mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-21 07:46:12 +08:00
Merge pull request #822 from tharexde/dev-em4x50_sread
EM4x50 function "sread" (standard/selective read)
This commit is contained in:
commit
7df20bc61e
|
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
|
|||
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
|
||||
|
||||
## [unreleased][unreleased]
|
||||
- Added lf em function: 4x50_sread (@tharexde)
|
||||
- Added lf em functions: 4x50_info, 4x50_write, 4x50_write_password (@tharexde)
|
||||
- Fix em4x50 demodulation error (@tharexde)
|
||||
- Fix `hf mfdes` authentification issues, DES working (@bkerler)
|
||||
|
|
|
@ -1019,6 +1019,11 @@ static void PacketReceived(PacketCommandNG *packet) {
|
|||
em4x50_write_password((em4x50_data_t *)packet->data.asBytes);
|
||||
break;
|
||||
}
|
||||
case CMD_LF_EM4X50_SREAD: {
|
||||
em4x50_sread((em4x50_data_t *)packet->data.asBytes);
|
||||
break;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef WITH_ISO15693
|
||||
|
|
|
@ -604,7 +604,9 @@ static int get_word_from_bitstream(uint8_t bits[EM4X50_TAG_WORD]) {
|
|||
}
|
||||
}
|
||||
|
||||
//==============================================================================
|
||||
// login function
|
||||
//==============================================================================
|
||||
|
||||
static bool login(uint8_t password[4]) {
|
||||
|
||||
|
@ -631,7 +633,9 @@ static bool login(uint8_t password[4]) {
|
|||
return false;
|
||||
}
|
||||
|
||||
//==============================================================================
|
||||
// reset function
|
||||
//==============================================================================
|
||||
|
||||
static bool reset(void) {
|
||||
|
||||
|
@ -653,7 +657,9 @@ static bool reset(void) {
|
|||
return false;
|
||||
}
|
||||
|
||||
//==============================================================================
|
||||
// read functions
|
||||
//==============================================================================
|
||||
|
||||
static bool standard_read(int *now) {
|
||||
|
||||
|
@ -754,7 +760,52 @@ void em4x50_info(em4x50_data_t *etd) {
|
|||
reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238);
|
||||
}
|
||||
|
||||
void em4x50_sread(em4x50_data_t *etd) {
|
||||
|
||||
// reads in two different ways:
|
||||
// - using "selective read mode" -> bidirectional communication
|
||||
// - using "standard read mode" -> unidirectional communication (read
|
||||
// data that tag transmits "voluntarily")
|
||||
|
||||
bool bsuccess = false, blogin = false;
|
||||
int now = 0;
|
||||
uint8_t status = 0;
|
||||
uint8_t addresses[] = {0x00, 0x00, 0x00, 0x00};
|
||||
|
||||
init_tag();
|
||||
em4x50_setup_read();
|
||||
|
||||
// set gHigh and gLow
|
||||
get_signalproperties();
|
||||
|
||||
if (etd->addr_given) {
|
||||
|
||||
// selective read mode
|
||||
|
||||
// try to login with given password
|
||||
if (etd->pwd_given)
|
||||
blogin = login(etd->password);
|
||||
|
||||
// only one word has to be read -> first word read = last word read
|
||||
addresses[2] = addresses[3] = etd->address;
|
||||
bsuccess = selective_read(addresses);
|
||||
|
||||
} else {
|
||||
|
||||
// standard read mode
|
||||
bsuccess = standard_read(&now);
|
||||
|
||||
}
|
||||
|
||||
status = (now << 2) + (bsuccess << 1) + blogin;
|
||||
|
||||
lf_finalize();
|
||||
reply_ng(CMD_ACK, status, (uint8_t *)tag.sectors, 238);
|
||||
}
|
||||
|
||||
//==============================================================================
|
||||
// write functions
|
||||
//==============================================================================
|
||||
|
||||
static bool write(uint8_t word[4], uint8_t address) {
|
||||
|
||||
|
@ -864,7 +915,7 @@ void em4x50_write(em4x50_data_t *etd) {
|
|||
if (etd->pwd_given)
|
||||
blogin &= login(etd->password);
