From 224ce36eb1037ecb48d55066ab2fe36f0a5064df Mon Sep 17 00:00:00 2001
From: marshmellow42 <marshmellowrf@gmail.com>
Date: Sun, 5 Apr 2015 16:37:41 -0400
Subject: [PATCH 1/1] lf t5xx - icemans update
---
client/cmdlft55xx.c | 63 ++++++++------
client/scripts/test_t55x7_ask.lua | 3 +-
client/scripts/test_t55x7_bi.lua | 9 +-
client/scripts/test_t55x7_fsk.lua | 3 +-
client/scripts/test_t55x7_psk.lua | 5 +-
client/scripts/tnp3clone.lua | 136 ++++++++++++++++++++++++++++++
client/scripts/tnp3dump.lua | 70 +++++++++------
client/scripts/tnp3sim.lua | 128 ++++++++++++++++++++++++++--
8 files changed, 351 insertions(+), 66 deletions(-)
create mode 100644 client/scripts/tnp3clone.lua
diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index 64c999d6..1a0c0f58 100644
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
+#include <time.h>
#include "proxmark3.h"
#include "ui.h"
#include "graph.h"
@@ -261,7 +262,7 @@ int CmdT55xxReadBlock(const char *Cmd) {
bool DecodeT55xxBlock(){
- char buf[8] = {0x00};
+ char buf[10] = {0x00};
char *cmdStr = buf;
int ans = 0;
uint8_t bitRate[8] = {8,16,32,40,50,64,100,128};
@@ -270,46 +271,46 @@ bool DecodeT55xxBlock(){
switch( config.modulation ){
case DEMOD_FSK:
- sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
+ snprintf(cmdStr, sizeof(buf),"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
- sprintf(cmdStr,"%d %d", bitRate[config.bitrate], config.inverted );
+ snprintf(cmdStr, sizeof(buf),"%d %d", bitRate[config.bitrate], config.inverted );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK1:
case DEMOD_FSK1a:
- sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
+ snprintf(cmdStr, sizeof(buf),"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
- sprintf(cmdStr,"%d %d 8 5", bitRate[config.bitrate], config.inverted );
+ snprintf(cmdStr, sizeof(buf),"%d %d 8 5", bitRate[config.bitrate], config.inverted );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_FSK2:
case DEMOD_FSK2a:
- sprintf(cmdStr,"%d", bitRate[config.bitrate]/2 );
+ snprintf(cmdStr, sizeof(buf),"%d", bitRate[config.bitrate]/2 );
CmdLtrim(cmdStr);
- sprintf(cmdStr,"%d %d 10 8", bitRate[config.bitrate], config.inverted );
+ snprintf(cmdStr, sizeof(buf),"%d %d 10 8", bitRate[config.bitrate], config.inverted );
ans = FSKrawDemod(cmdStr, FALSE);
break;
case DEMOD_ASK:
- sprintf(cmdStr,"%d %d 0", bitRate[config.bitrate], config.inverted );
+ snprintf(cmdStr, sizeof(buf),"%d %d 0", bitRate[config.bitrate], config.inverted );
ans = ASKmanDemod(cmdStr, FALSE, FALSE);
break;
case DEMOD_PSK1:
- sprintf(cmdStr,"%d %d 0", bitRate[config.bitrate], config.inverted );
+ snprintf(cmdStr, sizeof(buf),"%d %d 0", bitRate[config.bitrate], config.inverted );
ans = PSKDemod(cmdStr, FALSE);
break;
case DEMOD_PSK2: //inverted won't affect this
case DEMOD_PSK3: //not fully implemented
- sprintf(cmdStr,"%d 0 1", bitRate[config.bitrate] );
+ snprintf(cmdStr, sizeof(buf),"%d 0 1", bitRate[config.bitrate] );
ans = PSKDemod(cmdStr, FALSE);
psk1TOpsk2(DemodBuffer, DemodBufferLen);
break;
case DEMOD_NRZ:
- sprintf(cmdStr,"%d %d 1", bitRate[config.bitrate], config.inverted );
+ snprintf(cmdStr, sizeof(buf),"%d %d 1", bitRate[config.bitrate], config.inverted );
ans = NRZrawDemod(cmdStr, FALSE);
break;
case DEMOD_BI:
case DEMOD_BIa:
- sprintf(cmdStr,"0 %d %d 0", bitRate[config.bitrate], config.inverted );
