]> git.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlf.c
CHG: fixes to match the new arguments to the darkside attack (keytype A|B and blockn...
[proxmark3-svn] / client / cmdlf.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Low frequency commands
9 //-----------------------------------------------------------------------------
10 #include "cmdlf.h"
11 static int CmdHelp(const char *Cmd);
12
13 int usage_lf_cmdread(void) {
14 PrintAndLog("Usage: lf cmdread d <delay period> z <zero period> o <one period> c <cmdbytes> [H]");
15 PrintAndLog("Options:");
16 PrintAndLog(" h This help");
17 PrintAndLog(" L Low frequency (125 KHz)");
18 PrintAndLog(" H High frequency (134 KHz)");
19 PrintAndLog(" d <delay> delay OFF period, (decimal)");
20 PrintAndLog(" z <zero> time period ZERO, (decimal)");
21 PrintAndLog(" o <one> time period ONE, (decimal)");
22 PrintAndLog(" c <cmd> Command bytes (in ones and zeros)");
23 PrintAndLog(" ************* All periods in microseconds (ms)");
24 PrintAndLog("Examples:");
25 PrintAndLog(" lf cmdread d 80 z 100 o 200 c 11000");
26 PrintAndLog(" lf cmdread d 80 z 100 o 100 c 11000 H");
27 return 0;
28 }
29 int usage_lf_read(void){
30 PrintAndLog("Usage: lf read [h] [s]");
31 PrintAndLog("Options:");
32 PrintAndLog(" h This help");
33 PrintAndLog(" s silent run no printout");
34 PrintAndLog("This function takes no arguments. ");
35 PrintAndLog("Use 'lf config' to set parameters.");
36 return 0;
37 }
38 int usage_lf_snoop(void) {
39 PrintAndLog("Usage: lf snoop");
40 PrintAndLog("Options:");
41 PrintAndLog(" h This help");
42 PrintAndLog("This function takes no arguments. ");
43 PrintAndLog("Use 'lf config' to set parameters.");
44 return 0;
45 }
46 int usage_lf_config(void) {
47 PrintAndLog("Usage: lf config [h] [H|<divisor>] [b <bps>] [d <decim>] [a 0|1]");
48 PrintAndLog("Options:");
49 PrintAndLog(" h This help");
50 PrintAndLog(" L Low frequency (125 KHz)");
51 PrintAndLog(" H High frequency (134 KHz)");
52 PrintAndLog(" q <divisor> Manually set divisor. 88-> 134KHz, 95-> 125 Hz");
53 PrintAndLog(" b <bps> Sets resolution of bits per sample. Default (max): 8");
54 PrintAndLog(" d <decim> Sets decimation. A value of N saves only 1 in N samples. Default: 1");
55 PrintAndLog(" a [0|1] Averaging - if set, will average the stored sample value when decimating. Default: 1");
56 PrintAndLog(" t <threshold> Sets trigger threshold. 0 means no threshold (range: 0-128)");
57 PrintAndLog("Examples:");
58 PrintAndLog(" lf config b 8 L");
59 PrintAndLog(" Samples at 125KHz, 8bps.");
60 PrintAndLog(" lf config H b 4 d 3");
61 PrintAndLog(" Samples at 134KHz, averages three samples into one, stored with ");
62 PrintAndLog(" a resolution of 4 bits per sample.");
63 PrintAndLog(" lf read");
64 PrintAndLog(" Performs a read (active field)");
65 PrintAndLog(" lf snoop");
66 PrintAndLog(" Performs a snoop (no active field)");
67 return 0;
68 }
69 int usage_lf_simfsk(void) {
70 PrintAndLog("Usage: lf simfsk [c <clock>] [i] [H <fcHigh>] [L <fcLow>] [d <hexdata>]");
71 PrintAndLog("Options:");
72 PrintAndLog(" h This help");
73 PrintAndLog(" c <clock> Manually set clock - can autodetect if using DemodBuffer");
74 PrintAndLog(" i invert data");
75 PrintAndLog(" H <fcHigh> Manually set the larger Field Clock");
76 PrintAndLog(" L <fcLow> Manually set the smaller Field Clock");
77 //PrintAndLog(" s TBD- -to enable a gap between playback repetitions - default: no gap");
78 PrintAndLog(" d <hexdata> Data to sim as hex - omit to sim from DemodBuffer");
79 PrintAndLog("\n NOTE: if you set one clock manually set them all manually");
80 return 0;
81 }
82 int usage_lf_simask(void) {
83 PrintAndLog("Usage: lf simask [c <clock>] [i] [b|m|r] [s] [d <raw hex to sim>]");
84 PrintAndLog("Options:");
85 PrintAndLog(" h This help");
86 PrintAndLog(" c <clock> Manually set clock - can autodetect if using DemodBuffer");
87 PrintAndLog(" i invert data");
88 PrintAndLog(" b sim ask/biphase");
89 PrintAndLog(" m sim ask/manchester - Default");
90 PrintAndLog(" r sim ask/raw");
91 PrintAndLog(" s add t55xx Sequence Terminator gap - default: no gaps (only manchester)");
