ADD: Marshmellows fixes for "lf t55xx" and "lf cmdread" ref: https://github.com/Proxmark/proxmark3/pull/166/files

2025-08-20 05:13:46 -07:00 · 2016-02-21 17:44:25 +01:00 · 2016-02-21 17:44:25 +01:00 · c0f15a05b3
commit c0f15a05b3
parent c7962313cc
9 changed files with 46 additions and 24 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -20,6 +20,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
  - Updated the Reveng 1.30 sourcecode to 1.31 from Reveng projecthomepage (iceman)
 ### Added
 - Added a LF ASK Sequence Terminator detection option to the standard ask demod - and applied it to `lf search u`, `lf t55xx detect`, and `data rawdemod am s` (marshmellow)
 - `lf awid bruteforce <facilitycode>` - Simple bruteforce attack against a AWID reader.
 - `lf t55xx bruteforce <start password> <end password> [i <*.dic>]` - Simple bruteforce attack to find password - (iceman and others)
 - `lf viking clone`- clone viking tag to t55x7 or Q5 from 4byte hex ID input 
--- a/armsrc/BigBuf.c
+++ b/armsrc/BigBuf.c
@ -27,7 +27,7 @@ static uint16_t BigBuf_hi = BIGBUF_SIZE;
 static uint8_t *emulator_memory = NULL;
 // trace related variables
-static uint16_t traceLen;
+static uint16_t traceLen = 0;
 int tracing = 1; //Last global one.. todo static?
 // get the address of BigBuf
@ -61,6 +61,10 @@ void BigBuf_Clear_ext(bool verbose)
 		Dbprintf("Buffer cleared (%i bytes)",BIGBUF_SIZE);
 }
 void BigBuf_Clear_keep_EM(void)
 {
 	memset(BigBuf,0,BigBuf_hi);
 }
 // allocate a chunk of memory from BigBuf. We allocate high memory first. The unallocated memory
 // at the beginning of BigBuf is always for traces/samples
@ -239,6 +243,7 @@ int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwP
 	return TRUE;
 }
 // Emulator memory
 uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){
 	uint8_t* mem = BigBuf_get_EM_addr();
--- a/armsrc/BigBuf.h
+++ b/armsrc/BigBuf.h
@ -26,6 +26,7 @@ extern uint8_t *BigBuf_get_EM_addr(void);
 extern uint16_t BigBuf_max_traceLen(void);
 extern void BigBuf_Clear(void);
 extern void BigBuf_Clear_ext(bool verbose);
 extern void BigBuf_Clear_keep_EM(void);
 extern uint8_t *BigBuf_malloc(uint16_t);
 extern void BigBuf_free(void);
 extern void BigBuf_free_keep_EM(void);
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -17,7 +17,7 @@
 #include "lfdemod.h"
 #include "lfsampling.h"
 #include "protocols.h"
-#include "usb_cdc.h" //test
+#include "usb_cdc.h" // for usb_poll_validate_length
 /**
 * Function to do a modulation and then get samples.
@ -37,6 +37,8 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t period_0, uint
 	sample_config sc = { 0,0,1, divisor_used, 0};
 	setSamplingConfig(&sc);
 	//clear read buffer
 	BigBuf_Clear_keep_EM();
 	/* Make sure the tag is reset */
 	FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
@ -725,6 +727,9 @@ void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	// Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
 	//clear read buffer
 	BigBuf_Clear_keep_EM();
 	while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
 		WDT_HIT();
@ -815,6 +820,8 @@ void CmdAWIDdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	uint8_t *dest = BigBuf_get_addr();
 	size_t size; 
 	int idx=0;
 	//clear read buffer
 	BigBuf_Clear_keep_EM();
 	// Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
@ -905,6 +912,8 @@ void CmdEM410xdemod(int findone, int *high, int *low, int ledcontrol)
 	int clk=0, invert=0, errCnt=0, maxErr=20;
 	uint32_t hi=0;
 	uint64_t lo=0;
 	//clear read buffer
 	BigBuf_Clear_keep_EM();
 	// Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
@ -966,7 +975,11 @@ void CmdIOdemodFSK(int findone, int *high, int *low, int ledcontrol)
 	uint16_t number=0;
 	uint8_t crc = 0;
 	uint16_t calccrc = 0;
-	// Configure to go in 125Khz listen mode
+
 	//clear read buffer
 	BigBuf_Clear_keep_EM();
 // Configure to go in 125Khz listen mode
 	LFSetupFPGAForADC(95, true);
 	while(!BUTTON_PRESS() && !usb_poll_validate_length()) {
@ -1095,7 +1108,7 @@ void T55xxWriteBit(int bit) {
 void T55xxResetRead(void) {
 	LED_A_ON();
 	//clear buffer now so it does not interfere with timing later
-	BigBuf_Clear_ext(false);
+	BigBuf_Clear_keep_EM();
 	// Set up FPGA, 125kHz
 	LFSetupFPGAForADC(95, true);
@ -1602,7 +1615,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
 	uint16_t bufsize = BigBuf_max_traceLen();
 	uint32_t i = 0;
-	//clear buffer now so it does not interfere with timing later
+	// Clear destination buffer before sending the command
 	BigBuf_Clear_ext(false);
 	//If password mode do login
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@ -10,7 +10,7 @@
 #include "apps.h"
 #include "util.h"
 #include "string.h"
-
+#include "usb_cdc.h" // for usb_poll_validate_length
 #include "lfsampling.h"
 sample_config config = { 1, 8, 1, 95, 0 } ;
@ -103,7 +103,6 @@ void LFSetupFPGAForADC(int divisor, bool lf_field)
 	FpgaSetupSsc();
 }
 /**
 * Does the sample acquisition. If threshold is specified, the actual sampling
 * is not commenced until the threshold has been reached.
@ -125,7 +124,7 @@ uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averag
 	uint8_t *dest = BigBuf_get_addr();
    uint16_t bufsize = BigBuf_max_traceLen();
-	BigBuf_Clear_ext(false);
+	//BigBuf_Clear_ext(false);	  //creates issues with cmdread (marshmellow)
 	if(bits_per_sample < 1) bits_per_sample = 1;
 	if(bits_per_sample > 8) bits_per_sample = 8;
--- a/armsrc/pcf7931.c
+++ b/armsrc/pcf7931.c
@ -28,6 +28,8 @@ int DemodPCF7931(uint8_t **outBlocks) {
 	int num_blocks = 0;
 	int lmin=128, lmax=128;
 	uint8_t dir;
 	//clear read buffer
 	BigBuf_Clear_keep_EM();
 	LFSetupFPGAForADC(95, true);
 	DoAcquisition_default(0, true);
--- a/client/cmddata.c
+++ b/client/cmddata.c
@ -613,7 +613,7 @@ int CmdG_Prox_II_Demod(const char *Cmd)
 		if ((idx+1) % 5 == 0){
 			//spacer bit - should be 0
 			if (DemodBuffer[startIdx+idx] != 0) {
-				if (g_debugMode) PrintAndLog("Error spacer not 0: %d, pos: %d",DemodBuffer[startIdx+idx],startIdx+idx);
+				if (g_debugMode) PrintAndLog("Error spacer not 0: %u, pos: %u", (unsigned int)DemodBuffer[startIdx+idx],(unsigned int)(startIdx+idx));
 				return 0;
 			}
 			continue;
@ -628,14 +628,14 @@ int CmdG_Prox_II_Demod(const char *Cmd)
 		ByteStream[ByteCnt] = ByteStream[ByteCnt] | (DemodBuffer[startIdx+idx]<<bitCnt);
 		bitCnt++;
 		if (bitCnt % 8 == 0){
-			if (g_debugMode) PrintAndLog("byte %d: %02x",ByteCnt,ByteStream[ByteCnt]);
+			if (g_debugMode) PrintAndLog("byte %u: %02x", (unsigned int)ByteCnt, ByteStream[ByteCnt]);
 			bitCnt=0;
 			ByteCnt++;
 		}
 	}
 	for (uint8_t i = 0; i < ByteCnt; i++){
 		ByteStream[i] ^= xorKey; //xor
-		if (g_debugMode) PrintAndLog("byte %d after xor: %02x", i, ByteStream[i]);
+		if (g_debugMode) PrintAndLog("byte %u after xor: %02x", (unsigned int)i, ByteStream[i]);
 	}
 	//now ByteStream contains 64 bytes of decrypted raw tag data
 	// 
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@ -1397,21 +1397,18 @@ int CmdT55xxBruteForce(const char *Cmd) {
 	char buf[9];
 	char filename[FILE_PATH_SIZE]={0};
 	int	keycnt = 0;
-	int c;
+	int ch;
 	uint8_t stKeyBlock = 20;
 	uint8_t *keyBlock = NULL, *p = NULL;
 	keyBlock = calloc(stKeyBlock, 6);
 	if (keyBlock == NULL) return 1;
    uint32_t start_password = 0x00000000; //start password
    uint32_t end_password   = 0xFFFFFFFF; //end   password
    bool found = false;
    char cmdp = param_getchar(Cmd, 0);
-    if (cmdp == 'h' || cmdp == 'H') {
+	if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();
-		free(keyBlock);
+
-		return usage_t55xx_bruteforce();
+	keyBlock = calloc(stKeyBlock, 6);
-	}
+	if (keyBlock == NULL) return 1;
 	if (cmdp == 'i' || cmdp == 'I') {
@ -1472,8 +1469,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
 		for (uint16_t c = 0; c < keycnt; ++c ) {
 			if (ukbhit()) {
-				c = getchar();
+				ch = getchar();
-				(void)c;
+				(void)ch;
 				printf("\naborted via keyboard!\n");
 				free(keyBlock);
 				return 0;
@ -1523,8 +1520,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
 		printf(".");
 		fflush(stdout);
 		if (ukbhit()) {
-			c = getchar();
+			ch = getchar();
-			(void)c;
+			(void)ch;
 			printf("\naborted via keyboard!\n");
 			free(keyBlock);
 			return 0;
--- a/client/graph.c
+++ b/client/graph.c
@ -143,7 +143,11 @@ int GetAskClock(const char str[], bool printAns, bool verbose)
 			PrintAndLog("Failed to copy from graphbuffer");
 		return -1;
 	}
-	int start = DetectASKClock(grph, size, &clock, 20);
+	bool st = DetectST(grph, &size, &clock);
 	int start = 0;
 	if (st == false) {
 		start = DetectASKClock(grph, size, &clock, 20);
 	}
 	// Only print this message if we're not looping something
 	if (printAns){
 		PrintAndLog("Auto-detected clock rate: %d, Best Starting Position: %d", clock, start);