ADD: `analyse nuid` - generates NUID 4byte from a UID 7byte. Mifare Classic Ev1...

[proxmark3-svn] / client / cmdlft55xx.c
diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c

index 5d36547b87a5c5e4c010bb1fd6f78069e3f54dd0..5b650b30d27ffe64370e860b33c62978580de092 100644 (file)
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -6,28 +6,7 @@
  //-----------------------------------------------------------------------------\r
  // Low frequency T55xx commands\r
  //-----------------------------------------------------------------------------\r
  //-----------------------------------------------------------------------------\r
  // Low frequency T55xx commands\r
  //-----------------------------------------------------------------------------\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <inttypes.h>\r
-#include "proxmark3.h"\r
-#include "ui.h"\r
-#include "graph.h"\r
-#include "cmdmain.h"\r
-#include "cmdparser.h"\r
-#include "cmddata.h"\r
-#include "cmdlf.h"\r
  #include "cmdlft55xx.h"\r
  #include "cmdlft55xx.h"\r
-#include "util.h"\r
-#include "data.h"\r
-#include "lfdemod.h"\r
-#include "cmdhf14a.h" //for getTagInfo\r
-\r
-#define T55x7_CONFIGURATION_BLOCK 0x00\r
-#define T55x7_PAGE0 0x00\r
-#define T55x7_PAGE1 0x01\r
-#define T55x7_PWD      0x00000010\r
-#define REGULAR_READ_MODE_BLOCK 0xFF\r
  \r
  // Default configuration\r
  t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };\r
  \r
  // Default configuration\r
  t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE };\r
@@ -150,6 +129,7 @@ int usage_t55xx_wakup(){
  int usage_t55xx_bruteforce(){\r
         PrintAndLog("This command uses A) bruteforce to scan a number range");\r
         PrintAndLog("                  B) a dictionary attack");\r
  int usage_t55xx_bruteforce(){\r
         PrintAndLog("This command uses A) bruteforce to scan a number range");\r
         PrintAndLog("                  B) a dictionary attack");\r
+       PrintAndLog("press 'enter' to cancel the command");\r
      PrintAndLog("Usage: lf t55xx bruteforce [h] <start password> <end password> [i <*.dic>]");\r
      PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
         PrintAndLog("Options:");\r
      PrintAndLog("Usage: lf t55xx bruteforce [h] <start password> <end password> [i <*.dic>]");\r
      PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
         PrintAndLog("Options:");\r
@@ -166,6 +146,7 @@ int usage_t55xx_bruteforce(){
  }\r
  int usage_t55xx_recoverpw(){\r
         PrintAndLog("This command uses a few tricks to try to recover mangled password");\r
  }\r
  int usage_t55xx_recoverpw(){\r
         PrintAndLog("This command uses a few tricks to try to recover mangled password");\r
+       PrintAndLog("press 'enter' to cancel the command");\r
         PrintAndLog("WARNING: this may brick non-password protected chips!");\r
         PrintAndLog("Usage: lf t55xx recoverpw [password]");\r
         PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
         PrintAndLog("WARNING: this may brick non-password protected chips!");\r
         PrintAndLog("Usage: lf t55xx recoverpw [password]");\r
         PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
@@ -634,6 +615,7 @@ bool tryDetectModulation(){
                                 tests[hits].ST = FALSE;\r
                                 ++hits;\r
                         }\r
                                 tests[hits].ST = FALSE;\r
                                 ++hits;\r
                         }\r
+                       //ICEMAN: are these PSKDemod calls needed?\r
                         // PSK2 - needs a call to psk1TOpsk2.\r
                         if ( PSKDemod("0 0 6", FALSE)) {\r
                                 psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
                         // PSK2 - needs a call to psk1TOpsk2.\r
                         if ( PSKDemod("0 0 6", FALSE)) {\r
                                 psk1TOpsk2(DemodBuffer, DemodBufferLen);\r
@@ -1429,10 +1411,9 @@ void t55x7_create_config_block( int tagtype ){
  \r
  int CmdResetRead(const char *Cmd) {\r
         UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
  \r
  int CmdResetRead(const char *Cmd) {\r
         UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}};\r
-\r
         clearCommandBuffer();\r
         SendCommand(&c);\r
         clearCommandBuffer();\r
         SendCommand(&c);\r
-       if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {\r
+       if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) {\r
                 PrintAndLog("command execution time out");\r
                 return 0;\r
         }\r
                 PrintAndLog("command execution time out");\r
                 return 0;\r
         }\r
@@ -1474,23 +1455,34 @@ int CmdT55xxWipe(const char *Cmd) {
         return 0;\r
  }\r
  \r
         return 0;\r
  }\r
  \r
+bool IsCancelled(void) {\r
+       if (ukbhit()) {\r
+               int ch = getchar();\r
+               (void)ch;\r
+               printf("\naborted via keyboard!\n");\r
+               return TRUE;\r
+       }\r
+       return FALSE;\r
+}\r
+\r
  int CmdT55xxBruteForce(const char *Cmd) {\r
         \r
         // load a default pwd file.\r
  int CmdT55xxBruteForce(const char *Cmd) {\r
         \r
         // load a default pwd file.\r
-       char buf[9];\r
+       char line[9];\r
         char filename[FILE_PATH_SIZE]={0};\r
         int     keycnt = 0;\r
         char filename[FILE_PATH_SIZE]={0};\r
         int     keycnt = 0;\r
-       int ch;\r
         uint8_t stKeyBlock = 20;\r
         uint8_t *keyBlock = NULL, *p = NULL;\r
      uint32_t start_password = 0x00000000; //start password\r
      uint32_t end_password   = 0xFFFFFFFF; //end   password\r
      bool found = false;\r
  \r
         uint8_t stKeyBlock = 20;\r
         uint8_t *keyBlock = NULL, *p = NULL;\r
      uint32_t start_password = 0x00000000; //start password\r
      uint32_t end_password   = 0xFFFFFFFF; //end   password\r
      bool found = false;\r
  \r
+       memset(line, 0, sizeof(line));\r
+       \r
      char cmdp = param_getchar(Cmd, 0);\r
         if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
  \r
      char cmdp = param_getchar(Cmd, 0);\r
         if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
  \r
-       keyBlock = calloc(stKeyBlock, 6);\r
+       keyBlock = calloc(stKeyBlock, 4);\r
         if (keyBlock == NULL) return 1;\r
  \r
         if (cmdp == 'i' || cmdp == 'I') {\r
         if (keyBlock == NULL) return 1;\r
  \r
         if (cmdp == 'i' || cmdp == 'I') {\r
@@ -1505,45 +1497,47 @@ int CmdT55xxBruteForce(const char *Cmd) {
                         free(keyBlock);\r
                         return 1;\r
                 }                       \r
                         free(keyBlock);\r
                         return 1;\r
                 }                       \r
-                       \r
-               while( fgets(buf, sizeof(buf), f) ){\r
-                       if (strlen(buf) < 8 || buf[7] == '\n') continue;\r
                 \r
                 \r
-                       while (fgetc(f) != '\n' && !feof(f)) ;  //goto next line\r
-                       \r
+               while( fgets(line, sizeof(line), f) ){\r
+                       if (strlen(line) < 8 || line[7] == '\n') continue;\r
+               \r
+                       //goto next line\r
+                       while (fgetc(f) != '\n' && !feof(f)) ;\r
+               \r
                         //The line start with # is comment, skip\r
                         //The line start with # is comment, skip\r
-                       if( buf[0]=='#' ) continue;\r
+                       if( line[0]=='#' ) continue;\r
  \r
  \r
-                       if (!isxdigit(buf[0])){\r
-                               PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf);\r
+                       if (!isxdigit(line[0])) {\r
+                               PrintAndLog("File content error. '%s' must include 8 HEX symbols", line);\r
                                 continue;\r
                         }\r
                         \r
                                 continue;\r
                         }\r
                         \r
-                       buf[8] = 0;\r
-\r
+                       line[8] = 0;            \r
+                       \r
+                       // realloc keyblock array size.\r
                         if ( stKeyBlock - keycnt < 2) {\r
                         if ( stKeyBlock - keycnt < 2) {\r
-                               p = realloc(keyBlock, 6*(stKeyBlock+=10));\r
+                               p = realloc(keyBlock, 4 * (stKeyBlock += 10));\r
                                 if (!p) {\r
                                         PrintAndLog("Cannot allocate memory for defaultKeys");\r
                                         free(keyBlock);\r
                                 if (!p) {\r
                                         PrintAndLog("Cannot allocate memory for defaultKeys");\r
                                         free(keyBlock);\r
-                                       if (f) {\r
+                                       if (f)\r
                                                 fclose(f);\r
                                                 fclose(f);\r
-                                               f = NULL;\r
-                                       }\r
                                         return 2;\r
                                 }\r
                                 keyBlock = p;\r
                         }\r
                                         return 2;\r
                                 }\r
                                 keyBlock = p;\r
                         }\r
+                       // clear mem\r
                         memset(keyBlock + 4 * keycnt, 0, 4);\r
                         memset(keyBlock + 4 * keycnt, 0, 4);\r
-                       num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt);\r
-                       PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4));\r
-                       keycnt++;\r
-                       memset(buf, 0, sizeof(buf));\r
+                       \r
+                       num_to_bytes( strtoll(line, NULL, 16), 4, keyBlock + 4*keycnt);\r
+                       \r
+                       PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4 * keycnt, 4) );                       \r
+                       keycnt++;                       \r
+                       memset(line, 0, sizeof(line));\r
                 }               \r
                 }               \r
-               if (f) {\r
+               if (f)\r
                         fclose(f);\r
                         fclose(f);\r
-                       f = NULL;\r
-               }\r
+               \r
                 if (keycnt == 0) {\r
                         PrintAndLog("No keys found in file");\r
                         free(keyBlock);\r
                 if (keycnt == 0) {\r
                         PrintAndLog("No keys found in file");\r
                         free(keyBlock);\r
@@ -1561,10 +1555,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                                 return  2;\r
                         }\r
                 \r
                                 return  2;\r
                         }\r
                 \r
-                       if (ukbhit()) {\r
-                               ch = getchar();\r
-                               (void)ch;\r
-                               printf("\naborted via keyboard!\n");\r
+                       if (IsCancelled()) {\r
                                 free(keyBlock);\r
                                 return 0;\r
                         }\r
                                 free(keyBlock);\r
                                 return 0;\r
                         }\r
@@ -1574,7 +1565,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
                         PrintAndLog("Testing %08X", testpwd);\r
                                                 \r
                         if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
                         PrintAndLog("Testing %08X", testpwd);\r
                                                 \r
                         if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) {\r
-                               PrintAndLog("Aquireing data from device failed. Quitting");\r
+                               PrintAndLog("Acquire data from device failed. Quitting");\r
                                 free(keyBlock);\r
                                 return 0;\r
                         }\r
                                 free(keyBlock);\r
                                 return 0;\r
                         }\r
@@ -1582,8 +1573,8 @@ int CmdT55xxBruteForce(const char *Cmd) {
                         found = tryDetectModulation();\r
                         if ( found ) {\r
                                 PrintAndLog("Found valid password: [%08X]", testpwd);\r
                         found = tryDetectModulation();\r
                         if ( found ) {\r
                                 PrintAndLog("Found valid password: [%08X]", testpwd);\r
-                               free(keyBlock);\r
-                               return 0;\r
+                               //free(keyBlock);\r
+                               //return 0;\r
                         } \r
                 }\r
                 PrintAndLog("Password NOT found.");\r
                         } \r
                 }\r
                 PrintAndLog("Password NOT found.");\r
@@ -1610,16 +1601,14 @@ int CmdT55xxBruteForce(const char *Cmd) {
  \r
                 printf(".");\r
                 fflush(stdout);\r
  \r
                 printf(".");\r
                 fflush(stdout);\r
-               if (ukbhit()) {\r
-                       ch = getchar();\r
-                       (void)ch;\r
-                       printf("\naborted via keyboard!\n");\r
+               \r
+               if (IsCancelled()) {\r
                         free(keyBlock);\r
                         return 0;\r
                 }\r
                         \r
                 if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
                         free(keyBlock);\r
                         return 0;\r
                 }\r
                         \r
                 if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) {\r
-                       PrintAndLog("Aquireing data from device failed. Quitting");\r
+                       PrintAndLog("Acquire data from device failed. Quitting");\r
                         free(keyBlock);\r
                         return 0;\r
                 }\r
                         free(keyBlock);\r
                         return 0;\r
                 }\r
@@ -1643,7 +1632,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
  int tryOnePassword(uint32_t password) {\r
