+void printT5xxHeader(uint8_t page){\r
+ PrintAndLog("Reading Page %d:", page); \r
+ PrintAndLog("blk | hex data | binary");\r
+ PrintAndLog("----+----------+---------------------------------"); \r
+}\r
+\r
+int CmdT55xxSetConfig(const char *Cmd) {\r
+\r
+ uint8_t offset = 0;\r
+ char modulation[5] = {0x00};\r
+ char tmp = 0x00;\r
+ uint8_t bitRate = 0;\r
+ uint8_t rates[9] = {8,16,32,40,50,64,100,128,0};\r
+ uint8_t cmdp = 0;\r
+ bool errors = FALSE;\r
+ while(param_getchar(Cmd, cmdp) != 0x00 && !errors)\r
+ {\r
+ tmp = param_getchar(Cmd, cmdp);\r
+ switch(tmp)\r
+ {\r
+ case 'h':\r
+ case 'H':\r
+ return usage_t55xx_config();\r
+ case 'b':\r
+ errors |= param_getdec(Cmd, cmdp+1, &bitRate);\r
+ if ( !errors){\r
+ uint8_t i = 0;\r
+ for (; i < 9; i++){\r
+ if (rates[i]==bitRate) {\r
+ config.bitrate = i;\r
+ break;\r
+ }\r
+ }\r
+ if (i==9) errors = TRUE;\r
+ }\r
+ cmdp+=2;\r
+ break;\r
+ case 'd':\r
+ param_getstr(Cmd, cmdp+1, modulation);\r
+ cmdp += 2;\r
+\r
+ if ( strcmp(modulation, "FSK" ) == 0) {\r
+ config.modulation = DEMOD_FSK;\r
+ } else if ( strcmp(modulation, "FSK1" ) == 0) {\r
+ config.modulation = DEMOD_FSK1;\r
+ config.inverted=1;\r
+ } else if ( strcmp(modulation, "FSK1a" ) == 0) {\r
+ config.modulation = DEMOD_FSK1a;\r
+ config.inverted=0;\r
+ } else if ( strcmp(modulation, "FSK2" ) == 0) {\r
+ config.modulation = DEMOD_FSK2;\r
+ config.inverted=0;\r
+ } else if ( strcmp(modulation, "FSK2a" ) == 0) {\r
+ config.modulation = DEMOD_FSK2a;\r
+ config.inverted=1;\r
+ } else if ( strcmp(modulation, "ASK" ) == 0) {\r
+ config.modulation = DEMOD_ASK;\r
+ } else if ( strcmp(modulation, "NRZ" ) == 0) {\r
+ config.modulation = DEMOD_NRZ;\r
+ } else if ( strcmp(modulation, "PSK1" ) == 0) {\r
+ config.modulation = DEMOD_PSK1;\r
+ } else if ( strcmp(modulation, "PSK2" ) == 0) {\r
+ config.modulation = DEMOD_PSK2;\r
+ } else if ( strcmp(modulation, "PSK3" ) == 0) {\r
+ config.modulation = DEMOD_PSK3;\r
+ } else if ( strcmp(modulation, "BIa" ) == 0) {\r
+ config.modulation = DEMOD_BIa;\r
+ config.inverted=1;\r
+ } else if ( strcmp(modulation, "BI" ) == 0) {\r
+ config.modulation = DEMOD_BI;\r
+ config.inverted=0;\r
+ } else {\r
+ PrintAndLog("Unknown modulation '%s'", modulation);\r
+ errors = TRUE;\r
+ }\r
+ break;\r
+ case 'i':\r
+ config.inverted = param_getchar(Cmd,cmdp+1) == '1';\r
+ cmdp+=2;\r
+ break;\r
+ case 'o':\r
+ errors |= param_getdec(Cmd, cmdp+1, &offset);\r
+ if ( !errors )\r
+ config.offset = offset;\r
+ cmdp+=2;\r
+ break;\r
+ case 'Q':\r
+ case 'q': \r
+ config.Q5 = TRUE;\r
+ cmdp++;\r
+ break;\r
+ case 'S':\r
+ case 's': \r
+ config.ST = TRUE;\r
+ cmdp++;\r
+ break;\r
+ default:\r
+ PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+ errors = TRUE;\r
+ break;\r
+ }\r
+ }\r
+\r
+ // No args\r
+ if (cmdp == 0) return printConfiguration( config );\r
+\r
+ //Validations\r
+ if (errors) return usage_t55xx_config();\r
+\r
+ config.block0 = 0;\r
+ return printConfiguration ( config );\r
+}\r
+\r
+int T55xxReadBlock(uint8_t block, bool page1, bool usepwd, bool override, uint32_t password){\r
+ //Password mode\r
+ if ( usepwd ) {\r
+ // try reading the config block and verify that PWD bit is set before doing this!\r
+ if ( !override ) {\r
+ \r
+ if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, false, 0 ) ) return 0;\r
+ \r
+ if ( !tryDetectModulation() ) {\r
+ PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");\r
+ return 0;\r
+ } else {\r
+ PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password..."); \r
+ usepwd = false;\r
+ page1 = false;\r
+ }\r
+ } else {\r
+ PrintAndLog("Safety Check Overriden - proceeding despite risk");\r
+ }\r
+ }\r
+\r
+ if (!AquireData(page1, block, usepwd, password) ) return 0;\r
+ if (!DecodeT55xxBlock()) return 0;\r
+\r
+ char blk[10]={0};\r
+ sprintf(blk,"%02d", block);\r
+ printT55xxBlock(blk); \r
+ return 1;\r
+}\r
+\r
+int CmdT55xxReadBlock(const char *Cmd) {\r
+ uint8_t block = REGULAR_READ_MODE_BLOCK;\r
+ uint32_t password = 0; //default to blank Block 7\r
+ bool usepwd = false;\r
+ bool override = false;\r
+ bool page1 = false;\r
+ bool errors = false;\r
+ uint8_t cmdp = 0;\r
+ while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
+ switch(param_getchar(Cmd, cmdp)) {\r
+ case 'h':\r
+ case 'H':\r
+ return usage_t55xx_read();\r
+ case 'b':\r
+ case 'B':\r
+ errors |= param_getdec(Cmd, cmdp+1, &block);\r
+ cmdp += 2;\r
+ break;\r
+ case 'o':\r
+ case 'O':\r
+ override = TRUE;\r
+ cmdp++;\r
+ break;\r
+ case 'p':\r
+ case 'P':\r
+ password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+ usepwd = true;\r
+ cmdp += 2;\r
+ break;\r
+ case '1':\r
+ page1 = true;\r
+ cmdp++;\r
+ break;\r
+ default:\r
+ PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+ errors = true;\r
+ break;\r
+ }\r
+ }\r
+ if (errors) return usage_t55xx_read();\r
+\r
+ if (block > 7 && block != REGULAR_READ_MODE_BLOCK ) {\r
+ PrintAndLog("Block must be between 0 and 7");\r
+ return 0;\r
+ }\r
+\r
+ printT5xxHeader(page1);\r
+ return T55xxReadBlock(block, page1, usepwd, override, password);\r
+}\r
+\r
+bool DecodeT55xxBlock(){\r
+ \r
+ char buf[30] = {0x00};\r
+ char *cmdStr = buf;\r
+ int ans = 0;\r
+ bool ST = config.ST;\r
+ uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};\r
+ DemodBufferLen = 0x00;\r
+\r
+ switch( config.modulation ){\r
+ case DEMOD_FSK:\r
+ snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );\r
+ ans = FSKrawDemod(cmdStr, FALSE);\r
+ break;\r
+ case DEMOD_FSK1:\r
+ case DEMOD_FSK1a:\r
+ snprintf(cmdStr, sizeof(buf),"%d %d 8 5", bitRate[config.bitrate], config.inverted );\r
+ ans = FSKrawDemod(cmdStr, FALSE);\r
+ break;\r
+ case DEMOD_FSK2:\r
+ case DEMOD_FSK2a:\r
+ snprintf(cmdStr, sizeof(buf),"%d %d 10 8", bitRate[config.bitrate], config.inverted );\r
+ ans = FSKrawDemod(cmdStr, FALSE);\r
+ break;\r
+ case DEMOD_ASK:\r
+ snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
+ ans = ASKDemod_ext(cmdStr, FALSE, FALSE, 1, &ST);\r
+ break;\r
+ case DEMOD_PSK1:\r
+ // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ save_restoreGB(1);\r
+ CmdLtrim("160");\r
+ snprintf(cmdStr, sizeof(buf),"%d %d 6", bitRate[config.bitrate], config.inverted );\r
+ ans = PSKDemod(cmdStr, FALSE);\r
+ //undo trim samples\r
