From 754a35e72bfe75868d7a824692fe980feedffb82 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Mon, 23 Mar 2015 17:11:45 +0100
Subject: [PATCH] ADD: added the ioprox checksum test to IOdemodFSK
MENTIONED HERE: http://www.proxmark.org/forum/viewtopic.php?id=364&p=6 ADD:
changed the layout of the HID descramble patterns a bit, and rearranged some
hex/dec outputs.
---
armsrc/lfops.c | 68 ++++++++++++++++++++++++++++++++++--------------
client/cmddata.c | 26 +++++++++++++-----
2 files changed, 68 insertions(+), 26 deletions(-)
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index aeb53cb1..7537d63f 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -912,6 +912,8 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
uint8_t version=0;
uint8_t facilitycode=0;
uint16_t number=0;
+ uint8_t crc = 0;
+ uint16_t calccrc = 0;
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
@@ -930,8 +932,17 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
//| | | | | | |
//01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
//-----------------------------------------------------------------------------
- //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11
+ //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 checksum 11
//
+ //Checksum:
+ //00000000 0 11110000 1 11100000 1 00000001 1 00000011 1 10110110 1 01110101 11
+ //preamble F0 E0 01 03 B6 75
+ // How to calc checksum,
+ // http://www.proxmark.org/forum/viewtopic.php?id=364&p=6
+ // F0 + E0 + 01 + 03 + B6 = 28A
+ // 28A & FF = 8A
+ // FF - 8A = 75
+ // Checksum: 0x75
//XSF(version)facility:codeone+codetwo
//Handle the data
if(findone){ //only print binary if we are doing one
@@ -949,7 +960,15 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
facilitycode = bytebits_to_byte(dest+idx+18,8) ;
number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
- Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
+ crc = bytebits_to_byte(dest+idx+54,8);
+ for (uint8_t i=1; i<6; ++i)
+ calccrc += bytebits_to_byte(dest+idx+9*i,8);
+ calccrc &= 0xff;
+ calccrc = 0xff - calccrc;
+
+ char *crcStr = (crc == calccrc) ? "ok":"!crc";
+
+ Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
// if we're only looking for one tag
if (findone){
if (ledcontrol) LED_A_OFF();
@@ -1041,6 +1060,12 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
// These timings work for 4469/4269/4305 (with the 55*8 above)
// WRITE_0 = 23*8 , 9*8 SpinDelayUs(23*8);
+// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
+// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
+// Hitag units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier)
+// T0 = TIMER_CLOCK1 / 125000 = 192
+// 1 Cycle = 8 microseconds(us)
+
#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
// Write one bit to card
@@ -1504,10 +1529,15 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int
int DemodPCF7931(uint8_t **outBlocks) {
- uint8_t BitStream[256] = {0x00};
- uint8_t Blocks[8][16];
+ uint8_t bits[256] = {0x00};
+ uint8_t blocks[8][16];
uint8_t *dest = BigBuf_get_addr();
- int GraphTraceLen = BigBuf_max_traceLen();
+
+ int GraphTraceLen = BigBuf_max_traceLen();
+ if ( GraphTraceLen > 18000 )
+ GraphTraceLen = 18000;
+
+
int i, j, lastval, bitidx, half_switch;
int clock = 64;
int tolerance = clock / 8;
@@ -1579,14 +1609,14 @@ int DemodPCF7931(uint8_t **outBlocks) {
block_done = 1;
}
else if(half_switch == 1) {
- BitStream[bitidx++] = 0;
+ bits[bitidx++] = 0;
half_switch = 0;
}
else
half_switch++;
