| | 1 | //----------------------------------------------------------------------------- |
| | 2 | // |
| | 3 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, |
| | 4 | // at your option, any later version. See the LICENSE.txt file for the text of |
| | 5 | // the license. |
| | 6 | //----------------------------------------------------------------------------- |
| | 7 | // Low frequency G Prox II tag commands |
| | 8 | // Biphase, rf/ , 96 bits (unknown key calc + some bits) |
| | 9 | //----------------------------------------------------------------------------- |
| | 10 | #include <stdio.h> |
| | 11 | #include <string.h> |
| | 12 | #include <inttypes.h> |
| | 13 | #include "cmdlfgproxii.h" |
| | 14 | #include "proxmark3.h" |
| | 15 | #include "ui.h" |
| | 16 | #include "util.h" |
| | 17 | #include "graph.h" |
| | 18 | #include "cmdparser.h" |
| | 19 | #include "cmddata.h" |
| | 20 | #include "cmdmain.h" |
| | 21 | #include "cmdlf.h" |
| | 22 | #include "lfdemod.h" |
| | 23 | static int CmdHelp(const char *Cmd); |
| | 24 | |
| | 25 | //by marshmellow |
| | 26 | //attempts to demodulate and identify a G_Prox_II verex/chubb card |
| | 27 | //WARNING: if it fails during some points it will destroy the DemodBuffer data |
| | 28 | // but will leave the GraphBuffer intact. |
| | 29 | //if successful it will push askraw data back to demod buffer ready for emulation |
| | 30 | int CmdG_Prox_II_Demod(const char *Cmd) |
| | 31 | { |
| | 32 | if (!ASKbiphaseDemod(Cmd, false)){ |
| | 33 | if (g_debugMode) PrintAndLog("Error gProxII: ASKbiphaseDemod failed 1st try"); |
| | 34 | return 0; |
| | 35 | } |
| | 36 | size_t size = DemodBufferLen; |
| | 37 | //call lfdemod.c demod for gProxII |
| | 38 | int ans = gProxII_Demod(DemodBuffer, &size); |
| | 39 | if (ans < 0){ |
| | 40 | if (g_debugMode) PrintAndLog("Error gProxII_Demod"); |
| | 41 | return 0; |
| | 42 | } |
| | 43 | //got a good demod of 96 bits |
| | 44 | uint8_t ByteStream[8] = {0x00}; |
| | 45 | uint8_t xorKey=0; |
| | 46 | size_t startIdx = ans + 6; //start after 6 bit preamble |
| | 47 | |
| | 48 | uint8_t bits_no_spacer[90]; |
| | 49 | //so as to not mess with raw DemodBuffer copy to a new sample array |
| | 50 | memcpy(bits_no_spacer, DemodBuffer + startIdx, 90); |
| | 51 | // remove the 18 (90/5=18) parity bits (down to 72 bits (96-6-18=72)) |
| | 52 | size_t bitLen = removeParity(bits_no_spacer, 0, 5, 3, 90); //source, startloc, paritylen, ptype, length_to_run |
| | 53 | if (bitLen != 72) { |
| | 54 | if (g_debugMode) PrintAndLog("Error gProxII: spacer removal did not produce 72 bits: %u, start: %u", bitLen, startIdx); |
| | 55 | return 0; |
| | 56 | } |
| | 57 | // get key and then get all 8 bytes of payload decoded |
| | 58 | xorKey = (uint8_t)bytebits_to_byteLSBF(bits_no_spacer, 8); |
| | 59 | for (size_t idx = 0; idx < 8; idx++) { |
| | 60 | ByteStream[idx] = ((uint8_t)bytebits_to_byteLSBF(bits_no_spacer+8 + (idx*8),8)) ^ xorKey; |
| | 61 | if (g_debugMode) PrintAndLog("byte %u after xor: %02x", (unsigned int)idx, ByteStream[idx]); |
| | 62 | } |
| | 63 | //now ByteStream contains 8 Bytes (64 bits) of decrypted raw tag data |
| | 64 | // |
| | 65 | uint8_t fmtLen = ByteStream[0]>>2; |
| | 66 | uint32_t FC = 0; |
| | 67 | uint32_t Card = 0; |
| | 68 | //get raw 96 bits to print |
| | 69 | uint32_t raw1 = bytebits_to_byte(DemodBuffer+ans,32); |
| | 70 | uint32_t raw2 = bytebits_to_byte(DemodBuffer+ans+32, 32); |
| | 71 | uint32_t raw3 = bytebits_to_byte(DemodBuffer+ans+64, 32); |
| | 72 | |
| | 73 | if (fmtLen==36){ |
| | 74 | FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1); |
| | 75 | Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5); |
| | 76 | PrintAndLog("G-Prox-II Found: FmtLen %d, FC %u, Card %u", (int)fmtLen, FC, Card); |
| | 77 | } else if(fmtLen==26){ |
| | 78 | FC = ((ByteStream[3] & 0x7F)<<1) | (ByteStream[4]>>7); |
| | 79 | Card = ((ByteStream[4]&0x7F)<<9) | (ByteStream[5]<<1) | (ByteStream[6]>>7); |
| | 80 | PrintAndLog("G-Prox-II Found: FmtLen %d, FC %u, Card %u", (int)fmtLen, FC, Card); |
| | 81 | } else { |
| | 82 | PrintAndLog("Unknown G-Prox-II Fmt Found: FmtLen %d",(int)fmtLen); |
| | 83 | PrintAndLog("Decoded Raw: %s", sprint_hex(ByteStream, 8)); |
| | 84 | } |
| | 85 | PrintAndLog("Raw: %08x%08x%08x", raw1,raw2,raw3); |
| | 86 | setDemodBuf(DemodBuffer, 96, ans); |
| | 87 | setClockGrid(g_DemodClock, g_DemodStartIdx + (ans*g_DemodClock)); |
| | 88 | |
| | 89 | return 1; |
| | 90 | } |
| | 91 | //by marshmellow |
| | 92 | //see ASKDemod for what args are accepted |
| | 93 | int CmdG_Prox_II_Read(const char *Cmd) { |
| | 94 | // read lf silently |
| | 95 | lf_read(true, 10000); |
| | 96 | // demod and output viking ID |
| | 97 | return CmdG_Prox_II_Demod(Cmd); |
| | 98 | } |
| | 99 | |
| | 100 | static command_t CommandTable[] = { |
| | 101 | {"help", CmdHelp, 1, "This help"}, |
| | 102 | {"demod", CmdG_Prox_II_Demod, 1, "Demodulate a G Prox II tag from the GraphBuffer"}, |
| | 103 | {"read", CmdG_Prox_II_Read, 0, "Attempt to read and Extract tag data from the antenna"}, |
| | 104 | {NULL, NULL, 0, NULL} |
| | 105 | }; |
| | 106 | |
| | 107 | int CmdLF_G_Prox_II(const char *Cmd) { |
| | 108 | CmdsParse(CommandTable, Cmd); |
| | 109 | return 0; |
| | 110 | } |
| | 111 | |
| | 112 | int CmdHelp(const char *Cmd) { |
| | 113 | CmdsHelp(CommandTable); |
| | 114 | return 0; |
| | 115 | } |
projects / proxmark3-svn / blame_incremental