]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlfnedap.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FIX: 'hf iclass dump' / 'hf iclass readtagfile' - the faulty output from these...
[proxmark3-svn] / client / cmdlfnedap.c
1 //-----------------------------------------------------------------------------
2 //
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
5 // the license.
6 //-----------------------------------------------------------------------------
7 // Low frequency NEDAP tag commands
8 //-----------------------------------------------------------------------------
9 #include <string.h>
10 #include <inttypes.h>
11 #include "cmdlfnedap.h"
12 static int CmdHelp(const char *Cmd);
13
14 int usage_lf_nedap_clone(void){
15 PrintAndLog("clone a NEDAP tag to a T55x7 tag.");
16 PrintAndLog("");
17 PrintAndLog("Usage: lf nedap clone [h] <Card-Number>");
18 PrintAndLog("Options:");
19 PrintAndLog(" h : This help");
20 PrintAndLog(" <Card Number> : 24-bit value card number");
21 // PrintAndLog(" Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip");
22 PrintAndLog("");
23 PrintAndLog("Sample: lf nedap clone 112233");
24 return 0;
25 }
26
27 int usage_lf_nedap_sim(void) {
28 PrintAndLog("Enables simulation of NEDAP card with specified card number.");
29 PrintAndLog("Simulation runs until the button is pressed or another USB command is issued.");
30 PrintAndLog("");
31 PrintAndLog("Usage: lf nedap sim [h] <Card-Number>");
32 PrintAndLog("Options:");
33 PrintAndLog(" h : This help");
34 PrintAndLog(" <Card Number> : 24-bit value card number");
35 PrintAndLog("");
36 PrintAndLog("Sample: lf nedap sim 112233");
37 return 0;
38 }
39
40 int GetNedapBits(uint32_t cn, uint8_t *nedapBits) {
41
42 uint8_t pre[128];
43 memset(pre, 0x00, sizeof(pre));
44
45 // preamble 1111 1111 10 = 0XF8
46 num_to_bytebits(0xF8, 10, pre);
47
48 // fixed tagtype code? 0010 1101 = 0x2D
49 num_to_bytebits(0x2D, 8, pre+10);
50
51 // 46 encrypted bits - UNKNOWN ALGO
52 // -- 16 bits checksum. Should be 4x4 checksum, based on UID and 2 constant values.
53 // -- 30 bits undocumented?
54 num_to_bytebits(cn, 46, pre+18);
55
56 //----from this part, the UID in clear text, with a 1bit ZERO as separator between bytes.
57 pre[64] = 0;
58
59 // cardnumber (uid)
60 num_to_bytebits(cn, 24, pre+64);
61
62 pre[73] = 0;
63 pre[82] = 0;
64 pre[91] = 0;
65 pre[100] = 0;
66 pre[109] = 0;
67 pre[118] = 0;
68
69 // add paritybits (bitsource, dest, sourcelen, paritylen, parityType (odd, even,)
70 addParity(pre+64, pre+64, 128, 8, 1);
71
72 //1111111110001011010000010110100011001001000010110101001101011001000110011010010000000000100001110001001000000001000101011100111
73 return 1;
74 }
75 /*
76 - UID: 001630
77 - i: 4071
78 - Checksum2 BE21
79 */
80 //GetParity( uint8_t *bits, uint8_t type, int length)
81
82 //NEDAP demod - ASK/Biphase (or Diphase), RF/64 with preamble of 1111111110 (always a 128 bit data stream)
83 //print NEDAP Prox ID, encoding, encrypted ID,
84
85 int CmdLFNedapDemod(const char *Cmd) {
86 //raw ask demod no start bit finding just get binary from wave
87 if (!ASKbiphaseDemod("0 64 0 0", FALSE)) {
88 if (g_debugMode) PrintAndLog("Error NEDAP: ASKbiphaseDemod failed");
89 return 0;
90 }
91 size_t size = DemodBufferLen;
92 int idx = NedapDemod(DemodBuffer, &size);
93 if (idx < 0){
94 if (g_debugMode){
95 // if (idx == -5)
96 // PrintAndLog("DEBUG: Error - not enough samples");
97 // else if (idx == -1)
98 // PrintAndLog("DEBUG: Error - only noise found");
99 // else if (idx == -2)
100 // PrintAndLog("DEBUG: Error - problem during ASK/Biphase demod");
101 if (idx == -3)
102 PrintAndLog("DEBUG: Error - Size not correct: %d", size);
103 else if (idx == -4)
104 PrintAndLog("DEBUG: Error - NEDAP preamble not found");
105 else
106 PrintAndLog("DEBUG: Error - idx: %d",idx);
107 }
108 return 0;
109 }
110
111 /* Index map E E
112 preamble enc tag type encrypted uid P d 33 d 90 d 04 d 71 d 40 d 45 d E7 P
113 1111111110 00101101000001011010001100100100001011010100110101100 1 0 00110011 0 10010000 0 00000100 0 01110001 0 01000000 0 01000101 0 11100111 1
