github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #2762 from Donny-Guo/lfhidsim

Browse source 
Fix incorrect encoding for HID with long format on sim and clone
This commit is contained in:
Iceman 2025-02-21 07:26:18 +01:00 committed by GitHub
commit 6bb7199a7b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 40 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

3
armsrc/Standalone/lf_hidbrute.c
View file

@ -257,7 +257,7 @@ void hid_corporate_1000_calculate_checksum_and_set(uint32_t *high, uint32_t *low
// Calculate new high and low base value from card number and facility code, without parity // Calculate new high and low base value from card number and facility code, without parity
new_low = (fc << 21) | (cardnum << 1); new_low = (fc << 21) | (cardnum << 1);
new_high = 0x28 | ((fc >> 11) & 1); // 0x28 is 101000 new_high = (fc >> 11) & 1;
int n_ones; int n_ones;
uint32_t i; uint32_t i;
@ -319,6 +319,7 @@ void hid_corporate_1000_calculate_checksum_and_set(uint32_t *high, uint32_t *low
new_high = new_high | 0x4; new_high = new_high | 0x4;
// Setting new calculated values // Setting new calculated values
add_HID_preamble(0, &new_high, &new_low, 35);
*low = new_low; *low = new_low;
*high = new_high; *high = new_high;
} }

3
armsrc/Standalone/lf_hidfcbrute.c
View file

@ -176,8 +176,7 @@ void hid_calculate_checksum_and_set(uint32_t *high, uint32_t *low, uint32_t card
newlow |= oddparity32((newlow >> 1) & 0xFFF); newlow |= oddparity32((newlow >> 1) & 0xFFF);
newlow |= (evenparity32((newlow >> 13) & 0xFFF)) << 25; newlow |= (evenparity32((newlow >> 13) & 0xFFF)) << 25;
newhigh |= 0x20; // Bit 37; standard header add_HID_preamble(NULL, &newhigh, &newlow, 26);
newlow |= 1U << 26; // leading 1: start bit
*low = newlow; *low = newlow;
*high = newhigh; *high = newhigh;

10
armsrc/Standalone/lf_prox2brute.c
View file

@ -16,8 +16,8 @@
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// LF HID ProxII Brutforce v2 by lnv42 - based on Proxbrute by Brad antoniewicz // LF HID ProxII Brutforce v2 by lnv42 - based on Proxbrute by Brad antoniewicz
// //
// Following code is a trivial brute forcer for when you know the facility // Following code is a trivial brute forcer (H10301 26-bit) when you know the
// code and want to find valid(s) card number(s). It will try all card // facility code and want to find valid(s) card number(s). It will try all card
// fnumbers rom CARDNUM_START to CARDNUM_END one by one (max. ~65k tries). // fnumbers rom CARDNUM_START to CARDNUM_END one by one (max. ~65k tries).
// This brute force will be a lot faster than Proxbrute that will try all // This brute force will be a lot faster than Proxbrute that will try all
// possibles values for LF low, even those with bad checksum (~4g tries). // possibles values for LF low, even those with bad checksum (~4g tries).
@ -46,8 +46,7 @@ void RunMod(void) {
StandAloneMode(); StandAloneMode();
Dbprintf(">> LF HID proxII bruteforce v2 a.k.a Prox2Brute Started <<"); Dbprintf(">> LF HID proxII bruteforce v2 a.k.a Prox2Brute Started <<");
FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
uint32_t high = 0, low = 0;
const uint32_t high = 0x20; // LF high value is always 0x20 here
uint32_t fac = FACILITY_CODE, cardnum = 0; uint32_t fac = FACILITY_CODE, cardnum = 0;
@ -79,9 +78,10 @@ void RunMod(void) {
if (BUTTON_HELD(1000) == BUTTON_HOLD) break; // long button press (>=1sec) exit if (BUTTON_HELD(1000) == BUTTON_HOLD) break; // long button press (>=1sec) exit
// calculate the new LF low value including Card number, Facility code and checksum // calculate the new LF low value including Card number, Facility code and checksum
uint32_t low = (cardnum << 1) | (fac << 17); low = (cardnum << 1) | (fac << 17);
low |= oddparity32((low >> 1) & 0xFFF); low |= oddparity32((low >> 1) & 0xFFF);
low |= evenparity32((low >> 13) & 0xFFF) << 25; low |= evenparity32((low >> 13) & 0xFFF) << 25;
add_HID_preamble(NULL, &high, &low, 26);
Dbprintf("[=] trying Facility = %08x, Card = %08x, raw = %08x%08x", Dbprintf("[=] trying Facility = %08x, Card = %08x, raw = %08x%08x",
fac, cardnum, high, low); fac, cardnum, high, low);

