From a1852eaa4b118e037134ba382c9b524e51586fec Mon Sep 17 00:00:00 2001 From: Ludovic Rousseau Date: Sat, 14 Sep 2019 17:44:58 +0200 Subject: [PATCH 01/21] Fix typos Thanks to Debian lintian for the reports: I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 formated formatted I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 succesfully successfully I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 Skiped Skipped I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 standart standard I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 supress suppress I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 successfull successful I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 Succeded Succeeded I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 Overriden Overridden I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 aquire acquire I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 occured occurred I: proxmark3: spelling-error-in-binary usr/bin/proxmark3 delimeter delimiter --- armsrc/Standalone/hf_young.c | 2 +- armsrc/epa.c | 6 +++--- armsrc/hitag2.c | 4 ++-- armsrc/hitagS.c | 6 +++--- armsrc/mifarecmd.c | 8 ++++---- armsrc/spiffs.c | 4 ++-- client/cmdanalyse.c | 2 +- client/cmdhfepa.c | 2 +- client/cmdhfmf.c | 8 ++++---- client/cmdlft55xx.c | 4 ++-- client/emv/apduinfo.c | 4 ++-- client/emv/cmdemv.c | 4 ++-- client/emv/emvcore.c | 2 +- client/emv/emvcore.h | 2 +- client/fido/cbortools.c | 16 ++++++++-------- client/fido/cbortools.h | 4 ++-- client/lualibs/commands.lua | 4 ++-- client/lualibs/hf_reader.lua | 4 ++-- client/lualibs/read14a.lua | 8 ++++---- client/lualibs/read14b.lua | 8 ++++---- client/lualibs/read15.lua | 8 ++++---- client/lualibs/utils.lua | 2 +- client/luascripts/mifare_autopwn.lua | 4 ++-- client/luascripts/ndef_dump.lua | 4 ++-- client/scripting.c | 6 +++--- common/mbedtls/error.c | 2 +- common/mbedtls/x509.h | 6 +++--- include/at91sam7s512.h | 4 ++-- tools/deprecated-hid-flasher/flasher/proxusb.c | 6 +++--- tools/deprecated-hid-flasher/flasher/proxusb.h | 2 +- 30 files changed, 73 insertions(+), 73 deletions(-) diff --git a/armsrc/Standalone/hf_young.c b/armsrc/Standalone/hf_young.c index d5c211e79..f137e9992 100644 --- a/armsrc/Standalone/hf_young.c +++ b/armsrc/Standalone/hf_young.c @@ -195,7 +195,7 @@ void RunMod() { MifareCGetBlock(params, 0, testBlock0); if (memcmp(testBlock0, newBlock0, 16) == 0) { - DbpString("Cloned successfull!"); + DbpString("Cloned successful!"); cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it playing = 0; iGotoRecord = 1; diff --git a/armsrc/epa.c b/armsrc/epa.c index c43b35c98..f535b89a3 100644 --- a/armsrc/epa.c +++ b/armsrc/epa.c @@ -139,8 +139,8 @@ void EPA_Finish() { //----------------------------------------------------------------------------- // Parses DER encoded data, e.g. from EF.CardAccess and fills out the given // structs. If a pointer is 0, it is ignored. -// The function returns 0 on success and if an error occured, it returns the -// offset where it occured. +// The function returns 0 on success and if an error occurred, it returns the +// offset where it occurred. // // TODO: This function can access memory outside of the given data if the DER // encoding is broken @@ -274,7 +274,7 @@ void EPA_PACE_Collect_Nonce(PacketCommandNG *c) { * ack layout: * arg: * 1. element - * step where the error occured or 0 if no error occured + * step where the error occurred or 0 if no error occurred * 2. element * return code of the last executed function * d: diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index c1fc7d8d4..ab3f7cb36 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -1277,7 +1277,7 @@ void ReaderHitag(hitag_function htf, hitag_data *htd) { // Wait for HITAG_T_WAIT_2 carrier periods after the last tag bit before transmitting, // Since the clock counts since the last falling edge, a 'one' means that the - // falling edge occured halfway the period. with respect to this falling edge, + // falling edge occurred halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units while (AT91C_BASE_TC0->TC_CV < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))); @@ -1533,7 +1533,7 @@ void WriterHitag(hitag_function htf, hitag_data *htd, int page) { // Wait for HITAG_T_WAIT_2 carrier periods after the last tag bit before transmitting, // Since the clock counts since the last falling edge, a 'one' means that the - // falling edge occured halfway the period. with respect to this falling edge, + // falling edge occurred halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units while (AT91C_BASE_TC0->TC_CV < T0 * (t_wait + (HITAG_T_TAG_HALF_PERIOD * lastbit))) {}; diff --git a/armsrc/hitagS.c b/armsrc/hitagS.c index 98c3844e2..a9481f3b6 100644 --- a/armsrc/hitagS.c +++ b/armsrc/hitagS.c @@ -1354,7 +1354,7 @@ void ReadHitagS(hitag_function htf, hitag_data *htd) { // Wait for HITAG_T_WAIT_2 carrier periods after the last tag bit before transmitting, // Since the clock counts since the last falling edge, a 'one' means that the - // falling edge occured halfway the period. with respect to this falling edge, + // falling edge occurred halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units @@ -1643,7 +1643,7 @@ void WritePageHitagS(hitag_function htf, hitag_data *htd, int page) { // Wait for HITAG_T_WAIT_2 carrier periods after the last tag bit before transmitting, // Since the clock counts since the last falling edge, a 'one' means that the - // falling edge occured halfway the period. with respect to this falling edge, + // falling edge occurred halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units @@ -1952,7 +1952,7 @@ void check_challenges(bool file_given, uint8_t *data) { // Wait for HITAG_T_WAIT_2 carrier periods after the last tag bit before transmitting, // Since the clock counts since the last falling edge, a 'one' means that the - // falling edge occured halfway the period. with respect to this falling edge, + // falling edge occurred halfway the period. with respect to this falling edge, // we need to wait (T_Wait2 + half_tag_period) when the last was a 'one'. // All timer values are in terms of T0 units diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 1ca809a8a..4fccdab8b 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -913,7 +913,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) LED_B_ON(); WDT_HIT(); - uint16_t unsuccessfull_tries = 0; + uint16_t unsuccessful_tries = 0; uint16_t davg = 0; dmax = 0; dmin = 2000; @@ -970,8 +970,8 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) } if (DBGLEVEL >= 3) Dbprintf("Nested: calibrating... ntdist=%d", i); } else { - unsuccessfull_tries++; - if (unsuccessfull_tries > NESTED_MAX_TRIES) { // card isn't vulnerable to nested attack (random numbers are not predictable) + unsuccessful_tries++; + if (unsuccessful_tries > NESTED_MAX_TRIES) { // card isn't vulnerable to nested attack (random numbers are not predictable) isOK = -3; } } @@ -1118,7 +1118,7 @@ uint8_t chkKey(struct chk_t *c) { CHK_TIMEOUT(); - // if successfull auth, send HALT + // if successful auth, send HALT // if ( !res ) // mifare_classic_halt_ex(c->pcs); break; diff --git a/armsrc/spiffs.c b/armsrc/spiffs.c index 0296b7620..629dff422 100644 --- a/armsrc/spiffs.c +++ b/armsrc/spiffs.c @@ -302,7 +302,7 @@ int rdv40_spiffs_lazy_mount() { if (!rdv40_spiffs_mounted()) { changed = rdv40_spiffs_mount(); /* if changed = 0 = SPIFFS_OK then all went well then the change - * actually occured :)*/ + * actually occurred :)*/ changed = !changed; } return changed; @@ -371,7 +371,7 @@ just get back to this state. If not, just don't. [...] } */ -// Again : This will "toggle" spiffs mount status only if a "change" occured +// Again : This will "toggle" spiffs mount status only if a "change" occurred // (and should be fed by the result of a spiffs_lazy* function) If everything // went well, it will return SPIFFS_OK if everything went well, and a report // back the chain a SPI_ERRNO if not. diff --git a/client/cmdanalyse.c b/client/cmdanalyse.c index 2e88f6e5b..2e53af224 100644 --- a/client/cmdanalyse.c +++ b/client/cmdanalyse.c @@ -45,7 +45,7 @@ static int usage_analyse_checksum(void) { PrintAndLogEx(NORMAL, "Usage: analyse chksum [h] [v] b m "); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h This help"); - PrintAndLogEx(NORMAL, " v supress header"); + PrintAndLogEx(NORMAL, " v suppress header"); PrintAndLogEx(NORMAL, " b bytes to calc missing XOR in a LCR"); PrintAndLogEx(NORMAL, " m bit mask to limit the outpuyt"); PrintAndLogEx(NORMAL, ""); diff --git a/client/cmdhfepa.c b/client/cmdhfepa.c index b6329bef9..2a7ff5928 100644 --- a/client/cmdhfepa.c +++ b/client/cmdhfepa.c @@ -164,7 +164,7 @@ static int CmdHFEPAPACEReplay(const char *Cmd) { PrintAndLogEx(NORMAL, "GA Perform Key Agreement: %u us", resp.data.asDwords[3]); PrintAndLogEx(NORMAL, "GA Mutual Authenticate: %u us", resp.data.asDwords[4]); } else { - PrintAndLogEx(NORMAL, "PACE replay successfull!"); + PrintAndLogEx(NORMAL, "PACE replay successful!"); PrintAndLogEx(NORMAL, "MSE Set AT: %u us", resp.data.asDwords[0]); PrintAndLogEx(NORMAL, "GA Get Nonce: %u us", resp.data.asDwords[1]); PrintAndLogEx(NORMAL, "GA Map Nonce: %u us", resp.data.asDwords[2]); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index edd916330..744532a13 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1006,7 +1006,7 @@ static int CmdHF14AMfDump(const char *Cmd) { PrintAndLogEx(SUCCESS, "time: %" PRIu64 " seconds\n", (msclock() - t1) / 1000); - PrintAndLogEx(SUCCESS, "\nSucceded in dumping all blocks"); + PrintAndLogEx(SUCCESS, "\nSucceeded in dumping all blocks"); if (strlen(dataFilename) < 1) { fptr = GenerateFilename("hf-mf-", "-data"); @@ -1422,14 +1422,14 @@ jumptoend: } PrintAndLogEx(SUCCESS, "saving keys to binary file " _YELLOW_("%s"), fptr); - uint8_t standart[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; + uint8_t standard[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; uint8_t tempkey[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; for (int i = 0; i < SectorsCnt; i++) { if (e_sector[i].foundKey[0]) { num_to_bytes(e_sector[i].Key[0], 6, tempkey); fwrite(tempkey, 1, 6, fkeys); } else { - fwrite(&standart, 1, 6, fkeys); + fwrite(&standard, 1, 6, fkeys); } } for (int i = 0; i < SectorsCnt; i++) { @@ -1437,7 +1437,7 @@ jumptoend: num_to_bytes(e_sector[i].Key[1], 6, tempkey); fwrite(tempkey, 1, 6, fkeys); } else { - fwrite(&standart, 1, 6, fkeys); + fwrite(&standard, 1, 6, fkeys); } } fflush(fkeys); diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index f36e30e48..f6412652f 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -339,7 +339,7 @@ static bool t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t ov usepwd = false; } } else if (override == 1) { - PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk"); + PrintAndLogEx(NORMAL, "Safety Check Overridden - proceeding despite risk"); } } @@ -548,7 +548,7 @@ int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uin } } else if (override == 1) { // Show only if first for command i.e. override = 1 (override and display) override = 2 (override and dont display) - PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk"); + PrintAndLogEx(NORMAL, "Safety Check Overridden - proceeding despite risk"); } } diff --git a/client/emv/apduinfo.c b/client/emv/apduinfo.c index cf43615cb..7c3e87408 100644 --- a/client/emv/apduinfo.c +++ b/client/emv/apduinfo.c @@ -29,7 +29,7 @@ const APDUCode APDUCodeTable[] = { {"6281", APDUCODE_TYPE_WARNING, "Part of returned data may be corrupted"}, {"6282", APDUCODE_TYPE_WARNING, "End of file/record reached before reading Le bytes"}, {"6283", APDUCODE_TYPE_WARNING, "Selected file invalidated"}, - {"6284", APDUCODE_TYPE_WARNING, "Selected file is not valid. FCI not formated according to ISO"}, + {"6284", APDUCODE_TYPE_WARNING, "Selected file is not valid. FCI not formatted according to ISO"}, {"6285", APDUCODE_TYPE_WARNING, "No input data available from a sensor on the card. No Purse Engine enslaved for R3bc"}, {"62A2", APDUCODE_TYPE_WARNING, "Wrong R-MAC"}, {"62A4", APDUCODE_TYPE_WARNING, "Card locked (during reset( ))"}, @@ -143,7 +143,7 @@ const APDUCode APDUCodeTable[] = { {"6FXX", APDUCODE_TYPE_ERROR, "No precise diagnosis (procedure byte), (ISO 7816-3)"}, {"9---", APDUCODE_TYPE_NONE, ""}, {"9000", APDUCODE_TYPE_INFO, "Command successfully executed (OK)."}, - {"9004", APDUCODE_TYPE_WARNING, "PIN not succesfully verified, 3 or more PIN tries left"}, + {"9004", APDUCODE_TYPE_WARNING, "PIN not successfully verified, 3 or more PIN tries left"}, {"9008", APDUCODE_TYPE_NONE, "Key/file not found"}, {"9080", APDUCODE_TYPE_WARNING, "Unblock Try Counter has reached zero"}, {"9100", APDUCODE_TYPE_NONE, "OK"}, diff --git a/client/emv/cmdemv.c b/client/emv/cmdemv.c index 348840cb3..8656e4902 100644 --- a/client/emv/cmdemv.c +++ b/client/emv/cmdemv.c @@ -790,7 +790,7 @@ static int CmdEMVExec(const char *Cmd) { arg_rem("By default:", "Transaction type - MSD"), arg_lit0("vV", "qvsdc", "Transaction type - qVSDC or M/Chip."), arg_lit0("cC", "qvsdccda", "Transaction type - qVSDC or M/Chip plus CDA (SDAD generation)."), - arg_lit0("xX", "vsdc", "Transaction type - VSDC. For test only. Not a standart behavior."), + arg_lit0("xX", "vsdc", "Transaction type - VSDC. For test only. Not a standard behavior."), arg_lit0("gG", "acgpo", "VISA. generate AC from GPO."), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. Contactless interface set by default."), arg_param_end @@ -1380,7 +1380,7 @@ static int CmdEMVScan(const char *Cmd) { arg_rem("By default:", "Transaction type - MSD"), arg_lit0("vV", "qvsdc", "Transaction type - qVSDC or M/Chip."), arg_lit0("cC", "qvsdccda", "Transaction type - qVSDC or M/Chip plus CDA (SDAD generation)."), - arg_lit0("xX", "vsdc", "Transaction type - VSDC. For test only. Not a standart behavior."), + arg_lit0("xX", "vsdc", "Transaction type - VSDC. For test only. Not a standard behavior."), arg_lit0("gG", "acgpo", "VISA. generate AC from GPO."), arg_lit0("mM", "merge", "Merge output file with card's data. (warning: the file may be corrupted!)"), arg_lit0("wW", "wired", "Send data via contact (iso7816) interface. Contactless interface set by default."), diff --git a/client/emv/emvcore.c b/client/emv/emvcore.c index 09dc7883e..d2053495e 100644 --- a/client/emv/emvcore.c +++ b/client/emv/emvcore.c @@ -394,7 +394,7 @@ static int EMVSelectWithRetry(EMVCommandChannel channel, bool ActivateField, boo } retrycnt = 0; - PrintAndLogEx(NORMAL, "Retry failed [%s]. Skiped...", sprint_hex_inrow(AID, AIDLen)); + PrintAndLogEx(NORMAL, "Retry failed [%s]. Skipped...", sprint_hex_inrow(AID, AIDLen)); return res; } } diff --git a/client/emv/emvcore.h b/client/emv/emvcore.h index a520a2d5f..d5dccd037 100644 --- a/client/emv/emvcore.h +++ b/client/emv/emvcore.h @@ -29,7 +29,7 @@ typedef enum { enum TransactionType { TT_MSD, - TT_VSDC, // contact only. not standart for contactless + TT_VSDC, // contact only. not standard for contactless TT_QVSDCMCHIP, TT_CDA, }; diff --git a/client/fido/cbortools.c b/client/fido/cbortools.c index 72cccf429..b0d309db7 100644 --- a/client/fido/cbortools.c +++ b/client/fido/cbortools.c @@ -357,7 +357,7 @@ CborError CborGetArrayBinStringValue(CborValue *elm, uint8_t *data, size_t maxda return CborGetArrayBinStringValueEx(elm, data, maxdatalen, datalen, NULL, 0); } -CborError CborGetArrayBinStringValueEx(CborValue *elm, uint8_t *data, size_t maxdatalen, size_t *datalen, uint8_t *delimeter, size_t delimeterlen) { +CborError CborGetArrayBinStringValueEx(CborValue *elm, uint8_t *data, size_t maxdatalen, size_t *datalen, uint8_t *delimiter, size_t delimiterlen) { CborValue array; if (datalen) *datalen = 0; @@ -373,9 +373,9 @@ CborError CborGetArrayBinStringValueEx(CborValue *elm, uint8_t *data, size_t max cbor_check(res); totallen += slen; - if (delimeter) { - memcpy(&data[totallen], delimeter, delimeterlen); - totallen += delimeterlen; + if (delimiter) { + memcpy(&data[totallen], delimiter, delimiterlen); + totallen += delimiterlen; } slen = maxdatalen - totallen; } @@ -404,7 +404,7 @@ CborError CborGetBinStringValue(CborValue *elm, uint8_t *data, size_t maxdatalen return CborNoError; }; -CborError CborGetArrayStringValue(CborValue *elm, char *data, size_t maxdatalen, size_t *datalen, char *delimeter) { +CborError CborGetArrayStringValue(CborValue *elm, char *data, size_t maxdatalen, size_t *datalen, char *delimiter) { CborValue array; if (datalen) *datalen = 0; @@ -420,9 +420,9 @@ CborError CborGetArrayStringValue(CborValue *elm, char *data, size_t maxdatalen, cbor_check(res); totallen += slen; - if (delimeter) { - strcat(data, delimeter); - totallen += strlen(delimeter); + if (delimiter) { + strcat(data, delimiter); + totallen += strlen(delimiter); } slen = maxdatalen - totallen; data[totallen] = 0x00; diff --git a/client/fido/cbortools.h b/client/fido/cbortools.h index 96c39ca3b..86f8387cd 100644 --- a/client/fido/cbortools.h +++ b/client/fido/cbortools.h @@ -25,9 +25,9 @@ int JsonToCbor(json_t *elm, CborEncoder *encoder); int CborMapGetKeyById(CborParser *parser, CborValue *map, uint8_t *data, size_t dataLen, int key); CborError CborGetArrayBinStringValue(CborValue *elm, uint8_t *data, size_t maxdatalen, size_t *datalen); -CborError CborGetArrayBinStringValueEx(CborValue *elm, uint8_t *data, size_t maxdatalen, size_t *datalen, uint8_t *delimeter, size_t delimeterlen); +CborError CborGetArrayBinStringValueEx(CborValue *elm, uint8_t *data, size_t maxdatalen, size_t *datalen, uint8_t *delimiter, size_t delimiterlen); CborError CborGetBinStringValue(CborValue *elm, uint8_t *data, size_t maxdatalen, size_t *datalen); -CborError CborGetArrayStringValue(CborValue *elm, char *data, size_t maxdatalen, size_t *datalen, char *delimeter); +CborError CborGetArrayStringValue(CborValue *elm, char *data, size_t maxdatalen, size_t *datalen, char *delimiter); CborError CborGetStringValue(CborValue *elm, char *data, size_t maxdatalen, size_t *datalen); CborError CborGetStringValueBuf(CborValue *elm); diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index d9d358736..11227b8ac 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -122,8 +122,8 @@ end -- @param ignoreresponse - if set to true, we don't read the device answer packet -- which is usually recipe for fail. If not sent, the host will wait 2s for a -- response of type CMD_ACK --- @return packet,nil if successfull --- nil, errormessage if unsuccessfull +-- @return packet,nil if successful +-- nil, errormessage if unsuccessful function Command:sendMIX( ignore_response, timeout ) local data = self.data local cmd = self.cmd diff --git a/client/lualibs/hf_reader.lua b/client/lualibs/hf_reader.lua index ba7e3a17c..f49d587f2 100644 --- a/client/lualibs/hf_reader.lua +++ b/client/lualibs/hf_reader.lua @@ -12,8 +12,8 @@ local reader15693 = require('read15') -- This method library can be set waits or a 13.56 MHz tag, and when one is found, returns info about -- what tag it is. -- --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function waitForTag() print("Waiting for card... press Enter to quit") local readers = {reader14443A, reader14443B, reader15693} diff --git a/client/lualibs/read14a.lua b/client/lualibs/read14a.lua index 3f0d71dde..59de3c11f 100644 --- a/client/lualibs/read14a.lua +++ b/client/lualibs/read14a.lua @@ -80,8 +80,8 @@ end -- This function does a connect and retrieves som einfo -- @param dont_disconnect - if true, does not disable the field --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function read14443a(dont_disconnect, no_rats) local command, result, info, err, data @@ -118,8 +118,8 @@ end --- -- Waits for a mifare card to be placed within the vicinity of the reader. --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function waitFor14443a() print('Waiting for card... press Enter to quit') while not core.kbd_enter_pressed() do diff --git a/client/lualibs/read14b.lua b/client/lualibs/read14b.lua index aace09827..b1688552f 100644 --- a/client/lualibs/read14b.lua +++ b/client/lualibs/read14b.lua @@ -55,8 +55,8 @@ local function parse14443b(data) end -- This function does a connect and retrieves some info --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function read14443b(disconnect) local command, result, info, err, data @@ -96,8 +96,8 @@ end --- -- Waits for a mifare card to be placed within the vicinity of the reader. --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function waitFor14443b() print('Waiting for card... press Enter to quit') while not core.kbd_enter_pressed() do diff --git a/client/lualibs/read15.lua b/client/lualibs/read15.lua index 112c12d94..5d7400e2d 100644 --- a/client/lualibs/read15.lua +++ b/client/lualibs/read15.lua @@ -64,8 +64,8 @@ end -- This function does a connect and retrieves som info -- @param dont_disconnect - if true, does not disable the field --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function read15693(slow, dont_readresponse) --[[ @@ -130,8 +130,8 @@ end --- -- Waits for a ISO15693 card to be placed within the vicinity of the reader. --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function waitFor15693() print('Waiting for card... press Enter to quit') while not core.kbd_enter_pressed() do diff --git a/client/lualibs/utils.lua b/client/lualibs/utils.lua index ed9874e40..c265a5d8c 100644 --- a/client/lualibs/utils.lua +++ b/client/lualibs/utils.lua @@ -59,7 +59,7 @@ local Utils = -- @param blockData. Assumed to be on the format {'\0\1\2\3,'\b\e\e\f' ..., -- that is, blockData[row] contains a string with the actual data, not ascii hex representation -- return filename if all went well, - -- @reurn nil, error message if unsuccessfulls + -- @reurn nil, error message if unsuccessful WriteDumpFile = function(uid, blockData) local destination = string.format("%s.eml", uid) local file = io.open(destination, "w") diff --git a/client/luascripts/mifare_autopwn.lua b/client/luascripts/mifare_autopwn.lua index 7a04cd641..2c9146e2b 100644 --- a/client/luascripts/mifare_autopwn.lua +++ b/client/luascripts/mifare_autopwn.lua @@ -67,8 +67,8 @@ local function help() end --- -- Waits for a mifare card to be placed within the vicinity of the reader. --- @return if successfull: an table containing card info --- @return if unsuccessfull : nil, error +-- @return if successful: an table containing card info +-- @return if unsuccessful : nil, error local function wait_for_mifare() while not core.kbd_enter_pressed() do res, err = lib14a.read() diff --git a/client/luascripts/ndef_dump.lua b/client/luascripts/ndef_dump.lua index cb4be467b..a4cbdf655 100644 --- a/client/luascripts/ndef_dump.lua +++ b/client/luascripts/ndef_dump.lua @@ -90,8 +90,8 @@ local function getblockdata(response) return nil, "Couldn't read block" end ---_ Gets data from a block --- @return {block, block+1, block+2, block+3} if successfull --- @return nil, errormessage if unsuccessfull +-- @return {block, block+1, block+2, block+3} if successful +-- @return nil, errormessage if unsuccessful local function getBlock(blockno) local block, err local c = Command:newMIX{cmd = cmds.CMD_HF_MIFAREU_READBL, arg1 = blockno, data = 0} diff --git a/client/scripting.c b/client/scripting.c index 8d09013e2..586ab0940 100644 --- a/client/scripting.c +++ b/client/scripting.c @@ -939,12 +939,12 @@ static int l_T55xx_readblock(lua_State *L) { usepage1 = false; } } else { - PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk"); + PrintAndLogEx(NORMAL, "Safety Check Overridden - proceeding despite risk"); } } if (!AquireData(usepage1, block, usepwd, password, 0)) { - return returnToLuaWithError(L, "Failed to aquire data from card"); + return returnToLuaWithError(L, "Failed to acquire data from card"); } if (!DecodeT55xxBlock()) { @@ -1002,7 +1002,7 @@ static int l_T55xx_detect(lua_State *L) { isok = AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, 0); if (isok == false) { - return returnToLuaWithError(L, "Failed to aquire LF signal data"); + return returnToLuaWithError(L, "Failed to acquire LF signal data"); } } diff --git a/common/mbedtls/error.c b/common/mbedtls/error.c index 8b8a27bb6..b85ceb041 100644 --- a/common/mbedtls/error.c +++ b/common/mbedtls/error.c @@ -558,7 +558,7 @@ void mbedtls_strerror(int ret, char *buf, size_t buflen) { if (use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL)) mbedtls_snprintf(buf, buflen, "X509 - Destination buffer is too small"); if (use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR)) - mbedtls_snprintf(buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed"); + mbedtls_snprintf(buf, buflen, "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed"); #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ // END generated code diff --git a/common/mbedtls/x509.h b/common/mbedtls/x509.h index 01ec3df70..676cf824a 100644 --- a/common/mbedtls/x509.h +++ b/common/mbedtls/x509.h @@ -79,7 +79,7 @@ #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */ +#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ /* \} name */ /** @@ -251,7 +251,7 @@ int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *ser * * \param to mbedtls_x509_time to check * - * \return 1 if the given time is in the past or an error occured, + * \return 1 if the given time is in the past or an error occurred, * 0 otherwise. */ int mbedtls_x509_time_is_past(const mbedtls_x509_time *to); @@ -265,7 +265,7 @@ int mbedtls_x509_time_is_past(const mbedtls_x509_time *to); * * \param from mbedtls_x509_time to check * - * \return 1 if the given time is in the future or an error occured, + * \return 1 if the given time is in the future or an error occurred, * 0 otherwise. */ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); diff --git a/include/at91sam7s512.h b/include/at91sam7s512.h index bca65bdf3..b43f0dbb1 100644 --- a/include/at91sam7s512.h +++ b/include/at91sam7s512.h @@ -598,10 +598,10 @@ typedef struct _AT91S_RSTC { #define AT91C_RSTC_RSTTYP (0x7 << 8) // (RSTC) Reset Type #define AT91C_RSTC_RSTTYP_POWERUP (0x0 << 8) // (RSTC) Power-up Reset. VDDCORE rising. #define AT91C_RSTC_RSTTYP_WAKEUP (0x1 << 8) // (RSTC) WakeUp Reset. VDDCORE rising. -#define AT91C_RSTC_RSTTYP_WATCHDOG (0x2 << 8) // (RSTC) Watchdog Reset. Watchdog overflow occured. +#define AT91C_RSTC_RSTTYP_WATCHDOG (0x2 << 8) // (RSTC) Watchdog Reset. Watchdog overflow occurred. #define AT91C_RSTC_RSTTYP_SOFTWARE (0x3 << 8) // (RSTC) Software Reset. Processor reset required by the software. #define AT91C_RSTC_RSTTYP_USER (0x4 << 8) // (RSTC) User Reset. NRST pin detected low. -#define AT91C_RSTC_RSTTYP_BROWNOUT (0x5 << 8) // (RSTC) Brownout Reset occured. +#define AT91C_RSTC_RSTTYP_BROWNOUT (0x5 << 8) // (RSTC) Brownout Reset occurred. #define AT91C_RSTC_NRSTL (0x1 << 16) // (RSTC) NRST pin level #define AT91C_RSTC_SRCMP (0x1 << 17) // (RSTC) Software Reset Command in Progress. // -------- RSTC_RMR : (RSTC Offset: 0x8) Reset Mode Register -------- diff --git a/tools/deprecated-hid-flasher/flasher/proxusb.c b/tools/deprecated-hid-flasher/flasher/proxusb.c index 1edf7e094..884950297 100644 --- a/tools/deprecated-hid-flasher/flasher/proxusb.c +++ b/tools/deprecated-hid-flasher/flasher/proxusb.c @@ -19,7 +19,7 @@ usb_dev_handle *devh = NULL; static unsigned int claimed_iface = 0; unsigned char return_on_error = 0; -unsigned char error_occured = 0; +unsigned char error_occurred = 0; void SendCommandBL(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void *data, size_t len) { int ret; @@ -37,7 +37,7 @@ void SendCommandBL(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, vo ret = usb_bulk_write(devh, 0x01, (char *)&c, sizeof(PacketCommandOLD), 1000); if (ret < 0) { - error_occured = 1; + error_occurred = 1; if (return_on_error) return; @@ -63,7 +63,7 @@ bool ReceiveCommandPoll(PacketResponseOLD *c) { ret = usb_bulk_read(devh, 0x82, (char *)c, sizeof(PacketResponseOLD), 500); if (ret < 0) { if (ret != -ETIMEDOUT) { - error_occured = 1; + error_occurred = 1; if (return_on_error) return false; diff --git a/tools/deprecated-hid-flasher/flasher/proxusb.h b/tools/deprecated-hid-flasher/flasher/proxusb.h index 125347255..205d670a1 100644 --- a/tools/deprecated-hid-flasher/flasher/proxusb.h +++ b/tools/deprecated-hid-flasher/flasher/proxusb.h @@ -24,7 +24,7 @@ #include "usb_cmd.h" extern unsigned char return_on_error; -extern unsigned char error_occured; +extern unsigned char error_occurred; void SendCommandBL(uint64_t cmd, uint64_t arg0, uint64_t arg1, uint64_t arg2, void *data, size_t len); bool ReceiveCommandPoll(PacketResponseOLD *c); From f961c1c551e5740c545d8b5ce7e7670aeacf0214 Mon Sep 17 00:00:00 2001 From: Ludovic Rousseau Date: Sat, 14 Sep 2019 17:50:58 +0200 Subject: [PATCH 02/21] Fix typos Thanks to Debian lintian for the reports: I: proxmark3: spelling-error-in-binary usr/share/proxmark3/firmware/fullimage.elf dont don't I: proxmark3: spelling-error-in-binary usr/share/proxmark3/firmware/fullimage.elf succesful successful I: proxmark3: spelling-error-in-binary usr/share/proxmark3/firmware/fullimage.elf Uknown Unknown I: proxmark3: spelling-error-in-binary usr/share/proxmark3/firmware/fullimage.elf requestes requests I: proxmark3: spelling-error-in-binary usr/share/proxmark3/firmware/fullimage.elf unkown unknown I: proxmark3: spelling-error-in-binary usr/share/proxmark3/firmware/fullimage.elf ambigous ambiguous --- armsrc/hitag2.c | 16 ++++++++-------- armsrc/iso14443a.c | 4 ++-- armsrc/iso15693.c | 2 +- armsrc/mifarecmd.c | 2 +- client/cmdlfhitag.c | 2 +- client/cmdlft55xx.c | 2 +- client/emv/apduinfo.c | 10 +++++----- common/mbedtls/ecp.h | 2 +- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/armsrc/hitag2.c b/armsrc/hitag2.c index ab3f7cb36..67bc8c623 100644 --- a/armsrc/hitag2.c +++ b/armsrc/hitag2.c @@ -427,7 +427,7 @@ static bool hitag2_password(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t } if (blocknr > 7) { - DbpString("Read succesful!"); + DbpString("Read successful!"); bSuccessful = true; return false; } @@ -440,7 +440,7 @@ static bool hitag2_password(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t // Unexpected response default: { - Dbprintf("Uknown frame length: %d", rxlen); + Dbprintf("Unknown frame length: %d", rxlen); return false; } break; @@ -532,7 +532,7 @@ static bool hitag2_crypto(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t * blocknr++; } if (blocknr > 7) { - DbpString("Read succesful!"); + DbpString("Read successful!"); bSuccessful = true; return false; } else { @@ -546,7 +546,7 @@ static bool hitag2_crypto(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t * // Unexpected response default: { - Dbprintf("Uknown frame length: %d", rxlen); + Dbprintf("Unknown frame length: %d", rxlen); return false; } break; @@ -588,7 +588,7 @@ static bool hitag2_authenticate(uint8_t *rx, const size_t rxlen, uint8_t *tx, si memcpy(tx, NrAr, 8); bCrypto = true; } else { - DbpString("Authentication succesful!"); + DbpString("Authentication successful!"); return true; } } @@ -596,7 +596,7 @@ static bool hitag2_authenticate(uint8_t *rx, const size_t rxlen, uint8_t *tx, si // Unexpected response default: { - Dbprintf("Uknown frame length: %d", rxlen); + Dbprintf("Unknown frame length: %d", rxlen); return false; } break; @@ -655,7 +655,7 @@ static bool hitag2_test_auth_attempts(uint8_t *rx, const size_t rxlen, uint8_t * break; default: { - Dbprintf("Uknown frame length: %d", rxlen); + Dbprintf("Unknown frame length: %d", rxlen); return false; } break; @@ -696,7 +696,7 @@ static bool hitag2_read_uid(uint8_t *rx, const size_t rxlen, uint8_t *tx, size_t break; // Unexpected response default: { - Dbprintf("Uknown frame length: %d", rxlen); + Dbprintf("Unknown frame length: %d", rxlen); return false; } break; diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 794ead3c5..c49d93a1f 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1005,7 +1005,7 @@ static bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_res } break; default: { - if (DBGLEVEL >= DBG_ERROR) Dbprintf("Error: unkown tagtype (%d)", tagType); + if (DBGLEVEL >= DBG_ERROR) Dbprintf("Error: unknown tagtype (%d)", tagType); return false; } break; @@ -2999,7 +2999,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) { mf_nr_ar[3] &= 0x1F; - if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("Number of sent auth requestes: %u", i); + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("Number of sent auth requests: %u", i); uint8_t buf[32] = {0x00}; memset(buf, 0x00, sizeof(buf)); diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c index 84de71021..ecf0640a5 100644 --- a/armsrc/iso15693.c +++ b/armsrc/iso15693.c @@ -766,7 +766,7 @@ void DbdecodeIso15693Answer(int len, uint8_t *d) { strncat(status, "0F: no info", DBD15STATLEN - strlen(status)); break; case 0x10: - strncat(status, "10: dont exist", DBD15STATLEN - strlen(status)); + strncat(status, "10: don't exist", DBD15STATLEN - strlen(status)); break; case 0x11: strncat(status, "11: lock again", DBD15STATLEN - strlen(status)); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 4fccdab8b..089a320ad 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1038,7 +1038,7 @@ void MifareNested(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain) if (valid_nonce(nttest, nt2, ks1, par_array)) { if (ncount > 0) { // we are only interested in disambiguous nonces, try again - if (DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambigous), ntdist=%d", i + 1, j); + if (DBGLEVEL >= 3) Dbprintf("Nonce#%d: dismissed (ambiguous), ntdist=%d", i + 1, j); target_nt[i] = 0; break; } diff --git a/client/cmdlfhitag.c b/client/cmdlfhitag.c index 2bcd476ea..a54b96a68 100644 --- a/client/cmdlfhitag.c +++ b/client/cmdlfhitag.c @@ -245,7 +245,7 @@ static int CmdLFHitagList(const char *Cmd) { if (f) { fclose(f); - PrintAndLogEx(NORMAL, "Recorded activity succesfully written to file: %s", filename); + PrintAndLogEx(NORMAL, "Recorded activity successfully written to file: %s", filename); } free(got); diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index f6412652f..fbdd4c083 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -1397,7 +1397,7 @@ static int CmdT55xxWriteBlock(const char *Cmd) { //t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) { bool isOK = t55xxVerifyWrite(block, page1, usepwd, 1, password, downlink_mode, data); if (isOK) - PrintAndLogEx(SUCCESS, "Write OK, validation succesful"); + PrintAndLogEx(SUCCESS, "Write OK, validation successful"); else PrintAndLogEx(WARNING, "Write could not validate the written data"); } diff --git a/client/emv/apduinfo.c b/client/emv/apduinfo.c index 7c3e87408..35735fb47 100644 --- a/client/emv/apduinfo.c +++ b/client/emv/apduinfo.c @@ -191,7 +191,7 @@ const APDUCode APDUCodeTable[] = { {"9681", APDUCODE_TYPE_NONE, "Slave not found"}, {"9700", APDUCODE_TYPE_NONE, "PIN blocked and Unblock Try Counter is 1 or 2"}, {"9702", APDUCODE_TYPE_NONE, "Main keys are blocked"}, - {"9704", APDUCODE_TYPE_NONE, "PIN not succesfully verified, 3 or more PIN tries left"}, + {"9704", APDUCODE_TYPE_NONE, "PIN not successfully verified, 3 or more PIN tries left"}, {"9784", APDUCODE_TYPE_NONE, "Base key"}, {"9785", APDUCODE_TYPE_NONE, "Limit exceeded - C-MAC key"}, {"9786", APDUCODE_TYPE_NONE, "SM error - Limit exceeded - R-MAC key"}, @@ -205,13 +205,13 @@ const APDUCode APDUCodeTable[] = { {"9850", APDUCODE_TYPE_ERROR, "INCREASE or DECREASE could not be executed because a limit has been reached."}, {"9862", APDUCODE_TYPE_ERROR, "Authentication Error, application specific (incorrect MAC)"}, {"9900", APDUCODE_TYPE_NONE, "1 PIN try left"}, - {"9904", APDUCODE_TYPE_NONE, "PIN not succesfully verified, 1 PIN try left"}, + {"9904", APDUCODE_TYPE_NONE, "PIN not successfully verified, 1 PIN try left"}, {"9985", APDUCODE_TYPE_NONE, "Wrong status - Cardholder lock"}, {"9986", APDUCODE_TYPE_ERROR, "Missing privilege"}, {"9987", APDUCODE_TYPE_NONE, "PIN is not installed"}, {"9988", APDUCODE_TYPE_NONE, "Wrong status - R-MAC state"}, {"9A00", APDUCODE_TYPE_NONE, "2 PIN try left"}, - {"9A04", APDUCODE_TYPE_NONE, "PIN not succesfully verified, 2 PIN try left"}, + {"9A04", APDUCODE_TYPE_NONE, "PIN not successfully verified, 2 PIN try left"}, {"9A71", APDUCODE_TYPE_NONE, "Wrong parameter value - Double agent AID"}, {"9A72", APDUCODE_TYPE_NONE, "Wrong parameter value - Double agent Type"}, {"9D05", APDUCODE_TYPE_ERROR, "Incorrect certificate type"}, @@ -258,9 +258,9 @@ const APDUCode APDUCodeTable[] = { {"9D63", APDUCODE_TYPE_ERROR, "Crypto functions not available"}, {"9D64", APDUCODE_TYPE_ERROR, "No application loaded"}, {"9E00", APDUCODE_TYPE_NONE, "PIN not installed"}, - {"9E04", APDUCODE_TYPE_NONE, "PIN not succesfully verified, PIN not installed"}, + {"9E04", APDUCODE_TYPE_NONE, "PIN not successfully verified, PIN not installed"}, {"9F00", APDUCODE_TYPE_NONE, "PIN blocked and Unblock Try Counter is 3"}, - {"9F04", APDUCODE_TYPE_NONE, "PIN not succesfully verified, PIN blocked and Unblock Try Counter is 3"}, + {"9F04", APDUCODE_TYPE_NONE, "PIN not successfully verified, PIN blocked and Unblock Try Counter is 3"}, {"9FXX", APDUCODE_TYPE_NONE, "Command successfully executed; 'xx' bytes of data are available and can be requested using GET RESPONSE."}, {"9XXX", APDUCODE_TYPE_NONE, "Application related status, (ISO 7816-3)"} }; diff --git a/common/mbedtls/ecp.h b/common/mbedtls/ecp.h index 4c2592a9e..1c4bdd65c 100644 --- a/common/mbedtls/ecp.h +++ b/common/mbedtls/ecp.h @@ -528,7 +528,7 @@ int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_ * * \return \c 0 on success, * \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups. + * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unknown groups. */ int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id); From da197e1999bf1556412992e696d1f12ed7105ca4 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 14 Sep 2019 18:27:58 +0200 Subject: [PATCH 03/21] CHG: 'lf t55xx wipe c' - now accepts user provided configuration block to configure a wiped tag with. ADD: 'lf t55xx protect' - Sets password and enables password protection in configuration block. It tries to validate its writes aswell. Samples: lf t55xx protect n 11223344 - set pwd to 11223344 lf t55xx protect n 01020304 p 11223344 - change a password protected tag from 11223344 to 01020304 To remove the password protection, you need to remember the password :) lf t55xx wipe p 11223344 - wipes whole tag, removes password protection bits. --- client/cmdlft55xx.c | 472 +++++++++++++++++++++++++++++++------------- client/cmdlft55xx.h | 8 +- 2 files changed, 343 insertions(+), 137 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index f36e30e48..07a365035 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -87,7 +87,6 @@ static int usage_t55xx_config() { PrintAndLogEx(NORMAL, " ST [0/1] - Set/reset Sequence Terminator on"); PrintAndLogEx(NORMAL, ""); // layout is a little differnet, so seperate until a better fix print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE); - PrintAndLogEx(NORMAL, "fix this code...."); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf t55xx config d FSK - FSK demodulation"); @@ -97,7 +96,7 @@ static int usage_t55xx_config() { return PM3_SUCCESS; } static int usage_t55xx_read() { - PrintAndLogEx(NORMAL, "Usage: lf t55xx read [r ] b [p ] "); + PrintAndLogEx(NORMAL, "Usage: lf t55xx read [r ] b [p ] [o] "); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " b - block number to read. Between 0-7"); PrintAndLogEx(NORMAL, " p - OPTIONAL password (8 hex characters)"); @@ -271,33 +270,36 @@ static int usage_t55xx_recoverpw() { PrintAndLogEx(NORMAL, "press " _YELLOW_("'enter'") " to cancel the command"); PrintAndLogEx(NORMAL, "WARNING: this may brick non-password protected chips!"); PrintAndLogEx(NORMAL, "Try reading block 7 before\n"); - PrintAndLogEx(NORMAL, "Usage: lf t55xx recoverpw [r ] [p password]"); + PrintAndLogEx(NORMAL, "Usage: lf t55xx recoverpw [r ] [p ]"); PrintAndLogEx(NORMAL, " password must be 4 bytes (8 hex symbols)"); PrintAndLogEx(NORMAL, " default password is 51243648, used by many cloners"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - this help"); print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL); - PrintAndLogEx(NORMAL, " [password] - 4 byte hex value of password written by cloner"); + PrintAndLogEx(NORMAL, " p - 4 byte hex value of password written by cloner"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf t55xx recoverpw"); + PrintAndLogEx(NORMAL, " lf t55xx recoverpw p 51243648"); PrintAndLogEx(NORMAL, " lf t55xx recoverpw r 3 p 51243648"); + PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } static int usage_t55xx_wipe() { - PrintAndLogEx(NORMAL, "Usage: lf t55xx wipe [h] [Q5] [p ]"); + PrintAndLogEx(NORMAL, "Usage: lf t55xx wipe [h] [Q5] [p ] [c ]"); PrintAndLogEx(NORMAL, "This commands wipes a tag, fills blocks 1-7 with zeros and a default configuration block"); PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " h - this help"); - PrintAndLogEx(NORMAL, " q - indicates to use the T5555 (Q5) default configuration block"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, " c - set configuration from a block0"); + PrintAndLogEx(NORMAL, " q - indicates to use the T5555 (Q5) default configuration block"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf t55xx wipe - wipes a t55x7 tag, config block 0x000880E0"); PrintAndLogEx(NORMAL, " lf t55xx wipe q - wipes a t5555 Q5 tag, config block 0x6001F004"); return PM3_SUCCESS; } -static int usage_lf_deviceconfig() { +static int usage_t55xx_deviceconfig() { PrintAndLogEx(NORMAL, "Sets t55x7 timings for direct commands. The timings are set here in Field Clocks (FC), \nwhich is converted to (US) on device"); PrintAndLogEx(NORMAL, "Usage: lf t55xx deviceconfig [r ] a b c d e f g [p]"); PrintAndLogEx(NORMAL, "Options:"); @@ -310,7 +312,6 @@ static int usage_lf_deviceconfig() { PrintAndLogEx(NORMAL, " f <8..255> - Set write TWO gap (1 of 4 only)"); PrintAndLogEx(NORMAL, " g <8..255> - Set write THREE gap (1 of 4 only)"); PrintAndLogEx(NORMAL, " p - persist to flashmemory"); - // print_usage_t55xx_downloadlink(); // does not apply to config PrintAndLogEx(NORMAL, " z - Set default t55x7 timings (use p to save if required)"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); @@ -319,49 +320,184 @@ static int usage_lf_deviceconfig() { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } +static int usage_t55xx_protect() { + PrintAndLogEx(NORMAL, "This command set or unsets the pwd bit on T5577."); + PrintAndLogEx(NORMAL, "Usage: lf t55xx protect [r ] [p ] [o] [n ]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " p - OPTIONAL password (8 hex characters)"); + PrintAndLogEx(NORMAL, " o - OPTIONAL override safety check"); + PrintAndLogEx(NORMAL, " n - new password"); + print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " lf t55xx protect n 01020304 - sets new password to 01020304"); + PrintAndLogEx(NORMAL, " lf t55xx protect p 11223344 - use pwd 11223344 to set newpwd to 00000000"); + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; +} static int CmdHelp(const char *Cmd); -static bool t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) { - - //Password mode - if (usepwd) { - // try reading the config block and verify that PWD bit is set before doing this! - if (override == 0) { - if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0, downlink_mode) == false) - return false; +static bool t55xxProtect(bool lock, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t new_password ) { - if (tryDetectModulation(downlink_mode,T55XX_DontPrintConfig) == false) { - PrintAndLogEx(NORMAL, "Safety Check: Could not detect if PWD bit is set in config block. Exits."); - return false; - } else { - PrintAndLogEx(NORMAL, "Safety Check: PWD bit is NOT set in config block. Reading without password..."); - usepwd = false; - } - } else if (override == 1) { - PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk"); - } + PrintAndLogEx(INFO, "Checking current block0"); + + bool testmode = false; + uint32_t block0 = 0; + + int res = T55xxReadBlockEx(T55x7_CONFIGURATION_BLOCK, T55x7_PAGE0, usepwd, override, password, downlink_mode, false); + if (res != PM3_SUCCESS) { + PrintAndLogEx(WARNING, "fail to read current block0, use `p` password parameter ?"); + return false; } - - if (AquireData(page1, block, usepwd, password, downlink_mode) == false) + + if (GetT55xxBlockData(&block0) == false) return false; - if (block == 0 && page1 == false) { - if (tryDetectModulation(downlink_mode,T55XX_DontPrintConfig) == false) { - PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'"); - return false; - } + uint32_t old = block0; + bool isPwdBitAlreadySet = (block0 >> (32-28) & 1); + if (isPwdBitAlreadySet) { + PrintAndLogEx(INFO, "PWD bit is already set"); + usepwd = true; } - if (DecodeT55xxBlock() == false) - return false; + if (lock) { + // set pwd bit + block0 |= 1 << 4; + } else { + block0 &= ~(1 << 4); + } + + PrintAndLogEx(INFO, " old %08X vs %08X", old, block0); - // compare... - uint32_t readblock = 0; - if (GetT55xxBlockData(&readblock) == false) - return false; - - return (readblock == data); + // write new password + if ( t55xxWrite(T55x7_PWD_BLOCK, T55x7_PAGE0, usepwd, testmode, password, downlink_mode, new_password ) != PM3_SUCCESS ) { + PrintAndLogEx(ERR, "Failed