From 3b1c01cd136892486466f515134278ef559e5ee9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 30 Oct 2017 22:20:08 +0100 Subject: [PATCH] CHG: 'lf search' - hitag/cotag wrong return values CHG: is_justnoise - safety checks CHG: 'hitag reader' - debug printing --- client/cmdlf.c | 16 +++++------ client/cmdlfhitag.c | 66 ++++++++++++++++++++++++++------------------- client/cmdlft55xx.c | 10 +++---- client/cmdlft55xx.h | 2 +- client/graph.c | 4 +++ common/lfdemod.c | 50 +++++++++++++++++----------------- 6 files changed, 83 insertions(+), 65 deletions(-) diff --git a/client/cmdlf.c b/client/cmdlf.c index 22d0bc259..d5925b24b 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -849,7 +849,7 @@ int CheckChipType(bool getDeviceData) { //by marshmellow int CmdLFfind(const char *Cmd) { int ans = 0; - size_t minLength = 1000; + size_t minLength = 2000; char cmdp = param_getchar(Cmd, 0); char testRaw = param_getchar(Cmd, 1); @@ -873,18 +873,17 @@ int CmdLFfind(const char *Cmd) { // only run these tests if device is online if (isOnline) { - - // only run if graphbuffer is just noise as it should be for hitag/cotag + // only run if graphbuffer is just noise as it should be for hitag + // The improved noise detection will find Cotag. if (is_justnoise(GraphBuffer, minLength)) { - - if (CheckChipType(isOnline) ) return 1; - if (CmdLFHitagReader("26")) { PrintAndLog("\nValid Hitag Found!"); return 1;} - if (CmdCOTAGRead("")) { PrintAndLog("\nValid COTAG ID Found!"); return 1;} - PrintAndLog("Signal looks just like noise. Quitting."); + PrintAndLog("Signal looks just like noise. Looking for Hitag signal now."); + if (CmdLFHitagReader("26") == 0) { PrintAndLog("\nValid Hitag Found!"); return 1;} + if (CmdCOTAGRead("") > 0) { PrintAndLog("\nValid COTAG ID Found!"); return 1;} return 0; } } + if (EM4x50Read("", false)) { PrintAndLog("\nValid EM4x50 ID Found!"); return 1;} if (CmdAWIDDemod("")) { PrintAndLog("\nValid AWID ID Found!"); goto out;} if (CmdEM410xDemod("")) { PrintAndLog("\nValid EM410x ID Found!"); goto out;} @@ -906,6 +905,7 @@ int CmdLFfind(const char *Cmd) { if (CmdVikingDemod("")) { PrintAndLog("\nValid Viking ID Found!"); goto out;} if (CmdVisa2kDemod("")) { PrintAndLog("\nValid Visa2000 ID Found!"); goto out;} + //if (CmdFermaxDemod("")) { PrintAndLog("\nValid Fermax ID Found!"); goto out;} // TIdemod? flexdemod? PrintAndLog("\nNo Known Tags Found!\n"); diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index a5a0c00e4..ab4ff1019 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -22,15 +22,20 @@ #include "hitagS.h" #include "util_posix.h" #include "cmdmain.h" +#include "cmddata.h" static int CmdHelp(const char *Cmd); size_t nbytes(size_t nbits) { - return (nbits/8)+((nbits%8)>0); + return (nbits/8) + ((nbits%8) > 0); } int CmdLFHitagList(const char *Cmd) { uint8_t *got = malloc(USB_CMD_DATA_SIZE); + if ( !got ) { + PrintAndLog("Cannot allocate memory for trace"); + return 2; + } // Query for the actual size of the trace UsbCommand response; @@ -197,22 +202,22 @@ int CmdLFHitagReader(const char *Cmd) { switch (htf) { case 01: { //RHTSF_CHALLENGE c = (UsbCommand){ CMD_READ_HITAG_S }; - num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr); - num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4); + num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr); + num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4); } break; case 02: { //RHTSF_KEY c = (UsbCommand){ CMD_READ_HITAG_S }; - num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key); + num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key); } break; case RHT2F_PASSWORD: { - num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->pwd.password); + num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->pwd.password); } break; case RHT2F_AUTHENTICATE: { - num_to_bytes(param_get32ex(Cmd,1,0,16),4,htd->auth.NrAr); - num_to_bytes(param_get32ex(Cmd,2,0,16),4,htd->auth.NrAr+4); + num_to_bytes(param_get32ex(Cmd, 1, 0, 16), 4, htd->auth.NrAr); + num_to_bytes(param_get32ex(Cmd, 2, 0, 16), 4, htd->auth.NrAr+4); } break; case RHT2F_CRYPTO: { - num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key); + num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key); } break; case RHT2F_TEST_AUTH_ATTEMPTS: { // No additional parameters needed @@ -221,7 +226,7 @@ int CmdLFHitagReader(const char *Cmd) { // No additional parameters needed } break; default: { - PrintAndLog("\nError: unkown reader function %d",htf); + PrintAndLog("\nError: unkown reader function %d", htf); PrintAndLog(""); PrintAndLog("Usage: hitag reader "); PrintAndLog("Reader Functions:"); @@ -243,30 +248,36 @@ int CmdLFHitagReader(const char *Cmd) { c.arg[0] = htf; clearCommandBuffer(); SendCommand(&c); - UsbCommand resp; - WaitForResponse(CMD_ACK, &resp); + UsbCommand resp; + if ( !WaitForResponseTimeout(CMD_ACK, &resp, 4000) ) { + PrintAndLog("timeout while waiting for reply."); + return 1; + } // Check the return status, stored in the first argument - if (resp.arg[0] == false) return 1; + if (resp.arg[0] == false) { + if (g_debugMode) PrintAndLog("DEBUG: Error - hitag failed"); + return 1; + } - uint32_t id = bytes_to_num(resp.d.asBytes,4); + uint32_t id = bytes_to_num(resp.d.asBytes, 4); if (htf == RHT2F_UID_ONLY){ - PrintAndLog("Valid Hitag2 tag found - UID: %08x",id); + PrintAndLog("Valid Hitag2 tag found - UID: %08x", id); } else { char filename[FILE_PATH_SIZE]; FILE* f = NULL; - sprintf(filename,"%08x_%04x.ht2",id,(rand() & 0xffff)); - f = fopen(filename,"wb"); + sprintf(filename, "%08x_%04x.ht2", id, (rand() & 0xffff)); + f = fopen(filename, "wb"); if (!f) { - PrintAndLog("Error: Could not open file [%s]",filename); + PrintAndLog("Error: Could not open file [%s]", filename); return 1; } // Write the 48 tag memory bytes to file and finalize fwrite(resp.d.asBytes, 1, 48, f); fclose(f); - PrintAndLog("Succesfully saved tag memory to [%s]",filename); + PrintAndLog("Succesfully saved tag memory to [%s]", filename); } return 0; } @@ -312,12 +323,13 @@ int CmdLFHitagCheckChallenges(const char *Cmd) { FILE* f; bool file_given; int len = strlen(Cmd); - if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; + if (len > FILE_PATH_SIZE) + len = FILE_PATH_SIZE; memcpy(filename, Cmd, len); if (strlen(filename) > 0) { f = fopen(filename,"rb+"); - if( !f ) { + if ( !f ) { PrintAndLog("Error: Could not open file [%s]", filename); return 1; } @@ -343,23 +355,23 @@ int CmdLFHitagCheckChallenges(const char *Cmd) { int CmdLFHitagWP(const char *Cmd) { UsbCommand c = { CMD_WR_HITAG_S }; hitag_data* htd = (hitag_data*)c.d.asBytes; - hitag_function htf = param_get32ex(Cmd,0,0,10); + hitag_function htf = param_get32ex(Cmd, 0, 0, 10); switch (htf) { case 03: { //WHTSF_CHALLENGE - num_to_bytes(param_get64ex(Cmd,1,0,16),8,htd->auth.NrAr); + num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 8, htd->auth.NrAr); c.arg[2]= param_get32ex(Cmd, 2, 0, 10); - num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->auth.data); + num_to_bytes(param_get32ex(Cmd, 3, 0, 16), 4, htd->auth.data); } break; case 04: case 24: { //WHTSF_KEY - num_to_bytes(param_get64ex(Cmd,1,0,16),6,htd->crypto.key); + num_to_bytes(param_get64ex(Cmd, 1, 0, 16), 6, htd->crypto.key); c.arg[2]= param_get32ex(Cmd, 2, 0, 10); - num_to_bytes(param_get32ex(Cmd,3,0,16),4,htd->crypto.data); + num_to_bytes(param_get32ex(Cmd, 3, 0, 16), 4, htd->crypto.data); } break; default: { - PrintAndLog("Error: unkown writer function %d",htf); + PrintAndLog("Error: unkown writer function %d", htf); PrintAndLog("Hitag writer functions"); PrintAndLog(" HitagS (0*)"); PrintAndLog(" 03 (Challenge) write page on a Hitag S tag"); @@ -375,7 +387,7 @@ int CmdLFHitagWP(const char *Cmd) { clearCommandBuffer(); SendCommand(&c); UsbCommand