github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 05:13:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: lf em 410x_sim - reworked to NG\n chg: lf em 410x_demod - now can demod the simulation data.

Browse source
This commit is contained in:
iceman1001 2019-05-22 08:32:30 -04:00
commit ad394a2d6b
11 changed files with 271 additions and 177 deletions
Download patch file Download diff file Expand all files Collapse all files

155
client/cmdlfem4x.c
View file

@ -29,7 +29,7 @@ static int usage_lf_em410x_demod(void) {
PrintAndLogEx(NORMAL, " lf em 410x_demod 32 1 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/32 and inverting data");
PrintAndLogEx(NORMAL, " lf em 410x_demod 1 = demod an EM410x Tag ID from GraphBuffer while inverting data");
PrintAndLogEx(NORMAL, " lf em 410x_demod 64 1 0 = demod an EM410x Tag ID from GraphBuffer using a clock of RF/64 and inverting data and allowing 0 demod errors");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em410x_write(void) {
PrintAndLogEx(NORMAL, "Writes EM410x ID to a T55x7 / T5555 (Q5) tag");
@ -42,7 +42,7 @@ static int usage_lf_em410x_write(void) {
PrintAndLogEx(NORMAL, " <clock> - 16|32|40|64, optional, set R/F clock rate, defaults to 64");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_write 0F0368568B 1 = write ID to t55x7 card");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em410x_ws(void) {
PrintAndLogEx(NORMAL, "Watch 'nd Spoof, activates reader, waits until a EM410x tag gets presented then it starts simulating the found UID");
@ -52,7 +52,7 @@ static int usage_lf_em410x_ws(void) {
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_spoof");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em410x_sim(void) {
PrintAndLogEx(NORMAL, "Simulating EM410x tag");
@ -65,7 +65,7 @@ static int usage_lf_em410x_sim(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B");
PrintAndLogEx(NORMAL, " lf em 410x_sim 0F0368568B 32");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em410x_brute(void) {
PrintAndLogEx(NORMAL, "Bruteforcing by emulating EM410x tag");
@ -81,7 +81,7 @@ static int usage_lf_em410x_brute(void) {
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt c 32");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000");
PrintAndLogEx(NORMAL, " lf em 410x_brute ids.txt d 3000 c 32");
return 0;
return PM3_SUCCESS;
}
//////////////// 4050 / 4450 commands
@ -95,7 +95,7 @@ static int usage_lf_em4x50_dump(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_dump");
PrintAndLogEx(NORMAL, " lf em 4x50_dump 11223344");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em4x50_read(void) {
PrintAndLogEx(NORMAL, "Read EM 4x50/EM4x69. Tag must be on antenna. ");
@ -108,7 +108,7 @@ static int usage_lf_em4x50_read(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_read 1");
PrintAndLogEx(NORMAL, " lf em 4x50_read 1 11223344");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em4x50_write(void) {
PrintAndLogEx(NORMAL, "Write EM 4x50/4x69. Tag must be on antenna. ");
@ -122,7 +122,7 @@ static int usage_lf_em4x50_write(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de");
PrintAndLogEx(NORMAL, " lf em 4x50_write 1 deadc0de 11223344");
return 0;
return PM3_SUCCESS;
}
//////////////// 4205 / 4305 commands
@ -136,7 +136,7 @@ static int usage_lf_em4x05_dump(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x05_dump");
PrintAndLogEx(NORMAL, " lf em 4x05_dump 11223344");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em4x05_read(void) {
PrintAndLogEx(NORMAL, "Read EM4x05/EM4x69. Tag must be on antenna. ");
@ -149,7 +149,7 @@ static int usage_lf_em4x05_read(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x05_read 1");
PrintAndLogEx(NORMAL, " lf em 4x05_read 1 11223344");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em4x05_write(void) {
PrintAndLogEx(NORMAL, "Write EM4x05/4x69. Tag must be on antenna. ");
@ -163,7 +163,7 @@ static int usage_lf_em4x05_write(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x05_write 1 deadc0de");
PrintAndLogEx(NORMAL, " lf em 4x05_write 1 deadc0de 11223344");
return 0;
return PM3_SUCCESS;
}
static int usage_lf_em4x05_info(void) {
PrintAndLogEx(NORMAL, "Tag information EM4205/4305/4469//4569 tags. Tag must be on antenna.");
@ -175,7 +175,7 @@ static int usage_lf_em4x05_info(void) {
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x05_info");
PrintAndLogEx(NORMAL, " lf em 4x05_info deadc0de");
return 0;
return PM3_SUCCESS;
}
/* Read the ID of an EM410x tag.
