From 0d1438d15693c77036b2fd44a6fc5401d2dc4916 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 24 May 2019 09:11:30 -0400 Subject: [PATCH] chg: lf psksim - uses NG --- armsrc/appmain.c | 10 ++++++---- armsrc/apps.h | 14 +++++++------- armsrc/lfops.c | 25 +++++++++++-------------- client/cmdlf.c | 19 ++++++++++++++----- client/cmdlfawid.c | 7 ++++--- client/cmdlfindala.c | 23 +++++++++++++++++------ client/cmdlfkeri.c | 23 +++++++++++++++++------ include/pm3_cmd.h | 13 +++++++++++-- 8 files changed, 87 insertions(+), 47 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 24dd79826..b9b77f6ea 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -784,17 +784,19 @@ static void PacketReceived(PacketCommandNG *packet) { break; case CMD_FSK_SIM_TAG: { lf_fsksim_t *payload = (lf_fsksim_t *)packet->data.asBytes; - CmdFSKsimTAG(payload->fchigh, payload->fclow, payload->separator, payload->clock, packet->length - sizeof(lf_fsksim_t), payload->data, 1); + CmdFSKsimTAG(payload->fchigh, payload->fclow, payload->separator, payload->clock, packet->length - sizeof(lf_fsksim_t), payload->data, true); break; } case CMD_ASK_SIM_TAG: { lf_asksim_t *payload = (lf_asksim_t *)packet->data.asBytes; - CmdASKsimTAG(payload->encoding, payload->invert, payload->separator, payload->clock, packet->length - sizeof(lf_asksim_t), payload->data, 1); + CmdASKsimTAG(payload->encoding, payload->invert, payload->separator, payload->clock, packet->length - sizeof(lf_asksim_t), payload->data, true); break; } - case CMD_PSK_SIM_TAG: - CmdPSKsimTag(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes, 1); + case CMD_PSK_SIM_TAG: { + lf_psksim_t *payload = (lf_psksim_t *)packet->data.asBytes; + CmdPSKsimTag(payload->carrier, payload->invert, payload->clock, packet->length - sizeof(lf_psksim_t), payload->data, true); break; + } case CMD_HID_CLONE_TAG: CopyHIDtoT55x7(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes[0]); break; diff --git a/armsrc/apps.h b/armsrc/apps.h index 7ca3d5178..952185244 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -81,16 +81,16 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc); void AcquireTiType(void); void AcquireRawBitsTI(void); -void SimulateTagLowFrequencyEx(int period, int gap, int ledcontrol, int numcycles); -void SimulateTagLowFrequency(int period, int gap, int ledcontrol); +void SimulateTagLowFrequencyEx(int period, int gap, bool ledcontrol, int numcycles); +void SimulateTagLowFrequency(int period, int gap, bool ledcontrol); void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen); -void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, int ledcontrol, int numcycles); -void CmdHIDsimTAG(uint32_t hi, uint32_t lo, int ledcontrol); -void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clock, uint16_t bitslen, uint8_t *bits, int ledcontrol); -void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t clk, size_t size, uint8_t *bits, int ledcontrol); +void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles); +void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol); -void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol); +void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol); +void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); +void CmdPSKsimTag(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26 diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 5cff85796..f52226181 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -561,7 +561,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) { // note: a call to FpgaDownloadAndGo(FPGA_BITSTREAM_LF) must be done before, but // this may destroy the bigbuf so be sure this is called before calling SimulateTagLowFrequencyEx -void SimulateTagLowFrequencyEx(int period, int gap, int ledcontrol, int numcycles) { +void SimulateTagLowFrequencyEx(int period, int gap, bool ledcontrol, int numcycles) { // start us timer StartTicks(); @@ -649,7 +649,7 @@ OUT: LED_D_OFF(); } -void SimulateTagLowFrequency(int period, int gap, int ledcontrol) { +void SimulateTagLowFrequency(int period, int gap, bool ledcontrol) { SimulateTagLowFrequencyEx(period, gap, ledcontrol, -1); } @@ -757,7 +757,7 @@ static void fcAll(uint8_t fc, int *n, uint8_t clock, uint16_t *modCnt) { // prepare a waveform pattern in the buffer based on the ID given then // simulate a HID tag until the button is pressed -void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, int ledcontrol, int numcycles) { +void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) { if (hi > 0xFFF) { DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags"); @@ -820,7 +820,7 @@ void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, int ledcontrol, int numcycles) { if (ledcontrol) LED_A_OFF(); } -void CmdHIDsimTAG(uint32_t hi, uint32_t lo, int ledcontrol) { +void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol) { CmdHIDsimTAGEx(hi, lo, ledcontrol, -1); reply_ng(CMD_HID_SIM_TAG, PM3_EOPABORTED, NULL, 0); } @@ -828,8 +828,8 @@ void CmdHIDsimTAG(uint32_t hi, uint32_t lo, int ledcontrol) { // prepare a waveform pattern in the buffer based on the ID given then // simulate a FSK tag until the button is pressed // arg1 contains fcHigh and fcLow, arg2 contains STT marker and clock -void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clock, uint16_t bitslen, uint8_t *bits, int ledcontrol) { -//void CmdFSKsimTAG(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol) { +void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol) { + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); // free eventually allocated BigBuf memory @@ -848,14 +848,14 @@ void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t cloc for (i = 0; i < bitslen; i++) { if (bits[i]) - fcAll(fclow, &n, clock, &modCnt); + fcAll(fclow, &n, clk, &modCnt); else - fcAll(fchigh, &n, clock, &modCnt); + fcAll(fchigh, &n, clk, &modCnt); } WDT_HIT(); - Dbprintf("Simulating with fcHigh: %d, fcLow: %d, clk: %d, STT: %d, n: %d", fchigh, fclow, clock, separator, n); + Dbprintf("Simulating with fcHigh: %d, fcLow: %d, clk: %d, STT: %d, n: %d", fchigh, fclow, clk, separator, n); if (ledcontrol) LED_A_ON(); SimulateTagLowFrequency(n, 0, ledcontrol); @@ -903,7 +903,7 @@ static void stAskSimBit(int *n, uint8_t clock) { } // args clock, ask/man or askraw, invert, transmission separator -void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t clk, size_t size, uint8_t *bits, int ledcontrol) { +void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol) { FpgaDownloadAndGo(FPGA_BITSTREAM_LF); set_tracing(false); @@ -967,14 +967,11 @@ static void pskSimBit(uint8_t waveLen, int *n, uint8_t clk, uint8_t *curPhase, b } // args clock, carrier, invert, -void CmdPSKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *bits, int ledcontrol) { +void CmdPSKsimTag(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol) { FpgaDownloadAndGo(FPGA_BITSTREAM_LF); set_tracing(false); int n = 0, i = 0; - uint8_t clk = arg1 >> 8; - uint8_t carrier = arg1 & 0xFF; - uint8_t invert = arg2 & 0xFF; uint8_t curPhase = 0; for (i = 0; i < size; i++) { if (bits[i] == curPhase) { diff --git a/client/cmdlf.c b/client/cmdlf.c index d83a40283..207ab77ef 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -831,14 +831,23 @@ int CmdLFpskSim(const char *Cmd) { } } size_t size = DemodBufferLen; - if (size > PM3_CMD_DATA_SIZE) { - PrintAndLogEx(NORMAL, "DemodBuffer too long for current implementation - length: %d - max: %d", size, PM3_CMD_DATA_SIZE); - size = PM3_CMD_DATA_SIZE; + if (size > (PM3_CMD_DATA_SIZE - sizeof(lf_psksim_t))) { + PrintAndLogEx(NORMAL, "DemodBuffer too long for current implementation - length: %d - max: %d", size, PM3_CMD_DATA_SIZE - sizeof(lf_psksim_t)); + size = PM3_CMD_DATA_SIZE - sizeof(lf_psksim_t); } - PrintAndLogEx(DEBUG, "DEBUG: Sending DemodBuffer Length: %d", size); + + lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + size); + payload->carrier = carrier; + payload->invert = invert; + payload->clock = clk; + memcpy(payload->data, DemodBuffer, size); + + PrintAndLogEx(INFO, "Simulating"); clearCommandBuffer(); - SendCommandOLD(CMD_PSK_SIM_TAG, clk << 8 | carrier, invert, size, DemodBuffer, size); + SendCommandNG(CMD_PSK_SIM_TAG, (uint8_t *)payload, sizeof(lf_psksim_t) + size); + free(payload); + PacketResponseNG resp; WaitForResponse(CMD_PSK_SIM_TAG, &resp); diff --git a/client/cmdlfawid.c b/client/cmdlfawid.c index e9169d864..3864676d8 100644 --- a/client/cmdlfawid.c +++ b/client/cmdlfawid.c @@ -332,13 +332,14 @@ static int CmdAWIDSim(const char *Cmd) { verify_values(&fmtlen, &fc, &cn); - PrintAndLogEx(SUCCESS, "Simulating AWID %u -- FC: %u; CN: %u\n", fmtlen, fc, cn); - PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation or run another command"); - if ( getAWIDBits(fmtlen, fc, cn, bs) != PM3_SUCCESS ) { PrintAndLogEx(WARNING, "Error with tag bitstream generation."); return PM3_ESOFT; } + + PrintAndLogEx(SUCCESS, "Simulating AWID %u -- FC: %u; CN: %u\n", fmtlen, fc, cn); + PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation or run another command"); + // AWID uses: FSK2a fcHigh: 10, fcLow: 8, clk: 50, invert: 1 // arg1 --- fcHigh<<8 + fcLow // arg2 --- Inversion and clk setting diff --git a/client/cmdlfindala.c b/client/cmdlfindala.c index 1b8b513e0..d0eabfc4b 100644 --- a/client/cmdlfindala.c +++ b/client/cmdlfindala.c @@ -372,8 +372,8 @@ static int CmdIndalaSim(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); if (strlen(Cmd) == 0 || cmdp == 'h') return usage_lf_indala_sim(); - uint8_t bits[224]; - memset(bits, 0x00, sizeof(bits)); + uint8_t bs[224]; + memset(bs, 0x00, sizeof(bs)); // uid uint8_t hexuid[100]; @@ -386,24 +386,35 @@ static int CmdIndalaSim(const char *Cmd) { uint8_t counter = 223; for (uint8_t i = 0; i < len; i++) { for (uint8_t j = 0; j < 8; j++) { - bits[counter--] = hexuid[i] & 1; + bs[counter--] = hexuid[i] & 1; hexuid[i] >>= 1; } } // indala PSK - uint8_t clk = 32, carrier = 2, invert = 0; - // It has to send either 64bits (8bytes) or 224bits (28bytes). Zero padding needed if not. // lf simpsk 1 c 32 r 2 d 0102030405060708 PrintAndLogEx(SUCCESS, "Simulating Indala UID: %s", sprint_hex(hexuid, len)); PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation or run another command"); + // indala PSK, clock 32, carrier 0 + lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + sizeof(bs)); + payload->carrier = 2; + payload->invert = 0; + payload->clock = 32; + memcpy(payload->data, bs, sizeof(bs)); + + PrintAndLogEx(INFO, "Simulating"); + clearCommandBuffer(); - SendCommandOLD(CMD_PSK_SIM_TAG, clk << 8 | carrier, invert, sizeof(bits), bits, sizeof(bits)); + SendCommandNG(CMD_PSK_SIM_TAG, (uint8_t *)payload, sizeof(lf_psksim_t) + sizeof(bs)); + free(payload); + PacketResponseNG resp; WaitForResponse(CMD_PSK_SIM_TAG, &resp); + + PrintAndLogEx(INFO, "Done"); if (resp.status != PM3_EOPABORTED) return resp.status; return PM3_SUCCESS; diff --git a/client/cmdlfkeri.c b/client/cmdlfkeri.c index f906d13b5..d38dcfea6 100644 --- a/client/cmdlfkeri.c +++ b/client/cmdlfkeri.c @@ -175,28 +175,39 @@ static int CmdKeriClone(const char *Cmd) { static int CmdKeriSim(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); - if (strlen(Cmd) == 0 || cmdp == 'h') return usage_lf_keri_sim(); + if (strlen(Cmd) == 0 || cmdp == 'h') + return usage_lf_keri_sim(); uint64_t internalid = param_get32ex(Cmd, 0, 0, 10); internalid |= 0x80000000; internalid <<= 3; internalid += 7; - uint8_t bits[64] = {0x00}; + uint8_t bs[64] = {0x00}; // loop to bits uint8_t j = 0; for (int8_t i = 63; i >= 0; --i) { - bits[j++] = ((internalid >> i) & 1); + bs[j++] = ((internalid >> i) & 1); } - uint8_t clk = 32, carrier = 2, invert = 0; - PrintAndLogEx(SUCCESS, "Simulating KERI - Internal Id: %u", internalid); + lf_psksim_t *payload = calloc(1, sizeof(lf_psksim_t) + sizeof(bs)); + payload->carrier = 2; + payload->invert = 0; + payload->clock = 32; + memcpy(payload->data, bs, sizeof(bs)); + + PrintAndLogEx(INFO, "Simulating"); + clearCommandBuffer(); - SendCommandOLD(CMD_PSK_SIM_TAG, clk << 8 | carrier, invert, sizeof(bits), bits, sizeof(bits)); + SendCommandNG(CMD_PSK_SIM_TAG, (uint8_t *)payload, sizeof(lf_psksim_t) + sizeof(bs)); + free(payload); + PacketResponseNG resp; WaitForResponse(CMD_PSK_SIM_TAG, &resp); + + PrintAndLogEx(INFO, "Done"); if (resp.status != PM3_EOPABORTED) return resp.status; return PM3_SUCCESS; diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index bfa114f19..caacf7e1c 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -176,7 +176,7 @@ typedef struct { uint8_t flags; } PACKED t55xx_write_block_t; -// For CMD_FSK_SIM_TAG +// For CMD_FSK_SIM_TAG (FSK) typedef struct { uint8_t fchigh; uint8_t fclow; @@ -185,7 +185,7 @@ typedef struct { uint8_t data[]; } PACKED lf_fsksim_t; -// For CMD_ASK_SIM_TAG +// For CMD_ASK_SIM_TAG (ASK) typedef struct { uint8_t encoding; uint8_t invert; @@ -194,6 +194,15 @@ typedef struct { uint8_t data[]; } PACKED lf_asksim_t; +// For CMD_PSK_SIM_TAG (PSK) +typedef struct { + uint8_t carrier; + uint8_t invert; + uint8_t clock; + uint8_t data[]; +} PACKED lf_psksim_t; + + // For the bootloader #define CMD_DEVICE_INFO 0x0000 #define CMD_SETUP_WRITE 0x0001