CHG: 'lf search' - hitag/cotag wrong return values

CHG: is_justnoise - safety checks CHG: 'hitag reader' - debug printing
2025-08-14 10:37:23 -07:00 · 2017-10-30 22:20:08 +01:00 · 2017-10-30 22:20:08 +01:00 · 3b1c01cd13
commit 3b1c01cd13
parent 54e8a0ae2b
6 changed files with 83 additions and 65 deletions
--- a/client/cmdlf.c
+++ b/client/cmdlf.c
@ -849,7 +849,7 @@ int CheckChipType(bool getDeviceData) {
 //by marshmellow
 int CmdLFfind(const char *Cmd) {
 	int ans = 0;
-	size_t minLength = 1000;
+	size_t minLength = 2000;
 	char cmdp = param_getchar(Cmd, 0);
 	char testRaw = param_getchar(Cmd, 1);
 	
@ -873,18 +873,17 @@ int CmdLFfind(const char *Cmd) {
 	
 	// only run these tests if device is online
 	if (isOnline) {
-
-		// only run if graphbuffer is just noise as it should be for hitag/cotag
+		// only run if graphbuffer is just noise as it should be for hitag
+		// The improved noise detection will find Cotag.
 		if (is_justnoise(GraphBuffer, minLength)) {
-			
-			if (CheckChipType(isOnline) ) return 1;			
-			if (CmdLFHitagReader("26")) { PrintAndLog("\nValid Hitag Found!"); return 1;}
-			if (CmdCOTAGRead("")) 		{ PrintAndLog("\nValid COTAG ID Found!"); return 1;}

-			PrintAndLog("Signal looks just like noise. Quitting.");
+			PrintAndLog("Signal looks just like noise. Looking for Hitag signal now.");					
+			if (CmdLFHitagReader("26") == 0) { PrintAndLog("\nValid Hitag Found!"); return 1;}
+			if (CmdCOTAGRead("") > 0) 	{ PrintAndLog("\nValid COTAG ID Found!"); return 1;}
 		    return 0;
 		}
 	}
+	
 	if (EM4x50Read("", false))	{ PrintAndLog("\nValid EM4x50 ID Found!"); return 1;}
 	if (CmdAWIDDemod(""))		{ PrintAndLog("\nValid AWID ID Found!"); goto out;}
 	if (CmdEM410xDemod(""))		{ PrintAndLog("\nValid EM410x ID Found!"); goto out;}
@ -906,6 +905,7 @@ int CmdLFfind(const char *Cmd) {
 	if (CmdVikingDemod(""))		{ PrintAndLog("\nValid Viking ID Found!"); goto out;}	
 	if (CmdVisa2kDemod(""))		{ PrintAndLog("\nValid Visa2000 ID Found!"); goto out;}

+	//if (CmdFermaxDemod(""))		{ PrintAndLog("\nValid Fermax ID Found!"); goto out;}
 	// TIdemod?  flexdemod?
 	
 	PrintAndLog("\nNo Known Tags Found!\n");
--- a/client/cmdlfhitag.c
+++ b/client/cmdlfhitag.c
@ -22,15 +22,20 @@
 #include "hitagS.h"
 #include "util_posix.h"
 #include "cmdmain.h"
+#include "cmddata.h"

 static int CmdHelp(const char *Cmd);

 size_t nbytes(size_t nbits) {
-	return (nbits/8)+((nbits%8)>0);
+	return (nbits/8) + ((nbits%8) > 0);
 }

 int CmdLFHitagList(const char *Cmd) {
 	uint8_t *got = malloc(USB_CMD_DATA_SIZE);
+	if ( !got ) {
+		PrintAndLog("Cannot allocate memory for trace");
+		return 2;
+	}

 	// Query for the actual size of the trace
 	UsbCommand response;
@ -197,22 +202,22 @@ int CmdLFHitagReader(const char *Cmd) {
 	switch (htf) {
 		case 01: { //RHTSF_CHALLENGE
 			c = (UsbCommand){ CMD_READ_HITAG_S };
-			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
-			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
+			num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr);
+			num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4);
 		} break;
 		case 02: { //RHTSF_KEY
 			c = (UsbCommand){ CMD_READ_HITAG_S };
-			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+			num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key);
 		} break;
 		case RHT2F_PASSWORD: {
-			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password);
+			num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->pwd.password);
 		} break;
 		case RHT2F_AUTHENTICATE: {
-			num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr);
-			num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4);
+			num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr);
+			num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4);
 		} break;
 		case RHT2F_CRYPTO: {
-			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+			num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key);
 		} break;
 		case RHT2F_TEST_AUTH_ATTEMPTS: {
 			// No additional parameters needed
@ -221,7 +226,7 @@ int CmdLFHitagReader(const char *Cmd) {
 			// No additional parameters needed
 		} break;
 		default: {
-			PrintAndLog("\nError: unkown reader function %d",htf);
+			PrintAndLog("\nError: unkown reader function %d", htf);
 			PrintAndLog("");
 			PrintAndLog("Usage: hitag reader <Reader Function #>");
 			PrintAndLog("Reader Functions:");
@ -243,30 +248,36 @@ int CmdLFHitagReader(const char *Cmd) {
 	c.arg[0] = htf;
 	clearCommandBuffer();
 	SendCommand(&c);
-	UsbCommand resp;
-	WaitForResponse(CMD_ACK, &resp);
+	UsbCommand resp;	
+	if ( !WaitForResponseTimeout(CMD_ACK, &resp, 4000) ) {
+		PrintAndLog("timeout while waiting for reply.");
+		return 1;
+	}

 	// Check the return status, stored in the first argument
-	if (resp.arg[0] == false) return 1;
+	if (resp.arg[0] == false) {
+		if (g_debugMode) PrintAndLog("DEBUG: Error - hitag failed");
+		return 1;
+	}

-	uint32_t id = bytes_to_num(resp.d.asBytes,4);
+	uint32_t id = bytes_to_num(resp.d.asBytes, 4);

 	if (htf == RHT2F_UID_ONLY){
-		PrintAndLog("Valid Hitag2 tag found - UID: %08x",id);
+		PrintAndLog("Valid Hitag2 tag found - UID: %08x", id);
 	} else {
 		char filename[FILE_PATH_SIZE];
 		FILE* f = NULL;
-		sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff));
-		f = fopen(filename,"wb");
+		sprintf(filename, "%08x_%04x.ht2", id, (rand() & 0xffff));
+		f = fopen(filename, "wb");
 		if (!f) {
-			PrintAndLog("Error: Could not open file [%s]",filename);
+			PrintAndLog("Error: Could not open file [%s]", filename);
 			return 1;
 		}

 		// Write the 48 tag memory bytes to file and finalize
 		fwrite(resp.d.asBytes, 1, 48, f);
 		fclose(f);
-		PrintAndLog("Succesfully saved tag memory to [%s]",filename);
+		PrintAndLog("Succesfully saved tag memory to [%s]", filename);
 	}
 	return 0;
 }
@ -312,12 +323,13 @@ int CmdLFHitagCheckChallenges(const char *Cmd) {
 	FILE* f;
 	bool file_given;
 	int len = strlen(Cmd);
-	if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
+	if (len > FILE_PATH_SIZE)
+		len = FILE_PATH_SIZE;
 	memcpy(filename, Cmd, len);
 	
 	if (strlen(filename) > 0) {
 		f = fopen(filename,"rb+");
-		if( !f ) {
+		if ( !f ) {
 			PrintAndLog("Error: Could not open file [%s]", filename);
 			return 1;
 		}
@ -343,23 +355,23 @@ int CmdLFHitagCheckChallenges(const char *Cmd) {
 int CmdLFHitagWP(const char *Cmd) {
 	UsbCommand c = { CMD_WR_HITAG_S };
 	hitag_data* htd = (hitag_data*)c.d.asBytes;
-	hitag_function htf = param_get32ex(Cmd,0,0,10);
+	hitag_function htf = param_get32ex(Cmd, 0, 0, 10);
 	switch (htf) {
 		case 03: { //WHTSF_CHALLENGE
-			num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr);
+			num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 8, htd->auth.NrAr);
 			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
-			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data);
+			num_to_bytes(param_get32ex(Cmd, 3, 0, 16), 4, htd->auth.data);
 		} break;
 		case 04:
 		case 24:
 		 { //WHTSF_KEY
-			num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key);
+			num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key);
 			c.arg[2]= param_get32ex(Cmd, 2, 0, 10);
-			num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data);
+			num_to_bytes(param_get32ex(Cmd, 3, 0, 16), 4, htd->crypto.data);

 		} break;
 		default: {
-			PrintAndLog("Error: unkown writer function %d",htf);
+			PrintAndLog("Error: unkown writer function %d", htf);
 			PrintAndLog("Hitag writer functions");
 			PrintAndLog(" HitagS (0*)");
 			PrintAndLog("  03 <nr,ar> (Challenge) <page> <byte0...byte3> write page on a Hitag S tag");
@ -375,7 +387,7 @@ int CmdLFHitagWP(const char *Cmd) {
 	clearCommandBuffer();
 	SendCommand(&c);
 	UsbCommand resp;
-	WaitForResponse(CMD_ACK,&resp);
+	WaitForResponse(CMD_ACK, &resp);

 	// Check the return status, stored in the first argument
 	if (resp.arg[0] == false) return 1;
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@ -1292,7 +1292,7 @@ int CmdT55xxDump(const char *Cmd){
 	return 1;
 }

-int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
+bool AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
 	// arg0 bitmodes:
 	// 	bit0 = pwdmode
 	// 	bit1 = page to read from
@ -1304,7 +1304,7 @@ int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
 	SendCommand(&c);
 	if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) {
 		PrintAndLog("command execution time out");
-		return 0;
+		return false;
 	}

 	//uint8_t got[12288];
@ -1312,14 +1312,14 @@ int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
 	GetFromBigBuf(got, sizeof(got), 0);
 	if ( !WaitForResponseTimeout(CMD_ACK, NULL, 8000) ) {
 		PrintAndLog("command execution time out");
-		return 0;
+		return false;
 	}
 	setGraphBuf(got, sizeof(got));

 	if (is_justnoise(GraphBuffer, sizeof(got))) 
-		return 0;
+		return false;

-	return 1;
+	return true;
 }

 char * GetBitRateStr(uint32_t id, bool xmode) {
--- a/client/cmdlft55xx.h
+++ b/client/cmdlft55xx.h
@ -155,7 +155,7 @@ bool testKnownConfigBlock(uint32_t block0);
 extern bool tryDetectP1(bool getData);
 bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5);
 int special(const char *Cmd);
-int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );
+bool AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );

 bool detectPassword(int password);

--- a/client/graph.c
+++ b/client/graph.c
@ -269,6 +269,10 @@ uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose, int *f
 // By measuring mean and look at amplitude of signal from HIGH / LOW, 
 // we can detect noise
 bool is_justnoise(int *bits, uint32_t size) {
+	
+	if ( bits == NULL ) return true;
+	if ( size < 100 ) return true;
+	
 	//might not be high enough for noisy environments
 	#define NOICE_AMPLITUDE_THRESHOLD 10;

--- a/common/lfdemod.c
+++ b/common/lfdemod.c
@ -143,22 +143,22 @@ bool parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType) {
 //by marshmellow
 // takes a array of binary values, start position, length of bits per parity (includes parity bit - MAX 32),
 //   Parity Type (1 for odd; 0 for even; 2 for Always 1's; 3 for Always 0's), and binary Length (length to run) 
-size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen) {
+size_t removeParity(uint8_t *bits, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen) {
 	uint32_t parityWd = 0;
 	size_t bitCnt = 0;
 	for (int word = 0; word < (bLen); word += pLen){
 		for (int bit=0; bit < pLen; bit++){
 			if (word+bit >= bLen) break;
-			parityWd = (parityWd << 1) | BitStream[startIdx+word+bit];
-			BitStream[bitCnt++] = (BitStream[startIdx+word+bit]);
+			parityWd = (parityWd << 1) | bits[startIdx+word+bit];
+			bits[bitCnt++] = (bits[startIdx+word+bit]);
 		}
 		if (word+pLen > bLen) break;

 		bitCnt--; // overwrite parity with next data
 		// if parity fails then return 0
 		switch (pType) {
-			case 3: if (BitStream[bitCnt]==1) {return 0;} break; //should be 0 spacer bit
-			case 2: if (BitStream[bitCnt]==0) {return 0;} break; //should be 1 spacer bit
+			case 3: if (bits[bitCnt]==1) {return 0;} break; //should be 0 spacer bit
+			case 2: if (bits[bitCnt]==0) {return 0;} break; //should be 1 spacer bit
 			default: if (parityTest(parityWd, pLen, pType) == 0) { return 0; } break; //test parity
 		}
 		parityWd = 0;
@ -196,8 +196,7 @@ size_t addParity(uint8_t *BitSource, uint8_t *dest, uint8_t sourceLen, uint8_t p
 	return bitCnt;
 }

-uint32_t bytebits_to_byte(uint8_t *src, size_t numbits)
-{
+uint32_t bytebits_to_byte(uint8_t *src, size_t numbits) {
 	uint32_t num = 0;
 	for(int i = 0 ; i < numbits ; i++) {
 		num = (num << 1) | (*src);
@ -207,8 +206,7 @@ uint32_t bytebits_to_byte(uint8_t *src, size_t numbits)
 }

 //least significant bit first
-uint32_t bytebits_to_byteLSBF(uint8_t *src, size_t numbits)
-{
+uint32_t bytebits_to_byteLSBF(uint8_t *src, size_t numbits) {
 	uint32_t num = 0;
 	for(int i = 0 ; i < numbits ; i++) {
 		num = (num << 1) | *(src + (numbits-(i+1)));
@ -225,14 +223,14 @@ bool preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *
 // search for given preamble in given BitStream and return success=1 or fail=0 and startIndex (where it was found) and length if not fineone 
 // fineone does not look for a repeating preamble for em4x05/4x69 sends preamble once, so look for it once in the first pLen bits
 //(iceman) FINDONE,  only finds start index. NOT SIZE!.  I see Em410xDecode (lfdemod.c) uses SIZE to determine success
-bool preambleSearchEx(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx, bool findone)
+bool preambleSearchEx(uint8_t *bits, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx, bool findone)
 {
-	// Sanity check.  If preamble length is bigger than bitstream length.
+	// Sanity check.  If preamble length is bigger than bits length.
 	if ( *size <= pLen ) return false;
 	
 	uint8_t foundCnt = 0;
 	for (size_t idx = 0; idx < *size - pLen; idx++) {
-		if (memcmp(BitStream+idx, preamble, pLen) == 0){
+		if (memcmp(bits+idx, preamble, pLen) == 0){
 			//first index found
 			foundCnt++;
 			if (foundCnt == 1){
@ -590,7 +588,7 @@ int DetectStrongNRZClk(uint8_t *dest, size_t size, int peak, int low, bool *stro
 		++i;
 	lastWasHigh = (dest[i] >= peak);

-	if (i==size) return 0;
+	if (i == size) return 0;
 	transition1 = i;

 	for (;i < size; i++) {
@ -1257,19 +1255,19 @@ int BiphaseRawDecode(uint8_t *bits, size_t *size, int *offset, int invert) {
 //by marshmellow
 //take 10 and 01 and manchester decode
 //run through 2 times and take least errCnt
-int manrawdecode(uint8_t *BitStream, size_t *size, uint8_t invert, uint8_t *alignPos){
+int manrawdecode(uint8_t *bits, size_t *size, uint8_t invert, uint8_t *alignPos){

 	// sanity check
 	if (*size < 16) return -1;
 	
 	int errCnt = 0, bestErr = 1000;
-	uint16_t bitnum = 0, MaxBits = 512, bestRun = 0;
+	uint16_t bitnum = 0, maxBits = 512, bestRun = 0;
 	size_t i, k;

 	//find correct start position [alignment]
 	for (k = 0; k < 2; ++k){
 		for (i = k; i < *size-3; i += 2) {
-			if (BitStream[i] == BitStream[i+1])
+			if (bits[i] == bits[i+1])
 				errCnt++;
 		}
 		if (bestErr > errCnt){
@ -1281,14 +1279,14 @@ int manrawdecode(uint8_t *BitStream, size_t *size, uint8_t invert, uint8_t *alig
 	*alignPos = bestRun;
 	//decode
 	for (i = bestRun; i < *size-3; i += 2){
-		if (BitStream[i] == 1 && (BitStream[i+1] == 0)){
-			BitStream[bitnum++] = invert;
-		} else if ((BitStream[i] == 0) && BitStream[i+1] == 1){
-			BitStream[bitnum++] = invert^1;
+		if (bits[i] == 1 && (bits[i+1] == 0)){
+			bits[bitnum++] = invert;
+		} else if ((bits[i] == 0) && bits[i+1] == 1){
+			bits[bitnum++] = invert^1;
 		} else {
-			BitStream[bitnum++] = 7;
+			bits[bitnum++] = 7;
 		}
-		if (bitnum > MaxBits) break;
+		if (bitnum > maxBits) break;
 	}
 	*size = bitnum;
 	return bestErr;
@ -1440,11 +1438,15 @@ int askdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr
 // peaks invert bit (high=1 low=0) each clock cycle = 1 bit determined by last peak
 int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int *startIdx) {
 	if (justNoise(dest, *size)) return -1;
+	
 	size_t clkStartIdx = 0;
 	*clk = DetectNRZClock(dest, *size, *clk, &clkStartIdx);
-	if (*clk==0) return -2;
+	if (*clk == 0) return -2;
+	
 	size_t i, gLen = 4096;
-	if (gLen>*size) gLen = *size-20;
+	if (gLen > *size) 
+		gLen = *size-20;
+	
 	int high, low;
 	if (getHiLo(dest, gLen, &high, &low, 75, 75) < 1) return -3; //25% fuzz on high 25% fuzz on low