From: iceman1001 <iceman@iuse.se>
Date: Wed, 21 Oct 2015 07:12:33 +0000 (+0200)
Subject: ADD: 'LF T55X7 WAKEUP' command. For tags with AOR bit set, send this command...
X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/1c8fbeb93e82f6aafb885b57b9afbfadcf85c171
ADD: 'LF T55X7 WAKEUP' command. For tags with AOR bit set, send this command with password to wake tag up and be able to do a "LF SEARCH" etc on it.
CHG: Minor code changes on T55X7 code. Default password is back to 'FF FF FF FF',
REM: removed @marshmellow42 's wakeup option in "lf t55x7 read",
--- BASICALLY:
if a T55X7 tag has following bits set:
AOR - send wakeup command with pwd, to enable LF interacting with it.
PWD - send read/write/trace/info command with pwd. No need to send wakeup.
---
diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 4ccb8edc..8b8f2594 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -921,7 +921,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
setSamplingConfig((sample_config *) c->d.asBytes);
break;
case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
- cmd_send(CMD_ACK,SampleLF(c->arg[0]),0,0,0,0);
+ cmd_send(CMD_ACK, SampleLF(c->arg[0]),0,0,0,0);
break;
case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
ModThenAcquireRawAdcSamples125k(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
diff --git a/armsrc/lfops.c b/armsrc/lfops.c
index c070b87c..1d452fd3 100644
--- a/armsrc/lfops.c
+++ b/armsrc/lfops.c
@@ -1197,7 +1197,8 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod
// Read one card block in page 0
void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
LED_A_ON();
- uint8_t PwdMode = arg0 & 0xFF;
+ uint8_t PwdMode = arg0 & 0x01;
+ uint8_t Page = arg0 & 0x02;
uint32_t i = 0;
//clear buffer now so it does not interfere with timing later
@@ -1215,7 +1216,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
// Opcode 10
T55xxWriteBit(1);
- T55xxWriteBit(0); //Page 0
+ T55xxWriteBit(Page); //Page 0
if (PwdMode){
// Send Pwd
@@ -1245,33 +1246,45 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
// Read card traceability data (page 1)
void T55xxReadTrace(void){
- LED_A_ON();
+ // LED_A_ON();
- //clear buffer now so it does not interfere with timing later
- BigBuf_Clear_ext(false);
+ // uint8_t PwdMode = arg0 & 0xFF;
+ // uint32_t i = 0;
+
+ // //clear buffer now so it does not interfere with timing later
+ // BigBuf_Clear_ext(false);
- // Set up FPGA, 125kHz
- LFSetupFPGAForADC(95, true);
+ // // Set up FPGA, 125kHz
+ // LFSetupFPGAForADC(95, true);
- // Trigger T55x7 Direct Access Mode
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
-
- // Opcode 11
- T55xxWriteBit(1);
- T55xxWriteBit(1); //Page 1
-
- // Turn field on to read the response
- TurnReadLFOn(READ_GAP);
+ // // Trigger T55x7 Direct Access Mode
+ // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ // SpinDelayUs(START_GAP);
+
+ // // Opcode 11
+ // T55xxWriteBit(1);
+ // T55xxWriteBit(1); //Page 1
+
+ // if (PwdMode){
+ // // Send Pwd
+ // for (i = 0x80000000; i != 0; i >>= 1)
+ // T55xxWriteBit(Pwd & i);
+ // }
+
+ // // Send a zero bit separation
+ // T55xxWriteBit(0);
+
+ // // Turn field on to read the response
+ // TurnReadLFOn(READ_GAP);
- // Acquisition
- doT55x7Acquisition();
+ // // Acquisition
+ // doT55x7Acquisition();
- // turn field off
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- cmd_send(CMD_ACK,0,0,0,0,0);
- LED_A_OFF();
- LED_B_OFF();
+ // // turn field off
+ // FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ // cmd_send(CMD_ACK,0,0,0,0,0);
+ // LED_A_OFF();
+ // LED_B_OFF();
}
void T55xxWakeUp(uint32_t Pwd){
@@ -1294,7 +1307,7 @@ void T55xxWakeUp(uint32_t Pwd){
T55xxWriteBit(Pwd & i);
// Turn field on to read the response
- TurnReadLFOn(READ_GAP);
+ TurnReadLFOn(20*1000);
}
/*-------------- Cloning routines -----------*/
diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c
index 3a70c340..83579cca 100644
--- a/armsrc/lfsampling.c
+++ b/armsrc/lfsampling.c
@@ -121,11 +121,11 @@ void LFSetupFPGAForADC(int divisor, bool lf_field)
*/
uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold,bool silent)
{
- //.
+ //bigbuf, to hold the aquired raw data signal
uint8_t *dest = BigBuf_get_addr();
- int bufsize = BigBuf_max_traceLen();
+ uint16_t bufsize = BigBuf_max_traceLen();
- memset(dest, 0, bufsize);
+ BigBuf_Clear_ext(false);
if(bits_per_sample < 1) bits_per_sample = 1;
if(bits_per_sample > 8) bits_per_sample = 8;
@@ -244,7 +244,6 @@ uint32_t SampleLF(bool printCfg)
* Initializes the FPGA for snoop-mode (field off), and acquires the samples.
* @return number of bits sampled
**/
-
uint32_t SnoopLF() {
return ReadLF(false, true);
}
@@ -256,9 +255,9 @@ uint32_t SnoopLF() {
void doT55x7Acquisition(void){
#define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..)
- #define T55xx_READ_UPPER_THRESHOLD 128+40 // 50
+ #define T55xx_UPPER_THRESHOLD 128+40 // 50
#define T55xx_READ_TOL 5
- //#define T55xx_READ_LOWER_THRESHOLD 128-40 //-50
+ #define T55xx_LOWER_THRESHOLD 128-40 //-50
uint8_t *dest = BigBuf_get_addr();
uint16_t bufsize = BigBuf_max_traceLen();
@@ -267,39 +266,37 @@ void doT55x7Acquisition(void){
bufsize = T55xx_SAMPLES_SIZE;
uint16_t i = 0;
- uint16_t nosignal = 0;
bool startFound = false;
bool highFound = false;
- uint8_t curSample = 0;
+ uint8_t sample = 0;
uint8_t firstSample = 0;
while(!BUTTON_PRESS()) {
- WDT_HIT();
- if ( nosignal == 0xFFFF ) break;
-
+ WDT_HIT();
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {
- AT91C_BASE_SSC->SSC_THR = 0x43;
+ AT91C_BASE_SSC->SSC_THR = 0x00;
LED_D_ON();
}
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
- curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
-
+ sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
+ LED_D_OFF();
+
// find first high sample
- if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) {
- if (curSample > firstSample)
- firstSample = curSample;
- highFound = true;
+ if (!startFound && sample > T55xx_UPPER_THRESHOLD) {
+ if (sample > firstSample)
+ firstSample = sample;
+ highFound = TRUE;
} else if (!highFound) {
- nosignal++;
continue;
}
// skip until samples begin to change
- if (startFound || curSample < firstSample-T55xx_READ_TOL){
+ if (startFound || sample < firstSample - T55xx_READ_TOL){
if (!startFound)
dest[i++] = firstSample;
- startFound = true;
- dest[i++] = curSample;
- LED_D_OFF();
+ startFound = TRUE;
+ dest[i++] = sample;
+
+ // exit condition.
if (i >= bufsize) break;
}
}
diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index 28956fdc..f3add53d 100644
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -50,12 +50,11 @@ int usage_t55xx_config(){
return 0;
}
int usage_t55xx_read(){
- PrintAndLog("Usage: lf t55xx read b <block> p <password> <override_safety> <wakeup>");
+ PrintAndLog("Usage: lf t55xx read b <block> p <password> <override_safety>");
PrintAndLog("Options:");
PrintAndLog(" b <block>, block number to read. Between 0-7");
PrintAndLog(" p <password>, OPTIONAL password 4bytes (8 hex symbols)");
PrintAndLog(" o, OPTIONAL override safety check");
- PrintAndLog(" w, OPTIONAL wakeup");
PrintAndLog(" ****WARNING****");
PrintAndLog(" Use of read with password on a tag not configured for a pwd");
PrintAndLog(" can damage the tag");
@@ -226,52 +225,42 @@ int CmdT55xxSetConfig(const char *Cmd) {
}
// No args
- if (cmdp == 0) {
- printConfiguration( config );
- return 0;
- }
+ if (cmdp == 0) return printConfiguration( config );
+
//Validations
- if (errors)
- return usage_t55xx_config();
+ if (errors) return usage_t55xx_config();
config.block0 = 0;
- printConfiguration ( config );
- return 0;
+ return printConfiguration ( config );
}
int CmdT55xxReadBlock(const char *Cmd) {
uint8_t block = 255;
- uint8_t wake = 0;
- uint8_t usepwd = 0;
- uint32_t password = 0xFFFFFFFF; //default to blank Block 7
- uint8_t override = 0;
+ uint32_t password = 0; //default to blank Block 7
+ bool usepwd = FALSE;
+ bool override = FALSE;
+ bool errors = FALSE;
uint8_t cmdp = 0;
- bool errors = false;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
- return usage_t55xx_read();
+ return usage_t55xx_read();
case 'b':
case 'B':
errors |= param_getdec(Cmd, cmdp+1, &block);
- cmdp+=2;
+ cmdp += 2;
break;
case 'o':
case 'O':
- override = 1;
+ override = TRUE;
cmdp++;
break;
case 'p':
case 'P':
- password = param_get32ex(Cmd, cmdp+1, 0, 10);
- usepwd = 1;
- cmdp+=2;
- break;
- case 'w':
- case 'W':
- wake = 1;
- cmdp++;
+ password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);
+ usepwd = TRUE;
+ cmdp += 2;
break;
default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
@@ -280,11 +269,8 @@ int CmdT55xxReadBlock(const char *Cmd) {
}
}
if (errors) return usage_t55xx_read();
- if (wake && !usepwd) {
- PrintAndLog("Wake command must use a pwd");
- return 1;
- }
- if ((block > 7) && !wake) {
+
+ if ( block > 7 ) {
PrintAndLog("Block must be between 0 and 7");
return 1;
}
@@ -292,13 +278,10 @@ int CmdT55xxReadBlock(const char *Cmd) {
UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}};
//Password mode
- if ( usepwd || wake ) {
+ if ( usepwd ) {
+
// try reading the config block and verify that PWD bit is set before doing this!
- if ( wake || override ) {
- c.arg[0] = (wake<<8) & usepwd;
- if ( !wake && override )
- PrintAndLog("Safety Check Overriden - proceeding despite risk");
- } else {
+ if ( !override ) {
AquireData( CONFIGURATION_BLOCK );
if ( !tryDetectModulation() ) {
PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits.");
@@ -306,6 +289,9 @@ int CmdT55xxReadBlock(const char *Cmd) {
} else {
PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password...");
}
+ } else {
+ PrintAndLog("Safety Check Overriden - proceeding despite risk");
+ c.arg[0] = usepwd;
}
}
@@ -320,14 +306,11 @@ int CmdT55xxReadBlock(const char *Cmd) {
GetFromBigBuf(got,sizeof(got),0);
WaitForResponse(CMD_ACK,NULL);
setGraphBuf(got, sizeof(got));
- //DemodBufferLen=0;
+
if (!DecodeT55xxBlock()) return 3;
+
char blk[10]={0};
- if ( wake ) {
- sprintf(blk,"wake");
- } else {
- sprintf(blk,"%d", block);
- }
+ sprintf(blk,"%d", block);
printT55xxBlock(blk);
return 0;
}
@@ -390,8 +373,7 @@ bool DecodeT55xxBlock(){
int CmdT55xxDetect(const char *Cmd){
char cmdp = param_getchar(Cmd, 0);
- if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
- return usage_t55xx_detect();
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_detect();
if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK );
@@ -683,17 +665,17 @@ void printT55xxBlock(const char *blockNum){
}
for (; i < endpos; ++i)
- bits[i - config.offset]=DemodBuffer[i];
+ bits[i - config.offset] = DemodBuffer[i];
blockData = PackBits(0, 32, bits);
- PrintAndLog("[%s] 0x%08X %s", blockNum, blockData, sprint_bin(bits,32));
+ PrintAndLog("%s | %08X | %s", blockNum, blockData, sprint_bin(bits,32));
}
int special(const char *Cmd) {
uint32_t blockData = 0;
uint8_t bits[32] = {0x00};
- PrintAndLog("[OFFSET] [DATA] [BINARY]");
+ PrintAndLog("OFFSET | DATA | BINARY");
PrintAndLog("----------------------------------------------------");
int i,j = 0;
for (; j < 64; ++j){
@@ -703,32 +685,29 @@ int special(const char *Cmd) {
blockData = PackBits(0, 32, bits);
- PrintAndLog("[%02d] 0x%08X %s",j , blockData, sprint_bin(bits,32));
+ PrintAndLog("%02d | 0x%08X | %s",j , blockData, sprint_bin(bits,32));
}
return 0;
}
-void printConfiguration( t55xx_conf_block_t b){
+int printConfiguration( t55xx_conf_block_t b){
PrintAndLog("Modulation : %s", GetSelectedModulationStr(b.modulation) );
PrintAndLog("Bit Rate : %s", GetBitRateStr(b.bitrate) );
PrintAndLog("Inverted : %s", (b.inverted) ? "Yes" : "No" );
PrintAndLog("Offset : %d", b.offset);
PrintAndLog("Block0 : 0x%08X", b.block0);
PrintAndLog("");
+ return 0;
}
-int CmdT55xxWriteBlock(const char *Cmd)
-{
+int CmdT55xxWriteBlock(const char *Cmd) {
int block = 8; //default to invalid block
int data = 0xFFFFFFFF; //default to blank Block
int password = 0xFFFFFFFF; //default to blank Block 7
char cmdp = param_getchar(Cmd, 0);
- if (cmdp == 'h' || cmdp == 'H') {
- usage_t55xx_write();
- return 0;
- }
-
+ if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_write();
+
int res = sscanf(Cmd, "%d %x %x",&block, &data, &password);
if ( res < 2 || res > 3) {
@@ -762,12 +741,10 @@ int CmdT55xxWriteBlock(const char *Cmd)
return 0;
}
-int CmdT55xxReadTrace(const char *Cmd)
-{
+int CmdT55xxReadTrace(const char *Cmd) {
char cmdp = param_getchar(Cmd, 0);
- if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
- return usage_t55xx_trace();
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_trace();
if (strlen(Cmd)==0)
AquireData( TRACE_BLOCK );
@@ -852,8 +829,7 @@ int CmdT55xxInfo(const char *Cmd){
*/
char cmdp = param_getchar(Cmd, 0);
- if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H')
- return usage_t55xx_info();
+ if (strlen(Cmd) > 1 || cmdp == 'h' || cmdp == 'H') return usage_t55xx_info();
if (strlen(Cmd)==0)
AquireData( CONFIGURATION_BLOCK );
@@ -909,12 +885,8 @@ int CmdT55xxDump(const char *Cmd){
char s[20] = {0x00};
uint8_t pwd[4] = {0x00};
-
char cmdp = param_getchar(Cmd, 0);
- if ( cmdp == 'h' || cmdp == 'H') {
- usage_t55xx_dump();
- return 0;
- }
+ if ( cmdp == 'h' || cmdp == 'H') return usage_t55xx_dump();
bool hasPwd = ( strlen(Cmd) > 0);
if ( hasPwd ){
@@ -937,25 +909,17 @@ int CmdT55xxDump(const char *Cmd){
}
int AquireData( uint8_t block ){
-
- UsbCommand c;
- if ( block == CONFIGURATION_BLOCK )
- c.cmd = CMD_T55XX_READ_BLOCK;
- else if (block == TRACE_BLOCK )
- c.cmd = CMD_T55XX_READ_TRACE;
-
- c.arg[0] = 0x00;
- c.arg[1] = 0x00;
- c.arg[2] = 0x00;
- c.d.asBytes[0] = 0x0;
-
- //Password mode
- // if ( res == 2 ) {
- // c.arg[2] = password;
- // c.d.asBytes[0] = 0x1;
- // }
-
+ uint32_t password = 0;
+ UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, 0, password}};
+
+ if ( block == CONFIGURATION_BLOCK ) {
+ c.arg[0] = 0x00 | 0x01;
+ }
+ else if (block == TRACE_BLOCK ) {
+ c.arg[0] = 0x02 | 0x01;
+ }
+
clearCommandBuffer();
SendCommand(&c);
if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) {
@@ -1136,7 +1100,7 @@ void t55x7_create_config_block( int tagtype ){
}
int CmdT55xxWakeUp(const char *Cmd) {
- uint32_t password = 0xFFFFFFFF; //default to blank Block 7
+ uint32_t password = 0;
uint8_t cmdp = 0;
bool errors = false;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
@@ -1146,7 +1110,7 @@ int CmdT55xxWakeUp(const char *Cmd) {
return usage_t55xx_wakup();
case 'p':
case 'P':
- password = param_get32ex(Cmd, cmdp+1, 0, 10);
+ password = param_get32ex(Cmd, cmdp+1, 0xFFFFFFFF, 16);
cmdp+=2;
break;
default:
@@ -1156,9 +1120,8 @@ int CmdT55xxWakeUp(const char *Cmd) {
}
}
if (errors) return usage_t55xx_wakup();
-
- UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};
+ UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}};
clearCommandBuffer();
SendCommand(&c);
PrintAndLog("Wake up command sent. Try read now");
diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h
index d8e516e8..0fe1b0be 100644
--- a/client/cmdlft55xx.h
+++ b/client/cmdlft55xx.h
@@ -76,7 +76,7 @@ char * GetModelStrFromCID(uint32_t cid);
char * GetSelectedModulationStr( uint8_t id);
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bitstream);
void printT55xxBlock(const char *demodStr);
-void printConfiguration( t55xx_conf_block_t b);
+int printConfiguration( t55xx_conf_block_t b);
bool DecodeT55xxBlock();
bool tryDetectModulation();