]> git.zerfleddert.de Git - proxmark3-svn/blob - client/cmdlft55xx.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of https://github.com/Proxmark/proxmark3
[proxmark3-svn] / client / cmdlft55xx.c
1 //-----------------------------------------------------------------------------
2 //
3 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
4 // at your option, any later version. See the LICENSE.txt file for the text of
5 // the license.
6 //-----------------------------------------------------------------------------
7 // Low frequency T55xx commands
8 //-----------------------------------------------------------------------------
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <inttypes.h>
13 #include "proxmark3.h"
14 #include "ui.h"
15 #include "graph.h"
16 #include "cmdmain.h"
17 #include "cmdparser.h"
18 #include "cmddata.h"
19 #include "cmdlf.h"
20 #include "cmdlft55xx.h"
21 #include "util.h"
22 #include "data.h"
23 #include "lfdemod.h"
24 #include "../common/crc.h"
25 #include "../common/iso14443crc.h"
26 #include "cmdhf14a.h"
27
28 // Default configuration
29 t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inversed = FALSE, .offset = 0x00, .block0 = 0x00};
30
31 int usage_t55xx_config(){
32 PrintAndLog("Usage: lf t55xx config [d <demodulation>] [i 1] [o <offset>]");
33 PrintAndLog("Options: ");
34 PrintAndLog(" h This help");
35 PrintAndLog(" d <FSK|ASK|PSK1|PSK2|NZ|BI> Set demodulation FSK / ASK / PSK / NZ / Biphase");
36 PrintAndLog(" i [1] Inverse data signal, defaults to normal");
37 PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream");
38 PrintAndLog("");
39 PrintAndLog("Examples:");
40 PrintAndLog(" lf t55xx config d FSK - FSK demodulation");
41 PrintAndLog(" lf t55xx config d FSK i 1 - FSK demodulation, inverse data");
42 PrintAndLog(" lf t55xx config d FSK i 1 o 3 - FSK demodulation, inverse data, offset=3,start from bitpos 3 to decode data");
43 PrintAndLog("");
44 return 0;
45 }
46 int usage_t55xx_read(){
47 PrintAndLog("Usage: lf t55xx read <block> <password>");
48 PrintAndLog(" <block>, block number to read. Between 0-7");
49 PrintAndLog(" <password>, OPTIONAL password (8 hex characters)");
50 PrintAndLog("");
51 PrintAndLog("Examples:");
52 PrintAndLog(" lf t55xx read 0 - read data from block 0");
53 PrintAndLog(" lf t55xx read 0 feedbeef - read data from block 0 password feedbeef");
54 PrintAndLog("");
55 return 0;
56 }
57 int usage_t55xx_write(){
58 PrintAndLog("Usage: lf t55xx wr <block> <data> [password]");
59 PrintAndLog(" <block>, block number to read. Between 0-7");
60 PrintAndLog(" <data>, 4 bytes of data to write (8 hex characters)");
61 PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex characters)");
62 PrintAndLog("");
63 PrintAndLog("Examples:");
64 PrintAndLog(" lf t55xx wd 3 11223344 - write 11223344 to block 3");
65 PrintAndLog(" lf t55xx wd 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef");
66 PrintAndLog("");
67 return 0;
68 }
69 int usage_t55xx_trace() {
70 PrintAndLog("Usage: lf t55xx trace [1]");
71 PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
72 PrintAndLog("");
73 PrintAndLog("Examples:");
74 PrintAndLog(" lf t55xx trace");
75 PrintAndLog(" lf t55xx trace 1");
76 PrintAndLog("");
77 return 0;
78 }
79 int usage_t55xx_info() {
80 PrintAndLog("Usage: lf t55xx info [1]");
81 PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag.");
82 PrintAndLog("");
83 PrintAndLog("Examples:");
84 PrintAndLog(" lf t55xx info");
85 PrintAndLog(" lf t55xx info 1");
86 PrintAndLog("");
87 return 0;
88 }
89 int usage_t55xx_dump(){
90 PrintAndLog("Usage: lf t55xx dump <password>");
91 PrintAndLog(" <password>, OPTIONAL password 4bytes (8 hex symbols)");
92 PrintAndLog("");
93 PrintAndLog("Examples:");
94 PrintAndLog(" lf t55xx dump");
95 PrintAndLog(" lf t55xx dump feedbeef");
96 PrintAndLog("");
97 return 0;
98 }
99 int usage_t55xx_detect(){
100 PrintAndLog("Usage: lf t55xx detect");
101 PrintAndLog("");
102 PrintAndLog("Examples:");
103 PrintAndLog(" lf t55xx detect");
104 PrintAndLog(" lf t55xx detect 1");
105 PrintAndLog("");
106 return 0;
107 }
108
109 static int CmdHelp(const char *Cmd);
110
111 int CmdT55xxSetConfig(const char *Cmd){
112
113 uint8_t offset = 0;
114 bool errors = FALSE;
115 uint8_t cmdp = 0;
116 char modulation[5] = {0x00};
117 char tmp = 0x00;
118
119 while(param_getchar(Cmd, cmdp) != 0x00 && !errors)
120 {
121 tmp = param_getchar(Cmd, cmdp);
122 switch(tmp)
123 {
124 case 'h':
125 case 'H':
126 return usage_t55xx_config();
127 case 'd':
128 param_getstr(Cmd, cmdp+1, modulation);
129 cmdp += 2;
130
131 if ( strcmp(modulation, "FSK" ) == 0)
132 config.modulation = DEMOD_FSK;
133 else if ( strcmp(modulation, "ASK" ) == 0)
134 config.modulation = DEMOD_ASK;
135 else if ( strcmp(modulation, "NRZ" ) == 0)
136 config.modulation = DEMOD_NRZ;
137 else if ( strcmp(modulation, "PSK1" ) == 0)
138 config.modulation = DEMOD_PSK1;
139 else if ( strcmp(modulation, "PSK2" ) == 0)
140 config.modulation = DEMOD_PSK2;
141 else if ( strcmp(modulation, "BI" ) == 0)
142 config.modulation = DEMOD_BI;
143 else {
144 PrintAndLog("Unknown modulation '%s'", modulation);
145 errors = TRUE;
146 }
147 break;
148 case 'i':
149 config.inversed = param_getchar(Cmd,cmdp+1) == '1';
150 cmdp+=2;
151 break;
152 case 'o':
153 errors |= param_getdec(Cmd, cmdp+1,&offset);
154 if ( !errors )
155 config.offset = offset;
156 cmdp += 2;
157 break;
158 default:
159 PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
160 errors = TRUE;
161 break;
162 }
163 }
164
165 // No args
166 if (cmdp == 0) {
167 printConfiguration( config );
168 return 0;
169 }
170 //Validations
171 if (errors)
172 return usage_t55xx_config();
173 config.block0 = 0;
174 printConfiguration( config );
175 return 0;
176 }
177
178 int CmdT55xxReadBlock(const char *Cmd)
179 {
180 int block = -1;
181 int password = 0xFFFFFFFF; //default to blank Block 7
182
183 char cmdp = param_getchar(Cmd, 0);
184 if (cmdp == 'h' || cmdp == 'H')
185 return usage_t55xx_read();
186
187 int res = sscanf(Cmd, "%d %x", &block, &password);
188
189 if ( res < 1 || res > 2 )
190 return usage_t55xx_read();
191
192
193 if ((block < 0) | (block > 7)) {
194 PrintAndLog("Block must be between 0 and 7");
195 return 1;
196 }
197
198 UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, 0}};
199 c.d.asBytes[0] = 0x0;
200
201 //Password mode
202 if ( res == 2 ) {
203 c.arg[2] = password;
204 c.d.asBytes[0] = 0x1;
205 }
206
207 SendCommand(&c);
208 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
209 PrintAndLog("command execution time out");
210 return 2;
211 }
212
213 uint8_t got[12000];
214 GetFromBigBuf(got,sizeof(got),0);
215 WaitForResponse(CMD_ACK,NULL);
216 setGraphBuf(got, 12000);
217
218 DecodeT55xxBlock();
219 printT55xxBlock("");
220 return 0;
221 }
222
223 void DecodeT55xxBlock(){
224
225 char buf[8] = {0x00};
226 char *cmdStr = buf;
227
228 // clearing the DemodBuffer.
229 DemodBufferLen = 0x00;
230
231 // use the configuration
232 switch( config.modulation ){
233 case DEMOD_FSK:
234 sprintf(cmdStr,"0 %d", config.inversed );
235 FSKrawDemod(cmdStr, FALSE);
236 break;
237 case DEMOD_ASK:
238 sprintf(cmdStr,"0 %d 1", config.inversed );
239 ASKmanDemod(cmdStr, FALSE, FALSE);
240 break;
241 case DEMOD_PSK1:
242 sprintf(cmdStr,"0 %d 1", config.inversed );
243 PSKDemod(cmdStr, FALSE);
244 break;
245 case DEMOD_PSK2:
246 sprintf(cmdStr,"0 %d 1", config.inversed );
247 PSKDemod(cmdStr, FALSE);
248 psk1TOpsk2(DemodBuffer, DemodBufferLen);
249 break;
250 case DEMOD_PSK3:
251 sprintf(cmdStr,"0 %d 1", config.inversed );
252 PSKDemod(cmdStr, FALSE);
253 psk1TOpsk2(DemodBuffer, DemodBufferLen);
254 break;
255 case DEMOD_NRZ:
256 sprintf(cmdStr,"0 %d 1", config.inversed );
257 NRZrawDemod(cmdStr, FALSE);
258 break;
259 case DEMOD_BI:
260 sprintf(cmdStr,"0 0 %d 1", config.inversed );
261 // DEPENDS ON NEW CODE IN MARSHMELLOWS PULL REQUEST
262 //ASKbiphDemod(cmdStr, FALSE);
263 break;
264 default:
265 return;
266 }
267 }
268
269 int CmdT55xxDetect(const char *Cmd){
270 char cmdp = param_getchar(Cmd, 0);
271 if (cmdp == 'h' || cmdp == 'H')
272 return usage_t55xx_detect();
273
274 // read block 0, Page 0. Configuration.
275 UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, 0, 0}};
276 c.d.asBytes[0] = 0x0;
277
278 //Password mode
279 // if ( res == 2 ) {
280 // c.arg[2] = password;
281 // c.d.asBytes[0] = 0x1;
282 // }
283
284 SendCommand(&c);
285 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
286 PrintAndLog("command execution time out");
287 return FALSE;
288 }
289
290 uint8_t got[12000];
291 GetFromBigBuf(got,sizeof(got),0);
292 WaitForResponse(CMD_ACK,NULL);
293 setGraphBuf(got, 12000);
294
295 if ( !tryDetectModulation() ){
296 PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");
297 }
298 return 0;
299 }
300
301 // detect configuration?
302 bool tryDetectModulation(){
303
304 uint8_t hits = 0;
305 t55xx_conf_block_t tests[11];
306
307 if (GetFskClock("", FALSE, FALSE)){
308 if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset)){
309 tests[hits].modulation = DEMOD_FSK;
310 tests[hits].inversed = FALSE;
311 ++hits;
312 }
313 if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset)) {
314 tests[hits].modulation = DEMOD_FSK;
315 tests[hits].inversed = TRUE;
316 ++hits;
317 }
318 } else {
319 if ( ASKmanDemod("0 0 1", FALSE, FALSE) && test(DEMOD_ASK, &tests[hits].offset)) {
320 tests[hits].modulation = DEMOD_ASK;
321 tests[hits].inversed = FALSE;
322 ++hits;
323 }
324
325 if ( ASKmanDemod("0 1 1", FALSE, FALSE) && test(DEMOD_ASK, &tests[hits].offset)) {
326 tests[hits].modulation = DEMOD_ASK;
327 tests[hits].inversed = TRUE;
328 ++hits;
329 }
330
331 if ( NRZrawDemod("0 0 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset)) {
332 tests[hits].modulation = DEMOD_NRZ;
333 tests[hits].inversed = FALSE;
334 ++hits;
335 }
336
337 if ( NRZrawDemod("0 1 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset)) {
338 tests[hits].modulation = DEMOD_NRZ;
339 tests[hits].inversed = TRUE;
340 ++hits;
341 }
342
343 if ( PSKDemod("0 0 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) {
344 tests[hits].modulation = DEMOD_PSK1;
