search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix little endian vs big endian in the macros... again... but this time correct
[RRG-proxmark3.git] / client / src / cmdlfgallagher.c
blob4cf9b240d5309704adb4cd4c6ac0f93bf2182b08
1 //-----------------------------------------------------------------------------
2 // Iceman, 2019
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Low frequency GALLAGHER tag commands
9 // ASK/MAN, RF/32, 96 bits long (unknown cs) (0x00088060)
10 // sample Q5 , ASK RF/32, STT, 96 bits (3blocks) ( 0x9000F006)
11 //-----------------------------------------------------------------------------
12 #include "cmdlfgallagher.h"
13 #include <string.h> // memcpy
14 #include <ctype.h> // tolower
15 #include <stdio.h>
16 #include "commonutil.h" // ARRAYLEN
17 #include "common.h"
18 #include "cmdparser.h" // command_t
19 #include "comms.h"
20 #include "ui.h"
21 #include "cmddata.h"
22 #include "cmdlf.h"
23 #include "lfdemod.h" // preamble test
24 #include "protocols.h" // t55xx defines
25 #include "cmdlft55xx.h" // clone..
26 #include "crc.h" // CRC8/Cardx
27 #include "cmdlfem4x05.h" //
28 #include "cliparser.h"
29
30 static int CmdHelp(const char *Cmd);
31
32 static void scramble(uint8_t *arr, uint8_t len) {
33 uint8_t lut[] = {
34 0xa3, 0xb0, 0x80, 0xc6, 0xb2, 0xf4, 0x5c, 0x6c, 0x81, 0xf1, 0xbb, 0xeb, 0x55, 0x67, 0x3c, 0x05,
35 0x1a, 0x0e, 0x61, 0xf6, 0x22, 0xce, 0xaa, 0x8f, 0xbd, 0x3b, 0x1f, 0x5e, 0x44, 0x04, 0x51, 0x2e,
36 0x4d, 0x9a, 0x84, 0xea, 0xf8, 0x66, 0x74, 0x29, 0x7f, 0x70, 0xd8, 0x31, 0x7a, 0x6d, 0xa4, 0x00,
37 0x82, 0xb9, 0x5f, 0xb4, 0x16, 0xab, 0xff, 0xc2, 0x39, 0xdc, 0x19, 0x65, 0x57, 0x7c, 0x20, 0xfa,
38 0x5a, 0x49, 0x13, 0xd0, 0xfb, 0xa8, 0x91, 0x73, 0xb1, 0x33, 0x18, 0xbe, 0x21, 0x72, 0x48, 0xb6,
39 0xdb, 0xa0, 0x5d, 0xcc, 0xe6, 0x17, 0x27, 0xe5, 0xd4, 0x53, 0x42, 0xf3, 0xdd, 0x7b, 0x24, 0xac,
40 0x2b, 0x58, 0x1e, 0xa7, 0xe7, 0x86, 0x40, 0xd3, 0x98, 0x97, 0x71, 0xcb, 0x3a, 0x0f, 0x01, 0x9b,
41 0x6e, 0x1b, 0xfc, 0x34, 0xa6, 0xda, 0x07, 0x0c, 0xae, 0x37, 0xca, 0x54, 0xfd, 0x26, 0xfe, 0x0a,
42 0x45, 0xa2, 0x2a, 0xc4, 0x12, 0x0d, 0xf5, 0x4f, 0x69, 0xe0, 0x8a, 0x77, 0x60, 0x3f, 0x99, 0x95,
43 0xd2, 0x38, 0x36, 0x62, 0xb7, 0x32, 0x7e, 0x79, 0xc0, 0x46, 0x93, 0x2f, 0xa5, 0xba, 0x5b, 0xaf,
44 0x52, 0x1d, 0xc3, 0x75, 0xcf, 0xd6, 0x4c, 0x83, 0xe8, 0x3d, 0x30, 0x4e, 0xbc, 0x08, 0x2d, 0x09,
45 0x06, 0xd9, 0x25, 0x9e, 0x89, 0xf2, 0x96, 0x88, 0xc1, 0x8c, 0x94, 0x0b, 0x28, 0xf0, 0x47, 0x63,
46 0xd5, 0xb3, 0x68, 0x56, 0x9c, 0xf9, 0x6f, 0x41, 0x50, 0x85, 0x8b, 0x9d, 0x59, 0xbf, 0x9f, 0xe2,
47 0x8e, 0x6a, 0x11, 0x23, 0xa1, 0xcd, 0xb5, 0x7d, 0xc7, 0xa9, 0xc8, 0xef, 0xdf, 0x02, 0xb8, 0x03,
