X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/3e5b5bb2da079dae34dc42ff3947e2d9384f1992..be67483e63430608982f1c92e02b59d7b4dc65b3:/client/cmdlft55xx.c diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 0544d072..5b650b30 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -6,28 +6,7 @@ //----------------------------------------------------------------------------- // Low frequency T55xx commands //----------------------------------------------------------------------------- - -#include -#include -#include -#include "proxmark3.h" -#include "ui.h" -#include "graph.h" -#include "cmdmain.h" -#include "cmdparser.h" -#include "cmddata.h" -#include "cmdlf.h" #include "cmdlft55xx.h" -#include "util.h" -#include "data.h" -#include "lfdemod.h" -#include "cmdhf14a.h" //for getTagInfo - -#define T55x7_CONFIGURATION_BLOCK 0x00 -#define T55x7_PAGE0 0x00 -#define T55x7_PAGE1 0x01 -#define T55x7_PWD 0x00000010 -#define REGULAR_READ_MODE_BLOCK 0xFF // Default configuration t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offset = 0x00, .block0 = 0x00, .Q5 = FALSE }; @@ -150,6 +129,7 @@ int usage_t55xx_wakup(){ int usage_t55xx_bruteforce(){ PrintAndLog("This command uses A) bruteforce to scan a number range"); PrintAndLog(" B) a dictionary attack"); + PrintAndLog("press 'enter' to cancel the command"); PrintAndLog("Usage: lf t55xx bruteforce [h] [i <*.dic>]"); PrintAndLog(" password must be 4 bytes (8 hex symbols)"); PrintAndLog("Options:"); @@ -166,6 +146,7 @@ int usage_t55xx_bruteforce(){ } int usage_t55xx_recoverpw(){ PrintAndLog("This command uses a few tricks to try to recover mangled password"); + PrintAndLog("press 'enter' to cancel the command"); PrintAndLog("WARNING: this may brick non-password protected chips!"); PrintAndLog("Usage: lf t55xx recoverpw [password]"); PrintAndLog(" password must be 4 bytes (8 hex symbols)"); @@ -195,8 +176,8 @@ static int CmdHelp(const char *Cmd); void printT5xxHeader(uint8_t page){ PrintAndLog("Reading Page %d:", page); - PrintAndLog("blk | hex data | binary | ascii"); - PrintAndLog("----+----------+---------------------------------+-------"); + PrintAndLog("blk | hex data | binary | ascii"); + PrintAndLog("----+----------+----------------------------------+-------"); } int CmdT55xxSetConfig(const char *Cmd) { @@ -634,6 +615,7 @@ bool tryDetectModulation(){ tests[hits].ST = FALSE; ++hits; } + //ICEMAN: are these PSKDemod calls needed? // PSK2 - needs a call to psk1TOpsk2. if ( PSKDemod("0 0 6", FALSE)) { psk1TOpsk2(DemodBuffer, DemodBufferLen); @@ -907,8 +889,8 @@ int special(const char *Cmd) { uint32_t blockData = 0; uint8_t bits[32] = {0x00}; - PrintAndLog("OFFSET | DATA | BINARY | ASCII"); - PrintAndLog("-------+-------+------------------------------------+------"); + PrintAndLog("OFFSET | DATA | BINARY | ASCII"); + PrintAndLog("-------+-------+-------------------------------------+------"); int i,j = 0; for (; j < 64; ++j){ @@ -1429,10 +1411,9 @@ void t55x7_create_config_block( int tagtype ){ int CmdResetRead(const char *Cmd) { UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}}; - clearCommandBuffer(); SendCommand(&c); - if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) { + if ( !WaitForResponseTimeout(CMD_ACK, NULL, 2500) ) { PrintAndLog("command execution time out"); return 0; } @@ -1474,23 +1455,34 @@ int CmdT55xxWipe(const char *Cmd) { return 0; } +bool IsCancelled(void) { + if (ukbhit()) { + int ch = getchar(); + (void)ch; + printf("\naborted via keyboard!\n"); + return TRUE; + } + return FALSE; +} + int CmdT55xxBruteForce(const char *Cmd) { // load a default pwd file. - char buf[9]; + char line[9]; char filename[FILE_PATH_SIZE]={0}; int keycnt = 0; - int ch; uint8_t stKeyBlock = 20; uint8_t *keyBlock = NULL, *p = NULL; uint32_t start_password = 0x00000000; //start password uint32_t end_password = 0xFFFFFFFF; //end password bool found = false; + memset(line, 0, sizeof(line)); + char cmdp = param_getchar(Cmd, 0); if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce(); - keyBlock = calloc(stKeyBlock, 6); + keyBlock = calloc(stKeyBlock, 4); if (keyBlock == NULL) return 1; if (cmdp == 'i' || cmdp == 'I') { @@ -1505,45 +1497,47 @@ int CmdT55xxBruteForce(const char *Cmd) { free(keyBlock); return 1; } - - while( fgets(buf, sizeof(buf), f) ){ - if (strlen(buf) < 8 || buf[7] == '\n') continue; - while (fgetc(f) != '\n' && !feof(f)) ; //goto next line - + while( fgets(line, sizeof(line), f) ){ + if (strlen(line) < 8 || line[7] == '\n') continue; + + //goto next line + while (fgetc(f) != '\n' && !feof(f)) ; + //The line start with # is comment, skip - if( buf[0]=='#' ) continue; + if( line[0]=='#' ) continue; - if (!isxdigit(buf[0])){ - PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf); + if (!isxdigit(line[0])) { + PrintAndLog("File content error. '%s' must include 8 HEX symbols", line); continue; } - buf[8] = 0; - + line[8] = 0; + + // realloc keyblock array size. if ( stKeyBlock - keycnt < 2) { - p = realloc(keyBlock, 6*(stKeyBlock+=10)); + p = realloc(keyBlock, 4 * (stKeyBlock += 10)); if (!p) { PrintAndLog("Cannot allocate memory for defaultKeys"); free(keyBlock); - if (f) { + if (f) fclose(f); - f = NULL; - } return 2; } keyBlock = p; } + // clear mem memset(keyBlock + 4 * keycnt, 0, 4); - num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt); - PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4)); - keycnt++; - memset(buf, 0, sizeof(buf)); + + num_to_bytes( strtoll(line, NULL, 16), 4, keyBlock + 4*keycnt); + + PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4 * keycnt, 4) ); + keycnt++; + memset(line, 0, sizeof(line)); } - if (f) { + if (f) fclose(f); - f = NULL; - } + if (keycnt == 0) { PrintAndLog("No keys found in file"); free(keyBlock); @@ -1561,10 +1555,7 @@ int CmdT55xxBruteForce(const char *Cmd) { return 2; } - if (ukbhit()) { - ch = getchar(); - (void)ch; - printf("\naborted via keyboard!\n"); + if (IsCancelled()) { free(keyBlock); return 0; } @@ -1574,7 +1565,7 @@ int CmdT55xxBruteForce(const char *Cmd) { PrintAndLog("Testing %08X", testpwd); if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) { - PrintAndLog("Aquireing data from device failed. Quitting"); + PrintAndLog("Acquire data from device failed. Quitting"); free(keyBlock); return 0; } @@ -1582,8 +1573,8 @@ int CmdT55xxBruteForce(const char *Cmd) { found = tryDetectModulation(); if ( found ) { PrintAndLog("Found valid password: [%08X]", testpwd); - free(keyBlock); - return 0; + //free(keyBlock); + //return 0; } } PrintAndLog("Password NOT found."); @@ -1610,16 +1601,14 @@ int CmdT55xxBruteForce(const char *Cmd) { printf("."); fflush(stdout); - if (ukbhit()) { - ch = getchar(); - (void)ch; - printf("\naborted via keyboard!\n"); + + if (IsCancelled()) { free(keyBlock); return 0; } if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) { - PrintAndLog("Aquireing data from device failed. Quitting"); + PrintAndLog("Acquire data from device failed. Quitting"); free(keyBlock); return 0; } @@ -1643,7 +1632,7 @@ int CmdT55xxBruteForce(const char *Cmd) { int tryOnePassword(uint32_t password) { PrintAndLog("Trying password %08x", password); if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, password)) { - PrintAndLog("Aquireing data from device failed. Quitting"); + PrintAndLog("Acquire data from device failed. Quitting"); return -1; } @@ -1660,21 +1649,19 @@ int CmdT55xxRecoverPW(const char *Cmd) { uint32_t prev_password = 0xffffffff; uint32_t mask = 0x0; int found = 0; - char cmdp = param_getchar(Cmd, 0); if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_recoverpw(); orig_password = param_get32ex(Cmd, 0, 0x51243648, 16); //password used by handheld cloners // first try fliping each bit in the expected password - while ((found != 1) && (bit < 32)) { + while (bit < 32) { curr_password = orig_password ^ ( 1 << bit ); found = tryOnePassword(curr_password); - if (found == 1) - goto done; - else if (found == -1) - return 0; + if (found == -1) return 0; bit++; + + if (IsCancelled()) return 0; } // now try to use partial original password, since block 7 should have been completely @@ -1683,7 +1670,7 @@ int CmdT55xxRecoverPW(const char *Cmd) { // not sure from which end the bit bits are written, so try from both ends // from low bit to high bit bit = 0; - while ((found != 1) && (bit < 32)) { + while (bit < 32) { mask += ( 1 << bit ); curr_password = orig_password & mask; // if updated mask didn't change the password, don't try it again @@ -1692,18 +1679,17 @@ int CmdT55xxRecoverPW(const char *Cmd) { continue; } found = tryOnePassword(curr_password); - if (found == 1) - goto done; - else if (found == -1) - return 0; + if (found == -1) return 0; bit++; - prev_password=curr_password; + prev_password = curr_password; + + if (IsCancelled()) return 0; } // from high bit to low bit = 0; mask = 0xffffffff; - while ((found != 1) && (bit < 32)) { + while (bit < 32) { mask -= ( 1 << bit ); curr_password = orig_password & mask; // if updated mask didn't change the password, don't try it again @@ -1712,14 +1698,14 @@ int CmdT55xxRecoverPW(const char *Cmd) { continue; } found = tryOnePassword(curr_password); - if (found == 1) - goto done; - else if (found == -1) + if (found == -1) return 0; bit++; - prev_password=curr_password; + prev_password = curr_password; + + if (IsCancelled()) return 0; } -done: + PrintAndLog(""); if (found == 1)