writing new pwd"); + return false; + } else { + PrintAndLogEx(SUCCESS, "Wrote new password"); + } + + // password bit already set + // write b 7 new key old_pwd + // validate b 7 new_key old_pwd + // write b0 new_key + // validate b0 new_key + + // write b7 new key + // validate b7 (no key) + // write b0 (no key) + // validate b0 w new key + + + // validate new password + uint32_t curr_password = (isPwdBitAlreadySet) ? new_password : password; + + if (t55xxVerifyWrite(T55x7_PWD_BLOCK, T55x7_PAGE0, usepwd, override, curr_password, downlink_mode, new_password) == false) { + PrintAndLogEx(WARNING, "Could not validate the new password write. aborting."); + return false; + } else { + PrintAndLogEx(SUCCESS, "Validated new password"); + } + + // write config + if ( t55xxWrite(T55x7_CONFIGURATION_BLOCK, T55x7_PAGE0, usepwd, testmode, curr_password, downlink_mode, block0 ) != PM3_SUCCESS ) { + PrintAndLogEx(ERR, "Failed writing modified configuration block %08X", block0); + return false; + } else { + PrintAndLogEx(SUCCESS, "Wrote modified configuration block"); + } + + // validate new config. If all went well, card should now demand pwd, hence override = 0. + override = 0; + if (t55xxVerifyWrite(T55x7_CONFIGURATION_BLOCK, T55x7_PAGE0, true, override, new_password, downlink_mode, block0) == false) { + PrintAndLogEx(WARNING, "Could not validate pwd bit set on configuration block. aborting."); + return false; + } else { + PrintAndLogEx(SUCCESS, "New configuration block " _YELLOW_("%08X")"password " _YELLOW_("%08X"), block0, new_password); + PrintAndLogEx(SUCCESS, "Success, tag is locked"); + return true; + } +} + +bool t55xxVerifyWrite(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) { + + uint32_t read_data = 0; + + int res = T55xxReadBlockEx(block, page1, usepwd, override, password, downlink_mode, false); + if (res == PM3_SUCCESS) { + + if (GetT55xxBlockData(&read_data) == false) + return false; + + } else if ( res == PM3_EWRONGANSVER) { + + // could't decode. Lets see if this was a block 0 write and try read/detect it auto. + // this messes up with ppls config.. + if (block == 0 && page1 == false) { + + PrintAndLogEx(INFO, "Block0 write detected, running `detect` to see if validation is possible (pwd == %08X)", password); + + bool got_modulation = false; + for ( uint8_t m = 0; m < 4; m++) { + + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, password, m) == false) { + PrintAndLogEx(INPLACE, "."); + continue; + } + + if (tryDetectModulation(m, true) == false) { + PrintAndLogEx(INPLACE, "."); + continue; + } else { + got_modulation = true; + PrintAndLogEx(NORMAL, ""); + break; + } + } + + if (got_modulation == false) + return false; + + return t55xxVerifyWrite(block, page1, usepwd, 2, password, downlink_mode, data); + } + } + + return (read_data == data); +} + +int t55xxWrite(uint8_t block, bool page1, bool usepwd, bool testMode, uint32_t password, uint8_t downlink_mode, uint32_t data) { + + uint8_t flags; + flags = (usepwd) ? 0x1 : 0; + flags |= (page1) ? 0x2 : 0; + flags |= (testMode) ? 0x4 : 0; + flags |= (downlink_mode << 3); + + /* + OLD style + arg0 = data, (4 bytes) + arg1 = block (1 byte) + arg2 = password (4 bytes) + flags = data[0] (1 byte) + + new style + uses struct in pm3_cmd.h + */ + t55xx_write_block_t ng; + ng.data = data; + ng.pwd = password; + ng.blockno = block; + ng.flags = flags; + + PacketResponseNG resp; + clearCommandBuffer(); + SendCommandNG(CMD_LF_T55XX_WRITEBL, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_LF_T55XX_WRITEBL, &resp, 2000)) { + PrintAndLogEx(ERR, "Error occurred, device did not ACK write operation."); + return PM3_ETIMEOUT; + } + return resp.status; } void printT5xxHeader(uint8_t page) { @@ -481,7 +617,7 @@ static int CmdT55xxSetConfig(const char *Cmd) { } break; case 'r': - errors = param_getdec(Cmd, cmdp + 1,&downlink_mode); + errors = param_getdec(Cmd, cmdp + 1, &downlink_mode); if (downlink_mode > 3) downlink_mode = 0; if (!errors) @@ -530,35 +666,42 @@ static int CmdT55xxSetConfig(const char *Cmd) { return printConfiguration(config); } - int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode) { + return T55xxReadBlockEx(block, page1, usepwd, override, password, downlink_mode, true); +} + +int T55xxReadBlockEx(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, bool verbose) { //Password mode if (usepwd) { // try reading the config block and verify that PWD bit is set before doing this! + // override = 1 (override and display) + // override = 2 (override and no display) if (override == 0) { - if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0, downlink_mode)) return PM3_ESOFT; + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0, downlink_mode) == false) + return PM3_ERFTRANS; - if (!tryDetectModulation(downlink_mode,T55XX_DontPrintConfig)) { - PrintAndLogEx(NORMAL, "Safety Check: Could not detect if PWD bit is set in config block. Exits."); - return PM3_ESOFT; + if (tryDetectModulation(downlink_mode, false) == false) { + PrintAndLogEx(WARNING, "Safety Check: Could not detect if PWD bit is set in config block. Exits."); + return PM3_EWRONGANSVER; } else { - PrintAndLogEx(NORMAL, "Safety Check: PWD bit is NOT set in config block. Reading without password..."); + PrintAndLogEx(WARNING, "Safety Check: PWD bit is NOT set in config block. Reading without password..."); usepwd = false; page1 = false; // ?? } } else if (override == 1) { - // Show only if first for command i.e. override = 1 (override and display) override = 2 (override and dont display) - PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk"); + PrintAndLogEx(INFO, "Safety Check Overriden - proceeding despite risk"); } } - if (!AquireData(page1, block, usepwd, password, downlink_mode)) - return PM3_ESOFT; + if (AquireData(page1, block, usepwd, password, downlink_mode) == false) + return PM3_ERFTRANS; - if (!DecodeT55xxBlock()) - return PM3_ESOFT; + if (DecodeT55xxBlock() == false) + return PM3_EWRONGANSVER; + + if (verbose) + printT55xxBlock(block); - printT55xxBlock(block); return PM3_SUCCESS; } @@ -730,7 +873,6 @@ static int CmdT55xxDetect(const char *Cmd) { uint32_t password = 0; uint8_t cmdp = 0; uint8_t downlink_mode = 0; - uint8_t dl_mode = 0; while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { @@ -765,22 +907,28 @@ static int CmdT55xxDetect(const char *Cmd) { return PM3_ESOFT; if (useGB == false) { - for (dl_mode = downlink_mode; dl_mode < 4; dl_mode++) { - found = AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, dl_mode); - - if (tryDetectModulation(dl_mode,T55XX_PrintConfig)) { - dl_mode = 4; - found = true; + + //ICEMAN STRANGE + for (uint8_t m = downlink_mode; m < 4; m++) { + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, m) == false) { + continue; } - else found = false; + + if (tryDetectModulation(m, T55XX_PrintConfig)) { + m = 4; + found = true; + } else { + found = false; + } - if (!try_all_dl_modes) dl_mode = 4; + if (try_all_dl_modes == false) + m = 4; } } else { - found = tryDetectModulation(downlink_mode,T55XX_PrintConfig); + found = tryDetectModulation(downlink_mode, T55XX_PrintConfig); } - if (!found) + if (found == false) PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with " _YELLOW_("\'lf t55xx config\'")); return PM3_SUCCESS; @@ -959,7 +1107,10 @@ bool tryDetectModulation(uint8_t downlink_mode, bool print_config) { config.Q5 = tests[0].Q5; config.ST = tests[0].ST; config.downlink_mode = downlink_mode; - if (print_config) printConfiguration(config); + + if (print_config) + printConfiguration(config); + return true; } @@ -981,7 +1132,9 @@ bool tryDetectModulation(uint8_t downlink_mode, bool print_config) { } else { PrintAndLogEx(NORMAL, "--[%d]---------------", i + 1); } - if (print_config) printConfiguration(tests[i]); + + if (print_config) + printConfiguration(tests[i]); } } return retval; @@ -1234,14 +1387,14 @@ int special(const char *Cmd) { } int printConfiguration(t55xx_conf_block_t b) { - PrintAndLogEx(NORMAL, " Chip Type : %s", (b.Q5) ? "T5555(Q5)" : "T55x7"); - PrintAndLogEx(NORMAL, " Modulation : %s", GetSelectedModulationStr(b.modulation)); - PrintAndLogEx(NORMAL, " Bit Rate : %s", GetBitRateStr(b.bitrate, (b.block0 & T55x7_X_MODE && (b.block0 >> 28 == 6 || b.block0 >> 28 == 9)))); - PrintAndLogEx(NORMAL, " Inverted : %s", (b.inverted) ? _GREEN_("Yes") : "No"); - PrintAndLogEx(NORMAL, " Offset : %d", b.offset); - PrintAndLogEx(NORMAL, " Seq. Term. : %s", (b.ST) ? _GREEN_("Yes") : "No"); - PrintAndLogEx(NORMAL, " Block0 : 0x%08X", b.block0); - PrintAndLogEx(NORMAL, " DL Mode : %s",GetDownlinkModeStr (b.downlink_mode)); + PrintAndLogEx(NORMAL, " Chip Type : %s", (b.Q5) ? "T5555(Q5)" : "T55x7"); + PrintAndLogEx(NORMAL, " Modulation : %s", GetSelectedModulationStr(b.modulation)); + PrintAndLogEx(NORMAL, " Bit Rate : %s", GetBitRateStr(b.bitrate, (b.block0 & T55x7_X_MODE && (b.block0 >> 28 == 6 || b.block0 >> 28 == 9)))); + PrintAndLogEx(NORMAL, " Inverted : %s", (b.inverted) ? _GREEN_("Yes") : "No"); + PrintAndLogEx(NORMAL, " Offset : %d", b.offset); + PrintAndLogEx(NORMAL, " Seq. Term. : %s", (b.ST) ? _GREEN_("Yes") : "No"); + PrintAndLogEx(NORMAL, " Block0 : 0x%08X", b.block0); + PrintAndLogEx(NORMAL, " Downling Mode : %s", GetDownlinkModeStr (b.downlink_mode)); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -1265,6 +1418,7 @@ static int CmdT55xxWakeUp(const char *Cmd) { downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); if (downlink_mode > 3) downlink_mode = 0; + cmdp += 2; break; default: @@ -1358,43 +1512,17 @@ static int CmdT55xxWriteBlock(const char *Cmd) { } if (errors || !gotdata) return usage_t55xx_write(); - PacketResponseNG resp; - uint8_t flags; - flags = (usepwd) ? 0x1 : 0; - flags |= (page1) ? 0x2 : 0; - flags |= (testMode) ? 0x4 : 0; - flags |= (downlink_mode << 3); - char pwdStr[16] = {0}; snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password); PrintAndLogEx(INFO, "Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : ""); - /* - OLD style - arg0 = data, (4 bytes) - arg1 = block (1 byte) - arg2 = password (4 bytes) - flags = data[0] (1 byte) - - new style - uses struct in pm3_cmd.h - */ - t55xx_write_block_t ng; - ng.data = data; - ng.pwd = password; - ng.blockno = block; - ng.flags = flags; - - clearCommandBuffer(); - SendCommandNG(CMD_LF_T55XX_WRITEBL, (uint8_t *)&ng, sizeof(ng)); - if (!WaitForResponseTimeout(CMD_LF_T55XX_WRITEBL, &resp, 2000)) { - PrintAndLogEx(ERR, "Error occurred, device did not ACK write operation. (May be due to old firmware)"); - return PM3_ETIMEOUT; + if ( t55xxWrite(block, page1, usepwd, testMode, password, downlink_mode, data) != PM3_SUCCESS ) { + PrintAndLogEx(ERR, "Write failed"); + return PM3_ESOFT; } - + if (validate) { -//t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) { bool isOK = t55xxVerifyWrite(block, page1, usepwd, 1, password, downlink_mode, data); if (isOK) PrintAndLogEx(SUCCESS, "Write OK, validation succesful"); @@ -2047,16 +2175,16 @@ char *GetDownlinkModeStr (uint8_t downlink_mode) switch (downlink_mode) { case T55XX_DLMODE_FIXED : - snprintf (retStr,sizeof(buf),"default/fixed bit length"); + snprintf(retStr, sizeof(buf),"default/fixed bit length"); break; case T55XX_DLMODE_LLR : - snprintf (retStr,sizeof(buf),"long leading reference"); + snprintf(retStr, sizeof(buf),"long leading reference"); break; case T55XX_DLMODE_LEADING_ZERO : - snprintf (retStr,sizeof(buf),"leading zero reference"); + snprintf(retStr, sizeof(buf),"leading zero reference"); break; case T55XX_DLMODE_1OF4 : - snprintf (retStr,sizeof(buf),"1 of 4 coding reference"); + snprintf(retStr, sizeof(buf),"1 of 4 coding reference"); break; default: snprintf(retStr, sizeof(buf), _RED_("(Unknown)")); @@ -2211,8 +2339,6 @@ static int CmdResetRead(const char *Cmd) { if (errors) return usage_t55xx_resetread(); - // PrintAndLogEx(INFO, "DL : %d\n", downlink_mode); // no value outside of debug - flags = downlink_mode << 3; clearCommandBuffer(); @@ -2232,11 +2358,11 @@ static int CmdResetRead(const char *Cmd) { } static int CmdT55xxWipe(const char *Cmd) { + char writeData[36] = {0}; char *ptrData = writeData; - uint32_t password = 0; - bool usepwd = false; - bool Q5 = false; + uint32_t password = 0, block0 = 0; + bool usepwd = false, Q5 = false, gotconf = false; uint8_t cmdp = 0; bool errors = false; @@ -2250,6 +2376,11 @@ static int CmdT55xxWipe(const char *Cmd) { usepwd = true; cmdp += 2; break; + case 'c': + block0 = param_get32ex(Cmd, cmdp + 1, 0, 16); + gotconf = true; + cmdp += 2; + break; case 'q': Q5 = true; cmdp++; @@ -2263,22 +2394,31 @@ static int CmdT55xxWipe(const char *Cmd) { if (errors) return usage_t55xx_wipe(); - // Try with the default password to reset block 0 - // With a pwd should work even if pwd bit not set - PrintAndLogEx(INFO, "\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n"); + PrintAndLogEx(INFO, "\nBegin wiping %s", (Q5)? "Q5 / T5555 tag" : "T55x7 tag"); - if (usepwd) { - snprintf(ptrData, sizeof(writeData), "b 0 p %08x ", password); - } else { - snprintf(ptrData, sizeof(writeData), "b 0 "); + // default config blocks. + if (gotconf == false) { + block0 = (Q5) ? 0x6001F004 : 0x000880E0; } - if (Q5) - snprintf(ptrData + strlen(writeData), sizeof(writeData) - strlen(writeData), "d 6001F004"); - else - snprintf(ptrData + strlen(writeData), sizeof(writeData) - strlen(writeData), "d 000880E0"); + char msg[80] = {0}; + if (gotconf) + snprintf(msg, sizeof(msg), "User provided configuration block %08X", block0); + else + snprintf(msg, sizeof(msg), "Default configation block %08X", block0); + + PrintAndLogEx(INFO, "%s", msg); + + // Creating cmd string for write block :) + snprintf(ptrData, sizeof(writeData), "b 0 "); + + if (usepwd) { + snprintf(ptrData + strlen(writeData), sizeof(writeData) - strlen(writeData), "p %08x ", password); + } + snprintf(ptrData + strlen(writeData), sizeof(writeData) - strlen(writeData), "d %08X", block0); + if (CmdT55xxWriteBlock(ptrData) != PM3_SUCCESS) PrintAndLogEx(WARNING, "Warning: error writing blk 0"); @@ -2296,7 +2436,7 @@ static int CmdT55xxWipe(const char *Cmd) { if (config.downlink_mode != T55XX_DLMODE_FIXED) { // Detect found a different mode so card must support snprintf(ptrData, sizeof(writeData), "b 3 1 d 00000000"); if (CmdT55xxWriteBlock(ptrData) != PM3_SUCCESS) - PrintAndLogEx(WARNING, "Warning: error writing blk 3 page 1 (config)"); + PrintAndLogEx(WARNING, "Warning: failed writing block 3 page 1 (config)"); memset(writeData, 0x00, sizeof(writeData)); } return PM3_SUCCESS; @@ -2390,10 +2530,9 @@ static int CmdT55xxChkPwds(const char *Cmd) { PrintAndLogEx(SUCCESS, "\nFound a candidate [ " _YELLOW_("%08X") " ]. Trying to validate", resp.oldarg[1]); if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, resp.oldarg[1], downlink_mode)) { - found = tryDetectModulation(downlink_mode,T55XX_PrintConfig); + found = tryDetectModulation(downlink_mode, T55XX_PrintConfig); if (found) { PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") " ]", resp.oldarg[1]); - // T55xx_Print_DownlinkMode(downlink_mode); } else { PrintAndLogEx(WARNING, "Check pwd failed"); @@ -2446,7 +2585,6 @@ static int CmdT55xxChkPwds(const char *Cmd) { found = tryDetectModulation(dl_mode,T55XX_PrintConfig); if (found) { PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") " ]", curr_password); - // T55xx_Print_DownlinkMode(dl_mode); dl_mode = 4; // Exit other downlink mode checks c = keycount; // Exit loop } @@ -2740,7 +2878,6 @@ bool tryDetectP1(bool getData) { (DemodBufferLen == 32 || DemodBufferLen == 64)) { return true; } - } // try NRZ clock detect. it could be another type even if successful. @@ -2822,7 +2959,8 @@ static int CmdT55xxDetectPage1(const char *Cmd) { useGB = true; cmdp++; break; - case 'r': + case 'r': + //ICEMAN STRANGE downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); if (downlink_mode == 4) try_all_dl_modes = true; @@ -2876,7 +3014,7 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { case 'h': - return usage_lf_deviceconfig(); + return usage_t55xx_deviceconfig(); case 'a': errors |= param_getdec(Cmd, cmdp + 1, &startgap); cmdp += 2; @@ -2928,7 +3066,7 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) { } //Validations - if (errors || cmdp == 0) return usage_lf_deviceconfig(); + if (errors || cmdp == 0) return usage_t55xx_deviceconfig(); t55xx_configurations_t configurations = {{{0}, {0}, {0}, {0}}}; @@ -2984,6 +3122,67 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) { return PM3_SUCCESS; } +static int CmdT55xxProtect(const char *Cmd) { + bool errors = false, usepwd = false, gotnewpwd = false; + uint32_t password = 0, new_password = 0; + uint8_t override = 0; + uint8_t cmdp = 0; + uint8_t downlink_mode = 0; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_t55xx_protect(); + case 'o': + override = 2; + cmdp++; + break; + case 'n': + new_password = param_get32ex(Cmd, cmdp + 1, 0, 16); + gotnewpwd = true; + cmdp += 2; + break; + case 'p': + password = param_get32ex(Cmd, cmdp + 1, 0, 16); + usepwd = true; + override = 1; + cmdp += 2; + break; + case 'r': + //ICEMAN STRANGE + downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); + if (downlink_mode > 3) + downlink_mode = 0; + + cmdp += 2; + break; + default: + PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (gotnewpwd == false) + return usage_t55xx_protect(); + + if (errors || cmdp == 0) return usage_t55xx_protect(); + + // sanity check. + if (SanityOfflineCheck(false) != PM3_SUCCESS) + return PM3_ESOFT; + + // lock + bool res = t55xxProtect(true, usepwd, override, password, downlink_mode, new_password ); + // unlock +// res = t55xxProtect(false, usepwd, override, password, downlink_mode, new_password ); + if (res == false) { + PrintAndLogEx(WARNING, "Command failed. Did you run `lf t55xx detect` before?"); + return PM3_ESOFT; + } + return PM3_SUCCESS; +} + static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"bruteforce", CmdT55xxBruteForce, IfPm3Lf, " Simple bruteforce attack to find password"}, @@ -2991,9 +3190,10 @@ static command_t CommandTable[] = { {"chk", CmdT55xxChkPwds, IfPm3Lf, "Check passwords from dictionary/flash"}, {"detect", CmdT55xxDetect, AlwaysAvailable, "[1] Try detecting the tag modulation from reading the configuration block."}, {"deviceconfig", CmdT55xxSetDeviceConfig, IfPm3Lf, "Set/Get T55XX device configuration (startgap, writegap, write0, write1, readgap"}, - {"p1detect", CmdT55xxDetectPage1, IfPm3Lf, "[1] Try detecting if this is a t55xx tag by reading page 1"}, {"dump", CmdT55xxDump, IfPm3Lf, "[password] [o] Dump T55xx card block 0-7. Optional [password], [override]"}, {"info", CmdT55xxInfo, AlwaysAvailable, "[1] Show T55x7 configuration data (page 0/ blk 0)"}, + {"p1detect", CmdT55xxDetectPage1, IfPm3Lf, "[1] Try detecting if this is a t55xx tag by reading page 1"}, + {"protect", CmdT55xxProtect, IfPm3Lf, "Password protect tag"}, {"read", CmdT55xxReadBlock, IfPm3Lf, "b p [password] [o] [1] -- Read T55xx block data. Optional [p password], [override], [page1]"}, {"resetread", CmdResetRead, IfPm3Lf, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"}, {"recoverpw", CmdT55xxRecoverPW, IfPm3Lf, "[password] Try to recover from bad password write from a cloner. Only use on PW protected chips!"}, diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h index b2af0f5b4..129a6cf5e 100644 --- a/client/cmdlft55xx.h +++ b/client/cmdlft55xx.h @@ -13,6 +13,7 @@ #include "common.h" #define T55x7_CONFIGURATION_BLOCK 0x00 +#define T55x7_PWD_BLOCK 0x07 #define T55x7_TRACE_BLOCK1 0x01 #define T55x7_TRACE_BLOCK2 0x02 #define T55x7_PAGE0 0x00 @@ -142,7 +143,12 @@ void printT5xxHeader(uint8_t page); void printT55xxBlock(uint8_t blockNum); int printConfiguration(t55xx_conf_block_t b); -int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode); +bool t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data); +int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode); +int T55xxReadBlockEx(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, bool verbose); + +int t55xxWrite(uint8_t block, bool page1, bool usepwd, bool testMode, uint32_t password, uint8_t downlink_mode, uint32_t data); + bool GetT55xxBlockData(uint32_t *blockdata); bool DecodeT55xxBlock(void); bool tryDetectModulation(uint8_t downlink_mode, bool print_config); From f210f9a9349f970d2969bf49ec6fa6effc73c12e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 14 Sep 2019 19:04:17 +0200 Subject: [PATCH 04/21] textual --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49be5d124..c062f6f83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Add `lf t55xx protect` - sets password and enables password protection on t55x7 tag (@iceman1001) + - Chg `lf t55xx wipe` - now accepts user provided configuration block (@iceman1001) - Chg proxmark3-flasher is now merged into proxmark3 client. Add pm3-flash (@doegox) - Chg `hf iclass clone\dump\rdbl\wrbl` - now uses NG (@iceman1001) - Fix `hf iclass clone` - last block always fails (@iceman1001) From d5d273fedb695c03b850a90a94d79f91e81cd6a3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 14 Sep 2019 19:11:39 +0200 Subject: [PATCH 05/21] fix. --- client/cmdlft55xx.c | 1 - 1 file changed, 1 deletion(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 2ebdd87f1..faf371443 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -354,7 +354,6 @@ static bool t55xxProtect(bool lock, bool usepwd, uint8_t override, uint32_t pass if (GetT55xxBlockData(&block0) == false) return false; - uint32_t old = block0; bool isPwdBitAlreadySet = (block0 >> (32-28) & 1); if (isPwdBitAlreadySet) { PrintAndLogEx(INFO, "PWD bit is already set"); From cd28641d962c8a1335ee6a6de80704a8b1e5f2e2 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 14 Sep 2019 19:31:00 +0200 Subject: [PATCH 06/21] chg: 'lf visa2000 clone' - now verify successful write of blocks. --- client/cmdlft55xx.c | 15 +++++++-------- client/cmdlfvisa2000.c | 28 +++++++++++++--------------- client/cmdlfvisa2000.h | 12 ++++++++++++ 3 files changed, 32 insertions(+), 23 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index faf371443..5575ef80e 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -421,29 +421,28 @@ bool t55xxVerifyWrite(uint8_t block, bool page1, bool usepwd, uint8_t override, // this messes up with ppls config.. if (block == 0 && page1 == false) { - PrintAndLogEx(INFO, "Block0 write detected, running `detect` to see if validation is possible (pwd == %08X)", password); - + + PrintAndLogEx(INFO, "Block0 write detected, running `detect` to see if validation is possible"); bool got_modulation = false; for ( uint8_t m = 0; m < 4; m++) { - if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, password, m) == false) { - PrintAndLogEx(INPLACE, "."); + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, m) == false) { continue; } - - if (tryDetectModulation(m, true) == false) { + + if (tryDetectModulation(m, false) == false) { PrintAndLogEx(INPLACE, "."); continue; } else { got_modulation = true; - PrintAndLogEx(NORMAL, ""); break; } } + PrintAndLogEx(NORMAL, ""); if (got_modulation == false) return false; - + return t55xxVerifyWrite(block, page1, usepwd, 2, password, downlink_mode, data); } } diff --git a/client/cmdlfvisa2000.c b/client/cmdlfvisa2000.c index ed181d991..1433ced01 100644 --- a/client/cmdlfvisa2000.c +++ b/client/cmdlfvisa2000.c @@ -11,19 +11,6 @@ #include "cmdlfvisa2000.h" -#include -#include -#include - -#include "cmdparser.h" // command_t -#include "comms.h" -#include "ui.h" -#include "graph.h" -#include "cmddata.h" -#include "cmdlf.h" -#include "protocols.h" // for T55xx config register definitions -#include "lfdemod.h" // parityTest - #define BL0CK1 0x56495332 static int CmdHelp(const char *Cmd); @@ -171,7 +158,7 @@ static int CmdVisa2kClone(const char *Cmd) { id = param_get32ex(Cmd, 0, 0, 10); //Q5 - if (param_getchar(Cmd, 1) == 'Q' || param_getchar(Cmd, 1) == 'q') + if (tolower(param_getchar(Cmd, 1)) == 'q') blocks[0] = T5555_MODULATION_MANCHESTER | T5555_SET_BITRATE(64) | T5555_ST_TERMINATOR | 3 << T5555_MAXBLOCK_SHIFT; blocks[2] = id; @@ -180,8 +167,10 @@ static int CmdVisa2kClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Visa2000 to T55x7 with CardId: %u", id); print_blocks(blocks, 4); + uint8_t res = 0; + PacketResponseNG resp; - + // fast push mode conn.block_after_ACK = true; for (uint8_t i = 0; i < 4; i++) { @@ -202,7 +191,16 @@ static int CmdVisa2kClone(const char *Cmd) { PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation."); return PM3_ETIMEOUT; } + + bool isok = t55xxVerifyWrite(i, 0, false, false, 0, 0, blocks[i]); + if ( isok == false) { + PrintAndLogEx(WARNING, "Couldn't verify write"); + res++; + } } + if ( res == 0 ) + PrintAndLogEx(SUCCESS, "Success writing to tag"); + return PM3_SUCCESS; } diff --git a/client/cmdlfvisa2000.h b/client/cmdlfvisa2000.h index 63e7fdc67..e8995cbdd 100644 --- a/client/cmdlfvisa2000.h +++ b/client/cmdlfvisa2000.h @@ -9,7 +9,19 @@ #ifndef CMDLFVISA2000_H__ #define CMDLFVISA2000_H__ +#include +#include +#include #include "common.h" +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "graph.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "protocols.h" // for T55xx config register definitions +#include "lfdemod.h" // parityTest +#include "cmdlft55xx.h" // write verify int CmdLFVisa2k(const char *Cmd); From 2bec009778bd6ba01c108f1cd878f80db8057547 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sat, 14 Sep 2019 19:58:17 +0200 Subject: [PATCH 07/21] chg: 'lf viking clone' - now uses NG --- armsrc/appmain.c | 13 +++++++++++-- armsrc/lfops.c | 14 ++++++++++---- armsrc/lfops.h | 2 +- client/cmdlfviking.c | 32 +++++++++++++++----------------- client/cmdlfviking.h | 13 +++++++++++++ 5 files changed, 50 insertions(+), 24 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 6194cfe39..d48b798a5 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -856,7 +856,12 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_LF_VIKING_CLONE: { - CopyVikingtoT55xx(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2]); + struct p { + bool Q5; + uint8_t blocks[8]; + } PACKED; + struct p *payload = (struct p*)packet->data.asBytes; + CopyVikingtoT55xx(payload->blocks, payload->Q5); break; } case CMD_LF_COTAG_READ: { @@ -1217,7 +1222,11 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_ICLASS_READER: { - ReaderIClass(packet->oldarg[0]); + struct p { + uint8_t flags; + } PACKED; + struct p *payload = (struct p *)packet->data.asBytes; + ReaderIClass(payload->flags); break; } case CMD_HF_ICLASS_REPLAY: { diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 341b98483..d032b2236 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -2152,13 +2152,19 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t LED_D_OFF(); } // clone viking tag to T55xx -void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5) { - uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), block1, block2}; - if (Q5) data[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT; +void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) { + + uint32_t data[] = {T55x7_BITRATE_RF_32 | T55x7_MODULATION_MANCHESTER | (2 << T55x7_MAXBLOCK_SHIFT), 0, 0}; + if (Q5) + data[0] = T5555_SET_BITRATE(32) | T5555_MODULATION_MANCHESTER | 2 << T5555_MAXBLOCK_SHIFT; + + data[1] = bytes_to_num(blocks, 4); + data[2] = bytes_to_num(blocks +4, 4); + // Program the data blocks for supplied ID and the block 0 config WriteT55xx(data, 0, 3); LED_D_OFF(); - reply_mix(CMD_ACK, 0, 0, 0, 0, 0); + reply_ng(CMD_LF_VIKING_CLONE, PM3_SUCCESS, NULL, 0); } // Define 9bit header for EM410x tags diff --git a/armsrc/lfops.h b/armsrc/lfops.h index 186b41f90..690f29db3 100644 --- a/armsrc/lfops.h +++ b/armsrc/lfops.h @@ -43,7 +43,7 @@ void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol); void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); void CopyIOtoT55x7(uint32_t hi, uint32_t lo); // Clone an ioProx card to T5557/T5567 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567 -void CopyVikingtoT55xx(uint32_t block1, uint32_t block2, uint8_t Q5); +void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5); void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo); void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7 void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7 diff --git a/client/cmdlfviking.c b/client/cmdlfviking.c index ef88cc169..45fe9ffb6 100644 --- a/client/cmdlfviking.c +++ b/client/cmdlfviking.c @@ -9,17 +9,6 @@ //----------------------------------------------------------------------------- #include "cmdlfviking.h" -#include -#include -#include - -#include "cmdparser.h" // command_t -#include "comms.h" -#include "ui.h" -#include "cmddata.h" -#include "cmdlf.h" -#include "lfdemod.h" - static int CmdHelp(const char *Cmd); static int usage_lf_viking_clone(void) { @@ -90,22 +79,31 @@ static int CmdVikingClone(const char *Cmd) { id = param_get32ex(Cmd, 0, 0, 16); if (id == 0) return usage_lf_viking_clone(); - cmdp = param_getchar(Cmd, 1); - if (cmdp == 'Q' || cmdp == 'q') + cmdp = tolower(param_getchar(Cmd, 1)); + if (cmdp == 'q') Q5 = true; rawID = getVikingBits(id); - PrintAndLogEx(INFO, "Preparing to clone Viking tag - ID " _YELLOW_("%08X")" raw " _YELLOW_("%08X%08X"), id, (uint32_t)(rawID >> 32), (uint32_t)(rawID & 0xFFFFFFFF)); + struct p { + bool Q5; + uint8_t blocks[8]; + } PACKED payload; + payload.Q5 = Q5; + + num_to_bytes(rawID, 8, &payload.blocks[0]); + PrintAndLogEx(INFO, "Preparing to clone Viking tag - ID " _YELLOW_("%08X")" raw " _YELLOW_("%s"), id, sprint_hex(payload.blocks, sizeof(payload.blocks))); + clearCommandBuffer(); - SendCommandMIX(CMD_LF_VIKING_CLONE, rawID >> 32, rawID & 0xFFFFFFFF, Q5, NULL, 0); + + SendCommandNG(CMD_LF_VIKING_CLONE, (uint8_t*)&payload, sizeof(payload)); PacketResponseNG resp; - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + if (!WaitForResponseTimeout(CMD_LF_VIKING_CLONE, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation."); return PM3_ETIMEOUT; } - return PM3_SUCCESS; + return resp.status; } static int CmdVikingSim(const char *Cmd) { diff --git a/client/cmdlfviking.h b/client/cmdlfviking.h index 156d57c7d..344bb3c0c 100644 --- a/client/cmdlfviking.h +++ b/client/cmdlfviking.h @@ -9,8 +9,21 @@ #ifndef CMDLFVIKING_H__ #define CMDLFVIKING_H__ +#include +#include +#include + #include "common.h" +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "lfdemod.h" +#include "commonutil.h" // num_to_bytes + + int CmdLFViking(const char *Cmd); int demodViking(void); From 61098c77163360468367a13c38d0bc44d677609b Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 14 Sep 2019 22:44:15 +0200 Subject: [PATCH 08/21] lf hid sim: use generic FSK sim --- armsrc/lfops.c | 119 ++++++++++--------------------------------------- armsrc/lfops.h | 1 + 2 files changed, 25 insertions(+), 95 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index d032b2236..b546fdc49 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -876,69 +876,6 @@ void SimulateTagLowFrequency(int period, int gap, bool ledcontrol) { #define DEBUG_FRAME_CONTENTS 1 void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen) { } -// compose fc/5 fc/8 waveform (FSK1) - -// compose fc/8 fc/10 waveform (FSK2) -// also manchester, -static void fc(int c, int *n) { - uint8_t *dest = BigBuf_get_addr(); - int idx; - - // for when we want an fc8 pattern every 4 logical bits - if (c == 0) { - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - } - - // an fc/8 encoded bit is a bit pattern of 11110000 x6 = 48 samples - if (c == 8) { - for (idx = 0; idx < 6; idx++) { - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - } - } - - // an fc/10 encoded bit is a bit pattern of 1111100000 x5 = 50 samples - if (c == 10) { - for (idx = 0; idx < 5; idx++) { - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 1; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - dest[((*n)++)] = 0; - } - } -} - -// special start of frame marker containing invalid bit sequences -// this one is focused on HID, with manchester encoding. -static void fcSTT(int *n) { - fc(8, n); - fc(8, n); // invalid - fc(8, n); - fc(10, n); // logical 0 - fc(10, n); - fc(10, n); // invalid - fc(8, n); - fc(10, n); // logical 0 -} // compose fc/X fc/Y waveform (FSKx) static void fcAll(uint8_t fc, int *n, uint8_t clock, int16_t *remainder) { @@ -971,10 +908,9 @@ void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) { return; } - FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - set_tracing(false); - - int n = 0, i = 0; + // special start of frame marker containing invalid Manchester bit sequences + uint8_t bits[8+44*2] = { 0, 0, 0, 1, 1, 1, 0, 1 }; + uint16_t n = 8; /* HID tag bitstream format The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits @@ -989,42 +925,28 @@ void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) { bit 0 = fc8 */ - fc(0, &n); - - // special start of frame marker containing invalid bit sequences - fcSTT(&n); - + // TODO isn't there a manchester encoding function already available? // manchester encode bits 43 to 32 - for (i = 11; i >= 0; i--) { - - if ((i % 4) == 3) fc(0, &n); - + for (int i = 11; i >= 0; i--) { if ((hi >> i) & 1) { - fc(10, &n); - fc(8, &n); // low-high transition + bits[n++] = 1; + bits[n++] = 0; } else { - fc(8, &n); - fc(10, &n); // high-low transition + bits[n++] = 0; + bits[n++] = 1; } } - // manchester encode bits 31 to 0 - for (i = 31; i >= 0; i--) { - - if ((i % 4) == 3) fc(0, &n); - + for (int i = 31; i >= 0; i--) { if ((lo >> i) & 1) { - fc(10, &n); - fc(8, &n); // low-high transition + bits[n++] = 1; + bits[n++] = 0; } else { - fc(8, &n); - fc(10, &n); // high-low transition + bits[n++] = 0; + bits[n++] = 1; } } - - if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequencyEx(n, 0, ledcontrol, numcycles); - if (ledcontrol) LED_A_OFF(); + CmdFSKsimTAGEx(10, 8, 0, 50, sizeof(bits), bits, ledcontrol, numcycles); } void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol) { @@ -1035,7 +957,7 @@ void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol) { // prepare a waveform pattern in the buffer based on the ID given then // simulate a FSK tag until the button is pressed // arg1 contains fcHigh and fcLow, arg2 contains STT marker and clock -void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol) { +void CmdFSKsimTAGEx(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol, int numcycles) { FpgaDownloadAndGo(FPGA_BITSTREAM_LF); @@ -1064,8 +986,15 @@ void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, Dbprintf("Simulating with fcHigh: %d, fcLow: %d, clk: %d, STT: %d, n: %d", fchigh, fclow, clk, separator, n); if (ledcontrol) LED_A_ON(); - SimulateTagLowFrequency(n, 0, ledcontrol); + SimulateTagLowFrequencyEx(n, 0, ledcontrol, numcycles); if (ledcontrol) LED_A_OFF(); +} + +// prepare a waveform pattern in the buffer based on the ID given then +// simulate a FSK tag until the button is pressed +// arg1 contains fcHigh and fcLow, arg2 contains STT marker and clock +void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol) { + CmdFSKsimTAGEx(fchigh, fclow, separator, clk, bitslen, bits, ledcontrol, -1); reply_ng(CMD_LF_FSK_SIMULATE, PM3_EOPABORTED, NULL, 0); } diff --git a/armsrc/lfops.h b/armsrc/lfops.h index 690f29db3..4f82dfae9 100644 --- a/armsrc/lfops.h +++ b/armsrc/lfops.h @@ -33,6 +33,7 @@ void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen); void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles); void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol); +void CmdFSKsimTAGEx(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol, int numcycles); void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol); void CmdASKsimTAG(uint8_t encoding, uint8_t invert, uint8_t separator, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); void CmdPSKsimTag(uint8_t carrier, uint8_t invert, uint8_t clk, uint16_t size, uint8_t *bits, bool ledcontrol); From 47724d0a1b5f98dfc4b402f5964a3bae9f41f743 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 01:13:52 +0200 Subject: [PATCH 09/21] textual --- client/cmdlfsecurakey.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/client/cmdlfsecurakey.c b/client/cmdlfsecurakey.c index 0ee22524f..c916478da 100644 --- a/client/cmdlfsecurakey.c +++ b/client/cmdlfsecurakey.c @@ -111,12 +111,22 @@ static int CmdSecurakeyRead(const char *Cmd) { return CmdSecurakeyDemod(Cmd); } +static int CmdSecuraClone(const char *Cmd) { + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + +static int CmdSecureSim(const char *Cmd) { + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"demod", CmdSecurakeyDemod, AlwaysAvailable, "Demodulate an Securakey tag from the GraphBuffer"}, {"read", CmdSecurakeyRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, - //{"clone", CmdSecurakeyClone, IfPm3Lf, "clone Securakey tag"}, - //{"sim", CmdSecurakeydSim, IfPm3Lf, "simulate Securakey tag"}, + {"clone", CmdSecurakeyClone, IfPm3Lf, "clone Securakey tag"}, + {"sim", CmdSecurakeydSim, IfPm3Lf, "simulate Securakey tag"}, {NULL, NULL, NULL, NULL} }; From 06809babbbbff155d2e357188e29f5efc7c77f43 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 01:33:54 +0200 Subject: [PATCH 10/21] chg: 'lf pyramid clone' - add verification --- client/cmdlfpyramid.c | 30 +++++++++++++----------------- client/cmdlfpyramid.h | 15 +++++++++++++++ client/cmdlfsecurakey.c | 6 +++--- 3 files changed, 31 insertions(+), 20 deletions(-) diff --git a/client/cmdlfpyramid.c b/client/cmdlfpyramid.c index d5c3076a9..90a4ccfde 100644 --- a/client/cmdlfpyramid.c +++ b/client/cmdlfpyramid.c @@ -9,21 +9,6 @@ //----------------------------------------------------------------------------- #include "cmdlfpyramid.h" -#include -#include -#include -#include - -#include "cmdparser.h" // command_t -#include "comms.h" -#include "ui.h" -#include "graph.h" -#include "cmddata.h" -#include "cmdlf.h" -#include "protocols.h" // for T55xx config register definitions -#include "lfdemod.h" // parityTest -#include "crc.h" - static int CmdHelp(const char *Cmd); static int usage_lf_pyramid_clone(void) { @@ -246,12 +231,13 @@ static int CmdPyramidClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Farpointe/Pyramid to T55x7 with Facility Code: %u, Card Number: %u", facilitycode, cardnumber); print_blocks(blocks, 5); + uint8_t res = 0; PacketResponseNG resp; // fast push mode conn.block_after_ACK = true; - for (uint8_t i = 0; i < 5; i++) { - if (i == 4) { + for (int8_t i = 4; i >= 0; i--) { + if (i == 0) { // Disable fast mode on last packet conn.block_after_ACK = false; } @@ -267,7 +253,17 @@ static int CmdPyramidClone(const char *Cmd) { PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation."); return PM3_ETIMEOUT; } + + bool isok = t55xxVerifyWrite(i, 0, false, false, 0, 0, blocks[i]); + if ( isok == false) { + PrintAndLogEx(WARNING, "Couldn't verify write"); + res++; + } } + + if ( res == 0 ) + PrintAndLogEx(SUCCESS, "Success writing to tag"); + return PM3_SUCCESS; } diff --git a/client/cmdlfpyramid.h b/client/cmdlfpyramid.h index 2d717fbb3..0a9e2674a 100644 --- a/client/cmdlfpyramid.h +++ b/client/cmdlfpyramid.h @@ -10,6 +10,21 @@ #define CMDLFPYRAMID_H__ #include "common.h" +#include +#include +#include +#include + +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "graph.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "protocols.h" // for T55xx config register definitions +#include "lfdemod.h" // parityTest +#include "crc.h" +#include "cmdlft55xx.h" // verifywrite int CmdLFPyramid(const char *Cmd); diff --git a/client/cmdlfsecurakey.c b/client/cmdlfsecurakey.c index c916478da..e14a679f2 100644 --- a/client/cmdlfsecurakey.c +++ b/client/cmdlfsecurakey.c @@ -111,12 +111,12 @@ static int CmdSecurakeyRead(const char *Cmd) { return CmdSecurakeyDemod(Cmd); } -static int CmdSecuraClone(const char *Cmd) { +static int CmdSecurakeyClone(const char *Cmd) { PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); return PM3_SUCCESS; } -static int CmdSecureSim(const char *Cmd) { +static int CmdSecurakeySim(const char *Cmd) { PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); return PM3_SUCCESS; } @@ -126,7 +126,7 @@ static command_t CommandTable[] = { {"demod", CmdSecurakeyDemod, AlwaysAvailable, "Demodulate an Securakey tag from the GraphBuffer"}, {"read", CmdSecurakeyRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, {"clone", CmdSecurakeyClone, IfPm3Lf, "clone Securakey tag"}, - {"sim", CmdSecurakeydSim, IfPm3Lf, "simulate Securakey tag"}, + {"sim", CmdSecurakeySim, IfPm3Lf, "simulate Securakey tag"}, {NULL, NULL, NULL, NULL} }; From 9275304640c1617bbcf4a3cc276c414b7452586d Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Sep 2019 01:16:54 +0200 Subject: [PATCH 11/21] lf hid clone: fix some stuff related to long ID, still clone doesn't seem to work --- client/cmdlfhid.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c index 8e22654f4..bfabcc237 100644 --- a/client/cmdlfhid.c +++ b/client/cmdlfhid.c @@ -76,14 +76,14 @@ static int usage_lf_hid_sim(void) { static int usage_lf_hid_clone(void) { PrintAndLogEx(NORMAL, "Clone HID to T55x7. Tag must be on antenna. "); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "Usage: lf hid clone [h] [ID] "); + PrintAndLogEx(NORMAL, "Usage: lf hid clone [h] [l] ID"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - This help"); + PrintAndLogEx(NORMAL, " l - 84bit ID"); PrintAndLogEx(NORMAL, " ID - HID id"); - PrintAndLogEx(NORMAL, " L - 84bit ID"); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf hid clone 2006ec0c86"); - PrintAndLogEx(NORMAL, " lf hid clone 2006ec0c86 L"); + PrintAndLogEx(NORMAL, " lf hid clone l 2006ec0c86"); return PM3_SUCCESS; } static int usage_lf_hid_brute(void) { @@ -294,6 +294,7 @@ static int CmdHIDClone(const char *Cmd) { if (strlen(Cmd) == 0 || ctmp == 'H' || ctmp == 'h') return usage_lf_hid_clone(); uint8_t longid[1] = {0}; if (strchr(Cmd, 'l') != 0) { + i++; while (sscanf(&Cmd[i++], "%1x", &n) == 1) { hi2 = (hi2 << 4) | (hi >> 28); hi = (hi << 4) | (lo >> 28); From 59e66ce5fd74b61c79fd9a429cc3955744717318 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Sep 2019 01:17:47 +0200 Subject: [PATCH 12/21] lf hid sim: add support for long ID --- armsrc/Standalone/lf_hidbrute.c | 6 +- armsrc/Standalone/lf_proxbrute.c | 2 +- armsrc/Standalone/lf_samyrun.c | 2 +- armsrc/appmain.c | 3 +- armsrc/lfops.c | 109 ++++++++++++++++++++++--------- armsrc/lfops.h | 4 +- client/cmdlfhid.c | 31 +++++++-- include/pm3_cmd.h | 8 +++ 8 files changed, 120 insertions(+), 45 deletions(-) diff --git a/armsrc/Standalone/lf_hidbrute.c b/armsrc/Standalone/lf_hidbrute.c index 625459238..48efcf119 100644 --- a/armsrc/Standalone/lf_hidbrute.c +++ b/armsrc/Standalone/lf_hidbrute.c @@ -128,7 +128,7 @@ void RunMod() { WAIT_BUTTON_RELEASED(); Dbprintf("[=] %x %x %08x", selected, high[selected], low[selected]); - CmdHIDsimTAG(high[selected], low[selected], 0); + CmdHIDsimTAG(0, high[selected], low[selected], 0, 0); DbpString("[=] done playing"); if (BUTTON_HELD(1000) > 0) @@ -188,7 +188,7 @@ void RunMod() { // Print actual code to brute Dbprintf("[=] TAG ID: %x%08x (%d) - FC: %u - Card: %u", high[selected], low[selected], (low[selected] >> 1) & 0xFFFF, fc, cardnum); - CmdHIDsimTAGEx(high[selected], low[selected], 1, 50000); + CmdHIDsimTAGEx(0, high[selected], low[selected], 0, 1, 50000); } cardnum = original_cardnum; @@ -216,7 +216,7 @@ void RunMod() { // Print actual code to brute Dbprintf("[=] TAG ID: %x%08x (%d) - FC: %u - Card: %u", high[selected], low[selected], (low[selected] >> 1) & 0xFFFF, fc, cardnum); - CmdHIDsimTAGEx(high[selected], low[selected], 1, 50000); + CmdHIDsimTAGEx(0, high[selected], low[selected], 0, 1, 50000); } DbpString("[=] done bruteforcing"); diff --git a/armsrc/Standalone/lf_proxbrute.c b/armsrc/Standalone/lf_proxbrute.c index 5844dda84..25d62cc2a 100644 --- a/armsrc/Standalone/lf_proxbrute.c +++ b/armsrc/Standalone/lf_proxbrute.c @@ -102,7 +102,7 @@ void RunMod() { Dbprintf("[=] trying Facility = %08x ID %08x", high, i); // high, i, ledcontrol, timelimit 20000 - CmdHIDsimTAGEx(high, i, false, 20000); + CmdHIDsimTAGEx(0, high, i, 0, false, 20000); SpinDelay(100); } diff --git a/armsrc/Standalone/lf_samyrun.c b/armsrc/Standalone/lf_samyrun.c index d56f48e24..4dc45b0b3 100644 --- a/armsrc/Standalone/lf_samyrun.c +++ b/armsrc/Standalone/lf_samyrun.c @@ -108,7 +108,7 @@ void RunMod() { Dbprintf("[=] simulating %x | %x%08x", selected, high[selected], low[selected]); // high, low, no led control(A) no time limit - CmdHIDsimTAGEx(high[selected], low[selected], false, -1); + CmdHIDsimTAGEx(0, high[selected], low[selected], 0, false, -1); DbpString("[=] simulating done"); diff --git a/armsrc/appmain.c b/armsrc/appmain.c index d48b798a5..214e439b0 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -702,7 +702,8 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_LF_HID_SIMULATE: { - CmdHIDsimTAG(packet->oldarg[0], packet->oldarg[1], 1); + lf_hidsim_t *payload = (lf_hidsim_t *)packet->data.asBytes; + CmdHIDsimTAG(payload->hi2, payload->hi, payload->lo, payload->longFMT, 1); break; } case CMD_LF_FSK_SIMULATE: { diff --git a/armsrc/lfops.c b/armsrc/lfops.c index b546fdc49..ead9966ae 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -901,16 +901,8 @@ static void fcAll(uint8_t fc, int *n, uint8_t clock, int16_t *remainder) { // prepare a waveform pattern in the buffer based on the ID given then // simulate a HID tag until the button is pressed -void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) { +void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles) { - if (hi > 0xFFF) { - DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags"); - return; - } - - // special start of frame marker containing invalid Manchester bit sequences - uint8_t bits[8+44*2] = { 0, 0, 0, 1, 1, 1, 0, 1 }; - uint16_t n = 8; /* HID tag bitstream format The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits @@ -925,32 +917,87 @@ void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles) { bit 0 = fc8 */ - // TODO isn't there a manchester encoding function already available? - // manchester encode bits 43 to 32 - for (int i = 11; i >= 0; i--) { - if ((hi >> i) & 1) { - bits[n++] = 1; - bits[n++] = 0; - } else { - bits[n++] = 0; - bits[n++] = 1; + uint8_t bits[8+84*2] = { 0, 0, 0, 1, 1, 1, 0, 1 }; + uint8_t bitlen = 0; + + if (longFMT) { + // Ensure no more than 84 bits supplied + if (hi2 > 0xFFFFF) { + DbpString("Tags can only have 84 bits."); + return; + } + bitlen = 8+84*2; + // special start of frame marker containing invalid Manchester bit sequences + uint16_t n = 8; + hi2 |= 0x9E00000; // 9E: long format identifier + // manchester encode "9E" and bits 83 to 64 + for (int i = 27; i >= 0; i--) { + if ((hi2 >> i) & 1) { + bits[n++] = 1; + bits[n++] = 0; + } else { + bits[n++] = 0; + bits[n++] = 1; + } + } + // manchester encode bits 63 to 32 + for (int i = 31; i >= 0; i--) { + if ((hi >> i) & 1) { + bits[n++] = 1; + bits[n++] = 0; + } else { + bits[n++] = 0; + bits[n++] = 1; + } + } + // manchester encode bits 31 to 0 + for (int i = 31; i >= 0; i--) { + if ((lo >> i) & 1) { + bits[n++] = 1; + bits[n++] = 0; + } else { + bits[n++] = 0; + bits[n++] = 1; + } + } + + } else { + + if (hi > 0xFFF) { + DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags"); + return; + } + + bitlen = 8+44*2; + // special start of frame marker containing invalid Manchester bit sequences + uint16_t n = 8; + + // manchester encode bits 43 to 32 + for (int i = 11; i >= 0; i--) { + if ((hi >> i) & 1) { + bits[n++] = 1; + bits[n++] = 0; + } else { + bits[n++] = 0; + bits[n++] = 1; + } + } + // manchester encode bits 31 to 0 + for (int i = 31; i >= 0; i--) { + if ((lo >> i) & 1) { + bits[n++] = 1; + bits[n++] = 0; + } else { + bits[n++] = 0; + bits[n++] = 1; + } } } - // manchester encode bits 31 to 0 - for (int i = 31; i >= 0; i--) { - if ((lo >> i) & 1) { - bits[n++] = 1; - bits[n++] = 0; - } else { - bits[n++] = 0; - bits[n++] = 1; - } - } - CmdFSKsimTAGEx(10, 8, 0, 50, sizeof(bits), bits, ledcontrol, numcycles); + CmdFSKsimTAGEx(10, 8, 0, 50, bitlen, bits, ledcontrol, numcycles); } -void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol) { - CmdHIDsimTAGEx(hi, lo, ledcontrol, -1); +void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol) { + CmdHIDsimTAGEx(hi2, hi, lo, longFMT, ledcontrol, -1); reply_ng(CMD_LF_HID_SIMULATE, PM3_EOPABORTED, NULL, 0); } diff --git a/armsrc/lfops.h b/armsrc/lfops.h index 4f82dfae9..99d1b29eb 100644 --- a/armsrc/lfops.h +++ b/armsrc/lfops.h @@ -30,8 +30,8 @@ void SimulateTagLowFrequencyEx(int period, int gap, bool ledcontrol, int numcycl void SimulateTagLowFrequency(int period, int gap, bool ledcontrol); void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen); -void CmdHIDsimTAGEx(uint32_t hi, uint32_t lo, bool ledcontrol, int numcycles); -void CmdHIDsimTAG(uint32_t hi, uint32_t lo, bool ledcontrol); +void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol, int numcycles); +void CmdHIDsimTAG(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, bool ledcontrol); void CmdFSKsimTAGEx(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol, int numcycles); void CmdFSKsimTAG(uint8_t fchigh, uint8_t fclow, uint8_t separator, uint8_t clk, uint16_t bitslen, uint8_t *bits, bool ledcontrol); diff --git a/client/cmdlfhid.c b/client/cmdlfhid.c index bfabcc237..d4d52fa9f 100644 --- a/client/cmdlfhid.c +++ b/client/cmdlfhid.c @@ -261,22 +261,41 @@ static int CmdHIDRead_device(const char *Cmd) { } */ static int CmdHIDSim(const char *Cmd) { - uint32_t hi = 0, lo = 0; + lf_hidsim_t payload; + payload.longFMT = 0; + uint32_t hi2 = 0, hi = 0, lo = 0; uint32_t n = 0, i = 0; uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (strlen(Cmd) == 0 || ctmp == 'h') return usage_lf_hid_sim(); - while (sscanf(&Cmd[i++], "%1x", &n) == 1) { - hi = (hi << 4) | (lo >> 28); - lo = (lo << 4) | (n & 0xf); + if (strchr(Cmd, 'l') != 0) { + i++; + while (sscanf(&Cmd[i++], "%1x", &n) == 1) { + hi2 = (hi2 << 4) | (hi >> 28); + hi = (hi << 4) | (lo >> 28); + lo = (lo << 4) | (n & 0xf); + } + + PrintAndLogEx(INFO, "Simulating HID tag with long ID %x%08x%08x", hi2, hi, lo); + payload.longFMT = 1; + } else { + while (sscanf(&Cmd[i++], "%1x", &n) == 1) { + hi = (hi << 4) | (lo >> 28); + lo = (lo << 4) | (n & 0xf); + } + PrintAndLogEx(SUCCESS, "Simulating HID tag with ID %x%08x", hi, lo); + hi2 = 0; } - PrintAndLogEx(SUCCESS, "Simulating HID tag with ID %x%08x", hi, lo); PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation"); + payload.hi2 = hi2; + payload.hi = hi; + payload.lo = lo; + clearCommandBuffer(); - SendCommandMIX(CMD_LF_HID_SIMULATE, hi, lo, 0, NULL, 0); + SendCommandNG(CMD_LF_HID_SIMULATE, (uint8_t *)&payload, sizeof(payload)); PacketResponseNG resp; WaitForResponse(CMD_LF_HID_SIMULATE, &resp); PrintAndLogEx(INFO, "Done"); diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index e87e8bc33..d79433fcf 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -197,6 +197,14 @@ typedef struct { uint8_t flags; } PACKED t55xx_write_block_t; +// For CMD_LF_HID_SIMULATE (FSK) +typedef struct { + uint32_t hi2; + uint32_t hi; + uint32_t lo; + uint8_t longFMT; +} PACKED lf_hidsim_t; + // For CMD_LF_FSK_SIMULATE (FSK) typedef struct { uint8_t fchigh; From 359399b2e69cc591c4d4e4440dc68bb9ecc17284 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Sep 2019 02:01:53 +0200 Subject: [PATCH 13/21] fix hid sim long id length --- armsrc/lfops.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index ead9966ae..ba3b6e865 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -917,7 +917,7 @@ void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo bit 0 = fc8 */ - uint8_t bits[8+84*2] = { 0, 0, 0, 1, 1, 1, 0, 1 }; + uint8_t bits[8+8*2+84*2] = { 0, 0, 0, 1, 1, 1, 0, 1 }; uint8_t bitlen = 0; if (longFMT) { @@ -926,7 +926,7 @@ void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo DbpString("Tags can only have 84 bits."); return; } - bitlen = 8+84*2; + bitlen = 8+8*2+84*2; // special start of frame marker containing invalid Manchester bit sequences uint16_t n = 8; hi2 |= 0x9E00000; // 9E: long format identifier From 960d8c4db303fac550217b395381c642f2493950 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 15 Sep 2019 02:09:40 +0200 Subject: [PATCH 14/21] add helper fct manchesterEncodeUint32 --- armsrc/lfops.c | 64 ++++++------------------------------------------ common/lfdemod.c | 12 +++++++++ common/lfdemod.h | 1 + 3 files changed, 20 insertions(+), 57 deletions(-) diff --git a/armsrc/lfops.c b/armsrc/lfops.c index ba3b6e865..47c8011f8 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -917,8 +917,10 @@ void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo bit 0 = fc8 */ + // special start of frame marker containing invalid Manchester bit sequences uint8_t bits[8+8*2+84*2] = { 0, 0, 0, 1, 1, 1, 0, 1 }; uint8_t bitlen = 0; + uint16_t n = 8; if (longFMT) { // Ensure no more than 84 bits supplied @@ -927,71 +929,19 @@ void CmdHIDsimTAGEx(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, boo return; } bitlen = 8+8*2+84*2; - // special start of frame marker containing invalid Manchester bit sequences - uint16_t n = 8; hi2 |= 0x9E00000; // 9E: long format identifier - // manchester encode "9E" and bits 83 to 64 - for (int i = 27; i >= 0; i--) { - if ((hi2 >> i) & 1) { - bits[n++] = 1; - bits[n++] = 0; - } else { - bits[n++] = 0; - bits[n++] = 1; - } - } - // manchester encode bits 63 to 32 - for (int i = 31; i >= 0; i--) { - if ((hi >> i) & 1) { - bits[n++] = 1; - bits[n++] = 0; - } else { - bits[n++] = 0; - bits[n++] = 1; - } - } - // manchester encode bits 31 to 0 - for (int i = 31; i >= 0; i--) { - if ((lo >> i) & 1) { - bits[n++] = 1; - bits[n++] = 0; - } else { - bits[n++] = 0; - bits[n++] = 1; - } - } - + manchesterEncodeUint32(hi2, 16+12, bits, &n); + manchesterEncodeUint32(hi, 32, bits, &n); + manchesterEncodeUint32(lo, 32, bits, &n); } else { if (hi > 0xFFF) { DbpString("[!] tags can only have 44 bits. - USE lf simfsk for larger tags"); return; } - bitlen = 8+44*2; - // special start of frame marker containing invalid Manchester bit sequences - uint16_t n = 8; - - // manchester encode bits 43 to 32 - for (int i = 11; i >= 0; i--) { - if ((hi >> i) & 1) { - bits[n++] = 1; - bits[n++] = 0; - } else { - bits[n++] = 0; - bits[n++] = 1; - } - } - // manchester encode bits 31 to 0 - for (int i = 31; i >= 0; i--) { - if ((lo >> i) & 1) { - bits[n++] = 1; - bits[n++] = 0; - } else { - bits[n++] = 0; - bits[n++] = 1; - } - } + manchesterEncodeUint32(hi, 12, bits, &n); + manchesterEncodeUint32(lo, 32, bits, &n); } CmdFSKsimTAGEx(10, 8, 0, 50, bitlen, bits, ledcontrol, numcycles); } diff --git a/common/lfdemod.c b/common/lfdemod.c index b0b30a1c8..8e60eda0d 100644 --- a/common/lfdemod.c +++ b/common/lfdemod.c @@ -419,6 +419,18 @@ uint32_t manchesterEncode2Bytes(uint16_t datain) { return output; } +void manchesterEncodeUint32(uint32_t data_in, uint8_t bitlen_in, uint8_t *bits_out, uint16_t *index) { + for (int i = bitlen_in - 1; i >= 0; i--) { + if ((data_in >> i) & 1) { + bits_out[(*index)++] = 1; + bits_out[(*index)++] = 0; + } else { + bits_out[(*index)++] = 0; + bits_out[(*index)++] = 1; + } + } +} + //by marshmellow //encode binary data into binary manchester //NOTE: bitstream must have triple the size of "size" available in memory to do the swap diff --git a/common/lfdemod.h b/common/lfdemod.h index 50d769c6b..58ebd72c9 100644 --- a/common/lfdemod.h +++ b/common/lfdemod.h @@ -61,6 +61,7 @@ size_t fskdemod(uint8_t *dest, size_t size, uint8_t rfLen, uint8_t invert, uin //void getHiLo(uint8_t *bits, size_t size, int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo); void getHiLo(int *high, int *low, uint8_t fuzzHi, uint8_t fuzzLo); uint32_t manchesterEncode2Bytes(uint16_t datain); +void manchesterEncodeUint32(uint32_t data_in, uint8_t bitlen_in, uint8_t *bits_out, uint16_t *index); int ManchesterEncode(uint8_t *bits, size_t size); uint16_t manrawdecode(uint8_t *bits, size_t *size, uint8_t invert, uint8_t *alignPos); int nrzRawDemod(uint8_t *dest, size_t *size, int *clk, int *invert, int *startIdx); From 44cb67c49b16e4d9d1085436457c025aabf9a2d0 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 20:27:50 +0200 Subject: [PATCH 15/21] adjusting write validation to only print when successful in validating. Otherwise like old times. silence. --- client/cmdlfpresco.c | 29 ++++++++++++++++------------- client/cmdlfpresco.h | 14 ++++++++++++++ client/cmdlfpyramid.c | 14 ++++++++------ client/cmdlfvisa2000.c | 13 +++++++------ 4 files changed, 45 insertions(+), 25 deletions(-) diff --git a/client/cmdlfpresco.c b/client/cmdlfpresco.c index 14d87648e..a9c74d9ac 100644 --- a/client/cmdlfpresco.c +++ b/client/cmdlfpresco.c @@ -9,19 +9,6 @@ #include "cmdlfpresco.h" -#include -#include -#include -#include - -#include "cmdparser.h" // command_t -#include "comms.h" -#include "ui.h" -#include "cmddata.h" -#include "cmdlf.h" -#include "protocols.h" // for T55xx config register definitions -#include "lfdemod.h" // parityTest - static int CmdHelp(const char *Cmd); static int usage_lf_presco_clone(void) { @@ -134,6 +121,7 @@ static int CmdPrescoClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Presco to T55x7 with SiteCode: %u, UserCode: %u, FullCode: %08x", sitecode, usercode, fullcode); print_blocks(blocks, 5); + uint8_t res = 0; PacketResponseNG resp; // fast push mode @@ -155,7 +143,22 @@ static int CmdPrescoClone(const char *Cmd) { PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation."); return PM3_ETIMEOUT; } + + // write block0, needs a detect. + if (i == 0) { + printf("enter detect "); + bool ok = t55xxAquireAndDetect(false, 0, blocks[i], false); + printf(" b0 = '%c' \n", (ok) ? 'Y':'N'); + } + if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false) { + res++; + printf(" i = %d \n", i); + } } + + if ( res == 0 ) + PrintAndLogEx(SUCCESS, "Success writing to tag"); + return PM3_SUCCESS; } diff --git a/client/cmdlfpresco.h b/client/cmdlfpresco.h index 098a98342..8f7c7eb31 100644 --- a/client/cmdlfpresco.h +++ b/client/cmdlfpresco.h @@ -11,6 +11,20 @@ #include "common.h" +#include +#include +#include +#include + +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "protocols.h" // for T55xx config register definitions +#include "lfdemod.h" // parityTest +#include "cmdlft55xx.h" // verifywrite + int CmdLFPresco(const char *Cmd); int demodPresco(void); diff --git a/client/cmdlfpyramid.c b/client/cmdlfpyramid.c index 90a4ccfde..d0f116bf4 100644 --- a/client/cmdlfpyramid.c +++ b/client/cmdlfpyramid.c @@ -236,8 +236,8 @@ static int CmdPyramidClone(const char *Cmd) { // fast push mode conn.block_after_ACK = true; - for (int8_t i = 4; i >= 0; i--) { - if (i == 0) { + for (int8_t i = 0; i < 5; i++) { + if (i == 4) { // Disable fast mode on last packet conn.block_after_ACK = false; } @@ -254,11 +254,13 @@ static int CmdPyramidClone(const char *Cmd) { return PM3_ETIMEOUT; } - bool isok = t55xxVerifyWrite(i, 0, false, false, 0, 0, blocks[i]); - if ( isok == false) { - PrintAndLogEx(WARNING, "Couldn't verify write"); + // write block0, needs a detect. + if (i == 0) + t55xxAquireAndDetect(false, 0, blocks[i], false); + + if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false) res++; - } + } if ( res == 0 ) diff --git a/client/cmdlfvisa2000.c b/client/cmdlfvisa2000.c index 1433ced01..51cedb925 100644 --- a/client/cmdlfvisa2000.c +++ b/client/cmdlfvisa2000.c @@ -168,7 +168,6 @@ static int CmdVisa2kClone(const char *Cmd) { print_blocks(blocks, 4); uint8_t res = 0; - PacketResponseNG resp; // fast push mode @@ -190,14 +189,16 @@ static int CmdVisa2kClone(const char *Cmd) { PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation."); return PM3_ETIMEOUT; - } + } + + // write block0, needs a detect. + if (i == 0) + t55xxAquireAndDetect(false, 0, blocks[i], false); - bool isok = t55xxVerifyWrite(i, 0, false, false, 0, 0, blocks[i]); - if ( isok == false) { - PrintAndLogEx(WARNING, "Couldn't verify write"); + if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false) res++; - } } + if ( res == 0 ) PrintAndLogEx(SUCCESS, "Success writing to tag"); From a933eb4f9ed259ddd7877c3330e684c498d437eb Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 20:30:05 +0200 Subject: [PATCH 16/21] adjusting beahavior for auto detection --- client/cmdlft55xx.c | 105 +++++++++++++++++++++++++------------------- client/cmdlft55xx.h | 2 + 2 files changed, 61 insertions(+), 46 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 