From 754a35e72bfe75868d7a824692fe980feedffb82 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 23 Mar 2015 17:11:45 +0100 Subject: [PATCH] ADD: added the ioprox checksum test to IOdemodFSK MENTIONED HERE: http://www.proxmark.org/forum/viewtopic.php?id=364&p=6 ADD: changed the layout of the HID descramble patterns a bit, and rearranged some hex/dec outputs. --- armsrc/lfops.c | 68 ++++++++++++++++++++++++++++++++++-------------- client/cmddata.c | 26 +++++++++++++----- 2 files changed, 68 insertions(+), 26 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index aeb53cb1..7537d63f 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -912,6 +912,8 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) uint8_t version=0; uint8_t facilitycode=0; uint16_t number=0; + uint8_t crc = 0; + uint16_t calccrc = 0; // Configure to go in 125Khz listen mode LFSetupFPGAForADC(95, true); @@ -930,8 +932,17 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) //| | | | | | | //01234567 8 90123456 7 89012345 6 78901234 5 67890123 4 56789012 3 45678901 23 //----------------------------------------------------------------------------- - //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 ???????? 11 + //00000000 0 11110000 1 facility 1 version* 1 code*one 1 code*two 1 checksum 11 // + //Checksum: + //00000000 0 11110000 1 11100000 1 00000001 1 00000011 1 10110110 1 01110101 11 + //preamble F0 E0 01 03 B6 75 + // How to calc checksum, + // http://www.proxmark.org/forum/viewtopic.php?id=364&p=6 + // F0 + E0 + 01 + 03 + B6 = 28A + // 28A & FF = 8A + // FF - 8A = 75 + // Checksum: 0x75 //XSF(version)facility:codeone+codetwo //Handle the data if(findone){ //only print binary if we are doing one @@ -949,7 +960,15 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) facilitycode = bytebits_to_byte(dest+idx+18,8) ; number = (bytebits_to_byte(dest+idx+36,8)<<8)|(bytebits_to_byte(dest+idx+45,8)); //36,9 - Dbprintf("XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2); + crc = bytebits_to_byte(dest+idx+54,8); + for (uint8_t i=1; i<6; ++i) + calccrc += bytebits_to_byte(dest+idx+9*i,8); + calccrc &= 0xff; + calccrc = 0xff - calccrc; + + char *crcStr = (crc == calccrc) ? "ok":"!crc"; + + Dbprintf("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr); // if we're only looking for one tag if (findone){ if (ledcontrol) LED_A_OFF(); @@ -1041,6 +1060,12 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) // These timings work for 4469/4269/4305 (with the 55*8 above) // WRITE_0 = 23*8 , 9*8 SpinDelayUs(23*8); +// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK) +// TIMER_CLOCK1 = MCK/2, MCK is running at 48 MHz, Timer is running at 48/2 = 24 MHz +// Hitag units (T0) have duration of 8 microseconds (us), which is 1/125000 per second (carrier) +// T0 = TIMER_CLOCK1 / 125000 = 192 +// 1 Cycle = 8 microseconds(us) + #define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..) // Write one bit to card @@ -1504,10 +1529,15 @@ void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int int DemodPCF7931(uint8_t **outBlocks) { - uint8_t BitStream[256] = {0x00}; - uint8_t Blocks[8][16]; + uint8_t bits[256] = {0x00}; + uint8_t blocks[8][16]; uint8_t *dest = BigBuf_get_addr(); - int GraphTraceLen = BigBuf_max_traceLen(); + + int GraphTraceLen = BigBuf_max_traceLen(); + if ( GraphTraceLen > 18000 ) + GraphTraceLen = 18000; + + int i, j, lastval, bitidx, half_switch; int clock = 64; int tolerance = clock / 8; @@ -1579,14 +1609,14 @@ int DemodPCF7931(uint8_t **outBlocks) { block_done = 1; } else if(half_switch == 1) { - BitStream[bitidx++] = 0; + bits[bitidx++] = 0; half_switch = 0; } else half_switch++; } else if (abs(lc-clock) < tolerance) { // 64TO - BitStream[bitidx++] = 