github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

lf t55xx write - now uses cliparser

Browse source
This commit is contained in:
iceman1001 2021-03-07 22:00:33 +01:00
commit 7377a45bd0
8 changed files with 103 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

4
client/luascripts/tests/lf_t55xx_defaultask.lua
View file

@ -20,7 +20,7 @@ The outlined procedure is as following:
-- manchester -- manchester
-- bit rate -- bit rate
"lf t55xx write b 0 d 00008040" "lf t55xx write -b 0 -d 00008040"
"lf t55xx detect" "lf t55xx detect"
"lf t55xx info" "lf t55xx info"
@ -118,7 +118,7 @@ local function test()
elseif _ == 1 then elseif _ == 1 then
local config = pcmd:format(config1, y, config2) local config = pcmd:format(config1, y, config2)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write -b 0 -d %s'):format(config))
local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags) local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags)
local wc = Command:newNG{cmd = cmds.CMD_LF_T55XX_WRITEBL, data = data} local wc = Command:newNG{cmd = cmds.CMD_LF_T55XX_WRITEBL, data = data}

4
client/luascripts/tests/lf_t55xx_defaultbi.lua
View file

@ -14,7 +14,7 @@ The outlined procedure is as following:
--BIPHASE 00010040 --BIPHASE 00010040
-- --
"lf t55xx write b 0 d 00010040" "lf t55xx write -b 0 -d 00010040"
"lf t55xx detect" "lf t55xx detect"
"lf t55xx info" "lf t55xx info"
@ -112,7 +112,7 @@ local function test()
elseif _ == 1 then elseif _ == 1 then
local config = pcmd:format(config1, y, config2) local config = pcmd:format(config1, y, config2)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write -b 0 -d %s'):format(config))
local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags) local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags)

4
client/luascripts/tests/lf_t55xx_defaultfsk.lua
View file

@ -17,7 +17,7 @@ The outlined procedure is as following:
-- FSK1 -- FSK1
-- bit rate -- bit rate
"lf t55xx write b 0 d 00007040" "lf t55xx write -b 0 -d 00007040"
"lf t55xx detect" "lf t55xx detect"
"lf t55xx info" "lf t55xx info"
@ -114,7 +114,7 @@ local function test(modulation)
elseif _ == 1 then elseif _ == 1 then
local config = pcmd:format(config1, y, modulation, config2) local config = pcmd:format(config1, y, modulation, config2)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write -b 0 -d %s'):format(config))
local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags) local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags)
local wc = Command:newNG{cmd = cmds.CMD_LF_T55XX_WRITEBL, data = data} local wc = Command:newNG{cmd = cmds.CMD_LF_T55XX_WRITEBL, data = data}

4
client/luascripts/tests/lf_t55xx_defaultpsk.lua
View file

@ -11,7 +11,7 @@ desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040
The outlined procedure is as following: The outlined procedure is as following:
"lf t55xx write b 0 d 00088040" "lf t55xx write -b 0 -d 00088040"
"lf t55xx detect" "lf t55xx detect"
"lf t55xx info" "lf t55xx info"
@ -118,7 +118,7 @@ local function test(modulation)
dbg('Writing to T55x7 TAG') dbg('Writing to T55x7 TAG')
local config = cmd:format(bitrate, modulation, clockrate) local config = cmd:format(bitrate, modulation, clockrate)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write -b 0 -d %s'):format(config))
local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags) local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(config, 32), password, block, flags)

12
client/luascripts/tests/lf_t55xx_writetest.lua
View file

@ -17,10 +17,10 @@ It will then try to detect and read back those block data and compare if read da
lf t55xx wipe lf t55xx wipe
lf t55xx detect lf t55xx detect
lf t55xx write b 1 d 00000000 lf t55xx write -b 1 -d 00000000
lf t55xx write b 2 d ffffffff lf t55xx write -b 2 -d ffffffff
lf t55xx write b 3 d 80000000 lf t55xx write -b 3 -d 80000000
lf t55xx write b 4 d 00000001 lf t55xx write -b 4 -d 00000001
Loop: Loop:
@ -278,7 +278,7 @@ local function WipeCard()
core.console('rem [ERR:DETECT:WIPED] Failed to detect after wipe') core.console('rem [ERR:DETECT:WIPED] Failed to detect after wipe')
return false return false
else else
local wipe_data_cmd = 'lf t55xx write b %s d %s' local wipe_data_cmd = 'lf t55xx write -b %s -d %s'
for _ = 1, #data_blocks_cmds do for _ = 1, #data_blocks_cmds do
local val = data_blocks_cmds[_] local val = data_blocks_cmds[_]
local c = string.format(wipe_data_cmd, _, val) local c = string.format(wipe_data_cmd, _, val)
@ -321,7 +321,7 @@ local function test(modulation)
core.clearCommandBuffer() core.clearCommandBuffer()
-- Write Config block -- Write Config block
dbg(('lf t55xx write b 0 d %s'):format(p_config_cmd)) dbg(('lf t55xx write -b 0 -d %s'):format(p_config_cmd))
local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(p_config_cmd, 32), password, block, flags) local data = ('%s%s%s%s'):format(utils.SwapEndiannessStr(p_config_cmd, 32), password, block, flags)

178
client/src/cmdlft55xx.c
View file

@ -68,19 +68,6 @@ void Set_t55xx_Config(t55xx_conf_block_t conf) {
static int CmdHelp(const char *Cmd); static int CmdHelp(const char *Cmd);
static void print_usage_t55xx_downloadlink(uint8_t ShowAll, uint8_t dl_mode_default) {
if (ShowAll == T55XX_DLMODE_ALL)
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding 0|1|2|3|4");
else
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding 0|1|2|3");
PrintAndLogEx(NORMAL, " 0 - fixed bit length%s", (dl_mode_default == 0) ? " (detected default)" : ""); // default will be whats in config struct
PrintAndLogEx(NORMAL, " 1 - long leading reference%s", (dl_mode_default == 1) ? " (detected default)" : "");
PrintAndLogEx(NORMAL, " 2 - leading zero%s", (dl_mode_default == 2) ? " (detected default)" : "");
PrintAndLogEx(NORMAL, " 3 - 1 of 4 coding reference%s", (dl_mode_default == 3) ? " (detected default)" : "");
if (ShowAll == T55XX_DLMODE_ALL)
PrintAndLogEx(NORMAL, " 4 - Try all downlink modes%s", (dl_mode_default == 4) ? " (default)" : "");
}
static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, uint8_t dl_mode_def) { static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, uint8_t dl_mode_def) {
char *r0 = (char *)calloc(56, sizeof(uint8_t)); char *r0 = (char *)calloc(56, sizeof(uint8_t));
@ -108,25 +95,6 @@ static void arg_add_t55xx_downloadlink(void *at[], uint8_t *idx, uint8_t show, u
*idx = n; *idx = n;
} }
static int usage_t55xx_write(void) {
PrintAndLogEx(NORMAL, "Usage: lf t55xx write [r <mode>] b <block> d <data> [p <password>] [1] [t] [v]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " b <block> - block number to write. Between 0-7");
PrintAndLogEx(NORMAL, " d <data> - 4 bytes of data to write (8 hex characters)");
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex characters)");
PrintAndLogEx(NORMAL, " 1 - OPTIONAL write Page 1 instead of Page 0");
PrintAndLogEx(NORMAL, " t - OPTIONAL test mode write - ****DANGER****");
PrintAndLogEx(NORMAL, " v - OPTIONAL validate data afterwards");
print_usage_t55xx_downloadlink(T55XX_DLMODE_SINGLE, config.downlink_mode);
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" lf t55xx write b 3 d 11223344") " - write 11223344 to block 3");
PrintAndLogEx(NORMAL, _YELLOW_(" lf t55xx write b 3 d 11223344 p feedbeef") " - write 11223344 to block 3 password feedbeef");
PrintAndLogEx(NORMAL, _YELLOW_(" lf t55xx write b 3 d 11223344 v") " - write 11223344 to block 3 and try to validate data");
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
static int CmdT55xxCloneHelp(const char *Cmd) { static int CmdT55xxCloneHelp(const char *Cmd) {
(void)Cmd; // Cmd is not used so far (void)Cmd; // Cmd is not used so far
PrintAndLogEx(NORMAL, "For cloning specific techs on T55xx tags, see commands available in corresponding LF sub-menus, e.g.:"); PrintAndLogEx(NORMAL, "For cloning specific techs on T55xx tags, see commands available in corresponding LF sub-menus, e.g.:");
@ -1544,74 +1512,86 @@ int printConfiguration(t55xx_conf_block_t b) {
} }
static int CmdT55xxWriteBlock(const char *Cmd) { static int CmdT55xxWriteBlock(const char *Cmd) {
uint8_t block = 0xFF; // default to invalid block CLIParserContext *ctx;
CLIParserInit(&ctx, "lf t55xx write",
"Write T55xx block data",
"lf t55xx write -b 3 -d 11223344 --> write 11223344 to block 3\n"
"lf t55xx write -b 3 -d 11223344 --pwd 01020304 --> write 11223344 to block 3, pwd 01020304\n"
"lf t55xx write -b 3 -d 11223344 --pwd 01020304 --verify --> write 11223344 to block 3 and try validating write"
);
// 1 (help) + 6 (six user specified params) + (5 T55XX_DLMODE_SINGLE)
void *argtable[7 + 5] = {
arg_param_begin,
arg_int1("b", "blk", "<0-7>", "block number to write"),
arg_str0("d", "data", "<hex>", "data to write (4 hex bytes)"),
