]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/cmdlfnoralsy.c
CHG: the mifare Auth command can make use of a random nonce aswell.
[proxmark3-svn] / client / cmdlfnoralsy.c
CommitLineData
22eece1e 1//-----------------------------------------------------------------------------
2//
3// This code is licensed to you under the terms of the GNU GPL, version 2 or,
4// at your option, any later version. See the LICENSE.txt file for the text of
5// the license.
6//-----------------------------------------------------------------------------
9a6bc2fe 7// Low frequency Noralsy tag commands
22eece1e 8//-----------------------------------------------------------------------------
22eece1e 9#include "cmdlfnoralsy.h"
10
11static int CmdHelp(const char *Cmd);
12
13int usage_lf_noralsy_clone(void){
14 PrintAndLog("clone a Noralsy tag to a T55x7 tag.");
9a6bc2fe 15 PrintAndLog("Usage: lf noralsy clone [h] <card id> <year> <Q5>");
22eece1e 16 PrintAndLog("Options:");
17 PrintAndLog(" h : This help");
9a6bc2fe 18 PrintAndLog(" <card id> : Noralsy card ID");
19 PrintAndLog(" <year> : Tag allocation year");
22eece1e 20 PrintAndLog(" <Q5> : specify write to Q5 (t5555 instead of t55x7)");
21 PrintAndLog("");
22 PrintAndLog("Sample: lf noralsy clone 112233");
23 return 0;
24}
25
26int usage_lf_noralsy_sim(void) {
27 PrintAndLog("Enables simulation of Noralsy card with specified card number.");
28 PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
29 PrintAndLog("");
9a6bc2fe 30 PrintAndLog("Usage: lf noralsy sim [h] <card id> <year>");
22eece1e 31 PrintAndLog("Options:");
32 PrintAndLog(" h : This help");
9a6bc2fe 33 PrintAndLog(" <card id> : Noralsy card ID");
34 PrintAndLog(" <year> : Tag allocation year");
22eece1e 35 PrintAndLog("");
36 PrintAndLog("Sample: lf noralsy sim 112233");
37 return 0;
38}
39
40static uint8_t noralsy_chksum( uint8_t* bits, uint8_t len) {
41 uint8_t sum = 0;
42 for (uint8_t i = 0; i < len; i += 4)
43 sum ^= bytebits_to_byte(bits+i, 4);
44 return sum & 0x0F ;
45}
9a6bc2fe 46int getnoralsyBits(uint32_t id, uint16_t year, uint8_t *bits) {
22eece1e 47 //preamp
48 num_to_bytebits(0xBB0214FF, 32, bits); // --> Have seen 0xBB0214FF / 0xBB0314FF UNKNOWN
49
50 //convert ID into BCD-format
51 id = DEC2BCD(id);
9a6bc2fe 52 year = DEC2BCD(year);
53 year &= 0xFF;
54
22eece1e 55 uint16_t sub1 = (id & 0xFFF0000) >> 16;
56 uint8_t sub2 = (id & 0x000FF00) >> 8;
57 uint8_t sub3 = (id & 0x00000FF);
58
59 num_to_bytebits(sub1, 12, bits+32);
9a6bc2fe 60 num_to_bytebits(year, 8, bits+44);
61 num_to_bytebits(0, 4, bits+52); // --> UNKNOWN. Flag?
62
22eece1e 63 num_to_bytebits(sub2, 8, bits+56);
64 num_to_bytebits(sub3, 8, bits+64);
65
66 //chksum byte
67 uint8_t chksum = noralsy_chksum(bits+32, 40);
68 num_to_bytebits(chksum, 4, bits+72);
69 chksum = noralsy_chksum(bits, 76);
70 num_to_bytebits(chksum, 4, bits+76);
71 return 1;
72}
73
74//see ASKDemod for what args are accepted
75int CmdNoralsyDemod(const char *Cmd) {
76
77 //ASK / Manchester
78 bool st = true;
79 if (!ASKDemod_ext("32 0 0", FALSE, FALSE, 1, &st)) {
80 if (g_debugMode) PrintAndLog("DEBUG: Error - Noralsy: ASK/Manchester Demod failed");
81 return 0;
82 }
83 size_t size = DemodBufferLen;
84 int ans = NoralsyDemod_AM(DemodBuffer, &size);
85 if (ans < 0){
86 if (g_debugMode){
87 if (ans == -1)
88 PrintAndLog("DEBUG: Error - Noralsy: too few bits found");
89 else if (ans == -2)
90 PrintAndLog("DEBUG: Error - Noralsy: preamble not found");
91 else if (ans == -3)
92 PrintAndLog("DEBUG: Error - Noralsy: Size not correct: %d", size);
93 else
94 PrintAndLog("DEBUG: Error - Noralsy: ans: %d", ans);
95 }
96 return 0;
97 }
98 setDemodBuf(DemodBuffer, 96, ans);
99
100 //got a good demod
101 uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32);
102 uint32_t raw2 = bytebits_to_byte(DemodBuffer+32, 32);
103 uint32_t raw3 = bytebits_to_byte(DemodBuffer+64, 32);
104
105 uint32_t cardid = ((raw2 & 0xFFF00000) >> 20) << 16;
106 cardid |= (raw2 & 0xFF) << 8;
107 cardid |= ((raw3 & 0xFF000000) >> 24);
108 cardid = BCD2DEC(cardid);
9a6bc2fe 109
110 uint16_t year = (raw2 & 0x000ff000) >> 12;
111 year = BCD2DEC(year);
112 year += ( year > 60 ) ? 1900: 2000;
22eece1e 113
114 // calc checksums
115 uint8_t calc1 = noralsy_chksum(DemodBuffer+32, 40);
116 uint8_t calc2 = noralsy_chksum(DemodBuffer, 76);
117 uint8_t chk1 = 0, chk2 = 0;
118 chk1 = bytebits_to_byte(DemodBuffer+72, 4);
119 chk2 = bytebits_to_byte(DemodBuffer+76, 4);
120 // test checksums
0a7e86db 121 if ( chk1 != calc1 ) {
122 printf("checksum 1 failed %x - %x\n", chk1, calc1);
123 return 0;
124 }
125 if ( chk2 != calc2 ) {
126 printf("checksum 2 failed %x - %x\n", chk2, calc2);
127 return 0;
128 }
22eece1e 129
9a6bc2fe 130 PrintAndLog("Noralsy Tag Found: Card ID %u, Year: %u Raw: %08X%08X%08X", cardid, year, raw1 ,raw2, raw3);
22eece1e 131 return 1;
132}
133
134int CmdNoralsyRead(const char *Cmd) {
135 CmdLFRead("s");
9a6bc2fe 136 getSamples("8000",TRUE);
22eece1e 137 return CmdNoralsyDemod(Cmd);
138}
139
140int CmdNoralsyClone(const char *Cmd) {
9a6bc2fe 141
142 uint16_t year = 0;
22eece1e 143 uint32_t id = 0;
144 uint32_t blocks[4] = {T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | T55x7_ST_TERMINATOR |3<<T55x7_MAXBLOCK_SHIFT, 0, 0};
22eece1e 145 uint8_t bits[96];
146 uint8_t *bs = bits;
147 memset(bs, 0, sizeof(bits));
148
149 char cmdp = param_getchar(Cmd, 0);
150 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_noralsy_clone();
151
152 id = param_get32ex(Cmd, 0, 0, 10);
9a6bc2fe 153 year = param_get32ex(Cmd, 1, 2000, 10);
22eece1e 154
155 //Q5
156 if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') {
157 //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
158 blocks[0] = T5555_MODULATION_MANCHESTER | 32<<T5555_BITRATE_SHIFT | T5555_ST_TERMINATOR | 3<<T5555_MAXBLOCK_SHIFT;
159 }
160
9a6bc2fe 161 if ( !getnoralsyBits(id, year, bs)) {
22eece1e 162 PrintAndLog("Error with tag bitstream generation.");
163 return 1;
164 }
165
166 //
167 blocks[1] = bytebits_to_byte(bs,32);
168 blocks[2] = bytebits_to_byte(bs+32,32);
169 blocks[3] = bytebits_to_byte(bs+64,32);
170
171 PrintAndLog("Preparing to clone Noralsy to T55x7 with CardId: %u", id);
172 PrintAndLog("Blk | Data ");
173 PrintAndLog("----+------------");
174 PrintAndLog(" 00 | 0x%08x", blocks[0]);
175 PrintAndLog(" 01 | 0x%08x", blocks[1]);
176 PrintAndLog(" 02 | 0x%08x", blocks[2]);
177 PrintAndLog(" 03 | 0x%08x", blocks[3]);
178
179 UsbCommand resp;
180 UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
181
182 for (int i = 3; i >= 0; --i) {
183 c.arg[0] = blocks[i];
184 c.arg[1] = i;
185 clearCommandBuffer();
186 SendCommand(&c);
42c235e7 187 if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)){
22eece1e 188 PrintAndLog("Error occurred, device did not respond during write operation.");
189 return -1;
190 }
191 }
192 return 0;
193}
194
195int CmdNoralsySim(const char *Cmd) {
196
197 uint8_t bits[96];
198 uint8_t *bs = bits;
199 memset(bs, 0, sizeof(bits));
9a6bc2fe 200
201 uint16_t year = 0;
22eece1e 202 uint32_t id = 0;
9a6bc2fe 203
22eece1e 204 char cmdp = param_getchar(Cmd, 0);
205 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_noralsy_sim();
206
207 id = param_get32ex(Cmd, 0, 0, 10);
9a6bc2fe 208 year = param_get32ex(Cmd, 1, 2000, 10);
22eece1e 209
210 uint8_t clk = 32, encoding = 1, separator = 1, invert = 0;
211 uint16_t arg1, arg2;
212 size_t size = 96;
213 arg1 = clk << 8 | encoding;
214 arg2 = invert << 8 | separator;
215
9a6bc2fe 216 if ( !getnoralsyBits(id, year, bs)) {
22eece1e 217 PrintAndLog("Error with tag bitstream generation.");
218 return 1;
219 }
220
221 PrintAndLog("Simulating Noralsy - CardId: %u", id);
222
223 UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}};
224 memcpy(c.d.asBytes, bs, size);
225 clearCommandBuffer();
226 SendCommand(&c);
227 return 0;
228}
229
230static command_t CommandTable[] = {
231 {"help", CmdHelp, 1, "This help"},
232 {"read", CmdNoralsyRead, 0, "Attempt to read and extract tag data"},
233 {"clone", CmdNoralsyClone,0, "clone Noralsy tag"},
234 {"sim", CmdNoralsySim, 0, "simulate Noralsy tag"},
235 {NULL, NULL, 0, NULL}
236};
237
238int CmdLFNoralsy(const char *Cmd) {
239 clearCommandBuffer();
240 CmdsParse(CommandTable, Cmd);
241 return 0;
242}
243
244int CmdHelp(const char *Cmd) {
245 CmdsHelp(CommandTable);
246 return 0;
247}
Impressum, Datenschutz