+char * GetModelStrFromCID(uint32_t cid){\r
+ \r
+ static char buf[10];\r
+ char *retStr = buf;\r
+ \r
+ if (cid == 1) snprintf(retStr, sizeof(buf),"ATA5577M1");\r
+ if (cid == 2) snprintf(retStr, sizeof(buf),"ATA5577M2"); \r
+ return buf;\r
+}\r
+\r
+char * GetSelectedModulationStr( uint8_t id){\r
+\r
+ static char buf[20];\r
+ char *retStr = buf;\r
+\r
+ switch (id){\r
+ case DEMOD_FSK: snprintf(retStr,sizeof(buf),"FSK"); break;\r
+ case DEMOD_FSK1: snprintf(retStr,sizeof(buf),"FSK1"); break;\r
+ case DEMOD_FSK1a: snprintf(retStr,sizeof(buf),"FSK1a"); break;\r
+ case DEMOD_FSK2: snprintf(retStr,sizeof(buf),"FSK2"); break;\r
+ case DEMOD_FSK2a: snprintf(retStr,sizeof(buf),"FSK2a"); break;\r
+ case DEMOD_ASK: snprintf(retStr,sizeof(buf),"ASK"); break;\r
+ case DEMOD_NRZ: snprintf(retStr,sizeof(buf),"DIRECT/NRZ"); break;\r
+ case DEMOD_PSK1: snprintf(retStr,sizeof(buf),"PSK1"); break;\r
+ case DEMOD_PSK2: snprintf(retStr,sizeof(buf),"PSK2"); break;\r
+ case DEMOD_PSK3: snprintf(retStr,sizeof(buf),"PSK3"); break;\r
+ case DEMOD_BI: snprintf(retStr,sizeof(buf),"BIPHASE"); break;\r
+ case DEMOD_BIa: snprintf(retStr,sizeof(buf),"BIPHASEa - (CDP)"); break;\r
+ default: snprintf(retStr,sizeof(buf),"(Unknown)"); break;\r
+ }\r
+ return buf;\r
+}\r
+\r
+void t55x7_create_config_block( int tagtype ){\r
+\r
+ /*\r
+ T55X7_DEFAULT_CONFIG_BLOCK, T55X7_RAW_CONFIG_BLOCK\r
+ T55X7_EM_UNIQUE_CONFIG_BLOCK, T55X7_FDXB_CONFIG_BLOCK,\r
+ T55X7_FDXB_CONFIG_BLOCK, T55X7_HID_26_CONFIG_BLOCK, T55X7_INDALA_64_CONFIG_BLOCK, T55X7_INDALA_224_CONFIG_BLOCK \r
+ T55X7_GUARDPROXII_CONFIG_BLOCK, T55X7_VIKING_CONFIG_BLOCK, T55X7_NORALYS_CONFIG_BLOCK, T55X7_IOPROX_CONFIG_BLOCK \r
+ */\r
+ static char buf[60];\r
+ char *retStr = buf;\r
+ \r
+ switch (tagtype){\r
+ case 0: snprintf(retStr, sizeof(buf),"%08X - T55X7 Default", T55X7_DEFAULT_CONFIG_BLOCK); break;\r
+ case 1: snprintf(retStr, sizeof(buf),"%08X - T55X7 Raw", T55X7_RAW_CONFIG_BLOCK); break;\r
+ case 2: snprintf(retStr, sizeof(buf),"%08X - T5555 Q5 Default", T5555_DEFAULT_CONFIG_BLOCK); break;\r
+ default:\r
+ break;\r
+ }\r
+ PrintAndLog(buf);\r
+}\r
+\r
+int CmdResetRead(const char *Cmd) {\r
+ UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
+\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+ if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
+ PrintAndLog("command execution time out");\r
+ return 0;\r
+ }\r
+\r
+ uint8_t got[BIGBUF_SIZE-1];\r
+ GetFromBigBuf(got,sizeof(got),0);\r
+ WaitForResponse(CMD_ACK,NULL);\r
+ setGraphBuf(got, sizeof(got));\r
+ return 1;\r
+}\r
+// ADD T5555 (Q5) Default config block\r
+int CmdT55xxWipe(const char *Cmd) {\r
+ char writeData[20] = {0};\r
+ char *ptrData = writeData;\r
+ char cmdp = param_getchar(Cmd, 0); \r
+ if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_wipe();\r
+\r
+ bool Q5 = (cmdp == 'q' || cmdp == 'Q');\r
+\r
+ // Try with the default password to reset block 0\r
+ // With a pwd should work even if pwd bit not set\r
+ PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n");\r
+ \r
+ if ( Q5 ){\r
+ snprintf(ptrData,sizeof(writeData),"b 0 d 6001F004 p 0");\r
+ } else {\r
+ snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0");\r
+ }\r
+ \r
+ if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk 0");\r
+ \r
+ for (uint8_t blk = 1; blk<8; blk++) {\r
+ \r
+ snprintf(ptrData,sizeof(writeData),"b %d d 0", blk);\r
+ \r
+ if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk %d", blk);\r
+ \r
+ memset(writeData,0x00, sizeof(writeData));\r
+ }\r
+ return 0;\r
+}\r
+\r
+int CmdT55xxBruteForce(const char *Cmd) {\r
+ \r
+ // load a default pwd file.\r
+ char buf[9];\r
+ char filename[FILE_PATH_SIZE]={0};\r
+ int keycnt = 0;\r
+ int ch;\r
+ uint8_t stKeyBlock = 20;\r
+ uint8_t *keyBlock = NULL, *p = NULL;\r
+ uint32_t start_password = 0x00000000; //start password\r
+ uint32_t end_password = 0xFFFFFFFF; //end password\r
+ bool found = false;\r
+\r
+ char cmdp = param_getchar(Cmd, 0);\r
+ if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
+\r
+ keyBlock = calloc(stKeyBlock, 6);\r
+ if (keyBlock == NULL) return 1;\r
+\r
+ if (cmdp == 'i' || cmdp == 'I') {\r
+ \r
+ int len = strlen(Cmd+2);\r
+ if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;\r
+ memcpy(filename, Cmd+2, len);\r
+ \r
+ FILE * f = fopen( filename , "r");\r
+ \r
+ if ( !f ) {\r
+ PrintAndLog("File: %s: not found or locked.", filename);\r
+ free(keyBlock);\r
+ return 1;\r
+ } \r
+ \r
+ while( fgets(buf, sizeof(buf), f) ){\r
+ if (strlen(buf) < 8 || buf[7] == '\n') continue;\r
+ \r
+ while (fgetc(f) != '\n' && !feof(f)) ; //goto next line\r
+ \r
+ //The line start with # is comment, skip\r
+ if( buf[0]=='#' ) continue;\r