+ save_restoreGB(0);\r
+ break;\r
+ case DEMOD_PSK2: //inverted won't affect this\r
+ case DEMOD_PSK3: //not fully implemented\r
+ // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ save_restoreGB(1);\r
+ CmdLtrim("160");\r
+ snprintf(cmdStr, sizeof(buf),"%d 0 6", bitRate[config.bitrate] );\r
+ ans = PSKDemod(cmdStr, FALSE);\r
+ psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
+ //undo trim samples\r
+ save_restoreGB(0);\r
+ break;\r
+ case DEMOD_NRZ:\r
+ snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
+ ans = NRZrawDemod(cmdStr, FALSE);\r
+ break;\r
+ case DEMOD_BI:\r
+ case DEMOD_BIa:\r
+ snprintf(cmdStr, sizeof(buf),"0 %d %d 1", bitRate[config.bitrate], config.inverted );\r
+ ans = ASKbiphaseDemod(cmdStr, FALSE);\r
+ break;\r
+ default:\r
+ return FALSE;\r
+ }\r
+ return (bool) ans;\r
+}\r
+\r
+bool DecodeT5555TraceBlock() {\r
+ DemodBufferLen = 0x00;\r
+ \r
+ // According to datasheet. Always: RF/64, not inverted, Manchester\r
+ return (bool) ASKDemod("64 0 1", FALSE, FALSE, 1);\r
+}\r
+\r
+\r
+int CmdT55xxDetect(const char *Cmd){\r
+ bool errors = FALSE;\r
+ bool useGB = FALSE;\r
+ bool usepwd = FALSE;\r
+ uint32_t password = 0;\r
+ uint8_t cmdp = 0;\r
+\r
+ while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
+ switch(param_getchar(Cmd, cmdp)) {\r
+ case 'h':\r
+ case 'H':\r
+ return usage_t55xx_detect();\r
+ case 'p':\r
+ case 'P':\r
+ password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+ usepwd = TRUE;\r
+ cmdp += 2;\r
+ break;\r
+ case '1':\r
+ // use Graphbuffer data\r
+ useGB = TRUE;\r
+ cmdp++;\r
+ break;\r
+ default:\r
+ PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+ errors = true;\r
+ break;\r
+ }\r
+ }\r
+ if (errors) return usage_t55xx_detect();\r
+ \r
+ if ( !useGB) {\r
+ if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password) )\r
+ return 0;\r
+ }\r
+ \r
+ if ( !tryDetectModulation() )\r
+ PrintAndLog("Could not detect modulation automatically. Try setting it manually with \'lf t55xx config\'");\r
+\r
+ return 1;\r
+}\r
+\r
+// detect configuration?\r
+bool tryDetectModulation(){\r
+ uint8_t hits = 0;\r
+ t55xx_conf_block_t tests[15];\r
+ int bitRate=0;\r
+ uint8_t fc1 = 0, fc2 = 0, clk=0;\r
+ \r
+ if (GetFskClock("", FALSE, FALSE)){ \r
+ fskClocks(&fc1, &fc2, &clk, FALSE);\r
+ if ( FSKrawDemod("0 0", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){\r
+ tests[hits].modulation = DEMOD_FSK;\r
+ if (fc1==8 && fc2 == 5)\r
+ tests[hits].modulation = DEMOD_FSK1a;\r
+ else if (fc1==10 && fc2 == 8)\r
+ tests[hits].modulation = DEMOD_FSK2;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = FALSE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].modulation = DEMOD_FSK;\r
+ if (fc1 == 8 && fc2 == 5)\r
+ tests[hits].modulation = DEMOD_FSK1;\r
+ else if (fc1 == 10 && fc2 == 8)\r
+ tests[hits].modulation = DEMOD_FSK2a;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = TRUE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ } else {\r
+ clk = GetAskClock("", FALSE, FALSE);\r
+ if (clk>0) {\r
+ tests[hits].ST = TRUE;\r
