github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #834 from tharexde/4x50_wipe

Browse source 
added 4x50_wipe
This commit is contained in:
Iceman 2020-07-11 09:47:41 +02:00 committed by GitHub
commit 7106b48065
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 133 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
armsrc/appmain.c
View file

@ -1023,7 +1023,10 @@ static void PacketReceived(PacketCommandNG *packet) {
em4x50_read((em4x50_data_t *)packet->data.asBytes);
break;
}
case CMD_LF_EM4X50_WIPE: {
em4x50_wipe((em4x50_data_t *)packet->data.asBytes);
break;
}
#endif
#ifdef WITH_ISO15693

58
armsrc/em4x50.c
View file

@ -1028,3 +1028,61 @@ void em4x50_write_password(em4x50_data_t *etd) {
lf_finalize();
reply_ng(CMD_ACK, bsuccess, 0, 0);
}
void em4x50_wipe(em4x50_data_t *etd) {
// set all data of EM4x50 tag to 0x0 including password
bool bsuccess = false;
uint8_t zero[4] = {0, 0, 0, 0};
uint8_t addresses[4] = {0, 0, EM4X50_NO_WORDS - 3, 1};
init_tag();
em4x50_setup_read();
// set gHigh and gLow
if (get_signalproperties() && find_em4x50_tag()) {
// login first
if (login(etd->password)) {
// write 0x0 to each address but ignore addresses
// 0 -> password, 32 -> serial, 33 -> uid
// writing 34 words takes about 3.6 seconds -> high timeout needed
for (int i = 1; i <= EM4X50_NO_WORDS - 3; i++)
write(zero, i);
// to verify result reset EM4x50
if (reset()) {
// login not necessary because protectd word has been set to 0
// -> no read protected words
// -> selective read can be called immediately
if (selective_read(addresses)) {
// check if everything is zero
bsuccess = true;
for (int i = 1; i <= EM4X50_NO_WORDS - 3; i++)
for (int j = 0; j < 4; j++)
bsuccess &= (tag.sectors[i][j] == 0) ? true : false;
}
if (bsuccess) {
// so far everything is fine
// last task: reset password
if (login(etd->password))
bsuccess = write_password(etd->password, zero);
// verify by login with new password
if (bsuccess)
bsuccess = login(zero);
}
}
}
}
lf_finalize();
reply_ng(CMD_ACK, bsuccess, (uint8_t *)tag.sectors, 238);
}

1
armsrc/em4x50.h
View file

@ -21,5 +21,6 @@ void em4x50_info(em4x50_data_t *etd);
void em4x50_write(em4x50_data_t *etd);
void em4x50_write_password(em4x50_data_t *etd);
void em4x50_read(em4x50_data_t *etd);
void em4x50_wipe(em4x50_data_t *etd);
#endif /* EM4X50_H */

1
client/src/cmdlfem4x.c
View file

@ -1400,6 +1400,7 @@ static command_t CommandTable[] = {
{"4x50_write", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"},
{"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"},
{"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"},
{"4x50_wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe data from EM4x50"},
{NULL, NULL, NULL, NULL}
};

66
client/src/cmdlfem4x50.c
View file

@ -85,6 +85,18 @@ static int usage_lf_em4x50_dump(void) {
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_dump f card_nnn p 11223344"));
return PM3_SUCCESS;
}
static int usage_lf_em4x50_wipe(void) {
PrintAndLogEx(NORMAL, "Wipe data from EM4x50 tag. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_wipe [h] [p <pwd>]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " p <pwd> - password (hex)");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_wwipe p 11223344"));
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) {
@ -672,3 +684,57 @@ int CmdEM4x50Dump(const char *Cmd) {
//saveFileJSON...
return PM3_SUCCESS;
}
int CmdEM4x50Wipe(const char *Cmd) {
// fills EM4x50 tag with zeros including password
bool errors = false, bpwd = false;
uint8_t cmdp = 0;
em4x50_data_t etd;
PacketResponseNG resp;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_lf_em4x50_wipe();
case 'p':
if (param_gethex(Cmd, cmdp + 1, etd.password, 8)) {
PrintAndLogEx(FAILED, "\npassword has to be 8 hex symbols\n");
return PM3_EINVARG;
}
bpwd = true;
cmdp += 2;
break;
default:
PrintAndLogEx(WARNING, "\nUnknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors || !bpwd)
return usage_lf_em4x50_wipe();
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_WIPE, (uint8_t *)&etd, sizeof(etd));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2*TIMEOUT)) {
PrintAndLogEx(WARNING, "\ntimeout while waiting for reply.\n");
return PM3_ETIMEOUT;
}
// print response
bool isOK = resp.status;
if (isOK) {
PrintAndLogEx(SUCCESS,"\nwiping data " _GREEN_("ok") "\n");
} else {
PrintAndLogEx(FAILED,"\nwiping data " _RED_("failed") "\n");
return PM3_ESOFT;
}
return PM3_SUCCESS;
}

2
client/src/cmdlfem4x50.h
View file

@ -23,4 +23,6 @@ int CmdEM4x50Write(const char *Cmd);
int CmdEM4x50WritePassword(const char *Cmd);
int CmdEM4x50Read(const char *Cmd);
int CmdEM4x50Dump(const char *Cmd);
int CmdEM4x50Wipe(const char *Cmd);
#endif

1
include/pm3_cmd.h
View file

@ -406,6 +406,7 @@ typedef struct {
#define CMD_LF_EM4X50_WRITE 0x0241
#define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242
#define CMD_LF_EM4X50_READ 0x0243
#define CMD_LF_EM4X50_WIPE 0x0244
// Sampling configuration for LF reader/sniffer
#define CMD_LF_SAMPLING_SET_CONFIG 0x021D
#define CMD_LF_FSK_SIMULATE 0x021E