]> git.zerfleddert.de Git - proxmark3-svn/blobdiff - client/cmdlft55xx.c
ADD: `analyse nuid` - generates NUID 4byte from a UID 7byte. Mifare Classic Ev1...
[proxmark3-svn] / client / cmdlft55xx.c
index 5d36547b87a5c5e4c010bb1fd6f78069e3f54dd0..5b650b30d27ffe64370e860b33c62978580de092 100644 (file)
@@ -6,28 +6,7 @@
 //-----------------------------------------------------------------------------\r
 // Low frequency T55xx commands\r
 //-----------------------------------------------------------------------------\r
 //-----------------------------------------------------------------------------\r
 // Low frequency T55xx commands\r
 //-----------------------------------------------------------------------------\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <inttypes.h>\r
-#include "proxmark3.h"\r
-#include "ui.h"\r
-#include "graph.h"\r
-#include "cmdmain.h"\r
-#include "cmdparser.h"\r
-#include "cmddata.h"\r
-#include "cmdlf.h"\r
 #include "cmdlft55xx.h"\r
 #include "cmdlft55xx.h"\r
-#include "util.h"\r
-#include "data.h"\r
-#include "lfdemod.h"\r
-#include "cmdhf14a.h" //for getTagInfo\r
-\r
-#define T55x7_CONFIGURATION_BLOCK 0x00\r
-#define T55x7_PAGE0 0x00\r
-#define T55x7_PAGE1 0x01\r
-#define T55x7_PWD      0x00000010\r
-#define REGULAR_READ_MODE_BLOCK 0xFF\r
 \r
 // Default configuration\r
 t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };\r
 \r
 // Default configuration\r
 t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };\r
@@ -150,6 +129,7 @@ int usage_t55xx_wakup(){
 int usage_t55xx_bruteforce(){\r
        PrintAndLog("This command uses A) bruteforce to scan a number range");\r
        PrintAndLog("                  B) a dictionary attack");\r
 int usage_t55xx_bruteforce(){\r
        PrintAndLog("This command uses A) bruteforce to scan a number range");\r
        PrintAndLog("                  B) a dictionary attack");\r
+       PrintAndLog("press 'enter' to cancel the command");\r
     PrintAndLog("Usage: lf t55xx bruteforce [h] <start password> <end password> [i <*.dic>]");\r
     PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
        PrintAndLog("Options:");\r
     PrintAndLog("Usage: lf t55xx bruteforce [h] <start password> <end password> [i <*.dic>]");\r
     PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
        PrintAndLog("Options:");\r
@@ -166,6 +146,7 @@ int usage_t55xx_bruteforce(){
 }\r
 int usage_t55xx_recoverpw(){\r
        PrintAndLog("This command uses a few tricks to try to recover mangled password");\r
 }\r
 int usage_t55xx_recoverpw(){\r
        PrintAndLog("This command uses a few tricks to try to recover mangled password");\r
+       PrintAndLog("press 'enter' to cancel the command");\r
        PrintAndLog("WARNING: this may brick non-password protected chips!");\r
        PrintAndLog("Usage: lf t55xx recoverpw [password]");\r
        PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
        PrintAndLog("WARNING: this may brick non-password protected chips!");\r
        PrintAndLog("Usage: lf t55xx recoverpw [password]");\r
        PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
@@ -634,6 +615,7 @@ bool tryDetectModulation(){
                                tests[hits].ST = FALSE;\r
                                ++hits;\r
                        }\r
                                tests[hits].ST = FALSE;\r
                                ++hits;\r
                        }\r
+                       //ICEMAN: are these PSKDemod calls needed?\r
                        // PSK2 - needs a call to psk1TOpsk2.\r
                        if ( PSKDemod("0 0 6", FALSE)) {\r
                                psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
                        // PSK2 - needs a call to psk1TOpsk2.\r
                        if ( PSKDemod("0 0 6", FALSE)) {\r
                                psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
@@ -1429,10 +1411,9 @@ void t55x7_create_config_block( int tagtype ){
 \r
 int CmdResetRead(const char *Cmd) {\r
        UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
 \r
 int CmdResetRead(const char *Cmd) {\r
        UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
-\r
        clearCommandBuffer();\r
        SendCommand(&c);\r
        clearCommandBuffer();\r
        SendCommand(&c);\r
-       if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
+       if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) {\r
                PrintAndLog("command execution time out");\r
                return 0;\r
        }\r
                PrintAndLog("command execution time out");\r
                return 0;\r
        }\r
@@ -1474,23 +1455,34 @@ int CmdT55xxWipe(const char *Cmd) {
        return 0;\r
 }\r
 \r
        return 0;\r
 }\r
 \r
+bool IsCancelled(void) {\r
+       if (ukbhit()) {\r
+               int ch = getchar();\r
+               (void)ch;\r