345 tests[hits].inversed = FALSE;
346 ++hits;
347 }
348
349 if ( PSKDemod("0 1 1", FALSE) && test(DEMOD_PSK1, &tests[hits].offset)) {
350 tests[hits].modulation = DEMOD_PSK1;
351 tests[hits].inversed = TRUE;
352 ++hits;
353 }
354
355 //PSK2
356 if ( PSKDemod("0 0 1", FALSE)) {
357 psk1TOpsk2(DemodBuffer, DemodBufferLen);
358 if (test(DEMOD_PSK2, &tests[hits].offset)){
359 tests[hits].modulation = DEMOD_PSK2;
360 tests[hits].inversed = FALSE;
361 ++hits;
362 }
363 }
364 if ( PSKDemod("0 1 1", FALSE)) {
365 psk1TOpsk2(DemodBuffer, DemodBufferLen);
366 if (test(DEMOD_PSK2, &tests[hits].offset)){
367 tests[hits].modulation = DEMOD_PSK2;
368 tests[hits].inversed = TRUE;
369 ++hits;
370 }
371 }
372
373 /* DEPENDANT ON NEW CODE IN MARSHMELLOWS pull request
374 //biphase //offset, clock, invert, maxErr
375 if ( ASKbiphaseDemod("0 0 0 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) {
376 tests[hits].modulation = DEMOD_BI;
377 tests[hits].inversed = FALSE;
378 ++hits;
379 }
380 if ( ASKbiphaseDemod("0 0 1 1", FALSE) && test(DEMOD_BI, &tests[hits].offset) ) {
381 tests[hits].modulation = DEMOD_BI;
382 tests[hits].inversed = TRUE;
383 ++hits;
384 }
385 */
386 }
387 if ( hits == 1) {
388 config.modulation = tests[0].modulation;
389 config.inversed = tests[0].inversed;
390 config.offset = tests[0].offset;
391 printConfiguration( config );
392 return TRUE;
393 }
394
395 if ( hits > 1) {
396 PrintAndLog("Found [%d] possible matches for modulation.",hits);
397 for(int i=0; i<hits; ++i){
398 PrintAndLog("--[%d]---------------", i+1);
399 printConfiguration( tests[i] );
400 }
401 }
402 return FALSE;
403 }
404
405 bool testModulation(uint8_t mode, uint8_t modread){
406 switch( mode ){
407 case DEMOD_FSK:
408 if (modread > 3 && modread < 8) return TRUE;
409 break;
410 case DEMOD_ASK:
411 if (modread == 8) return TRUE;
412 break;
413 case DEMOD_PSK1:
414 if (modread == 1) return TRUE;
415 break;
416 case DEMOD_PSK2:
417 if (modread == 2) return TRUE;
418 break;
419 case DEMOD_PSK3:
420 if (modread == 3) return TRUE;
421 break;
422 case DEMOD_NRZ:
423 if (!modread) return TRUE;
424 break;
425 case DEMOD_BI:
426 if (modread == 16) return TRUE;
427 break;
428 default:
429 return FALSE;
430 }
431 return FALSE;
432 }
433
434 bool test(uint8_t mode, uint8_t *offset){
435
436 if ( !DemodBufferLen)
437 return FALSE;
438 if ( PackBits(0, 32, DemodBuffer) == 0x00 )
439 return FALSE;
440 for (uint8_t idx=1; idx<33; idx++){
441 uint8_t si = idx;
442 uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key
443 uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode
444 uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3+3; //new
445 //uint8_t bitRate = PackBits(si, 3, DemodBuffer); si += 3; //new could check bit rate
446 uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode
447 uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; //new
448 //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //new could check psk cr
449 uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24 , 30, 31 could be tested for 0 if not extended mode
450 uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;
451
452 bool extMode = FALSE;
453
454 //PrintAndLog("test: %X %X %X ", safer, resv, extend);
455
456 // 2nibble must be zeroed.
457 if ( resv > 0x00) continue;
458
459 //if extended mode
460 if ( (safer == 0x6 || safer == 0x9) && extend) extMode = TRUE;
461
462 if (!extMode){
463 if (nml01 || nml02 || xtRate) continue;
464 }
465
466 //test modulation
467 if (!testModulation(mode, modread)) continue;
468 *offset = idx;
469 return TRUE;
470 }
471 return FALSE;
472 }
473
474 void printT55xxBlock(const char *demodStr){
475
476 uint32_t blockData = 0;
477 uint8_t bits[64] = {0x00};
478
479 if ( !DemodBufferLen)
480 return;
481
482 if ( config.offset + 32 > DemodBufferLen){
483 PrintAndLog("The configured offset is too big. (%d > %d)", config.offset, DemodBufferLen);
484 return;
485 }
486
487 int i = config.offset;
488 int pos = 32 + config.offset;
489 for (; i < pos; ++i)
490 bits[i - config.offset]=DemodBuffer[i];
491
492 blockData = PackBits(0, 32, bits);
493 PrintAndLog("0x%08X %s [%s]", blockData, sprint_bin(bits,32), demodStr);
494 }
495
496 int special(const char *Cmd) {
497 uint32_t blockData = 0;
498 uint8_t bits[32] = {0x00};
499
500 PrintAndLog("[OFFSET] [DATA] [BINARY]");
501 PrintAndLog("----------------------------------------------------");
502 int i,j = 0;
503 for (; j < 128; ++j){
504
505 for (i = 0; i < 32; ++i)
506 bits[i]=DemodBuffer[j+i];
507
508 blockData = PackBits(0, 32, bits);
509 PrintAndLog("[%d] 0x%08X %s",j , blockData, sprint_bin(bits,32));
510 }
511
512 return 0;
513 }
514
515 void printConfiguration( t55xx_conf_block_t b){
516 PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );
517 PrintAndLog("Inverted : %s", (b.inversed) ? "Yes" : "No" );
518 PrintAndLog("Offset : %d", b.offset);
519 PrintAndLog("Block0 : %08X", b.block0);
520 PrintAndLog("");
521 }
522
523 int CmdT55xxWriteBlock(const char *Cmd)
524 {
525 int block = 8; //default to invalid block
526 int data = 0xFFFFFFFF; //default to blank Block
527 int password = 0xFFFFFFFF; //default to blank Block 7
528
529 char cmdp = param_getchar(Cmd, 0);
530 if (cmdp == 'h' || cmdp == 'H') {
531 usage_t55xx_write();
532 return 0;
533 }
534
535 int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);
536
537 if ( res < 2 || res > 3) {
538 usage_t55xx_write();
539 return 1;
540 }
541
542 if (block > 7) {
543 PrintAndLog("Block must be between 0 and 7");
544 return 1;
545 }
546
547 UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};
548 c.d.asBytes[0] = 0x0;
549
550 PrintAndLog("Writing to T55x7");
551 PrintAndLog("block : %d", block);
552 PrintAndLog("data : 0x%08X", data);
553
554 //Password mode
555 if (res == 3) {
556 c.arg[2] = password;
557 c.d.asBytes[0] = 0x1;
558 PrintAndLog("pwd : 0x%08X", password);
559 }
560 SendCommand(&c);
561 return 0;
562 }
563
564 int CmdT55xxReadTrace(const char *Cmd)
565 {
566 char cmdp = param_getchar(Cmd, 0);
567
568 if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
569 return usage_t55xx_trace();
570
571 if ( strlen(Cmd)==0){
572
573 UsbCommand c = {CMD_T55XX_READ_TRACE, {0, 0, 0}};
574 SendCommand(&c);
575 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
576 PrintAndLog("command execution time out");
577 return 1;
578 }
579
580 uint8_t got[12000];
581 GetFromBigBuf(got,sizeof(got),0);
582 WaitForResponse(CMD_ACK,NULL);
583 setGraphBuf(got, 12000);
584 }
585
586 DecodeT55xxBlock();
587
588 if ( !DemodBufferLen)
589 return 2;
590
591 RepaintGraphWindow();
592 uint8_t repeat = 0;
593 if (config.offset > 5) repeat = 32;
594 uint8_t si = config.offset+repeat;
595 uint32_t bl0 = PackBits(si, 32, DemodBuffer);
596 uint32_t bl1 = PackBits(si+32, 32, DemodBuffer);
597
598 uint32_t acl = PackBits(si, 8, DemodBuffer); si += 8;
599 uint32_t mfc = PackBits(si, 8, DemodBuffer); si += 8;
600 uint32_t cid = PackBits(si, 5, DemodBuffer); si += 5;
601 uint32_t icr = PackBits(si, 3, DemodBuffer); si += 3;
602 uint32_t year = PackBits(si, 4, DemodBuffer); si += 4;
603 uint32_t quarter = PackBits(si, 2, DemodBuffer); si += 2;
604 uint32_t lotid = PackBits(si, 12, DemodBuffer); si += 12;
605 uint32_t wafer = PackBits(si, 5, DemodBuffer); si += 5;
606 uint32_t dw = PackBits(si, 15, DemodBuffer);
607
608 year += 2000;
609
610 PrintAndLog("");
611 PrintAndLog("-- T55xx Trace Information ----------------------------------");
612 PrintAndLog("-------------------------------------------------------------");
613 PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", acl, acl);
614 PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d) - %s", mfc, mfc, getTagInfo(mfc));
615 PrintAndLog(" CID : 0x%02X (%d) - %s", cid, cid, GetModelStrFromCID(cid));
616 PrintAndLog(" ICR IC Revision : %d",icr );
617 PrintAndLog(" Manufactured");
618 PrintAndLog(" Year/Quarter : %d/%d",year, quarter );
619 PrintAndLog(" Lot ID : %d", lotid );
620 PrintAndLog(" Wafer number : %d", wafer);
621 PrintAndLog(" Die Number : %d", dw);
622 PrintAndLog("-------------------------------------------------------------");
623 PrintAndLog(" Raw Data - Page 1");
624 PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset+repeat,32) );
625 PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
626 PrintAndLog("-------------------------------------------------------------");
627 /*
628 TRACE - BLOCK O
629 Bits Definition HEX
630 1-8 ACL Allocation class (ISO/IEC 15963-1) 0xE0
631 9-16 MFC Manufacturer ID (ISO/IEC 7816-6) 0x15 Atmel Corporation
632 17-21 CID 0x1 = Atmel ATA5577M1 0x2 = Atmel ATA5577M2
633 22-24 ICR IC revision
634 25-28 YEAR (BCD encoded) 9 (= 2009)
635 29-30 QUARTER 1,2,3,4
636 31-32 LOT ID
637
638 TRACE - BLOCK 1
639 1-12 LOT ID
640 13-17 Wafer number
641 18-32 DW, die number sequential
642 */
643
644 return 0;
645 }
646
647 int CmdT55xxInfo(const char *Cmd){
648 /*
649 Page 0 Block 0 Configuration data.
650 Normal mode
651 Extended mode
652 */
653 char cmdp = param_getchar(Cmd, 0);
654
655 if (cmdp == 'h' || cmdp == 'H')
656 return usage_t55xx_info();
657
658 if (strlen(Cmd)==0){
659
660 // read block 0, Page 0. Configuration.
661 UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, 0, 0}};
662 c.d.asBytes[0] = 0x0;
663
664 //Password mode
665 // if ( res == 2 ) {
666 // c.arg[2] = password;
667 // c.d.asBytes[0] = 0x1;
668 // }
669
670 SendCommand(&c);
671 if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
672 PrintAndLog("command execution time out");
673 return 1;
674 }
675
676 uint8_t got[12000];
677 GetFromBigBuf(got,sizeof(got),0);
678 WaitForResponse(CMD_ACK,NULL);
679 setGraphBuf(got, 12000);
680 }
681
682 DecodeT55xxBlock();
683
684 if ( !DemodBufferLen)
685 return 2;
686
687
688 uint8_t si = config.offset;
689 uint32_t bl0 = PackBits(si, 32, DemodBuffer);
690
691 uint32_t safer = PackBits(si, 4, DemodBuffer); si += 4;
692 uint32_t resv = PackBits(si, 7, DemodBuffer); si += 7;
693 uint32_t dbr = PackBits(si, 3, DemodBuffer); si += 3;
694 uint32_t extend = PackBits(si, 1, DemodBuffer); si += 1;
695 uint32_t datamod = PackBits(si, 5, DemodBuffer); si += 5;
696 uint32_t pskcf = PackBits(si, 2, DemodBuffer); si += 2;
697 uint32_t aor = PackBits(si, 1, DemodBuffer); si += 1;
698 uint32_t otp = PackBits(si, 1, DemodBuffer); si += 1;
699 uint32_t maxblk = PackBits(si, 3, DemodBuffer); si += 3;
700 uint32_t pwd = PackBits(si, 1, DemodBuffer); si += 1;
701 uint32_t sst = PackBits(si, 1, DemodBuffer); si += 1;
702 uint32_t fw = PackBits(si, 1, DemodBuffer); si += 1;
703 uint32_t inv = PackBits(si, 1, DemodBuffer); si += 1;
704 uint32_t por = PackBits(si, 1, DemodBuffer); si += 1;
705
706 PrintAndLog("");
707 PrintAndLog("-- T55xx Configuration & Tag Information --------------------");
708 PrintAndLog("-------------------------------------------------------------");
709 PrintAndLog(" Safer key : %s", GetSaferStr(safer));
710 PrintAndLog(" reserved : %d", resv);
711 PrintAndLog(" Data bit rate : %s", GetBitRateStr(dbr));
712 PrintAndLog(" eXtended mode : %s", (extend) ? "Yes - Warning":"No");
713 PrintAndLog(" Modulation : %s", GetModulationStr(datamod));
714 PrintAndLog(" PSK clock freq : %d", pskcf);
715 PrintAndLog(" AOR - Answer on Request : %s", (aor) ? "Yes":"No");
716 PrintAndLog(" OTP - One Time Pad : %s", (otp) ? "Yes - Warning":"No" );
717 PrintAndLog(" Max block : %d", maxblk);
718 PrintAndLog(" Password mode : %s", (pwd) ? "Yes":"No");
719 PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No");
720 PrintAndLog(" Fast Write : %s", (fw) ? "Yes":"No");
721 PrintAndLog(" Inverse data : %s", (inv) ? "Yes":"No");
722 PrintAndLog(" POR-Delay : %s", (por) ? "Yes":"No");
723 PrintAndLog("-------------------------------------------------------------");
724 PrintAndLog(" Raw Data - Page 0");
725 PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) );
726 PrintAndLog("-------------------------------------------------------------");
727
728 return 0;
729 }
730
731 int CmdT55xxDump(const char *Cmd){
732
733 char s[20] = {0x00};
734 uint8_t pwd[4] = {0x00};
735
736 char cmdp = param_getchar(Cmd, 0);
737 if ( cmdp == 'h' || cmdp == 'H') {
738 usage_t55xx_dump();
739 return 0;
740 }
741
742 bool hasPwd = ( strlen(Cmd) > 0);
743 if ( hasPwd ){
744 if (param_gethex(Cmd, 0, pwd, 8)) {
745 PrintAndLog("password must include 8 HEX symbols");
746 return 1;
747 }
748 }
749
750 for ( int i = 0; i <8; ++i){
751 memset(s,0,sizeof(s));
752 if ( hasPwd ) {
753 sprintf(s,"%d %02x%02x%02x%02x", i, pwd[0],pwd[1],pwd[2],pwd[3]);
754 } else {
755 sprintf(s,"%d", i);
756 }
757 CmdT55xxReadBlock(s);
758 }
759 return 0;
760 }
761
762 char * GetBitRateStr(uint32_t id){
763 static char buf[40];
764 char *retStr = buf;
765 switch (id){
766 case 0:
767 sprintf(retStr,"%d - RF/8",id);
768 break;
769 case 1:
770 sprintf(retStr,"%d - RF/16",id);
771 break;
772 case 2:
773 sprintf(retStr,"%d - RF/32",id);
774 break;
775 case 3:
776 sprintf(retStr,"%d - RF/40",id);
777 break;
778 case 4:
779 sprintf(retStr,"%d - RF/50",id);
780 break;
781 case 5:
782 sprintf(retStr,"%d - RF/64",id);
783 break;
784 case 6:
785 sprintf(retStr,"%d - RF/100",id);
786 break;
787 case 7:
788 sprintf(retStr,"%d - RF/128",id);
789 break;
790 default:
791 sprintf(retStr,"%d - (Unknown)",id);
792 break;
793 }
794
795 return buf;
796 }
797
798 char * GetSaferStr(uint32_t id){
799 static char buf[40];
800 char *retStr = buf;
801
802 sprintf(retStr,"%d",id);
