RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-01-06 16:27:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

use piffs instead of direct writing to flash memory

Browse source
This commit is contained in:
tharexde 2020-12-04 22:38:48 +01:00
parent e50f386ad2
commit 952845722c
2 changed files with 36 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
armsrc/em4x50.c
View file

@ -17,6 +17,7 @@
#include "em4x50.h"
#include "flashmem.h"
#include "BigBuf.h"
#include "spiffs.h"
#include "appmain.h" // tear
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
@ -916,41 +917,33 @@ void em4x50_brute(em4x50_data_t *etd) {
reply_ng(CMD_LF_EM4X50_BRUTE, bsuccess, (uint8_t *)(&pwd), 32);
}
void em4x50_chk(uint32_t *offset) {
void em4x50_chk(uint8_t *filename) {
// check passwords from dictionary content in flash memory
int status = PM3_EFAILED;
uint8_t counter[2] = {0x00, 0x00};
uint16_t isok = 0;
uint16_t pwd_count = 0;
uint16_t pwd_size_available = 0;
uint32_t pwd = 0x0;
uint8_t *pwds = BigBuf_get_EM_addr();
#ifdef WITH_FLASH
//-----------------------------------------------------------------------------
// Note: we call FpgaDownloadAndGo(FPGA_BITSTREAM_LF) here although FPGA is not
// involved in dealing with emulator memory. But if it is called later, it will
// destroy the Emulator Memory.
// without calling FpgaDownloadAndGo the initial em4x50_chk call doesn't find
// a password (altough the correct password is in the dictionary)
//-----------------------------------------------------------------------------
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
BigBuf_Clear_EM();
BigBuf_free();
// initialize passwords and get number of passwords
if (Flash_ReadData(*offset, counter, sizeof(counter)) != sizeof(counter))
goto OUT;
int changed = rdv40_spiffs_lazy_mount();
uint32_t size = size_in_spiffs((char *)filename);
pwd_count = size / 4;
uint8_t *pwds = BigBuf_malloc(size);
pwd_count = (uint16_t)(counter[1] << 8 | counter[0]);
if (pwd_count == 0)
goto OUT;
rdv40_spiffs_read_as_filetype((char *)filename, pwds, size, RDV40_SPIFFS_SAFETY_SAFE);
if (changed)
rdv40_spiffs_lazy_unmount();
pwd_size_available = 4 * pwd_count;
isok = Flash_ReadData(*offset + 2, pwds, pwd_size_available);
if (isok != pwd_size_available)
goto OUT;
em4x50_setup_read();
// set gHigh and gLow
@ -975,8 +968,10 @@ void em4x50_chk(uint32_t *offset) {
}
}
OUT:
BigBuf_free();
#endif
lf_finalize();
reply_ng(CMD_LF_EM4X50_CHK, status, (uint8_t *)&pwd, 32);
}

70
client/src/cmdlfem4x50.c
View file

@ -13,6 +13,8 @@
#include "fileutils.h"
#include "commonutil.h"
#include "pmflash.h"
#include "cmdflashmemspiffs.h"
#include "cmdparser.h"
#define CARD_MEMORY_SIZE 4096
@ -171,6 +173,7 @@ static void em4x50_seteml(uint8_t *src, uint32_t offset, uint32_t numofbytes) {
}
}
static int em4x50_wipe_flash(int page) {
int isok = 0;
@ -193,6 +196,7 @@ static int em4x50_wipe_flash(int page) {
return PM3_SUCCESS;
}
static int em4x50_write_flash(uint8_t *data, int offset, size_t datalen) {
int isok = 0;
@ -448,19 +452,18 @@ int CmdEM4x50Brute(const char *Cmd) {
int CmdEM4x50Chk(const char *Cmd) {
// upload passwords from given dictionary to flash memory and
// start password check;
// upload passwords from given dictionary to device and start check;
// if no filename is given dictionary "t55xx_default_pwds.dic" is used
int status = PM3_EFAILED;
int res = 0, slen = 0;
int keys_remain = 0;
int block_count = 1;
size_t datalen = 0;
uint8_t data[FLASH_MEM_MAX_SIZE] = {0x0};
uint8_t *keys = data;
uint32_t key_count = 0, offset = 0;
char filename[FILE_PATH_SIZE] = {0};
uint8_t destfn[32] = "em4x50_chk.bin";
PacketResponseNG resp;
CLIParserContext *ctx;
@ -487,63 +490,26 @@ int CmdEM4x50Chk(const char *Cmd) {
PrintAndLogEx(INFO, "treating file as T55xx keys");
}
res = loadFileDICTIONARY(filename, data + 2, &datalen, 4, &key_count);
res = loadFileDICTIONARY(filename, data, &datalen, 4, &key_count);
if (res || !key_count)
return PM3_EFILE;
PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
if (datalen > CARD_MEMORY_SIZE) {
// we have to use more than one block of passwords
block_count = (4 * key_count) / CARD_MEMORY_SIZE;
keys_remain = key_count - block_count * CARD_MEMORY_SIZE / 4;
if (keys_remain != 0)
block_count++;
// adjust pwd_size_available and pwd_count
datalen = CARD_MEMORY_SIZE;
key_count = datalen / 4;
PrintAndLogEx(INFO, "Keys subdivided into %i blocks", block_count);
}
for (int n = 0; n < block_count; n++) {
// adjust parameters if more than 1 block
if (n != 0) {
keys += datalen;
// final run with remaining passwords
if (n == block_count - 1) {
key_count = keys_remain;
datalen = 4 * keys_remain;
}
}
keys[0] = (key_count >> 0) & 0xFF;
keys[1] = (key_count >> 8) & 0xFF;
PrintAndLogEx(INPLACE, "Checking block #%i (%i keys)", n + 1, key_count);
// send to device
res = em4x50_write_flash(keys, offset, datalen + 2);
if (IfPm3Flash()) {
// upload to flash.
res = flashmem_spiffs_load(destfn, keys, datalen + 2);
if (res != PM3_SUCCESS) {
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(WARNING, "Error uploading to flash.");
PrintAndLogEx(WARNING, "\nSPIFFS upload failed");
return res;
}
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_CHK, (uint8_t *)&offset, sizeof(offset));
WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false);
status = resp.status;
if ((status == PM3_SUCCESS) || (status == PM3_EOPABORTED))
break;
}
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_CHK, destfn, sizeof(destfn));
WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false);
status = resp.status;
// print response
if (status == PM3_SUCCESS) {