+ if ( ASKDemod_ext("0 0 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].modulation = DEMOD_ASK;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = FALSE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ ++hits;\r
+ }\r
+ tests[hits].ST = TRUE;\r
+ if ( ASKDemod_ext("0 1 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].modulation = DEMOD_ASK;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = TRUE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ ++hits;\r
+ }\r
+ if ( ASKbiphaseDemod("0 0 0 2", FALSE) && test(DEMOD_BI, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {\r
+ tests[hits].modulation = DEMOD_BI;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = FALSE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ if ( ASKbiphaseDemod("0 0 1 2", FALSE) && test(DEMOD_BIa, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {\r
+ tests[hits].modulation = DEMOD_BIa;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = TRUE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ }\r
+ //undo trim from ask\r
+ //save_restoreGB(0);\r
+ clk = GetNrzClock("", FALSE, FALSE);\r
+ if (clk>0) {\r
+ if ( NRZrawDemod("0 0 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].modulation = DEMOD_NRZ;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = FALSE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+\r
+ if ( NRZrawDemod("0 1 1", FALSE) && test(DEMOD_NRZ, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].modulation = DEMOD_NRZ;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = TRUE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ }\r
+ \r
+ // allow undo\r
+ // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
+ save_restoreGB(1);\r
+ CmdLtrim("160");\r
+ clk = GetPskClock("", FALSE, FALSE);\r
+ if (clk>0) {\r
+ if ( PSKDemod("0 0 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].modulation = DEMOD_PSK1;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = FALSE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ if ( PSKDemod("0 1 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].modulation = DEMOD_PSK1;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = TRUE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ // PSK2 - needs a call to psk1TOpsk2.\r
+ if ( PSKDemod("0 0 6", FALSE)) {\r
+ psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
+ if (test(DEMOD_PSK2, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){\r
+ tests[hits].modulation = DEMOD_PSK2;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = FALSE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ } // inverse waves does not affect this demod\r
+ // PSK3 - needs a call to psk1TOpsk2.\r
+ if ( PSKDemod("0 0 6", FALSE)) {\r
+ psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
+ if (test(DEMOD_PSK3, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)){\r
+ tests[hits].modulation = DEMOD_PSK3;\r
+ tests[hits].bitrate = bitRate;\r
+ tests[hits].inverted = FALSE;\r
+ tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
+ ++hits;\r
+ }\r
+ } // inverse waves does not affect this demod\r
+ }\r
+ //undo trim samples\r
+ save_restoreGB(0);\r
+ } \r
+ if ( hits == 1) {\r
+ config.modulation = tests[0].modulation;\r
+ config.bitrate = tests[0].bitrate;\r
+ config.inverted = tests[0].inverted;\r
+ config.offset = tests[0].offset;\r
+ config.block0 = tests[0].block0;\r
+ config.Q5 = tests[0].Q5;\r
+ config.ST = tests[0].ST;\r
+ printConfiguration( config );\r
+ return TRUE;\r
+ }\r
+ \r
+ if ( hits > 1) {\r
+ PrintAndLog("Found [%d] possible matches for modulation.",hits);\r
+ for(int i=0; i<hits; ++i){\r
+ PrintAndLog("--[%d]---------------", i+1);\r
+ printConfiguration( tests[i] );\r
+ }\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+bool testModulation(uint8_t mode, uint8_t modread){\r
+ switch( mode ){\r
+ case DEMOD_FSK:\r
+ if (modread >= DEMOD_FSK1 && modread <= DEMOD_FSK2a) return TRUE;\r
+ break;\r
+ case DEMOD_ASK:\r
+ if (modread == DEMOD_ASK) return TRUE;\r
+ break;\r
+ case DEMOD_PSK1:\r
+ if (modread == DEMOD_PSK1) return TRUE;\r
+ break;\r
+ case DEMOD_PSK2:\r
+ if (modread == DEMOD_PSK2) return TRUE;\r
+ break;\r
+ case DEMOD_PSK3:\r
+ if (modread == DEMOD_PSK3) return TRUE;\r
+ break;\r
+ case DEMOD_NRZ:\r
+ if (modread == DEMOD_NRZ) return TRUE;\r
+ break;\r
+ case DEMOD_BI:\r
+ if (modread == DEMOD_BI) return TRUE;\r
+ break;\r
+ case DEMOD_BIa:\r
+ if (modread == DEMOD_BIa) return TRUE;\r
+ break; \r
+ default:\r
+ return FALSE;\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+bool testQ5Modulation(uint8_t mode, uint8_t modread){\r
+ switch( mode ){\r
+ case DEMOD_FSK:\r
+ if (modread >= 4 && modread <= 5) return TRUE;\r
+ break;\r
+ case DEMOD_ASK:\r
+ if (modread == 0) return TRUE;\r
+ break;\r
+ case DEMOD_PSK1:\r
+ if (modread == 1) return TRUE;\r
+ break;\r
+ case DEMOD_PSK2:\r
+ if (modread == 2) return TRUE;\r
+ break;\r
+ case DEMOD_PSK3:\r
+ if (modread == 3) return TRUE;\r
+ break;\r
+ case DEMOD_NRZ:\r
+ if (modread == 7) return TRUE;\r
+ break;\r
+ case DEMOD_BI:\r
+ if (modread == 6) return TRUE;\r
+ break;\r
+ default:\r
+ return FALSE;\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+int convertQ5bitRate(uint8_t bitRateRead) {\r
+ uint8_t expected[] = {8, 16, 32, 40, 50, 64, 100, 128};\r
+ for (int i=0; i<8; i++)\r
+ if (expected[i] == bitRateRead)\r
+ return i;\r
+\r
+ return -1;\r
+}\r
+\r
+bool testQ5(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk){\r
+\r
+ if ( DemodBufferLen < 64 ) return FALSE;\r
+ uint8_t si = 0;\r
+ for (uint8_t idx = 28; idx < 64; idx++){\r
+ si = idx;\r
+ if ( PackBits(si, 28, DemodBuffer) == 0x00 ) continue;\r
+\r
+ uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key\r
+ uint8_t resv = PackBits(si, 8, DemodBuffer); si += 8;\r
+ // 2nibble must be zeroed.\r
+ if (safer != 0x6 && safer != 0x9) continue;\r
+ if ( resv > 0x00) continue;\r
+ //uint8_t pageSel = PackBits(si, 1, DemodBuffer); si += 1;\r
+ //uint8_t fastWrite = PackBits(si, 1, DemodBuffer); si += 1;\r
+ si += 1+1;\r
+ int bitRate = PackBits(si, 6, DemodBuffer)*2 + 2; si += 6; //bit rate\r
+ if (bitRate > 128 || bitRate < 8) continue;\r
+\r
+ //uint8_t AOR = PackBits(si, 1, DemodBuffer); si += 1; \r
+ //uint8_t PWD = PackBits(si, 1, DemodBuffer); si += 1; \r
