]> git.zerfleddert.de Git - proxmark3-svn/blame - client/cmdhflegic.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
FIX: CoverityScan 123465 - Resource leak
[proxmark3-svn] / client / cmdhflegic.c
CommitLineData
a553f267 1//-----------------------------------------------------------------------------
2// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// High frequency Legic commands
9//-----------------------------------------------------------------------------
7fe9b0b7 10#include "cmdhflegic.h"
3e134b4c 11
7fe9b0b7 12static int CmdHelp(const char *Cmd);
13
3b920280 14int usage_legic_calccrc8(void){
3e134b4c 15 PrintAndLog("Calculates the legic crc8/crc16 on the input hexbytes.");
3b920280 16 PrintAndLog("There must be an even number of hexsymbols as input.");
514ddaa2 17 PrintAndLog("Usage: hf legic crc8 [h] b <hexbytes> u <uidcrc> c <crc type>");
18 PrintAndLog("Options:");
3e134b4c 19 PrintAndLog(" b <hexbytes> : hex bytes");
20 PrintAndLog(" u <uidcrc> : MCC hexbyte");
514ddaa2 21 PrintAndLog(" c <crc type> : 8|16 bit crc size");
3b920280 22 PrintAndLog("");
514ddaa2 23 PrintAndLog("Samples:");
3e134b4c 24 PrintAndLog(" hf legic crc8 b deadbeef1122");
514ddaa2 25 PrintAndLog(" hf legic crc8 b deadbeef1122 u 9A c 16");
3b920280 26 return 0;
27}
28
e579e768 29int usage_legic_load(void){
30 PrintAndLog("It loads datasamples from the file `filename` to device memory");
31 PrintAndLog("Usage: hf legic load <file name>");
514ddaa2 32 PrintAndLog("");
33 PrintAndLog("Samples:");
34 PrintAndLog(" hf legic load filename");
e579e768 35 return 0;
36}
37
cbdcc89a 38int usage_legic_read(void){
39 PrintAndLog("Read data from a legic tag.");
40 PrintAndLog("Usage: hf legic read <offset> <num of bytes>");
514ddaa2 41 PrintAndLog("Options:");
cbdcc89a 42 PrintAndLog(" <offset> : offset in data array to start download from");
43 PrintAndLog(" <num of bytes> : number of bytes to download");
44 PrintAndLog("");
514ddaa2 45 PrintAndLog("Samples:");
46 PrintAndLog(" hf legic read");
cbdcc89a 47 return 0;
48}
49
669c1b80 50/*
51 * Output BigBuf and deobfuscate LEGIC RF tag data.
cbdcc89a 52 * This is based on information given in the talk held
669c1b80 53 * by Henryk Ploetz and Karsten Nohl at 26c3
669c1b80 54 */
3b920280 55int CmdLegicDecode(const char *Cmd) {
d7fd9084 56 // Index for the bytearray.
57 int i = 0;
58 int k = 0, segmentNum;
52cf34c1 59 int segment_len = 0;
60 int segment_flag = 0;
60bb5ef7 61 uint8_t stamp_len = 0;
52cf34c1 62 int crc = 0;
63 int wrp = 0;
64 int wrc = 0;
3e134b4c 65 uint8_t data_buf[1052]; // receiver buffer, should be 1024..
66 char token_type[5];
67 int dcf;
68 int bIsSegmented = 0;
52cf34c1 69
cbdcc89a 70 // download EML memory, where the "legic read" command puts the data.
71 GetEMLFromBigBuf(data_buf, sizeof(data_buf), 0);
f7f844d0 72 if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){
73 PrintAndLog("Command execute timeout");
74 return 1;
75 }
76
52cf34c1 77 // Output CDF System area (9 bytes) plus remaining header area (12 bytes)
3b920280 78 crc = data_buf[4];
79 uint32_t calc_crc = CRC8Legic(data_buf, 4);
80
52cf34c1 81 PrintAndLog("\nCDF: System Area");
aacb96d7 82 PrintAndLog("------------------------------------------------------");
3b920280 83 PrintAndLog("MCD: %02x, MSN: %02x %02x %02x, MCC: %02x %s",
52cf34c1 84 data_buf[0],
85 data_buf[1],
86 data_buf[2],
87 data_buf[3],
3b920280 88 data_buf[4],
e579e768 89 (calc_crc == crc) ? "OK":"Fail"
52cf34c1 90 );
669c1b80 91
3e134b4c 92
93 token_type[0] = 0;
94 dcf = ((int)data_buf[6] << 8) | (int)data_buf[5];
95
96 // New unwritten media?
97 if(dcf == 0xFFFF) {
98
99 PrintAndLog("DCF: %d (%02x %02x), Token Type=NM (New Media)",
100 dcf,
101 data_buf[5],
102 data_buf[6]
103 );
104
105 } else if(dcf > 60000) { // Master token?
106
107 int fl = 0;
108
109 if(data_buf[6] == 0xec) {
110 strncpy(token_type, "XAM", sizeof(token_type));
111 fl = 1;
112 stamp_len = 0x0c - (data_buf[5] >> 4);
113 } else {
d7fd9084 114 switch (data_buf[5] & 0x7f) {
52cf34c1 115 case 0x00 ... 0x2f:
116 strncpy(token_type, "IAM",sizeof(token_type));
3e134b4c 117 fl = (0x2f - (data_buf[5] & 0x7f)) + 1;
52cf34c1 118 break;
119 case 0x30 ... 0x6f:
d7fd9084 120 strncpy(token_type, "SAM",sizeof(token_type));
3e134b4c 121 fl = (0x6f - (data_buf[5] & 0x7f)) + 1;
52cf34c1 122 break;
123 case 0x70 ... 0x7f:
d7fd9084 124 strncpy(token_type, "GAM",sizeof(token_type));
3e134b4c 125 fl = (0x7f - (data_buf[5] & 0x7f)) + 1;
52cf34c1 126 break;
127 }
128
129 stamp_len = 0xfc - data_buf[6];
3e134b4c 130 }
52cf34c1 131
3e134b4c 132 PrintAndLog("DCF: %d (%02x %02x), Token Type=%s (OLE=%01u), OL=%02u, FL=%02u",
133 dcf,
52cf34c1 134 data_buf[5],
135 data_buf[6],
136 token_type,
137 (data_buf[5]&0x80)>>7,
3e134b4c 138 stamp_len,
139 fl
52cf34c1 140 );
141
3e134b4c 142 } else { // Is IM(-S) type of card...
143
144 if(data_buf[7] == 0x9F && data_buf[8] == 0xFF) {
145 bIsSegmented = 1;
146 strncpy(token_type, "IM-S", sizeof(token_type));
147 } else {
148 strncpy(token_type, "IM", sizeof(token_type));
149 }
150
151 PrintAndLog("DCF: %d (%02x %02x), Token Type=%s (OLE=%01u)",
152 dcf,
153 data_buf[5],
154 data_buf[6],
155 token_type,
156 (data_buf[5]&0x80)>>7
157 );
158 }
159
160 // Makes no sence to show this on blank media...
161 if(dcf != 0xFFFF) {
162
163 if(bIsSegmented) {
164 PrintAndLog("WRP=%02u, WRC=%01u, RD=%01u, SSC=%02x",
52cf34c1 165 data_buf[7]&0x0f,
166 (data_buf[7]&0x70)>>4,
167 (data_buf[7]&0x80)>>7,
52cf34c1 168 data_buf[8]
169 );
3e134b4c 170 }
52cf34c1 171
3e134b4c 172 // Header area is only available on IM-S cards, on master tokens this data is the master token data itself
173 if(bIsSegmented || dcf > 60000) {
174 if(dcf > 60000) {
175 PrintAndLog("Master token data");
176 PrintAndLog("%s", sprint_hex(data_buf+8, 14));
177 } else {
52cf34c1 178 PrintAndLog("Remaining Header Area");
179 PrintAndLog("%s", sprint_hex(data_buf+9, 13));
3e134b4c 180 }
181 }
182 }
183
d7fd9084 184
e579e768 185 uint8_t segCrcBytes[8] = {0x00};
186 uint32_t segCalcCRC = 0;
187 uint32_t segCRC = 0;
d7fd9084 188
aacb96d7 189
3e134b4c 190 // Data card?
191 if(dcf <= 60000) {
cbdcc89a 192
d7fd9084 193 PrintAndLog("\nADF: User Area");
aacb96d7 194 PrintAndLog("------------------------------------------------------");
3e134b4c 195
196 if(bIsSegmented) {
197
198 // Data start point on segmented cards
d7fd9084 199 i = 22;
3e134b4c 200
201 // decode segments
202 for (segmentNum=1; segmentNum < 128; segmentNum++ )
203 {
52cf34c1 204 segment_len = ((data_buf[i+1]^crc)&0x0f) * 256 + (data_buf[i]^crc);
205 segment_flag = ((data_buf[i+1]^crc)&0xf0)>>4;
52cf34c1 206 wrp = (data_buf[i+2]^crc);
207 wrc = ((data_buf[i+3]^crc)&0x70)>>4;
208
d7fd9084 209 bool hasWRC = (wrc > 0);
210 bool hasWRP = (wrp > wrc);
211 int wrp_len = (wrp - wrc);
212 int remain_seg_payload_len = (segment_len - wrp - 5);
e579e768 213
d7fd9084 214 // validate segment-crc
215 segCrcBytes[0]=data_buf[0]; //uid0
216 segCrcBytes[1]=data_buf[1]; //uid1
217 segCrcBytes[2]=data_buf[2]; //uid2
218 segCrcBytes[3]=data_buf[3]; //uid3
219 segCrcBytes[4]=(data_buf[i]^crc); //hdr0
e579e768 220 segCrcBytes[5]=(data_buf[i+1]^crc); //hdr1
221 segCrcBytes[6]=(data_buf[i+2]^crc); //hdr2
222 segCrcBytes[7]=(data_buf[i+3]^crc); //hdr3
d7fd9084 223
e579e768 224 segCalcCRC = CRC8Legic(segCrcBytes, 8);
d7fd9084 225 segCRC = data_buf[i+4]^crc;
e579e768 226
aacb96d7 227 PrintAndLog("Segment %02u \nraw header | 0x%02X 0x%02X 0x%02X 0x%02X \nSegment len: %u, Flag: 0x%X (valid:%01u, last:%01u), WRP: %02u, WRC: %02u, RD: %01u, CRC: 0x%02X (%s)",
d7fd9084 228 segmentNum,
52cf34c1 229 data_buf[i]^crc,
230 data_buf[i+1]^crc,
231 data_buf[i+2]^crc,
232 data_buf[i+3]^crc,
9827020a 233 segment_len,
52cf34c1 234 segment_flag,
d7fd9084 235 (segment_flag & 0x4) >> 2,
236 (segment_flag & 0x8) >> 3,
52cf34c1 237 wrp,
238 wrc,
d7fd9084 239 ((data_buf[i+3]^crc) & 0x80) >> 7,
e579e768 240 segCRC,
241 ( segCRC == segCalcCRC ) ? "OK" : "fail"
52cf34c1 242 );
243
3b920280 244 i += 5;
669c1b80 245
d7fd9084 246 if ( hasWRC ) {
247 PrintAndLog("WRC protected area: (I %d | K %d| WRC %d)", i, k, wrc);
aacb96d7 248 PrintAndLog("\nrow | data");
249 PrintAndLog("-----+------------------------------------------------");
3e134b4c 250
251 for ( k=i; k < (i+wrc); ++k)
a182a680 252 data_buf[k] ^= crc;
3e134b4c 253
9827020a 254 print_hex_break( data_buf+i, wrc, 16);
3b920280 255
256 i += wrc;
52cf34c1 257 }
669c1b80 258
d7fd9084 259 if ( hasWRP ) {
260 PrintAndLog("Remaining write protected area: (I %d | K %d | WRC %d | WRP %d WRP_LEN %d)",i, k, wrc, wrp, wrp_len);
aacb96d7 261 PrintAndLog("\nrow | data");
262 PrintAndLog("-----+------------------------------------------------");
d7fd9084 263
3e134b4c 264 for (k=i; k < (i+wrp_len); ++k)
9827020a 265 data_buf[k] ^= crc;
3b920280 266
9827020a 267 print_hex_break( data_buf+i, wrp_len, 16);
3b920280 268
d7fd9084 269 i += wrp_len;
270
3e134b4c 271 // does this one work? (Answer: Only if KGH/BGH is used with BCD encoded card number! So maybe this will show just garbage...)
9827020a 272 if( wrp_len == 8 )
273 PrintAndLog("Card ID: %2X%02X%02X", data_buf[i-4]^crc, data_buf[i-3]^crc, data_buf[i-2]^crc);
52cf34c1 274 }
669c1b80 275
a182a680 276 PrintAndLog("Remaining segment payload: (I %d | K %d | Remain LEN %d)", i, k, remain_seg_payload_len);
aacb96d7 277 PrintAndLog("\nrow | data");
278 PrintAndLog("-----+------------------------------------------------");
3e134b4c 279
280 for ( k=i; k < (i+remain_seg_payload_len); ++k)
9827020a 281 data_buf[k] ^= crc;
3b920280 282
9827020a 283 print_hex_break( data_buf+i, remain_seg_payload_len, 16);
669c1b80 284
d7fd9084 285 i += remain_seg_payload_len;
286
aacb96d7 287 PrintAndLog("-----+------------------------------------------------\n");
a182a680 288
52cf34c1 289 // end with last segment
290 if (segment_flag & 0x8) return 0;
291
292 } // end for loop
3e134b4c 293
294 } else {
295
296 // Data start point on unsegmented cards
297 i = 8;
298
299 wrp = data_buf[7] & 0x0F;
300 wrc = (data_buf[7] & 0x07) >> 4;
301
302 bool hasWRC = (wrc > 0);
303 bool hasWRP = (wrp > wrc);
304 int wrp_len = (wrp - wrc);
305 int remain_seg_payload_len = (1024 - 22 - wrp); // Any chance to get physical card size here!?
306
307 PrintAndLog("Unsegmented card - WRP: %02u, WRC: %02u, RD: %01u",
308 wrp,
309 wrc,
310 (data_buf[7] & 0x80) >> 7
311 );
312
313 if ( hasWRC ) {
314 PrintAndLog("WRC protected area: (I %d | WRC %d)", i, wrc);
315 PrintAndLog("\nrow | data");
316 PrintAndLog("-----+------------------------------------------------");
317 print_hex_break( data_buf+i, wrc, 16);
318 i += wrc;
319 }
320
321 if ( hasWRP ) {
322 PrintAndLog("Remaining write protected area: (I %d | WRC %d | WRP %d | WRP_LEN %d)", i, wrc, wrp, wrp_len);
323 PrintAndLog("\nrow | data");
324 PrintAndLog("-----+------------------------------------------------");
325 print_hex_break( data_buf+i, wrp_len, 16);
326 i += wrp_len;
327
328 // does this one work? (Answer: Only if KGH/BGH is used with BCD encoded card number! So maybe this will show just garbage...)
329 if( wrp_len == 8 )
330 PrintAndLog("Card ID: %2X%02X%02X", data_buf[i-4], data_buf[i-3], data_buf[i-2]);
331 }
332
333 PrintAndLog("Remaining segment payload: (I %d | Remain LEN %d)", i, remain_seg_payload_len);
334 PrintAndLog("\nrow | data");
335 PrintAndLog("-----+------------------------------------------------");
336 print_hex_break( data_buf+i, remain_seg_payload_len, 16);
337 i += remain_seg_payload_len;
338
339 PrintAndLog("-----+------------------------------------------------\n");
340 }
341 }
342
52cf34c1 343 return 0;
669c1b80 344}
41dab153 345
52cf34c1 346int CmdLegicRFRead(const char *Cmd) {
cbdcc89a 347
348 // params:
349 // offset in data
350 // number of bytes.
351 char cmdp = param_getchar(Cmd, 0);
352 if ( cmdp == 'H' || cmdp == 'h' ) return usage_legic_read();
353
52cf34c1 354 int byte_count=0, offset=0;
355 sscanf(Cmd, "%i %i", &offset, &byte_count);
356 if(byte_count == 0) byte_count = -1;
357 if(byte_count + offset > 1024) byte_count = 1024 - offset;
358
359 UsbCommand c= {CMD_READER_LEGIC_RF, {offset, byte_count, 0}};
360 clearCommandBuffer();
361 SendCommand(&c);
362 return 0;
41dab153 363}
3612a8a8 364
52cf34c1 365int CmdLegicLoad(const char *Cmd) {
b915fda3 366
52cf34c1 367 char cmdp = param_getchar(Cmd, 0);
e579e768 368 if ( cmdp == 'H' || cmdp == 'h' || cmdp == 0x00) return usage_legic_load();
b915fda3 369
e579e768 370 char filename[FILE_PATH_SIZE] = {0x00};
371 int len = strlen(Cmd);
372
b915fda3 373 if (len > FILE_PATH_SIZE) {
374 PrintAndLog("Filepath too long (was %s bytes), max allowed is %s ", len, FILE_PATH_SIZE);
375 return 0;
376 }
377 memcpy(filename, Cmd, len);
378
379 FILE *f = fopen(filename, "r");
3612a8a8 380 if(!f) {
381 PrintAndLog("couldn't open '%s'", Cmd);
382 return -1;
383 }
52cf34c1 384
385 char line[80];
810f5379 386 int offset = 0;
c6e0a2eb 387 uint8_t data[USB_CMD_DATA_SIZE] = {0x00};
388 int index = 0;
389 int totalbytes = 0;
52cf34c1 390 while ( fgets(line, sizeof(line), f) ) {
3612a8a8 391 int res = sscanf(line, "%x %x %x %x %x %x %x %x",
c6e0a2eb 392 (unsigned int *)&data[index],
393 (unsigned int *)&data[index + 1],
394 (unsigned int *)&data[index + 2],
395 (unsigned int *)&data[index + 3],
396 (unsigned int *)&data[index + 4],
397 (unsigned int *)&data[index + 5],
398 (unsigned int *)&data[index + 6],
399 (unsigned int *)&data[index + 7]);
e7d099dc 400
3612a8a8 401 if(res != 8) {
402 PrintAndLog("Error: could not read samples");
403 fclose(f);
404 return -1;
405 }
c6e0a2eb 406 index += res;
407
408 if ( index == USB_CMD_DATA_SIZE ){
409// PrintAndLog("sent %d | %d | %d", index, offset, totalbytes);
410 UsbCommand c = { CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
411 memcpy(c.d.asBytes, data, sizeof(data));
412 clearCommandBuffer();
413 SendCommand(&c);
d7fd9084 414 if ( !WaitForResponseTimeout(CMD_ACK, NULL, 1500)){
415 PrintAndLog("Command execute timeout");
416 fclose(f);
417 return 1;
418 }
c6e0a2eb 419 offset += index;
420 totalbytes += index;
421 index = 0;
422 }
3612a8a8 423 }
424 fclose(f);
c6e0a2eb 425
426 // left over bytes?
427 if ( index != 0 ) {
428 UsbCommand c = { CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
429 memcpy(c.d.asBytes, data, 8);
430 clearCommandBuffer();
431 SendCommand(&c);
d7fd9084 432 if ( !WaitForResponseTimeout(CMD_ACK, NULL, 1500)){
433 PrintAndLog("Command execute timeout");
434 return 1;
435 }
c6e0a2eb 436 totalbytes += index;
437 }
438
439 PrintAndLog("loaded %u samples", totalbytes);
3612a8a8 440 return 0;
441}
442
52cf34c1 443int CmdLegicSave(const char *Cmd) {
444 int requested = 1024;
445 int offset = 0;
446 int delivered = 0;
447 char filename[FILE_PATH_SIZE];
448 uint8_t got[1024] = {0x00};
449
450 sscanf(Cmd, " %s %i %i", filename, &requested, &offset);
451
452 /* If no length given save entire legic read buffer */
453 /* round up to nearest 8 bytes so the saved data can be used with legicload */
e7d099dc 454 if (requested == 0)
52cf34c1 455 requested = 1024;
52cf34c1 456
457 if (requested % 8 != 0) {
458 int remainder = requested % 8;
459 requested = requested + 8 - remainder;
460 }
461
462 if (offset + requested > sizeof(got)) {
463 PrintAndLog("Tried to read past end of buffer, <bytes> + <offset> > 1024");
464 return 0;
465 }
466
d7fd9084 467 GetFromBigBuf(got, requested, offset);
f7f844d0 468 if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){
aacb96d7 469 PrintAndLog("Command execute timeout");
f7f844d0 470 return 1;
471 }
52cf34c1 472
aacb96d7 473 FILE *f = fopen(filename, "w");
474 if(!f) {
475 PrintAndLog("couldn't open '%s'", Cmd+1);
476 return -1;
477 }
478
52cf34c1 479 for (int j = 0; j < requested; j += 8) {
480 fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n",
c6e0a2eb 481 got[j+0], got[j+1], got[j+2], got[j+3],
482 got[j+4], got[j+5], got[j+6], got[j+7]
52cf34c1 483 );
484 delivered += 8;
485 if (delivered >= requested) break;
486 }
487
488 fclose(f);
489 PrintAndLog("saved %u samples", delivered);
490 return 0;
3612a8a8 491}
492
f7f844d0 493//TODO: write a help text (iceman)
52cf34c1 494int CmdLegicRfSim(const char *Cmd) {
3b920280 495 UsbCommand c = {CMD_SIMULATE_TAG_LEGIC_RF, {6,3,0}};
52cf34c1 496 sscanf(Cmd, " %"lli" %"lli" %"lli, &c.arg[0], &c.arg[1], &c.arg[2]);
497 clearCommandBuffer();
498 SendCommand(&c);
499 return 0;
3612a8a8 500}
501
f7f844d0 502//TODO: write a help text (iceman)
52cf34c1 503int CmdLegicRfWrite(const char *Cmd) {
504 UsbCommand c = {CMD_WRITER_LEGIC_RF};
125a98a1 505 int res = sscanf(Cmd, " 0x%"llx" 0x%"llx, &c.arg[0], &c.arg[1]);
3612a8a8 506 if(res != 2) {
507 PrintAndLog("Please specify the offset and length as two hex strings");
508 return -1;
509 }
52cf34c1 510 clearCommandBuffer();
3612a8a8 511 SendCommand(&c);
512 return 0;
513}
514
3e134b4c 515//TODO: write a help text (iceman)
516int CmdLegicRfRawWrite(const char *Cmd) {
517 char answer;
518 UsbCommand c = { CMD_RAW_WRITER_LEGIC_RF, {0,0,0} };
519 int res = sscanf(Cmd, " 0x%"llx" 0x%"llx, &c.arg[0], &c.arg[1]);
520 if(res != 2) {
521 PrintAndLog("Please specify the offset and value as two hex strings");
522 return -1;
523 }
524
525 if (c.arg[0] == 0x05 || c.arg[0] == 0x06) {
526 PrintAndLog("############# DANGER !! #############");
527 PrintAndLog("# changing the DCF is irreversible #");
528 PrintAndLog("#####################################");
529 PrintAndLog("do youe really want to continue? y(es) n(o)");
6e321dd8 530 if (scanf(" %c", &answer) > 0 && (answer == 'y' || answer == 'Y')) {
3e134b4c 531 SendCommand(&c);
532 return 0;
533 }
534 return -1;
535 }
536
537 clearCommandBuffer();
538 SendCommand(&c);
539 return 0;
540}
541
542//TODO: write a help text (iceman)
52cf34c1 543int CmdLegicRfFill(const char *Cmd) {
3e134b4c 544 UsbCommand cmd = {CMD_WRITER_LEGIC_RF, {0,0,0} };
1a07fd51 545 int res = sscanf(Cmd, " 0x%"llx" 0x%"llx" 0x%"llx, &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]);
3612a8a8 546 if(res != 3) {
547 PrintAndLog("Please specify the offset, length and value as two hex strings");
548 return -1;
549 }
550
551 int i;
52cf34c1 552 UsbCommand c = {CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}};
ba4ad25b 553 memset(c.d.asBytes, cmd.arg[2], 48);
3e134b4c 554
52cf34c1 555 for(i = 0; i < 22; i++) {
556 c.arg[0] = i*48;
3e134b4c 557
558 clearCommandBuffer();
52cf34c1 559 SendCommand(&c);
3e134b4c 560 WaitForResponse(CMD_ACK, NULL);
52cf34c1 561 }
562 clearCommandBuffer();
3612a8a8 563 SendCommand(&cmd);
564 return 0;
565 }
566
3b920280 567int CmdLegicCalcCrc8(const char *Cmd){
568
cc4c8fd6 569 uint8_t *data = NULL;
3e134b4c 570 uint8_t cmdp = 0, uidcrc = 0, type=0;
571 bool errors = false;
572 int len = 0;
3b920280 573
3e134b4c 574 while(param_getchar(Cmd, cmdp) != 0x00) {
575 switch(param_getchar(Cmd, cmdp)) {
576 case 'b':
577 case 'B':
08927081
AG		 578 // it's possible for user to accidentally enter "b" parameter
579 // more than once - we have to clean previous malloc
580 if (data) free(data);
3e134b4c 581 data = malloc(len);
582 if ( data == NULL ) {
583 PrintAndLog("Can't allocate memory. exiting");
584 errors = true;
585 break;
586 }
587 param_gethex_ex(Cmd, cmdp+1, data, &len);
588 // if odd symbols, (hexbyte must be two symbols)
589 if ( len & 1 ) errors = true;
590
591 len >>= 1;
592 cmdp += 2;
593 break;
594 case 'u':
595 case 'U':
596 uidcrc = param_get8ex(Cmd, cmdp+1, 0, 16);
597 cmdp += 2;
598 break;
599 case 'c':
600 case 'C':
601 type = param_get8ex(Cmd, cmdp+1, 0, 10);
602 cmdp += 2;
603 break;
604 case 'h':
605 case 'H':
606 errors = true;
607 break;
608 default:
609 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
610 errors = true;
611 break;
612 }
613 if (errors) break;
614 }
615 //Validations
616 if (errors){
aeb128e2 617 if (data) free(data);
3e134b4c 618 return usage_legic_calccrc8();
619 }
620
621 switch (type){
622 case 16:
623 PrintAndLog("LEGIC CRC16: %X", CRC16Legic(data, len, uidcrc));
624 break;
625 default:
626 PrintAndLog("LEGIC CRC8: %X", CRC8Legic(data, len) );
627 break;
eb5206bd 628 }
3b920280 629
aeb128e2 630 if (data) free(data);
3b920280 631 return 0;
632}
633
52cf34c1 634static command_t CommandTable[] = {
3b920280 635 {"help", CmdHelp, 1, "This help"},
636 {"decode", CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"},
637 {"read", CmdLegicRFRead, 0, "[offset][length] -- read bytes from a LEGIC card"},
638 {"save", CmdLegicSave, 0, "<filename> [<length>] -- Store samples"},
639 {"load", CmdLegicLoad, 0, "<filename> -- Restore samples"},
640 {"sim", CmdLegicRfSim, 0, "[phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)"},
641 {"write", CmdLegicRfWrite,0, "<offset> <length> -- Write sample buffer (user after load or read)"},
3e134b4c 642 {"writeRaw",CmdLegicRfRawWrite, 0, "<address> <value> -- Write direct to address"},
3b920280 643 {"fill", CmdLegicRfFill, 0, "<offset> <length> <value> -- Fill/Write tag with constant value"},
644 {"crc8", CmdLegicCalcCrc8, 1, "Calculate Legic CRC8 over given hexbytes"},
52cf34c1 645 {NULL, NULL, 0, NULL}
646};
647
648int CmdHFLegic(const char *Cmd) {
649 clearCommandBuffer();
650 CmdsParse(CommandTable, Cmd);
651 return 0;
652}
653
654int CmdHelp(const char *Cmd) {
655 CmdsHelp(CommandTable);
656 return 0;
657}
Proxmark3 GIT tracking
Impressum, Datenschutz