arg_str0("p", "pwd", "<hex>", "password (4 hex bytes)"),
arg_lit0("t", "tm", "test mode write ( " _RED_("danger") " )"),
arg_lit0(NULL, "pg1", "write page 1"),
arg_lit0(NULL, "verify", "try validate data afterward"),
};
uint8_t idx = 7;
arg_add_t55xx_downloadlink(argtable, &idx, T55XX_DLMODE_SINGLE, config.downlink_mode);
CLIExecWithReturn(ctx, Cmd, argtable, true);
int block = arg_get_int_def(ctx, 1, REGULAR_READ_MODE_BLOCK);
uint32_t data = 0; // default to blank Block uint32_t data = 0; // default to blank Block
uint32_t password = 0; // default to blank Block 7 int res = arg_get_u32_hexstr_def_nlen(ctx, 2, 0, &data, 4, true);
if (res == 0 || res == 2) {
PrintAndLogEx(ERR, "data must be 4 hex bytes");
CLIParserFree(ctx);
return PM3_EINVARG;
}
bool usepwd = false; bool usepwd = false;
bool page1 = false; uint32_t password = 0; // default to blank Block 7
bool gotdata = false; res = arg_get_u32_hexstr_def_nlen(ctx, 3, 0, &password, 4, true);
bool testMode = false; if (res == 0 || res == 2) {
bool errors = false; PrintAndLogEx(ERR, "Password should be 4 hex bytes");
bool validate = false; CLIParserFree(ctx);
uint8_t cmdp = 0; return PM3_EINVARG;
uint32_t downlink_mode = config.downlink_mode;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_t55xx_write();
case 'b':
errors |= param_getdec(Cmd, cmdp + 1, &block);
cmdp += 2;
if (block > 7) {
PrintAndLogEx(WARNING, "Block number must be between 0 and 7");
errors = true;
} }
break; if (res == 1) {
case 'd':
data = param_get32ex(Cmd, cmdp + 1, 0, 16);
gotdata = true;
cmdp += 2;
break;
case 'p':
password = param_get32ex(Cmd, cmdp + 1, 0, 16);
usepwd = true; usepwd = true;
cmdp += 2;
break;
case 't':
testMode = true;
cmdp++;
break;
case '1':
page1 = true;
cmdp++;
break;
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
case 'v':
validate = true;
cmdp++;
break;
default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
} }
bool testmode = arg_get_lit(ctx, 4);
bool page1 = arg_get_lit(ctx, 5);
bool validate = arg_get_lit(ctx, 6);
bool r0 = arg_get_lit(ctx, 7);
bool r1 = arg_get_lit(ctx, 8);
bool r2 = arg_get_lit(ctx, 9);
bool r3 = arg_get_lit(ctx, 10);
CLIParserFree(ctx);
if ((r0 + r1 + r2 + r3) > 1) {
PrintAndLogEx(FAILED, "Error multiple downlink encoding");
return PM3_EINVARG;
} }
if (errors || !gotdata) return usage_t55xx_write();
char pwdStr[16] = {0}; uint8_t downlink_mode = config.downlink_mode;
snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password); if (r0)
downlink_mode = refFixedBit;
else if (r1)
downlink_mode = refLongLeading;
else if (r2)
downlink_mode = refLeading0;
else if (r3)
downlink_mode = ref1of4;
PrintAndLogEx(INFO, "Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : ""); if (block > 7 && block != REGULAR_READ_MODE_BLOCK) {
PrintAndLogEx(NORMAL, "Block must be between 0 and 7");
return PM3_ESOFT;
}
if (t55xxWrite(block, page1, usepwd, testMode, password, downlink_mode, data) != PM3_SUCCESS) { char pwdstr[16] = {0};
snprintf(pwdstr, sizeof(pwdstr), "pwd: 0x%08X", password);
PrintAndLogEx(INFO, "Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdstr : "");
if (t55xxWrite(block, page1, usepwd, testmode, password, downlink_mode, data) != PM3_SUCCESS) {
PrintAndLogEx(ERR, "Write failed"); PrintAndLogEx(ERR, "Write failed");
return PM3_ESOFT; return PM3_ESOFT;
} }
@ -2387,7 +2367,7 @@ static int CmdT55xxRestore(const char *Cmd) {
char pwdOpt [11] = {0}; // p XXXXXXXX char pwdOpt [11] = {0}; // p XXXXXXXX
if (usepwd) if (usepwd)
snprintf(pwdOpt, sizeof(pwdOpt), "p %08X", password); snprintf(pwdOpt, sizeof(pwdOpt), "-p %08X", password);
uint8_t idx; uint8_t idx;
// Restore endien for writing to card // Restore endien for writing to card
@ -2406,7 +2386,7 @@ static int CmdT55xxRestore(const char *Cmd) {
// write out blocks 1-7 page 0 // write out blocks 1-7 page 0
for (idx = 1; idx <= 7; idx++) { for (idx = 1; idx <= 7; idx++) {
snprintf(writeCmdOpt, sizeof(writeCmdOpt), "b %d d %08X %s", idx, data[idx], pwdOpt); snprintf(writeCmdOpt, sizeof(writeCmdOpt), "-b %d -d %08X %s", idx, data[idx], pwdOpt);
if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) { if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) {
PrintAndLogEx(WARNING, "Warning: error writing blk %d", idx); PrintAndLogEx(WARNING, "Warning: error writing blk %d", idx);
@ -2415,12 +2395,12 @@ static int CmdT55xxRestore(const char *Cmd) {
// if password was set on the "blank" update as we may have just changed it // if password was set on the "blank" update as we may have just changed it
if (usepwd) { if (usepwd) {
snprintf(pwdOpt, sizeof(pwdOpt), "p %08X", data[7]); snprintf(pwdOpt, sizeof(pwdOpt), "-p %08X", data[7]);
} }
// write out blocks 1-3 page 1 // write out blocks 1-3 page 1
for (idx = 9; idx <= 11; idx++) { for (idx = 9; idx <= 11; idx++) {
snprintf(writeCmdOpt, sizeof(writeCmdOpt), "b %d 1 d %08X %s", idx - 8, data[idx], pwdOpt); snprintf(writeCmdOpt, sizeof(writeCmdOpt), "-b %d --pg1 -d %08X %s", idx - 8, data[idx], pwdOpt);
if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) { if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) {
PrintAndLogEx(WARNING, "Warning: error writing blk %d", idx); PrintAndLogEx(WARNING, "Warning: error writing blk %d", idx);
@ -2431,7 +2411,7 @@ static int CmdT55xxRestore(const char *Cmd) {
config.downlink_mode = downlink_mode; config.downlink_mode = downlink_mode;
// Write the page 0 config // Write the page 0 config
snprintf(writeCmdOpt, sizeof(writeCmdOpt), "b 0 d %08X %s", data[0], pwdOpt); snprintf(writeCmdOpt, sizeof(writeCmdOpt), "-b 0 -d %08X %s", data[0], pwdOpt);
if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) { if (CmdT55xxWriteBlock(writeCmdOpt) != PM3_SUCCESS) {
PrintAndLogEx(WARNING, "Warning: error writing blk 0"); PrintAndLogEx(WARNING, "Warning: error writing blk 0");
} }
@ -2961,7 +2941,7 @@ static int CmdT55xxWipe(const char *Cmd) {
// Creating cmd string for write block :) // Creating cmd string for write block :)
char writeData[36] = {0}; char writeData[36] = {0};
char *ptrData = writeData; char *ptrData = writeData;
snprintf(ptrData, sizeof(writeData), "b 0 "); snprintf(ptrData, sizeof(writeData), "-b 0 ");
if (usepwd) { if (usepwd) {
snprintf(ptrData + strlen(writeData), sizeof(writeData) - strlen(writeData), "p %08x ", password); snprintf(ptrData + strlen(writeData), sizeof(writeData) - strlen(writeData), "p %08x ", password);
@ -2973,7 +2953,7 @@ static int CmdT55xxWipe(const char *Cmd) {
for (uint8_t blk = 1; blk < 8; blk++) { for (uint8_t blk = 1; blk < 8; blk++) {
snprintf(ptrData, sizeof(writeData), "b %d d 0", blk); snprintf(ptrData, sizeof(writeData), "-b %d -d 0", blk);
if (CmdT55xxWriteBlock(ptrData) != PM3_SUCCESS) if (CmdT55xxWriteBlock(ptrData) != PM3_SUCCESS)
PrintAndLogEx(WARNING, "Warning: error writing blk %d", blk); PrintAndLogEx(WARNING, "Warning: error writing blk %d", blk);
@ -2983,7 +2963,7 @@ static int CmdT55xxWipe(const char *Cmd) {
// Check and rest t55xx downlink mode. // Check and rest t55xx downlink mode.
if (config.downlink_mode != T55XX_DLMODE_FIXED) { // Detect found a different mode so card must support if (config.downlink_mode != T55XX_DLMODE_FIXED) { // Detect found a different mode so card must support
snprintf(ptrData, sizeof(writeData), "b 3 1 d 00000000"); snprintf(ptrData, sizeof(writeData), "-b 3 --pg1 -d 00000000");
if (CmdT55xxWriteBlock(ptrData) != PM3_SUCCESS) { if (CmdT55xxWriteBlock(ptrData) != PM3_SUCCESS) {
PrintAndLogEx(WARNING, "Warning: failed writing block 3 page 1 (config)"); PrintAndLogEx(WARNING, "Warning: failed writing block 3 page 1 (config)");
} }

12
doc/T5577_Guide.md
View file

@ -159,7 +159,7 @@ can see the card)
We use the d option to supply the data 12345678 We use the d option to supply the data 12345678
``` ```
[usb] pm3 --> lf t55xx write b 1 d 12345678 [usb] pm3 --> lf t55xx write -b 1 -d 12345678
``` ```
result: result:
``` ```
@ -205,7 +205,7 @@ can see the card)
Lets try and write 89ABCDEF Lets try and write 89ABCDEF
``` ```
[usb] pm3 --> lf t55xx write b 1 d 89abcdef [usb] pm3 --> lf t55xx write -b 1 -d 89abcdef
``` ```
result: result:
``` ```
@ -314,7 +314,7 @@ required, please do not proceed.
The password is saved in block 7 of page 0. The password is saved in block 7 of page 0.
``` ```
[usb] pm3 --> lf t55xx write b 7 d 12345678 [usb] pm3 --> lf t55xx write -b 7 -d 12345678
``` ```
result: result:
``` ```
@ -394,7 +394,7 @@ required, please do not proceed.
If you have completed all steps and have the exact same results, we are If you have completed all steps and have the exact same results, we are
ready to apply the new configuration. ready to apply the new configuration.
``` ```
[usb] pm3 --> lf t55xx write b 0 d 00088050 [usb] pm3 --> lf t55xx write -b 0 -d 00088050
``` ```
result: result:
``` ```
@ -435,7 +435,7 @@ required, please do not proceed.
7) Write a block of data with a password 7) Write a block of data with a password
``` ```
[usb] pm3 --> lf t55xx write b 1 d 1234abcd p 12345678 [usb] pm3 --> lf t55xx write -b 1 -d 1234abcd -p 12345678
``` ```
result: result:
``` ```
@ -494,7 +494,7 @@ required, please do not proceed.
In our examples we know what it should be : 00088040 In our examples we know what it should be : 00088040
``` ```
[usb] pm3 --> lf t55xx write b 0 d 00088040 p 12345678 [usb] pm3 --> lf t55xx write -b 0 -d 00088040 -p 12345678
``` ```
result: result:
``` ```

4
doc/cloner_notes.md
View file

@ -60,8 +60,8 @@ Standard password is normally (for T55xx): AA55BBBB
# Restore page1 data # Restore page1 data
``` ```
lf t55xx write b 1 d E0150A48 1 lf t55xx write -b 1 -d E0150A48 --pg1
If t55xx write b 2 d 2D782308 1 If t55xx write -b 2 -d 2D782308 --pg1
``` ```
# Sniffing the comms # Sniffing the comms