ADD: latest pwpiwi & holiman changes.
if (data[index] == 0x31 || data[index] == 0x30) {
// enter the set (skip tag + length)
index += 2;
- // extended length
+ // check for extended length
if ((data[index - 1] & 0x80) != 0) {
- index += (data[index] & 0x7F);
+ index += (data[index-1] & 0x7F);
}
}
// OID
//-----------------------------------------------------------------------------
int EPA_Setup()
{
- // return code
- //int return_code = 0;
-
- // card UID
- //uint8_t uid[10] = {0x00};
-
+
+ int return_code = 0;
+ uint8_t uid[10];
+ uint8_t pps_response[3];
+ uint8_t pps_response_par[1];
+ iso14a_card_select_t card_select_info;
+
// power up the field
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
- iso14a_clear_trace();
- iso14a_set_tracing(TRUE);
- iso14a_set_timeout(10500);
- // card select information
- byte_t cardbuf[USB_CMD_DATA_SIZE];
- memset(cardbuf,0,USB_CMD_DATA_SIZE);
- iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
+ iso14a_set_timeout(10500);
// select the card
- // if (!iso14443a_select_card(uid, &card_info, NULL)) {
- // Dbprintf("Epa: Can't select card");
- // return -1;
- // }
-
- uint8_t wupa[] = { 0x26 }; // 0x26 - REQA 0x52 - WAKE-UP
- uint8_t sel_all[] = { 0x93,0x20 };
- uint8_t sel_uid[] = { 0x93,0x70,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- uint8_t rats[] = { 0xE0,0x81,0x00,0x00 }; // FSD=256, FSDI=8, CID=1
-
- uint8_t *resp = ((uint8_t *)BigBuf) + RECV_RESP_OFFSET;
- uint8_t *resp_par = ((uint8_t *)BigBuf) + RECV_RESP_PAR_OFFSET;
-
- byte_t uid_resp[4];
- size_t uid_resp_len = 4;
-
- uint8_t sak = 0x04; // cascade uid
- int len;
-
- // Broadcast for a card, WUPA (0x52) will force response from all cards in the field
- ReaderTransmitBitsPar(wupa,7,0, NULL);
-
- // Receive the ATQA
- if(!ReaderReceive(resp, resp_par)) return -1;
-
- // SELECT_ALL
- ReaderTransmit(sel_all,sizeof(sel_all), NULL);
- if (!ReaderReceive(resp, resp_par)) return -1;
-
- // uid response from tag
- memcpy(uid_resp,resp,uid_resp_len);
-
- // Construct SELECT UID command
- // transmitting a full UID (1 Byte cmd, 1 Byte NVB, 4 Byte UID, 1 Byte BCC, 2 Bytes CRC)
- memcpy(sel_uid+2,uid_resp,4); // the UID
- sel_uid[6] = sel_uid[2] ^ sel_uid[3] ^ sel_uid[4] ^ sel_uid[5]; // calculate and add BCC
- AppendCrc14443a(sel_uid,7); // calculate and add CRC
- ReaderTransmit(sel_uid,sizeof(sel_uid), NULL);
-
- // Receive the SAK
- if (!ReaderReceive(resp, resp_par)) return -1;
- sak = resp[0];
-
- // Request for answer to select
- AppendCrc14443a(rats, 2);
- ReaderTransmit(rats, sizeof(rats), NULL);
-
- if ( !(len = ReaderReceive(resp, resp_par) )) return -1;
+ return_code = iso14443a_select_card(uid, &card_select_info, NULL);
+ if (return_code != 1) {
+ Dbprintf("Epa: Can't select card");
+ return 1;
+ }
- // populate the collected data.
- memcpy( card->uid, uid_resp, uid_resp_len);
- card->uidlen += uid_resp_len;
- card->sak = sak;
- card->ats_len = len;
- memcpy(card->ats, resp, sizeof(card->ats));
-
-
// send the PPS request
- // ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
- // uint8_t pps_response[3];
- // uint8_t pps_response_par[1];
- // return_code = ReaderReceive(pps_response,pps_response_par);
- // if (return_code != 3 || pps_response[0] != 0xD0) {
- // return return_code == 0 ? 2 : return_code;
- // }
+ ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL);
+ return_code = ReaderReceive(pps_response, pps_response_par);
+ if (return_code != 3 || pps_response[0] != 0xD0) {
+ return return_code == 0 ? 2 : return_code;
+ }
- return -1;
+ return 0;
}
\ No newline at end of file
case RHT2F_CRYPTO: {
DbpString("Authenticating using key:");
- memcpy(key,htd->crypto.key,6);
+ memcpy(key,htd->crypto.key,6); // 4 or 6 ??
Dbhexdump(6,key,false);
blocknr = 0;
bQuiet = false;
// Tag response does not need to be a complete byte!
if(Demod.len > 0 || Demod.bitCount > 0) {
if(Demod.bitCount > 1) { // was > 0, do not interpret last closing bit, is part of EOF
- Demod.shiftReg >>= (9 - Demod.bitCount); // rright align data
+ Demod.shiftReg >>= (9 - Demod.bitCount); // right align data
Demod.output[Demod.len] = Demod.shiftReg & 0xff;
Demod.len++;
}
respsize = 0;
if (breakAfterMacReceived){
// dbprintf:ing ...
- Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x",csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]);
+ Dbprintf("CSN: %02x %02x %02x %02x %02x %02x %02x %02x"
+ ,csn[0],csn[1],csn[2],csn[3],csn[4],csn[5],csn[6],csn[7]);
Dbprintf("RDR: (len=%02d): %02x %02x %02x %02x %02x %02x %02x %02x %02x",len,
receivedCmd[0], receivedCmd[1], receivedCmd[2],
receivedCmd[3], receivedCmd[4], receivedCmd[5],
FpgaSetupSsc();
if (wait)
- if(*wait < 10)
- *wait = 10;
+ {
+ if(*wait < 10) *wait = 10;
for(c = 0; c < *wait;) {
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
WDT_HIT();
}
+ }
+
+
uint8_t sendbyte;
bool firstpart = TRUE;
c = 0;
// only, since we are receiving, not transmitting).
// Signal field is off with the appropriate LED
LED_D_OFF();
- FpgaWriteConfWord(
- FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
// Now run a `software UART' on the stream of incoming samples.
if (Uart.state == STATE_UNSYNCD) { // not yet synced
if (Uart.highCnt < 7) { // wait for a stable unmodulated signal
- if (Uart.twoBits == 0xffff)
+ if (Uart.twoBits == 0xffff) {
Uart.highCnt++;
- else
+ } else {
Uart.highCnt = 0;
+ }
} else {
Uart.syncBit = 0xFFFF; // not set
// look for 00xx1111 (the start bit)
bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_StartTime, uint32_t reader_EndTime, uint8_t *reader_Parity,
uint8_t *tag_data, uint16_t tag_len, uint32_t tag_StartTime, uint32_t tag_EndTime, uint8_t *tag_Parity)
{
- if (!tracing) return true;
-
+ if (tracing) {
// we cannot exactly measure the end and start of a received command from reader. However we know that the delay from
// end of the received command to start of the tag's (simulated by us) answer is n*128+20 or n*128+84 resp.
// with n >= 9. The start of the tags answer can be measured and therefore the end of the received command be calculated:
reader_StartTime = reader_EndTime - reader_modlen;
if (!LogTrace(reader_data, reader_len, reader_StartTime, reader_EndTime, reader_Parity, TRUE)) {
return FALSE;
- } else
- return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
+ } else return(!LogTrace(tag_data, tag_len, tag_StartTime, tag_EndTime, tag_Parity, FALSE));
+ } else {
+ return TRUE;
+ }
}
//-----------------------------------------------------------------------------
int ReaderReceive(uint8_t *receivedAnswer, uint8_t *parity)
{
if (!GetIso14443aAnswerFromTag(receivedAnswer, parity, 0)) return FALSE;
-
if (tracing) {
LogTrace(receivedAnswer, Demod.len, Demod.startTime*16 - DELAY_AIR2ARM_AS_READER, Demod.endTime*16 - DELAY_AIR2ARM_AS_READER, parity, FALSE);
}
* fills the uid pointer unless NULL
* fills resp_data unless NULL */
int iso14443a_select_card(byte_t* uid_ptr, iso14a_card_select_t* p_hi14a_card, uint32_t* cuid_ptr) {
- //uint8_t halt[] = { 0x50 }; // HALT
+ //uint8_t halt[] = { 0x50, 0x00, 0x57, 0xCD }; // HALT
uint8_t wupa[] = { 0x52 }; // WAKE-UP
//uint8_t reqa[] = { 0x26 }; // REQUEST A
uint8_t sel_all[] = { 0x93,0x20 };
// test for the SKYLANDERS TOY.
//ReaderTransmit(halt,sizeof(halt), NULL);
+ //len = ReaderReceive(resp, resp_par);
// Broadcast for a card, WUPA (0x52) will force response from all cards in the field
ReaderTransmitBitsPar(wupa,7,0, NULL);
// Receive the SAK
if (!ReaderReceive(resp, resp_par)) return 0;
sak = resp[0];
-
// Test if more parts of the uid are coming
if ((sak & 0x04) /* && uid_resp[0] == 0x88 */) {
AppendCrc14443a(rats, 2);
ReaderTransmit(rats, sizeof(rats), NULL);
- if (!(len = ReaderReceive(resp, resp_par))) return 2;
+ len = ReaderReceive(resp, resp_par);
+ if(!len) return 0;
if(p_hi14a_card) {
memcpy(p_hi14a_card->ats, resp, sizeof(p_hi14a_card->ats));
continue;
}
//if lastval was 1, we have a 1->0 crossing
- if ( dest[idx-1]==1 ) {
+ if ( dest[idx-1] ) {
n=(n+1) / h2l_crossing_value;
} else {// 0->1 crossing
n=(n+1) / l2h_crossing_value;
size = fsk_demod(dest, FREE_BUFFER_SIZE);
// we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
- // 1->0 : fc/8 in sets of 6
- // 0->1 : fc/10 in sets of 5
+ // 1->0 : fc/8 in sets of 6 (RF/50 / 8 = 6.25)
+ // 0->1 : fc/10 in sets of 5 (RF/50 / 10= 5)
// do not invert
size = aggregate_bits(dest,size, 6,5,5,0);
+ WDT_HIT();
+
// final loop, go over previously decoded manchester data and decode into usable tag ID
// 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
uint8_t frame_marker_mask[] = {1,1,1,0,0,0};
{
if ( memcmp(dest+idx, frame_marker_mask, sizeof(frame_marker_mask)) == 0)
{
- if (hi2 != 0){
+ if (hi2 != 0){ //extra large HID tags
Dbprintf("TAG ID: %x%08x%08x (%d)",
(unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
}
- else {
- Dbprintf("TAG ID: %x%08x (%d)",
- (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ else { //standard HID tags <38 bits
+ //Dbprintf("TAG ID: %x%08x (%d)",(unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF); //old print cmd
+ uint8_t bitlen = 0;
+ uint32_t fc = 0;
+ uint32_t cardnum = 0;
+ if (((hi>>5)&1)==1){//if bit 38 is set then < 37 bit format is used
+ uint32_t lo2=0;
+ lo2=(((hi & 31) << 12) | (lo>>20)); //get bits 21-37 to check for format len bit
+ uint8_t idx3 = 1;
+ while(lo2>1){ //find last bit set to 1 (format len bit)
+ lo2=lo2>>1;
+ idx3++;
+ }
+ bitlen =idx3+19;
+ fc =0;
+ cardnum=0;
+ if(bitlen==26){
+ cardnum = (lo>>1)&0xFFFF;
+ fc = (lo>>17)&0xFF;
+ }
+ if(bitlen==37){
+ cardnum = (lo>>1)&0x7FFFF;
+ fc = ((hi&0xF)<<12)|(lo>>20);
+ }
+ if(bitlen==34){
+ cardnum = (lo>>1)&0xFFFF;
+ fc= ((hi&1)<<15)|(lo>>17);
+ }
+ if(bitlen==35){
+ cardnum = (lo>>1)&0xFFFFF;
+ fc = ((hi&1)<<11)|(lo>>21);
+ }
+ }
+ else { //if bit 38 is not set then 37 bit format is used
+ bitlen= 37;
+ fc =0;
+ cardnum=0;
+ if(bitlen==37){
+ cardnum = (lo>>1)&0x7FFFF;
+ fc = ((hi&0xF)<<12)|(lo>>20);
+ }
+ }
+ //Dbprintf("TAG ID: %x%08x (%d)",
+ // (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ Dbprintf("TAG ID: %x%08x (%d) - Format Len: %dbit - FC: %d - Card: %d",
+ (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF,
+ (unsigned int) bitlen, (unsigned int) fc, (unsigned int) cardnum);
+ }
+ if (findone){
+ if (ledcontrol) LED_A_OFF();
+ return;
}
}
}
-
// reset
hi2 = hi = lo = 0;
numshifts = 0;
void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
{
- uint8_t *dest = get_bigbufptr_recvrespbuf();
-
+ uint8_t *dest = (uint8_t *)BigBuf;
size_t size=0, idx=0;
uint32_t code=0, code2=0;
uint8_t isFinish = 0;
if (ledcontrol) LED_A_ON();
DoAcquisition125k_internal(-1,true);
+ size = sizeof(BigBuf);
// FSK demodulator
- size = fsk_demod(dest, FREE_BUFFER_SIZE);
-
+ size = fsk_demod(dest, size);
// we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
- // 1->0 : fc/8 in sets of 7
- // 0->1 : fc/10 in sets of 6
+ // 1->0 : fc/8 in sets of 7 (RF/64 / 8 = 8)
+ // 0->1 : fc/10 in sets of 6 (RF/64 / 10 = 6.4)
size = aggregate_bits(dest, size, 7,6,13,1); //13 max Consecutive should be ok as most 0s in row should be 10 for init seq - invert bits
//Index map
block_done = 0;
half_switch = 0;
}
+ if(i < GraphTraceLen)
+ {
if (GraphBuffer[i-1] > GraphBuffer[i]) dir=0;
else dir = 1;
}
+ }
if(bitidx==255)
bitidx=0;
warnings = 0;
#include "../common/crc.h"\r
\r
//-----------------------------------------------------------------------------\r
-// Select, Authenticaate, Read an MIFARE tag. \r
+// Select, Authenticate, Read a MIFARE tag. \r
// read block\r
//-----------------------------------------------------------------------------\r
void MifareReadBlock(uint8_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain)\r
\r
void MifareUReadCard(uint8_t arg0, int arg1, uint8_t *datain)\r
{\r
- // params\r
- uint8_t sectorNo = arg0;\r
- int Pages=arg1;\r
+ // params\r
+ uint8_t sectorNo = arg0;\r
+ int Pages=arg1;\r
int count_Pages=0;\r
- // variables\r
- byte_t isOK = 0;\r
- byte_t dataoutbuf[44 * 4];\r
- uint8_t uid[10];\r
- uint32_t cuid;\r
+ // variables\r
+ byte_t isOK = 0;\r
+ byte_t dataoutbuf[176];\r
+ uint8_t uid[10];\r
+ uint32_t cuid;\r
\r
- // clear trace\r
- iso14a_clear_trace();\r
+ // clear trace\r
+ iso14a_clear_trace();\r
\r
- iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
- LED_A_ON();\r
- LED_B_OFF();\r
- LED_C_OFF();\r
- Dbprintf("Pages %d",Pages);\r
+ LED_A_ON();\r
+ LED_B_OFF();\r
+ LED_C_OFF();\r
+ Dbprintf("Pages %d",Pages);\r
while (true) {\r
if(!iso14443a_select_card(uid, NULL, &cuid)) {\r
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");\r
isOK = 1;\r
break;\r
}\r
- Dbprintf("Pages read %d",count_Pages);\r
- if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");\r
+ Dbprintf("Pages read %d",count_Pages);\r
+ if (MF_DBGLEVEL >= 2) DbpString("READ CARD FINISHED");\r
\r
LED_B_ON();\r
if (Pages==16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,64);\r
if (Pages==44 && count_Pages>16) cmd_send(CMD_ACK,isOK,0,0,dataoutbuf,176);\r
LED_B_OFF();\r