         PrintAndLog("Trying password %08x", password);\r
         if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) {\r
  int tryOnePassword(uint32_t password) {\r
         PrintAndLog("Trying password %08x", password);\r
         if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) {\r
-               PrintAndLog("Aquireing data from device failed. Quitting");\r
+               PrintAndLog("Acquire data from device failed. Quitting");\r
                 return -1;\r
         }\r
  \r
                 return -1;\r
         }\r
  \r
@@ -1660,21 +1649,19 @@ int CmdT55xxRecoverPW(const char *Cmd) {
         uint32_t prev_password = 0xffffffff;\r
         uint32_t mask = 0x0;\r
         int found = 0;\r
         uint32_t prev_password = 0xffffffff;\r
         uint32_t mask = 0x0;\r
         int found = 0;\r
-\r
         char cmdp = param_getchar(Cmd, 0);\r
         if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw();\r
  \r
         orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners\r
  \r
         // first try fliping each bit in the expected password\r
         char cmdp = param_getchar(Cmd, 0);\r
         if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw();\r
  \r
         orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners\r
  \r
         // first try fliping each bit in the expected password\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                 curr_password = orig_password ^ ( 1 << bit );\r
                 found = tryOnePassword(curr_password);\r
                 curr_password = orig_password ^ ( 1 << bit );\r
                 found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
-                       return 0;\r
+               if (found == -1) return 0;\r
                 bit++;\r
                 bit++;\r
+               \r
+               if (IsCancelled()) return 0;\r
         }\r
  \r
         // now try to use partial original password, since block 7 should have been completely\r
         }\r
  \r
         // now try to use partial original password, since block 7 should have been completely\r
@@ -1683,7 +1670,7 @@ int CmdT55xxRecoverPW(const char *Cmd) {
         // not sure from which end the bit bits are written, so try from both ends \r
         // from low bit to high bit\r
         bit = 0;\r
         // not sure from which end the bit bits are written, so try from both ends \r
         // from low bit to high bit\r
         bit = 0;\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                 mask += ( 1 << bit );\r
                 curr_password = orig_password & mask;\r
                 // if updated mask didn't change the password, don't try it again\r
                 mask += ( 1 << bit );\r
                 curr_password = orig_password & mask;\r
                 // if updated mask didn't change the password, don't try it again\r
@@ -1692,18 +1679,17 @@ int CmdT55xxRecoverPW(const char *Cmd) {
                         continue;\r
                 }\r
                 found = tryOnePassword(curr_password);\r
                         continue;\r
                 }\r
                 found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
-                       return 0;\r
+               if (found == -1) return 0;\r
                 bit++;\r
                 bit++;\r
-               prev_password=curr_password;\r
+               prev_password = curr_password;\r
+               \r
+               if (IsCancelled()) return 0;\r
         }\r
  \r
         // from high bit to low\r
         bit = 0;\r
         mask = 0xffffffff;\r
         }\r
  \r
         // from high bit to low\r
         bit = 0;\r
         mask = 0xffffffff;\r
-       while ((found != 1) && (bit < 32)) {\r
+       while (bit < 32) {\r
                 mask -= ( 1 << bit );\r
                 curr_password = orig_password & mask;\r
                 // if updated mask didn't change the password, don't try it again\r
                 mask -= ( 1 << bit );\r
                 curr_password = orig_password & mask;\r
                 // if updated mask didn't change the password, don't try it again\r
@@ -1712,14 +1698,14 @@ int CmdT55xxRecoverPW(const char *Cmd) {
                         continue;\r
                 }\r
                 found = tryOnePassword(curr_password);\r
                         continue;\r
                 }\r
                 found = tryOnePassword(curr_password);\r
-               if (found == 1)\r
-                       goto done;\r
-               else if (found == -1)\r
+               if (found == -1)\r
                         return 0;\r
                 bit++;\r
                         return 0;\r
                 bit++;\r
-               prev_password=curr_password;\r
+               prev_password = curr_password;\r
+               \r
+               if (IsCancelled()) return 0;\r
         }\r
         }\r
-done:\r
+\r
         PrintAndLog("");\r
  \r
         if (found == 1)\r
         PrintAndLog("");\r
  \r
         if (found == 1)\r