]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdlft55xx.c
Update README.md
[proxmark3-svn] / client / cmdlft55xx.c
index 8342bf08a53af96690a18cdaaa34d1039a64669f..1b005d96a1313262c87b5caf5940b1eeec3d1f40 100644 (file)
@@ -6,28 +6,7 @@
 //-----------------------------------------------------------------------------\r
 // Low frequency T55xx commands\r
 //-----------------------------------------------------------------------------\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <inttypes.h>\r
-#include "proxmark3.h"\r
-#include "ui.h"\r
-#include "graph.h"\r
-#include "cmdmain.h"\r
-#include "cmdparser.h"\r
-#include "cmddata.h"\r
-#include "cmdlf.h"\r
 #include "cmdlft55xx.h"\r
-#include "util.h"\r
-#include "data.h"\r
-#include "lfdemod.h"\r
-#include "cmdhf14a.h" //for getTagInfo\r
-\r
-#define T55x7_CONFIGURATION_BLOCK 0x00\r
-#define T55x7_PAGE0 0x00\r
-#define T55x7_PAGE1 0x01\r
-#define T55x7_PWD      0x00000010\r
-#define REGULAR_READ_MODE_BLOCK 0xFF\r
 \r
 // Default configuration\r
 t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };\r
@@ -150,6 +129,7 @@ int usage_t55xx_wakup(){
 int usage_t55xx_bruteforce(){\r
        PrintAndLog("This command uses A) bruteforce to scan a number range");\r
        PrintAndLog("                  B) a dictionary attack");\r
+       PrintAndLog("press 'enter' to cancel the command");\r
     PrintAndLog("Usage: lf t55xx bruteforce [h] <start password> <end password> [i <*.dic>]");\r
     PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
        PrintAndLog("Options:");\r
@@ -166,6 +146,7 @@ int usage_t55xx_bruteforce(){
 }\r
 int usage_t55xx_recoverpw(){\r
        PrintAndLog("This command uses a few tricks to try to recover mangled password");\r
+       PrintAndLog("press 'enter' to cancel the command");\r
        PrintAndLog("WARNING: this may brick non-password protected chips!");\r
        PrintAndLog("Usage: lf t55xx recoverpw [password]");\r
        PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
@@ -195,8 +176,8 @@ static int CmdHelp(const char *Cmd);
 \r
 void printT5xxHeader(uint8_t page){\r
        PrintAndLog("Reading Page %d:", page);  \r
-       PrintAndLog("blk | hex data | binary                          | ascii");\r
-       PrintAndLog("----+----------+---------------------------------+-------");       \r
+       PrintAndLog("blk | hex data | binary                           | ascii");\r
+       PrintAndLog("----+----------+----------------------------------+-------");      \r
 }\r
 \r
 int CmdT55xxSetConfig(const char *Cmd) {\r
@@ -674,13 +655,46 @@ bool tryDetectModulation(){
                return TRUE;\r
        }\r
        \r
+       bool retval = FALSE;\r
        if ( hits > 1) {\r
                PrintAndLog("Found [%d] possible matches for modulation.",hits);\r
                for(int i=0; i<hits; ++i){\r
-                       PrintAndLog("--[%d]---------------", i+1);\r
+                       retval = testKnownConfigBlock(tests[i].block0);\r
+                       if ( retval ) {                         \r
+                               PrintAndLog("--[%d]--------------- << selected this", i+1);\r
+                               config.modulation = tests[i].modulation;\r
+                               config.bitrate = tests[i].bitrate;\r
+                               config.inverted = tests[i].inverted;\r
+                               config.offset = tests[i].offset;\r
+                               config.block0 = tests[i].block0;\r
+                               config.Q5 = tests[i].Q5;\r
+                               config.ST = tests[i].ST;\r
+                       } else {\r
+                               PrintAndLog("--[%d]---------------", i+1);\r
+                       }\r
                        printConfiguration( tests[i] );\r
                }\r
        }\r
+       return retval;\r
+}\r
+\r
+bool testKnownConfigBlock(uint32_t block0) {\r
+       switch(block0){\r
+               case T55X7_DEFAULT_CONFIG_BLOCK:\r
+               case T55X7_RAW_CONFIG_BLOCK:\r
+               case T55X7_EM_UNIQUE_CONFIG_BLOCK:\r
+               case T55X7_FDXB_CONFIG_BLOCK:\r
+               case T55X7_HID_26_CONFIG_BLOCK:\r
+               case T55X7_PYRAMID_CONFIG_BLOCK:\r
+               case T55X7_INDALA_64_CONFIG_BLOCK:\r
+               case T55X7_INDALA_224_CONFIG_BLOCK:\r
+               case T55X7_GUARDPROXII_CONFIG_BLOCK:\r
+               case T55X7_VIKING_CONFIG_BLOCK:\r
+               case T55X7_NORALYS_CONFIG_BLOCK:\r
+               case T55X7_IOPROX_CONFIG_BLOCK:\r
+               case T55X7_PRESCO_CONFIG_BLOCK:\r
+                       return TRUE;\r
+       }\r
        return FALSE;\r
 }\r
 \r
@@ -874,8 +888,8 @@ int special(const char *Cmd) {
        uint32_t blockData = 0;\r
        uint8_t bits[32] = {0x00};\r
 \r
-       PrintAndLog("OFFSET | DATA  | BINARY                             | ASCII");\r
-       PrintAndLog("-------+-------+------------------------------------+------");\r
+       PrintAndLog("OFFSET | DATA  | BINARY                              | ASCII");\r
+       PrintAndLog("-------+-------+-------------------------------------+------");\r
        int i,j = 0;\r
        for (; j < 64; ++j){\r
                \r
@@ -995,7 +1009,7 @@ int CmdT55xxWriteBlock(const char *Cmd) {
        }\r
        clearCommandBuffer();\r
        SendCommand(&c);\r
-       if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){\r
+       if (!WaitForResponseTimeout(CMD_ACK, &resp, 1500)){\r
                PrintAndLog("Error occurred, device did not ACK write operation. (May be due to old firmware)");\r
