// Intializes random number generator
time_t t;
srand((unsigned) time(&t));
-
- uint8_t pre[96];
- memset(pre, 0x00, sizeof(pre));
-
- uint8_t index = 8;
+ //uint8_t xorKey = rand() % 0xFF;
+ uint8_t xorKey = 0x6b;
+ uint8_t i;
- // preamble 6bits
- pre[0] = 1;
- pre[1] = 1;
- pre[2] = 1;
- pre[3] = 1;
- pre[4] = 1;
- //pre[5] = 0;
-
- // add xor key
- uint8_t xorKey = rand() % 0xFF;
- num_to_bytebits(xorKey, 8, pre+index);
- index += 8;
- // add format length
- // len | hex | bin wiegand pos fc/cn
- // 26 | 1A | 0001 1010
- num_to_bytebits(26, 8, pre+index);
- // 36 | 24 | 0010 0100
- //num_to_bytebits(36, 8, pre+index);
- // 40 | 28 | 0010 1000
- //num_to_bytebits(40, 8, pre+index);
+ uint8_t pre[96];
+ memset(pre, 0x00, sizeof(pre));
- index += 8;
-
- // 2bit checksum
- // unknown today.
- index += 2;
-
// Get 26 wiegand from FacilityCode, CardNumber
uint8_t wiegand[24];
memset(wiegand, 0x00, sizeof(wiegand));
num_to_bytebits(cn, 16, wiegand+8);
// add wiegand parity bits (dest, source, len)
- wiegand_add_parity(pre+index, wiegand, 24);
-
- uint8_t tmp = 0, i = 0;
- for (i = 2; i < 12; ++i) {
- // // xor all bytes
- // tmp = xorKey ^ bytebits_to_byte(pre + (i*8), 8);
-
- // // copy to out..
- // num_to_bytebits(tmp, 8, pre + (i*8) );
- }
+ wiegand_add_parity(pre, wiegand, 24);
- // add spacer bit 0 every 5
+ // lets start. 12bytes of data to be produced.
+ uint8_t rawbytes[12];
+ memset(rawbytes, 0x00, sizeof(rawbytes));
+
+ // xor key
+ rawbytes[0] = xorKey;
+
+ // add format length (decimal)
+ // len | hex | bin
+ // 26 | 1A | 0001 1010
+ rawbytes[1] = (26 << 2);
+ // 36 | 24 | 0010 0100
+ //rawbytes[1] = (36 << 2);
+ // 40 | 28 | 0010 1000
+ //rawbytes[1] = (40 << 2);
+
+ // 2bit checksum, unknown today,
+ // these two bits are the last ones of rawbyte[1], hence the LSHIFT above.
+ rawbytes[2] = 1;
+ rawbytes[3] = 0;
- // swap nibbles
+ // add wiegand to rawbytes
+ for (i = 0; i < 4; ++i)
+ rawbytes[i+4] = bytebits_to_byte( pre + (i*8), 8);
+ if (g_debugMode) printf(" WIE | %s\n", sprint_hex(rawbytes, sizeof(rawbytes)));
- // copy to outarray
- memcpy(guardBits, pre, sizeof(pre));
+ // NIBBLE_SWAP (works on all data)
+ // for (i = 0; i < 12; ++i)
+ // rawbytes[i] = SWAP_NIBBLE( rawbytes[i] );
+
+ // printf("SWAP | %s\n", sprint_hex(rawbytes, sizeof(rawbytes)));
- printf(" | %s\n", sprint_bin(guardBits, 96) );
+ // XOR (only works on wiegand stuff)
+ for (i = 1; i < 12; ++i)
+ rawbytes[i] ^= xorKey ;
+
+ if (g_debugMode) printf(" XOR | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+
+ // convert rawbytes to bits in pre
+ for (i = 0; i < 12; ++i)
+ num_to_bytebitsLSBF( rawbytes[i], 8, pre + (i*8));
+
+ if (g_debugMode) printf("\n Raw | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+ if (g_debugMode) printf(" Raw | %s\n", sprint_bin(pre, 64) );
+
+ // add spacer bit 0 every 4 bits, starting with index 0,
+ // 12 bytes, 24 nibbles. 24+1 extra bites. 3bytes. Ie 9bytes | 1byte xorkey, 8bytes rawdata (64bits, should be enough for a 40bit wiegand)
+ addParity(pre, guardBits+6, 64, 5, 3);
+
+ // preamble
+ guardBits[0] = 1;
+ guardBits[1] = 1;
+ guardBits[2] = 1;
+ guardBits[3] = 1;
+ guardBits[4] = 1;
+ guardBits[5] = 0;
+/* 6 B
+PRE | 0110 1101 0101 1110 0001 1101 1101 0111 1101011011010110110101101101011
+FIN | 111110 0 0110 0 1101 0 0101 0 1110 0 0001 0 1101 0 1101 0 0111 0 110100110011010011001101001100110100110000000000
+*/
+
+ if (g_debugMode) printf(" FIN | %s\n", sprint_bin(guardBits, 96) );
return 1;
}
for ( i = 0; i<4; ++i )
PrintAndLog(" %02d | %08x", i, blocks[i]);
- // UsbCommand resp;
- // UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
-
- // for ( i = 0; i<5; ++i ) {
- // c.arg[0] = blocks[i];
- // c.arg[1] = i;
- // clearCommandBuffer();
- // SendCommand(&c);
- // if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
- // PrintAndLog("Error occurred, device did not respond during write operation.");
- // return -1;
- // }
- // }
+ UsbCommand resp;
+ UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
+
+ for ( i = 0; i<4; ++i ) {
+ c.arg[0] = blocks[i];
+ c.arg[1] = i;
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
+ PrintAndLog("Error occurred, device did not respond during write operation.");
+ return -1;
+ }
+ }
return 0;
}
static command_t CommandTable[] = {
{"help", CmdHelp, 1, "This help"},
{"read", CmdGuardRead, 0, "Attempt to read and extract tag data"},
-// {"clone", CmdGuardClone, 0, "<Facility-Code> <Card Number> clone Guardall tag"},
+ {"clone", CmdGuardClone, 0, "<Facility-Code> <Card Number> clone Guardall tag"},
// {"sim", CmdGuardSim, 0, "<Facility-Code> <Card Number> simulate Guardall tag"},
{NULL, NULL, 0, NULL}
};
printf("%02x ", data[i]);
printf("\n");
}
+
void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) {
int rownum = 0;
sprintf(tmp, "%s| %s", sprint_hex(data, max_len) , data);
return buf;
}
+
void num_to_bytes(uint64_t n, size_t len, uint8_t* dest)
{
while (len--) {
return num;
}
-void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest) {
+// takes a number (uint64_t) and creates a binarray in dest.
+void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest) {
while (len--) {
dest[len] = n & 1;
n >>= 1;
}
}
+//least significant bit first
+void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest)
+{
+ for(int i = 0 ; i < len ; ++i) {
+ dest[i] = n & 1;
+ n >>= 1;
+ }
+}
+
// aa,bb,cc,dd,ee,ff,gg,hh, ii,jj,kk,ll,mm,nn,oo,pp
// to
return tmp;
}
+// takes a uint8_t src array, for len items and reverses the byte order in blocksizes (8,16,32,64),
+// returns: the dest array contains the reordered src array.
void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest){
for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
for (size_t i = 0; i < blockSize; i++){
}
}
-
// -------------------------------------------------------------------------
// string parameters lib
// -------------------------------------------------------------------------
*(target)= GetParity(source + length / 2, ODD, length / 2);
}
+// xor two arrays together for len items. The dst array contains the new xored values.
void xor(unsigned char * dst, unsigned char * src, size_t len) {
for( ; len > 0; len--,dst++,src++)
*dst ^= *src;
return (data[2] << 16) | (data[1] << 8) | data[0];
}
+// Pack a bitarray into a uint32_t.
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits) {
if (len > 32) return 0;
data[len-1] = first;
}
+// Swap bit order on a uint32_t value. Can be limited by nrbits just use say 8bits reversal
uint32_t SwapBits(uint32_t value, int nrbits) {
uint32_t newvalue = 0;
for(int i = 0; i < nrbits; i++) {
// by marshmellow
// takes a array of binary values, length of bits per parity (includes parity bit),
-// Parity Type (1 for odd; 0 for even; 2 Always 1's), and binary Length (length to run)
+// Parity Type (1 for odd; 0 for even; 2 Always 1's; 3 Always 0's), and binary Length (length to run)
size_t addParity(uint8_t *BitSource, uint8_t *dest, uint8_t sourceLen, uint8_t pLen, uint8_t pType)
{
uint32_t parityWd = 0;
parityWd = (parityWd << 1) | BitSource[word+bit];
dest[j++] = (BitSource[word+bit]);
}
+
// if parity fails then return 0
- if (pType == 2) { // then marker bit which should be a 1
- dest[j++]=1;
- } else {
- dest[j++] = parityTest(parityWd, pLen-1, pType) ^ 1;
+ switch (pType) {
+ case 3: dest[j++]=0; break; // marker bit which should be a 0
+ case 2: dest[j++]=1; break; // marker bit which should be a 1
+ default:
+ dest[j++] = parityTest(parityWd, pLen-1, pType) ^ 1;
+ break;
}
+
bitCnt += pLen;
parityWd = 0;
}
uint32_t bytebits_to_byte(uint8_t *src, size_t numbits)
{
uint32_t num = 0;
- for(int i = 0 ; i < numbits ; i++)
- {
+ for(int i = 0 ; i < numbits ; i++) {
num = (num << 1) | (*src);
src++;
}
projects / proxmark3-svn / commitdiff