From 527d1c944256aa5a3cafd13664334065f205c321 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Tue, 20 Oct 2020 23:10:34 +0200
Subject: [PATCH] all prepped for EM4x05 to be used with clone commands

---
 client/src/cmdlfem4x05.c | 44 ++++++++++++++++++++++-----------------
 client/src/cmdlfem4x05.h | 45 ++++++++++++++++++++++++++--------------
 include/protocols.h      | 14 ++++++-------
 3 files changed, 61 insertions(+), 42 deletions(-)

diff --git a/client/src/cmdlfem4x05.c b/client/src/cmdlfem4x05.c
index 993a4a09d..2da553be8 100644
--- a/client/src/cmdlfem4x05.c
+++ b/client/src/cmdlfem4x05.c
@@ -402,6 +402,29 @@ int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *word
     return em4x05_demod_resp(word, false);
 }
 
+int em4x05_write_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t data) {
+    struct {
+        uint32_t password;
+        uint32_t data;
+        uint8_t address;
+        uint8_t usepwd;
+    } PACKED payload;
+
+    payload.password = pwd;
+    payload.data = data;
+    payload.address = addr;
+    payload.usepwd = usePwd;
+
+    clearCommandBuffer();
+    SendCommandNG(CMD_LF_EM4X_WRITEWORD, (uint8_t *)&payload, sizeof(payload));
+    PacketResponseNG resp;
+    if (!WaitForResponseTimeout(CMD_LF_EM4X_WRITEWORD, &resp, 2000)) {
+        PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
+        return PM3_ETIMEOUT;
+    }
+    return PM3_SUCCESS;
+}
+
 int CmdEM4x05Demod(const char *Cmd) {
     uint32_t dummy = 0;
     return em4x05_demod_resp(&dummy, false);
@@ -711,26 +734,9 @@ int CmdEM4x05Write(const char *Cmd) {
             return PM3_ETIMEOUT;
         }
     } else {
-        struct {
-            uint32_t password;
-            uint32_t data;
-            uint8_t address;
-            uint8_t usepwd;
-        } PACKED payload;
-
-        payload.password = pwd;
-        payload.data = data;
-        payload.address = addr;
-        payload.usepwd = usePwd;
-
-        clearCommandBuffer();
-        SendCommandNG(CMD_LF_EM4X_WRITEWORD, (uint8_t *)&payload, sizeof(payload));
-        PacketResponseNG resp;
-        if (!WaitForResponseTimeout(CMD_LF_EM4X_WRITEWORD, &resp, 2000)) {
-            PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
-            return PM3_ETIMEOUT;
-        }
+        em4x05_write_word_ext(addr, pwd, usePwd, data);
     }
+
     if (em4x05_download_samples() == false)
         return PM3_ENODATA;
 
diff --git a/client/src/cmdlfem4x05.h b/client/src/cmdlfem4x05.h
index 3c981d09c..c8c19a6ff 100644
--- a/client/src/cmdlfem4x05.h
+++ b/client/src/cmdlfem4x05.h
@@ -13,31 +13,43 @@
 
 #include "common.h"
 
-
 #define EM_SERIAL_BLOCK 1
 #define EM_CONFIG_BLOCK 4
 #define EM4305_PROT1_BLOCK 14
 #define EM4305_PROT2_BLOCK 15
 #define EM4469_PROT_BLOCK 3
 
-
-#define EM4305_INFO_BLOCK          0x00
-#define EM4305_UID_BLOCK           0x01
-#define EM4305_PWD_BLOCK           0x02
-#define EM4305_CONFIGURATION_BLOCK 0x04
-
-
 // config blocks
-#define EM4305_DEFAULT_CONFIG_BLOCK      0x0002008F  // ASK/ BIPHASE , data rate 32, 4 data blocks
+#define EM4305_DEFAULT_CONFIG_BLOCK      (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(4) ) // ASK/MAN , data rate 32, 4 data blocks
+//#define EM4305_DEFAULT_CONFIG_BLOCK    (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_BIPHASE | EM4x05_SET_NUM_BLOCKS(4) ) // ASK/BIPHASE , data rate 32, 4 data blocks
 
