa2000 tag to a T55x7 tag.");
30 PrintAndLog("Usage: lf visa2k clone [h] <card ID> <Q5>");
31 PrintAndLog("Options:");
32 PrintAndLog(" h : This help");
33 PrintAndLog(" <card ID> : Visa2k card ID");
34 PrintAndLog(" <Q5> : specify write to Q5 (t5555 instead of t55x7)");
36 PrintAndLog("Sample: lf visa2k clone 112233");
40 int usage_lf_visa2k_sim(void) {
41 PrintAndLog("Enables simulation of visa2k card with specified card number.");
42 PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
44 PrintAndLog("Usage: lf visa2k sim [h] <card ID>");
45 PrintAndLog("Options:");
46 PrintAndLog(" h : This help");
47 PrintAndLog(" <card ID> : Visa2k card ID");
49 PrintAndLog("Sample: lf visa2k sim 112233");
53 static uint8_t visa_chksum( uint32_t id
) {
55 for (uint8_t i
= 0; i
< 32; i
+= 4)
56 sum
^= (id
>> i
) & 0xF;
61 static uint8_t visa_parity( uint32_t id
) {
70 par
|= par_lut
[ (id
>> 28) & 0xF ] << 7;
71 par
|= par_lut
[ (id
>> 24) & 0xF ] << 6;
72 par
|= par_lut
[ (id
>> 20) & 0xF ] << 5;
73 par
|= par_lut
[ (id
>> 16) & 0xF ] << 4;
74 par
|= par_lut
[ (id
>> 12) & 0xF ] << 3;
75 par
|= par_lut
[ (id
>> 8) & 0xF ] << 2;
76 par
|= par_lut
[ (id
>> 4) & 0xF ] << 1;
77 par
|= par_lut
[ (id
& 0xF) ];
84 * 56495332 00096ebd 00000077 —> tag id 618173
85 * aaaaaaaa iiiiiiii -----..c
87 * a = fixed value ascii 'VIS2'
89 * c = checksum (xor of card id)
93 //see ASKDemod for what args are accepted
94 int CmdVisa2kDemod(const char *Cmd
) {
96 //sCmdAskEdgeDetect("");
100 if (!ASKDemod_ext("64 0 0", false, false, 1, &st
)) {
101 if (g_debugMode
) PrintAndLog("DEBUG: Error - Visa2k: ASK/Manchester Demod failed");
104 size_t size
= DemodBufferLen
;
105 int ans
= Visa2kDemod_AM(DemodBuffer
, &size
);
109 PrintAndLog("DEBUG: Error - Visa2k: too few bits found");
111 PrintAndLog("DEBUG: Error - Visa2k: preamble not found");
113 PrintAndLog("DEBUG: Error - Visa2k: Size not correct: %d", size
);
115 PrintAndLog("DEBUG: Error - Visa2k: ans: %d", ans
);
119 setDemodBuf(DemodBuffer
, 96, ans
);
123 uint32_t raw1
= bytebits_to_byte(DemodBuffer
, 32);
124 uint32_t raw2
= bytebits_to_byte(DemodBuffer
+32, 32);
125 uint32_t raw3
= bytebits_to_byte(DemodBuffer
+64, 32);
128 uint8_t calc
= visa_chksum(raw2
);
129 uint8_t chk
= raw3
& 0xF;
133 printf("DEBUG: error: Visa2000 checksum failed %x - %x\n", chk
, calc
);
137 uint8_t calc_par
= visa_parity(raw2
);
138 uint8_t chk_par
= (raw3
& 0xFF0) >> 4;
139 if ( calc_par
!= chk_par
) {
140 printf("DEBUG: error: Visa2000 parity failed %x - %x\n", chk_par
, calc_par
);
143 PrintAndLog("Visa2000 Tag Found: Card ID %u, Raw: %08X%08X%08X", raw2
, raw1
,raw2
, raw3
);
147 int CmdVisa2kRead(const char *Cmd
) {
149 //64*96*2=12288 samples just in case we just missed the first preamble we can still catch 2 of them
150 getSamples("12500",true);
151 return CmdVisa2kDemod(Cmd
);
154 int CmdVisa2kClone(const char *Cmd
) {
157 uint32_t blocks
[4] = {T55x7_MODULATION_MANCHESTER
| T55x7_BITRATE_RF_64
| T55x7_ST_TERMINATOR
| 3 << T55x7_MAXBLOCK_SHIFT
, BL0CK1
, 0};
159 char cmdp
= param_getchar(Cmd
, 0);
160 if (strlen(Cmd
) == 0 || cmdp
== 'h' || cmdp
== 'H') return usage_lf_visa2k_clone();
162 id
= param_get32ex(Cmd
, 0, 0, 10);
165 if (param_getchar(Cmd
, 1) == 'Q' || param_getchar(Cmd
, 1) == 'q') {
166 //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
167 blocks
[0] = T5555_MODULATION_MANCHESTER
| ((64-2)>>1) << T5555_BITRATE_SHIFT
| T5555_ST_TERMINATOR
| 3 << T5555_MAXBLOCK_SHIFT
;
171 blocks
[3] = (visa_parity(id
) << 4) | visa_chksum(id
);
173 PrintAndLog("Preparing to clone Visa2000 to T55x7 with CardId: %u", id
);
174 PrintAndLog("Blk | Data ");
175 PrintAndLog("----+------------");
176 for(int i
= 0; i
<4; ++i
)
177 PrintAndLog(" %02d | 0x%08x", i
, blocks
[i
]);
180 UsbCommand c
= {CMD_T55XX_WRITE_BLOCK
, {0,0,0}};
182 for (int i
= 3; i
>= 0; --i
) {
183 c
.arg
[0] = blocks
[i
];
185 clearCommandBuffer();
187 if (!WaitForResponseTimeout(CMD_ACK
, &resp
, T55XX_WRITE_TIMEOUT
)){
188 PrintAndLog("Error occurred, device did not respond during write operation.");
195 int CmdVisa2kSim(const char *Cmd
) {
198 char cmdp
= param_getchar(Cmd
, 0);
199 if (strlen(Cmd
) == 0 || cmdp
== 'h' || cmdp
== 'H') return usage_lf_visa2k_sim();
201 id
= param_get32ex(Cmd
, 0, 0, 10);
203 uint8_t clk
= 64, encoding
= 1, separator
= 1, invert
= 0;
206 arg1
= clk
<< 8 | encoding
;
207 arg2
= invert
<< 8 | separator
;
209 PrintAndLog("Simulating Visa2000 - CardId: %u", id
);
211 UsbCommand c
= {CMD_ASK_SIM_TAG
, {arg1
, arg2
, size
}};
213 uint32_t blocks
[3] = { BL0CK1
, id
, (visa_parity(id
) << 4) | visa_chksum(id
) };
215 for(int i
=0; i
<3; ++i
)
216 num_to_bytebits(blocks
[i
], 32, c
.d
.asBytes
+ i
*32);
218 clearCommandBuffer();
223 static command_t CommandTable
[] = {
224 {"help", CmdHelp
, 1, "This help"},
225 {"demod", CmdVisa2kDemod
, 1, "Attempt to demod from GraphBuffer"},
226 {"read", CmdVisa2kRead
, 0, "Attempt to read and extract tag data"},
227 {"clone", CmdVisa2kClone
, 0, "clone Visa2000 tag"},
228 {"sim", CmdVisa2kSim
, 0, "simulate Visa2000 tag"},
229 {NULL
, NULL
, 0, NULL
}
232 int CmdLFVisa2k(const char *Cmd
) {
233 clearCommandBuffer();
234 CmdsParse(CommandTable
, Cmd
);
238 int CmdHelp(const char *Cmd
) {
239 CmdsHelp(CommandTable
);