]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlfpyramid.c
projects / proxmark3-svn / blob
? search:


366889f3f9ea2a68a0256ca95437f807b1b806ca
[proxmark3-svn] / client / cmdlfpyramid.c
1 //-----------------------------------------------------------------------------
2 //
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
5 // the license.
6 //-----------------------------------------------------------------------------
7 // Low frequency Farpoint / Pyramid tag commands
8 // FSK2a, rf/50, 128 bits (complete)
9 //-----------------------------------------------------------------------------
10 #include <string.h>
11 #include <inttypes.h>
12 #include <stdio.h>
13 #include "cmdlfpyramid.h"
14 #include "proxmark3.h"
15 #include "ui.h"
16 #include "util.h"
17 #include "graph.h"
18 #include "cmdparser.h"
19 #include "cmddata.h" // setDemodBuf +
20 #include "cmdmain.h"
21 #include "cmdlf.h"
22 #include "protocols.h" // for T55xx config register definitions
23 #include "lfdemod.h" // parityTest
24 #include "crc.h"
25
26 static int CmdHelp(const char *Cmd);
27
28 int usage_lf_pyramid_clone(void){
29 PrintAndLog("clone a Farpointe/Pyramid tag to a T55x7 tag.");
30 PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated. ");
31 PrintAndLog("Currently only works on 26bit");
32 PrintAndLog("");
33 PrintAndLog("Usage: lf pyramid clone <Facility-Code> <Card-Number>");
34 PrintAndLog("Options :");
35 PrintAndLog(" <Facility-Code> : 8-bit value facility code");
36 PrintAndLog(" <Card Number> : 16-bit value card number");
37 PrintAndLog(" Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip");
38 PrintAndLog("");
39 PrintAndLog("Sample : lf pyramid clone 123 11223");
40 return 0;
41 }
42
43 int usage_lf_pyramid_sim(void) {
44 PrintAndLog("Enables simulation of Farpointe/Pyramid card with specified card number.");
45 PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
46 PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated.");
47 PrintAndLog("Currently work only on 26bit");
48 PrintAndLog("");
49 PrintAndLog("Usage: lf pyramid sim <Card-Number>");
50 PrintAndLog("Options :");
51 PrintAndLog(" <Facility-Code> : 8-bit value facility code");
52 PrintAndLog(" <Card Number> : 16-bit value card number");
53 PrintAndLog("");
54 PrintAndLog("Sample : lf pyramid sim 123 11223");
55 return 0;
56 }
57
58 // Works for 26bits.
59 int GetPyramidBits(uint32_t fc, uint32_t cn, uint8_t *pyramidBits) {
60
61 uint8_t pre[128];
62 memset(pre, 0x00, sizeof(pre));
63
64 // format start bit
65 pre[79] = 1;
66
67 // Get 26 wiegand from FacilityCode, CardNumber
68 uint8_t wiegand[24];
69 memset(wiegand, 0x00, sizeof(wiegand));
70 num_to_bytebits(fc, 8, wiegand);
71 num_to_bytebits(cn, 16, wiegand+8);
72
73 // add wiegand parity bits (dest, source, len)
74 wiegand_add_parity(pre+80, wiegand, 24);
75
76 // add paritybits (bitsource, dest, sourcelen, paritylen, parityType (odd, even,)
77 addParity(pre+8, pyramidBits+8, 102, 8, 1);
78
79 // add checksum
80 uint8_t csBuff[13];
81 for (uint8_t i = 0; i < 13; i++)
82 csBuff[i] = bytebits_to_byte(pyramidBits + 16 + (i*8), 8);
83
84 uint32_t crc = CRC8Maxim(csBuff, 13);
85 num_to_bytebits(crc, 8, pyramidBits+120);
86 return 1;
87 }
88
89 //by marshmellow
90 //Pyramid Prox demod - FSK RF/50 with preamble of 0000000000000001 (always a 128 bit data stream)
91 //print full Farpointe Data/Pyramid Prox ID and some bit format details if found
92 int CmdFSKdemodPyramid(const char *Cmd)
93 {
94 //raw fsk demod no manchester decoding no start bit finding just get binary from wave
95 uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0};
96 size_t size = getFromGraphBuf(BitStream);
97 if (size==0) return 0;
98
99 int waveIdx=0;
100 //get binary from fsk wave
101 int idx = PyramiddemodFSK(BitStream, &size, &waveIdx);
102 if (idx < 0){
103 if (g_debugMode){
104 if (idx == -5)
105 PrintAndLog("DEBUG: Error - not enough samples");
106 else if (idx == -1)
107 PrintAndLog("DEBUG: Error - only noise found");
108 else if (idx == -2)
109 PrintAndLog("DEBUG: Error - problem during FSK demod");
110 else if (idx == -3)
111 PrintAndLog("DEBUG: Error - Size not correct: %d", size);
112 else if (idx == -4)
113 PrintAndLog("DEBUG: Error - Pyramid preamble not found");
114 else
115 PrintAndLog("DEBUG: Error - idx: %d",idx);
116 }
117 return 0;
118 }
119 // Index map
120 // 0 10 20 30 40 50 60
121 // | | | | | | |
122 // 0123456 7 8901234 5 6789012 3 4567890 1 2345678 9 0123456 7 8901234 5 6789012 3
123 // -----------------------------------------------------------------------------
124 // 0000000 0 0000000 1 0000000 1 0000000 1 0000000 1 0000000 1 0000000 1 0000000 1
125 // premable xxxxxxx o xxxxxxx o xxxxxxx o xxxxxxx o xxxxxxx o xxxxxxx o xxxxxxx o
126
127 // 64 70 80 90 100 110 120
128 // | | | | | | |
129 // 4567890 1 2345678 9 0123456 7 8901234 5 6789012 3 4567890 1 2345678 9 0123456 7
130 // -----------------------------------------------------------------------------
131 // 0000000 1 0000000 1 0000000 1 0110111 0 0011000 1 0000001 0 0001100 1 1001010 0
132 // xxxxxxx o xxxxxxx o xxxxxxx o xswffff o ffffccc o ccccccc o ccccccw o ppppppp o
133 // |---115---||---------71---------|
134 // s = format start bit, o = odd parity of last 7 bits
135 // f = facility code, c = card number
136 // w = wiegand parity, x = extra space for other formats
137 // p = unknown checksum
138 // (26 bit format shown)
139
140 //get bytes for checksum calc
141 uint8_t checksum = bytebits_to_byte(BitStream + idx + 120, 8);
142 uint8_t csBuff[14] = {0x00};
143 for (uint8_t i = 0; i < 13; i++){
144 csBuff[i] = bytebits_to_byte(BitStream + idx + 16 + (i*8), 8);
145 }
146 //check checksum calc
147 //checksum calc thanks to ICEMAN!!
148 uint32_t checkCS = CRC8Maxim(csBuff,13);
149
150 //get raw ID before removing parities
151 uint32_t rawLo = bytebits_to_byte(BitStream+idx+96,32);
152 uint32_t rawHi = bytebits_to_byte(BitStream+idx+64,32);
153 uint32_t rawHi2 = bytebits_to_byte(BitStream+idx+32,32);
154 uint32_t rawHi3 = bytebits_to_byte(BitStream+idx,32);
155 setDemodBuf(BitStream,128,idx);
156 setClockGrid(50, waveIdx + (idx*50));
157
158 size = removeParity(BitStream, idx+8, 8, 1, 120);
159 if (size != 105){
160 if (g_debugMode)
161 PrintAndLog("DEBUG: Error at parity check - tag size does not match Pyramid format, SIZE: %d, IDX: %d, hi3: %x",size, idx, rawHi3);
162 return 0;
163 }
164
165 // ok valid card found!
166
167 // Index map
168 // 0 10 20 30 40 50 60 70
169 // | | | | | | | |
170 // 01234567890123456789012345678901234567890123456789012345678901234567890
171 // -----------------------------------------------------------------------
172 // 00000000000000000000000000000000000000000000000000000000000000000000000
173 // xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
174
175 // 71 80 90 100
176 // | | | |
177 // 1 2 34567890 1234567890123456 7 8901234
178 // ---------------------------------------
179 // 1 1 01110011 0000000001000110 0 1001010
180 // s w ffffffff cccccccccccccccc w ppppppp
181 // |--115-| |------71------|
182 // s = format start bit, o = odd parity of last 7 bits
183 // f = facility code, c = card number
184 // w = wiegand parity, x = extra space for other formats
185 // p = unknown checksum
186 // (26 bit format shown)
187
188 //find start bit to get fmtLen
189 int j;
190 for (j=0; j<size; j++){
191 if(BitStream[j]) break;
192 }
193 uint8_t fmtLen = size-j-8;
194 uint32_t fc = 0;
195 uint32_t cardnum = 0;
196 uint32_t code1 = 0;
197 if (fmtLen==26){
198 fc = bytebits_to_byte(BitStream+73, 8);
199 cardnum = bytebits_to_byte(BitStream+81, 16);
200 code1 = bytebits_to_byte(BitStream+72,fmtLen);
201 PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Wiegand: %x, Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, code1, rawHi3, rawHi2, rawHi, rawLo);
202 } else if (fmtLen==45){
203 fmtLen=42; //end = 10 bits not 7 like 26 bit fmt
204 fc = bytebits_to_byte(BitStream+53, 10);
205 cardnum = bytebits_to_byte(BitStream+63, 32);
206 PrintAndLog("Pyramid ID Found - BitLength: %d, FC: %d, Card: %d - Raw: %08x%08x%08x%08x", fmtLen, fc, cardnum, rawHi3, rawHi2, rawHi, rawLo);
207 } else {
208 cardnum = bytebits_to_byte(BitStream+81, 16);
209 if (fmtLen>32){
210 //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen-32);
211 //code2 = bytebits_to_byte(BitStream+(size-32),32);
212 PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo);
213 } else{
214 //code1 = bytebits_to_byte(BitStream+(size-fmtLen),fmtLen);
215 PrintAndLog("Pyramid ID Found - BitLength: %d -unknown BitLength- (%d), Raw: %08x%08x%08x%08x", fmtLen, cardnum, rawHi3, rawHi2, rawHi, rawLo);
216 }
217 }
218 if (checksum == checkCS)
219 PrintAndLog("Checksum %02x passed", checksum);
220 else
221 PrintAndLog("Checksum %02x failed - should have been %02x", checksum, checkCS);
222
223 if (g_debugMode){
224 PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, 128);
225 printDemodBuff();
226 }
227 return 1;
228 }
229
230 int CmdPyramidRead(const char *Cmd) {
231 lf_read(true, 15000);
232 return CmdFSKdemodPyramid("");
233 }
234
235 int CmdPyramidClone(const char *Cmd) {
236
237 char cmdp = param_getchar(Cmd, 0);
238 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_pyramid_clone();
239
240 uint32_t facilitycode=0, cardnumber=0, fc = 0, cn = 0;
241 uint32_t blocks[5];
242 uint8_t i;
243 uint8_t bs[128];
244 memset(bs, 0x00, sizeof(bs));
245
246 if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_pyramid_clone();
247
248 facilitycode = (fc & 0x000000FF);
249 cardnumber = (cn & 0x0000FFFF);
250
251 if ( !GetPyramidBits(facilitycode, cardnumber, bs)) {
252 PrintAndLog("Error with tag bitstream generation.");
253 return 1;
254 }
255
256 //Pyramid - compat mode, FSK2a, data rate 50, 4 data blocks
257 blocks[0] = T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_50 | 4<<T55x7_MAXBLOCK_SHIFT;
258
259 if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
260 blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 50<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT;
261
262 blocks[1] = bytebits_to_byte(bs,32);
263 blocks[2] = bytebits_to_byte(bs+32,32);
264 blocks[3] = bytebits_to_byte(bs+64,32);
265 blocks[4] = bytebits_to_byte(bs+96,32);
266
267 PrintAndLog("Preparing to clone Farpointe/Pyramid to T55x7 with Facility Code: %u, Card Number: %u", facilitycode, cardnumber);
268 PrintAndLog("Blk | Data ");
269 PrintAndLog("----+------------");
270 for ( i = 0; i<5; ++i )
271 PrintAndLog(" %02d | %08" PRIx32, i, blocks[i]);
272
273 UsbCommand resp;
274 UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
275
276 for ( i = 0; i<5; ++i ) {
277 c.arg[0] = blocks[i];
278 c.arg[1] = i;
279 clearCommandBuffer();
280 SendCommand(&c);
281 if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
282 PrintAndLog("Error occurred, device did not respond during write operation.");
283 return -1;
284 }
285 }
286 return 0;
287 }
288
289 int CmdPyramidSim(const char *Cmd) {
290
291 char cmdp = param_getchar(Cmd, 0);
292 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_pyramid_sim();
293
294 uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0;
295
296 uint8_t bs[128];
297 size_t size = sizeof(bs);
298 memset(bs, 0x00, size);
299
300 // Pyramid uses: fcHigh: 10, fcLow: 8, clk: 50, invert: 0
301 uint64_t arg1, arg2;
302 arg1 = (10 << 8) + 8;
303 arg2 = 50 | 0;
304
305 if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_pyramid_sim();
306
307 facilitycode = (fc & 0x000000FF);
308 cardnumber = (cn & 0x0000FFFF);
309
310 if ( !GetPyramidBits(facilitycode, cardnumber, bs)) {
311 PrintAndLog("Error with tag bitstream generation.");
312 return 1;
313 }
314
315 PrintAndLog("Simulating Farpointe/Pyramid - Facility Code: %u, CardNumber: %u", facilitycode, cardnumber );
316
317 UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, size}};
318 memcpy(c.d.asBytes, bs, size);
319 clearCommandBuffer();
320 SendCommand(&c);
321 return 0;
322 }
323
324 static command_t CommandTable[] = {
325 {"help", CmdHelp, 1, "This help"},
326 {"demod", CmdFSKdemodPyramid, 1, "Demodulate a Pyramid FSK tag from the GraphBuffer"},
327 {"read", CmdPyramidRead, 0, "Attempt to read and extract tag data"},
328 {"clone", CmdPyramidClone, 0, "<Facility-Code> <Card Number> clone pyramid tag"},
329 {"sim", CmdPyramidSim, 0, "<Facility-Code> <Card Number> simulate pyramid tag"},
330 {NULL, NULL, 0, NULL}
331 };
332
333 int CmdLFPyramid(const char *Cmd) {
334 clearCommandBuffer();
335 CmdsParse(CommandTable, Cmd);
336 return 0;
337 }
338
339 int CmdHelp(const char *Cmd) {
340 CmdsHelp(CommandTable);
341 return 0;
342 }
Proxmark3 GIT tracking
Impressum, Datenschutz