-#define EM4305_EM_UNIQUE_CONFIG_BLOCK    0x0001805F  // ASK, EM4x02/unique - manchester, data rate 64, 2 data blocks
-#define EM4305_PAXTON_CONFIG_BLOCK       0x0001805F  // ASK, EM4x02/paxton - manchester, data rate 64, 2 data blocks
-#define EM4305_VISA2000_CONFIG_BLOCK     0x0001805F  // ASK, data rate 64, 3 data blocks
-#define EM4305_VIKING_CONFIG_BLOCK       0x0001805F  // ASK, data rate 32, Manchester, 2 data blocks
-#define EM4305_NORALSY_CONFIG_BLOCK      0x0001805F  // ASK, data rate 32, 3 data blocks
-#define EM4305_PRESCO_CONFIG_BLOCK       0x0001805F  // ASK, data rate 32, Manchester, 4 data blocks
-#define EM4305_SECURAKEY_CONFIG_BLOCK    0x0001805F  // ASK, Manchester, data rate 40, 3 data blocks
+#define EM4305_EM_UNIQUE_CONFIG_BLOCK    (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(2) ) // ASK/MAN, EM4x02/unique - data rate 64, 2 data blocks
+#define EM4305_PAXTON_CONFIG_BLOCK       (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(2) ) // ASK/MAN, EM4x02/paxton - data rate 64, 2 data blocks
+#define EM4305_VISA2000_CONFIG_BLOCK     (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(3) ) // ASK, data rate 64, 3 data blocks
+#define EM4305_VIKING_CONFIG_BLOCK       (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(2) ) // ASK/MAN, data rate 32, 2 data blocks
+#define EM4305_NORALSY_CONFIG_BLOCK      (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(3) ) // ASK, data rate 32, 3 data blocks
+#define EM4305_PRESCO_CONFIG_BLOCK       (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(4) ) // ASK/MAN, data rate 32, 4 data blocks
+#define EM4305_SECURAKEY_CONFIG_BLOCK    (EM4x05_SET_BITRATE(40) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(3) ) // ASK/MAN, data rate 40, 3 data blocks
 
