+int CmdT55xxInfo(const char *Cmd){\r
+ /*\r
+ Page 0 Block 0 Configuration data.\r
+ Normal mode\r
+ Extended mode\r
+ */\r
+ bool pwdmode = false;\r
+ uint32_t password = 0;\r
+ char cmdp = param_getchar(Cmd, 0);\r
+\r
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_info();\r
+ \r
+ if (strlen(Cmd)==0)\r
+ if ( !AquireData( T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, pwdmode, password ) )\r
+ return 1;\r
+\r
+ if (!DecodeT55xxBlock()) return 1;\r
+\r
+ if ( DemodBufferLen < 32) return 1;\r
+\r
+ uint8_t si = config.offset;\r
+ uint32_t bl0 = PackBits(si, 32, DemodBuffer);\r
+ \r
+ uint32_t safer = PackBits(si, 4, DemodBuffer); si += 4; \r
+ uint32_t resv = PackBits(si, 7, DemodBuffer); si += 7;\r
+ uint32_t dbr = PackBits(si, 3, DemodBuffer); si += 3;\r
+ uint32_t extend = PackBits(si, 1, DemodBuffer); si += 1;\r
+ uint32_t datamod = PackBits(si, 5, DemodBuffer); si += 5;\r
+ uint32_t pskcf = PackBits(si, 2, DemodBuffer); si += 2;\r
+ uint32_t aor = PackBits(si, 1, DemodBuffer); si += 1; \r
+ uint32_t otp = PackBits(si, 1, DemodBuffer); si += 1; \r
+ uint32_t maxblk = PackBits(si, 3, DemodBuffer); si += 3;\r
+ uint32_t pwd = PackBits(si, 1, DemodBuffer); si += 1; \r
+ uint32_t sst = PackBits(si, 1, DemodBuffer); si += 1; \r
+ uint32_t fw = PackBits(si, 1, DemodBuffer); si += 1;\r
+ uint32_t inv = PackBits(si, 1, DemodBuffer); si += 1; \r
+ uint32_t por = PackBits(si, 1, DemodBuffer); si += 1;\r
+ if (config.Q5) PrintAndLog("*** Warning *** Config Info read off a Q5 will not display as expected");\r
+ PrintAndLog("");\r
+ PrintAndLog("-- T55xx Configuration & Tag Information --------------------");\r
+ PrintAndLog("-------------------------------------------------------------");\r
+ PrintAndLog(" Safer key : %s", GetSaferStr(safer));\r
+ PrintAndLog(" reserved : %d", resv);\r
+ PrintAndLog(" Data bit rate : %s", GetBitRateStr(dbr));\r
+ PrintAndLog(" eXtended mode : %s", (extend) ? "Yes - Warning":"No");\r
+ PrintAndLog(" Modulation : %s", GetModulationStr(datamod));\r
+ PrintAndLog(" PSK clock frequency : %d", pskcf);\r
+ PrintAndLog(" AOR - Answer on Request : %s", (aor) ? "Yes":"No");\r
+ PrintAndLog(" OTP - One Time Pad : %s", (otp) ? "Yes - Warning":"No" );\r
+ PrintAndLog(" Max block : %d", maxblk);\r
+ PrintAndLog(" Password mode : %s", (pwd) ? "Yes":"No");\r
+ PrintAndLog(" Sequence Start Terminator : %s", (sst) ? "Yes":"No");\r
+ PrintAndLog(" Fast Write : %s", (fw) ? "Yes":"No");\r
+ PrintAndLog(" Inverse data : %s", (inv) ? "Yes":"No");\r
+ PrintAndLog(" POR-Delay : %s", (por) ? "Yes":"No");\r
+ PrintAndLog("-------------------------------------------------------------");\r
+ PrintAndLog(" Raw Data - Page 0");\r
