github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 13:00:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

lf hid sim - now uses cliparser and --fc, --cn options

Browse source
This commit is contained in:
iceman1001 2020-10-08 21:46:53 +02:00
commit c5b3443fe6
2 changed files with 62 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

92
client/src/cmdlfhid.c
View file

@ -187,66 +187,85 @@ static int CmdHIDWatch(const char *Cmd) {
} }
static int CmdHIDSim(const char *Cmd) { static int CmdHIDSim(const char *Cmd) {
int idlen = 0;
uint8_t id[10] = {0};
lf_hidsim_t payload;
payload.longFMT = 0;
uint32_t hi2 = 0, hi = 0, lo = 0;
uint32_t i = 0;
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "lf hid sim", CLIParserInit(&ctx, "lf hid sim",
"Enables simulation of HID card with card number.", "Enables simulation of HID card with card number.",
"lf hid sim 2006ec0c86" "lf hid sim -r 2006ec0c86 -> HID 10301 26 bit\n"
"lf hid sim -r 2e0ec00c87 -> HID Corporate 35 bit\n"
"lf hid sim -r 01f0760643c3 -> HID P10001 40 bit\n"
"lf hid sim -r 01400076000c86 -> HID Corporate 48 bit\n"
"lf hid sim -w H10301 --fc 118 --cn 1603 -> HID 10301 26 bit\n"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_lit0("l", "long", "Simulate HID tag with long ID"), arg_str0("w", "wiegand", "<format>", "see " _YELLOW_("`wiegand list`") " for available formats"),
arg_str1(NULL, NULL, "<hex>", "HID tag ID"), arg_u64_0(NULL, "fc", "<dec>", "facility code"),
arg_u64_0(NULL, "cn", "<dec>", "card number"),
arg_int0("i", NULL, "<dec>", "issue level"),
arg_int0("o", "oem", "<dec>", "OEM code"),
arg_strx0("r", "raw", "<hex>", "raw bytes"),
// arg_lit0("q", "Q5", "optional - specify writing to Q5/T5555 tag"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, false);
bool long_id = arg_get_lit(ctx, 1); char format[16] = {0};
int format_len = 0;
CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)format, sizeof(format), &format_len);
CLIGetHexWithReturn(ctx, 2, id, &idlen); wiegand_card_t card;
memset(&card, 0, sizeof(wiegand_card_t));
card.FacilityCode = arg_get_u32_def(ctx, 2, 0);
card.CardNumber = arg_get_u32_def(ctx, 3, 0);
card.IssueLevel = arg_get_u32_def(ctx, 4, 0);
card.OEM = arg_get_u32_def(ctx, 5, 0);
int raw_len = 0;
char raw[40] = {0};
CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)raw, sizeof(raw), &raw_len);
//bool q5 = arg_get_lit(ctx, 7);
CLIParserFree(ctx); CLIParserFree(ctx);
wiegand_message_t packed = initialize_message_object(hi2, hi, lo); wiegand_message_t packed;
HIDTryUnpack(&packed, false); memset(&packed, 0, sizeof(wiegand_message_t));
// format validation
int format_idx = HIDFindCardFormat((char *)format);
if (format_idx == -1 && raw_len == 0) {
PrintAndLogEx(WARNING, "Unknown format: " _YELLOW_("%s"), format);
return PM3_EINVARG;
}
if (long_id) { if (raw_len) {
for (i = 0; i < idlen; ++i) { uint32_t top = 0, mid = 0, bot = 0;
hi2 = (hi2 << 4) | (hi >> 28); hexstring_to_u96(&top, &mid, &bot, raw);
hi = (hi << 4) | (lo >> 28); packed.Top = top;
lo = (lo << 4) | (id[i] >> 4); //get first 4 bits packed.Mid = mid;
packed.Bot = bot;
hi2 = (hi2 << 4) | (hi >> 28);
hi = (hi << 4) | (lo >> 28);
lo = (lo << 4) | (id[i] & 0xf); //get last 4 bits
}
PrintAndLogEx(INFO, "Simulating HID tag with long ID: " _GREEN_("%x%08x%08x"), hi2, hi, lo);
payload.longFMT = 1;
} else { } else {
for (i = 0; i < idlen; ++i) { if (HIDPack(format_idx, &card, &packed) == false) {
hi = (hi << 4) | (lo >> 28); PrintAndLogEx(WARNING, "The card data could not be encoded in the selected format.");
lo = (lo << 4) | (id[i] >> 4); //get first 4 bits return PM3_ESOFT;
hi = (hi << 4) | (lo >> 28);
lo = (lo << 4) | (id[i] & 0xf); //get last 4 bits
} }
PrintAndLogEx(SUCCESS, "Simulating HID tag with ID: " _GREEN_("%x%08x"), hi, lo); }
hi2 = 0;
if (raw_len == 0) {
PrintAndLogEx(INFO, "Simulating HID tag");
HIDTryUnpack(&packed, false);
} else {
PrintAndLogEx(INFO, "Simulating HID tag using raw " _GREEN_("%s"), raw);
} }
PrintAndLogEx(INFO, "Press pm3-button to abort simulation"); PrintAndLogEx(INFO, "Press pm3-button to abort simulation");
payload.hi2 = hi2; lf_hidsim_t payload;
payload.hi = hi; payload.hi2 = packed.Top;
payload.lo = lo; payload.hi = packed.Mid;
payload.lo = packed.Bot;
payload.longFMT = (packed.Mid > 0xFFF);
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_HID_SIMULATE, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_LF_HID_SIMULATE, (uint8_t *)&payload, sizeof(payload));
@ -255,6 +274,7 @@ static int CmdHIDSim(const char *Cmd) {
PrintAndLogEx(INFO, "Done"); PrintAndLogEx(INFO, "Done");
if (resp.status != PM3_EOPABORTED) if (resp.status != PM3_EOPABORTED)
return resp.status; return resp.status;
return PM3_SUCCESS; return PM3_SUCCESS;
} }

6
doc/cheatsheet.md
View file

@ -370,12 +370,14 @@ pm3 --> lf hid demod
Simulate Prox card Simulate Prox card
``` ```
pm3 --> lf hid sim 200670012d pm3 --> lf hid sim -r 200670012d
pm3 --> lf hid sim -w H10301 --fc 10 --cn 1337
``` ```
Clone Prox to T5577 card Clone Prox to T5577 card
``` ```
pm3 --> lf hid clone 200670012d pm3 --> lf hid clone -r 200670012d
pm3 --> lf hid clone -w H10301 --fc 10 --cn 1337
``` ```
Brute force HID reader Brute force HID reader