From 64068ba4303e218505e630506b2f66ed7e042122 Mon Sep 17 00:00:00 2001 From: dxl <64101226@qq.com> Date: Fri, 3 Jul 2020 16:46:40 +0800 Subject: [PATCH 01/27] android adapt changed. --- client/android/CMakeLists.txt | 225 +++++++++++++++++++--------------- client/android/pm3_main.c | 62 +++++----- 2 files changed, 157 insertions(+), 130 deletions(-) diff --git a/client/android/CMakeLists.txt b/client/android/CMakeLists.txt index 11da2f5e4..cc827d143 100644 --- a/client/android/CMakeLists.txt +++ b/client/android/CMakeLists.txt @@ -1,12 +1,6 @@ # version cmake_minimum_required(VERSION 3.4.1) -# We are build on android platform, so we need add def "ANDROID" -# NDK version for SDK 19 doesn't implement the whole C++11 standard in the STL. -# see: https://stackoverflow.com/questions/44736135/ndk-clang-error-undefined-reference-to-localeconv -# so we need add def getlocaledecpoint()='.' -add_definitions(-DANDROID -D"getlocaledecpoint\(\)='.'") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3 -fvisibility=hidden -w") # Root path into client @@ -14,138 +8,170 @@ set(PM3_ROOT ../../) add_subdirectory(../deps deps) +# Build zlib deps at external +if (CMAKE_MAKE_PROGRAM MATCHES ".*ninja.*") + set(BZIP2_INCLUDE_DIRS ${BZIP2_ROOT}) + set(BZIP2_LIBRARIES pm3rrg_rdv4_bzip2) + find_library(pm3rrg_rdv4_bzip2 REQUIRED) +elseif (UNIX) # Cross compile at Unix Makefile System. + # bzip2 dep. + include(ExternalProject) + set(CFLAGS_EXTERNAL_LIB "CFLAGS=--target=${CMAKE_C_COMPILER_TARGET} -w") + set(BZIP2_BUILD_DIR ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2) + ExternalProject_Add(bzip2 + GIT_REPOSITORY https://android.googlesource.com/platform/external/bzip2 + GIT_TAG platform-tools-30.0.2 + PREFIX deps/bzip2 + #SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/deps/bzip2 + CONFIGURE_COMMAND mkdir -p ${BZIP2_BUILD_DIR} && git archive --format tar HEAD | tar -C ${BZIP2_BUILD_DIR} -x + BUILD_IN_SOURCE ON + BUILD_COMMAND make -C ${BZIP2_BUILD_DIR} -j4 CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} libbz2.a + INSTALL_COMMAND "" + LOG_DOWNLOAD ON + ) + ExternalProject_Add_StepTargets(bzip2 configure build install) + set(BZIP2_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2) + set(BZIP2_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2/libbz2.a) +else () + message(ERROR "Please implement your BZIP2 import.") +endif () + # client resources add_library(pm3rrg_rdv4 SHARED + ${PM3_ROOT}/common/commonutil.c ${PM3_ROOT}/common/util_posix.c + ${PM3_ROOT}/common/parity.c + ${PM3_ROOT}/common/bucketsort.c ${PM3_ROOT}/common/crapto1/crapto1.c ${PM3_ROOT}/common/crapto1/crypto1.c ${PM3_ROOT}/common/crc.c ${PM3_ROOT}/common/crc16.c ${PM3_ROOT}/common/crc32.c ${PM3_ROOT}/common/crc64.c - ${PM3_ROOT}/common/cardhelper.c - ${PM3_ROOT}/common/parity.c - ${PM3_ROOT}/common/commonutil.c - ${PM3_ROOT}/common/generator.c ${PM3_ROOT}/common/lfdemod.c - ${PM3_ROOT}/common/iso15693tools.c - ${PM3_ROOT}/common/bucketsort.c ${PM3_ROOT}/common/legic_prng.c - # client inside - ${PM3_ROOT}/client/src/fileutils.c - ${PM3_ROOT}/client/src/uart/uart_posix.c - ${PM3_ROOT}/client/src/loclass/cipherutils.c - ${PM3_ROOT}/client/src/loclass/cipher.c - ${PM3_ROOT}/client/src/loclass/ikeys.c - ${PM3_ROOT}/client/src/loclass/elite_crack.c - ${PM3_ROOT}/client/src/emv/emvcore.c + ${PM3_ROOT}/common/iso15693tools.c + ${PM3_ROOT}/common/cardhelper.c + ${PM3_ROOT}/common/generator.c + ${PM3_ROOT}/client/src/crypto/asn1dump.c + ${PM3_ROOT}/client/src/crypto/asn1utils.c + ${PM3_ROOT}/client/src/crypto/libpcrypto.c + ${PM3_ROOT}/client/src/emv/test/cda_test.c + ${PM3_ROOT}/client/src/emv/test/crypto_test.c + ${PM3_ROOT}/client/src/emv/test/cryptotest.c + ${PM3_ROOT}/client/src/emv/test/dda_test.c + ${PM3_ROOT}/client/src/emv/test/sda_test.c + ${PM3_ROOT}/client/src/emv/apduinfo.c ${PM3_ROOT}/client/src/emv/cmdemv.c - ${PM3_ROOT}/client/src/emv/tlv.c - ${PM3_ROOT}/client/src/emv/dol.c - ${PM3_ROOT}/client/src/emv/emv_tags.c - ${PM3_ROOT}/client/src/emv/emv_roca.c - ${PM3_ROOT}/client/src/emv/dump.c - ${PM3_ROOT}/client/src/emv/crypto_polarssl.c ${PM3_ROOT}/client/src/emv/crypto.c + ${PM3_ROOT}/client/src/emv/crypto_polarssl.c + ${PM3_ROOT}/client/src/emv/dol.c + ${PM3_ROOT}/client/src/emv/dump.c ${PM3_ROOT}/client/src/emv/emv_pk.c ${PM3_ROOT}/client/src/emv/emv_pki.c + ${PM3_ROOT}/client/src/emv/emv_pki_priv.c + ${PM3_ROOT}/client/src/emv/emv_roca.c + ${PM3_ROOT}/client/src/emv/emv_tags.c + ${PM3_ROOT}/client/src/emv/emvcore.c ${PM3_ROOT}/client/src/emv/emvjson.c - ${PM3_ROOT}/client/src/emv/apduinfo.c - ${PM3_ROOT}/client/src/emv/test/cryptotest.c - ${PM3_ROOT}/client/src/emv/test/sda_test.c - ${PM3_ROOT}/client/src/emv/test/dda_test.c - ${PM3_ROOT}/client/src/emv/test/cda_test.c - ${PM3_ROOT}/client/src/emv/test/crypto_test.c - ${PM3_ROOT}/client/src/emv/test/cryptotest.c - ${PM3_ROOT}/client/src/emv/test/sda_test.c - ${PM3_ROOT}/client/src/emv/test/dda_test.c - ${PM3_ROOT}/client/src/emv/test/cda_test.c - ${PM3_ROOT}/client/src/emv/test/crypto_test.c - ${PM3_ROOT}/client/src/crypto/libpcrypto.c - ${PM3_ROOT}/client/src/crypto/asn1utils.c - ${PM3_ROOT}/client/src/crypto/asn1dump.c + ${PM3_ROOT}/client/src/emv/tlv.c + ${PM3_ROOT}/client/src/fido/additional_ca.c + ${PM3_ROOT}/client/src/fido/cbortools.c + ${PM3_ROOT}/client/src/fido/cose.c + ${PM3_ROOT}/client/src/fido/fidocore.c + ${PM3_ROOT}/client/src/loclass/cipher.c + ${PM3_ROOT}/client/src/loclass/cipherutils.c + ${PM3_ROOT}/client/src/loclass/elite_crack.c + ${PM3_ROOT}/client/src/loclass/hash1_brute.c + ${PM3_ROOT}/client/src/loclass/ikeys.c ${PM3_ROOT}/client/src/mifare/mad.c ${PM3_ROOT}/client/src/mifare/mfkey.c ${PM3_ROOT}/client/src/mifare/mifare4.c + ${PM3_ROOT}/client/src/mifare/mifaredefault.c ${PM3_ROOT}/client/src/mifare/mifarehost.c ${PM3_ROOT}/client/src/mifare/ndef.c ${PM3_ROOT}/client/src/mifare/desfire_crypto.c - ${PM3_ROOT}/client/src/mifare/mifaredefault.c - ${PM3_ROOT}/client/src/fido/cose.c - ${PM3_ROOT}/client/src/fido/fidocore.c - ${PM3_ROOT}/client/src/fido/cbortools.c - ${PM3_ROOT}/client/src/fido/additional_ca.c - ${PM3_ROOT}/client/src/preferences.c - ${PM3_ROOT}/client/src/graph.c - ${PM3_ROOT}/client/src/ui.c - ${PM3_ROOT}/client/src/tea.c - ${PM3_ROOT}/client/src/util.c - ${PM3_ROOT}/client/src/comms.c - ${PM3_ROOT}/client/src/cmdcrc.c - ${PM3_ROOT}/client/src/cmdanalyse.c - ${PM3_ROOT}/client/src/cmddata.c - ${PM3_ROOT}/client/src/cmdtrace.c - ${PM3_ROOT}/client/src/cmdhf.c - ${PM3_ROOT}/client/src/cmdhflto.c + ${PM3_ROOT}/client/src/uart/uart_posix.c + ${PM3_ROOT}/client/src/uart/uart_win32.c + ${PM3_ROOT}/client/src/ui/overlays.ui ${PM3_ROOT}/client/src/aidsearch.c + ${PM3_ROOT}/client/src/cmdanalyse.c + ${PM3_ROOT}/client/src/cmdcrc.c + ${PM3_ROOT}/client/src/cmddata.c + ${PM3_ROOT}/client/src/cmdflashmem.c + ${PM3_ROOT}/client/src/cmdflashmemspiffs.c + ${PM3_ROOT}/client/src/cmdhf.c ${PM3_ROOT}/client/src/cmdhf14a.c ${PM3_ROOT}/client/src/cmdhf14b.c - ${PM3_ROOT}/client/src/cmdwiegand.c - ${PM3_ROOT}/client/src/wiegand_formatutils.c - ${PM3_ROOT}/client/src/wiegand_formats.c - ${PM3_ROOT}/client/src/cmdlfmotorola.c - ${PM3_ROOT}/client/src/cmdlfgallagher.c ${PM3_ROOT}/client/src/cmdhf15.c + ${PM3_ROOT}/client/src/cmdhfcryptorf.c ${PM3_ROOT}/client/src/cmdhfepa.c - ${PM3_ROOT}/client/src/cmdhflegic.c - ${PM3_ROOT}/client/src/cmdhfthinfilm.c - ${PM3_ROOT}/client/src/cmdflashmemspiffs.c ${PM3_ROOT}/client/src/cmdhffelica.c + ${PM3_ROOT}/client/src/cmdhffido.c ${PM3_ROOT}/client/src/cmdhficlass.c + ${PM3_ROOT}/client/src/cmdhflegic.c ${PM3_ROOT}/client/src/cmdhflist.c + ${PM3_ROOT}/client/src/cmdhflto.c ${PM3_ROOT}/client/src/cmdhfmf.c ${PM3_ROOT}/client/src/cmdhfmfdes.c - ${PM3_ROOT}/client/src/cmdhfmfu.c + ${PM3_ROOT}/client/src/cmdhfmfhard.c ${PM3_ROOT}/client/src/cmdhfmfp.c - ${PM3_ROOT}/client/src/cmdhffido.c + ${PM3_ROOT}/client/src/cmdhfmfu.c + ${PM3_ROOT}/client/src/cmdhfthinfilm.c ${PM3_ROOT}/client/src/cmdhftopaz.c ${PM3_ROOT}/client/src/cmdhw.c ${PM3_ROOT}/client/src/cmdlf.c - ${PM3_ROOT}/client/src/cmdlfkeri.c - ${PM3_ROOT}/client/src/cmdlffdx.c - ${PM3_ROOT}/client/src/cmdlfio.c - ${PM3_ROOT}/client/src/cmdlfem4x.c - ${PM3_ROOT}/client/src/cmdlfhid.c - ${PM3_ROOT}/client/src/cmdlfnedap.c - ${PM3_ROOT}/client/src/cmdlfguard.c - ${PM3_ROOT}/client/src/cmdlfhitag.c - ${PM3_ROOT}/client/src/cmdlfjablotron.c - ${PM3_ROOT}/client/src/cmdsmartcard.c - ${PM3_ROOT}/client/src/cmdlfti.c - ${PM3_ROOT}/client/src/cmdlfpac.c - ${PM3_ROOT}/client/src/cmdlfnoralsy.c - ${PM3_ROOT}/client/src/cmdlfnexwatch.c - ${PM3_ROOT}/client/src/cmdlfpresco.c - ${PM3_ROOT}/client/src/cmdlfindala.c - ${PM3_ROOT}/client/src/cmdlfviking.c - ${PM3_ROOT}/client/src/cmdlfsecurakey.c - ${PM3_ROOT}/client/src/cmdlfpyramid.c - ${PM3_ROOT}/client/src/cmdlfparadox.c - ${PM3_ROOT}/client/src/cmdlfcotag.c ${PM3_ROOT}/client/src/cmdlfawid.c - ${PM3_ROOT}/client/src/cmdparser.c - ${PM3_ROOT}/client/src/cmdscript.c + ${PM3_ROOT}/client/src/cmdlfcotag.c + ${PM3_ROOT}/client/src/cmdlfem4x.c + ${PM3_ROOT}/client/src/cmdlfem4x50.c + ${PM3_ROOT}/client/src/cmdlffdx.c + ${PM3_ROOT}/client/src/cmdlfgallagher.c + ${PM3_ROOT}/client/src/cmdlfguard.c + ${PM3_ROOT}/client/src/cmdlfhid.c + ${PM3_ROOT}/client/src/cmdlfhitag.c + ${PM3_ROOT}/client/src/cmdlfindala.c + ${PM3_ROOT}/client/src/cmdlfio.c + ${PM3_ROOT}/client/src/cmdlfjablotron.c + ${PM3_ROOT}/client/src/cmdlfkeri.c + ${PM3_ROOT}/client/src/cmdlfmotorola.c + ${PM3_ROOT}/client/src/cmdlfnedap.c + ${PM3_ROOT}/client/src/cmdlfnexwatch.c + ${PM3_ROOT}/client/src/cmdlfnoralsy.c + ${PM3_ROOT}/client/src/cmdlfpac.c + ${PM3_ROOT}/client/src/cmdlfparadox.c + ${PM3_ROOT}/client/src/cmdlfpcf7931.c + ${PM3_ROOT}/client/src/cmdlfpresco.c + ${PM3_ROOT}/client/src/cmdlfpyramid.c + ${PM3_ROOT}/client/src/cmdlfsecurakey.c + ${PM3_ROOT}/client/src/cmdlft55xx.c + ${PM3_ROOT}/client/src/cmdlfti.c + ${PM3_ROOT}/client/src/cmdlfverichip.c + ${PM3_ROOT}/client/src/cmdlfviking.c ${PM3_ROOT}/client/src/cmdlfvisa2000.c ${PM3_ROOT}/client/src/cmdmain.c - ${PM3_ROOT}/client/src/cmdflashmem.c - ${PM3_ROOT}/client/src/scripting.c + ${PM3_ROOT}/client/src/cmdparser.c + ${PM3_ROOT}/client/src/cmdscript.c + ${PM3_ROOT}/client/src/cmdsmartcard.c + ${PM3_ROOT}/client/src/cmdtrace.c + ${PM3_ROOT}/client/src/cmdusart.c + ${PM3_ROOT}/client/src/cmdwiegand.c + ${PM3_ROOT}/client/src/comms.c + ${PM3_ROOT}/client/src/fileutils.c + ${PM3_ROOT}/client/src/flash.c + ${PM3_ROOT}/client/src/graph.c + ${PM3_ROOT}/client/src/jansson_path.c + ${PM3_ROOT}/client/src/preferences.c ${PM3_ROOT}/client/src/pm3_binlib.c ${PM3_ROOT}/client/src/pm3_bitlib.c - ${PM3_ROOT}/client/src/cmdlft55xx.c - ${PM3_ROOT}/client/src/cmdlfpcf7931.c - ${PM3_ROOT}/client/src/cmdhfmfhard.c - ${PM3_ROOT}/client/src/cmdusart.c - ${PM3_ROOT}/client/src/jansson_path.c + ${PM3_ROOT}/client/src/prng.c + ${PM3_ROOT}/client/src/scandir.c + ${PM3_ROOT}/client/src/scripting.c + ${PM3_ROOT}/client/src/tea.c + ${PM3_ROOT}/client/src/ui.c + ${PM3_ROOT}/client/src/util.c + ${PM3_ROOT}/client/src/wiegand_formats.c + ${PM3_ROOT}/client/src/wiegand_formatutils.c # android resources jni_tools.c pm3_main.c @@ -154,6 +180,7 @@ add_library(pm3rrg_rdv4 SHARED # includes target_include_directories(pm3rrg_rdv4 PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} + ${BZIP2_INCLUDE_DIRS} ${PM3_ROOT}/include/ ${PM3_ROOT}/common ${PM3_ROOT}/common_fpga @@ -169,7 +196,7 @@ find_library(pm3rrg_rdv4_hardnested REQUIRED) find_library(pm3rrg_rdv4_whereami REQUIRED) target_link_libraries(pm3rrg_rdv4 - bz2 + ${BZIP2_LIBRARIES} pm3rrg_rdv4_hardnested pm3rrg_rdv4_mbedtls pm3rrg_rdv4_cliparser @@ -180,4 +207,4 @@ target_link_libraries(pm3rrg_rdv4 pm3rrg_rdv4_reveng pm3rrg_rdv4_whereami android - log) + log) \ No newline at end of file diff --git a/client/android/pm3_main.c b/client/android/pm3_main.c index af45725cd..fc4e0b2dc 100644 --- a/client/android/pm3_main.c +++ b/client/android/pm3_main.c @@ -28,26 +28,18 @@ #include "jni_tools.h" //iceman, todo: proxify socker server name. Maybe set in preferences? +// DXL reply, todo: +// Is a good idea, we can move this def to preferences, but not now. +// Because libpm3rrg_rdv4.so cant load preferences. +// I will impl a function to load preferences at future. #define PM3_LOCAL_SOCKET_SERVER "DXL.COM.ASL" -void ShowGraphWindow(void) { -} - -void HideGraphWindow(void) { -} - -void RepaintGraphWindow(void) { -} - -int push_cmdscriptfile(char *path, bool stayafter) { - return PM3_SUCCESS; -} - static char *g_android_executable_directory = NULL; -static const char *g_android_user_directory = NULL; +static char *g_android_user_directory = NULL; -const char *get_executable_directory(void) { +char version_information[] = {"ANDROID_LIBRARY 1.4.6 build by DXL"}; +const char *get_my_executable_directory(void) { if (g_android_executable_directory == NULL) { char buf[FILE_PATH_SIZE] = {0}; getcwd(buf, sizeof(buf)); @@ -57,14 +49,20 @@ const char *get_executable_directory(void) { return g_android_executable_directory; } -const char *get_user_directory(void) { +const char *get_my_user_directory(void) { return g_android_user_directory; } +void ShowGraphWindow(void) {} + +void HideGraphWindow(void) {} + +void RepaintGraphWindow(void) {} + +int push_cmdscriptfile(char *path, bool stayafter) { return PM3_SUCCESS; } + static bool OpenPm3(void) { - if (conn.run) { - return true; - } + if (conn.run) { return true; } // Open with LocalSocket. Not a tcp connection! bool ret = OpenProxmark("socket:"PM3_LOCAL_SOCKET_SERVER, false, 1000, false, 115200); return ret; @@ -88,7 +86,7 @@ jint Console(JNIEnv *env, jobject instance, jstring cmd_) { PrintAndLogEx(NORMAL, ""); - char *cmd = (char *)((*env)->GetStringUTFChars(env, cmd_, 0)); + char *cmd = (char *) ((*env)->GetStringUTFChars(env, cmd_, 0)); int ret = CommandReceived(cmd); if (ret == 99) { // exit / quit @@ -104,11 +102,11 @@ jint Console(JNIEnv *env, jobject instance, jstring cmd_) { * Is client running! * */ jboolean IsClientRunning(JNIEnv *env, jobject instance) { - return (jboolean)((jboolean) conn.run); + return (jboolean) ((jboolean) conn.run); } /* - * test hw and hw and client. + * test hw and fw and client. * */ jboolean TestPm3(JNIEnv *env, jobject instance) { if (open() == false) { @@ -116,7 +114,7 @@ jboolean TestPm3(JNIEnv *env, jobject instance) { return false; } bool ret = (TestProxmark() == PM3_SUCCESS); - return (jboolean)(ret); + return (jboolean) (ret); } /* @@ -143,25 +141,27 @@ JNIEXPORT jint JNI_OnLoad(JavaVM *vm, void *reserved) { } jclass clz_test = (*jniEnv)->FindClass(jniEnv, "cn/rrg/devices/Proxmark3RRGRdv4"); JNINativeMethod methods[] = { - {"startExecute", "(Ljava/lang/String;)I", (void *) Console}, - {"stopExecute", "()V", (void *) ClosePm3}, - {"isExecuting", "()Z", (void *) IsClientRunning} + {"startExecute", "(Ljava/lang/String;)I", (void *) Console}, + {"stopExecute", "()V", (void *) ClosePm3}, + {"isExecuting", "()Z", (void *) IsClientRunning} }; JNINativeMethod methods1[] = { - {"testPm3", "()Z", (void *) TestPm3}, - {"closePm3", "()V", ClosePm3} + {"testPm3", "()Z", (void *) TestPm3}, + {"closePm3", "()V", ClosePm3} }; - if ((*jniEnv)->RegisterNatives(jniEnv, clazz, methods, sizeof(methods) / sizeof(methods[0])) != JNI_OK) { + if ((*jniEnv)->RegisterNatives(jniEnv, clazz, methods, sizeof(methods) / sizeof(methods[0])) != + JNI_OK) { return -1; } - if ((*jniEnv)->RegisterNatives(jniEnv, clz_test, methods1, sizeof(methods1) / sizeof(methods1[0])) != JNI_OK) { + if ((*jniEnv)->RegisterNatives(jniEnv, clz_test, methods1, + sizeof(methods1) / sizeof(methods1[0])) != JNI_OK) { return -1; } (*jniEnv)->DeleteLocalRef(jniEnv, clazz); (*jniEnv)->DeleteLocalRef(jniEnv, clz_test); return JNI_VERSION_1_4; -} +} \ No newline at end of file From 9d204897d182b42cc29a26518b3314211e76d56b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jul 2020 05:41:44 +0200 Subject: [PATCH 02/27] fix #830 - 'lf em 4x50_info/read' - now print msb and lsb again. --- client/src/cmdlfem4x.c | 5 +- client/src/cmdlfem4x50.c | 239 +++++++++++++++++++++++++-------------- client/src/cmdlfem4x50.h | 7 +- 3 files changed, 156 insertions(+), 95 deletions(-) diff --git a/client/src/cmdlfem4x.c b/client/src/cmdlfem4x.c index 8fbb0e509..8031ab20d 100644 --- a/client/src/cmdlfem4x.c +++ b/client/src/cmdlfem4x.c @@ -128,7 +128,7 @@ static int usage_lf_em4x05_dump(void) { PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf em 4x05_dump"); PrintAndLogEx(NORMAL, " lf em 4x05_dump 11223344"); - PrintAndLogEx(NORMAL, " lf em 4x50_dump f card1 11223344"); + PrintAndLogEx(NORMAL, " lf em 4x05_dump f card1 11223344"); return PM3_SUCCESS; } static int usage_lf_em4x05_wipe(void) { @@ -1395,7 +1395,8 @@ static command_t CommandTable[] = { {"4x05_read", CmdEM4x05Read, IfPm3Lf, "read word data from EM4x05/EM4x69"}, {"4x05_write", CmdEM4x05Write, IfPm3Lf, "write word data to EM4x05/EM4x69"}, {"----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("EM 4x50") " -----------------------"}, - {"4x50_info", CmdEM4x50Info, IfPm3EM4x50, "read complete data from EM4x50"}, + {"4x50_dump", CmdEM4x50Dump, IfPm3EM4x50, "dump EM4x50 tag"}, + {"4x50_info", CmdEM4x50Info, IfPm3EM4x50, "tag information EM4x50"}, {"4x50_write", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"}, {"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"}, {"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"}, diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index dad399a36..1009f3bb6 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -15,7 +15,7 @@ #include "commonutil.h" #include "em4x50.h" -int usage_lf_em4x50_info(void) { +static int usage_lf_em4x50_info(void) { PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna."); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_info [h] [v] [p ]"); @@ -30,7 +30,7 @@ int usage_lf_em4x50_info(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -int usage_lf_em4x50_write(void) { +static int usage_lf_em4x50_write(void) { PrintAndLogEx(NORMAL, "Write EM4x50 word. Tag must be on antenna. "); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] [a
] [w ]"); @@ -44,7 +44,7 @@ int usage_lf_em4x50_write(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -int usage_lf_em4x50_write_password(void) { +static int usage_lf_em4x50_write_password(void) { PrintAndLogEx(NORMAL, "Write EM4x50 password. Tag must be on antenna. "); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write_password [h] [p ] [n ]"); @@ -57,8 +57,8 @@ int usage_lf_em4x50_write_password(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -int usage_lf_em4x50_read(void) { - PrintAndLogEx(NORMAL, "Read EM4x50 word(s). Tag must be on antenna. "); +static int usage_lf_em4x50_read(void) { + PrintAndLogEx(NORMAL, "Read EM4x50 word(s). Tag must be on antenna."); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_read [h] [a
] [p ]"); PrintAndLogEx(NORMAL, "Options:"); @@ -71,6 +71,20 @@ int usage_lf_em4x50_read(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } +static int usage_lf_em4x50_dump(void) { + PrintAndLogEx(NORMAL, "Dump EM4x50 tag. Tag must be on antenna."); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_dump [h] [f ] [p ]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, " f - overide filename prefix (optional). Default is based on UID"); + PrintAndLogEx(NORMAL, " p - password (hex) (optional)"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump p 11223344")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump f card_nnn p 11223344")); + return PM3_SUCCESS; +} static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) { @@ -128,46 +142,52 @@ static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t } } -static void print_result(const em4x50_word_t *words, int fwr, int lwr, bool verbose) { +static void print_result(const em4x50_word_t *words, int fwr, int lwr) { // print available information for given word from fwr to lwr, i.e. // bit table + summary lines with hex notation of word (msb + lsb) - char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0}; + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, " # | word (msb) | word (lsb) | desc"); + PrintAndLogEx(INFO, "----+-------------+-------------+--------------------"); for (int i = fwr; i <= lwr; i++) { - if (verbose) { - - // final result - string[0] = '\0'; - sprintf(pstring, "\n word[%i] msb: " _GREEN_("0x"), i); - strcat(string, pstring); - - for (int j = 0; j < 4; j++) { - sprintf(pstring, _GREEN_("%02x"), words[i].byte[j]); - strcat(string, pstring); - } - - sprintf(pstring, "\n word[%i] lsb: 0x", i); - strcat(string, pstring); - - for (int j = 0; j < 4; j++) { - sprintf(pstring, "%02x", reflect8(words[i].byte[3-j])); - strcat(string, pstring); - } - } else { - string[0] = '\0'; - sprintf(pstring, "[" _GREEN_("+") "] word[%i]: " _YELLOW_("0x"), i); - strcat(string, pstring); - - for (int j = 0; j < 4; j++) { - sprintf(pstring, _YELLOW_("%02x"), words[i].byte[j]); - strcat(string, pstring); - } + char s[50] = {0}; + switch(i) { + case EM4X50_DEVICE_PASSWORD: + sprintf(s, _YELLOW_("password, write only")); + break; + case EM4X50_PROTECTION: + sprintf(s, _YELLOW_("protection cfg (locked)")); + break; + case EM4X50_CONTROL: + sprintf(s, _YELLOW_("control cfg (locked)")); + break; + case EM4X50_DEVICE_SERIAL: + sprintf(s, _YELLOW_("device