} else if (abs(lc-clock) < tolerance) {
// 64TO
- BitStream[bitidx++] = 1;
+ bits[bitidx++] = 1;
} else {
// Error
warnings++;
@@ -1600,14 +1630,15 @@ int DemodPCF7931(uint8_t **outBlocks) {
if(block_done == 1) {
if(bitidx == 128) {
for(j=0; j<16; j++) {
- Blocks[num_blocks][j] = 128*BitStream[j*8+7]+
- 64*BitStream[j*8+6]+
- 32*BitStream[j*8+5]+
- 16*BitStream[j*8+4]+
- 8*BitStream[j*8+3]+
- 4*BitStream[j*8+2]+
- 2*BitStream[j*8+1]+
- BitStream[j*8];
+ blocks[num_blocks][j] = 128*bits[j*8+7]+
+ 64*bits[j*8+6]+
+ 32*bits[j*8+5]+
+ 16*bits[j*8+4]+
+ 8*bits[j*8+3]+
+ 4*bits[j*8+2]+
+ 2*bits[j*8+1]+
+ bits[j*8];
+
}
num_blocks++;
}
@@ -1616,17 +1647,14 @@ int DemodPCF7931(uint8_t **outBlocks) {
half_switch = 0;
}
if(i < GraphTraceLen)
- {
- if (dest[i-1] > dest[i]) dir=0;
- else dir = 1;
- }
+ dir =(dest[i-1] > dest[i]) ? 0 : 1;
}
if(bitidx==255)
bitidx=0;
warnings = 0;
if(num_blocks == 4) break;
}
- memcpy(outBlocks, Blocks, 16*num_blocks);
+ memcpy(outBlocks, blocks, 16*num_blocks);
return num_blocks;
}
diff --git a/client/cmddata.c b/client/cmddata.c
index 7c5a3c45..c83cf087 100644
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -297,7 +297,6 @@ void printEM410x(uint32_t hi, uint64_t id)
PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF));
PrintAndLog("DEZ 14/IK2 : %014lld",id);
PrintAndLog("DEZ 15/IK3 : %015lld",id2lo);
- PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld",
(id2lo & 0xf000000000) >> 36,
(id2lo & 0x0f00000000) >> 32,
@@ -310,10 +309,10 @@ void printEM410x(uint32_t hi, uint64_t id)
(id2lo & 0x00000000f0) >> 4,
(id2lo & 0x000000000f)
);
-
+ PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
PrintAndLog("");
uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00;
- PrintAndLog("Pattern Paxton : %0d", paxton);
+ PrintAndLog("Pattern Paxton : %lld (hex %08llX)", paxton, paxton);
uint32_t p1id = (id & 0xFFFFFF);
uint8_t arr[32] = {0x00};
@@ -354,12 +353,12 @@ void printEM410x(uint32_t hi, uint64_t id)
p1 |= arr[2] << 4;
p1 |= arr[1] << 5;
p1 |= arr[0] << 9;
- PrintAndLog("Pattern 1 : 0x%X - %d", p1, p1);
+ PrintAndLog("Pattern 1 : %d (hex %X)", p1, p1);
uint16_t sebury1 = id & 0xFFFF;
uint8_t sebury2 = (id >> 16) & 0x7F;
uint32_t sebury3 = id & 0x7FFFFF;
- PrintAndLog("Pattern Sebury : %d %d %d (hex: %X %X %X)", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3);
+ PrintAndLog("Pattern Sebury : %010d %03d %d (hex: %X %X %X)", sebury3, sebury2, sebury1, sebury3, sebury2, sebury1);
}
}
return;
@@ -1267,6 +1266,7 @@ int CmdFSKdemodHID(const char *Cmd)
if(fmtLen==34){
cardnum = (lo>>1)&0xFFFF;
fc= ((hi&1)<<15)|(lo>>17);
+ // this could also be QUADRAKEY. Uses 34bit HID.
}
if(fmtLen==35){
cardnum = (lo>>1)&0xFFFFF;
@@ -1413,7 +1413,21 @@ int CmdFSKdemodIO(const char *Cmd)
uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4
uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ;
uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9
- PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
+
+ uint8_t crc = bytebits_to_byte(BitStream+idx+54,8);
+ uint16_t calccrc = 0;
+
+ for (uint8_t i=1; i<6; ++i){
+ calccrc += bytebits_to_byte(BitStream+idx+9*i,8);
+ PrintAndLog("%d", calccrc);
+ }
+ calccrc &= 0xff;
+ calccrc = 0xff - calccrc;
+
+ char *crcStr = (crc == calccrc) ? "ok": "!crc";
+
+ PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr);
+
setDemodBuf(BitStream,64,idx);
if (g_debugMode){
PrintAndLog("DEBUG: idx: %d, Len: %d, Printing demod buffer:",idx,64);
--
2.39.5