github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

text

Browse source
This commit is contained in:
iceman1001 2021-12-31 09:27:26 +01:00
commit f9ac27c223
2 changed files with 78 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -3,7 +3,8 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Changed `hf mf gview` - now supports user supplied password (@iceman1001) - Added option `lf gprox demod --raw` - now supports decoding of raw bytes (@iceman1001)
- Added option `hf mf gview --pwd` - now supports user supplied password (@iceman1001)
- Added option `--force` to `hf mfu rdb/wrbl` to force operation even if address is out of range (@doegox) - Added option `--force` to `hf mfu rdb/wrbl` to force operation even if address is out of range (@doegox)
- Added documentation for detailed usage of the Ultimate Magic Card (@doegox) - Added documentation for detailed usage of the Ultimate Magic Card (@doegox)
- Changed HitagS trace record and parsing to deal with partial bytes and to check CRC8 (@doegox) - Changed HitagS trace record and parsing to deal with partial bytes and to check CRC8 (@doegox)

79
client/src/cmdlfguard.c
View file

@ -27,6 +27,64 @@
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
static int demod_guard_raw(uint8_t* raw, uint8_t rlen) {
if (rlen != 12) {
return PM3_EINVARG;
}
uint8_t bits[96] = {0x00};
bytes_to_bytebits(raw, rlen, bits);
// start after 6 bit preamble
size_t start_idx = 6;
uint8_t bits_no_spacer[90];
memcpy(bits_no_spacer, bits + start_idx, 90);
// remove the 18 (90/5=18) parity bits (down to 72 bits (96-6-18=72))
size_t len = removeParity(bits_no_spacer, 0, 5, 3, 90); // source, startloc, paritylen, ptype, length_to_run
if (len != 72) {
PrintAndLogEx(DEBUG, "DEBUG: Error - gProxII spacer removal did not produce 72 bits: %zu, start: %zu", len, start_idx);
return PM3_ESOFT;
}
uint8_t plain[8] = {0x00};
// get key and then get all 8 bytes of payload decoded
uint8_t xorKey = (uint8_t)bytebits_to_byteLSBF(bits_no_spacer, 8);
for (size_t idx = 0; idx < 8; idx++) {
plain[idx] = ((uint8_t)bytebits_to_byteLSBF(bits_no_spacer + 8 + (idx * 8), 8)) ^ xorKey;
PrintAndLogEx(DEBUG, "DEBUG: gProxII byte %zu after xor: %02x", idx, plain[idx]);
}
// plain contains 8 Bytes (64 bits) of decrypted raw tag data
uint8_t fmtlen = plain[0] >> 2;
uint32_t FC = 0;
uint32_t Card = 0;
bool unknown = false;
switch (fmtlen) {
case 36:
FC = ((plain[3] & 0x7F) << 7) | (plain[4] >> 1);
Card = ((plain[4] & 1) << 19) | (plain[5] << 11) | (plain[6] << 3) | ((plain[7] & 0xE0) >> 5);
break;
case 26:
FC = ((plain[3] & 0x7F) << 1) | (plain[4] >> 7);
Card = ((plain[4] & 0x7F) << 9) | (plain[5] << 1) | (plain[6] >> 7);
break;
default :
unknown = true;
break;
}
if (unknown)
PrintAndLogEx(SUCCESS, "G-Prox-II - Unknown len: " _GREEN_("%u") ", Raw: %s", fmtlen, sprint_hex_inrow(raw, rlen));
else
PrintAndLogEx(SUCCESS, "G-Prox-II - len: " _GREEN_("%u")" FC: " _GREEN_("%u") " Card: " _GREEN_("%u") ", Raw: %s", fmtlen, FC, Card, sprint_hex_inrow(raw, rlen));
return PM3_SUCCESS;
}
// attempts to demodulate and identify a G_Prox_II verex/chubb card // attempts to demodulate and identify a G_Prox_II verex/chubb card
// WARNING: if it fails during some points it will destroy the g_DemodBuffer data // WARNING: if it fails during some points it will destroy the g_DemodBuffer data
// but will leave the g_GraphBuffer intact. // but will leave the g_GraphBuffer intact.
@ -59,7 +117,6 @@ int demodGuard(bool verbose) {
} }
// got a good demod of 96 bits // got a good demod of 96 bits
uint8_t plain[8] = {0x00}; uint8_t plain[8] = {0x00};
uint8_t xorKey = 0; uint8_t xorKey = 0;
size_t startIdx = preambleIndex + 6; //start after 6 bit preamble size_t startIdx = preambleIndex + 6; //start after 6 bit preamble
@ -119,16 +176,32 @@ static int CmdGuardDemod(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "lf gproxii demod", CLIParserInit(&ctx, "lf gproxii demod",
"Try to find Guardall Prox-II preamble, if found decode / descramble data", "Try to find Guardall Prox-II preamble, if found decode / descramble data",
"lf gproxii demod" "lf gproxii demod -> use graphbuffer to decode\n"
"lf gproxii demod --raw fb8ee718ee3b8cc785c11b92 ->"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_strx0("r", "raw", "<hex>", "raw bytes"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int raw_len = 0;
uint8_t raw[12] = {0};
CLIGetHexWithReturn(ctx, 1, raw, &raw_len);
CLIParserFree(ctx); CLIParserFree(ctx);
return demodGuard(true);
if (raw_len != 12 && raw_len != 0) {
PrintAndLogEx(FAILED, "Must specify 12 bytes, got " _YELLOW_("%u"), raw_len);
return PM3_EINVARG;
}
if (raw_len == 0)
return demodGuard(true);
else
return demod_guard_raw(raw, raw_len);
} }
static int CmdGuardReader(const char *Cmd) { static int CmdGuardReader(const char *Cmd) {