]> git.zerfleddert.de Git - proxmark3-svn/blame - client/cmdlft55xx.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CHG: move some methods, its easier to read now. Cosmetic change.
[proxmark3-svn] / client / cmdlft55xx.c
CommitLineData
54a942b0 1//-----------------------------------------------------------------------------\r
2//\r
3// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
4// at your option, any later version. See the LICENSE.txt file for the text of\r
5// the license.\r
6//-----------------------------------------------------------------------------\r
7// Low frequency T55xx commands\r
8//-----------------------------------------------------------------------------\r
9\r
10#include <stdio.h>\r
11#include <string.h>\r
12#include <inttypes.h>\r
224ce36e 13#include <time.h>\r
54a942b0 14#include "proxmark3.h"\r
15#include "ui.h"\r
16#include "graph.h"\r
13d77ef9 17#include "cmdmain.h"\r
54a942b0 18#include "cmdparser.h"\r
19#include "cmddata.h"\r
20#include "cmdlf.h"\r
21#include "cmdlft55xx.h"\r
13d77ef9 22#include "util.h"\r
23#include "data.h"\r
24#include "lfdemod.h"\r
25#include "../common/crc.h"\r
26#include "../common/iso14443crc.h"\r
27#include "cmdhf14a.h"\r
28\r
29#define CONFIGURATION_BLOCK 0x00\r
30#define TRACE_BLOCK 0x01\r
952a812c 31#define T55x7_PWD 0x00000010\r
13d77ef9 32\r
33// Default configuration\r
34t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00};\r
35\r
36int usage_t55xx_config(){\r
37 PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>]");\r
9276e859 38 PrintAndLog("Options:");\r
13d77ef9 39 PrintAndLog(" h This help");\r
40 PrintAndLog(" b <8|16|32|40|50|64|100|128> Set bitrate");\r
e98572a1 41 PrintAndLog(" d <FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa> Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A");\r
13d77ef9 42 PrintAndLog(" i [1] Invert data signal, defaults to normal");\r
43 PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream");\r
44 PrintAndLog("");\r
45 PrintAndLog("Examples:");\r
46 PrintAndLog(" lf t55xx config d FSK - FSK demodulation");\r
47 PrintAndLog(" lf t55xx config d FSK i 1 - FSK demodulation, inverse data");\r
48 PrintAndLog(" lf t55xx config d FSK i 1 o 3 - FSK demodulation, inverse data, offset=3,start from position 3 to decode data");\r
49 PrintAndLog("");\r
50 return 0;\r
51}\r
52int usage_t55xx_read(){\r
9276e859 53 PrintAndLog("Usage: lf t55xx read b <block> p <password> <override_safety> <wakeup>");\r
54 PrintAndLog("Options:");\r
55 PrintAndLog(" b <block>, block number to read. Between 0-7");\r
56 PrintAndLog(" p <password>, OPTIONAL password 4bytes (8 hex symbols)");\r
57 PrintAndLog(" o, OPTIONAL override safety check");\r
58 PrintAndLog(" w, OPTIONAL wakeup");\r
59 PrintAndLog(" ****WARNING****");\r
60 PrintAndLog(" Use of read with password on a tag not configured for a pwd");\r
61 PrintAndLog(" can damage the tag");\r
13d77ef9 62 PrintAndLog("");\r
63 PrintAndLog("Examples:");\r
9276e859 64 PrintAndLog(" lf t55xx read b 0 - read data from block 0");\r
65 PrintAndLog(" lf t55xx read b 0 p feedbeef - read data from block 0 password feedbeef");\r
66 PrintAndLog(" lf t55xx read b 0 p feedbeef o - read data from block 0 password feedbeef safety check");\r
13d77ef9 67 PrintAndLog("");\r
68 return 0;\r
69}\r
70int usage_t55xx_write(){\r
9276e859 71 PrintAndLog("Usage: lf t55xx write <block> <data> [password]");\r
72 PrintAndLog("Options:");\r
2d2f7d19 73 PrintAndLog(" <block>, block number to write. Between 0-7");\r
9276e859 74 PrintAndLog(" <data>, 4 bytes of data to write (8 hex symbols)");\r
75 PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex symbols)");\r
13d77ef9 76 PrintAndLog("");\r
77 PrintAndLog("Examples:");\r
9276e859 78 PrintAndLog(" lf t55xx write 3 11223344 - write 11223344 to block 3");\r
79 PrintAndLog(" lf t55xx write 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef");\r
13d77ef9 80 PrintAndLog("");\r
81 return 0;\r
82}\r
83int usage_t55xx_trace() {\r
84 PrintAndLog("Usage: lf t55xx trace [1]");\r
9276e859 85 PrintAndLog("Options:");\r
13d77ef9 86 PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");\r
87 PrintAndLog("");\r
88 PrintAndLog("Examples:");\r
89 PrintAndLog(" lf t55xx trace");\r
90 PrintAndLog(" lf t55xx trace 1");\r
91 PrintAndLog("");\r
92 return 0;\r
93}\r
94int usage_t55xx_info() {\r
95 PrintAndLog("Usage: lf t55xx info [1]");\r
9276e859 96 PrintAndLog("Options:");\r
13d77ef9 97 PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");\r
98 PrintAndLog("");\r
99 PrintAndLog("Examples:");\r
100 PrintAndLog(" lf t55xx info");\r
101 PrintAndLog(" lf t55xx info 1");\r
102 PrintAndLog("");\r
103 return 0;\r
104}\r
105int usage_t55xx_dump(){\r
106 PrintAndLog("Usage: lf t55xx dump <password>");\r
9276e859 107 PrintAndLog("Options:");\r
13d77ef9 108 PrintAndLog(" <password>, OPTIONAL password 4bytes (8 hex symbols)");\r
109 PrintAndLog("");\r
110 PrintAndLog("Examples:");\r
111 PrintAndLog(" lf t55xx dump");\r
112 PrintAndLog(" lf t55xx dump feedbeef");\r
113 PrintAndLog("");\r
114 return 0;\r
115}\r
116int usage_t55xx_detect(){\r
9276e859 117 PrintAndLog("Usage: lf t55xx detect [1]");\r
118 PrintAndLog("Options:");\r
119 PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");\r