114 uid2 uid1 uid0 I I R R
115 1111111110 00101101000001011010001100100100001011010100110101100 1
116
117 0 00110011
118 0 10010000
119 0 00000100
120 0 01110001
121 0 01000000
122 0 01000101
123 0 11100111
124 1
125
126 Tag ID is 049033
127 I = Identical on all tags
128 R = Random ?
129 UID2, UID1, UID0 == card number
130
131 */
132 //get raw ID before removing parities
133 uint32_t raw[4] = {0,0,0,0};
134 raw[0] = bytebits_to_byte(DemodBuffer+idx+96,32);
135 raw[1] = bytebits_to_byte(DemodBuffer+idx+64,32);
136 raw[2] = bytebits_to_byte(DemodBuffer+idx+32,32);
137 raw[3] = bytebits_to_byte(DemodBuffer+idx,32);
138 setDemodBuf(DemodBuffer,128,idx);
139
140 uint8_t firstParity = GetParity( DemodBuffer, EVEN, 63);
141 if ( firstParity != DemodBuffer[63] ) {
142 PrintAndLog("1st 64bit parity check failed: %d|%d ", DemodBuffer[63], firstParity);
143 return 0;
144 }
145
146 uint8_t secondParity = GetParity( DemodBuffer+64, EVEN, 63);
147 if ( secondParity != DemodBuffer[127] ) {
148 PrintAndLog("2st 64bit parity check failed: %d|%d ", DemodBuffer[127], secondParity);
149 return 0;
150 }
151
152 // ok valid card found!
153 uint32_t uid = 0;
154 uid = bytebits_to_byte(DemodBuffer+65, 8);
155 uid |= bytebits_to_byte(DemodBuffer+74, 8) << 8;
156 uid |= bytebits_to_byte(DemodBuffer+83, 8) << 16;
157
158 uint16_t two = 0;
159 two = bytebits_to_byte(DemodBuffer+92, 8);
160 two |= bytebits_to_byte(DemodBuffer+101, 8) << 8;
161
162 uint16_t chksum2 = 0;
163 chksum2 = bytebits_to_byte(DemodBuffer+110, 8);
164 chksum2 |= bytebits_to_byte(DemodBuffer+119, 8) << 8;
165
166 PrintAndLog("NEDAP ID Found - Raw: %08x%08x%08x%08x", raw[3], raw[2], raw[1], raw[0]);
167 PrintAndLog(" - UID: %06X", uid);
168 PrintAndLog(" - i: %04X", two);
169 PrintAndLog(" - Checksum2 %04X", chksum2);
170
171 if (g_debugMode){
172 PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, 128);
173 printDemodBuff();
174 PrintAndLog("BIN:\n%s", sprint_bin_break( DemodBuffer, 128, 64) );
175 }
176
177 return 1;
178 }
179 /*
180 configuration
181 lf t55xx wr b 0 d 00170082
182
183 1) uid 049033
184 lf t55 wr b 1 d FF8B4168
185 lf t55 wr b 2 d C90B5359
186 lf t55 wr b 3 d 19A40087
187 lf t55 wr b 4 d 120115CF
188
189 2) uid 001630
190 lf t55 wr b 1 d FF8B6B20
191 lf t55 wr b 2 d F19B84A3
192 lf t55 wr b 3 d 18058007
193 lf t55 wr b 4 d 1200857C
194
195 3) uid 39feff
196 lf t55xx wr b 1 d ffbfa73e
197 lf t55xx wr b 2 d 4c0003ff
198 lf t55xx wr b 3 d ffbfa73e
199 lf t55xx wr b 4 d 4c0003ff
200
201 */
202
203 int CmdLFNedapRead(const char *Cmd) {
204 CmdLFRead("s");
205 getSamples("30000",false);
206 return CmdLFNedapDemod("");
207 }
208 /*
209 int CmdLFNedapClone(const char *Cmd) {
210
211 char cmdp = param_getchar(Cmd, 0);
212 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_nedap_clone();
213
214 uint32_t cardnumber=0, cn = 0;
215 uint32_t blocks[5];
216 uint8_t i;
217 uint8_t bs[128];
218 memset(bs, 0x00, sizeof(bs));
219
220 if (sscanf(Cmd, "%u", &cn ) != 1) return usage_lf_nedap_clone();
221
222 cardnumber = (cn & 0x00FFFFFF);
223
224 if ( !GetNedapBits(cardnumber, bs)) {
225 PrintAndLog("Error with tag bitstream generation.");
226 return 1;
227 }
228
229 ((ASK/biphase data rawdemod ab 0 64 1 0
230 //NEDAP - compat mode, ASK/Biphase, data rate 64, 4 data blocks
231 blocks[0] = T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 4<<T55x7_MAXBLOCK_SHIFT;
232
233 if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
234 //t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
235 blocks[0] = T5555_MODULATION_BIPHASE | T5555_INVERT_OUTPUT | 64<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT;
236
237 blocks[1] = bytebits_to_byte(bs,32);
238 blocks[2] = bytebits_to_byte(bs+32,32);
239 blocks[3] = bytebits_to_byte(bs+64,32);
240 blocks[4] = bytebits_to_byte(bs+96,32);
241
242 PrintAndLog("Preparing to clone NEDAP to T55x7 with card number: %u", cardnumber);
243 PrintAndLog("Blk | Data ");
244 PrintAndLog("----+------------");
245 for ( i = 0; i<5; ++i )
246 PrintAndLog(" %02d | %08" PRIx32, i, blocks[i]);
247
248 UsbCommand resp;
249 UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
250
251 for ( i = 0; i<5; ++i ) {
252 c.arg[0] = blocks[i];
253 c.arg[1] = i;
254 clearCommandBuffer();
255 SendCommand(&c);
256 if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
257 PrintAndLog("Error occurred, device did not respond during write operation.");
258 return -1;
259 }
260 }
261 return 0;
262 }
263 */
264
265 int CmdLFNedapSim(const char *Cmd) {
266
267 char cmdp = param_getchar(Cmd, 0);
268 if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_nedap_sim();
269
270 uint32_t cardnumber = 0, cn = 0;
271
272 uint8_t bs[128];
273 size_t size = sizeof(bs);
274 memset(bs, 0x00, size);
275
276 // NEDAP, Bihase = 2, clock 64, inverted,
277 uint8_t encoding = 2, separator = 0, clk=64, invert=1;
278 uint16_t arg1, arg2;
279 arg1 = clk << 8 | encoding;
280 arg2 = invert << 8 | separator;
281
282 if (sscanf(Cmd, "%u", &cn ) != 1) return usage_lf_nedap_sim();
283 cardnumber = (cn & 0x00FFFFFF);
284
285 if ( !GetNedapBits(cardnumber, bs)) {
286 PrintAndLog("Error with tag bitstream generation.");
287 return 1;
288 }
289
290 PrintAndLog("Simulating Nedap - CardNumber: %u", cardnumber );
291
292 UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}};
293 memcpy(c.d.asBytes, bs, size);
294 clearCommandBuffer();
295 SendCommand(&c);
296 return 0;
297 }
298
299 int CmdLFNedapChk(const char *Cmd){
300
301 uint8_t data[256] = { 0x30, 0x16, 0x00, 0x71, 0x40, 0x21, 0xBE};
302 int len = 0;
303 param_gethex_ex(Cmd, 0, data, &len);
304
305 len = ( len == 0 ) ? 5 : len>>1;
306
307 PrintAndLog("Input: [%d] %s", len, sprint_hex(data, len));
308
309 //uint8_t last = GetParity(data, EVEN, 62);
310 //PrintAndLog("TEST PARITY:: %d | %d ", DemodBuffer[62], last);
311
312 uint8_t cl = 0x1D, ch = 0x1D, carry = 0;
313 uint8_t al, bl, temp;
314
315 for (int i = 0; i < len; ++i){
316 al = data[i];
317 for (int j = 8; j > 0; --j) {
318
319 bl = al ^ ch;
320 //printf("BL %02x | CH %02x \n", al, ch);
321
322 carry = (cl & 0x80) ? 1 : 0;
323 cl <<= 1;
324
325 temp = (ch & 0x80) ? 1 : 0;
326 ch = (ch << 1) | carry;
327 carry = temp;
328
329 carry = (al & 0x80) ? 1 : 0;
330 al <<= 1;
331
332 carry = (bl & 0x80) ? 1 : 0;
333 bl <<= 1;
334
335 if (carry) {
336 cl ^= 0x21;
337 ch ^= 0x10;
338 }
339 }
340 }
341
342 PrintAndLog("Nedap checksum: [ 0x21, 0xBE ] %x", ((ch << 8) | cl) );
343 return 0;
344 }
345
346
347 static command_t CommandTable[] = {
348 {"help", CmdHelp, 1, "This help"},
349 {"read", CmdLFNedapRead, 0, "Attempt to read and extract tag data"},
350 // {"clone", CmdLFNedapClone,0, "<Card Number> clone nedap tag"},
351 {"sim", CmdLFNedapSim, 0, "<Card Number> simulate nedap tag"},
352 {"chk", CmdLFNedapChk, 1, "Calculate Nedap Checksum <uid bytes>"},
353 {NULL, NULL, 0, NULL}
354 };
355
356 int CmdLFNedap(const char *Cmd) {
357 clearCommandBuffer();
358 CmdsParse(CommandTable, Cmd);
359 return 0;
360 }
361
362 int CmdHelp(const char *Cmd) {
363 CmdsHelp(CommandTable);
364 return 0;
365 }
Proxmark3 GIT tracking
Impressum, Datenschutz