From 1e91895b901252f651003872852b8a830a5d82d4 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sat, 2 Jul 2022 22:45:32 +0300 Subject: [PATCH 01/14] simulate sketch --- armsrc/appmain.c | 7 ++++++ armsrc/hfops.c | 52 ++++++++++++++++++++++++++++++++++++++++ armsrc/hfops.h | 1 + client/src/cmdhftexkom.c | 47 +++++++++++++++++++++++++++++++++++- include/pm3_cmd.h | 1 + 5 files changed, 107 insertions(+), 1 deletion(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 5254368ae..5e84aec4e 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1392,6 +1392,13 @@ static void PacketReceived(PacketCommandNG *packet) { HfReadADC(samplesCount, true); break; } + case CMD_HF_TEXKOM_SIMULATE: { + uint32_t timeout = 0; + memcpy(&timeout, &packet->data.asBytes[9], 4); + HfWriteTkm(packet->data.asBytes, packet->data.asBytes[8], timeout); + break; + } + #endif #ifdef WITH_ISO14443a diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 3bf060c56..de7f5ba03 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -19,6 +19,7 @@ #include "hfops.h" #include +#include "appmain.h" #include "proxmark3_arm.h" #include "cmd.h" #include "BigBuf.h" @@ -90,4 +91,55 @@ int HfReadADC(uint32_t samplesCount, bool ledcontrol) { return 0; } +static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation) { + return 0; +} + +int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { + // free eventually allocated BigBuf memory + BigBuf_free_keep_EM(); + + LEDsoff(); + + uint32_t elen = HfEncodeTkm(uid, modulation); + if (elen == 0) { + DbpString("encode error"); + reply_ng(CMD_HF_TEXKOM_SIMULATE, PM3_EAPDU_ENCODEFAIL, NULL, 0); + return PM3_EAPDU_ENCODEFAIL; + } + + LED_C_ON(); + + int vHf = 0; // in mV + bool button_pressed = false; + bool exit_loop = false; + while (exit_loop == false) { + + button_pressed = BUTTON_PRESS(); + if (button_pressed || data_available()) + break; + + WDT_HIT(); + + vHf = (MAX_ADC_HF_VOLTAGE * SumAdc(ADC_CHAN_HF, 32)) >> 15; + if (vHf > MF_MINFIELDV) { + LED_A_ON(); + } else { + LED_A_OFF(); + continue; + } + + + // TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow); + } + + switch_off(); + + if (button_pressed) + DbpString("button pressed"); + + reply_ng(CMD_HF_TEXKOM_SIMULATE, PM3_SUCCESS, NULL, 0); + + return PM3_SUCCESS; +} diff --git a/armsrc/hfops.h b/armsrc/hfops.h index 489c99bc6..f1d705913 100644 --- a/armsrc/hfops.h +++ b/armsrc/hfops.h @@ -22,5 +22,6 @@ #include "common.h" int HfReadADC(uint32_t samplesCount, bool ledcontrol); +int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout); #endif \ No newline at end of file diff --git a/client/src/cmdhftexkom.c b/client/src/cmdhftexkom.c index 615f0c0df..534177669 100644 --- a/client/src/cmdhftexkom.c +++ b/client/src/cmdhftexkom.c @@ -550,12 +550,57 @@ static int CmdHFTexkomReader(const char *Cmd) { } +static int CmdHFTexkomSim(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf texkom sim", + "Simulate a texkom tag", + "hf texkom sim"); + + void *argtable[] = { + arg_param_begin, + arg_lit0("v", "verbose", "Verbose work"), + arg_lit0("t", "tk17", "Use TK-17 modulation (TK-13 by default)"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + bool verbose = arg_get_lit(ctx, 1); + uint32_t cmdtimeout = 0; + uint8_t modulation = 0; // tk-13 + if (arg_get_lit(ctx, 2)) + modulation = 1; //tk-17 + + CLIParserFree(ctx); + + // + uint8_t data[13] = {0}; + data[8] = modulation; + memcpy(&data[9], &cmdtimeout, 4); + clearCommandBuffer(); + SendCommandNG(CMD_HF_TEXKOM_SIMULATE, data, sizeof(data)); + + if (cmdtimeout > 0 && cmdtimeout < 2800) { + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_HF_TEXKOM_SIMULATE, &resp, 3000)) { + if (verbose) + PrintAndLogEx(WARNING, "(hf texkom simulate) command execution time out"); + return PM3_ETIMEOUT; + } + PrintAndLogEx(INFO, "simulate