mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-20 15:26:13 +08:00
ADD: @marshmellow42 's fixes for Q5, t55xx, fskclock,
ADD: got tired of always writing wrong "hf 14a list", so I hooked it back up to call the "hf list" with argument. Things becomes smoother that way.
This commit is contained in:
parent
2b1f4228c2
commit
9332b857ff
|
@ -400,7 +400,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
|
|||
for(;;) {
|
||||
//wait until SSC_CLK goes HIGH
|
||||
while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
|
||||
if(BUTTON_PRESS() || usb_poll_validate_length() ) {
|
||||
if(BUTTON_PRESS() || !usb_poll_validate_length() ) {
|
||||
DbpString("Stopped");
|
||||
return;
|
||||
}
|
||||
|
@ -417,7 +417,7 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
|
|||
|
||||
//wait until SSC_CLK goes LOW
|
||||
while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK) {
|
||||
if( BUTTON_PRESS() || usb_poll_validate_length() ) {
|
||||
if( BUTTON_PRESS() || !usb_poll_validate_length() ) {
|
||||
DbpString("Stopped");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1043,7 +1043,7 @@ void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
|
|||
|
||||
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
|
||||
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
|
||||
//emlSetMem(datain, arg0, arg1); // data, block num, blocks count
|
||||
if (arg2==0) arg2 = 16; // backwards compat... default bytewidth
|
||||
emlSetMem_xt(datain, arg0, arg1, arg2); // data, block num, blocks count, block byte width
|
||||
}
|
||||
|
||||
|
@ -1187,8 +1187,8 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
|
|||
if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("Can't select card");
|
||||
OnErrorMagic(MAGIC_UID);
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
// wipe tag, fill it with zeros
|
||||
if (workFlags & MAGIC_WIPE){
|
||||
|
@ -1196,14 +1196,14 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
|
|||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wupC1 error");
|
||||
OnErrorMagic(MAGIC_WIPE);
|
||||
};
|
||||
}
|
||||
|
||||
ReaderTransmit(wipeC, sizeof(wipeC), NULL);
|
||||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wipeC error");
|
||||
OnErrorMagic(MAGIC_WIPE);
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
// write block
|
||||
if (workFlags & MAGIC_WUPC) {
|
||||
|
@ -1211,19 +1211,19 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
|
|||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wupC1 error");
|
||||
OnErrorMagic(MAGIC_WUPC);
|
||||
};
|
||||
}
|
||||
|
||||
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
|
||||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wupC2 error");
|
||||
OnErrorMagic(MAGIC_WUPC);
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
if ((mifare_sendcmd_short(NULL, 0, ISO14443A_CMD_WRITEBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("write block send command error");
|
||||
OnErrorMagic(4);
|
||||
};
|
||||
}
|
||||
|
||||
memcpy(data, datain, 16);
|
||||
AppendCrc14443a(data, 16);
|
||||
|
@ -1232,7 +1232,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
|
|||
if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("write block send data error");
|
||||
OnErrorMagic(0);
|
||||
};
|
||||
}
|
||||
|
||||
if (workFlags & MAGIC_OFF)
|
||||
mifare_classic_halt_ex(NULL);
|
||||
|
@ -1271,20 +1271,20 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
|
|||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wupC1 error");
|
||||
OnErrorMagic(MAGIC_WUPC);
|
||||
};
|
||||
}
|
||||
|
||||
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
|
||||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("wupC2 error");
|
||||
OnErrorMagic(MAGIC_WUPC);
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
// read block
|
||||
if ((mifare_sendcmd_short(NULL, 0, ISO14443A_CMD_READBLOCK, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 18)) {
|
||||
if (MF_DBGLEVEL >= MF_DBG_ERROR) Dbprintf("read block send command error");
|
||||
OnErrorMagic(0);
|
||||
};
|
||||
}
|
||||
|
||||
memcpy(data, receivedAnswer, sizeof(data));
|
||||
|
||||
|
@ -1309,19 +1309,19 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain){
|
|||
void MifareCIdent(){
|
||||
|
||||
// variables
|
||||
byte_t isOK = 1;
|
||||
bool isOK = true;
|
||||
uint8_t receivedAnswer[1];
|
||||
uint8_t receivedAnswerPar[1];
|
||||
|
||||
ReaderTransmitBitsPar(wupC1,7,0, NULL);
|
||||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
isOK = 0;
|
||||
};
|
||||
isOK = false;
|
||||
}
|
||||
|
||||
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
|
||||
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
|
||||
isOK = 0;
|
||||
};
|
||||
isOK = false;
|
||||
}
|
||||
|
||||
// removed the if, since some magic tags misbehavies and send an answer to it.