+               printf("\naborted via keyboard!\n");\r
+               return TRUE;\r
+       }\r
+       return FALSE;\r
+}\r
+\r
 int CmdT55xxBruteForce(const char *Cmd) {\r
        \r
        // load a default pwd file.\r
 int CmdT55xxBruteForce(const char *Cmd) {\r
        \r
        // load a default pwd file.\r
-       char buf[9];\r
+       char line[9];\r
        char filename[FILE_PATH_SIZE]={0};\r
        int     keycnt = 0;\r
        char filename[FILE_PATH_SIZE]={0};\r
        int     keycnt = 0;\r
-       int ch;\r
        uint8_t stKeyBlock = 20;\r
        uint8_t *keyBlock = NULL, *p = NULL;\r
     uint32_t start_password = 0x00000000; //start password\r
     uint32_t end_password   = 0xFFFFFFFF; //end   password\r
     bool found = false;\r
 \r
        uint8_t stKeyBlock = 20;\r
        uint8_t *keyBlock = NULL, *p = NULL;\r
     uint32_t start_password = 0x00000000; //start password\r
     uint32_t end_password   = 0xFFFFFFFF; //end   password\r
     bool found = false;\r
 \r
+       memset(line, 0, sizeof(line));\r
+       \r
     char cmdp = param_getchar(Cmd, 0);\r
        if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
 \r
     char cmdp = param_getchar(Cmd, 0);\r
        if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
 \r
-       keyBlock = calloc(stKeyBlock, 6);\r
+       keyBlock = calloc(stKeyBlock, 4);\r
        if (keyBlock == NULL) return 1;\r
 \r
        if (cmdp == 'i' || cmdp == 'I') {\r
        if (keyBlock == NULL) return 1;\r
 \r
        if (cmdp == 'i' || cmdp == 'I') {\r
@@ -1505,45 +1497,47 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        free(keyBlock);\r
                        return 1;\r
                }                       \r
                        free(keyBlock);\r
                        return 1;\r
                }                       \r
-                       \r
-               while( fgets(buf, sizeof(buf), f) ){\r
-                       if (strlen(buf) < 8 || buf[7] == '\n') continue;\r
                \r
                \r
-                       while (fgetc(f) != '\n' && !feof(f)) ;  //goto next line\r
-                       \r
+               while( fgets(line, sizeof(line), f) ){\r
+                       if (strlen(line) < 8 || line[7] == '\n') continue;\r
+               \r
+                       //goto next line\r
+                       while (fgetc(f) != '\n' && !feof(f)) ;\r
+               \r
                        //The line start with # is comment, skip\r
                        //The line start with # is comment, skip\r
-                       if( buf[0]=='#' ) continue;\r
+                       if( line[0]=='#' ) continue;\r
 \r
 \r
-                       if (!isxdigit(buf[0])){\r
-                               PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf);\r
+                       if (!isxdigit(line[0])) {\r
+                               PrintAndLog("File content error. '%s' must include 8 HEX symbols", line);\r
                                continue;\r
                        }\r
                        \r
                                continue;\r
                        }\r
                        \r
-                       buf[8] = 0;\r
-\r
+                       line[8] = 0;            \r
+                       \r
+                       // realloc keyblock array size.\r
                        if ( stKeyBlock - keycnt < 2) {\r
                        if ( stKeyBlock - keycnt < 2) {\r
-                               p = realloc(keyBlock, 6*(stKeyBlock+=10));\r
+                               p = realloc(keyBlock, 4 * (stKeyBlock += 10));\r
                                if (!p) {\r
                                        PrintAndLog("Cannot allocate memory for defaultKeys");\r
                                        free(keyBlock);\r
                                if (!p) {\r
                                        PrintAndLog("Cannot allocate memory for defaultKeys");\r
                                        free(keyBlock);\r
-                                       if (f) {\r
+                                       if (f)\r
                                                fclose(f);\r
                                                fclose(f);\r
-                                               f = NULL;\r
-                                       }\r
                                        return 2;\r
                                }\r
                                keyBlock = p;\r
                        }\r
                                        return 2;\r
                                }\r
                                keyBlock = p;\r
                        }\r
+                       // clear mem\r
                        memset(keyBlock + 4 * keycnt, 0, 4);\r
                        memset(keyBlock + 4 * keycnt, 0, 4);\r
-                       num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt);\r
-                       PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4));\r
-                       keycnt++;\r
-                       memset(buf, 0, sizeof(buf));\r
+                       \r
+                       num_to_bytes( strtoll(line, NULL, 16), 4, keyBlock + 4*keycnt);\r
+                       \r
+                       PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4 * keycnt, 4) );                       \r
+                       keycnt++;                       \r
+                       memset(line, 0, sizeof(line));\r
                }               \r
                }               \r
-               if (f) {\r
+               if (f)\r
                        fclose(f);\r
                        fclose(f);\r
-                       f = NULL;\r
-               }\r
+               \r
                if (keycnt == 0) {\r
                        PrintAndLog("No keys found in file");\r
                        free(keyBlock);\r
                if (keycnt == 0) {\r
                        PrintAndLog("No keys found in file");\r
                        free(keyBlock);\r
@@ -1561,10 +1555,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                                return  2;\r
                        }\r
                \r
                                return  2;\r
                        }\r
                \r
-                       if (ukbhit()) {\r
-                               ch = getchar();\r
-                               (void)ch;\r
-                               printf("\naborted via keyboard!\n");\r
+                       if (IsCancelled()) {\r
                                free(keyBlock);\r
                                return 0;\r
                        }\r
                                free(keyBlock);\r
                                return 0;\r
                        }\r
@@ -1574,7 +1565,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        PrintAndLog("Testing %08X", testpwd);\r
                                                \r
                        if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
                        PrintAndLog("Testing %08X", testpwd);\r
                                                \r
                        if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
-                               PrintAndLog("Aquireing data from device failed. Quitting");\r
+                               PrintAndLog("Acquire data from device failed. Quitting");\r
                                free(keyBlock);\r
                                return 0;\r
                        }\r
                                free(keyBlock);\r
                                return 0;\r
                        }\r
@@ -1582,8 +1573,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
                        found = tryDetectModulation();\r
                        if ( found ) {\r
                                PrintAndLog("Found valid password: [%08X]", testpwd);\r
                        found = tryDetectModulation();\r
                        if ( found ) {\r
                                PrintAndLog("Found valid password: [%08X]", testpwd);\r
-                               free(keyBlock);\r
-                               return 0;\r
+                               //free(keyBlock);\r
+                               //return 0;\r
                        } \r
                }\r
                PrintAndLog("Password NOT found.");\r
                        } \r
                }\r
                PrintAndLog("Password NOT found.");\r
@@ -1610,16 +1601,14 @@ int CmdT55xxBruteForce(const char *Cmd) {
 \r
                printf(".");\r
                fflush(stdout);\r
 \r
                printf(".");\r
                fflush(stdout);\r
-               if (ukbhit()) {\r
-                       ch = getchar();\r
-                       (void)ch;\r
-                       printf("\naborted via keyboard!\n");\r
+               \r
+               if (IsCancelled()) {\r
                        free(keyBlock);\r
                        return 0;\r
                }\r
                        \r
                if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
                        free(keyBlock);\r
                        return 0;\r
                }\r
                        \r
                if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
-                       PrintAndLog("Aquireing data from device failed. Quitting");\r
+                       PrintAndLog("Acquire data from device failed. Quitting");\r
                        free(keyBlock);\r
                        return 0;\r
                }\r
                        free(keyBlock);\r
                        return 0;\r
                }\r
@@ -1643,7 +1632,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
 int tryOnePassword(uint32_t password) {\r
        PrintAndLog("Trying password %08x", password);\r
        if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) {\r
 int tryOnePassword(uint32_t password) {\r
        PrintAndLog("Trying password %08x", password);\r
        if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) {\r
-               PrintAndLog("Aquireing data from device failed. Quitting");\r
+               PrintAndLog("Acquire data from device failed. Quitting");\r
                return -1;\r
        }\r
 \r
                return -1;\r
        }\r
 \r
@@ -1660,21 +1649,19 @@ int CmdT55xxRecoverPW(const char *Cmd) {
        uint32_t prev_password = 0xffffffff;\r
        uint32_t mask = 0x0;\r
        int found = 0;\r
        uint32_t prev_password = 0xffffffff;\r
        uint32_t mask = 0x0;\r
        int found = 0;\r
-\r
        char cmdp = param_getchar(Cmd, 0);\r
        if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw();\r
 \r
        orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners\r
 \r
        // first try fliping each bit in the expected password\r
        char cmdp = param_getchar(Cmd, 0);\r
        if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw();\r
 \r
        orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners\r
 \r
        // first try fliping each bit in the expected password\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                curr_password = orig_password ^ ( 1 << bit );\r
                found = tryOnePassword(curr_password);\r
                curr_password = orig_password ^ ( 1 << bit );\r
                found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
-                       return 0;\r
+               if (found == -1) return 0;\r
                bit++;\r
                bit++;\r
+               \r
+               if (IsCancelled()) return 0;\r
        }\r
 \r
        // now try to use partial original password, since block 7 should have been completely\r
        }\r
 \r
        // now try to use partial original password, since block 7 should have been completely\r
@@ -1683,7 +1670,7 @@ int CmdT55xxRecoverPW(const char *Cmd) {
        // not sure from which end the bit bits are written, so try from both ends \r
        // from low bit to high bit\r
        bit = 0;\r
        // not sure from which end the bit bits are written, so try from both ends \r
        // from low bit to high bit\r
        bit = 0;\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                mask += ( 1 << bit );\r
                curr_password = orig_password & mask;\r
                // if updated mask didn't change the password, don't try it again\r
                mask += ( 1 << bit );\r
                curr_password = orig_password & mask;\r
                // if updated mask didn't change the password, don't try it again\r
@@ -1692,18 +1679,17 @@ int CmdT55xxRecoverPW(const char *Cmd) {
                        continue;\r
                }\r
                found = tryOnePassword(curr_password);\r
                        continue;\r
                }\r
                found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
-                       return 0;\r
+               if (found == -1) return 0;\r
                bit++;\r
                bit++;\r
-               prev_password=curr_password;\r
+               prev_password = curr_password;\r
+               \r
+               if (IsCancelled()) return 0;\r
        }\r
 \r
        // from high bit to low\r
        bit = 0;\r
        mask = 0xffffffff;\r
        }\r
 \r
        // from high bit to low\r
        bit = 0;\r
        mask = 0xffffffff;\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                mask -= ( 1 << bit );\r
                curr_password = orig_password & mask;\r
                // if updated mask didn't change the password, don't try it again\r
                mask -= ( 1 << bit );\r
                curr_password = orig_password & mask;\r
                // if updated mask didn't change the password, don't try it again\r
@@ -1712,14 +1698,14 @@ int CmdT55xxRecoverPW(const char *Cmd) {
                        continue;\r
                }\r
                found = tryOnePassword(curr_password);\r
                        continue;\r
                }\r
                found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
+               if (found == -1)\r
                        return 0;\r
                bit++;\r
                        return 0;\r
                bit++;\r
-               prev_password=curr_password;\r
+               prev_password = curr_password;\r
+               \r
+               if (IsCancelled()) return 0;\r
        }\r
        }\r
-done:\r
+\r
        PrintAndLog("");\r
 \r
        if (found == 1)\r
        PrintAndLog("");\r
 \r
        if (found == 1)\r
Impressum, Datenschutz