serial number (read only)")); + break; + case EM4X50_DEVICE_ID: + sprintf(s, _YELLOW_("device identification (read only)")); + break; + default: + sprintf(s, "user data"); + break; } - PrintAndLogEx(INFO, string); + + char r[30] = {0}; + for (int j = 3; j >= 0; j--) { + sprintf(r + strlen(r), "%02x ", reflect8(words[i].byte[j])); + } + + PrintAndLogEx(INFO, " %2i | " _GREEN_("%s") "| %s| %s", + i, + sprint_hex(words[i].byte, 4), + r, + s + ); } + PrintAndLogEx(INFO, "----+-------------+-------------+--------------------"); } static void print_info_result(uint8_t *data, bool verbose) { @@ -193,43 +213,8 @@ static void print_info_result(uint8_t *data, bool verbose) { // data section PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, _YELLOW_("EM4x50 data:")); - - if (verbose) { - print_result(words, 0, EM4X50_NO_WORDS - 1, true); - } else { - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "idx | word | desc"); - PrintAndLogEx(INFO, "----+-------------+----------------------------------"); - - // condensed data section - for (int i = 0; i < EM4X50_NO_WORDS; i++) { - char s[50] = {0}; - switch(i) { - case EM4X50_DEVICE_PASSWORD: - sprintf(s, _YELLOW_("password, write only")); - break; - case EM4X50_PROTECTION: - sprintf(s, _YELLOW_("protection cfg (locked)")); - break; - case EM4X50_CONTROL: - sprintf(s, _YELLOW_("control cfg (locked)")); - break; - case EM4X50_DEVICE_SERIAL: - sprintf(s, _YELLOW_("device serial number (read only)")); - break; - case EM4X50_DEVICE_ID: - sprintf(s, _YELLOW_("device identification (read only)")); - break; - default: - sprintf(s, "user data"); - break; - } - PrintAndLogEx(INFO, " %2i | %s| %s", i, sprint_hex(words[i].byte, 4), s); - } - } - PrintAndLogEx(INFO, "----+-------------+----------------------------------"); - + print_result(words, 0, EM4X50_NO_WORDS - 1); + // configuration section PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "---- " _CYAN_("Configuration") " ----"); @@ -416,7 +401,7 @@ int CmdEM4x50Write(const char *Cmd) { em4x50_word_t words[EM4X50_NO_WORDS]; prepare_result(data, etd.address, etd.address, words); - print_result(words, etd.address, etd.address, true); + print_result(words, etd.address, etd.address); PrintAndLogEx(SUCCESS, "Successfully wrote to tag"); PrintAndLogEx(HINT, "Try `" _YELLOW_("lf em 4x50_read a %u") "` - to read your data", etd.address); return PM3_SUCCESS; @@ -553,9 +538,7 @@ int em4x50_read(em4x50_data_t *etd, em4x50_word_t *out, bool verbose) { memcpy(out, &words, sizeof(em4x50_word_t) * EM4X50_NO_WORDS); } - if (verbose) { - print_result(words, etd->address, etd->address, true); - } + print_result(words, etd->address, etd->address); return PM3_SUCCESS; } @@ -573,15 +556,6 @@ int CmdEM4x50Read(const char *Cmd) { case 'h': { return usage_lf_em4x50_read(); } - case 'p': { - if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) { - PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n"); - return PM3_EINVARG; - } - etd.pwd_given = true; - cmdp += 2; - break; - } case 'a': { param_getdec(Cmd, cmdp + 1, &etd.address); @@ -594,6 +568,15 @@ int CmdEM4x50Read(const char *Cmd) { cmdp += 2; break; } + case 'p': { + if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) { + PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + etd.pwd_given = true; + cmdp += 2; + break; + } default: { PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); errors = true; @@ -602,8 +585,90 @@ int CmdEM4x50Read(const char *Cmd) { } } - if (errors) + if (errors || strlen(Cmd) == 0 || etd.addr_given == false) return usage_lf_em4x50_read(); return em4x50_read(&etd, NULL, true); } + +int CmdEM4x50Dump(const char *Cmd) { + + em4x50_data_t etd; + etd.pwd_given = false; + etd.addr_given = false; + + char filename[FILE_PATH_SIZE] = {0x00}; + char *fptr = filename; + + bool errors = false; + uint8_t cmdp = 0; + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_em4x50_dump(); + break; + case 'f': + param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE); + cmdp += 2; + break; + case 'p': { + if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) { + PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + etd.pwd_given = true; + cmdp += 2; + break; + } + default: + PrintAndLogEx(WARNING, " Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + }; + } + + // validation + if (errors) + return usage_lf_em4x50_dump(); + + PrintAndLogEx(INFO, "reading EM4x50 tag"); + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM4X50_INFO, (uint8_t *)&etd, sizeof(etd)); + PacketResponseNG resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + return PM3_ETIMEOUT; + } + + bool success = (resp.status & STATUS_SUCCESS) >> 1; + if (success == false) { + PrintAndLogEx(FAILED, "reading tag " _RED_("failed")); + return PM3_ESOFT; + } + + // structured format + em4x50_word_t words[EM4X50_NO_WORDS]; + prepare_result(resp.data.asBytes, 0, EM4X50_NO_WORDS - 1, words); + + PrintAndLogEx(INFO, _YELLOW_("EM4x50 data:")); + print_result(words, 0, EM4X50_NO_WORDS - 1); + + // user supplied filename? + if (strlen(filename) == 0) { + PrintAndLogEx(INFO, "Using UID as filename"); + fptr += sprintf(fptr, "lf-4x50-"); + FillFileNameByUID(fptr, words[EM4X50_DEVICE_SERIAL].byte, "-dump", 4); + } + + uint8_t data[EM4X50_NO_WORDS * 4] = {0}; + for (int i=0; i < EM4X50_NO_WORDS; i++) { + memcpy(data + (i*4), words[i].byte, 4); + } + + // saveFileEML will add .eml extension to filename + // saveFile (binary) passes in the .bin extension. + saveFileEML(filename, data, sizeof(data), 4); + saveFile(filename, ".bin", data, sizeof(data)); + //saveFileJSON... + return PM3_SUCCESS; +} diff --git a/client/src/cmdlfem4x50.h b/client/src/cmdlfem4x50.h index e426fd460..4519abbb4 100644 --- a/client/src/cmdlfem4x50.h +++ b/client/src/cmdlfem4x50.h @@ -14,11 +14,6 @@ #include"common.h" #include "em4x50.h" -int usage_lf_em4x50_info(void); -int usage_lf_em4x50_write(void); -int usage_lf_em4x50_write_password(void); -int usage_lf_em4x50_read(void); - int read_em4x50_uid(void); bool detect_4x50_block(void); int em4x50_read(em4x50_data_t *etd, em4x50_word_t *out, bool verbose); @@ -27,5 +22,5 @@ int CmdEM4x50Info(const char *Cmd); int CmdEM4x50Write(const char *Cmd); int CmdEM4x50WritePassword(const char *Cmd); int CmdEM4x50Read(const char *Cmd); - +int CmdEM4x50Dump(const char *Cmd); #endif From 791afef728b402bceaefa6f5af2a720139a62969 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jul 2020 05:42:10 +0200 Subject: [PATCH 03/27] adapt reflect8 fct --- common/commonutil.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/common/commonutil.c b/common/commonutil.c index 14f2d58e5..fc287fe9d 100644 --- a/common/commonutil.c +++ b/common/commonutil.c @@ -60,9 +60,21 @@ uint32_t reflect(uint32_t v, int b) { return v; } +// https://graphics.stanford.edu/~seander/bithacks.html#BitReverseTable + +// Reverse the bits in a byte with 3 operations (64-bit multiply and modulus division): +uint8_t reflect8(uint8_t b) { + return (b * 0x0202020202ULL & 0x010884422010ULL) % 1023; +} + + +// Reverse the bits in a byte with 4 operations (64-bit multiply, no division): +/* uint8_t reflect8(uint8_t b) { return ((b * 0x80200802ULL) & 0x0884422110ULL) * 0x0101010101ULL >> 32; } +*/ + uint16_t reflect16(uint16_t b) { uint16_t v = 0; v |= (b & 0x8000) >> 15; @@ -117,10 +129,13 @@ void lsl(uint8_t *data, size_t len) { data[len - 1] <<= 1; } + +// BSWAP24 of array[3] uint32_t le24toh(uint8_t data[3]) { return (data[2] << 16) | (data[1] << 8) | data[0]; } +// BSWAP24, take u32, output array void htole24(uint32_t val, uint8_t data[3]) { data[0] = (uint8_t) val; data[1] = (uint8_t)(val >> 8); From 7d3cab166980b92ecc519be2627b55fee0e88885 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jul 2020 05:42:43 +0200 Subject: [PATCH 04/27] clean --- client/src/util.c | 9 --------- client/src/util.h | 3 +++ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/client/src/util.c b/client/src/util.c index 80def08ef..808f147f0 100644 --- a/client/src/util.c +++ b/client/src/util.c @@ -791,15 +791,6 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bits) { return tmp; } -/* -uint8_t pw_rev_A(uint8_t b) { - b = (b & 0xF0) >> 4 | (b & 0x0F) << 4; - b = (b & 0xCC) >> 2 | (b & 0x33) << 2; - b = (b & 0xAA) >> 1 | (b & 0x55) << 1; - return b; -} -*/ - uint64_t HornerScheme(uint64_t num, uint64_t divider, uint64_t factor) { uint64_t remaind = 0, quotient = 0, result = 0; remaind = num % divider; diff --git a/client/src/util.h b/client/src/util.h index c15183734..156c3a089 100644 --- a/client/src/util.h +++ b/client/src/util.h @@ -54,9 +54,12 @@ void print_blocks(uint32_t *data, size_t len); int hex_to_bytes(const char *hexValue, uint8_t *bytesValue, size_t maxBytesValueLen); void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest); void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest); + +// Swap endian on arrays up to 64bytes. uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize); void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest); +// parameter helper functions int param_getlength(const char *line, int paramnum); char param_getchar(const char *line, int paramnum); char param_getchar_indx(const char *line, int indx, int paramnum); From 927cd71ed96bafde5b6480613769b5e6e96eb272 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jul 2020 05:43:12 +0200 Subject: [PATCH 05/27] use reflect fct --- client/src/loclass/cipherutils.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/client/src/loclass/cipherutils.c b/client/src/loclass/cipherutils.c index 76415b74f..58875216b 100644 --- a/client/src/loclass/cipherutils.c +++ b/client/src/loclass/cipherutils.c @@ -128,24 +128,17 @@ uint64_t x_bytes_to_num(uint8_t *src, size_t len) { return num; } -uint8_t reversebytes(uint8_t b) { - b = (b & 0xF0) >> 4 | (b & 0x0F) << 4; - b = (b & 0xCC) >> 2 | (b & 0x33) << 2; - b = (b & 0xAA) >> 1 | (b & 0x55) << 1; - return b; -} - void reverse_arraybytes(uint8_t *arr, size_t len) { uint8_t i; for (i = 0; i < len ; i++) { - arr[i] = reversebytes(arr[i]); + arr[i] = reflect8(arr[i]); } } void reverse_arraycopy(uint8_t *arr, uint8_t *dest, size_t len) { uint8_t i; for (i = 0; i < len ; i++) { - dest[i] = reversebytes(arr[i]); + dest[i] = reflect8(arr[i]); } } From ae8be54fca2d29c84ea6cfe3bb228d95cf8ac0f9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jul 2020 05:43:38 +0200 Subject: [PATCH 06/27] clean --- client/src/cmdhfmfhard.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/client/src/cmdhfmfhard.c b/client/src/cmdhfmfhard.c index 15eb15ab0..3d378322e 100644 --- a/client/src/cmdhfmfhard.c +++ b/client/src/cmdhfmfhard.c @@ -1664,14 +1664,6 @@ static inline bool bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_e return true; } -/* -static uint_fast8_t reverse(uint_fast8_t b) { - b = (b & 0xF0) >> 4 | (b & 0x0F) << 4; - b = (b & 0xCC) >> 2 | (b & 0x33) << 2; - b = (b & 0xAA) >> 1 | (b & 0x55) << 1; - return b; -} -*/ static uint_fast8_t reverse(uint_fast8_t b) { return (b * 0x0202020202ULL & 0x010884422010ULL) % 1023; } From 7e5b9297499add47b4a2f2f000bf8d199784e1b8 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jul 2020 05:46:46 +0200 Subject: [PATCH 07/27] updated ignore file --- .gitignore | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4ee047c9e..31f4e1595 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,7 @@ Makefile.platform # cmake client/build/ client/android/build/ +client/deps/bzip2/ # Coverity cov-int/ @@ -77,17 +78,16 @@ fpga/* !fpga/xst_hf.scr !fpga/go.bat !fpga/sim.tcl + # offcial dumps folder dumps/* +traces/* #client/* -# my own traces folder client/traces/* -# my own dumps folder client/dumps/* *.ice *.new -armsrc/TEMP EMV/* tools/mf_nonce_brute/mf_nonce_brute tools/andrew/* tools/jtag_openocd/openocd_configuration From 7811d0a0850add11b2f85a6a5cbc0451a17fa5a5 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 6 Jul 2020 05:48:50 +0200 Subject: [PATCH 08/27] textual --- CHANGELOG.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 416f063b9..a45b7f033 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,11 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] - - Added lf em function: 4x50_sread (@tharexde) - - Added lf em functions: 4x50_info, 4x50_write, 4x50_write_password (@tharexde) + - Added `lf em 4x50_dump` (@iceman1001) + - Added `lf em 4x50_read` (@tharexde) + - Added `lf em 4x50_info` (@tharexde) + - Added `4x50_write` (@tharexde) + - Added `4x50_write_password` (@tharexde) - Fix em4x50 demodulation error (@tharexde) - Fix `hf mfdes` authentification issues, DES working (@bkerler) - Add Android cross-compilation to client cmake (@dxl, @doegox) From ab7c33ecbe0304e768315b75090b6e654a74927f Mon Sep 17 00:00:00 2001 From: Iceman Date: Mon, 6 Jul 2020 14:33:13 +0200 Subject: [PATCH 09/27] Update bt_manual_v10.md --- doc/bt_manual_v10.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/bt_manual_v10.md b/doc/bt_manual_v10.md index e474c0ec7..22db91322 100644 --- a/doc/bt_manual_v10.md +++ b/doc/bt_manual_v10.md @@ -182,8 +182,9 @@ Instead of `aa:bb:cc:dd:ee:ff`, you'll see your MAC address. If you don't have `hcitool`, you can use `bluetoothctl` and `scan on` as shown in next section. 2. Use Proxmark client with Bluetooth MAC address as bt: + ```sh -./proxmark3 bt:aa:bb:cc:dd:ee:ff +./proxmark3 -p bt:aa:bb:cc:dd:ee:ff ``` The first time, your OS will ask you for pairing. The default PIN is 1234. If PIN is not typed in quickly, the client might timeout. Simply @@ -225,7 +226,7 @@ turn on solid. 4. a serial port `/dev/ttyUSB0` will be created, use Proxmark3 client on it ```sh -./proxmark3 /dev/ttyUSB0 +./proxmark3 -p /dev/ttyUSB0 ``` #### 5.2.3 (deprecated) Connecting rdv4.0 with Bluetooth on Linux computer via rfcomm @@ -257,7 +258,7 @@ connection is successful. 4. Use Proxmark client on BT-serial port ```sh -./proxmark3 /dev/rfcomm0 +./proxmark3 -p /dev/rfcomm0 ``` See instructions above (method 1) for initial pairing. @@ -283,7 +284,7 @@ After reboot you can go ahead to pairing your Proxmark3 RDV4 Blue Shark: 8. A serial port like `/dev/tty.PM3_RDV40-DevB` will be created, use Proxmark3 client on it ```sh -./proxmark3 /dev/tty.PM3_RDV40-DevB +./proxmark3 -p /dev/tty.PM3_RDV40-DevB ``` ### 5.4 Android ^[Top](#top) @@ -294,7 +295,7 @@ After reboot you can go ahead to pairing your Proxmark3 RDV4 Blue Shark: 1. Make sure you already followed this tutorial https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/termux_notes.md#setup and have Termux with an running Proxmark3 client ready. You need additional the `cp210x` serial usb driver enabled and working, like the `USB_ACM` driver to communicate wireless. 2. Insert the Bluetooth adapter with an fitting USB-C/Micro-USB converter into your Android USB port and a serial port `/dev/ttyUSB0` will be created. To see if it's working, run `tsudo ls /dev/ttyU*` and it should list `/dev/ttyUSB0`. 3. The adapter will search automatically and establish the connection to BlueShark. The adapter will remember the device that was first connected and after that the same device will be connected. After the connection is established, the blue state LED on add-on will turn on solid. - 4. If you see this, congratulations, you can run your Proxmark3 client in Termux with `tsudo proxmark3/client/proxmark3 /dev/ttyUSB0` + 4. If you see this, congratulations, you can run your Proxmark3 client in Termux with `tsudo proxmark3/client/proxmark3 -p /dev/ttyUSB0` ## 6. OTHER NOTES ^[Top](#top) From fef3a764ae856b806b2231cdf6556ae6f216eb1c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 7 Jul 2020 15:36:51 +0200 Subject: [PATCH 10/27] chg: hf mf decrypt - helptext (thanks @AdamLaurie) --- client/src/cmdhfmf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index c8ab85b14..1b458e6e0 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -307,13 +307,13 @@ static int usage_hf14_decryptbytes(void) { PrintAndLogEx(NORMAL, "Usage: hf mf decrypt [h] "); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h this help"); - PrintAndLogEx(NORMAL, " reader nonce"); + PrintAndLogEx(NORMAL, " tag nonce"); PrintAndLogEx(NORMAL, " encrypted reader response"); PrintAndLogEx(NORMAL, " encrypted tag response"); PrintAndLogEx(NORMAL, " encrypted data, taken directly after at_enc and forward"); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, _YELLOW_(" hf mf decrypt b830049b 9248314a 9280e203 41e586f9")); - PrintAndLogEx(NORMAL, "\n this sample decrypts 41e586f9 -> 3003999a Annotated: 30 03 [99 9a] auth block 3 [crc]"); + PrintAndLogEx(NORMAL, "\n this sample decrypts 41e586f9 -> 3003999a Annotated: 30 03 [99 9a] read block 3 [crc]"); return PM3_SUCCESS; } From aa0baa26c664919b10ef0b161faf02b4184bb84b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 11:09:20 +0200 Subject: [PATCH 11/27] fix: missing define on some mingw --- client/src/proxmark3.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/client/src/proxmark3.c b/client/src/proxmark3.c index e0dafe480..1b790f946 100644 --- a/client/src/proxmark3.c +++ b/client/src/proxmark3.c @@ -727,6 +727,10 @@ static bool DetectWindowsAnsiSupport(void) { RegCloseKey(hKey); } +#ifndef ENABLE_VIRTUAL_TERMINAL_PROCESSING +#define ENABLE_VIRTUAL_TERMINAL_PROCESSING 0x0004 +#endif + HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE); DWORD dwMode = 0; GetConsoleMode(hOut, &dwMode); From b6c7b38ce0e9d8eafb1f5e9e73823bfd74770c27 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 11:11:14 +0200 Subject: [PATCH 12/27] textual --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a45b7f033..ff2f53bfe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fix missing define on proxspace (@mwalker33) - Added `lf em 4x50_dump` (@iceman1001) - Added `lf em 4x50_read` (@tharexde) - Added `lf em 4x50_info` (@tharexde) From 584fe52153b43c04b5ec4bee4bea22ed9bf0d621 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 13:41:38 +0200 Subject: [PATCH 13/27] lf t55 configblock detection updated --- client/Makefile | 1 + client/src/cmdlf.c | 6 +++++- client/src/cmdlft55xx.c | 18 +++++++++++++---- client/src/cmdlft55xx.h | 40 +++++++++++++++++++++++--------------- client/src/cmdlfverichip.c | 15 +++++++------- 5 files changed, 51 insertions(+), 29 deletions(-) diff --git a/client/Makefile b/client/Makefile index a4e8b193d..8943915bb 100644 --- a/client/Makefile +++ b/client/Makefile @@ -461,6 +461,7 @@ SRCS = aidsearch.c \ cmdlfsecurakey.c \ cmdlft55xx.c \ cmdlfti.c \ + cmdlfverichip.c \ cmdlfviking.c \ cmdlfvisa2000.c \ cmdmain.c \ diff --git a/client/src/cmdlf.c b/client/src/cmdlf.c index 389d18dad..eb8c4ce5b 100644 --- a/client/src/cmdlf.c +++ b/client/src/cmdlf.c @@ -55,6 +55,7 @@ #include "cmdlfkeri.h" // for keri menu #include "cmdlfmotorola.h" // for Motorola menu #include "cmdlfgallagher.h" // for GALLAGHER menu +#include "cmdlfverichip.h" // for VERICHIP menu static bool g_lf_threshold_set = false; @@ -1286,6 +1287,8 @@ int CmdLFfind(const char *Cmd) { } } + if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") " found!"); goto out;} + if (demodVerichip() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("VERICHIP ID") " found!"); goto out;} if (demodHID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("HID Prox ID") " found!"); goto out;} if (demodAWID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("AWID ID") " found!"); goto out;} if (demodIOProx() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("IO Prox ID") " found!"); goto out;} @@ -1308,8 +1311,8 @@ int CmdLFfind(const char *Cmd) { if (demodPyramid() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Pyramid ID") " found!"); goto out;} if (demodSecurakey() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Securakey ID") " found!"); goto out;} if (demodViking() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Viking ID") " found!"); goto out;} - if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") " found!"); goto out;} if (demodGallagher() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("GALLAGHER ID") " found!"); goto out;} + // if (demodTI() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Texas Instrument ID") " found!"); goto out;} //if (demodFermax() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Fermax ID") " found!"); goto out;} @@ -1390,6 +1393,7 @@ static command_t CommandTable[] = { {"securakey", CmdLFSecurakey, AlwaysAvailable, "{ Securakey RFIDs... }"}, {"ti", CmdLFTI, AlwaysAvailable, "{ TI CHIPs... }"}, {"t55xx", CmdLFT55XX, AlwaysAvailable, "{ T55xx CHIPs... }"}, + {"verichip", CmdLFVerichip, AlwaysAvailable, "{ VERICHIP RFIDs... }"}, {"viking", CmdLFViking, AlwaysAvailable, "{ Viking RFIDs... }"}, {"visa2000", CmdLFVisa2k, AlwaysAvailable, "{ Visa2000 RFIDs... }"}, {"", CmdHelp, AlwaysAvailable, ""}, diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index b2f048665..5607b52a5 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -2044,11 +2044,12 @@ static void printT5x7KnownBlock0(uint32_t b0) { case T55X7_EM_UNIQUE_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "EM unique, Paxton "); break; + case T55X7_FDXB_2_CONFIG_BLOCK: case T55X7_FDXB_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "FDXB "); break; case T55X7_HID_26_CONFIG_BLOCK: - snprintf(s + strlen(s), sizeof(s) - strlen(s), "HID 