github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 13:00:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

make style

Browse source
This commit is contained in:
Philippe Teuwen 2019-07-23 23:43:30 +02:00
commit ac233a346a
6 changed files with 689 additions and 670 deletions
Download patch file Download diff file Expand all files Collapse all files

10
armsrc/appmain.c
View file

@ -880,7 +880,7 @@ static void PacketReceived(PacketCommandNG *packet) {
uint8_t downlink_mode; uint8_t downlink_mode;
} PACKED; } PACKED;
struct p *payload = (struct p *) packet->data.asBytes; struct p *payload = (struct p *) packet->data.asBytes;
T55xxReadBlock(payload->page, payload->pwdmode, false, payload->blockno, payload->password,payload->downlink_mode); T55xxReadBlock(payload->page, payload->pwdmode, false, payload->blockno, payload->password, payload->downlink_mode);
break; break;
} }
case CMD_T55XX_WRITE_BLOCK: { case CMD_T55XX_WRITE_BLOCK: {
@ -889,15 +889,15 @@ static void PacketReceived(PacketCommandNG *packet) {
break; break;
} }
case CMD_T55XX_WAKEUP: { case CMD_T55XX_WAKEUP: {
T55xxWakeUp(packet->oldarg[0],packet->oldarg[1]); T55xxWakeUp(packet->oldarg[0], packet->oldarg[1]);
break; break;
} }
case CMD_T55XX_RESET_READ: { case CMD_T55XX_RESET_READ: {
T55xxResetRead(packet->data.asBytes[0]&0xff); T55xxResetRead(packet->data.asBytes[0] & 0xff);
break; break;
} }
case CMD_T55XX_CHKPWDS: { case CMD_T55XX_CHKPWDS: {
T55xx_ChkPwds(packet->data.asBytes[0]&0xff); T55xx_ChkPwds(packet->data.asBytes[0] & 0xff);
break; break;
} }
case CMD_PCF7931_READ: { case CMD_PCF7931_READ: {

2
armsrc/apps.h
View file

@ -106,7 +106,7 @@ void T55xxResetRead(uint8_t flags);
//id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags); //id T55xxWriteBlock(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxWriteBlock(uint8_t *data); void T55xxWriteBlock(uint8_t *data);
// void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags); // void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd,uint8_t downlink_mode); void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd, uint8_t downlink_mode);
void T55xxWakeUp(uint32_t Pwd, uint8_t flags); void T55xxWakeUp(uint32_t Pwd, uint8_t flags);
void T55xx_ChkPwds(uint8_t flags); void T55xx_ChkPwds(uint8_t flags);

614
armsrc/lfops.c
View file

@ -52,8 +52,8 @@
// t55xx_config t_config = { 29 * 8, 17 * 8, 15 * 8, 47 * 8, 15 * 8 } ; // t55xx_config t_config = { 29 * 8, 17 * 8, 15 * 8, 47 * 8, 15 * 8 } ;
ATA5577 Downlink Protocol Timings. ATA5577 Downlink Protocol Timings.
Note: All absolute times assume TC = 1 / fC = 8 μs (fC = 125 kHz) Note: All absolute times assume TC = 1 / fC = 8 μs (fC = 125 kHz)
----------------------------------------------------------------------- -----------------------------------------------------------------------
Fixed-bit-length Protocol | Normal Downlink | Fast Downlink | Fixed-bit-length Protocol | Normal Downlink | Fast Downlink |
------------------------------+-----------------------------------+-----------------------------------+------ ------------------------------+-----------------------------------+-----------------------------------+------
@ -113,16 +113,22 @@
/* /*
// Note: Moved * 8 to apply when used. Saving 28 bytes here (- the *8) and 28 bytes flash. // Note: Moved * 8 to apply when used. Saving 28 bytes here (- the *8) and 28 bytes flash.
// StartGap WriteGap Bit 0/00 Bit 1/01 Bit 10 Bit 11 ReadGap // StartGap WriteGap Bit 0/00 Bit 1/01 Bit 10 Bit 11 ReadGap
t55xx_config T55xx_Timing = {{{ 29 , 17 , 15 , 50 , 0 , 0 , 15 }, // Default Fixed t55xx_config T55xx_Timing = {{
{ 31 , 20 , 18 , 50 , 0 , 0 , 15 }, // Long Leading Ref. { 29 , 17 , 15 , 50 , 0 , 0 , 15 }, // Default Fixed
{ 31 , 20 , 18 , 40 , 0 , 0 , 15 }, // Leading 0 { 31 , 20 , 18 , 50 , 0 , 0 , 15 }, // Long Leading Ref.
{ 29 , 17 , 15 , 31 , 47 , 63 , 15 } }}; // 1 of 4 { 31 , 20 , 18 , 40 , 0 , 0 , 15 }, // Leading 0
{ 29 , 17 , 15 , 31 , 47 , 63 , 15 } // 1 of 4
}
};
*/ */
// StartGap WriteGap Bit 0/00 Bit 1/01 Bit 10 Bit 11 ReadGap // StartGap WriteGap Bit 0/00 Bit 1/01 Bit 10 Bit 11 ReadGap
t55xx_config T55xx_Timing = {{{ 29 * 8 , 17 * 8 , 15 * 8 , 50 * 8 , 0 , 0 , 15 * 8 }, // Default Fixed t55xx_config T55xx_Timing = {{
{ 31 * 8 , 20 * 8 , 18 * 8 , 50 * 8 , 0 , 0 , 15 * 8 }, // Long Leading Ref. { 29 * 8, 17 * 8, 15 * 8, 50 * 8, 0, 0, 15 * 8 }, // Default Fixed
{ 31 * 8 , 20 * 8 , 18 * 8 , 40 * 8 , 0 , 0 , 15 * 8 }, // Leading 0 { 31 * 8, 20 * 8, 18 * 8, 50 * 8, 0, 0, 15 * 8 }, // Long Leading Ref.
{ 29 * 8 , 17 * 8 , 15 * 8 , 31 * 8 , 47 * 8, 63 * 8, 15 * 8 } }}; // 1 of 4 { 31 * 8, 20 * 8, 18 * 8, 40 * 8, 0, 0, 15 * 8 }, // Leading 0
{ 29 * 8, 17 * 8, 15 * 8, 31 * 8, 47 * 8, 63 * 8, 15 * 8 } // 1 of 4
}
};
// Some defines for readability // Some defines for readability
@ -133,48 +139,55 @@ t55xx_config T55xx_Timing = {{{ 29 * 8 , 17 * 8 , 15 * 8 , 50 * 8 , 0 , 0
#define T55xx_LongLeadingReference 4 // Value to tell Write Bit to send long reference #define T55xx_LongLeadingReference 4 // Value to tell Write Bit to send long reference
void printT55xxConfig(void) { void printT55xxConfig(void) {
int DLMode; int DLMode;
DbpString(_BLUE_("LF T55XX config")); DbpString(_BLUE_("LF T55XX config"));
for (DLMode = 0; DLMode < 4; DLMode++) { for (DLMode = 0; DLMode < 4; DLMode++) {
switch (DLMode){ switch (DLMode) {
case T55xx_DLMode_Fixed : Dbprintf("r 0 fixed bit length (default)"); break; case T55xx_DLMode_Fixed :
case T55xx_DLMode_LLR : Dbprintf("r 1 long leading reference"); break; Dbprintf("r 0 fixed bit length (default)");
case T55xx_DLMode_Leading0 : Dbprintf("r 2 leading zero"); break; break;
case T55xx_DLMode_1of4 : Dbprintf("r 3 1 of 4 coding reference"); break; case T55xx_DLMode_LLR :
} Dbprintf("r 1 long leading reference");
Dbprintf(" [a] startgap............%d*8 (%d)", T55xx_Timing.m[DLMode].start_gap / 8, T55xx_Timing.m[DLMode].start_gap); break;
Dbprintf(" [b] writegap............%d*8 (%d)", T55xx_Timing.m[DLMode].write_gap / 8, T55xx_Timing.m[DLMode].write_gap); case T55xx_DLMode_Leading0 :
Dbprintf(" [c] write_0.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_0 / 8, T55xx_Timing.m[DLMode].write_0 ); Dbprintf("r 2 leading zero");
Dbprintf(" [d] write_1.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_1 / 8, T55xx_Timing.m[DLMode].write_1 ); break;
if (DLMode == T55xx_DLMode_1of4) { case T55xx_DLMode_1of4 :
Dbprintf(" [e] write_2.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_2 / 8, T55xx_Timing.m[DLMode].write_2); Dbprintf("r 3 1 of 4 coding reference");
Dbprintf(" [f] write_3.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_3 / 8, T55xx_Timing.m[DLMode].write_3); break;
} }
Dbprintf(" [g] readgap.............%d*8 (%d)", T55xx_Timing.m[DLMode].read_gap / 8, T55xx_Timing.m[DLMode].read_gap); Dbprintf(" [a] startgap............%d*8 (%d)", T55xx_Timing.m[DLMode].start_gap / 8, T55xx_Timing.m[DLMode].start_gap);
} Dbprintf(" [b] writegap............%d*8 (%d)", T55xx_Timing.m[DLMode].write_gap / 8, T55xx_Timing.m[DLMode].write_gap);
Dbprintf(" [c] write_0.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_0 / 8, T55xx_Timing.m[DLMode].write_0);
Dbprintf(" [d] write_1.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_1 / 8, T55xx_Timing.m[DLMode].write_1);
if (DLMode == T55xx_DLMode_1of4) {
Dbprintf(" [e] write_2.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_2 / 8, T55xx_Timing.m[DLMode].write_2);
Dbprintf(" [f] write_3.............%d*8 (%d)", T55xx_Timing.m[DLMode].write_3 / 8, T55xx_Timing.m[DLMode].write_3);
}
Dbprintf(" [g] readgap.............%d*8 (%d)", T55xx_Timing.m[DLMode].read_gap / 8, T55xx_Timing.m[DLMode].read_gap);
}
} }
void setT55xxConfig(uint8_t arg0, t55xx_config *c) { void setT55xxConfig(uint8_t arg0, t55xx_config *c) {
uint8_t DLMode; uint8_t DLMode;
// uint8_t ClearT55Settings = c->m[0].start_gap & 0xffff; // all values will be ffff if clear requested // uint8_t ClearT55Settings = c->m[0].start_gap & 0xffff; // all values will be ffff if clear requested
for (DLMode = 0; DLMode < 4; DLMode++) { for (DLMode = 0; DLMode < 4; DLMode++) {
if (c->m[DLMode].start_gap != 0) T55xx_Timing.m[DLMode].start_gap = c->m[DLMode].start_gap;// * 8; if (c->m[DLMode].start_gap != 0) T55xx_Timing.m[DLMode].start_gap = c->m[DLMode].start_gap;// * 8;
if (c->m[DLMode].write_gap != 0) T55xx_Timing.m[DLMode].write_gap = c->m[DLMode].write_gap;// * 8; if (c->m[DLMode].write_gap != 0) T55xx_Timing.m[DLMode].write_gap = c->m[DLMode].write_gap;// * 8;
if (c->m[DLMode].write_0 != 0) T55xx_Timing.m[DLMode].write_0 = c->m[DLMode].write_0 ;// * 8; if (c->m[DLMode].write_0 != 0) T55xx_Timing.m[DLMode].write_0 = c->m[DLMode].write_0 ;// * 8;
if (c->m[DLMode].write_1 != 0) T55xx_Timing.m[DLMode].write_1 = c->m[DLMode].write_1 ;// * 8; if (c->m[DLMode].write_1 != 0) T55xx_Timing.m[DLMode].write_1 = c->m[DLMode].write_1 ;// * 8;
if (DLMode == T55xx_DLMode_1of4) { if (DLMode == T55xx_DLMode_1of4) {
if (c->m[DLMode].write_2 != 0) T55xx_Timing.m[DLMode].write_2 = c->m[DLMode].write_2;// * 8; if (c->m[DLMode].write_2 != 0) T55xx_Timing.m[DLMode].write_2 = c->m[DLMode].write_2;// * 8;
if (c->m[DLMode].write_3 != 0) T55xx_Timing.m[DLMode].write_3 = c->m[DLMode].write_3;// * 8 ; if (c->m[DLMode].write_3 != 0) T55xx_Timing.m[DLMode].write_3 = c->m[DLMode].write_3;// * 8 ;
} } else {
else{ T55xx_Timing.m[DLMode].write_2 = 0x00;
T55xx_Timing.m[DLMode].write_2 = 0x00; T55xx_Timing.m[DLMode].write_3 = 0x00;
T55xx_Timing.m[DLMode].write_3 = 0x00; }
} if (c->m[DLMode].read_gap != 0) T55xx_Timing.m[DLMode].read_gap = c->m[DLMode].read_gap;//* 8;
if (c->m[DLMode].read_gap != 0) T55xx_Timing.m[DLMode].read_gap = c->m[DLMode].read_gap;//* 8; }
}
printT55xxConfig(); printT55xxConfig();
@ -198,21 +211,21 @@ void setT55xxConfig(uint8_t arg0, t55xx_config *c) {
return; return;
} }
// if ( ClearT55Settings) // dont copy over new timings // if ( ClearT55Settings) // dont copy over new timings
memcpy(buf, &T55xx_Timing, T55XX_CONFIG_LEN); memcpy(buf, &T55xx_Timing, T55XX_CONFIG_LEN);
Flash_CheckBusy(BUSY_TIMEOUT); Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable(); Flash_WriteEnable();
Flash_Erase4k(3, 0xD); Flash_Erase4k(3, 0xD);
// if not a settings erase, write data // if not a settings erase, write data
// if ( ClearT55Settings) { // if ( ClearT55Settings) {
res = Flash_Write(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN); res = Flash_Write(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN);
if (res == T55XX_CONFIG_LEN && DBGLEVEL > 1) { if (res == T55XX_CONFIG_LEN && DBGLEVEL > 1) {
DbpString("T55XX Config save success"); DbpString("T55XX Config save success");
} }
// } // }
BigBuf_free(); BigBuf_free();
#endif #endif
@ -246,8 +259,8 @@ void loadT55xxConfig(void) {
return; return;
} }
if (buf[0] != 0xFF) // if not set for clear if (buf[0] != 0xFF) // if not set for clear
memcpy((uint8_t *)&T55xx_Timing, buf, T55XX_CONFIG_LEN); memcpy((uint8_t *)&T55xx_Timing, buf, T55XX_CONFIG_LEN);
if (isok == T55XX_CONFIG_LEN) { if (isok == T55XX_CONFIG_LEN) {
if (DBGLEVEL > 1) DbpString("T55XX Config load success"); if (DBGLEVEL > 1) DbpString("T55XX Config load success");
@ -1470,7 +1483,7 @@ void TurnReadLF_off(uint32_t delay) {
#define BitStream_Byte(X) ((X) >> 3) #define BitStream_Byte(X) ((X) >> 3)
#define BitStream_Bit(X) ((X) & 7) #define BitStream_Bit(X) ((X) & 7)
#define t55_send_PwdMode (arg & 0x01) #define t55_send_PwdMode (arg & 0x01)
#define t55_send_Page ((arg & 0x02) >> 1) #define t55_send_Page ((arg & 0x02) >> 1)
#define t55_send_TestMode ((arg & 0x04) >> 2) #define t55_send_TestMode ((arg & 0x04) >> 2)
#define t55_send_RegReadMode ((arg & 0x20) >> 5) #define t55_send_RegReadMode ((arg & 0x20) >> 5)
#define t55_send_ReadCmd ((arg & 0x40) >> 6) #define t55_send_ReadCmd ((arg & 0x40) >> 6)
@ -1479,18 +1492,28 @@ void TurnReadLF_off(uint32_t delay) {
// Write one bit to chip // Write one bit to chip
void T55xxWriteBit(uint8_t bit, uint8_t downlink_idx) { void T55xxWriteBit(uint8_t bit, uint8_t downlink_idx) {
// Dbprintf ("%d",bit); // Dbprintf ("%d",bit);
// If bit = 4 Send Long Leading Reference which is (138*8) + WRITE_0 // If bit = 4 Send Long Leading Reference which is (138*8) + WRITE_0
switch (bit){ switch (bit) {
case 0 : TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_0 ); break; // Send bit 0/00 case 0 :
case 1 : TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_1 ); break; // Send bit 1/01 TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_0);
case 2 : TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_2 ); break; // Send bits 10 (1 of 4) break; // Send bit 0/00
case 3 : TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_3 ); break; // Send bits 11 (1 of 4) case 1 :
case 4 : TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_0 + (136 * 8)); break; // Send Long Leading Reference TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_1);
} break; // Send bit 1/01
case 2 :
TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_2);
break; // Send bits 10 (1 of 4)
case 3 :
TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_3);
break; // Send bits 11 (1 of 4)
case 4 :
TurnReadLFOn(T55xx_Timing.m[downlink_idx].write_0 + (136 * 8));
break; // Send Long Leading Reference
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitUS(T55xx_Timing.m[downlink_idx].write_gap ); WaitUS(T55xx_Timing.m[downlink_idx].write_gap);
} }
// Function to abstract an Arbitrary length byte array to store bit pattern. // Function to abstract an Arbitrary length byte array to store bit pattern.
@ -1500,142 +1523,137 @@ void T55xxWriteBit(uint8_t bit, uint8_t downlink_idx) {
// num_bits - how many bits (low x bits of data) Max 32 bits at a time // num_bits - how many bits (low x bits of data) Max 32 bits at a time
// max_len - how many bytes can the bit_array hold (ensure no buffer overflow) // max_len - how many bytes can the bit_array hold (ensure no buffer overflow)
// returns "Next" bit offset / bits stored (for next store) // returns "Next" bit offset / bits stored (for next store)
uint8_t T55xx_SetBits (uint8_t *BitStream, uint8_t start_offset, uint32_t data , uint8_t num_bits, uint8_t max_len) uint8_t T55xx_SetBits(uint8_t *BitStream, uint8_t start_offset, uint32_t data, uint8_t num_bits, uint8_t max_len) {
{ int8_t offset;
int8_t offset; int8_t NextOffset = start_offset;
int8_t NextOffset = start_offset;
// Check if data will fit. // Check if data will fit.
if ((start_offset + num_bits) <= (max_len*8)) { if ((start_offset + num_bits) <= (max_len * 8)) {
// Loop through the data and store // Loop through the data and store
for (offset = (num_bits-1); offset >= 0; offset--) { for (offset = (num_bits - 1); offset >= 0; offset--) {
if ((data >> offset) & 1) BitStream[BitStream_Byte(NextOffset)] |= (1 << BitStream_Bit(NextOffset)); // Set the bit to 1 if ((data >> offset) & 1) BitStream[BitStream_Byte(NextOffset)] |= (1 << BitStream_Bit(NextOffset)); // Set the bit to 1
else BitStream[BitStream_Byte(NextOffset)] &= (0xff ^ (1 << BitStream_Bit(NextOffset))); // Set the bit to 0 else BitStream[BitStream_Byte(NextOffset)] &= (0xff ^ (1 << BitStream_Bit(NextOffset))); // Set the bit to 0
NextOffset++; NextOffset++;
} }
} } else {
else { // Note: This should never happen unless some code changes cause it.
// Note: This should never happen unless some code changes cause it. // So short message for coders when testing.
// So short message for coders when testing. Dbprintf("T55 too many bits");
Dbprintf ("T55 too many bits"); }
} return NextOffset;
return NextOffset;
} }
// Send one downlink command to the card // Send one downlink command to the card
// void T55xx_SendCMD (uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) { // void T55xx_SendCMD (uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) {
void T55xx_SendCMD (uint32_t Data, uint32_t Pwd, uint16_t arg) { void T55xx_SendCMD(uint32_t Data, uint32_t Pwd, uint16_t arg) {
/* /*
arg bits arg bits
xxxx xxxxxxx1 0x001 PwdMode xxxx xxxxxxx1 0x001 PwdMode
xxxx xxxxxx1x 0x002 Page xxxx xxxxxx1x 0x002 Page
xxxx xxxxx1xx 0x004 testMode xxxx xxxxx1xx 0x004 testMode
xxxx xxx11xxx 0x018 downlink mode xxxx xxx11xxx 0x018 downlink mode
xxxx xx1xxxxx 0x020 !reg_readmode xxxx xx1xxxxx 0x020 !reg_readmode
xxxx x1xxxxxx 0x040 called for a read, so no data packet xxxx x1xxxxxx 0x040 called for a read, so no data packet
xxxx 1xxxxxxx 0x080 reset xxxx 1xxxxxxx 0x080 reset
xxx1 xxxxxxxx 0x100 brute force xxx1 xxxxxxxx 0x100 brute force
111x xxxxxxxx 0xE00 Block 111x xxxxxxxx 0xE00 Block
*/
*/ uint8_t downlink_mode = (arg >> 3) & 0x03;
uint8_t i = 0;
uint8_t BitStream[10]; // Max Downlink Command size ~74 bits, so 10 bytes (80 bits)
uint8_t BitStreamLen = 0;
uint8_t SendBits;
uint8_t start_wait = 4;
bool brute_mem = (arg & 0x100);
uint8_t Block = (arg >> 9) & 0x07;
uint8_t downlink_mode = (arg >> 3) & 0x03; if (brute_mem) start_wait = 0;
uint8_t i = 0;
uint8_t BitStream[10]; // Max Downlink Command size ~74 bits, so 10 bytes (80 bits)
uint8_t BitStreamLen = 0;
uint8_t SendBits;
uint8_t start_wait = 4;
bool brute_mem = (arg & 0x100);
uint8_t Block = (arg >> 9) & 0x07;
if (brute_mem) start_wait = 0; // Build Bit Stream to send.
