github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-24 15:15:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

added EM4x50 info function

Browse source
This commit is contained in:
tharexde 2020-06-15 14:31:34 +02:00
commit 79b20a35c1
1 changed files with 441 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

441
client/src/cmdlfem4x50.c Normal file
View file

@ -0,0 +1,441 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 tharexde
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency EM4x50 commands
//-----------------------------------------------------------------------------
#include "cmdlfem4x50.h"
#include <ctype.h>
#include "fileutils.h"
#include "comms.h"
#include "em4x50.h"
#define EM4x50_FCT_STDREAD 0
#define EM4x50_FCT_LOGIN 1
#define EM4x50_FCT_WRITE 2
int usage_lf_em4x50_info(void) {
PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_info [h] [v] [p <pwd>]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " v - verbose output");
PrintAndLogEx(NORMAL, " p <pwd> - password (hex) (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_info");
PrintAndLogEx(NORMAL, " lf em 4x50_info p fa225de1\n");
PrintAndLogEx(NORMAL, " lf em 4x50_info v p fa225de1\n");
return PM3_SUCCESS;
}
static uint8_t msb2lsb(uint8_t byte) {
// convert given byte (msb) into lsb format
uint8_t tmp = 0;
for (int i = 0; i < 8; i++)
tmp |= ((byte >> (7-i)) & 1) << i;
return tmp;
}
static bool check_bit_in_byte(uint8_t pos, uint8_t byte) {
// return true if bit at position <pos> is "1"
return (((byte >> pos) & 1) == 1) ? true : false;
}
static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) {
// restructure received result in "em4x50_word_t" structure and check all
// parities including stop bit; result of each check is stored in structure
int p = 0, c[8] = {0, 0, 0, 0, 0, 0, 0, 0};
for (int i = fwr; i <= lwr; i++) {
words[i].stopparity = true;
words[i].parity = true;
for (int j = 0; j < 8; j++)
c[j] = 0;
for (int j = 0; j < 4; j++) {
words[i].byte[j] = byte[i*7+j];
words[i].row_parity[j] = (byte[i*7+4] >> (3-j)) & 1;
// collect parities
p = 0;
for (int k = 0; k < 8; k++) {
// row parity
p ^= (words[i].byte[j] >> k) & 1;
// column parity
c[k] ^= (words[i].byte[j] >> (7-k)) & 1;
}
// check row parities
words[i].rparity[j] = (words[i].row_parity[j] == p) ? true : false;
if (!words[i].rparity[j])
words[i].parity = false;
}
// check column parities
words[i].col_parity = byte[i*7+5] ;
for (int j = 0; j < 8; j++) {
words[i].cparity[j] = (((words[i].col_parity >> (7-j)) & 1) == c[j]) ? true : false;
if (!words[i].cparity[j])
words[i].parity = false;
}
// check stop bit
words[i].stopbit = byte[i*7+6] & 1;
if (words[i].stopbit == 1)
words[i].stopparity = false;
}
}
static void print_bit_table(const em4x50_word_t word) {
// generate output in table form for each word including parities, stop
// bit, result of parity checks and hex notation of each row in msb/lsb
// notation
// individual parity errors will be highlighted in red
int bit = 0;
char string[400] = {0};
char pstring[100] = {0};
// print binary data
for (int j = 0; j < 4; j++) {
strcat(string, " ");
// lsb notation
for (int k = 0; k < 8; k++) {
sprintf(pstring, "%i", (word.byte[j] >> (7-k)) & 1);
strcat(string, pstring);
}
strcat(string, " | ");
// binary row parities + hex bytes of word
sprintf(pstring, (word.rparity[j]) ? "%i" : _RED_("%i"), word.row_parity[j]);
strcat(string, pstring);
if (j == 0)
sprintf(pstring, " msb: 0x%02x lsb: 0x%02x", word.byte[j], msb2lsb(word.byte[j]));
else
sprintf(pstring, " 0x%02x 0x%02x", word.byte[j], msb2lsb(word.byte[j]));
strcat(string, pstring);
PrintAndLogEx(NORMAL,string);
string[0] = '\0';
}
strcat(string, " ------------ --------------------\n ");
// binary column parities
for (int k = 0; k < 8; k++) {
bit = (word.col_parity >> (7-k)) & 1;
// if column parity is false -> highlight bit in red
sprintf(pstring, (word.cparity[k]) ? "%i" : _RED_("%i"), bit);
strcat(string, pstring);
}
// binary stop bit
strcat(string, " | ");
sprintf(pstring, (word.stopparity) ? "%i" : _RED_("%i"), word.stopbit);
strcat(pstring, " parities ");
strcat(string, pstring);
// parities passed/failed
sprintf(pstring, (word.parity) ? _GREEN_("passed") : _RED_("failed"));
strcat(string, pstring);
PrintAndLogEx(NORMAL,string);
string[0] = '\0';
}
static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
// print available information for given word from fwr to lwr, i.e.
// bit table + summary lines with hex notation of word (msb + lsb)
char string[400] = {0};
char pstring[100] = {0};
for (int i = fwr; i <= lwr; i++) {
// blank line before each bit table
PrintAndLogEx(NORMAL, "");
// print bit table
print_bit_table(words[i]);
// final result
sprintf(pstring, "\n word[%i] msb: " _BLUE_("0x"), i);
strcat(string, pstring);
for (int j = 0; j < 4; j++) {
sprintf(pstring, _BLUE_("%02x"), words[i].byte[j]);
strcat(string, pstring);
}
sprintf(pstring, "\n word[%i] lsb: " _BLUE_("0x"), i);
strcat(string, pstring);
for (int j = 0; j < 4; j++) {
sprintf(pstring, _BLUE_("%02x"), msb2lsb(words[i].byte[3-j]));
strcat(string, pstring);
}
PrintAndLogEx(NORMAL,string);
string[0] = '\0';
}
}
static void print_info_result(PacketResponseNG *resp, const em4x50_data_t *etd, bool bverbose) {
// displays all information info result in structured format
bool bpwd_given = etd->pwd_given;
bool bsuccess = (bool)resp->oldarg[0];
bool blogin = (bool)resp->oldarg[1];
bool bpwc, braw;
int fwr, lwr, fwrp, lwrp, fwwi, lwwi;
uint8_t *data = resp->data.asBytes;
em4x50_word_t words[34];
char pstring[100] = {0};
char string[200] = {0};
prepare_result(data, 0, 33, words);
bpwc = check_bit_in_byte(7, words[2].byte[2]); // password check
braw = check_bit_in_byte(6, words[2].byte[2]); // read after write
fwr = msb2lsb(words[2].byte[0]); // first word read
lwr = msb2lsb(words[2].byte[1]); // last word read
fwrp = msb2lsb(words[1].byte[0]); // first word read protected
lwrp = msb2lsb(words[1].byte[1]); // last word read protected
fwwi = msb2lsb(words[1].byte[2]); // first word write inhibited
lwwi = msb2lsb(words[1].byte[3]); // last word write inhibited
// data section
PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 data:"));
if (bverbose) {
// detailed data section
print_result(words, 0, 33);
} else {
// condensed data section
for (int i = 0; i <= 33; i++) {
sprintf(pstring, " word[%2i]: ", i);
strcat(string, pstring);
for (int j = 0; j < 4; j++) {
sprintf(pstring, "%02x", words[i].byte[j]);
strcat(string, pstring);
}
switch(i) {
case 0:
sprintf(pstring, _BLUE_(" password, write only"));
break;
case 1:
sprintf(pstring, _BLUE_(" protection word, write inhibited"));
break;
case 2:
sprintf(pstring, _BLUE_(" control word, write inhibited"));
break;
case 32:
sprintf(pstring, _BLUE_(" device serial number, read only"));
break;
case 33:
sprintf(pstring, _BLUE_(" device identification, read only"));
break;
default:
sprintf(pstring, " user data");
break;
}
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
}
}
// configuration section
PrintAndLogEx(NORMAL, _YELLOW_("\n em4x50 configuration"));
PrintAndLogEx(NORMAL," control: | protection:");
sprintf(pstring, " first word read: %3i |", fwr);
strcat(string, pstring);
sprintf(pstring, " first word read protected: %3i", fwrp);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
sprintf(pstring, " last word read: %3i |", lwr);
strcat(string, pstring);
sprintf(pstring, " last word read protected: %3i", lwrp);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
sprintf(pstring, " password check: %3s |", (bpwc) ? "on" : "off");
strcat(string, pstring);
sprintf(pstring, " first word write inhibited: %3i", fwwi);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
sprintf(pstring, " read after write: %3s |", (braw) ? "on" : "off");
strcat(string, pstring);
sprintf(pstring, " last word write inhibited: %3i", lwwi);
strcat(string, pstring);
PrintAndLogEx(NORMAL,"%s", string);
string[0] = '\0';
PrintAndLogEx(NORMAL, "\n Zero values may indicate read protection!");
// status line
sprintf(pstring, "\n reading ");
strcat(string, pstring);
if (!bsuccess) {
sprintf(pstring, _RED_("failed"));
strcat(string, pstring);
} else {
sprintf(pstring, _GREEN_("successful "));
strcat(string, pstring);
if (blogin) {
if (bpwd_given) {
sprintf(pstring, "(login with 0x%02x%02x%02x%02x)",
etd->password[0], etd->password[1],
etd->password[2], etd->password[3]);
strcat(string, pstring);
} else {
sprintf(pstring, "(login with default password)");
strcat(string, pstring);
}
} else {
if (bpwd_given) {
sprintf(pstring, "(login failed)");
strcat(string, pstring);
} else {
sprintf(pstring, "(no login)");
strcat(string, pstring);
}
}
}
PrintAndLogEx(NORMAL,"%s\n", string);
}
int CmdEM4x50Info(const char *Cmd) {
// envokes reading of a EM4x50 tag which has to be on the antenna because
// decoding is done by the device (not on client side)
bool errors = false, verbose = false;
char password[20] = {0x00}, tmpbuff[3];
uint8_t cmdp = 0;
em4x50_data_t etd;
PacketResponseNG resp;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_lf_em4x50_info();
case 'p':
param_getstr(Cmd, cmdp + 1, password, sizeof(password));
// validation
if (strlen(password) != 8) {
PrintAndLogEx(WARNING, "\n error, password has to be 4 bytes\n");
errors = true;
break;
}
// prepare given password
etd.pwd_given = true;
for (int i = 0; i < 4; i++)
sscanf(strncpy(tmpbuff, password+2*i, 2), "%2hhx", &etd.password[i]);
cmdp += 2;
break;
case 'v':
verbose = true;
cmdp += 1;
break;
default:
PrintAndLogEx(WARNING, " Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
// validation
if (errors) {
return usage_lf_em4x50_info();
}
// call info command
clearCommandBuffer();
SendCommandMIX(CMD_LF_EM4X50_INFO, 0, 0, 0, &etd, sizeof(etd));
// get result
if (!WaitForResponse(CMD_ACK, &resp)) {
PrintAndLogEx(WARNING, " timeout while waiting for reply.");
return PM3_ESOFT;
}
// prepare result
print_info_result(&resp, &etd, verbose);
return ((bool)resp.oldarg[0]) ? PM3_SUCCESS : PM3_ESOFT;
}