From 311f43172f1056fab458e3c35b1bc119b0679477 Mon Sep 17 00:00:00 2001 From: Artem Gnatyuk Date: Sat, 21 Mar 2020 15:48:16 +0700 Subject: [PATCH] LF_EM4100EMULV1 - renamed to LF_EM4100EMUL. Make more easy control. Short click - switch slot and satrt simulation LF_EM4100EMULV2 - deleted. LF_EM4100EMULV3 - renamed to LF_EM4100RWC --- armsrc/Standalone/Makefile.hal | 19 +- armsrc/Standalone/Makefile.inc | 26 +-- .../{lf_em4100emulV1.c => lf_em4100emul.c} | 31 +-- armsrc/Standalone/lf_em4100emulV3.c | 197 ------------------ .../{lf_em4100emulV2.c => lf_em4100rwc.c} | 8 +- 5 files changed, 26 insertions(+), 255 deletions(-) rename armsrc/Standalone/{lf_em4100emulV1.c => lf_em4100emul.c} (77%) delete mode 100644 armsrc/Standalone/lf_em4100emulV3.c rename armsrc/Standalone/{lf_em4100emulV2.c => lf_em4100rwc.c} (96%) diff --git a/armsrc/Standalone/Makefile.hal b/armsrc/Standalone/Makefile.hal index 776ae3f0f..fd52817db 100644 --- a/armsrc/Standalone/Makefile.hal +++ b/armsrc/Standalone/Makefile.hal @@ -35,28 +35,19 @@ define KNOWN_STANDALONE_DEFINITIONS | HF_BOG | 14a sniff with ULC/ULEV1/NTAG auth | | (RDV4 only) | storing in flashmem - Bogito | +----------------------------------------------------------+ -| HF_14ASNIFF | 14a sniff to flashmem | -| (RDV4 only) | | -+----------------------------------------------------------+ -| LF_ICEHID | LF HID collector to flashmem | -| (RDV4 only) | | -+----------------------------------------------------------+ -| LF_EM4100EMULV1 | Simulate predefined em4100 tags only | +| LF_EM4100EMUL | Simulate predefined em4100 tags only | | | | +----------------------------------------------------------+ -| LF_EM4100EMULV2 | Read/simulate em4100 tags | -| | | -+----------------------------------------------------------+ -| LF_EM4100EMULV3 | Read/simulate em4100 tags & clone it | +| LF_EM4100RWC | Read/simulate em4100 tags & clone it | | | to T555x tags | +----------------------------------------------------------+ endef -STANDALONE_MODES := LF_SAMYRUN LF_ICERUN LF_PROXBRUTE LF_HIDBRUTE LF_ICEHID LF_EM4100EMULV1 LF_EM4100EMULV2 LF_EM4100EMULV3 -STANDALONE_MODES += HF_YOUNG HF_MATTYRUN HF_COLIN HF_BOG HF_14ASNIFF +STANDALONE_MODES := LF_SAMYRUN LF_ICERUN LF_PROXBRUTE LF_HIDBRUTE LF_EM4100EMUL LF_EM4100RWC +STANDALONE_MODES += HF_YOUNG HF_MATTYRUN HF_COLIN HF_BOG STANDALONE_MODES_REQ_SMARTCARD := -STANDALONE_MODES_REQ_FLASH := HF_COLIN HF_BOG HF_14ASNIFF LF_ICEHID +STANDALONE_MODES_REQ_FLASH := HF_COLIN HF_BOG ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),) STANDALONE_PLATFORM_DEFS += -DWITH_STANDALONE_$(STANDALONE) ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES_REQ_SMARTCARD)),) diff --git a/armsrc/Standalone/Makefile.inc b/armsrc/Standalone/Makefile.inc index e7ca1bfe0..686cc66f0 100644 --- a/armsrc/Standalone/Makefile.inc +++ b/armsrc/Standalone/Makefile.inc @@ -33,23 +33,11 @@ endif ifneq (,$(findstring WITH_STANDALONE_HF_BOG,$(APP_CFLAGS))) SRC_STANDALONE = hf_bog.c endif -# WITH_STANDALONE_HF_14ASNIFF -ifneq (,$(findstring WITH_STANDALONE_HF_14ASNIFF,$(APP_CFLAGS))) - SRC_STANDALONE = hf_14asniff.c -endif -# WITH_STANDALONE_LF_ICEHID -ifneq (,$(findstring WITH_STANDALONE_LF_ICEHID,$(APP_CFLAGS))) - SRC_STANDALONE = lf_icehid.c -endif -# WITH_STANDALONE_LF_EM4100EMULV1 -ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMULV1,$(APP_CFLAGS))) - SRC_STANDALONE = lf_em4100emulV1.c -endif -# WITH_STANDALONE_LF_EM4100EMULV2 -ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMULV2,$(APP_CFLAGS))) - SRC_STANDALONE = lf_em4100emulV2.c -endif -# WITH_STANDALONE_LF_EM4100EMULV3 -ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMULV3,$(APP_CFLAGS))) - SRC_STANDALONE = lf_em4100emulV3.c +# WITH_STANDALONE_LF_EM4100EMUL +ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMUL,$(APP_CFLAGS))) + SRC_STANDALONE = lf_em4100emul.c endif +# WITH_STANDALONE_LF_EM4100RWC +ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RWC,$(APP_CFLAGS))) + SRC_STANDALONE = lf_em4100rwc.c +endif \ No newline at end of file diff --git a/armsrc/Standalone/lf_em4100emulV1.c b/armsrc/Standalone/lf_em4100emul.c similarity index 77% rename from armsrc/Standalone/lf_em4100emulV1.c rename to armsrc/Standalone/lf_em4100emul.c index d132f3650..907445912 100644 --- a/armsrc/Standalone/lf_em4100emulV1.c +++ b/armsrc/Standalone/lf_em4100emul.c @@ -5,9 +5,8 @@ // at your option, any later version. See the LICENSE.txt file for the text of // the license. //----------------------------------------------------------------------------- -// LF emul V1 - Very simple mode. Simulate only predefined in low[] IDs -// Short click - change current slot -// Long press - simulate tag ID from current slot +// LF emul - Very simple mode. Simulate only predefined in low[] IDs +// Short click - select next slot and start simulation //----------------------------------------------------------------------------- #include "standalone.h" #include "proxmark3_arm.h" @@ -32,7 +31,7 @@ uint8_t *bba,slots_count; int buflen; void ModInfo(void) { - DbpString(" LF EM4100 simulate standalone V1"); + DbpString(" LF EM4100 simulator standalone mode"); } uint64_t ReversQuads(uint64_t bits){ @@ -72,6 +71,7 @@ void ConstructEM410xEmulBuf(uint64_t id) { } void LED_Slot(int i) { + LEDsoff(); if (slots_count > 4) { LED(i % MAX_IND, 0); //binary indication for slots_count > 4 } else { @@ -82,26 +82,17 @@ void LED_Slot(int i) { void RunMod() { StandAloneMode(); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - int selected = 0; + int selected = 0; //selected slot after start slots_count = sizeof(low)/sizeof(low[0]); bba = BigBuf_get_addr(); - LED_Slot(selected); for (;;) { WDT_HIT(); if (data_available()) break; - int button_pressed = BUTTON_HELD(1000); - SpinDelay(300); - if (button_pressed == 1) { - SpinUp(100); - SpinOff(10); - LED_Slot(selected); - ConstructEM410xEmulBuf(ReversQuads(low[selected])); - SimulateTagLowFrequency(buflen, 0, true); - LED_Slot(selected); - } else if (button_pressed < 0) { - selected = (selected + 1) % slots_count; - LEDsoff(); - LED_Slot(selected); - } + SpinDelay(100); + SpinUp(100); + LED_Slot(selected); + ConstructEM410xEmulBuf(ReversQuads(low[selected])); + SimulateTagLowFrequency(buflen, 0, true); + selected = (selected + 1) % slots_count; } } diff --git a/armsrc/Standalone/lf_em4100emulV3.c b/armsrc/Standalone/lf_em4100emulV3.c deleted file mode 100644 index b1bf0d930..000000000 --- a/armsrc/Standalone/lf_em4100emulV3.c +++ /dev/null @@ -1,197 +0,0 @@ -//----------------------------------------------------------------------------- -// Artyom