From 4a3f1a379314368330fab879a616cf7b9e5e25c4 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Thu, 11 Jun 2015 23:52:40 -0400 Subject: [PATCH 1/5] revert t55xx start gap and write timing changes also noted specs in comments --- armsrc/lfops.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index c3fa8a0e..7e53d4a5 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1024,10 +1024,10 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol) * To compensate antenna falling times shorten the write times * and enlarge the gap ones. */ -#define START_GAP 50*8 // 10 - 50fc 250 -#define WRITE_GAP 20*8 // - 30fc 160 -#define WRITE_0 24*8 // 16 - 63fc 54fc 144 -#define WRITE_1 54*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 //400 +#define START_GAP 31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc) +#define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc) +#define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc) +#define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550 #define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..) From 6ac4cb270a202d6f723b82753d57ee48c9a6980e Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Mon, 15 Jun 2015 00:44:57 -0400 Subject: [PATCH 2/5] minor fixes see @icemant1001 - https://github.com/iceman1001/proxmark3/commit/0ad1a1d492ab62eb42c1eb7b4ce6fff05d90e0a3 for more details --- client/cmddata.c | 2 +- client/cmdlfem4x.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/client/cmddata.c b/client/cmddata.c index 309044e1..aa1170fc 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -392,7 +392,7 @@ int Cmdmandecoderaw(const char *Cmd) int errCnt=0; size_t size=0; int invert=0; - size_t maxErr = 20; + int maxErr = 20; char cmdp = param_getchar(Cmd, 0); if (strlen(Cmd) > 5 || cmdp == 'h' || cmdp == 'H') { PrintAndLog("Usage: data manrawdecode [invert] [maxErr]"); diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index c492a64d..eddeec56 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -20,6 +20,9 @@ #include "cmdlf.h" #include "cmdlfem4x.h" #include "lfdemod.h" + +#define llx PRIx64 + char *global_em410xId; static int CmdHelp(const char *Cmd); From f4217d58b68ef3e7828892d8401ea1eb3da4696d Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Thu, 18 Jun 2015 17:19:43 -0400 Subject: [PATCH 3/5] add ultralight compatible test --- client/cmdhfmfu.c | 33 +++++++++++++++++++++++++++++---- client/cmdhfmfu.h | 3 ++- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index 48f549ba..a631b6b1 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -57,13 +57,13 @@ uint8_t default_pwd_pack[KEYS_PWD_COUNT][4] = { {0x32,0x0C,0x16,0x17}, // PACK 0x80,0x80 -- AMiiboo (sniffed) }; -#define MAX_UL_TYPES 17 -uint16_t UL_TYPES_ARRAY[MAX_UL_TYPES] = {UNKNOWN, UL, UL_C, UL_EV1_48, UL_EV1_128, NTAG, NTAG_203, - NTAG_210, NTAG_212, NTAG_213, NTAG_215, NTAG_216, MY_D, MY_D_NFC, MY_D_MOVE, MY_D_MOVE_NFC, MY_D_MOVE_LEAN}; +#define MAX_UL_TYPES 18 +uint32_t UL_TYPES_ARRAY[MAX_UL_TYPES] = {UNKNOWN, UL, UL_C, UL_EV1_48, UL_EV1_128, NTAG, NTAG_203, + NTAG_210, NTAG_212, NTAG_213, NTAG_215, NTAG_216, MY_D, MY_D_NFC, MY_D_MOVE, MY_D_MOVE_NFC, MY_D_MOVE_LEAN, FUDAN_UL}; uint8_t UL_MEMORY_ARRAY[MAX_UL_TYPES] = {MAX_UL_BLOCKS, MAX_UL_BLOCKS, MAX_ULC_BLOCKS, MAX_ULEV1a_BLOCKS, MAX_ULEV1b_BLOCKS, MAX_NTAG_203, MAX_NTAG_203, MAX_NTAG_210, MAX_NTAG_212, MAX_NTAG_213, - MAX_NTAG_215, MAX_NTAG_216, MAX_UL_BLOCKS, MAX_MY_D_NFC, MAX_MY_D_MOVE, MAX_MY_D_MOVE, MAX_MY_D_MOVE_LEAN}; + MAX_NTAG_215, MAX_NTAG_216, MAX_UL_BLOCKS, MAX_MY_D_NFC, MAX_MY_D_MOVE, MAX_MY_D_MOVE, MAX_MY_D_MOVE_LEAN, MAX_UL_BLOCKS}; static int CmdHelp(const char *Cmd); @@ -276,6 +276,25 @@ static int ulev1_readSignature( uint8_t *response, uint16_t responseLength ){ return len; } +//make sure field is off before calling this function +static int ul_fudan_check( void ){ + iso14a_card_select_t card; + if ( !ul_select(&card) ) + return UL_ERROR; + + UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_RAW | ISO14A_NO_DISCONNECT, 4, 0}}; + + uint8_t cmd[4] = {0x30,0x00,0x02,0xa7}; //wrong crc on purpose should be 0xa8 + memcpy(c.d.asBytes, cmd, 4); + clearCommandBuffer(); + SendCommand(&c); + UsbCommand resp; + if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) return UL_ERROR; + if (resp.arg[0] != 1) return UL_ERROR; + + return (!resp.d.asBytes[0]) ? FUDAN_UL : UL; //if response == 0x00 then Fudan, else Genuine NXP +} + static int ul_print_default( uint8_t *data){ uint8_t uid[7]; @@ -389,6 +408,8 @@ int ul_print_type(uint32_t tagtype, uint8_t spaces){ PrintAndLog("%sTYPE : INFINEON my-d\x99 move NFC (SLE 66R01P)", spacer); else if ( tagtype & MY_D_MOVE_LEAN ) PrintAndLog("%sTYPE : INFINEON my-d\x99 move lean (SLE 66R01L)", spacer); + else if ( tagtype & FUDAN_UL ) + PrintAndLog("%sTYPE : FUDAN Ultralight Compatible (or other compatible) %s", spacer, (tagtype & MAGIC) ? "" : "" ); else PrintAndLog("%sTYPE : Unknown %06x", spacer, tagtype); return 0; @@ -622,6 +643,10 @@ uint32_t GetHF14AMfU_Type(void){ ul_switch_off_field(); } } + if (tagtype & UL) { + tagtype = ul_fudan_check(); + ul_switch_off_field(); + } } else { ul_switch_off_field(); // Infinition MY-D tests Exam high nibble diff --git a/client/cmdhfmfu.h b/client/cmdhfmfu.h index 132e4f90..6c9e3ea1 100644 --- a/client/cmdhfmfu.h +++ b/client/cmdhfmfu.h @@ -45,7 +45,8 @@ typedef enum TAGTYPE_UL { MY_D_MOVE_LEAN= 0x008000, NTAG_I2C_1K = 0x010000, NTAG_I2C_2K = 0x020000, - MAGIC = 0x040000, + FUDAN_UL = 0x040000, + MAGIC = 0x080000, UL_MAGIC = UL | MAGIC, UL_C_MAGIC = UL_C | MAGIC, UL_ERROR = 0xFFFFFF, From 7c8b5e68110a08a78b6fc5d49175108d9e751345 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Sat, 20 Jun 2015 21:33:42 -0400 Subject: [PATCH 4/5] comment fudan check possibilities --- client/cmdhfmfu.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index a631b6b1..3dfee3a6 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -276,7 +276,20 @@ static int ulev1_readSignature( uint8_t *response, uint16_t responseLength ){ return len; } -//make sure field is off before calling this function + +// Fudan check checks for which error is given for a command with incorrect crc +// NXP UL chip responds with 01, fudan 00. +// other possible checks: +// send a0 + crc +// UL responds with 00, fudan doesn't respond +// or +// send a200 + crc +// UL doesn't respond, fudan responds with 00 +// or +// send 300000 + crc (read with extra byte(s)) +// UL responds with read of page 0, fudan doesn't respond. +// +// make sure field is off before calling this function static int ul_fudan_check( void ){ iso14a_card_select_t card; if ( !ul_select(&card) ) From 2ec87733142000646c7ce86c74f61330f451b110 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Tue, 23 Jun 2015 12:16:23 -0400 Subject: [PATCH 5/5] fix bug in pskdemod return value if no samples... ... caused crash in data psknexwatchdemod if no samples were in the graphbuffer. also fixed hf mfu wrbl and rdbl to allow printing of help without a tag being present. --- client/cmddata.c | 4 ++-- client/cmdhfmfu.c | 56 ++++++++++++++++++++++------------------------- 2 files changed, 28 insertions(+), 32 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index aa1170fc..bec1b5aa 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -1546,12 +1546,12 @@ int PSKDemod(const char *Cmd, bool verbose) clk=0; } if (invert != 0 && invert != 1) { - if (verbose) PrintAndLog("Invalid argument: %s", Cmd); + if (g_debugMode || verbose) PrintAndLog("Invalid argument: %s", Cmd); return 0; } uint8_t BitStream[MAX_GRAPH_TRACE_LEN]={0}; size_t BitLen = getFromGraphBuf(BitStream); - if (BitLen==0) return -1; + if (BitLen==0) return 0; uint8_t carrier=countFC(BitStream, BitLen, 0); if (carrier!=2 && carrier!=4 && carrier!=8){ //invalid carrier diff --git a/client/cmdhfmfu.c b/client/cmdhfmfu.c index 3dfee3a6..25a073d3 100644 --- a/client/cmdhfmfu.c +++ b/client/cmdhfmfu.c @@ -908,10 +908,6 @@ int CmdHF14AMfUWrBl(const char *Cmd){ uint8_t authenticationkey[16] = {0x00}; uint8_t *authKeyPtr = authenticationkey; - // starting with getting tagtype - TagTypeUL_t tagtype = GetHF14AMfU_Type(); - if (tagtype == UL_ERROR) return -1; - while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) @@ -943,21 +939,10 @@ int CmdHF14AMfUWrBl(const char *Cmd){ case 'b': case 'B': blockNo = param_get8(Cmd, cmdp+1); - - uint8_t maxblockno = 0; - for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){ - if (tagtype & UL_TYPES_ARRAY[idx]) - maxblockno = UL_MEMORY_ARRAY[idx]; - } - if (blockNo < 0) { PrintAndLog("Wrong block number"); errors = true; } - if (blockNo > maxblockno){ - PrintAndLog("block number too large. Max block is %u/0x%02X \n", maxblockno,maxblockno); - errors = true; - } cmdp += 2; break; case 'l': @@ -984,6 +969,19 @@ int CmdHF14AMfUWrBl(const char *Cmd){ } if ( blockNo == -1 ) return usage_hf_mfu_wrbl(); + // starting with getting tagtype + TagTypeUL_t tagtype = GetHF14AMfU_Type(); + if (tagtype == UL_ERROR) return -1; + + uint8_t maxblockno = 0; + for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){ + if (tagtype & UL_TYPES_ARRAY[idx]) + maxblockno = UL_MEMORY_ARRAY[idx]; + } + if (blockNo > maxblockno){ + PrintAndLog("block number too large. Max block is %u/0x%02X \n", maxblockno,maxblockno); + return usage_hf_mfu_wrbl(); + } // Swap endianness if (swapEndian && hasAuthKey) authKeyPtr = SwapEndian64(authenticationkey, 16, 8); @@ -1035,10 +1033,6 @@ int CmdHF14AMfURdBl(const char *Cmd){ uint8_t authenticationkey[16] = {0x00}; uint8_t *authKeyPtr = authenticationkey; - // starting with getting tagtype - TagTypeUL_t tagtype = GetHF14AMfU_Type(); - if (tagtype == UL_ERROR) return -1; - while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) @@ -1070,21 +1064,10 @@ int CmdHF14AMfURdBl(const char *Cmd){ case 'b': case 'B': blockNo = param_get8(Cmd, cmdp+1); - - uint8_t maxblockno = 0; - for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){ - if (tagtype & UL_TYPES_ARRAY[idx]) - maxblockno = UL_MEMORY_ARRAY[idx]; - } - if (blockNo < 0) { PrintAndLog("Wrong block number"); errors = true; } - if (blockNo > maxblockno){ - PrintAndLog("block number to large. Max block is %u/0x%02X \n", maxblockno,maxblockno); - errors = true; - } cmdp += 2; break; case 'l': @@ -1102,6 +1085,19 @@ int CmdHF14AMfURdBl(const char *Cmd){ } if ( blockNo == -1 ) return usage_hf_mfu_rdbl(); + // start with getting tagtype + TagTypeUL_t tagtype = GetHF14AMfU_Type(); + if (tagtype == UL_ERROR) return -1; + + uint8_t maxblockno = 0; + for (uint8_t idx = 0; idx < MAX_UL_TYPES; idx++){ + if (tagtype & UL_TYPES_ARRAY[idx]) + maxblockno = UL_MEMORY_ARRAY[idx]; + } + if (blockNo > maxblockno){ + PrintAndLog("block number to large. Max block is %u/0x%02X \n", maxblockno,maxblockno); + return usage_hf_mfu_rdbl(); + } // Swap endianness if (swapEndian && hasAuthKey) authKeyPtr = SwapEndian64(authenticationkey, 16, 8);