]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdlfawid.c
projects / proxmark3-svn / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
FIX: `lf search` - em410x demod was a bit greedy.
[proxmark3-svn] / client / cmdlfawid.c
diff --git a/client/cmdlfawid.c b/client/cmdlfawid.c
index 3b189efee5665494dd29e0f754da1aa1f6a81a17..9883437a759c93824656172c685fc86611e51a7f 100644 (file)
--- a/client/cmdlfawid.c
+++ b/client/cmdlfawid.c
@@ -7,223 +7,296 @@
 // at your option, any later version. See the LICENSE.txt file for the text of
 // the license.
 //-----------------------------------------------------------------------------
 // at your option, any later version. See the LICENSE.txt file for the text of
 // the license.
 //-----------------------------------------------------------------------------
-// Low frequency AWID26 commands
+// Low frequency AWID26/50 commands
 //-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
-
-#include <stdio.h>      // sscanf
-#include "proxmark3.h"  // Definitions, USB controls, etc
-#include "ui.h"         // PrintAndLog
-#include "cmdparser.h"  // CmdsParse, CmdsHelp
 #include "cmdlfawid.h"  // AWID function declarations
 #include "cmdlfawid.h"  // AWID function declarations
-#include "lfdemod.h"    // parityTest
-#include "cmdmain.h"
 static int CmdHelp(const char *Cmd);
 
 int usage_lf_awid_fskdemod(void) {
 static int CmdHelp(const char *Cmd);
 
 int usage_lf_awid_fskdemod(void) {
-  PrintAndLog("Enables AWID26 compatible reader mode printing details of scanned AWID26 tags.");
-  PrintAndLog("By default, values are printed and logged until the button is pressed or another USB command is issued.");
-  PrintAndLog("If the ['1'] option is provided, reader mode is exited after reading a single AWID26 card.");
-  PrintAndLog("");
-  PrintAndLog("Usage:  lf awid fskdemod ['1']");
-  PrintAndLog("Options :");
-  PrintAndLog("  1 : (optional) stop after reading a single card");
-  PrintAndLog("");
-  PrintAndLog("   sample : lf awid fskdemod");
-  PrintAndLog("          : lf awid fskdemod 1");
-  return 0;
+       PrintAndLog("Enables AWID compatible reader mode printing details of scanned AWID26 or AWID50 tags.");
+       PrintAndLog("By default, values are printed and logged until the button is pressed or another USB command is issued.");
+       PrintAndLog("If the [1] option is provided, reader mode is exited after reading a single AWID card.");
+       PrintAndLog("");
+       PrintAndLog("Usage:  lf awid fskdemod [h] [1]");
+       PrintAndLog("Options:");
+       PrintAndLog("      h :  This help");    
+       PrintAndLog("      1 : (optional) stop after reading a single card");
+       PrintAndLog("");
+       PrintAndLog("Samples:");
+       PrintAndLog("       lf awid fskdemod");
+       PrintAndLog("       lf awid fskdemod 1");
+       return 0;
 }
 
 int usage_lf_awid_sim(void) {
 }
 
 int usage_lf_awid_sim(void) {
-  PrintAndLog("Enables simulation of AWID26 card with specified facility-code and card number.");
-  PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
-  PrintAndLog("Per AWID26 format, the facility-code is 8-bit and the card number is 16-bit.  Larger values are truncated.");
-  PrintAndLog("");
-  PrintAndLog("Usage:  lf awid sim <Facility-Code> <Card-Number>");
-  PrintAndLog("Options :");
-  PrintAndLog("  <Facility-Code> :  8-bit value AWID facility code");
-  PrintAndLog("  <Card Number>   : 16-bit value AWID card number");
-  PrintAndLog("");
-  PrintAndLog("sample   : lf awid sim 224 1337");
-  return 0;
+       PrintAndLog("Enables simulation of AWID card with specified facility-code and card number.");
+       PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
+       PrintAndLog("");
+       PrintAndLog("Usage:  lf awid sim [h] <format> <facility-code> <card-number>");
+       PrintAndLog("Options:");
+       PrintAndLog("                h :  This help");  
+       PrintAndLog("         <format> :  format length 26|34|37|50");
+       PrintAndLog("  <facility-code> :  8|16bit value facility code");
+       PrintAndLog("    <card number> :  16|32-bit value card number");
+       PrintAndLog("");
+       PrintAndLog("Samples:");
+       PrintAndLog("       lf awid sim 26 224 1337");
+       PrintAndLog("       lf awid sim 50 2001 13371337");
+       return 0;
 }
 
