github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: enhanced verify t55xx write.

Browse source 
We set config to the cloned block0,  whats left is to identify the offset,  which we try to do.
This commit is contained in:
iceman1001 2019-09-16 11:11:54 +02:00
commit 3726df62a4
14 changed files with 202 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

15
client/cmdlfawid.c
View file

@ -26,6 +26,7 @@
#include "cmdlf.h" // lf read
#include "protocols.h" // for T55xx config register definitions
#include "util_posix.h"
#include "cmdlft55xx.h" // verifywrite
static int CmdHelp(const char *Cmd);
/*
@ -414,6 +415,7 @@ static int CmdAWIDClone(const char *Cmd) {
PrintAndLogEx(INFO, "Preparing to clone AWID %u to T55x7 with FC: %u, CN: %u", fmtlen, fc, cn);
print_blocks(blocks, 4);
uint8_t res = 0;
PacketResponseNG resp;
// fast push mode
@ -437,7 +439,20 @@ static int CmdAWIDClone(const char *Cmd) {
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
return PM3_ETIMEOUT;
}
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
}
if ( res == 0 )
PrintAndLogEx(SUCCESS, "Success writing to tag");
return PM3_SUCCESS;
}

15
client/cmdlffdx.c
View file

@ -24,6 +24,7 @@
#include "crc16.h" // for checksum crc-16_ccitt
#include "protocols.h" // for T55xx config register definitions
#include "lfdemod.h" // parityTest
#include "cmdlft55xx.h" // verifywrite
/*
FDX-B ISO11784/85 demod (aka animal tag) BIPHASE, inverted, rf/32, with preamble of 00000000001 (128bits)
@ -296,6 +297,7 @@ static int CmdFdxClone(const char *Cmd) {
PrintAndLogEx(INFO, "Preparing to clone FDX-B to T55x7 with animal ID: %04u-%"PRIu64, countryid, animalid);
print_blocks(blocks, 5);
uint8_t res = 0;
PacketResponseNG resp;
// fast push mode
@ -318,7 +320,20 @@ static int CmdFdxClone(const char *Cmd) {
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
return PM3_ETIMEOUT;
}
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
}
if ( res == 0 )
PrintAndLogEx(SUCCESS, "Success writing to tag");
return PM3_SUCCESS;
}

15
client/cmdlfguard.c
View file

@ -21,6 +21,7 @@
#include "cmdlf.h"
#include "protocols.h" // for T55xx config register definitions
#include "lfdemod.h" // parityTest
#include "cmdlft55xx.h" // verifywrite
static int CmdHelp(const char *Cmd);
@ -183,6 +184,7 @@ static int CmdGuardClone(const char *Cmd) {
PrintAndLogEx(INFO, "Preparing to clone Guardall to T55x7 with Facility Code: %u, Card Number: %u", facilitycode, cardnumber);
print_blocks(blocks, 4);
uint8_t res = 0;
PacketResponseNG resp;
// fast push mode
@ -205,7 +207,20 @@ static int CmdGuardClone(const char *Cmd) {
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
return PM3_ETIMEOUT;
}
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
}
if ( res == 0 )
PrintAndLogEx(SUCCESS, "Success writing to tag");
return PM3_SUCCESS;
}

24
client/cmdlfindala.c
View file

@ -468,21 +468,21 @@ static int CmdIndalaClone(const char *Cmd) {
if (isLongUid) {
PrintAndLogEx(INFO, "Preparing to clone Indala 224bit tag with RawID %s", sprint_hex(data, datalen));
uint32_t datawords[7] = {0};
datawords[0] = bytes_to_num(data, 4);
datawords[1] = bytes_to_num(data + 4, 4);
datawords[2] = bytes_to_num(data + 8, 4);
datawords[3] = bytes_to_num(data + 12, 4);
datawords[4] = bytes_to_num(data + 16, 4);
datawords[5] = bytes_to_num(data + 20, 4);
datawords[6] = bytes_to_num(data + 24, 4);
uint32_t blocks[7] = {0};
blocks[0] = bytes_to_num(data, 4);
blocks[1] = bytes_to_num(data + 4, 4);
blocks[2] = bytes_to_num(data + 8, 4);
blocks[3] = bytes_to_num(data + 12, 4);
blocks[4] = bytes_to_num(data + 16, 4);
blocks[5] = bytes_to_num(data + 20, 4);
blocks[6] = bytes_to_num(data + 24, 4);
clearCommandBuffer();
SendCommandOLD(CMD_LF_INDALA224_CLONE, 0, 0, 0, datawords, sizeof(datawords));
SendCommandOLD(CMD_LF_INDALA224_CLONE, 0, 0, 0, blocks, sizeof(blocks));
} else {
PrintAndLogEx(INFO, "Preparing to clone Indala 64bit tag with RawID %s", sprint_hex(data, datalen));
uint32_t datawords[2] = {0};
datawords[0] = bytes_to_num(data, 4);
datawords[1] = bytes_to_num(data + 4, 4);
uint32_t blocks[2] = {0};
blocks[0] = bytes_to_num(data, 4);
blocks[1] = bytes_to_num(data + 4, 4);
clearCommandBuffer();
SendCommandOLD(CMD_LF_INDALA_CLONE, 0, 0, 0, datawords, sizeof(datawords));
}

15
client/cmdlfjablotron.c
View file

@ -24,6 +24,7 @@
#include "cmdlf.h"
#include "protocols.h" // for T55xx config register definitions
#include "lfdemod.h" // parityTest
#include "cmdlft55xx.h" // verifywrite
static int CmdHelp(const char *Cmd);
@ -170,6 +171,7 @@ static int CmdJablotronClone(const char *Cmd) {
PrintAndLogEx(INFO, "Preparing to clone Jablotron to T55x7 with FullCode: %"PRIx64, fullcode);
print_blocks(blocks, 3);
uint8_t res = 0;
PacketResponseNG resp;
// fast push mode
@ -192,7 +194,20 @@ static int CmdJablotronClone(const char *Cmd) {
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
return PM3_ETIMEOUT;
}
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
}
if ( res == 0 )
PrintAndLogEx(SUCCESS, "Success writing to tag");
return PM3_SUCCESS;
}

14
client/cmdlfkeri.c
View file

@ -22,6 +22,7 @@
#include "cmdlf.h"
#include "protocols.h" // for T55xx config register definitions
#include "lfdemod.h" // preamble test
#include "cmdlft55xx.h" // verifywrite
static int CmdHelp(const char *Cmd);
@ -159,6 +160,7 @@ static int CmdKeriClone(const char *Cmd) {
blocks[2] = data & 0xFFFFFFFF;
print_blocks(blocks, 3);
uint8_t res = 0;
PacketResponseNG resp;
// fast push mode
@ -181,8 +183,20 @@ static int CmdKeriClone(const char *Cmd) {
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
return PM3_ETIMEOUT;
}
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
}
if ( res == 0 )
PrintAndLogEx(SUCCESS, "Success writing to tag");
return PM3_SUCCESS;
}

35
client/cmdlfnedap.c
View file

@ -9,20 +9,6 @@
#include "cmdlfnedap.h"
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include "cmdparser.h" // command_t
#include "comms.h"
#include "crc16.h"
#include "cmdlft55xx.h"
#include "ui.h"
#include "cmddata.h"
#include "cmdlf.h"
#include "lfdemod.h"
#define FIXED_71 0x71
#define FIXED_40 0x40
#define UNKNOWN_A 0x00
@ -469,6 +455,7 @@ int CmdLFNedapClone(const char *Cmd) {
PrintAndLogEx(SUCCESS, "Preparing to clone NEDAP to T55x7");
print_blocks(blocks, max);
uint8_t res = 0;
PacketResponseNG resp;
// fast push mode
@ -490,10 +477,24 @@ int CmdLFNedapClone(const char *Cmd) {
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
return PM3_ETIMEOUT;
}
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
}
if ( res == 0 )
PrintAndLogEx(SUCCESS, "Success writing to tag");
else {
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "The block 0 was changed (eXtended) which can be hard to detect.");
PrintAndLogEx(INFO, " Configure it manually " _YELLOW_("`lf t55xx config b 64 d BI i 1 o 32`"));
}
PrintAndLogEx(NORMAL, "\n");
PrintAndLogEx(INFO, "The block 0 was changed (eXtended) which can be hard to detect.");
PrintAndLogEx(INFO, " Configure it manually " _YELLOW_("`lf t55xx config b 64 d BI i 1 o 32`"));
return PM3_SUCCESS;
}

13
client/cmdlfnedap.h
View file

@ -11,6 +11,19 @@
#include "common.h"
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include "cmdparser.h" // command_t
#include "comms.h"
#include "crc16.h"
#include "cmdlft55xx.h" // verifywrite
#include "ui.h"
#include "cmddata.h"
#include "cmdlf.h"
#include "lfdemod.h"
int CmdLFNedap(const char *Cmd);
int demodNedap(void);

9
client/cmdlfnoralsy.c
View file

@ -177,13 +177,14 @@ static int CmdNoralsyClone(const char *Cmd) {
return PM3_ETIMEOUT;
}
// write block0, needs a detect.
if (i == 0)
t55xxAquireAndDetect(false, 0, blocks[i], false);
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
}
if ( res == 0 )

13
client/cmdlfpresco.c
View file

@ -144,16 +144,15 @@ static int CmdPrescoClone(const char *Cmd) {
return PM3_ETIMEOUT;
}
// write block0, needs a detect.
if (i == 0) {
printf("enter detect ");
bool ok = t55xxAquireAndDetect(false, 0, blocks[i], false);
printf(" b0 = '%c' \n", (ok) ? 'Y':'N');
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false) {
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;
printf(" i = %d \n", i);
}
}
if ( res == 0 )

8
client/cmdlfpyramid.c
View file

@ -254,9 +254,11 @@ static int CmdPyramidClone(const char *Cmd) {
return PM3_ETIMEOUT;
}
// write block0, needs a detect.
if (i == 0)
t55xxAquireAndDetect(false, 0, blocks[i], false);
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;

82
client/cmdlft55xx.c
View file

@ -405,6 +405,32 @@ static bool t55xxProtect(bool lock, bool usepwd, uint8_t override, uint32_t pass
}
}
bool t55xxAquireAndCompareBlock0(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose) {
if (verbose)
PrintAndLogEx(INFO, "Block0 write detected, running `detect` to see if validation is possible");
for ( uint8_t m = 0; m < 4; m++) {
if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, m) == false) {
continue;
}
if (DecodeT55xxBlock() == false) {
continue;
}
for( uint16_t i = 0; DemodBufferLen - 32; i++) {
uint32_t tmp = PackBits(i, 32, DemodBuffer);
if ( tmp == known_block0 ) {
config.offset = i;
config.downlink_mode = m;
return true;
}
}
}
return false;
}
bool t55xxAquireAndDetect(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose) {
if (verbose)
@ -417,6 +443,7 @@ bool t55xxAquireAndDetect(bool usepwd, uint32_t password, uint32_t known_block0,
if (tryDetectModulationEx(m, verbose, known_block0) == false)
continue;
config.downlink_mode = m;
return true;
}
return false;
@ -491,6 +518,36 @@ void printT5xxHeader(uint8_t page) {
PrintAndLogEx(SUCCESS, "----+----------+----------------------------------+-------");
}
void SetConfigWithBlock0(uint32_t block0) {
// T55x7
uint32_t extend = (block0 >> (32 - 15)) & 0x01;
uint32_t dbr;
if (extend)
dbr = (block0 >> (32 - 14)) & 0x3F;
else
dbr = (block0 >> (32 - 14)) & 0x07;
uint32_t datamod = (block0 >> (32 - 20)) & 0x1F;
bool pwd = (bool)((block0 >> (32 - 28)) & 0x01);
bool sst = (bool)((block0 >> (32 - 29)) & 0x01);
bool inv = (bool)((block0 >> (32 - 31)) & 0x01);
config.modulation = datamod;
config.bitrate = dbr;
// FSK1a, FSK2a
if ( datamod == DEMOD_FSK1a || datamod == DEMOD_FSK2a || datamod == DEMOD_BIa )
config.inverted = 1;
else
config.inverted = inv;
config.Q5 = 0;
config.ST = sst;
config.usepwd = pwd;
config.offset = 0;
config.block0 = block0;
}
static int CmdT55xxSetConfig(const char *Cmd) {
// No args
@ -621,30 +678,11 @@ static int CmdT55xxSetConfig(const char *Cmd) {
if ( gotconf ) {
// Q5
// Q5 - to be implemented
// T55x7
uint32_t extend = (block0 >> (32 - 15)) & 0x01;
uint32_t dbr;
if (extend)
dbr = (block0 >> (32 - 14)) & 0x3F;
else
dbr = (block0 >> (32 - 14)) & 0x07;
SetConfigWithBlock0(block0);
uint32_t datamod = (block0 >> (32 - 20)) & 0x1F;
bool pwd = (bool)((block0 >> (32 - 28)) & 0x01);
bool sst = (bool)((block0 >> (32 - 29)) & 0x01);
bool inv = (bool)((block0 >> (32 - 31)) & 0x01);
config.modulation = datamod;
config.bitrate = dbr;
config.inverted = inv;
config.Q5 = 0;
config.ST = sst;
config.usepwd = pwd;
config.offset = 0;
config.block0 = block0;
} else {
config.block0 = 0;
}

3
client/cmdlft55xx.h
View file

@ -131,6 +131,8 @@ void Set_t55xx_Config(t55xx_conf_block_t conf);
int CmdLFT55XX(const char *Cmd);
void SetConfigWithBlock0(uint32_t block0);
char *GetPskCfStr(uint32_t id, bool q5);
char *GetBitRateStr(uint32_t id, bool xmode);
char *GetSaferStr(uint32_t id);
@ -143,6 +145,7 @@ void printT5xxHeader(uint8_t page);
void printT55xxBlock(uint8_t blockNum);
int printConfiguration(t55xx_conf_block_t b);
bool t55xxAquireAndCompareBlock0(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose);
bool t55xxAquireAndDetect(bool usepwd, uint32_t password, uint32_t known_block0, bool verbose);
bool t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data);
int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode);

10
client/cmdlfvisa2000.c
View file

@ -189,11 +189,13 @@ static int CmdVisa2kClone(const char *Cmd) {
PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
return PM3_ETIMEOUT;
}
}
// write block0, needs a detect.
if (i == 0)
t55xxAquireAndDetect(false, 0, blocks[i], false);
if (i == 0) {
SetConfigWithBlock0(blocks[0]);
if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
continue;
}
if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
res++;