github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch 'master' into fpga

Browse source 
* master: (27 commits)
  fix a bug in demodParadox()
  added new command "4x50_wipe"
  added new command "4x50_wipe"
  added new command "4x50_wipe"
  added new command "4x50_wipe"
  added new command "4x50_wipe"
  added new command "4x50_wipe"
  added new command "4x50_wipe"
  fix #833  - missing some configblocks and spelling
  remove verichip.
  chg 'lf t55xx info' - detection of t55x7 configuration blocks
  remove
  disable verichip stuff.  should be inside FDX already
  textual
  lf t55 configblock detection updated
  textual
  fix: missing define on some mingw
  chg: hf mf decrypt - helptext (thanks @AdamLaurie)
  Update bt_manual_v10.md
  textual
  ...
This commit is contained in:
Philippe Teuwen 2020-07-11 15:25:20 +02:00
commit eb61524923
28 changed files with 591 additions and 314 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.gitignore vendored
View file

@ -41,6 +41,7 @@ Makefile.platform
# cmake # cmake
client/build/ client/build/
client/android/build/ client/android/build/
client/deps/bzip2/
# Coverity # Coverity
cov-int/ cov-int/
@ -77,17 +78,16 @@ fpga/*
!fpga/xst_hf.scr !fpga/xst_hf.scr
!fpga/go.bat !fpga/go.bat
!fpga/sim.tcl !fpga/sim.tcl
# offcial dumps folder # offcial dumps folder
dumps/* dumps/*
traces/*
#client/* #client/*
# my own traces folder
client/traces/* client/traces/*
# my own dumps folder
client/dumps/* client/dumps/*
*.ice *.ice
*.new *.new
armsrc/TEMP EMV/*
tools/mf_nonce_brute/mf_nonce_brute tools/mf_nonce_brute/mf_nonce_brute
tools/andrew/* tools/andrew/*
tools/jtag_openocd/openocd_configuration tools/jtag_openocd/openocd_configuration

10
CHANGELOG.md
View file

@ -3,8 +3,14 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Added lf em function: 4x50_sread (@tharexde) - Readded verichip command which seems missing (@iceman1001)
- Added lf em functions: 4x50_info, 4x50_write, 4x50_write_password (@tharexde) - Fix missing t55x7 config block detection (@iceman1001)
- Fix missing define on proxspace (@mwalker33)
- Added `lf em 4x50_dump` (@iceman1001)
- Added `lf em 4x50_read` (@tharexde)
- Added `lf em 4x50_info` (@tharexde)
- Added `4x50_write` (@tharexde)
- Added `4x50_write_password` (@tharexde)
- Fix em4x50 demodulation error (@tharexde) - Fix em4x50 demodulation error (@tharexde)
- Fix `hf mfdes` authentification issues, DES working (@bkerler) - Fix `hf mfdes` authentification issues, DES working (@bkerler)
- Add Android cross-compilation to client cmake (@dxl, @doegox) - Add Android cross-compilation to client cmake (@dxl, @doegox)

5
armsrc/appmain.c
View file

@ -1023,7 +1023,10 @@ static void PacketReceived(PacketCommandNG *packet) {
em4x50_read((em4x50_data_t *)packet->data.asBytes); em4x50_read((em4x50_data_t *)packet->data.asBytes);
break; break;
} }
case CMD_LF_EM4X50_WIPE: {
em4x50_wipe((em4x50_data_t *)packet->data.asBytes);
break;
}
#endif #endif
#ifdef WITH_ISO15693 #ifdef WITH_ISO15693

58
armsrc/em4x50.c
View file

@ -1028,3 +1028,61 @@ void em4x50_write_password(em4x50_data_t *etd) {
lf_finalize(); lf_finalize();
reply_ng(CMD_ACK, bsuccess, 0, 0); reply_ng(CMD_ACK, bsuccess, 0, 0);
} }
void em4x50_wipe(em4x50_data_t *etd) {
// set all data of EM4x50 tag to 0x0 including password
bool bsuccess = false;
uint8_t zero[4] = {0, 0, 0, 0};
uint8_t addresses[4] = {0, 0, EM4X50_NO_WORDS - 3, 1};
init_tag();
em4x50_setup_read();
// set gHigh and gLow
if (get_signalproperties() && find_em4x50_tag()) {
// login first
if (login(etd->password)) {
// write 0x0 to each address but ignore addresses
// 0 -> password, 32 -> serial, 33 -> uid
// writing 34 words takes about 3.6 seconds -> high timeout needed
for (int i = 1; i <= EM4X50_NO_WORDS - 3; i++)
write(zero, i);
// to verify result reset EM4x50
if (reset()) {
// login not necessary because protectd word has been set to 0
// -> no read protected words
// -> selective read can be called immediately
if (selective_read(addresses)) {
// check if everything is zero
bsuccess = true;
for (int i = 1; i <= EM4X50_NO_WORDS - 3; i++)
for (int j = 0; j < 4; j++)
bsuccess &= (tag.sectors[i][j] == 0) ? true : false;
}
if (bsuccess) {
// so far everything is fine
// last task: reset password
if (login(etd->password))
bsuccess = write_password(etd->password, zero);
// verify by login with new password
if (bsuccess)
bsuccess = login(zero);
}
}
}
}
lf_finalize();
reply_ng(CMD_ACK, bsuccess, (uint8_t *)tag.sectors, 238);
}

1
armsrc/em4x50.h
View file

@ -21,5 +21,6 @@ void em4x50_info(em4x50_data_t *etd);
void em4x50_write(em4x50_data_t *etd); void em4x50_write(em4x50_data_t *etd);
void em4x50_write_password(em4x50_data_t *etd); void em4x50_write_password(em4x50_data_t *etd);
void em4x50_read(em4x50_data_t *etd); void em4x50_read(em4x50_data_t *etd);
void em4x50_wipe(em4x50_data_t *etd);
#endif /* EM4X50_H */ #endif /* EM4X50_H */

1
client/CMakeLists.txt
View file

@ -267,7 +267,6 @@ set (TARGET_SOURCES
${PM3_ROOT}/client/src/cmdlfsecurakey.c ${PM3_ROOT}/client/src/cmdlfsecurakey.c
${PM3_ROOT}/client/src/cmdlft55xx.c ${PM3_ROOT}/client/src/cmdlft55xx.c
${PM3_ROOT}/client/src/cmdlfti.c ${PM3_ROOT}/client/src/cmdlfti.c
${PM3_ROOT}/client/src/cmdlfverichip.c
${PM3_ROOT}/client/src/cmdlfviking.c ${PM3_ROOT}/client/src/cmdlfviking.c
${PM3_ROOT}/client/src/cmdlfvisa2000.c ${PM3_ROOT}/client/src/cmdlfvisa2000.c
${PM3_ROOT}/client/src/cmdmain.c ${PM3_ROOT}/client/src/cmdmain.c

223
client/android/CMakeLists.txt
View file

@ -1,12 +1,6 @@
# version # version
cmake_minimum_required(VERSION 3.4.1) cmake_minimum_required(VERSION 3.4.1)
# We are build on android platform, so we need add def "ANDROID"
# NDK version for SDK 19 doesn't implement the whole C++11 standard in the STL.
# see: https://stackoverflow.com/questions/44736135/ndk-clang-error-undefined-reference-to-localeconv
# so we need add def getlocaledecpoint()='.'
add_definitions(-DANDROID -D"getlocaledecpoint\(\)='.'")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3 -fvisibility=hidden -w") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3 -fvisibility=hidden -w")
# Root path into client # Root path into client
@ -14,138 +8,170 @@ set(PM3_ROOT ../../)
add_subdirectory(../deps deps) add_subdirectory(../deps deps)
# Build zlib deps at external
if (CMAKE_MAKE_PROGRAM MATCHES ".*ninja.*")
set(BZIP2_INCLUDE_DIRS ${BZIP2_ROOT})
set(BZIP2_LIBRARIES pm3rrg_rdv4_bzip2)
find_library(pm3rrg_rdv4_bzip2 REQUIRED)
elseif (UNIX) # Cross compile at Unix Makefile System.
# bzip2 dep.
include(ExternalProject)
set(CFLAGS_EXTERNAL_LIB "CFLAGS=--target=${CMAKE_C_COMPILER_TARGET} -w")
set(BZIP2_BUILD_DIR ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2)
ExternalProject_Add(bzip2
GIT_REPOSITORY https://android.googlesource.com/platform/external/bzip2
GIT_TAG platform-tools-30.0.2
PREFIX deps/bzip2
#SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/deps/bzip2
CONFIGURE_COMMAND mkdir -p ${BZIP2_BUILD_DIR} && git archive --format tar HEAD | tar -C ${BZIP2_BUILD_DIR} -x
BUILD_IN_SOURCE ON
BUILD_COMMAND make -C ${BZIP2_BUILD_DIR} -j4 CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} AR=${CMAKE_AR} RANLIB=${CMAKE_RANLIB} ${CFLAGS_EXTERNAL_LIB} libbz2.a
INSTALL_COMMAND ""
LOG_DOWNLOAD ON
)
ExternalProject_Add_StepTargets(bzip2 configure build install)
set(BZIP2_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2)
set(BZIP2_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/deps/bzip2/src/bzip2/libbz2.a)
else ()
message(ERROR "Please implement your BZIP2 import.")
endif ()
# client resources # client resources
add_library(pm3rrg_rdv4 SHARED add_library(pm3rrg_rdv4 SHARED
${PM3_ROOT}/common/commonutil.c
${PM3_ROOT}/common/util_posix.c ${PM3_ROOT}/common/util_posix.c
${PM3_ROOT}/common/parity.c
${PM3_ROOT}/common/bucketsort.c
${PM3_ROOT}/common/crapto1/crapto1.c ${PM3_ROOT}/common/crapto1/crapto1.c
${PM3_ROOT}/common/crapto1/crypto1.c ${PM3_ROOT}/common/crapto1/crypto1.c
${PM3_ROOT}/common/crc.c ${PM3_ROOT}/common/crc.c
${PM3_ROOT}/common/crc16.c ${PM3_ROOT}/common/crc16.c
${PM3_ROOT}/common/crc32.c ${PM3_ROOT}/common/crc32.c
${PM3_ROOT}/common/crc64.c ${PM3_ROOT}/common/crc64.c
${PM3_ROOT}/common/cardhelper.c
${PM3_ROOT}/common/parity.c
${PM3_ROOT}/common/commonutil.c
${PM3_ROOT}/common/generator.c
${PM3_ROOT}/common/lfdemod.c ${PM3_ROOT}/common/lfdemod.c
${PM3_ROOT}/common/iso15693tools.c
${PM3_ROOT}/common/bucketsort.c
${PM3_ROOT}/common/legic_prng.c ${PM3_ROOT}/common/legic_prng.c
# client inside ${PM3_ROOT}/common/iso15693tools.c
${PM3_ROOT}/client/src/fileutils.c ${PM3_ROOT}/common/cardhelper.c
${PM3_ROOT}/client/src/uart/uart_posix.c ${PM3_ROOT}/common/generator.c
${PM3_ROOT}/client/src/loclass/cipherutils.c ${PM3_ROOT}/client/src/crypto/asn1dump.c
${PM3_ROOT}/client/src/loclass/cipher.c ${PM3_ROOT}/client/src/crypto/asn1utils.c
${PM3_ROOT}/client/src/loclass/ikeys.c ${PM3_ROOT}/client/src/crypto/libpcrypto.c
${PM3_ROOT}/client/src/loclass/elite_crack.c ${PM3_ROOT}/client/src/emv/test/cda_test.c
${PM3_ROOT}/client/src/emv/emvcore.c ${PM3_ROOT}/client/src/emv/test/crypto_test.c
${PM3_ROOT}/client/src/emv/test/cryptotest.c
${PM3_ROOT}/client/src/emv/test/dda_test.c
${PM3_ROOT}/client/src/emv/test/sda_test.c
${PM3_ROOT}/client/src/emv/apduinfo.c
${PM3_ROOT}/client/src/emv/cmdemv.c ${PM3_ROOT}/client/src/emv/cmdemv.c
${PM3_ROOT}/client/src/emv/tlv.c
${PM3_ROOT}/client/src/emv/dol.c
${PM3_ROOT}/client/src/emv/emv_tags.c
${PM3_ROOT}/client/src/emv/emv_roca.c
${PM3_ROOT}/client/src/emv/dump.c
${PM3_ROOT}/client/src/emv/crypto_polarssl.c
${PM3_ROOT}/client/src/emv/crypto.c ${PM3_ROOT}/client/src/emv/crypto.c
${PM3_ROOT}/client/src/emv/crypto_polarssl.c
${PM3_ROOT}/client/src/emv/dol.c
${PM3_ROOT}/client/src/emv/dump.c
${PM3_ROOT}/client/src/emv/emv_pk.c ${PM3_ROOT}/client/src/emv/emv_pk.c
${PM3_ROOT}/client/src/emv/emv_pki.c ${PM3_ROOT}/client/src/emv/emv_pki.c
${PM3_ROOT}/client/src/emv/emv_pki_priv.c
${PM3_ROOT}/client/src/emv/emv_roca.c
${PM3_ROOT}/client/src/emv/emv_tags.c
${PM3_ROOT}/client/src/emv/emvcore.c
${PM3_ROOT}/client/src/emv/emvjson.c ${PM3_ROOT}/client/src/emv/emvjson.c
${PM3_ROOT}/client/src/emv/apduinfo.c ${PM3_ROOT}/client/src/emv/tlv.c
${PM3_ROOT}/client/src/emv/test/cryptotest.c ${PM3_ROOT}/client/src/fido/additional_ca.c
${PM3_ROOT}/client/src/emv/test/sda_test.c ${PM3_ROOT}/client/src/fido/cbortools.c
${PM3_ROOT}/client/src/emv/test/dda_test.c ${PM3_ROOT}/client/src/fido/cose.c
${PM3_ROOT}/client/src/emv/test/cda_test.c ${PM3_ROOT}/client/src/fido/fidocore.c
${PM3_ROOT}/client/src/emv/test/crypto_test.c ${PM3_ROOT}/client/src/loclass/cipher.c
${PM3_ROOT}/client/src/emv/test/cryptotest.c ${PM3_ROOT}/client/src/loclass/cipherutils.c
${PM3_ROOT}/client/src/emv/test/sda_test.c ${PM3_ROOT}/client/src/loclass/elite_crack.c
${PM3_ROOT}/client/src/emv/test/dda_test.c ${PM3_ROOT}/client/src/loclass/hash1_brute.c
${PM3_ROOT}/client/src/emv/test/cda_test.c ${PM3_ROOT}/client/src/loclass/ikeys.c
${PM3_ROOT}/client/src/emv/test/crypto_test.c
${PM3_ROOT}/client/src/crypto/libpcrypto.c
${PM3_ROOT}/client/src/crypto/asn1utils.c
${PM3_ROOT}/client/src/crypto/asn1dump.c
${PM3_ROOT}/client/src/mifare/mad.c ${PM3_ROOT}/client/src/mifare/mad.c
${PM3_ROOT}/client/src/mifare/mfkey.c ${PM3_ROOT}/client/src/mifare/mfkey.c
${PM3_ROOT}/client/src/mifare/mifare4.c ${PM3_ROOT}/client/src/mifare/mifare4.c
${PM3_ROOT}/client/src/mifare/mifaredefault.c
${PM3_ROOT}/client/src/mifare/mifarehost.c ${PM3_ROOT}/client/src/mifare/mifarehost.c
${PM3_ROOT}/client/src/mifare/ndef.c ${PM3_ROOT}/client/src/mifare/ndef.c
${PM3_ROOT}/client/src/mifare/desfire_crypto.c ${PM3_ROOT}/client/src/mifare/desfire_crypto.c
${PM3_ROOT}/client/src/mifare/mifaredefault.c ${PM3_ROOT}/client/src/uart/uart_posix.c
${PM3_ROOT}/client/src/fido/cose.c ${PM3_ROOT}/client/src/uart/uart_win32.c
${PM3_ROOT}/client/src/fido/fidocore.c ${PM3_ROOT}/client/src/ui/overlays.ui
${PM3_ROOT}/client/src/fido/cbortools.c
${PM3_ROOT}/client/src/fido/additional_ca.c
${PM3_ROOT}/client/src/preferences.c
${PM3_ROOT}/client/src/graph.c
${PM3_ROOT}/client/src/ui.c
${PM3_ROOT}/client/src/tea.c
${PM3_ROOT}/client/src/util.c
${PM3_ROOT}/client/src/comms.c
${PM3_ROOT}/client/src/cmdcrc.c
${PM3_ROOT}/client/src/cmdanalyse.c
${PM3_ROOT}/client/src/cmddata.c
${PM3_ROOT}/client/src/cmdtrace.c
${PM3_ROOT}/client/src/cmdhf.c
${PM3_ROOT}/client/src/cmdhflto.c
${PM3_ROOT}/client/src/aidsearch.c ${PM3_ROOT}/client/src/aidsearch.c
${PM3_ROOT}/client/src/cmdanalyse.c
${PM3_ROOT}/client/src/cmdcrc.c
${PM3_ROOT}/client/src/cmddata.c
${PM3_ROOT}/client/src/cmdflashmem.c
${PM3_ROOT}/client/src/cmdflashmemspiffs.c
${PM3_ROOT}/client/src/cmdhf.c
${PM3_ROOT}/client/src/cmdhf14a.c ${PM3_ROOT}/client/src/cmdhf14a.c
${PM3_ROOT}/client/src/cmdhf14b.c ${PM3_ROOT}/client/src/cmdhf14b.c
${PM3_ROOT}/client/src/cmdwiegand.c
${PM3_ROOT}/client/src/wiegand_formatutils.c
${PM3_ROOT}/client/src/wiegand_formats.c
${PM3_ROOT}/client/src/cmdlfmotorola.c
${PM3_ROOT}/client/src/cmdlfgallagher.c
${PM3_ROOT}/client/src/cmdhf15.c ${PM3_ROOT}/client/src/cmdhf15.c
${PM3_ROOT}/client/src/cmdhfcryptorf.c
${PM3_ROOT}/client/src/cmdhfepa.c ${PM3_ROOT}/client/src/cmdhfepa.c
${PM3_ROOT}/client/src/cmdhflegic.c
${PM3_ROOT}/client/src/cmdhfthinfilm.c
${PM3_ROOT}/client/src/cmdflashmemspiffs.c
${PM3_ROOT}/client/src/cmdhffelica.c ${PM3_ROOT}/client/src/cmdhffelica.c
${PM3_ROOT}/client/src/cmdhffido.c
${PM3_ROOT}/client/src/cmdhficlass.c ${PM3_ROOT}/client/src/cmdhficlass.c
${PM3_ROOT}/client/src/cmdhflegic.c
${PM3_ROOT}/client/src/cmdhflist.c ${PM3_ROOT}/client/src/cmdhflist.c
${PM3_ROOT}/client/src/cmdhflto.c
${PM3_ROOT}/client/src/cmdhfmf.c ${PM3_ROOT}/client/src/cmdhfmf.c
${PM3_ROOT}/client/src/cmdhfmfdes.c ${PM3_ROOT}/client/src/cmdhfmfdes.c
${PM3_ROOT}/client/src/cmdhfmfu.c ${PM3_ROOT}/client/src/cmdhfmfhard.c
${PM3_ROOT}/client/src/cmdhfmfp.c ${PM3_ROOT}/client/src/cmdhfmfp.c
${PM3_ROOT}/client/src/cmdhffido.c ${PM3_ROOT}/client/src/cmdhfmfu.c
${PM3_ROOT}/client/src/cmdhfthinfilm.c
${PM3_ROOT}/client/src/cmdhftopaz.c ${PM3_ROOT}/client/src/cmdhftopaz.c
${PM3_ROOT}/client/src/cmdhw.c ${PM3_ROOT}/client/src/cmdhw.c
${PM3_ROOT}/client/src/cmdlf.c ${PM3_ROOT}/client/src/cmdlf.c
${PM3_ROOT}/client/src/cmdlfkeri.c
${PM3_ROOT}/client/src/cmdlffdx.c
${PM3_ROOT}/client/src/cmdlfio.c
${PM3_ROOT}/client/src/cmdlfem4x.c
${PM3_ROOT}/client/src/cmdlfhid.c
${PM3_ROOT}/client/src/cmdlfnedap.c
${PM3_ROOT}/client/src/cmdlfguard.c
${PM3_ROOT}/client/src/cmdlfhitag.c
${PM3_ROOT}/client/src/cmdlfjablotron.c
${PM3_ROOT}/client/src/cmdsmartcard.c
${PM3_ROOT}/client/src/cmdlfti.c
${PM3_ROOT}/client/src/cmdlfpac.c
${PM3_ROOT}/client/src/cmdlfnoralsy.c
${PM3_ROOT}/client/src/cmdlfnexwatch.c
${PM3_ROOT}/client/src/cmdlfpresco.c
${PM3_ROOT}/client/src/cmdlfindala.c
${PM3_ROOT}/client/src/cmdlfviking.c
${PM3_ROOT}/client/src/cmdlfsecurakey.c
${PM3_ROOT}/client/src/cmdlfpyramid.c
${PM3_ROOT}/client/src/cmdlfparadox.c
${PM3_ROOT}/client/src/cmdlfcotag.c
${PM3_ROOT}/client/src/cmdlfawid.c ${PM3_ROOT}/client/src/cmdlfawid.c
${PM3_ROOT}/client/src/cmdparser.c ${PM3_ROOT}/client/src/cmdlfcotag.c
${PM3_ROOT}/client/src/cmdscript.c ${PM3_ROOT}/client/src/cmdlfem4x.c
${PM3_ROOT}/client/src/cmdlfem4x50.c
${PM3_ROOT}/client/src/cmdlffdx.c
${PM3_ROOT}/client/src/cmdlfgallagher.c
${PM3_ROOT}/client/src/cmdlfguard.c
${PM3_ROOT}/client/src/cmdlfhid.c
${PM3_ROOT}/client/src/cmdlfhitag.c
${PM3_ROOT}/client/src/cmdlfindala.c
${PM3_ROOT}/client/src/cmdlfio.c
${PM3_ROOT}/client/src/cmdlfjablotron.c
${PM3_ROOT}/client/src/cmdlfkeri.c
${PM3_ROOT}/client/src/cmdlfmotorola.c
${PM3_ROOT}/client/src/cmdlfnedap.c
${PM3_ROOT}/client/src/cmdlfnexwatch.c
${PM3_ROOT}/client/src/cmdlfnoralsy.c
${PM3_ROOT}/client/src/cmdlfpac.c
${PM3_ROOT}/client/src/cmdlfparadox.c
${PM3_ROOT}/client/src/cmdlfpcf7931.c
${PM3_ROOT}/client/src/cmdlfpresco.c
${PM3_ROOT}/client/src/cmdlfpyramid.c
${PM3_ROOT}/client/src/cmdlfsecurakey.c
${PM3_ROOT}/client/src/cmdlft55xx.c
${PM3_ROOT}/client/src/cmdlfti.c
${PM3_ROOT}/client/src/cmdlfverichip.c
${PM3_ROOT}/client/src/cmdlfviking.c
${PM3_ROOT}/client/src/cmdlfvisa2000.c ${PM3_ROOT}/client/src/cmdlfvisa2000.c
${PM3_ROOT}/client/src/cmdmain.c ${PM3_ROOT}/client/src/cmdmain.c
${PM3_ROOT}/client/src/cmdflashmem.c ${PM3_ROOT}/client/src/cmdparser.c
${PM3_ROOT}/client/src/scripting.c ${PM3_ROOT}/client/src/cmdscript.c
${PM3_ROOT}/client/src/cmdsmartcard.c
${PM3_ROOT}/client/src/cmdtrace.c
${PM3_ROOT}/client/src/cmdusart.c
${PM3_ROOT}/client/src/cmdwiegand.c
${PM3_ROOT}/client/src/comms.c
${PM3_ROOT}/client/src/fileutils.c
${PM3_ROOT}/client/src/flash.c
${PM3_ROOT}/client/src/graph.c
${PM3_ROOT}/client/src/jansson_path.c
${PM3_ROOT}/client/src/preferences.c
${PM3_ROOT}/client/src/pm3_binlib.c ${PM3_ROOT}/client/src/pm3_binlib.c
${PM3_ROOT}/client/src/pm3_bitlib.c ${PM3_ROOT}/client/src/pm3_bitlib.c
${PM3_ROOT}/client/src/cmdlft55xx.c ${PM3_ROOT}/client/src/prng.c
${PM3_ROOT}/client/src/cmdlfpcf7931.c ${PM3_ROOT}/client/src/scandir.c
${PM3_ROOT}/client/src/cmdhfmfhard.c ${PM3_ROOT}/client/src/scripting.c
${PM3_ROOT}/client/src/cmdusart.c ${PM3_ROOT}/client/src/tea.c
${PM3_ROOT}/client/src/jansson_path.c ${PM3_ROOT}/client/src/ui.c
${PM3_ROOT}/client/src/util.c
${PM3_ROOT}/client/src/wiegand_formats.c
${PM3_ROOT}/client/src/wiegand_formatutils.c
# android resources # android resources
jni_tools.c jni_tools.c
pm3_main.c pm3_main.c
@ -154,6 +180,7 @@ add_library(pm3rrg_rdv4 SHARED
# includes # includes
target_include_directories(pm3rrg_rdv4 PRIVATE target_include_directories(pm3rrg_rdv4 PRIVATE
${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}
${BZIP2_INCLUDE_DIRS}
${PM3_ROOT}/include/ ${PM3_ROOT}/include/
${PM3_ROOT}/common ${PM3_ROOT}/common
${PM3_ROOT}/common_fpga ${PM3_ROOT}/common_fpga
@ -169,7 +196,7 @@ find_library(pm3rrg_rdv4_hardnested REQUIRED)
find_library(pm3rrg_rdv4_whereami REQUIRED) find_library(pm3rrg_rdv4_whereami REQUIRED)
target_link_libraries(pm3rrg_rdv4 target_link_libraries(pm3rrg_rdv4
bz2 ${BZIP2_LIBRARIES}
pm3rrg_rdv4_hardnested pm3rrg_rdv4_hardnested
pm3rrg_rdv4_mbedtls pm3rrg_rdv4_mbedtls
pm3rrg_rdv4_cliparser pm3rrg_rdv4_cliparser

44
client/android/pm3_main.c
View file

@ -28,26 +28,18 @@
#include "jni_tools.h" #include "jni_tools.h"
//iceman, todo: proxify socker server name. Maybe set in preferences? //iceman, todo: proxify socker server name. Maybe set in preferences?
// DXL reply, todo:
// Is a good idea, we can move this def to preferences, but not now.
// Because libpm3rrg_rdv4.so cant load preferences.
// I will impl a function to load preferences at future.
#define PM3_LOCAL_SOCKET_SERVER "DXL.COM.ASL" #define PM3_LOCAL_SOCKET_SERVER "DXL.COM.ASL"
void ShowGraphWindow(void) {
}
void HideGraphWindow(void) {
}
void RepaintGraphWindow(void) {
}
int push_cmdscriptfile(char *path, bool stayafter) {
return PM3_SUCCESS;
}
static char *g_android_executable_directory = NULL; static char *g_android_executable_directory = NULL;
static const char *g_android_user_directory = NULL; static char *g_android_user_directory = NULL;
const char *get_executable_directory(void) { char version_information[] = {"ANDROID_LIBRARY 1.4.6 build by DXL"};
const char *get_my_executable_directory(void) {
if (g_android_executable_directory == NULL) { if (g_android_executable_directory == NULL) {
char buf[FILE_PATH_SIZE] = {0}; char buf[FILE_PATH_SIZE] = {0};
getcwd(buf, sizeof(buf)); getcwd(buf, sizeof(buf));
@ -57,14 +49,20 @@ const char *get_executable_directory(void) {
return g_android_executable_directory; return g_android_executable_directory;
} }
const char *get_user_directory(void) { const char *get_my_user_directory(void) {
return g_android_user_directory; return g_android_user_directory;
} }
void ShowGraphWindow(void) {}
void HideGraphWindow(void) {}
void RepaintGraphWindow(void) {}
int push_cmdscriptfile(char *path, bool stayafter) { return PM3_SUCCESS; }
static bool OpenPm3(void) { static bool OpenPm3(void) {
if (conn.run) { if (conn.run) { return true; }
return true;
}
// Open with LocalSocket. Not a tcp connection! // Open with LocalSocket. Not a tcp connection!
bool ret = OpenProxmark("socket:"PM3_LOCAL_SOCKET_SERVER, false, 1000, false, 115200); bool ret = OpenProxmark("socket:"PM3_LOCAL_SOCKET_SERVER, false, 1000, false, 115200);
return ret; return ret;
@ -108,7 +106,7 @@ jboolean IsClientRunning(JNIEnv *env, jobject instance) {
} }
/* /*
* test hw and hw and client. * test hw and fw and client.
* */ * */
jboolean TestPm3(JNIEnv *env, jobject instance) { jboolean TestPm3(JNIEnv *env, jobject instance) {
if (open() == false) { if (open() == false) {
@ -153,11 +151,13 @@ JNIEXPORT jint JNI_OnLoad(JavaVM *vm, void *reserved) {
{"closePm3", "()V", ClosePm3} {"closePm3", "()V", ClosePm3}
}; };
if ((*jniEnv)->RegisterNatives(jniEnv, clazz, methods, sizeof(methods) / sizeof(methods[0])) != JNI_OK) { if ((*jniEnv)->RegisterNatives(jniEnv, clazz, methods, sizeof(methods) / sizeof(methods[0])) !=
JNI_OK) {
return -1; return -1;
} }
if ((*jniEnv)->RegisterNatives(jniEnv, clz_test, methods1, sizeof(methods1) / sizeof(methods1[0])) != JNI_OK) { if ((*jniEnv)->RegisterNatives(jniEnv, clz_test, methods1,
sizeof(methods1) / sizeof(methods1[0])) != JNI_OK) {
return -1; return -1;
} }

4
client/src/cmdhfmf.c
View file

@ -307,13 +307,13 @@ static int usage_hf14_decryptbytes(void) {
PrintAndLogEx(NORMAL, "Usage: hf mf decrypt [h] <nt> <ar_enc> <at_enc> <data>"); PrintAndLogEx(NORMAL, "Usage: hf mf decrypt [h] <nt> <ar_enc> <at_enc> <data>");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h this help"); PrintAndLogEx(NORMAL, " h this help");
PrintAndLogEx(NORMAL, " <nt> reader nonce"); PrintAndLogEx(NORMAL, " <nt> tag nonce");
PrintAndLogEx(NORMAL, " <ar_enc> encrypted reader response"); PrintAndLogEx(NORMAL, " <ar_enc> encrypted reader response");
PrintAndLogEx(NORMAL, " <at_enc> encrypted tag response"); PrintAndLogEx(NORMAL, " <at_enc> encrypted tag response");
PrintAndLogEx(NORMAL, " <data> encrypted data, taken directly after at_enc and forward"); PrintAndLogEx(NORMAL, " <data> encrypted data, taken directly after at_enc and forward");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" hf mf decrypt b830049b 9248314a 9280e203 41e586f9")); PrintAndLogEx(NORMAL, _YELLOW_(" hf mf decrypt b830049b 9248314a 9280e203 41e586f9"));
PrintAndLogEx(NORMAL, "\n this sample decrypts 41e586f9 -> 3003999a Annotated: 30 03 [99 9a] auth block 3 [crc]"); PrintAndLogEx(NORMAL, "\n this sample decrypts 41e586f9 -> 3003999a Annotated: 30 03 [99 9a] read block 3 [crc]");
return PM3_SUCCESS; return PM3_SUCCESS;
} }

8
client/src/cmdhfmfhard.c
View file

@ -1664,14 +1664,6 @@ static inline bool bitflips_match(uint8_t byte, uint32_t state, odd_even_t odd_e
return true; return true;
} }
/*
static uint_fast8_t reverse(uint_fast8_t b) {
b = (b & 0xF0) >> 4 | (b & 0x0F) << 4;
b = (b & 0xCC) >> 2 | (b & 0x33) << 2;
b = (b & 0xAA) >> 1 | (b & 0x55) << 1;
return b;
}
*/
static uint_fast8_t reverse(uint_fast8_t b) { static uint_fast8_t reverse(uint_fast8_t b) {
return (b * 0x0202020202ULL & 0x010884422010ULL) % 1023; return (b * 0x0202020202ULL & 0x010884422010ULL) % 1023;
} }

3
client/src/cmdlf.c
View file

@ -1286,6 +1286,7 @@ int CmdLFfind(const char *Cmd) {
} }
} }
if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") " found!"); goto out;}
if (demodHID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("HID Prox ID") " found!"); goto out;} if (demodHID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("HID Prox ID") " found!"); goto out;}
if (demodAWID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("AWID ID") " found!"); goto out;} if (demodAWID() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("AWID ID") " found!"); goto out;}
if (demodIOProx() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("IO Prox ID") " found!"); goto out;} if (demodIOProx() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("IO Prox ID") " found!"); goto out;}
@ -1308,8 +1309,8 @@ int CmdLFfind(const char *Cmd) {
if (demodPyramid() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Pyramid ID") " found!"); goto out;} if (demodPyramid() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Pyramid ID") " found!"); goto out;}
if (demodSecurakey() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Securakey ID") " found!"); goto out;} if (demodSecurakey() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Securakey ID") " found!"); goto out;}
if (demodViking() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Viking ID") " found!"); goto out;} if (demodViking() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Viking ID") " found!"); goto out;}
if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") " found!"); goto out;}
if (demodGallagher() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("GALLAGHER ID") " found!"); goto out;} if (demodGallagher() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("GALLAGHER ID") " found!"); goto out;}
// if (demodTI() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Texas Instrument ID") " found!"); goto out;} // if (demodTI() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Texas Instrument ID") " found!"); goto out;}
//if (demodFermax() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Fermax ID") " found!"); goto out;} //if (demodFermax() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Fermax ID") " found!"); goto out;}

6
client/src/cmdlfem4x.c
View file

@ -128,7 +128,7 @@ static int usage_lf_em4x05_dump(void) {
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x05_dump"); PrintAndLogEx(NORMAL, " lf em 4x05_dump");
PrintAndLogEx(NORMAL, " lf em 4x05_dump 11223344"); PrintAndLogEx(NORMAL, " lf em 4x05_dump 11223344");
PrintAndLogEx(NORMAL, " lf em 4x50_dump f card1 11223344"); PrintAndLogEx(NORMAL, " lf em 4x05_dump f card1 11223344");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int usage_lf_em4x05_wipe(void) { static int usage_lf_em4x05_wipe(void) {
@ -1395,10 +1395,12 @@ static command_t CommandTable[] = {
{"4x05_read", CmdEM4x05Read, IfPm3Lf, "read word data from EM4x05/EM4x69"}, {"4x05_read", CmdEM4x05Read, IfPm3Lf, "read word data from EM4x05/EM4x69"},
{"4x05_write", CmdEM4x05Write, IfPm3Lf, "write word data to EM4x05/EM4x69"}, {"4x05_write", CmdEM4x05Write, IfPm3Lf, "write word data to EM4x05/EM4x69"},
{"----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("EM 4x50") " -----------------------"}, {"----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("EM 4x50") " -----------------------"},
{"4x50_info", CmdEM4x50Info, IfPm3EM4x50, "read complete data from EM4x50"}, {"4x50_dump", CmdEM4x50Dump, IfPm3EM4x50, "dump EM4x50 tag"},
{"4x50_info", CmdEM4x50Info, IfPm3EM4x50, "tag information EM4x50"},
{"4x50_write", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"}, {"4x50_write", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"},
{"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"}, {"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"},
{"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"}, {"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"},
{"4x50_wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe data from EM4x50"},
{NULL, NULL, NULL, NULL} {NULL, NULL, NULL, NULL}
}; };

297
client/src/cmdlfem4x50.c
View file

@ -15,7 +15,7 @@
#include "commonutil.h" #include "commonutil.h"
#include "em4x50.h" #include "em4x50.h"
int usage_lf_em4x50_info(void) { static int usage_lf_em4x50_info(void) {
PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna."); PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_info [h] [v] [p <pwd>]"); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_info [h] [v] [p <pwd>]");
@ -30,7 +30,7 @@ int usage_lf_em4x50_info(void) {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
int usage_lf_em4x50_write(void) { static int usage_lf_em4x50_write(void) {
PrintAndLogEx(NORMAL, "Write EM4x50 word. Tag must be on antenna. "); PrintAndLogEx(NORMAL, "Write EM4x50 word. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] [a <address>] [w <data>]"); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write [h] [a <address>] [w <data>]");
@ -44,7 +44,7 @@ int usage_lf_em4x50_write(void) {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
int usage_lf_em4x50_write_password(void) { static int usage_lf_em4x50_write_password(void) {
PrintAndLogEx(NORMAL, "Write EM4x50 password. Tag must be on antenna. "); PrintAndLogEx(NORMAL, "Write EM4x50 password. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write_password [h] [p <pwd>] [n <pwd>]"); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write_password [h] [p <pwd>] [n <pwd>]");
@ -57,7 +57,7 @@ int usage_lf_em4x50_write_password(void) {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
int usage_lf_em4x50_read(void) { static int usage_lf_em4x50_read(void) {
PrintAndLogEx(NORMAL, "Read EM4x50 word(s). Tag must be on antenna."); PrintAndLogEx(NORMAL, "Read EM4x50 word(s). Tag must be on antenna.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_read [h] [a <address>] [p <pwd>]"); PrintAndLogEx(NORMAL, "Usage: lf em 4x50_read [h] [a <address>] [p <pwd>]");
@ -71,6 +71,32 @@ int usage_lf_em4x50_read(void) {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int usage_lf_em4x50_dump(void) {
PrintAndLogEx(NORMAL, "Dump EM4x50 tag. Tag must be on antenna.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_dump [h] [f <filename prefix>] [p <pwd>]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " f <filename prefix> - overide filename prefix (optional). Default is based on UID");
PrintAndLogEx(NORMAL, " p <pwd> - password (hex) (optional)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump p 11223344"));
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump f card_nnn p 11223344"));
return PM3_SUCCESS;
}
static int usage_lf_em4x50_wipe(void) {
PrintAndLogEx(NORMAL, "Wipe data from EM4x50 tag. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_wipe [h] [p <pwd>]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " p <pwd> - password (hex)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_wwipe p 11223344"));
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) { static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) {
@ -128,46 +154,52 @@ static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t
} }
} }
static void print_result(const em4x50_word_t *words, int fwr, int lwr, bool verbose) { static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
// print available information for given word from fwr to lwr, i.e. // print available information for given word from fwr to lwr, i.e.
// bit table + summary lines with hex notation of word (msb + lsb) // bit table + summary lines with hex notation of word (msb + lsb)
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0}; PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, " # | word (msb) | word (lsb) | desc");
PrintAndLogEx(INFO, "----+-------------+-------------+--------------------");
for (int i = fwr; i <= lwr; i++) { for (int i = fwr; i <= lwr; i++) {
if (verbose) { char s[50] = {0};
switch(i) {
// final result case EM4X50_DEVICE_PASSWORD:
string[0] = '\0'; sprintf(s, _YELLOW_("password, write only"));
sprintf(pstring, "\n word[%i] msb: " _GREEN_("0x"), i); break;
strcat(string, pstring); case EM4X50_PROTECTION:
sprintf(s, _YELLOW_("protection cfg (locked)"));
for (int j = 0; j < 4; j++) { break;
sprintf(pstring, _GREEN_("%02x"), words[i].byte[j]); case EM4X50_CONTROL:
strcat(string, pstring); sprintf(s, _YELLOW_("control cfg (locked)"));
break;
case EM4X50_DEVICE_SERIAL:
sprintf(s, _YELLOW_("device serial number (read only)"));
break;
case EM4X50_DEVICE_ID:
sprintf(s, _YELLOW_("device identification (read only)"));
break;
default:
sprintf(s, "user data");
break;
} }
sprintf(pstring, "\n word[%i] lsb: 0x", i); char r[30] = {0};
strcat(string, pstring); for (int j = 3; j >= 0; j--) {
sprintf(r + strlen(r), "%02x ", reflect8(words[i].byte[j]));
}
for (int j = 0; j < 4; j++) { PrintAndLogEx(INFO, " %2i | " _GREEN_("%s") "| %s| %s",
sprintf(pstring, "%02x", reflect8(words[i].byte[3-j])); i,
strcat(string, pstring); sprint_hex(words[i].byte, 4),
} r,
} else { s
string[0] = '\0'; );
sprintf(pstring, "[" _GREEN_("+") "] word[%i]: " _YELLOW_("0x"), i);
strcat(string, pstring);
for (int j = 0; j < 4; j++) {
sprintf(pstring, _YELLOW_("%02x"), words[i].byte[j]);
strcat(string, pstring);
}
}
PrintAndLogEx(INFO, string);
} }
PrintAndLogEx(INFO, "----+-------------+-------------+--------------------");
} }
static void print_info_result(uint8_t *data, bool verbose) { static void print_info_result(uint8_t *data, bool verbose) {
@ -193,42 +225,7 @@ static void print_info_result(uint8_t *data, bool verbose) {
// data section // data section
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, _YELLOW_("EM4x50 data:")); PrintAndLogEx(INFO, _YELLOW_("EM4x50 data:"));
print_result(words, 0, EM4X50_NO_WORDS - 1);
if (verbose) {
print_result(words, 0, EM4X50_NO_WORDS - 1, true);
} else {
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "idx | word | desc");
PrintAndLogEx(INFO, "----+-------------+----------------------------------");
// condensed data section
for (int i = 0; i < EM4X50_NO_WORDS; i++) {
char s[50] = {0};
switch(i) {
case EM4X50_DEVICE_PASSWORD:
sprintf(s, _YELLOW_("password, write only"));
break;
case EM4X50_PROTECTION:
sprintf(s, _YELLOW_("protection cfg (locked)"));
break;
case EM4X50_CONTROL:
sprintf(s, _YELLOW_("control cfg (locked)"));
break;
case EM4X50_DEVICE_SERIAL:
sprintf(s, _YELLOW_("device serial number (read only)"));
break;
case EM4X50_DEVICE_ID:
sprintf(s, _YELLOW_("device identification (read only)"));
break;
default:
sprintf(s, "user data");
break;
}
PrintAndLogEx(INFO, " %2i | %s| %s", i, sprint_hex(words[i].byte, 4), s);
}
}
PrintAndLogEx(INFO, "----+-------------+----------------------------------");
// configuration section // configuration section
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
@ -416,7 +413,7 @@ int CmdEM4x50Write(const char *Cmd) {
em4x50_word_t words[EM4X50_NO_WORDS]; em4x50_word_t words[EM4X50_NO_WORDS];
prepare_result(data, etd.address, etd.address, words); prepare_result(data, etd.address, etd.address, words);
print_result(words, etd.address, etd.address, true); print_result(words, etd.address, etd.address);
PrintAndLogEx(SUCCESS, "Successfully wrote to tag"); PrintAndLogEx(SUCCESS, "Successfully wrote to tag");
PrintAndLogEx(HINT, "Try `" _YELLOW_("lf em 4x50_read a %u") "` - to read your data", etd.address); PrintAndLogEx(HINT, "Try `" _YELLOW_("lf em 4x50_read a %u") "` - to read your data", etd.address);
return PM3_SUCCESS; return PM3_SUCCESS;
@ -553,9 +550,7 @@ int em4x50_read(em4x50_data_t *etd, em4x50_word_t *out, bool verbose) {
memcpy(out, &words, sizeof(em4x50_word_t) * EM4X50_NO_WORDS); memcpy(out, &words, sizeof(em4x50_word_t) * EM4X50_NO_WORDS);
} }
if (verbose) { print_result(words, etd->address, etd->address);
print_result(words, etd->address, etd->address, true);
}
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -573,15 +568,6 @@ int CmdEM4x50Read(const char *Cmd) {
case 'h': { case 'h': {
return usage_lf_em4x50_read(); return usage_lf_em4x50_read();
} }
case 'p': {
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
return PM3_EINVARG;
}
etd.pwd_given = true;
cmdp += 2;
break;
}
case 'a': { case 'a': {
param_getdec(Cmd, cmdp + 1, &etd.address); param_getdec(Cmd, cmdp + 1, &etd.address);
@ -594,6 +580,15 @@ int CmdEM4x50Read(const char *Cmd) {
cmdp += 2; cmdp += 2;
break; break;
} }
case 'p': {
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
return PM3_EINVARG;
}
etd.pwd_given = true;
cmdp += 2;
break;
}
default: { default: {
PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -602,8 +597,144 @@ int CmdEM4x50Read(const char *Cmd) {
} }
} }
if (errors) if (errors || strlen(Cmd) == 0 || etd.addr_given == false)
return usage_lf_em4x50_read(); return usage_lf_em4x50_read();
return em4x50_read(&etd, NULL, true); return em4x50_read(&etd, NULL, true);
} }
int CmdEM4x50Dump(const char *Cmd) {
em4x50_data_t etd;
etd.pwd_given = false;
etd.addr_given = false;
char filename[FILE_PATH_SIZE] = {0x00};
char *fptr = filename;
bool errors = false;
uint8_t cmdp = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_lf_em4x50_dump();
break;
case 'f':
param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE);
cmdp += 2;
break;
case 'p': {
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
return PM3_EINVARG;
}
etd.pwd_given = true;
cmdp += 2;
break;
}
default:
PrintAndLogEx(WARNING, " Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
};
}
// validation
if (errors)
return usage_lf_em4x50_dump();
PrintAndLogEx(INFO, "reading EM4x50 tag");
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_INFO, (uint8_t *)&etd, sizeof(etd));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return PM3_ETIMEOUT;
}
bool success = (resp.status & STATUS_SUCCESS) >> 1;
if (success == false) {
PrintAndLogEx(FAILED, "reading tag " _RED_("failed"));
return PM3_ESOFT;
}
// structured format
em4x50_word_t words[EM4X50_NO_WORDS];
prepare_result(resp.data.asBytes, 0, EM4X50_NO_WORDS - 1, words);
PrintAndLogEx(INFO, _YELLOW_("EM4x50 data:"));
print_result(words, 0, EM4X50_NO_WORDS - 1);
// user supplied filename?
if (strlen(filename) == 0) {
PrintAndLogEx(INFO, "Using UID as filename");
fptr += sprintf(fptr, "lf-4x50-");
FillFileNameByUID(fptr, words[EM4X50_DEVICE_SERIAL].byte, "-dump", 4);
}
uint8_t data[EM4X50_NO_WORDS * 4] = {0};
for (int i=0; i < EM4X50_NO_WORDS; i++) {
memcpy(data + (i*4), words[i].byte, 4);
}
// saveFileEML will add .eml extension to filename
// saveFile (binary) passes in the .bin extension.
saveFileEML(filename, data, sizeof(data), 4);
saveFile(filename, ".bin", data, sizeof(data));
//saveFileJSON...
return PM3_SUCCESS;
}
int CmdEM4x50Wipe(const char *Cmd) {
// fills EM4x50 tag with zeros including password
bool errors = false, bpwd = false;
uint8_t cmdp = 0;
em4x50_data_t etd;
PacketResponseNG resp;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_lf_em4x50_wipe();
case 'p':
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\npassword has to be 8 hex symbols\n");
return PM3_EINVARG;
}
bpwd = true;
cmdp += 2;
break;
default:
PrintAndLogEx(WARNING, "\nUnknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors || !bpwd)
return usage_lf_em4x50_wipe();
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_WIPE, (uint8_t *)&etd, sizeof(etd));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2*TIMEOUT)) {
PrintAndLogEx(WARNING, "\ntimeout while waiting for reply.\n");
return PM3_ETIMEOUT;
}
// print response
bool isOK = resp.status;
if (isOK) {
PrintAndLogEx(SUCCESS,"\nwiping data " _GREEN_("ok") "\n");
} else {
PrintAndLogEx(FAILED,"\nwiping data " _RED_("failed") "\n");
return PM3_ESOFT;
}
return PM3_SUCCESS;
}

7
client/src/cmdlfem4x50.h
View file

@ -14,11 +14,6 @@
#include"common.h" #include"common.h"
#include "em4x50.h" #include "em4x50.h"
int usage_lf_em4x50_info(void);
int usage_lf_em4x50_write(void);
int usage_lf_em4x50_write_password(void);
int usage_lf_em4x50_read(void);
int read_em4x50_uid(void); int read_em4x50_uid(void);
bool detect_4x50_block(void); bool detect_4x50_block(void);
int em4x50_read(em4x50_data_t *etd, em4x50_word_t *out, bool verbose); int em4x50_read(em4x50_data_t *etd, em4x50_word_t *out, bool verbose);
@ -27,5 +22,7 @@ int CmdEM4x50Info(const char *Cmd);
int CmdEM4x50Write(const char *Cmd); int CmdEM4x50Write(const char *Cmd);
int CmdEM4x50WritePassword(const char *Cmd); int CmdEM4x50WritePassword(const char *Cmd);
int CmdEM4x50Read(const char *Cmd); int CmdEM4x50Read(const char *Cmd);
int CmdEM4x50Dump(const char *Cmd);
int CmdEM4x50Wipe(const char *Cmd);
#endif #endif

11
client/src/cmdlfkeri.c
View file

@ -137,11 +137,16 @@ static int CmdKeriMSScramble(KeriMSScramble_t Action, uint32_t *FC, uint32_t *ID
static int CmdKeriDemod(const char *Cmd) { static int CmdKeriDemod(const char *Cmd) {
(void)Cmd; // Cmd is not used so far (void)Cmd; // Cmd is not used so far
return demodKeri();
}
int demodKeri(void) {
if (PSKDemod("", false) != PM3_SUCCESS) { if (PSKDemod("", false) != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - KERI: PSK1 Demod failed"); PrintAndLogEx(DEBUG, "DEBUG: Error - KERI: PSK1 Demod failed");
return PM3_ESOFT; return PM3_ESOFT;
} }
bool invert = false; bool invert = false;
size_t size = DemodBufferLen; size_t size = DemodBufferLen;
int idx = detectKeri(DemodBuffer, &size, &invert); int idx = detectKeri(DemodBuffer, &size, &invert);
@ -207,6 +212,8 @@ static int CmdKeriDemod(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int CmdKeriRead(const char *Cmd) { static int CmdKeriRead(const char *Cmd) {
lf_read(false, 10000); lf_read(false, 10000);
return CmdKeriDemod(Cmd); return CmdKeriDemod(Cmd);
@ -382,7 +389,3 @@ int detectKeri(uint8_t *dest, size_t *size, bool *invert) {
return (int)startIdx; return (int)startIdx;
} }
int demodKeri(void) {
return CmdKeriDemod("");
}

21
client/src/cmdlfpac.c
View file

@ -1,4 +1,6 @@
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// by marshmellow
// by danshuk
// //
// This code is licensed to you under the terms of the GNU GPL, version 2 or, // This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of // at your option, any later version. See the LICENSE.txt file for the text of
@ -12,7 +14,6 @@
#include <ctype.h> // tolower #include <ctype.h> // tolower
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include "commonutil.h" // ARRAYLEN #include "commonutil.h" // ARRAYLEN
#include "common.h" #include "common.h"
#include "cmdparser.h" // command_t #include "cmdparser.h" // command_t
@ -22,7 +23,7 @@
#include "cmdlf.h" #include "cmdlf.h"
#include "lfdemod.h" // preamble test #include "lfdemod.h" // preamble test
#include "protocols.h" // t55xx defines #include "protocols.h" // t55xx defines
#include "cmdlft55xx.h" // clone.. #include "cmdlft55xx.h" // clone
#include "parity.h" #include "parity.h"
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
@ -54,7 +55,7 @@ static int usage_lf_pac_sim(void) {
PrintAndLogEx(NORMAL, _YELLOW_(" lf pac sim 12345678")); PrintAndLogEx(NORMAL, _YELLOW_(" lf pac sim 12345678"));
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// by danshuk
// PAC_8byte format: preamble (8 mark/idle bits), ascii STX (02), ascii '2' (32), ascii '0' (30), ascii bytes 0..7 (cardid), then xor checksum of cardid bytes // PAC_8byte format: preamble (8 mark/idle bits), ascii STX (02), ascii '2' (32), ascii '0' (30), ascii bytes 0..7 (cardid), then xor checksum of cardid bytes
// all bytes following 8 bit preamble are one start bit (0), 7 data bits (lsb first), odd parity bit, and one stop bit (1) // all bytes following 8 bit preamble are one start bit (0), 7 data bits (lsb first), odd parity bit, and one stop bit (1)
static int demodbuf_to_pacid(uint8_t *src, const size_t src_size, uint8_t *dst, const size_t dst_size) { static int demodbuf_to_pacid(uint8_t *src, const size_t src_size, uint8_t *dst, const size_t dst_size) {
@ -85,7 +86,9 @@ static int demodbuf_to_pacid(uint8_t *src, const size_t src_size, uint8_t *dst,
PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: Bad checksum - expected: %02X, actual: %02X", dst[dataLength - 1], checksum); PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: Bad checksum - expected: %02X, actual: %02X", dst[dataLength - 1], checksum);
return PM3_ESOFT; return PM3_ESOFT;
} }
dst[dataLength - 1] = 0; // overwrite checksum byte with null terminator
// overwrite checksum byte with null terminator
dst[dataLength - 1] = 0;
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -142,9 +145,13 @@ static void pacCardIdToRaw(uint8_t *outRawBytes, const char *cardId) {
//see NRZDemod for what args are accepted //see NRZDemod for what args are accepted
static int CmdPacDemod(const char *Cmd) { static int CmdPacDemod(const char *Cmd) {
(void)Cmd;
return demodPac();
}
int demodPac(void) {
//NRZ //NRZ
if (NRZrawDemod(Cmd, false) != PM3_SUCCESS) { if (NRZrawDemod("", false) != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: NRZ Demod failed"); PrintAndLogEx(DEBUG, "DEBUG: Error - PAC: NRZ Demod failed");
return PM3_ESOFT; return PM3_ESOFT;
} }
@ -307,7 +314,6 @@ int CmdLFPac(const char *Cmd) {
return CmdsParse(CommandTable, Cmd); return CmdsParse(CommandTable, Cmd);
} }
// by marshmellow
// find PAC preamble in already demoded data // find PAC preamble in already demoded data
int detectPac(uint8_t *dest, size_t *size) { int detectPac(uint8_t *dest, size_t *size) {
if (*size < 128) return -1; //make sure buffer has data if (*size < 128) return -1; //make sure buffer has data
@ -320,7 +326,4 @@ int detectPac(uint8_t *dest, size_t *size) {
return (int)startIdx; return (int)startIdx;
} }
int demodPac(void) {
return CmdPacDemod("");
}

2
client/src/cmdlfparadox.c
View file

@ -128,7 +128,7 @@ int demodParadox(void) {
uint8_t error = 0; uint8_t error = 0;
// Remove manchester encoding from FSK bits, skip pre // Remove manchester encoding from FSK bits, skip pre
for (uint8_t i = idx + PARADOX_PREAMBLE_LEN; i < (idx + 96 - PARADOX_PREAMBLE_LEN ); i += 2) { for (uint8_t i = idx + PARADOX_PREAMBLE_LEN; i < (idx + 96); i += 2) {
// not manchester data // not manchester data
if (bits[i] == bits[i + 1]) { if (bits[i] == bits[i + 1]) {

46
client/src/cmdlft55xx.c
View file

@ -1345,17 +1345,25 @@ bool testKnownConfigBlock(uint32_t block0) {
case T55X7_RAW_CONFIG_BLOCK: case T55X7_RAW_CONFIG_BLOCK:
case T55X7_EM_UNIQUE_CONFIG_BLOCK: case T55X7_EM_UNIQUE_CONFIG_BLOCK:
case T55X7_FDXB_CONFIG_BLOCK: case T55X7_FDXB_CONFIG_BLOCK:
case T55X7_FDXB_2_CONFIG_BLOCK:
case T55X7_HID_26_CONFIG_BLOCK: case T55X7_HID_26_CONFIG_BLOCK:
case T55X7_PYRAMID_CONFIG_BLOCK: case T55X7_PYRAMID_CONFIG_BLOCK:
case T55X7_INDALA_64_CONFIG_BLOCK: case T55X7_INDALA_64_CONFIG_BLOCK:
case T55X7_INDALA_224_CONFIG_BLOCK: case T55X7_INDALA_224_CONFIG_BLOCK:
case T55X7_GUARDPROXII_CONFIG_BLOCK: case T55X7_GUARDPROXII_CONFIG_BLOCK:
case T55X7_VIKING_CONFIG_BLOCK: case T55X7_VIKING_CONFIG_BLOCK:
case T55X7_NORALYS_CONFIG_BLOCK: case T55X7_NORALSY_CONFIG_BLOCK:
case T55X7_IOPROX_CONFIG_BLOCK: case T55X7_IOPROX_CONFIG_BLOCK:
case T55X7_PRESCO_CONFIG_BLOCK: case T55X7_PRESCO_CONFIG_BLOCK:
case T55X7_NEDAP_64_CONFIG_BLOCK: case T55X7_NEDAP_64_CONFIG_BLOCK:
case T55X7_NEDAP_128_CONFIG_BLOCK: case T55X7_NEDAP_128_CONFIG_BLOCK:
case T55X7_VISA2000_CONFIG_BLOCK:
case T55X7_SECURAKEY_CONFIG_BLOCK:
case T55X7_PAC_CONFIG_BLOCK:
case T55X7_VERICHIP_CONFIG_BLOCK:
case T55X7_KERI_CONFIG_BLOCK:
case T55X7_NEXWATCH_CONFIG_BLOCK:
case T55X7_JABLOTRON_CONFIG_BLOCK:
return true; return true;
} }
return false; return false;
@ -2044,17 +2052,18 @@ static void printT5x7KnownBlock0(uint32_t b0) {
case T55X7_EM_UNIQUE_CONFIG_BLOCK: case T55X7_EM_UNIQUE_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "EM unique, Paxton "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "EM unique, Paxton ");
break; break;
case T55X7_FDXB_2_CONFIG_BLOCK:
case T55X7_FDXB_CONFIG_BLOCK: case T55X7_FDXB_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "FDXB "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "FDXB ");
break; break;
case T55X7_HID_26_CONFIG_BLOCK: case T55X7_HID_26_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "HID 26b (ProxCard) "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "HID 26b (ProxCard), Paradox, AWID ");
break; break;
case T55X7_PYRAMID_CONFIG_BLOCK: case T55X7_PYRAMID_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Pyramid "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "Pyramid ");
break; break;
case T55X7_INDALA_64_CONFIG_BLOCK: case T55X7_INDALA_64_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Indala 64"); snprintf(s + strlen(s), sizeof(s) - strlen(s), "Indala 64, Motorola");
break; break;
case T55X7_INDALA_224_CONFIG_BLOCK: case T55X7_INDALA_224_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Indala 224 "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "Indala 224 ");
@ -2065,7 +2074,7 @@ static void printT5x7KnownBlock0(uint32_t b0) {
case T55X7_VIKING_CONFIG_BLOCK: case T55X7_VIKING_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Viking "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "Viking ");
break; break;
case T55X7_NORALYS_CONFIG_BLOCK: case T55X7_NORALSY_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Noralys "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "Noralys ");
break; break;
case T55X7_IOPROX_CONFIG_BLOCK: case T55X7_IOPROX_CONFIG_BLOCK:
@ -2080,12 +2089,33 @@ static void printT5x7KnownBlock0(uint32_t b0) {
case T55X7_NEDAP_128_CONFIG_BLOCK: case T55X7_NEDAP_128_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Nedap 128 "); snprintf(s + strlen(s), sizeof(s) - strlen(s), "Nedap 128 ");
break; break;
case T55X7_PAC_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "PAC/Stanley ");
break;
case T55X7_VERICHIP_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Verichip ");
break;
case T55X7_VISA2000_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "VISA2000 ");
break;
case T55X7_JABLOTRON_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "Jablotron ");
break;
case T55X7_KERI_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "KERI ");
break;
case T55X7_SECURAKEY_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "SecuraKey ");
break;
case T55X7_NEXWATCH_CONFIG_BLOCK:
snprintf(s + strlen(s), sizeof(s) - strlen(s), "NexWatch, Quadrakey ");
break;
default: default:
break; break;
} }
if (strlen(s) > 0) if (strlen(s) > 0)
PrintAndLogEx(NORMAL, "\n Config block match : " _YELLOW_("%s"), s); PrintAndLogEx(SUCCESS, "\nConfig block match : " _YELLOW_("%s"), s);
} }
static int CmdT55xxInfo(const char *Cmd) { static int CmdT55xxInfo(const char *Cmd) {
@ -2224,11 +2254,11 @@ static int CmdT55xxInfo(const char *Cmd) {
PrintAndLogEx(NORMAL, " POR-Delay : %s", (por) ? _GREEN_("Yes") : "No"); PrintAndLogEx(NORMAL, " POR-Delay : %s", (por) ? _GREEN_("Yes") : "No");
} }
PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); PrintAndLogEx(NORMAL, "-------------------------------------------------------------");
PrintAndLogEx(NORMAL, " Raw Data - Page 0"); PrintAndLogEx(NORMAL, " Raw Data - Page 0, block 0");
if (gotdata) if (gotdata)
PrintAndLogEx(NORMAL, " Block 0 : 0x%08X", block0); PrintAndLogEx(NORMAL, " 0x" _GREEN_("%08X"), block0);
else else
PrintAndLogEx(NORMAL, " Block 0 : 0x%08X %s", block0, sprint_bin(DemodBuffer + config.offset, 32)); PrintAndLogEx(NORMAL, " 0x" _GREEN_("%08X") " %s", block0, sprint_bin(DemodBuffer + config.offset, 32));
if (((!gotdata) && (!config.Q5)) || (gotdata && (!dataasq5))) if (((!gotdata) && (!config.Q5)) || (gotdata && (!dataasq5)))
printT5x7KnownBlock0(block0); printT5x7KnownBlock0(block0);

45
client/src/cmdlft55xx.h
View file

@ -25,28 +25,45 @@
// config blocks // config blocks
#define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // ASK, compat mode, data rate 32, manchester, STT, 7 data blocks #define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // ASK, compat mode, data rate 32, manchester, STT, 7 data blocks
#define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // ASK, compat mode, data rate 32, manchester, 7 data blocks #define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // ASK, compat mode, data rate 32, manchester, 7 data blocks
#define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, emulate em4x02/unique - compat mode, manchester, data rate 64, 2 data blocks #define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/unique - compat mode, manchester, data rate 64, 2 data blocks
#define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, emulate em4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks #define T55X7_EM_PAXTON_CONFIG_BLOCK 0x00148040 // ASK, EM4x02/paxton - compat mode, manchester, data rate 64, 2 data blocks
#define T55X7_VISA2000_CONFIG_BLOCK 0x00148068 // ASK, data rate 64, 3 data blocks, STT
#define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // ASK, compat mode, data rate 32, Manchester, 2 data blocks
#define T55X7_NORALSY_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALSY - KCP3000), data rate 32, 3 data blocks
#define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 4 data blocks, STT
#define T55X7_SECURAKEY_CONFIG_BLOCK 0x000C8060 // ASK, Manchester, data rate 40, 3 data blocks
// FDXB requires data inversion and BiPhase 57 is simply BiPhase 50 inverted, so we can either do it using the modulation scheme or the inversion flag // FDXB requires data inversion and BiPhase 57 is simply BiPhase 50 inverted, so we can either do it using the modulation scheme or the inversion flag
// we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo, // we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,
// and it should actually be "10000" (16) // and it should actually be "10000" (16)
// #define T55X7_FDXB_CONFIG_BLOCK 0x903F8080 // emulate fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks // #define T55X7_FDXB_CONFIG_BLOCK 0x903F8080 // BiPhase, fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks
#define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // emulate fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks #define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // BiPhase, fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks
#define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // hid 26 bit - compat mode, FSK2a, data rate 50, 3 data blocks #define T55X7_FDXB_2_CONFIG_BLOCK 0x00098080 //
#define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // Pyramid 26 bit - compat mode, FSK2a, data rate 50, 4 data blocks
#define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // emulate indala 64 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 2 #define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
#define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // emulate indala 224 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 7 #define T55X7_PARADOX_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
#define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // bitrate 64pcb, Direct modulation, Biphase, 3 data blocks #define T55X7_AWID_CONFIG_BLOCK 0x00107060 // FSK2a, hid 26 bit - compat mode, data rate 50, 3 data blocks
#define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // ASK, compat mode, data rate 32, Manchester, 2 data blocks #define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // FSK2a, Pyramid 26 bit - compat mode, data rate 50, 4 data blocks
#define T55X7_NORALYS_CONFIG_BLOCK 0x00088C6A // ASK, compat mode, (NORALYS - KCP3000), 3 data blocks #define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // FSK2a, data rate 64, 2 data blocks
#define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // ioprox - FSK2a, data rate 64, 2 data blocks
#define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // ASK, data rate 32, Manchester, 4 data blocks, STT #define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // PSK1, indala 64 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 2
#define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // PSK1, indala 224 bit - compat mode, psk carrier FC * 2, data rate 32, maxblock 7
#define T55X7_MOTOROLA_CONFIG_BLOCK 0x00081040 // PSK1, data rate 32, 2 data blocks
#define T55X7_NEXWATCH_CONFIG_BLOCK 0x00081060 // PSK1 data rate 16, psk carrier FC * 2, 3 data blocks
#define T55X7_KERI_CONFIG_BLOCK 0x603E1040 // PSK1, 2 data blocks
#define T55X7_JABLOTRON_CONFIG_BLOCK 0x00158040 // Biphase, data rate 64, 2 data blocks
#define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // Biphase, data rate 64, Direct modulation, 3 data blocks
#define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 2 data blocks #define T55X7_NEDAP_64_CONFIG_BLOCK 0x907f0042 // BiPhase, data rate 64, 2 data blocks
#define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 4 data blocks #define T55X7_NEDAP_128_CONFIG_BLOCK 0x907f0082 // BiPhase, data rate 64, 4 data blocks
#define T55X7_PAC_CONFIG_BLOCK 0x00080080 // NRZ, data rate 32, 4 data blocks
#define T55X7_VERICHIP_CONFIG_BLOCK 0x000C0080 // NRZ, data rate 40, 4 data blocks
#define T55X7_bin 0b0010 #define T55X7_bin 0b0010
#define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // data rate 64 , ask, manchester, 2 data blocks? // Q5 / Termic / T5555
#define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // ASK, data rate 64, manchester, 2 data blocks?
typedef enum { typedef enum {
T55x7_RAW = 0x00, T55x7_RAW = 0x00,
T55x7_DEFAULT = 0x00, T55x7_DEFAULT = 0x00,

15
client/src/cmdlfverichip.c → client/src/cmdlfverichip_disabled.c
View file

@ -39,9 +39,13 @@ static int usage_lf_verichip_clone(void) {
//see NRZDemod for what args are accepted //see NRZDemod for what args are accepted
static int CmdVerichipDemod(const char *Cmd) { static int CmdVerichipDemod(const char *Cmd) {
(void)Cmd;
return demodVerichip();
}
int demodVerichip(void) {
//NRZ //NRZ
if (NRZrawDemod(Cmd, false) != PM3_SUCCESS) { if (NRZrawDemod("", false) != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: NRZ Demod failed"); PrintAndLogEx(DEBUG, "DEBUG: Error - VERICHIP: NRZ Demod failed");
return PM3_ESOFT; return PM3_ESOFT;
} }
@ -154,20 +158,15 @@ int CmdLFVerichip(const char *Cmd) {
return CmdsParse(CommandTable, Cmd); return CmdsParse(CommandTable, Cmd);
} }
// by marshmellow // find VERICHIP preamble in already demoded data
// find PAC preamble in already demoded data
int detectVerichip(uint8_t *dest, size_t *size) { int detectVerichip(uint8_t *dest, size_t *size) {
if (*size < 128) return -1; //make sure buffer has data if (*size < 128) return -1; //make sure buffer has data
size_t startIdx = 0; size_t startIdx = 0;
uint8_t preamble[] = {1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0}; uint8_t preamble[] = {1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0};
if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx))
return -2; //preamble not found return -2; //preamble not found
if (*size != 128) return -3; //wrong demoded size if (*size < 128) return -3; //wrong demoded size
//return start position //return start position
return (int)startIdx; return (int)startIdx;
} }
int demodVerichip(void) {
return CmdVerichipDemod("");
}

