X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/2dcf60f3df145625781982040ae9c80d30e40482..10493a0f191f51516b8becca07ea0f6c48575680:/client/cmdlft55xx.c?ds=sidebyside diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index f28f84ce..1b005d96 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -6,28 +6,7 @@ //----------------------------------------------------------------------------- // Low frequency T55xx commands //----------------------------------------------------------------------------- - -#include -#include -#include -#include "proxmark3.h" -#include "ui.h" -#include "graph.h" -#include "cmdmain.h" -#include "cmdparser.h" -#include "cmddata.h" -#include "cmdlf.h" #include "cmdlft55xx.h" -#include "util.h" -#include "data.h" -#include "lfdemod.h" -#include "cmdhf14a.h" //for getTagInfo - -#define T55x7_CONFIGURATION_BLOCK 0x00 -#define T55x7_PAGE0 0x00 -#define T55x7_PAGE1 0x01 -#define T55x7_PWD 0x00000010 -#define REGULAR_READ_MODE_BLOCK 0xFF // Default configuration t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE }; @@ -150,6 +129,7 @@ int usage_t55xx_wakup(){ int usage_t55xx_bruteforce(){ PrintAndLog("This command uses A) bruteforce to scan a number range"); PrintAndLog(" B) a dictionary attack"); + PrintAndLog("press 'enter' to cancel the command"); PrintAndLog("Usage: lf t55xx bruteforce [h] [i <*.dic>]"); PrintAndLog(" password must be 4 bytes (8 hex symbols)"); PrintAndLog("Options:"); @@ -166,6 +146,7 @@ int usage_t55xx_bruteforce(){ } int usage_t55xx_recoverpw(){ PrintAndLog("This command uses a few tricks to try to recover mangled password"); + PrintAndLog("press 'enter' to cancel the command"); PrintAndLog("WARNING: this may brick non-password protected chips!"); PrintAndLog("Usage: lf t55xx recoverpw [password]"); PrintAndLog(" password must be 4 bytes (8 hex symbols)"); @@ -195,8 +176,8 @@ static int CmdHelp(const char *Cmd); void printT5xxHeader(uint8_t page){ PrintAndLog("Reading Page %d:", page); - PrintAndLog("blk | hex data | binary"); - PrintAndLog("----+----------+---------------------------------"); + PrintAndLog("blk | hex data | binary | ascii"); + PrintAndLog("----+----------+----------------------------------+-------"); } int CmdT55xxSetConfig(const char *Cmd) { @@ -674,13 +655,46 @@ bool tryDetectModulation(){ return TRUE; } + bool retval = FALSE; if ( hits > 1) { PrintAndLog("Found [%d] possible matches for modulation.",hits); for(int i=0; i FILE_PATH_SIZE) len = FILE_PATH_SIZE; memcpy(filename, Cmd+2, len); - FILE * f = fopen( filename , "r"); - + FILE * f = fopen( filename , "r"); if ( !f ) { PrintAndLog("File: %s: not found or locked.", filename); free(keyBlock); return 1; } - - while( fgets(buf, sizeof(buf), f) ){ - if (strlen(buf) < 8 || buf[7] == '\n') continue; - while (fgetc(f) != '\n' && !feof(f)) ; //goto next line - + while( fgets(line, sizeof(line), f) ){ + if (strlen(line) < 8 || line[7] == '\n') continue; + + //goto next line + while (fgetc(f) != '\n' && !feof(f)) ; + //The line start with # is comment, skip - if( buf[0]=='#' ) continue; + if( line[0]=='#' ) continue; - if (!isxdigit(buf[0])){ - PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf); + if (!isxdigit(line[0])) { + PrintAndLog("File content error. '%s' must include 8 HEX symbols", line); continue; } - buf[8] = 0; - + line[8] = 0; + + // realloc keyblock array size. if ( stKeyBlock - keycnt < 2) { - p = realloc(keyBlock, 6*(stKeyBlock+=10)); + p = realloc(keyBlock, 4 * (stKeyBlock += 10)); if (!p) { PrintAndLog("Cannot allocate memory for defaultKeys"); free(keyBlock); - if (f) { + if (f) fclose(f); - f = NULL; - } return 2; } keyBlock = p; } + // clear mem memset(keyBlock + 4 * keycnt, 0, 4); - num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt); - PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4)); - keycnt++; - memset(buf, 0, sizeof(buf)); + + num_to_bytes( strtoll(line, NULL, 16), 4, keyBlock + 4*keycnt); + + PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4 * keycnt, 4) ); + keycnt++; + memset(line, 0, sizeof(line)); } - if (f) { + if (f) fclose(f); - f = NULL; - } + if (keycnt == 0) { PrintAndLog("No keys found in file"); free(keyBlock); @@ -1519,11 +1547,14 @@ int CmdT55xxBruteForce(const char *Cmd) { // loop uint64_t testpwd = 0x00; for (uint16_t c = 0; c < keycnt; ++c ) { - - if (ukbhit()) { - ch = getchar(); - (void)ch; - printf("\naborted via keyboard!\n"); + + if ( offline ) { + printf("Device offline\n"); + free(keyBlock); + return 2; + } + + if (IsCancelled()) { free(keyBlock); return 0; } @@ -1531,20 +1562,18 @@ int CmdT55xxBruteForce(const char *Cmd) { testpwd = bytes_to_num(keyBlock + 4*c, 4); PrintAndLog("Testing %08X", testpwd); - - + if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) { - PrintAndLog("Aquireing data from device failed. Quitting"); + PrintAndLog("Acquire data from device failed. Quitting"); free(keyBlock); return 0; } found = tryDetectModulation(); - if ( found ) { PrintAndLog("Found valid password: [%08X]", testpwd); - free(keyBlock); - return 0; + //free(keyBlock); + //return 0; } } PrintAndLog("Password NOT found."); @@ -1571,16 +1600,14 @@ int CmdT55xxBruteForce(const char *Cmd) { printf("."); fflush(stdout); - if (ukbhit()) { - ch = getchar(); - (void)ch; - printf("\naborted via keyboard!\n"); + + if (IsCancelled()) { free(keyBlock); return 0; } if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) { - PrintAndLog("Aquireing data from device failed. Quitting"); + PrintAndLog("Acquire data from device failed. Quitting"); free(keyBlock); return 0; } @@ -1604,13 +1631,14 @@ int CmdT55xxBruteForce(const char *Cmd) { int tryOnePassword(uint32_t password) { PrintAndLog("Trying password %08x", password); if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) { - PrintAndLog("Aquireing data from device failed. Quitting"); + PrintAndLog("Acquire data from device failed. Quitting"); return -1; } if (tryDetectModulation()) return 1; - else return 0; + else + return 0; } int CmdT55xxRecoverPW(const char *Cmd) { @@ -1620,21 +1648,19 @@ int CmdT55xxRecoverPW(const char *Cmd) { uint32_t prev_password = 0xffffffff; uint32_t mask = 0x0; int found = 0; - char cmdp = param_getchar(Cmd, 0); if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw(); orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners // first try fliping each bit in the expected password - while ((found != 1) && (bit < 32)) { + while (bit < 32) { curr_password = orig_password ^ ( 1 << bit ); found = tryOnePassword(curr_password); - if (found == 1) - goto done; - else if (found == -1) - return 0; + if (found == -1) return 0; bit++; + + if (IsCancelled()) return 0; } // now try to use partial original password, since block 7 should have been completely @@ -1643,7 +1669,7 @@ int CmdT55xxRecoverPW(const char *Cmd) { // not sure from which end the bit bits are written, so try from both ends // from low bit to high bit bit = 0; - while ((found != 1) && (bit < 32)) { + while (bit < 32) { mask += ( 1 << bit ); curr_password = orig_password & mask; // if updated mask didn't change the password, don't try it again @@ -1652,18 +1678,17 @@ int CmdT55xxRecoverPW(const char *Cmd) { continue; } found = tryOnePassword(curr_password); - if (found == 1) - goto done; - else if (found == -1) - return 0; + if (found == -1) return 0; bit++; - prev_password=curr_password; + prev_password = curr_password; + + if (IsCancelled()) return 0; } // from high bit to low bit = 0; mask = 0xffffffff; - while ((found != 1) && (bit < 32)) { + while (bit < 32) { mask -= ( 1 << bit ); curr_password = orig_password & mask; // if updated mask didn't change the password, don't try it again @@ -1672,14 +1697,14 @@ int CmdT55xxRecoverPW(const char *Cmd) { continue; } found = tryOnePassword(curr_password); - if (found == 1) - goto done; - else if (found == -1) + if (found == -1) return 0; bit++; - prev_password=curr_password; + prev_password = curr_password; + + if (IsCancelled()) return 0; } -done: + PrintAndLog(""); if (found == 1)