diff --git a/armsrc/Makefile b/armsrc/Makefile index f87cf0a1..3869029d 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -10,7 +10,7 @@ APP_INCLUDES = apps.h #remove one of the following defines and comment out the relevant line #in the next section to remove that particular feature from compilation -APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG +APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -fno-strict-aliasing #-DWITH_LCD #SRC_LCD = fonts.c LCD.c diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 3c92a7fd..d52ed94a 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -18,7 +18,6 @@ #include "util.h" #include "printf.h" #include "string.h" - #include #include "legicrf.h" diff --git a/armsrc/crapto1.c b/armsrc/crapto1.c index 9d491d12..df0834b8 100644 --- a/armsrc/crapto1.c +++ b/armsrc/crapto1.c @@ -44,12 +44,12 @@ static void quicksort(uint32_t* const start, uint32_t* const stop) else if(*rit > *start) --rit; else - *it ^= (*it ^= *rit, *rit ^= *it); + *it ^= ( (*it ^= *rit ), *rit ^= *it); if(*rit >= *start) --rit; if(rit != start) - *rit ^= (*rit ^= *start, *start ^= *rit); + *rit ^= ( (*rit ^= *start), *start ^= *rit); quicksort(start, rit - 1); quicksort(rit + 1, stop); diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index c2f809fe..cf55e606 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1812,7 +1812,7 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u if (!ReaderReceive(resp, resp_par)) return 0; sak = resp[0]; - // Test if more parts of the uid are comming + // Test if more parts of the uid are coming if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) { // Remove first byte, 0x88 is not an UID byte, it CT, see page 3 of: // http://www.nxp.com/documents/application_note/AN10927.pdf diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 8541553b..a52ee4c9 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -214,7 +214,6 @@ void MifareUReadCard(uint8_t arg0, uint8_t *datain) // clear trace iso14a_clear_trace(); -// iso14a_set_tracing(false); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); diff --git a/armsrc/string.c b/armsrc/string.c index cc71276c..945a4cf6 100644 --- a/armsrc/string.c +++ b/armsrc/string.c @@ -48,6 +48,11 @@ int memcmp(const void *av, const void *bv, int len) return 0; } +void memxor(uint8_t * dest, uint8_t * src, size_t len) { + for( ; len > 0; len--,dest++,src++) + *dest ^= *src; +} + int strlen(const char *str) { int l = 0; diff --git a/armsrc/string.h b/armsrc/string.h index 46ee218d..a9dbd826 100644 --- a/armsrc/string.h +++ b/armsrc/string.h @@ -12,10 +12,14 @@ #ifndef __STRING_H #define __STRING_H +#include +#include + int strlen(const char *str); -void *memcpy(void *dest, const void *src, int len); +RAMFUNC void *memcpy(void *dest, const void *src, int len); void *memset(void *dest, int c, int len); -int memcmp(const void *av, const void *bv, int len); +RAMFUNC int memcmp(const void *av, const void *bv, int len); +void memxor(uint8_t * dest, uint8_t * src, size_t len); char *strncat(char *dest, const char *src, unsigned int n); char *strcat(char *dest, const char *src); void strreverse(char s[]); diff --git a/client/cmddata.c b/client/cmddata.c index 38917a33..3ac8db25 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -891,21 +891,52 @@ int CmdSamples(const char *Cmd) int