X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/669c1b80c563bb9cb7eda52c6d01e720453d00b0..ea73261dc693f8504ef76653fc584d6c5ce2c76c:/client/cmdhflegic.c?ds=inline diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index cc4e0ff2..ebc75f79 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -1,32 +1,35 @@ +//----------------------------------------------------------------------------- +// Copyright (C) 2010 iZsh <izsh at fail0verflow.com> +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// High frequency Legic commands +//----------------------------------------------------------------------------- + #include <stdio.h> #include <string.h> -#include "proxusb.h" +//#include "proxusb.h" +#include "proxmark3.h" +#include "data.h" +#include "ui.h" #include "cmdparser.h" #include "cmdhflegic.h" #include "cmdmain.h" -#include "data.h" -#include "ui.h" -#include <string.h> -#include <stdio.h> static int CmdHelp(const char *Cmd); -int CmdLegicRFRead(const char *Cmd) -{ - int byte_count=0,offset=0; - sscanf(Cmd, "%i %i", &offset, &byte_count); - if(byte_count == 0) byte_count = 256; - if(byte_count + offset > 256) byte_count = 256 - offset; - UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}}; - SendCommand(&c); - return 0; -} - static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, - {"reader", CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"}, {"decode", CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"}, + {"reader", CmdLegicRFRead, 0, "[offset [length]] -- read bytes from a LEGIC card"}, + {"save", CmdLegicSave, 0, "<filename> [<length>] -- Store samples"}, + {"load", CmdLegicLoad, 0, "<filename> -- Restore samples"}, + {"sim", CmdLegicRfSim, 0, "[phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)"}, + {"write", CmdLegicRfWrite,0, "<offset> <length> -- Write sample buffer (user after load or read)"}, + {"fill", CmdLegicRfFill, 0, "<offset> <length> <value> -- Fill/Write tag with constant value"}, {NULL, NULL, 0, NULL} }; @@ -46,7 +49,6 @@ int CmdHelp(const char *Cmd) * Output BigBuf and deobfuscate LEGIC RF tag data. * This is based on information given in the talk held * by Henryk Ploetz and Karsten Nohl at 26c3 - * FIXME: will crash if sample buffer does not contain valid legic data */ int CmdLegicDecode(const char *Cmd) { @@ -68,7 +70,7 @@ int CmdLegicDecode(const char *Cmd) for (i = 0; i < 256; i += 12, h += 48) { UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {i, 0, 0}}; SendCommand(&c); - WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K); + WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, NULL); for (j = 0; j < 48; j += 8) { for (k = 0; k < 8; k++) { @@ -147,7 +149,7 @@ int CmdLegicDecode(const char *Cmd) PrintAndLog("\nADF: User Area"); - i = 22; + i = 22; for (n=0; n<64; n++) { segment_len = ((data_buf[i+1]^crc)&0x0f) * 256 + (data_buf[i]^crc); segment_flag = ((data_buf[i+1]^crc)&0xf0)>>4; @@ -175,7 +177,7 @@ int CmdLegicDecode(const char *Cmd) if (wrc>0) { PrintAndLog("WRC protected area:"); - for (k=0, j=0; k < wrc; k++, i++, j += 3) { + for (k=0, j=0; k < wrc && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -188,7 +190,7 @@ int CmdLegicDecode(const char *Cmd) if (wrp>wrc) { PrintAndLog("Remaining write protected area:"); - for (k=0, j=0; k < (wrp-wrc); k++, i++, j += 3) { + for (k=0, j=0; k < (wrp-wrc) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -203,7 +205,7 @@ int CmdLegicDecode(const char *Cmd) } PrintAndLog("Remaining segment payload:"); - for (k=0, j=0; k < (segment_len - wrp - 5); k++, i++, j += 3) { + for (k=0, j=0; k < (segment_len - wrp - 5) && j<(sizeof(out_string)-3); k++, i++, j += 3) { sprintf(&out_string[j], "%02x", (data_buf[i]^crc)); out_string[j+2] = ' '; }; @@ -218,3 +220,147 @@ int CmdLegicDecode(const char *Cmd) }; return 0; } + +int CmdLegicRFRead(const char *Cmd) +{ + int byte_count=0,offset=0; + sscanf(Cmd, "%i %i", &offset, &byte_count); + if(byte_count == 0) byte_count = -1; + if(byte_count + offset > 1024) byte_count = 1024 - offset; + UsbCommand c={CMD_READER_LEGIC_RF, {offset, byte_count, 0}}; + SendCommand(&c); + return 0; +} + +int CmdLegicLoad(const char *Cmd) +{ + FILE *f = fopen(Cmd, "r"); + if(!f) { + PrintAndLog("couldn't open '%s'", Cmd); + return -1; + } + char line[80]; int offset = 0; unsigned int data[8]; + while(fgets(line, sizeof(line), f)) { + int res = sscanf(line, "%x %x %x %x %x %x %x %x", + &data[0], &data[1], &data[2], &data[3], + &data[4], &data[5], &data[6], &data[7]); + if(res != 8) { + PrintAndLog("Error: could not read samples"); + fclose(f); + return -1; + } + UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}}; + int j; for(j = 0; j < 8; j++) { + c.d.asBytes[j] = data[j]; + } + SendCommand(&c); + WaitForResponse(CMD_ACK, NULL); + offset += 8; + } + fclose(f); + PrintAndLog("loaded %u samples", offset); + return 0; +} + +int CmdLegicSave(const char *Cmd) +{ + int n; + int requested = 1024; + int offset = 0; + char filename[1024]; + sscanf(Cmd, " %s %i %i", filename, &requested, &offset); + if (offset % 4 != 0) { + PrintAndLog("Offset must be a multiple of 4"); + return 0; + } + offset = offset/4; + + int delivered = 0; + + if (requested == 0) { + n = 12; + requested = 12; + } else { + n = requested/4; + } + + FILE *f = fopen(filename, "w"); + if(!f) { + PrintAndLog("couldn't open '%s'", Cmd+1); + return -1; + } + + for (int i = offset; i < n+offset; i += 12) { + UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {i, 0, 0}}; + SendCommand(&c); + WaitForResponse(CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K, NULL); + for (int j = 0; j < 48; j += 8) { + fprintf(f, "%02x %02x %02x %02x %02x %02x %02x %02x\n", + sample_buf[j+0], + sample_buf[j+1], + sample_buf[j+2], + sample_buf[j+3], + sample_buf[j+4], + sample_buf[j+5], + sample_buf[j+6], + sample_buf[j+7] + ); + delivered += 8; + if (delivered >= requested) + break; + } + if (delivered >= requested) + break; + } + + fclose(f); + PrintAndLog("saved %u samples", delivered); + return 0; +} + +int CmdLegicRfSim(const char *Cmd) +{ + UsbCommand c={CMD_SIMULATE_TAG_LEGIC_RF}; + c.arg[0] = 6; + c.arg[1] = 3; + c.arg[2] = 0; + sscanf(Cmd, " %"lli" %"lli" %"lli, &c.arg[0], &c.arg[1], &c.arg[2]); + SendCommand(&c); + return 0; +} + +int CmdLegicRfWrite(const char *Cmd) +{ + UsbCommand c={CMD_WRITER_LEGIC_RF}; + int res = sscanf(Cmd, " 0x%"llx" 0x%"llx, &c.arg[0], &c.arg[1]); + if(res != 2) { + PrintAndLog("Please specify the offset and length as two hex strings"); + return -1; + } + SendCommand(&c); + return 0; +} + +int CmdLegicRfFill(const char *Cmd) +{ + UsbCommand cmd ={CMD_WRITER_LEGIC_RF}; + int res = sscanf(Cmd, " 0x%"llx" 0x%"llx" 0x%"llx, &cmd.arg[0], &cmd.arg[1], &cmd.arg[2]); + if(res != 3) { + PrintAndLog("Please specify the offset, length and value as two hex strings"); + return -1; + } + + int i; + UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}}; + for(i = 0; i < 48; i++) { + c.d.asBytes[i] = cmd.arg[2]; + } + for(i = 0; i < 22; i++) { + c.arg[0] = i*48; + SendCommand(&c); + WaitForResponse(CMD_ACK,NULL); + } + SendCommand(&cmd); + return 0; + } +