github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

- added first version of 4x50_chk

Browse source 
- renamed 4x50_write_password to 4x50_writepwd
- added check regarding valid data in emulation memory for 4x50_sim
This commit is contained in:
tharexde 2020-11-01 22:47:00 +01:00
commit 65a591119b
1 changed files with 54 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

42
armsrc/em4x50.c
View file

@ -1072,7 +1072,7 @@ void em4x50_write(em4x50_data_t *etd) {
reply_ng(CMD_LF_EM4X50_WRITE, status, (uint8_t *)words, 136); reply_ng(CMD_LF_EM4X50_WRITE, status, (uint8_t *)words, 136);
} }
void em4x50_write_password(em4x50_data_t *etd) { void em4x50_writepwd(em4x50_data_t *etd) {
// simple change of password // simple change of password
@ -1096,7 +1096,7 @@ void em4x50_write_password(em4x50_data_t *etd) {
} }
lf_finalize(); lf_finalize();
reply_ng(CMD_LF_EM4X50_WRITE_PASSWORD, bsuccess, 0, 0); reply_ng(CMD_LF_EM4X50_WRITEPWD, bsuccess, 0, 0);
} }
void em4x50_wipe(uint32_t *password) { void em4x50_wipe(uint32_t *password) {
@ -1389,6 +1389,7 @@ void em4x50_sim(void) {
// simulate uploaded data in emulator memory // simulate uploaded data in emulator memory
// (currently only a one-way communication is possible) // (currently only a one-way communication is possible)
int status = PM3_SUCCESS;
uint8_t *em4x50_mem = BigBuf_get_EM_addr(); uint8_t *em4x50_mem = BigBuf_get_EM_addr();
uint32_t words[EM4X50_NO_WORDS] = {0x0}; uint32_t words[EM4X50_NO_WORDS] = {0x0};
@ -1398,6 +1399,8 @@ void em4x50_sim(void) {
for (int i = 0; i < EM4X50_NO_WORDS; i++) for (int i = 0; i < EM4X50_NO_WORDS; i++)
words[i] = reflect32(bytes_to_num(em4x50_mem + (i * 4), 4)); words[i] = reflect32(bytes_to_num(em4x50_mem + (i * 4), 4));
if ((words[EM4X50_DEVICE_SERIAL] != 0x0) && (words[EM4X50_DEVICE_ID] != 0X0)) {
// extract control data // extract control data
int fwr = words[CONFIG_BLOCK] & 0xFF; // first word read int fwr = words[CONFIG_BLOCK] & 0xFF; // first word read
int lwr = (words[CONFIG_BLOCK] >> 8) & 0xFF; // last word read int lwr = (words[CONFIG_BLOCK] >> 8) & 0xFF; // last word read
@ -1420,9 +1423,12 @@ void em4x50_sim(void) {
em4x50_sim_send_word(words[i]); em4x50_sim_send_word(words[i]);
} }
} }
} else {
status = PM3_ENODATA;
}
lf_finalize(); lf_finalize();
reply_ng(CMD_LF_EM4X50_SIM, 1, 0, 0); reply_ng(CMD_LF_EM4X50_SIM, status, 0, 0);
} }
void em4x50_stdread(void) { void em4x50_stdread(void) {
@ -1442,3 +1448,33 @@ void em4x50_stdread(void) {
lf_finalize(); lf_finalize();
reply_ng(CMD_LF_EM4X50_STDREAD, now, (uint8_t *)words, 4 * now); reply_ng(CMD_LF_EM4X50_STDREAD, now, (uint8_t *)words, 4 * now);
} }
void em4x50_chk(uint32_t *numkeys) {
// reads data that tag transmits "voluntarily" -> standard read mode
bool bsuccess = false;
uint32_t password = 0x0;
uint32_t keys[200] = {0x0};
uint8_t *em4x50_mem = BigBuf_get_EM_addr();
em4x50_setup_read();
// read data from emulator memory
for (int i = 0; i < *numkeys; i++)
keys[i] = bytes_to_num(em4x50_mem + (i * 4), 4);
// set gHigh and gLow
if (get_signalproperties() && find_em4x50_tag()) {
for (int i = 0; i < *numkeys; i++) {
if (login(keys[i])) {
bsuccess = true;
password = keys[i];
break;
}
}
}
lf_finalize();
reply_ng(CMD_LF_EM4X50_CHK, bsuccess, (uint8_t *)&password, 32);
}