github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1211 from tharexde/4x50_fix

Browse source 
4x50 fix
This commit is contained in:
Iceman 2021-02-23 23:57:41 +01:00 committed by GitHub
commit e8bf717f1d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 78 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

47
armsrc/Standalone/lf_tharexde.c
View file

@ -68,6 +68,7 @@
#define LF_EM4X50_INPUTFILE_SIM "lf_em4x50_simulate.eml" #define LF_EM4X50_INPUTFILE_SIM "lf_em4x50_simulate.eml"
#define LF_EM4X50_LOGFILE_SIM "lf_em4x50_passwords.log" #define LF_EM4X50_LOGFILE_SIM "lf_em4x50_passwords.log"
#define LF_EM4X50_LOGFILE_COLLECT "lf_em4x50_collect.log" #define LF_EM4X50_LOGFILE_COLLECT "lf_em4x50_collect.log"
#define MAX_NO_PWDS_TO_SAVE 50
uint32_t gPassword; uint32_t gPassword;
@ -126,6 +127,19 @@ static void append(const char *filename, uint8_t *entry, size_t entry_len) {
} }
} }
static void save_pwds(uint32_t *pwdlist, size_t no_pwd) {
uint8_t entry[10] = {0};
if (no_pwd > 0) {
Dbprintf("");
for (int i = 0; i < no_pwd; i++) {
sprintf((char *)entry, "%08"PRIx32"\n", pwdlist[i]);
append(LF_EM4X50_LOGFILE_SIM, entry, strlen((char *)entry));
Dbprintf("received password: %08"PRIx32"", pwdlist[i]);
}
}
}
void ModInfo(void) { void ModInfo(void) {
DbpString(_YELLOW_(" LF EM4x50 sim/collector mode") " - a.k.a tharexde"); DbpString(_YELLOW_(" LF EM4x50 sim/collector mode") " - a.k.a tharexde");
} }
@ -133,12 +147,11 @@ void ModInfo(void) {
void RunMod(void) { void RunMod(void) {
bool state_change = true, read_ok = false; bool state_change = true, read_ok = false;
int no_words = 0, command = 0; int no_words = 0, command = 0, no_pwd = 0;
uint8_t entry[400], state = STATE_SIM; uint8_t entry[400], state = STATE_SIM;
uint32_t tag[EM4X50_NO_WORDS] = {0x0}; uint32_t tag[EM4X50_NO_WORDS] = {0x0}, pwdlist[MAX_NO_PWDS_TO_SAVE];
rdv40_spiffs_lazy_mount(); rdv40_spiffs_lazy_mount();
StandAloneMode(); StandAloneMode();
Dbprintf(_YELLOW_("Standalone mode THAREXDE started")); Dbprintf(_YELLOW_("Standalone mode THAREXDE started"));
@ -156,6 +169,8 @@ void RunMod(void) {
switch (state) { switch (state) {
case STATE_SIM: case STATE_SIM:
// save and display passwords
save_pwds(pwdlist, no_pwd);
state = STATE_READ; state = STATE_READ;
break; break;
case STATE_READ: case STATE_READ:
@ -175,6 +190,7 @@ void RunMod(void) {
if (state_change) { if (state_change) {
// initialize simulation mode
LEDsoff(); LEDsoff();
LED_A_ON(); LED_A_ON();
Dbprintf(""); Dbprintf("");
@ -188,14 +204,15 @@ void RunMod(void) {
LoadDataInstructions(LF_EM4X50_INPUTFILE_SIM); LoadDataInstructions(LF_EM4X50_INPUTFILE_SIM);
} }
// init; start with command = standard read mode
em4x50_setup_sim();
gLogin = false;
LED_D_OFF(); LED_D_OFF();
gLogin = false;
gPassword = reflect32(tag[0]); gPassword = reflect32(tag[0]);
gWritePasswordProcess = false; gWritePasswordProcess = false;
command = EM4X50_COMMAND_STANDARD_READ; command = EM4X50_COMMAND_STANDARD_READ;
no_pwd = 0;
memset(pwdlist, 0, sizeof(pwdlist));
em4x50_setup_sim();
state_change = false; state_change = false;
} }
@ -209,14 +226,10 @@ void RunMod(void) {
// check if new password was found // check if new password was found
if (gPassword != reflect32(tag[EM4X50_DEVICE_PASSWORD])) { if (gPassword != reflect32(tag[EM4X50_DEVICE_PASSWORD])) {
if (no_pwd < MAX_NO_PWDS_TO_SAVE) {
Dbprintf("received password: %08"PRIx32"", gPassword); pwdlist[no_pwd] = gPassword;
no_pwd++;
// append password to logfile in flash memory }
memset(entry, 0, sizeof(entry));
sprintf((char *)entry, "%08"PRIx32"\n", gPassword);
append(LF_EM4X50_LOGFILE_SIM, entry, strlen((char *)entry));
gPassword = reflect32(tag[EM4X50_DEVICE_PASSWORD]); gPassword = reflect32(tag[EM4X50_DEVICE_PASSWORD]);
} }
@ -232,10 +245,11 @@ void RunMod(void) {
if (state_change) { if (state_change) {
// initialize read mode
LEDsoff(); LEDsoff();
LED_B_ON(); LED_B_ON();
Dbprintf(""); Dbprintf("");
Dbprintf(_YELLOW_("switched to EM4x50 reading mode\n")); Dbprintf(_YELLOW_("switched to EM4x50 reading mode"));
em4x50_setup_read(); em4x50_setup_read();
state_change = false; state_change = false;
@ -269,6 +283,8 @@ void RunMod(void) {
if (state == STATE_READ) { if (state == STATE_READ) {
DownloadLogInstructions(LF_EM4X50_LOGFILE_COLLECT); DownloadLogInstructions(LF_EM4X50_LOGFILE_COLLECT);
} else { } else {
// save and display passwords
save_pwds(pwdlist, no_pwd);
DownloadLogInstructions(LF_EM4X50_LOGFILE_SIM); DownloadLogInstructions(LF_EM4X50_LOGFILE_SIM);
} }
@ -277,6 +293,7 @@ void RunMod(void) {
LED_D_OFF(); LED_D_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff(); LEDsoff();
Dbprintf(""); Dbprintf("");
Dbprintf(_YELLOW_("[=] Standalone mode THAREXDE stopped")); Dbprintf(_YELLOW_("[=] Standalone mode THAREXDE stopped"));

27
armsrc/em4x50.c
View file

@ -1540,7 +1540,7 @@ static int em4x50_sim_handle_login_command(uint32_t *tag) {
gLogin = false; gLogin = false;
LED_D_OFF(); LED_D_OFF();
// save transmitted password for future use (e.g. standalone mode) // save transmitted password (to be used in standalone mode)
gPassword = password; gPassword = password;
} }
// continue with standard read mode // continue with standard read mode
@ -1676,15 +1676,13 @@ static int em4x50_sim_handle_writepwd_command(uint32_t *tag) {
bool pwd = false; bool pwd = false;
if (gWritePasswordProcess == false) {
gWritePasswordProcess = true; gWritePasswordProcess = true;
// read password // read password
uint32_t act_password = 0; uint32_t act_password = 0;
pwd = em4x50_sim_read_word(&act_password); pwd = em4x50_sim_read_word(&act_password);
// processing pause time (corresponds to a "1" bit) // processing pause time tpp (corresponds to a "1" bit)
em4x50_sim_send_bit(1); em4x50_sim_send_bit(1);
if (pwd && (act_password == reflect32(tag[EM4X50_DEVICE_PASSWORD]))) { if (pwd && (act_password == reflect32(tag[EM4X50_DEVICE_PASSWORD]))) {
@ -1693,30 +1691,33 @@ static int em4x50_sim_handle_writepwd_command(uint32_t *tag) {
} else { } else {
em4x50_sim_send_nak(); em4x50_sim_send_nak();
gLogin = false; gLogin = false;
gWritePasswordProcess = false;
// save transmitted password (to be used in standalone mode)
gPassword = act_password;
return EM4X50_COMMAND_STANDARD_READ; return EM4X50_COMMAND_STANDARD_READ;
} }
int command = em4x50_sim_send_listen_window(tag); int command = em4x50_sim_send_listen_window(tag);
if (command != PM3_SUCCESS) { gWritePasswordProcess = false;
if (command != EM4X50_COMMAND_WRITE_PASSWORD) {
return command; return command;
} }
} else {
gWritePasswordProcess = false;
// read new password // read new password
uint32_t new_password = 0; uint32_t new_password = 0;
pwd = em4x50_sim_read_word(&new_password); pwd = em4x50_sim_read_word(&new_password);
// write access time // write access time twa
wait_cycles(EM4X50_T_TAG_TWA); wait_cycles(EM4X50_T_TAG_TWA);
if (pwd) { if (pwd) {
em4x50_sim_send_ack(); em4x50_sim_send_ack();
tag[EM4X50_DEVICE_PASSWORD] = reflect32(new_password); tag[EM4X50_DEVICE_PASSWORD] = reflect32(new_password);
gPassword = new_password;
} else { } else {
em4x50_sim_send_ack(); em4x50_sim_send_nak();
return EM4X50_COMMAND_STANDARD_READ; return EM4X50_COMMAND_STANDARD_READ;
} }
@ -1732,10 +1733,6 @@ static int em4x50_sim_handle_writepwd_command(uint32_t *tag) {
return EM4X50_COMMAND_STANDARD_READ; return EM4X50_COMMAND_STANDARD_READ;
} }
// call writepwd function again for else branch
return EM4X50_COMMAND_WRITE_PASSWORD;
}
void em4x50_handle_commands(int *command, uint32_t *tag) { void em4x50_handle_commands(int *command, uint32_t *tag) {
switch (*command) { switch (*command) {