dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix.

Browse Source 
ADD:  added the "t55x7" refactoring by @marshmellow42
This commit is contained in:
iceman1001
2015-10-27 21:47:21 +01:00
parent 1c8fbeb93e
commit 1d0ccbe04b
24 changed files with 704 additions and 604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
client/cmdhf.c
View File

@@ -736,6 +736,14 @@ int CmdHFSearch(const char *Cmd){
return 0;
}
int CmdHFSnoop(const char *Cmd)
{
char * pEnd;
UsbCommand c = {CMD_HF_SNIFFER, {strtol(Cmd, &pEnd,0),strtol(pEnd, &pEnd,0),0}};
SendCommand(&c);
return 0;
}
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
@@ -752,6 +760,7 @@ static command_t CommandTable[] =
{"tune", CmdHFTune, 0, "Continuously measure HF antenna tuning"},
{"list", CmdHFList, 1, "List protocol data in trace buffer"},
{"search", CmdHFSearch, 1, "Search for known HF tags [preliminary]"},
{"snoop", CmdHFSnoop, 0, "<samples to skip (10000)> <triggers to skip (1)> Generic LF/HF Snoop in Testing stage"},
{NULL, NULL, 0, NULL}
};

2
client/cmdhfmfdes.c
View File

@@ -611,7 +611,7 @@ int CmdHF14ADesAuth(const char *Cmd){
c.d.asBytes[0] = keylength;
memcpy(c.d.asBytes+1, key, keylength);
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;

116
client/cmdhfmfu.c
View File

@@ -1209,7 +1209,49 @@ int usage_hf_mfu_eload(void) {
return 0;
}
int usage_hf_mfu_ucauth(void) {
PrintAndLog("Usage: hf mfu cauth k <key number>");
PrintAndLog(" 0 (default): 3DES standard key");
PrintAndLog(" 1 : all 0x00 key");
PrintAndLog(" 2 : 0x00-0x0F key");
PrintAndLog(" 3 : nfc key");
PrintAndLog(" 4 : all 0x01 key");
PrintAndLog(" 5 : all 0xff key");
PrintAndLog(" 6 : 0x00-0xFF key");
PrintAndLog("\n sample : hf mfu cauth k");
PrintAndLog(" : hf mfu cauth k 3");
return 0;
}
int usage_hf_mfu_ucsetpwd(void) {
PrintAndLog("Usage: hf mfu setpwd <password (32 hex symbols)>");
PrintAndLog(" [password] - (32 hex symbols)");
PrintAndLog("");
PrintAndLog("sample: hf mfu setpwd 000102030405060708090a0b0c0d0e0f");
PrintAndLog("");
return 0;
}
int usage_hf_mfu_ucsetuid(void) {
PrintAndLog("Usage: hf mfu setuid <uid (14 hex symbols)>");
PrintAndLog(" [uid] - (14 hex symbols)");
PrintAndLog("\nThis only works for Magic Ultralight tags.");
PrintAndLog("");
PrintAndLog("sample: hf mfu setuid 11223344556677");
PrintAndLog("");
return 0;
}
int usage_hf_mfu_gendiverse(void){
PrintAndLog("Usage: hf mfu gen <uid (8 hex symbols)>");
PrintAndLog("");
PrintAndLog("sample: hf mfu gen 11223344");
PrintAndLog("");
return 0;
}
//
// Mifare Ultralight / Ultralight-C / Ultralight-EV1
// Read and Dump Card Contents, using auto detection of tag size.
int CmdHF14AMfUDump(const char *Cmd){
@@ -1455,6 +1497,7 @@ int CmdHF14AMfUDump(const char *Cmd){
// Ultralight C Methods
//-------------------------------------------------------------------------------
//
// Ultralight C Authentication Demo {currently uses hard-coded key}
//
@@ -1472,22 +1515,9 @@ int CmdHF14AMfucAuth(const char *Cmd){
errors = true;
}
if (cmdp == 'h' || cmdp == 'H')
errors = true;
if (cmdp == 'h' || cmdp == 'H') errors = true;
if (errors) {
PrintAndLog("Usage: hf mfu cauth k <key number>");
PrintAndLog(" 0 (default): 3DES standard key");
PrintAndLog(" 1 : all 0x00 key");
PrintAndLog(" 2 : 0x00-0x0F key");
PrintAndLog(" 3 : nfc key");
PrintAndLog(" 4 : all 0x01 key");
PrintAndLog(" 5 : all 0xff key");
PrintAndLog(" 6 : 0x00-0xFF key");
PrintAndLog("\n sample : hf mfu cauth k");
PrintAndLog(" : hf mfu cauth k 3");
return 0;
}
if (errors) return usage_hf_mfu_ucauth();
uint8_t *key = default_3des_keys[keyNo];
if (ulc_authentication(key, true))
@@ -1601,17 +1631,9 @@ int CmdTestDES(const char * cmd)
int CmdHF14AMfucSetPwd(const char *Cmd){
uint8_t pwd[16] = {0x00};
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf mfu setpwd <password (32 hex symbols)>");
PrintAndLog(" [password] - (32 hex symbols)");
PrintAndLog("");
PrintAndLog("sample: hf mfu setpwd 000102030405060708090a0b0c0d0e0f");
PrintAndLog("");
return 0;
}
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_ucsetpwd();
if (param_gethex(Cmd, 0, pwd, 32)) {
PrintAndLog("Password must include 32 HEX symbols");
@@ -1624,7 +1646,6 @@ int CmdHF14AMfucSetPwd(const char *Cmd){
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500) ) {
if ( (resp.arg[0] & 0xff) == 1)
PrintAndLog("Ultralight-C new password: %s", sprint_hex(pwd,16));
@@ -1636,8 +1657,7 @@ int CmdHF14AMfucSetPwd(const char *Cmd){
else {
PrintAndLog("command execution time out");
return 1;
}
}
return 0;
}
@@ -1650,17 +1670,8 @@ int CmdHF14AMfucSetUid(const char *Cmd){
UsbCommand resp;
uint8_t uid[7] = {0x00};
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf mfu setuid <uid (14 hex symbols)>");
PrintAndLog(" [uid] - (14 hex symbols)");
PrintAndLog("\nThis only works for Magic Ultralight tags.");
PrintAndLog("");
PrintAndLog("sample: hf mfu setuid 11223344556677");
PrintAndLog("");
return 0;
}
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_ucsetuid();
if (param_gethex(Cmd, 0, uid, 14)) {
PrintAndLog("UID must include 14 HEX symbols");
return 1;
@@ -1724,14 +1735,20 @@ int CmdHF14AMfucSetUid(const char *Cmd){
}
int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
uint8_t uid[4];
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || cmdp == 'h' || cmdp == 'H') return usage_hf_mfu_gendiverse();
if (param_gethex(Cmd, 0, uid, 8)) {
PrintAndLog("UID must include 8 HEX symbols");
return 1;
}
uint8_t iv[8] = { 0x00 };
uint8_t block = 0x07;
uint8_t block = 0x01;
// UL-EV1
//04 57 b6 e2 05 3f 80 UID
//4a f8 4b 19 PWD
uint8_t uid[] = { 0xF4,0xEA, 0x54, 0x8E };
uint8_t mifarekeyA[] = { 0xA0,0xA1,0xA2,0xA3,0xA4,0xA5 };
uint8_t mifarekeyB[] = { 0xB0,0xB1,0xB2,0xB3,0xB4,0xB5 };
uint8_t dkeyA[8] = { 0x00 };
@@ -1760,15 +1777,13 @@ int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
, divkey // output
);
PrintAndLog("3DES version");
PrintAndLog("-- 3DES version");
PrintAndLog("Masterkey :\t %s", sprint_hex(masterkey,sizeof(masterkey)));
PrintAndLog("UID :\t %s", sprint_hex(uid, sizeof(uid)));
PrintAndLog("Sector :\t %0d", block);
PrintAndLog("block :\t %0d", block);
PrintAndLog("Mifare key :\t %s", sprint_hex(mifarekeyA, sizeof(mifarekeyA)));
PrintAndLog("Message :\t %s", sprint_hex(mix, sizeof(mix)));
PrintAndLog("Diversified key: %s", sprint_hex(divkey+1, 6));
PrintAndLog("\n DES version");
for (int i=0; i < sizeof(mifarekeyA); ++i){
dkeyA[i] = (mifarekeyA[i] << 1) & 0xff;
@@ -1798,20 +1813,19 @@ int CmdHF14AMfuGenDiverseKeys(const char *Cmd){
, newpwd // output
);
PrintAndLog("\n-- DES version");
PrintAndLog("Mifare dkeyA :\t %s", sprint_hex(dkeyA, sizeof(dkeyA)));
PrintAndLog("Mifare dkeyB :\t %s", sprint_hex(dkeyB, sizeof(dkeyB)));
PrintAndLog("Mifare ABA :\t %s", sprint_hex(dmkey, sizeof(dmkey)));
PrintAndLog("Mifare Pwd :\t %s", sprint_hex(newpwd, sizeof(newpwd)));
// next. from the diversify_key method.
return 0;
}
// static uint8_t * diversify_key(uint8_t * key){
// for(int i=0; i<16; i++){
// if(i<=6) key[i]^=cuid[i];
// if(i>6) key[i]^=cuid[i%7];
// }
// return key;
// }

390
client/cmdlft55xx.c
View File

@@ -26,9 +26,11 @@
#include "../common/iso14443crc.h"
#include "cmdhf14a.h"
#define CONFIGURATION_BLOCK 0x00
#define TRACE_BLOCK 0x01
#define T55x7_CONFIGURATION_BLOCK 0x00
#define T55x7_PAGE0 0x00
#define T55x7_PAGE1 0x01
#define T55x7_PWD 0x00000010
#define REGULAR_READ_MODE_BLOCK 0xFF
// Default configuration
t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00};
@@ -50,11 +52,12 @@ int usage_t55xx_config(){
return 0;
}
int usage_t55xx_read(){
PrintAndLog("Usage: lf t55xx read b <block> p <password> <override_safety>");
PrintAndLog("Usage: lf t55xx read [b <block>] [p <password>] <override_safety> <page1>");
PrintAndLog("Options:");
PrintAndLog(" b <block>, block number to read. Between 0-7");
PrintAndLog(" p <password>, OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog(" o, OPTIONAL override safety check");
PrintAndLog(" b <block> - block number to read. Between 0-7");
PrintAndLog(" p <password> - OPTIONAL password (8 hex characters)");
PrintAndLog(" o - OPTIONAL override safety check");
PrintAndLog(" 1 - OPTIONAL read Page 1 instead of Page 0");
PrintAndLog(" ****WARNING****");
PrintAndLog(" Use of read with password on a tag not configured for a pwd");
PrintAndLog(" can damage the tag");
@@ -67,22 +70,23 @@ int usage_t55xx_read(){
return 0;
}
int usage_t55xx_write(){
PrintAndLog("Usage: lf t55xx write <block> <data> [password]");
PrintAndLog("Usage: lf t55xx wr [b <block>] [d <data>] [p <password>] [1]");
PrintAndLog("Options:");
PrintAndLog(" <block>, block number to write. Between 0-7");
PrintAndLog(" <data>, 4 bytes of data to write (8 hex symbols)");
PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog(" b <block> - block number to write. Between 0-7");
PrintAndLog(" d <data> - 4 bytes of data to write (8 hex characters)");
PrintAndLog(" p <password> - OPTIONAL password 4bytes (8 hex characters)");
PrintAndLog(" 1 - OPTIONAL write Page 1 instead of Page 0");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx write 3 11223344 - write 11223344 to block 3");
PrintAndLog(" lf t55xx write 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef");
PrintAndLog(" lf t55xx write b 3 d 11223344 - write 11223344 to block 3");
PrintAndLog(" lf t55xx write b 3 d 11223344 p feedbeef - write 11223344 to block 3 password feedbeef");
PrintAndLog("");
return 0;
}
int usage_t55xx_trace() {
PrintAndLog("Usage: lf t55xx trace [1]");
PrintAndLog("Options:");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog(" [graph buffer data] - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx trace");
@@ -93,7 +97,7 @@ int usage_t55xx_trace() {
int usage_t55xx_info() {
PrintAndLog("Usage: lf t55xx info [1]");
PrintAndLog("Options:");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog(" [graph buffer data] - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx info");
@@ -102,20 +106,21 @@ int usage_t55xx_info() {
return 0;
}
int usage_t55xx_dump(){
PrintAndLog("Usage: lf t55xx dump <password>");
PrintAndLog("Usage: lf t55xx dump <password> [o]");
PrintAndLog("Options:");
PrintAndLog(" <password>, OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog(" <password> - OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog(" o - OPTIONAL override, force pwd read despite danger to card");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx dump");
PrintAndLog(" lf t55xx dump feedbeef");
PrintAndLog(" lf t55xx dump feedbeef o");
PrintAndLog("");
return 0;
}
int usage_t55xx_detect(){
PrintAndLog("Usage: lf t55xx detect [1]");
PrintAndLog("Options:");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog(" [graph buffer data] - if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx detect");
@@ -146,8 +151,7 @@ int CmdT55xxSetConfig(const char *Cmd) {
char tmp = 0x00;
uint8_t bitRate = 0;
uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};
while(param_getchar(Cmd, cmdp) != 0x00 && !errors)
{
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
tmp = param_getchar(Cmd, cmdp);
switch(tmp)
{
@@ -234,12 +238,43 @@ int CmdT55xxSetConfig(const char *Cmd) {
return printConfiguration ( config );
}
int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, bool override, uint32_t password){
//Password mode
if ( usepwd ) {
// try reading the config block and verify that PWD bit is set before doing this!
if ( !override ) {
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0 ) ) return 0;
if ( !tryDetectModulation() ) {
PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");
return 0;
} else {
PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");
usepwd = false;
page1 = false;
}
} else {
PrintAndLog("Safety Check Overriden - proceeding despite risk");
}
}
if (!AquireData(page1, block, usepwd, password) ) return 0;
if (!DecodeT55xxBlock()) return 0;
char blk[10]={0};
sprintf(blk,"%d", block);
printT55xxBlock(blk);
return 1;
}
int CmdT55xxReadBlock(const char *Cmd) {
uint8_t block = 255;
uint8_t block = REGULAR_READ_MODE_BLOCK;
uint32_t password = 0; //default to blank Block 7
bool usepwd = FALSE;
bool override = FALSE;
bool errors = FALSE;
bool usepwd = false;
bool override = false;
bool page1 = false;
bool errors = false;
uint8_t cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch(param_getchar(Cmd, cmdp)) {
@@ -258,10 +293,14 @@ int CmdT55xxReadBlock(const char *Cmd) {
break;
case 'p':
case 'P':
password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);
usepwd = TRUE;
password = param_get32ex(Cmd, cmdp+1, 0, 16);
usepwd = true;
cmdp += 2;
break;
case '1':
page1 = true;
cmdp++;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
@@ -270,49 +309,13 @@ int CmdT55xxReadBlock(const char *Cmd) {
}
if (errors) return usage_t55xx_read();
if ( block > 7 ) {
if (block > 7 && block != REGULAR_READ_MODE_BLOCK ) {
PrintAndLog("Block must be between 0 and 7");
return 1;
}
UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}};
//Password mode
if ( usepwd ) {
// try reading the config block and verify that PWD bit is set before doing this!
if ( !override ) {
AquireData( CONFIGURATION_BLOCK );
if ( !tryDetectModulation() ) {
PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");
return 1;
} else {
PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");
}
} else {
PrintAndLog("Safety Check Overriden - proceeding despite risk");
c.arg[0] = usepwd;
}
return 0;
}
clearCommandBuffer();
SendCommand(&c);
if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
PrintAndLog("command execution time out");
return 2;
}
uint8_t got[12000];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
setGraphBuf(got, sizeof(got));
if (!DecodeT55xxBlock()) return 3;
char blk[10]={0};
sprintf(blk,"%d", block);
printT55xxBlock(blk);
return 0;
PrintAndLog("Reading Page %d:", page1);
PrintAndLog("blk | hex data | binary");
return T55xxReadBlock(block, page1, usepwd, override, password);
}
bool DecodeT55xxBlock(){
@@ -323,9 +326,6 @@ bool DecodeT55xxBlock(){
uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
DemodBufferLen = 0x00;
//trim 1/2 a clock from beginning
//snprintf(cmdStr, sizeof(buf),"%d", bitRate[config.bitrate]/2 );
//CmdLtrim(cmdStr);
switch( config.modulation ){
case DEMOD_FSK:
snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );
@@ -372,21 +372,36 @@ bool DecodeT55xxBlock(){
int CmdT55xxDetect(const char *Cmd){
bool override = false;
//bool pwdmode = false;
uint32_t password = 0; //default to blank Block 7
bool usepwd = ( strlen(Cmd) > 0);
if ( usepwd ){
password = param_get32ex(Cmd, 0, 0, 16);
if (param_getchar(Cmd, 1) =='o' )
override = true;
}
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_detect();
if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK );
if (strlen(Cmd)==0) {
password = param_get32ex(Cmd, 0, 0, 16);
if (param_getchar(Cmd, 1) =='o' ) override = true;
}
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password) )
return 0;
if ( !tryDetectModulation() )
PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");
return 0;
return 1;
}
// detect configuration?
bool tryDetectModulation(){
//char cmdStr[8] = {0};
uint8_t hits = 0;
t55xx_conf_block_t tests[15];
int bitRate=0;
@@ -394,8 +409,6 @@ bool tryDetectModulation(){
save_restoreGB(1);
if (GetFskClock("", FALSE, FALSE)){
fskClocks(&fc1, &fc2, &clk, FALSE);
//sprintf(cmdStr,"%d", clk/2);
//CmdLtrim(cmdStr);
if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate)){
tests[hits].modulation = DEMOD_FSK;
if (fc1==8 && fc2 == 5)
@@ -422,8 +435,6 @@ bool tryDetectModulation(){
} else {
clk = GetAskClock("", FALSE, FALSE);
if (clk>0) {
//sprintf(cmdStr,"%d", clk/2);
//CmdLtrim(cmdStr);
if ( ASKDemod("0 0 0", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate)) {
tests[hits].modulation = DEMOD_ASK;
tests[hits].bitrate = bitRate;
@@ -457,8 +468,6 @@ bool tryDetectModulation(){
save_restoreGB(0);
clk = GetNrzClock("", FALSE, FALSE);
if (clk>0) {
//sprintf(cmdStr,"%d", clk/2);
//CmdLtrim(cmdStr);
if ( NRZrawDemod("0 0 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate)) {
tests[hits].modulation = DEMOD_NRZ;
tests[hits].bitrate = bitRate;
@@ -480,9 +489,6 @@ bool tryDetectModulation(){
save_restoreGB(0);
clk = GetPskClock("", FALSE, FALSE);
if (clk>0) {
//PrintAndLog("clk %d",clk);
//sprintf(cmdStr,"%d", clk/2);
//CmdLtrim(cmdStr);
if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate)) {
tests[hits].modulation = DEMOD_PSK1;
tests[hits].bitrate = bitRate;
@@ -700,66 +706,126 @@ int printConfiguration( t55xx_conf_block_t b){
return 0;
}
int CmdT55xxWriteBlock(const char *Cmd) {
int block = 8; //default to invalid block
int data = 0xFFFFFFFF; //default to blank Block
int password = 0xFFFFFFFF; //default to blank Block 7
char cmdp = param_getchar(Cmd, 0);
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_write();
int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);
if ( res < 2 || res > 3) {
usage_t55xx_write();
return 1;
int CmdT55xxWakeUp(const char *Cmd) {
uint32_t password = 0;
uint8_t cmdp = 0;
bool errors = false;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
return usage_t55xx_wakup();
case 'p':
case 'P':
password = param_get32ex(Cmd, cmdp+1, 0, 16);
cmdp += 2;
errors = false;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors) return usage_t55xx_wakup();
UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
PrintAndLog("Wake up command sent. Try read now");
return 0;
}
int CmdT55xxWriteBlock(const char *Cmd) {
uint8_t block = 0xFF; //default to invalid block
uint32_t data = 0; //default to blank Block
uint32_t password = 0; //default to blank Block 7
bool usepwd = false;
bool page1 = false;
bool gotdata = false;
bool errors = false;
uint8_t cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
return usage_t55xx_write();
case 'b':
case 'B':
errors |= param_getdec(Cmd, cmdp+1, &block);
cmdp += 2;
break;
case 'd':
case 'D':
data = param_get32ex(Cmd, cmdp+1, 0, 16);
gotdata = true;
cmdp += 2;
break;
case 'p':
case 'P':
password = param_get32ex(Cmd, cmdp+1, 0, 16);
usepwd = true;
cmdp += 2;
break;
case '1':
page1 = true;
cmdp++;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors || !gotdata) return usage_t55xx_write();
if (block > 7) {
PrintAndLog("Block number must be between 0 and 7");
return 1;
return 0;
}
UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};
UsbCommand resp;
c.d.asBytes[0] = 0x0;
c.d.asBytes[0] = (page1) ? 0x2 : 0;
PrintAndLog("Writing to block: %d data : 0x%08X", block, data);
PrintAndLog("Writing to page: %d block: %d data : 0x%08X", page1, block, data);
//Password mode
if (res == 3) {
if (usepwd) {
c.arg[2] = password;
c.d.asBytes[0] = 0x1;
c.d.asBytes[0] |= 0x1;
PrintAndLog("pwd : 0x%08X", password);
}
clearCommandBuffer();
SendCommand(&c);
if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");
return -1;
}
return 0;
}
return 1;
}
int CmdT55xxReadTrace(const char *Cmd) {
char cmdp = param_getchar(Cmd, 0);
bool pwdmode = false;
uint32_t password = 0;
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_trace();
if (strlen(Cmd)==0)
AquireData( TRACE_BLOCK );
if ( !AquireData( T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password ) )
return 0;
if (!DecodeT55xxBlock()) return 1;
if (!DecodeT55xxBlock()) return 0;
if ( !DemodBufferLen) return 1;
if ( !DemodBufferLen) return 0;
RepaintGraphWindow();
uint8_t repeat = 0;
if (config.offset > 5)
repeat = 32;
uint8_t si = config.offset+repeat;
uint32_t bl0 = PackBits(si, 32, DemodBuffer);
uint32_t bl1 = PackBits(si+32, 32, DemodBuffer);
uint32_t bl1 = PackBits(si, 32, DemodBuffer);
uint32_t bl2 = PackBits(si+32, 32, DemodBuffer);
uint32_t acl = PackBits(si, 8, DemodBuffer); si += 8;
uint32_t mfc = PackBits(si, 8, DemodBuffer); si += 8;
@@ -780,7 +846,7 @@ int CmdT55xxReadTrace(const char *Cmd) {
if ( acl != 0xE0 ) {
PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
return 1;
return 0;
}
PrintAndLog("");
@@ -797,8 +863,8 @@ int CmdT55xxReadTrace(const char *Cmd) {
PrintAndLog(" Die Number : %d", dw);