|
||||
mifare_classic_halt(NULL, 0);
|
||||
|
|
|
@ -947,11 +947,10 @@ int FSKrawDemod(const char *Cmd, bool verbose)
|
|||
|
||||
//set defaults
|
||||
//set options from parameters entered with the command
|
||||
rfLen = param_get8ex(Cmd, 0, 0, 10);
|
||||
invert = param_get8ex(Cmd, 1, 0, 10);
|
||||
fchigh = param_get8ex(Cmd, 2, 0, 10);
|
||||
fclow = param_get8ex(Cmd, 3, 0, 10);
|
||||
|
||||
rfLen = param_get8(Cmd, 0);
|
||||
invert = param_get8(Cmd, 1);
|
||||
fchigh = param_get8(Cmd, 2);
|
||||
fclow = param_get8(Cmd, 3);
|
||||
if (strlen(Cmd)>0 && strlen(Cmd)<=2) {
|
||||
if (rfLen==1){
|
||||
invert = 1; //if invert option only is used
|
||||
|
@ -963,16 +962,16 @@ int FSKrawDemod(const char *Cmd, bool verbose)
|
|||
size_t BitLen = getFromGraphBuf(BitStream);
|
||||
if (BitLen==0) return 0;
|
||||
//get field clock lengths
|
||||
uint16_t fcs=0;
|
||||
uint8_t fc1=0, fc2=0, rf1=0;
|
||||
if (!fchigh || !fclow) {
|
||||
fcs = countFC(BitStream, BitLen, 1);
|
||||
if (!fcs) {
|
||||
fchigh = 10;
|
||||
fclow = 8;
|
||||
} else {
|
||||
fchigh = (fcs >> 8) & 0x00FF;
|
||||
fclow = fcs & 0x00FF;
|
||||
uint8_t ans = fskClocks(&fc1, &fc2, &rf1, false);
|
||||
if (ans == 0) {
|
||||
if (g_debugMode) PrintAndLog("\nError: cannot detect valid fsk field clocks");
|
||||
return 0; // can't detect field clock
|
||||
}
|
||||
fchigh = fc1;
|
||||
fclow = fc2;
|
||||
if (rfLen == 0) rfLen = rf1;
|
||||
}
|
||||
//get bit clock length
|
||||
if (!rfLen){
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
#include "mifare.h"
|
||||
#include "cmdhfmfu.h"
|
||||
#include "nonce2key/nonce2key.h"
|
||||
#include "cmdhf.h"
|
||||
|
||||
#define llx PRIx64
|
||||
|
||||
|
@ -171,7 +172,8 @@ int usage_hf_14a_raw(void){
|
|||
|
||||
int CmdHF14AList(const char *Cmd)
|
||||
{
|
||||
PrintAndLog("Deprecated command, use 'hf list 14a' instead");
|
||||
//PrintAndLog("Deprecated command, use 'hf list 14a' instead");
|
||||
CmdHFList("14a");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include "protocols.h"
|
||||
#include "usb_cmd.h"
|
||||
#include "cmdhfmfu.h"
|
||||
#include "cmdhf.h"
|
||||
|
||||
#define llX PRIx64
|
||||
|
||||
|
@ -62,7 +63,8 @@ int xorbits_8(uint8_t val) {
|
|||
}
|
||||
|
||||
int CmdHFiClassList(const char *Cmd) {
|
||||
PrintAndLog("Deprecated command, use 'hf list iclass' instead");
|
||||
//PrintAndLog("Deprecated command, use 'hf list iclass' instead");
|
||||
CmdHFList("iclass");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -1252,24 +1252,26 @@ int usage_hf_mfu_eload(void) {
|
|||
PrintAndLog("Usage: hf mfu eload u <file name w/o `.eml`> [numblocks]");
|
||||
PrintAndLog(" Options:");
|
||||
PrintAndLog(" h : this help");
|
||||
PrintAndLog(" u : UL");
|
||||
PrintAndLog(" numblocks : number of blocks to load from eml file");
|
||||
PrintAndLog(" u : UL (required)");
|
||||
PrintAndLog(" [filename] : without `.eml` (required)");
|
||||
PrintAndLog(" numblocks : number of blocks to load from eml file (optional)");
|
||||
PrintAndLog("");
|
||||
PrintAndLog(" sample: hf mfu eload u filename");
|
||||
PrintAndLog(" hf mfu eload u filename 57");
|
||||
return 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int usage_hf_mfu_sim(void) {
|
||||
PrintAndLog("\nEmulating Ultralight tag from emulator memory\n");
|
||||
PrintAndLog("\nBe sure to load the emulator memory first!\n");
|
||||
PrintAndLog("Usage: hf mfu sim t 7 u <uid>");
|
||||
PrintAndLog(" Options : ");
|
||||
PrintAndLog(" h : this help");
|
||||
PrintAndLog(" t : 7 = NTAG or Ultralight sim");
|
||||
PrintAndLog(" u : 4 or 7 byte UID");
|
||||
PrintAndLog(" Options:");
|
||||
PrintAndLog(" h : this help");
|
||||
PrintAndLog(" t 7 : 7 = NTAG or Ultralight sim (required)");
|
||||
PrintAndLog(" u <uid> : 4 or 7 byte UID (optional)");
|
||||
PrintAndLog("\n sample : hf mfu sim t 7");
|
||||
PrintAndLog(" : hf mfu sim t 7 u 1122344556677\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1469,12 +1471,6 @@ int CmdHF14AMfUDump(const char *Cmd){
|
|||
|
||||
// add keys to block dump
|
||||
if (hasAuthKey) {
|
||||
if (!swapEndian){
|
||||
authKeyPtr = SwapEndian64(authenticationkey, dataLen, (dataLen == 16) ? 8 : 4);
|
||||
} else {
|
||||
authKeyPtr = authenticationkey;
|
||||
}
|
||||
|
||||
if (tagtype & UL_C){ //add 4 pages
|
||||
memcpy(data + Pages*4, authKeyPtr, dataLen);
|
||||
Pages += dataLen/4;
|
||||
|
@ -1486,7 +1482,7 @@ int CmdHF14AMfUDump(const char *Cmd){
|
|||
uint8_t get_pack[] = {0,0};
|
||||
iso14a_card_select_t card;
|
||||
//attempt to read pack
|
||||
if (!ul_auth_select( &card, tagtype, true, authKeyPtr, get_pack, sizeof(get_pack))) {
|
||||
if (!ul_auth_select( &card, tagtype, hasAuthKey, authKeyPtr, get_pack, sizeof(get_pack))) {
|
||||
//reset pack
|
||||
get_pack[0]=0;
|
||||
get_pack[1]=0;
|
||||
|
@ -1537,7 +1533,7 @@ int CmdHF14AMfUDump(const char *Cmd){
|
|||
PrintAndLog("GetVer-2| %s| | %.4s", sprint_hex(dump_file_data+4, 4), dump_file_data+4);
|
||||
PrintAndLog("TBD | 00 00 | | ");
|
||||
PrintAndLog("Tearing | %s| | %.3s", sprint_hex(dump_file_data+10, 3), dump_file_data+10);
|
||||
PrintAndLog("Pack | %s | | %.2s", sprint_hex(dump_file_data+13, 2), dump_file_data+13);
|
||||
PrintAndLog("Pack | %s | | %.2s", sprint_hex(dump_file_data+13, 2), dump_file_data+13);
|
||||
PrintAndLog("TBD | 00 | | ");
|
||||
PrintAndLog("Sig-1 | %s| | %.4s", sprint_hex(dump_file_data+16, 4), dump_file_data+16);
|
||||
PrintAndLog("Sig-2 | %s| | %.4s", sprint_hex(dump_file_data+20, 4), dump_file_data+20);
|
||||
|
@ -1619,7 +1615,7 @@ int CmdHF14AMfUDump(const char *Cmd){
|
|||
fwrite( dump_file_data, 1, Pages*4 + DUMP_PREFIX_LENGTH, fout );
|
||||
fclose(fout);
|
||||
|
||||
PrintAndLog("Dumped %d pages, wrote %d bytes to %s", Pages+12, (Pages+12)*4, filename);
|
||||
PrintAndLog("Dumped %d pages, wrote %d bytes to %s", Pages+(DUMP_PREFIX_LENGTH/4), Pages*4 + DUMP_PREFIX_LENGTH, filename);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1776,14 +1772,13 @@ int CmdHF14AMfucSetPwd(const char *Cmd){
|
|||
|
||||
UsbCommand resp;
|
||||
if (WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
|
||||
if ( (resp.arg[0] & 0xff) == 1)
|
||||
if ( (resp.arg[0] & 0xff) == 1) {
|
||||
PrintAndLog("Ultralight-C new password: %s", sprint_hex(pwd,16));
|
||||
else{
|
||||
} else {
|
||||
PrintAndLog("Failed writing at block %d", resp.arg[1] & 0xff);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
PrintAndLog("command execution time out");
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
#include "proxmark3.h"
|
||||
#include "iso14443crc.h"
|
||||
#include "protocols.h"
|
||||
#include "cmdhf.h"
|
||||
|
||||
#define TOPAZ_MAX_MEMORY 2048
|
||||
|
||||
|
@ -33,7 +34,6 @@ static struct {
|
|||
uint8_t *dynamic_reserved_areas;
|
||||
} topaz_tag;
|
||||
|
||||
|
||||
static void topaz_switch_on_field(void)
|
||||
{
|
||||
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_SELECT | ISO14A_NO_DISCONNECT | ISO14A_TOPAZMODE, 0, 0}};
|
||||
|
@ -252,8 +252,7 @@ static void topaz_print_NDEF(uint8_t *data)
|
|||
}
|
||||
|
||||
|
||||
int CmdHFTopazReader(const char *Cmd)
|
||||
{
|
||||
int CmdHFTopazReader(const char *Cmd) {
|
||||
int status;
|
||||
uint8_t atqa[2];
|
||||
uint8_t rid_response[8];
|
||||
|
@ -367,24 +366,23 @@ int CmdHFTopazReader(const char *Cmd)
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int CmdHFTopazSim(const char *Cmd)
|
||||
{
|
||||
int CmdHFTopazSim(const char *Cmd) {
|
||||
PrintAndLog("not yet implemented");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int CmdHFTopazCmdRaw(const char *Cmd)
|
||||
{
|
||||
int CmdHFTopazCmdRaw(const char *Cmd) {
|
||||
PrintAndLog("not yet implemented");
|
||||
return 0;
|
||||
}
|
||||
|
||||
int CmdHFTopazList(const char *Cmd) {
|
||||
CmdHFList("topaz");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int CmdHelp(const char *Cmd);
|
||||
|
||||
|
||||
static command_t CommandTable[] =
|
||||
{
|
||||
{"help", CmdHelp, 1, "This help"},
|
||||
|
@ -392,10 +390,10 @@ static command_t CommandTable[] =
|
|||
{"sim", CmdHFTopazSim, 0, "<UID> -- Simulate Topaz tag"},
|
||||
{"sniff", CmdHF14ASniff, 0, "Sniff Topaz reader-tag communication"},
|
||||
{"raw", CmdHFTopazCmdRaw, 0, "Send raw hex data to tag"},
|
||||
{"list", CmdHFTopazList, 0, "[Deprecated] List Topaz history"},
|
||||
{NULL, NULL, 0, NULL}
|
||||
};
|
||||
|
||||
|
||||
int CmdHFTopaz(const char *Cmd) {
|
||||
// flush
|
||||
WaitForResponseTimeout(CMD_ACK,NULL,100);
|
||||
|
|
|
@ -12,5 +12,9 @@
|
|||
#define CMDHFTOPAZ_H__
|
||||
|
||||
int CmdHFTopaz(const char *Cmd);
|
||||
int CmdHFTopazReader(const char *Cmd);
|
||||
int CmdHFTopazSim(const char *Cmd);
|
||||
int CmdHFTopazCmdRaw(const char *Cmd);
|
||||
int CmdHFTopazList(const char *Cmd);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -150,12 +150,14 @@ int usage_t55xx_wakup(){
|
|||
return 0;
|
||||
}
|
||||
int usage_t55xx_bruteforce(){
|
||||
PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password> [i <*.dic>]");
|
||||
PrintAndLog(" password must be 4 bytes (8 hex symbols)");
|
||||
PrintAndLog("This command uses A) bruteforce to scan a number range");
|
||||
PrintAndLog(" B) a dictionary attack");
|
||||
PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password> [i <*.dic>]");
|
||||
PrintAndLog(" password must be 4 bytes (8 hex symbols)");
|
||||
PrintAndLog("Options:");
|
||||
PrintAndLog(" h - this help");
|
||||
PrintAndLog(" <start_pwd> - 4 byte hex value to start pwd search at");
|
||||
PrintAndLog(" <end_pwd> - 4 byte hex value to end pwd search at");
|
||||
PrintAndLog(" i <*.dic> - loads a default keys dictionary file <*.dic>");
|
||||
PrintAndLog("");
|
||||
PrintAndLog("Examples:");
|
||||
|
@ -181,7 +183,6 @@ int CmdT55xxSetConfig(const char *Cmd) {
|
|||
uint8_t bitRate = 0;
|
||||
uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};
|
||||
uint8_t cmdp = 0;
|
||||
config.Q5 = FALSE;
|
||||
bool errors = FALSE;
|
||||
while(param_getchar(Cmd, cmdp) != 0x00 && !errors)
|
||||
{
|
||||
|
@ -384,11 +385,12 @@ bool DecodeT55xxBlock(){
|
|||
ans = ASKDemod(cmdStr, FALSE, FALSE, 1);
|
||||
break;
|
||||
case DEMOD_PSK1:
|
||||
// skip first 16 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)
|
||||
// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)
|
||||
save_restoreGB(1);
|
||||
CmdLtrim("160");
|
||||
snprintf(cmdStr, sizeof(buf),"%d %d 6", bitRate[config.bitrate], config.inverted );
|
||||
ans = PSKDemod(cmdStr, FALSE);
|
||||
//undo trim samples
|
||||
save_restoreGB(0);
|
||||
break;
|
||||
case DEMOD_PSK2: //inverted won't affect this
|
||||
|
@ -399,7 +401,8 @@ bool DecodeT55xxBlock(){
|
|||
snprintf(cmdStr, sizeof(buf),"%d 0 6", bitRate[config.bitrate] );
|
||||
ans = PSKDemod(cmdStr, FALSE);
|
||||
psk1TOpsk2(DemodBuffer, DemodBufferLen);
|
||||
save_restoreGB(1);
|
||||
//undo trim samples
|
||||
save_restoreGB(0);
|
||||
break;
|
||||
case DEMOD_NRZ:
|
||||
snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );
|
||||
|
@ -417,7 +420,6 @@ bool DecodeT55xxBlock(){
|
|||
}
|
||||
|
||||
int CmdT55xxDetect(const char *Cmd){
|
||||
|
||||
bool errors = FALSE;
|
||||
bool useGB = FALSE;
|
||||
bool usepwd = FALSE;
|
||||
|
@ -465,7 +467,6 @@ bool tryDetectModulation(){
|
|||
t55xx_conf_block_t tests[15];
|
||||
int bitRate=0;
|
||||
uint8_t fc1 = 0, fc2 = 0, clk=0;
|
||||
save_restoreGB(1);
|
||||
|
||||
if (GetFskClock("", FALSE, FALSE)){
|
||||
fskClocks(&fc1, &fc2, &clk, FALSE);
|
||||
|
@ -486,7 +487,6 @@ bool tryDetectModulation(){
|
|||
tests[hits].modulation = DEMOD_FSK1;
|
||||
else if (fc1 == 10 && fc2 == 8)
|
||||
tests[hits].modulation = DEMOD_FSK2a;
|
||||
|
||||
tests[hits].bitrate = bitRate;
|
||||
tests[hits].inverted = TRUE;
|
||||
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);
|
||||
|
@ -525,7 +525,7 @@ bool tryDetectModulation(){
|
|||
}
|
||||
}
|
||||
//undo trim from ask
|
||||
save_restoreGB(0);
|
||||
//save_restoreGB(0);
|
||||
clk = GetNrzClock("", FALSE, FALSE);
|
||||
if (clk>0) {
|
||||
if ( NRZrawDemod("0 0 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {
|
||||
|
@ -545,9 +545,9 @@ bool tryDetectModulation(){
|
|||
}
|
||||
}
|
||||
|
||||
//undo trim from nrz
|
||||
save_restoreGB(0);
|
||||
// allow undo
|
||||
// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)
|
||||
save_restoreGB(1);
|
||||
CmdLtrim("160");
|
||||
clk = GetPskClock("", FALSE, FALSE);
|
||||
if (clk>0) {
|
||||
|
@ -588,14 +588,16 @@ bool tryDetectModulation(){
|
|||
}
|
||||
} // inverse waves does not affect this demod
|
||||
}
|
||||
//undo trim samples
|
||||
save_restoreGB(0);
|
||||
}
|
||||
save_restoreGB(0);
|
||||
if ( hits == 1) {
|
||||
config.modulation = tests[0].modulation;
|
||||
config.bitrate = tests[0].bitrate;
|
||||
config.inverted = tests[0].inverted;
|
||||
config.offset = tests[0].offset;
|
||||
config.block0 = tests[0].block0;
|
||||
config.Q5 = tests[0].Q5;
|
||||
printConfiguration( config );
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -671,6 +673,15 @@ bool testQ5Modulation(uint8_t mode, uint8_t modread){
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
int convertQ5bitRate(uint8_t bitRateRead) {
|
||||
uint8_t expected[] = {8, 16, 32, 40, 50, 64, 100, 128};
|
||||
for (int i=0; i<8; i++)
|
||||
if (expected[i] == bitRateRead)
|
||||
return i;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk){
|
||||
|
||||
if ( DemodBufferLen < 64 ) return FALSE;
|
||||
|
@ -682,12 +693,12 @@ bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk){
|
|||
uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key
|
||||
uint8_t resv = PackBits(si, 8, DemodBuffer); si += 8;
|
||||
// 2nibble must be zeroed.
|
||||
if (safer != 0x6) continue;
|
||||
if (safer != 0x6 && safer != 0x9) continue;
|
||||
if ( resv > 0x00) continue;
|
||||
//uint8_t pageSel = PackBits(si, 1, DemodBuffer); si += 1;
|
||||
//uint8_t fastWrite = PackBits(si, 1, DemodBuffer); si += 1;
|
||||
si += 1+1;
|
||||
int bitRate = PackBits(si, 5, DemodBuffer)*2 + 2; si += 5; //bit rate
|
||||
int bitRate = PackBits(si, 6, DemodBuffer)*2 + 2; si += 6; //bit rate
|
||||
if (bitRate > 128 || bitRate < 8) continue;
|
||||
|
||||
//uint8_t AOR = PackBits(si, 1, DemodBuffer); si += 1;
|
||||
|
@ -702,7 +713,8 @@ bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk){
|
|||
//test modulation
|
||||
if (!testQ5Modulation(mode, modread)) continue;
|
||||
if (bitRate != clk) continue;
|
||||
*fndBitRate = bitRate;
|
||||
*fndBitRate = convertQ5bitRate(bitRate);
|
||||
if (*fndBitRate < 0) continue;
|
||||
*offset = idx;
|
||||
|
||||
return TRUE;
|
||||
|
@ -1117,35 +1129,16 @@ char * GetBitRateStr(uint32_t id){
|
|||
|
||||
char *retStr = buf;
|
||||
switch (id){
|
||||
case 0:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/8",id);
|
||||
break;
|
||||
case 1:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/16",id);
|
||||
break;
|
||||
case 2:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/32",id);
|
||||
break;
|
||||
case 3:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/40",id);
|
||||
break;
|
||||
case 4:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/50",id);
|
||||
break;
|
||||
case 5:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/64",id);
|
||||
break;
|
||||
case 6:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/100",id);
|
||||
break;
|
||||
case 7:
|
||||
snprintf(retStr,sizeof(buf),"%d - RF/128",id);
|
||||
break;
|
||||
default:
|
||||
snprintf(retStr,sizeof(buf),"%d - (Unknown)",id);
|
||||
break;
|
||||
case 0: snprintf(retStr,sizeof(buf),"%d - RF/8",id); break;
|
||||
case 1: snprintf(retStr,sizeof(buf),"%d - RF/16",id); break;
|
||||
case 2: snprintf(retStr,sizeof(buf),"%d - RF/32",id); break;
|
||||
case 3: snprintf(retStr,sizeof(buf),"%d - RF/40",id); break;
|
||||
case 4: snprintf(retStr,sizeof(buf),"%d - RF/50",id); break;
|
||||
case 5: snprintf(retStr,sizeof(buf),"%d - RF/64",id); break;
|
||||
case 6: snprintf(retStr,sizeof(buf),"%d - RF/100",id); break;
|
||||
case 7: snprintf(retStr,sizeof(buf),"%d - RF/128",id); break;
|
||||
default: snprintf(retStr,sizeof(buf),"%d - (Unknown)",id); break;
|
||||
}
|
||||
|
||||
return buf;
|
||||
}
|
||||
|
||||
|
@ -1476,7 +1469,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
|
|||
|
||||
static command_t CommandTable[] = {
|
||||
{"help", CmdHelp, 1, "This help"},
|
||||
{"bruteforce", CmdT55xxBruteForce,0, "Simple bruteforce attack to find password"},
|
||||
{"bruteforce",CmdT55xxBruteForce,0, "<start password> <end password> [i <*.dic>] Simple bruteforce attack to find password"},
|
||||
{"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
|
||||
{"detect", CmdT55xxDetect, 1, "[1] Try detecting the tag modulation from reading the configuration block."},
|
||||
{"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. Optional [password], [override]"},
|
||||
|
|
|
@ -140,7 +140,7 @@ char *sprint_bin_break(const uint8_t *data, const size_t len, const uint8_t brea
|
|||
for (size_t out_index=0; out_index < max_len; out_index++) {
|
||||
// set character
|
||||
sprintf(tmp++, "%u", data[in_index]);
|
||||
// check if a line break is needed
|
||||
// check if a line break is needed and we have room to print it in our array
|
||||
if ( (breaks > 0) && !((in_index+1) % breaks) && (out_index+1 != max_len) ) {
|
||||
// increment and print line break
|
||||
out_index++;
|
||||
|
@ -195,7 +195,6 @@ void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest) {
|
|||
// up to 64 bytes or 512 bits
|
||||
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize){
|
||||
static uint8_t buf[64];
|
||||
//uint8_t buf[64];
|
||||
memset(buf, 0x00, 64);
|
||||
uint8_t *tmp = buf;
|
||||
for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
|
||||
|
|
Loading…
Reference in a new issue