From 2fcc9b07efdb0073bf3a76705c33de65534589ac Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 17:37:01 +0200 Subject: [PATCH] disable verichip stuff. should be inside FDX already --- client/Makefile | 1 - client/src/cmdlf.c | 3 - client/src/cmdlfpac.c | 27 +++-- client/src/cmdlfverichip_disabled.c | 172 ++++++++++++++++++++++++++++ client/src/cmdlfverichip_disabled.h | 19 +++ 5 files changed, 206 insertions(+), 16 deletions(-) create mode 100644 client/src/cmdlfverichip_disabled.c create mode 100644 client/src/cmdlfverichip_disabled.h diff --git a/client/Makefile b/client/Makefile index 8943915bb..a4e8b193d 100644 --- a/client/Makefile +++ b/client/Makefile @@ -461,7 +461,6 @@ SRCS = aidsearch.c \ cmdlfsecurakey.c \ cmdlft55xx.c \ cmdlfti.c \ - cmdlfverichip.c \ cmdlfviking.c \ cmdlfvisa2000.c \ cmdmain.c \ diff --git a/client/src/cmdlf.c b/client/src/cmdlf.c index eb8c4ce5b..3daf91e2f 100644 --- a/client/src/cmdlf.c +++ b/client/src/cmdlf.c @@ -55,7 +55,6 @@ #include "cmdlfkeri.h" // for keri menu #include "cmdlfmotorola.h" // for Motorola menu #include "cmdlfgallagher.h" // for GALLAGHER menu -#include "cmdlfverichip.h" // for VERICHIP menu static bool g_lf_threshold_set = false; @@ -1288,7 +1287,6 @@ int CmdLFfind(const char *Cmd) { } if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") " found!"); goto out;} - if (demodVerichip() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("VERICHIP ID") " found!"); goto out;} if (demodHID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("HID Prox ID") " found!"); goto out;} if (demodAWID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("AWID ID") " found!"); goto out;} if (demodIOProx() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("IO Prox ID") " found!"); goto out;} @@ -1393,7 +1391,6 @@ static command_t CommandTable[] = { {"securakey", CmdLFSecurakey, AlwaysAvailable, "{ Securakey RFIDs... }"}, {"ti", CmdLFTI, AlwaysAvailable, "{ TI CHIPs... }"}, {"t55xx", CmdLFT55XX, AlwaysAvailable, "{ T55xx CHIPs... }"}, - {"verichip", CmdLFVerichip, AlwaysAvailable, "{ VERICHIP RFIDs... }"}, {"viking", CmdLFViking, AlwaysAvailable, "{ Viking RFIDs... }"}, {"visa2000", CmdLFVisa2k, AlwaysAvailable, "{ Visa2000 RFIDs... }"}, {"", CmdHelp, AlwaysAvailable, ""}, diff --git a/client/src/cmdlfpac.c b/client/src/cmdlfpac.c index 10365358e..f162b7342 100644 --- a/client/src/cmdlfpac.c +++ b/client/src/cmdlfpac.c @@ -1,4 +1,6 @@ //----------------------------------------------------------------------------- +// by marshmellow +// by danshuk // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -9,20 +11,19 @@ //----------------------------------------------------------------------------- #include "cmdlfpac.h" -#include //tolower +#include // tolower #include #include - -#include "commonutil.h" // ARRAYLEN +#include "commonutil.h" // ARRAYLEN #include "common.h" -#include "cmdparser.h" // command_t +#include "cmdparser.h" // command_t #include "comms.h" #include "ui.h" #include "cmddata.h" #include "cmdlf.h" #include "lfdemod.h" // preamble test #include "protocols.h" // t55xx defines -#include "cmdlft55xx.h" // clone.. +#include "cmdlft55xx.h" // clone #include "parity.h" static int CmdHelp(const char *Cmd); @@ -54,7 +55,7 @@ static int usage_lf_pac_sim(void) { PrintAndLogEx(NORMAL, _YELLOW_(" lf pac sim 12345678")); return PM3_SUCCESS; } -// by danshuk + // PAC_8byte format: preamble (8 mark/idle bits), ascii STX (02), ascii '2' (32), ascii '0' (30), ascii bytes 0..7 (cardid), then xor checksum of cardid bytes // all bytes following 8 bit preamble are one start bit (0), 7 data bits (lsb first), odd parity bit, and one stop bit (1) static int demodbuf_to_pacid(uint8_t *src, const size_t src_size, uint8_t *dst, const size_t dst_size) { @@ -85,7 +86,9 @@ static int demodbuf_to_pacid(uint8_t *src, const size_t src_size, uint8_t *dst, PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: Bad checksum - expected: %02X, actual: %02X", dst[dataLength - 1], checksum); return PM3_ESOFT; } - dst[dataLength - 1] = 0; // overwrite checksum byte with null terminator + + // overwrite checksum byte with null terminator + dst[dataLength - 1] = 0; return PM3_SUCCESS; } @@ -142,9 +145,13 @@ static void pacCardIdToRaw(uint8_t *outRawBytes, const char *cardId) { //see NRZDemod for what args are accepted static int CmdPacDemod(const char *Cmd) { + (void)Cmd; + return demodPac(); +} +int demodPac(void) { //NRZ - if (NRZrawDemod(Cmd, false) != PM3_SUCCESS) { + if (NRZrawDemod("", false) != PM3_SUCCESS) { PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: NRZ Demod failed"); return PM3_ESOFT; } @@ -307,7 +314,6 @@ int CmdLFPac(const char *Cmd) { return CmdsParse(CommandTable, Cmd); } -// by marshmellow // find PAC preamble in already demoded data int detectPac(uint8_t *dest, size_t *size) { if (*size < 128) return -1; //make sure buffer has data @@ -320,7 +326,4 @@ int detectPac(uint8_t *dest, size_t *size) { return (int)startIdx; } -int demodPac(void) { - return CmdPacDemod(""); -} diff --git a/client/src/cmdlfverichip_disabled.c b/client/src/cmdlfverichip_disabled.c new file mode 100644 index 000000000..ee2de0846 --- /dev/null +++ b/client/src/cmdlfverichip_disabled.c @@ -0,0 +1,172 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency Verichip tag commands +//NRZ, RF/32, 128 bits long +//----------------------------------------------------------------------------- +#include "cmdlfverichip.h" + +#include //tolower + +#include "commonutil.h" // ARRAYLEN +#include "common.h" +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "lfdemod.h" // preamble test +#include "protocols.h" // t55xx defines +#include "cmdlft55xx.h" // clone.. + +static int CmdHelp(const char *Cmd); + +static int usage_lf_verichip_clone(void) { + PrintAndLogEx(NORMAL, "clone a verichip tag to a T55x7 tag."); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf verichip clone [h] [b ]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h : this help"); + PrintAndLogEx(NORMAL, " b : raw hex data. 12 bytes max"); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf verichip clone b FF2049906D8511C593155B56D5B2649F ")); + return PM3_SUCCESS; +} + +//see NRZDemod for what args are accepted +static int CmdVerichipDemod(const char *Cmd) { + (void)Cmd; + return demodVerichip(); +} + +int demodVerichip(void) { + //NRZ + if (NRZrawDemod("", false) != PM3_SUCCESS) { + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: NRZ Demod failed"); + return PM3_ESOFT; + } + size_t size = DemodBufferLen; + int ans = detectVerichip(DemodBuffer, &size); + if (ans < 0) { + if (ans == -1) + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: too few bits found"); + else if (ans == -2) + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: preamble not found"); + else if (ans == -3) + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: Size not correct: %zu", size); + else + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: ans: %d", ans); + + return PM3_ESOFT; + } + setDemodBuff(DemodBuffer, 128, ans); + setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock)); + + //got a good demod + uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); + uint32_t raw2 = bytebits_to_byte(DemodBuffer + 32, 32); + uint32_t raw3 = bytebits_to_byte(DemodBuffer + 64, 32); + uint32_t raw4 = bytebits_to_byte(DemodBuffer + 96, 32); + + // preamble then appears to have marker bits of "10" CS? + // 11111111001000000 10 01001100 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 10001100 10 100000001 + // unknown checksum 9 bits at the end + + PrintAndLogEx(SUCCESS, "VERICHIP - Raw: %08X%08X%08X%08X", raw1, raw2, raw3, raw4); + PrintAndLogEx(INFO, "How the Raw ID is translated by the reader is unknown. Share your trace file on forum"); + return PM3_SUCCESS; +} + +static int CmdVerichipRead(const char *Cmd) { + lf_read(false, 4096 * 2 + 20); + return CmdVerichipDemod(Cmd); +} + +static int CmdVerichipClone(const char *Cmd) { + + uint32_t blocks[5]; + bool errors = false; + uint8_t cmdp = 0; + int datalen = 0; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_verichip_clone(); + case 'b': { + // skip first block, 4*4 = 16 bytes left + uint8_t rawhex[16] = {0}; + int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); + if (res != 0) + errors = true; + + for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) { + blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t)); + } + cmdp += 2; + break; + } + default: + PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (errors || cmdp == 0) return usage_lf_verichip_clone(); + + //Pac - compat mode, NRZ, data rate 40, 3 data blocks + blocks[0] = T55x7_MODULATION_DIRECT | T55x7_BITRATE_RF_40 | 4 << T55x7_MAXBLOCK_SHIFT; + + PrintAndLogEx(INFO, "Preparing to clone Verichip to T55x7 with raw hex"); + print_blocks(blocks, ARRAYLEN(blocks)); + + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf verichip read`") " to verify"); + return res; +} + +static int CmdVerichipSim(const char *Cmd) { + + // NRZ sim. + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + +static command_t CommandTable[] = { + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"demod", CmdVerichipDemod, AlwaysAvailable, "Demodulate an VERICHIP tag from the GraphBuffer"}, + {"read", CmdVerichipRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, + {"clone", CmdVerichipClone, IfPm3Lf, "clone VERICHIP tag"}, + {"sim", CmdVerichipSim, IfPm3Lf, "simulate VERICHIP tag"}, + {NULL, NULL, NULL, NULL} +}; + +static int CmdHelp(const char *Cmd) { + (void)Cmd; // Cmd is not used so far + CmdsHelp(CommandTable); + return PM3_SUCCESS; +} + +int CmdLFVerichip(const char *Cmd) { + clearCommandBuffer(); + return CmdsParse(CommandTable, Cmd); +} + +// find VERICHIP preamble in already demoded data +int detectVerichip(uint8_t *dest, size_t *size) { + if (*size < 128) return -1; //make sure buffer has data + size_t startIdx = 0; + uint8_t preamble[] = {1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0}; + if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) + return -2; //preamble not found + if (*size < 128) return -3; //wrong demoded size + //return start position + return (int)startIdx; +} + diff --git a/client/src/cmdlfverichip_disabled.h b/client/src/cmdlfverichip_disabled.h new file mode 100644 index 000000000..4ddf6a5d1 --- /dev/null +++ b/client/src/cmdlfverichip_disabled.h @@ -0,0 +1,19 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency Verichip tag commands +//----------------------------------------------------------------------------- +#ifndef CMDLFVERICHIP_H__ +#define CMDLFVERICHIP_H__ + +#include "common.h" + +int CmdLFVerichip(const char *Cmd); + +int demodVerichip(void); +int detectVerichip(uint8_t *dest, size_t *size); +#endif +