//-----------------------------------------------------------------------------
// Low frequency Farpoint / Pyramid tag commands
//-----------------------------------------------------------------------------
-#include <string.h>
-#include <inttypes.h>
+
#include "cmdlfguard.h"
static int CmdHelp(const char *Cmd);
PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated. ");
PrintAndLog("Currently work only on 26bit");
PrintAndLog("");
- PrintAndLog("Usage: lf guard clone <Facility-Code> <Card-Number>");
+ PrintAndLog("Usage: lf guard clone <format> <Facility-Code> <Card-Number>");
PrintAndLog("Options :");
+ PrintAndLog(" <format> : format length 26|32|36|40");
PrintAndLog(" <Facility-Code> : 8-bit value facility code");
PrintAndLog(" <Card Number> : 16-bit value card number");
PrintAndLog("");
- PrintAndLog("Sample : lf guard clone 123 11223");
+ PrintAndLog("Sample : lf guard clone 26 123 11223");
return 0;
}
PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated.");
PrintAndLog("Currently work only on 26bit");
PrintAndLog("");
- PrintAndLog("Usage: lf guard sim <Card-Number>");
+ PrintAndLog("Usage: lf guard sim <format> <Facility-Code> <Card-Number>");
PrintAndLog("Options :");
+ PrintAndLog(" <format> : format length 26|32|36|40");
PrintAndLog(" <Facility-Code> : 8-bit value facility code");
PrintAndLog(" <Card Number> : 16-bit value card number");
PrintAndLog("");
- PrintAndLog("Sample : lf guard sim 123 11223");
+ PrintAndLog("Sample : lf guard sim 26 123 11223");
return 0;
}
-
// Works for 26bits.
-int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) {
+int GetGuardBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *guardBits) {
- // Intializes random number generator
- time_t t;
- srand((unsigned) time(&t));
-
+ uint8_t xorKey = 0x66;
+ uint8_t i;
uint8_t pre[96];
+ uint8_t rawbytes[12];
memset(pre, 0x00, sizeof(pre));
+ memset(rawbytes, 0x00, sizeof(rawbytes));
+
+ // add format length (decimal)
+ switch (fmtlen) {
+ case 32: {
+ rawbytes[1] = (32 << 2);
+
+ break;
+ }
+ case 36: {
+ // FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1);
+ // Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5);
+ rawbytes[1] = (36 << 2);
+ // Get 26 wiegand from FacilityCode, CardNumber
+ uint8_t wiegand[34];
+ memset(wiegand, 0x00, sizeof(wiegand));
+ num_to_bytebits(fc, 8, wiegand);
+ num_to_bytebits(cn, 26, wiegand+8);
+
+ // add wiegand parity bits (dest, source, len)
+ wiegand_add_parity(pre, wiegand, 34);
+ break;
+ }
+ case 40: {
+ rawbytes[1] = (40 << 2);
+ break;
+ }
+ case 26:
+ default: {
+ rawbytes[1] = (26 << 2);
+ // Get 26 wiegand from FacilityCode, CardNumber
+ uint8_t wiegand[24];
+ memset(wiegand, 0x00, sizeof(wiegand));
+ num_to_bytebits(fc, 8, wiegand);
+ num_to_bytebits(cn, 16, wiegand+8);
+
+ // add wiegand parity bits (dest, source, len)
+ wiegand_add_parity(pre, wiegand, 24);
+ break;
+ }
+ }
+ // 2bit checksum, unknown today,
+ // these two bits are the last ones of rawbyte[1], hence the LSHIFT above.
- uint8_t index = 8;
- // preamble 6bits
- pre[0] = 1;
- pre[1] = 1;
- pre[2] = 1;
- pre[3] = 1;
- pre[4] = 1;
- //pre[5] = 0;
-
- // add xor key
- uint8_t xorKey = rand() % 0xFF;
- num_to_bytebits(xorKey, 8, pre+index);
- index += 8;
+ // xor key
+ rawbytes[0] = xorKey;
- // add format length
- // len | hex | bin wiegand pos fc/cn
- // 26 | 1A | 0001 1010
- num_to_bytebits(26, 8, pre+index);
- // 36 | 24 | 0010 0100
- //num_to_bytebits(36, 8, pre+index);
- // 40 | 28 | 0010 1000
- //num_to_bytebits(40, 8, pre+index);
-
- index += 8;
+ rawbytes[2] = 1;
+ rawbytes[3] = 0;
- // 2bit checksum
- // unknown today.
- index += 2;
+ // add wiegand to rawbytes
+ for (i = 0; i < 4; ++i)
+ rawbytes[i+4] = bytebits_to_byte( pre + (i*8), 8);
- // Get 26 wiegand from FacilityCode, CardNumber
- uint8_t wiegand[24];
- memset(wiegand, 0x00, sizeof(wiegand));
- num_to_bytebits(fc, 8, wiegand);
- num_to_bytebits(cn, 16, wiegand+8);
-
- // add wiegand parity bits (dest, source, len)
- wiegand_add_parity(pre+index, wiegand, 24);
-
- uint8_t tmp = 0, i = 0;
- for (i = 2; i < 12; ++i) {
- // // xor all bytes
- // tmp = xorKey ^ bytebits_to_byte(pre + (i*8), 8);
-
- // // copy to out..
- // num_to_bytebits(tmp, 8, pre + (i*8) );
- }
-
- // add spacer bit 0 every 5
+ if (g_debugMode) printf(" WIE | %s\n", sprint_hex(rawbytes, sizeof(rawbytes)));
- // swap nibbles
+ // XOR (only works on wiegand stuff)
+ for (i = 1; i < 12; ++i)
+ rawbytes[i] ^= xorKey ;
+
+ if (g_debugMode) printf(" XOR | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+
+ // convert rawbytes to bits in pre
+ for (i = 0; i < 12; ++i)
+ num_to_bytebitsLSBF( rawbytes[i], 8, pre + (i*8));
+
+ if (g_debugMode) printf("\n Raw | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+ if (g_debugMode) printf(" Raw | %s\n", sprint_bin(pre, 64) );
- // copy to outarray
- memcpy(guardBits, pre, sizeof(pre));
+ // add spacer bit 0 every 4 bits, starting with index 0,
+ // 12 bytes, 24 nibbles. 24+1 extra bites. 3bytes. ie 9bytes | 1byte xorkey, 8bytes rawdata (64bits, should be enough for a 40bit wiegand)
+ addParity(pre, guardBits+6, 64, 5, 3);
+
+ // preamble
+ guardBits[0] = 1;
+ guardBits[1] = 1;
+ guardBits[2] = 1;
+ guardBits[3] = 1;
+ guardBits[4] = 1;
+ guardBits[5] = 0;
- printf(" | %s\n", sprint_bin(guardBits, 96) );
+ if (g_debugMode) printf(" FIN | %s\n", sprint_bin(guardBits, 96) );
return 1;
}
int CmdGuardRead(const char *Cmd) {
CmdLFRead("s");
- getSamples("30000",false);
+ getSamples("12000", TRUE);
return CmdG_Prox_II_Demod("");
}
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_clone();
- uint32_t facilitycode=0, cardnumber=0, fc = 0, cn = 0;
+ uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0, fmtlen = 0;
uint8_t i;
uint8_t bs[96];
memset(bs, 0x00, sizeof(bs));
//GuardProxII - compat mode, ASK/Biphase, data rate 64, 3 data blocks
- uint32_t blocks[5] = {T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 3<<T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0};
+ uint32_t blocks[5] = {T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 3 << T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0};
-// if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
-// blocks[0] = T5555_MODULATION_FSK2 | 50<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT;
+ if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
+ //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
+ blocks[0] = T5555_MODULATION_FSK2 | ((50-2)>>1) << T5555_BITRATE_SHIFT | 3 << T5555_MAXBLOCK_SHIFT;
- if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_guard_clone();
+ if (sscanf(Cmd, "%u %u %u", &fmtlen, &fc, &cn ) != 3) return usage_lf_guard_clone();
+ fmtlen &= 0x7f;
facilitycode = (fc & 0x000000FF);
cardnumber = (cn & 0x0000FFFF);
- if ( !GetGuardBits(facilitycode, cardnumber, bs)) {
+ if ( !GetGuardBits(fmtlen, facilitycode, cardnumber, bs)) {
PrintAndLog("Error with tag bitstream generation.");
return 1;
}
PrintAndLog("Blk | Data ");
PrintAndLog("----+------------");
for ( i = 0; i<4; ++i )
- PrintAndLog(" %02d | %08x", i, blocks[i]);
-
- // UsbCommand resp;
- // UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
-
- // for ( i = 0; i<5; ++i ) {
- // c.arg[0] = blocks[i];
- // c.arg[1] = i;
- // clearCommandBuffer();
- // SendCommand(&c);
- // if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
- // PrintAndLog("Error occurred, device did not respond during write operation.");
- // return -1;
- // }
- // }
+ PrintAndLog(" %02d | 0x%08x", i, blocks[i]);
+
+ UsbCommand resp;
+ UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
+
+ for ( i = 0; i<4; ++i ) {
+ c.arg[0] = blocks[i];
+ c.arg[1] = i;
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)){
+ PrintAndLog("Error occurred, device did not respond during write operation.");
+ return -1;
+ }
+ }
return 0;
}
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_sim();
- uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0;
+ uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0, fmtlen = 0;
+ uint8_t clock = 64, encoding = 2, separator = 0, invert = 0;
uint8_t bs[96];
- size_t size = sizeof(bs);
- memset(bs, 0x00, size);
+ memset(bs, 0x00, sizeof(bs));
- // Pyramid uses: ASK Biphase, clk: 32, invert: 0
- uint64_t arg1, arg2;
- arg1 = (10 << 8) + 8;
- arg2 = 32 | 0;
-
- if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_guard_sim();
+ if (sscanf(Cmd, "%u %u %u", &fmtlen, &fc, &cn ) != 3) return usage_lf_guard_sim();
+ fmtlen &= 0x7F;
facilitycode = (fc & 0x000000FF);
cardnumber = (cn & 0x0000FFFF);
- if ( !GetGuardBits(facilitycode, cardnumber, bs)) {
+ if ( !GetGuardBits(fmtlen, facilitycode, cardnumber, bs)) {
PrintAndLog("Error with tag bitstream generation.");
return 1;
}
PrintAndLog("Simulating Guardall - Facility Code: %u, CardNumber: %u", facilitycode, cardnumber );
-
+
+ // Guard uses: clk: 64, invert: 0, encoding: 2 (ASK Biphase)
+ uint64_t arg1, arg2;
+ arg1 = (clock << 8) | encoding;
+ arg2 = (invert << 8) | separator;
+
+ uint8_t rawbytes[12];
+ size_t size = sizeof(rawbytes);
+ for (uint8_t i=0; i < size; ++i){
+ rawbytes[i] = bytebits_to_byte( bs + (i*8), 8);
+ }
+
UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}};
- memcpy(c.d.asBytes, bs, size);
+ memcpy(c.d.asBytes, rawbytes, size );
clearCommandBuffer();
SendCommand(&c);
return 0;