command execution done"); + } else { + PrintAndLogEx(INFO, "simulate command started"); + } + + return PM3_SUCCESS; +} + + static int CmdHelp(const char *Cmd); static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"reader", CmdHFTexkomReader, IfPm3Iso14443a, "Act like a Texkom reader"}, - //{"sim", CmdHFTexkomSim, IfPm3Iso14443a, "Simulate a Texkom tag"}, + {"sim", CmdHFTexkomSim, IfPm3Iso14443a, "Simulate a Texkom tag"}, //{"write", CmdHFTexkomWrite, IfPm3Iso14443a, "Write a Texkom tag"}, {NULL, NULL, 0, NULL} }; diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index e53132309..69d9fed5b 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -522,6 +522,7 @@ typedef struct { #define CMD_HF_ISO15693_CSETUID 0x0316 #define CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY 0x0317 #define CMD_HF_ISO15693_SLIX_L_DISABLE_AESAFI 0x0318 +#define CMD_HF_TEXKOM_SIMULATE 0x0320 #define CMD_LF_SNIFF_RAW_ADC 0x0360 From 3aeb745f0aab199840a6374026b333b07f16cea7 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 00:09:55 +0300 Subject: [PATCH 02/14] encode sketch --- armsrc/hfops.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index de7f5ba03..843686984 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -92,8 +92,29 @@ int HfReadADC(uint32_t samplesCount, bool ledcontrol) { } static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation) { + uint32_t len = 0; + if (modulation == 0) { + // TK-13 + // 74ns 1 field cycle, + // 100 field cycle = impulse (13 bytes) + // 1000 field cycle = `1` (125 bytes) + // 500 field cycle = `0` (63 bytes) + // `1` - 125, 63 + // `0` - 63, 125 - return 0; + len = 2; + } else { + // TK-17 + // 74ns 1 field cycle, + // `00` - + // `01` - + // `10` - + // `11` - + + + } + + return len; } int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { @@ -110,6 +131,9 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { } LED_C_ON(); + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K); int vHf = 0; // in mV bool button_pressed = false; @@ -130,8 +154,27 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { continue; } + SpinDelay(10); + for (int j = 0; j < 13;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0xff; + j++; + } + } + for (int j = 0; j < 125;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x00; + j++; + } + } + for (int j = 0; j < 13;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0xff; + j++; + } + } - // TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow); + SpinDelay(100); } switch_off(); From 6a28ca39f6eeea03d85e3e9c146be3f1f0d48129 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 00:20:56 +0300 Subject: [PATCH 03/14] tk13 transmit sketch --- armsrc/hfops.c | 46 +++++++++++++++++++++++++--------------- client/src/cmdhftexkom.c | 9 ++++++++ 2 files changed, 38 insertions(+), 17 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 843686984..91e426c8d 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -91,7 +91,7 @@ int HfReadADC(uint32_t samplesCount, bool ledcontrol) { return 0; } -static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation) { +static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { uint32_t len = 0; if (modulation == 0) { // TK-13 @@ -102,6 +102,21 @@ static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation) { // `1` - 125, 63 // `0` - 63, 125 + int indx = 0; + for (int i = 0; i < 8; i++) { + for (int j = 0; j < 8; j++) { + if (((uid[i] << j) & 0x80) != 0) { + // `1` + data[indx++] = 125; + data[indx++] = 63; + } else { + // `0` + data[indx++] = 63; + data[indx++] = 125; + } + } + } + len = 2; } else { // TK-17 @@ -123,7 +138,8 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { LEDsoff(); - uint32_t elen = HfEncodeTkm(uid, modulation); + uint8_t* data = BigBuf_calloc(256); + uint32_t elen = HfEncodeTkm(uid, modulation, data); if (elen == 0) { DbpString("encode error"); reply_ng(CMD_HF_TEXKOM_SIMULATE, PM3_EAPDU_ENCODEFAIL, NULL, 0); @@ -155,22 +171,18 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { } SpinDelay(10); - for (int j = 0; j < 13;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0xff; - j++; + for (int i = 0; i < elen; i++) { + for (int j = 0; j < 13;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0xff; + j++; + } } - } - for (int j = 0; j < 125;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x00; - j++; - } - } - for (int j = 0; j < 13;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0xff; - j++; + for (int j = 0; j < data[i];) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x00; + j++; + } } } diff --git a/client/src/cmdhftexkom.c b/client/src/cmdhftexkom.c index 534177669..a54342980 100644 --- a/client/src/cmdhftexkom.c +++ b/client/src/cmdhftexkom.c @@ -574,6 +574,15 @@ static int CmdHFTexkomSim(const char *Cmd) { // uint8_t data[13] = {0}; + data[0] = 0xFF; + data[1] = 0xFF; + data[2] = 0x63; + data[3] = 0x8C; + data[4] = 0x7D; + data[5] = 0xC4; + data[6] = 0x55; + data[7] = 0x53; + data[8] = modulation; memcpy(&data[9], &cmdtimeout, 4); clearCommandBuffer(); From e4df73738f88b2e22b8a67f55339a6aba255661a Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 18:19:57 +0300 Subject: [PATCH 04/14] transmit ok, timing not ok --- armsrc/hfops.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 91e426c8d..976cd7d64 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -117,7 +117,7 @@ static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { } } - len = 2; + len = indx; } else { // TK-17 // 74ns 1 field cycle, @@ -150,6 +150,7 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K); + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR); int vHf = 0; // in mV bool button_pressed = false; @@ -172,6 +173,9 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { SpinDelay(10); for (int i = 0; i < elen; i++) { + if (data[i] == 0) + data[i] = 10; + for (int j = 0; j < 13;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0xff; From 87db9e7ec903346ad281aa7489c438a007fda894 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 21:32:29 +0300 Subject: [PATCH 05/14] pm3-pm3 works --- armsrc/hfops.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 976cd7d64..9dc803804 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -107,12 +107,12 @@ static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { for (int j = 0; j < 8; j++) { if (((uid[i] << j) & 0x80) != 0) { // `1` - data[indx++] = 125; - data[indx++] = 63; + data[indx++] = 1; + data[indx++] = 0; } else { // `0` - data[indx++] = 63; - data[indx++] = 125; + data[indx++] = 0; + data[indx++] = 1; } } } @@ -149,7 +149,7 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { LED_C_ON(); FpgaDownloadAndGo(FPGA_BITSTREAM_HF); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K); + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_212K); FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR); int vHf = 0; // in mV @@ -173,19 +173,18 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { SpinDelay(10); for (int i = 0; i < elen; i++) { - if (data[i] == 0) - data[i] = 10; - - for (int j = 0; j < 13;) { + for (int j = 0; j < 1;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0xff; + AT91C_BASE_SSC->SSC_THR = 0x80; j++; } } - for (int j = 0; j < data[i];) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x00; - j++; + if (data[i] > 0) { + for (int j = 0; j < data[i];) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = 0x00; + j++; + } } } } From 353ef6f739baca7589d6f576cf5b7bbb14554031 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 21:59:55 +0300 Subject: [PATCH 06/14] duplicator works too (on the edge of the field) --- armsrc/hfops.