+ PrintAndLog(" Block 0 : 0x%08X %s", bl0, sprint_bin(DemodBuffer+config.offset,32) );\r
+ PrintAndLog("-------------------------------------------------------------");\r
+ \r
+ return 0;\r
+}\r
+\r
+int CmdT55xxDump(const char *Cmd){\r
+\r
+ uint32_t password = 0;\r
+ bool override = false;\r
+ char cmdp = param_getchar(Cmd, 0); \r
+ if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();\r
+\r
+ bool usepwd = ( strlen(Cmd) > 0); \r
+ if ( usepwd ){\r
+ password = param_get32ex(Cmd, 0, 0, 16);\r
+ if (param_getchar(Cmd, 1) =='o' )\r
+ override = true;\r
+ }\r
+ \r
+ printT5xxHeader(0);\r
+ for ( uint8_t i = 0; i < 8; ++i)\r
+ T55xxReadBlock(i, 0, usepwd, override, password);\r
+\r
+ printT5xxHeader(1);\r
+ for ( uint8_t i = 0; i < 4; i++)\r
+ T55xxReadBlock(i, 1, usepwd, override, password); \r
+\r
+ return 1;\r
+}\r
+\r
+int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password ){\r
+ // arg0 bitmodes:\r
+ // bit0 = pwdmode\r
+ // bit1 = page to read from\r
+ uint8_t arg0 = (page<<1) | pwdmode;\r
+ UsbCommand c = {CMD_T55XX_READ_BLOCK, {arg0, block, password}};\r
+ \r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+ if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
+ PrintAndLog("command execution time out");\r
+ return 0;\r
+ }\r
+\r
+ uint8_t got[12000];\r
+ GetFromBigBuf(got,sizeof(got),0);\r
+ WaitForResponse(CMD_ACK,NULL);\r
+ setGraphBuf(got, sizeof(got));\r
+ return 1;\r
+}\r
+\r
+char * GetBitRateStr(uint32_t id){\r
+ static char buf[25];\r
+\r
+ char *retStr = buf;\r
+ switch (id){\r
+ case 0: \r
+ snprintf(retStr,sizeof(buf),"%d - RF/8",id);\r
+ break;\r
+ case 1:\r
+ snprintf(retStr,sizeof(buf),"%d - RF/16",id);\r
+ break;\r
+ case 2: \r
+ snprintf(retStr,sizeof(buf),"%d - RF/32",id);\r
+ break;\r
+ case 3:\r
+ snprintf(retStr,sizeof(buf),"%d - RF/40",id);\r
+ break;\r
+ case 4:\r
+ snprintf(retStr,sizeof(buf),"%d - RF/50",id);\r
+ break;\r
+ case 5:\r
+ snprintf(retStr,sizeof(buf),"%d - RF/64",id);\r
+ break;\r
+ case 6:\r
+ snprintf(retStr,sizeof(buf),"%d - RF/100",id);\r
+ break;\r
+ case 7:\r
+ snprintf(retStr,sizeof(buf),"%d - RF/128",id);\r
+ break;\r
+ default:\r
+ snprintf(retStr,sizeof(buf),"%d - (Unknown)",id);\r
+ break;\r
+ }\r
+\r
+ return buf;\r
+}\r
+\r
+char * GetSaferStr(uint32_t id){\r
+ static char buf[40];\r
+ char *retStr = buf;\r
+ \r
+ snprintf(retStr,sizeof(buf),"%d",id);\r
+ if (id == 6) {\r
+ snprintf(retStr,sizeof(buf),"%d - passwd",id);\r
+ }\r
+ if (id == 9 ){\r
+ snprintf(retStr,sizeof(buf),"%d - testmode",id);\r
+ }\r
+ \r
+ return buf;\r
+}\r
+\r
+char * GetModulationStr( uint32_t id){\r
+ static char buf[60];\r
+ char *retStr = buf;\r
+ \r
+ switch (id){\r
+ case 0: \r
+ snprintf(retStr,sizeof(buf),"%d - DIRECT (ASK/NRZ)",id);\r
+ break;\r
+ case 1:\r
