mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-20 07:16:14 +08:00
Thanks to the user jareckib for his solution of adding two extra blocks to t5577 in order to clone a more modern Electra tag. Find it under the extra param lf em 410x clone --electra
This commit is contained in:
parent
60439dc29b
commit
c544d67d2b
|
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
|
|||
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
|
||||
|
||||
## [unreleased][unreleased]
|
||||
- Added `lf em 410x --electra` - adds two extra blocks. Thanks jareckib (@iceman1001)
|
||||
- Changed `hf mfu info` - now identifies UL-AES correct (@iceman1001)
|
||||
- Changed `hw detectreader` - Detect both LF and HF at the same time (@wh201906)
|
||||
- Changed `hf mfu info` - should not try pwd against a UL-AES (@iceman1001)
|
||||
|
|
|
@ -284,7 +284,13 @@ static int ExecuteMode(int mode, int slot) {
|
|||
return LF_RWSB_UNKNOWN_RESULT;
|
||||
case LF_RWSB_MODE_WRITE:
|
||||
Dbprintf("[!!] >> Write mode started <<");
|
||||
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(em4100rswb_low[slot] >> 32), (uint32_t)(em4100rswb_low[slot] & 0xffffffff), true);
|
||||
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE
|
||||
, LF_CLOCK
|
||||
, (uint32_t)(em4100rswb_low[slot] >> 32)
|
||||
, (uint32_t)(em4100rswb_low[slot] & 0xffffffff)
|
||||
, false
|
||||
, true
|
||||
);
|
||||
return LF_RWSB_UNKNOWN_RESULT;
|
||||
case LF_RWSB_MODE_BRUTE:
|
||||
Dbprintf("[=] >> Bruteforce mode started <<");
|
||||
|
|
|
@ -166,7 +166,13 @@ static void Wipe(void) {
|
|||
LED_B_ON();
|
||||
LED_C_ON();
|
||||
LED_D_ON();
|
||||
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t) 0, (uint32_t) 0, false);
|
||||
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE
|
||||
, LF_CLOCK
|
||||
, (uint32_t) 0
|
||||
, (uint32_t) 0
|
||||
, false
|
||||
, false
|
||||
);
|
||||
SpinDelay(60);
|
||||
LEDsoff();
|
||||
LED_D_ON();
|
||||
|
@ -283,7 +289,13 @@ static void Write(void) {
|
|||
DbpString("Write");
|
||||
LED_A_ON();
|
||||
LED_B_ON();
|
||||
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE, LF_CLOCK, (uint32_t)(low >> 32), (uint32_t)(low & 0xffffffff), false);
|
||||
copy_em410x_to_t55xx(LF_RWSB_T55XX_TYPE
|
||||
, LF_CLOCK
|
||||
, (uint32_t)(low >> 32)
|
||||
, (uint32_t)(low & 0xffffffff)
|
||||
, false
|
||||
, false
|
||||
);
|
||||
SpinDelay(75);
|
||||
LEDsoff();
|
||||
|
||||
|
|
|
@ -217,7 +217,13 @@ void RunMod(void) {
|
|||
state = 0;
|
||||
} else if (button_pressed == BUTTON_SINGLE_CLICK) {
|
||||
// Click - write ID to tag
|
||||
copy_em410x_to_t55xx(0, LF_CLOCK, (uint32_t)(em4100rwc_low[selected] >> 32), (uint32_t)(em4100rwc_low[selected] & 0xffffffff), true);
|
||||
copy_em410x_to_t55xx(0
|
||||
, LF_CLOCK
|
||||
, (uint32_t)(em4100rwc_low[selected] >> 32)
|
||||
, (uint32_t)(em4100rwc_low[selected] & 0xffffffff)
|
||||
, false
|
||||
, true
|
||||
);
|
||||
led_slot(selected);
|
||||
state = 0; // Switch to select mode
|
||||
}
|
||||
|
|
|
@ -958,13 +958,14 @@ static void PacketReceived(PacketCommandNG *packet) {
|
|||
struct p {
|
||||
bool Q5;
|
||||
bool EM;
|
||||
bool add_electra;
|
||||
uint8_t clock;
|
||||
uint32_t high;
|
||||
uint32_t low;
|
||||
} PACKED;
|
||||
struct p *payload = (struct p *)packet->data.asBytes;
|
||||
uint8_t card = payload->Q5 ? 0 : (payload->EM ? 2 : 1);
|
||||
int res = copy_em410x_to_t55xx(card, payload->clock, payload->high, payload->low, true);
|
||||
int res = copy_em410x_to_t55xx(card, payload->clock, payload->high, payload->low, payload->add_electra, true);
|
||||
reply_ng(CMD_LF_EM410X_CLONE, res, NULL, 0);
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -2344,7 +2344,7 @@ void CopyVikingtoT55xx(const uint8_t *blocks, bool q5, bool em, bool ledcontrol)
|
|||
reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0);
|
||||
}
|
||||
|
||||
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool ledcontrol) {
|
||||
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool add_electra, bool ledcontrol) {
|
||||
|
||||
// Define 9bit header for EM410x tags
|
||||
#define EM410X_HEADER 0x1FF
|
||||
|
@ -2422,24 +2422,43 @@ int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t i
|
|||
clock = (clock == 0) ? 64 : clock;
|
||||
Dbprintf("Clock rate: %d", clock);
|
||||
|
||||
uint32_t electra[] = { 0x7E1EAAAA, 0xAAAAAAAA };
|
||||
uint8_t blocks = 2;
|
||||
if (add_electra) {
|
||||
blocks = 4;
|
||||
}
|
||||
|
||||
if (card == 1) { // T55x7
|
||||
data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT);
|
||||
data[0] = clockbits | T55x7_MODULATION_MANCHESTER | (blocks << T55x7_MAXBLOCK_SHIFT);
|
||||
} else if (card == 2) { // EM4x05
|
||||
data[0] = (EM4x05_SET_BITRATE(clock) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(2));
|
||||
data[0] = (EM4x05_SET_BITRATE(clock) | EM4x05_MODULATION_MANCHESTER | EM4x05_SET_NUM_BLOCKS(blocks));
|
||||
} else { // T5555 (Q5)
|
||||
data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (2 << T5555_MAXBLOCK_SHIFT);
|
||||
data[0] = T5555_SET_BITRATE(clock) | T5555_MODULATION_MANCHESTER | (blocks << T5555_MAXBLOCK_SHIFT);
|
||||
}
|
||||
if (card == 2) {
|
||||
WriteEM4x05(data, 4, 3, ledcontrol);
|
||||
if (add_electra) {
|
||||
WriteEM4x05(electra, 7, 2, ledcontrol);
|
||||
}
|
||||
} else {
|
||||
WriteT55xx(data, 0, 3, ledcontrol);
|
||||
if (add_electra) {
|
||||
WriteT55xx(electra, 3, 2, ledcontrol);
|
||||
}
|
||||
}
|
||||
|
||||
if (ledcontrol) LEDsoff();
|
||||
Dbprintf("Tag %s written with 0x%08x%08x\n",
|
||||
card == 0 ? "T5555" : (card == 1 ? "T55x7" : "EM4x05"),
|
||||
(uint32_t)(id >> 32),
|
||||
(uint32_t)id);
|
||||
|
||||
Dbprintf("Tag %s written with 0x%08x%08x",
|
||||
card == 0 ? "T5555" : (card == 1 ? "T55x7" : "EM4x05"),
|
||||
(uint32_t)(id >> 32),
|
||||
(uint32_t)id
|
||||
);
|
||||
|
||||
if (add_electra) {
|
||||
Dbprintf("Electra 0x%08x%08x\n", electra[0], electra[1]);
|
||||
}
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ int lf_io_watch(int findone, uint32_t *high, uint32_t *low, bool ledcontrol);