+#define EM4305_HID_26_CONFIG_BLOCK       (EM4x05_SET_BITRATE(50) | EM4x05_MODULATION_FSK2 | EM4x05_SET_NUM_BLOCKS(3) ) // FSK2a, hid 26 bit, data rate 50, 3 data blocks
+#define EM4305_PARADOX_CONFIG_BLOCK      (EM4x05_SET_BITRATE(50) | EM4x05_MODULATION_FSK2 | EM4x05_SET_NUM_BLOCKS(3) ) // FSK2a, hid 26 bit, data rate 50, 3 data blocks
+#define EM4305_AWID_CONFIG_BLOCK         (EM4x05_SET_BITRATE(50) | EM4x05_MODULATION_FSK2 | EM4x05_SET_NUM_BLOCKS(3) ) // FSK2a, hid 26 bit, data rate 50, 3 data blocks
+#define EM4305_PYRAMID_CONFIG_BLOCK      (EM4x05_SET_BITRATE(50) | EM4x05_MODULATION_FSK2 | EM4x05_SET_NUM_BLOCKS(4) ) // FSK2a, Pyramid 26 bit, data rate 50, 4 data blocks
+#define EM4305_IOPROX_CONFIG_BLOCK       (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_FSK2 | EM4x05_SET_NUM_BLOCKS(2) ) // FSK2a, data rate 64, 2 data blocks
+
+#define EM4305_INDALA_64_CONFIG_BLOCK    (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_PSK1 | EM4x05_PSK_RF_2 | EM4x05_SET_NUM_BLOCKS(2) ) // PSK1, indala 64 bit, psk carrier FC * 2, data rate 32, maxblock 2
+#define EM4305_INDALA_224_CONFIG_BLOCK   (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_PSK1 | EM4x05_PSK_RF_2 | EM4x05_SET_NUM_BLOCKS(7) ) // PSK1, indala 224 bit, psk carrier FC * 2, data rate 32, maxblock 7
+#define EM4305_MOTOROLA_CONFIG_BLOCK     (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_PSK1 | EM4x05_PSK_RF_2 | EM4x05_SET_NUM_BLOCKS(2) ) // PSK1, data rate 32, 2 data blocks
+#define EM4305_NEXWATCH_CONFIG_BLOCK     (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_PSK1 | EM4x05_PSK_RF_2 | EM4x05_SET_NUM_BLOCKS(3) ) // PSK1 data rate 16, psk carrier FC * 2, 3 data blocks
+#define EM4305_KERI_CONFIG_BLOCK         (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_PSK1 | EM4x05_PSK_RF_2 | EM4x05_SET_NUM_BLOCKS(2) ) // PSK1, 2 data blocks
+
+#define EM4305_JABLOTRON_CONFIG_BLOCK    (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_BIPHASE | EM4x05_SET_NUM_BLOCKS(2) ) // Biphase, data rate 64, 2 data blocks
+#define EM4305_GUARDPROXII_CONFIG_BLOCK  (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_BIPHASE | EM4x05_SET_NUM_BLOCKS(3) ) // Biphase, data rate 64, Direct modulation, 3 data blocks
+#define EM4305_NEDAP_64_CONFIG_BLOCK     (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_BIPHASE | EM4x05_SET_NUM_BLOCKS(2) ) // Biphase, data rate 64, 2 data blocks
+#define EM4305_NEDAP_128_CONFIG_BLOCK    (EM4x05_SET_BITRATE(64) | EM4x05_MODULATION_BIPHASE | EM4x05_SET_NUM_BLOCKS(4) ) // Biphase, data rate 64, 4 data blocks
+
+#define EM4305_PAC_CONFIG_BLOCK          (EM4x05_SET_BITRATE(32) | EM4x05_MODULATION_NRZ | EM4x05_SET_NUM_BLOCKS(4) )  // NRZ, data rate 32, 4 data blocks
+#define EM4305_VERICHIP_CONFIG_BLOCK     (EM4x05_SET_BITRATE(40) | EM4x05_MODULATION_NRZ | EM4x05_SET_NUM_BLOCKS(4) )  // NRZ, data rate 40, 4 data blocks
 
 typedef enum {
     EM_UNKNOWN,
@@ -50,6 +62,7 @@ int CmdLFEM4X05(const char *Cmd);
 
 bool em4x05_isblock0(uint32_t *word);
 int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *word);
+int em4x05_write_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t data);
 
 int CmdEM4x05Demod(const char *Cmd);
 int CmdEM4x05Dump(const char *Cmd);
diff --git a/include/protocols.h b/include/protocols.h
index d2af15647..bb520a71f 100644
--- a/include/protocols.h
+++ b/include/protocols.h
@@ -559,13 +559,13 @@ ISO 7816-4 Basic interindustry commands. For command APDU's.
 #define EM4x05_FIRST_USER_BLOCK         5
 #define EM4x05_SET_NUM_BLOCKS(x)        ((x+5-1)<<14) //# of blocks sent during default read mode
 #define EM4x05_GET_NUM_BLOCKS(x)        (((x>>14) & 0xF)-5+1)
-#define EM4x05_READ_LOGIN_REQ           1<<18
-#define EM4x05_READ_HK_LOGIN_REQ        1<<19
-#define EM4x05_WRITE_LOGIN_REQ          1<<20
-#define EM4x05_WRITE_HK_LOGIN_REQ       1<<21
-#define EM4x05_READ_AFTER_WRITE         1<<22
-#define EM4x05_DISABLE_ALLOWED          1<<23
-#define EM4x05_READER_TALK_FIRST        1<<24
+#define EM4x05_READ_LOGIN_REQ           (1 << 18)
+#define EM4x05_READ_HK_LOGIN_REQ        (1 << 19)
+#define EM4x05_WRITE_LOGIN_REQ          (1 << 20)
+#define EM4x05_WRITE_HK_LOGIN_REQ       (1 << 21)
+#define EM4x05_READ_AFTER_WRITE         (1 << 22)
+#define EM4x05_DISABLE_ALLOWED          (1 << 23)
+#define EM4x05_READER_TALK_FIRST        (1 << 24)
 
 
 // FeliCa protocol