From 718e6d2ce8a9a3b58388d0751e1bbf4d52fee669 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 6 Sep 2020 21:41:04 +0200 Subject: [PATCH] hf legic sim -> text, use NG, report back --- armsrc/appmain.c | 7 +++++- armsrc/legicrfsim.c | 48 +++++++++++++++++++++++++++++++---------- armsrc/legicrfsim.h | 5 +++-- client/src/cmdhflegic.c | 34 +++++++++++++++++++++++++---- 4 files changed, 76 insertions(+), 18 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 99839ad12..53ca77793 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1065,7 +1065,12 @@ static void PacketReceived(PacketCommandNG *packet) { #ifdef WITH_LEGICRF case CMD_HF_LEGIC_SIMULATE: { - LegicRfSimulate(packet->oldarg[0]); + struct p { + uint8_t tagtype; + bool send_reply; + } PACKED; + struct p *payload = (struct p *) packet->data.asBytes; + LegicRfSimulate(payload->tagtype, payload->send_reply); break; } case CMD_HF_LEGIC_WRITER: { diff --git a/armsrc/legicrfsim.c b/armsrc/legicrfsim.c index 2ca65f54a..f70536372 100644 --- a/armsrc/legicrfsim.c +++ b/armsrc/legicrfsim.c @@ -15,7 +15,7 @@ #include "crc.h" /* legic crc-4 */ #include "legic_prng.h" /* legic PRNG impl */ #include "legic.h" /* legic_card_select_t struct */ - +#include "cmd.h" #include "proxmark3_arm.h" #include "BigBuf.h" #include "fpgaloader.h" @@ -295,9 +295,9 @@ static int32_t init_card(uint8_t cardtype, legic_card_select_t *p_card) { p_card->cmdsize = 0; p_card->addrsize = 0; p_card->cardsize = 0; - return 2; + return PM3_ESOFT; } - return 0; + return PM3_SUCCESS; } static void init_tag(void) { @@ -455,23 +455,37 @@ static int32_t connected_phase(legic_card_select_t *p_card) { // Only this function is public / called from appmain.c //----------------------------------------------------------------------------- -void LegicRfSimulate(uint8_t cardtype) { +void LegicRfSimulate(uint8_t tagtype, bool send_reply) { // configure ARM and FPGA init_tag(); + int res = PM3_SUCCESS; // verify command line input - if (init_card(cardtype, &card) != 0) { - DbpString("[!] Unknown tagtype."); + if (init_card(tagtype, &card) != PM3_SUCCESS) { + DbpString("Unknown tagtype to simulate"); + res = PM3_ESOFT; goto OUT; } + uint16_t counter = 0; LED_A_ON(); - DbpString("[=] Starting Legic emulator, press " _YELLOW_("button") " to end"); - while (!BUTTON_PRESS() && !data_available()) { + + Dbprintf("Legic Prime, simulating uid: %02X%02X%02X%02X", legic_mem[0], legic_mem[1], legic_mem[2], legic_mem[3]); + + while (BUTTON_PRESS() == false) { WDT_HIT(); + + if (counter >= 2000) { + if (data_available()) { + res = PM3_EOPABORTED; + break; + } + counter = 0; + } + counter++; // wait for carrier, restart after timeout - if (!wait_for(RWD_PULSE, GetCountSspClk() + TAG_BIT_PERIOD)) { + if (wait_for(RWD_PULSE, GetCountSspClk() + TAG_BIT_PERIOD) == false) { continue; } @@ -481,13 +495,25 @@ void LegicRfSimulate(uint8_t cardtype) { } // conection is established, process commands until one fails - while (!connected_phase(&card)) { + while (connected_phase(&card) == false) { WDT_HIT(); } } OUT: - DbpString("[=] Sim stopped"); + + if (DBGLEVEL >= DBG_ERROR) { + Dbprintf("Emulator stopped. Tracing: %d trace length: %d ", get_tracing(), BigBuf_get_traceLen()); + } + + if (res == PM3_EOPABORTED) + DbpString("aborted by user"); + switch_off(); StopTicks(); + + if (send_reply) + reply_ng(CMD_HF_LEGIC_SIMULATE, res, NULL, 0); + + BigBuf_free_keep_EM(); } diff --git a/armsrc/legicrfsim.h b/armsrc/legicrfsim.h index f7be94165..0b0bdbd9c 100644 --- a/armsrc/legicrfsim.h +++ b/armsrc/legicrfsim.h @@ -1,7 +1,8 @@ //----------------------------------------------------------------------------- // (c) 2009 Henryk Plötz // 2018 AntiCat -// +// 2019 Piwi +// 2020 Iceman // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of // the license. @@ -14,6 +15,6 @@ #include "common.h" -void LegicRfSimulate(uint8_t cardtype); +void LegicRfSimulate(uint8_t tagtype, bool send_reply); #endif /* __LEGICRFSIM_H */ diff --git a/client/src/cmdhflegic.c b/client/src/cmdhflegic.c index 8ae88b7fb..2a1282262 100644 --- a/client/src/cmdhflegic.c +++ b/client/src/cmdhflegic.c @@ -145,7 +145,7 @@ static int usage_legic_eload(void) { PrintAndLogEx(NORMAL, " f : filename w/o .bin to load"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, _YELLOW_(" hf legic eload 2 myfile")); + PrintAndLogEx(NORMAL, _YELLOW_(" hf legic eload 2 f myfile")); return PM3_SUCCESS; } static int usage_legic_esave(void) { @@ -582,13 +582,39 @@ static int CmdLegicRdbl(const char *Cmd) { } static int CmdLegicSim(const char *Cmd) { + char cmdp = tolower(param_getchar(Cmd, 0)); if (strlen(Cmd) == 0 || cmdp == 'h') return usage_legic_sim(); - uint64_t id = 1; - sscanf(Cmd, " %" SCNi64, &id); + struct { + uint8_t tagtype; + bool send_reply; + } PACKED payload; + + payload.send_reply = true; + payload.tagtype = param_get8ex(Cmd, 0, 1, 10); + if (payload.tagtype > 2 ) { + return usage_legic_sim(); + } + clearCommandBuffer(); - SendCommandMIX(CMD_HF_LEGIC_SIMULATE, id, 0, 0, NULL, 0); + SendCommandNG(CMD_HF_LEGIC_SIMULATE, (uint8_t *)&payload, sizeof(payload)); + PacketResponseNG resp; + + PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); + bool keypress = kbd_enter_pressed(); + while (keypress == false) { + keypress = kbd_enter_pressed(); + + if (WaitForResponseTimeout(CMD_HF_LEGIC_SIMULATE, &resp, 1500)) { + break; + } + + } + if (keypress) + SendCommandNG(CMD_BREAK_LOOP, NULL, 0); + + PrintAndLogEx(INFO, "Done"); return PM3_SUCCESS; }