+
+int usage_lf_hid_wiegand(void){
+ PrintAndLog("This command converts facility code/card number to Wiegand code");
+ PrintAndLog("Usage: lf hid wiegand [h] [OEM] [FC] [CN]");
+
+ PrintAndLog("Options:");
+ PrintAndLog(" h - This help");
+ PrintAndLog(" OEM - OEM number / site code");
+ PrintAndLog(" FC - facility code");
+ PrintAndLog(" CN - card number");
+ PrintAndLog("Examples:");
+ PrintAndLog(" lf hid wiegand 0 101 2001");
+ return 0;
+}
+int usage_lf_hid_sim(void){
+ PrintAndLog("HID Tag simulator");
+ PrintAndLog("");
+ PrintAndLog("Usage: lf hid sim [h] [ID]");
+ PrintAndLog("Options:");
+ PrintAndLog(" h - This help");
+ PrintAndLog(" ID - HID id");
+ PrintAndLog("Examples:");
+ PrintAndLog(" lf hid sim 224");
+ return 0;
+}
+int usage_lf_hid_clone(void){
+ PrintAndLog("Clone HID to T55x7. Tag must be on antenna. ");
+ PrintAndLog("");
+ PrintAndLog("Usage: lf hid clone [h] [ID] <L>");
+ PrintAndLog("Options:");
+ PrintAndLog(" h - This help");
+ PrintAndLog(" ID - HID id");
+ PrintAndLog(" L - 84bit ID");
+ PrintAndLog("Examples:");
+ PrintAndLog(" lf hid clone 224");
+ PrintAndLog(" lf hid clone 224 L");
+ return 0;
+}
+int usage_lf_hid_brute(void){
+ PrintAndLog("Enables bruteforce of HID readers with specified facility code.");
+ PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
+ PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
+ PrintAndLog("");
+ PrintAndLog("Usage: lf hid brute [h] a <format> f <facility-code> c <cardnumber> d <delay>");
+ PrintAndLog("Options :");
+ PrintAndLog(" h : This help");
+ PrintAndLog(" a <format> : 26|33|34|35|37|40|44|84");
+ PrintAndLog(" f <facility-code> : 8-bit value HID facility code");
+ PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535");
+ PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms");
+ PrintAndLog("");
+ PrintAndLog("Samples:");
+ PrintAndLog(" lf hid brute a 26 f 224");
+ PrintAndLog(" lf hid brute a 26 f 21 d 2000");
+ PrintAndLog(" lf hid brute a 26 f 21 c 200 d 2000");
+ return 0;
+}
+
+static int sendPing(void){
+ UsbCommand ping = {CMD_PING, {1, 2, 3}};
+ SendCommand(&ping);
+ SendCommand(&ping);
+ SendCommand(&ping);
+ clearCommandBuffer();
+ UsbCommand resp;
+ if (WaitForResponseTimeout(CMD_ACK, &resp, 1000))
+ return 0;
+ return 1;
+}
+static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bs){
+
+ PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
+
+ calcWiegand( fmtlen, fc, cn, bs);
+
+ uint64_t arg1 = bytebits_to_byte(bs,32);
+ uint64_t arg2 = bytebits_to_byte(bs+32,32);
+ UsbCommand c = {CMD_HID_SIM_TAG, {arg1, arg2, 0}};
+ clearCommandBuffer();
+ SendCommand(&c);
+ msleep(delay);
+ sendPing();
+ return TRUE;
+}
+
+int CmdHIDDemodFSK(const char *Cmd) {
+ int findone = ( Cmd[0] == '1' ) ? 1 : 0;
+ UsbCommand c = {CMD_HID_DEMOD_FSK, {findone, 0 , 0}};
+ clearCommandBuffer();
+ SendCommand(&c);
+ return 0;
+}
+
+int CmdHIDSim(const char *Cmd) {
+ unsigned int hi = 0, lo = 0;
+ int n = 0, i = 0;
+
+ uint8_t ctmp = param_getchar(Cmd, 0);
+ if ( strlen(Cmd) == 0 || ctmp == 'H' || ctmp == 'h' ) return usage_lf_hid_sim();
+
+ while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
+ hi = (hi << 4) | (lo >> 28);
+ lo = (lo << 4) | (n & 0xf);
+ }
+
+ PrintAndLog("Emulating tag with ID %x%16x", hi, lo);
+ PrintAndLog("Press pm3-button to abort simulation");
+
+ UsbCommand c = {CMD_HID_SIM_TAG, {hi, lo, 0}};
+ clearCommandBuffer();
+ SendCommand(&c);
+ return 0;
+}
+
+int CmdHIDClone(const char *Cmd) {
+
+ uint32_t hi2 = 0, hi = 0, lo = 0;
+ int n = 0, i = 0;
+ UsbCommand c;
+
+ uint8_t ctmp = param_getchar(Cmd, 0);
+ if ( strlen(Cmd) == 0 || ctmp == 'H' || ctmp == 'h' ) return usage_lf_hid_clone();
+
+ if (strchr(Cmd,'l') != 0) {
+ while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
+ hi2 = (hi2 << 4) | (hi >> 28);
+ hi = (hi << 4) | (lo >> 28);
+ lo = (lo << 4) | (n & 0xf);
+ }
+
+ PrintAndLog("Cloning tag with long ID %x%08x%08x", hi2, hi, lo);
+
+ c.d.asBytes[0] = 1;
+ } else {
+ while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
+ hi = (hi << 4) | (lo >> 28);
+ lo = (lo << 4) | (n & 0xf);
+ }
+
+ PrintAndLog("Cloning tag with ID %x%08x", hi, lo);
+
+ hi2 = 0;
+ c.d.asBytes[0] = 0;
+ }
+
+ c.cmd = CMD_HID_CLONE_TAG;
+ c.arg[0] = hi2;
+ c.arg[1] = hi;
+ c.arg[2] = lo;
+
+ clearCommandBuffer();
+ SendCommand(&c);
+ return 0;