From dd98b934bc53e46e412e6de1266bc864ee868a66 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Wed, 5 Jul 2017 12:05:53 +0200
Subject: [PATCH] CHG: 'hf iclass readblk'  - should be able to read block 0,1
 on all cards without key. CHG: 'hf iclass reader' -  two rules according to
 datasheet   if app_limit is less than 0x6,  app_limit should be 0x6   if
 app_limit is bigger than 31/0x1F on 2kb picopass,  the app_limit should be
 26/0x1A

---
 client/cmdhficlass.c | 13 ++++++++++---
 common/protocols.c   |  7 +++++--
 common/protocols.h   | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index 5351adff..0fec030a 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -1174,9 +1174,16 @@ static int ReadBlock(uint8_t *KEY, uint8_t blockno, uint8_t keyType, bool elite,
 	uint8_t MAC[4]={0x00,0x00,0x00,0x00};
 	uint8_t div_key[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 
-	if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose))
-		return 0;
-
+	// block 0,1 should always be able to read,  and block 5 on some cards.
+	if (blockno >= 2 ) {
+		if (!select_and_auth(KEY, MAC, div_key, (keyType==0x18), elite, rawkey, verbose))
+			return 0;
+	} else {
+		uint8_t CSN[8]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+		uint8_t CCNR[12]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+		if (!select_only(CSN, CCNR, false, verbose))
+			return false;
+	}
 	UsbCommand resp;
 	UsbCommand w = {CMD_ICLASS_READBLOCK, {blockno}};
 	clearCommandBuffer();
diff --git a/common/protocols.c b/common/protocols.c
index 071f8766..f5b9dd3b 100644
--- a/common/protocols.c
+++ b/common/protocols.c
@@ -95,12 +95,15 @@ void mem_app_config(const picopass_hdr *hdr) {
 	uint8_t mem = hdr->conf.mem_config;
 	uint8_t chip = hdr->conf.chip_config;
 	uint8_t applimit = hdr->conf.app_limit;
-	
-	if (applimit < 6) applimit = 26;
 	uint8_t kb = 2;
 	uint8_t app_areas = 2;
 	uint8_t max_blk = 31;
+
 	getMemConfig(mem, chip, &max_blk, &app_areas, &kb);
+	
+	if (applimit < 6) applimit = 26;
+	if (kb == 2 && (applimit > 0x1f) ) applimit = 26;
+	
 	prnt("  Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem);
 	prnt("	AA1: blocks 06-%02X", applimit);
 	prnt("	AA2: blocks %02X-%02X", applimit+1, max_blk);
diff --git a/common/protocols.h b/common/protocols.h
index 96a4b178..02c20de5 100644
--- a/common/protocols.h
+++ b/common/protocols.h
@@ -362,6 +362,7 @@ void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *
 #define T55x7_MODULATION_MANCHESTER	0x00008000
 #define T55x7_MODULATION_BIPHASE	0x00010000
 #define T55x7_MODULATION_DIPHASE	0x00018000
+#define T55x7_X_MODE                0x00020000
 #define T55x7_BITRATE_RF_8			0
 #define T55x7_BITRATE_RF_16			0x00040000
 #define T55x7_BITRATE_RF_32			0x00080000
@@ -388,11 +389,43 @@ void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *
 #define T5555_PSK_RF_8				0x00000200
 #define T5555_USE_PWD				0x00000400
 #define T5555_USE_AOR				0x00000800
+#define T5555_SET_BITRATE(x)        (((x-2)/2)<<12)
+#define T5555_GET_BITRATE(x)        ((((x >> 12) & 0x3F)*2)+2)
 #define T5555_BITRATE_SHIFT         12 //(RF=2n+2)   ie 64=2*0x1F+2   or n = (RF-2)/2
 #define T5555_FAST_WRITE			0x00004000
 #define T5555_PAGE_SELECT			0x00008000
 
+#define T55XX_WRITE_TIMEOUT 1500
+
 uint32_t GetT55xxClockBit(uint32_t clock);
+										  
+
+// em4x05 & em4x69 chip configuration register definitions
+#define EM4x05_GET_BITRATE(x)         (((x & 0x3F)*2)+2)
+#define EM4x05_SET_BITRATE(x)         ((x-2)/2)
+#define EM4x05_MODULATION_NRZ         0x00000000
+#define EM4x05_MODULATION_MANCHESTER  0x00000040
+#define EM4x05_MODULATION_BIPHASE     0x00000080
+#define EM4x05_MODULATION_MILLER      0x000000C0 //not supported by all 4x05/4x69 chips
+#define EM4x05_MODULATION_PSK1        0x00000100 //not supported by all 4x05/4x69 chips
+#define EM4x05_MODULATION_PSK2        0x00000140 //not supported by all 4x05/4x69 chips
+#define EM4x05_MODULATION_PSK3        0x00000180 //not supported by all 4x05/4x69 chips
+#define EM4x05_MODULATION_FSK1        0x00000200 //not supported by all 4x05/4x69 chips
+#define EM4x05_MODULATION_FSK2        0x00000240 //not supported by all 4x05/4x69 chips
+#define EM4x05_PSK_RF_2               0
+#define EM4x05_PSK_RF_4               0x00000400
+#define EM4x05_PSK_RF_8               0x00000800
+#define EM4x05_MAXBLOCK_SHIFT         14
+#define EM4x05_FIRST_USER_BLOCK       5
+#define EM4x05_SET_NUM_BLOCKS(x)      ((x+5-1)<<14) //# of blocks sent during default read mode
+#define EM4x05_GET_NUM_BLOCKS(x)      (((x>>14) & 0xF)-5+1)
+#define EM4x05_READ_LOGIN_REQ         1<<18
+#define EM4x05_READ_HK_LOGIN_REQ      1<<19
+#define EM4x05_WRITE_LOGIN_REQ        1<<20
+#define EM4x05_WRITE_HK_LOGIN_REQ     1<<21
+#define EM4x05_READ_AFTER_WRITE       1<<22
+#define EM4x05_DISABLE_ALLOWED        1<<23
+#define EM4x05_READER_TALK_FIRST      1<<24
 
 // iclass / picopass chip config structures and shared routines
 typedef struct {