github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-14 01:03:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add a retry loop to hf mf dump

Browse source 
helps get the data dumped even if positioning isn't 100% perfect.

also switched em4x05 commands to WaitUS instead of SpinDelayUs, per
@pwpiwi 's suggestion.
This commit is contained in:
marshmellow42 2017-02-28 11:09:42 -05:00
parent fac69c3d76
commit 40c6a02bc9
2 changed files with 53 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

18
armsrc/lfops.c
View file

@ -1571,27 +1571,27 @@ void SendForward(uint8_t fwd_bit_count) {
fwd_write_ptr = forwardLink_data; fwd_write_ptr = forwardLink_data;
fwd_bit_sz = fwd_bit_count; fwd_bit_sz = fwd_bit_count;
// Set up FPGA, 125kHz // Set up FPGA, 125kHz or 95 divisor
LFSetupFPGAForADC(95, true); LFSetupFPGAForADC(95, true);
// force 1st mod pulse (start gap must be longer for 4305) // force 1st mod pulse (start gap must be longer for 4305)
fwd_bit_sz--; //prepare next bit modulation fwd_bit_sz--; //prepare next bit modulation
fwd_write_ptr++; fwd_write_ptr++;
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
SpinDelayUs(56*8); //55 cycles off (8us each)for 4305 /another reader has 37 here... WaitUS(55*8); //55 cycles off (8us each)for 4305 /another reader has 37 here...
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
SpinDelayUs(18*8); //16 cycles on (8us each) // another reader has 18 here WaitUS(18*8); //16 cycles on (8us each) // another reader has 18 here
// now start writting // now start writting
while(fwd_bit_sz-- > 0) { //prepare next bit modulation while(fwd_bit_sz-- > 0) { //prepare next bit modulation
if(((*fwd_write_ptr++) & 1) == 1) if(((*fwd_write_ptr++) & 1) == 1)
SpinDelayUs(32*8); //32 cycles at 125Khz (8us each) WaitUS(32*8); //32 cycles at 125Khz (8us each)
else { else {
//These timings work for 4469/4269/4305 (with the 55*8 above) //These timings work for 4469/4269/4305 (with the 55*8 above)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
SpinDelayUs(23*8); //16-4 cycles off (8us each) //23 //one reader goes as high as 25 here WaitUS(23*8); //16-4 cycles off (8us each) //23 //one reader goes as high as 25 here
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
SpinDelayUs(16*8); //16 cycles on (8us each) //9 // another reader goes to 17 here WaitUS(16*8); //16 cycles on (8us each) //9 // another reader goes to 17 here
} }
} }
} }
@ -1618,6 +1618,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
BigBuf_Clear_ext(false); BigBuf_Clear_ext(false);
LED_A_ON(); LED_A_ON();
StartTicks();
//If password mode do login //If password mode do login
if (PwdMode == 1) EM4xLogin(Pwd); if (PwdMode == 1) EM4xLogin(Pwd);
@ -1626,7 +1627,7 @@ void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode) {
fwd_bit_count += Prepare_Addr( Address ); fwd_bit_count += Prepare_Addr( Address );
SendForward(fwd_bit_count); SendForward(fwd_bit_count);
SpinDelayUs(400); WaitUS(400);
// Now do the acquisition // Now do the acquisition
DoPartialAcquisition(20, true, 6000); DoPartialAcquisition(20, true, 6000);
@ -1645,6 +1646,7 @@ void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) {
BigBuf_Clear_ext(false); BigBuf_Clear_ext(false);
LED_A_ON(); LED_A_ON();
StartTicks();
//If password mode do login //If password mode do login
if (PwdMode) EM4xLogin(Pwd); if (PwdMode) EM4xLogin(Pwd);
@ -1658,7 +1660,7 @@ void EM4xWriteWord(uint32_t flag, uint32_t Data, uint32_t Pwd) {
//Wait for write to complete //Wait for write to complete
//SpinDelay(10); //SpinDelay(10);
SpinDelayUs(6500); WaitUS(6500);
//Capture response if one exists //Capture response if one exists
DoPartialAcquisition(20, true, 6000); DoPartialAcquisition(20, true, 6000);