PrintAndLog("-------------------------------------------------------------");
PrintAndLog(" Raw Data - Page 1");
PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );
PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat,32) );
PrintAndLog(" Block 2 : 0x%08X %s", bl2, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
PrintAndLog("-------------------------------------------------------------");
/*
@@ -827,12 +893,15 @@ int CmdT55xxInfo(const char *Cmd){
Normal mode
Extended mode
*/
bool pwdmode = false;
uint32_t password = 0;
char cmdp = param_getchar(Cmd, 0);
if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_info();
if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK );
if ( !AquireData( T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, pwdmode, password ) )
return 1;
if (!DecodeT55xxBlock()) return 1;
@@ -883,55 +952,50 @@ int CmdT55xxInfo(const char *Cmd){
int CmdT55xxDump(const char *Cmd){
char s[20] = {0x00};
uint8_t pwd[4] = {0x00};
char cmdp = param_getchar(Cmd, 0);
uint32_t password = 0;
bool override = false;
char cmdp = param_getchar(Cmd, 0);
if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();
bool hasPwd = ( strlen(Cmd) > 0);
if ( hasPwd ){
if (param_gethex(Cmd, 0, pwd, 8)) {
PrintAndLog("password must include 8 HEX symbols");
return 1;
}
bool usepwd = ( strlen(Cmd) > 0);
if ( usepwd ){
password = param_get32ex(Cmd, 0, 0, 16);
if (param_getchar(Cmd, 1) =='o' )
override = true;
}
for ( int i = 0; i <8; ++i){
memset(s,0,sizeof(s));
if ( hasPwd ) {
sprintf(s,"%d %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]);
} else {
sprintf(s,"%d", i);
}
CmdT55xxReadBlock(s);
PrintAndLog("Reading Page 0:");
PrintAndLog("blk | hex data | binary");
for ( uint8_t i = 0; i < 8; ++i){
T55xxReadBlock(i, 0, usepwd, override, password);
}
return 0;
PrintAndLog("Reading Page 1:");
PrintAndLog("blk | hex data | binary");
for ( uint8_t i = 0; i < 4; i++){
T55xxReadBlock(i, 1, usepwd, override, password);
}
return 1;
}
int AquireData( uint8_t block ){
uint32_t password = 0;
UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, 0, password}};
if ( block == CONFIGURATION_BLOCK ) {
c.arg[0] = 0x00 | 0x01;
}
else if (block == TRACE_BLOCK ) {
c.arg[0] = 0x02 | 0x01;
}
int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){
// arg0 bitmodes:
// bit0 = pwdmode
// bit1 = page to read from
uint8_t arg0 = (page<<1) | pwdmode;
UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}};
clearCommandBuffer();
SendCommand(&c);
if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
PrintAndLog("command execution time out");
return 1;
return 0;
}
uint8_t got[12000];
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
setGraphBuf(got, 12000);
return 0;
setGraphBuf(got, sizeof(got));
return 1;
}
char * GetBitRateStr(uint32_t id){
@@ -1099,35 +1163,6 @@ void t55x7_create_config_block( int tagtype ){
}
int CmdT55xxWakeUp(const char *Cmd) {
uint32_t password = 0;
uint8_t cmdp = 0;
bool errors = false;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
return usage_t55xx_wakup();
case 'p':
case 'P':
password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);
cmdp+=2;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors) return usage_t55xx_wakup();
UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
PrintAndLog("Wake up command sent. Try read now");
return 0;
}
/*
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
@@ -1148,14 +1183,13 @@ static command_t CommandTable[] =
{"help", CmdHelp, 1, "This help"},
{"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},
{"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},
{"read", CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},
{"write", CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},
{"read", CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"},
{"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data (page 0) [optional password]"},
{"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},
{"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
{"dump", CmdT55xxDump, 0, "[password] Dump T55xx card block 0-7. [optional password]"},
{"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. [optional password]"},
{"special", special, 0, "Show block changes with 64 different offsets"},
{"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},
{NULL, NULL, 0, NULL}
};

2
client/cmdlft55xx.h
View File

@@ -82,6 +82,6 @@ bool DecodeT55xxBlock();
bool tryDetectModulation();
bool test(uint8_t mode, uint8_t *offset, int *fndBitRate);
int special(const char *Cmd);
int AquireData( uint8_t block );
int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );
#endif

2
client/hid-flasher/usb_cmd.h
View File

@@ -196,6 +196,8 @@ typedef struct{
#define CMD_MIFARE_DESFIRE 0x072e
#define CMD_MIFARE_COLLECT_NONCES 0x072f
#define CMD_HF_SNIFFER 0x0800
#define CMD_UNKNOWN 0xFFFF

5
client/lualibs/commands.lua
View File

@@ -44,7 +44,7 @@ local _commands = {
CMD_INDALA_CLONE_TAG_L = 0x0213,
CMD_T55XX_READ_BLOCK = 0x0214,
CMD_T55XX_WRITE_BLOCK = 0x0215,
CMD_T55XX_READ_TRACE = 0x0216,
--//CMD_T55XX_READ_TRACE = 0x0216,
CMD_PCF7931_READ = 0x0217,
CMD_PCF7931_WRITE = 0x0223,
CMD_EM4X_READ_WORD = 0x0218,
@@ -157,7 +157,8 @@ local _commands = {
CMD_MIFARE_DES_READER = 0x072c,
CMD_MIFARE_DESFIRE_INFO = 0x072d,
CMD_MIFARE_DESFIRE = 0x072e,
CMD_HF_SNIFFER = 0x0800,
CMD_UNKNOWN = 0xFFFF,
}

2
client/scripting.c
View File

@@ -53,7 +53,7 @@ static int l_SendCommand(lua_State *L){
const char *data = luaL_checklstring(L, 1, &size);
if(size != sizeof(UsbCommand))
{
printf("Got data size %d, expected %d" , size, sizeof(UsbCommand));
printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
lua_pushstring(L,"Wrong data size");
return 1;
}