| e98300f2 |
1 | //-----------------------------------------------------------------------------\r |
| 2 | //\r |
| 3 | // This code is licensed to you under the terms of the GNU GPL, version 2 or,\r |
| 4 | // at your option, any later version. See the LICENSE.txt file for the text of\r |
| 5 | // the license.\r |
| 6 | //-----------------------------------------------------------------------------\r |
| 7 | // Low frequency T55xx commands\r |
| 8 | //-----------------------------------------------------------------------------\r |
| 9 | \r |
| 10 | #ifndef CMDLFT55XX_H__\r |
| 11 | #define CMDLFT55XX_H__\r |
| 12 | \r |
| 388d8618 |
13 | #include <stdio.h>\r |
| 14 | #include <string.h>\r |
| 15 | #include <inttypes.h>\r |
| 16 | #include "proxmark3.h"\r |
| 17 | #include "ui.h"\r |
| 18 | #include "graph.h"\r |
| 19 | #include "cmdmain.h"\r |
| 20 | #include "cmdparser.h"\r |
| 21 | #include "cmddata.h"\r |
| 22 | #include "cmdlf.h"\r |
| 23 | #include "util.h"\r |
| 24 | #include "data.h"\r |
| 25 | #include "lfdemod.h"\r |
| 26 | #include "cmdhf14a.h" //for getTagInfo\r |
| 27 | \r |
| 28 | \r |
| 29 | #define T55x7_CONFIGURATION_BLOCK 0x00\r |
| 30 | #define T55x7_PAGE0 0x00\r |
| 31 | #define T55x7_PAGE1 0x01\r |
| 32 | #define T55x7_PWD 0x00000010\r |
| 33 | #define REGULAR_READ_MODE_BLOCK 0xFF\r |
| 34 | \r |
| 0de8e387 |
35 | // config blocks\r |
| 36 | #define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // compat mode, data rate 32, manchester, ST, 7 data blocks\r |
| 37 | #define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // compat mode, data rate 32, manchester, 7 data blocks\r |
| 0de8e387 |
38 | #define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // emulate em4x02/unique - compat mode, manchester, data rate 64, 2 data blocks\r |
| 0de8e387 |
39 | // FDXB requires data inversion and BiPhase 57 is simply BipHase 50 inverted, so we can either do it using the modulation scheme or the inversion flag\r |
| 40 | // we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,\r |
| 41 | // and it should actually be "10000" (16)\r |
| e98572a1 |
42 | // #define T55X7_FDXB_CONFIG_BLOCK 903F8080 // emulate fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks\r |
| 43 | #define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // emulate fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks\r |
| 44 | #define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // hid 26 bit - compat mode, FSK2a, data rate 50, 3 data blocks\r |
| 9260bcca |
45 | #define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // Pyramid 26 bit - compat mode, FSK2a, data rate 50, 4 data blocks\r |
| e98572a1 |
46 | #define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // emulate indala 64 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 2\r |
| 47 | #define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // emulate indala 224 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 7\r |
| 48 | #define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // bitrate 64pcb, Direct modulation, Biphase, 3 data blocks\r |
| 49 | #define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // compat mode, data rate 32, Manchester, 2 data blocks\r |
| 50 | #define T55X7_NORALYS_CONFIG_BLOCK 0x00088C6A // compat mode, (NORALYS - KCP3000)\r |
| 52f2df61 |
51 | #define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // maxblock 2\r |
| 5a6e19e6 |
52 | #define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // data rate 32, Manchester, 5 data blocks, STT\r |
| 0de8e387 |
53 | #define T55X7_bin 0b0010\r |
| 54 | \r |
| 69e312af |
55 | #define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // data rate 64 , ask, manchester, 2 data blocks?\r |
| 56 | enum {\r |
| 57 | T55x7_RAW = 0x00,\r |
| 58 | T55x7_DEFAULT = 0x00,\r |
| 59 | T5555_DEFAULT = 0x01,\r |
| 60 | EM_UNIQUE = 0x0,\r |
| 61 | FDBX = 0x02,\r |
| 62 | HID_26 = 0x03,\r |
| 63 | INDALA_64 = 0x04,\r |
| 64 | INDALA_224 = 0x05,\r |
| 65 | GUARDPROXXII = 0x06,\r |
| 66 | VIKING = 0x07,\r |
| 67 | NORALSYS = 0x08,\r |
| 68 | IOPROX = 0x09,\r |
| 69 | } t55xx_tag;\r |
| 70 | \r |
| 58962d4c |
71 | typedef struct {\r |
| 72 | uint32_t bl1;\r |
| 73 | uint32_t bl2; \r |
| 74 | uint32_t acl; \r |
| 75 | uint32_t mfc; \r |
| 76 | uint32_t cid; \r |
| 77 | uint32_t year; \r |
| 78 | uint32_t quarter; \r |
| 79 | uint32_t icr;\r |
| 80 | uint32_t lotid; \r |
| 81 | uint32_t wafer; \r |
| 82 | uint32_t dw;\r |
| 05164399 |
83 | } t55x7_tracedata_t;\r |
| 58962d4c |
84 | \r |
| 85 | typedef struct {\r |
| 86 | uint32_t bl1;\r |
| 87 | uint32_t bl2;\r |
| 88 | uint32_t icr;\r |
| 89 | char lotidc;\r |
| 90 | uint32_t lotid;\r |
| 91 | uint32_t wafer;\r |
| 92 | uint32_t dw;\r |
| 93 | } t5555_tracedata_t;\r |
| 0de8e387 |
94 | \r |
| 13d77ef9 |
95 | typedef struct {\r |
| 96 | enum {\r |
| 97 | DEMOD_NRZ = 0x00, \r |
| 98 | DEMOD_PSK1 = 0x01,\r |
| 99 | DEMOD_PSK2 = 0x02,\r |
| 100 | DEMOD_PSK3 = 0x03,\r |
| 101 | DEMOD_FSK1 = 0x04, \r |
| 102 | DEMOD_FSK1a = 0x05, \r |
| 103 | DEMOD_FSK2 = 0x06, \r |
| 104 | DEMOD_FSK2a = 0x07, \r |
| 105 | DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs) \r |
| 106 | DEMOD_ASK = 0x08,\r |
| 107 | DEMOD_BI = 0x10,\r |
| 108 | DEMOD_BIa = 0x18, \r |
| 109 | } modulation;\r |
| 110 | bool inverted;\r |
| 111 | uint8_t offset;\r |
| 112 | uint32_t block0;\r |
| 113 | enum {\r |
| 114 | RF_8 = 0x00,\r |
| 115 | RF_16 = 0x01,\r |
| 116 | RF_32 = 0x02,\r |
| 117 | RF_40 = 0x03,\r |
| 118 | RF_50 = 0x04,\r |
| 119 | RF_64 = 0x05,\r |
| 120 | RF_100 = 0x06,\r |
| 121 | RF_128 = 0x07,\r |
| 122 | } bitrate;\r |
| 6426f6ba |
123 | bool Q5;\r |
| 05164399 |
124 | bool ST;\r |
| 13d77ef9 |
125 | } t55xx_conf_block_t;\r |
| 94422fa2 |
126 | t55xx_conf_block_t Get_t55xx_Config();\r |
| 127 | void Set_t55xx_Config(t55xx_conf_block_t conf);\r |
| 128 | \r |
| e98300f2 |
129 | int CmdLFT55XX(const char *Cmd);\r |
| 13d77ef9 |
130 | int CmdT55xxSetConfig(const char *Cmd);\r |
| 131 | int CmdT55xxReadBlock(const char *Cmd);\r |
| 132 | int CmdT55xxWriteBlock(const char *Cmd);\r |
| 133 | int CmdT55xxReadTrace(const char *Cmd);\r |
| 134 | int CmdT55xxInfo(const char *Cmd);\r |
| 135 | int CmdT55xxDetect(const char *Cmd);\r |
| 94422fa2 |
136 | int CmdResetRead(const char *Cmd);\r |
| 6426f6ba |
137 | int CmdT55xxWipe(const char *Cmd);\r |
| c188b1b9 |
138 | int CmdT55xxBruteForce(const char *Cmd);\r |
| 13d77ef9 |
139 | \r |
| 140 | char * GetBitRateStr(uint32_t id);\r |
| 141 | char * GetSaferStr(uint32_t id);\r |
| 142 | char * GetModulationStr( uint32_t id);\r |
| 143 | char * GetModelStrFromCID(uint32_t cid);\r |
| 144 | char * GetSelectedModulationStr( uint8_t id);\r |
| 9632ecbe |
145 | uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bitstream);\r |
| 6426f6ba |
146 | void printT5xxHeader(uint8_t page);\r |
| 13d77ef9 |
147 | void printT55xxBlock(const char *demodStr);\r |
| 1c8fbeb9 |
148 | int printConfiguration( t55xx_conf_block_t b);\r |
| e98300f2 |
149 | \r |
| 13d77ef9 |
150 | bool DecodeT55xxBlock();\r |
| 151 | bool tryDetectModulation();\r |
| 3e5b5bb2 |
152 | bool testKnownConfigBlock(uint32_t block0);\r |
| 6426f6ba |
153 | bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5);\r |
| 13d77ef9 |
154 | int special(const char *Cmd);\r |
| 1d0ccbe0 |
155 | int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );\r |
| e98300f2 |
156 | \r |
| c188b1b9 |
157 | bool detectPassword(int password);\r |
| 58962d4c |
158 | \r |
| 05164399 |
159 | void printT55x7Trace( t55x7_tracedata_t data, uint8_t repeat );\r |
| 58962d4c |
160 | void printT5555Trace( t5555_tracedata_t data, uint8_t repeat );\r |
| 161 | \r |
| e98300f2 |
162 | #endif\r |
projects / proxmark3-svn / blame