CmdTuneSamples(const char *Cmd) { - int cnt = 0; - int n = 255; - uint8_t got[255]; + int timeout = 0; + printf("\nMeasuring antenna characteristics, please wait..."); - PrintAndLog("Reading %d samples\n", n); - GetFromBigBuf(got,n,7256); // armsrc/apps.h: #define FREE_BUFFER_OFFSET 7256 - WaitForResponse(CMD_ACK,NULL); - for (int j = 0; j < n; j++) { - GraphBuffer[cnt++] = ((int)got[j]) - 128; + UsbCommand c = {CMD_MEASURE_ANTENNA_TUNING}; + SendCommand(&c); + + UsbCommand resp; + while(!WaitForResponseTimeout(CMD_MEASURED_ANTENNA_TUNING,&resp,1000)) { + timeout++; + printf("."); + if (timeout > 7) { + PrintAndLog("\nNo response from Proxmark. Aborting..."); + return 1; + } + } + + int peakv, peakf; + int vLf125, vLf134, vHf; + vLf125 = resp.arg[0] & 0xffff; + vLf134 = resp.arg[0] >> 16; + vHf = resp.arg[1] & 0xffff;; + peakf = resp.arg[2] & 0xffff; + peakv = resp.arg[2] >> 16; + PrintAndLog(""); + PrintAndLog("# LF antenna: %5.2f V @ 125.00 kHz", vLf125/1000.0); + PrintAndLog("# LF antenna: %5.2f V @ 134.00 kHz", vLf134/1000.0); + PrintAndLog("# LF optimal: %5.2f V @%9.2f kHz", peakv/1000.0, 12000.0/(peakf+1)); + PrintAndLog("# HF antenna: %5.2f V @ 13.56 MHz", vHf/1000.0); + if (peakv<2000) + PrintAndLog("# Your LF antenna is unusable."); + else if (peakv<10000) + PrintAndLog("# Your LF antenna is marginal."); + if (vHf<2000) + PrintAndLog("# Your HF antenna is unusable."); + else if (vHf<5000) + PrintAndLog("# Your HF antenna is marginal."); + + for (int i = 0; i < 256; i++) { + GraphBuffer[i] = resp.d.asBytes[i] - 128; } PrintAndLog("Done! Divisor 89 is 134khz, 95 is 125khz.\n"); PrintAndLog("\n"); - GraphTraceLen = n; - RepaintGraphWindow(); + GraphTraceLen = 256; + ShowGraphWindow(); + return 0; } diff --git a/client/cmdhw.c b/client/cmdhw.c index 443973b8..642f63c5 100644 --- a/client/cmdhw.c +++ b/client/cmdhw.c @@ -13,12 +13,11 @@ #include #include #include "ui.h" -//#include "proxusb.h" #include "proxmark3.h" #include "cmdparser.h" +#include "cmddata.h" #include "cmdhw.h" #include "cmdmain.h" -#include "cmddata.h" /* low-level hardware control */ @@ -418,7 +417,7 @@ static command_t CommandTable[] = {"setlfdivisor", CmdSetDivisor, 0, "<19 - 255> -- Drive LF antenna at 12Mhz/(divisor+1)"}, {"setmux", CmdSetMux, 0, " -- Set the ADC mux to a specific value"}, {"tune", CmdTune, 0, "Measure antenna tuning"}, - {"version", CmdVersion, 0, "Show version inforation about the connected Proxmark"}, + {"version", CmdVersion, 0, "Show version information about the connected Proxmark"}, {NULL, NULL, 0, NULL} }; diff --git a/client/cmdlf.c b/client/cmdlf.c index 18bcf747..4bb683ee 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -70,7 +70,7 @@ int CmdFlexdemod(const char *Cmd) } } if (start == GraphTraceLen - LONG_WAIT) { - PrintAndLog("nothing to wait for"); + //PrintAndLog("nothing to wait for"); return 0; } @@ -200,7 +200,7 @@ int CmdIndalaDemod(const char *Cmd) } if (start == rawbit - uidlen + 1) { - PrintAndLog("nothing to wait for"); + //PrintAndLog("nothing to wait for"); return 0; } @@ -392,7 +392,7 @@ static void ChkBitstream(const char *str) int CmdLFSim(const char *Cmd) { - int i; + int i,j; static int gap; sscanf(Cmd, "%i", &gap); @@ -400,18 +400,20 @@ int CmdLFSim(const char *Cmd) /* convert to bitstream if necessary */ ChkBitstream(Cmd); - PrintAndLog("Sending