X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/c71c5ee1567c08b9819b3e9733ccb81e875bfca3..44d9c722f0d3ba31d53ecb3f6af8be0e878ed769:/client/cmdhflegic.c diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c index 39c64921..f0fb12be 100644 --- a/client/cmdhflegic.c +++ b/client/cmdhflegic.c @@ -11,7 +11,6 @@ static int CmdHelp(const char *Cmd); -#define SESSION_IV 0x55 #define MAX_LENGTH 1024 int usage_legic_calccrc8(void){ @@ -47,7 +46,7 @@ int usage_legic_read(void){ PrintAndLog(" h : this help"); PrintAndLog(" : offset in data array to start download from"); PrintAndLog(" : number of bytes to download"); - PrintAndLog(" : (optional) Initialization vector to use"); + PrintAndLog(" : (optional) Initialization vector to use (ODD and 7bits)"); PrintAndLog(""); PrintAndLog("Samples:"); PrintAndLog(" hf legic read"); @@ -65,7 +64,7 @@ int usage_legic_write(void){ PrintAndLog(" h : this help"); PrintAndLog(" : offset in data array to start writing from"); PrintAndLog(" : number of bytes to write"); - PrintAndLog(" : (optional) Initialization vector to use"); + PrintAndLog(" : (optional) Initialization vector to use (ODD and 7bits)"); PrintAndLog(""); PrintAndLog("Samples:"); PrintAndLog(" hf legic write"); @@ -79,7 +78,7 @@ int usage_legic_rawwrite(void){ PrintAndLog(" h : this help"); PrintAndLog("
: address to write to"); PrintAndLog(" : value to write"); - PrintAndLog(" : (optional) Initialization vector to use"); + PrintAndLog(" : (optional) Initialization vector to use (ODD and 7bits)"); PrintAndLog(""); PrintAndLog("Samples:"); PrintAndLog(" hf legic writeraw"); @@ -90,7 +89,16 @@ int usage_legic_fill(void){ PrintAndLog("Missing help text."); return 0; } - +int usage_legic_info(void){ + PrintAndLog("Read info from a legic tag."); + PrintAndLog("Usage: hf legic info [h]"); + PrintAndLog("Options:"); + PrintAndLog(" h : this help"); + PrintAndLog(""); + PrintAndLog("Samples:"); + PrintAndLog(" hf legic info"); + return 0; +} /* * Output BigBuf and deobfuscate LEGIC RF tag data. * This is based on information given in the talk held @@ -101,12 +109,11 @@ int CmdLegicDecode(const char *Cmd) { int i = 0, k = 0, segmentNum = 0, segment_len = 0, segment_flag = 0; int crc = 0, wrp = 0, wrc = 0; uint8_t stamp_len = 0; - uint8_t data_buf[1052]; // receiver buffer + uint8_t data_buf[1024]; // receiver buffer char token_type[5] = {0,0,0,0,0}; int dcf = 0; int bIsSegmented = 0; - // download EML memory, where the "legic read" command puts the data. // copy data from proxmark into buffer GetFromBigBuf(data_buf,sizeof(data_buf),0); if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){ @@ -383,23 +390,53 @@ int CmdLegicDecode(const char *Cmd) { int CmdLegicRFRead(const char *Cmd) { // params: - // offset in data - // number of bytes. + // offset in data memory + // number of bytes to read char cmdp = param_getchar(Cmd, 0); if ( cmdp == 'H' || cmdp == 'h' ) return usage_legic_read(); - uint32_t offset = 0, len = 0, IV = 0; + uint32_t offset = 0, len = 0, IV = 1; sscanf(Cmd, "%x %x %x", &offset, &len, &IV); // OUT-OF-BOUNDS check - if(len + offset > MAX_LENGTH) len = MAX_LENGTH - offset; + if ( len + offset > MAX_LENGTH ) { + len = MAX_LENGTH - offset; + PrintAndLog("Out-of-bound, shorten len to %d", len); + } - IV &= 0x7F; - PrintAndLog("Current IV: 0x%02x", IV); + if ( (IV & 0x7F) != IV ){ + IV &= 0x7F; + PrintAndLog("Truncating IV to 7bits"); + } + + if ( (IV & 1) == 0 ){ + IV |= 0x01; + PrintAndLog("LSB of IV must be SET"); + } + + //PrintAndLog("Using IV: 0x%02x | Offset: 0x%02x | Len: 0x%02x ", IV, offset, len); - UsbCommand c= {CMD_READER_LEGIC_RF, {offset, len, IV}}; + UsbCommand c = {CMD_READER_LEGIC_RF, {offset, len, IV}}; clearCommandBuffer(); SendCommand(&c); + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + uint8_t isOK = resp.arg[0] & 0xFF; + uint16_t len = resp.arg[1] & 0x3FF; + if ( isOK ) { + PrintAndLog("use 'hf legic decode'"); + + uint8_t *data = resp.d.asBytes; + PrintAndLog("\nData |"); + PrintAndLog("-----------------------------"); + PrintAndLog(" %s|\n", sprint_hex(data, len)); + } else { + PrintAndLog("failed reading tag"); + } + } else { + PrintAndLog("command execution time out"); + return 1; + } return 0; } @@ -553,7 +590,7 @@ int CmdLegicRfWrite(const char *Cmd) { char cmdp = param_getchar(Cmd, 0); if ( cmdp == 'H' || cmdp == 'h' ) return usage_legic_write(); - uint32_t offset = 0, len = 0, IV = SESSION_IV; + uint32_t offset = 0, len = 0, IV = 0; UsbCommand c = {CMD_WRITER_LEGIC_RF, {0,0,0}}; int res = sscanf(Cmd, "%x %x %x", &offset, &len, &IV); @@ -565,8 +602,15 @@ int CmdLegicRfWrite(const char *Cmd) { // OUT-OF-BOUNDS check if(len + offset > MAX_LENGTH) len = MAX_LENGTH - offset; + if ( (IV & 0x7F) != IV ){ + IV &= 0x7F; + PrintAndLog("Truncating IV to 7bits"); + } + if ( (IV & 1) == 0 ){ + IV |= 0x01; // IV must be odd + PrintAndLog("LSB of IV must be SET"); + } - IV &= 0x7F; PrintAndLog("Current IV: 0x%02x", IV); c.arg[0] = offset; @@ -583,7 +627,7 @@ int CmdLegicRfRawWrite(const char *Cmd) { char cmdp = param_getchar(Cmd, 0); if ( cmdp == 'H' || cmdp == 'h' ) return usage_legic_rawwrite(); - uint32_t address = 0, data = 0, IV = SESSION_IV; + uint32_t address = 0, data = 0, IV = 0; char answer; UsbCommand c = { CMD_RAW_WRITER_LEGIC_RF, {0,0,0} }; @@ -595,7 +639,14 @@ int CmdLegicRfRawWrite(const char *Cmd) { if(address > MAX_LENGTH) return usage_legic_rawwrite(); - IV &= 0x7F; + if ( (IV & 0x7F) != IV ){ + IV &= 0x7F; + PrintAndLog("Truncating IV to 7bits"); + } + if ( (IV & 1) == 0 ){ + IV |= 0x01; // IV must be odd + PrintAndLog("LSB of IV must be SET"); + } PrintAndLog("Current IV: 0x%02x", IV); c.arg[0] = address; @@ -644,6 +695,37 @@ int CmdLegicRfFill(const char *Cmd) { return 0; } +void static calc4(uint8_t *cmd, uint8_t len){ + crc_t crc; + //crc_init_ref(&crc, 4, 0x19 >> 1, 0x5, 0, TRUE, TRUE); + crc_init(&crc, 4, 0x19 >> 1, 0x5, 0); + + crc_clear(&crc); + crc_update(&crc, 1, 1); /* CMD_READ */ + crc_update(&crc, cmd[0], 8); + crc_update(&crc, cmd[1], 8); + printf("crc4 %X\n", reflect(crc_finish(&crc), 4) ) ; + + crc_clear(&crc); + crc_update(&crc, 1, 1); /* CMD_READ */ + crc_update(&crc, cmd[0], 8); + crc_update(&crc, cmd[1], 8); + printf("crc4 %X\n", crc_finish(&crc) ) ; + + printf("---- old ---\n"); + crc_update2(&crc, 1, 1); /* CMD_READ */ + crc_update2(&crc, cmd[0], 8); + crc_update2(&crc, cmd[1], 8); + printf("crc4 %X \n", reflect(crc_finish(&crc), 4) ) ; + + + crc_clear(&crc); + crc_update2(&crc, 1, 1); /* CMD_READ */ + crc_update2(&crc, cmd[0], 8); + crc_update2(&crc, cmd[1], 8); + printf("crc4 %X\n", crc_finish(&crc) ) ; +} + int CmdLegicCalcCrc8(const char *Cmd){ uint8_t *data = NULL; @@ -719,10 +801,13 @@ int CmdLegicCalcCrc8(const char *Cmd){ switch (type){ case 16: - PrintAndLog("LEGIC CRC16: %X", CRC16Legic(data, len, uidcrc)); + PrintAndLog("Legic crc16: %X", CRC16Legic(data, len, uidcrc)); + break; + case 4: + calc4(data, 0); break; default: - PrintAndLog("LEGIC CRC8: %X", CRC8Legic(data, len) ); + PrintAndLog("Legic crc8: %X", CRC8Legic(data, len) ); break; } @@ -730,6 +815,46 @@ int CmdLegicCalcCrc8(const char *Cmd){ return 0; } +int HFLegicInfo(const char *Cmd, bool verbose) { + + char cmdp = param_getchar(Cmd, 0); + if ( cmdp == 'H' || cmdp == 'h' ) return usage_legic_info(); + + UsbCommand c = {CMD_LEGIC_INFO, {0,0,0}}; + clearCommandBuffer(); + SendCommand(&c); + UsbCommand resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 500)) { + if ( verbose ) PrintAndLog("command execution time out"); + return 1; + } + + uint8_t isOK = resp.arg[0] & 0xFF; + if ( !isOK ) { + if ( verbose ) PrintAndLog("legic card select failed"); + return 1; + } + + legic_card_select_t card; + memcpy(&card, (legic_card_select_t *)resp.d.asBytes, sizeof(legic_card_select_t)); + + PrintAndLog(" UID : %s", sprint_hex(card.uid, sizeof(card.uid))); + switch(card.cardsize) { + case 22: + case 256: + case 1024: + PrintAndLog(" TYPE : MIM%d card (%d bytes)", card.cardsize, card.cardsize); break; + default: { + PrintAndLog("Unknown card format: %d", card.cardsize); + return 1; + } + } + return 0; +} +int CmdLegicInfo(const char *Cmd){ + return HFLegicInfo(Cmd, TRUE); +} + static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"decode", CmdLegicDecode, 0, "Display deobfuscated and decoded LEGIC RF tag data (use after hf legic reader)"}, @@ -741,6 +866,7 @@ static command_t CommandTable[] = { {"writeraw",CmdLegicRfRawWrite, 0, "
-- Write direct to address"}, {"fill", CmdLegicRfFill, 0, " -- Fill/Write tag with constant value"}, {"crc8", CmdLegicCalcCrc8, 1, "Calculate Legic CRC8 over given hexbytes"}, + {"info", CmdLegicInfo, 1, "Information"}, {NULL, NULL, 0, NULL} };