48 0x6b, 0x35, 0x3e, 0x2c, 0x76, 0xc9, 0xde, 0x1c, 0x4b, 0xd1, 0xed, 0x14, 0xc5, 0xad, 0xe9, 0x64,
49 0x4a, 0xec, 0x8d, 0xf7, 0x10, 0x43, 0x78, 0x15, 0x87, 0xe4, 0xd7, 0x92, 0xe1, 0xee, 0xe3, 0x90
50 };
51
52 for (int i = 0; i < len; i++) {
53 arr[i] = lut[arr[i]];
54 }
55 }
56
57 static void descramble(uint8_t *arr, uint8_t len) {
58 uint8_t lut[] = {
59 0x2f, 0x6e, 0xdd, 0xdf, 0x1d, 0x0f, 0xb0, 0x76, 0xad, 0xaf, 0x7f, 0xbb, 0x77, 0x85, 0x11, 0x6d,
60 0xf4, 0xd2, 0x84, 0x42, 0xeb, 0xf7, 0x34, 0x55, 0x4a, 0x3a, 0x10, 0x71, 0xe7, 0xa1, 0x62, 0x1a,
61 0x3e, 0x4c, 0x14, 0xd3, 0x5e, 0xb2, 0x7d, 0x56, 0xbc, 0x27, 0x82, 0x60, 0xe3, 0xae, 0x1f, 0x9b,
62 0xaa, 0x2b, 0x95, 0x49, 0x73, 0xe1, 0x92, 0x79, 0x91, 0x38, 0x6c, 0x19, 0x0e, 0xa9, 0xe2, 0x8d,
63 0x66, 0xc7, 0x5a, 0xf5, 0x1c, 0x80, 0x99, 0xbe, 0x4e, 0x41, 0xf0, 0xe8, 0xa6, 0x20, 0xab, 0x87,
64 0xc8, 0x1e, 0xa0, 0x59, 0x7b, 0x0c, 0xc3, 0x3c, 0x61, 0xcc, 0x40, 0x9e, 0x06, 0x52, 0x1b, 0x32,
65 0x8c, 0x12, 0x93, 0xbf, 0xef, 0x3b, 0x25, 0x0d, 0xc2, 0x88, 0xd1, 0xe0, 0x07, 0x2d, 0x70, 0xc6,
66 0x29, 0x6a, 0x4d, 0x47, 0x26, 0xa3, 0xe4, 0x8b, 0xf6, 0x97, 0x2c, 0x5d, 0x3d, 0xd7, 0x96, 0x28,
67 0x02, 0x08, 0x30, 0xa7, 0x22, 0xc9, 0x65, 0xf8, 0xb7, 0xb4, 0x8a, 0xca, 0xb9, 0xf2, 0xd0, 0x17,
68 0xff, 0x46, 0xfb, 0x9a, 0xba, 0x8f, 0xb6, 0x69, 0x68, 0x8e, 0x21, 0x6f, 0xc4, 0xcb, 0xb3, 0xce,
69 0x51, 0xd4, 0x81, 0x00, 0x2e, 0x9c, 0x74, 0x63, 0x45, 0xd9, 0x16, 0x35, 0x5f, 0xed, 0x78, 0x9f,
70 0x01, 0x48, 0x04, 0xc1, 0x33, 0xd6, 0x4f, 0x94, 0xde, 0x31, 0x9d, 0x0a, 0xac, 0x18, 0x4b, 0xcd,
71 0x98, 0xb8, 0x37, 0xa2, 0x83, 0xec, 0x03, 0xd8, 0xda, 0xe5, 0x7a, 0x6b, 0x53, 0xd5, 0x15, 0xa4,
72 0x43, 0xe9, 0x90, 0x67, 0x58, 0xc0, 0xa5, 0xfa, 0x2a, 0xb1, 0x75, 0x50, 0x39, 0x5c, 0xe6, 0xdc,
73 0x89, 0xfc, 0xcf, 0xfe, 0xf9, 0x57, 0x54, 0x64, 0xa8, 0xee, 0x23, 0x0b, 0xf1, 0xea, 0xfd, 0xdb,
74 0xbd, 0x09, 0xb5, 0x5b, 0x05, 0x86, 0x13, 0xf3, 0x24, 0xc5, 0x3f, 0x44, 0x72, 0x7c, 0x7e, 0x36
75 };
76
77 for (int i = 0; i < len; i++) {
78 arr[i] = lut[arr[i]];
79 }
80 }
81
82 //see ASK/MAN Demod for what args are accepted
83 int demodGallagher(bool verbose) {
84 (void) verbose; // unused so far
85 bool st = true;
86 if (ASKDemod_ext(32, 0, 100, 0, false, false, false, 1, &st) != PM3_SUCCESS) {
87 PrintAndLogEx(DEBUG, "DEBUG: Error - GALLAGHER: ASKDemod failed");
88 return PM3_ESOFT;
89 }
90
91 size_t size = DemodBufferLen;
92 int ans = detectGallagher(DemodBuffer, &size);
93 if (ans < 0) {
94 if (ans == -1)
95 PrintAndLogEx(DEBUG, "DEBUG: Error - GALLAGHER: too few bits found");
96 else if (ans == -2)
97 PrintAndLogEx(DEBUG, "DEBUG: Error - GALLAGHER: preamble not found");
