]>
Commit | Line | Data |
---|---|---|
1 | //----------------------------------------------------------------------------- | |
2 | // | |
3 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
4 | // at your option, any later version. See the LICENSE.txt file for the text of | |
5 | // the license. | |
6 | //----------------------------------------------------------------------------- | |
7 | // Low frequency jablotron tag commands | |
8 | // Differential Biphase, RF/64, 64 bits long | |
9 | //----------------------------------------------------------------------------- | |
10 | ||
11 | #include "cmdlfjablotron.h" | |
12 | #include <string.h> | |
13 | #include <inttypes.h> | |
14 | #include <stdbool.h> | |
15 | #include "proxmark3.h" | |
16 | #include "ui.h" | |
17 | #include "util.h" | |
18 | #include "graph.h" | |
19 | #include "cmdparser.h" | |
20 | #include "cmddata.h" | |
21 | #include "cmdmain.h" | |
22 | #include "cmdlf.h" | |
23 | #include "protocols.h" // for T55xx config register definitions | |
24 | #include "lfdemod.h" // parityTest | |
25 | ||
26 | static int CmdHelp(const char *Cmd); | |
27 | ||
28 | int usage_lf_jablotron_clone(void) { | |
29 | PrintAndLog("clone a Jablotron tag to a T55x7 tag."); | |
30 | PrintAndLog("Usage: lf jablotron clone [h] <card ID> <Q5>"); | |
31 | PrintAndLog("Options:"); | |
32 | PrintAndLog(" h : This help"); | |
33 | PrintAndLog(" <card ID> : jablotron card ID"); | |
34 | PrintAndLog(" <Q5> : specify write to Q5 (t5555 instead of t55x7)"); | |
35 | PrintAndLog(""); | |
36 | PrintAndLog("Sample: lf jablotron clone 112233"); | |
37 | return 0; | |
38 | } | |
39 | ||
40 | int usage_lf_jablotron_sim(void) { | |
41 | PrintAndLog("Enables simulation of jablotron card with specified card number."); | |
42 | PrintAndLog("Simulation runs until the button is pressed or another USB command is issued."); | |
43 | PrintAndLog(""); | |
44 | PrintAndLog("Usage: lf jablotron sim [h] <card ID>"); | |
45 | PrintAndLog("Options:"); | |
46 | PrintAndLog(" h : This help"); | |
47 | PrintAndLog(" <card ID> : jablotron card ID"); | |
48 | PrintAndLog(""); | |
49 | PrintAndLog("Sample: lf jablotron sim 112233"); | |
50 | return 0; | |
51 | } | |
52 | ||
53 | static uint8_t jablontron_chksum(uint8_t *bits) { | |
54 | uint8_t chksum = 0; | |
55 | for (int i=16; i < 56; i += 8) { | |
56 | chksum += bytebits_to_byte(bits+i,8); | |
57 | } | |
58 | chksum ^= 0x3A; | |
59 | return chksum; | |
60 | } | |
61 | ||
62 | int getJablotronBits(uint64_t fullcode, uint8_t *bits) { | |
63 | //preamp | |
64 | num_to_bytebits(0xFFFF, 16, bits); | |
65 | ||
66 | //fullcode | |
67 | num_to_bytebits(fullcode, 40, bits+16); | |
68 | ||
69 | //chksum byte | |
70 | uint8_t chksum = jablontron_chksum(bits); | |
71 | num_to_bytebits(chksum, 8, bits+56); | |
72 | return 1; | |
73 | } | |
74 | ||
75 | // ASK/Diphase fc/64 (inverted Biphase) | |
76 | // Note: this is not a demod, this is only a detection | |
77 | // the parameter *bits needs to be demoded before call | |
78 | // 0xFFFF preamble, 64bits | |
79 | int JablotronDetect(uint8_t *bits, size_t *size) { | |
80 | if (*size < 64*2) return -1; //make sure buffer has enough data | |
81 | size_t startIdx = 0; | |
82 | uint8_t preamble[] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0}; | |
83 | if (preambleSearch(bits, preamble, sizeof(preamble), size, &startIdx) == 0) | |
84 | return -2; //preamble not found | |
85 | if (*size != 64) return -3; // wrong demoded size | |
86 | ||
87 | uint8_t checkchksum = jablontron_chksum(bits+startIdx); | |
88 | uint8_t crc = bytebits_to_byte(bits+startIdx+56, 8); | |
89 | if ( checkchksum != crc ) return -5; | |
90 | return (int)startIdx; | |
91 | } | |
92 | ||
93 | //see ASKDemod for what args are accepted | |
94 | int CmdJablotronDemod(const char *Cmd) { | |
95 | ||
96 | //Differential Biphase / di-phase (inverted biphase) | |
97 | //get binary from ask wave | |
98 | if (!ASKbiphaseDemod("0 64 1 0", false)) { | |
99 | if (g_debugMode) PrintAndLog("DEBUG: Error - Jablotron ASKbiphaseDemod failed"); | |
100 | return 0; | |
101 | } | |
102 | size_t size = DemodBufferLen; | |
103 | int ans = JablotronDetect(DemodBuffer, &size); | |
104 | if (ans < 0) { | |
105 | if (g_debugMode) { | |
106 | if (ans == -1) | |
107 | PrintAndLog("DEBUG: Error - Jablotron too few bits found"); | |
108 | else if (ans == -2) | |
109 | PrintAndLog("DEBUG: Error - Jablotron preamble not found"); | |
110 | else if (ans == -3) | |
111 | PrintAndLog("DEBUG: Error - Jablotron size not correct: %d", size); | |
112 | else if (ans == -5) | |
113 | PrintAndLog("DEBUG: Error - Jablotron checksum failed"); | |
114 | else | |
115 | PrintAndLog("DEBUG: Error - Jablotron ans: %d", ans); | |
116 | } | |
117 | return 0; | |
118 | } | |
119 | ||
120 | setDemodBuf(DemodBuffer+ans, 64, 0); | |
121 | //setGrid_Clock(64); | |
122 | ||
123 | //got a good demod | |
124 | uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32); | |
125 | uint32_t raw2 = bytebits_to_byte(DemodBuffer+32, 32); | |
126 | ||
127 | uint64_t id = (( (uint64_t)bytebits_to_byte(DemodBuffer+16, 8) )<< 32) | bytebits_to_byte(DemodBuffer+24,32); | |
128 | ||
129 | PrintAndLog("Jablotron Tag Found: Card ID: %"PRIx64" :: Raw: %08X%08X", id, raw1, raw2); | |
130 | ||
131 | uint8_t chksum = raw2 & 0xFF; | |
132 | PrintAndLog("Checksum: %02X [OK]", chksum); | |
133 | ||
134 | // Printed format: 1410-nn-nnnn-nnnn | |
135 | PrintAndLog("Printed: 1410-%02X-%04X-%04X", | |
136 | (uint8_t)(id >> 32) & 0xFF, | |
137 | (uint16_t)(id >> 16) & 0xFFFF, | |
138 | (uint16_t)id & 0xFFFF | |
139 | ); | |
140 | return 1; | |
141 | } | |
142 | ||
143 | int CmdJablotronRead(const char *Cmd) { | |
144 | CmdLFRead("s"); | |
145 | getSamples("10000", true); | |
146 | return CmdJablotronDemod(Cmd); | |
147 | } | |
148 | ||
149 | int CmdJablotronClone(const char *Cmd) { | |
150 | ||
151 | uint64_t fullcode = 0; | |
152 | uint32_t blocks[3] = {T55x7_MODULATION_DIPHASE | T55x7_BITRATE_RF_64 | 2 << T55x7_MAXBLOCK_SHIFT, 0, 0}; | |
153 | ||
154 | uint8_t bits[64]; | |
155 | uint8_t *bs = bits; | |
156 | memset(bs, 0, sizeof(bits)); | |
157 | ||
158 | char cmdp = param_getchar(Cmd, 0); | |
159 | if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_jablotron_clone(); | |
160 | ||
161 | fullcode = param_get64ex(Cmd, 0, 0, 16); | |
162 | ||
163 | //Q5 | |
164 | if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') { | |
165 | //t5555 (Q5) BITRATE = (RF-2)/2 (iceman) | |
166 | blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | ((64-2)>>1) << T5555_BITRATE_SHIFT | 2 << T5555_MAXBLOCK_SHIFT; | |
167 | } | |
168 | ||
169 | // clearing the topbit needed for the preambl detection. | |
170 | if ((fullcode & 0x7FFFFFFFFF) != fullcode) { | |
171 | fullcode &= 0x7FFFFFFFFF; | |
172 | PrintAndLog("Card Number Truncated to 39bits: %"PRIx64, fullcode); | |
173 | } | |
174 | ||
175 | if ( !getJablotronBits(fullcode, bs)) { | |
176 | PrintAndLog("Error with tag bitstream generation."); | |
177 | return 1; | |
178 | } | |
179 | ||
180 | blocks[1] = bytebits_to_byte(bs,32); | |
181 | blocks[2] = bytebits_to_byte(bs+32,32); | |
182 | ||
183 | PrintAndLog("Preparing to clone Jablotron to T55x7 with FullCode: %"PRIx64, fullcode); | |
184 | PrintAndLog("Blk | Data "); | |
185 | PrintAndLog("----+------------"); | |
186 | PrintAndLog(" 00 | 0x%08x", blocks[0]); | |
187 | PrintAndLog(" 01 | 0x%08x", blocks[1]); | |
188 | PrintAndLog(" 02 | 0x%08x", blocks[2]); | |
189 | ||
190 | UsbCommand resp; | |
191 | UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}}; | |
192 | ||
193 | for (int i = 2; i >= 0; --i) { | |
194 | c.arg[0] = blocks[i]; | |
195 | c.arg[1] = i; | |
196 | clearCommandBuffer(); | |
197 | SendCommand(&c); | |
198 | if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { | |
199 | PrintAndLog("Error occurred, device did not respond during write operation."); | |
200 | return -1; | |
201 | } | |
202 | } | |
203 | return 0; | |
204 | } | |
205 | ||
206 | int CmdJablotronSim(const char *Cmd) { | |
207 | uint64_t fullcode = 0; | |
208 | ||
209 | char cmdp = param_getchar(Cmd, 0); | |
210 | if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_jablotron_sim(); | |
211 | ||
212 | fullcode = param_get64ex(Cmd, 0, 0, 16); | |
213 | ||
214 | // clearing the topbit needed for the preambl detection. | |
215 | if ((fullcode & 0x7FFFFFFFFF) != fullcode) { | |
216 | fullcode &= 0x7FFFFFFFFF; | |
217 | PrintAndLog("Card Number Truncated to 39bits: %"PRIx64, fullcode); | |
218 | } | |
219 | ||
220 | uint8_t clk = 64, encoding = 2, separator = 0, invert = 1; | |
221 | uint16_t arg1, arg2; | |
222 | size_t size = 64; | |
223 | arg1 = clk << 8 | encoding; | |
224 | arg2 = invert << 8 | separator; | |
225 | ||
226 | PrintAndLog("Simulating Jablotron - FullCode: %"PRIx64, fullcode); | |
227 | ||
228 | UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}}; | |
229 | getJablotronBits(fullcode, c.d.asBytes); | |
230 | clearCommandBuffer(); | |
231 | SendCommand(&c); | |
232 | return 0; | |
233 | } | |
234 | ||
235 | static command_t CommandTable[] = { | |
236 | {"help", CmdHelp, 1, "This help"}, | |
237 | {"demod", CmdJablotronDemod, 1, "Attempt to read and extract tag data from the GraphBuffer"}, | |
238 | {"read", CmdJablotronRead, 0, "Attempt to read and extract tag data from the antenna"}, | |
239 | {"clone", CmdJablotronClone, 0, "clone jablotron tag"}, | |
240 | {"sim", CmdJablotronSim, 0, "simulate jablotron tag"}, | |
241 | {NULL, NULL, 0, NULL} | |
242 | }; | |
243 | ||
244 | int CmdLFJablotron(const char *Cmd) { | |
245 | clearCommandBuffer(); | |
246 | CmdsParse(CommandTable, Cmd); | |
247 | return 0; | |
248 | } | |
249 | ||
250 | int CmdHelp(const char *Cmd) { | |
251 | CmdsHelp(CommandTable); | |
252 | return 0; | |
253 | } |