92 PrintAndLog(" d <hexdata> Data to sim as hex - omit to sim from DemodBuffer");
93 return 0;
94 }
95 int usage_lf_simpsk(void) {
96 PrintAndLog("Usage: lf simpsk [1|2|3] [c <clock>] [i] [r <carrier>] [d <raw hex to sim>]");
97 PrintAndLog("Options:");
98 PrintAndLog(" h This help");
99 PrintAndLog(" c <clock> Manually set clock - can autodetect if using DemodBuffer");
100 PrintAndLog(" i invert data");
101 PrintAndLog(" 1 set PSK1 (default)");
102 PrintAndLog(" 2 set PSK2");
103 PrintAndLog(" 3 set PSK3");
104 PrintAndLog(" r <carrier> 2|4|8 are valid carriers: default = 2");
105 PrintAndLog(" d <hexdata> Data to sim as hex - omit to sim from DemodBuffer");
106 return 0;
107 }
108 int usage_lf_find(void){
109 PrintAndLog("Usage: lf search [h] <0|1> [u]");
110 PrintAndLog("");
111 PrintAndLog("Options:");
112 PrintAndLog(" h This help");
113 PrintAndLog(" <0|1> Use data from Graphbuffer, if not set, try reading data from tag.");
114 PrintAndLog(" u Search for Unknown tags, if not set, reads only known tags.");
115 PrintAndLog("Examples:");
116 PrintAndLog(" lf search = try reading data from tag & search for known tags");
117 PrintAndLog(" lf search 1 = use data from GraphBuffer & search for known tags");
118 PrintAndLog(" lf search u = try reading data from tag & search for known and unknown tags");
119 PrintAndLog(" lf search 1 u = use data from GraphBuffer & search for known and unknown tags");
120 return 0;
121 }
122
123
124 /* send a LF command before reading */
125 int CmdLFCommandRead(const char *Cmd) {
126
127 bool errors = FALSE;
128 bool useHighFreq = FALSE;
129 uint16_t one = 0, zero = 0;
130 uint8_t cmdp = 0;
131 UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K, {0,0,0}};
132
133 while(param_getchar(Cmd, cmdp) != 0x00) {
134 switch(param_getchar(Cmd, cmdp)) {
135 case 'h':
136 return usage_lf_cmdread();
137 case 'H':
138 useHighFreq = TRUE;
139 cmdp++;
140 break;
141 case 'L':
142 cmdp++;
143 break;
144 case 'c':
145 param_getstr(Cmd, cmdp+1, (char *)&c.d.asBytes);
146 cmdp+=2;
147 break;
148 case 'd':
149 c.arg[0] = param_get32ex(Cmd, cmdp+1, 0, 10);
150 cmdp+=2;
151 break;
152 case 'z':
153 zero = param_get32ex(Cmd, cmdp+1, 0, 10) & 0xFFFF;
154 cmdp+=2;
155 break;
156 case 'o':
157 one = param_get32ex(Cmd, cmdp+1, 0, 10) & 0xFFFF;
158 cmdp+=2;
159 break;
160 default:
161 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
162 errors = 1;
163 break;
164 }
165 if(errors) break;
166 }
167 // No args
168 if (cmdp == 0) errors = TRUE;
169
170 //Validations
171 if (errors) return usage_lf_cmdread();
172
173 // zero and one lengths
174 c.arg[1] = (uint32_t)(zero << 16 | one);
175
176 // add frequency 125 or 134
177 c.arg[2] = useHighFreq;
178
179 clearCommandBuffer();
180 SendCommand(&c);
181 return 0;
182 }
183
184 int CmdFlexdemod(const char *Cmd)
185 {
186 int i;
187 for (i = 0; i < GraphTraceLen; ++i) {
188 if (GraphBuffer[i] < 0) {
189 GraphBuffer[i] = -1;
190 } else {
191 GraphBuffer[i] = 1;
192 }
193 }
194
195 #define LONG_WAIT 100
196 int start;
197 for (start = 0; start < GraphTraceLen - LONG_WAIT; start++) {
198 int first = GraphBuffer[start];
199 for (i = start; i < start + LONG_WAIT; i++) {
200 if (GraphBuffer[i] != first) {
201 break;
202 }
203 }
204 if (i == (start + LONG_WAIT)) {
205 break;
206 }
207 }
208 if (start == GraphTraceLen - LONG_WAIT) {
209 PrintAndLog("nothing to wait for");
210 return 0;
211 }
212
213 GraphBuffer[start] = 2;
214 GraphBuffer[start+1] = -2;
215 uint8_t bits[64] = {0x00};
216
217 int bit, sum;
218 i = start;
219 for (bit = 0; bit < 64; bit++) {
220 sum = 0;
221 for (int j = 0; j < 16; j++) {
222 sum += GraphBuffer[i++];
223 }
224
225 bits[bit] = (sum > 0) ? 1 : 0;
226
227 PrintAndLog("bit %d sum %d", bit, sum);
228 }
229
230 for (bit = 0; bit < 64; bit++) {
231 int j;
232 int sum = 0;
233 for (j = 0; j < 16; j++) {
234 sum += GraphBuffer[i++];
235 }
236 if (sum > 0 && bits[bit] != 1) {
237 PrintAndLog("oops1 at %d", bit);
238 }
239 if (sum < 0 && bits[bit] != 0) {
240 PrintAndLog("oops2 at %d", bit);
241 }
242 }
243
244 // HACK writing back to graphbuffer.