26b (ProxCard) "); + snprintf(s + strlen(s), sizeof(s) - strlen(s), "HID 26b (ProxCard), Paradox "); break; case T55X7_PYRAMID_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "Pyramid "); @@ -2080,6 +2081,15 @@ static void printT5x7KnownBlock0(uint32_t b0) { case T55X7_NEDAP_128_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "Nedap 128 "); break; + case T55X7_PAC_CONFIG_BLOCK: + snprintf(s + strlen(s), sizeof(s) - strlen(s), "PAC "); + break; + case T55X7_VERICHIP_CONFIG_BLOCK: + snprintf(s + strlen(s), sizeof(s) - strlen(s), "Verichip "); + break; + case T55X7_VISA2000_CONFIG_BLOCK: + snprintf(s + strlen(s), sizeof(s) - strlen(s), "VISA2000 "); + break; default: break; } @@ -2224,11 +2234,11 @@ static int CmdT55xxInfo(const char *Cmd) { PrintAndLogEx(NORMAL, " POR-Delay : %s", (por) ? _GREEN_("Yes") : "No"); } PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); - PrintAndLogEx(NORMAL, " Raw Data - Page 0"); + PrintAndLogEx(NORMAL, " Raw Data - Page 0, block 0"); if (gotdata) - PrintAndLogEx(NORMAL, " Block 0 : 0x%08X", block0); + PrintAndLogEx(NORMAL, " 0x" _GREEN_("%08X"), block0); else - PrintAndLogEx(NORMAL, " Block 0 : 0x%08X %s", block0, sprint_bin(DemodBuffer + config.offset, 32)); + PrintAndLogEx(NORMAL, " 0x" _GREEN_("%08X") " %s", block0, sprint_bin(DemodBuffer + config.offset, 32)); if (((!gotdata) && (!config.Q5)) || (gotdata && (!dataasq5))) printT5x7KnownBlock0(block0); diff --git a/client/src/cmdlft55xx.h b/client/src/cmdlft55xx.h index 7074124e6..5e84a85c4 100644 --- a/client/src/cmdlft55xx.h +++ b/client/src/cmdlft55xx.h @@ -25,28 +25,36 @@ // config blocks #define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // ASK, compat mode, data rate 32, manchester, STT, 7 data blocks #define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // ASK, compat mode, data rate 32, manchester, 7 data blocks -#define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, emulate em4x02/unique - compat mode, manchester, data rate 64, 2 data blocks -#define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, emulate em4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks +#define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/unique - compat mode, manchester, data rate 64, 2 data blocks +#define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks +#define T55X7_VISA2000_CONFIG_BLOCK 0x00148068 // ASK, data raet +#define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // ASK, compat mode, data rate 32, Manchester, 2 data blocks +#define T55X7_NORALYS_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALYS - KCP3000), data rate 32, 3 data blocks +#define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 4 data blocks, STT + // FDXB requires data inversion and BiPhase 57 is simply BiPhase 50 inverted, so we can either do it using the modulation scheme or the inversion flag // we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo, // and it should actually be "10000" (16) -// #define T55X7_FDXB_CONFIG_BLOCK 0x903F8080 // emulate fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks -#define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // emulate fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks -#define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // hid 26 bit - compat mode, FSK2a, data rate 50, 3 data blocks -#define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // Pyramid 26 bit - compat mode, FSK2a, data rate 50, 4 data blocks -#define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // emulate indala 64 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 2 -#define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // emulate indala 224 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 7 -#define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // bitrate 64pcb, Direct modulation, Biphase, 3 data blocks -#define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // ASK, compat mode, data rate 32, Manchester, 2 data blocks -#define T55X7_NORALYS_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALYS - KCP3000), 3 data blocks -#define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // ioprox - FSK2a, data rate 64, 2 data blocks -#define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 4 data blocks, STT -#define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 2 data blocks -#define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 4 data blocks +// #define T55X7_FDXB_CONFIG_BLOCK 0x903F8080 // BiPhase, fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks +#define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // BiPhase, fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks +#define T55X7_FDXB_2_CONFIG_BLOCK 0x00098080 // + +#define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks +#define T55X7_PARADOX_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks +#define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // FSK2a, Pyramid 26 bit - compat mode, data rate 50, 4 data blocks +#define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // PSK1, indala 64 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 2 +#define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // PSK1, indala 224 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 7 +#define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // FSK2a, data rate 64, 2 data blocks +#define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // Biphase, data rate 64, Direct modulation, 3 data blocks +#define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 2 data blocks +#define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 4 data blocks + +#define T55X7_PAC_CONFIG_BLOCK 0x00080080 // NRZ, data rate 32, 4 data blocks +#define T55X7_VERICHIP_CONFIG_BLOCK 0x000C0080 // NRZ, data rate 40, 4 data blocks #define T55X7_bin 0b0010 -#define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // data rate 64 , ask, manchester, 2 data blocks? +#define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // ASK, data rate 64, manchester, 2 data blocks? typedef enum { T55x7_RAW = 0x00, T55x7_DEFAULT = 0x00, diff --git a/client/src/cmdlfverichip.c b/client/src/cmdlfverichip.c index 0eec31bf1..ee2de0846 100644 --- a/client/src/cmdlfverichip.c +++ b/client/src/cmdlfverichip.c @@ -39,9 +39,13 @@ static int usage_lf_verichip_clone(void) { //see NRZDemod for what args are accepted static int CmdVerichipDemod(const char *Cmd) { + (void)Cmd; + return demodVerichip(); +} +int demodVerichip(void) { //NRZ - if (NRZrawDemod(Cmd, false) != PM3_SUCCESS) { + if (NRZrawDemod("", false) != PM3_SUCCESS) { PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: NRZ Demod failed"); return PM3_ESOFT; } @@ -154,20 +158,15 @@ int CmdLFVerichip(const char *Cmd) { return CmdsParse(CommandTable, Cmd); } -// by marshmellow -// find PAC preamble in already demoded data +// find VERICHIP preamble in already demoded data int detectVerichip(uint8_t *dest, size_t *size) { if (*size < 128) return -1; //make sure buffer has data size_t startIdx = 0; uint8_t preamble[] = {1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0}; if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) return -2; //preamble not found - if (*size != 128) return -3; //wrong demoded size + if (*size < 128) return -3; //wrong demoded size //return start position return (int)startIdx; } -int demodVerichip(void) { - return CmdVerichipDemod(""); -} - From 3fdd4f343b210e1efdcfee3ea2d46352e5a9ac9b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 13:42:37 +0200 Subject: [PATCH 14/27] textual --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff2f53bfe..492c67794 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Readded verichip command which seems missing (@iceman1001) + - Fix missing t55x7 config block detection (@iceman1001) - Fix missing define on proxspace (@mwalker33) - Added `lf em 4x50_dump` (@iceman1001) - Added `lf em 4x50_read` (@tharexde) From 2fcc9b07efdb0073bf3a76705c33de65534589ac Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 17:37:01 +0200 Subject: [PATCH 15/27] disable verichip stuff. should be inside FDX already --- client/Makefile | 1 - client/src/cmdlf.c | 3 - client/src/cmdlfpac.c | 27 +++-- client/src/cmdlfverichip_disabled.c | 172 ++++++++++++++++++++++++++++ client/src/cmdlfverichip_disabled.h | 19 +++ 5 files changed, 206 insertions(+), 16 deletions(-) create mode 100644 client/src/cmdlfverichip_disabled.c create mode 100644 client/src/cmdlfverichip_disabled.h diff --git a/client/Makefile b/client/Makefile index 8943915bb..a4e8b193d 100644 --- a/client/Makefile +++ b/client/Makefile @@ -461,7 +461,6 @@ SRCS = aidsearch.c \ cmdlfsecurakey.c \ cmdlft55xx.c \ cmdlfti.c \ - cmdlfverichip.c \ cmdlfviking.c \ cmdlfvisa2000.c \ cmdmain.c \ diff --git a/client/src/cmdlf.c b/client/src/cmdlf.c index eb8c4ce5b..3daf91e2f 100644 --- a/client/src/cmdlf.c +++ b/client/src/cmdlf.c @@ -55,7 +55,6 @@ #include "cmdlfkeri.h" // for keri menu #include "cmdlfmotorola.h" // for Motorola menu #include "cmdlfgallagher.h" // for GALLAGHER menu -#include "cmdlfverichip.h" // for VERICHIP menu static bool g_lf_threshold_set = false; @@ -1288,7 +1287,6 @@ int CmdLFfind(const char *Cmd) { } if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") " found!"); goto out;} - if (demodVerichip() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("VERICHIP ID") " found!"); goto out;} if (demodHID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("HID Prox ID") " found!"); goto out;} if (demodAWID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("AWID ID") " found!"); goto out;} if (demodIOProx() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("IO Prox ID") " found!"); goto out;} @@ -1393,7 +1391,6 @@ static command_t CommandTable[] = { {"securakey", CmdLFSecurakey, AlwaysAvailable, "{ Securakey RFIDs... }"}, {"ti", CmdLFTI, AlwaysAvailable, "{ TI CHIPs... }"}, {"t55xx", CmdLFT55XX, AlwaysAvailable, "{ T55xx CHIPs... }"}, - {"verichip", CmdLFVerichip, AlwaysAvailable, "{ VERICHIP RFIDs... }"}, {"viking", CmdLFViking, AlwaysAvailable, "{ Viking RFIDs... }"}, {"visa2000", CmdLFVisa2k, AlwaysAvailable, "{ Visa2000 RFIDs... }"}, {"", CmdHelp, AlwaysAvailable, ""}, diff --git a/client/src/cmdlfpac.c b/client/src/cmdlfpac.c index 10365358e..f162b7342 100644 --- a/client/src/cmdlfpac.c +++ b/client/src/cmdlfpac.c @@ -1,4 +1,6 @@ //----------------------------------------------------------------------------- +// by marshmellow +// by danshuk // // This code is licensed to you under the terms of the GNU GPL, version 2 or, // at your option, any later version. See the