mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-12-29 20:06:06 +08:00
chg: 'lf indala clone' - refactored , uses NG
This commit is contained in:
parent
3726df62a4
commit
4c08477ef7
6 changed files with 80 additions and 63 deletions
|
@ -769,17 +769,6 @@ static void PacketReceived(PacketCommandNG *packet) {
|
|||
SimulateTagLowFrequencyBidir(packet->oldarg[0], packet->oldarg[1]);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_INDALA_CLONE: {
|
||||
CopyIndala64toT55x7(packet->data.asDwords[0], packet->data.asDwords[1]);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_INDALA224_CLONE: {
|
||||
CopyIndala224toT55x7(
|
||||
packet->data.asDwords[0], packet->data.asDwords[1], packet->data.asDwords[2], packet->data.asDwords[3],
|
||||
packet->data.asDwords[4], packet->data.asDwords[5], packet->data.asDwords[6]
|
||||
);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_T55XX_READBL: {
|
||||
struct p {
|
||||
uint32_t password;
|
||||
|
|
|
@ -1712,7 +1712,7 @@ void T55xxWriteBlock(uint8_t *data) {
|
|||
c->flags &= (0xff ^ 0x40); // Called for a write, so ensure it is clear/0
|
||||
|
||||
LED_A_ON();
|
||||
T55xx_SendCMD(c->data, c->pwd, c->flags | (c->blockno << 9)) ; //, false);
|
||||
T55xx_SendCMD(c->data, c->pwd, c->flags | (c->blockno << 9));
|
||||
|
||||
// Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
|
||||
// so wait a little more)
|
||||
|
@ -1744,7 +1744,6 @@ void T55xxWriteBlock(uint8_t *data) {
|
|||
// turn field off
|
||||
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
||||
|
||||
// cmd_send(CMD_ACK,0,0,0,0,0);
|
||||
reply_ng(CMD_LF_T55XX_WRITEBL, PM3_SUCCESS, NULL, 0);
|
||||
LED_A_OFF();
|
||||
}
|
||||
|
@ -2049,34 +2048,6 @@ void CopyIOtoT55x7(uint32_t hi, uint32_t lo) {
|
|||
LED_D_OFF();
|
||||
}
|
||||
|
||||
// Clone Indala 64-bit tag by UID to T55x7
|
||||
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) {
|
||||
//Program the 2 data blocks for supplied 64bit UID
|
||||
// and the Config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
|
||||
uint32_t data[] = { T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
|
||||
//TODO add selection of chip for Q5 or T55x7
|
||||
// data[0] = T5555_SET_BITRATE(32 | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT;
|
||||
LED_D_ON();
|
||||
WriteT55xx(data, 0, 3);
|
||||
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
|
||||
// T5567WriteBlock(0x603E1042,0);
|
||||
LED_D_OFF();
|
||||
}
|
||||
// Clone Indala 224-bit tag by UID to T55x7
|
||||
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7) {
|
||||
//Program the 7 data blocks for supplied 224bit UID
|
||||
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
|
||||
// and the block 0 for Indala224 format
|
||||
//Config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
|
||||
data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
|
||||
//TODO add selection of chip for Q5 or T55x7
|
||||
// data[0] = T5555_SET_BITRATE(32 | T5555_MODULATION_PSK2 | 7 << T5555_MAXBLOCK_SHIFT;
|
||||
LED_D_ON();
|
||||
WriteT55xx(data, 0, 8);
|
||||
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
|
||||
// T5567WriteBlock(0x603E10E2,0);
|
||||
LED_D_OFF();
|
||||
}
|
||||
// clone viking tag to T55xx
|
||||
void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) {
|
||||
|
||||
|
|
|
@ -46,8 +46,6 @@ void CopyIOtoT55x7(uint32_t hi, uint32_t lo); // Clone an ioProx card to T5557/T
|
|||
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
|
||||
void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5);
|
||||
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
|
||||
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
|
||||
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
|
||||
void T55xxResetRead(uint8_t flags);
|
||||
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
|
||||
void T55xxWriteBlock(uint8_t *data);
|
||||
|
|
|
@ -25,6 +25,8 @@
|
|||
#include "lfdemod.h" // parityTest, bitbytes_to_byte
|
||||
#include "cmddata.h"
|
||||
#include "cmdlf.h" // lf_read
|
||||
#include "protocols.h" // t55 defines
|
||||
#include "cmdlft55xx.h" // verifywrite
|
||||
|
||||
static int CmdHelp(const char *Cmd);
|
||||
|
||||
|
@ -439,10 +441,12 @@ static int CmdIndalaSim(const char *Cmd) {
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
// iceman - needs refactoring
|
||||
static int CmdIndalaClone(const char *Cmd) {
|
||||
|
||||
bool isLongUid = false;
|
||||
uint32_t blocks[8] = {0};
|
||||
uint8_t max = 0;
|
||||
|
||||
uint8_t data[7 * 4];
|
||||
int datalen = 0;
|
||||
|
||||
|
@ -466,27 +470,77 @@ static int CmdIndalaClone(const char *Cmd) {
|
|||
CLIGetHexWithReturn(2, data, &datalen);
|
||||
CLIParserFree();
|
||||
|
||||
/*
|
||||
//TODO add selection of chip for Q5 or T55x7
|
||||
|
||||
// data[0] = T5555_SET_BITRATE(32 | T5555_MODULATION_PSK2 | 7 << T5555_MAXBLOCK_SHIFT;
|
||||
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
|
||||
// T5567WriteBlock(0x603E10E2,0);
|
||||
|
||||
// data[0] = T5555_SET_BITRATE(32 | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT;
|
||||
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
|
||||
// T5567WriteBlock(0x603E1042,0);
|
||||
*/
|
||||
|
||||
if (isLongUid) {
|
||||
// config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
|
||||
PrintAndLogEx(INFO, "Preparing to clone Indala 224bit tag with RawID %s", sprint_hex(data, datalen));
|
||||
uint32_t blocks[7] = {0};
|
||||
blocks[0] = bytes_to_num(data, 4);
|
||||
blocks[1] = bytes_to_num(data + 4, 4);
|
||||
blocks[2] = bytes_to_num(data + 8, 4);
|
||||
blocks[3] = bytes_to_num(data + 12, 4);
|
||||
blocks[4] = bytes_to_num(data + 16, 4);
|
||||
blocks[5] = bytes_to_num(data + 20, 4);
|
||||
blocks[6] = bytes_to_num(data + 24, 4);
|
||||
clearCommandBuffer();
|
||||
SendCommandOLD(CMD_LF_INDALA224_CLONE, 0, 0, 0, blocks, sizeof(blocks));
|
||||
blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
|
||||
blocks[1] = bytes_to_num(data, 4);
|
||||
blocks[2] = bytes_to_num(data + 4, 4);
|
||||
blocks[3] = bytes_to_num(data + 8, 4);
|
||||
blocks[4] = bytes_to_num(data + 12, 4);
|
||||
blocks[5] = bytes_to_num(data + 16, 4);
|
||||
blocks[6] = bytes_to_num(data + 20, 4);
|
||||
blocks[7] = bytes_to_num(data + 24, 4);
|
||||
max = 8;
|
||||
} else {
|
||||
// config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
|
||||
PrintAndLogEx(INFO, "Preparing to clone Indala 64bit tag with RawID %s", sprint_hex(data, datalen));
|
||||
uint32_t blocks[2] = {0};
|
||||
blocks[0] = bytes_to_num(data, 4);
|
||||
blocks[1] = bytes_to_num(data + 4, 4);
|
||||
clearCommandBuffer();
|
||||
SendCommandOLD(CMD_LF_INDALA_CLONE, 0, 0, 0, datawords, sizeof(datawords));
|
||||
blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT);
|
||||
blocks[1] = bytes_to_num(data, 4);
|
||||
blocks[2] = bytes_to_num(data + 4, 4);
|
||||
max = 3;
|
||||
}
|
||||
|
||||
print_blocks(blocks, max);
|
||||
|
||||
uint8_t res = 0;
|
||||
PacketResponseNG resp;
|
||||
|
||||
// fast push mode
|
||||
conn.block_after_ACK = true;
|
||||
for (uint8_t i = 0; i < max; i++) {
|
||||
if (i == max - 1) {
|
||||
// Disable fast mode on last packet
|
||||
conn.block_after_ACK = false;
|
||||
}
|
||||
clearCommandBuffer();
|
||||
t55xx_write_block_t ng;
|
||||
ng.data = blocks[i];
|
||||
ng.pwd = 0;
|
||||
ng.blockno = i;
|
||||
ng.flags = 0;
|
||||
|
||||
SendCommandNG(CMD_LF_T55XX_WRITEBL, (uint8_t *)&ng, sizeof(ng));
|
||||
if (!WaitForResponseTimeout(CMD_LF_T55XX_WRITEBL, &resp, T55XX_WRITE_TIMEOUT)) {
|
||||
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
if (i == 0) {
|
||||
SetConfigWithBlock0(blocks[0]);
|
||||
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
|
||||
continue;
|
||||
}
|
||||
|
||||
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
|
||||
res++;
|
||||
}
|
||||
|
||||
if ( res == 0 )
|
||||
PrintAndLogEx(SUCCESS, "Success writing to tag");
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -390,7 +390,7 @@ void print_blocks(uint32_t *data, size_t len) {
|
|||
PrintAndLogEx(ERR, "..empty data");
|
||||
} else {
|
||||
for (uint8_t i = 0; i < len; i++)
|
||||
PrintAndLogEx(SUCCESS, " %02d | 0x%08X", i, data[i]);
|
||||
PrintAndLogEx(SUCCESS, " %02d | %08X", i, data[i]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -242,6 +242,14 @@ typedef struct {
|
|||
uint8_t keytype;
|
||||
} PACKED mfc_eload_t;
|
||||
|
||||
typedef struct {
|
||||
uint8_t status;
|
||||
uint8_t CSN[8];
|
||||
uint8_t CONFIG[8];
|
||||
uint8_t CC[8];
|
||||
uint8_t AIA[8];
|
||||
} PACKED iclass_reader_t;
|
||||
|
||||
// For the bootloader
|
||||
#define CMD_DEVICE_INFO 0x0000
|
||||
#define CMD_SETUP_WRITE 0x0001
|
||||
|
@ -345,9 +353,6 @@ typedef struct {
|
|||
#define CMD_SET_ADC_MUX 0x020F
|
||||
#define CMD_LF_HID_CLONE 0x0210
|
||||
#define CMD_LF_EM410X_WRITE 0x0211
|
||||
#define CMD_LF_INDALA_CLONE 0x0212
|
||||
// for 224 bits UID
|
||||
#define CMD_LF_INDALA224_CLONE 0x0213
|
||||
#define CMD_LF_T55XX_READBL 0x0214
|
||||
#define CMD_LF_T55XX_WRITEBL 0x0215
|
||||
#define CMD_LF_T55XX_RESET_READ 0x0216
|
||||
|
|
Loading…
Reference in a new issue