X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/2453ca6529057d9dc060a00c45058e0b7090e5b7..3c61ee4338440d7b203322f7941bc5774935ef48:/client/cmdlfguard.c

diff --git a/client/cmdlfguard.c b/client/cmdlfguard.c
index 7f58e994..a6bc5e87 100644
--- a/client/cmdlfguard.c
+++ b/client/cmdlfguard.c
@@ -47,40 +47,14 @@ int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) {
 	// Intializes random number generator
 	time_t t;
 	srand((unsigned) time(&t));
-
-	uint8_t pre[96];
-	memset(pre, 0x00, sizeof(pre));
-
-	uint8_t index = 8;
+	//uint8_t xorKey = rand() % 0xFF;
+	uint8_t xorKey = 0x66;
+	uint8_t i;
 	
-	// preamble  6bits
-	pre[0] = 1;
-	pre[1] = 1;
-	pre[2] = 1;
-	pre[3] = 1;
-	pre[4] = 1;
-	//pre[5] = 0;
-
-	// add xor key
-	uint8_t xorKey = rand() % 0xFF;
-	num_to_bytebits(xorKey, 8, pre+index);
-	index += 8;
 	
-	// add format length
-	// len | hex | bin  wiegand pos fc/cn   
-	//  26 | 1A  | 0001 1010
-	num_to_bytebits(26, 8, pre+index);
-	//  36 | 24  | 0010 0100
-	//num_to_bytebits(36, 8, pre+index);
-	//  40 | 28  | 0010 1000
-	//num_to_bytebits(40, 8, pre+index);
+	uint8_t pre[96];
+	memset(pre, 0x00, sizeof(pre));
 
-	index += 8;
-	
-	// 2bit checksum
-	// unknown today.
-	index += 2;
-	
 	// Get 26 wiegand from FacilityCode, CardNumber	
 	uint8_t wiegand[24];
 	memset(wiegand, 0x00, sizeof(wiegand));
@@ -88,26 +62,61 @@ int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) {
 	num_to_bytebits(cn, 16, wiegand+8);
 
 	// add wiegand parity bits (dest, source, len)
-	wiegand_add_parity(pre+index, wiegand, 24);
-
-	uint8_t tmp = 0, i = 0;
-	for (i = 2; i < 12; ++i) {
-		// // xor all bytes
-		// tmp = xorKey ^ bytebits_to_byte(pre + (i*8), 8);
-		
-		// // copy to out..
-		// num_to_bytebits(tmp, 8, pre + (i*8) );
-	}
+	wiegand_add_parity(pre, wiegand, 24);
 
-	// add spacer bit 0 every 5
+	// lets start. 12bytes of data to be produced.
+	uint8_t rawbytes[12];
+	memset(rawbytes, 0x00, sizeof(rawbytes));
+
+	// xor key
+	rawbytes[0] = xorKey;
+
+	// add format length (decimal)
+	// len | hex | bin
+	//  26 | 1A  | 0001 1010
+	rawbytes[1] = (26 << 2);
+	//  36 | 24  | 0010 0100
+	//rawbytes[1] = (36 << 2);
+	//  40 | 28  | 0010 1000
+	//rawbytes[1] = (40 << 2);
+	
+	// 2bit checksum, unknown today, 
+	// these two bits are the last ones of rawbyte[1], hence the LSHIFT above.
+	rawbytes[2] = 1;
+	rawbytes[3] = 0;
+	
+	// add wiegand to rawbytes
+	for (i = 0; i < 4; ++i)
+		rawbytes[i+4] = bytebits_to_byte( pre + (i*8), 8);
+	
+	if (g_debugMode) printf(" WIE | %s\n", sprint_hex(rawbytes, sizeof(rawbytes)));	
 	
-	// swap nibbles
+	// XOR (only works on wiegand stuff)
+	for (i = 1; i < 12; ++i)
+		rawbytes[i] ^= xorKey ;
 	
+	if (g_debugMode) printf(" XOR | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+
+	// convert rawbytes to bits in pre
+	for (i = 0; i < 12; ++i)
+		num_to_bytebitsLSBF( rawbytes[i], 8, pre + (i*8));
+
+	if (g_debugMode) printf("\n Raw | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+	if (g_debugMode) printf(" Raw | %s\n", sprint_bin(pre, 64) );
 	
-	// copy to outarray
-	memcpy(guardBits, pre, sizeof(pre));
+	// add spacer bit 0 every 4 bits, starting with index 0,
+	// 12 bytes, 24 nibbles.  24+1 extra bites. 3bytes.  ie 9bytes | 1byte xorkey, 8bytes rawdata (64bits, should be enough for a 40bit wiegand)
+	addParity(pre, guardBits+6, 64, 5, 3);
+
+	// preamble
+	guardBits[0] = 1;
+	guardBits[1] = 1;
+	guardBits[2] = 1;
+	guardBits[3] = 1;
+	guardBits[4] = 1;
+	guardBits[5] = 0;
 	
-	printf(" | %s\n", sprint_bin(guardBits, 96) );
+	if (g_debugMode) printf(" FIN | %s\n", sprint_bin(guardBits, 96) );
 	return 1;
 }
 
@@ -131,6 +140,7 @@ int CmdGuardClone(const char *Cmd) {
 	uint32_t blocks[5] = {T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 3<<T55x7_MAXBLOCK_SHIFT, 0, 0, 0, 0};
 	
 //	if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
+	//t5555 (Q5) BITRATE = (RF-2)/2 (iceman)
 //		blocks[0] = T5555_MODULATION_FSK2 | 50<<T5555_BITRATE_SHIFT | 4<<T5555_MAXBLOCK_SHIFT;
 
 	if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_guard_clone();
@@ -153,19 +163,19 @@ int CmdGuardClone(const char *Cmd) {
 	for ( i = 0; i<4; ++i )
 		PrintAndLog(" %02d | %08x", i, blocks[i]);
 
-	// UsbCommand resp;
-	// UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
-
-	// for ( i = 0; i<5; ++i ) {
-		// c.arg[0] = blocks[i];
-		// c.arg[1] = i;
-		// clearCommandBuffer();
-		// SendCommand(&c);
-		// if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
-			// PrintAndLog("Error occurred, device did not respond during write operation.");
-			// return -1;
-		// }
-	// }
+	UsbCommand resp;
+	UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
+
+	for ( i = 0; i<4; ++i ) {
+		c.arg[0] = blocks[i];
+		c.arg[1] = i;
+		clearCommandBuffer();
+		SendCommand(&c);
+		if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
+			PrintAndLog("Error occurred, device did not respond during write operation.");
+			return -1;
+		}
+	}
     return 0;
 }
 
@@ -175,16 +185,11 @@ int CmdGuardSim(const char *Cmd) {
 	if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_sim();
 
 	uint32_t facilitycode = 0, cardnumber = 0, fc = 0, cn = 0;
+	uint8_t clock = 64, encoding = 2, separator = 0, invert = 0;
 	
 	uint8_t bs[96];
-	size_t size = sizeof(bs);
-	memset(bs, 0x00, size);
+	memset(bs, 0x00, sizeof(bs));
 	
-	// Pyramid uses:  ASK Biphase, clk: 32, invert: 0
-	uint64_t arg1, arg2;
-	arg1 = (10 << 8) + 8;
-	arg2 = 32 | 0;
-
 	if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) return usage_lf_guard_sim();
 
 	facilitycode = (fc & 0x000000FF);
@@ -196,9 +201,20 @@ int CmdGuardSim(const char *Cmd) {
 	}	
 
 	PrintAndLog("Simulating Guardall - Facility Code: %u, CardNumber: %u", facilitycode, cardnumber );
-	
+
+	// Guard uses:  clk: 64, invert: 0, encoding: 2 (ASK Biphase)
+	uint64_t arg1, arg2;
+	arg1 = (clock << 8) | encoding;
+	arg2 = (invert << 8) | separator;
+
+	uint8_t rawbytes[12];
+	size_t size = sizeof(rawbytes);
+	for (uint8_t i=0; i < size; ++i){
+		rawbytes[i] =  bytebits_to_byte( bs + (i*8), 8);
+	}
+
 	UsbCommand c = {CMD_ASK_SIM_TAG, {arg1, arg2, size}};
-	memcpy(c.d.asBytes, bs, size);
+	memcpy(c.d.asBytes, rawbytes, size );
 	clearCommandBuffer();
 	SendCommand(&c);
 	return 0;
@@ -207,8 +223,8 @@ int CmdGuardSim(const char *Cmd) {
 static command_t CommandTable[] = {
     {"help",	CmdHelp,		1, "This help"},
 	{"read",	CmdGuardRead,  0, "Attempt to read and extract tag data"},
-//	{"clone",	CmdGuardClone, 0, "<Facility-Code> <Card Number>  clone Guardall tag"},
-//	{"sim",		CmdGuardSim,   0, "<Facility-Code> <Card Number>  simulate Guardall tag"},
+	{"clone",	CmdGuardClone, 0, "<Facility-Code> <Card Number>  clone Guardall tag"},
+	{"sim",		CmdGuardSim,   0, "<Facility-Code> <Card Number>  simulate Guardall tag"},
     {NULL, NULL, 0, NULL}
 };