From d2a4ade2afe17f8794031a26069cd043418326ca Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 13 May 2019 13:23:53 +0200 Subject: [PATCH] chg: lf t55xx write - now uses NG frames. --- armsrc/appmain.c | 3 ++- armsrc/apps.h | 4 +-- armsrc/lfops.c | 54 ++++++++++++++++++++++++----------------- client/cmdlfawid.c | 13 +++++++--- client/cmdlffdx.c | 12 ++++++--- client/cmdlfguard.c | 12 ++++++--- client/cmdlfjablotron.c | 12 ++++++--- client/cmdlfkeri.c | 13 +++++++--- client/cmdlfnedap.c | 11 ++++++--- client/cmdlfnoralsy.c | 11 ++++++--- client/cmdlfpresco.c | 11 ++++++--- client/cmdlfpyramid.c | 11 ++++++--- client/cmdlft55xx.c | 45 +++++++++++++++++++++------------- client/cmdlfvisa2000.c | 12 ++++++--- include/pm3_cmd.h | 8 ++++++ 15 files changed, 159 insertions(+), 73 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 26119ab25..3c09a30c6 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -820,7 +820,8 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_T55XX_WRITE_BLOCK: - T55xxWriteBlock(packet->oldarg[0], packet->oldarg[1], packet->oldarg[2], packet->data.asBytes[0]); + // uses NG format + T55xxWriteBlock(packet->data.asBytes); break; case CMD_T55XX_WAKEUP: T55xxWakeUp(packet->oldarg[0]); diff --git a/armsrc/apps.h b/armsrc/apps.h index f3bbbe2c8..fd16e44e6 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -100,8 +100,8 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo); void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7 void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7 void T55xxResetRead(void); -void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg); -void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg); +void T55xxWriteBlock(uint8_t *data); +void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags); void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd); void T55xxWakeUp(uint32_t Pwd); void T55xx_ChkPwds(void); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 2fed8d962..c5b703b13 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1397,11 +1397,11 @@ void T55xxResetRead(void) { } // Write one card block in page 0, no lock -void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) { +void T55xxWriteBlockExt(uint32_t data, uint8_t blockno, uint32_t pwd, uint8_t flags) { LED_A_ON(); - bool PwdMode = arg & 0x1; - uint8_t Page = (arg & 0x2) >> 1; - bool testMode = arg & 0x4; + bool pwd_mode = (flags & 0x1); + uint8_t page = (flags & 0x2) >> 1; + bool test_mode = (flags & 0x4 >> 3); uint32_t i = 0; // Set up FPGA, 125kHz @@ -1409,30 +1409,38 @@ void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) // make sure tag is fully powered up... WaitMS(4); + // Trigger T55x7 in mode. FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); WaitUS(t_config.start_gap); - if (testMode) Dbprintf("TestMODE"); - // Std Opcode 10 - T55xxWriteBit(testMode ? 0 : 1); - T55xxWriteBit(testMode ? 1 : Page); //Page 0 - - if (PwdMode) { - // Send Pwd - for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Pwd & i); + if (test_mode) { + Dbprintf("T55xx writing with ", _YELLOW_("test mode enabled")); + // undocmented testmode opcode 01 + T55xxWriteBit(0); + T55xxWriteBit(1); + } else { + // std opcode 10 == page 0 + // std opcode 11 == page 1 + T55xxWriteBit(1); + T55xxWriteBit(page); } - // Send Lock bit + + if (pwd_mode) { + // Send pwd + for (i = 0x80000000; i != 0; i >>= 1) + T55xxWriteBit(pwd & i); + } + // Send lock bit T55xxWriteBit(0); - // Send Data + // Send data for (i = 0x80000000; i != 0; i >>= 1) - T55xxWriteBit(Data & i); + T55xxWriteBit(data & i); - // Send Block number + // Send block number for (i = 0x04; i != 0; i >>= 1) - T55xxWriteBit(Block & i); + T55xxWriteBit(blockno & i); // Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550, // so wait a little more) @@ -1441,7 +1449,7 @@ void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) // - programming takes ~5.6ms for t5577 ~18ms for E5550 or t5567 // so we should wait 1 clock + 5.6ms then read response? // but we need to know we are dealing with t5577 vs t5567 vs e5550 (or q5) marshmellow... - if (testMode) { + if (test_mode) { //TESTMODE TIMING TESTS: // <566us does nothing // 566-568 switches between wiping to 0s and doing nothing @@ -1469,9 +1477,11 @@ void T55xxWriteBlockExt(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) } // Write one card block in page 0, no lock -void T55xxWriteBlock(uint32_t Data, uint8_t Block, uint32_t Pwd, uint8_t arg) { - T55xxWriteBlockExt(Data, Block, Pwd, arg); - reply_old(CMD_ACK, 0, 0, 0, 0, 0); +// uses NG format +void T55xxWriteBlock(uint8_t *data) { + t55xx_write_block_t *c = (t55xx_write_block_t *)data; + T55xxWriteBlockExt(c->data, c->blockno, c->pwd, c->flags); + reply_ng(CMD_T55XX_WRITE_BLOCK, PM3_SUCCESS, NULL, 0); } // Read one card block in page [page] diff --git a/client/cmdlfawid.c b/client/cmdlfawid.c index 02a90413c..b19149987 100644 --- a/client/cmdlfawid.c +++ b/client/cmdlfawid.c @@ -395,9 +395,16 @@ static int CmdAWIDClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + + t55xx_write_block_t ng; + + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlffdx.c b/client/cmdlffdx.c index ca1337adc..2ce1b1cb7 100644 --- a/client/cmdlffdx.c +++ b/client/cmdlffdx.c @@ -291,9 +291,15 @@ static int CmdFdxClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlfguard.c b/client/cmdlfguard.c index fb1310376..65ff7ff48 100644 --- a/client/cmdlfguard.c +++ b/client/cmdlfguard.c @@ -180,9 +180,15 @@ static int CmdGuardClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlfjablotron.c b/client/cmdlfjablotron.c index a9694c343..8189f01ed 100644 --- a/client/cmdlfjablotron.c +++ b/client/cmdlfjablotron.c @@ -165,9 +165,15 @@ static int CmdJablotronClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlfkeri.c b/client/cmdlfkeri.c index 1575902f8..04ca2d210 100644 --- a/client/cmdlfkeri.c +++ b/client/cmdlfkeri.c @@ -145,7 +145,6 @@ static int CmdKeriClone(const char *Cmd) { blocks[2] = data & 0xFFFFFFFF; print_blocks(blocks, 3); - PacketResponseNG resp; // fast push mode @@ -156,9 +155,15 @@ static int CmdKeriClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlfnedap.c b/client/cmdlfnedap.c index 63a869851..22a9b011e 100644 --- a/client/cmdlfnedap.c +++ b/client/cmdlfnedap.c @@ -212,9 +212,14 @@ static int CmdLFNedapClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)){ + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlfnoralsy.c b/client/cmdlfnoralsy.c index 54a1ebd4c..ee3881b82 100644 --- a/client/cmdlfnoralsy.c +++ b/client/cmdlfnoralsy.c @@ -164,9 +164,14 @@ static int CmdNoralsyClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlfpresco.c b/client/cmdlfpresco.c index 999889bcd..e6ad6fc1f 100644 --- a/client/cmdlfpresco.c +++ b/client/cmdlfpresco.c @@ -130,9 +130,14 @@ static int CmdPrescoClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlfpyramid.c b/client/cmdlfpyramid.c index abefce26b..81dc36bba 100644 --- a/client/cmdlfpyramid.c +++ b/client/cmdlfpyramid.c @@ -242,9 +242,14 @@ static int CmdPyramidClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 12cb5846a..dfb087084 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -1041,6 +1041,11 @@ static int CmdT55xxWriteBlock(const char *Cmd) { case 'b': errors |= param_getdec(Cmd, cmdp + 1, &block); cmdp += 2; + + if (block > 7) { + PrintAndLogEx(WARNING, "Block number must be between 0 and 7"); + errors = true; + } break; case 'd': data = param_get32ex(Cmd, cmdp + 1, 0, 16); @@ -1068,31 +1073,37 @@ static int CmdT55xxWriteBlock(const char *Cmd) { } if (errors || !gotdata) return usage_t55xx_write(); - if (block > 7) { - PrintAndLogEx(WARNING, "Block number must be between 0 and 7"); - return 0; - } - PacketResponseNG resp; - uint8_t flags[1] = {0}; - flags[0] = (page1) ? 0x2 : 0; - flags[0] |= (testMode) ? 0x4 : 0; + uint8_t flags; + flags = (usepwd) ? 0x1 : 0; + flags |= (page1) ? 0x2 : 0; + flags |= (testMode) ? 0x4 : 0; char pwdStr[16] = {0}; snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password); PrintAndLogEx(INFO, "Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : ""); - uint64_t arg_pwd = 0; - //Password mode - if (usepwd) { - arg_pwd = password; - flags[0] |= 0x1; - } - clearCommandBuffer(); - SendCommandOLD(CMD_T55XX_WRITE_BLOCK, data, block, arg_pwd, flags, sizeof(flags)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)) { + + /* + OLD style + arg0 = data, (4 bytes) + arg1 = block (1 byte) + arg2 = password (4 bytes) + flags = data[0] (1 byte) + + new style + uses struct in pm3_cmd.h + */ + t55xx_write_block_t ng; + ng.data = data; + ng.pwd = password; + ng.blockno = block; + ng.flags = flags; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, 1500)) { PrintAndLogEx(WARNING, "Error occurred, device did not ACK write operation. (May be due to old firmware)"); return 0; } diff --git a/client/cmdlfvisa2000.c b/client/cmdlfvisa2000.c index 05d127a34..39fe007e2 100644 --- a/client/cmdlfvisa2000.c +++ b/client/cmdlfvisa2000.c @@ -176,9 +176,15 @@ static int CmdVisa2kClone(const char *Cmd) { conn.block_after_ACK = false; } clearCommandBuffer(); - uint8_t data[] = {0}; - SendCommandMIX(CMD_T55XX_WRITE_BLOCK, blocks[i], i, 0, data, sizeof(data)); - if (!WaitForResponseTimeout(CMD_ACK, &resp, T55XX_WRITE_TIMEOUT)) { + t55xx_write_block_t ng; + ng.data = blocks[i]; + ng.pwd = 0; + ng.blockno = i; + ng.flags = 0; + + SendCommandNG(CMD_T55XX_WRITE_BLOCK, (uint8_t *)&ng, sizeof(ng)); + if (!WaitForResponseTimeout(CMD_T55XX_WRITE_BLOCK, &resp, T55XX_WRITE_TIMEOUT)) { + PrintAndLogEx(WARNING, "Error occurred, device did not respond during write operation."); return -1; } diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index ae576e087..2f175799b 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -168,6 +168,14 @@ typedef struct { #define CAPABILITIES_VERSION 1 extern capabilities_t pm3_capabilities; +// For CMD_T55XX_WRITE_BLOCK +typedef struct { + uint32_t data; + uint32_t pwd; + uint8_t blockno; + uint8_t flags; +} PACKED t55xx_write_block_t; + // For the bootloader #define CMD_DEVICE_INFO 0x0000 #define CMD_SETUP_WRITE 0x0001