mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-20 15:26:13 +08:00
make style
This commit is contained in:
parent
ec820db997
commit
29f1147aad
|
@ -1481,12 +1481,12 @@ static void PacketReceived(PacketCommandNG *packet) {
|
||||||
MifareU_Otp_Tearoff(packet->oldarg[0], packet->oldarg[1], packet->data.asBytes);
|
MifareU_Otp_Tearoff(packet->oldarg[0], packet->oldarg[1], packet->data.asBytes);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case CMD_HF_MFU_COUNTER_TEAROFF: {
|
case CMD_HF_MFU_COUNTER_TEAROFF: {
|
||||||
struct p {
|
struct p {
|
||||||
uint8_t counter;
|
uint8_t counter;
|
||||||
uint32_t tearoff_time;
|
uint32_t tearoff_time;
|
||||||
} PACKED;
|
} PACKED;
|
||||||
struct p *payload = (struct p *) packet->data.asBytes;
|
struct p *payload = (struct p *) packet->data.asBytes;
|
||||||
MifareU_Counter_Tearoff(payload->counter, payload->tearoff_time);
|
MifareU_Counter_Tearoff(payload->counter, payload->tearoff_time);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -1520,13 +1520,13 @@ static void PacketReceived(PacketCommandNG *packet) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case CMD_HF_ICLASS_SIMULATE: {
|
case CMD_HF_ICLASS_SIMULATE: {
|
||||||
/*
|
/*
|
||||||
struct p {
|
struct p {
|
||||||
uint8_t reader[4];
|
uint8_t reader[4];
|
||||||
uint8_t mac[4];
|
uint8_t mac[4];
|
||||||
} PACKED;
|
} PACKED;
|
||||||
struct p *payload = (struct p *) packet->data.asBytes;
|
struct p *payload = (struct p *) packet->data.asBytes;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
SimulateIClass(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes);
|
SimulateIClass(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes);
|
||||||
break;
|
break;
|
||||||
|
@ -1562,7 +1562,7 @@ static void PacketReceived(PacketCommandNG *packet) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case CMD_HF_ICLASS_RESTORE: {
|
case CMD_HF_ICLASS_RESTORE: {
|
||||||
iClass_Restore( (iclass_restore_req_t *)packet->data.asBytes);
|
iClass_Restore((iclass_restore_req_t *)packet->data.asBytes);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -889,18 +889,18 @@ static int write(uint8_t word[4], uint8_t address) {
|
||||||
return PM3_ETEAROFF;
|
return PM3_ETEAROFF;
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// wait for T0 * EM4X50_T_TAG_TWA (write access time)
|
// wait for T0 * EM4X50_T_TAG_TWA (write access time)
|
||||||
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA);
|
wait_timer(FPGA_TIMER_0, T0 * EM4X50_T_TAG_TWA);
|
||||||
|
|
||||||
// look for ACK sequence
|
// look for ACK sequence
|
||||||
if (check_ack(false)) {
|
if (check_ack(false)) {
|
||||||
|
|
||||||
// now EM4x50 needs T0 * EM4X50_T_TAG_TWEE (EEPROM write time)
|
// now EM4x50 needs T0 * EM4X50_T_TAG_TWEE (EEPROM write time)
|
||||||
// for saving data and should return with ACK
|
// for saving data and should return with ACK
|
||||||
if (check_ack(false))
|
if (check_ack(false))
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -985,7 +985,7 @@ void em4x50_write(em4x50_data_t *etd) {
|
||||||
lf_finalize();
|
lf_finalize();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (res == PM3_SUCCESS) {
|
if (res == PM3_SUCCESS) {
|
||||||
// to verify result reset EM4x50
|
// to verify result reset EM4x50
|
||||||
if (reset()) {
|
if (reset()) {
|
||||||
|
@ -1033,7 +1033,7 @@ void em4x50_write_password(em4x50_data_t *etd) {
|
||||||
|
|
||||||
// login and change password
|
// login and change password
|
||||||
if (login(etd->password)) {
|
if (login(etd->password)) {
|
||||||
|
|
||||||
int res = write_password(etd->password, etd->new_password);
|
int res = write_password(etd->password, etd->new_password);
|
||||||
if (res == PM3_ETEAROFF) {
|
if (res == PM3_ETEAROFF) {
|
||||||
lf_finalize();
|
lf_finalize();
|
||||||
|
|
|
@ -1367,7 +1367,7 @@ static bool select_iclass_tag_ex(picopass_hdr *hdr, bool use_credit_key, uint32_
|
||||||
*status |= FLAG_ICLASS_CC;
|
*status |= FLAG_ICLASS_CC;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// on NON_SECURE_PAGEMODE cards, AIA is on block2..
|
// on NON_SECURE_PAGEMODE cards, AIA is on block2..
|
||||||
|
|
||||||
// read App Issuer Area block 2
|
// read App Issuer Area block 2
|
||||||
|
@ -1443,7 +1443,7 @@ void ReaderIClass(uint8_t flags) {
|
||||||
// with 0xFF:s in block 3 and 4.
|
// with 0xFF:s in block 3 and 4.
|
||||||
|
|
||||||
LED_B_ON();
|
LED_B_ON();
|
||||||
reply_mix(CMD_ACK, result_status, 0, 0, (uint8_t*)&hdr, sizeof(hdr));
|
reply_mix(CMD_ACK, result_status, 0, 0, (uint8_t *)&hdr, sizeof(hdr));
|
||||||
|
|
||||||
//Send back to client, but don't bother if we already sent this -
|
//Send back to client, but don't bother if we already sent this -
|
||||||
// only useful if looping in arm (not try_once && not abort_after_read)
|
// only useful if looping in arm (not try_once && not abort_after_read)
|
||||||
|
@ -1489,9 +1489,9 @@ bool authenticate_iclass_tag(iclass_auth_req_t *payload, picopass_hdr *hdr, uint
|
||||||
|
|
||||||
memcpy(ccnr, hdr->epurse, sizeof(hdr->epurse));
|
memcpy(ccnr, hdr->epurse, sizeof(hdr->epurse));
|
||||||
|
|
||||||
if ( payload->use_replay) {
|
if (payload->use_replay) {
|
||||||
|
|
||||||
memcpy(pmac, payload->key + 4, 4);
|
memcpy(pmac, payload->key + 4, 4);
|
||||||
memcpy(cmd_check + 1, payload->key, 8);
|
memcpy(cmd_check + 1, payload->key, 8);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -1780,7 +1780,7 @@ static bool iclass_writeblock_ext(uint8_t blockno, uint8_t *data, uint8_t *mac)
|
||||||
|
|
||||||
// write command: cmd, 1 blockno, 8 data, 4 mac
|
// write command: cmd, 1 blockno, 8 data, 4 mac
|
||||||
uint8_t write[16] = { 0x80 | ICLASS_CMD_UPDATE, blockno };
|
uint8_t write[16] = { 0x80 | ICLASS_CMD_UPDATE, blockno };
|
||||||
memcpy(write + 2, data, 8);
|
memcpy(write + 2, data, 8);
|
||||||
memcpy(write + 10, mac, 4);
|
memcpy(write + 10, mac, 4);
|
||||||
AddCrc(write + 1, 13);
|
AddCrc(write + 1, 13);
|
||||||
|
|
||||||
|
@ -1872,11 +1872,11 @@ void iClass_WriteBlock(uint8_t *msg) {
|
||||||
iclass_send_as_reader(write, sizeof(write), &start_time, &eof_time);
|
iclass_send_as_reader(write, sizeof(write), &start_time, &eof_time);
|
||||||
|
|
||||||
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occured
|
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occured
|
||||||
res = false;
|
res = false;
|
||||||
switch_off();
|
switch_off();
|
||||||
if (payload->req.send_reply)
|
if (payload->req.send_reply)
|
||||||
reply_ng(CMD_HF_ICLASS_WRITEBL, PM3_ETEAROFF, (uint8_t *)&res, sizeof(uint8_t));
|
reply_ng(CMD_HF_ICLASS_WRITEBL, PM3_ETEAROFF, (uint8_t *)&res, sizeof(uint8_t));
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
if (GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_UPDATE, &eof_time) == 10) {
|
if (GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_UPDATE, &eof_time) == 10) {
|
||||||
|
@ -1885,7 +1885,7 @@ void iClass_WriteBlock(uint8_t *msg) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tries == 0) {
|
if (tries == 0) {
|
||||||
res = false;
|
res = false;
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -1932,7 +1932,7 @@ void iClass_Restore(iclass_restore_req_t *msg) {
|
||||||
if (msg->req.send_reply) {
|
if (msg->req.send_reply) {
|
||||||
reply_ng(CMD_HF_ICLASS_RESTORE, PM3_ESOFT, NULL, 0);
|
reply_ng(CMD_HF_ICLASS_RESTORE, PM3_ESOFT, NULL, 0);
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
LED_A_ON();
|
LED_A_ON();
|
||||||
|
@ -1942,7 +1942,7 @@ void iClass_Restore(iclass_restore_req_t *msg) {
|
||||||
uint32_t eof_time = 0;
|
uint32_t eof_time = 0;
|
||||||
picopass_hdr hdr = {0};
|
picopass_hdr hdr = {0};
|
||||||
|
|
||||||
// select
|
// select
|
||||||
bool res = select_iclass_tag(&hdr, msg->req.use_credit_key, &eof_time);
|
bool res = select_iclass_tag(&hdr, msg->req.use_credit_key, &eof_time);
|
||||||
if (res == false) {
|
if (res == false) {
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -1974,7 +1974,7 @@ void iClass_Restore(iclass_restore_req_t *msg) {
|
||||||
doMAC_N(wb, sizeof(wb), hdr.key_c, mac);
|
doMAC_N(wb, sizeof(wb), hdr.key_c, mac);
|
||||||
else
|
else
|
||||||
doMAC_N(wb, sizeof(wb), hdr.key_d, mac);
|
doMAC_N(wb, sizeof(wb), hdr.key_d, mac);
|
||||||
|
|
||||||
// data + mac
|
// data + mac
|
||||||
if (iclass_writeblock_ext(item.blockno, item.data, mac)) {
|
if (iclass_writeblock_ext(item.blockno, item.data, mac)) {
|
||||||
Dbprintf("Write block [%02x] " _GREEN_("successful"), item.blockno);
|
Dbprintf("Write block [%02x] " _GREEN_("successful"), item.blockno);
|
||||||
|
@ -1983,7 +1983,7 @@ void iClass_Restore(iclass_restore_req_t *msg) {
|
||||||
Dbprintf("Write block [%02x] " _RED_("failed"), item.blockno);
|
Dbprintf("Write block [%02x] " _RED_("failed"), item.blockno);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
|
|
||||||
switch_off();
|
switch_off();
|
||||||
|
|
|
@ -2629,7 +2629,7 @@ int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32
|
||||||
AddCrc14A(rats, 2);
|
AddCrc14A(rats, 2);
|
||||||
ReaderTransmit(rats, sizeof(rats), NULL);
|
ReaderTransmit(rats, sizeof(rats), NULL);
|
||||||
int len = ReaderReceive(resp, resp_par);
|
int len = ReaderReceive(resp, resp_par);
|
||||||
if (len == 0)
|
if (len == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (p_card) {
|
if (p_card) {
|
||||||
|
|
|
@ -1474,13 +1474,13 @@ int SendDataTag(uint8_t *send, int sendlen, bool init, bool speed_fast, uint8_t
|
||||||
int res = 0;
|
int res = 0;
|
||||||
tosend_t *ts = get_tosend();
|
tosend_t *ts = get_tosend();
|
||||||
TransmitTo15693Tag(ts->buf, ts->max, &start_time);
|
TransmitTo15693Tag(ts->buf, ts->max, &start_time);
|
||||||
|
|
||||||
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occured
|
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occured
|
||||||
|
|
||||||
res = PM3_ETEAROFF;
|
res = PM3_ETEAROFF;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
*eof_time = start_time + 32 * ((8 * ts->max) - 4); // substract the 4 padding bits after EOF
|
*eof_time = start_time + 32 * ((8 * ts->max) - 4); // substract the 4 padding bits after EOF
|
||||||
LogTrace_ISO15693(send, sendlen, (start_time * 4), (*eof_time * 4), NULL, true);
|
LogTrace_ISO15693(send, sendlen, (start_time * 4), (*eof_time * 4), NULL, true);
|
||||||
if (recv != NULL) {
|
if (recv != NULL) {
|
||||||
|
@ -1595,11 +1595,11 @@ void ReaderIso15693(uint32_t parameter) {
|
||||||
uint32_t start_time = 0;
|
uint32_t start_time = 0;
|
||||||
uint32_t eof_time;
|
uint32_t eof_time;
|
||||||
int recvlen = SendDataTag(cmd, sizeof(cmd), true, true, answer, ISO15693_MAX_RESPONSE_LENGTH, start_time, ISO15693_READER_TIMEOUT, &eof_time);
|
int recvlen = SendDataTag(cmd, sizeof(cmd), true, true, answer, ISO15693_MAX_RESPONSE_LENGTH, start_time, ISO15693_READER_TIMEOUT, &eof_time);
|
||||||
|
|
||||||
if (recvlen == PM3_ETEAROFF) { // tearoff occured
|
if (recvlen == PM3_ETEAROFF) { // tearoff occured
|
||||||
reply_mix(CMD_ACK, recvlen, 0, 0, NULL, 0);
|
reply_mix(CMD_ACK, recvlen, 0, 0, NULL, 0);
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||||
|
|
||||||
// we should do a better check than this
|
// we should do a better check than this
|
||||||
|
@ -1634,7 +1634,7 @@ void ReaderIso15693(uint32_t parameter) {
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
DbpString("Failed to select card");
|
DbpString("Failed to select card");
|
||||||
reply_mix(CMD_ACK, 0, 0, 0, NULL, 0);
|
reply_mix(CMD_ACK, 0, 0, 0, NULL, 0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
switch_off();
|
switch_off();
|
||||||
|
@ -1869,7 +1869,7 @@ void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint
|
||||||
}
|
}
|
||||||
|
|
||||||
if (recv) {
|
if (recv) {
|
||||||
recvlen = MIN(recvlen,ISO15693_MAX_RESPONSE_LENGTH);
|
recvlen = MIN(recvlen, ISO15693_MAX_RESPONSE_LENGTH);
|
||||||
reply_mix(CMD_ACK, recvlen, 0, 0, recvbuf, recvlen);
