github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-22 06:13:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #19 from RfidResearchGroup/master

Browse source 
Update from rrg
This commit is contained in:
mwalker33 2019-10-13 12:29:26 +11:00 committed by GitHub
commit 2b6ce17f60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
46 changed files with 40634 additions and 313 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Makefile
View file

@ -197,12 +197,12 @@ style:
# Make sure astyle is installed # Make sure astyle is installed
@which astyle >/dev/null || ( echo "Please install 'astyle' package first" ; exit 1 ) @which astyle >/dev/null || ( echo "Please install 'astyle' package first" ; exit 1 )
# Remove spaces & tabs at EOL, add LF at EOF if needed on *.c, *.h, *.cpp. *.lua, *.py, *.pl, Makefile # Remove spaces & tabs at EOL, add LF at EOF if needed on *.c, *.h, *.cpp. *.lua, *.py, *.pl, Makefile
find . \( -name "*.[ch]" -or \( -name "*.cpp" -and -not -name "*.moc.cpp" \) -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "Makefile" -or -name "*.v" \) \ find . \( -not -path "./cov-int/*" -and \( -name "*.[ch]" -or \( -name "*.cpp" -and -not -name "*.moc.cpp" \) -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "Makefile" -or -name "*.v" \) \) \
-exec perl -pi -e 's/[ \t]+$$//' {} \; \ -exec perl -pi -e 's/[ \t]+$$//' {} \; \
-exec sh -c "tail -c1 {} | xxd -p | tail -1 | grep -q -v 0a$$" \; \ -exec sh -c "tail -c1 {} | xxd -p | tail -1 | grep -q -v 0a$$" \; \
-exec sh -c "echo >> {}" \; -exec sh -c "echo >> {}" \;
# Apply astyle on *.c, *.h, *.cpp # Apply astyle on *.c, *.h, *.cpp
find . \( -name "*.[ch]" -or \( -name "*.cpp" -and -not -name "*.moc.cpp" \) \) -exec astyle --formatted --mode=c --suffix=none \ find . \( -not -path "./cov-int/*" -and \( -name "*.[ch]" -or \( -name "*.cpp" -and -not -name "*.moc.cpp" \) \) \) -exec astyle --formatted --mode=c --suffix=none \
--indent=spaces=4 --indent-switches \ --indent=spaces=4 --indent-switches \
--keep-one-line-blocks --max-instatement-indent=60 \ --keep-one-line-blocks --max-instatement-indent=60 \
--style=google --pad-oper --unpad-paren --pad-header \ --style=google --pad-oper --unpad-paren --pad-header \

4
armsrc/appmain.c
View file

@ -214,7 +214,7 @@ void MeasureAntennaTuning(void) {
} }
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_ng(CMD_MEASURE_ANTENNA_TUNING, PM3_SUCCESS, (uint8_t*)&payload, sizeof(payload)); reply_ng(CMD_MEASURE_ANTENNA_TUNING, PM3_SUCCESS, (uint8_t *)&payload, sizeof(payload));
LEDsoff(); LEDsoff();
} }
@ -234,7 +234,7 @@ uint16_t MeasureAntennaTuningHfData(void) {
// Measure LF in milliVolt // Measure LF in milliVolt
uint32_t MeasureAntennaTuningLfData(void) { uint32_t MeasureAntennaTuningLfData(void) {
return (MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10; return (MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10;
} }
void ReadMem(int addr) { void ReadMem(int addr) {

2
armsrc/iso14443a.c
View file

@ -3034,7 +3034,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {
memcpy(payload.nr, mf_nr_ar, sizeof(payload.nr)); memcpy(payload.nr, mf_nr_ar, sizeof(payload.nr));
memcpy(payload.ar, mf_nr_ar + 4, sizeof(payload.ar)); memcpy(payload.ar, mf_nr_ar + 4, sizeof(payload.ar));
reply_ng(CMD_HF_MIFARE_READER, return_status, (uint8_t*)&payload, sizeof(payload)); reply_ng(CMD_HF_MIFARE_READER, return_status, (uint8_t *)&payload, sizeof(payload));
hf_field_off(); hf_field_off();
set_tracing(false); set_tracing(false);

6
armsrc/lfops.c
View file

@ -404,7 +404,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t period_0, uint
DbpString("[!] Warning periods cannot be less than 7us in bit bang mode"); DbpString("[!] Warning periods cannot be less than 7us in bit bang mode");
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF(); LED_D_OFF();
reply_ng(CMD_LF_MOD_THEN_ACQ_RAW_ADC, PM3_EINVARG, NULL, 0); reply_ng(CMD_LF_MOD_THEN_ACQ_RAW_ADC, PM3_EINVARG, NULL, 0);
return; return;
} }
@ -1708,12 +1708,12 @@ void T55xxDangerousRawTest(uint8_t *data) {
t55xx_test_block_t *c = (t55xx_test_block_t *)data; t55xx_test_block_t *c = (t55xx_test_block_t *)data;
uint8_t start_wait = 4; uint8_t start_wait = 4;
uint8_t bs[128/8]; uint8_t bs[128 / 8];
memset(bs, 0x00, sizeof(bs)); memset(bs, 0x00, sizeof(bs));
uint8_t len = 0; uint8_t len = 0;
if (c->bitlen == 0 || c->bitlen > 128 || c->time == 0) if (c->bitlen == 0 || c->bitlen > 128 || c->time == 0)
reply_ng(CMD_LF_T55XX_DANGERRAW, PM3_EINVARG, NULL, 0); reply_ng(CMD_LF_T55XX_DANGERRAW, PM3_EINVARG, NULL, 0);
for (uint8_t i=0; i<c->bitlen; i++) for (uint8_t i = 0; i < c->bitlen; i++)
len = T55xx_SetBits(bs, len, c->data[i], 1, sizeof(bs)); len = T55xx_SetBits(bs, len, c->data[i], 1, sizeof(bs));
if (DBGLEVEL > 1) { if (DBGLEVEL > 1) {

9
armsrc/lfsampling.c
View file

@ -23,13 +23,15 @@ Default LF config is set to:
averaging = YES averaging = YES
divisor = 95 (125kHz) divisor = 95 (125kHz)
trigger_threshold = 0 trigger_threshold = 0
samples_to_skip = 0
verbose = YES
*/ */
sample_config config = { 1, 8, 1, LF_DIVISOR_125, 0, 0 } ; sample_config config = { 1, 8, 1, LF_DIVISOR_125, 0, 0, 1} ;
void printConfig() { void printConfig() {
uint32_t d = config.divisor; uint32_t d = config.divisor;
DbpString(_BLUE_("LF Sampling config")); DbpString(_BLUE_("LF Sampling config"));
Dbprintf(" [q] divisor.............%d ( "_GREEN_("%d.%02d kHz")")", d, 12000 / (d+1), ((1200000 + (d+1)/2) / (d+1)) - ((12000 / (d+1)) * 100)); Dbprintf(" [q] divisor.............%d ( "_GREEN_("%d.%02d kHz")")", d, 12000 / (d + 1), ((1200000 + (d + 1) / 2) / (d + 1)) - ((12000 / (d + 1)) * 100));
Dbprintf(" [b] bps.................%d", config.bits_per_sample); Dbprintf(" [b] bps.................%d", config.bits_per_sample);
Dbprintf(" [d] decimation..........%d", config.decimation); Dbprintf(" [d] decimation..........%d", config.decimation);
Dbprintf(" [a] averaging...........%s", (config.averaging) ? "Yes" : "No"); Dbprintf(" [a] averaging...........%s", (config.averaging) ? "Yes" : "No");
@ -59,7 +61,8 @@ void setSamplingConfig(sample_config *sc) {
config.averaging = sc->averaging; config.averaging = sc->averaging;
if (config.bits_per_sample > 8) config.bits_per_sample = 8; if (config.bits_per_sample > 8) config.bits_per_sample = 8;
printConfig(); if (sc->verbose)
printConfig();
} }
sample_config *getSamplingConfig() { sample_config *getSamplingConfig() {

22
armsrc/mifarecmd.c
View file

@ -952,8 +952,8 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
// cards with fixed nonce // cards with fixed nonce
if (nt1 == nt2) { if (nt1 == nt2) {
Dbprintf("Nested: %08x vs %08x", nt1, nt2); Dbprintf("Nested: %08x vs %08x", nt1, nt2);
break; break;
} }
uint32_t nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160 uint32_t nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160
@ -1064,14 +1064,14 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
crypto1_destroy(pcs); crypto1_destroy(pcs);
struct p { struct p {
int16_t isOK; int16_t isOK;
uint8_t block; uint8_t block;
uint8_t keytype; uint8_t keytype;
uint8_t cuid[4]; uint8_t cuid[4];
uint8_t nt_a[4]; uint8_t nt_a[4];
uint8_t ks_a[4]; uint8_t ks_a[4];
uint8_t nt_b[4]; uint8_t nt_b[4];
uint8_t ks_b[4]; uint8_t ks_b[4];
} PACKED payload; } PACKED payload;
payload.isOK = isOK; payload.isOK = isOK;
payload.block = targetBlockNo; payload.block = targetBlockNo;
@ -1084,7 +1084,7 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8
memcpy(payload.ks_b, &target_ks[1], 4); memcpy(payload.ks_b, &target_ks[1], 4);
LED_B_ON(); LED_B_ON();
reply_ng(CMD_HF_MIFARE_NESTED, PM3_SUCCESS, (uint8_t*)&payload, sizeof(payload)); reply_ng(CMD_HF_MIFARE_NESTED, PM3_SUCCESS, (uint8_t *)&payload, sizeof(payload));
LED_B_OFF(); LED_B_OFF();
if (DBGLEVEL >= 3) DbpString("NESTED FINISHED"); if (DBGLEVEL >= 3) DbpString("NESTED FINISHED");

2
armsrc/mifaresim.c
View file

@ -723,7 +723,7 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
// iceman, u8 can never be larger than 256 // iceman, u8 can never be larger than 256
// if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack // if authenticating to a block that shouldn't exist - as long as we are not doing the reader attack
if ( ((flags & FLAG_NR_AR_ATTACK) != FLAG_NR_AR_ATTACK) ) { if (((flags & FLAG_NR_AR_ATTACK) != FLAG_NR_AR_ATTACK)) {
EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA)); EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking", receivedCmd_dec[0], receivedCmd_dec[1], receivedCmd_dec[1]); if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("Reader tried to operate (0x%02x) on out of range block: %d (0x%02x), nacking", receivedCmd_dec[0], receivedCmd_dec[1], receivedCmd_dec[1]);
break; break;

2
client/Makefile
View file

@ -227,7 +227,7 @@ CMDSRCS = crapto1/crapto1.c \
cmdlfti.c \ cmdlfti.c \
cmdlfviking.c \ cmdlfviking.c \
cmdlfvisa2000.c \ cmdlfvisa2000.c \
cmdlfverichip.c \ cmdlfmotorola.c \
cmdtrace.c \ cmdtrace.c \
cmdflashmem.c \ cmdflashmem.c \
cmdflashmemspiffs.c \ cmdflashmemspiffs.c \

2
client/amiitool/amiibo.c
View file

@ -145,7 +145,7 @@ bool nfc3d_amiibo_load_keys(nfc3d_amiibo_keys *amiiboKeys, const char *path) {
} }
if ((amiiboKeys->data.magicBytesSize > 16) || if ((amiiboKeys->data.magicBytesSize > 16) ||
(amiiboKeys->tag.magicBytesSize > 16)) { (amiiboKeys->tag.magicBytesSize > 16)) {
return false; return false;
} }

