github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

FIX: T5555/Q5 datarate when used in "Q" parameter, consequential fix in lf commands. (RF-2/2) ie: ((64-2)>>1)

Browse source 
ADD: Marshmellow42 's timing fixes for em4305.
This commit is contained in:
iceman1001 2017-02-13 10:58:28 +01:00
commit ff9c043da2
12 changed files with 210 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

44
armsrc/lfops.c
View file

@ -710,7 +710,7 @@ void CmdASKsimTag(uint16_t arg1, uint16_t arg2, size_t size, uint8_t *BitStream)
for (i=0; i<size; i++){ for (i=0; i<size; i++){
askSimBit(BitStream[i]^invert, &n, clk, encoding); askSimBit(BitStream[i]^invert, &n, clk, encoding);
} }
if (encoding==0 && BitStream[0]==BitStream[size-1]){ //run a second set inverted (for biphase phase) if (encoding==0 && BitStream[0]==BitStream[size-1]){ //run a second set inverted (for ask/raw || biphase phase)
for (i=0; i<size; i++){ for (i=0; i<size; i++){
askSimBit(BitStream[i]^invert^1, &n, clk, encoding); askSimBit(BitStream[i]^invert^1, &n, clk, encoding);
} }
@ -1388,7 +1388,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
data[0] = T55x7_BITRATE_RF_50 | T55x7_MODULATION_FSK2a | last_block << T55x7_MAXBLOCK_SHIFT; data[0] = T55x7_BITRATE_RF_50 | T55x7_MODULATION_FSK2a | last_block << T55x7_MAXBLOCK_SHIFT;
//TODO add selection of chip for Q5 or T55x7 //TODO add selection of chip for Q5 or T55x7
// data[0] = (((50-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | last_block << T5555_MAXBLOCK_SHIFT; // data[0] = (((50-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | last_block << T5555_MAXBLOCK_SHIFT;
LED_D_ON(); LED_D_ON();
WriteT55xx(data, 0, last_block+1); WriteT55xx(data, 0, last_block+1);
@ -1399,7 +1399,7 @@ void CopyIOtoT55x7(uint32_t hi, uint32_t lo) {
uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo}; uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
//TODO add selection of chip for Q5 or T55x7 //TODO add selection of chip for Q5 or T55x7
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
// data[0] = (64 << T5555_BITRATE_SHIFT) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 2 << T5555_MAXBLOCK_SHIFT; // data[0] = ( ((64-2)>>1) << T5555_BITRATE_SHIFT) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 2 << T5555_MAXBLOCK_SHIFT;
LED_D_ON(); LED_D_ON();
// Program the data blocks for supplied ID // Program the data blocks for supplied ID
@ -1414,7 +1414,7 @@ void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) {
// and the Config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2) // and the Config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
uint32_t data[] = { T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo}; uint32_t data[] = { T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
//TODO add selection of chip for Q5 or T55x7 //TODO add selection of chip for Q5 or T55x7
// data[0] = (((32-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT; // data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT;
WriteT55xx(data, 0, 3); WriteT55xx(data, 0, 3);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data) //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
@ -1428,7 +1428,7 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7) //Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT); data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
//TODO add selection of chip for Q5 or T55x7 //TODO add selection of chip for Q5 or T55x7
// data[0] = (((32-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT; // data[0] = (((32-2)>>1) << T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT;
WriteT55xx(data, 0, 8); WriteT55xx(data, 0, 8);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data) //Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0); // T5567WriteBlock(0x603E10E2,0);
