[proxmark3-svn] / client / cmdlf.c

//-----------------------------------------------------------------------------
// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency commands
//-----------------------------------------------------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include "proxusb.h"
#include "proxmark3.h"
#include "data.h"
#include "graph.h"
#include "ui.h"
#include "cmdparser.h"
#include "cmdmain.h"
#include "cmddata.h"
#include "cmdlf.h"
#include "cmdlfhid.h"
#include "cmdlfti.h"
#include "cmdlfem4x.h"
#include "cmdlfhitag.h"

static int CmdHelp(const char *Cmd);

/* send a command before reading */
int CmdLFCommandRead(const char *Cmd)
{
  static char dummy[3];

  dummy[0]= ' ';

  UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K};
  sscanf(Cmd, "%i %i %i %s %s", &c.arg[0], &c.arg[1], &c.arg[2], (char *) &c.d.asBytes,(char *) &dummy+1);
  // in case they specified 'h'
  strcpy((char *)&c.d.asBytes + strlen((char *)c.d.asBytes), dummy);
  SendCommand(&c);
  return 0;
}

int CmdFlexdemod(const char *Cmd)
{
  int i;
  for (i = 0; i < GraphTraceLen; ++i) {
    if (GraphBuffer[i] < 0) {
      GraphBuffer[i] = -1;
    } else {
      GraphBuffer[i] = 1;
    }
  }

#define LONG_WAIT 100
  int start;
  for (start = 0; start < GraphTraceLen - LONG_WAIT; start++) {
    int first = GraphBuffer[start];
    for (i = start; i < start + LONG_WAIT; i++) {
      if (GraphBuffer[i] != first) {
        break;
      }
    }
    if (i == (start + LONG_WAIT)) {
      break;
    }
  }
  if (start == GraphTraceLen - LONG_WAIT) {
    PrintAndLog("nothing to wait for");
    return 0;
  }

  GraphBuffer[start] = 2;
  GraphBuffer[start+1] = -2;

  uint8_t bits[64];

  int bit;
  i = start;
  for (bit = 0; bit < 64; bit++) {
    int j;
    int sum = 0;
    for (j = 0; j < 16; j++) {
      sum += GraphBuffer[i++];
    }
    if (sum > 0) {
      bits[bit] = 1;
    } else {
      bits[bit] = 0;
    }
    PrintAndLog("bit %d sum %d", bit, sum);
  }

  for (bit = 0; bit < 64; bit++) {
    int j;
    int sum = 0;
    for (j = 0; j < 16; j++) {
      sum += GraphBuffer[i++];
    }
    if (sum > 0 && bits[bit] != 1) {
      PrintAndLog("oops1 at %d", bit);
    }
    if (sum < 0 && bits[bit] != 0) {
      PrintAndLog("oops2 at %d", bit);
    }
  }

  GraphTraceLen = 32*64;
  i = 0;
  int phase = 0;
  for (bit = 0; bit < 64; bit++) {
    if (bits[bit] == 0) {
      phase = 0;
    } else {
      phase = 1;
    }
    int j;
    for (j = 0; j < 32; j++) {
      GraphBuffer[i++] = phase;
      phase = !phase;
    }
  }

  RepaintGraphWindow();
  return 0;
}

int CmdIndalaDemod(const char *Cmd)
{
  // Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID

  int state = -1;
  int count = 0;
  int i, j;
  // worst case with GraphTraceLen=64000 is < 4096
  // under normal conditions it's < 2048
  uint8_t rawbits[4096];
  int rawbit = 0;
  int worst = 0, worstPos = 0;
  PrintAndLog("Expecting a bit less than %d raw bits", GraphTraceLen / 32);
  for (i = 0; i < GraphTraceLen-1; i += 2) {
    count += 1;
    if ((GraphBuffer[i] > GraphBuffer[i + 1]) && (state != 1)) {
      if (state == 0) {
        for (j = 0; j <  count - 8; j += 16) {
          rawbits[rawbit++] = 0;
        }
        if ((abs(count - j)) > worst) {
          worst = abs(count - j);
          worstPos = i;
        }
      }
      state = 1;
      count = 0;
    } else if ((GraphBuffer[i] < GraphBuffer[i + 1]) && (state != 0)) {
      if (state == 1) {
        for (j = 0; j <  count - 8; j += 16) {
          rawbits[rawbit++] = 1;
        }
        if ((abs(count - j)) > worst) {
          worst = abs(count - j);
          worstPos = i;
        }
      }
      state = 0;
      count = 0;
    }
  }
  PrintAndLog("Recovered %d raw bits", rawbit);
  PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);

  // Finding the start of a UID
  int uidlen, long_wait;
  if (strcmp(Cmd, "224") == 0) {
    uidlen = 224;
    long_wait = 30;
  } else {
    uidlen = 64;
    long_wait = 29;
  }
  int start;
  int first = 0;
  for (start = 0; start <= rawbit - uidlen; start++) {
    first = rawbits[start];
    for (i = start; i < start + long_wait; i++) {
      if (rawbits[i] != first) {
        break;
      }
    }
    if (i == (start + long_wait)) {
      break;
    }
  }
  if (start == rawbit - uidlen + 1) {
    PrintAndLog("nothing to wait for");
    return 0;
  }

  // Inverting signal if needed
  if (first == 1) {
    for (i = start; i < rawbit; i++) {
      rawbits[i] = !rawbits[i];
    }
  }

  // Dumping UID
  uint8_t bits[224];
  char showbits[225];
  showbits[uidlen]='\0';
  int bit;
  i = start;
  int times = 0;
  if (uidlen > rawbit) {
    PrintAndLog("Warning: not enough raw bits to get a full UID");
    for (bit = 0; bit < rawbit; bit++) {
      bits[bit] = rawbits[i++];
      // As we cannot know the parity, let's use "." and "/"
      showbits[bit] = '.' + bits[bit];
    }
    showbits[bit+1]='\0';
    PrintAndLog("Partial UID=%s", showbits);
    return 0;
  } else {
    for (bit = 0; bit < uidlen; bit++) {
      bits[bit] = rawbits[i++];
      showbits[bit] = '0' + bits[bit];
    }
    times = 1;
  }
  
  //convert UID to HEX
  uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
  int idx;
  uid1=0;
  uid2=0;
  if (uidlen==64){
    for( idx=0; idx<64; idx++) {
        if (showbits[idx] == '0') {
        uid1=(uid1<<1)|(uid2>>31);
        uid2=(uid2<<1)|0;
        } else {
        uid1=(uid1<<1)|(uid2>>31);
        uid2=(uid2<<1)|1;
        } 
      }
    PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
  }
  else {
    uid3=0;
    uid4=0;
    uid5=0;
    uid6=0;
    uid7=0;
    for( idx=0; idx<224; idx++) {
        uid1=(uid1<<1)|(uid2>>31);
        uid2=(uid2<<1)|(uid3>>31);
        uid3=(uid3<<1)|(uid4>>31);
        uid4=(uid4<<1)|(uid5>>31);
        uid5=(uid5<<1)|(uid6>>31);
        uid6=(uid6<<1)|(uid7>>31);
        if (showbits[idx] == '0') uid7=(uid7<<1)|0;
        else uid7=(uid7<<1)|1;
      }
    PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
  }

  // Checking UID against next occurences
  for (; i + uidlen <= rawbit;) {
    int failed = 0;
    for (bit = 0; bit < uidlen; bit++) {
      if (bits[bit] != rawbits[i++]) {
        failed = 1;
        break;
      }
    }
    if (failed == 1) {
      break;
    }
    times += 1;
  }
  PrintAndLog("Occurences: %d (expected %d)", times, (rawbit - start) / uidlen);

  // Remodulating for tag cloning
  GraphTraceLen = 32*uidlen;
  i = 0;
  int phase = 0;
  for (bit = 0; bit < uidlen; bit++) {
    if (bits[bit] == 0) {
      phase = 0;
    } else {
      phase = 1;
    }
    int j;
    for (j = 0; j < 32; j++) {
      GraphBuffer[i++] = phase;
      phase = !phase;
    }
  }

  RepaintGraphWindow();
  return 0;
}

int CmdIndalaClone(const char *Cmd)
{
  unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
  UsbCommand c;
  uid1=0;
  uid2=0;
  uid3=0;
  uid4=0;
  uid5=0;
  uid6=0;
  uid7=0;  
  int n = 0, i = 0;

  if (strchr(Cmd,'l') != 0) {
    while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
      uid1 = (uid1 << 4) | (uid2 >> 28);
      uid2 = (uid2 << 4) | (uid3 >> 28);
      uid3 = (uid3 << 4) | (uid4 >> 28);
      uid4 = (uid4 << 4) | (uid5 >> 28);
      uid5 = (uid5 << 4) | (uid6 >> 28);
      uid6 = (uid6 << 4) | (uid7 >> 28);
    	uid7 = (uid7 << 4) | (n & 0xf);
    }
    PrintAndLog("Cloning 224bit tag with UID %x%08x%08x%08x%08x%08x%08x", uid1, uid2, uid3, uid4, uid5, uid6, uid7);
    c.cmd = CMD_INDALA_CLONE_TAG_L;
    c.d.asDwords[0] = uid1;
    c.d.asDwords[1] = uid2;
    c.d.asDwords[2] = uid3;
    c.d.asDwords[3] = uid4;
    c.d.asDwords[4] = uid5;
    c.d.asDwords[5] = uid6;
    c.d.asDwords[6] = uid7;
  } 
  else 
  {
    while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
      uid1 = (uid1 << 4) | (uid2 >> 28);
      uid2 = (uid2 << 4) | (n & 0xf);
    }
    PrintAndLog("Cloning 64bit tag with UID %x%08x", uid1, uid2);
    c.cmd = CMD_INDALA_CLONE_TAG;
    c.arg[0] = uid1;
    c.arg[1] = uid2;
  }

  SendCommand(&c);
  return 0;
}

int CmdLFRead(const char *Cmd)
{
  UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
  // 'h' means higher-low-frequency, 134 kHz
  if(*Cmd == 'h') {
    c.arg[0] = 1;
  } else if (*Cmd == '\0') {
    c.arg[0] = 0;
  } else {
    PrintAndLog("use 'read' or 'read h'");
    return 0;
  }
  SendCommand(&c);
  WaitForResponse(CMD_ACK,NULL);
  return 0;
}

static void ChkBitstream(const char *str)
{
  int i;

  /* convert to bitstream if necessary */
  for (i = 0; i < (int)(GraphTraceLen / 2); i++)
  {
    if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0)
    {
      CmdBitstream(str);
      break;
    }
  }
}

int CmdLFSim(const char *Cmd)
{
  int i;
  static int gap;

  sscanf(Cmd, "%i", &gap);

  /* convert to bitstream if necessary */
  ChkBitstream(Cmd);

  PrintAndLog("Sending data, please wait...");
  for (i = 0; i < GraphTraceLen; i += 48) {
    UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
    int j;
    for (j = 0; j < 48; j++) {
      c.d.asBytes[j] = GraphBuffer[i+j];
    }
    SendCommand(&c);
    WaitForResponse(CMD_ACK,NULL);
  }

  PrintAndLog("Starting simulator...");
  UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
  SendCommand(&c);
  return 0;
}

int CmdLFSimBidir(const char *Cmd)
{
  /* Set ADC to twice the carrier for a slight supersampling */
  UsbCommand c = {CMD_LF_SIMULATE_BIDIR, {47, 384, 0}};
  SendCommand(&c);
  return 0;
}

/* simulate an LF Manchester encoded tag with specified bitstream, clock rate and inter-id gap */
int CmdLFSimManchester(const char *Cmd)
{
  static int clock, gap;
  static char data[1024], gapstring[8];

  /* get settings/bits */
  sscanf(Cmd, "%i %s %i", &clock, &data[0], &gap);

  /* clear our graph */
  ClearGraph(0);

  /* fill it with our bitstream */
  for (int i = 0; i < strlen(data) ; ++i)
    AppendGraph(0, clock, data[i]- '0');

  /* modulate */
  CmdManchesterMod("");

  /* show what we've done */
  RepaintGraphWindow();

  /* simulate */
  sprintf(&gapstring[0], "%i", gap);
  CmdLFSim(gapstring);
  return 0;
}

int CmdVchDemod(const char *Cmd)
{
  // Is this the entire sync pattern, or does this also include some
  // data bits that happen to be the same everywhere? That would be
  // lovely to know.
  static const int SyncPattern[] = {
    1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
    1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
    1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
    1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
    1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
    1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
    1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
    1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
    1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,
    1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
  };

  // So first, we correlate for the sync pattern, and mark that.
  int bestCorrel = 0, bestPos = 0;
  int i;
  // It does us no good to find the sync pattern, with fewer than
  // 2048 samples after it...
  for (i = 0; i < (GraphTraceLen-2048); i++) {
    int sum = 0;
    int j;
    for (j = 0; j < arraylen(SyncPattern); j++) {
      sum += GraphBuffer[i+j]*SyncPattern[j];
    }
    if (sum > bestCorrel) {
      bestCorrel = sum;
      bestPos = i;
    }
  }
  PrintAndLog("best sync at %d [metric %d]", bestPos, bestCorrel);

  char bits[257];
  bits[256] = '\0';

  int worst = INT_MAX;
  int worstPos = 0;

  for (i = 0; i < 2048; i += 8) {
    int sum = 0;
    int j;
    for (j = 0; j < 8; j++) {
      sum += GraphBuffer[bestPos+i+j];
    }
    if (sum < 0) {
      bits[i/8] = '.';
    } else {
      bits[i/8] = '1';
    }
    if(abs(sum) < worst) {
      worst = abs(sum);
      worstPos = i;
    }
  }
  PrintAndLog("bits:");
  PrintAndLog("%s", bits);
  PrintAndLog("worst metric: %d at pos %d", worst, worstPos);

  if (strcmp(Cmd, "clone")==0) {
    GraphTraceLen = 0;
    char *s;
    for(s = bits; *s; s++) {
      int j;
      for(j = 0; j < 16; j++) {
        GraphBuffer[GraphTraceLen++] = (*s == '1') ? 1 : 0;
      }
    }
    RepaintGraphWindow();
  }
  return 0;
}

static command_t CommandTable[] = 
{
  {"help",        CmdHelp,            1, "This help"},
  {"cmdread",     CmdLFCommandRead,   0, "<off period> <'0' period> <'1' period> <command> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"},
  {"em4x",        CmdLFEM4X,          1, "{ EM4X RFIDs... }"},
  {"flexdemod",   CmdFlexdemod,       1, "Demodulate samples for FlexPass"},
  {"hid",         CmdLFHID,           1, "{ HID RFIDs... }"},
  {"indalademod", CmdIndalaDemod,     1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
  {"indalaclone", CmdIndalaClone,     1, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
  {"read",        CmdLFRead,          0, "['h'] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134)"},
  {"sim",         CmdLFSim,           0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
  {"simbidir",    CmdLFSimBidir,      0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
  {"simman",      CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},
  {"ti",          CmdLFTI,            1, "{ TI RFIDs... }"},
  {"hitag",       CmdLFHitag,         1, "{ Hitag tags and transponders... }"},
  {"vchdemod",    CmdVchDemod,        1, "['clone'] -- Demodulate samples for VeriChip"},
  {NULL, NULL, 0, NULL}
};

int CmdLF(const char *Cmd)
{
  CmdsParse(CommandTable, Cmd);
  return 0; 
}

int CmdHelp(const char *Cmd)
{
  CmdsHelp(CommandTable);
  return 0;
}
Commit	Line	Data
a553f267	1	//-----------------------------------------------------------------------------
	2	// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
	3	//
	4	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	5	// at your option, any later version. See the LICENSE.txt file for the text of
	6	// the license.
	7	//-----------------------------------------------------------------------------
	8	// Low frequency commands
	9	//-----------------------------------------------------------------------------
	10
7fe9b0b7	11	#include <stdio.h>
590f8ff9	12	#include <stdlib.h>
7fe9b0b7	13	#include <string.h>
393c3ef9	14	#include <limits.h>
7fe9b0b7	15	#include "proxusb.h"
902cb3c0	16	#include "proxmark3.h"
7fe9b0b7	17	#include "data.h"
	18	#include "graph.h"
	19	#include "ui.h"
	20	#include "cmdparser.h"
040a7baa	21	#include "cmdmain.h"
7fe9b0b7	22	#include "cmddata.h"
	23	#include "cmdlf.h"
	24	#include "cmdlfhid.h"
	25	#include "cmdlfti.h"
	26	#include "cmdlfem4x.h"
db09cb3a	27	#include "cmdlfhitag.h"
7fe9b0b7	28
	29	static int CmdHelp(const char *Cmd);
	30
	31	/* send a command before reading */
	32	int CmdLFCommandRead(const char *Cmd)
	33	{
	34	static char dummy[3];
	35
	36	dummy[0]= ' ';
	37
	38	UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K};
	39	sscanf(Cmd, "%i %i %i %s %s", &c.arg[0], &c.arg[1], &c.arg[2], (char ) &c.d.asBytes,(char ) &dummy+1);
	40	// in case they specified 'h'
	41	strcpy((char )&c.d.asBytes + strlen((char )c.d.asBytes), dummy);
	42	SendCommand(&c);
	43	return 0;
	44	}
	45
	46	int CmdFlexdemod(const char *Cmd)
	47	{
	48	int i;
	49	for (i = 0; i < GraphTraceLen; ++i) {
	50	if (GraphBuffer[i] < 0) {
	51	GraphBuffer[i] = -1;
	52	} else {
	53	GraphBuffer[i] = 1;
	54	}
	55	}
	56
	57	#define LONG_WAIT 100
	58	int start;
	59	for (start = 0; start < GraphTraceLen - LONG_WAIT; start++) {
	60	int first = GraphBuffer[start];
	61	for (i = start; i < start + LONG_WAIT; i++) {
	62	if (GraphBuffer[i] != first) {
	63	break;
	64	}
	65	}
	66	if (i == (start + LONG_WAIT)) {
	67	break;
	68	}
	69	}
	70	if (start == GraphTraceLen - LONG_WAIT) {
	71	PrintAndLog("nothing to wait for");
	72	return 0;
	73	}
	74
	75	GraphBuffer[start] = 2;
	76	GraphBuffer[start+1] = -2;
	77
	78	uint8_t bits[64];
	79
	80	int bit;
	81	i = start;
	82	for (bit = 0; bit < 64; bit++) {
	83	int j;
	84	int sum = 0;
	85	for (j = 0; j < 16; j++) {
	86	sum += GraphBuffer[i++];
	87	}
	88	if (sum > 0) {
	89	bits[bit] = 1;
	90	} else {
	91	bits[bit] = 0;
92	}
93	PrintAndLog("bit %d sum %d", bit, sum);
94	}
95
96	for (bit = 0; bit < 64; bit++) {
97	int j;
98	int sum = 0;
99	for (j = 0; j < 16; j++) {
100	sum += GraphBuffer[i++];
101	}
102	if (sum > 0 && bits[bit] != 1) {
103	PrintAndLog("oops1 at %d", bit);
104	}
105	if (sum < 0 && bits[bit] != 0) {
106	PrintAndLog("oops2 at %d", bit);
107	}
108	}
109
110	GraphTraceLen = 32*64;
111	i = 0;
112	int phase = 0;
113	for (bit = 0; bit < 64; bit++) {
114	if (bits[bit] == 0) {
115	phase = 0;
116	} else {
117	phase = 1;
118	}
119	int j;
120	for (j = 0; j < 32; j++) {
121	GraphBuffer[i++] = phase;
122	phase = !phase;
123	}
124	}
125
126	RepaintGraphWindow();
127	return 0;
128	}
129
130	int CmdIndalaDemod(const char *Cmd)
131	{
132	// Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID
133
134	int state = -1;
135	int count = 0;
136	int i, j;
137	// worst case with GraphTraceLen=64000 is < 4096
138	// under normal conditions it's < 2048
139	uint8_t rawbits[4096];
140	int rawbit = 0;
141	int worst = 0, worstPos = 0;
142	PrintAndLog("Expecting a bit less than %d raw bits", GraphTraceLen / 32);
143	for (i = 0; i < GraphTraceLen-1; i += 2) {
144	count += 1;
145	if ((GraphBuffer[i] > GraphBuffer[i + 1]) && (state != 1)) {
146	if (state == 0) {
147	for (j = 0; j < count - 8; j += 16) {
148	rawbits[rawbit++] = 0;
149	}
150	if ((abs(count - j)) > worst) {
151	worst = abs(count - j);
152	worstPos = i;
153	}
154	}
155	state = 1;
156	count = 0;
157	} else if ((GraphBuffer[i] < GraphBuffer[i + 1]) && (state != 0)) {
158	if (state == 1) {
159	for (j = 0; j < count - 8; j += 16) {
160	rawbits[rawbit++] = 1;
161	}
162	if ((abs(count - j)) > worst) {
163	worst = abs(count - j);
164	worstPos = i;
165	}
166	}
167	state = 0;
168	count = 0;
169	}
170	}
171	PrintAndLog("Recovered %d raw bits", rawbit);
172	PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
173
174	// Finding the start of a UID
175	int uidlen, long_wait;
176	if (strcmp(Cmd, "224") == 0) {
177	uidlen = 224;
178	long_wait = 30;
179	} else {
180	uidlen = 64;
181	long_wait = 29;
182	}
183	int start;
184	int first = 0;
185	for (start = 0; start <= rawbit - uidlen; start++) {
186	first = rawbits[start];
187	for (i = start; i < start + long_wait; i++) {
188	if (rawbits[i] != first) {
189	break;
190	}
191	}
192	if (i == (start + long_wait)) {
193	break;
194	}
195	}
196	if (start == rawbit - uidlen + 1) {
197	PrintAndLog("nothing to wait for");
198	return 0;
199	}
200
201	// Inverting signal if needed
202	if (first == 1) {
203	for (i = start; i < rawbit; i++) {
204	rawbits[i] = !rawbits[i];
205	}
206	}
207
208	// Dumping UID
209	uint8_t bits[224];
210	char showbits[225];
211	showbits[uidlen]='\0';
212	int bit;
213	i = start;
214	int times = 0;
215	if (uidlen > rawbit) {
216	PrintAndLog("Warning: not enough raw bits to get a full UID");
217	for (bit = 0; bit < rawbit; bit++) {
218	bits[bit] = rawbits[i++];
219	// As we cannot know the parity, let's use "." and "/"
220	showbits[bit] = '.' + bits[bit];
221	}
222	showbits[bit+1]='\0';
223	PrintAndLog("Partial UID=%s", showbits);
224	return 0;
225	} else {
226	for (bit = 0; bit < uidlen; bit++) {
227	bits[bit] = rawbits[i++];
228	showbits[bit] = '0' + bits[bit];
229	}
230	times = 1;
231	}
2414f978	232
	233	//convert UID to HEX
	234	uint32_t uid1, uid2, uid3, uid4, uid5, uid6, uid7;
	235	int idx;
	236	uid1=0;
	237	uid2=0;
	238	if (uidlen==64){
	239	for( idx=0; idx<64; idx++) {
	240	if (showbits[idx] == '0') {
	241	uid1=(uid1<<1)\|(uid2>>31);
	242	uid2=(uid2<<1)\|0;
	243	} else {
	244	uid1=(uid1<<1)\|(uid2>>31);
	245	uid2=(uid2<<1)\|1;
	246	}
	247	}
	248	PrintAndLog("UID=%s (%x%08x)", showbits, uid1, uid2);
	249	}
	250	else {
	251	uid3=0;
	252	uid4=0;
	253	uid5=0;
	254	uid6=0;
	255	uid7=0;
	256	for( idx=0; idx<224; idx++) {
	257	uid1=(uid1<<1)\|(uid2>>31);
	258	uid2=(uid2<<1)\|(uid3>>31);
	259	uid3=(uid3<<1)\|(uid4>>31);
	260	uid4=(uid4<<1)\|(uid5>>31);
	261	uid5=(uid5<<1)\|(uid6>>31);
	262	uid6=(uid6<<1)\|(uid7>>31);
	263	if (showbits[idx] == '0') uid7=(uid7<<1)\|0;
	264	else uid7=(uid7<<1)\|1;
	265	}
	266	PrintAndLog("UID=%s (%x%08x%08x%08x%08x%08x%08x)", showbits, uid1, uid2, uid3, uid4, uid5, uid6, uid7);
	267	}
7fe9b0b7	268
	269	// Checking UID against next occurences
	270	for (; i + uidlen <= rawbit;) {
	271	int failed = 0;
	272	for (bit = 0; bit < uidlen; bit++) {
	273	if (bits[bit] != rawbits[i++]) {
	274	failed = 1;
	275	break;
	276	}
	277	}
	278	if (failed == 1) {
	279	break;
	280	}
	281	times += 1;
	282	}
	283	PrintAndLog("Occurences: %d (expected %d)", times, (rawbit - start) / uidlen);
	284
	285	// Remodulating for tag cloning
	286	GraphTraceLen = 32*uidlen;
	287	i = 0;
	288	int phase = 0;
	289	for (bit = 0; bit < uidlen; bit++) {
	290	if (bits[bit] == 0) {
	291	phase = 0;
	292	} else {
	293	phase = 1;
	294	}
	295	int j;
	296	for (j = 0; j < 32; j++) {
	297	GraphBuffer[i++] = phase;
	298	phase = !phase;
	299	}
	300	}
	301
	302	RepaintGraphWindow();
	303	return 0;
	304	}
	305
2414f978	306	int CmdIndalaClone(const char *Cmd)
	307	{
	308	unsigned int uid1, uid2, uid3, uid4, uid5, uid6, uid7;
	309	UsbCommand c;
	310	uid1=0;
	311	uid2=0;
	312	uid3=0;
	313	uid4=0;
	314	uid5=0;
	315	uid6=0;
	316	uid7=0;
	317	int n = 0, i = 0;
	318
	319	if (strchr(Cmd,'l') != 0) {
	320	while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
	321	uid1 = (uid1 << 4) \| (uid2 >> 28);
	322	uid2 = (uid2 << 4) \| (uid3 >> 28);
	323	uid3 = (uid3 << 4) \| (uid4 >> 28);
	324	uid4 = (uid4 << 4) \| (uid5 >> 28);
	325	uid5 = (uid5 << 4) \| (uid6 >> 28);
	326	uid6 = (uid6 << 4) \| (uid7 >> 28);
	327	uid7 = (uid7 << 4) \| (n & 0xf);
	328	}
	329	PrintAndLog("Cloning 224bit tag with UID %x%08x%08x%08x%08x%08x%08x", uid1, uid2, uid3, uid4, uid5, uid6, uid7);
	330	c.cmd = CMD_INDALA_CLONE_TAG_L;
	331	c.d.asDwords[0] = uid1;
	332	c.d.asDwords[1] = uid2;
	333	c.d.asDwords[2] = uid3;
	334	c.d.asDwords[3] = uid4;
	335	c.d.asDwords[4] = uid5;
	336	c.d.asDwords[5] = uid6;
	337	c.d.asDwords[6] = uid7;
	338	}
	339	else
	340	{
	341	while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
	342	uid1 = (uid1 << 4) \| (uid2 >> 28);
	343	uid2 = (uid2 << 4) \| (n & 0xf);
	344	}
	345	PrintAndLog("Cloning 64bit tag with UID %x%08x", uid1, uid2);
	346	c.cmd = CMD_INDALA_CLONE_TAG;
	347	c.arg[0] = uid1;
	348	c.arg[1] = uid2;
	349	}
	350
	351	SendCommand(&c);
	352	return 0;
	353	}
	354
7fe9b0b7	355	int CmdLFRead(const char *Cmd)
	356	{
	357	UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
	358	// 'h' means higher-low-frequency, 134 kHz
	359	if(*Cmd == 'h') {
	360	c.arg[0] = 1;
	361	} else if (*Cmd == '\0') {
	362	c.arg[0] = 0;
	363	} else {
	364	PrintAndLog("use 'read' or 'read h'");
	365	return 0;
	366	}
	367	SendCommand(&c);
902cb3c0	368	WaitForResponse(CMD_ACK,NULL);
7fe9b0b7	369	return 0;
	370	}
	371
	372	static void ChkBitstream(const char *str)
	373	{
	374	int i;
	375
	376	/* convert to bitstream if necessary */
	377	for (i = 0; i < (int)(GraphTraceLen / 2); i++)
	378	{
	379	if (GraphBuffer[i] > 1 \|\| GraphBuffer[i] < 0)
	380	{
	381	CmdBitstream(str);
	382	break;
	383	}
	384	}
	385	}
	386
	387	int CmdLFSim(const char *Cmd)
	388	{
	389	int i;
	390	static int gap;
	391
	392	sscanf(Cmd, "%i", &gap);
	393
	394	/* convert to bitstream if necessary */
	395	ChkBitstream(Cmd);
	396
	397	PrintAndLog("Sending data, please wait...");
	398	for (i = 0; i < GraphTraceLen; i += 48) {
	399	UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
	400	int j;
	401	for (j = 0; j < 48; j++) {
	402	c.d.asBytes[j] = GraphBuffer[i+j];
	403	}
	404	SendCommand(&c);
902cb3c0	405	WaitForResponse(CMD_ACK,NULL);
7fe9b0b7	406	}
	407
	408	PrintAndLog("Starting simulator...");
	409	UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
	410	SendCommand(&c);
	411	return 0;
	412	}
	413
	414	int CmdLFSimBidir(const char *Cmd)
	415	{
	416	/* Set ADC to twice the carrier for a slight supersampling */
	417	UsbCommand c = {CMD_LF_SIMULATE_BIDIR, {47, 384, 0}};
	418	SendCommand(&c);
	419	return 0;
	420	}
	421
	422	/* simulate an LF Manchester encoded tag with specified bitstream, clock rate and inter-id gap */
	423	int CmdLFSimManchester(const char *Cmd)
	424	{
	425	static int clock, gap;
	426	static char data[1024], gapstring[8];
	427
	428	/* get settings/bits */
	429	sscanf(Cmd, "%i %s %i", &clock, &data[0], &gap);
	430
	431	/* clear our graph */
	432	ClearGraph(0);
	433
	434	/* fill it with our bitstream */
	435	for (int i = 0; i < strlen(data) ; ++i)
	436	AppendGraph(0, clock, data[i]- '0');
	437
	438	/* modulate */
	439	CmdManchesterMod("");
	440
	441	/* show what we've done */
	442	RepaintGraphWindow();
	443
	444	/* simulate */
	445	sprintf(&gapstring[0], "%i", gap);
	446	CmdLFSim(gapstring);
	447	return 0;
	448	}
	449
	450	int CmdVchDemod(const char *Cmd)
	451	{
	452	// Is this the entire sync pattern, or does this also include some
	453	// data bits that happen to be the same everywhere? That would be
	454	// lovely to know.
	455	static const int SyncPattern[] = {
	456	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
	457	1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
	458	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
	459	1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
	460	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
	461	1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
	462	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
	463	1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
	464	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
	465	1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
	466	};
	467
	468	// So first, we correlate for the sync pattern, and mark that.
	469	int bestCorrel = 0, bestPos = 0;
470	int i;
471	// It does us no good to find the sync pattern, with fewer than
472	// 2048 samples after it...
473	for (i = 0; i < (GraphTraceLen-2048); i++) {
474	int sum = 0;
475	int j;
476	for (j = 0; j < arraylen(SyncPattern); j++) {
477	sum += GraphBuffer[i+j]*SyncPattern[j];
478	}
479	if (sum > bestCorrel) {
480	bestCorrel = sum;
481	bestPos = i;
482	}
483	}
484	PrintAndLog("best sync at %d [metric %d]", bestPos, bestCorrel);
485
486	char bits[257];
487	bits[256] = '\0';
488
489	int worst = INT_MAX;
fddf220a	490	int worstPos = 0;
7fe9b0b7	491
	492	for (i = 0; i < 2048; i += 8) {
	493	int sum = 0;
	494	int j;
	495	for (j = 0; j < 8; j++) {
	496	sum += GraphBuffer[bestPos+i+j];
	497	}
	498	if (sum < 0) {
	499	bits[i/8] = '.';
	500	} else {
	501	bits[i/8] = '1';
	502	}
	503	if(abs(sum) < worst) {
	504	worst = abs(sum);
	505	worstPos = i;
	506	}
	507	}
	508	PrintAndLog("bits:");
	509	PrintAndLog("%s", bits);
	510	PrintAndLog("worst metric: %d at pos %d", worst, worstPos);
	511
	512	if (strcmp(Cmd, "clone")==0) {
	513	GraphTraceLen = 0;
	514	char *s;
	515	for(s = bits; *s; s++) {
	516	int j;
	517	for(j = 0; j < 16; j++) {
	518	GraphBuffer[GraphTraceLen++] = (*s == '1') ? 1 : 0;
	519	}
	520	}
	521	RepaintGraphWindow();
	522	}
	523	return 0;
	524	}
	525
	526	static command_t CommandTable[] =
	527	{
	528	{"help", CmdHelp, 1, "This help"},
	529	{"cmdread", CmdLFCommandRead, 0, "<off period> <'0' period> <'1' period> <command> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"},
37239a7c	530	{"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"},
7fe9b0b7	531	{"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"},
37239a7c	532	{"hid", CmdLFHID, 1, "{ HID RFIDs... }"},
7fe9b0b7	533	{"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
2414f978	534	{"indalaclone", CmdIndalaClone, 1, "<UID> ['l']-- Clone Indala to T55x7 (tag must be in antenna)(UID in HEX)(option 'l' for 224 UID"},
7fe9b0b7	535	{"read", CmdLFRead, 0, "['h'] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134)"},
	536	{"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
	537	{"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
	538	{"simman", CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},
37239a7c	539	{"ti", CmdLFTI, 1, "{ TI RFIDs... }"},
db09cb3a	540	{"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders... }"},
7fe9b0b7	541	{"vchdemod", CmdVchDemod, 1, "['clone'] -- Demodulate samples for VeriChip"},
	542	{NULL, NULL, 0, NULL}
	543	};
	544
	545	int CmdLF(const char *Cmd)
	546	{
	547	CmdsParse(CommandTable, Cmd);
	548	return 0;
	549	}
	550
	551	int CmdHelp(const char *Cmd)
	552	{
	553	CmdsHelp(CommandTable);
	554	return 0;
	555	}