10
client/cmdanalyse.c
View file

@ -899,20 +899,20 @@ static int CmdAnalyseDemodBuffer(const char *Cmd) {
int bg = 0, en = 0; int bg = 0, en = 0;
if (param_getptr(Cmd, &bg, &en, 0)) if (param_getptr(Cmd, &bg, &en, 0))
return usage_analyse_demodbuffer(); return usage_analyse_demodbuffer();
int len = MIN( (en- bg + 1), MAX_DEMOD_BUF_LEN); int len = MIN((en - bg + 1), MAX_DEMOD_BUF_LEN);
// add 1 for null terminator. // add 1 for null terminator.
uint8_t *data = calloc(len + 1, sizeof(uint8_t)); uint8_t *data = calloc(len + 1, sizeof(uint8_t));
if (!data) return PM3_EMALLOC; if (!data) return PM3_EMALLOC;
for(int i = 0; bg <= en; bg++ , i++) { for (int i = 0; bg <= en; bg++, i++) {
char c = Cmd[bg]; char c = Cmd[bg];
if (c == '1') if (c == '1')
DemodBuffer[i] = 1; DemodBuffer[i] = 1;
if (c == '0') if (c == '0')
DemodBuffer[i] = 0; DemodBuffer[i] = 0;
printf("%c", c); printf("%c", c);
} }

4
client/cmddata.c
View file

@ -1673,7 +1673,7 @@ int CmdTuneSamples(const char *Cmd) {
uint8_t results[256]; uint8_t results[256];
} PACKED; } PACKED;
struct p* package = (struct p*)resp.data.asBytes; struct p *package = (struct p *)resp.data.asBytes;
if (package->v_lf125 > NON_VOLTAGE) if (package->v_lf125 > NON_VOLTAGE)
PrintAndLogEx(SUCCESS, "LF antenna: %5.2f V - %.2f kHz", (package->v_lf125 * ANTENNA_ERROR) / 1000.0, 12000.0 / (LF_DIVISOR_125 + 1)); PrintAndLogEx(SUCCESS, "LF antenna: %5.2f V - %.2f kHz", (package->v_lf125 * ANTENNA_ERROR) / 1000.0, 12000.0 / (LF_DIVISOR_125 + 1));
@ -1730,7 +1730,7 @@ int CmdTuneSamples(const char *Cmd) {
if (test1 > 0) { if (test1 > 0) {
PrintAndLogEx(SUCCESS, "\nDisplaying LF tuning graph. Divisor %d is %.2f kHz, %d is %.2f kHz.\n\n", PrintAndLogEx(SUCCESS, "\nDisplaying LF tuning graph. Divisor %d is %.2f kHz, %d is %.2f kHz.\n\n",
LF_DIVISOR_134, 12000.0 / (LF_DIVISOR_134 + 1), LF_DIVISOR_125, 12000.0 / (LF_DIVISOR_125 + 1)); LF_DIVISOR_134, 12000.0 / (LF_DIVISOR_134 + 1), LF_DIVISOR_125, 12000.0 / (LF_DIVISOR_125 + 1));
GraphTraceLen = 256; GraphTraceLen = 256;
ShowGraphWindow(); ShowGraphWindow();
RepaintGraphWindow(); RepaintGraphWindow();

2
client/cmdflashmem.c
View file

@ -117,7 +117,7 @@ static int CmdFlashmemSpiBaudrate(const char *Cmd) {
usage_flashmem_spibaud(); usage_flashmem_spibaud();
return PM3_EINVARG; return PM3_EINVARG;
} }
SendCommandNG(CMD_FLASHMEM_SET_SPIBAUDRATE, (uint8_t*)&baudrate, sizeof(uint32_t)); SendCommandNG(CMD_FLASHMEM_SET_SPIBAUDRATE, (uint8_t *)&baudrate, sizeof(uint32_t));
return PM3_SUCCESS; return PM3_SUCCESS;
} }

2
client/cmdhficlass.c
View file

@ -1839,7 +1839,7 @@ static int CmdHFiClass_loclass(const char *Cmd) {
int errors = testCipherUtils(); int errors = testCipherUtils();
errors += testMAC(); errors += testMAC();
errors += doKeyTests(0); errors += doKeyTests(0);
errors += testElite(opt2=='l'); errors += testElite(opt2 == 'l');
if (errors) PrintAndLogEx(ERR, "There were errors!!!"); if (errors) PrintAndLogEx(ERR, "There were errors!!!");
return PM3_ESOFT; return PM3_ESOFT;
} }

4
client/cmdhfmf.c
View file

@ -1866,7 +1866,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) {
} }
if (verbose) PrintAndLogEx(INFO, _YELLOW_("======================= STOP KNOWN KEY ATTACK =======================")); if (verbose) PrintAndLogEx(INFO, _YELLOW_("======================= STOP KNOWN KEY ATTACK ======================="));
if (num_found_keys == sectors_cnt * 2) if (num_found_keys == sectors_cnt * 2)
goto all_found; goto all_found;
} }
bool load_success = true; bool load_success = true;
@ -2741,7 +2741,7 @@ static int CmdHF14AMfChk(const char *Cmd) {
(keyBlock + 6 * keycnt)[3], (keyBlock + 6 * keycnt)[3],
(keyBlock + 6 * keycnt)[4], (keyBlock + 6 * keycnt)[4],
(keyBlock + 6 * keycnt)[5] (keyBlock + 6 * keycnt)[5]
); );
} }
// initialize storage for found keys // initialize storage for found keys

2
client/cmdhw.c
View file

@ -695,7 +695,7 @@ void pm3_version(bool verbose, bool oneliner) {
PrintAndLogEx(NORMAL, " compiled with " PM3CLIENTCOMPILER __VERSION__ PM3HOSTOS PM3HOSTARCH); PrintAndLogEx(NORMAL, " compiled with " PM3CLIENTCOMPILER __VERSION__ PM3HOSTOS PM3HOSTARCH);
//#if PLATFORM == PM3RDV4 //#if PLATFORM == PM3RDV4
if ( IfPm3Flash() == false && IfPm3Smartcard() == false && IfPm3FpcUsartHost() == false) { if (IfPm3Flash() == false && IfPm3Smartcard() == false && IfPm3FpcUsartHost() == false) {
PrintAndLogEx(NORMAL, "\n [ PROXMARK3 ]"); PrintAndLogEx(NORMAL, "\n [ PROXMARK3 ]");
} else { } else {
PrintAndLogEx(NORMAL, "\n [ PROXMARK3 RDV4 ]"); PrintAndLogEx(NORMAL, "\n [ PROXMARK3 RDV4 ]");

77
client/cmdlf.c
View file

@ -1,5 +1,9 @@
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Copyright (C) 2010 iZsh <izsh at fail0verflow.com> // Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
// Modified by
// Marshellow
// Iceman
// Doegox
// //
// This code is licensed to you under the terms of the GNU GPL, version 2 or, // This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of // at your option, any later version. See the LICENSE.txt file for the text of
@ -47,7 +51,7 @@
#include "cmdlfsecurakey.h" // for securakey menu #include "cmdlfsecurakey.h" // for securakey menu
#include "cmdlfpac.h" // for pac menu #include "cmdlfpac.h" // for pac menu
#include "cmdlfkeri.h" // for keri menu #include "cmdlfkeri.h" // for keri menu
#include "cmdlfverichip.h" // for VeriChip menu #include "cmdlfmotorola.h" // for Motorola menu
#include "cmdlfgallagher.h" // for GALLAGHER menu #include "cmdlfgallagher.h" // for GALLAGHER menu
bool g_lf_threshold_set = false; bool g_lf_threshold_set = false;
@ -333,13 +337,13 @@ int CmdLFCommandRead(const char *Cmd) {
} }
} }
// bitbang mode // bitbang mode
if (payload.delay == 0){ if (payload.delay == 0) {
if (payload.zeros < 7 || payload.ones < 7) { if (payload.zeros < 7 || payload.ones < 7) {
PrintAndLogEx(WARNING, "Warning periods cannot be less than 7us in bit bang mode"); PrintAndLogEx(WARNING, "Warning periods cannot be less than 7us in bit bang mode");
return PM3_EINVARG; return PM3_EINVARG;
} }
} }
//Validations //Validations
if (errors || cmdp == 0) return usage_lf_cmdread(); if (errors || cmdp == 0) return usage_lf_cmdread();
@ -449,6 +453,14 @@ int CmdFlexdemod(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
int lf_config(sample_config *config) {
if (!session.pm3_present) return PM3_ENOTTY;
clearCommandBuffer();
SendCommandNG(CMD_LF_SAMPLING_SET_CONFIG, (uint8_t *)config, sizeof(sample_config));
return PM3_SUCCESS;
}
int CmdLFConfig(const char *Cmd) { int CmdLFConfig(const char *Cmd) {
if (!session.pm3_present) return PM3_ENOTTY; if (!session.pm3_present) return PM3_ENOTTY;
@ -516,7 +528,7 @@ int CmdLFConfig(const char *Cmd) {
break; break;
case 's': case 's':
samples_to_skip = param_get32ex(Cmd, cmdp + 1, 0, 10); samples_to_skip = param_get32ex(Cmd, cmdp + 1, 0, 10);
cmdp+=2; cmdp += 2;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
@ -525,22 +537,19 @@ int CmdLFConfig(const char *Cmd) {
} }
} }
//Validations // validations
if (errors) return usage_lf_config(); if (errors) return usage_lf_config();
if (cmdp == 0) {
clearCommandBuffer();
SendCommandNG(CMD_LF_SAMPLING_GET_CONFIG, NULL, 0);
return PM3_SUCCESS;
}
//Bps is limited to 8 // print current settings.
if (cmdp == 0)
return lf_config(NULL);
// bps is limited to 8
if (bps >> 4) bps = 8; if (bps >> 4) bps = 8;
sample_config config = { decimation, bps, averaging, divisor, trigger_threshold, samples_to_skip }; sample_config config = { decimation, bps, averaging, divisor, trigger_threshold, samples_to_skip, true };
clearCommandBuffer(); return lf_config(&config);
SendCommandNG(CMD_LF_SAMPLING_SET_CONFIG, (uint8_t *)&config, sizeof(sample_config));
return PM3_SUCCESS;
} }
int lf_read(bool silent, uint32_t samples) { int lf_read(bool silent, uint32_t samples) {
@ -632,6 +641,7 @@ static void ChkBitstream() {
} }
} }
} }
//Attempt to simulate any wave in buffer (one bit per output sample) //Attempt to simulate any wave in buffer (one bit per output sample)
// converts GraphBuffer to bitstream (based on zero crossings) if needed. // converts GraphBuffer to bitstream (based on zero crossings) if needed.
int CmdLFSim(const char *Cmd) { int CmdLFSim(const char *Cmd) {
@ -711,7 +721,7 @@ int CmdLFSim(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// by marshmellow - sim fsk data given clock, fcHigh, fcLow, invert // sim fsk data given clock, fcHigh, fcLow, invert
// - allow pull data from DemodBuffer // - allow pull data from DemodBuffer
int CmdLFfskSim(const char *Cmd) { int CmdLFfskSim(const char *Cmd) {
//might be able to autodetect FCs and clock from Graphbuffer if using demod buffer //might be able to autodetect FCs and clock from Graphbuffer if using demod buffer
@ -815,7 +825,7 @@ int CmdLFfskSim(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// by marshmellow - sim ask data given clock, invert, manchester or raw, separator // sim ask data given clock, invert, manchester or raw, separator
// - allow pull data from DemodBuffer // - allow pull data from DemodBuffer
int CmdLFaskSim(const char *Cmd) { int CmdLFaskSim(const char *Cmd) {
// autodetect clock from Graphbuffer if using demod buffer // autodetect clock from Graphbuffer if using demod buffer
@ -916,7 +926,7 @@ int CmdLFaskSim(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// by marshmellow - sim psk data given carrier, clock, invert // sim psk data given carrier, clock, invert
// - allow pull data from DemodBuffer or parameters // - allow pull data from DemodBuffer or parameters
int CmdLFpskSim(const char *Cmd) { int CmdLFpskSim(const char *Cmd) {
//might be able to autodetect FC and clock from Graphbuffer if using demod buffer //might be able to autodetect FC and clock from Graphbuffer if using demod buffer
@ -1126,7 +1136,6 @@ int CmdVchDemod(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
//by marshmellow
static bool CheckChipType(bool getDeviceData) { static bool CheckChipType(bool getDeviceData) {
bool retval = false; bool retval = false;
@ -1158,7 +1167,6 @@ out:
return retval; return retval;
} }
//by marshmellow
int CmdLFfind(const char *Cmd) { int CmdLFfind(const char *Cmd) {
int ans = 0; int ans = 0;
size_t minLength = 2000; size_t minLength = 2000;
@ -1193,9 +1201,21 @@ int CmdLFfind(const char *Cmd) {
if (getSignalProperties()->isnoise) { if (getSignalProperties()->isnoise) {
if (IfPm3Hitag()) { if (IfPm3Hitag()) {
if (readHitagUid()) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Hitag") "found!"); return PM3_SUCCESS;} if (readHitagUid()) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Hitag") "found!");
return PM3_SUCCESS;
}
}
if (readMotorolaUid()) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Motorola ID") "found!");
return PM3_SUCCESS;
}
if (readCOTAGUid()) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("COTAG ID") "found!");
return PM3_SUCCESS;
} }
if (readCOTAGUid()) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("COTAG ID") "found!"); return PM3_SUCCESS;}
PrintAndLogEx(FAILED, _RED_("No data found!")); PrintAndLogEx(FAILED, _RED_("No data found!"));
PrintAndLogEx(INFO, "Signal looks like noise. Maybe not an LF tag?"); PrintAndLogEx(INFO, "Signal looks like noise. Maybe not an LF tag?");
@ -1229,7 +1249,6 @@ int CmdLFfind(const char *Cmd) {
if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") "found!"); goto out;} if (demodVisa2k() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Visa2000 ID") "found!"); goto out;}
if (demodGallagher() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("GALLAGHER ID") "found!"); goto out;} if (demodGallagher() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("GALLAGHER ID") "found!"); goto out;}
// if (demodTI() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Texas Instrument ID") "found!"); goto out;} // if (demodTI() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Texas Instrument ID") "found!"); goto out;}
// if (demodVerichip() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("VeriChip ID") "found!"); goto out;}
//if (demodFermax() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Fermax ID") "found!"); goto out;} //if (demodFermax() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Fermax ID") "found!"); goto out;}
//if (demodFlex() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Motorola FlexPass ID") "found!"); goto out;} //if (demodFlex() == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Motorola FlexPass ID") "found!"); goto out;}
@ -1297,6 +1316,7 @@ static command_t CommandTable[] = {
{"nedap", CmdLFNedap, AlwaysAvailable, "{ Nedap RFIDs... }"}, {"nedap", CmdLFNedap, AlwaysAvailable, "{ Nedap RFIDs... }"},
{"nexwatch", CmdLFNEXWATCH, AlwaysAvailable, "{ NexWatch RFIDs... }"}, {"nexwatch", CmdLFNEXWATCH, AlwaysAvailable, "{ NexWatch RFIDs... }"},
{"noralsy", CmdLFNoralsy, AlwaysAvailable, "{ Noralsy RFIDs... }"}, {"noralsy", CmdLFNoralsy, AlwaysAvailable, "{ Noralsy RFIDs... }"},
{"motorola", CmdLFMotorola, AlwaysAvailable, "{ Motorola RFIDs... }"},
{"pac", CmdLFPac, AlwaysAvailable, "{ PAC/Stanley RFIDs... }"}, {"pac", CmdLFPac, AlwaysAvailable, "{ PAC/Stanley RFIDs... }"},
{"paradox", CmdLFParadox, AlwaysAvailable, "{ Paradox RFIDs... }"}, {"paradox", CmdLFParadox, AlwaysAvailable, "{ Paradox RFIDs... }"},
{"pcf7931", CmdLFPCF7931, AlwaysAvailable, "{ PCF7931 CHIPs... }"}, {"pcf7931", CmdLFPCF7931, AlwaysAvailable, "{ PCF7931 CHIPs... }"},
@ -1305,7 +1325,6 @@ static command_t CommandTable[] = {
{"securakey", CmdLFSecurakey, AlwaysAvailable, "{ Securakey RFIDs... }"}, {"securakey", CmdLFSecurakey, AlwaysAvailable, "{ Securakey RFIDs... }"},
{"ti", CmdLFTI, AlwaysAvailable, "{ TI CHIPs... }"}, {"ti", CmdLFTI, AlwaysAvailable, "{ TI CHIPs... }"},
{"t55xx", CmdLFT55XX, AlwaysAvailable, "{ T55xx CHIPs... }"}, {"t55xx", CmdLFT55XX, AlwaysAvailable, "{ T55xx CHIPs... }"},
// {"verichip", CmdLFVerichip, AlwaysAvailable, "{ VeriChip RFIDs... }"},
{"viking", CmdLFViking, AlwaysAvailable, "{ Viking RFIDs... }"}, {"viking", CmdLFViking, AlwaysAvailable, "{ Viking RFIDs... }"},
{"visa2000", CmdLFVisa2k, AlwaysAvailable, "{ Visa2000 RFIDs... }"}, {"visa2000", CmdLFVisa2k, AlwaysAvailable, "{ Visa2000 RFIDs... }"},
{"", CmdHelp, AlwaysAvailable, ""}, {"", CmdHelp, AlwaysAvailable, ""},

4
client/cmdlf.h
View file

@ -12,12 +12,13 @@
#define CMDLF_H__ #define CMDLF_H__
#include "common.h" #include "common.h"
#include "pm3_cmd.h" // sample_config_t
#define T55XX_WRITE_TIMEOUT 1500 #define T55XX_WRITE_TIMEOUT 1500
int CmdLF(const char *Cmd); int CmdLF(const char *Cmd);
int CmdLFSetConfig(const char *Cmd); int CmdLFConfig(const char *Cmd);
int CmdLFCommandRead(const char *Cmd); int CmdLFCommandRead(const char *Cmd);
int CmdFlexdemod(const char *Cmd); int CmdFlexdemod(const char *Cmd);
@ -32,5 +33,6 @@ int CmdVchDemod(const char *Cmd);
int CmdLFfind(const char *Cmd); int CmdLFfind(const char *Cmd);
int lf_read(bool silent, uint32_t samples); int lf_read(bool silent, uint32_t samples);
int lf_config(sample_config *config);
#endif #endif

2
client/cmdlfcotag.c
View file

@ -79,7 +79,7 @@ static int CmdCOTAGDemod(const char *Cmd) {
// 2 = raw signal - maxlength bigbuff // 2 = raw signal - maxlength bigbuff
static int CmdCOTAGRead(const char *Cmd) { static int CmdCOTAGRead(const char *Cmd) {
if ( tolower(Cmd[0]) == 'h') return usage_lf_cotag_read(); if (tolower(Cmd[0]) == 'h') return usage_lf_cotag_read();
uint32_t rawsignal = 1; uint32_t rawsignal = 1;
sscanf(Cmd, "%u", &rawsignal); sscanf(Cmd, "%u", &rawsignal);

