github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-14 02:27:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

ADD: midnitesnakes desfire, ultralight changes from Unstable branch.

Browse source 
ADD: Marshmellows fixes for the LF (demods) commands,  (LF SEACH)
ADD: Holimans changes with hash1_brute

FIXES:  minor fixes with some calls to "free" and redundant debug statement and code cleanup. removal of commented code.
This commit is contained in:
iceman1001 2014-12-31 11:35:43 +01:00
commit 6ff6ade2f5
32 changed files with 133707 additions and 731 deletions
Download patch file Download diff file Expand all files Collapse all files

8
armsrc/Makefile
View file

@ -18,7 +18,7 @@ SRC_LF = lfops.c hitag2.c
SRC_ISO15693 = iso15693.c iso15693tools.c
SRC_ISO14443a = epa.c iso14443a.c mifareutil.c mifarecmd.c mifaresniff.c
SRC_ISO14443b = iso14443.c
SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c
SRC_CRAPTO1 = crapto1.c crypto1.c des.c aes.c desfire_key.c desfire_crypto.c mifaredesfire.c
SRC_CRC = iso14443crc.c crc.c crc16.c crc32.c
THUMBSRC = start.c \
@ -35,14 +35,14 @@ THUMBSRC = start.c \
# These are to be compiled in ARM mode
ARMSRC = fpgaloader.c \
legicrf.c \
lfdemod.c \
$(SRC_ISO14443a) \
$(SRC_ISO14443b) \
$(SRC_CRAPTO1) \
$(SRC_CRC) \
legic_prng.c \
iclass.c \
mifaredesfire.c
iclass.c
# stdint.h provided locally until GCC 4.5 becomes C99 compliant
APP_CFLAGS += -I.

3
armsrc/appmain.c
View file

@ -656,6 +656,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_IO_CLONE_TAG:
CopyIOtoT55x7(c->arg[0], c->arg[1], c->d.asBytes[0]);
break;
case CMD_EM410X_DEMOD:
CmdEM410xdemod(c->arg[0], 0, 0, 1);
break;
case CMD_EM410X_WRITE_TAG:
WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
break;

5
armsrc/apps.h
View file

@ -149,6 +149,7 @@ void SimulateTagLowFrequencyA(int period, int gap);
void CmdHIDsimTAG(int hi, int lo, uint8_t ledcontrol);
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol);
void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol);
void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol);
void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an ioProx card to T5557/T5567
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
@ -213,6 +214,10 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCIdent(); // is "magic chinese" card?
//desfire
void Mifare_DES_Auth1(uint8_t arg0,uint8_t *datain);
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain);
// mifaredesfire.h
bool InitDesfireCard();
void MifareSendCommand(uint8_t arg0,uint8_t arg1, uint8_t *datain);

4
armsrc/crapto1.c
View file

@ -44,12 +44,12 @@ static void quicksort(uint32_t* const start, uint32_t* const stop)
else if(*rit > *start)
--rit;
else
*it ^= (*it ^= *rit, *rit ^= *it);
*it ^= ( (*it ^= *rit ), *rit ^= *it);
if(*rit >= *start)
--rit;
if(rit != start)
*rit ^= (*rit ^= *start, *start ^= *rit);
*rit ^= ( (*rit ^= *start), *start ^= *rit);
quicksort(start, rit - 1);
quicksort(rit + 1, stop);

279
armsrc/lfops.c
View file

@ -11,11 +11,12 @@
#include "../include/proxmark3.h"
#include "apps.h"
#include "util.h"
#include "../include/hitag2.h"
#include "../common/crc16.h"
#include "../common/lfdemod.h"
#include "string.h"
#include "crapto1.h"
#include "mifareutil.h"
#include "mifareutil.h"
#include "../include/hitag2.h"
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz
@ -721,105 +722,12 @@ void CmdHIDsimTAG(int hi, int lo, uint8_t ledcontrol)
LED_A_OFF();
}
//translate wave to 11111100000 (1 for each short wave 0 for each long wave)
size_t fsk_demod(uint8_t * dest, size_t size)
{
uint32_t last_transition = 0;
uint32_t idx = 1;
uint32_t maxVal=0;
// // we don't care about actual value, only if it's more or less than a
// // threshold essentially we capture zero crossings for later analysis
// we do care about the actual value as sometimes near the center of the
// wave we may get static that changes direction of wave for one value
// if our value is too low it might affect the read. and if our tag or
// antenna is weak a setting too high might not see anything. [marshmellow]
if (size<100) return size;
for(idx=1; idx<100; idx++){
if(maxVal<dest[idx]) maxVal = dest[idx];
}
// set close to the top of the wave threshold with 13% margin for error
// less likely to get a false transition up there.
// (but have to be careful not to go too high and miss some short waves)
uint32_t threshold_value = (uint32_t)(maxVal*.87); idx=1;
//uint8_t threshold_value = 127;
// sync to first lo-hi transition, and threshold
//Need to threshold first sample
dest[0] = (dest[0] < threshold_value) ? 0 : 1;
size_t numBits = 0;
// count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
// or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
// between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
for(idx = 1; idx < size; idx++) {
// threshold current value
dest[idx] = (dest[idx] < threshold_value) ? 0 : 1;
// Check for 0->1 transition
if (dest[idx-1] < dest[idx]) { // 0 -> 1 transition
dest[numBits] = (idx-last_transition < 9) ? 1 : 0;
last_transition = idx;
numBits++;
}
}
return numBits; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0
}
uint32_t myround(float f)
{
if (f >= 2000) return 2000;//something bad happened
return (uint32_t) (f + (float)0.5);
}
//translate 11111100000 to 10
size_t aggregate_bits(uint8_t *dest,size_t size, uint8_t rfLen, uint8_t maxConsequtiveBits, uint8_t invert )// uint8_t h2l_crossing_value,uint8_t l2h_crossing_value,
{
uint8_t lastval=dest[0];
uint32_t idx=0;
size_t numBits=0;
uint32_t n=1;
for( idx=1; idx < size; idx++) {
if (dest[idx]==lastval) {
n++;
continue;
}
//if lastval was 1, we have a 1->0 crossing
if ( dest[idx-1]==1 ) {
n=myround((float)(n+1)/((float)(rfLen)/(float)8));
//n=(n+1) / h2l_crossing_value;
} else {// 0->1 crossing
n=myround((float)(n+1)/((float)(rfLen-2)/(float)10));
//n=(n+1) / l2h_crossing_value;
}
if (n == 0) n = 1;
if(n < maxConsequtiveBits)
{
if ( invert==0)
memset(dest+numBits, dest[idx-1] , n);
else
memset(dest+numBits, dest[idx-1]^1 , n);
numBits += n;
}
n=0;
lastval=dest[idx];
}//end for
return numBits;
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
{
uint8_t *dest = get_bigbufptr_recvrespbuf();
size_t size=0,idx=0; //, found=0;
size_t size=0; //, found=0;
uint32_t hi2=0, hi=0, lo=0;
// Configure to go in 125Khz listen mode
@ -831,58 +739,21 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
if (ledcontrol) LED_A_ON();
DoAcquisition125k_internal(-1,true);
size = sizeof(BigBuf);
if (size < 2000) continue;
// FSK demodulator
size = fsk_demod(dest, FREE_BUFFER_SIZE);
// we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
// 1->0 : fc/8 in sets of 6 (RF/50 / 8 = 6.25)
// 0->1 : fc/10 in sets of 5 (RF/50 / 10= 5)
// do not invert
size = aggregate_bits(dest,size, 50,5,0); //6,5,5,0
int bitLen = HIDdemodFSK(dest,size,&hi2,&hi,&lo);
WDT_HIT();
if (bitLen>0 && lo>0){
// final loop, go over previously decoded manchester data and decode into usable tag ID
// 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
uint8_t frame_marker_mask[] = {1,1,1,0,0,0};
int numshifts = 0;
idx = 0;
//one scan
uint8_t sameCardCount =0;
while( idx + sizeof(frame_marker_mask) < size) {
// search for a start of frame marker
if (sameCardCount>2) break; //only up to 2 valid sets of data for the same read of looping card data
if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{ // frame marker found
idx+=sizeof(frame_marker_mask);
while(dest[idx] != dest[idx+1] && idx < size-2)
{
// Keep going until next frame marker (or error)
// Shift in a bit. Start by shifting high registers
hi2=(hi2<<1)|(hi>>31);
hi=(hi<<1)|(lo>>31);
//Then, shift in a 0 or one into low
if (dest[idx] && !dest[idx+1]) // 1 0
lo=(lo<<1)|0;
else // 0 1
lo=(lo<<1)|
1;
numshifts ++;
idx += 2;
}
//Dbprintf("Num shifts: %d ", numshifts);
// Hopefully, we read a tag and hit upon the next frame marker
if(idx + sizeof(frame_marker_mask) < size)
{
if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{
if (hi2 != 0){ //extra large HID tags
Dbprintf("TAG ID: %x%08x%08x (%d)",
(unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
}
else { //standard HID tags <38 bits
}else { //standard HID tags <38 bits
//Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd
uint8_t bitlen = 0;
uint32_t fc = 0;
@ -930,50 +801,86 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF,
(unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum);
}
sameCardCount++;
if (findone){
if (ledcontrol) LED_A_OFF();
return;
}
}
}
// reset
hi2 = hi = lo = 0;
numshifts = 0;
} else {
idx++;
}
}
WDT_HIT();
//SpinDelay(50);
}
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
}
void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
{
uint8_t *dest = (uint8_t *)BigBuf;
size_t size=0; //, found=0;
uint32_t bitLen=0;
int clk=0, invert=0, errCnt=0;
uint64_t lo=0;
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(95, true);
while(!BUTTON_PRESS()) {
WDT_HIT();
if (ledcontrol) LED_A_ON();
DoAcquisition125k_internal(-1,true);
size = sizeof(BigBuf);
if (size < 2000) continue;
// FSK demodulator
//int askmandemod(uint8_t *BinStream,uint32_t *BitLen,int *clk, int *invert);
bitLen=size;
//Dbprintf("DEBUG: Buffer got");
errCnt = askmandemod(dest,&bitLen,&clk,&invert); //HIDdemodFSK(dest,size,&hi2,&hi,&lo);
//Dbprintf("DEBUG: ASK Got");
WDT_HIT();
if (errCnt>=0){
lo = Em410xDecode(dest,bitLen);
//Dbprintf("DEBUG: EM GOT");
//printEM410x(lo);
if (lo>0){
Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)",(uint32_t)(lo>>32),(uint32_t)lo,(uint32_t)(lo&0xFFFF),(uint32_t)((lo>>16LL) & 0xFF),(uint32_t)(lo & 0xFFFFFF));
}
if (findone){
if (ledcontrol) LED_A_OFF();
return;
}
} else {
//Dbprintf("DEBUG: No Tag");
}
WDT_HIT();
lo = 0;
clk=0;
invert=0;
errCnt=0;
size=0;
//SpinDelay(50);
}
DbpString("Stopped");
if (ledcontrol) LED_A_OFF();
}
uint32_t bytebits_to_byte(uint8_t* src, int numbits)
{
uint32_t num = 0;
for(int i = 0 ; i < numbits ; i++)
{
num = (num << 1) | (*src);
src++;
}
return num;
}
void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
{
uint8_t *dest = (uint8_t *)BigBuf;
size_t size=0, idx=0;
size_t size=0;
int idx=0;
uint32_t code=0, code2=0;
uint8_t isFinish = 0;
uint8_t version=0;
uint8_t facilitycode=0;
uint16_t number=0;
// Configure to go in 125Khz listen mode
LFSetupFPGAForADC(0, true);
while(!BUTTON_PRESS() & !isFinish) {
while(!BUTTON_PRESS()) {
WDT_HIT();
@ -982,23 +889,13 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
DoAcquisition125k_internal(-1,true);
size = sizeof(BigBuf);
//make sure buffer has data
if (size < 64) return;
//test samples are not just noise
uint8_t testMax=0;
for(idx=0;idx<64;idx++){
if (testMax<dest[idx]) testMax=dest[idx];
}
idx=0;
//if not just noise
if (testMax>170){
//Dbprintf("testMax: %d",testMax);
// FSK demodulator
size = fsk_demod(dest, size);
// we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
// 1->0 : fc/8 in sets of 7 (RF/64 / 8 = 8)
// 0->1 : fc/10 in sets of 6 (RF/64 / 10 = 6.4)
size = aggregate_bits(dest, size, 64, 13, 1); //13 max Consecutive should be ok as most 0s in row should be 10 for init seq - invert bits
if (size < 2000) continue;
//fskdemod and get start index
WDT_HIT();
idx = IOdemodFSK(dest,size);
if (idx>0){
//valid tag found
//Index map
//0 10 20 30 40 50 60
//| | | | | | |
@ -1008,14 +905,6 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
//
//XSF(version)facility:codeone+codetwo
//Handle the data
uint8_t sameCardCount=0;
uint8_t mask[] = {0,0,0,0,0,0,0,0,0,1};
for( idx=0; idx < (size - 74); idx++) {
if (sameCardCount>2) break;
if ( memcmp(dest + idx, mask, sizeof(mask))==0) {
//frame marker found
if (!dest[idx+8] && dest[idx+17]==1 && dest[idx+26]==1 && dest[idx+35]==1 && dest[idx+44]==1 && dest[idx+53]==1){
//confirmed proper separator bits found
if(findone){ //only print binary if we are doing one
Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx], dest[idx+1], dest[idx+2],dest[idx+3],dest[idx+4],dest[idx+5],dest[idx+6],dest[idx+7],dest[idx+8]);
Dbprintf("%d%d%d%d%d%d%d%d %d",dest[idx+9], dest[idx+10],dest[idx+11],dest[idx+12],dest[idx+13],dest[idx+14],dest[idx+15],dest[idx+16],dest[idx+17]);
@ -1027,22 +916,20 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
}
code = bytebits_to_byte(dest+idx,32);
code2 = bytebits_to_byte(dest+idx+32,32);
short version = bytebits_to_byte(dest+idx+27,8); //14,4
uint8_t facilitycode = bytebits_to_byte(dest+idx+19,8) ;
uint16_t number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
version = bytebits_to_byte(dest+idx+27,8); //14,4
facilitycode = bytebits_to_byte(dest+idx+18,8) ;
number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9
Dbprintf("XSF(%02d)%02x:%d (%08x%08x)",version,facilitycode,number,code,code2);
Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
// if we're only looking for one tag
if (findone){
if (ledcontrol) LED_A_OFF();
isFinish = 1;
break;
}
sameCardCount++;
}
}
return;
}
code=code2=0;
version=facilitycode=0;
number=0;
idx=0;
}
WDT_HIT();
}

75
armsrc/mifarecmd.c
View file

@ -1145,3 +1145,78 @@ void MifareCIdent(){
cmd_send(CMD_ACK,isOK,0,0,0,0);
}
//
// DESFIRE
//
void Mifare_DES_Auth1(uint8_t arg0, uint8_t *datain){
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
uint8_t uid[10];
uint32_t cuid;
// clear trace
iso14a_clear_trace();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
if(!iso14443a_select_card(uid, NULL, &cuid)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card, something went wrong before auth");
};
if(mifare_desfire_des_auth1(cuid, dataoutbuf)){
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part1: Fail.");
}
isOK=1;
if (MF_DBGLEVEL >= 2) DbpString("AUTH 1 FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,cuid,0,dataoutbuf,11);
LED_B_OFF();
// Thats it...
//FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain){
// params
uint32_t cuid = arg0;
uint8_t key[16]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
// variables
byte_t isOK = 0;
byte_t dataoutbuf[16];
memcpy(key, datain, 16);
// clear trace
//iso14a_clear_trace();
//iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
// Dbprintf("Sending %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
// key[0],key[1],key[2],key[3],key[4],key[5],key[6],key[7],key[8],
// key[9],key[10],key[11],key[12],key[13],key[14],key[15]);
if(mifare_desfire_des_auth2(cuid, key, dataoutbuf)){
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication part2: Fail...");
}
isOK=1;
if (MF_DBGLEVEL >= 2) DbpString("AUTH 2 FINISHED");
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,12);
LED_B_OFF();
// Thats it...
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}

94
armsrc/mifareutil.c
View file

@ -94,8 +94,8 @@ int mifare_sendcmd_short_special(struct Crypto1State *pcs, uint8_t crypted, uint
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);
if(!len) {
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2;
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2;
}
return len;
}
@ -433,7 +433,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
// variables
uint16_t len;
uint8_t par[3] = {0}; // enough for 18 parity bits
uint8_t d_block[18];
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t* receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@ -466,7 +465,6 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData)
{
uint16_t len;
uint8_t d_block[8];
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
@ -625,3 +623,91 @@ void emlClearMem(void) {
emlSetMem((uint8_t *)uid, 0, 1);
return;
}
//
//DESFIRE
//
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing)
{
uint8_t dcmd[5] = {0x00};
dcmd[0] = cmd;
memcpy(dcmd+1,data,2);
AppendCrc14443a(dcmd, 3);
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);
if(!len) {
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2;
}
return len;
}
int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing)
{
uint8_t dcmd[20] = {0x00};
dcmd[0] = cmd;
memcpy(dcmd+1,data,17);
AppendCrc14443a(dcmd, 18);
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);
if(!len){
if (MF_DBGLEVEL >= 1) Dbprintf("Authentication failed. Card timeout.");
return 2;
}
return len;
}
int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData){
// variables
int len;
// load key, keynumber
uint8_t data[2]={0x0a, 0x00};
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_special(NULL, 1, 0x02, data, receivedAnswer,receivedAnswerPar,NULL);
if (len == 1) {
if (MF_DBGLEVEL >= 1) Dbprintf("Cmd Error: %02x", receivedAnswer[0]);
return 1;
}
if (len == 12) {
if (MF_DBGLEVEL >= 1) Dbprintf("Auth1 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10],receivedAnswer[11]);
memcpy(blockData, receivedAnswer, 12);
return 0;
}
return 1;
}
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData){
// variables
int len;
uint8_t data[17]={0xaf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
memcpy(data+1,key,16);
uint8_t* receivedAnswer = get_bigbufptr_recvrespbuf();
uint8_t *receivedAnswerPar = receivedAnswer + MAX_FRAME_SIZE;
// command MIFARE_CLASSIC_READBLOCK
len = mifare_sendcmd_special2(NULL, 1, 0x03, data, receivedAnswer, receivedAnswerPar ,NULL);
if ((receivedAnswer[0] == 0x03)&&(receivedAnswer[1] == 0xae)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Auth Error: %02x %02x", receivedAnswer[0], receivedAnswer[1]);
return 1;
}
if (len == 12){
if (MF_DBGLEVEL >= 1) Dbprintf("Auth2 Resp: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
receivedAnswer[0],receivedAnswer[1],receivedAnswer[2],receivedAnswer[3],receivedAnswer[4],
receivedAnswer[5],receivedAnswer[6],receivedAnswer[7],receivedAnswer[8],receivedAnswer[9],
receivedAnswer[10],receivedAnswer[11]);
memcpy(blockData, receivedAnswer, 12);
return 0;
}
return 1;
}

6
armsrc/mifareutil.h
View file

@ -71,6 +71,12 @@ int mifare_ultra_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData);
int mifare_ultra_special_writeblock(uint32_t uid, uint8_t blockNo, uint8_t *blockData);
int mifare_classic_halt(struct Crypto1State *pcs, uint32_t uid);
int mifare_ultra_halt(uint32_t uid);
// desfire
int mifare_sendcmd_special(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer, uint8_t *answer_parity, uint32_t *timing);
int mifare_sendcmd_special2(struct Crypto1State *pcs, uint8_t crypted, uint8_t cmd, uint8_t* data, uint8_t* answer,uint8_t *answer_parity, uint32_t *timing);
int mifare_desfire_des_auth1(uint32_t uid, uint8_t *blockData);
int mifare_desfire_des_auth2(uint32_t uid, uint8_t *key, uint8_t *blockData);
// crypto functions
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *receivedCmd, int len);

8
client/Makefile
View file

@ -60,9 +60,10 @@ CMDSRCS = nonce2key/crapto1.c\
loclass/cipherutils.c \
loclass/des.c \
loclass/ikeys.c \
loclass/elite_crack.c\
loclass/fileutils.c\
mifarehost.c\
loclass/elite_crack.c \
loclass/fileutils.c \
loclass/hash1_brute.c \
mifarehost.c \
crc16.c \
iso14443crc.c \
iso15693tools.c \
@ -70,6 +71,7 @@ CMDSRCS = nonce2key/crapto1.c\
graph.c \
ui.c \
cmddata.c \
lfdemod.c \
cmdhf.c \
cmdhf14a.c \
cmdhf14b.c \