0
client/src/cmdlfverichip.h → client/src/cmdlfverichip_disabled.h
View file

11
client/src/loclass/cipherutils.c
View file

@ -128,24 +128,17 @@ uint64_t x_bytes_to_num(uint8_t *src, size_t len) {
return num; return num;
} }
uint8_t reversebytes(uint8_t b) {
b = (b & 0xF0) >> 4 | (b & 0x0F) << 4;
b = (b & 0xCC) >> 2 | (b & 0x33) << 2;
b = (b & 0xAA) >> 1 | (b & 0x55) << 1;
return b;
}
void reverse_arraybytes(uint8_t *arr, size_t len) { void reverse_arraybytes(uint8_t *arr, size_t len) {
uint8_t i; uint8_t i;
for (i = 0; i < len ; i++) { for (i = 0; i < len ; i++) {
arr[i] = reversebytes(arr[i]); arr[i] = reflect8(arr[i]);
} }
} }
void reverse_arraycopy(uint8_t *arr, uint8_t *dest, size_t len) { void reverse_arraycopy(uint8_t *arr, uint8_t *dest, size_t len) {
uint8_t i; uint8_t i;
for (i = 0; i < len ; i++) { for (i = 0; i < len ; i++) {
dest[i] = reversebytes(arr[i]); dest[i] = reflect8(arr[i]);
} }
} }

4
client/src/proxmark3.c
View file

@ -727,6 +727,10 @@ static bool DetectWindowsAnsiSupport(void) {
RegCloseKey(hKey); RegCloseKey(hKey);
} }
#ifndef ENABLE_VIRTUAL_TERMINAL_PROCESSING
#define ENABLE_VIRTUAL_TERMINAL_PROCESSING 0x0004
#endif
HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE); HANDLE hOut = GetStdHandle(STD_OUTPUT_HANDLE);
DWORD dwMode = 0; DWORD dwMode = 0;
GetConsoleMode(hOut, &dwMode); GetConsoleMode(hOut, &dwMode);

9
client/src/util.c
View file

@ -791,15 +791,6 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bits) {
return tmp; return tmp;
} }
/*
uint8_t pw_rev_A(uint8_t b) {
b = (b & 0xF0) >> 4 | (b & 0x0F) << 4;
b = (b & 0xCC) >> 2 | (b & 0x33) << 2;
b = (b & 0xAA) >> 1 | (b & 0x55) << 1;
return b;
}
*/
uint64_t HornerScheme(uint64_t num, uint64_t divider, uint64_t factor) { uint64_t HornerScheme(uint64_t num, uint64_t divider, uint64_t factor) {
uint64_t remaind = 0, quotient = 0, result = 0; uint64_t remaind = 0, quotient = 0, result = 0;
remaind = num % divider; remaind = num % divider;

3
client/src/util.h
View file

@ -54,9 +54,12 @@ void print_blocks(uint32_t *data, size_t len);
int hex_to_bytes(const char *hexValue, uint8_t *bytesValue, size_t maxBytesValueLen); int hex_to_bytes(const char *hexValue, uint8_t *bytesValue, size_t maxBytesValueLen);
void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest); void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest);
void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest); void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest);
// Swap endian on arrays up to 64bytes.
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize); uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize);
void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest); void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest);
// parameter helper functions
int param_getlength(const char *line, int paramnum); int param_getlength(const char *line, int paramnum);
char param_getchar(const char *line, int paramnum); char param_getchar(const char *line, int paramnum);
char param_getchar_indx(const char *line, int indx, int paramnum); char param_getchar_indx(const char *line, int indx, int paramnum);

15
common/commonutil.c
View file

@ -60,9 +60,21 @@ uint32_t reflect(uint32_t v, int b) {
return v; return v;
} }
// https://graphics.stanford.edu/~seander/bithacks.html#BitReverseTable
// Reverse the bits in a byte with 3 operations (64-bit multiply and modulus division):
uint8_t reflect8(uint8_t b) {
return (b * 0x0202020202ULL & 0x010884422010ULL) % 1023;
}
// Reverse the bits in a byte with 4 operations (64-bit multiply, no division):
/*
uint8_t reflect8(uint8_t b) { uint8_t reflect8(uint8_t b) {
return ((b * 0x80200802ULL) & 0x0884422110ULL) * 0x0101010101ULL >> 32; return ((b * 0x80200802ULL) & 0x0884422110ULL) * 0x0101010101ULL >> 32;
} }
*/
uint16_t reflect16(uint16_t b) { uint16_t reflect16(uint16_t b) {
uint16_t v = 0; uint16_t v = 0;
v |= (b & 0x8000) >> 15; v |= (b & 0x8000) >> 15;
@ -117,10 +129,13 @@ void lsl(uint8_t *data, size_t len) {
data[len - 1] <<= 1; data[len - 1] <<= 1;
} }
// BSWAP24 of array[3]
uint32_t le24toh(uint8_t data[3]) { uint32_t le24toh(uint8_t data[3]) {
return (data[2] << 16) | (data[1] << 8) | data[0]; return (data[2] << 16) | (data[1] << 8) | data[0];
} }
// BSWAP24, take u32, output array
void htole24(uint32_t val, uint8_t data[3]) { void htole24(uint32_t val, uint8_t data[3]) {
data[0] = (uint8_t) val; data[0] = (uint8_t) val;
data[1] = (uint8_t)(val >> 8); data[1] = (uint8_t)(val >> 8);

11
doc/bt_manual_v10.md
View file

@ -182,8 +182,9 @@ Instead of `aa:bb:cc:dd:ee:ff`, you'll see your MAC address.
If you don't have `hcitool`, you can use `bluetoothctl` and `scan on` as shown in next section. If you don't have `hcitool`, you can use `bluetoothctl` and `scan on` as shown in next section.
2. Use Proxmark client with Bluetooth MAC address as bt:<mac> 2. Use Proxmark client with Bluetooth MAC address as bt:<mac>
```sh ```sh
./proxmark3 bt:aa:bb:cc:dd:ee:ff ./proxmark3 -p bt:aa:bb:cc:dd:ee:ff
``` ```
The first time, your OS will ask you for pairing. The default PIN is The first time, your OS will ask you for pairing. The default PIN is
1234. If PIN is not typed in quickly, the client might timeout. Simply 1234. If PIN is not typed in quickly, the client might timeout. Simply
@ -225,7 +226,7 @@ turn on solid.
4. a serial port `/dev/ttyUSB0` will be created, use Proxmark3 client on it 4. a serial port `/dev/ttyUSB0` will be created, use Proxmark3 client on it
```sh ```sh
./proxmark3 /dev/ttyUSB0 ./proxmark3 -p /dev/ttyUSB0
``` ```
#### 5.2.3 (deprecated) Connecting rdv4.0 with Bluetooth on Linux computer via rfcomm #### 5.2.3 (deprecated) Connecting rdv4.0 with Bluetooth on Linux computer via rfcomm
@ -257,7 +258,7 @@ connection is successful.
4. Use Proxmark client on BT-serial port 4. Use Proxmark client on BT-serial port
```sh ```sh
./proxmark3 /dev/rfcomm0 ./proxmark3 -p /dev/rfcomm0
``` ```
See instructions above (method 1) for initial pairing. See instructions above (method 1) for initial pairing.
@ -283,7 +284,7 @@ After reboot you can go ahead to pairing your Proxmark3 RDV4 Blue Shark:
8. A serial port like `/dev/tty.PM3_RDV40-DevB` will be created, use Proxmark3 client on it 8. A serial port like `/dev/tty.PM3_RDV40-DevB` will be created, use Proxmark3 client on it
```sh ```sh
./proxmark3 /dev/tty.PM3_RDV40-DevB ./proxmark3 -p /dev/tty.PM3_RDV40-DevB
``` ```
### 5.4 Android ### 5.4 Android
^[Top](#top) ^[Top](#top)
@ -294,7 +295,7 @@ After reboot you can go ahead to pairing your Proxmark3 RDV4 Blue Shark:
1. Make sure you already followed this tutorial https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/termux_notes.md#setup and have Termux with an running Proxmark3 client ready. You need additional the `cp210x` serial usb driver enabled and working, like the `USB_ACM` driver to communicate wireless. 1. Make sure you already followed this tutorial https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/termux_notes.md#setup and have Termux with an running Proxmark3 client ready. You need additional the `cp210x` serial usb driver enabled and working, like the `USB_ACM` driver to communicate wireless.
2. Insert the Bluetooth adapter with an fitting USB-C/Micro-USB converter into your Android USB port and a serial port `/dev/ttyUSB0` will be created. To see if it's working, run `tsudo ls /dev/ttyU*` and it should list `/dev/ttyUSB0`. 2. Insert the Bluetooth adapter with an fitting USB-C/Micro-USB converter into your Android USB port and a serial port `/dev/ttyUSB0` will be created. To see if it's working, run `tsudo ls /dev/ttyU*` and it should list `/dev/ttyUSB0`.
3. The adapter will search automatically and establish the connection to BlueShark. The adapter will remember the device that was first connected and after that the same device will be connected. After the connection is established, the blue state LED on add-on will turn on solid. 3. The adapter will search automatically and establish the connection to BlueShark. The adapter will remember the device that was first connected and after that the same device will be connected. After the connection is established, the blue state LED on add-on will turn on solid.
4. If you see this, congratulations, you can run your Proxmark3 client in Termux with `tsudo proxmark3/client/proxmark3 /dev/ttyUSB0` 4. If you see this, congratulations, you can run your Proxmark3 client in Termux with `tsudo proxmark3/client/proxmark3 -p /dev/ttyUSB0`
## 6. OTHER NOTES ## 6. OTHER NOTES
^[Top](#top) ^[Top](#top)

1
include/pm3_cmd.h
View file

@ -406,6 +406,7 @@ typedef struct {
#define CMD_LF_EM4X50_WRITE 0x0241 #define CMD_LF_EM4X50_WRITE 0x0241
#define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242 #define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242
#define CMD_LF_EM4X50_READ 0x0243 #define CMD_LF_EM4X50_READ 0x0243
#define CMD_LF_EM4X50_WIPE 0x0244
// Sampling configuration for LF reader/sniffer // Sampling configuration for LF reader/sniffer
#define CMD_LF_SAMPLING_SET_CONFIG 0x021D #define CMD_LF_SAMPLING_SET_CONFIG 0x021D
#define CMD_LF_FSK_SIMULATE 0x021E #define CMD_LF_FSK_SIMULATE 0x021E