X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/040a7baad0fa7c2901e44e5f5f63f0918d29ae97..c2d25819d8c55b568814da61d116fda9b4ad53d1:/client/cmdlf.c diff --git a/client/cmdlf.c b/client/cmdlf.c index 40bb8a21..a198e1e1 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -1,6 +1,18 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2010 iZsh +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency commands +//----------------------------------------------------------------------------- + #include +#include #include -#include "proxusb.h" +#include +#include "proxmark3.h" #include "data.h" #include "graph.h" #include "ui.h" @@ -11,6 +23,10 @@ #include "cmdlfhid.h" #include "cmdlfti.h" #include "cmdlfem4x.h" +#include "cmdlfhitag.h" +#include "cmdlft55xx.h" +#include "cmdlfpcf7931.h" +#include "cmdlfio.h" static int CmdHelp(const char *Cmd); @@ -22,7 +38,7 @@ int CmdLFCommandRead(const char *Cmd) dummy[0]= ' '; UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K}; - sscanf(Cmd, "%i %i %i %s %s", &c.arg[0], &c.arg[1], &c.arg[2], (char *) &c.d.asBytes,(char *) &dummy+1); + sscanf(Cmd, "%"lli" %"lli" %"lli" %s %s", &c.arg[0], &c.arg[1], &c.arg[2],(char*)(&c.d.asBytes),(char*)(&dummy+1)); // in case they specified 'h' strcpy((char *)&c.d.asBytes + strlen((char *)c.d.asBytes), dummy); SendCommand(&c); @@ -112,7 +128,7 @@ int CmdFlexdemod(const char *Cmd) RepaintGraphWindow(); return 0; } - + int CmdIndalaDemod(const char *Cmd) { // Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID @@ -215,7 +231,42 @@ int CmdIndalaDemod(const char *Cmd) } times = 1; } - PrintAndLog("UID=%s", showbits); + + //convert UID to HEX + uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7; + int idx; + uid1=0; + uid2=0; + if (uidlen==64){ + for( idx=0; idx<64; idx++) { + if (showbits[idx] == '0') { + uid1=(uid1<<1)|(uid2>>31); + uid2=(uid2<<1)|0; + } else { + uid1=(uid1<<1)|(uid2>>31); + uid2=(uid2<<1)|1; + } + } + PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2); + } + else { + uid3=0; + uid4=0; + uid5=0; + uid6=0; + uid7=0; + for( idx=0; idx<224; idx++) { + uid1=(uid1<<1)|(uid2>>31); + uid2=(uid2<<1)|(uid3>>31); + uid3=(uid3<<1)|(uid4>>31); + uid4=(uid4<<1)|(uid5>>31); + uid5=(uid5<<1)|(uid6>>31); + uid6=(uid6<<1)|(uid7>>31); + if (showbits[idx] == '0') uid7=(uid7<<1)|0; + else uid7=(uid7<<1)|1; + } + PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7); + } // Checking UID against next occurences for (; i + uidlen <= rawbit;) { @@ -254,6 +305,55 @@ int CmdIndalaDemod(const char *Cmd) return 0; } +int CmdIndalaClone(const char *Cmd) +{ + unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7; + UsbCommand c; + uid1=0; + uid2=0; + uid3=0; + uid4=0; + uid5=0; + uid6=0; + uid7=0; + int n = 0, i = 0; + + if (strchr(Cmd,'l') != 0) { + while (sscanf(&Cmd[i++], "%1x", &n ) == 1) { + uid1 = (uid1 << 4) | (uid2 >> 28); + uid2 = (uid2 << 4) | (uid3 >> 28); + uid3 = (uid3 << 4) | (uid4 >> 28); + uid4 = (uid4 << 4) | (uid5 >> 28); + uid5 = (uid5 << 4) | (uid6 >> 28); + uid6 = (uid6 << 4) | (uid7 >> 28); + uid7 = (uid7 << 4) | (n & 0xf); + } + PrintAndLog("Cloning 224bit tag with UID %x%08x%08x%08x%08x%08x%08x", uid1, uid2, uid3, uid4, uid5, uid6, uid7); + c.cmd = CMD_INDALA_CLONE_TAG_L; + c.d.asDwords[0] = uid1; + c.d.asDwords[1] = uid2; + c.d.asDwords[2] = uid3; + c.d.asDwords[3] = uid4; + c.d.asDwords[4] = uid5; + c.d.asDwords[5] = uid6; + c.d.asDwords[6] = uid7; + } + else + { + while (sscanf(&Cmd[i++], "%1x", &n ) == 1) { + uid1 = (uid1 << 4) | (uid2 >> 28); + uid2 = (uid2 << 4) | (n & 0xf); + } + PrintAndLog("Cloning 64bit tag with UID %x%08x", uid1, uid2); + c.cmd = CMD_INDALA_CLONE_TAG; + c.arg[0] = uid1; + c.arg[1] = uid2; + } + + SendCommand(&c); + return 0; +} + int CmdLFRead(const char *Cmd) { UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K}; @@ -262,12 +362,14 @@ int CmdLFRead(const char *Cmd) c.arg[0] = 1; } else if (*Cmd == '\0') { c.arg[0] = 0; - } else { - PrintAndLog("use 'read' or 'read h'"); + } else if (sscanf(Cmd, "%"lli, &c.arg[0]) != 1) { + PrintAndLog("Samples 1: 'lf read'"); + PrintAndLog(" 2: 'lf read h'"); + PrintAndLog(" 3: 'lf read '"); return 0; } SendCommand(&c); - WaitForResponse(CMD_ACK); + WaitForResponse(CMD_ACK,NULL); return 0; } @@ -304,7 +406,7 @@ int CmdLFSim(const char *Cmd) c.d.asBytes[j] = GraphBuffer[i+j]; } SendCommand(&c); - WaitForResponse(CMD_ACK); + WaitForResponse(CMD_ACK,NULL); } PrintAndLog("Starting simulator..."); @@ -349,6 +451,40 @@ int CmdLFSimManchester(const char *Cmd) return 0; } +int CmdLFSnoop(const char *Cmd) +{ + UsbCommand c = {CMD_LF_SNOOP_RAW_ADC_SAMPLES}; + // 'h' means higher-low-frequency, 134 kHz + c.arg[0] = 0; + c.arg[1] = -1; + if (*Cmd == 0) { + // empty + } else if (*Cmd == 'l') { + sscanf(Cmd, "l %"lli, &c.arg[1]); + } else if(*Cmd == 'h') { + c.arg[0] = 1; + sscanf(Cmd, "h %"lli, &c.arg[1]); + } else if (sscanf(Cmd, "%"lli" %"lli, &c.arg[0], &c.arg[1]) < 1) { + PrintAndLog("use 'snoop' or 'snoop {l,h} [trigger threshold]', or 'snoop [trigger threshold]'"); + return 0; + } + SendCommand(&c); + WaitForResponse(CMD_ACK,NULL); + + size_t BUFF_SIZE = 8000; + uint8_t data[BUFF_SIZE]; + + GetFromBigBuf(data,BUFF_SIZE,3560); //3560 -- should be offset.. + WaitForResponseTimeout(CMD_ACK,NULL, 1500); + + for (int j = 0; j < BUFF_SIZE; j++) { + GraphBuffer[j] = ((int)data[j]); + } + GraphTraceLen = BUFF_SIZE; + + return 0; +} + int CmdVchDemod(const char *Cmd) { // Is this the entire sync pattern, or does this also include some @@ -389,7 +525,7 @@ int CmdVchDemod(const char *Cmd) bits[256] = '\0'; int worst = INT_MAX; - int worstPos; + int worstPos = 0; for (i = 0; i < 2048; i += 8) { int sum = 0; @@ -429,16 +565,27 @@ static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"cmdread", CmdLFCommandRead, 0, " <'0' period> <'1' period> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"}, - {"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"}, + {"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"}, - {"hid", CmdLFHID, 1, "{ HID RFIDs... }"}, {"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"}, - {"read", CmdLFRead, 0, "['h'] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134)"}, + {"indalaclone", CmdIndalaClone, 1, " ['l']-- Clone Indala to T55x7 (UID in HEX)(option 'l' for 224 UID"}, + {"vchdemod", CmdVchDemod, 1, "['clone'] -- Demodulate samples for VeriChip"}, + + + {"read", CmdLFRead, 0, "['h' or ] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134, alternatively: f=12MHz/(divisor+1))"}, {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"}, {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"}, {"simman", CmdLFSimManchester, 0, " [GAP] Simulate arbitrary Manchester LF tag"}, - {"ti", CmdLFTI, 1, "{ TI RFIDs... }"}, - {"vchdemod", CmdVchDemod, 1, "['clone'] -- Demodulate samples for VeriChip"}, + {"snoop", CmdLFSnoop, 0, "['l'|'h'|] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"}, + + {"em4x", CmdLFEM4X, 1, "{ EM4X tags }"}, + {"hid", CmdLFHID, 1, "{ HID tags }"}, + {"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders }"}, + {"io", CmdLFIO, 1, "{ ioProx tags }"}, + {"pcf7931", CmdLFPCF7931, 1, "{ PCF7931 tags }"}, + {"ti", CmdLFTI, 1, "{ TI tags }"}, + {"t55xx", CmdLFT55XX, 1, "{ T55xx tags }"}, + {NULL, NULL, 0, NULL} };