//-----------------------------------------------------------------------------\r
// Low frequency T55xx commands\r
//-----------------------------------------------------------------------------\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <inttypes.h>\r
-#include "proxmark3.h"\r
-#include "ui.h"\r
-#include "graph.h"\r
-#include "cmdmain.h"\r
-#include "cmdparser.h"\r
-#include "cmddata.h"\r
-#include "cmdlf.h"\r
#include "cmdlft55xx.h"\r
-#include "util.h"\r
-#include "data.h"\r
-#include "lfdemod.h"\r
-#include "cmdhf14a.h" //for getTagInfo\r
-\r
-#define T55x7_CONFIGURATION_BLOCK 0x00\r
-#define T55x7_PAGE0 0x00\r
-#define T55x7_PAGE1 0x01\r
-#define T55x7_PWD 0x00000010\r
-#define REGULAR_READ_MODE_BLOCK 0xFF\r
\r
// Default configuration\r
t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };\r
tests[hits].ST = FALSE;\r
++hits;\r
}\r
+ //ICEMAN: are these PSKDemod calls needed?\r
// PSK2 - needs a call to psk1TOpsk2.\r
if ( PSKDemod("0 0 6", FALSE)) {\r
psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
\r
int CmdResetRead(const char *Cmd) {\r
UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
-\r
clearCommandBuffer();\r
SendCommand(&c);\r
- if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
+ if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) {\r
PrintAndLog("command execution time out");\r
return 0;\r
}\r
int CmdT55xxBruteForce(const char *Cmd) {\r
\r
// load a default pwd file.\r
- char buf[9];\r
+ char line[9];\r
char filename[FILE_PATH_SIZE]={0};\r
int keycnt = 0;\r
uint8_t stKeyBlock = 20;\r
uint32_t end_password = 0xFFFFFFFF; //end password\r
bool found = false;\r
\r
+ memset(line, 0, sizeof(line));\r
+ \r
char cmdp = param_getchar(Cmd, 0);\r
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
\r
- keyBlock = calloc(stKeyBlock, 6);\r
+ keyBlock = calloc(stKeyBlock, 4);\r
if (keyBlock == NULL) return 1;\r
\r
if (cmdp == 'i' || cmdp == 'I') {\r
free(keyBlock);\r
return 1;\r
} \r
- \r
- while( fgets(buf, sizeof(buf), f) ){\r
- if (strlen(buf) < 8 || buf[7] == '\n') continue;\r
\r
- while (fgetc(f) != '\n' && !feof(f)) ; //goto next line\r
- \r
+ while( fgets(line, sizeof(line), f) ){\r
+ if (strlen(line) < 8 || line[7] == '\n') continue;\r
+ \r
+ //goto next line\r
+ while (fgetc(f) != '\n' && !feof(f)) ;\r
+ \r
//The line start with # is comment, skip\r
- if( buf[0]=='#' ) continue;\r
+ if( line[0]=='#' ) continue;\r
\r
- if (!isxdigit(buf[0])){\r
- PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf);\r
+ if (!isxdigit(line[0])) {\r
+ PrintAndLog("File content error. '%s' must include 8 HEX symbols", line);\r
continue;\r
}\r
\r
- buf[8] = 0;\r
-\r
+ line[8] = 0; \r
+ \r
+ // realloc keyblock array size.\r
if ( stKeyBlock - keycnt < 2) {\r
- p = realloc(keyBlock, 6*(stKeyBlock+=10));\r
+ p = realloc(keyBlock, 4 * (stKeyBlock += 10));\r
if (!p) {\r
PrintAndLog("Cannot allocate memory for defaultKeys");\r
free(keyBlock);\r
- if (f) {\r
+ if (f)\r
fclose(f);\r
- f = NULL;\r
- }\r
return 2;\r
}\r
keyBlock = p;\r
}\r
+ // clear mem\r
memset(keyBlock + 4 * keycnt, 0, 4);\r
- num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt);\r
- PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4));\r
- keycnt++;\r
- memset(buf, 0, sizeof(buf));\r
+ \r
+ num_to_bytes( strtoll(line, NULL, 16), 4, keyBlock + 4*keycnt);\r
+ \r
+ PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4 * keycnt, 4) ); \r
+ keycnt++; \r
+ memset(line, 0, sizeof(line));\r
} \r
- if (f) {\r
+ if (f)\r
fclose(f);\r
- f = NULL;\r
- }\r
+ \r
if (keycnt == 0) {\r
PrintAndLog("No keys found in file");\r
free(keyBlock);\r
PrintAndLog("Testing %08X", testpwd);\r
\r
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
- PrintAndLog("Aquireing data from device failed. Quitting");\r
+ PrintAndLog("Acquire data from device failed. Quitting");\r
free(keyBlock);\r
return 0;\r
}\r
found = tryDetectModulation();\r
if ( found ) {\r
PrintAndLog("Found valid password: [%08X]", testpwd);\r
- free(keyBlock);\r
- return 0;\r
+ //free(keyBlock);\r
+ //return 0;\r
} \r
}\r
PrintAndLog("Password NOT found.");\r
}\r
\r
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
- PrintAndLog("Aquireing data from device failed. Quitting");\r
+ PrintAndLog("Acquire data from device failed. Quitting");\r
free(keyBlock);\r
return 0;\r
}\r
int tryOnePassword(uint32_t password) {\r
PrintAndLog("Trying password %08x", password);\r
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) {\r
- PrintAndLog("Aquireing data from device failed. Quitting");\r
+ PrintAndLog("Acquire data from device failed. Quitting");\r
return -1;\r
}\r
\r
uint32_t prev_password = 0xffffffff;\r
uint32_t mask = 0x0;\r
int found = 0;\r
-\r
char cmdp = param_getchar(Cmd, 0);\r
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw();\r
\r
orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners\r
\r
// first try fliping each bit in the expected password\r
- while ((found != 1) && (bit < 32)) {\r
+ while (bit < 32) {\r
curr_password = orig_password ^ ( 1 << bit );\r
found = tryOnePassword(curr_password);\r
- if (found == 1)\r
- goto done;\r
- else if (found == -1)\r
- return 0;\r
+ if (found == -1) return 0;\r
bit++;\r
\r
if (IsCancelled()) return 0;\r
// not sure from which end the bit bits are written, so try from both ends \r
// from low bit to high bit\r
bit = 0;\r
- while ((found != 1) && (bit < 32)) {\r
+ while (bit < 32) {\r
mask += ( 1 << bit );\r
curr_password = orig_password & mask;\r
// if updated mask didn't change the password, don't try it again\r
continue;\r
}\r
found = tryOnePassword(curr_password);\r
- if (found == 1)\r
- goto done;\r
- else if (found == -1)\r
- return 0;\r
+ if (found == -1) return 0;\r
bit++;\r
prev_password = curr_password;\r
\r
// from high bit to low\r
bit = 0;\r
mask = 0xffffffff;\r
- while ((found != 1) && (bit < 32)) {\r
+ while (bit < 32) {\r
mask -= ( 1 << bit );\r
curr_password = orig_password & mask;\r
// if updated mask didn't change the password, don't try it again\r
continue;\r
}\r
found = tryOnePassword(curr_password);\r
- if (found == 1)\r
- goto done;\r
- else if (found == -1)\r
+ if (found == -1)\r
return 0;\r
bit++;\r
prev_password = curr_password;\r
\r
if (IsCancelled()) return 0;\r
}\r
-done:\r
+\r
PrintAndLog("");\r
\r
if (found == 1)\r