memset(BitStream, 0x00, sizeof(BitStream));
// Build Bit Stream to send. BitStreamLen = 0; // Ensure 0 bit index to start.
memset (BitStream,0x00,sizeof(BitStream));
BitStreamLen = 0; // Ensure 0 bit index to start. // Add Leading 0 and 1 of 4 reference bit
if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4))
BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, 0, 1, sizeof(BitStream));
// Add Leading 0 and 1 of 4 reference bit // Add extra reference 0 for 1 of 4
if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4)) if (downlink_mode == T55xx_DLMode_1of4)
BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream)); BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, 0, 1, sizeof(BitStream));
// Add extra reference 0 for 1 of 4 // Add Opcode
if (downlink_mode == T55xx_DLMode_1of4) if (t55_send_Reset) {
BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream)); // Reset : r*) 00
BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, 0, 2, sizeof(BitStream));
} else {
if (t55_send_TestMode) Dbprintf("TestMODE");
BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, t55_send_TestMode ? 0 : 1, 1, sizeof(BitStream));
BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, t55_send_TestMode ? 1 : t55_send_Page, 1, sizeof(BitStream));
//if (PwdMode) {
if (t55_send_PwdMode) {
// Leading 0 and 1 of 4 00 fixed bits if passsword used
if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4)) {
BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, 0, 2, sizeof(BitStream));
}
BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, Pwd, 32, sizeof(BitStream));
}
// Add Opcode // Add Lock bit 0
if (t55_send_Reset) { if (!t55_send_RegReadMode) BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, 0, 1, sizeof(BitStream));
// Reset : r*) 00
BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 2,sizeof(BitStream));
}
else {
if (t55_send_TestMode) Dbprintf("TestMODE");
BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen,t55_send_TestMode ? 0 : 1 , 1,sizeof(BitStream));
BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen,t55_send_TestMode ? 1 : t55_send_Page , 1,sizeof(BitStream));
//if (PwdMode) {
if (t55_send_PwdMode) {
// Leading 0 and 1 of 4 00 fixed bits if passsword used
if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4)) {
BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 2,sizeof(BitStream));
}
BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Pwd, 32,sizeof(BitStream));
}
// Add Lock bit 0 // Add Data if a write command
if (!t55_send_RegReadMode) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream)); if (!t55_send_ReadCmd) BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, Data, 32, sizeof(BitStream));
// Add Data if a write command // Add Address
if (!t55_send_ReadCmd) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Data, 32,sizeof(BitStream)); if (!t55_send_RegReadMode) BitStreamLen = T55xx_SetBits(BitStream, BitStreamLen, Block, 3, sizeof(BitStream));
}
// Add Address // Send Bits to T55xx
if (!t55_send_RegReadMode) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Block, 3,sizeof(BitStream)); // Set up FPGA, 125kHz
} LFSetupFPGAForADC(95, true);
// Send Bits to T55xx // make sure tag is fully powered up...
// Set up FPGA, 125kHz WaitMS(start_wait);
LFSetupFPGAForADC(95, true);
// make sure tag is fully powered up... // Trigger T55x7 in mode.
WaitMS(start_wait); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitUS(T55xx_Timing.m[downlink_mode].start_gap * 8);
// Trigger T55x7 in mode. // If long leading 0 send long reference pulse
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); if (downlink_mode == T55xx_DLMode_LLR)
WaitUS(T55xx_Timing.m[downlink_mode].start_gap * 8); T55xxWriteBit(T55xx_LongLeadingReference, downlink_mode);//Timing); // Send Long Leading Start Reference
// If long leading 0 send long reference pulse if ((downlink_mode == T55xx_DLMode_1of4) && (BitStreamLen > 0)) { // 1 of 4 need to send 2 bits at a time
if (downlink_mode == T55xx_DLMode_LLR) for (i = 0; i < BitStreamLen - 1; i += 2) {
T55xxWriteBit (T55xx_LongLeadingReference,downlink_mode);//Timing); // Send Long Leading Start Reference SendBits = (BitStream[BitStream_Byte(i)] >> (BitStream_Bit(i)) & 1) << 1; // Bit i
SendBits += (BitStream[BitStream_Byte(i + 1)] >> (BitStream_Bit(i + 1)) & 1); // Bit i+1;
if ((downlink_mode == T55xx_DLMode_1of4) && (BitStreamLen > 0)) { // 1 of 4 need to send 2 bits at a time T55xxWriteBit(SendBits & 3, downlink_mode);//Timing);
for ( i = 0; i < BitStreamLen-1; i+=2 ) { }
SendBits = (BitStream[BitStream_Byte(i )] >> (BitStream_Bit(i )) & 1) << 1; // Bit i } else {
SendBits += (BitStream[BitStream_Byte(i+1)] >> (BitStream_Bit(i+1)) & 1); // Bit i+1; for (i = 0; i < BitStreamLen; i++) {
T55xxWriteBit (SendBits & 3,downlink_mode);//Timing); SendBits = (BitStream[BitStream_Byte(i)] >> BitStream_Bit(i));
} T55xxWriteBit(SendBits & 1, downlink_mode);//Timing);
} }
else { }
for (i = 0; i < BitStreamLen; i++) {
SendBits = (BitStream[BitStream_Byte(i)] >> BitStream_Bit(i));
T55xxWriteBit (SendBits & 1,downlink_mode);//Timing);
}
}
} }
// Send T5577 reset command then read stream (see if we can identify the start of the stream) // Send T5577 reset command then read stream (see if we can identify the start of the stream)
void T55xxResetRead(uint8_t flags) { void T55xxResetRead(uint8_t flags) {
uint8_t downlink_mode = ((flags >> 3) & 3); uint8_t downlink_mode = ((flags >> 3) & 3);
uint8_t arg = 0x80 | downlink_mode; uint8_t arg = 0x80 | downlink_mode;
LED_A_ON(); LED_A_ON();
//clear buffer now so it does not interfere with timing later //clear buffer now so it does not interfere with timing later
BigBuf_Clear_keep_EM(); BigBuf_Clear_keep_EM();
T55xx_SendCMD (0, 0, arg); T55xx_SendCMD(0, 0, arg);
TurnReadLFOn(T55xx_Timing.m[downlink_mode].read_gap); TurnReadLFOn(T55xx_Timing.m[downlink_mode].read_gap);
@ -1653,60 +1671,60 @@ void T55xxResetRead(uint8_t flags) {
//void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags) { //void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags) {
void T55xxWriteBlock(uint8_t *data) { void T55xxWriteBlock(uint8_t *data) {
/* /*
flag bits flag bits
xxxxxxx1 0x01 PwdMode xxxxxxx1 0x01 PwdMode
xxxxxx1x 0x02 Page xxxxxx1x 0x02 Page
xxxxx1xx 0x04 testMode xxxxx1xx 0x04 testMode
xxx11xxx 0x18 downlink mode xxx11xxx 0x18 downlink mode
xx1xxxxx 0x20 !reg_readmode xx1xxxxx 0x20 !reg_readmode
x1xxxxxx 0x40 called for a read, so no data packet x1xxxxxx 0x40 called for a read, so no data packet
1xxxxxxx 0x80 reset 1xxxxxxx 0x80 reset
*/ */
t55xx_write_block_t *c = (t55xx_write_block_t *)data; t55xx_write_block_t *c = (t55xx_write_block_t *)data;
// c->data, c->blockno, c->pwd, c->flags // c->data, c->blockno, c->pwd, c->flags
bool testMode = ((c->flags & 0x04) == 0x04); bool testMode = ((c->flags & 0x04) == 0x04);
c->flags &= (0xff ^ 0x40); // Called for a write, so ensure it is clear/0 c->flags &= (0xff ^ 0x40); // Called for a write, so ensure it is clear/0
LED_A_ON (); LED_A_ON();
T55xx_SendCMD (c->data, c->pwd, c->flags | (c->blockno << 9)) ;//, false); T55xx_SendCMD(c->data, c->pwd, c->flags | (c->blockno << 9)) ; //, false);
// Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550, // Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
// so wait a little more) // so wait a little more)
// "there is a clock delay before programming" // "there is a clock delay before programming"
// - programming takes ~5.6ms for t5577 ~18ms for E5550 or t5567 // - programming takes ~5.6ms for t5577 ~18ms for E5550 or t5567
// so we should wait 1 clock + 5.6ms then read response? // so we should wait 1 clock + 5.6ms then read response?
// but we need to know we are dealing with t5577 vs t5567 vs e5550 (or q5) marshmellow... // but we need to know we are dealing with t5577 vs t5567 vs e5550 (or q5) marshmellow...
if (testMode) { if (testMode) {
//TESTMODE TIMING TESTS: //TESTMODE TIMING TESTS:
// <566us does nothing // <566us does nothing
// 566-568 switches between wiping to 0s and doing nothing // 566-568 switches between wiping to 0s and doing nothing
// 5184 wipes and allows 1 block to be programmed. // 5184 wipes and allows 1 block to be programmed.
// indefinite power on wipes and then programs all blocks with bitshifted data sent. // indefinite power on wipes and then programs all blocks with bitshifted data sent.
TurnReadLFOn(5184); TurnReadLFOn(5184);
} else { } else {
TurnReadLFOn(20 * 1000); TurnReadLFOn(20 * 1000);
//could attempt to do a read to confirm write took //could attempt to do a read to confirm write took
// as the tag should repeat back the new block // as the tag should repeat back the new block
// until it is reset, but to confirm it we would // until it is reset, but to confirm it we would
// need to know the current block 0 config mode for // need to know the current block 0 config mode for
// modulation clock an other details to demod the response... // modulation clock an other details to demod the response...
// response should be (for t55x7) a 0 bit then (ST if on) // response should be (for t55x7) a 0 bit then (ST if on)
// block data written in on repeat until reset. // block data written in on repeat until reset.
//DoPartialAcquisition(20, true, 12000); //DoPartialAcquisition(20, true, 12000);
} }
// turn field off // turn field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
// cmd_send(CMD_ACK,0,0,0,0,0); // cmd_send(CMD_ACK,0,0,0,0,0);
reply_ng(CMD_T55XX_WRITE_BLOCK, PM3_SUCCESS, NULL, 0); reply_ng(CMD_T55XX_WRITE_BLOCK, PM3_SUCCESS, NULL, 0);
LED_A_OFF (); LED_A_OFF();
} }
/* /*
@ -1719,49 +1737,49 @@ void T55xxWriteBlock(uint8_t *data) {
*/ */
/* /*
// Read one card block in page [page] // Read one card block in page [page]
void T55xxReadBlockExt (uint16_t flags, uint8_t block, uint32_t pwd) { void T55xxReadBlockExt(uint16_t flags, uint8_t block, uint32_t pwd) {
/ * / *
flag bits flag bits
xxxx xxxxxxx1 0x0001 PwdMode xxxx xxxxxxx1 0x0001 PwdMode
xxxx xxxxxx1x 0x0002 Page xxxx xxxxxx1x 0x0002 Page
xxxx xxxxx1xx 0x0004 testMode xxxx xxxxx1xx 0x0004 testMode
xxxx xxx11xxx 0x0018 downlink mode xxxx xxx11xxx 0x0018 downlink mode
xxxx xx1xxxxx 0x0020 !reg_readmode xxxx xx1xxxxx 0x0020 !reg_readmode
xxxx x1xxxxxx 0x0040 called for a read, so no data packet xxxx x1xxxxxx 0x0040 called for a read, so no data packet
xxxx 1xxxxxxx 0x0080 reset xxxx 1xxxxxxx 0x0080 reset
xxx1 xxxxxxxx 0x0100 brute/leave field on xxx1 xxxxxxxx 0x0100 brute / leave field on
* / * /
size_t samples = 12000; size_t samples = 12000;
bool brute_mem = (flags & 0x0100) >> 8; bool brute_mem = (flags & 0x0100) >> 8;
LED_A_ON(); LED_A_ON();
if (brute_mem) samples = 1024; if (brute_mem) samples = 1024;
// Set Read Flag to ensure SendCMD does not add "data" to the packet // Set Read Flag to ensure SendCMD does not add "data" to the packet
flags |= 0x40; flags |= 0x40;
// RegRead Mode true block = 0xff, so read without an address // RegRead Mode true block = 0xff, so read without an address
if (block == 0xff) flags |= 0x20; if (block == 0xff) flags |= 0x20;
//make sure block is at max 7 //make sure block is at max 7
block &= 0x7; block &= 0x7;
//clear buffer now so it does not interfere with timing later //clear buffer now so it does not interfere with timing later
BigBuf_Clear_keep_EM(); BigBuf_Clear_keep_EM();
T55xx_SendCMD (0, pwd, flags | (block << 9)); //, true); T55xx_SendCMD(0, pwd, flags | (block << 9)); //, true);
// Turn field on to read the response // Turn field on to read the response
// 137*8 seems to get to the start of data pretty well... // 137*8 seems to get to the start of data pretty well...
// but we want to go past the start and let the repeating data settle in... // but we want to go past the start and let the repeating data settle in...
// TurnReadLFOn(210*8); // issues with block 1 reads so dropping down seemed to help // TurnReadLFOn(210*8); // issues with block 1 reads so dropping down seemed to help
TurnReadLFOn(137*8); TurnReadLFOn(137 * 8);
// Acquisition // Acquisition
// Now do the acquisition // Now do the acquisition
DoPartialAcquisition(0, true, samples, 0); DoPartialAcquisition(0, true, samples, 0);
// Turn the field off // Turn the field off
if (!brute_mem) { if (!brute_mem) {
@ -1773,55 +1791,55 @@ void T55xxReadBlockExt (uint16_t flags, uint8_t block, uint32_t pwd) {
*/ */
// Read one card block in page [page] // Read one card block in page [page]
void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd, uint8_t downlink_mode) { void T55xxReadBlock(uint8_t page, bool pwd_mode, bool brute_mem, uint8_t block, uint32_t pwd, uint8_t downlink_mode) {
/* /*
flag bits flag bits
xxxxxxx1 0x0001 PwdMode xxxx xxxxxxx1 0x0001 PwdMode
xxxxxx1x 0x0002 Page xxxx xxxxxx1x 0x0002 Page
xxxxx1xx 0x0004 testMode xxxx xxxxx1xx 0x0004 testMode
xxx11xxx 0x0018 downlink mode xxxx xxx11xxx 0x0018 downlink mode
xx1xxxxx 0x0020 !reg_readmode xxxx xx1xxxxx 0x0020 !reg_readmode
x1xxxxxx 0x0040 called for a read, so no data packet xxxx x1xxxxxx 0x0040 called for a read, so no data packet
1xxxxxxx 0x0080 reset xxxx 1xxxxxxx 0x0080 reset
1xxxxxxxx 0x0100 brute/leave field on xxx1 xxxxxxxx 0x0100 brute / leave field on
*/ */
uint16_t flags = 0x0040; // read packet uint16_t flags = 0x0040; // read packet
if (pwd_mode) flags |= 0x0001; if (pwd_mode) flags |= 0x0001;
if (page) flags |= 0x0002; if (page) flags |= 0x0002;
flags |= (downlink_mode & 3) << 3; flags |= (downlink_mode & 3) << 3;
if (brute_mem) flags |= 0x0100; if (brute_mem) flags |= 0x0100;
// T55xxReadBlockExt (flags,block,pwd); // T55xxReadBlockExt (flags,block,pwd);
size_t samples = 12000; size_t samples = 12000;
// bool brute_mem = (flags & 0x0100) >> 8; // bool brute_mem = (flags & 0x0100) >> 8;
LED_A_ON(); LED_A_ON();
if (brute_mem) samples = 1024; if (brute_mem) samples = 1024;
//-- Set Read Flag to ensure SendCMD does not add "data" to the packet //-- Set Read Flag to ensure SendCMD does not add "data" to the packet
//-- flags |= 0x40; //-- flags |= 0x40;
// RegRead Mode true block = 0xff, so read without an address // RegRead Mode true block = 0xff, so read without an address
if (block == 0xff) flags |= 0x20; if (block == 0xff) flags |= 0x20;
//make sure block is at max 7 //make sure block is at max 7
block &= 0x7; block &= 0x7;
//clear buffer now so it does not interfere with timing later //clear buffer now so it does not interfere with timing later
BigBuf_Clear_keep_EM(); BigBuf_Clear_keep_EM();
T55xx_SendCMD (0, pwd, flags | (block << 9)); //, true); T55xx_SendCMD(0, pwd, flags | (block << 9)); //, true);
// Turn field on to read the response // Turn field on to read the response
// 137*8 seems to get to the start of data pretty well... // 137*8 seems to get to the start of data pretty well...
// but we want to go past the start and let the repeating data settle in... // but we want to go past the start and let the repeating data settle in...
// TurnReadLFOn(210*8); // issues with block 1 reads so dropping down seemed to help // TurnReadLFOn(210*8); // issues with block 1 reads so dropping down seemed to help
TurnReadLFOn(137*8); TurnReadLFOn(137 * 8);
// Acquisition // Acquisition
// Now do the acquisition // Now do the acquisition
DoPartialAcquisition(0, true, samples, 0); DoPartialAcquisition(0, true, samples, 0);
// Turn the field off // Turn the field off
if (!brute_mem) { if (!brute_mem) {
@ -1841,13 +1859,13 @@ void T55xx_ChkPwds(uint8_t flags) {
// tends to mess up BigBuf // tends to mess up BigBuf
uint8_t *buf = BigBuf_get_addr(); uint8_t *buf = BigBuf_get_addr();
uint32_t b1, baseline = 0; uint32_t b1, baseline = 0;
uint8_t downlink_mode = (flags >> 3) & 0x03; uint8_t downlink_mode = (flags >> 3) & 0x03;
// collect baseline for failed attempt // collect baseline for failed attempt
uint8_t x = 32; uint8_t x = 32;
while (x--) { while (x--) {
b1 = 0; b1 = 0;
T55xxReadBlock(0, 0, true, 1, 0,downlink_mode); T55xxReadBlock(0, 0, true, 1, 0, downlink_mode);
for (uint16_t j = 0; j < 1024; ++j) for (uint16_t j = 0; j < 1024; ++j)
b1 += buf[j]; b1 += buf[j];
@ -1892,7 +1910,7 @@ void T55xx_ChkPwds(uint8_t flags) {
pwd = bytes_to_num(pwds + i * 4, 4); pwd = bytes_to_num(pwds + i * 4, 4);
T55xxReadBlock(0, true, true, 0, pwd,downlink_mode); T55xxReadBlock(0, true, true, 0, pwd, downlink_mode);
// calc mean of BigBuf 1024 samples. // calc mean of BigBuf 1024 samples.
uint32_t sum = 0; uint32_t sum = 0;
@ -1909,7 +1927,7 @@ void T55xx_ChkPwds(uint8_t flags) {
Dbprintf("[=] Pwd %08X | ABS %u", pwd, curr); Dbprintf("[=] Pwd %08X | ABS %u", pwd, curr);
if (curr > prev) { if (curr > prev) {
Dbprintf("[=] --> ABS %u Candidate %08X <--", curr, pwd); Dbprintf("[=] --> ABS %u Candidate %08X <--", curr, pwd);
candidate = pwd; candidate = pwd;
prev = curr; prev = curr;
} }
@ -1926,10 +1944,10 @@ OUT:
void T55xxWakeUp(uint32_t Pwd, uint8_t flags) { void T55xxWakeUp(uint32_t Pwd, uint8_t flags) {
flags |= 0x01 | 0x40 | 0x20; //Password | Read Call (no data) | reg_read no block flags |= 0x01 | 0x40 | 0x20; //Password | Read Call (no data) | reg_read no block
LED_B_ON(); LED_B_ON();
T55xx_SendCMD (0, Pwd, flags); T55xx_SendCMD(0, Pwd, flags);
//-- Turn and leave field on to let the begin repeating transmission //-- Turn and leave field on to let the begin repeating transmission
TurnReadLFOn(20 * 1000); TurnReadLFOn(20 * 1000);
@ -1939,15 +1957,15 @@ void T55xxWakeUp(uint32_t Pwd, uint8_t flags) {
/*-------------- Cloning routines -----------*/ /*-------------- Cloning routines -----------*/
void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) { void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
t55xx_write_block_t cmd; t55xx_write_block_t cmd;
cmd.pwd = 0; cmd.pwd = 0;
cmd.flags = 0; cmd.flags = 0;
for (uint8_t i = numblocks + startblock; i > startblock; i--) { for (uint8_t i = numblocks + startblock; i > startblock; i--) {
cmd.data = blockdata[i - 1]; cmd.data = blockdata[i - 1];
cmd.blockno = i - 1; cmd.blockno = i - 1;
T55xxWriteBlock ((uint8_t *)&cmd); T55xxWriteBlock((uint8_t *)&cmd);
} }
} }

575
client/cmdlft55xx.c
View file

@ -49,8 +49,8 @@ static int usage_t55xx_read() {
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)");
PrintAndLogEx(NORMAL, " o - OPTIONAL override safety check"); PrintAndLogEx(NORMAL, " o - OPTIONAL override safety check");
PrintAndLogEx(NORMAL, " 1 - OPTIONAL read Page 1 instead of Page 0"); PrintAndLogEx(NORMAL, " 1 - OPTIONAL read Page 1 instead of Page 0");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref."); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref.");
PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref."); PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref.");
PrintAndLogEx(NORMAL, " ****WARNING****"); PrintAndLogEx(NORMAL, " ****WARNING****");
PrintAndLogEx(NORMAL, " Use of read with password on a tag not configured for a pwd"); PrintAndLogEx(NORMAL, " Use of read with password on a tag not configured for a pwd");
PrintAndLogEx(NORMAL, " can damage the tag"); PrintAndLogEx(NORMAL, " can damage the tag");
@ -70,8 +70,8 @@ static int usage_t55xx_write() {
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password 4bytes (8 hex characters)");
PrintAndLogEx(NORMAL, " 1 - OPTIONAL write Page 1 instead of Page 0"); PrintAndLogEx(NORMAL, " 1 - OPTIONAL write Page 1 instead of Page 0");
PrintAndLogEx(NORMAL, " t - OPTIONAL test mode write - ****DANGER****"); PrintAndLogEx(NORMAL, " t - OPTIONAL test mode write - ****DANGER****");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref."); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref.");
PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref."); PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 - write 11223344 to block 3"); PrintAndLogEx(NORMAL, " lf t55xx write b 3 d 11223344 - write 11223344 to block 3");
@ -82,10 +82,10 @@ static int usage_t55xx_write() {
static int usage_t55xx_trace() { static int usage_t55xx_trace() {
PrintAndLogEx(NORMAL, "Usage: lf t55xx trace [r mode]"); PrintAndLogEx(NORMAL, "Usage: lf t55xx trace [r mode]");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref."); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref.");
PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref."); PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref.");
// Command did not seem to support the 1 option (yet) so have removed the help lines // Command did not seem to support the 1 option (yet) so have removed the help lines
// PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag."); // PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx trace"); PrintAndLogEx(NORMAL, " lf t55xx trace");
@ -101,8 +101,8 @@ static int usage_t55xx_info() {
PrintAndLogEx(NORMAL, " d <data> - 4 bytes of data (8 hex characters)"); PrintAndLogEx(NORMAL, " d <data> - 4 bytes of data (8 hex characters)");
PrintAndLogEx(NORMAL, " if set, use these data instead of reading tag."); PrintAndLogEx(NORMAL, " if set, use these data instead of reading tag.");
PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config."); PrintAndLogEx(NORMAL, " q - if set, provided data are interpreted as Q5 config.");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref."); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref.");
PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref."); PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx info"); PrintAndLogEx(NORMAL, " lf t55xx info");
@ -117,8 +117,8 @@ static int usage_t55xx_dump() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " <password> - OPTIONAL password 4bytes (8 hex symbols)"); PrintAndLogEx(NORMAL, " <password> - OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLogEx(NORMAL, " o - OPTIONAL override, force pwd read despite danger to card"); PrintAndLogEx(NORMAL, " o - OPTIONAL override, force pwd read despite danger to card");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref."); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref.");
PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref."); PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx dump"); PrintAndLogEx(NORMAL, " lf t55xx dump");
@ -131,9 +131,9 @@ static int usage_t55xx_detect() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag."); PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLogEx(NORMAL, " p <password - OPTIONAL password (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password - OPTIONAL password (8 hex characters)");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)"); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)");
PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero "); PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero ");
PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes"); PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx detect"); PrintAndLogEx(NORMAL, " lf t55xx detect");
@ -148,9 +148,9 @@ static int usage_t55xx_detectP1() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag."); PrintAndLogEx(NORMAL, " 1 - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)"); PrintAndLogEx(NORMAL, " p <password> - OPTIONAL password (8 hex characters)");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)"); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)");
PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero "); PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero ");
PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes"); PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx p1detect"); PrintAndLogEx(NORMAL, " lf t55xx p1detect");
@ -165,8 +165,8 @@ static int usage_t55xx_wakup() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " p <password> - password 4bytes (8 hex symbols)"); PrintAndLogEx(NORMAL, " p <password> - password 4bytes (8 hex symbols)");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref."); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref.");
PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref."); PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref.");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx wakeup p 11223344 - send wakeup password"); PrintAndLogEx(NORMAL, " lf t55xx wakeup p 11223344 - send wakeup password");
@ -181,9 +181,9 @@ static int usage_t55xx_chk() {
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " m - use dictionary from flashmemory\n"); PrintAndLogEx(NORMAL, " m - use dictionary from flashmemory\n");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)"); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)");
PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero "); PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero ");
PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes"); PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes");
PrintAndLogEx(NORMAL, " i <*.dic> - loads a default keys dictionary file <*.dic>"); PrintAndLogEx(NORMAL, " i <*.dic> - loads a default keys dictionary file <*.dic>");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
@ -201,9 +201,9 @@ static int usage_t55xx_bruteforce() {
PrintAndLogEx(NORMAL, " password must be 4 bytes (8 hex symbols)"); PrintAndLogEx(NORMAL, " password must be 4 bytes (8 hex symbols)");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)"); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)");
PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero "); PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero ");
PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes"); PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes");
PrintAndLogEx(NORMAL, " <start_pwd> - 4 byte hex value to start pwd search at"); PrintAndLogEx(NORMAL, " <start_pwd> - 4 byte hex value to start pwd search at");
PrintAndLogEx(NORMAL, " <end_pwd> - 4 byte hex value to end pwd search at"); PrintAndLogEx(NORMAL, " <end_pwd> - 4 byte hex value to end pwd search at");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
@ -222,9 +222,9 @@ static int usage_t55xx_recoverpw() {
PrintAndLogEx(NORMAL, " default password is 51243648, used by many cloners"); PrintAndLogEx(NORMAL, " default password is 51243648, used by many cloners");
PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h - this help"); PrintAndLogEx(NORMAL, " h - this help");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)"); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default)");
PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero "); PrintAndLogEx(NORMAL, " '1' long leading ref., '2' leading zero ");
PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes"); PrintAndLogEx(NORMAL, " '3' 1 of 4 coding ref., '4' try all modes");
PrintAndLogEx(NORMAL, " [password] - 4 byte hex value of password written by cloner"); PrintAndLogEx(NORMAL, " [password] - 4 byte hex value of password written by cloner");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
@ -258,10 +258,10 @@ static int usage_lf_deviceconfig() {
PrintAndLogEx(NORMAL, " f <8..255> - Set write THREE gap (1 of 4 only)"); PrintAndLogEx(NORMAL, " f <8..255> - Set write THREE gap (1 of 4 only)");
PrintAndLogEx(NORMAL, " g <8..255> - Set read gap"); PrintAndLogEx(NORMAL, " g <8..255> - Set read gap");
PrintAndLogEx(NORMAL, " p - persist to flashmemory"); PrintAndLogEx(NORMAL, " p - persist to flashmemory");
PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref."); PrintAndLogEx(NORMAL, " r <mode> - downlink encoding '0' fixed bit length (default), '1' long leading ref.");
PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref."); PrintAndLogEx(NORMAL, " '2' leading zero, '3' 1 of 4 coding ref.");
PrintAndLogEx(NORMAL, " z - erase t55x7 timings (needs p and reboot to load defaults)"); PrintAndLogEx(NORMAL, " z - erase t55x7 timings (needs p and reboot to load defaults)");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "Examples:"); PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, " lf t55xx deviceconfig a 29 b 17 c 15 d 47 e 15 - default T55XX"); PrintAndLogEx(NORMAL, " lf t55xx deviceconfig a 29 b 17 c 15 d 47 e 15 - default T55XX");
PrintAndLogEx(NORMAL, " lf t55xx deviceconfig a 55 b 14 c 21 d 30 - default EM4305"); PrintAndLogEx(NORMAL, " lf t55xx deviceconfig a 55 b 14 c 21 d 30 - default EM4305");
@ -397,7 +397,7 @@ int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uin
if (usepwd) { if (usepwd) {
// try reading the config block and verify that PWD bit is set before doing this! // try reading the config block and verify that PWD bit is set before doing this!
if (!override) { if (!override) {
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0,downlink_mode)) return PM3_ESOFT; if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0, downlink_mode)) return PM3_ESOFT;
if (!tryDetectModulation()) { if (!tryDetectModulation()) {
PrintAndLogEx(NORMAL, "Safety Check: Could not detect if PWD bit is set in config block. Exits."); PrintAndLogEx(NORMAL, "Safety Check: Could not detect if PWD bit is set in config block. Exits.");
@ -408,9 +408,9 @@ int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, uint8_t override, uin
page1 = false; page1 = false;
} }
} else { } else {
// Show only if first for command i.e. override = 1 (override and display) override = 2 (override and dont display) // Show only if first for command i.e. override = 1 (override and display) override = 2 (override and dont display)
if ((override & 2) != 2) if ((override & 2) != 2)
PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk"); PrintAndLogEx(NORMAL, "Safety Check Overriden - proceeding despite risk");
} }
} }
@ -430,7 +430,7 @@ static int CmdT55xxReadBlock(const char *Cmd) {
bool page1 = false; bool page1 = false;
bool errors = false; bool errors = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -453,12 +453,12 @@ static int CmdT55xxReadBlock(const char *Cmd) {
page1 = true; page1 = true;
cmdp++; cmdp++;
break; break;
case 'r': case 'r':
case 'R': case 'R':
downlink_mode = param_getchar(Cmd, cmdp+1) - '0'; downlink_mode = param_getchar(Cmd, cmdp + 1) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmdp +=2; cmdp += 2;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
@ -556,34 +556,42 @@ static int SanityOfflineCheck(bool useGraphBuffer) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
void T55xx_Print_DownlinkMode (uint8_t downlink_mode) void T55xx_Print_DownlinkMode(uint8_t downlink_mode) {
{ char Msg[80];
char Msg[80]; sprintf(Msg, "Downlink Mode used : ");
sprintf (Msg,"Downlink Mode used : ");
switch (downlink_mode) { switch (downlink_mode) {
case 0 : strcat (Msg,"default/fixed bit length"); break; case 0 :
case 1 : strcat (Msg,"long leading reference (r 1)"); break; strcat(Msg, "default/fixed bit length");
case 2 : strcat (Msg,"leading zero reference (r 2)"); break; break;
case 3 : strcat (Msg,"1 of 4 coding reference (r 3)"); break; case 1 :
default : strcat(Msg, "long leading reference (r 1)");
strcat (Msg,"default/fixed bit length"); break; break;
} case 2 :
strcat(Msg, "leading zero reference (r 2)");
break;
case 3 :
strcat(Msg, "1 of 4 coding reference (r 3)");
break;
default :
strcat(Msg, "default/fixed bit length");
break;
}
PrintAndLogEx (NORMAL,Msg); PrintAndLogEx(NORMAL, Msg);
} }
// //
static int CmdT55xxDetect(const char *Cmd) { static int CmdT55xxDetect(const char *Cmd) {
bool errors = false; bool errors = false;
bool useGB = false; bool useGB = false;
bool usepwd = false; bool usepwd = false;
bool try_all_dl_modes = false; bool try_all_dl_modes = false;
bool found = false; bool found = false;
uint32_t password = 0; uint32_t password = 0;
uint8_t cmdp = 0; uint8_t cmdp = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint8_t dl_mode = 0; uint8_t dl_mode = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -599,12 +607,12 @@ static int CmdT55xxDetect(const char *Cmd) {
useGB = true; useGB = true;
cmdp++; cmdp++;
break; break;
case 'r': case 'r':
downlink_mode = param_getchar(Cmd, cmdp+1) - '0'; downlink_mode = param_getchar(Cmd, cmdp + 1) - '0';
if (downlink_mode == 4) try_all_dl_modes = true; if (downlink_mode == 4) try_all_dl_modes = true;
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmdp +=2; cmdp += 2;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -617,44 +625,44 @@ static int CmdT55xxDetect(const char *Cmd) {
if (SanityOfflineCheck(useGB) != PM3_SUCCESS) return PM3_ENODATA; if (SanityOfflineCheck(useGB) != PM3_SUCCESS) return PM3_ENODATA;
if (!useGB) { if (!useGB) {
for (dl_mode = downlink_mode; dl_mode < 4; dl_mode++) { for (dl_mode = downlink_mode; dl_mode < 4; dl_mode++) {
found = AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password,dl_mode); found = AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, dl_mode);
// found = false if password is supplied but wrong d/l mode // found = false if password is supplied but wrong d/l mode
// so keep trying other modes (if requested) // so keep trying other modes (if requested)
/* if (!found) { /*
printf ("Aquire not found"); if (!found) {
return PM3_ENODATA; printf ("Aquire not found");
} return PM3_ENODATA;
*/ }
if (tryDetectModulation()) */
{ if (tryDetectModulation()) {
T55xx_Print_DownlinkMode (dl_mode); T55xx_Print_DownlinkMode(dl_mode);
dl_mode = 4; dl_mode = 4;
found = true; found = true;
} } else found = false;
else found = false;
if (!try_all_dl_modes) dl_mode = 4; if (!try_all_dl_modes) dl_mode = 4;
} }
} }
if (useGB) found = tryDetectModulation(); if (useGB) found = tryDetectModulation();
if (!found) if (!found)
PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with " _YELLOW_("\'lf t55xx config\'")); PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with " _YELLOW_("\'lf t55xx config\'"));
/* if (!useGB) { /*
if (!useGB) {
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password,downlink_mode)) if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password,downlink_mode))
return PM3_ENODATA; return PM3_ENODATA;
} }
if (!tryDetectModulation()) if (!tryDetectModulation())
PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with " _YELLOW_("\'lf t55xx config\'")); PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with " _YELLOW_("\'lf t55xx config\'"));
else else
T55xx_Print_DownlinkMode (downlink_mode); T55xx_Print_DownlinkMode (downlink_mode);
*/ */
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -1106,9 +1114,9 @@ static int CmdT55xxWakeUp(const char *Cmd) {
uint8_t cmdp = 0; uint8_t cmdp = 0;
bool errors = false; bool errors = false;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint8_t flags = 0; uint8_t flags = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h': case 'h':
return usage_t55xx_wakup(); return usage_t55xx_wakup();
@ -1117,11 +1125,11 @@ static int CmdT55xxWakeUp(const char *Cmd) {
cmdp += 2; cmdp += 2;
errors = false; errors = false;
break; break;
case 'r': case 'r':
downlink_mode = param_getchar(Cmd, cmdp+1) - '0'; downlink_mode = param_getchar(Cmd, cmdp + 1) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmdp +=2; cmdp += 2;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -1131,7 +1139,7 @@ static int CmdT55xxWakeUp(const char *Cmd) {
if (errors) return usage_t55xx_wakup(); if (errors) return usage_t55xx_wakup();
flags = (downlink_mode & 3) << 3; flags = (downlink_mode & 3) << 3;
clearCommandBuffer(); clearCommandBuffer();
SendCommandMIX(CMD_T55XX_WAKEUP, password, flags, 0, NULL, 0); SendCommandMIX(CMD_T55XX_WAKEUP, password, flags, 0, NULL, 0);
PrintAndLogEx(SUCCESS, "Wake up command sent. Try read now"); PrintAndLogEx(SUCCESS, "Wake up command sent. Try read now");
@ -1149,7 +1157,7 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
bool testMode = false; bool testMode = false;
bool errors = false; bool errors = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
uint32_t downlink_mode = 0; uint32_t downlink_mode = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -1182,11 +1190,11 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
page1 = true; page1 = true;
cmdp++; cmdp++;
break; break;
case 'r': case 'r':
downlink_mode = param_getchar(Cmd, cmdp+1) - '0'; downlink_mode = param_getchar(Cmd, cmdp + 1) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmdp +=2; cmdp += 2;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -1200,7 +1208,7 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
flags = (usepwd) ? 0x1 : 0; flags = (usepwd) ? 0x1 : 0;
flags |= (page1) ? 0x2 : 0; flags |= (page1) ? 0x2 : 0;
flags |= (testMode) ? 0x4 : 0; flags |= (testMode) ? 0x4 : 0;
flags |= (downlink_mode << 3); flags |= (downlink_mode << 3);
char pwdStr[16] = {0}; char pwdStr[16] = {0};
snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password); snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password);
@ -1234,15 +1242,15 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
} }
static int CmdT55xxReadTrace(const char *Cmd) { static int CmdT55xxReadTrace(const char *Cmd) {
uint8_t cmd_len = 0; uint8_t cmd_len = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
char cmdp = tolower(param_getchar(Cmd, 0)); char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'r') { if (cmdp == 'r') {
downlink_mode = param_getchar(Cmd, 1) - '0'; downlink_mode = param_getchar(Cmd, 1) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmd_len = 3; cmd_len = 3;
} }
if ((strlen(Cmd) != cmd_len) || (cmdp == 'h')) return usage_t55xx_trace(); if ((strlen(Cmd) != cmd_len) || (cmdp == 'h')) return usage_t55xx_trace();
if (strlen(Cmd) == cmd_len) { if (strlen(Cmd) == cmd_len) {
@ -1251,9 +1259,9 @@ static int CmdT55xxReadTrace(const char *Cmd) {
bool pwdmode = false; bool pwdmode = false;
uint32_t password = 0; uint32_t password = 0;
// REGULAR_READ_MODE_BLOCK - yeilds correct Page 1 Block 2 data i.e. + 32 bit offset. // REGULAR_READ_MODE_BLOCK - yeilds correct Page 1 Block 2 data i.e. + 32 bit offset.
// if (!AquireData(T55x7_PAGE1, T55x7_TRACE_BLOCK1, pwdmode, password,downlink_mode)) // if (!AquireData(T55x7_PAGE1, T55x7_TRACE_BLOCK1, pwdmode, password,downlink_mode))
if (!AquireData(T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password,downlink_mode)) if (!AquireData(T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password, downlink_mode))
return PM3_ENODATA; return PM3_ENODATA;
} }
@ -1497,7 +1505,7 @@ static int CmdT55xxInfo(const char *Cmd) {
*/ */
bool frombuff = false, gotdata = false, dataasq5 = false; bool frombuff = false, gotdata = false, dataasq5 = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint32_t block0 = 0; uint32_t block0 = 0;
while (param_getchar(Cmd, cmdp) != 0x00) { while (param_getchar(Cmd, cmdp) != 0x00) {
@ -1517,11 +1525,11 @@ static int CmdT55xxInfo(const char *Cmd) {
dataasq5 = true; dataasq5 = true;
cmdp += 2; cmdp += 2;
break; break;
case 'r': case 'r':
downlink_mode = param_getchar(Cmd, cmdp+1)- '0'; downlink_mode = param_getchar(Cmd, cmdp + 1) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmdp += 2; cmdp += 2;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
return usage_t55xx_info(); return usage_t55xx_info();
@ -1540,7 +1548,7 @@ static int CmdT55xxInfo(const char *Cmd) {
bool pwdmode = false; bool pwdmode = false;
uint32_t password = 0; uint32_t password = 0;
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, pwdmode, password,downlink_mode)) if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, pwdmode, password, downlink_mode))
return PM3_ENODATA; return PM3_ENODATA;
} }
if (!gotdata) { if (!gotdata) {
@ -1637,19 +1645,19 @@ static int CmdT55xxDump(const char *Cmd) {
uint32_t password = 0; uint32_t password = 0;
uint8_t override = false; uint8_t override = false;
uint8_t cmd_opt_idx = 0; uint8_t cmd_opt_idx = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint8_t pwd_offset = 0; uint8_t pwd_offset = 0;
char cmdp = tolower(param_getchar(Cmd, 0)); char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_t55xx_dump(); if (cmdp == 'h') return usage_t55xx_dump();
if (cmdp == 'r') { if (cmdp == 'r') {
cmd_opt_idx++; cmd_opt_idx++;
downlink_mode = param_getchar(Cmd, cmd_opt_idx++) - '0'; downlink_mode = param_getchar(Cmd, cmd_opt_idx++) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
pwd_offset = 3; pwd_offset = 3;
} }
bool usepwd = (strlen(Cmd) > pwd_offset); bool usepwd = (strlen(Cmd) > pwd_offset);
if (usepwd) { if (usepwd) {
password = param_get32ex(Cmd, cmd_opt_idx++, 0, 16); password = param_get32ex(Cmd, cmd_opt_idx++, 0, 16);
@ -1659,14 +1667,14 @@ static int CmdT55xxDump(const char *Cmd) {
printT5xxHeader(0); printT5xxHeader(0);
for (uint8_t i = 0; i < 8; ++i) { for (uint8_t i = 0; i < 8; ++i) {
T55xxReadBlock(i, 0, usepwd, override, password,downlink_mode); T55xxReadBlock(i, 0, usepwd, override, password, downlink_mode);
// idea for better user experience and display. // idea for better user experience and display.
// only show override warning on the first block read // only show override warning on the first block read
if (override) override |= 2; // flag not to show safty for 2nd and on. if (override) override |= 2; // flag not to show safty for 2nd and on.
} }
printT5xxHeader(1); printT5xxHeader(1);
for (uint8_t i = 0; i < 4; i++) for (uint8_t i = 0; i < 4; i++)
T55xxReadBlock(i, 1, usepwd, override, password,downlink_mode); T55xxReadBlock(i, 1, usepwd, override, password, downlink_mode);
return PM3_SUCCESS; return PM3_SUCCESS;
} }
@ -1683,14 +1691,14 @@ bool AquireData(uint8_t page, uint8_t block, bool pwdmode, uint32_t password, ui
uint8_t blockno; uint8_t blockno;
uint8_t page; uint8_t page;
bool pwdmode; bool pwdmode;
uint8_t downlink_mode; uint8_t downlink_mode;
} PACKED; } PACKED;
struct p payload; struct p payload;
payload.password = password; payload.password = password;
payload.blockno = block; payload.blockno = block;
payload.page = page & 0x1; payload.page = page & 0x1;
payload.pwdmode = pwdmode; payload.pwdmode = pwdmode;
payload.downlink_mode = downlink_mode; payload.downlink_mode = downlink_mode;
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_T55XX_READ_BLOCK, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_T55XX_READ_BLOCK, (uint8_t *)&payload, sizeof(payload));
@ -1951,17 +1959,17 @@ static void t55x7_create_config_block(int tagtype) {
static int CmdResetRead(const char *Cmd) { static int CmdResetRead(const char *Cmd) {
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint8_t flags = 0; uint8_t flags = 0;
if (strlen (Cmd) == 3) if (strlen(Cmd) == 3)
downlink_mode = param_getchar(Cmd, 1) - '0'; downlink_mode = param_getchar(Cmd, 1) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
printf ("DL : %d\n",downlink_mode); printf("DL : %d\n", downlink_mode);
flags = downlink_mode << 3; flags = downlink_mode << 3;
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_T55XX_RESET_READ, &flags, sizeof(flags)); SendCommandNG(CMD_T55XX_RESET_READ, &flags, sizeof(flags));
if (!WaitForResponseTimeout(CMD_ACK, NULL, 2500)) { if (!WaitForResponseTimeout(CMD_ACK, NULL, 2500)) {
@ -2019,42 +2027,42 @@ static bool IsCancelled(void) {
// load a default pwd file. // load a default pwd file.
static int CmdT55xxChkPwds(const char *Cmd) { static int CmdT55xxChkPwds(const char *Cmd) {
char filename[FILE_PATH_SIZE] = {0}; char filename[FILE_PATH_SIZE] = {0};
bool found = false; bool found = false;
uint8_t timeout = 0; uint8_t timeout = 0;
uint8_t *keyBlock = NULL; uint8_t *keyBlock = NULL;
bool from_flash = false; bool from_flash = false;
bool try_all_dl_modes = false; bool try_all_dl_modes = false;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
int len; int len;
char cmdp; char cmdp;
bool use_pwd_file = false; bool use_pwd_file = false;
int dl_mode; // to try each downlink mode for each password int dl_mode; // to try each downlink mode for each password
cmdp = tolower(param_getchar(Cmd,0)); cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_t55xx_chk(); if (cmdp == 'h') return usage_t55xx_chk();
if (cmdp == 'm') { if (cmdp == 'm') {
from_flash = true; from_flash = true;
Cmd +=2; Cmd += 2;
cmdp = tolower(param_getchar(Cmd,0)); cmdp = tolower(param_getchar(Cmd, 0));
} }
if (cmdp == 'r') { if (cmdp == 'r') {
Cmd += 2; Cmd += 2;
downlink_mode = param_getchar(Cmd,0 ) - '0'; // get 2nd option, as this is fixed order. downlink_mode = param_getchar(Cmd, 0) - '0'; // get 2nd option, as this is fixed order.
if (downlink_mode == 4) try_all_dl_modes = true; if (downlink_mode == 4) try_all_dl_modes = true;
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
Cmd += 2; Cmd += 2;
cmdp = param_getchar(Cmd,0); cmdp = param_getchar(Cmd, 0);
} }
if (cmdp == 'i') { if (cmdp == 'i') {
Cmd+=2; Cmd += 2;
len = strlen(Cmd); len = strlen(Cmd);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE; if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd, len); memcpy(filename, Cmd, len);
use_pwd_file = true; use_pwd_file = true;
} }
@ -2069,7 +2077,7 @@ static int CmdT55xxChkPwds(const char *Cmd) {
*/ */
uint64_t t1 = msclock(); uint64_t t1 = msclock();
uint8_t flags = downlink_mode << 3; uint8_t flags = downlink_mode << 3;
if (from_flash) { if (from_flash) {
clearCommandBuffer(); clearCommandBuffer();
@ -2089,11 +2097,11 @@ static int CmdT55xxChkPwds(const char *Cmd) {
if (resp.oldarg[0]) { if (resp.oldarg[0]) {
PrintAndLogEx(SUCCESS, "\nFound a candidate [ " _YELLOW_("%08X") " ]. Trying to validate", resp.oldarg[1]); PrintAndLogEx(SUCCESS, "\nFound a candidate [ " _YELLOW_("%08X") " ]. Trying to validate", resp.oldarg[1]);
if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, resp.oldarg[1],downlink_mode)) { if (AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, resp.oldarg[1], downlink_mode)) {
found = tryDetectModulation(); found = tryDetectModulation();
if (found) { if (found) {
PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") " ]", resp.oldarg[1]); PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") " ]", resp.oldarg[1]);
T55xx_Print_DownlinkMode (downlink_mode); T55xx_Print_DownlinkMode(downlink_mode);
} else { } else {
PrintAndLogEx(WARNING, "Check pwd failed"); PrintAndLogEx(WARNING, "Check pwd failed");
@ -2143,25 +2151,25 @@ static int CmdT55xxChkPwds(const char *Cmd) {
curr_password = bytes_to_num(keyBlock + 4 * c, 4); curr_password = bytes_to_num(keyBlock + 4 * c, 4);
PrintAndLogEx(INFO, "Testing %08X", curr_password); PrintAndLogEx(INFO, "Testing %08X", curr_password);
for (dl_mode = downlink_mode; dl_mode <= 3; dl_mode++){ for (dl_mode = downlink_mode; dl_mode <= 3; dl_mode++) {
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, curr_password,dl_mode)) { if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, curr_password, dl_mode)) {
continue; continue;
} }
found = tryDetectModulation(); found = tryDetectModulation();
if (found) { if (found) {
PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") " ]", curr_password); PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") " ]", curr_password);
T55xx_Print_DownlinkMode (dl_mode); T55xx_Print_DownlinkMode(dl_mode);
dl_mode = 4; // Exit other downlink mode checks dl_mode = 4; // Exit other downlink mode checks
c = keycount; // Exit loop c = keycount; // Exit loop
} }
if (!try_all_dl_modes) // Exit loop if not trying all downlink modes if (!try_all_dl_modes) // Exit loop if not trying all downlink modes
dl_mode = 4; dl_mode = 4;
} }
} }
if (!found) PrintAndLogEx(WARNING, "Check pwd failed"); if (!found) PrintAndLogEx(WARNING, "Check pwd failed");
} }
free(keyBlock); free(keyBlock);
@ -2178,18 +2186,18 @@ static int CmdT55xxBruteForce(const char *Cmd) {
uint32_t start_password = 0x00000000; //start password uint32_t start_password = 0x00000000; //start password
uint32_t end_password = 0xFFFFFFFF; //end password uint32_t end_password = 0xFFFFFFFF; //end password
uint32_t curr = 0; uint32_t curr = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint8_t cmd_opt_idx = 0; uint8_t cmd_opt_idx = 0;
uint8_t found = 0; // > 0 if found xx1 xx downlink needed, 1 found uint8_t found = 0; // > 0 if found xx1 xx downlink needed, 1 found
char cmdp = tolower(param_getchar(Cmd, cmd_opt_idx)); char cmdp = tolower(param_getchar(Cmd, cmd_opt_idx));
if (cmdp == 'h') return usage_t55xx_bruteforce(); if (cmdp == 'h') return usage_t55xx_bruteforce();
if (cmdp == 'r') { // downlink mode supplied if (cmdp == 'r') { // downlink mode supplied
cmd_opt_idx++; // skip over 'r' cmd_opt_idx++; // skip over 'r'
downlink_mode = param_getchar (Cmd,cmd_opt_idx++) - '0'; downlink_mode = param_getchar(Cmd, cmd_opt_idx++) - '0';
if (downlink_mode > 4) downlink_mode = 0; if (downlink_mode > 4) downlink_mode = 0;
} }
uint64_t t1 = msclock(); uint64_t t1 = msclock();
@ -2214,7 +2222,7 @@ static int CmdT55xxBruteForce(const char *Cmd) {
return PM3_EOPABORTED; return PM3_EOPABORTED;
} }
found = tryOnePassword(curr,downlink_mode); found = tryOnePassword(curr, downlink_mode);
if (curr == end_password) if (curr == end_password)
break; break;
@ -2225,10 +2233,9 @@ static int CmdT55xxBruteForce(const char *Cmd) {
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
if (found) { if (found) {
PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") "]", curr-1); PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") "]", curr - 1);
T55xx_Print_DownlinkMode ((found >> 1) & 3); T55xx_Print_DownlinkMode((found >> 1) & 3);
} } else
else
PrintAndLogEx(WARNING, "Bruteforce failed, last tried: [ " _YELLOW_("%08X") " ]", curr); PrintAndLogEx(WARNING, "Bruteforce failed, last tried: [ " _YELLOW_("%08X") " ]", curr);
t1 = msclock() - t1; t1 = msclock() - t1;
@ -2238,30 +2245,29 @@ static int CmdT55xxBruteForce(const char *Cmd) {
uint8_t tryOnePassword(uint32_t password, uint8_t downlink_mode) { uint8_t tryOnePassword(uint32_t password, uint8_t downlink_mode) {
bool try_all_dl_modes = false; bool try_all_dl_modes = false;
uint8_t dl_mode = 0; uint8_t dl_mode = 0;
PrintAndLogEx(INFO, "Trying password %08X", password); PrintAndLogEx(INFO, "Trying password %08X", password);
if (downlink_mode == 4) try_all_dl_modes = true; if (downlink_mode == 4) try_all_dl_modes = true;
downlink_mode = (downlink_mode & 3); // ensure 0-3 downlink_mode = (downlink_mode & 3); // ensure 0-3
// check if dl mode 4 and loop if needed // check if dl mode 4 and loop if needed
for (dl_mode = downlink_mode; dl_mode < 4; dl_mode++){ for (dl_mode = downlink_mode; dl_mode < 4; dl_mode++) {
AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, password,dl_mode); AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, true, password, dl_mode);
// if (getSignalProperties()->isnoise == false) { // if (getSignalProperties()->isnoise == false) {
// } else { // } else {
if (tryDetectModulation()) if (tryDetectModulation()) {
{ return 1 + (dl_mode << 1);
return 1 + (dl_mode << 1); }
} // }
// } if (!try_all_dl_modes) dl_mode = 4;
if (!try_all_dl_modes) dl_mode = 4; }
} return 0;
return 0;
} }
static int CmdT55xxRecoverPW(const char *Cmd) { static int CmdT55xxRecoverPW(const char *Cmd) {
@ -2270,25 +2276,25 @@ static int CmdT55xxRecoverPW(const char *Cmd) {
uint32_t curr_password = 0x0; uint32_t curr_password = 0x0;
uint32_t prev_password = 0xffffffff; uint32_t prev_password = 0xffffffff;
uint32_t mask = 0x0; uint32_t mask = 0x0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint8_t found = 0; uint8_t found = 0;
uint8_t cmd_opt_idx = 0; uint8_t cmd_opt_idx = 0;
char cmdp = tolower(param_getchar(Cmd, cmd_opt_idx)); char cmdp = tolower(param_getchar(Cmd, cmd_opt_idx));
if (cmdp == 'h') return usage_t55xx_recoverpw(); if (cmdp == 'h') return usage_t55xx_recoverpw();
if (cmdp == 'r') { // downlink mode supplied if (cmdp == 'r') { // downlink mode supplied
cmd_opt_idx++; // skip over 'r' cmd_opt_idx++; // skip over 'r'
downlink_mode = param_getchar (Cmd,cmd_opt_idx++) - '0'; downlink_mode = param_getchar(Cmd, cmd_opt_idx++) - '0';
if (downlink_mode > 4) downlink_mode = 0; if (downlink_mode > 4) downlink_mode = 0;
} }
orig_password = param_get32ex(Cmd, cmd_opt_idx++, 0x51243648, 16); //password used by handheld cloners orig_password = param_get32ex(Cmd, cmd_opt_idx++, 0x51243648, 16); //password used by handheld cloners
// first try fliping each bit in the expected password // first try fliping each bit in the expected password
while (bit < 32) { while (bit < 32) {
curr_password = orig_password ^ (1u << bit); curr_password = orig_password ^ (1u << bit);
found = tryOnePassword(curr_password,downlink_mode); found = tryOnePassword(curr_password, downlink_mode);
if (found > 0) // xx1 for found xx = dl mode used if (found > 0) // xx1 for found xx = dl mode used
goto out; goto out;
@ -2313,7 +2319,7 @@ static int CmdT55xxRecoverPW(const char *Cmd) {
continue; continue;
} }
found = tryOnePassword(curr_password,downlink_mode); found = tryOnePassword(curr_password, downlink_mode);
if (found > 0) if (found > 0)
goto out; goto out;
@ -2335,7 +2341,7 @@ static int CmdT55xxRecoverPW(const char *Cmd) {
bit++; bit++;
continue; continue;
} }
found = tryOnePassword(curr_password,downlink_mode); found = tryOnePassword(curr_password, downlink_mode);
if (found > 0) if (found > 0)
goto out; goto out;
@ -2352,9 +2358,8 @@ out:
if (found > 0) { if (found > 0) {
PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") "]", curr_password); PrintAndLogEx(SUCCESS, "Found valid password: [ " _GREEN_("%08X") "]", curr_password);
T55xx_Print_DownlinkMode ((found >> 1) & 3); T55xx_Print_DownlinkMode((found >> 1) & 3);
} } else
else
PrintAndLogEx(WARNING, "Recover pwd failed"); PrintAndLogEx(WARNING, "Recover pwd failed");
return PM3_SUCCESS; return PM3_SUCCESS;
@ -2371,7 +2376,7 @@ bool tryDetectP1(bool getData) {
bool st = true; bool st = true;
if (getData) { if (getData) {
if (!AquireData(T55x7_PAGE1, T55x7_TRACE_BLOCK1, false, 0,0)) if (!AquireData(T55x7_PAGE1, T55x7_TRACE_BLOCK1, false, 0, 0))
return false; return false;
} }
@ -2477,12 +2482,12 @@ static int CmdT55xxDetectPage1(const char *Cmd) {
bool errors = false; bool errors = false;
bool useGB = false; bool useGB = false;
bool usepwd = false; bool usepwd = false;
bool try_all_dl_modes = false; bool try_all_dl_modes = false;
uint8_t found = 0; uint8_t found = 0;
uint32_t password = 0; uint32_t password = 0;
uint8_t cmdp = 0; uint8_t cmdp = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
uint8_t dl_mode = 0; uint8_t dl_mode = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -2498,12 +2503,12 @@ static int CmdT55xxDetectPage1(const char *Cmd) {
useGB = true; useGB = true;
cmdp++; cmdp++;
break; break;
case 'r': case 'r':
downlink_mode = param_getchar(Cmd, cmdp+1) - '0'; downlink_mode = param_getchar(Cmd, cmdp + 1) - '0';
if (downlink_mode == 4) try_all_dl_modes = true; if (downlink_mode == 4) try_all_dl_modes = true;
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmdp +=2; cmdp += 2;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -2513,29 +2518,26 @@ static int CmdT55xxDetectPage1(const char *Cmd) {
if (errors) return usage_t55xx_detectP1(); if (errors) return usage_t55xx_detectP1();
if (!useGB) { if (!useGB) {
for (dl_mode = downlink_mode; dl_mode < 4; dl_mode++) { for (dl_mode = downlink_mode; dl_mode < 4; dl_mode++) {
found = AquireData(T55x7_PAGE1, T55x7_TRACE_BLOCK1, usepwd, password,dl_mode); found = AquireData(T55x7_PAGE1, T55x7_TRACE_BLOCK1, usepwd, password, dl_mode);
//return PM3_ENODATA; //return PM3_ENODATA;
if (tryDetectP1(false)) //tryDetectModulation()) if (tryDetectP1(false)) { //tryDetectModulation())
{ found = dl_mode;
found = dl_mode; dl_mode = 4;
dl_mode = 4; } else found = false;
}
else found = false;
if (!try_all_dl_modes) dl_mode = 4; if (!try_all_dl_modes) dl_mode = 4;
} }
} }
if (useGB) found = tryDetectP1(false); if (useGB) found = tryDetectP1(false);
if (found) { if (found) {
PrintAndLogEx(SUCCESS, "T55xx chip found!"); PrintAndLogEx(SUCCESS, "T55xx chip found!");
T55xx_Print_DownlinkMode (found); T55xx_Print_DownlinkMode(found);
} } else
else PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with " _YELLOW_("\'lf t55xx config\'"));
PrintAndLogEx(WARNING, "Could not detect modulation automatically. Try setting it manually with " _YELLOW_("\'lf t55xx config\'"));
return PM3_SUCCESS; return PM3_SUCCESS;
@ -2546,8 +2548,8 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) {
uint8_t write0 = 0, write1 = 0, write2 = 0, write3 = 0; uint8_t write0 = 0, write1 = 0, write2 = 0, write3 = 0;
bool errors = false, shall_persist = false; bool errors = false, shall_persist = false;
uint8_t cmdp = 0; uint8_t cmdp = 0;
uint8_t downlink_mode = 0; uint8_t downlink_mode = 0;
bool erase = false; bool erase = false;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (tolower(param_getchar(Cmd, cmdp))) {
@ -2583,7 +2585,7 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) {
break; break;
case 'r': case 'r':
downlink_mode = param_getchar(Cmd, cmdp + 1) - '0'; downlink_mode = param_getchar(Cmd, cmdp + 1) - '0';
if (downlink_mode > 3) downlink_mode = 0; if (downlink_mode > 3) downlink_mode = 0;
cmdp += 2; cmdp += 2;
break; break;
case 'p': case 'p':
@ -2604,23 +2606,22 @@ static int CmdT55xxSetDeviceConfig(const char *Cmd) {
//Validations //Validations
if (errors || cmdp == 0) return usage_lf_deviceconfig(); if (errors || cmdp == 0) return usage_lf_deviceconfig();
// printf ("DLmode %d\n",downlink_mode); // printf ("DLmode %d\n",downlink_mode);
t55xx_config conf = {0}; t55xx_config conf = {0};
printf ("Size conf %zu\n",sizeof(conf)); printf("Size conf %zu\n", sizeof(conf));
if (erase) { if (erase) {
memset (&conf,0xff, sizeof(conf)); memset(&conf, 0xff, sizeof(conf));
printf ("Conf.m[0] %x\n",conf.m[0].start_gap); printf("Conf.m[0] %x\n", conf.m[0].start_gap);
} } else {
else {
conf.m[downlink_mode].start_gap = startgap * 8; conf.m[downlink_mode].start_gap = startgap * 8;
conf.m[downlink_mode].write_gap = writegap * 8; conf.m[downlink_mode].write_gap = writegap * 8;
conf.m[downlink_mode].write_0 = write0 * 8; conf.m[downlink_mode].write_0 = write0 * 8;
conf.m[downlink_mode].write_1 = write1 * 8; conf.m[downlink_mode].write_1 = write1 * 8;
conf.m[downlink_mode].write_2 = write2 * 8; conf.m[downlink_mode].write_2 = write2 * 8;
conf.m[downlink_mode].write_3 = write3 * 8; conf.m[downlink_mode].write_3 = write3 * 8;
conf.m[downlink_mode].read_gap = readgap * 8; conf.m[downlink_mode].read_gap = readgap * 8;
} }
clearCommandBuffer(); clearCommandBuffer();
SendCommandOLD(CMD_SET_LF_T55XX_CONFIG, shall_persist, 0, 0, &conf, sizeof(t55xx_config)); SendCommandOLD(CMD_SET_LF_T55XX_CONFIG, shall_persist, 0, 0, &conf, sizeof(t55xx_config));
return PM3_SUCCESS; return PM3_SUCCESS;

6
client/scripting.c
View file

@ -903,7 +903,7 @@ static int l_T55xx_readblock(lua_State *L) {
// try reading the config block and verify that PWD bit is set before doing this! // try reading the config block and verify that PWD bit is set before doing this!
if (!override) { if (!override) {
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0,0)) { if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0, 0)) {
return returnToLuaWithError(L, "Failed to read config block"); return returnToLuaWithError(L, "Failed to read config block");
} }
@ -920,7 +920,7 @@ static int l_T55xx_readblock(lua_State *L) {
} }
} }
if (!AquireData(usepage1, block, usepwd, password,0)) { if (!AquireData(usepage1, block, usepwd, password, 0)) {
return returnToLuaWithError(L, "Failed to aquire data from card"); return returnToLuaWithError(L, "Failed to aquire data from card");
} }
@ -977,7 +977,7 @@ static int l_T55xx_detect(lua_State *L) {
if (!useGB) { if (!useGB) {
isok = AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password,0); isok = AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, 0);
if (isok == false) { if (isok == false) {
return returnToLuaWithError(L, "Failed to aquire LF signal data"); return returnToLuaWithError(L, "Failed to aquire LF signal data");
} }

16
include/pm3_cmd.h
View file

@ -131,18 +131,18 @@ typedef struct {
// Extended to support 1 of 4 timing // Extended to support 1 of 4 timing
typedef struct { typedef struct {
uint16_t start_gap ; uint16_t start_gap ;
uint16_t write_gap ; uint16_t write_gap ;
uint16_t write_0 ; uint16_t write_0 ;
uint16_t write_1 ; uint16_t write_1 ;
uint16_t write_2 ; uint16_t write_2 ;
uint16_t write_3 ; uint16_t write_3 ;
uint16_t read_gap ; uint16_t read_gap ;
} t55xx_config_t; } t55xx_config_t;
// This setup will allow for the 4 downlink modes "m" as well as other items if needed. // This setup will allow for the 4 downlink modes "m" as well as other items if needed.
// Given the one struct we can then read/write to flash/client in one go. // Given the one struct we can then read/write to flash/client in one go.
typedef struct { typedef struct {
t55xx_config_t m[4]; // mode t55xx_config_t m[4]; // mode
} t55xx_config; } t55xx_config;
/*typedef struct { /*typedef struct {