 int usage_lf_awid_clone(void) {
 }
 
 int usage_lf_awid_clone(void) {
-  PrintAndLog("Enables cloning of AWID26 card with specified facility-code and card number onto T55x7.");
-  PrintAndLog("The T55x7 must be on the antenna when issuing this command.  T55x7 blocks are calculated and printed in the process.");
-  PrintAndLog("Per AWID26 format, the facility-code is 8-bit and the card number is 16-bit.  Larger values are truncated.");
-  PrintAndLog("");
-  PrintAndLog("Usage:  lf awid clone <Facility-Code> <Card-Number>");
-  PrintAndLog("Options :");
-  PrintAndLog("  <Facility-Code> :  8-bit value AWID facility code");
-  PrintAndLog("  <Card Number>   : 16-bit value AWID card number");
-  PrintAndLog("");
-  PrintAndLog("sample  : lf awid clone 224 1337");
-  return 0;
+       PrintAndLog("Enables cloning of AWID card with specified facility-code and card number onto T55x7.");
+       PrintAndLog("The T55x7 must be on the antenna when issuing this command.  T55x7 blocks are calculated and printed in the process.");
+       PrintAndLog("");
+       PrintAndLog("Usage:  lf awid clone [h] <format> <facility-code> <card-number> [Q5]");
+       PrintAndLog("Options:");
+       PrintAndLog("                h :  This help");  
+       PrintAndLog("         <format> :  format length 26|34|37|50");
+       PrintAndLog("  <facility-code> :  8|16bit value facility code");
+       PrintAndLog("    <card number> :  16|32-bit value card number");
+       PrintAndLog("               Q5 :  optional - clone to Q5 (T5555) instead of T55x7 chip");
+       PrintAndLog("");
+       PrintAndLog("Samples:");
+       PrintAndLog("       lf awid clone 26 224 1337");
+       PrintAndLog("       lf awid clone 50 2001 13371337");
+       return 0;
+}
+
+int usage_lf_awid_brute(void){
+       PrintAndLog("Enables bruteforce of AWID reader with specified facility-code.");
+       PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
+       PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
+       PrintAndLog("");
+       PrintAndLog("Usage:  lf awid brute [h] a <format> f <facility-code> c <cardnumber> d <delay>");
+       PrintAndLog("Options:");
+       PrintAndLog("       h                 :  This help");
+       PrintAndLog("       a <format>        :  format length 26|50");
+       PrintAndLog("       f <facility-code> :  8|16bit value facility code");
+       PrintAndLog("       c <cardnumber>    :  (optional) cardnumber to start with, max 65535");
+       PrintAndLog("       d <delay>         :  delay betweens attempts in ms. Default 1000ms");
+       PrintAndLog("");
+       PrintAndLog("Samples:");
+       PrintAndLog("       lf awid brute a 26 f 224");
+       PrintAndLog("       lf awid brute a 50 f 2001 d 2000");
+       PrintAndLog("       lf awid brute a 50 f 2001 c 200 d 2000");
+       return 0;
+}
+
+static int sendPing(void){
+       UsbCommand ping = {CMD_PING, {1, 2, 3}};
+       SendCommand(&ping);
+       SendCommand(&ping);     
+       SendCommand(&ping);     
+       clearCommandBuffer();
+       UsbCommand resp;
+       if (WaitForResponseTimeout(CMD_ACK, &resp, 1000))
+               return 0;
+       return 1;
+}
+
+static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bs, size_t bs_len){
+
+       PrintAndLog("Trying FC: %u; CN: %u", fc, cn);           
+       if ( !getAWIDBits(fmtlen, fc, cn, bs)) {
+               PrintAndLog("Error with tag bitstream generation.");
+               return FALSE;
+       }
+
+       uint64_t arg1 = (10<<8) + 8; // fcHigh = 10, fcLow = 8
+       uint64_t arg2 = 50;              // clk RF/50 invert=0
+       UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, bs_len}};
+       memcpy(c.d.asBytes, bs, bs_len);
+       clearCommandBuffer();
+       SendCommand(&c);
+       msleep(delay);
+       sendPing();
+       return TRUE;
 }
 
 int CmdAWIDDemodFSK(const char *Cmd) {
 }
 
 int CmdAWIDDemodFSK(const char *Cmd) {
-  int findone = 0;
-  if (Cmd[0] == 'h' || Cmd[0] == 'H') return usage_lf_awid_fskdemod();
-  
-  if (Cmd[0] == '1') findone = 1;
-  
-  UsbCommand c = {CMD_AWID_DEMOD_FSK, {findone, 0, 0}};
-  clearCommandBuffer();
-  SendCommand(&c);
-  return 0;   
+
+       if (Cmd[0] == 'h' || Cmd[0] == 'H') return usage_lf_awid_fskdemod();
+       uint8_t findone = (Cmd[0] == '1') ? 1 : 0;
+       UsbCommand c = {CMD_AWID_DEMOD_FSK, {findone, 0, 0}};
+       clearCommandBuffer();
+       SendCommand(&c);
+       return 0;   
 }
 
 }
 
-int getAWIDBits(unsigned int fc, unsigned int cn, uint8_t *AWIDBits)
-{
-       //int i;
-       uint32_t fcode = (fc & 0x000000FF);
-       uint32_t cnum = (cn & 0x0000FFFF);
-       uint32_t uBits = 0;
-  
-       if (fcode != fc)
-               PrintAndLog("NOTE: Facility code truncated for AWID26 format (8-bit facility code)");
-       if (cnum!=cn)
-               PrintAndLog("NOTE: Card number was truncated for AWID26 format (16-bit card number)");
+int CmdAWIDRead(const char *Cmd) {
+       CmdLFRead("s");
+       getSamples("12000", TRUE);
+       return CmdFSKdemodAWID(Cmd);
+}
 
 
-       uint8_t pre[] = {0x01, 0x1D, 0x80, 0x00,0x00,0x00,0x00, 0x11, 0x11, 0x11, 0x11, 0x11};
-       memcpy(AWIDBits, pre , sizeof(pre));
-       
-       // AWIDBits[0] = 0x01; // 6-bit Preamble with 2 parity bits
-       // AWIDBits[1] = 0x1D; // First byte from card format (26-bit) plus parity bits
-       // AWIDBits[2] = 0x80; // Set the next two bits as 0b10 to finish card format
+//refactored by marshmellow
+int getAWIDBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *bits) {
 
 
-       // for (i = 7; i<12; i++)
-               // AWIDBits[i]=0x11;
-       
-       uBits = (fcode<<4) + (cnum>>12);
-       
-       if (!parityTest(uBits,12,0)) AWIDBits[2] |= (1<<5); // If not already even parity, set bit to make even
-       
-       uBits = AWIDBits[2]>>5;
-       
-       if (!parityTest(uBits, 3, 1)) AWIDBits[2] |= (1<<4);
-       
-       uBits = fcode>>5; // first 3 bits of facility-code
-       AWIDBits[2] += (uBits<<1);
-       
-       if (!parityTest(uBits, 3, 1)) AWIDBits[2]++; // Set parity bit to make odd parity
-       
-       uBits = (fcode & 0x1C)>>2;
-       AWIDBits[3] = 0;
-       
-       if (!parityTest(uBits,3,1)) AWIDBits[3] |= (1<<4);
-       
-       AWIDBits[3] += (uBits<<5);
-       uBits = ((fcode & 0x3)<<1) + ((cnum & 0x8000)>>15); // Grab/shift 2 LSBs from facility code and add shifted MSB from cardnum
-       
-       if (!parityTest(uBits,3,1))     AWIDBits[3]++; // Set LSB for parity
-       
-       AWIDBits[3]+= (uBits<<1);
-       uBits = (cnum & 0x7000)>>12;
-       AWIDBits[4] = uBits<<5;
-       
-       if (!parityTest(uBits,3,1))     AWIDBits[4] |= (1<<4);
-       
-       uBits = (cnum & 0x0E00)>>9;
-       AWIDBits[4] += (uBits<<1);
-       
-       if (!parityTest(uBits,3,1))     AWIDBits[4]++; // Set LSB for parity
-       
-       uBits = (cnum & 0x1C0)>>6; // Next bits from card number
-       AWIDBits[5]=(uBits<<5);
+       // the return bits, preamble 0000 0001 
+       bits[7] = 1;  
        
        
-       if (!parityTest(uBits,3,1))     AWIDBits[5] |= (1<<4); // Set odd parity bit as needed
-       
-       uBits = (cnum & 0x38)>>3;
-       AWIDBits[5]+= (uBits<<1);
-       
-       if (!parityTest(uBits,3,1))     AWIDBits[5]++; // Set odd parity bit as needed
-       
-       uBits = (cnum & 0x7); // Last three bits from card number!
-       AWIDBits[6] = (uBits<<5);
-       
-       if (!parityTest(uBits,3,1))     AWIDBits[6] |= (1<<4);
-       
-       uBits = (cnum & 0x0FFF);
+       uint8_t pre[66];
+       memset(pre, 0, sizeof(pre));
+
+       // add formatlength
+       num_to_bytebits(fmtlen, 8, pre);
        
        
-       if (!parityTest(uBits,12,1))
-               AWIDBits[6] |= (1<<3);
-       else
-               AWIDBits[6]++;
+       // add facilitycode, cardnumber and wiegand parity bits
+       switch (fmtlen) {
+               case 26:{
+                       uint8_t wiegand[24];
+                       num_to_bytebits(fc, 8, wiegand);
+                       num_to_bytebits(cn, 16, wiegand+8);
+                       wiegand_add_parity(pre+8, wiegand,  sizeof(wiegand));
+                       break;
+               }
+               case 34:{
+                       uint8_t wiegand[32];
+                       num_to_bytebits(fc, 8, wiegand);
+                       num_to_bytebits(cn, 24, wiegand+8);
+                       wiegand_add_parity(pre+8, wiegand,  sizeof(wiegand));
+                       break;
+               }
+               case 37:{
+                       uint8_t wiegand[31];
+                       num_to_bytebits(fc, 13, wiegand);
+                       num_to_bytebits(cn, 18, wiegand+13);
+                       wiegand_add_parity(pre+8, wiegand,  sizeof(wiegand));
+                       break;
+               }
+               case 50: {
+                       uint8_t wiegand[48];
+                       num_to_bytebits(fc, 16, wiegand);
+                       num_to_bytebits(cn, 32, wiegand+16);
+                       wiegand_add_parity(pre+8, wiegand, sizeof(wiegand));
+                       break;
+               }
+       }
        
        
+       // add AWID 4bit parity 
+       size_t bitLen = addParity(pre, bits+8, 66, 4, 1);
+
+       if (bitLen != 88) return 0;
        return 1;
 }
 
        return 1;
 }
 
-int CmdAWIDSim(const char *Cmd)
-{
-       uint32_t fcode = 0, cnum = 0, fc=0, cn=0, i=0;
-       uint8_t bits[12];
-       uint8_t *bs=bits;
+static void verify_values(uint8_t *fmtlen, uint32_t *fc, uint32_t *cn){
+       switch (*fmtlen) {
+               case 50:
+                       if ((*fc & 0xFFFF) != *fc) {
+                               *fc &= 0xFFFF;
+                               PrintAndLog("Facility-Code Truncated to 16-bits (AWID50): %u", *fc);
+                       }
+                       break;
+               case 37:
+                       if ((*fc & 0x1FFF) != *fc) {
+                               *fc &= 0x1FFF;
+                               PrintAndLog("Facility-Code Truncated to 13-bits (AWID37): %u", *fc);
+                       }
+                       if ((*cn & 0x3FFFF) != *cn) {
+                               *cn &= 0x3FFFF;
+                               PrintAndLog("Card Number Truncated to 18-bits (AWID37): %u", *cn);
+                       }                       
+                       break;
+               case 34:
+                       if ((*fc & 0xFF) != *fc) {
+                               *fc &= 0xFF;
+                               PrintAndLog("Facility-Code Truncated to 8-bits (AWID34): %u", *fc);
+                       }
+                       if ((*cn & 0xFFFFFF) != *cn) {
+                               *cn &= 0xFFFFFF;
+                               PrintAndLog("Card Number Truncated to 24-bits (AWID34): %u", *cn);
+                       }
+                       break;
+               case 26:
+               default:
+                       *fmtlen = 26;
+                       if ((*fc & 0xFF) != *fc) {
+                               *fc &= 0xFF;
+                               PrintAndLog("Facility-Code Truncated to 8-bits (AWID26): %u", *fc);
+                       }
+                       if ((*cn & 0xFFFF) != *cn) {
+                               *cn &= 0xFFFF;
+                               PrintAndLog("Card Number Truncated to 16-bits (AWID26): %u", *cn);
+                       }
+                       break;
+       }
+}
 
 
-       uint64_t arg1 = (10<<8) + 8; // fcHigh = 10, fcLow = 8
+int CmdAWIDSim(const char *Cmd) {
+       uint32_t fc = 0, cn = 0;
+       uint8_t fmtlen = 0;
+       uint8_t bits[96];
+       uint8_t *bs = bits;
+       size_t size = sizeof(bits);
+       memset(bs, 0x00, size);
+
+       uint64_t arg1 = ( 10 << 8 ) + 8; // fcHigh = 10, fcLow = 8
        uint64_t arg2 = 50; // clk RF/50 invert=0
   
        uint64_t arg2 = 50; // clk RF/50 invert=0
   
-       if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_awid_sim();
-
-       fcode = (fc & 0x000000FF);
-       cnum = (cn & 0x0000FFFF);
+       char cmdp = param_getchar(Cmd, 0);
+       if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_awid_sim();
+       
+       fmtlen = param_get8(Cmd, 0);
+       fc = param_get32ex(Cmd, 1, 0, 10);      
+       cn = param_get32ex(Cmd, 2, 0, 10);
+       if ( !fc || !cn) return usage_lf_awid_sim();
        
        
-       if (fc!=fcode) PrintAndLog("Facility-Code (%u) truncated to 8-bits: %u", fc, fcode);
-       if (cn!=cnum)  PrintAndLog("Card number (%u) truncated to 16-bits: %u", cn, cnum);
+       verify_values(&fmtlen, &fc, &cn);
        
        
-       PrintAndLog("Emulating AWID26 -- FC: %u; CN: %u\n", fcode, cnum);
+       PrintAndLog("Emulating AWID %u -- FC: %u; CN: %u\n", fmtlen, fc, cn);
        PrintAndLog("Press pm3-button to abort simulation or run another command");
        
        PrintAndLog("Press pm3-button to abort simulation or run another command");
        
-       if (!getAWIDBits(fc, cn, bs)) {
+       if (!getAWIDBits(fmtlen, fc, cn, bs)) {
                PrintAndLog("Error with tag bitstream generation.");
                return 1;
        }
        // AWID uses: fcHigh: 10, fcLow: 8, clk: 50, invert: 0
                PrintAndLog("Error with tag bitstream generation.");
                return 1;
        }
        // AWID uses: fcHigh: 10, fcLow: 8, clk: 50, invert: 0
-       PrintAndLog("Running 'lf simfsk c 50 H 10 L 8 d %s'", sprint_hex(bs, sizeof(bs)));
-  
        // arg1 --- fcHigh<<8 + fcLow
        // arg2 --- Inversion and clk setting
        // 96   --- Bitstream length: 96-bits == 12 bytes
        // arg1 --- fcHigh<<8 + fcLow
        // arg2 --- Inversion and clk setting
        // 96   --- Bitstream length: 96-bits == 12 bytes
-       UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, 96}};  
-
-       for (i=0; i < 96; i++)
-               c.d.asBytes[i] = (bs[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
-
+       UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, size}};  
+       memcpy(c.d.asBytes, bs, size);
        clearCommandBuffer();
        SendCommand(&c);
        return 0;
 }
 
        clearCommandBuffer();
        SendCommand(&c);
        return 0;
 }
 
-int CmdAWIDClone(const char *Cmd)
-{
-       uint32_t blocks[4] = {0x00107060, 0, 0, 0x11111111};
-       uint32_t fc=0, cn=0, i=0;
-       uint8_t bits[12];
+int CmdAWIDClone(const char *Cmd) {
+       uint32_t blocks[4] = {T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_50 | 3<<T55x7_MAXBLOCK_SHIFT, 0, 0, 0};
+       uint32_t fc = 0, cn = 0;
+       uint8_t fmtlen = 0;
+       uint8_t bits[96];
        uint8_t *bs=bits;
        uint8_t *bs=bits;
+       memset(bs,0,sizeof(bits));
        
        
-       if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_awid_clone();
+       char cmdp = param_getchar(Cmd, 0);
+       if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_awid_clone();
 
 
-       if ((fc & 0xFF) != fc) {
-               fc &= 0xFF;
-               PrintAndLog("Facility-Code Truncated to 8-bits (AWID26): %u", fc);
-       }
+       fmtlen = param_get8(Cmd, 0);
+       fc = param_get32ex(Cmd, 1, 0, 10);
+       cn = param_get32ex(Cmd, 2, 0, 10);
 
 
-       if ((cn & 0xFFFF) != cn) {
-               cn &= 0xFFFF;
-               PrintAndLog("Card Number Truncated to 16-bits (AWID26): %u", cn);
-       }
+       if ( !fc || !cn) return usage_lf_awid_clone();
        
        
-       if ( !getAWIDBits(fc, cn, bs)) {
+       if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
+               //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
+               blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | ((50-2)>>1) << T5555_BITRATE_SHIFT | 3<<T5555_MAXBLOCK_SHIFT;
+
+       verify_values(&fmtlen, &fc, &cn);
+               
+       if ( !getAWIDBits(fmtlen, fc, cn, bs)) {
                PrintAndLog("Error with tag bitstream generation.");
                return 1;
        }       
 
                PrintAndLog("Error with tag bitstream generation.");
                return 1;
        }       
 
-       PrintAndLog("Preparing to clone AWID26 to T55x7 with FC: %u, CN: %u ", fc, cn);
-       PrintAndLog("Raw: %s", sprint_hex(bs, sizeof(bs)));
+       blocks[1] = bytebits_to_byte(bs,32);
+       blocks[2] = bytebits_to_byte(bs+32,32);
+       blocks[3] = bytebits_to_byte(bs+64,32);
 
 
-       blocks[1] = (bs[0]<<24) + (bs[1]<<16) + (bs[2]<<8) + (bs[3]);
-       blocks[2] = (bs[4]<<24) + (bs[5]<<16) + (bs[6]<<8) + (bs[7]);
-       
+       PrintAndLog("Preparing to clone AWID %u to T55x7 with FC: %u, CN: %u", fmtlen, fc, cn);
        PrintAndLog("Blk | Data ");
        PrintAndLog("----+------------");
        PrintAndLog(" 00 | 0x%08x", blocks[0]);
        PrintAndLog("Blk | Data ");
        PrintAndLog("----+------------");
        PrintAndLog(" 00 | 0x%08x", blocks[0]);
@@ -234,12 +307,12 @@ int CmdAWIDClone(const char *Cmd)
        UsbCommand resp;
        UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
 
        UsbCommand resp;
        UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
 
-       for (i=0; i<4; i++) {
+       for (uint8_t i=0; i<4; i++) {
                c.arg[0] = blocks[i];
                c.arg[1] = i;
                clearCommandBuffer();
                SendCommand(&c);
                c.arg[0] = blocks[i];
                c.arg[1] = i;
                clearCommandBuffer();
                SendCommand(&c);
-               if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
+               if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)){
                        PrintAndLog("Error occurred, device did not respond during write operation.");
                        return -1;
                }
                        PrintAndLog("Error occurred, device did not respond during write operation.");
                        return -1;
                }
@@ -247,23 +320,118 @@ int CmdAWIDClone(const char *Cmd)
        return 0;
 }
 
        return 0;
 }
 
-static command_t CommandTable[] = 
-{
+int CmdAWIDBrute(const char *Cmd){
+       
+       bool errors = false;
+       uint32_t fc = 0, cn = 0, delay = 1000;
+       uint8_t fmtlen = 0;
+       uint8_t bits[96];
+       uint8_t *bs = bits;
+       size_t size = sizeof(bits);
+       memset(bs, 0x00, size);
+       uint8_t cmdp = 0;
+       
+       while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
+               switch(param_getchar(Cmd, cmdp)) {
+               case 'h':
+               case 'H':
+                       return usage_lf_awid_brute();
+               case 'f':
+               case 'F':
+                       fc =  param_get32ex(Cmd ,cmdp+1, 0, 10);
+                       if ( !fc )
+                               errors = true;
+                       cmdp += 2;
+                       break;
+               case 'd':
+               case 'D':
+                       // delay between attemps,  defaults to 1000ms. 
+                       delay = param_get32ex(Cmd, cmdp+1, 1000, 10);
+                       cmdp += 2;
+                       break;
+               case 'c':
+               case 'C':
+                       cn = param_get32ex(Cmd, cmdp+1, 0, 10);
+                       // truncate cardnumber.
+                       cn &= 0xFFFF;
+                       cmdp += 2;
+                       break;
+               case 'a':
+               case 'A':
+                       fmtlen = param_get8(Cmd, cmdp+1);
+                       cmdp += 2;
+                       break;
+               default:
+                       PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
+                       errors = true;
+                       break;
+               }
+       }
+       if ( fc == 0 )errors = true;
+       if ( errors ) return usage_lf_awid_brute();
+
+       // limit fc according to selected format
+       switch(fmtlen) {
+               case 50:
+                       if ((fc & 0xFFFF) != fc) {
+                               fc &= 0xFFFF;
+                               PrintAndLog("Facility-code truncated to 16-bits (AWID50): %u", fc);
+                       }
+                       break;
+               default:
+                       if ((fc & 0xFF) != fc) {
+                               fc &= 0xFF;
+                               PrintAndLog("Facility-code truncated to 8-bits (AWID26): %u", fc);
+                       }
+                       break;
+       }
+       
+       PrintAndLog("Bruteforceing AWID %d Reader", fmtlen);
+       PrintAndLog("Press pm3-button to abort simulation or press key");
+
+       uint16_t up = cn;
+       uint16_t down = cn;
+       
+       for (;;){
+       
+               if ( offline ) {
+                       printf("Device offline\n");
+                       return  2;
+               }
+               if (ukbhit()) {
+                       PrintAndLog("aborted via keyboard!");
+                       return sendPing();
+               }
+               
+               // Do one up
+               if ( up < 0xFFFF )
+                       if ( !sendTry(fmtlen, fc, up++, delay, bs, size)) return 1;
+               
+               // Do one down  (if cardnumber is given)
+               if ( cn > 1 )
+                       if ( down > 1 )
+                               if ( !sendTry(fmtlen, fc, --down, delay, bs, size)) return 1;
+       }
+       return 0;
+}
+
+static command_t CommandTable[] = {
        {"help",      CmdHelp,         1, "This help"},
        {"help",      CmdHelp,         1, "This help"},
-       {"fskdemod",  CmdAWIDDemodFSK, 0, "['1'] Realtime AWID FSK demodulator (option '1' for one tag only)"},
-       {"sim",       CmdAWIDSim,      0, "<Facility-Code> <Card Number> -- AWID tag simulator"},
-       {"clone",     CmdAWIDClone,    0, "<Facility-Code> <Card Number> -- Clone AWID to T55x7 (tag must be in range of antenna)"},
+       {"fskdemod",  CmdAWIDDemodFSK, 0, "Realtime AWID FSK demodulator"},
+       {"read",      CmdAWIDRead,     0, "Attempt to read and extract tag data"},
+       {"sim",       CmdAWIDSim,      0, "AWID tag simulator"},
+       {"clone",     CmdAWIDClone,    0, "Clone AWID to T55x7"},
+       {"brute",         CmdAWIDBrute,    0, "Bruteforce card number against reader"},
        {NULL, NULL, 0, NULL}
 };
 
        {NULL, NULL, 0, NULL}
 };
 
-int CmdLFAWID(const char *Cmd)
-{
+int CmdLFAWID(const char *Cmd) {
+       clearCommandBuffer();
        CmdsParse(CommandTable, Cmd);
        return 0;
 }
 
        CmdsParse(CommandTable, Cmd);
        return 0;
 }
 
-int CmdHelp(const char *Cmd)
-{
+int CmdHelp(const char *Cmd) {
        CmdsHelp(CommandTable);
        return 0;
 }
        CmdsHelp(CommandTable);
        return 0;
 }
Proxmark3 GIT tracking
Impressum, Datenschutz