@ -193,7 +193,11 @@ static void ConstructEM410xEmulGraph(const char *uid, const uint8_t clock) {
int i, j, binary[4], parity[4];
uint32_t n;
/* clear our graph */
ClearGraph(false);
ClearGraph(true);
/* write 16 zero bit sledge */
for (i = 0; i < 10; i++)
AppendGraph(false, clock, 0);
/* write 9 start bits */
for (i = 0; i < 9; i++)
@ -239,7 +243,7 @@ void printEM410x(uint32_t hi, uint64_t id) {
if (!id && !hi) return;
PrintAndLogEx(SUCCESS, "EM410x %s pattern found", (hi) ? "XL" : "");
PrintAndLogEx(SUCCESS, "EM410x%s pattern found", (hi) ? " XL " : "");
uint64_t n = 1;
uint64_t id2lo = 0;
@ -252,11 +256,11 @@ void printEM410x(uint32_t hi, uint64_t id) {
if (hi) {
//output 88 bit em id
PrintAndLogEx(NORMAL, "\nEM TAG ID : %06X%016" PRIX64, hi, id);
PrintAndLogEx(NORMAL, "\nEM TAG ID : "_YELLOW_("%06X%016" PRIX64), hi, id);
} else {
//output 40 bit em id
PrintAndLogEx(NORMAL, "\nEM TAG ID : %010" PRIX64, id);
PrintAndLogEx(NORMAL, "\nPossible de-scramble patterns");
PrintAndLogEx(NORMAL, "\nEM TAG ID : "_YELLOW_("%010" PRIX64), id);
PrintAndLogEx(NORMAL, "\nPossible de-scramble patterns\n");
PrintAndLogEx(NORMAL, "Unique TAG ID : %010" PRIX64, id2lo);
PrintAndLogEx(NORMAL, "HoneyWell IdentKey {");
PrintAndLogEx(NORMAL, "DEZ 8 : %08" PRIu64, id & 0xFFFFFF);
@ -343,7 +347,7 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) {
size_t size = sizeof(bits);
if (!getDemodBuff(bits, &size)) {
PrintAndLogEx(DEBUG, "DEBUG: Error - Em410x problem during copy from ASK demod");
return 0;
return PM3_ESOFT;
}
int ans = Em410xDecode(bits, &size, &idx, hi, lo);
@ -358,11 +362,11 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) {
else if (ans == -6)
PrintAndLogEx(DEBUG, "DEBUG: Error - Em410x parity failed");
return 0;
return PM3_ESOFT;
}
if (!lo && !hi) {
PrintAndLogEx(DEBUG, "DEBUG: Error - Em410x decoded to all zeros");
return 0;
return PM3_ESOFT;
}
//set GraphBuffer for clone or sim command
@ -376,11 +380,39 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) {
if (verbose)
printEM410x(*hi, *lo);
return 1;
return PM3_SUCCESS;
}
static bool isBitstream(void) {
// convert to bitstream if necessary
for (int i = 0; i < GraphTraceLen; i++) {
if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0) {
return false;
}
}
return true;
}
int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose) {
bool st = true;
if (!ASKDemod_ext(Cmd, false, false, 1, &st)) return 0;
// em410x simulation etc uses 0/1 as signal data. This must be converted in order to demod it back again
if ( isBitstream() ) {
for (int i = 0; i < GraphTraceLen; i++) {
if (GraphBuffer[i] == 1)
GraphBuffer[i] = 127;
else
GraphBuffer[i] = -127;
}
uint8_t bits[GraphTraceLen];
memset(bits, 0, sizeof(bits));
size_t size = getFromGraphBuf(bits);
// set signal properties low/high/mean/amplitude and is_noise detection
computeSignalProperties(bits, size);
RepaintGraphWindow();
}
if (ASKDemod_ext(Cmd, false, false, 1, &st) != PM3_SUCCESS)
return PM3_ESOFT;
return AskEm410xDecode(verbose, hi, lo);
}
/*
@ -404,10 +436,11 @@ static int CmdEM410xDemod(const char *Cmd) {
uint32_t hi = 0;
uint64_t lo = 0;
if (AskEm410xDemod(Cmd, &hi, &lo, true) != 1) return 0;
if (AskEm410xDemod(Cmd, &hi, &lo, true) != PM3_SUCCESS)
return PM3_ESOFT;
g_em410xid = lo;
return 1;
return PM3_SUCCESS;
}
// this read is the "normal" read, which download lf signal and tries to demod here.
@ -424,19 +457,19 @@ static int CmdEM410xSim(const char *Cmd) {
uint8_t uid[5] = {0x00};
/* clock is 64 in EM410x tags */
uint8_t clock1 = 64;
uint8_t clk = 64;
if (param_gethex(Cmd, 0, uid, 10)) {
PrintAndLogEx(FAILED, "UID must include 10 HEX symbols");
return 0;
}
param_getdec(Cmd, 1, &clock1);
param_getdec(Cmd, 1, &clk);
PrintAndLogEx(SUCCESS, "Starting simulating UID %02X%02X%02X%02X%02X clock: %d", uid[0], uid[1], uid[2], uid[3], uid[4], clock1);
PrintAndLogEx(SUCCESS, "Starting simulating UID "_YELLOW_("%02X%02X%02X%02X%02X")"clock: "_YELLOW_("%d"), uid[0], uid[1], uid[2], uid[3], uid[4], clk);
PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation");
ConstructEM410xEmulGraph(Cmd, clock1);
ConstructEM410xEmulGraph(Cmd, clk);
CmdLFSim("0"); //240 start_gap.
return 0;
@ -470,18 +503,18 @@ static int CmdEM410xBrute(const char *Cmd) {
int filelen = param_getstr(Cmd, 0, filename, FILE_PATH_SIZE);
if (filelen == 0) {
PrintAndLogEx(WARNING, "Error: Please specify a filename");
return 1;
return PM3_EINVARG;
}
if ((f = fopen(filename, "r")) == NULL) {
PrintAndLogEx(WARNING, "Error: Could not open UIDs file [%s]", filename);
return 1;
PrintAndLogEx(WARNING, "Error: Could not open UIDs file ["_YELLOW_("%s")"]", filename);
return PM3_EFILE;
}
uidBlock = calloc(stUidBlock, 5);
if (uidBlock == NULL) {
fclose(f);
return 1;
return PM3_ESOFT;
}
while (fgets(buf, sizeof(buf), f)) {
@ -495,7 +528,7 @@ static int CmdEM410xBrute(const char *Cmd) {
PrintAndLogEx(FAILED, "UIDs must include 10 HEX symbols");
free(uidBlock);
fclose(f);
return 1;
return PM3_ESOFT;
}
buf[10] = 0;
@ -506,7 +539,7 @@ static int CmdEM410xBrute(const char *Cmd) {
PrintAndLogEx(WARNING, "Cannot allocate memory for UIDs");
free(uidBlock);
fclose(f);
return 1;
return PM3_ESOFT;
}
uidBlock = p;
}
@ -521,10 +554,10 @@ static int CmdEM410xBrute(const char *Cmd) {
if (uidcnt == 0) {
PrintAndLogEx(FAILED, "No UIDs found in file");
free(uidBlock);
return 1;
return PM3_ESOFT;
}
PrintAndLogEx(SUCCESS, "Loaded %d UIDs from %s, pause delay: %d ms", uidcnt, filename, delay);
PrintAndLogEx(SUCCESS, "Loaded "_YELLOW_("%d")" UIDs from "_YELLOW_("%s")", pause delay:"_YELLOW_("%d")"ms", uidcnt, filename, delay);
// loop
for (uint32_t c = 0; c < uidcnt; ++c) {
@ -536,7 +569,7 @@ static int CmdEM410xBrute(const char *Cmd) {
(void)gc;
PrintAndLogEx(WARNING, "\nAborted via keyboard!\n");
free(uidBlock);
return 0;
return PM3_EOPABORTED;
}
sprintf(testuid, "%010" PRIX64, bytes_to_num(uidBlock + 5 * c, 5));
@ -550,7 +583,7 @@ static int CmdEM410xBrute(const char *Cmd) {
}
free(uidBlock);
return 0;
return PM3_SUCCESS;
}
/* Function is equivalent of lf read + data samples + em410xread
@ -575,8 +608,8 @@ static int CmdEM410xWatch(const char *Cmd) {
}
lf_read(true, 8201);
} while (!CmdEM410xRead(""));
return 0;
} while (CmdEM410xRead("") != PM3_SUCCESS);
return PM3_SUCCESS;
}
//currently only supports manchester modulations
@ -587,9 +620,9 @@ static int CmdEM410xWatchnSpoof(const char *Cmd) {
// loops if the captured ID was in XL-format.
