return 0;\r
}\r
int usage_t55xx_bruteforce(){\r
+ PrintAndLog("This command uses A) bruteforce to scan a number range");\r
+ PrintAndLog(" B) a dictionary attack");\r
PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password> [i <*.dic>]");\r
PrintAndLog(" password must be 4 bytes (8 hex symbols)");\r
PrintAndLog("Options:");\r
- PrintAndLog(" h - this help");\r
- PrintAndLog(" i <*.dic> - loads a default keys dictionary file <*.dic>");\r
+ PrintAndLog(" h - this help");\r
+ PrintAndLog(" <start_pwd> - 4 byte hex value to start pwd search at");\r
+ PrintAndLog(" <end_pwd> - 4 byte hex value to end pwd search at");\r
+ PrintAndLog(" i <*.dic> - loads a default keys dictionary file <*.dic>");\r
PrintAndLog("");\r
PrintAndLog("Examples:");\r
PrintAndLog(" lf t55xx bruteforce aaaaaaaa bbbbbbbb");\r
- PrintAndLog(" lf t55xx bruteforce i mykeys.dic");\r
+ PrintAndLog(" lf t55xx bruteforce i default_pwd.dic");\r
PrintAndLog("");\r
return 0;\r
}\r
break;\r
case DEMOD_PSK1:\r
// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ save_restoreGB(1);\r
CmdLtrim("160");\r
snprintf(cmdStr, sizeof(buf),"%d %d 6", bitRate[config.bitrate], config.inverted );\r
ans = PSKDemod(cmdStr, FALSE);\r
+ //undo trim samples\r
+ save_restoreGB(0);\r
break;\r
case DEMOD_PSK2: //inverted won't affect this\r
case DEMOD_PSK3: //not fully implemented\r
// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ save_restoreGB(1);\r
CmdLtrim("160");\r
snprintf(cmdStr, sizeof(buf),"%d 0 6", bitRate[config.bitrate] );\r
ans = PSKDemod(cmdStr, FALSE);\r
psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
+ //undo trim samples\r
+ save_restoreGB(0);\r
break;\r
case DEMOD_NRZ:\r
snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
\r
if (GetFskClock("", FALSE, FALSE)){ \r
fskClocks(&fc1, &fc2, &clk, FALSE);\r
- if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){\r
+ if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
tests[hits].modulation = DEMOD_FSK;\r
if (fc1==8 && fc2 == 5)\r
tests[hits].modulation = DEMOD_FSK1a;\r
tests[hits].modulation = DEMOD_FSK1;\r
else if (fc1 == 10 && fc2 == 8)\r
tests[hits].modulation = DEMOD_FSK2a;\r
-\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = TRUE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
config.inverted = tests[0].inverted;\r
config.offset = tests[0].offset;\r
config.block0 = tests[0].block0;\r
+ config.Q5 = tests[0].Q5;\r
printConfiguration( config );\r
return TRUE;\r
}\r
uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key\r
uint8_t resv = PackBits(si, 8, DemodBuffer); si += 8;\r
// 2nibble must be zeroed.\r
- if (safer != 0x6) continue;\r
+ if (safer != 0x6 && safer != 0x9) continue;\r
if ( resv > 0x00) continue;\r
//uint8_t pageSel = PackBits(si, 1, DemodBuffer); si += 1;\r
//uint8_t fastWrite = PackBits(si, 1, DemodBuffer); si += 1;\r
si += 1+1;\r
- int bitRate = PackBits(si, 5, DemodBuffer)*2 + 2; si += 5; //bit rate\r
+ int bitRate = PackBits(si, 6, DemodBuffer)*2 + 2; si += 6; //bit rate\r
if (bitRate > 128 || bitRate < 8) continue;\r
\r
//uint8_t AOR = PackBits(si, 1, DemodBuffer); si += 1; \r
if (!CmdT55xxWriteBlock(ptrData))\r
PrintAndLog("Error writing blk %d", blk);\r
\r
- memset(writeData, sizeof(writeData), 0x00);\r
+ memset(writeData, 0x00, sizeof(writeData));\r
}\r
return 0;\r
}\r
projects / proxmark3-svn / blobdiff