98 else if (ans == -3)
99 PrintAndLogEx(DEBUG, "DEBUG: Error - GALLAGHER: Size not correct: %zu", size);
100 else
101 PrintAndLogEx(DEBUG, "DEBUG: Error - GALLAGHER: ans: %d", ans);
102
103 return PM3_ESOFT;
104 }
105 setDemodBuff(DemodBuffer, 96, ans);
106 setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock));
107
108 // got a good demod
109 uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32);
110 uint32_t raw2 = bytebits_to_byte(DemodBuffer + 32, 32);
111 uint32_t raw3 = bytebits_to_byte(DemodBuffer + 64, 32);
112
113 // bytes
114 uint8_t arr[8] = {0};
115 for (int i = 0, pos = 0; i < ARRAYLEN(arr); i++) {
116 pos = 16 + (9 * i);
117 arr[i] = bytebits_to_byte(DemodBuffer + pos, 8);
118 }
119
120 // crc
121 uint8_t crc = bytebits_to_byte(DemodBuffer + 16 + (9 * 8), 8);
122 uint8_t calc_crc = CRC8Cardx(arr, ARRAYLEN(arr));
123
124 descramble(arr, ARRAYLEN(arr));
125
126 // 4bit region code
127 uint8_t rc = (arr[3] & 0x1E) >> 1;
128
129 // 16bit FC
130 uint16_t fc = (arr[5] & 0x0F) << 12 | arr[1] << 4 | ((arr[7] >> 4) & 0x0F);
131
132 // 24bit CN
133 uint32_t cn = arr[0] << 16 | (arr[4] & 0x1F) << 11 | arr[2] << 3 | (arr[3] & 0xE0) >> 5;
134
135 // 4bit issue level
136 uint8_t il = arr[7] & 0x0F;
137
138 PrintAndLogEx(SUCCESS, "GALLAGHER - Region: " _GREEN_("%u") " FC: " _GREEN_("%u") " CN: " _GREEN_("%u") " Issue Level: " _GREEN_("%u"), rc, fc, cn, il);
139 PrintAndLogEx(SUCCESS, " Displayed: " _GREEN_("%C%u"), rc + 'A', fc);
140 PrintAndLogEx(SUCCESS, " Raw: %08X%08X%08X", raw1, raw2, raw3);
141 PrintAndLogEx(SUCCESS, " CRC: %02X - %02X (%s)", crc, calc_crc, (crc == calc_crc) ? "ok" : "fail");
142 return PM3_SUCCESS;
143 }
144
145 static int CmdGallagherDemod(const char *Cmd) {
146 CLIParserContext *ctx;
147 CLIParserInit(&ctx, "lf gallagher demod",
148 "Try to find GALLAGHER preamble, if found decode / descramble data",
149 "lf gallagher demod"
150 );
151
152 void *argtable[] = {
153 arg_param_begin,
154 arg_param_end
155 };
156 CLIExecWithReturn(ctx, Cmd, argtable, true);
157 CLIParserFree(ctx);
158 return demodGallagher(true);
159 }
160
161 static int CmdGallagherReader(const char *Cmd) {
162 CLIParserContext *ctx;
163 CLIParserInit(&ctx, "lf gallagher reader",
164 "read a GALLAGHER tag",
165 "lf gallagher reader -@ -> continuous reader mode"
166 );
167
168 void *argtable[] = {
169 arg_param_begin,
170 arg_lit0("@", NULL, "optional - continuous reader mode"),
171 arg_param_end
172 };
173 CLIExecWithReturn(ctx, Cmd, argtable, true);
174 bool cm = arg_get_lit(ctx, 1);
175 CLIParserFree(ctx);
176
177 if (cm) {