116
client/cmdlfem4x.c
View file

@ -844,14 +844,14 @@ int EM4x50Read(const char *Cmd, bool verbose) {
size_t size = getFromGraphBuf(bits); size_t size = getFromGraphBuf(bits);
if (size < 4000) { if (size < 4000) {
if (verbose || g_debugMode) PrintAndLogEx(ERR, "Error: EM4x50 - Too little data in Graphbuffer"); if (verbose || g_debugMode) PrintAndLogEx(ERR, "Error: EM4x50 - Too little data in Graphbuffer");
return PM3_ESOFT; return PM3_ESOFT;
} }
computeSignalProperties(bits, size); computeSignalProperties(bits, size);
// get fuzzed HI / LOW limits in signal // get fuzzed HI / LOW limits in signal
getHiLo( &high, &low, 75, 75); getHiLo(&high, &low, 75, 75);
// get to first full low to prime loop and skip incomplete first pulse // get to first full low to prime loop and skip incomplete first pulse
size_t offset = 0; size_t offset = 0;
@ -866,7 +866,7 @@ int EM4x50Read(const char *Cmd, bool verbose) {
DetectASKClock(bits, size, &clk, 0); DetectASKClock(bits, size, &clk, 0);
if (clk == 0) { if (clk == 0) {
if (verbose || g_debugMode) PrintAndLogEx(ERR, "Error: EM4x50 - didn't find a clock"); if (verbose || g_debugMode) PrintAndLogEx(ERR, "Error: EM4x50 - didn't find a clock");
return PM3_ESOFT; return PM3_ESOFT;
} }
} }
// tolerance // tolerance
@ -1246,7 +1246,7 @@ static int EM4x05ReadWord_ext(uint8_t addr, uint32_t pwd, bool usePwd, uint32_t
static int CmdEM4x05Demod(const char *Cmd) { static int CmdEM4x05Demod(const char *Cmd) {
// uint8_t ctmp = tolower(param_getchar(Cmd, 0)); // uint8_t ctmp = tolower(param_getchar(Cmd, 0));
// if (ctmp == 'h') return usage_lf_em4x05_demod(); // if (ctmp == 'h') return usage_lf_em4x05_demod();
uint32_t word = 0; uint32_t word = 0;
return demodEM4x05resp(&word); return demodEM4x05resp(&word);
} }
@ -1263,22 +1263,23 @@ static int CmdEM4x05Dump(const char *Cmd) {
while (param_getchar(Cmd, cmdp) != 0x00) { while (param_getchar(Cmd, cmdp) != 0x00) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h': return usage_lf_em4x05_dump(); case 'h':
break; return usage_lf_em4x05_dump();
break;
case 'f': // since f could match in password, lets confirm it is 1 character only for an option case 'f': // since f could match in password, lets confirm it is 1 character only for an option
param_getstr(Cmd, cmdp,optchk,sizeof(optchk)); param_getstr(Cmd, cmdp, optchk, sizeof(optchk));
if (strlen (optchk) == 1) {// Have a single character f so filename no password if (strlen(optchk) == 1) { // Have a single character f so filename no password
param_getstr(Cmd, cmdp + 1, preferredName, FILE_PATH_SIZE); param_getstr(Cmd, cmdp + 1, preferredName, FILE_PATH_SIZE);
cmdp+=2; cmdp += 2;
break; break;
} // if not a single 'f' dont break and flow onto default as should be password } // if not a single 'f' dont break and flow onto default as should be password
default : // for backwards-compatibility options should be > 'f' else assume its the hex password` default : // for backwards-compatibility options should be > 'f' else assume its the hex password`
// for now use default input of 1 as invalid (unlikely 1 will be a valid password...) // for now use default input of 1 as invalid (unlikely 1 will be a valid password...)
pwd = param_get32ex(Cmd, cmdp, 1, 16); pwd = param_get32ex(Cmd, cmdp, 1, 16);
if (pwd != 1) if (pwd != 1)
usePwd = true; usePwd = true;
cmdp++; cmdp++;
}; };
} }
@ -1313,7 +1314,7 @@ static int CmdEM4x05Dump(const char *Cmd) {
if (usePwd) { if (usePwd) {
data[addr] = BSWAP_32(pwd); data[addr] = BSWAP_32(pwd);
num_to_bytes(pwd, 4, bytes); num_to_bytes(pwd, 4, bytes);
PrintAndLogEx(NORMAL, " %02u | %08X | %s | %c | password", addr, pwd, sprint_ascii(bytes, 4),((lock_bits >> addr) & 1) ? 'x' : ' '); PrintAndLogEx(NORMAL, " %02u | %08X | %s | %c | password", addr, pwd, sprint_ascii(bytes, 4), ((lock_bits >> addr) & 1) ? 'x' : ' ');
} else { } else {
data[addr] = 0x00; // Unknown password, but not used to set to zeros data[addr] = 0x00; // Unknown password, but not used to set to zeros
PrintAndLogEx(NORMAL, " 02 | | | | " _RED_("cannot read")); PrintAndLogEx(NORMAL, " 02 | | | | " _RED_("cannot read"));
@ -1326,16 +1327,15 @@ static int CmdEM4x05Dump(const char *Cmd) {
data[addr] = BSWAP_32(word); data[addr] = BSWAP_32(word);
if (status == PM3_SUCCESS) { if (status == PM3_SUCCESS) {
num_to_bytes(word, 4, bytes); num_to_bytes(word, 4, bytes);
PrintAndLogEx(NORMAL, " %02d | %08X | %s | %c |", addr, word, sprint_ascii(bytes, 4),((lock_bits >> addr) & 1) ? 'x' : ' '); PrintAndLogEx(NORMAL, " %02d | %08X | %s | %c |", addr, word, sprint_ascii(bytes, 4), ((lock_bits >> addr) & 1) ? 'x' : ' ');
} } else
else
PrintAndLogEx(NORMAL, " %02d | | | | " _RED_("Fail"), addr); PrintAndLogEx(NORMAL, " %02d | | | | " _RED_("Fail"), addr);
} }
} }
// Print blocks 14 and 15 // Print blocks 14 and 15
// Both lock bits are protected with bit idx 14 (special case) // Both lock bits are protected with bit idx 14 (special case)
PrintAndLogEx(NORMAL, " %02d | %08X | %s | %c | Lock", 14, data[14], sprint_ascii(bytes, 4),((lock_bits >> 14) & 1) ? 'x' : ' '); PrintAndLogEx(NORMAL, " %02d | %08X | %s | %c | Lock", 14, data[14], sprint_ascii(bytes, 4), ((lock_bits >> 14) & 1) ? 'x' : ' ');
PrintAndLogEx(NORMAL, " %02d | %08X | %s | %c | Lock", 15, data[15], sprint_ascii(bytes, 4),((lock_bits >> 14) & 1) ? 'x' : ' '); PrintAndLogEx(NORMAL, " %02d | %08X | %s | %c | Lock", 15, data[15], sprint_ascii(bytes, 4), ((lock_bits >> 14) & 1) ? 'x' : ' ');
// Update endian for files // Update endian for files
data[14] = BSWAP_32(data[14]); data[14] = BSWAP_32(data[14]);
data[15] = BSWAP_32(data[15]); data[15] = BSWAP_32(data[15]);
@ -1343,11 +1343,11 @@ static int CmdEM4x05Dump(const char *Cmd) {
if (success == PM3_SUCCESS) { // all ok save dump to file if (success == PM3_SUCCESS) { // all ok save dump to file
// saveFileEML will add .eml extension to filename // saveFileEML will add .eml extension to filename
// saveFile (binary) passes in the .bin extension. // saveFile (binary) passes in the .bin extension.
if (strcmp (preferredName,"") == 0) // Set default filename, if not set by user if (strcmp(preferredName, "") == 0) // Set default filename, if not set by user
sprintf (preferredName,"lf-4x05-%08X-data",BSWAP_32(data[1])); sprintf(preferredName, "lf-4x05-%08X-data", BSWAP_32(data[1]));
saveFileEML(preferredName, (uint8_t *)data, 16*sizeof(uint32_t), sizeof(uint32_t)); saveFileEML(preferredName, (uint8_t *)data, 16 * sizeof(uint32_t), sizeof(uint32_t));
saveFile (preferredName, ".bin", data, sizeof(data)); saveFile(preferredName, ".bin", data, sizeof(data));
} }
return success; return success;
@ -1454,60 +1454,60 @@ static int CmdEM4x05Wipe(const char *Cmd) {
while (param_getchar(Cmd, cmdp) != 0x00) { while (param_getchar(Cmd, cmdp) != 0x00) {
// check if cmd is a 1 byte option // check if cmd is a 1 byte option
param_getstr(Cmd, cmdp,optchk,sizeof(optchk)); param_getstr(Cmd, cmdp, optchk, sizeof(optchk));
if (strlen (optchk) == 1) {// Have a single character so option not part of password if (strlen(optchk) == 1) { // Have a single character so option not part of password
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
case 'c': // chip type case 'c': // chip type
if (param_getchar(Cmd, cmdp) != 0x00) if (param_getchar(Cmd, cmdp) != 0x00)
chipType = param_get8ex (Cmd,cmdp+1,0,10); chipType = param_get8ex(Cmd, cmdp + 1, 0, 10);
cmdp+=2; cmdp += 2;
break; break;
case 'h': // return usage_lf_em4x05_wipe(); case 'h': // return usage_lf_em4x05_wipe();
default : // Unknown or 'h' send help default : // Unknown or 'h' send help
return usage_lf_em4x05_wipe(); return usage_lf_em4x05_wipe();
break; break;
}; };
} else { // Not a single character so assume password } else { // Not a single character so assume password
pwd = param_get32ex(Cmd, cmdp, 1, 16); pwd = param_get32ex(Cmd, cmdp, 1, 16);
cmdp++; cmdp++;
} }
} }
switch (chipType) { switch (chipType) {
case 0 : // em4205 case 0 : // em4205
chipInfo = 0x00040070; chipInfo = 0x00040070;
config = 0x0001805F; config = 0x0001805F;
break; break;
case 1 : // em4305 case 1 : // em4305
chipInfo = 0x00040072; chipInfo = 0x00040072;
config = 0x0001805F; config = 0x0001805F;
break; break;
default : // Type 0/Default : EM4305 default : // Type 0/Default : EM4305
chipInfo = 0x00040072; chipInfo = 0x00040072;
config = 0x0001805F; config = 0x0001805F;
} }
// block 0 : User Data or Chip Info // block 0 : User Data or Chip Info
sprintf (cmdStr,"%d %08X %08X",0,chipInfo,pwd); sprintf(cmdStr, "%d %08X %08X", 0, chipInfo, pwd);
CmdEM4x05Write (cmdStr); CmdEM4x05Write(cmdStr);
// block 1 : UID - this should be read only for EM4205 and EM4305 not sure about others // block 1 : UID - this should be read only for EM4205 and EM4305 not sure about others
sprintf (cmdStr,"%d %08X %08X",1,chipUID,pwd); sprintf(cmdStr, "%d %08X %08X", 1, chipUID, pwd);
CmdEM4x05Write (cmdStr); CmdEM4x05Write(cmdStr);
// block 2 : password // block 2 : password
sprintf (cmdStr,"%d %08X %08X",2,blockData,pwd); sprintf(cmdStr, "%d %08X %08X", 2, blockData, pwd);
CmdEM4x05Write (cmdStr); CmdEM4x05Write(cmdStr);
pwd = blockData; // Password should now have changed, so use new password pwd = blockData; // Password should now have changed, so use new password
// block 3 : user data // block 3 : user data
sprintf (cmdStr,"%d %08X %08X",3,blockData,pwd); sprintf(cmdStr, "%d %08X %08X", 3, blockData, pwd);
CmdEM4x05Write (cmdStr); CmdEM4x05Write(cmdStr);
// block 4 : config // block 4 : config
sprintf (cmdStr,"%d %08X %08X",4,config,pwd); sprintf(cmdStr, "%d %08X %08X", 4, config, pwd);
CmdEM4x05Write (cmdStr); CmdEM4x05Write(cmdStr);
// Remainder of user/data blocks // Remainder of user/data blocks
for (addr = 5; addr < 14; addr++) {// Clear user data blocks for (addr = 5; addr < 14; addr++) {// Clear user data blocks
sprintf (cmdStr,"%d %08X %08X",addr,blockData,pwd); sprintf(cmdStr, "%d %08X %08X", addr, blockData, pwd);
CmdEM4x05Write (cmdStr); CmdEM4x05Write(cmdStr);
} }
return success; return success;

14
client/cmdlfgallagher.c
View file

@ -97,11 +97,11 @@ static int CmdGallagherClone(const char *Cmd) {
// skip first block, 3*4 = 12 bytes left // skip first block, 3*4 = 12 bytes left
uint8_t rawhex[12] = {0}; uint8_t rawhex[12] = {0};
int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen);
if ( res != 0 ) if (res != 0)
errors = true; errors = true;
for(uint8_t i = 1; i < ARRAYLEN(blocks); i++) { for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) {
blocks[i] = bytes_to_num(rawhex + ( (i - 1) * 4 ), sizeof(uint32_t)); blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t));
} }
cmdp += 2; cmdp += 2;
break; break;
@ -157,10 +157,10 @@ int detectGallagher(uint8_t *dest, size_t *size) {
if (*size < 96) return -1; //make sure buffer has data if (*size < 96) return -1; //make sure buffer has data
size_t startIdx = 0; size_t startIdx = 0;
uint8_t preamble[] = { uint8_t preamble[] = {
0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1,
0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0,
0, 1, 1, 0, 0 ,0 ,0 ,1 0, 1, 1, 0, 0, 0, 0, 1
}; };
if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx)) if (!preambleSearch(dest, preamble, sizeof(preamble), size, &startIdx))
return -2; //preamble not found return -2; //preamble not found

14
client/cmdlfhid.c
View file

@ -133,12 +133,12 @@ static int sendTry(uint8_t format_idx, wiegand_card_t *card, uint32_t delay, boo
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_HID_SIMULATE, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_LF_HID_SIMULATE, (uint8_t *)&payload, sizeof(payload));
/* /*
PacketResponseNG resp; PacketResponseNG resp;
WaitForResponse(CMD_LF_HID_SIMULATE, &resp); WaitForResponse(CMD_LF_HID_SIMULATE, &resp);
if (resp.status == PM3_EOPABORTED) if (resp.status == PM3_EOPABORTED)
return resp.status; return resp.status;
*/ */
msleep(delay); msleep(delay);
return sendPing(); return sendPing();
} }
@ -443,7 +443,7 @@ static int CmdHIDBrute(const char *Cmd) {
if (data.CardNumber > 1) { if (data.CardNumber > 1) {
data.CardNumber--; data.CardNumber--;
if (sendTry(format_idx, &data, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT; if (sendTry(format_idx, &data, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT;
} }
} }
return PM3_SUCCESS; return PM3_SUCCESS;
} }

6
client/cmdlfindala.c
View file

@ -164,7 +164,7 @@ static int CmdIndalaDemod(const char *Cmd) {
csn |= DemodBuffer[50] << 1; // b2 csn |= DemodBuffer[50] << 1; // b2
csn |= DemodBuffer[41] << 0; // b1 csn |= DemodBuffer[41] << 0; // b1
uint8_t checksum = 0; uint8_t checksum = 0;
checksum |= DemodBuffer[62] << 1; // b2 checksum |= DemodBuffer[62] << 1; // b2
checksum |= DemodBuffer[63] << 0; // b1 checksum |= DemodBuffer[63] << 0; // b1
@ -172,7 +172,7 @@ static int CmdIndalaDemod(const char *Cmd) {
PrintAndLogEx(SUCCESS, "Possible de-scramble patterns"); PrintAndLogEx(SUCCESS, "Possible de-scramble patterns");
PrintAndLogEx(SUCCESS, "\tPrinted | __%04d__ [0x%X]", p1, p1); PrintAndLogEx(SUCCESS, "\tPrinted | __%04d__ [0x%X]", p1, p1);
PrintAndLogEx(SUCCESS, "\tInternal ID | %" PRIu64, foo); PrintAndLogEx(SUCCESS, "\tInternal ID | %" PRIu64, foo);
PrintAndLogEx(SUCCESS, "Fmt 26 bit FC %u , CSN %u , checksum %1d%1d", fc, csn, checksum >> 1 & 0x01, checksum & 0x01 ); PrintAndLogEx(SUCCESS, "Fmt 26 bit FC %u , CSN %u , checksum %1d%1d", fc, csn, checksum >> 1 & 0x01, checksum & 0x01);
} else { } else {
uint32_t uid3 = bytebits_to_byte(DemodBuffer + 64, 32); uint32_t uid3 = bytebits_to_byte(DemodBuffer + 64, 32);
@ -647,8 +647,6 @@ out:
*size = found_size; *size = found_size;
//PrintAndLogEx(INFO, "DEBUG: detectindala RES = %d | %d | %d", res, found_size, idx);
if (found_size != 224 && found_size != 64) { if (found_size != 224 && found_size != 64) {
PrintAndLogEx(INFO, "DEBUG: detectindala | %zu", found_size); PrintAndLogEx(INFO, "DEBUG: detectindala | %zu", found_size);
return -5; return -5;

