github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #7 from RfidResearchGroup/master

Browse source 
Update
This commit is contained in:
mwalker33 2019-09-14 09:15:59 +10:00 committed by GitHub
commit 8e13d44b8b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 413 additions and 361 deletions
Download patch file Download diff file Expand all files Collapse all files

4
armsrc/Standalone/hf_young.c
View file

@ -114,9 +114,9 @@ void RunMod() {
Dbprintf("ATQA = %02X%02X", uids[selected].atqa[0], uids[selected].atqa[1]);
Dbprintf("SAK = %02X", uids[selected].sak);
LEDsoff();
LED(LED_B, 200);
LED(LED_B, 200);
LED(LED_A, 200);
LED(LED_B, 200);
LED(LED_B, 200);
LED(LED_A, 200);
LEDsoff();

42
armsrc/Standalone/lf_hidbrute.c
View file

@ -52,18 +52,17 @@ void RunMod() {
int playing = 0;
int cardRead = 0;
// Turn on selected LED
LED(selected + 1, 0);
for (;;) {
WDT_HIT();
// exit from SamyRun, send a usbcommand.
if (data_available()) break;
// Was our button held down or pressed?
int button_pressed = BUTTON_HELD(1000);
SpinDelay(300);
int button_pressed = BUTTON_HELD(280);
if (button_pressed != BUTTON_HOLD)
continue;
// Button was held for a second, begin recording
if (button_pressed > 0 && cardRead == 0) {
@ -71,16 +70,11 @@ void RunMod() {
LED(selected + 1, 0);
LED(LED_D, 0);
WAIT_BUTTON_RELEASED();
// record
DbpString("[=] starting recording");
// wait for button to be released
while (BUTTON_PRESS())
WDT_HIT();
/* need this delay to prevent catching some weird data */
SpinDelay(500);
CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]);
@ -99,12 +93,7 @@ void RunMod() {
// record
Dbprintf("[=] cloning %x %x %08x", selected, high[selected], low[selected]);
// wait for button to be released
while (BUTTON_PRESS())
WDT_HIT();
/* need this delay to prevent catching some weird data */
SpinDelay(500);
WAIT_BUTTON_RELEASED();
CopyHIDtoT55x7(0, high[selected], low[selected], 0);
Dbprintf("[=] cloned %x %x %08x", selected, high[selected], low[selected]);
@ -136,9 +125,7 @@ void RunMod() {
LED(LED_B, 0);
DbpString("[=] playing");
// wait for button to be released
while (BUTTON_PRESS())
WDT_HIT();
WAIT_BUTTON_RELEASED();
Dbprintf("[=] %x %x %08x", selected, high[selected], low[selected]);
CmdHIDsimTAG(high[selected], low[selected], 0);
@ -168,16 +155,15 @@ void RunMod() {
LED(LED_B, 0);
DbpString("[=] entering bruteforce mode");
// wait for button to be released
while (BUTTON_PRESS())
WDT_HIT();
WAIT_BUTTON_RELEASED();
// Calculate Facility Code and Card Number from high and low
uint32_t cardnum = (low[selected] >> 1) & 0xFFFFF;
uint32_t fc = ((high[selected] & 1) << 11) | (low[selected] >> 21);
uint32_t original_cardnum = cardnum;
Dbprintf("[=] Proxbrute - starting decrementing card number");
Dbprintf("[=] HID brute - starting decrementing card number");
while (cardnum > 0) {
@ -207,7 +193,7 @@ void RunMod() {
cardnum = original_cardnum;
Dbprintf("[=] Proxbrute - starting incrementing card number");
Dbprintf("[=] HID brute - starting incrementing card number");
while (cardnum <= 0xFFFFF) {
@ -247,13 +233,13 @@ void RunMod() {
LED(selected + 1, 0);
} else {
while (BUTTON_PRESS())
WDT_HIT();
WAIT_BUTTON_RELEASED();
}
}
}
out:
SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5);
DbpString("[=] exiting");
LEDsoff();
}

195
armsrc/Standalone/lf_proxbrute.c
View file

@ -18,8 +18,6 @@
#include "ticks.h"
#include "lfops.h"
#define OPTS 2
void ModInfo(void) {
DbpString(" LF HID ProxII bruteforce - aka Proxbrute (Brad Antoniewicz)");
}
@ -30,151 +28,92 @@ void RunMod() {
Dbprintf(">> LF HID proxII bruteforce a.k.a ProxBrute Started (Brad Antoniewicz) <<");
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
uint32_t high[OPTS], low[OPTS];
int selected = 0;
int playing = 0;
int cardRead = 0;
uint32_t high, low;
// Turn on selected LED
LED(selected + 1, 0);
#define STATE_READ 0
#define STATE_BRUTE 1
uint8_t state = STATE_READ;
for (;;) {
WDT_HIT();
// exit from SamyRun, send a usbcommand.
if (data_available()) break;
// Was our button held down or pressed?
int button_pressed = BUTTON_HELD(1000);
SpinDelay(300);
int button_pressed = BUTTON_HELD(280);
if (button_pressed != BUTTON_HOLD)
continue;
// Button was held for a second, begin recording
if (button_pressed > 0 && cardRead == 0) {
LEDsoff();
LED(selected + 1, 0);
LED(LED_D, 0);
if (state == STATE_READ) {
LEDsoff();
LED_A_ON();
WAIT_BUTTON_RELEASED();
// record
DbpString("[=] starting recording");
// wait for button to be released
while (BUTTON_PRESS())
WDT_HIT();
/* need this delay to prevent catching some weird data */
SpinDelay(500);
// findone, high, low, no ledcontrol (A)
CmdHIDdemodFSK(1, &high, &low, 0);
CmdHIDdemodFSK(1, &high[selected], &low[selected], 0);
Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]);
Dbprintf("[=] recorded | %x%08x", high, low);
LEDsoff();
LED(selected + 1, 0);
// Finished recording
// If we were previously playing, set playing off
// so next button push begins playing what we recorded
playing = 0;
cardRead = 1;
} else if (button_pressed > 0 && cardRead == 1) {
LEDsoff();
LED(selected + 1, 0);
LED(LED_A, 0);
// record
Dbprintf("[=] cloning %x %x %08x", selected, high[selected], low[selected]);
// wait for button to be released
while (BUTTON_PRESS())
WDT_HIT();
/* need this delay to prevent catching some weird data */
SpinDelay(500);
CopyHIDtoT55x7(0, high[selected], low[selected], 0);
Dbprintf("[=] cloned %x %x %08x", selected, high[selected], low[selected]);
LEDsoff();
LED(selected + 1, 0);
// Finished recording
// If we were previously playing, set playing off
// so next button push begins playing what we recorded
playing = 0;
cardRead = 0;
}
// Change where to record (or begin playing)
else if (button_pressed) {
// Next option if we were previously playing
if (playing)
selected = (selected + 1) % OPTS;
playing = !playing;
LEDsoff();
LED(selected + 1, 0);
// Begin transmitting
if (playing) {
LED(LED_B, 0);
DbpString("[=] playing");
// wait for button to be released
while (BUTTON_PRESS())
WDT_HIT();
/* START PROXBRUTE */
/*
ProxBrute - brad a. - foundstone
Following code is a trivial brute forcer once you read a valid tag
the idea is you get a valid tag, then just try and brute force to
another priv level. The problem is that it has no idea if the code
worked or not, so its a crap shoot. One option is to time how long
it takes to get a valid ID then start from scratch every time.
*/
if (selected == 1) {
DbpString("[=] entering ProxBrute Mode");
Dbprintf("[=] current Tag: Selected = %x Facility = %08x ID = %08x", selected, high[selected], low[selected]);
LED(LED_A, 0);
LED(LED_C, 0);
for (uint16_t i = low[selected] - 1; i > 0; i--) {
if (BUTTON_PRESS()) {
DbpString("[-] told to stop");
break;
}
Dbprintf("[=] trying Facility = %08x ID %08x", high[selected], i);
CmdHIDsimTAGEx(high[selected], i, 0, 20000);
SpinDelay(500);
}
} else {
DbpString("[=] RED is lit, not entering ProxBrute Mode");
Dbprintf("[=] %x %x %x", selected, high[selected], low[selected]);
CmdHIDsimTAGEx(high[selected], low[selected], 0, 20000);
DbpString("[=] done playing");
}
/* END PROXBRUTE */
if (BUTTON_HELD(1000) > 0)
goto out;
/* We pressed a button so ignore it here with a delay */
SpinDelay(300);
// when done, we're done playing, move to next option
selected = (selected + 1) % OPTS;
playing = !playing;
LEDsoff();
LED(selected + 1, 0);
} else {
while (BUTTON_PRESS())
WDT_HIT();
// got nothing. blink and loop.
if (high == 0 && low == 0) {
SpinErr(LED_A, 100, 12);
DbpString("[=] only got zeros, retry recording after click");
continue;
}
SpinErr(LED_A, 250, 2);
state = STATE_BRUTE;
continue;
} else if (state == STATE_BRUTE) {
LED_C_ON(); // Simulate
WAIT_BUTTON_RELEASED();
/*
ProxBrute - brad a. - foundstone
Following code is a trivial brute forcer once you read a valid tag
the idea is you get a valid tag, then just try and brute force to
another priv level. The problem is that it has no idea if the code
worked or not, so its a crap shoot. One option is to time how long
it takes to get a valid ID then start from scratch every time.
*/
DbpString("[=] entering ProxBrute mode");
Dbprintf("[=] simulating | %08x%08x", high, low);
for (uint16_t i = low - 1; i > 0; i--) {
if (data_available()) break;
// Was our button held down or pressed?
int button_pressed = BUTTON_HELD(280);
if (button_pressed != BUTTON_HOLD) break;
Dbprintf("[=] trying Facility = %08x ID %08x", high, i);
// high, i, ledcontrol, timelimit 20000
CmdHIDsimTAGEx(high, i, false, 20000);
SpinDelay(100);
}
state = STATE_READ;
SpinErr((LED_A | LED_C), 250, 2);
LEDsoff();
}
}
out:
DbpString("[=] exiting");
SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5);
DbpString("[=] You can take the shell back :) ...");
LEDsoff();
}

