github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

use piffs instead of direct writing to flash memory

Browse source
This commit is contained in:
tharexde 2020-12-04 22:38:48 +01:00
commit 952845722c
2 changed files with 36 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

41
armsrc/em4x50.c
View file

@ -17,6 +17,7 @@
#include "em4x50.h" #include "em4x50.h"
#include "flashmem.h" #include "flashmem.h"
#include "BigBuf.h" #include "BigBuf.h"
#include "spiffs.h"
#include "appmain.h" // tear #include "appmain.h" // tear
// Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK) // Sam7s has several timers, we will use the source TIMER_CLOCK1 (aka AT91C_TC_CLKS_TIMER_DIV1_CLOCK)
@ -916,41 +917,33 @@ void em4x50_brute(em4x50_data_t *etd) {
reply_ng(CMD_LF_EM4X50_BRUTE, bsuccess, (uint8_t *)(&pwd), 32); reply_ng(CMD_LF_EM4X50_BRUTE, bsuccess, (uint8_t *)(&pwd), 32);
} }
void em4x50_chk(uint32_t *offset) { void em4x50_chk(uint8_t *filename) {
// check passwords from dictionary content in flash memory // check passwords from dictionary content in flash memory
int status = PM3_EFAILED; int status = PM3_EFAILED;
uint8_t counter[2] = {0x00, 0x00};
uint16_t isok = 0;
uint16_t pwd_count = 0; uint16_t pwd_count = 0;
uint16_t pwd_size_available = 0;
uint32_t pwd = 0x0; uint32_t pwd = 0x0;
uint8_t *pwds = BigBuf_get_EM_addr();
#ifdef WITH_FLASH
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Note: we call FpgaDownloadAndGo(FPGA_BITSTREAM_LF) here although FPGA is not // without calling FpgaDownloadAndGo the initial em4x50_chk call doesn't find
// involved in dealing with emulator memory. But if it is called later, it will // a password (altough the correct password is in the dictionary)
// destroy the Emulator Memory.
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
BigBuf_Clear_EM(); BigBuf_free();
// initialize passwords and get number of passwords int changed = rdv40_spiffs_lazy_mount();
if (Flash_ReadData(*offset, counter, sizeof(counter)) != sizeof(counter)) uint32_t size = size_in_spiffs((char *)filename);
goto OUT; pwd_count = size / 4;
uint8_t *pwds = BigBuf_malloc(size);
pwd_count = (uint16_t)(counter[1] << 8 | counter[0]); rdv40_spiffs_read_as_filetype((char *)filename, pwds, size, RDV40_SPIFFS_SAFETY_SAFE);
if (pwd_count == 0)
goto OUT; if (changed)
rdv40_spiffs_lazy_unmount();
pwd_size_available = 4 * pwd_count;
isok = Flash_ReadData(*offset + 2, pwds, pwd_size_available);
if (isok != pwd_size_available)
goto OUT;
em4x50_setup_read(); em4x50_setup_read();
// set gHigh and gLow // set gHigh and gLow
@ -975,8 +968,10 @@ void em4x50_chk(uint32_t *offset) {
} }
} }
OUT: BigBuf_free();
#endif
lf_finalize(); lf_finalize();
reply_ng(CMD_LF_EM4X50_CHK, status, (uint8_t *)&pwd, 32); reply_ng(CMD_LF_EM4X50_CHK, status, (uint8_t *)&pwd, 32);
} }

70
client/src/cmdlfem4x50.c
View file

@ -13,6 +13,8 @@
#include "fileutils.h" #include "fileutils.h"
#include "commonutil.h" #include "commonutil.h"
#include "pmflash.h" #include "pmflash.h"
#include "cmdflashmemspiffs.h"
#include "cmdparser.h"
#define CARD_MEMORY_SIZE 4096 #define CARD_MEMORY_SIZE 4096
@ -171,6 +173,7 @@ static void em4x50_seteml(uint8_t *src, uint32_t offset, uint32_t numofbytes) {
} }
} }
static int em4x50_wipe_flash(int page) { static int em4x50_wipe_flash(int page) {
int isok = 0; int isok = 0;
@ -193,6 +196,7 @@ static int em4x50_wipe_flash(int page) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int em4x50_write_flash(uint8_t *data, int offset, size_t datalen) { static int em4x50_write_flash(uint8_t *data, int offset, size_t datalen) {
int isok = 0; int isok = 0;
@ -448,19 +452,18 @@ int CmdEM4x50Brute(const char *Cmd) {
int CmdEM4x50Chk(const char *Cmd) { int CmdEM4x50Chk(const char *Cmd) {
// upload passwords from given dictionary to flash memory and // upload passwords from given dictionary to device and start check;
// start password check;
// if no filename is given dictionary "t55xx_default_pwds.dic" is used // if no filename is given dictionary "t55xx_default_pwds.dic" is used
int status = PM3_EFAILED; int status = PM3_EFAILED;
int res = 0, slen = 0; int res = 0, slen = 0;
int keys_remain = 0;
int block_count = 1;
size_t datalen = 0; size_t datalen = 0;
uint8_t data[FLASH_MEM_MAX_SIZE] = {0x0}; uint8_t data[FLASH_MEM_MAX_SIZE] = {0x0};
uint8_t *keys = data; uint8_t *keys = data;
uint32_t key_count = 0, offset = 0; uint32_t key_count = 0, offset = 0;
char filename[FILE_PATH_SIZE] = {0}; char filename[FILE_PATH_SIZE] = {0};
uint8_t destfn[32] = "em4x50_chk.bin";
PacketResponseNG resp; PacketResponseNG resp;
CLIParserContext *ctx; CLIParserContext *ctx;
@ -487,63 +490,26 @@ int CmdEM4x50Chk(const char *Cmd) {
PrintAndLogEx(INFO, "treating file as T55xx keys"); PrintAndLogEx(INFO, "treating file as T55xx keys");
} }
res = loadFileDICTIONARY(filename, data + 2, &datalen, 4, &key_count); res = loadFileDICTIONARY(filename, data, &datalen, 4, &key_count);
if (res || !key_count) if (res || !key_count)
return PM3_EFILE; return PM3_EFILE;
PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button"); PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
if (datalen > CARD_MEMORY_SIZE) {
// we have to use more than one block of passwords if (IfPm3Flash()) {
block_count = (4 * key_count) / CARD_MEMORY_SIZE; // upload to flash.
keys_remain = key_count - block_count * CARD_MEMORY_SIZE / 4; res = flashmem_spiffs_load(destfn, keys, datalen + 2);
if (keys_remain != 0)
block_count++;
// adjust pwd_size_available and pwd_count
datalen = CARD_MEMORY_SIZE;
key_count = datalen / 4;
PrintAndLogEx(INFO, "Keys subdivided into %i blocks", block_count);
}
for (int n = 0; n < block_count; n++) {
// adjust parameters if more than 1 block
if (n != 0) {
keys += datalen;
// final run with remaining passwords
if (n == block_count - 1) {
key_count = keys_remain;
datalen = 4 * keys_remain;
}
}
keys[0] = (key_count >> 0) & 0xFF;
keys[1] = (key_count >> 8) & 0xFF;
PrintAndLogEx(INPLACE, "Checking block #%i (%i keys)", n + 1, key_count);
// send to device
res = em4x50_write_flash(keys, offset, datalen + 2);
if (res != PM3_SUCCESS) { if (res != PM3_SUCCESS) {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(WARNING, "\nSPIFFS upload failed");
PrintAndLogEx(WARNING, "Error uploading to flash.");
return res; return res;
} }
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_CHK, (uint8_t *)&offset, sizeof(offset));
WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false);
status = resp.status;
if ((status == PM3_SUCCESS) || (status == PM3_EOPABORTED))
break;
} }
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_CHK, destfn, sizeof(destfn));
WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false);
status = resp.status;
// print response // print response
if (status == PM3_SUCCESS) { if (status == PM3_SUCCESS) {