13d77ef9 120 PrintAndLog("");\r
121 PrintAndLog("Examples:");\r
122 PrintAndLog(" lf t55xx detect");\r
123 PrintAndLog(" lf t55xx detect 1");\r
124 PrintAndLog("");\r
125 return 0;\r
126}\r
9276e859 127int usage_t55xx_wakup(){\r
128 PrintAndLog("Usage: lf t55xx wakeup [h] p <password>");\r
129 PrintAndLog("This commands send the Answer-On-Request command and leaves the readerfield ON afterwards.");\r
130 PrintAndLog("Options:");\r
131 PrintAndLog(" h - this help");\r
132 PrintAndLog(" p <password> - password 4bytes (8 hex symbols)");\r
133 PrintAndLog("");\r
134 PrintAndLog("Examples:");\r
135 PrintAndLog(" lf t55xx wakeup p 11223344 - send wakeup password");\r
136 return 0;\r
137}\r
54a942b0 138\r
139static int CmdHelp(const char *Cmd);\r
140\r
13d77ef9 141int CmdT55xxSetConfig(const char *Cmd) {\r
54a942b0 142\r
13d77ef9 143 uint8_t offset = 0;\r
144 bool errors = FALSE;\r
145 uint8_t cmdp = 0;\r
146 char modulation[5] = {0x00};\r
147 char tmp = 0x00;\r
148 uint8_t bitRate = 0;\r
149 uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};\r
150 while(param_getchar(Cmd, cmdp) != 0x00 && !errors)\r
151 {\r
152 tmp = param_getchar(Cmd, cmdp);\r
153 switch(tmp)\r
154 {\r
155 case 'h':\r
156 case 'H':\r
157 return usage_t55xx_config();\r
158 case 'b':\r
159 errors |= param_getdec(Cmd, cmdp+1, &bitRate);\r
160 if ( !errors){\r
161 uint8_t i = 0;\r
162 for (; i < 9; i++){\r
163 if (rates[i]==bitRate) {\r
164 config.bitrate = i;\r
165 break;\r
166 }\r
167 }\r
168 if (i==9) errors = TRUE;\r
169 }\r
170 cmdp+=2;\r
171 break;\r
172 case 'd':\r
173 param_getstr(Cmd, cmdp+1, modulation);\r
174 cmdp += 2;\r
54a942b0 175\r
2767fc02 176 if ( strcmp(modulation, "FSK" ) == 0) {\r
13d77ef9 177 config.modulation = DEMOD_FSK;\r
2767fc02 178 } else if ( strcmp(modulation, "FSK1" ) == 0) {\r
13d77ef9 179 config.modulation = DEMOD_FSK1;\r
2767fc02 180 config.inverted=1;\r
181 } else if ( strcmp(modulation, "FSK1a" ) == 0) {\r
13d77ef9 182 config.modulation = DEMOD_FSK1a;\r
2767fc02 183 config.inverted=0;\r
184 } else if ( strcmp(modulation, "FSK2" ) == 0) {\r
13d77ef9 185 config.modulation = DEMOD_FSK2;\r
2767fc02 186 config.inverted=0;\r
187 } else if ( strcmp(modulation, "FSK2a" ) == 0) {\r
13d77ef9 188 config.modulation = DEMOD_FSK2a;\r
2767fc02 189 config.inverted=1;\r
190 } else if ( strcmp(modulation, "ASK" ) == 0) {\r
13d77ef9 191 config.modulation = DEMOD_ASK;\r
2767fc02 192 } else if ( strcmp(modulation, "NRZ" ) == 0) {\r
13d77ef9 193 config.modulation = DEMOD_NRZ;\r
2767fc02 194 } else if ( strcmp(modulation, "PSK1" ) == 0) {\r
13d77ef9 195 config.modulation = DEMOD_PSK1;\r
2767fc02 196 } else if ( strcmp(modulation, "PSK2" ) == 0) {\r
13d77ef9 197 config.modulation = DEMOD_PSK2;\r
2767fc02 198 } else if ( strcmp(modulation, "PSK3" ) == 0) {\r
13d77ef9 199 config.modulation = DEMOD_PSK3;\r
2767fc02 200 } else if ( strcmp(modulation, "BIa" ) == 0) {\r
13d77ef9 201 config.modulation = DEMOD_BIa;\r
2767fc02 202 config.inverted=1;\r
203 } else if ( strcmp(modulation, "BI" ) == 0) {\r
13d77ef9 204 config.modulation = DEMOD_BI;\r
2767fc02 205 config.inverted=0;\r
206 } else {\r
13d77ef9 207 PrintAndLog("Unknown modulation '%s'", modulation);\r
208 errors = TRUE;\r
209 }\r
210 break;\r
211 case 'i':\r
212 config.inverted = param_getchar(Cmd,cmdp+1) == '1';\r
213 cmdp+=2;\r
214 break;\r
215 case 'o':\r
216 errors |= param_getdec(Cmd, cmdp+1, &offset);\r
217 if ( !errors )\r
218 config.offset = offset;\r
219 cmdp+=2;\r
220 break;\r
221 default:\r
222 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
223 errors = TRUE;\r
224 break;\r
225 }\r
226 }\r
54a942b0 227\r
13d77ef9 228 // No args\r
229 if (cmdp == 0) {\r
230 printConfiguration( config );\r
231 return 0;\r
232 }\r
233 //Validations\r
234 if (errors)\r
235 return usage_t55xx_config();\r
54a942b0 236\r
13d77ef9 237 config.block0 = 0;\r
238 printConfiguration ( config );\r
239 return 0;\r
240}\r
54a942b0 241\r
13d77ef9 242int CmdT55xxReadBlock(const char *Cmd) {\r
9276e859 243 uint8_t block = 255;\r
244 uint8_t wake = 0;\r
245 uint8_t usepwd = 0;\r
246 uint32_t password = 0xFFFFFFFF; //default to blank Block 7\r
247 uint8_t override = 0;\r
248 uint8_t cmdp = 0;\r
249 bool errors = false;\r
250 while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
251 switch(param_getchar(Cmd, cmdp)) {\r
252 case 'h':\r
253 case 'H':\r
254 return usage_t55xx_read();\r
255 case 'b':\r
256 case 'B':\r
257 errors |= param_getdec(Cmd, cmdp+1, &block);\r
258 cmdp+=2;\r
259 break;\r
260 case 'o':\r
261 case 'O':\r
262 override = 1;\r
263 cmdp++;\r
264 break;\r
265 case 'p':\r
266 case 'P':\r
267 password = param_get32ex(Cmd, cmdp+1, 0, 10);\r
268 usepwd = 1;\r
269 cmdp+=2;\r
270 break;\r
271 case 'w':\r
272 case 'W':\r
273 wake = 1;\r
274 cmdp++;\r
275 break;\r
276 default:\r
277 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
278 errors = true;\r
279 break;\r
280 }\r
281 }\r
282 if (errors) return usage_t55xx_read();\r
283 if (wake && !usepwd) {\r
284 PrintAndLog("Wake command must use a pwd");\r
285 return 1;\r
286 }\r
287 if ((block > 7) && !wake) {\r
13d77ef9 288 PrintAndLog("Block must be between 0 and 7");\r
289 return 1;\r
290 } \r
291\r
9276e859 292 UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}};\r
13d77ef9 293\r
294 //Password mode\r
9276e859 295 if ( usepwd || wake ) {\r
952a812c 296 // try reading the config block and verify that PWD bit is set before doing this!\r
9276e859 297 if ( wake || override ) {\r
298 c.arg[0] = (wake<<8) & usepwd;\r
299 if ( !wake && override )\r
300 PrintAndLog("Safety Check Overriden - proceeding despite risk");\r
301 } else {\r
302 AquireData( CONFIGURATION_BLOCK );\r
303 if ( !tryDetectModulation() ) {\r
304 PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");\r
305 return 1;\r
306 } else { \r
307 PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password..."); \r
308 }\r
952a812c 309 }\r
13d77ef9 310 }\r
311\r
db25599d 312 clearCommandBuffer();\r
13d77ef9 313 SendCommand(&c);\r
314 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
315 PrintAndLog("command execution time out");\r
316 return 2;\r
317 }\r
318 \r
319 uint8_t got[12000];\r
320 GetFromBigBuf(got,sizeof(got),0);\r
321 WaitForResponse(CMD_ACK,NULL);\r
a739812e 322 setGraphBuf(got, sizeof(got));\r
323 //DemodBufferLen=0;\r
1fbf8956 324 if (!DecodeT55xxBlock()) return 3;\r
13d77ef9 325 char blk[10]={0};\r
9276e859 326 if ( wake ) {\r
327 sprintf(blk,"wake");\r
328 } else {\r
13d77ef9 329 sprintf(blk,"%d", block);\r
9276e859 330 }\r
13d77ef9 331 printT55xxBlock(blk);\r
332 return 0;\r
54a942b0 333}\r
334\r
13d77ef9 335bool DecodeT55xxBlock(){\r
336 \r
fef74fdc 337 char buf[30] = {0x00};\r
13d77ef9 338 char *cmdStr = buf;\r
339 int ans = 0;\r
340 uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};\r
13d77ef9 341 DemodBufferLen = 0x00;\r
54a942b0 342\r
cc15a118 343 //trim 1/2 a clock from beginning\r
ac2df346 344 //snprintf(cmdStr, sizeof(buf),"%d", bitRate[config.bitrate]/2 );\r
345 //CmdLtrim(cmdStr);\r
13d77ef9 346 switch( config.modulation ){\r
347 case DEMOD_FSK:\r
224ce36e 348 snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );\r
13d77ef9 349 ans = FSKrawDemod(cmdStr, FALSE);\r
350 break;\r
351 case DEMOD_FSK1:\r
13d77ef9 352 case DEMOD_FSK1a:\r
224ce36e 353 snprintf(cmdStr, sizeof(buf),"%d %d 8 5", bitRate[config.bitrate], config.inverted );\r
13d77ef9 354 ans = FSKrawDemod(cmdStr, FALSE);\r
355 break;\r
356 case DEMOD_FSK2:\r
13d77ef9 357 case DEMOD_FSK2a:\r
224ce36e 358 snprintf(cmdStr, sizeof(buf),"%d %d 10 8", bitRate[config.bitrate], config.inverted );\r
13d77ef9 359 ans = FSKrawDemod(cmdStr, FALSE);\r
360 break;\r
361 case DEMOD_ASK:\r
224ce36e 362 snprintf(cmdStr, sizeof(buf),"%d %d 0", bitRate[config.bitrate], config.inverted );\r
fef74fdc 363 ans = ASKDemod(cmdStr, FALSE, FALSE, 1);\r
13d77ef9 364 break;\r
365 case DEMOD_PSK1:\r
224ce36e 366 snprintf(cmdStr, sizeof(buf),"%d %d 0", bitRate[config.bitrate], config.inverted );\r
13d77ef9 367 ans = PSKDemod(cmdStr, FALSE);\r
13d77ef9 368 break;\r
2767fc02 369 case DEMOD_PSK2: //inverted won't affect this\r
370 case DEMOD_PSK3: //not fully implemented\r
224ce36e 371 snprintf(cmdStr, sizeof(buf),"%d 0 1", bitRate[config.bitrate] );\r
13d77ef9 372 ans = PSKDemod(cmdStr, FALSE);\r
373 psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
374 break;\r
375 case DEMOD_NRZ:\r
224ce36e 376 snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
13d77ef9 377 ans = NRZrawDemod(cmdStr, FALSE);\r
378 break;\r
379 case DEMOD_BI:\r
13d77ef9 380 case DEMOD_BIa:\r
224ce36e 381 snprintf(cmdStr, sizeof(buf),"0 %d %d 0", bitRate[config.bitrate], config.inverted );\r
13d77ef9 382 ans = ASKbiphaseDemod(cmdStr, FALSE);\r
383 break;\r
384 default:\r
385 return FALSE;\r
386 }\r
387 return (bool) ans;\r
388}\r
54a942b0 389\r
13d77ef9 390int CmdT55xxDetect(const char *Cmd){\r
54a942b0 391\r
13d77ef9 392 char cmdp = param_getchar(Cmd, 0);\r
393 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')\r
394 return usage_t55xx_detect();\r
395 \r
396 if (strlen(Cmd)==0)\r
397 AquireData( CONFIGURATION_BLOCK );\r
398\r
399 if ( !tryDetectModulation() )\r
400 PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");\r
401\r
402 return 0;\r
54a942b0 403}\r
404\r
13d77ef9 405// detect configuration?\r
406bool tryDetectModulation(){\r
ac2df346 407 //char cmdStr[8] = {0};\r
13d77ef9 408 uint8_t hits = 0;\r
409 t55xx_conf_block_t tests[15];\r
fef74fdc 410 int bitRate=0;\r
322f7eb1 411 uint8_t fc1 = 0, fc2 = 0, clk=0;\r
412 save_restoreGB(1);\r
13d77ef9 413 if (GetFskClock("", FALSE, FALSE)){ \r
13d77ef9 414 fskClocks(&fc1, &fc2, &clk, FALSE);\r
ac2df346 415 //sprintf(cmdStr,"%d", clk/2);\r
416 //CmdLtrim(cmdStr);\r
fef74fdc 417 if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate)){\r
13d77ef9 418 tests[hits].modulation = DEMOD_FSK;\r
419 if (fc1==8 && fc2 == 5)\r
420 tests[hits].modulation = DEMOD_FSK1a;\r
421 else if (fc1==10 && fc2 == 8)\r
422 tests[hits].modulation = DEMOD_FSK2;\r
fef74fdc 423 tests[hits].bitrate = bitRate;\r
13d77ef9 424 tests[hits].inverted = FALSE;\r
425 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
426 ++hits;\r
427 }\r
fef74fdc 428 if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate)) {\r
13d77ef9 429 tests[hits].modulation = DEMOD_FSK;\r
fef74fdc 430 if (fc1 == 8 && fc2 == 5)\r
13d77ef9 431 tests[hits].modulation = DEMOD_FSK1;\r
fef74fdc 432 else if (fc1 == 10 && fc2 == 8)\r
13d77ef9 433 tests[hits].modulation = DEMOD_FSK2a;\r
54a942b0 434\r
