From 952845722c986ccdea8ccbf0a44560acafeecb05 Mon Sep 17 00:00:00 2001 From: tharexde Date: Fri, 4 Dec 2020 22:38:48 +0100 Subject: [PATCH] use piffs instead of direct writing to flash memory --- armsrc/em4x50.c | 41 +++++++++++------------ client/src/cmdlfem4x50.c | 70 +++++++++++----------------------------- 2 files changed, 36 insertions(+), 75 deletions(-) diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index 409cd7ba8..e63d63a76 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -17,6 +17,7 @@ #include "em4x50.h" #include "flashmem.h" #include "BigBuf.h" +#include "spiffs.h" #include "appmain.h" // tear // Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK) @@ -916,41 +917,33 @@ void em4x50_brute(em4x50_data_t *etd) { reply_ng(CMD_LF_EM4X50_BRUTE, bsuccess, (uint8_t *)(&pwd), 32); } -void em4x50_chk(uint32_t *offset) { +void em4x50_chk(uint8_t *filename) { // check passwords from dictionary content in flash memory int status = PM3_EFAILED; - uint8_t counter[2] = {0x00, 0x00}; - uint16_t isok = 0; uint16_t pwd_count = 0; - uint16_t pwd_size_available = 0; uint32_t pwd = 0x0; - uint8_t *pwds = BigBuf_get_EM_addr(); +#ifdef WITH_FLASH //----------------------------------------------------------------------------- - // Note: we call FpgaDownloadAndGo(FPGA_BITSTREAM_LF) here although FPGA is not - // involved in dealing with emulator memory. But if it is called later, it will - // destroy the Emulator Memory. + // without calling FpgaDownloadAndGo the initial em4x50_chk call doesn't find + // a password (altough the correct password is in the dictionary) //----------------------------------------------------------------------------- FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - BigBuf_Clear_EM(); + BigBuf_free(); - // initialize passwords and get number of passwords - if (Flash_ReadData(*offset, counter, sizeof(counter)) != sizeof(counter)) - goto OUT; + int changed = rdv40_spiffs_lazy_mount(); + uint32_t size = size_in_spiffs((char *)filename); + pwd_count = size / 4; + uint8_t *pwds = BigBuf_malloc(size); - pwd_count = (uint16_t)(counter[1] << 8 | counter[0]); - if (pwd_count == 0) - goto OUT; + rdv40_spiffs_read_as_filetype((char *)filename, pwds, size, RDV40_SPIFFS_SAFETY_SAFE); + + if (changed) + rdv40_spiffs_lazy_unmount(); - pwd_size_available = 4 * pwd_count; - - isok = Flash_ReadData(*offset + 2, pwds, pwd_size_available); - if (isok != pwd_size_available) - goto OUT; - em4x50_setup_read(); // set gHigh and gLow @@ -975,8 +968,10 @@ void em4x50_chk(uint32_t *offset) { } } -OUT: - + BigBuf_free(); + +#endif + lf_finalize(); reply_ng(CMD_LF_EM4X50_CHK, status, (uint8_t *)&pwd, 32); } diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index 342227e56..601f499f1 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -13,6 +13,8 @@ #include "fileutils.h" #include "commonutil.h" #include "pmflash.h" +#include "cmdflashmemspiffs.h" +#include "cmdparser.h" #define CARD_MEMORY_SIZE 4096 @@ -171,6 +173,7 @@ static void em4x50_seteml(uint8_t *src, uint32_t offset, uint32_t numofbytes) { } } + static int em4x50_wipe_flash(int page) { int isok = 0; @@ -193,6 +196,7 @@ static int em4x50_wipe_flash(int page) { return PM3_SUCCESS; } + static int em4x50_write_flash(uint8_t *data, int offset, size_t datalen) { int isok = 0; @@ -448,19 +452,18 @@ int CmdEM4x50Brute(const char *Cmd) { int CmdEM4x50Chk(const char *Cmd) { - // upload passwords from given dictionary to flash memory and - // start password check; + // upload passwords from given dictionary to device and start check; // if no filename is given dictionary "t55xx_default_pwds.dic" is used int status = PM3_EFAILED; int res = 0, slen = 0; - int keys_remain = 0; - int block_count = 1; size_t datalen = 0; uint8_t data[FLASH_MEM_MAX_SIZE] = {0x0}; uint8_t *keys = data; uint32_t key_count = 0, offset = 0; char filename[FILE_PATH_SIZE] = {0}; + uint8_t destfn[32] = "em4x50_chk.bin"; + PacketResponseNG resp; CLIParserContext *ctx; @@ -487,63 +490,26 @@ int CmdEM4x50Chk(const char *Cmd) { PrintAndLogEx(INFO, "treating file as T55xx keys"); } - res = loadFileDICTIONARY(filename, data + 2, &datalen, 4, &key_count); + res = loadFileDICTIONARY(filename, data, &datalen, 4, &key_count); if (res || !key_count) return PM3_EFILE; PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button"); - - if (datalen > CARD_MEMORY_SIZE) { - // we have to use more than one block of passwords - block_count = (4 * key_count) / CARD_MEMORY_SIZE; - keys_remain = key_count - block_count * CARD_MEMORY_SIZE / 4; - - if (keys_remain != 0) - block_count++; - - // adjust pwd_size_available and pwd_count - datalen = CARD_MEMORY_SIZE; - key_count = datalen / 4; - - PrintAndLogEx(INFO, "Keys subdivided into %i blocks", block_count); - } - - for (int n = 0; n < block_count; n++) { - - // adjust parameters if more than 1 block - if (n != 0) { - - keys += datalen; - - // final run with remaining passwords - if (n == block_count - 1) { - key_count = keys_remain; - datalen = 4 * keys_remain; - } - } - - keys[0] = (key_count >> 0) & 0xFF; - keys[1] = (key_count >> 8) & 0xFF; - - PrintAndLogEx(INPLACE, "Checking block #%i (%i keys)", n + 1, key_count); - - // send to device - res = em4x50_write_flash(keys, offset, datalen + 2); + if (IfPm3Flash()) { + // upload to flash. + res = flashmem_spiffs_load(destfn, keys, datalen + 2); if (res != PM3_SUCCESS) { - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(WARNING, "Error uploading to flash."); + PrintAndLogEx(WARNING, "\nSPIFFS upload failed"); return res; } - - clearCommandBuffer(); - SendCommandNG(CMD_LF_EM4X50_CHK, (uint8_t *)&offset, sizeof(offset)); - WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false); - - status = resp.status; - if ((status == PM3_SUCCESS) || (status == PM3_EOPABORTED)) - break; } + + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM4X50_CHK, destfn, sizeof(destfn)); + WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false); + + status = resp.status; // print response if (status == PM3_SUCCESS) {