X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/ac174b297a8d16b138186d4c5543c11a9572515c..1dd2335295d411a7965a936e7c8535ea86fcd877:/winsrc/command.cpp diff --git a/winsrc/command.cpp b/winsrc/command.cpp index 3fa75431..349ede69 100644 --- a/winsrc/command.cpp +++ b/winsrc/command.cpp @@ -256,6 +256,148 @@ static void CmdEM410xwatch(char *str) } while (go); } +/* Read the transmitted data of an EM4x50 tag + * Format: + * + * XXXXXXXX [row parity bit (even)] <- 8 bits plus parity + * XXXXXXXX [row parity bit (even)] <- 8 bits plus parity + * XXXXXXXX [row parity bit (even)] <- 8 bits plus parity + * XXXXXXXX [row parity bit (even)] <- 8 bits plus parity + * CCCCCCCC <- column parity bits + * 0 <- stop bit + * LW <- Listen Window + * + * This pattern repeats for every block of data being transmitted. + * Transmission starts with two Listen Windows (LW - a modulated + * pattern of 320 cycles each (32/32/128/64/64)). + * + * Note that this data may or may not be the UID. It is whatever data + * is stored in the blocks defined in the control word First and Last + * Word Read values. UID is stored in block 32. + */ +static void CmdEM4x50read(char *str) +{ + int i, j, startblock, clock, skip, block, start, end, low, high; + BOOL complete= FALSE; + int tmpbuff[MAX_GRAPH_TRACE_LEN / 64]; + char tmp[6]; + + high= low= 0; + clock= 64; + + /* first get high and low values */ + for (i = 0; i < GraphTraceLen; i++) + { + if (GraphBuffer[i] > high) + high = GraphBuffer[i]; + else if (GraphBuffer[i] < low) + low = GraphBuffer[i]; + } + + /* populate a buffer with pulse lengths */ + i= 0; + j= 0; + while(i < GraphTraceLen) + { + // measure from low to low + while(GraphBuffer[i] > low) + ++i; + start= i; + while(GraphBuffer[i] < high) + ++i; + while(GraphBuffer[i] > low) + ++i; + tmpbuff[j++]= i - start; + } + + + /* look for data start - should be 2 pairs of LW (pulses of 192,128) */ + start= -1; + skip= 0; + for (i= 0; i < j - 4 ; ++i) + { + skip += tmpbuff[i]; + if (tmpbuff[i] >= 190 && tmpbuff[i] <= 194) + if (tmpbuff[i+1] >= 126 && tmpbuff[i+1] <= 130) + if (tmpbuff[i+2] >= 190 && tmpbuff[i+2] <= 194) + if (tmpbuff[i+3] >= 126 && tmpbuff[i+3] <= 130) + { + start= i + 3; + break; + } + } + startblock= i + 3; + + /* skip over the remainder of the LW */ + skip += tmpbuff[i+1]+tmpbuff[i+2]; + while(GraphBuffer[skip] > low) + ++skip; + skip += 8; + + /* now do it again to find the end */ + end= start; + for (i += 3; i < j - 4 ; ++i) + { + end += tmpbuff[i]; + if (tmpbuff[i] >= 190 && tmpbuff[i] <= 194) + if (tmpbuff[i+1] >= 126 && tmpbuff[i+1] <= 130) + if (tmpbuff[i+2] >= 190 && tmpbuff[i+2] <= 194) + if (tmpbuff[i+3] >= 126 && tmpbuff[i+3] <= 130) + { + complete= TRUE; + break; + } + } + + if (start >= 0) + PrintToScrollback("Found data at sample: %i",skip); + else + { + PrintToScrollback("No data found!"); + PrintToScrollback("Try again with more samples."); + return; + } + + if (!complete) + { + PrintToScrollback("*** Warning!"); + PrintToScrollback("Partial data - no end found!"); + PrintToScrollback("Try again with more samples."); + } + + /* get rid of leading crap */ + sprintf(tmp,"%i",skip); + CmdLtrim(tmp); + + /* now work through remaining buffer printing out data blocks */ + block= 0; + i= startblock; + while(block < 6) + { + PrintToScrollback("Block %i:", block); + // mandemod routine needs to be split so we can call it for data + // just print for now for debugging + Cmdmanchesterdemod("i 64"); + skip= 0; + /* look for LW before start