github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 04:50:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: lf t55 - fixes / read block uses NG

Browse source
This commit is contained in:
iceman1001 2019-05-22 11:59:39 -04:00
commit 794d109f30
5 changed files with 52 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

12
armsrc/appmain.c
View file

@ -826,8 +826,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint16_t len;
uint16_t gap;
} PACKED;
struct p *payload;
payload = (struct p*)packet->data.asBytes;
struct p *payload = (struct p*)packet->data.asBytes;
// length, start gap, led control
SimulateTagLowFrequency(payload->len, payload->gap, 1);
reply_ng(CMD_SIMULATE_TAG_125K, PM3_EOPABORTED, NULL, 0);
@ -846,7 +845,14 @@ static void PacketReceived(PacketCommandNG *packet) {
);
break;
case CMD_T55XX_READ_BLOCK: {
T55xxReadBlock(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2]);
struct p {
uint32_t password;
uint8_t blockno;
uint8_t page;
bool pwdmode;
} PACKED;
struct p* payload = (struct p*) packet->data.asBytes;
T55xxReadBlock(payload->page, payload->pwdmode, false, payload->blockno, payload->password);
break;
}
case CMD_T55XX_WRITE_BLOCK:

2
armsrc/apps.h
View file

@ -102,7 +102,7 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
void T55xxResetRead(void);
void T55xxWriteBlock(uint8_t *data);
void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd);
void T55xxWakeUp(uint32_t Pwd);
void T55xx_ChkPwds(void);

35
armsrc/lfops.c
View file

@ -1485,18 +1485,13 @@ void T55xxWriteBlock(uint8_t *data) {
}
// Read one card block in page [page]
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd) {
LED_A_ON();
bool PwdMode = arg0 & 0x1;
uint8_t Page = (arg0 & 0x2) >> 1;
bool brute_mem = arg0 & 0x4;
uint32_t i;
// regular read mode
bool RegReadMode = (Block == 0xFF);
bool regular_readmode = (block == 0xFF);
uint8_t start_wait = 4;
size_t samples = 12000;
uint32_t i;
if (brute_mem) {
start_wait = 0;
samples = 1024;
@ -1506,7 +1501,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
BigBuf_Clear_keep_EM();
//make sure block is at max 7
Block &= 0x7;
block &= 0x7;
// Set up FPGA, 125kHz to power up the tag
LFSetupFPGAForADC(95, true);
@ -1519,20 +1514,20 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
// Opcode 1[page]
T55xxWriteBit(1);
T55xxWriteBit(Page); //Page 0
T55xxWriteBit(page); //Page 0
if (PwdMode) {
if (pwd_mode) {
// Send Pwd
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(Pwd & i);
T55xxWriteBit(pwd & i);
}
// Send a zero bit separation
T55xxWriteBit(0);
// Send Block number (if direct access mode)
if (!RegReadMode)
if (!regular_readmode)
for (i = 0x04; i != 0; i >>= 1)
T55xxWriteBit(Block & i);
T55xxWriteBit(block & i);
// Turn field on to read the response
// 137*8 seems to get to the start of data pretty well...
@ -1546,7 +1541,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
// Turn the field off
if (!brute_mem) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
reply_old(CMD_ACK, 0, 0, 0, 0, 0);
reply_ng(CMD_T55XX_READ_BLOCK, PM3_SUCCESS, NULL, 0);
LED_A_OFF();
}
}
@ -1566,7 +1561,9 @@ void T55xx_ChkPwds() {
uint8_t x = 32;
while (x--) {
b1 = 0;
T55xxReadBlock(4, 1, 0);
// T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd)
T55xxReadBlock(0, 0, true, 1, 0);
for (uint16_t j = 0; j < 1024; ++j)
b1 += buf[j];
@ -1578,7 +1575,6 @@ void T55xx_ChkPwds() {
baseline >>= 5;
Dbprintf("[=] Baseline determined [%u]", baseline);
uint8_t *pwds = BigBuf_get_EM_addr();
uint16_t pwdCount = 0;
uint32_t candidate = 0;
@ -1612,8 +1608,7 @@ void T55xx_ChkPwds() {
pwd = bytes_to_num(pwds + i * 4, 4);
T55xxReadBlock(5, 0, pwd);
T55xxReadBlock(0, true, true, 0, pwd);
// calc mean of BigBuf 1024 samples.
uint32_t sum = 0;

14
client/cmdlfparadox.c
View file

@ -34,7 +34,7 @@ static int usage_lf_paradox_sim(void) {
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf paradox sim 123 11223");
return 0;
return PM3_SUCCESS;
}
//by marshmellow
@ -47,7 +47,7 @@ static int CmdParadoxDemod(const char *Cmd) {
size_t size = getFromGraphBuf(bits);
if (size == 0) {
PrintAndLogEx(DEBUG, "DEBUG: Error - Paradox not enough samples");
return 0;
return PM3_ESOFT;
}
uint32_t hi2 = 0, hi = 0, lo = 0;
@ -69,7 +69,7 @@ static int CmdParadoxDemod(const char *Cmd) {
else
PrintAndLogEx(DEBUG, "DEBUG: Error - Paradox error demoding fsk %d", idx);
return 0;
return PM3_ESOFT;
}
setDemodBuff(bits, size, idx);
@ -77,7 +77,7 @@ static int CmdParadoxDemod(const char *Cmd) {
if (hi2 == 0 && hi == 0 && lo == 0) {
PrintAndLogEx(DEBUG, "DEBUG: Error - Paradox no value found");
return 0;
return PM3_ESOFT;
}
uint32_t fc = ((hi & 0x3) << 6) | (lo >> 26);
@ -100,7 +100,7 @@ static int CmdParadoxDemod(const char *Cmd) {
if (g_debugMode)
printDemodBuff();
return 1;
return PM3_SUCCESS;
}
//by marshmellow
//see ASKDemod for what args are accepted
@ -127,7 +127,7 @@ static int CmdParadoxSim(const char *Cmd) {
facilitycode = (fc & 0x000000FF);
cardnumber = (cn & 0x0000FFFF);
// if ( !GetParadoxBits(facilitycode, cardnumber, bs)) {
// if ( GetParadoxBits(facilitycode, cardnumber, bs) != PM3_SUCCESS) {
// PrintAndLogEx(WARNING, "Error with tag bitstream generation.");
// return 1;
// }
@ -157,7 +157,7 @@ static command_t CommandTable[] = {
static int CmdHelp(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
CmdsHelp(CommandTable);
return 0;
return PM3_SUCCESS;
}
int CmdLFParadox(const char *Cmd) {

28
client/cmdlft55xx.c
View file

@ -541,7 +541,7 @@ static int CmdT55xxDetect(const char *Cmd) {
if (errors) return usage_t55xx_detect();
// sanity check.
if (!SanityOfflineCheck(useGB)) return PM3_ENODATA;
if (SanityOfflineCheck(useGB) != PM3_SUCCESS) return PM3_ENODATA;
if (!useGB) {
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password))
@ -1116,7 +1116,7 @@ static int CmdT55xxReadTrace(const char *Cmd) {
if (strlen(Cmd) == 0) {
// sanity check.
if (!SanityOfflineCheck(false)) return PM3_ENODATA;
if (SanityOfflineCheck(false) != PM3_SUCCESS) return PM3_ENODATA;
bool pwdmode = false;
uint32_t password = 0;
@ -1397,7 +1397,7 @@ static int CmdT55xxInfo(const char *Cmd) {
if (!frombuff && !gotdata) {
// sanity check.
if (!SanityOfflineCheck(false)) return PM3_ENODATA;
if (SanityOfflineCheck(false) != PM3_SUCCESS) return PM3_ENODATA;
bool pwdmode = false;
uint32_t password = 0;
@ -1521,14 +1521,26 @@ static int CmdT55xxDump(const char *Cmd) {
bool AquireData(uint8_t page, uint8_t block, bool pwdmode, uint32_t password) {
// arg0 bitmodes:
// bit0 = pwdmode
// bit1 = page to read from
// b0 = pwdmode
// b1 = page to read from
// b2 = brute_mem (armside function)
// arg1: which block to read
// arg2: password
uint8_t arg0 = (page << 1 | (pwdmode));
struct p {
uint32_t password;
uint8_t blockno;
uint8_t page;
bool pwdmode;
} PACKED;
struct p payload;
payload.password = password;
payload.blockno = block;
payload.page = page & 0x1;
payload.pwdmode = pwdmode;
clearCommandBuffer();
SendCommandMIX(CMD_T55XX_READ_BLOCK, arg0, block, password, NULL, 0);
if (!WaitForResponseTimeout(CMD_ACK, NULL, 2500)) {
SendCommandNG(CMD_T55XX_READ_BLOCK, (uint8_t*)&payload, sizeof(payload));
if (!WaitForResponseTimeout(CMD_T55XX_READ_BLOCK, NULL, 2500)) {
PrintAndLogEx(WARNING, "command execution time out");
return false;
}