fef74fdc 435 tests[hits].bitrate = bitRate;\r
13d77ef9 436 tests[hits].inverted = TRUE;\r
437 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
438 ++hits;\r
439 }\r
440 } else {\r
322f7eb1 441 clk = GetAskClock("", FALSE, FALSE);\r
442 if (clk>0) {\r
ac2df346 443 //sprintf(cmdStr,"%d", clk/2);\r
444 //CmdLtrim(cmdStr);\r
411105e0 445 if ( ASKDemod("0 0 0", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate)) {\r
322f7eb1 446 tests[hits].modulation = DEMOD_ASK;\r
447 tests[hits].bitrate = bitRate;\r
448 tests[hits].inverted = FALSE;\r
449 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
450 ++hits;\r
451 }\r
411105e0 452 if ( ASKDemod("0 1 0", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate)) {\r
322f7eb1 453 tests[hits].modulation = DEMOD_ASK;\r
454 tests[hits].bitrate = bitRate;\r
455 tests[hits].inverted = TRUE;\r
456 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
457 ++hits;\r
458 }\r
411105e0 459 if ( ASKbiphaseDemod("0 0 0 0", FALSE) && test(DEMOD_BI, &tests[hits].offset, &bitRate) ) {\r
322f7eb1 460 tests[hits].modulation = DEMOD_BI;\r
461 tests[hits].bitrate = bitRate;\r
462 tests[hits].inverted = FALSE;\r
463 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
464 ++hits;\r
465 }\r
411105e0 466 if ( ASKbiphaseDemod("0 0 1 0", FALSE) && test(DEMOD_BIa, &tests[hits].offset, &bitRate) ) {\r
322f7eb1 467 tests[hits].modulation = DEMOD_BIa;\r
468 tests[hits].bitrate = bitRate;\r
469 tests[hits].inverted = TRUE;\r
470 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
471 ++hits;\r
472 }\r
13d77ef9 473 }\r
322f7eb1 474 //undo trim from ask\r
475 save_restoreGB(0);\r
476 clk = GetNrzClock("", FALSE, FALSE);\r
477 if (clk>0) {\r
ac2df346 478 //sprintf(cmdStr,"%d", clk/2);\r
479 //CmdLtrim(cmdStr);\r
322f7eb1 480 if ( NRZrawDemod("0 0 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate)) {\r
481 tests[hits].modulation = DEMOD_NRZ;\r
482 tests[hits].bitrate = bitRate;\r
483 tests[hits].inverted = FALSE;\r
484 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
485 ++hits;\r
486 }\r
54a942b0 487\r
322f7eb1 488 if ( NRZrawDemod("0 1 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate)) {\r
489 tests[hits].modulation = DEMOD_NRZ;\r
490 tests[hits].bitrate = bitRate;\r
491 tests[hits].inverted = TRUE;\r
492 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
493 ++hits;\r
494 }\r
13d77ef9 495 }\r
496 \r
322f7eb1 497 //undo trim from nrz\r
498 save_restoreGB(0);\r
499 clk = GetPskClock("", FALSE, FALSE);\r
500 if (clk>0) {\r
ac2df346 501 //PrintAndLog("clk %d",clk);\r
502 //sprintf(cmdStr,"%d", clk/2);\r
503 //CmdLtrim(cmdStr); \r
322f7eb1 504 if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate)) {\r
505 tests[hits].modulation = DEMOD_PSK1;\r
fef74fdc 506 tests[hits].bitrate = bitRate;\r
13d77ef9 507 tests[hits].inverted = FALSE;\r
508 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
509 ++hits;\r
510 }\r
322f7eb1 511 if ( PSKDemod("0 1 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate)) {\r
512 tests[hits].modulation = DEMOD_PSK1;\r
fef74fdc 513 tests[hits].bitrate = bitRate;\r
322f7eb1 514 tests[hits].inverted = TRUE;\r
13d77ef9 515 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
516 ++hits;\r
517 }\r
322f7eb1 518 // PSK2 - needs a call to psk1TOpsk2.\r
519 if ( PSKDemod("0 0 1", FALSE)) {\r
520 psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
521 if (test(DEMOD_PSK2, &tests[hits].offset, &bitRate)){\r
522 tests[hits].modulation = DEMOD_PSK2;\r
523 tests[hits].bitrate = bitRate;\r
524 tests[hits].inverted = FALSE;\r
525 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
526 ++hits;\r
527 }\r
528 } // inverse waves does not affect this demod\r
529 // PSK3 - needs a call to psk1TOpsk2.\r
530 if ( PSKDemod("0 0 1", FALSE)) {\r
531 psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
532 if (test(DEMOD_PSK3, &tests[hits].offset, &bitRate)){\r
533 tests[hits].modulation = DEMOD_PSK3;\r
534 tests[hits].bitrate = bitRate;\r
535 tests[hits].inverted = FALSE;\r
536 tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
537 ++hits;\r
538 }\r
539 } // inverse waves does not affect this demod\r
13d77ef9 540 }\r
541 } \r
542 if ( hits == 1) {\r
543 config.modulation = tests[0].modulation;\r
fef74fdc 544 config.bitrate = tests[0].bitrate;\r
13d77ef9 545 config.inverted = tests[0].inverted;\r
546 config.offset = tests[0].offset;\r
547 config.block0 = tests[0].block0;\r
548 printConfiguration( config );\r
549 return TRUE;\r
550 }\r
551 \r
552 if ( hits > 1) {\r
553 PrintAndLog("Found [%d] possible matches for modulation.",hits);\r
554 for(int i=0; i<hits; ++i){\r
555 PrintAndLog("--[%d]---------------", i+1);\r
556 printConfiguration( tests[i] );\r
557 }\r
558 }\r
559 return FALSE;\r
560}\r
561\r
562bool testModulation(uint8_t mode, uint8_t modread){\r
563 switch( mode ){\r
564 case DEMOD_FSK:\r
565 if (modread > 3 && modread < 8) return TRUE;\r
566 break;\r
567 case DEMOD_ASK:\r
568 if (modread == DEMOD_ASK) return TRUE;\r
569 break;\r
570 case DEMOD_PSK1:\r
571 if (modread == DEMOD_PSK1) return TRUE;\r
572 break;\r
573 case DEMOD_PSK2:\r
574 if (modread == DEMOD_PSK2) return TRUE;\r
575 break;\r
576 case DEMOD_PSK3:\r
577 if (modread == DEMOD_PSK3) return TRUE;\r
578 break;\r
579 case DEMOD_NRZ:\r
580 if (modread == DEMOD_NRZ) return TRUE;\r
581 break;\r
582 case DEMOD_BI:\r
583 if (modread == DEMOD_BI) return TRUE;\r
584 break;\r
585 case DEMOD_BIa:\r
586 if (modread == DEMOD_BIa) return TRUE;\r
587 break; \r
588 default:\r
589 return FALSE;\r
590 }\r
591 return FALSE;\r
592}\r
593\r
594bool testBitRate(uint8_t readRate, uint8_t mod){\r
595 uint8_t expected[8] = {8, 16, 32, 40, 50, 64, 100, 128};\r
596 uint8_t detRate = 0;\r
597 switch( mod ){\r
598 case DEMOD_FSK:\r
13d77ef9 599 case DEMOD_FSK1:\r
13d77ef9 600 case DEMOD_FSK1a:\r
13d77ef9 601 case DEMOD_FSK2:\r
13d77ef9 602 case DEMOD_FSK2a:\r
603 detRate = GetFskClock("",FALSE, FALSE); \r
fef74fdc 604 if (expected[readRate] == detRate) \r
13d77ef9 605 return TRUE;\r
13d77ef9 606 break;\r
607 case DEMOD_ASK:\r
2767fc02 608 case DEMOD_BI:\r
609 case DEMOD_BIa:\r
13d77ef9 610 detRate = GetAskClock("",FALSE, FALSE); \r
fef74fdc 611 if (expected[readRate] == detRate) \r
13d77ef9 612 return TRUE;\r
13d77ef9 613 break;\r
614 case DEMOD_PSK1:\r
13d77ef9 615 case DEMOD_PSK2:\r
13d77ef9 616 case DEMOD_PSK3:\r
617 detRate = GetPskClock("",FALSE, FALSE); \r
fef74fdc 618 if (expected[readRate] == detRate)\r
13d77ef9 619 return TRUE;\r
13d77ef9 620 break;\r
621 case DEMOD_NRZ:\r
622 detRate = GetNrzClock("",FALSE, FALSE); \r
fef74fdc 623 if (expected[readRate] == detRate)\r
13d77ef9 624 return TRUE;\r
13d77ef9 625 break;\r
13d77ef9 626 default:\r
627 return FALSE;\r
628 }\r
629 return FALSE;\r
630}\r
631\r
fef74fdc 632bool test(uint8_t mode, uint8_t *offset, int *fndBitRate){\r
13d77ef9 633\r
fef74fdc 634 if ( DemodBufferLen < 64 ) return FALSE;\r
13d77ef9 635 uint8_t si = 0;\r
636 for (uint8_t idx = 0; idx < 64; idx++){\r
637 si = idx;\r
638 if ( PackBits(si, 32, DemodBuffer) == 0x00 ) continue;\r
639\r
2767fc02 640 uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key\r
13d77ef9 641 uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode\r
642 // 2nibble must be zeroed.\r
643 // moved test to here, since this gets most faults first.\r
644 if ( resv > 0x00) continue;\r
645\r
2767fc02 646 uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3; //extended mode part of rate\r
fef74fdc 647 int bitRate = PackBits(si, 3, DemodBuffer); si += 3; //bit rate\r
648 if (bitRate > 7) continue;\r
13d77ef9 649 uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode\r
2767fc02 650 uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; \r
651 //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //could check psk cr\r
652 uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24, 30, 31 could be tested for 0 if not extended mode\r
13d77ef9 653 uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;\r
654 \r
655 //if extended mode\r
656 bool extMode =( (safer == 0x6 || safer == 0x9) && extend) ? TRUE : FALSE;\r
657\r
658 if (!extMode){\r
659 if (nml01 || nml02 || xtRate) continue;\r
660 }\r
661 //test modulation\r
662 if (!testModulation(mode, modread)) continue;\r
13d77ef9 663 if (!testBitRate(bitRate, mode)) continue;\r
fef74fdc 664 *fndBitRate = bitRate;\r
2767fc02 665 *offset = idx;\r
13d77ef9 666 return TRUE;\r
667 }\r
668 return FALSE;\r
54a942b0 669}\r
670\r
224ce36e 671void printT55xxBlock(const char *blockNum){\r
13d77ef9 672 \r
673 uint8_t i = config.offset;\r
674 uint8_t endpos = 32 + i;\r
675 uint32_t blockData = 0;\r
676 uint8_t bits[64] = {0x00};\r
677\r
678 if ( !DemodBufferLen) return;\r
679\r
680 if ( endpos > DemodBufferLen){\r
681 PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32);\r
682 return;\r
683 }\r
684\r
685 for (; i < endpos; ++i)\r
686 bits[i - config.offset]=DemodBuffer[i];\r
687\r
688 blockData = PackBits(0, 32, bits);\r
224ce36e 689 PrintAndLog("[%s] 0x%08X %s", blockNum, blockData, sprint_bin(bits,32));\r
13d77ef9 690}\r
691\r
692int special(const char *Cmd) {\r
693 uint32_t blockData = 0;\r
694 uint8_t bits[32] = {0x00};\r
695\r
696 PrintAndLog("[OFFSET] [DATA] [BINARY]");\r
697 PrintAndLog("----------------------------------------------------");\r
698 int i,j = 0;\r
699 for (; j < 64; ++j){\r
700 \r
701 for (i = 0; i < 32; ++i)\r
702 bits[i]=DemodBuffer[j+i];\r
703 \r
704 blockData = PackBits(0, 32, bits);\r
705 \r
706 PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32)); \r
707 }\r
708 return 0;\r
709}\r
710\r
711void printConfiguration( t55xx_conf_block_t b){\r
712 PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );\r
713 PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );\r
714 PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );\r
715 PrintAndLog("Offset : %d", b.offset);\r
716 PrintAndLog("Block0 : 0x%08X", b.block0);\r
717 PrintAndLog("");\r
718}\r
719\r
720int CmdT55xxWriteBlock(const char *Cmd)\r
54a942b0 721{\r
13d77ef9 722 int block = 8; //default to invalid block\r
723 int data = 0xFFFFFFFF; //default to blank Block \r
724 int password = 0xFFFFFFFF; //default to blank Block 7\r
725 \r
726 char cmdp = param_getchar(Cmd, 0);\r
727 if (cmdp == 'h' || cmdp == 'H') {\r
728 usage_t55xx_write();\r
729 return 0;\r
730 }\r
731 \r
732 int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);\r
733 \r
734 if ( res < 2 || res > 3) {\r
735 usage_t55xx_write();\r
736 return 1;\r
737 }\r
738\r
739 if (block > 7) {\r
740 PrintAndLog("Block number must be between 0 and 7");\r
ac2df346 741 return 1;\r
13d77ef9 742 }\r
743 \r
744 UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};\r
a739812e 745 UsbCommand resp;\r
13d77ef9 746 c.d.asBytes[0] = 0x0; \r
747\r
748 PrintAndLog("Writing to block: %d data : 0x%08X", block, data);\r
749\r
750 //Password mode\r
751 if (res == 3) {\r
752 c.arg[2] = password;\r
753 c.d.asBytes[0] = 0x1; \r
754 PrintAndLog("pwd : 0x%08X", password);\r
755 }\r
db25599d 756 clearCommandBuffer();\r
13d77ef9 757 SendCommand(&c);\r
db25599d 758 if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){\r
759 PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");\r
760 return -1;\r
761 }\r
13d77ef9 762 return 0;\r
54a942b0 763}\r
764\r
13d77ef9 765int CmdT55xxReadTrace(const char *Cmd)\r
54a942b0 766{\r
13d77ef9 767 char cmdp = param_getchar(Cmd, 0);\r
768 \r
769 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') \r
770 return usage_t55xx_trace();\r
771\r
772 if (strlen(Cmd)==0)\r
773 AquireData( TRACE_BLOCK );\r
774 \r
775 if (!DecodeT55xxBlock()) return 1;\r
54a942b0 776\r
13d77ef9 777 if ( !DemodBufferLen) return 1;\r
778 \r
779 RepaintGraphWindow();\r
780 uint8_t repeat = 0;\r
781 if (config.offset > 5) \r
782 repeat = 32;\r
783 uint8_t si = config.offset+repeat;\r
784 uint32_t bl0 = PackBits(si, 32, DemodBuffer);\r
785 uint32_t bl1 = PackBits(si+32, 32, DemodBuffer);\r
786 \r
224ce36e 787 uint32_t acl = PackBits(si, 8, DemodBuffer); si += 8;\r
788 uint32_t mfc = PackBits(si, 8, DemodBuffer); si += 8;\r
789 uint32_t cid = PackBits(si, 5, DemodBuffer); si += 5;\r
790 uint32_t icr = PackBits(si, 3, DemodBuffer); si += 3;\r
791 uint32_t year = PackBits(si, 4, DemodBuffer); si += 4;\r
792 uint32_t quarter = PackBits(si, 2, DemodBuffer); si += 2;\r
793 uint32_t lotid = PackBits(si, 14, DemodBuffer); si += 14;\r
794 uint32_t wafer = PackBits(si, 5, DemodBuffer); si += 5;\r
13d77ef9 795 uint32_t dw = PackBits(si, 15, DemodBuffer); \r
796 \r
224ce36e 797 time_t t = time(NULL);\r
798 struct tm tm = *localtime(&t);\r
799 if ( year > tm.tm_year-110)\r
800 year += 2000;\r
801 else\r
802 year += 2010;\r
803\r
804 if ( acl != 0xE0 ) {\r
805 PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");\r
806 return 1;\r
807 }\r
808\r
13d77ef9 809 PrintAndLog("");\r
810 PrintAndLog("-- T55xx Trace Information ----------------------------------");\r
811 PrintAndLog("-------------------------------------------------------------");\r
812 PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", acl, acl);\r
813 PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d) - %s", mfc, mfc, getTagInfo(mfc));\r
814 PrintAndLog(" CID : 0x%02X (%d) - %s", cid, cid, GetModelStrFromCID(cid));\r
815 PrintAndLog(" ICR IC Revision : %d",icr );\r
816 PrintAndLog(" Manufactured");\r
cc15a118 817 PrintAndLog(" Year/Quarter : %d/%d",year, quarter);\r
13d77ef9 818 PrintAndLog(" Lot ID : %d", lotid );\r
819 PrintAndLog(" Wafer number : %d", wafer);\r
820 PrintAndLog(" Die Number : %d", dw);\r
821 PrintAndLog("-------------------------------------------------------------");\r
822 PrintAndLog(" Raw Data - Page 1");\r
823 PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );\r
824 PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );\r
825 PrintAndLog("-------------------------------------------------------------");\r
54a942b0 826\r
13d77ef9 827 /*\r
828 TRACE - BLOCK O\r
829 Bits Definition HEX\r
830 1-8 ACL Allocation class (ISO/IEC 15963-1) 0xE0 \r
831 9-16 MFC Manufacturer ID (ISO/IEC 7816-6) 0x15 Atmel Corporation\r
832 17-21 CID 0x1 = Atmel ATA5577M1 0x2 = Atmel ATA5577M2 \r
833 22-24 ICR IC revision\r
834 25-28 YEAR (BCD encoded) 9 (= 2009)\r
835 29-30 QUARTER 1,2,3,4 \r
836 31-32 LOT ID\r
837 \r
838 TRACE - BLOCK 1\r
839 1-12 LOT ID \r
840 13-17 Wafer number\r
841 18-32 DW, die number sequential\r
842 */\r
843 \r
54a942b0 844 return 0;\r
845}\r
846\r
13d77ef9 847int CmdT55xxInfo(const char *Cmd){\r
848 /*\r
849 Page 0 Block 0 Configuration data.\r
850 Normal mode\r
851 Extended mode\r
852 */\r
853 char cmdp = param_getchar(Cmd, 0);\r
854\r
855 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')\r
856 return usage_t55xx_info();\r
857 \r
858 if (strlen(Cmd)==0)\r
859 AquireData( CONFIGURATION_BLOCK );\r
fef74fdc 860\r
13d77ef9 861 if (!DecodeT55xxBlock()) return 1;\r
862\r
fef74fdc 863 if ( DemodBufferLen < 32) return 1;\r
13d77ef9 864\r
865 uint8_t si = config.offset;\r
866 uint32_t bl0 = PackBits(si, 32, DemodBuffer);\r
867 \r
868 uint32_t safer = PackBits(si, 4, DemodBuffer); si += 4; \r
869 uint32_t resv = PackBits(si, 7, DemodBuffer); si += 7;\r
870 uint32_t dbr = PackBits(si, 3, DemodBuffer); si += 3;\r
871 uint32_t extend = PackBits(si, 1, DemodBuffer); si += 1;\r
872 uint32_t datamod = PackBits(si, 5, DemodBuffer); si += 5;\r
873 uint32_t pskcf = PackBits(si, 2, DemodBuffer); si += 2;\r
874 uint32_t aor = PackBits(si, 1, DemodBuffer); si += 1; \r
875 uint32_t otp = PackBits(si, 1, DemodBuffer); si += 1; \r
876 uint32_t maxblk = PackBits(si, 3, DemodBuffer); si += 3;\r
877 uint32_t pwd = PackBits(si, 1, DemodBuffer); si += 1; \r
878 uint32_t sst = PackBits(si, 1, DemodBuffer); si += 1; \r
879 uint32_t fw = PackBits(si, 1, DemodBuffer); si += 1;\r
880 uint32_t inv = PackBits(si, 1, DemodBuffer); si += 1; \r
881 uint32_t por = PackBits(si, 1, DemodBuffer); si += 1;\r
882 \r
883 PrintAndLog("");\r
884 PrintAndLog("-- T55xx Configuration & Tag Information --------------------");\r
885 PrintAndLog("-------------------------------------------------------------");\r
886 PrintAndLog(" Safer key : %s", GetSaferStr(safer));\r
887 PrintAndLog(" reserved : %d", resv);\r
888 PrintAndLog(" Data bit rate : %s", GetBitRateStr(dbr));\r
889 PrintAndLog(" eXtended mode : %s", (extend) ? "Yes - Warning":"No");\r
890 PrintAndLog(" Modulation : %s", GetModulationStr(datamod));\r
891 PrintAndLog(" PSK clock frequency : %d", pskcf);\r
892 PrintAndLog(" AOR - Answer on Request : %s", (aor) ? "Yes":"No");\r
893 PrintAndLog(" OTP - One Time Pad : %s", (otp) ? "Yes - Warning":"No" );\r
894 PrintAndLog(" Max block : %d", maxblk);\r
895 PrintAndLog(" Password mode : %s", (pwd) ? "Yes":"No");\r
896 PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No");\r
897 PrintAndLog(" Fast Write : %s", (fw) ? "Yes":"No");\r
898 PrintAndLog(" Inverse data : %s", (inv) ? "Yes":"No");\r
899 PrintAndLog(" POR-Delay : %s", (por) ? "Yes":"No");\r
900 PrintAndLog("-------------------------------------------------------------");\r
901 PrintAndLog(" Raw Data - Page 0");\r
902 PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) );\r
903 PrintAndLog("-------------------------------------------------------------");\r
904 \r
905 return 0;\r
906}\r
907\r
908int CmdT55xxDump(const char *Cmd){\r
909\r
910 char s[20] = {0x00};\r
911 uint8_t pwd[4] = {0x00};\r
912\r
913 char cmdp = param_getchar(Cmd, 0);\r
914 if ( cmdp == 'h' || cmdp == 'H') {\r
915 usage_t55xx_dump();\r
916 return 0;\r
917 }\r
918\r
919 bool hasPwd = ( strlen(Cmd) > 0); \r
920 if ( hasPwd ){\r
921 if (param_gethex(Cmd, 0, pwd, 8)) {\r
922 PrintAndLog("password must include 8 HEX symbols");\r
923 return 1;\r
924 }\r
925 }\r
926 \r
927 for ( int i = 0; i <8; ++i){\r
928 memset(s,0,sizeof(s));\r
929 if ( hasPwd ) {\r
930 sprintf(s,"%d %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]);\r
931 } else {\r
932 sprintf(s,"%d", i);\r
933 }\r
934 CmdT55xxReadBlock(s);\r
935 }\r
936 return 0;\r
937}\r
938\r
939int AquireData( uint8_t block ){\r
940\r
941 UsbCommand c;\r
942 \r
943 if ( block == CONFIGURATION_BLOCK ) \r
944 c.cmd = CMD_T55XX_READ_BLOCK;\r
945 else if (block == TRACE_BLOCK )\r
946 c.cmd = CMD_T55XX_READ_TRACE;\r
947 \r
948 c.arg[0] = 0x00;\r
949 c.arg[1] = 0x00;\r
950 c.arg[2] = 0x00;\r
951 c.d.asBytes[0] = 0x0; \r
952\r
953 //Password mode\r
954 // if ( res == 2 ) {\r
955 // c.arg[2] = password;\r
956 // c.d.asBytes[0] = 0x1; \r
957 // }\r
958\r
db25599d 959 clearCommandBuffer();\r
13d77ef9 960 SendCommand(&c);\r
961 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
962 PrintAndLog("command execution time out");\r
963 return 1;\r
964 }\r
965\r
966 uint8_t got[12000];\r
967 GetFromBigBuf(got,sizeof(got),0);\r
968 WaitForResponse(CMD_ACK,NULL);\r
969 setGraphBuf(got, 12000);\r
970 return 0;\r
971}\r
972\r
973char * GetBitRateStr(uint32_t id){\r
fef74fdc 974 static char buf[25];\r
975\r
13d77ef9 976 char *retStr = buf;\r
977 switch (id){\r
978 case 0: \r
9795e535 979 snprintf(retStr,sizeof(buf),"%d - RF/8",id);\r
13d77ef9 980 break;\r
981 case 1:\r
9795e535 982 snprintf(retStr,sizeof(buf),"%d - RF/16",id);\r
13d77ef9 983 break;\r
984 case 2: \r
9795e535 985 snprintf(retStr,sizeof(buf),"%d - RF/32",id);\r
13d77ef9 986 break;\r
987 case 3:\r
9795e535 988 snprintf(retStr,sizeof(buf),"%d - RF/40",id);\r
13d77ef9 989 break;\r
990 case 4:\r
9795e535 991 snprintf(retStr,sizeof(buf),"%d - RF/50",id);\r
13d77ef9 992 break;\r
993 case 5:\r
9795e535 994 snprintf(retStr,sizeof(buf),"%d - RF/64",id);\r
13d77ef9 995 break;\r
996 case 6:\r
9795e535 997 snprintf(retStr,sizeof(buf),"%d - RF/100",id);\r
13d77ef9 998 break;\r
999 case 7:\r
9795e535 1000 snprintf(retStr,sizeof(buf),"%d - RF/128",id);\r
13d77ef9 1001 break;\r
1002 default:\r
9795e535 1003 snprintf(retStr,sizeof(buf),"%d - (Unknown)",id);\r
13d77ef9 1004 break;\r
1005 }\r
1006\r
1007 return buf;\r
1008}\r
1009\r
1010char * GetSaferStr(uint32_t id){\r
1011 static char buf[40];\r
1012 char *retStr = buf;\r
1013 \r
9795e535 1014 snprintf(retStr,sizeof(buf),"%d",id);\r
13d77ef9 1015 if (id == 6) {\r
9795e535 1016 snprintf(retStr,sizeof(buf),"%d - passwd",id);\r
13d77ef9 1017 }\r
1018 if (id == 9 ){\r
9795e535 1019 snprintf(retStr,sizeof(buf),"%d - testmode",id);\r
13d77ef9 1020 }\r
1021 \r
1022 return buf;\r
1023}\r
9795e535 1024\r
13d77ef9 1025char * GetModulationStr( uint32_t id){\r
2767fc02 1026 static char buf[60];\r
13d77ef9 1027 char *retStr = buf;\r
1028 \r
1029 switch (id){\r
1030 case 0: \r
9795e535 1031 snprintf(retStr,sizeof(buf),"%d - DIRECT (ASK/NRZ)",id);\r
13d77ef9 1032 break;\r
1033 case 1:\r
9795e535 1034 snprintf(retStr,sizeof(buf),"%d - PSK 1 phase change when input changes",id);\r
13d77ef9 1035 break;\r
1036 case 2: \r
9795e535 1037 snprintf(retStr,sizeof(buf),"%d - PSK 2 phase change on bitclk if input high",id);\r
13d77ef9 1038 break;\r
1039 case 3:\r
9795e535 1040 snprintf(retStr,sizeof(buf),"%d - PSK 3 phase change on rising edge of input",id);\r
13d77ef9 1041 break;\r
1042 case 4:\r