178 PrintAndLogEx(INFO, "Press " _GREEN_("<Enter>") " to exit");
179 }
180
181 do {
182 lf_read(false, 4096 * 2 + 20);
183 demodGallagher(!cm);
184 } while (cm && !kbd_enter_pressed());
185 return PM3_SUCCESS;
186 }
187
188 static bool isValidGallagherParams(int8_t rc, int32_t fc, int32_t cn, int8_t il) {
189 bool isValid = true;
190
191 // if one is set, all must be set
192 if (rc < 0 || fc < 0 || cn < 0 || il < 0) {
193 PrintAndLogEx(FAILED, "If rc/fc/cn/il is specified, all must be set");
194 isValid = false;
195 }
196 // validate input
197 if (rc > 0x0f) {
198 PrintAndLogEx(FAILED, "Region code must be less than 16 (4 bits)");
199 isValid = false;
200 }
201 if (fc > 0xffff) {
202 PrintAndLogEx(FAILED, "Facility code must be less than 65536 (2 bytes)");
203 isValid = false;
204 }
205 if (cn > 0xffffff) {
206 PrintAndLogEx(FAILED, "Card number must be less than 16777216 (3 bytes)");
207 isValid = false;
208 }
209 if (il > 0x0f) {
210 PrintAndLogEx(FAILED, "Issue level must be less than 16 (4 bits)");
211 isValid = false;
212 }
213 return isValid;
214 }
215
216 static void setBitsInBlocks(uint32_t *blocks, uint8_t *pos, uint32_t data, uint8_t data_len) {
217 for (int i = data_len - 1; i >= 0; i--) {
218 uint8_t blk = *pos / 32;
219 uint8_t bitPos = 31 - *pos % 32; // fill from left
220 uint8_t bit = (data >> i) & 1;
221 blocks[blk] |= bit << bitPos;
222 (*pos)++;
223 }
224 }
225
226 static void createBlocks(uint32_t *blocks, uint8_t rc, uint16_t fc, uint32_t cn, uint8_t il) {
227 // put data into the correct places (Gallagher obfuscation)
228 uint8_t arr[8] = {0};
229 arr[0] = (cn & 0xffffff) >> 16;
230 arr[1] = (fc & 0xfff) >> 4;
231 arr[2] = (cn & 0x7ff) >> 3;
232 arr[3] = (cn & 0x7) << 5 | (rc & 0xf) << 1;
233 arr[4] = (cn & 0xffff) >> 11;
234 arr[5] = (fc & 0xffff) >> 12;
235 arr[6] = 0;
236 arr[7] = (fc & 0xf) << 4 | (il & 0xf);
237
238 // more obfuscation
239 scramble(arr, ARRAYLEN(arr));
240
241 blocks[0] = blocks[1] = blocks[2] = 0;
242 uint8_t pos = 0;
243
244 // magic prefix
245 setBitsInBlocks(blocks, &pos, 0x7fea, 16);
246
247 for (int i = 0; i < ARRAYLEN(arr); i++) {
248 // data byte
249 setBitsInBlocks(blocks, &pos, arr[i], 8);
250
251 // every byte is followed by a bit which is the inverse of the last bit
252 setBitsInBlocks(blocks, &pos, !(arr[i] & 0x1), 1);
253 }
254
255 // checksum
256 uint8_t crc = CRC8Cardx(arr, ARRAYLEN(arr));
257 setBitsInBlocks(blocks, &pos, crc, 8);
258 }
259
260 static int CmdGallagherClone(const char *Cmd) {
261
262 CLIParserContext *ctx;
263 CLIParserInit(&ctx, "lf gallagher clone",
264 "clone a GALLAGHER tag to a T55x7, Q5/T5555 or EM4305/4469 tag.",
265 "lf gallagher clone --raw 0FFD5461A9DA1346B2D1AC32\n"
266 "lf gallagher clone --q5 --raw 0FFD5461A9DA1346B2D1AC32 -> encode for Q5/T5555 tag\n"
267 "lf gallagher clone --em --raw 0FFD5461A9DA1346B2D1AC32 -> encode for EM4305/4469\n"
268 "lf gallagher clone --rc 0 --fc 9876 --cn 1234 --il 1"
269 );
270
271 void *argtable[] = {
272 arg_param_begin,
273 arg_str0("r", "raw", "<hex>", "raw hex data. 12 bytes max"),
274 arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"),
275 arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"),
276 arg_int0(NULL, "rc", "<decimal>", "Region code. 4 bits max"),
277 arg_int0(NULL, "fc", "<decimal>", "Facility code. 2 bytes max"),
278 arg_int0(NULL, "cn", "<decimal>", "Card number. 3 bytes max"),
279 arg_int0(NULL, "il", "<decimal>", "Issue level. 4 bits max"),
280 arg_param_end
281 };
282 CLIExecWithReturn(ctx, Cmd, argtable, false);
283
284 int raw_len = 0;
285 // skip first block, 3*4 = 12 bytes left
286 uint8_t raw[12] = {0};
287 int res = CLIParamHexToBuf(arg_get_str(ctx, 1), raw, sizeof raw, &raw_len);
288 if (res) {
289 CLIParserFree(ctx);
290 return PM3_EINVARG;
291 }
292
293 bool q5 = arg_get_lit(ctx, 2);
294 bool em = arg_get_lit(ctx, 3);
295 int16_t region_code = arg_get_int_def(ctx, 4, -1);
296 int32_t facility_code = arg_get_int_def(ctx, 5, -1);
297 uint64_t card_number = arg_get_int_def(ctx, 6, -1);
298 uint32_t issue_level = arg_get_int_def(ctx, 7, -1);
299 CLIParserFree(ctx);
300
301 bool use_raw = raw_len > 0;
302
303 if (q5 && em) {
304 PrintAndLogEx(FAILED, "Can't specify both Q5 and EM4305 at the same time");
305 return PM3_EINVARG;
306 }
307
308 if (region_code == -1 && facility_code == -1 && card_number == -1 && issue_level == -1) {
309 if (!use_raw) {
310 PrintAndLogEx(FAILED, "Must specify either raw data to clone, or rc/fc/cn/il");
311 return PM3_EINVARG;
312 }
313 } else {
314 // --raw and --rc/fc/cn/il are mutually exclusive
315 if (use_raw) {
316 PrintAndLogEx(FAILED, "Can't specify both raw and rc/fc/cn/il at the same time");
317 return PM3_EINVARG;
318 }
319 if (!isValidGallagherParams(region_code, facility_code, card_number, issue_level)) {
320 return PM3_EINVARG;
321 }
322 }
323
324 uint32_t blocks[4];
325 if (use_raw) {
326 for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) {
327 blocks[i] = bytes_to_num(raw + ((i - 1) * 4), sizeof(uint32_t));
328 }
329 } else {
330 // fill blocks 1 to 3 with Gallagher data
331 createBlocks(blocks + 1, region_code, facility_code, card_number, issue_level);
332 }
333
334 //Pac - compat mode, NRZ, data rate 40, 3 data blocks
335 blocks[0] = T55x7_MODULATION_MANCHESTER | T55x7_BITRATE_RF_32 | 3 << T55x7_MAXBLOCK_SHIFT;
336 char cardtype[16] = {"T55x7"};
337 // Q5
338 if (q5) {
339 blocks[0] = T5555_FIXED | T5555_MODULATION_MANCHESTER | T5555_SET_BITRATE(32) | 3 << T5555_MAXBLOCK_SHIFT;
340 snprintf(cardtype, sizeof(cardtype), "Q5/T5555");
341 }
342
343 // EM4305
344 if (em) {
345 blocks[0] = EM4305_GALLAGHER_CONFIG_BLOCK;
346 snprintf(cardtype, sizeof(cardtype), "EM4305/4469");
347 }
348
349 PrintAndLogEx(INFO, "Preparing to clone Gallagher to " _YELLOW_("%s") " from %s.",
350 cardtype, use_raw ? "raw hex" : "specified data");
351 print_blocks(blocks, ARRAYLEN(blocks));
352
353 if (em) {
354 res = em4x05_clone_tag(blocks, ARRAYLEN(blocks), 0, false);
355 } else {
356 res = clone_t55xx_tag(blocks, ARRAYLEN(blocks));
357 }
358 PrintAndLogEx(SUCCESS, "Done");
359 PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf gallagher reader`") " to verify");
360 return res;
361 }
362
363 static int CmdGallagherSim(const char *Cmd) {
364
365 CLIParserContext *ctx;
366 CLIParserInit(&ctx, "lf gallagher sim",
367 "Enables simulation of GALLAGHER card with specified card number.\n"
368 "Simulation runs until the button is pressed or another USB command is issued.\n",
369 "lf gallagher sim --raw 0FFD5461A9DA1346B2D1AC32\n"
370 "lf gallagher sim --rc 0 --fc 9876 --cn 1234 --il 1"
371 );
372
373 void *argtable[] = {
374 arg_param_begin,
375 arg_str0("r", "raw", "<hex>", "raw hex data. 12 bytes max"),
376 arg_int0(NULL, "rc", "<decimal>", "Region code. 4 bits max"),
377 arg_int0(NULL, "fc", "<decimal>", "Facility code. 2 bytes max"),
378 arg_int0(NULL, "cn", "<decimal>", "Card number. 3 bytes max"),
379 arg_int0(NULL, "il", "<decimal>", "Issue level. 4 bits max"),
380 arg_param_end
381 };
382 CLIExecWithReturn(ctx, Cmd, argtable, false);
383
384 int raw_len = 0;
385 // skip first block, 3*4 = 12 bytes left
386 uint8_t raw[12] = {0};
387 CLIGetHexWithReturn(ctx, 1, raw, &raw_len);
388 int res = CLIParamHexToBuf(arg_get_str(ctx, 1), raw, sizeof raw, &raw_len);
389 if (res) {
390 CLIParserFree(ctx);
391 return PM3_EINVARG;
392 }
393
394 int16_t region_code = arg_get_int_def(ctx, 2, -1);
395 int32_t facility_code = arg_get_int_def(ctx, 3, -1);
396 uint64_t card_number = arg_get_int_def(ctx, 4, -1);
397 uint32_t issue_level = arg_get_int_def(ctx, 5, -1);
398 CLIParserFree(ctx);
399
400 bool use_raw = raw_len > 0;
401
402 if (region_code == -1 && facility_code == -1 && card_number == -1 && issue_level == -1) {
403 if (!use_raw) {
404 PrintAndLogEx(FAILED, "Must specify either raw data to clone, or rc/fc/cn/il");
405 return PM3_EINVARG;
406 }
407 } else {
408 // --raw and --rc/fc/cn/il are mutually exclusive