5575ef80e..73932f19a 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -405,9 +405,29 @@ static bool t55xxProtect(bool lock, bool usepwd, uint8_t override, uint32_t pass } } +bool t55xxAquireAndDetect(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose) { + + if (verbose) + PrintAndLogEx(INFO, "Block0 write detected, running `detect` to see if validation is possible"); + + for ( uint8_t m = 0; m < 4; m++) { + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, m) == false) + continue; + + if (tryDetectModulationEx(m, verbose, known_block0) == false) + continue; + + return true; + } + return false; +} + bool t55xxVerifyWrite(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) { uint32_t read_data = 0; + + if (downlink_mode == 0xFF) + downlink_mode = config.downlink_mode; int res = T55xxReadBlockEx(block, page1, usepwd, override, password, downlink_mode, false); if (res == PM3_SUCCESS) { @@ -421,29 +441,10 @@ bool t55xxVerifyWrite(uint8_t block, bool page1, bool usepwd, uint8_t override, // this messes up with ppls config.. if (block == 0 && page1 == false) { - - PrintAndLogEx(INFO, "Block0 write detected, running `detect` to see if validation is possible"); - bool got_modulation = false; - for ( uint8_t m = 0; m < 4; m++) { - - if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, m) == false) { - continue; - } - - if (tryDetectModulation(m, false) == false) { - PrintAndLogEx(INPLACE, "."); - continue; - } else { - got_modulation = true; - break; - } - } - PrintAndLogEx(NORMAL, ""); - - if (got_modulation == false) + if (t55xxAquireAndDetect(usepwd, password, data, true) == false) return false; - - return t55xxVerifyWrite(block, page1, usepwd, 2, password, downlink_mode, data); + + return t55xxVerifyWrite(block, page1, usepwd, 2, password, config.downlink_mode, data); } } @@ -892,22 +893,25 @@ static int CmdT55xxDetect(const char *Cmd) { if (useGB == false) { - //ICEMAN STRANGE - for (uint8_t m = downlink_mode; m < 4; m++) { - if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, m) == false) { - continue; - } + if ( try_all_dl_modes ) { + + for (uint8_t m = downlink_mode; m < 4; m++) { + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, m) == false) + continue; + + if (tryDetectModulation(m, T55XX_PrintConfig) == false) + continue; - if (tryDetectModulation(m, T55XX_PrintConfig)) { - m = 4; found = true; - } else { - found = false; - } + break; + } + } else { - if (try_all_dl_modes == false) - m = 4; + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode)) { + found = tryDetectModulation(downlink_mode, T55XX_PrintConfig); + } } + } else { found = tryDetectModulation(downlink_mode, T55XX_PrintConfig); } @@ -920,6 +924,10 @@ static int CmdT55xxDetect(const char *Cmd) { // detect configuration? bool tryDetectModulation(uint8_t downlink_mode, bool print_config) { + return tryDetectModulationEx(downlink_mode, print_config, 0); +} + +bool tryDetectModulationEx(uint8_t downlink_mode, bool print_config, uint32_t wanted_conf) { t55xx_conf_block_t tests[15]; int bitRate = 0, clk = 0, firstClockEdge = 0; @@ -1102,8 +1110,13 @@ bool tryDetectModulation(uint8_t downlink_mode, bool print_config) { if (hits > 1) { PrintAndLogEx(SUCCESS, "Found [%d] possible matches for modulation.", hits); for (int i = 0; i < hits; ++i) { + + bool wanted = false; + if (wanted_conf > 0) + wanted = (wanted_conf == tests[i].block0); + retval = testKnownConfigBlock(tests[i].block0); - if (retval) { + if (retval || wanted ) { PrintAndLogEx(NORMAL, "--[%d]--------------- << selected this", i + 1); config.modulation = tests[i].modulation; config.bitrate = tests[i].bitrate; @@ -2918,16 +2931,16 @@ bool tryDetectP1(bool getData) { } // does this need to be a callable command? static int CmdT55xxDetectPage1(const char *Cmd) { - bool errors = false; - bool useGB = false; - bool usepwd = false; - bool try_all_dl_modes = true; - bool found = false; - uint8_t found_mode = 0; - uint32_t password = 0; - uint8_t cmdp = 0; - uint8_t downlink_mode = 0; - uint8_t dl_mode = 0; + bool errors = false; + bool useGB = false; + bool usepwd = false; + bool try_all_dl_modes = true; + bool found = false; + uint8_t found_mode = 0; + uint32_t password = 0; + uint8_t cmdp = 0; + uint8_t downlink_mode = config.downlink_mode; + uint8_t dl_mode = 0; while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { @@ -3111,7 +3124,7 @@ static int CmdT55xxProtect(const char *Cmd) { uint32_t password = 0, new_password = 0; uint8_t override = 0; uint8_t cmdp = 0; - uint8_t downlink_mode = 0; + uint8_t downlink_mode = config.downlink_mode; while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h index 129a6cf5e..f388a39af 100644 --- a/client/cmdlft55xx.h +++ b/client/cmdlft55xx.h @@ -143,6 +143,7 @@ void printT5xxHeader(uint8_t page); void printT55xxBlock(uint8_t blockNum); int printConfiguration(t55xx_conf_block_t b); +bool t55xxAquireAndDetect(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose); bool t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data); int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode); int T55xxReadBlockEx(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, bool verbose); @@ -152,6 +153,7 @@ int t55xxWrite(uint8_t block, bool page1, bool usepwd, bool testMode, uint32_t p bool GetT55xxBlockData(uint32_t *blockdata); bool DecodeT55xxBlock(void); bool tryDetectModulation(uint8_t downlink_mode, bool print_config); +bool tryDetectModulationEx(uint8_t downlink_mode, bool print_config, uint32_t wanted_conf); bool testKnownConfigBlock(uint32_t block0); bool tryDetectP1(bool getData); From 19bdfd25773edf061d13b6e6ed6c477861833fd0 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 20:46:21 +0200 Subject: [PATCH 17/21] chg some printing of blocks --- client/cmdlft55xx.c | 8 ++++---- client/util.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 73932f19a..1afa169c9 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -486,9 +486,9 @@ int t55xxWrite(uint8_t block, bool page1, bool usepwd, bool testMode, uint32_t p } void printT5xxHeader(uint8_t page) { - PrintAndLogEx(NORMAL, "Reading Page %d:", page); - PrintAndLogEx(NORMAL, "blk | hex data | binary | ascii"); - PrintAndLogEx(NORMAL, "----+----------+----------------------------------+-------"); + PrintAndLogEx(SUCCESS, "Reading Page %d:", page); + PrintAndLogEx(SUCCESS, "blk | hex data | binary | ascii"); + PrintAndLogEx(SUCCESS, "----+----------+----------------------------------+-------"); } static int CmdT55xxSetConfig(const char *Cmd) { @@ -1185,7 +1185,7 @@ void printT55xxBlock(uint8_t blockNum) { num_to_bytes(blockData, 4, bytes); - PrintAndLogEx(NORMAL, " %02d | %08X | %s | %s", blockNum, blockData, sprint_bin(DemodBuffer + config.offset, 32), sprint_ascii(bytes, 4)); + PrintAndLogEx(SUCCESS, " %02d | %08X | %s | %s", blockNum, blockData, sprint_bin(DemodBuffer + config.offset, 32), sprint_ascii(bytes, 4)); } static bool testModulation(uint8_t mode, uint8_t modread) { diff --git a/client/util.c b/client/util.c index 1f5a29781..6877e8835 100644 --- a/client/util.c +++ b/client/util.c @@ -383,14 +383,14 @@ char *sprint_ascii(const uint8_t *data, const size_t len) { } void print_blocks(uint32_t *data, size_t len) { - PrintAndLogEx(NORMAL, "Blk | Data "); - PrintAndLogEx(NORMAL, "----+------------"); + PrintAndLogEx(SUCCESS, "Blk | Data "); + PrintAndLogEx(SUCCESS, "----+------------"); if (!data) { PrintAndLogEx(ERR, "..empty data"); } else { for (uint8_t i = 0; i < len; i++) - PrintAndLogEx(NORMAL, "%02d | 0x%08X", i, data[i]); + PrintAndLogEx(SUCCESS, " %02d | 0x%08X", i, data[i]); } } From c2f3e4b2f3439292a9540832001805205d597f23 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 20:51:23 +0200 Subject: [PATCH 18/21] encourage.. --- client/cmdlfpac.c | 28 ++++++++++++++++++---------- client/cmdlfpac.h | 6 ++++++ client/cmdlfparadox.c | 6 +++++- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/client/cmdlfpac.c b/client/cmdlfpac.c index 864506089..6ea0af7d6 100644 --- a/client/cmdlfpac.c +++ b/client/cmdlfpac.c @@ -9,13 +9,6 @@ //----------------------------------------------------------------------------- #include "cmdlfpac.h" -#include "cmdparser.h" // command_t -#include "comms.h" -#include "ui.h" -#include "cmddata.h" -#include "cmdlf.h" -#include "lfdemod.h" // preamble test - static int CmdHelp(const char *Cmd); //see NRZDemod for what args are accepted @@ -63,10 +56,25 @@ static int CmdPacRead(const char *Cmd) { return CmdPacDemod(Cmd); } +static int CmdPacClone(const char *Cmd) { + // possible to raw hex and clone + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + +static int CmdPacSim(const char *Cmd) { + + // NRZ sim. + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + static command_t CommandTable[] = { - {"help", CmdHelp, AlwaysAvailable, "This help"}, - {"demod", CmdPacDemod, AlwaysAvailable, "Demodulate an PAC tag from the GraphBuffer"}, - {"read", CmdPacRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"demod", CmdPacDemod, AlwaysAvailable, "Demodulate an PAC tag from the GraphBuffer"}, + {"read", CmdPacRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"}, + {"clone", CmdPacClone, IfPm3Lf, "clone PAC tag"}, + {"sim", CmdPacSim, IfPm3Lf, "simulate PAC tag"}, {NULL, NULL, NULL, NULL} }; diff --git a/client/cmdlfpac.h b/client/cmdlfpac.h index 3c9c4fbda..edb05b7a5 100644 --- a/client/cmdlfpac.h +++ b/client/cmdlfpac.h @@ -10,6 +10,12 @@ #define CMDLFPAC_H__ #include "common.h" +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "lfdemod.h" // preamble test int CmdLFPac(const char *Cmd); diff --git a/client/cmdlfparadox.c b/client/cmdlfparadox.c index 4cb0d484f..440f47ced 100644 --- a/client/cmdlfparadox.c +++ b/client/cmdlfparadox.c @@ -112,6 +112,10 @@ static int CmdParadoxRead(const char *Cmd) { return CmdParadoxDemod(Cmd); } +static int CmdParadoxClone(const char *Cmd) { + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} static int CmdParadoxSim(const char *Cmd) { PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); @@ -165,7 +169,7 @@ static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"demod", CmdParadoxDemod, AlwaysAvailable, "Demodulate a Paradox FSK tag from the GraphBuffer"}, {"read", CmdParadoxRead, IfPm3Lf, "Attempt to read and Extract tag data from the antenna"}, -// {"clone", CmdParadoxClone, IfPm3Lf, "clone paradox tag"}, + {"clone", CmdParadoxClone, IfPm3Lf, "clone paradox tag"}, {"sim", CmdParadoxSim, IfPm3Lf, "simulate paradox tag"}, {NULL, NULL, NULL, NULL} }; From 75f4a08f5392a4b7b0647b5a8b19fe971695c91e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 20:56:43 +0200 Subject: [PATCH 19/21] chg 'lf noralsy clone' - uses verifywrite --- client/cmdlfnoralsy.c | 27 ++++++++++++++------------- client/cmdlfnoralsy.h | 13 +++++++++++++ 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/client/cmdlfnoralsy.c b/client/cmdlfnoralsy.c index cc1db82ca..146c6b350 100644 --- a/client/cmdlfnoralsy.c +++ b/client/cmdlfnoralsy.c @@ -9,18 +9,6 @@ //----------------------------------------------------------------------------- #include "cmdlfnoralsy.h" -#include -#include -#include - -#include "cmdparser.h" // command_t -#include "comms.h" -#include "ui.h" -#include "cmddata.h" -#include "cmdlf.h" -#include "protocols.h" // for T55xx config register definitions -#include "lfdemod.h" // parityTest - static int CmdHelp(const char *Cmd); static int usage_lf_noralsy_clone(void) { @@ -150,7 +138,7 @@ static int CmdNoralsyClone(const char *Cmd) { year = param_get32ex(Cmd, 1, 2000, 10); //Q5 - if (param_getchar(Cmd, 2) == 'Q' || param_getchar(Cmd, 2) == 'q') + if (tolower(param_getchar(Cmd, 2) == 'q')) blocks[0] = T5555_MODULATION_MANCHESTER | T5555_SET_BITRATE(32) | T5555_ST_TERMINATOR | 3 << T5555_MAXBLOCK_SHIFT; if (getnoralsyBits(id, year, bits) != PM3_SUCCESS) { @@ -166,6 +154,7 @@ static int CmdNoralsyClone(const char *Cmd) { PrintAndLogEx(INFO, "Preparing to clone Noralsy to T55x7 with CardId: %u", id); print_blocks(blocks, 4); + uint8_t res = 0; PacketResponseNG resp; // fast push mode @@ -187,7 +176,19 @@ static int CmdNoralsyClone(const char *Cmd) { PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation."); return PM3_ETIMEOUT; } + + // write block0, needs a detect. + if (i == 0) + t55xxAquireAndDetect(false, 0, blocks[i], false); + + if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false) + res++; + } + + if ( res == 0 ) + PrintAndLogEx(SUCCESS, "Success writing to tag"); + return PM3_SUCCESS; } diff --git a/client/cmdlfnoralsy.h b/client/cmdlfnoralsy.h index f76accab7..56ae31372 100644 --- a/client/cmdlfnoralsy.h +++ b/client/cmdlfnoralsy.h @@ -11,6 +11,19 @@ #include "common.h" +#include +#include +#include + +#include "cmdparser.h" // command_t +#include "comms.h" +#include "ui.h" +#include "cmddata.h" +#include "cmdlf.h" +#include "protocols.h" // for T55xx config register definitions +#include "lfdemod.h" // parityTest +#include "cmdlft55xx.h" // verifywrite + int CmdLFNoralsy(const char *Cmd); int demodNoralsy(void); From 8ba2f5b06ce3fc8a6bc0840bc9adbc24d42ec304 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 15 Sep 2019 21:00:38 +0200 Subject: [PATCH 20/21] encourage --- client/cmdlfnexwatch.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/client/cmdlfnexwatch.c b/client/cmdlfnexwatch.c index bad9dea4f..5a5e127b1 100644 --- a/client/cmdlfnexwatch.c +++ b/client/cmdlfnexwatch.c @@ -81,10 +81,25 @@ static int CmdNexWatchRead(const char *Cmd) { return CmdNexWatchDemod(Cmd); } +static int CmdNexWatchClone(const char *Cmd) { + + // should be able to clone the raw hex. + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + +static int CmdNexWatchSim(const char *Cmd) { + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); + return PM3_SUCCESS; +} + + static command_t CommandTable[] = { - {"help", CmdHelp, AlwaysAvailable, "This help"}, - {"demod", CmdNexWatchDemod, AlwaysAvailable, "Demodulate a NexWatch tag (nexkey, quadrakey) from the GraphBuffer"}, - {"read", CmdNexWatchRead, IfPm3Lf, "Attempt to Read and Extract tag data from the antenna"}, + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"demod", CmdNexWatchDemod, AlwaysAvailable, "Demodulate a NexWatch tag (nexkey, quadrakey) from the GraphBuffer"}, + {"read", CmdNexWatchRead, IfPm3Lf, "Attempt to Read and Extract tag data from the antenna"}, + {"clone", CmdNexWatchClone, IfPm3Lf, "clone NexWatch tag"}, + {"sim", CmdNexWatchSim, IfPm3Lf, "simulate NexWatch tag"}, {NULL, NULL, NULL, NULL} }; From 775394ae583a6e9354454530d12c7f48ea7465cc Mon Sep 17 00:00:00 2001 From: Iceman Date: Mon, 16 Sep 2019 10:21:18 +0200 Subject: [PATCH 21/21] Update appmain.c yet again some my unreleased stuff snuck in.. --- armsrc/appmain.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 214e439b0..058a4709e 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1223,11 +1223,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_ICLASS_READER: { - struct p { - uint8_t flags; - } PACKED; - struct p *payload = (struct p *)packet->data.asBytes; - ReaderIClass(payload->flags); + ReaderIClass(packet->oldarg[0]); break; } case CMD_HF_ICLASS_REPLAY: {