Gnatyuk, 2020 -// -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// LF emul V3 - This mode can simulate ID from selected slot, read ID to -// selected slot, write from selected slot to T5555 tag and store -// readed ID to flash (only RDV4). Also you can set predefined IDs -// in any slot. -// To recall stored ID from flash execute: -// mem dump o offset l 5 p -// where offset = 5 * selected slot -//----------------------------------------------------------------------------- -#include "standalone.h" -#include "proxmark3_arm.h" -#include "appmain.h" -#include "fpgaloader.h" -#include "lfops.h" -#include "util.h" -#include "dbprint.h" -#include "ticks.h" -#include "string.h" -#include "BigBuf.h" - -#ifdef WITH_FLASH -#include "flashmem.h" -#endif - -#define MAX_IND 16 // 4 LEDs - 2^4 combinations -#define CLOCK 64 //for 125kHz - -// low & high - array for storage IDs. Its length must be equal. -// Predefined IDs must be stored in low[]. -// In high[] must be nulls -uint64_t low[] = {0x565AF781C7,0x540053E4E2,0x1234567890,0,0,0,0,0,0,0,0,0,0,0,0,0}; -uint32_t high[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; -uint8_t *bba,slots_count; -int buflen; - -void ModInfo(void) { - DbpString(" LF EM4100 simulate standalone V3"); -} - -uint64_t ReversQuads(uint64_t bits){ - uint64_t result = 0; - for (int i = 0; i < 16; i++){ - result += ((bits >> (60 - 4 *i)) & 0xf) << (4 * i); - } - return result >> 24; -} - -void FillBuff(uint8_t bit) { - memset (bba + buflen, bit, CLOCK / 2); - buflen += (CLOCK / 2); - memset (bba + buflen, bit^1,CLOCK / 2); - buflen += (CLOCK / 2); -} - -void ConstructEM410xEmulBuf(uint64_t id) { - - int i, j, binary[4], parity[4]; - buflen = 0; - for (i = 0; i < 9; i++) - FillBuff(1); - parity[0] = parity[1] = parity[2] = parity[3] = 0; - for (i = 0; i < 10; i++) { - for (j = 3; j >= 0; j--, id /= 2) - binary[j] = id % 2; - for (j = 0; j < 4; j++) - FillBuff(binary[j]); - FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]); - for (j = 0; j < 4; j++) - parity[j] ^= binary[j]; - } - for (j = 0; j < 4; j++) - FillBuff(parity[j]); - FillBuff(0); -} - -void LED_Slot(int i) { - if (slots_count > 4) { - LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4 - } else { - LED(1 << i,0); //simple indication for slots_count <=4 - } -} - -void FlashLEDs(uint32_t speed, uint8_t times) { - for (int i = 0; i < times * 2; i++) { - LED_A_INV(); - LED_B_INV(); - LED_C_INV(); - LED_D_INV(); - SpinDelay(speed); - } -} - -#ifdef WITH_FLASH -void SaveIDtoFlash (int addr, uint64_t id) { - uint8_t b, *ptr; - for (int i = 0; i < 5; i++) { - b = (uint8_t) (id >> 8 * i & 0xff); - ptr = &b; - Flash_WriteData(addr * 5 + 4 - i,ptr,1); - } -} -#endif - -void RunMod() { - StandAloneMode(); - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - int selected = 0; - //state 0 - select slot - // 1 - read tag to selected slot, - // 2 - simulate tag from selected slot - // 3 - write to T5555 tag - uint8_t state = 0; - slots_count = sizeof(low)/sizeof(low[0]); - bba = BigBuf_get_addr(); - LED_Slot(selected); - for (;;) { - WDT_HIT(); - if (data_available()) break; - int button_pressed = BUTTON_HELD(1000); - SpinDelay(300); - switch (state){ - case 0: - // Select mode - if (button_pressed == 1) { - // Long press - switch to simulate mode - SpinUp(100); - SpinOff(100); - LED_Slot(selected); - state = 2; - } else if (button_pressed < 0) { - // Click - switch to next slot - selected = (selected + 1) % slots_count; - LEDsoff(); - LED_Slot(selected); - } - break; - case 1: - // Read mode. - if (button_pressed > 0) { - // Long press - switch to read mode - SpinUp(100); - SpinOff(10); - LED_Slot(selected); - state = 3; - } else if (button_pressed < 0) { - // Click - exit to select mode - CmdEM410xdemod(1, &high[selected], &low[selected], 0); - FlashLEDs(100,5); - #ifdef WITH_FLASH - SaveIDtoFlash(selected, low[selected]); - #endif - state = 0; - } - break; - case 2: - // Simulate mode - if (button_pressed > 0) { - // Long press - switch to read mode - SpinDown(100); - SpinOff(10); - LED_Slot(selected); - state = 1; - } else if (button_pressed < 0) { - // Click - start simulating. Click again to exit from simelate mode - LED_Slot(selected); - ConstructEM410xEmulBuf(ReversQuads(low[selected])); - FlashLEDs(100,5); - SimulateTagLowFrequency(buflen, 0, 1); - LED_Slot(selected); - state = 0; // Switch to select mode - } - break; - case 3: - // Write tag mode - if (button_pressed > 0) { - // Long press - switch to select mode - SpinDown(100); - SpinOff(10); - LED_Slot(selected); - state = 0; - } else if (button_pressed < 0) { - // Click - write ID to tag - WriteEM410x(0, (uint32_t) (low[selected] >> 32), (uint32_t) (low[selected] & 0xffffffff)); - LED_Slot(selected); - state = 0; // Switch to select mode - } - break; - } - } -} diff --git a/armsrc/Standalone/lf_em4100emulV2.c b/armsrc/Standalone/lf_em4100rwc.c similarity index 96% rename from armsrc/Standalone/lf_em4100emulV2.c rename to armsrc/Standalone/lf_em4100rwc.c index 2b48aeced..a336112ba 100644 --- a/armsrc/Standalone/lf_em4100emulV2.c +++ b/armsrc/Standalone/lf_em4100rwc.c @@ -5,7 +5,7 @@ // at your option, any later version. See the LICENSE.txt file for the text of // the license. //----------------------------------------------------------------------------- -// LF emul V2 - This mode can simulate tag ID from selected slot and read tag ID +// LF rwc - This mode can simulate tag ID from selected slot and read tag ID // to selected slot and to flash (only RDV4). Also you can set // predefined IDs in any slot. // To recall stored ID from flash execute: @@ -39,7 +39,7 @@ uint8_t *bba,slots_count; int buflen; void ModInfo(void) { - DbpString(" LF EM4100 simulate standalone V2"); + DbpString(" LF EM4100 read/write/clone standalone mode"); } uint64_t ReversQuads(uint64_t bits){ @@ -79,6 +79,7 @@ void ConstructEM410xEmulBuf(uint64_t id) { } void LED_Slot(int i) { + LEDsoff(); if (slots_count > 4) { LED(i % MAX_IND, 0); //binary indication, usefully for slots_count > 4 } else { @@ -130,12 +131,10 @@ void RunMod() { // Long press - switch to simulate mode SpinUp(100); SpinOff(100); - LED_Slot(selected); state = 2; } else if (button_pressed < 0) { // Click - switch to next slot selected = (selected + 1) % slots_count; - LEDsoff(); LED_Slot(selected); } break; @@ -153,7 +152,6 @@ void RunMod() { if (button_pressed > 0) { // Long press - switch to read mode SpinDown(100); - SpinOff(10); LED_Slot(selected); state = 1; } else if (button_pressed < 0) {