X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/58962d4c3e95ab489c5764db9dc0a3e07efbd30a..93048e8b8b427af92b8aa3a4655bd4fe7bd897f1:/client/cmdlft55xx.c diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index fc76e898..7684bcc7 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -10,7 +10,7 @@ #include #include #include -#include +//#include #include "proxmark3.h" #include "ui.h" #include "graph.h" @@ -22,8 +22,6 @@ #include "util.h" #include "data.h" #include "lfdemod.h" -#include "../common/crc.h" -#include "../common/iso14443crc.h" #include "cmdhf14a.h" #define T55x7_CONFIGURATION_BLOCK 0x00 @@ -166,7 +164,18 @@ int usage_t55xx_bruteforce(){ PrintAndLog(""); return 0; } - +int usage_t55xx_wipe(){ + PrintAndLog("Usage: lf t55xx wipe [h] [Q5]"); + PrintAndLog("This commands wipes a tag, fills blocks 1-7 with zeros and a default configuration block"); + PrintAndLog("Options:"); + PrintAndLog(" h - this help"); + PrintAndLog(" Q5 - indicates to use the T555 (Q5) default configuration block"); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx wipe - wipes a t55x7 tag, config block 0x000880E0"); + PrintAndLog(" lf t55xx wipe Q5 - wipes a t5555 Q5 tag, config block 0x6001F004"); + return 0; +} static int CmdHelp(const char *Cmd); void printT5xxHeader(uint8_t page){ @@ -1307,7 +1316,7 @@ void t55x7_create_config_block( int tagtype ){ switch (tagtype){ case 0: snprintf(retStr, sizeof(buf),"%08X - T55X7 Default", T55X7_DEFAULT_CONFIG_BLOCK); break; case 1: snprintf(retStr, sizeof(buf),"%08X - T55X7 Raw", T55X7_RAW_CONFIG_BLOCK); break; - //case 2: snprintf(retStr, sizeof(buf),"%08X - Q5 Default", Q5_DEFAULT_CONFIG_BLOCK); break; + case 2: snprintf(retStr, sizeof(buf),"%08X - T5555 Q5 Default", T5555_DEFAULT_CONFIG_BLOCK); break; default: break; } @@ -1334,21 +1343,28 @@ int CmdResetRead(const char *Cmd) { int CmdT55xxWipe(const char *Cmd) { char writeData[20] = {0}; char *ptrData = writeData; - + char cmdp = param_getchar(Cmd, 0); + if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_wipe(); + + bool Q5 = (cmdp == 'q' || cmdp == 'Q'); + + // Try with the default password to reset block 0 + // With a pwd should work even if pwd bit not set PrintAndLog("\nBeginning Wipe of a T55xx tag (assuming the tag is not password protected)\n"); + + if ( Q5 ){ + snprintf(ptrData,sizeof(writeData),"b 0 d 6001F004 p 0"); + } else { + snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0"); + } - //try with the default password to reset block 0 (with a pwd should work even if pwd bit not set) - snprintf(ptrData,sizeof(writeData),"b 0 d 000880E0 p 0"); - - if (!CmdT55xxWriteBlock(ptrData)) - PrintAndLog("Error writing blk 0"); + if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk 0"); for (uint8_t blk = 1; blk<8; blk++) { snprintf(ptrData,sizeof(writeData),"b %d d 0", blk); - if (!CmdT55xxWriteBlock(ptrData)) - PrintAndLog("Error writing blk %d", blk); + if (!CmdT55xxWriteBlock(ptrData)) PrintAndLog("Error writing blk %d", blk); memset(writeData,0x00, sizeof(writeData)); } @@ -1361,8 +1377,9 @@ int CmdT55xxBruteForce(const char *Cmd) { char buf[9]; char filename[FILE_PATH_SIZE]={0}; int keycnt = 0; + int c; uint8_t stKeyBlock = 20; - uint8_t *keyBlock = NULL, *p; + uint8_t *keyBlock = NULL, *p = NULL; keyBlock = calloc(stKeyBlock, 6); if (keyBlock == NULL) return 1; @@ -1371,7 +1388,10 @@ int CmdT55xxBruteForce(const char *Cmd) { bool found = false; char cmdp = param_getchar(Cmd, 0); - if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce(); + if (cmdp == 'h' || cmdp == 'H') { + free(keyBlock); + return usage_t55xx_bruteforce(); + } if (cmdp == 'i' || cmdp == 'I') { @@ -1407,6 +1427,7 @@ int CmdT55xxBruteForce(const char *Cmd) { if (!p) { PrintAndLog("Cannot allocate memory for defaultKeys"); free(keyBlock); + fclose(f); return 2; } keyBlock = p; @@ -1421,6 +1442,7 @@ int CmdT55xxBruteForce(const char *Cmd) { if (keycnt == 0) { PrintAndLog("No keys found in file"); + free(keyBlock); return 1; } PrintAndLog("Loaded %d keys", keycnt); @@ -1430,8 +1452,10 @@ int CmdT55xxBruteForce(const char *Cmd) { for (uint16_t c = 0; c < keycnt; ++c ) { if (ukbhit()) { - getchar(); + c = getchar(); + (void)c; printf("\naborted via keyboard!\n"); + free(keyBlock); return 0; } @@ -1442,6 +1466,7 @@ int CmdT55xxBruteForce(const char *Cmd) { if ( !AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd)) { PrintAndLog("Aquireing data from device failed. Quitting"); + free(keyBlock); return 0; } @@ -1449,10 +1474,12 @@ int CmdT55xxBruteForce(const char *Cmd) { if ( found ) { PrintAndLog("Found valid password: [%08X]", testpwd); + free(keyBlock); return 0; } } PrintAndLog("Password NOT found."); + free(keyBlock); return 0; } @@ -1462,7 +1489,10 @@ int CmdT55xxBruteForce(const char *Cmd) { start_password = param_get32ex(Cmd, 0, 0, 16); end_password = param_get32ex(Cmd, 1, 0, 16); - if ( start_password >= end_password ) return usage_t55xx_bruteforce(); + if ( start_password >= end_password ) { + free(keyBlock); + return usage_t55xx_bruteforce(); + } PrintAndLog("Search password range [%08X -> %08X]", start_password, end_password); @@ -1473,13 +1503,16 @@ int CmdT55xxBruteForce(const char *Cmd) { printf("."); fflush(stdout); if (ukbhit()) { - getchar(); + c = getchar(); + (void)c; printf("\naborted via keyboard!\n"); + free(keyBlock); return 0; } if (!AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, i)) { PrintAndLog("Aquireing data from device failed. Quitting"); + free(keyBlock); return 0; } found = tryDetectModulation(); @@ -1494,6 +1527,8 @@ int CmdT55xxBruteForce(const char *Cmd) { PrintAndLog("Found valid password: [%08x]", i); else PrintAndLog("Password NOT found. Last tried: [%08x]", --i); + + free(keyBlock); return 0; }