258
client/cmdlfmotorola.c Normal file
View file

@ -0,0 +1,258 @@
//-----------------------------------------------------------------------------
// Iceman, 2019
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency Motorola tag commands
// PSK1, RF/32, 64 bits long, at 74 kHz
//-----------------------------------------------------------------------------
#include "cmdlfmotorola.h"
#include <ctype.h> //tolower
#include "commonutil.h" // ARRAYLEN
#include "common.h"
#include "cmdparser.h" // command_t
#include "comms.h"
#include "ui.h"
#include "cmddata.h"
#include "cmdlf.h"
#include "lfdemod.h" // preamble test
#include "protocols.h" // t55xx defines
#include "cmdlft55xx.h" // clone..
#include "cmdlf.h" // cmdlfconfig
#include "cliparser/cliparser.h" // cli parse input
static int CmdHelp(const char *Cmd);
//see PSKDemod for what args are accepted
static int CmdMotorolaDemod(const char *Cmd) {
//PSK1
if (PSKDemod("32 1", true) != PM3_SUCCESS) {
PrintAndLogEx(DEBUG, "DEBUG: Error - Motorola: PSK Demod failed");
return PM3_ESOFT;
}
size_t size = DemodBufferLen;
int ans = detectMotorola(DemodBuffer, &size);
if (ans < 0) {
if (ans == -1)
PrintAndLogEx(DEBUG, "DEBUG: Error - Motorola: too few bits found");
else if (ans == -2)
PrintAndLogEx(DEBUG, "DEBUG: Error - Motorola: preamble not found");
else if (ans == -3)
PrintAndLogEx(DEBUG, "DEBUG: Error - Motorola: Size not correct: %zu", size);
else
PrintAndLogEx(DEBUG, "DEBUG: Error - Motorola: ans: %d", ans);
return PM3_ESOFT;
}
setDemodBuff(DemodBuffer, 64, ans);
setClockGrid(g_DemodClock, g_DemodStartIdx + (ans * g_DemodClock));
//got a good demod
uint32_t raw1 = bytebits_to_byte(DemodBuffer, 32);
uint32_t raw2 = bytebits_to_byte(DemodBuffer + 32, 32);
// A0000000E308C0C1
// 10100000000000000000000000000000 1110 0011 0000 1000 1100 0000 1100 0001
// 1 1 2 2 2 3 3 4 4 4 5 5 6
// 0 4 8 2 6 0 4 8 2 6 0 4 8 2 6 0
// 1010 0000 0000 0000 0000 0000 0000 0000 1110 0011 0000 1000 1100 0000 0101 0010
// 9 .0 5 4 26 3 . 71
// . .0 5 4 26 3 . 71
// 6 9 A5 C0FD E7 18 B 4 3 2
// hex(234) 0xEA bin(234) 1110 1010
// hex(437) 0x1B5 bin(437) 1 1011 0101
// hex(229) 0xE5 bin(229) 1110 0101
uint16_t fc = 0;
// FC seems to be guess work. Need more samples
// guessing printed FC is 4 digits. 1024? 10bit?
// fc |= DemodBuffer[38] << 9; // b10
fc |= DemodBuffer[34] << 8; // b9
fc |= DemodBuffer[44] << 7; // b8
fc |= DemodBuffer[47] << 6; // b7
fc |= DemodBuffer[57] << 5; // b6
fc |= DemodBuffer[49] << 4; // b5
// seems to match
fc |= DemodBuffer[53] << 3; // b4
fc |= DemodBuffer[48] << 2; // b3
fc |= DemodBuffer[58] << 1; // b2
fc |= DemodBuffer[39] << 0; // b1
// CSN was same as Indala CSN descramble.
uint16_t csn = 0;
csn |= DemodBuffer[42] << 15; // b16
csn |= DemodBuffer[45] << 14; // b15
csn |= DemodBuffer[43] << 13; // b14
csn |= DemodBuffer[40] << 12; // b13
csn |= DemodBuffer[52] << 11; // b12
csn |= DemodBuffer[36] << 10; // b11
csn |= DemodBuffer[35] << 9; // b10
csn |= DemodBuffer[51] << 8; // b9
csn |= DemodBuffer[46] << 7; // b8
csn |= DemodBuffer[33] << 6; // b7
csn |= DemodBuffer[37] << 5; // b6
csn |= DemodBuffer[54] << 4; // b5
csn |= DemodBuffer[56] << 3; // b4
csn |= DemodBuffer[59] << 2; // b3
csn |= DemodBuffer[50] << 1; // b2
csn |= DemodBuffer[41] << 0; // b1
uint8_t checksum = 0;
checksum |= DemodBuffer[62] << 1; // b2
checksum |= DemodBuffer[63] << 0; // b1
PrintAndLogEx(SUCCESS, "Motorola Tag Found -- Raw: %08X%08X", raw1, raw2);
PrintAndLogEx(SUCCESS, "Fmt 26 bit FC %u , CSN %u , checksum %1d%1d", fc, csn, checksum >> 1 & 0x01, checksum & 0x01);
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
static int CmdMotorolaRead(const char *Cmd) {
// Motorola Flexpass seem to work at 74 kHz
// and take about 4400 samples to befor modulating
sample_config sc = {
.decimation = 0,
.bits_per_sample = 0,
.averaging = false,
.divisor = LF_DIVISOR(74),
.trigger_threshold = -1,
.samples_to_skip = 4500,
.verbose = false
};
lf_config(&sc);
// 64 * 32 * 2 * n-ish
lf_read(true, 5000);
// reset back to 125 kHz
sc.divisor = LF_DIVISOR_125;
sc.samples_to_skip = 0;
lf_config(&sc);
return CmdMotorolaDemod(Cmd);
}
static int CmdMotorolaClone(const char *Cmd) {
uint32_t blocks[3] = {0};
uint8_t data[8];
int datalen = 0;
CLIParserInit("lf indala clone",
"Enables cloning of Motorola card with specified uid onto T55x7\n"
"defaults to 64.\n",
"\n"
"Samples:\n"
"\tlf motorola clone a0000000a0002021\n"
);
void *argtable[] = {
arg_param_begin,
arg_strx1(NULL, NULL, "<uid (hex)>", NULL),
arg_param_end
};
CLIExecWithReturn(Cmd, argtable, false);
CLIGetHexWithReturn(1, data, &datalen);
CLIParserFree();
//TODO add selection of chip for Q5 or T55x7
// data[0] = T5555_SET_BITRATE(32 | T5555_MODULATION_PSK1 | 2 << T5555_MAXBLOCK_SHIFT;
// config for Motorola 64 format (RF/32;PSK1 with RF/2; Maxblock=2)
PrintAndLogEx(INFO, "Preparing to clone Motorola 64bit tag with RawID %s", sprint_hex(data, datalen));
blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (2 << T55x7_MAXBLOCK_SHIFT);
blocks[1] = bytes_to_num(data, 4);
blocks[2] = bytes_to_num(data + 4, 4);
print_blocks(blocks, ARRAYLEN(blocks));
return clone_t55xx_tag(blocks, ARRAYLEN(blocks));
}
static int CmdMotorolaSim(const char *Cmd) {
// PSK sim.
PrintAndLogEx(INFO, " PSK1 at 66 kHz... Interesting.");
PrintAndLogEx(INFO, " To be implemented, feel free to contribute!");
return PM3_SUCCESS;
}
static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"demod", CmdMotorolaDemod, AlwaysAvailable, "Demodulate an MOTOROLA tag from the GraphBuffer"},
{"read", CmdMotorolaRead, IfPm3Lf, "Attempt to read and extract tag data from the antenna"},
{"clone", CmdMotorolaClone, IfPm3Lf, "clone MOTOROLA to T55x7"},
{"sim", CmdMotorolaSim, IfPm3Lf, "simulate MOTOROLA tag"},
{NULL, NULL, NULL, NULL}
};
static int CmdHelp(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
CmdsHelp(CommandTable);
return PM3_SUCCESS;
}
int CmdLFMotorola(const char *Cmd) {
clearCommandBuffer();
return CmdsParse(CommandTable, Cmd);
}
// find MOTOROLA preamble in already demoded data
int detectMotorola(uint8_t *dest, size_t *size) {
//make sure buffer has data
if (*size < 64)
return -1;
bool inverted = false;
size_t found_size = *size;
size_t start_idx = 0;
// Seems Motorola is based on the following indala format.
// standard 64 bit Motorola formats including 26 bit 40134 format
uint8_t preamble[] = {1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
uint8_t preamble_i[] = {0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0};
// preamble not found
if (!preambleSearch(dest, preamble, sizeof(preamble), &found_size, &start_idx)) {
found_size = *size;
if (!preambleSearch(dest, preamble_i, sizeof(preamble_i), &found_size, &start_idx)) {
return -2;
}
PrintAndLogEx(DEBUG, "DEBUG: detectMotorola PSK1 found inverted preamble");
inverted = true;
}
*size = found_size;
// wrong demoded size
if (*size != 64)
return -3;
if (inverted && start_idx > 0) {
for (size_t i = start_idx - 1 ; i < *size + start_idx + 2; i++) {
dest[i] ^= 1;
}
}
return (int)start_idx;
}
int demodMotorola(void) {
return CmdMotorolaDemod("");
}
int readMotorolaUid(void) {
return (CmdMotorolaRead("") == PM3_SUCCESS);
}

21
client/cmdlfmotorola.h Normal file
View file

@ -0,0 +1,21 @@
//-----------------------------------------------------------------------------
// Iceman, 2019
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Low frequency MOTOROLA tag commands
//-----------------------------------------------------------------------------
#ifndef CMDLFMOTOROLA_H__
#define CMDLFMOTOROLA_H__
#include "common.h"
int CmdLFMotorola(const char *Cmd);
int demodMotorola(void);
int detectMotorola(uint8_t *dest, size_t *size);
int readMotorolaUid(void);
#endif

6
client/cmdlfnexwatch.c
View file

@ -114,11 +114,11 @@ static int CmdNexWatchClone(const char *Cmd) {
// skip first block, 4*4 = 16 bytes left // skip first block, 4*4 = 16 bytes left
uint8_t rawhex[16] = {0}; uint8_t rawhex[16] = {0};
int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen);
if ( res != 0 ) if (res != 0)
errors = true; errors = true;
for(uint8_t i = 1; i < ARRAYLEN(blocks); i++) { for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) {
blocks[i] = bytes_to_num(rawhex + ( (i - 1) * 4 ), sizeof(uint32_t)); blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t));
} }
cmdp += 2; cmdp += 2;
break; break;

3
client/cmdlfnoralsy.c
View file

@ -169,7 +169,8 @@ static int CmdNoralsyClone(const char *Cmd) {
PrintAndLogEx(INFO, "Preparing to clone Noralsy to T55x7 with CardId: %u", id); PrintAndLogEx(INFO, "Preparing to clone Noralsy to T55x7 with CardId: %u", id);
print_blocks(blocks, ARRAYLEN(blocks)); print_blocks(blocks, ARRAYLEN(blocks));
return clone_t55xx_tag(blocks, ARRAYLEN(blocks));} return clone_t55xx_tag(blocks, ARRAYLEN(blocks));
}
static int CmdNoralsySim(const char *Cmd) { static int CmdNoralsySim(const char *Cmd) {

6
client/cmdlfpac.c
View file

@ -97,11 +97,11 @@ static int CmdPacClone(const char *Cmd) {
// skip first block, 4*4 = 16 bytes left // skip first block, 4*4 = 16 bytes left
uint8_t rawhex[16] = {0}; uint8_t rawhex[16] = {0};
int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen);
if ( res != 0 ) if (res != 0)
errors = true; errors = true;
for(uint8_t i = 1; i < ARRAYLEN(blocks); i++) { for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) {
blocks[i] = bytes_to_num(rawhex + ( (i - 1) * 4 ), sizeof(uint32_t)); blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t));
} }
cmdp += 2; cmdp += 2;
break; break;

