-----
HELP
-----
ESP-RFID-Tool
Created by Corey Harding
www.LegacySecurityGroup.com / www.Exploit.Agency
https://github.com/rfidtool/ESP-RFID-Tool - See Link for Updated Firmware or for more detailed Help
The ESP-RFID-Tool is a tool created for logging Wiegand data and also for testing devices that contain a Wiegand Interface. The primary target group is 26-37bit HID Cards but it will also work with most devices that output Wiegand data. ESP-RFID-Tool can be combined with a RFID reader and a battery to create a portable standalone RFID badge logger, it can also be integrated into existing systems without the need for a battery and instead drawing its power directly from the wiring in the existing installation. The ESP-RFID-Tool can read the data from any device that contains a Wiegand Interface and outputs data from 1 bit long up to 4,096 bits long, although anything other than 26-37bit is experimental. The ESP-RFID-Tool is not even limited to RFID technologies, many other devices also contain a Wiegand Interface as it is an access control system standard, this includes pin pads(keypad), magnetic stripe(magstripe), there are even non access control related devices that utilize a Wiegand Interface.
The ESP-RFID-Tool software is distributed under the MIT License. The license and copyright notice can not be removed and must be distributed alongside all future copies of the software.
-----
Accessing ESP-RFID-Tool Web Interface
-----
SSID: "ESP-RFID-Tool"
URL: http://192.168.1.1
-----
Configure ESP-RFID-Tool
-----
Default credentials to access the configuration page:
Username: "admin"
Password: "rfidtool"
Default credentials for ftp server:
Username: "ftp-admin"
Password: "rfidtool"
WiFi Configuration:
Network Type:
Access Point Mode: Create a standalone access point(No Internet Connectivity-Requires Close Proximity)
Join Existing Network: Join an existing network(Possible Internet Connectivity-Could use Device Remotely)
Hidden: Choose whether or not to use a hidden SSID when creating an access point
SSID: SSID of the access point to create or of the network you are choosing to join
Password: Password of the access point which you wish to create or of the network you are choosing to join
Channel: Channel of the access point you are creating
IP: IP to set for device
Gateway: Gateway to use, make it the same as ESP-RFID-Tool's IP if an access point or the same as the router if joining a network
Subnet: Typically set to 255.255.255.0
Web Interface Administration Settings:
Username: Username to configure/upgrade ESP-RFID-Tool
Password: Password to configure/upgrade ESP-RFID-Tool
FTP Server Settings:
Note: Supports Passive(PASV) Mode Only!
Enabled: Turn FTP Server ON
Disabled: Turn FTP Server OFF
Username: Username to login to ftp server
Password: Password to login to ftp server
Power LED:
Enabled: Turn ON Power LED
Disabled: Turn OFF Power LED
RFID Capture Log:
Useful to change this value to differentiate between facilities during various security assessments.
File Name: File name to save captured RFID tags to for the current security assessment.
-----
List Exfiltrated Data
-----
Displays all log files containing RFID tag captures.
-----
Format File System
-----
This will erase the contents of the SPIFFS file system including ALL RFID tag captures.
Formatting may take up to 90 seconds.
All current settings will be retained unless you reboot your device during this process.
-----
Upgrade ESP-RFID-Tool Firmware
-----
Authenticate using your username and password set in the configuration page.
Default credentials to access the firmware upgrade page:
Username: "admin"
Password: "rfidtool"
Select "Browse" choose the new firmware to be uploaded and then click "Upgrade".
You will need to manually reset the device upon the browser alerting you that the upgrade was successful.
-----
Licensing Information
-----
Created by Corey Harding
https://github.com/rfidtool/ESP-RFID-Tool
ESP-RFID-Tool software is licensed under the MIT License
/*
MIT License
Copyright (c) [2018] [Corey Harding]
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
Click here for additional licensing information )====="; ================================================ FILE: Source Code/esprfidtool/LICENSE ================================================ SOFTWARE LICENSE MIT License Copyright (c) [2018] [Corey Harding] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: Source Code/esprfidtool/License.h ================================================ const char License[] PROGMEM = R"=====(
ESP-RFID-Tool by Corey Harding: https://www.LegacySecurityGroup.com
Code available at: https://github.com/rfidtool/ESP-RFID-Tool
ESP-RFID-Tool Hardware was created by Corey Harding
ESP-RFID-Tool Software is licensed under the MIT License
/*
MIT License
Copyright (c) [2018] [Corey Harding]
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
Core libraries used:
/*
Arduino.h - Main include file for the Arduino SDK
Copyright (c) 2005-2013 Arduino Team. All right reserved.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/*
ESP8266WiFi.h - esp8266 Wifi support.
Based on WiFi.h from Arduino WiFi shield library.
Copyright (c) 2011-2014 Arduino. All right reserved.
Modified by Ivan Grokhotkov, December 2014
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/*
WiFiClient.h - Library for Arduino Wifi shield.
Copyright (c) 2011-2014 Arduino. All right reserved.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Modified by Ivan Grokhotkov, December 2014 - esp8266 support
*/
/*
ESP8266WebServer.h - Dead simple web-server.
Supports only one simultaneous client, knows how to handle GET and POST.
Copyright (c) 2014 Ivan Grokhotkov. All rights reserved.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Modified 8 May 2015 by Hristo Gochkov (proper post and file upload handling)
*/
/*
Esp8266httpupdateserver.h No license information available.
*/
/*
ESP8266mDNS.h
ESP8266 Multicast DNS (port of CC3000 Multicast DNS library)
Version 1.1
Copyright (c) 2013 Tony DiCola (tony@tonydicola.com)
ESP8266 port (c) 2015 Ivan Grokhotkov (ivan@esp8266.com)
Extended MDNS-SD support 2016 Lars Englund (lars.englund@gmail.com)
This is a simple implementation of multicast DNS query support for an Arduino
running on ESP8266 chip. Only support for resolving address queries is currently
implemented.
License (MIT license):
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
/*
FS.h - file system wrapper
Copyright (c) 2015 Ivan Grokhotkov. All rights reserved.
This file is part of the esp8266 core for Arduino environment.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/*
ArduinoJson.h
The MIT License (MIT)
---------------------
Copyright (c) 2014-2017 Benoit BLANCHON
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
/*
ESP8266FtpServer.h - by nailbuster, later modified by bbx10 and apullin
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
https://github.com/apullin/esp8266FTPServer/blob/feature/bbx10_speedup/LICENSE
*/
/*
WiegandNG.h by JP Liew
https://github.com/jpliew/Wiegand-NG-Multi-Bit-Wiegand-Library-for-Arduino
GNU LGPL License 2.1
This library is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation; either version 2.1 of the License, or (at your option)
any later version.
