]> git.zerfleddert.de Git - proxmark3-svn/blame_incremental - client/cmdlfindala.c
fix length test
[proxmark3-svn] / client / cmdlfindala.c
... / ...
CommitLineData
1//-----------------------------------------------------------------------------
2//
3// This code is licensed to you under the terms of the GNU GPL, version 2 or,
4// at your option, any later version. See the LICENSE.txt file for the text of
5// the license.
6//-----------------------------------------------------------------------------
7// Low frequency Indala commands
8// PSK1, rf/32, 64 or 224 bits (known)
9//-----------------------------------------------------------------------------
10
11#include <stdio.h>
12#include <string.h>
13#include "cmdlfindala.h"
14#include "proxmark3.h"
15#include "ui.h"
16#include "graph.h"
17#include "cmdparser.h"
18#include "cmddata.h" //for g_debugMode, demodbuff cmds
19#include "lfdemod.h" //for indala26decode
20#include "util.h" //for sprint_bin_break
21#include "cmdlf.h" //for CmdLFRead
22#include "cmdmain.h" //for clearCommandBuffer
23
24static int CmdHelp(const char *Cmd);
25
26// Indala 26 bit decode
27// by marshmellow
28// optional arguments - same as PSKDemod (clock & invert & maxerr)
29int CmdIndalaDecode(const char *Cmd) {
30 int ans;
31 if (strlen(Cmd)>0) {
32 ans = PSKDemod(Cmd, 0);
33 } else { //default to RF/32
34 ans = PSKDemod("32", 0);
35 }
36
37 if (!ans) {
38 if (g_debugMode) PrintAndLog("Error1: %i",ans);
39 return 0;
40 }
41 uint8_t invert=0;
42 size_t size = DemodBufferLen;
43 int startIdx = indala26decode(DemodBuffer, &size, &invert);
44 if (startIdx < 0 || size > 224) {
45 if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
46 return -1;
47 }
48 setDemodBuf(DemodBuffer, size, (size_t)startIdx);
49 if (invert)
50 if (g_debugMode)
51 PrintAndLog("Had to invert bits");
52
53 PrintAndLog("BitLen: %d",DemodBufferLen);
54 //convert UID to HEX
55 uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
56 uid1=bytebits_to_byte(DemodBuffer,32);
57 uid2=bytebits_to_byte(DemodBuffer+32,32);
58 if (DemodBufferLen==64) {
59 PrintAndLog("Indala UID=%s (%x%08x)", sprint_bin_break(DemodBuffer,DemodBufferLen,16), uid1, uid2);
60 } else if (DemodBufferLen==224) {
61 uid3=bytebits_to_byte(DemodBuffer+64,32);
62 uid4=bytebits_to_byte(DemodBuffer+96,32);
63 uid5=bytebits_to_byte(DemodBuffer+128,32);
64 uid6=bytebits_to_byte(DemodBuffer+160,32);
65 uid7=bytebits_to_byte(DemodBuffer+192,32);
66 PrintAndLog("Indala UID=%s (%x%08x%08x%08x%08x%08x%08x)",
67 sprint_bin_break(DemodBuffer,DemodBufferLen,16), uid1, uid2, uid3, uid4, uid5, uid6, uid7);
68 }
69 if (g_debugMode) {
70 PrintAndLog("DEBUG: printing demodbuffer:");
71 printDemodBuff();
72 }
73 return 1;
74}
75
76int CmdIndalaRead(const char *Cmd) {
77 lf_read(true, 30000);
78 return CmdIndalaDecode("");
79}
80
81// older alternative indala demodulate (has some positives and negatives)
82// returns false positives more often - but runs against more sets of samples
83// poor psk signal can be difficult to demod this approach might succeed when the other fails
84// but the other appears to currently be more accurate than this approach most of the time.
85int CmdIndalaDemod(const char *Cmd) {
86 // Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID
87
88 int state = -1;
89 int count = 0;
90 int i, j;
91
92 // worst case with GraphTraceLen=64000 is < 4096
93 // under normal conditions it's < 2048
94
95 uint8_t rawbits[4096];
96 int rawbit = 0;
97 int worst = 0, worstPos = 0;
98 // PrintAndLog("Expecting a bit less than %d raw bits", GraphTraceLen / 32);
99
100 // loop through raw signal - since we know it is psk1 rf/32 fc/2 skip every other value (+=2)
101 for (i = 0; i < GraphTraceLen-1; i += 2) {
102 count += 1;
103 if ((GraphBuffer[i] > GraphBuffer[i + 1]) && (state != 1)) {
104 // appears redundant - marshmellow
105 if (state == 0) {
106 for (j = 0; j < count - 8; j += 16) {
107 rawbits[rawbit++] = 0;
108 }
109 if ((abs(count - j)) > worst) {
110 worst = abs(count - j);
111 worstPos = i;
112 }
113 }
114 state = 1;
115 count = 0;
116 } else if ((GraphBuffer[i] < GraphBuffer[i + 1]) && (state != 0)) {
117 //appears redundant
118 if (state == 1) {
119 for (j = 0; j < count - 8; j += 16) {
120 rawbits[rawbit++] = 1;
121 }
122 if ((abs(count - j)) > worst) {
123 worst = abs(count - j);
124 worstPos = i;
125 }
126 }
127 state = 0;
128 count = 0;
129 }
130 }
131
132 if (rawbit>0){
133 PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
134 PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
135 } else {
136 return 0;
137 }
138
139 // Finding the start of a UID
140 int uidlen, long_wait;
141 if (strcmp(Cmd, "224") == 0) {
142 uidlen = 224;
143 long_wait = 30;
144 } else {
145 uidlen = 64;
146 long_wait = 29;
147 }
148
149 int start;
150 int first = 0;
151 for (start = 0; start <= rawbit - uidlen; start++) {
152 first = rawbits[start];
153 for (i = start; i < start + long_wait; i++) {
154 if (rawbits[i] != first) {
155 break;
156 }
157 }
158 if (i == (start + long_wait)) {
159 break;
160 }
161 }
162
163 if (start == rawbit - uidlen + 1) {
164 PrintAndLog("nothing to wait for");
165 return 0;
166 }
167
168 // Inverting signal if needed
169 if (first == 1) {
170 for (i = start; i < rawbit; i++) {
171 rawbits[i] = !rawbits[i];
172 }
173 }
174
175 // Dumping UID
176 uint8_t bits[224] = {0x00};
177 char showbits[225] = {0x00};
178 int bit;
179 i = start;
180 int times = 0;
181
182 if (uidlen > rawbit) {
183 PrintAndLog("Warning: not enough raw bits to get a full UID");
184 for (bit = 0; bit < rawbit; bit++) {
185 bits[bit] = rawbits[i++];
186 // As we cannot know the parity, let's use "." and "/"
187 showbits[bit] = '.' + bits[bit];
188 }
189 showbits[bit+1]='\0';
190 PrintAndLog("Partial UID=%s", showbits);
191 return 0;
192 } else {
193 for (bit = 0; bit < uidlen; bit++) {
194 bits[bit] = rawbits[i++];
195 showbits[bit] = '0' + bits[bit];
196 }
197 times = 1;
198 }
199
200 //convert UID to HEX
201 uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
202 int idx;
203 uid1 = uid2 = 0;
204
205 if (uidlen==64){
206 for( idx=0; idx<64; idx++) {
207 if (showbits[idx] == '0') {
208 uid1=(uid1<<1)|(uid2>>31);
209 uid2=(uid2<<1)|0;
210 } else {
211 uid1=(uid1<<1)|(uid2>>31);
212 uid2=(uid2<<1)|1;
213 }
214 }
215 PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
216 }
217 else {
218 uid3 = uid4 = uid5 = uid6 = uid7 = 0;
219
220 for( idx=0; idx<224; idx++) {
221 uid1=(uid1<<1)|(uid2>>31);
222 uid2=(uid2<<1)|(uid3>>31);
223 uid3=(uid3<<1)|(uid4>>31);
224 uid4=(uid4<<1)|(uid5>>31);
225 uid5=(uid5<<1)|(uid6>>31);
226 uid6=(uid6<<1)|(uid7>>31);
227
228 if (showbits[idx] == '0')
229 uid7 = (uid7<<1) | 0;
230 else
231 uid7 = (uid7<<1) | 1;
232 }
233 PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
234 }
235
236 // Checking UID against next occurrences
237 int failed = 0;
238 for (; i + uidlen <= rawbit;) {
239 failed = 0;
240 for (bit = 0; bit < uidlen; bit++) {
241 if (bits[bit] != rawbits[i++]) {
242 failed = 1;
243 break;
244 }
245 }
246 if (failed == 1) {
247 break;
248 }
249 times += 1;
250 }
251
252 PrintAndLog("Occurrences: %d (expected %d)", times, (rawbit - start) / uidlen);
253
254 // Remodulating for tag cloning
255 // HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod)
256 // since this changes graphbuffer data.