+ snprintf(cmdStr, sizeof(buf),"0 %d %d 0", bitRate[config.bitrate], config.inverted );
ans = ASKbiphaseDemod(cmdStr, FALSE);
break;
default:
@@ -578,7 +579,7 @@ bool test(uint8_t mode, uint8_t *offset){
return FALSE;
}
-void printT55xxBlock(const char *demodStr){
+void printT55xxBlock(const char *blockNum){
uint8_t i = config.offset;
uint8_t endpos = 32 + i;
@@ -596,7 +597,7 @@ void printT55xxBlock(const char *demodStr){
bits[i - config.offset]=DemodBuffer[i];
blockData = PackBits(0, 32, bits);
- PrintAndLog("0x%08X %s [%s]", blockData, sprint_bin(bits,32), demodStr);
+ PrintAndLog("[%s] 0x%08X %s", blockNum, blockData, sprint_bin(bits,32));
}
int special(const char *Cmd) {
@@ -688,16 +689,28 @@ int CmdT55xxReadTrace(const char *Cmd)
uint32_t bl0 = PackBits(si, 32, DemodBuffer);
uint32_t bl1 = PackBits(si+32, 32, DemodBuffer);
- uint32_t acl = PackBits(si, 8, DemodBuffer); si += 8;
- uint32_t mfc = PackBits(si, 8, DemodBuffer); si += 8;
- uint32_t cid = PackBits(si, 5, DemodBuffer); si += 5;
- uint32_t icr = PackBits(si, 3, DemodBuffer); si += 3;
- uint32_t year = PackBits(si, 4, DemodBuffer); si += 4;
- uint32_t quarter = PackBits(si, 2, DemodBuffer); si += 2;
- uint32_t lotid = PackBits(si, 14, DemodBuffer); si += 14;
- uint32_t wafer = PackBits(si, 5, DemodBuffer); si += 5;
+ uint32_t acl = PackBits(si, 8, DemodBuffer); si += 8;
+ uint32_t mfc = PackBits(si, 8, DemodBuffer); si += 8;
+ uint32_t cid = PackBits(si, 5, DemodBuffer); si += 5;
+ uint32_t icr = PackBits(si, 3, DemodBuffer); si += 3;
+ uint32_t year = PackBits(si, 4, DemodBuffer); si += 4;
+ uint32_t quarter = PackBits(si, 2, DemodBuffer); si += 2;
+ uint32_t lotid = PackBits(si, 14, DemodBuffer); si += 14;
+ uint32_t wafer = PackBits(si, 5, DemodBuffer); si += 5;
uint32_t dw = PackBits(si, 15, DemodBuffer);
+ time_t t = time(NULL);
+ struct tm tm = *localtime(&t);
+ if ( year > tm.tm_year-110)
+ year += 2000;
+ else
+ year += 2010;
+
+ if ( acl != 0xE0 ) {
+ PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
+ return 1;
+ }
+
PrintAndLog("");
PrintAndLog("-- T55xx Trace Information ----------------------------------");
PrintAndLog("-------------------------------------------------------------");
@@ -716,8 +729,6 @@ int CmdT55xxReadTrace(const char *Cmd)
PrintAndLog(" Block 1 : 0x%08X %s", bl1, sprint_bin(DemodBuffer+config.offset+repeat+32,32) );
PrintAndLog("-------------------------------------------------------------");
- if ( acl != 0xE0 )
- PrintAndLog("The modulation is most likely wrong since the ACL is not 0xE0. ");
/*
TRACE - BLOCK O
Bits Definition HEX
@@ -967,8 +978,8 @@ char * GetModelStrFromCID(uint32_t cid){
static char buf[10];
char *retStr = buf;
- if (cid == 1) sprintf(retStr,"ATA5577M1");
- if (cid == 2) sprintf(retStr,"ATA5577M2");
+ if (cid == 1) snprintf(retStr, sizeof(buf),"ATA5577M1");
+ if (cid == 2) snprintf(retStr, sizeof(buf),"ATA5577M2");
return buf;
}
diff --git a/client/scripts/test_t55x7_ask.lua b/client/scripts/test_t55x7_ask.lua
index 569d4260..f8990b15 100644
--- a/client/scripts/test_t55x7_ask.lua
+++ b/client/scripts/test_t55x7_ask.lua
@@ -95,6 +95,7 @@ end
function test()
local y
+ local block = "00"
for y = 0x0, 0x1d, 0x4 do
for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_]
@@ -107,7 +108,7 @@ function test()
dbg(('lf t55xx write 0 %s'):format(config))
config = tonumber(config,16)
- local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
+ local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"}
local err = core.SendCommand(writecmd:getBytes())
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
diff --git a/client/scripts/test_t55x7_bi.lua b/client/scripts/test_t55x7_bi.lua
index a1793ba6..e8950ab8 100644
--- a/client/scripts/test_t55x7_bi.lua
+++ b/client/scripts/test_t55x7_bi.lua
@@ -89,6 +89,7 @@ end
function test()
local y
+ local block = "00"
for y = 1, 0x1D, 4 do
for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_]
@@ -98,10 +99,10 @@ function test()
elseif _ == 1 then
local config = pcmd:format(config1, y, config2)
- dbg(('lf t55xx wr 0 %s'):format(config))
-
- config = tonumber(config,16)
- local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
+ dbg(('lf t55xx write 0 %s'):format(config))
+
+ config = tonumber(config,16)
+ local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"}
local err = core.SendCommand(writecmd:getBytes())
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
diff --git a/client/scripts/test_t55x7_fsk.lua b/client/scripts/test_t55x7_fsk.lua
index f42dd147..c9c1f09c 100644
--- a/client/scripts/test_t55x7_fsk.lua
+++ b/client/scripts/test_t55x7_fsk.lua
@@ -92,6 +92,7 @@ end
function test(modulation)
local y
+ local block = "00"
for y = 0x0, 0x1d, 0x4 do
for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_]
@@ -104,7 +105,7 @@ function test(modulation)
dbg(('lf t55xx write 0 %s'):format(config))
config = tonumber(config,16)
- local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config}
+ local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"}
local err = core.SendCommand(writecmd:getBytes())
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
diff --git a/client/scripts/test_t55x7_psk.lua b/client/scripts/test_t55x7_psk.lua
index cbd78e87..bdd644a7 100644
--- a/client/scripts/test_t55x7_psk.lua
+++ b/client/scripts/test_t55x7_psk.lua
@@ -108,6 +108,7 @@ end
function test(modulation)
local bitrate
local clockrate
+ local block = "00"
for bitrate = 0x0, 0x1d, 0x4 do
for clockrate = 0,8,4 do
@@ -125,8 +126,8 @@ function test(modulation)
dbg(('lf t55xx write 0 %s'):format(config))
config = tonumber(config,16)
- local writecommand = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK, arg1 = config ,arg2 = 0, arg3 = 0}
- local err = core.SendCommand(writecommand:getBytes())
+ local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"}
+ local err = core.SendCommand(writecmd:getBytes())
if err then return oops(err) end
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
else
diff --git a/client/scripts/tnp3clone.lua b/client/scripts/tnp3clone.lua
new file mode 100644
index 00000000..8c9397a7
--- /dev/null
+++ b/client/scripts/tnp3clone.lua
@@ -0,0 +1,136 @@
+local cmds = require('commands')
+local getopt = require('getopt')
+local lib14a = require('read14a')
+local utils = require('utils')
+local pre = require('precalc')
+
+local lsh = bit32.lshift
+local rsh = bit32.rshift
+local bor = bit32.bor
+local band = bit32.band
+
+example =[[
+ script run tnp3dump
+ script run tnp3dump -h
+ script run tnp3dump -t aa00
+
+]]
+author = "Iceman"
+usage = "script run tnp3clone -t <toytype>"
+desc =[[
+This script will try making a barebone clone of a tnp3 tag on to a magic generation1 card.
+
+Arguments:
+ -h : this help
+ -k <key> : toytype id, 4 hex symbols.
+]]
+
+
+-- This is only meant to be used when errors occur
+function oops(err)
+ print("ERROR: ",err)
+end
+-- Usage help
+function help()
+ print(desc)
+ print("Example usage")
+ print(example)
+end
+
+local function waitCmd()
+ local response = core.WaitForResponseTimeout(cmds.CMD_ACK,2000)
+ if response then
+ local count,cmd,arg0 = bin.unpack('LL',response)
+ if(arg0==1) then
+ local count,arg1,arg2,data = bin.unpack('LLH511',response,count)
+ return data:sub(1,32)
+ else
+ return nil, "Couldn't read block."
+ end
+ end
+ return nil, "No response from device"
+end
+
+local function readblock( blocknum, keyA )
+ -- Read block 0
+ cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = blocknum, arg2 = 0, arg3 = 0, data = keyA}
+ err = core.SendCommand(cmd:getBytes())
+ if err then return nil, err end
+ local block0, err = waitCmd()
+ if err then return nil, err end
+ return block0
+end
+local function readmagicblock( blocknum )
+ -- Read block 0
+ local CSETBLOCK_SINGLE_OPERATION = 0x1F
+ cmd = Command:new{cmd = cmds.CMD_MIFARE_CGETBLOCK, arg1 = CSETBLOCK_SINGLE_OPERATION, arg2 = 0, arg3 = blocknum}
+ err = core.SendCommand(cmd:getBytes())
+ if err then return nil, err end
+ local block0, err = waitCmd()
+ if err then return nil, err end
+ return block0
+end
+
+local function main(args)
+
+ local numBlocks = 64
+ local cset = 'hf mf csetbl '
+ local cget = 'hf mf cgetbl '
+ local empty = '00000000000000000000000000000000'
+ local AccAndKeyB = '7F078869000000000000'
+ -- Defaults to Gusto
+ local toytype = 'C201'
+
+ -- Arguments for the script
+ for o, a in getopt.getopt(args, 'ht:') do
+ if o == "h" then return help() end
+ if o == "t" then toytype = a end
+ end
+
+ if #toytype ~= 4 then return oops('Wrong size in toytype. (4hex symbols)') end
+
+ -- find tag
+ result, err = lib14a.read1443a(false)
+ if not result then return oops(err) end
+
+ -- Show tag info
+ print((' Found tag %s'):format(result.name))
+
+ -- load keys
+ local akeys = pre.GetAll(result.uid)
+ local keyA = akeys:sub(1, 12 )
+
+ local b0 = readblock(0,keyA)
+ if not b0 then
+ print('failed reading block with factorydefault key. Trying chinese magic read.')
+ b0, err = readmagicblock(0)
+ if not b0 then
+ oops(err)
+ return oops('failed reading block with chinese magic command. quitting...')
+ end
+ end
+
+ -- wipe card.
+ local cmd = (cset..' %s 0004 08 w'):format( b0)
+ core.console(cmd)
+
+
+ local b1 = toytype..'000000000000000000000000'
+ local calc = utils.Crc16(b0..b1)
+ local calcEndian = bor(rsh(calc,8), lsh(band(calc, 0xff), 8))
+
+ local cmd = (cset..'1 %s%04x'):format( b1, calcEndian)
+ core.console(cmd)
+
+ local pos, key
+ for blockNo = 2, numBlocks-1, 1 do
+ pos = (math.floor( blockNo / 4 ) * 12)+1
+ key = akeys:sub(pos, pos + 11 )
+ if blockNo%4 == 3 then
+ cmd = ('%s %d %s%s'):format(cset,blockNo,key,AccAndKeyB)
+ core.console(cmd)
+ end
+ end
+ core.clearCommandBuffer()
+end
+main(args)
\ No newline at end of file
diff --git a/client/scripts/tnp3dump.lua b/client/scripts/tnp3dump.lua
index dedd3df1..363998fb 100644
--- a/client/scripts/tnp3dump.lua
+++ b/client/scripts/tnp3dump.lua
@@ -7,17 +7,20 @@ local md5 = require('md5')
local dumplib = require('html_dumplib')
local toyNames = require('default_toys')
+
example =[[
- 1. script run tnp3dump
- 2. script run tnp3dump -n
- 3. script run tnp3dump -k aabbccddeeff
- 4. script run tnp3dump -k aabbccddeeff -n
- 5. script run tnp3dump -o myfile
- 6. script run tnp3dump -n -o myfile
- 7. script run tnp3dump -k aabbccddeeff -n -o myfile
+ script run tnp3dump
+ script run tnp3dump -n
+ script run tnp3dump -p
+ script run tnp3dump -k aabbccddeeff
+ script run tnp3dump -k aabbccddeeff -n
+ script run tnp3dump -o myfile
+ script run tnp3dump -n -o myfile
+ script run tnp3dump -p -o myfile
+ script run tnp3dump -k aabbccddeeff -n -o myfile
]]
author = "Iceman"
-usage = "script run tnp3dump -k <key> -n -o <filename>"
+usage = "script run tnp3dump -k <key> -n -p -o <filename>"
desc =[[
This script will try to dump the contents of a Mifare TNP3xxx card.
It will need a valid KeyA in order to find the other keys and decode the card.
@@ -25,6 +28,7 @@ Arguments:
-h : this help
-k <key> : Sector 0 Key A.
-n : Use the nested cmd to find all keys
+ -p : Use the precalc to find all keys
-o : filename for the saved dumps
]]
@@ -112,15 +116,17 @@ local function main(args)
local cmd
local err
local useNested = false
+ local usePreCalc = false
local cmdReadBlockString = 'hf mf rdbl %d A %s'
local input = "dumpkeys.bin"
local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M%S");
-- Arguments for the script
- for o, a in getopt.getopt(args, 'hk:no:') do
+ for o, a in getopt.getopt(args, 'hk:npo:') do
if o == "h" then return help() end
if o == "k" then keyA = a end
if o == "n" then useNested = true end
+ if o == "p" then usePreCalc = true end
if o == "o" then outputTemplate = a end
end
@@ -142,29 +148,34 @@ local function main(args)
core.clearCommandBuffer()
if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx
- return oops('This is not a TNP3xxx tag. aborting.')
+ -- return oops('This is not a TNP3xxx tag. aborting.')
end
-- Show tag info
- print((' Found tag : %s'):format(result.name))
- print(('Using keyA : %s'):format(keyA))
+ print((' Found tag %s'):format(result.name))
+
+ dbg(('Using keyA : %s'):format(keyA))
--Trying to find the other keys
if useNested then
core.console( ('hf mf nested 1 0 A %s d'):format(keyA) )
end
-
+
core.clearCommandBuffer()
- -- Loading keyfile
- print('Loading dumpkeys.bin')
- local hex, err = utils.ReadDumpFile(input)
- if not hex then
- return oops(err)
+ local akeys = ''
+ if usePreCalc then
+ local pre = require('precalc')
+ akeys = pre.GetAll(result.uid)
+ else
+ print('Loading dumpkeys.bin')
+ local hex, err = utils.ReadDumpFile(input)
+ if not hex then
+ return oops(err)
+ end
+ akeys = hex:sub(0,12*16)
end
-
- local akeys = hex:sub(0,12*16)
-
+
-- Read block 0
cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0,arg2 = 0,arg3 = 0, data = keyA}
err = core.SendCommand(cmd:getBytes())
@@ -188,7 +199,7 @@ local function main(args)
core.clearCommandBuffer()
-- main loop
- io.write('Decrypting blocks > ')
+ io.write('Reading blocks > ')
for blockNo = 0, numBlocks-1, 1 do
if core.ukbhit() then
@@ -204,7 +215,9 @@ local function main(args)
local blockdata, err = waitCmd()
if err then return oops(err) end
+
if blockNo%4 ~= 3 then
+
if blockNo < 8 then
-- Block 0-7 not encrypted
blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,blockdata)
@@ -249,23 +262,28 @@ local function main(args)
end
end
-
local uid = block0:sub(1,8)
local itemtype = block1:sub(1,4)
+ local cardidLsw = block1:sub(9,16)
+ local cardidMsw = block1:sub(16,24)
local cardid = block1:sub(9,24)
local traptype = block1:sub(25,28)
-- Write dump to files
if not DEBUG then
local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'_uid_'..uid..'.bin')
- print(("Wrote a BIN dump to the file %s"):format(foo))
+ print(("Wrote a BIN dump to: %s"):format(foo))
local bar = dumplib.SaveAsText(emldata, outputTemplate..'_uid_'..uid..'.eml')
- print(("Wrote a EML dump to the file %s"):format(bar))
+ print(("Wrote a EML dump to: %s"):format(bar))
end
+ local itemtypename = toyNames[itemtype]
+ if itemtypename == nil then
+ itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)]
+ end
-- Show info
print( string.rep('--',20) )
- print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
+ print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) )
print( (' Alter ego / traptype : 0x%s'):format(traptype) )
print( (' UID : 0x%s'):format(uid) )
print( (' CARDID : 0x%s'):format(cardid ) )
diff --git a/client/scripts/tnp3sim.lua b/client/scripts/tnp3sim.lua
index adc34cce..1d3dbefd 100644
--- a/client/scripts/tnp3sim.lua
+++ b/client/scripts/tnp3sim.lua
@@ -27,6 +27,17 @@ Arguments:
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag
+
+
+local band = bit32.band
+local bor = bit32.bor
+local lshift = bit32.lshift
+local rshift = bit32.rshift
+local byte = string.byte
+local char = string.char
+local sub = string.sub
+local format = string.format
+
---
-- A debug printout-function
function dbg(args)
@@ -65,7 +76,6 @@ function ExitMsg(msg)
print()
end
-
local function writedumpfile(infile)
t = infile:read("*all")
len = string.len(t)
@@ -187,7 +197,6 @@ local function ValidateCheckSums(blocks)
io.write( ('TYPE 3 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
end
-
local function LoadEmulator(blocks)
local HASHCONSTANT = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'
local cmd
@@ -219,6 +228,102 @@ local function LoadEmulator(blocks)
io.write('\n')
end
+local function Num2Card(m, l)
+
+ local k = {
+ 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,0x42, 0x43, 0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B,
+ 0x4C, 0x4D, 0x4E, 0x50, 0x51, 0x52, 0x53, 0x54,0x56, 0x57, 0x58, 0x59, 0x5A, 0x00
+ }
+ local msw = tonumber(utils.SwapEndiannessStr(m,32),16)
+ local lsw = tonumber(utils.SwapEndiannessStr(l,32),16)
+
+ if msw > 0x17ea1 then
+ return "too big"
+ end
+
+ if msw == 0x17ea1 and lsw > 0x8931fee8 then
+ return "out of range"
+ end
+
+ local s = ""
+ local index
+ for i = 1,10 do
+ index, msw, lsw = DivideByK( msw, lsw)
+ if ( index <= 1 ) then
+ s = char(k[index]) .. s
+ else
+ s = char(k[index-1]) .. s
+ end
+ print (index-1, msw, lsw)
+ end
+ return s
+end
+--33LRT-LM9Q9
+--7, 122, 3474858630
+--20, 4, 1008436634
+--7, 0, 627182959
+--17, 0, 21626998
+--16, 0, 745758
+--23, 0, 25715
+--21, 0, 886
+--16, 0, 30
+--1, 0, 1
+--1, 0, 0
+
+function DivideByK(msw, lsw)
+
+ local lowLSW
+ local highLSW
+ local remainder = 0
+ local RADIX = 29
+
+ --local num = 0 | band( rshift(msw,16), 0xffff)
+ local num = band( rshift(msw, 16), 0xffff)
+
+ --highLSW = 0 | lshift( (num / RADIX) , 16)
+ highLSW = lshift( (num / RADIX) , 16)
+ remainder = num % RADIX
+
+ num = bor( lshift(remainder,16), band(msw, 0xffff))
+
+ --highLSW |= num / RADIX
+ highLSW = highLSW or (num / RADIX)
+ remainder = num % RADIX
+
+ num = bor( lshift(remainder,16), ( band(rshift(lsw,16), 0xffff)))
+
+ --lowLSW = 0 | (num / RADIX) << 16
+ lowLSW = 0 or (lshift( (num / RADIX), 16))
+ remainder = num % RADIX
+
+ num = bor( lshift(remainder,16) , band(lsw, 0xffff) )
+
+ lowLSW = bor(lowLSW, (num / RADIX))
+ remainder = num % RADIX
+ return remainder, highLSW, lowLSW
+
+ -- uint num = 0 | (msw >> 16) & 0xffff;
+
+ -- highLSW = 0 | (num / RADIX) << 16;
+ -- remainder = num % RADIX;
+
+ -- num = (remainder << 16) | (msw & 0xffff);
+
+ -- highLSW |= num / RADIX;
+ -- remainder = num % RADIX;
+
+ -- num = (remainder << 16) | ((lsw >> 16) & 0xffff);
+
+ -- lowLSW = 0 | (num / RADIX) << 16;
+ -- remainder = num % RADIX;
+
+ -- num = (remainder << 16) | (lsw & 0xffff);
+
+ -- lowLSW |= num / RADIX;
+ -- remainder = num % RADIX;
+
+end
+
local function main(args)
print( string.rep('--',20) )
@@ -278,15 +383,26 @@ local function main(args)
print(' Gathering info')
local uid = blocks[0]:sub(1,8)
local itemtype = blocks[1]:sub(1,4)
- local cardid = blocks[1]:sub(9,24)
+ local cardidLsw = blocks[1]:sub(9,16)
+ local cardidMsw = blocks[1]:sub(17,24)
+ local itemtypename = toyNames[itemtype]
+ if itemtypename == nil then
+ itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)]
+ end
+
-- Show info
print( string.rep('--',20) )
- print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
+ print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) )
print( (' UID : 0x%s'):format(uid) )
- print( (' CARDID : 0x%s'):format(cardid ) )
+ print( (' CARDID : 0x%s %s [%s]'):format(
+ cardidMsw,cardidLsw,
+ --Num2Card(cardidMsw, cardidLsw))
+ '')
+ )
print( string.rep('--',20) )
+
-- lets do something.
--
local experience = blocks[8]:sub(1,6)
@@ -351,7 +467,7 @@ local function main(args)
err = LoadEmulator(blocks)
if err then return oops(err) end
core.clearCommandBuffer()
- print('The simulation is now prepared.\n --> run \"hf mf sim u '..uid..' x\" <--')
+ print('The simulation is now prepared.\n --> run \"hf mf sim u '..uid..'\" <--')
end
end
main(args)
\ No newline at end of file
--
2.39.5