From c3a15ba92f5799fbc8db36f7650726d4fc38f92b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 26 Feb 2017 22:01:38 +0100 Subject: [PATCH 01/16] FIX: should be defined earlier. --- client/whereami.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/client/whereami.c b/client/whereami.c index 48e87c7f..aa702adc 100644 --- a/client/whereami.c +++ b/client/whereami.c @@ -10,6 +10,8 @@ extern "C" { #endif +#define _DEFAULT_SOURCE + #if !defined(WAI_MALLOC) || !defined(WAI_FREE) || !defined(WAI_REALLOC) #include #endif @@ -160,7 +162,6 @@ int WAI_PREFIX(getModulePath)(char* out, int capacity, int* dirname_length) */ #elif defined(__linux__) -#define _DEFAULT_SOURCE #include #include #include -- 2.39.5 From 41611deef90f78c2ee5d20d78e9bd1c7f64d964b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 27 Feb 2017 14:04:50 +0100 Subject: [PATCH 02/16] CHG: some of @marshmellow42 's ref: https://github.com/marshmellow42/proxmark3/commit/2b11c7c75068f6e25da5cc4ed463ff78b2cc8900 CHG: `lf em 410x` - when demoded to all zeros, it wasn't printed so some noninitalized tags just gets a empty "found em410x tag" message. Hav'nt decided on how to go further with it. --- client/cmddata.c | 189 +++++++++++++++++++++++---------------------- client/cmdhf14a.c | 1 + client/cmdlf.c | 22 +++--- client/cmdlfem4x.c | 35 ++++----- 4 files changed, 126 insertions(+), 121 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 9e7fc8ed..74973b34 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -364,95 +364,98 @@ int CmdGetBitStream(const char *Cmd) //print 64 bit EM410x ID in multiple formats void printEM410x(uint32_t hi, uint64_t id) { - if (id || hi){ - uint64_t iii=1; - uint64_t id2lo=0; - uint32_t ii=0; - uint32_t i=0; - for (ii=5; ii>0;ii--){ - for (i=0;i<8;i++){ - id2lo=(id2lo<<1LL) | ((id & (iii << (i+((ii-1)*8)))) >> (i+((ii-1)*8))); - } + //if (!id && !hi) return; + + PrintAndLog("EM410x %s pattern found", (hi) ? "XL" : "" ); + + uint64_t iii=1; + uint64_t id2lo=0; + uint32_t ii=0; + uint32_t i=0; + for (ii=5; ii>0;ii--){ + for (i=0;i<8;i++){ + id2lo=(id2lo<<1LL) | ((id & (iii << (i+((ii-1)*8)))) >> (i+((ii-1)*8))); } - if (hi){ - //output 88 bit em id - PrintAndLog("\nEM TAG ID : %06X%016" PRIX64, hi, id); - } else{ - //output 40 bit em id - PrintAndLog("\nEM TAG ID : %010" PRIX64, id); - PrintAndLog("\nPossible de-scramble patterns"); - PrintAndLog("Unique TAG ID : %010" PRIX64, id2lo); - PrintAndLog("HoneyWell IdentKey {"); - PrintAndLog("DEZ 8 : %08" PRIu64, id & 0xFFFFFF); - PrintAndLog("DEZ 10 : %010" PRIu64, id & 0xFFFFFFFF); - PrintAndLog("DEZ 5.5 : %05" PRIu64 ".%05" PRIu64, (id>>16LL) & 0xFFFF, (id & 0xFFFF)); - PrintAndLog("DEZ 3.5A : %03" PRIu64 ".%05" PRIu64, (id>>32ll), (id & 0xFFFF)); - PrintAndLog("DEZ 3.5B : %03" PRIu64 ".%05" PRIu64, (id & 0xFF000000) >> 24, (id & 0xFFFF)); - PrintAndLog("DEZ 3.5C : %03" PRIu64 ".%05" PRIu64, (id & 0xFF0000) >> 16, (id & 0xFFFF)); - PrintAndLog("DEZ 14/IK2 : %014" PRIu64, id); - PrintAndLog("DEZ 15/IK3 : %015" PRIu64, id2lo); - PrintAndLog("DEZ 20/ZK : %02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64, - (id2lo & 0xf000000000) >> 36, - (id2lo & 0x0f00000000) >> 32, - (id2lo & 0x00f0000000) >> 28, - (id2lo & 0x000f000000) >> 24, - (id2lo & 0x0000f00000) >> 20, - (id2lo & 0x00000f0000) >> 16, - (id2lo & 0x000000f000) >> 12, - (id2lo & 0x0000000f00) >> 8, - (id2lo & 0x00000000f0) >> 4, - (id2lo & 0x000000000f) - ); - uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00; - PrintAndLog("}\nOther : %05" PRIu64 "_%03" PRIu64 "_%08" PRIu64, (id&0xFFFF), ((id>>16LL) & 0xFF), (id & 0xFFFFFF)); - PrintAndLog("Pattern Paxton : %" PRIu64 " [0x%" PRIX64 "]", paxton, paxton); - - uint32_t p1id = (id & 0xFFFFFF); - uint8_t arr[32] = {0x00}; - int i =0; - int j = 23; - for (; i < 24; ++i, --j ){ - arr[i] = (p1id >> i) & 1; - } - - uint32_t p1 = 0; - - p1 |= arr[23] << 21; - p1 |= arr[22] << 23; - p1 |= arr[21] << 20; - p1 |= arr[20] << 22; - - p1 |= arr[19] << 18; - p1 |= arr[18] << 16; - p1 |= arr[17] << 19; - p1 |= arr[16] << 17; - - p1 |= arr[15] << 13; - p1 |= arr[14] << 15; - p1 |= arr[13] << 12; - p1 |= arr[12] << 14; - - p1 |= arr[11] << 6; - p1 |= arr[10] << 2; - p1 |= arr[9] << 7; - p1 |= arr[8] << 1; - - p1 |= arr[7] << 0; - p1 |= arr[6] << 8; - p1 |= arr[5] << 11; - p1 |= arr[4] << 3; - - p1 |= arr[3] << 10; - p1 |= arr[2] << 4; - p1 |= arr[1] << 5; - p1 |= arr[0] << 9; - PrintAndLog("Pattern 1 : %d [0x%X]", p1, p1); - - uint16_t sebury1 = id & 0xFFFF; - uint8_t sebury2 = (id >> 16) & 0x7F; - uint32_t sebury3 = id & 0x7FFFFF; - PrintAndLog("Pattern Sebury : %d %d %d [0x%X 0x%X 0x%X]", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3); + } + + if (hi){ + //output 88 bit em id + PrintAndLog("\nEM TAG ID : %06X%016" PRIX64, hi, id); + } else{ + //output 40 bit em id + PrintAndLog("\nEM TAG ID : %010" PRIX64, id); + PrintAndLog("\nPossible de-scramble patterns"); + PrintAndLog("Unique TAG ID : %010" PRIX64, id2lo); + PrintAndLog("HoneyWell IdentKey {"); + PrintAndLog("DEZ 8 : %08" PRIu64, id & 0xFFFFFF); + PrintAndLog("DEZ 10 : %010" PRIu64, id & 0xFFFFFFFF); + PrintAndLog("DEZ 5.5 : %05" PRIu64 ".%05" PRIu64, (id>>16LL) & 0xFFFF, (id & 0xFFFF)); + PrintAndLog("DEZ 3.5A : %03" PRIu64 ".%05" PRIu64, (id>>32ll), (id & 0xFFFF)); + PrintAndLog("DEZ 3.5B : %03" PRIu64 ".%05" PRIu64, (id & 0xFF000000) >> 24, (id & 0xFFFF)); + PrintAndLog("DEZ 3.5C : %03" PRIu64 ".%05" PRIu64, (id & 0xFF0000) >> 16, (id & 0xFFFF)); + PrintAndLog("DEZ 14/IK2 : %014" PRIu64, id); + PrintAndLog("DEZ 15/IK3 : %015" PRIu64, id2lo); + PrintAndLog("DEZ 20/ZK : %02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64 "%02" PRIu64, + (id2lo & 0xf000000000) >> 36, + (id2lo & 0x0f00000000) >> 32, + (id2lo & 0x00f0000000) >> 28, + (id2lo & 0x000f000000) >> 24, + (id2lo & 0x0000f00000) >> 20, + (id2lo & 0x00000f0000) >> 16, + (id2lo & 0x000000f000) >> 12, + (id2lo & 0x0000000f00) >> 8, + (id2lo & 0x00000000f0) >> 4, + (id2lo & 0x000000000f) + ); + uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00; + PrintAndLog("}\nOther : %05" PRIu64 "_%03" PRIu64 "_%08" PRIu64, (id&0xFFFF), ((id>>16LL) & 0xFF), (id & 0xFFFFFF)); + PrintAndLog("Pattern Paxton : %" PRIu64 " [0x%" PRIX64 "]", paxton, paxton); + + uint32_t p1id = (id & 0xFFFFFF); + uint8_t arr[32] = {0x00}; + int i =0; + int j = 23; + for (; i < 24; ++i, --j ){ + arr[i] = (p1id >> i) & 1; } + + uint32_t p1 = 0; + + p1 |= arr[23] << 21; + p1 |= arr[22] << 23; + p1 |= arr[21] << 20; + p1 |= arr[20] << 22; + + p1 |= arr[19] << 18; + p1 |= arr[18] << 16; + p1 |= arr[17] << 19; + p1 |= arr[16] << 17; + + p1 |= arr[15] << 13; + p1 |= arr[14] << 15; + p1 |= arr[13] << 12; + p1 |= arr[12] << 14; + + p1 |= arr[11] << 6; + p1 |= arr[10] << 2; + p1 |= arr[9] << 7; + p1 |= arr[8] << 1; + + p1 |= arr[7] << 0; + p1 |= arr[6] << 8; + p1 |= arr[5] << 11; + p1 |= arr[4] << 3; + + p1 |= arr[3] << 10; + p1 |= arr[2] << 4; + p1 |= arr[1] << 5; + p1 |= arr[0] << 9; + PrintAndLog("Pattern 1 : %d [0x%X]", p1, p1); + + uint16_t sebury1 = id & 0xFFFF; + uint8_t sebury2 = (id >> 16) & 0x7F; + uint32_t sebury3 = id & 0x7FFFFF; + PrintAndLog("Pattern Sebury : %d %d %d [0x%X 0x%X 0x%X]", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3); } return; } @@ -477,17 +480,21 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo ) } return 0; } - + if (!lo && !hi) { + PrintAndLog("DEBUG: Error - Em410x decoded to all zeros"); + return 0; + } + //set GraphBuffer for clone or sim command setDemodBuf(BitStream, size, idx); if (g_debugMode){ PrintAndLog("DEBUG: Em410x idx: %d, Len: %d, Printing Demod Buffer:", idx, size); printDemodBuff(); } - if (verbose){ - PrintAndLog("EM410x pattern found: "); + + if (verbose) printEM410x(*hi, *lo); - } + return 1; } diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 6d338d0d..36855c97 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -108,6 +108,7 @@ const manufactureName manufactureMapping[] = { { 0x42, "3Alogics Inc Korea" }, { 0x43, "Top TroniQ Asia Limited Hong Kong" }, { 0x44, "Gentag Inc. USA" }, + { 0x56, "Sensible Object. UK" }, { 0x00, "no tag-info available" } // must be the last entry }; diff --git a/client/cmdlf.c b/client/cmdlf.c index 92352438..8ab065bb 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -8,6 +8,9 @@ // Low frequency commands //----------------------------------------------------------------------------- #include "cmdlf.h" + +bool g_lf_threshold_set = FALSE; + static int CmdHelp(const char *Cmd); int usage_lf_cmdread(void) { @@ -27,11 +30,10 @@ int usage_lf_cmdread(void) { return 0; } int usage_lf_read(void){ - PrintAndLog("Usage: lf read [h] [s] [t]"); + PrintAndLog("Usage: lf read [h] [s]"); PrintAndLog("Options:"); PrintAndLog(" h This help"); PrintAndLog(" s silent run no printout"); - PrintAndLog(" t waits for device to respond with no timeout"); PrintAndLog("Use 'lf config' to set parameters."); return 0; } @@ -503,7 +505,10 @@ int CmdLFSetConfig(const char *Cmd) { case 't': errors |= param_getdec(Cmd, cmdp+1, &unsigned_trigg); cmdp+=2; - if(!errors) trigger_threshold = unsigned_trigg; + if(!errors) { + trigger_threshold = unsigned_trigg; + g_lf_threshold_set = (trigger_threshold > 0); + } break; case 'b': errors |= param_getdec(Cmd, cmdp+1, &bps); @@ -544,9 +549,11 @@ int CmdLFSetConfig(const char *Cmd) { } int CmdLFRead(const char *Cmd) { + + if (offline) return 0; + bool errors = FALSE; bool arg1 = FALSE; - bool thresholdRead = FALSE; uint8_t cmdp = 0; while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { @@ -558,11 +565,6 @@ int CmdLFRead(const char *Cmd) { arg1 = TRUE; cmdp++; break; - case 't': - case 'T': - thresholdRead = TRUE; - cmdp++; - break; default: PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); errors = 1; @@ -580,7 +582,7 @@ int CmdLFRead(const char *Cmd) { UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K, {arg1,0,0}}; clearCommandBuffer(); SendCommand(&c); - if ( thresholdRead ) { + if ( g_lf_threshold_set ) { WaitForResponse(CMD_ACK,NULL); } else { if ( !WaitForResponseTimeout(CMD_ACK, NULL ,2500) ) { diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 89f68171..ff7a5f69 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -14,6 +14,20 @@ uint64_t g_em410xid = 0; static int CmdHelp(const char *Cmd); +int usage_lf_em410x_sim(void) { + PrintAndLog("Simulating EM410x tag"); + PrintAndLog(""); + PrintAndLog("Usage: lf em 410xsim [h] "); + PrintAndLog("Options:"); + PrintAndLog(" h - this help"); + PrintAndLog(" uid - uid (10 HEX symbols)"); + PrintAndLog(" clock - clock (32|64) (optional)"); + PrintAndLog("samples:"); + PrintAndLog(" lf em 410xsim 0F0368568B"); + PrintAndLog(" lf em 410xsim 0F0368568B 32"); + return 0; +} + int CmdEMdemodASK(const char *Cmd) { char cmdp = param_getchar(Cmd, 0); @@ -37,31 +51,12 @@ int CmdEM410xRead(const char *Cmd) uint64_t lo = 0; if(!AskEm410xDemod("", &hi, &lo, false)) return 0; - if (hi) - PrintAndLog ("EM410x XL pattern found"); - else - PrintAndLog("EM410x pattern found: "); printEM410x(hi, lo); g_em410xid = lo; return 1; } - -int usage_lf_em410x_sim(void) { - PrintAndLog("Simulating EM410x tag"); - PrintAndLog(""); - PrintAndLog("Usage: lf em 410xsim [h] "); - PrintAndLog("Options:"); - PrintAndLog(" h - this help"); - PrintAndLog(" uid - uid (10 HEX symbols)"); - PrintAndLog(" clock - clock (32|64) (optional)"); - PrintAndLog("samples:"); - PrintAndLog(" lf em 410xsim 0F0368568B"); - PrintAndLog(" lf em 410xsim 0F0368568B 32"); - return 0; -} - // emulate an EM410X tag int CmdEM410xSim(const char *Cmd) { @@ -889,7 +884,7 @@ int CmdEM4x05Write(const char *Cmd) { PrintAndLog("Address must be between 0 and 15"); return 1; } - if ( pwd == -1 ) + if ( pwd == 1 ) PrintAndLog("Writing address %d data %08X", addr, data); else { usePwd = true; -- 2.39.5 From 8db18d2f15d70c5b6df632863fe005ff733a64a0 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 27 Feb 2017 19:18:38 +0100 Subject: [PATCH 03/16] ADD: `hf 14a read` - now can detect the newer magic generation 1b. In output 1A (old version, where all hf mf c* commands works) 1B is the newer. --- armsrc/mifarecmd.c | 18 +++++++++++------- client/cmdhf14a.c | 13 +++++++------ 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index c05ba6fd..db49a959 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1358,25 +1358,29 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ } void MifareCIdent(){ - + #define GEN_1A 1 + #define GEN_1B 2 // variables - bool isOK = true; + uint8_t isGen = 0; uint8_t receivedAnswer[1] = {0x00}; uint8_t receivedAnswerPar[1] = {0x00}; ReaderTransmitBitsPar(wupC1, 7, NULL, NULL); if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - isOK = false; + goto OUT; } - + isGen |= GEN_1B; + ReaderTransmit(wupC2, sizeof(wupC2), NULL); if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - isOK = false; - } + goto OUT; + } + isGen = GEN_1A; +OUT: // removed the if, since some magic tags misbehavies and send an answer to it. mifare_classic_halt(NULL, 0); - cmd_send(CMD_ACK,isOK,0,0,0,0); + cmd_send(CMD_ACK,isGen, 0, 0, 0, 0); } void OnSuccessMagic(){ diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index 36855c97..cb3a67ed 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -390,21 +390,22 @@ int CmdHF14AReader(const char *Cmd) { // try to see if card responses to "chinese magic backdoor" commands. - uint8_t isOK = 0; + uint8_t isGeneration = 0; + clearCommandBuffer(); c.cmd = CMD_MIFARE_CIDENT; c.arg[0] = 0; c.arg[1] = 0; c.arg[2] = 0; SendCommand(&c); - if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) - isOK = resp.arg[0] & 0xff; + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + isGeneration = resp.arg[0] & 0xff; + } + if ( isGeneration ) + PrintAndLog("Answers to magic commands (GEN %s): YES", ((isGeneration & 0x2 )==2)?"1B":"1A"); - PrintAndLog("Answers to magic commands (GEN1): %s", (isOK ? "YES" : "NO") ); - // disconnect SendCommand(&cDisconnect); - return select_status; } -- 2.39.5 From f24edfec54295aac701b8240e39d77646ddd9bef Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Feb 2017 08:16:02 +0100 Subject: [PATCH 04/16] CHG: `hf 14a read` - started to add a Magic tag gen2 detection. SKipping it for now. Can't decide to put in on deviceside or in client. FIX: `lf read` - ophs.. it works again. ADD: `lf em 4x05--` - added a chipset definition CHG: better kali fix - from @pwpivi --- armsrc/mifarecmd.c | 44 ++++++++++++++++++++++++++++++++++---------- client/cmdhf14a.c | 13 ++++++++----- client/cmdlf.c | 5 +---- client/cmdlfem4x.c | 3 ++- client/whereami.c | 3 +++ 5 files changed, 48 insertions(+), 20 deletions(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index db49a959..2ab076b6 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1360,24 +1360,48 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){ void MifareCIdent(){ #define GEN_1A 1 #define GEN_1B 2 + #define GEN_2 4 // variables uint8_t isGen = 0; - uint8_t receivedAnswer[1] = {0x00}; - uint8_t receivedAnswerPar[1] = {0x00}; - + uint8_t rec[1] = {0x00}; + uint8_t recpar[1] = {0x00}; + + // Generation 1 test ReaderTransmitBitsPar(wupC1, 7, NULL, NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { - goto OUT; - } - isGen |= GEN_1B; + if(!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) { + goto TEST2; + }; + isGen = GEN_1B; ReaderTransmit(wupC2, sizeof(wupC2), NULL); - if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) { + if(!