#include <stdio.h>\r
#include <string.h>\r
#include <inttypes.h>\r
-//#include <time.h>\r
#include "proxmark3.h"\r
#include "ui.h"\r
#include "graph.h"\r
#include "util.h"\r
#include "data.h"\r
#include "lfdemod.h"\r
-#include "cmdhf14a.h"\r
+#include "cmdhf14a.h" //for getTagInfo\r
\r
#define T55x7_CONFIGURATION_BLOCK 0x00\r
#define T55x7_PAGE0 0x00\r
PrintAndLog(" i [1] Invert data signal, defaults to normal");\r
PrintAndLog(" o [offset] Set offset, where data should start decode in bitstream");\r
PrintAndLog(" Q5 Set as Q5(T5555) chip instead of T55x7");\r
+ PrintAndLog(" ST Set Sequence Terminator on");\r
PrintAndLog("");\r
PrintAndLog("Examples:");\r
PrintAndLog(" lf t55xx config d FSK - FSK demodulation");\r
PrintAndLog("This commands wipes a tag, fills blocks 1-7 with zeros and a default configuration block");\r
PrintAndLog("Options:");\r
PrintAndLog(" h - this help");\r
- PrintAndLog(" Q5 - indicates to use the T555 (Q5) default configuration block");\r
+ PrintAndLog(" Q5 - indicates to use the T5555 (Q5) default configuration block");\r
PrintAndLog("");\r
PrintAndLog("Examples:");\r
PrintAndLog(" lf t55xx wipe - wipes a t55x7 tag, config block 0x000880E0");\r
config.Q5 = TRUE;\r
cmdp++;\r
break;\r
+ case 'S':\r
+ case 's': \r
+ config.ST = TRUE;\r
+ cmdp++;\r
+ break;\r
default:\r
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));\r
errors = TRUE;\r
char buf[30] = {0x00};\r
char *cmdStr = buf;\r
int ans = 0;\r
+ bool ST = config.ST;\r
uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};\r
DemodBufferLen = 0x00;\r
\r
break;\r
case DEMOD_ASK:\r
snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );\r
- ans = ASKDemod(cmdStr, FALSE, FALSE, 1);\r
+ ans = ASKDemod_ext(cmdStr, FALSE, FALSE, 1, &ST);\r
break;\r
case DEMOD_PSK1:\r
// skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise)\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = FALSE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
if ( FSKrawDemod("0 1", FALSE) && test(DEMOD_FSK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = TRUE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
} else {\r
clk = GetAskClock("", FALSE, FALSE);\r
if (clk>0) {\r
- if ( ASKDemod("0 0 1", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].ST = TRUE;\r
+ if ( ASKDemod_ext("0 0 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
tests[hits].modulation = DEMOD_ASK;\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = FALSE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
++hits;\r
}\r
- if ( ASKDemod("0 1 1", FALSE, FALSE, 1) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
+ tests[hits].ST = TRUE;\r
+ if ( ASKDemod_ext("0 1 1", FALSE, FALSE, 1, &tests[hits].ST) && test(DEMOD_ASK, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
tests[hits].modulation = DEMOD_ASK;\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = TRUE;\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = FALSE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
if ( ASKbiphaseDemod("0 0 1 2", FALSE) && test(DEMOD_BIa, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5) ) {\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = TRUE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
}\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = FALSE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = TRUE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
}\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = FALSE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
if ( PSKDemod("0 1 6", FALSE) && test(DEMOD_PSK1, &tests[hits].offset, &bitRate, clk, &tests[hits].Q5)) {\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = TRUE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
// PSK2 - needs a call to psk1TOpsk2.\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = FALSE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
} // inverse waves does not affect this demod\r
tests[hits].bitrate = bitRate;\r
tests[hits].inverted = FALSE;\r
tests[hits].block0 = PackBits(tests[hits].offset, 32, DemodBuffer);\r
+ tests[hits].ST = FALSE;\r
++hits;\r
}\r
} // inverse waves does not affect this demod\r
config.offset = tests[0].offset;\r
config.block0 = tests[0].block0;\r
config.Q5 = tests[0].Q5;\r
+ config.ST = tests[0].ST;\r
printConfiguration( config );\r
return TRUE;\r
}\r
uint8_t extend = PackBits(si, 1, DemodBuffer); si += 1; //bit 15 extended mode\r
uint8_t modread = PackBits(si, 5, DemodBuffer); si += 5+2+1; \r
//uint8_t pskcr = PackBits(si, 2, DemodBuffer); si += 2+1; //could check psk cr\r
- uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24, 30, 31 could be tested for 0 if not extended mode\r
- uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;\r
+ //uint8_t nml01 = PackBits(si, 1, DemodBuffer); si += 1+5; //bit 24, 30, 31 could be tested for 0 if not extended mode\r
+ //uint8_t nml02 = PackBits(si, 2, DemodBuffer); si += 2;\r
\r
//if extended mode\r
bool extMode =( (safer == 0x6 || safer == 0x9) && extend) ? TRUE : FALSE;\r
\r
if (!extMode){\r
- if (nml01 || nml02 || xtRate) continue;\r
+ if (xtRate) continue; //nml01 || nml02 || caused issues on noralys tags\r
}\r
//test modulation\r
if (!testModulation(mode, modread)) continue;\r
PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );\r
PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );\r
PrintAndLog("Offset : %d", b.offset);\r
+ PrintAndLog("Seq. Term. : %s", (b.ST) ? "Yes" : "No" );\r
PrintAndLog("Block0 : 0x%08X", b.block0);\r
PrintAndLog("");\r
return 0;\r
\r
if ( config.Q5 ){\r
if (!DecodeT5555TraceBlock()) return 0;\r
- }\r
- else {\r
+ } else {\r
if (!DecodeT55xxBlock()) return 0;\r
}\r
\r
\r
} else {\r
\r
- t55xx_tracedata_t data = {.bl1 = bl1, .bl2 = bl2, .acl = 0, .mfc = 0, .cid = 0, .year = 0, .quarter = 0, .icr = 0, .lotid = 0, .wafer = 0, .dw = 0};\r
+ t55x7_tracedata_t data = {.bl1 = bl1, .bl2 = bl2, .acl = 0, .mfc = 0, .cid = 0, .year = 0, .quarter = 0, .icr = 0, .lotid = 0, .wafer = 0, .dw = 0};\r
\r
data.acl = PackBits(si, 8, DemodBuffer); si += 8;\r
if ( data.acl != 0xE0 ) {\r
else\r
data.year += 2010;\r
\r
- \r
- printT55xxTrace(data, repeat);\r
+ printT55x7Trace(data, repeat);\r
}\r
return 0;\r
}\r
\r
-void printT55xxTrace( t55xx_tracedata_t data, uint8_t repeat ){\r
- PrintAndLog("-- T55xx Trace Information ----------------------------------");\r
+void printT55x7Trace( t55x7_tracedata_t data, uint8_t repeat ){\r
+ PrintAndLog("-- T55x7 Trace Information ----------------------------------");\r
PrintAndLog("-------------------------------------------------------------");\r
PrintAndLog(" ACL Allocation class (ISO/IEC 15963-1) : 0x%02X (%d)", data.acl, data.acl);\r
PrintAndLog(" MFC Manufacturer ID (ISO/IEC 7816-6) : 0x%02X (%d) - %s", data.mfc, data.mfc, getTagInfo(data.mfc));\r
18-32 DW, die number sequential\r
*/\r
}\r
+\r
void printT5555Trace( t5555_tracedata_t data, uint8_t repeat ){\r
PrintAndLog("-- T5555 (Q5) Trace Information -----------------------------");\r
PrintAndLog("-------------------------------------------------------------");\r
*/\r
}\r
\r
+//need to add Q5 info...\r
int CmdT55xxInfo(const char *Cmd){\r
/*\r
Page 0 Block 0 Configuration data.\r
\r
if (config.Q5) PrintAndLog("*** Warning *** Config Info read off a Q5 will not display as expected");\r
PrintAndLog("");\r
- PrintAndLog("-- T55xx Configuration & Tag Information --------------------");\r
+ PrintAndLog("-- T55x7 Configuration & Tag Information --------------------");\r
PrintAndLog("-------------------------------------------------------------");\r
PrintAndLog(" Safer key : %s", GetSaferStr(safer));\r
PrintAndLog(" reserved : %d", resv);\r
char buf[9];\r
char filename[FILE_PATH_SIZE]={0};\r
int keycnt = 0;\r
+ int ch;\r
uint8_t stKeyBlock = 20;\r
- uint8_t *keyBlock = NULL, *p;\r
- keyBlock = calloc(stKeyBlock, 6);\r
- if (keyBlock == NULL) return 1;\r
- \r
+ uint8_t *keyBlock = NULL, *p = NULL;\r
uint32_t start_password = 0x00000000; //start password\r
uint32_t end_password = 0xFFFFFFFF; //end password\r
bool found = false;\r
\r
char cmdp = param_getchar(Cmd, 0);\r
- if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
+ if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
+\r
+ keyBlock = calloc(stKeyBlock, 6);\r
+ if (keyBlock == NULL) return 1;\r
\r
if (cmdp == 'i' || cmdp == 'I') {\r
\r
if (!p) {\r
PrintAndLog("Cannot allocate memory for defaultKeys");\r
free(keyBlock);\r
+ fclose(f);\r
return 2;\r
}\r
keyBlock = p;\r
\r
if (keycnt == 0) {\r
PrintAndLog("No keys found in file");\r
+ free(keyBlock);\r
return 1;\r
}\r
PrintAndLog("Loaded %d keys", keycnt);\r
for (uint16_t c = 0; c < keycnt; ++c ) {\r
\r
if (ukbhit()) {\r
- getchar();\r
+ ch = getchar();\r
+ (void)ch;\r
printf("\naborted via keyboard!\n");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
\r
if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
\r
if ( found ) {\r
PrintAndLog("Found valid password: [%08X]", testpwd);\r
+ free(keyBlock);\r
return 0;\r
} \r
}\r
PrintAndLog("Password NOT found.");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
start_password = param_get32ex(Cmd, 0, 0, 16);\r
end_password = param_get32ex(Cmd, 1, 0, 16);\r
\r
- if ( start_password >= end_password ) return usage_t55xx_bruteforce();\r
+ if ( start_password >= end_password ) {\r
+ free(keyBlock);\r
+ return usage_t55xx_bruteforce();\r
+ }\r
\r
PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password);\r
\r
printf(".");\r
fflush(stdout);\r
if (ukbhit()) {\r
- getchar();\r
+ ch = getchar();\r
+ (void)ch;\r
printf("\naborted via keyboard!\n");\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
PrintAndLog("Aquireing data from device failed. Quitting");\r
+ free(keyBlock);\r
return 0;\r
}\r
found = tryDetectModulation();\r
PrintAndLog("Found valid password: [%08x]", i);\r
else\r
PrintAndLog("Password NOT found. Last tried: [%08x]", --i);\r
+\r
+ free(keyBlock);\r
return 0;\r
}\r
\r
{"special", special, 0, "Show block changes with 64 different offsets"}, \r
{"trace", CmdT55xxReadTrace, 1, "[1] Show T55x7 traceability data (page 1/ blk 0-1)"},\r
{"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"},\r
- {"wipe", CmdT55xxWipe, 0, "Wipe a T55xx tag and set defaults (will destroy any data on tag)"},\r
+ {"wipe", CmdT55xxWipe, 0, "[q] Wipe a T55xx tag and set defaults (will destroy any data on tag)"},\r
{"write", CmdT55xxWriteBlock,0, "b <block> d <data> p [password] [1] -- Write T55xx block data. Optional [p password], [page1]"},\r
{NULL, NULL, 0, NULL}\r
};\r
\r
int CmdLFT55XX(const char *Cmd) {\r
- CmdsParse(CommandTable, Cmd);\r
- return 0;\r
+ clearCommandBuffer();\r
+ CmdsParse(CommandTable, Cmd);\r
+ return 0;\r
}\r
\r
int CmdHelp(const char *Cmd) {\r
- CmdsHelp(CommandTable);\r
- return 0;\r
+ CmdsHelp(CommandTable);\r
+ return 0;\r
}\r
projects / proxmark3-svn / blobdiff