From 871445212ec86dd83090897ca6f876c3bd1b0568 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 14:10:08 +0200 Subject: [PATCH 01/10] chg 'lf proxebrute standalone' - simplified it. No need for clone, or multiple slots, LED A = read / record, flashing LED A 12 times, failed reader and next click try again, LED C == proxbrute, all leds flash when exiting standalone mode --- armsrc/Standalone/lf_proxbrute.c | 197 +++++++++++-------------------- 1 file changed, 68 insertions(+), 129 deletions(-) diff --git a/armsrc/Standalone/lf_proxbrute.c b/armsrc/Standalone/lf_proxbrute.c index 8044cbde9..5d435c3ee 100644 --- a/armsrc/Standalone/lf_proxbrute.c +++ b/armsrc/Standalone/lf_proxbrute.c @@ -18,8 +18,6 @@ #include "ticks.h" #include "lfops.h" -#define OPTS 2 - void ModInfo(void) { DbpString(" LF HID ProxII bruteforce - aka Proxbrute (Brad Antoniewicz)"); } @@ -30,151 +28,92 @@ void RunMod() { Dbprintf(">> LF HID proxII bruteforce a.k.a ProxBrute Started (Brad Antoniewicz) <<"); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); - uint32_t high[OPTS], low[OPTS]; - int selected = 0; - int playing = 0; - int cardRead = 0; + uint32_t high, low; - // Turn on selected LED - LED(selected + 1, 0); +#define STATE_READ 0 +#define STATE_BRUTE 1 + + uint8_t state = STATE_READ; for (;;) { + WDT_HIT(); // exit from SamyRun, send a usbcommand. if (data_available()) break; - // Was our button held down or pressed? - int button_pressed = BUTTON_HELD(1000); - SpinDelay(300); + // Was our button held down or pressed? + int button_pressed = BUTTON_HELD(280); + if ( button_pressed != BUTTON_HOLD ) + continue; // Button was held for a second, begin recording - if (button_pressed > 0 && cardRead == 0) { - LEDsoff(); - LED(selected + 1, 0); - LED(LED_D, 0); + if ( state == STATE_READ ) { + + LEDsoff(); + LED_A_ON(); + WAIT_BUTTON_RELEASED(); - // record DbpString("[=] starting recording"); - // wait for button to be released - while (BUTTON_PRESS()) - WDT_HIT(); - /* need this delay to prevent catching some weird data */ - SpinDelay(500); + // findone, high, low, no ledcontrol (A) + CmdHIDdemodFSK(1, &high, &low, 0); - CmdHIDdemodFSK(1, &high[selected], &low[selected], 0); - Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]); + Dbprintf("[=] recorded | %x%08x", high, low); - LEDsoff(); - LED(selected + 1, 0); - // Finished recording - // If we were previously playing, set playing off - // so next button push begins playing what we recorded - playing = 0; - cardRead = 1; - } else if (button_pressed > 0 && cardRead == 1) { - LEDsoff(); - LED(selected + 1, 0); - LED(LED_A, 0); - - // record - Dbprintf("[=] cloning %x %x %08x", selected, high[selected], low[selected]); - - // wait for button to be released - while (BUTTON_PRESS()) - WDT_HIT(); - - /* need this delay to prevent catching some weird data */ - SpinDelay(500); - - CopyHIDtoT55x7(0, high[selected], low[selected], 0); - Dbprintf("[=] cloned %x %x %08x", selected, high[selected], low[selected]); - - LEDsoff(); - LED(selected + 1, 0); - // Finished recording - - // If we were previously playing, set playing off - // so next button push begins playing what we recorded - playing = 0; - cardRead = 0; - } - - // Change where to record (or begin playing) - else if (button_pressed) { - // Next option if we were previously playing - if (playing) - selected = (selected + 1) % OPTS; - playing = !playing; - - LEDsoff(); - LED(selected + 1, 0); - - // Begin transmitting - if (playing) { - LED(LED_B, 0); - DbpString("[=] playing"); - // wait for button to be released - while (BUTTON_PRESS()) - WDT_HIT(); - - /* START PROXBRUTE */ - - /* - ProxBrute - brad a. - foundstone - - Following code is a trivial brute forcer once you read a valid tag - the idea is you get a valid tag, then just try and brute force to - another priv level. The problem is that it has no idea if the code - worked or not, so its a crap shoot. One option is to time how long - it takes to get a valid ID then start from scratch every time. - */ - if (selected == 1) { - DbpString("[=] entering ProxBrute Mode"); - Dbprintf("[=] current Tag: Selected = %x Facility = %08x ID = %08x", selected, high[selected], low[selected]); - LED(LED_A, 0); - LED(LED_C, 0); - for (uint16_t i = low[selected] - 1; i > 0; i--) { - if (BUTTON_PRESS()) { - DbpString("[-] told to stop"); - break; - } - - Dbprintf("[=] trying Facility = %08x ID %08x", high[selected], i); - CmdHIDsimTAGEx(high[selected], i, 0, 20000); - SpinDelay(500); - } - - } else { - DbpString("[=] RED is lit, not entering ProxBrute Mode"); - Dbprintf("[=] %x %x %x", selected, high[selected], low[selected]); - CmdHIDsimTAGEx(high[selected], low[selected], 0, 20000); - DbpString("[=] done playing"); - } - - /* END PROXBRUTE */ - - - if (BUTTON_HELD(1000) > 0) - goto out; - - /* We pressed a button so ignore it here with a delay */ - SpinDelay(300); - - // when done, we're done playing, move to next option - selected = (selected + 1) % OPTS; - playing = !playing; - LEDsoff(); - LED(selected + 1, 0); - } else { - while (BUTTON_PRESS()) - WDT_HIT(); + // got nothing. blink and loop. + if ( high == 0 && low == 0 ) { + SpinErr( LED_A, 100, 12); + DbpString("[=] only got zeros, retry recording after click"); + continue; } + + SpinErr(LED_A, 250, 2); + state = STATE_BRUTE; + continue; + + } else if ( state == STATE_BRUTE ) { + + LED_C_ON(); // Simulate + WAIT_BUTTON_RELEASED(); + + + /* + ProxBrute - brad a. - foundstone + + Following code is a trivial brute forcer once you read a valid tag + the idea is you get a valid tag, then just try and brute force to + another priv level. The problem is that it has no idea if the code + worked or not, so its a crap shoot. One option is to time how long + it takes to get a valid ID then start from scratch every time. + */ + DbpString("[=] entering ProxBrute mode"); + Dbprintf("[=] simulating | %08x%08x", high, low); + + for (uint16_t i = low - 1; i > 0; i--) { + + if (data_available()) break; + + // Was our button held down or pressed? + int button_pressed = BUTTON_HELD(280); + if ( button_pressed != BUTTON_HOLD ) break; + + Dbprintf("[=] trying Facility = %08x ID %08x", high, i); + + // high, i, ledcontrol, timelimit 20000 + CmdHIDsimTAGEx(high, i, false, 20000); + + SpinDelay(100); + } + + state = STATE_READ; + SpinErr( (LED_A | LED_C ), 250, 2); + LEDsoff(); } } -out: - DbpString("[=] exiting"); + + SpinErr( (LED_A | LED_B | LED_C | LED_D), 250, 5); + DbpString("[=] You can take the shell back :) ..."); LEDsoff(); } From 1c4c21513b061feef1d8b676b93412bee20aea9a Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 14:12:12 +0200 Subject: [PATCH 02/10] chg samyrun, all leds flash 5times when exiting standalone mode --- armsrc/Standalone/lf_samyrun.c | 1 + 1 file changed, 1 insertion(+) diff --git a/armsrc/Standalone/lf_samyrun.c b/armsrc/Standalone/lf_samyrun.c index df9812869..58c5dfd5e 100644 --- a/armsrc/Standalone/lf_samyrun.c +++ b/armsrc/Standalone/lf_samyrun.c @@ -138,6 +138,7 @@ void RunMod() { } } + SpinErr( (LED_A | LED_B | LED_C | LED_D), 250, 5); DbpString("[=] You can take shell back :) ..."); LEDsoff(); } From 8d6bde0d63300d06945298f3d21e3d224db63c73 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 15:13:18 +0200 Subject: [PATCH 03/10] chg: 'lf em 4x50_demod' - seems the read 4x50 didnt read, it demodulated only.. --- client/cmdlfem4x.