github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-19 12:59:44 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add lf t55xx resetread cmd + fix clone cmds

Browse source 
resetread cmd to determine start of streaming bits of ata5577 or
compatible chips...
fixed lf clone bugs introduced while refactoring recently...
This commit is contained in:
marshmellow42 2015-10-30 23:23:27 -04:00
commit 66837a0302
10 changed files with 84 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

6
armsrc/appmain.c
View file

@ -983,9 +983,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
case CMD_T55XX_WAKEUP:
T55xxWakeUp(c->arg[0]);
break;
//case CMD_T55XX_READ_TRACE:
// T55xxReadTrace();
// break;
case CMD_T55XX_RESET_READ:
T55xxResetRead();
break;
case CMD_PCF7931_READ:
ReadPCF7931();
break;

1
armsrc/apps.h
View file

@ -79,6 +79,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); //
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7
void T55xxResetRead(void);
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd);
void T55xxWakeUp(uint32_t Pwd);

58
armsrc/lfops.c
View file

@ -1110,8 +1110,34 @@ void T55xxWriteBit(int bit) {
SpinDelayUs(WRITE_GAP);
}
// Send T5577 reset command then read stream (see if we can identify the start of the stream)
void T55xxResetRead(void) {
LED_A_ON();
// Set up FPGA, 125kHz
LFSetupFPGAForADC(95, true);
// Trigger T55x7 in mode.
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelayUs(START_GAP);
// reset tag - op code 00
T55xxWriteBit(0);
T55xxWriteBit(0);
// Turn field on to read the response
TurnReadLFOn(READ_GAP);
// Acquisition
doT55x7Acquisition(39999);
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
cmd_send(CMD_ACK,0,0,0,0,0);
LED_A_OFF();
}
// Write one card block in page 0, no lock
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
void T55xxWriteBlockExt(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
LED_A_ON();
bool PwdMode = arg & 0x1;
uint8_t Page = (arg & 0x2)>>1;
@ -1153,10 +1179,15 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
// turn field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
cmd_send(CMD_ACK,0,0,0,0,0);
LED_A_OFF();
}
// Write one card block in page 0, no lock
void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
T55xxWriteBlockExt(Data, Block, Pwd, arg);
cmd_send(CMD_ACK,0,0,0,0,0);
}
// Read one card block in page 0
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
LED_A_ON();
@ -1199,7 +1230,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
TurnReadLFOn(READ_GAP);
// Acquisition
doT55x7Acquisition();
doT55x7Acquisition(12000);
// Turn the field off
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
@ -1234,8 +1265,10 @@ void T55xxWakeUp(uint32_t Pwd){
void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
// write last block first and config block last (if included)
for (uint8_t i = numblocks; i > startblock; i--)
T55xxWriteBlock(blockdata[i-1],i-1,0,0);
for (uint8_t i = numblocks+startblock; i > startblock; i--) {
Dbprintf("write- Blk: %d, d:%08X",i-1,blockdata[i-1]);
T55xxWriteBlockExt(blockdata[i-1],i-1,0,0);
}
}
// Copy HID id to card and setup block 0 config
@ -1253,7 +1286,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
// Build the 6 data blocks for supplied 84bit ID
last_block = 6;
// load preamble (1D) & long format identifier (9E manchester encoded)
data[1] = 0x1D96A900 | manchesterEncode2Bytes((hi2 >> 16) & 0xF);
data[1] = 0x1D96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF);
// load raw id from hi2, hi, lo to data blocks (manchester encoded)
data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF);
data[3] = manchesterEncode2Bytes(hi >> 16);
@ -1269,7 +1302,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
// Build the 3 data blocks for supplied 44bit ID
last_block = 3;
// load preamble
data[1] = 0x1D000000 | manchesterEncode2Bytes(hi & 0xFFF);
data[1] = 0x1D000000 | (manchesterEncode2Bytes(hi) & 0xFFFFFF);
data[2] = manchesterEncode2Bytes(lo >> 16);
data[3] = manchesterEncode2Bytes(lo & 0xFFFF);
}
@ -1286,8 +1319,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) {
DbpString("DONE!");
}
void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT)
{
void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) {
uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo};
LED_D_ON();
@ -1311,8 +1343,7 @@ void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) {
DbpString("DONE!");
}
// Clone Indala 224-bit tag by UID to T55x7
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7)
{
void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7) {
//Program the 7 data blocks for supplied 224bit UID
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
// and the block 0 for Indala224 format
@ -1328,8 +1359,7 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
#define EM410X_HEADER 0x1FF
#define EM410X_ID_LENGTH 40
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
{
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) {
int i, id_bit;
uint64_t id = EM410X_HEADER;
uint64_t rev_id = 0; // reversed ID
@ -1389,7 +1419,7 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo)
LED_D_ON();
// Write EM410x ID
uint32_t data[] = {0, id>>32, id & 0xFFFF};
uint32_t data[] = {0, id>>32, id & 0xFFFFFFFF};
if (card) {
clock = (card & 0xFF00) >> 8;
clock = (clock == 0) ? 64 : clock;

7
armsrc/lfsampling.c
View file

@ -253,17 +253,16 @@ uint32_t SnoopLF()
* acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds
* the data is collected in BigBuf.
**/
void doT55x7Acquisition(void){
void doT55x7Acquisition(size_t sample_size) {
#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
#define T55xx_READ_UPPER_THRESHOLD 128+40 // 50
#define T55xx_READ_TOL 5
uint8_t *dest = BigBuf_get_addr();
uint16_t bufsize = BigBuf_max_traceLen();
if ( bufsize > T55xx_SAMPLES_SIZE )
bufsize = T55xx_SAMPLES_SIZE;
if ( bufsize > sample_size )
bufsize = sample_size;
//memset(dest, 0, bufsize);

2
armsrc/lfsampling.h
View file

@ -5,7 +5,7 @@
* acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds
* the data is collected in BigBuf.
**/
void doT55x7Acquisition(void);
void doT55x7Acquisition(size_t sample_size);
/**
* Initializes the FPGA for reader-mode (field on), and acquires the samples.

38
client/cmdlft55xx.c
View file

@ -1165,18 +1165,36 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
return tmp;
}
int CmdResetRead(const char *Cmd) {
UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};
clearCommandBuffer();
SendCommand(&c);
if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
PrintAndLog("command execution time out");
return 0;
}
uint8_t got[39999];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
setGraphBuf(got, sizeof(got));
return 1;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
{"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},
{"read", CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"},
{"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data (page 0) [optional password]"},
{"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},
{"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
{"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. [optional password]"},
{"special", special, 0, "Show block changes with 64 different offsets"},
{"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},
{"help", CmdHelp, 1, "This help"},
{"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
{"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},
{"read", CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"},
{"resetread",CmdResetRead, 0, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"},
{"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data (page 0) [optional password]"},
{"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},
{"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
{"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. [optional password]"},
{"special", special, 0, "Show block changes with 64 different offsets"},
{"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},
{NULL, NULL, 0, NULL}
};

1
client/cmdlft55xx.h
View file

@ -47,6 +47,7 @@ int CmdT55xxWriteBlock(const char *Cmd);
int CmdT55xxReadTrace(const char *Cmd);
int CmdT55xxInfo(const char *Cmd);
int CmdT55xxDetect(const char *Cmd);
int CmdResetRead(const char *Cmd);
char * GetBitRateStr(uint32_t id);
char * GetSaferStr(uint32_t id);

2
client/hid-flasher/usb_cmd.h
View file

@ -73,7 +73,7 @@ typedef struct {
#define CMD_INDALA_CLONE_TAG_L 0x0213
#define CMD_T55XX_READ_BLOCK 0x0214
#define CMD_T55XX_WRITE_BLOCK 0x0215
//#define CMD_T55XX_READ_TRACE 0x0216
#define CMD_T55XX_RESET_READ 0x0216
#define CMD_PCF7931_READ 0x0217
#define CMD_EM4X_READ_WORD 0x0218
#define CMD_EM4X_WRITE_WORD 0x0219

2
client/lualibs/commands.lua
View file

@ -44,7 +44,7 @@ local _commands = {
CMD_INDALA_CLONE_TAG_L = 0x0213,
CMD_T55XX_READ_BLOCK = 0x0214,
CMD_T55XX_WRITE_BLOCK = 0x0215,
--//CMD_T55XX_READ_TRACE = 0x0216,
CMD_T55XX_RESET_READ = 0x0216,
CMD_PCF7931_READ = 0x0217,
CMD_EM4X_READ_WORD = 0x0218,
CMD_EM4X_WRITE_WORD = 0x0219,

2
include/usb_cmd.h
View file

@ -85,7 +85,7 @@ typedef struct{
#define CMD_INDALA_CLONE_TAG_L 0x0213
#define CMD_T55XX_READ_BLOCK 0x0214
#define CMD_T55XX_WRITE_BLOCK 0x0215
//#define CMD_T55XX_READ_TRACE 0x0216
#define CMD_T55XX_RESET_READ 0x0216
#define CMD_PCF7931_READ 0x0217
#define CMD_PCF7931_WRITE 0x0222
#define CMD_EM4X_READ_WORD 0x0218