data, please wait..."); - for (i = 0; i < GraphTraceLen; i += 48) { + printf("Sending [%d bytes]", GraphTraceLen); + for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) { UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}}; - int j; - for (j = 0; j < 48; j++) { + + for (j = 0; j < USB_CMD_DATA_SIZE; j++) { c.d.asBytes[j] = GraphBuffer[i+j]; } SendCommand(&c); WaitForResponse(CMD_ACK,NULL); + printf("."); } - PrintAndLog("Starting simulator..."); + printf("\n"); + PrintAndLog("Starting to simulate"); UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}}; SendCommand(&c); return 0; diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 32a0ff7c..d2026452 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -13,12 +13,16 @@ #include #include "proxmark3.h" #include "ui.h" -#include "util.h" #include "graph.h" +#include "cmdmain.h" #include "cmdparser.h" #include "cmddata.h" #include "cmdlf.h" #include "cmdlfem4x.h" +#include "util.h" +#include "data.h" +#define LF_TRACE_BUFF_SIZE 12000 +#define LF_BITSSTREAM_LEN 1000 static int CmdHelp(const char *Cmd); @@ -77,9 +81,9 @@ int CmdEM410xRead(const char *Cmd) /* Find out if we hit both high and low peaks */ for (j = 0; j < clock; j++) { - if (GraphBuffer[(i * clock) + j] == high) + if (GraphBuffer[(i * clock) + j] >= high) hithigh = 1; - else if (GraphBuffer[(i * clock) + j] == low) + else if (GraphBuffer[(i * clock) + j] <= low) hitlow = 1; /* it doesn't count if it's the first part of our read @@ -177,8 +181,10 @@ retest: } /* if we've already retested after flipping bits, return */ - if (retested++) + if (retested++){ + PrintAndLog("Failed to decode"); return 0; + } /* if this didn't work, try flipping bits */ for (i = 0; i < bit2idx; i++) diff --git a/client/cmdmain.c b/client/cmdmain.c index df3d4b2e..f041b24f 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -133,15 +133,14 @@ bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeou UsbCommand resp; - if (response == NULL) { + if (response == NULL) response = &resp; - } + // Wait until the command is received for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) { - while(getCommand(response)) - { + while(getCommand(response)) { if(response->cmd == cmd){ return true; } diff --git a/client/data.h b/client/data.h index 33ee9d04..41bd9a41 100644 --- a/client/data.h +++ b/client/data.h @@ -13,6 +13,9 @@ #include +//trace buffer size as defined in armsrc/apps.h TRACE_SIZE +#define TRACE_BUFFER_SIZE 4096 +#define FILE_PATH_SIZE 1000 #define SAMPLE_BUFFER_SIZE 64 extern uint8_t* sample_buf; diff --git a/client/graph.c b/client/graph.c index a0e85ffd..a2753af7 100644 --- a/client/graph.c +++ b/client/graph.c @@ -36,6 +36,8 @@ void AppendGraph(int redraw, int clock, int bit) int ClearGraph(int redraw) { int gtl = GraphTraceLen; + memset(GraphBuffer, 0x00, GraphTraceLen); + GraphTraceLen = 0; if (redraw) diff --git a/client/loclass/elite_crack.c b/client/loclass/elite_crack.c index f0eb964b..adedba85 100644 --- a/client/loclass/elite_crack.c +++ b/client/loclass/elite_crack.c @@ -514,7 +514,6 @@ int bruteforceDump(uint8_t dump[], size_t dumpsize, uint16_t keytable[]) */ int bruteforceFile(const char *filename, uint16_t keytable[]) { - FILE *f = fopen(filename, "rb"); if(!f) { prnlog("Failed to read from file '%s'", filename); diff --git a/client/loclass/ikeys.c b/client/loclass/ikeys.c index 4749181e..f7115b19 100644 --- a/client/loclass/ikeys.c +++ b/client/loclass/ikeys.c @@ -725,7 +725,6 @@ int doTestsWithKnownInputs() int readKeyFile(uint8_t key[8]) { - FILE *f; int retval = 1; f = fopen("iclass_key.bin", "rb"); @@ -738,7 +737,6 @@ int readKeyFile(uint8_t key[8]) fclose(f); } return retval; - } diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index aeba31a7..13b9c8e7 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -64,6 +64,7 @@ local _commands = { CMD_ISO_15693_COMMAND_DONE = 0x0314, CMD_ISO_15693_FIND_AFI = 0x0315, CMD_ISO_15693_DEBUG = 0x0316, + CMD_LF_SNOOP_RAW_ADC_SAMPLES = 0x0317, --// For Hitag2 transponders CMD_SNOOP_HITAG = 0x0370, @@ -80,10 +81,13 @@ local _commands = { CMD_READER_LEGIC_RF = 0x0388, CMD_WRITER_LEGIC_RF = 0x0389, CMD_EPA_PACE_COLLECT_NONCE = 0x038A, + --//CMD_EPA_ = 0x038B, CMD_SNOOP_ICLASS = 0x0392, CMD_SIMULATE_TAG_ICLASS = 0x0393, CMD_READER_ICLASS = 0x0394, + CMD_READER_ICLASS_REPLAY = 0x0395, + CMD_ICLASS_ISO14443A_WRITE = 0x0397, --// For measurements of the antenna tuning CMD_MEASURE_ANTENNA_TUNING = 0x0400, @@ -100,8 +104,11 @@ local _commands = { CMD_MIFARE_EML_MEMSET = 0x0602, CMD_MIFARE_EML_MEMGET = 0x0603, CMD_MIFARE_EML_CARDLOAD = 0x0604, - CMD_MIFARE_EML_CSETBLOCK = 0x0605, - CMD_MIFARE_EML_CGETBLOCK = 0x0606, + + --// magic chinese card commands + CMD_MIFARE_CSETBLOCK = 0x0605, + CMD_MIFARE_CGETBLOCK = 0x0606, + CMD_MIFARE_CIDENT = 0x0607, CMD_SIMULATE_MIFARE_CARD = 0x0610, @@ -109,12 +116,33 @@ local _commands = { CMD_MIFARE_NESTED = 0x0612, CMD_MIFARE_READBL = 0x0620, + CMD_MIFAREU_READBL = 0x0720, + CMD_MIFARE_READSC = 0x0621, + CMD_MIFAREU_READCARD = 0x0721, + CMD_MIFARE_WRITEBL = 0x0622, + CMD_MIFAREU_WRITEBL = 0x0722, + CMD_MIFAREU_WRITEBL_COMPAT = 0x0723, + CMD_MIFARE_CHKKEYS = 0x0623, CMD_MIFARE_SNIFFER = 0x0630, + --//ultralightC + CMD_MIFAREUC_AUTH1 = 0x0724, + CMD_MIFAREUC_AUTH2 = 0x0725, + CMD_MIFAREUC_READCARD = 0x0726, + + --// mifare desfire + CMD_MIFARE_DESFIRE_READBL = 0x0728, + CMD_MIFARE_DESFIRE_WRITEBL = 0x0729, + CMD_MIFARE_DESFIRE_AUTH1 = 0x072a, + CMD_MIFARE_DESFIRE_AUTH2 = 0x072b, + CMD_MIFARE_DES_READER = 0x072c, + CMD_MIFARE_DESFIRE_INFO = 0x072d, + CMD_MIFARE_DESFIRE = 0x072e, + CMD_UNKNOWN = 0xFFFF, } @@ -184,7 +212,6 @@ function Command:getBytes() local data = self.data local cmd = self.cmd local arg1, arg2, arg3 = self.arg1, self.arg2, self.arg3 - return bin.pack("LLLLH",cmd, arg1, arg2, arg3,data); end diff --git a/client/lualibs/html_dumplib.lua b/client/lualibs/html_dumplib.lua index b8c7ccaa..44b6b352 100644 --- a/client/lualibs/html_dumplib.lua +++ b/client/lualibs/html_dumplib.lua @@ -47,6 +47,18 @@ local function save_HTML(javascript, filename) end +local function save_TEXT(data,filename) + -- Open the output file + local outfile = io.open(filename, "wb") + if outfile == nil then + return oops(string.format("Could not write to file %s",tostring(filename))) + end + + outfile:write(data) + io.close(outfile) + return filename +end + local function save_BIN(data, filename) -- Open the output file @@ -181,4 +193,6 @@ return { convert_bin_to_html = convert_bin_to_html, convert_eml_to_html = convert_eml_to_html, convert_eml_to_bin = convert_eml_to_bin, + SaveAsBinary = save_BIN, + SaveAsText = save_TEXT, } diff --git a/client/lualibs/htmlskel.lua b/client/lualibs/htmlskel.lua index a52abdef..b468eb2d 100644 --- a/client/lualibs/htmlskel.lua +++ b/client/lualibs/htmlskel.lua @@ -55,6 +55,7 @@ local skel_1 = [[ return "UNKNOWN" } + add("04,,,Mifare TNP3xxx Activision 1K,0f01,01"); add("04,,,Mifare Mini,0004,09"); add("04,,,Mifare Classic 1k/Mifare Plus(4 byte UID) 2K SL1,0004,08"); add("04,,,Mifare Plus (4 byte UID) 2K SL2,0004,10"); diff --git a/client/lualibs/mf_default_keys.lua b/client/lualibs/mf_default_keys.lua index 4859ff0c..757112c6 100644 --- a/client/lualibs/mf_default_keys.lua +++ b/client/lualibs/mf_default_keys.lua @@ -141,6 +141,24 @@ local _keys = { '200000000000', 'a00000000000', 'b00000000000', + + --[[ + Should be for Mifare TNP3xxx tags A KEY. + --]] + '4b0b20107ccb', + + --[[ + Kiev metro cards + --]] + '8fe644038790', + 'f14ee7cae863', + '632193be1c3c', + '569369c5a0e5', + '9de89e070277', + 'eff603e1efe9', + '644672bd4afe', + + 'b5ff67cba951', } --- diff --git a/client/lualibs/read14a.lua b/client/lualibs/read14a.lua index 24021a1d..10e7c2d4 100644 --- a/client/lualibs/read14a.lua +++ b/client/lualibs/read14a.lua @@ -25,6 +25,7 @@ local ISO14A_COMMAND = { local ISO14443a_TYPES = {} ISO14443a_TYPES[0x00] = "NXP MIFARE Ultralight | Ultralight C" +ISO14443a_TYPES[0x01] = "NXP MIFARE TNP3xxx Activision Game Appliance" ISO14443a_TYPES[0x04] = "NXP MIFARE (various !DESFire !DESFire EV1)" ISO14443a_TYPES[0x08] = "NXP MIFARE CLASSIC 1k | Plus 2k" ISO14443a_TYPES[0x09] = "NXP MIFARE Mini 0.3k" diff --git a/client/nonce2key/crapto1.c b/client/nonce2key/crapto1.c index 61215420..6c0fcafa 100644 --- a/client/nonce2key/crapto1.c +++ b/client/nonce2key/crapto1.c @@ -549,7 +549,6 @@ lfsr_common_prefix(uint32_t pfx, uint32_t rr, uint8_t ks[8], uint8_t par[8][8], free(odd); free(even); return 0; - } s = statelist; diff --git a/client/scripts/formatMifare.lua b/client/scripts/formatMifare.lua index 1ced0c28..0d735e98 100644 --- a/client/scripts/formatMifare.lua +++ b/client/scripts/formatMifare.lua @@ -90,8 +90,10 @@ function GetCardInfo() elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k -- MIFARE Classic mini offers 320 bytes split into five sectors. numSectors = 5 - elseif 0x10 == result.sak then-- "NXP MIFARE Plus 2k" + elseif 0x10 == result.sak then -- NXP MIFARE Plus 2k numSectors = 32 + elseif 0x01 == sak then -- NXP MIFARE TNP3xxx 1K + numSectors = 16 else print("I don't know how many sectors there are on this type of card, defaulting to 16") end diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua index 8d0d358f..eb98ffbf 100644 --- a/client/scripts/mifare_autopwn.lua +++ b/client/scripts/mifare_autopwn.lua @@ -133,6 +133,8 @@ function nested(key,sak) typ = 0 elseif 0x10 == sak then-- "NXP MIFARE Plus 2k" typ = 2 + elseif 0x01 == sak then-- "NXP MIFARE TNP3xxx 1K" + typ = 1 else print("I don't know how many sectors there are on this type of card, defaulting to 16") end diff --git a/client/util.c b/client/util.c index 15e911a1..a077aae9 100644 --- a/client/util.c +++ b/client/util.c @@ -13,6 +13,7 @@ #ifndef _WIN32 #include #include + int ukbhit(void) { int cnt = 0; @@ -112,6 +113,19 @@ char * sprint_hex(const uint8_t * data, const size_t len) { return buf; } +char * sprint_bin(const uint8_t * data, const size_t len) { + + int maxLen = ( len > 1024) ? 1024 : len; + static char buf[1024]; + char * tmp = buf; + size_t i; + + for (i=0; i < maxLen; ++i, ++tmp) + sprintf(tmp, "%u", data[i]); + + return buf; +} + void num_to_bytes(uint64_t n, size_t len, uint8_t* dest) { while (len--) { @@ -131,6 +145,28 @@ uint64_t bytes_to_num(uint8_t* src, size_t len) return num; } +//assumes little endian +char * printBits(size_t const size, void const * const ptr) +{ + unsigned char *b = (unsigned char*) ptr; + unsigned char byte; + static char buf[1024]; + char * tmp = buf; + int i, j; + + for (i=size-1;i>=0;i--) + { + for (j=7;j>=0;j--) + { + byte = b[i] & (1<>= j; + sprintf(tmp, "%u", byte); + tmp++; + } + } + return buf; +} + // ------------------------------------------------------------------------- // string parameters lib // ------------------------------------------------------------------------- @@ -248,3 +284,102 @@ int param_getstr(const char *line, int paramnum, char * str) return en - bg + 1; } + +/* +The following methods comes from Rfidler sourcecode. +https://github.com/ApertureLabsLtd/RFIDler/blob/master/firmware/Pic32/RFIDler.X/src/ +*/ + +// convert hex to sequence of 0/1 bit values +// returns number of bits converted +int hextobinarray(char *target, char *source) +{ + int length, i, count= 0; + char x; + + length = strlen(source); + // process 4 bits (1 hex digit) at a time + while(length--) + { + x= *(source++); + // capitalize + if (x >= 'a' && x <= 'f') + x -= 32; + // convert to numeric value + if (x >= '0' && x <= '9') + x -= '0'; + else if (x >= 'A' && x <= 'F') + x -= 'A' - 10; + else + return 0; + // output + for(i= 0 ; i < 4 ; ++i, ++count) + *(target++)= (x >> (3 - i)) & 1; + } + + return count; +} + +// convert hex to human readable binary string +int hextobinstring(char *target, char *source) +{ + int length; + + if(!(length= hextobinarray(target, source))) + return 0; + binarraytobinstring(target, target, length); + return length; +} + +// convert binary array of 0x00/0x01 values to hex (safe to do in place as target will always be shorter than source) +// return number of bits converted +int binarraytohex(char *target, char *source, int length) +{ + unsigned char i, x; + int j = length; + + if(j % 4) + return 0; + + while(j) + { + for(i= x= 0 ; i < 4 ; ++i) + x += ( source[i] << (3 - i)); + sprintf(target,"%X", x); + ++target; + source += 4; + j -= 4; + } + return length; +} + +// convert binary array to human readable binary +void binarraytobinstring(char *target, char *source, int length) +{ + int i; + + for(i= 0 ; i < length ; ++i) + *(target++)= *(source++) + '0'; + *target= '\0'; +} + +// return parity bit required to match type +uint8_t GetParity( char *bits, uint8_t type, int length) +{ + int x; + + for(x= 0 ; length > 0 ; --length) + x += bits[length - 1]; + x %= 2; + + return x ^ type; +} + +// add HID parity to binary array: EVEN prefix for 1st half of ID, ODD suffix for 2nd half +void wiegand_add_parity(char *target, char *source, char length) +{ + *(target++)= GetParity(source, EVEN, length / 2); + memcpy(target, source, length); + target += length; + *(target)= GetParity(source + length / 2, ODD, length / 2); +} diff --git a/client/util.h b/client/util.h index ce8876ed..22d41e0c 100644 --- a/client/util.h +++ b/client/util.h @@ -15,6 +15,7 @@ #include #include #include +#include "data.h" #ifndef