245 GraphTraceLen = 32*64;
246 i = 0;
247 int phase = 0;
248 for (bit = 0; bit < 64; bit++) {
249
250 phase = (bits[bit] == 0) ? 0 : 1;
251
252 int j;
253 for (j = 0; j < 32; j++) {
254 GraphBuffer[i++] = phase;
255 phase = !phase;
256 }
257 }
258
259 RepaintGraphWindow();
260 return 0;
261 }
262
263 int CmdIndalaDemod(const char *Cmd)
264 {
265 // Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID
266
267 int state = -1;
268 int count = 0;
269 int i, j;
270
271 // worst case with GraphTraceLen=64000 is < 4096
272 // under normal conditions it's < 2048
273
274 uint8_t rawbits[4096];
275 int rawbit = 0;
276 int worst = 0, worstPos = 0;
277 // PrintAndLog("Expecting a bit less than %d raw bits", GraphTraceLen / 32);
278
279 // loop through raw signal - since we know it is psk1 rf/32 fc/2 skip every other value (+=2)
280 for (i = 0; i < GraphTraceLen-1; i += 2) {
281 count += 1;
282 if ((GraphBuffer[i] > GraphBuffer[i + 1]) && (state != 1)) {
283 // appears redundant - marshmellow
284 if (state == 0) {
285 for (j = 0; j < count - 8; j += 16) {
286 rawbits[rawbit++] = 0;
287 }
288 if ((abs(count - j)) > worst) {
289 worst = abs(count - j);
290 worstPos = i;
291 }
292 }
293 state = 1;
294 count = 0;
295 } else if ((GraphBuffer[i] < GraphBuffer[i + 1]) && (state != 0)) {
296 //appears redundant
297 if (state == 1) {
298 for (j = 0; j < count - 8; j += 16) {
299 rawbits[rawbit++] = 1;
300 }
301 if ((abs(count - j)) > worst) {
302 worst = abs(count - j);
303 worstPos = i;
304 }
305 }
306 state = 0;
307 count = 0;
308 }
309 }
310
311 if ( rawbit>0 ){
312 PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
313 PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
314 } else {
315 return 0;
316 }
317
318 // Finding the start of a UID
319 int uidlen, long_wait;
320 if (strcmp(Cmd, "224") == 0) {
321 uidlen = 224;
322 long_wait = 30;
323 } else {
324 uidlen = 64;
325 long_wait = 29;
326 }
327
328 int start;
329 int first = 0;
330 for (start = 0; start <= rawbit - uidlen; start++) {
331 first = rawbits[start];
332 for (i = start; i < start + long_wait; i++) {
333 if (rawbits[i] != first) {
334 break;
335 }
336 }
337 if (i == (start + long_wait)) {
338 break;
339 }
340 }
341
342 if (start == rawbit - uidlen + 1) {
343 PrintAndLog("nothing to wait for");
344 return 0;
345 }
346
347 // Inverting signal if needed
348 if (first == 1) {
349 for (i = start; i < rawbit; i++) {
350 rawbits[i] = !rawbits[i];
351 }
352 }
353
354 // Dumping UID
355 uint8_t bits[224] = {0x00};
356 char showbits[225] = {0x00};
357 int bit;
358 i = start;
359 int times = 0;
360
361 if (uidlen > rawbit) {
362 PrintAndLog("Warning: not enough raw bits to get a full UID");
363 for (bit = 0; bit < rawbit; bit++) {
364 bits[bit] = rawbits[i++];
365 // As we cannot know the parity, let's use "." and "/"
366 showbits[bit] = '.' + bits[bit];
367 }
368 showbits[bit+1]='\0';
369 PrintAndLog("Partial UID=%s", showbits);
370 return 0;
371 } else {
372 for (bit = 0; bit < uidlen; bit++) {
373 bits[bit] = rawbits[i++];
374 showbits[bit] = '0' + bits[bit];
375 }
376 times = 1;
377 }
378
379 //convert UID to HEX
380 uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
381 int idx;
382 uid1 = uid2 = 0;
383
384 if (uidlen==64){
385 for( idx=0; idx<64; idx++) {
386 if (showbits[idx] == '0') {
387 uid1 = (uid1<<1) | (uid2>>31);
388 uid2 = (uid2<<1) | 0;
389 } else {
390 uid1 = (uid1<<1) | (uid2>>31);
391 uid2 = (uid2<<1) | 1;
392 }
393 }
394 PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
395 } else {
396 uid3 = uid4 = uid5 = uid6 = uid7 = 0;
397
398 for( idx=0; idx<224; idx++) {
399 uid1 = (uid1<<1) | (uid2>>31);
400 uid2 = (uid2<<1) | (uid3>>31);
401 uid3 = (uid3<<1) | (uid4>>31);
402 uid4 = (uid4<<1) | (uid5>>31);
403 uid5 = (uid5<<1) | (uid6>>31);
404 uid6 = (uid6<<1) | (uid7>>31);
405
406 if (showbits[idx] == '0')
407 uid7 = (uid7<<1) | 0;
408 else
409 uid7 = (uid7<<1) | 1;
410 }
411 PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
412 }
413
414 // Checking UID against next occurrences
415 int failed = 0;
416 for (; i + uidlen <= rawbit;) {
417 failed = 0;
418 for (bit = 0; bit < uidlen; bit++) {
419 if (bits[bit] != rawbits[i++]) {
420 failed = 1;
421 break;
422 }
423 }
424 if (failed == 1) {
425 break;
426 }
427 times += 1;
428 }
429
430 PrintAndLog("Occurrences: %d (expected %d)", times, (rawbit - start) / uidlen);
431
432 // Remodulating for tag cloning
433 // HACK: 2015-01-04 this will have an impact on our new way of seening lf commands (demod)
434 // since this changes graphbuffer data.
435 GraphTraceLen = 32 * uidlen;
436 i = 0;
437 int phase = 0;
438 for (bit = 0; bit < uidlen; bit++) {
439 phase = (bits[bit] == 0) ? 0 : 1;
440 int j;
441 for (j = 0; j < 32; j++) {
442 GraphBuffer[i++] = phase;
443 phase = !phase;
444 }
445 }
446
447 RepaintGraphWindow();
448 return 1;
449 }
450
451 int CmdIndalaClone(const char *Cmd)
452 {
453 UsbCommand c;
454 unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
455
456 uid1 = uid2 = uid3 = uid4 = uid5 = uid6 = uid7 = 0;
457 int n = 0, i = 0;
458
459 if (strchr(Cmd,'l') != 0) {
460 while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
461 uid1 = (uid1 << 4) | (uid2 >> 28);
462 uid2 = (uid2 << 4) | (uid3 >> 28);
463 uid3 = (uid3 << 4) | (uid4 >> 28);
464 uid4 = (uid4 << 4) | (uid5 >> 28);
465 uid5 = (uid5 << 4) | (uid6 >> 28);
466 uid6 = (uid6 << 4) | (uid7 >> 28);
467 uid7 = (uid7 << 4) | (n & 0xf);
468 }
469 PrintAndLog("Cloning 224bit tag with UID %x%08x%08x%08x%08x%08x%08x", uid1, uid2, uid3, uid4, uid5, uid6, uid7);
470 c.cmd = CMD_INDALA_CLONE_TAG_L;
471 c.d.asDwords[0] = uid1;
472 c.d.asDwords[1] = uid2;
473 c.d.asDwords[2] = uid3;
474 c.d.asDwords[3] = uid4;
475 c.d.asDwords[4] = uid5;
476 c.d.asDwords[5] = uid6;
477 c.d.asDwords[6] = uid7;
478 } else {
479 while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
480 uid1 = (uid1 << 4) | (uid2 >> 28);
481 uid2 = (uid2 << 4) | (n & 0xf);
482 }
483 PrintAndLog("Cloning 64bit tag with UID %x%08x", uid1, uid2);
484 c.cmd = CMD_INDALA_CLONE_TAG;
485 c.arg[0] = uid1;
486 c.arg[1] = uid2;
487 }
488
489 clearCommandBuffer();
490 SendCommand(&c);
491 return 0;
492 }
493
494 int CmdLFSetConfig(const char *Cmd)
495 {
496 uint8_t divisor = 0;//Frequency divisor
497 uint8_t bps = 0; // Bits per sample
498 uint8_t decimation = 0; //How many to keep
499 bool averaging = 1; // Defaults to true
500 bool errors = FALSE;
501 int trigger_threshold = -1;//Means no change
502 uint8_t unsigned_trigg = 0;
503
504 uint8_t cmdp = 0;
505 while(param_getchar(Cmd, cmdp) != 0x00)
506 {
507 switch(param_getchar(Cmd, cmdp))
508 {
509 case 'h':
510 return usage_lf_config();
511 case 'H':
512 divisor = 88;
513 cmdp++;
514 break;
515 case 'L':
516 divisor = 95;
517 cmdp++;
518 break;
519 case 'q':
520 errors |= param_getdec(Cmd,cmdp+1,&divisor);
521 cmdp+=2;
522 break;
523 case 't':
524 errors |= param_getdec(Cmd,cmdp+1,&unsigned_trigg);
525 cmdp+=2;
526 if(!errors) trigger_threshold = unsigned_trigg;
527 break;
528 case 'b':
529 errors |= param_getdec(Cmd,cmdp+1,&bps);
530 cmdp+=2;
531 break;
532 case 'd':
533 errors |= param_getdec(Cmd,cmdp+1,&decimation);
534 cmdp+=2;
535 break;
536 case 'a':
537 averaging = param_getchar(Cmd,cmdp+1) == '1';
538 cmdp+=2;
539 break;
540 default:
541 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
542 errors = 1;
543 break;
544 }
545 if(errors) break;
546 }
547
548 // No args
549 if (cmdp == 0) errors = 1;
550
551 //Validations
552 if (errors) return usage_lf_config();
553
554 //Bps is limited to 8, so fits in lower half of arg1
555 if (bps >> 4) bps = 8;
556
557 sample_config config = { decimation, bps, averaging, divisor, trigger_threshold };
558
559 //Averaging is a flag on high-bit of arg[1]
560 UsbCommand c = {CMD_SET_LF_SAMPLING_CONFIG};
561 memcpy(c.d.asBytes,&config,sizeof(sample_config));
562 clearCommandBuffer();
563 SendCommand(&c);
564 return 0;
565 }
566
567 int CmdLFRead(const char *Cmd)
568 {
569 bool arg1 = false;
570 uint8_t cmdp = param_getchar(Cmd, 0);
571
572 if ( cmdp == 'h' || cmdp == 'H') return usage_lf_read();
573
574 //suppress print
575 if ( cmdp == 's' || cmdp == 'S') arg1 = true;
576
577 UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K, {arg1,0,0}};
578 clearCommandBuffer();
579 SendCommand(&c);
580 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
581 PrintAndLog("command execution time out");
582 return 1;
583 }
584 return 0;
585 }
586
587 int CmdLFSnoop(const char *Cmd)
588 {
589 uint8_t cmdp = param_getchar(Cmd, 0);
590 if(cmdp == 'h' || cmdp == 'H') return usage_lf_snoop();
591
592 UsbCommand c = {CMD_LF_SNOOP_RAW_ADC_SAMPLES};
593 clearCommandBuffer();
594 SendCommand(&c);
595 WaitForResponse(CMD_ACK,NULL);
596 return 0;
597 }
598
599 static void ChkBitstream(const char *str)
600 {
601 int i;
602
603 /* convert to bitstream if necessary */
604 for (i = 0; i < (int)(GraphTraceLen / 2); i++){
605 if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0) {
606 CmdGetBitStream("");
607 break;
608 }
609 }
610 }
611 //Attempt to simulate any wave in buffer (one bit per output sample)
612 // converts GraphBuffer to bitstream (based on zero crossings) if needed.
613 int CmdLFSim(const char *Cmd)
614 {
615 int i,j;
616 static int gap;
617
618 sscanf(Cmd, "%i", &gap);
619
620 // convert to bitstream if necessary
621 ChkBitstream(Cmd);
622
623 //can send only 512 bits at a time (1 byte sent per bit...)
624 printf("Sending [%d bytes]", GraphTraceLen);
625 for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) {
626 UsbCommand c = {CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
627
628 for (j = 0; j < USB_CMD_DATA_SIZE; j++) {
629 c.d.asBytes[j] = GraphBuffer[i+j];
630 }
631 clearCommandBuffer();
632 SendCommand(&c);
633 WaitForResponse(CMD_ACK,NULL);
634 printf(".");
635 }
636
637 PrintAndLog("\nStarting to simulate");
638 UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
639 clearCommandBuffer();
640 SendCommand(&c);
641 return 0;
642 }
643
644 // by marshmellow - sim fsk data given clock, fcHigh, fcLow, invert
645 // - allow pull data from DemodBuffer
646 int CmdLFfskSim(const char *Cmd)
647 {
648 //might be able to autodetect FCs and clock from Graphbuffer if using demod buffer
649 // otherwise will need FChigh, FClow, Clock, and bitstream
650 uint8_t fcHigh = 0, fcLow = 0, clk = 0;
651 uint8_t invert = 0;
652 bool errors = FALSE;
653 char hexData[32] = {0x00}; // store entered hex data
654 uint8_t data[255] = {0x00};
655 int dataLen = 0;
656 uint8_t cmdp = 0;
657
658 while(param_getchar(Cmd, cmdp) != 0x00)
659 {
660 switch(param_getchar(Cmd, cmdp))
661 {
662 case 'h':
663 return usage_lf_simfsk();
664 case 'i':
665 invert = 1;
666 cmdp++;
667 break;
668 case 'c':
669 errors |= param_getdec(Cmd, cmdp+1, &clk);
670 cmdp += 2;
671 break;
672 case 'H':
673 errors |= param_getdec(Cmd, cmdp+1, &fcHigh);
674 cmdp += 2;
675 break;
676 case 'L':
677 errors |= param_getdec(Cmd, cmdp+1, &fcLow);
678 cmdp += 2;
679 break;
680 //case 's':
681 // separator = 1;
682 // cmdp++;
683 // break;
684 case 'd':
685 dataLen = param_getstr(Cmd, cmdp+1, hexData);
686 if (dataLen == 0)
687 errors = TRUE;
688 else
689 dataLen = hextobinarray((char *)data, hexData);
690
691 if (dataLen == 0) errors = TRUE;
692 if (errors) PrintAndLog ("Error getting hex data");
693 cmdp+=2;
694 break;
695 default:
696 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
697 errors = TRUE;
698 break;
699 }
700 if(errors) break;
701 }
702
703 // No args
704 if(cmdp == 0 && DemodBufferLen == 0)
705 errors = TRUE;
706
707 //Validations
708 if(errors) return usage_lf_simfsk();
709
710 if (dataLen == 0){ //using DemodBuffer
711 if (clk == 0 || fcHigh == 0 || fcLow == 0){ //manual settings must set them all
712 uint8_t ans = fskClocks(&fcHigh, &fcLow, &clk, 0);
713 if (ans==0){
714 if (!fcHigh) fcHigh = 10;
715 if (!fcLow) fcLow = 8;
716 if (!clk) clk = 50;
717 }
718 }
719 } else {
720 setDemodBuf(data, dataLen, 0);
721 }
722
723 //default if not found
724 if (clk == 0) clk = 50;
725 if (fcHigh == 0) fcHigh = 10;
726 if (fcLow == 0) fcLow = 8;
727
728 uint16_t arg1, arg2;
729 arg1 = fcHigh << 8 | fcLow;
730 arg2 = invert << 8 | clk;
731 size_t size = DemodBufferLen;
732 if (size > USB_CMD_DATA_SIZE) {
733 PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE);
734 size = USB_CMD_DATA_SIZE;
735 }
736 UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, size}};
737
738 memcpy(c.d.asBytes, DemodBuffer, size);
739 clearCommandBuffer();
740 SendCommand(&c);
741 return 0;
742 }
743
744 // by marshmellow - sim ask data given clock, invert, manchester or raw, separator
745 // - allow pull data from DemodBuffer
746 int CmdLFaskSim(const char *Cmd)
747 {
748 // autodetect clock from Graphbuffer if using demod buffer
749 // needs clock, invert, manchester/raw as m or r, separator as s, and bitstream
750 uint8_t encoding = 1, separator = 0, clk = 0, invert = 0;
751 bool errors = FALSE;
752 char hexData[32] = {0x00};
753 uint8_t data[255]= {0x00}; // store entered hex data
754 int dataLen = 0;
755 uint8_t cmdp = 0;
756
757 while(param_getchar(Cmd, cmdp) != 0x00) {
758 switch(param_getchar(Cmd, cmdp)) {
759 case 'h': return usage_lf_simask();
760 case 'i':
761 invert = 1;
762 cmdp++;
763 break;
764 case 'c':
765 errors |= param_getdec(Cmd, cmdp+1, &clk);
766 cmdp += 2;
767 break;
768 case 'b':
769 encoding = 2; //biphase
770 cmdp++;
771 break;
772 case 'm':
773 encoding = 1; //manchester
774 cmdp++;
775 break;
776 case 'r':
777 encoding = 0; //raw
778 cmdp++;
779 break;
780 case 's':
781 separator = 1;
782 cmdp++;
783 break;
784 case 'd':
785 dataLen = param_getstr(Cmd, cmdp+1, hexData);
786 if (dataLen == 0)
787 errors = TRUE;
788 else
789 dataLen = hextobinarray((char *)data, hexData);
790
791 if (dataLen == 0) errors = TRUE;
792 if (errors) PrintAndLog ("Error getting hex data, datalen: %d", dataLen);
793 cmdp += 2;
794 break;
795 default:
796 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
797 errors = TRUE;
798 break;
799 }
800 if(errors) break;
801 }
802
803 // No args
804 if(cmdp == 0 && DemodBufferLen == 0)
805 errors = TRUE;
806
807 //Validations
808 if(errors) return usage_lf_simask();
809
810 if (dataLen == 0){ //using DemodBuffer
811 if (clk == 0)
812 clk = GetAskClock("0", false, false);
813 } else {
814 setDemodBuf(data, dataLen, 0);
815 }
816 if (clk == 0) clk = 64;
817 if (encoding == 0) clk = clk/2; //askraw needs to double the clock speed
818
819 size_t size = DemodBufferLen;
820
821 if (size > USB_CMD_DATA_SIZE) {
822 PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE);
823 size = USB_CMD_DATA_SIZE;
824 }
825
826 PrintAndLog("preparing to sim ask data: %d bits", size);
827
828 uint16_t arg1, arg2;
829 arg1 = clk << 8 | encoding;
830 arg2 = invert << 8 | separator;
831
832 UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}};
833 memcpy(c.d.asBytes, DemodBuffer, size);
834 clearCommandBuffer();
835 SendCommand(&c);
836 return 0;
837 }
838
839 // by marshmellow - sim psk data given carrier, clock, invert
840 // - allow pull data from DemodBuffer or parameters
841 int CmdLFpskSim(const char *Cmd)
842 {
843 //might be able to autodetect FC and clock from Graphbuffer if using demod buffer
844 //will need carrier, Clock, and bitstream
845 uint8_t carrier=0, clk=0;
846 uint8_t invert=0;
847 bool errors = FALSE;
848 char hexData[32] = {0x00}; // store entered hex data
849 uint8_t data[255] = {0x00};
850 int dataLen = 0;
851 uint8_t cmdp = 0;
852 uint8_t pskType = 1;
853 while(param_getchar(Cmd, cmdp) != 0x00)
854 {
855 switch(param_getchar(Cmd, cmdp))
856 {
857 case 'h':
858 return usage_lf_simpsk();
859 case 'i':
860 invert = 1;
861 cmdp++;
862 break;
863 case 'c':
864 errors |= param_getdec(Cmd,cmdp+1,&clk);
865 cmdp+=2;
866 break;
867 case 'r':
868 errors |= param_getdec(Cmd,cmdp+1,&carrier);
869 cmdp+=2;
870 break;
871 case '1':
872 pskType=1;
873 cmdp++;
874 break;
875 case '2':
876 pskType=2;
877 cmdp++;
878 break;
879 case '3':
880 pskType=3;
881 cmdp++;
882 break;
883 case 'd':
884 dataLen = param_getstr(Cmd, cmdp+1, hexData);
885 if (dataLen==0) {
886 errors=TRUE;
887 } else {
888 dataLen = hextobinarray((char *)data, hexData);
889 }
890 if (dataLen==0) errors=TRUE;
891 if (errors) PrintAndLog ("Error getting hex data");
892 cmdp+=2;
893 break;
894 default:
895 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
896 errors = TRUE;
897 break;
898 }
899 if (errors) break;
900 }
901 if (cmdp == 0 && DemodBufferLen == 0)
902 {
903 errors = TRUE;// No args
904 }
905
906 //Validations
907 if (errors)
908 {
909 return usage_lf_simpsk();
910 }
911 if (dataLen == 0){ //using DemodBuffer
912 PrintAndLog("Getting Clocks");
913 if (clk==0) clk = GetPskClock("", FALSE, FALSE);
914 PrintAndLog("clk: %d",clk);
915 if (!carrier) carrier = GetPskCarrier("", FALSE, FALSE);
916 PrintAndLog("carrier: %d", carrier);
917 } else {
918 setDemodBuf(data, dataLen, 0);
919 }
920
921 if (clk <= 0) clk = 32;
922 if (carrier == 0) carrier = 2;
923 if (pskType != 1){
924 if (pskType == 2){
925 //need to convert psk2 to psk1 data before sim
926 psk2TOpsk1(DemodBuffer, DemodBufferLen);
927 } else {
928 PrintAndLog("Sorry, PSK3 not yet available");
929 }
930 }
931 uint16_t arg1, arg2;
932 arg1 = clk << 8 | carrier;
933 arg2 = invert;
934 size_t size=DemodBufferLen;
935 if (size > USB_CMD_DATA_SIZE) {
936 PrintAndLog("DemodBuffer too long for current implementation - length: %d - max: %d", size, USB_CMD_DATA_SIZE);
937 size=USB_CMD_DATA_SIZE;
938 }
939 UsbCommand c = {CMD_PSK_SIM_TAG, {arg1, arg2, size}};
940 PrintAndLog("DEBUG: Sending DemodBuffer Length: %d", size);
941 memcpy(c.d.asBytes, DemodBuffer, size);
942 clearCommandBuffer();
943 SendCommand(&c);
944
945 return 0;
946 }
947
948 int CmdLFSimBidir(const char *Cmd)
949 {
950 // Set ADC to twice the carrier for a slight supersampling
951 // HACK: not implemented in ARMSRC.
952 PrintAndLog("Not implemented yet.");
953 UsbCommand c = {CMD_LF_SIMULATE_BIDIR, {47, 384, 0}};
954 SendCommand(&c);
955 return 0;
956 }
957
958 int CmdVchDemod(const char *Cmd)
959 {
960 // Is this the entire sync pattern, or does this also include some
961 // data bits that happen to be the same everywhere? That would be
962 // lovely to know.
963 static const int SyncPattern[] = {
964 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
965 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
966 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
967 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
968 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
969 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
970 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
971 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
972 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
973 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
974 };
975
976 // So first, we correlate for the sync pattern, and mark that.
977 int bestCorrel = 0, bestPos = 0;
978 int i;
979 // It does us no good to find the sync pattern, with fewer than
980 // 2048 samples after it...