resp; - WaitForResponse(CMD_ACK,&resp); + WaitForResponse(CMD_ACK, &resp); // Check the return status, stored in the first argument if (resp.arg[0] == false) return 1; diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 460386ee9..7f2c90206 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -1292,7 +1292,7 @@ int CmdT55xxDump(const char *Cmd){ return 1; } -int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){ +bool AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){ // arg0 bitmodes: // bit0 = pwdmode // bit1 = page to read from @@ -1304,7 +1304,7 @@ int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){ SendCommand(&c); if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) { PrintAndLog("command execution time out"); - return 0; + return false; } //uint8_t got[12288]; @@ -1312,14 +1312,14 @@ int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){ GetFromBigBuf(got, sizeof(got), 0); if ( !WaitForResponseTimeout(CMD_ACK, NULL, 8000) ) { PrintAndLog("command execution time out"); - return 0; + return false; } setGraphBuf(got, sizeof(got)); if (is_justnoise(GraphBuffer, sizeof(got))) - return 0; + return false; - return 1; + return true; } char * GetBitRateStr(uint32_t id, bool xmode) { diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h index d1103841c..1c0618532 100644 --- a/client/cmdlft55xx.h +++ b/client/cmdlft55xx.h @@ -155,7 +155,7 @@ bool testKnownConfigBlock(uint32_t block0); extern bool tryDetectP1(bool getData); bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5); int special(const char *Cmd); -int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ); +bool AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ); bool detectPassword(int password); diff --git a/client/graph.c b/client/graph.c index 1a1bdefe2..8fb2addd9 100644 --- a/client/graph.c +++ b/client/graph.c @@ -269,6 +269,10 @@ uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose, int *f // By measuring mean and look at amplitude of signal from HIGH / LOW, // we can detect noise bool is_justnoise(int *bits, uint32_t size) { + + if ( bits == NULL ) return true; + if ( size < 100 ) return true; + //might not be high enough for noisy environments #define NOICE_AMPLITUDE_THRESHOLD 10; diff --git a/common/lfdemod.c b/common/lfdemod.c index 33a954bdc..1f1dc2b0c 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -143,22 +143,22 @@ bool parityTest(uint32_t bits, uint8_t bitLen, uint8_t pType) { //by marshmellow // takes a array of binary values, start position, length of bits per parity (includes parity bit - MAX 32), // Parity Type (1 for odd; 0 for even; 2 for Always 1's; 3 for Always 0's), and binary Length (length to run) -size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen) { +size_t removeParity(uint8_t *bits, size_t startIdx, uint8_t pLen, uint8_t pType, size_t bLen) { uint32_t parityWd = 0; size_t bitCnt = 0; for (int word = 0; word < (bLen); word += pLen){ for (int bit=0; bit < pLen; bit++){ if (word+bit >= bLen) break; - parityWd = (parityWd << 1) | BitStream[startIdx+word+bit]; - BitStream[bitCnt++] = (BitStream[startIdx+word+bit]); + parityWd = (parityWd << 1) | bits[startIdx+word+bit]; + bits[bitCnt++] = (bits[startIdx+word+bit]); } if (word+pLen > bLen) break; bitCnt--; // overwrite parity with next data // if parity fails then return 0 switch (pType) { - case 3: if (BitStream[bitCnt]==1) {return 0;} break; //should be 0 spacer bit - case 2: if (BitStream[bitCnt]==0) {return 0;} break; //should be 1 spacer bit + case 3: if (bits[bitCnt]==1) {return 0;} break; //should be 0 spacer bit + case 2: if (bits[bitCnt]==0) {return 0;} break; //should be 1 spacer bit default: if (parityTest(parityWd, pLen, pType) == 0) { return 0; } break; //test parity } parityWd = 0; @@ -196,8 +196,7 @@ size_t addParity(uint8_t *BitSource, uint8_t *dest, uint8_t sourceLen, uint8_t p return bitCnt; } -uint32_t bytebits_to_byte(uint8_t *src, size_t numbits) -{ +uint32_t bytebits_to_byte(uint8_t *src, size_t numbits) { uint32_t num = 0; for(int i = 0 ; i < numbits ; i++) { num = (num << 1) | (*src); @@ -207,8 +206,7 @@ uint32_t bytebits_to_byte(uint8_t *src, size_t numbits) } //least significant bit first -uint32_t bytebits_to_byteLSBF(uint8_t *src, size_t numbits) -{ +uint32_t bytebits_to_byteLSBF(uint8_t *src, size_t numbits) { uint32_t num = 0; for(int i = 0 ; i < numbits ; i++) { num = (num << 1) | *(src + (numbits-(i+1))); @@ -225,14 +223,14 @@ bool preambleSearch(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t * // search for given preamble in given BitStream and return success=1 or fail=0 and startIndex (where it was found) and length if not fineone // fineone does not look for a repeating preamble for em4x05/4x69 sends preamble once, so look for it once in the first pLen bits //(iceman) FINDONE, only finds start index. NOT SIZE!. I see Em410xDecode (lfdemod.c) uses SIZE to determine success -bool preambleSearchEx(uint8_t *BitStream, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx, bool findone) +bool preambleSearchEx(uint8_t *bits, uint8_t *preamble, size_t pLen, size_t *size, size_t *startIdx, bool findone) { - // Sanity check. If preamble length is bigger than bitstream length. + // Sanity check. If preamble length is bigger than bits length. if ( *size <= pLen ) return false; uint8_t foundCnt = 0; for (size_t idx = 0; idx < *size - pLen; idx++) { - if (memcmp(BitStream+idx, preamble, pLen) == 0){ + if (memcmp(bits+idx, preamble, pLen) == 0){ //first index found foundCnt++; if (foundCnt == 1){ @@ -590,7 +588,7 @@ int DetectStrongNRZClk(uint8_t *dest, size_t size, int peak, int low, bool *stro ++i; lastWasHigh = (dest[i] >= peak); - if (i==size) return 0; + if (i == size) return 0; transition1 = i; for (;i < size; i++) { @@ -1257,19 +1255,19 @@ int BiphaseRawDecode(uint8_t *bits, size_t *size, int *offset, int invert) { //by marshmellow //take 10 and 01 and manchester decode //run through 2 times and take least errCnt -int manrawdecode(uint8_t *BitStream, size_t *size, uint8_t invert, uint8_t *alignPos){ +int manrawdecode(uint8_t *bits, size_t *size, uint8_t invert, uint8_t *alignPos){ // sanity check if (*size < 16) return -1; int errCnt = 0, bestErr = 1000; - uint16_t bitnum = 0, MaxBits = 512, bestRun = 0; + uint16_t bitnum = 0, maxBits = 512, bestRun = 0; size_t i, k; //find correct start position [alignment] for (k = 0; k < 2; ++k){ for (i = k; i < *size-3; i += 2) { - if (BitStream[i] == BitStream[i+1]) + if (bits[i] == bits[i+1]) errCnt++; } if (bestErr > errCnt){ @@ -1281,14 +1279,14 @@ int manrawdecode(uint8_t *BitStream, size_t *size, uint8_t invert, uint8_t *alig *alignPos = bestRun; //decode for (i = bestRun; i < *size-3; i += 2){ - if (BitStream[i] == 1 && (BitStream[i+1] == 0)){ - BitStream[bitnum++] = invert; - } else if ((BitStream[i] == 0) && BitStream[i+1] == 1){ - BitStream[bitnum++] = invert^1; + if (bits[i] == 1 && (bits[i+1] == 0)){ + bits[bitnum++] = invert; + } else if ((bits[i] == 0) && bits[i+1] == 1){ + bits[bitnum++] = invert^1; } else { - BitStream[bitnum++] = 7; + bits[bitnum++] = 7; } - if (bitnum > MaxBits) break; + if (bitnum > maxBits) break; } *size = bitnum; return bestErr; @@ -1440,11 +1438,15 @@ int askdemod(uint8_t *BinStream, size_t *size, int *clk, int *invert, int maxErr // peaks invert bit (high=1 low=0) each clock cycle = 1 bit determined by last peak int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int *startIdx) { if (justNoise(dest, *size)) return -1; + size_t clkStartIdx = 0; *clk = DetectNRZClock(dest, *size, *clk, &clkStartIdx); - if (*clk==0) return -2; + if (*clk == 0) return -2; + size_t i, gLen = 4096; - if (gLen>*size) gLen = *size-20; + if (gLen > *size) + gLen = *size-20; + int high, low; if (getHiLo(dest, gLen, &high, &low, 75, 75) < 1) return -3; //25% fuzz on high 25% fuzz on low