CmdEM410xWatch(Cmd);
PrintAndLogEx(SUCCESS, "# Replaying captured ID: %010" PRIx64, g_em410xid);
PrintAndLogEx(SUCCESS, "# Replaying captured ID: "_YELLOW_("%010" PRIx64), g_em410xid);
CmdLFaskSim("");
return 0;
return PM3_SUCCESS;
}
static int CmdEM410xWrite(const char *Cmd) {
@ -605,21 +638,21 @@ static int CmdEM410xWrite(const char *Cmd) {
// Check ID
if (id == 0xFFFFFFFFFFFFFFFF) {
PrintAndLogEx(WARNING, "Error! ID is required.\n");
return 0;
return PM3_EINVARG;
}
if (id >= 0x10000000000) {
PrintAndLogEx(WARNING, "Error! Given EM410x ID is longer than 40 bits.\n");
return 0;
return PM3_EINVARG;
}
// Check Card
if (card == 0xFF) {
PrintAndLogEx(WARNING, "Error! Card type required.\n");
return 0;
return PM3_EINVARG;
}
if (card < 0) {
PrintAndLogEx(WARNING, "Error! Bad card type selected.\n");
return 0;
return PM3_EINVARG;
}
// Check Clock
@ -628,8 +661,8 @@ static int CmdEM410xWrite(const char *Cmd) {
// Allowed clock rates: 16, 32, 40 and 64
if ((clock1 != 16) && (clock1 != 32) && (clock1 != 64) && (clock1 != 40)) {
PrintAndLogEx(WARNING, "Error! Clock rate %d not valid. Supported clock rates are 16, 32, 40 and 64.\n", clock1);
return 0;
PrintAndLogEx(WARNING, "Error! Clock rate" _YELLOW_("%d")" not valid. Supported clock rates are 16, 32, 40 and 64.\n", clock1);
return PM3_EINVARG;
}
if (card == 1) {
@ -644,11 +677,11 @@ static int CmdEM410xWrite(const char *Cmd) {
card = (card & 0xFF) | ((clock1 << 8) & 0xFF00);
} else {
PrintAndLogEx(FAILED, "Error! Bad card type selected.\n");
return 0;
return PM3_ESOFT;
}
SendCommandMIX(CMD_EM410X_WRITE_TAG, card, (uint32_t)(id >> 32), (uint32_t)id, NULL, 0);
return 0;
return PM3_SUCCESS;
}
//**************** Start of EM4x50 Code ************************
@ -961,13 +994,13 @@ static int CmdEM4x50Write(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_write();
PrintAndLogEx(NORMAL, "no implemented yet");
return 0;
return PM3_SUCCESS;
}
static int CmdEM4x50Dump(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_dump();
PrintAndLogEx(NORMAL, "no implemented yet");
return 0;
return PM3_SUCCESS;
}
#define EM_PREAMBLE_LEN 6
@ -1016,13 +1049,13 @@ static bool doPreambleSearch(size_t *startIdx) {
static bool detectFSK() {
// detect fsk clock
if (!GetFskClock("", false)) {
if (GetFskClock("", false) == 0) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM: FSK clock failed");
return false;
}
// demod
int ans = FSKrawDemod("0 0", false);
if (!ans) {
if (ans != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM: FSK Demod failed");
return false;
}
@ -1038,12 +1071,12 @@ static bool detectPSK() {
//demod
//try psk1 -- 0 0 6 (six errors?!?)
ans = PSKDemod("0 0 6", false);
if (!ans) {
if (ans != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM: PSK1 Demod failed");
//try psk1 inverted
ans = PSKDemod("0 1 6", false);
if (!ans) {
if (ans != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM: PSK1 inverted Demod failed");
return false;
}
@ -1055,7 +1088,7 @@ static bool detectPSK() {
// try manchester - NOTE: ST only applies to T55x7 tags.
static bool detectASK_MAN() {
bool stcheck = false;
if (!ASKDemod_ext("0 0 0", false, false, 1, &stcheck)) {
if (ASKDemod_ext("0 0 0", false, false, 1, &stcheck) != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM: ASK/Manchester Demod failed");
return false;
}
@ -1064,11 +1097,11 @@ static bool detectASK_MAN() {
static bool detectASK_BI() {
int ans = ASKbiphaseDemod("0 0 1", false);
if (!ans) {
if (ans != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM: ASK/biphase normal demod failed");
ans = ASKbiphaseDemod("0 1 1", false);
if (!ans) {
if (ans != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - EM: ASK/biphase inverted demod failed");
return false;
}
@ -1130,10 +1163,10 @@ static int EM4x05ReadWord_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
PrintAndLogEx(DEBUG, "timeout while waiting for reply.");
return -1;
return PM3_ETIMEOUT;
}
if (!downloadSamplesEM()) {
return -1;
return PM3_ESOFT;
}
return demodEM4x05resp(word);