From 50564be0f809e61f3148fb2f27db035b6362321f Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 27 Feb 2016 19:47:10 +0100 Subject: [PATCH] ADD: Started to add a "LF GUARD CLONE/SIM" functionality. *not working* all thats needed now is fixing the transformation from FacilityCode/CardNumber -> raw data for t55x7. --- client/Makefile | 3 +- client/cmdlf.c | 26 +---- client/cmdlf.h | 25 +++++ client/cmdlfguard.c | 224 ++++++++++++++++++++++++++++++++++++++++++ client/cmdlfguard.h | 30 ++++++ client/cmdlfpyramid.c | 7 +- 6 files changed, 284 insertions(+), 31 deletions(-) create mode 100644 client/cmdlfguard.c create mode 100644 client/cmdlfguard.h diff --git a/client/Makefile b/client/Makefile index eabe0d38..3345aa8b 100644 --- a/client/Makefile +++ b/client/Makefile @@ -135,7 +135,8 @@ CMDSRCS = nonce2key/crapto1.c\ radixsort.c\ bucketsort.c\ cmdlfpresco.c\ - cmdlfpyramid.c + cmdlfpyramid.c\ + cmdlfguard.c ZLIBSRCS = deflate.c adler32.c trees.c zutil.c inflate.c inffast.c inftrees.c ZLIB_FLAGS = -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED diff --git a/client/cmdlf.c b/client/cmdlf.c index 8469d80d..0f5d0dc0 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -7,32 +7,7 @@ //----------------------------------------------------------------------------- // Low frequency commands //----------------------------------------------------------------------------- - -#include -#include -#include -#include -#include "proxmark3.h" -#include "data.h" -#include "graph.h" -#include "ui.h" -#include "cmdparser.h" -#include "cmdmain.h" -#include "cmddata.h" -#include "util.h" #include "cmdlf.h" -#include "cmdlfhid.h" -#include "cmdlfawid.h" -#include "cmdlfti.h" -#include "cmdlfem4x.h" -#include "cmdlfhitag.h" -#include "cmdlft55xx.h" -#include "cmdlfpcf7931.h" -#include "cmdlfio.h" -#include "lfdemod.h" -#include "cmdlfviking.h" -#include "cmdlfpresco.h" -#include "cmdlfpyramid.h" static int CmdHelp(const char *Cmd); int usage_lf_cmdread(void) { @@ -1213,6 +1188,7 @@ static command_t CommandTable[] = {"help", CmdHelp, 1, "This help"}, {"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"}, {"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"}, + {"guard", CmdLFGuard, 1, "{ Guardall RFIDs... }"}, {"hid", CmdLFHID, 1, "{ HID RFIDs... }"}, {"hitag", CmdLFHitag, 1, "{ HITAG RFIDs... }"}, {"io", CmdLFIO, 1, "{ IOPROX RFIDs... }"}, diff --git a/client/cmdlf.h b/client/cmdlf.h index 5dbb9b6e..21c79b42 100644 --- a/client/cmdlf.h +++ b/client/cmdlf.h @@ -10,6 +10,31 @@ #ifndef CMDLF_H__ #define CMDLF_H__ +#include +#include +#include +#include +#include "proxmark3.h" +#include "data.h" +#include "graph.h" +#include "ui.h" +#include "cmdparser.h" +#include "cmdmain.h" +#include "cmddata.h" +#include "util.h" +#include "cmdlfhid.h" +#include "cmdlfawid.h" +#include "cmdlfti.h" +#include "cmdlfem4x.h" +#include "cmdlfhitag.h" +#include "cmdlft55xx.h" +#include "cmdlfpcf7931.h" +#include "cmdlfio.h" +#include "lfdemod.h" +#include "cmdlfviking.h" +#include "cmdlfpresco.h" +#include "cmdlfpyramid.h" +#include "cmdlfguard.h" int CmdLF(const char *Cmd); diff --git a/client/cmdlfguard.c b/client/cmdlfguard.c new file mode 100644 index 00000000..b2079d83 --- /dev/null +++ b/client/cmdlfguard.c @@ -0,0 +1,224 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency Farpoint / Pyramid tag commands +//----------------------------------------------------------------------------- +#include +#include +#include "cmdlfguard.h" +static int CmdHelp(const char *Cmd); + +int usage_lf_guard_clone(void){ + PrintAndLog("clone a Guardall tag to a T55x7 tag."); + PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated. "); + PrintAndLog("Currently work only on 26bit"); + PrintAndLog(""); + PrintAndLog("Usage: lf guard clone "); + PrintAndLog("Options :"); + PrintAndLog(" : 8-bit value facility code"); + PrintAndLog(" : 16-bit value card number"); + PrintAndLog(""); + PrintAndLog("Sample : lf guard clone 123 11223"); + return 0; +} + +int usage_lf_guard_sim(void) { + PrintAndLog("Enables simulation of Guardall card with specified card number."); + PrintAndLog("Simulation runs until the button is pressed or another USB command is issued."); + PrintAndLog("The facility-code is 8-bit and the card number is 16-bit. Larger values are truncated."); + PrintAndLog("Currently work only on 26bit"); + PrintAndLog(""); + PrintAndLog("Usage: lf guard sim "); + PrintAndLog("Options :"); + PrintAndLog(" : 8-bit value facility code"); + PrintAndLog(" : 16-bit value card number"); + PrintAndLog(""); + PrintAndLog("Sample : lf guard sim 123 11223"); + return 0; +} + + +// Works for 26bits. +int GetGuardBits(uint32_t fc, uint32_t cn, uint8_t *guardBits) { + + // Intializes random number generator + time_t t; + srand((unsigned) time(&t)); + + uint8_t pre[96]; + memset(pre, 0x00, sizeof(pre)); + + uint8_t index = 8; + + // preamble 6bits + pre[0] = 1; + pre[1] = 1; + pre[2] = 1; + pre[3] = 1; + pre[4] = 1; + //pre[5] = 0; + + // add xor key + uint8_t xorKey = rand() % 0xFF; + num_to_bytebits(xorKey, 8, pre+index); + index += 8; + + // add format length + // len | hex | bin wiegand pos fc/cn + // 26 | 1A | 0001 1010 + num_to_bytebits(26, 8, pre+index); + // 36 | 24 | 0010 0100 + //num_to_bytebits(36, 8, pre+index); + // 40 | 28 | 0010 1000 + //num_to_bytebits(40, 8, pre+index); + + index += 8; + + // 2bit checksum + // unknown today. + index += 2; + + // Get 26 wiegand from FacilityCode, CardNumber + uint8_t wiegand[24]; + memset(wiegand, 0x00, sizeof(wiegand)); + num_to_bytebits(fc, 8, wiegand); + num_to_bytebits(cn, 16, wiegand+8); + + // add wiegand parity bits (dest, source, len) + wiegand_add_parity(pre+index, wiegand, 24); + + uint8_t tmp = 0, i = 0; + for (i = 2; i < 12; ++i) { + // // xor all bytes + // tmp = xorKey ^ bytebits_to_byte(pre + (i*8), 8); + + // // copy to out.. + // num_to_bytebits(tmp, 8, pre + (i*8) ); + } + + // add spacer bit 0 every 5 + + // swap nibbles + + + // copy to outarray + memcpy(guardBits, pre, sizeof(pre)); + + printf(" | %s\n", sprint_bin(guardBits, 96) ); + return 1; +} + +int CmdGuardRead(const char *Cmd) { + CmdLFRead("s"); + getSamples("30000",false); + return CmdG_Prox_II_Demod(""); +} + +int CmdGuardClone(const char *Cmd) { + + char cmdp = param_getchar(Cmd, 0); + if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_lf_guard_clone(); + + uint32_t facilitycode=0, cardnumber=0, fc = 0, cn = 0; + uint8_t i; + uint8_t bs[96]; + memset(bs, 0x00, sizeof(bs)); + + //GuardProxII - compat mode, ASK/Biphase, data rate 64, 3 data blocks + uint32_t blocks[5] = {T55x7_MODULATION_BIPHASE | T55x7_BITRATE_RF_64 | 3< clone Guardall tag"}, + {"sim", CmdGuardSim, 0, " simulate Guardall tag"}, + {NULL, NULL, 0, NULL} +}; + +int CmdLFGuard(const char *Cmd) { + clearCommandBuffer(); + CmdsParse(CommandTable, Cmd); + return 0; +} + +int CmdHelp(const char *Cmd) { + CmdsHelp(CommandTable); + return 0; +} diff --git a/client/cmdlfguard.h b/client/cmdlfguard.h new file mode 100644 index 00000000..68ab8f2b --- /dev/null +++ b/client/cmdlfguard.h @@ -0,0 +1,30 @@ +//----------------------------------------------------------------------------- +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// Low frequency T55xx commands +//----------------------------------------------------------------------------- +#ifndef CMDLFGUARD_H__ +#define CMDLFGUARD_H__ +#include "proxmark3.h" +#include "ui.h" +#include "util.h" +#include "graph.h" +#include "cmdparser.h" +#include "cmddata.h" +#include "cmdmain.h" +#include "cmdlf.h" +#include "protocols.h" // for T55xx config register definitions +#include "lfdemod.h" // parityTest +#include "crc.h" + +int CmdLFGuard(const char *Cmd); +int CmdGuardClone(const char *Cmd); +int CmdGuardSim(const char *Cmd); + +int usage_lf_guard_clone(void); +int usage_lf_quard_sim(void); +#endif + diff --git a/client/cmdlfpyramid.c b/client/cmdlfpyramid.c index 0f992cc2..990dccbb 100644 --- a/client/cmdlfpyramid.c +++ b/client/cmdlfpyramid.c @@ -40,7 +40,6 @@ int usage_lf_pyramid_sim(void) { return 0; } - // Works for 26bits. int GetPyramidBits(uint32_t fc, uint32_t cn, uint8_t *pyramidBits) { @@ -60,10 +59,8 @@ int GetPyramidBits(uint32_t fc, uint32_t cn, uint8_t *pyramidBits) { wiegand_add_parity(pre+80, wiegand, 24); // add paritybits (bitsource, dest, sourcelen, paritylen, parityType (odd, even,) - size_t s = addParity(pre+8, pyramidBits+8, 102, 8, 1); - - //printf(" %d |", s); - + addParity(pre+8, pyramidBits+8, 102, 8, 1); + // add checksum uint8_t csBuff[13]; for (uint8_t i = 0; i < 13; i++) -- 2.39.5