@ -1437,7 +1437,7 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5) { void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5) {
uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), block1, block2}; uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), block1, block2};
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
if (Q5) data[0] = (32 << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT; if (Q5) data[0] = (((32-2)>>1) << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT;
// Program the data blocks for supplied ID and the block 0 config // Program the data blocks for supplied ID and the block 0 config
WriteT55xx(data, 0, 3); WriteT55xx(data, 0, 3);
LED_D_OFF(); LED_D_OFF();
@ -1521,8 +1521,8 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
} }
data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT); data[0] = clock | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
} else { //t5555 (Q5) } else { //t5555 (Q5)
clock = (clock-2)>>1; //n = (RF-2)/2 // t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
data[0] = (clock << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT); data[0] = ( ((clock-2) >> 1) << T5555_BITRATE_SHIFT) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
} }
WriteT55xx(data, 0, 3); WriteT55xx(data, 0, 3);
@ -1648,7 +1648,7 @@ void SendForward(uint8_t fwd_bit_count) {
// 16FC * 8us == 128us / 21.3 == 6.009 steps. ok // 16FC * 8us == 128us / 21.3 == 6.009 steps. ok
#ifndef EM_START_GAP #ifndef EM_START_GAP
#define EM_START_GAP 56*8 #define EM_START_GAP 60*8
#endif #endif
#ifndef EM_ONE_GAP #ifndef EM_ONE_GAP
#define EM_ONE_GAP 32*8 #define EM_ONE_GAP 32*8
@ -1669,8 +1669,7 @@ void SendForward(uint8_t fwd_bit_count) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitUS(EM_START_GAP); WaitUS(EM_START_GAP);
TurnReadLFOn(16);
TurnReadLFOn(EM_ZERO_GAP);
// now start writting with bitbanging the antenna. // now start writting with bitbanging the antenna.
while(fwd_bit_sz-- > 0) { //prepare next bit modulation while(fwd_bit_sz-- > 0) { //prepare next bit modulation
@ -1679,8 +1678,8 @@ void SendForward(uint8_t fwd_bit_count) {
else { else {
//These timings work for 4469/4269/4305 //These timings work for 4469/4269/4305
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitUS(EM_ZERO_GAP); WaitUS(20);
TurnReadLFOn(EM_ZERO_GAP); TurnReadLFOn(12);
} }
} }
} }
@ -1691,7 +1690,10 @@ void EM4xLogin(uint32_t pwd) {
len = Prepare_Cmd( FWD_CMD_LOGIN ); len = Prepare_Cmd( FWD_CMD_LOGIN );
len += Prepare_Data( pwd & 0xFFFF, pwd >> 16 ); len += Prepare_Data( pwd & 0xFFFF, pwd >> 16 );
SendForward(len); SendForward(len);
WaitMS(20); //WaitMS(20); - no wait for login command.
// should receive
// 0000 1010 ok.
// 0000 0001 fail
} }
void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) { void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) {
@ -1703,6 +1705,12 @@ void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) {
//clear buffer now so it does not interfere with timing later //clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false); BigBuf_Clear_ext(false);
/* should we read answer from Logincommand?
*
* should receive
* 0000 1010 ok.
* 0000 0001 fail
**/
if (usepwd) EM4xLogin(pwd); if (usepwd) EM4xLogin(pwd);
forward_ptr = forwardLink_data; forward_ptr = forwardLink_data;
@ -1728,7 +1736,13 @@ void EM4xWriteWord(uint32_t flag, uint32_t data, uint32_t pwd) {
//clear buffer now so it does not interfere with timing later //clear buffer now so it does not interfere with timing later
BigBuf_Clear_ext(false); BigBuf_Clear_ext(false);
/* should we read answer from Logincommand?
*
* should receive
* 0000 1010 ok.
* 0000 0001 fail
**/
if (usePwd) EM4xLogin(pwd); if (usePwd) EM4xLogin(pwd);
forward_ptr = forwardLink_data; forward_ptr = forwardLink_data;