981 for (i = 0; i < (GraphTraceLen-2048); i++) {
982 int sum = 0;
983 int j;
984 for (j = 0; j < ARRAYLEN(SyncPattern); j++) {
985 sum += GraphBuffer[i+j]*SyncPattern[j];
986 }
987 if (sum > bestCorrel) {
988 bestCorrel = sum;
989 bestPos = i;
990 }
991 }
992 PrintAndLog("best sync at %d [metric %d]", bestPos, bestCorrel);
993
994 char bits[257];
995 bits[256] = '\0';
996
997 int worst = INT_MAX;
998 int worstPos = 0;
999
1000 for (i = 0; i < 2048; i += 8) {
1001 int sum = 0;
1002 int j;
1003 for (j = 0; j < 8; j++) {
1004 sum += GraphBuffer[bestPos+i+j];
1005 }
1006 if (sum < 0) {
1007 bits[i/8] = '.';
1008 } else {
1009 bits[i/8] = '1';
1010 }
1011 if(abs(sum) < worst) {
1012 worst = abs(sum);
1013 worstPos = i;
1014 }
1015 }
1016 PrintAndLog("bits:");
1017 PrintAndLog("%s", bits);
1018 PrintAndLog("worst metric: %d at pos %d", worst, worstPos);
1019
1020 if (strcmp(Cmd, "clone")==0) {
1021 GraphTraceLen = 0;
1022 char *s;
1023 for(s = bits; *s; s++) {
1024 int j;
1025 for(j = 0; j < 16; j++) {
1026 GraphBuffer[GraphTraceLen++] = (*s == '1') ? 1 : 0;
1027 }
1028 }
1029 RepaintGraphWindow();
1030 }
1031 return 0;
1032 }
1033
1034 //by marshmellow
1035 int CmdLFfind(const char *Cmd) {
1036 int ans = 0;
1037 char cmdp = param_getchar(Cmd, 0);
1038 char testRaw = param_getchar(Cmd, 1);
1039 if (strlen(Cmd) > 3 || cmdp == 'h' || cmdp == 'H') return usage_lf_find();
1040
1041 if (!offline && (cmdp != '1')){
1042 CmdLFRead("s");
1043 getSamples("30000",false);
1044 } else if (GraphTraceLen < 1000) {
1045 PrintAndLog("Data in Graphbuffer was too small.");
1046 return 0;
1047 }
1048 if (cmdp == 'u' || cmdp == 'U') testRaw = 'u';
1049
1050 PrintAndLog("NOTE: some demods output possible binary\n if it finds something that looks like a tag");
1051 PrintAndLog("False Positives ARE possible\n");
1052 PrintAndLog("\nChecking for known tags:\n");
1053
1054 ans=CmdFSKdemodIO("");
1055 if (ans>0) {
1056 PrintAndLog("\nValid IO Prox ID Found!");
1057 return 1;
1058 }
1059 ans=CmdFSKdemodPyramid("");
1060 if (ans>0) {
1061 PrintAndLog("\nValid Pyramid ID Found!");
1062 return 1;
1063 }
1064 ans=CmdFSKdemodParadox("");
1065 if (ans>0) {
1066 PrintAndLog("\nValid Paradox ID Found!");
1067 return 1;
1068 }
1069 ans=CmdFSKdemodAWID("");
1070 if (ans>0) {
1071 PrintAndLog("\nValid AWID ID Found!");
1072 return 1;
1073 }
1074 ans=CmdFSKdemodHID("");
1075 if (ans>0) {
1076 PrintAndLog("\nValid HID Prox ID Found!");
1077 return 1;
1078 }
1079 ans=CmdAskEM410xDemod("");
1080 if (ans>0) {
1081 PrintAndLog("\nValid EM410x ID Found!");
1082 return 1;
1083 }
1084 ans=CmdG_Prox_II_Demod("");
1085 if (ans>0) {
1086 PrintAndLog("\nValid Guardall G-Prox II ID Found!");
1087 return 1;
1088 }
1089 ans=CmdFDXBdemodBI("");
1090 if (ans>0) {
1091 PrintAndLog("\nValid FDX-B ID Found!");
1092 return 1;
1093 }
1094 ans=EM4x50Read("", false);
1095 if (ans>0) {
1096 PrintAndLog("\nValid EM4x50 ID Found!");
1097 return 1;
1098 }
1099 ans=CmdVikingDemod("");
1100 if (ans>0) {
1101 PrintAndLog("\nValid Viking ID Found!");
1102 return 1;
1103 }
1104 ans=CmdIndalaDecode("");
1105 if (ans>0) {
1106 PrintAndLog("\nValid Indala ID Found!");
1107 return 1;
1108 }
1109 ans=CmdPSKNexWatch("");
1110 if (ans>0) {
1111 PrintAndLog("\nValid NexWatch ID Found!");
1112 return 1;
1113 }
1114 ans=CmdJablotronDemod("");
1115 if (ans>0) {
1116 PrintAndLog("\nValid Jablotron ID Found!");
1117 return 1;
1118 }
1119 ans=CmdLFNedapDemod("");
1120 if (ans>0) {
1121 PrintAndLog("\nValid NEDAP ID Found!");
1122 return 1;
1123 }
1124 // TIdemod?
1125
1126
1127 PrintAndLog("\nNo Known Tags Found!\n");
1128 if (testRaw=='u' || testRaw=='U'){
1129 //test unknown tag formats (raw mode)
1130 PrintAndLog("\nChecking for Unknown tags:\n");
1131 ans=AutoCorrelate(4000, FALSE, FALSE);
1132
1133 if (ans > 0) {
1134
1135 PrintAndLog("Possible Auto Correlation of %d repeating samples",ans);
1136
1137 if ( ans % 8 == 0) {
1138 int bytes = (ans / 8);
1139 PrintAndLog("Possible %d bytes", bytes);
1140 int blocks = 0;
1141 if ( bytes % 2 == 0) {
1142 blocks = (bytes / 2);
1143 PrintAndLog("Possible 2 blocks, width %d", blocks);
1144 }
1145 if ( bytes % 4 == 0) {
1146 blocks = (bytes / 4);
1147 PrintAndLog("Possible 4 blocks, width %d", blocks);
1148 }
1149 if ( bytes % 8 == 0) {
1150 blocks = (bytes / 8);
1151 PrintAndLog("Possible 8 blocks, width %d", blocks);
1152 }
1153 if ( bytes % 16 == 0) {
1154 blocks = (bytes / 16);
1155 PrintAndLog("Possible 16 blocks, width %d", blocks);
1156 }
1157 }
1158 }
1159
1160 ans=GetFskClock("",FALSE,FALSE);
1161 if (ans != 0){ //fsk
1162 ans=FSKrawDemod("",TRUE);
1163 if (ans>0) {
1164 PrintAndLog("\nUnknown FSK Modulated Tag Found!");
1165 return 1;
1166 }
1167 }
1168 bool st = TRUE;
1169 ans=ASKDemod_ext("0 0 0",TRUE,FALSE,1,&st);
1170 if (ans>0) {
1171 PrintAndLog("\nUnknown ASK Modulated and Manchester encoded Tag Found!");
1172 PrintAndLog("\nif it does not look right it could instead be ASK/Biphase - try 'data rawdemod ab'");
1173 return 1;
1174 }
1175
1176 ans=CmdPSK1rawDemod("");
1177 if (ans>0) {
1178 PrintAndLog("Possible unknown PSK1 Modulated Tag Found above!\n\nCould also be PSK2 - try 'data rawdemod p2'");
1179 PrintAndLog("\nCould also be PSK3 - [currently not supported]");
1180 PrintAndLog("\nCould also be NRZ - try 'data nrzrawdemod");
1181 return 1;
1182 }
1183 PrintAndLog("\nNo Data Found!\n");
1184 }
1185 return 0;
1186 }
1187
1188 static command_t CommandTable[] =
1189 {
1190 {"help", CmdHelp, 1, "This help"},
1191 {"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"},
1192 {"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"},
1193 {"guard", CmdLFGuard, 1, "{ Guardall RFIDs... }"},
1194 {"hid", CmdLFHID, 1, "{ HID RFIDs... }"},
1195 {"hitag", CmdLFHitag, 1, "{ HITAG RFIDs... }"},
1196 {"io", CmdLFIO, 1, "{ IOPROX RFIDs... }"},
1197 {"jablotron", CmdLFJablotron, 1, "{ JABLOTRON RFIDs... }"},
1198 {"nedap", CmdLFNedap, 1, "{ NEDAP RFIDs... }"},
1199 {"pcf7931", CmdLFPCF7931, 1, "{ PCF7931 RFIDs... }"},
1200 {"presco", CmdLFPresco, 1, "{ Presco RFIDs... }"},
1201 {"pyramid", CmdLFPyramid, 1, "{ Farpointe/Pyramid RFIDs... }"},
1202 {"ti", CmdLFTI, 1, "{ TI RFIDs... }"},
1203 {"t55xx", CmdLFT55XX, 1, "{ T55xx RFIDs... }"},
1204 {"viking", CmdLFViking, 1, "{ Viking RFIDs... }"},
1205 {"config", CmdLFSetConfig, 0, "Set config for LF sampling, bit/sample, decimation, frequency"},
1206 {"cmdread", CmdLFCommandRead, 0, "<off period> <'0' period> <'1' period> <command> ['h' 134] \n\t\t-- Modulate LF reader field to send command before read (all periods in microseconds)"},
1207 {"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"},
1208 {"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
1209 {"indalaclone", CmdIndalaClone, 0, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
1210 {"read", CmdLFRead, 0, "['s' silent] Read 125/134 kHz LF ID-only tag. Do 'lf read h' for help"},
1211 {"search", CmdLFfind, 1, "[offline] ['u'] Read and Search for valid known tag (in offline mode it you can load first then search) \n\t\t-- 'u' to search for unknown tags"},
1212 {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
1213 {"simask", CmdLFaskSim, 0, "[clock] [invert <1|0>] [biphase/manchester/raw <'b'|'m'|'r'>] [msg separator 's'] [d <hexdata>] \n\t\t-- Simulate LF ASK tag from demodbuffer or input"},
1214 {"simfsk", CmdLFfskSim, 0, "[c <clock>] [i] [H <fcHigh>] [L <fcLow>] [d <hexdata>] \n\t\t-- Simulate LF FSK tag from demodbuffer or input"},
1215 {"simpsk", CmdLFpskSim, 0, "[1|2|3] [c <clock>] [i] [r <carrier>] [d <raw hex to sim>] \n\t\t-- Simulate LF PSK tag from demodbuffer or input"},
1216 {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
1217 {"snoop", CmdLFSnoop, 0, "['l'|'h'|<divisor>] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"},
1218 {"vchdemod", CmdVchDemod, 1, "['clone'] -- Demodulate samples for VeriChip"},
1219 {NULL, NULL, 0, NULL}
1220 };
1221
1222 int CmdLF(const char *Cmd) {
1223 clearCommandBuffer();
1224 CmdsParse(CommandTable, Cmd);
1225 return 0;
1226 }
1227
1228 int CmdHelp(const char *Cmd) {
1229 CmdsHelp(CommandTable);
1230 return 0;
1231 }
Impressum, Datenschutz