+ //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2; //could check psk cr\r
+ //uint8_t inverse = PackBits(si, 1, DemodBuffer); si += 1;\r
+ si += 1+1+2+1;\r
+ uint8_t modread = PackBits(si, 3, DemodBuffer); si += 3;\r
+ uint8_t maxBlk = PackBits(si, 3, DemodBuffer); si += 3;\r
+ //uint8_t ST = PackBits(si, 1, DemodBuffer); si += 1;\r
+ if (maxBlk == 0) continue;\r
+ //test modulation\r
+ if (!testQ5Modulation(mode, modread)) continue;\r
+ if (bitRate != clk) continue;\r
+ *fndBitRate = convertQ5bitRate(bitRate);\r
+ if (*fndBitRate < 0) continue;\r
+ *offset = idx;\r
+\r
+ return TRUE;\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+bool testBitRate(uint8_t readRate, uint8_t clk){\r
+ uint8_t expected[] = {8, 16, 32, 40, 50, 64, 100, 128};\r
+ if (expected[readRate] == clk)\r
+ return true;\r
+\r
+ return false;\r
+}\r
+\r
+bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5){\r
+\r
+ if ( DemodBufferLen < 64 ) return FALSE;\r
+ uint8_t si = 0;\r
+ for (uint8_t idx = 28; idx < 64; idx++){\r
+ si = idx;\r
+ if ( PackBits(si, 28, DemodBuffer) == 0x00 ) continue;\r
+\r
+ uint8_t safer = PackBits(si, 4, DemodBuffer); si += 4; //master key\r
+ uint8_t resv = PackBits(si, 4, DemodBuffer); si += 4; //was 7 & +=7+3 //should be only 4 bits if extended mode\r
+ // 2nibble must be zeroed.\r
+ // moved test to here, since this gets most faults first.\r
+ if ( resv > 0x00) continue;\r
+\r
+ uint8_t xtRate = PackBits(si, 3, DemodBuffer); si += 3; //extended mode part of rate\r
+ int bitRate = PackBits(si, 3, DemodBuffer); si += 3; //bit rate\r
+ if (bitRate > 7) continue;\r
+ uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode\r
+ uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; \r
+ //uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //could check psk cr\r
+ //uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24, 30, 31 could be tested for 0 if not extended mode\r
+ //uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;\r
+ \r
+ //if extended mode\r
+ bool extMode =( (safer == 0x6 || safer == 0x9) && extend) ? TRUE : FALSE;\r
+\r
+ if (!extMode){\r
+ if (xtRate) continue; //nml01 || nml02 || caused issues on noralys tags\r
+ }\r
+ //test modulation\r
+ if (!testModulation(mode, modread)) continue;\r
+ if (!testBitRate(bitRate, clk)) continue;\r
+ *fndBitRate = bitRate;\r
+ *offset = idx;\r
+ *Q5 = FALSE;\r
+ return TRUE;\r
+ }\r
+ if (testQ5(mode, offset, fndBitRate, clk)) {\r
+ *Q5 = TRUE;\r
+ return TRUE;\r
+ }\r
+ return FALSE;\r
+}\r
+\r
+void printT55xxBlock(const char *blockNum){\r
+ \r
+ uint8_t i = config.offset;\r
+ uint8_t endpos = 32 + i;\r
+ uint32_t blockData = 0;\r
+ uint8_t bits[64] = {0x00};\r
+\r
+ if ( !DemodBufferLen) return;\r
+\r
+ if ( endpos > DemodBufferLen){\r
+ PrintAndLog("The configured offset %d is too big. Possible offset: %d)", i, DemodBufferLen-32);\r
+ return;\r
+ }\r
+\r
+ for (; i < endpos; ++i)\r
+ bits[i - config.offset] = DemodBuffer[i];\r
+\r
+ blockData = PackBits(0, 32, bits);\r
+\r
+ PrintAndLog(" %s | %08X | %s", blockNum, blockData, sprint_bin(bits,32));\r
+}\r
+\r
+int special(const char *Cmd) {\r
