github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 13:53:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: lf t55xx write - now uses NG frames.

Browse source
This commit is contained in:
iceman1001 2019-05-13 13:23:53 +02:00
commit d2a4ade2af
15 changed files with 159 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

3
armsrc/appmain.c
View file

@ -820,7 +820,8 @@ static void PacketReceived(PacketCommandNG *packet) {
break;
}
case CMD_T55XX_WRITE_BLOCK:
T55xxWriteBlock(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes[0]);
// uses NG format
T55xxWriteBlock(packet->data.asBytes);
break;
case CMD_T55XX_WAKEUP:
T55xxWakeUp(packet->oldarg[0]);

4
armsrc/apps.h
View file

@ -100,8 +100,8 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
void T55xxResetRead(void);
void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg);
void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg);
void T55xxWriteBlock(uint8_t *data);
void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags);
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
void T55xxWakeUp(uint32_t Pwd);
void T55xx_ChkPwds(void);

54
armsrc/lfops.c
View file

@ -1397,11 +1397,11 @@ void T55xxResetRead(void) {
}
// Write one card block in page 0, no lock
void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) {
void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags) {
LED_A_ON();
bool PwdMode = arg & 0x1;
uint8_t Page = (arg & 0x2) >> 1;
bool testMode = arg & 0x4;
bool pwd_mode = (flags & 0x1);
uint8_t page = (flags & 0x2) >> 1;
bool test_mode = (flags & 0x4 >> 3);
uint32_t i = 0;
// Set up FPGA, 125kHz
@ -1409,30 +1409,38 @@ void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg)
// make sure tag is fully powered up...
WaitMS(4);
// Trigger T55x7 in mode.
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
WaitUS(t_config.start_gap);
if (testMode) Dbprintf("TestMODE");
// Std Opcode 10
T55xxWriteBit(testMode ? 0 : 1);
T55xxWriteBit(testMode ? 1 : Page); //Page 0
if (PwdMode) {
// Send Pwd
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(Pwd & i);
if (test_mode) {
Dbprintf("T55xx writing with ", _YELLOW_("test mode enabled"));
// undocmented testmode opcode 01
T55xxWriteBit(0);
T55xxWriteBit(1);
} else {
// std opcode 10 == page 0
// std opcode 11 == page 1
T55xxWriteBit(1);
T55xxWriteBit(page);
}
// Send Lock bit
if (pwd_mode) {
// Send pwd
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(pwd & i);
}
// Send lock bit
T55xxWriteBit(0);
// Send Data
// Send data
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(Data & i);
T55xxWriteBit(data & i);
// Send Block number
// Send block number
for (i = 0x04; i != 0; i >>= 1)
T55xxWriteBit(Block & i);
T55xxWriteBit(blockno & i);
// Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
// so wait a little more)
@ -1441,7 +1449,7 @@ void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg)
// - programming takes ~5.6ms for t5577 ~18ms for E5550 or t5567
// so we should wait 1 clock + 5.6ms then read response?
// but we need to know we are dealing with t5577 vs t5567 vs e5550 (or q5) marshmellow...
if (testMode) {
if (test_mode) {
//TESTMODE TIMING TESTS:
// <566us does nothing
// 566-568 switches between wiping to 0s and doing nothing
@ -1469,9 +1477,11 @@ void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg)
}
// Write one card block in page 0, no lock
void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) {
T55xxWriteBlockExt(Data, Block, Pwd, arg);
reply_old(CMD_ACK, 0, 0, 0, 0, 0);
// uses NG format
void T55xxWriteBlock(uint8_t *data) {
t55xx_write_block_t *c = (t55xx_write_block_t *)data;
T55xxWriteBlockExt(c->data, c->blockno, c->pwd, c->flags);
reply_ng(CMD_T55XX_WRITE_BLOCK, PM3_SUCCESS, NULL, 0);
}
// Read one card block in page [page]

13
client/cmdlfawid.c
View file

@ -395,9 +395,16 @@ static int CmdAWIDClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

12
client/cmdlffdx.c
View file

@ -291,9 +291,15 @@ static int CmdFdxClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

12
client/cmdlfguard.c
View file

@ -180,9 +180,15 @@ static int CmdGuardClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

12
client/cmdlfjablotron.c
View file

@ -165,9 +165,15 @@ static int CmdJablotronClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

13
client/cmdlfkeri.c
View file

@ -145,7 +145,6 @@ static int CmdKeriClone(const char *Cmd) {
blocks[2] = data & 0xFFFFFFFF;
print_blocks(blocks, 3);
PacketResponseNG resp;
// fast push mode
@ -156,9 +155,15 @@ static int CmdKeriClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

11
client/cmdlfnedap.c
View file

@ -212,9 +212,14 @@ static int CmdLFNedapClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)){
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

11
client/cmdlfnoralsy.c
View file

@ -164,9 +164,14 @@ static int CmdNoralsyClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

11
client/cmdlfpresco.c
View file

@ -130,9 +130,14 @@ static int CmdPrescoClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

11
client/cmdlfpyramid.c
View file

@ -242,9 +242,14 @@ static int CmdPyramidClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

45
client/cmdlft55xx.c
View file

@ -1041,6 +1041,11 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
case 'b':
errors |= param_getdec(Cmd, cmdp + 1, &block);
cmdp += 2;
if (block > 7) {
PrintAndLogEx(WARNING, "Block number must be between 0 and 7");
errors = true;
}
break;
case 'd':
data = param_get32ex(Cmd, cmdp + 1, 0, 16);
@ -1068,31 +1073,37 @@ static int CmdT55xxWriteBlock(const char *Cmd) {
}
if (errors || !gotdata) return usage_t55xx_write();
if (block > 7) {
PrintAndLogEx(WARNING, "Block number must be between 0 and 7");
return 0;
}
PacketResponseNG resp;
uint8_t flags[1] = {0};
flags[0] = (page1) ? 0x2 : 0;
flags[0] |= (testMode) ? 0x4 : 0;
uint8_t flags;
flags = (usepwd) ? 0x1 : 0;
flags |= (page1) ? 0x2 : 0;
flags |= (testMode) ? 0x4 : 0;
char pwdStr[16] = {0};
snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password);
PrintAndLogEx(INFO, "Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : "");
uint64_t arg_pwd = 0;
//Password mode
if (usepwd) {
arg_pwd = password;
flags[0] |= 0x1;
}
clearCommandBuffer();
SendCommandOLD(CMD_T55XX_WRITE_BLOCK, data, block, arg_pwd, flags, sizeof(flags));
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
/*
OLD style
arg0 = data, (4 bytes)
arg1 = block (1 byte)
arg2 = password (4 bytes)
flags = data[0] (1 byte)
new style
uses struct in pm3_cmd.h
*/
t55xx_write_block_t ng;
ng.data = data;
ng.pwd = password;
ng.blockno = block;
ng.flags = flags;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, 1500)) {
PrintAndLogEx(WARNING, "Error occurred, device did not ACK write operation. (May be due to old firmware)");
return 0;
}

12
client/cmdlfvisa2000.c
View file

@ -176,9 +176,15 @@ static int CmdVisa2kClone(const char *Cmd) {
conn.block_after_ACK = false;
}
clearCommandBuffer();
uint8_t data[] = {0};
SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data));
if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) {
t55xx_write_block_t ng;
ng.data = blocks[i];
ng.pwd = 0;
ng.blockno = i;
ng.flags = 0;
SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng));
if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) {
PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation.");
return -1;
}

8
include/pm3_cmd.h
View file

@ -168,6 +168,14 @@ typedef struct {
#define CAPABILITIES_VERSION 1
extern capabilities_t pm3_capabilities;
// For CMD_T55XX_WRITE_BLOCK
typedef struct {
uint32_t data;
uint32_t pwd;
uint8_t blockno;
uint8_t flags;
} PACKED t55xx_write_block_t;
// For the bootloader
#define CMD_DEVICE_INFO 0x0000
#define CMD_SETUP_WRITE 0x0001