\r
- // Thats it...\r
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
- LEDsoff();\r
+ // Thats it...\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LEDsoff();\r
\r
}\r
\r
cmd_send(CMD_ACK,isOK,0,0,datain + i * 6,6);\r
LED_B_OFF();\r
\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
\r
LED_B_OFF();\r
\r
if ((workFlags & 0x10) || (!isOK)) {\r
- // Thats it...\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
LEDsoff();\r
}\r
}
int len = DesfireAPDU(datain, datalen, resp);
- if (MF_DBGLEVEL >= 4) {
- print_result("ERR <--: ", resp, len);
- }
+ if (MF_DBGLEVEL >= 4) {
+ print_result("ERR <--: ", resp, len);
+ }
if ( !len ) {
OnError();
// card select - information
iso14a_card_select_t *card = (iso14a_card_select_t*)cardbuf;
byte_t isOK = iso14443a_select_card(NULL, card, NULL);
- if (isOK != 1) {
+ if ( isOK == 0) {
if (MF_DBGLEVEL >= 1) {
Dbprintf("Can't select card");
}
// dataout = pointer to response data array
int DesfireAPDU(uint8_t *cmd, size_t cmd_len, uint8_t *dataout){
- uint32_t status = 0;
+ size_t len = 0;
size_t wrappedLen = 0;
uint8_t wCmd[USB_CMD_DATA_SIZE] = {0};
}
ReaderTransmit( wCmd, wrappedLen, NULL);
- status = ReaderReceive(resp, resp_par);
+ len = ReaderReceive(resp, resp_par);
- if( status == 0x00){
+ if( len == 0x00 ){
if (MF_DBGLEVEL >= 4) {
Dbprintf("fukked");
}
}
// if we received an I- or R(ACK)-Block with a block number equal to the
// current block number, toggle the current block number
- else if (status >= 4 // PCB+CID+CRC = 4 bytes
+ else if (len >= 4 // PCB+CID+CRC = 4 bytes
&& ((resp[0] & 0xC0) == 0 // I-Block
|| (resp[0] & 0xD0) == 0x80) // R-Block with ACK bit set to 0
&& (resp[0] & 0x01) == pcb_blocknum) // equal block numbers
{
pcb_blocknum ^= 1; //toggle next block
}
- // copy response to
- dataout = resp;
- return status;
+
+ memcpy(dataout, resp, len);
+ return len;
}
// CreateAPDU
{
uint8_t dcmd[8];
dcmd[0] = cmd;
- memcpy(dcmd+1,data,5);\r
-
+ dcmd[1] = data[0];\r
+ dcmd[2] = data[1];
+ dcmd[3] = data[2];\r
+ dcmd[4] = data[3];\r
+ dcmd[5] = data[4];\r
AppendCrc14443a(dcmd, 6);
ReaderTransmit(dcmd, sizeof(dcmd), NULL);
int len = ReaderReceive(answer, answer_parity);
// variables
uint16_t len, i; \r
uint32_t pos;\r
- uint8_t par[3] = {0x00};\r
+ uint8_t par[3] = {0}; // enough for 18 Bytes to send\r
byte_t res;\r
\r
uint8_t d_block[18], d_block_enc[18];\r
cmdhfdes.c \
cmdhw.c \
cmdlf.c \
+ cmdlfawid26.c \
cmdlfio.c \
cmdlfhid.c \
cmdlfem4x.c \
return 0;
}
- if (param == 'f') {
- ShowWaitCycles = true;
- }
+ ShowWaitCycles = (param == 'f');
// for the time being. Need better Bigbuf handling.
#define TRACE_SIZE 3000
PrintAndLog("Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer");
PrintAndLog("All times are in carrier periods (1/13.56Mhz)");
PrintAndLog("");
- PrintAndLog(" Start | End | Src | Data");
- PrintAndLog("-----------|-----------|-----|--------");
+ PrintAndLog(" Start | End | Src | Data (! denotes parity error) | CRC ");
+ PrintAndLog("-----------|-----------|-----|-----------------------------------------------------------------------");
uint16_t tracepos = 0;
uint16_t duration;
for (;;) {
- if(tracepos >= TRACE_SIZE) {
- break;
- }
+ if(tracepos >= TRACE_SIZE) break;
timestamp = *((uint32_t *)(trace + tracepos));
+
+ // Break and stick with current result if buffer was not completely full
+ if (timestamp == 0x44444444) break;
+
if(tracepos == 0) {
first_timestamp = timestamp;
}
+
tracepos += 4;
duration = *((uint16_t *)(trace + tracepos));
tracepos += 2;
data_len = *((uint16_t *)(trace + tracepos));
tracepos += 2;
+ isResponse = false;
if (data_len & 0x8000) {
data_len &= 0x7fff;
isResponse = true;
- } else {
- isResponse = false;
}
-
+
parity_len = (data_len-1)/8 + 1;
-
- if (tracepos + data_len + parity_len >= TRACE_SIZE) {
- break;
- }
+
+ if (tracepos + data_len + parity_len >= TRACE_SIZE) break;
uint8_t *frame = trace + tracepos;
tracepos += data_len;
uint8_t *parityBytes = trace + tracepos;
tracepos += parity_len;
-
- // Break and stick with current result if buffer was not completely full
- if (timestamp == 0x44444444) break;
-
- char line[1000] = "";
- int j;
- for (j = 0; j < data_len; j++) {
+
+ char line[16][110];
+ for (int j = 0; j < data_len; j++) {
int oddparity = 0x01;
int k;
uint8_t parityBits = parityBytes[j>>3];
if (isResponse && (oddparity != ((parityBits >> (7-(j&0x0007))) & 0x01))) {