27
armsrc/Standalone/lf_samyrun.c
View file

@ -54,15 +54,15 @@ void RunMod() {
// Was our button held down or pressed?
int button_pressed = BUTTON_HELD(280);
if ( button_pressed != BUTTON_HOLD )
if (button_pressed != BUTTON_HOLD)
continue;
/*
#define BUTTON_NO_CLICK 0
#define BUTTON_SINGLE_CLICK -1
#define BUTTON_DOUBLE_CLICK -2
*/
/*
#define BUTTON_NO_CLICK 0
#define BUTTON_SINGLE_CLICK -1
#define BUTTON_DOUBLE_CLICK -2
*/
if ( state == STATE_READ ) {
if (state == STATE_READ) {
if (selected == 0) {
LED_A_ON();
@ -89,17 +89,17 @@ void RunMod() {
Dbprintf("[=] recorded %x | %x%08x", selected, high[selected], low[selected]);
// got nothing. blink and loop.
if ( hi == 0 && lo == 0 ) {
SpinErr( (selected == 0) ? LED_A : LED_B, 100, 12);
if (hi == 0 && lo == 0) {
SpinErr((selected == 0) ? LED_A : LED_B, 100, 12);
DbpString("[=] only got zeros, retry recording after click");
continue;
}
SpinErr( (selected == 0) ? LED_A : LED_B, 250, 2);
SpinErr((selected == 0) ? LED_A : LED_B, 250, 2);
state = STATE_SIM;
continue;
} else if ( state == STATE_SIM ) {
} else if (state == STATE_SIM) {
LED_C_ON(); // Simulate
LED_D_OFF();
@ -113,11 +113,11 @@ void RunMod() {
DbpString("[=] simulating done");
uint8_t leds = ((selected == 0) ? LED_A : LED_B) | LED_C;
SpinErr( leds , 250, 2);
SpinErr(leds, 250, 2);
state = STATE_CLONE;
continue;
} else if ( state == STATE_CLONE ) {
} else if (state == STATE_CLONE) {
LED_C_OFF();
LED_D_ON(); // clone
@ -138,6 +138,7 @@ void RunMod() {
}
}
SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5);
DbpString("[=] You can take shell back :) ...");
LEDsoff();
}