This library is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
more details.
*/
/*
Wiegand Preamble Calculator Code from the Tastic RFID Thief byFran Brown of Bishop Fox
https://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/
*/
/*
Original source for aba-decode.py by Andrew MacPherson(andrewmohawk)
https://andrewmohawk.com/2012/05/29/magnetic-stripes-part-1/
https://pastebin.com/h9eVqRxz
*/
/*
strrev.h by Dmitry Xmelkov
Copyright (c) 2007 Dmitry Xmelkov
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
* Neither the name of the copyright holders nor the names of
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
This is not a comprehensive list, these "Core Libraries" may depend on additional
libraries, more information can be obtained by viewing the source code of the main libraries.
)=====";
================================================
FILE: Source Code/esprfidtool/WiegandNG.cpp
================================================
#include "WiegandNG.h"
// pcintbranch
volatile unsigned long WiegandNG::_lastPulseTime; // time last bit pulse received
volatile unsigned int WiegandNG::_bitCounted; // number of bits arrived at Interrupt pins
volatile unsigned char *WiegandNG::_buffer; // buffer for data retention
unsigned int WiegandNG::_bufferSize; // memory (bytes) allocated for buffer
void shift_left(volatile unsigned char *ar, int size, int shift)
{
while (shift--) { // for each bit to shift ...
int carry = 0; // clear the initial carry bit.
int lastElement = size-1;
for (int i = 0; i < size; i++) { // for each element of the array, from low byte to high byte
if (i!=lastElement) {
// condition ? valueIfTrue : valueIfFalse
carry = (ar[i+1] & 0x80) ? 1 : 0;
ar[i] = carry | (ar[i]<<1);
}
else {
ar[i] <<=1;
}
}
}
}
void WiegandNG::clear() { // reset variables to start new capture
_bitCounted=0;
_lastPulseTime = millis();
memset((unsigned char *)_buffer,0,_bufferSize);
interrupts(); // allow interrupt
}
void WiegandNG::pause() {
noInterrupts(); // disable interrupt so that user can process data
}
volatile unsigned char * WiegandNG::getRawData() {
return _buffer; // return pointer of the buffer
}
unsigned int WiegandNG::getPacketGap() {
return _packetGap;
}
unsigned int WiegandNG::getBitAllocated() {
return _bitAllocated;
}
unsigned int WiegandNG::getBitCounted() {
return _bitCounted;
}
unsigned int WiegandNG::getBufferSize() {
return _bufferSize;
}
bool WiegandNG::available() {
bool ret=false;
noInterrupts();
unsigned long tempLastPulseTime = _lastPulseTime;
interrupts();
unsigned long sysTick = millis();
// if ((sysTick - _lastPulseTime) > _packetGap) { // _packetGap (ms) laps
if ((sysTick - tempLastPulseTime) > _packetGap) { // _packetGap (ms) laps
if(_bitCounted>0) { // bits found, must have data, return true
/*if(_bitCounted<8) {
Serial.print(_bitCounted);
Serial.print(", ");
Serial.print(sysTick);
Serial.print(", ");
Serial.print(_lastPulseTime);
Serial.print(",");
Serial.println(tempLastPulseTime);
}*/
ret=true;
}
else
{
_lastPulseTime = millis();
}
}
return ret;
}
void WiegandNG::ReadD0 () {
_bitCounted++; // increment bit count for Interrupt connected to D0
shift_left(_buffer,_bufferSize,1); // shift 0 into buffer
_lastPulseTime = millis(); // keep track of time last wiegand bit received
}
void WiegandNG::ReadD1() {
_bitCounted++; // increment bit count for Interrupt connected to D1
if (_bitCounted > (_bufferSize * 8)) {
_bitCounted=0; // overflowed,
} else {
shift_left(_buffer,_bufferSize,1); // shift 1 into buffer
_buffer[_bufferSize-1] |=1; // set last bit 1
_lastPulseTime = millis(); // keep track of time last wiegand bit received
}
}
bool WiegandNG::begin(unsigned int allocateBits, unsigned int packetGap) {
bool ret;
// newer versions of Arduino provide pin to interrupt mapping
ret=begin(2, 3, allocateBits, packetGap);
return ret;
}
bool WiegandNG::begin(uint8_t pinD0, uint8_t pinD1, unsigned int allocateBits, unsigned int packetGap) {
if (_buffer != NULL) {
delete [] _buffer;
}
_packetGap = packetGap;
_bitAllocated = allocateBits;
_bufferSize=(_bitAllocated/8); // calculate the number of bytes required to store wiegand bits
if((_bitAllocated % 8) >0) _bufferSize++; // add 1 extra byte to cater for bits that are not divisible by 8
_buffer = new unsigned char [_bufferSize]; // allocate memory for buffer
if(_buffer == NULL) return false; // not enough memory, return false
clear();
pinMode(pinD0, INPUT); // set D0 pin as input
pinMode(pinD1, INPUT); // set D1 pin as input
attachInterrupt(digitalPinToInterrupt(pinD0), ReadD0, FALLING); // hardware interrupt - high to low pulse
attachInterrupt(digitalPinToInterrupt(pinD1), ReadD1, FALLING); // hardware interrupt - high to low pulse
return true;
}
WiegandNG::WiegandNG() {
}
WiegandNG::~WiegandNG() {
if (_buffer != NULL) {
delete [] _buffer;
}
}
================================================
FILE: Source Code/esprfidtool/WiegandNG.h
================================================
#ifndef _WIEGAND_NG_H
#define _WIEGAND_NG_H
#if defined(ARDUINO) && ARDUINO >= 100
#include "Arduino.h"
#else
#include "WProgram.h"
#endif
class WiegandNG {
private:
static void ReadD0();
static void ReadD1();
static volatile unsigned long _lastPulseTime; // time last bits received
static volatile unsigned int _bitCounted; // number of bits arrived at Interrupt pins
static unsigned int _bufferSize; // memory (bytes) allocated for buffer
unsigned int _bitAllocated; // wiegand bits required
unsigned int _packetGap; // gap between wiegand packet in millisecond
static volatile unsigned char * _buffer; // buffer for data retention
public:
bool begin(unsigned int bits, unsigned int packetGap=25); // default packetGap is 25ms
bool begin(uint8_t pinD0, uint8_t pinD1, unsigned int bits, unsigned int packetGap);
bool available();
void clear();
void pause();
unsigned int getBitCounted();
unsigned int getBitAllocated();
unsigned int getBufferSize();
unsigned int getPacketGap();
volatile unsigned char *getRawData();
WiegandNG();
~WiegandNG();
};
#endif
================================================
FILE: Source Code/esprfidtool/aba2str.h
================================================
String aba2str (String magstripe, int magStart, int magEnd, String swipeDirection) {
//f.println(String()+"Start pos:"+magStart);
//f.println(String()+"Start pos:"+magEnd);
String ABA="";
String aba2str="";
int magCount=abs(magEnd-magStart);
//f.println(String()+"magCount:"+magCount);
aba2str=(String()+"\"Cleaned\" Binary:"+magstripe.substring(magStart,magEnd)+"\n");
aba2str+=(String()+" * Possible "+swipeDirection+" Card Data\(ASCII\):");
while (magCount>0) {
ABA=magstripe.substring(magStart,magStart+4);
if (ABA=="1101") {aba2str+=(";");}
else if (ABA=="0000") {aba2str+=("0");}
else if (ABA=="1000") {aba2str+=("1");}
else if (ABA=="0100") {aba2str+=("2");}
else if (ABA=="1100") {aba2str+=("3");}
else if (ABA=="0010") {aba2str+=("4");}
else if (ABA=="1010") {aba2str+=("5");}
else if (ABA=="0110") {aba2str+=("6");}
else if (ABA=="1110") {aba2str+=("7");}
else if (ABA=="0001") {aba2str+=("8");}
else if (ABA=="1001") {aba2str+=("9");}
else if (ABA=="0011") {aba2str+=("<");}
else if (ABA=="0111") {aba2str+=(">");}
else if (ABA=="0101") {aba2str+=(":");}
else if (ABA=="1011") {aba2str+=("=");}
else if (ABA=="1111") {aba2str+=("?");}
else {aba2str+=("_UNKNOWN-CHARACTER_");}
magStart=magStart+5;
magCount=magCount-5;
}
return aba2str;
}
================================================
FILE: Source Code/esprfidtool/api.h
================================================
void apiTX(String apiBIN, int apipulsewidth, int apidatainterval, int wait) {
wg.pause();
digitalWrite(DATA0, HIGH);
pinMode(DATA0,OUTPUT);
digitalWrite(DATA1, HIGH);
pinMode(DATA1,OUTPUT);
for (int i=0; i<=apiBIN.length(); i++) {
if (apiBIN.charAt(i) == '0') {
digitalWrite(DATA0, LOW);
delayMicroseconds(apipulsewidth);
digitalWrite(DATA0, HIGH);
}
else if (apiBIN.charAt(i) == '1') {
digitalWrite(DATA1, LOW);
delayMicroseconds(apipulsewidth);
digitalWrite(DATA1, HIGH);
}
if (apiBIN.charAt(i) == ',') {
delayMicroseconds(wait);
}
else {
delayMicroseconds(apidatainterval);
}
}
apiBIN="";
pinMode(DATA0, INPUT);
pinMode(DATA1, INPUT);
wg.clear();
}
void apiinfo(int prettify) {
FSInfo fs_info;
SPIFFS.info(fs_info);
String total;
total=fs_info.totalBytes;
String used;
used=fs_info.usedBytes;
String freespace;
freespace=fs_info.totalBytes-fs_info.usedBytes;
const size_t bufferSize = JSON_ARRAY_SIZE(5) + JSON_OBJECT_SIZE(3);
DynamicJsonBuffer jsonAPIbuffer(bufferSize);
JsonObject& apilog = jsonAPIbuffer.createObject();
apilog["Device"] = "ESP-RFID-Tool";
apilog["Firmware"] = version;
apilog["API"] = APIversion;
JsonObject& apifs = apilog.createNestedObject("File System");
apifs["Total Space"]=total;
apifs["Used Space"]=used;
apifs["Free Space"]=freespace;
apilog["Free Memory"] = String(ESP.getFreeHeap(),DEC);
String API_Response="";
if (prettify==1) {
apilog.prettyPrintTo(API_Response);
}
else {
apilog.printTo(API_Response);
}
server.send(200, "application/json", API_Response);
delay(50);
jsonAPIbuffer.clear();
}
void apilistlogs(int prettify) {
Dir dir = SPIFFS.openDir("/");
String FileList = "";
int logcount=0;
while (dir.next()) {
File f = dir.openFile("r");
String FileName = dir.fileName();
if((!FileName.startsWith("/payloads/"))&&(!FileName.startsWith("/esploit.json"))&&(!FileName.startsWith("/esportal.json"))&&(!FileName.startsWith("/esprfidtool.json"))&&(!FileName.startsWith("/config.json"))) {
logcount++;
}
f.close();
}
const size_t bufferSize = JSON_ARRAY_SIZE(5) + JSON_OBJECT_SIZE(1);
DynamicJsonBuffer jsonAPIbuffer(bufferSize);
JsonObject& apilog = jsonAPIbuffer.createObject();
apilog["Device"] = "ESP-RFID-Tool";
apilog["Firmware"] = version;
apilog["API"] = APIversion;
apilog["Log Count"] = logcount;
int currentlog=0;
Dir dir2ndrun = SPIFFS.openDir("/");
while (dir2ndrun.next()) {
File f = dir2ndrun.openFile("r");
String FileName = dir2ndrun.fileName();
if ((!FileName.startsWith("/payloads/"))&&(!FileName.startsWith("/esploit.json"))&&(!FileName.startsWith("/esportal.json"))&&(!FileName.startsWith("/esprfidtool.json"))&&(!FileName.startsWith("/config.json"))) {
currentlog++;
FileName.remove(0,1);
JsonObject& apilistlogs = apilog.createNestedObject(String(currentlog));
apilistlogs["File Name"]=FileName;
}
f.close();
}
String API_Response="";
if (prettify==1) {
apilog.prettyPrintTo(API_Response);
}
else {
apilog.printTo(API_Response);
}
server.send(200, "application/json", API_Response);
delay(50);
jsonAPIbuffer.clear();
}
void apilog(String logfile,int prettify) {
File f = SPIFFS.open(String()+"/"+logfile, "r");
if (!f) {
server.send(200, "application/json", "Log file not found");
delay(50);
}
else {
int apiCAPTUREcount=0;
while(f.available()) {
String line = f.readStringUntil('\n');
if(line.indexOf(",Binary:") > 0) {
apiCAPTUREcount++;
int firstIndex = line.indexOf(",Binary:");
int secondIndex = line.indexOf(",", firstIndex + 1);
String binaryCaptureLINE=line.substring(firstIndex+8, secondIndex);
}
}
f.close();
const size_t bufferSize = JSON_ARRAY_SIZE(6) + JSON_OBJECT_SIZE(4);
DynamicJsonBuffer jsonAPIbuffer(bufferSize);
JsonObject& apilog = jsonAPIbuffer.createObject();
apilog["Device"] = "ESP-RFID-Tool";
apilog["Firmware"] = version;
apilog["API"] = APIversion;
apilog["Log File"] = logfile;
apilog["Captures"] = apiCAPTUREcount;
int apiCURRENTcapture=0;
File f = SPIFFS.open(String()+"/"+logfile, "r");
while(f.available()) {
String line = f.readStringUntil('\n');
if(line.indexOf(",Binary:") > 0) {
apiCURRENTcapture++;
int firstIndex = line.indexOf(",Binary:");
int secondIndex = line.indexOf(",", firstIndex + 1);
String binaryCaptureLINE=line.substring(firstIndex+8, secondIndex);
if ( binaryCaptureLINE.indexOf(" ") > 0 ) {
binaryCaptureLINE=binaryCaptureLINE.substring(binaryCaptureLINE.indexOf(" ")+1);
}
binaryCaptureLINE.replace("\r","");
JsonObject& apiCURRENTcaptureOBJECT = apilog.createNestedObject(String(apiCURRENTcapture));
apiCURRENTcaptureOBJECT["Bit Count"]=binaryCaptureLINE.length();
apiCURRENTcaptureOBJECT["Binary"]=binaryCaptureLINE;
if(line.indexOf(",HEX:") > 0) {
int hfirstIndex = line.indexOf(",HEX:");
int hsecondIndex = line.indexOf(",", hfirstIndex + 1);
String hexCURRENT=line.substring(hfirstIndex+5, hsecondIndex);
hexCURRENT.replace("\r","");
apiCURRENTcaptureOBJECT["Hexadecimal"]=hexCURRENT;
}
if(line.indexOf(",Keypad Code:") > 0) {
int kfirstIndex = line.indexOf(",Keypad Code:");
int ksecondIndex = line.indexOf(",", kfirstIndex + 1);
String pinCURRENT=line.substring(kfirstIndex+13, ksecondIndex);
pinCURRENT.replace("\r","");
apiCURRENTcaptureOBJECT["Keypad Press"]=pinCURRENT;
}
}
}
f.close();
String API_Response="";
if (prettify==1) {
apilog.prettyPrintTo(API_Response);
}
else {
apilog.printTo(API_Response);
}
server.send(200, "application/json", API_Response);
delay(50);
jsonAPIbuffer.clear();
}
}
================================================
FILE: Source Code/esprfidtool/api_server.h
================================================
server.on("/api/tx/bin", [](){
String api_binary="";
int api_pulsewidth=txdelayus;
int api_datainterval=(txdelayms*1000);
int prettify=0;
int api_wait=100000;
if (server.hasArg("binary")) {
api_binary=(server.arg("binary"));
}
if (server.hasArg("pulsewidth")) {
api_pulsewidth=(server.arg("pulsewidth").toInt());
}
if (server.hasArg("interval")) {
api_datainterval=(server.arg("interval").toInt());
}
if (server.hasArg("wait")) {
api_wait=(server.arg("wait").toInt());
}
if (server.hasArg("prettify")) {
prettify=1;
}
const size_t bufferSize = JSON_ARRAY_SIZE(4) + JSON_OBJECT_SIZE(5);
DynamicJsonBuffer jsonAPIbuffer(bufferSize);
JsonObject& apitxbin = jsonAPIbuffer.createObject();
apitxbin["Device"] = "ESP-RFID-Tool";
apitxbin["Firmware"] = version;
apitxbin["API"] = APIversion;
JsonObject& apitxbinary = apitxbin.createNestedObject("Transmission");
int commacount=0;
for (int commalook=0; commalook<=api_binary.length(); commalook++) {
if (api_binary.charAt(commalook)==',') {
commacount++;
}
}
apitxbinary["Bit Count"]=api_binary.length()-commacount;
apitxbinary["Binary"]=api_binary;
apitxbinary["Wiegand Data Pulse Width"]=String()+api_pulsewidth+"us";
apitxbinary["Wiegand Data Interval"]=String()+api_datainterval+"us";
apitxbinary["Delay Between Packets"]=String()+api_wait+"us";
if (api_binary=="") {
server.send(200, "text/html", F(
"Binary to tx not specified." "Usage: [server]/api/tx/bin?binary=[binary]&pulsewidth=[delay_us]&interval=[delay_us]&wait=[delay_us_between_packets]
" "Use commas to separate the binary for transmitting multiple packets(useful for sending multiple keypresses for imitating keypads)
" "Example to TX Pin Code 1337# waiting 100,000us between packets(keypresses): /api/tx/bin?binary=11100001,11000011,11000011,10000111,01001011&wait=100000&prettify=1
" )); } else { String API_Response=""; if (prettify==1) { apitxbin.prettyPrintTo(API_Response); } else { apitxbin.printTo(API_Response); } server.send(200, "application/json", API_Response); delay(50); jsonAPIbuffer.clear(); apiTX(api_binary,api_pulsewidth,api_datainterval,api_wait); } }); server.on("/api/help", [](){ String apihelpHTML=String()+F( "<- BACK TO INDEX
" "API Version: " )+APIversion+F( "
" "/api/info
" "Usage: [server]/api/info
" "
" "/api/viewlog
" "Usage: [server]/api/viewlog?logfile=[log.txt]
" "
" "/api/listlogs
" "Usage: [server]/api/listlogs
" "
" "/api/tx/bin
" "Usage: [server]/api/tx/bin?binary=[binary]&pulsewidth=[delay_us]&interval=[delay_us]&wait=[delay_us_between_packets]