- sprintf(line+(j*4), "%02x! ", frame[j]);
+ sprintf(line[j/16]+((j%16)*4), "%02x! ", frame[j]);
} else {
- sprintf(line+(j*4), "%02x ", frame[j]);
+ sprintf(line[j/16]+((j%16)*4), "%02x ", frame[j]);
}
}
-
- char crc[6] = "";
+
+ char crc[5] = {0x00};
if (data_len > 2) {
uint8_t b1, b2;
ComputeCrc14443(CRC_14443_A, frame, data_len-2, &b1, &b2);
if (b1 != frame[data_len-2] || b2 != frame[data_len-1]) {
- sprintf(crc, (isResponse & (data_len < 6)) ? "" : " !crc");
- } else {
- sprintf(crc, "");
- }
+ sprintf(crc, (isResponse & (data_len < 6)) ? "" : "!crc");
+ }
}
EndOfTransmissionTimestamp = timestamp + duration;
-
- PrintAndLog(" %9d | %9d | %s | %s %s",
- (timestamp - first_timestamp),
- (EndOfTransmissionTimestamp - first_timestamp),
- (isResponse ? "Tag" : "Rdr"),
- line,
- crc);
+ int num_lines = (data_len - 1)/16 + 1;
+
+ for (int j = 0; j < num_lines; j++) {
+ if (j == 0) {
+ PrintAndLog(" %9d | %9d | %s | %-64s| %s",
+ (timestamp - first_timestamp),
+ (EndOfTransmissionTimestamp - first_timestamp),
+ (isResponse ? "Tag" : "Rdr"),
+ line[j],
+ (j == num_lines-1)?crc:""
+ );
+ } else {
+ PrintAndLog(" | | | %-64s| %s",
+ line[j],
+ (j == num_lines-1)?crc:"");
+ }
+ }
bool next_isResponse = *((uint16_t *)(trace + tracepos + 6)) & 0x8000;
if (ShowWaitCycles && !isResponse && next_isResponse) {
uint32_t next_timestamp = *((uint32_t *)(trace + tracepos));
if (next_timestamp != 0x44444444) {
- PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d",
- (EndOfTransmissionTimestamp - first_timestamp),
- (next_timestamp - first_timestamp),
- " ",
- (next_timestamp - EndOfTransmissionTimestamp));
- }
+ PrintAndLog(" %9d | %9d | %s | fdt (Frame Delay Time): %d",
+ (EndOfTransmissionTimestamp - first_timestamp),
+ (next_timestamp - first_timestamp),
+ " ",
+ (next_timestamp - EndOfTransmissionTimestamp));
}
-
+ }
}
-
return 0;
}
int CmdHF14AReader(const char *Cmd)
{
- //UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
- UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT , 0, 0}};
+ UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
SendCommand(&c);
UsbCommand resp;
size_t nonce_length = resp.arg[1];
char *nonce = (char *) malloc(2 * nonce_length + 1);
for(int j = 0; j < nonce_length; j++) {
- snprintf(nonce + (2 * j), 3, "%02X", resp.d.asBytes[j]);
+ snprintf(nonce + (2 * j), "%02X", resp.d.asBytes[j]);
}
// print nonce
- PrintAndLog("Length: %d, Nonce: %s",resp.arg[1], nonce);
+ PrintAndLog("Length: %d, Nonce: %s", nonce_length, nonce);
}
if (i < n - 1) {
sleep(d);
return 1;
}
-// UI-related stuff
// UI-related stuff
static const command_t CommandTable[] =
UsbCommand c = {CMD_SIMULATE_TAG_ICLASS, {simType,NUM_CSNS}};
UsbCommand resp = {0};
+ /*uint8_t csns[8 * NUM_CSNS] = {
+ 0x00,0x0B,0x0F,0xFF,0xF7,0xFF,0x12,0xE0 ,
+ 0x00,0x13,0x94,0x7e,0x76,0xff,0x12,0xe0 ,
+ 0x2a,0x99,0xac,0x79,0xec,0xff,0x12,0xe0 ,
+ 0x17,0x12,0x01,0xfd,0xf7,0xff,0x12,0xe0 ,
+ 0xcd,0x56,0x01,0x7c,0x6f,0xff,0x12,0xe0 ,
+ 0x4b,0x5e,0x0b,0x72,0xef,0xff,0x12,0xe0 ,
+ 0x00,0x73,0xd8,0x75,0x58,0xff,0x12,0xe0 ,
+ 0x0c,0x90,0x32,0xf3,0x5d,0xff,0x12,0xe0 };
+*/
+
uint8_t csns[8*NUM_CSNS] = {
0x00, 0x0B, 0x0F, 0xFF, 0xF7, 0xFF, 0x12, 0xE0,
0x00, 0x04, 0x0E, 0x08, 0xF7, 0xFF, 0x12, 0xE0,
}
+ UsbCommand resp;
+ uint8_t key_sel[8] = {0};
+ uint8_t key_sel_p[8] = { 0 };
+
+ //HACK -- Below is for testing without access to a tag
+ uint8_t fake_dummy_test = false;
+ if(fake_dummy_test)
+ {
+ uint8_t xdata[16] = {0x01,0x02,0x03,0x04,0xF7,0xFF,0x12,0xE0, //CSN from http://www.proxmark.org/forum/viewtopic.php?pid=11230#p11230
+ 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; // Just a random CC. Would be good to add a real testcase here
+ memcpy(resp.d.asBytes,xdata, 16);
+ resp.arg[0] = 2;
+ }
+
+ //End hack
+
UsbCommand c = {CMD_READER_ICLASS, {0}};
c.arg[0] = FLAG_ICLASS_READER_ONLY_ONCE;
-
+ if(!fake_dummy_test)
SendCommand(&c);
- UsbCommand resp;
- uint8_t key_sel[8] = {0x00};
- uint8_t key_sel_p[8] = {0x00};
-
- if (WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
+
+
+ if (fake_dummy_test || WaitForResponseTimeout(CMD_ACK,&resp,4500)) {
uint8_t isOK = resp.arg[0] & 0xff;
uint8_t * data = resp.d.asBytes;
{
if(elite)
{
-
//Get the key index (hash1)
uint8_t key_index[8] = {0};
printvar("hash1", key_index,8);
for(i = 0; i < 8 ; i++)
key_sel[i] = keytable[key_index[i]] & 0xFF;
+ PrintAndLog("Pre-fortified 'permuted' HS key that would be needed by an iclass reader to talk to above CSN:");
printvar("k_sel", key_sel,8);
//Permute from iclass format to standard format
permutekey_rev(key_sel,key_sel_p);
used_key = KEY;
}
+
+ PrintAndLog("Pre-fortified key that would be needed by the OmniKey reader to talk to above CSN:");
printvar("Used key",used_key,8);
diversifyKey(CSN,used_key, div_key);
+ PrintAndLog("Hash0, a.k.a diversified key, that is computed using Ksel and stored in the card (Block 3):");
printvar("Div key", div_key, 8);
printvar("CC_NR:",CCNR,12);
doMAC(CCNR,12,div_key, MAC);
UsbCommand d = {CMD_READER_ICLASS_REPLAY, {readerType}};
memcpy(d.d.asBytes, MAC, 4);
- SendCommand(&d);
+ if(!fake_dummy_test) SendCommand(&d);
}else{
PrintAndLog("Failed to obtain CC! Aborting");
SendCommand(&c);\r
\r
//flush queue\r
- while (ukbhit()) getchar();\r
+ while (ukbhit()) getchar();\r
\r
// wait cycle\r
while (true) {\r
if (isOK != 1) return 1;\r
\r
// execute original function from util nonce2key\r
- if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key))\r
- {\r
+ if (nonce2key(uid, nt, nr, par_list, ks_list, &r_key)) {\r
isOK = 2;\r
PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt); \r
} else {\r
printf("------------------------------------------------------------------\n");\r
- PrintAndLog("Key found:%012"llx" \n", r_key);\r
+ PrintAndLog("Key found :%012"llx" \n", r_key);\r
\r
num_to_bytes(r_key, 6, keyBlock);\r
isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
}\r
+ \r
if (!isOK) \r
- PrintAndLog("Found valid key:%012"llx, r_key);\r
+ PrintAndLog("Found valid key :%012"llx, r_key);\r
else\r
{\r
if (isOK != 2) PrintAndLog("Found invalid key. "); \r
goto start;\r
}\r
\r
+ PrintAndLog("");\r
return 0;\r
}\r
\r
return 0;\r
}\r
\r
-/* dublett finns i CMDHFMFU.C \r
-int CmdHF14AMfUWrBl(const char *Cmd)\r
-{\r
- uint8_t blockNo = 0;\r
- bool chinese_card=0;\r
- uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};\r
- UsbCommand resp;\r
- \r
- if (strlen(Cmd)<3) {\r
- PrintAndLog("Usage: hf mf uwrbl <block number> <block data (8 hex symbols)> <w>");\r
- PrintAndLog(" sample: hf mf uwrbl 0 01020304");\r
- return 0;\r
- } \r
-\r
- blockNo = param_get8(Cmd, 0);\r
- if (param_gethex(Cmd, 1, bldata, 8)) {\r
- PrintAndLog("Block data must include 8 HEX symbols");\r
- return 1;\r
- }\r
- \r
- if (strchr(Cmd,'w') != 0) {\r
- chinese_card=1;\r
- }\r
- \r
- switch(blockNo){\r
- case 0:\r
- if (!chinese_card){\r
- PrintAndLog("Access Denied");\r
- }else{\r
- PrintAndLog("--specialblock no:%d", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
- UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(d.d.asBytes,bldata, 4);\r
- SendCommand(&d);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- }\r
- break;\r
- case 1:\r
- if (!chinese_card){\r
- PrintAndLog("Access Denied");\r
- }else{\r
- PrintAndLog("--specialblock no:%d", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
- UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(d.d.asBytes,bldata, 4);\r
- SendCommand(&d);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- }\r
- break;\r
- case 2:\r
- if (!chinese_card){\r
- PrintAndLog("Access Denied");\r
- }else{\r
- PrintAndLog("--specialblock no:%d", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
- UsbCommand c = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(c.d.asBytes, bldata, 4);\r
- SendCommand(&c);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- }\r
- break;\r
- case 3:\r
- PrintAndLog("--specialblock no:%d", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4));\r
- UsbCommand d = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(d.d.asBytes,bldata, 4);\r
- SendCommand(&d);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- break;\r
- default: \r
- PrintAndLog("--block no:%d", blockNo);\r
- PrintAndLog("--data: %s", sprint_hex(bldata, 4)); \r
- UsbCommand e = {CMD_MIFAREU_WRITEBL, {blockNo}};\r
- memcpy(e.d.asBytes,bldata, 4);\r
- SendCommand(&e);\r
-\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- break;\r
- }\r
- return 0;\r
-}\r
-*/\r
int CmdHF14AMfRdBl(const char *Cmd)\r
{\r
uint8_t blockNo = 0;\r
return 0;\r
}\r
\r
-/* dublett finns i CMDHFMFU.C \r
-int CmdHF14AMfURdBl(const char *Cmd)\r
-{\r
- uint8_t blockNo = 0;\r
-\r
- if (strlen(Cmd)<1) {\r
- PrintAndLog("Usage: hf mf urdbl <block number>");\r
- PrintAndLog(" sample: hf mf urdbl 0");\r
