github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

#makestyleday

Browse source
This commit is contained in:
Philippe Teuwen 2020-12-12 14:46:40 +01:00
commit 7cd80611d3
30 changed files with 381 additions and 381 deletions
Download patch file Download diff file Expand all files Collapse all files

20
armsrc/Standalone/lf_tharexde.c
View file

@ -88,7 +88,7 @@ static int get_input_data_from_file(uint32_t *words, char *inputfile) {
uint32_t size = size_in_spiffs(inputfile); uint32_t size = size_in_spiffs(inputfile);
uint8_t *mem = BigBuf_malloc(size); uint8_t *mem = BigBuf_malloc(size);
Dbprintf(_YELLOW_("found input file %s"), inputfile); Dbprintf(_YELLOW_("found input file %s"), inputfile);
rdv40_spiffs_read_as_filetype(inputfile, mem, size, RDV40_SPIFFS_SAFETY_SAFE); rdv40_spiffs_read_as_filetype(inputfile, mem, size, RDV40_SPIFFS_SAFETY_SAFE);
@ -153,7 +153,7 @@ void RunMod(void) {
if (button_pressed == BUTTON_SINGLE_CLICK) { if (button_pressed == BUTTON_SINGLE_CLICK) {
SpinUp(100); SpinUp(100);
switch (state) { switch (state) {
case STATE_SIM: case STATE_SIM:
@ -168,7 +168,7 @@ void RunMod(void) {
default: default:
break; break;
} }
state_change = true; state_change = true;
} else if (button_pressed == BUTTON_HOLD) { } else if (button_pressed == BUTTON_HOLD) {
@ -261,9 +261,9 @@ void RunMod(void) {
log_exists = exists_in_spiffs(LF_EM4X50BRUTE_LOGFILE); log_exists = exists_in_spiffs(LF_EM4X50BRUTE_LOGFILE);
now = get_input_data_from_file(passwords, LF_EM4X50BRUTE_INPUTFILE); now = get_input_data_from_file(passwords, LF_EM4X50BRUTE_INPUTFILE);
if (now == 2) { if (now == 2) {
// print some information // print some information
int no_iter = passwords[1] - passwords[0] + 1; int no_iter = passwords[1] - passwords[0] + 1;
int dur_s = no_iter / EM4X50_PWD_SPEED; int dur_s = no_iter / EM4X50_PWD_SPEED;
@ -277,7 +277,7 @@ void RunMod(void) {
no_iter, passwords[0], passwords[1]); no_iter, passwords[0], passwords[1]);
Dbprintf(_YELLOW_("estimated duration: %ih%im%is"), Dbprintf(_YELLOW_("estimated duration: %ih%im%is"),
dur_h, dur_m, dur_s); dur_h, dur_m, dur_s);
} else { } else {
Dbprintf(_RED_("error in input data")); Dbprintf(_RED_("error in input data"));
break; break;
@ -287,7 +287,7 @@ void RunMod(void) {
} }
pwd_found = em4x50_standalone_brute(passwords[0], passwords[1], &pwd); pwd_found = em4x50_standalone_brute(passwords[0], passwords[1], &pwd);
if (pwd_found == PM3_ETIMEOUT) { if (pwd_found == PM3_ETIMEOUT) {
// timeout -> no EM4x50 tag on reader? // timeout -> no EM4x50 tag on reader?
@ -313,15 +313,15 @@ void RunMod(void) {
strcat((char *)entry, "\n"); strcat((char *)entry, "\n");
append(LF_EM4X50BRUTE_LOGFILE, entry, strlen((char *)entry)); append(LF_EM4X50BRUTE_LOGFILE, entry, strlen((char *)entry));
} else { } else {
// stopped -> write to logfile // stopped -> write to logfile
sprintf((char *)entry, "stopped search - last password: 0x%08"PRIx32, pwd); sprintf((char *)entry, "stopped search - last password: 0x%08"PRIx32, pwd);
Dbprintf(_YELLOW_("%s"), entry); Dbprintf(_YELLOW_("%s"), entry);
strcat((char *)entry, "\n"); strcat((char *)entry, "\n");
append(LF_EM4X50BRUTE_LOGFILE, entry, strlen((char *)entry)); append(LF_EM4X50BRUTE_LOGFILE, entry, strlen((char *)entry));
// replace start password by last tested password in // replace start password by last tested password in
// inputfile (spiffs) so that brute forcing process will // inputfile (spiffs) so that brute forcing process will
// be continued when envoking brute force mode again // be continued when envoking brute force mode again

82
armsrc/em4x50.c
View file

@ -37,11 +37,11 @@
#define EM4X50_T_TAG_WAITING_FOR_SIGNAL 75 #define EM4X50_T_TAG_WAITING_FOR_SIGNAL 75
#define EM4X50_T_WAITING_FOR_DBLLIW 1550 #define EM4X50_T_WAITING_FOR_DBLLIW 1550
#define EM4X50_T_WAITING_FOR_SNGLLIW 140 // this value seems to be #define EM4X50_T_WAITING_FOR_SNGLLIW 140 // this value seems to be
// critical; // critical;
// if it's too low // if it's too low
// (e.g. < 120) some cards // (e.g. < 120) some cards
// are no longer readable // are no longer readable
// although they're ok // although they're ok
#define EM4X50_TAG_TOLERANCE 8 #define EM4X50_TAG_TOLERANCE 8
#define EM4X50_TAG_WORD 45 #define EM4X50_TAG_WORD 45
@ -65,18 +65,18 @@ static void wait_timer(uint32_t period) {
// extract and check parities // extract and check parities
// return result of parity check and extracted plain data // return result of parity check and extracted plain data
static bool extract_parities(uint64_t word, uint32_t *data) { static bool extract_parities(uint64_t word, uint32_t *data) {
uint8_t row_parities = 0x0, col_parities = 0x0; uint8_t row_parities = 0x0, col_parities = 0x0;
uint8_t row_parities_calculated = 0x0, col_parities_calculated = 0x0; uint8_t row_parities_calculated = 0x0, col_parities_calculated = 0x0;
*data = 0x0; *data = 0x0;
// extract plain data (32 bits) from raw word (45 bits) // extract plain data (32 bits) from raw word (45 bits)
for (int i = 0; i < 4; i++) { for (int i = 0; i < 4; i++) {
*data <<= 8; *data <<= 8;
*data |= (word >> ((4 - i) * 9 + 1)) & 0xFF; *data |= (word >> ((4 - i) * 9 + 1)) & 0xFF;
} }
// extract row parities (4 bits + stop bit) from raw word (45 bits) // extract row parities (4 bits + stop bit) from raw word (45 bits)
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
row_parities <<= 1; row_parities <<= 1;
@ -106,7 +106,7 @@ static bool extract_parities(uint64_t word, uint32_t *data) {
col_parities_calculated ^= (*data >> ((3 - j) * 8 + (7 - i))) & 0x1; col_parities_calculated ^= (*data >> ((3 - j) * 8 + (7 - i))) & 0x1;
} }
} }
if ((row_parities == row_parities_calculated) && (col_parities == col_parities_calculated)) if ((row_parities == row_parities_calculated) && (col_parities == col_parities_calculated))
return true; return true;
@ -191,7 +191,7 @@ static bool get_signalproperties(void) {
// about 2 samples per bit period // about 2 samples per bit period
wait_timer(T0 * EM4X50_T_TAG_HALF_PERIOD); wait_timer(T0 * EM4X50_T_TAG_HALF_PERIOD);
// ignore first samples // ignore first samples
if ((i > SIGNAL_IGNORE_FIRST_SAMPLES) && (AT91C_BASE_SSC->SSC_RHR > noise)) { if ((i > SIGNAL_IGNORE_FIRST_SAMPLES) && (AT91C_BASE_SSC->SSC_RHR > noise)) {
signal_found = true; signal_found = true;
@ -229,7 +229,7 @@ static bool get_signalproperties(void) {
gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100; gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100;
LED_A_OFF(); LED_A_OFF();
return true; return true;
} }
@ -290,7 +290,7 @@ static uint32_t get_pulse_length(void) {
// check if pulse length <pl> corresponds to given length <length> // check if pulse length <pl> corresponds to given length <length>
static bool check_pulse_length(uint32_t pl, int length) { static bool check_pulse_length(uint32_t pl, int length) {
return ((pl >= T0 * (length - EM4X50_TAG_TOLERANCE)) && (pl <= T0 * (length + EM4X50_TAG_TOLERANCE))); return ((pl >= T0 * (length - EM4X50_TAG_TOLERANCE)) && (pl <= T0 * (length + EM4X50_TAG_TOLERANCE)));
} }
// send single bit according to EM4x50 application note and datasheet // send single bit according to EM4x50 application note and datasheet
@ -346,12 +346,12 @@ static void em4x50_reader_send_byte_with_parity(uint8_t byte) {
// word hast be sent in msb notation // word hast be sent in msb notation
static void em4x50_reader_send_word(const uint32_t word) { static void em4x50_reader_send_word(const uint32_t word) {
uint8_t bytes[4] = {0x0, 0x0, 0x0, 0x0}; uint8_t bytes[4] = {0x0, 0x0, 0x0, 0x0};
for (int i = 0; i < 4; i++) { for (int i = 0; i < 4; i++) {
bytes[i] = (word >> (24 - (8 * i))) & 0xFF; bytes[i] = (word >> (24 - (8 * i))) & 0xFF;
em4x50_reader_send_byte_with_parity(bytes[i]); em4x50_reader_send_byte_with_parity(bytes[i]);
} }
// send column parities // send column parities
em4x50_reader_send_byte(bytes[0] ^ bytes[1] ^ bytes[2] ^ bytes[3]); em4x50_reader_send_byte(bytes[0] ^ bytes[1] ^ bytes[2] ^ bytes[3]);
@ -362,7 +362,7 @@ static void em4x50_reader_send_word(const uint32_t word) {
// find single listen window // find single listen window
static bool find_single_listen_window(void) { static bool find_single_listen_window(void) {
int cnt_pulses = 0; int cnt_pulses = 0;
LED_B_ON(); LED_B_ON();
while (cnt_pulses < EM4X50_T_WAITING_FOR_SNGLLIW) { while (cnt_pulses < EM4X50_T_WAITING_FOR_SNGLLIW) {
@ -392,7 +392,7 @@ static bool find_single_listen_window(void) {
// -> 34 words + 34 single listen windows -> about 1600 pulses // -> 34 words + 34 single listen windows -> about 1600 pulses
static int find_double_listen_window(bool bcommand) { static int find_double_listen_window(bool bcommand) {
int cnt_pulses = 0; int cnt_pulses = 0;
LED_B_ON(); LED_B_ON();
while (cnt_pulses < EM4X50_T_WAITING_FOR_DBLLIW) { while (cnt_pulses < EM4X50_T_WAITING_FOR_DBLLIW) {
@ -452,7 +452,7 @@ static int find_double_listen_window(bool bcommand) {
cnt_pulses++; cnt_pulses++;
} }
LED_B_OFF(); LED_B_OFF();
return PM3_EFAILED; return PM3_EFAILED;
} }
@ -480,7 +480,7 @@ static bool check_ack(bool bliw) {
if (BUTTON_PRESS()) if (BUTTON_PRESS())
return false; return false;
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) { if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
// The received signal is either ACK or NAK. // The received signal is either ACK or NAK.
@ -531,9 +531,9 @@ static int get_word_from_bitstream(uint32_t *data) {
int cnt = 0; int cnt = 0;
uint32_t pl = 0; uint32_t pl = 0;
uint64_t word = 0x0; uint64_t word = 0x0;
LED_C_ON(); LED_C_ON();
*data = 0x0; *data = 0x0;
// initial bit value depends on last pulse length of listen window // initial bit value depends on last pulse length of listen window
@ -561,7 +561,7 @@ static int get_word_from_bitstream(uint32_t *data) {
cnt++; cnt++;
word <<= 1; word <<= 1;
pl = get_pulse_length(); pl = get_pulse_length();
if (check_pulse_length(pl, EM4X50_T_TAG_FULL_PERIOD)) { if (check_pulse_length(pl, EM4X50_T_TAG_FULL_PERIOD)) {
@ -612,9 +612,9 @@ static int get_word_from_bitstream(uint32_t *data) {
return (extract_parities(word, data)) ? --cnt : 0; return (extract_parities(word, data)) ? --cnt : 0;
} }
} }
LED_C_OFF(); LED_C_OFF();
return PM3_EOPABORTED; return PM3_EOPABORTED;
} }
@ -696,7 +696,7 @@ bool em4x50_sim_send_word(uint32_t word) {
// word has tobe sent in msb, not lsb // word has tobe sent in msb, not lsb
word = reflect32(word); word = reflect32(word);
// 4 bytes each with even row parity bit // 4 bytes each with even row parity bit
for (int i = 0; i < 4; i++) { for (int i = 0; i < 4; i++) {
if (em4x50_sim_send_byte_with_parity((word >> ((3 - i) * 8)) & 0xFF) == false) { if (em4x50_sim_send_byte_with_parity((word >> ((3 - i) * 8)) & 0xFF) == false) {
@ -776,7 +776,7 @@ static bool login(uint32_t password) {
// send password // send password
em4x50_reader_send_word(password); em4x50_reader_send_word(password);
wait_timer(T0 * EM4X50_T_TAG_TPP); wait_timer(T0 * EM4X50_T_TAG_TPP);
// check if ACK is returned // check if ACK is returned
@ -799,7 +799,7 @@ static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
for (*pwd = start; *pwd <= stop; (*pwd)++) { for (*pwd = start; *pwd <= stop; (*pwd)++) {
if (login(*pwd) == PM3_SUCCESS) { if (login(*pwd) == PM3_SUCCESS) {
pwd_found = true; pwd_found = true;
// to be safe login 5 more times // to be safe login 5 more times
@ -809,11 +809,11 @@ static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
break; break;
} }
} }
if (pwd_found) if (pwd_found)
break; break;
} }
// print password every 500 iterations // print password every 500 iterations
if ((++cnt % 500) == 0) { if ((++cnt % 500) == 0) {
@ -827,10 +827,10 @@ static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
// print data // print data
Dbprintf("|%8i | 0x%08x | 0x%08x |", cnt, reflect32(*pwd), *pwd); Dbprintf("|%8i | 0x%08x | 0x%08x |", cnt, reflect32(*pwd), *pwd);
} }
if (BUTTON_PRESS()) if (BUTTON_PRESS())
break; break;
} }
// print footer // print footer
@ -852,7 +852,7 @@ void em4x50_login(uint32_t *password) {
reply_ng(CMD_LF_EM4X50_LOGIN, status, NULL, 0); reply_ng(CMD_LF_EM4X50_LOGIN, status, NULL, 0);
} }
// envoke password search // envoke password search
void em4x50_brute(em4x50_data_t *etd) { void em4x50_brute(em4x50_data_t *etd) {
em4x50_setup_read(); em4x50_setup_read();
@ -903,7 +903,7 @@ void em4x50_chk(uint8_t *filename) {
pwd = 0x0; pwd = 0x0;
for (int j = 0; j < 4; j++) for (int j = 0; j < 4; j++)
pwd |= (*(pwds + 4 * i + j)) << ((3 - j) * 8); pwd |= (*(pwds + 4 * i + j)) << ((3 - j) * 8);
if ((status = login(pwd)) == PM3_SUCCESS) if ((status = login(pwd)) == PM3_SUCCESS)
break; break;
} }
@ -1063,7 +1063,7 @@ void em4x50_reader(void) {
// writes <word> to specified <addresses> // writes <word> to specified <addresses>
static int write(uint32_t word, uint32_t addresses) { static int write(uint32_t word, uint32_t addresses) {
if (request_receive_mode() == PM3_SUCCESS) { if (request_receive_mode() == PM3_SUCCESS) {
// send write command // send write command
@ -1079,7 +1079,7 @@ static int write(uint32_t word, uint32_t addresses) {
reply_ng(CMD_LF_EM4X50_WRITE, PM3_ETEAROFF, NULL, 0); reply_ng(CMD_LF_EM4X50_WRITE, PM3_ETEAROFF, NULL, 0);
return PM3_ETEAROFF; return PM3_ETEAROFF;
} else { } else {
// wait for T0 * EM4X50_T_TAG_TWA (write access time) // wait for T0 * EM4X50_T_TAG_TWA (write access time)
wait_timer(T0 * EM4X50_T_TAG_TWA); wait_timer(T0 * EM4X50_T_TAG_TWA);
@ -1175,7 +1175,7 @@ void em4x50_write(em4x50_data_t *etd) {
// if password is given renew login after reset // if password is given renew login after reset
if (etd->pwd_given) if (etd->pwd_given)
status = login(etd->password1); status = login(etd->password1);
if (status == PM3_SUCCESS) { if (status == PM3_SUCCESS) {
// call a selective read // call a selective read
@ -1225,11 +1225,11 @@ void em4x50_sim(uint8_t *filename) {
int status = PM3_SUCCESS; int status = PM3_SUCCESS;
uint8_t *em4x50_mem = BigBuf_get_EM_addr(); uint8_t *em4x50_mem = BigBuf_get_EM_addr();
uint32_t words[EM4X50_NO_WORDS] = {0x0}; uint32_t words[EM4X50_NO_WORDS] = {0x0};
#ifdef WITH_FLASH #ifdef WITH_FLASH
if (strlen((char *)filename) != 0) { if (strlen((char *)filename) != 0) {
BigBuf_free(); BigBuf_free();
int changed = rdv40_spiffs_lazy_mount(); int changed = rdv40_spiffs_lazy_mount();
@ -1246,7 +1246,7 @@ void em4x50_sim(uint8_t *filename) {
for (int i = 0; i < EM4X50_NO_WORDS; i++) for (int i = 0; i < EM4X50_NO_WORDS; i++)
words[i] = reflect32(bytes_to_num(em4x50_mem + (i * 4), 4)); words[i] = reflect32(bytes_to_num(em4x50_mem + (i * 4), 4));
// only if valid em4x50 data (e.g. uid == serial) // only if valid em4x50 data (e.g. uid == serial)
if (words[EM4X50_DEVICE_SERIAL] != words[EM4X50_DEVICE_ID]) { if (words[EM4X50_DEVICE_SERIAL] != words[EM4X50_DEVICE_ID]) {
@ -1261,7 +1261,7 @@ void em4x50_sim(uint8_t *filename) {
// iceman, will need a usb cmd check to break as well // iceman, will need a usb cmd check to break as well
while (BUTTON_PRESS() == false) { while (BUTTON_PRESS() == false) {
WDT_HIT(); WDT_HIT();
em4x50_sim_send_listen_window(); em4x50_sim_send_listen_window();
for (int i = fwr; i <= lwr; i++) { for (int i = fwr; i <= lwr; i++) {
@ -1277,7 +1277,7 @@ void em4x50_sim(uint8_t *filename) {
} else { } else {
status = PM3_ENODATA; status = PM3_ENODATA;
} }
BigBuf_free(); BigBuf_free();
lf_finalize(); lf_finalize();
reply_ng(CMD_LF_EM4X50_SIM, status, NULL, 0); reply_ng(CMD_LF_EM4X50_SIM, status, NULL, 0);

153
armsrc/em4x70.c
View file

@ -70,7 +70,7 @@ static int em4x70_receive(uint8_t *bits);
static bool find_listen_window(bool command); static bool find_listen_window(bool command);
static void init_tag(void) { static void init_tag(void) {
memset(tag.data, 0x00, sizeof(tag.data)/sizeof(tag.data[0])); memset(tag.data, 0x00, sizeof(tag.data) / sizeof(tag.data[0]));
} }
static void EM4170_setup_read(void) { static void EM4170_setup_read(void) {
@ -114,7 +114,7 @@ static bool get_signalproperties(void) {
uint8_t sample_max_mean = 0; uint8_t sample_max_mean = 0;
uint8_t sample_max[no_periods]; uint8_t sample_max[no_periods];
uint32_t sample_max_sum = 0; uint32_t sample_max_sum = 0;
memset(sample_max, 0x00, sizeof(sample_max)); memset(sample_max, 0x00, sizeof(sample_max));
// wait until signal/noise > 1 (max. 32 periods) // wait until signal/noise > 1 (max. 32 periods)
@ -158,7 +158,7 @@ static bool get_signalproperties(void) {
gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100; gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100;
// Basic sanity check // Basic sanity check
if(gHigh - gLow < EM4X70_MIN_AMPLITUDE) { if (gHigh - gLow < EM4X70_MIN_AMPLITUDE) {
return false; return false;
} }
@ -168,9 +168,9 @@ static bool get_signalproperties(void) {
/** /**
* get_pulse_length * get_pulse_length
* *
* Times falling edge pulses * Times falling edge pulses
*/ */
static uint32_t get_pulse_length(void) { static uint32_t get_pulse_length(void) {
uint8_t sample; uint8_t sample;
@ -178,7 +178,7 @@ static uint32_t get_pulse_length(void) {
do { do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_HIGH(sample) && !IS_TIMEOUT(timeout)); } while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout)) if (IS_TIMEOUT(timeout))
return 0; return 0;
@ -188,7 +188,7 @@ static uint32_t get_pulse_length(void) {
do { do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_LOW(sample) && !IS_TIMEOUT(timeout)); } while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout)) if (IS_TIMEOUT(timeout))
return 0; return 0;
@ -196,7 +196,7 @@ static uint32_t get_pulse_length(void) {
timeout = (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD) + GetTicks(); timeout = (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD) + GetTicks();
do { do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_HIGH(sample) && !IS_TIMEOUT(timeout)); } while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout)) if (IS_TIMEOUT(timeout))
return 0; return 0;
@ -206,10 +206,10 @@ static uint32_t get_pulse_length(void) {
/** /**
* get_pulse_invert_length * get_pulse_invert_length
* *
* Times rising edge pules * Times rising edge pules
* TODO: convert to single function with get_pulse_length() * TODO: convert to single function with get_pulse_length()
*/ */
static uint32_t get_pulse_invert_length(void) { static uint32_t get_pulse_invert_length(void) {
uint8_t sample; uint8_t sample;
@ -217,7 +217,7 @@ static uint32_t get_pulse_invert_length(void) {
do { do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_LOW(sample) && !IS_TIMEOUT(timeout)); } while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout)) if (IS_TIMEOUT(timeout))
return 0; return 0;
@ -227,7 +227,7 @@ static uint32_t get_pulse_invert_length(void) {
do { do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_HIGH(sample) && !IS_TIMEOUT(timeout)); } while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout)) if (IS_TIMEOUT(timeout))
return 0; return 0;
@ -235,7 +235,7 @@ static uint32_t get_pulse_invert_length(void) {
timeout = GetTicks() + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); timeout = GetTicks() + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD);
do { do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_LOW(sample) && !IS_TIMEOUT(timeout)); } while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout)) if (IS_TIMEOUT(timeout))
return 0; return 0;
@ -279,9 +279,9 @@ static void em4x70_send_bit(bool bit) {
/** /**
* em4x70_send_nibble * em4x70_send_nibble
* *
* sends 4 bits of data + 1 bit of parity (with_parity) * sends 4 bits of data + 1 bit of parity (with_parity)
* *
*/ */
static void em4x70_send_nibble(uint8_t nibble, bool with_parity) { static void em4x70_send_nibble(uint8_t nibble, bool with_parity) {
int parity = 0; int parity = 0;
@ -289,16 +289,16 @@ static void em4x70_send_nibble(uint8_t nibble, bool with_parity) {
// Non automotive EM4x70 based tags are 3 bits + 1 parity. // Non automotive EM4x70 based tags are 3 bits + 1 parity.
// So drop the MSB and send a parity bit instead after the command // So drop the MSB and send a parity bit instead after the command
if(command_parity) if (command_parity)
msb_bit = 1; msb_bit = 1;
for (int i = msb_bit; i < 4; i++) { for (int i = msb_bit; i < 4; i++) {
int bit = (nibble >> (3 - i)) & 1; int bit = (nibble >> (3 - i)) & 1;
em4x70_send_bit(bit); em4x70_send_bit(bit);
parity ^= bit; parity ^= bit;
} }
if(with_parity) if (with_parity)
em4x70_send_bit(parity); em4x70_send_bit(parity);
} }
@ -313,8 +313,8 @@ static void em4x70_send_word(const uint16_t word) {
// Split into nibbles // Split into nibbles
uint8_t nibbles[4]; uint8_t nibbles[4];
uint8_t j = 0; uint8_t j = 0;
for(int i = 0; i < 2; i++) { for (int i = 0; i < 2; i++) {
uint8_t byte = (word >> (8*i)) & 0xff; uint8_t byte = (word >> (8 * i)) & 0xff;
nibbles[j++] = (byte >> 4) & 0xf; nibbles[j++] = (byte >> 4) & 0xf;
nibbles[j++] = byte & 0xf; nibbles[j++] = byte & 0xf;
} }
@ -369,13 +369,13 @@ static int send_pin(const uint32_t pin) {
em4x70_send_nibble(EM4X70_COMMAND_PIN, true); em4x70_send_nibble(EM4X70_COMMAND_PIN, true);
// --> Send TAG ID (bytes 4-7) // --> Send TAG ID (bytes 4-7)
for(int i=0; i < 4; i++) { for (int i = 0; i < 4; i++) {
em4x70_send_byte(tag.data[7-i]); em4x70_send_byte(tag.data[7 - i]);
} }
// --> Send PIN // --> Send PIN
for(int i=0; i < 4 ; i++) { for (int i = 0; i < 4 ; i++) {
em4x70_send_byte((pin>>(i*8)) & 0xff); em4x70_send_byte((pin >> (i * 8)) & 0xff);
} }
// Wait TWALB (write access lock bits) // Wait TWALB (write access lock bits)
@ -389,7 +389,7 @@ static int send_pin(const uint32_t pin) {
// <-- Receive header + ID // <-- Receive header + ID
uint8_t tag_id[64]; uint8_t tag_id[64];
int num = em4x70_receive(tag_id); int num = em4x70_receive(tag_id);
if(num < 32) { if (num < 32) {
Dbprintf("Invalid ID Received"); Dbprintf("Invalid ID Received");
return PM3_ESOFT; return PM3_ESOFT;
} }
@ -415,7 +415,7 @@ static int write(const uint16_t word, const uint8_t address) {
// send data word // send data word
em4x70_send_word(word); em4x70_send_word(word);
// Wait TWA // Wait TWA
WaitTicks(TICKS_PER_FC * EM4X70_T_TAG_TWA); WaitTicks(TICKS_PER_FC * EM4X70_T_TAG_TWA);
// look for ACK sequence // look for ACK sequence
@ -435,9 +435,9 @@ static int write(const uint16_t word, const uint8_t address) {
static bool find_listen_window(bool command) { static bool find_listen_window(bool command) {
int cnt = 0; int cnt = 0;
while(cnt < EM4X70_T_WAITING_FOR_SNGLLIW) { while (cnt < EM4X70_T_WAITING_FOR_SNGLLIW) {
/* /*
80 ( 64 + 16 ) 80 ( 64 + 16 )
80 ( 64 + 16 ) 80 ( 64 + 16 )
@ -445,26 +445,25 @@ static bool find_listen_window(bool command) {
96 ( 64 + 32 ) 96 ( 64 + 32 )
64 ( 32 + 16 +16 )*/ 64 ( 32 + 16 +16 )*/
if ( check_pulse_length(get_pulse_invert_length(), 80) && if (check_pulse_length(get_pulse_invert_length(), 80) &&
check_pulse_length(get_pulse_invert_length(), 80) && check_pulse_length(get_pulse_invert_length(), 80) &&
check_pulse_length(get_pulse_length(), 96) && check_pulse_length(get_pulse_length(), 96) &&
check_pulse_length(get_pulse_length(), 64) ) check_pulse_length(get_pulse_length(), 64)) {
{
if(command) { if (command) {
/* Here we are after the 64 duration edge. /* Here we are after the 64 duration edge.
* em4170 says we need to wait about 48 RF clock cycles. * em4170 says we need to wait about 48 RF clock cycles.
* depends on the delay between tag and us * depends on the delay between tag and us
* *
* I've found between 4-5 quarter periods (32-40) works best * I've found between 4-5 quarter periods (32-40) works best
*/ */
WaitTicks(TICKS_PER_FC * 4 * EM4X70_T_TAG_QUARTER_PERIOD); WaitTicks(TICKS_PER_FC * 4 * EM4X70_T_TAG_QUARTER_PERIOD);
// Send RM Command // Send RM Command
em4x70_send_bit(0); em4x70_send_bit(0);
em4x70_send_bit(0); em4x70_send_bit(0);
}
return true;
} }
return true;
}
cnt++; cnt++;
} }
@ -472,17 +471,17 @@ static bool find_listen_window(bool command) {
} }
static void bits2bytes(const uint8_t *bits, int length, uint8_t *out) { static void bits2bytes(const uint8_t *bits, int length, uint8_t *out) {
if(length%8 != 0) { if (length % 8 != 0) {
Dbprintf("Should have a multiple of 8 bits, was sent %d", length); Dbprintf("Should have a multiple of 8 bits, was sent %d", length);
} }
int num_bytes = length / 8; // We should have a multiple of 8 here int num_bytes = length / 8; // We should have a multiple of 8 here
for(int i=1; i <= num_bytes; i++) { for (int i = 1; i <= num_bytes; i++) {
out[num_bytes-i] = bits2byte(bits, 8); out[num_bytes - i] = bits2byte(bits, 8);
bits += 8; bits += 8;
} }
} }
static uint8_t bits2byte(const uint8_t *bits, int length) { static uint8_t bits2byte(const uint8_t *bits, int length) {
@ -501,16 +500,16 @@ static uint8_t bits2byte(const uint8_t *bits, int length) {
} }
static bool send_command_and_read(uint8_t command, uint8_t resp_len_bits, uint8_t *out_bytes) { static bool send_command_and_read(uint8_t command, uint8_t resp_len_bits, uint8_t *out_bytes) {
int retries = EM4X70_COMMAND_RETRIES; int retries = EM4X70_COMMAND_RETRIES;
while(retries) { while (retries) {
retries--; retries--;
if(find_listen_window(true)) { if (find_listen_window(true)) {
uint8_t bits[EM4X70_MAX_RECEIVE_LENGTH] = {0}; uint8_t bits[EM4X70_MAX_RECEIVE_LENGTH] = {0};
em4x70_send_nibble(command, command_parity); em4x70_send_nibble(command, command_parity);
int len = em4x70_receive(bits); int len = em4x70_receive(bits);
if(len < resp_len_bits) { if (len < resp_len_bits) {
Dbprintf("Invalid data received length: %d", len); Dbprintf("Invalid data received length: %d", len);
return false; return false;
} }
@ -525,9 +524,9 @@ static bool send_command_and_read(uint8_t command, uint8_t resp_len_bits, uint8_
/** /**
* em4x70_read_id * em4x70_read_id
* *
* read pre-programmed ID (4 bytes) * read pre-programmed ID (4 bytes)
*/ */
static bool em4x70_read_id(void) { static bool em4x70_read_id(void) {
return send_command_and_read(EM4X70_COMMAND_ID, 32, &tag.data[4]); return send_command_and_read(EM4X70_COMMAND_ID, 32, &tag.data[4]);
@ -536,7 +535,7 @@ static bool em4x70_read_id(void) {
/** /**
* em4x70_read_um1 * em4x70_read_um1
* *
* read user memory 1 (4 bytes including lock bits) * read user memory 1 (4 bytes including lock bits)
*/ */
static bool em4x70_read_um1(void) { static bool em4x70_read_um1(void) {
@ -548,7 +547,7 @@ static bool em4x70_read_um1(void) {
/** /**
* em4x70_read_um2 * em4x70_read_um2
* *
* read user memory 2 (8 bytes) * read user memory 2 (8 bytes)
*/ */
static bool em4x70_read_um2(void) { static bool em4x70_read_um2(void) {
@ -573,28 +572,28 @@ static int em4x70_receive(uint8_t *bits) {
// Read out the header // Read out the header
// 12 Manchester 1's (may miss some during settle period) // 12 Manchester 1's (may miss some during settle period)
// 4 Manchester 0's // 4 Manchester 0's
// Skip a few leading 1's as it could be noisy // Skip a few leading 1's as it could be noisy
WaitTicks(TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD); WaitTicks(TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD);
// wait until we get the transition from 1's to 0's which is 1.5 full windows // wait until we get the transition from 1's to 0's which is 1.5 full windows
int pulse_count = 0; int pulse_count = 0;
while(pulse_count < 12){ while (pulse_count < 12) {
pl = get_pulse_invert_length(); pl = get_pulse_invert_length();
pulse_count++; pulse_count++;
if(check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD)) { if (check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD)) {
foundheader = true; foundheader = true;
break; break;
} }
} }
if(!foundheader) { if (!foundheader) {
Dbprintf("Failed to find read header"); Dbprintf("Failed to find read header");
return 0; return 0;
} }
// Skip next 3 0's, header check consumes the first 0 // Skip next 3 0's, header check consumes the first 0
for(int i = 0; i < 3; i++) { for (int i = 0; i < 3; i++) {
get_pulse_invert_length(); get_pulse_invert_length();
} }
@ -602,7 +601,7 @@ static int em4x70_receive(uint8_t *bits) {
// between two listen windows only pulse lengths of 1, 1.5 and 2 are possible // between two listen windows only pulse lengths of 1, 1.5 and 2 are possible
while (bit_pos < EM4X70_MAX_RECEIVE_LENGTH) { while (bit_pos < EM4X70_MAX_RECEIVE_LENGTH) {
if(edge) if (edge)
pl = get_pulse_length(); pl = get_pulse_length();
else else
pl = get_pulse_invert_length(); pl = get_pulse_invert_length();
@ -615,7 +614,7 @@ static int em4x70_receive(uint8_t *bits) {
} else if (check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD)) { } else if (check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD)) {
// pulse length = 1.5 -> flip edge detection // pulse length = 1.5 -> flip edge detection
if(edge) { if (edge) {
bits[bit_pos++] = 0; bits[bit_pos++] = 0;
bits[bit_pos++] = 0; bits[bit_pos++] = 0;
edge = 0; edge = 0;
@ -628,7 +627,7 @@ static int em4x70_receive(uint8_t *bits) {
} else if (check_pulse_length(pl, 2 * EM4X70_T_TAG_FULL_PERIOD)) { } else if (check_pulse_length(pl, 2 * EM4X70_T_TAG_FULL_PERIOD)) {
// pulse length of 2 // pulse length of 2
if(edge) { if (edge) {
bits[bit_pos++] = 0; bits[bit_pos++] = 0;
bits[bit_pos++] = 1; bits[bit_pos++] = 1;
} else { } else {
@ -636,8 +635,8 @@ static int em4x70_receive(uint8_t *bits) {
bits[bit_pos++] = 0; bits[bit_pos++] = 0;
} }
} else if ( (edge && check_pulse_length(pl, 3 * EM4X70_T_TAG_FULL_PERIOD)) || } else if ((edge && check_pulse_length(pl, 3 * EM4X70_T_TAG_FULL_PERIOD)) ||
(!edge && check_pulse_length(pl, 80))) { (!edge && check_pulse_length(pl, 80))) {
// LIW detected (either invert or normal) // LIW detected (either invert or normal)
return --bit_pos; return --bit_pos;
@ -651,7 +650,7 @@ static int em4x70_receive(uint8_t *bits) {
void em4x70_info(em4x70_data_t *etd) { void em4x70_info(em4x70_data_t *etd) {
uint8_t status = 0; uint8_t status = 0;
// Support tags with and without command parity bits // Support tags with and without command parity bits
command_parity = etd->parity; command_parity = etd->parity;
@ -680,11 +679,11 @@ void em4x70_write(em4x70_data_t *etd) {
// Find the Tag // Find the Tag
if (get_signalproperties() && find_EM4X70_Tag()) { if (get_signalproperties() && find_EM4X70_Tag()) {
// Write // Write
status = write(etd->word, etd->address) == PM3_SUCCESS; status = write(etd->word, etd->address) == PM3_SUCCESS;
if(status) { if (status) {
// Read Tag after writing // Read Tag after writing
em4x70_read_id(); em4x70_read_id();
em4x70_read_um1(); em4x70_read_um1();
@ -709,15 +708,15 @@ void em4x70_unlock(em4x70_data_t *etd) {
// Find the Tag // Find the Tag
if (get_signalproperties() && find_EM4X70_Tag()) { if (get_signalproperties() && find_EM4X70_Tag()) {
// Read ID (required for send_pin command) // Read ID (required for send_pin command)
if(em4x70_read_id()) { if (em4x70_read_id()) {
// Send PIN // Send PIN
status = send_pin(etd->pin) == PM3_SUCCESS; status = send_pin(etd->pin) == PM3_SUCCESS;
// If the write succeeded, read the rest of the tag // If the write succeeded, read the rest of the tag
if(status) { if (status) {
// Read Tag // Read Tag
// ID doesn't change // ID doesn't change
em4x70_read_um1(); em4x70_read_um1();

34
armsrc/iso15693.c
View file

@ -1727,7 +1727,7 @@ void SimTagIso15693(uint8_t *uid) {
if ((cmd_len >= 5) && (cmd[0] & ISO15_REQ_INVENTORY) && (cmd[1] == ISO15_CMD_INVENTORY)) { if ((cmd_len >= 5) && (cmd[0] & ISO15_REQ_INVENTORY) && (cmd[1] == ISO15_CMD_INVENTORY)) {
bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH); bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH);
uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM; uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM;
// Build INVENTORY command // Build INVENTORY command
uint8_t resp_inv[CMD_INV_RESP] = {0}; uint8_t resp_inv[CMD_INV_RESP] = {0};
@ -1743,30 +1743,30 @@ void SimTagIso15693(uint8_t *uid) {
resp_inv[7] = uid[2]; resp_inv[7] = uid[2];
resp_inv[8] = uid[1]; resp_inv[8] = uid[1];
resp_inv[9] = uid[0]; resp_inv[9] = uid[0];
// CRC // CRC
AddCrc15(resp_inv, 10); AddCrc15(resp_inv, 10);
CodeIso15693AsTag(resp_inv, CMD_INV_RESP); CodeIso15693AsTag(resp_inv, CMD_INV_RESP);
tosend_t *ts = get_tosend(); tosend_t *ts = get_tosend();
TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow); TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow);
LogTrace_ISO15693(resp_inv, CMD_INV_RESP, response_time * 32, (response_time * 32) + (ts->max * 32 * 64), NULL, false); LogTrace_ISO15693(resp_inv, CMD_INV_RESP, response_time * 32, (response_time * 32) + (ts->max * 32 * 64), NULL, false);
chip_state = SELECTED; chip_state = SELECTED;
} }
// GET_SYSTEM_INFO // GET_SYSTEM_INFO
if ((cmd[1] == ISO15_CMD_SYSINFO)) { if ((cmd[1] == ISO15_CMD_SYSINFO)) {
bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH); bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH);
uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM; uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM;
// Build GET_SYSTEM_INFO command // Build GET_SYSTEM_INFO command
uint8_t resp_sysinfo[CMD_SYSINFO_RESP] = {0}; uint8_t resp_sysinfo[CMD_SYSINFO_RESP] = {0};
resp_sysinfo[0] = 0; // Response flags. resp_sysinfo[0] = 0; // Response flags.
resp_sysinfo[1] = 0x0F; // Information flags (0x0F - DSFID, AFI, Mem size, IC) resp_sysinfo[1] = 0x0F; // Information flags (0x0F - DSFID, AFI, Mem size, IC)
// 64-bit UID // 64-bit UID
resp_sysinfo[2] = uid[7]; resp_sysinfo[2] = uid[7];
resp_sysinfo[3] = uid[6]; resp_sysinfo[3] = uid[6];
@ -1776,42 +1776,42 @@ void SimTagIso15693(uint8_t *uid) {
resp_sysinfo[7] = uid[2]; resp_sysinfo[7] = uid[2];
resp_sysinfo[8] = uid[1]; resp_sysinfo[8] = uid[1];
resp_sysinfo[9] = uid[0]; resp_sysinfo[9] = uid[0];
resp_sysinfo[10] = 0; // DSFID resp_sysinfo[10] = 0; // DSFID
resp_sysinfo[11] = 0; // AFI resp_sysinfo[11] = 0; // AFI
resp_sysinfo[12] = 0x1B; // Memory size. resp_sysinfo[12] = 0x1B; // Memory size.
resp_sysinfo[13] = 0x03; // Memory size. resp_sysinfo[13] = 0x03; // Memory size.
resp_sysinfo[14] = 0x01; // IC reference. resp_sysinfo[14] = 0x01; // IC reference.
// CRC // CRC
AddCrc15(resp_sysinfo, 15); AddCrc15(resp_sysinfo, 15);
CodeIso15693AsTag(resp_sysinfo, CMD_SYSINFO_RESP); CodeIso15693AsTag(resp_sysinfo, CMD_SYSINFO_RESP);
tosend_t *ts = get_tosend(); tosend_t *ts = get_tosend();
TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow); TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow);
LogTrace_ISO15693(resp_sysinfo, CMD_SYSINFO_RESP, response_time * 32, (response_time * 32) + (ts->max * 32 * 64), NULL, false); LogTrace_ISO15693(resp_sysinfo, CMD_SYSINFO_RESP, response_time * 32, (response_time * 32) + (ts->max * 32 * 64), NULL, false);
} }
// READ_BLOCK // READ_BLOCK
if ((cmd[1] == ISO15_CMD_READ)) { if ((cmd[1] == ISO15_CMD_READ)) {
bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH); bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH);
uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM; uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM;
// Build GET_SYSTEM_INFO command // Build GET_SYSTEM_INFO command
uint8_t resp_readblock[CMD_READBLOCK_RESP] = {0}; uint8_t resp_readblock[CMD_READBLOCK_RESP] = {0};
resp_readblock[0] = 0; // Response flags. resp_readblock[0] = 0; // Response flags.
resp_readblock[1] = 0; // Block data. resp_readblock[1] = 0; // Block data.
resp_readblock[2] = 0; // Block data. resp_readblock[2] = 0; // Block data.
resp_readblock[3] = 0; // Block data. resp_readblock[3] = 0; // Block data.
resp_readblock[4] = 0; // Block data. resp_readblock[4] = 0; // Block data.
// CRC // CRC
AddCrc15(resp_readblock, 5); AddCrc15(resp_readblock, 5);
CodeIso15693AsTag(resp_readblock, CMD_READBLOCK_RESP); CodeIso15693AsTag(resp_readblock, CMD_READBLOCK_RESP);
tosend_t *ts = get_tosend(); tosend_t *ts = get_tosend();
TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow); TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow);

2
armsrc/lfsampling.c
View file

@ -515,7 +515,7 @@ void doCotagAcquisition(void) {
if (BUTTON_PRESS()) if (BUTTON_PRESS())
break; break;
if (checker == 4000) { if (checker == 4000) {
if (data_available()) if (data_available())
break; break;

36
client/src/cmdhf14a.c
View file

@ -2135,7 +2135,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
"Tag must be on antenna before running.", "Tag must be on antenna before running.",
"hf 14a apdufuzz\n" "hf 14a apdufuzz\n"
"hf 14a apdufuzz --cla 80\n" "hf 14a apdufuzz --cla 80\n"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -2143,7 +2143,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
arg_str0(NULL, "ins", "<hex>", "start INSTRUCTION value (1 hex byte)"), arg_str0(NULL, "ins", "<hex>", "start INSTRUCTION value (1 hex byte)"),
arg_str0(NULL, "p1", "<hex>", "start P1 value (1 hex byte)"), arg_str0(NULL, "p1", "<hex>", "start P1 value (1 hex byte)"),
arg_str0(NULL, "p2", "<hex>", "start P2 value (1 hex byte)"), arg_str0(NULL, "p2", "<hex>", "start P2 value (1 hex byte)"),
arg_str0(NULL, "le", "<hex>", "start LENGTH value (1 hex byte)"), arg_str0(NULL, "le", "<hex>", "start LENGTH value (1 hex byte)"),
arg_lit0("v", "verbose", "verbose output"), arg_lit0("v", "verbose", "verbose output"),
arg_param_end arg_param_end
}; };
@ -2152,7 +2152,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
int cla_len = 0; int cla_len = 0;
uint8_t cla[1] = {0}; uint8_t cla[1] = {0};
CLIGetHexWithReturn(ctx, 1, cla, &cla_len); CLIGetHexWithReturn(ctx, 1, cla, &cla_len);
int ins_len = 0; int ins_len = 0;
uint8_t ins[1] = {0}; uint8_t ins[1] = {0};
CLIGetHexWithReturn(ctx, 2, ins, &ins_len); CLIGetHexWithReturn(ctx, 2, ins, &ins_len);
@ -2176,12 +2176,12 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
bool keep_field_on = true; bool keep_field_on = true;
uint8_t a = cla[0]; uint8_t a = cla[0];
uint8_t b = ins[0]; uint8_t b = ins[0];
uint8_t c = p1[0]; uint8_t c = p1[0];
uint8_t d = p2[0]; uint8_t d = p2[0];
uint8_t e = le[0]; uint8_t e = le[0];
PrintAndLogEx(SUCCESS, "Starting the apdu fuzzer [ CLA " _GREEN_("%02X") " INS " _GREEN_("%02X") " P1 " _GREEN_("%02X") " P2 " _GREEN_("%02X") " LE " _GREEN_("%02x")" ]", a,b,c,d,e); PrintAndLogEx(SUCCESS, "Starting the apdu fuzzer [ CLA " _GREEN_("%02X") " INS " _GREEN_("%02X") " P1 " _GREEN_("%02X") " P2 " _GREEN_("%02X") " LE " _GREEN_("%02x")" ]", a, b, c, d, e);
PrintAndLogEx(INFO, "Press " _GREEN_("<Enter>") " to exit"); PrintAndLogEx(INFO, "Press " _GREEN_("<Enter>") " to exit");
uint8_t response[PM3_CMD_DATA_SIZE]; uint8_t response[PM3_CMD_DATA_SIZE];
@ -2210,7 +2210,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
} }
uint8_t foo[5] = {a, b, c, d, e}; uint8_t foo[5] = {a, b, c, d, e};
int foo_n = sizeof(foo); int foo_n = sizeof(foo);
if (verbose) { if (verbose) {
PrintAndLogEx(INFO, "%s", sprint_hex(foo, sizeof(foo))); PrintAndLogEx(INFO, "%s", sprint_hex(foo, sizeof(foo)));
@ -2218,34 +2218,34 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
res = ExchangeAPDU14a(foo, foo_n, activate_field, keep_field_on, response, sizeof(response), &resplen); res = ExchangeAPDU14a(foo, foo_n, activate_field, keep_field_on, response, sizeof(response), &resplen);
if (res) { if (res) {
e++; e++;
continue; continue;
} }
uint16_t sw = get_sw(response, resplen); uint16_t sw = get_sw(response, resplen);
if (sw != 0x6a86 && if (sw != 0x6a86 &&
sw != 0x6986 && sw != 0x6986 &&
sw != 0x6d00 sw != 0x6d00
) { ) {
PrintAndLogEx(INFO, "%02X %02X %02X %02X %02X (%04x - %s)", a,b,c,d,e, sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); PrintAndLogEx(INFO, "%02X %02X %02X %02X %02X (%04x - %s)", a, b, c, d, e, sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
} }
e++; e++;
if (verbose) { if (verbose) {
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e); PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} }
} while (e); } while (e);
d++; d++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e); PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while (d); } while (d);
c++; c++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e); PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while (c); } while (c);
b++; b++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e); PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while (b); } while (b);
a++; a++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e); PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while(a); } while (a);
out: out:
PrintAndLogEx(SUCCESS, "time: %" PRIu64 " seconds\n", (msclock() - t1) / 1000); PrintAndLogEx(SUCCESS, "time: %" PRIu64 " seconds\n", (msclock() - t1) / 1000);

16
client/src/cmdhficlass.c
View file

@ -624,7 +624,7 @@ static int CmdHFiClassReader(const char *Cmd) {
CLIParserInit(&ctx, "hf iclass reader", CLIParserInit(&ctx, "hf iclass reader",
"Act as a iCLASS reader. Look for iCLASS tags until Enter or the pm3 button is pressed", "Act as a iCLASS reader. Look for iCLASS tags until Enter or the pm3 button is pressed",
"hf iclass reader -@ -> continuous reader mode" "hf iclass reader -@ -> continuous reader mode"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -1700,7 +1700,7 @@ static int CmdHFiClassRestore(const char *Cmd) {
"hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 --ki 0\n" "hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 --ki 0\n"
"hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 --ki 0 --elite\n" "hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 --ki 0 --elite\n"
"hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 -k 1122334455667788 --elite\n" "hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 -k 1122334455667788 --elite\n"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -3318,12 +3318,12 @@ static int CmdHFiClassPermuteKey(const char *Cmd) {
static int CmdHFiClassEncode(const char *Cmd) { static int CmdHFiClassEncode(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "hf iclass encode", CLIParserInit(&ctx, "hf iclass encode",
"Encode binary wiegand to block 7", "Encode binary wiegand to block 7",
"hf iclass encode --bin 10001111100000001010100011 --ki 0 -> FC 31 CN 337\n" "hf iclass encode --bin 10001111100000001010100011 --ki 0 -> FC 31 CN 337\n"
"hf iclass encode --bin 10001111100000001010100011 --ki 0 --elite -> FC 31 CN 337, writing w elite key" "hf iclass encode --bin 10001111100000001010100011 --ki 0 --elite -> FC 31 CN 337, writing w elite key"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -3422,7 +3422,7 @@ static int CmdHFiClassEncode(const char *Cmd) {
} }
// add binary sentinel bit. // add binary sentinel bit.
pushBit(&bout, 1); pushBit(&bout, 1);
// convert binary string to hex bytes // convert binary string to hex bytes
for (int i = 0; i < bin_len; i++) { for (int i = 0; i < bin_len; i++) {
char c = bin[i]; char c = bin[i];
@ -3449,11 +3449,11 @@ static int CmdHFiClassEncode(const char *Cmd) {
int isok = PM3_SUCCESS; int isok = PM3_SUCCESS;
// write // write
for (uint8_t i=0; i<4; i++) { for (uint8_t i = 0; i < 4; i++) {
isok = iclass_write_block(6 + i, credential + (i*8), key, use_credit_key, elite, rawkey, false, false, auth); isok = iclass_write_block(6 + i, credential + (i * 8), key, use_credit_key, elite, rawkey, false, false, auth);
switch (isok) { switch (isok) {
case PM3_SUCCESS: case PM3_SUCCESS:
PrintAndLogEx(SUCCESS, "Write block %d/0x0%x ( " _GREEN_("ok") " ) --> " _YELLOW_("%s"), 6 + i, 6 + i, sprint_hex_inrow(credential + (i*8), 8)); PrintAndLogEx(SUCCESS, "Write block %d/0x0%x ( " _GREEN_("ok") " ) --> " _YELLOW_("%s"), 6 + i, 6 + i, sprint_hex_inrow(credential + (i * 8), 8));
break; break;
default: default:
PrintAndLogEx(SUCCESS, "Write block %d/0x0%x ( " _RED_("fail") " )", 6 + i, 6 + i); PrintAndLogEx(SUCCESS, "Write block %d/0x0%x ( " _RED_("fail") " )", 6 + i, 6 + i);

2
client/src/cmdhfmfp.c
View file

@ -276,7 +276,7 @@ static int CmdHFMFPInfo(const char *Cmd) {
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------");

4
client/src/cmdlfawid.c
View file

@ -510,7 +510,7 @@ static int CmdAWIDBrute(const char *Cmd) {
break; break;
} }
// truncate card number // truncate card number
if ((cn & 0xFFFF) != cn) { if ((cn & 0xFFFF) != cn) {
cn &= 0xFFFF; cn &= 0xFFFF;
@ -550,7 +550,7 @@ static int CmdAWIDBrute(const char *Cmd) {
if (cn > 1) { if (cn > 1) {
if (down > 1) { if (down > 1) {
if (sendTry(fmtlen, fc, --down, delay, bits, size, verbose) != PM3_SUCCESS) { if (sendTry(fmtlen, fc, --down, delay, bits, size, verbose) != PM3_SUCCESS) {
return PM3_ESOFT; return PM3_ESOFT;
} }
} }
} }

6
client/src/cmdlfdestron.c
View file

@ -190,9 +190,9 @@ static int CmdDestronClone(const char *Cmd) {
blocks[1] = (blocks[1] & 0xFFFF) | 0xAAE20000; blocks[1] = (blocks[1] & 0xFFFF) | 0xAAE20000;
PrintAndLogEx(INFO, "Preparing to clone Destron tag to " _YELLOW_("%s") " with ID: " _YELLOW_("%s") PrintAndLogEx(INFO, "Preparing to clone Destron tag to " _YELLOW_("%s") " with ID: " _YELLOW_("%s")
, cardtype , cardtype
, sprint_hex_inrow(data, datalen) , sprint_hex_inrow(data, datalen)
); );
print_blocks(blocks, ARRAYLEN(blocks)); print_blocks(blocks, ARRAYLEN(blocks));

24
client/src/cmdlfem410x.c
View file

@ -118,7 +118,7 @@ void printEM410x(uint32_t hi, uint64_t id, bool verbose) {
if (hi) { if (hi) {
PrintAndLogEx(SUCCESS, "EM 410x ID "_GREEN_("%06X%016" PRIX64), hi, id); PrintAndLogEx(SUCCESS, "EM 410x ID "_GREEN_("%06X%016" PRIX64), hi, id);
} else { } else {
PrintAndLogEx(SUCCESS, "EM 410x ID "_GREEN_("%010" PRIX64), id); PrintAndLogEx(SUCCESS, "EM 410x ID "_GREEN_("%010" PRIX64), id);
} }
return; return;
} }
@ -395,7 +395,7 @@ static int CmdEM410xReader(const char *Cmd) {
// emulate an EM410X tag // emulate an EM410X tag
static int CmdEM410xSim(const char *Cmd) { static int CmdEM410xSim(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "lf em 410x sim", CLIParserInit(&ctx, "lf em 410x sim",
"Enables simulation of EM 410x card.\n" "Enables simulation of EM 410x card.\n"
@ -433,7 +433,7 @@ static int CmdEM410xSim(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int CmdEM410xBrute(const char *Cmd) { static int CmdEM410xBrute(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "lf em 410x brute", CLIParserInit(&ctx, "lf em 410x brute",
"bruteforcing by emulating EM 410x tag", "bruteforcing by emulating EM 410x tag",
@ -452,10 +452,10 @@ static int CmdEM410xBrute(const char *Cmd) {
}; };
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, false);
// clock default 64 in EM410x // clock default 64 in EM410x
uint32_t clk = arg_get_u32_def(ctx, 1, 64); uint32_t clk = arg_get_u32_def(ctx, 1, 64);
// default pause time: 1 second // default pause time: 1 second
uint32_t delay = arg_get_u32_def(ctx, 2, 1000); uint32_t delay = arg_get_u32_def(ctx, 2, 1000);
int fnlen = 0; int fnlen = 0;
@ -467,7 +467,7 @@ static int CmdEM410xBrute(const char *Cmd) {
PrintAndLogEx(ERR, "Error: Please specify a filename"); PrintAndLogEx(ERR, "Error: Please specify a filename");
return PM3_EINVARG; return PM3_EINVARG;
} }
uint32_t uidcnt = 0; uint32_t uidcnt = 0;
uint8_t stUidBlock = 20; uint8_t stUidBlock = 20;
uint8_t *p = NULL; uint8_t *p = NULL;
@ -543,10 +543,10 @@ static int CmdEM410xBrute(const char *Cmd) {
memcpy(testuid, uidblock + 5 * c, 5); memcpy(testuid, uidblock + 5 * c, 5);
PrintAndLogEx(INFO, "Bruteforce %d / %d: simulating UID " _YELLOW_("%s") PrintAndLogEx(INFO, "Bruteforce %d / %d: simulating UID " _YELLOW_("%s")
, c + 1 , c + 1
, uidcnt , uidcnt
, sprint_hex_inrow(testuid, sizeof(testuid)) , sprint_hex_inrow(testuid, sizeof(testuid))
); );
em410x_construct_emul_graph(testuid, clk); em410x_construct_emul_graph(testuid, clk);
@ -585,7 +585,7 @@ static int CmdEM410xClone(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "lf em 410x clone", CLIParserInit(&ctx, "lf em 410x clone",
"Writes EM410x ID to a T55x7 or Q5/T5555 tag", "Writes EM410x ID to a T55x7 or Q5/T5555 tag",
"lf em 410x clone --id 0F0368568B -> write id to T55x7 tag\n" "lf em 410x clone --id 0F0368568B -> write id to T55x7 tag\n"
"lf em 410x clone --id 0F0368568B --q5 -> write id to Q5/T5555 tag" "lf em 410x clone --id 0F0368568B --q5 -> write id to Q5/T5555 tag"
); );
@ -598,7 +598,7 @@ static int CmdEM410xClone(const char *Cmd) {
}; };
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, false);
// clock default 64 in EM410x // clock default 64 in EM410x
uint32_t clk = arg_get_u32_def(ctx, 1, 64); uint32_t clk = arg_get_u32_def(ctx, 1, 64);
int uid_len = 0; int uid_len = 0;
uint8_t uid[5] = {0}; uint8_t uid[5] = {0};

30
client/src/cmdlfem4x05.c
View file

@ -773,7 +773,7 @@ int CmdEM4x05Write(const char *Cmd) {
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
arg_int0("a", "addr", "<dec>", "memory address to write to. (0-13)"), arg_int0("a", "addr", "<dec>", "memory address to write to. (0-13)"),
arg_str1("d", "data", "<hex>", "data to write, 4 bytes hex"), arg_str1("d", "data", "<hex>", "data to write, 4 bytes hex"),
arg_str0("p", "pwd", "<hex>", "optional - password, 4 bytes hex"), arg_str0("p", "pwd", "<hex>", "optional - password, 4 bytes hex"),
arg_lit0(NULL, "po", "protect operation"), arg_lit0(NULL, "po", "protect operation"),
arg_param_end arg_param_end
@ -784,14 +784,14 @@ int CmdEM4x05Write(const char *Cmd) {
uint64_t inputpwd = arg_get_u64_hexstr_def(ctx, 3, 0xFFFFFFFFFFFFFFFF); uint64_t inputpwd = arg_get_u64_hexstr_def(ctx, 3, 0xFFFFFFFFFFFFFFFF);
bool protect_operation = arg_get_lit(ctx, 4); bool protect_operation = arg_get_lit(ctx, 4);
CLIParserFree(ctx); CLIParserFree(ctx);
if ((addr > 13) && (protect_operation == false)) { if ((addr > 13) && (protect_operation == false)) {
PrintAndLogEx(WARNING, "Address must be between 0 and 13"); PrintAndLogEx(WARNING, "Address must be between 0 and 13");
return PM3_EINVARG; return PM3_EINVARG;
} }
bool use_pwd = false; bool use_pwd = false;
uint32_t pwd = ( inputpwd != 0xFFFFFFFFFFFFFFFF) ? (inputpwd & 0xFFFFFFFF) : 0; uint32_t pwd = (inputpwd != 0xFFFFFFFFFFFFFFFF) ? (inputpwd & 0xFFFFFFFF) : 0;
if (pwd == 0xFFFFFFFF) { if (pwd == 0xFFFFFFFF) {
if (protect_operation) if (protect_operation)
PrintAndLogEx(INFO, "Writing protection words data %08X", data); PrintAndLogEx(INFO, "Writing protection words data %08X", data);
@ -807,14 +807,14 @@ int CmdEM4x05Write(const char *Cmd) {
int res = PM3_SUCCESS; int res = PM3_SUCCESS;
// set Protect Words // set Protect Words
if (protect_operation) { if (protect_operation) {
res = em4x05_protect(pwd, use_pwd, data); res = em4x05_protect(pwd, use_pwd, data);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
return res; return res;
} }
} else { } else {
res = em4x05_write_word_ext(addr, pwd, use_pwd, data); res = em4x05_write_word_ext(addr, pwd, use_pwd, data);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
return res; return res;
} }
} }
@ -888,25 +888,25 @@ int CmdEM4x05Wipe(const char *Cmd) {
bool use_pwd = false; bool use_pwd = false;
uint32_t pwd = 0; uint32_t pwd = 0;
if ( inputpwd != 0xFFFFFFFFFFFFFFFF) { if (inputpwd != 0xFFFFFFFFFFFFFFFF) {
pwd = (inputpwd & 0xFFFFFFFF); pwd = (inputpwd & 0xFFFFFFFF);
use_pwd = true; use_pwd = true;
} }
// block 0 : User Data or Chip Info // block 0 : User Data or Chip Info
int res = em4x05_write_word_ext(0, pwd, use_pwd, chip_info); int res = em4x05_write_word_ext(0, pwd, use_pwd, chip_info);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
return res; return res;
} }
// block 1 : UID - this should be read only for EM4205 and EM4305 not sure about others // block 1 : UID - this should be read only for EM4205 and EM4305 not sure about others
res = em4x05_write_word_ext(1, pwd, use_pwd, chip_UID); res = em4x05_write_word_ext(1, pwd, use_pwd, chip_UID);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
PrintAndLogEx(INFO, "UID block write failed"); PrintAndLogEx(INFO, "UID block write failed");
} }
// block 2 : password // block 2 : password
res = em4x05_write_word_ext(2, pwd, use_pwd, block_data); res = em4x05_write_word_ext(2, pwd, use_pwd, block_data);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
return res; return res;
} }
@ -914,20 +914,20 @@ int CmdEM4x05Wipe(const char *Cmd) {
pwd = block_data; pwd = block_data;
// block 3 : user data // block 3 : user data
res = em4x05_write_word_ext(3, pwd, use_pwd, block_data); res = em4x05_write_word_ext(3, pwd, use_pwd, block_data);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
return res; return res;
} }
// block 4 : config // block 4 : config
res = em4x05_write_word_ext(4, pwd, use_pwd, config); res = em4x05_write_word_ext(4, pwd, use_pwd, config);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
return res; return res;
} }
// Remainder of user/data blocks // Remainder of user/data blocks
for (addr = 5; addr < 14; addr++) {// Clear user data blocks for (addr = 5; addr < 14; addr++) {// Clear user data blocks
res = em4x05_write_word_ext(addr, pwd, use_pwd, block_data); res = em4x05_write_word_ext(addr, pwd, use_pwd, block_data);
if ( res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
return res; return res;
} }
} }
@ -2146,4 +2146,4 @@ static int CmdHelp(const char *Cmd) {
int CmdLFEM4X05(const char *Cmd) { int CmdLFEM4X05(const char *Cmd) {
clearCommandBuffer(); clearCommandBuffer();
return CmdsParse(CommandTable, Cmd); return CmdsParse(CommandTable, Cmd);
} }

108
client/src/cmdlfem4x50.c
View file

@ -28,7 +28,7 @@ static void prepare_result(const uint8_t *data, int fwr, int lwr, em4x50_word_t
// restructure received result in "em4x50_word_t" structure // restructure received result in "em4x50_word_t" structure
for (int i = fwr; i <= lwr; i++) { for (int i = fwr; i <= lwr; i++) {
for (int j = 0; j < 4; j++) { for (int j = 0; j < 4; j++) {
words[i].byte[j] = data[i * 4 + (3 - j)]; words[i].byte[j] = data[i * 4 + (3 - j)];
} }
} }
} }
@ -131,7 +131,7 @@ static int em4x50_load_file(const char *filename, uint8_t *data, size_t data_len
int res = 0; int res = 0;
uint32_t serial = 0x0, device_id = 0x0; uint32_t serial = 0x0, device_id = 0x0;
if (str_endswith(filename, ".eml")) if (str_endswith(filename, ".eml"))
res = loadFileEML(filename, data, bytes_read) != PM3_SUCCESS; res = loadFileEML(filename, data, bytes_read) != PM3_SUCCESS;
else if (str_endswith(filename, ".json")) else if (str_endswith(filename, ".json"))
@ -202,7 +202,7 @@ int CmdEM4x50ELoad(const char *Cmd) {
// upload to emulator memory // upload to emulator memory
PrintAndLogEx(INFO, "Uploading dump " _YELLOW_("%s") " to emulator memory", filename); PrintAndLogEx(INFO, "Uploading dump " _YELLOW_("%s") " to emulator memory", filename);
em4x50_seteml(data, 0, DUMP_FILESIZE); em4x50_seteml(data, 0, DUMP_FILESIZE);
PrintAndLogEx(INFO, "Done"); PrintAndLogEx(INFO, "Done");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -236,7 +236,7 @@ int CmdEM4x50ESave(const char *Cmd) {
PrintAndLogEx(WARNING, "Fail, transfer from device time-out"); PrintAndLogEx(WARNING, "Fail, transfer from device time-out");
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }
// valid em4x50 data? // valid em4x50 data?
uint32_t serial = bytes_to_num(data + 4 * EM4X50_DEVICE_SERIAL, 4); uint32_t serial = bytes_to_num(data + 4 * EM4X50_DEVICE_SERIAL, 4);
uint32_t device_id = bytes_to_num(data + 4 * EM4X50_DEVICE_ID, 4); uint32_t device_id = bytes_to_num(data + 4 * EM4X50_DEVICE_ID, 4);
@ -244,7 +244,7 @@ int CmdEM4x50ESave(const char *Cmd) {
PrintAndLogEx(WARNING, "No valid em4x50 data in flash memory."); PrintAndLogEx(WARNING, "No valid em4x50 data in flash memory.");
return PM3_ENODATA; return PM3_ENODATA;
} }
// user supplied filename? // user supplied filename?
if (fnlen == 0) { if (fnlen == 0) {
PrintAndLogEx(INFO, "Using UID as filename"); PrintAndLogEx(INFO, "Using UID as filename");
@ -272,7 +272,7 @@ int CmdEM4x50Login(const char *Cmd) {
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0; int pwd_len = 0;
uint8_t pwd[4] = {0x0}; uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len); CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len);
@ -281,7 +281,7 @@ int CmdEM4x50Login(const char *Cmd) {
if (pwd_len != 4) { if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes"); PrintAndLogEx(FAILED, "password length must be 4 bytes");
return PM3_EINVARG; return PM3_EINVARG;
} }
uint32_t password = BYTES2UINT32(pwd); uint32_t password = BYTES2UINT32(pwd);
@ -315,30 +315,30 @@ int CmdEM4x50Brute(const char *Cmd) {
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int first_len = 0; int first_len = 0;
uint8_t first[4] = {0,0,0,0}; uint8_t first[4] = {0, 0, 0, 0};
CLIGetHexWithReturn(ctx, 1, first, &first_len); CLIGetHexWithReturn(ctx, 1, first, &first_len);
int last_len = 0; int last_len = 0;
uint8_t last[4] = {0,0,0,0}; uint8_t last[4] = {0, 0, 0, 0};
CLIGetHexWithReturn(ctx, 2, last, &last_len); CLIGetHexWithReturn(ctx, 2, last, &last_len);
CLIParserFree(ctx); CLIParserFree(ctx);
if (first_len != 4) { if (first_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes"); PrintAndLogEx(FAILED, "password length must be 4 bytes");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (last_len != 4) { if (last_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes"); PrintAndLogEx(FAILED, "password length must be 4 bytes");
return PM3_EINVARG; return PM3_EINVARG;
} }
em4x50_data_t etd; em4x50_data_t etd;
etd.password1 = BYTES2UINT32(first); etd.password1 = BYTES2UINT32(first);
etd.password2 = BYTES2UINT32(last); etd.password2 = BYTES2UINT32(last);
// 27 passwords/second (empirical value) // 27 passwords/second (empirical value)
const int speed = 27; const int speed = 27;
// print some information // print some information
int no_iter = etd.password2 - etd.password1 + 1; int no_iter = etd.password2 - etd.password1 + 1;
@ -348,10 +348,10 @@ int CmdEM4x50Brute(const char *Cmd) {
dur_s -= dur_h * 3600 + dur_m * 60; dur_s -= dur_h * 3600 + dur_m * 60;
PrintAndLogEx(INFO, "Trying %i passwords in range [0x%08x, 0x%08x]" PrintAndLogEx(INFO, "Trying %i passwords in range [0x%08x, 0x%08x]"
, no_iter , no_iter
, etd.password1 , etd.password1
, etd.password2 , etd.password2
); );
PrintAndLogEx(INFO, "Estimated duration: %ih%im%is", dur_h, dur_m, dur_s); PrintAndLogEx(INFO, "Estimated duration: %ih%im%is", dur_h, dur_m, dur_s);
// start // start
@ -390,7 +390,7 @@ int CmdEM4x50Chk(const char *Cmd) {
char filename[FILE_PATH_SIZE] = {0}; char filename[FILE_PATH_SIZE] = {0};
CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
CLIParserFree(ctx); CLIParserFree(ctx);
if (IfPm3Flash() == false) { if (IfPm3Flash() == false) {
PrintAndLogEx(WARNING, "no flash memory available"); PrintAndLogEx(WARNING, "no flash memory available");
return PM3_EFLASH; return PM3_EFLASH;
@ -410,17 +410,17 @@ int CmdEM4x50Chk(const char *Cmd) {
int res = loadFileDICTIONARY(filename, data, &datalen, 4, &key_count); int res = loadFileDICTIONARY(filename, data, &datalen, 4, &key_count);
if (res || !key_count) if (res || !key_count)
return PM3_EFILE; return PM3_EFILE;
PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button"); PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
int status = PM3_EFAILED; int status = PM3_EFAILED;
int keyblock = 2000; // block with 2000 bytes -> 500 keys int keyblock = 2000; // block with 2000 bytes -> 500 keys
uint8_t destfn[32] = "em4x50_chk.bin"; uint8_t destfn[32] = "em4x50_chk.bin";
PacketResponseNG resp; PacketResponseNG resp;
int bytes_remaining = datalen; int bytes_remaining = datalen;
while (bytes_remaining > 0) { while (bytes_remaining > 0) {
PrintAndLogEx(INPLACE, "Remaining keys: %i ", bytes_remaining / 4); PrintAndLogEx(INPLACE, "Remaining keys: %i ", bytes_remaining / 4);
// upload to flash. // upload to flash.
@ -434,7 +434,7 @@ int CmdEM4x50Chk(const char *Cmd) {
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_CHK, destfn, sizeof(destfn)); SendCommandNG(CMD_LF_EM4X50_CHK, destfn, sizeof(destfn));
WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false); WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false);
status = resp.status; status = resp.status;
if ((status == PM3_SUCCESS) || (status == PM3_EOPABORTED)) if ((status == PM3_SUCCESS) || (status == PM3_EOPABORTED))
break; break;
@ -444,7 +444,7 @@ int CmdEM4x50Chk(const char *Cmd) {
} }
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
// print response // print response
if (status == PM3_SUCCESS) { if (status == PM3_SUCCESS) {
PrintAndLogEx(SUCCESS, "Key " _GREEN_("found: %02x %02x %02x %02x"), PrintAndLogEx(SUCCESS, "Key " _GREEN_("found: %02x %02x %02x %02x"),
@ -452,7 +452,7 @@ int CmdEM4x50Chk(const char *Cmd) {
resp.data.asBytes[2], resp.data.asBytes[2],
resp.data.asBytes[1], resp.data.asBytes[1],
resp.data.asBytes[0] resp.data.asBytes[0]
); );
} else { } else {
PrintAndLogEx(FAILED, "No key found"); PrintAndLogEx(FAILED, "No key found");
} }
@ -536,7 +536,7 @@ int CmdEM4x50Read(const char *Cmd) {
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int addr = arg_get_int_def(ctx, 1, 0); int addr = arg_get_int_def(ctx, 1, 0);
int pwd_len = 0; int pwd_len = 0;
uint8_t pwd[4] = {0x0}; uint8_t pwd[4] = {0x0};
@ -545,7 +545,7 @@ int CmdEM4x50Read(const char *Cmd) {
if (addr <= 0 || addr >= EM4X50_NO_WORDS) { if (addr <= 0 || addr >= EM4X50_NO_WORDS) {
return PM3_EINVARG; return PM3_EINVARG;
} }
em4x50_data_t etd; em4x50_data_t etd;
@ -587,11 +587,11 @@ int CmdEM4x50Info(const char *Cmd) {
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0; int pwd_len = 0;
uint8_t pwd[4] = {0x0}; uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len); CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len);
CLIParserFree(ctx); CLIParserFree(ctx);
em4x50_data_t etd = {.pwd_given = false}; em4x50_data_t etd = {.pwd_given = false};
if (pwd_len) { if (pwd_len) {
if (pwd_len != 4) { if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len); PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len);
@ -610,7 +610,7 @@ int CmdEM4x50Info(const char *Cmd) {
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }
if ( resp.status == PM3_SUCCESS) if (resp.status == PM3_SUCCESS)
print_info_result(resp.data.asBytes); print_info_result(resp.data.asBytes);
else else
PrintAndLogEx(FAILED, "Reading tag " _RED_("failed")); PrintAndLogEx(FAILED, "Reading tag " _RED_("failed"));
@ -666,7 +666,7 @@ int CmdEM4x50Reader(const char *Cmd) {
PrintAndLogEx(INFO, _GREEN_(" %s") "| %s", sprint_hex(words[i].byte, 4), r); PrintAndLogEx(INFO, _GREEN_(" %s") "| %s", sprint_hex(words[i].byte, 4), r);
} }
PrintAndLogEx(INFO, "-------------+-------------"); PrintAndLogEx(INFO, "-------------+-------------");
} }
} while (cm && !kbd_enter_pressed()); } while (cm && !kbd_enter_pressed());
@ -771,11 +771,11 @@ int CmdEM4x50Write(const char *Cmd) {
arg_str0("p", "pwd", "<hex>", "password, 4 bytes, lsb"), arg_str0("p", "pwd", "<hex>", "password, 4 bytes, lsb"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int addr = arg_get_int_def(ctx, 1, 0); int addr = arg_get_int_def(ctx, 1, 0);
int word_len = 0; int word_len = 0;
uint8_t word[4] = {0x0}; uint8_t word[4] = {0x0};
CLIGetHexWithReturn(ctx, 2, word, &word_len); CLIGetHexWithReturn(ctx, 2, word, &word_len);
@ -784,18 +784,18 @@ int CmdEM4x50Write(const char *Cmd) {
uint8_t pwd[4] = {0x0}; uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 3, pwd, &pwd_len); CLIGetHexWithReturn(ctx, 3, pwd, &pwd_len);
CLIParserFree(ctx); CLIParserFree(ctx);
if (addr <= 0 || addr >= EM4X50_NO_WORDS) { if (addr <= 0 || addr >= EM4X50_NO_WORDS) {
PrintAndLogEx(FAILED, "address has to be within range [0, 31]"); PrintAndLogEx(FAILED, "address has to be within range [0, 31]");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (word_len != 4) { if (word_len != 4) {
PrintAndLogEx(FAILED, "word/data length must be 4 bytes instead of %d", word_len); PrintAndLogEx(FAILED, "word/data length must be 4 bytes instead of %d", word_len);
return PM3_EINVARG; return PM3_EINVARG;
} }
em4x50_data_t etd = {.pwd_given = false}; em4x50_data_t etd = {.pwd_given = false};
if (pwd_len) { if (pwd_len) {
if (pwd_len != 4) { if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len); PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len);
@ -853,7 +853,7 @@ int CmdEM4x50WritePwd(const char *Cmd) {
arg_str1("n", "new", "<hex>", "new password, 4 hex bytes, lsb"), arg_str1("n", "new", "<hex>", "new password, 4 hex bytes, lsb"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0; int pwd_len = 0;
uint8_t pwd[4] = {0x0}; uint8_t pwd[4] = {0x0};
@ -865,7 +865,7 @@ int CmdEM4x50WritePwd(const char *Cmd) {
CLIParserFree(ctx); CLIParserFree(ctx);
em4x50_data_t etd; em4x50_data_t etd;
if (pwd_len != 4) { if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len); PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len);
return PM3_EINVARG; return PM3_EINVARG;
@ -898,9 +898,9 @@ int CmdEM4x50WritePwd(const char *Cmd) {
} }
PrintAndLogEx(SUCCESS, "Writing new password %s (%s)" PrintAndLogEx(SUCCESS, "Writing new password %s (%s)"
, sprint_hex_inrow(npwd, sizeof(npwd)) , sprint_hex_inrow(npwd, sizeof(npwd))
, _GREEN_("ok") , _GREEN_("ok")
); );
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -919,7 +919,7 @@ int CmdEM4x50Wipe(const char *Cmd) {
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0; int pwd_len = 0;
uint8_t pwd[4] = {0x0}; uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len); CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len);
@ -935,7 +935,7 @@ int CmdEM4x50Wipe(const char *Cmd) {
etd.password1 = BYTES2UINT32(pwd); etd.password1 = BYTES2UINT32(pwd);
etd.pwd_given = true; etd.pwd_given = true;
// clear password // clear password
PacketResponseNG resp; PacketResponseNG resp;
clearCommandBuffer(); clearCommandBuffer();
@ -954,13 +954,13 @@ int CmdEM4x50Wipe(const char *Cmd) {
// from now on new password 0x0 // from now on new password 0x0
etd.password1 = 0x0; etd.password1 = 0x0;
// clear data (words 1 to 31) // clear data (words 1 to 31)
for (int i = 1; i < EM4X50_DEVICE_SERIAL; i++) { for (int i = 1; i < EM4X50_DEVICE_SERIAL; i++) {
// no login necessary for blocks 3 to 31 // no login necessary for blocks 3 to 31
etd.pwd_given = (i <= EM4X50_CONTROL); etd.pwd_given = (i <= EM4X50_CONTROL);
PrintAndLogEx(INPLACE, "Wiping block %i", i); PrintAndLogEx(INPLACE, "Wiping block %i", i);
etd.addresses = i << 8 | i; etd.addresses = i << 8 | i;
@ -971,7 +971,7 @@ int CmdEM4x50Wipe(const char *Cmd) {
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }
if ( resp.status != PM3_SUCCESS) { if (resp.status != PM3_SUCCESS) {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(FAILED, "Wiping data " _RED_("failed")); PrintAndLogEx(FAILED, "Wiping data " _RED_("failed"));
return PM3_ESOFT; return PM3_ESOFT;
@ -1002,7 +1002,7 @@ int CmdEM4x50Restore(const char *Cmd) {
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
int uidLen = 0; int uidLen = 0;
uint8_t uid[4] = {0x0}; uint8_t uid[4] = {0x0};
@ -1057,7 +1057,7 @@ int CmdEM4x50Restore(const char *Cmd) {
etd.addresses = i << 8 | i; etd.addresses = i << 8 | i;
etd.word = reflect32(BYTES2UINT32((data + 4 * i))); etd.word = reflect32(BYTES2UINT32((data + 4 * i)));
PacketResponseNG resp; PacketResponseNG resp;
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_WRITE, (uint8_t *)&etd, sizeof(etd)); SendCommandNG(CMD_LF_EM4X50_WRITE, (uint8_t *)&etd, sizeof(etd));
@ -1074,7 +1074,7 @@ int CmdEM4x50Restore(const char *Cmd) {
} }
} }
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "Done"); PrintAndLogEx(INFO, "Done");
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -1118,10 +1118,10 @@ static command_t CommandTable[] = {
{"login", CmdEM4x50Login, IfPm3EM4x50, "login into EM4x50"}, {"login", CmdEM4x50Login, IfPm3EM4x50, "login into EM4x50"},
{"rdbl", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"}, {"rdbl", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"},
{"wrbl", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"}, {"wrbl", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"},
{"writepwd",CmdEM4x50WritePwd, IfPm3EM4x50, "change password of EM4x50"}, {"writepwd", CmdEM4x50WritePwd, IfPm3EM4x50, "change password of EM4x50"},
{"wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe EM4x50 tag"}, {"wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe EM4x50 tag"},
{"reader", CmdEM4x50Reader, IfPm3EM4x50, "show standard read mode data of EM4x50"}, {"reader", CmdEM4x50Reader, IfPm3EM4x50, "show standard read mode data of EM4x50"},
{"restore",CmdEM4x50Restore, IfPm3EM4x50, "restore EM4x50 dump to tag"}, {"restore", CmdEM4x50Restore, IfPm3EM4x50, "restore EM4x50 dump to tag"},
{"sim", CmdEM4x50Sim, IfPm3EM4x50, "simulate EM4x50 tag"}, {"sim", CmdEM4x50Sim, IfPm3EM4x50, "simulate EM4x50 tag"},
{"eload", CmdEM4x50ELoad, IfPm3EM4x50, "upload dump of EM4x50 to flash memory"}, {"eload", CmdEM4x50ELoad, IfPm3EM4x50, "upload dump of EM4x50 to flash memory"},
{"esave", CmdEM4x50ESave, IfPm3EM4x50, "save flash memory to file"}, {"esave", CmdEM4x50ESave, IfPm3EM4x50, "save flash memory to file"},

36
client/src/cmdlfem4x70.c
View file

@ -31,26 +31,26 @@ static void print_info_result(uint8_t *data) {
// data section // data section
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, _YELLOW_("EM4x70 data:")); PrintAndLogEx(INFO, _YELLOW_("EM4x70 data:"));
for(int i=1; i <= 32; i+=2) { for (int i = 1; i <= 32; i += 2) {
PrintAndLogEx(NORMAL, "%02X %02X", data[32-i], data[32-i-1]); PrintAndLogEx(NORMAL, "%02X %02X", data[32 - i], data[32 - i - 1]);
} }
PrintAndLogEx(NORMAL, "Tag ID: %02X %02X %02X %02X", data[7], data[6], data[5], data[4]); PrintAndLogEx(NORMAL, "Tag ID: %02X %02X %02X %02X", data[7], data[6], data[5], data[4]);
PrintAndLogEx(NORMAL, "Lockbit 0: %d %s", (data[3] & 0x40) ? 1:0, (data[3] & 0x40) ? "LOCKED":"UNLOCKED"); PrintAndLogEx(NORMAL, "Lockbit 0: %d %s", (data[3] & 0x40) ? 1 : 0, (data[3] & 0x40) ? "LOCKED" : "UNLOCKED");
PrintAndLogEx(NORMAL, "Lockbit 1: %d", (data[3] & 0x80) ? 1:0); PrintAndLogEx(NORMAL, "Lockbit 1: %d", (data[3] & 0x80) ? 1 : 0);
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
} }
int em4x70_info(void) { int em4x70_info(void) {
em4x70_data_t edata = { em4x70_data_t edata = {
.parity = false // TODO: try both? or default to true .parity = false // TODO: try both? or default to true
}; };
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X70_INFO, (uint8_t *)&edata, sizeof(edata)); SendCommandNG(CMD_LF_EM4X70_INFO, (uint8_t *)&edata, sizeof(edata));
PacketResponseNG resp; PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_LF_EM4X70_INFO, &resp, TIMEOUT)) { if (!WaitForResponseTimeout(CMD_LF_EM4X70_INFO, &resp, TIMEOUT)) {
PrintAndLogEx(WARNING, "(em4x70) timeout while waiting for reply."); PrintAndLogEx(WARNING, "(em4x70) timeout while waiting for reply.");
@ -87,7 +87,7 @@ int CmdEM4x70Info(const char *Cmd) {
" V4070 and EM4170 do require parity bit.", " V4070 and EM4170 do require parity bit.",
"lf em 4x70 info\n" "lf em 4x70 info\n"
"lf em 4x70 info --par -> adds parity bit to command\n" "lf em 4x70 info --par -> adds parity bit to command\n"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -128,7 +128,7 @@ int CmdEM4x70Write(const char *Cmd) {
"Write EM4x70\n", "Write EM4x70\n",
"lf em 4x70 write -b 15 -d c0de -> write 'c0de' to block 15\n" "lf em 4x70 write -b 15 -d c0de -> write 'c0de' to block 15\n"
"lf em 4x70 write -b 15 -d c0de --par -> adds parity bit to commands\n" "lf em 4x70 write -b 15 -d c0de --par -> adds parity bit to commands\n"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -139,11 +139,11 @@ int CmdEM4x70Write(const char *Cmd) {
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
etd.parity = arg_get_lit(ctx, 1); etd.parity = arg_get_lit(ctx, 1);
int addr = arg_get_int(ctx, 2); int addr = arg_get_int(ctx, 2);
int word_len = 0; int word_len = 0;
uint8_t word[2] = {0x0}; uint8_t word[2] = {0x0};
CLIGetHexWithReturn(ctx, 3, word, &word_len); CLIGetHexWithReturn(ctx, 3, word, &word_len);
@ -153,8 +153,8 @@ int CmdEM4x70Write(const char *Cmd) {
if (addr < 0 || addr >= EM4X70_NUM_BLOCKS) { if (addr < 0 || addr >= EM4X70_NUM_BLOCKS) {
PrintAndLogEx(FAILED, "block has to be within range [0, 15]"); PrintAndLogEx(FAILED, "block has to be within range [0, 15]");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (word_len != 2) { if (word_len != 2) {
PrintAndLogEx(FAILED, "word/data length must be 2 bytes instead of %d", word_len); PrintAndLogEx(FAILED, "word/data length must be 2 bytes instead of %d", word_len);
return PM3_EINVARG; return PM3_EINVARG;
@ -195,7 +195,7 @@ int CmdEM4x70Unlock(const char *Cmd) {
" 00000000\n", " 00000000\n",
"lf em 4x70 unlock -p 11223344 -> Unlock with PIN\n" "lf em 4x70 unlock -p 11223344 -> Unlock with PIN\n"
"lf em 4x70 unlock -p 11223344 --par -> Unlock with PIN using parity commands\n" "lf em 4x70 unlock -p 11223344 --par -> Unlock with PIN using parity commands\n"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -205,12 +205,12 @@ int CmdEM4x70Unlock(const char *Cmd) {
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
etd.parity = arg_get_lit(ctx, 1); etd.parity = arg_get_lit(ctx, 1);
int pin_len = 0; int pin_len = 0;
uint8_t pin[4] = {0x0}; uint8_t pin[4] = {0x0};
CLIGetHexWithReturn(ctx, 2, pin, &pin_len); CLIGetHexWithReturn(ctx, 2, pin, &pin_len);
CLIParserFree(ctx); CLIParserFree(ctx);

12
client/src/cmdlffdxb.c
View file

@ -727,7 +727,7 @@ static int CmdFdxBClone(const char *Cmd) {
} }
uint32_t extended = 0; uint32_t extended = 0;
bool has_extended = false; bool has_extended = false;
if (extended_len) { if (extended_len) {
extended = bytes_to_num(edata, extended_len); extended = bytes_to_num(edata, extended_len);
has_extended = true; has_extended = true;
@ -773,10 +773,10 @@ static int CmdFdxBClone(const char *Cmd) {
free(bs); free(bs);
PrintAndLogEx(INFO, "Preparing to clone FDX-B to " _YELLOW_("%s") " with animal ID: " _GREEN_("%04u-%"PRIu64) PrintAndLogEx(INFO, "Preparing to clone FDX-B to " _YELLOW_("%s") " with animal ID: " _GREEN_("%04u-%"PRIu64)
, cardtype , cardtype
, country_code , country_code
, national_code , national_code
); );
print_blocks(blocks, ARRAYLEN(blocks)); print_blocks(blocks, ARRAYLEN(blocks));
int res; int res;
@ -820,7 +820,7 @@ static int CmdFdxBSim(const char *Cmd) {
CLIParserFree(ctx); CLIParserFree(ctx);
uint32_t extended = 0; uint32_t extended = 0;
bool has_extended = false; bool has_extended = false;
if (extended_len) { if (extended_len) {
extended = bytes_to_num(edata, extended_len); extended = bytes_to_num(edata, extended_len);
has_extended = true; has_extended = true;

2
client/src/cmdlfgallagher.c
View file

@ -233,7 +233,7 @@ static int CmdGallagherClone(const char *Cmd) {
static int CmdGallagherSim(const char *Cmd) { static int CmdGallagherSim(const char *Cmd) {
CLIParserContext *ctx; CLIParserContext *ctx;
CLIParserInit(&ctx, "lf gallagher sim", CLIParserInit(&ctx, "lf gallagher sim",
"Enables simulation of GALLAGHER card with specified card number.\n" "Enables simulation of GALLAGHER card with specified card number.\n"
"Simulation runs until the button is pressed or another USB command is issued.\n", "Simulation runs until the button is pressed or another USB command is issued.\n",

14
client/src/cmdlfguard.c
View file

@ -226,10 +226,10 @@ static int CmdGuardClone(const char *Cmd) {
free(bs); free(bs);
PrintAndLogEx(INFO, "Preparing to clone Guardall to " _YELLOW_("%s") " with Facility Code: " _GREEN_("%u") " Card Number: " _GREEN_("%u") PrintAndLogEx(INFO, "Preparing to clone Guardall to " _YELLOW_("%s") " with Facility Code: " _GREEN_("%u") " Card Number: " _GREEN_("%u")
, cardtype , cardtype
, facilitycode , facilitycode
, cardnumber , cardnumber
); );
print_blocks(blocks, ARRAYLEN(blocks)); print_blocks(blocks, ARRAYLEN(blocks));
int res; int res;
@ -281,9 +281,9 @@ static int CmdGuardSim(const char *Cmd) {
} }
PrintAndLogEx(SUCCESS, "Simulating Guardall Prox - Facility Code: " _YELLOW_("%u") " CardNumber: " _YELLOW_("%u") PrintAndLogEx(SUCCESS, "Simulating Guardall Prox - Facility Code: " _YELLOW_("%u") " CardNumber: " _YELLOW_("%u")
, facilitycode , facilitycode
, cardnumber , cardnumber
); );
// Guard uses: clk: 64, invert: 0, encoding: 2 (ASK Biphase) // Guard uses: clk: 64, invert: 0, encoding: 2 (ASK Biphase)
lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs)); lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs));

12
client/src/cmdlfhid.c
View file

@ -60,16 +60,16 @@ static int sendTry(uint8_t format_idx, wiegand_card_t *card, uint32_t delay, boo
if (HIDPack(format_idx, card, &packed) == false) { if (HIDPack(format_idx, card, &packed) == false) {
PrintAndLogEx(WARNING, "The card data could not be encoded in the selected format."); PrintAndLogEx(WARNING, "The card data could not be encoded in the selected format.");
return PM3_ESOFT; return PM3_ESOFT;
} }
if (verbose) { if (verbose) {
PrintAndLogEx(INFO, "Trying FC: " _YELLOW_("%u") " CN: " _YELLOW_("%"PRIu64) " Issue level: " _YELLOW_("%u") " OEM: " _YELLOW_("%u") PrintAndLogEx(INFO, "Trying FC: " _YELLOW_("%u") " CN: " _YELLOW_("%"PRIu64) " Issue level: " _YELLOW_("%u") " OEM: " _YELLOW_("%u")
, card->FacilityCode , card->FacilityCode
, card->CardNumber , card->CardNumber
, card->IssueLevel , card->IssueLevel
, card->OEM , card->OEM
); );
} }
lf_hidsim_t payload; lf_hidsim_t payload;

28
client/src/cmdlfindala.c
View file

@ -250,7 +250,7 @@ static int CmdIndalaDemod(const char *Cmd) {
"lf indala demod --clock 32 -> demod a Indala tag from GraphBuffer using a clock of RF/32\n" "lf indala demod --clock 32 -> demod a Indala tag from GraphBuffer using a clock of RF/32\n"
"lf indala demod --clock 32 -i -> demod a Indala tag from GraphBuffer using a clock of RF/32 and inverting data\n" "lf indala demod --clock 32 -i -> demod a Indala tag from GraphBuffer using a clock of RF/32 and inverting data\n"
"lf indala demod --clock 64 -i --maxerror 0 -> demod a Indala tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors" "lf indala demod --clock 64 -i --maxerror 0 -> demod a Indala tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -281,7 +281,7 @@ static int CmdIndalaDemodAlt(const char *Cmd) {
"It's now considered obsolete but remains because it has sometimes its advantages.", "It's now considered obsolete but remains because it has sometimes its advantages.",
"lf indala altdemod\n" "lf indala altdemod\n"
"lf indala altdemod --long -> demod a Indala tag from GraphBuffer as 224 bit long format" "lf indala altdemod --long -> demod a Indala tag from GraphBuffer as 224 bit long format"
); );
void *argtable[] = { void *argtable[] = {
arg_param_begin, arg_param_begin,
@ -583,9 +583,9 @@ static int CmdIndalaSim(const char *Cmd) {
// lf simpsk 1 c 32 r 2 d 0102030405060708 // lf simpsk 1 c 32 r 2 d 0102030405060708
PrintAndLogEx(SUCCESS, "Simulating " _YELLOW_("%s") " Indala raw " _YELLOW_("%s") PrintAndLogEx(SUCCESS, "Simulating " _YELLOW_("%s") " Indala raw " _YELLOW_("%s")
, (is_long_uid) ? "224b" : "64b" , (is_long_uid) ? "224b" : "64b"
, sprint_hex_inrow(raw, raw_len) , sprint_hex_inrow(raw, raw_len)
); );
PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation or run another command"); PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation or run another command");
// indala PSK, clock 32, carrier 0 // indala PSK, clock 32, carrier 0
@ -665,7 +665,7 @@ static int CmdIndalaClone(const char *Cmd) {
uint8_t max = 0; uint8_t max = 0;
uint32_t blocks[8] = {0}; uint32_t blocks[8] = {0};
char cardtype[16] = {"T55x7"}; char cardtype[16] = {"T55x7"};
if (is_long_uid) { if (is_long_uid) {
blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT); blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
@ -673,7 +673,7 @@ static int CmdIndalaClone(const char *Cmd) {
blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK2 | (7 << T5555_MAXBLOCK_SHIFT); blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK2 | (7 << T5555_MAXBLOCK_SHIFT);
snprintf(cardtype, sizeof(cardtype), "Q5/T5555"); snprintf(cardtype, sizeof(cardtype), "Q5/T5555");
} }
if (em) { if (em) {
blocks[0] = EM4305_INDALA_224_CONFIG_BLOCK; blocks[0] = EM4305_INDALA_224_CONFIG_BLOCK;
snprintf(cardtype, sizeof(cardtype), "EM4305/4469"); snprintf(cardtype, sizeof(cardtype), "EM4305/4469");
@ -691,9 +691,9 @@ static int CmdIndalaClone(const char *Cmd) {
// 224 BIT UID // 224 BIT UID
// config for Indala (RF/32;PSK2 with RF/2;Maxblock=7) // config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
PrintAndLogEx(INFO, "Preparing to clone Indala 224bit to " _YELLOW_("%s") " raw " _GREEN_("%s") PrintAndLogEx(INFO, "Preparing to clone Indala 224bit to " _YELLOW_("%s") " raw " _GREEN_("%s")
, cardtype , cardtype
, sprint_hex_inrow(raw, raw_len) , sprint_hex_inrow(raw, raw_len)
); );
} else { } else {
@ -737,7 +737,7 @@ static int CmdIndalaClone(const char *Cmd) {
blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK1 | (2 << T5555_MAXBLOCK_SHIFT); blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK1 | (2 << T5555_MAXBLOCK_SHIFT);
snprintf(cardtype, sizeof(cardtype), "Q5/T5555"); snprintf(cardtype, sizeof(cardtype), "Q5/T5555");
} }
if (em) { if (em) {
blocks[0] = EM4305_INDALA_64_CONFIG_BLOCK; blocks[0] = EM4305_INDALA_64_CONFIG_BLOCK;
snprintf(cardtype, sizeof(cardtype), "EM4305/4469"); snprintf(cardtype, sizeof(cardtype), "EM4305/4469");
@ -749,9 +749,9 @@ static int CmdIndalaClone(const char *Cmd) {
// config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2) // config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
PrintAndLogEx(INFO, "Preparing to clone Indala 64bit to " _YELLOW_("%s") " raw " _GREEN_("%s") PrintAndLogEx(INFO, "Preparing to clone Indala 64bit to " _YELLOW_("%s") " raw " _GREEN_("%s")
, cardtype , cardtype
, sprint_hex_inrow(raw, raw_len) , sprint_hex_inrow(raw, raw_len)
); );
} }
print_blocks(blocks, max); print_blocks(blocks, max);

12
client/src/cmdlfio.c
View file

@ -318,12 +318,12 @@ static int CmdIOProxClone(const char *Cmd) {
blocks[2] = bytebits_to_byte(bits + 32, 32); blocks[2] = bytebits_to_byte(bits + 32, 32);
PrintAndLogEx(INFO, "Preparing to clone ioProx to " _YELLOW_("%s") " with Version: " _GREEN_("%u") " FC: " _GREEN_("%u (0x%02x)") " CN: " _GREEN_("%u") PrintAndLogEx(INFO, "Preparing to clone ioProx to " _YELLOW_("%s") " with Version: " _GREEN_("%u") " FC: " _GREEN_("%u (0x%02x)") " CN: " _GREEN_("%u")
, cardtype , cardtype
, version , version
, fc , fc
, fc , fc
, cn , cn
); );
print_blocks(blocks, ARRAYLEN(blocks)); print_blocks(blocks, ARRAYLEN(blocks));
int res; int res;

4
client/src/cmdlfjablotron.c
View file

@ -219,11 +219,11 @@ static int CmdJablotronClone(const char *Cmd) {
free(bits); free(bits);
uint64_t id = getJablontronCardId(fullcode); uint64_t id = getJablontronCardId(fullcode);
PrintAndLogEx(INFO, "Preparing to clone Jablotron to " _YELLOW_("%s") " with FullCode: " _GREEN_("%"PRIx64)" id: " _GREEN_("%"PRIx64), cardtype, fullcode, id); PrintAndLogEx(INFO, "Preparing to clone Jablotron to " _YELLOW_("%s") " with FullCode: " _GREEN_("%"PRIx64)" id: " _GREEN_("%"PRIx64), cardtype, fullcode, id);
print_blocks(blocks, ARRAYLEN(blocks)); print_blocks(blocks, ARRAYLEN(blocks));
int res; int res;
if (em) { if (em) {
res = em4x05_clone_tag(blocks, ARRAYLEN(blocks), 0, false); res = em4x05_clone_tag(blocks, ARRAYLEN(blocks), 0, false);

2
client/src/cmdlfmotorola.c
View file

@ -264,7 +264,7 @@ static int CmdMotorolaSim(const char *Cmd) {
}; };
CLIExecWithReturn(ctx, Cmd, argtable, true); CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIParserFree(ctx); CLIParserFree(ctx);
// PSK sim. // PSK sim.
PrintAndLogEx(INFO, " PSK1 at 66 kHz... Interesting."); PrintAndLogEx(INFO, " PSK1 at 66 kHz... Interesting.");
PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); PrintAndLogEx(INFO, " To be implemented, feel free to contribute!");

34
client/src/cmdlfnedap.c
View file

@ -145,13 +145,13 @@ int demodNedap(bool verbose) {
badgeId = r1 * 10000 + r2 * 1000 + r3 * 100 + r4 * 10 + r5; badgeId = r1 * 10000 + r2 * 1000 + r3 * 100 + r4 * 10 + r5;
PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _YELLOW_("%05u") " subtype: " _YELLOW_("%1u")" customer code: " _YELLOW_("%u / 0x%03X") " Raw: " _YELLOW_("%s") PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _YELLOW_("%05u") " subtype: " _YELLOW_("%1u")" customer code: " _YELLOW_("%u / 0x%03X") " Raw: " _YELLOW_("%s")
, (size == 128) ? "128b" : "64b" , (size == 128) ? "128b" : "64b"
, badgeId , badgeId
, subtype , subtype
, customerCode , customerCode
, customerCode , customerCode
, sprint_hex_inrow(data, size / 8) , sprint_hex_inrow(data, size / 8)
); );
PrintAndLogEx(DEBUG, "Checksum (%s) 0x%04X", _GREEN_("ok"), checksum); PrintAndLogEx(DEBUG, "Checksum (%s) 0x%04X", _GREEN_("ok"), checksum);
} else { } else {
@ -373,7 +373,7 @@ static int CmdLFNedapClone(const char *Cmd) {
arg_u64_0(NULL, "st", "<dec>", "optional - sub type (default 5)"), arg_u64_0(NULL, "st", "<dec>", "optional - sub type (default 5)"),
arg_u64_1(NULL, "cc", "<dec>", "customer code (0-4095)"), arg_u64_1(NULL, "cc", "<dec>", "customer code (0-4095)"),
arg_u64_1(NULL, "id", "<dec>", "ID (0-99999)"), arg_u64_1(NULL, "id", "<dec>", "ID (0-99999)"),
arg_lit0("l", "long", "optional - long (128), default to short (64)"), arg_lit0("l", "long", "optional - long (128), default to short (64)"),
arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"), arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"),
arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"), arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"),
arg_param_end arg_param_end
@ -395,17 +395,17 @@ static int CmdLFNedapClone(const char *Cmd) {
} }
if (sub_type > 0xF) { if (sub_type > 0xF) {
PrintAndLogEx(FAILED, "out-of-range, valid subtype is between 0-15"); PrintAndLogEx(FAILED, "out-of-range, valid subtype is between 0-15");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (customer_code > 0xFFF) { if (customer_code > 0xFFF) {
PrintAndLogEx(FAILED, "out-of-range, valid customer code is between 0-4095"); PrintAndLogEx(FAILED, "out-of-range, valid customer code is between 0-4095");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (id > 99999) { if (id > 99999) {
PrintAndLogEx(FAILED, "out-of-range, id max value is 99999"); PrintAndLogEx(FAILED, "out-of-range, id max value is 99999");
return PM3_EINVARG; return PM3_EINVARG;
} }
PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _GREEN_("%05u") " subtype: " _GREEN_("%1u") " customer code: " _GREEN_("%u / 0x%03X") PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _GREEN_("%05u") " subtype: " _GREEN_("%1u") " customer code: " _GREEN_("%u / 0x%03X")
@ -454,7 +454,7 @@ static int CmdLFNedapClone(const char *Cmd) {
NedapGen(sub_type, customer_code, id, is_long, data); NedapGen(sub_type, customer_code, id, is_long, data);
for (uint8_t i = 1; i < max ; i++) { for (uint8_t i = 1; i < max ; i++) {
blocks[i] = bytes_to_num (data + ((i - 1) * 4), 4); blocks[i] = bytes_to_num(data + ((i - 1) * 4), 4);
} }
PrintAndLogEx(SUCCESS, "Preparing to clone NEDAP to " _YELLOW_("%s") " tag", cardtype); PrintAndLogEx(SUCCESS, "Preparing to clone NEDAP to " _YELLOW_("%s") " tag", cardtype);
@ -492,7 +492,7 @@ static int CmdLFNedapSim(const char *Cmd) {
arg_u64_0(NULL, "st", "<dec>", "optional - sub type (default 5)"), arg_u64_0(NULL, "st", "<dec>", "optional - sub type (default 5)"),
arg_u64_1(NULL, "cc", "<dec>", "customer code (0-4095)"), arg_u64_1(NULL, "cc", "<dec>", "customer code (0-4095)"),
arg_u64_1(NULL, "id", "<dec>", "ID (0-99999)"), arg_u64_1(NULL, "id", "<dec>", "ID (0-99999)"),
arg_lit0("l", "long", "optional - long (128), default to short (64)"), arg_lit0("l", "long", "optional - long (128), default to short (64)"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, false);
@ -502,20 +502,20 @@ static int CmdLFNedapSim(const char *Cmd) {
uint32_t id = arg_get_u32_def(ctx, 3, 0); uint32_t id = arg_get_u32_def(ctx, 3, 0);
bool is_long = arg_get_lit(ctx, 4); bool is_long = arg_get_lit(ctx, 4);
CLIParserFree(ctx); CLIParserFree(ctx);
if (sub_type > 0xF) { if (sub_type > 0xF) {
PrintAndLogEx(FAILED, "out-of-range, valid subtype is between 0-15"); PrintAndLogEx(FAILED, "out-of-range, valid subtype is between 0-15");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (customer_code > 0xFFF) { if (customer_code > 0xFFF) {
PrintAndLogEx(FAILED, "out-of-range, valid customer code is between 0-4095"); PrintAndLogEx(FAILED, "out-of-range, valid customer code is between 0-4095");
return PM3_EINVARG; return PM3_EINVARG;
} }
if (id > 99999) { if (id > 99999) {
PrintAndLogEx(FAILED, "out-of-range, id max value is 99999"); PrintAndLogEx(FAILED, "out-of-range, id max value is 99999");
return PM3_EINVARG; return PM3_EINVARG;
} }
PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _GREEN_("%05u") " subtype: " _GREEN_("%1u") " customer code: " _GREEN_("%u / 0x%03X") PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _GREEN_("%05u") " subtype: " _GREEN_("%1u") " customer code: " _GREEN_("%u / 0x%03X")

4
client/src/cmdlfpcf7931.c
View file

@ -125,7 +125,7 @@ static int CmdLFPCF7931Config(const char *Cmd) {
} }
if (pwd_len) { if (pwd_len) {
memcpy(configPcf.Pwd, pwd, sizeof(configPcf.Pwd)); memcpy(configPcf.Pwd, pwd, sizeof(configPcf.Pwd));
} }
if (delay != -1) { if (delay != -1) {
configPcf.InitDelay = (delay & 0xFFFF); configPcf.InitDelay = (delay & 0xFFFF);
@ -134,7 +134,7 @@ static int CmdLFPCF7931Config(const char *Cmd) {
configPcf.OffsetWidth = (ow & 0xFFFF); configPcf.OffsetWidth = (ow & 0xFFFF);
} }
if (op != 0xFFFF) { if (op != 0xFFFF) {
configPcf.OffsetPosition =(op & 0xFFFF); configPcf.OffsetPosition = (op & 0xFFFF);
} }
pcf7931_printConfig(); pcf7931_printConfig();

2
client/src/cmdlft55xx.c
View file

@ -2806,7 +2806,7 @@ char *GetModelStrFromCID(uint32_t cid) {
} }
char *GetConfigBlock0Source(uint8_t id) { char *GetConfigBlock0Source(uint8_t id) {
static char buf[40]; static char buf[40];
char *retStr = buf; char *retStr = buf;

2
client/src/cmdlft55xx.h
View file

@ -129,7 +129,7 @@ typedef struct {
notSet = 0x00, notSet = 0x00,
autoDetect = 0x01, autoDetect = 0x01,
userSet = 0x02, userSet = 0x02,
tagRead = 0x03, tagRead = 0x03,
} block0Status; } block0Status;
enum { enum {
RF_8 = 0x00, RF_8 = 0x00,

4
client/src/cmdlfti.c
View file

@ -330,7 +330,7 @@ static int CmdTIWrite(const char *Cmd) {
arg_param_begin, arg_param_begin,
arg_str1("r", "raw", "<hex>", "raw hex data. 8 bytes max"), arg_str1("r", "raw", "<hex>", "raw hex data. 8 bytes max"),
arg_str0(NULL, "crc", "<hex>", "optional - crc"), arg_str0(NULL, "crc", "<hex>", "optional - crc"),
arg_param_end arg_param_end
}; };
CLIExecWithReturn(ctx, Cmd, argtable, false); CLIExecWithReturn(ctx, Cmd, argtable, false);
@ -354,7 +354,7 @@ static int CmdTIWrite(const char *Cmd) {
payload.crc = bytes_to_num(crc, crc_len); payload.crc = bytes_to_num(crc, crc_len);
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_LF_TI_WRITE, (uint8_t*)&payload, sizeof(payload)); SendCommandNG(CMD_LF_TI_WRITE, (uint8_t *)&payload, sizeof(payload));
PrintAndLogEx(SUCCESS, "Done"); PrintAndLogEx(SUCCESS, "Done");
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf ti reader`") " to verify"); PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf ti reader`") " to verify");
return PM3_SUCCESS; return PM3_SUCCESS;

2
common/commonutil.c
View file

@ -109,7 +109,7 @@ uint32_t reflect32(uint32_t b) {
// swap bytes // swap bytes
v = ((v >> 8) & 0x00FF00FF) | ((v & 0x00FF00FF) << 8); v = ((v >> 8) & 0x00FF00FF) | ((v & 0x00FF00FF) << 8);
// swap 2-byte long pairs // swap 2-byte long pairs
v = ( v >> 16 ) | ( v << 16); v = (v >> 16) | (v << 16);
return v; return v;
} }

4
common/lfdemod.c
View file

@ -1082,8 +1082,8 @@ int DetectPSKClock(uint8_t *dest, size_t size, int clock, size_t *firstPhaseShif
if (g_debugMode == 2) prnt("DEBUG PSK: firstFullWave: %zu, waveLen: %d", firstFullWave, fullWaveLen); if (g_debugMode == 2) prnt("DEBUG PSK: firstFullWave: %zu, waveLen: %d", firstFullWave, fullWaveLen);
// Avoid autodetect if user selected a clock // Avoid autodetect if user selected a clock
for(uint8_t validClk = 1; validClk < 8; validClk++) { for (uint8_t validClk = 1; validClk < 8; validClk++) {
if(clock == clk[validClk]) return(clock); if (clock == clk[validClk]) return (clock);
} }
//test each valid clock from greatest to smallest to see which lines up //test each valid clock from greatest to smallest to see which lines up

71
doc/commands.md
View file

@ -38,7 +38,6 @@ Check column "offline" for their availability.
|`analyse nuid `|Y |`create NUID from 7byte UID` |`analyse nuid `|Y |`create NUID from 7byte UID`
|`analyse demodbuff `|Y |`Load binary string to demodbuffer` |`analyse demodbuff `|Y |`Load binary string to demodbuffer`
|`analyse freq `|Y |`Calc wave lengths` |`analyse freq `|Y |`Calc wave lengths`
|`analyse foo `|Y |`muxer`
### data ### data
@ -143,6 +142,7 @@ Check column "offline" for their availability.
|`hf 14a raw `|N |`Send raw hex data to tag` |`hf 14a raw `|N |`Send raw hex data to tag`
|`hf 14a antifuzz `|N |`Fuzzing the anticollision phase. Warning! Readers may react strange` |`hf 14a antifuzz `|N |`Fuzzing the anticollision phase. Warning! Readers may react strange`
|`hf 14a config `|N |`Configure 14a settings (use with caution)` |`hf 14a config `|N |`Configure 14a settings (use with caution)`
|`hf 14a apdufuzz `|N |`Fuzz APDU - CLA/INS/P1P2`
### hf 14b ### hf 14b
@ -248,28 +248,29 @@ Check column "offline" for their availability.
|command |offline |description |command |offline |description
|------- |------- |----------- |------- |------- |-----------
|`hf iclass help `|Y |`This help` |`hf iclass help `|Y |` This help`
|`hf iclass dump `|N |`[options..] Dump Picopass / iCLASS tag to file` |`hf iclass dump `|N |`[*] Dump Picopass / iCLASS tag to file`
|`hf iclass info `|Y |` Tag information` |`hf iclass info `|Y |` Tag information`
|`hf iclass list `|Y |` List iclass history` |`hf iclass list `|Y |` List iclass history`
|`hf iclass rdbl `|N |`[options..] Read Picopass / iCLASS block` |`hf iclass rdbl `|N |`[*] Read Picopass / iCLASS block`
|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader` |`hf iclass reader `|N |` Act like an Picopass / iCLASS reader`
|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag` |`hf iclass restore `|N |`[*] Restore a dump file onto a Picopass / iCLASS tag`
|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication` |`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication`
|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block` |`hf iclass wrbl `|N |`[*] Write Picopass / iCLASS block`
|`hf iclass chk `|N |`[options..] Check keys` |`hf iclass chk `|N |`[*] Check keys`
|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack` |`hf iclass loclass `|Y |`[*] Use loclass to perform bruteforce reader attack`
|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file` |`hf iclass lookup `|Y |`[*] Uses authentication trace to check for key in dictionary file`
|`hf iclass sim `|N |`[options..] Simulate iCLASS tag` |`hf iclass sim `|N |`[*] Simulate iCLASS tag`
|`hf iclass eload `|N |`[f <fn> ] Load Picopass / iCLASS dump file into emulator memory` |`hf iclass eload `|N |`[*] Load Picopass / iCLASS dump file into emulator memory`
|`hf iclass esave `|N |`[f <fn> ] Save emulator memory to file` |`hf iclass esave `|N |`[*] Save emulator memory to file`
|`hf iclass eview `|N |`[options..] View emulator memory` |`hf iclass eview `|N |`[.] View emulator memory`
|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys` |`hf iclass calcnewkey `|Y |`[*] Calc diversified keys (blocks 3 & 4) to write new keys`
|`hf iclass encrypt `|Y |`[options..] Encrypt given block data` |`hf iclass encode `|Y |`[*] Encode binary wiegand to block 7`
|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file` |`hf iclass encrypt `|Y |`[*] Encrypt given block data`
|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iclass commands` |`hf iclass decrypt `|Y |`[*] Decrypt given block data or tag dump file`
|`hf iclass permutekey `|N |` Permute function from 'heart of darkness' paper` |`hf iclass managekeys `|Y |`[*] Manage keys to use with iclass commands`
|`hf iclass view `|Y |`[options..] Display content from tag dump file` |`hf iclass permutekey `|N |` Permute function from 'heart of darkness' paper`
|`hf iclass view `|Y |`[*] Display content from tag dump file`
### hf legic ### hf legic
@ -577,10 +578,10 @@ Check column "offline" for their availability.
|command |offline |description |command |offline |description
|------- |------- |----------- |------- |------- |-----------
|`lf em help `|Y |`This help` |`lf em help `|Y |`This help`
|`lf em 410x `|Y |`EM 410x commands...` |`lf em 410x `|Y |`EM 4102 commands...`
|`lf em 4x05 `|Y |`EM 4x05 commands...` |`lf em 4x05 `|Y |`EM 4205 / 4305 / 4369 / 4469 commands...`
|`lf em 4x50 `|Y |`EM 4x50 commands...` |`lf em 4x50 `|Y |`EM 4350 / 4450 commands...`
|`lf em 4x70 `|Y |`EM 4x70 commands...` |`lf em 4x70 `|Y |`EM 4070 / 4170 commands...`
### lf fdxb ### lf fdxb
@ -672,9 +673,9 @@ Check column "offline" for their availability.
|command |offline |description |command |offline |description
|------- |------- |----------- |------- |------- |-----------
|`lf indala help `|Y |`this help` |`lf indala help `|Y |`this help`
|`lf indala demod `|Y |`demodulate an indala tag (PSK1) from GraphBuffer` |`lf indala demod `|Y |`demodulate an Indala tag (PSK1) from GraphBuffer`
|`lf indala altdemod `|Y |`alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)` |`lf indala altdemod `|Y |`alternative method to demodulate samples for Indala 64 bit UID (option '224' for 224 bit)`
|`lf indala reader `|N |`read an Indala Prox tag from the antenna` |`lf indala reader `|N |`read an Indala tag from the antenna`
|`lf indala clone `|N |`clone Indala tag to T55x7 or Q5/T5555` |`lf indala clone `|N |`clone Indala tag to T55x7 or Q5/T5555`
|`lf indala sim `|N |`simulate Indala tag` |`lf indala sim `|N |`simulate Indala tag`
@ -686,10 +687,10 @@ Check column "offline" for their availability.
|command |offline |description |command |offline |description
|------- |------- |----------- |------- |------- |-----------
|`lf io help `|Y |`this help` |`lf io help `|Y |`this help`
|`lf io demod `|Y |`demodulate an IOProx tag from the GraphBuffer` |`lf io demod `|Y |`demodulate an ioProx tag from the GraphBuffer`
|`lf io reader `|N |`attempt to read and extract tag data` |`lf io reader `|N |`attempt to read and extract tag data`
|`lf io clone `|N |`clone IOProx tag to T55x7 or Q5/T5555` |`lf io clone `|N |`clone ioProx tag to T55x7 or Q5/T5555`
|`lf io sim `|N |`simulate IOProx tag` |`lf io sim `|N |`simulate ioProx tag`
|`lf io watch `|N |`continuously watch for cards. Reader mode` |`lf io watch `|N |`continuously watch for cards. Reader mode`
@ -1001,7 +1002,7 @@ Check column "offline" for their availability.
|------- |------- |----------- |------- |------- |-----------
|`wiegand help `|Y |`This help` |`wiegand help `|Y |`This help`
|`wiegand list `|Y |`List available wiegand formats` |`wiegand list `|Y |`List available wiegand formats`
|`wiegand encode `|Y |`Encode to wiegand raw hex` |`wiegand encode `|Y |`Encode to wiegand raw hex (currently for HID Prox)`
|`wiegand decode `|Y |`Convert raw hex to decoded wiegand format` |`wiegand decode `|Y |`Convert raw hex to decoded wiegand format (currently for HID Prox)`