#define RWD_TIME_1 120 // READER_TIME_PAUSE 20us off, 80us on = 100us 80 * 1.5 == 120ticks
#define RWD_TIME_0 60 // READER_TIME_PAUSE 20us off, 40us on = 60us 40 * 1.5 == 60ticks
#define RWD_TIME_PAUSE 30 // 20us == 20 * 1.5 == 30ticks */
-#define TAG_BIT_PERIOD 142 // 100us == 100 * 1.5 == 150ticks
+#define TAG_BIT_PERIOD 143 // 100us == 100 * 1.5 == 150ticks
#define TAG_FRAME_WAIT 495 // 330us from READER frame end to TAG frame start. 330 * 1.5 == 495
#define RWD_TIME_FUZZ 20 // rather generous 13us, since the peak detector + hysteresis fuzz quite a bit
//FIXED time between sending frame and now listening frame. 330us
uint32_t starttime = GET_TICKS;
// its about 9+9 ticks delay from end-send to here.
- //WaitTicks( 495 - 9 - 9 );
WaitTicks( 477 );
next_bit_at = GET_TICKS + TAG_BIT_PERIOD;
WDT_HIT();
switch_off_tag_rwd();
LEDsoff();
- cmd_send(CMD_ACK,isOK,len,0,cardmem,len);
+ cmd_send(CMD_ACK, isOK, len, 0, cardmem, len);
return 0;
}
PrintAndLog("Usage: hf legic read [h] <offset> <length> <IV>");
PrintAndLog("Options:");
PrintAndLog(" h : this help");
- PrintAndLog(" <offset> : offset in data array to start download from");
- PrintAndLog(" <length> : number of bytes to download");
- PrintAndLog(" <IV> : (optional) Initialization vector to use (ODD and 7bits)");
+ PrintAndLog(" <offset> : offset in data array to start download from (hex)");
+ PrintAndLog(" <length> : number of bytes to read (hex)");
+ PrintAndLog(" <IV> : (optional) Initialization vector to use (hex, odd and 7bits)");
PrintAndLog("");
PrintAndLog("Samples:");
- PrintAndLog(" hf legic read");
- PrintAndLog(" hf legic read 10 4");
+ PrintAndLog(" hf legic read 0 21 - reads from byte[0] 21 bytes(system header)");
+ PrintAndLog(" hf legic read 0 4 55 - reads from byte[0] 4 bytes with IV 0x55");
+ PrintAndLog(" hf legic read 0 100 55 - reads 256bytes with IV 0x55");
return 0;
}
int usage_legic_sim(void){
PrintAndLog("Usage: hf legic write [h] <offset> <length> <IV>");
PrintAndLog("Options:");
PrintAndLog(" h : this help");
- PrintAndLog(" <offset> : offset in data array to start writing from");
- PrintAndLog(" <length> : number of bytes to write");
+ PrintAndLog(" <offset> : offset in data array to start writing from (hex)");
+ PrintAndLog(" <length> : number of bytes to write (hex)");
PrintAndLog(" <IV> : (optional) Initialization vector to use (ODD and 7bits)");
PrintAndLog("");
PrintAndLog("Samples:");
- PrintAndLog(" hf legic write");
- PrintAndLog(" hf legic write 10 4");
+ PrintAndLog(" hf legic write 10 4 - writes 0x4 to byte[0x10]");
return 0;
}
int usage_legic_rawwrite(void){
- PrintAndLog("Write raw data direct to a specific address on legic tag.");
- PrintAndLog("Usage: hf legic writeraw [h] <address> <value> <IV>");
+ PrintAndLog("Write raw data direct to a specific offset on legic tag.");
+ PrintAndLog("Usage: hf legic writeraw [h] <offset> <value> <IV>");
PrintAndLog("Options:");
PrintAndLog(" h : this help");
- PrintAndLog(" <address> : address to write to");
- PrintAndLog(" <value> : value to write");
- PrintAndLog(" <IV> : (optional) Initialization vector to use (ODD and 7bits)");
+ PrintAndLog(" <offset> : offset to write to (hex)");
+ PrintAndLog(" <value> : value (hex)");
+ PrintAndLog(" <IV> : (optional) Initialization vector to use (hex, odd and 7bits)");
PrintAndLog("");
PrintAndLog("Samples:");
- PrintAndLog(" hf legic writeraw");
- PrintAndLog(" hf legic writeraw 10 4");
+ PrintAndLog(" hf legic writeraw 10 4 - writes 0x4 to byte[0x10]");
return 0;
}
int usage_legic_fill(void){
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
uint8_t isOK = resp.arg[0] & 0xFF;
- uint16_t len = resp.arg[1] & 0x3FF;
+ uint16_t readlen = resp.arg[1] & 0x3FF;
if ( isOK ) {
- uint8_t *data = malloc(len);
+ uint8_t *data = malloc(readlen);
if ( !data ){
PrintAndLog("Cannot allocate memory");
return 2;
}
+
+ if ( readlen != len )
+ PrintAndLog("Fail, only managed to read 0x%02X bytes", readlen);
+
// copy data from device
- GetEMLFromBigBuf(data, len, 0);
+ GetEMLFromBigBuf(data, readlen, 0);
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2000)){
PrintAndLog("Command execute timeout");
if ( data )
PrintAndLog("\nData");
PrintAndLog("-----------------------------");
- print_hex_break( data, len, 32);
+ print_hex_break( data, readlen, 32);
} else {
PrintAndLog("failed reading tag");
}
char cmdp = param_getchar(Cmd, 0);
if ( cmdp == 'H' || cmdp == 'h' ) return usage_legic_rawwrite();
- uint32_t address = 0, data = 0, IV = 0;
+ uint32_t offset = 0, data = 0, IV = 0;
char answer;
- UsbCommand c = { CMD_RAW_WRITER_LEGIC_RF, {0,0,0} };
- int res = sscanf(Cmd, "%x %x %x", &address, &data, &IV);
+ int res = sscanf(Cmd, "%x %x %x", &offset, &data, &IV);
if(res < 2)
return usage_legic_rawwrite();
-
+
// OUT-OF-BOUNDS check
- if(address > MAX_LENGTH)
- return usage_legic_rawwrite();
+ if ( offset > MAX_LENGTH ) {
+ offset = MAX_LENGTH;
+ PrintAndLog("Out-of-bound, shorten len to %d", offset);
+ }
if ( (IV & 0x7F) != IV ){
IV &= 0x7F;
IV |= 0x01; // IV must be odd
PrintAndLog("LSB of IV must be SET");
}
- PrintAndLog("Current IV: 0x%02x", IV);
- c.arg[0] = address;
- c.arg[1] = data;
- c.arg[2] = IV;
+ UsbCommand c = { CMD_RAW_WRITER_LEGIC_RF, {offset, data, IV} };
if (c.arg[0] == 0x05 || c.arg[0] == 0x06) {
PrintAndLog("############# DANGER !! #############");
projects / proxmark3-svn / commitdiff