+ snprintf(retStr,sizeof(buf),"%d - PSK 1 phase change when input changes",id);\r
+ break;\r
+ case 2: \r
+ snprintf(retStr,sizeof(buf),"%d - PSK 2 phase change on bitclk if input high",id);\r
+ break;\r
+ case 3:\r
+ snprintf(retStr,sizeof(buf),"%d - PSK 3 phase change on rising edge of input",id);\r
+ break;\r
+ case 4:\r
+ snprintf(retStr,sizeof(buf),"%d - FSK 1 RF/8 RF/5",id);\r
+ break;\r
+ case 5:\r
+ snprintf(retStr,sizeof(buf),"%d - FSK 2 RF/8 RF/10",id);\r
+ break;\r
+ case 6:\r
+ snprintf(retStr,sizeof(buf),"%d - FSK 1a RF/5 RF/8",id);\r
+ break;\r
+ case 7:\r
+ snprintf(retStr,sizeof(buf),"%d - FSK 2a RF/10 RF/8",id);\r
+ break;\r
+ case 8:\r
+ snprintf(retStr,sizeof(buf),"%d - Manchester",id);\r
+ break;\r
+ case 16:\r
+ snprintf(retStr,sizeof(buf),"%d - Biphase",id);\r
+ break;\r
+ case 0x18:\r
+ snprintf(retStr,sizeof(buf),"%d - Biphase a - AKA Conditional Dephase Encoding(CDP)",id);\r
+ break;\r
+ case 17:\r
+ snprintf(retStr,sizeof(buf),"%d - Reserved",id);\r
+ break;\r
+ default:\r
+ snprintf(retStr,sizeof(buf),"0x%02X (Unknown)",id);\r
+ break;\r
+ }\r
+ return buf;\r
+}\r
+\r
+char * GetModelStrFromCID(uint32_t cid){\r
+ \r
+ static char buf[10];\r
+ char *retStr = buf;\r
+ \r
+ if (cid == 1) snprintf(retStr, sizeof(buf),"ATA5577M1");\r
+ if (cid == 2) snprintf(retStr, sizeof(buf),"ATA5577M2"); \r
+ return buf;\r
+}\r
+\r
+char * GetSelectedModulationStr( uint8_t id){\r
+\r
+ static char buf[20];\r
+ char *retStr = buf;\r
+\r
+ switch (id){\r
+ case DEMOD_FSK:\r
+ snprintf(retStr,sizeof(buf),"FSK");\r
+ break;\r
+ case DEMOD_FSK1:\r
+ snprintf(retStr,sizeof(buf),"FSK1");\r
+ break;\r
+ case DEMOD_FSK1a:\r
+ snprintf(retStr,sizeof(buf),"FSK1a");\r
+ break;\r
+ case DEMOD_FSK2:\r
+ snprintf(retStr,sizeof(buf),"FSK2");\r
+ break;\r
+ case DEMOD_FSK2a:\r
+ snprintf(retStr,sizeof(buf),"FSK2a");\r
+ break;\r
+ case DEMOD_ASK: \r
+ snprintf(retStr,sizeof(buf),"ASK");\r
+ break;\r
+ case DEMOD_NRZ:\r
+ snprintf(retStr,sizeof(buf),"DIRECT/NRZ");\r
+ break;\r
+ case DEMOD_PSK1:\r
+ snprintf(retStr,sizeof(buf),"PSK1");\r
+ break;\r
+ case DEMOD_PSK2:\r
+ snprintf(retStr,sizeof(buf),"PSK2");\r
+ break;\r
+ case DEMOD_PSK3:\r
+ snprintf(retStr,sizeof(buf),"PSK3");\r
+ break;\r
+ case DEMOD_BI:\r
+ snprintf(retStr,sizeof(buf),"BIPHASE");\r
+ break;\r
+ case DEMOD_BIa:\r
+ snprintf(retStr,sizeof(buf),"BIPHASEa - (CDP)");\r
+ break;\r
+ default:\r
+ snprintf(retStr,sizeof(buf),"(Unknown)");\r
+ break;\r
+ }\r
+ return buf;\r
+}\r
+\r
+void t55x7_create_config_block( int tagtype ){\r
+\r
+ /*\r
+ T55X7_DEFAULT_CONFIG_BLOCK, T55X7_RAW_CONFIG_BLOCK\r
+ T55X7_EM_UNIQUE_CONFIG_BLOCK, T55X7_FDXB_CONFIG_BLOCK,\r
+ T55X7_FDXB_CONFIG_BLOCK, T55X7_HID_26_CONFIG_BLOCK, T55X7_INDALA_64_CONFIG_BLOCK, T55X7_INDALA_224_CONFIG_BLOCK \r
+ T55X7_GUARDPROXII_CONFIG_BLOCK, T55X7_VIKING_CONFIG_BLOCK, T55X7_NORALYS_CONFIG_BLOCK, T55X7_IOPROX_CONFIG_BLOCK \r
+ */\r
+ static char buf[60];\r
+ char *retStr = buf;\r
+ \r
+ switch (tagtype){\r
+ case 0: snprintf(retStr, sizeof(buf),"%08X - T55X7 Default", T55X7_DEFAULT_CONFIG_BLOCK); break;\r
+ case 1: snprintf(retStr, sizeof(buf),"%08X - T55X7 Raw", T55X7_RAW_CONFIG_BLOCK); break;\r
+ default:\r
+ break;\r
+ }\r
+ PrintAndLog(buf);\r
+}\r
+\r
+int CmdResetRead(const char *Cmd) {\r
+ UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
+\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+ if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
+ PrintAndLog("command execution time out");\r
+ return 0;\r
+ }\r
+\r
+ uint8_t got[BIGBUF_SIZE-1];\r
+ GetFromBigBuf(got,sizeof(got),0);\r
+ WaitForResponse(CMD_ACK,NULL);\r
+ setGraphBuf(got, sizeof(got));\r
+ return 1;\r
+}\r
+\r
+int CmdT55xxWipe(const char *Cmd) {\r
+ char writeData[20] = {0};\r
+ char *ptrData = writeData;\r
+ \r
+ PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");\r
+ \r
+ //try with the default password to reset block 0 (with a pwd should work even if pwd bit not set)\r
+ snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
+ \r
+ if (!CmdT55xxWriteBlock(ptrData))\r
+ PrintAndLog("Error writing blk 0");\r
+ \r
+ for (uint8_t blk = 1; blk<8; blk++) {\r
+ \r
+ snprintf(ptrData,sizeof(writeData),"b %d d 0", blk);\r
+ \r
+ if (!CmdT55xxWriteBlock(ptrData)) \r
+ PrintAndLog("Error writing blk %d", blk);\r
+ \r
+ memset(writeData, sizeof(writeData), 0x00);\r
+ }\r
+ return 0;\r
+}\r
+\r
+static command_t CommandTable[] = {\r
+ {"help", CmdHelp, 1, "This help"},\r
+ {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"},\r
+ {"detect", CmdT55xxDetect, 1, "[1] Try detecting the tag modulation from reading the configuration block."},\r
+ {"read", CmdT55xxReadBlock, 0, "b <block> p [password] [o] [1] -- Read T55xx block data. Optional [p password], [override], [page1]"},\r
+ {"resetread",CmdResetRead, 0, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"},\r
+ {"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data. Optional [p password], [page1]"},\r
+ {"trace", CmdT55xxReadTrace, 1, "[1] Show T55x7 traceability data (page 1/ blk 0-1)"},\r
+ {"info", CmdT55xxInfo, 1, "[1] Show T55x7 configuration data (page 0/ blk 0)"},\r
+ {"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. Optional [password], [override]"},\r
+ {"special", special, 0, "Show block changes with 64 different offsets"},\r
+ {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},\r
+ {"wipe", CmdT55xxWipe, 0, "Wipe a T55xx tag and set defaults (will destroy any data on tag)"},\r