From: iceman1001 <iceman@iuse.se>
Date: Sun, 28 Feb 2016 21:43:21 +0000 (+0100)
Subject: ADD: num_to_bytebitsLSBF function.
X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/0d2c590974319db6fc54400ce153d86b68a09852
ADD: num_to_bytebitsLSBF function.
ADD: lf guard clone - works... needs some checking.
ADD: added a option to "addparity" to set zero on fixed pos.
---
diff --git a/client/cmddata.c b/client/cmddata.c
index 8e0668f7..311e5b32 100644
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -619,13 +619,13 @@ int CmdG_Prox_II_Demod(const char *Cmd)
continue;
}
if (keyCnt<8){ //lsb first
- xorKey = xorKey | (DemodBuffer[startIdx+idx]<<keyCnt);
+ xorKey |= (DemodBuffer[startIdx+idx]<<keyCnt);
keyCnt++;
if (keyCnt==8 && g_debugMode) PrintAndLog("xorKey Found: %02x", xorKey);
continue;
}
//lsb first
- ByteStream[ByteCnt] = ByteStream[ByteCnt] | (DemodBuffer[startIdx+idx]<<bitCnt);
+ ByteStream[ByteCnt] |= (DemodBuffer[startIdx+idx]<<bitCnt);
bitCnt++;
if (bitCnt % 8 == 0){
if (g_debugMode) PrintAndLog("byte %u: %02x", (unsigned int)ByteCnt, ByteStream[ByteCnt]);
diff --git a/client/cmdlfguard.c b/client/cmdlfguard.c
index 7f58e994..828bdb68 100644
--- a/client/cmdlfguard.c
+++ b/client/cmdlfguard.c
@@ -47,40 +47,14 @@ int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) {
// Intializes random number generator
time_t t;
srand((unsigned) time(&t));
-
- uint8_t pre[96];
- memset(pre, 0x00, sizeof(pre));
-
- uint8_t index = 8;
+ //uint8_t xorKey = rand() % 0xFF;
+ uint8_t xorKey = 0x6b;
+ uint8_t i;
- // preamble 6bits
- pre[0] = 1;
- pre[1] = 1;
- pre[2] = 1;
- pre[3] = 1;
- pre[4] = 1;
- //pre[5] = 0;
-
- // add xor key
- uint8_t xorKey = rand() % 0xFF;
- num_to_bytebits(xorKey, 8, pre+index);
- index += 8;
- // add format length
- // len | hex | bin wiegand pos fc/cn
- // 26 | 1A | 0001 1010
- num_to_bytebits(26, 8, pre+index);
- // 36 | 24 | 0010 0100
- //num_to_bytebits(36, 8, pre+index);
- // 40 | 28 | 0010 1000
- //num_to_bytebits(40, 8, pre+index);
+ uint8_t pre[96];
+ memset(pre, 0x00, sizeof(pre));
- index += 8;
-
- // 2bit checksum
- // unknown today.
- index += 2;
-
// Get 26 wiegand from FacilityCode, CardNumber
uint8_t wiegand[24];
memset(wiegand, 0x00, sizeof(wiegand));
@@ -88,26 +62,71 @@ int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) {
num_to_bytebits(cn, 16, wiegand+8);
// add wiegand parity bits (dest, source, len)
- wiegand_add_parity(pre+index, wiegand, 24);
-
- uint8_t tmp = 0, i = 0;
- for (i = 2; i < 12; ++i) {
- // // xor all bytes
- // tmp = xorKey ^ bytebits_to_byte(pre + (i*8), 8);
-
- // // copy to out..
- // num_to_bytebits(tmp, 8, pre + (i*8) );
- }
+ wiegand_add_parity(pre, wiegand, 24);
- // add spacer bit 0 every 5
+ // lets start. 12bytes of data to be produced.
+ uint8_t rawbytes[12];
+ memset(rawbytes, 0x00, sizeof(rawbytes));
+
+ // xor key
+ rawbytes[0] = xorKey;
+
+ // add format length (decimal)
+ // len | hex | bin
+ // 26 | 1A | 0001 1010
+ rawbytes[1] = (26 << 2);
+ // 36 | 24 | 0010 0100
+ //rawbytes[1] = (36 << 2);
+ // 40 | 28 | 0010 1000
+ //rawbytes[1] = (40 << 2);
+
+ // 2bit checksum, unknown today,
+ // these two bits are the last ones of rawbyte[1], hence the LSHIFT above.