4
client/cmdlfawid.c
View file

@ -281,9 +281,9 @@ int CmdAWIDClone(const char *Cmd) {
if ( !fc || !cn) return usage_lf_awid_clone(); if ( !fc || !cn) return usage_lf_awid_clone();
if (param_getchar(Cmd, 4) == 'Q' || param_getchar(Cmd, 4) == 'q') if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 50<<T5555_BITRATE_SHIFT | 3<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | ((50-2)>>1) << T5555_BITRATE_SHIFT | 3<<T5555_MAXBLOCK_SHIFT;
verify_values(&fmtlen, &fc, &cn); verify_values(&fmtlen, &fc, &cn);

93
client/cmdlfem4x.c
View file

@ -283,7 +283,7 @@ uint32_t OutputEM4x50_Block(uint8_t *BitStream, size_t size, bool verbose, bool
} }
return code; return code;
} }
/* Read the transmitted data of an EM4x50 tag /* Read the transmitted data of an EM4x50 tag from the graphbuffer
* Format: * Format:
* *
* XXXXXXXX [row parity bit (even)] <- 8 bits plus parity * XXXXXXXX [row parity bit (even)] <- 8 bits plus parity
@ -305,19 +305,7 @@ uint32_t OutputEM4x50_Block(uint8_t *BitStream, size_t size, bool verbose, bool
//completed by Marshmellow //completed by Marshmellow
int EM4x50Read(const char *Cmd, bool verbose) int EM4x50Read(const char *Cmd, bool verbose)
{ {
/*
char buf[30] = {0x00};
char *cmdStr = buf;
int ans = 0;
bool ST = config.ST;
uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
DemodBufferLen = 0x00;
snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );
ans = ASKDemod_ext(cmdStr, FALSE, FALSE, 1, &ST);
snprintf(cmdStr, sizeof(buf),"0 %d %d 1", bitRate[config.bitrate], config.inverted );
ans = ASKbiphaseDemod(cmdStr, FALSE);
*/
uint8_t fndClk[] = {8,16,32,40,50,64,128}; uint8_t fndClk[] = {8,16,32,40,50,64,128};
int clk = 0; int clk = 0;
int invert = 0; int invert = 0;
@ -553,14 +541,46 @@ int CmdReadWord(const char *Cmd) {
return -1; return -1;
} }
//uint8_t got[12288]; uint8_t got[6000];
uint8_t got[30000];
GetFromBigBuf(got, sizeof(got), 0); GetFromBigBuf(got, sizeof(got), 0);
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 8000) ) { if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) {
PrintAndLog("command execution time out"); PrintAndLog("command execution time out");
return 0; return -1;
} }
setGraphBuf(got, sizeof(got)); setGraphBuf(got, sizeof(got));
int ans = 0;
//bool ST = true;
DemodBufferLen = 0x00;
//ans = ASKDemod_ext("0 0 1", FALSE, FALSE, 1, &ST);
ans = ASKbiphaseDemod("0 0 1", FALSE);
if (!ans) {
if (g_debugMode) PrintAndLog("DEBUG: Error - EM4305: ASK/Manchester Demod failed");
return -1;
}
size_t startIdx = 0, size = DemodBufferLen;
PrintAndLog("ANS: %d | %u | %u", ans, startIdx, size);
uint8_t preamble[8] = {0,0,0,0,1,0,1,0};
uint8_t errChk = !preambleSearch(DemodBuffer, preamble, sizeof(preamble), &size, &startIdx);
if ( errChk == 0) {
if (g_debugMode) PrintAndLog("DEBUG: Error - EM4305 preamble not found :: %d", startIdx);
return -1;
}
// sanity check.
if (size != 32) {
if (g_debugMode) PrintAndLog("DEBUG: Error - EM4305 incorrect data length found, %u", size );
return -1;
}
//setDemodBuf(BitStream, 32, preambleIndex);
return 1; return 1;
} }
@ -614,6 +634,37 @@ int CmdWriteWord(const char *Cmd) {
PrintAndLog("Error occurred, device did not respond during write operation."); PrintAndLog("Error occurred, device did not respond during write operation.");
return -1; return -1;
} }
//get response if there is one
uint8_t got[6000]; // 8 bit preamble + 32 bit word response (max clock (128) * 40bits = 5120 samples)
GetFromBigBuf(got, sizeof(got), 0);
if ( !WaitForResponseTimeout(CMD_ACK, NULL, 8000) ) {
PrintAndLog("command execution time out");
return -2;
}
setGraphBuf(got, sizeof(got));
int ans = 0;
//bool ST = true;
DemodBufferLen = 0x00;
//ans = ASKDemod_ext("0 0 1", FALSE, FALSE, 1, &ST);
ans = ASKbiphaseDemod("0 0 1", FALSE);
if (!ans) {
if (g_debugMode) PrintAndLog("DEBUG: Error - EM4305: ASK/Manchester Demod failed");
return -3;
}
PrintAndLog("ANS: %d", ans);
//todo: check response for 00001010 then write data for write confirmation!
size_t startIdx = 0, size = DemodBufferLen;
uint8_t preamble[8] = {0,0,0,0,1,0,1,0};
if (!preambleSearch(DemodBuffer, preamble, sizeof(preamble), &size, &startIdx)){
if (g_debugMode) PrintAndLog("DEBUG: Error - EM4305 preamble not found :: %d", startIdx);
return -4;
}
PrintAndLog("Write OK");
return 0; return 0;
} }
@ -625,9 +676,9 @@ static command_t CommandTable[] = {
{"em410xwatch", CmdEM410xWatch, 0, "['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)"}, {"em410xwatch", CmdEM410xWatch, 0, "['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)"},
{"em410xspoof", CmdEM410xWatchnSpoof, 0, "['h'] --- Watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)" }, {"em410xspoof", CmdEM410xWatchnSpoof, 0, "['h'] --- Watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)" },
{"em410xwrite", CmdEM410xWrite, 0, "<UID> <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate"}, {"em410xwrite", CmdEM410xWrite, 0, "<UID> <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate"},
{"em4x50read", CmdEM4x50Read, 1, "Extract data from EM4x50 tag"}, {"em4x50read", CmdEM4x50Read, 1, "demod data from EM4x50 tag from the graphbuffer"},
{"readword", CmdReadWord, 1, "Read EM4xxx data"}, {"readword", CmdReadWord, 1, "read EM4x05/4x69 data"},
{"writeword", CmdWriteWord, 1, "Write EM4xxx data"}, {"writeword", CmdWriteWord, 1, "write EM405/4x69 data"},
{NULL, NULL, 0, NULL} {NULL, NULL, 0, NULL}
}; };

6
client/cmdlffdx.c
View file

@ -202,7 +202,7 @@ int CmdFdxClone(const char *Cmd) {
uint32_t countryid = 0; uint32_t countryid = 0;
uint64_t animalid = 0; uint64_t animalid = 0;
uint32_t blocks[5] = {T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_32 | 4<<T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0}; uint32_t blocks[5] = {T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_32 | 4 << T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0};
uint8_t bits[128]; uint8_t bits[128];
uint8_t *bs = bits; uint8_t *bs = bits;
memset(bs, 0, sizeof(bits)); memset(bs, 0, sizeof(bits));
@ -214,9 +214,9 @@ int CmdFdxClone(const char *Cmd) {
animalid = param_get64ex(Cmd, 1, 0, 10); animalid = param_get64ex(Cmd, 1, 0, 10);
//Q5 //Q5
if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') { if (param_getchar(Cmd, 2) == 'Q' || param_getchar(Cmd, 2) == 'q') {
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | 32<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | ((32-2)>>1) << T5555_BITRATE_SHIFT | 4 << T5555_MAXBLOCK_SHIFT;
} }
verify_values(countryid, animalid); verify_values(countryid, animalid);

104
client/cmdlfguard.c
View file

@ -15,8 +15,9 @@ int usage_lf_guard_clone(void){
PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated. "); PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated. ");
PrintAndLog("Currently work only on 26bit"); PrintAndLog("Currently work only on 26bit");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Usage: lf guard clone <Facility-Code> <Card-Number>"); PrintAndLog("Usage: lf guard clone <format> <Facility-Code> <Card-Number>");
PrintAndLog("Options :"); PrintAndLog("Options :");
PrintAndLog(" <format> : format length 26|32|36|40");
PrintAndLog(" <Facility-Code> : 8-bit value facility code"); PrintAndLog(" <Facility-Code> : 8-bit value facility code");
PrintAndLog(" <Card Number> : 16-bit value card number"); PrintAndLog(" <Card Number> : 16-bit value card number");
PrintAndLog(""); PrintAndLog("");
@ -30,8 +31,9 @@ int usage_lf_guard_sim(void) {
PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated."); PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated.");
PrintAndLog("Currently work only on 26bit"); PrintAndLog("Currently work only on 26bit");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Usage: lf guard sim <Card-Number>"); PrintAndLog("Usage: lf guard sim <format> <Card-Number>");
PrintAndLog("Options :"); PrintAndLog("Options :");
PrintAndLog(" <format> : format length 26|32|36|40");
PrintAndLog(" <Facility-Code> : 8-bit value facility code"); PrintAndLog(" <Facility-Code> : 8-bit value facility code");
PrintAndLog(" <Card Number> : 16-bit value card number"); PrintAndLog(" <Card Number> : 16-bit value card number");
PrintAndLog(""); PrintAndLog("");
@ -40,44 +42,61 @@ int usage_lf_guard_sim(void) {
} }
// Works for 26bits. // Works for 26bits.
int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) { int GetGuardBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *guardBits) {
// Intializes random number generator
time_t t;
srand((unsigned) time(&t));
//uint8_t xorKey = rand() % 0xFF;
uint8_t xorKey = 0x66; uint8_t xorKey = 0x66;
uint8_t i; uint8_t i;
uint8_t pre[96]; uint8_t pre[96];
memset(pre, 0x00, sizeof(pre));
// Get 26 wiegand from FacilityCode, CardNumber
uint8_t wiegand[24];
memset(wiegand, 0x00, sizeof(wiegand));
num_to_bytebits(fc, 8, wiegand);
num_to_bytebits(cn, 16, wiegand+8);
// add wiegand parity bits (dest, source, len)
wiegand_add_parity(pre, wiegand, 24);
// lets start. 12bytes of data to be produced.
uint8_t rawbytes[12]; uint8_t rawbytes[12];
memset(rawbytes, 0x00, sizeof(rawbytes)); memset(pre, 0x00, sizeof(pre));
memset(rawbytes, 0x00, sizeof(rawbytes));
// xor key
rawbytes[0] = xorKey;
// add format length (decimal) // add format length (decimal)
// len | hex | bin switch (fmtlen) {
// 26 | 1A | 0001 1010 case 32: {
rawbytes[1] = (26 << 2); rawbytes[1] = (32 << 2);
// 36 | 24 | 0010 0100
//rawbytes[1] = (36 << 2); break;
// 40 | 28 | 0010 1000 }
//rawbytes[1] = (40 << 2); case 36: {
// FC = ((ByteStream[3] & 0x7F)<<7) | (ByteStream[4]>>1);
// Card = ((ByteStream[4]&1)<<19) | (ByteStream[5]<<11) | (ByteStream[6]<<3) | (ByteStream[7]>>5);
rawbytes[1] = (36 << 2);
// Get 26 wiegand from FacilityCode, CardNumber
uint8_t wiegand[34];
memset(wiegand, 0x00, sizeof(wiegand));
num_to_bytebits(fc, 8, wiegand);
num_to_bytebits(cn, 26, wiegand+8);
// add wiegand parity bits (dest, source, len)
wiegand_add_parity(pre, wiegand, 34);
break;
}
case 40: {
rawbytes[1] = (40 << 2);
break;
}
case 26:
default: {
rawbytes[1] = (26 << 2);
// Get 26 wiegand from FacilityCode, CardNumber
uint8_t wiegand[24];
memset(wiegand, 0x00, sizeof(wiegand));
num_to_bytebits(fc, 8, wiegand);
num_to_bytebits(cn, 16, wiegand+8);
// add wiegand parity bits (dest, source, len)
wiegand_add_parity(pre, wiegand, 24);
break;
}
}
// 2bit checksum, unknown today, // 2bit checksum, unknown today,
// these two bits are the last ones of rawbyte[1], hence the LSHIFT above. // these two bits are the last ones of rawbyte[1], hence the LSHIFT above.
// xor key
rawbytes[0] = xorKey;
rawbytes[2] = 1; rawbytes[2] = 1;
rawbytes[3] = 0; rawbytes[3] = 0;
@ -87,6 +106,7 @@ int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) {
if (g_debugMode) printf(" WIE | %s\n", sprint_hex(rawbytes, sizeof(rawbytes))); if (g_debugMode) printf(" WIE | %s\n", sprint_hex(rawbytes, sizeof(rawbytes)));
// XOR (only works on wiegand stuff) // XOR (only works on wiegand stuff)
for (i = 1; i < 12; ++i) for (i = 1; i < 12; ++i)
rawbytes[i] ^= xorKey ; rawbytes[i] ^= xorKey ;
@ -127,24 +147,25 @@ int CmdGuardClone(const char *Cmd) {
char cmdp = param_getchar(Cmd, 0); char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_clone(); if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_clone();
uint32_t facilitycode=0, cardnumber=0, fc = 0, cn = 0; uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0, fmtlen = 0;
uint8_t i; uint8_t i;
uint8_t bs[96]; uint8_t bs[96];
memset(bs, 0x00, sizeof(bs)); memset(bs, 0x00, sizeof(bs));
//GuardProxII - compat mode, ASK/Biphase, data rate 64, 3 data blocks //GuardProxII - compat mode, ASK/Biphase, data rate 64, 3 data blocks
uint32_t blocks[5] = {T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 3<<T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0}; uint32_t blocks[5] = {T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 3 << T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0};
// if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q') if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
// blocks[0] = T5555_MODULATION_FSK2 | 50<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_FSK2 | ((50-2)>>1) << T5555_BITRATE_SHIFT | 3 << T5555_MAXBLOCK_SHIFT;
if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_guard_clone(); if (sscanf(Cmd, "%u %u %u", &fmtlen, &fc, &cn ) != 2) return usage_lf_guard_clone();
fmtlen &= 0x7f;
facilitycode = (fc & 0x000000FF); facilitycode = (fc & 0x000000FF);
cardnumber = (cn & 0x0000FFFF); cardnumber = (cn & 0x0000FFFF);
if ( !GetGuardBits(facilitycode, cardnumber, bs)) { if ( !GetGuardBits(fmtlen, facilitycode, cardnumber, bs)) {
PrintAndLog("Error with tag bitstream generation."); PrintAndLog("Error with tag bitstream generation.");
return 1; return 1;
} }
@ -180,18 +201,19 @@ int CmdGuardSim(const char *Cmd) {
char cmdp = param_getchar(Cmd, 0); char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_sim(); if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_sim();
uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0; uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0, fmtlen = 0;
uint8_t clock = 64, encoding = 2, separator = 0, invert = 0; uint8_t clock = 64, encoding = 2, separator = 0, invert = 0;
uint8_t bs[96]; uint8_t bs[96];
memset(bs, 0x00, sizeof(bs)); memset(bs, 0x00, sizeof(bs));
if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_guard_sim(); if (sscanf(Cmd, "%u %u %u", &fmtlen, &fc, &cn ) != 2) return usage_lf_guard_sim();
fmtlen &= 0x7F;
facilitycode = (fc & 0x000000FF); facilitycode = (fc & 0x000000FF);
cardnumber = (cn & 0x0000FFFF); cardnumber = (cn & 0x0000FFFF);
if ( !GetGuardBits(facilitycode, cardnumber, bs)) { if ( !GetGuardBits(fmtlen, facilitycode, cardnumber, bs)) {
PrintAndLog("Error with tag bitstream generation."); PrintAndLog("Error with tag bitstream generation.");
return 1; return 1;
} }

6
client/cmdlfio.c
View file

@ -185,7 +185,7 @@ int CmdIOSim(const char *Cmd) {
int CmdIOClone(const char *Cmd) { int CmdIOClone(const char *Cmd) {
uint32_t blocks[3] = {T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_64 | 2<<T55x7_MAXBLOCK_SHIFT, 0, 0}; uint32_t blocks[3] = {T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_64 | 2 << T55x7_MAXBLOCK_SHIFT, 0, 0};
uint16_t cn = 0; uint16_t cn = 0;
uint8_t version = 0, fc = 0; uint8_t version = 0, fc = 0;
uint8_t bits[64]; uint8_t bits[64];
@ -206,9 +206,9 @@ int CmdIOClone(const char *Cmd) {
PrintAndLog("Card Number Truncated to 16-bits (IOProx): %u", cn); PrintAndLog("Card Number Truncated to 16-bits (IOProx): %u", cn);
} }
// if (param_getchar(Cmd, 4) == 'Q' || param_getchar(Cmd, 4) == 'q') if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
// blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 50<<T5555_BITRATE_SHIFT | 3<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | ((50-2)>>1) << T5555_BITRATE_SHIFT | 2 << T5555_MAXBLOCK_SHIFT;
if ( !getIOProxBits(version, fc, cn, bs)) { if ( !getIOProxBits(version, fc, cn, bs)) {
PrintAndLog("Error with tag bitstream generation."); PrintAndLog("Error with tag bitstream generation.");

4
client/cmdlfjablotron.c
View file

@ -132,7 +132,7 @@ int CmdJablotronRead(const char *Cmd) {
int CmdJablotronClone(const char *Cmd) { int CmdJablotronClone(const char *Cmd) {
uint64_t fullcode = 0; uint64_t fullcode = 0;
uint32_t blocks[3] = {T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_64 | 2<<T55x7_MAXBLOCK_SHIFT, 0, 0}; uint32_t blocks[3] = {T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_64 | 2 << T55x7_MAXBLOCK_SHIFT, 0, 0};
uint8_t bits[64]; uint8_t bits[64];
uint8_t *bs = bits; uint8_t *bs = bits;
@ -146,7 +146,7 @@ int CmdJablotronClone(const char *Cmd) {
//Q5 //Q5
if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') { if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') {
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | 64<<T5555_BITRATE_SHIFT | 2<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | ((64-2)>>1) << T5555_BITRATE_SHIFT | 2 << T5555_MAXBLOCK_SHIFT;
} }
// clearing the topbit needed for the preambl detection. // clearing the topbit needed for the preambl detection.

4
client/cmdlfnedap.c
View file

@ -229,11 +229,11 @@ int CmdLFNedapClone(const char *Cmd) {
((ASK/DIphase data rawdemod ab 0 64 1 0 ((ASK/DIphase data rawdemod ab 0 64 1 0
//NEDAP - compat mode, ASK/DIphase, data rate 64, 4 data blocks //NEDAP - compat mode, ASK/DIphase, data rate 64, 4 data blocks
// DI-pahse (CDP) T55x7_MODULATION_DIPHASE // DI-pahse (CDP) T55x7_MODULATION_DIPHASE
blocks[0] = T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_64 | 7<<T55x7_MAXBLOCK_SHIFT; blocks[0] = T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_64 | 7 << T55x7_MAXBLOCK_SHIFT;
if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q') if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | 64<<T5555_BITRATE_SHIFT | 7<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | ((64-2)>>1) << T5555_BITRATE_SHIFT | 7 <<T5555_MAXBLOCK_SHIFT;
blocks[1] = bytebits_to_byte(bs,32); blocks[1] = bytebits_to_byte(bs,32);
blocks[2] = bytebits_to_byte(bs+32,32); blocks[2] = bytebits_to_byte(bs+32,32);

18
client/cmdlfnoralsy.c
View file

@ -71,6 +71,18 @@ int getnoralsyBits(uint32_t id, uint16_t year, uint8_t *bits) {
return 1; return 1;
} }
/*
*
* 2520116 | BB0314FF2529900116360000 | 10111011 00000011 00010100 11111111 00100101 00101001 10010000 00000001 00010110 00110110 00000000 00000000
* aaaaaaaaiii***iiiicc---- iiiiiiii iiiiYYYY YYYY**** iiiiiiii iiiiiiii cccccccc
*
* a = fixed value BB0314FF
* i = printed id, BCD-format
* Y = year
* c = checksum
*
**/
//see ASKDemod for what args are accepted //see ASKDemod for what args are accepted
int CmdNoralsyDemod(const char *Cmd) { int CmdNoralsyDemod(const char *Cmd) {
@ -141,7 +153,7 @@ int CmdNoralsyClone(const char *Cmd) {
uint16_t year = 0; uint16_t year = 0;
uint32_t id = 0; uint32_t id = 0;
uint32_t blocks[4] = {T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | T55x7_ST_TERMINATOR |3<<T55x7_MAXBLOCK_SHIFT, 0, 0}; uint32_t blocks[4] = {T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | T55x7_ST_TERMINATOR | 3 << T55x7_MAXBLOCK_SHIFT, 0, 0};
uint8_t bits[96]; uint8_t bits[96];
uint8_t *bs = bits; uint8_t *bs = bits;
memset(bs, 0, sizeof(bits)); memset(bs, 0, sizeof(bits));
@ -153,9 +165,9 @@ int CmdNoralsyClone(const char *Cmd) {
year = param_get32ex(Cmd, 1, 2000, 10); year = param_get32ex(Cmd, 1, 2000, 10);
//Q5 //Q5
if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') { if (param_getchar(Cmd, 2) == 'Q' || param_getchar(Cmd, 2) == 'q') {
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_MANCHESTER | 32<<T5555_BITRATE_SHIFT | T5555_ST_TERMINATOR | 3<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_MANCHESTER | ((32-2)>>1) << T5555_BITRATE_SHIFT | T5555_ST_TERMINATOR | 3 << T5555_MAXBLOCK_SHIFT;
} }
if ( !getnoralsyBits(id, year, bs)) { if ( !getnoralsyBits(id, year, bs)) {

4
client/cmdlfpresco.c
View file

@ -173,14 +173,14 @@ int CmdPrescoClone(const char *Cmd) {
bool Q5 = false; bool Q5 = false;
uint32_t sitecode=0, usercode=0, fullcode=0; uint32_t sitecode=0, usercode=0, fullcode=0;
uint32_t blocks[5] = {T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | 4<<T55x7_MAXBLOCK_SHIFT | T55x7_ST_TERMINATOR, 0, 0, 0, 0}; uint32_t blocks[5] = {T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | 4 << T55x7_MAXBLOCK_SHIFT | T55x7_ST_TERMINATOR, 0, 0, 0, 0};
// get wiegand from printed number. // get wiegand from printed number.
if (GetWiegandFromPresco(Cmd, &sitecode, &usercode, &fullcode, &Q5) == -1) return usage_lf_presco_clone(); if (GetWiegandFromPresco(Cmd, &sitecode, &usercode, &fullcode, &Q5) == -1) return usage_lf_presco_clone();
if (Q5) if (Q5)
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_MANCHESTER | 32<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT | T5555_ST_TERMINATOR; blocks[0] = T5555_MODULATION_MANCHESTER | ((32-2)>>1) << T5555_BITRATE_SHIFT | 4 << T5555_MAXBLOCK_SHIFT | T5555_ST_TERMINATOR;
if ((sitecode & 0xFF) != sitecode) { if ((sitecode & 0xFF) != sitecode) {
sitecode &= 0xFF; sitecode &= 0xFF;

6
client/cmdlfpyramid.c
View file

@ -100,11 +100,11 @@ int CmdPyramidClone(const char *Cmd) {
} }
//Pyramid - compat mode, FSK2a, data rate 50, 4 data blocks //Pyramid - compat mode, FSK2a, data rate 50, 4 data blocks
blocks[0] = T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_50 | 4<<T55x7_MAXBLOCK_SHIFT; blocks[0] = T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_50 | 4 << T55x7_MAXBLOCK_SHIFT;
if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q') if (param_getchar(Cmd, 2) == 'Q' || param_getchar(Cmd, 2) == 'q')
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 50<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | ((50-2)>>1) << T5555_BITRATE_SHIFT | 4 << T5555_MAXBLOCK_SHIFT;
blocks[1] = bytebits_to_byte(bs,32); blocks[1] = bytebits_to_byte(bs,32);
blocks[2] = bytebits_to_byte(bs+32,32); blocks[2] = bytebits_to_byte(bs+32,32);

17
client/cmdlfvisa2000.c
View file

@ -45,6 +45,17 @@ static uint8_t visa_chksum( uint32_t id ) {
return sum & 0xF; return sum & 0xF;
} }
/**
*
* 56495332 00096ebd 00000077 > tag id 618173
* aaaaaaaa iiiiiiii -----..c
*
* a = fixed value ascii 'VIS2'
* i = card id
* c = checksum (xor of card id)
* . = unknown
*
**/
//see ASKDemod for what args are accepted //see ASKDemod for what args are accepted
int CmdVisa2kDemod(const char *Cmd) { int CmdVisa2kDemod(const char *Cmd) {
@ -82,7 +93,7 @@ int CmdVisa2kDemod(const char *Cmd) {
uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32);
uint32_t raw2 = bytebits_to_byte(DemodBuffer+32, 32); uint32_t raw2 = bytebits_to_byte(DemodBuffer+32, 32);
uint32_t raw3 = bytebits_to_byte(DemodBuffer+64, 32); uint32_t raw3 = bytebits_to_byte(DemodBuffer+64, 32);
// chksum // chksum
uint8_t calc = visa_chksum(raw2); uint8_t calc = visa_chksum(raw2);
uint8_t chk = raw3 & 0xF; uint8_t chk = raw3 & 0xF;
@ -106,7 +117,7 @@ int CmdVisa2kRead(const char *Cmd) {
int CmdVisa2kClone(const char *Cmd) { int CmdVisa2kClone(const char *Cmd) {
uint64_t id = 0; uint64_t id = 0;
uint32_t blocks[4] = {T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_64 | T55x7_ST_TERMINATOR |3<<T55x7_MAXBLOCK_SHIFT, BL0CK1, 0}; uint32_t blocks[4] = {T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_64 | T55x7_ST_TERMINATOR | 3 << T55x7_MAXBLOCK_SHIFT, BL0CK1, 0};
char cmdp = param_getchar(Cmd, 0); char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_visa2k_clone(); if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_visa2k_clone();
@ -116,7 +127,7 @@ int CmdVisa2kClone(const char *Cmd) {
//Q5 //Q5
if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') { if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') {
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman) //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
blocks[0] = T5555_MODULATION_MANCHESTER | 64<<T5555_BITRATE_SHIFT | T5555_ST_TERMINATOR | 3<<T5555_MAXBLOCK_SHIFT; blocks[0] = T5555_MODULATION_MANCHESTER | ((64-2)>>1) << T5555_BITRATE_SHIFT | T5555_ST_TERMINATOR | 3 << T5555_MAXBLOCK_SHIFT;
} }
// //