773
client/cmddata.c
View file

@ -20,7 +20,7 @@
#include "util.h"
#include "cmdmain.h"
#include "cmddata.h"
#include "lfdemod.h"
static int CmdHelp(const char *Cmd);
@ -78,12 +78,8 @@ int Cmdaskdemod(const char *Cmd)
sscanf(Cmd, "%i", &c);
if (c != 0 && c != 1) {
PrintAndLog("Invalid argument: %s", Cmd);
return 0;
}
/* Detect high and lows */
/* Detect high and lows and clock */
// (AL - clock???)
for (i = 0; i < GraphTraceLen; ++i)
{
if (GraphBuffer[i] > high)
@ -91,7 +87,13 @@ int Cmdaskdemod(const char *Cmd)
else if (GraphBuffer[i] < low)
low = GraphBuffer[i];
}
high=abs(high*.75);
low=abs(low*.75);
if (c != 0 && c != 1) {
PrintAndLog("Invalid argument: %s", Cmd);
return 0;
}
//prime loop
if (GraphBuffer[0] > 0) {
GraphBuffer[0] = 1-c;
} else {
@ -119,39 +121,14 @@ int Cmdaskdemod(const char *Cmd)
return 0;
}
void printBitStream(int BitStream[], uint32_t bitLen){
uint32_t i = 0;
if (bitLen<16) return;
if (bitLen>512) bitLen=512;
for (i = 0; i < (bitLen-16); i+=16) {
PrintAndLog("%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i",
BitStream[i],
BitStream[i+1],
BitStream[i+2],
BitStream[i+3],
BitStream[i+4],
BitStream[i+5],
BitStream[i+6],
BitStream[i+7],
BitStream[i+8],
BitStream[i+9],
BitStream[i+10],
BitStream[i+11],
BitStream[i+12],
BitStream[i+13],
BitStream[i+14],
BitStream[i+15]);
}
return;
}
void printBitStream2(uint8_t BitStream[], uint32_t bitLen){
void printBitStream(uint8_t BitStream[], uint32_t bitLen){
uint32_t i = 0;
if (bitLen<16) {
PrintAndLog("Too few bits found: %d",bitLen);
return;
}
if (bitLen>512) bitLen=512;
for (i = 0; i < (bitLen-16); i+=16) {
for (i = 0; i <= (bitLen-16); i+=16) {
PrintAndLog("%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i",
BitStream[i],
BitStream[i+1],
@ -172,219 +149,213 @@ void printBitStream2(uint8_t BitStream[], uint32_t bitLen){
}
return;
}
//by marshmellow
//takes 1s and 0s and searches for EM410x format - output EM ID
int Em410xDecode(const char *Cmd)
void printEM410x(uint64_t id)
{
//no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future
// otherwise could be a void with no arguments
//set defaults
int high=0, low=0;
uint64_t lo=0; //hi=0,
uint32_t i = 0;
uint32_t initLoopMax = 1000;
if (initLoopMax>GraphTraceLen) initLoopMax=GraphTraceLen;
for (;i < initLoopMax; ++i) //1000 samples should be plenty to find high and low values
{
if (GraphBuffer[i] > high)
high = GraphBuffer[i];
else if (GraphBuffer[i] < low)
low = GraphBuffer[i];
}
if (((high !=1)||(low !=0))){ //allow only 1s and 0s
PrintAndLog("no data found");
return 0;
}
uint8_t parityTest=0;
// 111111111 bit pattern represent start of frame
int frame_marker_mask[] = {1,1,1,1,1,1,1,1,1};
uint32_t idx = 0;
uint32_t ii=0;
uint8_t resetCnt = 0;
while( (idx + 64) < GraphTraceLen) {
restart:
// search for a start of frame marker
if ( memcmp(GraphBuffer+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{ // frame marker found
idx+=9;//sizeof(frame_marker_mask);
for (i=0; i<10;i++){
for(ii=0; ii<5; ++ii){
parityTest += GraphBuffer[(i*5)+ii+idx];
}
if (parityTest== ((parityTest>>1)<<1)){
parityTest=0;
for (ii=0; ii<4;++ii){
//hi = (hi<<1)|(lo>>31);
lo=(lo<<1LL)|(GraphBuffer[(i*5)+ii+idx]);
}
//PrintAndLog("DEBUG: EM parity passed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d,lo: %d",parityTest,i,ii,idx,GraphBuffer[idx+ii+(i*5)-5],GraphBuffer[idx+ii+(i*5)-4],GraphBuffer[idx+ii+(i*5)-3],GraphBuffer[idx+ii+(i*5)-2],GraphBuffer[idx+ii+(i*5)-1],lo);
}else {//parity failed
//PrintAndLog("DEBUG: EM parity failed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d",parityTest,i,ii,idx,GraphBuffer[idx+ii+(i*5)-5],GraphBuffer[idx+ii+(i*5)-4],GraphBuffer[idx+ii+(i*5)-3],GraphBuffer[idx+ii+(i*5)-2],GraphBuffer[idx+ii+(i*5)-1]);
parityTest=0;
idx-=8;
if (resetCnt>5)return 0;
resetCnt++;
goto restart;//continue;
}
}
//skip last 5 bit parity test for simplicity.
//get Unique ID
if (id !=0){
uint64_t iii=1;
uint64_t id2lo=0; //id2hi=0,
//for (i=0;i<8;i++){ //for uint32 instead of uint64
// id2hi=(id2hi<<1)|((hi & (iii<<(i)))>>i);
//}
uint32_t ii=0;
uint32_t i=0;
for (ii=5; ii>0;ii--){
for (i=0;i<8;i++){
id2lo=(id2lo<<1LL)|((lo & (iii<<(i+((ii-1)*8))))>>(i+((ii-1)*8)));
id2lo=(id2lo<<1LL)|((id & (iii<<(i+((ii-1)*8))))>>(i+((ii-1)*8)));
}
}
//output em id
PrintAndLog("EM TAG ID : %010llx", lo);
PrintAndLog("EM TAG ID : %010llx", id);
PrintAndLog("Unique TAG ID: %010llx", id2lo); //id2hi,
PrintAndLog("DEZ 8 : %08lld",lo & 0xFFFFFF);
PrintAndLog("DEZ 10 : %010lld",lo & 0xFFFFFF);
PrintAndLog("DEZ 5.5 : %05lld.%05lld",(lo>>16LL) & 0xFFFF,(lo & 0xFFFF));
PrintAndLog("DEZ 3.5A : %03lld.%05lld",(lo>>32ll),(lo & 0xFFFF));
PrintAndLog("DEZ 14/IK2 : %014lld",lo);
PrintAndLog("DEZ 8 : %08lld",id & 0xFFFFFF);
PrintAndLog("DEZ 10 : %010lld",id & 0xFFFFFF);
PrintAndLog("DEZ 5.5 : %05lld.%05lld",(id>>16LL) & 0xFFFF,(id & 0xFFFF));
PrintAndLog("DEZ 3.5A : %03lld.%05lld",(id>>32ll),(id & 0xFFFF));
PrintAndLog("DEZ 14/IK2 : %014lld",id);
PrintAndLog("DEZ 15/IK3 : %015lld",id2lo);
PrintAndLog("Other : %05lld_%03lld_%08lld",(lo&0xFFFF),((lo>>16LL) & 0xFF),(lo & 0xFFFFFF));
return 0;
}else{
idx++;
}
}
return 0;
PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF));
}
return;
}
int CmdEm410xDecode(const char *Cmd)
{
uint64_t id=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
uint32_t i=0;
i=getFromGraphBuf(BitStream);
id = Em410xDecode(BitStream,i);
printEM410x(id);
if (id>0) return 1;
return 0;
}
//by marshmellow
//takes 2 arguments - clock and invert both as integers
//attempts to demodulate ask while decoding manchester
//prints binary found and saves in graphbuffer for further commands
int Cmdaskmandemod(const char *Cmd)
{
uint32_t i;
int invert=0; //invert default
int high = 0, low = 0;
int clk=DetectClock(0); //clock default
uint8_t BitStream[MAX_GRAPH_TRACE_LEN] = {0};
sscanf(Cmd, "%i %i", &clk, &invert);
if (clk<8) clk =64;
if (clk<32) clk=32;
int invert=0;
int clk=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
sscanf(Cmd, "%i %i", &clk, &invert);
if (invert != 0 && invert != 1) {
PrintAndLog("Invalid argument: %s", Cmd);
return 0;
}
uint32_t initLoopMax = 1000;
if (initLoopMax>GraphTraceLen) initLoopMax=GraphTraceLen;
// Detect high and lows
PrintAndLog("Using Clock: %d and invert=%d",clk,invert);
for (i = 0; i < initLoopMax; ++i) //1000 samples should be plenty to find high and low values
{
if (GraphBuffer[i] > high)
high = GraphBuffer[i];
else if (GraphBuffer[i] < low)
low = GraphBuffer[i];
uint32_t BitLen = getFromGraphBuf(BitStream);
int errCnt=0;
errCnt = askmandemod(BitStream, &BitLen,&clk,&invert);
if (errCnt<0){ //if fatal error (or -1)
// PrintAndLog("no data found %d, errors:%d, bitlen:%d, clock:%d",errCnt,invert,BitLen,clk);
return 0;
}
if (BitLen<16) return 0;
PrintAndLog("\nUsing Clock: %d - Invert: %d - Bits Found: %d",clk,invert,BitLen);
if (errCnt>0){
PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
}
if ((high < 30) && ((high !=1)||(low !=-1))){ //throw away static - allow 1 and -1 (in case of threshold command first)
PrintAndLog("no data found");
PrintAndLog("ASK/Manchester decoded bitstream:");
// Now output the bitstream to the scrollback by line of 16 bits
printBitStream(BitStream,BitLen);
uint64_t lo =0;
lo = Em410xDecode(BitStream,BitLen);
if (lo>0){
//set GraphBuffer for clone or sim command
setGraphBuf(BitStream,BitLen);
PrintAndLog("EM410x pattern found: ");
printEM410x(lo);
}
if (BitLen>16) return 1;
return 0;
}
//by marshmellow
//manchester decode
//stricktly take 10 and 01 and convert to 0 and 1
int Cmdmandecoderaw(const char *Cmd)
{
int i =0;
int errCnt=0;
int bitnum=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
int high = 0, low = 0;
for (;i<GraphTraceLen;++i){
if (GraphBuffer[i]>high) high=GraphBuffer[i];
else if(GraphBuffer[i]<low) low=GraphBuffer[i];
BitStream[i]=GraphBuffer[i];
}
if (high>1 || low <0 ){
PrintAndLog("Error: please raw demod the wave first then mancheseter raw decode");
return 0;
}
//13% fuzz in case highs and lows aren't clipped [marshmellow]
high=(int)(0.75*high);
low=(int)(0.75*low);
//PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
int lastBit = 0; //set first clock check
uint32_t bitnum = 0; //output counter
uint8_t tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
if (clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
uint32_t iii = 0;
uint32_t gLen = GraphTraceLen;
if (gLen > 500) gLen=500;
uint8_t errCnt =0;
uint32_t bestStart = GraphTraceLen;
uint32_t bestErrCnt = (GraphTraceLen/1000);
//PrintAndLog("DEBUG - lastbit - %d",lastBit);
//loop to find first wave that works
for (iii=0; iii < gLen; ++iii){
if ((GraphBuffer[iii]>=high)||(GraphBuffer[iii]<=low)){
lastBit=iii-clk;
//loop through to see if this start location works
for (i = iii; i < GraphTraceLen; ++i) {
if ((GraphBuffer[i] >= high) && ((i-lastBit)>(clk-tol))){
lastBit+=clk;
BitStream[bitnum] = invert;
bitnum++;
} else if ((GraphBuffer[i] <= low) && ((i-lastBit)>(clk-tol))){
//low found and we are expecting a bar
lastBit+=clk;
BitStream[bitnum] = 1-invert;
bitnum++;
} else {
//mid value found or no bar supposed to be here
if ((i-lastBit)>(clk+tol)){
//should have hit a high or low based on clock!!
//debug
//PrintAndLog("DEBUG - no wave in expected area - location: %d, expected: %d-%d, lastBit: %d - resetting search",i,(lastBit+(clk-((int)(tol)))),(lastBit+(clk+((int)(tol)))),lastBit);
if (bitnum > 0){
BitStream[bitnum]=77;
bitnum++;
}
errCnt++;
lastBit+=clk;//skip over until hit too many errors
if (errCnt>((GraphTraceLen/1000))){ //allow 1 error for every 1000 samples else start over
errCnt=0;
bitnum=0;//start over
break;
}
}
}
}
//we got more than 64 good bits and not all errors
if ((bitnum > (64+errCnt)) && (errCnt<(GraphTraceLen/1000))) {
//possible good read
if (errCnt==0) break; //great read - finish
if (bestStart == iii) break; //if current run == bestErrCnt run (after exhausted testing) then finish
if (errCnt<bestErrCnt){ //set this as new best run
bestErrCnt=errCnt;
bestStart = iii;
}
}
}
if (iii>=gLen){ //exhausted test
//if there was a ok test go back to that one and re-run the best run (then dump after that run)
if (bestErrCnt < (GraphTraceLen/1000)) iii=bestStart;
}
bitnum=i;
errCnt=manrawdecode(BitStream,&bitnum);
if (errCnt>=20){
PrintAndLog("Too many errors: %d",errCnt);
return 0;
}
if (bitnum>16){
PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
//move BitStream back to GraphBuffer
PrintAndLog("Manchester Decoded - # errors:%d - data:",errCnt);
printBitStream(BitStream,bitnum);
if (errCnt==0){
//put back in graphbuffer
ClearGraph(0);
for (i=0; i < bitnum; ++i){
GraphBuffer[i]=BitStream[i];
}
GraphTraceLen=bitnum;
RepaintGraphWindow();
uint64_t id = 0;
id = Em410xDecode(BitStream,i);
printEM410x(id);
}
return 1;
}
//by marshmellow
//biphase decode
//take 01 or 10 = 0 and 11 or 00 = 1
//takes 1 argument "offset" default = 0 if 1 it will shift the decode by one bit
// since it is not like manchester and doesn't have an incorrect bit pattern we
// cannot determine if our decode is correct or if it should be shifted by one bit
// the argument offset allows us to manually shift if the output is incorrect
// (better would be to demod and decode at the same time so we can distinguish large
// width waves vs small width waves to help the decode positioning) or askbiphdemod
int CmdBiphaseDecodeRaw(const char *Cmd)
{
int i = 0;
int errCnt=0;
int bitnum=0;
int offset=0;
int high=0, low=0;
sscanf(Cmd, "%i", &offset);
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
//get graphbuffer & high and low
for (;i<GraphTraceLen;++i){
if(GraphBuffer[i]>high)high=GraphBuffer[i];
else if(GraphBuffer[i]<low)low=GraphBuffer[i];
BitStream[i]=GraphBuffer[i];
}
if (high>1 || low <0){
PrintAndLog("Error: please raw demod the wave first then decode");
return 0;
}
bitnum=i;
errCnt=BiphaseRawDecode(BitStream,&bitnum, offset);
if (errCnt>=20){
PrintAndLog("Too many errors attempting to decode: %d",errCnt);
return 0;
}
PrintAndLog("Biphase Decoded using offset: %d - # errors:%d - data:",offset,errCnt);
printBitStream(BitStream,bitnum);
PrintAndLog("\nif bitstream does not look right try offset=1");
return 1;
}
//by marshmellow
//takes 2 arguments - clock and invert both as integers
//attempts to demodulate ask only
//prints binary found and saves in graphbuffer for further commands
int Cmdaskrawdemod(const char *Cmd)
{
uint32_t i;
int invert=0;
int clk=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
sscanf(Cmd, "%i %i", &clk, &invert);
if (invert != 0 && invert != 1) {
PrintAndLog("Invalid argument: %s", Cmd);
return 0;
}
int BitLen = getFromGraphBuf(BitStream);
int errCnt=0;
errCnt = askrawdemod(BitStream, &BitLen,&clk,&invert);
if (errCnt==-1){ //throw away static - allow 1 and -1 (in case of threshold command first)
PrintAndLog("no data found");
return 0;
}
if (BitLen<16) return 0;
PrintAndLog("Using Clock: %d - invert: %d - Bits Found: %d",clk,invert,BitLen);
//PrintAndLog("Data start pos:%d, lastBit:%d, stop pos:%d, numBits:%d",iii,lastBit,i,bitnum);
//move BitStream back to GraphBuffer
ClearGraph(0);
for (i=0; i < BitLen; ++i){
GraphBuffer[i]=BitStream[i];
}
GraphTraceLen=BitLen;
RepaintGraphWindow();
//output
if (errCnt>0){
PrintAndLog("# Errors during Demoding (shown as 77 in bit stream): %d",errCnt);
}
PrintAndLog("ASK decoded bitstream:");
PrintAndLog("ASK demoded bitstream:");
// Now output the bitstream to the scrollback by line of 16 bits
printBitStream2(BitStream,bitnum);
Em410xDecode(Cmd);
}
return 0;
printBitStream(BitStream,BitLen);
return 1;
}
int CmdAutoCorr(const char *Cmd)
@ -525,240 +496,84 @@ int CmdDec(const char *Cmd)
}
/* Print our clock rate */
// uses data from graphbuffer
int CmdDetectClockRate(const char *Cmd)
{
int clock = DetectClock(0);
PrintAndLog("Auto-detected clock rate: %d", clock);
GetClock("",0,0);
return 0;
}
//by marshmellow
//demod GraphBuffer wave to 0s and 1s for each wave - 0s for short waves 1s for long waves
size_t fsk_wave_demod(int size)
{
uint32_t last_transition = 0;
uint32_t idx = 1;
uint32_t maxVal = 0;
// we don't care about actual value, only if it's more or less than a
// threshold essentially we capture zero crossings for later analysis
for(idx=1; idx<size; idx++){
if(maxVal<GraphBuffer[idx]) maxVal = GraphBuffer[idx];
}
// set close to the top of the wave threshold with 13% margin for error
// less likely to get a false transition up there.
// (but have to be careful not to go too high and miss some short waves)
uint32_t threshold_value = (uint32_t)(maxVal*.87);
idx=1;
// int threshold_value = 100;
// sync to first lo-hi transition, and threshold
// PrintAndLog("FSK init complete size: %d",size);//debug
// Need to threshold first sample
if(GraphBuffer[0] < threshold_value) GraphBuffer[0] = 0;
else GraphBuffer[0] = 1;
size_t numBits = 0;
// count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
// or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
// between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
for(idx = 1; idx < size; idx++) {
// threshold current value
if (GraphBuffer[idx] < threshold_value) GraphBuffer[idx] = 0;
else GraphBuffer[idx] = 1;
// Check for 0->1 transition
if (GraphBuffer[idx-1] < GraphBuffer[idx]) { // 0 -> 1 transition
if (idx-last_transition<6){
// do nothing with extra garbage (shouldn't be any) noise tolerance?
} else if(idx-last_transition < 9) {
GraphBuffer[numBits]=1;
// Other fsk demods reverse this making the short waves 1 and long waves 0
// this is really backwards... smaller waves will typically be 0 and larger 1 [marshmellow]
// but will leave as is and invert when needed later
} else{
GraphBuffer[numBits]=0;
}
last_transition = idx;
numBits++;
// PrintAndLog("numbits %d",numBits);
}
}
return numBits; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0
}
uint32_t myround(float f)
{
if (f >= UINT_MAX) return UINT_MAX;
return (uint32_t) (f + (float)0.5);
}
//by marshmellow (from holiman's base)
//translate 11111100000 to 10
size_t aggregate_bits(int size, uint8_t rfLen, uint8_t maxConsequtiveBits, uint8_t invert) //,uint8_t l2h_crossing_value
{
int lastval=GraphBuffer[0];
uint32_t idx=0;
size_t numBits=0;
uint32_t n=1;
uint32_t n2=0;
for( idx=1; idx < size; idx++) {
if (GraphBuffer[idx]==lastval) {
n++;
continue;
}
// if lastval was 1, we have a 1->0 crossing
if ( GraphBuffer[idx-1]==1 ) {
n=myround((float)(n+1)/((float)(rfLen)/(float)8)); //-2 noise tolerance
// n=(n+1) / h2l_crossing_value;
//truncating could get us into trouble
//now we will try with actual clock (RF/64 or RF/50) variable instead
//then devide with float casting then truncate after more acurate division
//and round to nearest int
//like n = (((float)n)/(float)rfLen/(float)10);
} else {// 0->1 crossing
n=myround((float)(n+1)/((float)(rfLen-2)/(float)10)); // as int 120/6 = 20 as float 120/(64/10) = 18 (18.75)
//n=(n+1) / l2h_crossing_value;
}
if (n == 0) n = 1; //this should never happen... should we error if it does?
if (n < maxConsequtiveBits) // Consecutive //when the consecutive bits are low - the noise tolerance can be high
//if it is high then we must be careful how much noise tolerance we allow
{
if (invert==0){ // do not invert bits
for (n2=0; n2<n; n2++){
GraphBuffer[numBits+n2]=GraphBuffer[idx-1];
}
//memset(GraphBuffer+numBits, GraphBuffer[idx-1] , n);
}else{ // invert bits
for (n2=0; n2<n; n2++){
GraphBuffer[numBits+n2]=GraphBuffer[idx-1]^1;
}
//memset(GraphBuffer+numBits, GraphBuffer[idx-1]^1 , n);
}
numBits += n;
}
n=0;
lastval=GraphBuffer[idx];
}//end for
return numBits;
}
//by marshmellow (from holiman's base)
// full fsk demod from GraphBuffer wave to decoded 1s and 0s (no mandemod)
size_t fskdemod(uint8_t rfLen, uint8_t invert)
{
//uint8_t h2l_crossing_value = 6;
//uint8_t l2h_crossing_value = 5;
// if (rfLen==64) //currently only know settings for RF/64 change from default if option entered
// {
// h2l_crossing_value=8; //or 8 as 64/8 = 8
// l2h_crossing_value=6; //or 6.4 as 64/10 = 6.4
// }
size_t size = GraphTraceLen;
// FSK demodulator
size = fsk_wave_demod(size);
size = aggregate_bits(size,rfLen,192,invert);
// size = aggregate_bits(size, h2l_crossing_value, l2h_crossing_value,192, invert); //192=no limit to same values
//done messing with GraphBuffer - repaint
RepaintGraphWindow();
return size;
}
uint32_t bytebits_to_byte(int* src, int numbits)
{
uint32_t num = 0;
for(int i = 0 ; i < numbits ; i++)
{
num = (num << 1) | (*src);
src++;
}
return num;
}
//by marshmellow
//fsk demod and print binary
//fsk raw demod and print binary
//takes 4 arguments - Clock, invert, rchigh, rclow
//defaults: clock = 50, invert=0, rchigh=10, rclow=8 (RF/10 RF/8 (fsk2a))
int CmdFSKrawdemod(const char *Cmd)
{
//raw fsk demod no manchester decoding no start bit finding just get binary from wave
//set defaults
uint8_t rfLen = 50;
uint8_t invert=0;
int rfLen = 50;
int invert=0;
int fchigh=10;
int fclow=8;
//set options from parameters entered with the command
sscanf(Cmd, "%i %i %i %i", &rfLen, &invert, &fchigh, &fclow);
if (strlen(Cmd)>0 && strlen(Cmd)<=2) {
rfLen=param_get8(Cmd, 0); //if rfLen option only is used
//rfLen=param_get8(Cmd, 0); //if rfLen option only is used
if (rfLen==1){
invert=1; //if invert option only is used
rfLen = 50;
} else if(rfLen==0) rfLen=50;
}
if (strlen(Cmd)>2) {
rfLen=param_get8(Cmd, 0); //if both options are used
invert=param_get8(Cmd,1);
}
PrintAndLog("Args invert: %d \nClock:%d",invert,rfLen);
size_t size = fskdemod(rfLen,invert);
PrintAndLog("Args invert: %d - Clock:%d - fchigh:%d - fclow: %d",invert,rfLen,fchigh, fclow);
uint32_t i=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
uint32_t BitLen = getFromGraphBuf(BitStream);
int size = fskdemod(BitStream,BitLen,(uint8_t)rfLen,(uint8_t)invert,(uint8_t)fchigh,(uint8_t)fclow);
if (size>0){
PrintAndLog("FSK decoded bitstream:");
ClearGraph(0);
for (i=0;i<size;++i){
GraphBuffer[i]=BitStream[i];
}
GraphTraceLen=size;
RepaintGraphWindow();
// Now output the bitstream to the scrollback by line of 16 bits
if(size > (7*32)+2) size = (7*32)+2; //only output a max of 7 blocks of 32 bits most tags will have full bit stream inside that sample size
printBitStream(GraphBuffer,size);
ClearGraph(1);
if(size > (8*32)+2) size = (8*32)+2; //only output a max of 8 blocks of 32 bits most tags will have full bit stream inside that sample size
printBitStream(BitStream,size);
} else{
PrintAndLog("no FSK data found");
}
return 0;
}
//by marshmellow
//by marshmellow (based on existing demod + holiman's refactor)
//HID Prox demod - FSK RF/50 with preamble of 00011101 (then manchester encoded)
//print full HID Prox ID and some bit format details if found
int CmdFSKdemodHID(const char *Cmd)
{
//raw fsk demod no manchester decoding no start bit finding just get binary from wave
//set defaults
uint8_t rfLen = 50;
uint8_t invert=0;//param_get8(Cmd, 0);
size_t idx=0;
uint32_t hi2=0, hi=0, lo=0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
uint32_t BitLen = getFromGraphBuf(BitStream);
//get binary from fsk wave
size_t size = fskdemod(rfLen,invert);
// final loop, go over previously decoded fsk data and now manchester decode into usable tag ID
// 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
int frame_marker_mask[] = {1,1,1,0,0,0};
int numshifts = 0;
idx = 0;
while( idx + 6 < size) {
// search for a start of frame marker
if ( memcmp(GraphBuffer+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{ // frame marker found
idx+=6;//sizeof(frame_marker_mask); //size of int is >6
while(GraphBuffer[idx] != GraphBuffer[idx+1] && idx < size-2)
{
// Keep going until next frame marker (or error)
// Shift in a bit. Start by shifting high registers
hi2 = (hi2<<1)|(hi>>31);
hi = (hi<<1)|(lo>>31);
//Then, shift in a 0 or one into low
if (GraphBuffer[idx] && !GraphBuffer[idx+1]) // 1 0
lo=(lo<<1)|0;
else // 0 1
lo=(lo<<1)|1;
numshifts++;
idx += 2;
size_t size = HIDdemodFSK(BitStream,BitLen,&hi2,&hi,&lo);
if (size<0){
PrintAndLog("Error demoding fsk");
return 0;
}
//PrintAndLog("Num shifts: %d ", numshifts);
// Hopefully, we read a tag and hit upon the next frame marker
if(idx + 6 < size)
{
if ( memcmp(GraphBuffer+(idx), frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{
if (hi2==0 && hi==0 && lo==0) return 0;
if (hi2 != 0){ //extra large HID tags
PrintAndLog("TAG ID: %x%08x%08x (%d)",
(unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
setGraphBuf(BitStream,BitLen);
return 1;
}
else { //standard HID tags <38 bits
//Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd
uint8_t bitlen = 0;
uint8_t fmtLen = 0;
uint32_t fc = 0;
uint32_t cardnum = 0;
if (((hi>>5)&1)==1){//if bit 38 is set then < 37 bit format is used
@ -769,84 +584,67 @@ int CmdFSKdemodHID(const char *Cmd)
lo2=lo2>>1;
idx3++;
}
bitlen =idx3+19;
fmtLen =idx3+19;
fc =0;
cardnum=0;
if(bitlen==26){
if(fmtLen==26){
cardnum = (lo>>1)&0xFFFF;
fc = (lo>>17)&0xFF;
}
if(bitlen==37){
if(fmtLen==37){
cardnum = (lo>>1)&0x7FFFF;
fc = ((hi&0xF)<<12)|(lo>>20);
}
if(bitlen==34){
if(fmtLen==34){
cardnum = (lo>>1)&0xFFFF;
fc= ((hi&1)<<15)|(lo>>17);
}
if(bitlen==35){
if(fmtLen==35){
cardnum = (lo>>1)&0xFFFFF;
fc = ((hi&1)<<11)|(lo>>21);
}
}
else { //if bit 38 is not set then 37 bit format is used
bitlen= 37;
fmtLen= 37;
fc =0;
cardnum=0;
if(bitlen==37){
if(fmtLen==37){
cardnum = (lo>>1)&0x7FFFF;
fc = ((hi&0xF)<<12)|(lo>>20);
}
}
PrintAndLog("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d",
(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF,
(unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum);
ClearGraph(1);
return 0;
(unsigned int) fmtLen, (unsigned int) fc, (unsigned int) cardnum);
setGraphBuf(BitStream,BitLen);
return 1;
}
}
}
// reset
hi2 = hi = lo = 0;
numshifts = 0;
}else
{
idx++;
}
}
if (idx + sizeof(frame_marker_mask) >= size){
PrintAndLog("start bits for hid not found");
PrintAndLog("FSK decoded bitstream:");
// Now output the bitstream to the scrollback by line of 16 bits
printBitStream(GraphBuffer,size);
}
ClearGraph(1);
return 0;
}
//by marshmellow
//IO-Prox demod - FSK RF/64 with preamble of 000000001
//print ioprox ID and some format details
int CmdFSKdemodIO(const char *Cmd)
{
//raw fsk demod no manchester decoding no start bit finding just get binary from wave
//set defaults
uint8_t rfLen = 64;
uint8_t invert=1;
size_t idx=0;
uint8_t testMax=0;
//test samples are not just noise
if (GraphTraceLen < 64) return 0;
for(idx=0;idx<64;idx++){
if (testMax<GraphBuffer[idx]) testMax=GraphBuffer[idx];
int idx=0;
//something in graphbuffer
if (GraphTraceLen < 65) return 0;
uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
uint32_t BitLen = getFromGraphBuf(BitStream);
//get binary from fsk wave
idx = IOdemodFSK(BitStream,BitLen);
if (idx<0){
//PrintAndLog("Error demoding fsk");
return 0;
}
if (idx==0){
//PrintAndLog("IO Prox Data not found - FSK Data:");
//if (BitLen > 92) printBitStream(BitStream,92);
return 0;
}
idx=0;
//get full binary from fsk wave
size_t size = fskdemod(rfLen,invert);
//if not just noise
//PrintAndLog("testMax %d",testMax);
if (testMax>40){
//Index map
//0 10 20 30 40 50 60
//| | | | | | |
@ -856,45 +654,26 @@ int CmdFSKdemodIO(const char *Cmd)
//
//XSF(version)facility:codeone+codetwo (raw)
//Handle the data
int mask[] = {0,0,0,0,0,0,0,0,0,1};
for( idx=0; idx < (size - 74); idx++) {
if ( memcmp(GraphBuffer + idx, mask, sizeof(mask))==0) {
//frame marker found
if (GraphBuffer[idx+17]==1 && GraphBuffer[idx+26]==1 && GraphBuffer[idx+35]==1 && GraphBuffer[idx+44]==1 && GraphBuffer[idx+53]==1){
//confirmed proper separator bits found
if (idx+64>BitLen) return 0;
PrintAndLog("%d%d%d%d%d%d%d%d %d",BitStream[idx], BitStream[idx+1], BitStream[idx+2], BitStream[idx+3], BitStream[idx+4], BitStream[idx+5], BitStream[idx+6], BitStream[idx+7], BitStream[idx+8]);
PrintAndLog("%d%d%d%d%d%d%d%d %d",BitStream[idx+9], BitStream[idx+10], BitStream[idx+11],BitStream[idx+12],BitStream[idx+13],BitStream[idx+14],BitStream[idx+15],BitStream[idx+16],BitStream[idx+17]);
PrintAndLog("%d%d%d%d%d%d%d%d %d facility",BitStream[idx+18], BitStream[idx+19], BitStream[idx+20],BitStream[idx+21],BitStream[idx+22],BitStream[idx+23],BitStream[idx+24],BitStream[idx+25],BitStream[idx+26]);
PrintAndLog("%d%d%d%d%d%d%d%d %d version",BitStream[idx+27], BitStream[idx+28], BitStream[idx+29],BitStream[idx+30],BitStream[idx+31],BitStream[idx+32],BitStream[idx+33],BitStream[idx+34],BitStream[idx+35]);
PrintAndLog("%d%d%d%d%d%d%d%d %d code1",BitStream[idx+36], BitStream[idx+37], BitStream[idx+38],BitStream[idx+39],BitStream[idx+40],BitStream[idx+41],BitStream[idx+42],BitStream[idx+43],BitStream[idx+44]);
PrintAndLog("%d%d%d%d%d%d%d%d %d code2",BitStream[idx+45], BitStream[idx+46], BitStream[idx+47],BitStream[idx+48],BitStream[idx+49],BitStream[idx+50],BitStream[idx+51],BitStream[idx+52],BitStream[idx+53]);
PrintAndLog("%d%d%d%d%d%d%d%d %d%d checksum",BitStream[idx+54],BitStream[idx+55],BitStream[idx+56],BitStream[idx+57],BitStream[idx+58],BitStream[idx+59],BitStream[idx+60],BitStream[idx+61],BitStream[idx+62],BitStream[idx+63]);
uint32_t code = bytebits_to_byte(BitStream+idx,32);
uint32_t code2 = bytebits_to_byte(BitStream+idx+32,32);
uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4
uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ;
uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9
PrintAndLog("%d%d%d%d%d%d%d%d %d",GraphBuffer[idx], GraphBuffer[idx+1], GraphBuffer[idx+2], GraphBuffer[idx+3], GraphBuffer[idx+4], GraphBuffer[idx+5], GraphBuffer[idx+6], GraphBuffer[idx+7], GraphBuffer[idx+8]);
PrintAndLog("%d%d%d%d%d%d%d%d %d",GraphBuffer[idx+9], GraphBuffer[idx+10], GraphBuffer[idx+11],GraphBuffer[idx+12],GraphBuffer[idx+13],GraphBuffer[idx+14],GraphBuffer[idx+15],GraphBuffer[idx+16],GraphBuffer[idx+17]);
PrintAndLog("%d%d%d%d%d%d%d%d %d",GraphBuffer[idx+18], GraphBuffer[idx+19], GraphBuffer[idx+20],GraphBuffer[idx+21],GraphBuffer[idx+22],GraphBuffer[idx+23],GraphBuffer[idx+24],GraphBuffer[idx+25],GraphBuffer[idx+26]);
PrintAndLog("%d%d%d%d%d%d%d%d %d",GraphBuffer[idx+27], GraphBuffer[idx+28], GraphBuffer[idx+29],GraphBuffer[idx+30],GraphBuffer[idx+31],GraphBuffer[idx+32],GraphBuffer[idx+33],GraphBuffer[idx+34],GraphBuffer[idx+35]);
PrintAndLog("%d%d%d%d%d%d%d%d %d",GraphBuffer[idx+36], GraphBuffer[idx+37], GraphBuffer[idx+38],GraphBuffer[idx+39],GraphBuffer[idx+40],GraphBuffer[idx+41],GraphBuffer[idx+42],GraphBuffer[idx+43],GraphBuffer[idx+44]);
PrintAndLog("%d%d%d%d%d%d%d%d %d",GraphBuffer[idx+45], GraphBuffer[idx+46], GraphBuffer[idx+47],GraphBuffer[idx+48],GraphBuffer[idx+49],GraphBuffer[idx+50],GraphBuffer[idx+51],GraphBuffer[idx+52],GraphBuffer[idx+53]);
PrintAndLog("%d%d%d%d%d%d%d%d %d%d",GraphBuffer[idx+54],GraphBuffer[idx+55],GraphBuffer[idx+56],GraphBuffer[idx+57],GraphBuffer[idx+58],GraphBuffer[idx+59],GraphBuffer[idx+60],GraphBuffer[idx+61],GraphBuffer[idx+62],GraphBuffer[idx+63]);
uint32_t code = bytebits_to_byte(GraphBuffer+idx,32);
uint32_t code2 = bytebits_to_byte(GraphBuffer+idx+32,32);
short version = bytebits_to_byte(GraphBuffer+idx+27,8); //14,4
uint8_t facilitycode = bytebits_to_byte(GraphBuffer+idx+19,8) ;
uint16_t number = (bytebits_to_byte(GraphBuffer+idx+36,8)<<8)|(bytebits_to_byte(GraphBuffer+idx+45,8)); //36,9
PrintAndLog("XSF(%02d)%02x:%d (%08x%08x)",version,facilitycode,number,code,code2);
ClearGraph(1);
return 0;
} else {
PrintAndLog("thought we had a valid tag but did not match format");
}
}
}
if (idx >= (size-74)){
PrintAndLog("start bits for io prox not found");
PrintAndLog("FSK decoded bitstream:");
// Now output the bitstream to the scrollback by line of 16 bits
printBitStream(GraphBuffer,size);
}
}
ClearGraph(1);
return 0;
PrintAndLog("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2);
setGraphBuf(BitStream,BitLen);
return 1;
}
int CmdFSKdemod(const char *Cmd) //old CmdFSKdemod needs updating
{
static const int LowTone[] = {
@ -1093,7 +872,7 @@ int CmdSamples(const char *Cmd)
int n = strtol(Cmd, NULL, 0);
if (n == 0)
n = 16000;
n = 20000;
if (n > sizeof(got))
n = sizeof(got);
@ -1107,6 +886,7 @@ int CmdSamples(const char *Cmd)
RepaintGraphWindow();
return 0;
}
int CmdTuneSamples(const char *Cmd)
{
int timeout = 0;
@ -1158,7 +938,6 @@ int CmdTuneSamples(const char *Cmd)
return 0;
}
int CmdLoad(const char *Cmd)
{
char filename[FILE_PATH_SIZE] = {0x00};
@ -1277,7 +1056,6 @@ int CmdManchesterDemod(const char *Cmd)
/* If we're not working with 1/0s, demod based off clock */
if (high != 1)
{
PrintAndLog("Entering path A");
bit = 0; /* We assume the 1st bit is zero, it may not be
* the case: this routine (I think) has an init problem.
* Ed.
@ -1585,14 +1363,16 @@ static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"amp", CmdAmp, 1, "Amplify peaks"},
{"askdemod", Cmdaskdemod, 1, "<0|1> -- Attempt to demodulate simple ASK tags"},
{"askdemod", Cmdaskdemod, 1, "<0 or 1> -- Attempt to demodulate simple ASK tags"},
{"askmandemod", Cmdaskmandemod, 1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional[clock will try Auto-detect])"},
{"askrawdemod", Cmdaskrawdemod, 1, "[clock] [invert<0 or 1>] -- Attempt to demodulate ASK tags and output binary (args optional[clock will try Auto-detect])"},
{"autocorr", CmdAutoCorr, 1, "<window length> -- Autocorrelation over window"},
{"biphaserawdecode",CmdBiphaseDecodeRaw,1,"[offset] Biphase decode binary stream already in graph buffer (offset = bit to start decode from)"},
{"bitsamples", CmdBitsamples, 0, "Get raw samples as bitstring"},
{"bitstream", CmdBitstream, 1, "[clock rate] -- Convert waveform into a bitstream"},
{"buffclear", CmdBuffClear, 1, "Clear sample buffer and graph window"},
{"dec", CmdDec, 1, "Decimate samples"},
{"detectclock", CmdDetectClockRate, 1, "Detect clock rate"},
{"detectaskclock",CmdDetectClockRate, 1, "Detect ASK clock rate"},
{"dirthreshold", CmdDirectionalThreshold, 1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
{"fskdemod", CmdFSKdemod, 1, "Demodulate graph window as a HID FSK"},
{"fskhiddemod", CmdFSKdemodHID, 1, "Demodulate graph window as a HID FSK using raw"},
@ -1605,6 +1385,7 @@ static command_t CommandTable[] =
{"load", CmdLoad, 1, "<filename> -- Load trace (to graph window"},
{"ltrim", CmdLtrim, 1, "<samples> -- Trim samples from left of trace"},
{"mandemod", CmdManchesterDemod, 1, "[i] [clock rate] -- Manchester demodulate binary stream (option 'i' to invert output)"},
{"manrawdecode", Cmdmandecoderaw, 1, "Manchester decode binary stream already in graph buffer"},
{"manmod", CmdManchesterMod, 1, "[clock rate] -- Manchester modulate a binary stream"},
{"norm", CmdNorm, 1, "Normalize max/min to +/-500"},
{"plot", CmdPlot, 1, "Show graph window (hit 'h' in window for keystroke help)"},

3
client/cmddata.h
View file

@ -18,7 +18,9 @@ int CmdData(const char *Cmd);
int CmdAmp(const char *Cmd);
int Cmdaskdemod(const char *Cmd);
int Cmdaskrawdemod(const char *Cmd);
int Cmdaskmandemod(const char *Cmd);
int CmdAutoCorr(const char *Cmd);
int CmdBiphaseDecodeRaw(const char *Cmd);
int CmdBitsamples(const char *Cmd);
int CmdBitstream(const char *Cmd);
int CmdBuffClear(const char *Cmd);
@ -34,6 +36,7 @@ int CmdHide(const char *Cmd);
int CmdHpf(const char *Cmd);
int CmdLoad(const char *Cmd);
int CmdLtrim(const char *Cmd);
int Cmdmandecoderaw(const char *Cmd);
int CmdManchesterDemod(const char *Cmd);
int CmdManchesterMod(const char *Cmd);
int CmdNorm(const char *Cmd);

250
client/cmdhfmfdesfire.c Normal file
View file

@ -0,0 +1,250 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2014 Andy Davies
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// High frequency MIFARE commands
//-----------------------------------------------------------------------------
#include "cmdhfmf.h"
#include "util.h"
#include <openssl/des.h>
#include <openssl/aes.h>
static int CmdHelp(const char *Cmd);
//DESFIRE
// Reader 2 Card : 020A, key (1 byte), CRC1 CRC2 ; auth (020a00)
// Card 2 Reader : 02AF, 8 Bytes(b0), CRC1 CRC2
// Reader 2 Card : 03AF, 8 Bytes(b1),8 bytes(b2), CRC1 CRC2
// Card 2 Reader : 0300, 8 bytes(b3), CRC1 CRC2 ; success
//send 020A00, receive enc(nc)
//02AE = error
//receive b3=enc(r4)
//r5=dec(b3)
//n'r=rol(r5)
//verify n'r=nr
int CmdHF14AMfDESAuth(const char *Cmd){
uint8_t blockNo = 0;
//keyNo=0;
uint32_t cuid=0;
uint8_t reply[16];
//DES_cblock r1_b1;
uint8_t b1[8]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t b2[8]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
DES_cblock nr, b0, r1, r0;
uint8_t key[8]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
//DES_cblock iv={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
DES_key_schedule ks1;
DES_cblock key1;
if (strlen(Cmd)<1) {
PrintAndLog("Usage: hf desfire des-auth k <key number>");
PrintAndLog(" sample: hf desfire des-auth k 0");
return 0;
}
//Change key to user defined one
memcpy(key1,key,8);
//memcpy(key2,key+8,8);
DES_set_key((DES_cblock *)key1,&ks1);
//DES_set_key((DES_cblock *)key2,&ks2);
//Auth1
UsbCommand c = {CMD_MIFARE_DES_AUTH1, {blockNo}};
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
uint8_t isOK = resp.arg[0] & 0xff;
cuid = resp.arg[1];
uint8_t * data= resp.d.asBytes;
if (isOK){
PrintAndLog("enc(nc)/b0:%s", sprint_hex(data+2,8));
memcpy(b0,data+2,8);
}
} else {
PrintAndLog("Command execute timeout");
}
//Do crypto magic
DES_random_key(&nr);
//b1=dec(nr)
//r0=dec(b0)
DES_ecb_encrypt(&nr,&b1,&ks1,0);
DES_ecb_encrypt(&b0,&r0,&ks1,0);
//PrintAndLog("b1:%s",sprint_hex(b1, 8));
PrintAndLog("r0:%s",sprint_hex(r0, 8));
//r1=rol(r0)
memcpy(r1,r0,8);
rol(r1,8);
PrintAndLog("r1:%s",sprint_hex(r1, 8));
for(int i=0;i<8;i++){
b2[i]=(r1[i] ^ b1[i]);
}
DES_ecb_encrypt(&b2,&b2,&ks1,0);
//PrintAndLog("b1:%s",sprint_hex(b1, 8));
PrintAndLog("b2:%s",sprint_hex(b2, 8));
//Auth2
UsbCommand d = {CMD_MIFARE_DES_AUTH2, {cuid}};
memcpy(reply,b1,8);
memcpy(reply+8,b2,8);
memcpy(d.d.asBytes,reply, 16);
SendCommand(&d);
UsbCommand respb;
if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
uint8_t isOK = respb.arg[0] & 0xff;
uint8_t * data2= respb.d.asBytes;
if (isOK){
PrintAndLog("b3:%s", sprint_hex(data2+2, 8));
}
} else {
PrintAndLog("Command execute timeout");
}
return 1;
}
//EV1
// Reader 2 Card : 02AA, key (1 byte), CRC1 CRC2 ; auth
// Card 2 Reader : 02AF, 16 Bytes(b0), CRC1 CRC2
// Reader 2 Card : 03AF, 16 Bytes(b1),16Bytes(b2) CRC1 CRC2
// Card 2 Reader : 0300, 16 bytes(b3), CRC1 CRC2 ; success
int CmdHF14AMfAESAuth(const char *Cmd){
uint8_t blockNo = 0;
//keyNo=0;
uint32_t cuid=0;
uint8_t reply[32];
//DES_cblock r1_b1;
//unsigned char * b1, b2, nr, b0, r0, r1;
uint8_t b1[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t b2[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t nr[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t b0[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t r0[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t r1[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
//
uint8_t key[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
uint8_t iv[16]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
AES_KEY key_e;
AES_KEY key_d;
if (strlen(Cmd)<1) {
PrintAndLog("Usage: hf desfire aes-auth k <key number>");
PrintAndLog(" sample: hf desfire aes-auth k 0");
return 0;
}
//Change key to user defined one
//
// int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,AES_KEY *key);
//int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,AES_KEY *key);
//
//memcpy(key1,key,16);
//memcpy(key2,key+8,8);
AES_set_encrypt_key(key,128,&key_e);
AES_set_decrypt_key(key,128,&key_d);
//Auth1
UsbCommand c = {CMD_MIFARE_DES_AUTH1, {blockNo}};
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
uint8_t isOK = resp.arg[0] & 0xff;
cuid = resp.arg[1];
uint8_t * data= resp.d.asBytes;
if (isOK){
PrintAndLog("enc(nc)/b0:%s", sprint_hex(data+2,16));
memcpy(b0,data+2,16);
}
} else {
PrintAndLog("Command execute timeout");
}
//
// void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
//size_t length, const AES_KEY *key,
//unsigned char *ivec, const int enc);
//Do crypto magic
//DES_random_key(&nr);
//b1=dec(nr)
//r0=dec(b0)
//AES_cbc_encrypt(&nr,&b1,16,&key,0);
AES_cbc_encrypt(&b0,&r0,16,&key_d,iv,0);
//PrintAndLog("b1:%s",sprint_hex(b1, 8));
PrintAndLog("r0:%s",sprint_hex(r0, 16));
//r1=rol(r0)
memcpy(r1,r0,16);
rol(r1,8);
PrintAndLog("r1:%s",sprint_hex(r1, 16));
for(int i=0;i<16;i++){
b1[i]=(nr[i] ^ b0[i]);
b2[i]=(r1[i] ^ b1[i]);
}
PrintAndLog("nr:%s",sprint_hex(nr, 16));
AES_cbc_encrypt(&b1,&b1,16,&key_e,iv,1);
AES_cbc_encrypt(&b2,&b2,16,&key_e,iv,1);
PrintAndLog("b1:%s",sprint_hex(b1, 16));
PrintAndLog("b2:%s",sprint_hex(b2, 16));
//Auth2
UsbCommand d = {CMD_MIFARE_DES_AUTH2, {cuid}};
memcpy(reply,b1,16);
memcpy(reply+16,b2,16);
memcpy(d.d.asBytes,reply, 32);
SendCommand(&d);
UsbCommand respb;
if (WaitForResponseTimeout(CMD_ACK,&respb,1500)) {
uint8_t isOK = respb.arg[0] & 0xff;
uint8_t * data2= respb.d.asBytes;
if (isOK){
PrintAndLog("b3:%s", sprint_hex(data2+2, 16));
}
} else {
PrintAndLog("Command execute timeout");
}
return 1;
}
//------------------------------------
// Menu Stuff
//------------------------------------
static command_t CommandTable[] =
{
{"help", CmdHelp, 1,"This help"},
{"dbg", CmdHF14AMfDbg, 0,"Set default debug mode"},
{"des-auth",CmdHF14AMfDESAuth, 0,"Desfire Authentication"},
{"ev1-auth",CmdHF14AMfAESAuth, 0,"EV1 Authentication"},
{NULL, NULL, 0, NULL}
};
int CmdHFMFDesfire(const char *Cmd){
// flush
WaitForResponseTimeout(CMD_ACK,NULL,100);
CmdsParse(CommandTable, Cmd);
return 0;
}
int CmdHelp(const char *Cmd){
CmdsHelp(CommandTable);
return 0;
}

5
client/cmdhfmfdesfire.h Normal file
View file

@ -0,0 +1,5 @@
static int CmdHelp(const char *Cmd);
int CmdHF14AMfDESAuth(const char *Cmd);
int CmdHFMFDesfire(const char *Cmd);
int CmdHelp(const char *Cmd);

38
client/cmdlf.c
View file

@ -171,9 +171,10 @@ int CmdIndalaDemod(const char *Cmd)
count = 0;
}
}
PrintAndLog("Recovered %d raw bits", rawbit);
if (rawbit>0){
PrintAndLog("Recovered %d raw bits, expected: %d", rawbit, GraphTraceLen/32);
PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
} else return 0;
// Finding the start of a UID
int uidlen, long_wait;
if (strcmp(Cmd, "224") == 0) {
@ -303,7 +304,7 @@ int CmdIndalaDemod(const char *Cmd)
}
RepaintGraphWindow();
return 0;
return 1;
}
int CmdIndalaClone(const char *Cmd)
@ -567,6 +568,36 @@ int CmdVchDemod(const char *Cmd)
return 0;
}
//by marshmellow
int CmdLFfind(const char *Cmd)
{
int ans=0;
if (!offline){
ans=CmdLFRead("");
//ans=CmdSamples("20000");
}
if (GraphTraceLen<1000) return 0;
PrintAndLog("Checking for known tags:");
ans=Cmdaskmandemod("");
PrintAndLog("ASK_MAN: %s", (ans)?"YES":"NO" );
ans=CmdFSKdemodHID("");
PrintAndLog("HID: %s", (ans)?"YES":"NO" );
ans=CmdFSKdemodIO("");
PrintAndLog("IO prox: %s", (ans)?"YES":"NO" );
ans=CmdIndalaDemod("");
PrintAndLog("Indala (64): %s", (ans)?"YES":"NO" );
ans=CmdIndalaDemod("224");
PrintAndLog("Indala (224): %s", (ans)?"YES":"NO" );
//PrintAndLog("No Known Tags Found!\n");
return 0;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
@ -579,6 +610,7 @@ static command_t CommandTable[] =
{"read", CmdLFRead, 0, "['h' or <divisor>] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134, alternatively: f=12MHz/(divisor+1))"},
{"search", CmdLFfind, 1, "Read and Search for valid known tag (in offline mode it you can load first then search)"},
{"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
{"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
{"simman", CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},

1
client/cmdlf.h
View file

@ -23,5 +23,6 @@ int CmdLFSimBidir(const char *Cmd);
int CmdLFSimManchester(const char *Cmd);
int CmdLFSnoop(const char *Cmd);
int CmdVchDemod(const char *Cmd);
int CmdLFfind(const char *Cmd);
#endif

16
client/cmdlfem4x.c
View file

@ -28,6 +28,20 @@ char *global_em410xId;
static int CmdHelp(const char *Cmd);
int CmdEMdemodASK(const char *Cmd)
{
int findone=0;
UsbCommand c={CMD_EM410X_DEMOD};
if(Cmd[0]=='1') findone=1;
c.arg[0]=findone;
SendCommand(&c);
return 0;
}
/* Read the ID of an EM410x tag.
* Format:
* 1111 1111 1 <-- standard non-repeatable header
@ -644,7 +658,7 @@ int CmdWriteWordPWD(const char *Cmd)
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"410xdemod", CmdEMdemodASK, 0, "[clock rate] -- Extract ID from EM410x tag"},
{"410xread", CmdEM410xRead, 1, "[clock rate] -- Extract ID from EM410x tag"},
{"410xsim", CmdEM410xSim, 0, "<UID> -- Simulate EM410x tag"},
{"replay", MWRem4xReplay, 0, "Watches for tag and simulates manchester encoded em4x tag"},

2
client/cmdlfem4x.h
View file

@ -12,7 +12,7 @@
#define CMDLFEM4X_H__
int CmdLFEM4X(const char *Cmd);
int CmdEMdemodASK(const char *Cmd);
int CmdEM410xRead(const char *Cmd);
int CmdEM410xSim(const char *Cmd);
int CmdEM410xWatch(const char *Cmd);

1
client/cmdlfhitag.c
View file

@ -159,6 +159,7 @@ int CmdLFHitagSim(const char *Cmd) {
tag_mem_supplied = true;
if (fread(c.d.asBytes,48,1,pf) == 0) {
PrintAndLog("Error: File reading error");
fclose(pf);
return 1;
}
fclose(pf);

55
client/graph.c
View file

@ -13,6 +13,7 @@
#include <string.h>
#include "ui.h"
#include "graph.h"
#include "lfdemod.h"
int GraphBuffer[MAX_GRAPH_TRACE_LEN];
int GraphTraceLen;
@ -51,9 +52,9 @@ int ClearGraph(int redraw)
/*
* Detect clock rate
*/
//decommissioned - has difficulty detecting rf/32 and only works if data is manchester encoded
//decommissioned - has difficulty detecting rf/32
/*
int DetectClock2(int peak)
int DetectClockOld(int peak)
{
int i;
int clock = 0xFFFF;
@ -65,6 +66,7 @@ int DetectClock2(int peak)
if (GraphBuffer[i] > peak)
peak = GraphBuffer[i];
// peak=(int)(peak*.75);
for (i = 1; i < GraphTraceLen; ++i)
{
// If this is the beginning of a peak
@ -80,17 +82,21 @@ int DetectClock2(int peak)
return clock;
}
*/
/*
NOW IN LFDEMOD.C
// by marshmellow
// not perfect especially with lower clocks or VERY good antennas (heavy wave clipping)
// maybe somehow adjust peak trimming value based on samples to fix?
int DetectClock(int peak)
int DetectASKClock(int peak)
{
int i=0;
int low=0;
int clk[]={16,32,40,50,64,100,128,256};
int loopCnt = 256;
if (GraphTraceLen<loopCnt) loopCnt = GraphTraceLen;
if (!peak){
for (i=0;i<GraphTraceLen;++i){
for (i=0;i<loopCnt;++i){
if(GraphBuffer[i]>peak){
peak = GraphBuffer[i];
}
@ -101,15 +107,11 @@ int DetectClock(int peak)
peak=(int)(peak*.75);
low= (int)(low*.75);
}
//int numbits;
int ii;
int loopCnt = 256;
if (GraphTraceLen<loopCnt) loopCnt = GraphTraceLen;
int clkCnt;
int tol = 0;
int bestErr=1000;
int errCnt[]={0,0,0,0,0,0,0,0};
// int good;
for(clkCnt=0; clkCnt<6;++clkCnt){
if (clk[clkCnt]==32){
tol=1;
@ -119,26 +121,19 @@ int DetectClock(int peak)
bestErr=1000;
for (ii=0; ii<loopCnt; ++ii){
if ((GraphBuffer[ii]>=peak) || (GraphBuffer[ii]<=low)){
//numbits=0;
//good=1;
errCnt[clkCnt]=0;
for (i=0; i<((int)(GraphTraceLen/clk[clkCnt])-1); ++i){
if (GraphBuffer[ii+(i*clk[clkCnt])]>=peak || GraphBuffer[ii+(i*clk[clkCnt])]<=low){
//numbits++;
}else if(GraphBuffer[ii+(i*clk[clkCnt])-tol]>=peak || GraphBuffer[ii+(i*clk[clkCnt])-tol]<=low){
}else if(GraphBuffer[ii+(i*clk[clkCnt])+tol]>=peak || GraphBuffer[ii+(i*clk[clkCnt])+tol]<=low){
}else{ //error no peak detected
//numbits=0;
//good=0;
errCnt[clkCnt]++;
//break;
}
}
if(errCnt[clkCnt]==0) return clk[clkCnt];
if(errCnt[clkCnt]<bestErr) bestErr=errCnt[clkCnt];
}
}
errCnt[clkCnt]=bestErr;
}
int iii=0;
int best=0;
@ -147,11 +142,31 @@ int DetectClock(int peak)
best = iii;
}
}
PrintAndLog("clkCnt: %d, ii: %d, i: %d peak: %d, low: %d, errcnt: %d, errCnt64: %d",clkCnt,ii,i,peak,low,errCnt[best],errCnt[4]);
// PrintAndLog("DEBUG: clkCnt: %d, ii: %d, i: %d peak: %d, low: %d, errcnt: %d, errCnt64: %d",clkCnt,ii,i,peak,low,errCnt[best],errCnt[4]);
return clk[best];
}
*/
void setGraphBuf(uint8_t *buff,int size)
{
int i=0;
ClearGraph(0);
for (; i < size; ++i){
GraphBuffer[i]=buff[i];
}
GraphTraceLen=size;
RepaintGraphWindow();
return;
}
int getFromGraphBuf(uint8_t *buff)
{
uint32_t i;
for (i=0;i<GraphTraceLen;++i){
if (GraphBuffer[i]>127) GraphBuffer[i]=127; //trim
if (GraphBuffer[i]<-127) GraphBuffer[i]=-127; //trim
buff[i]=(uint8_t)(GraphBuffer[i]+128);
}
return i;
}
/* Get or auto-detect clock rate */
int GetClock(const char *str, int peak, int verbose)
{
@ -164,7 +179,9 @@ int GetClock(const char *str, int peak, int verbose)
/* Auto-detect clock */
if (!clock)
{
clock = DetectClock(peak);
uint8_t grph[MAX_GRAPH_TRACE_LEN]={0};
int size = getFromGraphBuf(grph);
clock = DetectASKClock(grph,size,0);
//clock2 = DetectClock2(peak);
/* Only print this message if we're not looping something */
if (!verbose)

4
client/graph.h
View file

@ -13,8 +13,10 @@
void AppendGraph(int redraw, int clock, int bit);
int ClearGraph(int redraw);
int DetectClock(int peak);
//int DetectClock(int peak);
int getFromGraphBuf(uint8_t *buff);
int GetClock(const char *str, int peak, int verbose);
void setGraphBuf(uint8_t *buff,int size);
bool HasGraphData();
#define MAX_GRAPH_TRACE_LEN (1024*128)

1
client/loclass/cipherutils.c
View file

@ -207,6 +207,7 @@ void printarr_human_readable(char * title, uint8_t* arr, int len)
cx += snprintf(output+cx,outsize-cx, "%02x ",*(arr+i));
}
prnlog(output);
free(output);
}
//-----------------------------

92
client/loclass/hash1_brute.c Normal file
View file

@ -0,0 +1,92 @@
#include <stdio.h>
#include "cipherutils.h"
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <unistd.h>
#include <ctype.h>
#include "elite_crack.h"
void calc_score(uint8_t* csn, uint8_t* k)
{
uint8_t score =0 ;
uint8_t i;
uint8_t goodvals[16] = {0};
uint8_t uniq_vals[8] = {0};
memset(goodvals, 0x00, 16);
memset(uniq_vals, 0x00, 8);
uint8_t badval = 0;
int badscore =0;
for(i=0; i < 8 ; i++)
{
if(k[i] == 0x01) continue;
if(k[i] == 0x00) continue;
if(k[i] == 0x45) continue;
if(k[i] < 16){
goodvals[k[i]] = 1;
}
// if(k[i] ==9 || k[i]==2){
// goodvals[k[i]] = 1;
// }
else if(k[i]>=16){
badscore++;
badval = k[i];
}
}
for(i =0; i < 16; i++)
{
if(goodvals[i])
{
uniq_vals[score] = i;
score +=1;
}
}
if(score >=2 && badscore < 2)
{
printf("CSN\t%02x%02x%02x%02x%02x%02x%02x%02x\t%02x %02x %02x %02x %02x %02x %02x %02x\t"
,csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]
,k[0],k[1],k[2],k[3],k[4],k[5],k[6],k[7]
);
for(i =0 ; i < score; i++)
{
printf("%d,", uniq_vals[i]);
}
printf("\tbadscore: %d (%02x)", badscore, badval);
printf("\r\n");
}
}
void brute_hash1(){
uint8_t csn[8] = {0,0,0,0,0xf7,0xff,0x12,0xe0};
uint8_t k[8]= {0,0,0,0,0,0,0,0};
uint16_t a,b,c,d;
uint8_t testcsn[8] ={0x00,0x0d,0x0f,0xfd,0xf7,0xff,0x12,0xe0} ;
uint8_t testkey[8] ={0x05 ,0x01 ,0x00 ,0x10 ,0x45 ,0x08 ,0x45,0x56} ;
calc_score(testcsn,testkey);
printf("Brute forcing hashones\n");
//exit(1);
for(a=0;a < 256;a++)
{
//if(a > 0)printf("%d/256 done...\n", a);
for(b=0;b < 256 ; b++)
for(c=0;c < 256;c++)
for(d=0;d < 256;d++)
{
csn[0] = a;
csn[1] = b;
csn[2] = c;
csn[3] = d;
csn[4] = 0xf7;
csn[5] = 0xff;
csn[6] = 0x12;
csn[7] = 0xe0;
hash1(csn, k);
calc_score(csn,k);
}
}
}

5
client/loclass/hash1_brute.h Normal file
View file

@ -0,0 +1,5 @@
#ifndef HASH1_BRUTE_H
#define HASH1_BRUTE_H
void brute_hash1();
#endif // HASH1_BRUTE_H

6
client/loclass/ikeys.c
View file

@ -742,7 +742,11 @@ int readKeyFile(uint8_t key[8])
f = fopen("iclass_key.bin", "rb");
if (f)
{
if(fread(key, sizeof(key), 1, f) == 1) return 0;
if(fread(key, sizeof(uint8_t), 8, f) == 1)
{
retval = 0;
}
fclose(f);
}
return retval;
}

677
common/lfdemod.c Normal file
View file

@ -0,0 +1,677 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2014
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency commands
//-----------------------------------------------------------------------------
#include <stdlib.h>
#include <string.h>
#include "lfdemod.h"
//by marshmellow
//takes 1s and 0s and searches for EM410x format - output EM ID
uint64_t Em410xDecode(uint8_t *BitStream,uint32_t BitLen)
{
//no arguments needed - built this way in case we want this to be a direct call from "data " cmds in the future
// otherwise could be a void with no arguments
//set defaults
int high=0, low=128;
uint64_t lo=0; //hi=0,
uint32_t i = 0;
uint32_t initLoopMax = 65;
if (initLoopMax>BitLen) initLoopMax=BitLen;
for (;i < initLoopMax; ++i) //65 samples should be plenty to find high and low values
{
if (BitStream[i] > high)
high = BitStream[i];
else if (BitStream[i] < low)
low = BitStream[i];
}
if (((high !=1)||(low !=0))){ //allow only 1s and 0s
// PrintAndLog("no data found");
return 0;
}
uint8_t parityTest=0;
// 111111111 bit pattern represent start of frame
uint8_t frame_marker_mask[] = {1,1,1,1,1,1,1,1,1};
uint32_t idx = 0;
uint32_t ii=0;
uint8_t resetCnt = 0;
while( (idx + 64) < BitLen) {
restart:
// search for a start of frame marker
if ( memcmp(BitStream+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{ // frame marker found
idx+=9;//sizeof(frame_marker_mask);
for (i=0; i<10;i++){
for(ii=0; ii<5; ++ii){
parityTest += BitStream[(i*5)+ii+idx];
}
if (parityTest== ((parityTest>>1)<<1)){
parityTest=0;
for (ii=0; ii<4;++ii){
//hi = (hi<<1)|(lo>>31);
lo=(lo<<1LL)|(BitStream[(i*5)+ii+idx]);
}
//PrintAndLog("DEBUG: EM parity passed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d,lo: %d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1],lo);
}else {//parity failed
//PrintAndLog("DEBUG: EM parity failed parity val: %d, i:%d, ii:%d,idx:%d, Buffer: %d%d%d%d%d",parityTest,i,ii,idx,BitStream[idx+ii+(i*5)-5],BitStream[idx+ii+(i*5)-4],BitStream[idx+ii+(i*5)-3],BitStream[idx+ii+(i*5)-2],BitStream[idx+ii+(i*5)-1]);
parityTest=0;
idx-=8;
if (resetCnt>5)return 0;
resetCnt++;
goto restart;//continue;
}
}
//skip last 5 bit parity test for simplicity.
return lo;
}else{
idx++;
}
}
return 0;
}
//by marshmellow
//takes 2 arguments - clock and invert both as integers
//attempts to demodulate ask while decoding manchester
//prints binary found and saves in graphbuffer for further commands
int askmandemod(uint8_t * BinStream,uint32_t *BitLen,int *clk, int *invert)
{
int i;
int high = 0, low = 128;
*clk=DetectASKClock(BinStream,(size_t)*BitLen,*clk); //clock default
if (*clk<8) *clk =64;
if (*clk<32) *clk=32;
if (*invert != 1) *invert=0;
uint32_t initLoopMax = 200;
if (initLoopMax>*BitLen) initLoopMax=*BitLen;
// Detect high and lows
for (i = 0; i < initLoopMax; ++i) //200 samples should be enough to find high and low values
{
if (BinStream[i] > high)
high = BinStream[i];
else if (BinStream[i] < low)
low = BinStream[i];
}
if ((high < 158) ){ //throw away static
return -2;
}
//25% fuzz in case highs and lows aren't clipped [marshmellow]
high=(int)((high-128)*.75)+128;
low= (int)((low-128)*.75)+128;
//PrintAndLog("DEBUG - valid high: %d - valid low: %d",high,low);
int lastBit = 0; //set first clock check
uint32_t bitnum = 0; //output counter
int tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
if (*clk==32)tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
int iii = 0;
uint32_t gLen = *BitLen;
if (gLen > 3000) gLen=3000;
uint8_t errCnt =0;
uint32_t bestStart = *BitLen;
uint32_t bestErrCnt = (*BitLen/1000);
uint32_t maxErr = (*BitLen/1000);
//loop to find first wave that works
for (iii=0; iii < gLen; ++iii){
if ((BinStream[iii]>=high)||(BinStream[iii]<=low)){
lastBit=iii-*clk;
errCnt=0;
//loop through to see if this start location works
for (i = iii; i < *BitLen; ++i) {
if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){
lastBit+=*clk;
} else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){
//low found and we are expecting a bar
lastBit+=*clk;
} else {
//mid value found or no bar supposed to be here
if ((i-lastBit)>(*clk+tol)){
//should have hit a high or low based on clock!!
errCnt++;
lastBit+=*clk;//skip over until hit too many errors
if (errCnt>(maxErr)) break; //allow 1 error for every 1000 samples else start over
}
}
if ((i-iii) >(400 * *clk)) break; //got plenty of bits
}
//we got more than 64 good bits and not all errors
if ((((i-iii)/ *clk) > (64+errCnt)) && (errCnt<maxErr)) {
//possible good read
if (errCnt==0){
bestStart=iii;
bestErrCnt=errCnt;
break; //great read - finish
}
if (errCnt<bestErrCnt){ //set this as new best run
bestErrCnt=errCnt;
bestStart = iii;
}
}
}
}
if (bestErrCnt<maxErr){
//best run is good enough set to best run and set overwrite BinStream
iii=bestStart;
lastBit=bestStart-*clk;
bitnum=0;
for (i = iii; i < *BitLen; ++i) {
if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){
lastBit+=*clk;
BinStream[bitnum] = *invert;
bitnum++;
} else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){
//low found and we are expecting a bar
lastBit+=*clk;
BinStream[bitnum] = 1-*invert;
bitnum++;
} else {
//mid value found or no bar supposed to be here
if ((i-lastBit)>(*clk+tol)){
//should have hit a high or low based on clock!!
if (bitnum > 0){
BinStream[bitnum]=77;
bitnum++;
}
lastBit+=*clk;//skip over error
}
}
if (bitnum >=400) break;
}
*BitLen=bitnum;
} else{
*invert=bestStart;
*clk=iii;
return -1;
}
return bestErrCnt;
}
//by marshmellow
//take 10 and 01 and manchester decode
//run through 2 times and take least errCnt
int manrawdecode(uint8_t * BitStream, int *bitLen)
{
int bitnum=0;
int errCnt =0;
int i=1;
int bestErr = 1000;
int bestRun = 0;
int ii=1;
for (ii=1;ii<3;++ii){
i=1;
for (i=i+ii;i<*bitLen-2;i+=2){
if(BitStream[i]==1 && (BitStream[i+1]==0)){
} else if((BitStream[i]==0)&& BitStream[i+1]==1){
} else {
errCnt++;
}
if(bitnum>300) break;
}
if (bestErr>errCnt){
bestErr=errCnt;
bestRun=ii;
}
errCnt=0;
}
errCnt=bestErr;
if (errCnt<20){
ii=bestRun;
i=1;
for (i=i+ii;i<*bitLen-2;i+=2){
if(BitStream[i]==1 && (BitStream[i+1]==0)){
BitStream[bitnum++]=0;
} else if((BitStream[i]==0)&& BitStream[i+1]==1){
BitStream[bitnum++]=1;
} else {
BitStream[bitnum++]=77;
//errCnt++;
}
if(bitnum>300) break;
}
*bitLen=bitnum;
}
return errCnt;
}
//by marshmellow
//take 01 or 10 = 0 and 11 or 00 = 1
int BiphaseRawDecode(uint8_t * BitStream, int *bitLen, int offset)
{
uint8_t bitnum = 0;
uint32_t errCnt = 0;
uint32_t i = 1;
i=offset;
for (;i<*bitLen-2;i+=2){
if((BitStream[i]==1 && BitStream[i+1]==0)||(BitStream[i]==0 && BitStream[i+1]==1)){
BitStream[bitnum++]=1;
} else if((BitStream[i]==0 && BitStream[i+1]==0)||(BitStream[i]==1 && BitStream[i+1]==1)){
BitStream[bitnum++]=0;
} else {
BitStream[bitnum++]=77;
errCnt++;
}
if(bitnum>250) break;
}
*bitLen=bitnum;
return errCnt;
}
//by marshmellow
//takes 2 arguments - clock and invert both as integers
//attempts to demodulate ask only
//prints binary found and saves in graphbuffer for further commands
int askrawdemod(uint8_t *BinStream, int *bitLen,int *clk, int *invert)
{
uint32_t i;
// int invert=0; //invert default
int high = 0, low = 128;
*clk=DetectASKClock(BinStream,*bitLen,*clk); //clock default
uint8_t BitStream[502] = {0};
if (*clk<8) *clk =64;
if (*clk<32) *clk=32;
if (*invert != 1) *invert = 0;
uint32_t initLoopMax = 200;
if (initLoopMax>*bitLen) initLoopMax=*bitLen;
// Detect high and lows
for (i = 0; i < initLoopMax; ++i) //200 samples should be plenty to find high and low values
{
if (BinStream[i] > high)
high = BinStream[i];
else if (BinStream[i] < low)
low = BinStream[i];
}
if ((high < 158)){ //throw away static
return -2;
}
//25% fuzz in case highs and lows aren't clipped [marshmellow]
high=(int)((high-128)*.75)+128;
low= (int)((low-128)*.75)+128;
int lastBit = 0; //set first clock check
uint32_t bitnum = 0; //output counter
uint8_t tol = 0; //clock tolerance adjust - waves will be accepted as within the clock if they fall + or - this value + clock from last valid wave
if (*clk==32) tol=1; //clock tolerance may not be needed anymore currently set to + or - 1 but could be increased for poor waves or removed entirely
uint32_t iii = 0;
uint32_t gLen = *bitLen;
if (gLen > 500) gLen=500;
uint8_t errCnt =0;
uint32_t bestStart = *bitLen;
uint32_t bestErrCnt = (*bitLen/1000);
uint8_t midBit=0;
//loop to find first wave that works
for (iii=0; iii < gLen; ++iii){
if ((BinStream[iii]>=high)||(BinStream[iii]<=low)){
lastBit=iii-*clk;
//loop through to see if this start location works
for (i = iii; i < *bitLen; ++i) {
if ((BinStream[i] >= high) && ((i-lastBit)>(*clk-tol))){
lastBit+=*clk;
BitStream[bitnum] = *invert;
bitnum++;
midBit=0;
} else if ((BinStream[i] <= low) && ((i-lastBit)>(*clk-tol))){
//low found and we are expecting a bar
lastBit+=*clk;
BitStream[bitnum] = 1-*invert;
bitnum++;
midBit=0;
} else if ((BinStream[i]<=low) && (midBit==0) && ((i-lastBit)>((*clk/2)-tol))){
//mid bar?
midBit=1;
BitStream[bitnum]= 1-*invert;
bitnum++;
} else if ((BinStream[i]>=high)&&(midBit==0) && ((i-lastBit)>((*clk/2)-tol))){
//mid bar?
midBit=1;
BitStream[bitnum]= *invert;
bitnum++;
} else if ((i-lastBit)>((*clk/2)+tol)&&(midBit==0)){
//no mid bar found
midBit=1;
BitStream[bitnum]= BitStream[bitnum-1];
bitnum++;
} else {
//mid value found or no bar supposed to be here
if ((i-lastBit)>(*clk+tol)){
//should have hit a high or low based on clock!!
if (bitnum > 0){
BitStream[bitnum]=77;
bitnum++;
}
errCnt++;
lastBit+=*clk;//skip over until hit too many errors
if (errCnt>((*bitLen/1000))){ //allow 1 error for every 1000 samples else start over
errCnt=0;
bitnum=0;//start over
break;
}
}
}
if (bitnum>500) break;
}
//we got more than 64 good bits and not all errors
if ((bitnum > (64+errCnt)) && (errCnt<(*bitLen/1000))) {
//possible good read
if (errCnt==0) break; //great read - finish
if (bestStart == iii) break; //if current run == bestErrCnt run (after exhausted testing) then finish
if (errCnt<bestErrCnt){ //set this as new best run
bestErrCnt=errCnt;
bestStart = iii;
}
}
}
if (iii>=gLen){ //exhausted test
//if there was a ok test go back to that one and re-run the best run (then dump after that run)
if (bestErrCnt < (*bitLen/1000)) iii=bestStart;
}
}
if (bitnum>16){
for (i=0; i < bitnum; ++i){
BinStream[i]=BitStream[i];
}
*bitLen = bitnum;
} else {
return -1;
}
return errCnt;
}
//translate wave to 11111100000 (1 for each short wave 0 for each long wave)
size_t fsk_wave_demod(uint8_t * dest, size_t size, uint8_t fchigh, uint8_t fclow)
{
uint32_t last_transition = 0;
uint32_t idx = 1;
uint32_t maxVal=0;
if (fchigh==0) fchigh=10;
if (fclow==0) fclow=8;
// we do care about the actual theshold value as sometimes near the center of the
// wave we may get static that changes direction of wave for one value
// if our value is too low it might affect the read. and if our tag or
// antenna is weak a setting too high might not see anything. [marshmellow]
if (size<100) return 0;
for(idx=1; idx<100; idx++){
if(maxVal<dest[idx]) maxVal = dest[idx];
}
// set close to the top of the wave threshold with 25% margin for error
// less likely to get a false transition up there.
// (but have to be careful not to go too high and miss some short waves)
uint8_t threshold_value = (uint8_t)(((maxVal-128)*.75)+128);
// sync to first lo-hi transition, and threshold
// Need to threshold first sample
if(dest[0] < threshold_value) dest[0] = 0;
else dest[0] = 1;
size_t numBits = 0;
// count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
// or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
// between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
for(idx = 1; idx < size; idx++) {
// threshold current value
if (dest[idx] < threshold_value) dest[idx] = 0;
else dest[idx] = 1;
// Check for 0->1 transition
if (dest[idx-1] < dest[idx]) { // 0 -> 1 transition
if ((idx-last_transition)<(fclow-2)){ //0-5 = garbage noise
//do nothing with extra garbage
} else if ((idx-last_transition) < (fchigh-1)) { //6-8 = 8 waves
dest[numBits]=1;
} else { //9+ = 10 waves
dest[numBits]=0;
}
last_transition = idx;
numBits++;
}
}
return numBits; //Actually, it returns the number of bytes, but each byte represents a bit: 1 or 0
}
uint32_t myround2(float f)
{
if (f >= 2000) return 2000;//something bad happened
return (uint32_t) (f + (float)0.5);
}
//translate 11111100000 to 10
size_t aggregate_bits(uint8_t *dest,size_t size, uint8_t rfLen, uint8_t maxConsequtiveBits, uint8_t invert,uint8_t fchigh,uint8_t fclow )// uint8_t h2l_crossing_value,uint8_t l2h_crossing_value,
{
uint8_t lastval=dest[0];
uint32_t idx=0;
size_t numBits=0;
uint32_t n=1;
for( idx=1; idx < size; idx++) {
if (dest[idx]==lastval) {
n++;
continue;
}
//if lastval was 1, we have a 1->0 crossing
if ( dest[idx-1]==1 ) {
n=myround2((float)(n+1)/((float)(rfLen)/(float)fclow));
//n=(n+1) / h2l_crossing_value;
} else {// 0->1 crossing
n=myround2((float)(n+1)/((float)(rfLen-2)/(float)fchigh)); //-2 for fudge factor
//n=(n+1) / l2h_crossing_value;
}
if (n == 0) n = 1;
if(n < maxConsequtiveBits) //Consecutive
{
if(invert==0){ //invert bits
memset(dest+numBits, dest[idx-1] , n);
}else{
memset(dest+numBits, dest[idx-1]^1 , n);
}
numBits += n;
}
n=0;
lastval=dest[idx];
}//end for
return numBits;
}
//by marshmellow (from holiman's base)
// full fsk demod from GraphBuffer wave to decoded 1s and 0s (no mandemod)
int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow)
{
// FSK demodulator
size = fsk_wave_demod(dest, size, fchigh, fclow);
size = aggregate_bits(dest, size,rfLen,192,invert,fchigh,fclow);
return size;
}
// loop to get raw HID waveform then FSK demodulate the TAG ID from it
int HIDdemodFSK(uint8_t *dest, size_t size, uint32_t *hi2, uint32_t *hi, uint32_t *lo)
{
size_t idx=0; //, found=0; //size=0,
// FSK demodulator
size = fskdemod(dest, size,50,0,10,8);
// final loop, go over previously decoded manchester data and decode into usable tag ID
// 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
uint8_t frame_marker_mask[] = {1,1,1,0,0,0};
int numshifts = 0;
idx = 0;
//one scan
while( idx + sizeof(frame_marker_mask) < size) {
// search for a start of frame marker
if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{ // frame marker found
idx+=sizeof(frame_marker_mask);
while(dest[idx] != dest[idx+1] && idx < size-2)
{
// Keep going until next frame marker (or error)
// Shift in a bit. Start by shifting high registers
*hi2 = (*hi2<<1)|(*hi>>31);
*hi = (*hi<<1)|(*lo>>31);
//Then, shift in a 0 or one into low
if (dest[idx] && !dest[idx+1]) // 1 0
*lo=(*lo<<1)|0;
else // 0 1
*lo=(*lo<<1)|1;
numshifts++;
idx += 2;
}
// Hopefully, we read a tag and hit upon the next frame marker
if(idx + sizeof(frame_marker_mask) < size)
{
if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{
//good return
return idx;
}
}
// reset
*hi2 = *hi = *lo = 0;
numshifts = 0;
}else {
idx++;
}
}
return -1;
}
uint32_t bytebits_to_byte(uint8_t* src, int numbits)
{
uint32_t num = 0;
for(int i = 0 ; i < numbits ; i++) {
num = (num << 1) | (*src);
src++;
}
return num;
}
int IOdemodFSK(uint8_t *dest, size_t size)
{
uint32_t idx=0;
//make sure buffer has data
if (size < 66) return -1;
//test samples are not just noise
uint8_t testMax=0;
for(idx=0;idx<65;idx++){
if (testMax<dest[idx]) testMax=dest[idx];
}
idx=0;
//if not just noise
if (testMax>170){
// FSK demodulator
size = fskdemod(dest, size,64,1,10,8); // RF/64 and invert
if (size < 65) return -1; //did we get a good demod?
//Index map
//0 10 20 30 40 50 60
//| | | | | | |
//01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23
//-----------------------------------------------------------------------------
//00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11
//
//XSF(version)facility:codeone+codetwo
//Handle the data
uint8_t mask[] = {0,0,0,0,0,0,0,0,0,1};
for( idx=0; idx < (size - 65); idx++) {
if ( memcmp(dest + idx, mask, sizeof(mask))==0) {
//frame marker found
if (!dest[idx+8] && dest[idx+17]==1 && dest[idx+26]==1 && dest[idx+35]==1 && dest[idx+44]==1 && dest[idx+53]==1){
//confirmed proper separator bits found
//return start position
return (int) idx;
}
}
}
}
return 0;
}
// by marshmellow
// not perfect especially with lower clocks or VERY good antennas (heavy wave clipping)
// maybe somehow adjust peak trimming value based on samples to fix?
int DetectASKClock(uint8_t dest[], size_t size, int clock)
{
int i=0;
int peak=0;
int low=128;
int clk[]={16,32,40,50,64,100,128,256};
int loopCnt = 256; //don't need to loop through entire array...
if (size<loopCnt) loopCnt = size;
//if we already have a valid clock quit
for (;i<8;++i)
if (clk[i]==clock) return clock;
//get high and low peak
for (i=0;i<loopCnt;++i){
if(dest[i]>peak){
peak = dest[i];
}
if(dest[i]<low){
low = dest[i];
}
}
peak=(int)((peak-128)*.75)+128;
low= (int)((low-128)*.75)+128;
int ii;
int clkCnt;
int tol = 0;
int bestErr=1000;
int errCnt[]={0,0,0,0,0,0,0,0};
//test each valid clock from smallest to greatest to see which lines up
for(clkCnt=0; clkCnt<6;++clkCnt){
if (clk[clkCnt]==32){
tol=1;
}else{
tol=0;
}
bestErr=1000;
//try lining up the peaks by moving starting point (try first 256)
for (ii=0; ii<loopCnt; ++ii){
if ((dest[ii]>=peak) || (dest[ii]<=low)){
errCnt[clkCnt]=0;
// now that we have the first one lined up test rest of wave array
for (i=0; i<((int)(size/clk[clkCnt])-1); ++i){
if (dest[ii+(i*clk[clkCnt])]>=peak || dest[ii+(i*clk[clkCnt])]<=low){
}else if(dest[ii+(i*clk[clkCnt])-tol]>=peak || dest[ii+(i*clk[clkCnt])-tol]<=low){
}else if(dest[ii+(i*clk[clkCnt])+tol]>=peak || dest[ii+(i*clk[clkCnt])+tol]<=low){
}else{ //error no peak detected
errCnt[clkCnt]++;
}
}
//if we found no errors this is correct one - return this clock
if(errCnt[clkCnt]==0) return clk[clkCnt];
//if we found errors see if it is lowest so far and save it as best run
if(errCnt[clkCnt]<bestErr) bestErr=errCnt[clkCnt];
}
}
}
int iii=0;
int best=0;
for (iii=0; iii<6;++iii){
if (errCnt[iii]<errCnt[best]){
best = iii;
}
}
return clk[best];
}

25
common/lfdemod.h Normal file
View file

@ -0,0 +1,25 @@
// Copyright (C) 2014
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency commands
//-----------------------------------------------------------------------------
#ifndef LFDEMOD_H__
#define LFDEMOD_H__
#include <stdint.h>
int DetectASKClock(uint8_t dest[], size_t size, int clock);
int askmandemod(uint8_t *BinStream,uint32_t *BitLen,int *clk, int *invert);
uint64_t Em410xDecode(uint8_t *BitStream,uint32_t BitLen);
int manrawdecode(uint8_t *BitStream, int *bitLen);
int BiphaseRawDecode(uint8_t * BitStream, int *bitLen, int offset);
int askrawdemod(uint8_t *BinStream, int *bitLen,int *clk, int *invert);
int HIDdemodFSK(uint8_t *dest, size_t size, uint32_t *hi2, uint32_t *hi, uint32_t *lo);
int IOdemodFSK(uint8_t *dest, size_t size);
int fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow);
uint32_t bytebits_to_byte(uint8_t* src, int numbits);
#endif

2
include/usb_cmd.h
View file

@ -81,6 +81,8 @@ typedef struct {
#define CMD_EM4X_WRITE_WORD 0x0219
#define CMD_IO_DEMOD_FSK 0x021A
#define CMD_IO_CLONE_TAG 0x021B
#define CMD_EM410X_DEMOD 0x021c
/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
// For the 13.56 MHz tags

16000
traces/Casi-12ed825c29.pm3 Normal file
View file

File diff suppressed because it is too large Load diff

40000
traces/EM4102-Fob.pm3 Normal file
View file

File diff suppressed because it is too large Load diff

20000
traces/indala-504278295.pm3 Normal file
View file

File diff suppressed because it is too large Load diff

16000
traces/ioProx-XSF-01-BE-03011.pm3 Normal file
View file

File diff suppressed because it is too large Load diff

40000
traces/ioprox-XSF-01-3B-44725.pm3 Normal file
View file

File diff suppressed because it is too large Load diff