|
||||
|
||||
// perform a selective read
|
||||
// call a selective read
|
||||
addresses[2] = addresses[3] = etd->address;
|
||||
if (selective_read(addresses)) {
|
||||
|
||||
|
|
|
@ -20,5 +20,6 @@ typedef struct {
|
|||
void em4x50_info(em4x50_data_t *etd);
|
||||
void em4x50_write(em4x50_data_t *etd);
|
||||
void em4x50_write_password(em4x50_data_t *etd);
|
||||
void em4x50_sread(em4x50_data_t *etd);
|
||||
|
||||
#endif /* EM4X50_H */
|
||||
|
|
|
@ -1759,6 +1759,7 @@ static command_t CommandTable[] = {
|
|||
{"4x50_info", CmdEM4x50Info, IfPm3Lf, "read complete data from EM4x50"},
|
||||
{"4x50_write", CmdEM4x50Write, IfPm3Lf, "write word data to EM4x50"},
|
||||
{"4x50_write_password", CmdEM4x50WritePassword, IfPm3Lf, "change passwword of EM4x50 tag"},
|
||||
{"4x50_sread", CmdEM4x50SRead, IfPm3Lf, "read word data from EM4x50 on device"},
|
||||
{NULL, NULL, NULL, NULL}
|
||||
};
|
||||
|
||||
|
|
|
@ -15,33 +15,6 @@
|
|||
#include "commonutil.h"
|
||||
#include "em4x50.h"
|
||||
|
||||
#define EM4X50_NO_WORDS 34
|
||||
|
||||
// special words
|
||||
#define EM4X50_DEVICE_PASSWORD 0
|
||||
#define EM4X50_PROTECTION 1
|
||||
#define EM4X50_CONTROL 2
|
||||
#define EM4X50_DEVICE_SERIAL 32
|
||||
#define EM4X50_DEVICE_ID 33
|
||||
|
||||
// control word (word = 4 bytes)
|
||||
#define FIRST_WORD_READ 0 // first byte
|
||||
#define LAST_WORD_READ 1 // second byte
|
||||
#define CONFIG_BLOCK 2 // third byte
|
||||
#define PASSWORD_CHECK 0x80 // first bit in third byte
|
||||
#define READ_AFTER_WRITE 0x40 // second bit in third byte
|
||||
|
||||
// protection word
|
||||
#define FIRST_WORD_READ_PROTECTED 0 // first byte
|
||||
#define LAST_WORD_READ_PROTECTED 1 // second byte
|
||||
#define FIRST_WORD_WRITE_INHIBITED 2 // third byte
|
||||
#define LAST_WORD_WRITE_INHIBITED 3 // fourth byte
|
||||
|
||||
// misc
|
||||
#define STATUS_SUCCESS 0x2
|
||||
#define STATUS_LOGIN 0x1
|
||||
#define NO_CHARS_MAX 400
|
||||
|
||||
int usage_lf_em4x50_info(void) {
|
||||
PrintAndLogEx(NORMAL, "Read all information of EM4x50. Tag nust be on antenna.");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
|
@ -81,6 +54,19 @@ int usage_lf_em4x50_write_password(void) {
|
|||
PrintAndLogEx(NORMAL, " lf em 4x50_write_password p 11223344 n 01020304");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
int usage_lf_em4x50_sread(void) {
|
||||
PrintAndLogEx(NORMAL, "Read EM4x50 word(s). Tag must be on antenna. ");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_sread [h] a <address> p <pwd>");
|
||||
PrintAndLogEx(NORMAL, "Options:");
|
||||
PrintAndLogEx(NORMAL, " h - this help");
|
||||
PrintAndLogEx(NORMAL, " a <addr> - memory address to read (dec) (optional)");
|
||||
PrintAndLogEx(NORMAL, " p <pwd> - password (hex) (optional)");
|
||||
PrintAndLogEx(NORMAL, "Examples:");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_sread");
|
||||
PrintAndLogEx(NORMAL, " lf em 4x50_sread a 2 p 00000000");
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) {
|
||||
|
||||
|
@ -121,13 +107,13 @@ static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t
|
|||
}
|
||||
|
||||
// check column parities
|
||||
words[i].col_parity = byte[i*7+5] ;
|
||||
words[i].col_parity = byte[i*7+5];
|
||||
|
||||
for (int j = 0; j < 8; j++) {
|
||||
words[i].cparity[j] = (((words[i].col_parity >> (7-j)) & 1) == c[j]) ? true : false;
|
||||
|
||||
if (!words[i].cparity[j])
|
||||
words[i].parity = false;
|
||||
words[i].parity = false;
|
||||
}
|
||||
|
||||
// check stop bit
|
||||
|
@ -204,7 +190,7 @@ static void print_bit_table(const em4x50_word_t word) {
|
|||
string[0] = '\0';
|
||||
}
|
||||
|
||||
static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
|
||||
static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
|
||||
|
||||
// print available information for given word from fwr to lwr, i.e.