9795e535 1043 snprintf(retStr,sizeof(buf),"%d - FSK 1 RF/8 RF/5",id);\r
13d77ef9 1044 break;\r
1045 case 5:\r
9795e535 1046 snprintf(retStr,sizeof(buf),"%d - FSK 2 RF/8 RF/10",id);\r
13d77ef9 1047 break;\r
1048 case 6:\r
9795e535 1049 snprintf(retStr,sizeof(buf),"%d - FSK 1a RF/5 RF/8",id);\r
13d77ef9 1050 break;\r
1051 case 7:\r
9795e535 1052 snprintf(retStr,sizeof(buf),"%d - FSK 2a RF/10 RF/8",id);\r
13d77ef9 1053 break;\r
1054 case 8:\r
cc15a118 1055 snprintf(retStr,sizeof(buf),"%d - Manchester",id);\r
13d77ef9 1056 break;\r
1057 case 16:\r
9795e535 1058 snprintf(retStr,sizeof(buf),"%d - Biphase",id);\r
13d77ef9 1059 break;\r
1060 case 0x18:\r
9795e535 1061 snprintf(retStr,sizeof(buf),"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);\r
13d77ef9 1062 break;\r
1063 case 17:\r
9795e535 1064 snprintf(retStr,sizeof(buf),"%d - Reserved",id);\r
13d77ef9 1065 break;\r
1066 default:\r
9795e535 1067 snprintf(retStr,sizeof(buf),"0x%02X (Unknown)",id);\r
13d77ef9 1068 break;\r
1069 }\r
1070 return buf;\r
1071}\r
1072\r
1073char * GetModelStrFromCID(uint32_t cid){\r
1074 \r
1075 static char buf[10];\r
1076 char *retStr = buf;\r
1077 \r
224ce36e 1078 if (cid == 1) snprintf(retStr, sizeof(buf),"ATA5577M1");\r
1079 if (cid == 2) snprintf(retStr, sizeof(buf),"ATA5577M2"); \r
13d77ef9 1080 return buf;\r
1081}\r
1082\r
1083char * GetSelectedModulationStr( uint8_t id){\r
1084\r
9795e535 1085 static char buf[20];\r
13d77ef9 1086 char *retStr = buf;\r
1087\r
1088 switch (id){\r
1089 case DEMOD_FSK:\r
9795e535 1090 snprintf(retStr,sizeof(buf),"FSK");\r
13d77ef9 1091 break;\r
1092 case DEMOD_FSK1:\r
9795e535 1093 snprintf(retStr,sizeof(buf),"FSK1");\r
13d77ef9 1094 break;\r
1095 case DEMOD_FSK1a:\r
9795e535 1096 snprintf(retStr,sizeof(buf),"FSK1a");\r
13d77ef9 1097 break;\r
1098 case DEMOD_FSK2:\r
9795e535 1099 snprintf(retStr,sizeof(buf),"FSK2");\r
13d77ef9 1100 break;\r
1101 case DEMOD_FSK2a:\r
9795e535 1102 snprintf(retStr,sizeof(buf),"FSK2a");\r
13d77ef9 1103 break;\r
1104 case DEMOD_ASK: \r
9795e535 1105 snprintf(retStr,sizeof(buf),"ASK");\r
13d77ef9 1106 break;\r
1107 case DEMOD_NRZ:\r
9795e535 1108 snprintf(retStr,sizeof(buf),"DIRECT/NRZ");\r
13d77ef9 1109 break;\r
1110 case DEMOD_PSK1:\r
9795e535 1111 snprintf(retStr,sizeof(buf),"PSK1");\r
13d77ef9 1112 break;\r
1113 case DEMOD_PSK2:\r
9795e535 1114 snprintf(retStr,sizeof(buf),"PSK2");\r
13d77ef9 1115 break;\r
1116 case DEMOD_PSK3:\r
9795e535 1117 snprintf(retStr,sizeof(buf),"PSK3");\r
13d77ef9 1118 break;\r
1119 case DEMOD_BI:\r
9795e535 1120 snprintf(retStr,sizeof(buf),"BIPHASE");\r
13d77ef9 1121 break;\r
1122 case DEMOD_BIa:\r
9795e535 1123 snprintf(retStr,sizeof(buf),"BIPHASEa - (CDP)");\r
13d77ef9 1124 break;\r
1125 default:\r
9795e535 1126 snprintf(retStr,sizeof(buf),"(Unknown)");\r
13d77ef9 1127 break;\r
1128 }\r
1129 return buf;\r
1130}\r
1131\r
e98572a1 1132void t55x7_create_config_block( int tagtype ){\r
1133 //switch?\r
1134 \r
1135 \r
1136}\r
1137\r
9276e859 1138int CmdT55xxWakeUp(const char *Cmd) {\r
1139 uint32_t password = 0xFFFFFFFF; //default to blank Block 7\r
1140 uint8_t cmdp = 0;\r
1141 bool errors = false;\r
1142 while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
1143 switch(param_getchar(Cmd, cmdp)) {\r
1144 case 'h':\r
1145 case 'H':\r
1146 return usage_t55xx_wakup();\r
1147 case 'p':\r
1148 case 'P':\r
1149 password = param_get32ex(Cmd, cmdp+1, 0, 10);\r
1150 cmdp+=2;\r
1151 break;\r
1152 default:\r
1153 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
1154 errors = true;\r
1155 break;\r
1156 }\r
1157 }\r
1158 if (errors) return usage_t55xx_wakup();\r
1159 \r
1160 UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};\r
1161\r
1162 clearCommandBuffer();\r
1163 SendCommand(&c);\r
1164 PrintAndLog("Wake up command sent. Try read now");\r
1165 return 0;\r
1166}\r
1167\r
ad6219fc 1168/*\r
13d77ef9 1169uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){\r
1170 \r
1171 int i = start;\r
1172 int j = len-1;\r
1173\r
1174 if (len > 32) return 0;\r
1175\r
1176 uint32_t tmp = 0;\r
1177 for (; j >= 0; --j, ++i)\r
1178 tmp |= bits[i] << j;\r
1179\r
1180 return tmp;\r
1181}\r
ad6219fc 1182*/\r
54a942b0 1183static command_t CommandTable[] =\r
1184{\r
13d77ef9 1185 {"help", CmdHelp, 1, "This help"},\r
1186 {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},\r
1187 {"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."},\r
1188 {"read", CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},\r
1189 {"write", CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},\r
1190 {"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},\r
1191 {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},\r
1192 {"dump", CmdT55xxDump, 0, "[password] Dump T55xx card block 0-7. [optional password]"},\r
1193 {"special", special, 0, "Show block changes with 64 different offsets"},\r
9276e859 1194 {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},\r
1195 \r
54a942b0 1196 {NULL, NULL, 0, NULL}\r
1197};\r
1198\r
1199int CmdLFT55XX(const char *Cmd)\r
1200{\r
1201 CmdsParse(CommandTable, Cmd);\r
1202 return 0;\r
1203}\r
1204\r
1205int CmdHelp(const char *Cmd)\r
1206{\r
1207 CmdsHelp(CommandTable);\r
1208 return 0;\r
1209}\r
Proxmark3 GIT tracking
Impressum, Datenschutz