dash/proxmark3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ADD: @marshmellows42 's fixes for "lf cmdread" and CHANGELOG.md

Browse Source 
ADD:  Added the "lf t55x7 wakeup" command. It will send a pwd,  and leave the antenna on.
Process like:
1. lf t55x7 wakeup p 11223344
2. lf search

---
It is still not finished,  will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets.
This commit is contained in:
iceman1001
2015-10-20 19:00:02 +02:00
parent b87f99f4bb
commit 9276e859a6
10 changed files with 230 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
client/cmdlf.c
View File

@@ -36,16 +36,18 @@ static int CmdHelp(const char *Cmd);
int usage_lf_cmdread()
{
PrintAndLog("Usage: lf cmdread <delay off> <zero> <one> <cmdbytes> [H|L]");
PrintAndLog("Usage: lf cmdread d <delay period> z <zero period> o <one period> c <cmdbytes> [H]");
PrintAndLog("Options: ");
PrintAndLog(" h This help");
PrintAndLog(" <delay off> delay offset");
PrintAndLog(" <zero> time period ZERO");
PrintAndLog(" <one> time period ONE");
PrintAndLog(" [H|L] Frequency Low (125 KHz) / High (134 KHz)");
PrintAndLog(" H Freqency High (134 KHz), default is 'Low (125KHz)'");
PrintAndLog(" d <delay> delay OFF period, (dec)");
PrintAndLog(" z <zero> time period ZERO, (dec)");
PrintAndLog(" o <one> time period ONE, (dec)");
PrintAndLog(" c <cmd> Command bytes");
PrintAndLog(" ************* All periods in microseconds (ms)");
PrintAndLog("Examples:");
PrintAndLog(" lf cmdread 80 100 200 11000");
PrintAndLog(" lf cmdread 80 100 100 11000 H");
PrintAndLog(" lf cmdread d 80 z 100 o 200 c 11000");
PrintAndLog(" lf cmdread d 80 z 100 o 100 c 11000 H");
return 0;
}
@@ -53,21 +55,38 @@ int usage_lf_cmdread()
int CmdLFCommandRead(const char *Cmd)
{
static char dummy[3] = {0x20,0x00,0x00};
UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K};
bool errors = FALSE;
uint8_t divisor = 95; //125khz
uint8_t cmdp =0;
while(param_getchar(Cmd, cmdp) != 0x00)
{
uint8_t cmdp = 0;
int strLength = 0;
while(param_getchar(Cmd, cmdp) != 0x00) {
switch(param_getchar(Cmd, cmdp))
{
case 'h':
return usage_lf_cmdread();
case 'H':
divisor = 88;
dummy[1]='h';
cmdp++;
break;
case 'a':
//param_getchar(Cmd, cmdp+1) == '1';
case 'L':
cmdp++;
break;
case 'c':
strLength = param_getstr(Cmd, cmdp+1, (char *)&c.d.asBytes);
cmdp+=2;
break;
case 'd':
c.arg[0] = param_get32ex(Cmd, cmdp+1, 0, 10);
cmdp+=2;
break;
case 'z':
c.arg[1] = param_get32ex(Cmd, cmdp+1, 0, 10);
cmdp+=2;
break;
case 'o':
c.arg[2] = param_get32ex(Cmd, cmdp+1, 0, 10);
cmdp+=2;
break;
default:
@@ -78,19 +97,15 @@ int CmdLFCommandRead(const char *Cmd)
if(errors) break;
}
// No args
if(cmdp == 0) errors = 1;
if (cmdp == 0) errors = 1;
//Validations
if(errors) return usage_lf_cmdread();
if (errors) return usage_lf_cmdread();
UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K};
sscanf(Cmd, "%"lli" %"lli" %"lli" %s %s", &c.arg[0], &c.arg[1], &c.arg[2],(char*)(&c.d.asBytes),(char*)(&dummy+1));
// in case they specified 'h'
strcpy((char *)&c.d.asBytes + strlen((char *)c.d.asBytes), dummy);
// in case they specified 'H'
// added to the end..
strcpy((char *)&c.d.asBytes + strLength, dummy);
PrintAndLog("ICE: %d %s -- %s", strlen((char *)c.d.asBytes) ,dummy, c.d.asBytes);
clearCommandBuffer();
SendCommand(&c);
return 0;
@@ -1205,8 +1220,8 @@ int CmdLFfind(const char *Cmd)
static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"},
{"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"},
{"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"},
{"hid", CmdLFHID, 1, "{ HID RFIDs... }"},
{"hitag", CmdLFHitag, 1, "{ HITAG RFIDs... }"},
{"io", CmdLFIO, 1, "{ IOPROX RFIDs... }"},

169
client/cmdlft55xx.c
View File

@@ -35,7 +35,7 @@ t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offse
int usage_t55xx_config(){
PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>]");
PrintAndLog("Options: ");
PrintAndLog("Options:");
PrintAndLog(" h This help");
PrintAndLog(" b <8|16|32|40|50|64|100|128> Set bitrate");
PrintAndLog(" d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa> Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A");
@@ -50,30 +50,39 @@ int usage_t55xx_config(){
return 0;
}
int usage_t55xx_read(){
PrintAndLog("Usage: lf t55xx read <block> <password>");
PrintAndLog(" <block>, block number to read. Between 0-7");
PrintAndLog(" <password>, OPTIONAL password (8 hex characters)");
PrintAndLog("Usage: lf t55xx read b <block> p <password> <override_safety> <wakeup>");
PrintAndLog("Options:");
PrintAndLog(" b <block>, block number to read. Between 0-7");
PrintAndLog(" p <password>, OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog(" o, OPTIONAL override safety check");
PrintAndLog(" w, OPTIONAL wakeup");
PrintAndLog(" ****WARNING****");
PrintAndLog(" Use of read with password on a tag not configured for a pwd");
PrintAndLog(" can damage the tag");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx read 0 - read data from block 0");
PrintAndLog(" lf t55xx read 0 feedbeef - read data from block 0 password feedbeef");
PrintAndLog(" lf t55xx read b 0 - read data from block 0");
PrintAndLog(" lf t55xx read b 0 p feedbeef - read data from block 0 password feedbeef");
PrintAndLog(" lf t55xx read b 0 p feedbeef o - read data from block 0 password feedbeef safety check");
PrintAndLog("");
return 0;
}
int usage_t55xx_write(){
PrintAndLog("Usage: lf t55xx wr <block> <data> [password]");
PrintAndLog("Usage: lf t55xx write <block> <data> [password]");
PrintAndLog("Options:");
PrintAndLog(" <block>, block number to write. Between 0-7");
PrintAndLog(" <data>, 4 bytes of data to write (8 hex characters)");
PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex characters)");
PrintAndLog(" <data>, 4 bytes of data to write (8 hex symbols)");
PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx wr 3 11223344 - write 11223344 to block 3");
PrintAndLog(" lf t55xx wr 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef");
PrintAndLog(" lf t55xx write 3 11223344 - write 11223344 to block 3");
PrintAndLog(" lf t55xx write 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef");
PrintAndLog("");
return 0;
}
int usage_t55xx_trace() {
PrintAndLog("Usage: lf t55xx trace [1]");
PrintAndLog("Options:");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog("");
PrintAndLog("Examples:");
@@ -84,6 +93,7 @@ int usage_t55xx_trace() {
}
int usage_t55xx_info() {
PrintAndLog("Usage: lf t55xx info [1]");
PrintAndLog("Options:");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog("");
PrintAndLog("Examples:");
@@ -94,6 +104,7 @@ int usage_t55xx_info() {
}
int usage_t55xx_dump(){
PrintAndLog("Usage: lf t55xx dump <password>");
PrintAndLog("Options:");
PrintAndLog(" <password>, OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog("");
PrintAndLog("Examples:");
@@ -103,7 +114,9 @@ int usage_t55xx_dump(){
return 0;
}
int usage_t55xx_detect(){
PrintAndLog("Usage: lf t55xx detect");
PrintAndLog("Usage: lf t55xx detect [1]");
PrintAndLog("Options:");
PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx detect");
@@ -111,6 +124,17 @@ int usage_t55xx_detect(){
PrintAndLog("");
return 0;
}
int usage_t55xx_wakup(){
PrintAndLog("Usage: lf t55xx wakeup [h] p <password>");
PrintAndLog("This commands send the Answer-On-Request command and leaves the readerfield ON afterwards.");
PrintAndLog("Options:");
PrintAndLog(" h - this help");
PrintAndLog(" p <password> - password 4bytes (8 hex symbols)");
PrintAndLog("");
PrintAndLog("Examples:");
PrintAndLog(" lf t55xx wakeup p 11223344 - send wakeup password");
return 0;
}
static int CmdHelp(const char *Cmd);
@@ -216,39 +240,72 @@ int CmdT55xxSetConfig(const char *Cmd) {
}
int CmdT55xxReadBlock(const char *Cmd) {
int block = -1;
int password = 0xFFFFFFFF; //default to blank Block 7
char cmdp = param_getchar(Cmd, 0);
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_read();
int res = sscanf(Cmd, "%d %x", &block, &password);
if ( res < 1 || res > 2 ) return usage_t55xx_read();
if ((block < 0) | (block > 7)) {
uint8_t block = 255;
uint8_t wake = 0;
uint8_t usepwd = 0;
uint32_t password = 0xFFFFFFFF; //default to blank Block 7
uint8_t override = 0;
uint8_t cmdp = 0;
bool errors = false;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
return usage_t55xx_read();
case 'b':
case 'B':
errors |= param_getdec(Cmd, cmdp+1, &block);
cmdp+=2;
break;
case 'o':
case 'O':
override = 1;
cmdp++;
break;
case 'p':
case 'P':
password = param_get32ex(Cmd, cmdp+1, 0, 10);
usepwd = 1;
cmdp+=2;
break;
case 'w':
case 'W':
wake = 1;
cmdp++;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors) return usage_t55xx_read();
if (wake && !usepwd) {
PrintAndLog("Wake command must use a pwd");
return 1;
}
if ((block > 7) && !wake) {
PrintAndLog("Block must be between 0 and 7");
return 1;
}
UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, 0}};
c.d.asBytes[0] = 0x0;
UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}};
//Password mode
if ( res == 2 ) {
if ( usepwd || wake ) {
// try reading the config block and verify that PWD bit is set before doing this!
AquireData( CONFIGURATION_BLOCK );
if ( !tryDetectModulation() ) {
PrintAndLog("Could not detect is PWD bit is set in config block. Exits.");
return 1;
}
//if PWD bit is set, allow to execute read command with password.
if (( config.block0 & T55x7_PWD ) == 1) {
c.arg[2] = password;
c.d.asBytes[0] = 0x1;
} else {
PrintAndLog("PWD bit is NOT set in config block. Reading without password...");
if ( wake || override ) {
c.arg[0] = (wake<<8) & usepwd;
if ( !wake && override )
PrintAndLog("Safety Check Overriden - proceeding despite risk");
} else {
AquireData( CONFIGURATION_BLOCK );
if ( !tryDetectModulation() ) {
PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");
return 1;
} else {
PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");
}
}
}
@@ -266,7 +323,11 @@ int CmdT55xxReadBlock(const char *Cmd) {
//DemodBufferLen=0;
if (!DecodeT55xxBlock()) return 3;
char blk[10]={0};
if ( wake ) {
sprintf(blk,"wake");
} else {
sprintf(blk,"%d", block);
}
printT55xxBlock(blk);
return 0;
}
@@ -1074,6 +1135,36 @@ void t55x7_create_config_block( int tagtype ){
}
int CmdT55xxWakeUp(const char *Cmd) {
uint32_t password = 0xFFFFFFFF; //default to blank Block 7
uint8_t cmdp = 0;
bool errors = false;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
return usage_t55xx_wakup();
case 'p':
case 'P':
password = param_get32ex(Cmd, cmdp+1, 0, 10);
cmdp+=2;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (errors) return usage_t55xx_wakup();
UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
PrintAndLog("Wake up command sent. Try read now");
return 0;
}
/*
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
@@ -1100,6 +1191,8 @@ static command_t CommandTable[] =
{"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
{"dump", CmdT55xxDump, 0, "[password] Dump T55xx card block 0-7. [optional password]"},
{"special", special, 0, "Show block changes with 64 different offsets"},
{"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},
{NULL, NULL, 0, NULL}
};

3
client/hid-flasher/usb_cmd.h
View File

@@ -86,6 +86,8 @@ typedef struct{
#define CMD_T55XX_READ_BLOCK 0x0214
#define CMD_T55XX_WRITE_BLOCK 0x0215
#define CMD_T55XX_READ_TRACE 0x0216
#define CMD_T55XX_WAKEUP 0x0224
#define CMD_PCF7931_READ 0x0217
#define CMD_PCF7931_WRITE 0x0223
#define CMD_EM4X_READ_WORD 0x0218
@@ -101,6 +103,7 @@ typedef struct{
#define CMD_AWID_DEMOD_FSK 0x0221
#define CMD_VIKING_CLONE_TAG 0x0222
/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
// For the 13.56 MHz tags

1
client/lualibs/commands.lua
View File

@@ -58,6 +58,7 @@ local _commands = {
CMD_PSK_SIM_TAG = 0x0220,
CMD_AWID_DEMOD_FSK = 0x0221,
CMD_VIKING_CLONE_TAG = 0x0222,
CMD_T55XX_WAKEUP = 0x0224,
--/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */