github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

standalone mode LF_EM4100RWC, LF_EM4100RSWB - odd big buff static pointer usage

Browse source
This commit is contained in:
iceman1001 2021-01-27 23:18:01 +01:00
commit f6462137cf
2 changed files with 15 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

19
armsrc/Standalone/lf_em4100rswb.c
View file

@ -76,14 +76,13 @@ static int bruteforceSpeed[] = {10, 12, 14, 16};
// In high[] must be nulls
static uint64_t low[] = {0, 0, 0, 0};
static uint32_t high[] = {0, 0, 0, 0};
static uint8_t *bba;
static int buflen;
void ModInfo(void) {
DbpString(" LF EM4100 read/sim/write/brute mode");
}
static uint64_t ReversQuads(uint64_t bits) {
static uint64_t rev_quads(uint64_t bits) {
uint64_t result = 0;
for (int i = 0; i < 16; i++) {
result += ((bits >> (60 - 4 * i)) & 0xf) << (4 * i);
@ -92,6 +91,7 @@ static uint64_t ReversQuads(uint64_t bits) {
}
static void FillBuff(uint8_t bit) {
uint8_t *bba = BigBuf_get_addr();
memset(bba + buflen, bit, LF_CLOCK / 2);
buflen += (LF_CLOCK / 2);
memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);
@ -99,24 +99,29 @@ static void FillBuff(uint8_t bit) {
}
static void ConstructEM410xEmulBuf(uint64_t id) {
bba = BigBuf_get_addr();
int i, j, binary[4], parity[4];
buflen = 0;
for (i = 0; i < 9; i++)
FillBuff(1);
parity[0] = parity[1] = parity[2] = parity[3] = 0;
for (i = 0; i < 10; i++) {
for (j = 3; j >= 0; j--, id /= 2)
binary[j] = id % 2;
for (j = 0; j < 4; j++)
FillBuff(binary[j]);
FillBuff(binary[0] ^ binary[1] ^ binary[2] ^ binary[3]);
for (j = 0; j < 4; j++)
parity[j] ^= binary[j];
}
for (j = 0; j < 4; j++)
FillBuff(parity[j]);
FillBuff(0);
}
@ -197,7 +202,6 @@ static uint64_t PackEmID(uint64_t original, int newCardNum) {
return buf;
}
static void PrintFcAndCardNum(uint64_t lowData) {
// Calculate Facility Code and Card Number from high and low
uint32_t fc = (lowData >> 17) & 0xFF;
@ -222,7 +226,7 @@ static int BruteEMTag(uint64_t originalCard, int slot) {
cardnum = cardnum + direction;
uint64_t currentCard = PackEmID(originalCard, cardnum);
Dbprintf("[=] >> Simulating card id %"PRIx64" <<", currentCard);
ConstructEM410xEmulBuf(ReversQuads(currentCard));
ConstructEM410xEmulBuf(rev_quads(currentCard));
SimulateTagLowFrequencyEx(buflen, 0, 1, bruteforceSpeed[bruteforceSpeedCurrent] * 10000);
int button_pressed = BUTTON_CLICKED(1000);
@ -267,7 +271,7 @@ static int ExecuteMode(int mode, int slot) {
return LF_RWSB_UNKNOWN_RESULT;
case LF_RWSB_MODE_SIM:
Dbprintf("[=] >> Sim mode started <<");
ConstructEM410xEmulBuf(ReversQuads(low[slot]));
ConstructEM410xEmulBuf(rev_quads(low[slot]));
SimulateTagLowFrequency(buflen, 0, 1);
return LF_RWSB_UNKNOWN_RESULT;
case LF_RWSB_MODE_WRITE:
@ -310,7 +314,6 @@ void RunMod() {
int slot = 0;
mode = SwitchMode(mode, slot);
bba = BigBuf_get_addr();
for (;;) {
WDT_HIT();
if (data_available()) break;

8
armsrc/Standalone/lf_em4100rwc.c
View file

@ -41,7 +41,7 @@
// In high[] must be nulls
static uint64_t low[] = {0x565AF781C7, 0x540053E4E2, 0x1234567890, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
static uint32_t high[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
static uint8_t *bba, slots_count;
static uint8_t slots_count;
static int buflen;
void ModInfo(void) {
@ -57,6 +57,7 @@ static uint64_t rev_quads(uint64_t bits) {
}
static void fillbuff(uint8_t bit) {
uint8_t *bba = BigBuf_get_addr();
memset(bba + buflen, bit, LF_CLOCK / 2);
buflen += (LF_CLOCK / 2);
memset(bba + buflen, bit ^ 1, LF_CLOCK / 2);
@ -66,8 +67,8 @@ static void fillbuff(uint8_t bit) {
static void construct_EM410x_emul(uint64_t id) {
int i, j;
int binary[4] = {0};
int parity[4] = {0};
int binary[4] = {0,0,0,0};
int parity[4] = {0,0,0,0};
buflen = 0;
for (i = 0; i < 9; i++)
@ -138,7 +139,6 @@ void RunMod(void) {
// 3 - write to T5555 tag
uint8_t state = 0;
slots_count = ARRAYLEN(low);
bba = BigBuf_get_addr();
led_slot(selected);
for (;;) {