                return 0;\r
        }\r
@@ -1396,10 +1410,9 @@ void t55x7_create_config_block( int tagtype ){
 \r
 int CmdResetRead(const char *Cmd) {\r
        UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
-\r
        clearCommandBuffer();\r
        SendCommand(&c);\r
-       if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
+       if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) {\r
                PrintAndLog("command execution time out");\r
                return 0;\r
        }\r
@@ -1423,11 +1436,10 @@ int CmdT55xxWipe(const char *Cmd) {
        // With a pwd should work even if pwd bit not set\r
        PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");\r
                \r
-       if ( Q5 ){\r
+       if ( Q5 )\r
                snprintf(ptrData,sizeof(writeData),"b 0 d 6001F004 p 0");\r
-       } else {\r
+       else\r
                snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
-       }\r
        \r
        if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk 0");\r
        \r
@@ -1442,23 +1454,34 @@ int CmdT55xxWipe(const char *Cmd) {
        return 0;\r
 }\r
 \r
+bool IsCancelled(void) {\r
+       if (ukbhit()) {\r
+               int ch = getchar();\r
+               (void)ch;\r
+               printf("\naborted via keyboard!\n");\r
+               return TRUE;\r
+       }\r
+       return FALSE;\r
+}\r
+\r
 int CmdT55xxBruteForce(const char *Cmd) {\r
        \r
        // load a default pwd file.\r
-       char buf[9];\r
+       char line[9];\r
        char filename[FILE_PATH_SIZE]={0};\r
        int     keycnt = 0;\r
-       int ch;\r
        uint8_t stKeyBlock = 20;\r
        uint8_t *keyBlock = NULL, *p = NULL;\r
     uint32_t start_password = 0x00000000; //start password\r
     uint32_t end_password   = 0xFFFFFFFF; //end   password\r
     bool found = false;\r
 \r
+       memset(line, 0, sizeof(line));\r
+       \r
     char cmdp = param_getchar(Cmd, 0);\r
        if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
 \r
-       keyBlock = calloc(stKeyBlock, 6);\r
+       keyBlock = calloc(stKeyBlock, 4);\r
        if (keyBlock == NULL) return 1;\r
 \r
        if (cmdp == 'i' || cmdp == 'I') {\r
@@ -1473,45 +1496,47 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        free(keyBlock);\r
                        return 1;\r
                }                       \r
-                       \r
-               while( fgets(buf, sizeof(buf), f) ){\r
-                       if (strlen(buf) < 8 || buf[7] == '\n') continue;\r
                \r
-                       while (fgetc(f) != '\n' && !feof(f)) ;  //goto next line\r
-                       \r
+               while( fgets(line, sizeof(line), f) ){\r
+                       if (strlen(line) < 8 || line[7] == '\n') continue;\r
+               \r
+                       //goto next line\r
+                       while (fgetc(f) != '\n' && !feof(f)) ;\r
+               \r
                        //The line start with # is comment, skip\r
-                       if( buf[0]=='#' ) continue;\r
+                       if( line[0]=='#' ) continue;\r
 \r
-                       if (!isxdigit(buf[0])){\r
-                               PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf);\r
+                       if (!isxdigit(line[0])) {\r
+                               PrintAndLog("File content error. '%s' must include 8 HEX symbols", line);\r
                                continue;\r
                        }\r
                        \r
-                       buf[8] = 0;\r
-\r
+                       line[8] = 0;            \r
+                       \r
+                       // realloc keyblock array size.\r
                        if ( stKeyBlock - keycnt < 2) {\r
-                               p = realloc(keyBlock, 6*(stKeyBlock+=10));\r
+                               p = realloc(keyBlock, 4 * (stKeyBlock += 10));\r
                                if (!p) {\r
                                        PrintAndLog("Cannot allocate memory for defaultKeys");\r
                                        free(keyBlock);\r
-                                       if (f) {\r
+                                       if (f)\r
                                                fclose(f);\r
-                                               f = NULL;\r
-                                       }\r
                                        return 2;\r
                                }\r
                                keyBlock = p;\r
                        }\r
+                       // clear mem\r
                        memset(keyBlock + 4 * keycnt, 0, 4);\r
-                       num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt);\r
-                       PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4));\r
-                       keycnt++;\r
-                       memset(buf, 0, sizeof(buf));\r
+                       \r
+                       num_to_bytes( strtoll(line, NULL, 16), 4, keyBlock + 4*keycnt);\r
+                       \r
+                       PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4 * keycnt, 4) );                       \r
+                       keycnt++;                       \r
+                       memset(line, 0, sizeof(line));\r
                }               \r
-               if (f) {\r
+               if (f)\r
                        fclose(f);\r
-                       f = NULL;\r
-               }\r
+               \r
                if (keycnt == 0) {\r
                        PrintAndLog("No keys found in file");\r
