+//-----------------------------------------------------------------------------
+// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// High frequency Legic commands
+//-----------------------------------------------------------------------------
+
#include <stdio.h>
#include <string.h>
#include "proxusb.h"
+#include "data.h"
+#include "ui.h"
#include "cmdparser.h"
#include "cmdhflegic.h"
#include "cmdmain.h"
-#include "data.h"
-#include "ui.h"
-#include <string.h>
-#include <stdio.h>
static int CmdHelp(const char *Cmd);
-int CmdLegicRFRead(const char *Cmd)
-{
- int byte_count=0,offset=0;
- sscanf(Cmd, "%i %i", &offset, &byte_count);
- if(byte_count == 0) byte_count = 256;
- if(byte_count + offset > 256) byte_count = 256 - offset;
- UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}};
- SendCommand(&c);
- return 0;
-}
-
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
- {"reader", CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"},
{"decode", CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"},
+ {"reader", CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"},
{NULL, NULL, 0, NULL}
};
* Output BigBuf and deobfuscate LEGIC RF tag data.
* This is based on information given in the talk held
* by Henryk Ploetz and Karsten Nohl at 26c3
- * FIXME: will crash if sample buffer does not contain valid legic data
*/
int CmdLegicDecode(const char *Cmd)
{
PrintAndLog("\nADF: User Area");
- i = 22;
+ i = 22;
for (n=0; n<64; n++) {
segment_len = ((data_buf[i+1]^crc)&0x0f) * 256 + (data_buf[i]^crc);
segment_flag = ((data_buf[i+1]^crc)&0xf0)>>4;
if (wrc>0) {
PrintAndLog("WRC protected area:");
- for (k=0, j=0; k < wrc; k++, i++, j += 3) {
+ for (k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' ';
};
if (wrp>wrc) {
PrintAndLog("Remaining write protected area:");
- for (k=0, j=0; k < (wrp-wrc); k++, i++, j += 3) {
+ for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' ';
};
}
PrintAndLog("Remaining segment payload:");
- for (k=0, j=0; k < (segment_len - wrp - 5); k++, i++, j += 3) {
+ for (k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) {
sprintf(&out_string[j], "%02x", (data_buf[i]^crc));
out_string[j+2] = ' ';
};
};
return 0;
}
+
+int CmdLegicRFRead(const char *Cmd)
+{
+ int byte_count=0,offset=0;
+ sscanf(Cmd, "%i %i", &offset, &byte_count);
+ if(byte_count == 0) byte_count = -1;
+ if(byte_count + offset > 1024) byte_count = 1024 - offset;
+ UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}};
+ SendCommand(&c);
+ return 0;
+}