chg: 'lf io clone' - refactored, uses NG

2025-08-21 13:53:55 -07:00 · 2019-09-16 11:41:34 +02:00 · 2019-09-16 11:41:34 +02:00 · e5c31886eb
commit e5c31886eb
parent 4c08477ef7
5 changed files with 40 additions and 22 deletions
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@ -730,10 +730,6 @@ static void PacketReceived(PacketCommandNG *packet) {
            CmdIOdemodFSK(packet->oldarg[0], &high, &low, 1);
            break;
        }
-        case CMD_LF_IO_CLONE: {
-            CopyIOtoT55x7(packet->oldarg[0], packet->oldarg[1]);
-            break;
-        }
        case CMD_LF_EM410X_DEMOD: {
            uint32_t high;
            uint64_t low;
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@ -2036,18 +2036,6 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
    LED_D_OFF();
 }

-void CopyIOtoT55x7(uint32_t hi, uint32_t lo) {
-    uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
-    //TODO add selection of chip for Q5 or T55x7
-    // data[0] = T5555_SET_BITRATE(64) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | 2 << T5555_MAXBLOCK_SHIFT;
-
-    LED_D_ON();
-    // Program the data blocks for supplied ID
-    // and the block 0 config
-    WriteT55xx(data, 0, 3);
-    LED_D_OFF();
-}
-
 // clone viking tag to T55xx
 void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5) {
  
--- a/armsrc/lfops.h
+++ b/armsrc/lfops.h
@ -42,7 +42,6 @@ void CmdHIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
 void CmdAWIDdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol); // Realtime demodulation mode for AWID26
 void CmdEM410xdemod(int findone, uint32_t *high, uint64_t *low, int ledcontrol);
 void CmdIOdemodFSK(int findone, uint32_t *high, uint32_t *low, int ledcontrol);
-void CopyIOtoT55x7(uint32_t hi, uint32_t lo); // Clone an ioProx card to T5557/T5567
 void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
 void CopyVikingtoT55xx(uint8_t *blocks, uint8_t Q5);
 void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
--- a/client/cmdlfio.c
+++ b/client/cmdlfio.c
@ -24,6 +24,7 @@
 #include "lfdemod.h"    // parityTest, bitbytes_to_byte
 #include "protocols.h"  // for T55xx config register definitions
 #include "cmddata.h"
+#include "cmdlft55xx.h" // verifywrite

 static int CmdHelp(const char *Cmd);
 /*
@ -243,7 +244,6 @@ static int CmdIOProxSim(const char *Cmd) {

 static int CmdIOProxClone(const char *Cmd) {

-    uint32_t blocks[3] = {T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_64 | 2 << T55x7_MAXBLOCK_SHIFT, 0, 0};
    uint16_t cn = 0;
    uint8_t version = 0, fc = 0;
    uint8_t bits[64];
@ -268,7 +268,9 @@ static int CmdIOProxClone(const char *Cmd) {
        return PM3_ESOFT;
    }

-    if (param_getchar(Cmd, 3) == 'Q' || param_getchar(Cmd, 3) == 'q')
+    uint32_t blocks[3] = {T55x7_MODULATION_FSK2a | T55x7_BITRATE_RF_64 | 2 << T55x7_MAXBLOCK_SHIFT, 0, 0};
+ 
+    if (tolower(param_getchar(Cmd, 3) == 'q'))
        blocks[0] = T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | T5555_SET_BITRATE(64) | 2 << T5555_MAXBLOCK_SHIFT;

    blocks[1] = bytebits_to_byte(bits, 32);
@ -277,8 +279,42 @@ static int CmdIOProxClone(const char *Cmd) {
    PrintAndLogEx(INFO, "Preparing to clone IOProx to T55x7 with Version: %u FC: %u, CN: %u", version, fc, cn);
    print_blocks(blocks, 3);

-    clearCommandBuffer();
-    SendCommandMIX(CMD_LF_IO_CLONE, blocks[1], blocks[2], 0, NULL, 0);
+    uint8_t res = 0;
+    PacketResponseNG resp;
+
+    // fast push mode
+    conn.block_after_ACK = true;
+    for (uint8_t i = 0; i < 3; i++) {
+        if (i == 2) {
+            // Disable fast mode on last packet
+            conn.block_after_ACK = false;
+        }
+        clearCommandBuffer();
+        t55xx_write_block_t ng;
+        ng.data = blocks[i];
+        ng.pwd = 0;
+        ng.blockno = i;
+        ng.flags = 0;
+
+        SendCommandNG(CMD_LF_T55XX_WRITEBL, (uint8_t *)&ng, sizeof(ng));
+        if (!WaitForResponseTimeout(CMD_LF_T55XX_WRITEBL, &resp, T55XX_WRITE_TIMEOUT)) {
+            PrintAndLogEx(ERR, "Error occurred, device did not respond during write operation.");
+            return PM3_ETIMEOUT;
+        }
+
+        if (i == 0) {
+            SetConfigWithBlock0(blocks[0]);
+            if ( t55xxAquireAndCompareBlock0(false, 0, blocks[0], false) )
+                continue;
+        }
+        
+        if (t55xxVerifyWrite(i, 0, false, false, 0, 0xFF, blocks[i]) == false)
+            res++;
+    }
+
+    if ( res == 0 )
+        PrintAndLogEx(SUCCESS, "Success writing to tag");
+    
    return PM3_SUCCESS;
 }

--- a/include/pm3_cmd.h
+++ b/include/pm3_cmd.h
@ -361,7 +361,6 @@ typedef struct {
 #define CMD_LF_EM4X_READWORD                                              0x0218
 #define CMD_LF_EM4X_WRITEWORD                                             0x0219
 #define CMD_LF_IO_DEMOD                                                   0x021A
-#define CMD_LF_IO_CLONE                                                   0x021B
 #define CMD_LF_EM410X_DEMOD                                               0x021c
 // Sampling configuration for LF reader/sniffer
 #define CMD_LF_SAMPLING_SET_CONFIG                                        0x021d