42
armsrc/lfops.c
View file

@ -944,6 +944,33 @@ static void fcAll(uint8_t fc, int *n, uint8_t clock, int16_t *remainder) {
} }
} }
bool add_HID_preamble(uint32_t *hi2, uint32_t *hi, uint32_t *lo, uint8_t length){
// Invalid value
if (length > 84 || length == 0)
return false;
if (length == 48) {
*hi |= 1U << (length - 32); // Example leading 1: start bit
return true;
}
if (length >= 64) {
*hi2 |= 0x09e00000; // Extended-length header
*hi2 |= 1U << (length - 64); // leading 1: start bit
} else if (length > 37) {
*hi2 |= 0x09e00000; // Extended-length header
*hi |= 1U << (length - 32); // leading 1: start bit
} else if (length == 37) {
// No header bits added to 37-bit cards
} else if (length >= 32) {
*hi |= 0x20; // Bit 37; standard header
*hi |= 1U << (length - 32); // leading 1: start bit
} else {
*hi |= 0x20; // Bit 37; standard header
*lo |= 1U << length; // leading 1: start bit
}
return true;
}
// prepare a waveform pattern in the buffer based on the ID given then // prepare a waveform pattern in the buffer based on the ID given then
// simulate a HID tag until the button is pressed // simulate a HID tag until the button is pressed
void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles) { void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles) {
@ -968,13 +995,7 @@ void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo
uint16_t n = 8; uint16_t n = 8;
if (longFMT) { if (longFMT) {
// Ensure no more than 84 bits supplied
if (hi2 > 0xFFFFF) {
DbpString("Tags can only have 84 bits.");
return;
}
bitlen = 8 + 8 * 2 + 84 * 2; bitlen = 8 + 8 * 2 + 84 * 2;
hi2 |= 0x9E00000; // 9E: long format identifier
manchesterEncodeUint32(hi2, 16 + 12, bits, &n); manchesterEncodeUint32(hi2, 16 + 12, bits, &n);
manchesterEncodeUint32(hi, 32, bits, &n); manchesterEncodeUint32(hi, 32, bits, &n);
manchesterEncodeUint32(lo, 32, bits, &n); manchesterEncodeUint32(lo, 32, bits, &n);
@ -2270,15 +2291,10 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo
uint8_t last_block = 0; uint8_t last_block = 0;
if (longFMT) { if (longFMT) {
// Ensure no more than 84 bits supplied
if (hi2 > 0xFFFFF) {
DbpString("Tags can only have 84 bits");
return;
}
// Build the 6 data blocks for supplied 84bit ID // Build the 6 data blocks for supplied 84bit ID
last_block = 6; last_block = 6;
// load preamble (1D) & long format identifier (9E manchester encoded) // load preamble (1D)
data[1] = 0x1D96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF); data[1] = 0x1D000000 | (manchesterEncode2Bytes((hi2 >> 16) & 0xFFFF) & 0xFFFFFF);
// load raw id from hi2, hi, lo to data blocks (manchester encoded) // load raw id from hi2, hi, lo to data blocks (manchester encoded)
data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF); data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF);
data[3] = manchesterEncode2Bytes(hi >> 16); data[3] = manchesterEncode2Bytes(hi >> 16);

1
armsrc/lfops.h
View file

@ -34,6 +34,7 @@ void SimulateTagLowFrequencyEx(int period, int gap, bool ledcontrol, int numcycl
void SimulateTagLowFrequency(int period, int gap, bool ledcontrol); void SimulateTagLowFrequency(int period, int gap, bool ledcontrol);
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen); void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
bool add_HID_preamble(uint32_t *hi2, uint32_t *hi, uint32_t *lo, uint8_t length);
void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles); void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles);
void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol); void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol);