X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/d34a0b0cc7034ecca76a7331854db44f07a60da7..7d159efe40eb000840e5dbc2274ff8d39f81cbc8:/client/cmdlfnedap.c diff --git a/client/cmdlfnedap.c b/client/cmdlfnedap.c index 048c5eea..0c56c8e2 100644 --- a/client/cmdlfnedap.c +++ b/client/cmdlfnedap.c @@ -14,12 +14,13 @@ static int CmdHelp(const char *Cmd); int usage_lf_nedap_clone(void){ PrintAndLog("clone a NEDAP tag to a T55x7 tag."); PrintAndLog(""); - PrintAndLog("Usage: lf nedap clone "); - PrintAndLog("Options :"); - PrintAndLog(" : 24-bit value card number"); -// PrintAndLog(" Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip"); + PrintAndLog("Usage: lf nedap clone [h] "); + PrintAndLog("Options:"); + PrintAndLog(" h : This help"); + PrintAndLog(" : 24-bit value card number"); +// PrintAndLog(" Q5 : optional - clone to Q5 (T5555) instead of T55x7 chip"); PrintAndLog(""); - PrintAndLog("Sample : lf nedap clone 112233"); + PrintAndLog("Sample: lf nedap clone 112233"); return 0; } @@ -27,11 +28,12 @@ int usage_lf_nedap_sim(void) { PrintAndLog("Enables simulation of NEDAP card with specified card number."); PrintAndLog("Simulation runs until the button is pressed or another USB command is issued."); PrintAndLog(""); - PrintAndLog("Usage: lf nedap sim "); - PrintAndLog("Options :"); - PrintAndLog(" : 24-bit value card number"); + PrintAndLog("Usage: lf nedap sim [h] "); + PrintAndLog("Options:"); + PrintAndLog(" h : This help"); + PrintAndLog(" : 24-bit value card number"); PrintAndLog(""); - PrintAndLog("Sample : lf nedap sim 112233"); + PrintAndLog("Sample: lf nedap sim 112233"); return 0; } @@ -54,7 +56,7 @@ int GetNedapBits(uint32_t cn, uint8_t *nedapBits) { //----from this part, the UID in clear text, with a 1bit ZERO as separator between bytes. pre[64] = 0; - // cardnumber + // cardnumber (uid) num_to_bytebits(cn, 24, pre+64); pre[73] = 0; @@ -66,36 +68,37 @@ int GetNedapBits(uint32_t cn, uint8_t *nedapBits) { // add paritybits (bitsource, dest, sourcelen, paritylen, parityType (odd, even,) addParity(pre+64, pre+64, 128, 8, 1); + //1111111110001011010000010110100011001001000010110101001101011001000110011010010000000000100001110001001000000001000101011100111 return 1; } +/* + - UID: 001630 + - i: 4071 + - Checksum2 BE21 +*/ +//GetParity( uint8_t *bits, uint8_t type, int length) -//NEDAP demod - ASK/Biphase, RF/64 with preamble of 1111111110 (always a 128 bit data stream) +//NEDAP demod - ASK/Biphase (or Diphase), RF/64 with preamble of 1111111110 (always a 128 bit data stream) //print NEDAP Prox ID, encoding, encrypted ID, -int CmdFSKdemodNedap(const char *Cmd) { - //raw ask demod no start bit finding just get binary from wave - uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; - size_t size = getFromGraphBuf(BitStream); - if (size==0) return 0; - //get binary from ask wave - if (!ASKbiphaseDemod("0 64 1 0", FALSE)) { +int CmdLFNedapDemod(const char *Cmd) { + //raw ask demod no