- return 0;\r
- } \r
- \r
- blockNo = param_get8(Cmd, 0);\r
- PrintAndLog("--block no:%d", blockNo);\r
- \r
- UsbCommand c = {CMD_MIFAREU_READBL, {blockNo}};\r
- SendCommand(&c);\r
-\r
- UsbCommand resp;\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- uint8_t isOK = resp.arg[0] & 0xff;\r
- uint8_t *data = resp.d.asBytes;\r
-\r
- if (isOK)\r
- PrintAndLog("isOk:%02x data:%s", isOK, sprint_hex(data, 4));\r
- else\r
- PrintAndLog("isOk:%02x", isOK);\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
-\r
- return 0;\r
-}\r
-*/\r
-\r
-/* dublett finns i CMDHFMFU.C \r
-int CmdHF14AMfURdCard(const char *Cmd)\r
-{\r
- int i;\r
- uint8_t sectorNo = 0;\r
- uint8_t *lockbytes_t=NULL;\r
- uint8_t lockbytes[2]={0,0};\r
- bool bit[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};\r
- \r
- uint8_t isOK = 0;\r
- uint8_t * data = NULL;\r
-\r
- if (sectorNo > 15) {\r
- PrintAndLog("Sector number must be less than 16");\r
- return 1;\r
- }\r
- PrintAndLog("Attempting to Read Ultralight... ");\r
- \r
- UsbCommand c = {CMD_MIFAREU_READCARD, {sectorNo}};\r
- SendCommand(&c);\r
-\r
- UsbCommand resp;\r
- if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {\r
- isOK = resp.arg[0] & 0xff;\r
- data = resp.d.asBytes;\r
-\r
- PrintAndLog("isOk:%02x", isOK);\r
- if (isOK) \r
- for (i = 0; i < 16; i++) {\r
- switch(i){\r
- case 2:\r
- //process lock bytes\r
- lockbytes_t=data+(i*4);\r
- lockbytes[0]=lockbytes_t[2];\r
- lockbytes[1]=lockbytes_t[3];\r
- for(int j=0; j<16; j++){\r
- bit[j]=lockbytes[j/8] & ( 1 <<(7-j%8));\r
- }\r
- //PrintAndLog("LB %02x %02x", lockbytes[0],lockbytes[1]);\r
- //PrintAndLog("LB2b %02x %02x %02x %02x %02x %02x %02x %02x",bit[8],bit[9],bit[10],bit[11],bit[12],bit[13],bit[14],bit[15]); \r
- PrintAndLog("Block %3d:%s ", i,sprint_hex(data + i * 4, 4));\r
- break;\r
- case 3: \r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[4]);\r
- break;\r
- case 4:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[3]);\r
- break;\r
- case 5:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[2]);\r
- break;\r
- case 6:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[1]);\r
- break;\r
- case 7:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[0]);\r
- break;\r
- case 8:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[15]);\r
- break;\r
- case 9:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[14]);\r
- break;\r
- case 10:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[13]);\r
- break;\r
- case 11:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[12]);\r
- break;\r
- case 12:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[11]);\r
- break;\r
- case 13:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[10]);\r
- break;\r
- case 14:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[9]);\r
- break;\r
- case 15:\r
- PrintAndLog("Block %3d:%s [%d]", i,sprint_hex(data + i * 4, 4),bit[8]);\r
- break;\r
- default:\r
- PrintAndLog("Block %3d:%s ", i,sprint_hex(data + i * 4, 4));\r
- break;\r
- }\r
- }\r
- } else {\r
- PrintAndLog("Command execute timeout");\r
- }\r
- return 0;\r
-}\r
-*/\r
-\r
int CmdHF14AMfRdSc(const char *Cmd)\r
{\r
int i;\r
return 0;\r
}\r
\r
-\r
uint8_t FirstBlockOfSector(uint8_t sectorNo)\r
{\r
if (sectorNo < 32) {\r
}\r
}\r
\r
-\r
uint8_t NumBlocksPerSector(uint8_t sectorNo)\r
{\r
if (sectorNo < 32) {\r
}\r
}\r
\r
-\r
int CmdHF14AMfDump(const char *Cmd)\r
{\r
uint8_t sectorNo, blockNo;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfRestore(const char *Cmd)\r
{\r
uint8_t sectorNo,blockNo;\r
\r
if (fread(bldata, 1, 16, fdump) == 0) {\r
PrintAndLog("File reading error (dumpdata.bin).");\r
+ fclose(fdump);\r
return 2;\r
}\r
\r
}\r
\r
fclose(fdump);\r
-\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfNested(const char *Cmd)\r
{\r
int i, j, res, iterations;\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfChk(const char *Cmd)\r
{\r
if (strlen(Cmd)<3) {\r
}\r
\r
free(keyBlock);\r
-\r
+ PrintAndLog("");\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMf1kSim(const char *Cmd)\r
{\r
uint8_t uid[7] = {0, 0, 0, 0, 0, 0, 0};\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfDbg(const char *Cmd)\r
{\r
int dbgMode = param_get32ex(Cmd, 0, 0, 10);\r
return 0;\r
}\r
\r
-\r
int CmdHF14AMfEClear(const char *Cmd)\r
{\r
if (param_getchar(Cmd, 0) == 'h') {\r
#include "cmdmain.h"
#include "cmddata.h"
#include "cmdlf.h"