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index c04e64c00..b7948b14c 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -102,6 +102,14 @@ static int usage_lf_em410x_brute(void) { } //////////////// 4050 / 4450 commands +static int usage_lf_em4x50_demod(void) { + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_demod [h]"); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, " lf em 4x50_demod"); + return PM3_SUCCESS; +} static int usage_lf_em4x50_dump(void) { PrintAndLogEx(NORMAL, "Dump EM4x50/EM4x69. Tag must be on antenna. "); PrintAndLogEx(NORMAL, ""); @@ -979,17 +987,25 @@ int EM4x50Read(const char *Cmd, bool verbose) { return AllPTest ? PM3_SUCCESS : PM3_ESOFT; } +static int CmdEM4x50Demod(const char *Cmd) { + uint8_t ctmp = tolower(param_getchar(Cmd, 0)); + if (ctmp == 'h') return usage_lf_em4x50_demod(); + return EM4x50Read(Cmd, true); +} + static int CmdEM4x50Read(const char *Cmd) { uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 'h') return usage_lf_em4x50_read(); return EM4x50Read(Cmd, true); } + static int CmdEM4x50Write(const char *Cmd) { uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 'h') return usage_lf_em4x50_write(); PrintAndLogEx(NORMAL, "no implemented yet"); return PM3_SUCCESS; } + static int CmdEM4x50Dump(const char *Cmd) { uint8_t ctmp = tolower(param_getchar(Cmd, 0)); if (ctmp == 'h') return usage_lf_em4x50_dump(); @@ -1531,6 +1547,7 @@ static command_t CommandTable[] = { {"4x05_info", CmdEM4x05Info, IfPm3Lf, "tag information EM4x05/EM4x69"}, {"4x05_read", CmdEM4x05Read, IfPm3Lf, "read word data from EM4x05/EM4x69"}, {"4x05_write", CmdEM4x05Write, IfPm3Lf, "write word data to EM4x05/EM4x69"}, + {"4x50_demod", CmdEM4x50Demod, AlwaysAvailable, "demodulate a EM4x50 tag from the GraphBuffer"}, {"4x50_dump", CmdEM4x50Dump, IfPm3Lf, "dump EM4x50 tag"}, {"4x50_read", CmdEM4x50Read, IfPm3Lf, "read word data from EM4x50"}, {"4x50_write", CmdEM4x50Write, IfPm3Lf, "write word data to EM4x50"}, From ffa3e2a0f8dfea6a3a6a5606ef50d53fae3ab2e3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 16:25:33 +0200 Subject: [PATCH 04/10] style --- armsrc/Standalone/lf_samyrun.c | 28 ++++++++++---------- armsrc/iclass.c | 44 +++++++++++++++---------------- armsrc/mifarecmd.c | 22 ++++++++-------- armsrc/pcf7931.c | 48 +++++++++++++++++----------------- armsrc/ticks.c | 2 +- 5 files changed, 72 insertions(+), 72 deletions(-) diff --git a/armsrc/Standalone/lf_samyrun.c b/armsrc/Standalone/lf_samyrun.c index 58c5dfd5e..d56f48e24 100644 --- a/armsrc/Standalone/lf_samyrun.c +++ b/armsrc/Standalone/lf_samyrun.c @@ -54,15 +54,15 @@ void RunMod() { // Was our button held down or pressed? int button_pressed = BUTTON_HELD(280); - if ( button_pressed != BUTTON_HOLD ) + if (button_pressed != BUTTON_HOLD) continue; -/* -#define BUTTON_NO_CLICK 0 -#define BUTTON_SINGLE_CLICK -1 -#define BUTTON_DOUBLE_CLICK -2 -*/ + /* + #define BUTTON_NO_CLICK 0 + #define BUTTON_SINGLE_CLICK -1 + #define BUTTON_DOUBLE_CLICK -2 + */ - if ( state == STATE_READ ) { + if (state == STATE_READ) { if (selected == 0) { LED_A_ON(); @@ -89,17 +89,17 @@ void RunMod() { Dbprintf("[=] recorded %x | %x%08x", selected, high[selected], low[selected]); // got nothing. blink and loop. - if ( hi == 0 && lo == 0 ) { - SpinErr( (selected == 0) ? LED_A : LED_B, 100, 12); + if (hi == 0 && lo == 0) { + SpinErr((selected == 0) ? LED_A : LED_B, 100, 12); DbpString("[=] only got zeros, retry recording after click"); continue; } - SpinErr( (selected == 0) ? LED_A : LED_B, 250, 2); + SpinErr((selected == 0) ? LED_A : LED_B, 250, 2); state = STATE_SIM; continue; - } else if ( state == STATE_SIM ) { + } else if (state == STATE_SIM) { LED_C_ON(); // Simulate LED_D_OFF(); @@ -113,11 +113,11 @@ void RunMod() { DbpString("[=] simulating done"); uint8_t leds = ((selected == 0) ? LED_A : LED_B) | LED_C; - SpinErr( leds , 250, 2); + SpinErr(leds, 250, 2); state = STATE_CLONE; continue; - } else if ( state == STATE_CLONE ) { + } else if (state == STATE_CLONE) { LED_C_OFF(); LED_D_ON(); // clone @@ -138,7 +138,7 @@ void RunMod() { } } - SpinErr( (LED_A | LED_B | LED_C | LED_D), 250, 5); + SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5); DbpString("[=] You can take shell back :) ..."); LEDsoff(); } diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 5bbcc1b4b..fd5d663fd 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -895,7 +895,7 @@ void RAMFUNC SniffIClass(void) { // time ZERO, the point from which it all is calculated. time_0 = GetCountSspClk(); - + // loop and listen // every sample (1byte in data), // contains HIGH nibble = reader data @@ -962,7 +962,7 @@ void RAMFUNC SniffIClass(void) { */ - uint8_t tag_byte = ((previous_data & 0xF) << 4 ) | (*data & 0xF); + uint8_t tag_byte = ((previous_data & 0xF) << 4) | (*data & 0xF); if (ManchesterDecoding_iclass(tag_byte)) { time_stop = GetCountSspClk() - time_0; LogTrace(Demod.output, Demod.len, time_start, time_stop, NULL, false); @@ -976,12 +976,12 @@ void RAMFUNC SniffIClass(void) { } } // end main loop -/* - if (DBGLEVEL >= 1) { - DbpString("[+] Sniff statistics:"); - Dbhexdump(ICLASS_DMA_BUFFER_SIZE, data, false); - } -*/ + /* + if (DBGLEVEL >= 1) { + DbpString("[+] Sniff statistics:"); + Dbhexdump(ICLASS_DMA_BUFFER_SIZE, data, false); + } + */ switch_off(); } @@ -1522,7 +1522,7 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) { trace_data = csn_data; trace_data_size = sizeof(csn_data); goto send; - } else if (cmd == ICLASS_CMD_READCHECK ) { // 0x88 + } else if (cmd == ICLASS_CMD_READCHECK) { // 0x88 // Read e-purse KD (88 02) KC (18 02) modulated_response = resp_cc; modulated_response_size = resp_cc_len; //order = 4; @@ -1898,7 +1898,7 @@ bool sendCmdGetResponseWithRetries(uint8_t *command, size_t cmdsize, uint8_t *re // update/write command takes 4ms to 15ms before responding int old_wait = g_wait; - if ( (command[0] & 0xF) == ICLASS_CMD_UPDATE) + if ((command[0] & 0xF) == ICLASS_CMD_UPDATE) g_wait = 3900; uint8_t got_n = ReaderReceiveIClass(resp); @@ -1934,8 +1934,8 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) { uint8_t readcheck_cc[] = { 0x80 | ICLASS_CMD_READCHECK, 0x02 }; // Bit 4: K.If this bit equals to one, the READCHECK will use the Credit Key (Kc); if equals to zero, Debit Key (Kd) willbe used - // bit 7: parity. - + // bit 7: parity. + if (use_credit_key) readcheck_cc[0] = 0x10 | ICLASS_CMD_READCHECK; @@ -1945,14 +1945,14 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) { ReaderTransmitIClass_ext(act_all, 1, 330 + 180); // Card present? - if (ReaderReceiveIClass(resp) == 0) + if (ReaderReceiveIClass(resp) == 0) return 0; //Send Identify ReaderTransmitIClass(identify, 1); //We expect a 10-byte response here, 8 byte anticollision-CSN and 2 byte CRC - if ( ReaderReceiveIClass(resp) != 10 ) + if (ReaderReceiveIClass(resp) != 10) return 0; //Copy the Anti-collision CSN to our select-packet @@ -1962,28 +1962,28 @@ uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) { ReaderTransmitIClass(select, sizeof(select)); //We expect a 10-byte response here, 8 byte CSN and 2 byte CRC - if ( ReaderReceiveIClass(resp) != 10) + if (ReaderReceiveIClass(resp) != 10) return 0; - // Card selected, now read e-purse (cc) (block2) (only 8 bytes no CRC) + // Card selected, now read e-purse (cc) (block2) (only 8 bytes no CRC) // ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); // if (ReaderReceiveIClass(resp) == 8) { // //Save CC (e-purse) in response data // memcpy(card_data+8, resp, 8); // read_status++; // } - + //Success - level 1, we got CSN //Save CSN in response data memcpy(card_data, resp, 8); - + bool isBlk_2 = sendCmdGetResponseWithRetries(readcheck_cc, sizeof(readcheck_cc), resp, 