|
|||
void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool q5, bool em, bool ledcontrol); // Clone an HID card to T5557/T5567
|
||||
void CopyVikingtoT55xx(const uint8_t *blocks, bool q5, bool em, bool ledcontrol);
|
||||
|
||||
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool ledcontrol);
|
||||
int copy_em410x_to_t55xx(uint8_t card, uint8_t clock, uint32_t id_hi, uint32_t id_lo, bool add_electra, bool ledcontrol);
|
||||
|
||||
void T55xxResetRead(uint8_t flags, bool ledcontrol);
|
||||
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags, bool ledcontrol);
|
||||
|
|
|
@ -104,7 +104,7 @@ static void em410x_construct_emul_graph(uint8_t *uid, uint8_t clock, uint8_t gap
|
|||
AppendGraph(true, clock, 0);
|
||||
}
|
||||
|
||||
//print 64 bit EM410x ID in multiple formats
|
||||
// print 64 bit EM410x ID in multiple formats
|
||||
void printEM410x(uint32_t hi, uint64_t id, bool verbose, int type) {
|
||||
|
||||
if (!id && !hi) return;
|
||||
|
@ -279,7 +279,7 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) {
|
|||
size_t idx = 0;
|
||||
uint8_t bits[512] = {0};
|
||||
size_t size = sizeof(bits);
|
||||
if (!getDemodBuff(bits, &size)) {
|
||||
if (getDemodBuff(bits, &size) == false) {
|
||||
PrintAndLogEx(DEBUG, "DEBUG: Error - Em410x problem during copy from ASK demod");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
@ -330,7 +330,7 @@ static int CmdEM410xWatch(const char *Cmd) {
|
|||
return lfsim_wait_check(CMD_LF_EM410X_WATCH);
|
||||
}
|
||||
|
||||
//by marshmellow
|
||||
// by marshmellow
|
||||
//takes 3 arguments - clock, invert and maxErr as integers
|
||||
//attempts to demodulate ask while decoding manchester
|
||||
//prints binary found and saves in graphbuffer for further commands
|
||||
|
@ -671,6 +671,7 @@ static int CmdEM410xClone(const char *Cmd) {
|
|||
arg_str1(NULL, "id", "<hex>", "EM Tag ID number (5 hex bytes)"),
|
||||
arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"),
|
||||
arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"),
|
||||
arg_lit0(NULL, "electra", "optional - add Electra blocks to tag"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||
|
@ -682,6 +683,7 @@ static int CmdEM410xClone(const char *Cmd) {
|
|||
CLIGetHexWithReturn(ctx, 2, uid, &uid_len);
|
||||
bool q5 = arg_get_lit(ctx, 3);
|
||||
bool em = arg_get_lit(ctx, 4);
|
||||
bool add_electra = arg_get_lit(ctx, 5);
|
||||
CLIParserFree(ctx);
|
||||
|
||||
uint64_t id = bytes_to_num(uid, uid_len);
|
||||
|
@ -702,6 +704,7 @@ static int CmdEM410xClone(const char *Cmd) {
|
|||
struct {
|
||||
bool Q5;
|
||||
bool EM;
|
||||
bool add_electra;
|
||||
uint8_t clock;
|
||||
uint32_t high;
|
||||
uint32_t low;
|
||||
|
@ -709,6 +712,7 @@ static int CmdEM410xClone(const char *Cmd) {
|
|||
|
||||
payload.Q5 = q5;
|
||||
payload.EM = em;
|
||||
payload.add_electra = add_electra;
|
||||
payload.clock = clk;
|
||||
payload.high = (uint32_t)(id >> 32);
|
||||
payload.low = (uint32_t)id;
|
||||
|
|
Loading…
Reference in a new issue