                        free(keyBlock);\r
@@ -1529,10 +1554,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                                return  2;\r
                        }\r
                \r
-                       if (ukbhit()) {\r
-                               ch = getchar();\r
-                               (void)ch;\r
-                               printf("\naborted via keyboard!\n");\r
+                       if (IsCancelled()) {\r
                                free(keyBlock);\r
                                return 0;\r
                        }\r
@@ -1542,7 +1564,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        PrintAndLog("Testing %08X", testpwd);\r
                                                \r
                        if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
-                               PrintAndLog("Aquireing data from device failed. Quitting");\r
+                               PrintAndLog("Acquire data from device failed. Quitting");\r
                                free(keyBlock);\r
                                return 0;\r
                        }\r
@@ -1550,8 +1572,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        found = tryDetectModulation();\r
                        if ( found ) {\r
                                PrintAndLog("Found valid password: [%08X]", testpwd);\r
-                               free(keyBlock);\r
-                               return 0;\r
+                               //free(keyBlock);\r
+                               //return 0;\r
                        } \r
                }\r
                PrintAndLog("Password NOT found.");\r
@@ -1578,16 +1600,14 @@ int CmdT55xxBruteForce(const char *Cmd) {
 \r
                printf(".");\r
                fflush(stdout);\r
-               if (ukbhit()) {\r
-                       ch = getchar();\r
-                       (void)ch;\r
-                       printf("\naborted via keyboard!\n");\r
+               \r
+               if (IsCancelled()) {\r
                        free(keyBlock);\r
                        return 0;\r
                }\r
                        \r
                if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
-                       PrintAndLog("Aquireing data from device failed. Quitting");\r
+                       PrintAndLog("Acquire data from device failed. Quitting");\r
                        free(keyBlock);\r
                        return 0;\r
                }\r
@@ -1611,7 +1631,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
 int tryOnePassword(uint32_t password) {\r
        PrintAndLog("Trying password %08x", password);\r
        if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) {\r
-               PrintAndLog("Aquireing data from device failed. Quitting");\r
+               PrintAndLog("Acquire data from device failed. Quitting");\r
                return -1;\r
        }\r
 \r
@@ -1628,21 +1648,19 @@ int CmdT55xxRecoverPW(const char *Cmd) {
        uint32_t prev_password = 0xffffffff;\r
        uint32_t mask = 0x0;\r
        int found = 0;\r
-\r
        char cmdp = param_getchar(Cmd, 0);\r
        if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw();\r
 \r
        orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners\r
 \r
        // first try fliping each bit in the expected password\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                curr_password = orig_password ^ ( 1 << bit );\r
                found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
-                       return 0;\r
+               if (found == -1) return 0;\r
                bit++;\r
+               \r
+               if (IsCancelled()) return 0;\r
        }\r
 \r
        // now try to use partial original password, since block 7 should have been completely\r
@@ -1651,7 +1669,7 @@ int CmdT55xxRecoverPW(const char *Cmd) {
        // not sure from which end the bit bits are written, so try from both ends \r
        // from low bit to high bit\r
        bit = 0;\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                mask += ( 1 << bit );\r
                curr_password = orig_password & mask;\r
                // if updated mask didn't change the password, don't try it again\r
@@ -1660,18 +1678,17 @@ int CmdT55xxRecoverPW(const char *Cmd) {
                        continue;\r
                }\r
                found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
-                       return 0;\r
+               if (found == -1) return 0;\r
                bit++;\r
-               prev_password=curr_password;\r
+               prev_password = curr_password;\r
+               \r
+               if (IsCancelled()) return 0;\r
        }\r
 \r
        // from high bit to low\r
        bit = 0;\r
        mask = 0xffffffff;\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                mask -= ( 1 << bit );\r
                curr_password = orig_password & mask;\r
                // if updated mask didn't change the password, don't try it again\r
@@ -1680,14 +1697,14 @@ int CmdT55xxRecoverPW(const char *Cmd) {
                        continue;\r
                }\r
                found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
+               if (found == -1)\r
                        return 0;\r
                bit++;\r
-               prev_password=curr_password;\r
+               prev_password = curr_password;\r
+               \r
+               if (IsCancelled()) return 0;\r
        }\r
-done:\r
+\r
        PrintAndLog("");\r
 \r
        if (found == 1)\r
Impressum, Datenschutz