LICENSE.txt file for the text of @@ -9,20 +11,19 @@ //----------------------------------------------------------------------------- #include "cmdlfpac.h" -#include //tolower +#include // tolower #include #include - -#include "commonutil.h" // ARRAYLEN +#include "commonutil.h" // ARRAYLEN #include "common.h" -#include "cmdparser.h" // command_t +#include "cmdparser.h" // command_t #include "comms.h" #include "ui.h" #include "cmddata.h" #include "cmdlf.h" #include "lfdemod.h" // preamble test #include "protocols.h" // t55xx defines -#include "cmdlft55xx.h" // clone.. +#include "cmdlft55xx.h" // clone #include "parity.h" static int CmdHelp(const char *Cmd); @@ -54,7 +55,7 @@ static int usage_lf_pac_sim(void) { PrintAndLogEx(NORMAL, _YELLOW_(" lf pac sim 12345678")); return PM3_SUCCESS; } -// by danshuk + // PAC_8byte format: preamble (8 mark/idle bits), ascii STX (02), ascii '2' (32), ascii '0' (30), ascii bytes 0..7 (cardid), then xor checksum of cardid bytes // all bytes following 8 bit preamble are one start bit (0), 7 data bits (lsb first), odd parity bit, and one stop bit (1) static int demodbuf_to_pacid(uint8_t *src, const size_t src_size, uint8_t *dst, const size_t dst_size) { @@ -85,7 +86,9 @@ static int demodbuf_to_pacid(uint8_t *src, const size_t src_size, uint8_t *dst, PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: Bad checksum - expected: %02X, actual: %02X", dst[dataLength - 1], checksum); return PM3_ESOFT; } - dst[dataLength - 1] = 0; // overwrite checksum byte with null terminator + + // overwrite checksum byte with null terminator + dst[dataLength - 1] = 0; return PM3_SUCCESS; } @@ -142,9 +145,13 @@ static void pacCardIdToRaw(uint8_t *outRawBytes, const char *cardId) { //see NRZDemod for what args are accepted static int CmdPacDemod(const char *Cmd) { + (void)Cmd; + return demodPac(); +} +int demodPac(void) { //NRZ - if (NRZrawDemod(Cmd, false) != PM3_SUCCESS) { + if (NRZrawDemod("", false) != PM3_SUCCESS) { PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: NRZ Demod failed"); return PM3_ESOFT; } @@ -307,7 +314,6 @@ int CmdLFPac(const char *Cmd) { return CmdsParse(CommandTable, Cmd); } -// by marshmellow // find PAC preamble in already demoded data int detectPac(uint8_t *dest, size_t *size) { if (*size < 128) return -1; //make sure buffer has data @@ -320,7 +326,4 @@ int detectPac(uint8_t *dest, size_t *size) { return (int)startIdx; } -int demodPac(void) { - return CmdPacDemod(""); -} diff --git a/client/src/cmdlfverichip_disabled.c b/client/src/cmdlfverichip_disabled.c new file mode 100644 index 000000000..ee2de0846 --- /dev/null +++ b/client/src/cmdlfverichip_disabled.c @@ -0,0 +1,172 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency Verichip tag commands +//NRZ, RF/32, 128 bits long +//----------------------------------------------------------------------------- +#include "cmdlfverichip.h" + +#include //tolower + +#include "commonutil.h" // ARRAYLEN +#include "common.h" +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "lfdemod.h" // preamble test +#include "protocols.h" // t55xx defines +#include "cmdlft55xx.h" // clone.. + +static int CmdHelp(const char *Cmd); + +static int usage_lf_verichip_clone(void) { + PrintAndLogEx(NORMAL, "clone a verichip tag to a T55x7 tag."); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf verichip clone [h] [b ]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h : this help"); + PrintAndLogEx(NORMAL, " b : raw hex data. 12 bytes max"); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf verichip clone b FF2049906D8511C593155B56D5B2649F ")); + return PM3_SUCCESS; +} + +//see NRZDemod for what args are accepted +static int CmdVerichipDemod(const char *Cmd) { + (void)Cmd; + return demodVerichip(); +} + +int demodVerichip(void) { + //NRZ + if (NRZrawDemod("", false) != PM3_SUCCESS) { + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: NRZ Demod failed"); + return PM3_ESOFT; + } + size_t size = DemodBufferLen; + int ans = detectVerichip(DemodBuffer, &size); + if (ans < 0) { + if (ans == -1) + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: too few bits found"); + else if (ans == -2) + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: preamble not found"); + else if (ans == -3) + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: Size not correct: %zu", size); + else + PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: ans: %d", ans); + + return PM3_ESOFT; + } + setDemodBuff(DemodBuffer, 128, ans); + setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock)); + + //got a good demod + uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); + uint32_t raw2 = bytebits_to_byte(DemodBuffer + 32, 32); + uint32_t raw3 = bytebits_to_byte(DemodBuffer + 64, 32); + uint32_t raw4 = bytebits_to_byte(DemodBuffer + 96, 32); + + // preamble then appears to have marker bits of "10" CS? + // 11111111001000000 10 01001100 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 10001100 10 100000001 + // unknown checksum 9 bits at the end + + PrintAndLogEx(SUCCESS, "VERICHIP - Raw: %08X%08X%08X%08X", raw1, raw2, raw3, raw4); + PrintAndLogEx(INFO, "How the Raw ID is translated by the reader is unknown. Share your trace file on forum"); + return PM3_SUCCESS; +} + +static int CmdVerichipRead(const char *Cmd) { + lf_read(false, 4096 * 2 + 20); + return CmdVerichipDemod(Cmd); +} + +static int CmdVerichipClone(const char *Cmd) { + + uint32_t blocks[5]; + bool errors = false; + uint8_t cmdp = 0; + int datalen = 0; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_verichip_clone(); + case 'b': { + // skip first block, 4*4 = 16 bytes left + uint8_t rawhex[16] = {0}; + int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); + if (res != 0) + errors = true; + + for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) { + blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t)); + } + cmdp += 2; + break; + } + default: + PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (errors || cmdp == 0) return usage_lf_verichip_clone(); + + //Pac - compat mode, NRZ, data rate 40, 3 data blocks + blocks[0] = T55x7_MODULATION_DIRECT | T55x7_BITRATE_RF_40 | 4 << T55x7_MAXBLOCK_SHIFT; + + PrintAndLogEx(INFO, "Preparing to clone Verichip to T55x7 with raw hex"); + print_blocks(blocks, ARRAYLEN(blocks)); + + int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); + PrintAndLogEx(SUCCESS, "Done"); + PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf verichip read`") " to verify"); + return res; +} + +static int CmdVerichipSim(const char *Cmd) { + + // NRZ sim. + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + +static command_t CommandTable[] = { + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"demod", CmdVerichipDemod, AlwaysAvailable, "Demodulate an VERICHIP tag from the GraphBuffer"}, + {"read", CmdVerichipRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, + {"clone", CmdVerichipClone, IfPm3Lf, "clone VERICHIP tag"}, + {"sim", CmdVerichipSim, IfPm3Lf, "simulate VERICHIP tag"}, + {NULL, NULL, NULL, NULL} +}; + +static int CmdHelp(const char *Cmd) { + (void)Cmd; // Cmd is not used so far + CmdsHelp(CommandTable); + return PM3_SUCCESS; +} + +int CmdLFVerichip(const char *Cmd) { + clearCommandBuffer(); + return CmdsParse(CommandTable, Cmd); +} + +// find VERICHIP preamble in already demoded data +int detectVerichip(uint8_t *dest, size_t *size) { + if (*size < 128) return -1; //make sure buffer has data + size_t startIdx = 0; + uint8_t preamble[] = {1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0}; + if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) + return -2; //preamble not found + if (*size < 128) return -3; //wrong demoded size + //return start position + return (int)startIdx; +} + diff --git a/client/src/cmdlfverichip_disabled.h b/client/src/cmdlfverichip_disabled.h new file mode 100644 index 000000000..4ddf6a5d1 --- /dev/null +++ b/client/src/cmdlfverichip_disabled.h @@ -0,0 +1,19 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency Verichip tag commands +//----------------------------------------------------------------------------- +#ifndef CMDLFVERICHIP_H__ +#define CMDLFVERICHIP_H__ + +#include "common.h" + +int CmdLFVerichip(const char *Cmd); + +int demodVerichip(void); +int detectVerichip(uint8_t *dest, size_t *size); +#endif + From 327af5764d23074f630f107ce33ad0d25884ff0f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 17:37:35 +0200 Subject: [PATCH 16/27] remove --- client/src/cmdlfverichip.c | 172 ------------------------------------- client/src/cmdlfverichip.h | 19 ---- 2 files changed, 191 deletions(-) delete mode 100644 client/src/cmdlfverichip.c delete mode 100644 client/src/cmdlfverichip.h diff --git a/client/src/cmdlfverichip.c b/client/src/cmdlfverichip.c deleted file mode 100644 index ee2de0846..000000000 --- a/client/src/cmdlfverichip.c +++ /dev/null @@ -1,172 +0,0 @@ -//----------------------------------------------------------------------------- -// -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// Low frequency Verichip tag commands -//NRZ, RF/32, 128 bits long -//----------------------------------------------------------------------------- -#include "cmdlfverichip.h" - -#include //tolower - -#include "commonutil.h" // ARRAYLEN -#include "common.h" -#include "cmdparser.h" // command_t -#include "comms.h" -#include "ui.h" -#include "cmddata.h" -#include "cmdlf.h" -#include "lfdemod.h" // preamble test -#include "protocols.h" // t55xx defines -#include "cmdlft55xx.h" // clone.. - -static int CmdHelp(const char *Cmd); - -static int usage_lf_verichip_clone(void) { - PrintAndLogEx(NORMAL, "clone a verichip tag to a T55x7 tag."); - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "Usage: lf verichip clone [h] [b ]"); - PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " h : this help"); - PrintAndLogEx(NORMAL, " b : raw hex data. 12 bytes max"); - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, _YELLOW_(" lf verichip clone b FF2049906D8511C593155B56D5B2649F ")); - return PM3_SUCCESS; -} - -//see NRZDemod for what args are accepted -static int CmdVerichipDemod(const char *Cmd) { - (void)Cmd; - return demodVerichip(); -} - -int demodVerichip(void) { - //NRZ - if (NRZrawDemod("", false) != PM3_SUCCESS) { - PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: NRZ Demod failed"); - return PM3_ESOFT; - } - size_t size = DemodBufferLen; - int ans = detectVerichip(DemodBuffer, &size); - if (ans < 0) { - if (ans == -1) - PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: too few bits found"); - else if (ans == -2) - PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: preamble not found"); - else if (ans == -3) - PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: Size not correct: %zu", size); - else - PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: ans: %d", ans); - - return PM3_ESOFT; - } - setDemodBuff(DemodBuffer, 128, ans); - setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock)); - - //got a good demod - uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); - uint32_t raw2 = bytebits_to_byte(DemodBuffer + 32, 32); - uint32_t raw3 = bytebits_to_byte(DemodBuffer + 64, 32); - uint32_t raw4 = bytebits_to_byte(DemodBuffer + 96, 32); - - // preamble then appears to have marker bits of "10" CS? - // 11111111001000000 10 01001100 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 00001101 10 10001100 10 100000001 - // unknown checksum 9 bits at the end - - PrintAndLogEx(SUCCESS, "VERICHIP - Raw: %08X%08X%08X%08X", raw1, raw2, raw3, raw4); - PrintAndLogEx(INFO, "How the Raw ID is translated by the reader is unknown. Share your trace file on forum"); - return PM3_SUCCESS; -} - -static int CmdVerichipRead(const char *Cmd) { - lf_read(false, 4096 * 2 + 20); - return CmdVerichipDemod(Cmd); -} - -static int CmdVerichipClone(const char *Cmd) { - - uint32_t blocks[5]; - bool errors = false; - uint8_t cmdp = 0; - int datalen = 0; - - while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { - switch (tolower(param_getchar(Cmd, cmdp))) { - case 'h': - return usage_lf_verichip_clone(); - case 'b': { - // skip first block, 4*4 = 16 bytes left - uint8_t rawhex[16] = {0}; - int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); - if (res != 0) - errors = true; - - for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) { - blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t)); - } - cmdp += 2; - break; - } - default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = true; - break; - } - } - - if (errors || cmdp == 0) return usage_lf_verichip_clone(); - - //Pac - compat mode, NRZ, data rate 40, 3 data blocks - blocks[0] = T55x7_MODULATION_DIRECT | T55x7_BITRATE_RF_40 | 4 << T55x7_MAXBLOCK_SHIFT; - - PrintAndLogEx(INFO, "Preparing to clone Verichip to T55x7 with raw hex"); - print_blocks(blocks, ARRAYLEN(blocks)); - - int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); - PrintAndLogEx(SUCCESS, "Done"); - PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf verichip read`") " to verify"); - return res; -} - -static int CmdVerichipSim(const char *Cmd) { - - // NRZ sim. - PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); - return PM3_SUCCESS; -} - -static command_t CommandTable[] = { - {"help", CmdHelp, AlwaysAvailable, "This help"}, - {"demod", CmdVerichipDemod, AlwaysAvailable, "Demodulate an VERICHIP tag from the GraphBuffer"}, - {"read", CmdVerichipRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, - {"clone", CmdVerichipClone, IfPm3Lf, "clone VERICHIP tag"}, - {"sim", CmdVerichipSim, IfPm3Lf, "simulate VERICHIP tag"}, - {NULL, NULL, NULL, NULL} -}; - -static int CmdHelp(const char *Cmd) { - (void)Cmd; // Cmd is not used so far - CmdsHelp(CommandTable); - return PM3_SUCCESS; -} - -int CmdLFVerichip(const char *Cmd) { - clearCommandBuffer(); - return CmdsParse(CommandTable, Cmd); -} - -// find VERICHIP preamble in already demoded data -int detectVerichip(uint8_t *dest, size_t *size) { - if (*size < 128) return -1; //make sure buffer has data - size_t startIdx = 0; - uint8_t preamble[] = {1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0}; - if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) - return -2; //preamble not found - if (*size < 128) return -3; //wrong demoded size - //return start position - return (int)startIdx; -} - diff --git a/client/src/cmdlfverichip.h b/client/src/cmdlfverichip.h deleted file mode 100644 index 4ddf6a5d1..000000000 --- a/client/src/cmdlfverichip.h +++ /dev/null @@ -1,19 +0,0 @@ -//----------------------------------------------------------------------------- -// -// This code is licensed to you under the terms of the GNU GPL, version 2 or, -// at your option, any later version. See the LICENSE.txt file for the text of -// the license. -//----------------------------------------------------------------------------- -// Low frequency Verichip tag commands -//----------------------------------------------------------------------------- -#ifndef CMDLFVERICHIP_H__ -#define CMDLFVERICHIP_H__ - -#include "common.h" - -int CmdLFVerichip(const char *Cmd); - -int demodVerichip(void); -int detectVerichip(uint8_t *dest, size_t *size); -#endif - From c56245d1aaf35dd2c0e3d803d123344bc328aacb Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 18:04:51 +0200 Subject: [PATCH 17/27] chg 'lf t55xx info' - detection of t55x7 configuration blocks --- client/src/cmdlfkeri.c | 11 +++++++---- client/src/cmdlft55xx.c | 24 ++++++++++++++++++------ client/src/cmdlft55xx.h | 17 +++++++++++++---- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/client/src/cmdlfkeri.c b/client/src/cmdlfkeri.c index b1a73cc9d..d05c159c0 100644 --- a/client/src/cmdlfkeri.c +++ b/client/src/cmdlfkeri.c @@ -137,11 +137,16 @@ static int CmdKeriMSScramble(KeriMSScramble_t Action, uint32_t *FC, uint32_t *ID static int CmdKeriDemod(const char *Cmd) { (void)Cmd; // Cmd is not used so far + return demodKeri(); +} + +int demodKeri(void) { if (PSKDemod("", false) != PM3_SUCCESS) { PrintAndLogEx(DEBUG, "DEBUG: Error - KERI: PSK1 Demod failed"); return PM3_ESOFT; } + bool invert = false; size_t size = DemodBufferLen; int idx = detectKeri(DemodBuffer, &size, &invert); @@ -207,6 +212,8 @@ static int CmdKeriDemod(const char *Cmd) { return PM3_SUCCESS; } + + static int CmdKeriRead(const char *Cmd) { lf_read(false, 10000); return CmdKeriDemod(Cmd); @@ -382,7 +389,3 @@ int detectKeri(uint8_t *dest, size_t *size, bool *invert) { return (int)startIdx; } -int demodKeri(void) { - return CmdKeriDemod(""); -} - diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 5607b52a5..13693ffc7 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -2049,13 +2049,13 @@ static void printT5x7KnownBlock0(uint32_t b0) { snprintf(s + strlen(s), sizeof(s) - strlen(s), "FDXB "); break; case T55X7_HID_26_CONFIG_BLOCK: - snprintf(s + strlen(s), sizeof(s) - strlen(s), "HID 26b (ProxCard), Paradox "); + snprintf(s + strlen(s), sizeof(s) - strlen(s), "HID 26b (ProxCard), Paradox, AWID "); break; case T55X7_PYRAMID_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "Pyramid "); break; case T55X7_INDALA_64_CONFIG_BLOCK: - snprintf(s + strlen(s), sizeof(s) - strlen(s), "Indala 64"); + snprintf(s + strlen(s), sizeof(s) - strlen(s), "Indala 64, Motorola"); break; case T55X7_INDALA_224_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "Indala 224 "); @@ -2066,7 +2066,7 @@ static void printT5x7KnownBlock0(uint32_t b0) { case T55X7_VIKING_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "Viking "); break; - case T55X7_NORALYS_CONFIG_BLOCK: + case T55X7_NORALSY_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "Noralys "); break; case T55X7_IOPROX_CONFIG_BLOCK: @@ -2082,20 +2082,32 @@ static void printT5x7KnownBlock0(uint32_t b0) { snprintf(s + strlen(s), sizeof(s) - strlen(s), "Nedap 128 "); break; case T55X7_PAC_CONFIG_BLOCK: - snprintf(s + strlen(s), sizeof(s) - strlen(s), "PAC "); + snprintf(s + strlen(s), sizeof(s) - strlen(s), "PAC/Stanley "); break; case T55X7_VERICHIP_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "Verichip "); break; case T55X7_VISA2000_CONFIG_BLOCK: snprintf(s + strlen(s), sizeof(s) - strlen(s), "VISA2000 "); - break; + break; + case T55X7_JABLOTRON_CONFIG_BLOCK: + snprintf(s + strlen(s), sizeof(s) - strlen(s), "Jablotron "); + break; + case T55X7_KERI_CONFIG_BLOCK: + snprintf(s + strlen(s), sizeof(s) - strlen(s), "KERI "); + break; + case T55X7_SECURAKEY_CONFIG_BLOCK: + snprintf(s + strlen(s), sizeof(s) - strlen(s), "SecuraKey "); + break; + case T55X7_NEXWATCH_CONFIG_BLOCK: + snprintf(s + strlen(s), sizeof(s) - strlen(s), "NexWatch, Quadrakey "); + break; default: break; } if (strlen(s) > 0) - PrintAndLogEx(NORMAL, "\n Config block match : " _YELLOW_("%s"), s); + PrintAndLogEx(SUCCESS, "\nConfig block match : " _YELLOW_("%s"), s); } static int CmdT55xxInfo(const char *Cmd) { diff --git a/client/src/cmdlft55xx.h b/client/src/cmdlft55xx.h index 5e84a85c4..155e23c77 100644 --- a/client/src/cmdlft55xx.h +++ b/client/src/cmdlft55xx.h @@ -27,10 +27,11 @@ #define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // ASK, compat mode, data rate 32, manchester, 7 data blocks #define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/unique - compat mode, manchester, data rate 64, 2 data blocks #define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks -#define T55X7_VISA2000_CONFIG_BLOCK 0x00148068 // ASK, data raet +#define T55X7_VISA2000_CONFIG_BLOCK 0x00148068 // ASK, data rate 64, 3 data blocks, STT #define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // ASK, compat mode, data rate 32, Manchester, 2 data blocks -#define T55X7_NORALYS_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALYS - KCP3000), data rate 32, 3 data blocks +#define T55X7_NORALSY_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALSY - KCP3000), data rate 32, 3 data blocks #define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 4 data blocks, STT +#define T55X7_SECURAKEY_CONFIG_BLOCK 0x000C8060 // ASK, Manchester, data rate 40, 3 data blocks // FDXB requires data inversion and BiPhase 57 is simply BiPhase 50 inverted, so we can either do it using the modulation scheme or the inversion flag // we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo, @@ -41,20 +42,28 @@ #define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks #define T55X7_PARADOX_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks +#define T55X7_AWID_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks #define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // FSK2a, Pyramid 26 bit - compat mode, data rate 50, 4 data blocks +#define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // FSK2a, data rate 64, 2 data blocks + #define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // PSK1, indala 64 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 2 #define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // PSK1, indala 224 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 7 -#define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // FSK2a, data rate 64, 2 data blocks +#define T55X7_MOTOROLA_CONFIG_BLOCK 0x00081040 // PSK1, data rate 32, 2 data blocks +#define T55X7_NEXWATCH_CONFIG_BLOCK 0x00081060 // PSK1 data rate 16, psk carrier FC * 2, 3 data blocks +#define T55X7_KERI_CONFIG_BLOCK 0x603E1040 // PSK1, 2 data blocks + +#define T55X7_JABLOTRON_CONFIG_BLOCK 0x00158040 // Biphase, data rate 64, 2 data blocks #define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // Biphase, data rate 64, Direct modulation, 3 data blocks #define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 2 data blocks #define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 4 data blocks #define T55X7_PAC_CONFIG_BLOCK 0x00080080 // NRZ, data rate 32, 4 data blocks #define T55X7_VERICHIP_CONFIG_BLOCK 0x000C0080 // NRZ, data rate 40, 4 data blocks - #define T55X7_bin 0b0010 +// Q5 / Termic / T5555 #define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // ASK, data rate 64, manchester, 2 data blocks? + typedef enum { T55x7_RAW = 0x00, T55x7_DEFAULT = 0x00, From f4b3dec0c884991f43cf2357bd11495d029f6087 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 18:09:34 +0200 Subject: [PATCH 18/27] remove verichip. --- client/CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 565bfba14..ef0aeb7ab 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -267,7 +267,6 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/cmdlfsecurakey.c ${PM3_ROOT}/client/src/cmdlft55xx.c ${PM3_ROOT}/client/src/cmdlfti.c - ${PM3_ROOT}/client/src/cmdlfverichip.c ${PM3_ROOT}/client/src/cmdlfviking.c ${PM3_ROOT}/client/src/cmdlfvisa2000.c ${PM3_ROOT}/client/src/cmdmain.c From 8934fd522d358d878fe3199ba98e6400826abf4c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 8 Jul 2020 20:30:53 +0200 Subject: [PATCH 19/27] fix #833 - missing some configblocks and spelling --- client/src/cmdlft55xx.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 13693ffc7..52cf37665 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -1345,17 +1345,25 @@ bool testKnownConfigBlock(uint32_t block0) { case T55X7_RAW_CONFIG_BLOCK: case T55X7_EM_UNIQUE_CONFIG_BLOCK: case T55X7_FDXB_CONFIG_BLOCK: + case T55X7_FDXB_2_CONFIG_BLOCK: case T55X7_HID_26_CONFIG_BLOCK: case T55X7_PYRAMID_CONFIG_BLOCK: case T55X7_INDALA_64_CONFIG_BLOCK: case T55X7_INDALA_224_CONFIG_BLOCK: case T55X7_GUARDPROXII_CONFIG_BLOCK: case T55X7_VIKING_CONFIG_BLOCK: - case T55X7_NORALYS_CONFIG_BLOCK: + case T55X7_NORALSY_CONFIG_BLOCK: case T55X7_IOPROX_CONFIG_BLOCK: case T55X7_PRESCO_CONFIG_BLOCK: case T55X7_NEDAP_64_CONFIG_BLOCK: case T55X7_NEDAP_128_CONFIG_BLOCK: + case T55X7_VISA2000_CONFIG_BLOCK: + case T55X7_SECURAKEY_CONFIG_BLOCK: + case T55X7_PAC_CONFIG_BLOCK: + case T55X7_VERICHIP_CONFIG_BLOCK: + case T55X7_KERI_CONFIG_BLOCK: + case T55X7_NEXWATCH_CONFIG_BLOCK: + case T55X7_JABLOTRON_CONFIG_BLOCK: return true; } return false; From 59372cb5d4009217176ce61ef6551dff52ddb22c Mon Sep 17 00:00:00 2001 From: tharexde Date: Thu, 9 Jul 2020 01:58:16 +0200 Subject: [PATCH 20/27] added new command "4x50_wipe" --- include/pm3_cmd.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index 117eea672..9e20ab9c1 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -406,6 +406,7 @@ typedef struct { #define CMD_LF_EM4X50_WRITE 0x0241 #define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242 #define CMD_LF_EM4X50_READ 0x0243 +#define CMD_LF_EM4X50_WIPE 0x0244 // Sampling configuration for LF reader/sniffer #define CMD_LF_SAMPLING_SET_CONFIG 0x021D #define CMD_LF_FSK_SIMULATE 0x021E From a659e7576dcdcf7e3ba8de829f20069e4f0a306c Mon Sep 17 00:00:00 2001 From: tharexde Date: Thu, 9 Jul 2020 01:58:38 +0200 Subject: [PATCH 21/27] added new command "4x50_wipe" --- client/src/cmdlfem4x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdlfem4x.c b/client/src/cmdlfem4x.c index 8031ab20d..bb07adaaa 100644 --- a/client/src/cmdlfem4x.c +++ b/client/src/cmdlfem4x.c @@ -1400,6 +1400,7 @@ static command_t CommandTable[] = { {"4x50_write", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"}, {"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"}, {"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"}, + {"4x50_wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe data from EM4x50"}, {NULL, NULL, NULL, NULL} }; From 9d8c7a8de55a91729446fb6ceac3d83ff1f64e53 Mon Sep 17 00:00:00 2001 From: tharexde Date: Thu, 9 Jul 2020 01:58:50 +0200 Subject: [PATCH 22/27] added new command "4x50_wipe" --- client/src/cmdlfem4x50.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/client/src/cmdlfem4x50.h b/client/src/cmdlfem4x50.h index 4519abbb4..01417aa1e 100644 --- a/client/src/cmdlfem4x50.h +++ b/client/src/cmdlfem4x50.h @@ -23,4 +23,6 @@ int CmdEM4x50Write(const char *Cmd); int CmdEM4x50WritePassword(const char *Cmd); int CmdEM4x50Read(const char *Cmd); int CmdEM4x50Dump(const char *Cmd); +int CmdEM4x50Wipe(const char *Cmd); + #endif From 76d0ecf8cfcbb8a572f7ef4db27da3f58ae92db1 Mon Sep 17 00:00:00 2001 From: tharexde Date: Thu, 9 Jul 2020 01:59:01 +0200 Subject: [PATCH 23/27] added new command "4x50_wipe" --- armsrc/appmain.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 95b42982a..cc1d299f3 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1023,7 +1023,10 @@ static void PacketReceived(PacketCommandNG *packet) { em4x50_read((em4x50_data_t *)packet->data.asBytes); break; } - + case CMD_LF_EM4X50_WIPE: { + em4x50_wipe((em4x50_data_t *)packet->data.asBytes); + break; + } #endif #ifdef WITH_ISO15693 From 8dd302907caa5eec440914434a31894e826d8cd9 Mon Sep 17 00:00:00 2001 From: tharexde Date: Thu, 9 Jul 2020 01:59:09 +0200 Subject: [PATCH 24/27] added new command "4x50_wipe" --- armsrc/em4x50.h | 1 + 1 file changed, 1 insertion(+) diff --git a/armsrc/em4x50.h b/armsrc/em4x50.h index d786e61c0..f9f1375f2 100644 --- a/armsrc/em4x50.h +++ b/armsrc/em4x50.h @@ -21,5 +21,6 @@ void em4x50_info(em4x50_data_t *etd); void em4x50_write(em4x50_data_t *etd); void em4x50_write_password(em4x50_data_t *etd); void em4x50_read(em4x50_data_t *etd); +void em4x50_wipe(em4x50_data_t *etd); #endif /* EM4X50_H */ From 241e2b7c7e44f164b7984122121f291810e7e5e1 Mon Sep 17 00:00:00 2001 From: tharexde Date: Thu, 9 Jul 2020 01:59:29 +0200 Subject: [PATCH 25/27] added new command "4x50_wipe" --- armsrc/em4x50.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index ddc297591..8344f7542 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -1028,3 +1028,61 @@ void em4x50_write_password(em4x50_data_t *etd) { lf_finalize(); reply_ng(CMD_ACK, bsuccess, 0, 0); } + +void em4x50_wipe(em4x50_data_t *etd) { + + // set all data of EM4x50 tag to 0x0 including password + + bool bsuccess = false; + uint8_t zero[4] = {0, 0, 0, 0}; + uint8_t addresses[4] = {0, 0, EM4X50_NO_WORDS - 3, 1}; + + init_tag(); + em4x50_setup_read(); + + // set gHigh and gLow + if (get_signalproperties() && find_em4x50_tag()) { + + // login first + if (login(etd->password)) { + + // write 0x0 to each address but ignore addresses + // 0 -> password, 32 -> serial, 33 -> uid + // writing 34 words takes about 3.6 seconds -> high timeout needed + for (int i = 1; i <= EM4X50_NO_WORDS - 3; i++) + write(zero, i); + + // to verify result reset EM4x50 + if (reset()) { + + // login not necessary because protectd word has been set to 0 + // -> no read protected words + // -> selective read can be called immediately + if (selective_read(addresses)) { + + // check if everything is zero + bsuccess = true; + for (int i = 1; i <= EM4X50_NO_WORDS - 3; i++) + for (int j = 0; j < 4; j++) + bsuccess &= (tag.sectors[i][j] == 0) ? true : false; + + } + + if (bsuccess) { + + // so far everything is fine + // last task: reset password + if (login(etd->password)) + bsuccess = write_password(etd->password, zero); + + // verify by login with new password + if (bsuccess) + bsuccess = login(zero); + } + } + } + } + + lf_finalize(); + reply_ng(CMD_ACK, bsuccess, (uint8_t *)tag.sectors, 238); +} From 1394ffc3a069e35be11119896d3e522570c5d482 Mon Sep 17 00:00:00 2001 From: tharexde Date: Thu, 9 Jul 2020 02:00:09 +0200 Subject: [PATCH 26/27] added new command "4x50_wipe" --- client/src/cmdlfem4x50.c | 66 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index 1009f3bb6..8198bdc74 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -85,6 +85,18 @@ static int usage_lf_em4x50_dump(void) { PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump f card_nnn p 11223344")); return PM3_SUCCESS; } +static int usage_lf_em4x50_wipe(void) { + PrintAndLogEx(NORMAL, "Wipe data from EM4x50 tag. Tag must be on antenna. "); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_wipe [h] [p ]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, " p - password (hex)"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_wwipe p 11223344")); + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; +} static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) { @@ -672,3 +684,57 @@ int CmdEM4x50Dump(const char *Cmd) { //saveFileJSON... return PM3_SUCCESS; } + +int CmdEM4x50Wipe(const char *Cmd) { + + // fills EM4x50 tag with zeros including password + + bool errors = false, bpwd = false; + uint8_t cmdp = 0; + em4x50_data_t etd; + PacketResponseNG resp; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_em4x50_wipe(); + + case 'p': + if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) { + PrintAndLogEx(FAILED, "\npassword has to be 8 hex symbols\n"); + return PM3_EINVARG; + } + bpwd = true; + cmdp += 2; + break; + + default: + PrintAndLogEx(WARNING, "\nUnknown parameter '%c'\n", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (errors || !bpwd) + return usage_lf_em4x50_wipe(); + + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM4X50_WIPE, (uint8_t *)&etd, sizeof(etd)); + + if (!WaitForResponseTimeout(CMD_ACK, &resp, 2*TIMEOUT)) { + PrintAndLogEx(WARNING, "\ntimeout while waiting for reply.\n"); + return PM3_ETIMEOUT; + } + + // print response + bool isOK = resp.status; + if (isOK) { + PrintAndLogEx(SUCCESS,"\nwiping data " _GREEN_("ok") "\n"); + } else { + PrintAndLogEx(FAILED,"\nwiping data " _RED_("failed") "\n"); + return PM3_ESOFT; + } + + return PM3_SUCCESS; +} From 23a5beb3c36dcc05cd1af4bc3ab85c427ebdecfa Mon Sep 17 00:00:00 2001 From: jumpycalm Date: Fri, 10 Jul 2020 23:22:52 -0400 Subject: [PATCH 27/27] fix a bug in demodParadox() --- client/src/cmdlfparadox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdlfparadox.c b/client/src/cmdlfparadox.c index 92cea3755..7d82f8437 100644 --- a/client/src/cmdlfparadox.c +++ b/client/src/cmdlfparadox.c @@ -128,7 +128,7 @@ int demodParadox(void) { uint8_t error = 0; // Remove manchester encoding from FSK bits, skip pre - for (uint8_t i = idx + PARADOX_PREAMBLE_LEN; i < (idx + 96 - PARADOX_PREAMBLE_LEN ); i += 2) { + for (uint8_t i = idx + PARADOX_PREAMBLE_LEN; i < (idx + 96); i += 2) { // not manchester data if (bits[i] == bits[i + 1]) {