77
client/cmdhfmf.c
View file

@ -328,29 +328,32 @@ int CmdHF14AMfDump(const char *Cmd)
PrintAndLog("|-----------------------------------------|"); PrintAndLog("|-----------------------------------------|");
PrintAndLog("|------ Reading sector access bits...-----|"); PrintAndLog("|------ Reading sector access bits...-----|");
PrintAndLog("|-----------------------------------------|"); PrintAndLog("|-----------------------------------------|");
uint8_t tries = 0;
for (sectorNo = 0; sectorNo < numSectors; sectorNo++) { for (sectorNo = 0; sectorNo < numSectors; sectorNo++) {
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}}; for (tries = 0; tries < 3; tries++) {
memcpy(c.d.asBytes, keyA[sectorNo], 6); UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + NumBlocksPerSector(sectorNo) - 1, 0, 0}};
SendCommand(&c); memcpy(c.d.asBytes, keyA[sectorNo], 6);
SendCommand(&c);
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) { if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
uint8_t isOK = resp.arg[0] & 0xff; uint8_t isOK = resp.arg[0] & 0xff;
uint8_t *data = resp.d.asBytes; uint8_t *data = resp.d.asBytes;
if (isOK){ if (isOK){
rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0 rights[sectorNo][0] = ((data[7] & 0x10)>>2) | ((data[8] & 0x1)<<1) | ((data[8] & 0x10)>>4); // C1C2C3 for data area 0
rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1 rights[sectorNo][1] = ((data[7] & 0x20)>>3) | ((data[8] & 0x2)<<0) | ((data[8] & 0x20)>>5); // C1C2C3 for data area 1
rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2 rights[sectorNo][2] = ((data[7] & 0x40)>>4) | ((data[8] & 0x4)>>1) | ((data[8] & 0x40)>>6); // C1C2C3 for data area 2
rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer rights[sectorNo][3] = ((data[7] & 0x80)>>5) | ((data[8] & 0x8)>>2) | ((data[8] & 0x80)>>7); // C1C2C3 for sector trailer
break;
} else if (tries == 2) { // on last try set defaults
PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo);
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
rights[sectorNo][3] = 0x01;
}
} else { } else {
PrintAndLog("Could not get access rights for sector %2d. Trying with defaults...", sectorNo); PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00; rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
rights[sectorNo][3] = 0x01; rights[sectorNo][3] = 0x01;
} }
} else {
PrintAndLog("Command execute timeout when trying to read access rights for sector %2d. Trying with defaults...", sectorNo);
rights[sectorNo][0] = rights[sectorNo][1] = rights[sectorNo][2] = 0x00;
rights[sectorNo][3] = 0x01;
} }
} }
@ -362,27 +365,33 @@ int CmdHF14AMfDump(const char *Cmd)
for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) { for (sectorNo = 0; isOK && sectorNo < numSectors; sectorNo++) {
for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) { for (blockNo = 0; isOK && blockNo < NumBlocksPerSector(sectorNo); blockNo++) {
bool received = false; bool received = false;
for (tries = 0; tries < 3; tries++) {
if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A. if (blockNo == NumBlocksPerSector(sectorNo) - 1) { // sector trailer. At least the Access Conditions can always be read with key A.
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
memcpy(c.d.asBytes, keyA[sectorNo], 6);
SendCommand(&c);
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
} else { // data block. Check if it can be read with key A or key B
uint8_t data_area = sectorNo<32?blockNo:blockNo/5;
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};
memcpy(c.d.asBytes, keyB[sectorNo], 6);
SendCommand(&c);
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work
isOK = false;
PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);
} else { // key A would work
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}}; UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
memcpy(c.d.asBytes, keyA[sectorNo], 6); memcpy(c.d.asBytes, keyA[sectorNo], 6);
SendCommand(&c); SendCommand(&c);
received = WaitForResponseTimeout(CMD_ACK,&resp,1500); received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
} else { // data block. Check if it can be read with key A or key B
uint8_t data_area = sectorNo<32?blockNo:blockNo/5;
if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 1, 0}};
memcpy(c.d.asBytes, keyB[sectorNo], 6);
SendCommand(&c);
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
} else if (rights[sectorNo][data_area] == 0x07) { // no key would work
isOK = false;
PrintAndLog("Access rights do not allow reading of sector %2d block %3d", sectorNo, blockNo);
tries = 2;
} else { // key A would work
UsbCommand c = {CMD_MIFARE_READBL, {FirstBlockOfSector(sectorNo) + blockNo, 0, 0}};
memcpy(c.d.asBytes, keyA[sectorNo], 6);
SendCommand(&c);
received = WaitForResponseTimeout(CMD_ACK,&resp,1500);
}
}
if (received) {
isOK = resp.arg[0] & 0xff;
if (isOK) break;
} }
} }