lf hid sim: add support for long ID

armsrc/Standalone/lf_hidbrute.c

@@ -128,7 +128,7 @@ void RunMod() {
                 WAIT_BUTTON_RELEASED();
 
                 Dbprintf("[=] %x %x %08x", selected, high[selected], low[selected]);
-                CmdHIDsimTAG(high[selected], low[selected], 0);
+                CmdHIDsimTAG(0, high[selected], low[selected], 0, 0);
                 DbpString("[=] done playing");
 
                 if (BUTTON_HELD(1000) > 0)
@@ -188,7 +188,7 @@ void RunMod() {
                     // Print actual code to brute
                     Dbprintf("[=] TAG ID: %x%08x (%d) - FC: %u - Card: %u", high[selected], low[selected], (low[selected] >> 1) & 0xFFFF, fc, cardnum);
 
-                    CmdHIDsimTAGEx(high[selected], low[selected], 1, 50000);
+                    CmdHIDsimTAGEx(0, high[selected], low[selected], 0, 1, 50000);
                 }
 
                 cardnum = original_cardnum;
@@ -216,7 +216,7 @@ void RunMod() {
                     // Print actual code to brute
                     Dbprintf("[=] TAG ID: %x%08x (%d) - FC: %u - Card: %u", high[selected], low[selected], (low[selected] >> 1) & 0xFFFF, fc, cardnum);
 
-                    CmdHIDsimTAGEx(high[selected], low[selected], 1, 50000);
+                    CmdHIDsimTAGEx(0, high[selected], low[selected], 0, 1, 50000);
                 }
 
                 DbpString("[=] done bruteforcing");

armsrc/Standalone/lf_proxbrute.c

@@ -102,7 +102,7 @@ void RunMod() {
                 Dbprintf("[=] trying Facility = %08x ID %08x", high, i);
 
                 // high, i, ledcontrol,  timelimit 20000
-                CmdHIDsimTAGEx(high, i, false, 20000);
+                CmdHIDsimTAGEx(0, high, i, 0, false, 20000);
 
                 SpinDelay(100);
             }

armsrc/Standalone/lf_samyrun.c

@@ -108,7 +108,7 @@ void RunMod() {
             Dbprintf("[=] simulating %x | %x%08x", selected, high[selected], low[selected]);
 
             // high, low, no led control(A)  no time limit
-            CmdHIDsimTAGEx(high[selected], low[selected], false, -1);
+            CmdHIDsimTAGEx(0, high[selected], low[selected], 0, false, -1);
 
             DbpString("[=] simulating done");
 

armsrc/appmain.c

@@ -702,7 +702,8 @@ static void PacketReceived(PacketCommandNG *packet) {
             break;
         }
         case CMD_LF_HID_SIMULATE: {
-            CmdHIDsimTAG(packet->oldarg[0], packet->oldarg[1], 1);
+            lf_hidsim_t *payload = (lf_hidsim_t *)packet->data.asBytes;
+            CmdHIDsimTAG(payload->hi2, payload->hi, payload->lo, payload->longFMT, 1);
             break;
         }
         case CMD_LF_FSK_SIMULATE: {

armsrc/lfops.c

@@ -901,16 +901,8 @@ static void fcAll(uint8_t fc, int *n, uint8_t clock, int16_t *remainder) {
 
 // prepare a waveform pattern in the buffer based on the ID given then
 // simulate a HID tag until the button is pressed
-void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) {
+void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles) {
 
-    if (hi > 0xFFF) {
-        DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags");
-        return;
-    }
-
-    // special start of frame marker containing invalid Manchester bit sequences
-    uint8_t bits[8+44*2] = { 0, 0, 0, 1, 1, 1, 0, 1 };
-    uint16_t n = 8;
     /*
      HID tag bitstream format
      The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits
@@ -925,32 +917,87 @@ void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) {
      bit 0 = fc8
     */
 
-    // TODO isn't there a manchester encoding function already available?
+    uint8_t bits[8+84*2] = { 0, 0, 0, 1, 1, 1, 0, 1 };
-    // manchester encode bits 43 to 32
+    uint8_t bitlen = 0;
-    for (int i = 11; i >= 0; i--) {
+
-        if ((hi >> i) & 1) {
+    if (longFMT) {
-            bits[n++] = 1;
+        // Ensure no more than 84 bits supplied
-            bits[n++] = 0;
+        if (hi2 > 0xFFFFF) {
-        } else {
+            DbpString("Tags can only have 84 bits.");
-            bits[n++] = 0;
+            return;
-            bits[n++] = 1;
+        }
+        bitlen = 8+84*2;
+        // special start of frame marker containing invalid Manchester bit sequences
+        uint16_t n = 8;
+        hi2 |= 0x9E00000; // 9E: long format identifier
+        // manchester encode "9E" and bits 83 to 64
+        for (int i = 27; i >= 0; i--) {
+            if ((hi2 >> i) & 1) {
+                bits[n++] = 1;
+                bits[n++] = 0;
+            } else {
+                bits[n++] = 0;
+                bits[n++] = 1;
+            }
+        }
+        // manchester encode bits 63 to 32
+        for (int i = 31; i >= 0; i--) {
+            if ((hi >> i) & 1) {
+                bits[n++] = 1;
+                bits[n++] = 0;
+            } else {
+                bits[n++] = 0;
+                bits[n++] = 1;
+            }
+        }
+        // manchester encode bits 31 to 0
+        for (int i = 31; i >= 0; i--) {
+            if ((lo >> i) & 1) {
+                bits[n++] = 1;
+                bits[n++] = 0;
+            } else {
+                bits[n++] = 0;
+                bits[n++] = 1;
+            }
+        }
+
+    } else {
+
+        if (hi > 0xFFF) {
+            DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags");
+            return;
+        }
+
+        bitlen = 8+44*2;
+        // special start of frame marker containing invalid Manchester bit sequences
+        uint16_t n = 8;
+
+        // manchester encode bits 43 to 32
+        for (int i = 11; i >= 0; i--) {
+            if ((hi >> i) & 1) {
+                bits[n++] = 1;
+                bits[n++] = 0;
+            } else {
+                bits[n++] = 0;
+                bits[n++] = 1;
+            }
+        }
+        // manchester encode bits 31 to 0
+        for (int i = 31; i >= 0; i--) {
+            if ((lo >> i) & 1) {
+                bits[n++] = 1;
+                bits[n++] = 0;
+            } else {
+                bits[n++] = 0;
+                bits[n++] = 1;
+            }
         }
     }
-    // manchester encode bits 31 to 0
+    CmdFSKsimTAGEx(10, 8, 0, 50, bitlen, bits, ledcontrol, numcycles);
-    for (int i = 31; i >= 0; i--) {
-        if ((lo >> i) & 1) {
-            bits[n++] = 1;
-            bits[n++] = 0;
-        } else {
-            bits[n++] = 0;
-            bits[n++] = 1;
-        }
-    }
-    CmdFSKsimTAGEx(10, 8, 0, 50, sizeof(bits), bits, ledcontrol, numcycles);
 }
 
-void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol) {
+void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol) {
-    CmdHIDsimTAGEx(hi, lo, ledcontrol, -1);
+    CmdHIDsimTAGEx(hi2, hi, lo, longFMT, ledcontrol, -1);
     reply_ng(CMD_LF_HID_SIMULATE, PM3_EOPABORTED, NULL, 0);
 }
 

armsrc/lfops.h

@@ -30,8 +30,8 @@ void SimulateTagLowFrequencyEx(int period, int gap, bool ledcontrol, int numcycl
 void SimulateTagLowFrequency(int period, int gap, bool ledcontrol);
 void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
 
-void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles);
+void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles);
-void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol);
+void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol);
 
 void CmdFSKsimTAGEx(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol, int numcycles);
 void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol);

client/cmdlfhid.c

@@ -261,22 +261,41 @@ static int CmdHIDRead_device(const char *Cmd) {
 }
 */
 static int CmdHIDSim(const char *Cmd) {
-    uint32_t hi = 0, lo = 0;
+    lf_hidsim_t payload;
+    payload.longFMT = 0;
+    uint32_t hi2 = 0, hi = 0, lo = 0;
     uint32_t n = 0, i = 0;
 
     uint8_t ctmp = tolower(param_getchar(Cmd, 0));
     if (strlen(Cmd) == 0 || ctmp == 'h') return usage_lf_hid_sim();
 
-    while (sscanf(&Cmd[i++], "%1x", &n) == 1) {
+    if (strchr(Cmd, 'l') != 0) {
-        hi = (hi << 4) | (lo >> 28);
+        i++;
-        lo = (lo << 4) | (n & 0xf);
+        while (sscanf(&Cmd[i++], "%1x", &n) == 1) {
+            hi2 = (hi2 << 4) | (hi >> 28);
+            hi = (hi << 4) | (lo >> 28);
+            lo = (lo << 4) | (n & 0xf);
+        }
+
+        PrintAndLogEx(INFO, "Simulating HID tag with long ID %x%08x%08x", hi2, hi, lo);
+        payload.longFMT = 1;
+    } else {
+        while (sscanf(&Cmd[i++], "%1x", &n) == 1) {
+            hi = (hi << 4) | (lo >> 28);
+            lo = (lo << 4) | (n & 0xf);
+        }
+        PrintAndLogEx(SUCCESS, "Simulating HID tag with ID %x%08x", hi, lo);
+        hi2 = 0;
     }
 
-    PrintAndLogEx(SUCCESS, "Simulating HID tag with ID %x%08x", hi, lo);
     PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation");
 
+    payload.hi2 = hi2;
+    payload.hi = hi;
+    payload.lo = lo;
+
     clearCommandBuffer();
-    SendCommandMIX(CMD_LF_HID_SIMULATE, hi, lo, 0, NULL, 0);
+    SendCommandNG(CMD_LF_HID_SIMULATE, (uint8_t *)&payload,  sizeof(payload));
     PacketResponseNG resp;
     WaitForResponse(CMD_LF_HID_SIMULATE, &resp);
     PrintAndLogEx(INFO, "Done");

include/pm3_cmd.h

@@ -197,6 +197,14 @@ typedef struct {
     uint8_t flags;
 } PACKED t55xx_write_block_t;
 
+// For CMD_LF_HID_SIMULATE (FSK)
+typedef struct {
+    uint32_t hi2;
+    uint32_t hi;
+    uint32_t lo;
+    uint8_t longFMT;
+} PACKED lf_hidsim_t;
+
 // For CMD_LF_FSK_SIMULATE (FSK)
 typedef struct {
     uint8_t fchigh;