github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: 'lf em/hid/io/awid watch' - colors, unified, NG

Browse source
This commit is contained in:
iceman1001 2020-06-22 14:56:13 +02:00
commit b59131d349
8 changed files with 187 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

21
armsrc/appmain.c
View file

@ -784,9 +784,10 @@ static void PacketReceived(PacketCommandNG *packet) {
reply_mix(CMD_ACK, bits, 0, 0, 0, 0); reply_mix(CMD_ACK, bits, 0, 0, 0, 0);
break; break;
} }
case CMD_LF_HID_DEMOD: { case CMD_LF_HID_WATCH: {
uint32_t high, low; uint32_t high, low;
CmdHIDdemodFSK(0, &high, &low, 1); int res = lf_hid_watch(0, &high, &low);
reply_ng(CMD_LF_HID_WATCH, res, NULL, 0);
break; break;
} }
case CMD_LF_HID_SIMULATE: { case CMD_LF_HID_SIMULATE: {
@ -832,7 +833,15 @@ static void PacketReceived(PacketCommandNG *packet) {
break; break;
} }
case CMD_LF_EM410X_WRITE: { case CMD_LF_EM410X_WRITE: {
WriteEM410x(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2]); struct p {
uint8_t card;
uint8_t clock;
uint32_t high;
uint32_t low;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
int res = copy_em410x_to_t55xx(payload->card, payload->clock, payload->high, payload->low);
reply_ng(CMD_LF_EM410X_WRITE, res, NULL, 0);
break; break;
} }
case CMD_LF_TI_READ: { case CMD_LF_TI_READ: {
@ -934,10 +943,10 @@ static void PacketReceived(PacketCommandNG *packet) {
EM4xWriteWord(payload->address, payload->data, payload->password, payload->usepwd); EM4xWriteWord(payload->address, payload->data, payload->password, payload->usepwd);
break; break;
} }
case CMD_LF_AWID_DEMOD: { case CMD_LF_AWID_WATCH: {
uint32_t high, low; uint32_t high, low;
// Set realtime AWID demodulation int res = lf_awid_watch(0, &high, &low);
CmdAWIDdemodFSK(0, &high, &low, 1); reply_ng(CMD_LF_AWID_WATCH, res, NULL, 0);
break; break;
} }
case CMD_LF_VIKING_CLONE: { case CMD_LF_VIKING_CLONE: {

128
armsrc/lfops.c
View file

@ -171,7 +171,7 @@ t55xx_configurations_t T55xx_Timing = {
#define T55XX_LONGLEADINGREFERENCE 4 // Value to tell Write Bit to send long reference #define T55XX_LONGLEADINGREFERENCE 4 // Value to tell Write Bit to send long reference
// ATA55xx shared presets & routines // ATA55xx shared presets & routines
static uint32_t GetT55xxClockBit(uint32_t clock) { static uint32_t GetT55xxClockBit(uint8_t clock) {
switch (clock) { switch (clock) {
case 128: case 128:
return T55x7_BITRATE_RF_128; return T55x7_BITRATE_RF_128;
@ -1224,32 +1224,52 @@ void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size,
} }
// loop to get raw HID waveform then FSK demodulate the TAG ID from it // loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) { int lf_hid_watch(int findone, uint32_t *high, uint32_t *low) {
uint8_t *dest = BigBuf_get_addr();
size_t size; size_t size;
uint32_t hi2 = 0, hi = 0, lo = 0; uint32_t hi2 = 0, hi = 0, lo = 0;
int dummyIdx = 0; int dummyIdx = 0;
// Configure to go in 125kHz listen mode // Configure to go in 125kHz listen mode
LFSetupFPGAForADC(LF_DIVISOR_125, true); LFSetupFPGAForADC(LF_DIVISOR_125, true);
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
//clear read buffer //clear read buffer
BigBuf_Clear_keep_EM(); BigBuf_Clear_keep_EM();
while (!BUTTON_PRESS() && !data_available()) { int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT(); WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false); DoAcquisition_default(-1, false);
// FSK demodulator // FSK demodulator
size = 50 * 128 * 2; //big enough to catch 2 sequences of largest format // 50 * 128 * 2 - big enough to catch 2 sequences of largest format
size = MIN(12800, BigBuf_max_traceLen());
int idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx); int idx = HIDdemodFSK(dest, &size, &hi2, &hi, &lo, &dummyIdx);
if (idx < 0) continue; if (idx < 0) continue;
if (idx > 0 && lo > 0 && (size == 96 || size == 192)) { if (idx > 0 && lo > 0 && (size == 96 || size == 192)) {
// go over previously decoded manchester data and decode into usable tag ID // go over previously decoded manchester data and decode into usable tag ID
if (hi2 != 0) { //extra large HID tags 88/192 bits if (hi2 != 0) { //extra large HID tags 88/192 bits
Dbprintf("TAG ID: %x%08x%08x (%d)", Dbprintf("TAG ID: " _GREEN_("%x%08x%08x") " (%d)",
hi2, hi2,
hi, hi,
lo, lo,
@ -1311,25 +1331,40 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
hi2 = hi = lo = idx = 0; hi2 = hi = lo = idx = 0;
} }
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("HID fsk demod stopped"); BigBuf_free();
if (ledcontrol) LED_A_OFF(); LEDsoff();
return res;
} }
// loop to get raw HID waveform then FSK demodulate the TAG ID from it // loop to get raw HID waveform then FSK demodulate the TAG ID from it
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol) { int lf_awid_watch(int findone, uint32_t *high, uint32_t *low) {
uint8_t *dest = BigBuf_get_addr();
size_t size; size_t size;
int dummyIdx = 0; int dummyIdx = 0;
uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM(); BigBuf_Clear_keep_EM();
clear_trace();
set_tracing(false);
LFSetupFPGAForADC(LF_DIVISOR_125, true); LFSetupFPGAForADC(LF_DIVISOR_125, true);
while (!BUTTON_PRESS() && !data_available()) { int res = PM3_SUCCESS;
uint16_t interval = 0;
while (BUTTON_PRESS() == false) {
WDT_HIT(); WDT_HIT();
if (ledcontrol) LED_A_ON();
// cancel w usb command.
if (interval == 4000) {
if (data_available()) {
res = PM3_EOPABORTED;
break;
}
interval = 0;
} else {
interval++;
}
DoAcquisition_default(-1, false); DoAcquisition_default(-1, false);
// FSK demodulator // FSK demodulator
@ -1380,20 +1415,19 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
uint32_t fac = bytebits_to_byte(dest + 9, 8); uint32_t fac = bytebits_to_byte(dest + 9, 8);
uint32_t cardnum = bytebits_to_byte(dest + 17, 16); uint32_t cardnum = bytebits_to_byte(dest + 17, 16);
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen); uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen);
Dbprintf("AWID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo); Dbprintf("AWID Found - Bit length: " _GREEN_("%d") ", FC: " _GREEN_("%d") ", Card: " _GREEN_("%d") " - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, fac, cardnum, code1, rawHi2, rawHi, rawLo);
} else { } else {
uint32_t cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16); uint32_t cardnum = bytebits_to_byte(dest + 8 + (fmtLen - 17), 16);
if (fmtLen > 32) { if (fmtLen > 32) {
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen - 32); uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen - 32);
uint32_t code2 = bytebits_to_byte(dest + 8 + (fmtLen - 32), 32); uint32_t code2 = bytebits_to_byte(dest + 8 + (fmtLen - 32), 32);
Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo); Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x%08x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, code2, rawHi2, rawHi, rawLo);
} else { } else {
uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen); uint32_t code1 = bytebits_to_byte(dest + 8, fmtLen);
Dbprintf("AWID Found - BitLength: %d -unknown BitLength- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo); Dbprintf("AWID Found - Bit length: " _GREEN_("%d") " -unknown bit length- (%d) - Wiegand: %x, Raw: %08x%08x%08x", fmtLen, cardnum, code1, rawHi2, rawHi, rawLo);
} }
} }
if (findone) { if (findone) {
if (ledcontrol) LED_A_OFF();
*high = rawHi; *high = rawHi;
*low = rawLo; *low = rawLo;
break; break;
@ -1401,8 +1435,9 @@ void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol)
} }
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
DbpString("AWID fsk demod stopped"); BigBuf_free();
if (ledcontrol) LED_A_OFF(); LEDsoff();
return res;
} }
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) { int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
@ -1425,7 +1460,7 @@ int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
WDT_HIT(); WDT_HIT();
// cancel w usb command. // cancel w usb command.
if (interval == 2000) { if (interval == 4000) {
if (data_available()) { if (data_available()) {
res = PM3_EOPABORTED; res = PM3_EOPABORTED;
break; break;
@ -1448,7 +1483,7 @@ int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo); errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo);
if (errCnt == 1) { if (errCnt == 1) {
if (size == 128) { if (size == 128) {
Dbprintf("EM XL TAG ID: %06x%08x%08x - (%05d_%03d_%08d)", Dbprintf("EM XL TAG ID: " _GREEN_("%06x%08x%08x") " - ( %05d_%03d_%08d )",
hi, hi,
(uint32_t)(lo >> 32), (uint32_t)(lo >> 32),
(uint32_t)lo, (uint32_t)lo,
@ -1456,7 +1491,7 @@ int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low) {
(uint32_t)((lo >> 16LL) & 0xFF), (uint32_t)((lo >> 16LL) & 0xFF),
(uint32_t)(lo & 0xFFFFFF)); (uint32_t)(lo & 0xFFFFFF));
} else { } else {
Dbprintf("EM TAG ID: %02x%08x - (%05d_%03d_%08d)", Dbprintf("EM TAG ID: " _GREEN_("%02x%08x") " - ( %05d_%03d_%08d )",
(uint32_t)(lo >> 32), (uint32_t)(lo >> 32),
(uint32_t)lo, (uint32_t)lo,
(uint32_t)(lo & 0xFFFF), (uint32_t)(lo & 0xFFFF),
@ -1484,8 +1519,8 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
int dummyIdx = 0; int dummyIdx = 0;
uint32_t code = 0, code2 = 0; uint32_t code = 0, code2 = 0;
uint8_t version = 0, facilitycode = 0, crc = 0; uint8_t version = 0, facilitycode = 0;
uint16_t number = 0, calccrc = 0; uint16_t number = 0;
uint8_t *dest = BigBuf_get_addr(); uint8_t *dest = BigBuf_get_addr();
BigBuf_Clear_keep_EM(); BigBuf_Clear_keep_EM();
@ -1502,7 +1537,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
WDT_HIT(); WDT_HIT();
// cancel w usb command. // cancel w usb command.
if (interval == 2000) { if (interval == 4000) {
if (data_available()) { if (data_available()) {
res = PM3_EOPABORTED; res = PM3_EOPABORTED;
break; break;
@ -1554,17 +1589,8 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
facilitycode = bytebits_to_byte(dest + idx + 18, 8); facilitycode = bytebits_to_byte(dest + idx + 18, 8);
number = (bytebits_to_byte(dest + idx + 36, 8) << 8) | (bytebits_to_byte(dest + idx + 45, 8)); //36,9 number = (bytebits_to_byte(dest + idx + 36, 8) << 8) | (bytebits_to_byte(dest + idx + 45, 8)); //36,9
crc = bytebits_to_byte(dest + idx + 54, 8); Dbprintf("IO Prox " _GREEN_("XSF(%02d)%02x:%05d") " (%08x%08x) (%s)", version, facilitycode, number, code, code2);
for (uint8_t i = 1; i < 6; ++i) {
calccrc += bytebits_to_byte(dest + idx + 9 * i, 8);
}
calccrc &= 0xff;
calccrc = 0xff - calccrc;
const char *crcStr = (crc == calccrc) ? _GREEN_("ok") : _RED_("fail");
Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) (%s)", version, facilitycode, number, code, code2, crcStr);
// if we're only looking for one tag
if (findone) { if (findone) {
*high = code; *high = code;
*low = code2; *low = code2;
@ -1573,7 +1599,6 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low) {
code = code2 = 0; code = code2 = 0;
version = facilitycode = 0; version = facilitycode = 0;
number = 0; number = 0;
calccrc = 0;
} }
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
BigBuf_free(); BigBuf_free();
@ -2215,17 +2240,26 @@ void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) {
reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0); reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0);
} }
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo) {
// Define 9bit header for EM410x tags // Define 9bit header for EM410x tags
#define EM410X_HEADER 0x1FF #define EM410X_HEADER 0x1FF
#define EM410X_ID_LENGTH 40 #define EM410X_ID_LENGTH 40
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) { uint32_t clockbits = 0;
if (card == 1) { //t55x7
clockbits = GetT55xxClockBit(clock);
if (clockbits == 0) {
Dbprintf("Invalid clock rate: %d", clock);
return PM3_EINVARG;
}
}
int i; int i;
uint64_t id = EM410X_HEADER; uint64_t id = EM410X_HEADER;
uint64_t rev_id = 0; // reversed ID uint64_t rev_id = 0; // reversed ID
int c_parity[4]; // column parity int c_parity[4]; // column parity
int r_parity = 0; // row parity int r_parity = 0; // row parity
uint32_t clock = 0;
// Reverse ID bits given as parameter (for simpler operations) // Reverse ID bits given as parameter (for simpler operations)
for (i = 0; i < EM410X_ID_LENGTH; ++i) { for (i = 0; i < EM410X_ID_LENGTH; ++i) {
@ -2275,33 +2309,29 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
// Add stop bit // Add stop bit
id <<= 1; id <<= 1;
Dbprintf("Started writing %s tag ...", card ? "T55x7" : "T5555");
LED_D_ON(); LED_D_ON();
// Write EM410x ID // Write EM410x ID
uint32_t data[] = {0, (uint32_t)(id >> 32), (uint32_t)(id & 0xFFFFFFFF)}; uint32_t data[] = {0, (uint32_t)(id >> 32), (uint32_t)(id & 0xFFFFFFFF)};
clock = (card & 0xFF00) >> 8; // default to 64
clock = (clock == 0) ? 64 : clock; clock = (clock == 0) ? 64 : clock;
Dbprintf("Clock rate: %d", clock); Dbprintf("Clock rate: %d", clock);
if (card & 0xFF) { //t55x7
clock = GetT55xxClockBit(clock); if (card == 1) { // T55x7
if (clock == 0) { data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
Dbprintf("Invalid clock rate: %d", clock); } else { // T5555 (Q5)
return;
}
data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else { //t5555 (Q5)
data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT); data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
} }
WriteT55xx(data, 0, 3); WriteT55xx(data, 0, 3);
LED_D_OFF(); LEDsoff();
Dbprintf("Tag %s written with 0x%08x%08x\n", Dbprintf("Tag %s written with 0x%08x%08x\n",
card ? "T55x7" : "T5555", card ? "T55x7" : "T5555",
(uint32_t)(id >> 32), (uint32_t)(id >> 32),
(uint32_t)id); (uint32_t)id);
return PM3_SUCCESS;
} }
//----------------------------------- //-----------------------------------