+ uint32_t blockData = 0;\r
+ uint8_t bits[32] = {0x00};\r
+\r
+ PrintAndLog("OFFSET | DATA | BINARY");\r
+ PrintAndLog("----------------------------------------------------");\r
+ int i,j = 0;\r
+ for (; j < 64; ++j){\r
+ \r
+ for (i = 0; i < 32; ++i)\r
+ bits[i]=DemodBuffer[j+i];\r
+ \r
+ blockData = PackBits(0, 32, bits);\r
+ \r
+ PrintAndLog("%02d | 0x%08X | %s",j , blockData, sprint_bin(bits,32)); \r
+ }\r
+ return 0;\r
+}\r
+\r
+int printConfiguration( t55xx_conf_block_t b){\r
+ PrintAndLog("Chip Type : %s", (b.Q5) ? "T5555(Q5)" : "T55x7");\r
+ PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );\r
+ PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );\r
+ PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );\r
+ PrintAndLog("Offset : %d", b.offset);\r
+ PrintAndLog("Seq. Term. : %s", (b.ST) ? "Yes" : "No" );\r
+ PrintAndLog("Block0 : 0x%08X", b.block0);\r
+ PrintAndLog("");\r
+ return 0;\r
+}\r
+\r
+int CmdT55xxWakeUp(const char *Cmd) {\r
+ uint32_t password = 0;\r
+ uint8_t cmdp = 0;\r
+ bool errors = false;\r
+ while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
+ switch(param_getchar(Cmd, cmdp)) {\r
+ case 'h':\r
+ case 'H':\r
+ return usage_t55xx_wakup();\r
+ case 'p':\r
+ case 'P':\r
+ password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+ cmdp += 2;\r
+ errors = false;\r
+ break;\r
+ default:\r
+ PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+ errors = true;\r
+ break;\r
+ }\r
+ }\r
+ if (errors) return usage_t55xx_wakup();\r
+\r
+ UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+ PrintAndLog("Wake up command sent. Try read now");\r
+ return 0;\r
+}\r
+\r
+int CmdT55xxWriteBlock(const char *Cmd) {\r
+ uint8_t block = 0xFF; //default to invalid block\r
+ uint32_t data = 0; //default to blank Block \r
+ uint32_t password = 0; //default to blank Block 7\r
+ bool usepwd = false;\r
+ bool page1 = false; \r
+ bool gotdata = false;\r
+ bool errors = false;\r
+ uint8_t cmdp = 0;\r
+ while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {\r
+ switch(param_getchar(Cmd, cmdp)) {\r
+ case 'h':\r
+ case 'H':\r
+ return usage_t55xx_write();\r
+ case 'b':\r
+ case 'B':\r
+ errors |= param_getdec(Cmd, cmdp+1, &block);\r
+ cmdp += 2;\r
+ break;\r
+ case 'd':\r
+ case 'D':\r
+ data = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+ gotdata = true;\r
+ cmdp += 2;\r
+ break;\r
+ case 'p':\r
+ case 'P':\r
+ password = param_get32ex(Cmd, cmdp+1, 0, 16);\r
+ usepwd = true;\r
+ cmdp += 2;\r
+ break;\r
+ case '1':\r
+ page1 = true;\r
+ cmdp++;\r
+ break;\r
+ default:\r
+ PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
+ errors = true;\r
+ break;\r
+ }\r
+ }\r
+ if (errors || !gotdata) return usage_t55xx_write();\r
+\r
+ if (block > 7) {\r
+ PrintAndLog("Block number must be between 0 and 7");\r
+ return 0;\r
+ }\r
+ \r
+ UsbCommand c = {CMD_T55XX_WRITE_BLOCK, {data, block, 0}};\r
+ UsbCommand resp;\r
+ c.d.asBytes[0] = (page1) ? 0x2 : 0; \r
+\r
+ char pwdStr[16] = {0};\r
+ snprintf(pwdStr, sizeof(pwdStr), "pwd: 0x%08X", password);\r
+ \r
+ PrintAndLog("Writing page %d block: %02d data: 0x%08X %s", page1, block, data, (usepwd) ? pwdStr : "" );\r