409 if (use_raw) {
410 PrintAndLogEx(FAILED, "Can't specify both raw and rc/fc/cn/il at the same time");
411 return PM3_EINVARG;
412 }
413 if (!isValidGallagherParams(region_code, facility_code, card_number, issue_level)) {
414 return PM3_EINVARG;
415 }
416 }
417
418 if (!use_raw) {
419 // generate Gallagher data
420 uint32_t blocks[3];
421 createBlocks(blocks, region_code, facility_code, card_number, issue_level);
422
423 // convert to the normal 'raw' format
424 for (int i = 0; i < ARRAYLEN(blocks); i++) {
425 raw[(4 * i) + 0] = (blocks[i] >> 24) & 0xff;
426 raw[(4 * i) + 1] = (blocks[i] >> 16) & 0xff;
427 raw[(4 * i) + 2] = (blocks[i] >> 8) & 0xff;
428 raw[(4 * i) + 3] = (blocks[i]) & 0xff;
429 }
430 }
431
432 // ASK/MAN sim.
433 PrintAndLogEx(SUCCESS, "Simulating Gallagher - raw " _YELLOW_("%s"), sprint_hex_inrow(raw, sizeof(raw)));
434
435 uint8_t bs[sizeof(raw) * 8];
436 bytes_to_bytebits(raw, sizeof(raw), bs);
437
438 lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs));
439 payload->encoding = 1;
440 payload->invert = 0;
441 payload->separator = 0;
442 payload->clock = 32;
443 memcpy(payload->data, bs, sizeof(bs));
444
445 clearCommandBuffer();
446 SendCommandNG(CMD_LF_ASK_SIMULATE, (uint8_t *)payload, sizeof(lf_asksim_t) + sizeof(bs));
447 free(payload);
448
449 return lfsim_wait_check(CMD_LF_ASK_SIMULATE);
450 }
451
452 static command_t CommandTable[] = {
453 {"help", CmdHelp, AlwaysAvailable, "This help"},
454 {"demod", CmdGallagherDemod, AlwaysAvailable, "demodulate an GALLAGHER tag from the GraphBuffer"},
455 {"reader", CmdGallagherReader, IfPm3Lf, "attempt to read and extract tag data"},
456 {"clone", CmdGallagherClone, IfPm3Lf, "clone GALLAGHER tag to T55x7"},
457 {"sim", CmdGallagherSim, IfPm3Lf, "simulate GALLAGHER tag"},
458 {NULL, NULL, NULL, NULL}
459 };
460
461 static int CmdHelp(const char *Cmd) {
462 (void)Cmd; // Cmd is not used so far
463 CmdsHelp(CommandTable);
464 return PM3_SUCCESS;
465 }
466
467 int CmdLFGallagher(const char *Cmd) {
468 clearCommandBuffer();
469 return CmdsParse(CommandTable, Cmd);
470 }
471
472 // find Gallagher preamble in already demoded data
473 int detectGallagher(uint8_t *dest, size_t *size) {
474 if (*size < 96) return -1; //make sure buffer has data
475 size_t startIdx = 0;
476 uint8_t preamble[] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0 };
477 if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx))
478 return -2; //preamble not found
479
480 if (*size != 96) return -3; //wrong demoded size
481 //return start position
482 return (int)startIdx;
483 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware