From 9276e859a6f57ba2518e501fd8148a390ca3aa5e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 20 Oct 2015 19:00:02 +0200 Subject: [PATCH 1/1] ADD: @marshmellows42 's fixes for "lf cmdread" and CHANGELOG.md ADD: Added the "lf t55x7 wakeup" command. It will send a pwd, and leave the antenna on. Process like: 1. lf t55x7 wakeup p 11223344 2. lf search --- It is still not finished, will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets. --- CHANGELOG.md | 10 ++- armsrc/appmain.c | 5 +- armsrc/apps.h | 6 +- armsrc/lfops.c | 42 +++++++-- armsrc/lfsampling.c | 9 +- client/cmdlf.c | 63 ++++++++----- client/cmdlft55xx.c | 169 +++++++++++++++++++++++++++-------- client/hid-flasher/usb_cmd.h | 3 + client/lualibs/commands.lua | 1 + include/usb_cmd.h | 2 +- 10 files changed, 230 insertions(+), 80 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e619d89e..83b46cf4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,10 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ## [unreleased][unreleased] --trying to fix "hf 14b" command to be able to read CALYPSO card. (iceman) - --trying to fix "t55x7" read with password bug. (iceman) -- -### Added +### Added +- `lf t55xx read w` added wake with password then read following stream option to standard t55xx read commands (marshmellow) - `hf mf eload u` added an ultralight/ntag option. (marshmellow) - `hf iclass managekeys` to save, load and manage iclass keys. (adjusted most commands to accept a loaded key in memory) (marshmellow) - `hf iclass readblk` to select, authenticate, and read 1 block from an iclass card (marshmellow) @@ -22,6 +22,10 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `data hex2bin` and `data bin2hex` for command line conversion between binary and hexadecimal (holiman) ### Changed +- added lf t5xx read with password safety check and warning text +- Adjusted LF FSK demod to account for cross threshold fluctuations (898 count waves will adjust the 9 to 8 now...) more accurate. +- Adjusted timings for t55xx commands. more reliable now. +- `lf cmdread` adjusted input methods and added help text (marshmellow & iceman) - changed `lf config t ` to be 0 - 128 and will trigger on + or - threshold value (marshmellow) - `hf iclass dump` cli options - can now dump AA1 and AA2 with different keys in one run (does not go to muliple pages for the larger tags yet) - Revised workflow for StandAloneMode14a (Craig Young) @@ -39,7 +43,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ### Added - Add `hf 14b reader` to find and print general info about known 14b tags (marshmellow) -- Add `hf 14b info` to find and print full info about std 14b tags and sri tags (using 14b raw commands in the client) (marshmellow) +- Add `hf 14b info` to find and print info about std 14b tags and sri tags (using 14b raw commands in the client) (marshmellow) - Add PACE replay functionality (frederikmoellers) ### Fixed diff --git a/armsrc/appmain.c b/armsrc/appmain.c index e092c366..4ccb8edc 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -980,7 +980,7 @@ void UsbPacketReceived(uint8_t *packet, int len) CopyIndala224toT55x7(c->d.asDwords[0], c->d.asDwords[1], c->d.asDwords[2], c->d.asDwords[3], c->d.asDwords[4], c->d.asDwords[5], c->d.asDwords[6]); break; case CMD_T55XX_READ_BLOCK: - T55xxReadBlock(c->arg[1], c->arg[2],c->d.asBytes[0]); + T55xxReadBlock(c->arg[0], c->arg[1], c->arg[2]); break; case CMD_T55XX_WRITE_BLOCK: T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]); @@ -988,6 +988,9 @@ void UsbPacketReceived(uint8_t *packet, int