803 if (id == 6) {
804 sprintf(retStr,"%d - passwd",id);
805 }
806 if (id == 9 ){
807 sprintf(retStr,"%d - testmode",id);
808 }
809
810 return buf;
811 }
812 char * GetModulationStr( uint32_t id){
813 static char buf[40];
814 char *retStr = buf;
815
816 switch (id){
817 case 0:
818 sprintf(retStr,"%d - DIRECT (ASK/NRZ)",id);
819 break;
820 case 1:
821 sprintf(retStr,"%d - PSK 1 phase change when input changes",id);
822 break;
823 case 2:
824 sprintf(retStr,"%d - PSK 2 phase change on bitclk if input high",id);
825 break;
826 case 3:
827 sprintf(retStr,"%d - PSK 3 phase change on rising edge of input",id);
828 break;
829 case 4:
830 sprintf(retStr,"%d - FSK 1 RF/8 RF/5",id);
831 break;
832 case 5:
833 sprintf(retStr,"%d - FSK 2 RF/8 RF/10",id);
834 break;
835 case 6:
836 sprintf(retStr,"%d - FSK 1a RF/5 RF/8",id);
837 break;
838 case 7:
839 sprintf(retStr,"%d - FSK 2a RF/10 RF/8",id);
840 break;
841 case 8:
842 sprintf(retStr,"%d - Manschester",id);
843 break;
844 case 16:
845 sprintf(retStr,"%d - Biphase",id);
846 break;
847 case 17:
848 sprintf(retStr,"%d - Reserved",id);
849 break;
850 default:
851 sprintf(retStr,"0x%02X (Unknown)",id);
852 break;
853 }
854 return buf;
855 }
856
857 char * GetModelStrFromCID(uint32_t cid){
858
859 static char buf[10];
860 char *retStr = buf;
861
862 if (cid == 1) sprintf(retStr,"ATA5577M1");
863 if (cid == 2) sprintf(retStr,"ATA5577M2");
864 return buf;
865 }
866
867 char * GetSelectedModulationStr( uint8_t id){
868
869 static char buf[16];
870 char *retStr = buf;
871
872 switch (id){
873 case DEMOD_FSK:
874 sprintf(retStr,"FSK (%d)",id);
875 break;
876 case DEMOD_ASK:
877 sprintf(retStr,"ASK (%d)",id);
878 break;
879 case DEMOD_NRZ:
880 sprintf(retStr,"DIRECT/NRZ (%d)",id);
881 break;
882 case DEMOD_PSK1:
883 sprintf(retStr,"PSK1 (%d)",id);
884 break;
885 case DEMOD_PSK2:
886 sprintf(retStr,"PSK2 (%d)",id);
887 break;
888 case DEMOD_BI:
889 sprintf(retStr,"BIPHASE (%d)",id);
890 break;
891 default:
892 sprintf(retStr,"(Unknown)");
893 break;
894 }
895 return buf;
896 }
897
898 uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){
899
900 int i = start;
901 int j = len-1;
902 if (len > 32) {
903 return 0;
904 }
905 uint32_t tmp = 0;
906 for (; j >= 0; --j, ++i){
907 tmp |= bits[i] << j;
908 }
909 return tmp;
910 }
911
912 static command_t CommandTable[] =
913 {
914 {"help", CmdHelp, 1, "This help"},
915 {"config", CmdT55xxSetConfig, 1, "Set T55XX config for modulation, inversed data"},
916 {"detect", CmdT55xxDetect, 0, "Try detecting the tag modulation from reading the configuration block."},
917 {"read", CmdT55xxReadBlock, 0, "<block> [password] -- Read T55xx block data (page 0) [optional password]"},
918 {"write", CmdT55xxWriteBlock,0, "<block> <data> [password] -- Write T55xx block data (page 0) [optional password]"},
919 {"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"},
920 {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"},
921 {"dump", CmdT55xxDump, 0, "[password] Dump T55xx card block 0-7. [optional password]"},
922 {"special", special, 0, "Shows how a datablock changes with 32 different offsets"},
923 {NULL, NULL, 0, NULL}
924 };
925
926 int CmdLFT55XX(const char *Cmd)
927 {
928 CmdsParse(CommandTable, Cmd);
929 return 0;
930 }
931
932 int CmdHelp(const char *Cmd)
933 {
934 CmdsHelp(CommandTable);
935 return 0;
936 }
Proxmark3 GIT tracking
Impressum, Datenschutz