mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-21 05:43:48 -07:00
standalone mode LF_EM4100RWC, LF_EM4100RSWB - odd big buff static pointer usage
This commit is contained in:
iceman1001
parent
fdcc4b741c
commit
f6462137cf
2 changed files with 15 additions and 12 deletions
|
|
@ -76,14 +76,13 @@ static int bruteforceSpeed[] = {10, 12, 14, 16};
|
||||||
// In high[] must be nulls
|
// In high[] must be nulls
|
||||||
static uint64_t low[] = {0, 0, 0, 0};
|
static uint64_t low[] = {0, 0, 0, 0};
|
||||||
static uint32_t high[] = {0, 0, 0, 0};
|
static uint32_t high[] = {0, 0, 0, 0};
|
||||||
static uint8_t *bba;
|
|
||||||
static int buflen;
|
static int buflen;
|
||||||
|
|
||||||
void ModInfo(void) {
|
void ModInfo(void) {
|
||||||
DbpString(" LF EM4100 read/sim/write/brute mode");
|
DbpString(" LF EM4100 read/sim/write/brute mode");
|
||||||
}
|
}
|
||||||
|
|
||||||
static uint64_t ReversQuads(uint64_t bits) {
|
static uint64_t rev_quads(uint64_t bits) {
|
||||||
uint64_t result = 0;
|
uint64_t result = 0;
|
||||||
for (int i = 0; i < 16; i++) {
|
for (int i = 0; i < 16; i++) {
|
||||||
result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i);
|
result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i);
|
||||||
|
|
@ -92,6 +91,7 @@ static uint64_t ReversQuads(uint64_t bits) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void FillBuff(uint8_t bit) {
|
static void FillBuff(uint8_t bit) {
|
||||||
|
uint8_t *bba = BigBuf_get_addr();
|
||||||
memset(bba + buflen, bit, LF_CLOCK / 2);
|
memset(bba + buflen, bit, LF_CLOCK / 2);
|
||||||
buflen += (LF_CLOCK / 2);
|
buflen += (LF_CLOCK / 2);
|
||||||
memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);
|
memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);
|
||||||
|
|
@ -99,24 +99,29 @@ static void FillBuff(uint8_t bit) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void ConstructEM410xEmulBuf(uint64_t id) {
|
static void ConstructEM410xEmulBuf(uint64_t id) {
|
||||||
bba = BigBuf_get_addr();
|
|
||||||
|
|
||||||
int i, j, binary[4], parity[4];
|
int i, j, binary[4], parity[4];
|
||||||
buflen = 0;
|
buflen = 0;
|
||||||
|
|
||||||
for (i = 0; i < 9; i++)
|
for (i = 0; i < 9; i++)
|
||||||
FillBuff(1);
|
FillBuff(1);
|
||||||
|
|
||||||
parity[0] = parity[1] = parity[2] = parity[3] = 0;
|
parity[0] = parity[1] = parity[2] = parity[3] = 0;
|
||||||
|
|
||||||
for (i = 0; i < 10; i++) {
|
for (i = 0; i < 10; i++) {
|
||||||
for (j = 3; j >= 0; j--, id /= 2)
|
for (j = 3; j >= 0; j--, id /= 2)
|
||||||
binary[j] = id % 2;
|
binary[j] = id % 2;
|
||||||
|
|
||||||
for (j = 0; j < 4; j++)
|
for (j = 0; j < 4; j++)
|
||||||
FillBuff(binary[j]);
|
FillBuff(binary[j]);
|
||||||
|
|
||||||
FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
|
FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
|
||||||
for (j = 0; j < 4; j++)
|
for (j = 0; j < 4; j++)
|
||||||
parity[j] ^= binary[j];
|
parity[j] ^= binary[j];
|
||||||
}
|
}
|
||||||
|
|
||||||
for (j = 0; j < 4; j++)
|
for (j = 0; j < 4; j++)
|
||||||
FillBuff(parity[j]);
|
FillBuff(parity[j]);
|
||||||
|
|
||||||
FillBuff(0);
|
FillBuff(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -197,7 +202,6 @@ static uint64_t PackEmID(uint64_t original, int newCardNum) {
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void PrintFcAndCardNum(uint64_t lowData) {
|
static void PrintFcAndCardNum(uint64_t lowData) {
|
||||||
// Calculate Facility Code and Card Number from high and low
|
// Calculate Facility Code and Card Number from high and low
|
||||||
uint32_t fc = (lowData >> 17) & 0xFF;
|
uint32_t fc = (lowData >> 17) & 0xFF;
|
||||||
|
|
@ -222,7 +226,7 @@ static int BruteEMTag(uint64_t originalCard, int slot) {
|
||||||
cardnum = cardnum + direction;
|
cardnum = cardnum + direction;
|
||||||
uint64_t currentCard = PackEmID(originalCard, cardnum);
|
uint64_t currentCard = PackEmID(originalCard, cardnum);
|
||||||
Dbprintf("[=] >> Simulating card id %"PRIx64" <<", currentCard);
|
Dbprintf("[=] >> Simulating card id %"PRIx64" <<", currentCard);
|
||||||
ConstructEM410xEmulBuf(ReversQuads(currentCard));
|
ConstructEM410xEmulBuf(rev_quads(currentCard));
|
||||||
SimulateTagLowFrequencyEx(buflen, 0, 1, bruteforceSpeed[bruteforceSpeedCurrent] * 10000);
|
SimulateTagLowFrequencyEx(buflen, 0, 1, bruteforceSpeed[bruteforceSpeedCurrent] * 10000);
|
||||||
|
|
||||||
int button_pressed = BUTTON_CLICKED(1000);
|
int button_pressed = BUTTON_CLICKED(1000);
|
||||||
|
|
@ -267,7 +271,7 @@ static int ExecuteMode(int mode, int slot) {
|
||||||
return LF_RWSB_UNKNOWN_RESULT;
|
return LF_RWSB_UNKNOWN_RESULT;
|
||||||
case LF_RWSB_MODE_SIM:
|
case LF_RWSB_MODE_SIM:
|
||||||
Dbprintf("[=] >> Sim mode started <<");
|
Dbprintf("[=] >> Sim mode started <<");
|
||||||
ConstructEM410xEmulBuf(ReversQuads(low[slot]));
|
ConstructEM410xEmulBuf(rev_quads(low[slot]));
|
||||||
SimulateTagLowFrequency(buflen, 0, 1);
|
SimulateTagLowFrequency(buflen, 0, 1);
|
||||||
return LF_RWSB_UNKNOWN_RESULT;
|
return LF_RWSB_UNKNOWN_RESULT;
|
||||||
case LF_RWSB_MODE_WRITE:
|
case LF_RWSB_MODE_WRITE:
|
||||||
|
|
@ -310,7 +314,6 @@ void RunMod() {
|
||||||
int slot = 0;
|
int slot = 0;
|
||||||
mode = SwitchMode(mode, slot);
|
mode = SwitchMode(mode, slot);
|
||||||
|
|
||||||
bba = BigBuf_get_addr();
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
WDT_HIT();
|
WDT_HIT();
|
||||||
if (data_available()) break;
|
if (data_available()) break;
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@
|
||||||
// In high[] must be nulls
|
// In high[] must be nulls
|
||||||
static uint64_t low[] = {0x565AF781C7, 0x540053E4E2, 0x1234567890, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
static uint64_t low[] = {0x565AF781C7, 0x540053E4E2, 0x1234567890, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
||||||
static uint32_t high[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
static uint32_t high[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
||||||
static uint8_t *bba, slots_count;
|
static uint8_t slots_count;
|
||||||
static int buflen;
|
static int buflen;
|
||||||
|
|
||||||
void ModInfo(void) {
|
void ModInfo(void) {
|
||||||
|
|
@ -57,6 +57,7 @@ static uint64_t rev_quads(uint64_t bits) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void fillbuff(uint8_t bit) {
|
static void fillbuff(uint8_t bit) {
|
||||||
|
uint8_t *bba = BigBuf_get_addr();
|
||||||
memset(bba + buflen, bit, LF_CLOCK / 2);
|
memset(bba + buflen, bit, LF_CLOCK / 2);
|
||||||
buflen += (LF_CLOCK / 2);
|
buflen += (LF_CLOCK / 2);
|
||||||
memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);
|
memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);
|
||||||
|
|
@ -66,8 +67,8 @@ static void fillbuff(uint8_t bit) {
|
||||||
static void construct_EM410x_emul(uint64_t id) {
|
static void construct_EM410x_emul(uint64_t id) {
|
||||||
|
|
||||||
int i, j;
|
int i, j;
|
||||||
int binary[4] = {0};
|
int binary[4] = {0,0,0,0};
|
||||||
int parity[4] = {0};
|
int parity[4] = {0,0,0,0};
|
||||||
buflen = 0;
|
buflen = 0;
|
||||||
|
|
||||||
for (i = 0; i < 9; i++)
|
for (i = 0; i < 9; i++)
|
||||||
|
|
@ -138,7 +139,6 @@ void RunMod(void) {
|
||||||
// 3 - write to T5555 tag
|
// 3 - write to T5555 tag
|
||||||
uint8_t state = 0;
|
uint8_t state = 0;
|
||||||
slots_count = ARRAYLEN(low);
|
slots_count = ARRAYLEN(low);
|
||||||
bba = BigBuf_get_addr();
|
|
||||||
led_slot(selected);
|
led_slot(selected);
|
||||||
for (;;) {
|
for (;;) {
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue