1 //-----------------------------------------------------------------------------
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
6 //-----------------------------------------------------------------------------
7 // Low frequency visa 2000 tag commands
9 // ASK/Manchester, RF/64, STT, 96 bits (complete)
10 //-----------------------------------------------------------------------------
12 #include "cmdlfvisa2000.h"
16 #include "proxmark3.h"
20 #include "cmddata.h" // for ASKDemod_ext, g_debugMode, DemodBuffer ...
21 #include "cmdmain.h" // for clearCommandBuffer and WaitForResponseTimeout
23 #include "protocols.h" // for T55xx config register definitions
24 #include "lfdemod.h" // for Visa2kDemod_AM
26 #define BL0CK1 0x56495332
28 static int CmdHelp(const char *Cmd
);
30 int usage_lf_visa2k_clone(void){
31 PrintAndLog("clone a Visa2000 tag to a T55x7 tag.");
32 PrintAndLog("Usage: lf visa2k clone [h] <card ID> <Q5>");
33 PrintAndLog("Options:");
34 PrintAndLog(" h : This help");
35 PrintAndLog(" <card ID> : Visa2k card ID");
36 PrintAndLog(" <Q5> : specify write to Q5 (t5555 instead of t55x7)");
38 PrintAndLog("Sample: lf visa2k clone 112233");
42 int usage_lf_visa2k_sim(void) {
43 PrintAndLog("Enables simulation of visa2k card with specified card number.");
44 PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
46 PrintAndLog("Usage: lf visa2k sim [h] <card ID>");
47 PrintAndLog("Options:");
48 PrintAndLog(" h : This help");
49 PrintAndLog(" <card ID> : Visa2k card ID");
51 PrintAndLog("Sample: lf visa2k sim 112233");
55 static uint8_t visa_chksum( uint32_t id
) {
57 for (uint8_t i
= 0; i
< 32; i
+= 4)
58 sum
^= (id
>> i
) & 0xF;
63 static uint8_t visa_parity( uint32_t id
) {
72 par
|= par_lut
[ (id
>> 28) & 0xF ] << 7;
73 par
|= par_lut
[ (id
>> 24) & 0xF ] << 6;
74 par
|= par_lut
[ (id
>> 20) & 0xF ] << 5;
75 par
|= par_lut
[ (id
>> 16) & 0xF ] << 4;
76 par
|= par_lut
[ (id
>> 12) & 0xF ] << 3;
77 par
|= par_lut
[ (id
>> 8) & 0xF ] << 2;
78 par
|= par_lut
[ (id
>> 4) & 0xF ] << 1;
79 par
|= par_lut
[ (id
& 0xF) ];
86 * 56495332 00096ebd 00000077 —> tag id 618173
87 * aaaaaaaa iiiiiiii -----ppc
89 * a = fixed value ascii 'VIS2'
91 * p = even parity bit for each nibble in card id.
92 * c = checksum (xor of card id)
95 //see ASKDemod for what args are accepted
96 int CmdVisa2kDemod(const char *Cmd
) {
98 //sCmdAskEdgeDetect("");
102 if (!ASKDemod_ext("64 0 0", false, false, 1, &st
)) {
103 if (g_debugMode
) PrintAndLog("DEBUG: Error - Visa2k: ASK/Manchester Demod failed");
106 size_t size
= DemodBufferLen
;
107 int ans
= Visa2kDemod_AM(DemodBuffer
, &size
);
111 PrintAndLog("DEBUG: Error - Visa2k: too few bits found");
113 PrintAndLog("DEBUG: Error - Visa2k: preamble not found");
115 PrintAndLog("DEBUG: Error - Visa2k: Size not correct: %d", size
);
117 PrintAndLog("DEBUG: Error - Visa2k: ans: %d", ans
);
121 setDemodBuf(DemodBuffer
, 96, ans
);
125 uint32_t raw1
= bytebits_to_byte(DemodBuffer
, 32);
126 uint32_t raw2
= bytebits_to_byte(DemodBuffer
+32, 32);
127 uint32_t raw3
= bytebits_to_byte(DemodBuffer
+64, 32);
130 uint8_t calc
= visa_chksum(raw2
);
131 uint8_t chk
= raw3
& 0xF;
135 printf("DEBUG: error: Visa2000 checksum failed %x - %x\n", chk
, calc
);
139 uint8_t calc_par
= visa_parity(raw2
);
140 uint8_t chk_par
= (raw3
& 0xFF0) >> 4;
141 if ( calc_par
!= chk_par
) {
142 printf("DEBUG: error: Visa2000 parity failed %x - %x\n", chk_par
, calc_par
);
145 PrintAndLog("Visa2000 Tag Found: Card ID %u, Raw: %08X%08X%08X", raw2
, raw1
,raw2
, raw3
);
149 int CmdVisa2kRead(const char *Cmd
) {
150 //64*96*2=12288 samples just in case we just missed the first preamble we can still catch 2 of them
151 lf_read(true, 12500);
152 return CmdVisa2kDemod(Cmd
);
155 int CmdVisa2kClone(const char *Cmd
) {
158 uint32_t blocks
[4] = {T55x7_MODULATION_MANCHESTER
| T55x7_BITRATE_RF_64
| T55x7_ST_TERMINATOR
| 3 << T55x7_MAXBLOCK_SHIFT
, BL0CK1
, 0};
160 char cmdp
= param_getchar(Cmd
, 0);
161 if (strlen(Cmd
) == 0 || cmdp
== 'h' || cmdp
== 'H') return usage_lf_visa2k_clone();
163 id
= param_get32ex(Cmd
, 0, 0, 10);
166 if (param_getchar(Cmd
, 1) == 'Q' || param_getchar(Cmd
, 1) == 'q') {
167 //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
168 blocks
[0] = T5555_MODULATION_MANCHESTER
| ((64-2)>>1) << T5555_BITRATE_SHIFT
| T5555_ST_TERMINATOR
| 3 << T5555_MAXBLOCK_SHIFT
;
172 blocks
[3] = (visa_parity(id
) << 4) | visa_chksum(id
);
174 PrintAndLog("Preparing to clone Visa2000 to T55x7 with CardId: %u", id
);
175 PrintAndLog("Blk | Data ");
176 PrintAndLog("----+------------");
177 for(int i
= 0; i
<4; ++i
)
178 PrintAndLog(" %02d | 0x%08x", i
, blocks
[i
]);
181 UsbCommand c
= {CMD_T55XX_WRITE_BLOCK
, {0,0,0}};
183 for (int i
= 3; i
>= 0; --i
) {
184 c
.arg
[0] = blocks
[i
];
186 clearCommandBuffer();
188 if (!WaitForResponseTimeout(CMD_ACK
, &resp
, T55XX_WRITE_TIMEOUT
)){
189 PrintAndLog("Error occurred, device did not respond during write operation.");
196 int CmdVisa2kSim(const char *Cmd
) {
199 char cmdp
= param_getchar(Cmd
, 0);
200 if (strlen(Cmd
) == 0 || cmdp
== 'h' || cmdp
== 'H') return usage_lf_visa2k_sim();
202 id
= param_get32ex(Cmd
, 0, 0, 10);
204 uint8_t clk
= 64, encoding
= 1, separator
= 1, invert
= 0;
207 arg1
= clk
<< 8 | encoding
;
208 arg2
= invert
<< 8 | separator
;
210 PrintAndLog("Simulating Visa2000 - CardId: %u", id
);
212 UsbCommand c
= {CMD_ASK_SIM_TAG
, {arg1
, arg2
, size
}};
214 uint32_t blocks
[3] = { BL0CK1
, id
, (visa_parity(id
) << 4) | visa_chksum(id
) };
216 for(int i
=0; i
<3; ++i
)
217 num_to_bytebits(blocks
[i
], 32, c
.d
.asBytes
+ i
*32);
219 clearCommandBuffer();
224 static command_t CommandTable
[] = {
225 {"help", CmdHelp
, 1, "This help"},
226 {"demod", CmdVisa2kDemod
, 1, "Attempt to demod from GraphBuffer"},
227 {"read", CmdVisa2kRead
, 0, "Attempt to read and extract tag data"},
228 {"clone", CmdVisa2kClone
, 0, "clone Visa2000 tag"},
229 {"sim", CmdVisa2kSim
, 0, "simulate Visa2000 tag"},
230 {NULL
, NULL
, 0, NULL
}
233 int CmdLFVisa2k(const char *Cmd
) {
234 clearCommandBuffer();
235 CmdsParse(CommandTable
, Cmd
);
239 int CmdHelp(const char *Cmd
) {
240 CmdsHelp(CommandTable
);