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) { goto OUT; - } + }; isGen = GEN_1A; + goto OUT; -OUT: +TEST2:; +/* + // Generation 2 test + struct Crypto1State mpcs = {0, 0}; + struct Crypto1State *pcs = &mpcs; + + // halt previous. + mifare_classic_halt(NULL, 0); + + //select + if (!iso14443a_select_card(NULL, NULL, NULL, true, 0)) { + goto OUT; + }; + + // MIFARE_CLASSIC_WRITEBLOCK 0xA0 + // ACK 0x0a + uint16_t len = mifare_sendcmd_short(pcs, 1, 0xA0, 0, rec, recpar, NULL); + if ((len != 1) || (rec[0] != 0x0A)) { + isGen = GEN_2; + }; + */ +OUT:; // removed the if, since some magic tags misbehavies and send an answer to it. mifare_classic_halt(NULL, 0); cmd_send(CMD_ACK,isGen, 0, 0, 0, 0); diff --git a/client/cmdhf14a.c b/client/cmdhf14a.c index cb3a67ed..21c97fa2 100644 --- a/client/cmdhf14a.c +++ b/client/cmdhf14a.c @@ -391,18 +391,21 @@ int CmdHF14AReader(const char *Cmd) { // try to see if card responses to "chinese magic backdoor" commands. uint8_t isGeneration = 0; - clearCommandBuffer(); c.cmd = CMD_MIFARE_CIDENT; c.arg[0] = 0; c.arg[1] = 0; c.arg[2] = 0; SendCommand(&c); - if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) isGeneration = resp.arg[0] & 0xff; - } - if ( isGeneration ) - PrintAndLog("Answers to magic commands (GEN %s): YES", ((isGeneration & 0x2 )==2)?"1B":"1A"); + + switch( isGeneration ){ + case 1: PrintAndLog("Answers to magic commands (GEN 1a): YES"); break; + case 2: PrintAndLog("Answers to magic commands (GEN 1b): YES"); break; + //case 4: PrintAndLog("Answers to magic commands (GEN 2): YES"); break; + default: PrintAndLog("Answers to magic commands: NO"); break; + } // disconnect SendCommand(&cDisconnect); diff --git a/client/cmdlf.c b/client/cmdlf.c index 8ab065bb..414e4a2b 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -567,14 +567,11 @@ int CmdLFRead(const char *Cmd) { break; default: PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = 1; + errors = TRUE; break; } if(errors) break; } - - // No args - if (cmdp == 0) errors = 1; //Validations if (errors) return usage_lf_read(); diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index ff7a5f69..7383756b 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -797,7 +797,7 @@ int EM4x05ReadWord_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *word) } int testLen = (GraphTraceLen < 1000) ? GraphTraceLen : 1000; if (graphJustNoise(GraphBuffer, testLen)) { - PrintAndLog("no tag not found"); + PrintAndLog("no tag found"); return -1; } return demodEM4x05resp(word); @@ -981,6 +981,7 @@ void printEM4x05info(uint32_t block0, uint32_t serial) { switch (chipType) { case 9: PrintAndLog("\n Chip Type: %u | EM4305", chipType); break; + case 8: PrintAndLog("\n Chip Type: %u | EM4205", chipType); break; case 4: PrintAndLog(" Chip Type: %u | Unknown", chipType); break; case 2: PrintAndLog(" Chip Type: %u | EM4469", chipType); break; //add more here when known diff --git a/client/whereami.c b/client/whereami.c index aa702adc..a8531889 100644 --- a/client/whereami.c +++ b/client/whereami.c @@ -10,7 +10,10 @@ extern "C" { #endif +#if defined(__linux__) +// make realpath() available: #define _DEFAULT_SOURCE +#endif #if !defined(WAI_MALLOC) || !defined(WAI_FREE) || !defined(WAI_REALLOC) #include -- 2.39.5 From 96befa9ab1a922630eef4cb182359c9bc5161b3a Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Feb 2017 08:36:01 +0100 Subject: [PATCH 05/16] upd text --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b66db046..83b44d74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - added json support in lua (vitorio) + - added a buspirate settings file for at91sam7s512 (adamlaurie) + - `lf read` timeouts is now depended on what threshold level you set in `lf config` (marshmellow) + - `hf mf sim` fixed a bug which made sim fail auths. (iceman) + - `hf 14a read` added magic tag generation 1a and 1b detection (iceman) - correctly using stdtypes.h printf and scanf format string macros (PRIx64 et al) (pwpivi) - fix linker warning re missing entry point when linking fullimage.elf (pwpivi) - small changes to lf psk and fsk demods to improve results when the trace begins with noise or the chip isn't broadcasting yet (marshmellow) -- 2.39.5 From 62cdba0568c0b5ab2bbd5156f29e9418e121d0e9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Feb 2017 14:08:15 +0100 Subject: [PATCH 06/16] CHG: `hf em` commands. Client side now has same commands as Peter Fillmores 14atagfuzz repo. OBS: not all exists on deviceside yet! --- client/cmdhfemv.c | 184 ++++++++++++++++++++++++++++++++++++---------- client/cmdhfemv.h | 12 ++- 2 files changed, 155 insertions(+), 41 deletions(-) diff --git a/client/cmdhfemv.c b/client/cmdhfemv.c index bf92d53f..17811d74 100644 --- a/client/cmdhfemv.c +++ b/client/cmdhfemv.c @@ -12,8 +12,41 @@ static int CmdHelp(const char *Cmd); -int usage_hf_emv_trans(void){ - PrintAndLog("perform an EMV transaction"); +int usage_hf_emv_test(void){ + PrintAndLog("EMV test "); + PrintAndLog("Usage: hf emv test [h]"); + PrintAndLog("Options:"); + PrintAndLog(" h : this help"); + PrintAndLog(""); + PrintAndLog("Samples:"); + PrintAndLog(" hf emv test"); + return 0; +} +int usage_hf_emv_readrecord(void){ + PrintAndLog("Read a EMV record "); + PrintAndLog("Usage: hf emv readrecord [h] "); + PrintAndLog("Options:"); + PrintAndLog(" h : this help"); + PrintAndLog(" : number of records"); + PrintAndLog(" : number of SFI records"); + PrintAndLog(""); + PrintAndLog("Samples:"); + PrintAndLog(" hf emv readrecord 1 1"); + return 0; +} +int usage_hf_emv_clone(void){ + PrintAndLog("Usage: hf emv clone [h] "); + PrintAndLog("Options:"); + PrintAndLog(" h : this help"); + PrintAndLog(" : number of records"); + PrintAndLog(" : number of SFI records"); + PrintAndLog(""); + PrintAndLog("Samples:"); + PrintAndLog(" hf emv clone 10 10"); + return 0; +} +int usage_hf_emv_transaction(void){ + PrintAndLog("Performs EMV reader transaction"); PrintAndLog("Usage: hf emv trans [h]"); PrintAndLog("Options:"); PrintAndLog(" h : this help"); @@ -43,16 +76,6 @@ int usage_hf_emv_eload(void){ PrintAndLog(" hf emv eload o myfile"); return 0; } -int usage_hf_emv_sim(void){ - PrintAndLog("Simulates a EMV contactless card"); - PrintAndLog("Usage: hf emv sim [h]"); - PrintAndLog("Options:"); - PrintAndLog(" h : this help"); - PrintAndLog(""); - PrintAndLog("Samples:"); - PrintAndLog(" hf emv sim"); - return 0; -} int usage_hf_emv_dump(void){ PrintAndLog("Gets EMV contactless tag values."); PrintAndLog("and saves binary dump into the file `filename.bin` or `cardUID.bin`"); @@ -66,27 +89,109 @@ int usage_hf_emv_dump(void){ PrintAndLog(" hf emv dump o myfile"); return 0; } +int usage_hf_emv_sim(void){ + PrintAndLog("Simulates a EMV contactless card"); + PrintAndLog("Usage: hf emv sim [h]"); + PrintAndLog("Options:"); + PrintAndLog(" h : this help"); + PrintAndLog(""); + PrintAndLog("Samples:"); + PrintAndLog(" hf emv sim"); + return 0; +} + +int CmdHfEmvTest(const char *Cmd) { + char cmdp = param_getchar(Cmd, 0); + if ( cmdp == 'h' || cmdp == 'H') return usage_hf_emv_test(); + + UsbCommand c = {CMD_EMV_TEST, {0, 0, 0}}; + clearCommandBuffer(); + SendCommand(&c); + UsbCommand resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + PrintAndLog("Command execute time-out"); + return 1; + } + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk: %02x", isOK); + return 0; +} + +int CmdHfEmvReadRecord(const char *Cmd) { + char cmdp = param_getchar(Cmd, 0); + if ((strlen(Cmd)<3) || cmdp == 'h' || cmdp == 'H') return usage_hf_emv_readrecord(); + + uint8_t record = param_get8(Cmd, 0); + uint8_t sfi = param_getchar(Cmd, 1); + if(record > 32){ + PrintAndLog("Record must be less than 32"); + return 1; + } + PrintAndLog("--record no:%02x SFI:%02x ", record, sfi); + + UsbCommand c = {CMD_EMV_READ_RECORD, {record, sfi, 0}}; + clearCommandBuffer(); + SendCommand(&c); + UsbCommand resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + PrintAndLog("Command execute timeout"); + return 1; + } + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + return 0; +} + +int CmdHfEmvClone(const char *Cmd) { + char cmdp = param_getchar(Cmd, 0); + if ((strlen(Cmd)<3) || cmdp == 'h' || cmdp == 'H') return usage_hf_emv_clone(); + + uint8_t record = param_get8(Cmd, 0); + uint8_t sfi = param_get8(Cmd, 1); + if(record > 32){ + PrintAndLog("Record must be less than 32"); + return 1; + } + UsbCommand c = {CMD_EMV_CLONE, {sfi, record, 0}}; + clearCommandBuffer(); + SendCommand(&c); + UsbCommand resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + PrintAndLog("Command execute timeout"); + return 1; + } + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); + return 0; +} -//perform an EMV transaction int CmdHfEmvTrans(const char *Cmd) { - char cmdp = param_getchar(Cmd, 0); - if ( cmdp == 'h' || cmdp == 'H') return usage_hf_emv_trans(); - UsbCommand c = {CMD_EMV_TRANSACTION, {0, 0, 0}}; + char cmdp = param_getchar(Cmd, 0); + if ( cmdp == 'h' || cmdp == 'H') return usage_hf_emv_transaction(); + + UsbCommand c = {CMD_EMV_TRANSACTION, {0, 0, 0}}; clearCommandBuffer(); - SendCommand(&c); - return 0; + SendCommand(&c); + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK, &resp, 5000)) { + PrintAndLog("Command execute time-out"); + return 1; + } + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk: %02x", isOK); + print_hex_break(resp.d.asBytes, 512, 32); + return 0; } //retrieve the UN number from a terminal int CmdHfEmvGetrng(const char *Cmd) { - char cmdp = param_getchar(Cmd, 0); + char cmdp = param_getchar(Cmd, 0); if ( cmdp == 'h' || cmdp == 'H') return usage_hf_emv_getrnd(); UsbCommand c = {CMD_EMV_GET_RANDOM_NUM, {0, 0, 0}}; clearCommandBuffer(); SendCommand(&c); return 0; } - -//set EMV tags in the device to use in a transaction +//Load a dumped EMV tag on to emulator memory int CmdHfEmvELoad(const char *Cmd) { FILE * f; char filename[FILE_PATH_SIZE]; @@ -162,7 +267,6 @@ int CmdHfEmvDump(const char *Cmd){ bool errors = false; uint8_t cmdp = 0; - while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'h': @@ -190,13 +294,10 @@ int CmdHfEmvDump(const char *Cmd){ return 0; } - -/* int CmdHfEmvSim(const char *Cmd) { bool errors = false; uint8_t cmdp = 0; - while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'h': @@ -213,27 +314,34 @@ int CmdHfEmvSim(const char *Cmd) { //Validations if(errors) return usage_hf_emv_sim(); - UsbCommand c = {CMD_SIMULATE_TAG_LEGIC_RF, {6,3,0}}; - sscanf(Cmd, " %" SCNi64 " %" SCNi64 " %" SCNi64 , &c.arg[0], &c.arg[1], &c.arg[2]); + UsbCommand c = {CMD_EMV_SIM, {0,0,0}}; clearCommandBuffer(); - SendCommand(&c); + SendCommand(&c); + UsbCommand resp; + if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) { + PrintAndLog("Command execute time-out"); + return 1; + } + uint8_t isOK = resp.arg[0] & 0xff; + PrintAndLog("isOk:%02x", isOK); return 0; } -*/ int CmdHfEmvList(const char *Cmd) { - CmdHFList("7816"); - return 0; + return CmdHFList("7816"); } static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"trans", CmdHfEmvTrans, 0, "Perform EMV Reader Transaction"}, - {"getrng", CmdHfEmvGetrng, 0, "get random number from terminal"}, - {"eload", CmdHfEmvELoad, 0, "load EMV tag into device"}, - {"dump", CmdHfEmvDump, 0, "Dump EMV tag values"}, -// {"sim", CmdHfEmvSim, 0, "Start tag simulator"}, - {"list", CmdHfEmvList, 1, "[Deprecated] List ISO7816 history"}, + {"help", CmdHelp, 1, "This help"}, + {"readrecord", CmdHfEmvReadRecord, 0, "EMV Read Record"}, + {"transaction", CmdHfEmvTrans, 0, "Perform EMV Transaction"}, + {"getrng", CmdHfEmvGetrng, 0, "get random number from terminal"}, + {"eload", CmdHfEmvELoad, 0, "load EMV tag into device"}, + {"dump", CmdHfEmvDump, 0, "dump EMV tag values"}, + {"sim", CmdHfEmvSim, 0, "simulate EMV tag"}, + {"clone", CmdHfEmvClone, 0, "clone an EMV tag"}, + {"list", CmdHfEmvList, 0, "[Deprecated] List ISO7816 history"}, + {"test", CmdHfEmvTest, 0, "Test Function"}, {NULL, NULL, 0, NULL} }; diff --git a/client/cmdhfemv.h b/client/cmdhfemv.h index 2d7179d1..00bbb616 100644 --- a/client/cmdhfemv.h +++ b/client/cmdhfemv.h @@ -24,14 +24,20 @@ int CmdHFEmv(const char *Cmd); -int CmdHfEmvTransaction(const char *Cmd); +int CmdHfEmvTest(const char *Cmd); +int CmdHfEmvReadRecord(const char *Cmd); +int CmdHfEmvClone(const char *Cmd); +int CmdHfEmvTrans(const char *Cmd); int CmdHfEmvGetrng(const char *Cmd); int CmdHfEmvELoad(const char *Cmd); int CmdHfEmvDump(const char *Cmd); -//int CmdHfEmvSim(const char *Cmd); +int CmdHfEmvSim(const char *Cmd); int CmdHfEmvList(const char *Cmd); -int usage_hf_emv_trans(void); +int usage_hf_emv_test(void); +int usage_hf_emv_readrecord(void); +int usage_hf_emv_clone(void); +int usage_hf_emv_transaction(void); int usage_hf_emv_getrnd(void); int usage_hf_emv_eload(void); int usage_hf_emv_dump(void); -- 2.39.5 From 026ac759a5aa27f6c76107111a3e800689cbefeb Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Feb 2017 14:09:10 +0100 Subject: [PATCH 07/16] help text --- client/cmdanalyse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/client/cmdanalyse.c b/client/cmdanalyse.c index 0520a668..a8deb67f 100644 --- a/client/cmdanalyse.c +++ b/client/cmdanalyse.c @@ -30,9 +30,10 @@ int usage_analyse_checksum(void) { PrintAndLog("The bytes will be added with eachother and than limited with the applied mask"); PrintAndLog("Finally compute ones' complement of the least significant bytes"); PrintAndLog(""); - PrintAndLog("Usage: analyse chksum [h] b m "); + PrintAndLog("Usage: analyse chksum [h] [v] b m "); PrintAndLog("Options:"); PrintAndLog(" h This help"); + PrintAndLog(" v supress header"); PrintAndLog(" b bytes to calc missing XOR in a LCR"); PrintAndLog(" m bit mask to limit the outpuyt"); PrintAndLog(""); -- 2.39.5 From a8fd088d8b142520fbb686b315df7216a81d481f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Feb 2017 14:47:25 +0100 Subject: [PATCH 08/16] FIX: `lf search` - em410x demod was a bit greedy. --- client/cmddata.c | 6 +++--- common/lfdemod.c | 11 +++++------ common/lfdemod.h | 2 +- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 74973b34..398d31fb 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -364,7 +364,7 @@ int CmdGetBitStream(const char *Cmd) //print 64 bit EM410x ID in multiple formats void printEM410x(uint32_t hi, uint64_t id) { - //if (!id && !hi) return; + if (!id && !hi) return; PrintAndLog("EM410x %s pattern found", (hi) ? "XL" : "" ); @@ -471,11 +471,11 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo ) if (g_debugMode){ if (ans == -1) PrintAndLog("DEBUG: Error - Em410x not only 0|1 in decoded bitstream"); + else if (ans == -2) + PrintAndLog("DEBUG: Error - Em410x preamble not found"); else if (ans == -3) PrintAndLog("DEBUG: Error - Em410x Size not correct: %d", size); else if (ans == -4) - PrintAndLog("DEBUG: Error - Em410x preamble not found"); - else if (ans == -5) PrintAndLog("DEBUG: Error - Em410x parity failed"); } return 0; diff --git a/common/lfdemod.c b/common/lfdemod.c index ca126df3..439699c6 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -203,10 +203,10 @@ size_t findModStart(uint8_t dest[], size_t size, uint8_t threshold_value, uint8_ //by marshmellow //takes 1s and 0s and searches for EM410x format - output EM ID // actually, no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future -uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo) +int Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo) { // sanity check - if (BitStream[1] > 1) return 0; + if (BitStream[1] > 1) return -1; uint8_t fmtlen; *startIdx = 0; @@ -215,8 +215,8 @@ uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_ // include 0 in front to help get start pos uint8_t preamble[] = {0,1,1,1,1,1,1,1,1,1}; if (!preambleSearch(BitStream, preamble, sizeof(preamble), size, startIdx)) - return 0; - if (*size < 64) return 0; + return -2; + if (*size < 64) return -3; fmtlen = (*size == 110) ? 22 : 10; @@ -236,8 +236,7 @@ uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_ *lo = ((uint64_t)(bytebits_to_byte(BitStream + 24, 32)) << 32) | (bytebits_to_byte(BitStream + 24 + 32, 32)); break; } - default: return 0; - + default: return -4; } return 1; } diff --git a/common/lfdemod.h b/common/lfdemod.h index 4c2cb9fb..ce71fad2 100644 --- a/common/lfdemod.h +++ b/common/lfdemod.h @@ -50,7 +50,7 @@ size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t //tag specific int AWIDdemodFSK(uint8_t *dest, size_t *size); -uint8_t Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo); +int Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo); int FDXBdemodBI(uint8_t *dest, size_t *size); int gProxII_Demod(uint8_t BitStream[], size_t *size); int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo); -- 2.39.5 From 4eabb8ad382f87aaee497d35e88c169da96b8fda Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Feb 2017 16:55:16 +0100 Subject: [PATCH 09/16] CHG: minor LF adjustments. CHG: `lf visa2000` - removed askedgedetect, it seemed it destroyed more than enhanced. --- client/cmddata.c | 7 ++++++- client/cmddata.h | 2 ++ client/cmdlfem4x.c | 2 +- client/cmdlfjablotron.c | 3 ++- client/cmdlfvisa2000.c | 7 ++++--- common/lfdemod.c | 24 +++++++++++++++--------- 6 files changed, 30 insertions(+), 15 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 398d31fb..19e01d82 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -834,7 +834,7 @@ int CmdVikingDemod(const char *Cmd) return 0; } size_t size = DemodBufferLen; - //call lfdemod.c demod for Viking + int ans = VikingDemod_AM(DemodBuffer, &size); if (ans < 0) { if (g_debugMode) PrintAndLog("DEBUG: Error - Viking Demod %d %s", ans, (ans == -5)?"[chksum error]":""); @@ -2095,6 +2095,11 @@ int CmdGrid(const char *Cmd) RepaintGraphWindow(); return 0; } +void setGrid_Clock(uint8_t clock){ + PlotGridXdefault = clock; + RepaintGraphWindow(); +} + int CmdHexsamples(const char *Cmd) { diff --git a/client/cmddata.h b/client/cmddata.h index b0ff5bd0..4ea0b3b2 100644 --- a/client/cmddata.h +++ b/client/cmddata.h @@ -80,6 +80,8 @@ int NRZrawDemod(const char *Cmd, bool verbose); void printEM410x(uint32_t hi, uint64_t id); int getSamples(const char *Cmd, bool silent); +void setGrid_Clock(uint8_t clock); + int CmdDataIIR(const char *Cmd); extern uint8_t DemodBuffer[MAX_DEMOD_BUF_LEN]; diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 7383756b..59a1eef3 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -443,7 +443,7 @@ int EM4x50Read(const char *Cmd, bool verbose) { } } if (!clk) { - PrintAndLog("ERROR: EM4x50 - didn't find a clock"); + if (verbose || g_debugMode) PrintAndLog("ERROR: EM4x50 - didn't find a clock"); return 0; } } else tol = clk/8; diff --git a/client/cmdlfjablotron.c b/client/cmdlfjablotron.c index dc5e10d7..473fbe28 100644 --- a/client/cmdlfjablotron.c +++ b/client/cmdlfjablotron.c @@ -97,6 +97,7 @@ int CmdJablotronDemod(const char *Cmd) { } setDemodBuf(DemodBuffer+ans, 64, 0); + setGrid_Clock(64); //got a good demod uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); @@ -125,7 +126,7 @@ int CmdJablotronDemod(const char *Cmd) { int CmdJablotronRead(const char *Cmd) { CmdLFRead("s"); - getSamples("12000", TRUE); + getSamples("10000", TRUE); return CmdJablotronDemod(Cmd); } diff --git a/client/cmdlfvisa2000.c b/client/cmdlfvisa2000.c index c0837108..5c030ec3 100644 --- a/client/cmdlfvisa2000.c +++ b/client/cmdlfvisa2000.c @@ -62,7 +62,7 @@ int CmdVisa2kDemod(const char *Cmd) { // save GraphBuffer - to restore it later save_restoreGB(1); - CmdAskEdgeDetect(""); + //sCmdAskEdgeDetect(""); //ASK / Manchester bool st = TRUE; @@ -88,7 +88,8 @@ int CmdVisa2kDemod(const char *Cmd) { return 0; } setDemodBuf(DemodBuffer, 96, ans); - + setGrid_Clock(64); + //got a good demod uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); uint32_t raw2 = bytebits_to_byte(DemodBuffer+32, 32); @@ -110,7 +111,7 @@ int CmdVisa2kDemod(const char *Cmd) { int CmdVisa2kRead(const char *Cmd) { CmdLFRead("s"); - getSamples("16000",TRUE); + getSamples("12000",TRUE); return CmdVisa2kDemod(Cmd); } diff --git a/common/lfdemod.c b/common/lfdemod.c index 439699c6..7f8333ac 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -243,6 +243,7 @@ int Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *h //by marshmellow //demodulates strong heavily clipped samples +//RETURN: num of errors. if 0, is ok. int cleanAskRawDemod(uint8_t *BinStream, size_t *size, int clk, int invert, int high, int low) { size_t bitCnt=0, smplCnt=0, errCnt=0; @@ -386,25 +387,30 @@ int askdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr //by marshmellow //take 10 and 01 and manchester decode //run through 2 times and take least errCnt -int manrawdecode(uint8_t * BitStream, size_t *size, uint8_t invert){ +int manrawdecode(uint8_t *BitStream, size_t *size, uint8_t invert){ + + // sanity check + if (*size < 16) return -1; + int errCnt = 0, bestErr = 1000; uint16_t bitnum = 0, MaxBits = 512, bestRun = 0; size_t i, k; - if (*size < 16) return -1; + //find correct start position [alignment] - for (k=0; k < 2; ++k){ - for (i=k; i<*size-3; i += 2) + for (k = 0; k < 2; ++k){ + for (i = k; i < *size-3; i += 2) { if (BitStream[i] == BitStream[i+1]) errCnt++; - + } if (bestErr > errCnt){ bestErr = errCnt; bestRun = k; } - errCnt=0; + errCnt = 0; } + //decode - for (i=bestRun; i < *size-3; i += 2){ + for (i = bestRun; i < *size-3; i += 2){ if (BitStream[i] == 1 && (BitStream[i+1] == 0)){ BitStream[bitnum++] = invert; } else if ((BitStream[i] == 0) && BitStream[i+1] == 1){ @@ -412,9 +418,9 @@ int manrawdecode(uint8_t * BitStream, size_t *size, uint8_t invert){ } else { BitStream[bitnum++] = 7; } - if (bitnum>MaxBits) break; + if (bitnum > MaxBits) break; } - *size=bitnum; + *size = bitnum; return bestErr; } -- 2.39.5 From c24364a8a4932f51a9b9e255d2ed0c67b9e37c74 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 28 Feb 2017 19:20:12 +0100 Subject: [PATCH 10/16] FIX: @marshmellow42 's ST detection fix. FIX: lfops.c and em4x05 command timings. --- armsrc/lfops.c | 36 +++++++++++++++--------------------- common/lfdemod.c | 4 ++++ 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 20e4efd3..c0c24787 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1179,6 +1179,10 @@ void TurnReadLFOn(uint32_t delay) { // Give it a bit of time for the resonant antenna to settle. WaitUS(delay); } +void TurnReadLF_off(uint32_t delay) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + WaitUS(delay); +} // Write one bit to card void T55xxWriteBit(int bit) { @@ -1649,15 +1653,8 @@ void SendForward(uint8_t fwd_bit_count) { // 55FC * 8us == 440us / 21.3 === 20.65 steps. could be too short. Go for 56FC instead // 32FC * 8us == 256us / 21.3 == 12.018 steps. ok // 16FC * 8us == 128us / 21.3 == 6.009 steps. ok - #ifndef EM_START_GAP -#define EM_START_GAP 60*8 -#endif -#ifndef EM_ONE_GAP -#define EM_ONE_GAP 32*8 -#endif -#ifndef EM_ZERO_GAP -# define EM_ZERO_GAP 16*8 +#define EM_START_GAP 55*8 #endif fwd_write_ptr = forwardLink_data; @@ -1670,19 +1667,16 @@ void SendForward(uint8_t fwd_bit_count) { fwd_bit_sz--; //prepare next bit modulation fwd_write_ptr++; - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(EM_START_GAP); - TurnReadLFOn(16); + TurnReadLF_off(EM_START_GAP); + TurnReadLFOn(18*8); // now start writting with bitbanging the antenna. while(fwd_bit_sz-- > 0) { //prepare next bit modulation - if(((*fwd_write_ptr++) & 1) == 1) - WaitUS(EM_ONE_GAP); - else { - //These timings work for 4469/4269/4305 - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(20); - TurnReadLFOn(12); + if(((*fwd_write_ptr++) & 1) == 1) { + WaitUS(32); + } else { + TurnReadLF_off(23*8); + TurnReadLFOn(18*8); } } } @@ -1693,7 +1687,7 @@ void EM4xLogin(uint32_t pwd) { len = Prepare_Cmd( FWD_CMD_LOGIN ); len += Prepare_Data( pwd & 0xFFFF, pwd >> 16 ); SendForward(len); - WaitMS(20); // no wait for login command. + //WaitUS(20); // no wait for login command. // should receive // 0000 1010 ok. // 0000 0001 fail @@ -1722,7 +1716,7 @@ void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) { SendForward(len); WaitUS(400); - // Now do the acquisition + DoPartialAcquisition(20, true, 6000); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); @@ -1757,7 +1751,7 @@ void EM4xWriteWord(uint32_t flag, uint32_t data, uint32_t pwd) { SendForward(len); //Wait 20ms for write to complete? - WaitMS(6); + WaitMS(7); //Capture response if one exists DoPartialAcquisition(20, true, 6000); diff --git a/common/lfdemod.c b/common/lfdemod.c index 7f8333ac..c177468f 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -1845,6 +1845,10 @@ bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) { for(i=0; i < clk/2-tol; ++i) { buffer[dataloc+i] = high+5; } + } //test for single sample outlier (high between two lows) in the case of very strong waves + if (buffer[dataloc] >= high && buffer[dataloc+2] <= low) { + buffer[dataloc] = buffer[dataloc+2]; + buffer[dataloc+1] = buffer[dataloc+2]; } for (i=0; i Date: Wed, 1 Mar 2017 20:14:46 +0100 Subject: [PATCH 11/16] CHG: Added PR #220 from PM3 Master. ref: https://github.com/Proxmark/proxmark3/pull/220 --- CHANGELOG.md | 7 ++++++- client/cmddata.c | 34 ++++++++++++++++++++++++++++++---- client/cmdhfmf.c | 16 ++++++++++++---- client/cmdlffdx.c | 1 + client/cmdlfnedap.c | 3 ++- client/cmdlfnoralsy.c | 1 + client/cmdlfpresco.c | 1 + client/proxgui.h | 2 +- client/proxguiqt.cpp | 20 ++++++++++++++++---- client/ui.c | 2 +- client/ui.h | 2 +- common/lfdemod.c | 23 ++++++++++++++++++----- common/lfdemod.h | 1 + 13 files changed, 91 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83b44d74..0ec40164 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,12 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... -## [unreleased][unreleased] +## [unreleased][unreleased] + - hf mf dump - added retry loops to try each read attempt up to 3 times. makes getting a complete dump easier with many antennas. (marshmellow) + + - Added markers in the graph around found Sequence Terminator after askmandemod. (marshmellow) + - Added data mtrim command to trim out samples between start and stop. (marshmellow) + - Added data setgraphmarkers command to set two extra markers on the graph (marshmellow) - added json support in lua (vitorio) - added a buspirate settings file for at91sam7s512 (adamlaurie) - `lf read` timeouts is now depended on what threshold level you set in `lf config` (marshmellow) diff --git a/client/cmddata.c b/client/cmddata.c index 19e01d82..f9bb47c2 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -531,6 +531,7 @@ int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType, int clk = 0; int maxErr = 100; int maxLen = 0; + uint8_t askamp = 0; char amp = param_getchar(Cmd, 0); uint8_t BitStream[MAX_GRAPH_TRACE_LEN] = {0}; sscanf(Cmd, "%i %i %i %i %c", &clk, &invert, &maxErr, &maxLen, &); @@ -553,14 +554,16 @@ int ASKDemod_ext(const char *Cmd, bool verbose, bool emSearch, uint8_t askType, askAmp(BitStream, BitLen); bool st = false; - if (*stCheck) st = DetectST(BitStream, &BitLen, &foundclk); + size_t ststart = 0, stend = 0; + if (*stCheck) st = DetectST_ext(BitStream, &BitLen, &foundclk, &ststart, &stend); if (st) { *stCheck = st; clk = (clk == 0) ? foundclk : clk; - if (verbose || g_debugMode) PrintAndLog("\nFound Sequence Terminator"); + CursorCPos = ststart; + CursorDPos = stend; + if (verbose || g_debugMode) PrintAndLog("\nFound Sequence Terminator - First one is shown by orange and blue graph markers"); } - - int errCnt = askdemod(BitStream, &BitLen, &clk, &invert, maxErr, 0, askType); + int errCnt = askdemod(BitStream, &BitLen, &clk, &invert, maxErr, askamp, askType); if (errCnt<0 || BitLen<16){ //if fatal error (or -1) if (g_debugMode) PrintAndLog("DEBUG: no data found %d, errors:%d, bitlen:%d, clock:%d",errCnt,invert,BitLen,clk); return 0; @@ -2100,6 +2103,11 @@ void setGrid_Clock(uint8_t clock){ RepaintGraphWindow(); } +int CmdSetGraphMarkers(const char *Cmd) { + sscanf(Cmd, "%i %i", &CursorCPos, &CursorDPos); + RepaintGraphWindow(); + return 0; +} int CmdHexsamples(const char *Cmd) { @@ -2361,6 +2369,22 @@ int CmdRtrim(const char *Cmd) return 0; } +// trim graph (middle) piece +int CmdMtrim(const char *Cmd) { + int start = 0, stop = 0; + sscanf(Cmd, "%i %i", &start, &stop); + + if (start > GraphTraceLen || stop > GraphTraceLen || start > stop) return 0; + start++; //leave start position sample + + GraphTraceLen -= stop - start; + for (int i = 0; i < GraphTraceLen; i++) { + GraphBuffer[start+i] = GraphBuffer[stop+i]; + } + return 0; +} + + int CmdNorm(const char *Cmd) { int i; @@ -2593,6 +2617,7 @@ static command_t CommandTable[] = {"load", CmdLoad, 1, " -- Load trace (to graph window"}, {"ltrim", CmdLtrim, 1, " -- Trim samples from left of trace"}, {"rtrim", CmdRtrim, 1, " -- Trim samples from right of trace"}, + {"mtrim", CmdMtrim, 1, " -- Trim out samples from the specified start to the specified stop"}, {"manrawdecode", Cmdmandecoderaw, 1, "[invert] [maxErr] -- Manchester decode binary stream in DemodBuffer"}, {"norm", CmdNorm, 1, "Normalize max/min to +/-128"}, {"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"}, @@ -2602,6 +2627,7 @@ static command_t CommandTable[] = {"rawdemod", CmdRawDemod, 1, "[modulation] ... -see help (h option) -- Demodulate the data in the GraphBuffer and output binary"}, {"samples", CmdSamples, 0, "[512 - 40000] -- Get raw samples for graph window (GraphBuffer)"}, {"save", CmdSave, 1, " -- Save trace (from graph window)"}, + {"setgraphmarkers", CmdSetGraphMarkers, 1, "[orange_marker] [blue_marker] (in graph window)"}, {"scale", CmdScale, 1, " -- Set cursor display scale"}, {"setdebugmode", CmdSetDebugMode, 1, "<0|1|2> -- Turn on or off Debugging Level for lf demods"}, {"shiftgraphzero", CmdGraphShiftZero, 1, " -- Shift 0 for Graphed wave + or - shift value"}, diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index 04998e18..ede88cb7 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -492,8 +492,9 @@ int CmdHF14AMfDump(const char *Cmd) { PrintAndLog("|-----------------------------------------|"); PrintAndLog("|------ Reading sector access bits...-----|"); PrintAndLog("|-----------------------------------------|"); - + uint8_t tries = 0; for (sectorNo = 0; sectorNo < numSectors; sectorNo++) { + for (tries = 0; tries < 3; tries++) { UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}}; memcpy(c.d.asBytes, keyA[sectorNo], 6); clearCommandBuffer(); @@ -507,7 +508,8 @@ int CmdHF14AMfDump(const char *Cmd) { rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1 rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2 rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer - } else { + break; + } else if (tries == 2) { // on last try set defaults PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo); rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00; rights[sectorNo][3] = 0x01; @@ -518,6 +520,7 @@ int CmdHF14AMfDump(const char *Cmd) { rights[sectorNo][3] = 0x01; } } + } PrintAndLog("|-----------------------------------------|"); PrintAndLog("|----- Dumping all blocks to file... -----|"); @@ -527,7 +530,7 @@ int CmdHF14AMfDump(const char *Cmd) { for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) { for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) { bool received = false; - + for (tries = 0; tries < 3; tries++) { if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}}; memcpy(c.d.asBytes, keyA[sectorNo], 6); @@ -544,12 +547,18 @@ int CmdHF14AMfDump(const char *Cmd) { } else if (rights[sectorNo][data_area] == 0x07) { // no key would work isOK = false; PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo); + tries = 2; } else { // key A would work UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}}; memcpy(c.d.asBytes, keyA[sectorNo], 6); clearCommandBuffer(); SendCommand(&c); received = WaitForResponseTimeout(CMD_ACK,&resp,1500); + } + } + if (received) { + isOK = resp.arg[0] & 0xff; + if (isOK) break; } } @@ -594,7 +603,6 @@ int CmdHF14AMfDump(const char *Cmd) { uint16_t numblocks = FirstBlockOfSector(numSectors - 1) + NumBlocksPerSector(numSectors - 1); fwrite(carddata, 1, 16*numblocks, fout); fclose(fout); - fout = NULL; PrintAndLog("Dumped %d blocks (%d bytes) to file dumpdata.bin", numblocks, 16*numblocks); } diff --git a/client/cmdlffdx.c b/client/cmdlffdx.c index 17f50ab1..da22a833 100644 --- a/client/cmdlffdx.c +++ b/client/cmdlffdx.c @@ -149,6 +149,7 @@ int CmdFdxDemod(const char *Cmd) { } setDemodBuf(DemodBuffer, 128, ans); + setGrid_Clock(32); // remove marker bits (1's every 9th digit after preamble) (pType = 2) size = removeParity(DemodBuffer, 11, 9, 2, 117); if ( size != 104 ) { diff --git a/client/cmdlfnedap.c b/client/cmdlfnedap.c index 8f5832ad..7a3268bb 100644 --- a/client/cmdlfnedap.c +++ b/client/cmdlfnedap.c @@ -136,7 +136,8 @@ int CmdLFNedapDemod(const char *Cmd) { raw[2] = bytebits_to_byte(DemodBuffer+idx+32,32); raw[3] = bytebits_to_byte(DemodBuffer+idx,32); setDemodBuf(DemodBuffer,128,idx); - + setGrid_Clock(64); + uint8_t firstParity = GetParity( DemodBuffer, EVEN, 63); if ( firstParity != DemodBuffer[63] ) { PrintAndLog("DEBUG: Error - Nedap 1st 64bit parity check failed: %d|%d ", DemodBuffer[63], firstParity); diff --git a/client/cmdlfnoralsy.c b/client/cmdlfnoralsy.c index 405d0d43..32c92d86 100644 --- a/client/cmdlfnoralsy.c +++ b/client/cmdlfnoralsy.c @@ -108,6 +108,7 @@ int CmdNoralsyDemod(const char *Cmd) { return 0; } setDemodBuf(DemodBuffer, 96, ans); + setGrid_Clock(32); //got a good demod uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); diff --git a/client/cmdlfpresco.c b/client/cmdlfpresco.c index 84b6f4a2..3afb3d24 100644 --- a/client/cmdlfpresco.c +++ b/client/cmdlfpresco.c @@ -137,6 +137,7 @@ int CmdPrescoDemod(const char *Cmd) { return 0; } setDemodBuf(DemodBuffer, 128, ans); + setGrid_Clock(32); //got a good demod uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); diff --git a/client/proxgui.h b/client/proxgui.h index b1694530..e83e75e7 100644 --- a/client/proxgui.h +++ b/client/proxgui.h @@ -23,7 +23,7 @@ void ExitGraphics(void); extern int GraphBuffer[MAX_GRAPH_TRACE_LEN]; extern int GraphTraceLen; extern double CursorScaleFactor; -extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault; +extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault, CursorCPos, CursorDPos; extern int CommandFinished; extern int offline; diff --git a/client/proxguiqt.cpp b/client/proxguiqt.cpp index 151f6ce9..a845468f 100644 --- a/client/proxguiqt.cpp +++ b/client/proxguiqt.cpp @@ -99,7 +99,7 @@ ProxGuiQT::~ProxGuiQT(void) void ProxWidget::paintEvent(QPaintEvent *event) { QPainter painter(this); - QPainterPath penPath, whitePath, greyPath, lightgreyPath, cursorAPath, cursorBPath; + QPainterPath penPath, whitePath, greyPath, lightgreyPath, cursorAPath, cursorBPath, cursorCPath, cursorDPath; QRect r; QBrush brush(QColor(100, 255, 100)); QPen pen(QColor(100, 255, 100)); @@ -114,6 +114,10 @@ void ProxWidget::paintEvent(QPaintEvent *event) if(CursorBPos > GraphTraceLen) CursorBPos= 0; + if(CursorCPos > GraphTraceLen) + CursorCPos= 0; + if(CursorDPos > GraphTraceLen) + CursorDPos= 0; r = rect(); @@ -238,13 +242,17 @@ void ProxWidget::paintEvent(QPaintEvent *event) penPath.moveTo(x,y); } - if(i == CursorAPos || i == CursorBPos) { + if(i == CursorAPos || i == CursorBPos || i == CursorCPos || i == CursorDPos) { QPainterPath *cursorPath; - if(i == CursorAPos) + if (i == CursorAPos) cursorPath = &cursorAPath; - else + else if (i == CursorBPos) cursorPath = &cursorBPath; + else if (i == CursorCPos) + cursorPath = &cursorCPath; + else + cursorPath = &cursorDPath; cursorPath->moveTo(x, r.top()); cursorPath->lineTo(x, r.bottom()); @@ -263,6 +271,10 @@ void ProxWidget::paintEvent(QPaintEvent *event) painter.drawPath(cursorAPath); painter.setPen(QColor(255, 0, 255)); painter.drawPath(cursorBPath); + painter.setPen(QColor(255, 153, 0)); //orange + painter.drawPath(cursorCPath); + painter.setPen(QColor(0, 0, 205)); //light blue + painter.drawPath(cursorDPath); char str[200]; sprintf(str, "@%d max=%d min=%d mean=%d n=%d/%d dt=%d [%.3f] zoom=%.3f CursorA=%d [%d] CursorB=%d [%d] GridX=%d GridY=%d (%s)", diff --git a/client/ui.c b/client/ui.c index 87fede08..4fabbe70 100644 --- a/client/ui.c +++ b/client/ui.c @@ -11,7 +11,7 @@ #include "ui.h" double CursorScaleFactor; -int PlotGridX, PlotGridY, PlotGridXdefault= 64, PlotGridYdefault= 64; +int PlotGridX, PlotGridY, PlotGridXdefault= 64, PlotGridYdefault= 64, CursorCPos= 0, CursorDPos= 0; int offline; int flushAfterWrite = 0; extern pthread_mutex_t print_lock; diff --git a/client/ui.h b/client/ui.h index 6891a821..3886c12b 100644 --- a/client/ui.h +++ b/client/ui.h @@ -45,7 +45,7 @@ void PrintAndLog(char *fmt, ...); void SetLogFilename(char *fn); extern double CursorScaleFactor; -extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault; +extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault, CursorCPos, CursorDPos; extern int offline; extern int flushAfterWrite; //buzzy diff --git a/common/lfdemod.c b/common/lfdemod.c index c177468f..58b843e2 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -206,6 +206,7 @@ size_t findModStart(uint8_t dest[], size_t size, uint8_t threshold_value, uint8_ int Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo) { // sanity check + if (*size < 64) return -3; if (BitStream[1] > 1) return -1; uint8_t fmtlen; @@ -214,11 +215,13 @@ int Em410xDecode(uint8_t *BitStream, size_t *size, size_t *startIdx, uint32_t *h // preamble 0111111111 // include 0 in front to help get start pos uint8_t preamble[] = {0,1,1,1,1,1,1,1,1,1}; - if (!preambleSearch(BitStream, preamble, sizeof(preamble), size, startIdx)) + if (!preambleSearch(BitStream, preamble, sizeof(preamble), size, startIdx)) return -2; - if (*size < 64) return -3; + + //XL and normal size. + if (*size != 64 && *size != 128) return -3; - fmtlen = (*size == 110) ? 22 : 10; + fmtlen = (*size == 128) ? 22 : 10; //skip last 4bit parity row for simplicity *size = removeParity(BitStream, *startIdx + sizeof(preamble), 5, 0, fmtlen * 5); @@ -1680,9 +1683,14 @@ int pskRawDemod(uint8_t dest[], size_t *size, int *clock, int *invert) return errCnt; } +bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) { + size_t ststart = 0, stend = 0; + return DetectST_ext(buffer, size, foundclock, &ststart, &stend); +} + //by marshmellow //attempt to identify a Sequence Terminator in ASK modulated raw wave -bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) { +bool DetectST_ext(uint8_t buffer[], size_t *size, int *foundclock, size_t *ststart, size_t *stend) { size_t bufsize = *size; //need to loop through all samples and identify our clock, look for the ST pattern uint8_t fndClk[] = {8,16,32,40,50,64,128}; @@ -1837,7 +1845,7 @@ bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) { size_t newloc = 0; i=0; if (g_debugMode==2) prnt("DEBUG STT: Starting STT trim - start: %d, datalen: %d ",dataloc, datalen); - + bool firstrun = true; // warning - overwriting buffer given with raw wave data with ST removed... while ( dataloc < bufsize-(clk/2) ) { //compensate for long high at end of ST not being high due to signal loss... (and we cut out the start of wave high part) @@ -1850,6 +1858,11 @@ bool DetectST(uint8_t buffer[], size_t *size, int *foundclock) { buffer[dataloc] = buffer[dataloc+2]; buffer[dataloc+1] = buffer[dataloc+2]; } + if (firstrun) { + *stend = dataloc; + *ststart = dataloc-(clk*4); + firstrun=false; + } for (i=0; i Date: Wed, 1 Mar 2017 21:51:23 +0100 Subject: [PATCH 12/16] CHG: finalized the merge between peter filmoores 14atagfuzz branch (emv). I seriously doubt anything works. --- armsrc/appmain.c | 3 - armsrc/apps.h | 20 +- armsrc/emvcard.h | 2 +- armsrc/emvcmd.c | 707 +++++++++++++++++++++++++++++++++++---------- armsrc/emvcmd.h | 2 +- armsrc/emvutil.c | 99 ++++++- armsrc/emvutil.h | 22 +- armsrc/iso14443a.c | 38 +-- armsrc/iso14443a.h | 8 +- armsrc/iso14443b.h | 2 - include/common.h | 15 +- include/mifare.h | 8 +- 12 files changed, 678 insertions(+), 248 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index eea3857b..d976febc 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1233,9 +1233,6 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_EMV_READ_RECORD: EMVReadRecord(c->arg[0], c->arg[1], NULL); break; - case CMD_EMV_TRANSACTION: - EMVTransaction(); - break; case CMD_EMV_CLONE: EMVClone(c->arg[0], c->arg[1]); break; diff --git a/armsrc/apps.h b/armsrc/apps.h index 41f8543c..0cb375e6 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -29,6 +29,8 @@ extern "C" { #include "pcf7931.h" #include "desfire.h" #include "iso14443b.h" +//#include "iso14443a.h" +#include "emvcard.h" extern int rsamples; // = 0; extern int tracing; // = TRUE; @@ -118,6 +120,9 @@ void ReaderIso14443a(UsbCommand * c); //bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t len, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *parity); void iso14a_set_trigger(bool enable); +// also used in emv +bool prepare_allocated_tag_modulation(tag_response_info_t * response_info); +int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len); // epa.h void EPA_PACE_Collect_Nonce(UsbCommand * c); @@ -220,23 +225,22 @@ bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* d // util.h void HfSnoop(int , int); -//EMV functions emvcmd.h +//EMV functions +// emvcmd.h void EMVTransaction(void); void EMVgetUDOL(void); void EMVloadvalue(uint32_t tag, uint8_t* datain); void EMVdumpcard(void); - -/* //void EMVSelect(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *data); -void EMVFuzz_RATS(uint8_t len, uint8_t* RATS); +void EMVFuzz_RATS(uint8_t ratslen, uint8_t* RATS); void EMVReadRecord(uint8_t arg0, uint8_t arg1,emvcard* inputcard); void EMVSelectPPSE(); void EMVSelectAID(uint8_t *AID, uint8_t AIDlen, emvcard* inputcard); -void EMVTransaction(); //perform an EMV transaction -void EMVClone(uint8_t maxsfi, uint8_t maxrecord); //clone an EMV card. +void EMVTransaction(); +void EMVClone(uint8_t maxsfi, uint8_t maxrecord); void EMVSim(); -void EMVTest(); //test function for emv stuff. -*/ +void EMVTest(); +void SimulateEMVcard(); #ifdef __cplusplus } diff --git a/armsrc/emvcard.h b/armsrc/emvcard.h index c7b60067..51914993 100644 --- a/armsrc/emvcard.h +++ b/armsrc/emvcard.h @@ -240,6 +240,6 @@ typedef struct { uint8_t tag_BF0C[222]; //File Control Information (FCI) Issuer Discretionary Data uint8_t tag_DFName[16]; uint8_t tag_DFName_len; -} emvtags; +} emvcard; #endif //__EMVCARD_H diff --git a/armsrc/emvcmd.c b/armsrc/emvcmd.c index 4b9e6785..217ded54 100644 --- a/armsrc/emvcmd.c +++ b/armsrc/emvcmd.c @@ -10,10 +10,37 @@ //-------------------------------------------------------------------------------- #include "emvcmd.h" -static emvtags currentcard; //use to hold emv tags for the reader/card during communications +static emvcard currentcard; //use to hold emv tags for the reader/card during communications -// The FPGA will report its internal sending delay in -//uint16_t FpgaSendQueueDelay; +void EMVTest() +{ + uint8_t rats[0x0b] = {0x0b,0x78,0x80,0x81,0x02,0x4b,0x4f,0x4e,0x41, 0x14, 0x11}; + EMVFuzz_RATS(0xb, rats); + //grab card + //EMVClone(1,1); + /* + uint8_t tagvalbuffer[256]; + uint8_t tagvallen; + uint8_t template6F[] = {0x6F,0x00}; + uint8_t templateA5[] = {0xA5,0x00}; + uint8_t tag1[] = {0x50,0x00,0x00}; + uint8_t tag2[] = {0x87,0x00,0x00}; + uint8_t tag3[] = {0x9f,0x38,0x00}; + uint8_t tag4[] = {0x5F,0x2D,0x00}; + uint8_t tag5[] = {0x9F,0x11,0x00}; + uint8_t tag6[] = {0x9F,0x12,0x00}; + + uint8_t tag7[] = {0x84, 0x00}; + uint8_t tag8[] = {0xA5, 0x00}; + emv_generatetemplate(templateA5,¤tcard,tagvalbuffer,&tagvallen, 6, tag1, tag2, tag3, tag4, tag5, tag6); + memcpy(currentcard.tag_A5, tagvalbuffer+2, tagvallen-2); + currentcard.tag_A5_len = tagvallen-2; + emv_generatetemplate(template6F,¤tcard,currentcard.tag_6F ,¤tcard.tag_6F_len, 2, tag7, tag8); + Dbprintf("TAG A5="); + Dbhexdump(currentcard.tag_A5_len,currentcard.tag_A5 , false); + */ + //EMVSim(); +} //load individual tag into current card @@ -23,21 +50,25 @@ void EMVloadvalue(uint32_t tag, uint8_t *datain){ emv_settag(tag, datain, ¤tcard); } -void EMVReadRecord(uint8_t arg0, uint8_t arg1,emvtags *currentcard) +void EMVReadRecord(uint8_t arg0, uint8_t arg1,emvcard *currentcard) { uint8_t record = arg0; uint8_t sfi = arg1 & 0x0F; // convert arg1 to number - uint8_t receivedAnswer[MAX_FRAME_SIZE]; - + uint8_t *resp = BigBuf_malloc(256); // variables tlvtag inputtag; // create the tag structure + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + // perform read // write the result to the provided card - if(!emv_readrecord(record,sfi,receivedAnswer)) { + while(true) { + if(!emv_readrecord(record, sfi, resp)) { if(MF_DBGLEVEL >= 1) Dbprintf("readrecord failed"); } - if(*(receivedAnswer+1) == 0x70){ - decode_ber_tlv_item(receivedAnswer+1, &inputtag); + if(*(resp+1) == 0x70){ + decode_ber_tlv_item(resp+1, &inputtag); emv_decode_field(inputtag.value, inputtag.valuelength, currentcard); } else @@ -45,46 +76,79 @@ void EMVReadRecord(uint8_t arg0, uint8_t arg1,emvtags *currentcard) if(MF_DBGLEVEL >= 1) Dbprintf("Record not found SFI=%i RECORD=%i", sfi, record); } - return; + LED_B_ON(); + LED_B_OFF(); + break; + } + LEDsoff(); } -void EMVSelectAID(uint8_t *AID, uint8_t AIDlen, emvtags* inputcard) -{ - uint8_t receivedAnswer[MAX_FRAME_SIZE]; - +void EMVSelectAID(uint8_t *AID, uint8_t AIDlen, emvcard* inputcard) +{ + uint8_t* resp = BigBuf_malloc(256); // variables - tlvtag inputtag; // create the tag structure - // perform select - if(!emv_select(AID, AIDlen, receivedAnswer)){ - if(MF_DBGLEVEL == 1) Dbprintf("AID Select failed"); - return; - } - // write the result to the provided card - if(*(receivedAnswer+1) == 0x6F){ - // decode the 6F template - decode_ber_tlv_item(receivedAnswer+1, &inputtag); - // store 84 and A5 tags - emv_decode_field(inputtag.value, inputtag.valuelength, ¤tcard); - // decode the A5 tag - if(currentcard.tag_A5_len > 0) - emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, ¤tcard); + tlvtag inputtag; // create the tag structure + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while(true) { + + if(!emv_select(AID, AIDlen, resp)){ + if(MF_DBGLEVEL == 1) DbpString("AID Select failed"); + break; + } + + // write the result to the provided card + if(*(resp+1) == 0x6F){ + // decode the 6F template + decode_ber_tlv_item(resp+1, &inputtag); + + // store 84 and A5 tags + emv_decode_field(inputtag.value, inputtag.valuelength, ¤tcard); + + // decode the A5 tag + if(currentcard.tag_A5_len > 0) + emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, ¤tcard); - // copy this result to the DFName - if(currentcard.tag_84_len == 0) - memcpy(currentcard.tag_DFName, currentcard.tag_84, currentcard.tag_84_len); + // copy this result to the DFName + if(currentcard.tag_84_len == 0) + memcpy(currentcard.tag_DFName, currentcard.tag_84, currentcard.tag_84_len); - // decode the BF0C result, assuming 1 directory entry for now - if(currentcard.tag_BF0C_len !=0){ - emv_decode_field(currentcard.tag_BF0C, currentcard.tag_BF0C_len, ¤tcard);} - // retrieve the AID, use the AID to decide what transaction flow to use - if(currentcard.tag_61_len !=0){ - emv_decode_field(currentcard.tag_61, currentcard.tag_61_len, ¤tcard);} + // decode the BF0C result, assuming 1 directory entry for now + if(currentcard.tag_BF0C_len !=0){ + emv_decode_field(currentcard.tag_BF0C, currentcard.tag_BF0C_len, ¤tcard);} + + // retrieve the AID, use the AID to decide what transaction flow to use + if(currentcard.tag_61_len !=0) + emv_decode_field(currentcard.tag_61, currentcard.tag_61_len, ¤tcard); + } + LED_B_ON(); + LED_B_OFF(); + break; + } + + if(MF_DBGLEVEL >= 2) DbpString("SELECT AID COMPLETED"); + LEDsoff(); +} + +void EMVSelectPPSE() +{ + while(true) { + if(!emv_selectPPSE()) { + if(MF_DBGLEVEL >= 1) DbpString("PPSE failed"); + break; + } + + LED_B_ON(); + LED_B_OFF(); + break; } - if(MF_DBGLEVEL >= 2) - DbpString("SELECT AID COMPLETED"); + if(MF_DBGLEVEL >= 2) DbpString("SELECT PPSE COMPLETED"); + LEDsoff(); } -int EMVGetProcessingOptions(uint8_t *PDOL, uint8_t PDOLlen, emvtags* inputcard) +int EMVGetProcessingOptions(uint8_t *PDOL, uint8_t PDOLlen, emvcard* inputcard) { uint8_t receivedAnswer[MAX_FRAME_SIZE]; @@ -116,7 +180,7 @@ int EMVGetProcessingOptions(uint8_t *PDOL, uint8_t PDOLlen, emvtags* inputcard) return 1; } -int EMVGetChallenge(emvtags* inputcard) +int EMVGetChallenge(emvcard* inputcard) { uint8_t receivedAnswer[MAX_FRAME_SIZE]; // variables @@ -129,7 +193,7 @@ int EMVGetChallenge(emvtags* inputcard) return 0; } -int EMVGenerateAC(uint8_t refcontrol, emvtags* inputcard) +int EMVGenerateAC(uint8_t refcontrol, emvcard* inputcard) { uint8_t receivedAnswer[MAX_FRAME_SIZE]; uint8_t cdolcommand[MAX_FRAME_SIZE]; @@ -162,37 +226,49 @@ int EMVGenerateAC(uint8_t refcontrol, emvtags* inputcard) //takes in TTQ, amount authorised, unpredicable number and transaction currency code int EMV_PaywaveTransaction() { - uint8_t cardMode = 0; - // determine mode of transaction from TTQ - if((currentcard.tag_9F66[0] & 0x40) == 0x40) { - cardMode = VISA_EMV; - } - else if((currentcard.tag_9F66[0] & 0x20) == 0x20) { - cardMode = VISA_FDDA; - } - else if((currentcard.tag_9F66[0] & 0x80) == 0x80) { - if((currentcard.tag_9F66[1] & 0x80) == 0x80) { //CVN17 - cardMode = VISA_CVN17; - } else { - cardMode = VISA_DCVV; - } + uint8_t *resp = BigBuf_malloc(256); + tlvtag temptag; + //get the current block counter + //select the AID (Mastercard + EMVSelectAID(currentcard.tag_4F,currentcard.tag_4F_len, ¤tcard); + + if(resp[1] == 0x6F){ //decode template + decode_ber_tlv_item(&resp[1], &temptag); + //decode 84 and A5 tags + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + //decode the A5 tag + emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, ¤tcard); + //decode the BF0C result, assuming 1 directory entry for now + //retrieve the AID } - - EMVSelectAID(currentcard.tag_4F,currentcard.tag_4F_len, ¤tcard); // perform second AID command - // get PDOL uint8_t pdolcommand[20]; //20 byte buffer for pdol data uint8_t pdolcommandlen = 0; if(currentcard.tag_9F38_len > 0) { emv_generateDOL(currentcard.tag_9F38, currentcard.tag_9F38_len, ¤tcard, pdolcommand, &pdolcommandlen); + } else { + pdolcommandlen = 0; } - Dbhexdump(pdolcommandlen, pdolcommand,false); - if(!EMVGetProcessingOptions(pdolcommand,pdolcommandlen, ¤tcard)) { + if(!EMVGetProcessingOptions(pdolcommand, pdolcommandlen, ¤tcard)) { if(MF_DBGLEVEL >= 1) Dbprintf("PDOL failed"); return 1; } - + if(resp[1] == 0x80) //format 1 data field returned + { + memcpy(currentcard.tag_82, &resp[3],2); //copy AIP + currentcard.tag_94_len = resp[2]-2; //AFL len + memcpy(currentcard.tag_94, &resp[5], currentcard.tag_94_len); //copy AFL + } + else if(resp[1] == 0x77) //format 2 data field returned + { + decode_ber_tlv_item(&resp[1], &temptag); + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + } + else + { + //throw an error + } Dbprintf("AFL="); Dbhexdump(currentcard.tag_94_len, currentcard.tag_94,false); Dbprintf("AIP="); @@ -200,63 +276,106 @@ int EMV_PaywaveTransaction() emv_decodeAIP(currentcard.tag_82); // // decode the AFL list and read records - uint8_t i = 0; - uint8_t sfi = 0; - uint8_t recordstart = 0; - uint8_t recordend = 0; - if(currentcard.tag_94_len > 0){ - while( i < currentcard.tag_94_len){ - sfi = (currentcard.tag_94[i++] & 0xF8) >> 3; - recordstart = currentcard.tag_94[i++]; - recordend = currentcard.tag_94[i++]; - for(int j=recordstart; j<(recordend+1); j++){ - // read records - EMVReadRecord(j,sfi, ¤tcard); - // while(responsebuffer[0] == 0xF2) { - // EMVReadRecord(j,sfi, ¤tcard); - // } - } - i++; - } - } - else { - EMVReadRecord(1,1,¤tcard); - EMVReadRecord(1,2,¤tcard); - EMVReadRecord(1,3,¤tcard); - EMVReadRecord(2,1,¤tcard); - EMVReadRecord(2,2,¤tcard); - EMVReadRecord(2,3,¤tcard); - EMVReadRecord(3,1,¤tcard); - EMVReadRecord(3,3,¤tcard); - EMVReadRecord(4,2,¤tcard); + + //record, sfi + EMVReadRecord(1,1,¤tcard); + Dbhexdump(200, resp, false); + EMVReadRecord(2,1,¤tcard); + Dbhexdump(200, resp,false); + EMVReadRecord( 1,2, ¤tcard); + Dbhexdump(200, resp,false); + EMVReadRecord(2,2,¤tcard); + Dbhexdump(200, resp,false); + EMVReadRecord( 3,2, ¤tcard); + Dbhexdump(200, resp,false); + EMVReadRecord( 4,2, ¤tcard); + Dbhexdump(200, resp,false); + EMVReadRecord( 1,3, ¤tcard); + Dbhexdump(200, resp,false); + EMVReadRecord(2,3,¤tcard); + Dbhexdump(200, resp,false); + EMVReadRecord(4,2,¤tcard); + EMVReadRecord( 1,3, ¤tcard); + Dbhexdump(200, resp,false); + + //DDA supported, so read more records + if((currentcard.tag_82[0] & AIP_CDA_SUPPORTED) == AIP_CDA_SUPPORTED){ + EMVReadRecord( 1,4, ¤tcard); + EMVReadRecord( 2,4, ¤tcard); } - // EMVGetChallenge(¤tcard); - // memcpy(currentcard.tag_9F4C,&responsebuffer[1],8); // ICC UN - EMVGenerateAC(0x81,¤tcard); - Dbprintf("CARDMODE=%i",cardMode); + + emv_decodeCVM(currentcard.tag_8E, currentcard.tag_8E_len); + /* get ICC dynamic data */ + //if((currentcard.tag_82[0] & AIP_CDA_SUPPORTED) == AIP_CDA_SUPPORTED) + { + //DDA supported, so perform GENERATE AC + uint8_t cdolcommand[40]; //20 byte buffer for pdol data + uint8_t cdolcommandlen; + //generate the iCC UN + EMVGetChallenge(¤tcard); + + memcpy(currentcard.tag_9F37,&resp[1],8); // ICC UN + memcpy(currentcard.tag_9F4C,&resp[1],8); // ICC UN + if(currentcard.tag_8C_len > 0) { + emv_generateDOL(currentcard.tag_8C, currentcard.tag_8C_len, ¤tcard, cdolcommand, &cdolcommandlen); + } else { + cdolcommandlen = 0; + } + Dbhexdump(currentcard.tag_8C_len, currentcard.tag_8C,false); + Dbhexdump(cdolcommandlen, cdolcommand,false); + + EMVGenerateAC(0x41, ¤tcard); + + Dbhexdump(100, resp,false); + } return 0; } int EMV_PaypassTransaction() { - // uint8_t *responsebuffer = emv_get_bigbufptr(); - // tlvtag temptag; //buffer for decoded tags + uint8_t *resp = BigBuf_malloc(256); + tlvtag temptag; //buffer for decoded tags // get the current block counter // select the AID (Mastercard EMVSelectAID(currentcard.tag_4F,currentcard.tag_4F_len, ¤tcard); + if(resp[1] == 0x6F){ //decode template + decode_ber_tlv_item(&resp[1], &temptag); + //decode 84 and A5 tags + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + //decode the A5 tag + emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, ¤tcard); + //decode the BF0C result, assuming 1 directory entry for now + //retrieve the AID + } // get PDOL uint8_t pdolcommand[20]; // 20 byte buffer for pdol data uint8_t pdolcommandlen = 0; if(currentcard.tag_9F38_len > 0) { emv_generateDOL(currentcard.tag_9F38, currentcard.tag_9F38_len, ¤tcard, pdolcommand, &pdolcommandlen); + } else { + pdolcommandlen = 0; } if(EMVGetProcessingOptions(pdolcommand,pdolcommandlen, ¤tcard)) { if(MF_DBGLEVEL >= 1) Dbprintf("PDOL failed"); return 1; } - + if(resp[1] == 0x80) //format 1 data field returned + { + memcpy(currentcard.tag_82, &resp[3],2); //copy AIP + currentcard.tag_94_len = resp[2]-2; //AFL len + memcpy(currentcard.tag_94, &resp[5],currentcard.tag_94_len); //copy AFL + } + else if(resp[1] == 0x77) //format 2 data field returned + { + decode_ber_tlv_item(&resp[1], &temptag); + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + } + else + { + //throw an error + } Dbprintf("AFL="); Dbhexdump(currentcard.tag_94_len, currentcard.tag_94,false); Dbprintf("AIP="); @@ -264,57 +383,69 @@ int EMV_PaypassTransaction() emv_decodeAIP(currentcard.tag_82); // decode the AFL list and read records - uint8_t i = 0; - uint8_t sfi = 0; - uint8_t recordstart = 0; - uint8_t recordend = 0; - - while( i< currentcard.tag_94_len){ - sfi = (currentcard.tag_94[i++] & 0xF8) >> 3; - recordstart = currentcard.tag_94[i++]; - recordend = currentcard.tag_94[i++]; - for(int j=recordstart; j<(recordend+1); j++){ - // read records - EMVReadRecord(j,sfi, ¤tcard); - // while(responsebuffer[0] == 0xF2) { - // EMVReadRecord(j,sfi, ¤tcard); - // } - } - i++; + + //record, sfi + EMVReadRecord( 1,1, ¤tcard); + EMVReadRecord( 1,2, ¤tcard); + EMVReadRecord( 1,3, ¤tcard); + EMVReadRecord( 2,3, ¤tcard); + + //DDA supported, so read more records + if((currentcard.tag_82[0] & AIP_CDA_SUPPORTED) == AIP_CDA_SUPPORTED){ + EMVReadRecord( 1,4, ¤tcard); + EMVReadRecord( 2,4, ¤tcard); } + + /* get ICC dynamic data */ if((currentcard.tag_82[0] & AIP_CDA_SUPPORTED) == AIP_CDA_SUPPORTED) { // DDA supported, so perform GENERATE AC + uint8_t cdolcommand[40]; //20 byte buffer for pdol data + uint8_t cdolcommandlen; // generate the iCC UN EMVGetChallenge(¤tcard); - //memcpy(currentcard.tag_9F4C,&responsebuffer[1],8); // ICC UN - EMVGenerateAC(0x80,¤tcard); - + memcpy(currentcard.tag_9F4C, &resp[1],8); // ICC UN + + if(currentcard.tag_8C_len > 0) { + emv_generateDOL(currentcard.tag_8C, currentcard.tag_8C_len, ¤tcard, cdolcommand, &cdolcommandlen); + } else { + cdolcommandlen = 0; + } + EMVGenerateAC(0x80, ¤tcard); + + if(resp[1] == 0x77) //format 2 data field returned + { + decode_ber_tlv_item(&resp[1], &temptag); + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + } // generate AC2 - // if(currentcard.tag_8D_len > 0) { - // emv_generateDOL(currentcard.tag_8D, currentcard.tag_8D_len, ¤tcard, cdolcommand, &cdolcommandlen); } - // else{ - // //cdolcommand = NULL; //cdol val is null - // cdolcommandlen = 0; - // } - // emv_generateAC(0x80, cdolcommand,cdolcommandlen, ¤tcard); + if(currentcard.tag_8D_len > 0) { + emv_generateDOL(currentcard.tag_8D, currentcard.tag_8D_len, ¤tcard, cdolcommand, &cdolcommandlen); } + else{ + //cdolcommand = NULL; //cdol val is null + cdolcommandlen = 0; + } + + EMVGenerateAC(0x80, ¤tcard); - // if(responsebuffer[1] == 0x77) //format 2 data field returned - // { - // decode_ber_tlv_item(&responsebuffer[1], &temptag); - // emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); - // } + if(resp[1] == 0x77) //format 2 data field returned + { + decode_ber_tlv_item(&resp[1], &temptag); + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + } } // generate cryptographic checksum - // uint8_t udol[4] = {0x00,0x00,0x00,0x00}; - // emv_computecryptogram(udol, sizeof(udol)); - // if(responsebuffer[1] == 0x77) //format 2 data field returned - // { - // decode_ber_tlv_item(&responsebuffer[1], &temptag); - // emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); - // } + uint8_t udol[4] = {0x00,0x00,0x00,0x00}; + + emv_computecryptogram(udol, sizeof(udol), resp); + + if(resp[1] == 0x77) //format 2 data field returned + { + decode_ber_tlv_item(&resp[1], &temptag); + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + } return 0; } @@ -329,6 +460,30 @@ void EMVTransaction() clear_trace(); set_tracing(TRUE); + + uint8_t *resp = BigBuf_malloc(256); + //variables + tlvtag temptag; //used to buffer decoded tag valuesd + //initialize the emv card structure + //extern emvcard currentcard; + + memset(¤tcard, 0x00, sizeof(currentcard)); //set all to zeros + memcpy(currentcard.tag_9F66,"\xD7\x20\xC0\x00",4); + memcpy(currentcard.tag_9F02,"\x00\x00\x00\x00\x00\x20",6); //20 dollars + memcpy(currentcard.tag_9F37, "\x01\x02\x03\x04", 4); //UN + memcpy(currentcard.tag_5F2A, "\x00\x36",2); //currency code + //CDOL stuff + memcpy(currentcard.tag_9F03,"\x00\x00\x00\x00\x00\x00",6); + memcpy(currentcard.tag_9F1A,"\x00\x36",2); //country code + memcpy(currentcard.tag_95,"\x00\x00\x00\x00\x00",5); //TVR + memcpy(currentcard.tag_9A,"\x14\x04\x01",3); //date + memcpy(currentcard.tag_9C,"\x00",1); //processingcode; + memcpy(currentcard.tag_9F45, "\x00\x00", 2); //Data Authentication Code + memset(currentcard.tag_9F4C,0x00,8); // ICC UN + memcpy(currentcard.tag_9F35,"\x12",1); + memcpy(currentcard.tag_9F34,"\x3F\x00\x00", 3); //CVM + + LED_A_ON(); LED_B_OFF(); LED_C_OFF(); @@ -340,10 +495,21 @@ void EMVTransaction() if(MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); break; } - //selectPPSE - EMVSelectAID((uint8_t *)DF_PSE, 14, ¤tcard); //hard coded len - + EMVSelectPPSE(); //get response + if (resp[1] == 0x6F){ //decode template + decode_ber_tlv_item(&resp[1], &temptag); + //decode 84 and A5 tags + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + //decode the A5 tag + emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, ¤tcard); + //decode the BF0C result, assuming 1 directory entry for now + if(currentcard.tag_BF0C_len !=0){ + emv_decode_field(currentcard.tag_BF0C, currentcard.tag_BF0C_len, ¤tcard);} + //retrieve the AID, use the AID to decide what transaction flow to use + if(currentcard.tag_61_len !=0){ + emv_decode_field(currentcard.tag_61, currentcard.tag_61_len, ¤tcard);} + } if (!memcmp(currentcard.tag_4F, AID_MASTERCARD, sizeof(AID_MASTERCARD))){ Dbprintf("Mastercard Paypass Card Detected"); EMV_PaypassTransaction(); @@ -353,6 +519,10 @@ void EMVTransaction() EMV_PaywaveTransaction(); } //TODO: add other card schemes like AMEX, JCB, China Unionpay etc + LED_B_ON(); + //output the sensitive data + cmd_send(CMD_ACK, 0, 0,0,resp,100); + LED_B_OFF(); break; } if (MF_DBGLEVEL >= 2) DbpString("EMV TRANSACTION FINISHED"); @@ -364,6 +534,117 @@ void EMVTransaction() void EMVdumpcard(void){ dumpCard(¤tcard); } + +//EMV clone a card - read up to the max SFI and max records for that SFI +void EMVClone(uint8_t maxsfi, uint8_t maxrecord) +{ + //params + uint8_t uid[10]; + uint32_t cuid; + uint8_t *resp = BigBuf_malloc(256); + iso14a_card_select_t hi14a_card; //card select values + //variables + tlvtag temptag; //used to buffer decoded tag valuesd + + memset(¤tcard, 0x00, sizeof(currentcard)); //set all to zeros + //memcpy(currentcard.tag_9F66,"\x20\x00\x00\x00",4); + memcpy(currentcard.tag_9F66,"\xD7\x20\xC0\x00",4); + //memcpy(currentcard.tag_9F66,"\xC0\x00\x00\x00",2); + memcpy(currentcard.tag_9F02,"\x00\x00\x00\x00\x00\x20",6); //20 dollars + memcpy(currentcard.tag_9F37, "\x01\x02\x03\x04", 4); //UN + memcpy(currentcard.tag_5F2A, "\x00\x36",2); //currency code + //CDOL stuff + //memcpy(currentcard.tag_9F02,"\x00\x00\x00\x00\x00\x20",6); + memcpy(currentcard.tag_9F03,"\x00\x00\x00\x00\x00\x00",6); + memcpy(currentcard.tag_9F1A,"\x00\x36",2); //country code + memcpy(currentcard.tag_95,"\x00\x00\x00\x00\x00",5); //TVR + //memcpy(currentcard.tag_5F2A,"\x00\x36",2); + memcpy(currentcard.tag_9A,"\x14\x04x01",3); //date + memcpy(currentcard.tag_9C,"\x00",1); //processingcode; + memcpy(currentcard.tag_9F45, "\x00\x00", 2); //Data Authentication Code + memset(currentcard.tag_9F4C,0x00,8); // ICC UN + memcpy(currentcard.tag_9F35,"\x12",1); + memcpy(currentcard.tag_9F34,"\x3F\x00\x00", 3); //CVM + + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + LED_A_ON(); + LED_B_OFF(); + LED_C_OFF(); + + while(true) { + if(!iso14443a_select_card(uid, &hi14a_card, &cuid, true, 0)) { + if(MF_DBGLEVEL >= 1) Dbprintf("Can't select card"); + break; + } + //copy UID and ATQA SAK and ATS values + memcpy(currentcard.UID, hi14a_card.uid, hi14a_card.uidlen); + currentcard.UID_len = hi14a_card.uidlen; + memcpy(currentcard.ATQA, hi14a_card.atqa, 2); + currentcard.SAK = (uint8_t)hi14a_card.sak; + memcpy(currentcard.ATS, hi14a_card.ats, hi14a_card.ats_len); + currentcard.ATS_len = hi14a_card.ats_len; + + if(MF_DBGLEVEL >= 1){ + Dbprintf("UID="); + Dbhexdump(currentcard.UID_len, currentcard.UID, false); + Dbprintf("ATQA="); + Dbhexdump(2, currentcard.ATQA,false); + Dbprintf("SAK="); + Dbhexdump(1, ¤tcard.SAK,false); + Dbprintf("ATS="); + Dbhexdump(currentcard.ATS_len, currentcard.ATS,false); + } + EMVSelectPPSE(); + //get response + if(resp[1] == 0x6F){ //decode template + decode_ber_tlv_item(&resp[1], &temptag); + //decode 84 and A5 tags + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + //decode the A5 tag + emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, ¤tcard); + //decode the BF0C result, assuming 1 directory entry for now + if(currentcard.tag_BF0C_len !=0){ + emv_decode_field(currentcard.tag_BF0C, currentcard.tag_BF0C_len, ¤tcard);} + //retrieve the AID, use the AID to decide what transaction flow to use + if(currentcard.tag_61_len !=0){ + emv_decode_field(currentcard.tag_61, currentcard.tag_61_len, ¤tcard);} + } + //perform AID selection + EMVSelectAID(currentcard.tag_4F,currentcard.tag_4F_len, ¤tcard); + if(resp[1] == 0x6F){ //decode template + decode_ber_tlv_item(&resp[1], &temptag); + //decode 84 and A5 tags + emv_decode_field(temptag.value, temptag.valuelength, ¤tcard); + //decode the A5 tag + emv_decode_field(currentcard.tag_A5, currentcard.tag_A5_len, ¤tcard); + //decode the BF0C result, assuming 1 directory entry for now + } + //decode the AFL list and read records + + //scan all card records + Dbprintf("Reading %u SFIs and %u records...", maxsfi, maxrecord); + for(uint8_t sfi = 1; sfi < maxsfi; sfi++){ //all possible SFI values + for(uint8_t record = 1; record < maxrecord; record++){ + EMVReadRecord(record,sfi, ¤tcard); + if(resp[1] == 0x70){ + Dbprintf("Record Found! SFI=%u RECORD=%u", sfi, record); + } + } + } + Dbprintf("Reading finished"); + + LED_B_ON(); + //output the sensitive data + cmd_send(CMD_ACK, 0, 0,0,resp,100); + LED_B_OFF(); + break; + } + + if(MF_DBGLEVEL >= 2) DbpString("EMV TRANSACTION FINISHED"); + //finish up + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} //SIMULATOR CODE //----------------------------------------------------------------------------- @@ -474,8 +755,8 @@ void SimulateEMVcard() // Allocate 512 bytes for the dynamic modulation, created when the reader queries for it // Such a response is less time critical, so we can prepare them on the fly - #define DYNAMIC_RESPONSE_BUFFER_SIZE 256 //max frame size - #define DYNAMIC_MODULATION_BUFFER_SIZE 2 + 9*DYNAMIC_RESPONSE_BUFFER_SIZE //(start and stop bit, 8 bit packet with 1 bit parity + #define DYNAMIC_RESPONSE_BUFFER_SIZE 64 + #define DYNAMIC_MODULATION_BUFFER_SIZE 512 //uint8_t dynamic_response_buffer[DYNAMIC_RESPONSE_BUFFER_SIZE]; //uint8_t dynamic_modulation_buffer[DYNAMIC_MODULATION_BUFFER_SIZE]; @@ -698,25 +979,26 @@ void SimulateEMVcard() if (p_response != NULL) { EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, receivedCmd[0] == 0x52); // do the tracing for the previous reader request and this tag answer: - uint8_t par[MAX_PARITY_SIZE] = {0x00}; - GetParity(p_response->response, p_response->response_n, par); + - EmLogTrace(Uart.output, - Uart.len, - Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, - Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, - Uart.parity, - p_response->response, - p_response->response_n, - LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG, - (LastTimeProxToAirStart + p_response->ProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG, - par); - } - - if (!tracing) { - Dbprintf("Trace Full. Simulation stopped."); - break; + // EmLogTrace(Uart.output, + // Uart.len, + // Uart.startTime*16 - DELAY_AIR2ARM_AS_TAG, + // Uart.endTime*16 - DELAY_AIR2ARM_AS_TAG, + // Uart.parity, + // p_response->response, + // p_response->response_n, + // LastTimeProxToAirStart*16 + DELAY_ARM2AIR_AS_TAG, + // (LastTimeProxToAirStart + p_response->ProxToAirDuration)*16 + DELAY_ARM2AIR_AS_TAG, + // par); + } + +// if (!tracing) { +// Dbprintf("Trace Full. Simulation stopped."); +// break; +// } + } Dbprintf("%x %x %x", happened, happened2, cmdsRecvd); @@ -725,3 +1007,108 @@ void SimulateEMVcard() */ } +//----------------------------------------------------------------------------- +// Main loop of simulated tag: receive commands from reader, decide what +// response to send, and send it. +//----------------------------------------------------------------------------- +void EMVFuzz_RATS(uint8_t ratslen, uint8_t* RATS) +{ + int len; + uint8_t sak = 0x28; + //copy input rats into a buffer + uint8_t ratscmd[ratslen+2]; + memcpy(ratscmd, RATS, ratslen); + + // The first response contains the ATQA (note: bytes are transmitted in reverse order). + uint8_t atqa[2] = {0x04, 0x00}; + + // The second response contains the (mandatory) first 24 bits of the UID + uint8_t uid0[5] = {0x12,0x34,0x56,0x78,0x9A}; + + // Calculate the BitCountCheck (BCC) for the first 4 bytes of the UID. + uid0[4] = uid0[0] ^ uid0[1] ^ uid0[2] ^ uid0[3]; + + // Prepare the mandatory SAK (for 4 and 7 byte UID) + uint8_t sakresponse[3]; + sakresponse[0] = sak; + ComputeCrc14443(CRC_14443_A, sakresponse, 1, &sakresponse[1], &sakresponse[2]); + + // Prepare the optional second SAK (for 7 byte UID), drop the cascade bit + + uint8_t ACK1[] = {0xa3,0x6f,0xc6}; //ACK packets + uint8_t ACK2[] = {0xa2,0x00,0x00}; + AppendCrc14443a(ACK2, 1); + + AppendCrc14443a(ratscmd, sizeof(ratscmd)-2); + + //handle the PPS selection + uint8_t PPSR[3] = {0xD0,0x00,0x00}; + AppendCrc14443a(PPSR, 1); + + //#define TAG_RESPONSE_COUNT 9 + tag_response_info_t responses[7] = { + { .response = atqa, .response_n = sizeof(atqa) }, // Answer to request - respond with card type + { .response = uid0, .response_n = sizeof(uid0) }, // Anticollision cascade1 - respond with uid + { .response = sakresponse, .response_n = sizeof(sakresponse) }, // Acknowledge select - cascade 1 + { .response = ratscmd, .response_n = sizeof(ratscmd) }, // dummy ATS (pseudo-ATR), answer to RATS + { .response = ACK1, .response_n = sizeof(ACK1) }, // dummy ATS (pseudo-ATR), answer to RATS + { .response = ACK2, .response_n = sizeof(ACK2) }, // dummy ATS (pseudo-ATR), answer to RATS + { .response = PPSR, .response_n = sizeof(PPSR) }, // dummy ATS (pseudo-ATR), answer to RATS + }; + + // Reset the offset pointer of the free buffer + //reset_free_buffer(); + + // Prepare the responses of the anticollision phase + // there will be not enough time to do this at the moment the reader sends it REQA + for (size_t i=0; i<7; i++) { + prepare_allocated_tag_modulation(&responses[i]); + } + uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE); + uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE); + + // To control where we are in the protocol + int order; + + // We need to listen to the high-frequency, peak-detected path. + iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN); + tag_response_info_t* p_response; + + LED_C_ON(); + // Clean receive command buffer + for(;;){ + if (!GetIso14443aCommandFromReader(receivedCmd, receivedCmdPar, &len)){ + break; + } + p_response = NULL; + + if ((receivedCmd[0] == 0x26) || (receivedCmd[0] == 0x52)) { // Received a REQUEST + p_response = &responses[0]; order = 1; + } + if (receivedCmd[1] == 0x20 && receivedCmd[0] == 0x93) { // Received request for UID (cascade 1) + p_response = &responses[1]; order = 2; //send the UID + } + if (receivedCmd[1] == 0x70 && receivedCmd[0] == 0x93) { // Received a SELECT (cascade 1) + p_response = &responses[2]; order = 3; //send the SAK + } + if (receivedCmd[0] == 0xD0) { // Received a PPS request + p_response = &responses[6]; order = 70; + } + if (receivedCmd[0] == 0xE0) { // Received a RATS request + p_response = &responses[3]; order = 70; + EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, (receivedCmd[0] == 0x52) || (receivedCmd[0] == 0x26)); + break; + } + if (p_response != NULL){ + EmSendCmd14443aRaw(p_response->modulation, p_response->modulation_n, (receivedCmd[0] == 0x52) || (receivedCmd[0] == 0x26)); + } else { + break; + } + } + + if (order && (MF_DBGLEVEL >= 2)) DbpString("just using order vars"); + + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_C_OFF(); + return; +} diff --git a/armsrc/emvcmd.h b/armsrc/emvcmd.h index f17a731e..bcd7dd3a 100644 --- a/armsrc/emvcmd.h +++ b/armsrc/emvcmd.h @@ -18,7 +18,6 @@ #include "string.h" #include "iso14443crc.h" #include "iso14443a.h" -#include "mifare.h" #include "emvcmd.h" #include "emvutil.h" #include "emvdataels.h" @@ -31,4 +30,5 @@ #define MASTERCARD_MSR 0 #define MASTERCARD_MCHIP 1 + #endif diff --git a/armsrc/emvutil.c b/armsrc/emvutil.c index adbeec3b..573a92f1 100644 --- a/armsrc/emvutil.c +++ b/armsrc/emvutil.c @@ -16,7 +16,7 @@ //util functions //print detected tag name over the serial link -int emv_printtag(uint8_t* selected_tag, emvtags* inputcard, uint8_t* outputstring, uint8_t* outputlen) +int emv_printtag(uint8_t* selected_tag, emvcard* inputcard, uint8_t* outputstring, uint8_t* outputlen) { //search tag list and print the match //get the value of the tag @@ -36,8 +36,8 @@ int emv_printtag(uint8_t* selected_tag, emvtags* inputcard, uint8_t* outputstrin return 0; } -//returns the value of the emv tag in the supplied emvtags structure -int emv_lookuptag(uint8_t* tag, emvtags *currentcard, uint8_t* outputval, uint8_t* outputvallen) +//returns the value of the emv tag in the supplied emvcard structure +int emv_lookuptag(uint8_t* tag, emvcard *currentcard, uint8_t* outputval, uint8_t* outputvallen) { //loop through tag and return the appropriate value uint8_t returnedtag[255]; @@ -367,7 +367,7 @@ exitfunction: //goto label to exit search quickly once found } //function to -int emv_settag(uint32_t tag, uint8_t *datain, emvtags *currentcard){ +int emv_settag(uint32_t tag, uint8_t *datain, emvcard *currentcard){ char binarydata[255] = {0}; /* @@ -807,13 +807,13 @@ int emv_settag(uint32_t tag, uint8_t *datain, emvtags *currentcard){ } /* generates an emv template based off tag values supplied */ -int emv_generatetemplate(uint8_t* templateval,emvtags* currentcard, uint8_t* returnedval, uint8_t* returnedlen,uint8_t numtags, ...) +int emv_generatetemplate(uint8_t* templateval,emvcard* currentcard, uint8_t* returnedval, uint8_t* returnedlen,uint8_t numtags, ...) { va_list arguments; uint8_t* currenttag; //value of the current tag - uint8_t tagval[255]; //buffer to hold the extracted tag value + uint8_t tagval[256]; //buffer to hold the extracted tag value uint8_t taglen = 0; //extracted tag length - uint8_t bufferval[255]; + uint8_t bufferval[256]; uint8_t counter = 0; uint32_t encodedlen = 0; va_start(arguments, numtags); @@ -830,7 +830,7 @@ int emv_generatetemplate(uint8_t* templateval,emvtags* currentcard, uint8_t* ret } //generate a valid pdol list -int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvtags* currentcard,uint8_t* DOLoutput, uint8_t* DOLoutputlen) +int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvcard* currentcard,uint8_t* DOLoutput, uint8_t* DOLoutputlen) { if(!DOL || !currentcard || !DOLoutput) // null pointer checks return 1; @@ -866,7 +866,7 @@ int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvtags* currentcard,uint8_t* D //decode the tag inputted and fill in the supplied structure. clean up the cleanup_passpass function -int emv_emvtags_decode_tag(tlvtag* inputtag, emvtags* currentcard) +int emv_emvtags_decode_tag(tlvtag* inputtag, emvcard* currentcard) { if(!inputtag || !currentcard) { return 1; @@ -1324,7 +1324,7 @@ else return 0; } -int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvtags *result) +int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvcard *result) { uint16_t lengthcounter=0; tlvtag newtag; @@ -1337,7 +1337,7 @@ int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvtags *result) { //decode the tlv tag decode_ber_tlv_item((inputfield+lengthcounter),&newtag); - //write the emvtags strucutre + //write the emvcard strucutre emv_emvtags_decode_tag(&newtag,result); //move to next value and decode lengthcounter += newtag.fieldlength-1; @@ -1503,18 +1503,85 @@ int emv_decodeCVM(uint8_t* CVM, uint8_t CVMlen) } return 0; } +//simulate a emvcard card +//input is a structure containing values to simulate +//clones an EMV card +void emvsnoop() { + //states + int cardSTATE = EMVEMUL_NOFIELD; + int vHf = 0; + int res; + uint16_t len = 0; + uint8_t* receivedCmd = BigBuf_malloc(MAX_MIFARE_FRAME_SIZE); + uint8_t par[MAX_MIFARE_PARITY_SIZE] = {0x00}; + uint8_t rATQA[] = {0x04,0x00}; + uint8_t rUIDBCC[] = {0x8F,0x2F,0x27,0xE1, 0x66}; + uint8_t rSAK[] = {0x28, 0xB4, 0xFC}; + + iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN); + bool finished = FALSE; + + while (!BUTTON_PRESS() && !finished){ + WDT_HIT(); + //find reader field + if(cardSTATE == EMVEMUL_NOFIELD){ + vHf = (33000 * AvgAdc(ADC_CHAN_HF)) >> 10; + if(vHf > EMV_MINFIELDV){ + cardSTATE_TO_IDLE(); + LED_A_ON(); + } + } + if(cardSTATE == EMVEMUL_NOFIELD) continue; + + //get data + + res = EmGetCmd(receivedCmd, &len, par); + if(res == 2) { //field is off + cardSTATE = EMVEMUL_NOFIELD; + LEDsoff(); + continue; + } + else if(res==1){ + break; // button press + } + + if(len==1 && ((receivedCmd[0] == 0x26 && cardSTATE != EMVEMUL_HALTED) || receivedCmd[0] == 0x52)){ + EmSendCmdEx(rATQA, sizeof(rATQA), (receivedCmd[0] == 0x52)); + cardSTATE = EMVEMUL_SELECT1; + continue; + } + switch(cardSTATE){ + case EMVEMUL_NOFIELD: + case EMVEMUL_HALTED: + case EMVEMUL_IDLE:{ + break; + } + case EMVEMUL_SELECT1:{ + //select all + if(len==2 && (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x20)) { + EmSendCmd(rUIDBCC, sizeof(rUIDBCC)); + break; + } + if(len==2 && (receivedCmd[0] == 0x93 && receivedCmd[1] == 0x70 && memcmp(&receivedCmd[2], rUIDBCC, 4) == 0)) { + EmSendCmd(rSAK, sizeof(rSAK)); + break; + } + } + } + } + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); +} //ICEMAN: move to client //dump the current card to the console -void dumpCard(emvtags* currentcard){ +void dumpCard(emvcard* currentcard){ DUMP(currentcard->ATQA); Dbhexdump(sizeof(currentcard->ATQA), currentcard->ATQA, false); DUMP(currentcard->UID); Dbhexdump(currentcard->UID_len, currentcard->UID, false); - DUMP(currentcard->SAK1); - Dbhexdump(1, ¤tcard->SAK1, false); - DUMP(currentcard->SAK2); - Dbhexdump(1, ¤tcard->SAK2, false); + DUMP(currentcard->SAK); + Dbhexdump(1, ¤tcard->SAK, false); DUMP(currentcard->ATS); Dbhexdump(currentcard->ATS_len, currentcard->ATS, false); DUMP(currentcard->tag_4F); diff --git a/armsrc/emvutil.h b/armsrc/emvutil.h index f87e7500..bb6216f0 100644 --- a/armsrc/emvutil.h +++ b/armsrc/emvutil.h @@ -48,8 +48,7 @@ int emv_select(uint8_t* AID, uint8_t AID_len, void* data); int emv_selectPPSE(); int emv_readrecord(uint8_t recordnumber, uint8_t sfi, void* data); -int emv_getprocessingoptions(uint8_t* pdol, uint8_t pdol_len, void* data -); +int emv_getprocessingoptions(uint8_t* pdol, uint8_t pdol_len, void* data); int emv_computecryptogram(uint8_t* UDOL, uint8_t UDOL_len, void *data); //return 8 8byte ICC random number. int emv_getchallenge(void *data); @@ -59,18 +58,21 @@ int emv_decodeAFL(uint8_t* AFL, uint8_t AFLlen); int emv_decodeAIP(uint8_t* AIP); int emv_decodeCVM(uint8_t* CVM, uint8_t CVMlen); +//emulator +void EMVsim(); + //utils -int emv_printtag(uint8_t* selected_tag,emvtags* inputcard, uint8_t* outputstring, uint8_t* outputlen); -int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvtags *result); -int emv_emvtags_decode_tag(tlvtag* inputtag, emvtags* currentcard); +int emv_printtag(uint8_t* selected_tag, emvcard* inputcard, uint8_t* outputstring, uint8_t* outputlen); +int emv_decode_field(uint8_t* inputfield,uint16_t inputlength, emvcard *result); +int emv_emvtags_decode_tag(tlvtag* inputtag, emvcard* currentcard); //look up a tag in the current structure -int emv_lookuptag(uint8_t* tag, emvtags* currentcard, uint8_t* outputval, uint8_t* outputvallen); +int emv_lookuptag(uint8_t* tag, emvcard* currentcard, uint8_t* outputval, uint8_t* outputvallen); //set a tag from external impurt -int emv_settag(uint32_t tag, uint8_t *datain, emvtags *currentcard) ; -void dumpCard(emvtags* currentcard); +int emv_settag(uint32_t tag, uint8_t *datain, emvcard *currentcard) ; +void dumpCard(emvcard* currentcard); //generate a valid PDOL list from the returned card value, used in get processing options -int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvtags* currentcard, uint8_t* DOLoutput, uint8_t* DOLoutputlen); +int emv_generateDOL(uint8_t* DOL, uint8_t DOLlen,emvcard* currentcard, uint8_t* DOLoutput, uint8_t* DOLoutputlen); -int emv_generatetemplate(uint8_t* templateval,emvtags* currentcard, uint8_t* returnedval, uint8_t* returnedlen, uint8_t numtags, ...); +int emv_generatetemplate(uint8_t* templateval,emvcard* currentcard, uint8_t* returnedval, uint8_t* returnedlen, uint8_t numtags, ...); #endif diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 3ef427e6..76a76673 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -759,7 +759,7 @@ static void Code4bitAnswerAsTag(uint8_t cmd) { // Stop when button is pressed // Or return TRUE when command is captured //----------------------------------------------------------------------------- -static int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) { +int GetIso14443aCommandFromReader(uint8_t *received, uint8_t *parity, int *len) { // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen // only, since we are receiving, not transmitting). // Signal field is off with the appropriate LED @@ -1361,40 +1361,6 @@ void SimulateIso14443aTag(int tagType, int flags, byte_t* data) { BigBuf_free_keep_EM(); LED_A_OFF(); - /* - if(flags & FLAG_NR_AR_ATTACK && MF_DBGLEVEL >= 1) { - - for ( uint8_t i = 0; i < ATTACK_KEY_COUNT; i++) { - if (ar_nr_collected[i] == 2) { - Dbprintf("Collected two pairs of AR/NR which can be used to extract %s from reader for sector %d:", (i= 4){ Dbprintf("-[ Wake ups after halt [%d]", happened); Dbprintf("-[ Messages after halt [%d]", happened2); @@ -1567,7 +1533,7 @@ void CodeIso14443aAsReaderPar(const uint8_t *cmd, uint16_t len, const uint8_t *p // Stop when button is pressed (return 1) or field was gone (return 2) // Or return 0 when command is captured //----------------------------------------------------------------------------- -static int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) { +int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity) { *len = 0; uint32_t timer = 0, vtime = 0; diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index 82d3aa97..e64c84d0 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -82,13 +82,6 @@ typedef struct { uint8_t *parity; } tUart; -typedef struct { - uint8_t* response; - size_t response_n; - uint8_t* modulation; - size_t modulation_n; - uint32_t ProxToAirDuration; -} tag_response_info_t; extern void GetParity(const uint8_t *pbtCmd, uint16_t len, uint8_t *par); extern void AppendCrc14443a(uint8_t *data, int len); @@ -109,6 +102,7 @@ int EmSend4bit(uint8_t resp); int EmSendCmdExPar(uint8_t *resp, uint16_t respLen, bool correctionNeeded, uint8_t *par); int EmSendCmdEx(uint8_t *resp, uint16_t respLen, bool correctionNeeded); extern int EmSendCmd(uint8_t *resp, uint16_t respLen); +extern int EmGetCmd(uint8_t *received, uint16_t *len, uint8_t *parity); int EmSendCmdPar(uint8_t *resp, uint16_t respLen, uint8_t *par); bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity, uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity); diff --git a/armsrc/iso14443b.h b/armsrc/iso14443b.h index 885d8730..8fc705d4 100644 --- a/armsrc/iso14443b.h +++ b/armsrc/iso14443b.h @@ -23,10 +23,8 @@ extern "C" { #include "util.h" #include "string.h" #include "iso14443crc.h" - #include "mifare.h" #include "protocols.h" -//#include "mifareutil.h" extern void AppendCrc14443b(uint8_t *data, int len); void SendRawCommand14443B_Ex(UsbCommand *c); diff --git a/include/common.h b/include/common.h index 3a253b9c..434f050e 100644 --- a/include/common.h +++ b/include/common.h @@ -12,6 +12,10 @@ #ifndef __COMMON_H #define __COMMON_H +#ifdef __cplusplus +extern "C" { +#endif + #include #include #include @@ -20,7 +24,7 @@ typedef unsigned char byte_t; // debug // 0 - no debug messages 1 - error messages 2 - all messages 4 - extended debug mode -#define MF_DBG_NONE 0 +#define MF_DBG_NONE 0 #define MF_DBG_ERROR 1 #define MF_DBG_ALL 2 #define MF_DBG_EXTENDED 4 @@ -29,7 +33,6 @@ extern int MF_DBGLEVEL; // reader voltage field detector #define MF_MINFIELDV 4000 - #ifndef MIN # define MIN(a, b) (((a) < (b)) ? (a) : (b)) #endif @@ -42,4 +45,10 @@ extern int MF_DBGLEVEL; # define ABS(a) ( ((a)<0) ? -(a) : (a) ) #endif #define RAMFUNC __attribute((long_call, section(".ramfunc"))) -#endif + + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/include/mifare.h b/include/mifare.h index e6643f5f..fa714f26 100644 --- a/include/mifare.h +++ b/include/mifare.h @@ -37,7 +37,13 @@ typedef enum ISO14A_COMMAND { ISO14A_TOPAZMODE = (1 << 8) } iso14a_command_t; - +typedef struct { + uint8_t* response; + size_t response_n; + uint8_t* modulation; + size_t modulation_n; + uint32_t ProxToAirDuration; +} tag_response_info_t; //----------------------------------------------------------------------------- // ISO 14443B //----------------------------------------------------------------------------- -- 2.39.5 From a47ded5b54e19b779bc4260466dcd093c2695d63 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 2 Mar 2017 14:53:50 +0100 Subject: [PATCH 13/16] ADD: `data detectclock` - added clock blocks in plot window. Its a draft. Not working for all clocks. ADD: STT is now marked as a block in plot window, instead of Marshmellow42 's two lines. --- client/cmddata.c | 13 ++-- client/graph.c | 42 ++++++----- client/proxgui.h | 1 + client/proxguiqt.cpp | 162 ++++++++++++++++++++++++++----------------- client/ui.c | 6 +- client/ui.h | 1 + 6 files changed, 135 insertions(+), 90 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index f9bb47c2..00932a36 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -1053,29 +1053,30 @@ int CmdDetectClockRate(const char *Cmd) if (strlen(Cmd) > 6 || strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_data_detectclock(); - int ans = 0; + int clock = 0; switch ( cmdp ) { case 'a' : case 'A' : - ans = GetAskClock(Cmd+1, true, false); + clock = GetAskClock(Cmd+1, true, false); break; case 'f' : case 'F' : - ans = GetFskClock("", true, false); + clock = GetFskClock("", true, false); break; case 'n' : case 'N' : - ans = GetNrzClock("", true, false); + clock = GetNrzClock("", true, false); break; case 'p' : case 'P' : - ans = GetPskClock("", true, false); + clock = GetPskClock("", true, false); break; default : PrintAndLog ("Please specify a valid modulation to detect the clock of - see option h for help"); break; } - return ans; + RepaintGraphWindow(); + return clock; } char *GetFSKType(uint8_t fchigh, uint8_t fclow, uint8_t invert) diff --git a/client/graph.c b/client/graph.c index 4c132420..f5e942a9 100644 --- a/client/graph.c +++ b/client/graph.c @@ -152,26 +152,26 @@ int GetAskClock(const char str[], bool printAns, bool verbose) if (printAns){ PrintAndLog("Auto-detected clock rate: %d, Best Starting Position: %d", clock, start); } + PlotClock = clock; + PlockClockStartIndex = start; return clock; } uint8_t GetPskCarrier(const char str[], bool printAns, bool verbose) { - uint8_t carrier=0; - uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; + uint8_t carrier = 0; + uint8_t grph[MAX_GRAPH_TRACE_LEN] = {0}; size_t size = getFromGraphBuf(grph); if ( size == 0 ) { if (verbose) PrintAndLog("Failed to copy from graphbuffer"); return 0; } - //uint8_t countPSK_FC(uint8_t *BitStream, size_t size) - - carrier = countFC(grph,size,0); + carrier = countFC(grph, size, 0); // Only print this message if we're not looping something - if (printAns){ + if (printAns) PrintAndLog("Auto-detected PSK carrier rate: %d", carrier); - } + return carrier; } @@ -182,18 +182,20 @@ int GetPskClock(const char str[], bool printAns, bool verbose) if (!strcmp(str, "")) clock = 0; - if (clock!=0) return clock; + if (clock != 0) return clock; // Auto-detect clock - uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; + uint8_t grph[MAX_GRAPH_TRACE_LEN] = {0}; size_t size = getFromGraphBuf(grph); if ( size == 0 ) { if (verbose) PrintAndLog("Failed to copy from graphbuffer"); return -1; } - clock = DetectPSKClock(grph,size,0); + clock = DetectPSKClock(grph, size, 0); // Only print this message if we're not looping something if (printAns) PrintAndLog("Auto-detected clock rate: %d", clock); + PlotClock = clock; +// PlockClockStartIndex = start; return clock; } @@ -204,10 +206,10 @@ uint8_t GetNrzClock(const char str[], bool printAns, bool verbose) if (!strcmp(str, "")) clock = 0; - if (clock!=0) + if (clock != 0) return clock; // Auto-detect clock - uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; + uint8_t grph[MAX_GRAPH_TRACE_LEN] = {0}; size_t size = getFromGraphBuf(grph); if ( size == 0 ) { if (verbose) @@ -216,9 +218,11 @@ uint8_t GetNrzClock(const char str[], bool printAns, bool verbose) } clock = DetectNRZClock(grph, size, 0); // Only print this message if we're not looping something - if (printAns){ + if (printAns) PrintAndLog("Auto-detected clock rate: %d", clock); - } + + PlotClock = clock; + //PlockClockStartIndex = start; return clock; } //by marshmellow @@ -243,15 +247,17 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) PrintAndLog("DEBUG: unknown fsk field clock detected"); PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1); } + //PlotClock = clock; + //PlockClockStartIndex = start; return 0; } uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose) { - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; + uint8_t BitStream[MAX_GRAPH_TRACE_LEN] = {0}; size_t size = getFromGraphBuf(BitStream); - if (size==0) return 0; + if (size == 0) return 0; uint16_t ans = countFC(BitStream, size, 1); - if (ans==0) { + if (ans == 0) { if (verbose || g_debugMode) PrintAndLog("DEBUG: No data found"); return 0; } @@ -259,7 +265,7 @@ uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose) *fc2 = ans & 0xFF; *rf1 = detectFSKClk(BitStream, size, *fc1, *fc2); - if (*rf1==0) { + if (*rf1 == 0) { if (verbose || g_debugMode) PrintAndLog("DEBUG: Clock detect error"); return 0; } diff --git a/client/proxgui.h b/client/proxgui.h index e83e75e7..0ad1077b 100644 --- a/client/proxgui.h +++ b/client/proxgui.h @@ -24,6 +24,7 @@ extern int GraphBuffer[MAX_GRAPH_TRACE_LEN]; extern int GraphTraceLen; extern double CursorScaleFactor; extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault, CursorCPos, CursorDPos; +extern int PlotClock, PlockClockStartIndex; extern int CommandFinished; extern int offline; diff --git a/client/proxguiqt.cpp b/client/proxguiqt.cpp index a845468f..b269d721 100644 --- a/client/proxguiqt.cpp +++ b/client/proxguiqt.cpp @@ -96,33 +96,41 @@ ProxGuiQT::~ProxGuiQT(void) } } +// solid colors +#define QT_ORANGE QColor(255, 153, 0) +#define QT_WHITE QColor(255, 255, 255) +#define QT_YELLOW QColor(255, 255, 0) +#define QT_MAGENTA QColor(255, 0, 255) +#define QT_LIGHTBLUE QColor(0, 0, 205) +#define QT_LIGHTGREEN QColor(100, 255, 100) +#define QT_GRAY QColor(100,100,100) +#define QT_BLACK QColor(0,0,0) +// transparent colors +#define QT_ORANGE_TS QColor(255, 153, 0, 96) +#define QT_RED_TS QColor(255, 0, 0, 64) +#define QT_BLACK_TS QColor(0,0,0,0) + void ProxWidget::paintEvent(QPaintEvent *event) { QPainter painter(this); QPainterPath penPath, whitePath, greyPath, lightgreyPath, cursorAPath, cursorBPath, cursorCPath, cursorDPath; QRect r; - QBrush brush(QColor(100, 255, 100)); - QPen pen(QColor(100, 255, 100)); + QBrush brush(QT_LIGHTGREEN); + QPen pen(QT_LIGHTGREEN); painter.setFont(QFont("Arial", 10)); - if(GraphStart < 0) + if(GraphStart < 0) GraphStart = 0; - if (CursorAPos > GraphTraceLen) - CursorAPos= 0; - - if(CursorBPos > GraphTraceLen) - CursorBPos= 0; - if(CursorCPos > GraphTraceLen) - CursorCPos= 0; - if(CursorDPos > GraphTraceLen) - CursorDPos= 0; + if (CursorAPos > GraphTraceLen) CursorAPos = 0; + if (CursorBPos > GraphTraceLen) CursorBPos = 0; + if (CursorCPos > GraphTraceLen) CursorCPos = 0; + if (CursorDPos > GraphTraceLen) CursorDPos = 0; r = rect(); - - painter.fillRect(r, QColor(0, 0, 0)); - + painter.fillRect(r, QT_BLACK); + whitePath.moveTo(r.left() + 40, r.top()); whitePath.lineTo(r.left() + 40, r.bottom()); @@ -130,33 +138,33 @@ void ProxWidget::paintEvent(QPaintEvent *event) greyPath.moveTo(r.left(), zeroHeight); greyPath.lineTo(r.right(), zeroHeight); - painter.setPen(QColor(100, 100, 100)); + painter.setPen(QT_GRAY); painter.drawPath(greyPath); - PageWidth= (int)((r.right() - r.left() - 40) / GraphPixelsPerPoint); + PageWidth = (int)((r.right() - r.left() - 40) / GraphPixelsPerPoint); - // plot X and Y grid lines - int i; - if ((PlotGridX > 0) && ((PlotGridX * GraphPixelsPerPoint) > 1)) { - for(i = 40 + (GridOffset * GraphPixelsPerPoint); i < r.right(); i += (int)(PlotGridX * GraphPixelsPerPoint)) { - //SelectObject(hdc, GreyPenLite); - //MoveToEx(hdc, r.left + i, r.top, NULL); - //LineTo(hdc, r.left + i, r.bottom); - lightgreyPath.moveTo(r.left()+i,r.top()); - lightgreyPath.lineTo(r.left()+i,r.bottom()); - painter.drawPath(lightgreyPath); - } - } - if ((PlotGridY > 0) && ((PlotGridY * GraphPixelsPerPoint) > 1)){ - for(i = 0; i < ((r.top() + r.bottom())>>1); i += (int)(PlotGridY * GraphPixelsPerPoint)) { - lightgreyPath.moveTo(r.left() + 40,zeroHeight + i); - lightgreyPath.lineTo(r.right(),zeroHeight + i); - painter.drawPath(lightgreyPath); - lightgreyPath.moveTo(r.left() + 40,zeroHeight - i); - lightgreyPath.lineTo(r.right(),zeroHeight - i); - painter.drawPath(lightgreyPath); - } - } + // plot X and Y grid lines + int i; + if ((PlotGridX > 0) && ((PlotGridX * GraphPixelsPerPoint) > 1)) { + for(i = 40 + (GridOffset * GraphPixelsPerPoint); i < r.right(); i += (int)(PlotGridX * GraphPixelsPerPoint)) { + //SelectObject(hdc, GreyPenLite); + //MoveToEx(hdc, r.left + i, r.top, NULL); + //LineTo(hdc, r.left + i, r.bottom); + lightgreyPath.moveTo(r.left()+i,r.top()); + lightgreyPath.lineTo(r.left()+i,r.bottom()); + painter.drawPath(lightgreyPath); + } + } + if ((PlotGridY > 0) && ((PlotGridY * GraphPixelsPerPoint) > 1)){ + for(i = 0; i < ((r.top() + r.bottom())>>1); i += (int)(PlotGridY * GraphPixelsPerPoint)) { + lightgreyPath.moveTo(r.left() + 40,zeroHeight + i); + lightgreyPath.lineTo(r.right(),zeroHeight + i); + painter.drawPath(lightgreyPath); + lightgreyPath.moveTo(r.left() + 40,zeroHeight - i); + lightgreyPath.lineTo(r.right(),zeroHeight - i); + painter.drawPath(lightgreyPath); + } + } startMax = (GraphTraceLen - (int)((r.right() - r.left() - 40) / GraphPixelsPerPoint)); @@ -168,11 +176,11 @@ void ProxWidget::paintEvent(QPaintEvent *event) int absYMax = 1; - for(i = GraphStart; ; i++) { + for(i = GraphStart; ;i++) { if(i >= GraphTraceLen) break; - if(fabs((double)GraphBuffer[i]) > absYMax) + if (fabs((double)GraphBuffer[i]) > absYMax) absYMax = (int)fabs((double)GraphBuffer[i]); int x = 40 + (int)((i - GraphStart)*GraphPixelsPerPoint); @@ -196,11 +204,15 @@ void ProxWidget::paintEvent(QPaintEvent *event) int yMax = INT_MIN; int yMean = 0; int n = 0; + //int stt_x1 = 0, stt_x2 = 0; for(i = GraphStart; ; i++) { if(i >= GraphTraceLen) break; - int x = 40 + (int)((i - GraphStart)*GraphPixelsPerPoint); + // x == pixel pos. + int x = 40 + (int)((i - GraphStart) * GraphPixelsPerPoint); + + // if x reaches end of box, stop loop if(x > r.right() + GraphPixelsPerPoint) break; int y = GraphBuffer[i]; @@ -221,6 +233,7 @@ void ProxWidget::paintEvent(QPaintEvent *event) penPath.lineTo(x, y); + // small white boxes (the dots on the signal) if(GraphPixelsPerPoint > 10) { QRect f(QPoint(x - 3, y - 3),QPoint(x + 3, y + 3)); painter.fillRect(f, brush); @@ -233,7 +246,7 @@ void ProxWidget::paintEvent(QPaintEvent *event) char str[100]; sprintf(str, "+%d", (i - GraphStart)); - painter.setPen(QColor(255, 255, 255)); + painter.setPen( QT_WHITE ); QRect size; QFontMetrics metrics(painter.font()); size = metrics.boundingRect(str); @@ -245,36 +258,55 @@ void ProxWidget::paintEvent(QPaintEvent *event) if(i == CursorAPos || i == CursorBPos || i == CursorCPos || i == CursorDPos) { QPainterPath *cursorPath; - if (i == CursorAPos) + if ( i == CursorAPos ) cursorPath = &cursorAPath; - else if (i == CursorBPos) + else if ( i == CursorBPos ) cursorPath = &cursorBPath; - else if (i == CursorCPos) + else if ( i == CursorCPos ) cursorPath = &cursorCPath; - else + else cursorPath = &cursorDPath; cursorPath->moveTo(x, r.top()); cursorPath->lineTo(x, r.bottom()); - penPath.moveTo(x, y); + penPath.moveTo(x, y); } } + + // Mark STT block in signal + if ( CursorCPos > 0 ){ + int foo = 40 + (int)((CursorCPos - GraphStart) * GraphPixelsPerPoint); + int bar = 40 + ((CursorDPos - GraphStart) * GraphPixelsPerPoint); + QRect r_stt(foo, r.top(), bar-foo, r.bottom() ); + painter.fillRect(r_stt, QBrush( QT_ORANGE_TS )); + painter.drawRect(r_stt); + } + + // Mark Clock pulse + //extern int PlotClock, PlockClockStartIndex; + if ( PlotClock > 0){ + for(int i = PlockClockStartIndex; ; i += PlotClock * 2) { + if(i >= GraphTraceLen ) break; + if ((CursorCPos > 0) && (i >= CursorCPos)) break; + + int foo = 40 + (int)((i - GraphStart) * GraphPixelsPerPoint); + int bar = 40 + ((i + PlotClock - GraphStart) * GraphPixelsPerPoint); + QRect r_clock(foo, r.top(), bar-foo, r.bottom() ); + painter.fillRect(r_clock, QBrush( QT_RED_TS )); + painter.drawRect(r_clock); + } + } + if(n != 0) yMean /= n; - painter.setPen(QColor(255, 255, 255)); - painter.drawPath(whitePath); - painter.setPen(pen); - painter.drawPath(penPath); - painter.setPen(QColor(255, 255, 0)); - painter.drawPath(cursorAPath); - painter.setPen(QColor(255, 0, 255)); - painter.drawPath(cursorBPath); - painter.setPen(QColor(255, 153, 0)); //orange - painter.drawPath(cursorCPath); - painter.setPen(QColor(0, 0, 205)); //light blue - painter.drawPath(cursorDPath); + painter.setPen( QT_WHITE ); painter.drawPath(whitePath); + painter.setPen(pen); painter.drawPath(penPath); + painter.setPen( QT_YELLOW ); painter.drawPath(cursorAPath); + painter.setPen( QT_MAGENTA ); painter.drawPath(cursorBPath); + //painter.setPen( QT_ORANGE ); painter.drawPath(cursorCPath); + //painter.setPen( QT_LIGHTBLUE ); painter.drawPath(cursorDPath); char str[200]; sprintf(str, "@%d max=%d min=%d mean=%d n=%d/%d dt=%d [%.3f] zoom=%.3f CursorA=%d [%d] CursorB=%d [%d] GridX=%d GridY=%d (%s)", @@ -291,7 +323,7 @@ void ProxWidget::paintEvent(QPaintEvent *event) GridLocked ? "Locked" : "Unlocked" ); - painter.setPen(QColor(255, 255, 255)); + painter.setPen( QT_WHITE ); painter.drawText(50, r.bottom() - 20, str); } @@ -299,10 +331,10 @@ ProxWidget::ProxWidget(QWidget *parent) : QWidget(parent), GraphStart(0), GraphP { resize(600, 300); - QPalette palette(QColor(0,0,0,0)); - palette.setColor(QPalette::WindowText, QColor(255,255,255)); - palette.setColor(QPalette::Text, QColor(255,255,255)); - palette.setColor(QPalette::Button, QColor(100, 100, 100)); + QPalette palette( QT_BLACK_TS ); + palette.setColor(QPalette::WindowText, QT_WHITE ); + palette.setColor(QPalette::Text, QT_WHITE ); + palette.setColor(QPalette::Button, QT_GRAY ); setPalette(palette); setAutoFillBackground(true); CursorAPos = 0; diff --git a/client/ui.c b/client/ui.c index 4fabbe70..2c344b68 100644 --- a/client/ui.c +++ b/client/ui.c @@ -10,8 +10,12 @@ //----------------------------------------------------------------------------- #include "ui.h" + +// set QT vars double CursorScaleFactor; -int PlotGridX, PlotGridY, PlotGridXdefault= 64, PlotGridYdefault= 64, CursorCPos= 0, CursorDPos= 0; +int PlotGridX, PlotGridY, PlotGridXdefault = 64, PlotGridYdefault = 64, CursorCPos = 0, CursorDPos = 0; +int PlotClock = 0, PlockClockStartIndex = 0; + int offline; int flushAfterWrite = 0; extern pthread_mutex_t print_lock; diff --git a/client/ui.h b/client/ui.h index 3886c12b..77169cf8 100644 --- a/client/ui.h +++ b/client/ui.h @@ -46,6 +46,7 @@ void SetLogFilename(char *fn); extern double CursorScaleFactor; extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault, CursorCPos, CursorDPos; +extern int PlotClock, PlockClockStartIndex; extern int offline; extern int flushAfterWrite; //buzzy -- 2.39.5 From c6e5c7ea46eae6180eee3eb592a291257a0400b1 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 2 Mar 2017 21:00:51 +0100 Subject: [PATCH 14/16] CHG: `data plot`- the marking of clock, looks better without borders. It only connected to ASK. STT mark also looks better. Still problem with finding the startindex... --- client/graph.c | 74 +++++++++++++----------------- client/proxguiqt.cpp | 14 ++++-- client/proxguiqt.h | 2 + common/lfdemod.c | 106 ++++++++++++++++++++++++------------------- 4 files changed, 103 insertions(+), 93 deletions(-) diff --git a/client/graph.c b/client/graph.c index f5e942a9..a0ba46d5 100644 --- a/client/graph.c +++ b/client/graph.c @@ -20,30 +20,27 @@ int GraphTraceLen; /* write a manchester bit to the graph */ void AppendGraph(int redraw, int clock, int bit) { - int i; - //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) - for (i = 0; i < (int)(clock / 2); ++i) - GraphBuffer[GraphTraceLen++] = bit ; - //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) - for (i = (int)(clock / 2); i < clock; ++i) - GraphBuffer[GraphTraceLen++] = bit ^ 1; + int i; + //set first half the clock bit (all 1's or 0's for a 0 or 1 bit) + for (i = 0; i < (int)(clock / 2); ++i) + GraphBuffer[GraphTraceLen++] = bit ; + //set second half of the clock bit (all 0's or 1's for a 0 or 1 bit) + for (i = (int)(clock / 2); i < clock; ++i) + GraphBuffer[GraphTraceLen++] = bit ^ 1; - if (redraw) - RepaintGraphWindow(); + if (redraw) + RepaintGraphWindow(); } // clear out our graph window int ClearGraph(int redraw) { - int gtl = GraphTraceLen; - memset(GraphBuffer, 0x00, GraphTraceLen); - - GraphTraceLen = 0; - - if (redraw) - RepaintGraphWindow(); - - return gtl; + int gtl = GraphTraceLen; + memset(GraphBuffer, 0x00, GraphTraceLen); + GraphTraceLen = 0; + if (redraw) + RepaintGraphWindow(); + return gtl; } // option '1' to save GraphBuffer any other to restore void save_restoreGB(uint8_t saveOpt) @@ -70,14 +67,15 @@ void setGraphBuf(uint8_t *buff, size_t size) { if ( buff == NULL ) return; - uint16_t i = 0; + ClearGraph(0); + if ( size > MAX_GRAPH_TRACE_LEN ) size = MAX_GRAPH_TRACE_LEN; - ClearGraph(0); - for (; i < size; ++i){ - GraphBuffer[i]=buff[i]-128; - } - GraphTraceLen=size; + + for (uint16_t i = 0; i < size; ++i) + GraphBuffer[i] = buff[i] - 128; + + GraphTraceLen = size; RepaintGraphWindow(); return; } @@ -85,10 +83,10 @@ size_t getFromGraphBuf(uint8_t *buff) { if (buff == NULL ) return 0; uint32_t i; - for (i=0;i127) GraphBuffer[i]=127; //trim - if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim - buff[i]=(uint8_t)(GraphBuffer[i]+128); + for (i=0; i < GraphTraceLen; ++i){ + if (GraphBuffer[i] > 127) GraphBuffer[i] = 127; //trim + if (GraphBuffer[i] < -127) GraphBuffer[i] = -127; //trim + buff[i] = (uint8_t)(GraphBuffer[i]+128); } return i; } @@ -133,8 +131,8 @@ int GetAskClock(const char str[], bool printAns, bool verbose) if (!strcmp(str, "")) clock = 0; - if (clock != 0) - return clock; + if (clock != 0) return clock; + // Auto-detect clock uint8_t grph[MAX_GRAPH_TRACE_LEN]={0}; size_t size = getFromGraphBuf(grph); @@ -145,15 +143,12 @@ int GetAskClock(const char str[], bool printAns, bool verbose) } bool st = DetectST(grph, &size, &clock); int start = 0; - if (st == false) { + if (st == false) start = DetectASKClock(grph, size, &clock, 20); - } + // Only print this message if we're not looping something - if (printAns){ + if (printAns) PrintAndLog("Auto-detected clock rate: %d, Best Starting Position: %d", clock, start); - } - PlotClock = clock; - PlockClockStartIndex = start; return clock; } @@ -193,9 +188,6 @@ int GetPskClock(const char str[], bool printAns, bool verbose) clock = DetectPSKClock(grph, size, 0); // Only print this message if we're not looping something if (printAns) PrintAndLog("Auto-detected clock rate: %d", clock); - - PlotClock = clock; -// PlockClockStartIndex = start; return clock; } @@ -221,8 +213,6 @@ uint8_t GetNrzClock(const char str[], bool printAns, bool verbose) if (printAns) PrintAndLog("Auto-detected clock rate: %d", clock); - PlotClock = clock; - //PlockClockStartIndex = start; return clock; } //by marshmellow @@ -247,8 +237,6 @@ uint8_t GetFskClock(const char str[], bool printAns, bool verbose) PrintAndLog("DEBUG: unknown fsk field clock detected"); PrintAndLog("Detected Field Clocks: FC/%d, FC/%d - Bit Clock: RF/%d", fc1, fc2, rf1); } - //PlotClock = clock; - //PlockClockStartIndex = start; return 0; } uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose) diff --git a/client/proxguiqt.cpp b/client/proxguiqt.cpp index b269d721..a690e2e8 100644 --- a/client/proxguiqt.cpp +++ b/client/proxguiqt.cpp @@ -9,6 +9,7 @@ //----------------------------------------------------------------------------- #include +#include #include #include #include @@ -278,8 +279,10 @@ void ProxWidget::paintEvent(QPaintEvent *event) int foo = 40 + (int)((CursorCPos - GraphStart) * GraphPixelsPerPoint); int bar = 40 + ((CursorDPos - GraphStart) * GraphPixelsPerPoint); QRect r_stt(foo, r.top(), bar-foo, r.bottom() ); - painter.fillRect(r_stt, QBrush( QT_ORANGE_TS )); - painter.drawRect(r_stt); + QBrush b_stt( QBrush( QT_ORANGE_TS )); + b_stt.setStyle(Qt::Dense1Pattern); + painter.setPen(Qt::NoPen); + painter.fillRect(r_stt, b_stt); } // Mark Clock pulse @@ -293,8 +296,11 @@ void ProxWidget::paintEvent(QPaintEvent *event) int foo = 40 + (int)((i - GraphStart) * GraphPixelsPerPoint); int bar = 40 + ((i + PlotClock - GraphStart) * GraphPixelsPerPoint); QRect r_clock(foo, r.top(), bar-foo, r.bottom() ); - painter.fillRect(r_clock, QBrush( QT_RED_TS )); - painter.drawRect(r_clock); + + QBrush b_clk( QBrush( QT_RED_TS )); + b_clk.setStyle(Qt::Dense1Pattern); + painter.setPen(Qt::NoPen); + painter.fillRect(r_clock, b_clk); } } diff --git a/client/proxguiqt.h b/client/proxguiqt.h index 303a37d0..155cacb1 100644 --- a/client/proxguiqt.h +++ b/client/proxguiqt.h @@ -23,6 +23,8 @@ class ProxWidget : public QWidget double GraphPixelsPerPoint; int CursorAPos; int CursorBPos; + //int CursorCPos; + //int CursorDPos; public: ProxWidget(QWidget *parent = 0); diff --git a/common/lfdemod.c b/common/lfdemod.c index 58b843e2..61d01c27 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -940,6 +940,10 @@ int DetectStrongAskClock(uint8_t dest[], size_t size, uint8_t high, uint8_t low) } return 0; } +void SetGraphClock( int clock, int startidx){ + PlotClock = clock; + PlockClockStartIndex = startidx; +} // by marshmellow // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping) @@ -947,15 +951,15 @@ int DetectStrongAskClock(uint8_t dest[], size_t size, uint8_t high, uint8_t low) // return start index of best starting position for that clock and return clock (by reference) int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) { - size_t i=1; + size_t i = 1; uint8_t clk[] = {255,8,16,32,40,50,64,100,128,255}; uint8_t clkEnd = 9; uint8_t loopCnt = 255; //don't need to loop through entire array... - if (size <= loopCnt+60) return -1; //not enough samples + if (size <= loopCnt + 60) return -1; //not enough samples size -= 60; //sometimes there is a strange end wave - filter out this.... //if we already have a valid clock - uint8_t clockFnd=0; - for (;i0) { + if (clockFnd > 0) { clkCnt = clockFnd; clkEnd = clockFnd+1; } else { - clkCnt=1; + clkCnt = 1; } //test each valid clock from smallest to greatest to see which lines up - for(; clkCnt < clkEnd; clkCnt++) { + for (; clkCnt < clkEnd; clkCnt++) { if (clk[clkCnt] <= 32) { tol=1; } else { @@ -1026,6 +1030,8 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) if (g_debugMode == 2) prnt("DEBUG ASK: clk %d, err %d, startpos %d, endpos %d", clk[clkCnt], errCnt, ii, i); if (errCnt==0 && clkCnt<7) { if (!clockFnd) *clock = clk[clkCnt]; + + SetGraphClock(*clock, ii); return ii; } //if we found errors see if it is lowest so far and save it as best run @@ -1048,6 +1054,8 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) if (g_debugMode == 2) prnt("DEBUG ASK: clk %d, # Errors %d, Current Best Clk %d, bestStart %d", clk[k], bestErr[k], clk[best], bestStart[best]); } if (!clockFnd) *clock = clk[best]; + + SetGraphClock(*clock, bestStart[best]); return bestStart[best]; } @@ -1056,27 +1064,30 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) // a phase shift is determined by measuring the sample length of each wave int DetectPSKClock(uint8_t dest[], size_t size, int clock) { - uint8_t clk[]={255,16,32,40,50,64,100,128,255}; //255 is not a valid clock + uint8_t clk[] = {255,16,32,40,50,64,100,128,255}; //255 is not a valid clock uint16_t loopCnt = 4096; //don't need to loop through entire array... - if (size == 0) return 0; - if (size= dest[i+2]){ if (waveStart == 0) { waveStart = i+1; @@ -1094,10 +1105,10 @@ int DetectPSKClock(uint8_t dest[], size_t size, int clock) } } } - if (g_debugMode ==2) prnt("DEBUG PSK: firstFullWave: %d, waveLen: %d",firstFullWave,fullWaveLen); + if (g_debugMode == 2) prnt("DEBUG PSK: firstFullWave: %d, waveLen: %d",firstFullWave,fullWaveLen); //test each valid clock from greatest to smallest to see which lines up - for(clkCnt=7; clkCnt >= 1 ; clkCnt--){ + for (clkCnt=7; clkCnt >= 1 ; clkCnt--){ lastClkBit = firstFullWave; //set end of wave as clock align waveStart = 0; errCnt=0; @@ -1131,19 +1142,17 @@ int DetectPSKClock(uint8_t dest[], size_t size, int clock) } } } - if (errCnt == 0){ - return clk[clkCnt]; - } - if (errCnt <= bestErr[clkCnt]) bestErr[clkCnt]=errCnt; - if (peakcnt > peaksdet[clkCnt]) peaksdet[clkCnt]=peakcnt; + if (errCnt == 0) return clk[clkCnt]; + if (errCnt <= bestErr[clkCnt]) bestErr[clkCnt] = errCnt; + if (peakcnt > peaksdet[clkCnt]) peaksdet[clkCnt] = peakcnt; } //all tested with errors //return the highest clk with the most peaks found - uint8_t best=7; - for (i=7; i>=1; i--){ - if (peaksdet[i] > peaksdet[best]) { + uint8_t best = 7; + for (i=7; i >= 1; i--){ + if (peaksdet[i] > peaksdet[best]) best = i; - } + if (g_debugMode == 2) prnt("DEBUG PSK: Clk: %d, peaks: %d, errs: %d, bestClk: %d",clk[i],peaksdet[i],bestErr[i],clk[best]); } return clk[best]; @@ -1180,16 +1189,20 @@ int DetectStrongNRZClk(uint8_t *dest, size_t size, int peak, int low){ //by marshmellow //detect nrz clock by reading #peaks vs no peaks(or errors) +//iceman: shouldn't param clock be reference? like DetectASKClock int DetectNRZClock(uint8_t dest[], size_t size, int clock) { - size_t i=0; - uint8_t clk[]={8,16,32,40,50,64,100,128,255}; + size_t i = 0; + uint8_t clk[] = {8,16,32,40,50,64,100,128,255}; size_t loopCnt = 4096; //don't need to loop through entire array... - if (size == 0) return 0; - if (size 6 ){ if (maxPeak > smplCnt){ maxPeak = smplCnt; @@ -1218,7 +1231,7 @@ int DetectNRZClock(uint8_t dest[], size_t size, int clock) } peakcnt++; //prnt("maxPk: %d, smplCnt: %d, peakcnt: %d",maxPeak,smplCnt,peakcnt); - smplCnt=0; + smplCnt = 0; } } } @@ -1228,7 +1241,7 @@ int DetectNRZClock(uint8_t dest[], size_t size, int clock) uint8_t ignoreWindow = 4; bool lastPeakHigh = 0; int lastBit = 0; - peakcnt=0; + peakcnt = 0; //test each valid clock from smallest to greatest to see which lines up for(clkCnt=0; clkCnt < 8; ++clkCnt){ //ignore clocks smaller than smallest peak @@ -1248,7 +1261,7 @@ int DetectNRZClock(uint8_t dest[], size_t size, int clock) if (dest[i] >= peak || dest[i] <= low) { //if same peak don't count it if ((dest[i] >= peak && !lastPeakHigh) || (dest[i] <= low && lastPeakHigh)) { - peakcnt++; + peakcnt++; } lastPeakHigh = (dest[i] >= peak); bitHigh = true; @@ -1260,9 +1273,10 @@ int DetectNRZClock(uint8_t dest[], size_t size, int clock) } //else if not a clock bit and no peaks } else if (dest[i] < peak && dest[i] > low){ - if (ignoreCnt==0){ + if (ignoreCnt == 0){ bitHigh=false; - if (errBitHigh==true) peakcnt--; + if (errBitHigh==true) + peakcnt--; errBitHigh=false; } else { ignoreCnt--; @@ -1273,23 +1287,23 @@ int DetectNRZClock(uint8_t dest[], size_t size, int clock) errBitHigh=true; } } - if(peakcnt>peaksdet[clkCnt]) { - peaksdet[clkCnt]=peakcnt; + if (peakcnt > peaksdet[clkCnt]) { + peaksdet[clkCnt] = peakcnt; } } } } - int iii=7; - uint8_t best=0; - for (iii=7; iii > 0; iii--){ - if ((peaksdet[iii] >= (peaksdet[best]-1)) && (peaksdet[iii] <= peaksdet[best]+1) && lowestTransition) { - if (clk[iii] > (lowestTransition - (clk[iii]/8)) && clk[iii] < (lowestTransition + (clk[iii]/8))) { - best = iii; - } - } else if (peaksdet[iii] > peaksdet[best]){ - best = iii; + + uint8_t best = 0; + for (int m = 7; m > 0; m--){ + if ((peaksdet[m] >= (peaksdet[best]-1)) && (peaksdet[m] <= peaksdet[best]+1) && lowestTransition) { + if (clk[m] > (lowestTransition - (clk[m]/8)) && clk[m] < (lowestTransition + (clk[m]/8))) { + best = m; + } + } else if (peaksdet[m] > peaksdet[best]){ + best = m; } - if (g_debugMode==2) prnt("DEBUG NRZ: Clk: %d, peaks: %d, maxPeak: %d, bestClk: %d, lowestTrs: %d",clk[iii],peaksdet[iii],maxPeak, clk[best], lowestTransition); + if (g_debugMode==2) prnt("DEBUG NRZ: Clk: %d, peaks: %d, maxPeak: %d, bestClk: %d, lowestTrs: %d", clk[m], peaksdet[m], maxPeak, clk[best], lowestTransition); } return clk[best]; -- 2.39.5 From aa9b584f5c3050e4f186f12c097219814422b19b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 2 Mar 2017 21:10:35 +0100 Subject: [PATCH 15/16] FIX: removing nonexistent include file. --- client/proxguiqt.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/proxguiqt.cpp b/client/proxguiqt.cpp index a690e2e8..acd9d120 100644 --- a/client/proxguiqt.cpp +++ b/client/proxguiqt.cpp @@ -9,7 +9,7 @@ //----------------------------------------------------------------------------- #include -#include +//#include #include #include #include -- 2.39.5 From 1ec412d97ddac6bd184c645815037e29fd84fb90 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 2 Mar 2017 21:15:01 +0100 Subject: [PATCH 16/16] FIX: moved from lfdemod.c -> graph.c SetGraphClock. --- client/graph.c | 6 ++++++ common/lfdemod.c | 7 ------- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/client/graph.c b/client/graph.c index a0ba46d5..91fecff8 100644 --- a/client/graph.c +++ b/client/graph.c @@ -123,6 +123,11 @@ void DetectHighLowInGraph(int *high, int *low, bool addFuzz) { } } +void SetGraphClock( int clock, int startidx){ + PlotClock = clock; + PlockClockStartIndex = startidx; +} + // Get or auto-detect ask clock rate int GetAskClock(const char str[], bool printAns, bool verbose) { @@ -149,6 +154,7 @@ int GetAskClock(const char str[], bool printAns, bool verbose) // Only print this message if we're not looping something if (printAns) PrintAndLog("Auto-detected clock rate: %d, Best Starting Position: %d", clock, start); + SetGraphClock(clock, start); return clock; } diff --git a/common/lfdemod.c b/common/lfdemod.c index 61d01c27..fddc624a 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -940,10 +940,6 @@ int DetectStrongAskClock(uint8_t dest[], size_t size, uint8_t high, uint8_t low) } return 0; } -void SetGraphClock( int clock, int startidx){ - PlotClock = clock; - PlockClockStartIndex = startidx; -} // by marshmellow // not perfect especially with lower clocks or VERY good antennas (heavy wave clipping) @@ -1030,8 +1026,6 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) if (g_debugMode == 2) prnt("DEBUG ASK: clk %d, err %d, startpos %d, endpos %d", clk[clkCnt], errCnt, ii, i); if (errCnt==0 && clkCnt<7) { if (!clockFnd) *clock = clk[clkCnt]; - - SetGraphClock(*clock, ii); return ii; } //if we found errors see if it is lowest so far and save it as best run @@ -1055,7 +1049,6 @@ int DetectASKClock(uint8_t dest[], size_t size, int *clock, int maxErr) } if (!clockFnd) *clock = clk[best]; - SetGraphClock(*clock, bestStart[best]); return bestStart[best]; } -- 2.39.5