44
armsrc/iclass.c
View file

@ -895,7 +895,7 @@ void RAMFUNC SniffIClass(void) {
// time ZERO, the point from which it all is calculated.
time_0 = GetCountSspClk();
// loop and listen
// every sample (1byte in data),
// contains HIGH nibble = reader data
@ -962,7 +962,7 @@ void RAMFUNC SniffIClass(void) {
*/
uint8_t tag_byte = ((previous_data & 0xF) << 4 ) | (*data & 0xF);
uint8_t tag_byte = ((previous_data & 0xF) << 4) | (*data & 0xF);
if (ManchesterDecoding_iclass(tag_byte)) {
time_stop = GetCountSspClk() - time_0;
LogTrace(Demod.output, Demod.len, time_start, time_stop, NULL, false);
@ -976,12 +976,12 @@ void RAMFUNC SniffIClass(void) {
}
} // end main loop
/*
if (DBGLEVEL >= 1) {
DbpString("[+] Sniff statistics:");
Dbhexdump(ICLASS_DMA_BUFFER_SIZE, data, false);
}
*/
/*
if (DBGLEVEL >= 1) {
DbpString("[+] Sniff statistics:");
Dbhexdump(ICLASS_DMA_BUFFER_SIZE, data, false);
}
*/
switch_off();
}
@ -1522,7 +1522,7 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) {
trace_data = csn_data;
trace_data_size = sizeof(csn_data);
goto send;
} else if (cmd == ICLASS_CMD_READCHECK ) { // 0x88
} else if (cmd == ICLASS_CMD_READCHECK) { // 0x88
// Read e-purse KD (88 02) KC (18 02)
modulated_response = resp_cc;
modulated_response_size = resp_cc_len; //order = 4;
@ -1898,7 +1898,7 @@ bool sendCmdGetResponseWithRetries(uint8_t *command, size_t cmdsize, uint8_t *re
// update/write command takes 4ms to 15ms before responding
int old_wait = g_wait;
if ( (command[0] & 0xF) == ICLASS_CMD_UPDATE)
if ((command[0] & 0xF) == ICLASS_CMD_UPDATE)
g_wait = 3900;
uint8_t got_n = ReaderReceiveIClass(resp);
@ -1934,8 +1934,8 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) {
uint8_t readcheck_cc[] = { 0x80 | ICLASS_CMD_READCHECK, 0x02 };
// Bit 4: K.If this bit equals to one, the READCHECK will use the Credit Key (Kc); if equals to zero, Debit Key (Kd) willbe used
// bit 7: parity.
// bit 7: parity.
if (use_credit_key)
readcheck_cc[0] = 0x10 | ICLASS_CMD_READCHECK;
@ -1945,14 +1945,14 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) {
ReaderTransmitIClass_ext(act_all, 1, 330 + 180);
// Card present?
if (ReaderReceiveIClass(resp) == 0)
if (ReaderReceiveIClass(resp) == 0)
return 0;
//Send Identify
ReaderTransmitIClass(identify, 1);
//We expect a 10-byte response here, 8 byte anticollision-CSN and 2 byte CRC
if ( ReaderReceiveIClass(resp) != 10 )
if (ReaderReceiveIClass(resp) != 10)
return 0;
//Copy the Anti-collision CSN to our select-packet
@ -1962,28 +1962,28 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) {
ReaderTransmitIClass(select, sizeof(select));
//We expect a 10-byte response here, 8 byte CSN and 2 byte CRC
if ( ReaderReceiveIClass(resp) != 10)
if (ReaderReceiveIClass(resp) != 10)
return 0;
// Card selected, now read e-purse (cc) (block2) (only 8 bytes no CRC)
// Card selected, now read e-purse (cc) (block2) (only 8 bytes no CRC)
// ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc));
// if (ReaderReceiveIClass(resp) == 8) {
// //Save CC (e-purse) in response data
// memcpy(card_data+8, resp, 8);
// read_status++;
// }
//Success - level 1, we got CSN
//Save CSN in response data
memcpy(card_data, resp, 8);
bool isBlk_2 = sendCmdGetResponseWithRetries(readcheck_cc, sizeof(readcheck_cc), resp, 8, 3);
//Flag that we got to at least stage 1, read CSN
if ( isBlk_2 == false) {
if (isBlk_2 == false) {
return 1;
}
//Save CC (e-purse) in response data
memcpy(card_data + 8, resp, 8);
@ -2283,7 +2283,7 @@ void iClass_Authentication(uint8_t *mac) {
// 6 retries
uint8_t isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 6);
reply_ng(CMD_HF_ICLASS_AUTH, PM3_SUCCESS, (uint8_t*)&isOK ,sizeof(uint8_t));
reply_ng(CMD_HF_ICLASS_AUTH, PM3_SUCCESS, (uint8_t *)&isOK, sizeof(uint8_t));
}
typedef struct iclass_premac {
@ -2460,7 +2460,7 @@ bool iClass_WriteBlock_ext(uint8_t blockno, uint8_t *data) {
void iClass_WriteBlock(uint8_t blockno, uint8_t *data) {
uint8_t isOK = iClass_WriteBlock_ext(blockno, data);
switch_off();
reply_ng(CMD_HF_ICLASS_WRITEBL, PM3_SUCCESS, (uint8_t*)&isOK, sizeof(uint8_t));
reply_ng(CMD_HF_ICLASS_WRITEBL, PM3_SUCCESS, (uint8_t *)&isOK, sizeof(uint8_t));
}
// turn off afterwards

22
armsrc/mifarecmd.c
View file

@ -1997,18 +1997,18 @@ void MifareCIdent() {
// Generation 1 test
ReaderTransmitBitsPar(wupC1, 7, NULL, NULL);
if (ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) {
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
if (!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) {
isGen = GEN_1B;
goto OUT;
};
isGen = GEN_1A;
goto OUT;
}
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
if (!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) {
isGen = GEN_1B;
goto OUT;
};
isGen = GEN_1A;
goto OUT;
}
// reset card
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
@ -2017,7 +2017,7 @@ void MifareCIdent() {
int res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true);
if (res == 2) {
Dbprintf("cident AA55C396 == %08X", cuid);
Dbprintf("cident AA55C396 == %08X", cuid);
if (cuid == 0xAA55C396) {
isGen = GEN_UNFUSED;
goto OUT;

48
armsrc/pcf7931.c
View file

@ -94,10 +94,10 @@ size_t DemodPCF7931(uint8_t **outBlocks) {
} else {
// Error
if (++warnings > 10) {
if ( DBGLEVEL >= DBG_EXTENDED )
if (DBGLEVEL >= DBG_EXTENDED)
Dbprintf("Error: too many detection errors, aborting.");
return 0;
}
}
@ -138,10 +138,10 @@ bool IsBlock0PCF7931(uint8_t *block) {
// assuming all RFU bits are set to 0
// if PAC is enabled password is set to 0
if (block[7] == 0x01) {
if (!memcmp(block, "\x00\x00\x00\x00\x00\x00\x00", 7)
&& !memcmp(block + 9, "\x00\x00\x00\x00\x00\x00\x00", 7)) {
if (!memcmp(block, "\x00\x00\x00\x00\x00\x00\x00", 7)
&& !memcmp(block + 9, "\x00\x00\x00\x00\x00\x00\x00", 7)) {
return true;
}
}
} else if (block[7] == 0x00) {
if (!memcmp(block + 9, "\x00\x00\x00\x00\x00\x00\x00", 7)) {
return true;
@ -158,14 +158,14 @@ bool IsBlock1PCF7931(uint8_t *block) {
uint8_t rlb = block[15];
if (block[10] == 0
&& block[11] == 0
&& block[12] == 0
&& block[13] == 0) {
&& block[11] == 0
&& block[12] == 0
&& block[13] == 0) {
// block 1 is sent only if (RLB >= 1 && RFB <= 1) or RB1 enabled
if (rfb <= rlb
&& rfb <= 9
&& rlb <= 9
&& ((rfb <= 1 && rlb >= 1) || rb1)) {
&& rfb <= 9
&& rlb <= 9
&& ((rfb <= 1 && rlb >= 1) || rb1)) {
return true;
}
}
@ -203,17 +203,17 @@ void ReadPCF7931() {
// exit if no block is received
if (errors >= 10 && found_blocks == 0 && single_blocks_cnt == 0) {
if ( DBGLEVEL >= DBG_INFO )
if (DBGLEVEL >= DBG_INFO)
Dbprintf("[!!] Error, no tag or bad tag");
return;
}
// exit if too many errors during reading
if (tries > 50 && (2 * errors > tries)) {
if ( DBGLEVEL >= DBG_INFO )
if (DBGLEVEL >= DBG_INFO)
Dbprintf("[!!] Error reading the tag, only partial content");
goto end;
}
@ -242,9 +242,9 @@ void ReadPCF7931() {
continue;
}
if ( DBGLEVEL >= DBG_EXTENDED )
if (DBGLEVEL >= DBG_EXTENDED)
Dbprintf("(dbg) got %d blocks (%d/%d found) (%d tries, %d errors)", n, found_blocks, (max_blocks == 0 ? found_blocks : max_blocks), tries, errors);
for (i = 0; i < n; ++i) {
print_result("got consecutive blocks", tmp_blocks[i], 16);
}
@ -306,9 +306,9 @@ void ReadPCF7931() {
}
++tries;
if (BUTTON_PRESS()) {
if ( DBGLEVEL >= DBG_EXTENDED)
if (DBGLEVEL >= DBG_EXTENDED)
Dbprintf("Button pressed, stopping.");
goto end;
}
} while (found_blocks < max_blocks);
@ -421,7 +421,7 @@ static void RealWritePCF7931(uint8_t *pass, uint16_t init_delay, int32_t l, int3
*/
void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data) {
if ( DBGLEVEL >= DBG_INFO ) {
if (DBGLEVEL >= DBG_INFO) {
Dbprintf("Initialization delay : %d us", init_delay);
Dbprintf("Offsets : %d us on the low pulses width, %d us on the low pulses positions", l, p);
}
@ -444,10 +444,10 @@ void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, ui
void SendCmdPCF7931(uint32_t *tab) {
uint16_t u = 0, tempo = 0;
if ( DBGLEVEL >= DBG_INFO ) {
if (DBGLEVEL >= DBG_INFO) {
Dbprintf("Sending data frame...");
}
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125kHz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU);

2
armsrc/ticks.c
View file

@ -187,7 +187,7 @@ uint32_t RAMFUNC GetCountSspClk(void) {
uint32_t RAMFUNC GetCountSspClkDelta(uint32_t start) {
uint32_t stop = GetCountSspClk();
if ( stop >= start )
if (stop >= start)
return stop - start;
return (UINT32_MAX - start) + stop;
}

2
armsrc/util.c
View file

@ -90,7 +90,7 @@ void LEDsoff() {
LED_D_OFF();
}
//ICEMAN: LED went from 1,2,3,4 -> 1,2,4,8
//ICEMAN: LED went from 1,2,3,4 -> 1,2,4,8
void LED(int led, int ms) {
if (led & LED_A) // Proxmark3 historical mapping: LED_ORANGE
LED_A_ON();

4
client/cmddata.c
View file

@ -461,10 +461,10 @@ int CmdPrintDemodBuff(const char *Cmd) {
if (invert) {
char *buf = (char *)(DemodBuffer + offset);
for (uint32_t i = 0; i < length; i++) {
if ( buf[i] == 1 )
if (buf[i] == 1)
buf[i] = 0;
else {
if ( buf[i] == 0 )
if (buf[i] == 0)
buf[i] = 1;
}
}

122
client/cmdhficlass.c
View file

@ -87,7 +87,7 @@ static int usage_hf_iclass_decrypt(void) {
PrintAndLogEx(NORMAL, "S hf iclass decrypt f tagdump_1.bin");
PrintAndLogEx(NORMAL, "S hf iclass decrypt f tagdump_1.bin k 000102030405060708090a0b0c0d0e0f");
PrintAndLogEx(NORMAL, "S hf iclass decrypt d 1122334455667788 k 000102030405060708090a0b0c0d0e0f");
return PM3_SUCCESS;
}
static int usage_hf_iclass_encrypt(void) {
@ -664,7 +664,7 @@ static int CmdHFiClassSim(const char *Cmd) {
}
static int CmdHFiClassInfo(const char *Cmd) {
return PM3_SUCCESS;
return PM3_SUCCESS;
}
static int CmdHFiClassReader(const char *Cmd) {
@ -809,7 +809,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
uint8_t cmdp = 0;
uint8_t enc_data[8] = {0};
size_t keylen = 0;
uint8_t key[32] = {0};
uint8_t *keyptr = NULL;
@ -827,7 +827,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
PrintAndLogEx(ERR, "data must be 16 HEX symbols");
errors = true;
break;
}
}
have_data = true;
cmdp += 2;
break;
@ -876,12 +876,12 @@ static int CmdHFiClassDecrypt(const char *Cmd) {
uint8_t dec_data[8] = {0};
if ( have_data ) {
if (have_data) {
mbedtls_des3_crypt_ecb(&ctx, enc_data, dec_data);
PrintAndLogEx(SUCCESS, "Data: %s", sprint_hex(dec_data, sizeof(dec_data)));
}
if ( have_file ) {
if (have_file) {
picopass_hdr *hdr = (picopass_hdr *)decrypted;
uint8_t mem = hdr->conf.mem_config;
@ -1019,7 +1019,7 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v
}
if (isOK <= 1) {
if ( verbose )
if (verbose)
PrintAndLogEx(FAILED, "failed to obtain CC! Tag-select is aborting... (%d)", isOK);
return false;
@ -1056,7 +1056,7 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u
return false;
}
if ( resp.status != PM3_SUCCESS ) {
if (resp.status != PM3_SUCCESS) {
if (verbose) PrintAndLogEx(ERR, "failed to communicate with card");
return false;
}
@ -1213,7 +1213,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
break;
} while (numberAuthRetries--);
if ( numberAuthRetries <= 0) {
if (numberAuthRetries <= 0) {
PrintAndLogEx(WARNING, "failed authenticating with debit key");
DropField();
return PM3_ESOFT;
@ -1271,7 +1271,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
break;
} while (numberAuthRetries--);
if ( numberAuthRetries <= 0) {
if (numberAuthRetries <= 0) {
PrintAndLogEx(WARNING, "failed authenticating with credit key");
DropField();
return PM3_ESOFT;
@ -1313,7 +1313,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
// add diversified keys to dump
if (have_debit_key)
memcpy(tag_data + (3 * 8), div_key, 8);
if (have_credit_key)
memcpy(tag_data + (4 * 8), c_div_key, 8);
@ -1340,14 +1340,14 @@ static int CmdHFiClassReader_Dump(const char *Cmd) {
static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool verbose) {
int numberAuthRetries = ICLASS_AUTH_RETRY;
int numberAuthRetries = ICLASS_AUTH_RETRY;
do {
uint8_t MAC[4] = {0x00, 0x00, 0x00, 0x00};
uint8_t div_key[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose)) {
numberAuthRetries--;
DropField();
DropField();
continue;
}
@ -1358,12 +1358,12 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c
uint8_t data[12];
} PACKED payload;
payload.blockno = blockno;
memcpy(payload.data, bldata, 8);
memcpy(payload.data + 8, MAC, 4);
clearCommandBuffer();
SendCommandNG(CMD_HF_ICLASS_WRITEBL, (uint8_t*)&payload, sizeof(payload));
SendCommandNG(CMD_HF_ICLASS_WRITEBL, (uint8_t *)&payload, sizeof(payload));
PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_HF_ICLASS_WRITEBL, &resp, 4000) == 0) {
@ -1372,7 +1372,7 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c
return PM3_ETIMEOUT;
}
if ( resp.status != PM3_SUCCESS ) {
if (resp.status != PM3_SUCCESS) {
if (verbose) PrintAndLogEx(ERR, "failed to communicate with card");
DropField();
return PM3_EWRONGANSVER;
@ -1381,17 +1381,17 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c
if (resp.data.asBytes[0] == 1)
break;
} while (numberAuthRetries);
} while (numberAuthRetries);
DropField();
if ( numberAuthRetries > 0 ) {
if (numberAuthRetries > 0) {
PrintAndLogEx(SUCCESS, "Write block %02X successful\n", blockno);
} else {
PrintAndLogEx(ERR,"failed to authenticate and write block");
PrintAndLogEx(ERR, "failed to authenticate and write block");
return PM3_ESOFT;
}
return PM3_SUCCESS;
}
@ -1442,7 +1442,7 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) {
} else if (dataLen == 1) {
keyNbr = param_get8(Cmd, cmdp + 1);
if (keyNbr < ICLASS_KEYS_MAX) {
PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8 ));
PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8));
memcpy(KEY, iClass_Key_Table[keyNbr], 8);
} else {
PrintAndLogEx(WARNING, "\nERROR: Credit KeyNbr is invalid\n");
@ -1469,9 +1469,9 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) {
break;
}
}
if ( got_blockno == false)
if (got_blockno == false)
errors = true;
if (errors || cmdp < 6) return usage_hf_iclass_writeblock();
return WriteBlock(blockno, bldata, KEY, use_credit_key, elite, rawkey, verbose);
@ -1527,7 +1527,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
} else if (dataLen == 1) {
keyNbr = param_get8(Cmd, cmdp + 1);
if (keyNbr < ICLASS_KEYS_MAX) {
PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8 ));
PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8));
memcpy(KEY, iClass_Key_Table[keyNbr], 8);
} else {
PrintAndLogEx(WARNING, "\nERROR: Credit KeyNbr is invalid\n");
@ -1559,7 +1559,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
break;
}
}
if ( got_endblk == false || got_startblk == false)
if (got_endblk == false || got_startblk == false)
errors = true;
if (errors || cmdp < 8) return usage_hf_iclass_clone();
@ -1570,7 +1570,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
}
int total_bytes = (((endblock - startblock) + 1) * 12);
if (total_bytes > PM3_CMD_DATA_SIZE - 2) {
PrintAndLogEx(NORMAL, "Trying to write too many blocks at once. Max: %d", PM3_CMD_DATA_SIZE / 8);
return PM3_EINVARG;
@ -1593,7 +1593,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
fseek(f, startblock * 8, SEEK_SET);
size_t bytes_read = fread(tag_data, sizeof(iclass_block_t), endblock - startblock + 1, f);
fclose(f);
if (bytes_read == 0) {
PrintAndLogEx(ERR, "file reading error.");
return PM3_EFILE;
@ -1601,14 +1601,14 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
uint8_t MAC[4] = {0x00, 0x00, 0x00, 0x00};
uint8_t div_key[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
int numberAuthRetries = ICLASS_AUTH_RETRY;
do {
if (select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose))
break;
} while (numberAuthRetries--);
if ( numberAuthRetries <= 0 ) {
if (numberAuthRetries <= 0) {
PrintAndLogEx(ERR, "failed to authenticate");
DropField();
return PM3_ESOFT;
@ -1618,7 +1618,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
// calculate all mac for every the block we will write
for (i = startblock; i <= endblock; i++) {
Calc_wb_mac(i, tag_data[i - startblock].d, div_key, MAC);
// usb command d start pointer = d + (i - 6) * 12
// memcpy(pointer,tag_data[i - 6],8) 8 bytes
@ -1629,17 +1629,17 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
memcpy(ptr + 8, MAC, 4);
}
if ( verbose ) {
PrintAndLogEx(NORMAL,"------+--------------------------+-------------");
PrintAndLogEx(NORMAL,"block | data | mac");
PrintAndLogEx(NORMAL,"------+--------------------------+-------------");
if (verbose) {
PrintAndLogEx(NORMAL, "------+--------------------------+-------------");
PrintAndLogEx(NORMAL, "block | data | mac");
PrintAndLogEx(NORMAL, "------+--------------------------+-------------");
uint8_t p[12];
for (i = 0; i <= endblock - startblock; i++) {
memcpy(p, data + (i * 12), 12);
char *s = calloc(70, sizeof(uint8_t));
sprintf(s, "| %s ", sprint_hex(p, 8));
sprintf(s + strlen(s), "| %s", sprint_hex(p + 8, 4));
PrintAndLogEx(NORMAL, " %02X %s", i + startblock, s );
PrintAndLogEx(NORMAL, " %02X %s", i + startblock, s);
free(s);
}
}
@ -1649,23 +1649,23 @@ static int CmdHFiClassCloneTag(const char *Cmd) {
uint8_t endblock;
uint8_t data[PM3_CMD_DATA_SIZE - 2];
} PACKED payload;
payload.startblock = startblock;
payload.endblock = endblock;
payload.endblock = endblock;
memcpy(payload.data, data, total_bytes);
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ICLASS_CLONE, (uint8_t*)&payload, total_bytes + 2 );
SendCommandNG(CMD_HF_ICLASS_CLONE, (uint8_t *)&payload, total_bytes + 2);
if (WaitForResponseTimeout(CMD_HF_ICLASS_CLONE, &resp, 4500) == 0) {
PrintAndLogEx(WARNING, "command execute timeout");
DropField();
return PM3_ETIMEOUT;
}
if (resp.status == PM3_SUCCESS) {
if ( resp.data.asBytes[0] == 1 )
if (resp.status == PM3_SUCCESS) {
if (resp.data.asBytes[0] == 1)
PrintAndLogEx(SUCCESS, "Clone successful");
else
PrintAndLogEx(WARNING, "Clone failed");
@ -1678,12 +1678,12 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite,
int numberAuthRetries = ICLASS_AUTH_RETRY;
// return data.
struct p {
bool isOK;
bool isOK;
uint8_t blockdata[8];
} PACKED;
struct p *result = NULL;
do {
// block 0,1 should always be able to read, and block 5 on some cards.
if (auth || blockno >= 2) {
@ -1702,25 +1702,25 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite,
DropField();
continue;
}
}
}
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ICLASS_READBL, (uint8_t*)&blockno, sizeof(uint8_t));
SendCommandNG(CMD_HF_ICLASS_READBL, (uint8_t *)&blockno, sizeof(uint8_t));
if (WaitForResponseTimeout(CMD_HF_ICLASS_READBL, &resp, 2000) == 0) {
if (verbose) PrintAndLogEx(WARNING, "Command execute timeout");
DropField();
return PM3_ETIMEOUT;
}
if ( resp.status != PM3_SUCCESS ) {
if (resp.status != PM3_SUCCESS) {
if (verbose) PrintAndLogEx(ERR, "failed to communicate with card");
DropField();
return PM3_EWRONGANSVER;
}
result = (struct p*)resp.data.asBytes;
result = (struct p *)resp.data.asBytes;
if (result->isOK)
break;
@ -1728,8 +1728,8 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite,
DropField();
if ( numberAuthRetries == 0 ) {
PrintAndLogEx(ERR,"failed to authenticate and read block");
if (numberAuthRetries == 0) {
PrintAndLogEx(ERR, "failed to authenticate and read block");
return PM3_ESOFT;
}
@ -1778,7 +1778,7 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) {
} else if (dataLen == 1) {
keyNbr = param_get8(Cmd, cmdp + 1);
if (keyNbr < ICLASS_KEYS_MAX) {
PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8 ));
PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8));
memcpy(KEY, iClass_Key_Table[keyNbr], 8);
} else {
PrintAndLogEx(WARNING, "\nERROR: Credit KeyNbr is invalid\n");
@ -1805,9 +1805,9 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) {
break;
}
}
if ( got_blockno == false)
if (got_blockno == false)
errors = true;
if (errors || cmdp < 4) return usage_hf_iclass_readblock();
if (!auth)
@ -2815,8 +2815,8 @@ int readIclass(bool loop, bool verbose) {
// no tag found or button pressed
if ((readStatus == 0 && !loop) || readStatus == 0xFF) {
// abort
DropField();
return PM3_EOPABORTED;
DropField();
return PM3_EOPABORTED;
}
if (readStatus & FLAG_ICLASS_READER_CSN) {

4
client/cmdhflist.c
View file

@ -325,7 +325,7 @@ void annotateIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) {
void annotateIclass(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) {
uint8_t c = cmd[0] & 0x0F;
uint8_t parity = 0;
for ( uint8_t i=0; i<7; i++) {
for (uint8_t i = 0; i < 7; i++) {
parity ^= (cmd[0] >> i) & 1;
}
@ -363,7 +363,7 @@ void annotateIclass(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) {
snprintf(exp, size, "UPDATE(%d)", cmd[1]);
break;
case ICLASS_CMD_READCHECK:
if ( ICLASS_CREDIT(c) ) {
if (ICLASS_CREDIT(c)) {
snprintf(exp, size, "READCHECK[Kc](%d)", cmd[1]);
} else {
snprintf(exp, size, "READCHECK[Kd](%d)", cmd[1]);

2
client/cmdhfmf.c
View file

@ -1780,7 +1780,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) {
// card prng type (weak=1 / hard=0 / select/card comm error = negative value)
prng_type = detect_classic_prng();
if (prng_type < 0){
if (prng_type < 0) {
PrintAndLogEx(FAILED, "\nNo tag detected or other tag communication error");
free(e_sector);
return prng_type;

2
client/cmdhfthinfilm.c
View file

@ -64,7 +64,7 @@ static int print_barcode(uint8_t *barcode, const size_t barcode_len, bool verbos
} else {
PrintAndLogEx(SUCCESS, " Checksum : "_YELLOW_("too few data for checksum")"- " _RED_("fail"));
}
PrintAndLogEx(SUCCESS, " Data len (bits) : "_YELLOW_("%i")"- %s", barcode_len*8, (barcode_len==16||barcode_len==32) ? _GREEN_("OK") : _YELLOW_("warning"));
PrintAndLogEx(SUCCESS, " Data len (bits) : "_YELLOW_("%i")"- %s", barcode_len * 8, (barcode_len == 16 || barcode_len == 32) ? _GREEN_("OK") : _YELLOW_("warning"));
PrintAndLogEx(SUCCESS, " Raw data : "_YELLOW_("%s"), sprint_hex(barcode, barcode_len));
if (barcode_len < 4) // too few to go to next decoding stages
return PM3_ESOFT;

17
client/cmdlfem4x.c
View file

@ -102,6 +102,14 @@ static int usage_lf_em410x_brute(void) {
}
//////////////// 4050 / 4450 commands
static int usage_lf_em4x50_demod(void) {
PrintAndLogEx(NORMAL, "Usage: lf em 4x50_demod [h]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf em 4x50_demod");
return PM3_SUCCESS;
}
static int usage_lf_em4x50_dump(void) {
PrintAndLogEx(NORMAL, "Dump EM4x50/EM4x69. Tag must be on antenna. ");
PrintAndLogEx(NORMAL, "");
@ -979,17 +987,25 @@ int EM4x50Read(const char *Cmd, bool verbose) {
return AllPTest ? PM3_SUCCESS : PM3_ESOFT;
}
static int CmdEM4x50Demod(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_demod();
return EM4x50Read(Cmd, true);
}
static int CmdEM4x50Read(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_read();
return EM4x50Read(Cmd, true);
}
static int CmdEM4x50Write(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_write();
PrintAndLogEx(NORMAL, "no implemented yet");
return PM3_SUCCESS;
}
static int CmdEM4x50Dump(const char *Cmd) {
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (ctmp == 'h') return usage_lf_em4x50_dump();
@ -1531,6 +1547,7 @@ static command_t CommandTable[] = {
{"4x05_info", CmdEM4x05Info, IfPm3Lf, "tag information EM4x05/EM4x69"},
{"4x05_read", CmdEM4x05Read, IfPm3Lf, "read word data from EM4x05/EM4x69"},
{"4x05_write", CmdEM4x05Write, IfPm3Lf, "write word data to EM4x05/EM4x69"},
{"4x50_demod", CmdEM4x50Demod, AlwaysAvailable, "demodulate a EM4x50 tag from the GraphBuffer"},
{"4x50_dump", CmdEM4x50Dump, IfPm3Lf, "dump EM4x50 tag"},
{"4x50_read", CmdEM4x50Read, IfPm3Lf, "read word data from EM4x50"},
{"4x50_write", CmdEM4x50Write, IfPm3Lf, "write word data to EM4x50"},

2
client/cmdlfparadox.c
View file

@ -114,7 +114,7 @@ static int CmdParadoxRead(const char *Cmd) {
static int CmdParadoxSim(const char *Cmd) {
PrintAndLogEx(INFO," To be implemented, feel free to contribute!");
PrintAndLogEx(INFO, " To be implemented, feel free to contribute!");
return PM3_SUCCESS;
}
/*

212
client/cmdlft55xx.c
View file

@ -36,8 +36,17 @@
#define T55XX_DLMODE_1OF4 3 // 1 of 4
#define T55XX_LONGLEADINGREFERENCE 4 // Value to tell Write Bit to send long reference
//static uint8_t bit_rates[9] = {8, 16, 32, 40, 50, 64, 100, 128, 0};
// Default configuration
t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = false, .offset = 0x00, .block0 = 0x00, .Q5 = false };
t55xx_conf_block_t config = {
.modulation = DEMOD_ASK,
.inverted = false,
.offset = 0x00,
.block0 = 0x00,
.Q5 = false,
.usepwd = false
};
t55xx_conf_block_t Get_t55xx_Config() {
return config;
@ -55,9 +64,10 @@ static void print_usage_t55xx_downloadlink(void) {
}
static int usage_t55xx_config() {
PrintAndLogEx(NORMAL, "Usage: lf t55xx config [d <demodulation>] [i [0/1]] [o <offset>] [Q5 [0/1]] [ST [0/1]]");
PrintAndLogEx(NORMAL, "Usage: lf t55xx config [c <blk0>] [d <demodulation>] [i [0/1]] [o <offset>] [Q5 [0/1]] [ST [0/1]]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - This help");
PrintAndLogEx(NORMAL, " c <block0> - set configuration from a block0");
PrintAndLogEx(NORMAL, " b <8|16|32|40|50|64|100|128> - Set bitrate");
PrintAndLogEx(NORMAL, " d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa> - Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A");
PrintAndLogEx(NORMAL, " i [0/1] - Set/reset data signal inversion");
@ -103,18 +113,20 @@ static int usage_t55xx_resetread() {
return PM3_SUCCESS;
}
static int usage_t55xx_write() {
PrintAndLogEx(NORMAL, "Usage: lf t55xx write [r <mode>] b <block> d <data> [p <password>] [1] [t]");
PrintAndLogEx(NORMAL, "Usage: lf t55xx write [r <mode>] b <block> d <data> [p <password>] [1] [t] [v]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " b <block> - block number to write. Between 0-7");
PrintAndLogEx(NORMAL, " d <data> - 4 bytes of data to write (8 hex characters)");
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex characters)");
PrintAndLogEx(NORMAL, " 1 - OPTIONAL write Page 1 instead of Page 0");
PrintAndLogEx(NORMAL, " t - OPTIONAL test mode write - ****DANGER****");
PrintAndLogEx(NORMAL, " v - OPTIONAL validate data afterwards");
print_usage_t55xx_downloadlink();
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 - write 11223344 to block 3");
PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 p feedbeef - write 11223344 to block 3 password feedbeef");
PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 v - write 11223344 to block 3 and try to validate data");
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS;
}
@ -131,14 +143,14 @@ static int usage_t55xx_trace() {
return PM3_SUCCESS;
}
static int usage_t55xx_info() {
PrintAndLogEx(NORMAL, "Usage: lf t55xx info [1] [r <mode>] [d <data> [q]]");
PrintAndLogEx(NORMAL, "Usage: lf t55xx info [1] [r <mode>] [c <blk0> [q]]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " (default) - read data from tag.");
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer instead of reading tag.");
PrintAndLogEx(NORMAL, " d <data> - 4 bytes of data (8 hex characters)");
PrintAndLogEx(NORMAL, " (default) - read data from tag.");
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer instead of reading tag.");
PrintAndLogEx(NORMAL, " c <block0> - set configuration from a block0");
PrintAndLogEx(NORMAL, " if set, use these data instead of reading tag.");
PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config.");
PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config.");
print_usage_t55xx_downloadlink();
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:");
@ -296,6 +308,48 @@ static int usage_lf_deviceconfig() {
static int CmdHelp(const char *Cmd);
static bool t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) {
//Password mode
if (usepwd) {
// try reading the config block and verify that PWD bit is set before doing this!
if (override == 0) {
if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0, downlink_mode) == false)
return false;
if (tryDetectModulation() == false) {
PrintAndLogEx(NORMAL, "Safety Check: Could not detect if PWD bit is set in config block. Exits.");
return false;
} else {
PrintAndLogEx(NORMAL, "Safety Check: PWD bit is NOT set in config block. Reading without password...");
usepwd = false;
}
} else if (override == 1) {
PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk");
}
}
if (AquireData(page1, block, usepwd, password, downlink_mode) == false)
return false;
if (block == 0 && page1 == false) {
if (tryDetectModulation() == false) {
PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");
return false;
}
}
if (DecodeT55xxBlock() == false)
return false;
// compare...
uint32_t readblock = 0;
if (GetT55xxBlockData(&readblock) == false)
return false;
return (readblock == data);
}
void printT5xxHeader(uint8_t page) {
PrintAndLogEx(NORMAL, "Reading Page %d:", page);
PrintAndLogEx(NORMAL, "blk | hex data | binary | ascii");
@ -312,6 +366,9 @@ static int CmdT55xxSetConfig(const char *Cmd) {
uint8_t rates[9] = {8, 16, 32, 40, 50, 64, 100, 128, 0};
uint8_t cmdp = 0;
bool errors = false;
uint32_t block0 = 0;
bool gotconf = false;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
char tmp = tolower(param_getchar(Cmd, cmdp));
switch (tmp) {
@ -331,6 +388,11 @@ static int CmdT55xxSetConfig(const char *Cmd) {
}
cmdp += 2;
break;
case 'c':
block0 = param_get32ex(Cmd, cmdp + 1, 0, 16);
gotconf = true;
cmdp += 2;
break;
case 'd':
param_getstr(Cmd, cmdp + 1, modulation, sizeof(modulation));
cmdp += 2;
@ -413,7 +475,36 @@ static int CmdT55xxSetConfig(const char *Cmd) {
//Validations
if (errors) return usage_t55xx_config();
config.block0 = 0;
if ( gotconf ) {
// Q5
// T55x7
uint32_t extend = (block0 >> (32 - 15)) & 0x01;
uint32_t dbr;
if (extend)
dbr = (block0 >> (32 - 14)) & 0x3F;
else
dbr = (block0 >> (32 - 14)) & 0x07;
uint32_t datamod = (block0 >> (32 - 20)) & 0x1F;
bool pwd = (bool)((block0 >> (32 - 28)) & 0x01);
bool sst = (bool)((block0 >> (32 - 29)) & 0x01);
bool inv = (bool)((block0 >> (32 - 31)) & 0x01);
config.modulation = datamod;
config.bitrate = dbr;
config.inverted = inv;
config.Q5 = 0;
config.ST = sst;
config.usepwd = pwd;
config.offset = 0;
config.block0 = block0;
} else {
config.block0 = 0;
}
return printConfiguration(config);
}
@ -482,8 +573,8 @@ static int CmdT55xxReadBlock(const char *Cmd) {
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
downlink_mode = 0;
downlink_mode = 0;
cmdp += 2;
break;
@ -649,10 +740,10 @@ static int CmdT55xxDetect(const char *Cmd) {
return PM3_ESOFT;
if (useGB == false) {
if ( try_all_dl_modes ) {
if (try_all_dl_modes) {
for (uint8_t mode = 0; mode < 4; mode++) {
if ( AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, mode) == false ) {
if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, mode) == false) {
continue;
}
@ -663,8 +754,8 @@ static int CmdT55xxDetect(const char *Cmd) {
}
return PM3_ESOFT;
} else {
if ( AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode) == false )
return PM3_ENODATA;
if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode) == false)
return PM3_ENODATA;
}
}
@ -1014,11 +1105,14 @@ static bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk)
si += 3;
//uint8_t ST = PackBits(si, 1, DemodBuffer); si += 1;
if (maxBlk == 0) continue;
//test modulation
if (!testQ5Modulation(mode, modread)) continue;
if (bitRate != clk) continue;
*fndBitRate = convertQ5bitRate(bitRate);
if (*fndBitRate < 0) continue;
*offset = idx;
return true;
@ -1132,9 +1226,9 @@ static int CmdT55xxWakeUp(const char *Cmd) {
break;
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
default:
@ -1150,17 +1244,17 @@ static int CmdT55xxWakeUp(const char *Cmd) {
uint32_t password;
uint8_t flags;
} PACKED payload;
payload.password = password;
payload.flags = (downlink_mode & 3) << 3;
payload.flags = (downlink_mode & 3) << 3;
clearCommandBuffer();
SendCommandNG(CMD_LF_T55XX_WAKEUP, (uint8_t *)&payload, sizeof(payload));
if (!WaitForResponseTimeout(CMD_LF_T55XX_WAKEUP, NULL, 1000)) {
PrintAndLogEx(WARNING, "command execution time out");
return PM3_ETIMEOUT;
}
PrintAndLogEx(SUCCESS, "Wake up command sent. Try read now");
return PM3_SUCCESS;
}
@ -1174,6 +1268,7 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
bool gotdata = false;
bool testMode = false;
bool errors = false;
bool validate = false;
uint8_t cmdp = 0;
uint32_t downlink_mode = 0;
@ -1212,9 +1307,13 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
case 'v':
validate = true;
cmdp++;
break;
default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
@ -1235,8 +1334,6 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
PrintAndLogEx(INFO, "Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : "");
clearCommandBuffer();
/*
OLD style
arg0 = data, (4 bytes)
@ -1253,11 +1350,22 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
ng.blockno = block;
ng.flags = flags;
clearCommandBuffer();
SendCommandNG(CMD_LF_T55XX_WRITEBL, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_LF_T55XX_WRITEBL, &resp, 2000)) {
PrintAndLogEx(ERR, "Error occurred, device did not ACK write operation. (May be due to old firmware)");
return PM3_ETIMEOUT;
}
if (validate) {
//t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) {
bool isOK = t55xxVerifyWrite(block, page1, usepwd, 1, password, downlink_mode, data);
if (isOK)
PrintAndLogEx(SUCCESS, "Write OK, validation succesful");
else
PrintAndLogEx(WARNING, "Write could not validate the written data");
}
return PM3_SUCCESS;
}
@ -1273,9 +1381,9 @@ static int CmdT55xxReadTrace(const char *Cmd) {
return usage_t55xx_trace();
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
case '1':
@ -1302,7 +1410,7 @@ static int CmdT55xxReadTrace(const char *Cmd) {
if (!AquireData(T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password, downlink_mode))
return PM3_ENODATA;
}
if (config.Q5) {
if (!DecodeT5555TraceBlock()) return PM3_ESOFT;
} else {
@ -1550,7 +1658,7 @@ static int CmdT55xxInfo(const char *Cmd) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_t55xx_info();
case 'd':
case 'c':
block0 = param_get32ex(Cmd, cmdp + 1, 0, 16);
gotdata = true;
cmdp += 2;
@ -1570,9 +1678,9 @@ static int CmdT55xxInfo(const char *Cmd) {
break;
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
default:
@ -1594,7 +1702,7 @@ static int CmdT55xxInfo(const char *Cmd) {
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode))
return PM3_ENODATA;
}
if (!gotdata) {
if (!DecodeT55xxBlock()) return PM3_ESOFT;
@ -1602,7 +1710,7 @@ static int CmdT55xxInfo(const char *Cmd) {
if (DemodBufferLen < 32 + config.offset) return PM3_ESOFT;
//PrintAndLogEx(NORMAL, "Offset+32 ==%d\n DemodLen == %d", config.offset + 32, DemodBufferLen);
block0 = PackBits(config.offset, 32, DemodBuffer);
block0 = PackBits(config.offset, 32, DemodBuffer);
}
PrintAndLogEx(NORMAL, "");
@ -1697,10 +1805,10 @@ static int CmdT55xxDump(const char *Cmd) {
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_t55xx_dump();
return usage_t55xx_dump();
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
@ -2027,9 +2135,9 @@ static int CmdResetRead(const char *Cmd) {
return usage_t55xx_resetread();
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
default:
@ -2042,9 +2150,9 @@ static int CmdResetRead(const char *Cmd) {
if (errors) return usage_t55xx_resetread();
PrintAndLogEx(INFO, "DL : %d\n", downlink_mode);
flags = downlink_mode << 3;
clearCommandBuffer();
SendCommandNG(CMD_LF_T55XX_RESET_READ, &flags, sizeof(flags));
if (!WaitForResponseTimeout(CMD_ACK, NULL, 2500)) {
@ -2153,7 +2261,7 @@ static int CmdT55xxChkPwds(const char *Cmd) {
return usage_t55xx_chk();
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode >= 4) {
if (downlink_mode >= 4) {
try_all_dl_modes = true;
downlink_mode = 4;
}
@ -2164,7 +2272,7 @@ static int CmdT55xxChkPwds(const char *Cmd) {
cmdp++;
break;
case 'i':
if ( param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)) == 0 ) {
if (param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)) == 0) {
PrintAndLogEx(ERR, "Error, no filename after 'f' was found");
errors = true;
}
@ -2305,9 +2413,9 @@ static int CmdT55xxBruteForce(const char *Cmd) {
return usage_t55xx_bruteforce();
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 4)
if (downlink_mode > 4)
downlink_mode = 0;
cmdp += 2;
break;
case 's':
@ -2415,9 +2523,9 @@ static int CmdT55xxRecoverPW(const char *Cmd) {
break;
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 4)
if (downlink_mode > 4)
downlink_mode = 0;
cmdp += 2;
break;
default:
@ -2644,12 +2752,12 @@ static int CmdT55xxDetectPage1(const char *Cmd) {
break;
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode == 4)
if (downlink_mode == 4)
try_all_dl_modes = true;
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
default:
@ -2725,10 +2833,10 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) {
cmdp += 2;
break;
case 'r':
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (downlink_mode > 3)
downlink_mode = 0;
cmdp += 2;
break;
case 'p':

1
client/cmdlft55xx.h
View file

@ -116,6 +116,7 @@ typedef struct {
} bitrate;
bool Q5;
bool ST;
bool usepwd;
} t55xx_conf_block_t;
t55xx_conf_block_t Get_t55xx_Config(void);

8
client/cmdtrace.c
View file

@ -303,18 +303,18 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr
&& (oddparity8(frame[j]) != ((parityBits >> (7 - (j & 0x0007))) & 0x01))) {
snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x! ", frame[j]);
} else if ( protocol == ICLASS && isResponse == false) {
} else if (protocol == ICLASS && isResponse == false) {
uint8_t parity = 0;
for (int i=0; i<6; i++) {
for (int i = 0; i < 6; i++) {
parity ^= ((frame[0] >> i) & 1);
}
if ( parity == ((frame[0] >> 7) & 1)) {
if (parity == ((frame[0] >> 7) & 1)) {
snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x ", frame[j]);
} else {
snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x! ", frame[j]);
}
} else {
} else {
snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x ", frame[j]);
}

14
client/proxmark3.c
View file

@ -368,13 +368,13 @@ static void show_help(bool showFullHelp, char *exec_name) {
PrintAndLogEx(NORMAL, "\n to flash fullimage and bootloader:\n");
PrintAndLogEx(NORMAL, " %s "SERIAL_PORT_EXAMPLE_H" --flash --unlock-bootloader --image bootrom.elf --image fullimage.elf", exec_name);
#ifdef __linux__
PrintAndLogEx(NORMAL, "\nNote (Linux):\nif the flasher gets stuck in 'Waiting for Proxmark3 to reappear on <DEVICE>',");
PrintAndLogEx(NORMAL, "you need to blacklist Proxmark3 for modem-manager - see documentation for more details:");
PrintAndLogEx(NORMAL, "* https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md");
PrintAndLogEx(NORMAL, "\nMore info on flashing procedure from the official Proxmark3 wiki:");
PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Gentoo%%20Linux");
PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Ubuntu%%20Linux");
PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/OSX\n");
PrintAndLogEx(NORMAL, "\nNote (Linux):\nif the flasher gets stuck in 'Waiting for Proxmark3 to reappear on <DEVICE>',");
PrintAndLogEx(NORMAL, "you need to blacklist Proxmark3 for modem-manager - see documentation for more details:");
PrintAndLogEx(NORMAL, "* https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md");
PrintAndLogEx(NORMAL, "\nMore info on flashing procedure from the official Proxmark3 wiki:");
PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Gentoo%%20Linux");
PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Ubuntu%%20Linux");
PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/OSX\n");
#endif
}
}