X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/41dab153055c6bdbbea436b01e7fcf87354c435a..4bbf5ad17d6e75362f19ce93c99680ddf081ab66:/client/cmdhflegic.c diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 5ff60a3a..777f524f 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -1,12 +1,23 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2010 iZsh +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency Legic commands +//----------------------------------------------------------------------------- + #include #include -#include "proxusb.h" +#include +#include "proxmark3.h" #include "data.h" #include "ui.h" #include "cmdparser.h" #include "cmdhflegic.h" #include "cmdmain.h" - +#include "util.h" static int CmdHelp(const char *Cmd); static command_t CommandTable[] = @@ -14,6 +25,11 @@ static command_t CommandTable[] = {"help", CmdHelp, 1, "This help"}, {"decode", CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"}, {"reader", CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"}, + {"save", CmdLegicSave, 0, " [] -- Store samples"}, + {"load", CmdLegicLoad, 0, " -- Restore samples"}, + {"sim", CmdLegicRfSim, 0, "[phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)"}, + {"write", CmdLegicRfWrite,0, " -- Write sample buffer (user after load or read)"}, + {"fill", CmdLegicRfFill, 0, " -- Fill/Write tag with constant value"}, {NULL, NULL, 0, NULL} }; @@ -33,39 +49,23 @@ int CmdHelp(const char *Cmd) * Output BigBuf and deobfuscate LEGIC RF tag data. * This is based on information given in the talk held * by Henryk Ploetz and Karsten Nohl at 26c3 - * FIXME: will crash if sample buffer does not contain valid legic data */ int CmdLegicDecode(const char *Cmd) { - int h, i, j, k, n; + int i, j, k, n; int segment_len = 0; int segment_flag = 0; int stamp_len = 0; int crc = 0; int wrp = 0; int wrc = 0; - int data_buf[1032]; // receiver buffer + uint8_t data_buf[1052]; // receiver buffer char out_string[3076]; // just use big buffer - bad practice char token_type[4]; - int delivered = 0; - - h = 0; // copy data from proxmark into buffer - for (i = 0; i < 256; i += 12, h += 48) { - UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {i, 0, 0}}; - SendCommand(&c); - WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K); - - for (j = 0; j < 48; j += 8) { - for (k = 0; k < 8; k++) { - data_buf[h+j+k] = sample_buf[j+k]; - } - delivered += 8; - if (delivered >= 1024) - break; - } - } + GetFromBigBuf(data_buf,sizeof(data_buf),0); + WaitForResponse(CMD_ACK,NULL); // Output CDF System area (9 bytes) plus remaining header area (12 bytes) @@ -162,7 +162,7 @@ int CmdLegicDecode(const char *Cmd) if (wrc>0) { PrintAndLog("WRC protected area:"); - for (k=0, j=0; k < wrc; k++, i++, j += 3) { + for (k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -175,7 +175,7 @@ int CmdLegicDecode(const char *Cmd) if (wrp>wrc) { PrintAndLog("Remaining write protected area:"); - for (k=0, j=0; k < (wrp-wrc); k++, i++, j += 3) { + for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -190,7 +190,7 @@ int CmdLegicDecode(const char *Cmd) } PrintAndLog("Remaining segment payload:"); - for (k=0, j=0; k < (segment_len - wrp - 5); k++, i++, j += 3) { + for (k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -210,9 +210,157 @@ int CmdLegicRFRead(const char *Cmd) { int byte_count=0,offset=0; sscanf(Cmd, "%i %i", &offset, &byte_count); - if(byte_count == 0) byte_count = 256; - if(byte_count + offset > 256) byte_count = 256 - offset; + if(byte_count == 0) byte_count = -1; + if(byte_count + offset > 1024) byte_count = 1024 - offset; UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}}; SendCommand(&c); return 0; } + +int CmdLegicLoad(const char *Cmd) +{ + char filename[FILE_PATH_SIZE] = {0x00}; + int len = 0; + + if (param_getchar(Cmd, 0) == 'h' || param_getchar(Cmd, 0)== 0x00) { + PrintAndLog("It loads datasamples from the file `filename`"); + PrintAndLog("Usage: hf legic load "); + PrintAndLog(" sample: hf legic load filename"); + return 0; + } + + len = strlen(Cmd); + if (len > FILE_PATH_SIZE) { + PrintAndLog("Filepath too long (was %s bytes), max allowed is %s ", len, FILE_PATH_SIZE); + return 0; + } + memcpy(filename, Cmd, len); + + FILE *f = fopen(filename, "r"); + if(!f) { + PrintAndLog("couldn't open '%s'", Cmd); + return -1; + } + char line[80]; int offset = 0; unsigned int data[8]; + while(fgets(line, sizeof(line), f)) { + int res = sscanf(line, "%x %x %x %x %x %x %x %x", + &data[0], &data[1], &data[2], &data[3], + &data[4], &data[5], &data[6], &data[7]); + if(res != 8) { + PrintAndLog("Error: could not read samples"); + fclose(f); + return -1; + } + UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}}; + int j; for(j = 0; j < 8; j++) { + c.d.asBytes[j] = data[j]; + } + SendCommand(&c); + WaitForResponse(CMD_ACK, NULL); + offset += 8; + } + fclose(f); + PrintAndLog("loaded %u samples", offset); + return 0; +} + +int CmdLegicSave(const char *Cmd) +{ + int requested = 1024; + int offset = 0; + int delivered = 0; + char filename[FILE_PATH_SIZE]; + uint8_t got[1024]; + + sscanf(Cmd, " %s %i %i", filename, &requested, &offset); + + /* If no length given save entire legic read buffer */ + /* round up to nearest 8 bytes so the saved data can be used with legicload */ + if (requested == 0) { + requested = 1024; + } + if (requested % 8 != 0) { + int remainder = requested % 8; + requested = requested + 8 - remainder; + } + if (offset + requested > sizeof(got)) { + PrintAndLog("Tried to read past end of buffer, + > 1024"); + return 0; + } + + FILE *f = fopen(filename, "w"); + if(!f) { + PrintAndLog("couldn't open '%s'", Cmd+1); + return -1; + } + + GetFromBigBuf(got,requested,offset); + WaitForResponse(CMD_ACK,NULL); + + for (int j = 0; j < requested; j += 8) { + fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n", + got[j+0], + got[j+1], + got[j+2], + got[j+3], + got[j+4], + got[j+5], + got[j+6], + got[j+7] + ); + delivered += 8; + if (delivered >= requested) + break; + } + + fclose(f); + PrintAndLog("saved %u samples", delivered); + return 0; +} + +int CmdLegicRfSim(const char *Cmd) +{ + UsbCommand c={CMD_SIMULATE_TAG_LEGIC_RF}; + c.arg[0] = 6; + c.arg[1] = 3; + c.arg[2] = 0; + sscanf(Cmd, " %" SCNi64 " %" SCNi64 " %" SCNi64, &c.arg[0], &c.arg[1], &c.arg[2]); + SendCommand(&c); + return 0; +} + +int CmdLegicRfWrite(const char *Cmd) +{ + UsbCommand c={CMD_WRITER_LEGIC_RF}; + int res = sscanf(Cmd, " 0x%" SCNx64 " 0x%" SCNx64, &c.arg[0], &c.arg[1]); + if(res != 2) { + PrintAndLog("Please specify the offset and length as two hex strings"); + return -1; + } + SendCommand(&c); + return 0; +} + +int CmdLegicRfFill(const char *Cmd) +{ + UsbCommand cmd ={CMD_WRITER_LEGIC_RF}; + int res = sscanf(Cmd, " 0x%" SCNx64 " 0x%" SCNx64 " 0x%" SCNx64, &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]); + if(res != 3) { + PrintAndLog("Please specify the offset, length and value as two hex strings"); + return -1; + } + + int i; + UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}}; + for(i = 0; i < 48; i++) { + c.d.asBytes[i] = cmd.arg[2]; + } + for(i = 0; i < 22; i++) { + c.arg[0] = i*48; + SendCommand(&c); + WaitForResponse(CMD_ACK,NULL); + } + SendCommand(&cmd); + return 0; + } +