+#include "cmdlfawid26.h"
#include "cmdlfhid.h"
#include "cmdlfti.h"
#include "cmdlfem4x.h"
{"simman", CmdLFSimManchester, 0, "<Clock> <Bitstream> [GAP] Simulate arbitrary Manchester LF tag"},
{"snoop", CmdLFSnoop, 0, "['l'|'h'|<divisor>] [trigger threshold]-- Snoop LF (l:125khz, h:134khz)"},
+ {"avid", CmdLFAWID26, 1, "{ AWID26 tags }"},
{"em4x", CmdLFEM4X, 1, "{ EM4X tags }"},
{"hid", CmdLFHID, 1, "{ HID tags }"},
{"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders }"},
--- /dev/null
+//-----------------------------------------------------------------------------
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Low frequency AWID26 commands
+//-----------------------------------------------------------------------------
+
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+#include "proxmark3.h"
+#include "ui.h"
+#include "graph.h"
+#include "cmdmain.h"
+#include "cmdparser.h"
+#include "cmddata.h"
+#include "cmdlf.h"
+#include "cmdlfawid26.h"
+#include "util.h"
+#include "data.h"
+
+
+static int CmdHelp(const char *Cmd);
+
+int CmdClone(const char *Cmd)
+{
+ char cmdp = param_getchar(Cmd, 0);
+
+ if (strlen(Cmd) < 1 || cmdp == 'h' || cmdp == 'H') {
+ PrintAndLog("Usage: lf awid26 write []");
+ PrintAndLog(" [], ");
+ PrintAndLog("");
+ PrintAndLog(" sample: lf awid26 write 26 2233");
+ PrintAndLog(" : lf awid26 write 26 15 2233");
+ return 0;
+ }
+
+ //sscanf(Cmd, "%d %d", &facilitycode, &cardno);
+
+ // char block0 = "00107060";
+ // char block1 = "00107060";
+ // char block2 = "00107060";
+ // char block3 = "00107060";
+
+
+
+ // PrintAndLog("Writing block %d with data %08X", Block, Data);
+ return 0;
+}
+
+// int CmdReadTrace(const char *Cmd)
+// {
+
+ // uint8_t bits[LF_BITSSTREAM_LEN] = {0x00};
+ // uint8_t * bitstream = bits;
+
+ // uint8_t si = 5;
+ // uint32_t bl0 = PackBits(si, 32, bitstream);
+ // uint32_t bl1 = PackBits(si+32, 32, bitstream);
+
+ // uint32_t acl = PackBits(si, 8, bitstream); si += 8;
+ // uint32_t mfc = PackBits(si, 8, bitstream); si += 8;
+ // uint32_t cid = PackBits(si, 5, bitstream); si += 5;
+ // uint32_t icr = PackBits(si, 3, bitstream); si += 3;
+ // uint32_t year = PackBits(si, 4, bitstream); si += 4;
+ // uint32_t quarter = PackBits(si, 2, bitstream); si += 2;
+ // uint32_t lotid = PackBits(si, 12, bitstream); si += 12;
+ // uint32_t wafer = PackBits(si, 5, bitstream); si += 5;
+ // uint32_t dw = PackBits(si, 15, bitstream);
+
+ // PrintAndLog("");
+ // PrintAndLog("-- T55xx Trace Information ----------------------------------");
+ // PrintAndLog("-------------------------------------------------------------");
+ // PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", acl, acl);
+ // PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d)", mfc, mfc);
+ // PrintAndLog(" CID : 0x%02X (%d)", cid, cid);
+ // PrintAndLog(" ICR IC Revision : %d",icr );
+
+
+ // return 0;
+// }
+
+static command_t CommandTable[] =
+{
+ {"help", CmdHelp, 1, "This help"},
+ {"clone", CmdClone, 0, "<facility> <id> -- clone to a t55xx tag"},
+ {NULL, NULL, 0, NULL}
+};
+
+int CmdLFAWID26(const char *Cmd)
+{
+ CmdsParse(CommandTable, Cmd);
+ return 0;
+}
+
+int CmdHelp(const char *Cmd)
+{
+ CmdsHelp(CommandTable);
+ return 0;
+}
--- /dev/null
+//-----------------------------------------------------------------------------
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Low frequency AWID 26 commands
+//-----------------------------------------------------------------------------
+
+#ifndef CMDLFAWID26_H__
+#define CMDLFAWID26_H__
+
+int CmdLFAWID26(const char *Cmd);
+
+int CmdClone(const char *Cmd);
+#endif
k[0] = csn[0]^csn[1]^csn[2]^csn[3]^csn[4]^csn[5]^csn[6]^csn[7];
k[1] = csn[0]+csn[1]+csn[2]+csn[3]+csn[4]+csn[5]+csn[6]+csn[7];
k[2] = rr(swap( csn[2]+k[1] ));
- k[3] = rr(swap( csn[3]+k[0] ));
- k[4] = ~rr(swap( csn[4]+k[2] ))+1;
- k[5] = ~rr(swap( csn[5]+k[3] ))+1;
+ k[3] = rl(swap( csn[3]+k[0] ));
+ k[4] = ~rr( csn[4]+k[2] )+1;
+ k[5] = ~rl( csn[5]+k[3] )+1;
k[6] = rr( csn[6]+(k[4]^0x3c) );
k[7] = rl( csn[7]+(k[5]^0xc3) );
int i;
fseek(f, 0, SEEK_SET);
uint8_t *dump = malloc(fsize);
- fread(dump, fsize, 1, f);
- fclose(f);
+ size_t bytes_read = fread(dump, fsize, 1, f);
+ fclose(f);
+ if (bytes_read < fsize)
+ {
+ prnlog("Error, could only read %d bytes (should be %d)",bytes_read, fsize );
+ }
return bruteforceDump(dump,fsize,keytable);
}
/**