9
armsrc/lfops.h
View file

@ -35,14 +35,17 @@ void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t c
void CmdPSKsimTAG(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); void CmdPSKsimTAG(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); void CmdNRZsimTAG(uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol);
void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); int lf_hid_watch(int findone, uint32_t *high, uint32_t *low);
void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26 int lf_awid_watch(int findone, uint32_t *high, uint32_t *low); // Realtime demodulation mode for AWID26
int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low); int lf_em410x_watch(int findone, uint32_t *high, uint64_t *low);
int lf_io_watch(int findone, uint32_t *high, uint32_t *low); int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5); void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5);
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo);
void T55xxResetRead(uint8_t flags); void T55xxResetRead(uint8_t flags);
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags); //id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxWriteBlock(uint8_t *data); void T55xxWriteBlock(uint8_t *data);

30
client/src/cmdlfawid.c
View file

@ -38,7 +38,7 @@ static int usage_lf_awid_watch(void) {
PrintAndLogEx(NORMAL, "Usage: lf awid watch"); PrintAndLogEx(NORMAL, "Usage: lf awid watch");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid watch"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid watch"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -54,8 +54,8 @@ static int usage_lf_awid_sim(void) {
PrintAndLogEx(NORMAL, " <card number> : 16|32-bit value card number"); PrintAndLogEx(NORMAL, " <card number> : 16|32-bit value card number");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid sim 26 224 1337"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid sim 26 224 1337"));
PrintAndLogEx(NORMAL, " lf awid sim 50 2001 13371337"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid sim 50 2001 13371337"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -72,8 +72,8 @@ static int usage_lf_awid_clone(void) {
PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip"); PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid clone 26 224 1337"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid clone 26 224 1337"));
PrintAndLogEx(NORMAL, " lf awid clone 50 2001 13371337"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid clone 50 2001 13371337"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -92,9 +92,9 @@ static int usage_lf_awid_brute(void) {
PrintAndLogEx(NORMAL, " v : verbose logging, show all tries"); PrintAndLogEx(NORMAL, " v : verbose logging, show all tries");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf awid brute a 26 f 224"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute a 26 f 224"));
PrintAndLogEx(NORMAL, " lf awid brute a 50 f 2001 d 2000"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute a 50 f 2001 d 2000"));
PrintAndLogEx(NORMAL, " lf awid brute v a 50 f 2001 c 200 d 2000"); PrintAndLogEx(NORMAL, _YELLOW_(" lf awid brute v a 50 f 2001 c 200 d 2000"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -180,11 +180,17 @@ static void verify_values(uint8_t *fmtlen, uint32_t *fc, uint32_t *cn) {
// this read loops on device side. // this read loops on device side.
// uses the demod in lfops.c // uses the demod in lfops.c
static int CmdAWIDWatch(const char *Cmd) { static int CmdAWIDWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0)); uint8_t c = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_awid_watch(); if (c == 'h') return usage_lf_awid_watch();
PrintAndLogEx(SUCCESS, "Watching for AWID cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_AWID_DEMOD, NULL, 0); SendCommandNG(CMD_LF_AWID_WATCH, NULL, 0);
return PM3_SUCCESS; PacketResponseNG resp;
WaitForResponse(CMD_LF_AWID_WATCH, &resp);
PrintAndLogEx(INFO, "Done");
return resp.status;
} }
//by marshmellow //by marshmellow

