mirror of
https://github.com/Proxmark/proxmark3.git
synced 2024-09-21 15:26:35 +08:00
Add a retry loop to hf mf dump
helps get the data dumped even if positioning isn't 100% perfect. also switched em4x05 commands to WaitUS instead of SpinDelayUs, per @pwpiwi 's suggestion.
This commit is contained in:
marshmellow42
parent
fac69c3d76
commit
40c6a02bc9
|
|
@ -1571,27 +1571,27 @@ void SendForward(uint8_t fwd_bit_count) {
|
|||
fwd_write_ptr = forwardLink_data;
|
||||
fwd_bit_sz = fwd_bit_count;
|
||||
|
||||
// Set up FPGA, 125kHz
|
||||
// Set up FPGA, 125kHz or 95 divisor
|
||||
LFSetupFPGAForADC(95, true);
|
||||
|
||||
// force 1st mod pulse (start gap must be longer for 4305)
|
||||
fwd_bit_sz--; //prepare next bit modulation
|
||||
fwd_write_ptr++;
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
|
||||
SpinDelayUs(56*8); //55 cycles off (8us each)for 4305 /another reader has 37 here...
|
||||
WaitUS(55*8); //55 cycles off (8us each)for 4305 /another reader has 37 here...
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
|
||||
SpinDelayUs(18*8); //16 cycles on (8us each) // another reader has 18 here
|
||||
WaitUS(18*8); //16 cycles on (8us each) // another reader has 18 here
|
||||
|
||||
// now start writting
|
||||
while(fwd_bit_sz-- > 0) { //prepare next bit modulation
|
||||
if(((*fwd_write_ptr++) & 1) == 1)
|
||||
SpinDelayUs(32*8); //32 cycles at 125Khz (8us each)
|
||||
WaitUS(32*8); //32 cycles at 125Khz (8us each)
|
||||
else {
|
||||
//These timings work for 4469/4269/4305 (with the 55*8 above)
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
|
||||
SpinDelayUs(23*8); //16-4 cycles off (8us each) //23 //one reader goes as high as 25 here
|
||||
WaitUS(23*8); //16-4 cycles off (8us each) //23 //one reader goes as high as 25 here
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
|
||||
SpinDelayUs(16*8); //16 cycles on (8us each) //9 // another reader goes to 17 here
|
||||
WaitUS(16*8); //16 cycles on (8us each) //9 // another reader goes to 17 here
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1618,6 +1618,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
|
|||
BigBuf_Clear_ext(false);
|
||||
|
||||
LED_A_ON();
|
||||
StartTicks();
|
||||
//If password mode do login
|
||||
if (PwdMode == 1) EM4xLogin(Pwd);
|
||||
|
||||
|
|
@ -1626,7 +1627,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
|
|||
fwd_bit_count += Prepare_Addr( Address );
|
||||
|
||||
SendForward(fwd_bit_count);
|
||||
SpinDelayUs(400);
|
||||
WaitUS(400);
|
||||
// Now do the acquisition
|
||||
DoPartialAcquisition(20, true, 6000);
|
||||
|
||||
|
|
@ -1645,6 +1646,7 @@ void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) {
|
|||
BigBuf_Clear_ext(false);
|
||||
|
||||
LED_A_ON();
|
||||
StartTicks();
|
||||
//If password mode do login
|
||||
if (PwdMode) EM4xLogin(Pwd);
|
||||
|
||||
|
|
@ -1658,7 +1660,7 @@ void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) {
|
|||
//Wait for write to complete
|
||||
//SpinDelay(10);
|
||||
|
||||
SpinDelayUs(6500);
|
||||
WaitUS(6500);
|
||||
//Capture response if one exists
|
||||
DoPartialAcquisition(20, true, 6000);
|
||||
|
||||
|
|
|
|||
|
|
@ -328,29 +328,32 @@ int CmdHF14AMfDump(const char *Cmd)
|
|||
PrintAndLog("|-----------------------------------------|");
|
||||
PrintAndLog("|------ Reading sector access bits...-----|");
|
||||
PrintAndLog("|-----------------------------------------|");
|
||||
|
||||
uint8_t tries = 0;
|
||||
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
|
||||
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};
|
||||
memcpy(c.d.asBytes, keyA[sectorNo], 6);
|
||||
SendCommand(&c);
|
||||
for (tries = 0; tries < 3; tries++) {
|
||||
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};
|
||||
memcpy(c.d.asBytes, keyA[sectorNo], 6);
|
||||
SendCommand(&c);
|
||||
|
||||
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
|
||||
uint8_t isOK = resp.arg[0] & 0xff;
|
||||
uint8_t *data = resp.d.asBytes;
|
||||
if (isOK){
|
||||
rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0
|
||||
rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1
|
||||
rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2
|
||||
rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer
|
||||
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
|
||||
uint8_t isOK = resp.arg[0] & 0xff;
|
||||
uint8_t *data = resp.d.asBytes;
|
||||
if (isOK){
|
||||
rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0
|
||||
rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1
|
||||
rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2
|
||||
rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer
|
||||
break;
|
||||
} else if (tries == 2) { // on last try set defaults
|
||||
PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);
|
||||
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
|
||||
rights[sectorNo][3] = 0x01;
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);
|
||||
PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);
|
||||
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
|
||||
rights[sectorNo][3] = 0x01;
|
||||
}
|
||||
} else {
|
||||
PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);
|
||||
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
|
||||
rights[sectorNo][3] = 0x01;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -362,27 +365,33 @@ int CmdHF14AMfDump(const char *Cmd)
|
|||
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
|
||||
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
|
||||
bool received = false;
|
||||
|
||||
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.
|
||||
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
|
||||
memcpy(c.d.asBytes, keyA[sectorNo], 6);
|
||||
SendCommand(&c);
|
||||
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
|
||||
} else { // data block. Check if it can be read with key A or key B
|
||||
uint8_t data_area = sectorNo<32?blockNo:blockNo/5;
|
||||
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work
|
||||
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};
|
||||
memcpy(c.d.asBytes, keyB[sectorNo], 6);
|
||||
SendCommand(&c);
|
||||
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
|
||||
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work
|
||||
isOK = false;
|
||||
PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);
|
||||
} else { // key A would work
|
||||
for (tries = 0; tries < 3; tries++) {
|
||||
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.
|
||||
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
|
||||
memcpy(c.d.asBytes, keyA[sectorNo], 6);
|
||||
SendCommand(&c);
|
||||
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
|
||||
} else { // data block. Check if it can be read with key A or key B
|
||||
uint8_t data_area = sectorNo<32?blockNo:blockNo/5;
|
||||
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work
|
||||
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};
|
||||
memcpy(c.d.asBytes, keyB[sectorNo], 6);
|
||||
SendCommand(&c);
|
||||
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
|
||||
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work
|
||||
isOK = false;
|
||||
PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);
|
||||
tries = 2;
|
||||
} else { // key A would work
|
||||
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
|
||||
memcpy(c.d.asBytes, keyA[sectorNo], 6);
|
||||
SendCommand(&c);
|
||||
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
|
||||
}
|
||||
}
|
||||
if (received) {
|
||||
isOK = resp.arg[0] & 0xff;
|
||||
if (isOK) break;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue