X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/21865cda09da68f02dec1e88705a5f7062cc6daa..2b1f4228c2987459445d30443f92038f9ea080c6:/client/cmdlft55xx.c diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index ba82087a..de0ade28 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -152,13 +152,15 @@ int usage_t55xx_wakup(){ int usage_t55xx_bruteforce(){ PrintAndLog("Usage: lf t55xx bruteforce [i <*.dic>]"); PrintAndLog(" password must be 4 bytes (8 hex symbols)"); + PrintAndLog("This command uses A) bruteforce to scan a number range"); + PrintAndLog(" B) a dictionary attack"); PrintAndLog("Options:"); PrintAndLog(" h - this help"); PrintAndLog(" i <*.dic> - loads a default keys dictionary file <*.dic>"); PrintAndLog(""); PrintAndLog("Examples:"); PrintAndLog(" lf t55xx bruteforce aaaaaaaa bbbbbbbb"); - PrintAndLog(" lf t55xx bruteforce i mykeys.dic"); + PrintAndLog(" lf t55xx bruteforce i default_pwd.dic"); PrintAndLog(""); return 0; } @@ -382,18 +384,22 @@ bool DecodeT55xxBlock(){ ans = ASKDemod(cmdStr, FALSE, FALSE, 1); break; case DEMOD_PSK1: - // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise) + // skip first 16 samples to allow antenna to settle in (psk gets inverted occasionally otherwise) + save_restoreGB(1); CmdLtrim("160"); snprintf(cmdStr, sizeof(buf),"%d %d 6", bitRate[config.bitrate], config.inverted ); ans = PSKDemod(cmdStr, FALSE); + save_restoreGB(0); break; case DEMOD_PSK2: //inverted won't affect this case DEMOD_PSK3: //not fully implemented // skip first 160 samples to allow antenna to settle in (psk gets inverted occasionally otherwise) + save_restoreGB(1); CmdLtrim("160"); snprintf(cmdStr, sizeof(buf),"%d 0 6", bitRate[config.bitrate] ); ans = PSKDemod(cmdStr, FALSE); psk1TOpsk2(DemodBuffer, DemodBufferLen); + save_restoreGB(1); break; case DEMOD_NRZ: snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted ); @@ -1009,8 +1015,14 @@ int CmdT55xxInfo(const char *Cmd){ if (!DecodeT55xxBlock()) return 1; + // too little space to start with if ( DemodBufferLen < 32) return 1; + // + PrintAndLog("Offset+32 ==%d\n DemodLen == %d", config.offset + 32,DemodBufferLen ); + + + uint8_t si = config.offset; uint32_t bl0 = PackBits(si, 32, DemodBuffer); @@ -1315,7 +1327,7 @@ int CmdT55xxWipe(const char *Cmd) { if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk %d", blk); - memset(writeData, sizeof(writeData), 0x00); + memset(writeData,0x00, sizeof(writeData)); } return 0; } @@ -1388,43 +1400,68 @@ int CmdT55xxBruteForce(const char *Cmd) { PrintAndLog("No keys found in file"); return 1; } + PrintAndLog("Loaded %d keys", keycnt); // loop - uint32_t testpwd = 0x00; + uint64_t testpwd = 0x00; for (uint16_t c = 0; c < keycnt; ++c ) { - testpwd = bytes_to_num(keyBlock + 4*keycnt, 4); + if (ukbhit()) { + getchar(); + printf("\naborted via keyboard!\n"); + return 0; + } + + testpwd = bytes_to_num(keyBlock + 4*c, 4); + + PrintAndLog("Testing %08X", testpwd); + + + if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) { + PrintAndLog("Aquireing data from device failed. Quitting"); + return 0; + } - AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd); found = tryDetectModulation(); - + if ( found ) { - PrintAndLog("Found valid password:[%08X]", testpwd); + PrintAndLog("Found valid password: [%08X]", testpwd); return 0; } } + PrintAndLog("Password NOT found."); + return 0; } + // Try to read Block 7, first :) + // incremental pwd range search start_password = param_get32ex(Cmd, 0, 0, 16); end_password = param_get32ex(Cmd, 1, 0, 16); if ( start_password >= end_password ) return usage_t55xx_bruteforce(); - PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password); + PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password); uint32_t i = start_password; while ((!found) && (i <= end_password)){ - AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i); + printf("."); + fflush(stdout); + if (ukbhit()) { + getchar(); + printf("\naborted via keyboard!\n"); + return 0; + } + + if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) { + PrintAndLog("Aquireing data from device failed. Quitting"); + return 0; + } found = tryDetectModulation(); - if (found) - break; - - if ((i % 0x100) == 0) printf("[%08x], ",i); - + if (found) break; i++; } @@ -1433,7 +1470,7 @@ int CmdT55xxBruteForce(const char *Cmd) { if (found) PrintAndLog("Found valid password: [%08x]", i); else - PrintAndLog("Password NOT found. Last tried: [%08x]", i); + PrintAndLog("Password NOT found. Last tried: [%08x]", --i); return 0; }