8, 3); //Flag that we got to at least stage 1, read CSN - if ( isBlk_2 == false) { + if (isBlk_2 == false) { return 1; } - + //Save CC (e-purse) in response data memcpy(card_data + 8, resp, 8); @@ -2283,7 +2283,7 @@ void iClass_Authentication(uint8_t *mac) { // 6 retries uint8_t isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 6); - reply_ng(CMD_HF_ICLASS_AUTH, PM3_SUCCESS, (uint8_t*)&isOK ,sizeof(uint8_t)); + reply_ng(CMD_HF_ICLASS_AUTH, PM3_SUCCESS, (uint8_t *)&isOK, sizeof(uint8_t)); } typedef struct iclass_premac { @@ -2460,7 +2460,7 @@ bool iClass_WriteBlock_ext(uint8_t blockno, uint8_t *data) { void iClass_WriteBlock(uint8_t blockno, uint8_t *data) { uint8_t isOK = iClass_WriteBlock_ext(blockno, data); switch_off(); - reply_ng(CMD_HF_ICLASS_WRITEBL, PM3_SUCCESS, (uint8_t*)&isOK, sizeof(uint8_t)); + reply_ng(CMD_HF_ICLASS_WRITEBL, PM3_SUCCESS, (uint8_t *)&isOK, sizeof(uint8_t)); } // turn off afterwards diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index e8cce812f..1ca809a8a 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1997,18 +1997,18 @@ void MifareCIdent() { // Generation 1 test ReaderTransmitBitsPar(wupC1, 7, NULL, NULL); - + if (ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) { - ReaderTransmit(wupC2, sizeof(wupC2), NULL); - - if (!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) { - isGen = GEN_1B; - goto OUT; - }; - isGen = GEN_1A; - goto OUT; - } + ReaderTransmit(wupC2, sizeof(wupC2), NULL); + + if (!ReaderReceive(rec, recpar) || (rec[0] != 0x0a)) { + isGen = GEN_1B; + goto OUT; + }; + isGen = GEN_1A; + goto OUT; + } // reset card FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); @@ -2017,7 +2017,7 @@ void MifareCIdent() { int res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true); if (res == 2) { - Dbprintf("cident AA55C396 == %08X", cuid); + Dbprintf("cident AA55C396 == %08X", cuid); if (cuid == 0xAA55C396) { isGen = GEN_UNFUSED; goto OUT; diff --git a/armsrc/pcf7931.c b/armsrc/pcf7931.c index 1690c6ad3..2bc101a48 100644 --- a/armsrc/pcf7931.c +++ b/armsrc/pcf7931.c @@ -94,10 +94,10 @@ size_t DemodPCF7931(uint8_t **outBlocks) { } else { // Error if (++warnings > 10) { - - if ( DBGLEVEL >= DBG_EXTENDED ) + + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("Error: too many detection errors, aborting."); - + return 0; } } @@ -138,10 +138,10 @@ bool IsBlock0PCF7931(uint8_t *block) { // assuming all RFU bits are set to 0 // if PAC is enabled password is set to 0 if (block[7] == 0x01) { - if (!memcmp(block, "\x00\x00\x00\x00\x00\x00\x00", 7) - && !memcmp(block + 9, "\x00\x00\x00\x00\x00\x00\x00", 7)) { + if (!memcmp(block, "\x00\x00\x00\x00\x00\x00\x00", 7) + && !memcmp(block + 9, "\x00\x00\x00\x00\x00\x00\x00", 7)) { return true; - } + } } else if (block[7] == 0x00) { if (!memcmp(block + 9, "\x00\x00\x00\x00\x00\x00\x00", 7)) { return true; @@ -158,14 +158,14 @@ bool IsBlock1PCF7931(uint8_t *block) { uint8_t rlb = block[15]; if (block[10] == 0 - && block[11] == 0 - && block[12] == 0 - && block[13] == 0) { + && block[11] == 0 + && block[12] == 0 + && block[13] == 0) { // block 1 is sent only if (RLB >= 1 && RFB <= 1) or RB1 enabled if (rfb <= rlb - && rfb <= 9 - && rlb <= 9 - && ((rfb <= 1 && rlb >= 1) || rb1)) { + && rfb <= 9 + && rlb <= 9 + && ((rfb <= 1 && rlb >= 1) || rb1)) { return true; } } @@ -203,17 +203,17 @@ void ReadPCF7931() { // exit if no block is received if (errors >= 10 && found_blocks == 0 && single_blocks_cnt == 0) { - if ( DBGLEVEL >= DBG_INFO ) + if (DBGLEVEL >= DBG_INFO) Dbprintf("[!!] Error, no tag or bad tag"); - + return; } // exit if too many errors during reading if (tries > 50 && (2 * errors > tries)) { - - if ( DBGLEVEL >= DBG_INFO ) + + if (DBGLEVEL >= DBG_INFO) Dbprintf("[!!] Error reading the tag, only partial content"); - + goto end; } @@ -242,9 +242,9 @@ void ReadPCF7931() { continue; } - if ( DBGLEVEL >= DBG_EXTENDED ) + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("(dbg) got %d blocks (%d/%d found) (%d tries, %d errors)", n, found_blocks, (max_blocks == 0 ? found_blocks : max_blocks), tries, errors); - + for (i = 0; i < n; ++i) { print_result("got consecutive blocks", tmp_blocks[i], 16); } @@ -306,9 +306,9 @@ void ReadPCF7931() { } ++tries; if (BUTTON_PRESS()) { - if ( DBGLEVEL >= DBG_EXTENDED) + if (DBGLEVEL >= DBG_EXTENDED) Dbprintf("Button pressed, stopping."); - + goto end; } } while (found_blocks < max_blocks); @@ -421,7 +421,7 @@ static void RealWritePCF7931(uint8_t *pass, uint16_t init_delay, int32_t l, int3 */ void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data) { - if ( DBGLEVEL >= DBG_INFO ) { + if (DBGLEVEL >= DBG_INFO) { Dbprintf("Initialization delay : %d us", init_delay); Dbprintf("Offsets : %d us on the low pulses width, %d us on the low pulses positions", l, p); } @@ -444,10 +444,10 @@ void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, ui void SendCmdPCF7931(uint32_t *tab) { uint16_t u = 0, tempo = 0; - if ( DBGLEVEL >= DBG_INFO ) { + if (DBGLEVEL >= DBG_INFO) { Dbprintf("Sending data frame..."); } - + FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125kHz FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); diff --git a/armsrc/ticks.c b/armsrc/ticks.c index 1510de490..7b66d17e6 100644 --- a/armsrc/ticks.c +++ b/armsrc/ticks.c @@ -187,7 +187,7 @@ uint32_t RAMFUNC GetCountSspClk(void) { uint32_t RAMFUNC GetCountSspClkDelta(uint32_t start) { uint32_t stop = GetCountSspClk(); - if ( stop >= start ) + if (stop >= start) return stop - start; return (UINT32_MAX - start) + stop; } From 49cd525cf1d4fcb9a81786c957cd119065f3f2d9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 16:26:17 +0200 Subject: [PATCH 05/10] style --- armsrc/Standalone/lf_hidbrute.c | 42 +++++++++++--------------------- armsrc/Standalone/lf_proxbrute.c | 22 ++++++++--------- 2 files changed, 25 insertions(+), 39 deletions(-) diff --git a/armsrc/Standalone/lf_hidbrute.c b/armsrc/Standalone/lf_hidbrute.c index b659bbdf1..625459238 100644 --- a/armsrc/Standalone/lf_hidbrute.c +++ b/armsrc/Standalone/lf_hidbrute.c @@ -52,18 +52,17 @@ void RunMod() { int playing = 0; int cardRead = 0; - // Turn on selected LED - LED(selected + 1, 0); - for (;;) { + WDT_HIT(); // exit from SamyRun, send a usbcommand. if (data_available()) break; // Was our button held down or pressed? - int button_pressed = BUTTON_HELD(1000); - SpinDelay(300); + int button_pressed = BUTTON_HELD(280); + if (button_pressed != BUTTON_HOLD) + continue; // Button was held for a second, begin recording if (button_pressed > 0 && cardRead == 0) { @@ -71,16 +70,11 @@ void RunMod() { LED(selected + 1, 0); LED(LED_D, 0); + WAIT_BUTTON_RELEASED(); + // record DbpString("[=] starting recording"); - // wait for button to be released - while (BUTTON_PRESS()) - WDT_HIT(); - - /* need this delay to prevent catching some weird data */ - SpinDelay(500); - CmdHIDdemodFSK(1, &high[selected], &low[selected], 0); Dbprintf("[=] recorded %x %x %08x", selected, high[selected], low[selected]); @@ -99,12 +93,7 @@ void RunMod() { // record Dbprintf("[=] cloning %x %x %08x", selected, high[selected], low[selected]); - // wait for button to be released - while (BUTTON_PRESS()) - WDT_HIT(); - - /* need this delay to prevent catching some weird data */ - SpinDelay(500); + WAIT_BUTTON_RELEASED(); CopyHIDtoT55x7(0, high[selected], low[selected], 0); Dbprintf("[=] cloned %x %x %08x", selected, high[selected], low[selected]); @@ -136,9 +125,7 @@ void RunMod() { LED(LED_B, 0); DbpString("[=] playing"); - // wait for button to be released - while (BUTTON_PRESS()) - WDT_HIT(); + WAIT_BUTTON_RELEASED(); Dbprintf("[=] %x %x %08x", selected, high[selected], low[selected]); CmdHIDsimTAG(high[selected], low[selected], 0); @@ -168,16 +155,15 @@ void RunMod() { LED(LED_B, 0); DbpString("[=] entering bruteforce mode"); - // wait for button to be released - while (BUTTON_PRESS()) - WDT_HIT(); + + WAIT_BUTTON_RELEASED(); // Calculate Facility Code and Card Number from high and low uint32_t cardnum = (low[selected] >> 1) & 0xFFFFF; uint32_t fc = ((high[selected] & 1) << 11) | (low[selected] >> 21); uint32_t original_cardnum = cardnum; - Dbprintf("[=] Proxbrute - starting decrementing card number"); + Dbprintf("[=] HID brute - starting decrementing card number"); while (cardnum > 0) { @@ -207,7 +193,7 @@ void RunMod() { cardnum = original_cardnum; - Dbprintf("[=] Proxbrute - starting incrementing card number"); + Dbprintf("[=] HID brute - starting incrementing card number"); while (cardnum <= 0xFFFFF) { @@ -247,13 +233,13 @@ void RunMod() { LED(selected + 1, 0); } else { - while (BUTTON_PRESS()) - WDT_HIT(); + WAIT_BUTTON_RELEASED(); } } } out: + SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5); DbpString("[=] exiting"); LEDsoff(); } diff --git a/armsrc/Standalone/lf_proxbrute.c b/armsrc/Standalone/lf_proxbrute.c index 5d435c3ee..5844dda84 100644 --- a/armsrc/Standalone/lf_proxbrute.c +++ b/armsrc/Standalone/lf_proxbrute.c @@ -42,13 +42,13 @@ void RunMod() { // exit from SamyRun, send a usbcommand. if (data_available()) break; - // Was our button held down or pressed? + // Was our button held down or pressed? int button_pressed = BUTTON_HELD(280); - if ( button_pressed != BUTTON_HOLD ) + if (button_pressed != BUTTON_HOLD) continue; // Button was held for a second, begin recording - if ( state == STATE_READ ) { + if (state == STATE_READ) { LEDsoff(); LED_A_ON(); @@ -63,8 +63,8 @@ void RunMod() { Dbprintf("[=] recorded | %x%08x", high, low); // got nothing. blink and loop. - if ( high == 0 && low == 0 ) { - SpinErr( LED_A, 100, 12); + if (high == 0 && low == 0) { + SpinErr(LED_A, 100, 12); DbpString("[=] only got zeros, retry recording after click"); continue; } @@ -73,7 +73,7 @@ void RunMod() { state = STATE_BRUTE; continue; - } else if ( state == STATE_BRUTE ) { + } else if (state == STATE_BRUTE) { LED_C_ON(); // Simulate WAIT_BUTTON_RELEASED(); @@ -97,7 +97,7 @@ void RunMod() { // Was our button held down or pressed? int button_pressed = BUTTON_HELD(280); - if ( button_pressed != BUTTON_HOLD ) break; + if (button_pressed != BUTTON_HOLD) break; Dbprintf("[=] trying Facility = %08x ID %08x", high, i); @@ -107,13 +107,13 @@ void RunMod() { SpinDelay(100); } - state = STATE_READ; - SpinErr( (LED_A | LED_C ), 250, 2); - LEDsoff(); + state = STATE_READ; + SpinErr((LED_A | LED_C), 250, 2); + LEDsoff(); } } - SpinErr( (LED_A | LED_B | LED_C | LED_D), 250, 5); + SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5); DbpString("[=] You can take the shell back :) ..."); LEDsoff(); } From f5bff0d4e50031833ee5fdee7134a42823d1e014 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 16:27:25 +0200 Subject: [PATCH 06/10] style --- armsrc/Standalone/hf_young.c | 4 ++-- armsrc/util.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/armsrc/Standalone/hf_young.c b/armsrc/Standalone/hf_young.c index fcf964a5e..d5c211e79 100644 --- a/armsrc/Standalone/hf_young.c +++ b/armsrc/Standalone/hf_young.c @@ -114,9 +114,9 @@ void RunMod() { Dbprintf("ATQA = %02X%02X", uids[selected].atqa[0], uids[selected].atqa[1]); Dbprintf("SAK = %02X", uids[selected].sak); LEDsoff(); - LED(LED_B, 200); + LED(LED_B, 200); LED(LED_A, 200); - LED(LED_B, 200); + LED(LED_B, 200); LED(LED_A, 200); LEDsoff(); diff --git a/armsrc/util.c b/armsrc/util.c index 888c64b9d..d1a4fb938 100644 --- a/armsrc/util.c +++ b/armsrc/util.c @@ -90,7 +90,7 @@ void LEDsoff() { LED_D_OFF(); } -//ICEMAN: LED went from 1,2,3,4 -> 1,2,4,8 +//ICEMAN: LED went from 1,2,3,4 -> 1,2,4,8 void LED(int led, int ms) { if (led & LED_A) // Proxmark3 historical mapping: LED_ORANGE LED_A_ON(); From 2b25d863921e29b0b440449f9329571ca9090c44 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 16:31:17 +0200 Subject: [PATCH 07/10] style --- client/cmddata.c | 4 +- client/cmdhficlass.c | 122 ++++++++++++++++++++--------------------- client/cmdhflist.c | 4 +- client/cmdhfmf.c | 2 +- client/cmdhfthinfilm.c | 2 +- client/cmdlfparadox.c | 2 +- 6 files changed, 68 insertions(+), 68 deletions(-) diff --git a/client/cmddata.c b/client/cmddata.c index 18e91c699..792cf6a96 100644 --- a/client/cmddata.c +++ b/client/cmddata.c @@ -461,10 +461,10 @@ int CmdPrintDemodBuff(const char *Cmd) { if (invert) { char *buf = (char *)(DemodBuffer + offset); for (uint32_t i = 0; i < length; i++) { - if ( buf[i] == 1 ) + if (buf[i] == 1) buf[i] = 0; else { - if ( buf[i] == 0 ) + if (buf[i] == 0) buf[i] = 1; } } diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index f45151a7b..5f8ed9fbc 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -87,7 +87,7 @@ static int usage_hf_iclass_decrypt(void) { PrintAndLogEx(NORMAL, "S hf iclass decrypt f tagdump_1.bin"); PrintAndLogEx(NORMAL, "S hf iclass decrypt f tagdump_1.bin k 000102030405060708090a0b0c0d0e0f"); PrintAndLogEx(NORMAL, "S hf iclass decrypt d 1122334455667788 k 000102030405060708090a0b0c0d0e0f"); - + return PM3_SUCCESS; } static int usage_hf_iclass_encrypt(void) { @@ -664,7 +664,7 @@ static int CmdHFiClassSim(const char *Cmd) { } static int CmdHFiClassInfo(const char *Cmd) { - return PM3_SUCCESS; + return PM3_SUCCESS; } static int CmdHFiClassReader(const char *Cmd) { @@ -809,7 +809,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) { uint8_t cmdp = 0; uint8_t enc_data[8] = {0}; - + size_t keylen = 0; uint8_t key[32] = {0}; uint8_t *keyptr = NULL; @@ -827,7 +827,7 @@ static int CmdHFiClassDecrypt(const char *Cmd) { PrintAndLogEx(ERR, "data must be 16 HEX symbols"); errors = true; break; - } + } have_data = true; cmdp += 2; break; @@ -876,12 +876,12 @@ static int CmdHFiClassDecrypt(const char *Cmd) { uint8_t dec_data[8] = {0}; - if ( have_data ) { + if (have_data) { mbedtls_des3_crypt_ecb(&ctx, enc_data, dec_data); PrintAndLogEx(SUCCESS, "Data: %s", sprint_hex(dec_data, sizeof(dec_data))); } - if ( have_file ) { + if (have_file) { picopass_hdr *hdr = (picopass_hdr *)decrypted; uint8_t mem = hdr->conf.mem_config; @@ -1019,7 +1019,7 @@ static bool select_only(uint8_t *CSN, uint8_t *CCNR, bool use_credit_key, bool v } if (isOK <= 1) { - if ( verbose ) + if (verbose) PrintAndLogEx(FAILED, "failed to obtain CC! Tag-select is aborting... (%d)", isOK); return false; @@ -1056,7 +1056,7 @@ static bool select_and_auth(uint8_t *KEY, uint8_t *MAC, uint8_t *div_key, bool u return false; } - if ( resp.status != PM3_SUCCESS ) { + if (resp.status != PM3_SUCCESS) { if (verbose) PrintAndLogEx(ERR, "failed to communicate with card"); return false; } @@ -1213,7 +1213,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) { break; } while (numberAuthRetries--); - if ( numberAuthRetries <= 0) { + if (numberAuthRetries <= 0) { PrintAndLogEx(WARNING, "failed authenticating with debit key"); DropField(); return PM3_ESOFT; @@ -1271,7 +1271,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) { break; } while (numberAuthRetries--); - if ( numberAuthRetries <= 0) { + if (numberAuthRetries <= 0) { PrintAndLogEx(WARNING, "failed authenticating with credit key"); DropField(); return PM3_ESOFT; @@ -1313,7 +1313,7 @@ static int CmdHFiClassReader_Dump(const char *Cmd) { // add diversified keys to dump if (have_debit_key) memcpy(tag_data + (3 * 8), div_key, 8); - + if (have_credit_key) memcpy(tag_data + (4 * 8), c_div_key, 8); @@ -1340,14 +1340,14 @@ static int CmdHFiClassReader_Dump(const char *Cmd) { static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool verbose) { - int numberAuthRetries = ICLASS_AUTH_RETRY; + int numberAuthRetries = ICLASS_AUTH_RETRY; do { - + uint8_t MAC[4] = {0x00, 0x00, 0x00, 0x00}; uint8_t div_key[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; if (!select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose)) { numberAuthRetries--; - DropField(); + DropField(); continue; } @@ -1358,12 +1358,12 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c uint8_t data[12]; } PACKED payload; payload.blockno = blockno; - + memcpy(payload.data, bldata, 8); memcpy(payload.data + 8, MAC, 4); clearCommandBuffer(); - SendCommandNG(CMD_HF_ICLASS_WRITEBL, (uint8_t*)&payload, sizeof(payload)); + SendCommandNG(CMD_HF_ICLASS_WRITEBL, (uint8_t *)&payload, sizeof(payload)); PacketResponseNG resp; if (WaitForResponseTimeout(CMD_HF_ICLASS_WRITEBL, &resp, 4000) == 0) { @@ -1372,7 +1372,7 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c return PM3_ETIMEOUT; } - if ( resp.status != PM3_SUCCESS ) { + if (resp.status != PM3_SUCCESS) { if (verbose) PrintAndLogEx(ERR, "failed to communicate with card"); DropField(); return PM3_EWRONGANSVER; @@ -1381,17 +1381,17 @@ static int WriteBlock(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_c if (resp.data.asBytes[0] == 1) break; - } while (numberAuthRetries); + } while (numberAuthRetries); DropField(); - if ( numberAuthRetries > 0 ) { + if (numberAuthRetries > 0) { PrintAndLogEx(SUCCESS, "Write block %02X successful\n", blockno); } else { - PrintAndLogEx(ERR,"failed to authenticate and write block"); + PrintAndLogEx(ERR, "failed to authenticate and write block"); return PM3_ESOFT; } - + return PM3_SUCCESS; } @@ -1442,7 +1442,7 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) { } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp + 1); if (keyNbr < ICLASS_KEYS_MAX) { - PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8 )); + PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8)); memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLogEx(WARNING, "\nERROR: Credit KeyNbr is invalid\n"); @@ -1469,9 +1469,9 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) { break; } } - if ( got_blockno == false) + if (got_blockno == false) errors = true; - + if (errors || cmdp < 6) return usage_hf_iclass_writeblock(); return WriteBlock(blockno, bldata, KEY, use_credit_key, elite, rawkey, verbose); @@ -1527,7 +1527,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) { } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp + 1); if (keyNbr < ICLASS_KEYS_MAX) { - PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8 )); + PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8)); memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLogEx(WARNING, "\nERROR: Credit KeyNbr is invalid\n"); @@ -1559,7 +1559,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) { break; } } - if ( got_endblk == false || got_startblk == false) + if (got_endblk == false || got_startblk == false) errors = true; if (errors || cmdp < 8) return usage_hf_iclass_clone(); @@ -1570,7 +1570,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) { } int total_bytes = (((endblock - startblock) + 1) * 12); - + if (total_bytes > PM3_CMD_DATA_SIZE - 2) { PrintAndLogEx(NORMAL, "Trying to write too many blocks at once. Max: %d", PM3_CMD_DATA_SIZE / 8); return PM3_EINVARG; @@ -1593,7 +1593,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) { fseek(f, startblock * 8, SEEK_SET); size_t bytes_read = fread(tag_data, sizeof(iclass_block_t), endblock - startblock + 1, f); fclose(f); - + if (bytes_read == 0) { PrintAndLogEx(ERR, "file reading error."); return PM3_EFILE; @@ -1601,14 +1601,14 @@ static int CmdHFiClassCloneTag(const char *Cmd) { uint8_t MAC[4] = {0x00, 0x00, 0x00, 0x00}; uint8_t div_key[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - + int numberAuthRetries = ICLASS_AUTH_RETRY; do { if (select_and_auth(KEY, MAC, div_key, use_credit_key, elite, rawkey, verbose)) break; } while (numberAuthRetries--); - - if ( numberAuthRetries <= 0 ) { + + if (numberAuthRetries <= 0) { PrintAndLogEx(ERR, "failed to authenticate"); DropField(); return PM3_ESOFT; @@ -1618,7 +1618,7 @@ static int CmdHFiClassCloneTag(const char *Cmd) { // calculate all mac for every the block we will write for (i = startblock; i <= endblock; i++) { - + Calc_wb_mac(i, tag_data[i - startblock].d, div_key, MAC); // usb command d start pointer = d + (i - 6) * 12 // memcpy(pointer,tag_data[i - 6],8) 8 bytes @@ -1629,17 +1629,17 @@ static int CmdHFiClassCloneTag(const char *Cmd) { memcpy(ptr + 8, MAC, 4); } - if ( verbose ) { - PrintAndLogEx(NORMAL,"------+--------------------------+-------------"); - PrintAndLogEx(NORMAL,"block | data | mac"); - PrintAndLogEx(NORMAL,"------+--------------------------+-------------"); + if (verbose) { + PrintAndLogEx(NORMAL, "------+--------------------------+-------------"); + PrintAndLogEx(NORMAL, "block | data | mac"); + PrintAndLogEx(NORMAL, "------+--------------------------+-------------"); uint8_t p[12]; for (i = 0; i <= endblock - startblock; i++) { memcpy(p, data + (i * 12), 12); char *s = calloc(70, sizeof(uint8_t)); sprintf(s, "| %s ", sprint_hex(p, 8)); sprintf(s + strlen(s), "| %s", sprint_hex(p + 8, 4)); - PrintAndLogEx(NORMAL, " %02X %s", i + startblock, s ); + PrintAndLogEx(NORMAL, " %02X %s", i + startblock, s); free(s); } } @@ -1649,23 +1649,23 @@ static int CmdHFiClassCloneTag(const char *Cmd) { uint8_t endblock; uint8_t data[PM3_CMD_DATA_SIZE - 2]; } PACKED payload; - + payload.startblock = startblock; - payload.endblock = endblock; + payload.endblock = endblock; memcpy(payload.data, data, total_bytes); - + PacketResponseNG resp; clearCommandBuffer(); - SendCommandNG(CMD_HF_ICLASS_CLONE, (uint8_t*)&payload, total_bytes + 2 ); + SendCommandNG(CMD_HF_ICLASS_CLONE, (uint8_t *)&payload, total_bytes + 2); if (WaitForResponseTimeout(CMD_HF_ICLASS_CLONE, &resp, 4500) == 0) { PrintAndLogEx(WARNING, "command execute timeout"); DropField(); return PM3_ETIMEOUT; } - - if (resp.status == PM3_SUCCESS) { - if ( resp.data.asBytes[0] == 1 ) + + if (resp.status == PM3_SUCCESS) { + if (resp.data.asBytes[0] == 1) PrintAndLogEx(SUCCESS, "Clone successful"); else PrintAndLogEx(WARNING, "Clone failed"); @@ -1678,12 +1678,12 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, int numberAuthRetries = ICLASS_AUTH_RETRY; // return data. struct p { - bool isOK; + bool isOK; uint8_t blockdata[8]; } PACKED; struct p *result = NULL; - + do { // block 0,1 should always be able to read, and block 5 on some cards. if (auth || blockno >= 2) { @@ -1702,25 +1702,25 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, DropField(); continue; } - } - + } + PacketResponseNG resp; clearCommandBuffer(); - SendCommandNG(CMD_HF_ICLASS_READBL, (uint8_t*)&blockno, sizeof(uint8_t)); - + SendCommandNG(CMD_HF_ICLASS_READBL, (uint8_t *)&blockno, sizeof(uint8_t)); + if (WaitForResponseTimeout(CMD_HF_ICLASS_READBL, &resp, 2000) == 0) { if (verbose) PrintAndLogEx(WARNING, "Command execute timeout"); DropField(); return PM3_ETIMEOUT; } - - if ( resp.status != PM3_SUCCESS ) { + + if (resp.status != PM3_SUCCESS) { if (verbose) PrintAndLogEx(ERR, "failed to communicate with card"); DropField(); return PM3_EWRONGANSVER; } - - result = (struct p*)resp.data.asBytes; + + result = (struct p *)resp.data.asBytes; if (result->isOK) break; @@ -1728,8 +1728,8 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite, DropField(); - if ( numberAuthRetries == 0 ) { - PrintAndLogEx(ERR,"failed to authenticate and read block"); + if (numberAuthRetries == 0) { + PrintAndLogEx(ERR, "failed to authenticate and read block"); return PM3_ESOFT; } @@ -1778,7 +1778,7 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) { } else if (dataLen == 1) { keyNbr = param_get8(Cmd, cmdp + 1); if (keyNbr < ICLASS_KEYS_MAX) { - PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8 )); + PrintAndLogEx(SUCCESS, "Using key[%d] %s", keyNbr, sprint_hex(iClass_Key_Table[keyNbr], 8)); memcpy(KEY, iClass_Key_Table[keyNbr], 8); } else { PrintAndLogEx(WARNING, "\nERROR: Credit KeyNbr is invalid\n"); @@ -1805,9 +1805,9 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) { break; } } - if ( got_blockno == false) + if (got_blockno == false) errors = true; - + if (errors || cmdp < 4) return usage_hf_iclass_readblock(); if (!auth) @@ -2815,8 +2815,8 @@ int readIclass(bool loop, bool verbose) { // no tag found or button pressed if ((readStatus == 0 && !loop) || readStatus == 0xFF) { // abort - DropField(); - return PM3_EOPABORTED; + DropField(); + return PM3_EOPABORTED; } if (readStatus & FLAG_ICLASS_READER_CSN) { diff --git a/client/cmdhflist.c b/client/cmdhflist.c index d44ac635c..a359ff07d 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -325,7 +325,7 @@ void annotateIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { void annotateIclass(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { uint8_t c = cmd[0] & 0x0F; uint8_t parity = 0; - for ( uint8_t i=0; i<7; i++) { + for (uint8_t i = 0; i < 7; i++) { parity ^= (cmd[0] >> i) & 1; } @@ -363,7 +363,7 @@ void annotateIclass(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { snprintf(exp, size, "UPDATE(%d)", cmd[1]); break; case ICLASS_CMD_READCHECK: - if ( ICLASS_CREDIT(c) ) { + if (ICLASS_CREDIT(c)) { snprintf(exp, size, "READCHECK[Kc](%d)", cmd[1]); } else { snprintf(exp, size, "READCHECK[Kd](%d)", cmd[1]); diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index baa999128..edd916330 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1780,7 +1780,7 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { // card prng type (weak=1 / hard=0 / select/card comm error = negative value) prng_type = detect_classic_prng(); - if (prng_type < 0){ + if (prng_type < 0) { PrintAndLogEx(FAILED, "\nNo tag detected or other tag communication error"); free(e_sector); return prng_type; diff --git a/client/cmdhfthinfilm.c b/client/cmdhfthinfilm.c index a32aa8f59..3b31d460a 100644 --- a/client/cmdhfthinfilm.c +++ b/client/cmdhfthinfilm.c @@ -64,7 +64,7 @@ static int print_barcode(uint8_t *barcode, const size_t barcode_len, bool verbos } else { PrintAndLogEx(SUCCESS, " Checksum : "_YELLOW_("too few data for checksum")"- " _RED_("fail")); } - PrintAndLogEx(SUCCESS, " Data len (bits) : "_YELLOW_("%i")"- %s", barcode_len*8, (barcode_len==16||barcode_len==32) ? _GREEN_("OK") : _YELLOW_("warning")); + PrintAndLogEx(SUCCESS, " Data len (bits) : "_YELLOW_("%i")"- %s", barcode_len * 8, (barcode_len == 16 || barcode_len == 32) ? _GREEN_("OK") : _YELLOW_("warning")); PrintAndLogEx(SUCCESS, " Raw data : "_YELLOW_("%s"), sprint_hex(barcode, barcode_len)); if (barcode_len < 4) // too few to go to next decoding stages return PM3_ESOFT; diff --git a/client/cmdlfparadox.c b/client/cmdlfparadox.c index 5ef21992b..4cb0d484f 100644 --- a/client/cmdlfparadox.c +++ b/client/cmdlfparadox.c @@ -114,7 +114,7 @@ static int CmdParadoxRead(const char *Cmd) { static int CmdParadoxSim(const char *Cmd) { - PrintAndLogEx(INFO," To be implemented, feel free to contribute!"); + PrintAndLogEx(INFO, " To be implemented, feel free to contribute!"); return PM3_SUCCESS; } /* From f1307e703cf514e1d6b6dc6eba7fe28d1dcc802e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 16:32:37 +0200 Subject: [PATCH 08/10] style --- client/cmdlft55xx.c | 76 ++++++++++++++++++++++----------------------- client/cmdtrace.c | 8 ++--- client/proxmark3.c | 14 ++++----- 3 files changed, 49 insertions(+), 49 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index cefb40cc6..8240fa106 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -482,8 +482,8 @@ static int CmdT55xxReadBlock(const char *Cmd) { case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); if (downlink_mode > 3) - downlink_mode = 0; - + downlink_mode = 0; + cmdp += 2; break; @@ -649,10 +649,10 @@ static int CmdT55xxDetect(const char *Cmd) { return PM3_ESOFT; if (useGB == false) { - if ( try_all_dl_modes ) { + if (try_all_dl_modes) { for (uint8_t mode = 0; mode < 4; mode++) { - - if ( AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, mode) == false ) { + + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, mode) == false) { continue; } @@ -663,8 +663,8 @@ static int CmdT55xxDetect(const char *Cmd) { } return PM3_ESOFT; } else { - if ( AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode) == false ) - return PM3_ENODATA; + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode) == false) + return PM3_ENODATA; } } @@ -1132,9 +1132,9 @@ static int CmdT55xxWakeUp(const char *Cmd) { break; case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 3) + if (downlink_mode > 3) downlink_mode = 0; - + cmdp += 2; break; default: @@ -1150,17 +1150,17 @@ static int CmdT55xxWakeUp(const char *Cmd) { uint32_t password; uint8_t flags; } PACKED payload; - + payload.password = password; - payload.flags = (downlink_mode & 3) << 3; - + payload.flags = (downlink_mode & 3) << 3; + clearCommandBuffer(); SendCommandNG(CMD_LF_T55XX_WAKEUP, (uint8_t *)&payload, sizeof(payload)); if (!WaitForResponseTimeout(CMD_LF_T55XX_WAKEUP, NULL, 1000)) { PrintAndLogEx(WARNING, "command execution time out"); return PM3_ETIMEOUT; } - + PrintAndLogEx(SUCCESS, "Wake up command sent. Try read now"); return PM3_SUCCESS; } @@ -1212,7 +1212,7 @@ static int CmdT55xxWriteBlock(const char *Cmd) { downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); if (downlink_mode > 3) downlink_mode = 0; - + cmdp += 2; break; default: @@ -1273,9 +1273,9 @@ static int CmdT55xxReadTrace(const char *Cmd) { return usage_t55xx_trace(); case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 3) + if (downlink_mode > 3) downlink_mode = 0; - + cmdp += 2; break; case '1': @@ -1302,7 +1302,7 @@ static int CmdT55xxReadTrace(const char *Cmd) { if (!AquireData(T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password, downlink_mode)) return PM3_ENODATA; } - + if (config.Q5) { if (!DecodeT5555TraceBlock()) return PM3_ESOFT; } else { @@ -1570,9 +1570,9 @@ static int CmdT55xxInfo(const char *Cmd) { break; case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 3) + if (downlink_mode > 3) downlink_mode = 0; - + cmdp += 2; break; default: @@ -1594,7 +1594,7 @@ static int CmdT55xxInfo(const char *Cmd) { if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode)) return PM3_ENODATA; } - + if (!gotdata) { if (!DecodeT55xxBlock()) return PM3_ESOFT; @@ -1697,10 +1697,10 @@ static int CmdT55xxDump(const char *Cmd) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { case 'h': - return usage_t55xx_dump(); + return usage_t55xx_dump(); case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 3) + if (downlink_mode > 3) downlink_mode = 0; cmdp += 2; @@ -2027,9 +2027,9 @@ static int CmdResetRead(const char *Cmd) { return usage_t55xx_resetread(); case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 3) + if (downlink_mode > 3) downlink_mode = 0; - + cmdp += 2; break; default: @@ -2042,9 +2042,9 @@ static int CmdResetRead(const char *Cmd) { if (errors) return usage_t55xx_resetread(); PrintAndLogEx(INFO, "DL : %d\n", downlink_mode); - + flags = downlink_mode << 3; - + clearCommandBuffer(); SendCommandNG(CMD_LF_T55XX_RESET_READ, &flags, sizeof(flags)); if (!WaitForResponseTimeout(CMD_ACK, NULL, 2500)) { @@ -2153,7 +2153,7 @@ static int CmdT55xxChkPwds(const char *Cmd) { return usage_t55xx_chk(); case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode >= 4) { + if (downlink_mode >= 4) { try_all_dl_modes = true; downlink_mode = 4; } @@ -2164,7 +2164,7 @@ static int CmdT55xxChkPwds(const char *Cmd) { cmdp++; break; case 'i': - if ( param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)) == 0 ) { + if (param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)) == 0) { PrintAndLogEx(ERR, "Error, no filename after 'f' was found"); errors = true; } @@ -2305,9 +2305,9 @@ static int CmdT55xxBruteForce(const char *Cmd) { return usage_t55xx_bruteforce(); case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 4) + if (downlink_mode > 4) downlink_mode = 0; - + cmdp += 2; break; case 's': @@ -2415,9 +2415,9 @@ static int CmdT55xxRecoverPW(const char *Cmd) { break; case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 4) + if (downlink_mode > 4) downlink_mode = 0; - + cmdp += 2; break; default: @@ -2644,12 +2644,12 @@ static int CmdT55xxDetectPage1(const char *Cmd) { break; case 'r': downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode == 4) + if (downlink_mode == 4) try_all_dl_modes = true; - + if (downlink_mode > 3) downlink_mode = 0; - + cmdp += 2; break; default: @@ -2725,10 +2725,10 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) { cmdp += 2; break; case 'r': - downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); - if (downlink_mode > 3) + downlink_mode = param_get8ex(Cmd, cmdp + 1, 0, 10); + if (downlink_mode > 3) downlink_mode = 0; - + cmdp += 2; break; case 'p': diff --git a/client/cmdtrace.c b/client/cmdtrace.c index 010621498..79e7c6169 100644 --- a/client/cmdtrace.c +++ b/client/cmdtrace.c @@ -303,18 +303,18 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr && (oddparity8(frame[j]) != ((parityBits >> (7 - (j & 0x0007))) & 0x01))) { snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x! ", frame[j]); - } else if ( protocol == ICLASS && isResponse == false) { + } else if (protocol == ICLASS && isResponse == false) { uint8_t parity = 0; - for (int i=0; i<6; i++) { + for (int i = 0; i < 6; i++) { parity ^= ((frame[0] >> i) & 1); } - if ( parity == ((frame[0] >> 7) & 1)) { + if (parity == ((frame[0] >> 7) & 1)) { snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x ", frame[j]); } else { snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x! ", frame[j]); } - } else { + } else { snprintf(line[j / 18] + ((j % 18) * 4), 110, "%02x ", frame[j]); } diff --git a/client/proxmark3.c b/client/proxmark3.c index 2ff94b841..f28e14063 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -368,13 +368,13 @@ static void show_help(bool showFullHelp, char *exec_name) { PrintAndLogEx(NORMAL, "\n to flash fullimage and bootloader:\n"); PrintAndLogEx(NORMAL, " %s "SERIAL_PORT_EXAMPLE_H" --flash --unlock-bootloader --image bootrom.elf --image fullimage.elf", exec_name); #ifdef __linux__ - PrintAndLogEx(NORMAL, "\nNote (Linux):\nif the flasher gets stuck in 'Waiting for Proxmark3 to reappear on ',"); - PrintAndLogEx(NORMAL, "you need to blacklist Proxmark3 for modem-manager - see documentation for more details:"); - PrintAndLogEx(NORMAL, "* https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md"); - PrintAndLogEx(NORMAL, "\nMore info on flashing procedure from the official Proxmark3 wiki:"); - PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Gentoo%%20Linux"); - PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Ubuntu%%20Linux"); - PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/OSX\n"); + PrintAndLogEx(NORMAL, "\nNote (Linux):\nif the flasher gets stuck in 'Waiting for Proxmark3 to reappear on ',"); + PrintAndLogEx(NORMAL, "you need to blacklist Proxmark3 for modem-manager - see documentation for more details:"); + PrintAndLogEx(NORMAL, "* https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md"); + PrintAndLogEx(NORMAL, "\nMore info on flashing procedure from the official Proxmark3 wiki:"); + PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Gentoo%%20Linux"); + PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/Ubuntu%%20Linux"); + PrintAndLogEx(NORMAL, "* https://github.com/Proxmark/proxmark3/wiki/OSX\n"); #endif } } From af02ee871d6b3e25bf6cc30fa9bf5b9e29b519d8 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 20:50:00 +0200 Subject: [PATCH 09/10] chg: 'lf t55xx info c' - renamed from "d" to "c", takes a block0 and print info. chg: 'lf t55xx config c' - now takes a block0 and use as configuration. usage: lf t55xx config c 000880E8 lf t55xx info c 000880E8 --- client/cmdlft55xx.c | 72 ++++++++++++++++++++++++++++++++++++++------- client/cmdlft55xx.h | 1 + 2 files changed, 62 insertions(+), 11 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 8240fa106..b3d2d594f 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -36,8 +36,17 @@ #define T55XX_DLMODE_1OF4 3 // 1 of 4 #define T55XX_LONGLEADINGREFERENCE 4 // Value to tell Write Bit to send long reference +//static uint8_t bit_rates[9] = {8, 16, 32, 40, 50, 64, 100, 128, 0}; + // Default configuration -t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = false, .offset = 0x00, .block0 = 0x00, .Q5 = false }; +t55xx_conf_block_t config = { + .modulation = DEMOD_ASK, + .inverted = false, + .offset = 0x00, + .block0 = 0x00, + .Q5 = false, + .usepwd = false + }; t55xx_conf_block_t Get_t55xx_Config() { return config; @@ -55,9 +64,10 @@ static void print_usage_t55xx_downloadlink(void) { } static int usage_t55xx_config() { - PrintAndLogEx(NORMAL, "Usage: lf t55xx config [d ] [i [0/1]] [o ] [Q5 [0/1]] [ST [0/1]]"); + PrintAndLogEx(NORMAL, "Usage: lf t55xx config [c ] [d ] [i [0/1]] [o ] [Q5 [0/1]] [ST [0/1]]"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - This help"); + PrintAndLogEx(NORMAL, " c - set configuration from a block0"); PrintAndLogEx(NORMAL, " b <8|16|32|40|50|64|100|128> - Set bitrate"); PrintAndLogEx(NORMAL, " d - Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A"); PrintAndLogEx(NORMAL, " i [0/1] - Set/reset data signal inversion"); @@ -131,14 +141,14 @@ static int usage_t55xx_trace() { return PM3_SUCCESS; } static int usage_t55xx_info() { - PrintAndLogEx(NORMAL, "Usage: lf t55xx info [1] [r ] [d [q]]"); + PrintAndLogEx(NORMAL, "Usage: lf t55xx info [1] [r ] [c [q]]"); PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " (default) - read data from tag."); - PrintAndLogEx(NORMAL, " p - OPTIONAL password 4bytes (8 hex symbols)"); - PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer instead of reading tag."); - PrintAndLogEx(NORMAL, " d - 4 bytes of data (8 hex characters)"); + PrintAndLogEx(NORMAL, " (default) - read data from tag."); + PrintAndLogEx(NORMAL, " p - OPTIONAL password 4bytes (8 hex symbols)"); + PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer instead of reading tag."); + PrintAndLogEx(NORMAL, " c - set configuration from a block0"); PrintAndLogEx(NORMAL, " if set, use these data instead of reading tag."); - PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config."); + PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config."); print_usage_t55xx_downloadlink(); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); @@ -312,6 +322,9 @@ static int CmdT55xxSetConfig(const char *Cmd) { uint8_t rates[9] = {8, 16, 32, 40, 50, 64, 100, 128, 0}; uint8_t cmdp = 0; bool errors = false; + uint32_t block0 = 0; + bool gotconf = false; + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { char tmp = tolower(param_getchar(Cmd, cmdp)); switch (tmp) { @@ -331,6 +344,11 @@ static int CmdT55xxSetConfig(const char *Cmd) { } cmdp += 2; break; + case 'c': + block0 = param_get32ex(Cmd, cmdp + 1, 0, 16); + gotconf = true; + cmdp += 2; + break; case 'd': param_getstr(Cmd, cmdp + 1, modulation, sizeof(modulation)); cmdp += 2; @@ -413,7 +431,36 @@ static int CmdT55xxSetConfig(const char *Cmd) { //Validations if (errors) return usage_t55xx_config(); - config.block0 = 0; + if ( gotconf ) { + + // Q5 + + + // T55x7 + uint32_t extend = (block0 >> (32 - 15)) & 0x01; + uint32_t dbr; + if (extend) + dbr = (block0 >> (32 - 14)) & 0x3F; + else + dbr = (block0 >> (32 - 14)) & 0x07; + + uint32_t datamod = (block0 >> (32 - 20)) & 0x1F; + bool pwd = (bool)((block0 >> (32 - 28)) & 0x01); + bool sst = (bool)((block0 >> (32 - 29)) & 0x01); + bool inv = (bool)((block0 >> (32 - 31)) & 0x01); + + config.modulation = datamod; + config.bitrate = dbr; + config.inverted = inv; + config.Q5 = 0; + config.ST = sst; + config.usepwd = pwd; + config.offset = 0; + config.block0 = block0; + } else { + config.block0 = 0; + } + return printConfiguration(config); } @@ -1014,11 +1061,14 @@ static bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk) si += 3; //uint8_t ST = PackBits(si, 1, DemodBuffer); si += 1; if (maxBlk == 0) continue; + //test modulation if (!testQ5Modulation(mode, modread)) continue; if (bitRate != clk) continue; + *fndBitRate = convertQ5bitRate(bitRate); if (*fndBitRate < 0) continue; + *offset = idx; return true; @@ -1550,7 +1600,7 @@ static int CmdT55xxInfo(const char *Cmd) { switch (tolower(param_getchar(Cmd, cmdp))) { case 'h': return usage_t55xx_info(); - case 'd': + case 'c': block0 = param_get32ex(Cmd, cmdp + 1, 0, 16); gotdata = true; cmdp += 2; @@ -1602,7 +1652,7 @@ static int CmdT55xxInfo(const char *Cmd) { if (DemodBufferLen < 32 + config.offset) return PM3_ESOFT; //PrintAndLogEx(NORMAL, "Offset+32 ==%d\n DemodLen == %d", config.offset + 32, DemodBufferLen); - block0 = PackBits(config.offset, 32, DemodBuffer); + block0 = PackBits(config.offset, 32, DemodBuffer); } PrintAndLogEx(NORMAL, ""); diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h index 668b23be3..3764a529c 100644 --- a/client/cmdlft55xx.h +++ b/client/cmdlft55xx.h @@ -116,6 +116,7 @@ typedef struct { } bitrate; bool Q5; bool ST; + bool usepwd; } t55xx_conf_block_t; t55xx_conf_block_t Get_t55xx_Config(void); From 250be16876aec6876f99aeb32d0ed7d056ae8e5c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 13 Sep 2019 21:25:39 +0200 Subject: [PATCH 10/10] chg: 'lf t55 write v' - validation of data. After a write, the command tries to read the block and see if it matches the data entered. This can fail because of password, not correct configuration settings before. Also validating a block0 write is harder, some modulations are not that perfect. This is however a nice step forward. --- client/cmdlft55xx.c | 64 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index b3d2d594f..7623fd5e6 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -113,18 +113,20 @@ static int usage_t55xx_resetread() { return PM3_SUCCESS; } static int usage_t55xx_write() { - PrintAndLogEx(NORMAL, "Usage: lf t55xx write [r ] b d [p ] [1] [t]"); + PrintAndLogEx(NORMAL, "Usage: lf t55xx write [r ] b d [p ] [1] [t] [v]"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " b - block number to write. Between 0-7"); PrintAndLogEx(NORMAL, " d - 4 bytes of data to write (8 hex characters)"); PrintAndLogEx(NORMAL, " p - OPTIONAL password 4bytes (8 hex characters)"); PrintAndLogEx(NORMAL, " 1 - OPTIONAL write Page 1 instead of Page 0"); PrintAndLogEx(NORMAL, " t - OPTIONAL test mode write - ****DANGER****"); + PrintAndLogEx(NORMAL, " v - OPTIONAL validate data afterwards"); print_usage_t55xx_downloadlink(); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 - write 11223344 to block 3"); PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 p feedbeef - write 11223344 to block 3 password feedbeef"); + PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 v - write 11223344 to block 3 and try to validate data"); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -306,6 +308,48 @@ static int usage_lf_deviceconfig() { static int CmdHelp(const char *Cmd); +static bool t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) { + + //Password mode + if (usepwd) { + // try reading the config block and verify that PWD bit is set before doing this! + if (override == 0) { + if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0, downlink_mode) == false) + return false; + + if (tryDetectModulation() == false) { + PrintAndLogEx(NORMAL, "Safety Check: Could not detect if PWD bit is set in config block. Exits."); + return false; + } else { + PrintAndLogEx(NORMAL, "Safety Check: PWD bit is NOT set in config block. Reading without password..."); + usepwd = false; + } + } else if (override == 1) { + PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk"); + } + } + + if (AquireData(page1, block, usepwd, password, downlink_mode) == false) + return false; + + if (block == 0 && page1 == false) { + if (tryDetectModulation() == false) { + PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'"); + return false; + } + } + + if (DecodeT55xxBlock() == false) + return false; + + // compare... + uint32_t readblock = 0; + if (GetT55xxBlockData(&readblock) == false) + return false; + + return (readblock == data); +} + void printT5xxHeader(uint8_t page) { PrintAndLogEx(NORMAL, "Reading Page %d:", page); PrintAndLogEx(NORMAL, "blk | hex data | binary | ascii"); @@ -1224,6 +1268,7 @@ static int CmdT55xxWriteBlock(const char *Cmd) { bool gotdata = false; bool testMode = false; bool errors = false; + bool validate = false; uint8_t cmdp = 0; uint32_t downlink_mode = 0; @@ -1265,6 +1310,10 @@ static int CmdT55xxWriteBlock(const char *Cmd) { cmdp += 2; break; + case 'v': + validate = true; + cmdp++; + break; default: PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); errors = true; @@ -1285,8 +1334,6 @@ static int CmdT55xxWriteBlock(const char *Cmd) { PrintAndLogEx(INFO, "Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : ""); - clearCommandBuffer(); - /* OLD style arg0 = data, (4 bytes) @@ -1303,11 +1350,22 @@ static int CmdT55xxWriteBlock(const char *Cmd) { ng.blockno = block; ng.flags = flags; + clearCommandBuffer(); SendCommandNG(CMD_LF_T55XX_WRITEBL, (uint8_t *)&ng, sizeof(ng)); if (!WaitForResponseTimeout(CMD_LF_T55XX_WRITEBL, &resp, 2000)) { PrintAndLogEx(ERR, "Error occurred, device did not ACK write operation. (May be due to old firmware)"); return PM3_ETIMEOUT; } + + if (validate) { +//t55xxVerifyWrite( uint8_t block, bool page1, bool usepwd, uint8_t override, uint32_t password, uint8_t downlink_mode, uint32_t data) { + bool isOK = t55xxVerifyWrite(block, page1, usepwd, 1, password, downlink_mode, data); + if (isOK) + PrintAndLogEx(SUCCESS, "Write OK, validation succesful"); + else + PrintAndLogEx(WARNING, "Write could not validate the written data"); + } + return PM3_SUCCESS; }