+\r
+ //Password mode\r
+ if (usepwd) {\r
+ c.arg[2] = password;\r
+ c.d.asBytes[0] |= 0x1; \r
+ }\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){\r
+ PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");\r
+ return 0;\r
+ }\r
+ return 1;\r
+}\r
+\r
+int CmdT55xxReadTrace(const char *Cmd) {\r
+ char cmdp = param_getchar(Cmd, 0);\r
+ bool pwdmode = false;\r
+ uint32_t password = 0; \r
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_trace();\r
+\r
+ if (strlen(Cmd)==0)\r
+ if ( !AquireData( T55x7_PAGE1, REGULAR_READ_MODE_BLOCK, pwdmode, password ) )\r
+ return 0;\r
+\r
+ if ( config.Q5 ){\r
+ if (!DecodeT5555TraceBlock()) return 0;\r
+ } else {\r
+ if (!DecodeT55xxBlock()) return 0;\r
+ }\r
+ \r
+ if ( !DemodBufferLen ) return 0;\r
+ \r
+ RepaintGraphWindow();\r
+ uint8_t repeat = (config.offset > 5) ? 32 : 0;\r
+ \r
+ uint8_t si = config.offset + repeat;\r
+ uint32_t bl1 = PackBits(si, 32, DemodBuffer);\r
+ uint32_t bl2 = PackBits(si+32, 32, DemodBuffer); \r
+ \r
+ if (config.Q5) {\r
+ uint32_t hdr = PackBits(si, 9, DemodBuffer); si += 9;\r
+ \r
+ if (hdr != 0x1FF) {\r
+ PrintAndLog("Invalid Q5 Trace data header (expected 0x1FF, found %X)", hdr);\r
+ return 0;\r
+ }\r
+ \r
+ t5555_tracedata_t data = {.bl1 = bl1, .bl2 = bl2, .icr = 0, .lotidc = '?', .lotid = 0, .wafer = 0, .dw =0};\r
+ \r
+ data.icr = PackBits(si, 2, DemodBuffer); si += 2;\r
+ data.lotidc = 'Z' - PackBits(si, 2, DemodBuffer); si += 3;\r
+ \r
+ data.lotid = PackBits(si, 4, DemodBuffer); si += 5;\r
+ data.lotid <<= 4;\r
+ data.lotid |= PackBits(si, 4, DemodBuffer); si += 5;\r
+ data.lotid <<= 4;\r
+ data.lotid |= PackBits(si, 4, DemodBuffer); si += 5;\r
+ data.lotid <<= 4;\r
+ data.lotid |= PackBits(si, 4, DemodBuffer); si += 5;\r
+ data.lotid <<= 1;\r
+ data.lotid |= PackBits(si, 1, DemodBuffer); si += 1;\r
+ \r
+ data.wafer = PackBits(si, 3, DemodBuffer); si += 4;\r
+ data.wafer <<= 2;\r
+ data.wafer |= PackBits(si, 2, DemodBuffer); si += 2;\r
+ \r
+ data.dw = PackBits(si, 2, DemodBuffer); si += 3;\r
+ data.dw <<= 4;\r
+ data.dw |= PackBits(si, 4, DemodBuffer); si += 5;\r
+ data.dw <<= 4;\r
+ data.dw |= PackBits(si, 4, DemodBuffer); si += 5;\r
+ data.dw <<= 4;\r
+ data.dw |= PackBits(si, 4, DemodBuffer); si += 5;\r
+ \r
+ printT5555Trace(data, repeat);\r
+ \r
+ } else {\r
+ \r
+ t55x7_tracedata_t data = {.bl1 = bl1, .bl2 = bl2, .acl = 0, .mfc = 0, .cid = 0, .year = 0, .quarter = 0, .icr = 0, .lotid = 0, .wafer = 0, .dw = 0};\r
+ \r
+ data.acl = PackBits(si, 8, DemodBuffer); si += 8;\r
+ if ( data.acl != 0xE0 ) {\r
+ PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");\r
+ return 0;\r
+ }\r
+\r
+ data.mfc = PackBits(si, 8, DemodBuffer); si += 8;\r
+ data.cid = PackBits(si, 5, DemodBuffer); si += 5;\r
+ data.icr = PackBits(si, 3, DemodBuffer); si += 3;\r
+ data.year = PackBits(si, 4, DemodBuffer); si += 4;\r
+ data.quarter = PackBits(si, 2, DemodBuffer); si += 2;\r
+ data.lotid = PackBits(si, 14, DemodBuffer); si += 14;\r
+ data.wafer = PackBits(si, 5, DemodBuffer); si += 5;\r
+ data.dw = PackBits(si, 15, DemodBuffer); \r