257 GraphTraceLen = 32*uidlen;
258 i = 0;
259 int phase = 0;
260 for (bit = 0; bit < uidlen; bit++) {
261 if (bits[bit] == 0) {
262 phase = 0;
263 } else {
264 phase = 1;
265 }
266 int j;
267 for (j = 0; j < 32; j++) {
268 GraphBuffer[i++] = phase;
269 phase = !phase;
270 }
271 }
272
273 RepaintGraphWindow();
274 return 1;
275}
276
277int CmdIndalaClone(const char *Cmd) {
278 UsbCommand c;
279 unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
280
281 uid1 = uid2 = uid3 = uid4 = uid5 = uid6 = uid7 = 0;
282 int n = 0, i = 0;
283
284 if (strchr(Cmd,'l') != 0) {
285 while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
286 uid1 = (uid1 << 4) | (uid2 >> 28);
287 uid2 = (uid2 << 4) | (uid3 >> 28);
288 uid3 = (uid3 << 4) | (uid4 >> 28);
289 uid4 = (uid4 << 4) | (uid5 >> 28);
290 uid5 = (uid5 << 4) | (uid6 >> 28);
291 uid6 = (uid6 << 4) | (uid7 >> 28);
292 uid7 = (uid7 << 4) | (n & 0xf);
293 }
294 PrintAndLog("Cloning 224bit tag with UID %x%08x%08x%08x%08x%08x%08x", uid1, uid2, uid3, uid4, uid5, uid6, uid7);
295 c.cmd = CMD_INDALA_CLONE_TAG_L;
296 c.d.asDwords[0] = uid1;
297 c.d.asDwords[1] = uid2;
298 c.d.asDwords[2] = uid3;
299 c.d.asDwords[3] = uid4;
300 c.d.asDwords[4] = uid5;
301 c.d.asDwords[5] = uid6;
302 c.d.asDwords[6] = uid7;
303 } else {
304 while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
305 uid1 = (uid1 << 4) | (uid2 >> 28);
306 uid2 = (uid2 << 4) | (n & 0xf);
307 }
308 PrintAndLog("Cloning 64bit tag with UID %x%08x", uid1, uid2);
309 c.cmd = CMD_INDALA_CLONE_TAG;
310 c.arg[0] = uid1;
311 c.arg[1] = uid2;
312 }
313
314 clearCommandBuffer();
315 SendCommand(&c);
316 return 0;
317}
318
319static command_t CommandTable[] = {
320 {"help", CmdHelp, 1, "This help"},
321 {"demod", CmdIndalaDecode, 1, "[clock] [invert<0|1>] -- Demodulate an indala tag (PSK1) from GraphBuffer (args optional)"},
322 {"read", CmdIndalaRead, 0, "Read an Indala Prox tag from the antenna"},
323 {"clone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be on antenna)(UID in HEX)(option 'l' for 224 UID"},
324 {"altdemod", CmdIndalaDemod, 1, "['224'] -- Alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
325 //{"sim", CmdIndalaSim, 0, "<ID> -- indala tag simulator"},
326 {NULL, NULL, 0, NULL}
327};
328
329int CmdLFINDALA(const char *Cmd) {
330 CmdsParse(CommandTable, Cmd);
331 return 0;
332}
333
334int CmdHelp(const char *Cmd) {
335 CmdsHelp(CommandTable);
336 return 0;
337}
Impressum, Datenschutz