X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/05442fa6f7839d1817c1b480a99c733c74c1634d..57778a46308a250f4c9b1516aa8ca251d4e09cc5:/client/cmdlfawid.c
diff --git a/client/cmdlfawid.c b/client/cmdlfawid.c
index a304cf7b..9883437a 100644
--- a/client/cmdlfawid.c
+++ b/client/cmdlfawid.c
@@ -36,7 +36,7 @@ int usage_lf_awid_sim(void) {
PrintAndLog("Usage: lf awid sim [h] <format> <facility-code> <card-number>");
PrintAndLog("Options:");
PrintAndLog(" h : This help");
- PrintAndLog(" <format> : format length 26|50");
+ PrintAndLog(" <format> : format length 26|34|37|50");
PrintAndLog(" <facility-code> : 8|16bit value facility code");
PrintAndLog(" <card number> : 16|32-bit value card number");
PrintAndLog("");
@@ -53,7 +53,7 @@ int usage_lf_awid_clone(void) {
PrintAndLog("Usage: lf awid clone [h] <format> <facility-code> <card-number> [Q5]");
PrintAndLog("Options:");
PrintAndLog(" h : This help");
- PrintAndLog(" <format> : format length 26|50");
+ PrintAndLog(" <format> : format length 26|34|37|50");
PrintAndLog(" <facility-code> : 8|16bit value facility code");
PrintAndLog(" <card number> : 16|32-bit value card number");
PrintAndLog(" Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip");
@@ -84,6 +84,18 @@ int usage_lf_awid_brute(void){
return 0;
}
+static int sendPing(void){
+ UsbCommand ping = {CMD_PING, {1, 2, 3}};
+ SendCommand(&ping);
+ SendCommand(&ping);
+ SendCommand(&ping);
+ clearCommandBuffer();
+ UsbCommand resp;
+ if (WaitForResponseTimeout(CMD_ACK, &resp, 1000))
+ return 0;
+ return 1;
+}
+
static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bs, size_t bs_len){
PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
@@ -99,32 +111,26 @@ static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, ui
clearCommandBuffer();
SendCommand(&c);
msleep(delay);
+ sendPing();
return TRUE;
}
-static int sendPing(){
- UsbCommand resp;
- UsbCommand ping = {CMD_PING};
- clearCommandBuffer();
- SendCommand(&ping);
- if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) {
- PrintAndLog("aborted via keyboard!");
- return 0;
- }
- PrintAndLog("Device didnt respond to ABORT");
- return 1;
-}
int CmdAWIDDemodFSK(const char *Cmd) {
- int findone = 0;
- if (Cmd[0] == 'h' || Cmd[0] == 'H') return usage_lf_awid_fskdemod();
- if (Cmd[0] == '1') findone = 1;
+ if (Cmd[0] == 'h' || Cmd[0] == 'H') return usage_lf_awid_fskdemod();
+ uint8_t findone = (Cmd[0] == '1') ? 1 : 0;
UsbCommand c = {CMD_AWID_DEMOD_FSK, {findone, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
return 0;
}
+int CmdAWIDRead(const char *Cmd) {
+ CmdLFRead("s");
+ getSamples("12000", TRUE);
+ return CmdFSKdemodAWID(Cmd);
+}
+
//refactored by marshmellow
int getAWIDBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *bits) {
@@ -138,16 +144,35 @@ int getAWIDBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *bits) {
num_to_bytebits(fmtlen, 8, pre);
// add facilitycode, cardnumber and wiegand parity bits
- if ( fmtlen == 26 ) {
- uint8_t wiegand[24];
- num_to_bytebits(fc, 8, wiegand);
- num_to_bytebits(cn, 16, wiegand+8);
- wiegand_add_parity(pre+8, wiegand, sizeof(wiegand));
- } else {
- uint8_t wiegand[48];
- num_to_bytebits(fc, 16, wiegand);
- num_to_bytebits(cn, 32, wiegand+16);
- wiegand_add_parity(pre+8, wiegand, sizeof(wiegand));
+ switch (fmtlen) {
+ case 26:{
+ uint8_t wiegand[24];
+ num_to_bytebits(fc, 8, wiegand);
+ num_to_bytebits(cn, 16, wiegand+8);
+ wiegand_add_parity(pre+8, wiegand, sizeof(wiegand));
+ break;
+ }
+ case 34:{
+ uint8_t wiegand[32];
+ num_to_bytebits(fc, 8, wiegand);
+ num_to_bytebits(cn, 24, wiegand+8);
+ wiegand_add_parity(pre+8, wiegand, sizeof(wiegand));
+ break;
+ }
+ case 37:{
+ uint8_t wiegand[31];
+ num_to_bytebits(fc, 13, wiegand);
+ num_to_bytebits(cn, 18, wiegand+13);
+ wiegand_add_parity(pre+8, wiegand, sizeof(wiegand));
+ break;
+ }
+ case 50: {
+ uint8_t wiegand[48];
+ num_to_bytebits(fc, 16, wiegand);
+ num_to_bytebits(cn, 32, wiegand+16);
+ wiegand_add_parity(pre+8, wiegand, sizeof(wiegand));
+ break;
+ }
}
// add AWID 4bit parity
@@ -157,6 +182,49 @@ int getAWIDBits(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint8_t *bits) {
return 1;
}
+static void verify_values(uint8_t *fmtlen, uint32_t *fc, uint32_t *cn){
+ switch (*fmtlen) {
+ case 50:
+ if ((*fc & 0xFFFF) != *fc) {
+ *fc &= 0xFFFF;
+ PrintAndLog("Facility-Code Truncated to 16-bits (AWID50): %u", *fc);
+ }
+ break;
+ case 37:
+ if ((*fc & 0x1FFF) != *fc) {
+ *fc &= 0x1FFF;
+ PrintAndLog("Facility-Code Truncated to 13-bits (AWID37): %u", *fc);
+ }
+ if ((*cn & 0x3FFFF) != *cn) {
+ *cn &= 0x3FFFF;
+ PrintAndLog("Card Number Truncated to 18-bits (AWID37): %u", *cn);
+ }
+ break;
+ case 34:
+ if ((*fc & 0xFF) != *fc) {
+ *fc &= 0xFF;
+ PrintAndLog("Facility-Code Truncated to 8-bits (AWID34): %u", *fc);
+ }
+ if ((*cn & 0xFFFFFF) != *cn) {
+ *cn &= 0xFFFFFF;
+ PrintAndLog("Card Number Truncated to 24-bits (AWID34): %u", *cn);
+ }
+ break;
+ case 26:
+ default:
+ *fmtlen = 26;
+ if ((*fc & 0xFF) != *fc) {
+ *fc &= 0xFF;
+ PrintAndLog("Facility-Code Truncated to 8-bits (AWID26): %u", *fc);
+ }
+ if ((*cn & 0xFFFF) != *cn) {
+ *cn &= 0xFFFF;
+ PrintAndLog("Card Number Truncated to 16-bits (AWID26): %u", *cn);
+ }
+ break;
+ }
+}
+
int CmdAWIDSim(const char *Cmd) {
uint32_t fc = 0, cn = 0;
uint8_t fmtlen = 0;
@@ -176,26 +244,7 @@ int CmdAWIDSim(const char *Cmd) {
cn = param_get32ex(Cmd, 2, 0, 10);
if ( !fc || !cn) return usage_lf_awid_sim();
- switch(fmtlen) {
- case 26:
- if ((fc & 0xFF) != fc) {
- fc &= 0xFF;
- PrintAndLog("Facility-Code Truncated to 8-bits (AWID26): %u", fc);
- }
-
- if ((cn & 0xFFFF) != cn) {
- cn &= 0xFFFF;
- PrintAndLog("Card Number Truncated to 16-bits (AWID26): %u", cn);
- }
- break;
- case 50:
- if ((fc & 0xFFFF) != fc) {
- fc &= 0xFFFF;
- PrintAndLog("Facility-Code Truncated to 16-bits (AWID50): %u", fc);
- }
- break;
- default: break;
- }
+ verify_values(&fmtlen, &fc, &cn);
PrintAndLog("Emulating AWID %u -- FC: %u; CN: %u\n", fmtlen, fc, cn);
PrintAndLog("Press pm3-button to abort simulation or run another command");
@@ -232,31 +281,12 @@ int CmdAWIDClone(const char *Cmd) {
if ( !fc || !cn) return usage_lf_awid_clone();
- switch(fmtlen) {
- case 50:
- if ((fc & 0xFFFF) != fc) {
- fc &= 0xFFFF;
- PrintAndLog("Facility-Code Truncated to 16-bits (AWID50): %u", fc);
- }
- break;
- default:
- fmtlen = 26;
- if ((fc & 0xFF) != fc) {
- fc &= 0xFF;
- PrintAndLog("Facility-Code Truncated to 8-bits (AWID26): %u", fc);
- }
-
- if ((cn & 0xFFFF) != cn) {
- cn &= 0xFFFF;
- PrintAndLog("Card Number Truncated to 16-bits (AWID26): %u", cn);
- }
- break;
- }
-
- if (param_getchar(Cmd, 4) == 'Q' || param_getchar(Cmd, 4) == 'q')
+ if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
//t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
- blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 50<<T5555_BITRATE_SHIFT | 3<<T5555_MAXBLOCK_SHIFT;
+ blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | ((50-2)>>1) << T5555_BITRATE_SHIFT | 3<<T5555_MAXBLOCK_SHIFT;
+ verify_values(&fmtlen, &fc, &cn);
+
if ( !getAWIDBits(fmtlen, fc, cn, bs)) {
PrintAndLog("Error with tag bitstream generation.");
return 1;
@@ -282,7 +312,7 @@ int CmdAWIDClone(const char *Cmd) {
c.arg[1] = i;
clearCommandBuffer();
SendCommand(&c);
- if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)){
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)){
PrintAndLog("Error occurred, device did not respond during write operation.");
return -1;
}
@@ -356,8 +386,6 @@ int CmdAWIDBrute(const char *Cmd){
break;
}
- // start
-
PrintAndLog("Bruteforceing AWID %d Reader", fmtlen);
PrintAndLog("Press pm3-button to abort simulation or press key");
@@ -366,7 +394,14 @@ int CmdAWIDBrute(const char *Cmd){
for (;;){
- if (ukbhit()) return sendPing();
+ if ( offline ) {
+ printf("Device offline\n");
+ return 2;
+ }
+ if (ukbhit()) {
+ PrintAndLog("aborted via keyboard!");
+ return sendPing();
+ }
// Do one up
if ( up < 0xFFFF )
@@ -374,7 +409,7 @@ int CmdAWIDBrute(const char *Cmd){
// Do one down (if cardnumber is given)
if ( cn > 1 )
- if ( down > 0 )
+ if ( down > 1 )
if ( !sendTry(fmtlen, fc, --down, delay, bs, size)) return 1;
}
return 0;
@@ -383,6 +418,7 @@ int CmdAWIDBrute(const char *Cmd){
static command_t CommandTable[] = {
{"help", CmdHelp, 1, "This help"},
{"fskdemod", CmdAWIDDemodFSK, 0, "Realtime AWID FSK demodulator"},
+ {"read", CmdAWIDRead, 0, "Attempt to read and extract tag data"},
{"sim", CmdAWIDSim, 0, "AWID tag simulator"},
{"clone", CmdAWIDClone, 0, "Clone AWID to T55x7"},
{"brute", CmdAWIDBrute, 0, "Bruteforce card number against reader"},