mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-14 10:37:23 -07:00
just for testing, lf keri clone , now has experimental support for EM4305
This commit is contained in:
iceman1001
parent
50c0d93951
commit
0ccbd6e0fb
3 changed files with 92 additions and 16 deletions
|
|
@ -352,7 +352,67 @@ static int em4x05_demod_resp(uint32_t *word, bool onlyPreamble) {
|
|||
return res;
|
||||
}
|
||||
|
||||
|
||||
//////////////// 4205 / 4305 commands
|
||||
|
||||
static bool em4x05_verify_write(uint8_t addr, uint32_t pwd, bool use_pwd, uint32_t data) {
|
||||
uint32_t r = 0;
|
||||
int res = em4x05_read_word_ext(addr, pwd, use_pwd, &r);
|
||||
if (res == PM3_SUCCESS) {
|
||||
return (r == data);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
int em4x05_clone_tag(uint32_t *blockdata, uint8_t numblocks, uint32_t pwd, bool use_pwd) {
|
||||
|
||||
if (blockdata == NULL)
|
||||
return PM3_EINVARG;
|
||||
|
||||
if (numblocks < 1 || numblocks > 8)
|
||||
return PM3_EINVARG;
|
||||
|
||||
// fast push mode
|
||||
conn.block_after_ACK = true;
|
||||
|
||||
int res = em4x05_write_word_ext(EM_CONFIG_BLOCK, pwd, use_pwd, blockdata[0]);
|
||||
if (res != PM3_SUCCESS) {
|
||||
PrintAndLogEx(FAILED, "(em4x05_clone_tag) Time out writing to tag");
|
||||
return res;
|
||||
}
|
||||
|
||||
for (int8_t i = 1; i < numblocks; i++) {
|
||||
|
||||
// Disable fast mode on last packet
|
||||
if (i == numblocks - 1) {
|
||||
conn.block_after_ACK = false;
|
||||
}
|
||||
|
||||
res = em4x05_write_word_ext(4 + i, pwd, use_pwd, blockdata[i]);
|
||||
if (res != PM3_SUCCESS) {
|
||||
PrintAndLogEx(FAILED, "(em4x05_clone_tag) Time out writing to tag");
|
||||
return res;
|
||||
}
|
||||
}
|
||||
|
||||
res = 0;
|
||||
if (em4x05_verify_write(EM_CONFIG_BLOCK, use_pwd, pwd, blockdata[0]) == false) {
|
||||
res++;
|
||||
}
|
||||
|
||||
for (int8_t i = 1; i < numblocks; i++) {
|
||||
if (em4x05_verify_write(4 + i, use_pwd, pwd, blockdata[i]) == false) {
|
||||
res++;
|
||||
}
|
||||
}
|
||||
|
||||
if (res == 0) {
|
||||
PrintAndLogEx(SUCCESS, "Success writing to tag");
|
||||
}
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int em4x05_login_ext(uint32_t pwd) {
|
||||
|
||||
struct {
|
||||
|
|
@ -376,7 +436,7 @@ static int em4x05_login_ext(uint32_t pwd) {
|
|||
return em4x05_demod_resp(&word, true);
|
||||
}
|
||||
|
||||
int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *word) {
|
||||
int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool use_pwd, uint32_t *word) {
|
||||
|
||||
struct {
|
||||
uint32_t password;
|
||||
|
|
@ -386,7 +446,7 @@ int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *word
|
|||
|
||||
payload.password = pwd;
|
||||
payload.address = addr;
|
||||
payload.usepwd = usePwd;
|
||||
payload.usepwd = use_pwd;
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_LF_EM4X_READWORD, (uint8_t *)&payload, sizeof(payload));
|
||||
|
|
@ -402,7 +462,7 @@ int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *word
|
|||
return em4x05_demod_resp(word, false);
|
||||
}
|
||||
|
||||
int em4x05_write_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t data) {
|
||||
int em4x05_write_word_ext(uint8_t addr, uint32_t pwd, bool use_pwd, uint32_t data) {
|
||||
struct {
|
||||
uint32_t password;
|
||||
uint32_t data;
|
||||
|
|
@ -413,7 +473,7 @@ int em4x05_write_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t data
|
|||
payload.password = pwd;
|
||||
payload.data = data;
|
||||
payload.address = addr;
|
||||
payload.usepwd = usePwd;
|
||||
payload.usepwd = use_pwd;
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_LF_EM4X_WRITEWORD, (uint8_t *)&payload, sizeof(payload));
|
||||
|
|
|
|||
|
|
@ -61,8 +61,9 @@ typedef enum {
|
|||
int CmdLFEM4X05(const char *Cmd);
|
||||
|
||||
bool em4x05_isblock0(uint32_t *word);
|
||||
int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t *word);
|
||||
int em4x05_write_word_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t data);
|
||||
int em4x05_read_word_ext(uint8_t addr, uint32_t pwd, bool use_pwd, uint32_t *word);
|
||||
int em4x05_write_word_ext(uint8_t addr, uint32_t pwd, bool use_pwd, uint32_t data);
|
||||
int em4x05_clone_tag(uint32_t *blockdata, uint8_t numblocks, uint32_t pwd, bool use_pwd);
|
||||
|
||||
int CmdEM4x05Demod(const char *Cmd);
|
||||
int CmdEM4x05Dump(const char *Cmd);
|
||||
|
|
|
|||
|
|
@ -8,23 +8,21 @@
|
|||
// PSK1, RF/128, RF/2, 64 bits long
|
||||
//-----------------------------------------------------------------------------
|
||||
#include "cmdlfkeri.h"
|
||||
|
||||
#include <string.h>
|
||||
#include <inttypes.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "commonutil.h" // ARRAYLEN
|
||||
#include "commonutil.h" // ARRAYLEN
|
||||
#include "cmdparser.h" // command_t
|
||||
#include "cliparser.h"
|
||||
#include "comms.h"
|
||||
#include "ui.h"
|
||||
#include "cmddata.h"
|
||||
#include "cmdlf.h"
|
||||
#include "protocols.h" // for T55xx config register definitions
|
||||
#include "lfdemod.h" // preamble test
|
||||
#include "cmdlft55xx.h" // verifywrite
|
||||
#include "protocols.h" // for T55xx config register definitions
|
||||
#include "lfdemod.h" // preamble test
|
||||
#include "cmdlft55xx.h" // verifywrite
|
||||
#include "cmdlfem4x05.h" //
|
||||
|
||||
static int CmdHelp(const char *Cmd);
|
||||
typedef enum {Scramble = 0, Descramble = 1} KeriMSScramble_t;
|
||||
|
|
@ -185,7 +183,7 @@ static int CmdKeriRead(const char *Cmd) {
|
|||
|
||||
static int CmdKeriClone(const char *Cmd) {
|
||||
|
||||
bool q5 = false;
|
||||
bool q5 = false, em4305 = false;
|
||||
|
||||
uint8_t keritype[2] = {'i'}; // default to internalid
|
||||
int typeLen = 0;
|
||||
|
|
@ -207,7 +205,7 @@ static int CmdKeriClone(const char *Cmd) {
|
|||
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "lf keri clone",
|
||||
"clone a KERI tag to a T55x7 or Q5/T5555 tag",
|
||||
"clone a KERI tag to a T55x7, Q5/T5555 or EM4305 tag",
|
||||
"lf keri clone -t i --id 12345\n"
|
||||
"lf keri clone -t m --fc 6 --id 12345\n");
|
||||
|
||||
|
|
@ -217,6 +215,7 @@ static int CmdKeriClone(const char *Cmd) {
|
|||
arg_str0("t", "type", "<m|i>", "Type m - MS, i - Internal ID"),
|
||||
arg_int0(NULL, "fc", "<dec>", "Facility Code"),
|
||||
arg_int1(NULL, "id", "<dec>", "Keri ID"),
|
||||
arg_lit0(NULL, "em4305", "specify writing to EM5405 tag"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||
|
|
@ -225,12 +224,22 @@ static int CmdKeriClone(const char *Cmd) {
|
|||
blocks[0] = T5555_FIXED | T5555_MODULATION_PSK1 | T5555_SET_BITRATE(32) | T5555_PSK_RF_2 | 2 << T5555_MAXBLOCK_SHIFT;
|
||||
q5 = true;
|
||||
}
|
||||
if (arg_get_lit(ctx, 5)) {
|
||||
blocks[0] = EM4305_KERI_CONFIG_BLOCK;
|
||||
em4305 = true;
|
||||
}
|
||||
|
||||
typeLen = sizeof(keritype);
|
||||
CLIGetStrWithReturn(ctx, 2, keritype, &typeLen);
|
||||
|
||||
fc = arg_get_int_def(ctx, 3, 0);
|
||||
cid = arg_get_int_def(ctx, 4, 0);
|
||||
CLIParserFree(ctx);
|
||||
|
||||
if (q5 && em4305) {
|
||||
PrintAndLogEx(FAILED, "Can't specify both Q5 and EM4305 at the same time");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
|
||||
// Setup card data/build internal id
|
||||
switch (keritype[0]) {
|
||||
|
|
@ -256,7 +265,13 @@ static int CmdKeriClone(const char *Cmd) {
|
|||
|
||||
print_blocks(blocks, ARRAYLEN(blocks));
|
||||
|
||||
int res = clone_t55xx_tag(blocks, ARRAYLEN(blocks));
|
||||
int res;
|
||||
if (em4305) {
|
||||
res = em4x05_clone_tag(blocks, ARRAYLEN(blocks), 0, false);
|
||||
} else {
|
||||
res = clone_t55xx_tag(blocks, ARRAYLEN(blocks));
|
||||
}
|
||||
|
||||
PrintAndLogEx(SUCCESS, "Done");
|
||||
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf keri read`") " to verify");
|
||||
return res;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue