From 12ed4f1fdf848cf0838807c6a6fcde9a87cf7e9a Mon Sep 17 00:00:00 2001
From: Uli Heilmeier <uh@heilmeier.eu>
Date: Mon, 14 Feb 2022 12:19:20 +0100
Subject: [PATCH] Standalone mode hf_legicsim

Add a standalone mode to simulate Legic Prime dumps stored on flash
---
 CHANGELOG.md                                  |   1 +
 armsrc/Standalone/Makefile.hal                |   7 +-
 armsrc/Standalone/Makefile.inc                |   4 +
 armsrc/Standalone/hf_legicsim.c               | 152 ++++++++++++++++++
 .../4_Advanced-compilation-parameters.md      |   3 +-
 tools/build_all_firmwares.sh                  |   2 +-
 6 files changed, 165 insertions(+), 4 deletions(-)
 create mode 100644 armsrc/Standalone/hf_legicsim.c

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a339b528e..ae7ef8d54 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Added new standalone mode `hf_legicsim` (@uhei)
  - Changed `hf legic *` - now uses NG instead (@iceman1001)
  - Added `hf legic view` - view contents of LEGIC Prime dump files (@iceman1001)
  - Changed `hf mfu restore` - now takes bin/json as dump files (@iceman1001)
diff --git a/armsrc/Standalone/Makefile.hal b/armsrc/Standalone/Makefile.hal
index 5a3887c1b..1ebed7cf9 100644
--- a/armsrc/Standalone/Makefile.hal
+++ b/armsrc/Standalone/Makefile.hal
@@ -86,6 +86,9 @@ define KNOWN_STANDALONE_DEFINITIONS
 | HF_LEGIC        | Read/simulate Legic Prime tags         |
 |                 | storing in flashmem                    |
 +----------------------------------------------------------+
+| HF_LEGICSIM     | Simulate Legic Prime tags              |
+| (RDV4 only)     | stored on flashmem                     |
++----------------------------------------------------------+
 | HF_MATTYRUN     | Mifare sniff/clone                     |
 |                 | - Matías A. Ré Medina                  |
 +----------------------------------------------------------+
@@ -113,10 +116,10 @@ define KNOWN_STANDALONE_DEFINITIONS
 endef
 
 STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID
-STANDALONE_MODES += HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI
+STANDALONE_MODES += HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI
 STANDALONE_MODES_REQ_BT := HF_REBLAY
 STANDALONE_MODES_REQ_SMARTCARD :=
-STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_15SNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM
+STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_15SNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM HF_LEGICSIM
 ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),)
     STANDALONE_PLATFORM_DEFS += -DWITH_STANDALONE_$(STANDALONE)
     ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES_REQ_SMARTCARD)),)
diff --git a/armsrc/Standalone/Makefile.inc b/armsrc/Standalone/Makefile.inc
index 54ccbe1a6..ca052b576 100644
--- a/armsrc/Standalone/Makefile.inc
+++ b/armsrc/Standalone/Makefile.inc
@@ -97,6 +97,10 @@ endif
 ifneq (,$(findstring WITH_STANDALONE_HF_LEGIC,$(APP_CFLAGS)))
    SRC_STANDALONE = hf_legic.c
 endif
+# WITH_STANDALONE_HF_LEGICSIM
+ifneq (,$(findstring WITH_STANDALONE_HF_LEGICSIM,$(APP_CFLAGS)))
+   SRC_STANDALONE = hf_legicsim.c
+endif
 # WITH_STANDALONE_HF_MSDSAL
 ifneq (,$(findstring WITH_STANDALONE_HF_MSDSAL,$(APP_CFLAGS)))
     SRC_STANDALONE = hf_msdsal.c
diff --git a/armsrc/Standalone/hf_legicsim.c b/armsrc/Standalone/hf_legicsim.c
new file mode 100644
index 000000000..7bb27fe8a
--- /dev/null
+++ b/armsrc/Standalone/hf_legicsim.c
@@ -0,0 +1,152 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) Uli Heilmeier, 2022
+// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
+// Based on hf_mfcsim by Ray Lee
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// See LICENSE.txt for the text of the license.
+//-----------------------------------------------------------------------------
+// main code for legic prime simulator aka LEGICSIM
+//-----------------------------------------------------------------------------
+#include <inttypes.h>
+#include "ticks.h"
+#include "proxmark3_arm.h"
+#include "BigBuf.h"
+#include "commonutil.h"
+#include "fpgaloader.h"
+#include "util.h"
+#include "dbprint.h"
+#include "spiffs.h"
+#include "standalone.h" // standalone definitions
+#include "appmain.h"
+#include "string.h"
+#include "legicrf.h"
+#include "legicrfsim.h"
+#include "legic.h"
+
+/*
+ * `hf_legicsim` simulates legic prime MIM1024 dumps uploaded to flash.
+ * It requires RDV4 hardware (for flash and battery).
+ *
+ * On entering stand-alone mode, this module will start simulating.
+ * Data is read from bin dump file uploaded to flash memory (hf_legicsim_dump_xx.bin).
+ * Only support legic prime MIM1024
+ *
+ * To upload input file (eml format) to flash:
+ * - mem spiffs upload -s <filename> -d hf_legicsim_dump_xx.bin (Notes: xx is form 01 to 15)
+ * To delete the input file from flash:
+ * - mem spiffs remove -f hf_legicsim_dump_xx.bin (Notes: xx is form 01 to 15)
+ *
+ */
+
+#define HF_LEGICSIM_DUMPFILE_SIM "hf_legicsim_dump_%02d.bin"
+#define DUMP_SIZE 1024
+
+static char cur_dump_file[24] = {0};
+
+static bool fill_eml_from_file(char *dumpfile) {
+    // check file exist
+    if (!exists_in_spiffs(dumpfile)) {
+        Dbprintf(_RED_("Dump file %s not found!"), dumpfile);
+        return false;
+    }
+    //check dumpfile size
+    uint32_t size = size_in_spiffs(dumpfile);
+    if (size != DUMP_SIZE) {
+        Dbprintf(_RED_("File Size: %dB  The dump file size is incorrect! Only support Legic Prime MIM1024! Please check it."));
+        BigBuf_free();
+        return false;
+    }
+    //read and load dump file
+    BigBuf_Clear();
+    if (g_dbglevel >= DBG_INFO)
+        Dbprintf(_YELLOW_("Found dump file %s. Uploading to emulator memory..."), dumpfile);
+    uint8_t *emCARD = BigBuf_get_EM_addr();
+    rdv40_spiffs_read_as_filetype(dumpfile, emCARD, size, RDV40_SPIFFS_SAFETY_SAFE);
+    return true;
+}
+
+static bool write_file_from_eml(char *dumpfile) {
+    if (!exists_in_spiffs(dumpfile)) {
+        Dbprintf(_RED_("Dump file %s not found!"), dumpfile);
+        return false;
+    }
+    uint8_t *emCARD = BigBuf_get_EM_addr();
+    rdv40_spiffs_write(dumpfile, emCARD, DUMP_SIZE, RDV40_SPIFFS_SAFETY_SAFE);
+    return true;
+}
+
+void ModInfo(void) {
+    DbpString(_YELLOW_("  HF Legic Prime simulation mode") " - a.k.a LEGICSIM");
+}
+
+void RunMod(void) {
+    //initializing
+    StandAloneMode();
+    FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+    rdv40_spiffs_lazy_mount();
+    Dbprintf(_YELLOW_("Standalone mode LEGICSIM started!"));
+
+    bool flag_has_dumpfile = false;
+    for (int i = 1;; i++) {
+        //Exit! usbcommand break
+        if (data_available()) break;
+
+        //Infinite loop
+        if (i > 15) {
+            if (!flag_has_dumpfile)
+                break; //still no dump file found
+            i = 1;     //next loop
+        }
+
+        //Indicate which card will be simulated
+        LED(i, 0);
+
+        //Try to load dump form flash
+        sprintf(cur_dump_file, HF_LEGICSIM_DUMPFILE_SIM, i);
+        Dbprintf(_YELLOW_("[Slot: %d] Try to load dump file: %s"), i, cur_dump_file);
+        if (!fill_eml_from_file(cur_dump_file)) {
+            Dbprintf(_YELLOW_("[Slot: %d] Dump load Failed, Next one!"), i);
+            LEDsoff();
+            continue;
+        }
+        flag_has_dumpfile = true;
+
+        //Exit! Button hold break
+        int button_pressed = BUTTON_HELD(500);
+        if (button_pressed == BUTTON_HOLD) {
+            Dbprintf("Button hold, Break!");
+            break;
+        }
+
+        //Hope there is enough time to see clearly
+        SpinDelay(500);
+
+        //Start to simulate
+
+        Dbprintf(_YELLOW_("[Slot: %d] Simulation start, Press button to change next card."), i);
+        LegicRfSimulate(2, false);
+        Dbprintf(_YELLOW_("[Slot: %d] Simulation end, Write Back to dump file!"), i);
+
+        //Simulation end, Write Back
+        if (!write_file_from_eml(cur_dump_file)) {
+            Dbprintf(_RED_("[Slot: %d] Write Failed! Anyway, Change to next one!"), i);
+            continue;
+        }
+        Dbprintf(_YELLOW_("[Slot: %d] Write Success! Change to next one!"), i);
+    }
+    if (!flag_has_dumpfile)
+        Dbprintf("No dump file found!");
+    Dbprintf("Breaked! Exit standalone mode!");
+    SpinErr(15, 200, 3);
+    return;
+}
diff --git a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
index 6d9866aa4..90faa6e41 100644
--- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
+++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
@@ -120,7 +120,8 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
 | HF_CRAFTBYTE    | UID stealer - Emulates scanned 14a UID - Anze Jensterle
 | HF_COLIN        | Mifare ultra fast sniff/sim/clone - Colin Brigato
 | HF_ICECLASS     | iCLASS 4-1 mode  sim/read & dump/loclass/glitch & config to flashmem - Iceman1001
-| HF_LEGIC        | HF Legic Prime standalone - uhei
+| HF_LEGIC        | HF Legic Prime Read/Store/Sim standalone - uhei
+| HF_LEGICSIM     | HF Legic Prime Simulate standalone - uhei
 | HF_MATTYRUN     | Mifare sniff/clone - Matías A. Ré Medina
 | HF_MFCSIM       | Simulate Mifare Classic 1k card storing in flashmem - Ray Lee
 | HF_MSDSAL       | EMV Read and emulation - Salvador Mendoza
diff --git a/tools/build_all_firmwares.sh b/tools/build_all_firmwares.sh
index 330441b13..29e8472db 100755
--- a/tools/build_all_firmwares.sh
+++ b/tools/build_all_firmwares.sh
@@ -31,7 +31,7 @@ mv bootrom/obj/bootrom.elf "$DEST/PM3BOOTROM.elf"
 
 # cf armsrc/Standalone/Makefile.hal
 STANDALONE_MODES=(LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID)
-STANDALONE_MODES+=(HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI)
+STANDALONE_MODES+=(HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI)
 STANDALONE_MODES_REQ_BT=(HF_REBLAY)
 STANDALONE_MODES_REQ_SMARTCARD=()
 STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_15SNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM)