github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into feature/better_nxp_15693_identification

Browse source 
Signed-off-by: Iceman <iceman@iuse.se>
This commit is contained in:
Iceman 2022-12-30 09:52:15 +01:00 committed by GitHub
commit 259ad97004
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 54 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -4,6 +4,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
## [unreleased][unreleased]
- Improved NXP SLI/SLIX series tag identification (@nvx)
- Fixed buffer overflow in "lf em 4x05 sniff" (@HeinrichsH)
- Fixed potential NULL array printing (@jmichel)
- Added PIV aid to resource file (@jmichel)
- Fixed failing compilation on Proxspace environment due to how python is initialized (@jmichel)

63
client/src/cmdlfem4x05.c
View file

@ -41,6 +41,7 @@
#include "generator.h"
#include "cliparser.h"
#include "cmdhw.h"
#include "util.h"
//////////////// 4205 / 4305 commands
@ -1996,8 +1997,7 @@ int CmdEM4x05Sniff(const char *Cmd) {
const char *cmdText;
char dataText[100];
char blkAddr[4];
char bits[80];
int i, bitidx;
int i;
int ZeroWidth; // 32-42 "1" is 32
int CycleWidth;
size_t pulseSamples;
@ -2018,6 +2018,10 @@ int CmdEM4x05Sniff(const char *Cmd) {
PrintAndLogEx(SUCCESS, "offset | Command | Data | blk | raw");
PrintAndLogEx(SUCCESS, "-------+-------------+----------+-----+------------------------------------------------------------");
smartbuf bits = { 0 };
bits.ptr = malloc(EM4X05_BITS_BUFSIZE);
bits.size = EM4X05_BITS_BUFSIZE;
bits.idx = 0;
size_t idx = 0;
// loop though sample buffer
while (idx < g_GraphTraceLen) {
@ -2037,8 +2041,8 @@ int CmdEM4x05Sniff(const char *Cmd) {
if (ZeroWidth <= 50) {
pktOffset -= ZeroWidth;
memset(bits, 0x00, sizeof(bits));
bitidx = 0;
memset(bits.ptr, 0, bits.size);
bits.idx = 0;
while ((idx < g_GraphTraceLen) && !eop) {
CycleWidth = idx;
@ -2047,7 +2051,7 @@ int CmdEM4x05Sniff(const char *Cmd) {
CycleWidth = idx - CycleWidth;
if ((CycleWidth > 300) || (CycleWidth < (ZeroWidth - 5))) { // to long or too short
eop = true;
bits[bitidx++] = '0'; // Append last zero from the last bit find
sb_append_char(&bits, '0'); // Append last zero from the last bit find
cmdText = "";
// EM4305 command lengths
@ -2059,76 +2063,77 @@ int CmdEM4x05Sniff(const char *Cmd) {
// -> disable 1010 11111111 0 11111111 0 11111111 0 11111111 0 00000000 0
// Check to see if we got the leading 0
if (((strncmp(bits, "00011", 5) == 0) && (bitidx == 50)) ||
((strncmp(bits, "00101", 5) == 0) && (bitidx == 57)) ||
((strncmp(bits, "01001", 5) == 0) && (bitidx == 12)) ||
((strncmp(bits, "01100", 5) == 0) && (bitidx == 50)) ||
((strncmp(bits, "01010", 5) == 0) && (bitidx == 50))) {
memmove(bits, &bits[1], bitidx - 1);
bitidx--;
if (((strncmp(bits.ptr, "00011", 5) == 0) && (bits.idx == 50)) ||
((strncmp(bits.ptr, "00101", 5) == 0) && (bits.idx == 57)) ||
((strncmp(bits.ptr, "01001", 5) == 0) && (bits.idx == 12)) ||
((strncmp(bits.ptr, "01100", 5) == 0) && (bits.idx == 50)) ||
((strncmp(bits.ptr, "01010", 5) == 0) && (bits.idx == 50))) {
memmove(bits.ptr, &bits.ptr[1], bits.idx - 1);
bits.idx--;
PrintAndLogEx(INFO, "Trim leading 0");
}
bits[bitidx] = 0;
sb_append_char(&bits, 0);
bits.idx--;
// logon
if ((strncmp(bits, "0011", 4) == 0) && (bitidx == 49)) {
if ((strncmp(bits.ptr, "0011", 4) == 0) && (bits.idx == 49)) {
haveData = true;
pwd = true;
cmdText = "Logon";
strncpy(blkAddr, " ", sizeof(blkAddr));
tmpValue = em4x05_Sniff_GetBlock(&bits[4], fwd);
tmpValue = em4x05_Sniff_GetBlock(&bits.ptr[4], fwd);
snprintf(dataText, sizeof(dataText), "%08X", tmpValue);
}
// write
if ((strncmp(bits, "0101", 4) == 0) && (bitidx == 56)) {
if ((strncmp(bits.ptr, "0101", 4) == 0) && (bits.idx == 56)) {
haveData = true;
cmdText = "Write";
tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3);
tmpValue = (bits.ptr[4] - '0') + ((bits.ptr[5] - '0') << 1) + ((bits.ptr[6] - '0') << 2) + ((bits.ptr[7] - '0') << 3);
snprintf(blkAddr, sizeof(blkAddr), "%u", tmpValue);
if (tmpValue == 2) {
pwd = true;
}
tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd);
tmpValue = em4x05_Sniff_GetBlock(&bits.ptr[11], fwd);
snprintf(dataText, sizeof(dataText), "%08X", tmpValue);
}
// read
if ((strncmp(bits, "1001", 4) == 0) && (bitidx == 11)) {
if ((strncmp(bits.ptr, "1001", 4) == 0) && (bits.idx == 11)) {
haveData = true;
pwd = false;
cmdText = "Read";
tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3);
tmpValue = (bits.ptr[4] - '0') + ((bits.ptr[5] - '0') << 1) + ((bits.ptr[6] - '0') << 2) + ((bits.ptr[7] - '0') << 3);
snprintf(blkAddr, sizeof(blkAddr), "%u", tmpValue);
strncpy(dataText, " ", sizeof(dataText));
}
// protect
if ((strncmp(bits, "1100", 4) == 0) && (bitidx == 49)) {
if ((strncmp(bits.ptr, "1100", 4) == 0) && (bits.idx == 49)) {
haveData = true;
pwd = false;
cmdText = "Protect";
strncpy(blkAddr, " ", sizeof(blkAddr));
tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd);
tmpValue = em4x05_Sniff_GetBlock(&bits.ptr[11], fwd);
snprintf(dataText, sizeof(dataText), "%08X", tmpValue);
}
// disable
if ((strncmp(bits, "1010", 4) == 0) && (bitidx == 49)) {
if ((strncmp(bits.ptr, "1010", 4) == 0) && (bits.idx == 49)) {
haveData = true;
pwd = false;
cmdText = "Disable";
strncpy(blkAddr, " ", sizeof(blkAddr));
tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd);
tmpValue = em4x05_Sniff_GetBlock(&bits.ptr[11], fwd);
snprintf(dataText, sizeof(dataText), "%08X", tmpValue);
}
// bits[bitidx] = 0;
} else {
i = (CycleWidth - ZeroWidth) / 28;
bits[bitidx++] = '0';
sb_append_char(&bits, '0');
for (int ii = 0; ii < i; ii++) {
bits[bitidx++] = '1';
sb_append_char(&bits, '1');
}
}
}
@ -2139,11 +2144,13 @@ int CmdEM4x05Sniff(const char *Cmd) {
// Print results
if (haveData) { //&& (minWidth > 1) && (maxWidth > minWidth)){
if (pwd)
PrintAndLogEx(SUCCESS, "%6zu | %-10s | " _YELLOW_("%8s")" | " _YELLOW_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits);
PrintAndLogEx(SUCCESS, "%6zu | %-10s | " _YELLOW_("%8s")" | " _YELLOW_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits.ptr);
else
PrintAndLogEx(SUCCESS, "%6zu | %-10s | " _GREEN_("%8s")" | " _GREEN_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits);
PrintAndLogEx(SUCCESS, "%6zu | %-10s | " _GREEN_("%8s")" | " _GREEN_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits.ptr);
}
}
free(bits.ptr);
bits.ptr = NULL;
// footer
PrintAndLogEx(SUCCESS, "---------------------------------------------------------------------------------------------------");

2
client/src/cmdlfem4x05.h
View file

@ -27,6 +27,8 @@
#define EM4305_PROT2_BLOCK 15
#define EM4469_PROT_BLOCK 3
#define EM4X05_BITS_BUFSIZE 128
// config blocks
#define EM4305_DEFAULT_CONFIG_BLOCK (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(4) ) // ASK/MAN , data rate 32, 4 data blocks
//#define EM4305_DEFAULT_CONFIG_BLOCK (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_BIPHASE | EM4x05_SET_NUM_BLOCKS(4) ) // ASK/BIPHASE , data rate 32, 4 data blocks

9
client/src/util.c
View file

@ -1261,3 +1261,12 @@ int byte_strstr(uint8_t *src, size_t srclen, uint8_t *pattern, size_t plen) {
}
return -1;
}
void sb_append_char(smartbuf *sb, unsigned char c) {
if (sb->idx >= sb->size) {
sb->size *= 2;
sb->ptr = realloc(sb->ptr, sb->size);
}
sb->ptr[sb->idx] = c;
sb->idx++;
}

7
client/src/util.h
View file

@ -146,4 +146,11 @@ uint32_t leadingzeros32(uint32_t a);
uint64_t leadingzeros64(uint64_t a);
int byte_strstr(uint8_t *src, size_t srclen, uint8_t *pattern, size_t plen);
struct smartbuf {
char *ptr;
size_t size;
size_t idx;
} typedef smartbuf;
void sb_append_char(smartbuf *sb, unsigned char c);
#endif