From: iceman1001 <iceman@iuse.se>
Date: Thu, 25 Feb 2016 16:49:48 +0000 (+0100)
Subject: ADD:  added some pyramid commands.  //not finished.
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/71cb7328e3f65b7245ab8d38c6f9351d28f46658

ADD:  added some pyramid commands.  //not finished.
---

diff --git a/client/Makefile b/client/Makefile
index afb06c87..eabe0d38 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -134,7 +134,8 @@ CMDSRCS = 	nonce2key/crapto1.c\
 			prng.c\
 			radixsort.c\
 			bucketsort.c\
-			cmdlfpresco.c
+			cmdlfpresco.c\
+			cmdlfpyramid.c
 
 ZLIBSRCS = deflate.c adler32.c trees.c zutil.c inflate.c inffast.c inftrees.c
 ZLIB_FLAGS = -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED 
diff --git a/client/cmddata.c b/client/cmddata.c
index 2c12e2bb..9b893328 100644
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -1410,7 +1410,7 @@ int CmdFSKdemodPyramid(const char *Cmd)
 	// s = format start bit, o = odd parity of last 7 bits
 	// f = facility code, c = card number
 	// w = wiegand parity, x = extra space for other formats
-	// p = unknown checksum
+	// p = CRC8maxim checksum
 	// (26 bit format shown)
 
 	//get bytes for checksum calc
@@ -1457,38 +1457,36 @@ int CmdFSKdemodPyramid(const char *Cmd)
 	// s = format start bit, o = odd parity of last 7 bits
 	// f = facility code, c = card number
 	// w = wiegand parity, x = extra space for other formats
-	// p = unknown checksum
+	// p = CRC8-Maxim checksum
 	// (26 bit format shown)
 
 	//find start bit to get fmtLen
 	int j;
-	for (j=0; j<size; j++){
+	for (j=0; j < size; ++j){
 		if(BitStream[j]) break;
 	}
+	
 	uint8_t fmtLen = size-j-8;
 	uint32_t fc = 0;
 	uint32_t cardnum = 0;
 	uint32_t code1 = 0;
-	if (fmtLen==26){
+	
+	if ( fmtLen == 26 ){
 		fc = bytebits_to_byte(BitStream+73, 8);
 		cardnum = bytebits_to_byte(BitStream+81, 16);
 		code1 = bytebits_to_byte(BitStream+72,fmtLen);
 		PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo);
-	} else if (fmtLen==45){
-		fmtLen=42; //end = 10 bits not 7 like 26 bit fmt
+	} else if (fmtLen == 45) {
+		fmtLen = 42; //end = 10 bits not 7 like 26 bit fmt
 		fc = bytebits_to_byte(BitStream+53, 10);
 		cardnum = bytebits_to_byte(BitStream+63, 32);
 		PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo);
 	} else {
 		cardnum = bytebits_to_byte(BitStream+81, 16);
-		if (fmtLen>32){
-			//code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen-32);
-			//code2 = bytebits_to_byte(BitStream+(size-32),32);
+		if (fmtLen > 32)
 			PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo);
-		} else{
-			//code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen);
+		else
 			PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo);
-		}
 	}
 	if (checksum == checkCS)
 		PrintAndLog("Checksum %02x passed", checksum);
diff --git a/client/cmdlf.c b/client/cmdlf.c
index 8166f525..8363d253 100644
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@@ -32,6 +32,7 @@
 #include "lfdemod.h"
 #include "cmdlfviking.h"
 #include "cmdlfpresco.h"
+#include "cmdlfpyramid.h"
 static int CmdHelp(const char *Cmd);
 
 int usage_lf_cmdread(void) {
@@ -1217,6 +1218,7 @@ static command_t CommandTable[] =
 	{"io",			CmdLFIO,			1, "{ IOPROX RFIDs... }"},
 	{"pcf7931",     CmdLFPCF7931,       1, "{ PCF7931 RFIDs... }"},
 	{"presco",      CmdLFPresco,        1, "{ Presco RFIDs... }"},
+	{"pyramid",		CmdLFPyramid,       1, "{ Farepointe/Pyramid RFIDs... }"},	
 	{"ti",          CmdLFTI,            1, "{ TI RFIDs... }"},
 	{"t55xx",       CmdLFT55XX,         1, "{ T55xx RFIDs... }"},
 	{"viking",      CmdLFViking,        1, "{ Viking RFIDs... }"},
diff --git a/client/cmdlfawid.c b/client/cmdlfawid.c
index d98dee4f..6349fec7 100644
--- a/client/cmdlfawid.c
+++ b/client/cmdlfawid.c
@@ -44,8 +44,8 @@ int usage_lf_awid_sim(void) {
 	PrintAndLog("");
 	PrintAndLog("Usage:  lf awid sim <Facility-Code> <Card-Number>");
 	PrintAndLog("Options :");
-	PrintAndLog("  <Facility-Code> :  8-bit value AWID facility code");
-	PrintAndLog("  <Card Number>   : 16-bit value AWID card number");
+	PrintAndLog("  <Facility-Code> :  8-bit value facility code");
+	PrintAndLog("  <Card Number>   : 16-bit value card number");
 	PrintAndLog("");
 	PrintAndLog("Sample : lf awid sim 224 1337");
 	return 0;
@@ -58,8 +58,8 @@ int usage_lf_awid_clone(void) {
 	PrintAndLog("");
 	PrintAndLog("Usage:  lf awid clone <Facility-Code> <Card-Number>");
 	PrintAndLog("Options :");
-	PrintAndLog("  <Facility-Code> : 8-bit value AWID facility code");
-	PrintAndLog("  <Card Number>   : 16-bit value AWID card number");
+	PrintAndLog("  <Facility-Code> : 8-bit value facility code");
+	PrintAndLog("  <Card Number>   : 16-bit value card number");
 	PrintAndLog("  Q5              : optional - clone to Q5 (T5555) instead of T55x7 chip");
 	PrintAndLog("");
 	PrintAndLog("Sample  : lf awid clone 224 1337");
@@ -73,7 +73,7 @@ int usage_lf_awid_brute(void){
 	PrintAndLog("");
 	PrintAndLog("Usage:  lf awid brute <Facility-Code>");
 	PrintAndLog("Options :");
-	PrintAndLog("  <Facility-Code> :  8-bit value AWID facility code");
+	PrintAndLog("  <Facility-Code> :  8-bit value facility code");
 	PrintAndLog("");
 	PrintAndLog("Sample  : lf awid brute 224");
 	return 0;
diff --git a/client/cmdlfpyramid.c b/client/cmdlfpyramid.c
new file mode 100644
index 00000000..23c44059
--- /dev/null
+++ b/client/cmdlfpyramid.c
@@ -0,0 +1,187 @@
+//-----------------------------------------------------------------------------
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Low frequency Farpoint / Pyramid tag commands
+//-----------------------------------------------------------------------------
+#include <string.h>
+#include <inttypes.h>
+#include "cmdlfpyramid.h"
+static int CmdHelp(const char *Cmd);
+
+int usage_lf_pyramid_clone(void){
+	PrintAndLog("clone a Farepointe/Pyramid tag to a T55x7 tag.");
+	PrintAndLog("Per pyramid format, the facility-code is 8-bit and the card number is 16-bit.  Larger values are truncated.");
+	PrintAndLog("");
+	PrintAndLog("Usage: lf pyramid clone <Facility-Code> <Card-Number>");
+	PrintAndLog("Options :");
+	PrintAndLog("  <Facility-Code> :  8-bit value facility code");
+	PrintAndLog("  <Card Number>   : 16-bit value card number");
+	PrintAndLog("");
+	PrintAndLog("Sample  : lf pyramid clone 123 11223");
+	return 0;
+}
+
+int usage_lf_pyramid_sim(void) {
+	PrintAndLog("Enables simulation of Farepointe/Pyramid card with specified card number.");
+	PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
+	PrintAndLog("Per pyramid format, the facility-code is 8-bit and the card number is 16-bit.  Larger values are truncated.");
+	PrintAndLog("");
+	PrintAndLog("Usage:  lf pyramid sim <Card-Number>");
+	PrintAndLog("Options :");
+	PrintAndLog("  <Facility-Code> :  8-bit value facility code");
+	PrintAndLog("  <Card Number>   : 16-bit value card number");
+	PrintAndLog("");
+	PrintAndLog("Sample  : lf pyramid sim 123 11223");
+	return 0;
+}
+
+// calc checksum
+int GetWiegandFromPyramid(const char *id, uint32_t *fc, uint32_t *cn) {
+	return 0;
+}
+
+int GetPyramidBits(uint32_t fc, uint32_t cn, uint8_t *pyramidBits) {
+
+	uint8_t pre[128];
+	memset(pre, 0x00, sizeof(pre));
+
+	// add preamble
+	pyramidBits[7]=1;
+	num_to_bytebits(26, 8, pre);
+
+	// get wiegand
+	uint8_t wiegand[24];
+	num_to_bytebits(fc, 8, wiegand);
+	num_to_bytebits(cn, 16, wiegand+8);
+
+	// add wiegand parity bits
+	wiegand_add_parity(pre+8, wiegand, 24);
+
+	// add paritybits	
+	addParity(pre, pyramidBits+8, 66, 4, 1);
+	
+	// add checksum		
+	// this is wrong.
+	uint32_t crc = CRC8Maxim(wiegand, 13);
+	num_to_bytebits(crc, 8, pre+120);
+	
+	return 1;
+}
+
+int CmdPyramidRead(const char *Cmd) {
+	// read lf silently
+	CmdLFRead("s");
+	// get samples silently
+	getSamples("30000",false);
+	// demod and output Pyramid ID	
+	return CmdFSKdemodPyramid("");
+}
+
+int CmdPyramidClone(const char *Cmd) {
+
+	char cmdp = param_getchar(Cmd, 0);
+	if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_pyramid_clone();
+
+	uint32_t facilitycode=0, cardnumber=0;
+	uint8_t bits[128];
+	uint8_t *bs = bits;
+	memset(bs,0,sizeof(bits));
+	//Pyramid - compat mode, FSK2a, data rate 50, 4 data blocks
+	uint32_t blocks[5] = {T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_50 | 4<<T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0};
+	
+//	if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
+//		blocks[0] = T5555_MODULATION_FSK2 | 50<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT;
+
+	// get wiegand from printed number.
+	GetWiegandFromPyramid(Cmd, &facilitycode, &cardnumber);
+	
+	if ((facilitycode & 0xFF) != facilitycode) {
+		facilitycode &= 0xFF;
+		PrintAndLog("Facility Code Truncated to 8-bits (Pyramid): %u", facilitycode);
+	}
+
+	if ((cardnumber & 0xFFFF) != cardnumber) {
+		cardnumber &= 0xFFFF;
+		PrintAndLog("Card Number Truncated to 16-bits (Pyramid): %u", cardnumber);
+	}
+	
+	if ( !GetPyramidBits(facilitycode, cardnumber, bs)) {
+		PrintAndLog("Error with tag bitstream generation.");
+		return 1;
+	}	
+
+	blocks[1] = bytebits_to_byte(bs,32);
+	blocks[2] = bytebits_to_byte(bs+32,32);
+	blocks[3] = bytebits_to_byte(bs+64,32);
+	blocks[4] = bytebits_to_byte(bs+96,32);
+
+	PrintAndLog("Preparing to clone Farepointe/Pyramid to T55x7 with Facility Code: %u, Card Number: %u", facilitycode, cardnumber);
+	PrintAndLog("Blk | Data ");
+	PrintAndLog("----+------------");
+	for ( uint8_t i=0; i<5; ++i )
+		PrintAndLog(" %02d | 0x%08x",i , blocks[i]);
+	
+	UsbCommand resp;
+	//UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
+
+	for ( uint8_t i=0; i<5; ++i ) {
+		//c.arg[0] = blocks[i];
+		//c.arg[1] = i;
+		clearCommandBuffer();
+		// SendCommand(&c);
+		if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
+			PrintAndLog("Error occurred, device did not respond during write operation.");
+			return -1;
+		}
+	}
+    return 0;
+}
+
+int CmdPyramidSim(const char *Cmd) {
+	// uint32_t id = 0;
+	// uint64_t rawID = 0;
+	// uint8_t clk = 50, encoding = 1, separator = 0, invert = 0;
+
+	char cmdp = param_getchar(Cmd, 0);
+	if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_pyramid_sim();
+
+	// id = param_get32ex(Cmd, 0, 0, 16);
+	// if (id == 0) return usage_lf_pyramid_sim();
+
+	//rawID = getPyramidBits(id);
+
+	// uint16_t arg1, arg2;
+	// size_t size = 64;
+	// arg1 = clk << 8 | encoding;
+	// arg2 = invert << 8 | separator;
+
+	// PrintAndLog("Simulating - ID: %08X, Raw: %08X%08X",id,(uint32_t)(rawID >> 32),(uint32_t) (rawID & 0xFFFFFFFF));
+	
+	// UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, size}};
+	// num_to_bytebits(rawID, size, c.d.asBytes);
+	// clearCommandBuffer();
+	// SendCommand(&c);
+	return 0;
+}
+
+static command_t CommandTable[] = {
+    {"help",	CmdHelp,		1, "This help"},
+	{"read",	CmdPyramidRead,  0, "Attempt to read and extract tag data"},
+	{"clone",	CmdPyramidClone, 0, "<Facility-Code> <Card Number>  clone pyramid tag"},
+	{"sim",		CmdPyramidSim,   0, "<Facility-Code> <Card Number>  simulate pyramid tag"},
+    {NULL, NULL, 0, NULL}
+};
+
+int CmdLFPyramid(const char *Cmd) {
+	clearCommandBuffer();
+    CmdsParse(CommandTable, Cmd);
+    return 0;
+}
+
+int CmdHelp(const char *Cmd) {
+    CmdsHelp(CommandTable);
+    return 0;
+}
diff --git a/client/cmdlfpyramid.h b/client/cmdlfpyramid.h
new file mode 100644
index 00000000..75d3fe69
--- /dev/null
+++ b/client/cmdlfpyramid.h
@@ -0,0 +1,32 @@
+//-----------------------------------------------------------------------------
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Low frequency T55xx commands
+//-----------------------------------------------------------------------------
+#ifndef CMDLFPYRAMID_H__
+#define CMDLFPYRAMID_H__
+#include "proxmark3.h"
+#include "ui.h"
+#include "util.h"
+#include "graph.h"
+#include "cmdparser.h"
+#include "cmddata.h"
+#include "cmdmain.h"
+#include "cmdlf.h"
+#include "protocols.h"  // for T55xx config register definitions
+#include "lfdemod.h"    // parityTest
+#include "crc.h"
+
+int CmdLFPyramid(const char *Cmd);
+int CmdPyramidClone(const char *Cmd);
+int CmdPyramidSim(const char *Cmd);
+
+int usage_lf_pyramid_clone(void);
+int usage_lf_pyramid_sim(void);
+
+int GetWiegandFromPyramid(const char *id, uint32_t *sitecode, uint32_t *usercode);
+#endif
+