start bit finding just get binary from wave + if (!ASKbiphaseDemod("0 64 0 0", FALSE)) { if (g_debugMode) PrintAndLog("Error NEDAP: ASKbiphaseDemod failed"); return 0; } - - size = DemodBufferLen; - - int idx = NedapDemod(BitStream, &size); + size_t size = DemodBufferLen; + int idx = NedapDemod(DemodBuffer, &size); if (idx < 0){ if (g_debugMode){ - if (idx == -5) - PrintAndLog("DEBUG: Error - not enough samples"); - else if (idx == -1) - PrintAndLog("DEBUG: Error - only noise found"); - else if (idx == -2) - PrintAndLog("DEBUG: Error - problem during ASK/Biphase demod"); - else if (idx == -3) + // if (idx == -5) + // PrintAndLog("DEBUG: Error - not enough samples"); + // else if (idx == -1) + // PrintAndLog("DEBUG: Error - only noise found"); + // else if (idx == -2) + // PrintAndLog("DEBUG: Error - problem during ASK/Biphase demod"); + if (idx == -3) PrintAndLog("DEBUG: Error - Size not correct: %d", size); else if (idx == -4) PrintAndLog("DEBUG: Error - NEDAP preamble not found"); @@ -105,41 +108,102 @@ int CmdFSKdemodNedap(const char *Cmd) { return 0; } -/* Index map -0 10 20 30 40 50 64 -| | | | | | | - preamble enc tag type encrypted uid d 33 d 90 p 04 d 71 d 40 d 45 d E7 P -1111111110 00101101000001011 0100011001001000010110101001101011001 0 00110011 0 10010000 0 00000100 0 01110001 0 01000000 0 01000101 0 11100111 1 - uid2 uid1 uid0 I I R R +/* Index map E E + preamble enc tag type encrypted uid P d 33 d 90 d 04 d 71 d 40 d 45 d E7 P + 1111111110 00101101000001011010001100100100001011010100110101100 1 0 00110011 0 10010000 0 00000100 0 01110001 0 01000000 0 01000101 0 11100111 1 + uid2 uid1 uid0 I I R R + 1111111110 00101101000001011010001100100100001011010100110101100 1 + + 0 00110011 + 0 10010000 + 0 00000100 + 0 01110001 + 0 01000000 + 0 01000101 + 0 11100111 + 1 + Tag ID is 049033 I = Identical on all tags R = Random ? UID2, UID1, UID0 == card number -*/ +*/ //get raw ID before removing parities - uint32_t rawLo = bytebits_to_byte(BitStream+idx+96,32); - uint32_t rawHi = bytebits_to_byte(BitStream+idx+64,32); - uint32_t rawHi2 = bytebits_to_byte(BitStream+idx+32,32); - uint32_t rawHi3 = bytebits_to_byte(BitStream+idx,32); - setDemodBuf(BitStream,128,idx); + uint32_t raw[4] = {0,0,0,0}; + raw[0] = bytebits_to_byte(DemodBuffer+idx+96,32); + raw[1] = bytebits_to_byte(DemodBuffer+idx+64,32); + raw[2] = bytebits_to_byte(DemodBuffer+idx+32,32); + raw[3] = bytebits_to_byte(DemodBuffer+idx,32); + setDemodBuf(DemodBuffer,128,idx); + + uint8_t firstParity = GetParity( DemodBuffer, EVEN, 63); + if ( firstParity != DemodBuffer[63] ) { + PrintAndLog("1st 64bit parity check failed: %d|%d ", DemodBuffer[63], firstParity); + return 0; + } + + uint8_t secondParity = GetParity( DemodBuffer+64, EVEN, 63); + if ( secondParity != DemodBuffer[127] ) { + PrintAndLog("2st 64bit parity check failed: %d|%d ", DemodBuffer[127], secondParity); + return 0; + } // ok valid card found! - uint32_t cardnum = bytebits_to_byte(BitStream+81, 16); - PrintAndLog("NEDAP ID Found - Card: %d - Raw: %08x%08x%08x%08x", cardnum, rawHi3, rawHi2, rawHi, rawLo); + uint32_t uid = 0; + uid = bytebits_to_byte(DemodBuffer+65, 8); + uid |= bytebits_to_byte(DemodBuffer+74, 8) << 8; + uid |= bytebits_to_byte(DemodBuffer+83, 8) << 16; + + uint16_t two = 0; + two = bytebits_to_byte(DemodBuffer+92, 8); + two |= bytebits_to_byte(DemodBuffer+101, 8) << 8; + uint16_t chksum2 = 0; + chksum2 = bytebits_to_byte(DemodBuffer+110, 8); + chksum2 |= bytebits_to_byte(DemodBuffer+119, 8) << 8; + + PrintAndLog("NEDAP ID Found - Raw: %08x%08x%08x%08x", raw[3], raw[2], raw[1], raw[0]); + PrintAndLog(" - UID: %06X", uid); + PrintAndLog(" - i: %04X", two); + PrintAndLog(" - Checksum2 %04X", chksum2); + if (g_debugMode){ PrintAndLog("DEBUG: idx: %d, Len: %d, Printing Demod Buffer:", idx, 128); printDemodBuff(); + PrintAndLog("BIN:\n%s", sprint_bin_break( DemodBuffer, 128, 64) ); } + return 1; } +/* +configuration +lf t55xx wr b 0 d 00170082 + +1) uid 049033 +lf t55 wr b 1 d FF8B4168 +lf t55 wr b 2 d C90B5359 +lf t55 wr b 3 d 19A40087 +lf t55 wr b 4 d 120115CF + +2) uid 001630 +lf t55 wr b 1 d FF8B6B20 +lf t55 wr b 2 d F19B84A3 +lf t55 wr b 3 d 18058007 +lf t55 wr b 4 d 1200857C + +3) uid 39feff +lf t55xx wr b 1 d ffbfa73e +lf t55xx wr b 2 d 4c0003ff +lf t55xx wr b 3 d ffbfa73e +lf t55xx wr b 4 d 4c0003ff +*/ int CmdLFNedapRead(const char *Cmd) { CmdLFRead("s"); getSamples("30000",false); - return CmdFSKdemodNedap(""); + return CmdLFNedapDemod(""); } /* int CmdLFNedapClone(const char *Cmd) { @@ -167,6 +231,7 @@ int CmdLFNedapClone(const char *Cmd) { blocks[0] = T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 4<>1; + + PrintAndLog("Input: [%d] %s", len, sprint_hex(data, len)); + + //uint8_t last = GetParity(data, EVEN, 62); + //PrintAndLog("TEST PARITY:: %d | %d ", DemodBuffer[62], last); + + uint8_t cl = 0x1D, ch = 0x1D, carry = 0; + uint8_t al, bl, temp; + + for (int i = 0; i < len; ++i){ + al = data[i]; + for (int j = 8; j > 0; --j) { + + bl = al ^ ch; + //printf("BL %02x | CH %02x \n", al, ch); + + carry = (cl & 0x80) ? 1 : 0; + cl <<= 1; + + temp = (ch & 0x80) ? 1 : 0; + ch = (ch << 1) | carry; + carry = temp; + + carry = (al & 0x80) ? 1 : 0; + al <<= 1; + + carry = (bl & 0x80) ? 1 : 0; + bl <<= 1; + + if (carry) { + cl ^= 0x21; + ch ^= 0x10; + } + } + } + + PrintAndLog("Nedap checksum: [ 0x21, 0xBE ] %x", ((ch << 8) | cl) ); + return 0; +} + + static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, - {"read", CmdLFNedapRead, 0, "Attempt to read and extract tag data"}, -// {"clone", CmdLFNedapClone, 0, " clone nedap tag"}, - {"sim", CmdLFNedapSim, 0, " simulate nedap tag"}, + {"read", CmdLFNedapRead, 0, "Attempt to read and extract tag data"}, +// {"clone", CmdLFNedapClone,0, " clone nedap tag"}, + {"sim", CmdLFNedapSim, 0, " simulate nedap tag"}, + {"chk", CmdLFNedapChk, 1, "Calculate Nedap Checksum "}, {NULL, NULL, 0, NULL} };