of next block */ + for ( ; i < j - 4 ; ++i) + { + skip += tmpbuff[i]; + if (tmpbuff[i] >= 190 && tmpbuff[i] <= 194) + if (tmpbuff[i+1] >= 126 && tmpbuff[i+1] <= 130) + break; + } + while(GraphBuffer[skip] > low) + ++skip; + skip += 8; + sprintf(tmp,"%i",skip); + CmdLtrim(tmp); + start += skip; + block++; + } +} + + /* Read the ID of an EM410x tag. * Format: * 1111 1111 1 <-- standard non-repeatable header @@ -497,7 +639,6 @@ static void ChkBitstream(char *str) static void CmdLosim(char *str) { int i; - char *zero = "0"; /* convert to bitstream if necessary */ ChkBitstream(str); @@ -535,6 +676,37 @@ static void CmdLoread(char *str) SendCommand(&c, FALSE); } +static void CmdDetectReader(char *str) +{ + UsbCommand c; + // 'l' means LF - 125/134 kHz + if(*str == 'l') { + c.ext1 = 1; + } else if (*str == 'h') { + c.ext1 = 2; + } else if (*str != '\0') { + PrintToScrollback("use 'detectreader' or 'detectreader l' or 'detectreader h'"); + return; + } + c.cmd = CMD_LISTEN_READER_FIELD; + SendCommand(&c, FALSE); +} + +/* send a command before reading */ +static void CmdLoCommandRead(char *str) +{ + static char dummy[3]; + + dummy[0]= ' '; + + UsbCommand c; + c.cmd = CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K; + sscanf(str, "%i %i %i %s %s", &c.ext1, &c.ext2, &c.ext3, (char *) &c.d.asBytes,(char *) &dummy+1); + // in case they specified 'h' + strcpy((char *)&c.d.asBytes + strlen((char *)c.d.asBytes), dummy); + SendCommand(&c, FALSE); +} + static void CmdLosamples(char *str) { int cnt = 0; @@ -1854,8 +2026,7 @@ static void CmdFlexdemod(char *str) static void Cmdaskdemod(char *str) { int i; - int n = 0; - int c,high,low = 0; + int c, high = 0, low = 0; // TODO: complain if we do not give 2 arguments here ! sscanf(str, "%i", &c); @@ -2409,68 +2580,71 @@ static struct { int offline; // 1 if the command can be used when in offline mode char *docString; } CommandTable[] = { - "askdemod", Cmdaskdemod,1, " <0|1> -- Attempt to demodulate simple ASK tags", - "autocorr", CmdAutoCorr,1, " -- Autocorrelation over window", - "bitsamples", CmdBitsamples,0, " Get raw samples as bitstring", - "bitstream", Cmdbitstream,1, "[clock rate] -- Convert waveform into a bitstream", - "buffclear", CmdBuffClear,0, " Clear sample buffer and graph window", - "dec", CmdDec,1, " Decimate samples", - "detectclock", Cmddetectclockrate,1, " Detect clock rate", - "em410xsim", CmdEM410xsim,1, " -- Simulate EM410x tag", - "em410xread", CmdEM410xread,1, "[clock rate] -- Extract ID from EM410x tag", - "em410xwatch", CmdEM410xwatch,0, " Watches for EM410x tags", - "exit", CmdQuit,1, " Exit program", - "flexdemod", CmdFlexdemod,1, " Demodulate samples for FlexPass", - "fpgaoff", CmdFPGAOff,0, " Set FPGA off", // ## FPGA Control - "hexsamples", CmdHexsamples,0, " -- Dump big buffer as hex bytes", - "hi14alist", CmdHi14alist,0, " List ISO 14443a history", // ## New list command - "hi14areader", CmdHi14areader,0, " Act like an ISO14443 Type A reader", // ## New reader command - "hi14asim", CmdHi14asim,0, " -- Fake ISO 14443a tag", // ## Simulate 14443a tag - "hi14asnoop", CmdHi14asnoop,0, " Eavesdrop ISO 14443 Type A", // ## New snoop command - "hi14bdemod", CmdHi14bdemod,1, " Demodulate ISO14443 Type B from tag", - "hi14list", CmdHi14list,0, " List ISO 14443 history", - "hi14read", CmdHi14read,0, " Read HF tag (ISO 14443)", - "hi14sim", CmdHi14sim,0, " Fake ISO 14443 tag", - "hi14snoop", CmdHi14snoop,0, " Eavesdrop ISO 14443", - "hi15demod", CmdHi15demod,1, " Demodulate ISO15693 from tag", - "hi15read", CmdHi15read,0, " Read HF tag (ISO 15693)", - "hi15reader", CmdHi15reader,0, " Act like an ISO15693 reader", // new command greg - "hi15sim", CmdHi15tag,0, " Fake an ISO15693 tag", // new command greg - "hiddemod", CmdHiddemod,1, " Demodulate HID Prox Card II (not optimal)", - "hide", CmdHide,1, " Hide graph window", - "hidfskdemod", CmdHIDdemodFSK,0, " Realtime HID FSK demodulator", - "hidsimtag", CmdHIDsimTAG,0, " -- HID tag simulator", - "higet", CmdHi14read_sim,0, " -- Get samples HF, 'analog'", - "hisamples", CmdHisamples,0, " Get raw samples for HF tag", - "hisampless", CmdHisampless,0, " -- Get signed raw samples, HF tag", - "hisamplest", CmdHi14readt,0, " Get samples HF, for testing", - "hisimlisten", CmdHisimlisten,0, " Get HF samples as fake tag", - "hpf", CmdHpf,1, " Remove DC offset from trace", - "indalademod", CmdIndalademod,0, "['224'] -- Demodulate samples for Indala", - "lcd", CmdLcd,0, " -- Send command/data to LCD", - "lcdreset", CmdLcdReset,0, " Hardware reset LCD", - "load", CmdLoad,1, " -- Load trace (to graph window", - "loread", CmdLoread,0, "['h'] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134)", - "losamples", CmdLosamples,0, "[128 - 16000] -- Get raw samples for LF tag", - "losim", CmdLosim,0, " Simulate LF tag", - "ltrim", CmdLtrim,1, " -- Trim samples from left of trace", - "mandemod", Cmdmanchesterdemod,1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)", - "manmod", Cmdmanchestermod,1, "[clock rate] -- Manchester modulate a binary stream", - "norm", CmdNorm,1, " Normalize max/min to +/-500", - "plot", CmdPlot,1, " Show graph window", - "quit", CmdQuit,1, " Quit program", - "reset", CmdReset,0, " Reset the Proxmark3", - "save", CmdSave,1, " -- Save trace (from graph window)", - "scale", CmdScale,1, " -- Set cursor display scale", - "setlfdivisor", CmdSetDivisor,0, "<19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)", - "sri512read", CmdSri512read,0, " -- Read contents of a SRI512 tag", - "sweeplf", CmdSweepLF,0, " Sweep through LF freq range and store results in buffer", - "tibits", CmdTibits,0, " Get raw bits for TI-type LF tag", - "tidemod", CmdTidemod,0, " Demodulate raw bits for TI-type LF tag", - "tiread", CmdTiread,0, " Read a TI-type 134 kHz tag", - "tune", CmdTune,0, " Measure antenna tuning", - "vchdemod", CmdVchdemod,0, "['clone'] -- Demodulate samples for VeriChip", - "zerocrossings", CmdZerocrossings,1, " Count time between zero-crossings", + {"askdemod", Cmdaskdemod,1, " <0|1> -- Attempt to demodulate simple ASK tags"}, + {"autocorr", CmdAutoCorr,1, " -- Autocorrelation over window"}, + {"bitsamples", CmdBitsamples,0, " Get raw samples as bitstring"}, + {"bitstream", Cmdbitstream,1, "[clock rate] -- Convert waveform into a bitstream"}, + {"buffclear", CmdBuffClear,0, " Clear sample buffer and graph window"}, + {"dec", CmdDec,1, " Decimate samples"}, + {"detectclock", Cmddetectclockrate,1, " Detect clock rate"}, + {"detectreader", CmdDetectReader,0, "['l'|'h'] -- Detect external reader field (option 'l' or 'h' to limit to LF or HF)"}, + {"em410xsim", CmdEM410xsim,1, " -- Simulate EM410x tag"}, + {"em410xread", CmdEM410xread,1, "[clock rate] -- Extract ID from EM410x tag"}, + {"em410xwatch", CmdEM410xwatch,0, " Watches for EM410x tags"}, + {"em4x50read", CmdEM4x50read,1, " Extract data from EM4x50 tag"}, + {"exit", CmdQuit,1, " Exit program"}, + {"flexdemod", CmdFlexdemod,1, " Demodulate samples for FlexPass"}, + {"fpgaoff", CmdFPGAOff,0, " Set FPGA off"}, // ## FPGA Control + {"hexsamples", CmdHexsamples,0, " -- Dump big buffer as hex bytes"}, + {"hi14alist", CmdHi14alist,0, " List ISO 14443a history"}, // ## New list command + {"hi14areader", CmdHi14areader,0, " Act like an ISO14443 Type A reader"}, // ## New reader command + {"hi14asim", CmdHi14asim,0, " -- Fake ISO 14443a tag"}, // ## Simulate 14443a tag + {"hi14asnoop", CmdHi14asnoop,0, " Eavesdrop ISO 14443 Type A"}, // ## New snoop command + {"hi14bdemod", CmdHi14bdemod,1, " Demodulate ISO14443 Type B from tag"}, + {"hi14list", CmdHi14list,0, " List ISO 14443 history"}, + {"hi14read", CmdHi14read,0, " Read HF tag (ISO 14443)"}, + {"hi14sim", CmdHi14sim,0, " Fake ISO 14443 tag"}, + {"hi14snoop", CmdHi14snoop,0, " Eavesdrop ISO 14443"}, + {"hi15demod", CmdHi15demod,1, " Demodulate ISO15693 from tag"}, + {"hi15read", CmdHi15read,0, " Read HF tag (ISO 15693)"}, + {"hi15reader", CmdHi15reader,0, " Act like an ISO15693 reader"}, // new command greg + {"hi15sim", CmdHi15tag,0, " Fake an ISO15693 tag"}, // new command greg + {"hiddemod", CmdHiddemod,1, " Demodulate HID Prox Card II (not optimal)"}, + {"hide", CmdHide,1, " Hide graph window"}, + {"hidfskdemod", CmdHIDdemodFSK,0, " Realtime HID FSK demodulator"}, + {"hidsimtag", CmdHIDsimTAG,0, " -- HID tag simulator"}, + {"higet", CmdHi14read_sim,0, " -- Get samples HF, 'analog'"}, + {"hisamples", CmdHisamples,0, " Get raw samples for HF tag"}, + {"hisampless", CmdHisampless,0, " -- Get signed raw samples, HF tag"}, + {"hisamplest", CmdHi14readt,0, " Get samples HF, for testing"}, + {"hisimlisten", CmdHisimlisten,0, " Get HF samples as fake tag"}, + {"hpf", CmdHpf,1, " Remove DC offset from trace"}, + {"indalademod", CmdIndalademod,0, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"}, + {"lcd", CmdLcd,0, " -- Send command/data to LCD"}, + {"lcdreset", CmdLcdReset,0, " Hardware reset LCD"}, + {"load", CmdLoad,1, " -- Load trace (to graph window"}, + {"locomread", CmdLoCommandRead,0, " <'0' period> <'1' period> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"}, + {"loread", CmdLoread,0, "['h'] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134)"}, + {"losamples", CmdLosamples,0, "[128 - 16000] -- Get raw samples for LF tag"}, + {"losim", CmdLosim,0, " Simulate LF tag"}, + {"ltrim", CmdLtrim,1, " -- Trim samples from left of trace"}, + {"mandemod", Cmdmanchesterdemod,1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)"}, + {"manmod", Cmdmanchestermod,1, "[clock rate] -- Manchester modulate a binary stream"}, + {"norm", CmdNorm,1, " Normalize max/min to +/-500"}, + {"plot", CmdPlot,1, " Show graph window"}, + {"quit", CmdQuit,1, " Quit program"}, + {"reset", CmdReset,0, " Reset the Proxmark3"}, + {"save", CmdSave,1, " -- Save trace (from graph window)"}, + {"scale", CmdScale,1, " -- Set cursor display scale"}, + {"setlfdivisor", CmdSetDivisor,0, "<19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)"}, + {"sri512read", CmdSri512read,0, " -- Read contents of a SRI512 tag"}, + {"sweeplf", CmdSweepLF,0, " Sweep through LF freq range and store results in buffer"}, + {"tibits", CmdTibits,0, " Get raw bits for TI-type LF tag"}, + {"tidemod", CmdTidemod,0, " Demodulate raw bits for TI-type LF tag"}, + {"tiread", CmdTiread,0, " Read a TI-type 134 kHz tag"}, + {"tune", CmdTune,0, " Measure antenna tuning"}, + {"vchdemod", CmdVchdemod,0, "['clone'] -- Demodulate samples for VeriChip"}, + {"zerocrossings", CmdZerocrossings,1, " Count time between zero-crossings"}, };