6
client/cmdlfparadox.c
View file

@ -145,11 +145,11 @@ static int CmdParadoxClone(const char *Cmd) {
// skip first block, 3*4 =12 bytes left // skip first block, 3*4 =12 bytes left
uint8_t rawhex[12] = {0}; uint8_t rawhex[12] = {0};
int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen);
if ( res != 0 ) if (res != 0)
errors = true; errors = true;
for(uint8_t i = 1; i < ARRAYLEN(blocks); i++) { for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) {
blocks[i] = bytes_to_num(rawhex + ( (i - 1) * 4 ), sizeof(uint32_t)); blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t));
} }
cmdp += 2; cmdp += 2;
break; break;

6
client/cmdlfsecurakey.c
View file

@ -144,11 +144,11 @@ static int CmdSecurakeyClone(const char *Cmd) {
// skip first block, 3*4 = 12 bytes left // skip first block, 3*4 = 12 bytes left
uint8_t rawhex[12] = {0}; uint8_t rawhex[12] = {0};
int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen);
if ( res != 0 ) if (res != 0)
errors = true; errors = true;
for(uint8_t i = 1; i < ARRAYLEN(blocks); i++) { for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) {
blocks[i] = bytes_to_num(rawhex + ( (i - 1) * 4 ), sizeof(uint32_t)); blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t));
} }
cmdp += 2; cmdp += 2;
break; break;

148
client/cmdlft55xx.c
View file

@ -69,12 +69,12 @@ static void print_usage_t55xx_downloadlink(uint8_t ShowAll, uint8_t dl_mode_defa
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding 0|1|2|3|4"); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding 0|1|2|3|4");
else else
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding 0|1|2|3"); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding 0|1|2|3");
PrintAndLogEx(NORMAL, " 0 - fixed bit length%s",(dl_mode_default == 0)? " (detected default)":""); // default will be whats in config struct PrintAndLogEx(NORMAL, " 0 - fixed bit length%s", (dl_mode_default == 0) ? " (detected default)" : ""); // default will be whats in config struct
PrintAndLogEx(NORMAL, " 1 - long leading reference%s",(dl_mode_default == 1)? " (detected default)":""); PrintAndLogEx(NORMAL, " 1 - long leading reference%s", (dl_mode_default == 1) ? " (detected default)" : "");
PrintAndLogEx(NORMAL, " 2 - leading zero%s",(dl_mode_default == 2)? " (detected default)":""); PrintAndLogEx(NORMAL, " 2 - leading zero%s", (dl_mode_default == 2) ? " (detected default)" : "");
PrintAndLogEx(NORMAL, " 3 - 1 of 4 coding reference%s",(dl_mode_default == 3)? " (detected default)":""); PrintAndLogEx(NORMAL, " 3 - 1 of 4 coding reference%s", (dl_mode_default == 3) ? " (detected default)" : "");
if (ShowAll == T55XX_DLMODE_ALL) if (ShowAll == T55XX_DLMODE_ALL)
PrintAndLogEx(NORMAL, " 4 - Try all downlink modes%s",(dl_mode_default == 4)? " (default)":""); PrintAndLogEx(NORMAL, " 4 - Try all downlink modes%s", (dl_mode_default == 4) ? " (default)" : "");
} }
static int usage_t55xx_config() { static int usage_t55xx_config() {
@ -89,7 +89,7 @@ static int usage_t55xx_config() {
PrintAndLogEx(NORMAL, " Q5 [0/1] - Set/reset as T5555 ( Q5 ) chip instead of T55x7"); PrintAndLogEx(NORMAL, " Q5 [0/1] - Set/reset as T5555 ( Q5 ) chip instead of T55x7");
PrintAndLogEx(NORMAL, " ST [0/1] - Set/reset Sequence Terminator on"); PrintAndLogEx(NORMAL, " ST [0/1] - Set/reset Sequence Terminator on");
PrintAndLogEx(NORMAL, ""); // layout is a little differnet, so seperate until a better fix PrintAndLogEx(NORMAL, ""); // layout is a little differnet, so seperate until a better fix
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx config d FSK - FSK demodulation"); PrintAndLogEx(NORMAL, " lf t55xx config d FSK - FSK demodulation");
@ -105,7 +105,7 @@ static int usage_t55xx_read() {
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)");
PrintAndLogEx(NORMAL, " o - OPTIONAL override safety check"); PrintAndLogEx(NORMAL, " o - OPTIONAL override safety check");
PrintAndLogEx(NORMAL, " 1 - OPTIONAL 0|1 read Page 1 instead of Page 0"); PrintAndLogEx(NORMAL, " 1 - OPTIONAL 0|1 read Page 1 instead of Page 0");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, " " _RED_("**** WARNING ****")); PrintAndLogEx(NORMAL, " " _RED_("**** WARNING ****"));
PrintAndLogEx(NORMAL, " Use of read with password on a tag not configured"); PrintAndLogEx(NORMAL, " Use of read with password on a tag not configured");
PrintAndLogEx(NORMAL, " for a password can damage the tag"); PrintAndLogEx(NORMAL, " for a password can damage the tag");
@ -122,7 +122,7 @@ static int usage_t55xx_resetread() {
PrintAndLogEx(NORMAL, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"); PrintAndLogEx(NORMAL, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)");
PrintAndLogEx(NORMAL, "Usage: lf t55xx resetread [r <mode>]"); PrintAndLogEx(NORMAL, "Usage: lf t55xx resetread [r <mode>]");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx resetread"); PrintAndLogEx(NORMAL, " lf t55xx resetread");
@ -138,7 +138,7 @@ static int usage_t55xx_write() {
PrintAndLogEx(NORMAL, " 1 - OPTIONAL write Page 1 instead of Page 0"); PrintAndLogEx(NORMAL, " 1 - OPTIONAL write Page 1 instead of Page 0");
PrintAndLogEx(NORMAL, " t - OPTIONAL test mode write - ****DANGER****"); PrintAndLogEx(NORMAL, " t - OPTIONAL test mode write - ****DANGER****");
PrintAndLogEx(NORMAL, " v - OPTIONAL validate data afterwards"); PrintAndLogEx(NORMAL, " v - OPTIONAL validate data afterwards");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 - write 11223344 to block 3"); PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 - write 11223344 to block 3");
@ -150,7 +150,7 @@ static int usage_t55xx_write() {
static int usage_t55xx_trace() { static int usage_t55xx_trace() {
PrintAndLogEx(NORMAL, "Usage: lf t55xx trace [1] [r mode]"); PrintAndLogEx(NORMAL, "Usage: lf t55xx trace [1] [r mode]");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag."); PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
@ -168,7 +168,7 @@ static int usage_t55xx_info() {
PrintAndLogEx(NORMAL, " c <block0> - set configuration from a block0"); PrintAndLogEx(NORMAL, " c <block0> - set configuration from a block0");
PrintAndLogEx(NORMAL, " if set, use these data instead of reading tag."); PrintAndLogEx(NORMAL, " if set, use these data instead of reading tag.");
PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config."); PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config.");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx info"); PrintAndLogEx(NORMAL, " lf t55xx info");
@ -185,7 +185,7 @@ static int usage_t55xx_dump() {
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex symbols)"); PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLogEx(NORMAL, " o - OPTIONAL override, force pwd read despite danger to card"); PrintAndLogEx(NORMAL, " o - OPTIONAL override, force pwd read despite danger to card");
PrintAndLogEx(NORMAL, " f <prefix> - overide filename prefix (optional). Default is based on blk 0"); PrintAndLogEx(NORMAL, " f <prefix> - overide filename prefix (optional). Default is based on blk 0");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx dump"); PrintAndLogEx(NORMAL, " lf t55xx dump");
@ -212,7 +212,7 @@ static int usage_t55xx_detect() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag."); PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLogEx(NORMAL, " p <password - OPTIONAL password (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password - OPTIONAL password (8 hex characters)");
print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL,T55XX_DLMODE_ALL); print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL, T55XX_DLMODE_ALL);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx detect"); PrintAndLogEx(NORMAL, " lf t55xx detect");
@ -227,7 +227,7 @@ static int usage_t55xx_detectP1() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag."); PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); // Need to setup to try all modes print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode); // Need to setup to try all modes
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx p1detect"); PrintAndLogEx(NORMAL, " lf t55xx p1detect");
@ -242,7 +242,7 @@ static int usage_t55xx_wakup() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " p <password> - password 4bytes (8 hex symbols)"); PrintAndLogEx(NORMAL, " p <password> - password 4bytes (8 hex symbols)");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx wakeup p 11223344 - send wakeup password"); PrintAndLogEx(NORMAL, " lf t55xx wakeup p 11223344 - send wakeup password");
@ -257,7 +257,7 @@ static int usage_t55xx_chk() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " m - use dictionary from flashmemory\n"); PrintAndLogEx(NORMAL, " m - use dictionary from flashmemory\n");
print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL,T55XX_DLMODE_ALL); print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL, T55XX_DLMODE_ALL);
PrintAndLogEx(NORMAL, " i <*.dic> - loads a default keys dictionary file <*.dic>"); PrintAndLogEx(NORMAL, " i <*.dic> - loads a default keys dictionary file <*.dic>");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
@ -275,7 +275,7 @@ static int usage_t55xx_bruteforce() {
PrintAndLogEx(NORMAL, " password must be 4 bytes (8 hex symbols)"); PrintAndLogEx(NORMAL, " password must be 4 bytes (8 hex symbols)");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL,T55XX_DLMODE_ALL); print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL, T55XX_DLMODE_ALL);
PrintAndLogEx(NORMAL, " s <start_pwd> - 4 byte hex value to start pwd search at"); PrintAndLogEx(NORMAL, " s <start_pwd> - 4 byte hex value to start pwd search at");
PrintAndLogEx(NORMAL, " e <end_pwd> - 4 byte hex value to end pwd search at"); PrintAndLogEx(NORMAL, " e <end_pwd> - 4 byte hex value to end pwd search at");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
@ -294,7 +294,7 @@ static int usage_t55xx_recoverpw() {
PrintAndLogEx(NORMAL, " default password is 51243648, used by many cloners"); PrintAndLogEx(NORMAL, " default password is 51243648, used by many cloners");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL,T55XX_DLMODE_ALL); print_usage_t55xx_downloadlink(T55XX_DLMODE_ALL, T55XX_DLMODE_ALL);
PrintAndLogEx(NORMAL, " p <password> - 4 byte hex value of password written by cloner"); PrintAndLogEx(NORMAL, " p <password> - 4 byte hex value of password written by cloner");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
@ -347,7 +347,7 @@ static int usage_t55xx_protect() {
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)");
PrintAndLogEx(NORMAL, " o - OPTIONAL override safety check"); PrintAndLogEx(NORMAL, " o - OPTIONAL override safety check");
PrintAndLogEx(NORMAL, " n <new password> - new password"); PrintAndLogEx(NORMAL, " n <new password> - new password");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE,config.downlink_mode); print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx protect n 01020304 - sets new password to 01020304"); PrintAndLogEx(NORMAL, " lf t55xx protect n 01020304 - sets new password to 01020304");
@ -355,16 +355,31 @@ static int usage_t55xx_protect() {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int usage_t55xx_dangerraw() {
PrintAndLogEx(NORMAL, "This command allows to emit arbitrary raw commands on T5577 and cut the field after arbitrary duration.");
PrintAndLogEx(NORMAL, _RED_("WARNING:") " this may lock definitively the tag in an unusable state!");
PrintAndLogEx(NORMAL, "Uncontrolled usage can easily write an invalid configuration, activate lock bits,");
PrintAndLogEx(NORMAL, "OTP bit, password protection bit, deactivate test-mode, lock your card forever.");
PrintAndLogEx(NORMAL, "Uncontrolled usage is known to the State of California to cause cancer.");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf t55xx dangerraw [h] [b <bitstream> t <timing>]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - This help");
PrintAndLogEx(NORMAL, " b <bitstream> - raw bitstream");
PrintAndLogEx(NORMAL, " t <timing> - time in microseconds before dropping the field");
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
void T55x7_SaveBlockData (uint8_t idx,uint32_t data) { void T55x7_SaveBlockData(uint8_t idx, uint32_t data) {
if (idx < T55x7_BLOCK_COUNT) { if (idx < T55x7_BLOCK_COUNT) {
cardmem[idx].valid = true; cardmem[idx].valid = true;
cardmem[idx].blockdata = data; cardmem[idx].blockdata = data;
} }
} }
void T55x7_ClearAllBlockData (void) { void T55x7_ClearAllBlockData(void) {
for (uint8_t idx = 0; idx < T55x7_BLOCK_COUNT; idx++) { for (uint8_t idx = 0; idx < T55x7_BLOCK_COUNT; idx++) {
cardmem[idx].valid = false; cardmem[idx].valid = false;
cardmem[idx].blockdata = 0x00; cardmem[idx].blockdata = 0x00;
@ -405,7 +420,7 @@ int clone_t55xx_tag(uint32_t *blockdata, uint8_t numblocks) {
} }
} }
uint8_t res = 0; uint8_t res = 0;
for (int8_t i = 0; i < numblocks; i++) { for (int8_t i = 0; i < numblocks; i++) {
if (i == 0) { if (i == 0) {
@ -817,7 +832,7 @@ int T55xxReadBlockEx(uint8_t block, bool page1, bool usepwd, uint8_t override, u
return PM3_EWRONGANSVER; return PM3_EWRONGANSVER;
if (verbose) if (verbose)
printT55xxBlock(block,page1); printT55xxBlock(block, page1);
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -1021,7 +1036,7 @@ static int CmdT55xxDetect(const char *Cmd) {
if (errors) return usage_t55xx_detect(); if (errors) return usage_t55xx_detect();
// detect called so clear data blocks // detect called so clear data blocks
T55x7_ClearAllBlockData (); T55x7_ClearAllBlockData();
// sanity check. // sanity check.
if (SanityOfflineCheck(useGB) != PM3_SUCCESS) if (SanityOfflineCheck(useGB) != PM3_SUCCESS)
@ -1345,7 +1360,7 @@ void printT55xxBlock(uint8_t blockNum, bool page1) {
num_to_bytes(blockData, 4, bytes); num_to_bytes(blockData, 4, bytes);
T55x7_SaveBlockData ((page1)?blockNum+8 : blockNum,blockData); T55x7_SaveBlockData((page1) ? blockNum + 8 : blockNum, blockData);
PrintAndLogEx(SUCCESS, " %02d | %08X | %s | %s", blockNum, blockData, sprint_bin(DemodBuffer + config.offset, 32), sprint_ascii(bytes, 4)); PrintAndLogEx(SUCCESS, " %02d | %08X | %s | %s", blockNum, blockData, sprint_bin(DemodBuffer + config.offset, 32), sprint_ascii(bytes, 4));
} }
@ -1556,7 +1571,7 @@ int printConfiguration(t55xx_conf_block_t b) {
PrintAndLogEx(NORMAL, " Downlink Mode : %s", GetDownlinkModeStr(b.downlink_mode)); PrintAndLogEx(NORMAL, " Downlink Mode : %s", GetDownlinkModeStr(b.downlink_mode));
PrintAndLogEx(NORMAL, " Password Set : %s", (b.usepwd) ? _RED_("Yes") : _GREEN_("No")); PrintAndLogEx(NORMAL, " Password Set : %s", (b.usepwd) ? _RED_("Yes") : _GREEN_("No"));
if (b.usepwd) if (b.usepwd)
PrintAndLogEx(NORMAL, " Password : %08X",b.pwd); PrintAndLogEx(NORMAL, " Password : %08X", b.pwd);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -1706,6 +1721,8 @@ static int CmdT55xxDangerousRaw(const char *Cmd) {
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_t55xx_dangerraw();
case 't': case 't':
ng.time = param_get32ex(Cmd, cmdp + 1, 0, 10); ng.time = param_get32ex(Cmd, cmdp + 1, 0, 10);
if (ng.time == 0 || ng.time > 200000) { if (ng.time == 0 || ng.time > 200000) {
@ -1745,8 +1762,7 @@ static int CmdT55xxDangerousRaw(const char *Cmd) {
} }
} }
if (errors || ng.bitlen == 0 || ng.time == 0) { if (errors || ng.bitlen == 0 || ng.time == 0) {
PrintAndLogEx(ERR, "Error occurred, abort. " _RED_("DANGEROUS COMMAND, DO NOT USE!")); return usage_t55xx_dangerraw();
return PM3_EINVARG;
} }
PacketResponseNG resp; PacketResponseNG resp;
clearCommandBuffer(); clearCommandBuffer();
@ -1930,9 +1946,9 @@ void printT55x7Trace(t55x7_tracedata_t data, uint8_t repeat) {
PrintAndLogEx(NORMAL, "-------------------------------------------------------------"); PrintAndLogEx(NORMAL, "-------------------------------------------------------------");
/* /*
Trace info. Trace info.
M1, M2 has the about ATMEL defintion of trace data. M1, M2 has the about ATMEL defintion of trace data.
M3 has unique format following industry defacto standard with row/col parity M3 has unique format following industry defacto standard with row/col parity
TRACE - BLOCK O TRACE - BLOCK O
Bits Definition HEX Bits Definition HEX
@ -1953,8 +1969,8 @@ void printT55x7Trace(t55x7_tracedata_t data, uint8_t repeat) {
Startup times (FC) Startup times (FC)
M1, M2 = 192 M1, M2 = 192
M3 = 128 M3 = 128
*/ */
} }
@ -2226,11 +2242,11 @@ static int CmdT55xxDump(const char *Cmd) {
cmdp++; cmdp++;
break; break;
case 'f': case 'f':
param_getstr(Cmd, cmdp + 1, preferredName, FILE_PATH_SIZE); param_getstr(Cmd, cmdp + 1, preferredName, FILE_PATH_SIZE);
cmdp+=2; cmdp += 2;
if (strlen (preferredName) == 0) if (strlen(preferredName) == 0)
errors = true; errors = true;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -2252,21 +2268,21 @@ static int CmdT55xxDump(const char *Cmd) {
printT5xxHeader(1); printT5xxHeader(1);
for (uint8_t i = 0; i < 4; i++) for (uint8_t i = 0; i < 4; i++)
if (T55xxReadBlock(i, 1, usepwd, override, password, downlink_mode) != PM3_SUCCESS) if (T55xxReadBlock(i, 1, usepwd, override, password, downlink_mode) != PM3_SUCCESS)
T55x7_SaveBlockData (8+i,0x00); T55x7_SaveBlockData(8 + i, 0x00);
if (success) { // all ok save dump to file if (success) { // all ok save dump to file
// saveFileEML will add .eml extension to filename // saveFileEML will add .eml extension to filename
// saveFile (binary) passes in the .bin extension. // saveFile (binary) passes in the .bin extension.
if (strcmp (preferredName,"") == 0) { // Set default filename, if not set by user if (strcmp(preferredName, "") == 0) { // Set default filename, if not set by user
strcpy (preferredName,"lf-t55xx"); strcpy(preferredName, "lf-t55xx");
for (uint8_t i = 1; i <= 7; i++) { for (uint8_t i = 1; i <= 7; i++) {
if ((cardmem[i].blockdata != 0x00) && (cardmem[i].blockdata != 0xFFFFFFFF)) if ((cardmem[i].blockdata != 0x00) && (cardmem[i].blockdata != 0xFFFFFFFF))
sprintf (preferredName,"%s-%08X",preferredName,cardmem[i].blockdata); sprintf(preferredName + strlen(preferredName), "-%08X", cardmem[i].blockdata);
else else
break; break;
} }
sprintf (preferredName,"%s-data",preferredName); strcat(preferredName, "-data");
} }
// Swap endian so the files match the txt display // Swap endian so the files match the txt display
@ -2275,8 +2291,8 @@ static int CmdT55xxDump(const char *Cmd) {
for (int i = 0; i < T55x7_BLOCK_COUNT; i++) for (int i = 0; i < T55x7_BLOCK_COUNT; i++)
data[i] = BSWAP_32(cardmem[i].blockdata); data[i] = BSWAP_32(cardmem[i].blockdata);
saveFileEML(preferredName, (uint8_t *)data, T55x7_BLOCK_COUNT*sizeof(uint32_t), sizeof(uint32_t)); saveFileEML(preferredName, (uint8_t *)data, T55x7_BLOCK_COUNT * sizeof(uint32_t), sizeof(uint32_t));
saveFile (preferredName, ".bin", data, sizeof(data)); saveFile(preferredName, ".bin", data, sizeof(data));
} }
return PM3_SUCCESS; return PM3_SUCCESS;
@ -2302,11 +2318,11 @@ static int CmdT55xxRestore(const char *Cmd) {
case 'h': case 'h':
return usage_t55xx_restore(); return usage_t55xx_restore();
case 'f': case 'f':
param_getstr(Cmd, cmdp + 1, preferredName, FILE_PATH_SIZE); param_getstr(Cmd, cmdp + 1, preferredName, FILE_PATH_SIZE);
if (strlen (preferredName) == 0) if (strlen(preferredName) == 0)
errors = true; errors = true;
cmdp+=2; cmdp += 2;
break; break;
case 'p': case 'p':
password = param_get32ex(Cmd, cmdp + 1, 0, 16); password = param_get32ex(Cmd, cmdp + 1, 0, 16);
usepwd = true; usepwd = true;
@ -2320,37 +2336,37 @@ static int CmdT55xxRestore(const char *Cmd) {
} }
// File name expected to be .eml .bin or .json so sould be at least 4 // File name expected to be .eml .bin or .json so sould be at least 4
if (errors || (strlen (preferredName) == 0)) return usage_t55xx_restore(); if (errors || (strlen(preferredName) == 0)) return usage_t55xx_restore();
// split file name into prefix and ext. // split file name into prefix and ext.
int fnLength; int fnLength;
fnLength = strlen (preferredName); fnLength = strlen(preferredName);
success = PM3_ESOFT; success = PM3_ESOFT;
if (fnLength > 4) { // Holds extension [.bin|.eml] if (fnLength > 4) { // Holds extension [.bin|.eml]
memcpy (ext,&preferredName[fnLength - 4],4); memcpy(ext, &preferredName[fnLength - 4], 4);
ext[5] = 0x00; ext[5] = 0x00;
// check if valid file extension and attempt to load data // check if valid file extension and attempt to load data
if (memcmp (ext,".bin",4) == 0) { if (memcmp(ext, ".bin", 4) == 0) {
preferredName[fnLength-4] = 0x00; preferredName[fnLength - 4] = 0x00;
success = loadFile (preferredName, ".bin", data, sizeof(data),&datalen); success = loadFile(preferredName, ".bin", data, sizeof(data), &datalen);
} else if (memcmp (ext,".eml",4) == 0) { } else if (memcmp(ext, ".eml", 4) == 0) {
preferredName[fnLength-4] = 0x00; preferredName[fnLength - 4] = 0x00;
datalen = 12; datalen = 12;
success = loadFileEML(preferredName, (uint8_t *)data, &datalen); success = loadFileEML(preferredName, (uint8_t *)data, &datalen);
} else } else
PrintAndLogEx(WARNING,"\nWarning: invalid dump filename "_YELLOW_("%s")"to restore!\n",preferredName); PrintAndLogEx(WARNING, "\nWarning: invalid dump filename "_YELLOW_("%s")"to restore!\n", preferredName);
} }
if (success == PM3_SUCCESS) { // Got data, so write to cards if (success == PM3_SUCCESS) { // Got data, so write to cards
if (datalen == T55x7_BLOCK_COUNT * 4) { // 12 blocks * 4 bytes per block if (datalen == T55x7_BLOCK_COUNT * 4) { // 12 blocks * 4 bytes per block
if (usepwd) if (usepwd)
sprintf (pwdOpt,"p %08X",password); sprintf(pwdOpt, "p %08X", password);
// Restore endien for writing to card // Restore endien for writing to card
for (blockidx = 0; blockidx < 12; blockidx++) for (blockidx = 0; blockidx < 12; blockidx++)
@ -2367,27 +2383,27 @@ static int CmdT55xxRestore(const char *Cmd) {
// write out blocks 1-7 page 0 // write out blocks 1-7 page 0
for (blockidx = 1; blockidx <= 7; blockidx++) { for (blockidx = 1; blockidx <= 7; blockidx++) {
sprintf (writeCmdOpt,"b %d d %08X %s",blockidx,data[blockidx],pwdOpt); sprintf(writeCmdOpt, "b %d d %08X %s", blockidx, data[blockidx], pwdOpt);
if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS)
PrintAndLogEx(WARNING, "Warning: error writing blk %d",blockidx); PrintAndLogEx(WARNING, "Warning: error writing blk %d", blockidx);
} }
// if password was set on the "blank" update as we may have just changed it // if password was set on the "blank" update as we may have just changed it
if (usepwd) if (usepwd)
sprintf (pwdOpt,"p %08X",data[7]); sprintf(pwdOpt, "p %08X", data[7]);
// write out blocks 1-3 page 1 // write out blocks 1-3 page 1
for (blockidx = 9; blockidx <= 11; blockidx++) { for (blockidx = 9; blockidx <= 11; blockidx++) {
sprintf (writeCmdOpt,"b %d 1 d %08X %s",blockidx-8,data[blockidx],pwdOpt); sprintf(writeCmdOpt, "b %d 1 d %08X %s", blockidx - 8, data[blockidx], pwdOpt);
if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS)
PrintAndLogEx(WARNING, "Warning: error writing blk %d",blockidx); PrintAndLogEx(WARNING, "Warning: error writing blk %d", blockidx);
} }
// Update downlink mode for the page 0 config write. // Update downlink mode for the page 0 config write.
config.downlink_mode = downlink_mode; config.downlink_mode = downlink_mode;
// Write the page 0 config // Write the page 0 config
sprintf (writeCmdOpt,"b 0 d %08X %s",data[0],pwdOpt); sprintf(writeCmdOpt, "b 0 d %08X %s", data[0], pwdOpt);
if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS)
PrintAndLogEx(WARNING, "Warning: error writing blk 0"); PrintAndLogEx(WARNING, "Warning: error writing blk 0");
} }

6
client/cmdlft55xx.h
View file

@ -129,8 +129,8 @@ typedef struct {
} t55xx_conf_block_t; } t55xx_conf_block_t;
typedef struct { typedef struct {
uint32_t blockdata; uint32_t blockdata;
bool valid; bool valid;
} t55xx_memory_item_t ; } t55xx_memory_item_t ;
t55xx_conf_block_t Get_t55xx_Config(void); t55xx_conf_block_t Get_t55xx_Config(void);
@ -150,7 +150,7 @@ char *GetModelStrFromCID(uint32_t cid);
char *GetSelectedModulationStr(uint8_t id); char *GetSelectedModulationStr(uint8_t id);
char *GetDownlinkModeStr(uint8_t dlmode); char *GetDownlinkModeStr(uint8_t dlmode);
void printT5xxHeader(uint8_t page); void printT5xxHeader(uint8_t page);
void printT55xxBlock(uint8_t blockNum,bool page1); void printT55xxBlock(uint8_t blockNum, bool page1);
int printConfiguration(t55xx_conf_block_t b); int printConfiguration(t55xx_conf_block_t b);
bool t55xxAquireAndCompareBlock0(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose); bool t55xxAquireAndCompareBlock0(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose);

6
client/cmdlfverichip.c
View file

@ -97,11 +97,11 @@ static int CmdVerichipClone(const char *Cmd) {
// skip first block, 4*4 = 16 bytes left // skip first block, 4*4 = 16 bytes left
uint8_t rawhex[16] = {0}; uint8_t rawhex[16] = {0};
int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen); int res = param_gethex_to_eol(Cmd, cmdp + 1, rawhex, sizeof(rawhex), &datalen);
if ( res != 0 ) if (res != 0)
errors = true; errors = true;
for(uint8_t i = 1; i < ARRAYLEN(blocks); i++) { for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) {
blocks[i] = bytes_to_num(rawhex + ( (i - 1) * 4 ), sizeof(uint32_t)); blocks[i] = bytes_to_num(rawhex + ((i - 1) * 4), sizeof(uint32_t));
} }
cmdp += 2; cmdp += 2;
break; break;

2
client/emv/emv_pki_priv.c
View file

@ -209,7 +209,7 @@ static struct tlvdb *emv_pki_sign_key(const struct crypto_pk *cp,
if (!db) { if (!db) {
free(exp_db); free(exp_db);
return NULL; return NULL;
} }
tlvdb_add(db, exp_db); tlvdb_add(db, exp_db);

12
client/mifare/mifarehost.c
View file

@ -48,7 +48,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
payload.first_run = first_run; payload.first_run = first_run;
payload.blockno = blockno; payload.blockno = blockno;
payload.key_type = key_type; payload.key_type = key_type;
SendCommandNG(CMD_HF_MIFARE_READER, (uint8_t*)&payload, sizeof(payload)); SendCommandNG(CMD_HF_MIFARE_READER, (uint8_t *)&payload, sizeof(payload));
//flush queue //flush queue
while (kbd_enter_pressed()) { while (kbd_enter_pressed()) {
@ -79,11 +79,11 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
uint8_t ar[4]; uint8_t ar[4];
} PACKED; } PACKED;
struct p* package = (struct p*) resp.data.asBytes; struct p *package = (struct p *) resp.data.asBytes;
if (package->isOK == -6) { if (package->isOK == -6) {
*key = 0101; *key = 0101;
return 1; return 1;
} }
if (package->isOK < 0) if (package->isOK < 0)
@ -359,7 +359,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo,
PacketResponseNG resp; PacketResponseNG resp;
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_HF_MIFARE_NESTED, (uint8_t*)&payload, sizeof(payload)); SendCommandNG(CMD_HF_MIFARE_NESTED, (uint8_t *)&payload, sizeof(payload));
if (!WaitForResponseTimeout(CMD_HF_MIFARE_NESTED, &resp, 1500)) return PM3_ETIMEOUT; if (!WaitForResponseTimeout(CMD_HF_MIFARE_NESTED, &resp, 1500)) return PM3_ETIMEOUT;
@ -376,7 +376,7 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo,
uint8_t nt_b[4]; uint8_t nt_b[4];
uint8_t ks_b[4]; uint8_t ks_b[4];
} PACKED; } PACKED;
struct p* package = (struct p*)resp.data.asBytes; struct p *package = (struct p *)resp.data.asBytes;
// error during nested // error during nested
if (package->isOK) return package->isOK; if (package->isOK) return package->isOK;

6
client/proxmark3.c
View file

@ -692,19 +692,19 @@ int main(int argc, char *argv[]) {
HKEY hKey = NULL; HKEY hKey = NULL;
if(RegOpenKeyA (HKEY_CURRENT_USER,"Console",&hKey) == ERROR_SUCCESS) { if (RegOpenKeyA(HKEY_CURRENT_USER, "Console", &hKey) == ERROR_SUCCESS) {
DWORD dwType = REG_SZ; DWORD dwType = REG_SZ;
BYTE KeyValue[sizeof(dwType)]; BYTE KeyValue[sizeof(dwType)];
DWORD len = sizeof(KeyValue); DWORD len = sizeof(KeyValue);
if (RegQueryValueEx(hKey,"VirtualTerminalLevel", NULL, &dwType,KeyValue, &len) != ERROR_FILE_NOT_FOUND) { if (RegQueryValueEx(hKey, "VirtualTerminalLevel", NULL, &dwType, KeyValue, &len) != ERROR_FILE_NOT_FOUND) {
uint8_t i; uint8_t i;
uint32_t Data = 0; uint32_t Data = 0;
for (i = 0; i < 4; i++) for (i = 0; i < 4; i++)
Data += KeyValue[i] << (8 * i); Data += KeyValue[i] << (8 * i);
if (Data == 1) { // Reg key is set to 1, Ansi Color Enabled if (Data == 1) { // Reg key is set to 1, Ansi Color Enabled
session.supports_colors = true; session.supports_colors = true;
} }
} }
RegCloseKey(hKey); RegCloseKey(hKey);

2
client/wiegand_formatutils.c
View file

@ -149,7 +149,7 @@ uint8_t get_length_from_header(wiegand_message_t *data) {
hfmt >>= 1; hfmt >>= 1;
len++; len++;
} }
if (len < 26 ) if (len < 26)
len = 26; len = 26;
return len; return len;
} }

10
common/lfdemod.c
View file

@ -84,10 +84,10 @@ static void printSignal(void) {
#ifndef ON_DEVICE #ifndef ON_DEVICE
static int cmp_uint8(const void *a, const void *b) { static int cmp_uint8(const void *a, const void *b) {
if (*(const uint8_t *)a < * (const uint8_t *)b) if (*(const uint8_t *)a < * (const uint8_t *)b)
return -1; return -1;
else else
return *(const uint8_t *)a > *(const uint8_t *)b; return *(const uint8_t *)a > *(const uint8_t *)b;
} }
#endif #endif
@ -123,7 +123,7 @@ void computeSignalProperties(uint8_t *samples, uint32_t size) {
else else
signalprop.mean = 0; signalprop.mean = 0;
#else #else
for (uint32_t i = SIGNAL_IGNORE_FIRST_SAMPLES; i < size; i++) { for (uint32_t i = SIGNAL_IGNORE_FIRST_SAMPLES; i < size; i++) {
if (samples[i] < signalprop.low) signalprop.low = samples[i]; if (samples[i] < signalprop.low) signalprop.low = samples[i];
if (samples[i] > signalprop.high) signalprop.high = samples[i]; if (samples[i] > signalprop.high) signalprop.high = samples[i];
sum += samples[i]; sum += samples[i];

2
covbuild.sh
View file

@ -32,7 +32,7 @@ cov-build --dir "$COVDIR" --c-coverage=gcov --no-network-coverage --no-generate-
######################################### #########################################
# Run tests # # Run tests #
######################################### #########################################
cov-build --dir "$COVDIR" --c-coverage=gcov --no-network-coverage --test-capture ./pm3test.sh cov-build --dir "$COVDIR" --c-coverage=gcov --no-network-coverage --test-capture ./pm3test.sh long
#cov-manage-emit --dir "$COVDIR" list-coverage-known #cov-manage-emit --dir "$COVDIR" list-coverage-known
######################################### #########################################

2
include/pm3_cmd.h
View file

@ -119,6 +119,7 @@ typedef struct {
int divisor; int divisor;
int trigger_threshold; int trigger_threshold;
uint32_t samples_to_skip; uint32_t samples_to_skip;
bool verbose;
} PACKED sample_config; } PACKED sample_config;
/* /*
typedef struct { typedef struct {
@ -488,6 +489,7 @@ typedef struct {
#define CMD_HF_MIFARE_CHKKEYS_FAST 0x0625 #define CMD_HF_MIFARE_CHKKEYS_FAST 0x0625
#define CMD_HF_MIFARE_SNIFF 0x0630 #define CMD_HF_MIFARE_SNIFF 0x0630
#define CMD_HF_MIFARE_MFKEY 0x0631
//ultralightC //ultralightC
#define CMD_HF_MIFAREUC_AUTH 0x0724 #define CMD_HF_MIFAREUC_AUTH 0x0724
//0x0725 and 0x0726 no longer used //0x0725 and 0x0726 no longer used

2
traces/README.txt
View file

@ -26,3 +26,5 @@ AWID-15-259.pm3: AWID FSK RF/50 FC: 15 Card: 259
HID-weak-fob-11647.pm3: HID 32bit Prox Card#: 11647. very weak tag/read but just readable. HID-weak-fob-11647.pm3: HID 32bit Prox Card#: 11647. very weak tag/read but just readable.
visa2000.pm3: VISA2000 ASK/MAN RF/64, Card: 480518 visa2000.pm3: VISA2000 ASK/MAN RF/64, Card: 480518
securakey-64169.pm3 Securakey Tag BitLen: 26, Card ID: 64169, FC: 0x35 securakey-64169.pm3 Securakey Tag BitLen: 26, Card ID: 64169, FC: 0x35
motorola_0437_00072.pm3 - Motorola Grey clamshell card, old. (RAW: A0000000E308C0C1)

39999
traces/motorola_0437_00072.pm3 Normal file
View file

File diff suppressed because it is too large Load diff