]> git.zerfleddert.de Git - proxmark3-svn/commitdiff
Added command to read PCF7931 125Khz LF tags. This is a beta version which needs...
authorchalk.secu@gmail.com <chalk.secu@gmail.com@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Fri, 18 Jan 2013 21:31:35 +0000 (21:31 +0000)
committerchalk.secu@gmail.com <chalk.secu@gmail.com@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Fri, 18 Jan 2013 21:31:35 +0000 (21:31 +0000)
armsrc/appmain.c
armsrc/apps.h
armsrc/lfops.c
client/Makefile
client/cmdlf.c
client/cmdlfpcf7931.c [new file with mode: 0644]
client/cmdlfpcf7931.h [new file with mode: 0644]
include/usb_cmd.h

index 1f005716afa2684e6b60c3727f3d3f4f77cbc5de..a284cacf6ad94b13a5be4a7290e558d51d6cdabc 100644 (file)
@@ -666,6 +666,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
                case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
                        T55xxReadTrace();
                        break;
                case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
                        T55xxReadTrace();
                        break;
+               case CMD_PCF7931_READ: // Read PCF7931 tag
+                       ReadPCF7931();
+                       UsbSendPacket((uint8_t*)&ack, sizeof(ack));
+                       break;
 #endif
 
 #ifdef WITH_HITAG
 #endif
 
 #ifdef WITH_HITAG
index 93b59306e6aa27d679881532bb09bc5c09cbd21c..fbc74dcdedc3efa869d11d02023e670dd9be2cc4 100644 (file)
@@ -124,6 +124,10 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode );
 void T55xxReadTrace(void);
 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
 void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode );
 void T55xxReadTrace(void);
+int DemodPCF7931(uint8_t **outBlocks);
+int IsBlock0PCF7931(uint8_t *Block);
+int IsBlock1PCF7931(uint8_t *Block);
+void ReadPCF7931();
 
 /// iso14443.h
 void SimulateIso14443Tag(void);
 
 /// iso14443.h
 void SimulateIso14443Tag(void);
index 0eb3503d0eb99d4ef967a9e5d9f84140d97ebc16..3b7216ed35d189eac699296aba56ee33f90d2347 100644 (file)
@@ -1295,3 +1295,261 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
        DbpString("DONE!");
 
 }
        DbpString("DONE!");
 
 }
+
+#define abs(x) ( ((x)<0) ? -(x) : (x) )
+#define max(x,y) ( x<y ? y:x)
+
+int DemodPCF7931(uint8_t **outBlocks) {
+  uint8_t BitStream[256];
+  uint8_t Blocks[8][16];
+  uint8_t *GraphBuffer = (uint8_t *)BigBuf;
+  int GraphTraceLen = sizeof(BigBuf);
+  int i, j, lastval, bitidx, half_switch;
+  int clock = 64;
+  int tolerance = clock / 8;
+  int pmc, block_done;
+  int lc, warnings = 0;
+  int num_blocks = 0;
+  int lmin=128, lmax=128;
+  uint8_t dir;
+
+  AcquireRawAdcSamples125k(0);
+
+  lmin = 64;
+  lmax = 192;
+
+  i = 2;
+
+  /* Find first local max/min */
+  if(GraphBuffer[1] > GraphBuffer[0]) {
+    while(i < GraphTraceLen) {
+      if( !(GraphBuffer[i] > GraphBuffer[i-1]) && GraphBuffer[i] > lmax)
+       break;
+      i++;
+    }
+    dir = 0;
+  }
+  else {
+    while(i < GraphTraceLen) {
+      if( !(GraphBuffer[i] < GraphBuffer[i-1]) && GraphBuffer[i] < lmin)
+       break;
+      i++;
+    }
+    dir = 1;
+  }
+  
+  lastval = i++;
+  half_switch = 0;
+  pmc = 0;
+  block_done = 0;
+  
+  for (bitidx = 0; i < GraphTraceLen; i++)
+    {
+      if ( (GraphBuffer[i-1] > GraphBuffer[i] && dir == 1 && GraphBuffer[i] > lmax) || (GraphBuffer[i-1] < GraphBuffer[i] && dir == 0 && GraphBuffer[i] < lmin))
+       {
+         lc = i - lastval;
+         lastval = i;
+         
+         // Switch depending on lc length:
+         // Tolerance is 1/8 of clock rate (arbitrary)
+         if (abs(lc-clock/4) < tolerance) {
+           // 16T0
+           if((i - pmc) == lc) { /* 16T0 was previous one */
+             /* It's a PMC ! */
+             i += (128+127+16+32+33+16)-1;
+             lastval = i;
+             pmc = 0;
+             block_done = 1;
+           }
+           else {
+             pmc = i;
+           }
+         } else if (abs(lc-clock/2) < tolerance) {
+           // 32TO
+           if((i - pmc) == lc) { /* 16T0 was previous one */
+             /* It's a PMC ! */
+             i += (128+127+16+32+33)-1;
+             lastval = i;
+             pmc = 0;
+             block_done = 1;
+           }
+           else if(half_switch == 1) {
+             BitStream[bitidx++] = 0;
+             half_switch = 0;
+           }
+           else
+             half_switch++;
+         } else if (abs(lc-clock) < tolerance) {
+           // 64TO
+           BitStream[bitidx++] = 1;
+         } else {
+           // Error
+           warnings++;
+           if (warnings > 10)
+             {
+               Dbprintf("Error: too many detection errors, aborting.");
+               return 0;
+             }
+         }
+         
+         if(block_done == 1) {
+           if(bitidx == 128) {
+             for(j=0; j<16; j++) {
+               Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
+                 64*BitStream[j*8+6]+
+                 32*BitStream[j*8+5]+
+                 16*BitStream[j*8+4]+
+                 8*BitStream[j*8+3]+
+                 4*BitStream[j*8+2]+
+                 2*BitStream[j*8+1]+
+                 BitStream[j*8];
+             }
+             num_blocks++;
+           }
+           bitidx = 0;
+           block_done = 0;
+           half_switch = 0;
+         }
+         if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
+         else dir = 1;
+       }
+      if(bitidx==255)
+       bitidx=0;
+      warnings = 0;
+      if(num_blocks == 4) break;
+    }
+  memcpy(outBlocks, Blocks, 16*num_blocks);
+  return num_blocks;
+}
+
+int IsBlock0PCF7931(uint8_t *Block) {
+  // Assume RFU means 0 :)
+  if((memcmp(Block, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) && memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) // PAC enabled
+    return 1;
+  if((memcmp(Block+9, "\x00\x00\x00\x00\x00\x00\x00", 7) == 0) && Block[7] == 0) // PAC disabled, can it *really* happen ?
+    return 1;
+  return 0;
+}
+
+int IsBlock1PCF7931(uint8_t *Block) {
+  // Assume RFU means 0 :)
+  if(Block[10] == 0 && Block[11] == 0 && Block[12] == 0 && Block[13] == 0)
+    if((Block[14] & 0x7f) <= 9 && Block[15] <= 9)
+      return 1;
+
+  return 0;
+}
+
+#define ALLOC 16
+
+void ReadPCF7931() {
+  uint8_t Blocks[8][17];
+  uint8_t tmpBlocks[4][16];
+  int i, j, ind, ind2, n;
+  int num_blocks = 0;
+  int max_blocks = 8;
+  int ident = 0;
+  int error = 0;
+  int tries = 0;
+  
+  memset(Blocks, 0, 8*17*sizeof(uint8_t));
+
+  do {
+    memset(tmpBlocks, 0, 4*16*sizeof(uint8_t));
+    n = DemodPCF7931((uint8_t**)tmpBlocks);
+    if(!n)
+      error++;
+    if(error==10 && num_blocks == 0) {
+      Dbprintf("Error, no tag or bad tag");
+      return;
+    }
+    else if (tries==20 || error==10) {
+      Dbprintf("Error reading the tag");
+      Dbprintf("Here is the partial content");
+      goto end;
+    }
+    
+    for(i=0; i<n; i++)
+      Dbprintf("(dbg) %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
+              tmpBlocks[i][0], tmpBlocks[i][1], tmpBlocks[i][2], tmpBlocks[i][3], tmpBlocks[i][4], tmpBlocks[i][5], tmpBlocks[i][6], tmpBlocks[i][7], 
+              tmpBlocks[i][8], tmpBlocks[i][9], tmpBlocks[i][10], tmpBlocks[i][11], tmpBlocks[i][12], tmpBlocks[i][13], tmpBlocks[i][14], tmpBlocks[i][15]);
+    if(!ident) {
+      for(i=0; i<n; i++) {
+       if(IsBlock0PCF7931(tmpBlocks[i])) {
+         // Found block 0 ?
+         if(i < n-1 && IsBlock1PCF7931(tmpBlocks[i+1])) {
+           // Found block 1!
+           // \o/
+           ident = 1;
+           memcpy(Blocks[0], tmpBlocks[i], 16);
+           Blocks[0][ALLOC] = 1;
+           memcpy(Blocks[1], tmpBlocks[i+1], 16);
+           Blocks[1][ALLOC] = 1;
+           max_blocks = max((Blocks[1][14] & 0x7f), Blocks[1][15]) + 1;
+           // Debug print
+           Dbprintf("(dbg) Max blocks: %d", max_blocks);
+           num_blocks = 2;
+           // Handle following blocks
+           for(j=i+2, ind2=2; j!=i; j++, ind2++, num_blocks++) {
+             if(j==n) j=0;
+             if(j==i) break;
+             memcpy(Blocks[ind2], tmpBlocks[j], 16);
+             Blocks[ind2][ALLOC] = 1;
+           }
+           break;
+         }
+       }
+      }
+    }
+    else {
+      for(i=0; i<n; i++) { // Look for identical block in known blocks
+       if(memcmp(tmpBlocks[i], "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)) { // Block is not full of 00
+         for(j=0; j<max_blocks; j++) {
+           if(Blocks[j][ALLOC] == 1 && !memcmp(tmpBlocks[i], Blocks[j], 16)) {
+             // Found an identical block
+             for(ind=i-1,ind2=j-1; ind >= 0; ind--,ind2--) {
+               if(ind2 < 0)
+                 ind2 = max_blocks;
+               if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found
+                 // Dbprintf("Tmp %d -> Block %d", ind, ind2);
+                 memcpy(Blocks[ind2], tmpBlocks[ind], 16);
+                 Blocks[ind2][ALLOC] = 1;
+                 num_blocks++;
+                 if(num_blocks == max_blocks) goto end;
+               }
+             }
+             for(ind=i+1,ind2=j+1; ind < n; ind++,ind2++) {
+               if(ind2 > max_blocks)
+                 ind2 = 0;
+               if(!Blocks[ind2][ALLOC]) { // Block ind2 not already found
+                 // Dbprintf("Tmp %d -> Block %d", ind, ind2);
+                 memcpy(Blocks[ind2], tmpBlocks[ind], 16);
+                 Blocks[ind2][ALLOC] = 1;
+                 num_blocks++;
+                 if(num_blocks == max_blocks) goto end;
+               }
+             }
+           }
+         }
+       }
+      }
+    }
+    tries++;
+    if (BUTTON_PRESS()) return;
+  } while (num_blocks != max_blocks);
+ end:
+  Dbprintf("-----------------------------------------");
+  Dbprintf("Memory content:");
+  Dbprintf("-----------------------------------------");
+  for(i=0; i<max_blocks; i++) {
+    if(Blocks[i][ALLOC]==1)
+      Dbprintf("%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
+              Blocks[i][0], Blocks[i][1], Blocks[i][2], Blocks[i][3], Blocks[i][4], Blocks[i][5], Blocks[i][6], Blocks[i][7], 
+              Blocks[i][8], Blocks[i][9], Blocks[i][10], Blocks[i][11], Blocks[i][12], Blocks[i][13], Blocks[i][14], Blocks[i][15]);
+    else
+      Dbprintf("<missing block %d>", i);
+  }
+  Dbprintf("-----------------------------------------");
+  
+  return ;
+}
index 597f562eef6910c1e76219c18b8718524aff6225..028888d4f011dda8473c449a0b3caf0783df3bb7 100644 (file)
@@ -68,7 +68,8 @@ CMDSRCS = \
                        cmdlfti.c \
                        cmdparser.c \
                        cmdmain.c \
                        cmdlfti.c \
                        cmdparser.c \
                        cmdmain.c \
-                       cmdlft55xx.c
+                       cmdlft55xx.c \
+                       cmdlfpcf7931.c
 
 CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o)
 
 
 CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o)
 
index f3a3f52a7dfa6a6da2cdcde4240c80bfcec4507f..96e31541b8ffdb7a460a04a304b53703c3198254 100644 (file)
@@ -25,6 +25,7 @@
 #include "cmdlfem4x.h"
 #include "cmdlfhitag.h"
 #include "cmdlft55xx.h"
 #include "cmdlfem4x.h"
 #include "cmdlfhitag.h"
 #include "cmdlft55xx.h"
+#include "cmdlfpcf7931.h"
 
 static int CmdHelp(const char *Cmd);
 
 
 static int CmdHelp(const char *Cmd);
 
@@ -540,6 +541,7 @@ static command_t CommandTable[] =
   {"hitag",       CmdLFHitag,         1, "{ Hitag tags and transponders... }"},
   {"vchdemod",    CmdVchDemod,        1, "['clone'] -- Demodulate samples for VeriChip"},
   {"t55xx",       CmdLFT55XX,         1, "{ T55xx RFIDs... }"},
   {"hitag",       CmdLFHitag,         1, "{ Hitag tags and transponders... }"},
   {"vchdemod",    CmdVchDemod,        1, "['clone'] -- Demodulate samples for VeriChip"},
   {"t55xx",       CmdLFT55XX,         1, "{ T55xx RFIDs... }"},
+  {"pcf7931",     CmdLFPCF7931,       1, "{PCF7931 RFIDs...}"},
   {NULL, NULL, 0, NULL}
 };
 
   {NULL, NULL, 0, NULL}
 };
 
diff --git a/client/cmdlfpcf7931.c b/client/cmdlfpcf7931.c
new file mode 100644 (file)
index 0000000..c31a9f9
--- /dev/null
@@ -0,0 +1,49 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2012 Chalk <chalk.secu at gmail.com>
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Low frequency PCF7931 commands
+//-----------------------------------------------------------------------------
+
+#include <stdio.h>
+#include <string.h>
+#include "proxusb.h"
+#include "ui.h"
+#include "graph.h"
+#include "cmdparser.h"
+#include "cmddata.h"
+#include "cmdmain.h"
+#include "cmdlf.h"
+#include "cmdlfpcf7931.h"
+
+static int CmdHelp(const char *Cmd);
+
+int CmdLFPCF7931Read(const char *Cmd)
+{
+  UsbCommand c = {CMD_PCF7931_READ};
+  SendCommand(&c);
+  WaitForResponse(CMD_ACK);
+  return 0;
+}
+
+static command_t CommandTable[] = 
+{
+  {"help", CmdHelp, 1, "This help"},
+  {"read", CmdLFPCF7931Read, 1, "Read content of a PCF7931 transponder"},
+  {NULL, NULL, 0, NULL}
+};
+
+int CmdLFPCF7931(const char *Cmd)
+{
+  CmdsParse(CommandTable, Cmd);
+  return 0;
+}
+
+int CmdHelp(const char *Cmd)
+{
+  CmdsHelp(CommandTable);
+  return 0;
+}
diff --git a/client/cmdlfpcf7931.h b/client/cmdlfpcf7931.h
new file mode 100644 (file)
index 0000000..ed60bc9
--- /dev/null
@@ -0,0 +1,18 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) 2012 Chalk <chalk.secu at gmail.com>
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Low frequency PCF7931 commands
+//-----------------------------------------------------------------------------
+
+#ifndef CMDLFPCF7931_H__
+#define CMDLFPCF7931_H__
+
+int CmdLFPCF7931(const char *Cmd);
+
+int CmdLFPCF7931Read(const char *Cmd);
+
+#endif
index 507519ec65ac72f910a1f9b4b4735fc6f7408cbf..0e1b22af080d959e889a317bea947a03fc4e8062 100644 (file)
@@ -74,6 +74,7 @@ typedef struct {
 #define CMD_T55XX_READ_BLOCK                                              0x0214
 #define CMD_T55XX_WRITE_BLOCK                                             0x0215
 #define CMD_T55XX_READ_TRACE                                              0x0216
 #define CMD_T55XX_READ_BLOCK                                              0x0214
 #define CMD_T55XX_WRITE_BLOCK                                             0x0215
 #define CMD_T55XX_READ_TRACE                                              0x0216
+#define CMD_PCF7931_READ                                                  0x0217
 
 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
 
 
 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
 
Impressum, Datenschutz