" "Use commas to separate the binary for transmitting multiple packets(useful for sending multiple keypresses for imitating keypads)
" "Example to TX Pin Code 1337# waiting 100,000us between packets(keypresses): /api/tx/bin?binary=11100001,11000011,11000011,10000111,01001011&wait=100000&prettify=1
" "
" "Universal Arguments
" "Prettify: [api-url]?[args]&prettify=1
" ); server.send(200, "text/html", apihelpHTML); }); server.on("/api/info", [](){ int prettify=0; if (server.hasArg("prettify")) { prettify=1; } apiinfo(prettify); }); server.on("/api/listlogs", [](){ int prettify=0; if (server.hasArg("prettify")) { prettify=1; } apilistlogs(prettify); }); server.on("/api/viewlog", [](){ int prettify=0; if (server.hasArg("prettify")) { prettify=1; } if (server.hasArg("logfile")) { apilog(server.arg("logfile"),prettify); } else { server.send(200, "application/json", F("Usage: [server]/api/viewlog?logfile=[logfile.txt]")); } }); ================================================ FILE: Source Code/esprfidtool/esprfidtool.ino ================================================ /* * ESP-RFID-Tool * by Corey Harding of www.Exploit.Agency / www.LegacySecurityGroup.com * ESP-RFID-Tool Software is distributed under the MIT License. The license and copyright notice can not be removed and must be distributed alongside all future copies of the software. * MIT License Copyright (c) [2018] [Corey Harding] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #include "HelpText.h" #include "License.h" #include "version.h" #include "strrev.h" #include "aba2str.h" #include
");
f.print(" * Trying \"Forward\" Swipe,");
magStart=startSentinel;
magEnd=endSentinel;
f.println(aba2str(magstripe,magStart,magEnd,"\"Forward\" Swipe"));
f.print(" * Trying \"Reverse\" Swipe,");
char magchar[249];
magstripe.toCharArray(magchar,249);
magstripe=String(strrev(magchar));
//f.println(String()+"Reverse: "+magstripe);
magStart=magstripe.indexOf("11010");
magEnd=(magstripe.lastIndexOf("11111")+4);
f.println(aba2str(magstripe,magStart,magEnd,"\"Reverse\" Swipe"));
//f.print("");
//f.println(String()+F(" * You can verify the data at the following URL: https://www.legacysecuritygroup.com/aba-decode.php?binary=")+magstripe+F(""));
}
//Debug
// f.print(F("Free heap:"));
// f.println(ESP.getFreeHeap(),DEC);
unknown=false;
binChunk3="";
binChunk2exists=false;
binChunk1 = 0; binChunk2 = 0;
cardChunk1 = 0; cardChunk2 = 0;
binChunk2len=0;
f.close(); //done
}
#include "api.h"
void settingsPage()
{
if(!server.authenticate(update_username, update_password))
return server.requestAuthentication();
String accesspointmodeyes;
String accesspointmodeno;
if (accesspointmode==1){
accesspointmodeyes=" checked=\"checked\"";
accesspointmodeno="";
}
else {
accesspointmodeyes="";
accesspointmodeno=" checked=\"checked\"";
}
String ftpenabledyes;
String ftpenabledno;
if (ftpenabled==1){
ftpenabledyes=" checked=\"checked\"";
ftpenabledno="";
}
else {
ftpenabledyes="";
ftpenabledno=" checked=\"checked\"";
}
String ledenabledyes;
String ledenabledno;
if (ledenabled==1){
ledenabledyes=" checked=\"checked\"";
ledenabledno="";
}
else {
ledenabledyes="";
ledenabledno=" checked=\"checked\"";
}
String hiddenyes;
String hiddenno;
if (hidden==1){
hiddenyes=" checked=\"checked\"";
hiddenno="";
}
else {
hiddenyes="";
hiddenno=" checked=\"checked\"";
}
String safemodeyes;
String safemodeno;
if (safemode==1){
safemodeyes=" checked=\"checked\"";
safemodeno="";
}
else {
safemodeyes="";
safemodeno=" checked=\"checked\"";
}
server.send(200, "text/html",
String()+
F(
""
""
""
""
"" "
ESP-RFID-Tool Settings
" "" "" "" "
" "" "" "" ) ); } void handleSettings() { if (server.hasArg("SETTINGS")) { handleSubmitSettings(); } else { settingsPage(); } } void returnFail(String msg) { server.sendHeader("Connection", "close"); server.sendHeader("Access-Control-Allow-Origin", "*"); server.send(500, "text/plain", msg + "\r\n"); } void handleSubmitSettings() { String SETTINGSvalue; if (!server.hasArg("SETTINGS")) return returnFail("BAD ARGS"); SETTINGSvalue = server.arg("SETTINGS"); accesspointmode = server.arg("accesspointmode").toInt(); server.arg("ssid").toCharArray(ssid, 32); server.arg("password").toCharArray(password, 64); channel = server.arg("channel").toInt(); hidden = server.arg("hidden").toInt(); server.arg("local_IPstr").toCharArray(local_IPstr, 16); server.arg("gatewaystr").toCharArray(gatewaystr, 16); server.arg("subnetstr").toCharArray(subnetstr, 16); server.arg("update_username").toCharArray(update_username, 32); server.arg("update_password").toCharArray(update_password, 64); server.arg("ftp_username").toCharArray(ftp_username, 32); server.arg("ftp_password").toCharArray(ftp_password, 64); ftpenabled = server.arg("ftpenabled").toInt(); ledenabled = server.arg("ledenabled").toInt(); server.arg("logname").toCharArray(logname, 31); bufferlength = server.arg("bufferlength").toInt(); rxpacketgap = server.arg("rxpacketgap").toInt(); txdelayus = server.arg("txdelayus").toInt(); txdelayms = server.arg("txdelayms").toInt(); safemode = server.arg("safemode").toInt(); if (SETTINGSvalue == "1") { saveConfig(); server.send(200, "text/html", F("<- BACK TO INDEX
Settings have been saved.
Some setting may require manually rebooting before taking effect.
