From: marshmellow42 Date: Sat, 31 Oct 2015 03:23:27 +0000 (-0400) Subject: Add lf t55xx resetread cmd + fix clone cmds X-Git-Tag: v2.3.0~15^2~8 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/66837a0302678f4c5036b9c6a607731b9a8460de Add lf t55xx resetread cmd + fix clone cmds resetread cmd to determine start of streaming bits of ata5577 or compatible chips... fixed lf clone bugs introduced while refactoring recently... --- diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 68d2551f..6e08ba66 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -983,9 +983,9 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_T55XX_WAKEUP: T55xxWakeUp(c->arg[0]); break; - //case CMD_T55XX_READ_TRACE: - // T55xxReadTrace(); - // break; + case CMD_T55XX_RESET_READ: + T55xxResetRead(); + break; case CMD_PCF7931_READ: ReadPCF7931(); break; diff --git a/armsrc/apps.h b/armsrc/apps.h index f81f7bac..de32ef54 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -79,6 +79,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT); // void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo); void CopyIndala64toT55x7(uint32_t hi, uint32_t lo); // Clone Indala 64-bit tag by UID to T55x7 void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7); // Clone Indala 224-bit tag by UID to T55x7 +void T55xxResetRead(void); void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode); void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd); void T55xxWakeUp(uint32_t Pwd); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 8f611179..ffccff83 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -1110,8 +1110,34 @@ void T55xxWriteBit(int bit) { SpinDelayUs(WRITE_GAP); } +// Send T5577 reset command then read stream (see if we can identify the start of the stream) +void T55xxResetRead(void) { + LED_A_ON(); + // Set up FPGA, 125kHz + LFSetupFPGAForADC(95, true); + + // Trigger T55x7 in mode. + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); + + // reset tag - op code 00 + T55xxWriteBit(0); + T55xxWriteBit(0); + + // Turn field on to read the response + TurnReadLFOn(READ_GAP); + + // Acquisition + doT55x7Acquisition(39999); + + // Turn the field off + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off + cmd_send(CMD_ACK,0,0,0,0,0); + LED_A_OFF(); +} + // Write one card block in page 0, no lock -void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { +void T55xxWriteBlockExt(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { LED_A_ON(); bool PwdMode = arg & 0x1; uint8_t Page = (arg & 0x2)>>1; @@ -1153,10 +1179,15 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { // turn field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - cmd_send(CMD_ACK,0,0,0,0,0); LED_A_OFF(); } +// Write one card block in page 0, no lock +void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { + T55xxWriteBlockExt(Data, Block, Pwd, arg); + cmd_send(CMD_ACK,0,0,0,0,0); +} + // Read one card block in page 0 void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { LED_A_ON(); @@ -1199,7 +1230,7 @@ void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { TurnReadLFOn(READ_GAP); // Acquisition - doT55x7Acquisition(); + doT55x7Acquisition(12000); // Turn the field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off @@ -1234,8 +1265,10 @@ void T55xxWakeUp(uint32_t Pwd){ void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) { // write last block first and config block last (if included) - for (uint8_t i = numblocks; i > startblock; i--) - T55xxWriteBlock(blockdata[i-1],i-1,0,0); + for (uint8_t i = numblocks+startblock; i > startblock; i--) { + Dbprintf("write- Blk: %d, d:%08X",i-1,blockdata[i-1]); + T55xxWriteBlockExt(blockdata[i-1],i-1,0,0); + } } // Copy HID id to card and setup block 0 config @@ -1253,7 +1286,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) { // Build the 6 data blocks for supplied 84bit ID last_block = 6; // load preamble (1D) & long format identifier (9E manchester encoded) - data[1] = 0x1D96A900 | manchesterEncode2Bytes((hi2 >> 16) & 0xF); + data[1] = 0x1D96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF); // load raw id from hi2, hi, lo to data blocks (manchester encoded) data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF); data[3] = manchesterEncode2Bytes(hi >> 16); @@ -1269,7 +1302,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) { // Build the 3 data blocks for supplied 44bit ID last_block = 3; // load preamble - data[1] = 0x1D000000 | manchesterEncode2Bytes(hi & 0xFFF); + data[1] = 0x1D000000 | (manchesterEncode2Bytes(hi) & 0xFFFFFF); data[2] = manchesterEncode2Bytes(lo >> 16); data[3] = manchesterEncode2Bytes(lo & 0xFFFF); } @@ -1286,8 +1319,7 @@ void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT) { DbpString("DONE!"); } -void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) -{ +void CopyIOtoT55x7(uint32_t hi, uint32_t lo, uint8_t longFMT) { uint32_t data[] = {T55x7_BITRATE_RF_64 | T55x7_MODULATION_FSK2a | (2 << T55x7_MAXBLOCK_SHIFT), hi, lo}; LED_D_ON(); @@ -1311,8 +1343,7 @@ void CopyIndala64toT55x7(uint32_t hi, uint32_t lo) { DbpString("DONE!"); } // Clone Indala 224-bit tag by UID to T55x7 -void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7) -{ +void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t uid4, uint32_t uid5, uint32_t uid6, uint32_t uid7) { //Program the 7 data blocks for supplied 224bit UID uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7}; // and the block 0 for Indala224 format @@ -1328,8 +1359,7 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t #define EM410X_HEADER 0x1FF #define EM410X_ID_LENGTH 40 -void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) -{ +void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) { int i, id_bit; uint64_t id = EM410X_HEADER; uint64_t rev_id = 0; // reversed ID @@ -1389,7 +1419,7 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo) LED_D_ON(); // Write EM410x ID - uint32_t data[] = {0, id>>32, id & 0xFFFF}; + uint32_t data[] = {0, id>>32, id & 0xFFFFFFFF}; if (card) { clock = (card & 0xFF00) >> 8; clock = (clock == 0) ? 64 : clock; diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index 91572563..4a968776 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -253,17 +253,16 @@ uint32_t SnoopLF() * acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds * the data is collected in BigBuf. **/ -void doT55x7Acquisition(void){ +void doT55x7Acquisition(size_t sample_size) { - #define T55xx_SAMPLES_SIZE 12000 // 32 x 32 x 10 (32 bit times numofblock (7), times clock skip..) #define T55xx_READ_UPPER_THRESHOLD 128+40 // 50 #define T55xx_READ_TOL 5 uint8_t *dest = BigBuf_get_addr(); uint16_t bufsize = BigBuf_max_traceLen(); - if ( bufsize > T55xx_SAMPLES_SIZE ) - bufsize = T55xx_SAMPLES_SIZE; + if ( bufsize > sample_size ) + bufsize = sample_size; //memset(dest, 0, bufsize); diff --git a/armsrc/lfsampling.h b/armsrc/lfsampling.h index a88def55..bd8ad1d0 100644 --- a/armsrc/lfsampling.h +++ b/armsrc/lfsampling.h @@ -5,7 +5,7 @@ * acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds * the data is collected in BigBuf. **/ -void doT55x7Acquisition(void); +void doT55x7Acquisition(size_t sample_size); /** * Initializes the FPGA for reader-mode (field on), and acquires the samples. diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index c133726b..b11a6494 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -1165,18 +1165,36 @@ uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){ return tmp; } +int CmdResetRead(const char *Cmd) { + UsbCommand c = {CMD_T55XX_RESET_READ, {0,0,0}}; + + clearCommandBuffer(); + SendCommand(&c); + if ( !WaitForResponseTimeout(CMD_ACK,NULL,2500) ) { + PrintAndLog("command execution time out"); + return 0; + } + + uint8_t got[39999]; + GetFromBigBuf(got,sizeof(got),0); + WaitForResponse(CMD_ACK,NULL); + setGraphBuf(got, sizeof(got)); + return 1; +} + static command_t CommandTable[] = { - {"help", CmdHelp, 1, "This help"}, - {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"}, - {"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."}, - {"read", CmdT55xxReadBlock, 0, "b p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"}, - {"write", CmdT55xxWriteBlock,0, "b d p [password] [1] -- Write T55xx block data (page 0) [optional password]"}, - {"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"}, - {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"}, - {"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. [optional password]"}, - {"special", special, 0, "Show block changes with 64 different offsets"}, - {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"}, + {"help", CmdHelp, 1, "This help"}, + {"config", CmdT55xxSetConfig, 1, "Set/Get T55XX configuration (modulation, inverted, offset, rate)"}, + {"detect", CmdT55xxDetect, 0, "[1] Try detecting the tag modulation from reading the configuration block."}, + {"read", CmdT55xxReadBlock, 0, "b p [password] [o] [1] -- Read T55xx block data (page 0) [optional password]"}, + {"resetread",CmdResetRead, 0, "Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)"}, + {"write", CmdT55xxWriteBlock,0, "b d p [password] [1] -- Write T55xx block data (page 0) [optional password]"}, + {"trace", CmdT55xxReadTrace, 0, "[1] Show T55xx traceability data (page 1/ blk 0-1)"}, + {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"}, + {"dump", CmdT55xxDump, 0, "[password] [o] Dump T55xx card block 0-7. [optional password]"}, + {"special", special, 0, "Show block changes with 64 different offsets"}, + {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"}, {NULL, NULL, 0, NULL} }; diff --git a/client/cmdlft55xx.h b/client/cmdlft55xx.h index a9ee0317..cd50f99a 100644 --- a/client/cmdlft55xx.h +++ b/client/cmdlft55xx.h @@ -47,6 +47,7 @@ int CmdT55xxWriteBlock(const char *Cmd); int CmdT55xxReadTrace(const char *Cmd); int CmdT55xxInfo(const char *Cmd); int CmdT55xxDetect(const char *Cmd); +int CmdResetRead(const char *Cmd); char * GetBitRateStr(uint32_t id); char * GetSaferStr(uint32_t id); diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index 8f67e82b..c8b576fd 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -73,7 +73,7 @@ typedef struct { #define CMD_INDALA_CLONE_TAG_L 0x0213 #define CMD_T55XX_READ_BLOCK 0x0214 #define CMD_T55XX_WRITE_BLOCK 0x0215 -//#define CMD_T55XX_READ_TRACE 0x0216 +#define CMD_T55XX_RESET_READ 0x0216 #define CMD_PCF7931_READ 0x0217 #define CMD_EM4X_READ_WORD 0x0218 #define CMD_EM4X_WRITE_WORD 0x0219 diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index 8f43ea9e..8cdcfb34 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -44,7 +44,7 @@ local _commands = { CMD_INDALA_CLONE_TAG_L = 0x0213, CMD_T55XX_READ_BLOCK = 0x0214, CMD_T55XX_WRITE_BLOCK = 0x0215, - --//CMD_T55XX_READ_TRACE = 0x0216, + CMD_T55XX_RESET_READ = 0x0216, CMD_PCF7931_READ = 0x0217, CMD_EM4X_READ_WORD = 0x0218, CMD_EM4X_WRITE_WORD = 0x0219, diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 53917606..3b6cb291 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -85,7 +85,7 @@ typedef struct{ #define CMD_INDALA_CLONE_TAG_L 0x0213 #define CMD_T55XX_READ_BLOCK 0x0214 #define CMD_T55XX_WRITE_BLOCK 0x0215 -//#define CMD_T55XX_READ_TRACE 0x0216 +#define CMD_T55XX_RESET_READ 0x0216 #define CMD_PCF7931_READ 0x0217 #define CMD_PCF7931_WRITE 0x0222 #define CMD_EM4X_READ_WORD 0x0218