mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-19 21:03:48 -07:00
lf hid sim: add support for long ID
This commit is contained in:
parent
9275304640
commit
59e66ce5fd
8 changed files with 120 additions and 45 deletions
|
@ -128,7 +128,7 @@ void RunMod() {
|
|||
WAIT_BUTTON_RELEASED();
|
||||
|
||||
Dbprintf("[=] %x %x %08x", selected, high[selected], low[selected]);
|
||||
CmdHIDsimTAG(high[selected], low[selected], 0);
|
||||
CmdHIDsimTAG(0, high[selected], low[selected], 0, 0);
|
||||
DbpString("[=] done playing");
|
||||
|
||||
if (BUTTON_HELD(1000) > 0)
|
||||
|
@ -188,7 +188,7 @@ void RunMod() {
|
|||
// Print actual code to brute
|
||||
Dbprintf("[=] TAG ID: %x%08x (%d) - FC: %u - Card: %u", high[selected], low[selected], (low[selected] >> 1) & 0xFFFF, fc, cardnum);
|
||||
|
||||
CmdHIDsimTAGEx(high[selected], low[selected], 1, 50000);
|
||||
CmdHIDsimTAGEx(0, high[selected], low[selected], 0, 1, 50000);
|
||||
}
|
||||
|
||||
cardnum = original_cardnum;
|
||||
|
@ -216,7 +216,7 @@ void RunMod() {
|
|||
// Print actual code to brute
|
||||
Dbprintf("[=] TAG ID: %x%08x (%d) - FC: %u - Card: %u", high[selected], low[selected], (low[selected] >> 1) & 0xFFFF, fc, cardnum);
|
||||
|
||||
CmdHIDsimTAGEx(high[selected], low[selected], 1, 50000);
|
||||
CmdHIDsimTAGEx(0, high[selected], low[selected], 0, 1, 50000);
|
||||
}
|
||||
|
||||
DbpString("[=] done bruteforcing");
|
||||
|
|
|
@ -102,7 +102,7 @@ void RunMod() {
|
|||
Dbprintf("[=] trying Facility = %08x ID %08x", high, i);
|
||||
|
||||
// high, i, ledcontrol, timelimit 20000
|
||||
CmdHIDsimTAGEx(high, i, false, 20000);
|
||||
CmdHIDsimTAGEx(0, high, i, 0, false, 20000);
|
||||
|
||||
SpinDelay(100);
|
||||
}
|
||||
|
|
|
@ -108,7 +108,7 @@ void RunMod() {
|
|||
Dbprintf("[=] simulating %x | %x%08x", selected, high[selected], low[selected]);
|
||||
|
||||
// high, low, no led control(A) no time limit
|
||||
CmdHIDsimTAGEx(high[selected], low[selected], false, -1);
|
||||
CmdHIDsimTAGEx(0, high[selected], low[selected], 0, false, -1);
|
||||
|
||||
DbpString("[=] simulating done");
|
||||
|
||||
|
|
|
@ -702,7 +702,8 @@ static void PacketReceived(PacketCommandNG *packet) {
|
|||
break;
|
||||
}
|
||||
case CMD_LF_HID_SIMULATE: {
|
||||
CmdHIDsimTAG(packet->oldarg[0], packet->oldarg[1], 1);
|
||||
lf_hidsim_t *payload = (lf_hidsim_t *)packet->data.asBytes;
|
||||
CmdHIDsimTAG(payload->hi2, payload->hi, payload->lo, payload->longFMT, 1);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_FSK_SIMULATE: {
|
||||
|
|
|
@ -901,16 +901,8 @@ static void fcAll(uint8_t fc, int *n, uint8_t clock, int16_t *remainder) {
|
|||
|
||||
// prepare a waveform pattern in the buffer based on the ID given then
|
||||
// simulate a HID tag until the button is pressed
|
||||
void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) {
|
||||
void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles) {
|
||||
|
||||
if (hi > 0xFFF) {
|
||||
DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags");
|
||||
return;
|
||||
}
|
||||
|
||||
// special start of frame marker containing invalid Manchester bit sequences
|
||||
uint8_t bits[8+44*2] = { 0, 0, 0, 1, 1, 1, 0, 1 };
|
||||
uint16_t n = 8;
|
||||
/*
|
||||
HID tag bitstream format
|
||||
The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits
|
||||
|
@ -925,7 +917,61 @@ void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) {
|
|||
bit 0 = fc8
|
||||
*/
|
||||
|
||||
// TODO isn't there a manchester encoding function already available?
|
||||
uint8_t bits[8+84*2] = { 0, 0, 0, 1, 1, 1, 0, 1 };
|
||||
uint8_t bitlen = 0;
|
||||
|
||||
if (longFMT) {
|
||||
// Ensure no more than 84 bits supplied
|
||||
if (hi2 > 0xFFFFF) {
|
||||
DbpString("Tags can only have 84 bits.");
|
||||
return;
|
||||
}
|
||||
bitlen = 8+84*2;
|
||||
// special start of frame marker containing invalid Manchester bit sequences
|
||||
uint16_t n = 8;
|
||||
hi2 |= 0x9E00000; // 9E: long format identifier
|
||||
// manchester encode "9E" and bits 83 to 64
|
||||
for (int i = 27; i >= 0; i--) {
|
||||
if ((hi2 >> i) & 1) {
|
||||
bits[n++] = 1;
|
||||
bits[n++] = 0;
|
||||
} else {
|
||||
bits[n++] = 0;
|
||||
bits[n++] = 1;
|
||||
}
|
||||
}
|
||||
// manchester encode bits 63 to 32
|
||||
for (int i = 31; i >= 0; i--) {
|
||||
if ((hi >> i) & 1) {
|
||||
bits[n++] = 1;
|
||||
bits[n++] = 0;
|
||||
} else {
|
||||
bits[n++] = 0;
|
||||
bits[n++] = 1;
|
||||
}
|
||||
}
|
||||
// manchester encode bits 31 to 0
|
||||
for (int i = 31; i >= 0; i--) {
|
||||
if ((lo >> i) & 1) {
|
||||
bits[n++] = 1;
|
||||
bits[n++] = 0;
|
||||
} else {
|
||||
bits[n++] = 0;
|
||||
bits[n++] = 1;
|
||||
}
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
if (hi > 0xFFF) {
|
||||
DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags");
|
||||
return;
|
||||
}
|
||||
|
||||
bitlen = 8+44*2;
|
||||
// special start of frame marker containing invalid Manchester bit sequences
|
||||
uint16_t n = 8;
|
||||
|
||||
// manchester encode bits 43 to 32
|
||||
for (int i = 11; i >= 0; i--) {
|
||||
if ((hi >> i) & 1) {
|
||||
|
@ -946,11 +992,12 @@ void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) {
|
|||
bits[n++] = 1;
|
||||
}
|
||||
}
|
||||
CmdFSKsimTAGEx(10, 8, 0, 50, sizeof(bits), bits, ledcontrol, numcycles);
|
||||
}
|
||||
CmdFSKsimTAGEx(10, 8, 0, 50, bitlen, bits, ledcontrol, numcycles);
|
||||
}
|
||||
|
||||
void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol) {
|
||||
CmdHIDsimTAGEx(hi, lo, ledcontrol, -1);
|
||||
void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol) {
|
||||
CmdHIDsimTAGEx(hi2, hi, lo, longFMT, ledcontrol, -1);
|
||||
reply_ng(CMD_LF_HID_SIMULATE, PM3_EOPABORTED, NULL, 0);
|
||||
}
|
||||
|
||||
|
|
|
@ -30,8 +30,8 @@ void SimulateTagLowFrequencyEx(int period, int gap, bool ledcontrol, int numcycl
|
|||
void SimulateTagLowFrequency(int period, int gap, bool ledcontrol);
|
||||
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
|
||||
|
||||
void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles);
|
||||
void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol);
|
||||
void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles);
|
||||
void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol);
|
||||
|
||||
void CmdFSKsimTAGEx(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol, int numcycles);
|
||||
void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol);
|
||||
|
|
|
@ -261,22 +261,41 @@ static int CmdHIDRead_device(const char *Cmd) {
|
|||
}
|
||||
*/
|
||||
static int CmdHIDSim(const char *Cmd) {
|
||||
uint32_t hi = 0, lo = 0;
|
||||
lf_hidsim_t payload;
|
||||
payload.longFMT = 0;
|
||||
uint32_t hi2 = 0, hi = 0, lo = 0;
|
||||
uint32_t n = 0, i = 0;
|
||||
|
||||
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
|
||||
if (strlen(Cmd) == 0 || ctmp == 'h') return usage_lf_hid_sim();
|
||||
|
||||
if (strchr(Cmd, 'l') != 0) {
|
||||
i++;
|
||||
while (sscanf(&Cmd[i++], "%1x", &n) == 1) {
|
||||
hi2 = (hi2 << 4) | (hi >> 28);
|
||||
hi = (hi << 4) | (lo >> 28);
|
||||
lo = (lo << 4) | (n & 0xf);
|
||||
}
|
||||
|
||||
PrintAndLogEx(INFO, "Simulating HID tag with long ID %x%08x%08x", hi2, hi, lo);
|
||||
payload.longFMT = 1;
|
||||
} else {
|
||||
while (sscanf(&Cmd[i++], "%1x", &n) == 1) {
|
||||
hi = (hi << 4) | (lo >> 28);
|
||||
lo = (lo << 4) | (n & 0xf);
|
||||
}
|
||||
PrintAndLogEx(SUCCESS, "Simulating HID tag with ID %x%08x", hi, lo);
|
||||
hi2 = 0;
|
||||
}
|
||||
|
||||
PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation");
|
||||
|
||||
payload.hi2 = hi2;
|
||||
payload.hi = hi;
|
||||
payload.lo = lo;
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandMIX(CMD_LF_HID_SIMULATE, hi, lo, 0, NULL, 0);
|
||||
SendCommandNG(CMD_LF_HID_SIMULATE, (uint8_t *)&payload, sizeof(payload));
|
||||
PacketResponseNG resp;
|
||||
WaitForResponse(CMD_LF_HID_SIMULATE, &resp);
|
||||
PrintAndLogEx(INFO, "Done");
|
||||
|
|
|
@ -197,6 +197,14 @@ typedef struct {
|
|||
uint8_t flags;
|
||||
} PACKED t55xx_write_block_t;
|
||||
|
||||
// For CMD_LF_HID_SIMULATE (FSK)
|
||||
typedef struct {
|
||||
uint32_t hi2;
|
||||
uint32_t hi;
|
||||
uint32_t lo;
|
||||
uint8_t longFMT;
|
||||
} PACKED lf_hidsim_t;
|
||||
|
||||
// For CMD_LF_FSK_SIMULATE (FSK)
|
||||
typedef struct {
|
||||
uint8_t fchigh;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue