From ee2f5595ee8e09623829f2fb28c329291d661297 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 28 Jul 2025 15:46:09 +0200 Subject: [PATCH] added a `lf t55xx view` command to view t55xx dump files --- CHANGELOG.md | 4 +- client/src/cmdlft55xx.c | 69 +++++++++++++++++++++++++++++++++ client/src/pm3line_vocabulary.h | 1 + doc/commands.json | 22 +++++++++-- doc/commands.md | 1 + 5 files changed, 92 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e6c7c13c..adde4b514 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Added `lf t55xx view` - now viewing of T55XX dump files is possible (@iceman1001) +- Fixed `lf indala cone` - now writing the right bits when using `--fc` and `--cn` - Changed readline hack logic for async dbg msg to be ready for readline 8.3 (@doegox) - Improved To avoid conflicts with ModemManager on Linux, is recommended to masking the service (@grugnoymeme) - Changed `data crypto` - now also handles AES-256 (@iceman1001) @@ -21,7 +23,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Changed `hf mfu sim` - now support UL-C simulation (@iceman1001) - Added `!` - run system commands from inside the client. Potentially dangerous if running client as SUDO, SU, ROOT (@iceman1001) - Implemented `hf felica scsvcode` - now dumps all service and area codes. (@zinongli) -- Fixed `lf indala cone` - now writing the right bits when using `--fc` and `--cn` + ## [Daddy Iceman.4.20469][2025-06-16] - Fixed edge case in fm11rf08s key recovery tools (@doegox) diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 96184c87f..49e50902f 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -4694,6 +4694,74 @@ static int CmdT55xxSniff(const char *Cmd) { return PM3_SUCCESS; } +static int CmdT55xxView(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf t55xx view", + "Print a T55xx dump file (bin/eml/json)\n", + "lf t55xx view -f lf-t55xx-00000000-11111111-22222222-33333333-dump.bin" + ); + void *argtable[] = { + arg_param_begin, + arg_str1("f", "file", "", "Specify a filename for dump file"), + arg_lit0("v", "verbose", "verbose output"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + int fnlen = 0; + char filename[FILE_PATH_SIZE]; + CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + // bool verbose = arg_get_lit(ctx, 2); + CLIParserFree(ctx); + + if (fnlen == 0) { + PrintAndLogEx(ERR, "Must specify a filename"); + return PM3_EINVARG; + } + + // read dump file + uint32_t *dump = NULL; + size_t bytes_read = 0; + int res = pm3_load_dump(filename, (void **)&dump, &bytes_read, (T55x7_BLOCK_COUNT * 4)); + if (res != PM3_SUCCESS) { + return res; + } + + if (bytes_read != (T55x7_BLOCK_COUNT * 4)) { + free(dump); + PrintAndLogEx(FAILED, "wrong length of dump file. Expected 48 bytes, got %zu", bytes_read); + return PM3_EFILE; + } + + + PrintAndLogEx(INFO, ""); + PrintAndLogEx(SUCCESS, " " _CYAN_("Page 0")); + PrintAndLogEx(SUCCESS, "----+----------+-------"); + PrintAndLogEx(SUCCESS, "blk | hex data | ascii"); + PrintAndLogEx(SUCCESS, "----+----------+-------"); + + uint32_t *pd = dump; + uint8_t tmp[4] = {0}; + for (uint8_t i = 0; i < 8; ++i) { + Uint4byteToMemLe(tmp, *pd); + PrintAndLogEx(SUCCESS, " %02d | %s | %s", i, sprint_hex_inrow(tmp, sizeof(tmp)), sprint_ascii(tmp, 4)); + pd++; + } + PrintAndLogEx(INFO, ""); + PrintAndLogEx(SUCCESS, " " _CYAN_("Page 1")); + PrintAndLogEx(SUCCESS, "----+----------+-------"); + PrintAndLogEx(SUCCESS, "blk | hex data | ascii"); + PrintAndLogEx(SUCCESS, "----+----------+-------"); + for (uint8_t i = 0; i < 4; i++) { + Uint4byteToMemLe(tmp, *pd); + PrintAndLogEx(SUCCESS, " %02d | %s | %s", i, sprint_hex_inrow(tmp, sizeof(tmp)), sprint_ascii(tmp, 4)); + pd++; + } + PrintAndLogEx(NORMAL, ""); + free(dump); + return PM3_SUCCESS; +} + static command_t CommandTable[] = { {"-----------", CmdHelp, AlwaysAvailable, "---------------------------- " _CYAN_("notice") " -----------------------------"}, {"", CmdHelp, AlwaysAvailable, "Remember to run `" _YELLOW_("lf t55xx detect") "` first whenever a new card"}, @@ -4714,6 +4782,7 @@ static command_t CommandTable[] = { {"restore", CmdT55xxRestore, IfPm3Lf, "Restore T55xx card Page 0 / Page 1 blocks"}, {"trace", CmdT55xxReadTrace, AlwaysAvailable, "Show T55x7 traceability data (page 1/ blk 0-1)"}, {"wakeup", CmdT55xxWakeUp, IfPm3Lf, "Send AOR wakeup command"}, + {"view", CmdT55xxView, AlwaysAvailable, "Display content from tag dump file"}, {"write", CmdT55xxWriteBlock, IfPm3Lf, "Write T55xx block data"}, {"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("recovery") " ---------------------"}, {"bruteforce", CmdT55xxBruteForce, IfPm3Lf, "Simple bruteforce attack to find password"}, diff --git a/client/src/pm3line_vocabulary.h b/client/src/pm3line_vocabulary.h index 0d2672fad..1a071244e 100644 --- a/client/src/pm3line_vocabulary.h +++ b/client/src/pm3line_vocabulary.h @@ -796,6 +796,7 @@ const static vocabulary_t vocabulary[] = { { 0, "lf t55xx restore" }, { 1, "lf t55xx trace" }, { 0, "lf t55xx wakeup" }, + { 1, "lf t55xx view" }, { 0, "lf t55xx write" }, { 0, "lf t55xx bruteforce" }, { 0, "lf t55xx chk" }, diff --git a/doc/commands.json b/doc/commands.json index af21007c9..13c1b6227 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -2854,7 +2854,7 @@ }, "hf felica scsvcode": { "command": "hf felica scsvcode", - "description": "Feature not implemented yet. Feel free to contribute!", + "description": "Dump all existing Area Code and Service Code.", "notes": [ "hf felica scsvcode" ], @@ -11648,7 +11648,7 @@ }, "lf t55xx help": { "command": "lf t55xx help", - "description": "----------- ---------------------------- notice ----------------------------- Remember to run `lf t55xx detect` first whenever a new card is placed on the Proxmark3 or the config block changed. help This help ----------- --------------------- operations --------------------- config Set/Get T55XX configuration (modulation, inverted, offset, rate) detect Try detecting the tag modulation from reading the configuration block info Show T55x7 configuration data (page 0/ blk 0) trace Show T55x7 traceability data (page 1/ blk 0-1) ----------- --------------------- recovery --------------------- sniff Attempt to recover T55xx commands from sample buffer --------------------------------------------------------------------------------------- lf t55xx clonehelp available offline: no Display a list of available commands for cloning specific techs on T5xx tags", + "description": "----------- ---------------------------- notice ----------------------------- Remember to run `lf t55xx detect` first whenever a new card is placed on the Proxmark3 or the config block changed. help This help ----------- --------------------- operations --------------------- config Set/Get T55XX configuration (modulation, inverted, offset, rate) detect Try detecting the tag modulation from reading the configuration block info Show T55x7 configuration data (page 0/ blk 0) trace Show T55x7 traceability data (page 1/ blk 0-1) view Display content from tag dump file ----------- --------------------- recovery --------------------- sniff Attempt to recover T55xx commands from sample buffer --------------------------------------------------------------------------------------- lf t55xx clonehelp available offline: no Display a list of available commands for cloning specific techs on T5xx tags", "notes": [ "lf t55xx clonehelp" ], @@ -11843,6 +11843,20 @@ ], "usage": "lf t55xx trace [-h1] [--r0] [--r1] [--r2] [--r3]" }, + "lf t55xx view": { + "command": "lf t55xx view", + "description": "Print a T55xx dump file (bin/eml/json)", + "notes": [ + "lf t55xx view -f lf-t55xx-00000000-11111111-22222222-33333333-dump.bin" + ], + "offline": true, + "options": [ + "-h, --help This help", + "-f, --file Specify a filename for dump file", + "-v, --verbose verbose output" + ], + "usage": "lf t55xx view [-hv] -f " + }, "lf t55xx wakeup": { "command": "lf t55xx wakeup", "description": "This commands sends the Answer-On-Request command and leaves the readerfield ON afterwards", @@ -13439,8 +13453,8 @@ } }, "metadata": { - "commands_extracted": 772, + "commands_extracted": 773, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2025-07-25T20:28:03" + "extracted_on": "2025-07-28T13:42:15" } } diff --git a/doc/commands.md b/doc/commands.md index 05cec3ad5..0671c769d 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -1344,6 +1344,7 @@ Check column "offline" for their availability. |`lf t55xx restore `|N |`Restore T55xx card Page 0 / Page 1 blocks` |`lf t55xx trace `|Y |`Show T55x7 traceability data (page 1/ blk 0-1)` |`lf t55xx wakeup `|N |`Send AOR wakeup command` +|`lf t55xx view `|Y |`Display content from tag dump file` |`lf t55xx write `|N |`Write T55xx block data` |`lf t55xx bruteforce `|N |`Simple bruteforce attack to find password` |`lf t55xx chk `|N |`Check passwords`