From 52cb9007947121d26cb1887d65f85e3bbbcb909e Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:52:10 +0200 Subject: [PATCH 01/12] added new function 4x50_bruteforce --- include/pm3_cmd.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index 6cacc5ef1..f97be2a06 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -493,6 +493,7 @@ typedef struct { #define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242 #define CMD_LF_EM4X50_READ 0x0243 #define CMD_LF_EM4X50_WIPE 0x0244 +#define CMD_LF_EM4X50_BRUTEFORCE 0x0245 // Sampling configuration for LF reader/sniffer #define CMD_LF_SAMPLING_SET_CONFIG 0x021D #define CMD_LF_FSK_SIMULATE 0x021E From e8abcb9b2313a23c9a7ddb751d5efa41f07eed25 Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:53:09 +0200 Subject: [PATCH 02/12] two more entries for new function 4x50_bruteforce --- include/em4x50.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/em4x50.h b/include/em4x50.h index b70072c32..240a4c41c 100644 --- a/include/em4x50.h +++ b/include/em4x50.h @@ -49,6 +49,8 @@ typedef struct { uint8_t addresses[4]; uint8_t address; uint8_t word[4]; + uint32_t start_password; + uint32_t stop_password; } em4x50_data_t; typedef struct { From d0d6317c33d95a22b6c28a815816184920a60b6f Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:53:52 +0200 Subject: [PATCH 03/12] added new function reflect32 --- common/commonutil.c | 18 +++++++++++++++++- common/commonutil.h | 1 + 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/common/commonutil.c b/common/commonutil.c index 9be805f31..7da41e807 100644 --- a/common/commonutil.c +++ b/common/commonutil.c @@ -97,6 +97,22 @@ uint16_t reflect16(uint16_t b) { return v; } +uint32_t reflect32(uint32_t b) { + // https://graphics.stanford.edu/~seander/bithacks.html#BitReverseTable + uint32_t v = b; // 32-bit word to reverse bit order + // swap odd and even bits + v = ((v >> 1) & 0x55555555) | ((v & 0x55555555) << 1); + // swap consecutive pairs + v = ((v >> 2) & 0x33333333) | ((v & 0x33333333) << 2); + // swap nibbles ... + v = ((v >> 4) & 0x0F0F0F0F) | ((v & 0x0F0F0F0F) << 4); + // swap bytes + v = ((v >> 8) & 0x00FF00FF) | ((v & 0x00FF00FF) << 8); + // swap 2-byte long pairs + v = ( v >> 16 ) | ( v << 16); + return v; +} + void num_to_bytes(uint64_t n, size_t len, uint8_t *dest) { while (len--) { dest[len] = (uint8_t) n; @@ -153,4 +169,4 @@ uint32_t rotl(uint32_t a, uint8_t n) { uint32_t rotr(uint32_t a, uint8_t n) { n &= 31; return (a >> n) | (a << (32 - n)); -} \ No newline at end of file +} diff --git a/common/commonutil.h b/common/commonutil.h index 6bf330e7c..4ba65d171 100644 --- a/common/commonutil.h +++ b/common/commonutil.h @@ -47,6 +47,7 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers uint32_t reflect(uint32_t v, int b); // used in crc.c ... uint8_t reflect8(uint8_t b); // dedicated 8bit reversal uint16_t reflect16(uint16_t b); // dedicated 16bit reversal +uint32_t reflect32(uint32_t b); // dedicated 32bit reversal void num_to_bytes(uint64_t n, size_t len, uint8_t *dest); uint64_t bytes_to_num(uint8_t *src, size_t len); From 1e75ddfff8833941762c6b6c7d840357ac49de59 Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:54:54 +0200 Subject: [PATCH 04/12] new entry for function 4x50_bruteforce --- armsrc/em4x50.h | 1 + 1 file changed, 1 insertion(+) diff --git a/armsrc/em4x50.h b/armsrc/em4x50.h index f9f1375f2..71e1371f6 100644 --- a/armsrc/em4x50.h +++ b/armsrc/em4x50.h @@ -22,5 +22,6 @@ void em4x50_write(em4x50_data_t *etd); void em4x50_write_password(em4x50_data_t *etd); void em4x50_read(em4x50_data_t *etd); void em4x50_wipe(em4x50_data_t *etd); +void em4x50_bruteforce(em4x50_data_t *etd); #endif /* EM4X50_H */ From 1492d38bd3ca38f34f345981bab726e42650c6eb Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:55:35 +0200 Subject: [PATCH 05/12] new entry for function 4x50_bruteforce --- client/src/cmdlfem4x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdlfem4x.c b/client/src/cmdlfem4x.c index 3b00686b1..efc0bb322 100644 --- a/client/src/cmdlfem4x.c +++ b/client/src/cmdlfem4x.c @@ -1398,6 +1398,7 @@ static command_t CommandTable[] = { {"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"}, {"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"}, {"4x50_wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe data from EM4x50"}, + {"4x50_bruteforce", CmdEM4x50BruteForce, IfPm3EM4x50, "guess password of EM4x50"}, {NULL, NULL, NULL, NULL} }; From 38f88c1e4fbc0fdea6f3331a96eb2ce4152b38da Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:55:59 +0200 Subject: [PATCH 06/12] new function 4x50_bruteforce --- armsrc/em4x50.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 71 insertions(+), 3 deletions(-) diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index 3f0ad9b6b..dbc05a836 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -1003,9 +1003,11 @@ void em4x50_write(em4x50_data_t *etd) { void em4x50_write_password(em4x50_data_t *etd) { - // sinmple change of password + // simple change of password bool bsuccess = false; + uint8_t rpwd[4] = {0x0, 0x0, 0x0, 0x0}; + uint8_t rnewpwd[4] = {0x0, 0x0, 0x0, 0x0}; init_tag(); em4x50_setup_read(); @@ -1013,9 +1015,20 @@ void em4x50_write_password(em4x50_data_t *etd) { // set gHigh and gLow if (get_signalproperties() && find_em4x50_tag()) { + // lsb -> msb + rpwd[0] = reflect8(etd->password[3]); + rpwd[1] = reflect8(etd->password[2]); + rpwd[2] = reflect8(etd->password[1]); + rpwd[3] = reflect8(etd->password[0]); + + rnewpwd[0] = reflect8(etd->new_password[3]); + rnewpwd[1] = reflect8(etd->new_password[2]); + rnewpwd[2] = reflect8(etd->new_password[1]); + rnewpwd[3] = reflect8(etd->new_password[0]); + // login and change password - if (login(etd->password)) { - bsuccess = write_password(etd->password, etd->new_password); + if (login(rpwd)) { + bsuccess = write_password(rpwd, rnewpwd); } } @@ -1080,3 +1093,58 @@ void em4x50_wipe(em4x50_data_t *etd) { lf_finalize(); reply_ng(CMD_ACK, bsuccess, (uint8_t *)tag.sectors, 238); } + +void em4x50_bruteforce(em4x50_data_t *etd) { + + // searching for password in given range + + bool bsuccess = false; + int cnt = 0; + uint8_t bytes[4] ={0x0, 0x0, 0x0, 0x0}; + uint32_t pwd = 0x0, rpwd = 0x0; + + init_tag(); + em4x50_setup_read(); + + // set gHigh and gLow + if (get_signalproperties() && find_em4x50_tag()) { + + for (pwd = etd->start_password; pwd <= etd->stop_password; pwd++) { + + // lsb -> msb + rpwd = reflect32(pwd); + + for (int i = 0; i < 4; i++) + bytes[i] = (rpwd >> ((3 - i) * 8)) & 0xFF; + + if (login(bytes)) { + bsuccess = true; + break; + } + + // print password every 500 iterations + if ((++cnt % 500) == 0) { + + // print header + if (cnt == 500) { + Dbprintf(""); + Dbprintf("|---------+------------+------------|"); + Dbprintf("| no. | pwd (lsb) | pwd (msb) |"); + Dbprintf("|---------+------------+------------|"); + } + + // print data + Dbprintf("|%8i | 0x%08x | 0x%08x |", cnt, pwd, rpwd); + } + + if (BUTTON_PRESS()) + break; + } + + // print footer + Dbprintf("|---------+------------+------------|"); + } + + lf_finalize(); + reply_ng(CMD_ACK, bsuccess, (uint8_t *)(&pwd), 32); +} From 688a2e741cda1c9ee7d3135465147057b75764a5 Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:56:18 +0200 Subject: [PATCH 07/12] new entry for function 4x50_bruteforce --- client/src/cmdlfem4x50.h | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdlfem4x50.h b/client/src/cmdlfem4x50.h index 01417aa1e..6e1815c87 100644 --- a/client/src/cmdlfem4x50.h +++ b/client/src/cmdlfem4x50.h @@ -24,5 +24,6 @@ int CmdEM4x50WritePassword(const char *Cmd); int CmdEM4x50Read(const char *Cmd); int CmdEM4x50Dump(const char *Cmd); int CmdEM4x50Wipe(const char *Cmd); +int CmdEM4x50BruteForce(const char *Cmd); #endif From 55ba7c695d009aba251c7b4dbaae662c0dca24ff Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:58:13 +0200 Subject: [PATCH 08/12] new function CmdEM4x50BruteForce + hint for lsb notation regarding CmdEM450WritePassword --- client/src/cmdlfem4x50.c | 79 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 4 deletions(-) diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index 124ffe8c0..a87ec2927 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -37,8 +37,8 @@ static int usage_lf_em4x50_write(void) { PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " a - memory address to write to (dec)"); - PrintAndLogEx(NORMAL, " w - word to write (hex)"); - PrintAndLogEx(NORMAL, " p - password (hex) (optional)"); + PrintAndLogEx(NORMAL, " w - word to write (hex, lsb notation)"); + PrintAndLogEx(NORMAL, " p - password (hex, lsb notation) (optional)"); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_write a 3 w deadc0de")); PrintAndLogEx(NORMAL, ""); @@ -50,8 +50,8 @@ static int usage_lf_em4x50_write_password(void) { PrintAndLogEx(NORMAL, "Usage: lf em 4x50_write_password [h] [p ] [n ]"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - this help"); - PrintAndLogEx(NORMAL, " p - password (hex)"); - PrintAndLogEx(NORMAL, " n - new password (hex)"); + PrintAndLogEx(NORMAL, " p - password (hex, lsb notation)"); + PrintAndLogEx(NORMAL, " n - new password (hex, lsb notation)"); PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_write_password p 11223344 n 01020304")); PrintAndLogEx(NORMAL, ""); @@ -97,6 +97,19 @@ static int usage_lf_em4x50_wipe(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } +static int usage_lf_em4x50_bruteforce(void) { + PrintAndLogEx(NORMAL, "Guess password of EM4x50 tag. Tag must be on antenna. "); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_bruteforce [h] f l "); + PrintAndLogEx(NORMAL, "Options:"); + PrintAndLogEx(NORMAL, " h - this help"); + PrintAndLogEx(NORMAL, " f - start password (hex, lsb notation)"); + PrintAndLogEx(NORMAL, " l - stop password (hex, lsb notation)"); + PrintAndLogEx(NORMAL, "Examples:"); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_bruteforce f 11200000 l 11300000")); + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; +} static void prepare_result(const uint8_t *byte, int fwr, int lwr, em4x50_word_t *words) { @@ -740,3 +753,61 @@ int CmdEM4x50Wipe(const char *Cmd) { return PM3_SUCCESS; } + +int CmdEM4x50BruteForce(const char *Cmd) { + + bool startpwd = false, stoppwd = false, errors = false; + const int speed = 27; // 27 passwords/second (empirical value) + int no_iter = 0, dur_h = 0, dur_m = 0, dur_s = 0; + uint8_t cmdp = 0; + em4x50_data_t etd; + PacketResponseNG resp; + + while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { + + switch (tolower(param_getchar(Cmd, cmdp))) { + case 'h': + return usage_lf_em4x50_bruteforce(); + case 'f': + etd.start_password = param_get32ex(Cmd, cmdp + 1, 0, 16); + startpwd = true; + cmdp += 2; + break; + case 'l': + etd.stop_password = param_get32ex(Cmd, cmdp + 1, 0, 16); + stoppwd = true; + cmdp += 2; + break; + default: + PrintAndLogEx(WARNING, "\n Unknown parameter '%c'\n", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + + if (errors || !startpwd || !stoppwd) + return usage_lf_em4x50_bruteforce(); + + // print some information + no_iter = etd.stop_password - etd.start_password + 1; + dur_s = no_iter / speed; + dur_h = dur_s / 3600; + dur_m = (dur_s - dur_h * 3600) / 60; + dur_s -= dur_h * 3600 + dur_m * 60; + PrintAndLogEx(NORMAL, "\ntrying %i passwords in range [0x%08x, 0x%08x]", + no_iter, etd.start_password, etd.stop_password); + PrintAndLogEx(NORMAL, "estimated duration: %ih%im%is\n", dur_h, dur_m, dur_s); + + // start + clearCommandBuffer(); + SendCommandNG(CMD_LF_EM4X50_BRUTEFORCE, (uint8_t *)&etd, sizeof(etd)); + WaitForResponse(CMD_ACK, &resp); + + // print response + if ((bool)resp.status) + PrintAndLogEx(NORMAL, "\npassword " _GREEN_("found") ": 0x%08x\n", resp.data.asDwords[0]); + else + PrintAndLogEx(NORMAL, "\npassword: " _RED_("not found") "\n"); + + return PM3_SUCCESS; +} From 2308cc7175c4fd26b464afd6f108c1f00e839a7f Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 12:59:04 +0200 Subject: [PATCH 09/12] new entry for function em4x50_bruteforce --- armsrc/appmain.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 42161d738..88523aa6c 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1037,6 +1037,10 @@ static void PacketReceived(PacketCommandNG *packet) { em4x50_wipe((em4x50_data_t *)packet->data.asBytes); break; } + case CMD_LF_EM4X50_BRUTEFORCE: { + em4x50_bruteforce((em4x50_data_t *)packet->data.asBytes); + break; + } #endif #ifdef WITH_ISO15693 From ab5e4405fe9ab10dd5f6350dc5d79fc0d28ac576 Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 13:42:13 +0200 Subject: [PATCH 10/12] changed function name + column order (output "lsb"/msb") --- armsrc/em4x50.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index dbc05a836..15f5194d9 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -1094,7 +1094,7 @@ void em4x50_wipe(em4x50_data_t *etd) { reply_ng(CMD_ACK, bsuccess, (uint8_t *)tag.sectors, 238); } -void em4x50_bruteforce(em4x50_data_t *etd) { +void em4x50_brute(em4x50_data_t *etd) { // searching for password in given range @@ -1129,12 +1129,12 @@ void em4x50_bruteforce(em4x50_data_t *etd) { if (cnt == 500) { Dbprintf(""); Dbprintf("|---------+------------+------------|"); - Dbprintf("| no. | pwd (lsb) | pwd (msb) |"); + Dbprintf("| no. | pwd (msb) | pwd (lsb) |"); Dbprintf("|---------+------------+------------|"); } // print data - Dbprintf("|%8i | 0x%08x | 0x%08x |", cnt, pwd, rpwd); + Dbprintf("|%8i | 0x%08x | 0x%08x |", cnt, rpwd, pwd); } if (BUTTON_PRESS()) From fc3638a5f4eee9b6c7f068bdef8e3f088467a041 Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 13:42:27 +0200 Subject: [PATCH 11/12] changed function name --- armsrc/appmain.c | 4 ++-- armsrc/em4x50.h | 2 +- client/src/cmdlfem4x.c | 2 +- client/src/cmdlfem4x50.c | 14 +++++++------- client/src/cmdlfem4x50.h | 2 +- include/pm3_cmd.h | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 88523aa6c..5a465c2bd 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1037,8 +1037,8 @@ static void PacketReceived(PacketCommandNG *packet) { em4x50_wipe((em4x50_data_t *)packet->data.asBytes); break; } - case CMD_LF_EM4X50_BRUTEFORCE: { - em4x50_bruteforce((em4x50_data_t *)packet->data.asBytes); + case CMD_LF_EM4X50_BRUTE: { + em4x50_brute((em4x50_data_t *)packet->data.asBytes); break; } #endif diff --git a/armsrc/em4x50.h b/armsrc/em4x50.h index 71e1371f6..db8235bca 100644 --- a/armsrc/em4x50.h +++ b/armsrc/em4x50.h @@ -22,6 +22,6 @@ void em4x50_write(em4x50_data_t *etd); void em4x50_write_password(em4x50_data_t *etd); void em4x50_read(em4x50_data_t *etd); void em4x50_wipe(em4x50_data_t *etd); -void em4x50_bruteforce(em4x50_data_t *etd); +void em4x50_brute(em4x50_data_t *etd); #endif /* EM4X50_H */ diff --git a/client/src/cmdlfem4x.c b/client/src/cmdlfem4x.c index efc0bb322..b09f2f102 100644 --- a/client/src/cmdlfem4x.c +++ b/client/src/cmdlfem4x.c @@ -1398,7 +1398,7 @@ static command_t CommandTable[] = { {"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"}, {"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"}, {"4x50_wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe data from EM4x50"}, - {"4x50_bruteforce", CmdEM4x50BruteForce, IfPm3EM4x50, "guess password of EM4x50"}, + {"4x50_brute", CmdEM4x50Brute, IfPm3EM4x50, "guess password of EM4x50"}, {NULL, NULL, NULL, NULL} }; diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index