|
reply_mix(CMD_ACK, recvlen, 0, 0, recvbuf, recvlen);
|
||||||
} else {
|
} else {
|
||||||
reply_mix(CMD_ACK, 1, 0, 0, NULL, 0);
|
reply_mix(CMD_ACK, 1, 0, 0, NULL, 0);
|
||||||
|
|
|
@ -2752,15 +2752,15 @@ void MifareU_Counter_Tearoff(uint8_t counter, uint32_t tearoff_time) {
|
||||||
|
|
||||||
// Send MFU counter increase cmd
|
// Send MFU counter increase cmd
|
||||||
uint8_t cmd[] = {
|
uint8_t cmd[] = {
|
||||||
MIFARE_ULEV1_INCR_CNT,
|
MIFARE_ULEV1_INCR_CNT,
|
||||||
counter,
|
counter,
|
||||||
0, // lsb
|
0, // lsb
|
||||||
0,
|
0,
|
||||||
0, // msb
|
0, // msb
|
||||||
0, // rfu
|
0, // rfu
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
};
|
};
|
||||||
AddCrc14A(cmd, sizeof(cmd) - 2);
|
AddCrc14A(cmd, sizeof(cmd) - 2);
|
||||||
|
|
||||||
// anticollision / select card
|
// anticollision / select card
|
||||||
|
|
|
@ -205,9 +205,9 @@ int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int
|
||||||
|
|
||||||
int tmplen = 0;
|
int tmplen = 0;
|
||||||
uint8_t tmpstr[(256 * 2) + 1] = {0};
|
uint8_t tmpstr[(256 * 2) + 1] = {0};
|
||||||
|
|
||||||
// concat all strings in argstr into tmpstr[]
|
// concat all strings in argstr into tmpstr[]
|
||||||
//
|
//
|
||||||
int res = CLIParamStrToBuf(argstr, tmpstr, sizeof(tmpstr), &tmplen);
|
int res = CLIParamStrToBuf(argstr, tmpstr, sizeof(tmpstr), &tmplen);
|
||||||
if (res) {
|
if (res) {
|
||||||
return res;
|
return res;
|
||||||
|
@ -216,7 +216,7 @@ int CLIParamHexToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
res = param_gethex_to_eol((char*)tmpstr, 0, data, maxdatalen, datalen);
|
res = param_gethex_to_eol((char *)tmpstr, 0, data, maxdatalen, datalen);
|
||||||
switch (res) {
|
switch (res) {
|
||||||
case 1:
|
case 1:
|
||||||
printf("Parameter error: Invalid HEX value\n");
|
printf("Parameter error: Invalid HEX value\n");
|
||||||
|
@ -241,20 +241,20 @@ int CLIParamStrToBuf(struct arg_str *argstr, uint8_t *data, int maxdatalen, int
|
||||||
int ibuf = 0;
|
int ibuf = 0;
|
||||||
|
|
||||||
for (int i = 0; i < argstr->count; i++) {
|
for (int i = 0; i < argstr->count; i++) {
|
||||||
|
|
||||||
int len = strlen(argstr->sval[i]);
|
int len = strlen(argstr->sval[i]);
|
||||||
|
|
||||||
if (len > ( (sizeof(tmpstr) / 2 ) - ibuf)) {
|
if (len > ((sizeof(tmpstr) / 2) - ibuf)) {
|
||||||
printf("Parameter error: string too long (%i chars), expect MAX %zu chars\n", len + ibuf, (sizeof(tmpstr) / 2));
|
printf("Parameter error: string too long (%i chars), expect MAX %zu chars\n", len + ibuf, (sizeof(tmpstr) / 2));
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(&tmpstr[ibuf], argstr->sval[i], len);
|
memcpy(&tmpstr[ibuf], argstr->sval[i], len);
|
||||||
|
|
||||||
ibuf += len;
|
ibuf += len;
|
||||||
}
|
}
|
||||||
|
|
||||||
ibuf = MIN(ibuf, (sizeof(tmpstr) / 2));
|
ibuf = MIN(ibuf, (sizeof(tmpstr) / 2));
|
||||||
tmpstr[ibuf] = 0;
|
tmpstr[ibuf] = 0;
|
||||||
|
|
||||||
|
|
|
@ -1843,30 +1843,30 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
|
||||||
if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) {
|
if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus X 2K/4K (SL3)";
|
tip = "-> MIFARE Plus X 2K/4K (SL3)";
|
||||||
} else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) {
|
} else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) {
|
||||||
|
|
||||||
if ((card.atqa[0] & 0x02) == 0x02)
|
if ((card.atqa[0] & 0x02) == 0x02)
|
||||||
tip = "-> MIFARE Plus S 2K (SL3)";
|
tip = "-> MIFARE Plus S 2K (SL3)";
|
||||||
else if ((card.atqa[0] & 0x04) == 0x04)
|
else if ((card.atqa[0] & 0x04) == 0x04)
|
||||||
tip = "-> MIFARE Plus S 4K (SL3)";
|
tip = "-> MIFARE Plus S 4K (SL3)";
|
||||||
|
|
||||||
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x00\xF6\xD1", 7) == 0) {
|
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x00\xF6\xD1", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus SE 1K (17pF)";
|
tip = "-> MIFARE Plus SE 1K (17pF)";
|
||||||
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x10\xF6\xD1", 7) == 0) {
|
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x10\xF6\xD1", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus SE 1K (70pF)";
|
tip = "-> MIFARE Plus SE 1K (70pF)";
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { //SAK B4,5,6
|
} else { //SAK B4,5,6
|
||||||
|
|
||||||
if ((card.sak & 0x20) == 0x20) { // and no GetVersion()..
|
if ((card.sak & 0x20) == 0x20) { // and no GetVersion()..
|
||||||
|
|
||||||
|
|
||||||
if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) {
|
if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus X 2K (SL1)";
|
tip = "-> MIFARE Plus X 2K (SL1)";
|
||||||
} else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) {
|
} else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus S 2K (SL1)";
|
tip = "-> MIFARE Plus S 2K (SL1)";
|
||||||
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x00\xF6\xD1", 7) == 0) {
|
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x00\xF6\xD1", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus SE 1K (17pF)";
|
tip = "-> MIFARE Plus SE 1K (17pF)";
|
||||||
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x10\xF6\xD1", 7) == 0) {
|
} else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x10\xF6\xD1", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus SE 1K (70pF)";
|
tip = "-> MIFARE Plus SE 1K (70pF)";
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -1874,7 +1874,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
|
||||||
tip = "-> MIFARE Plus X 4K (SL1)";
|
tip = "-> MIFARE Plus X 4K (SL1)";
|
||||||
} else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) {
|
} else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) {
|
||||||
tip = "-> MIFARE Plus S 4K (SL1)";
|
tip = "-> MIFARE Plus S 4K (SL1)";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -149,7 +149,7 @@ static int CmdHF14BSim(const char *Cmd) {
|
||||||
PrintAndLogEx(FAILED, "failed to read pupi");
|
PrintAndLogEx(FAILED, "failed to read pupi");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Simulate with PUPI : " _GREEN_("%s"), sprint_hex_inrow(pupi, sizeof(pupi)));
|
PrintAndLogEx(INFO, "Simulate with PUPI : " _GREEN_("%s"), sprint_hex_inrow(pupi, sizeof(pupi)));
|
||||||
PrintAndLogEx(INFO, "Press pm3-button to abort simulation");
|
PrintAndLogEx(INFO, "Press pm3-button to abort simulation");
|
||||||
clearCommandBuffer();
|
clearCommandBuffer();
|
||||||
|
|
|
@ -656,13 +656,13 @@ static int CmdHF15Demod(const char *Cmd) {
|
||||||
};
|
};
|
||||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
// The sampling rate is 106.353 ksps/s, for T = 18.8 us
|
// The sampling rate is 106.353 ksps/s, for T = 18.8 us
|
||||||
int i, j;
|
int i, j;
|
||||||
int max = 0, maxPos = 0;
|
int max = 0, maxPos = 0;
|
||||||
int skip = 4;
|
int skip = 4;
|
||||||
|
|
||||||
if (GraphTraceLen < 1000) {
|
if (GraphTraceLen < 1000) {
|
||||||
PrintAndLogEx(FAILED, "Too few samples in GraphBuffer. Need more than 1000");
|
PrintAndLogEx(FAILED, "Too few samples in GraphBuffer. Need more than 1000");
|
||||||
PrintAndLogEx(HINT, "Run " _YELLOW_("`hf 15 samples`") " to collect and download data");
|
PrintAndLogEx(HINT, "Run " _YELLOW_("`hf 15 samples`") " to collect and download data");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
|
@ -733,8 +733,8 @@ static int CmdHF15Demod(const char *Cmd) {
|
||||||
PrintAndLogEx(WARNING, "Warning, uneven octet! (discard extra bits!)");
|
PrintAndLogEx(WARNING, "Warning, uneven octet! (discard extra bits!)");
|
||||||
PrintAndLogEx(INFO, " mask = %02x", mask);
|
PrintAndLogEx(INFO, " mask = %02x", mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( k == 0 ) {
|
if (k == 0) {
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -744,7 +744,7 @@ static int CmdHF15Demod(const char *Cmd) {
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(SUCCESS, " idx | data");
|
PrintAndLogEx(SUCCESS, " idx | data");
|
||||||
PrintAndLogEx(SUCCESS, "-----+-------------------------------------------------");
|
PrintAndLogEx(SUCCESS, "-----+-------------------------------------------------");
|
||||||
if ( k / 16 > 0) {
|
if (k / 16 > 0) {
|
||||||
for (; i < k; i += 16) {
|
for (; i < k; i += 16) {
|
||||||
PrintAndLogEx(SUCCESS, " %3i | %s", i, sprint_hex(outBuf + i, 16));
|
PrintAndLogEx(SUCCESS, " %3i | %s", i, sprint_hex(outBuf + i, 16));
|
||||||
}
|
}
|
||||||
|
@ -824,7 +824,7 @@ static int NxpSysInfo(uint8_t *uid) {
|
||||||
if (status == PM3_ETEAROFF) {
|
if (status == PM3_ETEAROFF) {
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (status < 2) {
|
if (status < 2) {
|
||||||
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to NXP systeminfo command");
|
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to NXP systeminfo command");
|
||||||
return PM3_EWRONGANSWER;
|
return PM3_EWRONGANSWER;
|
||||||
|
@ -1058,7 +1058,7 @@ static int CmdHF15Sniff(const char *Cmd) {
|
||||||
};
|
};
|
||||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
PacketResponseNG resp;
|
PacketResponseNG resp;
|
||||||
clearCommandBuffer();
|
clearCommandBuffer();
|
||||||
SendCommandNG(CMD_HF_ISO15693_SNIFF, NULL, 0);
|
SendCommandNG(CMD_HF_ISO15693_SNIFF, NULL, 0);
|
||||||
|
@ -1111,7 +1111,7 @@ static int CmdHF15Sim(const char *Cmd) {
|
||||||
struct {
|
struct {
|
||||||
uint8_t uid[8];
|
uint8_t uid[8];
|
||||||
} PACKED payload;
|
} PACKED payload;
|
||||||
|
|
||||||
int uidlen = 0;
|
int uidlen = 0;
|
||||||
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
|
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
@ -1904,11 +1904,11 @@ static int CmdHF15CSetUID(const char *Cmd) {
|
||||||
struct {
|
struct {
|
||||||
uint8_t uid[8];
|
uint8_t uid[8];
|
||||||
} PACKED payload;
|
} PACKED payload;
|
||||||
|
|
||||||
int uidlen = 0;
|
int uidlen = 0;
|
||||||
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
|
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
if (uidlen != 8) {
|
if (uidlen != 8) {
|
||||||
PrintAndLogEx(WARNING, "UID must include 16 HEX symbols got ");
|
PrintAndLogEx(WARNING, "UID must include 16 HEX symbols got ");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
|
@ -1936,7 +1936,7 @@ static int CmdHF15CSetUID(const char *Cmd) {
|
||||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_CSETUID, &resp, 2000) == false) {
|
if (WaitForResponseTimeout(CMD_HF_ISO15693_CSETUID, &resp, 2000) == false) {
|
||||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||||
DropField();
|
DropField();
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "getting updated card details...");
|
PrintAndLogEx(INFO, "getting updated card details...");
|
||||||
|
|
|
@ -427,7 +427,7 @@ static void fuse_config(const picopass_hdr *hdr) {
|
||||||
|
|
||||||
uint16_t otp = (hdr->conf.otp[1] << 8 | hdr->conf.otp[0]);
|
uint16_t otp = (hdr->conf.otp[1] << 8 | hdr->conf.otp[0]);
|
||||||
|
|
||||||
PrintAndLogEx(INFO, " Raw: " _YELLOW_("%s"), sprint_hex((uint8_t*)&hdr->conf, 8));
|
PrintAndLogEx(INFO, " Raw: " _YELLOW_("%s"), sprint_hex((uint8_t *)&hdr->conf, 8));
|
||||||
PrintAndLogEx(INFO, " " _YELLOW_("%02X") "..................... app limit", hdr->conf.app_limit);
|
PrintAndLogEx(INFO, " " _YELLOW_("%02X") "..................... app limit", hdr->conf.app_limit);
|
||||||
PrintAndLogEx(INFO, " " _YELLOW_("%04X") " ( %5u )...... OTP", otp, otp);
|
PrintAndLogEx(INFO, " " _YELLOW_("%04X") " ( %5u )...... OTP", otp, otp);
|
||||||
PrintAndLogEx(INFO, " " _YELLOW_("%02X") "............ block write lock", hdr->conf.block_writelock);
|
PrintAndLogEx(INFO, " " _YELLOW_("%02X") "............ block write lock", hdr->conf.block_writelock);
|
||||||
|
@ -1540,7 +1540,7 @@ static int CmdHFiClassDump(const char *Cmd) {
|
||||||
PrintAndLogEx(SUCCESS, "Using " _YELLOW_("replay NR/MAC mode"));
|
PrintAndLogEx(SUCCESS, "Using " _YELLOW_("replay NR/MAC mode"));
|
||||||
use_replay = true;
|
use_replay = true;
|
||||||
cmdp++;
|
cmdp++;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
PrintAndLogEx(WARNING, "Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
|
PrintAndLogEx(WARNING, "Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
|
||||||
errors = true;
|
errors = true;
|
||||||
|
@ -1552,7 +1552,7 @@ static int CmdHFiClassDump(const char *Cmd) {
|
||||||
PrintAndLogEx(FAILED, "Can not use a combo of 'e', 'r', 'n'");
|
PrintAndLogEx(FAILED, "Can not use a combo of 'e', 'r', 'n'");
|
||||||
errors = true;
|
errors = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (errors) return usage_hf_iclass_dump();
|
if (errors) return usage_hf_iclass_dump();
|
||||||
|
|
||||||
uint32_t flags = (FLAG_ICLASS_READER_INIT | FLAG_ICLASS_READER_CLEARTRACE);
|
uint32_t flags = (FLAG_ICLASS_READER_INIT | FLAG_ICLASS_READER_CLEARTRACE);
|
||||||
|
@ -1788,7 +1788,7 @@ write_dump:
|
||||||
}
|
}
|
||||||
|
|
||||||
static int iclass_write_block(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool replay, bool verbose) {
|
static int iclass_write_block(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool replay, bool verbose) {
|
||||||
|
|
||||||
iclass_writeblock_req_t payload = {
|
iclass_writeblock_req_t payload = {
|
||||||
.req.use_raw = rawkey,
|
.req.use_raw = rawkey,
|
||||||
.req.use_elite = elite,
|
.req.use_elite = elite,
|
||||||
|
@ -1882,13 +1882,13 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) {
|
||||||
rawkey = true;
|
rawkey = true;
|
||||||
cmdp++;
|
cmdp++;
|
||||||
break;
|
break;
|
||||||
/*
|
/*
|
||||||
case 'n':
|
case 'n':
|
||||||
PrintAndLogEx(SUCCESS, "Using " _YELLOW_("replay NR/MAC mode"));
|
PrintAndLogEx(SUCCESS, "Using " _YELLOW_("replay NR/MAC mode"));
|
||||||
use_replay = true;
|
use_replay = true;
|
||||||
cmdp++;
|
cmdp++;
|
||||||
break;
|
break;
|
||||||
*/
|
*/
|
||||||
case 'v':
|
case 'v':
|
||||||
verbose = true;
|
verbose = true;
|
||||||
cmdp++;
|
cmdp++;
|
||||||
|
@ -1910,7 +1910,7 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) {
|
||||||
if (errors || cmdp < 6) return usage_hf_iclass_writeblock();
|
if (errors || cmdp < 6) return usage_hf_iclass_writeblock();
|
||||||
|
|
||||||
int isok = iclass_write_block(blockno, bldata, KEY, use_credit_key, elite, rawkey, use_replay, verbose);
|
int isok = iclass_write_block(blockno, bldata, KEY, use_credit_key, elite, rawkey, use_replay, verbose);
|
||||||
switch(isok) {
|
switch (isok) {
|
||||||
case PM3_SUCCESS:
|
case PM3_SUCCESS:
|
||||||
PrintAndLogEx(SUCCESS, "Wrote block %02X successful", blockno);
|
PrintAndLogEx(SUCCESS, "Wrote block %02X successful", blockno);
|
||||||
break;
|
break;
|
||||||
|
@ -2043,24 +2043,24 @@ static int CmdHFiClassRestore(const char *Cmd) {
|
||||||
return PM3_EFILE;
|
return PM3_EFILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bytes_read < ((endblock - startblock + 1) * 8 )) {
|
if (bytes_read < ((endblock - startblock + 1) * 8)) {
|
||||||
PrintAndLogEx(ERR, "file is smaller than your suggested block range ( " _RED_("0x%02x..0x%02x")" )",
|
PrintAndLogEx(ERR, "file is smaller than your suggested block range ( " _RED_("0x%02x..0x%02x")" )",
|
||||||
startblock, endblock
|
startblock, endblock
|
||||||
);
|
);
|
||||||
free(dump);
|
free(dump);
|
||||||
return PM3_EFILE;
|
return PM3_EFILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
iclass_restore_req_t *payload = calloc(1, payload_size);
|
iclass_restore_req_t *payload = calloc(1, payload_size);
|
||||||
payload->req.use_raw = rawkey,
|
payload->req.use_raw = rawkey,
|
||||||
payload->req.use_elite = elite,
|
payload->req.use_elite = elite,
|
||||||
payload->req.use_credit_key = use_credit_key,
|
payload->req.use_credit_key = use_credit_key,
|
||||||
payload->req.use_replay = false,
|
payload->req.use_replay = false,
|
||||||
payload->req.blockno = startblock,
|
payload->req.blockno = startblock,
|
||||||
payload->req.send_reply = true,
|
payload->req.send_reply = true,
|
||||||
payload->req.do_auth = true,
|
payload->req.do_auth = true,
|
||||||
memcpy(payload->req.key, KEY, 8);
|
memcpy(payload->req.key, KEY, 8);
|
||||||
|
|
||||||
payload->item_cnt = (endblock - startblock + 1);
|
payload->item_cnt = (endblock - startblock + 1);
|
||||||
|
|
||||||
// read data from file from block 6 --- 19
|
// read data from file from block 6 --- 19
|
||||||
|
@ -2068,21 +2068,21 @@ static int CmdHFiClassRestore(const char *Cmd) {
|
||||||
// then copy to usbcommand->asbytes;
|
// then copy to usbcommand->asbytes;
|
||||||
// max is 32 - 6 = 28 block. 28 x 12 bytes gives 336 bytes
|
// max is 32 - 6 = 28 block. 28 x 12 bytes gives 336 bytes
|
||||||
|
|
||||||
for (uint8_t i = 0; i < payload->item_cnt; i++) {
|
for (uint8_t i = 0; i < payload->item_cnt; i++) {
|
||||||
payload->blocks[i].blockno = startblock + i;
|
payload->blocks[i].blockno = startblock + i;
|
||||||
memcpy(payload->blocks[i].data, dump + (startblock * 8) + (i * 8) , sizeof(payload->blocks[i].data));
|
memcpy(payload->blocks[i].data, dump + (startblock * 8) + (i * 8), sizeof(payload->blocks[i].data));
|
||||||
}
|
}
|
||||||
|
|
||||||
free(dump);
|
free(dump);
|
||||||
|
|
||||||
if (verbose) {
|
if (verbose) {
|
||||||
PrintAndLogEx(INFO, "Preparing to restore block range 0x%02x..0x%02x", startblock, endblock);
|
PrintAndLogEx(INFO, "Preparing to restore block range 0x%02x..0x%02x", startblock, endblock);
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "------+----------------------");
|
PrintAndLogEx(INFO, "------+----------------------");
|
||||||
PrintAndLogEx(INFO, "block | data");
|
PrintAndLogEx(INFO, "block | data");
|
||||||
PrintAndLogEx(INFO, "------+----------------------");
|
PrintAndLogEx(INFO, "------+----------------------");
|
||||||
|
|
||||||
for (uint8_t i = 0; i < payload->item_cnt; i++) {
|
for (uint8_t i = 0; i < payload->item_cnt; i++) {
|
||||||
iclass_restore_item_t item = payload->blocks[i];
|
iclass_restore_item_t item = payload->blocks[i];
|
||||||
PrintAndLogEx(INFO, " %02X | %s", item.blockno, sprint_hex_inrow(item.data, sizeof(item.data)));
|
PrintAndLogEx(INFO, " %02X | %s", item.blockno, sprint_hex_inrow(item.data, sizeof(item.data)));
|
||||||
}
|
}
|
||||||
|
@ -2233,7 +2233,7 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) {
|
||||||
}
|
}
|
||||||
if (got_blockno == false)
|
if (got_blockno == false)
|
||||||
errors = true;
|
errors = true;
|
||||||
|
|
||||||
if ((use_replay + rawkey + elite) > 1) {
|
if ((use_replay + rawkey + elite) > 1) {
|
||||||
PrintAndLogEx(FAILED, "Can not use a combo of 'e', 'r', 'n'");
|
PrintAndLogEx(FAILED, "Can not use a combo of 'e', 'r', 'n'");
|
||||||
errors = true;
|
errors = true;
|
||||||
|
@ -2405,7 +2405,7 @@ void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t e
|
||||||
PrintAndLogEx(INFO, " blk| data | ascii |lck| info");
|
PrintAndLogEx(INFO, " blk| data | ascii |lck| info");
|
||||||
PrintAndLogEx(INFO, "----+-------------------------+----------+---+--------------");
|
PrintAndLogEx(INFO, "----+-------------------------+----------+---+--------------");
|
||||||
PrintAndLogEx(INFO, "0x00| " _GREEN_("%s") " | | CSN ", sprint_hex_ascii(iclass_dump, 8));
|
PrintAndLogEx(INFO, "0x00| " _GREEN_("%s") " | | CSN ", sprint_hex_ascii(iclass_dump, 8));
|
||||||
|
|
||||||
if (i != 1)
|
if (i != 1)
|
||||||
PrintAndLogEx(INFO, "....");
|
PrintAndLogEx(INFO, "....");
|
||||||
|
|
||||||
|
@ -2455,8 +2455,8 @@ void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t e
|
||||||
const char *s = info_nonks[3];
|
const char *s = info_nonks[3];
|
||||||
if (i < 3) {
|
if (i < 3) {
|
||||||
s = info_nonks[i];
|
s = info_nonks[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "0x%02X| %s | %s | %s ", i, sprint_hex_ascii(blk, 8), lockstr, s);
|
PrintAndLogEx(INFO, "0x%02X| %s | %s | %s ", i, sprint_hex_ascii(blk, 8), lockstr, s);
|
||||||
} else {
|
} else {
|
||||||
const char *info_ks[] = {"CSN", "Config", "E-purse", "Debit", "Credit", "AIA", "User"};
|
const char *info_ks[] = {"CSN", "Config", "E-purse", "Debit", "Credit", "AIA", "User"};
|
||||||
|
@ -2978,8 +2978,8 @@ static int CmdHFiClassCheckKeys(const char *Cmd) {
|
||||||
free(keyBlock);
|
free(keyBlock);
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get CSN / UID and CCNR
|
// Get CSN / UID and CCNR
|
||||||
PrintAndLogEx(SUCCESS, "Reading tag CSN / CCNR...");
|
PrintAndLogEx(SUCCESS, "Reading tag CSN / CCNR...");
|
||||||
for (uint8_t i = 0; i < ICLASS_AUTH_RETRY && !got_csn; i++) {
|
for (uint8_t i = 0; i < ICLASS_AUTH_RETRY && !got_csn; i++) {
|
||||||
got_csn = select_only(CSN, CCNR, false);
|
got_csn = select_only(CSN, CCNR, false);
|
||||||
|
@ -2993,7 +2993,7 @@ static int CmdHFiClassCheckKeys(const char *Cmd) {
|
||||||
DropField();
|
DropField();
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
|
||||||
iclass_premac_t *pre = calloc(keycount, sizeof(iclass_premac_t));
|
iclass_premac_t *pre = calloc(keycount, sizeof(iclass_premac_t));
|
||||||
if (pre == NULL) {
|
if (pre == NULL) {
|
||||||
return PM3_EMALLOC;
|
return PM3_EMALLOC;
|
||||||
|
@ -3449,7 +3449,7 @@ static int CmdHFiClassAutopwn(const char *Cmd) {
|
||||||
};
|
};
|
||||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
// Check keys.
|
// Check keys.
|
||||||
|
|
||||||
// dump
|
// dump
|
||||||
|
|
|
@ -294,9 +294,9 @@ static int CmdHFMFPInfo(const char *Cmd) {
|
||||||
} else {
|
} else {
|
||||||
// info about 14a part
|
// info about 14a part
|
||||||
infoHF14A(false, false, false);
|
infoHF14A(false, false, false);
|
||||||
|
|
||||||
// Historical bytes.
|
// Historical bytes.
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -242,7 +242,7 @@ static int usage_hf_mfu_otp_tearoff(void) {
|
||||||
PrintAndLogEx(NORMAL, " s <time> : (optional) start time to run the test - default 0 us");
|
PrintAndLogEx(NORMAL, " s <time> : (optional) start time to run the test - default 0 us");
|
||||||
PrintAndLogEx(NORMAL, " d <data> : (optional) data to full-write before trying the OTP test - default 0x00");
|
PrintAndLogEx(NORMAL, " d <data> : (optional) data to full-write before trying the OTP test - default 0x00");
|
||||||
PrintAndLogEx(NORMAL, " t <data> : (optional) data to write while running the OTP test - default 0x00");
|
PrintAndLogEx(NORMAL, " t <data> : (optional) data to write while running the OTP test - default 0x00");
|
||||||
PrintAndLogEx(NORMAL, " m <data> : (optional) exit criteria, if block matches this value");
|
PrintAndLogEx(NORMAL, " m <data> : (optional) exit criteria, if block matches this value");
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(NORMAL, "Examples:");
|
PrintAndLogEx(NORMAL, "Examples:");
|
||||||
PrintAndLogEx(NORMAL, " hf mfu otptear b 3");
|
PrintAndLogEx(NORMAL, " hf mfu otptear b 3");
|
||||||
|
@ -362,7 +362,7 @@ static bool ul_select(iso14a_card_select_t *card) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (card)
|
if (card)
|
||||||
memcpy(card, resp.data.asBytes, sizeof(iso14a_card_select_t));
|
memcpy(card, resp.data.asBytes, sizeof(iso14a_card_select_t));
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
|
@ -2897,7 +2897,7 @@ static int CmdHF14AMfuOtpTearoff(const char *Cmd) {
|
||||||
}
|
}
|
||||||
use_match = true;
|
use_match = true;
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
|
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
|
||||||
errors = true;
|
errors = true;
|
||||||
|
@ -2947,9 +2947,9 @@ static int CmdHF14AMfuOtpTearoff(const char *Cmd) {
|
||||||
|
|
||||||
clearCommandBuffer();
|
clearCommandBuffer();
|
||||||
SendCommandMIX(CMD_HF_MFU_OTP_TEAROFF, blockNoUint, actualTime, 0, teardata, 8);
|
SendCommandMIX(CMD_HF_MFU_OTP_TEAROFF, blockNoUint, actualTime, 0, teardata, 8);
|
||||||
|
|
||||||
// we be getting ACK that we are silently ignoring here..
|
// we be getting ACK that we are silently ignoring here..
|
||||||
|
|
||||||
if (!WaitForResponseTimeout(CMD_HF_MFU_OTP_TEAROFF, &resp, 2000)) {
|
if (!WaitForResponseTimeout(CMD_HF_MFU_OTP_TEAROFF, &resp, 2000)) {
|
||||||
PrintAndLogEx(WARNING, "Failed");
|
PrintAndLogEx(WARNING, "Failed");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
|
@ -3061,7 +3061,7 @@ static int CmdHF14AMfuOtpTearoff(const char *Cmd) {
|
||||||
|
|
||||||
/*
|
/*
|
||||||
static int counter_reset_tear(iso14a_card_select_t *card, uint8_t cnt_no) {
|
static int counter_reset_tear(iso14a_card_select_t *card, uint8_t cnt_no) {
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Reset tear check");
|
PrintAndLogEx(INFO, "Reset tear check");
|
||||||
|
|
||||||
uint8_t cw[6] = { MIFARE_ULEV1_INCR_CNT, cnt_no, 0x00, 0x00, 0x00, 0x00};
|
uint8_t cw[6] = { MIFARE_ULEV1_INCR_CNT, cnt_no, 0x00, 0x00, 0x00, 0x00};
|
||||||
|
@ -3081,7 +3081,7 @@ static int counter_reset_tear(iso14a_card_select_t *card, uint8_t cnt_no) {
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
DropField();
|
DropField();
|
||||||
|
|
||||||
if (ct[0] != 0xBD) {
|
if (ct[0] != 0xBD) {
|
||||||
PrintAndLogEx(INFO, "Resetting seem to have failed, WHY!?");
|
PrintAndLogEx(INFO, "Resetting seem to have failed, WHY!?");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
|
@ -3106,13 +3106,13 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
arg_int0("c", "cnt", "<0,1,2>", "Target this EV1 counter (0,1,2)"),
|
arg_int0("c", "cnt", "<0,1,2>", "Target this EV1 counter (0,1,2)"),
|
||||||
arg_int0("i", "inc", "<dec>", "time interval to increase in each iteration - default 10 us"),
|
arg_int0("i", "inc", "<dec>", "time interval to increase in each iteration - default 10 us"),
|
||||||
arg_int0("l", "limit", "<dec>", "test upper limit time - default 3000 us"),
|
arg_int0("l", "limit", "<dec>", "test upper limit time - default 3000 us"),
|
||||||
arg_int0("s", "start", "<dec>", "test start time - default 0 us"),
|
arg_int0("s", "start", "<dec>", "test start time - default 0 us"),
|
||||||
arg_int0(NULL, "fix", "<dec>", "test fixed loop delay"),
|
arg_int0(NULL, "fix", "<dec>", "test fixed loop delay"),
|
||||||
arg_str0("x", "hex", NULL, "3 byte hex to increase counter with"),
|
arg_str0("x", "hex", NULL, "3 byte hex to increase counter with"),
|
||||||
arg_param_end
|
arg_param_end
|
||||||
};
|
};
|
||||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||||
|
|
||||||
int interval = 0;
|
int interval = 0;
|
||||||
int time_limit, start_time = 0;
|
int time_limit, start_time = 0;
|
||||||
int counter = arg_get_int_def(ctx, 1, 0);
|
int counter = arg_get_int_def(ctx, 1, 0);
|
||||||
|
@ -3124,15 +3124,15 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
start_time = arg_get_int_def(ctx, 4, 0);
|
start_time = arg_get_int_def(ctx, 4, 0);
|
||||||
} else {
|
} else {
|
||||||
start_time = fixed;
|
start_time = fixed;
|
||||||
interval = 0;
|
interval = 0;
|
||||||
time_limit = fixed;
|
time_limit = fixed;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t newvalue[5] = {0};
|
uint8_t newvalue[5] = {0};
|
||||||
int newvaluelen = 0;
|
int newvaluelen = 0;
|
||||||
CLIGetHexWithReturn(ctx, 6, newvalue, &newvaluelen);
|
CLIGetHexWithReturn(ctx, 6, newvalue, &newvaluelen);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
// Validations
|
// Validations
|
||||||
if (start_time > (time_limit - interval)) {
|
if (start_time > (time_limit - interval)) {
|
||||||
PrintAndLogEx(WARNING, "Wrong start time number");
|
PrintAndLogEx(WARNING, "Wrong start time number");
|
||||||
|
@ -3163,14 +3163,14 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
PrintAndLogEx(INFO, "failed to select card, exiting...");
|
PrintAndLogEx(INFO, "failed to select card, exiting...");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t inital_cnt[3] = {0, 0, 0};
|
uint8_t inital_cnt[3] = {0, 0, 0};
|
||||||
int len = ulev1_readCounter(cnt_no, inital_cnt, sizeof(inital_cnt));
|
int len = ulev1_readCounter(cnt_no, inital_cnt, sizeof(inital_cnt));
|
||||||
if ( len != sizeof(inital_cnt) ) {
|
if ( len != sizeof(inital_cnt) ) {
|
||||||
PrintAndLogEx(WARNING, "failed to read counter");
|
PrintAndLogEx(WARNING, "failed to read counter");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t inital_tear[1] = {0};
|
uint8_t inital_tear[1] = {0};
|
||||||
len = ulev1_readTearing(cnt_no, inital_tear, sizeof(inital_tear));
|
len = ulev1_readTearing(cnt_no, inital_tear, sizeof(inital_tear));
|
||||||
DropField();
|
DropField();
|
||||||
|
@ -3184,7 +3184,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "----------------- " _CYAN_("MFU Ev1 Counter Tear off") " ---------------------");
|
PrintAndLogEx(INFO, "----------------- " _CYAN_("MFU Ev1 Counter Tear off") " ---------------------");
|
||||||
PrintAndLogEx(INFO, "Target counter no [ " _GREEN_("%u") " ]", counter);
|
PrintAndLogEx(INFO, "Target counter no [ " _GREEN_("%u") " ]", counter);
|
||||||
PrintAndLogEx(INFO, " counter value [ " _GREEN_("%s") " ]", sprint_hex_inrow(inital_cnt, sizeof(inital_cnt)));
|
PrintAndLogEx(INFO, " counter value [ " _GREEN_("%s") " ]", sprint_hex_inrow(inital_cnt, sizeof(inital_cnt)));
|
||||||
PrintAndLogEx(INFO, " anti-tear value [ " _GREEN_("%02X") " ]", inital_tear[0]);
|
PrintAndLogEx(INFO, " anti-tear value [ " _GREEN_("%02X") " ]", inital_tear[0]);
|
||||||
PrintAndLogEx(INFO, " increase value [ " _GREEN_("%s") " ]", sprint_hex_inrow(newvalue, newvaluelen));
|
PrintAndLogEx(INFO, " increase value [ " _GREEN_("%s") " ]", sprint_hex_inrow(newvalue, newvaluelen));
|
||||||
PrintAndLogEx(INFO, "----------------------------------------------------");
|
PrintAndLogEx(INFO, "----------------------------------------------------");
|
||||||
|
@ -3197,7 +3197,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
uint32_t loop = 0;
|
uint32_t loop = 0;
|
||||||
|
|
||||||
uint16_t late = 0;
|
uint16_t late = 0;
|
||||||
|
|
||||||
while (actual_time <= (time_limit - interval)) {
|
while (actual_time <= (time_limit - interval)) {
|
||||||
|
|
||||||
|
|
||||||
|
@ -3217,7 +3217,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t cntresp[3] = {0, 0, 0};
|
uint8_t cntresp[3] = {0, 0, 0};
|
||||||
int rlen = ulev1_readCounter(cnt_no, cntresp, sizeof(cntresp));
|
int rlen = ulev1_readCounter(cnt_no, cntresp, sizeof(cntresp));
|
||||||
if ( rlen == sizeof(cntresp) ) {
|
if ( rlen == sizeof(cntresp) ) {
|
||||||
memcpy(pre, cntresp, sizeof(pre));
|
memcpy(pre, cntresp, sizeof(pre));
|
||||||
|
@ -3226,19 +3226,19 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
PrintAndLogEx(FAILED, "BEFORE, failed to read COUNTER, exiting...");
|
PrintAndLogEx(FAILED, "BEFORE, failed to read COUNTER, exiting...");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t tear[1] = {0};
|
uint8_t tear[1] = {0};
|
||||||
int tlen = ulev1_readTearing(cnt_no, tear, sizeof(tear));
|
int tlen = ulev1_readTearing(cnt_no, tear, sizeof(tear));
|
||||||
if ( tlen == sizeof(tear) ) {
|
if ( tlen == sizeof(tear) ) {
|
||||||
pre_tear = tear[0];
|
pre_tear = tear[0];
|
||||||
} else {
|
} else {
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(FAILED, "BEFORE, failed to read ANTITEAR, exiting... %d", tlen);
|
PrintAndLogEx(FAILED, "BEFORE, failed to read ANTITEAR, exiting... %d", tlen);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
DropField();
|
DropField();
|
||||||
|
|
||||||
struct p {
|
struct p {
|
||||||
uint8_t counter;
|
uint8_t counter;
|
||||||
uint32_t tearoff_time;
|
uint32_t tearoff_time;
|
||||||
|
@ -3269,7 +3269,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
PrintAndLogEx(FAILED, "AFTER, failed to read COUNTER, exiting...");
|
PrintAndLogEx(FAILED, "AFTER, failed to read COUNTER, exiting...");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
tear[0] = 0;
|
tear[0] = 0;
|
||||||
tlen = ulev1_readTearing(cnt_no, tear, sizeof(tear));
|
tlen = ulev1_readTearing(cnt_no, tear, sizeof(tear));
|
||||||
if ( tlen == sizeof(tear) ) {
|
if ( tlen == sizeof(tear) ) {
|
||||||
|
@ -3279,7 +3279,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
PrintAndLogEx(FAILED, "AFTER, failed to read ANTITEAR, exiting...");
|
PrintAndLogEx(FAILED, "AFTER, failed to read ANTITEAR, exiting...");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
DropField();
|
DropField();
|
||||||
|
|
||||||
char prestr[20] = {0};
|
char prestr[20] = {0};
|
||||||
|
@ -3290,15 +3290,15 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
bool post_tear_check = (post_tear == 0xBD);
|
bool post_tear_check = (post_tear == 0xBD);
|
||||||
a = (pre[0] | pre[1] << 8 | pre[2] << 16);
|
a = (pre[0] | pre[1] << 8 | pre[2] << 16);
|
||||||
b = (post[0] | post[1] << 8 | post[2] << 16);
|
b = (post[0] | post[1] << 8 | post[2] << 16);
|
||||||
|
|
||||||
// A != B
|
// A != B
|
||||||
if (memcmp(pre, post, sizeof(pre)) != 0) {
|
if (memcmp(pre, post, sizeof(pre)) != 0) {
|
||||||
|
|
||||||
|
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
|
|
||||||
if (inital_value != a ) {
|
if (inital_value != a ) {
|
||||||
|
|
||||||
if ( inital_value != b )
|
if ( inital_value != b )
|
||||||
PrintAndLogEx(INFO, "pre %08x, post %08x != inital %08x | tear: 0x%02X == 0x%02X", a, b, inital_value, pre_tear, post_tear);
|
PrintAndLogEx(INFO, "pre %08x, post %08x != inital %08x | tear: 0x%02X == 0x%02X", a, b, inital_value, pre_tear, post_tear);
|
||||||
else
|
else
|
||||||
|
@ -3319,7 +3319,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( a > b ) {
|
if ( a > b ) {
|
||||||
PrintAndLogEx(INFO, _CYAN_("Tear off occured " _RED_("( LESS )") " -> ") "%s vs " _GREEN_("%s") " Tear status: 0x%02X == 0x%02X ( %s )"
|
PrintAndLogEx(INFO, _CYAN_("Tear off occured " _RED_("( LESS )") " -> ") "%s vs " _GREEN_("%s") " Tear status: 0x%02X == 0x%02X ( %s )"
|
||||||
, prestr
|
, prestr
|
||||||
|
@ -3347,14 +3347,14 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
newvalue[2] = 0;
|
newvalue[2] = 0;
|
||||||
|
|
||||||
PrintAndLogEx(INFO, " 0x1000000 - 0x%x == 0x%x", b, bar);
|
PrintAndLogEx(INFO, " 0x1000000 - 0x%x == 0x%x", b, bar);
|
||||||
PrintAndLogEx(INFO, " new increase value 0x%x" , wr_value);
|
PrintAndLogEx(INFO, " new increase value 0x%x" , wr_value);
|
||||||
PrintAndLogEx(INFO, " because BAR + post == 0x%x" , bar + b);
|
PrintAndLogEx(INFO, " because BAR + post == 0x%x" , bar + b);
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "New increase value " _YELLOW_("%s"), sprint_hex_inrow(newvalue, newvaluelen));
|
PrintAndLogEx(INFO, "New increase value " _YELLOW_("%s"), sprint_hex_inrow(newvalue, newvaluelen));
|
||||||
continue;
|
continue;
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(INFO, _CYAN_("Tear off occured (+1) (too late) -> ") "%s vs %s Tear: 0x%02X == 0x%02X ( %s )"
|
PrintAndLogEx(INFO, _CYAN_("Tear off occured (+1) (too late) -> ") "%s vs %s Tear: 0x%02X == 0x%02X ( %s )"
|
||||||
, prestr
|
, prestr
|
||||||
, poststr
|
, poststr
|
||||||
|
@ -3368,23 +3368,23 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if ( wr_value != 0 ) {
|
if ( wr_value != 0 ) {
|
||||||
|
|
||||||
//uint32_t bar = (0x1000000 - b) + 2;
|
//uint32_t bar = (0x1000000 - b) + 2;
|
||||||
wr_value = 0;
|
wr_value = 0;
|
||||||
newvalue[0] = 0;
|
newvalue[0] = 0;
|
||||||
newvalue[1] = 0;
|
newvalue[1] = 0;
|
||||||
newvalue[2] = 0;
|
newvalue[2] = 0;
|
||||||
|
|
||||||
if ( b >= (inital_value + (2 * wr_value))) {
|
if ( b >= (inital_value + (2 * wr_value))) {
|
||||||
PrintAndLogEx(INFO, "Large " _YELLOW_("( JUMP )") " detected");
|
PrintAndLogEx(INFO, "Large " _YELLOW_("( JUMP )") " detected");
|
||||||
|
|
||||||
|
|
||||||
// wr_value = bar;
|
// wr_value = bar;
|
||||||
// newvalue[0] = (bar) & 0xFF;
|
// newvalue[0] = (bar) & 0xFF;
|
||||||
// newvalue[1] = ((bar >> 8) & 0xFF);
|
// newvalue[1] = ((bar >> 8) & 0xFF);
|
||||||
// newvalue[2] = ((bar >> 16) & 0xFF);
|
// newvalue[2] = ((bar >> 16) & 0xFF);
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// wr_value = bar;
|
// wr_value = bar;
|
||||||
// newvalue[0] = (bar) & 0xFF;
|
// newvalue[0] = (bar) & 0xFF;
|
||||||
// newvalue[1] = ((bar >> 8) & 0xFF);
|
// newvalue[1] = ((bar >> 8) & 0xFF);
|
||||||
|
@ -3397,7 +3397,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
|
|
||||||
}
|
}
|
||||||
PrintAndLogEx(INFO, "New increase value " _YELLOW_("%s"), sprint_hex_inrow(newvalue, newvaluelen));
|
PrintAndLogEx(INFO, "New increase value " _YELLOW_("%s"), sprint_hex_inrow(newvalue, newvaluelen));
|
||||||
|
|
||||||
//actual_time--;
|
//actual_time--;
|
||||||
late++;
|
late++;
|
||||||
}
|
}
|
||||||
|
@ -3410,19 +3410,19 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
, post_tear
|
, post_tear
|
||||||
, post_tear_check ? _GREEN_("OK") : _RED_("DETECTED")
|
, post_tear_check ? _GREEN_("OK") : _RED_("DETECTED")
|
||||||
);
|
);
|
||||||
|
|
||||||
if ( post_tear_check ) {
|
if ( post_tear_check ) {
|
||||||
if ( a == b ) {
|
if ( a == b ) {
|
||||||
//actual_time--;
|
//actual_time--;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( b == inital_value ) {
|
if ( b == inital_value ) {
|
||||||
PrintAndLogEx(INFO, "Reverted to previous value");
|
PrintAndLogEx(INFO, "Reverted to previous value");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
if (counter_reset_tear(&card, cnt_no) != PM3_SUCCESS){
|
if (counter_reset_tear(&card, cnt_no) != PM3_SUCCESS){
|
||||||
PrintAndLogEx(FAILED, "failed to reset tear, exiting...");
|
PrintAndLogEx(FAILED, "failed to reset tear, exiting...");
|
||||||
break;
|
break;
|
||||||
|
@ -3436,7 +3436,7 @@ static int CmdHF14AMfuEv1CounterTearoff(const char *Cmd) {
|
||||||
|
|
||||||
DropField();
|
DropField();
|
||||||
|
|
||||||
PrintAndLogEx(INFO, " Sent %u tear offs ", loop);
|
PrintAndLogEx(INFO, " Sent %u tear offs ", loop);
|
||||||
|
|
||||||
counter_reset_tear(&card, cnt_no);
|
counter_reset_tear(&card, cnt_no);
|
||||||
|
|
||||||
|
@ -3584,7 +3584,7 @@ static command_t CommandTable[] = {
|
||||||
{"gen", CmdHF14AMfUGenDiverseKeys, AlwaysAvailable, "Generate 3des mifare diversified keys"},
|
{"gen", CmdHF14AMfUGenDiverseKeys, AlwaysAvailable, "Generate 3des mifare diversified keys"},
|
||||||
{"pwdgen", CmdHF14AMfUPwdGen, AlwaysAvailable, "Generate pwd from known algos"},
|
{"pwdgen", CmdHF14AMfUPwdGen, AlwaysAvailable, "Generate pwd from known algos"},
|
||||||
{"otptear", CmdHF14AMfuOtpTearoff, IfPm3Iso14443a, "Tear-off test on OTP bits"},
|
{"otptear", CmdHF14AMfuOtpTearoff, IfPm3Iso14443a, "Tear-off test on OTP bits"},
|
||||||
// {"countertear", CmdHF14AMfuEv1CounterTearoff, IfPm3Iso14443a, "Tear-off test on Ev1 Counter bits"},
|
// {"countertear", CmdHF14AMfuEv1CounterTearoff, IfPm3Iso14443a, "Tear-off test on Ev1 Counter bits"},
|
||||||
{"ndef", CmdHF14MfuNDEF, IfPm3Iso14443a, "Prints NDEF records from card"},
|
{"ndef", CmdHF14MfuNDEF, IfPm3Iso14443a, "Prints NDEF records from card"},
|
||||||
{NULL, NULL, NULL, NULL}
|
{NULL, NULL, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
|
@ -523,14 +523,14 @@ static int cmd_hf_st_protect(const char *Cmd) {
|
||||||
if (enable_protection && disable_protection) {
|
if (enable_protection && disable_protection) {
|
||||||
PrintAndLogEx(ERR, "Must specify either enable or disable protection, not both");
|
PrintAndLogEx(ERR, "Must specify either enable or disable protection, not both");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
}
|
}
|
||||||
if (enable_protection) {
|
if (enable_protection) {
|
||||||
state[0] = 0x28;
|
state[0] = 0x28;
|
||||||
}
|
}
|
||||||
if (disable_protection) {
|
if (disable_protection) {
|
||||||
state[0] = 0x26;
|
state[0] = 0x26;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (read_protection && write_protection) {
|
if (read_protection && write_protection) {
|
||||||
PrintAndLogEx(ERR, "Must specify either read or write protection, not both");
|
PrintAndLogEx(ERR, "Must specify either read or write protection, not both");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
|
@ -681,7 +681,7 @@ static int cmd_hf_st_pwd(const char *Cmd) {
|
||||||
if (change_write_password) {
|
if (change_write_password) {
|
||||||
changePwd[2] = 0x02;
|
changePwd[2] = 0x02;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pwdlen != 16) {
|
if (pwdlen != 16) {
|
||||||
PrintAndLogEx(ERR, "Original write password must be 16 hex bytes");
|
PrintAndLogEx(ERR, "Original write password must be 16 hex bytes");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
#include "cmdlfawid.h" // for awid menu
|
#include "cmdlfawid.h" // for awid menu
|
||||||
#include "cmdlfem4x.h" // for em4x menu
|
#include "cmdlfem4x.h" // for em4x menu
|
||||||
#include "cmdlfem4x05.h" // for em4x05 / 4x69
|
#include "cmdlfem4x05.h" // for em4x05 / 4x69
|
||||||
#include "cmdlfem4x50.h" // for em4x50
|
#include "cmdlfem4x50.h" // for em4x50
|
||||||
#include "cmdlfhid.h" // for hid menu
|
#include "cmdlfhid.h" // for hid menu
|
||||||
#include "cmdlfhitag.h" // for hitag menu
|
#include "cmdlfhitag.h" // for hitag menu
|
||||||
#include "cmdlfidteck.h" // for idteck menu
|
#include "cmdlfidteck.h" // for idteck menu
|
||||||
|
|
|
@ -66,7 +66,7 @@ int demodDestron(bool verbose) {
|
||||||
|
|
||||||
uint8_t data[5] = {0};
|
uint8_t data[5] = {0};
|
||||||
uint8_t parity_err = 0;
|
uint8_t parity_err = 0;
|
||||||
for (int i=0; i < sizeof(data); i++) {
|
for (int i = 0; i < sizeof(data); i++) {
|
||||||
data[i] = bytebits_to_byte(bits + i * 8, 8);
|
data[i] = bytebits_to_byte(bits + i * 8, 8);
|
||||||
parity_err += oddparity8(data[i]);
|
parity_err += oddparity8(data[i]);
|
||||||
data[i] &= 0x7F;
|
data[i] &= 0x7F;
|
||||||
|
@ -113,11 +113,11 @@ static int CmdDestronClone(const char *Cmd) {
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
uint8_t data_ex[12 + 24] = {0}; // ManchesterEncode need extra room
|
uint8_t data_ex[12 + 24] = {0}; // ManchesterEncode need extra room
|
||||||
for (int i=0; i < datalen; i++) {
|
for (int i = 0; i < datalen; i++) {
|
||||||
data_ex[i + 1] = ~data [i] | (evenparity8(data[i]) << 7);
|
data_ex[i + 1] = ~data [i] | (evenparity8(data[i]) << 7);
|
||||||
}
|
}
|
||||||
for (int i=0; i < 3; i++) {
|
for (int i = 0; i < 3; i++) {
|
||||||
blocks[i+1] = manchesterEncode2Bytes((data_ex[i*2]<<8)+data_ex[i*2+1]);
|
blocks[i + 1] = manchesterEncode2Bytes((data_ex[i * 2] << 8) + data_ex[i * 2 + 1]);
|
||||||
}
|
}
|
||||||
// inject preamble
|
// inject preamble
|
||||||
blocks[1] = (blocks[1] & 0xFFFF) | 0xAAE20000;
|
blocks[1] = (blocks[1] & 0xFFFF) | 0xAAE20000;
|
||||||
|
|
|
@ -107,7 +107,7 @@ typedef enum {
|
||||||
// 2 = EM4x05
|
// 2 = EM4x05
|
||||||
static em_tech_type_t em_get_card_type(uint32_t config) {
|
static em_tech_type_t em_get_card_type(uint32_t config) {
|
||||||
uint8_t t = (config >> 1) & 0xF;
|
uint8_t t = (config >> 1) & 0xF;
|
||||||
switch(t) {
|
switch (t) {
|
||||||
case 4:
|
case 4:
|
||||||
return EM_4X69;
|
return EM_4X69;
|
||||||
case 8:
|
case 8:
|
||||||
|
@ -118,7 +118,7 @@ static em_tech_type_t em_get_card_type(uint32_t config) {
|
||||||
return EM_UNKNOWN;
|
return EM_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const char* em_get_card_str(uint32_t config) {
|
static const char *em_get_card_str(uint32_t config) {
|
||||||
switch (em_get_card_type(config)) {
|
switch (em_get_card_type(config)) {
|
||||||
case EM_4305:
|
case EM_4305:
|
||||||
return "EM4305";
|
return "EM4305";
|
||||||
|
@ -429,9 +429,9 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
|
|
||||||
void *argtable[] = {
|
void *argtable[] = {
|
||||||
arg_param_begin,
|
arg_param_begin,
|
||||||
arg_u64_0("p", "pwd", "<hex>", "password (0x00000000)"),
|
arg_u64_0("p", "pwd", "<hex>", "password (0x00000000)"),
|
||||||
arg_str0("f", "file", "<filename>", "overide filename prefix (optional). Default is based on UID"),
|
arg_str0("f", "file", "<filename>", "overide filename prefix (optional). Default is based on UID"),
|
||||||
arg_param_end
|
arg_param_end
|
||||||
};
|
};
|
||||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||||
|
|
||||||
|
@ -440,17 +440,17 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
char filename[FILE_PATH_SIZE] = {0};
|
char filename[FILE_PATH_SIZE] = {0};
|
||||||
CLIParamStrToBuf(arg_get_str(ctx, 2), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
|
CLIParamStrToBuf(arg_get_str(ctx, 2), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
uint8_t addr = 0;
|
uint8_t addr = 0;
|
||||||
uint32_t pwd = 0;
|
uint32_t pwd = 0;
|
||||||
bool usePwd = false;
|
bool usePwd = false;
|
||||||
if (inputpwd != 0xFFFFFFFFFFFFFFFF) {
|
if (inputpwd != 0xFFFFFFFFFFFFFFFF) {
|
||||||
|
|
||||||
if (inputpwd & 0xFFFFFFFF00000000) {
|
if (inputpwd & 0xFFFFFFFF00000000) {
|
||||||
PrintAndLogEx(FAILED, "Pwd too large");
|
PrintAndLogEx(FAILED, "Pwd too large");
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
usePwd = true;
|
usePwd = true;
|
||||||
pwd = (inputpwd & 0xFFFFFFFF);
|
pwd = (inputpwd & 0xFFFFFFFF);
|
||||||
}
|
}
|
||||||
|
@ -470,13 +470,13 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
bool gotLockBits = false;
|
bool gotLockBits = false;
|
||||||
bool lockInPW2 = false;
|
bool lockInPW2 = false;
|
||||||
uint32_t word = 0;
|
uint32_t word = 0;
|
||||||
|
|
||||||
const char *info[] = {"Info/User", "UID", "Password", "User", "Config", "User", "User", "User", "User", "User", "User", "User", "User", "User", "Lock", "Lock"};
|
const char *info[] = {"Info/User", "UID", "Password", "User", "Config", "User", "User", "User", "User", "User", "User", "User", "User", "User", "Lock", "Lock"};
|
||||||
const char *info4x69 [] = {"Info", "UID", "Password", "Config", "User", "User", "User", "User", "User", "User", "User", "User", "User", "User", "User", "User"};
|
const char *info4x69 [] = {"Info", "UID", "Password", "Config", "User", "User", "User", "User", "User", "User", "User", "User", "User", "User", "User", "User"};
|
||||||
|
|
||||||
// EM4305 vs EM4469
|
// EM4305 vs EM4469
|
||||||
em_tech_type_t card_type = em_get_card_type(block0);
|
em_tech_type_t card_type = em_get_card_type(block0);
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Found a " _GREEN_("%s") " tag", em_get_card_str(block0));
|
PrintAndLogEx(INFO, "Found a " _GREEN_("%s") " tag", em_get_card_str(block0));
|
||||||
|
|
||||||
if (usePwd) {
|
if (usePwd) {
|
||||||
|
@ -497,7 +497,7 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
PrintAndLogEx(INFO, "Addr | data | ascii |lck| info");
|
PrintAndLogEx(INFO, "Addr | data | ascii |lck| info");
|
||||||
PrintAndLogEx(INFO, "-----+----------+-------+---+-----");
|
PrintAndLogEx(INFO, "-----+----------+-------+---+-----");
|
||||||
|
|
||||||
if ( card_type == EM_4205 || card_type == EM_4305 || card_type == EM_UNKNOWN) {
|
if (card_type == EM_4205 || card_type == EM_4305 || card_type == EM_UNKNOWN) {
|
||||||
|
|
||||||
|
|
||||||
// To flag any blocks locked we need to read blocks 14 and 15 first
|
// To flag any blocks locked we need to read blocks 14 and 15 first
|
||||||
|
@ -570,7 +570,7 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
data[15] = BSWAP_32(data[15]);
|
data[15] = BSWAP_32(data[15]);
|
||||||
|
|
||||||
} else if (card_type == EM_4X69) {
|
} else if (card_type == EM_4X69) {
|
||||||
|
|
||||||
// To flag any blocks locked we need to read blocks 14 and 15 first
|
// To flag any blocks locked we need to read blocks 14 and 15 first
|
||||||
// dont swap endin until we get block lock flags.
|
// dont swap endin until we get block lock flags.
|
||||||
status14 = EM4x05ReadWord_ext(EM4469_PROT_BLOCK, pwd, usePwd, &word);
|
status14 = EM4x05ReadWord_ext(EM4469_PROT_BLOCK, pwd, usePwd, &word);
|
||||||
|
@ -583,7 +583,7 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
} else {
|
} else {
|
||||||
success = PM3_ESOFT; // If any error ensure fail is set so not to save invalid data
|
success = PM3_ESOFT; // If any error ensure fail is set so not to save invalid data
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t lockbit;
|
uint32_t lockbit;
|
||||||
|
|
||||||
for (; addr < 15; addr++) {
|
for (; addr < 15; addr++) {
|
||||||
|
@ -613,7 +613,7 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -621,8 +621,8 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
// saveFileEML will add .eml extension to filename
|
// saveFileEML will add .eml extension to filename
|
||||||
// saveFile (binary) passes in the .bin extension.
|
// saveFile (binary) passes in the .bin extension.
|
||||||
if (strcmp(filename, "") == 0) {
|
if (strcmp(filename, "") == 0) {
|
||||||
|
|
||||||
if ( card_type == EM_4X69) {
|
if (card_type == EM_4X69) {
|
||||||
sprintf(filename, "lf-4x69-%08X-dump", BSWAP_32(data[1]));
|
sprintf(filename, "lf-4x69-%08X-dump", BSWAP_32(data[1]));
|
||||||
} else {
|
} else {
|
||||||
sprintf(filename, "lf-4x05-%08X-dump", BSWAP_32(data[1]));
|
sprintf(filename, "lf-4x05-%08X-dump", BSWAP_32(data[1]));
|
||||||
|
@ -631,7 +631,7 @@ int CmdEM4x05Dump(const char *Cmd) {
|
||||||
}
|
}
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
saveFileJSON(filename, (card_type == EM_4X69) ? jsfEM4x69 : jsfEM4x05, (uint8_t *)data, 16 * sizeof(uint32_t), NULL);
|
saveFileJSON(filename, (card_type == EM_4X69) ? jsfEM4x69 : jsfEM4x05, (uint8_t *)data, 16 * sizeof(uint32_t), NULL);
|
||||||
|
|
||||||
saveFileEML(filename, (uint8_t *)data, 16 * sizeof(uint32_t), sizeof(uint32_t));
|
saveFileEML(filename, (uint8_t *)data, 16 * sizeof(uint32_t), sizeof(uint32_t));
|
||||||
saveFile(filename, ".bin", data, sizeof(data));
|
saveFile(filename, ".bin", data, sizeof(data));
|
||||||
}
|
}
|
||||||
|
@ -941,7 +941,7 @@ static void printEM4x05info(uint32_t block0, uint32_t serial) {
|
||||||
|
|
||||||
uint8_t chipType = (block0 >> 1) & 0xF;
|
uint8_t chipType = (block0 >> 1) & 0xF;
|
||||||
uint8_t cap = (block0 >> 5) & 3;
|
uint8_t cap = (block0 >> 5) & 3;
|
||||||
uint16_t custCode = (block0 >> 9) & 0x2FF;
|
uint16_t custCode = (block0 >> 9) & 0x2FF;
|
||||||
|
|
||||||
/* bits
|
/* bits
|
||||||
// 0, rfu
|
// 0, rfu
|
||||||
|
@ -950,7 +950,7 @@ static void printEM4x05info(uint32_t block0, uint32_t serial) {
|
||||||
// 7,8, rfu
|
// 7,8, rfu
|
||||||
// 9 - 18 customer code
|
// 9 - 18 customer code
|
||||||
// 19, rfu
|
// 19, rfu
|
||||||
|
|
||||||
98765432109876543210
|
98765432109876543210
|
||||||
001000000000
|
001000000000
|
||||||
// 00100000000001111000
|
// 00100000000001111000
|
||||||
|
@ -959,7 +959,7 @@ static void printEM4x05info(uint32_t block0, uint32_t serial) {
|
||||||
// 011
|
// 011
|
||||||
// 00100000000
|
// 00100000000
|
||||||
*/
|
*/
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
|
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
|
||||||
|
|
||||||
PrintAndLogEx(SUCCESS, " Block0: " _GREEN_("%08x") " (Word 0)", block0);
|
PrintAndLogEx(SUCCESS, " Block0: " _GREEN_("%08x") " (Word 0)", block0);
|
||||||
|
@ -1037,7 +1037,7 @@ int CmdEM4x05Info(const char *Cmd) {
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
|
|
||||||
printEM4x05config(word);
|
printEM4x05config(word);
|
||||||
|
|
||||||
// if 4469 read EM4469_PROT_BLOCK
|
// if 4469 read EM4469_PROT_BLOCK
|
||||||
// if 4305 read 14,15
|
// if 4305 read 14,15
|
||||||
if (card_type == EM_4205 || card_type == EM_4305) {
|
if (card_type == EM_4205 || card_type == EM_4305) {
|
||||||
|
@ -1059,7 +1059,7 @@ int CmdEM4x05Info(const char *Cmd) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if (card_type == EM_4X69) {
|
} else if (card_type == EM_4X69) {
|
||||||
// read word 3 to see which is being used for the protection bits
|
// read word 3 to see which is being used for the protection bits
|
||||||
if (EM4x05ReadWord_ext(EM4469_PROT_BLOCK, pwd, usePwd, &word) != PM3_SUCCESS) {
|
if (EM4x05ReadWord_ext(EM4469_PROT_BLOCK, pwd, usePwd, &word) != PM3_SUCCESS) {
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
@ -1104,12 +1104,12 @@ int CmdEM4x05Chk(const char *Cmd) {
|
||||||
snprintf(filename, sizeof(filename), "t55xx_default_pwds");
|
snprintf(filename, sizeof(filename), "t55xx_default_pwds");
|
||||||
}
|
}
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
|
|
||||||
bool found = false;
|
bool found = false;
|
||||||
uint64_t t1 = msclock();
|
uint64_t t1 = msclock();
|
||||||
|
|
||||||
// White cloner password based on EM4100 ID
|
// White cloner password based on EM4100 ID
|
||||||
if ( card_id > 0 ) {
|
if (card_id > 0) {
|
||||||
|
|
||||||
uint32_t pwd = lf_t55xx_white_pwdgen(card_id & 0xFFFFFFFF);
|
uint32_t pwd = lf_t55xx_white_pwdgen(card_id & 0xFFFFFFFF);
|
||||||
PrintAndLogEx(INFO, "testing %08"PRIX32" generated ", pwd);
|
PrintAndLogEx(INFO, "testing %08"PRIX32" generated ", pwd);
|
||||||
|
@ -1180,7 +1180,7 @@ int CmdEM4x05Chk(const char *Cmd) {
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
uint16_t cnt;
|
uint16_t cnt;
|
||||||
uint32_t value;
|
uint32_t value;
|
||||||
} em4x05_unlock_item_t;
|
} em4x05_unlock_item_t;
|
||||||
|
|
||||||
static int unlock_write_protect(bool use_pwd, uint32_t pwd, uint32_t data, bool verbose) {
|
static int unlock_write_protect(bool use_pwd, uint32_t pwd, uint32_t data, bool verbose) {
|
||||||
|
@ -1214,7 +1214,7 @@ static int unlock_write_protect(bool use_pwd, uint32_t pwd, uint32_t data, bool
|
||||||
PrintAndLogEx(ERR, "Tag denied PROTECT operation");
|
PrintAndLogEx(ERR, "Tag denied PROTECT operation");
|
||||||
else
|
else
|
||||||
PrintAndLogEx(DEBUG, "No answer from tag");
|
PrintAndLogEx(DEBUG, "No answer from tag");
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
static int unlock_reset(bool use_pwd, uint32_t pwd, uint32_t data, bool verbose) {
|
static int unlock_reset(bool use_pwd, uint32_t pwd, uint32_t data, bool verbose) {
|
||||||
|
@ -1224,14 +1224,14 @@ static int unlock_reset(bool use_pwd, uint32_t pwd, uint32_t data, bool verbose)
|
||||||
return unlock_write_protect(use_pwd, pwd, data, false);
|
return unlock_write_protect(use_pwd, pwd, data, false);
|
||||||
}
|
}
|
||||||
static void unlock_add_item(em4x05_unlock_item_t *array, uint8_t len, uint32_t value) {
|
static void unlock_add_item(em4x05_unlock_item_t *array, uint8_t len, uint32_t value) {
|
||||||
|
|
||||||
uint8_t i = 0;
|
uint8_t i = 0;
|
||||||
for (; i < len; i++) {
|
for (; i < len; i++) {
|
||||||
if ( array[i].value == value ) {
|
if (array[i].value == value) {
|
||||||
array[i].cnt++;
|
array[i].cnt++;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if ( array[i].cnt == 0 ) {
|
if (array[i].cnt == 0) {
|
||||||
array[i].cnt++;
|
array[i].cnt++;
|
||||||
array[i].value = value;
|
array[i].value = value;
|
||||||
break;
|
break;
|
||||||
|
@ -1254,9 +1254,9 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
arg_int0("n", NULL, NULL, "steps to skip"),
|
arg_int0("n", NULL, NULL, "steps to skip"),
|
||||||
arg_int0("s", "start", "<us>", "start scan from delay (us)"),
|
arg_int0("s", "start", "<us>", "start scan from delay (us)"),
|
||||||
arg_int0("e", "end", "<us>", "end scan at delay (us)"),
|
arg_int0("e", "end", "<us>", "end scan at delay (us)"),
|
||||||
arg_u64_0("p", "pwd", "", "password (0x00000000)"),
|
arg_u64_0("p", "pwd", "", "password (0x00000000)"),
|
||||||
arg_lit0("v", "verbose", "verbose output"),
|
arg_lit0("v", "verbose", "verbose output"),
|
||||||
arg_param_end
|
arg_param_end
|
||||||
};
|
};
|
||||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||||
double n = (double)arg_get_int_def(ctx, 1, 0);
|
double n = (double)arg_get_int_def(ctx, 1, 0);
|
||||||
|
@ -1266,7 +1266,7 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
bool verbose = arg_get_lit(ctx, 5);
|
bool verbose = arg_get_lit(ctx, 5);
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
if ( start > end ) {
|
if (start > end) {
|
||||||
PrintAndLogEx(FAILED, "start delay can\'t be larger than end delay %.0lf vs %.0lf", start, end);
|
PrintAndLogEx(FAILED, "start delay can\'t be larger than end delay %.0lf vs %.0lf", start, end);
|
||||||
return PM3_EINVARG;
|
return PM3_EINVARG;
|
||||||
}
|
}
|
||||||
|
@ -1285,24 +1285,24 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
|
|
||||||
uint32_t search_value = 0;
|
uint32_t search_value = 0;
|
||||||
uint32_t write_value = 0;
|
uint32_t write_value = 0;
|
||||||
//
|
//
|
||||||
// inital phase
|
// inital phase
|
||||||
//
|
//
|
||||||
// read word 14
|
// read word 14
|
||||||
uint32_t init_14 = 0;
|
uint32_t init_14 = 0;
|
||||||
int res = EM4x05ReadWord_ext(14, pwd, use_pwd, &init_14);
|
int res = EM4x05ReadWord_ext(14, pwd, use_pwd, &init_14);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(FAILED, "failed to read word 14\n");
|
PrintAndLogEx(FAILED, "failed to read word 14\n");
|
||||||
return PM3_ENODATA;
|
return PM3_ENODATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// read 15
|
// read 15
|
||||||
uint32_t init_15 = 0;
|
uint32_t init_15 = 0;
|
||||||
res = EM4x05ReadWord_ext(15, pwd, use_pwd, &init_15);
|
res = EM4x05ReadWord_ext(15, pwd, use_pwd, &init_15);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(FAILED, "failed to read word 15\n");
|
PrintAndLogEx(FAILED, "failed to read word 15\n");
|
||||||
return PM3_ENODATA;
|
return PM3_ENODATA;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define ACTIVE_MASK 0x00008000
|
#define ACTIVE_MASK 0x00008000
|
||||||
|
@ -1322,13 +1322,13 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
my_auto = true;
|
my_auto = true;
|
||||||
n = (end - start) / 2;
|
n = (end - start) / 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
// fix at one specific delay
|
// fix at one specific delay
|
||||||
if (start == end) {
|
if (start == end) {
|
||||||
n = 0;
|
n = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "--------------- " _CYAN_("EM4x05 tear-off : target PROTECT") " -----------------------\n");
|
PrintAndLogEx(INFO, "--------------- " _CYAN_("EM4x05 tear-off : target PROTECT") " -----------------------\n");
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "initial prot 14&15 [ " _GREEN_("%08X") ", " _GREEN_("%08X") " ]", init_14, init_15);
|
PrintAndLogEx(INFO, "initial prot 14&15 [ " _GREEN_("%08X") ", " _GREEN_("%08X") " ]", init_14, init_15);
|
||||||
|
|
||||||
|
@ -1341,15 +1341,15 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
|
|
||||||
PrintAndLogEx(INFO, " target stepping [ " _GREEN_("%.0lf") " ]", n);
|
PrintAndLogEx(INFO, " target stepping [ " _GREEN_("%.0lf") " ]", n);
|
||||||
PrintAndLogEx(INFO, "target delay range [ " _GREEN_("%.0lf") " ... " _GREEN_("%.0lf") " ]", start, end);
|
PrintAndLogEx(INFO, "target delay range [ " _GREEN_("%.0lf") " ... " _GREEN_("%.0lf") " ]", start, end);
|
||||||
PrintAndLogEx(INFO, " search value [ " _GREEN_("%08X") " ]", search_value);
|
PrintAndLogEx(INFO, " search value [ " _GREEN_("%08X") " ]", search_value);
|
||||||
PrintAndLogEx(INFO, " write value [ " _GREEN_("%08X") " ]", write_value);
|
PrintAndLogEx(INFO, " write value [ " _GREEN_("%08X") " ]", write_value);
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "----------------------------------------------------------------------------\n");
|
PrintAndLogEx(INFO, "----------------------------------------------------------------------------\n");
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(INFO, "press " _YELLOW_("'enter'") " to cancel the command");
|
PrintAndLogEx(INFO, "press " _YELLOW_("'enter'") " to cancel the command");
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(INFO, "--------------- " _CYAN_("start") " -----------------------\n");
|
PrintAndLogEx(INFO, "--------------- " _CYAN_("start") " -----------------------\n");
|
||||||
|
|
||||||
int exit_code = PM3_SUCCESS;
|
int exit_code = PM3_SUCCESS;
|
||||||
uint32_t word14 = 0, word15 = 0;
|
uint32_t word14 = 0, word15 = 0;
|
||||||
uint32_t word14b = 0, word15b = 0;
|
uint32_t word14b = 0, word15b = 0;
|
||||||
|
@ -1357,7 +1357,7 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
uint32_t soon = 0;
|
uint32_t soon = 0;
|
||||||
uint32_t late = 0;
|
uint32_t late = 0;
|
||||||
|
|
||||||
em4x05_unlock_item_t flipped[64] ={{0,0}};
|
em4x05_unlock_item_t flipped[64] = {{0, 0}};
|
||||||
|
|
||||||
//
|
//
|
||||||
// main loop
|
// main loop
|
||||||
|
@ -1378,7 +1378,7 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tries >= 5 && n == 0 && soon != late) {
|
if (tries >= 5 && n == 0 && soon != late) {
|
||||||
|
|
||||||
if (soon > late) {
|
if (soon > late) {
|
||||||
PrintAndLogEx(INFO, "Tried %d times, soon:%i late:%i => " _CYAN_("adjust +1 us >> %.0lf us"), tries, soon, late, start);
|
PrintAndLogEx(INFO, "Tried %d times, soon:%i late:%i => " _CYAN_("adjust +1 us >> %.0lf us"), tries, soon, late, start);
|
||||||
start++;
|
start++;
|
||||||
|
@ -1397,23 +1397,23 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
exit_code = PM3_EOPABORTED;
|
exit_code = PM3_EOPABORTED;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// set tear off trigger
|
// set tear off trigger
|
||||||
clearCommandBuffer();
|
clearCommandBuffer();
|
||||||
tearoff_params_t params = {
|
tearoff_params_t params = {
|
||||||
.delay_us = start,
|
.delay_us = start,
|
||||||
.on = true,
|
.on = true,
|
||||||
.off = false
|
.off = false
|
||||||
};
|
};
|
||||||
res = handle_tearoff(¶ms, verbose);
|
res = handle_tearoff(¶ms, verbose);
|
||||||
if ( res != PM3_SUCCESS ) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(WARNING, "failed to configure tear off");
|
PrintAndLogEx(WARNING, "failed to configure tear off");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
|
||||||
// write
|
// write
|
||||||
res = unlock_write_protect(use_pwd, pwd, write_value, verbose);
|
res = unlock_write_protect(use_pwd, pwd, write_value, verbose);
|
||||||
|
|
||||||
// read after trigger
|
// read after trigger
|
||||||
res = EM4x05ReadWord_ext(14, pwd, use_pwd, &word14);
|
res = EM4x05ReadWord_ext(14, pwd, use_pwd, &word14);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
|
@ -1430,10 +1430,10 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
|
|
||||||
if (verbose)
|
if (verbose)
|
||||||
PrintAndLogEx(INFO, "ref:%08X 14:%08X 15:%08X ", search_value, word14, word15);
|
PrintAndLogEx(INFO, "ref:%08X 14:%08X 15:%08X ", search_value, word14, word15);
|
||||||
|
|
||||||
if ( word14 == search_value && word15 == 0) {
|
if (word14 == search_value && word15 == 0) {
|
||||||
PrintAndLogEx(INFO, "Status: Nothing happened => " _GREEN_("tearing too soon"));
|
PrintAndLogEx(INFO, "Status: Nothing happened => " _GREEN_("tearing too soon"));
|
||||||
|
|
||||||
if (my_auto) {
|
if (my_auto) {
|
||||||
start += n;
|
start += n;
|
||||||
PrintAndLogEx(INFO, " => " _CYAN_("adjust +%.0lf us >> %.0lf us"), n, start);
|
PrintAndLogEx(INFO, " => " _CYAN_("adjust +%.0lf us >> %.0lf us"), n, start);
|
||||||
|
@ -1442,17 +1442,17 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
soon++;
|
soon++;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
if (word15 == search_value) {
|
if (word15 == search_value) {
|
||||||
|
|
||||||
if (word14 == 0) {
|
if (word14 == 0) {
|
||||||
PrintAndLogEx(INFO, "Status: Protect succeeded => " _GREEN_("tearing too late"));
|
PrintAndLogEx(INFO, "Status: Protect succeeded => " _GREEN_("tearing too late"));
|
||||||
} else {
|
} else {
|
||||||
if ( word14 == search_value) {
|
if (word14 == search_value) {
|
||||||
PrintAndLogEx(INFO, "Status: 15 ok, 14 not yet erased => " _GREEN_("tearing too late"));
|
PrintAndLogEx(INFO, "Status: 15 ok, 14 not yet erased => " _GREEN_("tearing too late"));
|
||||||
} else {
|
} else {
|
||||||
PrintAndLogEx(INFO, "Status: 15 ok, 14 partially erased => " _GREEN_("tearing too late"));
|
PrintAndLogEx(INFO, "Status: 15 ok, 14 partially erased => " _GREEN_("tearing too late"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
unlock_reset(use_pwd, pwd, write_value, verbose);
|
unlock_reset(use_pwd, pwd, write_value, verbose);
|
||||||
|
@ -1466,7 +1466,7 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
|
|
||||||
if (word14b == 0) {
|
if (word14b == 0) {
|
||||||
|
|
||||||
unlock_reset(use_pwd, pwd, write_value, verbose);
|
unlock_reset(use_pwd, pwd, write_value, verbose);
|
||||||
|
|
||||||
res = EM4x05ReadWord_ext(14, pwd, use_pwd, &word14b);
|
res = EM4x05ReadWord_ext(14, pwd, use_pwd, &word14b);
|
||||||
if (res != PM3_SUCCESS) {
|
if (res != PM3_SUCCESS) {
|
||||||
|
@ -1474,7 +1474,7 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (word14b != search_value) {
|
if (word14b != search_value) {
|
||||||
|
|
||||||
res = EM4x05ReadWord_ext(15, pwd, use_pwd, &word15b);
|
res = EM4x05ReadWord_ext(15, pwd, use_pwd, &word15b);
|
||||||
|
@ -1484,7 +1484,7 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
break;
|
break;
|
||||||
} else {
|
} else {
|
||||||
PrintAndLogEx(WARNING, "failed to read 15");
|
PrintAndLogEx(WARNING, "failed to read 15");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (my_auto) {
|
if (my_auto) {
|
||||||
|
@ -1497,32 +1497,32 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
if (( word15 & ACTIVE_MASK) == ACTIVE_MASK) {
|
if ((word15 & ACTIVE_MASK) == ACTIVE_MASK) {
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Status: 15 bitflipped and active => " _RED_("SUCCESS?: ") "14: %08X 15: " _CYAN_("%08X"), word14, word15);
|
PrintAndLogEx(INFO, "Status: 15 bitflipped and active => " _RED_("SUCCESS?: ") "14: %08X 15: " _CYAN_("%08X"), word14, word15);
|
||||||
PrintAndLogEx(INFO, "Committing results...");
|
PrintAndLogEx(INFO, "Committing results...");
|
||||||
|
|
||||||
unlock_reset(use_pwd, pwd, write_value, verbose);
|
unlock_reset(use_pwd, pwd, write_value, verbose);
|
||||||
|
|
||||||
// read after reset
|
// read after reset
|
||||||
res = EM4x05ReadWord_ext(14, pwd, use_pwd, &word14b);
|
res = EM4x05ReadWord_ext(14, pwd, use_pwd, &word14b);
|
||||||
if ( res != PM3_SUCCESS ) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(WARNING, "failed to read 14");
|
PrintAndLogEx(WARNING, "failed to read 14");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
|
||||||
res = EM4x05ReadWord_ext(15, pwd, use_pwd, &word15b);
|
res = EM4x05ReadWord_ext(15, pwd, use_pwd, &word15b);
|
||||||
if ( res != PM3_SUCCESS ) {
|
if (res != PM3_SUCCESS) {
|
||||||
PrintAndLogEx(WARNING, "failed to read 15");
|
PrintAndLogEx(WARNING, "failed to read 15");
|
||||||
return PM3_ESOFT;
|
return PM3_ESOFT;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (verbose)
|
if (verbose)
|
||||||
PrintAndLogEx(INFO, "ref:%08x 14:%08X 15:%08X", search_value, word14b, word15b);
|
PrintAndLogEx(INFO, "ref:%08x 14:%08X 15:%08X", search_value, word14b, word15b);
|
||||||
|
|
||||||
if ((word14b & ACTIVE_MASK) == ACTIVE_MASK) {
|
if ((word14b & ACTIVE_MASK) == ACTIVE_MASK) {
|
||||||
|
|
||||||
if (word14b == word15) {
|
if (word14b == word15) {
|
||||||
PrintAndLogEx(INFO, "Status: confirmed => " _RED_("SUCCESS: ") "14: " _CYAN_("%08X") " 15: %08X", word14b, word15b);
|
PrintAndLogEx(INFO, "Status: confirmed => " _RED_("SUCCESS: ") "14: " _CYAN_("%08X") " 15: %08X", word14b, word15b);
|
||||||
|
|
||||||
|
@ -1530,15 +1530,15 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
success = true;
|
success = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (word14b != search_value) {
|
if (word14b != search_value) {
|
||||||
PrintAndLogEx(INFO, "Status: new definitive value! => " _RED_("SUCCESS: ") "14: " _CYAN_("%08X") " 15: %08X", word14b, word15b);
|
PrintAndLogEx(INFO, "Status: new definitive value! => " _RED_("SUCCESS: ") "14: " _CYAN_("%08X") " 15: %08X", word14b, word15b);
|
||||||
|
|
||||||
unlock_add_item(flipped, 64, word14b);
|
unlock_add_item(flipped, 64, word14b);
|
||||||
success = true;
|
success = true;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Status: failed to commit bitflip => " _RED_("FAIL: ") "14: %08X 15: %08X", word14b, word15b);
|
PrintAndLogEx(INFO, "Status: failed to commit bitflip => " _RED_("FAIL: ") "14: %08X 15: %08X", word14b, word15b);
|
||||||
}
|
}
|
||||||
if (my_auto) {
|
if (my_auto) {
|
||||||
|
@ -1551,14 +1551,14 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
PrintAndLogEx(INFO, "Status: 15 bitflipped but inactive => " _YELLOW_("PROMISING: ") "14: %08X 15: " _CYAN_("%08X"), word14, word15);
|
PrintAndLogEx(INFO, "Status: 15 bitflipped but inactive => " _YELLOW_("PROMISING: ") "14: %08X 15: " _CYAN_("%08X"), word14, word15);
|
||||||
|
|
||||||
unlock_add_item(flipped, 64, word15);
|
unlock_add_item(flipped, 64, word15);
|
||||||
|
|
||||||
soon ++;
|
soon ++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (my_auto == false) {
|
if (my_auto == false) {
|
||||||
tries++;
|
tries++;
|
||||||
}
|
}
|
||||||
|
@ -1571,15 +1571,15 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
uint32_t bitflips = search_value ^ word14b;
|
uint32_t bitflips = search_value ^ word14b;
|
||||||
PrintAndLogEx(INFO, "Old protection word => " _YELLOW_("%08X"), search_value);
|
PrintAndLogEx(INFO, "Old protection word => " _YELLOW_("%08X"), search_value);
|
||||||
char bitstring[9] = {0};
|
char bitstring[9] = {0};
|
||||||
for (int i=0; i < 8; i++) {
|
for (int i = 0; i < 8; i++) {
|
||||||
bitstring[i] = bitflips & (0xF << ((7-i) * 4)) ? 'x' : '.';
|
bitstring[i] = bitflips & (0xF << ((7 - i) * 4)) ? 'x' : '.';
|
||||||
}
|
}
|
||||||
// compute number of bits flipped
|
// compute number of bits flipped
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Bitflips: %2u events => %s", bitcount32(bitflips), bitstring);
|
PrintAndLogEx(INFO, "Bitflips: %2u events => %s", bitcount32(bitflips), bitstring);
|
||||||
PrintAndLogEx(INFO, "New protection word => " _CYAN_("%08X") "\n", word14b);
|
PrintAndLogEx(INFO, "New protection word => " _CYAN_("%08X") "\n", word14b);
|
||||||
|
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Try " _YELLOW_("`lf em 4x05_dump`"));
|
PrintAndLogEx(INFO, "Try " _YELLOW_("`lf em 4x05_dump`"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1590,7 +1590,7 @@ int CmdEM4x05Unlock(const char *Cmd) {
|
||||||
for (uint8_t i = 0; i < 64; i++) {
|
for (uint8_t i = 0; i < 64; i++) {
|
||||||
if (flipped[i].cnt == 0)
|
if (flipped[i].cnt == 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
PrintAndLogEx(INFO, " %3u | %08X | %3u | %u", i, flipped[i].value, flipped[i].cnt, bitcount32(search_value ^ flipped[i].value));
|
PrintAndLogEx(INFO, " %3u | %08X | %3u | %u", i, flipped[i].value, flipped[i].cnt, bitcount32(search_value ^ flipped[i].value));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -493,7 +493,7 @@ int CmdEM4x50WritePassword(const char *Cmd) {
|
||||||
|
|
||||||
if (resp.status == PM3_ETEAROFF)
|
if (resp.status == PM3_ETEAROFF)
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
|
|
||||||
success = (bool)resp.status;
|
success = (bool)resp.status;
|
||||||
|
|
||||||
// get, prepare and print response
|
// get, prepare and print response
|
||||||
|
|
|
@ -470,7 +470,7 @@ const fdxbCountryMapping_t fdxbCountryMapping[] = {
|
||||||
{ 0, "N/A" } // must be the last entry
|
{ 0, "N/A" } // must be the last entry
|
||||||
};
|
};
|
||||||
|
|
||||||
static const char* mapFDBX(uint16_t countryCode) {
|
static const char *mapFDBX(uint16_t countryCode) {
|
||||||
uint16_t i = 0;
|
uint16_t i = 0;
|
||||||
while (fdxbCountryMapping[i].code > 0) {
|
while (fdxbCountryMapping[i].code > 0) {
|
||||||
if (countryCode == fdxbCountryMapping[i].code) {
|
if (countryCode == fdxbCountryMapping[i].code) {
|
||||||
|
@ -572,8 +572,8 @@ int demodFDXB(bool verbose) {
|
||||||
PrintAndLogEx(SUCCESS, " Animal bit set? %s", animalBit ? _YELLOW_("True") : "False");
|
PrintAndLogEx(SUCCESS, " Animal bit set? %s", animalBit ? _YELLOW_("True") : "False");
|
||||||
PrintAndLogEx(SUCCESS, " Data block? %s [value 0x%X]", dataBlockBit ? _YELLOW_("True") : "False", extended);
|
PrintAndLogEx(SUCCESS, " Data block? %s [value 0x%X]", dataBlockBit ? _YELLOW_("True") : "False", extended);
|
||||||
PrintAndLogEx(SUCCESS, " RUDI bit? %s", rudiBit ? _YELLOW_("True") " (advanced transponder)" : "False");
|
PrintAndLogEx(SUCCESS, " RUDI bit? %s", rudiBit ? _YELLOW_("True") " (advanced transponder)" : "False");
|
||||||
PrintAndLogEx(SUCCESS, " User Info? %u %s", userInfo, userInfo == 0 ? "(RFU)":"");
|
PrintAndLogEx(SUCCESS, " User Info? %u %s", userInfo, userInfo == 0 ? "(RFU)" : "");
|
||||||
PrintAndLogEx(SUCCESS, " Replacement No? %u %s", replacementNr, replacementNr == 0 ? "(RFU)":"");
|
PrintAndLogEx(SUCCESS, " Replacement No? %u %s", replacementNr, replacementNr == 0 ? "(RFU)" : "");
|
||||||
|
|
||||||
uint8_t c[] = {0, 0};
|
uint8_t c[] = {0, 0};
|
||||||
compute_crc(CRC_11784, raw, sizeof(raw), &c[0], &c[1]);
|
compute_crc(CRC_11784, raw, sizeof(raw), &c[0], &c[1]);
|
||||||
|
|
|
@ -601,7 +601,7 @@ static int CmdIndalaClone(const char *Cmd) {
|
||||||
CLIGetHexWithReturn(ctx, 3, data, &datalen);
|
CLIGetHexWithReturn(ctx, 3, data, &datalen);
|
||||||
|
|
||||||
bool is_t5555 = arg_get_lit(ctx, 4);
|
bool is_t5555 = arg_get_lit(ctx, 4);
|
||||||
|
|
||||||
bool got_cn = false, got_26 = false;
|
bool got_cn = false, got_26 = false;
|
||||||
if (is_long_uid == false) {
|
if (is_long_uid == false) {
|
||||||
|
|
||||||
|
@ -616,7 +616,7 @@ static int CmdIndalaClone(const char *Cmd) {
|
||||||
}
|
}
|
||||||
|
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Target chip " _YELLOW_("%s"), (is_t5555) ? "Q5/T5555" : "T55x7");
|
PrintAndLogEx(INFO, "Target chip " _YELLOW_("%s"), (is_t5555) ? "Q5/T5555" : "T55x7");
|
||||||
|
|
||||||
if (is_long_uid) {
|
if (is_long_uid) {
|
||||||
|
|
|
@ -173,18 +173,18 @@ static int CmdMotorolaClone(const char *Cmd) {
|
||||||
CLIParserFree(ctx);
|
CLIParserFree(ctx);
|
||||||
|
|
||||||
//TODO add selection of chip for Q5 or T55x7
|
//TODO add selection of chip for Q5 or T55x7
|
||||||
|
|
||||||
PrintAndLogEx(INFO, "Target chip " _YELLOW_("%s"), (is_t5555) ? "Q5/T5555" : "T55x7");
|
PrintAndLogEx(INFO, "Target chip " _YELLOW_("%s"), (is_t5555) ? "Q5/T5555" : "T55x7");
|
||||||
|
|
||||||
// config for Motorola 64 format (RF/32;PSK1 with RF/2; Maxblock=2)
|
// config for Motorola 64 format (RF/32;PSK1 with RF/2; Maxblock=2)
|
||||||
PrintAndLogEx(INFO, "Preparing to clone Motorola 64bit tag");
|
PrintAndLogEx(INFO, "Preparing to clone Motorola 64bit tag");
|
||||||
PrintAndLogEx(INFO, "Using raw " _GREEN_("%s"), sprint_hex_inrow(data, datalen));
|
PrintAndLogEx(INFO, "Using raw " _GREEN_("%s"), sprint_hex_inrow(data, datalen));
|
||||||
|
|
||||||
if (is_t5555)
|
if (is_t5555)
|
||||||
blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT;
|
blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT;
|
||||||
else
|
else
|
||||||
blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT);
|
blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT);
|
||||||
|
|
||||||
|
|
||||||
blocks[1] = bytes_to_num(data, 4);
|
blocks[1] = bytes_to_num(data, 4);
|
||||||
blocks[2] = bytes_to_num(data + 4, 4);
|
blocks[2] = bytes_to_num(data + 4, 4);
|
||||||
|
|
|
@ -1106,7 +1106,7 @@ static int l_em4x05_read(lua_State *L) {
|
||||||
|
|
||||||
// get password
|
// get password
|
||||||
const char *p_pwd = luaL_checkstring(L, 2);
|
const char *p_pwd = luaL_checkstring(L, 2);
|
||||||
if (p_pwd == NULL || strlen(p_pwd) == 0 ) {
|
if (p_pwd == NULL || strlen(p_pwd) == 0) {
|
||||||
use_pwd = false;
|
use_pwd = false;
|
||||||
} else {
|
} else {
|
||||||
if (strlen(p_pwd) != 8)
|
if (strlen(p_pwd) != 8)
|
||||||
|
@ -1138,7 +1138,7 @@ static int l_em4x50_read(lua_State *L) {
|
||||||
const char *p_addr = luaL_checklstring(L, 1, &size);
|
const char *p_addr = luaL_checklstring(L, 1, &size);
|
||||||
uint32_t addr = 0;
|
uint32_t addr = 0;
|
||||||
sscanf(p_addr, "%u", &addr);
|
sscanf(p_addr, "%u", &addr);
|
||||||
|
|
||||||
if (addr > 31)
|
if (addr > 31)
|
||||||
return returnToLuaWithError(L, "Address out-of-range (0..31) got %u", addr);
|
return returnToLuaWithError(L, "Address out-of-range (0..31) got %u", addr);
|
||||||
|
|
||||||
|
@ -1159,9 +1159,9 @@ static int l_em4x50_read(lua_State *L) {
|
||||||
|
|
||||||
uint32_t pwd = 0;
|
uint32_t pwd = 0;
|
||||||
sscanf(p_pwd, "%08x", &pwd);
|
sscanf(p_pwd, "%08x", &pwd);
|
||||||
|
|
||||||
PrintAndLogEx(DEBUG, " Pwd %08X", pwd);
|
PrintAndLogEx(DEBUG, " Pwd %08X", pwd);
|
||||||
|
|
||||||
etd.password[0] = pwd & 0xFF;
|
etd.password[0] = pwd & 0xFF;
|
||||||
etd.password[1] = (pwd >> 8) & 0xFF;
|
etd.password[1] = (pwd >> 8) & 0xFF;
|
||||||
etd.password[2] = (pwd >> 16) & 0xFF;
|
etd.password[2] = (pwd >> 16) & 0xFF;
|
||||||
|
@ -1181,11 +1181,11 @@ static int l_em4x50_read(lua_State *L) {
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t word = (
|
uint32_t word = (
|
||||||
words[etd.address].byte[0] << 24 |
|
words[etd.address].byte[0] << 24 |
|
||||||
words[etd.address].byte[1] << 16 |
|
words[etd.address].byte[1] << 16 |
|
||||||
words[etd.address].byte[2] << 8 |
|
words[etd.address].byte[2] << 8 |
|
||||||
words[etd.address].byte[3]
|
words[etd.address].byte[3]
|
||||||
);
|
);
|
||||||
lua_pushinteger(L, word);
|
lua_pushinteger(L, word);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -177,13 +177,13 @@ Check column "offline" for their availability.
|
||||||
|`hf 15 info `|N |`Tag information`
|
|`hf 15 info `|N |`Tag information`
|
||||||
|`hf 15 sniff `|N |`Sniff ISO15693 traffic`
|
|`hf 15 sniff `|N |`Sniff ISO15693 traffic`
|
||||||
|`hf 15 raw `|N |`Send raw hex data to tag`
|
|`hf 15 raw `|N |`Send raw hex data to tag`
|
||||||
|`hf 15 read `|N |`Read a block`
|
|`hf 15 rdbl `|N |`Read a block`
|
||||||
|`hf 15 reader `|N |`Act like an ISO15693 reader`
|
|`hf 15 reader `|N |`Act like an ISO15693 reader`
|
||||||
|`hf 15 readmulti `|N |`Reads multiple Blocks`
|
|`hf 15 readmulti `|N |`Reads multiple Blocks`
|
||||||
|`hf 15 restore `|N |`Restore from file to all memory pages of an ISO15693 tag`
|
|`hf 15 restore `|N |`Restore from file to all memory pages of an ISO15693 tag`
|
||||||
|`hf 15 samples `|N |`Acquire Samples as Reader (enables carrier, sends inquiry)`
|
|`hf 15 samples `|N |`Acquire Samples as Reader (enables carrier, sends inquiry)`
|
||||||
|`hf 15 sim `|N |`Fake an ISO15693 tag`
|
|`hf 15 sim `|N |`Fake an ISO15693 tag`
|
||||||
|`hf 15 write `|N |`Write a block`
|
|`hf 15 wrbl `|N |`Write a block`
|
||||||
|`hf 15 findafi `|N |`Brute force AFI of an ISO15693 tag`
|
|`hf 15 findafi `|N |`Brute force AFI of an ISO15693 tag`
|
||||||
|`hf 15 writeafi `|N |`Writes the AFI on an ISO15693 tag`
|
|`hf 15 writeafi `|N |`Writes the AFI on an ISO15693 tag`
|
||||||
|`hf 15 writedsfid `|N |`Writes the DSFID on an ISO15693 tag`
|
|`hf 15 writedsfid `|N |`Writes the DSFID on an ISO15693 tag`
|
||||||
|
@ -233,7 +233,7 @@ Check column "offline" for their availability.
|
||||||
|command |offline |description
|
|command |offline |description
|
||||||
|------- |------- |-----------
|
|------- |------- |-----------
|
||||||
|`hf fido help `|Y |`This help.`
|
|`hf fido help `|Y |`This help.`
|
||||||
|`hf fido info `|N |`List ISO 14443A history`
|
|`hf fido list `|N |`List ISO 14443A history`
|
||||||
|`hf fido info `|N |`Info about FIDO tag.`
|
|`hf fido info `|N |`Info about FIDO tag.`
|
||||||
|`hf fido reg `|N |`FIDO U2F Registration Message.`
|
|`hf fido reg `|N |`FIDO U2F Registration Message.`
|
||||||
|`hf fido auth `|N |`FIDO U2F Authentication Message.`
|
|`hf fido auth `|N |`FIDO U2F Authentication Message.`
|
||||||
|
@ -256,10 +256,10 @@ Check column "offline" for their availability.
|
||||||
|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag`
|
|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag`
|
||||||
|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication`
|
|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication`
|
||||||
|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block`
|
|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block`
|
||||||
|`hf iclass chk `|Y |`[options..] Check keys`
|
|`hf iclass autopwn `|N |`[options..] Automatic key recovery tool for iCLASS`
|
||||||
|
|`hf iclass chk `|N |`[options..] Check keys`
|
||||||
|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack`
|
|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack`
|
||||||
|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file`
|
|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file`
|
||||||
|`hf iclass replay `|N |`<mac> Read Picopass / iCLASS tag via replay attack`
|
|
||||||
|`hf iclass sim `|N |`[options..] Simulate iCLASS tag`
|
|`hf iclass sim `|N |`[options..] Simulate iCLASS tag`
|
||||||
|`hf iclass eload `|N |`[f <fn> ] Load Picopass / iCLASS dump file into emulator memory`
|
|`hf iclass eload `|N |`[f <fn> ] Load Picopass / iCLASS dump file into emulator memory`
|
||||||
|`hf iclass esave `|N |`[f <fn> ] Save emulator memory to file`
|
|`hf iclass esave `|N |`[f <fn> ] Save emulator memory to file`
|
||||||
|
@ -556,6 +556,19 @@ Check column "offline" for their availability.
|
||||||
|`lf cotag read `|N |`Attempt to read and extract tag data`
|
|`lf cotag read `|N |`Attempt to read and extract tag data`
|
||||||
|
|
||||||
|
|
||||||
|
### lf destron
|
||||||
|
|
||||||
|
{ FDX-A Destron RFIDs... }
|
||||||
|
|
||||||
|
|command |offline |description
|
||||||
|
|------- |------- |-----------
|
||||||
|
|`lf destron help `|Y |`This help`
|
||||||
|
|`lf destron demod `|Y |`Demodulate an Destron tag from the GraphBuffer`
|
||||||
|
|`lf destron read `|N |`Attempt to read and extract tag data from the antenna`
|
||||||
|
|`lf destron clone `|N |`Clone Destron tag to T55x7`
|
||||||
|
|`lf destron sim `|N |`Simulate Destron tag`
|
||||||
|
|
||||||
|
|
||||||
### lf em
|
### lf em
|
||||||
|
|
||||||
{ EM4X CHIPs & RFIDs... }
|
{ EM4X CHIPs & RFIDs... }
|
||||||
|
@ -570,12 +583,14 @@ Check column "offline" for their availability.
|
||||||
|`lf em 410x_watch `|N |`watches for EM410x 125/134 kHz tags (option 'h' for 134)`
|
|`lf em 410x_watch `|N |`watches for EM410x 125/134 kHz tags (option 'h' for 134)`
|
||||||
|`lf em 410x_spoof `|N |`watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)`
|
|`lf em 410x_spoof `|N |`watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)`
|
||||||
|`lf em 410x_clone `|N |`write EM410x UID to T55x7 or Q5/T5555 tag`
|
|`lf em 410x_clone `|N |`write EM410x UID to T55x7 or Q5/T5555 tag`
|
||||||
|
|`lf em 4x05_chk `|N |`Check passwords from dictionary`
|
||||||
|`lf em 4x05_demod `|Y |`demodulate a EM4x05/EM4x69 tag from the GraphBuffer`
|
|`lf em 4x05_demod `|Y |`demodulate a EM4x05/EM4x69 tag from the GraphBuffer`
|
||||||
|`lf em 4x05_dump `|N |`dump EM4x05/EM4x69 tag`
|
|`lf em 4x05_dump `|N |`dump EM4x05/EM4x69 tag`
|
||||||
|`lf em 4x05_wipe `|N |`wipe EM4x05/EM4x69 tag`
|
|`lf em 4x05_wipe `|N |`wipe EM4x05/EM4x69 tag`
|
||||||
|`lf em 4x05_info `|N |`tag information EM4x05/EM4x69`
|
|`lf em 4x05_info `|N |`tag information EM4x05/EM4x69`
|
||||||
|`lf em 4x05_read `|N |`read word data from EM4x05/EM4x69`
|
|`lf em 4x05_read `|N |`read word data from EM4x05/EM4x69`
|
||||||
|`lf em 4x05_write `|N |`write word data to EM4x05/EM4x69`
|
|`lf em 4x05_write `|N |`write word data to EM4x05/EM4x69`
|
||||||
|
|`lf em 4x05_unlock `|N |`execute tear off against EM4x05/EM4x69`
|
||||||
|`lf em 4x50_dump `|N |`dump EM4x50 tag`
|
|`lf em 4x50_dump `|N |`dump EM4x50 tag`
|
||||||
|`lf em 4x50_info `|N |`tag information EM4x50`
|
|`lf em 4x50_info `|N |`tag information EM4x50`
|
||||||
|`lf em 4x50_write `|N |`write word data to EM4x50`
|
|`lf em 4x50_write `|N |`write word data to EM4x50`
|
||||||
|
|
|
@ -342,7 +342,7 @@ typedef struct {
|
||||||
typedef struct {
|
typedef struct {
|
||||||
iclass_auth_req_t req;
|
iclass_auth_req_t req;
|
||||||
uint8_t item_cnt;
|
uint8_t item_cnt;
|
||||||
iclass_restore_item_t blocks[];
|
iclass_restore_item_t blocks[];
|
||||||
} PACKED iclass_restore_req_t;
|
} PACKED iclass_restore_req_t;
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue