github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 18:48:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: 'lf em 410x_watch' - now uses NG and on deviceside only

Browse source
This commit is contained in:
iceman1001 2020-06-22 13:24:33 +02:00
commit 683954316a
7 changed files with 71 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/Standalone/lf_em4100rswb.c
View file

@ -256,7 +256,7 @@ static int ExecuteMode(int mode, int slot) {
//default first mode is simulate
case LF_RWSB_MODE_READ:
Dbprintf("[=] >> Read mode started <<");
CmdEM410xdemod(1, &high[slot], &low[slot], 0);
CmdEM410xdemod(1, &high[slot], &low[slot]);
LED_Update(mode, slot);
Dbprintf("[=] >> Tag found. Saving. <<");
FlashLEDs(100, 5);

2
armsrc/Standalone/lf_em4100rwc.c
View file

@ -161,7 +161,7 @@ void RunMod(void) {
state = 3;
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
// Click - exit to select mode
CmdEM410xdemod(1, &high[selected], &low[selected], 0);
CmdEM410xdemod(1, &high[selected], &low[selected]);
FlashLEDs(100, 5);
#ifdef WITH_FLASH
SaveIDtoFlash(selected, low[selected]);

5
armsrc/appmain.c
View file

@ -824,10 +824,11 @@ static void PacketReceived(PacketCommandNG *packet) {
reply_ng(CMD_LF_IO_WATCH, res, NULL, 0);
break;
}
case CMD_LF_EM410X_DEMOD: {
case CMD_LF_EM410X_WATCH: {
uint32_t high;
uint64_t low;
CmdEM410xdemod(packet->oldarg[0], &high, &low, 1);
int res = lf_em410x_watch(0, &high, &low);
reply_ng(CMD_LF_EM410X_WATCH, res, NULL, 0);
break;
}
case CMD_LF_EM410X_WRITE: {

43
armsrc/lfops.c
View file

@ -1405,22 +1405,35 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
if (ledcontrol) LED_A_OFF();
}
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol) {
uint8_t *dest = BigBuf_get_addr();
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
size_t size, idx = 0;
int clk = 0, invert = 0, maxErr = 20;
uint32_t hi = 0;
uint64_t lo = 0;
uint8_t *dest = BigBuf_get_addr();
clear_trace();
set_tracing(false);
BigBuf_Clear_keep_EM();
LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) {
int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 2000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false);
@ -1428,10 +1441,10 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
//askdemod and manchester decode
int errCnt = askdemod(dest, &size, &clk, &invert, maxErr, 0, 1);
WDT_HIT();
if (errCnt > 50) continue;
WDT_HIT();
errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo);
if (errCnt == 1) {
if (size == 128) {
@ -1452,7 +1465,6 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
}
if (findone) {
if (ledcontrol) LED_A_OFF();
*high = hi;
*low = lo;
break;
@ -1463,8 +1475,9 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol)
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("EM man/ask demod stopped");
if (ledcontrol) LED_A_OFF();
BigBuf_free();
LEDsoff();
return res;
}
int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
@ -1474,10 +1487,10 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
uint8_t version = 0, facilitycode = 0, crc = 0;
uint16_t number = 0, calccrc = 0;
size_t size = 12000;
uint8_t *dest = BigBuf_malloc(size);
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
// Configure to go in 125kHz listen mode
LFSetupFPGAForADC(LF_DIVISOR_125, true);
@ -1501,7 +1514,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
DoAcquisition_default(-1, false);
size = 12000;
size_t size = MIN(12000, BigBuf_max_traceLen());
//fskdemod and get start index
int idx = detectIOProx(dest, &size, &dummyIdx);
@ -1563,6 +1576,8 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
calccrc = 0;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free();
LEDsoff();
return res;
}

2
armsrc/lfops.h
View file

@ -37,7 +37,7 @@ void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size,
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26
void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol);
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low);
int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567

79
client/src/cmdlfem4x.c
View file

@ -44,13 +44,24 @@ static int usage_lf_em410x_demod(void) {
PrintAndLogEx(NORMAL, " maxerror - set maximum allowed errors, default = 100.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_demod = demod an EM410x Tag ID from GraphBuffer");
PrintAndLogEx(NORMAL, " lf em 410x_demod 32 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32");
PrintAndLogEx(NORMAL, " lf em 410x_demod 32 1 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32 and inverting data");
PrintAndLogEx(NORMAL, " lf em 410x_demod 1 = demod an EM410x Tag ID from GraphBuffer while inverting data");
PrintAndLogEx(NORMAL, " lf em 410x_demod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod") " = demod an EM410x Tag ID from GraphBuffer");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 32") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 32 1") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32 and inverting data");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 1") " = demod an EM410x Tag ID from GraphBuffer while inverting data");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_demod 64 1 0") " = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
return PM3_SUCCESS;
}
static int usage_lf_em410x_watch(void) {
PrintAndLogEx(NORMAL, "Enables IOProx compatible reader mode printing details of scanned tags.");
PrintAndLogEx(NORMAL, "By default, values are printed and logged until the button is pressed or another USB command is issued.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 410x_watch");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_watch"));
return PM3_SUCCESS;
}
static int usage_lf_em410x_write(void) {
PrintAndLogEx(NORMAL, "Writes EM410x ID to a T55x7 / T5555 (Q5) tag");
PrintAndLogEx(NORMAL, "");
@ -61,7 +72,7 @@ static int usage_lf_em410x_write(void) {
PrintAndLogEx(NORMAL, " <card> - 0|1 T5555 (Q5) / T55x7");
PrintAndLogEx(NORMAL, " <clock> - 16|32|40|64, optional, set R/F clock rate, defaults to 64");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_write 0F0368568B 1 = write ID to t55x7 card");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_write 0F0368568B 1") " = write ID to t55x7 card");
return PM3_SUCCESS;
}
static int usage_lf_em410x_ws(void) {
@ -71,7 +82,7 @@ static int usage_lf_em410x_ws(void) {
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_spoof");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_spoof"));
return PM3_SUCCESS;
}
static int usage_lf_em410x_sim(void) {
@ -83,8 +94,8 @@ static int usage_lf_em410x_sim(void) {
PrintAndLogEx(NORMAL, " uid - uid (10 HEX symbols)");
PrintAndLogEx(NORMAL, " clock - clock (32|64) (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B");
PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B 32");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_sim 0F0368568B"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_sim 0F0368568B 32"));
return PM3_SUCCESS;
}
static int usage_lf_em410x_brute(void) {
@ -97,10 +108,10 @@ static int usage_lf_em410x_brute(void) {
PrintAndLogEx(NORMAL, " d (2000) - pause delay in milliseconds between UIDs simulation, default 1000 ms (optional)");
PrintAndLogEx(NORMAL, " c (32) - clock (32|64), default 64 (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt c 32");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000 c 32");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt c 32"));
PrintAndLogEx(NORMAL, _YELLOW_( " lf em 410x_brute ids.txt d 3000"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 410x_brute ids.txt d 3000 c 32"));
return PM3_SUCCESS;
}
@ -439,16 +450,20 @@ int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose) {
return PM3_ESOFT;
return AskEm410xDecode(verbose, hi, lo);
}
/*
// this read loops on device side.
// uses the demod in lfops.c
static int CmdEM410xRead_device(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
uint8_t findone = (cmdp == '1') ? 1 : 0;
SendCommandMIX(CMD_LF_EM410X_DEMOD, findone, 0, 0, NULL, 0);
return PM3_SUCCESS;
static int CmdEM410xWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em410x_watch();
clearCommandBuffer();
SendCommandNG(CMD_LF_EM410X_WATCH, NULL, 0);
PacketResponseNG resp;
WaitForResponse(CMD_LF_EM410X_WATCH, &resp);
PrintAndLogEx(INFO, "Done");
return resp.status;
}
*/
//by marshmellow
//takes 3 arguments - clock, invert and maxErr as integers
//attempts to demodulate ask while decoding manchester
@ -608,30 +623,6 @@ static int CmdEM410xBrute(const char *Cmd) {
return PM3_SUCCESS;
}
/* Function is equivalent of lf read + data samples + em410xread
* looped until an EM410x tag is detected
*
* Why is CmdSamples("16000")?
* TBD: Auto-grow sample size based on detected sample rate. IE: If the
* rate gets lower, then grow the number of samples
* Changed by martin, 4000 x 4 = 16000,
* see http://www.proxmark.org/forum/viewtopic.php?pid=7235#p7235
*
* EDIT -- capture enough to get 2 complete preambles at the slowest data rate known to be used (rf/64) (64*64*2+9 = 8201) marshmellow
*/
static int CmdEM410xWatch(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
do {
if (kbd_enter_pressed()) {
PrintAndLogEx(WARNING, "\naborted via keyboard!\n");
break;
}
lf_read(false, 12288);
} while (CmdEM410xRead("") != PM3_SUCCESS);
return PM3_SUCCESS;
}
//currently only supports manchester modulations
static int CmdEM410xWatchnSpoof(const char *Cmd) {

2
include/pm3_cmd.h
View file

@ -400,7 +400,7 @@ typedef struct {
#define CMD_LF_EM4X_READWORD 0x0218
#define CMD_LF_EM4X_WRITEWORD 0x0219
#define CMD_LF_IO_WATCH 0x021A
#define CMD_LF_EM410X_DEMOD 0x021C
#define CMD_LF_EM410X_WATCH 0x021C
// Sampling configuration for LF reader/sniffer
#define CMD_LF_SAMPLING_SET_CONFIG 0x021D
#define CMD_LF_FSK_SIMULATE 0x021E