a87ec2927..c0fc06e7b 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -97,16 +97,16 @@ static int usage_lf_em4x50_wipe(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -static int usage_lf_em4x50_bruteforce(void) { +static int usage_lf_em4x50_brute(void) { PrintAndLogEx(NORMAL, "Guess password of EM4x50 tag. Tag must be on antenna. "); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(NORMAL, "Usage: lf em 4x50_bruteforce [h] f l "); + PrintAndLogEx(NORMAL, "Usage: lf em 4x50_brute [h] f l "); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " f - start password (hex, lsb notation)"); PrintAndLogEx(NORMAL, " l - stop password (hex, lsb notation)"); PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_bruteforce f 11200000 l 11300000")); + PrintAndLogEx(NORMAL, _YELLOW_(" lf em 4x50_brute f 11200000 l 11300000")); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -754,7 +754,7 @@ int CmdEM4x50Wipe(const char *Cmd) { return PM3_SUCCESS; } -int CmdEM4x50BruteForce(const char *Cmd) { +int CmdEM4x50Brute(const char *Cmd) { bool startpwd = false, stoppwd = false, errors = false; const int speed = 27; // 27 passwords/second (empirical value) @@ -767,7 +767,7 @@ int CmdEM4x50BruteForce(const char *Cmd) { switch (tolower(param_getchar(Cmd, cmdp))) { case 'h': - return usage_lf_em4x50_bruteforce(); + return usage_lf_em4x50_brute(); case 'f': etd.start_password = param_get32ex(Cmd, cmdp + 1, 0, 16); startpwd = true; @@ -786,7 +786,7 @@ int CmdEM4x50BruteForce(const char *Cmd) { } if (errors || !startpwd || !stoppwd) - return usage_lf_em4x50_bruteforce(); + return usage_lf_em4x50_brute(); // print some information no_iter = etd.stop_password - etd.start_password + 1; @@ -800,7 +800,7 @@ int CmdEM4x50BruteForce(const char *Cmd) { // start clearCommandBuffer(); - SendCommandNG(CMD_LF_EM4X50_BRUTEFORCE, (uint8_t *)&etd, sizeof(etd)); + SendCommandNG(CMD_LF_EM4X50_BRUTE, (uint8_t *)&etd, sizeof(etd)); WaitForResponse(CMD_ACK, &resp); // print response diff --git a/client/src/cmdlfem4x50.h b/client/src/cmdlfem4x50.h index 6e1815c87..9a86adfed 100644 --- a/client/src/cmdlfem4x50.h +++ b/client/src/cmdlfem4x50.h @@ -24,6 +24,6 @@ int CmdEM4x50WritePassword(const char *Cmd); int CmdEM4x50Read(const char *Cmd); int CmdEM4x50Dump(const char *Cmd); int CmdEM4x50Wipe(const char *Cmd); -int CmdEM4x50BruteForce(const char *Cmd); +int CmdEM4x50Brute(const char *Cmd); #endif diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index f97be2a06..69a75a1ad 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -493,7 +493,7 @@ typedef struct { #define CMD_LF_EM4X50_WRITE_PASSWORD 0x0242 #define CMD_LF_EM4X50_READ 0x0243 #define CMD_LF_EM4X50_WIPE 0x0244 -#define CMD_LF_EM4X50_BRUTEFORCE 0x0245 +#define CMD_LF_EM4X50_BRUTE 0x0245 // Sampling configuration for LF reader/sniffer #define CMD_LF_SAMPLING_SET_CONFIG 0x021D #define CMD_LF_FSK_SIMULATE 0x021E From c2d3b893259e75fdb92af7c4eaa00fac33c8db50 Mon Sep 17 00:00:00 2001 From: tharexde Date: Sun, 27 Sep 2020 14:59:53 +0200 Subject: [PATCH 12/12] very small corrections --- armsrc/em4x50.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index 15f5194d9..3f1305d8a 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -1062,7 +1062,7 @@ void em4x50_wipe(em4x50_data_t *etd) { // to verify result reset EM4x50 if (reset()) { - // login not necessary because protectd word has been set to 0 + // login not necessary because protected word has been set to 0 // -> no read protected words // -> selective read can be called immediately if (selective_read(addresses)) { @@ -1142,7 +1142,8 @@ void em4x50_brute(em4x50_data_t *etd) { } // print footer - Dbprintf("|---------+------------+------------|"); + if (cnt >= 500) + Dbprintf("|---------+------------+------------|"); } lf_finalize();