github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

lf viking clone - now supports clone to EM4305/4469 (untested)

Browse source
This commit is contained in:
iceman1001 2020-11-25 15:13:32 +01:00
commit b7c0d6aa5e
4 changed files with 28 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
armsrc/appmain.c
View file

@ -1037,10 +1037,11 @@ static void PacketReceived(PacketCommandNG *packet) {
case CMD_LF_VIKING_CLONE: { case CMD_LF_VIKING_CLONE: {
struct p { struct p {
bool Q5; bool Q5;
bool EM;
uint8_t blocks[8]; uint8_t blocks[8];
} PACKED; } PACKED;
struct p *payload = (struct p *)packet->data.asBytes; struct p *payload = (struct p *)packet->data.asBytes;
CopyVikingtoT55xx(payload->blocks, payload->Q5); CopyVikingtoT55xx(payload->blocks, payload->Q5, payload->EM);
break; break;
} }
case CMD_LF_COTAG_READ: { case CMD_LF_COTAG_READ: {

7
armsrc/lfops.c
View file

@ -2252,11 +2252,14 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
} }
// clone viking tag to T55xx // clone viking tag to T55xx
void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) { void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em) {
uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), 0, 0}; uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), 0, 0};
if (Q5) if (q5) {
data[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT; data[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT;
} else if (em) {
data[0] = (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(2) );
}
data[1] = bytes_to_num(blocks, 4); data[1] = bytes_to_num(blocks, 4);
data[2] = bytes_to_num(blocks + 4, 4); data[2] = bytes_to_num(blocks + 4, 4);

2
armsrc/lfops.h
View file

@ -41,7 +41,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low);
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5); void CopyVikingtoT55xx(uint8_t *blocks, bool q5, bool em);
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo); int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo);

26
client/src/cmdlfviking.c
View file

@ -88,15 +88,17 @@ static int CmdVikingClone(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "lf viking clone", CLIParserInit(&ctx, "lf viking clone",
"clone a Viking AM tag to a T55x7 or Q5/T5555 tag.", "clone a Viking AM tag to a T55x7, Q5/T5555 or EM4305/4469 tag.",
"lf viking clone --cn 01A337\n" "lf viking clone --cn 01A337\n"
"lf viking clone --cn 01A337 --q5 -> encode for Q5/T5555 tag" "lf viking clone --cn 01A337 --q5 -> encode for Q5/T5555 tag"
"lf viking clone --cn 112233 --em -> encode for EM4305/4469"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_strx0(NULL, "cn", "<hex>", "8 digit hex viking card number"), arg_strx0(NULL, "cn", "<hex>", "8 digit hex viking card number"),
arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"), arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"),
arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, false);
@ -104,29 +106,41 @@ static int CmdVikingClone(const char *Cmd) {
int raw_len = 0; int raw_len = 0;
uint8_t raw[4] = {0}; uint8_t raw[4] = {0};
CLIGetHexWithReturn(ctx, 1, raw, &raw_len); CLIGetHexWithReturn(ctx, 1, raw, &raw_len);
bool q5 = arg_get_lit(ctx, 2);
bool em = arg_get_lit(ctx, 3);
CLIParserFree(ctx);
uint32_t id = bytes_to_num(raw, raw_len); uint32_t id = bytes_to_num(raw, raw_len);
if (id == 0) { if (id == 0) {
PrintAndLogEx(ERR, "Cardnumber can't be zero"); PrintAndLogEx(ERR, "Cardnumber can't be zero");
CLIParserFree(ctx);
return PM3_EINVARG; return PM3_EINVARG;
} }
bool q5 = arg_get_lit(ctx, 2); if (q5 && em) {
CLIParserFree(ctx); PrintAndLogEx(FAILED, "Can't specify both Q5 and EM4305 at the same time");
return PM3_EINVARG;
}
uint64_t rawID = getVikingBits(id); uint64_t rawID = getVikingBits(id);
struct p { struct p {
bool Q5; bool Q5;
bool EM;
uint8_t blocks[8]; uint8_t blocks[8];
} PACKED payload; } PACKED payload;
payload.Q5 = q5; payload.Q5 = q5;
payload.EM = em;
num_to_bytes(rawID, 8, &payload.blocks[0]); num_to_bytes(rawID, 8, &payload.blocks[0]);
char cardtype[16] = {"T55x7"};
if (q5)
snprintf(cardtype, sizeof(cardtype), "Q5/T5555");
else if (em)
snprintf(cardtype, sizeof(cardtype), "EM4305/4469");
PrintAndLogEx(INFO, "Preparing to clone Viking tag on " _YELLOW_("%s") " - ID " _YELLOW_("%08X")" raw " _YELLOW_("%s") PrintAndLogEx(INFO, "Preparing to clone Viking tag on " _YELLOW_("%s") " - ID " _YELLOW_("%08X")" raw " _YELLOW_("%s")
, (q5) ? "Q5/T5555" : "T55x7" , cardtype
, id , id
, sprint_hex(payload.blocks, sizeof(payload.blocks)) , sprint_hex(payload.blocks, sizeof(payload.blocks))
); );
@ -228,7 +242,7 @@ uint64_t getVikingBits(uint32_t id) {
ret |= checksum; ret |= checksum;
return ret; return ret;
} }
// by marshmellow
// find viking preamble 0xF200 in already demoded data // find viking preamble 0xF200 in already demoded data
int detectViking(uint8_t *src, size_t *size) { int detectViking(uint8_t *src, size_t *size) {
//make sure buffer has data //make sure buffer has data