From 197cae811f35d14d4d73de7035a16b50433cf56f Mon Sep 17 00:00:00 2001 From: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> Date: Mon, 17 Mar 2025 20:30:40 +0000 Subject: [PATCH] Update lf_t55xx_fix.lua Signed-off-by: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> --- client/luascripts/lf_t55xx_fix.lua | 106 ++++++++++++++++++++--------- 1 file changed, 73 insertions(+), 33 deletions(-) diff --git a/client/luascripts/lf_t55xx_fix.lua b/client/luascripts/lf_t55xx_fix.lua index a77cb2b9b..9a90b3f49 100644 --- a/client/luascripts/lf_t55xx_fix.lua +++ b/client/luascripts/lf_t55xx_fix.lua @@ -5,17 +5,20 @@ local os = require('os') local dash = string.rep('--', 32) local dir = os.getenv('HOME') .. '/.proxmark3/logs/' local logfile = (io.popen('dir /a-d /o-d /tw /b/s "' .. dir .. '" 2>nul:'):read("*a"):match("%C+")) +local pm3 = require('pm3') +p = pm3.pm3() local command = core.console +command('clear') author = ' Author: jareckib - 15.02.2025' -version = ' version v1.00' +version = ' version v1.01' desc = [[ This simple script first checks if a password has been set for the T5577. It uses the dictionary t55xx_default_pwds.dic for this purpose. If a password is found, it uses the wipe command to erase the T5577. Then the reanimation procedure is applied. If the password is not found or doesn't exist the script only performs the reanimation procedure. The script revives 99% of blocked tags. - ]] +]] usage = [[ script run lf_t55xx_fix ]] @@ -44,6 +47,25 @@ local function read_log_file(logfile) return content end +local function sleep(n) + os.execute("sleep " ..tonumber(n)) +end + +function wait(msec) + local t = os.clock() + repeat + until os.clock() > t + msec * 1e-3 +end + +local function timer(n) + while n > 0 do + io.write("::::: "..ac.yellow.. tonumber(n) ..ac.yellow.." sec "..ac.reset..":::::\r") + sleep(1) + io.flush() + n = n-1 + end +end + local function extract_password(log_content) for line in log_content:gmatch("[^\r\n]+") do local password = line:match('%[%+%] found valid password: %[ (%x%x%x%x%x%x%x%x) %]') @@ -54,48 +76,66 @@ local function extract_password(log_content) return nil end -local function reanimate_t5577(password) - if password then - command('clear') - print(dash) - print(" Using found password to wipe: " .. password) - print(dash) - command('lf t55 wipe -p ' .. password) - else - command('clear') - print(dash) - print(ac.yellow.." No valid password found, proceeding with reanimation."..ac.reset) - print(dash) - end - command('lf t55 write -b 0 -d 000880E8 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r0 -t -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r1 -t -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r2 -t -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r3 -t -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --r0 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --r1 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --r2 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --r3 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r0 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r1 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r2 -p 00000000') - command('lf t55 write -b 0 -d 000880E0 --pg1 --r3 -p 00000000') - command('lf t55 detect') - local file = io.open(logfile, "w+") +local function reset_log_file() + local file = io.open(logfile, "w+") file:write("") file:close() - print(dash) - print('all done!') +end + +local function reanimate_t5577(password) + if password then + p:console('lf t55 wipe -p ' .. password) + print("T5577 wiped using a password: " ..ac.green.. password ..ac.reset) + else + print(ac.yellow.."No valid password found, proceeding with reanimation."..ac.reset) + end + + p:console('lf t55 write -b 0 -d 000880E8 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r0 -t -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r1 -t -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r2 -t -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r3 -t -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --r0 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --r1 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --r2 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --r3 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r0 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r1 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r2 -p 00000000') + p:console('lf t55 write -b 0 -d 000880E0 --pg1 --r3 -p 00000000') + reset_log_file() end local function main(args) for o, a in getopt.getopt(args, 'h') do if o == 'h' then return help() end end - command('lf t55 chk') + p:console('clear') + print(' I am initiating the repair process for '..ac.cyan..'T5577'..ac.reset) + print(dash) + print("::: "..ac.cyan.."Hold on, I'm searching for a password in the dictionary"..ac.reset.." :::") + print(dash) + p:console('lf t55 chk') + timer(5) local log_content = read_log_file(logfile) local password = log_content and extract_password(log_content) or nil reanimate_t5577(password) + p:console('lf t55 detect') + timer(5) + local success = false + for line in p.grabbed_output:gmatch("[^\r\n]+") do + if line:find("000880E0") then + success = true + break + end + end + + if success then + print('Recovery of '..ac.cyan..'T5577'..ac.reset..' was successful !!!') + else + print('Recovery of '..ac.cyan..'T5577'..ac.reset..' was unsuccessful !!!') + end + print(dash) end main(args)