github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 05:13:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

hf mfu otptear - textual, changing order on initial write device

Browse source
This commit is contained in:
iceman1001 2020-10-11 18:03:29 +02:00
commit bc9545d493
2 changed files with 70 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

7
armsrc/mifarecmd.c
View file

@ -2708,6 +2708,8 @@ void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t arg1, uint8_t *datain) {
if (tearOffTime > 43000) if (tearOffTime > 43000)
tearOffTime = 43000; tearOffTime = 43000;
MifareUWriteBlock(blockNo, 0, data_fullwrite);
LEDsoff(); LEDsoff();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace(); clear_trace();
@ -2716,9 +2718,6 @@ void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t arg1, uint8_t *datain) {
// write cmd to send, include CRC // write cmd to send, include CRC
// 1b write, 1b block, 4b data, 2 crc // 1b write, 1b block, 4b data, 2 crc
uint8_t cmd[] = {MIFARE_ULC_WRITE, blockNo, data_testwrite[0], data_testwrite[1], data_testwrite[2], data_testwrite[3], 0, 0}; uint8_t cmd[] = {MIFARE_ULC_WRITE, blockNo, data_testwrite[0], data_testwrite[1], data_testwrite[2], data_testwrite[3], 0, 0};
MifareUWriteBlock(blockNo, 0, data_fullwrite);
AddCrc14A(cmd, sizeof(cmd) - 2); AddCrc14A(cmd, sizeof(cmd) - 2);
// anticollision / select card // anticollision / select card
@ -2734,7 +2733,7 @@ void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t arg1, uint8_t *datain) {
LED_D_ON(); LED_D_ON();
SpinDelayUsPrecision(tearOffTime); SpinDelayUsPrecision(tearOffTime);
if (DBGLEVEL >= DBG_ERROR) Dbprintf(_YELLOW_("OTP tear-off triggered!")); if (DBGLEVEL >= DBG_DEBUG) Dbprintf(_YELLOW_("OTP tear-off triggered!"));
switch_off(); switch_off();
reply_ng(CMD_HF_MFU_OTP_TEAROFF, PM3_SUCCESS, NULL, 0); reply_ng(CMD_HF_MFU_OTP_TEAROFF, PM3_SUCCESS, NULL, 0);

81
client/src/cmdhfmfu.c
View file

@ -2838,10 +2838,10 @@ static int CmdHF14AMfuOtpTearoff(const char *Cmd) {
break; break;
case 'i': case 'i':
interval = param_get32ex(Cmd, cmdp + 1, interval, 10); interval = param_get32ex(Cmd, cmdp + 1, interval, 10);
if (interval == 0) { //if (interval == 0) {
PrintAndLogEx(WARNING, "Wrong interval number"); // PrintAndLogEx(WARNING, "Wrong interval number");
errors = true; //errors = true;
} //}
cmdp += 2; cmdp += 2;
break; break;
case 'l': case 'l':
@ -2887,16 +2887,22 @@ static int CmdHF14AMfuOtpTearoff(const char *Cmd) {
if (errors) return usage_hf_mfu_otp_tearoff(); if (errors) return usage_hf_mfu_otp_tearoff();
PrintAndLogEx(INFO, "----------------- " _CYAN_("MFU Tear off") " ---------------------");
PrintAndLogEx(INFO, "Starting Tear-off test"); PrintAndLogEx(INFO, "Starting Tear-off test");
PrintAndLogEx(INFO, "Target block no: %u", blockNoUint); PrintAndLogEx(INFO, "Target block no: %u", blockNoUint);
PrintAndLogEx(INFO, "Target inital block data : %s", sprint_hex_inrow(teardata, 4));
PrintAndLogEx(INFO, "Target write block data : %s", sprint_hex_inrow(teardata + 4, 4));
PrintAndLogEx(INFO, "----------------------------------------------------");
uint8_t isOK; uint8_t isOK;
bool got_pre = false, got_post = false; bool got_pre = false, got_post = false, lock_on = false;
uint8_t pre[4] = {0}; uint8_t pre[4] = {0};
uint8_t post[4] = {0}; uint8_t post[4] = {0};
uint32_t actualTime = startTime; uint32_t actualTime = startTime;
int phase_clear = -1;
int phase_newwr = -1;
uint8_t retries = 0;
while (actualTime <= (timeLimit - interval)) { while (actualTime <= (timeLimit - interval)) {
if (kbd_enter_pressed()) { if (kbd_enter_pressed()) {
@ -2939,18 +2945,42 @@ static int CmdHF14AMfuOtpTearoff(const char *Cmd) {
if (got_pre && got_post) { if (got_pre && got_post) {
char post_res[30] = {0}; char prestr[20] = {0};
if (memcmp(pre, post, sizeof(pre)) == 0) snprintf(prestr, sizeof(prestr), "%s", sprint_hex_inrow(pre, sizeof(pre)));
snprintf(post_res, sizeof(post_res) - 1, "%s", sprint_hex_inrow(post, sizeof(post))); char poststr[20] = {0};
else snprintf(poststr, sizeof(poststr), "%s", sprint_hex_inrow(post, sizeof(post)));
snprintf(post_res, sizeof(post_res) - 1, _CYAN_("%s"), sprint_hex_inrow(post, sizeof(post)));
PrintAndLogEx(INFO, "Result %02d/0x%02X | %s vs %s" if (memcmp(pre, post, sizeof(pre)) == 0) {
PrintAndLogEx(INFO, "Current %02d (0x%02X) %s"
, blockNoUint , blockNoUint
, blockNoUint , blockNoUint
, sprint_hex_inrow(pre, sizeof(pre)) , poststr
, post_res
); );
} else {
// skip first message, since its the reset write.
if ( actualTime == startTime ) {
PrintAndLogEx(INFO, "Inital write");
} else {
PrintAndLogEx(INFO, _CYAN_("Tear off occured") " : %02d (0x%02X) %s vs " _RED_("%s")
, blockNoUint
, blockNoUint
, prestr
, poststr
);
lock_on = true;
if (phase_clear == -1)
phase_clear = actualTime;
// new write phase must be atleast 100us later..
if (phase_clear > -1 && phase_newwr == -1 && actualTime > (phase_clear + 100))
phase_newwr = actualTime;
}
}
} else { } else {
if (got_pre == false) if (got_pre == false)
PrintAndLogEx(FAILED, "Failed to read block BEFORE"); PrintAndLogEx(FAILED, "Failed to read block BEFORE");
@ -2970,8 +3000,29 @@ static int CmdHF14AMfuOtpTearoff(const char *Cmd) {
PrintAndLogEx(NORMAL, "---------------------------------\n"); PrintAndLogEx(NORMAL, "---------------------------------\n");
} }
*/ */
if (startTime != timeLimit) {
actualTime += interval; actualTime += interval;
} else {
if (lock_on == false) {
if (++retries == 20) {
actualTime++;
timeLimit++;
startTime++;
retries = 0;
PrintAndLogEx(INFO, _CYAN_("Retried %u times, increased delay with 1us"), retries);
} }
}
}
}
PrintAndLogEx(INFO, "----------------------------------------------------");
if (phase_clear > - 1) {
PrintAndLogEx(INFO, "phase 1 (erase eeprom) could be " _YELLOW_("%d") " us" , phase_clear);
}
if (phase_newwr > - 1) {
PrintAndLogEx(INFO, "phase 2 (new write) could be " _YELLOW_("%d") " us" , phase_newwr);
}
PrintAndLogEx(NORMAL, "");
return PM3_SUCCESS; return PM3_SUCCESS;
} }