]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlf.c
FIXME: will crash if sample buffer does not contain valid legic data (fixed by Sourcerer)
[proxmark3-svn] / client / cmdlf.c
1 #include <stdio.h>
2 #include <string.h>
3 #include "proxusb.h"
4 #include "data.h"
5 #include "graph.h"
6 #include "ui.h"
7 #include "cmdparser.h"
8 #include "cmdmain.h"
9 #include "cmddata.h"
10 #include "cmdlf.h"
11 #include "cmdlfhid.h"
12 #include "cmdlfti.h"
13 #include "cmdlfem4x.h"
14
15 static int CmdHelp(const char *Cmd);
16
17 /* send a command before reading */
18 int CmdLFCommandRead(const char *Cmd)
19 {
20 static char dummy[3];
21
22 dummy[0]= ' ';
23
24 UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K};
25 sscanf(Cmd, "%i %i %i %s %s", &c.arg[0], &c.arg[1], &c.arg[2], (char *) &c.d.asBytes,(char *) &dummy+1);
26 // in case they specified 'h'
27 strcpy((char *)&c.d.asBytes + strlen((char *)c.d.asBytes), dummy);
28 SendCommand(&c);
29 return 0;
30 }
31
32 int CmdFlexdemod(const char *Cmd)
33 {
34 int i;
35 for (i = 0; i < GraphTraceLen; ++i) {
36 if (GraphBuffer[i] < 0) {
37 GraphBuffer[i] = -1;
38 } else {
39 GraphBuffer[i] = 1;
40 }
41 }
42
43 #define LONG_WAIT 100
44 int start;
45 for (start = 0; start < GraphTraceLen - LONG_WAIT; start++) {
46 int first = GraphBuffer[start];
47 for (i = start; i < start + LONG_WAIT; i++) {
48 if (GraphBuffer[i] != first) {
49 break;
50 }
51 }
52 if (i == (start + LONG_WAIT)) {
53 break;
54 }
55 }
56 if (start == GraphTraceLen - LONG_WAIT) {
57 PrintAndLog("nothing to wait for");
58 return 0;
59 }
60
61 GraphBuffer[start] = 2;
62 GraphBuffer[start+1] = -2;
63
64 uint8_t bits[64];
65
66 int bit;
67 i = start;
68 for (bit = 0; bit < 64; bit++) {
69 int j;
70 int sum = 0;
71 for (j = 0; j < 16; j++) {
72 sum += GraphBuffer[i++];
73 }
74 if (sum > 0) {
75 bits[bit] = 1;
76 } else {
77 bits[bit] = 0;
78 }
79 PrintAndLog("bit %d sum %d", bit, sum);
80 }
81
82 for (bit = 0; bit < 64; bit++) {
83 int j;
84 int sum = 0;
85 for (j = 0; j < 16; j++) {
86 sum += GraphBuffer[i++];
87 }
88 if (sum > 0 && bits[bit] != 1) {
89 PrintAndLog("oops1 at %d", bit);
90 }
91 if (sum < 0 && bits[bit] != 0) {
92 PrintAndLog("oops2 at %d", bit);
93 }
94 }
95
96 GraphTraceLen = 32*64;
97 i = 0;
98 int phase = 0;
99 for (bit = 0; bit < 64; bit++) {
100 if (bits[bit] == 0) {
101 phase = 0;
102 } else {
103 phase = 1;
104 }
105 int j;
106 for (j = 0; j < 32; j++) {
107 GraphBuffer[i++] = phase;
108 phase = !phase;
109 }
110 }
111
112 RepaintGraphWindow();
113 return 0;
114 }
115
116 int CmdIndalaDemod(const char *Cmd)
117 {
118 // Usage: recover 64bit UID by default, specify "224" as arg to recover a 224bit UID
119
120 int state = -1;
121 int count = 0;
122 int i, j;
123 // worst case with GraphTraceLen=64000 is < 4096
124 // under normal conditions it's < 2048
125 uint8_t rawbits[4096];
126 int rawbit = 0;
127 int worst = 0, worstPos = 0;
128 PrintAndLog("Expecting a bit less than %d raw bits", GraphTraceLen / 32);
129 for (i = 0; i < GraphTraceLen-1; i += 2) {
130 count += 1;
131 if ((GraphBuffer[i] > GraphBuffer[i + 1]) && (state != 1)) {
132 if (state == 0) {
133 for (j = 0; j < count - 8; j += 16) {
134 rawbits[rawbit++] = 0;
135 }
136 if ((abs(count - j)) > worst) {
137 worst = abs(count - j);
138 worstPos = i;
139 }
140 }
141 state = 1;
142 count = 0;
143 } else if ((GraphBuffer[i] < GraphBuffer[i + 1]) && (state != 0)) {
144 if (state == 1) {
145 for (j = 0; j < count - 8; j += 16) {
146 rawbits[rawbit++] = 1;
147 }
148 if ((abs(count - j)) > worst) {
149 worst = abs(count - j);
150 worstPos = i;
151 }
152 }
153 state = 0;
154 count = 0;
155 }
156 }
157 PrintAndLog("Recovered %d raw bits", rawbit);
158 PrintAndLog("worst metric (0=best..7=worst): %d at pos %d", worst, worstPos);
159
160 // Finding the start of a UID
161 int uidlen, long_wait;
162 if (strcmp(Cmd, "224") == 0) {
163 uidlen = 224;
164 long_wait = 30;
165 } else {
166 uidlen = 64;
167 long_wait = 29;
168 }
169 int start;
170 int first = 0;
171 for (start = 0; start <= rawbit - uidlen; start++) {
172 first = rawbits[start];
173 for (i = start; i < start + long_wait; i++) {
174 if (rawbits[i] != first) {
175 break;
176 }
177 }
178 if (i == (start + long_wait)) {
179 break;
180 }
181 }
182 if (start == rawbit - uidlen + 1) {
183 PrintAndLog("nothing to wait for");
184 return 0;
185 }
186
187 // Inverting signal if needed
188 if (first == 1) {
189 for (i = start; i < rawbit; i++) {
190 rawbits[i] = !rawbits[i];
191 }
192 }
193
194 // Dumping UID
195 uint8_t bits[224];
196 char showbits[225];
197 showbits[uidlen]='\0';
198 int bit;
199 i = start;
200 int times = 0;
201 if (uidlen > rawbit) {
202 PrintAndLog("Warning: not enough raw bits to get a full UID");
203 for (bit = 0; bit < rawbit; bit++) {
204 bits[bit] = rawbits[i++];
205 // As we cannot know the parity, let's use "." and "/"
206 showbits[bit] = '.' + bits[bit];
207 }
208 showbits[bit+1]='\0';
209 PrintAndLog("Partial UID=%s", showbits);
210 return 0;
211 } else {
212 for (bit = 0; bit < uidlen; bit++) {
213 bits[bit] = rawbits[i++];
214 showbits[bit] = '0' + bits[bit];
215 }
216 times = 1;
217 }
218 PrintAndLog("UID=%s", showbits);
219
220 // Checking UID against next occurences
221 for (; i + uidlen <= rawbit;) {
222 int failed = 0;
223 for (bit = 0; bit < uidlen; bit++) {
224 if (bits[bit] != rawbits[i++]) {
225 failed = 1;
226 break;
227 }
228 }
229 if (failed == 1) {
230 break;
231 }
232 times += 1;
233 }
234 PrintAndLog("Occurences: %d (expected %d)", times, (rawbit - start) / uidlen);
235
236 // Remodulating for tag cloning
237 GraphTraceLen = 32*uidlen;
238 i = 0;
239 int phase = 0;
240 for (bit = 0; bit < uidlen; bit++) {
241 if (bits[bit] == 0) {
242 phase = 0;
243 } else {
244 phase = 1;
245 }
246 int j;
247 for (j = 0; j < 32; j++) {
248 GraphBuffer[i++] = phase;
249 phase = !phase;
250 }
251 }
252
253 RepaintGraphWindow();
254 return 0;
255 }
256
257 int CmdLFRead(const char *Cmd)
258 {
259 UsbCommand c = {CMD_ACQUIRE_RAW_ADC_SAMPLES_125K};
260 // 'h' means higher-low-frequency, 134 kHz
261 if(*Cmd == 'h') {
262 c.arg[0] = 1;
263 } else if (*Cmd == '\0') {
264 c.arg[0] = 0;
265 } else {
266 PrintAndLog("use 'read' or 'read h'");
267 return 0;
268 }
269 SendCommand(&c);
270 WaitForResponse(CMD_ACK);
271 return 0;
272 }
273
274 static void ChkBitstream(const char *str)
275 {
276 int i;
277
278 /* convert to bitstream if necessary */
279 for (i = 0; i < (int)(GraphTraceLen / 2); i++)
280 {
281 if (GraphBuffer[i] > 1 || GraphBuffer[i] < 0)
282 {
283 CmdBitstream(str);
284 break;
285 }
286 }
287 }
288
289 int CmdLFSim(const char *Cmd)
290 {
291 int i;
292 static int gap;
293
294 sscanf(Cmd, "%i", &gap);
295
296 /* convert to bitstream if necessary */
297 ChkBitstream(Cmd);
298
299 PrintAndLog("Sending data, please wait...");
300 for (i = 0; i < GraphTraceLen; i += 48) {
301 UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
302 int j;
303 for (j = 0; j < 48; j++) {
304 c.d.asBytes[j] = GraphBuffer[i+j];
305 }
306 SendCommand(&c);
307 WaitForResponse(CMD_ACK);
308 }
309
310 PrintAndLog("Starting simulator...");
311 UsbCommand c = {CMD_SIMULATE_TAG_125K, {GraphTraceLen, gap, 0}};
312 SendCommand(&c);
313 return 0;
314 }
315
316 int CmdLFSimBidir(const char *Cmd)
317 {
318 /* Set ADC to twice the carrier for a slight supersampling */
319 UsbCommand c = {CMD_LF_SIMULATE_BIDIR, {47, 384, 0}};
320 SendCommand(&c);
321 return 0;
322 }
323
324 /* simulate an LF Manchester encoded tag with specified bitstream, clock rate and inter-id gap */
325 int CmdLFSimManchester(const char *Cmd)
326 {
327 static int clock, gap;
328 static char data[1024], gapstring[8];
329
330 /* get settings/bits */
331 sscanf(Cmd, "%i %s %i", &clock, &data[0], &gap);
332
333 /* clear our graph */
334 ClearGraph(0);
335
336 /* fill it with our bitstream */
337 for (int i = 0; i < strlen(data) ; ++i)
338 AppendGraph(0, clock, data[i]- '0');
339
340 /* modulate */
341 CmdManchesterMod("");
342
343 /* show what we've done */
344 RepaintGraphWindow();
345
346 /* simulate */
347 sprintf(&gapstring[0], "%i", gap);
348 CmdLFSim(gapstring);
349 return 0;
350 }
351
352 int CmdVchDemod(const char *Cmd)
353 {
354 // Is this the entire sync pattern, or does this also include some
355 // data bits that happen to be the same everywhere? That would be
356 // lovely to know.
357 static const int SyncPattern[] = {
358 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
359 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
360 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
361 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
362 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
363 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
364 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
365 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
366 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
367 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
368 };
369
370 // So first, we correlate for the sync pattern, and mark that.
371 int bestCorrel = 0, bestPos = 0;
372 int i;
373 // It does us no good to find the sync pattern, with fewer than
374 // 2048 samples after it...
375 for (i = 0; i < (GraphTraceLen-2048); i++) {
376 int sum = 0;
377 int j;
378 for (j = 0; j < arraylen(SyncPattern); j++) {
379 sum += GraphBuffer[i+j]*SyncPattern[j];
380 }
381 if (sum > bestCorrel) {
382 bestCorrel = sum;
383 bestPos = i;
384 }
385 }
386 PrintAndLog("best sync at %d [metric %d]", bestPos, bestCorrel);
387
388 char bits[257];
389 bits[256] = '\0';
390
391 int worst = INT_MAX;
392 int worstPos;
393
394 for (i = 0; i < 2048; i += 8) {
395 int sum = 0;
396 int j;
397 for (j = 0; j < 8; j++) {
398 sum += GraphBuffer[bestPos+i+j];
399 }
400 if (sum < 0) {
401 bits[i/8] = '.';
402 } else {
403 bits[i/8] = '1';
404 }
405 if(abs(sum) < worst) {
406 worst = abs(sum);
407 worstPos = i;
408 }
409 }
410 PrintAndLog("bits:");
411 PrintAndLog("%s", bits);
412 PrintAndLog("worst metric: %d at pos %d", worst, worstPos);
413
414 if (strcmp(Cmd, "clone")==0) {
415 GraphTraceLen = 0;
416 char *s;
417 for(s = bits; *s; s++) {
418 int j;
419 for(j = 0; j < 16; j++) {
420 GraphBuffer[GraphTraceLen++] = (*s == '1') ? 1 : 0;
421 }
422 }
423 RepaintGraphWindow();
424 }
425 return 0;
426 }
427
428 static command_t CommandTable[] =
429 {
430 {"help", CmdHelp, 1, "This help"},
431 {"cmdread", CmdLFCommandRead, 0, "<off period> <'0' period> <'1' period> <command> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"},
432 {"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"},
433 {"flexdemod", CmdFlexdemod, 1, "Demodulate samples for FlexPass"},
434 {"hid", CmdLFHID, 1, "{ HID RFIDs... }"},
435 {"indalademod", CmdIndalaDemod, 1, "['224'] -- Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)"},
436 {"read", CmdLFRead, 0, "['h'] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134)"},
437 {"sim", CmdLFSim, 0, "[GAP] -- Simulate LF tag from buffer with optional GAP (in microseconds)"},
438 {"simbidir", CmdLFSimBidir, 0, "Simulate LF tag (with bidirectional data transmission between reader and tag)"},
439 {"simman", CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},
440 {"ti", CmdLFTI, 1, "{ TI RFIDs... }"},
441 {"vchdemod", CmdVchDemod, 1, "['clone'] -- Demodulate samples for VeriChip"},
442 {NULL, NULL, 0, NULL}
443 };
444
445 int CmdLF(const char *Cmd)
446 {
447 CmdsParse(CommandTable, Cmd);
448 return 0;
449 }
450
451 int CmdHelp(const char *Cmd)
452 {
453 CmdsHelp(CommandTable);
454 return 0;
455 }
Impressum, Datenschutz