+ rawbytes[2] = 1;
+ rawbytes[3] = 0;
- // swap nibbles
+ // add wiegand to rawbytes
+ for (i = 0; i < 4; ++i)
+ rawbytes[i+4] = bytebits_to_byte( pre + (i*8), 8);
+ if (g_debugMode) printf(" WIE | %s\n", sprint_hex(rawbytes, sizeof(rawbytes)));
- // copy to outarray
- memcpy(guardBits, pre, sizeof(pre));
+ // NIBBLE_SWAP (works on all data)
+ // for (i = 0; i < 12; ++i)
+ // rawbytes[i] = SWAP_NIBBLE( rawbytes[i] );
+
+ // printf("SWAP | %s\n", sprint_hex(rawbytes, sizeof(rawbytes)));
- printf(" | %s\n", sprint_bin(guardBits, 96) );
+ // XOR (only works on wiegand stuff)
+ for (i = 1; i < 12; ++i)
+ rawbytes[i] ^= xorKey ;
+
+ if (g_debugMode) printf(" XOR | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+
+ // convert rawbytes to bits in pre
+ for (i = 0; i < 12; ++i)
+ num_to_bytebitsLSBF( rawbytes[i], 8, pre + (i*8));
+
+ if (g_debugMode) printf("\n Raw | %s \n", sprint_hex(rawbytes, sizeof(rawbytes)));
+ if (g_debugMode) printf(" Raw | %s\n", sprint_bin(pre, 64) );
+
+ // add spacer bit 0 every 4 bits, starting with index 0,
+ // 12 bytes, 24 nibbles. 24+1 extra bites. 3bytes. Ie 9bytes | 1byte xorkey, 8bytes rawdata (64bits, should be enough for a 40bit wiegand)
+ addParity(pre, guardBits+6, 64, 5, 3);
+
+ // preamble
+ guardBits[0] = 1;
+ guardBits[1] = 1;
+ guardBits[2] = 1;
+ guardBits[3] = 1;
+ guardBits[4] = 1;
+ guardBits[5] = 0;
+/* 6 B
+PRE | 0110 1101 0101 1110 0001 1101 1101 0111 1101011011010110110101101101011
+FIN | 111110 0 0110 0 1101 0 0101 0 1110 0 0001 0 1101 0 1101 0 0111 0 110100110011010011001101001100110100110000000000
+*/
+
+ if (g_debugMode) printf(" FIN | %s\n", sprint_bin(guardBits, 96) );
return 1;
}
@@ -153,19 +172,19 @@ int CmdGuardClone(const char *Cmd) {
for ( i = 0; i<4; ++i )
PrintAndLog(" %02d | %08x", i, blocks[i]);
- // UsbCommand resp;
- // UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
-
- // for ( i = 0; i<5; ++i ) {
- // c.arg[0] = blocks[i];
- // c.arg[1] = i;
- // clearCommandBuffer();
- // SendCommand(&c);
- // if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
- // PrintAndLog("Error occurred, device did not respond during write operation.");
- // return -1;
- // }
- // }
+ UsbCommand resp;
+ UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {0,0,0}};
+
+ for ( i = 0; i<4; ++i ) {
+ c.arg[0] = blocks[i];
+ c.arg[1] = i;
+ clearCommandBuffer();
+ SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
+ PrintAndLog("Error occurred, device did not respond during write operation.");
+ return -1;
+ }
+ }
return 0;
}
@@ -207,7 +226,7 @@ int CmdGuardSim(const char *Cmd) {
static command_t CommandTable[] = {
{"help", CmdHelp, 1, "This help"},
{"read", CmdGuardRead, 0, "Attempt to read and extract tag data"},
-// {"clone", CmdGuardClone, 0, "<Facility-Code> <Card Number> clone Guardall tag"},
+ {"clone", CmdGuardClone, 0, "<Facility-Code> <Card Number> clone Guardall tag"},
// {"sim", CmdGuardSim, 0, "<Facility-Code> <Card Number> simulate Guardall tag"},
{NULL, NULL, 0, NULL}
};
diff --git a/client/util.c b/client/util.c
index ae8e4fec..9768dbeb 100644
--- a/client/util.c
+++ b/client/util.c
@@ -103,6 +103,7 @@ void print_hex(const uint8_t * data, const size_t len) {
printf("%02x ", data[i]);
printf("\n");
}
+
void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) {
int rownum = 0;
@@ -178,6 +179,7 @@ char *sprint_hex_ascii(const uint8_t *data, const size_t len) {
sprintf(tmp, "%s| %s", sprint_hex(data, max_len) , data);
return buf;
}
+
void num_to_bytes(uint64_t n, size_t len, uint8_t* dest)
{
while (len--) {
@@ -197,12 +199,22 @@ uint64_t bytes_to_num(uint8_t* src, size_t len)
return num;
}
-void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest) {
+// takes a number (uint64_t) and creates a binarray in dest.
+void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest) {
while (len--) {
dest[len] = n & 1;
n >>= 1;
}
}
+//least significant bit first
+void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest)
+{
+ for(int i = 0 ; i < len ; ++i) {
+ dest[i] = n & 1;
+ n >>= 1;
+ }
+}
+
// aa,bb,cc,dd,ee,ff,gg,hh, ii,jj,kk,ll,mm,nn,oo,pp
// to
@@ -220,6 +232,8 @@ uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockS
return tmp;
}
+// takes a uint8_t src array, for len items and reverses the byte order in blocksizes (8,16,32,64),
+// returns: the dest array contains the reordered src array.
void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest){
for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
for (size_t i = 0; i < blockSize; i++){
@@ -228,7 +242,6 @@ void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSiz
}
}
-
// -------------------------------------------------------------------------
// string parameters lib
// -------------------------------------------------------------------------
@@ -493,6 +506,7 @@ void wiegand_add_parity(uint8_t *target, uint8_t *source, uint8_t length)
*(target)= GetParity(source + length / 2, ODD, length / 2);
}
+// xor two arrays together for len items. The dst array contains the new xored values.
void xor(unsigned char * dst, unsigned char * src, size_t len) {
for( ; len > 0; len--,dst++,src++)
*dst ^= *src;
@@ -502,6 +516,7 @@ int32_t le24toh (uint8_t data[3]) {
return (data[2] << 16) | (data[1] << 8) | data[0];
}
+// Pack a bitarray into a uint32_t.
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits) {
if (len > 32) return 0;
@@ -526,6 +541,7 @@ void rol(uint8_t *data, const size_t len){
data[len-1] = first;
}
+// Swap bit order on a uint32_t value. Can be limited by nrbits just use say 8bits reversal
uint32_t SwapBits(uint32_t value, int nrbits) {
uint32_t newvalue = 0;
for(int i = 0; i < nrbits; i++) {
diff --git a/client/util.h b/client/util.h
index 2813bb8c..9c16ba5b 100644
--- a/client/util.h
+++ b/client/util.h
@@ -36,6 +36,18 @@
#define EVEN 0
#define ODD 1
+#ifndef NIBBLE_HIGH
+# define NIBBLE_HIGH(b) ( (b & 0xF0) >> 4 )
+#endif
+#ifndef NIBBLE_LOW
+# define NIBBLE_LOW(b) ( b & 0x0F )
+#endif
+#ifndef CRUMB
+# define CRUMB(b,p) (((b & (0x3 << p) ) >> p ) & 0xF)
+#endif
+#ifndef SWAP_NIBBLE
+# define SWAP_NIBBLE(b) ( (NIBBLE_LOW(b)<< 4) | NIBBLE_HIGH(b))
+#endif
int ukbhit(void);
void AddLogLine(char *fileName, char *extData, char *c);
@@ -53,7 +65,8 @@ char *sprint_hex_ascii(const uint8_t *data, const size_t len);
void num_to_bytes(uint64_t n, size_t len, uint8_t* dest);
uint64_t bytes_to_num(uint8_t* src, size_t len);
-void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest);
+void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest);
+void num_to_bytebitsLSBF(uint64_t n, size_t len, uint8_t *dest);
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize);
void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest);
diff --git a/common/lfdemod.c b/common/lfdemod.c
index 1c05920d..edebe456 100644
--- a/common/lfdemod.c
+++ b/common/lfdemod.c
@@ -95,7 +95,7 @@ size_t removeParity(uint8_t *BitStream, size_t startIdx, uint8_t pLen, uint8_t p
// by marshmellow
// takes a array of binary values, length of bits per parity (includes parity bit),
-// Parity Type (1 for odd; 0 for even; 2 Always 1's), and binary Length (length to run)
+// Parity Type (1 for odd; 0 for even; 2 Always 1's; 3 Always 0's), and binary Length (length to run)
size_t addParity(uint8_t *BitSource, uint8_t *dest, uint8_t sourceLen, uint8_t pLen, uint8_t pType)
{
uint32_t parityWd = 0;
@@ -105,12 +105,16 @@ size_t addParity(uint8_t *BitSource, uint8_t *dest, uint8_t sourceLen, uint8_t p
parityWd = (parityWd << 1) | BitSource[word+bit];
dest[j++] = (BitSource[word+bit]);
}
+
// if parity fails then return 0
- if (pType == 2) { // then marker bit which should be a 1
- dest[j++]=1;
- } else {
- dest[j++] = parityTest(parityWd, pLen-1, pType) ^ 1;
+ switch (pType) {
+ case 3: dest[j++]=0; break; // marker bit which should be a 0
+ case 2: dest[j++]=1; break; // marker bit which should be a 1
+ default:
+ dest[j++] = parityTest(parityWd, pLen-1, pType) ^ 1;
+ break;
}
+
bitCnt += pLen;
parityWd = 0;
}
@@ -122,8 +126,7 @@ size_t addParity(uint8_t *BitSource, uint8_t *dest, uint8_t sourceLen, uint8_t p
uint32_t bytebits_to_byte(uint8_t *src, size_t numbits)
{
uint32_t num = 0;
- for(int i = 0 ; i < numbits ; i++)
- {
+ for(int i = 0 ; i < numbits ; i++) {
num = (num << 1) | (*src);
src++;
}