]> git.zerfleddert.de Git - proxmark3-svn/blame - client/cmdlfindala.c
added EMV tag #9F6E (#676)
[proxmark3-svn] / client / cmdlfindala.c
CommitLineData
0fb65a26 1//-----------------------------------------------------------------------------
2//
3// This code is licensed to you under the terms of the GNU GPL, version 2 or,
4// at your option, any later version. See the LICENSE.txt file for the text of
5// the license.
6//-----------------------------------------------------------------------------
7// Low frequency Indala commands
b9957414 8// PSK1, rf/32, 64 or 224 bits (known)
0fb65a26 9//-----------------------------------------------------------------------------
10
ad939de5 11#include "cmdlfindala.h"
12
0fb65a26 13#include <stdio.h>
14#include <string.h>
ad939de5 15#include "comms.h"
0fb65a26 16#include "ui.h"
17#include "graph.h"
18#include "cmdparser.h"
19#include "cmddata.h" //for g_debugMode, demodbuff cmds
20#include "lfdemod.h" //for indala26decode
21#include "util.h" //for sprint_bin_break
22#include "cmdlf.h" //for CmdLFRead
23#include "cmdmain.h" //for clearCommandBuffer
24
25static int CmdHelp(const char *Cmd);
26
27// Indala 26 bit decode
28// by marshmellow
29// optional arguments - same as PSKDemod (clock & invert & maxerr)
30int CmdIndalaDecode(const char *Cmd) {
31 int ans;
32 if (strlen(Cmd)>0) {
33 ans = PSKDemod(Cmd, 0);
34 } else { //default to RF/32
35 ans = PSKDemod("32", 0);
36 }
37
38 if (!ans) {
488d3098 39 if (g_debugMode) PrintAndLog("Error1: %i",ans);
0fb65a26 40 return 0;
41 }
42 uint8_t invert=0;
43 size_t size = DemodBufferLen;
1dae9811 44 int startIdx = indala64decode(DemodBuffer, &size, &invert);
45 if (startIdx < 0 || size != 64) {
46 // try 224 indala
47 invert = 0;
48 size = DemodBufferLen;
49 startIdx = indala224decode(DemodBuffer, &size, &invert);
50 if (startIdx < 0 || size != 224) {
51 if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
52 return -1;
53 }
0fb65a26 54 }
55 setDemodBuf(DemodBuffer, size, (size_t)startIdx);
9fe4507c 56 setClockGrid(g_DemodClock, g_DemodStartIdx + (startIdx*g_DemodClock));
0fb65a26 57 if (invert)
58 if (g_debugMode)
59 PrintAndLog("Had to invert bits");
60
61 PrintAndLog("BitLen: %d",DemodBufferLen);
62 //convert UID to HEX
63 uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
64 uid1=bytebits_to_byte(DemodBuffer,32);
65 uid2=bytebits_to_byte(DemodBuffer+32,32);
66 if (DemodBufferLen==64) {
67 PrintAndLog("Indala UID=%s (%x%08x)", sprint_bin_break(DemodBuffer,DemodBufferLen,16), uid1, uid2);
68 } else if (DemodBufferLen==224) {
69 uid3=bytebits_to_byte(DemodBuffer+64,32);
70 uid4=bytebits_to_byte(DemodBuffer+96,32);
71 uid5=bytebits_to_byte(DemodBuffer+128,32);
72 uid6=bytebits_to_byte(DemodBuffer+160,32);
73 uid7=bytebits_to_byte(DemodBuffer+192,32);
74 PrintAndLog("Indala UID=%s (%x%08x%08x%08x%08x%08x%08x)",
75 sprint_bin_break(DemodBuffer,DemodBufferLen,16), uid1, uid2, uid3, uid4, uid5, uid6, uid7);
76 }
77 if (g_debugMode) {
78 PrintAndLog("DEBUG: printing demodbuffer:");
79 printDemodBuff();
80 }
81 return 1;
82}
83
84int CmdIndalaRead(const char *Cmd) {
b9957414 85 lf_read(true, 30000);
0fb65a26 86 return CmdIndalaDecode("");
87}
88
89// older alternative indala demodulate (has some positives and negatives)
90// returns false positives more often - but runs against more sets of samples
91// poor psk signal can be difficult to demod this approach might succeed when the other fails
92// but the other appears to currently be more accurate than this approach most of the time.
93int CmdIndalaDemod(const char *Cmd) {
94 // Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID
95
96 int state = -1;
97 int count = 0;
98 int i, j;
99
100 // worst case with GraphTraceLen=64000 is < 4096
101 // under normal conditions it's < 2048
102
103 uint8_t rawbits[4096];
104 int rawbit = 0;
105 int worst = 0, worstPos = 0;
0e2ddb41 106
107 //clear clock grid and demod plot
108 setClockGrid(0, 0);
109 DemodBufferLen = 0;
0fb65a26 110
0e2ddb41 111 // PrintAndLog("Expecting a bit less than %d raw bits", GraphTraceLen / 32);
0fb65a26 112 // loop through raw signal - since we know it is psk1 rf/32 fc/2 skip every other value (+=2)
113 for (i = 0; i < GraphTraceLen-1; i += 2) {
114 count += 1;
115 if ((GraphBuffer[i] > GraphBuffer[i + 1]) && (state != 1)) {
116 // appears redundant - marshmellow
117 if (state == 0) {
118 for (j = 0; j < count - 8; j += 16) {
119 rawbits[rawbit++] = 0;
120 }
121 if ((abs(count - j)) > worst) {
122 worst = abs(count - j);
123 worstPos = i;
124 }
125 }
126 state = 1;
127 count = 0;
128 } else if ((GraphBuffer[i] < GraphBuffer[i + 1]) && (state != 0)) {
129 //appears redundant
130 if (state == 1) {
131 for (j = 0; j < count - 8; j += 16) {
132 rawbits[rawbit++] = 1;
133 }
134 if ((abs(count - j)) > worst) {
135 worst = abs(count - j);
136 worstPos = i;
137 }
138 }
139 state = 0;
140 count = 0;
141 }
142 }
143
144 if (rawbit>0){
145 PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
146 PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
147 } else {
148 return 0;
149 }
150
151 // Finding the start of a UID
152 int uidlen, long_wait;
153 if (strcmp(Cmd, "224") == 0) {
154 uidlen = 224;
155 long_wait = 30;
156 } else {
157 uidlen = 64;
158 long_wait = 29;
159 }
160
161 int start;
162 int first = 0;
163 for (start = 0; start <= rawbit - uidlen; start++) {
164 first = rawbits[start];
165 for (i = start; i < start + long_wait; i++) {
166 if (rawbits[i] != first) {
167 break;
168 }
169 }
170 if (i == (start + long_wait)) {
171 break;
172 }
173 }
174
175 if (start == rawbit - uidlen + 1) {
176 PrintAndLog("nothing to wait for");
177 return 0;
178 }
179
180 // Inverting signal if needed
181 if (first == 1) {
182 for (i = start; i < rawbit; i++) {
183 rawbits[i] = !rawbits[i];
184 }
185 }
186
187 // Dumping UID
188 uint8_t bits[224] = {0x00};
189 char showbits[225] = {0x00};
190 int bit;
191 i = start;
192 int times = 0;
193
194 if (uidlen > rawbit) {
195 PrintAndLog("Warning: not enough raw bits to get a full UID");
196 for (bit = 0; bit < rawbit; bit++) {
197 bits[bit] = rawbits[i++];
198 // As we cannot know the parity, let's use "." and "/"
199 showbits[bit] = '.' + bits[bit];
200 }
201 showbits[bit+1]='\0';
202 PrintAndLog("Partial UID=%s", showbits);
203 return 0;
204 } else {
205 for (bit = 0; bit < uidlen; bit++) {
206 bits[bit] = rawbits[i++];
207 showbits[bit] = '0' + bits[bit];
208 }
209 times = 1;
210 }
211
212 //convert UID to HEX
213 uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
214 int idx;
215 uid1 = uid2 = 0;
216
217 if (uidlen==64){
218 for( idx=0; idx<64; idx++) {
219 if (showbits[idx] == '0') {
220 uid1=(uid1<<1)|(uid2>>31);
221 uid2=(uid2<<1)|0;
222 } else {
223 uid1=(uid1<<1)|(uid2>>31);
224 uid2=(uid2<<1)|1;
225 }
226 }
227 PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
228 }
229 else {
230 uid3 = uid4 = uid5 = uid6 = uid7 = 0;
231
232 for( idx=0; idx<224; idx++) {
233 uid1=(uid1<<1)|(uid2>>31);
234 uid2=(uid2<<1)|(uid3>>31);
235 uid3=(uid3<<1)|(uid4>>31);
236 uid4=(uid4<<1)|(uid5>>31);
237 uid5=(uid5<<1)|(uid6>>31);
238 uid6=(uid6<<1)|(uid7>>31);
239
240 if (showbits[idx] == '0')
241 uid7 = (uid7<<1) | 0;
242 else
243 uid7 = (uid7<<1) | 1;
244 }
245 PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
246 }
247
248 // Checking UID against next occurrences
249 int failed = 0;
250 for (; i + uidlen <= rawbit;) {
251 failed = 0;
252 for (bit = 0; bit < uidlen; bit++) {
253 if (bits[bit] != rawbits[i++]) {
254 failed = 1;
255 break;
256 }
257 }
258 if (failed == 1) {
259 break;
260 }
261 times += 1;
262 }
263
264 PrintAndLog("Occurrences: %d (expected %d)", times, (rawbit - start) / uidlen);
265
266 // Remodulating for tag cloning
267 // HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod)
268 // since this changes graphbuffer data.
269 GraphTraceLen = 32*uidlen;
270 i = 0;
271 int phase = 0;
272 for (bit = 0; bit < uidlen; bit++) {
273 if (bits[bit] == 0) {
274 phase = 0;
275 } else {
276 phase = 1;
277 }
278 int j;
279 for (j = 0; j < 32; j++) {
280 GraphBuffer[i++] = phase;
281 phase = !phase;
282 }
283 }
284
285 RepaintGraphWindow();
286 return 1;
287}
288
289int CmdIndalaClone(const char *Cmd) {
44964fd1 290 UsbCommand c = {0};
0fb65a26 291 unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
292
293 uid1 = uid2 = uid3 = uid4 = uid5 = uid6 = uid7 = 0;
294 int n = 0, i = 0;
295
296 if (strchr(Cmd,'l') != 0) {
297 while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
298 uid1 = (uid1 << 4) | (uid2 >> 28);
299 uid2 = (uid2 << 4) | (uid3 >> 28);
300 uid3 = (uid3 << 4) | (uid4 >> 28);
301 uid4 = (uid4 << 4) | (uid5 >> 28);
302 uid5 = (uid5 << 4) | (uid6 >> 28);
303 uid6 = (uid6 << 4) | (uid7 >> 28);
304 uid7 = (uid7 << 4) | (n & 0xf);
305 }
306 PrintAndLog("Cloning 224bit tag with UID %x%08x%08x%08x%08x%08x%08x", uid1, uid2, uid3, uid4, uid5, uid6, uid7);
307 c.cmd = CMD_INDALA_CLONE_TAG_L;
308 c.d.asDwords[0] = uid1;
309 c.d.asDwords[1] = uid2;
310 c.d.asDwords[2] = uid3;
311 c.d.asDwords[3] = uid4;
312 c.d.asDwords[4] = uid5;
313 c.d.asDwords[5] = uid6;
314 c.d.asDwords[6] = uid7;
315 } else {
316 while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
317 uid1 = (uid1 << 4) | (uid2 >> 28);
318 uid2 = (uid2 << 4) | (n & 0xf);
319 }
320 PrintAndLog("Cloning 64bit tag with UID %x%08x", uid1, uid2);
321 c.cmd = CMD_INDALA_CLONE_TAG;
322 c.arg[0] = uid1;
323 c.arg[1] = uid2;
324 }
325
326 clearCommandBuffer();
327 SendCommand(&c);
328 return 0;
329}
330
331static command_t CommandTable[] = {
332 {"help", CmdHelp, 1, "This help"},
333 {"demod", CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
334 {"read", CmdIndalaRead, 0, "Read an Indala Prox tag from the antenna"},
335 {"clone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be on antenna)(UID in HEX)(option 'l' for 224 UID"},
336 {"altdemod", CmdIndalaDemod, 1, "['224'] -- Alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
337 //{"sim", CmdIndalaSim, 0, "<ID> -- indala tag simulator"},
338 {NULL, NULL, 0, NULL}
339};
340
341int CmdLFINDALA(const char *Cmd) {
342 CmdsParse(CommandTable, Cmd);
343 return 0;
344}
345
346int CmdHelp(const char *Cmd) {
347 CmdsHelp(CommandTable);
348 return 0;
349}
Impressum, Datenschutz