Merge pull request #1169 from tharexde/dev_4x50_sim_full

dev 4x50 sim full
2025-08-21 05:43:48 -07:00 · 2021-01-20 21:45:13 +01:00 · 2021-01-20 21:45:13 +01:00 · 2829e20d4b
commit 2829e20d4b
parent f91249c2a4 843dd9bef4
7 changed files with 790 additions and 210 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...

 ## [unreleased][unreleased]
+ - Added support for bidirectional communication for `lf em 4x50 sim` (@tharexde)
 - Added `tools/hitag2crack/crack5opencl`, an optimized version of `crack5gpu` (@matrix)
 - Fixed Makefile to account for changes when running on Apple Silicon (@tcprst)
 - Added support for debugging ARM with JTAG & VSCode (@Gator96100)
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -1145,7 +1145,7 @@ static void PacketReceived(PacketCommandNG *packet) {
            // destroy the Emulator Memory.
            //-----------------------------------------------------------------------------
            FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
-            em4x50_sim((uint8_t *)packet->data.asBytes);
+            em4x50_sim((uint32_t *)packet->data.asBytes);
            break;
        }
        case CMD_LF_EM4X50_READER: {
--- a/armsrc/em4x50.c
+++ b/armsrc/em4x50.c
--- a/armsrc/em4x50.h
+++ b/armsrc/em4x50.h
@ -19,7 +19,7 @@ void em4x50_writepwd(em4x50_data_t *etd);
 void em4x50_read(em4x50_data_t *etd);
 void em4x50_brute(em4x50_data_t *etd);
 void em4x50_login(uint32_t *password);
-void em4x50_sim(uint8_t *filename);
+void em4x50_sim(uint32_t *password);
 void em4x50_reader(void);
 void em4x50_chk(uint8_t *filename);

--- a/client/src/cmdlfem4x50.c
+++ b/client/src/cmdlfem4x50.c
@ -1129,31 +1129,66 @@ int CmdEM4x50Restore(const char *Cmd) {
 }

 int CmdEM4x50Sim(const char *Cmd) {
+    
+    int status = PM3_EFAILED;
+    uint32_t password = 0;
+    
    CLIParserContext *ctx;
    CLIParserInit(&ctx, "lf em 4x50 sim",
                  "Simulates a EM4x50 tag.\n"
                  "Upload using `lf em 4x50 eload`",
                  "lf em 4x50 sim"
+                  "lf em 4x50 sim -p 27182818   -> uses password for eload data"
                 );

    void *argtable[] = {
        arg_param_begin,
+        arg_str0("p", "passsword", "<hex>", "password, 4 bytes, lsb"),
        arg_param_end
    };

    CLIExecWithReturn(ctx, Cmd, argtable, true);
+    int pwd_len = 0;
+    uint8_t pwd[4] = {0};
+    CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len);
+    CLIParserFree(ctx);
+
+    if (pwd_len) {
+        if (pwd_len != 4) {
+            PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len);
+            return PM3_EINVARG;
+        } else {
+            password = BYTES2UINT32(pwd);
+        }
+    }
    CLIParserFree(ctx);

    PrintAndLogEx(INFO, "Simulating data from emulator memory");

    clearCommandBuffer();
-    SendCommandNG(CMD_LF_EM4X50_SIM, NULL, 0);
+    SendCommandNG(CMD_LF_EM4X50_SIM, (uint8_t *)&password, sizeof(password));
    PacketResponseNG resp;
-    WaitForResponse(CMD_LF_EM4X50_SIM, &resp);
-    if (resp.status == PM3_SUCCESS)
+    
+    PrintAndLogEx(INFO, "Press pm3-button to abort simulation");
+    bool keypress = kbd_enter_pressed();
+    while (keypress == false) {
+        keypress = kbd_enter_pressed();
+
+        if (WaitForResponseTimeout(CMD_LF_EM4X50_SIM, &resp, 1500)) {
+            status = resp.status;
+            break;
+        }
+
+    }
+    if (keypress) {
+        SendCommandNG(CMD_BREAK_LOOP, NULL, 0);
+        status = PM3_EOPABORTED;
+    }
+
+    if ((status == PM3_SUCCESS) || (status == PM3_EOPABORTED))
        PrintAndLogEx(INFO, "Done");
    else
-        PrintAndLogEx(FAILED, "No valid em4x50 data in memory.");
+        PrintAndLogEx(FAILED, "No valid em4x50 data in memory");

    return resp.status;
 }
@ -1188,3 +1223,4 @@ int CmdLFEM4X50(const char *Cmd) {
    clearCommandBuffer();
    return CmdsParse(CommandTable, Cmd);
 }
+
--- a/client/src/cmdlfem4x70.h
+++ b/client/src/cmdlfem4x70.h
@ -12,7 +12,6 @@
 #define CMDLFEM4X70_H__

 #include "common.h"
-#include "em4x50.h"

 #define TIMEOUT                     2000

--- a/include/em4x50.h
+++ b/include/em4x50.h
@ -37,6 +37,8 @@
 #define TIMEOUT                     2000
 #define DUMP_FILESIZE               136

+#define BYTES2UINT32(x) ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | (x[3]))
+
 typedef struct {
    bool addr_given;
    bool pwd_given;