If network configuration has changed then be sure to connect to the new network first in order to access the web interface.")); delay(50); loadConfig(); } else if (SETTINGSvalue == "0") { settingsPage(); } else { returnFail("Bad SETTINGS value"); } } bool loadDefaults() { StaticJsonBuffer<500> jsonBuffer; JsonObject& json = jsonBuffer.createObject(); json["version"] = version; json["accesspointmode"] = "1"; json["ssid"] = "ESP-RFID-Tool"; json["password"] = ""; json["channel"] = "6"; json["hidden"] = "0"; json["local_IP"] = "192.168.1.1"; json["gateway"] = "192.168.1.1"; json["subnet"] = "255.255.255.0"; json["update_username"] = "admin"; json["update_password"] = "rfidtool"; json["ftp_username"] = "ftp-admin"; json["ftp_password"] = "rfidtool"; json["ftpenabled"] = "0"; json["ledenabled"] = "1"; json["logname"] = "log.txt"; json["bufferlength"] = "256"; json["rxpacketgap"] = "15"; json["txdelayus"] = "40"; json["txdelayms"] = "2"; json["safemode"] = "0"; File configFile = SPIFFS.open("/esprfidtool.json", "w"); json.printTo(configFile); configFile.close(); jsonBuffer.clear(); loadConfig(); } bool loadConfig() { File configFile = SPIFFS.open("/esprfidtool.json", "r"); if (!configFile) { delay(3500); loadDefaults(); } size_t size = configFile.size(); std::unique_ptr
File System Info Calculated in Bytes
Total: ")+total+" Free: "+freespace+" "+" Used: "+used+"
NOTE: Larger log files will need to be downloaded instead of viewed from the browser.
| Display File Contents | Size in Bytes | Download File | Delete File |
| "+FileName+" | "+""+f.size()+" |
" "List Exfiltrated Data - Experimental TX Mode - Data Conversion Tools
" "" "Use commas to separate the binary for transmitting multiple packets(useful for sending multiple keypresses for imitating keypads)
" "
" " - " "
")
+payload+
F("\n"
"Note: Preambles shown are only a guess based on card length and may not be accurate for every card format.\n"
"-----\n")
+webString+
F("")
;
webString="";
server.send(200, "text/html", ShowPL);
}
// Start Networking
void setup() {
Serial.begin(9600);
Serial.println(F("....."));
Serial.println(String()+F("ESP-RFID-Tool v")+version);
//SPIFFS.format();
SPIFFS.begin();
//loadDefaults(); //uncomment to restore default settings if double reset fails for some reason
//Jump RESTORE_DEFAULTS_PIN to GND while powering on device to reset the device to factory defaults
pinMode(RESTORE_DEFAULTS_PIN, INPUT_PULLUP);
jumperState = digitalRead(RESTORE_DEFAULTS_PIN);
if (jumperState == LOW) {
Serial.println(String()+F("Pin ")+RESTORE_DEFAULTS_PIN+F("Grounded"));
Serial.println(F("Loading default config..."));
loadDefaults();
}
loadConfig();
if(!wg.begin(DATA0,DATA1,bufferlength,rxpacketgap)) {
Serial.println(F("Could not begin Wiegand logging,"));
Serial.println(F("Out of memory!"));
}
//Set up Web Pages
server.on("/",[]() {
FSInfo fs_info;
SPIFFS.info(fs_info);
String total;
total=fs_info.totalBytes;
String used;
used=fs_info.usedBytes;
String freespace;
freespace=fs_info.totalBytes-fs_info.usedBytes;
server.send(200, "text/html", String()+F("ESP-RFID-Tool v")+version+F("" "
" "by Corey Harding
" "www.RFID-Tool.com
" "www.LegacySecurityGroup.com / www.Exploit.Agency
" "-----
" "File System Info Calculated in Bytes
" "Total: ")+total+" Free: "+freespace+" "+" Used: "+used+F("
-----
" "List Exfiltrated Data
-
" "Experimental TX Mode
-
" "Data Conversion Tools
-
" "Configure Settings
-
" "Format File System
-
" "Upgrade Firmware
-
" "API Info
-
" "Help" "")); }); server.onNotFound([]() { if (!RawFile(server.uri())) server.send(404, "text/plain", F("Error 404 File Not Found")); }); server.on("/settings", handleSettings); server.on("/firmware", [](){ server.send(200, "text/html", String()+F("<- BACK TO INDEX
Open Arduino IDE.
Pull down \"Sketch\" Menu then select \"Export Compiled Binary\".
On this page click \"Browse\", select the binary you exported earlier, then click \"Update\".
You may need to manually reboot the device to reconnect.
")); }); server.on("/restoredefaults", [](){ server.send(200, "text/html", F("This will restore the device to the default configuration.
Are you sure?
YES - NO")); }); server.on("/restoredefaults/yes", [](){ if(!server.authenticate(update_username, update_password)) return server.requestAuthentication(); server.send(200, "text/html", F("<- BACK TO INDEX
Network
---
SSID: ESP-RFID-Tool
Administration
---
USER: admin PASS: rfidtool")); delay(50); loadDefaults(); ESP.restart(); }); server.on("/deletelog", [](){ String deletelog; deletelog += server.arg(0); server.send(200, "text/html", String()+F("This will delete the file: ")+deletelog+F(".
Are you sure?
YES - NO")); }); server.on("/viewlog", ViewLog); server.on("/deletelog/yes", [](){ if(!server.authenticate(update_username, update_password)) return server.requestAuthentication(); String deletelog; deletelog += server.arg(0); if (!deletelog.startsWith("/payloads/")) server.send(200, "text/html", String()+F("<- BACK TO INDEX
List Exfiltrated Data
Deleting file: ")+deletelog); delay(50); SPIFFS.remove(deletelog); }); server.on("/format", [](){ server.send(200, "text/html", F("<- BACK TO INDEX
This will reformat the SPIFFS File System.
Are you sure?
YES - NO")); }); server.on("/logs", ListLogs); server.on("/reboot", [](){ if(!server.authenticate(update_username, update_password)) return server.requestAuthentication(); server.send(200, "text/html", F("<- BACK TO INDEX
Rebooting Device...")); delay(50); ESP.restart(); }); server.on("/format/yes", [](){ if(!server.authenticate(update_username, update_password)) return server.requestAuthentication(); server.send(200, "text/html", F("<- BACK TO INDEX
Formatting file system: This may take up to 90 seconds")); delay(50); // Serial.print("Formatting file system..."); SPIFFS.format(); // Serial.println(" Success"); saveConfig(); }); server.on("/help", []() { server.send_P(200, "text/html", HelpText); }); server.on("/license", []() { server.send_P(200, "text/html", License); }); server.on("/data-convert", [](){ if (server.hasArg("bin2hexHTML")) { int bin2hexBUFFlen=(((server.arg("bin2hexHTML")).length())+1); char bin2hexCHAR[bin2hexBUFFlen]; (server.arg("bin2hexHTML")).toCharArray(bin2hexCHAR,bin2hexBUFFlen); dataCONVERSION+=String()+F("Binary: ")+bin2hexCHAR+F("
"); String hexTEMP=""; int binCOUNT=(bin2hexBUFFlen-1); for (int currentBINpos=0; currentBINpos
"); hexTEMP=""; dataCONVERSION+=F("
"); bin2hexBUFFlen=0; } if (server.hasArg("hex2binHTML")) { int hex2binBUFFlen=(((server.arg("hex2binHTML")).length())+1); char hex2binCHAR[hex2binBUFFlen]; (server.arg("hex2binHTML")).toCharArray(hex2binCHAR,hex2binBUFFlen); dataCONVERSION+=String()+F("Hexadecimal: ")+hex2binCHAR+F("
"); String binTEMP=""; int charCOUNT=(hex2binBUFFlen-1); for (int currentHEXpos=0; currentHEXpos
"); binTEMP=""; dataCONVERSION+=F("
"); hex2binBUFFlen=0; } if (server.hasArg("abaHTML")) { String abaHTML=(server.arg("abaHTML")); dataCONVERSION="Trying \"Forward\" Swipe
"; dataCONVERSION+=("Forward Binary:"+abaHTML+"
"); int abaStart=abaHTML.indexOf("11010"); int abaEnd=(abaHTML.lastIndexOf("11111")+4); dataCONVERSION+=aba2str(abaHTML,abaStart,abaEnd,"\"Forward\" Swipe"); dataCONVERSION+=" * Trying \"Reverse\" Swipe
"; int abaBUFFlen=((abaHTML.length())+1); char abachar[abaBUFFlen]; abaHTML.toCharArray(abachar,abaBUFFlen); abaHTML=String(strrev(abachar)); dataCONVERSION+=("Reversed Binary:"+abaHTML+"
"); abaStart=abaHTML.indexOf("11010"); abaEnd=(abaHTML.lastIndexOf("11111")+4); dataCONVERSION+=aba2str(abaHTML,abaStart,abaEnd,"\"Reverse\" Swipe"); //dataCONVERSION+=(String()+F(" * You can verify the data at the following URL:
https://www.legacysecuritygroup.com/aba-decode.php?binary=")+abaHTML+F("")); dataCONVERSION.replace("*", "
"); dataCONVERSION.replace(":", ": "); abaHTML=""; abaStart=0; abaEnd=0; } server.send(200, "text/html", String()+F( "<- BACK TO INDEX
") +dataCONVERSION+ F( "
" "" "
" "" "
" "" ) ); dataCONVERSION=""; }); #include "api_server.h" server.on("/stoptx", [](){ server.send(200, "text/html", F("This will kill any ongoing transmissions.
Are you sure?
YES - NO")); }); server.on("/stoptx/yes", [](){ TXstatus=0; server.send(200, "text/html", F("<- BACK TO INDEX
<- BACK TO EXPERIMENTAL TX MODE
All transmissions have been stopped.")); }); server.on("/experimental", [](){ String experimentalStatus="Awaiting Instructions"; if (server.hasArg("pinHTML")||server.hasArg("bruteEND")) { pinHTML=server.arg("pinHTML"); int pinBITS=server.arg("pinBITS").toInt(); int pinHTMLDELAY=server.arg("pinHTMLDELAY").toInt(); int bruteforcing; int brutePAD=(server.arg("bruteSTART").length()); if (server.hasArg("bruteSTART")) { bruteforcing=1; } else { bruteforcing=0; } TXstatus=1; wg.pause(); digitalWrite(DATA0, HIGH); pinMode(DATA0,OUTPUT); digitalWrite(DATA1, HIGH); pinMode(DATA1,OUTPUT); pinHTML.replace("F1","C"); pinHTML.replace("F2","D"); pinHTML.replace("F3","E"); pinHTML.replace("F4","F"); experimentalStatus=String()+"Transmitting "+pinBITS+"bit Wiegand Format PIN: "+pinHTML+" with a "+pinHTMLDELAY+"ms delay between \"keypresses\""; delay(50); int bruteSTART; int bruteEND; if (server.hasArg("bruteSTART")) { bruteSTART=server.arg("bruteSTART").toInt(); } else { bruteSTART=0; } if (server.hasArg("bruteEND")) { bruteEND=server.arg("bruteEND").toInt(); } else { bruteEND=0; } if (server.hasArg("bruteSTART")) { server.send(200, "text/html", String()+"<- BACK TO INDEX
<- BACK TO EXPERIMENTAL TX MODE
Brute forcing "+pinBITS+"bit Wiegand Format PIN from "+(server.arg("bruteSTART"))+" to "+(server.arg("bruteEND"))+" with a "+pinHTMLDELAY+"ms delay between \"keypresses\"
This may take a while, your device will be busy until the sequence has been completely transmitted!
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
You can view if the brute force attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"
"); delay(50); } String bruteSTARTchar=""; String bruteENDchar=""; if (server.hasArg("bruteSTARTchar")&&(server.arg("bruteSTARTchar")!="")) { bruteSTARTchar=(server.arg("bruteSTARTchar")); bruteSTARTchar.replace("F1","C"); bruteSTARTchar.replace("F2","D"); bruteSTARTchar.replace("F3","E"); bruteSTARTchar.replace("F4","F"); } if (server.hasArg("bruteENDchar")&&(server.arg("bruteENDchar")!="")) { bruteENDchar=(server.arg("bruteENDchar")); bruteENDchar=(server.arg("bruteENDchar")); bruteENDchar.replace("F1","C"); bruteENDchar.replace("F2","D"); bruteENDchar.replace("F3","E"); bruteENDchar.replace("F4","F"); } unsigned long bruteFAILdelay=0; unsigned long bruteFAILS=0; int bruteFAILmultiplier=0; int bruteFAILmultiplierCURRENT=0; int bruteFAILmultiplierAFTER=0; int delayAFTERpin=0; int bruteFAILSmax=0; bruteFAILSmax=(server.arg("bruteFAILSmax")).toInt(); delayAFTERpin=(server.arg("delayAFTERpin")).toInt(); bruteFAILdelay=(server.arg("bruteFAILdelay")).toInt(); bruteFAILmultiplier=(server.arg("bruteFAILmultiplier")).toInt(); bruteFAILmultiplierAFTER=(server.arg("bruteFAILmultiplierAFTER")).toInt(); for (int brute=bruteSTART; brute<=bruteEND; brute++) { if (bruteforcing==1) { pinHTML=String(brute); while (pinHTML.length()
" "<- BACK TO EXPERIMENTAL TX MODE
" "Denial of Service mode active.
Transmitting D0 and D1 bits simultaneously until stopped." "
This may take a while, your device will be busy until the sequence has been completely transmitted!" "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"
" ""); delay(50); } else { fuzzTimes=server.arg("fuzzTimes").toInt(); server.send(200, "text/html", String()+ "<- BACK TO INDEX
" "<- BACK TO EXPERIMENTAL TX MODE
" "Transmitting D0 and D1 bits simultaneously "+fuzzTimes+" times." "
This may take a while, your device will be busy until the sequence has been completely transmitted!" "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"
" ""); delay(50); } wg.pause(); digitalWrite(DATA0, HIGH); pinMode(DATA0,OUTPUT); digitalWrite(DATA1, HIGH); pinMode(DATA1,OUTPUT); TXstatus=1; for (int i=0; i<=fuzzTimes || dos==1; i++) { digitalWrite(DATA0, LOW); digitalWrite(DATA1, LOW); delayMicroseconds(txdelayus); digitalWrite(DATA0, HIGH); digitalWrite(DATA1, HIGH); delay(txdelayms); server.handleClient(); if (TXstatus!=1) { break; } } pinMode(DATA0, INPUT); pinMode(DATA1, INPUT); wg.clear(); TXstatus=0; dos=0; //experimentalStatus=String()+"Transmitting D0 and D1 bits simultaneously "+fuzzTimes+" times."; } if (server.arg("fuzzType")=="alternating") { int fuzzTimes=0; dos=0; if ((server.arg("fuzzTimes"))=="dos") { dos=1; server.send(200, "text/html", String()+ "<- BACK TO INDEX
" "<- BACK TO EXPERIMENTAL TX MODE
" "Denial of Service mode active.
Transmitting bits alternating between D0 and D1 until stopped." "
This may take a while, your device will be busy until the sequence has been completely transmitted!" "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"
" ""); delay(50); } else { fuzzTimes=server.arg("fuzzTimes").toInt(); server.send(200, "text/html", String()+ "<- BACK TO INDEX
" "<- BACK TO EXPERIMENTAL TX MODE
" "Transmitting "+fuzzTimes+" bits alternating between D0 and D1." "
This may take a while, your device will be busy until the sequence has been completely transmitted!" "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"
" ""); delay(50); } wg.pause(); digitalWrite(DATA0, HIGH); pinMode(DATA0,OUTPUT); digitalWrite(DATA1, HIGH); pinMode(DATA1,OUTPUT); String binALT=""; TXstatus=1; for (int i=0; i
"; } else { activeTX="Transmitting...
"; } } else { activeTX="INACTIVE
"; } server.send(200, "text/html", String()+ F( "" "" "" "
" +F( "Transmit Status: ")+activeTX+F("
" "<- BACK TO INDEX
" "
" "
Experimental TX Mode
" "" "" "Warning: This mode is highly experimental, use at your own risk!
" "Note: Timings for the Wiegand Data Pulse Width and Wiegand Data Interval may be changed on the settings page." "" "
" "
" "
" "" "
" "
" "
" "" "
" "
" "
" "
" "
" "
" "
" "Fuzzing:
" "" "
" "
" "
" "Denial Of Service Mode:
" "" "
" "
" "
" "Push Button for Door Open:
" "Connect \"Push to Open\" wire from the reader to the RX pin(GPIO3) on the programming header on ESP-RFID-Tool.
" "Warning! Selecting the wrong trigger signal type may cause damage to the connected hardware.
" "" "
" "
" "
" "" "" "" ) ); if (server.args()>=1) { if (safemode==1) { delay(50); ESP.restart(); } } }); server.begin(); WiFiClient client; client.setNoDelay(1); // Serial.println("Web Server Started"); MDNS.begin("ESP"); httpUpdater.setup(&httpServer, update_path, update_username, update_password); httpServer.begin(); MDNS.addService("http", "tcp", 1337); if (ftpenabled==1){ ftpSrv.begin(String(ftp_username),String(ftp_password)); } //Start RFID Reader pinMode(LED_BUILTIN, OUTPUT); // LED if (ledenabled==1){ digitalWrite(LED_BUILTIN, LOW); } else{ digitalWrite(LED_BUILTIN, HIGH); } } // //Do It! /////////////////////////////////////////////////////// // LOOP function void loop() { if (ftpenabled==1){ ftpSrv.handleFTP(); } server.handleClient(); httpServer.handleClient(); while (Serial.available()) { String cmd = Serial.readStringUntil(':'); if(cmd == "ResetDefaultConfig"){ loadDefaults(); ESP.restart(); } } //Serial.print("Free heap-"); //Serial.println(ESP.getFreeHeap(),DEC); if(wg.available()) { wg.pause(); // pause Wiegand pin interrupts LogWiegand(wg); wg.clear(); // compulsory to call clear() to enable interrupts for subsequent data if (safemode==1) { ESP.restart(); } } } ================================================ FILE: Source Code/esprfidtool/pinSEND.h ================================================ void pinSEND(int pinDELAY,String pinBIN) { for (int i=0; i<=pinBIN.length(); i++) { if (pinBIN.charAt(i) == '0') { digitalWrite(DATA0, LOW); delayMicroseconds(txdelayus); digitalWrite(DATA0, HIGH); } else if (pinBIN.charAt(i) == '1') { digitalWrite(DATA1, LOW); delayMicroseconds(txdelayus); digitalWrite(DATA1, HIGH); } delay(txdelayms); } yield(); delay(pinDELAY); pinBIN=""; pinDELAY=100; } ================================================ FILE: Source Code/esprfidtool/strrev.h ================================================ /* Copyright (c) 2007 Dmitry Xmelkov All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the copyright holders nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* $Id$ */ char * strrev (char *s) { char *p1, *p2; for (p2 = s; *p2; ) p2++; p1 = s; while (p1 < p2) { char c1 = *p1; char c2 = *--p2; *p1++ = c2; *p2 = c1; } return s; } ================================================ FILE: Source Code/esprfidtool/version.h ================================================ String version = "1.2.1"; String APIversion = "1.0.4";