From 7b050e9afea1e26e6f17bf8e31f298e7a188fe6f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 9 Aug 2017 19:59:03 +0200 Subject: [PATCH] FIX: 'lf gprox sim' - now correctly simulates gProx --- client/cmdlffdx.c | 2 +- client/cmdlfguard.c | 93 +++++++++++++++++++++++++++------------------ 2 files changed, 56 insertions(+), 39 deletions(-) diff --git a/client/cmdlffdx.c b/client/cmdlffdx.c index 85b5f919a..025e9329b 100644 --- a/client/cmdlffdx.c +++ b/client/cmdlffdx.c @@ -62,7 +62,6 @@ int usage_lf_fdx_sim(void) { return 0; } - // Ask/Biphase Demod then try to locate an ISO 11784/85 ID // BitStream must contain previously askrawdemod and biphasedemoded data int detectFDXB(uint8_t *dest, size_t *size) { @@ -378,6 +377,7 @@ int CmdFdxSim(const char *Cmd) { verify_values(countryid, animalid); + // 32, no STT, BIPHASE INVERTED == diphase uint8_t clk = 32, encoding = 2, separator = 0, invert = 1; uint16_t arg1, arg2; size_t size = 128; diff --git a/client/cmdlfguard.c b/client/cmdlfguard.c index ead8b7ec1..691fbcf24 100644 --- a/client/cmdlfguard.c +++ b/client/cmdlfguard.c @@ -140,19 +140,24 @@ int GetGuardBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *guardBits) { // by marshmellow // demod gProxIIDemod // error returns as -x -// success returns start position in BitStream -// BitStream must contain previously askrawdemod and biphasedemoded data -int detectGProxII(uint8_t BitStream[], size_t *size) { - size_t startIdx=0; +// success returns start position in bitstream +// Bitstream must contain previously askrawdemod and biphasedemoded data +int detectGProxII(uint8_t *bits, size_t *size) { + + size_t startIdx = 0; uint8_t preamble[] = {1,1,1,1,1,0}; - if (!preambleSearch(BitStream, preamble, sizeof(preamble), size, &startIdx)) - return -3; //preamble not found + // sanity check + if ( *size < sizeof(preamble) ) return -1; + + if (!preambleSearch(bits, preamble, sizeof(preamble), size, &startIdx)) + return -2; //preamble not found - if (*size != 96) return -2; //should have found 96 bits + //gProxII should be 96 bits + if (*size != 96) return -3; //check first 6 spacer bits to verify format - if (!BitStream[startIdx+5] && !BitStream[startIdx+10] && !BitStream[startIdx+15] && !BitStream[startIdx+20] && !BitStream[startIdx+25] && !BitStream[startIdx+30]){ + if (!bits[startIdx+5] && !bits[startIdx+10] && !bits[startIdx+15] && !bits[startIdx+20] && !bits[startIdx+25] && !bits[startIdx+30]){ //confirmed proper separator bits found //return start position return (int) startIdx; @@ -166,30 +171,46 @@ int detectGProxII(uint8_t BitStream[], size_t *size) { // but will leave the GraphBuffer intact. //if successful it will push askraw data back to demod buffer ready for emulation int CmdGuardDemod(const char *Cmd) { - if (!ASKbiphaseDemod(Cmd, false)){ - if (g_debugMode) PrintAndLog("DEBUG: Error - gProxII ASKbiphaseDemod failed 1st try"); + + //Differential Biphase + //get binary from ask wave + if (!ASKbiphaseDemod("0 64 0 0", false)) { + if (g_debugMode) PrintAndLog("DEBUG: Error - gProxII ASKbiphaseDemod failed"); return 0; } + size_t size = DemodBufferLen; - //call lfdemod.c demod for gProxII - int ans = detectGProxII(DemodBuffer, &size); - if (ans < 0){ - if (g_debugMode) PrintAndLog("DEBUG: Error - gProxII demod"); + + int preambleIndex = detectGProxII(DemodBuffer, &size); + if (preambleIndex < 0){ + if (g_debugMode){ + if (preambleIndex == -1) + PrintAndLog("DEBUG: Error - gProxII too few bits found"); + else if (preambleIndex == -2) + PrintAndLog("DEBUG: Error - gProxII preamble not found"); + else if (preambleIndex == -3) + PrintAndLog("DEBUG: Error - gProxII size not correct: %d", size); + else if (preambleIndex == -3) + PrintAndLog("DEBUG: Error - gProxII wrong spacerbits"); + else + PrintAndLog("DEBUG: Error - gProxII ans: %d", preambleIndex); + } return 0; } + //got a good demod of 96 bits uint8_t ByteStream[8] = {0x00}; uint8_t xorKey = 0; - size_t startIdx = ans + 6; //start after 6 bit preamble + size_t startIdx = preambleIndex + 6; //start after 6 bit preamble uint8_t bits_no_spacer[90]; //so as to not mess with raw DemodBuffer copy to a new sample array memcpy(bits_no_spacer, DemodBuffer + startIdx, 90); // remove the 18 (90/5=18) parity bits (down to 72 bits (96-6-18=72)) - size_t bitLen = removeParity(bits_no_spacer, 0, 5, 3, 90); //source, startloc, paritylen, ptype, length_to_run - if (bitLen != 72) { + size_t len = removeParity(bits_no_spacer, 0, 5, 3, 90); //source, startloc, paritylen, ptype, length_to_run + if (len != 72) { if (g_debugMode) - PrintAndLog("DEBUG: Error - gProxII spacer removal did not produce 72 bits: %u, start: %u", bitLen, startIdx); + PrintAndLog("DEBUG: Error - gProxII spacer removal did not produce 72 bits: %u, start: %u", len, startIdx); return 0; } // get key and then get all 8 bytes of payload decoded @@ -198,15 +219,18 @@ int CmdGuardDemod(const char *Cmd) { ByteStream[idx] = ((uint8_t)bytebits_to_byteLSBF(bits_no_spacer+8 + (idx*8),8)) ^ xorKey; if (g_debugMode) PrintAndLog("DEBUG: gProxII byte %u after xor: %02x", (unsigned int)idx, ByteStream[idx]); } + + setDemodBuf(DemodBuffer, 96, preambleIndex); + setClockGrid(g_DemodClock, g_DemodStartIdx + (preambleIndex*g_DemodClock)); //ByteStream contains 8 Bytes (64 bits) of decrypted raw tag data - uint8_t fmtLen = ByteStream[0]>>2; + uint8_t fmtLen = ByteStream[0] >> 2; uint32_t FC = 0; uint32_t Card = 0; //get raw 96 bits to print - uint32_t raw1 = bytebits_to_byte(DemodBuffer+ans,32); - uint32_t raw2 = bytebits_to_byte(DemodBuffer+ans+32, 32); - uint32_t raw3 = bytebits_to_byte(DemodBuffer+ans+64, 32); + uint32_t raw1 = bytebits_to_byte(DemodBuffer,32); + uint32_t raw2 = bytebits_to_byte(DemodBuffer + 32, 32); + uint32_t raw3 = bytebits_to_byte(DemodBuffer + 64, 32); bool unknown = false; switch(fmtLen) { case 36: @@ -226,8 +250,6 @@ int CmdGuardDemod(const char *Cmd) { else PrintAndLog("Unknown G-Prox-II Fmt Found: Format Len: %u, Raw: %08x%08x%08x", fmtLen, raw1, raw2, raw3); - setDemodBuf(DemodBuffer, 96, ans); - setClockGrid(g_DemodClock, g_DemodStartIdx + (ans*g_DemodClock)); return 1; } @@ -291,17 +313,19 @@ int CmdGuardClone(const char *Cmd) { int CmdGuardSim(const char *Cmd) { + // Guard uses: clk: 64, invert: 0, encoding: 2 (ASK Biphase) + uint8_t clock = 64, encoding = 2, separator = 0, invert = 0; + uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0, fmtlen = 0; + char cmdp = param_getchar(Cmd, 0); if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_sim(); - uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0, fmtlen = 0; - uint8_t clock = 64, encoding = 2, separator = 0, invert = 0; - - uint8_t bs[96]; - memset(bs, 0x00, sizeof(bs)); - if (sscanf(Cmd, "%u %u %u", &fmtlen, &fc, &cn ) != 3) return usage_lf_guard_sim(); + uint8_t bs[96]; + size_t size = sizeof(bs); + memset(bs, 0x00, size); + fmtlen &= 0x7F; facilitycode = (fc & 0x000000FF); cardnumber = (cn & 0x0000FFFF); @@ -313,19 +337,12 @@ int CmdGuardSim(const char *Cmd) { PrintAndLog("Simulating Guardall - Facility Code: %u, CardNumber: %u", facilitycode, cardnumber ); - // Guard uses: clk: 64, invert: 0, encoding: 2 (ASK Biphase) uint64_t arg1, arg2; arg1 = (clock << 8) | encoding; arg2 = (invert << 8) | separator; - uint8_t rawbytes[12]; - size_t size = sizeof(rawbytes); - for (uint8_t i=0; i < size; ++i){ - rawbytes[i] = bytebits_to_byte( bs + (i*8), 8); - } - UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}}; - memcpy(c.d.asBytes, rawbytes, size ); + memcpy(c.d.asBytes, bs, size ); clearCommandBuffer(); SendCommand(&c); return 0;