ADD: StandAloneMode LF Proxbrute by @brad-anton

https://github.com/brad-anton/proxbrute

--adjusted to fit iceman fork and latest enhancements to LF
(untested)

armsrc/Makefile

@@ -102,6 +102,8 @@ ARMSRC = fpgaloader.c \
 	hf_young.c
 	#	lf_samyrun.c \
 	#	lf_hidbrute.c \
+	#	lf_proxbrute.c \
+	
 	
 # Do not move this inclusion before the definition of {THUMB,ASM,ARM}SRC
 include ../common/Makefile.common

armsrc/Standalone/lf_proxbrute.c

@@ -0,0 +1,169 @@
+//-----------------------------------------------------------------------------
+// Samy Kamkar, 2011, 2012
+// Brad antoniewicz 2011
+// Christian Herrmann, 2017
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// main code for LF aka Proxbrute by Brad antoniewicz 
+//-----------------------------------------------------------------------------
+#include "lf_proxbrute.h"
+
+// samy's sniff and repeat routine for LF
+void RunMod() {
+	StandAloneMode();
+	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+	int high[OPTS], low[OPTS];
+	int selected = 0;
+	int playing = 0;
+	int cardRead = 0;
+
+	// Turn on selected LED
+	LED(selected + 1, 0);
+
+	for (;;) {		
+		WDT_HIT();
+		
+		// exit from SamyRun,   send a usbcommand.
+		if (usb_poll_validate_length()) break;
+
+		// Was our button held down or pressed?
+		int button_pressed = BUTTON_HELD(1000);
+		//SpinDelay(300);
+
+		// Button was held for a second, begin recording
+		if (button_pressed > 0 && cardRead == 0) {
+			LEDsoff();
+			LED(selected + 1, 0);
+			LED(LED_RED2, 0);
+
+			// record
+			DbpString("Starting recording");
+
+			// wait for button to be released
+			while(BUTTON_PRESS())
+				WDT_HIT();
+
+			/* need this delay to prevent catching some weird data */
+			SpinDelay(500);
+
+			CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
+			Dbprintf("Recorded %x %x %08x", selected, high[selected], low[selected]);
+
+			LEDsoff();
+			LED(selected + 1, 0);
+			// Finished recording
+			// If we were previously playing, set playing off
+			// so next button push begins playing what we recorded
+			playing = 0;			
+			cardRead = 1;	
+		}
+		else if (button_pressed > 0 && cardRead == 1) {
+			LEDsoff();
+			LED(selected + 1, 0);
+			LED(LED_ORANGE, 0);
+
+			// record
+			Dbprintf("Cloning %x %x %08x", selected, high[selected], low[selected]);
+
+			// wait for button to be released
+			while(BUTTON_PRESS())
+				WDT_HIT();
+
+			/* need this delay to prevent catching some weird data */
+			SpinDelay(500);
+
+			CopyHIDtoT55x7(0, high[selected], low[selected], 0);
+			Dbprintf("Cloned %x %x %08x", selected, high[selected], low[selected]);
+
+			LEDsoff();
+			LED(selected + 1, 0);
+			// Finished recording
+
+			// If we were previously playing, set playing off
+			// so next button push begins playing what we recorded
+			playing = 0;			
+			cardRead = 0;			
+		}
+
+		// Change where to record (or begin playing)
+		else if (button_pressed) {
+			// Next option if we were previously playing
+			if (playing)
+				selected = (selected + 1) % OPTS;
+			playing = !playing;
+
+			LEDsoff();
+			LED(selected + 1, 0);
+
+			// Begin transmitting
+			if (playing) {
+				LED(LED_GREEN, 0);
+				DbpString("Playing");
+				// wait for button to be released
+				while(BUTTON_PRESS())
+					WDT_HIT();
+				
+				/* START PROXBRUTE */
+
+				/*
+				ProxBrute - brad a. - foundstone
+
+				Following code is a trivial brute forcer once you read a valid tag
+				the idea is you get a valid tag, then just try and brute force to
+				another priv level. The problem is that it has no idea if the code
+				worked or not, so its a crap shoot. One option is to time how long
+				it takes to get a valid ID then start from scratch every time.
+				*/
+				if ( selected == 1 ) {
+					DbpString("Entering ProxBrute Mode");
+					DbpString("brad a. - foundstone");
+					Dbprintf("Current Tag: Selected = %x Facility = %08x ID = %08x", selected, high[selected], low[selected]);
+					LED(LED_ORANGE, 0);
+					LED(LED_RED, 0);
+					for ( i = low[selected]-1; i > ZERO; i--) {
+						if (BUTTON_PRESS()) {
+							DbpString("Told to Stop");
+							break;
+						}
+
+						Dbprintf("Trying Facility = %08x ID %08x", high[selected], i);
+						CmdHIDsimTAGEx(high[selected], i, 0, 20000);
+						SpinDelay(500);
+					}
+
+				} else {
+					DbpString("Red is lit, not entering ProxBrute Mode");
+					Dbprintf("%x %x %x", selected, high[selected], low[selected]);
+					CmdHIDsimTAGEx(high[selected], low[selected], 0, 20000);
+					DbpString("Done playing");
+				}
+
+				/*   END PROXBRUTE */
+
+				
+				if (BUTTON_HELD(1000) > 0) {
+					DbpString("Exiting");
+					LEDsoff();
+					return;
+				}
+
+				/* We pressed a button so ignore it here with a delay */
+				SpinDelay(300);
+
+				// when done, we're done playing, move to next option
+				selected = (selected + 1) % OPTS;
+				playing = !playing;
+				LEDsoff();
+				LED(selected + 1, 0);
+			}
+			else {
+				while(BUTTON_PRESS())
+					WDT_HIT();
+			}
+		}
+	}
+}

armsrc/Standalone/lf_proxbrute.h

@@ -0,0 +1,21 @@
+//-----------------------------------------------------------------------------
+// Samy Kamkar, 2011, 2012
+// Brad antoniewicz 2011
+// Christian Herrmann, 2017
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// StandAlone Mod
+//-----------------------------------------------------------------------------
+
+#ifndef __LF_PROXBRUTE_H
+#define __LF_PROXBRUTE_H
+
+#include "standalone.h" // standalone definitions
+#include "apps.h" // debugstatements, lfops?
+
+#define OPTS 2
+
+#endif /* __LF_PROXBRUTE_H */

armsrc/appmain.c

@@ -1204,7 +1204,7 @@ void  __attribute__((noreturn)) AppMain(void) {
 * All standalone mod "main loop" should be the RunMod() function.
 * Since the standalone is either LF or HF, the somewhat bisarr defines below exists. 
 */			
-#if defined (WITH_LF) && ( defined (WITH_LF_SAMYRUN) || defined (WITH_LF_HIDBRUTE) )
+#if defined (WITH_LF) && ( defined (WITH_LF_SAMYRUN) || defined (WITH_LF_HIDBRUTE) || define (WITH_LF_PROXBRUTE) )
 			RunMod();
 #endif