len) case CMD_T55XX_READ_TRACE: T55xxReadTrace(); break; + case CMD_T55XX_WAKEUP: + T55xxWakeUp(c->arg[0]); + break; case CMD_PCF7931_READ: ReadPCF7931(); break; diff --git a/armsrc/apps.h b/armsrc/apps.h index f15ffd14..7039ab5b 100644 --- a/armsrc/apps.h +++ b/armsrc/apps.h @@ -67,9 +67,10 @@ extern uint8_t bits_per_sample ; extern bool averaging; void AcquireRawAdcSamples125k(int divisor); -void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,uint8_t *command); +void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t period_0, uint32_t period_1, uint8_t *command); void ReadTItag(void); void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc); + void AcquireTiType(void); void AcquireRawBitsTI(void); void SimulateTagLowFrequency(int period, int gap, int ledcontrol); @@ -88,8 +89,9 @@ void WriteEM410x(uint32_t card, uint32_t id_hi, uint32_t id_lo); void CopyIndala64toT55x7(int hi, int lo); // Clone Indala 64-bit tag by UID to T55x7 void CopyIndala224toT55x7(int uid1, int uid2, int uid3, int uid4, int uid5, int uid6, int uid7); // Clone Indala 224-bit tag by UID to T55x7 void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMode); -void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode ); +void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd); void T55xxReadTrace(void); +void T55xxWakeUp(uint32_t Pwd); void TurnReadLFOn(); void EM4xReadWord(uint8_t Address, uint32_t Pwd, uint8_t PwdMode); void EM4xWriteWord(uint32_t Data, uint8_t Address, uint32_t Pwd, uint8_t PwdMode); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 4a0dca16..c070b87c 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -26,7 +26,7 @@ * @param period_1 * @param command */ -void ModThenAcquireRawAdcSamples125k(int delay_off, int period_0, int period_1, uint8_t *command) +void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint32_t period_0, uint32_t period_1, uint8_t *command) { int divisor_used = 95; // 125 KHz @@ -1167,7 +1167,7 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod T55xxWriteBit(1); T55xxWriteBit(0); //Page 0 - if (PwdMode == 1){ + if (PwdMode){ // Send Pwd for (i = 0x80000000; i != 0; i >>= 1) T55xxWriteBit(Pwd & i); @@ -1190,13 +1190,14 @@ void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t PwdMod // turn field off FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); cmd_send(CMD_ACK,0,0,0,0,0); - LED_A_OFF(); + LED_A_OFF(); + LED_B_OFF(); } // Read one card block in page 0 -void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { +void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) { LED_A_ON(); - + uint8_t PwdMode = arg0 & 0xFF; uint32_t i = 0; //clear buffer now so it does not interfere with timing later @@ -1208,8 +1209,7 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { // Set up FPGA, 125kHz LFSetupFPGAForADC(95, true); - // Trigger T55x7 in mode. - // Trigger T55x7 Direct Access Mode + // Trigger T55x7 Direct Access Mode FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); SpinDelayUs(START_GAP); @@ -1217,11 +1217,12 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { T55xxWriteBit(1); T55xxWriteBit(0); //Page 0 - if (PwdMode == 1){ + if (PwdMode){ // Send Pwd for (i = 0x80000000; i != 0; i >>= 1) T55xxWriteBit(Pwd & i); } + // Send a zero bit separation T55xxWriteBit(0); @@ -1239,6 +1240,7 @@ void T55xxReadBlock(uint32_t Block, uint32_t Pwd, uint8_t PwdMode) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); cmd_send(CMD_ACK,0,0,0,0,0); LED_A_OFF(); + LED_B_OFF(); } // Read card traceability data (page 1) @@ -1269,6 +1271,30 @@ void T55xxReadTrace(void){ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); cmd_send(CMD_ACK,0,0,0,0,0); LED_A_OFF(); + LED_B_OFF(); +} + +void T55xxWakeUp(uint32_t Pwd){ + LED_B_ON(); + uint32_t i = 0; + + // Set up FPGA, 125kHz + LFSetupFPGAForADC(95, true); + + // Trigger T55x7 Direct Access Mode + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelayUs(START_GAP); + + // Opcode 10 + T55xxWriteBit(1); + T55xxWriteBit(0); //Page 0 + + // Send Pwd + for (i = 0x80000000; i != 0; i >>= 1) + T55xxWriteBit(Pwd & i); + + // Turn field on to read the response + TurnReadLFOn(READ_GAP); } /*-------------- Cloning routines -----------*/ diff --git a/armsrc/lfsampling.c b/armsrc/lfsampling.c index 8b4ab778..3a70c340 100644 --- a/armsrc/lfsampling.c +++ b/armsrc/lfsampling.c @@ -266,14 +266,16 @@ void doT55x7Acquisition(void){ if ( bufsize > T55xx_SAMPLES_SIZE ) bufsize = T55xx_SAMPLES_SIZE; - //memset(dest, 0, bufsize); - uint16_t i = 0; + uint16_t nosignal = 0; bool startFound = false; bool highFound = false; uint8_t curSample = 0; uint8_t firstSample = 0; - for(;;) { + while(!BUTTON_PRESS()) { + WDT_HIT(); + if ( nosignal == 0xFFFF ) break; + if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { AT91C_BASE_SSC->SSC_THR = 0x43; LED_D_ON(); @@ -287,6 +289,7 @@ void doT55x7Acquisition(void){ firstSample = curSample; highFound = true; } else if (!highFound) { + nosignal++; continue; } diff --git a/client/cmdlf.c b/client/cmdlf.c index 36c07628..f04feb97 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -36,16 +36,18 @@ static int CmdHelp(const char *Cmd); int usage_lf_cmdread() { - PrintAndLog("Usage: lf cmdread [H|L]"); + PrintAndLog("Usage: lf cmdread d z o c [H]"); PrintAndLog("Options: "); PrintAndLog(" h This help"); - PrintAndLog(" delay offset"); - PrintAndLog(" time period ZERO"); - PrintAndLog(" time period ONE"); - PrintAndLog(" [H|L] Frequency Low (125 KHz) / High (134 KHz)"); + PrintAndLog(" H Freqency High (134 KHz), default is 'Low (125KHz)'"); + PrintAndLog(" d delay OFF period, (dec)"); + PrintAndLog(" z time period ZERO, (dec)"); + PrintAndLog(" o time period ONE, (dec)"); + PrintAndLog(" c Command bytes"); + PrintAndLog(" ************* All periods in microseconds (ms)"); PrintAndLog("Examples:"); - PrintAndLog(" lf cmdread 80 100 200 11000"); - PrintAndLog(" lf cmdread 80 100 100 11000 H"); + PrintAndLog(" lf cmdread d 80 z 100 o 200 c 11000"); + PrintAndLog(" lf cmdread d 80 z 100 o 100 c 11000 H"); return 0; } @@ -53,21 +55,38 @@ int usage_lf_cmdread() int CmdLFCommandRead(const char *Cmd) { static char dummy[3] = {0x20,0x00,0x00}; + UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K}; bool errors = FALSE; - uint8_t divisor = 95; //125khz - uint8_t cmdp =0; - while(param_getchar(Cmd, cmdp) != 0x00) - { + + uint8_t cmdp = 0; + int strLength = 0; + + while(param_getchar(Cmd, cmdp) != 0x00) { switch(param_getchar(Cmd, cmdp)) { case 'h': return usage_lf_cmdread(); case 'H': - divisor = 88; + dummy[1]='h'; cmdp++; break; - case 'a': - //param_getchar(Cmd, cmdp+1) == '1'; + case 'L': + cmdp++; + break; + case 'c': + strLength = param_getstr(Cmd, cmdp+1, (char *)&c.d.asBytes); + cmdp+=2; + break; + case 'd': + c.arg[0] = param_get32ex(Cmd, cmdp+1, 0, 10); + cmdp+=2; + break; + case 'z': + c.arg[1] = param_get32ex(Cmd, cmdp+1, 0, 10); + cmdp+=2; + break; + case 'o': + c.arg[2] = param_get32ex(Cmd, cmdp+1, 0, 10); cmdp+=2; break; default: @@ -78,19 +97,15 @@ int CmdLFCommandRead(const char *Cmd) if(errors) break; } // No args - if(cmdp == 0) errors = 1; + if (cmdp == 0) errors = 1; //Validations - if(errors) return usage_lf_cmdread(); - - UsbCommand c = {CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K}; - - sscanf(Cmd, "%"lli" %"lli" %"lli" %s %s", &c.arg[0], &c.arg[1], &c.arg[2],(char*)(&c.d.asBytes),(char*)(&dummy+1)); + if (errors) return usage_lf_cmdread(); - // in case they specified 'h' - strcpy((char *)&c.d.asBytes + strlen((char *)c.d.asBytes), dummy); + // in case they specified 'H' + // added to the end.. + strcpy((char *)&c.d.asBytes + strLength, dummy); - PrintAndLog("ICE: %d %s -- %s", strlen((char *)c.d.asBytes) ,dummy, c.d.asBytes); clearCommandBuffer(); SendCommand(&c); return 0; @@ -1205,8 +1220,8 @@ int CmdLFfind(const char *Cmd) static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, + {"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"}, {"em4x", CmdLFEM4X, 1, "{ EM4X RFIDs... }"}, - {"awid", CmdLFAWID, 1, "{ AWID RFIDs... }"}, {"hid", CmdLFHID, 1, "{ HID RFIDs... }"}, {"hitag", CmdLFHitag, 1, "{ HITAG RFIDs... }"}, {"io", CmdLFIO, 1, "{ IOPROX RFIDs... }"}, diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c index 3b56881b..28956fdc 100644 --- a/client/cmdlft55xx.c +++ b/client/cmdlft55xx.c @@ -35,7 +35,7 @@ t55xx_conf_block_t config = { .modulation = DEMOD_ASK, .inverted = FALSE, .offse int usage_t55xx_config(){ PrintAndLog("Usage: lf t55xx config [d ] [i 1] [o ]"); - PrintAndLog("Options: "); + PrintAndLog("Options:"); PrintAndLog(" h This help"); PrintAndLog(" b <8|16|32|40|50|64|100|128> Set bitrate"); PrintAndLog(" d Set demodulation FSK / ASK / PSK / NRZ / Biphase / Biphase A"); @@ -50,30 +50,39 @@ int usage_t55xx_config(){ return 0; } int usage_t55xx_read(){ - PrintAndLog("Usage: lf t55xx read "); - PrintAndLog(" , block number to read. Between 0-7"); - PrintAndLog(" , OPTIONAL password (8 hex characters)"); + PrintAndLog("Usage: lf t55xx read b p "); + PrintAndLog("Options:"); + PrintAndLog(" b , block number to read. Between 0-7"); + PrintAndLog(" p , OPTIONAL password 4bytes (8 hex symbols)"); + PrintAndLog(" o, OPTIONAL override safety check"); + PrintAndLog(" w, OPTIONAL wakeup"); + PrintAndLog(" ****WARNING****"); + PrintAndLog(" Use of read with password on a tag not configured for a pwd"); + PrintAndLog(" can damage the tag"); PrintAndLog(""); PrintAndLog("Examples:"); - PrintAndLog(" lf t55xx read 0 - read data from block 0"); - PrintAndLog(" lf t55xx read 0 feedbeef - read data from block 0 password feedbeef"); + PrintAndLog(" lf t55xx read b 0 - read data from block 0"); + PrintAndLog(" lf t55xx read b 0 p feedbeef - read data from block 0 password feedbeef"); + PrintAndLog(" lf t55xx read b 0 p feedbeef o - read data from block 0 password feedbeef safety check"); PrintAndLog(""); return 0; } int usage_t55xx_write(){ - PrintAndLog("Usage: lf t55xx wr [password]"); + PrintAndLog("Usage: lf t55xx write [password]"); + PrintAndLog("Options:"); PrintAndLog(" , block number to write. Between 0-7"); - PrintAndLog(" , 4 bytes of data to write (8 hex characters)"); - PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex characters)"); + PrintAndLog(" , 4 bytes of data to write (8 hex symbols)"); + PrintAndLog(" [password], OPTIONAL password 4bytes (8 hex symbols)"); PrintAndLog(""); PrintAndLog("Examples:"); - PrintAndLog(" lf t55xx wr 3 11223344 - write 11223344 to block 3"); - PrintAndLog(" lf t55xx wr 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef"); + PrintAndLog(" lf t55xx write 3 11223344 - write 11223344 to block 3"); + PrintAndLog(" lf t55xx write 3 11223344 feedbeef - write 11223344 to block 3 password feedbeef"); PrintAndLog(""); return 0; } int usage_t55xx_trace() { PrintAndLog("Usage: lf t55xx trace [1]"); + PrintAndLog("Options:"); PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag."); PrintAndLog(""); PrintAndLog("Examples:"); @@ -84,6 +93,7 @@ int usage_t55xx_trace() { } int usage_t55xx_info() { PrintAndLog("Usage: lf t55xx info [1]"); + PrintAndLog("Options:"); PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag."); PrintAndLog(""); PrintAndLog("Examples:"); @@ -94,6 +104,7 @@ int usage_t55xx_info() { } int usage_t55xx_dump(){ PrintAndLog("Usage: lf t55xx dump "); + PrintAndLog("Options:"); PrintAndLog(" , OPTIONAL password 4bytes (8 hex symbols)"); PrintAndLog(""); PrintAndLog("Examples:"); @@ -103,7 +114,9 @@ int usage_t55xx_dump(){ return 0; } int usage_t55xx_detect(){ - PrintAndLog("Usage: lf t55xx detect"); + PrintAndLog("Usage: lf t55xx detect [1]"); + PrintAndLog("Options:"); + PrintAndLog(" [graph buffer data], if set, use Graphbuffer otherwise read data from tag."); PrintAndLog(""); PrintAndLog("Examples:"); PrintAndLog(" lf t55xx detect"); @@ -111,6 +124,17 @@ int usage_t55xx_detect(){ PrintAndLog(""); return 0; } +int usage_t55xx_wakup(){ + PrintAndLog("Usage: lf t55xx wakeup [h] p "); + PrintAndLog("This commands send the Answer-On-Request command and leaves the readerfield ON afterwards."); + PrintAndLog("Options:"); + PrintAndLog(" h - this help"); + PrintAndLog(" p - password 4bytes (8 hex symbols)"); + PrintAndLog(""); + PrintAndLog("Examples:"); + PrintAndLog(" lf t55xx wakeup p 11223344 - send wakeup password"); + return 0; +} static int CmdHelp(const char *Cmd); @@ -216,39 +240,72 @@ int CmdT55xxSetConfig(const char *Cmd) { } int CmdT55xxReadBlock(const char *Cmd) { - int block = -1; - int password = 0xFFFFFFFF; //default to blank Block 7 - - char cmdp = param_getchar(Cmd, 0); - if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_read(); - - int res = sscanf(Cmd, "%d %x", &block, &password); - - if ( res < 1 || res > 2 ) return usage_t55xx_read(); - - if ((block < 0) | (block > 7)) { + uint8_t block = 255; + uint8_t wake = 0; + uint8_t usepwd = 0; + uint32_t password = 0xFFFFFFFF; //default to blank Block 7 + uint8_t override = 0; + uint8_t cmdp = 0; + bool errors = false; + while(param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch(param_getchar(Cmd, cmdp)) { + case 'h': + case 'H': + return usage_t55xx_read(); + case 'b': + case 'B': + errors |= param_getdec(Cmd, cmdp+1, &block); + cmdp+=2; + break; + case 'o': + case 'O': + override = 1; + cmdp++; + break; + case 'p': + case 'P': + password = param_get32ex(Cmd, cmdp+1, 0, 10); + usepwd = 1; + cmdp+=2; + break; + case 'w': + case 'W': + wake = 1; + cmdp++; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + if (errors) return usage_t55xx_read(); + if (wake && !usepwd) { + PrintAndLog("Wake command must use a pwd"); + return 1; + } + if ((block > 7) && !wake) { PrintAndLog("Block must be between 0 and 7"); return 1; } - UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, 0}}; - c.d.asBytes[0] = 0x0; + UsbCommand c = {CMD_T55XX_READ_BLOCK, {0, block, password}}; //Password mode - if ( res == 2 ) { - + if ( usepwd || wake ) { // try reading the config block and verify that PWD bit is set before doing this! - AquireData( CONFIGURATION_BLOCK ); - if ( !tryDetectModulation() ) { - PrintAndLog("Could not detect is PWD bit is set in config block. Exits."); - return 1; - } - //if PWD bit is set, allow to execute read command with password. - if (( config.block0 & T55x7_PWD ) == 1) { - c.arg[2] = password; - c.d.asBytes[0] = 0x1; - } else { - PrintAndLog("PWD bit is NOT set in config block. Reading without password..."); + if ( wake || override ) { + c.arg[0] = (wake<<8) & usepwd; + if ( !wake && override ) + PrintAndLog("Safety Check Overriden - proceeding despite risk"); + } else { + AquireData( CONFIGURATION_BLOCK ); + if ( !tryDetectModulation() ) { + PrintAndLog("Safety Check: Could not detect if PWD bit is set in config block. Exits."); + return 1; + } else { + PrintAndLog("Safety Check: PWD bit is NOT set in config block. Reading without password..."); + } } } @@ -266,7 +323,11 @@ int CmdT55xxReadBlock(const char *Cmd) { //DemodBufferLen=0; if (!DecodeT55xxBlock()) return 3; char blk[10]={0}; + if ( wake ) { + sprintf(blk,"wake"); + } else { sprintf(blk,"%d", block); + } printT55xxBlock(blk); return 0; } @@ -1074,6 +1135,36 @@ void t55x7_create_config_block( int tagtype ){ } +int CmdT55xxWakeUp(const char *Cmd) { + uint32_t password = 0xFFFFFFFF; //default to blank Block 7 + uint8_t cmdp = 0; + bool errors = false; + while(param_getchar(Cmd, cmdp) != 0x00 && !errors) { + switch(param_getchar(Cmd, cmdp)) { + case 'h': + case 'H': + return usage_t55xx_wakup(); + case 'p': + case 'P': + password = param_get32ex(Cmd, cmdp+1, 0, 10); + cmdp+=2; + break; + default: + PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); + errors = true; + break; + } + } + if (errors) return usage_t55xx_wakup(); + + UsbCommand c = {CMD_T55XX_WAKEUP, {password, 0, 0}}; + + clearCommandBuffer(); + SendCommand(&c); + PrintAndLog("Wake up command sent. Try read now"); + return 0; +} + /* uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits){ @@ -1100,6 +1191,8 @@ static command_t CommandTable[] = {"info", CmdT55xxInfo, 0, "[1] Show T55xx configuration data (page 0/ blk 0)"}, {"dump", CmdT55xxDump, 0, "[password] Dump T55xx card block 0-7. [optional password]"}, {"special", special, 0, "Show block changes with 64 different offsets"}, + {"wakeup", CmdT55xxWakeUp, 0, "Send AOR wakeup command"}, + {NULL, NULL, 0, NULL} }; diff --git a/client/hid-flasher/usb_cmd.h b/client/hid-flasher/usb_cmd.h index 8f4eee97..b662b929 100644 --- a/client/hid-flasher/usb_cmd.h +++ b/client/hid-flasher/usb_cmd.h @@ -86,6 +86,8 @@ typedef struct{ #define CMD_T55XX_READ_BLOCK 0x0214 #define CMD_T55XX_WRITE_BLOCK 0x0215 #define CMD_T55XX_READ_TRACE 0x0216 +#define CMD_T55XX_WAKEUP 0x0224 + #define CMD_PCF7931_READ 0x0217 #define CMD_PCF7931_WRITE 0x0223 #define CMD_EM4X_READ_WORD 0x0218 @@ -101,6 +103,7 @@ typedef struct{ #define CMD_AWID_DEMOD_FSK 0x0221 #define CMD_VIKING_CLONE_TAG 0x0222 + /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ // For the 13.56 MHz tags diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua index 97b40d98..dd5544cb 100644 --- a/client/lualibs/commands.lua +++ b/client/lualibs/commands.lua @@ -58,6 +58,7 @@ local _commands = { CMD_PSK_SIM_TAG = 0x0220, CMD_AWID_DEMOD_FSK = 0x0221, CMD_VIKING_CLONE_TAG = 0x0222, + CMD_T55XX_WAKEUP = 0x0224, --/* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ diff --git a/include/usb_cmd.h b/include/usb_cmd.h index 4a6704c6..114e6d08 100644 --- a/include/usb_cmd.h +++ b/include/usb_cmd.h @@ -100,7 +100,7 @@ typedef struct{ #define CMD_PSK_SIM_TAG 0x0220 #define CMD_AWID_DEMOD_FSK 0x0221 #define CMD_VIKING_CLONE_TAG 0x0222 - +#define CMD_T55XX_WAKEUP 0x0224 /* CMD_SET_ADC_MUX: ext1 is 0 for lopkd, 1 for loraw, 2 for hipkd, 3 for hiraw */ -- 2.39.5