MIN # define MIN(a, b) (((a) < (b)) ? (a) : (b)) @@ -22,6 +23,10 @@ #ifndef MAX # define MAX(a, b) (((a) > (b)) ? (a) : (b)) #endif +#define TRUE 1 +#define FALSE 0 +#define EVEN 0 +#define ODD 1 int ukbhit(void); @@ -33,9 +38,11 @@ void FillFileNameByUID(char *fileName, uint8_t * uid, char *ext, int byteCount); void print_hex(const uint8_t * data, const size_t len); char * sprint_hex(const uint8_t * data, const size_t len); +char * sprint_bin(const uint8_t * data, const size_t len); void num_to_bytes(uint64_t n, size_t len, uint8_t* dest); uint64_t bytes_to_num(uint8_t* src, size_t len); +char * printBits(size_t const size, void const * const ptr); char param_getchar(const char *line, int paramnum); uint8_t param_get8(const char *line, int paramnum); @@ -45,3 +52,10 @@ uint64_t param_get64ex(const char *line, int paramnum, int deflt, int base); int param_gethex(const char *line, int paramnum, uint8_t * data, int hexcnt); int param_getstr(const char *line, int paramnum, char * str); + int hextobinarray( char *target, char *source); + int hextobinstring( char *target, char *source); + int binarraytohex( char *target, char *source, int length); +void binarraytobinstring(char *target, char *source, int length); +uint8_t GetParity( char *string, uint8_t type, int length); +void wiegand_add_parity(char *target, char *source, char length); + diff --git a/common/Makefile.common b/common/Makefile.common index 2befd456..2b2bb2fb 100644 --- a/common/Makefile.common +++ b/common/Makefile.common @@ -54,7 +54,8 @@ DELETE=del /q MOVE=ren COPY=copy PATHSEP=\\# -FLASH_TOOL=winsrc\\prox.exe +#FLASH_TOOL=winsrc\\prox.exe +FLASH_TOOL=winsrc\\flash.exe DETECTED_OS=Windows endif @@ -67,6 +68,7 @@ INCLUDES = ../include/proxmark3.h ../include/at91sam7s512.h ../include/config_gp CFLAGS = -c $(INCLUDE) -Wall -Werror -pedantic -std=c99 $(APP_CFLAGS) -Os LDFLAGS = -nostartfiles -nodefaultlibs -Wl,-gc-sections -n + LIBS = -lgcc THUMBOBJ = $(patsubst %.c,$(OBJDIR)/%.o,$(THUMBSRC)) diff --git a/common/cmd.c b/common/cmd.c index 49d9d942..0c3ecc1f 100644 --- a/common/cmd.c +++ b/common/cmd.c @@ -34,8 +34,6 @@ #include "string.h" #include "proxmark3.h" -//static UsbCommand txcmd; - bool cmd_receive(UsbCommand* cmd) { // Check if there is a usb packet available diff --git a/common/crc16.c b/common/crc16.c index d181bb2a..973cd103 100644 --- a/common/crc16.c +++ b/common/crc16.c @@ -8,6 +8,7 @@ #include "crc16.h" + unsigned short update_crc16( unsigned short crc, unsigned char c ) { unsigned short i, v, tcrc = 0; @@ -20,3 +21,25 @@ unsigned short update_crc16( unsigned short crc, unsigned char c ) return ((crc >> 8) ^ tcrc)&0xffff; } + +uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial) { + + if (length == 0) + return (~remainder); + + for (int byte = 0; byte < length; ++byte) { + remainder ^= (message[byte] << 8); + for (uint8_t bit = 8; bit > 0; --bit) { + if (remainder & 0x8000) { + remainder = (remainder << 1) ^ polynomial; + } else { + remainder = (remainder << 1); + } + } + } + return remainder; +} + +uint16_t crc16_ccitt(uint8_t const *message, int length) { + return crc16(message, length, 0xffff, 0x1021); +} diff --git a/common/crc16.h b/common/crc16.h index 055a60bc..d16d83b5 100644 --- a/common/crc16.h +++ b/common/crc16.h @@ -5,10 +5,11 @@ //----------------------------------------------------------------------------- // CRC16 //----------------------------------------------------------------------------- +#include #ifndef __CRC16_H #define __CRC16_H - unsigned short update_crc16(unsigned short crc, unsigned char c); - +uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial); +uint16_t crc16_ccitt(uint8_t const *message, int length); #endif diff --git a/common/usb_cdc.c b/common/usb_cdc.c index e2787fb6..54f6a8e8 100644 --- a/common/usb_cdc.c +++ b/common/usb_cdc.c @@ -223,7 +223,6 @@ byte_t btReceiveBank = AT91C_UDP_RX_DATA_BK0; void usb_disable() { // Disconnect the USB device AT91C_BASE_PIOA->PIO_ODR = GPIO_USB_PU; -// SpinDelay(100); // Clear all lingering interrupts if(pUdp->UDP_ISR & AT91C_UDP_ENDBUSRES) { @@ -257,7 +256,6 @@ void usb_enable() { // Wait for a short while for (volatile size_t i=0; i<0x100000; i++); -// SpinDelay(100); // Reconnect USB reconnect AT91C_BASE_PIOA->PIO_SODR = GPIO_USB_PU; @@ -304,8 +302,7 @@ uint32_t usb_read(byte_t* data, size_t len) { uint32_t packetSize, nbBytesRcv = 0; uint32_t time_out = 0; - while (len) - { + while (len) { if (!usb_check()) break; if ( pUdp->UDP_CSR[AT91C_EP_OUT] & bank ) { @@ -314,8 +311,7 @@ uint32_t usb_read(byte_t* data, size_t len) { while(packetSize--) data[nbBytesRcv++] = pUdp->UDP_FDR[AT91C_EP_OUT]; pUdp->UDP_CSR[AT91C_EP_OUT] &= ~(bank); - if (bank == AT91C_UDP_RX_DATA_BK0) - { + if (bank == AT91C_UDP_RX_DATA_BK0) { bank = AT91C_UDP_RX_DATA_BK1; } else { bank = AT91C_UDP_RX_DATA_BK0; diff --git a/include/at91sam7s512.h b/include/at91sam7s512.h index 5be13622..2cdcbce3 100644 --- a/include/at91sam7s512.h +++ b/include/at91sam7s512.h @@ -428,7 +428,7 @@ typedef struct _AT91S_PIO { #define PIO_PDR (AT91_CAST(AT91_REG *) 0x00000004) // (PIO_PDR) PIO Disable Register #define PIO_PSR (AT91_CAST(AT91_REG *) 0x00000008) // (PIO_PSR) PIO Status Register #define PIO_OER (AT91_CAST(AT91_REG *) 0x00000010) // (PIO_OER) Output Enable Register -#define PIO_ODR (AT91_CAST(AT91_REG *) 0x00000014) // (PIO_ODR) Output Disable Registerr +#define PIO_ODR (AT91_CAST(AT91_REG *) 0x00000014) // (PIO_ODR) Output Disable Register #define PIO_OSR (AT91_CAST(AT91_REG *) 0x00000018) // (PIO_OSR) Output Status Register #define PIO_IFER (AT91_CAST(AT91_REG *) 0x00000020) // (PIO_IFER) Input Filter Enable Register #define PIO_IFDR (AT91_CAST(AT91_REG *) 0x00000024) // (PIO_IFDR) Input Filter Disable Register diff --git a/include/proxmark3.h b/include/proxmark3.h index 8c9417da..b3530c64 100644 --- a/include/proxmark3.h +++ b/include/proxmark3.h @@ -14,6 +14,7 @@ // Might as well have the hardware-specific defines everywhere. #include "at91sam7s512.h" #include "config_gpio.h" +#include "usb_cmd.h" #define WDT_HIT() AT91C_BASE_WDTC->WDTC_WDCR = 0xa5000001 @@ -67,8 +68,6 @@ #define TRUE 1 #define FALSE 0 -#include - //#define PACKED __attribute__((__packed__)) #define LED_A_ON() HIGH(GPIO_LED_A) diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 69c3c1b6..c2e0b95b 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -150,8 +150,10 @@ typedef struct { #define CMD_MIFARE_READBL 0x0620 #define CMD_MIFAREU_READBL 0x0720 + #define CMD_MIFARE_READSC 0x0621 #define CMD_MIFAREU_READCARD 0x0721 + #define CMD_MIFARE_WRITEBL 0x0622 #define CMD_MIFAREU_WRITEBL 0x0722 #define CMD_MIFAREU_WRITEBL_COMPAT 0x0723