76
client/src/cmdlfem4x.c
View file

@ -454,8 +454,11 @@ int AskEm410xDemod(const char *Cmd, uint32_t *hi, uint64_t *lo, bool verbose) {
// this read loops on device side. // this read loops on device side.
// uses the demod in lfops.c // uses the demod in lfops.c
static int CmdEM410xWatch(const char *Cmd) { static int CmdEM410xWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0)); uint8_t c = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em410x_watch(); if (c == 'h') return usage_lf_em410x_watch();
PrintAndLogEx(SUCCESS, "Watching for EM410x cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_EM410X_WATCH, NULL, 0); SendCommandNG(CMD_LF_EM410X_WATCH, NULL, 0);
PacketResponseNG resp; PacketResponseNG resp;
@ -640,29 +643,26 @@ static int CmdEM410xWrite(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0)); char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 0x00 || cmdp == 'h') return usage_lf_em410x_write(); if (cmdp == 0x00 || cmdp == 'h') return usage_lf_em410x_write();
uint64_t id = 0xFFFFFFFFFFFFFFFF; // invalid id value uint64_t id = param_get64ex(Cmd, 0, -1, 16);
int card = 0xFF; // invalid card value uint8_t card = param_get8ex(Cmd, 1, 0xFF, 10);
uint32_t clock1 = 0; // invalid clock value uint8_t clock1 = param_get8ex(Cmd, 2, 0, 10);
sscanf(Cmd, "%" SCNx64 " %d %d", &id, &card, &clock1);
// Check ID // Check ID
if (id == 0xFFFFFFFFFFFFFFFF) { if (id == 0xFFFFFFFFFFFFFFFF) {
PrintAndLogEx(ERR, "Error! ID is required.\n"); PrintAndLogEx(ERR, "error, ID is required\n");
usage_lf_em410x_write();
return PM3_EINVARG; return PM3_EINVARG;
} }
if (id >= 0x10000000000) { if (id >= 0x10000000000) {
PrintAndLogEx(ERR, "Error! Given EM410x ID is longer than 40 bits.\n"); PrintAndLogEx(ERR, "error, given EM410x ID is longer than 40 bits\n");
usage_lf_em410x_write();
return PM3_EINVARG; return PM3_EINVARG;
} }
// Check Card // Check Card
if (card == 0xFF) { if (card > 1) {
PrintAndLogEx(ERR, "Error! Card type required.\n"); PrintAndLogEx(FAILED, "error, bad card type selected\n");
return PM3_EINVARG; usage_lf_em410x_write();
}
if (card < 0) {
PrintAndLogEx(ERR, "Error! Bad card type selected.\n");
return PM3_EINVARG; return PM3_EINVARG;
} }
@ -672,29 +672,51 @@ static int CmdEM410xWrite(const char *Cmd) {
// Allowed clock rates: 16, 32, 40 and 64 // Allowed clock rates: 16, 32, 40 and 64
if ((clock1 != 16) && (clock1 != 32) && (clock1 != 64) && (clock1 != 40)) { if ((clock1 != 16) && (clock1 != 32) && (clock1 != 64) && (clock1 != 40)) {
PrintAndLogEx(ERR, "Error! Clock rate" _YELLOW_("%d")" not valid. Supported clock rates are 16, 32, 40 and 64.\n", clock1); PrintAndLogEx(ERR, "error, clock rate" _RED_("%d")" not valid");
PrintAndLogEx(INFO, "supported clock rates: " _YELLOW_("16, 32, 40, 60") "\n", clock1);
usage_lf_em410x_write();
return PM3_EINVARG; return PM3_EINVARG;
} }
if (card == 1) { if (card == 1) {
PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 " (clock rate: %d)", "T55x7", id, clock1); PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 " (clock rate: %d)", _GREEN_("T55x7"), id, clock1);
// NOTE: We really should pass the clock in as a separate argument, but to // NOTE: We really should pass the clock in as a separate argument, but to
// provide for backwards-compatibility for older firmware, and to avoid // provide for backwards-compatibility for older firmware, and to avoid
// having to add another argument to CMD_LF_EM410X_WRITE, we just store // having to add another argument to CMD_LF_EM410X_WRITE, we just store
// the clock rate in bits 8-15 of the card value // the clock rate in bits 8-15 of the card value
card = (card & 0xFF) | ((clock1 << 8) & 0xFF00);
} else if (card == 0) { } else if (card == 0) {
PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 "(clock rate: %d)", "T5555", id, clock1); PrintAndLogEx(SUCCESS, "Writing %s tag with UID 0x%010" PRIx64 "(clock rate: %d)", _GREEN_("T5555"), id, clock1);
card = (card & 0xFF) | ((clock1 << 8) & 0xFF00);
} else {
PrintAndLogEx(FAILED, "Error! Bad card type selected.\n");
return PM3_ESOFT;
} }
SendCommandMIX(CMD_LF_EM410X_WRITE, card, (uint32_t)(id >> 32), (uint32_t)id, NULL, 0); struct {
PrintAndLogEx(SUCCESS, "Done"); uint8_t card;
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 410x_read`") " to verify"); uint8_t clock;
return PM3_SUCCESS; uint32_t high;
uint32_t low;
} PACKED params;
params.card = card;
params.clock = clock1;
params.high = (uint32_t)(id >> 32);
params.low = (uint32_t)id;
clearCommandBuffer();
SendCommandNG(CMD_LF_EM410X_WRITE, (uint8_t *)&params, sizeof(params));
PacketResponseNG resp;
WaitForResponse(CMD_LF_EM410X_WRITE, &resp);
switch(resp.status) {
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "Done");
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf em 410x_read`") " to verify");
break;
}
default: {
PrintAndLogEx(WARNING, "Something went wrong");
break;
}
}
return resp.status;
} }
//**************** Start of EM4x50 Code ************************ //**************** Start of EM4x50 Code ************************

16
client/src/cmdlfhid.c
View file

@ -264,13 +264,17 @@ static int CmdHIDRead(const char *Cmd) {
// this read loops on device side. // this read loops on device side.
// uses the demod in lfops.c // uses the demod in lfops.c
static int CmdHIDWatch(const char *Cmd) { static int CmdHIDWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0)); uint8_t c = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_hid_watch(); if (c == 'h') return usage_lf_hid_watch();
PrintAndLogEx(SUCCESS, "Watching for HID Prox cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_HID_DEMOD, NULL, 0); SendCommandNG(CMD_LF_HID_WATCH, NULL, 0);
PrintAndLogEx(SUCCESS, "Watching for new HID cards - place tag on antenna"); PacketResponseNG resp;
PrintAndLogEx(INFO, "Press pm3-button to stop reading new cards"); WaitForResponse(CMD_LF_HID_WATCH, &resp);
return PM3_SUCCESS; PrintAndLogEx(INFO, "Done");
return resp.status;
} }
static int CmdHIDSim(const char *Cmd) { static int CmdHIDSim(const char *Cmd) {

13
client/src/cmdlfio.c
View file

@ -36,7 +36,7 @@ static int usage_lf_io_watch(void) {
PrintAndLogEx(NORMAL, "Usage: lf io watch"); PrintAndLogEx(NORMAL, "Usage: lf io watch");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf io watch"); PrintAndLogEx(NORMAL, _YELLOW_(" lf io watch"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -52,7 +52,7 @@ static int usage_lf_io_sim(void) {
PrintAndLogEx(NORMAL, " <card number> : 16bit value card number (decimal)"); PrintAndLogEx(NORMAL, " <card number> : 16bit value card number (decimal)");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf io sim 26 101 1337"); PrintAndLogEx(NORMAL, _YELLOW_(" lf io sim 26 101 1337"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -69,15 +69,18 @@ static int usage_lf_io_clone(void) {
PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip"); PrintAndLogEx(NORMAL, " Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf io clone 26 101 1337"); PrintAndLogEx(NORMAL, _YELLOW_(" lf io clone 26 101 1337"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// this read loops on device side. // this read loops on device side.
// uses the demod in lfops.c // uses the demod in lfops.c
static int CmdIOProxWatch(const char *Cmd) { static int CmdIOProxWatch(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0)); uint8_t c = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_io_watch(); if (c == 'h') return usage_lf_io_watch();
PrintAndLogEx(SUCCESS, "Watching for IO Prox cards - place tag on antenna");
PrintAndLogEx(INFO, "Press pm3-button to stop reading cards");
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_IO_WATCH, NULL, 0); SendCommandNG(CMD_LF_IO_WATCH, NULL, 0);
PacketResponseNG resp; PacketResponseNG resp;

4
include/pm3_cmd.h
View file

@ -385,7 +385,7 @@ typedef struct {
#define CMD_DOWNLOADED_BIGBUF 0x0208 #define CMD_DOWNLOADED_BIGBUF 0x0208
#define CMD_LF_UPLOAD_SIM_SAMPLES 0x0209 #define CMD_LF_UPLOAD_SIM_SAMPLES 0x0209
#define CMD_LF_SIMULATE 0x020A #define CMD_LF_SIMULATE 0x020A
#define CMD_LF_HID_DEMOD 0x020B #define CMD_LF_HID_WATCH 0x020B
#define CMD_LF_HID_SIMULATE 0x020C #define CMD_LF_HID_SIMULATE 0x020C
#define CMD_LF_SET_DIVISOR 0x020D #define CMD_LF_SET_DIVISOR 0x020D
#define CMD_LF_SIMULATE_BIDIR 0x020E #define CMD_LF_SIMULATE_BIDIR 0x020E
@ -407,7 +407,7 @@ typedef struct {
#define CMD_LF_ASK_SIMULATE 0x021F #define CMD_LF_ASK_SIMULATE 0x021F
#define CMD_LF_PSK_SIMULATE 0x0220 #define CMD_LF_PSK_SIMULATE 0x0220
#define CMD_LF_NRZ_SIMULATE 0x0232 #define CMD_LF_NRZ_SIMULATE 0x0232
#define CMD_LF_AWID_DEMOD 0x0221 #define CMD_LF_AWID_WATCH 0x0221
#define CMD_LF_VIKING_CLONE 0x0222 #define CMD_LF_VIKING_CLONE 0x0222
#define CMD_LF_T55XX_WAKEUP 0x0224 #define CMD_LF_T55XX_WAKEUP 0x0224
#define CMD_LF_COTAG_READ 0x0225 #define CMD_LF_COTAG_READ 0x0225