[proxmark3-svn] / client / cmdlft55xx.h

//-----------------------------------------------------------------------------\r
//\r
// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
// at your option, any later version. See the LICENSE.txt file for the text of\r
// the license.\r
//-----------------------------------------------------------------------------\r
// Low frequency T55xx commands\r
//-----------------------------------------------------------------------------\r
\r
#ifndef CMDLFT55XX_H__\r
#define CMDLFT55XX_H__\r
\r
#include <stdio.h>\r
#include <string.h>\r
#include <inttypes.h>\r
#include "proxmark3.h"\r
#include "ui.h"\r
#include "graph.h"\r
#include "cmdmain.h"\r
#include "cmdparser.h"\r
#include "cmddata.h"\r
#include "cmdlf.h"\r
#include "util.h"\r
#include "data.h"\r
#include "lfdemod.h"\r
#include "cmdhf14a.h" //for getTagInfo\r
\r
\r
#define T55x7_CONFIGURATION_BLOCK 0x00\r
#define T55x7_PAGE0 0x00\r
#define T55x7_PAGE1 0x01\r
#define T55x7_PWD	0x00000010\r
#define REGULAR_READ_MODE_BLOCK 0xFF\r
\r
// config blocks\r
#define T55X7_DEFAULT_CONFIG_BLOCK      0x000880E8      // compat mode, data rate 32, manchester, ST, 7 data blocks\r
#define T55X7_RAW_CONFIG_BLOCK          0x000880E0      // compat mode, data rate 32, manchester, 7 data blocks\r
#define T55X7_EM_UNIQUE_CONFIG_BLOCK    0x00148040      // emulate em4x02/unique - compat mode, manchester, data rate 64, 2 data blocks\r
// FDXB requires data inversion and BiPhase 57 is simply BipHase 50 inverted, so we can either do it using the modulation scheme or the inversion flag\r
// we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,\r
// and it should actually be "10000" (16)\r
// #define T55X7_FDXB_CONFIG_BLOCK         903F8080  // emulate fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks\r
#define T55X7_FDXB_CONFIG_BLOCK         0x903F0082  // emulate fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks\r
#define T55X7_HID_26_CONFIG_BLOCK       0x00107060  // hid 26 bit - compat mode, FSK2a, data rate 50, 3 data blocks\r
#define T55X7_PYRAMID_CONFIG_BLOCK		0x00107080  // Pyramid 26 bit - compat mode, FSK2a, data rate 50, 4 data blocks\r
#define T55X7_INDALA_64_CONFIG_BLOCK    0x00081040  // emulate indala 64 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 2\r
#define T55X7_INDALA_224_CONFIG_BLOCK   0x000810E0  // emulate indala 224 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 7\r
#define T55X7_GUARDPROXII_CONFIG_BLOCK	0x00150060	// bitrate 64pcb, Direct modulation, Biphase, 3 data blocks\r
#define T55X7_VIKING_CONFIG_BLOCK		0x00088040	// compat mode, data rate 32, Manchester, 2 data blocks\r
#define T55X7_NORALYS_CONFIG_BLOCK		0x00088C6A	// compat mode,   (NORALYS - KCP3000)\r
#define T55X7_IOPROX_CONFIG_BLOCK		0x00147040  // maxblock 2\r
#define T55X7_PRESCO_CONFIG_BLOCK		0x00088088  // data rate 32, Manchester, 5 data blocks, STT\r
#define T55X7_bin 0b0010\r
\r
#define T5555_DEFAULT_CONFIG_BLOCK		0x6001F004  // data rate 64 , ask, manchester, 2 data blocks?\r
enum {\r
	T55x7_RAW = 0x00,\r
	T55x7_DEFAULT = 0x00,\r
	T5555_DEFAULT = 0x01,\r
	EM_UNIQUE  = 0x0,\r
	FDBX = 0x02,\r
	HID_26 = 0x03,\r
	INDALA_64 = 0x04,\r
	INDALA_224 = 0x05,\r
	GUARDPROXXII = 0x06,\r
	VIKING = 0x07,\r
	NORALSYS = 0x08,\r
	IOPROX = 0x09,\r
} t55xx_tag;\r
\r
typedef struct {\r
	uint32_t bl1;\r
	uint32_t bl2; \r
	uint32_t acl; \r
	uint32_t mfc; \r
	uint32_t cid; \r
	uint32_t year; \r
	uint32_t quarter; \r
	uint32_t icr;\r
	uint32_t lotid; \r
	uint32_t wafer; \r
	uint32_t dw;\r
} t55x7_tracedata_t;\r
\r
typedef struct {\r
	uint32_t bl1;\r
	uint32_t bl2;\r
	uint32_t icr;\r
	char lotidc;\r
	uint32_t lotid;\r
	uint32_t wafer;\r
	uint32_t dw;\r
} t5555_tracedata_t;\r
\r
typedef struct {\r
	enum {\r
		DEMOD_NRZ  = 0x00,    \r
		DEMOD_PSK1 = 0x01,\r
		DEMOD_PSK2 = 0x02,\r
		DEMOD_PSK3 = 0x03,\r
		DEMOD_FSK1  = 0x04,     \r
		DEMOD_FSK1a = 0x05,     \r
		DEMOD_FSK2  = 0x06,     \r
		DEMOD_FSK2a = 0x07, \r
		DEMOD_FSK   = 0xF0, //generic FSK (auto detect FCs)    \r
		DEMOD_ASK  = 0x08,\r
		DEMOD_BI   = 0x10,\r
		DEMOD_BIa  = 0x18,		\r
	}  modulation;\r
	bool inverted;\r
	uint8_t offset;\r
	uint32_t block0;\r
	enum {\r
		RF_8 = 0x00,\r
		RF_16 = 0x01,\r
		RF_32 = 0x02,\r
		RF_40 = 0x03,\r
		RF_50 = 0x04,\r
		RF_64 = 0x05,\r
		RF_100 = 0x06,\r
		RF_128 = 0x07,\r
	} bitrate;\r
	bool Q5;\r
	bool ST;\r
} t55xx_conf_block_t;\r
t55xx_conf_block_t Get_t55xx_Config();\r
void Set_t55xx_Config(t55xx_conf_block_t conf);\r
\r
int CmdLFT55XX(const char *Cmd);\r
int CmdT55xxSetConfig(const char *Cmd);\r
int CmdT55xxReadBlock(const char *Cmd);\r
int CmdT55xxWriteBlock(const char *Cmd);\r
int CmdT55xxReadTrace(const char *Cmd);\r
int CmdT55xxInfo(const char *Cmd);\r
int CmdT55xxDetect(const char *Cmd);\r
int CmdResetRead(const char *Cmd);\r
int CmdT55xxWipe(const char *Cmd);\r
int CmdT55xxBruteForce(const char *Cmd);\r
\r
char * GetBitRateStr(uint32_t id);\r
char * GetSaferStr(uint32_t id);\r
char * GetModulationStr( uint32_t id);\r
char * GetModelStrFromCID(uint32_t cid);\r
char * GetSelectedModulationStr( uint8_t id);\r
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bitstream);\r
void printT5xxHeader(uint8_t page);\r
void printT55xxBlock(const char *demodStr);\r
int printConfiguration( t55xx_conf_block_t b);\r
\r
bool DecodeT55xxBlock();\r
bool tryDetectModulation();\r
bool testKnownConfigBlock(uint32_t block0);\r
bool test(uint8_t mode, uint8_t *offset, int *fndBitRate, uint8_t clk, bool *Q5);\r
int special(const char *Cmd);\r
int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );\r
\r
bool detectPassword(int password);\r
\r
void printT55x7Trace( t55x7_tracedata_t data, uint8_t repeat );\r
void printT5555Trace( t5555_tracedata_t data, uint8_t repeat );\r
\r
#endif\r
Commit	Line	Data
e98300f2	1	//-----------------------------------------------------------------------------\r
	2	//\r
	3	// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
	4	// at your option, any later version. See the LICENSE.txt file for the text of\r
	5	// the license.\r
	6	//-----------------------------------------------------------------------------\r
	7	// Low frequency T55xx commands\r
	8	//-----------------------------------------------------------------------------\r
	9	\r
	10	#ifndef CMDLFT55XX_H__\r
	11	#define CMDLFT55XX_H__\r
	12	\r
388d8618	13	#include <stdio.h>\r
	14	#include <string.h>\r
	15	#include <inttypes.h>\r
	16	#include "proxmark3.h"\r
	17	#include "ui.h"\r
	18	#include "graph.h"\r
	19	#include "cmdmain.h"\r
	20	#include "cmdparser.h"\r
	21	#include "cmddata.h"\r
	22	#include "cmdlf.h"\r
	23	#include "util.h"\r
	24	#include "data.h"\r
	25	#include "lfdemod.h"\r
	26	#include "cmdhf14a.h" //for getTagInfo\r
	27	\r
	28	\r
	29	#define T55x7_CONFIGURATION_BLOCK 0x00\r
	30	#define T55x7_PAGE0 0x00\r
	31	#define T55x7_PAGE1 0x01\r
	32	#define T55x7_PWD 0x00000010\r
	33	#define REGULAR_READ_MODE_BLOCK 0xFF\r
	34	\r
0de8e387	35	// config blocks\r
	36	#define T55X7_DEFAULT_CONFIG_BLOCK 0x000880E8 // compat mode, data rate 32, manchester, ST, 7 data blocks\r
	37	#define T55X7_RAW_CONFIG_BLOCK 0x000880E0 // compat mode, data rate 32, manchester, 7 data blocks\r
0de8e387	38	#define T55X7_EM_UNIQUE_CONFIG_BLOCK 0x00148040 // emulate em4x02/unique - compat mode, manchester, data rate 64, 2 data blocks\r
0de8e387	39	// FDXB requires data inversion and BiPhase 57 is simply BipHase 50 inverted, so we can either do it using the modulation scheme or the inversion flag\r
	40	// we've done both below to prove that it works either way, and the modulation value for BiPhase 50 in the Atmel data sheet of binary "10001" (17) is a typo,\r
	41	// and it should actually be "10000" (16)\r
e98572a1	42	// #define T55X7_FDXB_CONFIG_BLOCK 903F8080 // emulate fdx-b - xtended mode, BiPhase ('57), data rate 32, 4 data blocks\r
	43	#define T55X7_FDXB_CONFIG_BLOCK 0x903F0082 // emulate fdx-b - xtended mode, BiPhase ('50), invert data, data rate 32, 4 data blocks\r
	44	#define T55X7_HID_26_CONFIG_BLOCK 0x00107060 // hid 26 bit - compat mode, FSK2a, data rate 50, 3 data blocks\r
9260bcca	45	#define T55X7_PYRAMID_CONFIG_BLOCK 0x00107080 // Pyramid 26 bit - compat mode, FSK2a, data rate 50, 4 data blocks\r
e98572a1	46	#define T55X7_INDALA_64_CONFIG_BLOCK 0x00081040 // emulate indala 64 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 2\r
	47	#define T55X7_INDALA_224_CONFIG_BLOCK 0x000810E0 // emulate indala 224 bit - compat mode, PSK1, psk carrier FC * 2, data rate 32, maxblock 7\r
	48	#define T55X7_GUARDPROXII_CONFIG_BLOCK 0x00150060 // bitrate 64pcb, Direct modulation, Biphase, 3 data blocks\r
	49	#define T55X7_VIKING_CONFIG_BLOCK 0x00088040 // compat mode, data rate 32, Manchester, 2 data blocks\r
	50	#define T55X7_NORALYS_CONFIG_BLOCK 0x00088C6A // compat mode, (NORALYS - KCP3000)\r
52f2df61	51	#define T55X7_IOPROX_CONFIG_BLOCK 0x00147040 // maxblock 2\r
5a6e19e6	52	#define T55X7_PRESCO_CONFIG_BLOCK 0x00088088 // data rate 32, Manchester, 5 data blocks, STT\r
0de8e387	53	#define T55X7_bin 0b0010\r
0de8e387	54	\r
69e312af	55	#define T5555_DEFAULT_CONFIG_BLOCK 0x6001F004 // data rate 64 , ask, manchester, 2 data blocks?\r
	56	enum {\r
	57	T55x7_RAW = 0x00,\r
	58	T55x7_DEFAULT = 0x00,\r
	59	T5555_DEFAULT = 0x01,\r
	60	EM_UNIQUE = 0x0,\r
	61	FDBX = 0x02,\r
	62	HID_26 = 0x03,\r
	63	INDALA_64 = 0x04,\r
	64	INDALA_224 = 0x05,\r
	65	GUARDPROXXII = 0x06,\r
	66	VIKING = 0x07,\r
	67	NORALSYS = 0x08,\r
	68	IOPROX = 0x09,\r
	69	} t55xx_tag;\r
	70	\r
58962d4c	71	typedef struct {\r
	72	uint32_t bl1;\r
	73	uint32_t bl2; \r
	74	uint32_t acl; \r
	75	uint32_t mfc; \r
	76	uint32_t cid; \r
	77	uint32_t year; \r
	78	uint32_t quarter; \r
	79	uint32_t icr;\r
	80	uint32_t lotid; \r
	81	uint32_t wafer; \r
	82	uint32_t dw;\r
05164399	83	} t55x7_tracedata_t;\r
58962d4c	84	\r
	85	typedef struct {\r
	86	uint32_t bl1;\r
	87	uint32_t bl2;\r
	88	uint32_t icr;\r
	89	char lotidc;\r
	90	uint32_t lotid;\r
	91	uint32_t wafer;\r
	92	uint32_t dw;\r
	93	} t5555_tracedata_t;\r
0de8e387	94	\r
13d77ef9	95	typedef struct {\r
	96	enum {\r
	97	DEMOD_NRZ = 0x00, \r
	98	DEMOD_PSK1 = 0x01,\r
	99	DEMOD_PSK2 = 0x02,\r
	100	DEMOD_PSK3 = 0x03,\r
	101	DEMOD_FSK1 = 0x04, \r
	102	DEMOD_FSK1a = 0x05, \r
	103	DEMOD_FSK2 = 0x06, \r
	104	DEMOD_FSK2a = 0x07, \r
	105	DEMOD_FSK = 0xF0, //generic FSK (auto detect FCs) \r
	106	DEMOD_ASK = 0x08,\r
	107	DEMOD_BI = 0x10,\r
	108	DEMOD_BIa = 0x18, \r
	109	} modulation;\r
	110	bool inverted;\r
	111	uint8_t offset;\r
	112	uint32_t block0;\r
	113	enum {\r
	114	RF_8 = 0x00,\r
	115	RF_16 = 0x01,\r
	116	RF_32 = 0x02,\r
	117	RF_40 = 0x03,\r
	118	RF_50 = 0x04,\r
	119	RF_64 = 0x05,\r
	120	RF_100 = 0x06,\r
	121	RF_128 = 0x07,\r
	122	} bitrate;\r
6426f6ba	123	bool Q5;\r
05164399	124	bool ST;\r
13d77ef9	125	} t55xx_conf_block_t;\r
94422fa2	126	t55xx_conf_block_t Get_t55xx_Config();\r
	127	void Set_t55xx_Config(t55xx_conf_block_t conf);\r
	128	\r
e98300f2	129	int CmdLFT55XX(const char *Cmd);\r
13d77ef9	130	int CmdT55xxSetConfig(const char *Cmd);\r
	131	int CmdT55xxReadBlock(const char *Cmd);\r
	132	int CmdT55xxWriteBlock(const char *Cmd);\r
	133	int CmdT55xxReadTrace(const char *Cmd);\r
	134	int CmdT55xxInfo(const char *Cmd);\r
	135	int CmdT55xxDetect(const char *Cmd);\r
94422fa2	136	int CmdResetRead(const char *Cmd);\r
6426f6ba	137	int CmdT55xxWipe(const char *Cmd);\r
c188b1b9	138	int CmdT55xxBruteForce(const char *Cmd);\r
13d77ef9	139	\r
	140	char * GetBitRateStr(uint32_t id);\r
	141	char * GetSaferStr(uint32_t id);\r
	142	char * GetModulationStr( uint32_t id);\r
	143	char * GetModelStrFromCID(uint32_t cid);\r
	144	char * GetSelectedModulationStr( uint8_t id);\r
9632ecbe	145	uint32_t PackBits(uint8_t start, uint8_t len, uint8_t *bitstream);\r
6426f6ba	146	void printT5xxHeader(uint8_t page);\r
13d77ef9	147	void printT55xxBlock(const char *demodStr);\r
1c8fbeb9	148	int printConfiguration( t55xx_conf_block_t b);\r
e98300f2	149	\r
13d77ef9	150	bool DecodeT55xxBlock();\r
13d77ef9	151	bool tryDetectModulation();\r
3e5b5bb2	152	bool testKnownConfigBlock(uint32_t block0);\r
6426f6ba	153	bool test(uint8_t mode, uint8_t offset, int fndBitRate, uint8_t clk, bool *Q5);\r
13d77ef9	154	int special(const char *Cmd);\r
1d0ccbe0	155	int AquireData( uint8_t page, uint8_t block, bool pwdmode, uint32_t password );\r
e98300f2	156	\r
c188b1b9	157	bool detectPassword(int password);\r
58962d4c	158	\r
05164399	159	void printT55x7Trace( t55x7_tracedata_t data, uint8_t repeat );\r
58962d4c	160	void printT5555Trace( t5555_tracedata_t data, uint8_t repeat );\r
58962d4c	161	\r
e98300f2	162	#endif\r