Thanks to the user jareckib for his solution of adding two extra blocks to t5577 in order to clone a more modern Electra tag. Find it under the extra param lf em 410x clone --electra

2024-09-20 07:16:14 +08:00 · 2024-02-16 21:21:02 +01:00 · 2024-02-16 21:21:02 +01:00 · c544d67d2b
parent 60439dc29b
commit c544d67d2b
8 changed files with 66 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...

 ## [unreleased][unreleased]
+ - Added `lf em 410x --electra` - adds two extra blocks. Thanks jareckib (@iceman1001)
 - Changed `hf mfu info` - now identifies UL-AES correct (@iceman1001)
 - Changed `hw detectreader` - Detect both LF and HF at the same time (@wh201906)
 - Changed `hf mfu info` - should not try pwd against a UL-AES (@iceman1001)
--- a/armsrc/Standalone/lf_em4100rswb.c
+++ b/armsrc/Standalone/lf_em4100rswb.c
@ -284,7 +284,13 @@ static int ExecuteMode(int mode, int slot) {
            return LF_RWSB_UNKNOWN_RESULT;
        case LF_RWSB_MODE_WRITE:
            Dbprintf("[!!] >>  Write mode started  <<");
-            copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(em4100rswb_low[slot] >> 32), (uint32_t)(em4100rswb_low[slot] & 0xffffffff), true);
+            copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE
+                , LF_CLOCK
+                , (uint32_t)(em4100rswb_low[slot] >> 32)
+                , (uint32_t)(em4100rswb_low[slot] & 0xffffffff)
+                , false
+                , true
+            );
            return LF_RWSB_UNKNOWN_RESULT;
        case LF_RWSB_MODE_BRUTE:
            Dbprintf("[=] >>  Bruteforce mode started  <<");
--- a/armsrc/Standalone/lf_em4100rsww.c
+++ b/armsrc/Standalone/lf_em4100rsww.c
@ -166,7 +166,13 @@ static void Wipe(void) {
        LED_B_ON();
        LED_C_ON();
        LED_D_ON();
-        copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t) 0, (uint32_t) 0, false);
+        copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE
+            , LF_CLOCK
+            , (uint32_t) 0
+            , (uint32_t) 0
+            , false
+            , false
+        );
        SpinDelay(60);
        LEDsoff();
        LED_D_ON();
@ -283,7 +289,13 @@ static void Write(void) {
    DbpString("Write");
    LED_A_ON();
    LED_B_ON();
-    copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(low >> 32), (uint32_t)(low & 0xffffffff), false);
+    copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE
+        , LF_CLOCK
+        , (uint32_t)(low >> 32)
+        , (uint32_t)(low & 0xffffffff)
+        , false
+        , false
+    );
    SpinDelay(75);
    LEDsoff();

--- a/armsrc/Standalone/lf_em4100rwc.c
+++ b/armsrc/Standalone/lf_em4100rwc.c
@ -217,7 +217,13 @@ void RunMod(void) {
                    state = 0;
                } else if (button_pressed == BUTTON_SINGLE_CLICK) {
                    // Click - write ID to tag
-                    copy_em410x_to_t55xx(0, LF_CLOCK, (uint32_t)(em4100rwc_low[selected] >> 32), (uint32_t)(em4100rwc_low[selected] & 0xffffffff), true);
+                    copy_em410x_to_t55xx(0
+                        , LF_CLOCK
+                        , (uint32_t)(em4100rwc_low[selected] >> 32)
+                        , (uint32_t)(em4100rwc_low[selected] & 0xffffffff)
+                        , false
+                        , true
+                        );
                    led_slot(selected);
                    state = 0; // Switch to select mode
                }
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -958,13 +958,14 @@ static void PacketReceived(PacketCommandNG *packet) {
            struct p {
                bool Q5;
                bool EM;
+                bool add_electra;
                uint8_t clock;
                uint32_t high;
                uint32_t low;
            } PACKED;
            struct p *payload = (struct p *)packet->data.asBytes;
            uint8_t card = payload->Q5 ? 0 : (payload->EM ? 2 : 1);
-            int res = copy_em410x_to_t55xx(card, payload->clock, payload->high, payload->low, true);
+            int res = copy_em410x_to_t55xx(card, payload->clock, payload->high, payload->low, payload->add_electra, true);
            reply_ng(CMD_LF_EM410X_CLONE, res, NULL, 0);
            break;
        }
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -2344,7 +2344,7 @@ void CopyVikingtoT55xx(const uint8_t *blocks, bool q5, bool em, bool ledcontrol)
    reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0);
 }

-int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool ledcontrol) {
+int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool add_electra, bool ledcontrol) {

 // Define 9bit header for EM410x tags
 #define EM410X_HEADER    0x1FF
@ -2422,24 +2422,43 @@ int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t i
    clock = (clock == 0) ? 64 : clock;
    Dbprintf("Clock rate: %d", clock);

+    uint32_t electra[] = { 0x7E1EAAAA, 0xAAAAAAAA };
+    uint8_t blocks = 2;
+    if (add_electra) {
+        blocks = 4;
+    }
+
    if (card == 1) { // T55x7
-        data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
+        data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (blocks << T55x7_MAXBLOCK_SHIFT);
    } else if (card == 2) { // EM4x05
-        data[0] = (EM4x05_SET_BITRATE(clock) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(2));
+        data[0] = (EM4x05_SET_BITRATE(clock) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(blocks));
    } else { // T5555 (Q5)
-        data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
+        data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (blocks << T5555_MAXBLOCK_SHIFT);
    }
    if (card == 2) {
        WriteEM4x05(data, 4, 3, ledcontrol);
+        if (add_electra) {
+            WriteEM4x05(electra, 7, 2, ledcontrol);
+        }
    } else {
        WriteT55xx(data, 0, 3, ledcontrol);
+        if (add_electra) {
+            WriteT55xx(electra, 3, 2, ledcontrol);
+        }
    }

    if (ledcontrol) LEDsoff();
-    Dbprintf("Tag %s written with 0x%08x%08x\n",
-             card == 0 ? "T5555" : (card == 1 ? "T55x7" : "EM4x05"),
-             (uint32_t)(id >> 32),
-             (uint32_t)id);
+
+    Dbprintf("Tag %s written with 0x%08x%08x",
+            card == 0 ? "T5555" : (card == 1 ? "T55x7" : "EM4x05"),
+            (uint32_t)(id >> 32),
+            (uint32_t)id
+        );
+
+    if (add_electra) {
+        Dbprintf("Electra 0x%08x%08x\n", electra[0], electra[1]);
+    }
+
    return PM3_SUCCESS;
 }

--- a/armsrc/lfops.h
+++ b/armsrc/lfops.h
@ -56,7 +56,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol);
 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool q5, bool em, bool ledcontrol); // Clone an HID card to T5557/T5567
 void CopyVikingtoT55xx(const uint8_t *blocks, bool q5, bool em, bool ledcontrol);

-int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool ledcontrol);
+int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool add_electra, bool ledcontrol);

 void T55xxResetRead(uint8_t flags, bool ledcontrol);
 //id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags, bool ledcontrol);
--- a/client/src/cmdlfem410x.c
+++ b/client/src/cmdlfem410x.c
@ -104,7 +104,7 @@ static void em410x_construct_emul_graph(uint8_t *uid, uint8_t clock, uint8_t gap
    AppendGraph(true, clock, 0);
 }

-//print 64 bit EM410x ID in multiple formats
+// print 64 bit EM410x ID in multiple formats
 void printEM410x(uint32_t hi, uint64_t id, bool verbose, int type) {

    if (!id && !hi) return;
@ -279,7 +279,7 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) {
    size_t idx = 0;
    uint8_t bits[512] = {0};
    size_t size = sizeof(bits);
-    if (!getDemodBuff(bits, &size)) {
+    if (getDemodBuff(bits, &size) == false) {
        PrintAndLogEx(DEBUG, "DEBUG: Error - Em410x problem during copy from ASK demod");
        return PM3_ESOFT;
    }
@ -330,7 +330,7 @@ static int CmdEM410xWatch(const char *Cmd) {
    return lfsim_wait_check(CMD_LF_EM410X_WATCH);
 }

-//by marshmellow
+// by marshmellow
 //takes 3 arguments - clock, invert and maxErr as integers
 //attempts to demodulate ask while decoding manchester
 //prints binary found and saves in graphbuffer for further commands
@ -671,6 +671,7 @@ static int CmdEM410xClone(const char *Cmd) {
        arg_str1(NULL, "id", "<hex>", "EM Tag ID number (5 hex bytes)"),
        arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"),
        arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"),
+        arg_lit0(NULL, "electra", "optional - add Electra blocks to tag"),
        arg_param_end
    };
    CLIExecWithReturn(ctx, Cmd, argtable, false);
@ -682,6 +683,7 @@ static int CmdEM410xClone(const char *Cmd) {
    CLIGetHexWithReturn(ctx, 2, uid, &uid_len);
    bool q5 = arg_get_lit(ctx, 3);
    bool em = arg_get_lit(ctx, 4);
+    bool add_electra = arg_get_lit(ctx, 5);
    CLIParserFree(ctx);

    uint64_t id = bytes_to_num(uid, uid_len);
@ -702,6 +704,7 @@ static int CmdEM410xClone(const char *Cmd) {
    struct {
        bool Q5;
        bool EM;
+        bool add_electra;
        uint8_t clock;
        uint32_t high;
        uint32_t low;
@ -709,6 +712,7 @@ static int CmdEM410xClone(const char *Cmd) {

    payload.Q5 = q5;
    payload.EM = em;
+    payload.add_electra = add_electra;
    payload.clock = clk;
    payload.high = (uint32_t)(id >> 32);
    payload.low = (uint32_t)id;