github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

hf 15 sim, reverse uid and a shorter read from emul to get uid if none is user given

Browse source
This commit is contained in:
iceman1001 2024-01-25 00:34:05 +01:00
commit ba578ee139
5 changed files with 55 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/Standalone/hf_15sim.c
View file

@ -184,7 +184,7 @@ void RunMod(void) {
Dbprintf("Tag dumped"); Dbprintf("Tag dumped");
Dbprintf("Start simulation"); Dbprintf("Start simulation");
SimTagIso15693(0, 0); SimTagIso15693(NULL, 0);
Dbprintf("Simulation stopped"); Dbprintf("Simulation stopped");
SpinDelay(200); SpinDelay(200);

3
armsrc/Standalone/hf_tmudford.c
View file

@ -75,7 +75,8 @@ void RunMod(void) {
} else if (state == STATE_EMUL) { } else if (state == STATE_EMUL) {
Iso15693InitTag(); Iso15693InitTag();
Dbprintf("Starting simulation, press " _GREEN_("pm3 button") " to stop and go back to search state."); Dbprintf("Starting simulation, press " _GREEN_("pm3 button") " to stop and go back to search state.");
// default block size is 4 // default block size is 4..
// iceman: which can be 4,8 all the way to 32
SimTagIso15693(card.uid, 4); SimTagIso15693(card.uid, 4);
state = STATE_READ; state = STATE_READ;

21
armsrc/appmain.c
View file

@ -1317,6 +1317,27 @@ static void PacketReceived(PacketCommandNG *packet) {
emlSet(payload->data, payload->offset, payload->count); emlSet(payload->data, payload->offset, payload->count);
break; break;
} }
case CMD_HF_ISO15693_EML_GETMEM: {
FpgaDownloadAndGo(FPGA_BITSTREAM_HF_15);
struct p {
uint32_t offset;
uint16_t length;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
if (payload->length > PM3_CMD_DATA_SIZE) {
reply_ng(CMD_HF_ISO15693_EML_GETMEM, PM3_EMALLOC, NULL, 0);
return;
}
uint8_t *buf = BigBuf_malloc(payload->length);
emlGet(buf, payload->offset, payload->length);
LED_B_ON();
reply_ng(CMD_HF_ISO15693_EML_GETMEM, PM3_SUCCESS, buf, payload->length);
LED_B_OFF();
BigBuf_free_keep_EM();
break;
}
case CMD_HF_ISO15693_SIMULATE: { case CMD_HF_ISO15693_SIMULATE: {
struct p { struct p {
uint8_t uid[8]; uint8_t uid[8];

48
client/src/cmdhf15.c
View file

@ -1421,33 +1421,45 @@ static int CmdHF15Sim(const char *Cmd) {
int uidlen = 0; int uidlen = 0;
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen); CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
if (uidlen != 0 && uidlen != HF15_UID_LENGTH) { payload.block_size = arg_get_int_def(ctx, 2, 4);
PrintAndLogEx(WARNING, "UID must include 8 hex bytes");
CLIParserFree(ctx);
return PM3_EINVARG;
}
CLIParserFree(ctx); CLIParserFree(ctx);
if (uidlen == 0) { // get UID from emulator // sanity checks
// reserve memory if (uidlen != 0 && uidlen != HF15_UID_LENGTH) {
iso15_tag_t *tag = calloc(1, sizeof(iso15_tag_t)); PrintAndLogEx(WARNING, "UID must include 8 hex bytes, got ( " _RED_("%i") " )", uidlen);
if (tag == NULL) { return PM3_EINVARG;
PrintAndLogEx(WARNING, "Fail, cannot allocate memory"); }
return PM3_EMALLOC;
}
if (GetFromDevice(BIG_BUF_EML, (uint8_t *)tag, sizeof(iso15_tag_t), 0, NULL, 0, NULL, 2500, false) == false) { PacketResponseNG resp;
PrintAndLogEx(WARNING, "Fail, transfer from device time-out");
free(tag); // get UID from emulator, for printing??
// iceman: downloading 2200 bytes just to get a 8 byte UID is overkill
if (uidlen == 0) {
struct {
uint32_t offset;
uint16_t length;
} PACKED payload_mem;
payload_mem.offset = 0;
payload_mem.length = 8;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_EML_GETMEM, (uint8_t *)&payload_mem, sizeof(payload_mem));
if (WaitForResponseTimeout(CMD_HF_ISO15693_EML_GETMEM, &resp, 2000) == false) {
PrintAndLogEx(DEBUG, "iso15693 timeout");
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }
PrintAndLogEx(SUCCESS, "Starting simulating UID " _YELLOW_("%s"), iso15693_sprintUID(NULL, tag->uid)); if (resp.status != PM3_SUCCESS) {
free(tag); PrintAndLogEx(WARNING, "Failed to get UID from emulator memory");
return resp.status;
}
PrintAndLogEx(SUCCESS, "Starting simulating UID " _YELLOW_("%s"), iso15693_sprintUID(NULL, resp.data.asBytes));
} }
PrintAndLogEx(INFO, "Press " _YELLOW_("`pm3-button`") " to abort simulation"); PrintAndLogEx(INFO, "Press " _YELLOW_("`pm3-button`") " to abort simulation");
PacketResponseNG resp;
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SIMULATE, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_HF_ISO15693_SIMULATE, (uint8_t *)&payload, sizeof(payload));
WaitForResponse(CMD_HF_ISO15693_SIMULATE, &resp); WaitForResponse(CMD_HF_ISO15693_SIMULATE, &resp);

1
include/pm3_cmd.h
View file

@ -550,6 +550,7 @@ typedef struct {
#define CMD_HF_TEXKOM_SIMULATE 0x0320 #define CMD_HF_TEXKOM_SIMULATE 0x0320
#define CMD_HF_ISO15693_EML_CLEAR 0x0330 #define CMD_HF_ISO15693_EML_CLEAR 0x0330
#define CMD_HF_ISO15693_EML_SETMEM 0x0331 #define CMD_HF_ISO15693_EML_SETMEM 0x0331
#define CMD_HF_ISO15693_EML_GETMEM 0x0332
#define CMD_LF_SNIFF_RAW_ADC 0x0360 #define CMD_LF_SNIFF_RAW_ADC 0x0360