case CMD_HID_SIM_TAG:
CmdHIDsimTAG(c->arg[0], c->arg[1], 1); // Simulate HID tag by ID
break;
- case CMD_HID_CLONE_TAG:
- CopyHIDtoT55x7(c->arg[0], c->arg[1]); // Clone HID tag by ID to T55x7
+ case CMD_HID_CLONE_TAG: // Clone HID tag by ID to T55x7
+ CopyHIDtoT55x7(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
break;
case CMD_EM410X_WRITE_TAG:
WriteEM410x(c->arg[0], c->arg[1], c->arg[2]);
case CMD_INDALA_CLONE_TAG_L: // Clone Indala 224-bit tag by UID to T55x7
CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]);
break;
+ case CMD_T55XX_READ_BLOCK:
+ T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]);
+ break;
+ case CMD_T55XX_WRITE_BLOCK:
+ T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
+ break;
+ case CMD_T55XX_READ_TRACE: // Clone HID tag by ID to T55x7
+ T55xxReadTrace();
+ break;
#endif
#ifdef WITH_HITAG
void CmdHIDsimTAG(int hi, int lo, int ledcontrol);
void CmdHIDdemodFSK(int findone, int *high, int *low, int ledcontrol);
void SimulateTagLowFrequencyBidir(int divisor, int max_bitlen);
-void CopyHIDtoT55x7(int hi, int lo); // Clone an HID card to T5557/T5567
+void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // Clone an HID card to T5557/T5567
void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo);
void CopyIndala64toT55x7(int hi, int lo); // Clone Indala 64-bit tag by UID to T55x7
void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7); // Clone Indala 224-bit tag by UID to T55x7
+void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode);
+void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode );
+void T55xxReadTrace(void);
/// iso14443.h
void SimulateIso14443Tag(void);
{
uint8_t *dest = (uint8_t *)BigBuf;
int m=0, n=0, i=0, idx=0, found=0, lastval=0;
- uint32_t hi=0, lo=0;
+ uint32_t hi2=0, hi=0, lo=0;
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
{
found=1;
idx+=6;
- if (found && (hi|lo)) {
- Dbprintf("TAG ID: %x%08x (%d)",
- (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ if (found && (hi2|hi|lo)) {
+ if (hi2 != 0){
+ Dbprintf("TAG ID: %x%08x%08x (%d)",
+ (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ }
+ else {
+ Dbprintf("TAG ID: %x%08x (%d)",
+ (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ }
/* if we're only looking for one tag */
if (findone)
{
*low = lo;
return;
}
+ hi2=0;
hi=0;
lo=0;
found=0;
}
if (found) {
if (dest[idx] && (!dest[idx+1]) ) {
+ hi2=(hi2<<1)|(hi>>31);
hi=(hi<<1)|(lo>>31);
lo=(lo<<1)|0;
} else if ( (!dest[idx]) && dest[idx+1]) {
+ hi2=(hi2<<1)|(hi>>31);
hi=(hi<<1)|(lo>>31);
lo=(lo<<1)|1;
} else {
found=0;
+ hi2=0;
hi=0;
lo=0;
}
found=1;
idx+=6;
if (found && (hi|lo)) {
- Dbprintf("TAG ID: %x%08x (%d)",
- (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ if (hi2 != 0){
+ Dbprintf("TAG ID: %x%08x%08x (%d)",
+ (unsigned int) hi2, (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ }
+ else {
+ Dbprintf("TAG ID: %x%08x (%d)",
+ (unsigned int) hi, (unsigned int) lo, (unsigned int) (lo>>1) & 0xFFFF);
+ }
/* if we're only looking for one tag */
if (findone)
{
*low = lo;
return;
}
+ hi2=0;
hi=0;
lo=0;
found=0;
}
}
+
/*------------------------------
* T5555/T5557/T5567 routines
*------------------------------
}
// Write one card block in page 0, no lock
-void T55xxWriteBlock(int Data, int Block)
+void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
{
unsigned int i;
// Opcode
T55xxWriteBit(1);
T55xxWriteBit(0); //Page 0
+ if (PwdMode == 1){
+ // Pwd
+ for (i = 0x80000000; i != 0; i >>= 1)
+ T55xxWriteBit(Pwd & i);
+ }
// Lock bit
T55xxWriteBit(0);
for (i = 0x80000000; i != 0; i >>= 1)
T55xxWriteBit(Data & i);
- // Page
+ // Block
for (i = 0x04; i != 0; i >>= 1)
T55xxWriteBit(Block & i);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
}
-// Copy HID id to card and setup block 0 config
-void CopyHIDtoT55x7(int hi, int lo)
+
+// Read one card block in page 0
+void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode)
{
- int data1, data2, data3;
+ uint8_t *dest = (uint8_t *)BigBuf;
+ int m=0, i=0;
+
+ m = sizeof(BigBuf);
+ // Clear destination buffer before sending the command
+ memset(dest, 128, m);
+ // Connect the A/D to the peak-detected low-frequency path.
+ SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
+ // Now set up the SSC to get the ADC samples that are now streaming at us.
+ FpgaSetupSsc();
- // Ensure no more than 44 bits supplied
- if (hi>0xFFF) {
- DbpString("Tags can only have 44 bits.");
- return;
- }
+ LED_D_ON();
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
- // Build the 3 data blocks for supplied 44bit ID
- data1 = 0x1D000000; // load preamble
+ // Give it a bit of time for the resonant antenna to settle.
+ // And for the tag to fully power up
+ SpinDelay(150);
- for (int i=0;i<12;i++) {
- if (hi & (1<<(11-i)))
- data1 |= (1<<(((11-i)*2)+1)); // 1 -> 10
- else
- data1 |= (1<<((11-i)*2)); // 0 -> 01
- }
+ // Now start writting
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ SpinDelayUs(START_GAP);
- data2 = 0;
- for (int i=0;i<16;i++) {
- if (lo & (1<<(31-i)))
- data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
- else
- data2 |= (1<<((15-i)*2)); // 0 -> 01
+ // Opcode
+ T55xxWriteBit(1);
+ T55xxWriteBit(0); //Page 0
+ if (PwdMode == 1){
+ // Pwd
+ for (i = 0x80000000; i != 0; i >>= 1)
+ T55xxWriteBit(Pwd & i);
+ }
+ // Lock bit
+ T55xxWriteBit(0);
+ // Block
+ for (i = 0x04; i != 0; i >>= 1)
+ T55xxWriteBit(Block & i);
+
+ // Turn field on to read the response
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+
+ // Now do the acquisition
+ i = 0;
+ for(;;) {
+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
+ AT91C_BASE_SSC->SSC_THR = 0x43;
+ }
+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
+ dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+ // we don't care about actual value, only if it's more or less than a
+ // threshold essentially we capture zero crossings for later analysis
+// if(dest[i] < 127) dest[i] = 0; else dest[i] = 1;
+ i++;
+ if (i >= m) break;
+ }
}
- data3 = 0;
- for (int i=0;i<16;i++) {
- if (lo & (1<<(15-i)))
- data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
- else
- data3 |= (1<<((15-i)*2)); // 0 -> 01
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+ LED_D_OFF();
+ DbpString("DONE!");
+}
+
+// Read card traceability data (page 1)
+void T55xxReadTrace(void){
+ uint8_t *dest = (uint8_t *)BigBuf;
+ int m=0, i=0;
+
+ m = sizeof(BigBuf);
+ // Clear destination buffer before sending the command
+ memset(dest, 128, m);
+ // Connect the A/D to the peak-detected low-frequency path.
+ SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
+ // Now set up the SSC to get the ADC samples that are now streaming at us.
+ FpgaSetupSsc();
+
+ LED_D_ON();
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+
+ // Give it a bit of time for the resonant antenna to settle.
+ // And for the tag to fully power up
+ SpinDelay(150);
+
+ // Now start writting
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ SpinDelayUs(START_GAP);
+
+ // Opcode
+ T55xxWriteBit(1);
+ T55xxWriteBit(1); //Page 1
+
+ // Turn field on to read the response
+ FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
+
+ // Now do the acquisition
+ i = 0;
+ for(;;) {
+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
+ AT91C_BASE_SSC->SSC_THR = 0x43;
+ }
+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
+ dest[i] = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+ i++;
+ if (i >= m) break;
+ }
}
- // Program the 3 data blocks for supplied 44bit ID
- // and the block 0 for HID format
- T55xxWriteBlock(data1,1);
- T55xxWriteBlock(data2,2);
- T55xxWriteBlock(data3,3);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+ LED_D_OFF();
+ DbpString("DONE!");
+}
- // Config for HID (RF/50, FSK2a, Maxblock=3)
+/*-------------- Cloning routines -----------*/
+// Copy HID id to card and setup block 0 config
+void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT)
+{
+ int data1, data2, data3, data4, data5, data6; //up to six blocks for long format
+ int last_block = 0;
+
+ if (longFMT){
+ // Ensure no more than 84 bits supplied
+ if (hi2>0xFFFFF) {
+ DbpString("Tags can only have 84 bits.");
+ return;
+ }
+ // Build the 6 data blocks for supplied 84bit ID
+ last_block = 6;
+ data1 = 0x1D96A900; // load preamble (1D) & long format identifier (9E manchester encoded)
+ for (int i=0;i<4;i++) {
+ if (hi2 & (1<<(19-i)))
+ data1 |= (1<<(((3-i)*2)+1)); // 1 -> 10
+ else
+ data1 |= (1<<((3-i)*2)); // 0 -> 01
+ }
+
+ data2 = 0;
+ for (int i=0;i<16;i++) {
+ if (hi2 & (1<<(15-i)))
+ data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+ else
+ data2 |= (1<<((15-i)*2)); // 0 -> 01
+ }
+
+ data3 = 0;
+ for (int i=0;i<16;i++) {
+ if (hi & (1<<(31-i)))
+ data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+ else
+ data3 |= (1<<((15-i)*2)); // 0 -> 01
+ }
+
+ data4 = 0;
+ for (int i=0;i<16;i++) {
+ if (hi & (1<<(15-i)))
+ data4 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+ else
+ data4 |= (1<<((15-i)*2)); // 0 -> 01
+ }
+
+ data5 = 0;
+ for (int i=0;i<16;i++) {
+ if (lo & (1<<(31-i)))
+ data5 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+ else
+ data5 |= (1<<((15-i)*2)); // 0 -> 01
+ }
+
+ data6 = 0;
+ for (int i=0;i<16;i++) {
+ if (lo & (1<<(15-i)))
+ data6 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+ else
+ data6 |= (1<<((15-i)*2)); // 0 -> 01
+ }
+ }
+ else {
+ // Ensure no more than 44 bits supplied
+ if (hi>0xFFF) {
+ DbpString("Tags can only have 44 bits.");
+ return;
+ }
+
+ // Build the 3 data blocks for supplied 44bit ID
+ last_block = 3;
+
+ data1 = 0x1D000000; // load preamble
+
+ for (int i=0;i<12;i++) {
+ if (hi & (1<<(12-i)))
+ data1 |= (1<<(((12-i)*2)+1)); // 1 -> 10
+ else
+ data1 |= (1<<((12-i)*2)); // 0 -> 01
+ }
+
+ data2 = 0;
+ for (int i=0;i<16;i++) {
+ if (lo & (1<<(31-i)))
+ data2 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+ else
+ data2 |= (1<<((15-i)*2)); // 0 -> 01
+ }
+
+ data3 = 0;
+ for (int i=0;i<16;i++) {
+ if (lo & (1<<(15-i)))
+ data3 |= (1<<(((15-i)*2)+1)); // 1 -> 10
+ else
+ data3 |= (1<<((15-i)*2)); // 0 -> 01
+ }
+ }
+
+ LED_D_ON();
+ // Program the data blocks for supplied ID
+ // and the block 0 for HID format
+ T55xxWriteBlock(data1,1,0,0);
+ T55xxWriteBlock(data2,2,0,0);
+ T55xxWriteBlock(data3,3,0,0);
+
+ if (longFMT) { // if long format there are 6 blocks
+ T55xxWriteBlock(data4,4,0,0);
+ T55xxWriteBlock(data5,5,0,0);
+ T55xxWriteBlock(data6,6,0,0);
+ }
+
+ // Config for HID (RF/50, FSK2a, Maxblock=3 for short/6 for long)
T55xxWriteBlock(T55x7_BITRATE_RF_50 |
T55x7_MODULATION_FSK2a |
- 3 << T55x7_MAXBLOCK_SHIFT,
- 0);
-
+ last_block << T55x7_MAXBLOCK_SHIFT,
+ 0,0,0);
+
+ LED_D_OFF();
+
DbpString("DONE!");
}
LED_D_ON();
// Write EM410x ID
- T55xxWriteBlock((uint32_t)(id >> 32), 1);
- T55xxWriteBlock((uint32_t)id, 2);
+ T55xxWriteBlock((uint32_t)(id >> 32), 1, 0, 0);
+ T55xxWriteBlock((uint32_t)id, 2, 0, 0);
// Config for EM410x (RF/64, Manchester, Maxblock=2)
if (card)
T55xxWriteBlock(T55x7_BITRATE_RF_64 |
T55x7_MODULATION_MANCHESTER |
2 << T55x7_MAXBLOCK_SHIFT,
- 0);
+ 0, 0, 0);
else
// Writing configuration for T5555(Q5) tag
T55xxWriteBlock(0x1F << T5555_BITRATE_SHIFT |
T5555_MODULATION_MANCHESTER |
2 << T5555_MAXBLOCK_SHIFT,
- 0);
+ 0, 0, 0);
LED_D_OFF();
Dbprintf("Tag %s written with 0x%08x%08x\n", card ? "T55x7":"T5555",
//Program the 2 data blocks for supplied 64bit UID
// and the block 0 for Indala64 format
- T55xxWriteBlock(hi,1);
- T55xxWriteBlock(lo,2);
+ T55xxWriteBlock(hi,1,0,0);
+ T55xxWriteBlock(lo,2,0,0);
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=2)
T55xxWriteBlock(T55x7_BITRATE_RF_32 |
T55x7_MODULATION_PSK1 |
2 << T55x7_MAXBLOCK_SHIFT,
- 0);
+ 0,0,0);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=2;Inverse data)
// T5567WriteBlock(0x603E1042,0);
//Program the 7 data blocks for supplied 224bit UID
// and the block 0 for Indala224 format
- T55xxWriteBlock(uid1,1);
- T55xxWriteBlock(uid2,2);
- T55xxWriteBlock(uid3,3);
- T55xxWriteBlock(uid4,4);
- T55xxWriteBlock(uid5,5);
- T55xxWriteBlock(uid6,6);
- T55xxWriteBlock(uid7,7);
+ T55xxWriteBlock(uid1,1,0,0);
+ T55xxWriteBlock(uid2,2,0,0);
+ T55xxWriteBlock(uid3,3,0,0);
+ T55xxWriteBlock(uid4,4,0,0);
+ T55xxWriteBlock(uid5,5,0,0);
+ T55xxWriteBlock(uid6,6,0,0);
+ T55xxWriteBlock(uid7,7,0,0);
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
T55xxWriteBlock(T55x7_BITRATE_RF_32 |
T55x7_MODULATION_PSK1 |
7 << T55x7_MAXBLOCK_SHIFT,
- 0);
+ 0,0,0);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0);
cmdlfhitag.c \
cmdlfti.c \
cmdparser.c \
- cmdmain.c
+ cmdmain.c \
+ cmdlft55xx.c
CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o)
PrintAndLog("Key not found (lfsr_common_prefix list is null). Nt=%08x", nt); \r
} else {\r
printf("------------------------------------------------------------------\n");\r
- PrintAndLog("Key found:%012llx \n", r_key);\r
+ PrintAndLog("Key found:%012I64x \n", r_key);\r
\r
num_to_bytes(r_key, 6, keyBlock);\r
isOK = mfCheckKeys(0, 0, 1, keyBlock, &r_key);\r
}\r
if (!isOK) \r
- PrintAndLog("Found valid key:%012llx", r_key);\r
+ PrintAndLog("Found valid key:%012I64x", r_key);\r
else\r
{\r
if (isOK != 2) PrintAndLog("Found invalid key. ( Nt=%08x ,Trying use it to run again...", nt); \r
if (res)\r
res = mfCheckKeys(trgBlockNo, trgKeyType, 8, &keyBlock[6 * 8], &key64);\r
if (!res) {\r
- PrintAndLog("Found valid key:%012llx", key64);\r
+ PrintAndLog("Found valid key:%012I64x", key64);\r
\r
// transfer key to the emulator\r
if (transferToEml) {\r
if (res)\r
res = mfCheckKeys(trgBlockNo, trgKeyType, 8, &keyBlock[6 * 8], &key64);\r
if (!res) {\r
- PrintAndLog("Found valid key:%012llx", key64); \r
+ PrintAndLog("Found valid key:%012I64x", key64); \r
e_sector[trgBlockNo / 4].foundKey[trgKeyType] = 1;\r
e_sector[trgBlockNo / 4].Key[trgKeyType] = key64;\r
}\r
PrintAndLog("|sec|key A |res|key B |res|");\r
PrintAndLog("|---|----------------|---|----------------|---|");\r
for (i = 0; i < SectorsCnt; i++) {\r
- PrintAndLog("|%03d| %012llx | %d | %012llx | %d |", i, \r
+ PrintAndLog("|%03d| %012I64x | %d | %012I64x | %d |", i, \r
e_sector[i].Key[0], e_sector[i].foundKey[0], e_sector[i].Key[1], e_sector[i].foundKey[1]);\r
}\r
PrintAndLog("|---|----------------|---|----------------|---|");\r
}\r
memset(keyBlock + 6 * keycnt, 0, 6);\r
num_to_bytes(strtoll(buf, NULL, 16), 6, keyBlock + 6*keycnt);\r
- PrintAndLog("chk custom key[%d] %012llx", keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));\r
+ PrintAndLog("chk custom key[%d] %012I64x", keycnt, bytes_to_num(keyBlock + 6*keycnt, 6));\r
keycnt++;\r
}\r
} else {\r
res = mfCheckKeys(b, t, size, keyBlock +6*c, &key64);\r
if (res !=1) {\r
if (!res) {\r
- PrintAndLog("Found valid key:[%012llx]",key64);\r
+ PrintAndLog("Found valid key:[%012I64x]",key64);\r
if (transferToEml) {\r
uint8_t block[16];\r
mfEmlGetMem(block, get_trailer_block(b), 1);\r
}\r
keyA = bytes_to_num(data, 6);\r
keyB = bytes_to_num(data + 10, 6);\r
- PrintAndLog("|%03d| %012llx | %012llx |", i, keyA, keyB);\r
+ PrintAndLog("|%03d| %012I64x | %012I64x |", i, keyA, keyB);\r
}\r
PrintAndLog("|---|----------------|----------------|");\r
\r
#include "cmdlfti.h"
#include "cmdlfem4x.h"
#include "cmdlfhitag.h"
+#include "cmdlft55xx.h"
static int CmdHelp(const char *Cmd);
{"ti", CmdLFTI, 1, "{ TI RFIDs... }"},
{"hitag", CmdLFHitag, 1, "{ Hitag tags and transponders... }"},
{"vchdemod", CmdVchDemod, 1, "['clone'] -- Demodulate samples for VeriChip"},
+ {"t55xx", CmdLFT55XX, 1, "{ T55xx RFIDs... }"},
{NULL, NULL, 0, NULL}
};
int CmdLFCommandRead(const char *Cmd);
int CmdFlexdemod(const char *Cmd);
int CmdIndalaDemod(const char *Cmd);
+int CmdIndalaClone(const char *Cmd);
int CmdLFRead(const char *Cmd);
int CmdLFSim(const char *Cmd);
int CmdLFSimBidir(const char *Cmd);
int CmdHIDClone(const char *Cmd)
{
- unsigned int hi = 0, lo = 0;
+ unsigned int hi2 = 0, hi = 0, lo = 0;
int n = 0, i = 0;
+ UsbCommand c;
- while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
- hi = (hi << 4) | (lo >> 28);
- lo = (lo << 4) | (n & 0xf);
+ if (strchr(Cmd,'l') != 0) {
+ while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
+ hi2 = (hi2 << 4) | (hi >> 28);
+ hi = (hi << 4) | (lo >> 28);
+ lo = (lo << 4) | (n & 0xf);
+ }
+
+ PrintAndLog("Cloning tag with long ID %x%08x%08x", hi2, hi, lo);
+
+ c.d.asBytes[0] = 1;
+ }
+ else {
+ while (sscanf(&Cmd[i++], "%1x", &n ) == 1) {
+ hi = (hi << 4) | (lo >> 28);
+ lo = (lo << 4) | (n & 0xf);
+ }
+
+ PrintAndLog("Cloning tag with ID %x%08x", hi, lo);
+
+ hi2 = 0;
+ c.d.asBytes[0] = 0;
}
- PrintAndLog("Cloning tag with ID %x%08x", hi, lo);
+ c.cmd = CMD_HID_CLONE_TAG;
+ c.arg[0] = hi2;
+ c.arg[1] = hi;
+ c.arg[2] = lo;
- UsbCommand c = {CMD_HID_CLONE_TAG, {hi, lo}};
SendCommand(&c);
return 0;
}
{
{"help", CmdHelp, 1, "This help"},
{"demod", CmdHIDDemod, 1, "Demodulate HID Prox Card II (not optimal)"},
- {"fskdemod", CmdHIDDemodFSK, 0, "Realtime HID FSK demodulator"},
- {"sim", CmdHIDSim, 0, "<ID> -- HID tag simulator"},
- {"clone", CmdHIDClone, 0, "<ID> -- Clone HID to T55x7 (tag must be in antenna)"},
+ {"fskdemod", CmdHIDDemodFSK, 1, "Realtime HID FSK demodulator"},
+ {"sim", CmdHIDSim, 1, "<ID> -- HID tag simulator"},
+ {"clone", CmdHIDClone, 1, "<ID> ['l'] -- Clone HID to T55x7 (tag must be in antenna)(option 'l' for 84bit ID)"},
{NULL, NULL, 0, NULL}
};
--- /dev/null
+//-----------------------------------------------------------------------------\r
+//\r
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
+// at your option, any later version. See the LICENSE.txt file for the text of\r
+// the license.\r
+//-----------------------------------------------------------------------------\r
+// Low frequency T55xx commands\r
+//-----------------------------------------------------------------------------\r
+\r
+#include <stdio.h>\r
+#include <string.h>\r
+#include <inttypes.h>\r
+#include "proxusb.h"\r
+#include "ui.h"\r
+#include "graph.h"\r
+#include "cmdparser.h"\r
+#include "cmddata.h"\r
+#include "cmdlf.h"\r
+#include "cmdlft55xx.h"\r
+\r
+static int CmdHelp(const char *Cmd);\r
+\r
+\r
+int CmdReadBlk(const char *Cmd)\r
+{\r
+ int Block = 8; //default to invalid block\r
+ UsbCommand c;\r
+\r
+ sscanf(Cmd, "%d", &Block);\r
+\r
+ if (Block > 7) {\r
+ PrintAndLog("Block must be between 0 and 7");\r
+ return 1;\r
+ } \r
+\r
+ PrintAndLog("Reading block %d", Block);\r
+\r
+ c.cmd = CMD_T55XX_READ_BLOCK;\r
+ c.d.asBytes[0] = 0x0; //Normal mode\r
+ c.arg[0] = 0;\r
+ c.arg[1] = Block;\r
+ c.arg[2] = 0;\r
+ SendCommand(&c);\r
+ return 0;\r
+}\r
+\r
+int CmdReadBlkPWD(const char *Cmd)\r
+{\r
+ int Block = 8; //default to invalid block\r
+ int Password = 0xFFFFFFFF; //default to blank Block 7\r
+ UsbCommand c;\r
+\r
+ sscanf(Cmd, "%d %x", &Block, &Password);\r
+\r
+ if (Block > 7) {\r
+ PrintAndLog("Block must be between 0 and 7");\r
+ return 1;\r
+ } \r
+\r
+ PrintAndLog("Reading block %d with password %08X", Block, Password);\r
+\r
+ c.cmd = CMD_T55XX_READ_BLOCK;\r
+ c.d.asBytes[0] = 0x1; //Password mode\r
+ c.arg[0] = 0;\r
+ c.arg[1] = Block;\r
+ c.arg[2] = Password;\r
+ SendCommand(&c);\r
+ return 0;\r
+}\r
+\r
+int CmdWriteBlk(const char *Cmd)\r
+{\r
+ int Block = 8; //default to invalid block\r
+ int Data = 0xFFFFFFFF; //default to blank Block \r
+ UsbCommand c;\r
+\r
+ sscanf(Cmd, "%x %d", &Data, &Block);\r
+\r
+ if (Block > 7) {\r
+ PrintAndLog("Block must be between 0 and 7");\r
+ return 1;\r
+ } \r
+\r
+ PrintAndLog("Writting block %d with data %08X", Block, Data);\r
+\r
+ c.cmd = CMD_T55XX_WRITE_BLOCK;\r
+ c.d.asBytes[0] = 0x0; //Normal mode\r
+ c.arg[0] = Data;\r
+ c.arg[1] = Block;\r
+ c.arg[2] = 0;\r
+ SendCommand(&c);\r
+ return 0;\r
+}\r
+\r
+int CmdWriteBlkPWD(const char *Cmd)\r
+{\r
+ int Block = 8; //default to invalid block\r
+ int Data = 0xFFFFFFFF; //default to blank Block \r
+ int Password = 0xFFFFFFFF; //default to blank Block 7\r
+ UsbCommand c;\r
+\r
+ sscanf(Cmd, "%x %d %x", &Data, &Block, &Password);\r
+\r
+ if (Block > 7) {\r
+ PrintAndLog("Block must be between 0 and 7");\r
+ return 1;\r
+ } \r
+\r
+ PrintAndLog("Writting block %d with data %08X and password %08X", Block, Data, Password);\r
+\r
+ c.cmd = CMD_T55XX_WRITE_BLOCK;\r
+ c.d.asBytes[0] = 0x1; //Password mode\r
+ c.arg[0] = Data;\r
+ c.arg[1] = Block;\r
+ c.arg[2] = Password;\r
+ SendCommand(&c);\r
+ return 0;\r
+}\r
+\r
+int CmdReadTrace(const char *Cmd)\r
+{\r
+\r
+ PrintAndLog("Reading traceability data");\r
+\r
+ UsbCommand c = {CMD_T55XX_READ_TRACE, {0, 0, 0}};\r
+ SendCommand(&c);\r
+ return 0;\r
+}\r
+\r
+static command_t CommandTable[] =\r
+{\r
+ {"help", CmdHelp, 1, "This help"},\r
+ {"readblock", CmdReadBlk, 1, "<Block> -- Read T55xx block data (page 0)"},\r
+ {"readblockPWD", CmdReadBlkPWD, 1, "<Block> <Password> -- Read T55xx block data in password mode(page 0)"},\r
+ {"writeblock", CmdWriteBlk, 1, "<Data> <Block> -- Write T55xx block data (page 0)"},\r
+ {"writeblockPWD", CmdWriteBlkPWD, 1, "<Data> <Block> <Password> -- Write T55xx block data in password mode(page 0)"},\r
+ {"readtrace", CmdReadTrace, 1, "Read T55xx traceability data (page 1)"},\r
+ {NULL, NULL, 0, NULL}\r
+};\r
+\r
+int CmdLFT55XX(const char *Cmd)\r
+{\r
+ CmdsParse(CommandTable, Cmd);\r
+ return 0;\r
+}\r
+\r
+int CmdHelp(const char *Cmd)\r
+{\r
+ CmdsHelp(CommandTable);\r
+ return 0;\r
+}\r
--- /dev/null
+//-----------------------------------------------------------------------------\r
+//\r
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
+// at your option, any later version. See the LICENSE.txt file for the text of\r
+// the license.\r
+//-----------------------------------------------------------------------------\r
+// Low frequency T55xx commands\r
+//-----------------------------------------------------------------------------\r
+\r
+#ifndef CMDLFT55XX_H__\r
+#define CMDLFT55XX_H__\r
+\r
+int CmdLFT55XX(const char *Cmd);\r
+\r
+int CmdReadBlk(const char *Cmd);\r
+int CmdReadBlkPWD(const char *Cmd);\r
+int CmdWriteBlk(const char *Cmd);\r
+int CmdWriteBLkPWD(const char *Cmd);\r
+int CmdReadTrace(const char *Cmd);\r
+\r
+#endif\r
#define CMD_INDALA_CLONE_TAG 0x0212
// for 224 bits UID
#define CMD_INDALA_CLONE_TAG_L 0x0213
+#define CMD_T55XX_READ_BLOCK 0x0214
+#define CMD_T55XX_WRITE_BLOCK 0x0215
+#define CMD_T55XX_READ_TRACE 0x0216
/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */
projects / proxmark3-svn / commitdiff