|
||||
// bit table + summary lines with hex notation of word (msb + lsb)
|
||||
|
@ -220,6 +206,7 @@ static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
|
|||
print_bit_table(words[i]);
|
||||
|
||||
// final result
|
||||
string[0] = '\0';
|
||||
sprintf(pstring, "\n word[%i] msb: " _GREEN_("0x"), i);
|
||||
strcat(string, pstring);
|
||||
|
||||
|
@ -237,8 +224,6 @@ static void print_result(const em4x50_word_t *words, int fwr, int lwr) {
|
|||
}
|
||||
|
||||
PrintAndLogEx(NORMAL,string);
|
||||
|
||||
string[0] = '\0';
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -251,7 +236,7 @@ static void print_info_result(PacketResponseNG *resp, const em4x50_data_t *etd,
|
|||
char pstring[NO_CHARS_MAX] = {0}, string[NO_CHARS_MAX] = {0};
|
||||
|
||||
bool bpwd_given = etd->pwd_given;
|
||||
bool bsuccess = resp->status & STATUS_SUCCESS;
|
||||
bool bsuccess = (resp->status & STATUS_SUCCESS) >> 1;
|
||||
bool blogin = resp->status & STATUS_LOGIN;
|
||||
|
||||
prepare_result(data, 0, EM4X50_NO_WORDS - 1, words);
|
||||
|
@ -455,7 +440,7 @@ int CmdEM4x50Info(const char *Cmd) {
|
|||
// print result
|
||||
print_info_result(&resp, &etd, verbose);
|
||||
|
||||
success = resp.status & STATUS_SUCCESS;
|
||||
success = (resp.status & STATUS_SUCCESS) >> 1;
|
||||
return (success) ? PM3_SUCCESS : PM3_ESOFT;
|
||||
}
|
||||
|
||||
|
@ -464,7 +449,7 @@ static void print_write_result(PacketResponseNG *resp, const em4x50_data_t *etd)
|
|||
// display result of writing operation in structured format
|
||||
|
||||
bool pwd_given = etd->pwd_given;
|
||||
bool success = resp->status & STATUS_SUCCESS;
|
||||
bool success = (resp->status & STATUS_SUCCESS) >> 1;
|
||||
bool login = resp->status & STATUS_LOGIN;
|
||||
uint8_t *data = resp->data.asBytes;
|
||||
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
|
||||
|
@ -574,7 +559,7 @@ int CmdEM4x50Write(const char *Cmd) {
|
|||
// get, prepare and print response
|
||||
print_write_result(&resp, &etd);
|
||||
|
||||
success = resp.status & STATUS_SUCCESS;
|
||||
success = (resp.status & STATUS_SUCCESS) >> 1;
|
||||
return (success) ? PM3_SUCCESS : PM3_ESOFT;
|
||||
}
|
||||
|
||||
|
@ -661,3 +646,144 @@ int CmdEM4x50WritePassword(const char *Cmd) {
|
|||
|
||||
return ((bool)resp.status) ? PM3_SUCCESS : PM3_ESOFT;
|
||||
}
|
||||
|
||||
static void print_sread_result(PacketResponseNG *resp, const em4x50_data_t *etd) {
|
||||
|
||||
// display result of writing operation in structured format
|
||||
|
||||
bool addr_given = etd->addr_given;
|
||||
bool pwd_given = etd->pwd_given;
|
||||
bool login = resp->status & STATUS_LOGIN;
|
||||
bool success = (resp->status & STATUS_SUCCESS) >> 1;
|
||||
int now = (resp->status & STATUS_NO_WORDS) >> 2;
|
||||
char string[NO_CHARS_MAX] = {0}, pstring[NO_CHARS_MAX] = {0};
|
||||
uint8_t *data = resp->data.asBytes;
|
||||
em4x50_word_t word;
|
||||
|
||||
if (!success) {
|
||||
|
||||
sprintf(pstring, "\n reading " _RED_("failed"));
|
||||
strcat(string, pstring);
|
||||
|
||||
PrintAndLogEx(NORMAL,"%s\n", string);
|
||||
|
||||
} else {
|
||||
|
||||
if (addr_given) {
|
||||
|
||||
// selective read mode
|
||||
|
||||
prepare_result(data, etd->address, etd->address, &word);
|
||||
print_result(&word, etd->address, etd->address);
|
||||
|
||||
string[0] = '\0';
|
||||
sprintf(pstring, "\n reading " _GREEN_("ok "));
|
||||
strcat(string, pstring);
|
||||
|
||||
if (pwd_given) {
|
||||
if (login) {
|
||||
sprintf(pstring, "(login with password 0x%02x%02x%02x%02x)",
|
||||
etd->password[0], etd->password[1],
|
||||
etd->password[2], etd->password[3]);
|
||||
strcat(string, pstring);
|
||||
} else {
|
||||
sprintf(pstring, "(login failed)");
|
||||
strcat(string, pstring);
|
||||
}
|
||||
} else {
|
||||
sprintf(pstring, "(no login)");
|
||||
strcat(string, pstring);
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
//standard read mode
|
||||
|
||||
prepare_result(data, 0, now - 1, &word);
|
||||
print_result(&word, 0, now - 1);
|
||||
|
||||
string[0] = '\0';
|
||||
sprintf(pstring, "\n reading " _GREEN_("ok "));
|
||||
strcat(string, pstring);
|
||||
|
||||
if (pwd_given) {
|
||||
sprintf(pstring, "(standard read mode, password ignored)");
|
||||
strcat(string, pstring);
|
||||
} else {
|
||||
sprintf(pstring, "(standard read mode)");
|
||||
strcat(string, pstring);
|
||||
}
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL,"%s\n", string);
|
||||
}
|
||||
}
|
||||
|
||||
int CmdEM4x50SRead(const char *Cmd) {
|
||||
|
||||
// envoke reading
|
||||
// - without option -> standard read mode
|
||||
// - with given address (option a) (and optional password if address is
|
||||
// read protected) -> selective read mode
|
||||
|
||||
bool errors = false, success = false;
|
||||
uint8_t cmdp = 0;
|
||||
em4x50_data_t etd;
|
||||
PacketResponseNG resp;
|
||||
|
||||
// init
|
||||
etd.pwd_given = false;
|
||||
etd.addr_given = false;
|
||||
|
||||
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||
|
||||
switch (tolower(param_getchar(Cmd, cmdp))) {
|
||||
case 'h':
|
||||
return usage_lf_em4x50_sread();
|
||||
|
||||
case 'p':
|
||||
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
|
||||
PrintAndLogEx(FAILED, "\n password has to be 8 hex symbols\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
etd.pwd_given = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
case 'a':
|
||||
param_getdec(Cmd, cmdp + 1, &etd.address);
|
||||
|
||||
// validation
|
||||
if (etd.address <= 0 || etd.address >= EM4X50_NO_WORDS) {
|
||||
PrintAndLogEx(FAILED, "\n error, address has to be in range [1-33]\n");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
etd.addr_given = true;
|
||||
cmdp += 2;
|
||||
break;
|
||||
|
||||
default:
|
||||
PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
|
||||
errors = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (errors)
|
||||
return usage_lf_em4x50_sread();
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_LF_EM4X50_SREAD, (uint8_t *)&etd, sizeof(etd));
|
||||
|
||||
|
||||
if (!WaitForResponse(CMD_ACK, &resp)) {
|
||||
PrintAndLogEx(WARNING, "\n timeout while waiting for reply.\n");
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
// get, prepare and print response
|
||||
print_sread_result(&resp, &etd);
|
||||
|
||||
success = (resp.status & STATUS_SUCCESS) >> 1;
|
||||
return (success) ? PM3_SUCCESS : PM3_ESOFT;
|
||||
}
|
||||
|
|
|
@ -14,9 +14,11 @@
|
|||
int usage_lf_em4x50_info(void);
|
||||
int usage_lf_em4x50_write(void);
|
||||
int usage_lf_em4x50_write_password(void);
|
||||
int usage_lf_em4x50_sread(void);
|
||||
|
||||
int CmdEM4x50Info(const char *Cmd);
|
||||
int CmdEM4x50Write(const char *Cmd);
|
||||
int CmdEM4x50WritePassword(const char *Cmd);
|
||||
int CmdEM4x50SRead(const char *Cmd);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -11,9 +11,36 @@
|
|||
#ifndef EM4X50_H__
|
||||
#define EM4X50_H__
|
||||
|
||||
#define EM4X50_NO_WORDS 34
|
||||
|
||||
// special words
|
||||
#define EM4X50_DEVICE_PASSWORD 0
|
||||
#define EM4X50_PROTECTION 1
|
||||
#define EM4X50_CONTROL 2
|
||||
#define EM4X50_DEVICE_SERIAL 32
|
||||
#define EM4X50_DEVICE_ID 33
|
||||
|
||||
// control word (word = 4 bytes)
|
||||
#define FIRST_WORD_READ 0 // first byte
|
||||
#define LAST_WORD_READ 1 // second byte
|
||||
#define CONFIG_BLOCK 2 // third byte
|
||||
#define PASSWORD_CHECK 0x80 // first bit in third byte
|
||||
#define READ_AFTER_WRITE 0x40 // second bit in third byte
|
||||
|
||||
// protection word
|
||||
#define FIRST_WORD_READ_PROTECTED 0 // first byte
|
||||
#define LAST_WORD_READ_PROTECTED 1 // second byte
|
||||
#define FIRST_WORD_WRITE_INHIBITED 2 // third byte
|
||||
#define LAST_WORD_WRITE_INHIBITED 3 // fourth byte
|
||||
|
||||
// misc
|
||||
#define STATUS_NO_WORDS 0xfc
|
||||
#define STATUS_SUCCESS 0x2
|
||||
#define STATUS_LOGIN 0x1
|
||||
#define NO_CHARS_MAX 400
|
||||
|
||||
typedef struct {
|
||||
bool fwr_given;
|
||||
bool lwr_given;
|
||||
bool addr_given;
|
||||
bool pwd_given;
|
||||
bool newpwd_given;
|
||||
uint8_t password[4];
|
||||
|
|
|
@ -405,6 +405,7 @@ typedef struct {
|
|||
#define CMD_LF_EM4X50_INFO 0x0240
|
||||
#define CMD_LF_EM4X50_WRITE 0x0241
|
||||
#define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242
|
||||
#define CMD_LF_EM4X50_SREAD 0x0243
|
||||
// Sampling configuration for LF reader/sniffer
|
||||
#define CMD_LF_SAMPLING_SET_CONFIG 0x021D
|
||||
#define CMD_LF_FSK_SIMULATE 0x021E
|
||||
|
|
Loading…
Reference in a new issue