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 9dc803804..1efb4b052 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -96,6 +96,7 @@ static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { if (modulation == 0) { // TK-13 // 74ns 1 field cycle, + // carrier frequency is fc/64 (212kHz), 4.7 mks // 100 field cycle = impulse (13 bytes) // 1000 field cycle = `1` (125 bytes) // 500 field cycle = `0` (63 bytes) @@ -171,7 +172,7 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { continue; } - SpinDelay(10); + SpinDelay(5); for (int i = 0; i < elen; i++) { for (int j = 0; j < 1;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { @@ -188,8 +189,6 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { } } } - - SpinDelay(100); } switch_off(); From 8571cfddbf323e631eba918bc2dd97629dea0c26 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 22:07:03 +0300 Subject: [PATCH 07/14] led on/off optimization and wait for field stabization --- armsrc/hfops.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 1efb4b052..60dc4005e 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -156,6 +156,7 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { int vHf = 0; // in mV bool button_pressed = false; bool exit_loop = false; + bool field_on = false; while (exit_loop == false) { button_pressed = BUTTON_PRESS(); @@ -166,13 +167,20 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { vHf = (MAX_ADC_HF_VOLTAGE * SumAdc(ADC_CHAN_HF, 32)) >> 15; if (vHf > MF_MINFIELDV) { - LED_A_ON(); + if (!field_on) { + LED_A_ON(); + SpinDelay(50); + } + field_on = true; } else { - LED_A_OFF(); + if (field_on) { + LED_A_OFF(); + } + field_on = false; continue; } - SpinDelay(5); + SpinDelay(3); for (int i = 0; i < elen; i++) { for (int j = 0; j < 1;) { if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { From 640f6772a58b048ec4d1c153420a3b634a362d49 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 22:54:58 +0300 Subject: [PATCH 08/14] bit encoder, works very good with real reader --- armsrc/hfops.c | 74 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 48 insertions(+), 26 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 60dc4005e..8351f7682 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -91,34 +91,66 @@ int HfReadADC(uint32_t samplesCount, bool ledcontrol) { return 0; } +uint8_t encode_acc = 0; +uint8_t encode_acc_bit_count = 0; +uint32_t encode_indx = 0; + +static void EncodeInit(void) { + encode_acc = 0; + encode_acc_bit_count = 0; + encode_indx = 0; +} + +static void EncodeAddBit(uint8_t* data, uint8_t bit, uint8_t bit_count) { + for (int i = 0; i < bit_count; i++) { + encode_acc = (encode_acc << 1) | (bit & 0x01); + encode_acc_bit_count++; + if (encode_acc_bit_count > 7) { + data[encode_indx++] = encode_acc; + encode_acc = 0; + encode_acc_bit_count = 0; + } + } +} + +static uint32_t EncodeFinish(uint8_t* data) { + if (encode_acc_bit_count > 0) { + encode_acc = encode_acc << (8 - encode_acc_bit_count); + data[encode_indx++] = encode_acc; + } + + return encode_indx; +} + static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { uint32_t len = 0; if (modulation == 0) { // TK-13 // 74ns 1 field cycle, // carrier frequency is fc/64 (212kHz), 4.7 mks - // 100 field cycle = impulse (13 bytes) - // 1000 field cycle = `1` (125 bytes) - // 500 field cycle = `0` (63 bytes) - // `1` - 125, 63 - // `0` - 63, 125 + // 100 field cycle = impulse 1.6 ( 1 bit from real tag) + // 1000 field cycle = `1` 15.6 (17 bit from real tag) + // 500 field cycle = `0` 7.8 ( 7 bit from real tag) - int indx = 0; + EncodeInit(); for (int i = 0; i < 8; i++) { for (int j = 0; j < 8; j++) { if (((uid[i] << j) & 0x80) != 0) { // `1` - data[indx++] = 1; - data[indx++] = 0; + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 17); + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 7); } else { // `0` - data[indx++] = 0; - data[indx++] = 1; + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 7); + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 17); } } } - - len = indx; + len = EncodeFinish(data); } else { // TK-17 // 74ns 1 field cycle, @@ -181,20 +213,10 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { } SpinDelay(3); - for (int i = 0; i < elen; i++) { - for (int j = 0; j < 1;) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x80; - j++; - } - } - if (data[i] > 0) { - for (int j = 0; j < data[i];) { - if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { - AT91C_BASE_SSC->SSC_THR = 0x00; - j++; - } - } + for (int i = 0; i < elen;) { + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { + AT91C_BASE_SSC->SSC_THR = data[i]; + i++; } } } From d2e671b7d1fdc28284929f79b4d118fa882a1612 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Sun, 3 Jul 2022 23:21:20 +0300 Subject: [PATCH 09/14] send raw data and compose raw data from id --- client/src/cmdhftexkom.c | 49 ++++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 10 deletions(-) diff --git a/client/src/cmdhftexkom.c b/client/src/cmdhftexkom.c index a54342980..1c698b559 100644 --- a/client/src/cmdhftexkom.c +++ b/client/src/cmdhftexkom.c @@ -554,12 +554,16 @@ static int CmdHFTexkomSim(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf texkom sim", "Simulate a texkom tag", - "hf texkom sim"); + "hf texkom sim \r\n" + "hf texkom sim --raw FFFF638C7DC45553 -> simulate TK13 tag with id 8C7DC455\r\n" + "hf texkom sim --id 8C7DC455 -> simulate TK13 tag with id 8C7DC455"); void *argtable[] = { arg_param_begin, arg_lit0("v", "verbose", "Verbose work"), - arg_lit0("t", "tk17", "Use TK-17 modulation (TK-13 by default)"), + arg_lit0("t", "tk17", "Use TK-17 modulation (TK-13 by default)"), + arg_str0(NULL, "raw", "", "Raw data for texkom card, 8 bytes. Manual modulation select."), + arg_str0(NULL, "id", "", "Raw data for texkom card, 8 bytes. Manual modulation select."), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); @@ -570,18 +574,43 @@ static int CmdHFTexkomSim(const char *Cmd) { if (arg_get_lit(ctx, 2)) modulation = 1; //tk-17 + uint8_t rawdata[250] = {0}; + int rawdatalen = 0; + CLIGetHexWithReturn(ctx, 3, rawdata, &rawdatalen); + + uint8_t iddata[250] = {0}; + int iddatalen = 0; + CLIGetHexWithReturn(ctx, 4, iddata, &iddatalen); + CLIParserFree(ctx); + if (rawdatalen == 0 && iddatalen == 0) { + PrintAndLogEx(ERR, " or must be specified to simulate"); + return PM3_EINVARG; + } + + if (iddatalen > 0 && iddatalen != 4) { + PrintAndLogEx(ERR, " must be 4 bytes long instead of: %d", iddatalen); + return PM3_EINVARG; + } + + if (iddatalen == 4) { + rawdata[0] = 0xff; + rawdata[1] = 0xff; + rawdata[2] = (modulation == 0) ? 0x63 : 0xca; + memcpy(&rawdata[3], iddata, 4); + rawdata[7] = (modulation == 0) ? TexcomTK13CRC(iddata) : TexcomTK17CRC(iddata); + rawdatalen = 8; + } + + if (rawdatalen > 0 && rawdatalen != 8) { + PrintAndLogEx(ERR, " must be 8 bytes long instead of: %d", rawdatalen); + return PM3_EINVARG; + } + // uint8_t data[13] = {0}; - data[0] = 0xFF; - data[1] = 0xFF; - data[2] = 0x63; - data[3] = 0x8C; - data[4] = 0x7D; - data[5] = 0xC4; - data[6] = 0x55; - data[7] = 0x53; + memcpy(data, rawdata, 8); data[8] = modulation; memcpy(&data[9], &cmdtimeout, 4); From 4ada5a9952cf25c904d2b9dcdcb6a1cfccd95670 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 4 Jul 2022 00:05:04 +0300 Subject: [PATCH 10/14] add help --- client/src/cmdhftexkom.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhftexkom.c b/client/src/cmdhftexkom.c index 1c698b559..7cd04b408 100644 --- a/client/src/cmdhftexkom.c +++ b/client/src/cmdhftexkom.c @@ -556,7 +556,9 @@ static int CmdHFTexkomSim(const char *Cmd) { "Simulate a texkom tag", "hf texkom sim \r\n" "hf texkom sim --raw FFFF638C7DC45553 -> simulate TK13 tag with id 8C7DC455\r\n" - "hf texkom sim --id 8C7DC455 -> simulate TK13 tag with id 8C7DC455"); + "hf texkom sim --tk17 --raw FFFFCA17F31EC512 -> simulate TK17 tag with id 17F31EC5\r\n" + "hf texkom sim --id 8C7DC455 -> simulate TK13 tag with id 8C7DC455\r\n" + "hf texkom sim --id 8C7DC455 --tk17 -> simulate TK17 tag with id 17F31EC5"); void *argtable[] = { arg_param_begin, From 4efb9f22753ab4fbe29ed767dc162391c2b34a85 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 4 Jul 2022 00:18:57 +0300 Subject: [PATCH 11/14] tk-17 works --- armsrc/hfops.c | 44 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 8351f7682..c71ed37ff 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -154,12 +154,46 @@ static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { } else { // TK-17 // 74ns 1 field cycle, - // `00` - - // `01` - - // `10` - - // `11` - - + // carrier frequency is fc/64 (212kHz), 4.7 mks + // 0 --- 8 --- 12-15 --- 18-19 --- 26-28 --- 32 + // `00` -- 1-25-1-5 + // `01` -- 1-12-1-18 + // `10` -- 1-17-1-13 + // `11` -- 1-7-1-23 + EncodeInit(); + for (int i = 0; i < 8; i++) { + for (int j = 0; j < 8; j += 2) { + uint8_t twobit = ((uid[i] >> j) & 0x03); + if (twobit == 0x00) { + // `00` + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 25); + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 5); + } else if (twobit == 0x01) { + // `01` + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 12); + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 18); + } else if (twobit == 0x02) { + // `10` + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 17); + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 13); + } else { // twobit == 0x03 + // `11` + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 7); + EncodeAddBit(data, 1, 1); + EncodeAddBit(data, 0, 23); + } + } + } + EncodeAddBit(data, 1, 1); + len = EncodeFinish(data); } return len; From be25a00444e25d810ccb9766c96d9aa40cef823f Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 4 Jul 2022 00:27:22 +0300 Subject: [PATCH 12/14] add warning --- armsrc/hfops.c | 1 + 1 file changed, 1 insertion(+) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index c71ed37ff..8785e0d85 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -156,6 +156,7 @@ static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { // 74ns 1 field cycle, // carrier frequency is fc/64 (212kHz), 4.7 mks // 0 --- 8 --- 12-15 --- 18-19 --- 26-28 --- 32 + // DO NOT NORMALIZE!!!! it must be with some error like this!!!! // `00` -- 1-25-1-5 // `01` -- 1-12-1-18 // `10` -- 1-17-1-13 From 385d754fc33479637c6b8813f0aac44afe4130e2 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 4 Jul 2022 00:29:35 +0300 Subject: [PATCH 13/14] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9aa7ff298..ff51fbd4d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -71,6 +71,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added 122 new keys from Flipper Zero community to `mfc_default_keys.dic` (@UberGuidoZ) - Added showing password for the read command in the `lf t55xx sniff` command (@merlokk) - Added reading texcom tk13 and tk17 tags with `hf texkom read` command (@merlokk @iceman1001) + - Added simulating texcom tk13 and tk17 tags with `hf texkom sim` command (@merlokk) ## [Frostbit.4.14831][2022-01-11] - Changed Wiegand format lookup - now case-insensitive (@iceman1001) From 7ed8f08e096e94a86e1e8022bd6d10d07485f7a1 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Mon, 4 Jul 2022 00:35:44 +0300 Subject: [PATCH 14/14] make style --- armsrc/hfops.c | 8 ++++---- armsrc/hfops.h | 2 +- doc/commands.json | 29 +++++++++++++++++++++++++---- doc/commands.md | 1 + 4 files changed, 31 insertions(+), 9 deletions(-) diff --git a/armsrc/hfops.c b/armsrc/hfops.c index 8785e0d85..591e80fda 100644 --- a/armsrc/hfops.c +++ b/armsrc/hfops.c @@ -101,7 +101,7 @@ static void EncodeInit(void) { encode_indx = 0; } -static void EncodeAddBit(uint8_t* data, uint8_t bit, uint8_t bit_count) { +static void EncodeAddBit(uint8_t *data, uint8_t bit, uint8_t bit_count) { for (int i = 0; i < bit_count; i++) { encode_acc = (encode_acc << 1) | (bit & 0x01); encode_acc_bit_count++; @@ -113,7 +113,7 @@ static void EncodeAddBit(uint8_t* data, uint8_t bit, uint8_t bit_count) { } } -static uint32_t EncodeFinish(uint8_t* data) { +static uint32_t EncodeFinish(uint8_t *data) { if (encode_acc_bit_count > 0) { encode_acc = encode_acc << (8 - encode_acc_bit_count); data[encode_indx++] = encode_acc; @@ -158,7 +158,7 @@ static uint32_t HfEncodeTkm(uint8_t *uid, uint8_t modulation, uint8_t *data) { // 0 --- 8 --- 12-15 --- 18-19 --- 26-28 --- 32 // DO NOT NORMALIZE!!!! it must be with some error like this!!!! // `00` -- 1-25-1-5 - // `01` -- 1-12-1-18 + // `01` -- 1-12-1-18 // `10` -- 1-17-1-13 // `11` -- 1-7-1-23 @@ -206,7 +206,7 @@ int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout) { LEDsoff(); - uint8_t* data = BigBuf_calloc(256); + uint8_t *data = BigBuf_calloc(256); uint32_t elen = HfEncodeTkm(uid, modulation, data); if (elen == 0) { DbpString("encode error"); diff --git a/armsrc/hfops.h b/armsrc/hfops.h index f1d705913..91f1de539 100644 --- a/armsrc/hfops.h +++ b/armsrc/hfops.h @@ -24,4 +24,4 @@ int HfReadADC(uint32_t samplesCount, bool ledcontrol); int HfWriteTkm(uint8_t *uid, uint8_t modulation, uint32_t timeout); -#endif \ No newline at end of file +#endif diff --git a/doc/commands.json b/doc/commands.json index 5fb476e59..dfc8a4647 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -6324,6 +6324,27 @@ ], "usage": "hf texkom reader [-hv]" }, + "hf texkom sim": { + "command": "hf texkom sim", + "description": "Simulate a texkom tag", + "notes": [ + "hf texkom sim", + "", + "hf texkom sim --raw FFFF638C7DC45553 -> simulate TK13 tag with id 8C7DC455", + "hf texkom sim --tk17 --raw FFFFCA17F31EC512 -> simulate TK17 tag with id 17F31EC5", + "hf texkom sim --id 8C7DC455 -> simulate TK13 tag with id 8C7DC455", + "hf texkom sim --id 8C7DC455 --tk17 -> simulate TK17 tag with id 17F31EC5" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-v, --verbose Verbose work", + "-t, --tk17 Use TK-17 modulation (TK-13 by default)", + "--raw Raw data for texkom card, 8 bytes. Manual modulation select.", + "--id Raw data for texkom card, 8 bytes. Manual modulation select." + ], + "usage": "hf texkom sim [-hvt] [--raw ] [--id ]" + }, "hf thinfilm help": { "command": "hf thinfilm help", "description": "help This help list List NFC Barcode / Thinfilm history - not correct", @@ -6585,8 +6606,8 @@ "command": "hw connect", "description": "Connects to a Proxmark3 device via specified serial port. Baudrate here is only for physical UART or UART-BT, NOT for USB-CDC or blue shark add-on", "notes": [ - "hw connect -p /dev/ttyACM0", - "hw connect -p /dev/ttyACM0 -b 115200" + "hw connect -p /dev/ttyacm0", + "hw connect -p /dev/ttyacm0 -b 115200" ], "offline": true, "options": [ @@ -11055,8 +11076,8 @@ } }, "metadata": { - "commands_extracted": 698, + "commands_extracted": 699, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2022-06-30T19:19:33" + "extracted_on": "2022-07-03T21:31:15" } } \ No newline at end of file diff --git a/doc/commands.md b/doc/commands.md index fe57dfbdb..4f03dee72 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -654,6 +654,7 @@ Check column "offline" for their availability. |------- |------- |----------- |`hf texkom help `|Y |`This help` |`hf texkom reader `|N |`Act like a Texkom reader` +|`hf texkom sim `|N |`Simulate a Texkom tag` ### hf xerox