1; + bits[bitidx++] = 1; } else { // Error warnings++; @@ -1600,14 +1630,15 @@ int DemodPCF7931(uint8_t **outBlocks) { if(block_done == 1) { if(bitidx == 128) { for(j=0; j<16; j++) { - Blocks[num_blocks][j] = 128*BitStream[j*8+7]+ - 64*BitStream[j*8+6]+ - 32*BitStream[j*8+5]+ - 16*BitStream[j*8+4]+ - 8*BitStream[j*8+3]+ - 4*BitStream[j*8+2]+ - 2*BitStream[j*8+1]+ - BitStream[j*8]; + blocks[num_blocks][j] = 128*bits[j*8+7]+ + 64*bits[j*8+6]+ + 32*bits[j*8+5]+ + 16*bits[j*8+4]+ + 8*bits[j*8+3]+ + 4*bits[j*8+2]+ + 2*bits[j*8+1]+ + bits[j*8]; + } num_blocks++; } @@ -1616,17 +1647,14 @@ int DemodPCF7931(uint8_t **outBlocks) { half_switch = 0; } if(i < GraphTraceLen) - { - if (dest[i-1] > dest[i]) dir=0; - else dir = 1; - } + dir =(dest[i-1] > dest[i]) ? 0 : 1; } if(bitidx==255) bitidx=0; warnings = 0; if(num_blocks == 4) break; } - memcpy(outBlocks, Blocks, 16*num_blocks); + memcpy(outBlocks, blocks, 16*num_blocks); return num_blocks; } diff --git a/client/cmddata.c b/client/cmddata.c index 7c5a3c45..c83cf087 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -297,7 +297,6 @@ void printEM410x(uint32_t hi, uint64_t id) PrintAndLog("DEZ 3.5C : %03lld.%05lld",(id & 0xFF0000) >> 16,(id & 0xFFFF)); PrintAndLog("DEZ 14/IK2 : %014lld",id); PrintAndLog("DEZ 15/IK3 : %015lld",id2lo); - PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF)); PrintAndLog("DEZ 20/ZK : %02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld%02lld", (id2lo & 0xf000000000) >> 36, (id2lo & 0x0f00000000) >> 32, @@ -310,10 +309,10 @@ void printEM410x(uint32_t hi, uint64_t id) (id2lo & 0x00000000f0) >> 4, (id2lo & 0x000000000f) ); - + PrintAndLog("Other : %05lld_%03lld_%08lld",(id&0xFFFF),((id>>16LL) & 0xFF),(id & 0xFFFFFF)); PrintAndLog(""); uint64_t paxton = (((id>>32) << 24) | (id & 0xffffff)) + 0x143e00; - PrintAndLog("Pattern Paxton : %0d", paxton); + PrintAndLog("Pattern Paxton : %lld (hex %08llX)", paxton, paxton); uint32_t p1id = (id & 0xFFFFFF); uint8_t arr[32] = {0x00}; @@ -354,12 +353,12 @@ void printEM410x(uint32_t hi, uint64_t id) p1 |= arr[2] << 4; p1 |= arr[1] << 5; p1 |= arr[0] << 9; - PrintAndLog("Pattern 1 : 0x%X - %d", p1, p1); + PrintAndLog("Pattern 1 : %d (hex %X)", p1, p1); uint16_t sebury1 = id & 0xFFFF; uint8_t sebury2 = (id >> 16) & 0x7F; uint32_t sebury3 = id & 0x7FFFFF; - PrintAndLog("Pattern Sebury : %d %d %d (hex: %X %X %X)", sebury1, sebury2, sebury3, sebury1, sebury2, sebury3); + PrintAndLog("Pattern Sebury : %010d %03d %d (hex: %X %X %X)", sebury3, sebury2, sebury1, sebury3, sebury2, sebury1); } } return; @@ -1267,6 +1266,7 @@ int CmdFSKdemodHID(const char *Cmd) if(fmtLen==34){ cardnum = (lo>>1)&0xFFFF; fc= ((hi&1)<<15)|(lo>>17); + // this could also be QUADRAKEY. Uses 34bit HID. } if(fmtLen==35){ cardnum = (lo>>1)&0xFFFFF; @@ -1413,7 +1413,21 @@ int CmdFSKdemodIO(const char *Cmd) uint8_t version = bytebits_to_byte(BitStream+idx+27,8); //14,4 uint8_t facilitycode = bytebits_to_byte(BitStream+idx+18,8) ; uint16_t number = (bytebits_to_byte(BitStream+idx+36,8)<<8)|(bytebits_to_byte(BitStream+idx+45,8)); //36,9 - PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x)",version,facilitycode,number,code,code2); + + uint8_t crc = bytebits_to_byte(BitStream+idx+54,8); + uint16_t calccrc = 0; + + for (uint8_t i=1; i<6; ++i){ + calccrc += bytebits_to_byte(BitStream+idx+9*i,8); + PrintAndLog("%d", calccrc); + } + calccrc &= 0xff; + calccrc = 0xff - calccrc; + + char *crcStr = (crc == calccrc) ? "ok": "!crc"; + + PrintAndLog("IO Prox XSF(%02d)%02x:%05d (%08x%08x) [%02x %s]",version,facilitycode,number,code,code2, crc, crcStr); + setDemodBuf(BitStream,64,idx); if (g_debugMode){ PrintAndLog("DEBUG: idx: %d, Len: %d, Printing demod buffer:",idx,64); -- 2.39.5